diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..2d06f13 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,23 @@ +# http://editorconfig.org +root = true + +[*] +indent_style = space +indent_size = 2 +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = true +insert_final_newline = true + +# The JSON files contain newlines inconsistently +[*.json] +insert_final_newline = ignore + +# Minified JavaScript files shouldn't be changed +[**.min.js] +indent_style = ignore +insert_final_newline = ignore + +[*.md] +trim_trailing_whitespace = false + diff --git a/Dockerfile b/Dockerfile index 60c4eb4..1528a3a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -46,4 +46,4 @@ ENV DEBUG=Server,WireGuard # Run Web UI WORKDIR /app -CMD ["/usr/bin/dumb-init", "node", "server.js"] \ No newline at end of file +CMD ["/usr/bin/dumb-init", "node", "server.js"] diff --git a/How_to_generate_an_bcrypt_hash.md b/How_to_generate_an_bcrypt_hash.md index f31da6c..6bf83a6 100644 --- a/How_to_generate_an_bcrypt_hash.md +++ b/How_to_generate_an_bcrypt_hash.md @@ -12,11 +12,17 @@ To generate a bcrypt password hash using docker, run the following command : ```sh -docker run ghcr.io/w0rng/amnezia-wg-easy wgpw YOUR_PASSWORD +docker run -it ghcr.io/w0rng/amnezia-wg-easy wgpw YOUR_PASSWORD PASSWORD_HASH='$2b$12$coPqCsPtcFO.Ab99xylBNOW4.Iu7OOA2/ZIboHN6/oyxca3MWo7fW' // literally YOUR_PASSWORD ``` +If a password is not provided, the tool will prompt you for one : +```sh +docker run -it ghcr.io/wg-easy/wg-easy wgpw +Enter your password: // hidden prompt, type in your password +PASSWORD_HASH='$2b$12$coPqCsPtcFO.Ab99xylBNOW4.Iu7OOA2/ZIboHN6/oyxca3MWo7fW' +``` -*Important* : make sure to enclose your password in **single quotes** when you run `docker run` command : +**Important** : make sure to enclose your password in **single quotes** when you run `docker run` command : ```bash $ echo $2b$12$coPqCsPtcF <-- not correct @@ -26,3 +32,11 @@ b2 $ echo '$2b$12$coPqCsPtcF' <-- correct $2b$12$coPqCsPtcF ``` + +**Important** : Please note: don't wrap the generated hash password in single quotes when you use `docker-compose.yml`. Instead, replace each `$` symbol with two `$$` symbols. For example: + +``` yaml +- PASSWORD_HASH=$$2y$$10$$hBCoykrB95WSzuV4fafBzOHWKu9sbyVa34GJr8VV5R/pIelfEMYyG +``` + +This hash is for the password 'foobar123', obtained using the command `docker run ghcr.io/wg-easy/wg-easy wgpw foobar123` and then inserted an additional `$` before each existing `$` symbol. diff --git a/README.md b/README.md index 1cdedd6..4d77933 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,10 @@ You have found the easiest way to install & manage WireGuard on any Linux host! * Gravatar support or random avatars. * Automatic Light / Dark Mode * Multilanguage Support -* UI_TRAFFIC_STATS (default off) +* Traffic Stats (default off) +* One Time Links (default off) +* Client Expiry (default off) +* Prometheus metrics support ## Requirements @@ -69,44 +72,52 @@ To automatically install & run wg-easy, simply run: The Web UI will now be available on `http://0.0.0.0:51821`. +The Prometheus metrics will now be available on `http://0.0.0.0:51821/metrics`. Grafana dashboard [21733](https://grafana.com/grafana/dashboards/21733-wireguard/) + > 💡 Your configuration files will be saved in `~/.amnezia-wg-easy` ## Options These options can be configured by setting environment variables using `-e KEY="VALUE"` in the `docker run` command. -| Env | Default | Example | Description | -|---------------------------|-------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `PORT` | `51821` | `6789` | TCP port for Web UI. | -| `WEBUI_HOST` | `0.0.0.0` | `localhost` | IP address web UI binds to. | -| `PASSWORD_HASH` | - | `$2y$05$Ci...` | When set, requires a password when logging in to the Web UI. See [How to generate an bcrypt hash.md]("https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md") for know how generate the hash. | -| `WG_HOST` | - | `vpn.myserver.com` | The public hostname of your VPN server. | -| `WG_DEVICE` | `eth0` | `ens6f0` | Ethernet device the wireguard traffic should be forwarded through. | -| `WG_PORT` | `51820` | `12345` | The public UDP port of your VPN server. WireGuard will listen on that (othwise default) inside the Docker container. | -| `WG_CONFIG_PORT` | `51820` | `12345` | The UDP port used on [Home Assistant Plugin](https://github.com/adriy-be/homeassistant-addons-jdeath/tree/main/wgeasy) -| `WG_MTU` | `null` | `1420` | The MTU the clients will use. Server uses default WG MTU. | -| `WG_PERSISTENT_KEEPALIVE` | `0` | `25` | Value in seconds to keep the "connection" open. If this value is 0, then connections won't be kept alive. | -| `WG_DEFAULT_ADDRESS` | `10.8.0.x` | `10.6.0.x` | Clients IP address range. | -| `WG_DEFAULT_DNS` | `1.1.1.1` | `8.8.8.8, 8.8.4.4` | DNS server clients will use. If set to blank value, clients will not use any DNS. | -| `WG_ALLOWED_IPS` | `0.0.0.0/0, ::/0` | `192.168.15.0/24, 10.0.1.0/24` | Allowed IPs clients will use. | -| `WG_PRE_UP` | `...` | - | See [config.js](https://github.com/wg-easy/wg-easy/blob/master/src/config.js#L19) for the default value. | -| `WG_POST_UP` | `...` | `iptables ...` | See [config.js](https://github.com/wg-easy/wg-easy/blob/master/src/config.js#L20) for the default value. | -| `WG_PRE_DOWN` | `...` | - | See [config.js](https://github.com/wg-easy/wg-easy/blob/master/src/config.js#L27) for the default value. | -| `WG_POST_DOWN` | `...` | `iptables ...` | See [config.js](https://github.com/wg-easy/wg-easy/blob/master/src/config.js#L28) for the default value. | -| `LANG` | `en` | `de` | Web UI language (Supports: en, ua, ru, tr, no, pl, fr, de, ca, es, ko, vi, nl, is, pt, chs, cht, it, th, hi). | -| `UI_TRAFFIC_STATS` | `false` | `true` | Enable detailed RX / TX client stats in Web UI | -| `UI_CHART_TYPE` | `0` | `1` | UI_CHART_TYPE=0 # Charts disabled, UI_CHART_TYPE=1 # Line chart, UI_CHART_TYPE=2 # Area chart, UI_CHART_TYPE=3 # Bar chart | -| `DICEBEAR_TYPE` | `false` | `bottts` | see [dicebear types](https://www.dicebear.com/styles/) | -| `USE_GRAVATAR` | `false` | `true` | Use or not GRAVATAR service | -| `JC` | `random` | `5` | Junk packet count — number of packets with random data that are sent before the start of the session. | -| `JMIN` | `50` | `25` | Junk packet minimum size — minimum packet size for Junk packet. That is, all randomly generated packets will have a size no smaller than Jmin. | -| `JMAX` | `1000` | `250` | Junk packet maximum size — maximum size for Junk packets. | -| `S1` | `random` | `75` | Init packet junk size — the size of random data that will be added to the init packet, the size of which is initially fixed. | -| `S2` | `random` | `75` | Response packet junk size — the size of random data that will be added to the response packet, the size of which is initially fixed. | -| `H1` | `random` | `1234567891` | Init packet magic header — the header of the first byte of the handshake. Must be < uint_max. | -| `H2` | `random` | `1234567892` | Response packet magic header — header of the first byte of the handshake response. Must be < uint_max. | -| `H3` | `random` | `1234567893` | Underload packet magic header — UnderLoad packet header. Must be < uint_max. | -| `H4` | `random` | `1234567894` | Transport packet magic header — header of the packet of the data packet. Must be < uint_max. | +| Env | Default | Example | Description | +|-------------------------------|-------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `PORT` | `51821` | `6789` | TCP port for Web UI. | +| `WEBUI_HOST` | `0.0.0.0` | `localhost` | IP address web UI binds to. | +| `PASSWORD_HASH` | - | `$2y$05$Ci...` | When set, requires a password when logging in to the Web UI. See [How to generate an bcrypt hash.md]("https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md") for know how generate the hash. | +| `WG_HOST` | - | `vpn.myserver.com` | The public hostname of your VPN server. | +| `WG_DEVICE` | `eth0` | `ens6f0` | Ethernet device the wireguard traffic should be forwarded through. | +| `WG_PORT` | `51820` | `12345` | The public UDP port of your VPN server. WireGuard will listen on that (othwise default) inside the Docker container. | +| `WG_CONFIG_PORT` | `51820` | `12345` | The UDP port used on [Home Assistant Plugin](https://github.com/adriy-be/homeassistant-addons-jdeath/tree/main/wgeasy) | +| `WG_MTU` | `null` | `1420` | The MTU the clients will use. Server uses default WG MTU. | +| `WG_PERSISTENT_KEEPALIVE` | `0` | `25` | Value in seconds to keep the "connection" open. If this value is 0, then connections won't be kept alive. | +| `WG_DEFAULT_ADDRESS` | `10.8.0.x` | `10.6.0.x` | Clients IP address range. | +| `WG_DEFAULT_DNS` | `1.1.1.1` | `8.8.8.8, 8.8.4.4` | DNS server clients will use. If set to blank value, clients will not use any DNS. | +| `WG_ALLOWED_IPS` | `0.0.0.0/0, ::/0` | `192.168.15.0/24, 10.0.1.0/24` | Allowed IPs clients will use. | +| `WG_PRE_UP` | `...` | - | See [config.js](https://github.com/wg-easy/wg-easy/blob/master/src/config.js#L19) for the default value. | +| `WG_POST_UP` | `...` | `iptables ...` | See [config.js](https://github.com/wg-easy/wg-easy/blob/master/src/config.js#L20) for the default value. | +| `WG_PRE_DOWN` | `...` | - | See [config.js](https://github.com/wg-easy/wg-easy/blob/master/src/config.js#L27) for the default value. | +| `WG_POST_DOWN` | `...` | `iptables ...` | See [config.js](https://github.com/wg-easy/wg-easy/blob/master/src/config.js#L28) for the default value. | +| `WG_ENABLE_EXPIRES_TIME` | `false` | `true` | Enable expire time for clients | +| `LANG` | `en` | `de` | Web UI language (Supports: en, ua, ru, tr, no, pl, fr, de, ca, es, ko, vi, nl, is, pt, chs, cht, it, th, hi). | +| `UI_TRAFFIC_STATS` | `false` | `true` | Enable detailed RX / TX client stats in Web UI | +| `UI_CHART_TYPE` | `0` | `1` | UI_CHART_TYPE=0 # Charts disabled, UI_CHART_TYPE=1 # Line chart, UI_CHART_TYPE=2 # Area chart, UI_CHART_TYPE=3 # Bar chart | +| `DICEBEAR_TYPE` | `false` | `bottts` | see [dicebear types](https://www.dicebear.com/styles/) | +| `USE_GRAVATAR` | `false` | `true` | Use or not GRAVATAR service | +| `WG_ENABLE_ONE_TIME_LINKS` | `false` | `true` | Enable display and generation of short one time download links (expire after 5 minutes) | +| `MAX_AGE` | `0` | `1440` | The maximum age of Web UI sessions in minutes. `0` means that the session will exist until the browser is closed. | +| `UI_ENABLE_SORT_CLIENTS` | `false` | `true` | Enable UI sort clients by name | +| `ENABLE_PROMETHEUS_METRICS` | `false` | `true` | Enable Prometheus metrics `http://0.0.0.0:51821/metrics` and `http://0.0.0.0:51821/metrics/json` | +| `PROMETHEUS_METRICS_PASSWORD` | - | `$2y$05$Ci...` | If set, Basic Auth is required when requesting metrics. See [How to generate an bcrypt hash.md]("https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md") for know how generate the hash. | +| `JC` | `random` | `5` | Junk packet count — number of packets with random data that are sent before the start of the session. | +| `JMIN` | `50` | `25` | Junk packet minimum size — minimum packet size for Junk packet. That is, all randomly generated packets will have a size no smaller than Jmin. | +| `JMAX` | `1000` | `250` | Junk packet maximum size — maximum size for Junk packets. | +| `S1` | `random` | `75` | Init packet junk size — the size of random data that will be added to the init packet, the size of which is initially fixed. | +| `S2` | `random` | `75` | Response packet junk size — the size of random data that will be added to the response packet, the size of which is initially fixed. | +| `H1` | `random` | `1234567891` | Init packet magic header — the header of the first byte of the handshake. Must be < uint_max. | +| `H2` | `random` | `1234567892` | Response packet magic header — header of the first byte of the handshake response. Must be < uint_max. | +| `H3` | `random` | `1234567893` | Underload packet magic header — UnderLoad packet header. Must be < uint_max. | +| `H4` | `random` | `1234567894` | Transport packet magic header — header of the packet of the data packet. Must be < uint_max. | > If you change `WG_PORT`, make sure to also change the exposed port. @@ -125,6 +136,4 @@ And then run the `docker run -d \ ...` command above again. ## Thanks Based on [wg-easy](https://github.com/wg-easy/wg-easy) by Emile Nijssen. -Use integrations with AmneziaWg from [ -amnezia-wg-easy -](https://github.com/spcfox/amnezia-wg-easy) by Viktor Yudov. \ No newline at end of file +Use integrations with AmneziaWg from [amnezia-wg-easy](https://github.com/spcfox/amnezia-wg-easy) by Viktor Yudov. \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 49afcb7..22af901 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -16,6 +16,7 @@ services: cap_add: - NET_ADMIN - SYS_MODULE + # - NET_RAW # ⚠️ Uncomment if using Podman sysctls: - net.ipv4.ip_forward=1 - net.ipv4.conf.all.src_valid_mark=1 diff --git a/src/config.js b/src/config.js index 5e092b8..bd00bfa 100644 --- a/src/config.js +++ b/src/config.js @@ -6,6 +6,7 @@ module.exports.RELEASE = version; module.exports.PORT = process.env.PORT || '51821'; module.exports.WEBUI_HOST = process.env.WEBUI_HOST || '0.0.0.0'; module.exports.PASSWORD_HASH = process.env.PASSWORD_HASH; +module.exports.MAX_AGE = parseInt(process.env.MAX_AGE, 10) * 1000 * 60 || 0; module.exports.WG_PATH = process.env.WG_PATH || '/etc/wireguard/'; module.exports.WG_DEVICE = process.env.WG_DEVICE || 'eth0'; module.exports.WG_HOST = process.env.WG_HOST; @@ -37,6 +38,11 @@ iptables -D FORWARD -o wg0 -j ACCEPT; module.exports.LANG = process.env.LANG || 'en'; module.exports.UI_TRAFFIC_STATS = process.env.UI_TRAFFIC_STATS || 'false'; module.exports.UI_CHART_TYPE = process.env.UI_CHART_TYPE || 0; +module.exports.WG_ENABLE_ONE_TIME_LINKS = process.env.WG_ENABLE_ONE_TIME_LINKS || 'false'; +module.exports.UI_ENABLE_SORT_CLIENTS = process.env.UI_ENABLE_SORT_CLIENTS || 'false'; +module.exports.WG_ENABLE_EXPIRES_TIME = process.env.WG_ENABLE_EXPIRES_TIME || 'false'; +module.exports.ENABLE_PROMETHEUS_METRICS = process.env.ENABLE_PROMETHEUS_METRICS || 'false'; +module.exports.PROMETHEUS_METRICS_PASSWORD = process.env.PROMETHEUS_METRICS_PASSWORD; module.exports.DICEBEAR_TYPE = process.env.DICEBEAR_TYPE || false; module.exports.USE_GRAVATAR = process.env.USE_GRAVATAR || false; diff --git a/src/lib/Server.js b/src/lib/Server.js index 55e6a72..54fc192 100644 --- a/src/lib/Server.js +++ b/src/lib/Server.js @@ -2,6 +2,7 @@ const bcrypt = require('bcryptjs'); const crypto = require('node:crypto'); +const basicAuth = require('basic-auth'); const { createServer } = require('node:http'); const { stat, readFile } = require('node:fs/promises'); const { resolve, sep } = require('node:path'); @@ -29,14 +30,21 @@ const { WEBUI_HOST, RELEASE, PASSWORD_HASH, + MAX_AGE, LANG, UI_TRAFFIC_STATS, UI_CHART_TYPE, + WG_ENABLE_ONE_TIME_LINKS, + UI_ENABLE_SORT_CLIENTS, + WG_ENABLE_EXPIRES_TIME, + ENABLE_PROMETHEUS_METRICS, + PROMETHEUS_METRICS_PASSWORD, DICEBEAR_TYPE, USE_GRAVATAR, } = require('../config'); const requiresPassword = !!PASSWORD_HASH; +const requiresPrometheusPassword = !!PROMETHEUS_METRICS_PASSWORD; /** * Checks if `password` matches the PASSWORD_HASH. @@ -46,18 +54,22 @@ const requiresPassword = !!PASSWORD_HASH; * @param {string} password String to test * @returns {boolean} true if matching environment, otherwise false */ -const isPasswordValid = (password) => { +const isPasswordValid = (password, hash) => { if (typeof password !== 'string') { return false; } - - if (PASSWORD_HASH) { - return bcrypt.compareSync(password, PASSWORD_HASH); + if (hash) { + return bcrypt.compareSync(password, hash); } return false; }; +const cronJobEveryMinute = async () => { + await WireGuard.cronJobEveryMinute(); + setTimeout(cronJobEveryMinute, 60 * 1000); +}; + module.exports = class Server { constructor() { @@ -84,9 +96,14 @@ module.exports = class Server { return `"${LANG}"`; })) + .get('/api/remember-me', defineEventHandler((event) => { + setHeader(event, 'Content-Type', 'application/json'); + return MAX_AGE > 0; + })) + .get('/api/ui-traffic-stats', defineEventHandler((event) => { setHeader(event, 'Content-Type', 'application/json'); - return `"${UI_TRAFFIC_STATS}"`; + return `${UI_TRAFFIC_STATS}`; })) .get('/api/ui-chart-type', defineEventHandler((event) => { @@ -94,6 +111,21 @@ module.exports = class Server { return `"${UI_CHART_TYPE}"`; })) + .get('/api/wg-enable-one-time-links', defineEventHandler((event) => { + setHeader(event, 'Content-Type', 'application/json'); + return `${WG_ENABLE_ONE_TIME_LINKS}`; + })) + + .get('/api/ui-sort-clients', defineEventHandler((event) => { + setHeader(event, 'Content-Type', 'application/json'); + return `${UI_ENABLE_SORT_CLIENTS}`; + })) + + .get('/api/wg-enable-expire-time', defineEventHandler((event) => { + setHeader(event, 'Content-Type', 'application/json'); + return `${WG_ENABLE_EXPIRES_TIME}`; + })) + .get('/api/ui-avatar-settings', defineEventHandler((event) => { setHeader(event, 'Content-Type', 'application/json'); return { @@ -113,8 +145,26 @@ module.exports = class Server { authenticated, }; })) + .get('/cnf/:clientOneTimeLink', defineEventHandler(async (event) => { + if (WG_ENABLE_ONE_TIME_LINKS === 'false') { + throw createError({ + status: 404, + message: 'Invalid state', + }); + } + const clientOneTimeLink = getRouterParam(event, 'clientOneTimeLink'); + const clients = await WireGuard.getClients(); + const client = clients.find((client) => client.oneTimeLink === clientOneTimeLink); + if (!client) return; + const clientId = client.id; + const config = await WireGuard.getClientConfiguration({ clientId }); + await WireGuard.eraseOneTimeLink({ clientId }); + setHeader(event, 'Content-Disposition', `attachment; filename="${clientOneTimeLink}.conf"`); + setHeader(event, 'Content-Type', 'text/plain'); + return config; + })) .post('/api/session', defineEventHandler(async (event) => { - const { password } = await readBody(event); + const { password, remember } = await readBody(event); if (!requiresPassword) { // if no password is required, the API should never be called. @@ -125,13 +175,16 @@ module.exports = class Server { }); } - if (!isPasswordValid(password)) { + if (!isPasswordValid(password, PASSWORD_HASH)) { throw createError({ status: 401, message: 'Incorrect Password', }); } + if (MAX_AGE && remember) { + event.node.req.session.cookie.maxAge = MAX_AGE; + } event.node.req.session.authenticated = true; event.node.req.session.save(); @@ -152,7 +205,7 @@ module.exports = class Server { } if (req.url.startsWith('/api/') && req.headers['authorization']) { - if (isPasswordValid(req.headers['authorization'])) { + if (isPasswordValid(req.headers['authorization'], PASSWORD_HASH)) { return next(); } return res.status(401).json({ @@ -202,7 +255,8 @@ module.exports = class Server { })) .post('/api/wireguard/client', defineEventHandler(async (event) => { const { name } = await readBody(event); - await WireGuard.createClient({ name }); + const { expiredDate } = await readBody(event); + await WireGuard.createClient({ name, expiredDate }); return { success: true }; })) .delete('/api/wireguard/client/:clientId', defineEventHandler(async (event) => { @@ -218,6 +272,20 @@ module.exports = class Server { await WireGuard.enableClient({ clientId }); return { success: true }; })) + .post('/api/wireguard/client/:clientId/generateOneTimeLink', defineEventHandler(async (event) => { + if (WG_ENABLE_ONE_TIME_LINKS === 'false') { + throw createError({ + status: 404, + message: 'Invalid state', + }); + } + const clientId = getRouterParam(event, 'clientId'); + if (clientId === '__proto__' || clientId === 'constructor' || clientId === 'prototype') { + throw createError({ status: 403 }); + } + await WireGuard.generateOneTimeLink({ clientId }); + return { success: true }; + })) .post('/api/wireguard/client/:clientId/disable', defineEventHandler(async (event) => { const clientId = getRouterParam(event, 'clientId'); if (clientId === '__proto__' || clientId === 'constructor' || clientId === 'prototype') { @@ -243,6 +311,15 @@ module.exports = class Server { const { address } = await readBody(event); await WireGuard.updateClientAddress({ clientId, address }); return { success: true }; + })) + .put('/api/wireguard/client/:clientId/expireDate', defineEventHandler(async (event) => { + const clientId = getRouterParam(event, 'clientId'); + if (clientId === '__proto__' || clientId === 'constructor' || clientId === 'prototype') { + throw createError({ status: 403 }); + } + const { expireDate } = await readBody(event); + await WireGuard.updateClientExpireDate({ clientId, expireDate }); + return { success: true }; })); const safePathJoin = (base, target) => { @@ -268,6 +345,51 @@ module.exports = class Server { }); }; + // Prometheus Metrics API + const routerPrometheusMetrics = createRouter(); + app.use(routerPrometheusMetrics); + + // Check Prometheus credentials + app.use( + fromNodeMiddleware((req, res, next) => { + if (!requiresPrometheusPassword || !req.url.startsWith('/metrics')) { + return next(); + } + const user = basicAuth(req); + if (requiresPrometheusPassword && !user) { + res.statusCode = 401; + return { error: 'Not Logged In' }; + } + + if (user.pass) { + if (isPasswordValid(user.pass, PROMETHEUS_METRICS_PASSWORD)) { + return next(); + } + res.statusCode = 401; + return { error: 'Incorrect Password' }; + } + res.statusCode = 401; + return { error: 'Not Logged In' }; + }), + ); + + // Prometheus Routes + routerPrometheusMetrics + .get('/metrics', defineEventHandler(async (event) => { + setHeader(event, 'Content-Type', 'text/plain'); + if (ENABLE_PROMETHEUS_METRICS === 'true') { + return WireGuard.getMetrics(); + } + return ''; + })) + .get('/metrics/json', defineEventHandler(async (event) => { + setHeader(event, 'Content-Type', 'application/json'); + if (ENABLE_PROMETHEUS_METRICS === 'true') { + return WireGuard.getMetricsJSON(); + } + return ''; + })); + // backup_restore const router3 = createRouter(); app.use(router3); @@ -319,6 +441,8 @@ module.exports = class Server { createServer(toNodeListener(app)).listen(PORT, WEBUI_HOST); debug(`Listening on http://${WEBUI_HOST}:${PORT}`); + + cronJobEveryMinute(); } }; diff --git a/src/lib/WireGuard.js b/src/lib/WireGuard.js index 518330e..9a70d5b 100644 --- a/src/lib/WireGuard.js +++ b/src/lib/WireGuard.js @@ -5,6 +5,7 @@ const path = require('path'); const debug = require('debug')('WireGuard'); const crypto = require('node:crypto'); const QRCode = require('qrcode'); +const CRC32 = require('crc-32'); const Util = require('./Util'); const ServerError = require('./ServerError'); @@ -23,6 +24,8 @@ const { WG_POST_UP, WG_PRE_DOWN, WG_POST_DOWN, + WG_ENABLE_EXPIRES_TIME, + WG_ENABLE_ONE_TIME_LINKS, JC, JMIN, JMAX, @@ -182,12 +185,18 @@ ${client.preSharedKey ? `PresharedKey = ${client.preSharedKey}\n` : '' publicKey: client.publicKey, createdAt: new Date(client.createdAt), updatedAt: new Date(client.updatedAt), + expiredAt: client.expiredAt !== null + ? new Date(client.expiredAt) + : null, allowedIPs: client.allowedIPs, + oneTimeLink: client.oneTimeLink ?? null, + oneTimeLinkExpiresAt: client.oneTimeLinkExpiresAt ?? null, downloadableConfig: 'privateKey' in client, persistentKeepalive: null, latestHandshakeAt: null, transferRx: null, transferTx: null, + endpoint: null, })); // Loop WireGuard status @@ -216,6 +225,7 @@ ${client.preSharedKey ? `PresharedKey = ${client.preSharedKey}\n` : '' client.latestHandshakeAt = latestHandshakeAt === '0' ? null : new Date(Number(`${latestHandshakeAt}000`)); + client.endpoint = endpoint === '(none)' ? null : endpoint; client.transferRx = Number(transferRx); client.transferTx = Number(transferTx); client.persistentKeepalive = persistentKeepalive; @@ -270,7 +280,7 @@ Endpoint = ${WG_HOST}:${WG_CONFIG_PORT}`; }); } - async createClient({ name }) { + async createClient({ name, expiredDate }) { if (!name) { throw new Error('Missing: Name'); } @@ -299,7 +309,6 @@ Endpoint = ${WG_HOST}:${WG_CONFIG_PORT}`; if (!address) { throw new Error('Maximum number of clients reached.'); } - // Create Client const id = crypto.randomUUID(); const client = { @@ -312,10 +321,15 @@ Endpoint = ${WG_HOST}:${WG_CONFIG_PORT}`; createdAt: new Date(), updatedAt: new Date(), - + expiredAt: null, enabled: true, }; - + if (expiredDate) { + client.expiredAt = new Date(expiredDate); + client.expiredAt.setHours(23); + client.expiredAt.setMinutes(59); + client.expiredAt.setSeconds(59); + } config.clients[id] = client; await this.saveConfig(); @@ -341,6 +355,23 @@ Endpoint = ${WG_HOST}:${WG_CONFIG_PORT}`; await this.saveConfig(); } + async generateOneTimeLink({ clientId }) { + const client = await this.getClient({ clientId }); + const key = `${clientId}-${Math.floor(Math.random() * 1000)}`; + client.oneTimeLink = Math.abs(CRC32.str(key)).toString(16); + client.oneTimeLinkExpiresAt = new Date(Date.now() + 5 * 60 * 1000); + client.updatedAt = new Date(); + await this.saveConfig(); + } + + async eraseOneTimeLink({ clientId }) { + const client = await this.getClient({ clientId }); + client.oneTimeLink = null; + client.oneTimeLinkExpiresAt = null; + client.updatedAt = new Date(); + await this.saveConfig(); + } + async disableClient({ clientId }) { const client = await this.getClient({ clientId }); @@ -372,6 +403,22 @@ Endpoint = ${WG_HOST}:${WG_CONFIG_PORT}`; await this.saveConfig(); } + async updateClientExpireDate({ clientId, expireDate }) { + const client = await this.getClient({ clientId }); + + if (expireDate) { + client.expiredAt = new Date(expireDate); + client.expiredAt.setHours(23); + client.expiredAt.setMinutes(59); + client.expiredAt.setSeconds(59); + } else { + client.expiredAt = null; + } + client.updatedAt = new Date(); + + await this.saveConfig(); + } + async __reloadConfig() { await this.__buildConfig(); await this.__syncConfig(); @@ -398,4 +445,107 @@ Endpoint = ${WG_HOST}:${WG_CONFIG_PORT}`; await Util.exec('wg-quick down wg0').catch(() => {}); } + async cronJobEveryMinute() { + const config = await this.getConfig(); + let needSaveConfig = false; + // Expires Feature + if (WG_ENABLE_EXPIRES_TIME === 'true') { + for (const client of Object.values(config.clients)) { + if (client.enabled !== true) continue; + if (client.expiredAt !== null && new Date() > new Date(client.expiredAt)) { + debug(`Client ${client.id} expired.`); + needSaveConfig = true; + client.enabled = false; + client.updatedAt = new Date(); + } + } + } + // One Time Link Feature + if (WG_ENABLE_ONE_TIME_LINKS === 'true') { + for (const client of Object.values(config.clients)) { + if (client.oneTimeLink !== null && new Date() > new Date(client.oneTimeLinkExpiresAt)) { + debug(`Client ${client.id} One Time Link expired.`); + needSaveConfig = true; + client.oneTimeLink = null; + client.oneTimeLinkExpiresAt = null; + client.updatedAt = new Date(); + } + } + } + if (needSaveConfig) { + await this.saveConfig(); + } + } + + async getMetrics() { + const clients = await this.getClients(); + let wireguardPeerCount = 0; + let wireguardEnabledPeersCount = 0; + let wireguardConnectedPeersCount = 0; + let wireguardSentBytes = ''; + let wireguardReceivedBytes = ''; + let wireguardLatestHandshakeSeconds = ''; + for (const client of Object.values(clients)) { + wireguardPeerCount++; + if (client.enabled === true) { + wireguardEnabledPeersCount++; + } + if (client.endpoint !== null) { + wireguardConnectedPeersCount++; + } + wireguardSentBytes += `wireguard_sent_bytes{interface="wg0",enabled="${client.enabled}",address="${client.address}",name="${client.name}"} ${Number(client.transferTx)}\n`; + wireguardReceivedBytes += `wireguard_received_bytes{interface="wg0",enabled="${client.enabled}",address="${client.address}",name="${client.name}"} ${Number(client.transferRx)}\n`; + wireguardLatestHandshakeSeconds += `wireguard_latest_handshake_seconds{interface="wg0",enabled="${client.enabled}",address="${client.address}",name="${client.name}"} ${client.latestHandshakeAt ? (new Date().getTime() - new Date(client.latestHandshakeAt).getTime()) / 1000 : 0}\n`; + } + + let returnText = '# HELP wg-easy and wireguard metrics\n'; + + returnText += '\n# HELP wireguard_configured_peers\n'; + returnText += '# TYPE wireguard_configured_peers gauge\n'; + returnText += `wireguard_configured_peers{interface="wg0"} ${Number(wireguardPeerCount)}\n`; + + returnText += '\n# HELP wireguard_enabled_peers\n'; + returnText += '# TYPE wireguard_enabled_peers gauge\n'; + returnText += `wireguard_enabled_peers{interface="wg0"} ${Number(wireguardEnabledPeersCount)}\n`; + + returnText += '\n# HELP wireguard_connected_peers\n'; + returnText += '# TYPE wireguard_connected_peers gauge\n'; + returnText += `wireguard_connected_peers{interface="wg0"} ${Number(wireguardConnectedPeersCount)}\n`; + + returnText += '\n# HELP wireguard_sent_bytes Bytes sent to the peer\n'; + returnText += '# TYPE wireguard_sent_bytes counter\n'; + returnText += `${wireguardSentBytes}`; + + returnText += '\n# HELP wireguard_received_bytes Bytes received from the peer\n'; + returnText += '# TYPE wireguard_received_bytes counter\n'; + returnText += `${wireguardReceivedBytes}`; + + returnText += '\n# HELP wireguard_latest_handshake_seconds UNIX timestamp seconds of the last handshake\n'; + returnText += '# TYPE wireguard_latest_handshake_seconds gauge\n'; + returnText += `${wireguardLatestHandshakeSeconds}`; + + return returnText; + } + + async getMetricsJSON() { + const clients = await this.getClients(); + let wireguardPeerCount = 0; + let wireguardEnabledPeersCount = 0; + let wireguardConnectedPeersCount = 0; + for (const client of Object.values(clients)) { + wireguardPeerCount++; + if (client.enabled === true) { + wireguardEnabledPeersCount++; + } + if (client.endpoint !== null) { + wireguardConnectedPeersCount++; + } + } + return { + wireguard_configured_peers: Number(wireguardPeerCount), + wireguard_enabled_peers: Number(wireguardEnabledPeersCount), + wireguard_connected_peers: Number(wireguardConnectedPeersCount), + }; + } + }; diff --git a/src/package-lock.json b/src/package-lock.json index a07c2bb..f50190a 100644 --- a/src/package-lock.json +++ b/src/package-lock.json @@ -9,16 +9,19 @@ "version": "1.0.1", "license": "CC BY-NC-SA 4.0", "dependencies": { + "basic-auth": "^2.0.1", "bcryptjs": "^2.4.3", - "debug": "^4.3.6", + "crc-32": "^1.2.2", + "debug": "^4.3.7", "express-session": "^1.18.0", "h3": "^1.12.0", "qrcode": "^1.5.4" }, "devDependencies": { + "@tailwindcss/forms": "^0.5.9", "eslint-config-athom": "^3.1.3", "nodemon": "^3.1.4", - "tailwindcss": "^3.4.9" + "tailwindcss": "^3.4.10" }, "engines": { "node": ">=18" @@ -451,6 +454,26 @@ "node": ">=14" } }, + "node_modules/@rtsao/scc": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/@rtsao/scc/-/scc-1.1.0.tgz", + "integrity": "sha512-zt6OdqaDoOnJ1ZYsCYGt9YmWzDXl4vQdKTyJev62gFhRGKdx7mcT54V9KIjg+d2wi9EXsPvAPKe7i7WjfVWB8g==", + "dev": true, + "license": "MIT" + }, + "node_modules/@tailwindcss/forms": { + "version": "0.5.9", + "resolved": "https://registry.npmjs.org/@tailwindcss/forms/-/forms-0.5.9.tgz", + "integrity": "sha512-tM4XVr2+UVTxXJzey9Twx48c1gcxFStqn1pQz0tRsX8o3DvxhN5oY5pvyAbUx7VTaZxpej4Zzvc6h+1RJBzpIg==", + "dev": true, + "license": "MIT", + "dependencies": { + "mini-svg-data-uri": "^1.2.3" + }, + "peerDependencies": { + "tailwindcss": ">=3.0.0 || >= 3.0.0-alpha.1 || >= 4.0.0-alpha.20" + } + }, "node_modules/@types/json-schema": { "version": "7.0.15", "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz", @@ -977,6 +1000,18 @@ "dev": true, "license": "MIT" }, + "node_modules/basic-auth": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/basic-auth/-/basic-auth-2.0.1.tgz", + "integrity": "sha512-NF+epuEdnUYVlGuhaxbbq+dvJttwLnGY+YixlXlME5KpQ5W3CnXA5cVTneY3SPbPDRkcjMbifrwmFYcClgOZeg==", + "license": "MIT", + "dependencies": { + "safe-buffer": "5.1.2" + }, + "engines": { + "node": ">= 0.8" + } + }, "node_modules/bcryptjs": { "version": "2.4.3", "resolved": "https://registry.npmjs.org/bcryptjs/-/bcryptjs-2.4.3.tgz", @@ -1209,6 +1244,18 @@ "integrity": "sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA==", "license": "MIT" }, + "node_modules/crc-32": { + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/crc-32/-/crc-32-1.2.2.tgz", + "integrity": "sha512-ROmzCKrTnOwybPcJApAA6WBWij23HVfGVNKqqrZpuyZOHqK2CwHSvpGuyt/UNNvaIjEd8X5IFGp4Mh+Ie1IHJQ==", + "license": "Apache-2.0", + "bin": { + "crc32": "bin/crc32.njs" + }, + "engines": { + "node": ">=0.8" + } + }, "node_modules/cross-spawn": { "version": "7.0.3", "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", @@ -1306,12 +1353,11 @@ } }, "node_modules/debug": { - "version": "4.3.6", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.6.tgz", - "integrity": "sha512-O/09Bd4Z1fBrU4VzkhFqVgpPzaGbw6Sm9FEkBT1A/YBXQFGuuSxa1dN2nxgxS34JmKXqYx8CZAwEVoJFImUXIg==", - "license": "MIT", + "version": "4.3.7", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.7.tgz", + "integrity": "sha512-Er2nc/H7RrMXZBFCEim6TCmMk02Z8vLC2Rbi1KEBggpo0fS6l0S1nnapwmIi3yW/+GOJap1Krg4w0Hg80oCqgQ==", "dependencies": { - "ms": "2.1.2" + "ms": "^2.1.3" }, "engines": { "node": ">=6.0" @@ -1749,9 +1795,9 @@ } }, "node_modules/eslint-module-utils": { - "version": "2.8.1", - "resolved": "https://registry.npmjs.org/eslint-module-utils/-/eslint-module-utils-2.8.1.tgz", - "integrity": "sha512-rXDXR3h7cs7dy9RNpUlQf80nX31XWJEyGq1tRMo+6GsO5VmTe4UTwtmonAD4ZkAsrfMVDA2wlGJ3790Ys+D49Q==", + "version": "2.9.0", + "resolved": "https://registry.npmjs.org/eslint-module-utils/-/eslint-module-utils-2.9.0.tgz", + "integrity": "sha512-McVbYmwA3NEKwRQY5g4aWMdcZE5xZxV8i8l7CqJSrameuGSQJtSWaL/LxTEzSKKaCcOhlpDR8XEfYXWPrdo/ZQ==", "dev": true, "license": "MIT", "dependencies": { @@ -1810,27 +1856,28 @@ } }, "node_modules/eslint-plugin-import": { - "version": "2.29.1", - "resolved": "https://registry.npmjs.org/eslint-plugin-import/-/eslint-plugin-import-2.29.1.tgz", - "integrity": "sha512-BbPC0cuExzhiMo4Ff1BTVwHpjjv28C5R+btTOGaCRC7UEz801up0JadwkeSk5Ued6TG34uaczuVuH6qyy5YUxw==", + "version": "2.30.0", + "resolved": "https://registry.npmjs.org/eslint-plugin-import/-/eslint-plugin-import-2.30.0.tgz", + "integrity": "sha512-/mHNE9jINJfiD2EKkg1BKyPyUk4zdnT54YgbOgfjSakWT5oyX/qQLVNTkehyfpcMxZXMy1zyonZ2v7hZTX43Yw==", "dev": true, "license": "MIT", "dependencies": { - "array-includes": "^3.1.7", - "array.prototype.findlastindex": "^1.2.3", + "@rtsao/scc": "^1.1.0", + "array-includes": "^3.1.8", + "array.prototype.findlastindex": "^1.2.5", "array.prototype.flat": "^1.3.2", "array.prototype.flatmap": "^1.3.2", "debug": "^3.2.7", "doctrine": "^2.1.0", "eslint-import-resolver-node": "^0.3.9", - "eslint-module-utils": "^2.8.0", - "hasown": "^2.0.0", - "is-core-module": "^2.13.1", + "eslint-module-utils": "^2.9.0", + "hasown": "^2.0.2", + "is-core-module": "^2.15.1", "is-glob": "^4.0.3", "minimatch": "^3.1.2", - "object.fromentries": "^2.0.7", - "object.groupby": "^1.0.1", - "object.values": "^1.1.7", + "object.fromentries": "^2.0.8", + "object.groupby": "^1.0.3", + "object.values": "^1.2.0", "semver": "^6.3.1", "tsconfig-paths": "^3.15.0" }, @@ -2159,6 +2206,26 @@ "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", "license": "MIT" }, + "node_modules/express-session/node_modules/safe-buffer": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "MIT" + }, "node_modules/fast-deep-equal": { "version": "3.1.3", "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", @@ -2658,9 +2725,9 @@ } }, "node_modules/ignore": { - "version": "5.3.1", - "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.1.tgz", - "integrity": "sha512-5Fytz/IraMjqpwfd34ke28PTVMjZjJG2MPn5t7OE4eUCUNf8BAa7b5WUS9/Qvr6mwOQS7Mk6vdsMno5he+T8Xw==", + "version": "5.3.2", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz", + "integrity": "sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g==", "dev": true, "license": "MIT", "engines": { @@ -2822,9 +2889,9 @@ } }, "node_modules/is-core-module": { - "version": "2.15.0", - "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.15.0.tgz", - "integrity": "sha512-Dd+Lb2/zvk9SKy1TGCt1wFJFo/MWBPMX5x7KcvLajWTGuomczdQX61PvY5yK6SVACwpoexWo81IfFyoKY2QnTA==", + "version": "2.15.1", + "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.15.1.tgz", + "integrity": "sha512-z0vtXSwucUJtANQWldhbtbt7BnL0vxiFjIdDLAatwhDYty2bad6s+rijD6Ri4YuYJubLzIJLUidCh09e1djEVQ==", "dev": true, "license": "MIT", "dependencies": { @@ -3223,9 +3290,9 @@ } }, "node_modules/micromatch": { - "version": "4.0.7", - "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.7.tgz", - "integrity": "sha512-LPP/3KorzCwBxfeUuZmaR6bG2kdeHSbe0P2tY3FLRU4vYrjYz5hI4QZwV0njUx3jeuKe67YukQ1LSPZBKDqO/Q==", + "version": "4.0.8", + "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz", + "integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==", "dev": true, "license": "MIT", "dependencies": { @@ -3248,6 +3315,16 @@ "node": ">=10.0.0" } }, + "node_modules/mini-svg-data-uri": { + "version": "1.4.4", + "resolved": "https://registry.npmjs.org/mini-svg-data-uri/-/mini-svg-data-uri-1.4.4.tgz", + "integrity": "sha512-r9deDe9p5FJUPZAk3A59wGH7Ii9YrjjWw0jmw/liSbHl2CHiyXj6FcDXDu2K3TjVAXqiJdaw3xxwlZZr9E6nHg==", + "dev": true, + "license": "MIT", + "bin": { + "mini-svg-data-uri": "cli.js" + } + }, "node_modules/minimatch": { "version": "3.1.2", "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", @@ -3282,10 +3359,9 @@ } }, "node_modules/ms": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", - "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", - "license": "MIT" + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==" }, "node_modules/mz": { "version": "2.7.0", @@ -3704,9 +3780,9 @@ "license": "MIT" }, "node_modules/picocolors": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.1.tgz", - "integrity": "sha512-anP1Z8qwhkbmu7MFP5iTt+wQKXgwzf7zTyGlcdzabySa9vd0Xt392U0rVmz9poOaBj0uHJKyyo9/upk0HrEQew==", + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.0.tgz", + "integrity": "sha512-TQ92mBOW0l3LeMeyLV6mzy/kWr8lkd/hp3mTg7wYK7zJhuBStmGMBG0BdeDZS/dZx1IukaX6Bk11zcln25o1Aw==", "dev": true, "license": "ISC" }, @@ -3763,9 +3839,9 @@ } }, "node_modules/postcss": { - "version": "8.4.41", - "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.41.tgz", - "integrity": "sha512-TesUflQ0WKZqAvg52PWL6kHgLKP6xB6heTOdoYM0Wt2UHyxNa4K25EZZMgKns3BH1RLVbZCREPpLY0rhnNoHVQ==", + "version": "8.4.45", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.45.tgz", + "integrity": "sha512-7KTLTdzdZZYscUc65XmjFiB73vBhBfbPztCYdUNvlaso9PrzjzcmjqBPR0lNGkcVlcO4BjiO5rK/qNz+XAen1Q==", "dev": true, "funding": [ { @@ -3905,9 +3981,9 @@ } }, "node_modules/postcss-selector-parser": { - "version": "6.1.1", - "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.1.1.tgz", - "integrity": "sha512-b4dlw/9V8A71rLIDsSwVmak9z2DuBUB7CA1/wSdelNEzqsjoSPeADTWNO09lpH49Diy3/JIZ2bSPB1dI3LJCHg==", + "version": "6.1.2", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.1.2.tgz", + "integrity": "sha512-Q8qQfPiZ+THO/3ZrOrO0cJJKfpYCagtMUkXbnEfmgUjwXg6z/WBeOyS9APBBPCTSiDV+s4SwQGu8yFsiMRIudg==", "dev": true, "license": "MIT", "dependencies": { @@ -4208,23 +4284,9 @@ } }, "node_modules/safe-buffer": { - "version": "5.2.1", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", - "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/feross" - }, - { - "type": "patreon", - "url": "https://www.patreon.com/feross" - }, - { - "type": "consulting", - "url": "https://feross.org/support" - } - ], + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", + "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==", "license": "MIT" }, "node_modules/safe-regex-test": { @@ -4687,9 +4749,9 @@ "peer": true }, "node_modules/tailwindcss": { - "version": "3.4.9", - "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.9.tgz", - "integrity": "sha512-1SEOvRr6sSdV5IDf9iC+NU4dhwdqzF4zKKq3sAbasUWHEM6lsMhX+eNN5gkPx1BvLFEnZQEUFbXnGj8Qlp83Pg==", + "version": "3.4.10", + "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.10.tgz", + "integrity": "sha512-KWZkVPm7yJRhdu4SRSl9d4AK2wM3a50UsvgHZO7xY77NQr2V+fIrEuoDGQcbvswWvFGbS2f6e+jC/6WJm1Dl0w==", "dev": true, "license": "MIT", "dependencies": { @@ -5134,9 +5196,9 @@ "license": "ISC" }, "node_modules/yaml": { - "version": "2.5.0", - "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.5.0.tgz", - "integrity": "sha512-2wWLbGbYDiSqqIKoPjar3MPgB94ErzCtrNE1FdqGuaO0pi2JGjmE8aW8TDZwzU7vuxcGRdL/4gPQwQ7hD5AMSw==", + "version": "2.5.1", + "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.5.1.tgz", + "integrity": "sha512-bLQOjaX/ADgQ20isPJRvF0iRUHIxVhYvr53Of7wGcWlO2jvtUlH5m87DsmulFVxRpNLOnI4tB6p/oh8D7kpn9Q==", "dev": true, "license": "ISC", "bin": { diff --git a/src/package.json b/src/package.json index 92582e9..618bdbb 100644 --- a/src/package.json +++ b/src/package.json @@ -15,16 +15,19 @@ "author": "Emile Nijssen", "license": "CC BY-NC-SA 4.0", "dependencies": { + "basic-auth": "^2.0.1", "bcryptjs": "^2.4.3", - "debug": "^4.3.6", + "crc-32": "^1.2.2", + "debug": "^4.3.7", "express-session": "^1.18.0", "h3": "^1.12.0", "qrcode": "^1.5.4" }, "devDependencies": { + "@tailwindcss/forms": "^0.5.9", "eslint-config-athom": "^3.1.3", "nodemon": "^3.1.4", - "tailwindcss": "^3.4.9" + "tailwindcss": "^3.4.10" }, "nodemonConfig": { "ignore": [ diff --git a/src/wgpw.mjs b/src/wgpw.mjs index 4062a73..6ad6aed 100644 --- a/src/wgpw.mjs +++ b/src/wgpw.mjs @@ -2,6 +2,8 @@ // Import needed libraries import bcrypt from 'bcryptjs'; +import { Writable } from 'stream'; +import readline from 'readline'; // Function to generate hash const generateHash = async (password) => { @@ -31,12 +33,35 @@ const comparePassword = async (password, hash) => { } }; +const readStdinPassword = () => { + return new Promise((resolve) => { + process.stdout.write('Enter your password: '); + + const rl = readline.createInterface({ + input: process.stdin, + output: new Writable({ + write(_chunk, _encoding, callback) { + callback(); + }, + }), + terminal: true, + }); + + rl.question('', (answer) => { + rl.close(); + // Print a new line after password prompt + process.stdout.write('\n'); + resolve(answer); + }); + }); +}; + (async () => { try { // Retrieve command line arguments const args = process.argv.slice(2); // Ignore the first two arguments if (args.length > 2) { - throw new Error('Usage : wgpw YOUR_PASSWORD [HASH]'); + throw new Error('Usage : wgpw [YOUR_PASSWORD] [HASH]'); } const [password, hash] = args; @@ -44,6 +69,9 @@ const comparePassword = async (password, hash) => { await comparePassword(password, hash); } else if (password) { await generateHash(password); + } else { + const password = await readStdinPassword(); + await generateHash(password); } } catch (error) { // eslint-disable-next-line no-console diff --git a/src/www/css/app.css b/src/www/css/app.css index 92bb704..1b5515a 100644 --- a/src/www/css/app.css +++ b/src/www/css/app.css @@ -1,5 +1,5 @@ /* -! tailwindcss v3.4.9 | MIT License | https://tailwindcss.com +! tailwindcss v3.4.10 | MIT License | https://tailwindcss.com */ /* @@ -714,6 +714,10 @@ video { margin-bottom: 2.5rem; } +.mb-2 { + margin-bottom: 0.5rem; +} + .mb-4 { margin-bottom: 1rem; } @@ -1160,6 +1164,10 @@ video { fill: #4b5563; } +.p-0 { + padding: 0px; +} + .p-1 { padding: 0.25rem; } @@ -1465,6 +1473,10 @@ video { cursor: default; } +.p-0 { + padding: 0; +} + .last\:border-b-0:last-child { border-bottom-width: 0px; } diff --git a/src/www/index.html b/src/www/index.html index e0cb5b5..8a55d4e 100644 --- a/src/www/index.html +++ b/src/www/index.html @@ -43,7 +43,7 @@ - @@ -112,8 +112,22 @@ {{$t("backup")}} + + + - +