237 lines
7.2 KiB
JavaScript
237 lines
7.2 KiB
JavaScript
import express from 'express';
|
|
import morgan from 'morgan';
|
|
import path from 'path';
|
|
import { fileURLToPath } from 'url';
|
|
import dgram from 'dgram';
|
|
import radius from 'radius';
|
|
|
|
const app = express();
|
|
app.use(express.json());
|
|
app.use(morgan('dev'));
|
|
|
|
// Static files for dashboard
|
|
const __filename = fileURLToPath(import.meta.url);
|
|
const __dirname = path.dirname(__filename);
|
|
app.use(express.static(path.join(__dirname, 'public')));
|
|
|
|
const VLAN_ID = process.env.VLAN_ID || '2';
|
|
const MAX_UP = process.env.MAX_UP || '10000000'; // bits per second
|
|
const MAX_DOWN = process.env.MAX_DOWN || '10000000'; // bits per second
|
|
const MAX_REQUESTS = parseInt(process.env.MAX_REQUESTS || '200', 10);
|
|
const RADIUS_HOST = process.env.RADIUS_HOST || 'freeradius';
|
|
const RADIUS_AUTH_PORT = parseInt(process.env.RADIUS_AUTH_PORT || '1812', 10);
|
|
const RADIUS_SECRET = process.env.RADIUS_SECRET || process.env.RADIUS_SHARED_SECRET || 'tamosbien';
|
|
|
|
// In-memory request store + SSE clients
|
|
const requests = [];
|
|
const sseClients = new Set();
|
|
|
|
function pushRequest(rec) {
|
|
requests.push(rec);
|
|
while (requests.length > MAX_REQUESTS) requests.shift();
|
|
// Broadcast via SSE
|
|
const payload = `data: ${JSON.stringify(rec)}\n\n`;
|
|
for (const res of sseClients) {
|
|
try { res.write(payload); } catch { /* ignore */ }
|
|
}
|
|
}
|
|
|
|
// Helper: standard Accept with VLAN + bandwidth
|
|
function buildAcceptPayload(extra = {}) {
|
|
return {
|
|
control: {
|
|
'Auth-Type': 'Accept',
|
|
...extra.control,
|
|
},
|
|
reply: {
|
|
'Tunnel-Type': 'VLAN',
|
|
'Tunnel-Medium-Type': 'IEEE-802',
|
|
'Tunnel-Private-Group-Id': String(VLAN_ID),
|
|
'WISPr-Bandwidth-Max-Down': String(MAX_DOWN),
|
|
'WISPr-Bandwidth-Max-Up': String(MAX_UP),
|
|
...extra.reply,
|
|
},
|
|
};
|
|
}
|
|
|
|
// Normalize attributes from FreeRADIUS rlm_rest JSON
|
|
function normalizeAttributes(body = {}) {
|
|
// Newer rlm_rest may send attributes at top-level as { Attr: { type, value: [..] } }
|
|
// or under body.attributes / body.request as plain map.
|
|
const src = body.attributes || body.request || body;
|
|
const out = {};
|
|
for (const [k, v] of Object.entries(src || {})) {
|
|
if (v && typeof v === 'object' && Array.isArray(v.value)) out[k] = v.value[0];
|
|
else out[k] = v;
|
|
}
|
|
return out;
|
|
}
|
|
|
|
// Authorize endpoint: FreeRADIUS rlm_rest calls this in authorize {}
|
|
app.post('/authorize', (req, res) => {
|
|
console.log('--- RADIUS Authorize Request ---');
|
|
console.log(JSON.stringify(req.body, null, 2));
|
|
|
|
const attrs = normalizeAttributes(req.body);
|
|
const reply = buildAcceptPayload();
|
|
pushRequest({
|
|
id: Date.now() + ':' + Math.random().toString(16).slice(2),
|
|
ts: new Date().toISOString(),
|
|
type: 'authorize',
|
|
attrs,
|
|
decision: 'accept',
|
|
vlan: VLAN_ID,
|
|
bandwidth: { up: MAX_UP, down: MAX_DOWN },
|
|
});
|
|
return res.status(200).json(reply);
|
|
});
|
|
|
|
// Accounting endpoint (opcional)
|
|
app.post('/accounting', (req, res) => {
|
|
console.log('--- RADIUS Accounting ---');
|
|
console.log(JSON.stringify(req.body, null, 2));
|
|
pushRequest({
|
|
id: Date.now() + ':' + Math.random().toString(16).slice(2),
|
|
ts: new Date().toISOString(),
|
|
type: 'accounting',
|
|
attrs: normalizeAttributes(req.body),
|
|
});
|
|
return res.status(200).json({});
|
|
});
|
|
|
|
// API: recent requests
|
|
app.get('/api/requests', (req, res) => {
|
|
res.json({ items: requests.slice(-MAX_REQUESTS) });
|
|
});
|
|
|
|
// Clear recent requests
|
|
app.delete('/api/requests', (req, res) => {
|
|
requests.length = 0;
|
|
// Notify live clients to refresh if they want
|
|
const payload = `event: clear\n` + `data: {"ok":true}\n\n`;
|
|
for (const resSse of sseClients) {
|
|
try { resSse.write(payload); } catch {}
|
|
}
|
|
res.json({ ok: true });
|
|
});
|
|
|
|
// Export CSV of recent requests
|
|
app.get('/api/requests.csv', (req, res) => {
|
|
const cols = [
|
|
'ts','type','user','nas','calling','called','decision','vlan','bw_down','bw_up'
|
|
];
|
|
const lines = [cols.join(',')];
|
|
for (const ev of requests) {
|
|
const attrs = ev.attrs || {};
|
|
const row = [
|
|
ev.ts || '',
|
|
ev.type || '',
|
|
attrs['User-Name'] || attrs['User-Name*0'] || '',
|
|
attrs['NAS-IP-Address'] || attrs['NAS-Identifier'] || '',
|
|
attrs['Calling-Station-Id'] || '',
|
|
attrs['Called-Station-Id'] || '',
|
|
ev.decision || '',
|
|
ev.vlan || '',
|
|
(ev.bandwidth && ev.bandwidth.down) || '',
|
|
(ev.bandwidth && ev.bandwidth.up) || ''
|
|
];
|
|
const esc = (v) => String(v).includes(',') || String(v).includes('"') || String(v).includes('\n')
|
|
? '"' + String(v).replace(/"/g, '""') + '"'
|
|
: String(v);
|
|
lines.push(row.map(esc).join(','));
|
|
}
|
|
const csv = lines.join('\n');
|
|
const ts = new Date().toISOString().replace(/[:T]/g, '-').split('.')[0];
|
|
res.setHeader('Content-Type', 'text/csv; charset=utf-8');
|
|
res.setHeader('Content-Disposition', `attachment; filename="radius-events-${ts}.csv"`);
|
|
res.send(csv);
|
|
});
|
|
|
|
// SSE stream for live updates
|
|
app.get('/events', (req, res) => {
|
|
res.setHeader('Content-Type', 'text/event-stream');
|
|
res.setHeader('Cache-Control', 'no-cache');
|
|
res.setHeader('Connection', 'keep-alive');
|
|
res.flushHeaders?.();
|
|
// send a hello event
|
|
res.write(`event: hello\n`);
|
|
res.write(`data: {"ok":true}\n\n`);
|
|
sseClients.add(res);
|
|
req.on('close', () => sseClients.delete(res));
|
|
});
|
|
|
|
// Root: serve dashboard
|
|
app.get('/', (req, res) => {
|
|
res.sendFile(path.join(__dirname, 'public', 'index.html'));
|
|
});
|
|
|
|
// Self-test: send a RADIUS Access-Request to FreeRADIUS
|
|
async function sendRadiusSelfTest() {
|
|
return new Promise((resolve, reject) => {
|
|
try {
|
|
const packet = radius.encode({
|
|
code: 'Access-Request',
|
|
secret: RADIUS_SECRET,
|
|
attributes: {
|
|
'User-Name': 'selftest-node',
|
|
'NAS-Identifier': 'node-dashboard',
|
|
'Calling-Station-Id': '001122334455',
|
|
},
|
|
});
|
|
const client = dgram.createSocket('udp4');
|
|
const started = Date.now();
|
|
const timeout = setTimeout(() => {
|
|
client.close();
|
|
reject(new Error('timeout'));
|
|
}, 4000);
|
|
client.on('message', (msg) => {
|
|
clearTimeout(timeout);
|
|
client.close();
|
|
const res = radius.decode({ packet: msg, secret: RADIUS_SECRET });
|
|
resolve({
|
|
code: res.code,
|
|
rtt_ms: Date.now() - started,
|
|
});
|
|
});
|
|
client.send(packet, 0, packet.length, RADIUS_AUTH_PORT, RADIUS_HOST, (err) => {
|
|
if (err) {
|
|
clearTimeout(timeout);
|
|
client.close();
|
|
reject(err);
|
|
}
|
|
});
|
|
} catch (e) {
|
|
reject(e);
|
|
}
|
|
});
|
|
}
|
|
|
|
app.post('/test/radius', async (req, res) => {
|
|
try {
|
|
const result = await sendRadiusSelfTest();
|
|
pushRequest({
|
|
id: Date.now() + ':' + Math.random().toString(16).slice(2),
|
|
ts: new Date().toISOString(),
|
|
type: 'selftest',
|
|
attrs: { 'User-Name': 'selftest-node' },
|
|
decision: result.code,
|
|
});
|
|
res.json({ ok: true, result });
|
|
} catch (err) {
|
|
pushRequest({
|
|
id: Date.now() + ':' + Math.random().toString(16).slice(2),
|
|
ts: new Date().toISOString(),
|
|
type: 'selftest',
|
|
attrs: { 'User-Name': 'selftest-node' },
|
|
decision: 'error',
|
|
error: String(err && err.message || err),
|
|
});
|
|
res.status(500).json({ ok: false, error: String(err && err.message || err) });
|
|
}
|
|
});
|
|
|
|
const port = process.env.PORT || 3000;
|
|
app.listen(port, () => {
|
|
console.log(`Node RADIUS REST API listening on :${port}`);
|
|
});
|