From f38810946a78a34945f101f179ec2da91a3c4b30 Mon Sep 17 00:00:00 2001
From: Nikolai Emil Damm <nikolaiemildamm@icloud.com>
Date: Wed, 12 Jan 2022 18:48:21 +0100
Subject: [PATCH] Added docker secrets support for PASSWORD and WG_HOST

---
 docker-compose.dev-secrets.yml | 24 ++++++++++++++++++++++++
 src/config.js                  |  5 +++--
 src/secrets.js                 | 18 ++++++++++++++++++
 3 files changed, 45 insertions(+), 2 deletions(-)
 create mode 100644 docker-compose.dev-secrets.yml
 create mode 100644 src/secrets.js

diff --git a/docker-compose.dev-secrets.yml b/docker-compose.dev-secrets.yml
new file mode 100644
index 00000000..9e3b4aaa
--- /dev/null
+++ b/docker-compose.dev-secrets.yml
@@ -0,0 +1,24 @@
+version: "3.8"
+services:
+  wg-easy:
+    image: wgeasy
+    command: npm run serve
+    volumes:
+      - ./src/:/app/
+    environment: 
+      - PASSWORD=/run/secrets/wireguard_password
+      - WG_HOST=/run/secrets/wireguard_host
+    secrets:
+      - wireguard_password
+      - wireguard_host
+secrets:
+  wireguard_password:
+    external: true
+  wireguard_host:
+    external: true
+
+# require docker swarm to test
+# docker swarm int
+# printf "password" | docker secret create wireguard_password -
+# printf "domain.com" | docker secret create wireguard_host -
+# docker stack deploy -c docker-compose.dev-secrets.yml wg-easy
\ No newline at end of file
diff --git a/src/config.js b/src/config.js
index a08aab3b..5d0da9c0 100644
--- a/src/config.js
+++ b/src/config.js
@@ -1,12 +1,13 @@
 'use strict';
 
 const { release } = require('./package.json');
+const secrets = require('./secrets');
 
 module.exports.RELEASE = release;
 module.exports.PORT = process.env.PORT || 51821;
-module.exports.PASSWORD = process.env.PASSWORD;
+module.exports.PASSWORD = secrets.read(process.env.PASSWORD) || process.env.PASSWORD;
 module.exports.WG_PATH = process.env.WG_PATH || '/etc/wireguard/';
-module.exports.WG_HOST = process.env.WG_HOST;
+module.exports.WG_HOST = secrets.read(process.env.WG_HOST)|| process.env.WG_HOST;
 module.exports.WG_PORT = process.env.WG_PORT || 51820;
 module.exports.WG_MTU = process.env.WG_MTU || null;
 module.exports.WG_PERSISTENT_KEEPALIVE = process.env.WG_PERSISTENT_KEEPALIVE || 0;
diff --git a/src/secrets.js b/src/secrets.js
new file mode 100644
index 00000000..e64566a7
--- /dev/null
+++ b/src/secrets.js
@@ -0,0 +1,18 @@
+const fs = require('fs');
+
+const dockerSecret = {};
+
+dockerSecret.read = function read(secret) {
+  try {
+    return fs.readFileSync(secret, 'utf8');
+  } catch(err) {
+    if (err.code !== 'ENOENT') {
+        console.error(`An error occurred while trying to read the secret: ${secret}. Err: ${err}`);
+    } else {
+        console.debug(`Could not find the secret, probably not running in swarm mode: ${secret}. Err: ${err}`);
+    }    
+    return false;
+  }
+};
+
+module.exports = dockerSecret;
\ No newline at end of file