From 91502f6cc591dc0c1ef248e8426cd4b910980ee8 Mon Sep 17 00:00:00 2001
From: Eduardo Silva <eduardo@eth0.com.br>
Date: Thu, 15 Feb 2024 22:20:44 -0300
Subject: [PATCH] Small deployment fixes

---
 .gitignore                     |  1 +
 docker-compose.yml             |  6 ++--
 requirements.txt               |  4 ++-
 virtualhost.conf               |  4 +--
 wireguard_tools/views.py       | 55 +++++++++++++++++++++++-----------
 wireguard_webadmin/settings.py |  3 +-
 6 files changed, 50 insertions(+), 23 deletions(-)

diff --git a/.gitignore b/.gitignore
index 923b970..09f7cd4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,4 @@
 *__pycache__/
 *.pyo
 *.pyd
+wireguard_webadmin/production_settings.py
diff --git a/docker-compose.yml b/docker-compose.yml
index e7e1ace..896f9bc 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,7 +1,6 @@
 version: '3'
 services:
   wireguard-webadmin:
-    image: ubuntu:latest
     container_name: wireguard-webadmin
     build:
       context: .
@@ -10,9 +9,12 @@ services:
       - static_volume:/app_static_files/
       - .:/app
     ports:
+      # Do not directly expose the Django port to the internet, use the reverse proxy below instead
       - "127.0.0.1:8000:8000"
+      # dont go crazy increasing the udp port range. Docker will have a hard time handling with a large range of ports
+      # Actually, you probably will use only one port, but you can add more server instances if you want
       - "51820-51839:51820-51839/udp"
-      # dont go crazy adding ports. Docker will have a hard time handling with a large range of ports
+      
     cap_add:
       - NET_ADMIN
       - SYS_MODULE
diff --git a/requirements.txt b/requirements.txt
index 8fcec2a..e65a2b1 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,4 +1,6 @@
 asgiref==3.7.2
 Django==5.0.1
+pypng==0.20220715.0
+qrcode==7.4.2
 sqlparse==0.4.4
-typing_extensions==4.9.0
\ No newline at end of file
+typing_extensions==4.9.0
diff --git a/virtualhost.conf b/virtualhost.conf
index d6e459b..5c7379b 100644
--- a/virtualhost.conf
+++ b/virtualhost.conf
@@ -9,8 +9,8 @@ server {
     ssl_certificate_key    /certificate/nginx.key;
 
     # if you are using cloudflare, you can use this enable authenticated origin pull. Dont forget to activate it in cloudflare
-    ssl_client_certificate /certificate/cloudflare_authenticated_origin_pull_ca.pem;
-    ssl_verify_client on;
+    #ssl_client_certificate /certificate/cloudflare_authenticated_origin_pull_ca.pem;
+    #ssl_verify_client on;
 
     location /static/ {
         alias /static/;
diff --git a/wireguard_tools/views.py b/wireguard_tools/views.py
index 707b307..cfc5704 100644
--- a/wireguard_tools/views.py
+++ b/wireguard_tools/views.py
@@ -17,28 +17,35 @@ def clean_command_field(command_field):
     return cleaned_field
 
 
+
 def generate_peer_config(peer_uuid):
     peer = get_object_or_404(Peer, uuid=peer_uuid)
     wg_instance = peer.wireguard_instance
 
-    allowed_ips = PeerAllowedIP.objects.filter(peer=peer).order_by('priority')
-    allowed_ips_line = ", ".join([f"{ip.allowed_ip}/{ip.netmask}" for ip in allowed_ips])
+    priority_zero_ip = PeerAllowedIP.objects.filter(peer=peer, priority=0).first()
+
+    if not priority_zero_ip:
+        return "No IP with priority zero found for this peer."
+
+    client_address = f"{priority_zero_ip.allowed_ip}/{priority_zero_ip.netmask}"
+
+    #allowed_ips = PeerAllowedIP.objects.filter(peer=peer).exclude(uuid=priority_zero_ip.uuid).order_by('priority')
+    #allowed_ips_line = ", ".join([f"{ip.allowed_ip}/{ip.netmask}" for ip in allowed_ips])
 
     config_lines = [
         "[Interface]",
         f"PrivateKey = {peer.private_key}" if peer.private_key else "",
-        f"Address = {wg_instance.address}/{wg_instance.netmask}",
-        f"DNS = 8.8.8.8",  # Sorry, it's hardcoded for now, I will fix it later
+        f"Address = {client_address}",
+        f"DNS = 8.8.8.8",  
         "\n[Peer]",
         f"PublicKey = {wg_instance.public_key}",
         f"Endpoint = {wg_instance.hostname}:{wg_instance.listen_port}",
-        f"AllowedIPs = {allowed_ips_line}",  # Usar os AllowedIPs do banco de dados
+        f"AllowedIPs = 0.0.0.0/0, ::/0",  
         f"PresharedKey = {peer.pre_shared_key}" if peer.pre_shared_key else "",
         f"PersistentKeepalive = {peer.persistent_keepalive}",
     ]
     return "\n".join(config_lines)
 
-
 @login_required
 def export_wireguard_configs(request):
     if not UserAcl.objects.filter(user=request.user).filter(user_level__gte=30).exists():
@@ -57,7 +64,6 @@ def export_wireguard_configs(request):
             f"ListenPort = {instance.listen_port}",
             f"PostUp = {post_up_processed}",
             f"PostDown = {post_down_processed}",
-            f"PersistentKeepalive = {instance.persistent_keepalive}\n",
         ]
 
         peers = Peer.objects.filter(wireguard_instance=instance)
@@ -122,22 +128,37 @@ def download_config_or_qrcode(request):
 def restart_wireguard_interfaces(request):
     if not UserAcl.objects.filter(user=request.user).filter(user_level__gte=30).exists():
         return render(request, 'access_denied.html', {'page_title': 'Access Denied'})
+    
     config_dir = "/etc/wireguard"
     interface_count = 0
+    error_count = 0
+
     for filename in os.listdir(config_dir):
         if filename.endswith(".conf"):
             interface_name = filename[:-5]
-            # Parar a interface
             stop_command = f"wg-quick down {interface_name}"
-            subprocess.run(stop_command, shell=True, check=True)
+            stop_result = subprocess.run(stop_command, shell=True, capture_output=True, text=True)
+            if stop_result.returncode != 0:
+                messages.warning(request, f"Error stopping {interface_name}|{stop_result.stderr}")
+                error_count += 1
             start_command = f"wg-quick up {interface_name}"
-            subprocess.run(start_command, shell=True, check=True)
-            interface_count += 1
-    if interface_count == 1:
-        messages.success(request, "Interface restarted|The WireGuard interface has been restarted.")
-    elif interface_count > 1:
-        messages.success(request, "Interfaces restarted|" + str(interface_count) + " WireGuard interfaces have been restarted.")
-    else:
-        messages.warning(request, "No interfaces found|No WireGuard interfaces were found to restart.")
+            start_result = subprocess.run(start_command, shell=True, capture_output=True, text=True)
+            if start_result.returncode != 0:
+                messages.warning(request, f"Error starting {interface_name}|{start_result.stderr}")
+                error_count += 1
+            else:
+                interface_count += 1
+
+    if interface_count > 0 and error_count == 0:
+        if interface_count == 1:
+            messages.success(request, "Interface restarted|The WireGuard interface has been restarted.")
+        else:
+            messages.success(request, f"Interfaces restarted|{interface_count} WireGuard interfaces have been restarted.")
+    elif error_count > 0:
+        messages.warning(request, f"Errors encountered|There were errors restarting some interfaces. See warnings for details.")
+
+    if interface_count == 0 and error_count == 0:
+        messages.info(request, "No interfaces found|No WireGuard interfaces were found to restart.")
+
     return redirect("/status/")
 
diff --git a/wireguard_webadmin/settings.py b/wireguard_webadmin/settings.py
index 353a567..898f6cb 100644
--- a/wireguard_webadmin/settings.py
+++ b/wireguard_webadmin/settings.py
@@ -27,7 +27,6 @@ DEBUG = True
 
 ALLOWED_HOSTS = []
 
-
 # Application definition
 
 INSTALLED_APPS = [
@@ -127,3 +126,5 @@ STATICFILES_DIRS = [
 # https://docs.djangoproject.com/en/5.0/ref/settings/#default-auto-field
 
 DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
+
+from wireguard_webadmin.production_settings import *
\ No newline at end of file