Mirrors/WGDashboard
1
0
Fork 0
mirror of https://github.com/donaldzou/WGDashboard.git synced 2025-08-27 23:41:14 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'main' into conflict-resolved

Browse Source
This commit is contained in:
dselen
2024-09-09 09:01:07 +02:00
committed by GitHub
parent 40e6fce281 e21853286e
commit f5cb5c4516
11 changed files with 420 additions and 132 deletions
Download Patch File Download Diff File Expand all files Collapse all files

201
src/dashboard.py
View File

@@ -442,6 +442,8 @@ class WireguardConfiguration:
return self.message
def __init__(self, name: str = None, data: dict = None):
print(f"[WGDashboard] Initialized Configuration: {name}")
self.__parser: configparser.ConfigParser = configparser.ConfigParser(strict=False)
self.__parser.optionxform = str
self.__configFileModifiedTime = None
@@ -588,83 +590,93 @@ class WireguardConfiguration:
restricted = sqlSelect("SELECT * FROM '%s_restrict_access'" % self.Name).fetchall()
for i in restricted:
self.RestrictedPeers.append(Peer(i, self))
def configurationFileChanged(self) :
mt = os.path.getmtime(os.path.join(WG_CONF_PATH, f'{self.Name}.conf'))
changed = self.__configFileModifiedTime is None or self.__configFileModifiedTime != mt
self.__configFileModifiedTime = mt
return changed
def __getPeers(self):
mt = os.path.getmtime(os.path.join(WG_CONF_PATH, f'{self.Name}.conf'))
# if self.__configFileModifiedTime is None or self.__configFileModifiedTime != mt:
self.Peers = []
with open(os.path.join(WG_CONF_PATH, f'{self.Name}.conf'), 'r') as configFile:
p = []
pCounter = -1
content = configFile.read().split('\n')
try:
peerStarts = content.index("[Peer]")
content = content[peerStarts:]
for i in content:
if not regex_match("#(.*)", i) and not regex_match(";(.*)", i):
if i == "[Peer]":
pCounter += 1
p.append({})
p[pCounter]["name"] = ""
else:
if len(i) > 0:
split = re.split(r'\s*=\s*', i, 1)
if len(split) == 2:
p[pCounter][split[0]] = split[1]
if self.configurationFileChanged():
self.Peers = []
with open(os.path.join(WG_CONF_PATH, f'{self.Name}.conf'), 'r') as configFile:
p = []
pCounter = -1
content = configFile.read().split('\n')
try:
peerStarts = content.index("[Peer]")
content = content[peerStarts:]
for i in content:
if not regex_match("#(.*)", i) and not regex_match(";(.*)", i):
if i == "[Peer]":
pCounter += 1
p.append({})
p[pCounter]["name"] = ""
else:
if len(i) > 0:
split = re.split(r'\s*=\s*', i, 1)
if len(split) == 2:
p[pCounter][split[0]] = split[1]
if regex_match("#Name# = (.*)", i):
split = re.split(r'\s*=\s*', i, 1)
print(split)
if len(split) == 2:
p[pCounter]["name"] = split[1]
if regex_match("#Name# = (.*)", i):
split = re.split(r'\s*=\s*', i, 1)
print(split)
if len(split) == 2:
p[pCounter]["name"] = split[1]
for i in p:
if "PublicKey" in i.keys():
checkIfExist = sqlSelect("SELECT * FROM '%s' WHERE id = ?" % self.Name,
((i['PublicKey']),)).fetchone()
if checkIfExist is None:
newPeer = {
"id": i['PublicKey'],
"private_key": "",
"DNS": DashboardConfig.GetConfig("Peers", "peer_global_DNS")[1],
"endpoint_allowed_ip": DashboardConfig.GetConfig("Peers", "peer_endpoint_allowed_ip")[
1],
"name": i.get("name"),
"total_receive": 0,
"total_sent": 0,
"total_data": 0,
"endpoint": "N/A",
"status": "stopped",
"latest_handshake": "N/A",
"allowed_ip": i.get("AllowedIPs", "N/A"),
"cumu_receive": 0,
"cumu_sent": 0,
"cumu_data": 0,
"traffic": [],
"mtu": DashboardConfig.GetConfig("Peers", "peer_mtu")[1],
"keepalive": DashboardConfig.GetConfig("Peers", "peer_keep_alive")[1],
"remote_endpoint": DashboardConfig.GetConfig("Peers", "remote_endpoint")[1],
"preshared_key": i["PresharedKey"] if "PresharedKey" in i.keys() else ""
}
sqlUpdate(
"""
INSERT INTO '%s'
VALUES (:id, :private_key, :DNS, :endpoint_allowed_ip, :name, :total_receive, :total_sent,
:total_data, :endpoint, :status, :latest_handshake, :allowed_ip, :cumu_receive, :cumu_sent,
:cumu_data, :mtu, :keepalive, :remote_endpoint, :preshared_key);
""" % self.Name
, newPeer)
# sqldb.commit()
self.Peers.append(Peer(newPeer, self))
else:
sqlUpdate("UPDATE '%s' SET allowed_ip = ? WHERE id = ?" % self.Name,
(i.get("AllowedIPs", "N/A"), i['PublicKey'],))
# sqldb.commit()
self.Peers.append(Peer(checkIfExist, self))
except Exception as e:
print(f"[WGDashboard] {self.Name} Error: {str(e)}")
self.__configFileModifiedTime = mt
for i in p:
if "PublicKey" in i.keys():
checkIfExist = sqlSelect("SELECT * FROM '%s' WHERE id = ?" % self.Name,
((i['PublicKey']),)).fetchone()
if checkIfExist is None:
newPeer = {
"id": i['PublicKey'],
"private_key": "",
"DNS": DashboardConfig.GetConfig("Peers", "peer_global_DNS")[1],
"endpoint_allowed_ip": DashboardConfig.GetConfig("Peers", "peer_endpoint_allowed_ip")[
1],
"name": i.get("name"),
"total_receive": 0,
"total_sent": 0,
"total_data": 0,
"endpoint": "N/A",
"status": "stopped",
"latest_handshake": "N/A",
"allowed_ip": i.get("AllowedIPs", "N/A"),
"cumu_receive": 0,
"cumu_sent": 0,
"cumu_data": 0,
"traffic": [],
"mtu": DashboardConfig.GetConfig("Peers", "peer_mtu")[1],
"keepalive": DashboardConfig.GetConfig("Peers", "peer_keep_alive")[1],
"remote_endpoint": DashboardConfig.GetConfig("Peers", "remote_endpoint")[1],
"preshared_key": i["PresharedKey"] if "PresharedKey" in i.keys() else ""
}
sqlUpdate(
"""
INSERT INTO '%s'
VALUES (:id, :private_key, :DNS, :endpoint_allowed_ip, :name, :total_receive, :total_sent,
:total_data, :endpoint, :status, :latest_handshake, :allowed_ip, :cumu_receive, :cumu_sent,
:cumu_data, :mtu, :keepalive, :remote_endpoint, :preshared_key);
""" % self.Name
, newPeer)
# sqldb.commit()
self.Peers.append(Peer(newPeer, self))
else:
sqlUpdate("UPDATE '%s' SET allowed_ip = ? WHERE id = ?" % self.Name,
(i.get("AllowedIPs", "N/A"), i['PublicKey'],))
# sqldb.commit()
self.Peers.append(Peer(checkIfExist, self))
except Exception as e:
print(f"[WGDashboard] {self.Name} Error: {str(e)}")
else:
self.Peers.clear()
checkIfExist = sqlSelect("SELECT * FROM '%s'" % self.Name).fetchall()
for i in checkIfExist:
self.Peers.append(Peer(i, self))
def addPeers(self, peers: list):
for p in peers:
@@ -803,12 +815,11 @@ class WireguardConfiguration:
else:
status = "stopped"
if int(latestHandshake[count + 1]) > 0:
sqldb.execute("UPDATE '%s' SET latest_handshake = ?, status = ? WHERE id= ?" % self.Name
sqlUpdate("UPDATE '%s' SET latest_handshake = ?, status = ? WHERE id= ?" % self.Name
, (str(minus).split(".", maxsplit=1)[0], status, latestHandshake[count],))
else:
sqldb.execute("UPDATE '%s' SET latest_handshake = 'No Handshake', status = ? WHERE id= ?" % self.Name
sqlUpdate("UPDATE '%s' SET latest_handshake = 'No Handshake', status = ? WHERE id= ?" % self.Name
, (status, latestHandshake[count],))
sqldb.commit()
count += 2
@@ -1284,16 +1295,20 @@ def _regexMatch(regex, text):
return pattern.search(text) is not None
def _getConfigurationList() -> [WireguardConfiguration]:
configurations = {}
def _getConfigurationList():
# configurations = {}
for i in os.listdir(WG_CONF_PATH):
if _regexMatch("^(.{1,}).(conf)$", i):
i = i.replace('.conf', '')
try:
configurations[i] = WireguardConfiguration(i)
if i in WireguardConfigurations.keys():
if WireguardConfigurations[i].configurationFileChanged():
WireguardConfigurations[i] = WireguardConfiguration(i)
else:
WireguardConfigurations[i] = WireguardConfiguration(i)
except WireguardConfiguration.InvalidConfigurationFileException as e:
print(f"{i} have an invalid configuration file.")
return configurations
def _checkIPWithRange(ip):
@@ -1354,8 +1369,7 @@ def _generatePrivateKey() -> [bool, str]:
except subprocess.CalledProcessError:
return False, None
def _getWireguardConfigurationAvailableIP(configName: str) -> tuple[bool, list[str]] | tuple[bool, None]:
def _getWireguardConfigurationAvailableIP(configName: str, all: bool = False) -> tuple[bool, list[str]] | tuple[bool, None]:
if configName not in WireguardConfigurations.keys():
return False, None
configuration = WireguardConfigurations[configName]
@@ -1387,8 +1401,9 @@ def _getWireguardConfigurationAvailableIP(configName: str) -> tuple[bool, list[s
if h not in existedAddress:
availableAddress.append(ipaddress.ip_network(h).compressed)
count += 1
if network.version == 6 and count > 255:
break
if not all:
if network.version == 6 and count > 255:
break
return True, availableAddress
return False, None
@@ -1534,7 +1549,7 @@ def API_SignOut():
@app.route(f'{APP_PREFIX}/api/getWireguardConfigurations', methods=["GET"])
def API_getWireguardConfigurations():
# WireguardConfigurations = _getConfigurationList()
_getConfigurationList()
return ResponseObject(data=[wc for wc in WireguardConfigurations.values()])
@@ -1841,17 +1856,7 @@ def API_addPeers(configName):
if i not in availableIps[1]:
return ResponseObject(False, f"This IP is not available: {i}")
config.addPeers([{"id": public_key, "allowed_ip": ''.join(allowed_ips)}])
# subprocess.check_output(
# f"wg set {config.Name} peer {public_key} allowed-ips {''.join(allowed_ips)}",
# shell=True, stderr=subprocess.STDOUT)
# if len(preshared_key) > 0:
# subprocess.check_output(
# f"wg set {config.Name} peer {public_key} preshared-key {preshared_key}",
# shell=True, stderr=subprocess.STDOUT)
# subprocess.check_output(
# f"wg-quick save {config.Name}", shell=True, stderr=subprocess.STDOUT)
# config.getPeersList()
config.addPeers([{"id": public_key, "allowed_ip": ','.join(allowed_ips)}])
found, peer = config.searchPeer(public_key)
if found:
return peer.updatePeer(name, private_key, preshared_key, dns_addresses, ",".join(allowed_ips),
@@ -2188,7 +2193,7 @@ _, WG_CONF_PATH = DashboardConfig.GetConfig("Server", "wg_conf_path")
WireguardConfigurations: dict[str, WireguardConfiguration] = {}
WireguardConfigurations = _getConfigurationList()
_getConfigurationList()
def startThreads():
bgThread = threading.Thread(target=backGroundThread)

34
src/entrypoint.sh Normal file
View File

@@ -0,0 +1,34 @@
#!/bin/bash
echo "Starting the WireGuard Dashboard Docker container."
clean_up() {
# Cleaning out previous data such as the .pid file and starting the WireGuard Dashboard. Making sure to use the python venv.
echo "Looking for remains of previous instances..."
if [ -f "/opt/wireguarddashboard/app/src/gunicorn.pid" ]; then
echo "Found old .pid file, removing."
rm /opt/wireguarddashboard/app/src/gunicorn.pid
else
echo "No remains found, continuing."
fi
}
ensure_blocking() {
sleep 1s
echo "Ensuring container continuation."
# This function checks if the latest error log is created and tails it for docker logs uses.
if find "/opt/wireguarddashboard/src/log" -mindepth 1 -maxdepth 1 -type f | read -r; then
latestErrLog=$(find /opt/wireguarddashboard/src/log -name "error_*.log" | head -n 1)
latestAccLog=$(find /opt/wireguarddashboard/src/log -name "access_*.log" | head -n 1)
tail -f "${latestErrLog}" "${latestAccLog}"
fi
# Blocking command in case of erroring. So the container does not quit.
sleep infinity
}
{ date; clean_up; printf "\n\n"; } >> ./log/install.txt
chmod u+x /opt/wireguarddashboard/src/wgd.sh
/opt/wireguarddashboard/src/wgd.sh install
/opt/wireguarddashboard/src/wgd.sh docker_start
ensure_blocking

13
src/iptable-rules/postdown.sh Normal file
View File

@@ -0,0 +1,13 @@
#!/bin/bash
WIREGUARD_INTERFACE=ADMINS
WIREGUARD_LAN=10.0.0.1/24
MASQUERADE_INTERFACE=eth0
CHAIN_NAME="WIREGUARD_$WIREGUARD_INTERFACE"
iptables -t nat -D POSTROUTING -o $MASQUERADE_INTERFACE -j MASQUERADE -s $WIREGUARD_LAN
# Remove and delete the WIREGUARD_wg0 chain
iptables -D FORWARD -j $CHAIN_NAME
iptables -F $CHAIN_NAME
iptables -X $CHAIN_NAME

26
src/iptable-rules/postup.sh Normal file
View File

@@ -0,0 +1,26 @@
#!/bin/bash
WIREGUARD_INTERFACE=ADMINS
WIREGUARD_LAN=10.0.0.1/24
MASQUERADE_INTERFACE=eth0
iptables -t nat -I POSTROUTING -o $MASQUERADE_INTERFACE -j MASQUERADE -s $WIREGUARD_LAN
# Add a WIREGUARD_wg0 chain to the FORWARD chain
CHAIN_NAME="WIREGUARD_$WIREGUARD_INTERFACE"
iptables -N $CHAIN_NAME
iptables -A FORWARD -j $CHAIN_NAME
# Accept related or established traffic
iptables -A $CHAIN_NAME -o $WIREGUARD_INTERFACE -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# Accept traffic from any Wireguard IP address connected to the Wireguard server
iptables -A $CHAIN_NAME -s $WIREGUARD_LAN -i $WIREGUARD_INTERFACE -j ACCEPT
# Allow traffic to the local loopback interface
iptables -A $CHAIN_NAME -o lo -j ACCEPT
# Drop everything else coming through the Wireguard interface
iptables -A $CHAIN_NAME -i $WIREGUARD_INTERFACE -j DROP
# Return to FORWARD chain
iptables -A $CHAIN_NAME -j RETURN

100
src/wgd.sh
View File

@@ -65,10 +65,6 @@ _determineOS(){
OS=$ID
elif [ -f /etc/redhat-release ]; then
OS="redhat"
elif [ -f /etc/alpine-release ]; then
OS="alpine"
# elif [ -f /etc/arch-release ]; then
# OS="arch"
else
printf "[WGDashboard] %s Sorry, your OS is not supported. Currently the install script only support Debian-based, Red Hat-based OS. With experimental support for Alpine Linux.\n" "$heavy_crossmark"
printf "%s\n" "$helpMsg"
@@ -131,18 +127,6 @@ _installPythonVenv(){
ubuntu|debian)
{ sudo apt-get update; sudo apt-get install ${pythonExecutable}-venv; } &>> ./log/install.txt
;;
# centos|fedora|redhat|rhel)
# if command -v dnf &> /dev/null; then
# { sudo dnf install -y ${pythonExecutable}-virtualenv; printf "\n\n"; } >> ./log/install.txt
# else
# { sudo yum install -y ${pythonExecutable}-virtualenv; printf "\n\n"; } >> ./log/install.txt
# fi
# ;;
# *)
# printf "[WGDashboard] %s Sorry, your OS is not supported. Currently the install script only support Debian-based, Red Hat-based OS.\n" "$heavy_crossmark"
# printf "%s\n" "$helpMsg"
# kill $TOP_PID
# ;;
esac
fi
@@ -275,16 +259,17 @@ install_wgd(){
_checkPythonVersion
_installPythonVenv
_installPythonPip
_checkWireguard
_checkWireguard
sudo chmod -R 755 /etc/wireguard/
if [ ! -d "db" ]
then
printf "[WGDashboard] Creating ./db folder\n"
mkdir "db"
then
printf "[WGDashboard] Creating ./db folder\n"
mkdir "db"
fi
_check_and_set_venv
printf "[WGDashboard] Upgrading Python Package Manage (PIP)\n"
{ date; python3 -m ensurepip --upgrade; printf "\n\n"; } >> ./log/install.txt
{ date; python3 -m pip install --upgrade pip; printf "\n\n"; } >> ./log/install.txt
printf "[WGDashboard] Installing latest Python dependencies\n"
{ date; python3 -m pip install -r requirements.txt ; printf "\n\n"; } >> ./log/install.txt #This all works on the default installation.
@@ -309,11 +294,11 @@ check_wgd_status(){
}
certbot_create_ssl () {
certbot certonly --config ./certbot.ini --email "$EMAIL" --work-dir $cb_work_dir --config-dir $cb_config_dir --domain "$SERVERURL"
certbot certonly --config ./certbot.ini --email "$EMAIL" --work-dir $cb_work_dir --config-dir $cb_config_dir --domain "$SERVERURL"
}
certbot_renew_ssl () {
certbot renew --work-dir $cb_work_dir --config-dir $cb_config_dir
certbot renew --work-dir $cb_work_dir --config-dir $cb_config_dir
}
gunicorn_start () {
@@ -340,7 +325,7 @@ gunicorn_start () {
}
gunicorn_stop () {
sudo kill $(cat ./gunicorn.pid)
sudo kill $(cat ./gunicorn.pid)
}
start_wgd () {
@@ -349,23 +334,70 @@ start_wgd () {
}
stop_wgd() {
if test -f "$PID_FILE"; then
gunicorn_stop
else
kill "$(ps aux | grep "[p]ython3 $app_name" | awk '{print $2}')"
fi
if test -f "$PID_FILE"; then
gunicorn_stop
else
kill "$(ps aux | grep "[p]ython3 $app_name" | awk '{print $2}')"
fi
}
startwgd_docker() {
_checkWireguard
printf "[WGDashboard][Docker] WireGuard configuration started\n"
{ date; start_core ; printf "\n\n"; } >> ./log/install.txt
gunicorn_start
}
start_core() {
local iptable_dir="/opt/wireguarddashboard/src/iptable-rules"
# Check if wg0.conf exists in /etc/wireguard
if [[ ! -f /etc/wireguard/wg0.conf ]]; then
echo "[WGDashboard][Docker] wg0.conf not found. Running generate configuration."
newconf_wgd
else
echo "[WGDashboard][Docker] wg0.conf already exists. Skipping WireGuard configuration generation."
fi
# Re-assign config_files to ensure it includes any newly created configurations
local config_files=$(find /etc/wireguard -type f -name "*.conf")
# Set file permissions
find /etc/wireguard -type f -name "*.conf" -exec chmod 600 {} \;
find "$iptable_dir" -type f -name "*.sh" -exec chmod +x {} \;
# Start WireGuard for each config file
for file in $config_files; do
config_name=$(basename "$file" ".conf")
wg-quick up "$config_name"
done
}
newconf_wgd() {
local wg_port_listen=$wg_port
local wg_addr_range=$wg_net
private_key=$(wg genkey)
public_key=$(echo "$private_key" | wg pubkey)
cat <<EOF >"/etc/wireguard/wg0.conf"
[Interface]
PrivateKey = $private_key
Address = $wg_addr_range
ListenPort = $wg_port_listen
SaveConfig = true
PostUp = /opt/wireguarddashboard/src/iptable-rules/postup.sh
PreDown = /opt/wireguarddashboard/src/iptable-rules/postdown.sh
EOF
}
start_wgd_debug() {
printf "%s\n" "$dashes"
_checkWireguard
printf "[WGDashboard] Starting WGDashboard in the foreground.\n"
sudo "$venv_python" "$app_name"
printf "%s\n" "$dashes"
printf "%s\n" "$dashes"
_checkWireguard
printf "[WGDashboard] Starting WGDashboard in the foreground.\n"
sudo "$venv_python" "$app_name"
printf "%s\n" "$dashes"
}
update_wgd() {
_determineOS
if ! python3 --version > /dev/null 2>&1
then