mirror
/
wg-easy
mirror of https://github.com/wg-easy/wg-easy
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

better group database

pull/1402/head
Bernd Storath 7 months ago
parent
e5e50ac28f
commit
b011b80765
5 changed files with 47 additions and 36 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      src/server/api/lang.get.ts
  2. 2
      src/server/api/session.post.ts
  3. 6
      src/server/utils/wgHelper.ts
  4. 45
      src/services/database/migrations/1.ts
  5. 28
      src/services/database/repositories/system.ts

2
src/server/api/lang.get.ts
View File

@ -1,5 +1,5 @@
export default defineEventHandler(async (event) => { export default defineEventHandler(async (event) => {
setHeader(event, 'Content-Type', 'application/json'); setHeader(event, 'Content-Type', 'application/json');
const system = await Database.system.get(); const system = await Database.system.get();
return system.lang; return system.general.lang;
}); });

2
src/server/api/session.post.ts
View File

@ -30,7 +30,7 @@ export default defineEventHandler(async (event) => {
if (remember) { if (remember) {
conf.cookie = { conf.cookie = {
...(system.sessionConfig.cookie ?? {}), ...(system.sessionConfig.cookie ?? {}),
maxAge: system.sessionTimeout, maxAge: system.general.sessionTimeout,
}; };
} }

6
src/server/utils/wgHelper.ts
View File

@ -28,8 +28,8 @@ AllowedIPs = ${allowedIps.join(', ')}`;
[Interface] [Interface]
PrivateKey = ${system.interface.privateKey} PrivateKey = ${system.interface.privateKey}
Address = ${system.interface.address4}/${cidr4Block}, ${system.interface.address6}/${cidr6Block} Address = ${system.interface.address4}/${cidr4Block}, ${system.interface.address6}/${cidr6Block}
ListenPort = ${system.wgPort} ListenPort = ${system.interface.port}
MTU = ${system.userConfig.serverMtu} MTU = ${system.interface.mtu}
PreUp = ${system.iptables.PreUp} PreUp = ${system.iptables.PreUp}
PostUp = ${system.iptables.PostUp} PostUp = ${system.iptables.PostUp}
PreDown = ${system.iptables.PreDown} PreDown = ${system.iptables.PreDown}
@ -51,7 +51,7 @@ PublicKey = ${system.interface.publicKey}
PresharedKey = ${client.preSharedKey} PresharedKey = ${client.preSharedKey}
AllowedIPs = ${client.allowedIPs.join(', ')} AllowedIPs = ${client.allowedIPs.join(', ')}
PersistentKeepalive = ${client.persistentKeepalive} PersistentKeepalive = ${client.persistentKeepalive}
Endpoint = ${system.wgHost}:${system.wgConfigPort}`; Endpoint = ${system.userConfig.host}:${system.userConfig.port}`;
}, },
generatePrivateKey: () => { generatePrivateKey: () => {

45
src/services/database/migrations/1.ts
View File

@ -16,28 +16,33 @@ export async function run1(db: Low<Database>) {
const database: Database = { const database: Database = {
migrations: [], migrations: [],
system: { system: {
// Config to configure Server
interface: { interface: {
privateKey: privateKey, privateKey: privateKey,
publicKey: publicKey, publicKey: publicKey,
address4: stringifyIp({ number: cidr4.start + 1n, version: 4 }), address4: stringifyIp({ number: cidr4.start + 1n, version: 4 }),
address6: stringifyIp({ number: cidr6.start + 1n, version: 6 }), address6: stringifyIp({ number: cidr6.start + 1n, version: 6 }),
mtu: 1420,
port: 51820,
device: 'eth0',
},
general: {
sessionTimeout: 3600, // 1 hour
lang: 'en',
}, },
sessionTimeout: 3600, // 1 hour // Config to configure Peer & Client Config
lang: 'en',
userConfig: { userConfig: {
mtu: 1420, mtu: 1420,
serverMtu: 1420,
persistentKeepalive: 0, persistentKeepalive: 0,
address4Range: address4Range, address4Range: address4Range,
address6Range: address6Range, address6Range: address6Range,
defaultDns: ['1.1.1.1', '2606:4700:4700::1111'], defaultDns: ['1.1.1.1', '2606:4700:4700::1111'],
allowedIps: ['0.0.0.0/0', '::/0'], allowedIps: ['0.0.0.0/0', '::/0'],
// TODO: host has to be configured when onboarding
host: '',
port: 51820,
}, },
wgDevice: 'eth0', // Config to configure Firewall
// TODO: wgHost has to be configured when onboarding
wgHost: '',
wgPort: 51820,
wgConfigPort: 51820,
iptables: { iptables: {
PreUp: '', PreUp: '',
PostUp: '', PostUp: '',
@ -57,9 +62,11 @@ export async function run1(db: Low<Database>) {
sortClients: { sortClients: {
enabled: false, enabled: false,
}, },
prometheus: { metrics: {
enabled: false, prometheus: {
password: null, enabled: false,
password: null,
},
}, },
sessionConfig: { sessionConfig: {
// TODO: be able to invalidate all sessions // TODO: be able to invalidate all sessions
@ -73,24 +80,24 @@ export async function run1(db: Low<Database>) {
}; };
database.system.iptables.PostUp = database.system.iptables.PostUp =
`iptables -t nat -A POSTROUTING -s ${database.system.userConfig.address4Range} -o ${database.system.wgDevice} -j MASQUERADE; `iptables -t nat -A POSTROUTING -s ${database.system.userConfig.address4Range} -o ${database.system.interface.device} -j MASQUERADE;
iptables -A INPUT -p udp -m udp --dport ${database.system.wgPort} -j ACCEPT; iptables -A INPUT -p udp -m udp --dport ${database.system.interface.port} -j ACCEPT;
iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT;
iptables -A FORWARD -o wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT;
ip6tables -t nat -A POSTROUTING -s ${database.system.userConfig.address6Range} -o ${database.system.wgDevice} -j MASQUERADE; ip6tables -t nat -A POSTROUTING -s ${database.system.userConfig.address6Range} -o ${database.system.interface.device} -j MASQUERADE;
ip6tables -A INPUT -p udp -m udp --dport ${database.system.wgPort} -j ACCEPT; ip6tables -A INPUT -p udp -m udp --dport ${database.system.interface.port} -j ACCEPT;
ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -A FORWARD -i wg0 -j ACCEPT;
ip6tables -A FORWARD -o wg0 -j ACCEPT;` ip6tables -A FORWARD -o wg0 -j ACCEPT;`
.split('\n') .split('\n')
.join(' '); .join(' ');
database.system.iptables.PostDown = database.system.iptables.PostDown =
`iptables -t nat -D POSTROUTING -s ${database.system.userConfig.address4Range} -o ${database.system.wgDevice} -j MASQUERADE; `iptables -t nat -D POSTROUTING -s ${database.system.userConfig.address4Range} -o ${database.system.interface.device} -j MASQUERADE;
iptables -D INPUT -p udp -m udp --dport ${database.system.wgPort} -j ACCEPT; iptables -D INPUT -p udp -m udp --dport ${database.system.interface.port} -j ACCEPT;
iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -i wg0 -j ACCEPT;
iptables -D FORWARD -o wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT;
ip6tables -t nat -D POSTROUTING -s ${database.system.userConfig.address6Range} -o ${database.system.wgDevice} -j MASQUERADE; ip6tables -t nat -D POSTROUTING -s ${database.system.userConfig.address6Range} -o ${database.system.interface.device} -j MASQUERADE;
ip6tables -D INPUT -p udp -m udp --dport ${database.system.wgPort} -j ACCEPT; ip6tables -D INPUT -p udp -m udp --dport ${database.system.interface.port} -j ACCEPT;
ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -D FORWARD -i wg0 -j ACCEPT;
ip6tables -D FORWARD -o wg0 -j ACCEPT;` ip6tables -D FORWARD -o wg0 -j ACCEPT;`
.split('\n') .split('\n')

28
src/services/database/repositories/system.ts
View File

@ -14,16 +14,20 @@ export type WGInterface = {
publicKey: string; publicKey: string;
address4: string; address4: string;
address6: string; address6: string;
mtu: number;
port: number;
device: string;
}; };
export type WGConfig = { export type WGConfig = {
mtu: number; mtu: number;
serverMtu: number;
persistentKeepalive: number; persistentKeepalive: number;
address4Range: string; address4Range: string;
address6Range: string; address6Range: string;
defaultDns: string[]; defaultDns: string[];
allowedIps: string[]; allowedIps: string[];
host: string;
port: number;
}; };
export enum ChartType { export enum ChartType {
@ -47,27 +51,27 @@ export type Feature = {
enabled: boolean; enabled: boolean;
}; };
export type Metrics = {
prometheus: Prometheus;
};
export type General = {
sessionTimeout: number;
lang: Lang;
};
/** /**
* Representing the WireGuard network configuration data structure of a computer interface system. * Representing the WireGuard network configuration data structure of a computer interface system.
*/ */
export type System = { export type System = {
interface: WGInterface; interface: WGInterface;
general: General;
// maxAge
sessionTimeout: number;
lang: Lang;
userConfig: WGConfig; userConfig: WGConfig;
wgDevice: string;
wgHost: string;
wgPort: number;
wgConfigPort: number;
iptables: IpTables; iptables: IpTables;
trafficStats: TrafficStats; trafficStats: TrafficStats;
prometheus: Prometheus; metrics: Metrics;
clientExpiration: Feature; clientExpiration: Feature;
oneTimeLinks: Feature; oneTimeLinks: Feature;

Write Preview
Loading…
Cancel
Save