Mirrors/wireguard_webadmin
1
0
Fork 0
mirror of https://github.com/eduardogsilva/wireguard_webadmin.git synced 2026-02-19 19:26:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

improved cron tasks output and force authentication

Browse Source
This commit is contained in:
Eduardo Silva
2026-02-09 13:09:30 -03:00
parent 05b9644cd3
commit 6c37beece0
9 changed files with 79 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
api/views.py
View File

@@ -41,6 +41,8 @@ def get_api_key(api_name):
api_file_path = '/etc/wireguard/routerfleet_key' api_file_path = '/etc/wireguard/routerfleet_key'
elif api_name == 'rrdkey': elif api_name == 'rrdkey':
api_file_path = '/app_secrets/rrdtool_key' api_file_path = '/app_secrets/rrdtool_key'
elif api_name == 'cron_key':
api_file_path = '/app_secrets/cron_key'
else: else:
return api_key return api_key
@@ -398,6 +400,12 @@ def func_concatenate_cluster_wireguard_status_cache() -> None:
def cron_refresh_wireguard_status_cache(request): def cron_refresh_wireguard_status_cache(request):
api_key = get_api_key('cron_key')
if api_key and api_key == request.GET.get('cron_key'):
pass
else:
return HttpResponseForbidden()
data = {'status': 'success'} data = {'status': 'success'}
WireguardStatusCache.objects.filter(created__lt=timezone.now() - timezone.timedelta(seconds=settings.WIREGUARD_STATUS_CACHE_MAX_AGE)).delete() WireguardStatusCache.objects.filter(created__lt=timezone.now() - timezone.timedelta(seconds=settings.WIREGUARD_STATUS_CACHE_MAX_AGE)).delete()
@@ -414,6 +422,12 @@ def cron_refresh_wireguard_status_cache(request):
def cron_calculate_peer_schedules(request): def cron_calculate_peer_schedules(request):
api_key = get_api_key('cron_key')
if api_key and api_key == request.GET.get('cron_key'):
pass
else:
return HttpResponseForbidden()
data = { data = {
'status': 'success', 'status': 'success',
'updated_records': 0, 'updated_records': 0,
@@ -484,6 +498,12 @@ def cron_calculate_peer_schedules(request):
def cron_peer_scheduler(request): def cron_peer_scheduler(request):
api_key = get_api_key('cron_key')
if api_key and api_key == request.GET.get('cron_key'):
pass
else:
return HttpResponseForbidden()
now = timezone.now() now = timezone.now()
data = { data = {
'status': 'success', 'status': 'success',
@@ -671,6 +691,12 @@ def legacy_wireguard_status(request):
@require_http_methods(["GET"]) @require_http_methods(["GET"])
def cron_update_peer_latest_handshake(request): def cron_update_peer_latest_handshake(request):
api_key = get_api_key('cron_key')
if api_key and api_key == request.GET.get('cron_key'):
pass
else:
return HttpResponseForbidden()
command = "wg show all latest-handshakes | expand | tr -s ' '" command = "wg show all latest-handshakes | expand | tr -s ' '"
process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True) process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
stdout, stderr = process.communicate() stdout, stderr = process.communicate()
@@ -707,6 +733,12 @@ def cron_update_peer_latest_handshake(request):
def cron_check_updates(request): def cron_check_updates(request):
api_key = get_api_key('cron_key')
if api_key and api_key == request.GET.get('cron_key'):
pass
else:
return HttpResponseForbidden()
webadmin_settings, webadmin_settings_created = WebadminSettings.objects.get_or_create(name='webadmin_settings') webadmin_settings, webadmin_settings_created = WebadminSettings.objects.get_or_create(name='webadmin_settings')
if webadmin_settings.last_checked is None or timezone.now() > (webadmin_settings.last_checked + datetime.timedelta(hours=1)): if webadmin_settings.last_checked is None or timezone.now() > (webadmin_settings.last_checked + datetime.timedelta(hours=1)):
try: try:

9
containers/cron/Dockerfile-cron
View File

@@ -1,15 +1,12 @@
FROM ubuntu:latest FROM ubuntu:latest
# Instalar cron RUN apt-get update && apt-get install -y cron curl && rm -rf /var/lib/apt/lists/*
RUN apt-get update && apt-get install -y cron curl
# Adicionar seus scripts de cron
# Adicionar apenas o entrypoint script, as tasks serão geradas lá
COPY entrypoint.sh /entrypoint.sh COPY entrypoint.sh /entrypoint.sh
COPY cron_runner.sh /cron_runner.sh
RUN chmod +x /entrypoint.sh RUN chmod +x /entrypoint.sh
RUN chmod +x /cron_runner.sh
# Criar um arquivo de log para armazenar os resultados do cron
RUN touch /var/log/cron.log RUN touch /var/log/cron.log
# Executar o entrypoint
ENTRYPOINT ["/entrypoint.sh"] ENTRYPOINT ["/entrypoint.sh"]

11
containers/cron/cron_runner.sh Normal file
View File

@@ -0,0 +1,11 @@
#!/bin/bash
set -e
[ -z "$1" ] && exit 1
ENDPOINT="$1"
CRON_KEY="$(cat /app_secrets/cron_key)"
URL="http://wireguard-webadmin:8000/api/cron/${ENDPOINT}/?cron_key=${CRON_KEY}"
BODY="$(/usr/bin/curl -sS "$URL" 2>&1 || true)"
echo "[$(date -Is)] ${ENDPOINT} -> ${BODY}"

32
containers/cron/entrypoint.sh
View File

@@ -16,32 +16,28 @@ echo "Starting cron with WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL=$WIREGUARD_STAT
# Create cron tasks # Create cron tasks
cat <<EOF > /etc/cron.d/cron_tasks cat <<EOF > /etc/cron.d/cron_tasks
*/15 * * * * root sleep 20 ; /usr/bin/curl -s http://wireguard-webadmin:8000/api/cron_check_updates/ >> /var/log/cron.log 2>&1 */15 * * * * root sleep 20 ; /cron_runner.sh check_updates >> /var/log/cron.log 2>&1
*/10 * * * * root sleep 15 ; /usr/bin/curl -s http://wireguard-webadmin:8000/api/cron_update_peer_latest_handshake/ >> /var/log/cron.log 2>&1 */10 * * * * root sleep 15 ; /cron_runner.sh update_peer_latest_handshake >> /var/log/cron.log 2>&1
* * * * * root sleep 10 ; /usr/bin/curl -s http://wireguard-webadmin:8000/api/cron_peer_scheduler/ >> /var/log/cron.log 2>&1 * * * * * root sleep 10 ; /cron_runner.sh peer_scheduler >> /var/log/cron.log 2>&1
* * * * * root sleep 30 ; /usr/bin/curl -s http://wireguard-webadmin:8000/api/cron_calculate_peer_schedules/ >> /var/log/cron.log 2>&1 * * * * * root sleep 30 ; /cron_runner.sh calculate_peer_schedules >> /var/log/cron.log 2>&1
EOF EOF
CMD="/usr/bin/curl -s http://wireguard-webadmin:8000/api/cron_refresh_wireguard_status_cache/ >> /var/log/cron.log 2>&1" CMD="echo -n cron_refresh_wireguard_status_cache ; /cron_runner.sh refresh_wireguard_status_cache >> /var/log/cron.log 2>&1"
if [ "$WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL" -eq 30 ]; then if [ "$WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL" -eq 30 ]; then
echo "* * * * * root $CMD" >> /etc/cron.d/cron_tasks echo "* * * * * root $CMD" >> /etc/cron.d/cron_tasks
echo "* * * * * root sleep 30; $CMD" >> /etc/cron.d/cron_tasks echo "* * * * * root sleep 30 ; $CMD" >> /etc/cron.d/cron_tasks
elif [ "$WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL" -eq 60 ]; then elif [ "$WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL" -eq 60 ]; then
echo "* * * * * root $CMD" >> /etc/cron.d/cron_tasks echo "* * * * * root $CMD" >> /etc/cron.d/cron_tasks
elif [ "$WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL" -eq 150 ]; then elif [ "$WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL" -eq 150 ]; then
echo "*/5 * * * * root $CMD" >> /etc/cron.d/cron_tasks echo "*/5 * * * * root $CMD" >> /etc/cron.d/cron_tasks
echo "*/5 * * * * root sleep 150; $CMD" >> /etc/cron.d/cron_tasks echo "*/5 * * * * root sleep 150 ; $CMD" >> /etc/cron.d/cron_tasks
elif [ "$WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL" -eq 300 ]; then elif [ "$WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL" -eq 300 ]; then
echo "*/5 * * * * root $CMD" >> /etc/cron.d/cron_tasks echo "*/5 * * * * root $CMD" >> /etc/cron.d/cron_tasks
fi fi
# Permissions
chmod 0644 /etc/cron.d/cron_tasks chmod 0644 /etc/cron.d/cron_tasks
# crontab /etc/cron.d/cron_tasks
# Touch log file echo > /var/log/cron.log
touch /var/log/cron.log cron
tail -n 0 -F /var/log/cron.log
# Execute cron
exec cron -f

4
docker-compose-no-nginx-dev.yml
View File

@@ -9,7 +9,7 @@ services:
- SERVER_ADDRESS=${SERVER_ADDRESS} - SERVER_ADDRESS=${SERVER_ADDRESS}
- DEBUG_MODE=${DEBUG_MODE} - DEBUG_MODE=${DEBUG_MODE}
- DEV_MODE=True - DEV_MODE=True
- COMPOSE_VERSION=c1b - COMPOSE_VERSION=c1c
- TZ=${TIMEZONE} - TZ=${TIMEZONE}
- EXTRA_ALLOWED_HOSTS=${EXTRA_ALLOWED_HOSTS} - EXTRA_ALLOWED_HOSTS=${EXTRA_ALLOWED_HOSTS}
- WIREGUARD_STATUS_CACHE_ENABLED=${WIREGUARD_STATUS_CACHE_ENABLED} - WIREGUARD_STATUS_CACHE_ENABLED=${WIREGUARD_STATUS_CACHE_ENABLED}
@@ -48,6 +48,8 @@ services:
environment: environment:
- TZ=${TIMEZONE} - TZ=${TIMEZONE}
- WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL=${WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL} - WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL=${WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL}
volumes:
- app_secrets:/app_secrets/
depends_on: depends_on:
- wireguard-webadmin - wireguard-webadmin

4
docker-compose-no-nginx.yml
View File

@@ -7,7 +7,7 @@ services:
environment: environment:
- SERVER_ADDRESS=${SERVER_ADDRESS} - SERVER_ADDRESS=${SERVER_ADDRESS}
- DEBUG_MODE=${DEBUG_MODE} - DEBUG_MODE=${DEBUG_MODE}
- COMPOSE_VERSION=c1b - COMPOSE_VERSION=c1c
- TZ=${TIMEZONE} - TZ=${TIMEZONE}
- EXTRA_ALLOWED_HOSTS=${EXTRA_ALLOWED_HOSTS} - EXTRA_ALLOWED_HOSTS=${EXTRA_ALLOWED_HOSTS}
- WIREGUARD_STATUS_CACHE_ENABLED=${WIREGUARD_STATUS_CACHE_ENABLED} - WIREGUARD_STATUS_CACHE_ENABLED=${WIREGUARD_STATUS_CACHE_ENABLED}
@@ -42,6 +42,8 @@ services:
environment: environment:
- TZ=${TIMEZONE} - TZ=${TIMEZONE}
- WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL=${WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL} - WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL=${WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL}
volumes:
- app_secrets:/app_secrets/
depends_on: depends_on:
- wireguard-webadmin - wireguard-webadmin

4
docker-compose.yml
View File

@@ -7,7 +7,7 @@ services:
environment: environment:
- SERVER_ADDRESS=${SERVER_ADDRESS} - SERVER_ADDRESS=${SERVER_ADDRESS}
- DEBUG_MODE=${DEBUG_MODE} - DEBUG_MODE=${DEBUG_MODE}
- COMPOSE_VERSION=c1b - COMPOSE_VERSION=c1c
- TZ=${TIMEZONE} - TZ=${TIMEZONE}
- EXTRA_ALLOWED_HOSTS=${EXTRA_ALLOWED_HOSTS} - EXTRA_ALLOWED_HOSTS=${EXTRA_ALLOWED_HOSTS}
- WIREGUARD_STATUS_CACHE_ENABLED=${WIREGUARD_STATUS_CACHE_ENABLED} - WIREGUARD_STATUS_CACHE_ENABLED=${WIREGUARD_STATUS_CACHE_ENABLED}
@@ -42,6 +42,8 @@ services:
environment: environment:
- TZ=${TIMEZONE} - TZ=${TIMEZONE}
- WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL=${WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL} - WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL=${WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL}
volumes:
- app_secrets:/app_secrets/
depends_on: depends_on:
- wireguard-webadmin - wireguard-webadmin

6
entrypoint.sh
View File

@@ -2,7 +2,7 @@
set -e set -e
if [[ "$COMPOSE_VERSION" != "c1b" ]]; then if [[ "$COMPOSE_VERSION" != "c1c" ]]; then
echo "ERROR: Please upgrade your docker compose file. Exiting." echo "ERROR: Please upgrade your docker compose file. Exiting."
exit 1 exit 1
fi fi
@@ -21,6 +21,10 @@ if [ ! -f /app_secrets/rrdtool_key ]; then
cat /proc/sys/kernel/random/uuid > /app_secrets/rrdtool_key cat /proc/sys/kernel/random/uuid > /app_secrets/rrdtool_key
fi fi
if [ ! -f /app_secrets/cron_key ]; then
cat /proc/sys/kernel/random/uuid > /app_secrets/cron_key
fi
SERVER_HOSTNAME=$(echo $SERVER_ADDRESS | cut -d ':' -f 1) SERVER_HOSTNAME=$(echo $SERVER_ADDRESS | cut -d ':' -f 1)
EXTRA_ALLOWED_HOSTS_STRING="" EXTRA_ALLOWED_HOSTS_STRING=""
CSRF_EXTRA_TRUSTED_ORIGINS="" CSRF_EXTRA_TRUSTED_ORIGINS=""

10
wireguard_webadmin/urls.py
View File

@@ -87,11 +87,11 @@ urlpatterns = [
path('api/instance_info/', api_instance_info, name='api_instance_info'), path('api/instance_info/', api_instance_info, name='api_instance_info'),
path('api/peer_info/', peer_info, name='api_peer_info'), path('api/peer_info/', peer_info, name='api_peer_info'),
path('api/peer_invite/', api_peer_invite, name='api_peer_invite'), path('api/peer_invite/', api_peer_invite, name='api_peer_invite'),
path('api/cron_peer_scheduler/', cron_peer_scheduler, name='cron_peer_scheduler'), path('api/cron/peer_scheduler/', cron_peer_scheduler, name='cron_peer_scheduler'),
path('api/cron_calculate_peer_schedules/', cron_calculate_peer_schedules, name='cron_calculate_peer_schedules'), path('api/cron/calculate_peer_schedules/', cron_calculate_peer_schedules, name='cron_calculate_peer_schedules'),
path('api/cron_refresh_wireguard_status_cache/', cron_refresh_wireguard_status_cache, name='cron_refresh_wireguard_status_cache'), path('api/cron/refresh_wireguard_status_cache/', cron_refresh_wireguard_status_cache, name='cron_refresh_wireguard_status_cache'),
path('api/cron_check_updates/', cron_check_updates, name='cron_check_updates'), path('api/cron/check_updates/', cron_check_updates, name='cron_check_updates'),
path('api/cron_update_peer_latest_handshake/', cron_update_peer_latest_handshake, name='cron_update_peer_latest_handshake'), path('api/cron/update_peer_latest_handshake/', cron_update_peer_latest_handshake, name='cron_update_peer_latest_handshake'),
path('api/cluster/status/', api_cluster_status, name='api_cluster_status'), path('api/cluster/status/', api_cluster_status, name='api_cluster_status'),
path('api/cluster/worker/get_config_files/', api_get_worker_config_files, name='api_get_worker_config_files'), path('api/cluster/worker/get_config_files/', api_get_worker_config_files, name='api_get_worker_config_files'),
path('api/cluster/worker/get_dnsmasq_config/', api_get_worker_dnsmasq_config, name='api_get_worker_dnsmasq_config'), path('api/cluster/worker/get_dnsmasq_config/', api_get_worker_dnsmasq_config, name='api_get_worker_dnsmasq_config'),