public_git
/
wg-portal
mirror of https://github.com/h44z/wg-portal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
480 Commits 27 Branches 50 Tags 32 MiB
Commit Graph

239 Commits

Author SHA1 Message Date
Christoph Haas 678b6c6456 Merge branch 'master' into chore-code-cleanup 
# Conflicts:
#	go.mod
#	go.sum
 2025-03-09 21:17:47 +01:00
Christoph Haas 0206952182 chore: replace gin with standard lib net/http 2025-03-09 21:16:42 +01:00
klmmr 53bae9d194
config: validate mail configuration certificates by default (#388) 
Before this commit, the default was to not validate TLS certificates of
the SMTP server. This is perhaps a rather unexpected default and can be
considered insecure. This commit activates mail server TLS cert validation
by default.

This change might break some users' email configuration, if they did not
explicitly set the `mail.cert_validation` config variable. Nonetheless,
I think that the secure option should be the default option (e.g.,
to prevent man-in-the-middle attacks and breaching mail server login
credentials).

Signed-off-by: klmmr <35450576+klmmr@users.noreply.github.com>
 2025-03-05 19:20:57 +01:00
Christoph Haas 7473132932 chore: replace logrus with standard lib log/slog 2025-03-02 08:51:13 +01:00
Christoph Haas 5c51573874 chore: update to yaml v3 2025-02-28 16:15:22 +01:00
Christoph Haas fdb436b135 chore: get rid of static code warnings 2025-02-28 16:11:55 +01:00
Christoph Haas e24acfa57d chore: cleanup code formatting 2025-02-28 08:37:55 +01:00
Christoph Haas f7d7038829 chore: update to Go 1.24, improve oauth admin mapping tests 2025-02-27 22:32:11 +01:00
Christoph Haas 66ccdc29e9 fix qr-code generation for large configurations (#374) 2025-02-26 22:59:11 +01:00
Christoph Haas 986f6fdead fix peer creation for client interface (#371) 2025-02-26 22:02:53 +01:00
klmmr eeb0c87c68
ldap-sync: fix creation of only one user per LDAP sync (#375) 
Before this fix, a too early `return` statement terminated the
`updateLdapUsers()` function, whenever one not already existing user was
created. Therefore, in each LDAP sync a maximum of one new user could be
created (i.e., it took x LDAP sync cycles until x new LDAP users are
registered in wg-portal). Depending on the LDAP `sync_interval` this can
take a long time and produces unecessary long waiting times until users
are available in wg-portal.

Removing the early return statement, and move the remainder of the
function into an `else` statement, so that all new users can be
added in a single LDAP sync.

Also adding a debug statement to better trace the behavior.

Signed-off-by: klmmr <35450576+klmmr@users.noreply.github.com>
 2025-02-26 21:56:22 +01:00
Christoph Haas f6d7a851d1 frontend: fix locked user display (#367) 2025-02-17 08:18:36 +01:00
Christoph Haas fc712ebf42 api: fix ExpiredAt format (#368) 2025-02-17 08:03:43 +01:00
Christoph Haas 43163273fa api: remove IsAdmin from required attributes (#366) 2025-02-17 07:43:31 +01:00
Christoph Haas e983a7b8f3 automatic API access for default admin (#357) 2025-02-07 22:42:48 +01:00
Christoph Haas c33eaba1c0 remove unsupported validator (#360) 2025-02-07 22:21:16 +01:00
Christoph Haas d01d865b4d fix self provisioning feature (#272) 2025-01-26 11:35:24 +01:00
Christoph Haas 1b8cdc3417 automatically append listening port to endpoint address (#352) 2025-01-26 09:52:09 +01:00
Christoph Haas f6c8cd5ea8 allow LDAP users (and linked peers) to be automatically re-enabled (#345) 2025-01-21 18:03:30 +01:00
Christoph Haas a04eaa4bfb fix user group parsing for OAuth login (#317) 2025-01-21 17:33:01 +01:00
Dmytro Bondar 2cea2e477a
Show version on frontend (#346) 2025-01-21 12:27:25 +01:00
Christoph Haas c73ce0288e fix disabling of missing ldap users (#344) and allow deletion of all user types 2025-01-18 17:39:18 +01:00
Christoph Haas 662e9c0549 Improve admin privilege handling for OAuth. Update documentation. 2025-01-18 11:55:56 +01:00
Christoph Haas 6523a87dfb fix peer disable if ldap user is disabled (#343) 2025-01-17 21:59:15 +01:00
Christoph Haas 17844ed929 fix update of userdata after OAuth login (#317, #160) 2025-01-13 22:14:00 +01:00
Christoph Haas 2d78fe33b8 add metric endpoint to public API (#72, #80) 2025-01-11 23:42:05 +01:00
Christoph Haas 63d85d8123 code cleanup 2025-01-11 22:56:25 +01:00
Christoph Haas 26d3257516 update userdata after OAuth login (#317, #160) 2025-01-11 18:55:23 +01:00
h44z d596f578f6
API - CRUD for peers, interfaces and users (#340) 
Public REST API implementation to handle peers, interfaces and users. It also includes some simple provisioning endpoints.

The Swagger API documentation is available under /api/v1/doc.html
 2025-01-11 18:44:55 +01:00
Christoph Haas 3020fbca4e fix change of peer identifier (public key) (#265) 2025-01-05 11:30:34 +01:00
Christoph Haas 6d86f15ff8 implement/fix peer and user disable event (#337, #273) 2025-01-05 10:06:34 +01:00
Christoph Haas 62dbdfe0f9 fix plain oauth login (#317) 2025-01-04 14:25:13 +01:00
Christoph Haas 378252ba2f sec: validate return url 2025-01-04 13:43:18 +01:00
Dmytro Bondar 0ea24e313d
feat: handle missing config file gracefully with a warning (#331) 
Signed-off-by: Dmytro Bondar <git@bonddim.com>
 2024-12-10 15:17:31 +01:00
Dmytro Bondar 90a570bd66
fix: enhance PrivateString Scan method to support []byte input (#324) 
Signed-off-by: Dmytro Bondar <git@bonddim.com>
 2024-11-26 21:09:39 +01:00
Christoph bf9183256a chore: update dependencies, refactor option types 2024-10-15 15:44:47 +02:00
Dmytro Bondar d8eac37302
Updated metrics, added dashboard for Grafana (#311) 
* Updated metrics, added dashboard for Grafana

* Remove unused interfce metric

* Set default scrape interval
 2024-10-09 22:33:50 +02:00
Dmytro Bondar f22a7e4a2e
feat: Metrics for Prometheus (#309) 
* feat: prometheus metrics

* Added Prometheus resources support to helm chart
 2024-09-29 22:10:50 +02:00
Dmytro Bondar 2c01f42369
feat: substitute environment variables in config file (#305) 
* feat: use envsubst to substitute env variables in config file

* Remove output config to log

* Update readme
 2024-09-23 21:48:11 +02:00
Dmytro Bondar 6ffe1a90ae
feat: TLS support for web (#301) 
* Added TLS support for web

- Added optional configurations `cert_file` and `key_file` to run web server with https

Signed-off-by: Dmytro Bondar <git@bonddim.com>

* Helm chart update

- Refactored Ingress to use one host only (`config.web.external_url` is required)
- Added Certificate resource template (secret is mounted to container into `/app/certs/`)
- Added support for service with mixed protocols (exposes UI and Wireguard ports on same IP)
- Added helm-docs target to makefile
- Changed pod labels to use selectorLabels
- Removed default probes (app runs without healthy web)
- Removed sections from README

Signed-off-by: Dmytro Bondar <git@bonddim.com>

* Fix chart workflow path filter

* Fix chart lint issue

* Skip clean-up tested chart

* Try k3d cluster

---------

Signed-off-by: Dmytro Bondar <git@bonddim.com>
 2024-09-22 13:25:08 +02:00
dithmer deff2334ac
Fix the wrong default hooks for PreDown and PostDown on Peer Preparing by using the correct properties of the iface (#293) 
Co-authored-by: Tim Dithmer <tim.dithmer@suresecure.de>
 2024-09-22 11:55:41 +02:00
Dmytro Bondar 2428dedc42
fix: autosave wireguard conf files (#303) 
* fix: autosave wireguard conf files

- Fix subscription to Interface and Peer updates topics
- Remove admin permissions validation
- Update file on peer deletion
- Change save condition to configured storage path only, as initialized interface is not nil

* Added  comment to peer config for prometheus exporter
 2024-09-22 11:53:42 +02:00
Dmytro Bondar 605841f2a0
fix: LDAP sync interval (#304) 
Configurable LDAP sync interval for each LDAP provider
 2024-09-22 11:49:23 +02:00
Christoph Haas a46dabc1d3 #282: change default peer mask to /32 2024-08-13 22:49:58 +02:00
Christoph Haas 288b7794ca fix default peer creation on login (#189) 2024-04-02 22:29:10 +02:00
Christoph Haas 95e10dcc24 execute interface hooks if interface settings have changed (#224) 2024-04-02 20:51:09 +02:00
Ruoxi Wang 1d862c01d5
Implement custom Value and Scan methods for PrivateString type (#231) 2024-03-29 15:52:14 +01:00
Christoph Haas 2de438add8 Merge branch 'pr216' 2024-03-12 22:45:32 +01:00
Christoph Haas e565e26c65 Merge branch 'pr214' 2024-03-12 22:33:15 +01:00
Christoph Haas acc785e4ca small cleanup 2024-03-12 22:32:05 +01:00
Mehrdad Tahernia c89f201c78
fix issue 211: DNS Search Domain not applying (#217) 
Added the DnsSearchStr to the template to include the dns search domain in the generated config file
 2024-03-11 16:03:03 +01:00
Dmytro Bondar 6fb6dc0d23
Remove builded frontend from repo 2024-03-04 11:57:19 +01:00
sh0rch 26cd286c57 Minor fixes for greater compatibility with the original code. 2024-02-29 07:59:27 +03:00
sh0rch 0ade556e80 Brought into working condition for LDAP authentication. 2024-02-29 07:17:17 +03:00
Christoph Haas 1b4b5ff161 fix REST API permission checks (#209) 2024-01-31 21:14:36 +01:00
Christoph Haas 81e696fc7d update frontend dependencies 2023-12-23 13:36:42 +01:00
Christoph Haas 248518d239 - update github actions 
- update docker build
- move default database to /app/data (#179)
- move config file location to /app/config
 2023-10-26 12:42:18 +02:00
guangwu 6284bc8a01
chore: no need to use fmt.Sprintf (#190) 2023-10-22 18:40:54 +02:00
Christoph Haas b49ff66c41 fix invalid ip suggestions (#185) 2023-10-20 12:13:39 +02:00
Christoph Haas d78b4f49bd fix nilpointer dereference 2023-10-20 11:44:17 +02:00
Ruoxi Wang 66aadf9d42
Respect some config values (#175) 
* Respect create_default_peer in config

* Respect user_identifier in LDAP field map
 2023-10-19 22:54:51 +02:00
Ruoxi Wang 4c061a1aa9
Peer interface address should match server's prefix length (#177) 2023-10-19 22:53:51 +02:00
Ruoxi Wang ad935ad927
Small mistake in auth.go comment (#174) 2023-08-30 19:26:43 +02:00
h44z 8b820a5adf
V2 alpha - initial version (#172) 
Initial alpha codebase for version 2 of WireGuard Portal.
This version is considered unstable and incomplete (for example, no public REST API)! 
Use with care!


Fixes/Implements the following issues:
 - OAuth support #154, #1 
 - New Web UI with internationalisation support #98, #107, #89, #62
 - Postgres Support #49 
 - Improved Email handling #47, #119 
 - DNS Search Domain support #46 
 - Bugfixes #94, #48 

---------

Co-authored-by: Fabian Wechselberger <wechselbergerf@hotmail.com>
 2023-08-04 13:34:18 +02:00
Philipp Harms 20b71b4e1f Add Interface column in user profile and fix sorting 2023-04-14 14:50:57 +02:00
Christoph Haas c5c6135793 Update dependencies 2023-02-18 23:55:32 +01:00
Christoph Haas 3c2c7f325b keep original admin group behaviour 2023-01-06 00:03:37 +01:00
Christoph Haas 1c97ff8d27 remove log entries that contain user input (#140) 2023-01-05 23:21:22 +01:00
Christoph Haas 53a6602a64 cleanup recursive ldap group sync 2022-12-27 13:36:25 +01:00
Fabian Schultis a2ab5c9301 Fix nested LDAP group resolution 2022-12-07 05:01:06 +01:00
Fabian Schultis 6f463ac9a5 Add nested group admin state resolution 2022-12-06 02:59:29 +01:00
Christoph Haas 51fb9b4139 cleanup code warnings, update RaspberryPi readme 2022-11-11 18:17:38 +01:00
Christoph Haas bda8c9a3d1 fix migration issue for mysql/mariadb (#128) 2022-11-11 18:07:48 +01:00
h44z 54716f7f53
Multiarch Docker Build (#104) (#129) 
* Improved Makefile
* Multiarch Docker build (amd64, arm64 and armv7)
* closes #104
 2022-11-11 17:10:41 +01:00
Christoph Haas e97fb38bd5 fix issue where newly created peers expire 2022-11-08 18:02:00 +01:00
Christoph Haas 2796433973 expiry feature: automatically re-enable peers if date is in the future 2022-11-01 10:51:17 +01:00
Christoph Haas 3e2208c8f6 ensure that db index is re-created (avoids invalid DDL errors), update gorm 2022-10-29 15:24:13 +02:00
Christoph Haas 0f33871850 peer expiry feature: update api docs and readme 2022-10-29 13:18:32 +02:00
Christoph Haas c43e8d7ca2 peer expiry feature: re-activate expired peers 2022-10-29 13:03:05 +02:00
Christoph Haas 4a0e773d96 peer expiry feature: expiration check 2022-10-29 11:21:04 +02:00
Christoph Haas fe3247bdc1 peer expiry feature: database model, frontend updates 2022-10-28 23:21:37 +02:00
Christoph Haas e4b927bc45 use go-playground/validator instead of asaskevich/govalidator (#46) 2022-10-28 21:48:44 +02:00
philippderdiedas 383fc8cb58
Merge branch 'h44z:master' into master 2022-10-28 20:42:35 +02:00
Christoph Haas ab7f19bb55 only remove private key if a custom public key was specified (#112) 2022-10-28 18:40:06 +02:00
Philipp Harms 49c7109c61
Fix DNSStr validator 2022-10-28 18:31:20 +02:00
Fabian Schultis 352c689623
Remove as in https://github.com/h44z/wg-portal/issues/112 2022-10-28 17:54:13 +02:00
dada513 12717987a6
Add config option to make everyone admin (#106) 2022-09-19 22:26:11 +02:00
Alexander Beck 2f194884d3
user can manage own peers on default device (#82) 
Co-authored-by: GitHubActionRunner <knm@knm.io>
 2022-05-26 23:10:17 +02:00
Christoph Haas b34d2e1174 fix status code number (related to #95) 2022-04-30 19:43:39 +02:00
lowid a46e3724bf
fix delete peer status code (#95) 
http.StatusNoContent == 204
 2022-04-30 19:42:46 +02:00
Christoph Haas 83271b5d34 fix user edit bug, allow to delete users from the database (#40) 2022-03-15 23:34:55 +01:00
Alexis cc50fcf8e6
Feat/ldap certificate connexion (#92) 
* Give the way to connect against LDAP server with certificate and key

* fix(ldap) Update cert variable name

In order to be more explicit

Co-authored-by: Alexis Aurin <alexis@so6.pw>
 2022-03-15 22:46:00 +01:00
Christoph Haas 5d4d06db81 fix invalid interface public key (#74) 2021-12-16 19:51:45 +01:00
ultram4rine e581b3a69f
Wireguard exporter friendly tags (#81) 
* add friendly name

* add friendly name as option to configuration

* add friendly name configuration to readme
 2021-12-16 19:35:15 +01:00
Alexander Beck acb629f672
do not overwrite preshared key in CreatePeer (#77) 2021-12-10 16:52:44 +01:00
Christoph Haas b5cb967e09 improve ldap logging (#67) 2021-11-07 13:20:16 +01:00
commonism d7b52eba1c
ldap - compare DNs using DN.Equal (#60) 
* ldap - compare DNs using DN.Equal

* ldap/isAdmin- restructure & remove code duplication

Co-authored-by: Markus Koetter <koetter@cispa.de>
 2021-10-14 08:57:03 +02:00
commonism 19c58fb5af
Fixes & API unit testing (#58) 
* api - add OperationID

  helps when using pyswagger and is visible via
  http://localhost:8123/swagger/index.html?displayOperationId=true
  gin-swagger can not set displayOperationId yet

* api - match paramters to their property equivalents

  pascalcase & sometimes replacing the name (e.g. device -> DeviceName)

* api - use ShouldBindJSON instead of BindJSON

 BindJSON sets the content-type text/plain

* api - we renamed, we regenerated

* device - allow - in DeviceName wg-example0.conf etc

* api - more pascalcase & argument renames

* api - marshal DeletedAt as string

  gorm.DeletedAt is of type sql.NullTime
  NullTime declares Time & Valid as properties
  DeletedAt marshals as time.Time
  swaggertype allows only basic types
  -> string

* Peer - export UID/DeviceType in json
 UID/DeviceType is required, skipping in json, skips it in marshalling,
 next unmarshalling fails

* assets - name forms for use with mechanize

* api - match error message

* add python3/pyswagger based unittesting
 - initializes a clean install by configuration via web service
 - tests the rest api

* tests - test address exhaustion

* tests - test network expansion

Co-authored-by: Markus Koetter <koetter@cispa.de>
 2021-09-29 18:41:13 +02:00
commonism 93db475eee
swag - use pascalcase for properties (#54) 
Co-authored-by: Markus Koetter <koetter@cispa.de>
 2021-09-27 20:28:03 +02:00
The one with the braid (she/her) | Dфҿ mit dem Zopf (sie/ihr) 9147fe33cb
Added some more customization options (#43) 
* Added some more customization options

* Fixed inconsistent height of custom logos

* Extended navbar style to login page
 2021-09-12 10:17:13 +02:00