ensure hooks run after restart (#494)

.github/workflows/chart.yml

@@ -20,7 +20,7 @@ jobs:
     runs-on: ubuntu-latest
     if: ${{ github.event_name == 'pull_request' }}
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
@@ -60,7 +60,7 @@ jobs:
     permissions:
       packages: write
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v4
 
       - uses: docker/login-action@v3
         with:

.github/workflows/docker-publish.yml

@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out the repo
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
@@ -110,7 +110,7 @@ jobs:
       contents: write
     steps:
       - name: Download binaries
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v4
         with:
           name: binaries
 

.github/workflows/pages.yml

@@ -15,7 +15,7 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
 

Dockerfile

@@ -20,7 +20,7 @@ RUN npm run build
 ######
 # Build backend
 ######
-FROM --platform=${BUILDPLATFORM} golang:1.25-alpine AS builder
+FROM --platform=${BUILDPLATFORM} golang:1.24-alpine AS builder
 # Set the working directory
 WORKDIR /build
 # Download dependencies

docs/documentation/rest-api/swagger.yaml

@@ -403,12 +403,6 @@ definitions:
         type: object
     models.ProvisioningRequest:
         properties:
-            DisplayName:
-                description: |-
-                    DisplayName is an optional name for the new peer.
-                    If unset, a default template value (e.g., "API Peer ...") will be assigned.
-                example: API Peer xyz
-                type: string
             InterfaceIdentifier:
                 description: InterfaceIdentifier is the identifier of the WireGuard interface the peer should be linked to.
                 example: wg0

go.mod

@@ -8,7 +8,7 @@ require (
 	github.com/coreos/go-oidc/v3 v3.15.0
 	github.com/glebarez/sqlite v1.11.0
 	github.com/go-ldap/ldap/v3 v3.4.11
-	github.com/go-pkgz/routegroup v1.5.3
+	github.com/go-pkgz/routegroup v1.5.1
 	github.com/go-playground/validator/v10 v10.27.0
 	github.com/go-webauthn/webauthn v0.13.4
 	github.com/google/uuid v1.6.0
@@ -29,7 +29,7 @@ require (
 	gorm.io/driver/mysql v1.6.0
 	gorm.io/driver/postgres v1.6.0
 	gorm.io/driver/sqlserver v1.6.1
-	gorm.io/gorm v1.30.2
+	gorm.io/gorm v1.30.1
 )
 
 require (

go.sum

@@ -70,8 +70,8 @@ github.com/go-openapi/spec v0.21.0 h1:LTVzPc3p/RzRnkQqLRndbAzjY0d0BCL72A6j3CdL9Z
 github.com/go-openapi/spec v0.21.0/go.mod h1:78u6VdPw81XU44qEWGhtr982gJ5BWg2c0I5XwVMotYk=
 github.com/go-openapi/swag v0.23.1 h1:lpsStH0n2ittzTnbaSloVZLuB5+fvSY/+hnagBjSNZU=
 github.com/go-openapi/swag v0.23.1/go.mod h1:STZs8TbRvEQQKUA+JZNAm3EWlgaOBGpyFDqQnDHMef0=
-github.com/go-pkgz/routegroup v1.5.3 h1:IvH1KLcQkMap9jucQGBlef3IBloxSAe8USUFvxShFqs=
-github.com/go-pkgz/routegroup v1.5.3/go.mod h1:Pmu04fhgWhRtBMIJ8HXppnnzOPjnL/IEPBIdO2zmeqg=
+github.com/go-pkgz/routegroup v1.5.1 h1:hwVU4w2ltMQXIGEM4WIM0aWyRn7FsZbfbZIlPH7f1Rk=
+github.com/go-pkgz/routegroup v1.5.1/go.mod h1:kDDPDRLRiRY1vnENrZJw1jQAzQX7fvsbsHGRQFNQfKc=
 github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
 github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
@@ -374,8 +374,8 @@ gorm.io/driver/postgres v1.6.0/go.mod h1:vUw0mrGgrTK+uPHEhAdV4sfFELrByKVGnaVRkXD
 gorm.io/driver/sqlserver v1.6.1 h1:XWISFsu2I2pqd1KJhhTZNJMx1jNQ+zVL/Q8ovDcUjtY=
 gorm.io/driver/sqlserver v1.6.1/go.mod h1:VZeNn7hqX1aXoN5TPAFGWvxWG90xtA8erGn2gQmpc6U=
 gorm.io/gorm v1.30.0/go.mod h1:8Z33v652h4//uMA76KjeDH8mJXPm1QNCYrMeatR0DOE=
-gorm.io/gorm v1.30.2 h1:f7bevlVoVe4Byu3pmbWPVHnPsLoWaMjEb7/clyr9Ivs=
-gorm.io/gorm v1.30.2/go.mod h1:8Z33v652h4//uMA76KjeDH8mJXPm1QNCYrMeatR0DOE=
+gorm.io/gorm v1.30.1 h1:lSHg33jJTBxs2mgJRfRZeLDG+WZaHYCk3Wtfl6Ngzo4=
+gorm.io/gorm v1.30.1/go.mod h1:8Z33v652h4//uMA76KjeDH8mJXPm1QNCYrMeatR0DOE=
 modernc.org/cc/v4 v4.26.3 h1:yEN8dzrkRFnn4PUUKXLYIqVf2PJYAEjMTFjO3BDGc3I=
 modernc.org/cc/v4 v4.26.3/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0=
 modernc.org/ccgo/v4 v4.28.0 h1:rjznn6WWehKq7dG4JtLRKxb52Ecv8OUGah8+Z/SfpNU=

internal/app/api/core/assets/doc/v0_swagger.json

@@ -1781,11 +1781,6 @@
                         "type": "string"
                     }
                 },
-                "Backend": {
-                    "description": "the backend used for this interface e.g., local, mikrotik, ...",
-                    "type": "string",
-                    "example": "local"
-                },
                 "Disabled": {
                     "description": "flag that specifies if the interface is enabled (up) or not (down)",
                     "type": "boolean"
@@ -2254,12 +2249,6 @@
                 "ApiAdminOnly": {
                     "type": "boolean"
                 },
-                "AvailableBackends": {
-                    "type": "array",
-                    "items": {
-                        "$ref": "#/definitions/model.SettingsBackendNames"
-                    }
-                },
                 "LoginFormVisible": {
                     "type": "boolean"
                 },
@@ -2280,17 +2269,6 @@
                 }
             }
         },
-        "model.SettingsBackendNames": {
-            "type": "object",
-            "properties": {
-                "Id": {
-                    "type": "string"
-                },
-                "Name": {
-                    "type": "string"
-                }
-            }
-        },
         "model.User": {
             "type": "object",
             "properties": {

internal/app/api/core/assets/doc/v0_swagger.yaml

@@ -65,10 +65,6 @@ definitions:
         items:
           type: string
         type: array
-      Backend:
-        description: the backend used for this interface e.g., local, mikrotik, ...
-        example: local
-        type: string
       Disabled:
         description: flag that specifies if the interface is enabled (up) or not (down)
         type: boolean
@@ -385,10 +381,6 @@ definitions:
     properties:
       ApiAdminOnly:
         type: boolean
-      AvailableBackends:
-        items:
-          $ref: '#/definitions/model.SettingsBackendNames'
-        type: array
       LoginFormVisible:
         type: boolean
       MailLinkOnly:
@@ -402,13 +394,6 @@ definitions:
       WebAuthnEnabled:
         type: boolean
     type: object
-  model.SettingsBackendNames:
-    properties:
-      Id:
-        type: string
-      Name:
-        type: string
-    type: object
   model.User:
     properties:
       ApiEnabled:

internal/app/api/core/assets/doc/v1_swagger.json

@@ -2086,11 +2086,6 @@
                 "InterfaceIdentifier"
             ],
             "properties": {
-                "DisplayName": {
-                    "description": "DisplayName is an optional name for the new peer.\nIf unset, a default template value (e.g., \"API Peer ...\") will be assigned.",
-                    "type": "string",
-                    "example": "API Peer xyz"
-                },
                 "InterfaceIdentifier": {
                     "description": "InterfaceIdentifier is the identifier of the WireGuard interface the peer should be linked to.",
                     "type": "string",

internal/app/api/core/assets/doc/v1_swagger.yaml

@@ -445,12 +445,6 @@ definitions:
     type: object
   models.ProvisioningRequest:
     properties:
-      DisplayName:
-        description: |-
-          DisplayName is an optional name for the new peer.
-          If unset, a default template value (e.g., "API Peer ...") will be assigned.
-        example: API Peer xyz
-        type: string
       InterfaceIdentifier:
         description: InterfaceIdentifier is the identifier of the WireGuard interface
           the peer should be linked to.

internal/app/api/v1/backend/provisioning_service.go

@@ -162,11 +162,7 @@ func (p ProvisioningService) NewPeer(ctx context.Context, req models.Provisionin
 	if req.PresharedKey != "" {
 		peer.PresharedKey = domain.PreSharedKey(req.PresharedKey)
 	}
-	if req.DisplayName == "" {
-		peer.GenerateDisplayName("API")
-	} else {
-		peer.DisplayName = req.DisplayName
-	}
+	peer.GenerateDisplayName("API")
 
 	// save new peer
 	peer, err = p.peers.CreatePeer(ctx, peer)

internal/app/api/v1/models/models_provisioning.go

@@ -68,10 +68,6 @@ type ProvisioningRequest struct {
 	// If no user identifier is set, the authenticated user is used.
 	UserIdentifier string `json:"UserIdentifier" example:"uid-1234567"`
 
-	// DisplayName is an optional name for the new peer.
-	// If unset, a default template value (e.g., "API Peer ...") will be assigned.
-	DisplayName string `json:"DisplayName" example:"API Peer xyz" binding:"omitempty"`
-
 	// PublicKey is the optional public key of the peer. If no public key is set, a new key pair is generated.
 	PublicKey string `json:"PublicKey" example:"xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=" binding:"omitempty,len=44"`
 	// PresharedKey is the optional pre-shared key of the peer. If no pre-shared key is set, a new key is generated.

internal/app/auth/auth_ldap.go

@@ -54,7 +54,7 @@ func (l LdapAuthenticator) PlaintextAuthentication(userId domain.UserIdentifier,
 
 	attrs := []string{"dn"}
 
-	loginFilter := strings.Replace(l.cfg.LoginFilter, "{{login_identifier}}", ldap.EscapeFilter(string(userId)), -1)
+	loginFilter := strings.Replace(l.cfg.LoginFilter, "{{login_identifier}}", string(userId), -1)
 	searchRequest := ldap.NewSearchRequest(
 		l.cfg.BaseDN,
 		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 20, false, // 20 second time limit
@@ -100,7 +100,7 @@ func (l LdapAuthenticator) GetUserInfo(_ context.Context, userId domain.UserIden
 
 	attrs := internal.LdapSearchAttributes(&l.cfg.FieldMap)
 
-	loginFilter := strings.Replace(l.cfg.LoginFilter, "{{login_identifier}}", ldap.EscapeFilter(string(userId)), -1)
+	loginFilter := strings.Replace(l.cfg.LoginFilter, "{{login_identifier}}", string(userId), -1)
 	searchRequest := ldap.NewSearchRequest(
 		l.cfg.BaseDN,
 		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 20, false, // 20 second time limit