wip

2021-05-23 12:02:56 +02:00 · 2021-05-23 12:02:56 +02:00 · 9d355f67d8
parent 18b6ce7c78
commit 9d355f67d8
12 changed files with 60 additions and 37 deletions
--- a/12
+++ b/12
@ -8,6 +8,12 @@ RUN apt install -y wireguard iproute2 openresolv curl
 RUN curl -fsSL https://deb.nodesource.com/setup_16.x | bash -
 RUN apt-get install -y nodejs

-# RUN wg-quick up wg0
-EXPOSE 51820
-ENTRYPOINT ["tail", "-f", "/dev/null"]
+COPY src/ /app/
+WORKDIR /app
+RUN npm ci --production
+
+
+EXPOSE 51820/udp
+EXPOSE 80/tcp
+ENV DEBUG=Server,WireGuard
+CMD ["node", "server.js"]
--- a/config/wg0.conf
+++ b/config/wg0.conf
@ -14,8 +14,8 @@ PublicKey = i8xWKqicnDkNL14I4B+I1zlB8od/booA1joIosWn7X4=
 PresharedKey = MzplKtOQ44/IaAKri2VKqCoIlg4XiVH7TCp5bcYRTQU=
 AllowedIPs = 10.8.0.2/32

-# Client: Test 2 (c3ff2018-b2a8-4276-a16e-788e9a7e1aa6)
+# Client: Test (2ca33a1c-ed49-4bdd-b84c-adc77f1f3b2d)
 [Peer]
-PublicKey = 
-PresharedKey = 
-AllowedIPs = 10.8.0.4/32
+PublicKey = 563oiA0IuQqt8JPEXHGINT4mHYKzlLx9Ol2gcV1vKCk=
+PresharedKey = Q6xGB4og5Sj6M0MsHzkD16VsniT3FCqOnGmiLLilsU8=
+AllowedIPs = 10.8.0.3/32
--- a/config/wg0.json
+++ b/config/wg0.json
@ -17,14 +17,14 @@
      "address": "10.8.0.2",
      "enabled": true
    },
-    "c3ff2018-b2a8-4276-a16e-788e9a7e1aa6": {
-      "name": "Test 2",
-      "address": "10.8.0.4",
-      "privateKey": "",
-      "publicKey": "",
-      "preSharedKey": "",
-      "createdAt": "2021-05-22T21:26:28.552Z",
-      "updatedAt": "2021-05-22T21:26:28.552Z",
+    "2ca33a1c-ed49-4bdd-b84c-adc77f1f3b2d": {
+      "name": "Test",
+      "address": "10.8.0.3",
+      "privateKey": "AJVOxJxEnbWyrj7SbhJxxiIIgBsRljs1fP2xrN76Kns=",
+      "publicKey": "563oiA0IuQqt8JPEXHGINT4mHYKzlLx9Ol2gcV1vKCk=",
+      "preSharedKey": "Q6xGB4og5Sj6M0MsHzkD16VsniT3FCqOnGmiLLilsU8=",
+      "createdAt": "2021-05-22T21:41:49.876Z",
+      "updatedAt": "2021-05-22T21:41:49.876Z",
      "enabled": true
    }
  }
--- a/package.json
+++ b/package.json
@ -0,0 +1,5 @@
+{
+  "scripts": {
+    "build": ""
+  }
+}
--- a/run.sh
+++ b/run.sh
@ -1,9 +1,9 @@
 docker run \
-  -d \
  --name wg-easy \
  --cap-add=NET_ADMIN \
  --cap-add=SYS_MODULE \
  --sysctl="net.ipv4.conf.all.src_valid_mark=1" \
  --mount type=bind,source="$(pwd)"/config,target=/etc/wireguard \
  -p 51820:51820/udp \
+  -p 51821:51821/tcp \
  wg-easy
--- a/src/config.js
+++ b/src/config.js
@ -1,7 +1,7 @@
 'use strict';

-module.exports.PORT = process.env.PORT || 80;
-module.exports.PASSWORD = process.env.PASSWORD || 'wireguard';
+module.exports.PORT = process.env.PORT || 51821;
+module.exports.PASSWORD = process.env.PASSWORD;
 module.exports.WG_PATH = process.env.WG_PATH || '/etc/wireguard/';
 module.exports.WG_HOST = process.env.WG_HOST || '127.0.0.1';
 module.exports.WG_PORT = process.env.WG_PORT || 51820;
--- a/src/lib/Server.js
+++ b/src/lib/Server.js
@ -31,8 +31,14 @@ module.exports = class Server {

      // Authentication
      .get('/api/session', Util.promisify(async req => {
+        const requiresPassword = !!process.env.PASSWORD;
+        const authenticated = requiresPassword
+          ? !!(req.session && req.session.authenticated)
+          : true;
+
        return {
-          authenticated: !!(req.session && req.session.authenticated),
+          requiresPassword,
+          authenticated,
        };
      }))
      .post('/api/session', Util.promisify(async req => {
@ -55,7 +61,19 @@ module.exports = class Server {
      }))

      // WireGuard
-      .use(Util.requireSession)
+      .use((req, res, next) => {
+        if (!PASSWORD) {
+          return next();
+        }
+
+        if (req.session && req.session.authenticated) {
+          return next();
+        }
+
+        return res.status(401).json({
+          error: 'Not Logged In',
+        });
+      })
      .delete('/api/session', Util.promisify(async req => {
        const sessionId = req.session.id;

--- a/src/lib/Util.js
+++ b/src/lib/Util.js
@ -4,16 +4,6 @@ const childProcess = require('child_process');

 module.exports = class Util {

-  static requireSession(req, res, next) {
-    if (req.session && req.session.authenticated) {
-      return next();
-    }
-
-    return res.status(401).json({
-      error: 'Not Logged In',
-    });
-  }
-
  static promisify(fn) {
    return function(req, res) {
      Promise.resolve().then(async () => fn(req, res))
@ -53,7 +43,7 @@ module.exports = class Util {
    return new Promise((resolve, reject) => {
      childProcess.exec(cmd, (err, stdout) => {
        if (err) return reject(err);
-        return resolve(stdout);
+        return resolve(String(stdout).trim());
      });
    });
  }
--- a/src/lib/WireGuard.js
+++ b/src/lib/WireGuard.js
@ -34,8 +34,11 @@ module.exports = class WireGuard {
            },
            clients: {},
          };
+          await this.saveConfig();
        }

+        await Util.exec('wg-quick up wg0');
+
        return config;
      });
    }
@ -99,7 +102,7 @@ AllowedIPs = ${client.address}/32`;
        const [
          publicKey,
          preSharedKey, // eslint-disable-line no-unused-vars
-          endpoint,
+          endpoint, // eslint-disable-line no-unused-vars
          allowedIps, // eslint-disable-line no-unused-vars
          latestHandshakeAt,
          transferRx,
@ -110,9 +113,6 @@ AllowedIPs = ${client.address}/32`;
        const client = clients.find(client => client.publicKey === publicKey);
        if (!client) return;

-        client.endpoint = endpoint === '(none)'
-          ? null
-          : endpoint;
        client.latestHandshakeAt = latestHandshakeAt === '0'
          ? null
          : new Date(Number(`${latestHandshakeAt}000`));
--- a/src/package.json
+++ b/src/package.json
@ -4,7 +4,8 @@
  "description": "",
  "main": "server.js",
  "scripts": {
-    "serve": "DEBUG=Server PASSWORD=p WG_PATH=../config/ nodemon server.js"
+    "serve": "DEBUG=Server WG_PATH=../config/ nodemon server.js",
+    "serve-with-password": "PASSWORD=wg npm run serve"
  },
  "author": "Emile Nijssen",
  "license": "GPL",
--- a/src/www/index.html
+++ b/src/www/index.html
@ -15,7 +15,8 @@
  <div id="app" class="container mx-auto">
    <div v-if="authenticated === true">
      <h1 class="text-4xl font-medium mt-10 mb-2">WireGuard</h1>
-      <h2 class="text-sm text-gray-400 mb-10"><span class="cursor-pointer hover:underline" @click="logout">
+      <h2 class="text-sm text-gray-400 mb-10"><span v-if="requiresPassword" class="cursor-pointer hover:underline"
+          @click="logout">
          Logout
          <svg class="h-3 inline" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24"
            stroke="currentColor">
--- a/src/www/js/app.js
+++ b/src/www/js/app.js
@ -11,6 +11,7 @@ new Vue({
    authenticated: null,
    authenticating: false,
    password: null,
+    requiresPassword: null,

    clients: null,
    clientDelete: null,
@ -55,6 +56,7 @@ new Vue({
        .then(async () => {
          const session = await this.api.getSession();
          this.authenticated = session.authenticated;
+          this.requiresPassword = session.requiresPassword;
          return this.refresh();
        })
        .catch(err => {