wg-portal/internal/server/helper.go

package server

import (
	"crypto/md5"
	"errors"
	"fmt"
	"io/ioutil"
	"syscall"
	"time"

	"github.com/h44z/wg-portal/internal/common"
	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
)

func (s *Server) PrepareNewUser() (Peer, error) {
	device := s.users.GetDevice()

	peer := Peer{}
	peer.IsNew = true
	peer.AllowedIPsStr = device.AllowedIPsStr
	peer.IPs = make([]string, len(device.IPs))
	for i := range device.IPs {
		freeIP, err := s.users.GetAvailableIp(device.IPs[i])
		if err != nil {
			return Peer{}, err
		}
		peer.IPs[i] = freeIP
	}
	peer.IPsStr = common.ListToString(peer.IPs)
	psk, err := wgtypes.GenerateKey()
	if err != nil {
		return Peer{}, err
	}
	key, err := wgtypes.GeneratePrivateKey()
	if err != nil {
		return Peer{}, err
	}
	peer.PresharedKey = psk.String()
	peer.PrivateKey = key.String()
	peer.PublicKey = key.PublicKey().String()
	peer.UID = fmt.Sprintf("u%x", md5.Sum([]byte(peer.PublicKey)))

	return peer, nil
}

func (s *Server) CreateUserByEmail(email, identifierSuffix string, disabled bool) error {
	ldapUser := s.ldapUsers.GetUserData(s.ldapUsers.GetUserDNByMail(email))
	if ldapUser.DN == "" {
		return errors.New("no peer with email " + email + " found")
	}

	device := s.users.GetDevice()
	peer := Peer{}
	peer.AllowedIPsStr = device.AllowedIPsStr
	peer.IPs = make([]string, len(device.IPs))
	for i := range device.IPs {
		freeIP, err := s.users.GetAvailableIp(device.IPs[i])
		if err != nil {
			return err
		}
		peer.IPs[i] = freeIP
	}
	peer.IPsStr = common.ListToString(peer.IPs)
	psk, err := wgtypes.GenerateKey()
	if err != nil {
		return err
	}
	key, err := wgtypes.GeneratePrivateKey()
	if err != nil {
		return err
	}
	peer.PresharedKey = psk.String()
	peer.PrivateKey = key.String()
	peer.PublicKey = key.PublicKey().String()
	peer.UID = fmt.Sprintf("u%x", md5.Sum([]byte(peer.PublicKey)))
	peer.Email = email
	peer.Identifier = fmt.Sprintf("%s %s (%s)", ldapUser.Firstname, ldapUser.Lastname, identifierSuffix)
	now := time.Now()
	if disabled {
		peer.DeactivatedAt = &now
	}

	return s.CreateUser(peer)
}

func (s *Server) CreateUser(user Peer) error {

	device := s.users.GetDevice()
	user.AllowedIPsStr = device.AllowedIPsStr
	if len(user.IPs) == 0 {
		for i := range device.IPs {
			freeIP, err := s.users.GetAvailableIp(device.IPs[i])
			if err != nil {
				return err
			}
			user.IPs[i] = freeIP
		}
		user.IPsStr = common.ListToString(user.IPs)
	}
	if user.PrivateKey == "" { // if private key is empty create a new one
		psk, err := wgtypes.GenerateKey()
		if err != nil {
			return err
		}
		key, err := wgtypes.GeneratePrivateKey()
		if err != nil {
			return err
		}
		user.PresharedKey = psk.String()
		user.PrivateKey = key.String()
		user.PublicKey = key.PublicKey().String()
	}
	user.UID = fmt.Sprintf("u%x", md5.Sum([]byte(user.PublicKey)))

	// Create WireGuard interface
	if user.DeactivatedAt == nil {
		if err := s.wg.AddPeer(user.GetConfig()); err != nil {
			return err
		}
	}

	// Create in database
	if err := s.users.CreateUser(user); err != nil {
		return err
	}

	return s.WriteWireGuardConfigFile()
}

func (s *Server) UpdateUser(user Peer, updateTime time.Time) error {
	currentUser := s.users.GetUserByKey(user.PublicKey)

	// Update WireGuard device
	var err error
	switch {
	case user.DeactivatedAt == &updateTime:
		err = s.wg.RemovePeer(user.PublicKey)
	case user.DeactivatedAt == nil && currentUser.Peer != nil:
		err = s.wg.UpdatePeer(user.GetConfig())
	case user.DeactivatedAt == nil && currentUser.Peer == nil:
		err = s.wg.AddPeer(user.GetConfig())
	}
	if err != nil {
		return err
	}

	// Update in database
	if err := s.users.UpdateUser(user); err != nil {
		return err
	}

	return s.WriteWireGuardConfigFile()
}

func (s *Server) DeleteUser(user Peer) error {
	// Delete WireGuard peer
	if err := s.wg.RemovePeer(user.PublicKey); err != nil {
		return err
	}

	// Delete in database
	if err := s.users.DeleteUser(user); err != nil {
		return err
	}

	return s.WriteWireGuardConfigFile()
}

func (s *Server) RestoreWireGuardInterface() error {
	activeUsers := s.users.GetActiveUsers()

	for i := range activeUsers {
		if activeUsers[i].Peer == nil {
			if err := s.wg.AddPeer(activeUsers[i].GetConfig()); err != nil {
				return err
			}
		}
	}

	return nil
}

func (s *Server) WriteWireGuardConfigFile() error {
	if s.config.WG.WireGuardConfig == "" {
		return nil // writing disabled
	}
	if err := syscall.Access(s.config.WG.WireGuardConfig, syscall.O_RDWR); err != nil {
		return err
	}

	device := s.users.GetDevice()
	cfg, err := device.GetConfigFile(s.users.GetActiveUsers())
	if err != nil {
		return err
	}
	if err := ioutil.WriteFile(s.config.WG.WireGuardConfig, cfg, 0644); err != nil {
		return err
	}
	return nil
}
wip: create/update/... 2020-11-09 11:06:02 +01:00			`package server`

			`import (`
			`"crypto/md5"`
			`"errors"`
			`"fmt"`
wip: update cfg file 2020-11-09 23:43:57 +01:00			`"io/ioutil"`
			`"syscall"`
wip: create/update/... 2020-11-09 11:06:02 +01:00			`"time"`

			`"github.com/h44z/wg-portal/internal/common"`
			`"golang.zx2c4.com/wireguard/wgctrl/wgtypes"`
			`)`

rename user to peer 2021-02-21 23:23:58 +01:00			`func (s *Server) PrepareNewUser() (Peer, error) {`
wip: create/update/... 2020-11-09 11:06:02 +01:00			`device := s.users.GetDevice()`

rename user to peer 2021-02-21 23:23:58 +01:00			`peer := Peer{}`
			`peer.IsNew = true`
			`peer.AllowedIPsStr = device.AllowedIPsStr`
			`peer.IPs = make([]string, len(device.IPs))`
wip: create/update/... 2020-11-09 11:06:02 +01:00			`for i := range device.IPs {`
			`freeIP, err := s.users.GetAvailableIp(device.IPs[i])`
			`if err != nil {`
rename user to peer 2021-02-21 23:23:58 +01:00			`return Peer{}, err`
wip: create/update/... 2020-11-09 11:06:02 +01:00			`}`
rename user to peer 2021-02-21 23:23:58 +01:00			`peer.IPs[i] = freeIP`
wip: create/update/... 2020-11-09 11:06:02 +01:00			`}`
rename user to peer 2021-02-21 23:23:58 +01:00			`peer.IPsStr = common.ListToString(peer.IPs)`
wip: create/update/... 2020-11-09 11:06:02 +01:00			`psk, err := wgtypes.GenerateKey()`
			`if err != nil {`
rename user to peer 2021-02-21 23:23:58 +01:00			`return Peer{}, err`
wip: create/update/... 2020-11-09 11:06:02 +01:00			`}`
			`key, err := wgtypes.GeneratePrivateKey()`
			`if err != nil {`
rename user to peer 2021-02-21 23:23:58 +01:00			`return Peer{}, err`
wip: create/update/... 2020-11-09 11:06:02 +01:00			`}`
rename user to peer 2021-02-21 23:23:58 +01:00			`peer.PresharedKey = psk.String()`
			`peer.PrivateKey = key.String()`
			`peer.PublicKey = key.PublicKey().String()`
			`peer.UID = fmt.Sprintf("u%x", md5.Sum([]byte(peer.PublicKey)))`
wip: create/update/... 2020-11-09 11:06:02 +01:00
rename user to peer 2021-02-21 23:23:58 +01:00			`return peer, nil`
wip: create/update/... 2020-11-09 11:06:02 +01:00			`}`

			`func (s *Server) CreateUserByEmail(email, identifierSuffix string, disabled bool) error {`
			`ldapUser := s.ldapUsers.GetUserData(s.ldapUsers.GetUserDNByMail(email))`
			`if ldapUser.DN == "" {`
rename user to peer 2021-02-21 23:23:58 +01:00			`return errors.New("no peer with email " + email + " found")`
wip: create/update/... 2020-11-09 11:06:02 +01:00			`}`

			`device := s.users.GetDevice()`
rename user to peer 2021-02-21 23:23:58 +01:00			`peer := Peer{}`
			`peer.AllowedIPsStr = device.AllowedIPsStr`
			`peer.IPs = make([]string, len(device.IPs))`
wip: many small fixes and improvements... 2020-11-09 23:24:14 +01:00			`for i := range device.IPs {`
			`freeIP, err := s.users.GetAvailableIp(device.IPs[i])`
			`if err != nil {`
			`return err`
			`}`
rename user to peer 2021-02-21 23:23:58 +01:00			`peer.IPs[i] = freeIP`
wip: many small fixes and improvements... 2020-11-09 23:24:14 +01:00			`}`
rename user to peer 2021-02-21 23:23:58 +01:00			`peer.IPsStr = common.ListToString(peer.IPs)`
wip: create/update/... 2020-11-09 11:06:02 +01:00			`psk, err := wgtypes.GenerateKey()`
			`if err != nil {`
			`return err`
			`}`
			`key, err := wgtypes.GeneratePrivateKey()`
			`if err != nil {`
			`return err`
			`}`
rename user to peer 2021-02-21 23:23:58 +01:00			`peer.PresharedKey = psk.String()`
			`peer.PrivateKey = key.String()`
			`peer.PublicKey = key.PublicKey().String()`
			`peer.UID = fmt.Sprintf("u%x", md5.Sum([]byte(peer.PublicKey)))`
			`peer.Email = email`
			`peer.Identifier = fmt.Sprintf("%s %s (%s)", ldapUser.Firstname, ldapUser.Lastname, identifierSuffix)`
wip: create/update/... 2020-11-09 11:06:02 +01:00			`now := time.Now()`
			`if disabled {`
rename user to peer 2021-02-21 23:23:58 +01:00			`peer.DeactivatedAt = &now`
wip: create/update/... 2020-11-09 11:06:02 +01:00			`}`

rename user to peer 2021-02-21 23:23:58 +01:00			`return s.CreateUser(peer)`
wip: create/update/... 2020-11-09 11:06:02 +01:00			`}`

rename user to peer 2021-02-21 23:23:58 +01:00			`func (s *Server) CreateUser(user Peer) error {`
wip: create/update/... 2020-11-09 11:06:02 +01:00
			`device := s.users.GetDevice()`
			`user.AllowedIPsStr = device.AllowedIPsStr`
wip: many small fixes and improvements... 2020-11-09 23:24:14 +01:00			`if len(user.IPs) == 0 {`
			`for i := range device.IPs {`
			`freeIP, err := s.users.GetAvailableIp(device.IPs[i])`
			`if err != nil {`
			`return err`
			`}`
			`user.IPs[i] = freeIP`
			`}`
			`user.IPsStr = common.ListToString(user.IPs)`
			`}`
wip: create/update/... 2020-11-09 11:06:02 +01:00			`if user.PrivateKey == "" { // if private key is empty create a new one`
			`psk, err := wgtypes.GenerateKey()`
			`if err != nil {`
			`return err`
			`}`
			`key, err := wgtypes.GeneratePrivateKey()`
			`if err != nil {`
			`return err`
			`}`
			`user.PresharedKey = psk.String()`
			`user.PrivateKey = key.String()`
			`user.PublicKey = key.PublicKey().String()`
			`}`
			`user.UID = fmt.Sprintf("u%x", md5.Sum([]byte(user.PublicKey)))`

wip: many small fixes and improvements... 2020-11-09 23:24:14 +01:00			`// Create WireGuard interface`
wip: create/update/... 2020-11-09 11:06:02 +01:00			`if user.DeactivatedAt == nil {`
rename user to peer 2021-02-21 23:23:58 +01:00			`if err := s.wg.AddPeer(user.GetConfig()); err != nil {`
wip: create/update/... 2020-11-09 11:06:02 +01:00			`return err`
			`}`
			`}`

			`// Create in database`
			`if err := s.users.CreateUser(user); err != nil {`
			`return err`
			`}`

wip: update cfg file 2020-11-09 23:43:57 +01:00			`return s.WriteWireGuardConfigFile()`
wip: create/update/... 2020-11-09 11:06:02 +01:00			`}`

rename user to peer 2021-02-21 23:23:58 +01:00			`func (s *Server) UpdateUser(user Peer, updateTime time.Time) error {`
wip: create/update/... 2020-11-09 11:06:02 +01:00			`currentUser := s.users.GetUserByKey(user.PublicKey)`

			`// Update WireGuard device`
			`var err error`
			`switch {`
			`case user.DeactivatedAt == &updateTime:`
			`err = s.wg.RemovePeer(user.PublicKey)`
			`case user.DeactivatedAt == nil && currentUser.Peer != nil:`
rename user to peer 2021-02-21 23:23:58 +01:00			`err = s.wg.UpdatePeer(user.GetConfig())`
wip: create/update/... 2020-11-09 11:06:02 +01:00			`case user.DeactivatedAt == nil && currentUser.Peer == nil:`
rename user to peer 2021-02-21 23:23:58 +01:00			`err = s.wg.AddPeer(user.GetConfig())`
wip: create/update/... 2020-11-09 11:06:02 +01:00			`}`
			`if err != nil {`
			`return err`
			`}`

			`// Update in database`
			`if err := s.users.UpdateUser(user); err != nil {`
			`return err`
			`}`

wip: update cfg file 2020-11-09 23:43:57 +01:00			`return s.WriteWireGuardConfigFile()`
wip: create/update/... 2020-11-09 11:06:02 +01:00			`}`

rename user to peer 2021-02-21 23:23:58 +01:00			`func (s *Server) DeleteUser(user Peer) error {`
wip: create/update/... 2020-11-09 11:06:02 +01:00			`// Delete WireGuard peer`
			`if err := s.wg.RemovePeer(user.PublicKey); err != nil {`
			`return err`
			`}`

			`// Delete in database`
			`if err := s.users.DeleteUser(user); err != nil {`
			`return err`
			`}`

wip: update cfg file 2020-11-09 23:43:57 +01:00			`return s.WriteWireGuardConfigFile()`
wip: create/update/... 2020-11-09 11:06:02 +01:00			`}`
wip: many small fixes and improvements... 2020-11-09 23:36:19 +01:00
			`func (s *Server) RestoreWireGuardInterface() error {`
			`activeUsers := s.users.GetActiveUsers()`

			`for i := range activeUsers {`
			`if activeUsers[i].Peer == nil {`
rename user to peer 2021-02-21 23:23:58 +01:00			`if err := s.wg.AddPeer(activeUsers[i].GetConfig()); err != nil {`
wip: many small fixes and improvements... 2020-11-09 23:36:19 +01:00			`return err`
			`}`
			`}`
			`}`

			`return nil`
			`}`
wip: update cfg file 2020-11-09 23:43:57 +01:00
			`func (s *Server) WriteWireGuardConfigFile() error {`
			`if s.config.WG.WireGuardConfig == "" {`
			`return nil // writing disabled`
			`}`
			`if err := syscall.Access(s.config.WG.WireGuardConfig, syscall.O_RDWR); err != nil {`
			`return err`
			`}`

			`device := s.users.GetDevice()`
rename user to peer 2021-02-21 23:23:58 +01:00			`cfg, err := device.GetConfigFile(s.users.GetActiveUsers())`
wip: update cfg file 2020-11-09 23:43:57 +01:00			`if err != nil {`
			`return err`
			`}`
			`if err := ioutil.WriteFile(s.config.WG.WireGuardConfig, cfg, 0644); err != nil {`
			`return err`
			`}`
			`return nil`
			`}`