-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathapi.go
281 lines (242 loc) · 6.2 KB
/
api.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
/*
Package unifi provides programmatic access to UniFi hardware.
*/
package unifi
import (
"bytes"
"crypto/tls"
"encoding/json"
"fmt"
"io/ioutil"
"net/http"
"net/http/cookiejar"
"net/url"
"os"
"path/filepath"
"time"
)
// API is an interface to a UniFi controller.
type API struct {
hc *http.Client
cookieBase *url.URL
as AuthStore
auth *Auth
}
// Auth holds the authentication information for accessing a UniFi controller.
type Auth struct {
Username, Password string
ControllerHost string
Cookies []*http.Cookie
}
// NewAPI constructs a new API.
func NewAPI(as AuthStore) (*API, error) {
auth, err := as.Load()
if err != nil {
return nil, err
}
jar, err := cookiejar.New(nil)
if err != nil {
return nil, err
}
cookieBase := &url.URL{
Scheme: "https",
Host: auth.ControllerHost,
}
jar.SetCookies(cookieBase, auth.Cookies)
api := &API{
hc: &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
// TODO: support proper certs
InsecureSkipVerify: true,
},
},
Jar: jar,
},
cookieBase: cookieBase,
as: as,
auth: auth,
}
return api, nil
}
// WriteConfig writes the configuration to the configured AuthStore.
func (api *API) WriteConfig() error {
api.auth.Cookies = api.hc.Jar.Cookies(api.cookieBase)
return api.as.Save(api.auth)
}
func (api *API) post(u string, src, dst interface{}, opts reqOpts) error {
u = api.baseURL() + u
body, err := json.Marshal(src)
if err != nil {
panic("internal error marshaling JSON POST body: " + err.Error())
}
req, err := http.NewRequest("POST", u, bytes.NewReader(body))
if err != nil {
panic("internal error: " + err.Error())
}
return api.doReq(req, dst, opts)
}
func (api *API) get(u string, dst interface{}, opts reqOpts) error {
u = api.baseURL() + u
req, err := http.NewRequest("GET", u, nil)
if err != nil {
panic("internal error: " + err.Error())
}
return api.doReq(req, dst, opts)
}
type reqOpts struct {
referer string
}
func (api *API) doReq(req *http.Request, dst interface{}, opts reqOpts) error {
if opts.referer != "" {
req.Header.Set("Referer", opts.referer)
}
dec := struct {
Data interface{} `json:"data"`
Meta struct {
Code string `json:"rc"`
Msg string `json:"msg"`
} `json:"meta"`
}{Data: dst}
triedLogin := false
for {
resp, err := api.hc.Do(req)
if err != nil {
return err
}
body, err := ioutil.ReadAll(resp.Body)
resp.Body.Close()
if err != nil {
return err
}
if err := json.Unmarshal(body, &dec); err != nil {
return fmt.Errorf("parsing response body: %v", err)
}
if resp.StatusCode == 200 {
if dec.Meta.Code != "ok" {
return fmt.Errorf("non-ok return code %q (%s)", dec.Meta.Code, dec.Meta.Msg)
}
return nil
}
if resp.StatusCode == http.StatusUnauthorized && !triedLogin { // 401
if dec.Meta.Code == "error" && dec.Meta.Msg == "api.err.LoginRequired" {
if err := api.login(); err != nil {
return err
}
triedLogin = true
continue
}
}
return fmt.Errorf("HTTP response %s", resp.Status)
}
}
func (api *API) baseURL() string {
return "https://" + api.auth.ControllerHost + ":8443"
}
func (api *API) login() error {
req := struct {
Username string `json:"username"`
Password string `json:"password"`
}{
Username: api.auth.Username,
Password: api.auth.Password,
}
return api.post("/api/#", &req, &json.RawMessage{}, reqOpts{
referer: api.baseURL() + "/#",
})
}
// An AuthStore is an interface for loading and saving authentication information.
// See FileAuthStore for a file-based implementation.
type AuthStore interface {
Load() (*Auth, error)
Save(*Auth) error
}
// DefaultAuthFile is a default place to store authentication information.
// Pass this to FileAuthStore if an alternate path isn't required.
var DefaultAuthFile = filepath.Join(os.Getenv("HOME"), ".unifi-auth")
// FileAuthStore returns an AuthStore that stores authentication information in a named file.
func FileAuthStore(filename string) AuthStore {
return fileAuthStore{filename}
}
type fileAuthStore struct {
filename string
}
func (f fileAuthStore) Load() (*Auth, error) {
// Security check.
fi, err := os.Stat(f.filename)
if err != nil {
return nil, err
}
if fi.Mode()&0077 != 0 {
return nil, fmt.Errorf("security check failed on %s: mode is %04o; it should not be accessible by group/other", f.filename, fi.Mode())
}
raw, err := ioutil.ReadFile(f.filename)
if err != nil {
return nil, err
}
auth := new(Auth)
if err := json.Unmarshal(raw, auth); err != nil {
return nil, fmt.Errorf("bad auth file %s: %v", f.filename, err)
}
return auth, nil
}
func (f fileAuthStore) Save(auth *Auth) error {
raw, err := json.Marshal(auth)
if err != nil {
return err
}
return ioutil.WriteFile(f.filename, raw, 0600)
}
type Client struct {
ID string `json:"_id"`
Name string `json:"name"`
Hostname string `json:"hostname"`
Wired bool `json:"is_wired"`
MAC string `json:"mac"`
IP string `json:"ip"`
LastSeen time.Time
// TODO: other fields
}
func (c *Client) UnmarshalJSON(data []byte) error {
type Alias Client
aux := struct {
*Alias
LastSeen int64 `json:"last_seen"`
// TODO: do this for MAC, IP
}{Alias: (*Alias)(c)}
if err := json.Unmarshal(data, &aux); err != nil {
return err
}
c.LastSeen = time.Unix(aux.LastSeen, 0)
return nil
}
func (api *API) ListClients(site string) ([]Client, error) {
var resp []Client
if err := api.get("/api/s/"+site+"/stat/sta", &resp, reqOpts{}); err != nil {
return nil, err
}
return resp, nil
}
type WirelessNetwork struct {
ID string `json:"_id"`
Name string `json:"name"`
Enabled bool `json:"enabled"`
Security string `json:"security"`
WPAMode string `json:"wpa_mode"`
Guest bool `json:"is_guest,omitempty"`
// TODO: other fields
}
func (api *API) ListWirelessNetworks(site string) ([]WirelessNetwork, error) {
var resp []WirelessNetwork
err := api.get("/api/s/"+site+"/list/wlanconf", &resp, reqOpts{})
if err != nil {
return nil, err
}
return resp, nil
}
func (api *API) EnableWirelessNetwork(site, id string, enable bool) error {
req := struct {
Enabled bool `json:"enabled"`
}{enable}
return api.post("/api/s/"+site+"/upd/wlanconf/"+id, &req, &json.RawMessage{}, reqOpts{})
}