mirror of https://github.com/h44z/wg-portal.git
automatic API access for default admin (#357)
This commit is contained in:
Christoph Haas
parent
c33eaba1c0
commit
e983a7b8f3
|
|
@ -28,7 +28,7 @@ The [Values](#values) section lists the parameters that can be configured during
|
||||||
## Values
|
## Values
|
||||||
|
|
||||||
| Key | Type | Default | Description |
|
| Key | Type | Default | Description |
|
||||||
|-----|------|---------|-------------|
|
|----------------------------------|------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||||
| nameOverride | string | `""` | Partially override resource names (adds suffix) |
|
| nameOverride | string | `""` | Partially override resource names (adds suffix) |
|
||||||
| fullnameOverride | string | `""` | Fully override resource names |
|
| fullnameOverride | string | `""` | Fully override resource names |
|
||||||
| extraDeploy | list | `[]` | Array of extra objects to deploy with the release |
|
| extraDeploy | list | `[]` | Array of extra objects to deploy with the release |
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,7 @@ Below are some sample YAML configurations demonstrating how to override some def
|
||||||
core:
|
core:
|
||||||
admin_user: test@example.com
|
admin_user: test@example.com
|
||||||
admin_password: password
|
admin_password: password
|
||||||
|
admin_api_token: super-s3cr3t-api-token-or-a-UUID
|
||||||
import_existing: false
|
import_existing: false
|
||||||
create_default_peer: true
|
create_default_peer: true
|
||||||
self_provisioning_allowed: true
|
self_provisioning_allowed: true
|
||||||
|
|
|
||||||
|
|
@ -111,6 +111,10 @@ More advanced options are found in the subsequent `Advanced` section.
|
||||||
- **Default:** `wgportal`
|
- **Default:** `wgportal`
|
||||||
- **Description:** The administrator password. The default password of `wgportal` should be changed immediately.
|
- **Description:** The administrator password. The default password of `wgportal` should be changed immediately.
|
||||||
|
|
||||||
|
### `admin_api_token`
|
||||||
|
- **Default:** *(empty)*
|
||||||
|
- **Description:** An API token for the admin user. If a token is provided, the REST API can be accessed using this token. If empty, the API is initially disabled for the admin user.
|
||||||
|
|
||||||
### `editable_keys`
|
### `editable_keys`
|
||||||
- **Default:** `true`
|
- **Default:** `true`
|
||||||
- **Description:** Allow editing of WireGuard key-pairs directly in the UI.
|
- **Description:** Allow editing of WireGuard key-pairs directly in the UI.
|
||||||
|
|
|
||||||
|
|
@ -127,7 +127,7 @@ func (a *App) createDefaultUser(ctx context.Context) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
now := time.Now()
|
now := time.Now()
|
||||||
admin, err := a.CreateUser(ctx, &domain.User{
|
defaultAdmin := &domain.User{
|
||||||
BaseModel: domain.BaseModel{
|
BaseModel: domain.BaseModel{
|
||||||
CreatedBy: domain.CtxSystemAdminId,
|
CreatedBy: domain.CtxSystemAdminId,
|
||||||
UpdatedBy: domain.CtxSystemAdminId,
|
UpdatedBy: domain.CtxSystemAdminId,
|
||||||
|
|
@ -150,7 +150,16 @@ func (a *App) createDefaultUser(ctx context.Context) error {
|
||||||
Locked: nil,
|
Locked: nil,
|
||||||
LockedReason: "",
|
LockedReason: "",
|
||||||
LinkedPeerCount: 0,
|
LinkedPeerCount: 0,
|
||||||
})
|
}
|
||||||
|
if a.Config.Core.AdminApiToken != "" {
|
||||||
|
if len(a.Config.Core.AdminApiToken) < 18 {
|
||||||
|
logrus.Warnf("[SECURITY WARNING] admin API token is too short, should be at least 18 characters long")
|
||||||
|
}
|
||||||
|
defaultAdmin.ApiToken = a.Config.Core.AdminApiToken
|
||||||
|
defaultAdmin.ApiTokenCreated = &now
|
||||||
|
}
|
||||||
|
|
||||||
|
admin, err := a.CreateUser(ctx, defaultAdmin)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -16,6 +16,7 @@ type Config struct {
|
||||||
// AdminUser defines the default administrator account that will be created
|
// AdminUser defines the default administrator account that will be created
|
||||||
AdminUser string `yaml:"admin_user"`
|
AdminUser string `yaml:"admin_user"`
|
||||||
AdminPassword string `yaml:"admin_password"`
|
AdminPassword string `yaml:"admin_password"`
|
||||||
|
AdminApiToken string `yaml:"admin_api_token"` // if set, the API access is enabled automatically
|
||||||
|
|
||||||
EditableKeys bool `yaml:"editable_keys"`
|
EditableKeys bool `yaml:"editable_keys"`
|
||||||
CreateDefaultPeer bool `yaml:"create_default_peer"`
|
CreateDefaultPeer bool `yaml:"create_default_peer"`
|
||||||
|
|
@ -94,6 +95,7 @@ func defaultConfig() *Config {
|
||||||
|
|
||||||
cfg.Core.AdminUser = "admin@wgportal.local"
|
cfg.Core.AdminUser = "admin@wgportal.local"
|
||||||
cfg.Core.AdminPassword = "wgportal"
|
cfg.Core.AdminPassword = "wgportal"
|
||||||
|
cfg.Core.AdminApiToken = "" // by default, the API access is disabled
|
||||||
cfg.Core.ImportExisting = true
|
cfg.Core.ImportExisting = true
|
||||||
cfg.Core.RestoreState = true
|
cfg.Core.RestoreState = true
|
||||||
cfg.Core.CreateDefaultPeer = false
|
cfg.Core.CreateDefaultPeer = false
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue