public_git
/
wg-portal
mirror of https://github.com/h44z/wg-portal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
379 Commits 27 Branches 50 Tags 32 MiB
Commit Graph

197 Commits

Author SHA1 Message Date
Christoph 6681dfa96f generate interface and peer configuration filenames in backend only (#395) 2025-04-19 13:12:31 +02:00
Christoph 37904f96fb run initial LDAP sync on startup (#407) 2025-04-19 12:12:45 +02:00
Christoph Haas b938bc8c4c fix: fix peer audit event 2025-03-30 23:16:10 +02:00
Christoph Haas 87bf5da5bd fix: fix session handling (remove IdleTimeout) 2025-03-30 23:14:49 +02:00
Christoph Haas 3723e4cc75 fix: fix csrf token handling after login 2025-03-29 17:21:54 +01:00
Christoph Haas 6cbccf6d43 feat: add simple audit ui 2025-03-29 16:42:31 +01:00
Christoph Haas 7d0da4e7ad chore: use interfaces for all other services 2025-03-23 23:09:47 +01:00
Christoph Haas 02ed7b19df chore: use interfaces for web related services 2025-03-09 21:48:38 +01:00
Christoph Haas 678b6c6456 Merge branch 'master' into chore-code-cleanup 
# Conflicts:
#	go.mod
#	go.sum
 2025-03-09 21:17:47 +01:00
Christoph Haas 0206952182 chore: replace gin with standard lib net/http 2025-03-09 21:16:42 +01:00
klmmr 53bae9d194
config: validate mail configuration certificates by default (#388) 
Before this commit, the default was to not validate TLS certificates of
the SMTP server. This is perhaps a rather unexpected default and can be
considered insecure. This commit activates mail server TLS cert validation
by default.

This change might break some users' email configuration, if they did not
explicitly set the `mail.cert_validation` config variable. Nonetheless,
I think that the secure option should be the default option (e.g.,
to prevent man-in-the-middle attacks and breaching mail server login
credentials).

Signed-off-by: klmmr <35450576+klmmr@users.noreply.github.com>
 2025-03-05 19:20:57 +01:00
Christoph Haas 7473132932 chore: replace logrus with standard lib log/slog 2025-03-02 08:51:13 +01:00
Christoph Haas 5c51573874 chore: update to yaml v3 2025-02-28 16:15:22 +01:00
Christoph Haas fdb436b135 chore: get rid of static code warnings 2025-02-28 16:11:55 +01:00
Christoph Haas e24acfa57d chore: cleanup code formatting 2025-02-28 08:37:55 +01:00
Christoph Haas f7d7038829 chore: update to Go 1.24, improve oauth admin mapping tests 2025-02-27 22:32:11 +01:00
Christoph Haas 66ccdc29e9 fix qr-code generation for large configurations (#374) 2025-02-26 22:59:11 +01:00
Christoph Haas 986f6fdead fix peer creation for client interface (#371) 2025-02-26 22:02:53 +01:00
klmmr eeb0c87c68
ldap-sync: fix creation of only one user per LDAP sync (#375) 
Before this fix, a too early `return` statement terminated the
`updateLdapUsers()` function, whenever one not already existing user was
created. Therefore, in each LDAP sync a maximum of one new user could be
created (i.e., it took x LDAP sync cycles until x new LDAP users are
registered in wg-portal). Depending on the LDAP `sync_interval` this can
take a long time and produces unecessary long waiting times until users
are available in wg-portal.

Removing the early return statement, and move the remainder of the
function into an `else` statement, so that all new users can be
added in a single LDAP sync.

Also adding a debug statement to better trace the behavior.

Signed-off-by: klmmr <35450576+klmmr@users.noreply.github.com>
 2025-02-26 21:56:22 +01:00
Christoph Haas f6d7a851d1 frontend: fix locked user display (#367) 2025-02-17 08:18:36 +01:00
Christoph Haas fc712ebf42 api: fix ExpiredAt format (#368) 2025-02-17 08:03:43 +01:00
Christoph Haas 43163273fa api: remove IsAdmin from required attributes (#366) 2025-02-17 07:43:31 +01:00
Christoph Haas e983a7b8f3 automatic API access for default admin (#357) 2025-02-07 22:42:48 +01:00
Christoph Haas c33eaba1c0 remove unsupported validator (#360) 2025-02-07 22:21:16 +01:00
Christoph Haas d01d865b4d fix self provisioning feature (#272) 2025-01-26 11:35:24 +01:00
Christoph Haas 1b8cdc3417 automatically append listening port to endpoint address (#352) 2025-01-26 09:52:09 +01:00
Christoph Haas f6c8cd5ea8 allow LDAP users (and linked peers) to be automatically re-enabled (#345) 2025-01-21 18:03:30 +01:00
Christoph Haas a04eaa4bfb fix user group parsing for OAuth login (#317) 2025-01-21 17:33:01 +01:00
Dmytro Bondar 2cea2e477a
Show version on frontend (#346) 2025-01-21 12:27:25 +01:00
Christoph Haas c73ce0288e fix disabling of missing ldap users (#344) and allow deletion of all user types 2025-01-18 17:39:18 +01:00
Christoph Haas 662e9c0549 Improve admin privilege handling for OAuth. Update documentation. 2025-01-18 11:55:56 +01:00
Christoph Haas 6523a87dfb fix peer disable if ldap user is disabled (#343) 2025-01-17 21:59:15 +01:00
Christoph Haas 17844ed929 fix update of userdata after OAuth login (#317, #160) 2025-01-13 22:14:00 +01:00
Christoph Haas 2d78fe33b8 add metric endpoint to public API (#72, #80) 2025-01-11 23:42:05 +01:00
Christoph Haas 63d85d8123 code cleanup 2025-01-11 22:56:25 +01:00
Christoph Haas 26d3257516 update userdata after OAuth login (#317, #160) 2025-01-11 18:55:23 +01:00
h44z d596f578f6
API - CRUD for peers, interfaces and users (#340) 
Public REST API implementation to handle peers, interfaces and users. It also includes some simple provisioning endpoints.

The Swagger API documentation is available under /api/v1/doc.html
 2025-01-11 18:44:55 +01:00
Christoph Haas 3020fbca4e fix change of peer identifier (public key) (#265) 2025-01-05 11:30:34 +01:00
Christoph Haas 6d86f15ff8 implement/fix peer and user disable event (#337, #273) 2025-01-05 10:06:34 +01:00
Christoph Haas 62dbdfe0f9 fix plain oauth login (#317) 2025-01-04 14:25:13 +01:00
Christoph Haas 378252ba2f sec: validate return url 2025-01-04 13:43:18 +01:00
Dmytro Bondar 0ea24e313d
feat: handle missing config file gracefully with a warning (#331) 
Signed-off-by: Dmytro Bondar <git@bonddim.com>
 2024-12-10 15:17:31 +01:00
Dmytro Bondar 90a570bd66
fix: enhance PrivateString Scan method to support []byte input (#324) 
Signed-off-by: Dmytro Bondar <git@bonddim.com>
 2024-11-26 21:09:39 +01:00
Christoph bf9183256a chore: update dependencies, refactor option types 2024-10-15 15:44:47 +02:00
Dmytro Bondar d8eac37302
Updated metrics, added dashboard for Grafana (#311) 
* Updated metrics, added dashboard for Grafana

* Remove unused interfce metric

* Set default scrape interval
 2024-10-09 22:33:50 +02:00
Dmytro Bondar f22a7e4a2e
feat: Metrics for Prometheus (#309) 
* feat: prometheus metrics

* Added Prometheus resources support to helm chart
 2024-09-29 22:10:50 +02:00
Dmytro Bondar 2c01f42369
feat: substitute environment variables in config file (#305) 
* feat: use envsubst to substitute env variables in config file

* Remove output config to log

* Update readme
 2024-09-23 21:48:11 +02:00
Dmytro Bondar 6ffe1a90ae
feat: TLS support for web (#301) 
* Added TLS support for web

- Added optional configurations `cert_file` and `key_file` to run web server with https

Signed-off-by: Dmytro Bondar <git@bonddim.com>

* Helm chart update

- Refactored Ingress to use one host only (`config.web.external_url` is required)
- Added Certificate resource template (secret is mounted to container into `/app/certs/`)
- Added support for service with mixed protocols (exposes UI and Wireguard ports on same IP)
- Added helm-docs target to makefile
- Changed pod labels to use selectorLabels
- Removed default probes (app runs without healthy web)
- Removed sections from README

Signed-off-by: Dmytro Bondar <git@bonddim.com>

* Fix chart workflow path filter

* Fix chart lint issue

* Skip clean-up tested chart

* Try k3d cluster

---------

Signed-off-by: Dmytro Bondar <git@bonddim.com>
 2024-09-22 13:25:08 +02:00
dithmer deff2334ac
Fix the wrong default hooks for PreDown and PostDown on Peer Preparing by using the correct properties of the iface (#293) 
Co-authored-by: Tim Dithmer <tim.dithmer@suresecure.de>
 2024-09-22 11:55:41 +02:00
Dmytro Bondar 2428dedc42
fix: autosave wireguard conf files (#303) 
* fix: autosave wireguard conf files

- Fix subscription to Interface and Peer updates topics
- Remove admin permissions validation
- Update file on peer deletion
- Change save condition to configured storage path only, as initialized interface is not nil

* Added  comment to peer config for prometheus exporter
 2024-09-22 11:53:42 +02:00