diff --git a/.dockerignore b/.dockerignore index ca447ca..ef9f460 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1 +1,3 @@ -/src/node_modules \ No newline at end of file +/src/node_modules +/wg-password/target +/wg-password/index.js \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index ca427af..276fec9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,3 +1,12 @@ +# Build wg-password binary using Rust on Alpine +FROM rust:1.79.0-alpine AS build_password_binary + +WORKDIR /wg-password +COPY wg-password . + +# Build the Rust project +RUN cargo build --release + # As a workaround we have to build on nodejs 18 # nodejs 20 hangs on build with armv6/armv7 FROM docker.io/library/node:18-alpine AS build_node_modules @@ -26,6 +35,9 @@ COPY --from=build_node_modules /app /app # than what runs inside of docker. COPY --from=build_node_modules /node_modules /node_modules +# Copy the compiled password binary from the build stage to /bin/ +COPY --from=build_password_binary /wg-password/target/release/wgpw /bin/ + # Install Linux packages RUN apk add --no-cache \ dpkg \ diff --git a/README.md b/README.md index 81d531a..f805100 100644 --- a/README.md +++ b/README.md @@ -80,7 +80,7 @@ To automatically install & run wg-easy, simply run: > 💡 Replace `YOUR_SERVER_IP` with your WAN IP, or a Dynamic DNS hostname. > -> 💡 Replace `YOUR_ADMIN_PASSWORD_HASH` with a bcrypt password hash to log in on the Web UI. See How_to_generate_an_bcrypt_hash.md for know how generate the hash. +> 💡 Replace `YOUR_ADMIN_PASSWORD_HASH` with a bcrypt password hash to log in on the Web UI. See [PASSWORD.md](./wg-password/PASSWORD.md) for know how generate the hash. The Web UI will now be available on `http://0.0.0.0:51821`. diff --git a/src/config.js b/src/config.js index 40b70dd..ac4b407 100644 --- a/src/config.js +++ b/src/config.js @@ -5,7 +5,6 @@ const { release } = require('./package.json'); module.exports.RELEASE = release; module.exports.PORT = process.env.PORT || '51821'; module.exports.WEBUI_HOST = process.env.WEBUI_HOST || '0.0.0.0'; -module.exports.PASSWORD = process.env.PASSWORD; module.exports.PASSWORD_HASH = process.env.PASSWORD_HASH; module.exports.WG_PATH = process.env.WG_PATH || '/etc/wireguard/'; module.exports.WG_DEVICE = process.env.WG_DEVICE || 'eth0'; diff --git a/src/lib/Server.js b/src/lib/Server.js index d995bb6..7f06da5 100644 --- a/src/lib/Server.js +++ b/src/lib/Server.js @@ -28,22 +28,18 @@ const { PORT, WEBUI_HOST, RELEASE, - PASSWORD, PASSWORD_HASH, LANG, UI_TRAFFIC_STATS, UI_CHART_TYPE, } = require('../config'); -const requiresPassword = !!PASSWORD || !!PASSWORD_HASH; +const requiresPassword = !!PASSWORD_HASH; /** * Checks if `password` matches the PASSWORD_HASH. * - * For backward compatibility it also allows `password` to match the clear text PASSWORD, - * but only if no PASSWORD_HASH is provided. - * - * If both enviornment variables are not set, the password is always invalid. + * If environment variable is not set, the password is always invalid. * * @param {string} password String to test * @returns {boolean} true if matching environment, otherwise false @@ -56,9 +52,6 @@ const isPasswordValid = (password) => { if (PASSWORD_HASH) { return bcrypt.compareSync(password, PASSWORD_HASH); } - if (PASSWORD) { - return password === PASSWORD; - } return false; }; diff --git a/wg-password/.gitignore b/wg-password/.gitignore new file mode 100644 index 0000000..9b9783d --- /dev/null +++ b/wg-password/.gitignore @@ -0,0 +1,2 @@ +target +index.mjs \ No newline at end of file diff --git a/wg-password/Cargo.lock b/wg-password/Cargo.lock new file mode 100644 index 0000000..5adbf6b --- /dev/null +++ b/wg-password/Cargo.lock @@ -0,0 +1,357 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 3 + +[[package]] +name = "aho-corasick" +version = "1.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916" +dependencies = [ + "memchr", +] + +[[package]] +name = "anstyle" +version = "1.0.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "038dfcf04a5feb68e9c60b21c9625a54c2c0616e79b72b0fd87075a056ae1d1b" + +[[package]] +name = "assert_cmd" +version = "2.0.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed72493ac66d5804837f480ab3766c72bdfab91a65e565fc54fa9e42db0073a8" +dependencies = [ + "anstyle", + "bstr", + "doc-comment", + "predicates", + "predicates-core", + "predicates-tree", + "wait-timeout", +] + +[[package]] +name = "autocfg" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0" + +[[package]] +name = "base64" +version = "0.22.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" + +[[package]] +name = "bcrypt" +version = "0.15.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e65938ed058ef47d92cf8b346cc76ef48984572ade631927e9937b5ffc7662c7" +dependencies = [ + "base64", + "blowfish", + "getrandom", + "subtle", + "zeroize", +] + +[[package]] +name = "blowfish" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e412e2cd0f2b2d93e02543ceae7917b3c70331573df19ee046bcbc35e45e87d7" +dependencies = [ + "byteorder", + "cipher", +] + +[[package]] +name = "bstr" +version = "1.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "05efc5cfd9110c8416e471df0e96702d58690178e206e61b7173706673c93706" +dependencies = [ + "memchr", + "regex-automata", + "serde", +] + +[[package]] +name = "byteorder" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" + +[[package]] +name = "cfg-if" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" + +[[package]] +name = "cipher" +version = "0.4.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad" +dependencies = [ + "crypto-common", + "inout", +] + +[[package]] +name = "crypto-common" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" +dependencies = [ + "generic-array", + "typenum", +] + +[[package]] +name = "difflib" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6184e33543162437515c2e2b48714794e37845ec9851711914eec9d308f6ebe8" + +[[package]] +name = "doc-comment" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fea41bba32d969b513997752735605054bc0dfa92b4c56bf1189f2e174be7a10" + +[[package]] +name = "float-cmp" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "98de4bbd547a563b716d8dfa9aad1cb19bfab00f4fa09a6a4ed21dbcf44ce9c4" +dependencies = [ + "num-traits", +] + +[[package]] +name = "generic-array" +version = "0.14.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" +dependencies = [ + "typenum", + "version_check", +] + +[[package]] +name = "getrandom" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" +dependencies = [ + "cfg-if", + "libc", + "wasi", +] + +[[package]] +name = "inout" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a0c10553d664a4d0bcff9f4215d0aac67a639cc68ef660840afe309b807bc9f5" +dependencies = [ + "generic-array", +] + +[[package]] +name = "libc" +version = "0.2.155" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" + +[[package]] +name = "memchr" +version = "2.7.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" + +[[package]] +name = "normalize-line-endings" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "61807f77802ff30975e01f4f071c8ba10c022052f98b3294119f3e615d13e5be" + +[[package]] +name = "num-traits" +version = "0.2.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" +dependencies = [ + "autocfg", +] + +[[package]] +name = "predicates" +version = "3.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68b87bfd4605926cdfefc1c3b5f8fe560e3feca9d5552cf68c466d3d8236c7e8" +dependencies = [ + "anstyle", + "difflib", + "float-cmp", + "normalize-line-endings", + "predicates-core", + "regex", +] + +[[package]] +name = "predicates-core" +version = "1.0.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b794032607612e7abeb4db69adb4e33590fa6cf1149e95fd7cb00e634b92f174" + +[[package]] +name = "predicates-tree" +version = "1.0.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "368ba315fb8c5052ab692e68a0eefec6ec57b23a36959c14496f0b0df2c0cecf" +dependencies = [ + "predicates-core", + "termtree", +] + +[[package]] +name = "proc-macro2" +version = "1.0.86" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5e719e8df665df0d1c8fbfd238015744736151d4445ec0836b8e628aae103b77" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quote" +version = "1.0.36" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "regex" +version = "1.10.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b91213439dad192326a0d7c6ee3955910425f441d7038e0d6933b0aec5c4517f" +dependencies = [ + "aho-corasick", + "memchr", + "regex-automata", + "regex-syntax", +] + +[[package]] +name = "regex-automata" +version = "0.4.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "38caf58cc5ef2fed281f89292ef23f6365465ed9a41b7a7754eb4e26496c92df" +dependencies = [ + "aho-corasick", + "memchr", + "regex-syntax", +] + +[[package]] +name = "regex-syntax" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7a66a03ae7c801facd77a29370b4faec201768915ac14a721ba36f20bc9c209b" + +[[package]] +name = "serde" +version = "1.0.204" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bc76f558e0cbb2a839d37354c575f1dc3fdc6546b5be373ba43d95f231bf7c12" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.204" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e0cd7e117be63d3c3678776753929474f3b04a43a080c744d6b0ae2a8c28e222" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "subtle" +version = "2.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" + +[[package]] +name = "syn" +version = "2.0.71" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b146dcf730474b4bcd16c311627b31ede9ab149045db4d6088b3becaea046462" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "termtree" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3369f5ac52d5eb6ab48c6b4ffdc8efbcad6b89c765749064ba298f2c68a16a76" + +[[package]] +name = "typenum" +version = "1.17.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" + +[[package]] +name = "unicode-ident" +version = "1.0.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" + +[[package]] +name = "version_check" +version = "0.9.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" + +[[package]] +name = "wait-timeout" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9f200f5b12eb75f8c1ed65abd4b2db8a6e1b138a20de009dacee265a2498f3f6" +dependencies = [ + "libc", +] + +[[package]] +name = "wasi" +version = "0.11.0+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" + +[[package]] +name = "wg-password" +version = "0.1.1" +dependencies = [ + "assert_cmd", + "bcrypt", + "predicates", +] + +[[package]] +name = "zeroize" +version = "1.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde" diff --git a/wg-password/Cargo.toml b/wg-password/Cargo.toml new file mode 100644 index 0000000..8f4860c --- /dev/null +++ b/wg-password/Cargo.toml @@ -0,0 +1,17 @@ +[package] +name = "wg-password" +version = "0.1.1" +authors = ["tetuaoro <65575727+tetuaoro@users.noreply.github.com>"] +description = "A binary to create bcrypt password hashes for wg-easy, enhancing security." +edition = "2021" + +[dependencies] +bcrypt = "0.15.1" + +[dev-dependencies] +assert_cmd = "2.0" +predicates = "3.0" + +[[bin]] +name = "wgpw" +path = "src/main.rs" diff --git a/wg-password/PASSWORD.md b/wg-password/PASSWORD.md new file mode 100644 index 0000000..1171c03 --- /dev/null +++ b/wg-password/PASSWORD.md @@ -0,0 +1,25 @@ +# wg-password + +`wg-password` is a Rust binary that generates bcrypt password hashes for use with `wg-easy`, enhancing security by requiring passwords. + +## Features + +- Generate bcrypt password hashes. +- Easily integrate with `wg-easy` to enforce password requirements. + +## Usage with Docker + +To generate a bcrypt password hash using Docker, run the following command: + +```sh +docker run ghcr.io/wg-easy/wg-easy wgpw YOUR_PASSWORD +PASSWORD_HASH='$2b$12$coPqCsPtcFO.Ab99xylBNOW4.Iu7OOA2/ZIboHN6/oyxca3MWo7fW' // litteraly YOUR_PASSWORD +``` + +## Important + +Make sure to enclose your password in single quotes when you run a linux host and *don't use double* `$`. [See](../How_to_generate_an_bcrypt_hash.md#generating-bcrypt-hash-from-an-script-file). + +## LICENSE + +[wg-easy license](../LICENSE) \ No newline at end of file diff --git a/wg-password/src/main.rs b/wg-password/src/main.rs new file mode 100644 index 0000000..3dc1df5 --- /dev/null +++ b/wg-password/src/main.rs @@ -0,0 +1,39 @@ +fn main() { + let args = std::env::args(); + let collect = args.collect::>(); + match collect.get(1) { + None => panic!("Your password was missing !"), + Some(password) => match bcrypt::hash(password, bcrypt::DEFAULT_COST) { + Err(err) => eprintln!("{}", err.to_string()), + Ok(hash) => println!("PASSWORD_HASH='{hash}'"), + }, + } +} + +#[cfg(test)] +mod test { + use assert_cmd::Command; + use predicates::prelude::*; + + #[test] + fn test_missing_password() { + // Test when no password is provided + let mut cmd = Command::cargo_bin("wgpw").unwrap(); + cmd.assert() + .failure() + .stderr(predicate::str::contains("Your password was missing !")); + } + + #[test] + fn test_generate_password() { + // Test with a valid password + let mut cmd = Command::cargo_bin("wgpw").unwrap(); + cmd.arg("my_password") + .assert() + .success() + .stdout(predicate::str::contains("PASSWORD_HASH='")); + } + + // fn test_invalid_password() { + // } +}