Feat: Rewrite Wireguard to use Database (#1345)

* update wireguard * update * update * remove all config * move all features into one route * improve code * fix some issues
9 months ago · 5a1ae6e1c6
39 changed files with 463 additions and 568 deletions
--- a/.gitignore
+++ b/.gitignore
@ -4,5 +4,3 @@
 /src/node_modules
 .DS_Store
 *.swp
 # lowdb data file
 db.json
--- a/src/app/app.vue
+++ b/src/app/app.vue
@ -8,13 +8,8 @@
 <script setup lang="ts">
 const globalStore = useGlobalStore();
-globalStore.fetchTrafficStats();
+globalStore.fetchFeatures();
 globalStore.fetchChartType();
 globalStore.fetchRelease();
 globalStore.fetchOneTimeLinks();
 globalStore.fetchSortClients();
 globalStore.fetchExpireTime();
 globalStore.fetchRememberMe();
 useHead({
  bodyAttrs: {
    class: 'bg-gray-50 dark:bg-neutral-800',
--- a/src/app/components/Client/Charts.vue
+++ b/src/app/components/Client/Charts.vue
@ -1,13 +1,13 @@
 <template>
  <div
-    v-if="globalStore.uiChartType"
+    v-if="globalStore.features.trafficStats.type"
-    :class="`absolute z-0 bottom-0 left-0 right-0 h-6 ${globalStore.uiChartType === 1 && 'line-chart'}`"
+    :class="`absolute z-0 bottom-0 left-0 right-0 h-6 ${globalStore.features.trafficStats.type === 1 && 'line-chart'}`"
  >
    <UiChart :options="chartOptionsTX" :series="client.transferTxSeries" />
  </div>
  <div
-    v-if="globalStore.uiChartType"
+    v-if="globalStore.features.trafficStats.type"
-    :class="`absolute z-0 top-0 left-0 right-0 h-6 ${globalStore.uiChartType === 1 && 'line-chart'}`"
+    :class="`absolute z-0 top-0 left-0 right-0 h-6 ${globalStore.features.trafficStats.type === 1 && 'line-chart'}`"
  >
    <UiChart
      :options="chartOptionsRX"
@ -32,8 +32,10 @@ const chartOptionsTX = computed(() => {
    ...chartOptions,
    colors: [CHART_COLORS.tx[theme.value]],
  };
-  opts.chart.type = UI_CHART_TYPES[globalStore.uiChartType]?.type || undefined;
+  opts.chart.type =
-  opts.stroke.width = UI_CHART_TYPES[globalStore.uiChartType]?.strokeWidth ?? 0;
+    UI_CHART_TYPES[globalStore.features.trafficStats.type]?.type || undefined;
  opts.stroke.width =
    UI_CHART_TYPES[globalStore.features.trafficStats.type]?.strokeWidth ?? 0;
  return opts;
 });
@ -42,8 +44,10 @@ const chartOptionsRX = computed(() => {
    ...chartOptions,
    colors: [CHART_COLORS.rx[theme.value]],
  };
-  opts.chart.type = UI_CHART_TYPES[globalStore.uiChartType]?.type || undefined;
+  opts.chart.type =
-  opts.stroke.width = UI_CHART_TYPES[globalStore.uiChartType]?.strokeWidth ?? 0;
+    UI_CHART_TYPES[globalStore.features.trafficStats.type]?.type || undefined;
  opts.stroke.width =
    UI_CHART_TYPES[globalStore.features.trafficStats.type]?.strokeWidth ?? 0;
  return opts;
 });
--- a/src/app/components/Client/Client.vue
+++ b/src/app/components/Client/Client.vue
@ -14,7 +14,7 @@
          >
            <ClientAddress :client="client" />
            <ClientInlineTransfer
-              v-if="!globalStore.uiTrafficStats"
+              v-if="!globalStore.features.trafficStats.enabled"
              :client="client"
            />
            <ClientLastSeen :client="client" />
@ -25,7 +25,7 @@
        <!-- Info -->
        <div
-          v-if="globalStore.uiTrafficStats"
+          v-if="globalStore.features.trafficStats.enabled"
          class="flex gap-2 items-center shrink-0 text-gray-400 dark:text-neutral-400 text-xs mt-px justify-end"
        >
          <ClientTransfer :client="client" />
--- a/src/app/components/Client/ExpireDate.vue
+++ b/src/app/components/Client/ExpireDate.vue
@ -1,6 +1,6 @@
 <template>
  <div
-    v-show="globalStore.enableExpireTime"
+    v-show="globalStore.features.clientExpiration.enabled"
    class="block md:inline-block pb-1 md:pb-0 text-gray-500 dark:text-neutral-400 text-xs"
  >
    <span class="group">
@ -24,7 +24,7 @@
      <span
        v-show="clientEditExpireDateId !== client.id"
        class="inline-block"
-        >{{ expiredDateFormat(client.expireAt) }}</span
+        >{{ expiredDateFormat(client.expiresAt) }}</span
      >
      <!-- Edit -->
@ -32,8 +32,8 @@
        v-show="clientEditExpireDateId !== client.id"
        class="cursor-pointer opacity-0 group-hover:opacity-100 transition-opacity"
        @click="
-          clientEditExpireDate = client.expireAt
+          clientEditExpireDate = client.expiresAt
-            ? client.expireAt.slice(0, 10)
+            ? client.expiresAt.slice(0, 10)
            : 'yyyy-mm-dd';
          clientEditExpireDateId = client.id;
          nextTick(() => clientExpireDateInput?.select());
--- a/src/app/components/Client/LastSeen.vue
+++ b/src/app/components/Client/LastSeen.vue
@ -4,7 +4,7 @@
    class="text-gray-400 dark:text-neutral-500 whitespace-nowrap"
    :title="$t('lastSeen') + dateTime(new Date(client.latestHandshakeAt))"
  >
-    {{ !globalStore.uiTrafficStats ? ' · ' : ''
+    {{ !globalStore.features.trafficStats.enabled ? ' · ' : ''
    }}{{ timeago(new Date(client.latestHandshakeAt)) }}
  </span>
 </template>
--- a/src/app/components/Client/OneTimeLink.vue
+++ b/src/app/components/Client/OneTimeLink.vue
@ -1,9 +1,7 @@
 <template>
  <div
    v-if="
-      globalStore.enableOneTimeLinks &&
+      globalStore.features.oneTimeLinks.enabled && client.oneTimeLink !== null
      client.oneTimeLink !== null &&
      client.oneTimeLink !== ''
    "
    :ref="'client-' + client.id + '-link'"
    class="text-gray-400 text-xs"
--- a/src/app/components/Client/OneTimeLinkBtn.vue
+++ b/src/app/components/Client/OneTimeLinkBtn.vue
@ -1,6 +1,6 @@
 <template>
  <button
-    v-if="globalStore.enableOneTimeLinks"
+    v-if="globalStore.features.oneTimeLinks.enabled"
    :disabled="!client.downloadableConfig"
    class="align-middle inline-block bg-gray-100 dark:bg-neutral-600 dark:text-neutral-300 p-2 rounded transition"
    :class="{
--- a/src/app/components/Clients/CreateDialog.vue
+++ b/src/app/components/Clients/CreateDialog.vue
@ -71,7 +71,10 @@
                  />
                </p>
              </div>
-              <div v-show="globalStore.enableExpireTime" class="mt-2">
+              <div
                v-show="globalStore.features.clientExpiration.enabled"
                class="mt-2"
              >
                <p class="text-sm text-gray-500">
                  <label
                    class="block text-gray-900 dark:text-neutral-200 text-sm font-bold mb-2"
--- a/src/app/components/Clients/Sort.vue
+++ b/src/app/components/Clients/Sort.vue
@ -1,6 +1,6 @@
 <template>
  <button
-    v-if="globalStore.enableSortClient"
+    v-if="globalStore.features.sortClients.enabled"
    class="hover:bg-red-800 hover:border-red-800 hover:text-white text-gray-700 dark:text-neutral-200 max-md:border-x-0 border-2 border-gray-100 dark:border-neutral-600 py-2 px-4 md:rounded inline-flex items-center transition"
    @click="globalStore.sortClient = !globalStore.sortClient"
  >
--- a/src/app/layouts/Header.vue
+++ b/src/app/layouts/Header.vue
@ -36,7 +36,7 @@
        </button>
        <!-- Show / hide charts -->
        <label
-          v-if="globalStore.uiChartType > 0"
+          v-if="globalStore.features.trafficStats.type > 0"
          class="inline-flex items-center justify-center cursor-pointer w-8 h-8 rounded-full bg-gray-200 hover:bg-gray-300 dark:bg-neutral-700 dark:hover:bg-neutral-600 whitespace-nowrap transition group"
          :title="$t('toggleCharts')"
        >
@ -96,8 +96,6 @@ const currentRelease = ref<null | number>(null);
 const latestRelease = ref<null | { version: number; changelog: string }>(null);
 const theme = useTheme();
 globalStore.fetchChartType();
 const uiShowCharts = ref(getItem('uiShowCharts') === '1');
 function toggleTheme() {
--- a/src/app/pages/login.vue
+++ b/src/app/pages/login.vue
@ -37,7 +37,6 @@
      />
      <label
        v-if="globalStore.rememberMeEnabled"
        class="inline-block mb-5 cursor-pointer whitespace-nowrap"
        :title="$t('titleRememberMe')"
      >
@ -89,7 +88,6 @@ const remember = ref(false);
 const username = ref<null | string>(null);
 const password = ref<null | string>(null);
 const authStore = useAuthStore();
 const globalStore = useGlobalStore();
 async function login(e: Event) {
  e.preventDefault();
--- a/src/app/stores/auth.ts
+++ b/src/app/stores/auth.ts
@ -5,7 +5,7 @@ export const useAuthStore = defineStore('Auth', () => {
   * @throws if unsuccessful
   */
  async function signup(username: string, password: string) {
-    const response = await api.newAccount({ username, password });
+    const response = await api.createAccount({ username, password });
    return response.success;
  }
--- a/src/app/stores/clients.ts
+++ b/src/app/stores/clients.ts
@ -108,7 +108,10 @@ export const useClientsStore = defineStore('Clients', () => {
      };
    });
-    if (globalStore.enableSortClient && transformedClients !== undefined) {
+    if (
      globalStore.features.sortClients.enabled &&
      transformedClients !== undefined
    ) {
      transformedClients = sortByProperty(
        transformedClients,
        'name',
--- a/src/app/stores/global.ts
+++ b/src/app/stores/global.ts
@ -1,17 +1,26 @@
 import { defineStore } from 'pinia';
 export const useGlobalStore = defineStore('Global', () => {
  const uiChartType = ref(0);
  const uiShowCharts = ref(getItem('uiShowCharts') === '1');
  const currentRelease = ref<null | number>(null);
  const latestRelease = ref<null | { version: number; changelog: string }>(
    null
  );
-  const uiTrafficStats = ref(false);
+  const features = ref({
-  const rememberMeEnabled = ref(false);
+    trafficStats: {
-  const enableExpireTime = ref(false);
+      enabled: false,
-  const enableOneTimeLinks = ref(false);
+      type: 0,
-  const enableSortClient = ref(false);
+    },
    sortClients: {
      enabled: false,
    },
    clientExpiration: {
      enabled: false,
    },
    oneTimeLinks: {
      enabled: false,
    },
  });
  const sortClient = ref(true); // Sort clients by name, true = asc, false = desc
  const { availableLocales, locale } = useI18n();
@ -40,56 +49,23 @@ export const useGlobalStore = defineStore('Global', () => {
    latestRelease.value = release.value!.latestRelease;
  }
-  async function fetchChartType() {
+  async function fetchFeatures() {
-    const { data: chartType } = await api.getChartType();
+    const { data: apiFeatures } = await api.getFeatures();
-    uiChartType.value = chartType.value ?? 0;
+    if (apiFeatures.value) {
-  }
+      features.value = apiFeatures.value;
  async function fetchTrafficStats() {
    const { data: trafficStats } = await api.getTrafficStats();
    uiTrafficStats.value = trafficStats.value ?? false;
  }
  async function fetchOneTimeLinks() {
    const { data: oneTimeLinks } = await api.getEnableOneTimeLinks();
    enableOneTimeLinks.value = oneTimeLinks.value ?? false;
    }
  async function fetchSortClients() {
    const { data: sortClients } = await api.getSortClients();
    enableSortClient.value = sortClients.value ?? false;
  }
  async function fetchExpireTime() {
    const { data: expireTime } = await api.getEnableExpireTime();
    enableExpireTime.value = expireTime.value ?? false;
  }
  async function fetchRememberMe() {
    const { data: rememberMe } = await api.getRememberMeEnabled();
    rememberMeEnabled.value = rememberMe.value ?? false;
  }
  const updateCharts = computed(() => {
-    return uiChartType.value > 0 && uiShowCharts.value;
+    return features.value.trafficStats.type > 0 && uiShowCharts.value;
  });
  return {
    uiChartType,
    uiShowCharts,
    uiTrafficStats,
    updateCharts,
    rememberMeEnabled,
    enableSortClient,
    sortClient,
-    enableExpireTime,
+    features,
    enableOneTimeLinks,
    fetchRelease,
-    fetchChartType,
+    fetchFeatures,
    fetchTrafficStats,
    fetchOneTimeLinks,
    fetchSortClients,
    fetchExpireTime,
    fetchRememberMe,
  };
 });
--- a/src/app/utils/api.ts
+++ b/src/app/utils/api.ts
@ -11,36 +11,6 @@ class API {
    });
  }
  async getRememberMeEnabled() {
    return useFetch('/api/remember-me', {
      method: 'get',
    });
  }
  async getTrafficStats() {
    return useFetch('/api/ui-traffic-stats', {
      method: 'get',
    });
  }
  async getChartType() {
    return useFetch('/api/ui-chart-type', {
      method: 'get',
    });
  }
  async getEnableOneTimeLinks() {
    return useFetch('/api/wg-enable-one-time-links', {
      method: 'get',
    });
  }
  async getEnableExpireTime() {
    return useFetch('/api/wg-enable-expire-time', {
      method: 'get',
    });
  }
  async getSession() {
    // TODO?: use useFetch
    return $fetch('/api/session', {
@ -158,13 +128,7 @@ class API {
    });
  }
-  async getSortClients() {
+  async createAccount({
    return useFetch('/api/ui-sort-clients', {
      method: 'get',
    });
  }
  async newAccount({
    username,
    password,
  }: {
@ -176,6 +140,12 @@ class API {
      body: { username, password },
    });
  }
  async getFeatures() {
    return useFetch('/api/features', {
      method: 'get',
    });
  }
 }
 type WGClientReturn = Awaited<
--- a/src/server/api/cnf/[clientOneTimeLink].ts
+++ b/src/server/api/cnf/[clientOneTimeLink].ts
@ -1,30 +1,32 @@
 export default defineEventHandler(async (event) => {
  const system = await Database.getSystem();
  if (!system)
    throw createError({
      statusCode: 500,
      statusMessage: 'Invalid',
    });
  if (!system.oneTimeLinks.enabled) {
    throw createError({
-      status: 404,
+      statusCode: 404,
-      message: 'Invalid state',
+      statusMessage: 'Invalid state',
    });
  }
-  // TODO: validate with zod
+  const { oneTimeLink } = await getValidatedRouterParams(
-  const clientOneTimeLink = getRouterParam(event, 'clientOneTimeLink');
+    event,
    validateZod(oneTimeLinkType)
  );
  const clients = await WireGuard.getClients();
  const client = clients.find(
-    (client) => client.oneTimeLink === clientOneTimeLink
+    (client) => client.oneTimeLink?.oneTimeLink === oneTimeLink
  );
-  if (!client) return;
+  if (!client) {
    throw createError({
      statusCode: 404,
      statusMessage: 'Invalid One Time Link',
    });
  }
  const clientId = client.id;
  const config = await WireGuard.getClientConfiguration({ clientId });
  await WireGuard.eraseOneTimeLink({ clientId });
  setHeader(
    event,
    'Content-Disposition',
-    `attachment; filename="${clientOneTimeLink}.conf"`
+    `attachment; filename="${client.name}.conf"`
  );
  setHeader(event, 'Content-Type', 'text/plain');
  return config;
--- a/src/server/api/features.get.ts
+++ b/src/server/api/features.get.ts
@ -0,0 +1,9 @@
 export default defineEventHandler(async () => {
  const system = await Database.getSystem();
  return {
    trafficStats: system.trafficStats,
    sortClients: system.sortClients,
    clientExpiration: system.clientExpiration,
    oneTimeLinks: system.oneTimeLinks,
  };
 });
--- a/src/server/api/release.get.ts
+++ b/src/server/api/release.get.ts
@ -1,11 +1,5 @@
 export default defineEventHandler(async () => {
  const system = await Database.getSystem();
  if (!system)
    throw createError({
      statusCode: 500,
      statusMessage: 'Invalid',
    });
  const latestRelease = await fetchLatestRelease();
  return {
    currentRelease: system.release,
--- a/src/server/api/remember-me.get.ts
+++ b/src/server/api/remember-me.get.ts
@ -1,5 +0,0 @@
 export default defineEventHandler(async (event) => {
  setHeader(event, 'Content-Type', 'application/json');
  // TODO: enable by default
  return MAX_AGE > 0;
 });
--- a/src/server/api/session.post.ts
+++ b/src/server/api/session.post.ts
@ -23,17 +23,13 @@ export default defineEventHandler(async (event) => {
  }
  const system = await Database.getSystem();
  if (!system)
    throw createError({
      statusCode: 500,
      statusMessage: 'Invalid',
    });
  const conf: SessionConfig = system.sessionConfig;
-  if (MAX_AGE && remember) {
+
  if (remember) {
    conf.cookie = {
      ...(system.sessionConfig.cookie ?? {}),
-      maxAge: MAX_AGE,
+      maxAge: system.cookieMaxAge * 60,
    };
  }
--- a/src/server/api/ui-chart-type.get.ts
+++ b/src/server/api/ui-chart-type.get.ts
@ -1,11 +0,0 @@
 export default defineEventHandler(async (event) => {
  setHeader(event, 'Content-Type', 'application/json');
  const system = await Database.getSystem();
  if (!system)
    throw createError({
      statusCode: 500,
      statusMessage: 'Invalid',
    });
  return system.trafficStats.type;
 });
--- a/src/server/api/ui-sort-clients.get.ts
+++ b/src/server/api/ui-sort-clients.get.ts
@ -1,11 +0,0 @@
 export default defineEventHandler(async (event) => {
  setHeader(event, 'Content-Type', 'application/json');
  const system = await Database.getSystem();
  if (!system)
    throw createError({
      statusCode: 500,
      statusMessage: 'Invalid',
    });
  return system.sortClients.enabled;
 });
--- a/src/server/api/ui-traffic-stats.get.ts
+++ b/src/server/api/ui-traffic-stats.get.ts
@ -1,11 +0,0 @@
 export default defineEventHandler(async (event) => {
  setHeader(event, 'Content-Type', 'application/json');
  const system = await Database.getSystem();
  if (!system)
    throw createError({
      statusCode: 500,
      statusMessage: 'Invalid',
    });
  return system.trafficStats.enabled;
 });
--- a/src/server/api/wg-enable-expire-time.get.ts
+++ b/src/server/api/wg-enable-expire-time.get.ts
@ -1,11 +0,0 @@
 export default defineEventHandler(async (event) => {
  setHeader(event, 'Content-Type', 'application/json');
  const system = await Database.getSystem();
  if (!system)
    throw createError({
      statusCode: 500,
      statusMessage: 'Invalid',
    });
  return system.clientExpiration.enabled;
 });
--- a/src/server/api/wg-enable-one-time-links.get.ts
+++ b/src/server/api/wg-enable-one-time-links.get.ts
@ -1,11 +0,0 @@
 export default defineEventHandler(async (event) => {
  setHeader(event, 'Content-Type', 'application/json');
  const system = await Database.getSystem();
  if (!system)
    throw createError({
      statusCode: 500,
      statusMessage: 'Invalid',
    });
  return system.oneTimeLinks.enabled;
 });
--- a/src/server/api/wireguard/client/[clientId]/generateOneTimeLink.post.ts
+++ b/src/server/api/wireguard/client/[clientId]/generateOneTimeLink.post.ts
@ -1,5 +1,6 @@
 export default defineEventHandler(async (event) => {
-  if (WG_ENABLE_ONE_TIME_LINKS === 'false') {
+  const system = await Database.getSystem();
  if (!system.oneTimeLinks.enabled) {
    throw createError({
      status: 404,
      message: 'Invalid state',
--- a/src/server/middleware/session.ts
+++ b/src/server/middleware/session.ts
@ -2,12 +2,12 @@ export default defineEventHandler(async (event) => {
  const url = getRequestURL(event);
  if (
    !url.pathname.startsWith('/api/') ||
    // TODO: only allowed on onboarding!
    url.pathname === '/api/account/new' ||
    url.pathname === '/api/session' ||
    url.pathname === '/api/lang' ||
    url.pathname === '/api/release' ||
-    url.pathname === '/api/ui-chart-type' ||
+    url.pathname === '/api/features'
    url.pathname === '/api/ui-traffic-stats'
  ) {
    return;
  }
--- a/src/server/middleware/setup.ts
+++ b/src/server/middleware/setup.ts
@ -4,7 +4,8 @@ export default defineEventHandler(async (event) => {
  if (
    url.pathname.startsWith('/setup') ||
-    url.pathname === '/api/account/new'
+    url.pathname === '/api/account/new' ||
    url.pathname === '/api/features'
  ) {
    return;
  }
--- a/src/server/utils/Database.ts
+++ b/src/server/utils/Database.ts
@ -13,5 +13,4 @@ provider.connect().catch((err) => {
 });
 // TODO: check if old config exists and tell user about migration path
 export default provider;
--- a/src/server/utils/WireGuard.ts
+++ b/src/server/utils/WireGuard.ts
@ -1,127 +1,39 @@
 import fs from 'node:fs/promises';
 import path from 'path';
-import debug_logger from 'debug';
+import debug from 'debug';
 import crypto from 'node:crypto';
 import QRCode from 'qrcode';
 import CRC32 from 'crc-32';
-const debug = debug_logger('WireGuard');
+import type { NewClient } from '~~/services/database/repositories/client';
-type Server = {
+const DEBUG = debug('WireGuard');
  privateKey: string;
  publicKey: string;
  address: string;
 };
 type Client = {
  id: string;
  name: string;
  address: string;
  privateKey: string;
  publicKey: string;
  preSharedKey: string;
  createdAt: string;
  updatedAt: string;
  expireAt: string | null;
  endpoint: string | null;
  enabled: boolean;
  allowedIPs?: never;
  oneTimeLink: string | null;
  oneTimeLinkExpiresAt: string | null;
 };
 type Config = {
  server: Server;
  clients: Record<string, Client>;
 };
 class WireGuard {
  #configCache: Config | null = null;
  async __buildConfig() {
    if (!WG_HOST) {
      throw new Error('WG_HOST Environment Variable Not Set!');
    }
    debug('Loading configuration...');
    this.#configCache = null;
    try {
      const config = await fs.readFile(path.join(WG_PATH, 'wg0.json'), 'utf8');
      const parsedConfig = JSON.parse(config);
      debug('Configuration loaded.');
      return parsedConfig as Config;
    } catch {
      const privateKey = await exec('wg genkey');
      const publicKey = await exec(`echo ${privateKey} | wg pubkey`, {
        log: 'echo ***hidden*** | wg pubkey',
      });
      const address = WG_DEFAULT_ADDRESS.replace('x', '1');
      const config: Config = {
        server: {
          privateKey,
          publicKey,
          address,
        },
        clients: {},
      };
      debug('Configuration generated.');
      return config;
    }
  }
  async getConfig(): Promise<Config> {
    if (this.#configCache !== null) {
      return this.#configCache;
    }
    const config = await this.__buildConfig();
    await this.__saveConfig(config);
    await exec('wg-quick down wg0').catch(() => {});
    await exec('wg-quick up wg0').catch((err) => {
      if (
        err &&
        err.message &&
        err.message.includes('Cannot find device "wg0"')
      ) {
        throw new Error(
          'WireGuard exited with the error: Cannot find device "wg0"\nThis usually means that your host\'s kernel does not support WireGuard!'
        );
      }
      throw err;
    });
    // await Util.exec(`iptables -t nat -A POSTROUTING -s ${WG_DEFAULT_ADDRESS.replace('x', '0')}/24 -o ' + WG_DEVICE + ' -j MASQUERADE`);
    // await Util.exec('iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT');
    // await Util.exec('iptables -A FORWARD -i wg0 -j ACCEPT');
    // await Util.exec('iptables -A FORWARD -o wg0 -j ACCEPT');
    await this.__syncConfig();
    this.#configCache = config;
    return this.#configCache;
  }
  async saveConfig() {
-    const config = await this.getConfig();
+    await this.#saveWireguardConfig();
-    await this.__saveConfig(config);
+    await this.#syncWireguardConfig();
    await this.__syncConfig();
  }
-  async __saveConfig(config: Config) {
+  async #saveWireguardConfig() {
    const system = await Database.getSystem();
    const clients = await Database.getClients();
    let result = `
 # Note: Do not edit this file directly.
 # Your changes will be overwritten!
 # Server
 [Interface]
-PrivateKey = ${config.server.privateKey}
+PrivateKey = ${system.interface.privateKey}
-Address = ${config.server.address}/24
+Address = ${system.interface.address}/24
-ListenPort = ${WG_PORT}
+ListenPort = ${system.wgPort}
-PreUp = ${WG_PRE_UP}
+PreUp = ${system.iptables.PreUp}
-PostUp = ${WG_POST_UP}
+PostUp = ${system.iptables.PostUp}
-PreDown = ${WG_PRE_DOWN}
+PreDown = ${system.iptables.PreDown}
-PostDown = ${WG_POST_DOWN}
+PostDown = ${system.iptables.PostDown}
 `;
-    for (const [clientId, client] of Object.entries(config.clients)) {
+    for (const [clientId, client] of Object.entries(clients)) {
      if (!client.enabled) continue;
      result += `
@ -134,30 +46,22 @@ ${
 }AllowedIPs = ${client.address}/32`;
    }
-    debug('Config saving...');
+    DEBUG('Config saving...');
-    await fs.writeFile(
+    await fs.writeFile(path.join('/etc/wireguard', 'wg0.conf'), result, {
      path.join(WG_PATH, 'wg0.json'),
      JSON.stringify(config, undefined, 2),
      {
        mode: 0o660,
      }
    );
    await fs.writeFile(path.join(WG_PATH, 'wg0.conf'), result, {
      mode: 0o600,
    });
-    debug('Config saved.');
+    DEBUG('Config saved.');
  }
-  async __syncConfig() {
+  async #syncWireguardConfig() {
-    debug('Config syncing...');
+    DEBUG('Config syncing...');
    await exec('wg syncconf wg0 <(wg-quick strip wg0)');
-    debug('Config synced.');
+    DEBUG('Config synced.');
  }
  async getClients() {
-    const config = await this.getConfig();
+    const dbClients = await Database.getClients();
-    const clients = Object.entries(config.clients).map(
+    const clients = Object.entries(dbClients).map(([clientId, client]) => ({
      ([clientId, client]) => ({
      id: clientId,
      name: client.name,
      enabled: client.enabled,
@ -165,18 +69,16 @@ ${
      publicKey: client.publicKey,
      createdAt: new Date(client.createdAt),
      updatedAt: new Date(client.updatedAt),
-        expireAt: client.expireAt !== null ? new Date(client.expireAt) : null,
+      expiresAt: client.expiresAt,
      allowedIPs: client.allowedIPs,
-        oneTimeLink: client.oneTimeLink ?? null,
+      oneTimeLink: client.oneTimeLink,
        oneTimeLinkExpiresAt: client.oneTimeLinkExpiresAt ?? null,
      downloadableConfig: 'privateKey' in client,
      persistentKeepalive: null as string | null,
      latestHandshakeAt: null as Date | null,
      endpoint: null as string | null,
      transferRx: null as number | null,
      transferTx: null as number | null,
-      })
+    }));
    );
    // Loop WireGuard status
    const dump = await exec('wg show wg0 dump', {
@ -215,8 +117,7 @@ ${
  }
  async getClient({ clientId }: { clientId: string }) {
-    const config = await this.getConfig();
+    const client = await Database.getClient(clientId);
    const client = config.clients[clientId];
    if (!client) {
      throw createError({
        statusCode: 404,
@ -228,23 +129,22 @@ ${
  }
  async getClientConfiguration({ clientId }: { clientId: string }) {
-    const config = await this.getConfig();
+    const system = await Database.getSystem();
    const client = await this.getClient({ clientId });
    return `
 [Interface]
 PrivateKey = ${client.privateKey ? `${client.privateKey}` : 'REPLACE_ME'}
 Address = ${client.address}/24
-${WG_DEFAULT_DNS ? `DNS = ${WG_DEFAULT_DNS}\n` : ''}\
+DNS = ${system.userConfig.defaultDns.join(',')}
-${WG_MTU ? `MTU = ${WG_MTU}\n` : ''}\
+MTU = ${system.userConfig.mtu}
 [Peer]
-PublicKey = ${config.server.publicKey}
+PublicKey = ${system.interface.publicKey}
-${
+PresharedKey = ${client.preSharedKey}
-  client.preSharedKey ? `PresharedKey = ${client.preSharedKey}\n` : ''
+AllowedIPs = ${client.allowedIPs}
-}AllowedIPs = ${WG_ALLOWED_IPS}
+PersistentKeepalive = ${client.persistentKeepalive}
-PersistentKeepalive = ${WG_PERSISTENT_KEEPALIVE}
+Endpoint = ${system.wgHost}:${system.wgConfigPort}`;
 Endpoint = ${WG_HOST}:${WG_CONFIG_PORT}`;
  }
  async getClientQRCodeSVG({ clientId }: { clientId: string }) {
@ -266,7 +166,8 @@ Endpoint = ${WG_HOST}:${WG_CONFIG_PORT}`;
      throw new Error('Missing: Name');
    }
-    const config = await this.getConfig();
+    const system = await Database.getSystem();
    const clients = await Database.getClients();
    const privateKey = await exec('wg genkey');
    const publicKey = await exec(`echo ${privateKey} | wg pubkey`, {
@ -274,15 +175,19 @@ Endpoint = ${WG_HOST}:${WG_CONFIG_PORT}`;
    });
    const preSharedKey = await exec('wg genpsk');
    // TODO: cidr
    // Calculate next IP
    let address;
    for (let i = 2; i < 255; i++) {
-      const client = Object.values(config.clients).find((client) => {
+      const client = Object.values(clients).find((client) => {
-        return client.address === WG_DEFAULT_ADDRESS.replace('x', i.toString());
+        return (
          client.address ===
          system.userConfig.addressRange.replace('x', i.toString())
        );
      });
      if (!client) {
-        address = WG_DEFAULT_ADDRESS.replace('x', i.toString());
+        address = system.userConfig.addressRange.replace('x', i.toString());
        break;
      }
    }
@ -293,22 +198,20 @@ Endpoint = ${WG_HOST}:${WG_CONFIG_PORT}`;
    // Create Client
    const id = crypto.randomUUID();
-    const client: Client = {
+
    const client: NewClient = {
      id,
      name,
      address,
      privateKey,
      publicKey,
      preSharedKey,
      createdAt: new Date().toISOString(),
      updatedAt: new Date().toISOString(),
      endpoint: null,
      oneTimeLink: null,
-      oneTimeLinkExpiresAt: null,
+      expiresAt: null,
      expireAt: null,
      enabled: true,
      allowedIPs: system.userConfig.allowedIps,
      persistentKeepalive: system.userConfig.persistentKeepalive,
    };
    if (expireDate) {
@ -316,10 +219,10 @@ Endpoint = ${WG_HOST}:${WG_CONFIG_PORT}`;
      date.setHours(23);
      date.setMinutes(59);
      date.setSeconds(59);
-      client.expireAt = date.toISOString();
+      client.expiresAt = date;
    }
-    config.clients[id] = client;
+    await Database.createClient(client);
    await this.saveConfig();
@ -327,48 +230,34 @@ Endpoint = ${WG_HOST}:${WG_CONFIG_PORT}`;
  }
  async deleteClient({ clientId }: { clientId: string }) {
-    const config = await this.getConfig();
+    await Database.deleteClient(clientId);
    if (config.clients[clientId]) {
      // eslint-disable-next-line @typescript-eslint/no-dynamic-delete
      delete config.clients[clientId];
    await this.saveConfig();
  }
  }
  async enableClient({ clientId }: { clientId: string }) {
-    const client = await this.getClient({ clientId });
+    await Database.toggleClient(clientId, true);
    client.enabled = true;
    client.updatedAt = new Date().toISOString();
    await this.saveConfig();
  }
  async generateOneTimeLink({ clientId }: { clientId: string }) {
    const client = await this.getClient({ clientId });
    const key = `${clientId}-${Math.floor(Math.random() * 1000)}`;
-    client.oneTimeLink = Math.abs(CRC32.str(key)).toString(16);
+    const oneTimeLink = Math.abs(CRC32.str(key)).toString(16);
-    client.oneTimeLinkExpiresAt = new Date(
+    const expiresAt = new Date(Date.now() + 5 * 60 * 1000);
-      Date.now() + 5 * 60 * 1000
+    await Database.createOneTimeLink(clientId, {
-    ).toISOString();
+      oneTimeLink,
-    client.updatedAt = new Date().toISOString();
+      expiresAt,
    });
    await this.saveConfig();
  }
  async eraseOneTimeLink({ clientId }: { clientId: string }) {
-    const client = await this.getClient({ clientId });
+    await Database.deleteOneTimeLink(clientId);
    client.oneTimeLink = null;
    client.oneTimeLinkExpiresAt = null;
    client.updatedAt = new Date().toISOString();
    await this.saveConfig();
  }
  async disableClient({ clientId }: { clientId: string }) {
-    const client = await this.getClient({ clientId });
+    await Database.toggleClient(clientId, false);
    client.enabled = false;
    client.updatedAt = new Date().toISOString();
    await this.saveConfig();
  }
@ -380,10 +269,7 @@ Endpoint = ${WG_HOST}:${WG_CONFIG_PORT}`;
    clientId: string;
    name: string;
  }) {
-    const client = await this.getClient({ clientId });
+    await Database.updateClientName(clientId, name);
    client.name = name;
    client.updatedAt = new Date().toISOString();
    await this.saveConfig();
  }
@ -395,8 +281,6 @@ Endpoint = ${WG_HOST}:${WG_CONFIG_PORT}`;
    clientId: string;
    address: string;
  }) {
    const client = await this.getClient({ clientId });
    if (!isValidIPv4(address)) {
      throw createError({
        statusCode: 400,
@ -404,8 +288,7 @@ Endpoint = ${WG_HOST}:${WG_CONFIG_PORT}`;
      });
    }
-    client.address = address;
+    await Database.updateClientAddress(clientId, address);
    client.updatedAt = new Date().toISOString();
    await this.saveConfig();
  }
@ -417,42 +300,81 @@ Endpoint = ${WG_HOST}:${WG_CONFIG_PORT}`;
    clientId: string;
    expireDate: string | null;
  }) {
-    const client = await this.getClient({ clientId });
+    let updatedDate: Date | null = null;
    if (expireDate) {
      const date = new Date(expireDate);
      date.setHours(23);
      date.setMinutes(59);
      date.setSeconds(59);
-      client.expireAt = date.toISOString();
+      updatedDate = date;
    } else {
      client.expireAt = null;
    }
    client.updatedAt = new Date().toISOString();
-    await this.saveConfig();
+    await Database.updateClientExpirationDate(clientId, updatedDate);
  }
-  async __reloadConfig() {
+    await this.saveConfig();
    await this.__buildConfig();
    await this.__syncConfig();
  }
-  async restoreConfiguration(config: string) {
+  // TODO: reimplement database restore
-    debug('Starting configuration restore process.');
+  async restoreConfiguration(_config: string) {
    /* DEBUG('Starting configuration restore process.');
    // TODO: sanitize config
    const _config = JSON.parse(config);
    await this.__saveConfig(_config);
    await this.__reloadConfig();
-    debug('Configuration restore process completed.');
+    DEBUG('Configuration restore process completed.'); */
  }
  // TODO: reimplement database restore
  async backupConfiguration() {
-    debug('Starting configuration backup.');
+    /* DEBUG('Starting configuration backup.');
    const config = await this.getConfig();
    const backup = JSON.stringify(config, null, 2);
-    debug('Configuration backup completed.');
+    DEBUG('Configuration backup completed.');
-    return backup;
+    return backup; */
  }
  async Startup() {
    // TODO: improve this
    await new Promise((res) => {
      function wait() {
        if (Database.connected) {
          return res(true);
        }
      }
      setTimeout(wait, 1000);
    });
    DEBUG('Starting Wireguard');
    await this.#saveWireguardConfig();
    await exec('wg-quick down wg0').catch(() => {});
    await exec('wg-quick up wg0').catch((err) => {
      if (
        err &&
        err.message &&
        err.message.includes('Cannot find device "wg0"')
      ) {
        throw new Error(
          'WireGuard exited with the error: Cannot find device "wg0"\nThis usually means that your host\'s kernel does not support WireGuard!'
        );
      }
      throw err;
    });
    await this.#syncWireguardConfig();
    DEBUG('Wireguard started successfully');
    DEBUG('Starting Cron Job');
    await this.startCronJob();
  }
  async startCronJob() {
    await this.cronJob().catch((err) => {
      DEBUG('Running Cron Job failed.');
      console.error(err);
    });
    setTimeout(() => {
      this.startCronJob();
    }, 60 * 1000);
  }
  // Shutdown wireguard
@ -460,46 +382,30 @@ Endpoint = ${WG_HOST}:${WG_CONFIG_PORT}`;
    await exec('wg-quick down wg0').catch(() => {});
  }
-  async cronJobEveryMinute() {
+  async cronJob() {
-    const config = await this.getConfig();
+    const clients = await Database.getClients();
    const system = await Database.getSystem();
    if (!system) {
      throw new Error('Invalid Database');
    }
    let needSaveConfig = false;
    // Expires Feature
    if (system.clientExpiration.enabled) {
-      for (const client of Object.values(config.clients)) {
+      for (const client of Object.values(clients)) {
        if (client.enabled !== true) continue;
-        if (
+        if (client.expiresAt !== null && new Date() > client.expiresAt) {
-          client.expireAt !== null &&
+          DEBUG(`Client ${client.id} expired.`);
-          new Date() > new Date(client.expireAt)
+          await Database.toggleClient(client.id, false);
        ) {
          debug(`Client ${client.id} expired.`);
          needSaveConfig = true;
          client.enabled = false;
          client.updatedAt = new Date().toISOString();
        }
      }
    }
    // One Time Link Feature
    if (system.oneTimeLinks.enabled) {
-      for (const client of Object.values(config.clients)) {
+      for (const client of Object.values(clients)) {
        if (
          client.oneTimeLink !== null &&
-          client.oneTimeLinkExpiresAt !== null &&
+          new Date() > client.oneTimeLink.expiresAt
          new Date() > new Date(client.oneTimeLinkExpiresAt)
        ) {
-          debug(`Client ${client.id} One Time Link expired.`);
+          DEBUG(`Client ${client.id} One Time Link expired.`);
-          needSaveConfig = true;
+          await Database.deleteOneTimeLink(client.id);
          client.oneTimeLink = null;
          client.oneTimeLinkExpiresAt = null;
          client.updatedAt = new Date().toISOString();
        }
        }
      }
    if (needSaveConfig) {
      await this.saveConfig();
    }
  }
@ -578,15 +484,9 @@ Endpoint = ${WG_HOST}:${WG_CONFIG_PORT}`;
 }
 const inst = new WireGuard();
-
+inst.Startup().catch((v) => {
-// This also has to also start the WireGuard Server
+  console.error(v);
-async function cronJobEveryMinute() {
+  process.exit(1);
  await inst.cronJobEveryMinute().catch((err) => {
    debug('Running Cron Job failed.');
    console.error(err);
 });
  setTimeout(cronJobEveryMinute, 60 * 1000);
 }
 cronJobEveryMinute();
 export default inst;
--- a/src/server/utils/config.ts
+++ b/src/server/utils/config.ts
@ -1,69 +0,0 @@
 import type { SessionConfig } from 'h3';
 import debug from 'debug';
 export const MAX_AGE = process.env.MAX_AGE
  ? parseInt(process.env.MAX_AGE, 10) * 60
  : 0;
 export const WG_PATH = process.env.WG_PATH || '/etc/wireguard/';
 export const WG_DEVICE = process.env.WG_DEVICE || 'eth0';
 export const WG_HOST = process.env.WG_HOST;
 export const WG_PORT = process.env.WG_PORT || '51820';
 export const WG_CONFIG_PORT =
  process.env.WG_CONFIG_PORT || process.env.WG_PORT || '51820';
 export const WG_MTU = process.env.WG_MTU || null;
 export const WG_PERSISTENT_KEEPALIVE =
  process.env.WG_PERSISTENT_KEEPALIVE || '0';
 export const WG_DEFAULT_ADDRESS = process.env.WG_DEFAULT_ADDRESS || '10.8.0.x';
 export const WG_DEFAULT_DNS =
  typeof process.env.WG_DEFAULT_DNS === 'string'
    ? process.env.WG_DEFAULT_DNS
    : '1.1.1.1';
 export const WG_ALLOWED_IPS = process.env.WG_ALLOWED_IPS || '0.0.0.0/0, ::/0';
 export const WG_PRE_UP = process.env.WG_PRE_UP || '';
 export const WG_POST_UP =
  process.env.WG_POST_UP ||
  `
 iptables -t nat -A POSTROUTING -s ${WG_DEFAULT_ADDRESS.replace('x', '0')}/24 -o ${WG_DEVICE} -j MASQUERADE;
 iptables -A INPUT -p udp -m udp --dport ${WG_PORT} -j ACCEPT;
 iptables -A FORWARD -i wg0 -j ACCEPT;
 iptables -A FORWARD -o wg0 -j ACCEPT;
 `
    .split('\n')
    .join(' ');
 export const WG_PRE_DOWN = process.env.WG_PRE_DOWN || '';
 export const WG_POST_DOWN =
  process.env.WG_POST_DOWN ||
  `
 iptables -t nat -D POSTROUTING -s ${WG_DEFAULT_ADDRESS.replace('x', '0')}/24 -o ${WG_DEVICE} -j MASQUERADE;
 iptables -D INPUT -p udp -m udp --dport ${WG_PORT} -j ACCEPT;
 iptables -D FORWARD -i wg0 -j ACCEPT;
 iptables -D FORWARD -o wg0 -j ACCEPT;
 `
    .split('\n')
    .join(' ');
 export const LANG = process.env.LANG || 'en';
 export const UI_TRAFFIC_STATS = process.env.UI_TRAFFIC_STATS || 'false';
 export const UI_CHART_TYPE = process.env.UI_CHART_TYPE || '0';
 export const WG_ENABLE_ONE_TIME_LINKS =
  process.env.WG_ENABLE_ONE_TIME_LINKS || 'false';
 export const UI_ENABLE_SORT_CLIENTS =
  process.env.UI_ENABLE_SORT_CLIENTS || 'false';
 export const WG_ENABLE_EXPIRES_TIME =
  process.env.WG_ENABLE_EXPIRES_TIME || 'false';
 export const ENABLE_PROMETHEUS_METRICS =
  process.env.ENABLE_PROMETHEUS_METRICS || 'false';
 export const PROMETHEUS_METRICS_PASSWORD =
  process.env.PROMETHEUS_METRICS_PASSWORD;
 export const REQUIRES_PROMETHEUS_PASSWORD = !!PROMETHEUS_METRICS_PASSWORD;
 export const SESSION_CONFIG = {
  password: getRandomHex(256),
  name: 'wg-easy',
  cookie: undefined,
 } satisfies SessionConfig;
 export const SERVER_DEBUG = debug('Server');
--- a/src/server/utils/logger.ts
+++ b/src/server/utils/logger.ts
@ -0,0 +1,3 @@
 import debug from 'debug';
 export const SERVER_DEBUG = debug('Server');
--- a/src/server/utils/types.ts
+++ b/src/server/utils/types.ts
@ -42,6 +42,11 @@ const expireDate = z
  .pipe(safeStringRefine)
  .nullable();
 const oneTimeLink = z
  .string({ message: 'oneTimeLink must be a valid string' })
  .min(1, 'oneTimeLink must be at least 1 Character')
  .pipe(safeStringRefine);
 export const clientIdType = z.object(
  {
    clientId: id,
@ -70,6 +75,13 @@ export const expireDateType = z.object(
  { message: 'Body must be a valid object' }
 );
 export const oneTimeLinkType = z.object(
  {
    oneTimeLink: oneTimeLink,
  },
  { message: 'Body must be a valid object' }
 );
 export const createType = z.object(
  {
    name: name,
--- a/src/services/database/lowdb.ts
+++ b/src/services/database/lowdb.ts
@ -13,16 +13,17 @@ import type { Low } from 'lowdb';
 import type { User } from './repositories/user';
 import type { Database } from './repositories/database';
 import { migrationRunner } from './migrations';
 import type { Client, NewClient, OneTimeLink } from './repositories/client';
 const DEBUG = debug('LowDB');
 export default class LowDB extends DatabaseProvider {
  #db!: Low<Database>;
  #connected = false;
  // is this really needed?
  private async __init() {
-    // TODO: assume path to db file
+    const dbFilePath = join('/etc/wireguard', 'db.json');
    const dbFilePath = join(WG_PATH, 'db.json');
    this.#db = await JSONFilePreset(dbFilePath, DEFAULT_DATABASE);
  }
@ -30,6 +31,9 @@ export default class LowDB extends DatabaseProvider {
   * @throws
   */
  async connect() {
    if (this.#connected) {
      return;
    }
    try {
      await this.__init();
      DEBUG('Running Migrations');
@ -39,11 +43,16 @@ export default class LowDB extends DatabaseProvider {
      DEBUG(e);
      throw new DatabaseError(DatabaseError.ERROR_INIT);
    }
-
+    this.#connected = true;
    DEBUG('Connected successfully');
  }
  get connected() {
    return this.#connected;
  }
  async disconnect() {
    this.#connected = false;
    DEBUG('Disconnected successfully');
  }
@ -57,6 +66,7 @@ export default class LowDB extends DatabaseProvider {
    return system;
  }
  // TODO: return copy to avoid mutation (everywhere)
  async getUsers() {
    return this.#db.data.users;
  }
@ -78,6 +88,7 @@ export default class LowDB extends DatabaseProvider {
      throw new DatabaseError(DatabaseError.ERROR_PASSWORD_REQ);
    }
    // TODO: multiple names are no problem
    const isUserExist = this.#db.data.users.find(
      (user) => user.username === username
    );
@ -98,15 +109,16 @@ export default class LowDB extends DatabaseProvider {
      updatedAt: now,
    };
-    this.#db.update((data) => data.users.push(newUser));
+    await this.#db.update((data) => data.users.push(newUser));
  }
  async updateUser(user: User) {
    // TODO: avoid mutation, prefer .update, updatedAt
    let oldUser = await this.getUser(user.id);
    if (oldUser) {
      DEBUG('Update User');
      oldUser = user;
-      this.#db.write();
+      await this.#db.write();
    }
  }
@ -114,7 +126,89 @@ export default class LowDB extends DatabaseProvider {
    DEBUG('Delete User');
    const idx = this.#db.data.users.findIndex((user) => user.id === id);
    if (idx !== -1) {
-      this.#db.update((data) => data.users.splice(idx, 1));
+      await this.#db.update((data) => data.users.splice(idx, 1));
    }
  }
  async getClients() {
    DEBUG('GET Clients');
    return this.#db.data.clients;
  }
  async getClient(id: string) {
    DEBUG('Get Client');
    return this.#db.data.clients[id];
  }
  async createClient(client: NewClient) {
    DEBUG('Create Client');
    const now = new Date();
    const newClient: Client = { ...client, createdAt: now, updatedAt: now };
    await this.#db.update((data) => {
      data.clients[client.id] = newClient;
    });
  }
  async deleteClient(id: string) {
    DEBUG('Delete Client');
    await this.#db.update((data) => {
      // TODO: find something better than delete
      // eslint-disable-next-line @typescript-eslint/no-dynamic-delete
      delete data.clients[id];
    });
  }
  async toggleClient(id: string, enable: boolean) {
    DEBUG('Toggle Client');
    await this.#db.update((data) => {
      if (data.clients[id]) {
        data.clients[id].enabled = enable;
      }
    });
  }
  async updateClientName(id: string, name: string) {
    DEBUG('Update Client Name');
    await this.#db.update((data) => {
      if (data.clients[id]) {
        data.clients[id].name = name;
      }
    });
  }
  async updateClientAddress(id: string, address: string) {
    DEBUG('Update Client Address');
    await this.#db.update((data) => {
      if (data.clients[id]) {
        data.clients[id].address = address;
      }
    });
  }
  async updateClientExpirationDate(id: string, expirationDate: Date | null) {
    DEBUG('Update Client Address');
    await this.#db.update((data) => {
      if (data.clients[id]) {
        data.clients[id].expiresAt = expirationDate;
      }
    });
  }
  async deleteOneTimeLink(id: string) {
    DEBUG('Update Client Address');
    await this.#db.update((data) => {
      if (data.clients[id]) {
        data.clients[id].oneTimeLink = null;
      }
    });
  }
  async createOneTimeLink(id: string, oneTimeLink: OneTimeLink) {
    DEBUG('Update Client Address');
    await this.#db.update((data) => {
      if (data.clients[id]) {
        data.clients[id].oneTimeLink = oneTimeLink;
      }
    });
  }
 }
--- a/src/services/database/migrations/1.ts
+++ b/src/services/database/migrations/1.ts
@ -3,61 +3,43 @@ import type { Database } from '../repositories/database';
 import packageJson from '@@/package.json';
 import { ChartType } from '../repositories/system';
 // TODO: use variables inside up/down script
 const DEFAULT_ADDRESS = '10.8.0.x';
 const DEFAULT_DEVICE = 'eth0';
 const DEFAULT_WG_PORT = 51820;
 const DEFAULT_POST_UP = `
 iptables -t nat -A POSTROUTING -s ${DEFAULT_ADDRESS.replace('x', '0')}/24 -o ${DEFAULT_DEVICE} -j MASQUERADE;
 iptables -A INPUT -p udp -m udp --dport ${DEFAULT_WG_PORT} -j ACCEPT;
 iptables -A FORWARD -i wg0 -j ACCEPT;
 iptables -A FORWARD -o wg0 -j ACCEPT;
 `
  .split('\n')
  .join(' ');
 const DEFAULT_POST_DOWN = `
 iptables -t nat -D POSTROUTING -s ${DEFAULT_ADDRESS.replace('x', '0')}/24 -o ${DEFAULT_DEVICE} -j MASQUERADE;
 iptables -D INPUT -p udp -m udp --dport ${DEFAULT_WG_PORT} -j ACCEPT;
 iptables -D FORWARD -i wg0 -j ACCEPT;
 iptables -D FORWARD -o wg0 -j ACCEPT;
 `
  .split('\n')
  .join(' ');
 export async function run1(db: Low<Database>) {
  const privateKey = await exec('wg genkey');
  const publicKey = await exec(`echo ${privateKey} | wg pubkey`, {
    log: 'echo ***hidden*** | wg pubkey',
  });
  const addressRange = '10.8.0.x';
  const database: Database = {
    migrations: [],
    system: {
      // TODO: move to var, no need for database
      release: packageJson.release.version,
      interface: {
        privateKey: privateKey,
        publicKey: publicKey,
-        address: DEFAULT_ADDRESS.replace('x', '1'),
+        address: addressRange.replace('x', '1'),
      },
      sessionTimeout: 3600, // 1 hour
      lang: 'en',
      userConfig: {
        mtu: 1420,
        persistentKeepalive: 0,
-        // TODO: assume handle CIDR to compute next ip in WireGuard
+        // TODO: handle CIDR to compute next ip in WireGuard
-        rangeAddress: '10.8.0.0/24',
+        //addressRange: '10.8.0.0/24',
        addressRange: addressRange,
        defaultDns: ['1.1.1.1'],
        allowedIps: ['0.0.0.0/0', '::/0'],
      },
-      wgPath: WG_PATH,
+      wgDevice: 'wg0',
-      wgDevice: DEFAULT_DEVICE,
+      // TODO: wgHost has to be configured when onboarding
-      wgHost: WG_HOST || '',
+      wgHost: '',
-      wgPort: DEFAULT_WG_PORT,
+      wgPort: 51820,
      wgConfigPort: 51820,
      iptables: {
        PreUp: '',
-        PostUp: DEFAULT_POST_UP,
+        PostUp: '',
        PreDown: '',
-        PostDown: DEFAULT_POST_DOWN,
+        PostDown: '',
      },
      trafficStats: {
        enabled: false,
@ -79,12 +61,32 @@ export async function run1(db: Low<Database>) {
      sessionConfig: {
        password: getRandomHex(256),
        name: 'wg-easy',
-        cookie: undefined,
+        cookie: {},
      },
      cookieMaxAge: 24 * 60,
    },
    users: [],
    clients: {},
  };
  // TODO: use variables inside up/down script
  database.system.iptables.PostUp = `
 iptables -t nat -A POSTROUTING -s ${database.system.userConfig.addressRange.replace('x', '0')}/24 -o ${database.system.wgDevice} -j MASQUERADE;
 iptables -A INPUT -p udp -m udp --dport ${database.system.wgPort} -j ACCEPT;
 iptables -A FORWARD -i wg0 -j ACCEPT;
 iptables -A FORWARD -o wg0 -j ACCEPT;
 `
    .split('\n')
    .join(' ');
  database.system.iptables.PostDown = `
 iptables -t nat -D POSTROUTING -s ${database.system.userConfig.addressRange.replace('x', '0')}/24 -o ${database.system.wgDevice} -j MASQUERADE;
 iptables -D INPUT -p udp -m udp --dport ${database.system.wgPort} -j ACCEPT;
 iptables -D FORWARD -i wg0 -j ACCEPT;
 iptables -D FORWARD -o wg0 -j ACCEPT;
 `
    .split('\n')
    .join(' ');
  db.data = database;
  db.write();
 }
--- a/src/services/database/repositories/client.ts
+++ b/src/services/database/repositories/client.ts
@ -0,0 +1,43 @@
 export type OneTimeLink = {
  oneTimeLink: string;
  expiresAt: Date;
 };
 export type Client = {
  id: string;
  name: string;
  address: string;
  privateKey: string;
  publicKey: string;
  preSharedKey: string;
  expiresAt: Date | null;
  endpoint: string | null;
  allowedIPs: string[];
  oneTimeLink: OneTimeLink | null;
  createdAt: Date;
  updatedAt: Date;
  enabled: boolean;
  persistentKeepalive: number;
 };
 export type NewClient = Omit<Client, 'createdAt' | 'updatedAt'>;
 /**
 * Interface for client-related database operations.
 * This interface provides methods for managing client data.
 */
 export interface ClientRepository {
  getClients(): Promise<Record<string, Client>>;
  getClient(id: string): Promise<Client | undefined>;
  createClient(client: NewClient): Promise<void>;
  deleteClient(id: string): Promise<void>;
  toggleClient(id: string, enable: boolean): Promise<void>;
  updateClientName(id: string, name: string): Promise<void>;
  updateClientAddress(id: string, address: string): Promise<void>;
  updateClientExpirationDate(
    id: string,
    expirationDate: Date | null
  ): Promise<void>;
  deleteOneTimeLink(id: string): Promise<void>;
  createOneTimeLink(id: string, oneTimeLink: OneTimeLink): Promise<void>;
 }
--- a/src/services/database/repositories/database.ts
+++ b/src/services/database/repositories/database.ts
@ -1,3 +1,9 @@
 import type {
  ClientRepository,
  Client,
  NewClient,
  OneTimeLink,
 } from './client';
 import type { System, SystemRepository } from './system';
 import type { User, UserRepository } from './user';
@ -6,12 +12,14 @@ export type Database = {
  migrations: string[];
  system: System;
  users: User[];
  clients: Record<string, Client>;
 };
 export const DEFAULT_DATABASE: Database = {
  migrations: [],
  system: null as never,
  users: [],
  clients: {},
 };
 /**
@ -22,7 +30,7 @@ export const DEFAULT_DATABASE: Database = {
 *
 */
 export abstract class DatabaseProvider
-  implements SystemRepository, UserRepository
+  implements SystemRepository, UserRepository, ClientRepository
 {
  /**
   * Connects to the database.
@ -44,6 +52,23 @@ export abstract class DatabaseProvider
  ): Promise<void>;
  abstract updateUser(user: User): Promise<void>;
  abstract deleteUser(id: string): Promise<void>;
  abstract getClients(): Promise<Record<string, Client>>;
  abstract getClient(id: string): Promise<Client | undefined>;
  abstract createClient(client: NewClient): Promise<void>;
  abstract deleteClient(id: string): Promise<void>;
  abstract toggleClient(id: string, enable: boolean): Promise<void>;
  abstract updateClientName(id: string, name: string): Promise<void>;
  abstract updateClientAddress(id: string, address: string): Promise<void>;
  abstract updateClientExpirationDate(
    id: string,
    expirationDate: Date | null
  ): Promise<void>;
  abstract deleteOneTimeLink(id: string): Promise<void>;
  abstract createOneTimeLink(
    id: string,
    oneTimeLink: OneTimeLink
  ): Promise<void>;
 }
 /**
--- a/src/services/database/repositories/system.ts
+++ b/src/services/database/repositories/system.ts
@ -18,7 +18,7 @@ export type WGInterface = {
 export type WGConfig = {
  mtu: number;
  persistentKeepalive: number;
-  rangeAddress: string;
+  addressRange: string;
  defaultDns: string[];
  allowedIps: string[];
 };
@ -57,7 +57,6 @@ export type System = {
  userConfig: WGConfig;
  wgPath: string;
  wgDevice: string;
  wgHost: string;
  wgPort: number;
@ -72,6 +71,7 @@ export type System = {
  prometheus: Prometheus;
  sessionConfig: SessionConfig;
  cookieMaxAge: number;
 };
 /**
	`@ -0,0 +1,3 @@`
					`import debug from 'debug';`

					`export const SERVER_DEBUG = debug('Server');`