fix default peer creation on login (#189)

2025-04-19 08:55:12 +00:00 · 2024-04-02 22:29:10 +02:00 · 2024-04-02 22:29:10 +02:00 · 288b7794ca
commit 288b7794ca
parent 95e10dcc24
7 changed files with 150 additions and 116 deletions
--- a/README.md
+++ b/README.md
@ -54,11 +54,12 @@ By default, WireGuard Portal uses a SQLite database. The database is stored in *
 The following configuration options are available:

 | configuration key               | parent key | default_value                              | description                                                                                                                             |
-|---------------------------|------------|--------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------|
+|---------------------------------|------------|--------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------|
 | admin_user                      | core       | admin@wgportal.local                       | The administrator user. This user will be created as default admin if it does not yet exist.                                            |
 | admin_password                  | core       | wgportal                                   | The administrator password. If unchanged, a random password will be set on first startup.                                               |
 | editable_keys                   | core       | true                                       | Allow to edit key-pairs in the UI.                                                                                                      |
-| create_default_peer       | core       | false                                      | If an LDAP user logs in for the first time, a new WireGuard peer will be created on the WG_DEFAULT_DEVICE if this option is enabled. |
+| create_default_peer             | core       | false                                      | If an LDAP user logs in for the first time and has no peers associated, a new WireGuard peer will be created for all server interfaces. |
+| create_default_peer_on_creation | core       | false                                      | If an LDAP user is created (e.g. through LDAP sync), a new WireGuard peer will be created for all server interfaces.                    |
 | self_provisioning_allowed       | core       | false                                      | Allow registered users to automatically create peers via their profile page.                                                            |
 | import_existing                 | core       | true                                       | Import existing WireGuard interfaces and peers into WireGuard Portal.                                                                   |
 | restore_state                   | core       | true                                       | Restore the WireGuard interface state after WireGuard Portal has started.                                                               |
--- a/config.yml.sample
+++ b/config.yml.sample
@ -4,6 +4,8 @@ advanced:
 core:
  admin_user: test@test.de
  admin_password: secret
+  create_default_peer: true
+  create_default_peer_on_creation: false

 web:
  external_url: http://localhost:8888
--- a/internal/app/repos.go
+++ b/internal/app/repos.go
@ -30,7 +30,7 @@ type WireGuardManager interface {
 	GetImportableInterfaces(ctx context.Context) ([]domain.PhysicalInterface, error)
 	ImportNewInterfaces(ctx context.Context, filter ...domain.InterfaceIdentifier) (int, error)
 	RestoreInterfaceState(ctx context.Context, updateDbOnError bool, filter ...domain.InterfaceIdentifier) error
-	CreateDefaultPeer(ctx context.Context, user *domain.User) error
+	CreateDefaultPeer(ctx context.Context, userId domain.UserIdentifier) error
 	GetInterfaceAndPeers(ctx context.Context, id domain.InterfaceIdentifier) (*domain.Interface, []domain.Peer, error)
 	GetPeerStats(ctx context.Context, id domain.InterfaceIdentifier) ([]domain.PeerStatus, error)
 	GetUserPeerStats(ctx context.Context, id domain.UserIdentifier) ([]domain.PeerStatus, error)
--- a/internal/app/wireguard/wireguard.go
+++ b/internal/app/wireguard/wireguard.go
@ -41,19 +41,47 @@ func (m Manager) StartBackgroundJobs(ctx context.Context) {

 func (m Manager) connectToMessageBus() {
 	_ = m.bus.Subscribe(app.TopicUserCreated, m.handleUserCreationEvent)
+	_ = m.bus.Subscribe(app.TopicAuthLogin, m.handleUserLoginEvent)
 }

 func (m Manager) handleUserCreationEvent(user *domain.User) {
-	logrus.Errorf("handling new user event for %s", user.Identifier)
+	if !m.cfg.Core.CreateDefaultPeerOnCreation {
+		return
+	}
+
+	logrus.Tracef("handling new user event for %s", user.Identifier)

-	if m.cfg.Core.CreateDefaultPeer {
 	ctx := domain.SetUserInfo(context.Background(), domain.SystemAdminContextUserInfo())
-		err := m.CreateDefaultPeer(ctx, user)
+	err := m.CreateDefaultPeer(ctx, user.Identifier)
 	if err != nil {
 		logrus.Errorf("failed to create default peer for %s: %v", user.Identifier, err)
 		return
 	}
 }
+
+func (m Manager) handleUserLoginEvent(userId domain.UserIdentifier) {
+	if !m.cfg.Core.CreateDefaultPeer {
+		return
+	}
+
+	userPeers, err := m.db.GetUserPeers(context.Background(), userId)
+	if err != nil {
+		logrus.Errorf("failed to retrieve existing peers for %s prior to default peer creation: %v", userId, err)
+		return
+	}
+
+	if len(userPeers) > 0 {
+		return // user already has peers, skip creation
+	}
+
+	logrus.Tracef("handling new user login for %s", userId)
+
+	ctx := domain.SetUserInfo(context.Background(), domain.SystemAdminContextUserInfo())
+	err = m.CreateDefaultPeer(ctx, userId)
+	if err != nil {
+		logrus.Errorf("failed to create default peer for %s: %v", userId, err)
+		return
+	}
 }

 func (m Manager) runExpiredPeersCheck(ctx context.Context) {
--- a/internal/app/wireguard/wireguard_peers.go
+++ b/internal/app/wireguard/wireguard_peers.go
@ -11,7 +11,7 @@ import (
 	"time"
 )

-func (m Manager) CreateDefaultPeer(ctx context.Context, user *domain.User) error {
+func (m Manager) CreateDefaultPeer(ctx context.Context, userId domain.UserIdentifier) error {
 	if err := domain.ValidateAdminAccessRights(ctx); err != nil {
 		return err
 	}
@ -32,9 +32,10 @@ func (m Manager) CreateDefaultPeer(ctx context.Context, user *domain.User) error
 			return fmt.Errorf("failed to create default peer for interface %s: %w", iface.Identifier, err)
 		}

-		peer.UserIdentifier = user.Identifier
+		peer.UserIdentifier = userId
 		peer.DisplayName = fmt.Sprintf("Default Peer %s", internal.TruncateString(string(peer.Identifier), 8))
-		peer.Notes = fmt.Sprintf("Default peer created for user %s", user.Identifier)
+		peer.Notes = fmt.Sprintf("Default peer created for user %s", userId)
+		peer.AutomaticallyCreated = true

 		newPeers = append(newPeers, *peer)
 	}
@ -47,7 +48,7 @@ func (m Manager) CreateDefaultPeer(ctx context.Context, user *domain.User) error
 		}
 	}

-	logrus.Infof("created %d default peers for user %s", len(newPeers), user.Identifier)
+	logrus.Infof("created %d default peers for user %s", len(newPeers), userId)

 	return nil
 }
--- a/internal/config/config.go
+++ b/internal/config/config.go
@ -17,6 +17,7 @@ type Config struct {

 		EditableKeys                bool `yaml:"editable_keys"`
 		CreateDefaultPeer           bool `yaml:"create_default_peer"`
+		CreateDefaultPeerOnCreation bool `yaml:"create_default_peer_on_creation"`
 		SelfProvisioningAllowed     bool `yaml:"self_provisioning_allowed"`
 		ImportExisting              bool `yaml:"import_existing"`
 		RestoreState                bool `yaml:"restore_state"`
@ -60,7 +61,7 @@ type Config struct {
 func (c *Config) LogStartupValues() {
 	logrus.Debug("WireGuard Portal Features:")
 	logrus.Debugf("  - EditableKeys: %t", c.Core.EditableKeys)
-	logrus.Debugf("  - CreateDefaultPeer: %t", c.Core.CreateDefaultPeer)
+	logrus.Debugf("  - CreateDefaultPeerOnCreation: %t", c.Core.CreateDefaultPeerOnCreation)
 	logrus.Debugf("  - SelfProvisioningAllowed: %t", c.Core.SelfProvisioningAllowed)
 	logrus.Debugf("  - ImportExisting: %t", c.Core.ImportExisting)
 	logrus.Debugf("  - RestoreState: %t", c.Core.RestoreState)
--- a/internal/domain/peer.go
+++ b/internal/domain/peer.go
@ -48,6 +48,7 @@ type Peer struct {
 	DisabledReason       string              // the reason why the peer has been disabled
 	ExpiresAt            *time.Time          `gorm:"column:expires_at"`         // expiry dates for peers
 	Notes                string              `form:"notes" binding:"omitempty"` // a note field for peers
+	AutomaticallyCreated bool                `gorm:"column:auto_created"`       // specifies if the peer was automatically created

 	// Interface settings for the peer, used to generate the [interface] section in the peer config file
 	Interface PeerInterfaceConfig `gorm:"embedded"`