From 9d355f67d8ccebff5e2b4107635d93fd57d91559 Mon Sep 17 00:00:00 2001 From: Emile Nijssen Date: Sun, 23 May 2021 12:02:56 +0200 Subject: [PATCH] wip --- Dockerfile | 12 +++++++++--- config/wg0.conf | 8 ++++---- config/wg0.json | 16 ++++++++-------- package.json | 5 +++++ run.sh | 2 +- src/config.js | 4 ++-- src/lib/Server.js | 22 ++++++++++++++++++++-- src/lib/Util.js | 12 +----------- src/lib/WireGuard.js | 8 ++++---- src/package.json | 3 ++- src/www/index.html | 3 ++- src/www/js/app.js | 2 ++ 12 files changed, 60 insertions(+), 37 deletions(-) create mode 100644 package.json diff --git a/Dockerfile b/Dockerfile index 4e31236..9d87d1c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,6 +8,12 @@ RUN apt install -y wireguard iproute2 openresolv curl RUN curl -fsSL https://deb.nodesource.com/setup_16.x | bash - RUN apt-get install -y nodejs -# RUN wg-quick up wg0 -EXPOSE 51820 -ENTRYPOINT ["tail", "-f", "/dev/null"] \ No newline at end of file +COPY src/ /app/ +WORKDIR /app +RUN npm ci --production + + +EXPOSE 51820/udp +EXPOSE 80/tcp +ENV DEBUG=Server,WireGuard +CMD ["node", "server.js"] \ No newline at end of file diff --git a/config/wg0.conf b/config/wg0.conf index 0daa190..4f496a6 100644 --- a/config/wg0.conf +++ b/config/wg0.conf @@ -14,8 +14,8 @@ PublicKey = i8xWKqicnDkNL14I4B+I1zlB8od/booA1joIosWn7X4= PresharedKey = MzplKtOQ44/IaAKri2VKqCoIlg4XiVH7TCp5bcYRTQU= AllowedIPs = 10.8.0.2/32 -# Client: Test 2 (c3ff2018-b2a8-4276-a16e-788e9a7e1aa6) +# Client: Test (2ca33a1c-ed49-4bdd-b84c-adc77f1f3b2d) [Peer] -PublicKey = -PresharedKey = -AllowedIPs = 10.8.0.4/32 \ No newline at end of file +PublicKey = 563oiA0IuQqt8JPEXHGINT4mHYKzlLx9Ol2gcV1vKCk= +PresharedKey = Q6xGB4og5Sj6M0MsHzkD16VsniT3FCqOnGmiLLilsU8= +AllowedIPs = 10.8.0.3/32 \ No newline at end of file diff --git a/config/wg0.json b/config/wg0.json index 5fe6abd..cd50c6b 100644 --- a/config/wg0.json +++ b/config/wg0.json @@ -17,14 +17,14 @@ "address": "10.8.0.2", "enabled": true }, - "c3ff2018-b2a8-4276-a16e-788e9a7e1aa6": { - "name": "Test 2", - "address": "10.8.0.4", - "privateKey": "", - "publicKey": "", - "preSharedKey": "", - "createdAt": "2021-05-22T21:26:28.552Z", - "updatedAt": "2021-05-22T21:26:28.552Z", + "2ca33a1c-ed49-4bdd-b84c-adc77f1f3b2d": { + "name": "Test", + "address": "10.8.0.3", + "privateKey": "AJVOxJxEnbWyrj7SbhJxxiIIgBsRljs1fP2xrN76Kns=", + "publicKey": "563oiA0IuQqt8JPEXHGINT4mHYKzlLx9Ol2gcV1vKCk=", + "preSharedKey": "Q6xGB4og5Sj6M0MsHzkD16VsniT3FCqOnGmiLLilsU8=", + "createdAt": "2021-05-22T21:41:49.876Z", + "updatedAt": "2021-05-22T21:41:49.876Z", "enabled": true } } diff --git a/package.json b/package.json new file mode 100644 index 0000000..f343aea --- /dev/null +++ b/package.json @@ -0,0 +1,5 @@ +{ + "scripts": { + "build": "" + } +} \ No newline at end of file diff --git a/run.sh b/run.sh index 32d9757..443b07e 100755 --- a/run.sh +++ b/run.sh @@ -1,9 +1,9 @@ docker run \ - -d \ --name wg-easy \ --cap-add=NET_ADMIN \ --cap-add=SYS_MODULE \ --sysctl="net.ipv4.conf.all.src_valid_mark=1" \ --mount type=bind,source="$(pwd)"/config,target=/etc/wireguard \ -p 51820:51820/udp \ + -p 51821:51821/tcp \ wg-easy \ No newline at end of file diff --git a/src/config.js b/src/config.js index 636de90..9c56b3b 100644 --- a/src/config.js +++ b/src/config.js @@ -1,7 +1,7 @@ 'use strict'; -module.exports.PORT = process.env.PORT || 80; -module.exports.PASSWORD = process.env.PASSWORD || 'wireguard'; +module.exports.PORT = process.env.PORT || 51821; +module.exports.PASSWORD = process.env.PASSWORD; module.exports.WG_PATH = process.env.WG_PATH || '/etc/wireguard/'; module.exports.WG_HOST = process.env.WG_HOST || '127.0.0.1'; module.exports.WG_PORT = process.env.WG_PORT || 51820; diff --git a/src/lib/Server.js b/src/lib/Server.js index 4c7e362..08262e6 100644 --- a/src/lib/Server.js +++ b/src/lib/Server.js @@ -31,8 +31,14 @@ module.exports = class Server { // Authentication .get('/api/session', Util.promisify(async req => { + const requiresPassword = !!process.env.PASSWORD; + const authenticated = requiresPassword + ? !!(req.session && req.session.authenticated) + : true; + return { - authenticated: !!(req.session && req.session.authenticated), + requiresPassword, + authenticated, }; })) .post('/api/session', Util.promisify(async req => { @@ -55,7 +61,19 @@ module.exports = class Server { })) // WireGuard - .use(Util.requireSession) + .use((req, res, next) => { + if (!PASSWORD) { + return next(); + } + + if (req.session && req.session.authenticated) { + return next(); + } + + return res.status(401).json({ + error: 'Not Logged In', + }); + }) .delete('/api/session', Util.promisify(async req => { const sessionId = req.session.id; diff --git a/src/lib/Util.js b/src/lib/Util.js index b86d519..3bfea75 100644 --- a/src/lib/Util.js +++ b/src/lib/Util.js @@ -4,16 +4,6 @@ const childProcess = require('child_process'); module.exports = class Util { - static requireSession(req, res, next) { - if (req.session && req.session.authenticated) { - return next(); - } - - return res.status(401).json({ - error: 'Not Logged In', - }); - } - static promisify(fn) { return function(req, res) { Promise.resolve().then(async () => fn(req, res)) @@ -53,7 +43,7 @@ module.exports = class Util { return new Promise((resolve, reject) => { childProcess.exec(cmd, (err, stdout) => { if (err) return reject(err); - return resolve(stdout); + return resolve(String(stdout).trim()); }); }); } diff --git a/src/lib/WireGuard.js b/src/lib/WireGuard.js index 661fd6a..078a509 100644 --- a/src/lib/WireGuard.js +++ b/src/lib/WireGuard.js @@ -34,8 +34,11 @@ module.exports = class WireGuard { }, clients: {}, }; + await this.saveConfig(); } + await Util.exec('wg-quick up wg0'); + return config; }); } @@ -99,7 +102,7 @@ AllowedIPs = ${client.address}/32`; const [ publicKey, preSharedKey, // eslint-disable-line no-unused-vars - endpoint, + endpoint, // eslint-disable-line no-unused-vars allowedIps, // eslint-disable-line no-unused-vars latestHandshakeAt, transferRx, @@ -110,9 +113,6 @@ AllowedIPs = ${client.address}/32`; const client = clients.find(client => client.publicKey === publicKey); if (!client) return; - client.endpoint = endpoint === '(none)' - ? null - : endpoint; client.latestHandshakeAt = latestHandshakeAt === '0' ? null : new Date(Number(`${latestHandshakeAt}000`)); diff --git a/src/package.json b/src/package.json index 67eb033..0cd76d2 100644 --- a/src/package.json +++ b/src/package.json @@ -4,7 +4,8 @@ "description": "", "main": "server.js", "scripts": { - "serve": "DEBUG=Server PASSWORD=p WG_PATH=../config/ nodemon server.js" + "serve": "DEBUG=Server WG_PATH=../config/ nodemon server.js", + "serve-with-password": "PASSWORD=wg npm run serve" }, "author": "Emile Nijssen", "license": "GPL", diff --git a/src/www/index.html b/src/www/index.html index 15b04b4..e93aa45 100644 --- a/src/www/index.html +++ b/src/www/index.html @@ -15,7 +15,8 @@

WireGuard

-

+

Logout diff --git a/src/www/js/app.js b/src/www/js/app.js index d148338..9f8abec 100644 --- a/src/www/js/app.js +++ b/src/www/js/app.js @@ -11,6 +11,7 @@ new Vue({ authenticated: null, authenticating: false, password: null, + requiresPassword: null, clients: null, clientDelete: null, @@ -55,6 +56,7 @@ new Vue({ .then(async () => { const session = await this.api.getSession(); this.authenticated = session.authenticated; + this.requiresPassword = session.requiresPassword; return this.refresh(); }) .catch(err => {