From ec636e7d729c2e6131c0884725cf1d0d16207a71 Mon Sep 17 00:00:00 2001 From: Bernd Storath <999999bst@gmail.com> Date: Fri, 13 Sep 2024 12:43:53 +0200 Subject: [PATCH] better group database --- src/server/api/lang.get.ts | 2 +- src/server/api/session.post.ts | 2 +- src/server/utils/wgHelper.ts | 6 +-- src/services/database/migrations/1.ts | 45 +++++++++++--------- src/services/database/repositories/system.ts | 28 ++++++------ 5 files changed, 47 insertions(+), 36 deletions(-) diff --git a/src/server/api/lang.get.ts b/src/server/api/lang.get.ts index d16ac483..a42620de 100644 --- a/src/server/api/lang.get.ts +++ b/src/server/api/lang.get.ts @@ -1,5 +1,5 @@ export default defineEventHandler(async (event) => { setHeader(event, 'Content-Type', 'application/json'); const system = await Database.system.get(); - return system.lang; + return system.general.lang; }); diff --git a/src/server/api/session.post.ts b/src/server/api/session.post.ts index a15c9675..6c76ef2d 100644 --- a/src/server/api/session.post.ts +++ b/src/server/api/session.post.ts @@ -30,7 +30,7 @@ export default defineEventHandler(async (event) => { if (remember) { conf.cookie = { ...(system.sessionConfig.cookie ?? {}), - maxAge: system.sessionTimeout, + maxAge: system.general.sessionTimeout, }; } diff --git a/src/server/utils/wgHelper.ts b/src/server/utils/wgHelper.ts index 2ec9eb57..7c0c0ff5 100644 --- a/src/server/utils/wgHelper.ts +++ b/src/server/utils/wgHelper.ts @@ -28,8 +28,8 @@ AllowedIPs = ${allowedIps.join(', ')}`; [Interface] PrivateKey = ${system.interface.privateKey} Address = ${system.interface.address4}/${cidr4Block}, ${system.interface.address6}/${cidr6Block} -ListenPort = ${system.wgPort} -MTU = ${system.userConfig.serverMtu} +ListenPort = ${system.interface.port} +MTU = ${system.interface.mtu} PreUp = ${system.iptables.PreUp} PostUp = ${system.iptables.PostUp} PreDown = ${system.iptables.PreDown} @@ -51,7 +51,7 @@ PublicKey = ${system.interface.publicKey} PresharedKey = ${client.preSharedKey} AllowedIPs = ${client.allowedIPs.join(', ')} PersistentKeepalive = ${client.persistentKeepalive} -Endpoint = ${system.wgHost}:${system.wgConfigPort}`; +Endpoint = ${system.userConfig.host}:${system.userConfig.port}`; }, generatePrivateKey: () => { diff --git a/src/services/database/migrations/1.ts b/src/services/database/migrations/1.ts index cd72fd3b..2828b4b0 100644 --- a/src/services/database/migrations/1.ts +++ b/src/services/database/migrations/1.ts @@ -16,28 +16,33 @@ export async function run1(db: Low) { const database: Database = { migrations: [], system: { + // Config to configure Server interface: { privateKey: privateKey, publicKey: publicKey, address4: stringifyIp({ number: cidr4.start + 1n, version: 4 }), address6: stringifyIp({ number: cidr6.start + 1n, version: 6 }), + mtu: 1420, + port: 51820, + device: 'eth0', + }, + general: { + sessionTimeout: 3600, // 1 hour + lang: 'en', }, - sessionTimeout: 3600, // 1 hour - lang: 'en', + // Config to configure Peer & Client Config userConfig: { mtu: 1420, - serverMtu: 1420, persistentKeepalive: 0, address4Range: address4Range, address6Range: address6Range, defaultDns: ['1.1.1.1', '2606:4700:4700::1111'], allowedIps: ['0.0.0.0/0', '::/0'], + // TODO: host has to be configured when onboarding + host: '', + port: 51820, }, - wgDevice: 'eth0', - // TODO: wgHost has to be configured when onboarding - wgHost: '', - wgPort: 51820, - wgConfigPort: 51820, + // Config to configure Firewall iptables: { PreUp: '', PostUp: '', @@ -57,9 +62,11 @@ export async function run1(db: Low) { sortClients: { enabled: false, }, - prometheus: { - enabled: false, - password: null, + metrics: { + prometheus: { + enabled: false, + password: null, + }, }, sessionConfig: { // TODO: be able to invalidate all sessions @@ -73,24 +80,24 @@ export async function run1(db: Low) { }; database.system.iptables.PostUp = - `iptables -t nat -A POSTROUTING -s ${database.system.userConfig.address4Range} -o ${database.system.wgDevice} -j MASQUERADE; -iptables -A INPUT -p udp -m udp --dport ${database.system.wgPort} -j ACCEPT; + `iptables -t nat -A POSTROUTING -s ${database.system.userConfig.address4Range} -o ${database.system.interface.device} -j MASQUERADE; +iptables -A INPUT -p udp -m udp --dport ${database.system.interface.port} -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; -ip6tables -t nat -A POSTROUTING -s ${database.system.userConfig.address6Range} -o ${database.system.wgDevice} -j MASQUERADE; -ip6tables -A INPUT -p udp -m udp --dport ${database.system.wgPort} -j ACCEPT; +ip6tables -t nat -A POSTROUTING -s ${database.system.userConfig.address6Range} -o ${database.system.interface.device} -j MASQUERADE; +ip6tables -A INPUT -p udp -m udp --dport ${database.system.interface.port} -j ACCEPT; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -A FORWARD -o wg0 -j ACCEPT;` .split('\n') .join(' '); database.system.iptables.PostDown = - `iptables -t nat -D POSTROUTING -s ${database.system.userConfig.address4Range} -o ${database.system.wgDevice} -j MASQUERADE; -iptables -D INPUT -p udp -m udp --dport ${database.system.wgPort} -j ACCEPT; + `iptables -t nat -D POSTROUTING -s ${database.system.userConfig.address4Range} -o ${database.system.interface.device} -j MASQUERADE; +iptables -D INPUT -p udp -m udp --dport ${database.system.interface.port} -j ACCEPT; iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; -ip6tables -t nat -D POSTROUTING -s ${database.system.userConfig.address6Range} -o ${database.system.wgDevice} -j MASQUERADE; -ip6tables -D INPUT -p udp -m udp --dport ${database.system.wgPort} -j ACCEPT; +ip6tables -t nat -D POSTROUTING -s ${database.system.userConfig.address6Range} -o ${database.system.interface.device} -j MASQUERADE; +ip6tables -D INPUT -p udp -m udp --dport ${database.system.interface.port} -j ACCEPT; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -D FORWARD -o wg0 -j ACCEPT;` .split('\n') diff --git a/src/services/database/repositories/system.ts b/src/services/database/repositories/system.ts index 45c74213..7bbe4bdd 100644 --- a/src/services/database/repositories/system.ts +++ b/src/services/database/repositories/system.ts @@ -14,16 +14,20 @@ export type WGInterface = { publicKey: string; address4: string; address6: string; + mtu: number; + port: number; + device: string; }; export type WGConfig = { mtu: number; - serverMtu: number; persistentKeepalive: number; address4Range: string; address6Range: string; defaultDns: string[]; allowedIps: string[]; + host: string; + port: number; }; export enum ChartType { @@ -47,27 +51,27 @@ export type Feature = { enabled: boolean; }; +export type Metrics = { + prometheus: Prometheus; +}; + +export type General = { + sessionTimeout: number; + lang: Lang; +}; + /** * Representing the WireGuard network configuration data structure of a computer interface system. */ export type System = { interface: WGInterface; - - // maxAge - sessionTimeout: number; - lang: Lang; - + general: General; userConfig: WGConfig; - wgDevice: string; - wgHost: string; - wgPort: number; - wgConfigPort: number; - iptables: IpTables; trafficStats: TrafficStats; - prometheus: Prometheus; + metrics: Metrics; clientExpiration: Feature; oneTimeLinks: Feature;