From a3ddc93bdf4330285e00d0a1fc10af5c3801f1a4 Mon Sep 17 00:00:00 2001
From: Jonni Liljamo <jonni@liljamo.com>
Date: Mon, 28 Oct 2024 21:49:46 +0200
Subject: [PATCH] feat: genTsigKey and refresh tsig key

---
 internal/db/domains.go       | 10 ++++++++++
 internal/handlers/domains.go | 24 ++++++++++++++++++++++++
 internal/routers/frontend.go |  1 +
 internal/util/gentsigkey.go  | 24 ++++++++++++++++++++++++
 4 files changed, 59 insertions(+)
 create mode 100644 internal/util/gentsigkey.go

diff --git a/internal/db/domains.go b/internal/db/domains.go
index 481cd0c..8be8ebd 100644
--- a/internal/db/domains.go
+++ b/internal/db/domains.go
@@ -219,3 +219,13 @@ func FetchDomainTsigKey(ddnsDomain string) (string, error) {
 	}
 	return tsig, nil
 }
+
+// RefreshDomainTsigKey refreshes the Tsig key of a domain.
+func RefreshDomainTsigKey(id string, userID string) error {
+	tsigKey := util.GenTsigKey()
+	_, err := DBConn.Exec(`UPDATE domains SET tsigkey = $1 WHERE id = $2 AND owner = $3`, tsigKey, id, userID)
+	if err != nil {
+		return err
+	}
+	return nil
+}
diff --git a/internal/handlers/domains.go b/internal/handlers/domains.go
index 12ca8cc..671d611 100644
--- a/internal/handlers/domains.go
+++ b/internal/handlers/domains.go
@@ -152,3 +152,27 @@ func RefreshDomainAPIKey() gin.HandlerFunc {
 		c.Header("HX-Trigger", "update-domain-list")
 	}
 }
+
+// RefreshDomainTsigKey returns a gin handler
+func RefreshDomainTsigKey() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		id := c.Param("id")
+
+		userID, exists := c.Get("user_id")
+		if !exists {
+			c.String(http.StatusInternalServerError, "This should not be possible, but don't quote me on that")
+			c.Abort()
+			return
+		}
+
+		err := db.RefreshDomainTsigKey(id, userID.(string))
+		if err != nil {
+			// FIXME: Handle better
+			c.String(http.StatusInternalServerError, "Something went wrong while updating the tsig key")
+			c.Abort()
+			return
+		}
+
+		c.Header("HX-Trigger", "update-domain-list")
+	}
+}
diff --git a/internal/routers/frontend.go b/internal/routers/frontend.go
index 963015e..54eaed7 100644
--- a/internal/routers/frontend.go
+++ b/internal/routers/frontend.go
@@ -49,6 +49,7 @@ func SetupFrontendRouter(sm *scs.SessionManager) *gin.Engine {
 		manage.PATCH("/domains/:id", handlers.PatchDomain())
 		manage.DELETE("/domains/:id", handlers.DeleteDomain())
 		manage.POST("/domains/:id/api_key", handlers.RefreshDomainAPIKey())
+		manage.POST("/domains/:id/tsig_key", handlers.RefreshDomainTsigKey())
 
 		manage.GET("/partials/domains", handlers.ManagePartialDomains())
 	}
diff --git a/internal/util/gentsigkey.go b/internal/util/gentsigkey.go
new file mode 100644
index 0000000..bc0f8e1
--- /dev/null
+++ b/internal/util/gentsigkey.go
@@ -0,0 +1,24 @@
+/*
+ * Copyright (C) 2024 Jonni Liljamo <jonni@liljamo.com>
+ *
+ * This file is licensed under AGPL-3.0-or-later, see NOTICE and LICENSE for
+ * more information.
+ */
+
+package util
+
+import (
+	"encoding/base64"
+	"math/rand"
+)
+
+const charsTsigKey = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789~!@#$%&*()+=_-'\"\\][{}/?"
+
+// GenTsigKey returns a base64 tsig shared secret.
+func GenTsigKey() string {
+	b := make([]byte, 32)
+	for i := range b {
+		b[i] = charsTsigKey[rand.Int63()%int64(len(charsTsigKey))]
+	}
+	return base64.StdEncoding.EncodeToString(b)
+}
-- 
2.44.1