forks/amnezia-wg-easy
1
0
Fork 0
forked from mirrors/amnezia-wg-easy
Code Pull requests Activity

Merge branch 'master' into master

Browse source
This commit is contained in:
Alexander 2023-12-22 14:29:38 +07:00 committed by GitHub
commit 7d7a2ff8d7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
30 changed files with 3758 additions and 681 deletions
Download patch file Download diff file Expand all files Collapse all files

64
src/lib/Server.js
View file

@ -1,6 +1,8 @@
'use strict';
const path = require('path');
const bcrypt = require('bcryptjs');
const crypto = require('node:crypto');
const express = require('express');
const expressSession = require('express-session');
@ -12,6 +14,7 @@ const WireGuard = require('../services/WireGuard');
const {
PORT,
WEBUI_HOST,
RELEASE,
PASSWORD,
LANG,
@ -26,17 +29,20 @@ module.exports = class Server {
.use('/', express.static(path.join(__dirname, '..', 'www')))
.use(express.json())
.use(expressSession({
secret: String(Math.random()),
secret: crypto.randomBytes(256).toString('hex'),
resave: true,
saveUninitialized: true,
cookie: {
httpOnly: true,
},
}))
.get('/api/release', (Util.promisify(async () => {
return RELEASE;
})))
// Authentication
.get('/api/session', Util.promisify(async req => {
// Authentication
.get('/api/session', Util.promisify(async (req) => {
const requiresPassword = !!process.env.PASSWORD;
const authenticated = requiresPassword
? !!(req.session && req.session.authenticated)
@ -47,7 +53,7 @@ module.exports = class Server {
authenticated,
};
}))
.post('/api/session', Util.promisify(async req => {
.post('/api/session', Util.promisify(async (req) => {
const {
password,
} = req.body;
@ -66,7 +72,7 @@ module.exports = class Server {
debug(`New Session: ${req.session.id}`);
}))
// WireGuard
// WireGuard
.use((req, res, next) => {
if (!PASSWORD) {
return next();
@ -76,18 +82,34 @@ module.exports = class Server {
return next();
}
if (req.path.startsWith('/api/') && req.headers['authorization']) {
const authorizationHash = bcrypt.createHash('bcrypt')
.update(req.headers['authorization'])
.digest('hex');
const passwordHash = bcrypt.createHash('bcrypt')
.update(PASSWORD)
.digest('hex');
if (bcrypt.timingSafeEqual(Buffer.from(authorizationHash), Buffer.from(passwordHash))) {
return next();
}
return res.status(401).json({
error: 'Incorrect Password',
});
}
return res.status(401).json({
error: 'Not Logged In',
});
})
.delete('/api/session', Util.promisify(async req => {
.delete('/api/session', Util.promisify(async (req) => {
const sessionId = req.session.id;
req.session.destroy();
debug(`Deleted Session: ${sessionId}`);
}))
.get('/api/wireguard/client', Util.promisify(async req => {
.get('/api/wireguard/client', Util.promisify(async (req) => {
return WireGuard.getClients();
}))
.get('/api/wireguard/client/:clientId/qrcode.svg', Util.promisify(async (req, res) => {
@ -109,29 +131,41 @@ module.exports = class Server {
res.header('Content-Type', 'text/plain');
res.send(config);
}))
.post('/api/wireguard/client', Util.promisify(async req => {
.post('/api/wireguard/client', Util.promisify(async (req) => {
const { name } = req.body;
return WireGuard.createClient({ name });
}))
.delete('/api/wireguard/client/:clientId', Util.promisify(async req => {
.delete('/api/wireguard/client/:clientId', Util.promisify(async (req) => {
const { clientId } = req.params;
return WireGuard.deleteClient({ clientId });
}))
.post('/api/wireguard/client/:clientId/enable', Util.promisify(async req => {
.post('/api/wireguard/client/:clientId/enable', Util.promisify(async (req, res) => {
const { clientId } = req.params;
if (clientId === '__proto__' || clientId === 'constructor' || clientId === 'prototype') {
res.end(403);
}
return WireGuard.enableClient({ clientId });
}))
.post('/api/wireguard/client/:clientId/disable', Util.promisify(async req => {
.post('/api/wireguard/client/:clientId/disable', Util.promisify(async (req, res) => {
const { clientId } = req.params;
if (clientId === '__proto__' || clientId === 'constructor' || clientId === 'prototype') {
res.end(403);
}
return WireGuard.disableClient({ clientId });
}))
.put('/api/wireguard/client/:clientId/name', Util.promisify(async req => {
.put('/api/wireguard/client/:clientId/name', Util.promisify(async (req, res) => {
const { clientId } = req.params;
if (clientId === '__proto__' || clientId === 'constructor' || clientId === 'prototype') {
res.end(403);
}
const { name } = req.body;
return WireGuard.updateClientName({ clientId, name });
}))
.put('/api/wireguard/client/:clientId/address', Util.promisify(async req => {
.put('/api/wireguard/client/:clientId/address', Util.promisify(async (req, res) => {
const { clientId } = req.params;
if (clientId === '__proto__' || clientId === 'constructor' || clientId === 'prototype') {
res.end(403);
}
const { address } = req.body;
return WireGuard.updateClientAddress({ clientId, address });
}))
@ -139,8 +173,8 @@ module.exports = class Server {
return LANG;
})))
.listen(PORT, () => {
debug(`Listening on http://0.0.0.0:${PORT}`);
.listen(PORT, WEBUI_HOST, () => {
debug(`Listening on http://${WEBUI_HOST}:${PORT}`);
});
}

4
src/lib/Util.js
View file

@ -21,7 +21,7 @@ module.exports = class Util {
// eslint-disable-next-line func-names
return function(req, res) {
Promise.resolve().then(async () => fn(req, res))
.then(result => {
.then((result) => {
if (res.headersSent) return;
if (typeof result === 'undefined') {
@ -34,7 +34,7 @@ module.exports = class Util {
.status(200)
.json(result);
})
.catch(error => {
.catch((error) => {
if (typeof error === 'string') {
error = new Error(error);
}

15
src/lib/WireGuard.js
View file

@ -60,7 +60,7 @@ module.exports = class WireGuard {
await this.__saveConfig(config);
await Util.exec('wg-quick down wg0').catch(() => { });
await Util.exec('wg-quick up wg0').catch(err => {
await Util.exec('wg-quick up wg0').catch((err) => {
if (err && err.message && err.message.includes('Cannot find device "wg0"')) {
throw new Error('WireGuard exited with the error: Cannot find device "wg0"\nThis usually means that your host\'s kernel does not support WireGuard!');
}
@ -95,7 +95,7 @@ module.exports = class WireGuard {
[Interface]
PrivateKey = ${config.server.privateKey}
Address = ${config.server.address}/24
ListenPort = 51820
ListenPort = ${WG_PORT}
PreUp = ${WG_PRE_UP}
PostUp = ${WG_POST_UP}
PreDown = ${WG_PRE_DOWN}
@ -156,7 +156,7 @@ AllowedIPs = ${client.address}/32`;
.trim()
.split('\n')
.slice(1)
.forEach(line => {
.forEach((line) => {
const [
publicKey,
preSharedKey, // eslint-disable-line no-unused-vars
@ -168,7 +168,7 @@ AllowedIPs = ${client.address}/32`;
persistentKeepalive,
] = line.split('\t');
const client = clients.find(client => client.publicKey === publicKey);
const client = clients.find((client) => client.publicKey === publicKey);
if (!client) return;
client.latestHandshakeAt = latestHandshakeAt === '0'
@ -233,7 +233,7 @@ Endpoint = ${WG_HOST}:${WG_PORT}`;
// Calculate next IP
let address;
for (let i = 2; i < 255; i++) {
const client = Object.values(config.clients).find(client => {
const client = Object.values(config.clients).find((client) => {
return client.address === WG_DEFAULT_ADDRESS.replace('x', i);
});
@ -248,8 +248,9 @@ Endpoint = ${WG_HOST}:${WG_PORT}`;
}
// Create Client
const clientId = uuid.v4();
const id = uuid.v4();
const client = {
id,
name,
address,
privateKey,
@ -262,7 +263,7 @@ Endpoint = ${WG_HOST}:${WG_PORT}`;
enabled: true,
};
config.clients[clientId] = client;
config.clients[id] = client;
await this.saveConfig();