From a646cd7d77a463dafda1d66dc9ff30070268dd4e Mon Sep 17 00:00:00 2001 From: Lombra Date: Thu, 12 Nov 2020 19:59:50 +0100 Subject: [PATCH 1/7] Add server option for allowed IPs --- wg_dashboard_backend/const.py | 2 -- .../versions/008_create_allowed_ips.py | 21 +++++++++++++++++++ wg_dashboard_backend/models.py | 1 + wg_dashboard_backend/routers/v1/peer.py | 3 +-- wg_dashboard_backend/schemas.py | 1 + .../add-server/add-server.component.html | 11 +++++++++- .../add-server/add-server.component.ts | 2 ++ 7 files changed, 36 insertions(+), 5 deletions(-) create mode 100644 wg_dashboard_backend/migrations/versions/008_create_allowed_ips.py diff --git a/wg_dashboard_backend/const.py b/wg_dashboard_backend/const.py index 1ae9cdb..06126c5 100644 --- a/wg_dashboard_backend/const.py +++ b/wg_dashboard_backend/const.py @@ -43,8 +43,6 @@ else: DEFAULT_CONFIG_DIR = "/config" os.makedirs(DEFAULT_CONFIG_DIR, exist_ok=True) -PEER_DEFAULT_ALLOWED_IPS = ["0.0.0.0/0", "::/0"] - ENV_CONFIG_DIR = os.getenv("ENV_CONFIG_DIR", DEFAULT_CONFIG_DIR) os.makedirs(ENV_CONFIG_DIR, exist_ok=True) diff --git a/wg_dashboard_backend/migrations/versions/008_create_allowed_ips.py b/wg_dashboard_backend/migrations/versions/008_create_allowed_ips.py new file mode 100644 index 0000000..ba654bb --- /dev/null +++ b/wg_dashboard_backend/migrations/versions/008_create_allowed_ips.py @@ -0,0 +1,21 @@ +from sqlalchemy import * +from migrate import * + + +def upgrade(migrate_engine): + try: + meta = MetaData(bind=migrate_engine) + server = Table('server', meta, autoload=True) + allowed_ips = Column('allowed_ips', Text) + allowed_ips.create(server) + except: + pass + + +def downgrade(migrate_engine): + try: + meta = MetaData(bind=migrate_engine) + server = Table('server', meta, autoload=True) + server.c.allowed_ips.drop() + except: + pass diff --git a/wg_dashboard_backend/models.py b/wg_dashboard_backend/models.py index 0c7ef68..2fbc056 100644 --- a/wg_dashboard_backend/models.py +++ b/wg_dashboard_backend/models.py @@ -41,6 +41,7 @@ class WGServer(Base): public_key = Column(sqlalchemy.String) endpoint = Column(sqlalchemy.String) dns = Column(sqlalchemy.String) + allowed_ips = Column(sqlalchemy.String) read_only = Column(sqlalchemy.Integer, default=0) post_up = Column(sqlalchemy.String) diff --git a/wg_dashboard_backend/routers/v1/peer.py b/wg_dashboard_backend/routers/v1/peer.py index 7bc8949..77b8dd9 100644 --- a/wg_dashboard_backend/routers/v1/peer.py +++ b/wg_dashboard_backend/routers/v1/peer.py @@ -64,8 +64,7 @@ def add_peer( peer.private_key = keys["private_key"] peer.public_key = keys["public_key"] - # Set 0.0.0.0/0, ::/0 as default allowed ips - peer.allowed_ips = ', '.join(const.PEER_DEFAULT_ALLOWED_IPS) + peer.allowed_ips = server.allowed_ips # Set unnamed peer.name = "Unnamed" if not peer_add.name else peer_add.name diff --git a/wg_dashboard_backend/schemas.py b/wg_dashboard_backend/schemas.py index 2e71529..a540e35 100644 --- a/wg_dashboard_backend/schemas.py +++ b/wg_dashboard_backend/schemas.py @@ -169,6 +169,7 @@ class WGServer(GenericModel): post_up: str = None post_down: str = None dns: str = None + allowed_ips: str = None read_only: int = None peers: pydantic.typing.List['WGPeer'] = [] diff --git a/wg_dashboard_frontend/src/app/page/dashboard/add-server/add-server.component.html b/wg_dashboard_frontend/src/app/page/dashboard/add-server/add-server.component.html index f5c8882..2197971 100644 --- a/wg_dashboard_frontend/src/app/page/dashboard/add-server/add-server.component.html +++ b/wg_dashboard_frontend/src/app/page/dashboard/add-server/add-server.component.html @@ -107,7 +107,16 @@ - + + + + + Default allowed IPs + + + + +

Keys

diff --git a/wg_dashboard_frontend/src/app/page/dashboard/add-server/add-server.component.ts b/wg_dashboard_frontend/src/app/page/dashboard/add-server/add-server.component.ts index 0227145..863428d 100644 --- a/wg_dashboard_frontend/src/app/page/dashboard/add-server/add-server.component.ts +++ b/wg_dashboard_frontend/src/app/page/dashboard/add-server/add-server.component.ts @@ -44,6 +44,7 @@ export class AddServerComponent implements OnInit { defaultIPv4Address = "10.0.200.1" defaultDNS = this.defaultIPv4Address + ",8.8.8.8" defaultIPv6Address = "fd42:42:42::1" + defaultAllowedIPs = "0.0.0.0/0, ::/0" serverForm: FormGroup = null; @@ -60,6 +61,7 @@ export class AddServerComponent implements OnInit { listen_port: new FormControl(this.defaultListenPort, [Validators.required, NumberValidator.stringIsNumber]), endpoint: new FormControl('', Validators.required), dns: new FormControl(this.defaultDNS), + allowed_ips: new FormControl(this.defaultAllowedIPs), private_key: new FormControl('' ), public_key: new FormControl('' ), post_up: new FormControl(''), From 9e69f9250799bc76c7c6713e24aad0dfb96b32fa Mon Sep 17 00:00:00 2001 From: Lombra Date: Thu, 12 Nov 2020 20:02:03 +0100 Subject: [PATCH 2/7] Reset server form only if server was added successfully --- .../app/page/dashboard/add-server/add-server.component.ts | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/wg_dashboard_frontend/src/app/page/dashboard/add-server/add-server.component.ts b/wg_dashboard_frontend/src/app/page/dashboard/add-server/add-server.component.ts index 863428d..ad7739f 100644 --- a/wg_dashboard_frontend/src/app/page/dashboard/add-server/add-server.component.ts +++ b/wg_dashboard_frontend/src/app/page/dashboard/add-server/add-server.component.ts @@ -226,18 +226,17 @@ export class AddServerComponent implements OnInit { const idx = this.servers.indexOf(this.editServer); this.serverAPI.editServer(this.editServer, form).subscribe((server: Server) => { this.servers[idx] = server; + this.resetForm(); }); } else { this.serverAPI.addServer(form).subscribe((server: Server) => { this.servers.push(server); + this.resetForm(); }); } - - this.resetForm(); - } getKeyPair() { From 4cd7333f2f36edc764d02bd843e74189aacc570f Mon Sep 17 00:00:00 2001 From: Lombra Date: Thu, 12 Nov 2020 20:08:05 +0100 Subject: [PATCH 3/7] Fix missing read_only parameter on server add via web interface --- .../src/app/page/dashboard/add-server/add-server.component.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wg_dashboard_frontend/src/app/page/dashboard/add-server/add-server.component.ts b/wg_dashboard_frontend/src/app/page/dashboard/add-server/add-server.component.ts index ad7739f..7c13f81 100644 --- a/wg_dashboard_frontend/src/app/page/dashboard/add-server/add-server.component.ts +++ b/wg_dashboard_frontend/src/app/page/dashboard/add-server/add-server.component.ts @@ -66,7 +66,7 @@ export class AddServerComponent implements OnInit { public_key: new FormControl('' ), post_up: new FormControl(''), post_down: new FormControl(''), - read_only: new FormControl(''), + read_only: new FormControl(0), // Unused on backend configuration: new FormControl(''), From f1074b99b3a4e4997ba5d3172354af55cbd68fd1 Mon Sep 17 00:00:00 2001 From: rezor92 Date: Tue, 17 Nov 2020 09:05:20 +0100 Subject: [PATCH 4/7] Hide DNS in client configuration if not set --- wg_dashboard_backend/templates/peer.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/wg_dashboard_backend/templates/peer.j2 b/wg_dashboard_backend/templates/peer.j2 index b78a305..a4b9b42 100644 --- a/wg_dashboard_backend/templates/peer.j2 +++ b/wg_dashboard_backend/templates/peer.j2 @@ -1,7 +1,9 @@ [Interface] Address = {{ data.peer.address }}/{{ data.server.subnet }}{%- if is_ipv6 -%},{{ data.peer.v6_address }}/{{ data.server.v6_subnet }}{%- endif %} PrivateKey = {{ data.peer.private_key }} +{% if data.peer.dns %} DNS = {{ data.peer.dns }} +{% endif %} [Peer] PublicKey = {{ data.server.public_key }} From 8f0188c7c8b3273f28dbd675dbd73e409131466b Mon Sep 17 00:00:00 2001 From: rezor92 Date: Tue, 17 Nov 2020 09:06:34 +0100 Subject: [PATCH 5/7] Add uvloop and httptools to requirements --- wg_dashboard_backend/requirements.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/wg_dashboard_backend/requirements.txt b/wg_dashboard_backend/requirements.txt index 3c3a41f..bd12c6a 100644 --- a/wg_dashboard_backend/requirements.txt +++ b/wg_dashboard_backend/requirements.txt @@ -13,4 +13,6 @@ sqlalchemy_utils sqlalchemy-migrate requests uvicorn +uvloop +httptools qrcode[pil] From 3d9882a19a9e9d832c07f412d8054fd74311d010 Mon Sep 17 00:00:00 2001 From: rezor92 Date: Tue, 17 Nov 2020 09:30:10 +0100 Subject: [PATCH 6/7] Make PersistentKeepalive configurable --- .../versions/009_create_keep_alive.py | 21 +++++++++++++++++++ wg_dashboard_backend/models.py | 2 ++ wg_dashboard_backend/routers/v1/peer.py | 1 + wg_dashboard_backend/schemas.py | 2 ++ wg_dashboard_backend/templates/peer.j2 | 9 +++----- .../src/app/interfaces/peer.ts | 1 + .../add-server/add-server.component.html | 8 +++++++ .../add-server/add-server.component.ts | 2 ++ .../page/dashboard/peer/peer.component.html | 7 +++++++ 9 files changed, 47 insertions(+), 6 deletions(-) create mode 100644 wg_dashboard_backend/migrations/versions/009_create_keep_alive.py diff --git a/wg_dashboard_backend/migrations/versions/009_create_keep_alive.py b/wg_dashboard_backend/migrations/versions/009_create_keep_alive.py new file mode 100644 index 0000000..90b49cb --- /dev/null +++ b/wg_dashboard_backend/migrations/versions/009_create_keep_alive.py @@ -0,0 +1,21 @@ +from sqlalchemy import * +from migrate import * + + +def upgrade(migrate_engine): + try: + meta = MetaData(bind=migrate_engine) + server = Table('server', meta, autoload=True) + keep_alive = Column('keep_alive', Text) + keep_alive.create(server) + except: + pass + + +def downgrade(migrate_engine): + try: + meta = MetaData(bind=migrate_engine) + server = Table('server', meta, autoload=True) + server.c.keep_alive.drop() + except: + pass diff --git a/wg_dashboard_backend/models.py b/wg_dashboard_backend/models.py index 2fbc056..bdfbbc1 100644 --- a/wg_dashboard_backend/models.py +++ b/wg_dashboard_backend/models.py @@ -42,6 +42,7 @@ class WGServer(Base): endpoint = Column(sqlalchemy.String) dns = Column(sqlalchemy.String) allowed_ips = Column(sqlalchemy.String) + keep_alive = Column(sqlalchemy.String) read_only = Column(sqlalchemy.Integer, default=0) post_up = Column(sqlalchemy.String) @@ -64,6 +65,7 @@ class WGPeer(Base): shared_key = Column(sqlalchemy.Text) dns = Column(sqlalchemy.Text) allowed_ips = Column(sqlalchemy.String) + keep_alive = Column(sqlalchemy.String) read_only = Column(sqlalchemy.Integer, default=0) server_id = Column(Integer, sqlalchemy.ForeignKey('server.id', ondelete="CASCADE", onupdate="CASCADE")) diff --git a/wg_dashboard_backend/routers/v1/peer.py b/wg_dashboard_backend/routers/v1/peer.py index 77b8dd9..6f07958 100644 --- a/wg_dashboard_backend/routers/v1/peer.py +++ b/wg_dashboard_backend/routers/v1/peer.py @@ -65,6 +65,7 @@ def add_peer( peer.public_key = keys["public_key"] peer.allowed_ips = server.allowed_ips + peer.keep_alive = server.keep_alive # Set unnamed peer.name = "Unnamed" if not peer_add.name else peer_add.name diff --git a/wg_dashboard_backend/schemas.py b/wg_dashboard_backend/schemas.py index a540e35..6c9fb5b 100644 --- a/wg_dashboard_backend/schemas.py +++ b/wg_dashboard_backend/schemas.py @@ -132,6 +132,7 @@ class WGPeer(GenericModel): server_id: str dns: str = None allowed_ips: str = None + keep_alive: str = None configuration: str = None class Meta: @@ -170,6 +171,7 @@ class WGServer(GenericModel): post_down: str = None dns: str = None allowed_ips: str = None + keep_alive: str = None read_only: int = None peers: pydantic.typing.List['WGPeer'] = [] diff --git a/wg_dashboard_backend/templates/peer.j2 b/wg_dashboard_backend/templates/peer.j2 index a4b9b42..c7faf57 100644 --- a/wg_dashboard_backend/templates/peer.j2 +++ b/wg_dashboard_backend/templates/peer.j2 @@ -1,14 +1,11 @@ [Interface] Address = {{ data.peer.address }}/{{ data.server.subnet }}{%- if is_ipv6 -%},{{ data.peer.v6_address }}/{{ data.server.v6_subnet }}{%- endif %} PrivateKey = {{ data.peer.private_key }} -{% if data.peer.dns %} -DNS = {{ data.peer.dns }} -{% endif %} +{% if data.peer.dns %}DNS = {{ data.peer.dns }}{% endif %} [Peer] PublicKey = {{ data.server.public_key }} AllowedIPs = {{ data.peer.allowed_ips }} Endpoint = {{ data.server.endpoint }}:{{ data.server.listen_port }} -{% if data.peer.shared_key %} -PresharedKey = {{ data.peer.shared_key }} -{% endif %} +{% if data.peer.shared_key %}PresharedKey = {{ data.peer.shared_key }}{% endif %} +{% if data.peer.keep_alive %}PersistentKeepalive = {{data.peer.keep_alive}}{% endif %} diff --git a/wg_dashboard_frontend/src/app/interfaces/peer.ts b/wg_dashboard_frontend/src/app/interfaces/peer.ts index c96cb1d..2a913c7 100644 --- a/wg_dashboard_frontend/src/app/interfaces/peer.ts +++ b/wg_dashboard_frontend/src/app/interfaces/peer.ts @@ -7,6 +7,7 @@ export interface Peer { shared_key: string; dns: string; allowed_ips: string; + keep_alive: string; name: string; configuration: string; stats: { diff --git a/wg_dashboard_frontend/src/app/page/dashboard/add-server/add-server.component.html b/wg_dashboard_frontend/src/app/page/dashboard/add-server/add-server.component.html index 2197971..af13857 100644 --- a/wg_dashboard_frontend/src/app/page/dashboard/add-server/add-server.component.html +++ b/wg_dashboard_frontend/src/app/page/dashboard/add-server/add-server.component.html @@ -116,6 +116,14 @@ + + + + Default PersistentKeepalive interval + + + +

Keys

diff --git a/wg_dashboard_frontend/src/app/page/dashboard/add-server/add-server.component.ts b/wg_dashboard_frontend/src/app/page/dashboard/add-server/add-server.component.ts index 7c13f81..f14309e 100644 --- a/wg_dashboard_frontend/src/app/page/dashboard/add-server/add-server.component.ts +++ b/wg_dashboard_frontend/src/app/page/dashboard/add-server/add-server.component.ts @@ -45,6 +45,7 @@ export class AddServerComponent implements OnInit { defaultDNS = this.defaultIPv4Address + ",8.8.8.8" defaultIPv6Address = "fd42:42:42::1" defaultAllowedIPs = "0.0.0.0/0, ::/0" + defaultPersistentKeepalive = "0" serverForm: FormGroup = null; @@ -62,6 +63,7 @@ export class AddServerComponent implements OnInit { endpoint: new FormControl('', Validators.required), dns: new FormControl(this.defaultDNS), allowed_ips: new FormControl(this.defaultAllowedIPs), + keep_alive: new FormControl(this.defaultPersistentKeepalive), private_key: new FormControl('' ), public_key: new FormControl('' ), post_up: new FormControl(''), diff --git a/wg_dashboard_frontend/src/app/page/dashboard/peer/peer.component.html b/wg_dashboard_frontend/src/app/page/dashboard/peer/peer.component.html index bfca94a..da7af02 100644 --- a/wg_dashboard_frontend/src/app/page/dashboard/peer/peer.component.html +++ b/wg_dashboard_frontend/src/app/page/dashboard/peer/peer.component.html @@ -40,6 +40,13 @@

+

+ + PersistentKeepalive interval + + +

+

Keys

From 898e673852ca90a4781a46eed3446f37ac10e314 Mon Sep 17 00:00:00 2001 From: rezor92 Date: Tue, 17 Nov 2020 13:56:54 +0100 Subject: [PATCH 7/7] Change keep_alive from string to integer / number --- .../migrations/versions/009_create_keep_alive.py | 2 +- wg_dashboard_backend/models.py | 4 ++-- wg_dashboard_backend/schemas.py | 4 ++-- wg_dashboard_frontend/src/app/interfaces/peer.ts | 2 +- .../src/app/page/dashboard/add-server/add-server.component.ts | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/wg_dashboard_backend/migrations/versions/009_create_keep_alive.py b/wg_dashboard_backend/migrations/versions/009_create_keep_alive.py index 90b49cb..e5f3ae7 100644 --- a/wg_dashboard_backend/migrations/versions/009_create_keep_alive.py +++ b/wg_dashboard_backend/migrations/versions/009_create_keep_alive.py @@ -6,7 +6,7 @@ def upgrade(migrate_engine): try: meta = MetaData(bind=migrate_engine) server = Table('server', meta, autoload=True) - keep_alive = Column('keep_alive', Text) + keep_alive = Column('keep_alive', Integer) keep_alive.create(server) except: pass diff --git a/wg_dashboard_backend/models.py b/wg_dashboard_backend/models.py index bdfbbc1..4452be2 100644 --- a/wg_dashboard_backend/models.py +++ b/wg_dashboard_backend/models.py @@ -42,7 +42,7 @@ class WGServer(Base): endpoint = Column(sqlalchemy.String) dns = Column(sqlalchemy.String) allowed_ips = Column(sqlalchemy.String) - keep_alive = Column(sqlalchemy.String) + keep_alive = Column(sqlalchemy.Integer, default=0) read_only = Column(sqlalchemy.Integer, default=0) post_up = Column(sqlalchemy.String) @@ -65,7 +65,7 @@ class WGPeer(Base): shared_key = Column(sqlalchemy.Text) dns = Column(sqlalchemy.Text) allowed_ips = Column(sqlalchemy.String) - keep_alive = Column(sqlalchemy.String) + keep_alive = Column(sqlalchemy.Integer, default=0) read_only = Column(sqlalchemy.Integer, default=0) server_id = Column(Integer, sqlalchemy.ForeignKey('server.id', ondelete="CASCADE", onupdate="CASCADE")) diff --git a/wg_dashboard_backend/schemas.py b/wg_dashboard_backend/schemas.py index 6c9fb5b..b5836d4 100644 --- a/wg_dashboard_backend/schemas.py +++ b/wg_dashboard_backend/schemas.py @@ -132,7 +132,7 @@ class WGPeer(GenericModel): server_id: str dns: str = None allowed_ips: str = None - keep_alive: str = None + keep_alive: int = None configuration: str = None class Meta: @@ -171,7 +171,7 @@ class WGServer(GenericModel): post_down: str = None dns: str = None allowed_ips: str = None - keep_alive: str = None + keep_alive: int = None read_only: int = None peers: pydantic.typing.List['WGPeer'] = [] diff --git a/wg_dashboard_frontend/src/app/interfaces/peer.ts b/wg_dashboard_frontend/src/app/interfaces/peer.ts index 2a913c7..9e58eec 100644 --- a/wg_dashboard_frontend/src/app/interfaces/peer.ts +++ b/wg_dashboard_frontend/src/app/interfaces/peer.ts @@ -7,7 +7,7 @@ export interface Peer { shared_key: string; dns: string; allowed_ips: string; - keep_alive: string; + keep_alive: number; name: string; configuration: string; stats: { diff --git a/wg_dashboard_frontend/src/app/page/dashboard/add-server/add-server.component.ts b/wg_dashboard_frontend/src/app/page/dashboard/add-server/add-server.component.ts index f14309e..c8c534e 100644 --- a/wg_dashboard_frontend/src/app/page/dashboard/add-server/add-server.component.ts +++ b/wg_dashboard_frontend/src/app/page/dashboard/add-server/add-server.component.ts @@ -45,7 +45,7 @@ export class AddServerComponent implements OnInit { defaultDNS = this.defaultIPv4Address + ",8.8.8.8" defaultIPv6Address = "fd42:42:42::1" defaultAllowedIPs = "0.0.0.0/0, ::/0" - defaultPersistentKeepalive = "0" + defaultPersistentKeepalive = 0; serverForm: FormGroup = null;