support for raw-wireguard and wg-quick style peer configurations (#441)

use the `hide_login_form` parameter in the `auth` settings to configure this feature

.github/dependabot.yml

@@ -28,3 +28,8 @@ updates:
       patch:
         update-types:
           - patch
+
+  - package-ecosystem: "docker"
+    directory: /
+    schedule:
+      interval: weekly

.github/workflows/pages.yml

@@ -27,7 +27,14 @@ jobs:
         run: pip install mike mkdocs-material[imaging] mkdocs-minify-plugin mkdocs-swagger-ui-tag
 
       - name: Publish documentation
-        run: mike deploy --push --update-aliases ${{ github.ref_name }} latest
+        if: ${{ ! startsWith(github.ref, 'refs/tags/') }}
+        run: mike deploy --push ${{ github.ref_name }}
         env:
           GIT_COMMITTER_NAME: "github-actions[bot]"
           GIT_COMMITTER_EMAIL: "41898282+github-actions[bot]@users.noreply.github.com"
+      - name: Publish latest documentation
+        if: ${{ startsWith(github.ref, 'refs/tags/') }}
+        run: mike deploy --push --update-aliases ${{ github.ref_name }} latest
+        env:
+          GIT_COMMITTER_NAME: "github-actions[bot]"
+          GIT_COMMITTER_EMAIL: "41898282+github-actions[bot]@users.noreply.github.com"

Dockerfile

@@ -50,7 +50,7 @@ COPY --from=builder /build/dist/wg-portal /
 ######
 # Final image
 ######
-FROM alpine:3.19
+FROM alpine:3.22
 # Install OS-level dependencies
 RUN apk add --no-cache bash curl iptables nftables openresolv wireguard-tools
 # Setup timezone

docs/documentation/configuration/overview.md

@@ -38,6 +38,7 @@ advanced:
   rule_prio_offset: 20000
   route_table_offset: 20000
   api_admin_only: true
+  limit_additional_user_peers: 0
 
 database:
   debug: false
@@ -75,6 +76,7 @@ auth:
   webauthn:
     enabled: true
   min_password_length: 16
+  hide_login_form: false
 
 web:
   listening_address: :8888
@@ -215,6 +217,10 @@ Additional or more specialized configuration options for logging and interface c
 - **Default:** `true`
 - **Description:** If `true`, the public REST API is accessible only to admin users. The API docs live at [`/api/v1/doc.html`](../rest-api/api-doc.md).
 
+### `limit_additional_user_peers`
+- **Default:** `0`
+- **Description:** Limit additional peers a normal user can create. `0` means unlimited.
+
 ---
 
 ## Database
@@ -349,6 +355,12 @@ Some core authentication options are shared across all providers, while others a
   The default admin password strength is also enforced by this setting.
 - **Important:** The password should be strong and secure. It is recommended to use a password with at least 16 characters, including uppercase and lowercase letters, numbers, and special characters.
 
+### `hide_login_form`
+- **Default:** `false`
+- **Description:** If `true`, the login form is hidden and only the OIDC, OAuth, LDAP, or WebAuthn providers are shown. This is useful if you want to enforce a specific authentication method.
+  If no social login providers are configured, the login form is always shown, regardless of this setting.
+- **Important:** You can still access the login form by adding the `?all` query parameter to the login URL (e.g. https://wg.portal/#/login?all). 
+
 ---
 
 ### OIDC
@@ -664,7 +676,7 @@ The webhook section allows you to configure a webhook that is called on certain
 A JSON object is sent in a POST request to the webhook URL with the following structure:
 ```json
 {
-  "event": "peer_created",
+  "event": "update",
   "entity": "peer",
   "identifier": "the-peer-identifier",
   "payload": {
@@ -674,6 +686,8 @@ A JSON object is sent in a POST request to the webhook URL with the following st
 }
 ```
 
+Further details can be found in the [usage documentation](../usage/webhooks.md).
+
 ### `url`
 - **Default:** *(empty)*
 - **Description:** The POST endpoint to which the webhook is sent. The URL must be reachable from the WireGuard Portal server. If the URL is empty, the webhook is disabled.

docs/documentation/usage/webhooks.md

@@ -0,0 +1,86 @@
+
+Webhooks allow WireGuard Portal to notify external services about events such as user creation, device changes, or configuration updates. This enables integration with other systems and automation workflows.
+
+When webhooks are configured and a specified event occurs, WireGuard Portal sends an HTTP **POST** request to the configured webhook URL. 
+The payload contains event-specific data in JSON format.
+
+## Configuration
+
+All available configuration options for webhooks can be found in the [configuration overview](../configuration/overview.md#webhook).
+
+A basic webhook configuration looks like this:
+
+```yaml
+webhook:
+  url: https://your-service.example.com/webhook
+```
+
+### Security
+
+Webhooks can be secured by using a shared secret. This secret is included in the `Authorization` header of the webhook request, allowing your service to verify the authenticity of the request.
+You can set the shared secret in the webhook configuration:
+
+```yaml
+webhook:
+  url: https://your-service.example.com/webhook
+  secret: "Basic dXNlcm5hbWU6cGFzc3dvcmQ="
+```
+
+You should also make sure that your webhook endpoint is secured with HTTPS to prevent eavesdropping and tampering.
+
+## Available Events
+
+WireGuard Portal supports various events that can trigger webhooks. The following events are available:
+
+- `create`: Triggered when a new entity is created.
+- `update`: Triggered when an existing entity is updated.
+- `delete`: Triggered when an entity is deleted.
+- `connect`: Triggered when a user connects to the VPN.
+- `disconnect`: Triggered when a user disconnects from the VPN.
+
+The following entity types can trigger webhooks:
+
+- `user`: When a WireGuard Portal user is created, updated, or deleted.
+- `peer`: When a peer is created, updated, or deleted. This entity can also trigger `connect` and `disconnect` events.
+- `interface`: When a device is created, updated, or deleted.
+
+## Payload Structure
+
+All webhook events send a JSON payload containing relevant data. The structure of the payload depends on the event type and entity involved.
+A common shell structure for webhook payloads is as follows:
+
+```json
+{
+  "event": "create",
+  "entity": "user",
+  "identifier": "the-user-identifier",
+  "payload": {
+    // The payload of the event, e.g. peer data.
+    // Check the API documentation for the exact structure.
+  }
+}
+```
+
+
+### Example Payload
+
+The following payload is an example of a webhook event when a peer connects to the VPN:
+
+```json
+{
+  "event": "connect",
+  "entity": "peer",
+  "identifier": "Fb5TaziAs1WrPBjC/MFbWsIelVXvi0hDKZ3YQM9wmU8=",
+  "payload": {
+    "PeerId": "Fb5TaziAs1WrPBjC/MFbWsIelVXvi0hDKZ3YQM9wmU8=",
+    "IsConnected": true,
+    "IsPingable": false,
+    "LastPing": null,
+    "BytesReceived": 1860,
+    "BytesTransmitted": 10824,
+    "LastHandshake": "2025-06-26T23:04:33.325216659+02:00",
+    "Endpoint": "10.55.66.77:33874",
+    "LastSessionStart": "2025-06-26T22:50:40.10221606+02:00"
+  }
+}
+```

frontend/src/components/PeerViewModal.vue

@@ -50,7 +50,7 @@ const selectedStats = computed(() => {
 
   if (!s) {
     if (!!props.peerId || props.peerId.length) {
-      p = profile.Statistics(props.peerId)
+      s = profile.Statistics(props.peerId)
     } else {
       s = freshStats() // dummy stats to avoid 'undefined' exceptions
     }
@@ -79,13 +79,19 @@ const title = computed(() => {
   }
 })
 
+const configStyle = ref("wgquick")
+
 watch(() => props.visible, async (newValue, oldValue) => {
   if (oldValue === false && newValue === true) { // if modal is shown
-    await peers.LoadPeerConfig(selectedPeer.value.Identifier)
+    await peers.LoadPeerConfig(selectedPeer.value.Identifier, configStyle.value)
     configString.value = peers.configuration
   }
-}
+})
-)
+
+watch(() => configStyle.value, async () => {
+  await peers.LoadPeerConfig(selectedPeer.value.Identifier, configStyle.value)
+  configString.value = peers.configuration
+})
 
 function download() {
   // credit: https://www.bitdegree.org/learn/javascript-download
@@ -103,7 +109,7 @@ function download() {
 }
 
 function email() {
-  peers.MailPeerConfig(settings.Setting("MailLinkOnly"), [selectedPeer.value.Identifier]).catch(e => {
+  peers.MailPeerConfig(settings.Setting("MailLinkOnly"), configStyle.value, [selectedPeer.value.Identifier]).catch(e => {
     notify({
       title: "Failed to send mail with peer configuration!",
       text: e.toString(),
@@ -114,7 +120,7 @@ function email() {
 
 function ConfigQrUrl() {
   if (props.peerId.length) {
-    return apiWrapper.url(`/peer/config-qr/${base64_url_encode(props.peerId)}`)
+    return apiWrapper.url(`/peer/config-qr/${base64_url_encode(props.peerId)}?style=${configStyle.value}`)
   }
   return ''
 }
@@ -124,6 +130,15 @@ function ConfigQrUrl() {
 <template>
   <Modal :title="title" :visible="visible" @close="close">
     <template #default>
+      <div class="d-flex justify-content-end align-items-center mb-1">
+        <span class="me-2">{{ $t('modals.peer-view.style-label') }}: </span>
+        <div class="btn-group btn-switch-group" role="group" aria-label="Configuration Style">
+          <input type="radio" class="btn-check" name="configstyle" id="raw" value="raw" autocomplete="off" checked="" v-model="configStyle">
+          <label class="btn btn-outline-primary btn-sm" for="raw">Raw</label>
+          <input type="radio" class="btn-check" name="configstyle" id="wgquick" value="wgquick" autocomplete="off" checked="" v-model="configStyle">
+          <label class="btn btn-outline-primary btn-sm" for="wgquick">WG-Quick</label>
+        </div>
+      </div>
       <div class="accordion" id="peerInformation">
         <div class="accordion-item">
           <h2 class="accordion-header">
@@ -213,6 +228,14 @@ function ConfigQrUrl() {
   </template>
 </Modal></template>
 
-<style>.config-qr-img {
+<style>
+.config-qr-img {
   max-width: 100%;
-}</style>
+}
+
+.btn-switch-group .btn {
+  border-width: 1px;
+  padding: 5px;
+  line-height: 1;
+}
+</style>

frontend/src/lang/translations/de.json

@@ -467,7 +467,8 @@
       "connected-since": "Verbunden seit",
       "endpoint": "Endpunkt",
       "button-download": "Konfiguration herunterladen",
-      "button-email": "Konfiguration per E-Mail senden"
+      "button-email": "Konfiguration per E-Mail senden",
+      "style-label": "Konfigurationsformat"
     },
     "peer-edit": {
       "headline-edit-peer": "Peer bearbeiten:",

frontend/src/lang/translations/en.json

@@ -468,7 +468,8 @@
       "connected-since": "Connected since",
       "endpoint": "Endpoint",
       "button-download": "Download configuration",
-      "button-email": "Send configuration via E-Mail"
+      "button-email": "Send configuration via E-Mail",
+      "style-label": "Configuration Style"
     },
     "peer-edit": {
       "headline-edit-peer": "Edit peer:",

frontend/src/stores/peers.js

@@ -142,8 +142,8 @@ export const peerStore = defineStore('peers', {
           })
         })
     },
-    async MailPeerConfig(linkOnly, ids) {
+    async MailPeerConfig(linkOnly, style, ids) {
-      return apiWrapper.post(`${baseUrl}/config-mail`, {
+      return apiWrapper.post(`${baseUrl}/config-mail?style=${style}`, {
           Identifiers: ids,
           LinkOnly: linkOnly
         })
@@ -158,8 +158,8 @@ export const peerStore = defineStore('peers', {
           throw new Error(error)
         })
     },
-    async LoadPeerConfig(id) {
+    async LoadPeerConfig(id, style) {
-      return apiWrapper.get(`${baseUrl}/config/${base64_url_encode(id)}`)
+      return apiWrapper.get(`${baseUrl}/config/${base64_url_encode(id)}?style=${style}`)
         .then(this.setPeerConfig)
         .catch(error => {
           this.configuration = ""

frontend/src/views/LoginView.vue

@@ -16,7 +16,10 @@ const password = ref("")
 const usernameInvalid = computed(() => username.value === "")
 const passwordInvalid = computed(() => password.value === "")
 const disableLoginBtn = computed(() => username.value === "" || password.value === "" || loggingIn.value)
-
+const showLoginForm = computed(() => {
+  console.log(router.currentRoute.value.query)
+  return settings.Setting('LoginFormVisible') || router.currentRoute.value.query.hasOwnProperty('all');
+});
 
 onMounted(async () => {
   await settings.LoadSettings()
@@ -98,7 +101,7 @@ const externalLogin = function (provider) {
         </div></div>
         <div class="card-body">
           <form method="post">
-            <fieldset>
+            <fieldset v-if="showLoginForm">
               <div class="form-group">
                 <label class="form-label" for="inputUsername">{{ $t('login.username.label') }}</label>
                 <div class="input-group mb-3">
@@ -118,19 +121,40 @@ const externalLogin = function (provider) {
               </div>
 
               <div class="row mt-5 mb-2">
-                <div class="col-lg-4">
+                <div class="col-sm-4 col-xs-12">
-                  <button :disabled="disableLoginBtn" class="btn btn-primary" type="submit" @click.prevent="login">
+                  <button :disabled="disableLoginBtn" class="btn btn-primary mb-2" type="submit" @click.prevent="login">
                     {{ $t('login.button') }} <div v-if="loggingIn" class="d-inline"><i class="ms-2 fa-solid fa-circle-notch fa-spin"></i></div>
                   </button>
                 </div>
-                <div class="col-lg-8 mb-2 text-end">
+                <div class="col-sm-8 col-xs-12 text-sm-end">
                   <button v-if="settings.Setting('WebAuthnEnabled')" class="btn btn-primary" type="submit" @click.prevent="loginWebAuthn">
                     {{ $t('login.button-webauthn') }} <div v-if="loggingIn" class="d-inline"><i class="ms-2 fa-solid fa-circle-notch fa-spin"></i></div>
                   </button>
                 </div>
               </div>
 
-              <div class="row mt-5 d-flex">
+              <div class="row mt-4 d-flex">
+                <div class="col-lg-12 d-flex mb-2">
+                  <!-- OpenIdConnect / OAUTH providers -->
+                  <button v-for="(provider, idx) in auth.LoginProviders" :key="provider.Identifier" :class="{'ms-1':idx > 0}"
+                          :disabled="loggingIn" :title="provider.Name" class="btn btn-outline-primary flex-fill"
+                          v-html="provider.Name" @click.prevent="externalLogin(provider)"></button>
+                </div>
+              </div>
+
+              <div class="mt-3">
+              </div>
+            </fieldset>
+            <fieldset v-else>
+              <div class="row mt-1 mb-2" v-if="settings.Setting('WebAuthnEnabled')">
+                <div class="col-lg-12 d-flex mb-2">
+                  <button class="btn btn-outline-primary flex-fill" type="submit" @click.prevent="loginWebAuthn">
+                    {{ $t('login.button-webauthn') }} <div v-if="loggingIn" class="d-inline"><i class="ms-2 fa-solid fa-circle-notch fa-spin"></i></div>
+                  </button>
+                </div>
+              </div>
+
+              <div class="row mt-1 d-flex">
                 <div class="col-lg-12 d-flex mb-2">
                   <!-- OpenIdConnect / OAUTH providers -->
                   <button v-for="(provider, idx) in auth.LoginProviders" :key="provider.Identifier" :class="{'ms-1':idx > 0}"
@@ -144,7 +168,6 @@ const externalLogin = function (provider) {
             </fieldset>
           </form>
 
-
         </div>
       </div>
     </div>

go.mod

@@ -10,26 +10,26 @@ require (
 	github.com/go-ldap/ldap/v3 v3.4.11
 	github.com/go-pkgz/routegroup v1.4.1
 	github.com/go-playground/validator/v10 v10.26.0
-	github.com/go-webauthn/webauthn v0.12.3
+	github.com/go-webauthn/webauthn v0.13.0
 	github.com/google/uuid v1.6.0
 	github.com/prometheus-community/pro-bing v0.7.0
 	github.com/prometheus/client_golang v1.22.0
 	github.com/stretchr/testify v1.10.0
 	github.com/swaggo/swag v1.16.4
 	github.com/vardius/message-bus v1.1.5
-	github.com/vishvananda/netlink v1.3.0
+	github.com/vishvananda/netlink v1.3.1
 	github.com/xhit/go-simple-mail/v2 v2.16.0
 	github.com/yeqown/go-qrcode/v2 v2.2.5
 	github.com/yeqown/go-qrcode/writer/compressed v1.0.1
-	golang.org/x/crypto v0.37.0
+	golang.org/x/crypto v0.39.0
 	golang.org/x/oauth2 v0.30.0
 	golang.org/x/sys v0.33.0
 	golang.zx2c4.com/wireguard/wgctrl v0.0.0-20241231184526-a9ab2273dd10
 	gopkg.in/yaml.v3 v3.0.1
-	gorm.io/driver/mysql v1.5.7
+	gorm.io/driver/mysql v1.6.0
-	gorm.io/driver/postgres v1.5.11
+	gorm.io/driver/postgres v1.6.0
-	gorm.io/driver/sqlserver v1.5.4
+	gorm.io/driver/sqlserver v1.6.0
-	gorm.io/gorm v1.25.12
+	gorm.io/gorm v1.30.0
 )
 
 require (
@@ -53,12 +53,12 @@ require (
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-sql-driver/mysql v1.9.2 // indirect
 	github.com/go-test/deep v1.1.1 // indirect
-	github.com/go-webauthn/x v0.1.20 // indirect
+	github.com/go-webauthn/x v0.1.21 // indirect
 	github.com/golang-jwt/jwt/v5 v5.2.2 // indirect
 	github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9 // indirect
 	github.com/golang-sql/sqlexp v0.1.0 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
-	github.com/google/go-tpm v0.9.3 // indirect
+	github.com/google/go-tpm v0.9.5 // indirect
 	github.com/jackc/pgpassfile v1.0.0 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
 	github.com/jackc/pgx/v5 v5.7.4 // indirect
@@ -87,10 +87,10 @@ require (
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/yeqown/reedsolomon v1.0.0 // indirect
 	golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0 // indirect
-	golang.org/x/net v0.39.0 // indirect
+	golang.org/x/net v0.40.0 // indirect
-	golang.org/x/sync v0.13.0 // indirect
+	golang.org/x/sync v0.15.0 // indirect
-	golang.org/x/text v0.24.0 // indirect
+	golang.org/x/text v0.26.0 // indirect
-	golang.org/x/tools v0.32.0 // indirect
+	golang.org/x/tools v0.33.0 // indirect
 	golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173 // indirect
 	google.golang.org/protobuf v1.36.6 // indirect
 	modernc.org/libc v1.63.0 // indirect

go.sum

@@ -1,16 +1,13 @@
 filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
 filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.0/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.0.0/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.1/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.2/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1/go.mod h1:RKUqNu35KJYcVG/fqTRqmuXJZYNhYkBrnC/hX7yGbTA=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 h1:E+OJmp2tPvt1W+amx48v1eqbjDYsgN+RzP4q16yV5eM=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1/go.mod h1:uE9zaUfEQT/nbQjVi2IblCG9iaLtZsuYZ8ne+PuQ02M=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0/go.mod h1:bhXu1AjYL+wutSL/kpSq6s7733q2Rb0yuot9Zgfqa/0=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1/go.mod h1:h8hyGFDsU5HMivxiS2iYFZsgDbU9OnnJ163x5UGVKYo=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 h1:U2rTu3Ef+7w9FHKIAXM6ZyqF3UOWJZ12zIm8zECAFfg=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 h1:jBQA3cKT4L2rWMpgE7Yt3Hwh2aUj8KXjIGLxjHeYNNo=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0/go.mod h1:4OG6tQ9EOP/MT0NMjDlRzWoVFxfu9rN9B2X+tlSVktg=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1 h1:MyVTgWR8qd/Jw1Le0NZebGBUCLbtak3bJ3z1OlqZBpw=
@@ -19,8 +16,7 @@ github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 h1:D3occ
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0/go.mod h1:bTSOgj05NGRuHHhQwAdPnYr9TOdNmKlZTgGLL6nyAdI=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
+github.com/AzureAD/microsoft-authentication-library-for-go v0.5.1/go.mod h1:Vt9sXTKwMyGcOxSmLDMnGPgqsUg7m8pe215qMLrDXw4=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU=
 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
 github.com/KyleBanks/depth v1.2.1 h1:5h8fQADFrWtarTdtDudMmGsC7GPbOAu6RVB3ffsVFHc=
@@ -76,32 +72,34 @@ github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJn
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
 github.com/go-playground/validator/v10 v10.26.0 h1:SP05Nqhjcvz81uJaRfEV0YBSSSGMc/iMaVtFbr3Sw2k=
 github.com/go-playground/validator/v10 v10.26.0/go.mod h1:I5QpIEbmr8On7W0TktmJAumgzX4CA1XNl4ZmDuVHKKo=
-github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
 github.com/go-sql-driver/mysql v1.9.2 h1:4cNKDYQ1I84SXslGddlsrMhc8k4LeDVj6Ad6WRjiHuU=
 github.com/go-sql-driver/mysql v1.9.2/go.mod h1:qn46aNg1333BRMNU69Lq93t8du/dwxI64Gl8i5p1WMU=
 github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U=
 github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
-github.com/go-webauthn/webauthn v0.12.3 h1:hHQl1xkUuabUU9uS+ISNCMLs9z50p9mDUZI/FmkayNE=
+github.com/go-webauthn/webauthn v0.13.0 h1:cJIL1/1l+22UekVhipziAaSgESJxokYkowUqAIsWs0Y=
-github.com/go-webauthn/webauthn v0.12.3/go.mod h1:4JRe8Z3W7HIw8NGEWn2fnUwecoDzkkeach/NnvhkqGY=
+github.com/go-webauthn/webauthn v0.13.0/go.mod h1:Oy9o2o79dbLKRPZWWgRIOdtBGAhKnDIaBp2PFkICRHs=
-github.com/go-webauthn/x v0.1.20 h1:brEBDqfiPtNNCdS/peu8gARtq8fIPsHz0VzpPjGvgiw=
+github.com/go-webauthn/x v0.1.21 h1:nFbckQxudvHEJn2uy1VEi713MeSpApoAv9eRqsb9AdQ=
-github.com/go-webauthn/x v0.1.20/go.mod h1:n/gAc8ssZJGATM0qThE+W+vfgXiMedsWi3wf/C4lld0=
+github.com/go-webauthn/x v0.1.21/go.mod h1:sEYohtg1zL4An1TXIUIQ5csdmoO+WO0R4R2pGKaHYKA=
-github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
+github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
-github.com/golang-jwt/jwt/v5 v5.2.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
+github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
+github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/golang-jwt/jwt/v5 v5.2.2 h1:Rl4B7itRWVtYIHFrSNd7vhTiz9UpLdi6gZhZ3wEeDy8=
 github.com/golang-jwt/jwt/v5 v5.2.2/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
+github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
 github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9 h1:au07oEsX2xN0ktxqI+Sida1w446QrXBRJ0nee3SNZlA=
 github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
 github.com/golang-sql/sqlexp v0.1.0 h1:ZCD6MBpcuOVfGVqsEmY5/4FtYiKz6tSyUv9LPEDei6A=
 github.com/golang-sql/sqlexp v0.1.0/go.mod h1:J4ad9Vo8ZCWQ2GMrC4UCQy1JpCbwU9m3EOqtpKwwwHI=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
-github.com/google/go-tpm v0.9.3 h1:+yx0/anQuGzi+ssRqeD6WpXjW2L/V0dItUayO0i9sRc=
+github.com/google/go-tpm v0.9.5 h1:ocUmnDebX54dnW+MQWGQRbdaAcJELsa6PqZhJ48KwVU=
-github.com/google/go-tpm v0.9.3/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u6bVUY=
+github.com/google/go-tpm v0.9.5/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u6bVUY=
 github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e h1:ijClszYn+mADRFY17kjQEVQ1XRhq2/JR1M3sGqeJoxs=
 github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA=
+github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
@@ -121,10 +119,12 @@ github.com/jcmturner/aescts/v2 v2.0.0 h1:9YKLH6ey7H4eDBXW8khjYslgyqG2xZikXP0EQFK
 github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs=
 github.com/jcmturner/dnsutils/v2 v2.0.0 h1:lltnkeZGL0wILNvrNiVCR6Ro5PGU/SeBvVO/8c/iPbo=
 github.com/jcmturner/dnsutils/v2 v2.0.0/go.mod h1:b0TnjGOvI/n42bZa+hmXL+kFJZsFT7G4t3HTlQ184QM=
+github.com/jcmturner/gofork v1.0.0/go.mod h1:MK8+TM0La+2rjBD4jE12Kj1pCCxK7d2LK/UM3ncEo0o=
 github.com/jcmturner/gofork v1.7.6 h1:QH0l3hzAU1tfT3rZCnW5zXl+orbkNMMRGJfdJjHVETg=
 github.com/jcmturner/gofork v1.7.6/go.mod h1:1622LH6i/EZqLloHfE7IeZ0uEJwMSUyQ/nDd82IeqRo=
 github.com/jcmturner/goidentity/v6 v6.0.1 h1:VKnZd2oEIMorCTsFBnJWbExfNN7yZr3EhJAxwOkZg6o=
 github.com/jcmturner/goidentity/v6 v6.0.1/go.mod h1:X1YW3bgtvwAXju7V3LCIMpY0Gbxyjn/mY9zx4tFonSg=
+github.com/jcmturner/gokrb5/v8 v8.4.2/go.mod h1:sb+Xq/fTY5yktf/VxLsE3wlfPqQjp0aWNYyvBVK62bc=
 github.com/jcmturner/gokrb5/v8 v8.4.4 h1:x1Sv4HaTpepFkXbt2IkL29DXRf8sOfZXo8eRKh687T8=
 github.com/jcmturner/gokrb5/v8 v8.4.4/go.mod h1:1btQEpgT6k+unzCwX1KdWMEwPPkkgBtP+F6aCACiMrs=
 github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZY=
@@ -157,7 +157,7 @@ github.com/mdlayher/netlink v1.7.2 h1:/UtM3ofJap7Vl4QWCPDGXY8d3GIY2UGSDbK+QWmY8/
 github.com/mdlayher/netlink v1.7.2/go.mod h1:xraEF7uJbxLhc5fpHL4cPe221LI2bdttWlU+ZGLfQSw=
 github.com/mdlayher/socket v0.5.1 h1:VZaqt6RkGkt2OE9l3GcC6nZkqD3xKeQLyfleW/uBcos=
 github.com/mdlayher/socket v0.5.1/go.mod h1:TjPLHI1UgwEv5J1B5q0zTZq12A/6H7nKmtTanQE37IQ=
-github.com/microsoft/go-mssqldb v1.7.2/go.mod h1:kOvZKUdrhhFQmxLZqbwUV0rHkNkZpthMITIb2Ko1IoA=
+github.com/microsoft/go-mssqldb v0.19.0/go.mod h1:ukJCBnnzLzpVF0qYRT+eg1e+eSwjeQ7IvenUv8QPook=
 github.com/microsoft/go-mssqldb v1.8.0 h1:7cyZ/AT7ycDsEoWPIXibd+aVKFtteUNhDGf3aobP+tw=
 github.com/microsoft/go-mssqldb v1.8.0/go.mod h1:6znkekS3T2vp0waiMhen4GPU1BiAsrP+iXHcE7a7rFo=
 github.com/mikioh/ipaddr v0.0.0-20190404000644-d465c8ab6721 h1:RlZweED6sbSArvlE924+mUcZuXKLBHA35U7LN621Bws=
@@ -165,11 +165,12 @@ github.com/mikioh/ipaddr v0.0.0-20190404000644-d465c8ab6721/go.mod h1:Ickgr2WtCL
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/modocache/gover v0.0.0-20171022184752-b58185e213c5/go.mod h1:caMODM3PzxT8aQXRPkAt8xlV/e7d7w8GM5g0fa5F0D8=
-github.com/montanaflynn/stats v0.7.0/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow=
+github.com/montanaflynn/stats v0.6.6/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdhx/f4=
 github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
+github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4/go.mod h1:N6UoU20jOqggOuDwUaBQpluzLNDqif3kq9z2wpdYEfQ=
 github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU=
@@ -190,15 +191,10 @@ github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qq
 github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
 github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/swaggo/swag v1.16.4 h1:clWJtd9LStiG3VeijiCfOVODP6VpHtKdQy9ELFG3s1A=
@@ -208,9 +204,8 @@ github.com/toorop/go-dkim v0.0.0-20250226130143-9025cce95817 h1:q0hKh5a5FRkhuTb5
 github.com/toorop/go-dkim v0.0.0-20250226130143-9025cce95817/go.mod h1:BzWtXXrXzZUvMacR0oF/fbDDgUPO8L36tDMmRAf14ns=
 github.com/vardius/message-bus v1.1.5 h1:YSAC2WB4HRlwc4neFPTmT88kzzoiQ+9WRRbej/E/LZc=
 github.com/vardius/message-bus v1.1.5/go.mod h1:6xladCV2lMkUAE4bzzS85qKOiB5miV7aBVRafiTJGqw=
-github.com/vishvananda/netlink v1.3.0 h1:X7l42GfcV4S6E4vHTsw48qbrV+9PVojNfIhZcwQdrZk=
+github.com/vishvananda/netlink v1.3.1 h1:3AEMt62VKqz90r0tmNhog0r/PpWKmrEShJU0wJW6bV0=
-github.com/vishvananda/netlink v1.3.0/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs=
+github.com/vishvananda/netlink v1.3.1/go.mod h1:ARtKouGSTGchR8aMwmkzC0qiNPrrWO5JS/XMVl45+b4=
-github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
 github.com/vishvananda/netns v0.0.5 h1:DfiHV+j8bA32MFM7bfEunvT8IAqQ/NzSJHtcmW5zdEY=
 github.com/vishvananda/netns v0.0.5/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
@@ -225,90 +220,101 @@ github.com/yeqown/reedsolomon v1.0.0 h1:x1h/Ej/uJnNu8jaX7GLHBWmZKCAWjEJTetkqaabr
 github.com/yeqown/reedsolomon v1.0.0/go.mod h1:P76zpcn2TCuL0ul1Fso373qHRc69LKwAw/Iy6g1WiiM=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
+golang.org/x/crypto v0.0.0-20220511200225-c6db032c6c88/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
+golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
+golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
-golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
-golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
-golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM=
-golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
+golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U=
-golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
-golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc=
 golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0 h1:R84qjqJb5nVJMxqWYb3np9L5ZsaDtB+a39EqjV0JSUM=
 golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0/go.mod h1:S9Xr4PYopiDyqSyp5NjCrhFrqg6A5zA2E/iPHPhqnS8=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU=
+golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
+golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.25.0 h1:n7a+ZbQKQA/Ysbyb0/6IbB1H/X41mKgbhfv7AfG/44w=
+golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
-golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
+golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
-golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
-golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
-golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
+golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY=
-golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
+golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds=
-golang.org/x/net v0.39.0 h1:ZCu7HMWDxpXpaiKdhzIfaltL9Lp31x/3fCP11bc6/fY=
-golang.org/x/net v0.39.0/go.mod h1:X7NRbYVEA+ewNkCNyJ513WmMdQ3BineSwVtN2zD/d+E=
 golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI=
 golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.13.0 h1:AauUjRAJ9OSnvULf/ARrrVywoJDy0YS2AwQ98I37610=
+golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
-golang.org/x/sync v0.13.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8=
+golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220224120231-95c6836cb0e7/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
 golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
-golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o=
+golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
-golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
-golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
+golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
-golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
-golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
-golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0=
+golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU=
+golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4=
+golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M=
+golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.32.0 h1:Q7N1vhpkQv7ybVzLFtTjvQya2ewbwNDZzUgfXGqtMWU=
+golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
-golang.org/x/tools v0.32.0/go.mod h1:ZxrU41P/wAbZD8EDa6dDCa6XfpkhJ7HFMjHJXfBDu8s=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
+golang.org/x/tools v0.33.0 h1:4qz2S3zmRxbGIhDIAgjxvFutSvH5EfnsYrRBj0UI0bc=
+golang.org/x/tools v0.33.0/go.mod h1:CIJMaWEY88juyUfo7UbgPqbC8rU2OqfAV1h2Qp0oMYI=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173 h1:/jFs0duh4rdb8uIfPMv78iAJGcPKDeqAFnaLBropIC4=
 golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173/go.mod h1:tkCQ4FQXmpAgYVh++1cq16/dH4QJtmvpRv19DWGAHSA=
@@ -319,23 +325,23 @@ google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce/go.mod h1:5AcXVHNjg+BDxry382+8OKon8SEWiKktQR07RKPsv1c=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gorm.io/driver/mysql v1.5.7 h1:MndhOPYOfEp2rHKgkZIhJ16eVUIRf2HmzgoPmh7FCWo=
+gorm.io/driver/mysql v1.6.0 h1:eNbLmNTpPpTOVZi8MMxCi2aaIm0ZpInbORNXDwyLGvg=
-gorm.io/driver/mysql v1.5.7/go.mod h1:sEtPWMiqiN1N1cMXoXmBbd8C6/l+TESwriotuRRpkDM=
+gorm.io/driver/mysql v1.6.0/go.mod h1:D/oCC2GWK3M/dqoLxnOlaNKmXz8WNTfcS9y5ovaSqKo=
-gorm.io/driver/postgres v1.5.11 h1:ubBVAfbKEUld/twyKZ0IYn9rSQh448EdelLYk9Mv314=
+gorm.io/driver/postgres v1.6.0 h1:2dxzU8xJ+ivvqTRph34QX+WrRaJlmfyPqXmoGVjMBa4=
-gorm.io/driver/postgres v1.5.11/go.mod h1:DX3GReXH+3FPWGrrgffdvCk3DQ1dwDPdmbenSkweRGI=
+gorm.io/driver/postgres v1.6.0/go.mod h1:vUw0mrGgrTK+uPHEhAdV4sfFELrByKVGnaVRkXDhtWo=
-gorm.io/driver/sqlserver v1.5.4 h1:xA+Y1KDNspv79q43bPyjDMUgHoYHLhXYmdFcYPobg8g=
+gorm.io/driver/sqlserver v1.6.0 h1:VZOBQVsVhkHU/NzNhRJKoANt5pZGQAS1Bwc6m6dgfnc=
-gorm.io/driver/sqlserver v1.5.4/go.mod h1:+frZ/qYmuna11zHPlh5oc2O6ZA/lS88Keb0XSH1Zh/g=
+gorm.io/driver/sqlserver v1.6.0/go.mod h1:WQzt4IJo/WHKnckU9jXBLMJIVNMVeTu25dnOzehntWw=
-gorm.io/gorm v1.25.7-0.20240204074919-46816ad31dde/go.mod h1:hbnx/Oo0ChWMn1BIhpy1oYozzpM15i4YPuHDmfYtwg8=
+gorm.io/gorm v1.30.0 h1:qbT5aPv1UH8gI99OsRlvDToLxW5zR7FzS9acZDOZcgs=
-gorm.io/gorm v1.25.7/go.mod h1:hbnx/Oo0ChWMn1BIhpy1oYozzpM15i4YPuHDmfYtwg8=
+gorm.io/gorm v1.30.0/go.mod h1:8Z33v652h4//uMA76KjeDH8mJXPm1QNCYrMeatR0DOE=
-gorm.io/gorm v1.25.12 h1:I0u8i2hWQItBq1WfE0o2+WuL9+8L21K9e2HHSTE/0f8=
-gorm.io/gorm v1.25.12/go.mod h1:xh7N7RHfYlNc5EmcI/El95gXusucDrQnHXe0+CgWcLQ=
 modernc.org/cc/v4 v4.26.0 h1:QMYvbVduUGH0rrO+5mqF/PSPPRZNpRtg2CLELy7vUpA=
 modernc.org/cc/v4 v4.26.0/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0=
 modernc.org/ccgo/v4 v4.26.0 h1:gVzXaDzGeBYJ2uXTOpR8FR7OlksDOe9jxnjhIKCsiTc=

internal/adapters/metrics.go

@@ -133,5 +133,5 @@ func (m *MetricsServer) UpdatePeerMetrics(peer *domain.Peer, status domain.PeerS
 	}
 	m.peerReceivedBytesTotal.WithLabelValues(labels...).Set(float64(status.BytesReceived))
 	m.peerSendBytesTotal.WithLabelValues(labels...).Set(float64(status.BytesTransmitted))
-	m.peerIsConnected.WithLabelValues(labels...).Set(internal.BoolToFloat64(status.IsConnected()))
+	m.peerIsConnected.WithLabelValues(labels...).Set(internal.BoolToFloat64(status.IsConnected))
 }

internal/app/api/core/assets/doc/v0_swagger.json

@@ -57,6 +57,52 @@
                 }
             }
         },
+        "/auth/login/{provider}/callback": {
+            "get": {
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Authentication"
+                ],
+                "summary": "Handle the OAuth callback.",
+                "operationId": "auth_handleOauthCallbackGet",
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "type": "array",
+                            "items": {
+                                "$ref": "#/definitions/model.LoginProviderInfo"
+                            }
+                        }
+                    }
+                }
+            }
+        },
+        "/auth/login/{provider}/init": {
+            "get": {
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Authentication"
+                ],
+                "summary": "Initiate the OAuth login flow.",
+                "operationId": "auth_handleOauthInitiateGet",
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "type": "array",
+                            "items": {
+                                "$ref": "#/definitions/model.LoginProviderInfo"
+                            }
+                        }
+                    }
+                }
+            }
+        },
         "/auth/logout": {
             "post": {
                 "produces": [
@@ -275,52 +321,6 @@
                 }
             }
         },
-        "/auth/{provider}/callback": {
-            "get": {
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "Authentication"
-                ],
-                "summary": "Handle the OAuth callback.",
-                "operationId": "auth_handleOauthCallbackGet",
-                "responses": {
-                    "200": {
-                        "description": "OK",
-                        "schema": {
-                            "type": "array",
-                            "items": {
-                                "$ref": "#/definitions/model.LoginProviderInfo"
-                            }
-                        }
-                    }
-                }
-            }
-        },
-        "/auth/{provider}/init": {
-            "get": {
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "Authentication"
-                ],
-                "summary": "Initiate the OAuth login flow.",
-                "operationId": "auth_handleOauthInitiateGet",
-                "responses": {
-                    "200": {
-                        "description": "OK",
-                        "schema": {
-                            "type": "array",
-                            "items": {
-                                "$ref": "#/definitions/model.LoginProviderInfo"
-                            }
-                        }
-                    }
-                }
-            }
-        },
         "/config/frontend.js": {
             "get": {
                 "produces": [
@@ -819,6 +819,12 @@
                         "schema": {
                             "$ref": "#/definitions/model.PeerMailRequest"
                         }
+                    },
+                    {
+                        "type": "string",
+                        "description": "The configuration style",
+                        "name": "style",
+                        "in": "query"
                     }
                 ],
                 "responses": {
@@ -858,6 +864,12 @@
                         "name": "id",
                         "in": "path",
                         "required": true
+                    },
+                    {
+                        "type": "string",
+                        "description": "The configuration style",
+                        "name": "style",
+                        "in": "query"
                     }
                 ],
                 "responses": {
@@ -899,6 +911,12 @@
                         "name": "id",
                         "in": "path",
                         "required": true
+                    },
+                    {
+                        "type": "string",
+                        "description": "The configuration style",
+                        "name": "style",
+                        "in": "query"
                     }
                 ],
                 "responses": {
@@ -2231,9 +2249,15 @@
                 "ApiAdminOnly": {
                     "type": "boolean"
                 },
+                "LoginFormVisible": {
+                    "type": "boolean"
+                },
                 "MailLinkOnly": {
                     "type": "boolean"
                 },
+                "MinPasswordLength": {
+                    "type": "integer"
+                },
                 "PersistentConfigSupported": {
                     "type": "boolean"
                 },

internal/app/api/core/assets/doc/v0_swagger.yaml

@@ -381,8 +381,12 @@ definitions:
     properties:
       ApiAdminOnly:
         type: boolean
+      LoginFormVisible:
+        type: boolean
       MailLinkOnly:
         type: boolean
+      MinPasswordLength:
+        type: integer
       PersistentConfigSupported:
         type: boolean
       SelfProvisioning:
@@ -472,7 +476,22 @@ paths:
       summary: Get all available audit entries. Ordered by timestamp.
       tags:
       - Audit
-  /auth/{provider}/callback:
+  /auth/login:
+    post:
+      operationId: auth_handleLoginPost
+      produces:
+      - application/json
+      responses:
+        "200":
+          description: OK
+          schema:
+            items:
+              $ref: '#/definitions/model.LoginProviderInfo'
+            type: array
+      summary: Get all available external login providers.
+      tags:
+      - Authentication
+  /auth/login/{provider}/callback:
     get:
       operationId: auth_handleOauthCallbackGet
       produces:
@@ -487,7 +506,7 @@ paths:
       summary: Handle the OAuth callback.
       tags:
       - Authentication
-  /auth/{provider}/init:
+  /auth/login/{provider}/init:
     get:
       operationId: auth_handleOauthInitiateGet
       produces:
@@ -502,21 +521,6 @@ paths:
       summary: Initiate the OAuth login flow.
       tags:
       - Authentication
-  /auth/login:
-    post:
-      operationId: auth_handleLoginPost
-      produces:
-      - application/json
-      responses:
-        "200":
-          description: OK
-          schema:
-            items:
-              $ref: '#/definitions/model.LoginProviderInfo'
-            type: array
-      summary: Get all available external login providers.
-      tags:
-      - Authentication
   /auth/logout:
     post:
       operationId: auth_handleLogoutPost
@@ -1068,6 +1072,10 @@ paths:
         required: true
         schema:
           $ref: '#/definitions/model.PeerMailRequest'
+      - description: The configuration style
+        in: query
+        name: style
+        type: string
       produces:
       - application/json
       responses:
@@ -1093,6 +1101,10 @@ paths:
         name: id
         required: true
         type: string
+      - description: The configuration style
+        in: query
+        name: style
+        type: string
       produces:
       - image/png
       - application/json
@@ -1121,6 +1133,10 @@ paths:
         name: id
         required: true
         type: string
+      - description: The configuration style
+        in: query
+        name: style
+        type: string
       produces:
       - application/json
       responses:

internal/app/api/v0/backend/peer_service.go

@@ -27,12 +27,12 @@ type PeerServicePeerManager interface {
 }
 
 type PeerServiceConfigFileManager interface {
-	GetPeerConfig(ctx context.Context, id domain.PeerIdentifier) (io.Reader, error)
+	GetPeerConfig(ctx context.Context, id domain.PeerIdentifier, style string) (io.Reader, error)
-	GetPeerConfigQrCode(ctx context.Context, id domain.PeerIdentifier) (io.Reader, error)
+	GetPeerConfigQrCode(ctx context.Context, id domain.PeerIdentifier, style string) (io.Reader, error)
 }
 
 type PeerServiceMailManager interface {
-	SendPeerEmail(ctx context.Context, linkOnly bool, peers ...domain.PeerIdentifier) error
+	SendPeerEmail(ctx context.Context, linkOnly bool, style string, peers ...domain.PeerIdentifier) error
 }
 
 // endregion dependencies
@@ -95,16 +95,24 @@ func (p PeerService) DeletePeer(ctx context.Context, id domain.PeerIdentifier) e
 	return p.peers.DeletePeer(ctx, id)
 }
 
-func (p PeerService) GetPeerConfig(ctx context.Context, id domain.PeerIdentifier) (io.Reader, error) {
+func (p PeerService) GetPeerConfig(ctx context.Context, id domain.PeerIdentifier, style string) (io.Reader, error) {
-	return p.configFile.GetPeerConfig(ctx, id)
+	return p.configFile.GetPeerConfig(ctx, id, style)
 }
 
-func (p PeerService) GetPeerConfigQrCode(ctx context.Context, id domain.PeerIdentifier) (io.Reader, error) {
+func (p PeerService) GetPeerConfigQrCode(ctx context.Context, id domain.PeerIdentifier, style string) (
-	return p.configFile.GetPeerConfigQrCode(ctx, id)
+	io.Reader,
+	error,
+) {
+	return p.configFile.GetPeerConfigQrCode(ctx, id, style)
 }
 
-func (p PeerService) SendPeerEmail(ctx context.Context, linkOnly bool, peers ...domain.PeerIdentifier) error {
+func (p PeerService) SendPeerEmail(
-	return p.mailer.SendPeerEmail(ctx, linkOnly, peers...)
+	ctx context.Context,
+	linkOnly bool,
+	style string,
+	peers ...domain.PeerIdentifier,
+) error {
+	return p.mailer.SendPeerEmail(ctx, linkOnly, style, peers...)
 }
 
 func (p PeerService) GetPeerStats(ctx context.Context, id domain.InterfaceIdentifier) ([]domain.PeerStatus, error) {

internal/app/api/v0/handlers/endpoint_authentication.go

@@ -2,6 +2,7 @@ package handlers
 
 import (
 	"context"
+	"log/slog"
 	"net/http"
 	"net/url"
 	"strconv"
@@ -189,7 +190,7 @@ func (e AuthEndpoint) handleSessionInfoGet() http.HandlerFunc {
 // @Summary Initiate the OAuth login flow.
 // @Produce json
 // @Success 200 {object} []model.LoginProviderInfo
-// @Router /auth/{provider}/init [get]
+// @Router /auth/login/{provider}/init [get]
 func (e AuthEndpoint) handleOauthInitiateGet() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		currentSession := e.session.GetData(r.Context())
@@ -234,6 +235,8 @@ func (e AuthEndpoint) handleOauthInitiateGet() http.HandlerFunc {
 
 		authCodeUrl, state, nonce, err := e.authService.OauthLoginStep1(context.Background(), provider)
 		if err != nil {
+			slog.Debug("failed to create oauth auth code URL",
+				"provider", provider, "error", err)
 			if autoRedirect && e.isValidReturnUrl(returnTo) {
 				redirectToReturn()
 			} else {
@@ -268,7 +271,7 @@ func (e AuthEndpoint) handleOauthInitiateGet() http.HandlerFunc {
 // @Summary Handle the OAuth callback.
 // @Produce json
 // @Success 200 {object} []model.LoginProviderInfo
-// @Router /auth/{provider}/callback [get]
+// @Router /auth/login/{provider}/callback [get]
 func (e AuthEndpoint) handleOauthCallbackGet() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		currentSession := e.session.GetData(r.Context())
@@ -306,6 +309,8 @@ func (e AuthEndpoint) handleOauthCallbackGet() http.HandlerFunc {
 		oauthState := request.Query(r, "state")
 
 		if provider != currentSession.OauthProvider {
+			slog.Debug("invalid oauth provider in callback",
+				"expected", currentSession.OauthProvider, "got", provider, "state", oauthState)
 			if returnUrl != nil && e.isValidReturnUrl(returnUrl.String()) {
 				redirectToReturn()
 			} else {
@@ -315,6 +320,8 @@ func (e AuthEndpoint) handleOauthCallbackGet() http.HandlerFunc {
 			return
 		}
 		if oauthState != currentSession.OauthState {
+			slog.Debug("invalid oauth state in callback",
+				"expected", currentSession.OauthState, "got", oauthState, "provider", provider)
 			if returnUrl != nil && e.isValidReturnUrl(returnUrl.String()) {
 				redirectToReturn()
 			} else {
@@ -324,11 +331,13 @@ func (e AuthEndpoint) handleOauthCallbackGet() http.HandlerFunc {
 			return
 		}
 
-		loginCtx, cancel := context.WithTimeout(context.Background(), 1000*time.Second)
+		loginCtx, cancel := context.WithTimeout(context.Background(), 30*time.Second) // avoid long waits
 		user, err := e.authService.OauthLoginStep2(loginCtx, provider, currentSession.OauthNonce,
 			oauthCode)
 		cancel()
 		if err != nil {
+			slog.Debug("failed to process oauth code",
+				"provider", provider, "state", oauthState, "error", err)
 			if returnUrl != nil && e.isValidReturnUrl(returnUrl.String()) {
 				redirectToReturn()
 			} else {

internal/app/api/v0/handlers/endpoint_config.go

@@ -96,10 +96,13 @@ func (e ConfigEndpoint) handleSettingsGet() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		sessionUser := domain.GetUserInfo(r.Context())
 
+		hasSocialLogin := len(e.cfg.Auth.OAuth) > 0 || len(e.cfg.Auth.OpenIDConnect) > 0 || e.cfg.Auth.WebAuthn.Enabled
+
 		// For anonymous users, we return the settings object with minimal information
 		if sessionUser.Id == domain.CtxUnknownUserId || sessionUser.Id == "" {
 			respond.JSON(w, http.StatusOK, model.Settings{
-				WebAuthnEnabled: e.cfg.Auth.WebAuthn.Enabled,
+				WebAuthnEnabled:  e.cfg.Auth.WebAuthn.Enabled,
+				LoginFormVisible: !e.cfg.Auth.HideLoginForm || !hasSocialLogin,
 			})
 		} else {
 			respond.JSON(w, http.StatusOK, model.Settings{
@@ -109,6 +112,7 @@ func (e ConfigEndpoint) handleSettingsGet() http.HandlerFunc {
 				ApiAdminOnly:              e.cfg.Advanced.ApiAdminOnly,
 				WebAuthnEnabled:           e.cfg.Auth.WebAuthn.Enabled,
 				MinPasswordLength:         e.cfg.Auth.MinPasswordLength,
+				LoginFormVisible:          !e.cfg.Auth.HideLoginForm || !hasSocialLogin,
 			})
 		}
 	}

internal/app/api/v0/handlers/endpoint_peers.go

@@ -34,11 +34,11 @@ type PeerService interface {
 	// DeletePeer deletes the peer with the given id.
 	DeletePeer(ctx context.Context, id domain.PeerIdentifier) error
 	// GetPeerConfig returns the peer configuration for the given id.
-	GetPeerConfig(ctx context.Context, id domain.PeerIdentifier) (io.Reader, error)
+	GetPeerConfig(ctx context.Context, id domain.PeerIdentifier, style string) (io.Reader, error)
 	// GetPeerConfigQrCode returns the peer configuration as qr code for the given id.
-	GetPeerConfigQrCode(ctx context.Context, id domain.PeerIdentifier) (io.Reader, error)
+	GetPeerConfigQrCode(ctx context.Context, id domain.PeerIdentifier, style string) (io.Reader, error)
 	// SendPeerEmail sends the peer configuration via email.
-	SendPeerEmail(ctx context.Context, linkOnly bool, peers ...domain.PeerIdentifier) error
+	SendPeerEmail(ctx context.Context, linkOnly bool, style string, peers ...domain.PeerIdentifier) error
 	// GetPeerStats returns the peer stats for the given interface.
 	GetPeerStats(ctx context.Context, id domain.InterfaceIdentifier) ([]domain.PeerStatus, error)
 }
@@ -355,6 +355,7 @@ func (e PeerEndpoint) handleDelete() http.HandlerFunc {
 // @Summary Get peer configuration as string.
 // @Produce json
 // @Param id path string true "The peer identifier"
+// @Param style query string false "The configuration style"
 // @Success 200 {object} string
 // @Failure 400 {object} model.Error
 // @Failure 500 {object} model.Error
@@ -369,7 +370,9 @@ func (e PeerEndpoint) handleConfigGet() http.HandlerFunc {
 			return
 		}
 
-		configTxt, err := e.peerService.GetPeerConfig(r.Context(), domain.PeerIdentifier(id))
+		configStyle := e.getConfigStyle(r)
+
+		configTxt, err := e.peerService.GetPeerConfig(r.Context(), domain.PeerIdentifier(id), configStyle)
 		if err != nil {
 			respond.JSON(w, http.StatusInternalServerError, model.Error{
 				Code: http.StatusInternalServerError, Message: err.Error(),
@@ -397,6 +400,7 @@ func (e PeerEndpoint) handleConfigGet() http.HandlerFunc {
 // @Produce png
 // @Produce json
 // @Param id path string true "The peer identifier"
+// @Param style query string false "The configuration style"
 // @Success 200 {file} binary
 // @Failure 400 {object} model.Error
 // @Failure 500 {object} model.Error
@@ -411,7 +415,9 @@ func (e PeerEndpoint) handleQrCodeGet() http.HandlerFunc {
 			return
 		}
 
-		configQr, err := e.peerService.GetPeerConfigQrCode(r.Context(), domain.PeerIdentifier(id))
+		configStyle := e.getConfigStyle(r)
+
+		configQr, err := e.peerService.GetPeerConfigQrCode(r.Context(), domain.PeerIdentifier(id), configStyle)
 		if err != nil {
 			respond.JSON(w, http.StatusInternalServerError, model.Error{
 				Code: http.StatusInternalServerError, Message: err.Error(),
@@ -438,6 +444,7 @@ func (e PeerEndpoint) handleQrCodeGet() http.HandlerFunc {
 // @Summary Send peer configuration via email.
 // @Produce json
 // @Param request body model.PeerMailRequest true "The peer mail request data"
+// @Param style query string false "The configuration style"
 // @Success 204 "No content if mail sending was successful"
 // @Failure 400 {object} model.Error
 // @Failure 500 {object} model.Error
@@ -460,11 +467,13 @@ func (e PeerEndpoint) handleEmailPost() http.HandlerFunc {
 			return
 		}
 
+		configStyle := e.getConfigStyle(r)
+
 		peerIds := make([]domain.PeerIdentifier, len(req.Identifiers))
 		for i := range req.Identifiers {
 			peerIds[i] = domain.PeerIdentifier(req.Identifiers[i])
 		}
-		if err := e.peerService.SendPeerEmail(r.Context(), req.LinkOnly, peerIds...); err != nil {
+		if err := e.peerService.SendPeerEmail(r.Context(), req.LinkOnly, configStyle, peerIds...); err != nil {
 			respond.JSON(w, http.StatusInternalServerError,
 				model.Error{Code: http.StatusInternalServerError, Message: err.Error()})
 			return
@@ -504,3 +513,11 @@ func (e PeerEndpoint) handleStatsGet() http.HandlerFunc {
 		respond.JSON(w, http.StatusOK, model.NewPeerStats(e.cfg.Statistics.CollectPeerData, stats))
 	}
 }
+
+func (e PeerEndpoint) getConfigStyle(r *http.Request) string {
+	configStyle := request.QueryDefault(r, "style", domain.ConfigStyleWgQuick)
+	if configStyle != domain.ConfigStyleWgQuick && configStyle != domain.ConfigStyleRaw {
+		configStyle = domain.ConfigStyleWgQuick // default to wg-quick style
+	}
+	return configStyle
+}

internal/app/api/v0/model/models.go

@@ -12,4 +12,5 @@ type Settings struct {
 	ApiAdminOnly              bool `json:"ApiAdminOnly"`
 	WebAuthnEnabled           bool `json:"WebAuthnEnabled"`
 	MinPasswordLength         int  `json:"MinPasswordLength"`
+	LoginFormVisible          bool `json:"LoginFormVisible"`
 }

internal/app/api/v0/model/models_peer.go

@@ -198,7 +198,7 @@ func NewPeerStats(enabled bool, src []domain.PeerStatus) *PeerStats {
 
 	for _, srcStat := range src {
 		stats[string(srcStat.PeerId)] = PeerStatData{
-			IsConnected:      srcStat.IsConnected(),
+			IsConnected:      srcStat.IsConnected,
 			IsPingable:       srcStat.IsPingable,
 			LastPing:         srcStat.LastPing,
 			BytesReceived:    srcStat.BytesReceived,

internal/app/api/v1/backend/provisioning_service.go

@@ -23,8 +23,8 @@ type ProvisioningServicePeerManagerRepo interface {
 }
 
 type ProvisioningServiceConfigFileManagerRepo interface {
-	GetPeerConfig(ctx context.Context, id domain.PeerIdentifier) (io.Reader, error)
+	GetPeerConfig(ctx context.Context, id domain.PeerIdentifier, style string) (io.Reader, error)
-	GetPeerConfigQrCode(ctx context.Context, id domain.PeerIdentifier) (io.Reader, error)
+	GetPeerConfigQrCode(ctx context.Context, id domain.PeerIdentifier, style string) (io.Reader, error)
 }
 
 type ProvisioningService struct {
@@ -96,7 +96,7 @@ func (p ProvisioningService) GetPeerConfig(ctx context.Context, peerId domain.Pe
 		return nil, err
 	}
 
-	peerCfgReader, err := p.configFiles.GetPeerConfig(ctx, peer.Identifier)
+	peerCfgReader, err := p.configFiles.GetPeerConfig(ctx, peer.Identifier, domain.ConfigStyleWgQuick)
 	if err != nil {
 		return nil, err
 	}
@@ -119,7 +119,7 @@ func (p ProvisioningService) GetPeerQrPng(ctx context.Context, peerId domain.Pee
 		return nil, err
 	}
 
-	peerCfgQrReader, err := p.configFiles.GetPeerConfigQrCode(ctx, peer.Identifier)
+	peerCfgQrReader, err := p.configFiles.GetPeerConfigQrCode(ctx, peer.Identifier, domain.ConfigStyleWgQuick)
 	if err != nil {
 		return nil, err
 	}

internal/app/configfile/manager.go

@@ -46,7 +46,7 @@ type TemplateRenderer interface {
 	// GetInterfaceConfig returns the configuration file for the given interface.
 	GetInterfaceConfig(iface *domain.Interface, peers []domain.Peer) (io.Reader, error)
 	// GetPeerConfig returns the configuration file for the given peer.
-	GetPeerConfig(peer *domain.Peer) (io.Reader, error)
+	GetPeerConfig(peer *domain.Peer, style string) (io.Reader, error)
 }
 
 type EventBus interface {
@@ -186,7 +186,7 @@ func (m Manager) GetInterfaceConfig(ctx context.Context, id domain.InterfaceIden
 
 // GetPeerConfig returns the configuration file for the given peer.
 // The file is structured in wg-quick format.
-func (m Manager) GetPeerConfig(ctx context.Context, id domain.PeerIdentifier) (io.Reader, error) {
+func (m Manager) GetPeerConfig(ctx context.Context, id domain.PeerIdentifier, style string) (io.Reader, error) {
 	peer, err := m.wg.GetPeer(ctx, id)
 	if err != nil {
 		return nil, fmt.Errorf("failed to fetch peer %s: %w", id, err)
@@ -196,11 +196,11 @@ func (m Manager) GetPeerConfig(ctx context.Context, id domain.PeerIdentifier) (i
 		return nil, err
 	}
 
-	return m.tplHandler.GetPeerConfig(peer)
+	return m.tplHandler.GetPeerConfig(peer, style)
 }
 
 // GetPeerConfigQrCode returns a QR code image containing the configuration for the given peer.
-func (m Manager) GetPeerConfigQrCode(ctx context.Context, id domain.PeerIdentifier) (io.Reader, error) {
+func (m Manager) GetPeerConfigQrCode(ctx context.Context, id domain.PeerIdentifier, style string) (io.Reader, error) {
 	peer, err := m.wg.GetPeer(ctx, id)
 	if err != nil {
 		return nil, fmt.Errorf("failed to fetch peer %s: %w", id, err)
@@ -210,7 +210,7 @@ func (m Manager) GetPeerConfigQrCode(ctx context.Context, id domain.PeerIdentifi
 		return nil, err
 	}
 
-	cfgData, err := m.tplHandler.GetPeerConfig(peer)
+	cfgData, err := m.tplHandler.GetPeerConfig(peer, style)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get peer config for %s: %w", id, err)
 	}

internal/app/configfile/template.go

@@ -55,11 +55,12 @@ func (c TemplateHandler) GetInterfaceConfig(cfg *domain.Interface, peers []domai
 }
 
 // GetPeerConfig returns the rendered configuration file for a WireGuard peer.
-func (c TemplateHandler) GetPeerConfig(peer *domain.Peer) (io.Reader, error) {
+func (c TemplateHandler) GetPeerConfig(peer *domain.Peer, style string) (io.Reader, error) {
 	var tplBuff bytes.Buffer
 
 	err := c.templates.ExecuteTemplate(&tplBuff, "wg_peer.tpl", map[string]any{
-		"Peer": peer,
+		"Style": style,
+		"Peer":  peer,
 		"Portal": map[string]any{
 			"Version": "unknown",
 		},

internal/app/configfile/tpl_files/wg_peer.tpl

@@ -1,6 +1,8 @@
 # AUTOGENERATED FILE - DO NOT EDIT
-# This file uses wg-quick format.
+# This file uses {{ .Style }} format.
+{{- if eq .Style "wgquick"}}
 # See https://man7.org/linux/man-pages/man8/wg-quick.8.html#CONFIGURATION
+{{- end}}
 # Lines starting with the -WGP- tag are used by
 # the WireGuard Portal configuration parser.
 
@@ -21,22 +23,27 @@
 
 # Core settings
 PrivateKey = {{ .Peer.Interface.KeyPair.PrivateKey }}
+{{- if eq .Style "wgquick"}}
 Address = {{ CidrsToString .Peer.Interface.Addresses }}
+{{- end}}
 
 # Misc. settings (optional)
+{{- if eq .Style "wgquick"}}
 {{- if .Peer.Interface.DnsStr.GetValue}}
 DNS = {{ .Peer.Interface.DnsStr.GetValue }} {{- if .Peer.Interface.DnsSearchStr.GetValue}}, {{ .Peer.Interface.DnsSearchStr.GetValue }} {{- end}}
 {{- end}}
 {{- if ne .Peer.Interface.Mtu.GetValue 0}}
 MTU = {{ .Peer.Interface.Mtu.GetValue }}
 {{- end}}
-{{- if ne .Peer.Interface.FirewallMark.GetValue 0}}
-FwMark = {{ .Peer.Interface.FirewallMark.GetValue }}
-{{- end}}
 {{- if ne .Peer.Interface.RoutingTable.GetValue ""}}
 Table = {{ .Peer.Interface.RoutingTable.GetValue }}
 {{- end}}
+{{- end}}
+{{- if ne .Peer.Interface.FirewallMark.GetValue 0}}
+FwMark = {{ .Peer.Interface.FirewallMark.GetValue }}
+{{- end}}
 
+{{- if eq .Style "wgquick"}}
 # Interface hooks (optional)
 {{- if .Peer.Interface.PreUp.GetValue}}
 PreUp = {{ .Peer.Interface.PreUp.GetValue }}
@@ -50,6 +57,7 @@ PreDown = {{ .Peer.Interface.PreDown.GetValue }}
 {{- if .Peer.Interface.PostDown.GetValue}}
 PostDown = {{ .Peer.Interface.PostDown.GetValue }}
 {{- end}}
+{{- end}}
 
 [Peer]
 PublicKey = {{ .Peer.EndpointPublicKey.GetValue }}

internal/app/eventbus.go

@@ -36,6 +36,7 @@ const TopicPeerDeleted = "peer:deleted"
 const TopicPeerUpdated = "peer:updated"
 const TopicPeerInterfaceUpdated = "peer:interface:updated"
 const TopicPeerIdentifierUpdated = "peer:identifier:updated"
+const TopicPeerStateChanged = "peer:state:changed"
 
 // endregion peer-events
 

internal/app/mail/manager.go

@@ -21,9 +21,9 @@ type ConfigFileManager interface {
 	// GetInterfaceConfig returns the configuration for the given interface.
 	GetInterfaceConfig(ctx context.Context, id domain.InterfaceIdentifier) (io.Reader, error)
 	// GetPeerConfig returns the configuration for the given peer.
-	GetPeerConfig(ctx context.Context, id domain.PeerIdentifier) (io.Reader, error)
+	GetPeerConfig(ctx context.Context, id domain.PeerIdentifier, style string) (io.Reader, error)
 	// GetPeerConfigQrCode returns the QR code for the given peer.
-	GetPeerConfigQrCode(ctx context.Context, id domain.PeerIdentifier) (io.Reader, error)
+	GetPeerConfigQrCode(ctx context.Context, id domain.PeerIdentifier, style string) (io.Reader, error)
 }
 
 type UserDatabaseRepo interface {
@@ -71,7 +71,7 @@ func NewMailManager(
 	users UserDatabaseRepo,
 	wg WireguardDatabaseRepo,
 ) (*Manager, error) {
-	tplHandler, err := newTemplateHandler(cfg.Web.ExternalUrl)
+	tplHandler, err := newTemplateHandler(cfg.Web.ExternalUrl, cfg.Web.SiteTitle)
 	if err != nil {
 		return nil, fmt.Errorf("failed to initialize template handler: %w", err)
 	}
@@ -89,7 +89,7 @@ func NewMailManager(
 }
 
 // SendPeerEmail sends an email to the user linked to the given peers.
-func (m Manager) SendPeerEmail(ctx context.Context, linkOnly bool, peers ...domain.PeerIdentifier) error {
+func (m Manager) SendPeerEmail(ctx context.Context, linkOnly bool, style string, peers ...domain.PeerIdentifier) error {
 	for _, peerId := range peers {
 		peer, err := m.wg.GetPeer(ctx, peerId)
 		if err != nil {
@@ -123,7 +123,7 @@ func (m Manager) SendPeerEmail(ctx context.Context, linkOnly bool, peers ...doma
 			continue
 		}
 
-		err = m.sendPeerEmail(ctx, linkOnly, user, peer)
+		err = m.sendPeerEmail(ctx, linkOnly, style, user, peer)
 		if err != nil {
 			return fmt.Errorf("failed to send peer email for %s: %w", peerId, err)
 		}
@@ -132,7 +132,13 @@ func (m Manager) SendPeerEmail(ctx context.Context, linkOnly bool, peers ...doma
 	return nil
 }
 
-func (m Manager) sendPeerEmail(ctx context.Context, linkOnly bool, user *domain.User, peer *domain.Peer) error {
+func (m Manager) sendPeerEmail(
+	ctx context.Context,
+	linkOnly bool,
+	style string,
+	user *domain.User,
+	peer *domain.Peer,
+) error {
 	qrName := "WireGuardQRCode.png"
 	configName := peer.GetConfigFileName()
 
@@ -148,12 +154,12 @@ func (m Manager) sendPeerEmail(ctx context.Context, linkOnly bool, user *domain.
 		}
 
 	} else {
-		peerConfig, err := m.configFiles.GetPeerConfig(ctx, peer.Identifier)
+		peerConfig, err := m.configFiles.GetPeerConfig(ctx, peer.Identifier, style)
 		if err != nil {
 			return fmt.Errorf("failed to fetch peer config for %s: %w", peer.Identifier, err)
 		}
 
-		peerConfigQr, err := m.configFiles.GetPeerConfigQrCode(ctx, peer.Identifier)
+		peerConfigQr, err := m.configFiles.GetPeerConfigQrCode(ctx, peer.Identifier, style)
 		if err != nil {
 			return fmt.Errorf("failed to fetch peer config QR code for %s: %w", peer.Identifier, err)
 		}

internal/app/mail/template.go

@@ -17,11 +17,12 @@ var TemplateFiles embed.FS
 // TemplateHandler is a struct that holds the html and text templates.
 type TemplateHandler struct {
 	portalUrl     string
+	portalName    string
 	htmlTemplates *htmlTemplate.Template
 	textTemplates *template.Template
 }
 
-func newTemplateHandler(portalUrl string) (*TemplateHandler, error) {
+func newTemplateHandler(portalUrl, portalName string) (*TemplateHandler, error) {
 	htmlTemplateCache, err := htmlTemplate.New("Html").ParseFS(TemplateFiles, "tpl_files/*.gohtml")
 	if err != nil {
 		return nil, fmt.Errorf("failed to parse html template files: %w", err)
@@ -34,6 +35,7 @@ func newTemplateHandler(portalUrl string) (*TemplateHandler, error) {
 
 	handler := &TemplateHandler{
 		portalUrl:     portalUrl,
+		portalName:    portalName,
 		htmlTemplates: htmlTemplateCache,
 		textTemplates: txtTemplateCache,
 	}
@@ -81,6 +83,7 @@ func (c TemplateHandler) GetConfigMailWithAttachment(user *domain.User, cfgName,
 		"ConfigFileName": cfgName,
 		"QrcodePngName":  qrName,
 		"PortalUrl":      c.portalUrl,
+		"PortalName":     c.portalName,
 	})
 	if err != nil {
 		return nil, nil, fmt.Errorf("failed to execute template mail_with_attachment.gotpl: %w", err)
@@ -91,6 +94,7 @@ func (c TemplateHandler) GetConfigMailWithAttachment(user *domain.User, cfgName,
 		"ConfigFileName": cfgName,
 		"QrcodePngName":  qrName,
 		"PortalUrl":      c.portalUrl,
+		"PortalName":     c.portalName,
 	})
 	if err != nil {
 		return nil, nil, fmt.Errorf("failed to execute template mail_with_attachment.gohtml: %w", err)

internal/app/mail/tpl_files/mail_with_attachment.gohtml

@@ -19,7 +19,7 @@
     <!--[if !mso]><!-->
     <link href="https://fonts.googleapis.com/css?family=Muli:400,400i,700,700i" rel="stylesheet" />
     <!--<![endif]-->
-    <title>Email Template</title>
+    <title>{{$.PortalName}}</title>
     <!--[if gte mso 9]>
     <style type="text/css" media="all">
         sup { font-size: 100% !important; }
@@ -143,7 +143,7 @@
                                                                     <td align="left">
                                                                         <table border="0" cellspacing="0" cellpadding="0">
                                                                             <tr>
-                                                                                <td class="blue-button text-button" style="background:#000000; color:#c1cddc; font-family:'Muli', Arial,sans-serif; font-size:14px; line-height:18px; padding:12px 30px; text-align:center; border-radius:0px 22px 22px 22px; font-weight:bold;"><a href="https://www.wireguard.com/install" target="_blank" class="link-white" style="color:#ffffff; text-decoration:none;"><span class="link-white" style="color:#ffffff; text-decoration:none;">Download WireGuard VPN Client</span></a></td>
+                                                                                <td class="blue-button text-button" style="background:#000000; color:#ffffff; font-family:'Muli', Arial,sans-serif; font-size:14px; line-height:18px; padding:12px 30px; text-align:center; border-radius:0px 22px 22px 22px; font-weight:bold;"><a href="https://www.wireguard.com/install" target="_blank" class="link-white" style="color:#ffffff; text-decoration:none;"><span class="link-white" style="color:#ffffff; text-decoration:none;">Download WireGuard VPN Client</span></a></td>
                                                                             </tr>
                                                                         </table>
                                                                     </td>
@@ -167,10 +167,10 @@
                                 <td class="p30-15 bbrr" style="padding: 50px 30px; border-radius:0px 0px 26px 26px;" bgcolor="#ffffff">
                                     <table width="100%" border="0" cellspacing="0" cellpadding="0">
                                         <tr>
-                                            <td class="text-footer1 pb10" style="color:#000000; font-family:'Muli', Arial,sans-serif; font-size:16px; line-height:20px; text-align:center; padding-bottom:10px;">This mail was generated using WireGuard Portal.</td>
+                                            <td class="text-footer1 pb10" style="color:#000000; font-family:'Muli', Arial,sans-serif; font-size:16px; line-height:20px; text-align:center; padding-bottom:10px;">This mail was generated by {{$.PortalName}}.</td>
                                         </tr>
                                         <tr>
-                                            <td class="text-footer2" style="color:#000000; font-family:'Muli', Arial,sans-serif; font-size:12px; line-height:26px; text-align:center;"><a href="{{$.PortalUrl}}" target="_blank" rel="noopener noreferrer" class="link" style="color:#000000; text-decoration:none;"><span class="link" style="color:#000000; text-decoration:none;">Visit WireGuard Portal</span></a></td>
+                                            <td class="text-footer2" style="color:#000000; font-family:'Muli', Arial,sans-serif; font-size:12px; line-height:26px; text-align:center;"><a href="{{$.PortalUrl}}" target="_blank" rel="noopener noreferrer" class="link" style="color:#000000; text-decoration:none;"><span class="link" style="color:#000000; text-decoration:none;">Visit {{$.PortalName}}</span></a></td>
                                         </tr>
                                     </table>
                                 </td>

internal/app/mail/tpl_files/mail_with_attachment.gotpl

@@ -20,5 +20,5 @@ You can download and install the WireGuard VPN client from:
 https://www.wireguard.com/install/
 
 
-This mail was generated using WireGuard Portal.
+This mail was generated by {{$.PortalName}}.
 {{$.PortalUrl}}

internal/app/mail/tpl_files/mail_with_link.gohtml

@@ -19,7 +19,7 @@
     <!--[if !mso]><!-->
     <link href="https://fonts.googleapis.com/css?family=Muli:400,400i,700,700i" rel="stylesheet" />
     <!--<![endif]-->
-    <title>Email Template</title>
+    <title>{{$.PortalName}}</title>
     <!--[if gte mso 9]>
     <style type="text/css" media="all">
         sup { font-size: 100% !important; }
@@ -143,7 +143,7 @@
                                                                     <td align="left">
                                                                         <table border="0" cellspacing="0" cellpadding="0">
                                                                             <tr>
-                                                                                <td class="blue-button text-button" style="background:#000000; color:#c1cddc; font-family:'Muli', Arial,sans-serif; font-size:14px; line-height:18px; padding:12px 30px; text-align:center; border-radius:0px 22px 22px 22px; font-weight:bold;"><a href="https://www.wireguard.com/install" target="_blank" class="link-white" style="color:#ffffff; text-decoration:none;"><span class="link-white" style="color:#ffffff; text-decoration:none;">Download WireGuard VPN Client</span></a></td>
+                                                                                <td class="blue-button text-button" style="background:#000000; color:#ffffff; font-family:'Muli', Arial,sans-serif; font-size:14px; line-height:18px; padding:12px 30px; text-align:center; border-radius:0px 22px 22px 22px; font-weight:bold;"><a href="https://www.wireguard.com/install" target="_blank" class="link-white" style="color:#ffffff; text-decoration:none;"><span class="link-white" style="color:#ffffff; text-decoration:none;">Download WireGuard VPN Client</span></a></td>
                                                                             </tr>
                                                                         </table>
                                                                     </td>
@@ -167,10 +167,10 @@
                                 <td class="p30-15 bbrr" style="padding: 50px 30px; border-radius:0px 0px 26px 26px;" bgcolor="#ffffff">
                                     <table width="100%" border="0" cellspacing="0" cellpadding="0">
                                         <tr>
-                                            <td class="text-footer1 pb10" style="color:#000000; font-family:'Muli', Arial,sans-serif; font-size:16px; line-height:20px; text-align:center; padding-bottom:10px;">This mail was generated using WireGuard Portal.</td>
+                                            <td class="text-footer1 pb10" style="color:#000000; font-family:'Muli', Arial,sans-serif; font-size:16px; line-height:20px; text-align:center; padding-bottom:10px;">This mail was generated by {{$.PortalName}}.</td>
                                         </tr>
                                         <tr>
-                                            <td class="text-footer2" style="color:#000000; font-family:'Muli', Arial,sans-serif; font-size:12px; line-height:26px; text-align:center;"><a href="{{$.PortalUrl}}" target="_blank" rel="noopener noreferrer" class="link" style="color:#000000; text-decoration:none;"><span class="link" style="color:#000000; text-decoration:none;">Visit WireGuard Portal</span></a></td>
+                                            <td class="text-footer2" style="color:#000000; font-family:'Muli', Arial,sans-serif; font-size:12px; line-height:26px; text-align:center;"><a href="{{$.PortalUrl}}" target="_blank" rel="noopener noreferrer" class="link" style="color:#000000; text-decoration:none;"><span class="link" style="color:#000000; text-decoration:none;">Visit {{$.PortalName}}</span></a></td>
                                         </tr>
                                     </table>
                                 </td>

internal/app/mail/tpl_files/mail_with_link.gotpl

@@ -20,5 +20,5 @@ You can download and install the WireGuard VPN client from:
 https://www.wireguard.com/install/
 
 
-This mail was generated using WireGuard Portal.
+This mail was generated by {{$.PortalName}}.
 {{$.PortalUrl}}

internal/app/webhooks/manager.go

@@ -64,6 +64,7 @@ func (m Manager) connectToMessageBus() {
 	_ = m.bus.Subscribe(app.TopicPeerCreated, m.handlePeerCreateEvent)
 	_ = m.bus.Subscribe(app.TopicPeerUpdated, m.handlePeerUpdateEvent)
 	_ = m.bus.Subscribe(app.TopicPeerDeleted, m.handlePeerDeleteEvent)
+	_ = m.bus.Subscribe(app.TopicPeerStateChanged, m.handlePeerStateChangeEvent)
 
 	_ = m.bus.Subscribe(app.TopicInterfaceCreated, m.handleInterfaceCreateEvent)
 	_ = m.bus.Subscribe(app.TopicInterfaceUpdated, m.handleInterfaceUpdateEvent)
@@ -135,6 +136,14 @@ func (m Manager) handleInterfaceDeleteEvent(iface domain.Interface) {
 	m.handleGenericEvent(WebhookEventDelete, iface)
 }
 
+func (m Manager) handlePeerStateChangeEvent(peerStatus domain.PeerStatus) {
+	if peerStatus.IsConnected {
+		m.handleGenericEvent(WebhookEventConnect, peerStatus)
+	} else {
+		m.handleGenericEvent(WebhookEventDisconnect, peerStatus)
+	}
+}
+
 func (m Manager) handleGenericEvent(action WebhookEvent, payload any) {
 	eventData, err := m.createWebhookData(action, payload)
 	if err != nil {
@@ -177,6 +186,9 @@ func (m Manager) createWebhookData(action WebhookEvent, payload any) (*WebhookDa
 	case domain.Interface:
 		d.Entity = WebhookEntityInterface
 		d.Identifier = string(v.Identifier)
+	case domain.PeerStatus:
+		d.Entity = WebhookEntityPeer
+		d.Identifier = string(v.PeerId)
 	default:
 		return nil, fmt.Errorf("unsupported payload type: %T", v)
 	}

internal/app/webhooks/model.go

@@ -42,7 +42,9 @@ const (
 type WebhookEvent = string
 
 const (
-	WebhookEventCreate WebhookEvent = "create"
+	WebhookEventCreate     WebhookEvent = "create"
-	WebhookEventUpdate WebhookEvent = "update"
+	WebhookEventUpdate     WebhookEvent = "update"
-	WebhookEventDelete WebhookEvent = "delete"
+	WebhookEventDelete     WebhookEvent = "delete"
+	WebhookEventConnect    WebhookEvent = "connect"
+	WebhookEventDisconnect WebhookEvent = "disconnect"
 )

internal/app/wireguard/statistics.go

@@ -43,6 +43,8 @@ type StatisticsMetricsServer interface {
 type StatisticsEventBus interface {
 	// Subscribe subscribes to a topic
 	Subscribe(topic string, fn interface{}) error
+	// Publish sends a message to the message bus.
+	Publish(topic string, args ...any)
 }
 
 type StatisticsCollector struct {
@@ -55,6 +57,8 @@ type StatisticsCollector struct {
 	db StatisticsDatabaseRepo
 	wg StatisticsInterfaceController
 	ms StatisticsMetricsServer
+
+	peerChangeEvent chan domain.PeerIdentifier
 }
 
 // NewStatisticsCollector creates a new statistics collector.
@@ -171,8 +175,12 @@ func (c *StatisticsCollector) collectPeerData(ctx context.Context) {
 					continue
 				}
 				for _, peer := range peers {
+					var connectionStateChanged bool
+					var newPeerStatus domain.PeerStatus
 					err = c.db.UpdatePeerStatus(ctx, peer.Identifier,
 						func(p *domain.PeerStatus) (*domain.PeerStatus, error) {
+							wasConnected := p.IsConnected
+
 							var lastHandshake *time.Time
 							if !peer.LastHandshake.IsZero() {
 								lastHandshake = &peer.LastHandshake
@@ -186,6 +194,12 @@ func (c *StatisticsCollector) collectPeerData(ctx context.Context) {
 							p.BytesTransmitted = peer.BytesDownload // store bytes that where received from the peer and sent by the server
 							p.Endpoint = peer.Endpoint
 							p.LastHandshake = lastHandshake
+							p.CalcConnected()
+
+							if wasConnected != p.IsConnected {
+								connectionStateChanged = true
+								newPeerStatus = *p // store new status for event publishing
+							}
 
 							// Update prometheus metrics
 							go c.updatePeerMetrics(ctx, *p)
@@ -197,6 +211,11 @@ func (c *StatisticsCollector) collectPeerData(ctx context.Context) {
 					} else {
 						slog.Debug("updated peer status", "peer", peer.Identifier)
 					}
+
+					if connectionStateChanged {
+						// publish event if connection state changed
+						c.bus.Publish(app.TopicPeerStateChanged, newPeerStatus)
+					}
 				}
 			}
 		}
@@ -298,12 +317,17 @@ func (c *StatisticsCollector) enqueuePingChecks(ctx context.Context) {
 func (c *StatisticsCollector) pingWorker(ctx context.Context) {
 	defer c.pingWaitGroup.Done()
 	for peer := range c.pingJobs {
+		var connectionStateChanged bool
+		var newPeerStatus domain.PeerStatus
+
 		peerPingable := c.isPeerPingable(ctx, peer)
 		slog.Debug("peer ping check completed", "peer", peer.Identifier, "pingable", peerPingable)
 
 		now := time.Now()
 		err := c.db.UpdatePeerStatus(ctx, peer.Identifier,
 			func(p *domain.PeerStatus) (*domain.PeerStatus, error) {
+				wasConnected := p.IsConnected
+
 				if peerPingable {
 					p.IsPingable = true
 					p.LastPing = &now
@@ -311,6 +335,13 @@ func (c *StatisticsCollector) pingWorker(ctx context.Context) {
 					p.IsPingable = false
 					p.LastPing = nil
 				}
+				p.UpdatedAt = time.Now()
+				p.CalcConnected()
+
+				if wasConnected != p.IsConnected {
+					connectionStateChanged = true
+					newPeerStatus = *p // store new status for event publishing
+				}
 
 				// Update prometheus metrics
 				go c.updatePeerMetrics(ctx, *p)
@@ -322,6 +353,11 @@ func (c *StatisticsCollector) pingWorker(ctx context.Context) {
 		} else {
 			slog.Debug("updated peer ping status", "peer", peer.Identifier)
 		}
+
+		if connectionStateChanged {
+			// publish event if connection state changed
+			c.bus.Publish(app.TopicPeerStateChanged, newPeerStatus)
+		}
 	}
 }
 

internal/app/wireguard/wireguard.go

@@ -3,6 +3,7 @@ package wireguard
 import (
 	"context"
 	"log/slog"
+	"sync"
 	"time"
 
 	"github.com/h44z/wg-portal/internal/app"
@@ -76,6 +77,8 @@ type Manager struct {
 	db    InterfaceAndPeerDatabaseRepo
 	wg    InterfaceController
 	quick WgQuickController
+
+	userLockMap *sync.Map
 }
 
 func NewWireGuardManager(
@@ -86,11 +89,12 @@ func NewWireGuardManager(
 	db InterfaceAndPeerDatabaseRepo,
 ) (*Manager, error) {
 	m := &Manager{
-		cfg:   cfg,
+		cfg:         cfg,
-		bus:   bus,
+		bus:         bus,
-		wg:    wg,
+		wg:          wg,
-		db:    db,
+		db:          db,
-		quick: quick,
+		quick:       quick,
+		userLockMap: &sync.Map{},
 	}
 
 	m.connectToMessageBus()
@@ -117,6 +121,12 @@ func (m Manager) handleUserCreationEvent(user domain.User) {
 		return
 	}
 
+	_, loaded := m.userLockMap.LoadOrStore(user.Identifier, "create")
+	if loaded {
+		return // another goroutine is already handling this user
+	}
+	defer m.userLockMap.Delete(user.Identifier)
+
 	slog.Debug("handling new user event", "user", user.Identifier)
 
 	ctx := domain.SetUserInfo(context.Background(), domain.SystemAdminContextUserInfo())
@@ -132,6 +142,12 @@ func (m Manager) handleUserLoginEvent(userId domain.UserIdentifier) {
 		return
 	}
 
+	_, loaded := m.userLockMap.LoadOrStore(userId, "login")
+	if loaded {
+		return // another goroutine is already handling this user
+	}
+	defer m.userLockMap.Delete(userId)
+
 	userPeers, err := m.db.GetUserPeers(context.Background(), userId)
 	if err != nil {
 		slog.Error("failed to retrieve existing peers prior to default peer creation",

internal/app/wireguard/wireguard_peers.go

@@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 	"log/slog"
+	"slices"
 	"time"
 
 	"github.com/h44z/wg-portal/internal/app"
@@ -23,12 +24,24 @@ func (m Manager) CreateDefaultPeer(ctx context.Context, userId domain.UserIdenti
 		return fmt.Errorf("failed to fetch all interfaces: %w", err)
 	}
 
+	userPeers, err := m.db.GetUserPeers(context.Background(), userId)
+	if err != nil {
+		return fmt.Errorf("failed to retrieve existing peers prior to default peer creation: %w", err)
+	}
+
 	var newPeers []domain.Peer
 	for _, iface := range existingInterfaces {
 		if iface.Type != domain.InterfaceTypeServer {
 			continue // only create default peers for server interfaces
 		}
 
+		peerAlreadyCreated := slices.ContainsFunc(userPeers, func(peer domain.Peer) bool {
+			return peer.InterfaceIdentifier == iface.Identifier
+		})
+		if peerAlreadyCreated {
+			continue // skip creation if a peer already exists for this interface
+		}
+
 		peer, err := m.PreparePeer(ctx, iface.Identifier)
 		if err != nil {
 			return fmt.Errorf("failed to create default peer for interface %s: %w", iface.Identifier, err)
@@ -175,6 +188,30 @@ func (m Manager) CreatePeer(ctx context.Context, peer *domain.Peer) (*domain.Pee
 
 	sessionUser := domain.GetUserInfo(ctx)
 
+    // Enforce peer limit for non-admin users if LimitAdditionalUserPeers is set
+    if m.cfg.Core.SelfProvisioningAllowed && !sessionUser.IsAdmin && m.cfg.Advanced.LimitAdditionalUserPeers > 0 {
+        peers, err := m.db.GetUserPeers(ctx, peer.UserIdentifier)
+        if err != nil {
+            return nil, fmt.Errorf("failed to fetch peers for user %s: %w", peer.UserIdentifier, err)
+        }
+        // Count enabled peers (disabled IS NULL)
+        peerCount := 0
+        for _, p := range peers {
+            if !p.IsDisabled() {
+                peerCount++
+            }
+        }
+        totalAllowedPeers := 1 + m.cfg.Advanced.LimitAdditionalUserPeers // 1 default peer + x additional peers
+        if peerCount >= totalAllowedPeers {
+            slog.WarnContext(ctx, "peer creation blocked due to limit",
+                "user", peer.UserIdentifier,
+                "current_count", peerCount,
+                "allowed_count", totalAllowedPeers)
+            return nil, fmt.Errorf("peer limit reached (%d peers allowed): %w", totalAllowedPeers, domain.ErrNoPermission)
+        }
+    }
+
+
 	existingPeer, err := m.db.GetPeer(ctx, peer.Identifier)
 	if err != nil && !errors.Is(err, domain.ErrNotFound) {
 		return nil, fmt.Errorf("unable to load existing peer %s: %w", peer.Identifier, err)

internal/config/auth.go

@@ -21,6 +21,9 @@ type Auth struct {
 	// MinPasswordLength is the minimum password length for user accounts. This also applies to the admin user.
 	// It is encouraged to set this value to at least 16 characters.
 	MinPasswordLength int `yaml:"min_password_length"`
+	// HideLoginForm specifies whether the login form should be hidden. If no social login providers are configured,
+	// the login form will be shown regardless of this setting.
+	HideLoginForm bool `yaml:"hide_login_form"`
 }
 
 // BaseFields contains the basic fields that are used to map user information from the authentication providers.

internal/config/config.go

@@ -29,18 +29,19 @@ type Config struct {
 	} `yaml:"core"`
 
 	Advanced struct {
-		LogLevel            string        `yaml:"log_level"`
+		LogLevel                 string        `yaml:"log_level"`
-		LogPretty           bool          `yaml:"log_pretty"`
+		LogPretty                bool          `yaml:"log_pretty"`
-		LogJson             bool          `yaml:"log_json"`
+		LogJson                  bool          `yaml:"log_json"`
-		StartListenPort     int           `yaml:"start_listen_port"`
+		StartListenPort          int           `yaml:"start_listen_port"`
-		StartCidrV4         string        `yaml:"start_cidr_v4"`
+		StartCidrV4              string        `yaml:"start_cidr_v4"`
-		StartCidrV6         string        `yaml:"start_cidr_v6"`
+		StartCidrV6              string        `yaml:"start_cidr_v6"`
-		UseIpV6             bool          `yaml:"use_ip_v6"`
+		UseIpV6                  bool          `yaml:"use_ip_v6"`
-		ConfigStoragePath   string        `yaml:"config_storage_path"` // keep empty to disable config export to file
+		ConfigStoragePath        string        `yaml:"config_storage_path"` // keep empty to disable config export to file
-		ExpiryCheckInterval time.Duration `yaml:"expiry_check_interval"`
+		ExpiryCheckInterval      time.Duration `yaml:"expiry_check_interval"`
-		RulePrioOffset      int           `yaml:"rule_prio_offset"`
+		RulePrioOffset           int           `yaml:"rule_prio_offset"`
-		RouteTableOffset    int           `yaml:"route_table_offset"`
+		RouteTableOffset         int           `yaml:"route_table_offset"`
-		ApiAdminOnly        bool          `yaml:"api_admin_only"` // if true, only admin users can access the API
+		ApiAdminOnly             bool          `yaml:"api_admin_only"` // if true, only admin users can access the API
+		LimitAdditionalUserPeers int           `yaml:"limit_additional_user_peers"`
 	} `yaml:"advanced"`
 
 	Statistics struct {
@@ -76,6 +77,7 @@ func (c *Config) LogStartupValues() {
 		"reEnablePeerAfterUserEnable", c.Core.ReEnablePeerAfterUserEnable,
 		"deletePeerAfterUserDeleted", c.Core.DeletePeerAfterUserDeleted,
 		"selfProvisioningAllowed", c.Core.SelfProvisioningAllowed,
+		"limitAdditionalUserPeers", c.Advanced.LimitAdditionalUserPeers,
 		"importExisting", c.Core.ImportExisting,
 		"restoreState", c.Core.RestoreState,
 		"useIpV6", c.Advanced.UseIpV6,
@@ -93,6 +95,9 @@ func (c *Config) LogStartupValues() {
 		"oidcProviders", len(c.Auth.OpenIDConnect),
 		"oauthProviders", len(c.Auth.OAuth),
 		"ldapProviders", len(c.Auth.Ldap),
+		"webauthnEnabled", c.Auth.WebAuthn.Enabled,
+		"minPasswordLength", c.Auth.MinPasswordLength,
+		"hideLoginForm", c.Auth.HideLoginForm,
 	)
 }
 
@@ -137,6 +142,7 @@ func defaultConfig() *Config {
 	cfg.Advanced.RulePrioOffset = 20000
 	cfg.Advanced.RouteTableOffset = 20000
 	cfg.Advanced.ApiAdminOnly = true
+	cfg.Advanced.LimitAdditionalUserPeers = 0
 
 	cfg.Statistics.UsePingChecks = true
 	cfg.Statistics.PingCheckWorkers = 10
@@ -166,6 +172,7 @@ func defaultConfig() *Config {
 
 	cfg.Auth.WebAuthn.Enabled = true
 	cfg.Auth.MinPasswordLength = 16
+	cfg.Auth.HideLoginForm = false
 
 	return cfg
 }
@@ -193,6 +200,8 @@ func GetConfig() (*Config, error) {
 		return nil, fmt.Errorf("failed to load config from yaml: %w", err)
 	}
 
+	cfg.Web.Sanitize()
+
 	return cfg, nil
 }
 

internal/config/web.go

@@ -1,5 +1,7 @@
 package config
 
+import "strings"
+
 // WebConfig contains the configuration for the web server.
 type WebConfig struct {
 	// RequestLogging enables logging of all HTTP requests.
@@ -26,3 +28,7 @@ type WebConfig struct {
 	// KeyFile is the path to the TLS certificate key file.
 	KeyFile string `yaml:"key_file"`
 }
+
+func (c *WebConfig) Sanitize() {
+	c.ExternalUrl = strings.TrimRight(c.ExternalUrl, "/")
+}

internal/domain/base.go

@@ -62,4 +62,7 @@ const (
 
 	LockedReasonAdmin = "locked by admin"
 	LockedReasonApi   = "locked by admin"
+
+	ConfigStyleRaw     = "raw"
+	ConfigStyleWgQuick = "wgquick"
 )

internal/domain/peer.go

@@ -136,6 +136,7 @@ func (p *Peer) OverwriteUserEditableFields(userPeer *Peer, cfg *config.Config) {
 		p.Interface.PublicKey = userPeer.Interface.PublicKey
 		p.Interface.PrivateKey = userPeer.Interface.PrivateKey
 		p.PresharedKey = userPeer.PresharedKey
+		p.Identifier = userPeer.Identifier
 	}
 	p.Interface.Mtu = userPeer.Interface.Mtu
 	p.PersistentKeepalive = userPeer.PersistentKeepalive

internal/domain/statistics.go

@@ -3,21 +3,23 @@ package domain
 import "time"
 
 type PeerStatus struct {
-	PeerId    PeerIdentifier `gorm:"primaryKey;column:identifier"`
+	PeerId    PeerIdentifier `gorm:"primaryKey;column:identifier" json:"PeerId"`
-	UpdatedAt time.Time      `gorm:"column:updated_at"`
+	UpdatedAt time.Time      `gorm:"column:updated_at" json:"-"`
 
-	IsPingable bool       `gorm:"column:pingable"`
+	IsConnected bool `gorm:"column:connected" json:"IsConnected"` // indicates if the peer is connected based on the last handshake or ping
-	LastPing   *time.Time `gorm:"column:last_ping"`
 
-	BytesReceived    uint64 `gorm:"column:received"`
+	IsPingable bool       `gorm:"column:pingable" json:"IsPingable"`
-	BytesTransmitted uint64 `gorm:"column:transmitted"`
+	LastPing   *time.Time `gorm:"column:last_ping" json:"LastPing"`
 
-	LastHandshake    *time.Time `gorm:"column:last_handshake"`
+	BytesReceived    uint64 `gorm:"column:received" json:"BytesReceived"`
-	Endpoint         string     `gorm:"column:endpoint"`
+	BytesTransmitted uint64 `gorm:"column:transmitted" json:"BytesTransmitted"`
-	LastSessionStart *time.Time `gorm:"column:last_session_start"`
+
+	LastHandshake    *time.Time `gorm:"column:last_handshake" json:"LastHandshake"`
+	Endpoint         string     `gorm:"column:endpoint" json:"Endpoint"`
+	LastSessionStart *time.Time `gorm:"column:last_session_start" json:"LastSessionStart"`
 }
 
-func (s PeerStatus) IsConnected() bool {
+func (s *PeerStatus) CalcConnected() {
 	oldestHandshakeTime := time.Now().Add(-2 * time.Minute) // if a handshake is older than 2 minutes, the peer is no longer connected
 
 	handshakeValid := false
@@ -25,7 +27,7 @@ func (s PeerStatus) IsConnected() bool {
 		handshakeValid = !s.LastHandshake.Before(oldestHandshakeTime)
 	}
 
-	return s.IsPingable || handshakeValid
+	s.IsConnected = s.IsPingable || handshakeValid
 }
 
 type InterfaceStatus struct {

internal/domain/statistics_test.go

@@ -66,8 +66,9 @@ func TestPeerStatus_IsConnected(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			if got := tt.status.IsConnected(); got != tt.want {
+			tt.status.CalcConnected()
-				t.Errorf("IsConnected() = %v, want %v", got, tt.want)
+			if got := tt.status.IsConnected; got != tt.want {
+				t.Errorf("IsConnected = %v, want %v", got, tt.want)
 			}
 		})
 	}

mkdocs.yml

@@ -82,6 +82,7 @@ nav:
           - General: documentation/usage/general.md
           - LDAP: documentation/usage/ldap.md
           - Security: documentation/usage/security.md
+          - Webhooks: documentation/usage/webhooks.md
           - REST API: documentation/rest-api/api-doc.md
       - Upgrade: documentation/upgrade/v1.md
       - Monitoring: documentation/monitoring/prometheus.md