Merge branch 'master' into add-WG_MTU

2021-12-26 14:22:23 +01:00 · 2021-12-26 14:22:23 +01:00 · 8e93ae76a5
commit 8e93ae76a5
parent b4fbcdd2db 1b036c3b4c
23 changed files with 830 additions and 1292 deletions
--- a/src/lib/Server.js
+++ b/src/lib/Server.js
@ -12,6 +12,7 @@ const WireGuard = require('../services/WireGuard');

 const {
  PORT,
+  RELEASE,
  PASSWORD,
 } = require('../config');

@ -29,6 +30,10 @@ module.exports = class Server {
        saveUninitialized: true,
      }))

+      .get('/api/release', (Util.promisify(async () => {
+        return RELEASE;
+      })))
+
      // Authentication
      .get('/api/session', Util.promisify(async req => {
        const requiresPassword = !!process.env.PASSWORD;
@ -94,7 +99,8 @@ module.exports = class Server {
        const { clientId } = req.params;
        const client = await WireGuard.getClient({ clientId });
        const config = await WireGuard.getClientConfiguration({ clientId });
-        res.header('Content-Disposition', `attachment; filename="${client.name}.conf"`);
+        const configName = client.name.replace(/[^a-zA-Z0-9_=+.-]/g, '-').replace(/(-{2,}|-$)/g, '-').replace(/-$/, '').substring(0, 32);
+        res.header('Content-Disposition', `attachment; filename="${configName}.conf"`);
        res.header('Content-Type', 'text/plain');
        res.send(config);
      }))
@ -114,6 +120,16 @@ module.exports = class Server {
        const { clientId } = req.params;
        return WireGuard.disableClient({ clientId });
      }))
+      .put('/api/wireguard/client/:clientId/name', Util.promisify(async req => {
+        const { clientId } = req.params;
+        const { name } = req.body;
+        return WireGuard.updateClientName({ clientId, name });
+      }))
+      .put('/api/wireguard/client/:clientId/address', Util.promisify(async req => {
+        const { clientId } = req.params;
+        const { address } = req.body;
+        return WireGuard.updateClientAddress({ clientId, address });
+      }))

      .listen(PORT, () => {
        debug(`Listening on http://0.0.0.0:${PORT}`);
--- a/src/lib/Util.js
+++ b/src/lib/Util.js
@ -4,6 +4,19 @@ const childProcess = require('child_process');

 module.exports = class Util {

+  static isValidIPv4(str) {
+    const blocks = str.split('.');
+    if (blocks.length !== 4) return false;
+
+    for (let value of blocks) {
+      value = parseInt(value, 10);
+      if (Number.isNaN(value)) return false;
+      if (value < 0 || value > 255) return false;
+    }
+
+    return true;
+  }
+
  static promisify(fn) {
    // eslint-disable-next-line func-names
    return function(req, res) {
@ -39,9 +52,16 @@ module.exports = class Util {
    };
  }

-  static async exec(cmd) {
-    // eslint-disable-next-line no-console
-    console.log(`$ ${cmd}`);
+  static async exec(cmd, {
+    log = true,
+  } = {}) {
+    if (typeof log === 'string') {
+      // eslint-disable-next-line no-console
+      console.log(`$ ${log}`);
+    } else if (log === true) {
+      // eslint-disable-next-line no-console
+      console.log(`$ ${cmd}`);
+    }

    if (process.platform !== 'linux') {
      return '';
--- a/src/lib/WireGuard.js
+++ b/src/lib/WireGuard.js
@ -17,6 +17,8 @@ const {
  WG_MTU,
  WG_DEFAULT_DNS,
  WG_DEFAULT_ADDRESS,
+  WG_PERSISTENT_KEEPALIVE,
+  WG_ALLOWED_IPS,
 } = require('../config');

 module.exports = class WireGuard {
@ -36,7 +38,9 @@ module.exports = class WireGuard {
          debug('Configuration loaded.');
        } catch (err) {
          const privateKey = await Util.exec('wg genkey');
-          const publicKey = await Util.exec(`echo ${privateKey} | wg pubkey`);
+          const publicKey = await Util.exec(`echo ${privateKey} | wg pubkey`, {
+            log: 'echo ***hidden*** | wg pubkey',
+          });
          const address = WG_DEFAULT_ADDRESS.replace('x', '1');

          config = {
@ -51,6 +55,7 @@ module.exports = class WireGuard {
        }

        await this.__saveConfig(config);
+        await Util.exec('wg-quick down wg0').catch(() => { });
        await Util.exec('wg-quick up wg0');
        await Util.exec(`iptables -t nat -A POSTROUTING -s ${WG_DEFAULT_ADDRESS.replace('x', '0')}/24 -o eth0 -j MASQUERADE`);
        await Util.exec('iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT');
@ -125,7 +130,9 @@ AllowedIPs = ${client.address}/32`;
    }));

    // Loop WireGuard status
-    const dump = await Util.exec('wg show wg0 dump');
+    const dump = await Util.exec('wg show wg0 dump', {
+      log: false,
+    });
    dump
      .trim()
      .split('\n')
@ -174,7 +181,7 @@ AllowedIPs = ${client.address}/32`;
 [Interface]
 PrivateKey = ${client.privateKey}
 Address = ${client.address}/24
-DNS = ${WG_DEFAULT_DNS}
+${WG_DEFAULT_DNS ? `DNS = ${WG_DEFAULT_DNS}` : ''}
 if (typeof ${WG_MTU} !== 'undefined' || ${WG_MTU} !== null) {
 MTU = ${WG_MTU}
 }
@ -182,7 +189,8 @@ MTU = ${WG_MTU}
 [Peer]
 PublicKey = ${config.server.publicKey}
 PresharedKey = ${client.preSharedKey}
-AllowedIPs = 0.0.0.0/0, ::/0
+AllowedIPs = ${WG_ALLOWED_IPS}
+PersistentKeepalive = ${WG_PERSISTENT_KEEPALIVE}
 Endpoint = ${WG_HOST}:${WG_PORT}`;
  }

@ -269,4 +277,26 @@ Endpoint = ${WG_HOST}:${WG_PORT}`;
    await this.saveConfig();
  }

+  async updateClientName({ clientId, name }) {
+    const client = await this.getClient({ clientId });
+
+    client.name = name;
+    client.updatedAt = new Date();
+
+    await this.saveConfig();
+  }
+
+  async updateClientAddress({ clientId, address }) {
+    const client = await this.getClient({ clientId });
+
+    if (!Util.isValidIPv4(address)) {
+      throw new ServerError(`Invalid Address: ${address}`, 400);
+    }
+
+    client.address = address;
+    client.updatedAt = new Date();
+
+    await this.saveConfig();
+  }
+
 };