From 3eabe9922da6d05507e31210078d868508e78f95 Mon Sep 17 00:00:00 2001
From: kolsys <kolsys@users.noreply.github.com>
Date: Thu, 31 Oct 2024 18:19:51 +0300
Subject: [PATCH] Add advanced security support

---
 src/config.js        | 11 +++++++++++
 src/lib/WireGuard.js | 30 +++++++++++++++++++++++++++++-
 2 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/src/config.js b/src/config.js
index 72314ae1..84e1972f 100644
--- a/src/config.js
+++ b/src/config.js
@@ -37,6 +37,17 @@ iptables -D INPUT -p udp -m udp --dport ${module.exports.WG_PORT} -j ACCEPT;
 iptables -D FORWARD -i wg0 -j ACCEPT;
 iptables -D FORWARD -o wg0 -j ACCEPT;
 `.split('\n').join(' ');
+// Advanced security settings
+module.exports.WG_ASC_JC = process.env.WG_ASC_JC;
+module.exports.WG_ASC_JMIN = process.env.WG_ASC_JMIN
+module.exports.WG_ASC_JMAX = process.env.WG_ASC_JMAX
+module.exports.WG_ASC_S1 = process.env.WG_ASC_S1;
+module.exports.WG_ASC_S2 = process.env.WG_ASC_S2;
+module.exports.WG_ASC_H1 = process.env.WG_ASC_H1;
+module.exports.WG_ASC_H2 = process.env.WG_ASC_H2;
+module.exports.WG_ASC_H3 = process.env.WG_ASC_H3;
+module.exports.WG_ASC_H4 = process.env.WG_ASC_H4;
+
 module.exports.LANG = process.env.LANG || 'en';
 module.exports.UI_TRAFFIC_STATS = process.env.UI_TRAFFIC_STATS || 'false';
 module.exports.UI_CHART_TYPE = process.env.UI_CHART_TYPE || 0;
diff --git a/src/lib/WireGuard.js b/src/lib/WireGuard.js
index 8ce325f7..822915ef 100644
--- a/src/lib/WireGuard.js
+++ b/src/lib/WireGuard.js
@@ -26,6 +26,9 @@ const {
   WG_POST_DOWN,
   WG_ENABLE_EXPIRES_TIME,
   WG_ENABLE_ONE_TIME_LINKS,
+  WG_ASC_JC, WG_ASC_JMIN, WG_ASC_JMAX,
+  WG_ASC_S1, WG_ASC_S2,
+  WG_ASC_H1, WG_ASC_H2, WG_ASC_H3, WG_ASC_H4,
 } = require('../config');
 
 module.exports = class WireGuard {
@@ -110,6 +113,21 @@ PostUp = ${WG_POST_UP}
 PreDown = ${WG_PRE_DOWN}
 PostDown = ${WG_POST_DOWN}
 `;
+    // Has advanced security config
+    if (WG_ASC_JC) {
+      result += `
+# Advance security
+Jc = ${WG_ASC_JC}
+Jmin = ${WG_ASC_JMIN}
+Jmax = ${WG_ASC_JMAX}
+S1 = ${WG_ASC_S1}
+S2 = ${WG_ASC_S2}
+H1 = ${WG_ASC_H1}
+H2 = ${WG_ASC_H2}
+H3 = ${WG_ASC_H3}
+H4 = ${WG_ASC_H4}
+`;
+    }
 
     for (const [clientId, client] of Object.entries(config.clients)) {
       if (!client.enabled) continue;
@@ -211,13 +229,23 @@ ${client.preSharedKey ? `PresharedKey = ${client.preSharedKey}\n` : ''
   async getClientConfiguration({ clientId }) {
     const config = await this.getConfig();
     const client = await this.getClient({ clientId });
-
+    const asc = WG_ASC_JC ? `
+Jc = ${WG_ASC_JC}
+Jmin = ${WG_ASC_JMIN}
+Jmax = ${WG_ASC_JMAX}
+S1 = ${WG_ASC_S1}
+S2 = ${WG_ASC_S2}
+H1 = ${WG_ASC_H1}
+H2 = ${WG_ASC_H2}
+H3 = ${WG_ASC_H3}
+H4 = ${WG_ASC_H4}` : '';
     return `
 [Interface]
 PrivateKey = ${client.privateKey ? `${client.privateKey}` : 'REPLACE_ME'}
 Address = ${client.address}/24
 ${WG_DEFAULT_DNS ? `DNS = ${WG_DEFAULT_DNS}\n` : ''}\
 ${WG_MTU ? `MTU = ${WG_MTU}\n` : ''}\
+${asc}
 
 [Peer]
 PublicKey = ${config.server.publicKey}