Fix: OneTimeLinks (#1719 )

* fix otls * one otl per client * revert some code * revert some more code, add comments * adjust migration
Add PreUp, PostUp, PreDown, PostDown for client (#1714 )
2025-03-07 09:16:24 +01:00 · 2025-03-07 08:17:33 +01:00 · 2025-03-06 11:45:03 +01:00 · 2025-03-06 10:04:49 +01:00 · 2025-03-06 08:15:18 +01:00 · 2025-03-05 15:38:09 +01:00
32 changed files with 331 additions and 136 deletions
@@ -2,8 +2,6 @@
 name: 🐛 Bug Report
 description: Create a report to help us improve
 title: "[Bug]: "
-labels:
-  - "type: bug"
 type: Bug

 body:
@@ -6,7 +6,9 @@ This guide will help you migrate from `v14` to version `v15` of `wg-easy`.

 ## Changes

-This is a complete rewrite of the `wg-easy` project. Therefore the configuration files and the way you interact with the project have changed.
+- This is a complete rewrite of the `wg-easy` project. Therefore the configuration files and the way you interact with the project have changed.
+- If you use armv6 or armv7, you can't migrate to `v15` yet. We are working on it.
+- If you are connecting to the web ui via HTTP, you need to set the `INSECURE` environment variable to `true` in the new container.

 ## Migration

@@ -38,10 +40,13 @@ docker-compose down

 ### Start new container

-Follow the instructions in the [Getting Started](../../usage.md) or [Basic Installation](../../examples/tutorials/basic-installation.md) guide to start the new container.
+Follow the instructions in the [Getting Started][docs-getting-started] or [Basic Installation][docs-examples] guide to start the new container.

 In the setup wizard, select that you already already have a configuration file and upload the `wg0.json` file you downloaded in the backup step.

+[docs-getting-started]: ../../getting-started.md
+[docs-examples]: ../../examples/tutorials/basic-installation.md
+
 ### Done

 You have now successfully migrated to `v15` of `wg-easy`.
@@ -13,7 +13,7 @@ hide:

 This documentation provides you not only with the basic setup and configuration of wg-easy but also with advanced configuration, elaborate usage scenarios, detailed examples, hints and more.

-[docs-tagging]: ./usage.md#tagging-convention
+[docs-tagging]: ./getting-started.md#tagging-convention

 ## About

@@ -23,9 +23,9 @@ This documentation provides you not only with the basic setup and configuration

 ### Getting Started

-If you're new to wg-easy, make sure to read the [_Usage_ chapter][docs-usage] first. If you want to look at examples for Docker Run and Compose, we have an [_Examples_ page][docs-examples].
+If you're new to wg-easy, make sure to read the [_Getting Started_ chapter][docs-getting-started] first. If you want to look at examples for Docker Run and Compose, we have an [_Examples_ page][docs-examples].

-[docs-usage]: ./usage.md
+[docs-getting-started]: ./getting-started.md
 [docs-examples]: ./examples/tutorials/basic-installation.md

 ### Contributing
@@ -33,3 +33,9 @@ If you're new to wg-easy, make sure to read the [_Usage_ chapter][docs-usage] fi
 We are always happy to welcome new contributors. For guidelines and entrypoints please have a look at the [Contributing section][docs-contributing].

 [docs-contributing]: ./contributing/issues-and-pull-requests.md
+
+### Migration
+
+If you are migrating from an older version of `wg-easy`, please read the [_Migration_ chapter][docs-migration].
+
+[docs-migration]: ./advanced/migrate/from-14-to-15.md
@@ -1,7 +1,13 @@
 site_name: "wg-easy"
 site_description: "The easiest way to run WireGuard VPN + Web-based Admin UI."
-site_author: "wg-easy (Github Organization)"
-copyright: '<p>&copy <a href="https://github.com/wg-easy"><em>Wireguard Easy Organization</em></a><br/><span>This project is licensed under the GNU Affero General Public License v3.0 or later.</span></p>'
+site_author: "WireGuard Easy"
+copyright: >
+  <p>
+  &copy <a href="https://github.com/wg-easy"><em>Wireguard Easy</em></a><br/>
+  <span>This project is licensed under AGPL-3.0-only.</span><br/>
+  <span>This project is not affiliated, associated, authorized, endorsed by, or in any way officially connected with Jason A. Donenfeld, ZX2C4 or Edge Security</span><br/>
+  <span>"WireGuard" and the "WireGuard" logo are registered trademarks of Jason A. Donenfeld</span>
+  </p>

 repo_url: https://github.com/wg-easy/wg-easy
 repo_name: wg-easy
@@ -6,7 +6,7 @@
        class="fixed inset-0 z-30 bg-gray-500 opacity-75 dark:bg-black dark:opacity-50"
      />
      <DialogContent
-        class="fixed left-1/2 top-1/2 z-[100] max-h-[85vh] w-[90vw] max-w-md -translate-x-1/2 -translate-y-1/2 rounded-md p-6 shadow-2xl focus:outline-none dark:bg-neutral-700"
+        class="fixed left-1/2 top-1/2 z-[100] max-h-[85vh] w-[90vw] max-w-md -translate-x-1/2 -translate-y-1/2 rounded-md bg-white p-6 shadow-2xl focus:outline-none dark:bg-neutral-700"
      >
        <DialogTitle
          class="m-0 text-lg font-semibold text-gray-900 dark:text-neutral-200"
@@ -1,10 +1,10 @@
 <template>
+  <div class="flex flex-col gap-2">
    <div v-if="data?.length === 0">
      {{ emptyText || $t('form.noItems') }}
    </div>
-  <div v-else class="flex flex-col gap-2">
-    <div v-for="(item, i) in data" :key="i">
-      <div class="flex flex-row gap-1">
+    <div v-for="(item, i) in data" v-else :key="i">
+      <div class="mt-1 flex flex-row gap-1">
        <input
          :value="item"
          :name="name"
@@ -12,13 +12,20 @@
          class="rounded-lg border-2 border-gray-100 text-gray-500 focus:border-red-800 focus:outline-0 focus:ring-0 dark:border-neutral-800 dark:bg-neutral-700 dark:text-neutral-200 dark:placeholder:text-neutral-400"
          @input="update($event, i)"
        />
-        <BaseButton as="input" type="button" value="-" @click="del(i)" />
+        <BaseButton
+          as="input"
+          type="button"
+          class="rounded-lg"
+          value="-"
+          @click="del(i)"
+        />
      </div>
    </div>
    <div class="mt-2">
      <BaseButton
        as="input"
        type="button"
+        class="rounded-lg"
        :value="$t('form.add')"
        @click="add"
      />
@@ -7,19 +7,38 @@
      <IconsInfo class="size-4" />
    </BaseTooltip>
  </div>
-  <BaseInput :id="id" v-model="data" :name="id" type="date" />
+  <BaseInput
+    :id="id"
+    :model-value="formattedDate"
+    :name="id"
+    type="date"
+    max="9999-12-31"
+    @update:model-value="updateDate"
+  />
 </template>

 <script lang="ts" setup>
 defineProps<{ id: string; label: string; description?: string }>();

-const data = defineModel<string | null>({
-  set(value) {
-    const temp = value?.trim() ?? null;
-    if (temp === '') {
-      return null;
-    }
-    return temp;
-  },
+const data = defineModel<string | null>();
+
+const date = ref(data);
+
+const formattedDate = computed(() => {
+  return date.value ? date.value.split('T')[0] : '';
 });
+
+const updateDate = (value: unknown) => {
+  if (typeof value !== 'string' && value !== null) {
+    return;
+  }
+
+  const temp = value?.trim() ?? null;
+
+  if (temp === '' || temp === null) {
+    date.value = null;
+  } else {
+    date.value = new Date(temp).toISOString();
+  }
+};
 </script>
@@ -2,10 +2,26 @@
  <main v-if="data">
    <FormElement @submit.prevent="submit">
      <FormGroup>
-        <FormTextField id="PreUp" v-model="data.preUp" label="PreUp" />
-        <FormTextField id="PostUp" v-model="data.postUp" label="PostUp" />
-        <FormTextField id="PreDown" v-model="data.preDown" label="PreDown" />
-        <FormTextField id="PostDown" v-model="data.postDown" label="PostDown" />
+        <FormTextField
+          id="PreUp"
+          v-model="data.preUp"
+          :label="$t('hooks.preUp')"
+        />
+        <FormTextField
+          id="PostUp"
+          v-model="data.postUp"
+          :label="$t('hooks.postUp')"
+        />
+        <FormTextField
+          id="PreDown"
+          v-model="data.preDown"
+          :label="$t('hooks.preDown')"
+        />
+        <FormTextField
+          id="PostDown"
+          v-model="data.postDown"
+          :label="$t('hooks.postDown')"
+        />
      </FormGroup>
      <FormGroup>
        <FormHeading>{{ $t('form.actions') }}</FormHeading>
@@ -71,6 +71,35 @@
              :label="$t('general.persistentKeepalive')"
            />
          </FormGroup>
+          <FormGroup>
+            <FormHeading :description="$t('client.hooksDescription')">
+              {{ $t('client.hooks') }}
+            </FormHeading>
+            <FormTextField
+              id="PreUp"
+              v-model="data.preUp"
+              :description="$t('client.hooksLeaveEmpty')"
+              :label="$t('hooks.preUp')"
+            />
+            <FormTextField
+              id="PostUp"
+              v-model="data.postUp"
+              :description="$t('client.hooksLeaveEmpty')"
+              :label="$t('hooks.postUp')"
+            />
+            <FormTextField
+              id="PreDown"
+              v-model="data.preDown"
+              :description="$t('client.hooksLeaveEmpty')"
+              :label="$t('hooks.preDown')"
+            />
+            <FormTextField
+              id="PostDown"
+              v-model="data.postDown"
+              :description="$t('client.hooksLeaveEmpty')"
+              :label="$t('hooks.postDown')"
+            />
+          </FormGroup>
          <FormGroup>
            <FormHeading>{{ $t('form.actions') }}</FormHeading>
            <FormActionField type="submit" :label="$t('form.save')" />
@@ -98,7 +98,10 @@
    "allowedIpsDesc": "Which IPs will be routed through the VPN",
    "serverAllowedIpsDesc": "Which IPs the server will route to the client",
    "mtuDesc": "Sets the maximum transmission unit (packet size) for the VPN tunnel",
-    "persistentKeepaliveDesc": "Sets the interval (in seconds) for keep-alive packets. 0 disables it"
+    "persistentKeepaliveDesc": "Sets the interval (in seconds) for keep-alive packets. 0 disables it",
+    "hooks": "Hooks",
+    "hooksDescription": "Hooks only work with wg-quick",
+    "hooksLeaveEmpty": "Only for wg-quick. Otherwise, leave it empty"
  },
  "dialog": {
    "change": "Change",
@@ -193,7 +196,8 @@
    },
    "interface": {
      "cidr": "CIDR",
-      "device": "Device"
+      "device": "Device",
+      "cidrValid": "CIDR must be valid"
    },
    "otl": "One Time link",
    "stringMalformed": "String is malformed",
@@ -207,5 +211,11 @@
    "dns": "DNS",
    "allowedIps": "Allowed IPs",
    "file": "File"
+  },
+  "hooks": {
+    "preUp": "PreUp",
+    "postUp": "PostUp",
+    "preDown": "PreDown",
+    "postDown": "PostDown"
  }
 }
@@ -12,7 +12,7 @@ export default definePermissionEventHandler(
    const client = await Database.clients.get(clientId);
    checkPermissions(client);

-    await Database.clients.toggle(clientId, false);
+    await Database.clients.toggle(clientId, true);
    await WireGuard.saveConfig();
    return { success: true };
  }
@@ -18,8 +18,8 @@ export default defineSetupEventHandler('migrate', async ({ event }) => {
    clients: z.record(
      z.string(),
      z.object({
-        // not used
-        id: z.string(),
+        // not used, breaks compatibility with older versions
+        id: z.string().optional(),
        name: z.string(),
        address: z.string(),
        privateKey: z.string(),
@@ -4,6 +4,10 @@ CREATE TABLE `clients_table` (
 	`name` text NOT NULL,
 	`ipv4_address` text NOT NULL,
 	`ipv6_address` text NOT NULL,
+	`pre_up` text DEFAULT '' NOT NULL,
+	`post_up` text DEFAULT '' NOT NULL,
+	`pre_down` text DEFAULT '' NOT NULL,
+	`post_down` text DEFAULT '' NOT NULL,
 	`private_key` text NOT NULL,
 	`public_key` text NOT NULL,
 	`pre_shared_key` text NOT NULL,
@@ -60,13 +64,12 @@ CREATE TABLE `interfaces_table` (
 --> statement-breakpoint
 CREATE UNIQUE INDEX `interfaces_table_port_unique` ON `interfaces_table` (`port`);--> statement-breakpoint
 CREATE TABLE `one_time_links_table` (
-	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
+	`id` integer PRIMARY KEY NOT NULL,
 	`one_time_link` text NOT NULL,
 	`expires_at` text NOT NULL,
-	`client_id` integer NOT NULL,
 	`created_at` text DEFAULT (CURRENT_TIMESTAMP) NOT NULL,
 	`updated_at` text DEFAULT (CURRENT_TIMESTAMP) NOT NULL,
-	FOREIGN KEY (`client_id`) REFERENCES `clients_table`(`id`) ON UPDATE cascade ON DELETE cascade
+	FOREIGN KEY (`id`) REFERENCES `clients_table`(`id`) ON UPDATE cascade ON DELETE cascade
 );
 --> statement-breakpoint
 CREATE UNIQUE INDEX `one_time_links_table_one_time_link_unique` ON `one_time_links_table` (`one_time_link`);--> statement-breakpoint
@@ -1,7 +1,7 @@
 {
  "version": "6",
  "dialect": "sqlite",
-  "id": "b1dde023-d141-4eab-9226-89a832b2ed2b",
+  "id": "383501e4-f8de-4413-847f-a9082f6dc398",
  "prevId": "00000000-0000-0000-0000-000000000000",
  "tables": {
    "clients_table": {
@@ -42,6 +42,38 @@
          "notNull": true,
          "autoincrement": false
        },
+        "pre_up": {
+          "name": "pre_up",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "''"
+        },
+        "post_up": {
+          "name": "post_up",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "''"
+        },
+        "pre_down": {
+          "name": "pre_down",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "''"
+        },
+        "post_down": {
+          "name": "post_down",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "''"
+        },
        "private_key": {
          "name": "private_key",
          "type": "text",
@@ -420,7 +452,7 @@
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
-          "autoincrement": true
+          "autoincrement": false
        },
        "one_time_link": {
          "name": "one_time_link",
@@ -436,13 +468,6 @@
          "notNull": true,
          "autoincrement": false
        },
-        "client_id": {
-          "name": "client_id",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": true,
-          "autoincrement": false
-        },
        "created_at": {
          "name": "created_at",
          "type": "text",
@@ -470,12 +495,12 @@
        }
      },
      "foreignKeys": {
-        "one_time_links_table_client_id_clients_table_id_fk": {
-          "name": "one_time_links_table_client_id_clients_table_id_fk",
+        "one_time_links_table_id_clients_table_id_fk": {
+          "name": "one_time_links_table_id_clients_table_id_fk",
          "tableFrom": "one_time_links_table",
          "tableTo": "clients_table",
          "columnsFrom": [
-            "client_id"
+            "id"
          ],
          "columnsTo": [
            "id"
@@ -1,6 +1,6 @@
 {
-  "id": "720d420c-361f-4427-a45b-db0ca613934d",
-  "prevId": "b1dde023-d141-4eab-9226-89a832b2ed2b",
+  "id": "bf316694-e2ce-4e29-bd66-ce6c0a9d3c90",
+  "prevId": "383501e4-f8de-4413-847f-a9082f6dc398",
  "version": "6",
  "dialect": "sqlite",
  "tables": {
@@ -42,6 +42,38 @@
          "notNull": true,
          "autoincrement": false
        },
+        "pre_up": {
+          "name": "pre_up",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "''"
+        },
+        "post_up": {
+          "name": "post_up",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "''"
+        },
+        "pre_down": {
+          "name": "pre_down",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "''"
+        },
+        "post_down": {
+          "name": "post_down",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "''"
+        },
        "private_key": {
          "name": "private_key",
          "type": "text",
@@ -420,7 +452,7 @@
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
-          "autoincrement": true
+          "autoincrement": false
        },
        "one_time_link": {
          "name": "one_time_link",
@@ -436,13 +468,6 @@
          "notNull": true,
          "autoincrement": false
        },
-        "client_id": {
-          "name": "client_id",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": true,
-          "autoincrement": false
-        },
        "created_at": {
          "name": "created_at",
          "type": "text",
@@ -470,11 +495,11 @@
        }
      },
      "foreignKeys": {
-        "one_time_links_table_client_id_clients_table_id_fk": {
-          "name": "one_time_links_table_client_id_clients_table_id_fk",
+        "one_time_links_table_id_clients_table_id_fk": {
+          "name": "one_time_links_table_id_clients_table_id_fk",
          "tableFrom": "one_time_links_table",
          "columnsFrom": [
-            "client_id"
+            "id"
          ],
          "tableTo": "clients_table",
          "columnsTo": [
@@ -5,14 +5,14 @@
    {
      "idx": 0,
      "version": "6",
-      "when": 1739266828300,
+      "when": 1741335144499,
      "tag": "0000_short_skin",
      "breakpoints": true
    },
    {
      "idx": 1,
      "version": "6",
-      "when": 1739266837347,
+      "when": 1741335153054,
      "tag": "0001_classy_the_stranger",
      "breakpoints": true
    }
@@ -14,6 +14,10 @@ export const client = sqliteTable('clients_table', {
  name: text().notNull(),
  ipv4Address: text('ipv4_address').notNull().unique(),
  ipv6Address: text('ipv6_address').notNull().unique(),
+  preUp: text('pre_up').default('').notNull(),
+  postUp: text('post_up').default('').notNull(),
+  preDown: text('pre_down').default('').notNull(),
+  postDown: text('post_down').default('').notNull(),
  privateKey: text('private_key').notNull(),
  publicKey: text('public_key').notNull(),
  preSharedKey: text('pre_shared_key').notNull(),
@@ -38,7 +42,7 @@ export const client = sqliteTable('clients_table', {
 export const clientsRelations = relations(client, ({ one }) => ({
  oneTimeLink: one(oneTimeLink, {
    fields: [client.id],
-    references: [oneTimeLink.clientId],
+    references: [oneTimeLink.id],
  }),
  user: one(user, {
    fields: [client.userId],
@@ -75,15 +75,6 @@ export class ClientService {
    const publicKey = await wg.getPublicKey(privateKey);
    const preSharedKey = await wg.generatePreSharedKey();

-    let parsedExpiresAt = expiresAt;
-    if (parsedExpiresAt) {
-      const expiresAtDate = new Date(parsedExpiresAt);
-      expiresAtDate.setHours(23);
-      expiresAtDate.setMinutes(59);
-      expiresAtDate.setSeconds(59);
-      parsedExpiresAt = expiresAtDate.toISOString();
-    }
-
    return this.#db.transaction(async (tx) => {
      const clients = await tx.query.client.findMany().execute();
      const clientInterface = await tx.query.wgInterface
@@ -117,7 +108,7 @@ export class ClientService {
          name,
          // TODO: properly assign user id
          userId: 1,
-          expiresAt: parsedExpiresAt,
+          expiresAt,
          privateKey,
          publicKey,
          preSharedKey,
@@ -22,6 +22,7 @@ const name = z
  .min(1, t('zod.client.name'))
  .pipe(safeStringRefine);

+// TODO?: validate iso string
 const expiresAt = z
  .string({ message: t('zod.client.expiresAt') })
  .min(1, t('zod.client.expiresAt'))
@@ -56,6 +57,10 @@ export const ClientUpdateSchema = schemaForType<UpdateClientType>()(
    expiresAt: expiresAt,
    ipv4Address: address4,
    ipv6Address: address6,
+    preUp: HookSchema,
+    postUp: HookSchema,
+    preDown: HookSchema,
+    postDown: HookSchema,
    allowedIps: AllowedIpsSchema,
    serverAllowedIps: serverAllowedIps,
    mtu: MtuSchema,
@@ -4,6 +4,7 @@ import { sqliteTable, text } from 'drizzle-orm/sqlite-core';
 import { wgInterface } from '../../schema';

 export const hooks = sqliteTable('hooks_table', {
+  /** same as `wgInterface.name` */
  id: text()
    .primaryKey()
    .references(() => wgInterface.name, {
@@ -6,13 +6,11 @@ export type HooksType = InferSelectModel<typeof hooks>;

 export type HooksUpdateType = Omit<HooksType, 'id' | 'createdAt' | 'updatedAt'>;

-const hook = z.string({ message: t('zod.hook') }).pipe(safeStringRefine);
-
 export const HooksUpdateSchema = schemaForType<HooksUpdateType>()(
  z.object({
-    preUp: hook,
-    postUp: hook,
-    preDown: hook,
-    postDown: hook,
+    preUp: HookSchema,
+    postUp: HookSchema,
+    preDown: HookSchema,
+    postDown: HookSchema,
  })
 );
@@ -1,4 +1,3 @@
-import isCidr from 'is-cidr';
 import { eq, sql } from 'drizzle-orm';
 import { parseCidr } from 'cidr-tools';
 import { wgInterface } from './schema';
@@ -58,10 +57,18 @@ export class InterfaceService {
  }

  updateCidr(data: InterfaceCidrUpdateType) {
-    if (!isCidr(data.ipv4Cidr) || !isCidr(data.ipv6Cidr)) {
-      throw new Error('Invalid CIDR');
-    }
    return this.#db.transaction(async (tx) => {
+      const oldCidr = await tx.query.wgInterface
+        .findFirst({
+          where: eq(wgInterface.name, 'wg0'),
+          columns: { ipv4Cidr: true, ipv6Cidr: true },
+        })
+        .execute();
+
+      if (!oldCidr) {
+        throw new Error('Interface not found');
+      }
+
      await tx
        .update(wgInterface)
        .set(data)
@@ -74,8 +81,17 @@ export class InterfaceService {
        // TODO: optimize
        const clients = await tx.query.client.findMany().execute();

-        const nextIpv4 = nextIP(4, parseCidr(data.ipv4Cidr), clients);
-        const nextIpv6 = nextIP(6, parseCidr(data.ipv6Cidr), clients);
+        // only calculate ip if cidr has changed
+
+        let nextIpv4 = client.ipv4Address;
+        if (data.ipv4Cidr !== oldCidr.ipv4Cidr) {
+          nextIpv4 = nextIP(4, parseCidr(data.ipv4Cidr), clients);
+        }
+
+        let nextIpv6 = client.ipv6Address;
+        if (data.ipv6Cidr !== oldCidr.ipv6Cidr) {
+          nextIpv6 = nextIP(6, parseCidr(data.ipv6Cidr), clients);
+        }

        await tx
          .update(clientSchema)
@@ -1,5 +1,6 @@
 import type { InferSelectModel } from 'drizzle-orm';
 import z from 'zod';
+import isCidr from 'is-cidr';
 import type { wgInterface } from './schema';

 export type InterfaceType = InferSelectModel<typeof wgInterface>;
@@ -22,6 +23,7 @@ const device = z
 const cidr = z
  .string({ message: t('zod.interface.cidr') })
  .min(1, { message: t('zod.interface.cidr') })
+  .refine((value) => isCidr(value), { message: t('zod.interface.cidrValid') })
  .pipe(safeStringRefine);

 export const InterfaceUpdateSchema = schemaForType<InterfaceUpdateType>()(
@@ -4,12 +4,15 @@ import { int, sqliteTable, text } from 'drizzle-orm/sqlite-core';
 import { client } from '../../schema';

 export const oneTimeLink = sqliteTable('one_time_links_table', {
-  id: int().primaryKey({ autoIncrement: true }),
+  /** same as `client.id` */
+  id: int()
+    .primaryKey()
+    .references(() => client.id, {
+      onDelete: 'cascade',
+      onUpdate: 'cascade',
+    }),
  oneTimeLink: text('one_time_link').notNull().unique(),
  expiresAt: text('expires_at').notNull(),
-  clientId: int('client_id')
-    .notNull()
-    .references(() => client.id, { onDelete: 'cascade', onUpdate: 'cascade' }),
  createdAt: text('created_at')
    .notNull()
    .default(sql`(CURRENT_TIMESTAMP)`),
@@ -21,7 +24,7 @@ export const oneTimeLink = sqliteTable('one_time_links_table', {

 export const oneTimeLinksRelations = relations(oneTimeLink, ({ one }) => ({
  client: one(client, {
-    fields: [oneTimeLink.clientId],
+    fields: [oneTimeLink.id],
    references: [client.id],
  }),
 }));
@@ -12,7 +12,7 @@ function createPreparedStatement(db: DBType) {
    create: db
      .insert(oneTimeLink)
      .values({
-        clientId: sql.placeholder('id'),
+        id: sql.placeholder('id'),
        oneTimeLink: sql.placeholder('oneTimeLink'),
        expiresAt: sql.placeholder('expiresAt'),
      })
@@ -20,7 +20,12 @@ function createPreparedStatement(db: DBType) {
    erase: db
      .update(oneTimeLink)
      .set({ expiresAt: sql.placeholder('expiresAt') as never as string })
-      .where(eq(oneTimeLink.clientId, sql.placeholder('id')))
+      .where(eq(oneTimeLink.id, sql.placeholder('id')))
+      .prepare(),
+    findByOneTimeLink: db.query.oneTimeLink
+      .findFirst({
+        where: eq(oneTimeLink.oneTimeLink, sql.placeholder('oneTimeLink')),
+      })
      .prepare(),
  };
 }
@@ -36,6 +41,10 @@ export class OneTimeLinkService {
    return this.#statements.delete.execute({ id });
  }

+  getByOtl(oneTimeLink: string) {
+    return this.#statements.findByOneTimeLink.execute({ oneTimeLink });
+  }
+
  generate(id: ID) {
    const key = `${id}-${Math.floor(Math.random() * 1000)}`;
    const oneTimeLink = Math.abs(CRC32.str(key)).toString(16);
@@ -45,7 +54,7 @@ export class OneTimeLinkService {
  }

  erase(id: ID) {
-    const expiresAt = Date.now() + 10 * 1000;
+    const expiresAt = new Date(Date.now() + 10 * 1000).toISOString();
    return this.#statements.erase.execute({ id, expiresAt });
  }
 }
@@ -5,6 +5,7 @@ import { wgInterface } from '../../schema';

 // default* means clients store it themselves
 export const userConfig = sqliteTable('user_configs_table', {
+  /** same as `wgInterface.name` */
  id: text()
    .primaryKey()
    .references(() => wgInterface.name, {
@@ -5,20 +5,28 @@ export default defineEventHandler(async (event) => {
    event,
    validateZod(OneTimeLinkGetSchema, event)
  );
-  const clients = await WireGuard.getAllClients();
-  // TODO: filter on the database level
-  const client = clients.find(
-    (client) => client.oneTimeLink?.oneTimeLink === oneTimeLink
-  );
+
+  const otl = await Database.oneTimeLinks.getByOtl(oneTimeLink);
+  if (!otl) {
+    throw createError({
+      statusCode: 404,
+      statusMessage: 'Invalid One Time Link',
+    });
+  }
+
+  const client = await Database.clients.get(otl.id);
  if (!client) {
    throw createError({
      statusCode: 404,
      statusMessage: 'Invalid One Time Link',
    });
  }
-  const clientId = client.id;
-  const config = await WireGuard.getClientConfiguration({ clientId });
-  await Database.oneTimeLinks.erase(clientId);
+
+  const config = await WireGuard.getClientConfiguration({
+    clientId: client.id,
+  });
+  await Database.oneTimeLinks.erase(otl.id);
+
  setHeader(
    event,
    'Content-Disposition',
@@ -212,8 +212,8 @@ class WireGuard {
        client.oneTimeLink !== null &&
        new Date() > new Date(client.oneTimeLink.expiresAt)
      ) {
-        WG_DEBUG(`Client ${client.id} One Time Link expired.`);
-        await Database.oneTimeLinks.delete(client.oneTimeLink.id);
+        WG_DEBUG(`OneTimeLink for Client ${client.id} expired.`);
+        await Database.oneTimeLinks.delete(client.id);
      }
    }

@@ -222,11 +222,10 @@ class WireGuard {
 }

 if (OLD_ENV.PASSWORD || OLD_ENV.PASSWORD_HASH) {
-  // TODO: change url before release
  throw new Error(
    `
 You are using an invalid Configuration for wg-easy
-Please follow the instructions on https://wg-easy.github.io/wg-easy/ to migrate
+Please follow the instructions on https://wg-easy.github.io/wg-easy/latest/advanced/migrate/from-14-to-15/ to migrate
 `
  );
 }
@@ -16,5 +16,3 @@ export const WG_ENV = {
  /** UI is hosted on HTTP instead of HTTPS */
  INSECURE: process.env.INSECURE === 'true',
 };
-
-console.log(WG_ENV);
@@ -138,6 +138,9 @@ export const defineMetricsHandler = <
  handler: MetricsHandler<TReq, TRes>
 ) => {
  return defineEventHandler(async (event) => {
+    const metricsConfig = await Database.general.getMetricsConfig();
+
+    if (metricsConfig.password) {
      const auth = getHeader(event, 'Authorization');

      if (!auth) {
@@ -156,16 +159,6 @@ export const defineMetricsHandler = <
        });
      }

-    const metricsConfig = await Database.general.getMetricsConfig();
-
-    if (metricsConfig[type] !== true) {
-      throw createError({
-        statusCode: 400,
-        statusMessage: 'Metrics not enabled',
-      });
-    }
-
-    if (metricsConfig.password) {
      const tokenValid = await isPasswordValid(value, metricsConfig.password);

      if (!tokenValid) {
@@ -176,6 +169,13 @@ export const defineMetricsHandler = <
      }
    }

+    if (metricsConfig[type] !== true) {
+      throw createError({
+        statusCode: 400,
+        statusMessage: 'Metrics not enabled',
+      });
+    }
+
    return await handler({ event });
  });
 };
@@ -52,6 +52,10 @@ export const FileSchema = z.object({
  file: z.string({ message: t('zod.file') }),
 });

+export const HookSchema = z
+  .string({ message: t('zod.hook') })
+  .pipe(safeStringRefine);
+
 export const schemaForType =
  <T>() =>
  // eslint-disable-next-line @typescript-eslint/no-explicit-any
@@ -49,12 +49,19 @@ PostDown = ${iptablesTemplate(hooks.postDown, wgInterface)}`;
    const cidr4Block = parseCidr(wgInterface.ipv4Cidr).prefix;
    const cidr6Block = parseCidr(wgInterface.ipv6Cidr).prefix;

+    const hookLines = [
+      client.preUp ? `PreUp = ${client.preUp}` : null,
+      client.postUp ? `PostUp = ${client.postUp}` : null,
+      client.preDown ? `PreDown = ${client.preDown}` : null,
+      client.postDown ? `PostDown = ${client.postDown}` : null,
+    ].filter((v) => v !== null);
+
    return `[Interface]
 PrivateKey = ${client.privateKey}
 Address = ${client.ipv4Address}/${cidr4Block}, ${client.ipv6Address}/${cidr6Block}
 DNS = ${client.dns.join(', ')}
 MTU = ${client.mtu}
-
+${hookLines.length ? `${hookLines.join('\n')}\n` : ''}
 [Peer]
 PublicKey = ${wgInterface.publicKey}
 PresharedKey = ${client.preSharedKey}
Author	SHA1	Message	Date
Bernd Storath	e5fb6ff3a6	Fix: OneTimeLinks (#1719 ) * fix otls * one otl per client * revert some code * revert some more code, add comments * adjust migration	2025-03-07 09:16:24 +01:00
杨黄林	fcb5049dab	Add PreUp, PostUp, PreDown, PostDown for client (#1714 ) * Fix create client popup background is not white * Fix no Add button when client Allowed Ips or Server Allowed Ips is empty * Add preUp preDown postUp postDown for client * Add description of hooks for client config * Move hooks's label text into 'hooks' in en.json --------- Co-authored-by: yanghuanglin <yanghuanglin@qq.com> Co-authored-by: Bernd Storath <999999bst@gmail.com>	2025-03-07 08:17:33 +01:00
Bernd Storath	93db67bab6	fix: only require metrics password if set (#1715 )	2025-03-06 11:45:03 +01:00
Bernd Storath	842475f799	Fix: Cidr Change (#1712 ) * only calculate ip if cidr changed if the cidr did not change, the ip will not change to prevent ip shifts * fix lint	2025-03-06 10:04:49 +01:00
Bernd Storath	f4d3608da7	Fix: Various (#1711 ) * fix docs * fix migration	2025-03-06 08:15:18 +01:00
Bernd Storath	84ee8c35f0	fix labels, date field, enable	2025-03-05 15:38:09 +01:00