From 73cd5ae94d72cec24187f0b96631ab60bd2b517b Mon Sep 17 00:00:00 2001 From: alikhanich Date: Fri, 17 Mar 2023 09:22:01 +0300 Subject: [PATCH 1/4] Add apikey --- docker-compose.yaml | 10 +++------- handler/session.go | 20 ++++++++++++++++++++ main.go | 5 ++++- router/router.go | 22 +++++++++++++++++++++- util/config.go | 2 ++ 5 files changed, 50 insertions(+), 9 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index a7d49c0..25b0d7c 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -3,19 +3,15 @@ version: "3" services: wg: build: . - #image: ngoduykhanh/wireguard-ui:latest + image: wg-ui:latest container_name: wgui cap_add: - NET_ADMIN network_mode: host environment: - - SENDGRID_API_KEY - - EMAIL_FROM_ADDRESS - - EMAIL_FROM_NAME - - SESSION_SECRET + - SESSION_SECRET=vnsjdvb9134f39hvn9249 - WGUI_USERNAME=alpha - - WGUI_PASSWORD=this-unusual-password - - WG_CONF_TEMPLATE + - WGUI_PASSWORD=Negjqgfhjkm1! - WGUI_MANAGE_START=false - WGUI_MANAGE_RESTART=false logging: diff --git a/handler/session.go b/handler/session.go index 9975e0d..fb2c634 100644 --- a/handler/session.go +++ b/handler/session.go @@ -23,12 +23,32 @@ func ValidSession(next echo.HandlerFunc) echo.HandlerFunc { } } +func ProtectedHandler(next echo.HandlerFunc) echo.HandlerFunc { + return func(c echo.Context) error { + sess, err := session.Get("session", c) + if err != nil { + return err + } + + apiKey, ok := sess.Values["api_key"].(string) + if !ok || apiKey != util.ApiKey { + return echo.NewHTTPError(http.StatusUnauthorized, "Invalid API key") + } + // Handle the request for authenticated users + return next(c) + } +} + func isValidSession(c echo.Context) bool { if util.DisableLogin { return true } sess, _ := session.Get("session", c) cookie, err := c.Cookie("session_token") + apiKey, ok := sess.Values["api_key"].(string) + if ok && apiKey != util.ApiKey { + return false + } if err != nil || sess.Values["session_token"] != cookie.Value { return false } diff --git a/main.go b/main.go index cbfa8b7..7c8888e 100644 --- a/main.go +++ b/main.go @@ -40,6 +40,7 @@ var ( flagSessionSecret string flagWgConfTemplate string flagBasePath string + flagApiKey string ) const ( @@ -69,6 +70,7 @@ func init() { flag.StringVar(&flagSessionSecret, "session-secret", util.LookupEnvOrString("SESSION_SECRET", flagSessionSecret), "The key used to encrypt session cookies.") flag.StringVar(&flagWgConfTemplate, "wg-conf-template", util.LookupEnvOrString("WG_CONF_TEMPLATE", flagWgConfTemplate), "Path to custom wg.conf template.") flag.StringVar(&flagBasePath, "base-path", util.LookupEnvOrString("BASE_PATH", flagBasePath), "The base path of the URL") + flag.StringVar(&flagApiKey, "api-key", util.LookupEnvOrString("WGUI_API_KEY", ""), "Specify API key for auth") flag.Parse() // update runtime config @@ -87,7 +89,7 @@ func init() { util.SessionSecret = []byte(flagSessionSecret) util.WgConfTemplate = flagWgConfTemplate util.BasePath = util.ParseBasePath(flagBasePath) - + util.ApiKey = flagApiKey // print app information fmt.Println("Wireguard UI") fmt.Println("App Version\t:", appVersion) @@ -105,6 +107,7 @@ func init() { fmt.Println("Base path\t:", util.BasePath+"/") } + func main() { db, err := jsondb.New("./db") if err != nil { diff --git a/router/router.go b/router/router.go index 9aeaf1b..1446b69 100644 --- a/router/router.go +++ b/router/router.go @@ -47,11 +47,31 @@ func (t *TemplateRegistry) Render(w io.Writer, name string, data interface{}, c return tmpl.ExecuteTemplate(w, "base.html", data) } +func apiKeyMiddleware(next echo.HandlerFunc) echo.HandlerFunc { + return func(c echo.Context) error { + apiKey := c.Request().Header.Get("X-API-Key") + if apiKey == "" { + apiKey = c.QueryParam("api_key") + } + sess, err := session.Get("session", c) + if err != nil { + return err + } + sess.Values["api_key"] = apiKey + err = sess.Save(c.Request(), c.Response()) + if err != nil { + return err + } + return next(c) + } +} // New function func New(tmplBox *rice.Box, extraData map[string]string, secret []byte) *echo.Echo { e := echo.New() - e.Use(session.Middleware(sessions.NewCookieStore(secret))) + store := sessions.NewCookieStore(secret) + e.Use(session.Middleware(store)) + e.Use(apiKeyMiddleware) // read html template file to string tmplBaseString, err := tmplBox.String("base.html") if err != nil { diff --git a/util/config.go b/util/config.go index 7f5d221..447d913 100644 --- a/util/config.go +++ b/util/config.go @@ -19,6 +19,7 @@ var ( SessionSecret []byte WgConfTemplate string BasePath string + ApiKey string ) const ( @@ -49,6 +50,7 @@ const ( DefaultClientExtraAllowedIpsEnvVar = "WGUI_DEFAULT_CLIENT_EXTRA_ALLOWED_IPS" DefaultClientUseServerDNSEnvVar = "WGUI_DEFAULT_CLIENT_USE_SERVER_DNS" DefaultClientEnableAfterCreationEnvVar = "WGUI_DEFAULT_CLIENT_ENABLE_AFTER_CREATION" + DefaultApiKeyEnvVar = "WGUI_API_KEY" ) func ParseBasePath(basePath string) string { From 1471c87886c4ae53f8b09022786521a67d5e6857 Mon Sep 17 00:00:00 2001 From: alikhanich Date: Fri, 17 Mar 2023 09:23:42 +0300 Subject: [PATCH 2/4] fix --- handler/session.go | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/handler/session.go b/handler/session.go index fb2c634..f932e82 100644 --- a/handler/session.go +++ b/handler/session.go @@ -23,22 +23,6 @@ func ValidSession(next echo.HandlerFunc) echo.HandlerFunc { } } -func ProtectedHandler(next echo.HandlerFunc) echo.HandlerFunc { - return func(c echo.Context) error { - sess, err := session.Get("session", c) - if err != nil { - return err - } - - apiKey, ok := sess.Values["api_key"].(string) - if !ok || apiKey != util.ApiKey { - return echo.NewHTTPError(http.StatusUnauthorized, "Invalid API key") - } - // Handle the request for authenticated users - return next(c) - } -} - func isValidSession(c echo.Context) bool { if util.DisableLogin { return true From 8e6504c1de754c1b9a82ac10a5e5e466ef26c470 Mon Sep 17 00:00:00 2001 From: alikhanich Date: Fri, 17 Mar 2023 09:51:18 +0300 Subject: [PATCH 3/4] fix --- docker-compose.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-compose.yaml b/docker-compose.yaml index 25b0d7c..6363d13 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -14,6 +14,7 @@ services: - WGUI_PASSWORD=Negjqgfhjkm1! - WGUI_MANAGE_START=false - WGUI_MANAGE_RESTART=false + - WGUI_API_KEY=test logging: driver: json-file options: From 2130289cafcf41546e107b720e72f44547dd0299 Mon Sep 17 00:00:00 2001 From: alikhanich Date: Fri, 17 Mar 2023 11:17:12 +0300 Subject: [PATCH 4/4] fix --- README.md | 8 ++++---- go.mod | 2 +- handler/routes.go | 8 ++++---- handler/routes_wake_on_lan.go | 4 ++-- handler/session.go | 2 +- main.go | 14 +++++++------- router/router.go | 2 +- store/jsondb/jsondb.go | 4 ++-- store/jsondb/jsondb_wake_on_lan.go | 2 +- store/store.go | 2 +- templates/about.html | 2 +- templates/base.html | 2 +- templates/login.html | 2 +- templates/wake_on_lan_hosts.html | 2 +- templates/wg.conf | 2 +- util/util.go | 2 +- 16 files changed, 30 insertions(+), 30 deletions(-) diff --git a/README.md b/README.md index 489314c..7e9be01 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -![](https://github.com/ngoduykhanh/wireguard-ui/workflows/wireguard-ui%20build%20release/badge.svg) +![](https://github.com/alikhanich/wireguard-ui/workflows/wireguard-ui%20build%20release/badge.svg) # wireguard-ui @@ -28,7 +28,7 @@ Download the binary file from the release page and run it directly on the host m ### Using docker compose You can take a look at this example -of [docker-compose.yml](https://github.com/ngoduykhanh/wireguard-ui/blob/master/docker-compose.yaml). Please adjust +of [docker-compose.yml](https://github.com/alikhanich/wireguard-ui/blob/master/docker-compose.yaml). Please adjust volume mount points to work with your setup. Then run it like below: ``` @@ -60,7 +60,7 @@ Note: | `WGUI_PERSISTENT_KEEPALIVE` | The default persistent keepalive for WireGuard in global settings | `15` | | `WGUI_FORWARD_MARK` | The default WireGuard forward mark | `0xca6c` | | `WGUI_CONFIG_FILE_PATH` | The default WireGuard config file path used in global settings | `/etc/wireguard/wg0.conf` | -| `WG_CONF_TEMPLATE` | The custom `wg.conf` config file template. Please refer to our [default template](https://github.com/ngoduykhanh/wireguard-ui/blob/master/templates/wg.conf) | N/A | +| `WG_CONF_TEMPLATE` | The custom `wg.conf` config file template. Please refer to our [default template](https://github.com/alikhanich/wireguard-ui/blob/master/templates/wg.conf) | N/A | | `EMAIL_FROM_ADDRESS` | The sender email address | N/A | | `EMAIL_FROM_NAME` | The sender name | `WireGuard UI` | | `SENDGRID_API_KEY` | The SendGrid api key | N/A | @@ -229,7 +229,7 @@ rice append --exec wireguard-ui ## License -MIT. See [LICENSE](https://github.com/ngoduykhanh/wireguard-ui/blob/master/LICENSE). +MIT. See [LICENSE](https://github.com/alikhanich/wireguard-ui/blob/master/LICENSE). ## Support diff --git a/go.mod b/go.mod index dfe3c40..8e86866 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/ngoduykhanh/wireguard-ui +module github.com/alikhanich/wireguard-ui go 1.14 diff --git a/handler/routes.go b/handler/routes.go index 04f3208..597174d 100644 --- a/handler/routes.go +++ b/handler/routes.go @@ -20,10 +20,10 @@ import ( "golang.zx2c4.com/wireguard/wgctrl" "golang.zx2c4.com/wireguard/wgctrl/wgtypes" - "github.com/ngoduykhanh/wireguard-ui/emailer" - "github.com/ngoduykhanh/wireguard-ui/model" - "github.com/ngoduykhanh/wireguard-ui/store" - "github.com/ngoduykhanh/wireguard-ui/util" + "github.com/alikhanich/wireguard-ui/emailer" + "github.com/alikhanich/wireguard-ui/model" + "github.com/alikhanich/wireguard-ui/store" + "github.com/alikhanich/wireguard-ui/util" ) // Health check handler diff --git a/handler/routes_wake_on_lan.go b/handler/routes_wake_on_lan.go index 40cd387..4428b91 100644 --- a/handler/routes_wake_on_lan.go +++ b/handler/routes_wake_on_lan.go @@ -4,8 +4,8 @@ import ( "fmt" "github.com/labstack/echo/v4" "github.com/labstack/gommon/log" - "github.com/ngoduykhanh/wireguard-ui/model" - "github.com/ngoduykhanh/wireguard-ui/store" + "github.com/alikhanich/wireguard-ui/model" + "github.com/alikhanich/wireguard-ui/store" "github.com/sabhiram/go-wol/wol" "net" "net/http" diff --git a/handler/session.go b/handler/session.go index f932e82..751c01b 100644 --- a/handler/session.go +++ b/handler/session.go @@ -6,7 +6,7 @@ import ( "github.com/labstack/echo-contrib/session" "github.com/labstack/echo/v4" - "github.com/ngoduykhanh/wireguard-ui/util" + "github.com/alikhanich/wireguard-ui/util" ) func ValidSession(next echo.HandlerFunc) echo.HandlerFunc { diff --git a/main.go b/main.go index 7c8888e..e88bcbd 100644 --- a/main.go +++ b/main.go @@ -5,17 +5,17 @@ import ( "fmt" "github.com/labstack/echo/v4" "github.com/labstack/gommon/log" - "github.com/ngoduykhanh/wireguard-ui/store" + "github.com/alikhanich/wireguard-ui/store" "net/http" "os" "time" rice "github.com/GeertJohan/go.rice" - "github.com/ngoduykhanh/wireguard-ui/emailer" - "github.com/ngoduykhanh/wireguard-ui/handler" - "github.com/ngoduykhanh/wireguard-ui/router" - "github.com/ngoduykhanh/wireguard-ui/store/jsondb" - "github.com/ngoduykhanh/wireguard-ui/util" + "github.com/alikhanich/wireguard-ui/emailer" + "github.com/alikhanich/wireguard-ui/handler" + "github.com/alikhanich/wireguard-ui/router" + "github.com/alikhanich/wireguard-ui/store/jsondb" + "github.com/alikhanich/wireguard-ui/util" ) var ( @@ -96,7 +96,7 @@ func init() { fmt.Println("Git Commit\t:", gitCommit) fmt.Println("Git Ref\t\t:", gitRef) fmt.Println("Build Time\t:", buildTime) - fmt.Println("Git Repo\t:", "https://github.com/ngoduykhanh/wireguard-ui") + fmt.Println("Git Repo\t:", "https://github.com/alikhanich/wireguard-ui") fmt.Println("Authentication\t:", !util.DisableLogin) fmt.Println("Bind address\t:", util.BindAddress) //fmt.Println("Sendgrid key\t:", util.SendgridApiKey) diff --git a/router/router.go b/router/router.go index 1446b69..953894f 100644 --- a/router/router.go +++ b/router/router.go @@ -13,7 +13,7 @@ import ( "github.com/labstack/echo/v4" "github.com/labstack/echo/v4/middleware" "github.com/labstack/gommon/log" - "github.com/ngoduykhanh/wireguard-ui/util" + "github.com/alikhanich/wireguard-ui/util" ) // TemplateRegistry is a custom html/template renderer for Echo framework diff --git a/store/jsondb/jsondb.go b/store/jsondb/jsondb.go index f39a452..3ee16d5 100644 --- a/store/jsondb/jsondb.go +++ b/store/jsondb/jsondb.go @@ -12,8 +12,8 @@ import ( "github.com/skip2/go-qrcode" "golang.zx2c4.com/wireguard/wgctrl/wgtypes" - "github.com/ngoduykhanh/wireguard-ui/model" - "github.com/ngoduykhanh/wireguard-ui/util" + "github.com/alikhanich/wireguard-ui/model" + "github.com/alikhanich/wireguard-ui/util" ) type JsonDB struct { diff --git a/store/jsondb/jsondb_wake_on_lan.go b/store/jsondb/jsondb_wake_on_lan.go index e492aa8..e10a463 100644 --- a/store/jsondb/jsondb_wake_on_lan.go +++ b/store/jsondb/jsondb_wake_on_lan.go @@ -3,7 +3,7 @@ package jsondb import ( "encoding/json" "fmt" - "github.com/ngoduykhanh/wireguard-ui/model" + "github.com/alikhanich/wireguard-ui/model" ) func (o *JsonDB) GetWakeOnLanHosts() ([]model.WakeOnLanHost, error) { diff --git a/store/store.go b/store/store.go index 86d6224..ec494cc 100644 --- a/store/store.go +++ b/store/store.go @@ -1,7 +1,7 @@ package store import ( - "github.com/ngoduykhanh/wireguard-ui/model" + "github.com/alikhanich/wireguard-ui/model" ) type IStore interface { diff --git a/templates/about.html b/templates/about.html index 4fc6b77..f513607 100644 --- a/templates/about.html +++ b/templates/about.html @@ -57,7 +57,7 @@ About Copyright © - Wireguard UI. + Wireguard UI. All rights reserved. diff --git a/templates/base.html b/templates/base.html index 1987ab0..2cec330 100644 --- a/templates/base.html +++ b/templates/base.html @@ -297,7 +297,7 @@
Version {{ .appVersion }}
- Copyright © Wireguard UI. All rights + Copyright © Wireguard UI. All rights reserved. --> diff --git a/templates/login.html b/templates/login.html index 515eb1a..8fcc225 100644 --- a/templates/login.html +++ b/templates/login.html @@ -25,7 +25,7 @@