Mirrors/wg-portal
1
0
Fork 0
mirror of https://github.com/h44z/wg-portal.git synced 2025-04-19 08:55:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix default peer creation on login (#189)

Browse Source
This commit is contained in:
Christoph Haas 2024-04-02 22:29:10 +02:00
parent 95e10dcc24
commit 288b7794ca
7 changed files with 150 additions and 116 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -54,11 +54,12 @@ By default, WireGuard Portal uses a SQLite database. The database is stored in *
The following configuration options are available: The following configuration options are available:
| configuration key | parent key | default_value | description | | configuration key | parent key | default_value | description |
|---------------------------|------------|--------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------| |---------------------------------|------------|--------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------|
| admin_user | core | admin@wgportal.local | The administrator user. This user will be created as default admin if it does not yet exist. | | admin_user | core | admin@wgportal.local | The administrator user. This user will be created as default admin if it does not yet exist. |
| admin_password | core | wgportal | The administrator password. If unchanged, a random password will be set on first startup. | | admin_password | core | wgportal | The administrator password. If unchanged, a random password will be set on first startup. |
| editable_keys | core | true | Allow to edit key-pairs in the UI. | | editable_keys | core | true | Allow to edit key-pairs in the UI. |
| create_default_peer | core | false | If an LDAP user logs in for the first time, a new WireGuard peer will be created on the WG_DEFAULT_DEVICE if this option is enabled. | | create_default_peer | core | false | If an LDAP user logs in for the first time and has no peers associated, a new WireGuard peer will be created for all server interfaces. |
| create_default_peer_on_creation | core | false | If an LDAP user is created (e.g. through LDAP sync), a new WireGuard peer will be created for all server interfaces. |
| self_provisioning_allowed | core | false | Allow registered users to automatically create peers via their profile page. | | self_provisioning_allowed | core | false | Allow registered users to automatically create peers via their profile page. |
| import_existing | core | true | Import existing WireGuard interfaces and peers into WireGuard Portal. | | import_existing | core | true | Import existing WireGuard interfaces and peers into WireGuard Portal. |
| restore_state | core | true | Restore the WireGuard interface state after WireGuard Portal has started. | | restore_state | core | true | Restore the WireGuard interface state after WireGuard Portal has started. |

2
config.yml.sample
View File

@ -4,6 +4,8 @@ advanced:
core: core:
admin_user: test@test.de admin_user: test@test.de
admin_password: secret admin_password: secret
create_default_peer: true
create_default_peer_on_creation: false
web: web:
external_url: http://localhost:8888 external_url: http://localhost:8888

2
internal/app/repos.go
View File

@ -30,7 +30,7 @@ type WireGuardManager interface {
GetImportableInterfaces(ctx context.Context) ([]domain.PhysicalInterface, error) GetImportableInterfaces(ctx context.Context) ([]domain.PhysicalInterface, error)
ImportNewInterfaces(ctx context.Context, filter ...domain.InterfaceIdentifier) (int, error) ImportNewInterfaces(ctx context.Context, filter ...domain.InterfaceIdentifier) (int, error)
RestoreInterfaceState(ctx context.Context, updateDbOnError bool, filter ...domain.InterfaceIdentifier) error RestoreInterfaceState(ctx context.Context, updateDbOnError bool, filter ...domain.InterfaceIdentifier) error
CreateDefaultPeer(ctx context.Context, user *domain.User) error CreateDefaultPeer(ctx context.Context, userId domain.UserIdentifier) error
GetInterfaceAndPeers(ctx context.Context, id domain.InterfaceIdentifier) (*domain.Interface, []domain.Peer, error) GetInterfaceAndPeers(ctx context.Context, id domain.InterfaceIdentifier) (*domain.Interface, []domain.Peer, error)
GetPeerStats(ctx context.Context, id domain.InterfaceIdentifier) ([]domain.PeerStatus, error) GetPeerStats(ctx context.Context, id domain.InterfaceIdentifier) ([]domain.PeerStatus, error)
GetUserPeerStats(ctx context.Context, id domain.UserIdentifier) ([]domain.PeerStatus, error) GetUserPeerStats(ctx context.Context, id domain.UserIdentifier) ([]domain.PeerStatus, error)

34
internal/app/wireguard/wireguard.go
View File

@ -41,19 +41,47 @@ func (m Manager) StartBackgroundJobs(ctx context.Context) {
func (m Manager) connectToMessageBus() { func (m Manager) connectToMessageBus() {
_ = m.bus.Subscribe(app.TopicUserCreated, m.handleUserCreationEvent) _ = m.bus.Subscribe(app.TopicUserCreated, m.handleUserCreationEvent)
_ = m.bus.Subscribe(app.TopicAuthLogin, m.handleUserLoginEvent)
} }
func (m Manager) handleUserCreationEvent(user *domain.User) { func (m Manager) handleUserCreationEvent(user *domain.User) {
logrus.Errorf("handling new user event for %s", user.Identifier) if !m.cfg.Core.CreateDefaultPeerOnCreation {
return
}
logrus.Tracef("handling new user event for %s", user.Identifier)
if m.cfg.Core.CreateDefaultPeer {
ctx := domain.SetUserInfo(context.Background(), domain.SystemAdminContextUserInfo()) ctx := domain.SetUserInfo(context.Background(), domain.SystemAdminContextUserInfo())
err := m.CreateDefaultPeer(ctx, user) err := m.CreateDefaultPeer(ctx, user.Identifier)
if err != nil { if err != nil {
logrus.Errorf("failed to create default peer for %s: %v", user.Identifier, err) logrus.Errorf("failed to create default peer for %s: %v", user.Identifier, err)
return return
} }
} }
func (m Manager) handleUserLoginEvent(userId domain.UserIdentifier) {
if !m.cfg.Core.CreateDefaultPeer {
return
}
userPeers, err := m.db.GetUserPeers(context.Background(), userId)
if err != nil {
logrus.Errorf("failed to retrieve existing peers for %s prior to default peer creation: %v", userId, err)
return
}
if len(userPeers) > 0 {
return // user already has peers, skip creation
}
logrus.Tracef("handling new user login for %s", userId)
ctx := domain.SetUserInfo(context.Background(), domain.SystemAdminContextUserInfo())
err = m.CreateDefaultPeer(ctx, userId)
if err != nil {
logrus.Errorf("failed to create default peer for %s: %v", userId, err)
return
}
} }
func (m Manager) runExpiredPeersCheck(ctx context.Context) { func (m Manager) runExpiredPeersCheck(ctx context.Context) {

9
internal/app/wireguard/wireguard_peers.go
View File

@ -11,7 +11,7 @@ import (
"time" "time"
) )
func (m Manager) CreateDefaultPeer(ctx context.Context, user *domain.User) error { func (m Manager) CreateDefaultPeer(ctx context.Context, userId domain.UserIdentifier) error {
if err := domain.ValidateAdminAccessRights(ctx); err != nil { if err := domain.ValidateAdminAccessRights(ctx); err != nil {
return err return err
} }
@ -32,9 +32,10 @@ func (m Manager) CreateDefaultPeer(ctx context.Context, user *domain.User) error
return fmt.Errorf("failed to create default peer for interface %s: %w", iface.Identifier, err) return fmt.Errorf("failed to create default peer for interface %s: %w", iface.Identifier, err)
} }
peer.UserIdentifier = user.Identifier peer.UserIdentifier = userId
peer.DisplayName = fmt.Sprintf("Default Peer %s", internal.TruncateString(string(peer.Identifier), 8)) peer.DisplayName = fmt.Sprintf("Default Peer %s", internal.TruncateString(string(peer.Identifier), 8))
peer.Notes = fmt.Sprintf("Default peer created for user %s", user.Identifier) peer.Notes = fmt.Sprintf("Default peer created for user %s", userId)
peer.AutomaticallyCreated = true
newPeers = append(newPeers, *peer) newPeers = append(newPeers, *peer)
} }
@ -47,7 +48,7 @@ func (m Manager) CreateDefaultPeer(ctx context.Context, user *domain.User) error
} }
} }
logrus.Infof("created %d default peers for user %s", len(newPeers), user.Identifier) logrus.Infof("created %d default peers for user %s", len(newPeers), userId)
return nil return nil
} }

3
internal/config/config.go
View File

@ -17,6 +17,7 @@ type Config struct {
EditableKeys bool `yaml:"editable_keys"` EditableKeys bool `yaml:"editable_keys"`
CreateDefaultPeer bool `yaml:"create_default_peer"` CreateDefaultPeer bool `yaml:"create_default_peer"`
CreateDefaultPeerOnCreation bool `yaml:"create_default_peer_on_creation"`
SelfProvisioningAllowed bool `yaml:"self_provisioning_allowed"` SelfProvisioningAllowed bool `yaml:"self_provisioning_allowed"`
ImportExisting bool `yaml:"import_existing"` ImportExisting bool `yaml:"import_existing"`
RestoreState bool `yaml:"restore_state"` RestoreState bool `yaml:"restore_state"`
@ -60,7 +61,7 @@ type Config struct {
func (c *Config) LogStartupValues() { func (c *Config) LogStartupValues() {
logrus.Debug("WireGuard Portal Features:") logrus.Debug("WireGuard Portal Features:")
logrus.Debugf(" - EditableKeys: %t", c.Core.EditableKeys) logrus.Debugf(" - EditableKeys: %t", c.Core.EditableKeys)
logrus.Debugf(" - CreateDefaultPeer: %t", c.Core.CreateDefaultPeer) logrus.Debugf(" - CreateDefaultPeerOnCreation: %t", c.Core.CreateDefaultPeerOnCreation)
logrus.Debugf(" - SelfProvisioningAllowed: %t", c.Core.SelfProvisioningAllowed) logrus.Debugf(" - SelfProvisioningAllowed: %t", c.Core.SelfProvisioningAllowed)
logrus.Debugf(" - ImportExisting: %t", c.Core.ImportExisting) logrus.Debugf(" - ImportExisting: %t", c.Core.ImportExisting)
logrus.Debugf(" - RestoreState: %t", c.Core.RestoreState) logrus.Debugf(" - RestoreState: %t", c.Core.RestoreState)

1
internal/domain/peer.go
View File

@ -48,6 +48,7 @@ type Peer struct {
DisabledReason string // the reason why the peer has been disabled DisabledReason string // the reason why the peer has been disabled
ExpiresAt *time.Time `gorm:"column:expires_at"` // expiry dates for peers ExpiresAt *time.Time `gorm:"column:expires_at"` // expiry dates for peers
Notes string `form:"notes" binding:"omitempty"` // a note field for peers Notes string `form:"notes" binding:"omitempty"` // a note field for peers
AutomaticallyCreated bool `gorm:"column:auto_created"` // specifies if the peer was automatically created
// Interface settings for the peer, used to generate the [interface] section in the peer config file // Interface settings for the peer, used to generate the [interface] section in the peer config file
Interface PeerInterfaceConfig `gorm:"embedded"` Interface PeerInterfaceConfig `gorm:"embedded"`