fix: only require metrics password if set (#1715 )

Fix: Cidr Change (#1712 )
* only calculate ip if cidr changed if the cidr did not change, the ip will not change to prevent ip shifts * fix lint
2025-03-06 11:45:03 +01:00 · 2025-03-06 10:04:49 +01:00 · 2025-03-06 08:15:18 +01:00 · 2025-03-05 15:38:09 +01:00
14 changed files with 108 additions and 65 deletions
@@ -2,8 +2,6 @@
 name: 🐛 Bug Report
 description: Create a report to help us improve
 title: "[Bug]: "
-labels:
-  - "type: bug"
 type: Bug

 body:
@@ -6,7 +6,9 @@ This guide will help you migrate from `v14` to version `v15` of `wg-easy`.

 ## Changes

-This is a complete rewrite of the `wg-easy` project. Therefore the configuration files and the way you interact with the project have changed.
+- This is a complete rewrite of the `wg-easy` project. Therefore the configuration files and the way you interact with the project have changed.
+- If you use armv6 or armv7, you can't migrate to `v15` yet. We are working on it.
+- If you are connecting to the web ui via HTTP, you need to set the `INSECURE` environment variable to `true` in the new container.

 ## Migration

@@ -38,10 +40,13 @@ docker-compose down

 ### Start new container

-Follow the instructions in the [Getting Started](../../usage.md) or [Basic Installation](../../examples/tutorials/basic-installation.md) guide to start the new container.
+Follow the instructions in the [Getting Started][docs-getting-started] or [Basic Installation][docs-examples] guide to start the new container.

 In the setup wizard, select that you already already have a configuration file and upload the `wg0.json` file you downloaded in the backup step.

+[docs-getting-started]: ../../getting-started.md
+[docs-examples]: ../../examples/tutorials/basic-installation.md
+
 ### Done

 You have now successfully migrated to `v15` of `wg-easy`.
@@ -13,7 +13,7 @@ hide:

 This documentation provides you not only with the basic setup and configuration of wg-easy but also with advanced configuration, elaborate usage scenarios, detailed examples, hints and more.

-[docs-tagging]: ./usage.md#tagging-convention
+[docs-tagging]: ./getting-started.md#tagging-convention

 ## About

@@ -23,9 +23,9 @@ This documentation provides you not only with the basic setup and configuration

 ### Getting Started

-If you're new to wg-easy, make sure to read the [_Usage_ chapter][docs-usage] first. If you want to look at examples for Docker Run and Compose, we have an [_Examples_ page][docs-examples].
+If you're new to wg-easy, make sure to read the [_Getting Started_ chapter][docs-getting-started] first. If you want to look at examples for Docker Run and Compose, we have an [_Examples_ page][docs-examples].

-[docs-usage]: ./usage.md
+[docs-getting-started]: ./getting-started.md
 [docs-examples]: ./examples/tutorials/basic-installation.md

 ### Contributing
@@ -33,3 +33,9 @@ If you're new to wg-easy, make sure to read the [_Usage_ chapter][docs-usage] fi
 We are always happy to welcome new contributors. For guidelines and entrypoints please have a look at the [Contributing section][docs-contributing].

 [docs-contributing]: ./contributing/issues-and-pull-requests.md
+
+### Migration
+
+If you are migrating from an older version of `wg-easy`, please read the [_Migration_ chapter][docs-migration].
+
+[docs-migration]: ./advanced/migrate/from-14-to-15.md
@@ -1,7 +1,13 @@
 site_name: "wg-easy"
 site_description: "The easiest way to run WireGuard VPN + Web-based Admin UI."
-site_author: "wg-easy (Github Organization)"
-copyright: '<p>&copy <a href="https://github.com/wg-easy"><em>Wireguard Easy Organization</em></a><br/><span>This project is licensed under the GNU Affero General Public License v3.0 or later.</span></p>'
+site_author: "WireGuard Easy"
+copyright: >
+  <p>
+  &copy <a href="https://github.com/wg-easy"><em>Wireguard Easy</em></a><br/>
+  <span>This project is licensed under AGPL-3.0-only.</span><br/>
+  <span>This project is not affiliated, associated, authorized, endorsed by, or in any way officially connected with Jason A. Donenfeld, ZX2C4 or Edge Security</span><br/>
+  <span>"WireGuard" and the "WireGuard" logo are registered trademarks of Jason A. Donenfeld</span>
+  </p>

 repo_url: https://github.com/wg-easy/wg-easy
 repo_name: wg-easy
@@ -7,19 +7,38 @@
      <IconsInfo class="size-4" />
    </BaseTooltip>
  </div>
-  <BaseInput :id="id" v-model="data" :name="id" type="date" />
+  <BaseInput
+    :id="id"
+    :model-value="formattedDate"
+    :name="id"
+    type="date"
+    max="9999-12-31"
+    @update:model-value="updateDate"
+  />
 </template>

 <script lang="ts" setup>
 defineProps<{ id: string; label: string; description?: string }>();

-const data = defineModel<string | null>({
-  set(value) {
-    const temp = value?.trim() ?? null;
-    if (temp === '') {
-      return null;
-    }
-    return temp;
-  },
+const data = defineModel<string | null>();
+
+const date = ref(data);
+
+const formattedDate = computed(() => {
+  return date.value ? date.value.split('T')[0] : '';
 });
+
+const updateDate = (value: unknown) => {
+  if (typeof value !== 'string' && value !== null) {
+    return;
+  }
+
+  const temp = value?.trim() ?? null;
+
+  if (temp === '' || temp === null) {
+    date.value = null;
+  } else {
+    date.value = new Date(temp).toISOString();
+  }
+};
 </script>
@@ -193,7 +193,8 @@
    },
    "interface": {
      "cidr": "CIDR",
-      "device": "Device"
+      "device": "Device",
+      "cidrValid": "CIDR must be valid"
    },
    "otl": "One Time link",
    "stringMalformed": "String is malformed",
@@ -12,7 +12,7 @@ export default definePermissionEventHandler(
    const client = await Database.clients.get(clientId);
    checkPermissions(client);

-    await Database.clients.toggle(clientId, false);
+    await Database.clients.toggle(clientId, true);
    await WireGuard.saveConfig();
    return { success: true };
  }
@@ -18,8 +18,8 @@ export default defineSetupEventHandler('migrate', async ({ event }) => {
    clients: z.record(
      z.string(),
      z.object({
-        // not used
-        id: z.string(),
+        // not used, breaks compatibility with older versions
+        id: z.string().optional(),
        name: z.string(),
        address: z.string(),
        privateKey: z.string(),
@@ -75,15 +75,6 @@ export class ClientService {
    const publicKey = await wg.getPublicKey(privateKey);
    const preSharedKey = await wg.generatePreSharedKey();

-    let parsedExpiresAt = expiresAt;
-    if (parsedExpiresAt) {
-      const expiresAtDate = new Date(parsedExpiresAt);
-      expiresAtDate.setHours(23);
-      expiresAtDate.setMinutes(59);
-      expiresAtDate.setSeconds(59);
-      parsedExpiresAt = expiresAtDate.toISOString();
-    }
-
    return this.#db.transaction(async (tx) => {
      const clients = await tx.query.client.findMany().execute();
      const clientInterface = await tx.query.wgInterface
@@ -117,7 +108,7 @@ export class ClientService {
          name,
          // TODO: properly assign user id
          userId: 1,
-          expiresAt: parsedExpiresAt,
+          expiresAt,
          privateKey,
          publicKey,
          preSharedKey,
@@ -22,6 +22,7 @@ const name = z
  .min(1, t('zod.client.name'))
  .pipe(safeStringRefine);

+// TODO?: validate iso string
 const expiresAt = z
  .string({ message: t('zod.client.expiresAt') })
  .min(1, t('zod.client.expiresAt'))
@@ -1,4 +1,3 @@
-import isCidr from 'is-cidr';
 import { eq, sql } from 'drizzle-orm';
 import { parseCidr } from 'cidr-tools';
 import { wgInterface } from './schema';
@@ -58,10 +57,18 @@ export class InterfaceService {
  }

  updateCidr(data: InterfaceCidrUpdateType) {
-    if (!isCidr(data.ipv4Cidr) || !isCidr(data.ipv6Cidr)) {
-      throw new Error('Invalid CIDR');
-    }
    return this.#db.transaction(async (tx) => {
+      const oldCidr = await tx.query.wgInterface
+        .findFirst({
+          where: eq(wgInterface.name, 'wg0'),
+          columns: { ipv4Cidr: true, ipv6Cidr: true },
+        })
+        .execute();
+
+      if (!oldCidr) {
+        throw new Error('Interface not found');
+      }
+
      await tx
        .update(wgInterface)
        .set(data)
@@ -74,8 +81,17 @@ export class InterfaceService {
        // TODO: optimize
        const clients = await tx.query.client.findMany().execute();

-        const nextIpv4 = nextIP(4, parseCidr(data.ipv4Cidr), clients);
-        const nextIpv6 = nextIP(6, parseCidr(data.ipv6Cidr), clients);
+        // only calculate ip if cidr has changed
+
+        let nextIpv4 = client.ipv4Address;
+        if (data.ipv4Cidr !== oldCidr.ipv4Cidr) {
+          nextIpv4 = nextIP(4, parseCidr(data.ipv4Cidr), clients);
+        }
+
+        let nextIpv6 = client.ipv6Address;
+        if (data.ipv6Cidr !== oldCidr.ipv6Cidr) {
+          nextIpv6 = nextIP(6, parseCidr(data.ipv6Cidr), clients);
+        }

        await tx
          .update(clientSchema)
@@ -1,5 +1,6 @@
 import type { InferSelectModel } from 'drizzle-orm';
 import z from 'zod';
+import isCidr from 'is-cidr';
 import type { wgInterface } from './schema';

 export type InterfaceType = InferSelectModel<typeof wgInterface>;
@@ -22,6 +23,7 @@ const device = z
 const cidr = z
  .string({ message: t('zod.interface.cidr') })
  .min(1, { message: t('zod.interface.cidr') })
+  .refine((value) => isCidr(value), { message: t('zod.interface.cidrValid') })
  .pipe(safeStringRefine);

 export const InterfaceUpdateSchema = schemaForType<InterfaceUpdateType>()(
@@ -16,5 +16,3 @@ export const WG_ENV = {
  /** UI is hosted on HTTP instead of HTTPS */
  INSECURE: process.env.INSECURE === 'true',
 };
-
-console.log(WG_ENV);
@@ -138,34 +138,27 @@ export const defineMetricsHandler = <
  handler: MetricsHandler<TReq, TRes>
 ) => {
  return defineEventHandler(async (event) => {
-    const auth = getHeader(event, 'Authorization');
-
-    if (!auth) {
-      throw createError({
-        statusCode: 401,
-        statusMessage: 'Unauthorized',
-      });
-    }
-
-    const [method, value] = auth.split(' ');
-
-    if (method !== 'Bearer' || !value) {
-      throw createError({
-        statusCode: 401,
-        statusMessage: 'Bearer Auth required',
-      });
-    }
-
    const metricsConfig = await Database.general.getMetricsConfig();

-    if (metricsConfig[type] !== true) {
-      throw createError({
-        statusCode: 400,
-        statusMessage: 'Metrics not enabled',
-      });
-    }
-
    if (metricsConfig.password) {
+      const auth = getHeader(event, 'Authorization');
+
+      if (!auth) {
+        throw createError({
+          statusCode: 401,
+          statusMessage: 'Unauthorized',
+        });
+      }
+
+      const [method, value] = auth.split(' ');
+
+      if (method !== 'Bearer' || !value) {
+        throw createError({
+          statusCode: 401,
+          statusMessage: 'Bearer Auth required',
+        });
+      }
+
      const tokenValid = await isPasswordValid(value, metricsConfig.password);

      if (!tokenValid) {
@@ -176,6 +169,13 @@ export const defineMetricsHandler = <
      }
    }

+    if (metricsConfig[type] !== true) {
+      throw createError({
+        statusCode: 400,
+        statusMessage: 'Metrics not enabled',
+      });
+    }
+
    return await handler({ event });
  });
 };
Author	SHA1	Message	Date
Bernd Storath	93db67bab6	fix: only require metrics password if set (#1715 )	2025-03-06 11:45:03 +01:00
Bernd Storath	842475f799	Fix: Cidr Change (#1712 ) * only calculate ip if cidr changed if the cidr did not change, the ip will not change to prevent ip shifts * fix lint	2025-03-06 10:04:49 +01:00
Bernd Storath	f4d3608da7	Fix: Various (#1711 ) * fix docs * fix migration	2025-03-06 08:15:18 +01:00
Bernd Storath	84ee8c35f0	fix labels, date field, enable	2025-03-05 15:38:09 +01:00