From e51aebf967be423cf65798d4bf0fd51fb42ecaef Mon Sep 17 00:00:00 2001 From: Julien Escario Date: Mon, 18 Oct 2021 18:10:54 +0200 Subject: [PATCH 1/3] Don't write config file if curl returns something else than 200 --- wireguard/wgportal_peer_install.sh | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/wireguard/wgportal_peer_install.sh b/wireguard/wgportal_peer_install.sh index b335bdb..17280e1 100755 --- a/wireguard/wgportal_peer_install.sh +++ b/wireguard/wgportal_peer_install.sh @@ -139,18 +139,23 @@ _download() { WGPORTAL_APIURL=$WGPORTAL_URL"api/v1/provisioning/peer" _debug "GET request to $WGPORTAL_APIURL" - HTTP_STATUS=$(curl -w "%{http_code}" -G -s -o $WG_CONFFILE --user $username:$password --data-urlencode "PublicKey=$wgpubkey" -X GET $WGPORTAL_APIURL -H "accept: text/plain") + HTTP_RESPONSE=$(curl -G -s --write-out "HTTPSTATUS:%{http_code}" --user $username:$password --data-urlencode "PublicKey=$wgpubkey" -X GET $WGPORTAL_APIURL -H "accept: text/plain") res=$? if [ "$res" != "0" ]; then echo "the curl command failed with: $res" fi - if [ $HTTP_STATUS -ne 200 ]; then - printf "Curl returned HTTP code %s\n" "$HTTP_STATUS" - exit 1; + HTTP_BODY=$(echo "$HTTP_RESPONSE" | sed -E 's/HTTPSTATUS\:[0-9]{3}$//') + HTTP_STATUS=$(echo "$HTTP_RESPONSE" | tr -d '\n' | sed -E 's/.*HTTPSTATUS:([0-9]{3})$/\1/') + + if [ $HTTP_STATUS = "200" ]; then + echo "$HTTP_BODY" > $WG_CONFFILE + printf "WG config successfully downloaded at %s\n" "$WG_CONFFILE" + return fi - printf "WG config successfully download at %s\n" "$WG_CONFFILE" + printf "Curl returned HTTP code %s\n" "$HTTP_STATUS" + exit 1; } _install() { From 20befa93bb326691df378faf440c8272e55b0334 Mon Sep 17 00:00:00 2001 From: Julien Escario Date: Tue, 19 Oct 2021 07:26:45 +0200 Subject: [PATCH 2/3] Update TODO --- wireguard/wgportal_peer_install.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/wireguard/wgportal_peer_install.sh b/wireguard/wgportal_peer_install.sh index 17280e1..51c6e4d 100755 --- a/wireguard/wgportal_peer_install.sh +++ b/wireguard/wgportal_peer_install.sh @@ -1,8 +1,7 @@ #!/bin/sh # TODO : -# - add root user detection -# - verify curl output to prevent overwriting config file with an HTTP answer +# - add root user detection (only warn) # - verify trailling slash existenz at the end of the URL param VER=0.1 From 424b570047cb6584b47d2ecbd8ee3fb5f8e10d83 Mon Sep 17 00:00:00 2001 From: Julien Escario Date: Wed, 20 Oct 2021 18:28:18 +0200 Subject: [PATCH 3/3] Add oxidized deploy key --- ssh/oxidized.pub | 1 + 1 file changed, 1 insertion(+) create mode 100644 ssh/oxidized.pub diff --git a/ssh/oxidized.pub b/ssh/oxidized.pub new file mode 100644 index 0000000..0ef9154 --- /dev/null +++ b/ssh/oxidized.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKVHiQwYh8rdWgwAqs5+aNBp6f1gqbUfh9BO+5XG7QigMEYmmawPy9LHwcSADKLuIwaFdfalMYrx90JpNzrDEmvBCep3YlyS1YLRZlLYntSS3G8q70XFPFf84HD9Uh9MAD6qHkZArvhDZ6t0fP2HhqEN8Ud2Dx1qAvn8cdDgjO5zFGNaevQUpVXEcc2lSUkJkzw6F/nH+xJQEd7/a62f8XdcYnzOafLkZwAWR5xCpCbhCIXQ0KEo8+Z5Edc7AvmSFRdc8EC1Upz/LVsR193vNnvm9yTyu5UzhCVVfhNNzNYMX+4NF0MzvG0QlsetGinqzWW0jR8YW5Kcltef2PtaF152P5Pu+mpg3mvxCE9glxjmwegoXhQu6gcxIdUpmcXar2nS9pxnL9LLoZ5kRyXHPpktRSqte2HD8dcgVBqS7AgY9J1hduko9DWkFWiAIM0C0d6702ZXYwFFmnfJcxAFeSbZbvGyjfv0K87/Y2tZNjghZifpzi8+LRgKseoAhE4+8= oxidized@oxidized