From 2084a81297e4756271b867863800750c4682dc3e Mon Sep 17 00:00:00 2001 From: Sam Gleske Date: Tue, 20 May 2025 18:33:08 -0400 Subject: [PATCH] Fix PreUp, PostUp, PreDown, and PostDown * Escaping HTML in several places. * Adds PreUp config when one didn't exist. * Adds environment variable support for PreUp and PreDown. closes #549 closes #655 closes #656 See also -------- - https://github.com/samrocketman/addons-homeassistant/issues/9 Co-authored-by: Robert Willert --- README.md | 2 ++ custom/js/helper.js | 37 +++++++++++++++++++------------- model/server.go | 1 + router/router.go | 2 ++ store/jsondb/jsondb.go | 2 ++ templates/server.html | 14 ++++++++---- templates/wake_on_lan_hosts.html | 6 +++--- templates/wg.conf | 1 + util/config.go | 2 ++ util/html.go | 10 +++++++++ 10 files changed, 55 insertions(+), 22 deletions(-) create mode 100644 util/html.go diff --git a/README.md b/README.md index 74c446e..122a95a 100644 --- a/README.md +++ b/README.md @@ -83,7 +83,9 @@ These environment variables are used to control the default server settings used |-----------------------------------|-----------------------------------------------------------------------------------------------|-----------------| | `WGUI_SERVER_INTERFACE_ADDRESSES` | The default interface addresses (comma-separated-list) for the WireGuard server configuration | `10.252.1.0/24` | | `WGUI_SERVER_LISTEN_PORT` | The default server listen port | `51820` | +| `WGUI_SERVER_PRE_UP_SCRIPT` | The default server pre-up script | N/A | | `WGUI_SERVER_POST_UP_SCRIPT` | The default server post-up script | N/A | +| `WGUI_SERVER_PRE_DOWN_SCRIPT` | The default server pre-down script | N/A | | `WGUI_SERVER_POST_DOWN_SCRIPT` | The default server post-down script | N/A | ### Defaults for new clients diff --git a/custom/js/helper.js b/custom/js/helper.js index 5b43272..976fd00 100644 --- a/custom/js/helper.js +++ b/custom/js/helper.js @@ -1,3 +1,10 @@ +/* + Hack using jQuery's text() method and a temporary element to escape html() + utilizing jQuery. +*/ +function escapeHtml(unsafe) { + return $('
').text(unsafe).html(); +} function renderClientList(data) { $.each(data, function(index, obj) { // render telegram button @@ -6,13 +13,13 @@ function renderClientList(data) { telegramButton = `
+ data-clientname="${escapeHtml(obj.Client.name)}">Telegram
` } let telegramHtml = ""; if (obj.Client.telegram_userid && obj.Client.telegram_userid.length > 0) { - telegramHtml = `` + telegramHtml = `` } // render client status css tag style @@ -24,13 +31,13 @@ function renderClientList(data) { // render client allocated ip addresses let allocatedIpsHtml = ""; $.each(obj.Client.allocated_ips, function(index, obj) { - allocatedIpsHtml += `${obj} `; + allocatedIpsHtml += `${escapeHtml(obj)} `; }) // render client allowed ip addresses let allowedIpsHtml = ""; $.each(obj.Client.allowed_ips, function(index, obj) { - allowedIpsHtml += `${obj} `; + allowedIpsHtml += `${escapeHtml(obj)} `; }) let subnetRangesString = ""; @@ -40,7 +47,7 @@ function renderClientList(data) { let additionalNotesHtml = ""; if (obj.Client.additional_notes && obj.Client.additional_notes.length > 0) { - additionalNotesHtml = `` + additionalNotesHtml = `` } // render client html content @@ -56,12 +63,12 @@ function renderClientList(data) {
+ data-clientname="${escapeHtml(obj.Client.name)}" ${obj.QRCode != "" ? '' : ' disabled'}>QR code
+ data-clientname="${escapeHtml(obj.Client.name)}">Email
${telegramButton}
@@ -72,22 +79,22 @@ function renderClientList(data) {
- ${obj.Client.name} - - + ${escapeHtml(obj.Client.name)} + + ${telegramHtml} ${additionalNotesHtml} - ${obj.Client.email} + ${escapeHtml(obj.Client.email)} ${prettyDateTime(obj.Client.created_at)} @@ -95,7 +102,7 @@ function renderClientList(data) { ${obj.Client.use_server_dns ? 'DNS enabled' : 'DNS disabled'} - ${obj.Client.additional_notes} + ${escapeHtml(obj.Client.additional_notes)} IP Allocation` + allocatedIpsHtml + `Allowed IPs` diff --git a/model/server.go b/model/server.go index 0aa804f..57cb80b 100644 --- a/model/server.go +++ b/model/server.go @@ -22,6 +22,7 @@ type ServerInterface struct { Addresses []string `json:"addresses"` ListenPort int `json:"listen_port,string"` // ,string to get listen_port string input as int UpdatedAt time.Time `json:"updated_at"` + PreUp string `json:"pre_up"` PostUp string `json:"post_up"` PreDown string `json:"pre_down"` PostDown string `json:"post_down"` diff --git a/router/router.go b/router/router.go index 59d352e..270e54a 100644 --- a/router/router.go +++ b/router/router.go @@ -112,8 +112,10 @@ func New(tmplDir fs.FS, extraData map[string]interface{}, secret [64]byte) *echo } // create template list + //"htmlescaper": template.htmlEscaper, funcs := template.FuncMap{ "StringsJoin": strings.Join, + "attrescaper": util.EscapeHtmlCode, } templates := make(map[string]*template.Template) templates["login.html"] = template.Must(template.New("login").Funcs(funcs).Parse(tmplLoginString)) diff --git a/store/jsondb/jsondb.go b/store/jsondb/jsondb.go index 1cd0a43..d31395c 100644 --- a/store/jsondb/jsondb.go +++ b/store/jsondb/jsondb.go @@ -64,7 +64,9 @@ func (o *JsonDB) Init() error { serverInterface := new(model.ServerInterface) serverInterface.Addresses = util.LookupEnvOrStrings(util.ServerAddressesEnvVar, []string{util.DefaultServerAddress}) serverInterface.ListenPort = util.LookupEnvOrInt(util.ServerListenPortEnvVar, util.DefaultServerPort) + serverInterface.PreUp = util.LookupEnvOrString(util.ServerPreUpScriptEnvVar, "") serverInterface.PostUp = util.LookupEnvOrString(util.ServerPostUpScriptEnvVar, "") + serverInterface.PreDown = util.LookupEnvOrString(util.ServerPreDownScriptEnvVar, "") serverInterface.PostDown = util.LookupEnvOrString(util.ServerPostDownScriptEnvVar, "") serverInterface.UpdatedAt = time.Now().UTC() o.conn.Write("server", "interfaces", serverInterface) diff --git a/templates/server.html b/templates/server.html index e1116a6..dae5a4e 100644 --- a/templates/server.html +++ b/templates/server.html @@ -37,21 +37,26 @@ Wireguard Server Settings
+
+ + +
+ placeholder="Post Up Script" value="{{ .serverInterface.PostUp | attrescaper }}">
+ placeholder="Pre Down Script" value="{{ .serverInterface.PreDown | attrescaper }}">
+ placeholder="Post Down Script" value="{{ .serverInterface.PostDown | attrescaper }}">
@@ -135,10 +140,11 @@ Wireguard Server Settings function submitServerInterfaceSetting() { const addresses = $("#addresses").val().split(","); const listen_port = $("#listen_port").val(); + const pre_up = $("#pre_up").val(); const post_up = $("#post_up").val(); const pre_down = $("#pre_down").val(); const post_down = $("#post_down").val(); - const data = {"addresses": addresses, "listen_port": listen_port, "post_up": post_up, "pre_down": pre_down, "post_down": post_down}; + const data = {"addresses": addresses, "listen_port": listen_port, "pre_up": pre_up, "post_up": post_up, "pre_down": pre_down, "post_down": post_down}; $.ajax({ cache: false, diff --git a/templates/wake_on_lan_hosts.html b/templates/wake_on_lan_hosts.html index 80ba3f6..c87b07e 100644 --- a/templates/wake_on_lan_hosts.html +++ b/templates/wake_on_lan_hosts.html @@ -90,7 +90,7 @@