only set endpoint info for "responder" peers (#516)

2025-10-04 15:36:18 +00:00 · 2025-09-08 23:11:00 +02:00
parent 0c291a4eff
commit facdeb785f
3 changed files with 35 additions and 8 deletions
--- a/internal/adapters/wgcontroller/mikrotik.go
+++ b/internal/adapters/wgcontroller/mikrotik.go
@@ -3,14 +3,13 @@ package wgcontroller
 import (
 	"context"
 	"fmt"
+	"log/slog"
 	"slices"
 	"strconv"
 	"strings"
 	"sync"
 	"time"

-	"log/slog"
-
 	"github.com/h44z/wg-portal/internal/config"
 	"github.com/h44z/wg-portal/internal/domain"
 	"github.com/h44z/wg-portal/internal/lowlevel"
@@ -678,11 +677,15 @@ func (c *MikrotikController) updatePeer(
 	extras := pp.GetExtras().(domain.MikrotikPeerExtras)
 	peerId := extras.Id

-	endpoint := pp.Endpoint
-	endpointPort := "51820" // default port if not set
-	if s := strings.Split(endpoint, ":"); len(s) == 2 {
-		endpoint = s[0]
-		endpointPort = s[1]
+	endpoint := ""           // by default, we have no endpoint (the peer does not initiate a connection)
+	endpointPort := "0"      // by default, we have no endpoint port (the peer does not initiate a connection)
+	if !extras.IsResponder { // if the peer is not only a responder, it needs the endpoint to initiate a connection
+		endpoint = pp.Endpoint
+		endpointPort = "51820" // default port if not set
+		if s := strings.Split(endpoint, ":"); len(s) == 2 {
+			endpoint = s[0]
+			endpointPort = s[1]
+		}
 	}

 	allowedAddressStr := domain.CidrsToString(pp.AllowedIPs)
--- a/internal/app/wireguard/wireguard_interfaces.go
+++ b/internal/app/wireguard/wireguard_interfaces.go
@@ -544,6 +544,30 @@ func (m Manager) saveInterface(ctx context.Context, iface *domain.Interface) (
 		return nil, fmt.Errorf("failed to save interface: %w", err)
 	}

+	// update the interface type of peers in db
+	peers, err := m.db.GetInterfacePeers(ctx, iface.Identifier)
+	if err != nil {
+		return nil, fmt.Errorf("failed to load peers for interface %s: %w", iface.Identifier, err)
+	}
+	for _, peer := range peers {
+		err := m.db.SavePeer(ctx, peer.Identifier, func(_ *domain.Peer) (*domain.Peer, error) {
+			switch iface.Type {
+			case domain.InterfaceTypeAny:
+				peer.Interface.Type = domain.InterfaceTypeAny
+			case domain.InterfaceTypeClient:
+				peer.Interface.Type = domain.InterfaceTypeServer
+			case domain.InterfaceTypeServer:
+				peer.Interface.Type = domain.InterfaceTypeClient
+			}
+
+			return &peer, nil
+		})
+		if err != nil {
+			return nil, fmt.Errorf("failed to update peer %s for interface %s: %w", peer.Identifier,
+				iface.Identifier, err)
+		}
+	}
+
 	if iface.IsDisabled() {
 		physicalInterface, _ := m.wg.GetController(*iface).GetInterface(ctx, iface.Identifier)
 		fwMark := iface.FirewallMark
--- a/internal/domain/peer.go
+++ b/internal/domain/peer.go
@@ -328,7 +328,7 @@ func MergeToPhysicalPeer(pp *PhysicalPeer, p *Peer) {
 			Id:              "",
 			Name:            p.DisplayName,
 			Comment:         p.Notes,
-			IsResponder:     false,
+			IsResponder:     p.Interface.Type == InterfaceTypeClient,
 			Disabled:        p.IsDisabled(),
 			ClientEndpoint:  p.Endpoint.GetValue(),
 			ClientAddress:   CidrsToString(p.Interface.Addresses),