Removed DNS as a required field from peer settings

Update FUNDING.yml

.github/FUNDING.yml

@@ -1,3 +1,4 @@
 # These are supported funding model platforms
 
 github: [donaldzou]
+patreon: DonaldDonnyZou

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,70 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ main ]
+  schedule:
+    - cron: '30 5 * * 4'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript', 'python' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://git.io/codeql-language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

.gitignore

@@ -14,4 +14,5 @@ venv/**
 log/**
 release/*
 src/db/wgdashboard.db
-.jshintrc
+.jshintrc
+node_modules/

README.md

@@ -1,3 +1,17 @@
+### Development on v4
+Hi Everyone, I've decided to promote the long time working `v3.1` to `v4`! This version will be a huge update on the structure of the app. The frontend will be completely handle on the client side with Vue.js, and communicate with the server via REST Api. With this design, it could be possible for the frontend app to connect to multiple server in the future. Stay tune to this new verion, I'm working very hard on this while balancing school and work. If you would like know whats going on, you can check out [this branch](https://github.com/donaldzou/WGDashboard/tree/v4) 😊
+
+#### A preview on v4.0 🥹
+
+![v4.0 Preview](https://raw.githubusercontent.com/donaldzou/WGDashboard/main/img/ScreenRecording2024-03-31at12.47.43AM-ezgif.com-video-to-gif-converter.gif)
+
+
+<hr>
+
+##### Known issue on WGDashboard `v3.0 - v3.0.6`
+- [IPv6 in WireGuard might not fully support.](https://github.com/donaldzou/WGDashboard/issues/167)
+<hr>
+
 <p align="center">
   <img alt="WGDashboard" src="img/logo.png" width="128">
 </p>
@@ -9,7 +23,7 @@
 </p>
 <p align="center">
   <a href="https://github.com/donaldzou/wireguard-dashboard/releases/latest"><img src="https://img.shields.io/github/v/release/donaldzou/wireguard-dashboard"></a>
-  <a href="https://wakatime.com/badge/user/45f53c7c-9da9-4cb0-85d6-17bd38cc748b/project/5334ae20-e9a6-4c55-9fea-52d4eb9dfba6"><img src="https://wakatime.com/badge/user/45f53c7c-9da9-4cb0-85d6-17bd38cc748b/project/5334ae20-e9a6-4c55-9fea-52d4eb9dfba6.svg" alt="wakatime"></a>
+  <a href="https://wakatime.com/badge/github/donaldzou/WGDashboard"><img src="https://wakatime.com/badge/github/donaldzou/WGDashboard.svg" alt="wakatime"></a>
   <a href="https://hits.seeyoufarm.com"><img src="https://hits.seeyoufarm.com/api/count/incr/badge.svg?url=https%3A%2F%2Fgithub.com%2Fdonaldzou%2FWGDashboard&count_bg=%2379C83D&title_bg=%23555555&icon=github.svg&icon_color=%23E7E7E7&title=Visitor&edge_flat=false"/></a>
 </p>
 <p align="center">Monitoring WireGuard is not convinient, need to login into server and type <code>wg show</code>. That's why this platform is being created, to view all configurations and manage them in a easier way.</p>
@@ -91,7 +105,8 @@
 - **WireGuard** and **WireGuard-Tools (`wg-quick`)**  are installed.
 
   > Don't know how? Check this <a href="https://www.wireguard.com/install/">official documentation</a>
-
+- Net Tools (`net-tools`) is installed.
+  - You can verify this by checking if `ifconfig` return a list of network interface. Such as `eth0`
 - Configuration files under **`/etc/wireguard`**, but please note the following sample
 
   ```ini
@@ -116,7 +131,7 @@
 1. Download WGDashboard
 
    ```shell
-   git clone -b v3.0.5 https://github.com/donaldzou/WGDashboard.git wgdashboard
+   git clone -b v3.0.6 https://github.com/donaldzou/WGDashboard.git wgdashboard
    
 2. Open the WGDashboard folder
 
@@ -302,7 +317,7 @@ Since version 2.0, WGDashboard will be using a configuration file called `wg-das
 | `app_ip`                     | IP address the dashboard will run with                       | `0.0.0.0`                                            | Yes            |
 | `app_port`                   | Port the the dashboard will run with                         | `10086`                                              | Yes            |
 | `auth_req`                   | Does the dashboard need authentication to access, if `auth_req = false` , user will not be access the **Setting** tab due to security consideration. **User can only edit the file directly in system**. | `true`                                               | **No**         |
-| `version`                    | Dashboard Version                                            | `v3.0.5`                                             | **No**         |
+| `version`                    | Dashboard Version                                            | `v3.0.6`                                             | **No**         |
 | `dashboard_refresh_interval` | How frequent the dashboard will refresh on the configuration page | `60000ms`                                            | Yes            |
 | `dashboard_sort`             | How configuration is sorting                                 | `status`                                             | Yes            |
 |                              |                                                              |                                                      |                |
@@ -361,6 +376,7 @@ Endpoint = 0.0.0.0:51820
 
    ```bash
    ./wgd.sh update
+   chmod +x ./wgd.sh
    ```
 
    > If this doesn't work, please use the method below. Sorry about that :(
@@ -376,7 +392,7 @@ Endpoint = 0.0.0.0:51820
     
 2. Update the dashboard
     ```shell
-    git pull https://github.com/donaldzou/WGDashboard.git v3.0.5 --force
+    git pull https://github.com/donaldzou/WGDashboard.git v3.0.6 --force
     ```
 
 3. Install
@@ -421,10 +437,58 @@ Starting with `v3.0`, you can simply do `./wgd.sh update` !! (I hope, lol)
 
 ## ⏰  Changelog
 
+#### v3.0.6 - Mar 22, 2022
+
+**Fixed Bug**
+- When wgdashboard is running behind a proxy server, redirecting could cause using http while proxy is using https [❤️ from #161]
+
+#### v3.0.5 - Jan 31, 2022
+
+**Quick Fix**
+- Fixed public key does not match when user used an existing private key
+- Sorry for the wrong version number that causing the dashboard ask for update after updating.
+
+#### v3.0.3 - Jan 23, 2022
+
+- Fixed when dashboard configuration file cannot be found after a fresh install. [❤️  from #132 ]
+
+#### v3.0 - Jan 18, 2022
+
+- 🎉  **New Features**
+  - **Moved from TinyDB to SQLite**: SQLite provide a better performance and loading speed when getting peers! Also avoided crashing the database due to **race condition**.
+  - **Added Gunicorn WSGI Server**: This could provide more stable on handling HTTP request, and more flexibility in the future (such as HTTPS support). **BIG THANKS to @pgalonza :heart:**
+  - **Add Peers by Bulk:** User can add peers by bulk, just simply set the amount and click add.
+  - **Delete Peers by Bulk**: User can delete peers by bulk, without deleting peers one by one.
+  - **Download Peers in Zip**: User can download all *downloadable* peers in a zip.
+  - **Added Pre-shared Key to peers:** Now each peer can add with a pre-shared key to enhance security. Previously added peers can add the pre-shared key through the peer setting button.
+  - **Redirect Back to Previous Page:** The dashboard will now redirect you back to your previous page if the current session got timed out and you need to sign in again.
+  - **Added Some [🥘 Experimental Functions](https://github.com/donaldzou/WGDashboard#-experimental-functions)** 
+
+- 🪚  **Bug Fixed**
+  - [IP Sorting range issues #99](https://github.com/donaldzou/WGDashboard/issues/99) [❤️ @barryboom]
+  - [INvalid character written to tunnel json file #108](https://github.com/donaldzou/WGDashboard/issues/108) [❤️ @ikidd]
+  - [Add IPv6 #91](https://github.com/donaldzou/WGDashboard/pull/91) [❤️ @pgalonza]
+  - [Added MTU and PersistentKeepalive to QR code and download files #112](https://github.com/donaldzou/WGDashboard/pull/112) [:heart: @reafian]
+  - **And many other bugs provided by our beloved users** :heart:
+- **🧐  Other Changes**
+  - **Key generating moved to front-end**: No longer need to use the server's WireGuard to generate keys, thanks to the `wireguard.js` from the [official repository](https://git.zx2c4.com/wireguard-tools/tree/contrib/keygen-html/wireguard.js)! 
+  - **Peer transfer calculation**: each peer will now show all transfer amount (previously was only showing transfer amount from the last configuration start-up).
+  - **UI adjustment on running peers**: peers will have a new style indicating that it is running.
+  - **`wgd.sh` finally can update itself**: So now user could update the whole dashboard from `wgd.sh`, with the `update` command.
+  - **Minified JS and CSS files**: Although only a small changes on the file size, but I think is still a good practice to save a bit of bandwidth ;)
+
+*And many other small changes for performance and bug fixes! :laughing:*
+
+>  If you have any other brilliant ideas for this project, please shout it in here [#129](https://github.com/donaldzou/WGDashboard/issues/129) :heart:   
+
+**For users who is using `v2.x.x` please be sure to read [this](https://github.com/donaldzou/WGDashboard#please-note-for-user-who-is-using-v231-or-below) before updating WGDashboard ;)**
+
 #### v2.3.1 - Sep 8, 2021
 
 - Updated dashboard's name to **WGDashboard**!!
 
+
+
 #### v2.3 - Sep 8, 2021
 
 - 🎉  **New Features**
@@ -506,7 +570,8 @@ Bug Fixed:
   - [jQuery](https://jquery.com) `v3.5.1`
 - Python
   - [Flask](https://pypi.org/project/Flask/) `v2.0.1`
-  - [ifcfg](https://pypi.org/project/ifcfg/) `v0.21`
+  - [ifcfg](https://pypi.org/project/ifcfg/) `v0.24`
+  - [psutil](https://pypi.org/project/psutil/) `v5.9.8`
   - [icmplib](https://pypi.org/project/icmplib/) `v2.1.1`
   - [flask-qrcode](https://pypi.org/project/Flask-QRcode/) `v3.0.0`
 

SECURITY.md

@@ -0,0 +1,10 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.1.x   | :white_check_mark: |
+| 5.0.x   | :x:                |
+| 4.0.x   | :white_check_mark: |
+| < 4.0   | :x:                |

src/dashboard.py

@@ -21,6 +21,7 @@ from datetime import datetime, timedelta
 from operator import itemgetter
 # PIP installed library
 import ifcfg
+import psutil
 from flask import Flask, request, render_template, redirect, url_for, session, jsonify, g
 from flask_qrcode import QRcode
 from icmplib import ping, traceroute
@@ -30,7 +31,7 @@ from util import regex_match, check_DNS, check_Allowed_IPs, check_remote_endpoin
     check_IP_with_range, clean_IP_with_range
 
 # Dashboard Version
-DASHBOARD_VERSION = 'v3.0.5'
+DASHBOARD_VERSION = 'v3.0.6'
 
 # WireGuard's configuration path
 WG_CONF_PATH = None
@@ -472,8 +473,8 @@ def get_conf_status(config_name):
     @param config_name:
     @return: Return a string indicate the running status
     """
-    ifconfig = dict(ifcfg.interfaces().items())
-    return "running" if config_name in ifconfig.keys() else "stopped"
+    addrs = psutil.net_if_addrs()
+    return "running" if config_name in addrs else "stopped"
 
 
 def get_conf_list():
@@ -653,7 +654,10 @@ def auth_req():
             else:
                 session['message'] = ""
             conf.clear()
-            return redirect("/signin?redirect=" + str(request.url))
+            redirectURL = str(request.url)
+            redirectURL = redirectURL.replace("http://", "")
+            redirectURL = redirectURL.replace("https://", "")
+            return redirect("/signin?redirect=" + redirectURL)
     else:
         if request.endpoint in ['signin', 'signout', 'auth', 'settings', 'update_acct', 'update_pwd',
                                 'update_app_ip_port', 'update_wg_conf_path']:
@@ -1093,7 +1097,7 @@ def add_peer_bulk(config_name):
     if not amount.isdigit() or int(amount) < 1:
         return "Amount must be integer larger than 0"
     amount = int(amount)
-    if not check_DNS(dns_addresses):
+    if len(dns_addresses) > 0 and not check_DNS(dns_addresses):
         return "DNS formate is incorrect. Example: 1.1.1.1"
     if not check_Allowed_IPs(endpoint_allowed_ip):
         return "Endpoint Allowed IPs format is incorrect."
@@ -1156,7 +1160,7 @@ def add_peer(config_name):
     enable_preshared_key = data["enable_preshared_key"]
     preshared_key = data['preshared_key']
     keys = get_conf_peer_key(config_name)
-    if len(public_key) == 0 or len(dns_addresses) == 0 or len(allowed_ips) == 0 or len(endpoint_allowed_ip) == 0:
+    if len(public_key) == 0 or len(allowed_ips) == 0 or len(endpoint_allowed_ip) == 0:
         return "Please fill in all required box."
     if not isinstance(keys, list):
         return config_name + " is not running."
@@ -1167,7 +1171,7 @@ def add_peer(config_name):
         .fetchone()
     if check_dup_ip[0] != 0:
         return "Allowed IP already taken by another peer."
-    if not check_DNS(dns_addresses):
+    if len(dns_addresses) > 0 and not check_DNS(dns_addresses):
         return "DNS formate is incorrect. Example: 1.1.1.1"
     if not check_Allowed_IPs(endpoint_allowed_ip):
         return "Endpoint Allowed IPs format is incorrect."
@@ -1259,7 +1263,7 @@ def save_peer_setting(config_name):
         check_ip = check_repeat_allowed_ip(id, allowed_ip, config_name)
         if not check_IP_with_range(endpoint_allowed_ip):
             return jsonify({"status": "failed", "msg": "Endpoint Allowed IPs format is incorrect."})
-        if not check_DNS(dns_addresses):
+        if len(dns_addresses) > 0 and not check_DNS(dns_addresses):
             return jsonify({"status": "failed", "msg": "DNS format is incorrect."})
         if len(data['MTU']) == 0 or not data['MTU'].isdigit():
             return jsonify({"status": "failed", "msg": "MTU format is not correct."})
@@ -1418,12 +1422,30 @@ def download_all(config_name):
         filename = filename + "_" + config_name
         psk = ""
         if preshared_key != "":
-            psk = "\nPresharedKey = " + preshared_key
+            psk = "PresharedKey = " + preshared_key
+            
+        return_data = f'''[Interface]
+PrivateKey = {private_key}
+Address = {allowed_ip}
+MTU = {str(mtu_value)}
 
-        return_data = "[Interface]\nPrivateKey = " + private_key + "\nAddress = " + allowed_ip + "\nDNS = " + \
-                      dns_addresses + "\nMTU = " + str(mtu_value) + "\n\n[Peer]\nPublicKey = " + \
-                      public_key + "\nAllowedIPs = " + endpoint_allowed_ip + "\nEndpoint = " + \
-                      endpoint + "\nPersistentKeepalive = " + str(keepalive) + psk
+'''
+        if len(dns_addresses) > 0:
+            return_data += f'DNS = {dns_addresses}'
+            
+        return_data += f'''
+[Peer]
+PublicKey = {public_key}
+AllowedIPs = {endpoint_allowed_ip}
+Endpoint = {endpoint}
+PersistentKeepalive = {str(keepalive)}
+{psk}
+'''
+
+        # return_data = "[Interface]\nPrivateKey = " + private_key + "\nAddress = " + allowed_ip + "\nDNS = " + \
+        #               dns_addresses + "\nMTU = " + str(mtu_value) + "\n\n[Peer]\nPublicKey = " + \
+        #               public_key + "\nAllowedIPs = " + endpoint_allowed_ip + "\nEndpoint = " + \
+        #               endpoint + "\nPersistentKeepalive = " + str(keepalive) + psk
         data.append({"filename": f"{filename}.conf", "content": return_data})
     return jsonify({"status": True, "peers": data, "filename": f"{config_name}.zip"})
 
@@ -1471,12 +1493,30 @@ def download(config_name):
             filename = filename + "_" + config_name
             psk = ""
             if preshared_key != "":
-                psk = "\nPresharedKey = " + preshared_key
+                psk = "PresharedKey = " + preshared_key
 
-            return_data = "[Interface]\nPrivateKey = " + private_key + "\nAddress = " + allowed_ip + "\nDNS = " + \
-                          dns_addresses + "\nMTU = " + str(mtu_value) + "\n\n[Peer]\nPublicKey = " + \
-                          public_key + "\nAllowedIPs = " + endpoint_allowed_ip + "\nEndpoint = " + \
-                          endpoint + "\nPersistentKeepalive = " + str(keepalive) + psk
+            return_data = f'''[Interface]
+PrivateKey = {private_key}
+Address = {allowed_ip}
+MTU = {str(mtu_value)}
+
+'''
+            if len(dns_addresses) > 0:
+                return_data += f'DNS = {dns_addresses}'
+        
+            return_data += f'''
+[Peer]
+PublicKey = {public_key}
+AllowedIPs = {endpoint_allowed_ip}
+Endpoint = {endpoint}
+PersistentKeepalive = {str(keepalive)}
+{psk}
+'''
+
+            # return_data = "[Interface]\nPrivateKey = " + private_key + "\nAddress = " + allowed_ip + "\nDNS = " + \
+            #               dns_addresses + "\nMTU = " + str(mtu_value) + "\n\n[Peer]\nPublicKey = " + \
+            #               public_key + "\nAllowedIPs = " + endpoint_allowed_ip + "\nEndpoint = " + \
+            #               endpoint + "\nPersistentKeepalive = " + str(keepalive) + psk
 
             return jsonify({"status": True, "filename": f"{filename}.conf", "content": return_data})
     return jsonify({"status": False, "filename": "", "content": ""})

src/requirements.txt

@@ -1,5 +1,6 @@
 Flask
 ifcfg
+psutil
 icmplib
 flask-qrcode
 gunicorn

src/static/js/configuration.js

@@ -155,7 +155,7 @@
         let $enable_preshare_key = $("#enable_preshare_key");
         let data_list = [$new_add_DNS, $new_add_endpoint_allowed_ip,$new_add_MTU, $new_add_keep_alive];
         if ($new_add_amount.val() > 0 && !$new_add_amount.hasClass("is-invalid")){
-            if ($new_add_DNS.val() !== "" && $new_add_endpoint_allowed_ip.val() !== ""){
+            if ($new_add_endpoint_allowed_ip.val() !== ""){
                 let conf = $add_peer.getAttribute('conf_id');
                 let keys = [];
                 for (let i = 0; i < $new_add_amount.val(); i++) {
@@ -633,7 +633,7 @@ $add_peer.addEventListener("click",function(){
         let $enable_preshare_key = $("#enable_preshare_key");
         $add_peer.setAttribute("disabled","disabled");
         $add_peer.innerHTML = "Adding...";
-        if ($allowed_ips.val() !== "" && $public_key.val() !== "" && $new_add_DNS.val() !== "" && $new_add_endpoint_allowed_ip.val() !== ""){
+        if ($allowed_ips.val() !== "" && $public_key.val() !== "" && $new_add_endpoint_allowed_ip.val() !== ""){
             let conf = $add_peer.getAttribute('conf_id');
             let data_list = [$private_key, $allowed_ips, $new_add_name, $new_add_DNS, $new_add_endpoint_allowed_ip,$new_add_MTU, $new_add_keep_alive];
             data_list.forEach((ele) => ele.attr("disabled", "disabled"));
@@ -924,7 +924,7 @@ $("#save_peer_setting").on("click",function (){
     let $peer_mtu = $("#peer_mtu");
     let $peer_keep_alive = $("#peer_keep_alive");
 
-    if ($peer_DNS_textbox.val() !== "" &&
+    if (
         $peer_allowed_ip_textbox.val() !== "" && $peer_endpoint_allowed_ips.val() !== ""){
         let peer_id = $(this).attr("peer_id");
         let conf_id = $(this).attr("conf_id");

src/templates/configuration.html

@@ -192,7 +192,7 @@
                             </div>
                             <div class="col-sm-6">
                                  <div class="form-group">
-                                    <label for="new_add_DNS">DNS <code>(Required)</code></label>
+                                    <label for="new_add_DNS">DNS</label>
                                     <input type="text" class="form-control" id="new_add_DNS" value="{{ DNS }}">
                                 </div>
                             </div>
@@ -297,7 +297,7 @@
                         </div>
                         <div class="col-sm-6">
                             <div class="mb-3">
-                              <label for="peer_DNS_textbox" class="form-label">DNS <code>(Required)</code></label>
+                              <label for="peer_DNS_textbox" class="form-label">DNS</label>
                               <input type="text" class="form-control" id="peer_DNS_textbox">
                             </div>
                         </div>
@@ -410,8 +410,8 @@
     {% include "tools.html" %}
 </body>
 {% include "footer.html" %}
-<script src="{{ url_for('static',filename='js/wireguard.min.js') }}"></script>
-<script src="{{ url_for('static',filename='js/configuration.min.js') }}"></script>
+<script src="{{ url_for('static',filename='js/wireguard.js') }}"></script>
+<script src="{{ url_for('static',filename='js/configuration.js') }}"></script>
 <script>
     /* global peers */
     let load_timeout;

src/templates/footer.html

@@ -1,3 +1,3 @@
 <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha256-/xUj+3OJU5yExlq6GSYGSHk7tPXikynS7ogEvDej/m4=" crossorigin="anonymous"></script>
 <script src="https://cdn.jsdelivr.net/npm/bootstrap@4.6.1/dist/js/bootstrap.bundle.min.js" integrity="sha384-fQybjgWLrvvRgtW6bFlB7jaZrFsaBXjsOMm/tB9LTS58ONXgqbR9W8oWht/amnpF" crossorigin="anonymous"></script>
-<script src="{{ url_for('static',filename='js/tools.min.js') }}"></script>
+<script src="{{ url_for('static',filename='js/tools.js') }}"></script>

src/templates/signin.html

@@ -67,7 +67,11 @@
                 if (res.status === true){
                     const urlParams = new URLSearchParams(window.location.search);
                     if (urlParams.get("redirect")){
-                        window.location.replace(urlParams.get("redirect"))
+                        if (document.URL.substring(0, 5) == "http:"){
+                            window.location.replace(`http://${urlParams.get("redirect")}`)
+                        }else if (document.URL.substring(0, 5) == "https"){
+                            window.location.replace(`https://${urlParams.get("redirect")}`)
+                        }
                     }else{
                         window.location.replace("/");
                     }