public_git
/
wg-portal
mirror of https://github.com/h44z/wg-portal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
467 Commits 27 Branches 50 Tags 32 MiB
Commit Graph

235 Commits

Author SHA1 Message Date
Christoph Haas 5c51573874 chore: update to yaml v3 2025-02-28 16:15:22 +01:00
Christoph Haas fdb436b135 chore: get rid of static code warnings 2025-02-28 16:11:55 +01:00
Christoph Haas e24acfa57d chore: cleanup code formatting 2025-02-28 08:37:55 +01:00
Christoph Haas f7d7038829 chore: update to Go 1.24, improve oauth admin mapping tests 2025-02-27 22:32:11 +01:00
Christoph Haas 66ccdc29e9 fix qr-code generation for large configurations (#374) 2025-02-26 22:59:11 +01:00
Christoph Haas 986f6fdead fix peer creation for client interface (#371) 2025-02-26 22:02:53 +01:00
klmmr eeb0c87c68
ldap-sync: fix creation of only one user per LDAP sync (#375) 
Before this fix, a too early `return` statement terminated the
`updateLdapUsers()` function, whenever one not already existing user was
created. Therefore, in each LDAP sync a maximum of one new user could be
created (i.e., it took x LDAP sync cycles until x new LDAP users are
registered in wg-portal). Depending on the LDAP `sync_interval` this can
take a long time and produces unecessary long waiting times until users
are available in wg-portal.

Removing the early return statement, and move the remainder of the
function into an `else` statement, so that all new users can be
added in a single LDAP sync.

Also adding a debug statement to better trace the behavior.

Signed-off-by: klmmr <35450576+klmmr@users.noreply.github.com>
 2025-02-26 21:56:22 +01:00
Christoph Haas f6d7a851d1 frontend: fix locked user display (#367) 2025-02-17 08:18:36 +01:00
Christoph Haas fc712ebf42 api: fix ExpiredAt format (#368) 2025-02-17 08:03:43 +01:00
Christoph Haas 43163273fa api: remove IsAdmin from required attributes (#366) 2025-02-17 07:43:31 +01:00
Christoph Haas e983a7b8f3 automatic API access for default admin (#357) 2025-02-07 22:42:48 +01:00
Christoph Haas c33eaba1c0 remove unsupported validator (#360) 2025-02-07 22:21:16 +01:00
Christoph Haas d01d865b4d fix self provisioning feature (#272) 2025-01-26 11:35:24 +01:00
Christoph Haas 1b8cdc3417 automatically append listening port to endpoint address (#352) 2025-01-26 09:52:09 +01:00
Christoph Haas f6c8cd5ea8 allow LDAP users (and linked peers) to be automatically re-enabled (#345) 2025-01-21 18:03:30 +01:00
Christoph Haas a04eaa4bfb fix user group parsing for OAuth login (#317) 2025-01-21 17:33:01 +01:00
Dmytro Bondar 2cea2e477a
Show version on frontend (#346) 2025-01-21 12:27:25 +01:00
Christoph Haas c73ce0288e fix disabling of missing ldap users (#344) and allow deletion of all user types 2025-01-18 17:39:18 +01:00
Christoph Haas 662e9c0549 Improve admin privilege handling for OAuth. Update documentation. 2025-01-18 11:55:56 +01:00
Christoph Haas 6523a87dfb fix peer disable if ldap user is disabled (#343) 2025-01-17 21:59:15 +01:00
Christoph Haas 17844ed929 fix update of userdata after OAuth login (#317, #160) 2025-01-13 22:14:00 +01:00
Christoph Haas 2d78fe33b8 add metric endpoint to public API (#72, #80) 2025-01-11 23:42:05 +01:00
Christoph Haas 63d85d8123 code cleanup 2025-01-11 22:56:25 +01:00
Christoph Haas 26d3257516 update userdata after OAuth login (#317, #160) 2025-01-11 18:55:23 +01:00
h44z d596f578f6
API - CRUD for peers, interfaces and users (#340) 
Public REST API implementation to handle peers, interfaces and users. It also includes some simple provisioning endpoints.

The Swagger API documentation is available under /api/v1/doc.html
 2025-01-11 18:44:55 +01:00
Christoph Haas 3020fbca4e fix change of peer identifier (public key) (#265) 2025-01-05 11:30:34 +01:00
Christoph Haas 6d86f15ff8 implement/fix peer and user disable event (#337, #273) 2025-01-05 10:06:34 +01:00
Christoph Haas 62dbdfe0f9 fix plain oauth login (#317) 2025-01-04 14:25:13 +01:00
Christoph Haas 378252ba2f sec: validate return url 2025-01-04 13:43:18 +01:00
Dmytro Bondar 0ea24e313d
feat: handle missing config file gracefully with a warning (#331) 
Signed-off-by: Dmytro Bondar <git@bonddim.com>
 2024-12-10 15:17:31 +01:00
Dmytro Bondar 90a570bd66
fix: enhance PrivateString Scan method to support []byte input (#324) 
Signed-off-by: Dmytro Bondar <git@bonddim.com>
 2024-11-26 21:09:39 +01:00
Christoph bf9183256a chore: update dependencies, refactor option types 2024-10-15 15:44:47 +02:00
Dmytro Bondar d8eac37302
Updated metrics, added dashboard for Grafana (#311) 
* Updated metrics, added dashboard for Grafana

* Remove unused interfce metric

* Set default scrape interval
 2024-10-09 22:33:50 +02:00
Dmytro Bondar f22a7e4a2e
feat: Metrics for Prometheus (#309) 
* feat: prometheus metrics

* Added Prometheus resources support to helm chart
 2024-09-29 22:10:50 +02:00
Dmytro Bondar 2c01f42369
feat: substitute environment variables in config file (#305) 
* feat: use envsubst to substitute env variables in config file

* Remove output config to log

* Update readme
 2024-09-23 21:48:11 +02:00
Dmytro Bondar 6ffe1a90ae
feat: TLS support for web (#301) 
* Added TLS support for web

- Added optional configurations `cert_file` and `key_file` to run web server with https

Signed-off-by: Dmytro Bondar <git@bonddim.com>

* Helm chart update

- Refactored Ingress to use one host only (`config.web.external_url` is required)
- Added Certificate resource template (secret is mounted to container into `/app/certs/`)
- Added support for service with mixed protocols (exposes UI and Wireguard ports on same IP)
- Added helm-docs target to makefile
- Changed pod labels to use selectorLabels
- Removed default probes (app runs without healthy web)
- Removed sections from README

Signed-off-by: Dmytro Bondar <git@bonddim.com>

* Fix chart workflow path filter

* Fix chart lint issue

* Skip clean-up tested chart

* Try k3d cluster

---------

Signed-off-by: Dmytro Bondar <git@bonddim.com>
 2024-09-22 13:25:08 +02:00
dithmer deff2334ac
Fix the wrong default hooks for PreDown and PostDown on Peer Preparing by using the correct properties of the iface (#293) 
Co-authored-by: Tim Dithmer <tim.dithmer@suresecure.de>
 2024-09-22 11:55:41 +02:00
Dmytro Bondar 2428dedc42
fix: autosave wireguard conf files (#303) 
* fix: autosave wireguard conf files

- Fix subscription to Interface and Peer updates topics
- Remove admin permissions validation
- Update file on peer deletion
- Change save condition to configured storage path only, as initialized interface is not nil

* Added  comment to peer config for prometheus exporter
 2024-09-22 11:53:42 +02:00
Dmytro Bondar 605841f2a0
fix: LDAP sync interval (#304) 
Configurable LDAP sync interval for each LDAP provider
 2024-09-22 11:49:23 +02:00
Christoph Haas a46dabc1d3 #282: change default peer mask to /32 2024-08-13 22:49:58 +02:00
Christoph Haas 288b7794ca fix default peer creation on login (#189) 2024-04-02 22:29:10 +02:00
Christoph Haas 95e10dcc24 execute interface hooks if interface settings have changed (#224) 2024-04-02 20:51:09 +02:00
Ruoxi Wang 1d862c01d5
Implement custom Value and Scan methods for PrivateString type (#231) 2024-03-29 15:52:14 +01:00
Christoph Haas 2de438add8 Merge branch 'pr216' 2024-03-12 22:45:32 +01:00
Christoph Haas e565e26c65 Merge branch 'pr214' 2024-03-12 22:33:15 +01:00
Christoph Haas acc785e4ca small cleanup 2024-03-12 22:32:05 +01:00
Mehrdad Tahernia c89f201c78
fix issue 211: DNS Search Domain not applying (#217) 
Added the DnsSearchStr to the template to include the dns search domain in the generated config file
 2024-03-11 16:03:03 +01:00
Dmytro Bondar 6fb6dc0d23
Remove builded frontend from repo 2024-03-04 11:57:19 +01:00
sh0rch 26cd286c57 Minor fixes for greater compatibility with the original code. 2024-02-29 07:59:27 +03:00
sh0rch 0ade556e80 Brought into working condition for LDAP authentication. 2024-02-29 07:17:17 +03:00
Christoph Haas 1b4b5ff161 fix REST API permission checks (#209) 2024-01-31 21:14:36 +01:00
Christoph Haas 81e696fc7d update frontend dependencies 2023-12-23 13:36:42 +01:00
Christoph Haas 248518d239 - update github actions 
- update docker build
- move default database to /app/data (#179)
- move config file location to /app/config
 2023-10-26 12:42:18 +02:00
guangwu 6284bc8a01
chore: no need to use fmt.Sprintf (#190) 2023-10-22 18:40:54 +02:00
Christoph Haas b49ff66c41 fix invalid ip suggestions (#185) 2023-10-20 12:13:39 +02:00
Christoph Haas d78b4f49bd fix nilpointer dereference 2023-10-20 11:44:17 +02:00
Ruoxi Wang 66aadf9d42
Respect some config values (#175) 
* Respect create_default_peer in config

* Respect user_identifier in LDAP field map
 2023-10-19 22:54:51 +02:00
Ruoxi Wang 4c061a1aa9
Peer interface address should match server's prefix length (#177) 2023-10-19 22:53:51 +02:00
Ruoxi Wang ad935ad927
Small mistake in auth.go comment (#174) 2023-08-30 19:26:43 +02:00
h44z 8b820a5adf
V2 alpha - initial version (#172) 
Initial alpha codebase for version 2 of WireGuard Portal.
This version is considered unstable and incomplete (for example, no public REST API)! 
Use with care!


Fixes/Implements the following issues:
 - OAuth support #154, #1 
 - New Web UI with internationalisation support #98, #107, #89, #62
 - Postgres Support #49 
 - Improved Email handling #47, #119 
 - DNS Search Domain support #46 
 - Bugfixes #94, #48 

---------

Co-authored-by: Fabian Wechselberger <wechselbergerf@hotmail.com>
 2023-08-04 13:34:18 +02:00
Philipp Harms 20b71b4e1f Add Interface column in user profile and fix sorting 2023-04-14 14:50:57 +02:00
Christoph Haas c5c6135793 Update dependencies 2023-02-18 23:55:32 +01:00
Christoph Haas 3c2c7f325b keep original admin group behaviour 2023-01-06 00:03:37 +01:00
Christoph Haas 1c97ff8d27 remove log entries that contain user input (#140) 2023-01-05 23:21:22 +01:00
Christoph Haas 53a6602a64 cleanup recursive ldap group sync 2022-12-27 13:36:25 +01:00
Fabian Schultis a2ab5c9301 Fix nested LDAP group resolution 2022-12-07 05:01:06 +01:00
Fabian Schultis 6f463ac9a5 Add nested group admin state resolution 2022-12-06 02:59:29 +01:00
Christoph Haas 51fb9b4139 cleanup code warnings, update RaspberryPi readme 2022-11-11 18:17:38 +01:00
Christoph Haas bda8c9a3d1 fix migration issue for mysql/mariadb (#128) 2022-11-11 18:07:48 +01:00
h44z 54716f7f53
Multiarch Docker Build (#104) (#129) 
* Improved Makefile
* Multiarch Docker build (amd64, arm64 and armv7)
* closes #104
 2022-11-11 17:10:41 +01:00
Christoph Haas e97fb38bd5 fix issue where newly created peers expire 2022-11-08 18:02:00 +01:00
Christoph Haas 2796433973 expiry feature: automatically re-enable peers if date is in the future 2022-11-01 10:51:17 +01:00
Christoph Haas 3e2208c8f6 ensure that db index is re-created (avoids invalid DDL errors), update gorm 2022-10-29 15:24:13 +02:00
Christoph Haas 0f33871850 peer expiry feature: update api docs and readme 2022-10-29 13:18:32 +02:00
Christoph Haas c43e8d7ca2 peer expiry feature: re-activate expired peers 2022-10-29 13:03:05 +02:00
Christoph Haas 4a0e773d96 peer expiry feature: expiration check 2022-10-29 11:21:04 +02:00
Christoph Haas fe3247bdc1 peer expiry feature: database model, frontend updates 2022-10-28 23:21:37 +02:00
Christoph Haas e4b927bc45 use go-playground/validator instead of asaskevich/govalidator (#46) 2022-10-28 21:48:44 +02:00
philippderdiedas 383fc8cb58
Merge branch 'h44z:master' into master 2022-10-28 20:42:35 +02:00
Christoph Haas ab7f19bb55 only remove private key if a custom public key was specified (#112) 2022-10-28 18:40:06 +02:00
Philipp Harms 49c7109c61
Fix DNSStr validator 2022-10-28 18:31:20 +02:00
Fabian Schultis 352c689623
Remove as in https://github.com/h44z/wg-portal/issues/112 2022-10-28 17:54:13 +02:00
dada513 12717987a6
Add config option to make everyone admin (#106) 2022-09-19 22:26:11 +02:00
Alexander Beck 2f194884d3
user can manage own peers on default device (#82) 
Co-authored-by: GitHubActionRunner <knm@knm.io>
 2022-05-26 23:10:17 +02:00
Christoph Haas b34d2e1174 fix status code number (related to #95) 2022-04-30 19:43:39 +02:00
lowid a46e3724bf
fix delete peer status code (#95) 
http.StatusNoContent == 204
 2022-04-30 19:42:46 +02:00
Christoph Haas 83271b5d34 fix user edit bug, allow to delete users from the database (#40) 2022-03-15 23:34:55 +01:00
Alexis cc50fcf8e6
Feat/ldap certificate connexion (#92) 
* Give the way to connect against LDAP server with certificate and key

* fix(ldap) Update cert variable name

In order to be more explicit

Co-authored-by: Alexis Aurin <alexis@so6.pw>
 2022-03-15 22:46:00 +01:00
Christoph Haas 5d4d06db81 fix invalid interface public key (#74) 2021-12-16 19:51:45 +01:00
ultram4rine e581b3a69f
Wireguard exporter friendly tags (#81) 
* add friendly name

* add friendly name as option to configuration

* add friendly name configuration to readme
 2021-12-16 19:35:15 +01:00
Alexander Beck acb629f672
do not overwrite preshared key in CreatePeer (#77) 2021-12-10 16:52:44 +01:00
Christoph Haas b5cb967e09 improve ldap logging (#67) 2021-11-07 13:20:16 +01:00
commonism d7b52eba1c
ldap - compare DNs using DN.Equal (#60) 
* ldap - compare DNs using DN.Equal

* ldap/isAdmin- restructure & remove code duplication

Co-authored-by: Markus Koetter <koetter@cispa.de>
 2021-10-14 08:57:03 +02:00
commonism 19c58fb5af
Fixes & API unit testing (#58) 
* api - add OperationID

  helps when using pyswagger and is visible via
  http://localhost:8123/swagger/index.html?displayOperationId=true
  gin-swagger can not set displayOperationId yet

* api - match paramters to their property equivalents

  pascalcase & sometimes replacing the name (e.g. device -> DeviceName)

* api - use ShouldBindJSON instead of BindJSON

 BindJSON sets the content-type text/plain

* api - we renamed, we regenerated

* device - allow - in DeviceName wg-example0.conf etc

* api - more pascalcase & argument renames

* api - marshal DeletedAt as string

  gorm.DeletedAt is of type sql.NullTime
  NullTime declares Time & Valid as properties
  DeletedAt marshals as time.Time
  swaggertype allows only basic types
  -> string

* Peer - export UID/DeviceType in json
 UID/DeviceType is required, skipping in json, skips it in marshalling,
 next unmarshalling fails

* assets - name forms for use with mechanize

* api - match error message

* add python3/pyswagger based unittesting
 - initializes a clean install by configuration via web service
 - tests the rest api

* tests - test address exhaustion

* tests - test network expansion

Co-authored-by: Markus Koetter <koetter@cispa.de>
 2021-09-29 18:41:13 +02:00
commonism 93db475eee
swag - use pascalcase for properties (#54) 
Co-authored-by: Markus Koetter <koetter@cispa.de>
 2021-09-27 20:28:03 +02:00
The one with the braid (she/her) | Dфҿ mit dem Zopf (sie/ihr) 9147fe33cb
Added some more customization options (#43) 
* Added some more customization options

* Fixed inconsistent height of custom logos

* Extended navbar style to login page
 2021-09-12 10:17:13 +02:00
Christoph Haas b4bd2b35e2 add HttpOnly and Secure flag to cookie store (#39) 2021-08-24 21:26:16 +02:00
Christoph Haas 57b57931b2 validate user in session (#32) 2021-07-30 13:56:21 +02:00
Christoph Haas fbc0b26631 sendall button for mails, update icons for peer creation buttons (#35) 2021-07-30 13:43:39 +02:00
h44z 16a373f1eb
Fix typo 2021-07-20 11:02:17 +02:00