Compare commits

..

2 Commits

Author SHA1 Message Date
Daan Selen
ed896b6545 refac: intermediate commit 2025-09-20 01:02:58 +02:00
Daan Selen
6bebe89202 refac: rewrite first part of dashboard.py 2025-09-20 00:10:19 +02:00
8 changed files with 1245 additions and 971 deletions

View File

@@ -8,24 +8,24 @@ updates:
- package-ecosystem: "pip"
directory: "/src"
schedule:
interval: "weekly"
interval: "daily"
- package-ecosystem: "npm"
directory: "/src/static/app"
schedule:
interval: "weekly"
interval: "daily"
- package-ecosystem: "github-actions"
directory: "/.github"
schedule:
interval: "weekly"
interval: "daily"
- package-ecosystem: "docker"
directory: "/docker"
schedule:
interval: "weekly"
interval: "daily"
- package-ecosystem: "docker-compose"
directory: "/docker"
schedule:
interval: "weekly"
interval: "daily"

1
.gitignore vendored
View File

@@ -19,6 +19,7 @@ node_modules/**
*/proxy.js
src/static/app/proxy.js
.secrets
*.pid
# Logs
logs

View File

@@ -13,15 +13,15 @@ hash_password() {
set_ini() {
local section="$1" key="$2" value="$3"
local current_value
# Add section if it doesn't exist
grep -q "^\[${section}\]" "$config_file" \
|| printf "\n[%s]\n" "${section}" >> "$config_file"
# Check current value if key exists
if grep -q "^[[:space:]]*${key}[[:space:]]*=" "$config_file"; then
current_value=$(grep "^[[:space:]]*${key}[[:space:]]*=" "$config_file" | cut -d= -f2- | xargs)
# Don't display actual value if it's a password field
if [[ "$key" == *"password"* ]]; then
if [ "$current_value" = "$value" ]; then
@@ -40,7 +40,7 @@ set_ini() {
fi
else
sed -i "/^\[${section}\]/a ${key} = ${value}" "$config_file"
# Don't display actual value if it's a password field
if [[ "$key" == *"password"* ]]; then
echo "- Added new setting $key (value hidden)"
@@ -61,58 +61,58 @@ echo "Starting the WGDashboard Docker container."
ensure_installation() {
echo "Quick-installing..."
# Make the wgd.sh script executable.
chmod +x "${WGDASH}"/src/wgd.sh
cd "${WGDASH}"/src || exit
# Github issue: https://github.com/donaldzou/WGDashboard/issues/723
echo "Checking for stale pids..."
if [[ -f ${WGDASH}/src/gunicorn.pid ]]; then
echo "Found stale pid, removing..."
rm ${WGDASH}/src/gunicorn.pid
fi
# Removing clear shell command from the wgd.sh script to enhance docker logging.
echo "Removing clear command from wgd.sh for better Docker logging."
sed -i '/clear/d' ./wgd.sh
# Create required directories and links
if [ ! -d "/data/db" ]; then
echo "Creating database dir"
mkdir -p /data/db
fi
if [ ! -d "${WGDASH}/src/db" ]; then
ln -s /data/db "${WGDASH}/src/db"
fi
if [ ! -f "${config_file}" ]; then
echo "Creating wg-dashboard.ini file"
touch "${config_file}"
fi
if [ ! -f "${WGDASH}/src/wg-dashboard.ini" ]; then
ln -s "${config_file}" "${WGDASH}/src/wg-dashboard.ini"
fi
# Create the Python virtual environment.
. "${WGDASH}/src/venv/bin/activate"
# Use the bash interpreter to install WGDashboard according to the wgd.sh script.
/bin/bash ./wgd.sh install
echo "Looks like the installation succeeded. Moving on."
# Setup WireGuard if needed
if [ -z "$(ls -A /etc/wireguard)" ]; then
if [ ! -f "/etc/wireguard/wg0.conf" ]; then
cp -a "/configs/wg0.conf.template" "/etc/wireguard/wg0.conf"
echo "Setting a secure private key."
local privateKey
privateKey=$(wg genkey)
sed -i "s|^PrivateKey *=.*$|PrivateKey = ${privateKey}|g" /etc/wireguard/wg0.conf
echo "Done setting template."
else
echo "Existing wg0 configuration file found, using that."
@@ -121,51 +121,51 @@ ensure_installation() {
set_envvars() {
printf "\n------------- SETTING ENVIRONMENT VARIABLES ----------------\n"
# Check if config file is empty
if [ ! -s "${config_file}" ]; then
echo "Config file is empty. Creating initial structure."
fi
echo "Checking basic configuration:"
set_ini Peers peer_global_dns "${global_dns}"
if [ -z "${public_ip}" ]; then
public_ip=$(curl -s ifconfig.me)
echo "Automatically detected public IP: ${public_ip}"
fi
set_ini Peers remote_endpoint "${public_ip}"
set_ini Server app_port "${wgd_port}"
# Account settings - process all parameters
[[ -n "$username" ]] && echo "Configuring user account:"
# Basic account variables
[[ -n "$username" ]] && set_ini Account username "${username}"
if [[ -n "$password" ]]; then
echo "- Setting password"
set_ini Account password "$(hash_password "${password}")"
fi
# Additional account variables
[[ -n "$enable_totp" ]] && set_ini Account enable_totp "${enable_totp}"
[[ -n "$totp_verified" ]] && set_ini Account totp_verified "${totp_verified}"
[[ -n "$totp_key" ]] && set_ini Account totp_key "${totp_key}"
# Welcome session
[[ -n "$welcome_session" ]] && set_ini Other welcome_session "${welcome_session}"
# If username and password are set but welcome_session isn't, disable it
if [[ -n "$username" && -n "$password" && -z "$welcome_session" ]]; then
set_ini Other welcome_session "false"
fi
# Autostart WireGuard
if [[ -n "$wg_autostart" ]]; then
echo "Configuring WireGuard autostart:"
set_ini WireGuardConfiguration autostart "${wg_autostart}"
fi
# Email (check if any settings need to be configured)
email_vars=("email_server" "email_port" "email_encryption" "email_username" "email_password" "email_from" "email_template")
for var in "${email_vars[@]}"; do
@@ -174,12 +174,12 @@ set_envvars() {
break
fi
done
# Email (iterate through all possible fields)
email_fields=("server:email_server" "port:email_port" "encryption:email_encryption"
"username:email_username" "email_password:email_password"
"send_from:email_from" "email_template:email_template")
for field_pair in "${email_fields[@]}"; do
IFS=: read -r field var <<< "$field_pair"
[[ -n "${!var}" ]] && set_ini Email "$field" "${!var}"
@@ -189,7 +189,7 @@ set_envvars() {
# Start service and monitor logs
start_and_monitor() {
printf "\n---------------------- STARTING CORE -----------------------\n"
# Due to some instances complaining about this, making sure its there every time.
mkdir -p /dev/net
mknod /dev/net/tun c 10 200
@@ -198,15 +198,15 @@ start_and_monitor() {
# Actually starting WGDashboard
echo "Activating Python venv and executing the WireGuard Dashboard service."
bash ./wgd.sh start
# Wait a second before continuing, to give the python program some time to get ready.
sleep 1
echo -e "\nEnsuring container continuation."
# Find and monitor log file
local logdir="${WGDASH}/src/log"
latestErrLog=$(find "$logdir" -name "error_*.log" -type f -print | sort -r | head -n 1)
# Only tail the logs if they are found
if [ -n "$latestErrLog" ]; then
tail -f "$latestErrLog" &
@@ -221,4 +221,4 @@ start_and_monitor() {
# Main execution flow
ensure_installation
set_envvars
start_and_monitor
start_and_monitor

View File

@@ -1,27 +1,45 @@
# --- Standard library imports ---
import configparser
import hashlib
import ipaddress
import json
import logging
import random, shutil, sqlite3, configparser, hashlib, ipaddress, json, os, secrets, subprocess
import time, re, uuid, bcrypt, psutil, pyotp, threading
import os
import random
import re
import secrets
import shutil
import sqlite3
import subprocess
import threading
import time
import traceback
import uuid
from datetime import datetime, timedelta
from itertools import islice
from uuid import uuid4
from zipfile import ZipFile
from datetime import datetime, timedelta
# --- Third-party imports ---
import bcrypt
import psutil
import pyotp
import sqlalchemy
from jinja2 import Template
from flask import Flask, request, render_template, session, send_file
from flask import Flask, request, render_template, session, send_file, Response
from flask_cors import CORS
from icmplib import ping, traceroute
from flask.json.provider import DefaultJSONProvider
from itertools import islice
from icmplib import ping, traceroute
from jinja2 import Template
from packaging import version
from sqlalchemy import RowMapping
# --- Local module imports ---
from client import createClientBlueprint
from modules.Utilities import (
RegexMatch, StringToBoolean,
ValidateIPAddressesWithRange, ValidateDNSAddress,
GenerateWireguardPublicKey, GenerateWireguardPrivateKey
)
from packaging import version
from modules.Email import EmailSender
from modules.DashboardLogger import DashboardLogger
from modules.PeerJob import PeerJob
@@ -31,16 +49,15 @@ from modules.PeerJobs import PeerJobs
from modules.DashboardConfig import DashboardConfig
from modules.WireguardConfiguration import WireguardConfiguration
from modules.AmneziaWireguardConfiguration import AmneziaWireguardConfiguration
from client import createClientBlueprint
from logging.config import dictConfig
from modules.DashboardClients import DashboardClients
from modules.DashboardPlugins import DashboardPlugins
from modules.DashboardWebHooks import DashboardWebHooks
from modules.NewConfigurationTemplates import NewConfigurationTemplates
# --- Logging configuration ---
from logging.config import dictConfig
class CustomJsonEncoder(DefaultJSONProvider):
def __init__(self, app):
super().__init__(app)
@@ -55,7 +72,6 @@ class CustomJsonEncoder(DefaultJSONProvider):
return super().default(self)
'''
Response Object
'''
@@ -195,12 +211,12 @@ with app.app_context():
EmailSender = EmailSender(DashboardConfig)
AllPeerShareLinks: PeerShareLinks = PeerShareLinks(DashboardConfig, WireguardConfigurations)
AllPeerJobs: PeerJobs = PeerJobs(DashboardConfig, WireguardConfigurations)
DashboardLogger: DashboardLogger = DashboardLogger()
DashboardPlugins: DashboardPlugins = DashboardPlugins(app, WireguardConfigurations)
DashboardWebHooks: DashboardWebHooks = DashboardWebHooks(DashboardConfig)
NewConfigurationTemplates: NewConfigurationTemplates = NewConfigurationTemplates()
DashboardLogger = DashboardLogger()
DashboardPlugins = DashboardPlugins(app, WireguardConfigurations)
DashboardWebHooks = DashboardWebHooks(DashboardConfig)
NewConfigurationTemplates = NewConfigurationTemplates()
InitWireguardConfigurationsList(startup=True)
DashboardClients: DashboardClients = DashboardClients(WireguardConfigurations)
DashboardClients = DashboardClients(WireguardConfigurations)
app.register_blueprint(createClientBlueprint(WireguardConfigurations, DashboardConfig, DashboardClients))
_, APP_PREFIX = DashboardConfig.GetConfig("Server", "app_prefix")
@@ -213,32 +229,103 @@ _, app_ip = DashboardConfig.GetConfig("Server", "app_ip")
_, app_port = DashboardConfig.GetConfig("Server", "app_port")
_, WG_CONF_PATH = DashboardConfig.GetConfig("Server", "wg_conf_path")
'''
API Routes
'''
def _enforce_session_auth():
"""Enforce session authentication for non-API key access."""
white_list = [
'/static/',
'validateAuthentication',
'authenticate',
'getDashboardConfiguration',
'getDashboardTheme',
'getDashboardVersion',
'sharePeer/get',
'isTotpEnabled',
'locale',
'/fileDownload',
'/client'
]
path_ok = (
("username" in session and session.get("role") == "admin")
or (f"{APP_PREFIX}/" == request.path or f"{APP_PREFIX}" == request.path)
or not all(sub not in request.path for sub in white_list)
)
if not path_ok:
response = Flask.make_response(app, {
"status": False,
"message": "Unauthorized access.",
"data": None
})
response.content_type = "application/json"
response.status_code = 401
return response
def _login_with_token(key):
auth_token = hashlib.sha256(f"{key}{datetime.now()}".encode()).hexdigest()
session.update({'role': 'admin', 'username': auth_token})
session.permanent = True
resp = ResponseObject(True, DashboardConfig.GetConfig("Other", "welcome_session")[1])
resp.set_cookie("authToken", auth_token)
return resp
def _login_with_credentials(data):
username = data.get('username')
password = data.get('password')
totp_code = data.get('totp')
valid_password = bcrypt.checkpw(password.encode("utf-8"),
DashboardConfig.GetConfig("Account", "password")[1].encode("utf-8"))
totp_enabled = DashboardConfig.GetConfig("Account", "enable_totp")[1]
totp_valid = pyotp.TOTP(DashboardConfig.GetConfig("Account", "totp_key")[1]).now() == totp_code if totp_enabled else True
if username == DashboardConfig.GetConfig("Account", "username")[1] and valid_password and totp_valid:
auth_token = hashlib.sha256(f"{username}{datetime.now()}".encode()).hexdigest()
session.update({'role': 'admin', 'username': auth_token})
session.permanent = True
DashboardLogger.log(str(request.url), str(request.remote_addr), Message=f"Login success: {username}")
resp = ResponseObject(True, DashboardConfig.GetConfig("Other", "welcome_session")[1])
resp.set_cookie("authToken", auth_token)
return resp
DashboardLogger.log(str(request.url), str(request.remote_addr), Message=f"Login failed: {username}")
msg = "Sorry, your username, password or OTP is incorrect." if totp_enabled else "Sorry, your username or password is incorrect."
return ResponseObject(False, msg)
@app.before_request
def auth_req():
# Skip preflight requests
if request.method.lower() == 'options':
return ResponseObject(True)
return ResponseObject(True)
DashboardConfig.APIAccessed = False
# Logging
if "api" in request.path:
if str(request.method) == "GET":
DashboardLogger.log(str(request.url), str(request.remote_addr), Message=str(request.args))
elif str(request.method) == "POST":
DashboardLogger.log(str(request.url), str(request.remote_addr), Message=f"Request Args: {str(request.args)} Body:{str(request.get_json())}")
authenticationRequired = DashboardConfig.GetConfig("Server", "auth_req")[1]
d = request.headers
if authenticationRequired:
apiKey = d.get('wg-dashboard-apikey')
apiKeyEnabled = DashboardConfig.GetConfig("Server", "dashboard_api_key")[1]
if apiKey is not None and len(apiKey) > 0 and apiKeyEnabled:
apiKeyExist = len(list(filter(lambda x : x.Key == apiKey, DashboardConfig.DashboardAPIKeys))) == 1
DashboardLogger.log(str(request.url), str(request.remote_addr), Message=f"API Key Access: {('true' if apiKeyExist else 'false')} - Key: {apiKey}")
if not apiKeyExist:
log_message = str(request.args) if request.method.upper() == "GET" else f"Request Args: {str(request.args)} Body:{str(request.get_json())}"
DashboardLogger.log(str(request.url), str(request.remote_addr), Message=log_message)
authentication_required = DashboardConfig.GetConfig("Server", "auth_req")[1]
headers = request.headers
if authentication_required:
api_key = headers.get('wg-dashboard-apikey')
api_key_enabled = DashboardConfig.GetConfig("Server", "dashboard_api_key")[1]
# API key authentication
if api_key and api_key_enabled:
api_key_exists = any(k.Key == api_key for k in DashboardConfig.DashboardAPIKeys)
DashboardLogger.log(str(request.url), str(request.remote_addr), Message=f"API Key Access: {api_key_exists} - Key: {api_key}")
if not api_key_exists:
DashboardConfig.APIAccessed = False
response = Flask.make_response(app, {
"status": False,
@@ -248,84 +335,49 @@ def auth_req():
response.content_type = "application/json"
response.status_code = 401
return response
DashboardConfig.APIAccessed = True
else:
DashboardConfig.APIAccessed = False
whiteList = [
'/static/', 'validateAuthentication', 'authenticate', 'getDashboardConfiguration',
'getDashboardTheme', 'getDashboardVersion', 'sharePeer/get', 'isTotpEnabled', 'locale',
'/fileDownload',
'/client'
]
if (("username" not in session or session.get("role") != "admin")
and (f"{(APP_PREFIX if len(APP_PREFIX) > 0 else '')}/" != request.path
and f"{(APP_PREFIX if len(APP_PREFIX) > 0 else '')}" != request.path)
and len(list(filter(lambda x : x not in request.path, whiteList))) == len(whiteList)
):
response = Flask.make_response(app, {
"status": False,
"message": "Unauthorized access.",
"data": None
})
response.content_type = "application/json"
response.status_code = 401
return response
_enforce_session_auth()
@app.route(f'{APP_PREFIX}/api/handshake', methods=["GET", "OPTIONS"])
def API_Handshake():
return ResponseObject(True)
@app.get(f'{APP_PREFIX}/api/validateAuthentication')
def API_ValidateAuthentication():
token = request.cookies.get("authToken")
if DashboardConfig.GetConfig("Server", "auth_req")[1]:
if token is None or token == "" or "username" not in session or session["username"] != token:
return ResponseObject(False, "Invalid authentication.")
auth_required = DashboardConfig.GetConfig("Server", "auth_req")[1]
if auth_required and (not token or "username" not in session or session["username"] != token):
return ResponseObject(False, "Invalid authentication.",
status_code=401)
return ResponseObject(True)
@app.get(f'{APP_PREFIX}/api/requireAuthentication')
def API_RequireAuthentication():
return ResponseObject(data=DashboardConfig.GetConfig("Server", "auth_req")[1])
@app.post(f'{APP_PREFIX}/api/authenticate')
def API_AuthenticateLogin():
data = request.get_json()
if not DashboardConfig.GetConfig("Server", "auth_req")[1]:
return ResponseObject(True, DashboardConfig.GetConfig("Other", "welcome_session")[1])
if DashboardConfig.APIAccessed:
authToken = hashlib.sha256(f"{request.headers.get('wg-dashboard-apikey')}{datetime.now()}".encode()).hexdigest()
session['role'] = 'admin'
session['username'] = authToken
resp = ResponseObject(True, DashboardConfig.GetConfig("Other", "welcome_session")[1])
resp.set_cookie("authToken", authToken)
session.permanent = True
return resp
valid = bcrypt.checkpw(data['password'].encode("utf-8"),
DashboardConfig.GetConfig("Account", "password")[1].encode("utf-8"))
totpEnabled = DashboardConfig.GetConfig("Account", "enable_totp")[1]
totpValid = False
if totpEnabled:
totpValid = pyotp.TOTP(DashboardConfig.GetConfig("Account", "totp_key")[1]).now() == data['totp']
auth_req = DashboardConfig.GetConfig("Server", "auth_req")[1]
if (valid
and data['username'] == DashboardConfig.GetConfig("Account", "username")[1]
and ((totpEnabled and totpValid) or not totpEnabled)
):
authToken = hashlib.sha256(f"{data['username']}{datetime.now()}".encode()).hexdigest()
session['role'] = 'admin'
session['username'] = authToken
resp = ResponseObject(True, DashboardConfig.GetConfig("Other", "welcome_session")[1])
resp.set_cookie("authToken", authToken)
session.permanent = True
DashboardLogger.log(str(request.url), str(request.remote_addr), Message=f"Login success: {data['username']}")
return resp
DashboardLogger.log(str(request.url), str(request.remote_addr), Message=f"Login failed: {data['username']}")
if totpEnabled:
return ResponseObject(False, "Sorry, your username, password or OTP is incorrect.")
else:
return ResponseObject(False, "Sorry, your username or password is incorrect.")
if not auth_req:
return ResponseObject(True, DashboardConfig.GetConfig("Other", "welcome_session")[1])
# API key login
if DashboardConfig.APIAccessed:
return _login_with_token(request.headers.get('wg-dashboard-apikey'))
# User login
return _login_with_credentials(data)
@app.get(f'{APP_PREFIX}/api/signout')
def API_SignOut():
@@ -337,7 +389,7 @@ def API_SignOut():
@app.get(f'{APP_PREFIX}/api/getWireguardConfigurations')
def API_getWireguardConfigurations():
InitWireguardConfigurationsList()
return ResponseObject(data=[wc for wc in WireguardConfigurations.values()])
return ResponseObject(data=list(WireguardConfigurations.values()))
@app.get(f'{APP_PREFIX}/api/newConfigurationTemplates')
def API_NewConfigurationTemplates():
@@ -350,193 +402,255 @@ def API_NewConfigurationTemplates_CreateTemplate():
@app.post(f'{APP_PREFIX}/api/newConfigurationTemplates/updateTemplate')
def API_NewConfigurationTemplates_UpdateTemplate():
data = request.get_json()
template = data.get('Template', None)
template = data.get('Template')
if not template:
return ResponseObject(False, "Please provide template")
return ResponseObject(False, "Please provide template",
status_code=400)
status, msg = NewConfigurationTemplates.UpdateTemplate(template)
return ResponseObject(status, msg)
@app.post(f'{APP_PREFIX}/api/newConfigurationTemplates/deleteTemplate')
def API_NewConfigurationTemplates_DeleteTemplate():
data = request.get_json()
template = data.get('Template', None)
if not template:
return ResponseObject(False, "Please provide template")
template = data.get('Template')
if not template:
return ResponseObject(False, "Please provide template",
status_code=400)
status, msg = NewConfigurationTemplates.DeleteTemplate(template)
return ResponseObject(status, msg)
@app.post(f'{APP_PREFIX}/api/addWireguardConfiguration')
def API_addWireguardConfiguration():
data = request.get_json()
requiredKeys = [
"ConfigurationName", "Address", "ListenPort", "PrivateKey", "Protocol"
]
for i in requiredKeys:
if i not in data.keys():
return ResponseObject(False, "Please provide all required parameters.")
if data.get("Protocol") not in ProtocolsEnabled():
return ResponseObject(False, "Please provide a valid protocol: wg / awg.")
protocol = data.get("Protocol")
# Check duplicate names, ports, address
for i in WireguardConfigurations.values():
if i.Name == data['ConfigurationName']:
return ResponseObject(False,
f"Already have a configuration with the name \"{data['ConfigurationName']}\"",
"ConfigurationName")
required_keys = {"ConfigurationName", "Address", "ListenPort", "PrivateKey", "Protocol"}
if not required_keys.issubset(data.keys()):
return ResponseObject(False, "Please provide all required parameters.", status_code=400)
if str(i.ListenPort) == str(data["ListenPort"]):
return ResponseObject(False,
f"Already have a configuration with the port \"{data['ListenPort']}\"",
"ListenPort")
if protocol not in ProtocolsEnabled():
return ResponseObject(False, "Please provide a valid protocol: wg / awg.", status_code=400)
if i.Address == data["Address"]:
return ResponseObject(False,
f"Already have a configuration with the address \"{data['Address']}\"",
"Address")
if "Backup" in data.keys():
path = {
"wg": DashboardConfig.GetConfig("Server", "wg_conf_path")[1],
"awg": DashboardConfig.GetConfig("Server", "awg_conf_path")[1]
for cfg in WireguardConfigurations.values():
duplicates = {
"ConfigurationName": cfg.Name == data['ConfigurationName'],
"ListenPort": str(cfg.ListenPort) == str(data["ListenPort"]),
"Address": cfg.Address == data["Address"]
}
if (os.path.exists(os.path.join(path['wg'], 'WGDashboard_Backup', data["Backup"])) and
os.path.exists(os.path.join(path['wg'], 'WGDashboard_Backup', data["Backup"].replace('.conf', '.sql')))):
protocol = "wg"
elif (os.path.exists(os.path.join(path['awg'], 'WGDashboard_Backup', data["Backup"])) and
os.path.exists(os.path.join(path['awg'], 'WGDashboard_Backup', data["Backup"].replace('.conf', '.sql')))):
protocol = "awg"
else:
return ResponseObject(False, "Backup does not exist")
for key, is_duplicate in duplicates.items():
if is_duplicate:
return ResponseObject(
False,
f"Already have a configuration with the {key.lower()} \"{data[key]}\"",
key,
status_code=400
)
paths = {
"wg": DashboardConfig.GetConfig("Server", "wg_conf_path")[1],
"awg": DashboardConfig.GetConfig("Server", "awg_conf_path")[1]
}
if "Backup" in data:
backup_file = data["Backup"]
protocol_detected = None
for proto, base_path in paths.items():
conf_path = os.path.join(base_path, 'WGDashboard_Backup', backup_file)
sql_path = os.path.join(base_path, 'WGDashboard_Backup', backup_file.replace('.conf', '.sql'))
if os.path.exists(conf_path) and os.path.exists(sql_path):
protocol_detected = proto
break
if not protocol_detected:
return ResponseObject(False, "Backup does not exist", status_code=400)
shutil.copy(
os.path.join(path[protocol], 'WGDashboard_Backup', data["Backup"]),
os.path.join(path[protocol], f'{data["ConfigurationName"]}.conf')
os.path.join(paths[protocol_detected], 'WGDashboard_Backup', backup_file),
os.path.join(paths[protocol_detected], f'{data["ConfigurationName"]}.conf')
)
WireguardConfigurations[data['ConfigurationName']] = (
WireguardConfiguration(DashboardConfig, AllPeerJobs, AllPeerShareLinks, data=data, name=data['ConfigurationName'])) if protocol == 'wg' else (
AmneziaWireguardConfiguration(DashboardConfig, AllPeerJobs, AllPeerShareLinks, DashboardWebHooks, data=data, name=data['ConfigurationName']))
protocol = protocol_detected # Use backup protocol
else:
WireguardConfigurations[data['ConfigurationName']] = (
WireguardConfiguration(DashboardConfig, AllPeerJobs, AllPeerShareLinks, DashboardWebHooks, data=data)) if data.get('Protocol') == 'wg' else (
AmneziaWireguardConfiguration(DashboardConfig, AllPeerJobs, AllPeerShareLinks, DashboardWebHooks, data=data))
conf_path = os.path.join(paths[protocol], f'{data["ConfigurationName"]}.conf')
if not os.path.exists(conf_path):
with open(conf_path, 'w') as f:
f.write(
f"[Interface]\n"
f"Address = {data['Address']}\n"
f"ListenPort = {data['ListenPort']}\n"
f"PrivateKey = {data['PrivateKey']}\n"
)
os.chmod(conf_path, 0o600) # secure file permissions
ConfigClass = WireguardConfiguration if protocol == "wg" else AmneziaWireguardConfiguration
WireguardConfigurations[data['ConfigurationName']] = ConfigClass(
DashboardConfig, AllPeerJobs, AllPeerShareLinks, DashboardWebHooks,
data=data, name=data['ConfigurationName']
)
return ResponseObject()
@app.get(f'{APP_PREFIX}/api/toggleWireguardConfiguration')
def API_toggleWireguardConfiguration():
configurationName = request.args.get('configurationName')
if configurationName is None or len(
configurationName) == 0 or configurationName not in WireguardConfigurations.keys():
return ResponseObject(False, "Please provide a valid configuration name", status_code=404)
toggleStatus, msg = WireguardConfigurations[configurationName].toggleConfiguration()
return ResponseObject(toggleStatus, msg, WireguardConfigurations[configurationName].Status)
configuration_name = request.args.get('configurationName')
if not configuration_name or configuration_name not in WireguardConfigurations:
return ResponseObject(False, "Please provide a valid configuration name",
status_code=404)
target_configuration = WireguardConfigurations[configuration_name]
status, msg = target_configuration.toggleConfiguration()
configuration_status = target_configuration.Status
return ResponseObject(status, msg, configuration_status)
@app.post(f'{APP_PREFIX}/api/updateWireguardConfiguration')
def API_updateWireguardConfiguration():
data = request.get_json()
requiredKeys = ["Name"]
for i in requiredKeys:
if i not in data.keys():
return ResponseObject(False, "Please provide these following field: " + ", ".join(requiredKeys))
data = request.get_json() or {}
name = data.get("Name")
if name not in WireguardConfigurations.keys():
return ResponseObject(False, "Configuration does not exist", status_code=404)
status, msg = WireguardConfigurations[name].updateConfigurationSettings(data)
if not name:
return ResponseObject(False, "Please provide the field: Name",
status_code=400)
return ResponseObject(status, message=msg, data=WireguardConfigurations[name])
if name not in WireguardConfigurations:
return ResponseObject(False, "Configuration does not exist",
status_code=404)
target_configuration = WireguardConfigurations[name]
status, msg = target_configuration.updateConfigurationSettings(data)
return ResponseObject(status, msg, target_configuration)
@app.post(f'{APP_PREFIX}/api/updateWireguardConfigurationInfo')
def API_updateWireguardConfigurationInfo():
data = request.get_json()
data = request.get_json() or {}
name = data.get('Name')
key = data.get('Key')
value = data.get('Value')
if not all([data, key, name]):
return ResponseObject(status=False, message="Please provide configuration name, key and value")
if name not in WireguardConfigurations.keys():
if not all([name, key, value]): # Required values
return ResponseObject(False, "Please provide configuration name, key, and value")
if name not in WireguardConfigurations:
return ResponseObject(False, "Configuration does not exist", status_code=404)
status, msg, key = WireguardConfigurations[name].updateConfigurationInfo(key, value)
return ResponseObject(status=status, message=msg, data=key)
target_configuration = WireguardConfigurations[name]
status, msg, key = target_configuration.updateConfigurationInfo(key, value)
return ResponseObject(status, msg, key)
@app.get(f'{APP_PREFIX}/api/getWireguardConfigurationRawFile')
def API_GetWireguardConfigurationRawFile():
configurationName = request.args.get('configurationName')
if configurationName is None or len(
configurationName) == 0 or configurationName not in WireguardConfigurations.keys():
def API_getWireguardConfigurationRawFile():
configuration_name = request.args.get('configurationName')
if not configuration_name or configuration_name not in WireguardConfigurations:
return ResponseObject(False, "Please provide a valid configuration name", status_code=404)
config = WireguardConfigurations[configuration_name]
return ResponseObject(data={
"path": WireguardConfigurations[configurationName].configPath,
"content": WireguardConfigurations[configurationName].getRawConfigurationFile()
"path": config.configPath,
"content": config.getRawConfigurationFile()
})
@app.post(f'{APP_PREFIX}/api/updateWireguardConfigurationRawFile')
def API_UpdateWireguardConfigurationRawFile():
data = request.get_json()
configurationName = data.get('configurationName')
rawConfiguration = data.get('rawConfiguration')
if configurationName is None or len(
configurationName) == 0 or configurationName not in WireguardConfigurations.keys():
data = request.get_json() or {}
configuration_name = data.get('configurationName')
raw_configuration = data.get('rawConfiguration')
if not configuration_name or configuration_name not in WireguardConfigurations:
return ResponseObject(False, "Please provide a valid configuration name")
if rawConfiguration is None or len(rawConfiguration) == 0:
if not raw_configuration:
return ResponseObject(False, "Please provide content")
status, err = WireguardConfigurations[configurationName].updateRawConfigurationFile(rawConfiguration)
config = WireguardConfigurations[configuration_name]
status, err = config.updateRawConfigurationFile(raw_configuration)
return ResponseObject(status=status, message=err)
return ResponseObject(status, err)
@app.post(f'{APP_PREFIX}/api/deleteWireguardConfiguration')
def API_deleteWireguardConfiguration():
data = request.get_json()
if "ConfigurationName" not in data.keys() or data.get("ConfigurationName") is None or data.get("ConfigurationName") not in WireguardConfigurations.keys():
data = request.get_json() or {}
configuration_name = data.get("ConfigurationName")
if not configuration_name or configuration_name not in WireguardConfigurations:
return ResponseObject(False, "Please provide the configuration name you want to delete", status_code=404)
rp = WireguardConfigurations.pop(data.get("ConfigurationName"))
rp = WireguardConfigurations.pop(configuration_name)
status = rp.deleteConfiguration()
if not status:
WireguardConfigurations[data.get("ConfigurationName")] = rp
WireguardConfigurations[configuration_name] = rp
return ResponseObject(status)
@app.post(f'{APP_PREFIX}/api/renameWireguardConfiguration')
def API_renameWireguardConfiguration():
data = request.get_json()
keys = ["ConfigurationName", "NewConfigurationName"]
for k in keys:
if (k not in data.keys() or data.get(k) is None or len(data.get(k)) == 0 or
(k == "ConfigurationName" and data.get(k) not in WireguardConfigurations.keys())):
return ResponseObject(False, "Please provide the configuration name you want to rename", status_code=404)
data = request.get_json() or {}
old_name = data.get("ConfigurationName")
new_name = data.get("NewConfigurationName")
if not old_name or old_name not in WireguardConfigurations:
return ResponseObject(False, "Please provide a valid configuration name to rename", status_code=404)
if data.get("NewConfigurationName") in WireguardConfigurations.keys():
return ResponseObject(False, "Configuration name already exist", status_code=400)
if not new_name:
return ResponseObject(False, "Please provide a new configuration name", status=400)
rc = WireguardConfigurations.pop(data.get("ConfigurationName"))
if new_name in WireguardConfigurations:
return ResponseObject(False, "The configuration name already exists", status_code=400)
status, message = rc.renameConfiguration(data.get("NewConfigurationName"))
rc = WireguardConfigurations.pop(old_name)
status, message = rc.renameConfiguration(new_name)
if status:
WireguardConfigurations[data.get("NewConfigurationName")] = (WireguardConfiguration(DashboardConfig, AllPeerJobs, AllPeerShareLinks, DashboardWebHooks, data.get("NewConfigurationName")) if rc.Protocol == 'wg' else AmneziaWireguardConfiguration(DashboardConfig, AllPeerJobs, AllPeerShareLinks, DashboardWebHooks, data.get("NewConfigurationName")))
if rc.Protocol == 'wg':
ConfigClass = WireguardConfiguration
else:
ConfigClass = AmneziaWireguardConfiguration
WireguardConfigurations[new_name] = ConfigClass(
DashboardConfig, AllPeerJobs, AllPeerShareLinks, DashboardWebHooks, new_name
)
else:
WireguardConfigurations[data.get("ConfigurationName")] = rc
WireguardConfigurations[old_name] = rc
return ResponseObject(status, message)
@app.get(f'{APP_PREFIX}/api/getWireguardConfigurationRealtimeTraffic')
def API_getWireguardConfigurationRealtimeTraffic():
configurationName = request.args.get('configurationName')
if configurationName is None or configurationName not in WireguardConfigurations.keys():
configuration_name = requests.args.get('configurationName')
if not configuration_name or configuration_name not in WireguardConfigurations:
return ResponseObject(False, "Configuration does not exist", status_code=404)
return ResponseObject(data=WireguardConfigurations[configurationName].getRealtimeTrafficUsage())
rt_traffic_usage = WireguardConfigurations[configuration_name]
return ResponseObject(data=rt_traffic_usage)
@app.get(f'{APP_PREFIX}/api/getWireguardConfigurationBackup')
def API_getWireguardConfigurationBackup():
configurationName = request.args.get('configurationName')
if configurationName is None or configurationName not in WireguardConfigurations.keys():
configuration_name = request.args.get('configurationName')
if not configuration_name or configuration_name not in WireguardConfigurations:
return ResponseObject(False, "Configuration does not exist", status_code=404)
return ResponseObject(data=WireguardConfigurations[configurationName].getBackups())
target_configuration = WireguardConfigurations[configuration_name]
return ResponseObject(data=target_configuration.getBackups())
@app.get(f'{APP_PREFIX}/api/getAllWireguardConfigurationBackup')
def API_getAllWireguardConfigurationBackup():
@@ -544,47 +658,86 @@ def API_getAllWireguardConfigurationBackup():
"ExistingConfigurations": {},
"NonExistingConfigurations": {}
}
existingConfiguration = WireguardConfigurations.keys()
for i in existingConfiguration:
b = WireguardConfigurations[i].getBackups(True)
if len(b) > 0:
data['ExistingConfigurations'][i] = WireguardConfigurations[i].getBackups(True)
existing_configurations = WireguardConfigurations.keys()
for single_conf in existing_configurations:
backups = WireguardConfigurations[single_conf].getBackups(True)
if len(backups) > 0:
data['ExistingConfigurations'][single_conf] = WireguardConfigurations[single_conf].getBackups(True)
for protocol in ProtocolsEnabled():
directory = os.path.join(DashboardConfig.GetConfig("Server", f"{protocol}_conf_path")[1], 'WGDashboard_Backup')
if os.path.exists(directory):
files = [(file, os.path.getctime(os.path.join(directory, file)))
for file in os.listdir(directory) if os.path.isfile(os.path.join(directory, file))]
files.sort(key=lambda x: x[1], reverse=True)
for f, ct in files:
if RegexMatch(r"^(.*)_(.*)\.(conf)$", f):
s = re.search(r"^(.*)_(.*)\.(conf)$", f)
name = s.group(1)
if name not in existingConfiguration:
if name not in data['NonExistingConfigurations'].keys():
data['NonExistingConfigurations'][name] = []
date = s.group(2)
d = {
"protocol": protocol,
"filename": f,
"backupDate": date,
"content": open(os.path.join(DashboardConfig.GetConfig("Server", f"{protocol}_conf_path")[1], 'WGDashboard_Backup', f), 'r').read()
}
if f.replace(".conf", ".sql") in list(os.listdir(directory)):
d['database'] = True
d['databaseContent'] = open(os.path.join(DashboardConfig.GetConfig("Server", f"{protocol}_conf_path")[1], 'WGDashboard_Backup', f.replace(".conf", ".sql")), 'r').read()
data['NonExistingConfigurations'][name].append(d)
config_path_info = DashboardConfig.GetConfig("Server", f"{protocol}_conf_path")
configuration_path = config_path_info[1]
backup_directory = os.path.join(configuration_path, 'WGDashboard_Backup')
if not os.path.exists(backup_directory):
continue
backup_files = []
for file_name in os.listdir(backup_directory):
full_file_path = os.path.join(backup_directory, file_name)
if os.path.isfile(full_file_path):
creation_time = os.path.getctime(full_file_path)
backup_files.append((file_name, creation_time))
backup_files.sort(key=lambda file_info: file_info[1], reverse=True)
for file_name, creation_time in backup_files:
pattern = r"^(.*)_(.*)\.conf$"
match_result = re.match(pattern, file_name)
if not match_result:
continue
configuration_name = match_result.group(1)
backup_date = match_result.group(2)
if configuration_name in existing_configurations:
continue
if 'NonExistingConfigurations' not in data:
data['NonExistingConfigurations'] = {}
if configuration_name not in data['NonExistingConfigurations']:
data['NonExistingConfigurations'][configuration_name] = []
configuration_file_path = os.path.join(backup_directory, file_name)
with open(configuration_file_path, 'r') as configuration_file:
configuration_content = configuration_file.read()
backup_data = {
"protocol": protocol,
"filename": file_name,
"backupDate": backup_date,
"content": configuration_content
}
sql_file_name = file_name.replace(".conf", ".sql")
sql_file_path = os.path.join(backup_directory, sql_file_name)
if os.path.isfile(sql_file_path):
with open(sql_file_path, 'r') as sql_file:
sql_content = sql_file.read()
backup_data["database"] = True
backup_data["databaseContent"] = sql_content
data['NonExistingConfigurations'][configuration_name].append(backup_data)
return ResponseObject(data=data)
@app.get(f'{APP_PREFIX}/api/createWireguardConfigurationBackup')
def API_createWireguardConfigurationBackup():
configurationName = request.args.get('configurationName')
if configurationName is None or configurationName not in WireguardConfigurations.keys():
configuration_name = request.args.get('configurationName')
if not configuration_name or configuration_name not in WireguardConfigurations:
return ResponseObject(False, "Configuration does not exist", status_code=404)
return ResponseObject(status=WireguardConfigurations[configurationName].backupConfigurationFile()[0],
data=WireguardConfigurations[configurationName].getBackups())
conf_backup_file = WireguardConfigurations[configuration_name].backupConfigurationFile()[0]
conf_backups = WireguardConfigurations[configuration_name].getBackups()
return ResponseObject(status=conf_backup_file,data=conf_backups)
@app.post(f'{APP_PREFIX}/api/deleteWireguardConfigurationBackup')
def API_deleteWireguardConfigurationBackup():
@@ -616,18 +769,19 @@ def API_downloadWireguardConfigurationBackup():
@app.post(f'{APP_PREFIX}/api/restoreWireguardConfigurationBackup')
def API_restoreWireguardConfigurationBackup():
data = request.get_json()
configuration_name = data['ConfigurationName']
backup_file_name = data['BackupFileName']
if ("ConfigurationName" not in data.keys() or
"BackupFileName" not in data.keys() or
len(data['ConfigurationName']) == 0 or
len(data['BackupFileName']) == 0):
return ResponseObject(False,
"Please provide ConfigurationName and BackupFileName in body", status_code=400)
configurationName = data['ConfigurationName']
backupFileName = data['BackupFileName']
if configurationName not in WireguardConfigurations.keys():
return ResponseObject(False,"Please provide ConfigurationName and BackupFileName in body", status_code=400)
if configuration_name not in WireguardConfigurations.keys():
return ResponseObject(False, "Configuration does not exist", status_code=404)
status = WireguardConfigurations[configurationName].restoreBackup(backupFileName)
status = WireguardConfigurations[configuration_name].restoreBackup(backup_file_name)
return ResponseObject(status=status, message=(None if status else 'Restore backup failed'))
@app.get(f'{APP_PREFIX}/api/getDashboardConfiguration')
@@ -1369,31 +1523,6 @@ def API_Welcome_Finish():
DashboardConfig.SetConfig("Other", "welcome_session", False)
return ResponseObject()
class Locale:
def __init__(self):
self.localePath = './static/locales/'
self.activeLanguages = {}
with open(os.path.join(f"{self.localePath}supported_locales.json"), "r") as f:
self.activeLanguages = sorted(json.loads(''.join(f.readlines())), key=lambda x : x['lang_name'])
def getLanguage(self) -> dict | None:
currentLanguage = DashboardConfig.GetConfig("Server", "dashboard_language")[1]
if currentLanguage == "en":
return None
if os.path.exists(os.path.join(f"{self.localePath}{currentLanguage}.json")):
with open(os.path.join(f"{self.localePath}{currentLanguage}.json"), "r") as f:
return dict(json.loads(''.join(f.readlines())))
else:
return None
def updateLanguage(self, lang_id):
if not os.path.exists(os.path.join(f"{self.localePath}{lang_id}.json")):
DashboardConfig.SetConfig("Server", "dashboard_language", "en-US")
else:
DashboardConfig.SetConfig("Server", "dashboard_language", lang_id)
Locale = Locale()
@app.get(f'{APP_PREFIX}/api/locale')
def API_Locale_CurrentLang():
return ResponseObject(data=Locale.getLanguage())
@@ -1478,6 +1607,31 @@ def API_SystemStatus():
def API_ProtocolsEnabled():
return ResponseObject(data=ProtocolsEnabled())
class Locale:
def __init__(self):
self.localePath = './static/locales/'
self.activeLanguages = {}
with open(os.path.join(f"{self.localePath}supported_locales.json"), "r") as f:
self.activeLanguages = sorted(json.loads(''.join(f.readlines())), key=lambda x : x['lang_name'])
def getLanguage(self) -> dict | None:
currentLanguage = DashboardConfig.GetConfig("Server", "dashboard_language")[1]
if currentLanguage == "en":
return None
if os.path.exists(os.path.join(f"{self.localePath}{currentLanguage}.json")):
with open(os.path.join(f"{self.localePath}{currentLanguage}.json"), "r") as f:
return dict(json.loads(''.join(f.readlines())))
else:
return None
def updateLanguage(self, lang_id):
if not os.path.exists(os.path.join(f"{self.localePath}{lang_id}.json")):
DashboardConfig.SetConfig("Server", "dashboard_language", "en-US")
else:
DashboardConfig.SetConfig("Server", "dashboard_language", lang_id)
Locale = Locale()
'''
OIDC Controller
'''

View File

@@ -184,7 +184,7 @@ class PeerJobs:
f"Somehow can't find this peer {job.Peer} from {c.Name} failed {job.Action}ed."
)
else:
current_app.logger.warning(f"Somehow can't find this peer {job.Peer} from {job.Configuration} failed {job.Action}ed.")
current_app.logger.warning(f"Somehow can't find this peer {job.Peer} from {c.Name} failed {job.Action}ed.")
self.JobLogger.log(job.JobID, False,
f"Somehow can't find this peer {job.Peer} from {job.Configuration} failed {job.Action}ed."
)

File diff suppressed because it is too large Load Diff

View File

@@ -13,7 +13,7 @@
},
"dependencies": {
"@volar/language-server": "2.4.23",
"@vue/language-server": "3.1.0",
"@vue/language-server": "3.0.7",
"@vuepic/vue-datepicker": "^11.0.2",
"@vueuse/core": "^13.5.0",
"@vueuse/shared": "^13.5.0",
@@ -27,20 +27,20 @@
"fuse.js": "^7.0.0",
"i": "^0.3.7",
"is-cidr": "^5.0.3",
"npm": "^11.6.1",
"npm": "^10.5.0",
"ol": "^10.2.1",
"pinia": "^3.0.3",
"pinia-plugin-persistedstate": "^4.5.0",
"qrcode": "^1.5.3",
"qrcodejs": "^1.0.0",
"simple-code-editor": "^2.0.9",
"uuid": "^13.0.0",
"vue": "^3.5.22",
"uuid": "^11.1.0",
"vue": "^3.5.17",
"vue-chartjs": "^5.3.0",
"vue-router": "^4.2.5"
},
"devDependencies": {
"@vitejs/plugin-vue": "^6.0.0",
"vite": "^7.1.7"
"vite": "^7.1.6"
}
}

View File

@@ -464,6 +464,47 @@ stop_wgd() {
fi
}
# ============= Docker Functions =============
startwgd_docker() {
_checkWireguard
printf "[WGDashboard][Docker] WireGuard configuration started\n"
{ date; start_core ; printf "\n\n"; } >> ./log/install.txt
gunicorn_start
}
start_core() {
# Re-assign config_files to ensure it includes any newly created configurations
local config_files=$(find /etc/wireguard -type f -name "*.conf")
# Set file permissions
find /etc/wireguard -type f -name "*.conf" -exec chmod 600 {} \;
find "$iptable_dir" -type f -name "*.sh" -exec chmod +x {} \;
# Start WireGuard for each config file
for file in $config_files; do
config_name=$(basename "$file" ".conf")
wg-quick up "$config_name"
done
}
newconf_wgd() {
local wg_port_listen=$wg_port
local wg_addr_range=$wg_net
private_key=$(wg genkey)
public_key=$(echo "$private_key" | wg pubkey)
cat <<EOF >"/etc/wireguard/wg0.conf"
[Interface]
PrivateKey = $private_key
Address = $wg_addr_range
ListenPort = $wg_port_listen
SaveConfig = true
PostUp = /opt/wireguarddashboard/src/iptable-rules/postup.sh
PreDown = /opt/wireguarddashboard/src/iptable-rules/postdown.sh
EOF
}
# ============= Docker Functions =============
start_wgd_debug() {
_checkWireguard
printf "[WGDashboard] Starting WGDashboard in the foreground.\n"
@@ -559,4 +600,4 @@ else
help
fi
fi
printf "%s\n" "$dashes"
printf "%s\n" "$dashes"