theis.gaedigk/wg-easy-ca-lose
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Compare commits

base: theis.gaedigk/wg-easy-ca-lose:v15.0.0-beta.11
Branches Tags
theis.gaedigk/wg-easy-ca-lose:master theis.gaedigk/wg-easy-ca-lose:gh-pages theis.gaedigk/wg-easy-ca-lose:copilot/install-setup-assistance theis.gaedigk/wg-easy-ca-lose:copilot/add-env-variables-admin-panel theis.gaedigk/wg-easy-ca-lose:v14
theis.gaedigk/wg-easy-ca-lose:v15.3.0 theis.gaedigk/wg-easy-ca-lose:v15.3.0-beta.3 theis.gaedigk/wg-easy-ca-lose:v15.3.0-beta.2 theis.gaedigk/wg-easy-ca-lose:v15.3.0-beta.1 theis.gaedigk/wg-easy-ca-lose:v15.2.2 theis.gaedigk/wg-easy-ca-lose:v15.2.1 theis.gaedigk/wg-easy-ca-lose:v15.2.0 theis.gaedigk/wg-easy-ca-lose:v15.2.0-beta.3 theis.gaedigk/wg-easy-ca-lose:v15.2.0-beta.2 theis.gaedigk/wg-easy-ca-lose:v15.2.0-beta.1 theis.gaedigk/wg-easy-ca-lose:v15.1.0 theis.gaedigk/wg-easy-ca-lose:v14.0.0 theis.gaedigk/wg-easy-ca-lose:v15.0.0 theis.gaedigk/wg-easy-ca-lose:v15.0.0-beta.13 theis.gaedigk/wg-easy-ca-lose:v15.0.0-beta.12 theis.gaedigk/wg-easy-ca-lose:v15.0.0-beta.11 theis.gaedigk/wg-easy-ca-lose:v15.0.0-beta.10 theis.gaedigk/wg-easy-ca-lose:v15.0.0-beta.9 theis.gaedigk/wg-easy-ca-lose:v15.0.0-beta.8 theis.gaedigk/wg-easy-ca-lose:v15.0.0-beta.7 theis.gaedigk/wg-easy-ca-lose:v15.0.0-beta.6 theis.gaedigk/wg-easy-ca-lose:v15.0.0-beta.5 theis.gaedigk/wg-easy-ca-lose:v15.0.0-beta.4 theis.gaedigk/wg-easy-ca-lose:v15.0.0-beta.3 theis.gaedigk/wg-easy-ca-lose:v15.0.0-beta.2 theis.gaedigk/wg-easy-ca-lose:v15.0.0-beta.1 theis.gaedigk/wg-easy-ca-lose:v13.0.0 theis.gaedigk/wg-easy-ca-lose:v12.0.0
...
compare: theis.gaedigk/wg-easy-ca-lose:v15.0.0-beta.13
Branches Tags
theis.gaedigk/wg-easy-ca-lose:master theis.gaedigk/wg-easy-ca-lose:gh-pages theis.gaedigk/wg-easy-ca-lose:copilot/install-setup-assistance theis.gaedigk/wg-easy-ca-lose:copilot/add-env-variables-admin-panel theis.gaedigk/wg-easy-ca-lose:v14
theis.gaedigk/wg-easy-ca-lose:v15.3.0 theis.gaedigk/wg-easy-ca-lose:v15.3.0-beta.3 theis.gaedigk/wg-easy-ca-lose:v15.3.0-beta.2 theis.gaedigk/wg-easy-ca-lose:v15.3.0-beta.1 theis.gaedigk/wg-easy-ca-lose:v15.2.2 theis.gaedigk/wg-easy-ca-lose:v15.2.1 theis.gaedigk/wg-easy-ca-lose:v15.2.0 theis.gaedigk/wg-easy-ca-lose:v15.2.0-beta.3 theis.gaedigk/wg-easy-ca-lose:v15.2.0-beta.2 theis.gaedigk/wg-easy-ca-lose:v15.2.0-beta.1 theis.gaedigk/wg-easy-ca-lose:v15.1.0 theis.gaedigk/wg-easy-ca-lose:v14.0.0 theis.gaedigk/wg-easy-ca-lose:v15.0.0 theis.gaedigk/wg-easy-ca-lose:v15.0.0-beta.13 theis.gaedigk/wg-easy-ca-lose:v15.0.0-beta.12 theis.gaedigk/wg-easy-ca-lose:v15.0.0-beta.11 theis.gaedigk/wg-easy-ca-lose:v15.0.0-beta.10 theis.gaedigk/wg-easy-ca-lose:v15.0.0-beta.9 theis.gaedigk/wg-easy-ca-lose:v15.0.0-beta.8 theis.gaedigk/wg-easy-ca-lose:v15.0.0-beta.7 theis.gaedigk/wg-easy-ca-lose:v15.0.0-beta.6 theis.gaedigk/wg-easy-ca-lose:v15.0.0-beta.5 theis.gaedigk/wg-easy-ca-lose:v15.0.0-beta.4 theis.gaedigk/wg-easy-ca-lose:v15.0.0-beta.3 theis.gaedigk/wg-easy-ca-lose:v15.0.0-beta.2 theis.gaedigk/wg-easy-ca-lose:v15.0.0-beta.1 theis.gaedigk/wg-easy-ca-lose:v13.0.0 theis.gaedigk/wg-easy-ca-lose:v12.0.0

32 Commits
v15.0.0-beta.11 ... v15.0.0-beta.13

Author SHA1 Message Date
Bernd Storath d2ce82241b Bump version to 15.0.0-beta.13 2025-05-28 12:11:03 +02:00
Bernd Storath 8c395ec275 fix pre-release 2025-05-28 12:10:47 +02:00
Bernd Storath 10f42170f3 Bump version to 15.0.0-beta.13 2025-05-28 11:59:38 +02:00
Bernd Storath a8aa85bdaa Feat: map client to interface (#1886) 
map client to interface
 2025-05-28 11:58:33 +02:00
Bernd Storath 7e1aa5807d Feat: variants (#1885) 
add primary & secondary button & actionfield
 2025-05-28 11:44:16 +02:00
Bernd Storath df57921b8e update packages 2025-05-27 09:39:37 +02:00
Bernd Storath 4fbf059e61 add armv7 support 
override until
- https://github.com/nuxt/nuxt/issues/32124
- https://github.com/nuxt-modules/i18n/issues/3605
are fixed
 2025-05-16 09:11:50 +02:00
Bernd Storath b150e3f3b4 update packages 2025-05-16 08:54:52 +02:00
Bernd Storath aed10ab0bd update packages 2025-05-12 07:41:40 +02:00
Bernd Storath 478e7207b2 don't hoist libsql 
not needed anymore
 2025-05-05 11:15:24 +02:00
Bernd Storath c8dc710435 update packages 2025-05-05 10:25:28 +02:00
Bernd Storath 19d9e3b7d7 update packages 
this greatly improves qr code size and quality
 2025-04-26 16:49:51 +02:00
Bernd Storath c4efb1d03a update packages 
argon2 now prebuilds for armv7
only libsql is missing: https://github.com/tursodatabase/libsql-js/pull/169
 2025-04-24 11:50:35 +02:00
Bernd Storath 529b9eeb88 improve image size 2025-04-22 16:09:18 +02:00
Bernd Storath 69ee741d7e Feat: distributed build (#1829) 
* distribute build across runners

* better formatting

* fix issues

* fix matrix

* retrigger build
 2025-04-22 14:11:28 +02:00
Bernd Storath f2dc38e91b add setup guide 2025-04-22 10:47:55 +02:00
Bernd Storath 64e9484331 update packages 2025-04-22 07:46:33 +02:00
Bernd Storath c777fa30b3 publish stable docker compose (#1828) 2025-04-22 07:44:28 +02:00
Bernd Storath 734d91fd98 replace nightly with edge (#1819) 2025-04-17 15:58:45 +02:00
Bernd Storath 84ed7b299f Feat: Cli (#1818) 
* add cli

* fix lint

* add docs, include cli packages

* fix docs, username instead of name
 2025-04-16 14:17:02 +02:00
Bernd Storath 1cfe6404b2 Feat docs (#1814) 
* improve docs and formatting

* lint in ci

avoid using bundled prettier from vscode extension

* fix action, typos

* remove header

* remove unused deps
 2025-04-15 12:43:57 +02:00
Bernd Storath 2a32c1b9c0 remove unused dependencies 2025-04-14 08:36:07 +02:00
Bernd Storath 3ef258a28a Bump version to 15.0.0-beta.12 2025-04-11 23:35:51 +02:00
Bernd Storath ff783fd4d1 Feat: Improve Docs (#1791) 
* improve docs

* preplan guides

* fix spelling

* fix nftables rules

* consistent wg-easy code block

* fix grammar
 2025-04-11 23:25:58 +02:00
Bernd Storath 65aa067100 update packages 2025-04-11 22:46:03 +02:00
Edgars 48e6949a4d Update docker-run.md (#1804) 
Small fixes were made to:

- adjust indentation for the first line in code blocks;
- fix backticks;
- make the URL interactive.
 2025-04-09 11:25:30 +02:00
Bernd Storath 9ebf2c1d33 chore: disable latest tag for docker 
so old installations wont break until v15 is stable enough
 2025-04-02 09:32:52 +02:00
Bernd Storath d0f85316a6 chore: delete changelog from docs 2025-04-02 09:20:18 +02:00
Bernd Storath ff9fd553c5 Fix: sync / rekey issue (#1789) 
only sync if needed
 2025-04-02 08:49:04 +02:00
Bernd Storath e92ee0464e Feat: Server Endpoint (#1785) 
* add server endpoint to client

* be able to update endpoint over api
 2025-04-01 16:13:51 +02:00
Bernd Storath 9df049d3f4 Feat: startup info (#1784) 
add startup info
 2025-04-01 15:18:13 +02:00
Bernd Storath 32b73b850a Feat: 2fa (#1783) 
* preplan otp, better qrcode library

* add 2fa as feature

* add totp generation

* working totp lifecycle

* don't allow disabled user to log in

not a security issue as permission handler would fail anyway

* require 2fa on login

if enabled

* update packages

* fix typo

* remove console.logs
 2025-04-01 14:43:48 +02:00
106 changed files with 5250 additions and 2843 deletions
Expand all files Collapse all files
.editorconfig
-23
View File
@@ -1,23 +0,0 @@
# http://editorconfig.org
root = true
[*]
indent_style = space
indent_size = 2
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = true
# The JSON files contain newlines inconsistently
[*.json]
insert_final_newline = ignore
# Minified JavaScript files shouldn't be changed
[**.min.js]
indent_style = ignore
insert_final_newline = ignore
[*.md]
trim_trailing_whitespace = false
.github/workflows/deploy-development.yml
+100 -15
View File
@@ -4,21 +4,38 @@ on:
workflow_dispatch:
jobs:
docker:
name: Build & Deploy Docker
runs-on: ubuntu-latest
docker-build:
name: Build Docker
runs-on: ${{ matrix.arch.os }}
if: github.repository_owner == 'wg-easy'
permissions:
packages: write
contents: read
strategy:
fail-fast: false
matrix:
arch:
- platform: linux/amd64
os: ubuntu-latest
- platform: linux/arm64
os: ubuntu-24.04-arm
- platform: linux/arm/v7
os: ubuntu-24.04-arm
steps:
- uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Prepare
run: |
platform=${{ matrix.arch.platform }}
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/wg-easy/wg-easy
flavor: |
latest=false
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
@@ -27,15 +44,83 @@ jobs:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build & Publish Docker Image
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push by digest
id: build
uses: docker/build-push-action@v6
with:
context: .
push: true
platforms: linux/amd64,linux/arm64
tags: ghcr.io/wg-easy/wg-easy:development
cache-from: type=gha
cache-to: type=gha,mode=min
platforms: ${{ matrix.arch.platform }}
labels: ${{ steps.meta.outputs.labels }}
tags: ghcr.io/wg-easy/wg-easy
outputs: type=image,push-by-digest=true,name-canonical=true,push=true
cache-from: type=gha,scope=build-${{ env.PLATFORM_PAIR }}
cache-to: type=gha,mode=min,scope=build-${{ env.PLATFORM_PAIR }}
- name: Export digest
run: |
mkdir -p ${{ runner.temp }}/digests
digest="${{ steps.build.outputs.digest }}"
touch "${{ runner.temp }}/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
with:
name: digests-${{ env.PLATFORM_PAIR }}
path: ${{ runner.temp }}/digests/*
if-no-files-found: error
retention-days: 1
docker-merge:
name: Merge & Deploy Docker
runs-on: ubuntu-latest
if: github.repository_owner == 'wg-easy'
permissions:
packages: write
needs: docker-build
steps:
- name: Download digests
uses: actions/download-artifact@v4
with:
path: ${{ runner.temp }}/digests
pattern: digests-*
merge-multiple: true
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/wg-easy/wg-easy
flavor: |
latest=false
tags: |
type=raw,value=development
- name: Create manifest list and push
working-directory: ${{ runner.temp }}/digests
run: |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf 'ghcr.io/wg-easy/wg-easy@sha256:%s ' *)
- name: Inspect image
run: |
docker buildx imagetools inspect ghcr.io/wg-easy/wg-easy:${{ steps.meta.outputs.version }}
docs:
name: Build & Deploy Docs
@@ -43,7 +128,7 @@ jobs:
if: github.repository_owner == 'wg-easy'
permissions:
contents: write
needs: docker
needs: docker-merge
steps:
- uses: actions/checkout@v4
.github/workflows/deploy-edge.yml
+167
View File
@@ -0,0 +1,167 @@
name: Edge
on:
workflow_dispatch:
push:
branches:
- master
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
docker-build:
name: Build Docker
runs-on: ${{ matrix.arch.os }}
if: github.repository_owner == 'wg-easy'
permissions:
packages: write
strategy:
fail-fast: false
matrix:
arch:
- platform: linux/amd64
os: ubuntu-latest
- platform: linux/arm64
os: ubuntu-24.04-arm
- platform: linux/arm/v7
os: ubuntu-24.04-arm
steps:
- uses: actions/checkout@v4
with:
ref: master
- name: Prepare
run: |
platform=${{ matrix.arch.platform }}
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/wg-easy/wg-easy
flavor: |
latest=false
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push by digest
id: build
uses: docker/build-push-action@v6
with:
context: .
platforms: ${{ matrix.arch.platform }}
labels: ${{ steps.meta.outputs.labels }}
tags: ghcr.io/wg-easy/wg-easy
outputs: type=image,push-by-digest=true,name-canonical=true,push=true
cache-from: type=gha,scope=build-${{ env.PLATFORM_PAIR }}
cache-to: type=gha,mode=min,scope=build-${{ env.PLATFORM_PAIR }}
- name: Export digest
run: |
mkdir -p ${{ runner.temp }}/digests
digest="${{ steps.build.outputs.digest }}"
touch "${{ runner.temp }}/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
with:
name: digests-${{ env.PLATFORM_PAIR }}
path: ${{ runner.temp }}/digests/*
if-no-files-found: error
retention-days: 1
docker-merge:
name: Merge & Deploy Docker
runs-on: ubuntu-latest
if: github.repository_owner == 'wg-easy'
permissions:
packages: write
needs: docker-build
steps:
- name: Download digests
uses: actions/download-artifact@v4
with:
path: ${{ runner.temp }}/digests
pattern: digests-*
merge-multiple: true
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/wg-easy/wg-easy
flavor: |
latest=false
tags: |
type=raw,value=edge
- name: Create manifest list and push
working-directory: ${{ runner.temp }}/digests
run: |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf 'ghcr.io/wg-easy/wg-easy@sha256:%s ' *)
- name: Inspect image
run: |
docker buildx imagetools inspect ghcr.io/wg-easy/wg-easy:${{ steps.meta.outputs.version }}
docs:
name: Build & Deploy Docs
runs-on: ubuntu-latest
if: github.repository_owner == 'wg-easy'
permissions:
contents: write
needs: docker-merge
steps:
- uses: actions/checkout@v4
with:
ref: master
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: 3.11.9
cache: "pip"
cache-dependency-path: docs/requirements.txt
- name: Install Dependencies
run: |
pip install -r docs/requirements.txt
- name: Setup Git User
run: |
git config --global user.name 'github-actions[bot]'
git config --global user.email 'github-actions[bot]@users.noreply.github.com'
- name: Build Docs Website
run: |
cd docs
git fetch origin gh-pages --depth=1 || true
mike deploy --push --update-aliases edge
.github/workflows/deploy-nightly.yml
-77
View File
@@ -1,77 +0,0 @@
name: Nightly
on:
workflow_dispatch:
schedule:
- cron: "0 0 * * *"
jobs:
docker:
name: Build & Deploy Docker
runs-on: ubuntu-latest
if: github.repository_owner == 'wg-easy'
permissions:
packages: write
contents: read
steps:
- uses: actions/checkout@v4
with:
ref: master
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build & Publish Docker Image
uses: docker/build-push-action@v6
with:
context: .
push: true
platforms: linux/amd64,linux/arm64
tags: ghcr.io/wg-easy/wg-easy:nightly
cache-from: type=gha
cache-to: type=gha,mode=min
docs:
name: Build & Deploy Docs
runs-on: ubuntu-latest
if: github.repository_owner == 'wg-easy'
permissions:
contents: write
needs: docker
steps:
- uses: actions/checkout@v4
with:
ref: master
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: 3.11.9
cache: "pip"
cache-dependency-path: docs/requirements.txt
- name: Install Dependencies
run: |
pip install -r docs/requirements.txt
- name: Setup Git User
run: |
git config --global user.name 'github-actions[bot]'
git config --global user.email 'github-actions[bot]@users.noreply.github.com'
- name: Build Docs Website
run: |
cd docs
git fetch origin gh-pages --depth=1 || true
mike deploy --push --update-aliases nightly
.github/workflows/deploy-pr.yml
+18 -6
View File
@@ -11,14 +11,26 @@ concurrency:
jobs:
docker:
name: Build Docker
runs-on: ubuntu-latest
runs-on: ${{ matrix.arch.os }}
if: github.repository_owner == 'wg-easy'
permissions:
packages: write
contents: read
strategy:
fail-fast: false
matrix:
arch:
- platform: linux/amd64
os: ubuntu-latest
- platform: linux/arm64
os: ubuntu-24.04-arm
- platform: linux/arm/v7
os: ubuntu-24.04-arm
steps:
- uses: actions/checkout@v4
- name: Prepare
run: |
platform=${{ matrix.arch.platform }}
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
@@ -37,7 +49,7 @@ jobs:
with:
context: .
push: false
platforms: linux/amd64,linux/arm64
platforms: ${{ matrix.arch.platform }}
tags: ghcr.io/wg-easy/wg-easy:pr
cache-from: type=gha
cache-to: type=gha,mode=min
cache-to: type=gha,mode=min,scope=build-${{ env.PLATFORM_PAIR }}
.github/workflows/deploy.yml
+105 -27
View File
@@ -6,21 +6,107 @@ on:
tags:
- "v*"
# This workflow does not support fixing old versions
# as this will break the latest and major tags
jobs:
docker:
name: Build & Deploy Docker
docker-build:
name: Build Docker
runs-on: ${{ matrix.arch.os }}
if: |
github.repository_owner == 'wg-easy' &&
startsWith(github.ref, 'refs/tags/v')
permissions:
packages: write
strategy:
fail-fast: false
matrix:
arch:
- platform: linux/amd64
os: ubuntu-latest
- platform: linux/arm64
os: ubuntu-24.04-arm
- platform: linux/arm/v7
os: ubuntu-24.04-arm
steps:
- uses: actions/checkout@v4
- name: Prepare
run: |
platform=${{ matrix.arch.platform }}
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/wg-easy/wg-easy
flavor: |
latest=false
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push by digest
id: build
uses: docker/build-push-action@v6
with:
context: .
platforms: ${{ matrix.arch.platform }}
labels: ${{ steps.meta.outputs.labels }}
tags: ghcr.io/wg-easy/wg-easy
outputs: type=image,push-by-digest=true,name-canonical=true,push=true
cache-from: type=gha,scope=build-${{ env.PLATFORM_PAIR }}
cache-to: type=gha,mode=min,scope=build-${{ env.PLATFORM_PAIR }}
- name: Export digest
run: |
mkdir -p ${{ runner.temp }}/digests
digest="${{ steps.build.outputs.digest }}"
touch "${{ runner.temp }}/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
with:
name: digests-${{ env.PLATFORM_PAIR }}
path: ${{ runner.temp }}/digests/*
if-no-files-found: error
retention-days: 1
docker-merge:
name: Merge & Deploy Docker
runs-on: ubuntu-latest
if: |
github.repository_owner == 'wg-easy' &&
startsWith(github.ref, 'refs/tags/v')
permissions:
packages: write
contents: read
needs: docker-build
steps:
- uses: actions/checkout@v4
- name: Download digests
uses: actions/download-artifact@v4
with:
path: ${{ runner.temp }}/digests
pattern: digests-*
merge-multiple: true
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
@@ -31,28 +117,22 @@ jobs:
with:
images: |
ghcr.io/wg-easy/wg-easy
flavor: |
latest=false
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}
type=semver,pattern={{major}}.{{minor}}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Create manifest list and push
working-directory: ${{ runner.temp }}/digests
run: |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf 'ghcr.io/wg-easy/wg-easy@sha256:%s ' *)
- name: Build & Publish Docker Image
uses: docker/build-push-action@v6
with:
context: .
push: true
platforms: linux/amd64,linux/arm64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=min
- name: Inspect image
run: |
docker buildx imagetools inspect ghcr.io/wg-easy/wg-easy:${{ steps.meta.outputs.version }}
docs:
name: Build & Deploy Docs
@@ -62,7 +142,7 @@ jobs:
startsWith(github.ref, 'refs/tags/v')
permissions:
contents: write
needs: docker
needs: docker-merge
steps:
- uses: actions/checkout@v4
@@ -87,11 +167,9 @@ jobs:
cd docs
git fetch origin gh-pages --depth=1 || true
# latest will point to old docs if old tag is pushed
# Extract version numbers
DOCS_VERSION=${GITHUB_REF#refs/tags/} # e.g. v1.2.3 or v1.2.3-beta
MINOR_VERSION=$(echo $DOCS_VERSION | cut -d. -f1,2) # e.g. v1.2
DOCS_VERSION=${GITHUB_REF#refs/tags/} # e.g. v1.2.3 or v1.2.3-beta
MINOR_VERSION=$(echo $DOCS_VERSION | cut -d. -f1,2) # e.g. v1.2
# Check if it's a stable release (only numbers, no '-')
if [[ "$DOCS_VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
.github/workflows/lint.yml
+27
View File
@@ -7,9 +7,36 @@ on:
pull_request:
jobs:
docs:
name: Check Docs
runs-on: ubuntu-latest
if: github.repository_owner == 'wg-easy'
steps:
- name: Checkout repository
uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
name: Install pnpm
with:
run_install: false
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: "lts/*"
check-latest: true
cache: "pnpm"
- name: Check docs formatting
run: |
pnpm install
pnpm format:check:docs
lint:
name: Lint
runs-on: ubuntu-latest
needs: docs
if: github.repository_owner == 'wg-easy'
strategy:
.gitignore
+1
View File
@@ -1,2 +1,3 @@
.DS_Store
*.swp
node_modules
.vscode/extensions.json
Vendored
+2 -1
View File
@@ -9,6 +9,7 @@
"yoavbls.pretty-ts-errors",
"bradlc.vscode-tailwindcss",
"vue.volar",
"lokalise.i18n-ally"
"lokalise.i18n-ally",
"DavidAnson.vscode-markdownlint"
]
}
.vscode/settings.json
Vendored
+5
View File
@@ -18,6 +18,11 @@
"[json]": {
"editor.defaultFormatter": "esbenp.prettier-vscode"
},
"[markdown]": {
"editor.defaultFormatter": "esbenp.prettier-vscode",
"editor.tabSize": 4,
"editor.useTabStops": false
},
"typescript.tsdk": "./src/node_modules/typescript/lib",
"i18n-ally.enabledFrameworks": ["vue"],
"i18n-ally.localesPaths": ["src/i18n/locales"],
CHANGELOG.md
+9 -1
View File
@@ -10,6 +10,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
We're super excited to announce v15!
This update is an entire rewrite to make it even easier to set up your own VPN.
## Breaking Changes
As the whole setup has changed, we recommend to start from scratch. And import your existing configs.
## Major Changes
- Almost all Environment variables removed
@@ -23,9 +27,13 @@ This update is an entire rewrite to make it even easier to set up your own VPN.
- SQLite Database
- Deprecated Dockerless Installations
- Added Docker Volume Mount (`/lib/modules`)
- Removed ARMv6 and ARMv7 support
- Removed ARMv6 support
- Connections over HTTP require setting the `INSECURE` env var
- Changed license from CC BY-NC-SA 4.0 to AGPL-3.0-only
- Added 2FA using TOTP
- Improved mobile support
- CLI
- Replaced `nightly` with `edge`
## [14.0.0] - 2024-09-04
Dockerfile
+8 -2
View File
@@ -25,8 +25,13 @@ HEALTHCHECK --interval=1m --timeout=5s --retries=3 CMD /usr/bin/timeout 5s /bin/
COPY --from=build /app/.output /app
# Copy migrations
COPY --from=build /app/server/database/migrations /app/server/database/migrations
# libsql
RUN cd /app/server && npm install --no-save libsql
# libsql (https://github.com/nitrojs/nitro/issues/3328)
RUN cd /app/server && \
npm install --no-save libsql && \
npm cache clean --force
# cli
COPY --from=build /app/cli/cli.sh /usr/local/bin/cli
RUN chmod +x /usr/local/bin/cli
# Install Linux packages
RUN apk add --no-cache \
@@ -34,6 +39,7 @@ RUN apk add --no-cache \
dumb-init \
iptables \
ip6tables \
nftables \
kmod \
iptables-legacy \
wireguard-tools
Dockerfile.dev
+1
View File
@@ -36,3 +36,4 @@ RUN pnpm install
# Copy Project
COPY src ./
ENTRYPOINT [ "pnpm", "run" ]
README.md
+19 -27
View File
@@ -5,7 +5,7 @@
[![GitHub Stars](https://img.shields.io/github/stars/wg-easy/wg-easy)](https://github.com/wg-easy/wg-easy/stargazers)
[![License](https://img.shields.io/github/license/wg-easy/wg-easy)](LICENSE)
[![GitHub Release](https://img.shields.io/github/v/release/wg-easy/wg-easy)](https://github.com/wg-easy/wg-easy/releases/latest)
[![Image Pulls](https://img.shields.io/badge/image_pulls-11M-blue)](https://github.com/wg-easy/wg-easy/pkgs/container/wg-easy)
[![Image Pulls](https://img.shields.io/badge/image_pulls-12M+-blue)](https://github.com/wg-easy/wg-easy/pkgs/container/wg-easy)
<!-- TODO: remove after release -->
@@ -38,6 +38,7 @@ You have found the easiest way to install & manage WireGuard on any Linux host!
- Prometheus metrics support
- IPv6 support
- CIDR support
- 2FA support
> [!NOTE]
> To better manage documentation for this project, it has its own site here: [https://wg-easy.github.io/wg-easy/latest](https://wg-easy.github.io/wg-easy/latest)
@@ -50,36 +51,19 @@ You have found the easiest way to install & manage WireGuard on any Linux host!
- [Getting Started](https://wg-easy.github.io/wg-easy/latest/getting-started/)
- [Basic Installation](https://wg-easy.github.io/wg-easy/latest/examples/tutorials/basic-installation/)
- [Caddy](https://wg-easy.github.io/wg-easy/latest/examples/tutorials/caddy/)
- [Nginx](https://wg-easy.github.io/wg-easy/latest/examples/tutorials/nginx/)
- [Traefik](https://wg-easy.github.io/wg-easy/latest/examples/tutorials/traefik/)
- [Podman](https://wg-easy.github.io/wg-easy/latest/examples/tutorials/podman/)
- [Podman](https://wg-easy.github.io/wg-easy/latest/examples/tutorials/podman-nft/)
- [AdGuard Home](https://wg-easy.github.io/wg-easy/latest/examples/tutorials/adguard/)
> [!NOTE]
> If you want to migrate from the old version to the new version, you can find the migration guide here: [Migration Guide](https://wg-easy.github.io/wg-easy/latest/advanced/migrate/)
## Requirements
- A host with a kernel that supports WireGuard (all modern kernels).
- A host with Docker installed.
## Versions
> 💡 We follow semantic versioning (semver)
We offer multiple Docker image tags to suit your needs. The table below is in a particular order, with the first tag being the most recommended:
| tag | Branch | Example | Description |
| ------------- | ---------------------------------------------------------- | ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ |
| `15` | latest minor for that major tag | `ghcr.io/wg-easy/wg-easy:15` | latest features for specific major versions, no breaking changes |
| `latest` | latest tag | `ghcr.io/wg-easy/wg-easy:latest` or `ghcr.io/wg-easy/wg-easy` | stable as possible get bug fixes quickly when needed, see Releases for more information. |
| `15.0` | latest patch for that minor tag | `ghcr.io/wg-easy/wg-easy:15.0` | latest patches for specific minor version |
| `15.0.0` | specific tag | `ghcr.io/wg-easy/wg-easy:15.0.0` | specific release, don't use this as this will not get updated |
| `nightly` | [`master`](https://github.com/wg-easy/wg-easy/tree/master) | `ghcr.io/wg-easy/wg-easy:nightly` | mostly unstable gets frequent package and code updates, deployed against [`master`](https://github.com/wg-easy/wg-easy/tree/master). |
| `development` | pull requests | `ghcr.io/wg-easy/wg-easy:development` | used for development, testing code from PRs before landing into [`master`](https://github.com/wg-easy/wg-easy/tree/master). |
## Installation
This is a quick start guide to get you up and running with WireGuard Easy.
For a more detailed installation guide, please refer to the [Getting Started](https://wg-easy.github.io/wg-easy/latest/getting-started/) page.
### 1. Install Docker
If you haven't installed Docker yet, install it by running as root:
@@ -95,14 +79,13 @@ And log in again.
The easiest way to run WireGuard Easy is with Docker Compose.
Just download [`docker-compose.yml`](docker-compose.yml), make necessary adjustments and
execute `sudo docker compose up -d`.
Just download [`docker-compose.yml`](docker-compose.yml) and execute `sudo docker compose up -d`.
Now setup a reverse proxy to be able to access the Web UI from the internet.
Now setup a reverse proxy to be able to access the Web UI securely from the internet.
If you want to access the Web UI over HTTP, change the env var `INSECURE` to `true`. This is not recommended. Only use this for testing
### Donate
## Donate
Are you enjoying this project? Consider donating.
@@ -133,6 +116,15 @@ If you add something that should be auto-importable and VSCode complains, run:
```shell
cd src
pnpm install
cd ..
```
### Test Cli
This starts the cli with docker
```shell
pnpm cli:dev
```
## License
docker-compose.beta.yml
+44
View File
@@ -0,0 +1,44 @@
volumes:
etc_wireguard:
services:
wg-easy:
#environment:
# Optional:
# - PORT=51821
# - HOST=0.0.0.0
# - INSECURE=false
image: ghcr.io/wg-easy/wg-easy:15
container_name: wg-easy
networks:
wg:
ipv4_address: 10.42.42.42
ipv6_address: fdcc:ad94:bacf:61a3::2a
volumes:
- etc_wireguard:/etc/wireguard
- /lib/modules:/lib/modules:ro
ports:
- "51820:51820/udp"
- "51821:51821/tcp"
restart: unless-stopped
cap_add:
- NET_ADMIN
- SYS_MODULE
# - NET_RAW # ⚠️ Uncomment if using Podman Compose
sysctls:
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv6.conf.all.disable_ipv6=0
- net.ipv6.conf.all.forwarding=1
- net.ipv6.conf.default.forwarding=1
networks:
wg:
driver: bridge
enable_ipv6: true
ipam:
driver: default
config:
- subnet: 10.42.42.0/24
- subnet: fdcc:ad94:bacf:61a3::/64
docker-compose.dev.yml
+1 -1
View File
@@ -2,7 +2,7 @@ services:
wg-easy:
build:
dockerfile: ./Dockerfile.dev
command: pnpm run dev
command: dev
volumes:
- ./src/:/app/
- temp:/app/.nuxt/
docker-compose.yml
+26 -25
View File
@@ -3,21 +3,35 @@ volumes:
services:
wg-easy:
#environment:
# Optional:
# - PORT=51821
# - HOST=0.0.0.0
# - INSECURE=false
environment:
# Change Language:
# (Supports: en, ua, ru, tr, no, pl, fr, de, ca, es, ko, vi, nl, is, pt, chs, cht, it, th, hi)
- LANG=de
# ⚠️ Required:
# Change this to your host's public address
- WG_HOST=raspberrypi.local
image: ghcr.io/wg-easy/wg-easy:15
# Optional:
# - PASSWORD_HASH=$$2y$$10$$hBCoykrB95WSzuV4fafBzOHWKu9sbyVa34GJr8VV5R/pIelfEMYyG # (needs double $$, hash of 'foobar123'; see "How_to_generate_an_bcrypt_hash.md" for generate the hash)
# - PORT=51821
# - WG_PORT=51820
# - WG_CONFIG_PORT=92820
# - WG_DEFAULT_ADDRESS=10.8.0.x
# - WG_DEFAULT_DNS=1.1.1.1
# - WG_MTU=1420
# - WG_ALLOWED_IPS=192.168.15.0/24, 10.0.1.0/24
# - WG_PERSISTENT_KEEPALIVE=25
# - WG_PRE_UP=echo "Pre Up" > /etc/wireguard/pre-up.txt
# - WG_POST_UP=echo "Post Up" > /etc/wireguard/post-up.txt
# - WG_PRE_DOWN=echo "Pre Down" > /etc/wireguard/pre-down.txt
# - WG_POST_DOWN=echo "Post Down" > /etc/wireguard/post-down.txt
# - UI_TRAFFIC_STATS=true
# - UI_CHART_TYPE=0 # (0 Charts disabled, 1 # Line chart, 2 # Area chart, 3 # Bar chart)
image: ghcr.io/wg-easy/wg-easy:14
container_name: wg-easy
networks:
wg:
ipv4_address: 10.42.42.42
ipv6_address: fdcc:ad94:bacf:61a3::2a
volumes:
- etc_wireguard:/etc/wireguard
- /lib/modules:/lib/modules:ro
ports:
- "51820:51820/udp"
- "51821:51821/tcp"
@@ -25,20 +39,7 @@ services:
cap_add:
- NET_ADMIN
- SYS_MODULE
# - NET_RAW # ⚠️ Uncomment if using Podman Compose
# - NET_RAW # ⚠️ Uncomment if using Podman
sysctls:
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv6.conf.all.disable_ipv6=0
- net.ipv6.conf.all.forwarding=1
- net.ipv6.conf.default.forwarding=1
networks:
wg:
driver: bridge
enable_ipv6: true
ipam:
driver: default
config:
- subnet: 10.42.42.0/24
- subnet: fdcc:ad94:bacf:61a3::/64
docs/.prettierrc.json
+5
View File
@@ -0,0 +1,5 @@
{
"tabWidth": 4,
"semi": true,
"singleQuote": true
}
docs/content/advanced/api.md
+39 -1
View File
@@ -2,4 +2,42 @@
title: API
---
TODO
/// warning | Breaking Changes
This API is not yet stable and may change in the future. The API is currently in development and is subject to change without notice. The API is not yet documented, but we will add documentation as the API stabilizes.
///
You can use the API to interact with the application programmatically. The API is available at `/api` and supports both GET and POST requests. The API is designed to be simple and easy to use, with a focus on providing a consistent interface for all endpoints.
There is no documentation for the API yet, but this will be added as the underlying library supports it.
## Authentication
To use the API, you need to authenticate using Basic Authentication. The username and password are the same as the ones you use to log in to the web application.
If you use 2FA, the API will not work. You need to disable 2FA in the web application to use the API.
### Authentication Example
```python
import requests
from requests.auth import HTTPBasicAuth
url = "https://example.com:51821/api/client"
response = requests.get(url, auth=HTTPBasicAuth('username', 'password'))
if response.status_code == 200:
data = response.json()
print(data)
else:
print(f"Error: {response.status_code}")
```
## Endpoints
The Endpoints are not yet documented. But as file-based routing is used, you can find the endpoints in the `src/server/api` folder. The method is defined in the file name.
### Endpoints Example
| File Name | Endpoint | Method |
| -------------------------------- | -------------- | ------ |
| `src/server/api/client.get.ts` | `/api/client` | GET |
| `src/server/api/setup/2.post.ts` | `/api/setup/2` | POST |
docs/content/advanced/config/optional-config.md
+1 -1
View File
@@ -2,7 +2,7 @@
title: Optional Configuration
---
TODO
You can set these environment variables to configure the container. They are not required, but can be useful in some cases.
| Env | Default | Example | Description |
| ---------- | --------- | ----------- | ------------------------------ |
docs/content/advanced/config/unattended-setup.md
+2 -2
View File
@@ -26,7 +26,7 @@ If you want to skip the setup process, you have to configure group `1`
/// note | Security
The initial username and password is not checked for complexity. Make sure to set a long enough username and a secure password. Otherwise, the user won't be able to log in.
The initial username and password is not checked for complexity. Make sure to set a long enough username and password. Otherwise, the user won't be able to log in.
Its recommended to remove the variables after the setup is done to prevent the password from being exposed.
It's recommended to remove the variables after the setup is done to prevent the password from being exposed.
///
docs/content/advanced/metrics/prometheus.md
+37 -2
View File
@@ -2,6 +2,41 @@
title: Prometheus
---
TODO
To monitor the WireGuard server, you can use [Prometheus](https://prometheus.io/) and [Grafana](https://grafana.com/). The container exposes a `/metrics/prometheus` endpoint that can be scraped by Prometheus.
<!-- TOOD: add to docs: Grafana dashboard [21733](https://grafana.com/grafana/dashboards/21733-wireguard/) -->
## Enable Prometheus
To enable Prometheus metrics, go to Admin Panel > General and enable Prometheus.
You can optionally set a Bearer Password for the metrics endpoints. This is useful if you want to expose the metrics endpoint to the internet.
## Configure Prometheus
You need to add a scrape config to your Prometheus configuration file. Here is an example:
```yaml
scrape_configs:
- job_name: 'wg-easy'
scrape_interval: 30s
metrics_path: /metrics/prometheus
static_configs:
- targets:
- 'localhost:51821'
authorization:
type: Bearer
credentials: 'SuperSecurePassword'
```
## Grafana Dashboard
You can use the following Grafana dashboard to visualize the metrics:
[![Grafana Dashboard](https://grafana.com/api/dashboards/21733/images/16863/image)](https://grafana.com/grafana/dashboards/21733-wireguard/)
[21733](https://grafana.com/grafana/dashboards/21733-wireguard/)
/// note | Unofficial
The Grafana dashboard is not official and is not maintained by the `wg-easy` team. If you have any issues with the dashboard, please contact the author of the dashboard.
See [#1299](https://github.com/wg-easy/wg-easy/pull/1299) for more information.
///
docs/content/advanced/migrate/from-14-to-15.md
+2 -2
View File
@@ -7,7 +7,7 @@ This guide will help you migrate from `v14` to version `v15` of `wg-easy`.
## Changes
- This is a complete rewrite of the `wg-easy` project. Therefore the configuration files and the way you interact with the project have changed.
- If you use armv6 or armv7, you can't migrate to `v15` yet. We are working on it.
- If you use armv6, you unfortunately won't be able to migrate to `v15`.
- If you are connecting to the web ui via HTTP, you need to set the `INSECURE` environment variable to `true` in the new container.
## Migration
@@ -42,7 +42,7 @@ docker-compose down
Follow the instructions in the [Getting Started][docs-getting-started] or [Basic Installation][docs-examples] guide to start the new container.
In the setup wizard, select that you already already have a configuration file and upload the `wg0.json` file you downloaded in the backup step.
In the setup wizard, select that you already have a configuration file and upload the `wg0.json` file you downloaded in the backup step.
[docs-getting-started]: ../../getting-started.md
[docs-examples]: ../../examples/tutorials/basic-installation.md
docs/content/changelog.json
-16
View File
@@ -1,16 +0,0 @@
{
"1": "Initial version. Enjoy!",
"2": "You can now rename a client & update the address. Enjoy!",
"3": "Many improvements and small changes. Enjoy!",
"4": "Now with pretty charts for client's network speed. Enjoy!",
"5": "Many small improvements & feature requests. Enjoy!",
"6": "Many small performance improvements & bug fixes. Enjoy!",
"7": "Improved the look & performance of the upload/download chart.",
"8": "Updated to Node.js v18.",
"9": "Fixed issue running on devices with older kernels.",
"10": "Added sessionless HTTP API auth & automatic dark mode.",
"11": "Multilanguage Support & various bugfixes.",
"12": "UI_TRAFFIC_STATS, Import json configurations with no PreShared-Key, allow clients with no privateKey & more.",
"13": "New framework (h3), UI_CHART_TYPE, some bugfixes & more.",
"14": "Home Assistent support, PASSWORD_HASH (inc. Helper), translation updates bugfixes & more."
}
docs/content/contributing/general.md
+1 -1
View File
@@ -12,7 +12,7 @@ When refactoring, writing or altering files, adhere to these rules:
## Documentation
Make sure to select `nightly` in the dropdown menu at the top. Navigate to the page you would like to edit and click the edit button in the top right. This allows you to make changes and create a pull-request.
Make sure to select `edge` in the dropdown menu at the top. Navigate to the page you would like to edit and click the edit button in the top right. This allows you to make changes and create a pull-request.
Alternatively you can make the changes locally. For that you'll need to have Docker installed. Run
docs/content/contributing/issues-and-pull-requests.md
+3 -3
View File
@@ -24,9 +24,9 @@ Maintainers take the time to improve on this project and help by solving issues
### Filing a Bug Report
Thank you for participating in this project and reporting a bug. wg-easy is a community-driven project, and each contribution counts!
Thank you for participating in this project and reporting a bug. `wg-easy` is a community-driven project, and each contribution counts!
Maintainers and moderators are volunteers. We greatly appreciate reports that take the time to provide detailed information via the template, enabling us to help you in the best and quickest way. Ignoring the template provided may seem easier, but discourages receiving any support (_via assignment of the label `meta/no template - no support`_).
Maintainers and moderators are volunteers. We greatly appreciate reports that take the time to provide detailed information via the template, enabling us to help you in the best and quickest way. Ignoring the template provided may seem easier, but discourages receiving any support.
Markdown formatting can be used in almost all text fields (_unless stated otherwise in the description_).
@@ -50,7 +50,7 @@ The development workflow is the following:
3. Document your improvements if necessary
4. [Commit][commit] (and [sign your commit][gpg]), push and create a pull-request to merge into `master`. Please **use the pull-request template** to provide a minimum of contextual information and make sure to meet the requirements of the checklist.
Pull requests are automatically tested against the CI and will be reviewed when tests pass. When your changes are validated, your branch is merged. CI builds the new `:nightly` image every night and your changes will be includes in the next version release.
Pull requests are automatically tested against the CI and will be reviewed when tests pass. When your changes are validated, your branch is merged. CI builds the new `:edge` image on every push to the `master` branch and your changes will be included in the next version release.
[docs-latest]: https://wg-easy.github.io/wg-easy/latest
[github-file-readme]: https://github.com/wg-easy/wg-easy/blob/master/README.md
docs/content/examples/tutorials/adguard.md
+5 -1
View File
@@ -2,4 +2,8 @@
title: AdGuard Home
---
TODO
It seems like the Docs on how to setup AdGuard Home are not available yet.
Feel free to create a PR and add them here.
<!-- TODO -->
docs/content/examples/tutorials/auto-updates.md
+41 -3
View File
@@ -6,11 +6,49 @@ title: Auto Updates
With Docker Compose `wg-easy` can be updated with a single command:
Replace `$DIR` with the directory where your `docker-compose.yml` is located.
```shell
cd /etc/docker/containers/wg-easy
sudo docker compose up -d --pull always
```
### Watchtower
If you want the updates to be fully automatic you can install Watchtower. This will check for updates every day at 4:00 AM and update the container if a new version is available.
File: `/etc/docker/containers/watchtower/docker-compose.yml`
```yaml
services:
watchtower:
image: containrrr/watchtower:latest
volumes:
- /var/run/docker.sock:/var/run/docker.sock
env_file:
- watchtower.env
restart: unless-stopped
```
File: `/etc/docker/containers/watchtower/watchtower.env`
```env
WATCHTOWER_CLEANUP=true
WATCHTOWER_SCHEDULE=0 0 4 * * *
TZ=Europe/Berlin
# Email
# WATCHTOWER_NOTIFICATIONS_LEVEL=info
# WATCHTOWER_NOTIFICATIONS=email
# WATCHTOWER_NOTIFICATION_EMAIL_FROM=mail@example.com
# WATCHTOWER_NOTIFICATION_EMAIL_TO=mail@example.com
# WATCHTOWER_NOTIFICATION_EMAIL_SERVER=smtp.example.com
# WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER=mail@example.com
# WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD="SuperSecurePassword"
# WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=587
```
```shell
cd $DIR
sudo docker compose up -d --pull always
cd /etc/docker/containers/watchtower
sudo docker compose up -d
```
## Docker Run
docs/content/examples/tutorials/basic-installation.md
+17 -21
View File
@@ -8,7 +8,7 @@ title: Basic Installation
1. You need to have a host that you can manage
2. You need to have a domain name or a public IP address
3. You need a supported architecture (x86_64, arm64)
3. You need a supported architecture (x86_64, arm64, armv7)
4. You need curl installed on your host
## Install Docker
@@ -19,49 +19,45 @@ Follow the Docs here: <https://docs.docker.com/engine/install/> and install Dock
1. Create a directory for the configuration files (you can choose any directory you like):
```shell
DIR=/docker/wg-easy
sudo mkdir -p $DIR
```
```shell
sudo mkdir -p /etc/docker/containers/wg-easy
```
2. Download docker compose file
```shell
sudo curl -o $DIR/docker-compose.yml https://raw.githubusercontent.com/wg-easy/wg-easy/master/docker-compose.yml
```
```shell
sudo curl -o /etc/docker/containers/wg-easy/docker-compose.yml https://raw.githubusercontent.com/wg-easy/wg-easy/master/docker-compose.yml
```
3. Start `wg-easy`
```shell
sudo docker-compose -f $DIR/docker-compose.yml up -d
```
```shell
cd /etc/docker/containers/wg-easy
sudo docker-compose up -d
```
## Setup Firewall
If you are using a firewall, you need to open the following ports:
- UDP 51820 (WireGuard)
- TCP 51821 (Web UI)
These ports can be changed, so if you change them you have to update your firewall rules accordingly.
## Setup Reverse Proxy
TODO
## Access the Web UI
Open your browser and navigate to `https://<your-domain>:51821` or `https://<your-ip>:51821`.
Follow the instructions to set up your WireGuard VPN.
- To setup traefik follow the instructions here: [Traefik](./traefik.md)
- To setup caddy follow the instructions here: [Caddy](./caddy.md)
- If you do not want to use a reverse proxy follow the instructions here: [No Reverse Proxy](./reverse-proxyless.md)
## Update `wg-easy`
To update `wg-easy` to the latest version, run:
```shell
sudo docker-compose -f $DIR/docker-compose.yml pull
sudo docker-compose -f $DIR/docker-compose.yml up -d
cd /etc/docker/containers/wg-easy
sudo docker-compose pull
sudo docker-compose up -d
```
## Auto Update
docs/content/examples/tutorials/caddy.md
+5 -1
View File
@@ -2,4 +2,8 @@
title: Caddy
---
TODO
It seems like the Docs on how to setup Caddy are not available yet.
Feel free to create a PR and add them here.
<!-- TODO -->
docs/content/examples/tutorials/docker-run.md
+4 -6
View File
@@ -5,7 +5,7 @@ title: Docker Run
To setup the IPv6 Network, simply run once:
```shell
docker network create \
docker network create \
-d bridge --ipv6 \
-d default \
--subnet 10.42.42.0/24 \
@@ -14,10 +14,10 @@ To setup the IPv6 Network, simply run once:
<!-- ref: major version -->
To automatically install & run ``wg-easy, simply run:
To automatically install & run `wg-easy`, simply run:
```shell
docker run -d \
docker run -d \
--net wg \
-e INSECURE=true \
--name wg-easy \
@@ -38,6 +38,4 @@ To automatically install & run ``wg-easy, simply run:
ghcr.io/wg-easy/wg-easy:15
```
The Web UI will now be available on `http://0.0.0.0:51821`.
> 💡 Your configuration files will be saved in `~/.wg-easy`
The Web UI will now be available at <http://0.0.0.0:51821>.
docs/content/examples/tutorials/dockerless.md
+3 -1
View File
@@ -2,4 +2,6 @@
title: Without Docker
---
TODO
This is currently not yet supported.
<!-- TODO -->
docs/content/examples/tutorials/nginx.md
-5
View File
@@ -1,5 +0,0 @@
---
title: NGINX
---
TODO
docs/content/examples/tutorials/podman.md → docs/content/examples/tutorials/podman-nft.md
+7 -12
View File
@@ -1,5 +1,5 @@
---
title: Podman
title: Podman + nftables
---
This guide will show you how to run `wg-easy` with rootful Podman and nftables.
@@ -87,15 +87,15 @@ In the Admin Panel of your WireGuard server, go to the `Hooks` tab and add the f
1. PostUp
```shell
apk add nftables; nft add table inet wg_table; nft add chain inet wg_table postrouting { type nat hook postrouting priority 100 \; }; nft add rule inet wg_table postrouting ip saddr {{ipv4Cidr}} oifname {{device}} masquerade; nft add rule inet wg_table postrouting ip6 saddr {{ipv6Cidr}} oifname {{device}} masquerade; nft add chain inet wg_table input { type filter hook input priority 0 \; policy drop \; }; nft add rule inet wg_table input udp dport {{port}} accept; nft add rule inet wg_table input tcp dport {{uiPort}} accept; nft add chain inet wg_table forward { type filter hook forward priority 0 \; policy drop \; }; nft add rule inet wg_table forward iifname "wg0" accept; nft add rule inet wg_table forward oifname "wg0" accept;
```
```shell
nft add table inet wg_table; nft add chain inet wg_table prerouting { type nat hook prerouting priority 100 \; }; nft add chain inet wg_table postrouting { type nat hook postrouting priority 100 \; }; nft add rule inet wg_table postrouting ip saddr {{ipv4Cidr}} oifname {{device}} masquerade; nft add rule inet wg_table postrouting ip6 saddr {{ipv6Cidr}} oifname {{device}} masquerade; nft add chain inet wg_table input { type filter hook input priority 0 \; policy accept \; }; nft add rule inet wg_table input udp dport {{port}} accept; nft add rule inet wg_table input tcp dport {{uiPort}} accept; nft add chain inet wg_table forward { type filter hook forward priority 0 \; policy accept \; }; nft add rule inet wg_table forward iifname "wg0" accept; nft add rule inet wg_table forward oifname "wg0" accept;
```
2. PostDown
```shell
nft delete table inet wg_table
```
```shell
nft delete table inet wg_table
```
If you don't have iptables loaded on your server, you could see many errors in the logs or in the UI. You can ignore them.
@@ -106,8 +106,3 @@ Restart the container to apply the new hooks:
```shell
sudo systemctl restart wg-easy
```
<!--
TODO: improve docs after better nftables support
TODO: fix accept web ui port
-->
docs/content/examples/tutorials/reverse-proxyless.md
+29
View File
@@ -0,0 +1,29 @@
---
title: No Reverse Proxy
---
/// warning | Insecure
This is insecure. You should use a reverse proxy to secure the connection.
Only use this method if you know what you are doing.
///
If you only allow access to the web UI from your local network, you can skip the reverse proxy setup. This is not recommended, but it is possible.
## Setup
- Edit the `docker-compose.yml` file and uncomment `environment` and `INSECURE`
- Set `INSECURE` to `true` to allow access to the web UI over a non-secure connection.
- The `docker-compose.yml` file should look something like this:
```yaml
environment:
- INSECURE=true
```
- Save the file and restart `wg-easy`.
- Make sure that the Web UI is not accessible from outside your local network.
docs/content/examples/tutorials/traefik.md
+180 -1
View File
@@ -2,4 +2,183 @@
title: Traefik
---
TODO
/// note | Opinionated
This guide is opinionated. If you use other conventions or folder layouts, feel free to change the commands and paths.
///
## Create docker compose project
```shell
sudo mkdir -p /etc/docker/containers/traefik
cd /etc/docker/containers/traefik
```
## Create docker compose file
File: `/etc/docker/containers/traefik/docker-compose.yml`
```yaml
services:
traefik:
image: traefik:3.3
container_name: traefik
restart: unless-stopped
ports:
- '80:80'
- '443:443/tcp'
- '443:443/udp'
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /etc/docker/volumes/traefik/traefik.yml:/traefik.yml:ro
- /etc/docker/volumes/traefik/traefik_dynamic.yml:/traefik_dynamic.yml:ro
- /etc/docker/volumes/traefik/acme.json:/acme.json
networks:
- traefik
networks:
traefik:
external: true
```
## Create traefik.yml
File: `/etc/docker/volumes/traefik/traefik.yml`
```yaml
log:
level: INFO
entryPoints:
web:
address: ':80/tcp'
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: ':443/tcp'
http:
middlewares:
- compress@file
- hsts@file
tls:
certResolver: letsencrypt
http3: {}
api:
dashboard: true
certificatesResolvers:
letsencrypt:
acme:
email: $mail@example.com$
storage: acme.json
httpChallenge:
entryPoint: web
providers:
docker:
watch: true
network: traefik
exposedByDefault: false
file:
filename: traefik_dynamic.yml
serversTransport:
insecureSkipVerify: true
```
## Create traefik_dynamic.yml
File: `/etc/docker/volumes/traefik/traefik_dynamic.yml`
```yaml
http:
middlewares:
services:
basicAuth:
users:
- '$username$:$password$'
compress:
compress: {}
hsts:
headers:
stsSeconds: 2592000
routers:
api:
rule: Host(`traefik.$example.com$`)
entrypoints:
- websecure
middlewares:
- services
service: api@internal
tls:
options:
default:
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
sniStrict: true
```
## Create acme.json
```shell
sudo touch /etc/docker/volumes/traefik/acme.json
sudo chmod 600 /etc/docker/volumes/traefik/acme.json
```
## Create network
```shell
sudo docker network create traefik
```
## Start traefik
```shell
sudo docker-compose up -d
```
You can no access the Traefik dashboard at `https://traefik.$example.com$` with the credentials you set in `traefik_dynamic.yml`.
## Add Labels to `wg-easy`
To add labels to your `wg-easy` service, you can add the following to your `docker-compose.yml` file:
File: `/etc/docker/containers/wg-easy/docker-compose.yml`
```yaml
services:
wg-easy:
...
container_name: wg-easy
networks:
...
traefik: {}
labels:
- "traefik.enable=true"
- "traefik.http.routers.wg-easy.rule=Host(`wg-easy.$example.com$`)"
- "traefik.http.routers.wg-easy.entrypoints=websecure"
- "traefik.http.routers.wg-easy.service=wg-easy"
- "traefik.http.services.wg-easy.loadbalancer.server.port=51821"
...
networks:
...
traefik:
external: true
```
## Restart `wg-easy`
```shell
cd /etc/docker/containers/wg-easy
sudo docker-compose up -d
```
You can now access `wg-easy` at `https://wg-easy.$example.com$` and start the setup.
docs/content/faq.md
+97
View File
@@ -0,0 +1,97 @@
---
title: FAQ
hide:
- navigation
---
Here are some frequently asked questions or errors about `wg-easy`. If you have a question that is not answered here, please feel free to open a discussion on GitHub.
## Error: WireGuard exited with the error: Cannot find device "wg0"
This error indicates that the WireGuard interface `wg0` does not exist. This can happen if the WireGuard kernel module is not loaded or if the interface was not created properly.
To resolve this issue, you can try the following steps:
1. **Load the WireGuard kernel module**: If the WireGuard kernel module is not loaded, you can load it manually by running:
```shell
sudo modprobe wireguard
```
2. **Load the WireGuard kernel module on boot**: If you want to ensure that the WireGuard kernel module is loaded automatically on boot, you can add it to the `/etc/modules` file:
```shell
echo "wireguard" | sudo tee -a /etc/modules
```
## can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
This error indicates that the `nat` table in `iptables` does not exist. This can happen if the `iptables` kernel module is not loaded or if the `nat` table is not supported by your kernel.
To resolve this issue, you can try the following steps:
1. **Load the `nat` kernel module**: If the `nat` kernel module is not loaded, you can load it manually by running:
```shell
sudo modprobe iptable_nat
```
2. **Load the `nat` kernel module on boot**: If you want to ensure that the `nat` kernel module is loaded automatically on boot, you can add it to the `/etc/modules` file:
```shell
echo "iptable_nat" | sudo tee -a /etc/modules
```
## can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?)
This error indicates that the `nat` table in `ip6tables` does not exist. This can happen if the `ip6tables` kernel module is not loaded or if the `nat` table is not supported by your kernel.
To resolve this issue, you can try the following steps:
1. **Load the `nat` kernel module**: If the `nat` kernel module is not loaded, you can load it manually by running:
```shell
sudo modprobe ip6table_nat
```
2. **Load the `nat` kernel module on boot**: If you want to ensure that the `nat` kernel module is loaded automatically on boot, you can add it to the `/etc/modules` file:
```shell
echo "ip6table_nat" | sudo tee -a /etc/modules
```
## can't initialize iptables table `filter': Permission denied
This error indicates that the `filter` table in `iptables` cannot be initialized due to permission issues. This can happen if you are not running the command with sufficient privileges.
To resolve this issue, you can try the following steps:
1. **Load the `filter` kernel module**: If the `filter` kernel module is not loaded, you can load it manually by running:
```shell
sudo modprobe iptable_filter
```
2. **Load the `filter` kernel module on boot**: If you want to ensure that the `filter` kernel module is loaded automatically on boot, you can add it to the `/etc/modules` file:
```shell
echo "iptable_filter" | sudo tee -a /etc/modules
```
## can't initialize ip6tables table `filter': Permission denied
This error indicates that the `filter` table in `ip6tables` cannot be initialized due to permission issues. This can happen if you are not running the command with sufficient privileges.
To resolve this issue, you can try the following steps:
1. **Load the `filter` kernel module**: If the `filter` kernel module is not loaded, you can load it manually by running:
```shell
sudo modprobe ip6table_filter
```
2. **Load the `filter` kernel module on boot**: If you want to ensure that the `filter` kernel module is loaded automatically on boot, you can add it to the `/etc/modules` file:
```shell
echo "ip6table_filter" | sudo tee -a /etc/modules
```
docs/content/getting-started.md
+19 -39
View File
@@ -1,10 +1,10 @@
---
title: Getting Started
hide:
- navigation
- navigation
---
This page explains how to get started with wg-easy. The guide uses Docker Compose as a reference. In our examples, we mount the named volume `etc_wireguard` to `/etc/wireguard` inside the container.
This page explains how to get started with `wg-easy`. The guide uses Docker Compose as a reference. In our examples, we mount the named volume `etc_wireguard` to `/etc/wireguard` inside the container.
## Preliminary Steps
@@ -12,7 +12,7 @@ Before you can get started with deploying your own VPN, there are some requireme
1. You need to have a host that you can manage
2. You need to have a domain name or a public IP address
3. You need a supported architecture (x86_64, arm64)
3. You need a supported architecture (x86_64, arm64, armv7)
### Host Setup
@@ -29,7 +29,7 @@ If you're using podman, make sure to read the related [documentation][docs-podma
[docker-compose]: https://docs.docker.com/compose/
[docker-compose-installation]: https://docs.docker.com/compose/install/
[docker-compose-specification]: https://docs.docker.com/compose/compose-file/
[docs-podman]: ./examples/tutorials/podman.md
[docs-podman]: ./examples/tutorials/podman-nft.md
## Deploying the Actual Image
@@ -41,10 +41,16 @@ To understand which tags you should use, read this section carefully. [Our CI][g
All workflows are using the tagging convention listed below. It is subsequently applied to all images.
| Event | Image Tags |
| ----------------------- | ----------------------------- |
| `cron` on `master` | `nightly` |
| `push` a tag (`v1.2.3`) | `1.2.3`, `1.2`, `1`, `latest` |
| tag | Type | Example | Description |
| ------------- | ------------------------------- | ------------------------------------------------------------- | ----------------------------------------------------------------------------- |
| `15` | latest minor for that major tag | `ghcr.io/wg-easy/wg-easy:15` | latest features for specific major versions, no breaking changes, recommended |
| `latest` | latest tag | `ghcr.io/wg-easy/wg-easy:latest` or `ghcr.io/wg-easy/wg-easy` | points to latest release, can include breaking changes |
| `15.0` | latest patch for that minor tag | `ghcr.io/wg-easy/wg-easy:15.0` | latest patches for specific minor version |
| `15.0.0` | specific tag | `ghcr.io/wg-easy/wg-easy:15.0.0` | specific release, no updates |
| `edge` | push to `master` | `ghcr.io/wg-easy/wg-easy:edge` | mostly unstable, gets frequent package and code updates |
| `development` | pull requests | `ghcr.io/wg-easy/wg-easy:development` | used for development, testing code from PRs |
<!-- ref: major version -->
When publishing a tag we follow the [Semantic Versioning][semver] specification. The `latest` tag is always pointing to the latest stable release. If you want to avoid breaking changes, use the major version tag (e.g. `15`).
@@ -52,41 +58,15 @@ When publishing a tag we follow the [Semantic Versioning][semver] specification.
[ghcr-image]: https://github.com/wg-easy/wg-easy/pkgs/container/wg-easy
[semver]: https://semver.org/
### Get All Files
### Follow tutorials
Issue the following command to acquire the necessary file:
- [Basic Installation with Docker Compose (Recommended)](./examples/tutorials/basic-installation.md)
- [Simple Installation with Docker Run](./examples/tutorials/docker-run.md)
- [Advanced Installation with Podman](./examples/tutorials/podman-nft.md)
```shell
wget "https://raw.githubusercontent.com/wg-easy/wg-easy/master/docker-compose.yml"
```
### Start the Container
To start the container, issue the following command:
```shell
sudo docker compose up -d
```
### Configuration Steps
Now follow the setup process in your web browser
### Stopping the Container
To stop the container, issue the following command:
```shell
sudo docker compose down
```
/// danger | Using the Correct Commands For Stopping and Starting wg-easy
/// danger | Use the Correct Commands For Stopping and Starting `wg-easy`
**Use `sudo docker compose up / down`, not `sudo docker compose start / stop`**. Otherwise, the container is not properly destroyed and you may experience problems during startup because of inconsistent state.
///
**That's it! It really is that easy**.
If you need more help you can read the [Basic Installation Tutorial][basic-installation].
[basic-installation]: ./examples/tutorials/basic-installation.md
docs/content/guides/2fa.md
+26
View File
@@ -0,0 +1,26 @@
---
title: 2FA
---
The user can enable 2FA from the Account page. The Account page is accessible from the dropdown menu in the top right corner of the application.
## Enable TOTP
- **Enable Two Factor Authentication**: Enable TOTP for the user.
## Configure TOTP
A QR code will be displayed. Scan the QR code with your TOTP application (e.g., Google Authenticator, Authy, etc.) to add the account.
To verify that the TOTP key is working, the user must enter the TOTP code generated by the TOTP application.
- **TOTP Key**: The TOTP key for the user. This key is used to generate the TOTP code.
- **TOTP Code**: The current TOTP code for the user. This code is used to verify the TOTP key.
- **Enable Two Factor Authentication**: Enable TOTP for the user.
## Disable TOTP
To disable TOTP, the user must enter the current password.
- **Current Password**: The current password of the user.
- **Disable Two Factor Authentication**: Disable TOTP for the user.
docs/content/guides/admin.md
+5
View File
@@ -0,0 +1,5 @@
---
title: Admin Panel
---
TODO
docs/content/guides/cli.md
+43
View File
@@ -0,0 +1,43 @@
---
title: CLI
---
If you want to use the CLI, you can run it with
### Docker Compose
```shell
cd /etc/docker/containers/wg-easy
docker compose exec -it wg-easy cli
```
### Docker Run
```shell
docker run --rm -it \
-v ~/.wg-easy:/etc/wireguard \
ghcr.io/wg-easy/wg-easy:15 \
cli
```
### Reset Password
If you want to reset the password for the admin user, you can run the following command:
#### By Prompt
```shell
cd /etc/docker/containers/wg-easy
docker compose exec -it wg-easy cli db:admin:reset
```
You are asked to provide the new password
#### By Argument
```shell
cd /etc/docker/containers/wg-easy
docker compose exec -it wg-easy cli db:admin:reset --password <new_password>
```
This will reset the password for the admin user to the new password you provided. If you include special characters in the password, make sure to escape them properly.
docs/content/guides/clients.md
+50
View File
@@ -0,0 +1,50 @@
---
title: Edit Client
---
## General
- **Name**: The name of the client.
- **Enabled**: Whether the client can connect to the VPN.
- **Expire Date**: The date the client will be disabled.
## Address
- **IPv4**: The IPv4 address of the client.
- **IPv6**: The IPv6 address of the client.
## Allowed IPs
Which IPs will be routed through the VPN.
This will not prevent the user from modifying it locally and accessing IP ranges that they should not be able to access.
Use firewall rules to prevent access to IP ranges that the user should not be able to access.
## Server Allowed IPs
Which IPs will be routed to the client.
## DNS
The DNS server that the client will use.
## Advanced
- **MTU**: The maximum transmission unit for the client.
- **Persistent Keepalive**: The interval for sending keepalive packets to the server.
## Hooks
This can only be used for clients that use `wg-quick`. Setting this will throw a error when importing the config on other clients.
- **PreUp**: Commands to run before the interface is brought up.
- **PostUp**: Commands to run after the interface is brought up.
- **PreDown**: Commands to run before the interface is brought down.
- **PostDown**: Commands to run after the interface is brought down.
## Actions
- **Save**: Save the changes made in the form.
- **Revert**: Revert the changes made in the form.
- **Delete**: Delete the client.
docs/content/guides/setup.md
+24
View File
@@ -0,0 +1,24 @@
---
title: Setup
---
## User Setup
- **Username**: The username of the user.
- **Password**: The password of the user.
- **Confirm Password**: The password of the user.
## Existing Setup
If you have the config from the previous version, you can import it by clicking "Yes". This currently expects a config from v14.
If this is the first time you are using this, you can click "No" to create a new config.
### No - Host Setup
- **Host**: The host of the server. The clients will connect to this address. This can be a domain name or an IP address. Make sure to wrap it in brackets if it is an IPv6 address. For example: `[::1]` or `[2001:db8::1]`.
- **Port**: The port of the server. The clients will connect to this port. The server will listen on this port.
### Yes - Migration
Select the `wg0.json` file from the previous version. Read [Migrate from v14 to v15](../advanced/migrate/from-14-to-15.md) for more information.
docs/content/index.md
+2 -2
View File
@@ -1,7 +1,7 @@
---
title: Home
hide:
- navigation
- navigation
---
# Welcome to the Documentation for `wg-easy`
@@ -11,7 +11,7 @@ hide:
**Make sure** to select the correct version of this documentation! It should match the version of the image you are using. The default version corresponds to the `:latest` image tag - [the most recent stable release][docs-tagging].
///
This documentation provides you not only with the basic setup and configuration of wg-easy but also with advanced configuration, elaborate usage scenarios, detailed examples, hints and more.
This documentation provides you not only with the basic setup and configuration of `wg-easy` but also with advanced configuration, elaborate usage scenarios, detailed examples, hints and more.
[docs-tagging]: ./getting-started.md#tagging-convention
docs/mkdocs.yml
+73 -73
View File
@@ -1,87 +1,87 @@
site_name: "wg-easy"
site_description: "The easiest way to run WireGuard VPN + Web-based Admin UI."
site_author: "WireGuard Easy"
site_name: 'wg-easy'
site_description: 'The easiest way to run WireGuard VPN + Web-based Admin UI.'
site_author: 'WireGuard Easy'
copyright: >
<p>
&copy <a href="https://github.com/wg-easy"><em>Wireguard Easy</em></a><br/>
<span>This project is licensed under AGPL-3.0-only.</span><br/>
<span>This project is not affiliated, associated, authorized, endorsed by, or in any way officially connected with Jason A. Donenfeld, ZX2C4 or Edge Security</span><br/>
<span>"WireGuard" and the "WireGuard" logo are registered trademarks of Jason A. Donenfeld</span>
</p>
<p>
&copy <a href="https://github.com/wg-easy"><em>Wireguard Easy</em></a><br/>
<span>This project is licensed under AGPL-3.0-only.</span><br/>
<span>This project is not affiliated, associated, authorized, endorsed by, or in any way officially connected with Jason A. Donenfeld, ZX2C4 or Edge Security</span><br/>
<span>"WireGuard" and the "WireGuard" logo are registered trademarks of Jason A. Donenfeld</span>
</p>
repo_url: https://github.com/wg-easy/wg-easy
repo_name: wg-easy
edit_uri: "edit/master/docs/content"
edit_uri: 'edit/master/docs/content'
docs_dir: "content/"
docs_dir: 'content/'
site_url: https://wg-easy.github.io/wg-easy
theme:
name: material
favicon: assets/logo/favicon.png
logo: assets/logo/logo.png
icon:
repo: fontawesome/brands/github
features:
- navigation.tabs
- navigation.top
- navigation.expand
- navigation.instant
- content.action.edit
- content.action.view
- content.code.annotate
palette:
# Light mode
- media: "(prefers-color-scheme: light)"
scheme: default
primary: grey
accent: red
toggle:
icon: material/weather-night
name: Switch to dark mode
# Dark mode
- media: "(prefers-color-scheme: dark)"
scheme: slate
primary: grey
accent: red
toggle:
icon: material/weather-sunny
name: Switch to light mode
name: material
favicon: assets/logo/favicon.png
logo: assets/logo/logo.png
icon:
repo: fontawesome/brands/github
features:
- navigation.tabs
- navigation.top
- navigation.expand
- navigation.instant
- content.action.edit
- content.action.view
- content.code.annotate
palette:
# Light mode
- media: '(prefers-color-scheme: light)'
scheme: default
primary: grey
accent: red
toggle:
icon: material/weather-night
name: Switch to dark mode
# Dark mode
- media: '(prefers-color-scheme: dark)'
scheme: slate
primary: grey
accent: red
toggle:
icon: material/weather-sunny
name: Switch to light mode
extra:
version:
provider: mike
version:
provider: mike
markdown_extensions:
- toc:
anchorlink: true
- abbr
- attr_list
- pymdownx.blocks.admonition:
types:
- danger
- note
- info
- question
- warning
- pymdownx.details
- pymdownx.superfences:
custom_fences:
- name: mermaid
class: mermaid
format: !!python/name:pymdownx.superfences.fence_code_format
- pymdownx.tabbed:
alternate_style: true
slugify: !!python/object/apply:pymdownx.slugs.slugify
kwds:
case: lower
- pymdownx.tasklist:
custom_checkbox: true
- pymdownx.magiclink
- pymdownx.inlinehilite
- pymdownx.tilde
- pymdownx.emoji:
emoji_index: !!python/name:material.extensions.emoji.twemoji
emoji_generator: !!python/name:material.extensions.emoji.to_svg
- toc:
anchorlink: true
- abbr
- attr_list
- pymdownx.blocks.admonition:
types:
- danger
- note
- info
- question
- warning
- pymdownx.details
- pymdownx.superfences:
custom_fences:
- name: mermaid
class: mermaid
format: !!python/name:pymdownx.superfences.fence_code_format
- pymdownx.tabbed:
alternate_style: true
slugify: !!python/object/apply:pymdownx.slugs.slugify
kwds:
case: lower
- pymdownx.tasklist:
custom_checkbox: true
- pymdownx.magiclink
- pymdownx.inlinehilite
- pymdownx.tilde
- pymdownx.emoji:
emoji_index: !!python/name:material.extensions.emoji.twemoji
emoji_generator: !!python/name:material.extensions.emoji.to_svg
package.json
+8 -3
View File
@@ -2,10 +2,15 @@
"version": "1.0.0",
"private": true,
"scripts": {
"dev": "docker compose -f docker-compose.dev.yml up --build",
"dev": "docker compose -f docker-compose.dev.yml up wg-easy --build",
"cli:dev": "docker compose -f docker-compose.dev.yml run --build --rm -it wg-easy cli:dev",
"build": "docker build -t wg-easy .",
"docs:preview": "docker run --rm -it -p 8080:8080 -v ./docs:/docs squidfunk/mkdocs-material serve -a 0.0.0.0:8080",
"scripts:version": "bash scripts/version.sh"
"scripts:version": "bash scripts/version.sh",
"format:check:docs": "prettier --check docs"
},
"packageManager": "pnpm@10.7.0"
"devDependencies": {
"prettier": "^3.5.3"
},
"packageManager": "pnpm@10.11.0"
}
pnpm-lock.yaml
Generated
+16 -1
View File
@@ -6,4 +6,19 @@ settings:
importers:
.: {}
.:
devDependencies:
prettier:
specifier: ^3.5.3
version: 3.5.3
packages:
prettier@3.5.3:
resolution: {integrity: sha512-QQtaxnoDJeAkDvDKWCLiwIXkTgRhwYDEQCghU9Z6q03iyek/rxRh/2lC3HB7P8sWT2xC/y5JDctPLBIGzHKbhw==}
engines: {node: '>=14'}
hasBin: true
snapshots:
prettier@3.5.3: {}
src/.npmrc
-1
View File
@@ -1 +0,0 @@
public-hoist-pattern[]=@libsql/linux*
src/app/components/Admin/CidrDialog.vue
+3 -3
View File
@@ -10,12 +10,12 @@
</template>
<template #actions>
<DialogClose as-child>
<BaseButton>{{ $t('dialog.cancel') }}</BaseButton>
<BaseSecondaryButton>{{ $t('dialog.cancel') }}</BaseSecondaryButton>
</DialogClose>
<DialogClose as-child>
<BaseButton @click="$emit('change', ipv4Cidr, ipv6Cidr)">
<BasePrimaryButton @click="$emit('change', ipv4Cidr, ipv6Cidr)">
{{ $t('dialog.change') }}
</BaseButton>
</BasePrimaryButton>
</DialogClose>
</template>
</BaseDialog>
src/app/components/Admin/RestartInterfaceDialog.vue
+3 -3
View File
@@ -7,12 +7,12 @@
</template>
<template #actions>
<DialogClose as-child>
<BaseButton>{{ $t('dialog.cancel') }}</BaseButton>
<BaseSecondaryButton>{{ $t('dialog.cancel') }}</BaseSecondaryButton>
</DialogClose>
<DialogClose as-child>
<BaseButton @click="$emit('restart')">
<BasePrimaryButton @click="$emit('restart')">
{{ $t('admin.interface.restart') }}
</BaseButton>
</BasePrimaryButton>
</DialogClose>
</template>
</BaseDialog>
src/app/components/Admin/SuggestDialog.vue
+3 -3
View File
@@ -13,12 +13,12 @@
</template>
<template #actions>
<DialogClose as-child>
<BaseButton>{{ $t('dialog.cancel') }}</BaseButton>
<BaseSecondaryButton>{{ $t('dialog.cancel') }}</BaseSecondaryButton>
</DialogClose>
<DialogClose as-child>
<BaseButton @click="$emit('change', selected)">
<BasePrimaryButton @click="$emit('change', selected)">
{{ $t('dialog.change') }}
</BaseButton>
</BasePrimaryButton>
</DialogClose>
</template>
</BaseDialog>
src/app/components/Base/PrimaryButton.vue
+26
View File
@@ -0,0 +1,26 @@
<template>
<component
:is="elementType"
role="button"
class="inline-flex items-center rounded border-2 border-red-800 bg-red-800 px-4 py-2 text-white transition hover:border-red-600 hover:bg-red-600"
v-bind="attrs"
>
<slot />
</component>
</template>
<script setup lang="ts">
const props = defineProps({
as: {
type: String,
default: 'button',
},
});
const elementType = computed(() => props.as);
const attrs = computed(() => {
const { as, ...attrs } = props;
return attrs;
});
</script>
src/app/components/Base/Button.vue → src/app/components/Base/SecondaryButton.vue
+2 -2
View File
@@ -20,7 +20,7 @@ const props = defineProps({
const elementType = computed(() => props.as);
const attrs = computed(() => {
const { as, ...attrs } = props;
return attrs;
const { as, ...rest } = props;
return rest;
});
</script>
src/app/components/Clients/CreateDialog.vue
+4 -2
View File
@@ -18,10 +18,12 @@
</template>
<template #actions>
<DialogClose as-child>
<BaseButton>{{ $t('dialog.cancel') }}</BaseButton>
<BaseSecondaryButton>{{ $t('dialog.cancel') }}</BaseSecondaryButton>
</DialogClose>
<DialogClose as-child>
<BaseButton @click="createClient">{{ $t('client.create') }}</BaseButton>
<BasePrimaryButton @click="createClient">
{{ $t('client.create') }}
</BasePrimaryButton>
</DialogClose>
</template>
</BaseDialog>
src/app/components/Clients/DeleteDialog.vue
+4 -4
View File
@@ -9,12 +9,12 @@
</template>
<template #actions>
<DialogClose as-child>
<BaseButton>{{ $t('dialog.cancel') }}</BaseButton>
<BasePrimaryButton>{{ $t('dialog.cancel') }}</BasePrimaryButton>
</DialogClose>
<DialogClose as-child>
<BaseButton @click="$emit('delete')">{{
$t('client.deleteClient')
}}</BaseButton>
<BaseSecondaryButton @click="$emit('delete')">
{{ $t('client.deleteClient') }}
</BaseSecondaryButton>
</DialogClose>
</template>
</BaseDialog>
src/app/components/Clients/Empty.vue
+2 -2
View File
@@ -2,10 +2,10 @@
<p class="m-10 text-center text-sm text-gray-400 dark:text-neutral-400">
{{ $t('client.empty') }}<br /><br />
<ClientsCreateDialog>
<BaseButton as="span">
<BaseSecondaryButton as="span">
<IconsPlus class="w-4 md:mr-2" />
<span class="text-sm">{{ $t('client.new') }}</span>
</BaseButton>
</BaseSecondaryButton>
</ClientsCreateDialog>
</p>
</template>
src/app/components/Clients/New.vue
+2 -2
View File
@@ -1,8 +1,8 @@
<template>
<ClientsCreateDialog>
<BaseButton as="span">
<BaseSecondaryButton as="span">
<IconsPlus class="w-4 md:mr-2" />
<span class="text-sm max-md:hidden">{{ $t('client.newShort') }}</span>
</BaseButton>
</BaseSecondaryButton>
</ClientsCreateDialog>
</template>
src/app/components/Clients/QRCodeDialog.vue
+4 -2
View File
@@ -4,11 +4,13 @@
<slot />
</template>
<template #description>
<img :src="qrCode" />
<div class="bg-white">
<img :src="qrCode" />
</div>
</template>
<template #actions>
<DialogClose>
<BaseButton>{{ $t('dialog.cancel') }}</BaseButton>
<BaseSecondaryButton>{{ $t('dialog.cancel') }}</BaseSecondaryButton>
</DialogClose>
</template>
</BaseDialog>
src/app/components/Clients/Sort.vue
+2 -2
View File
@@ -1,12 +1,12 @@
<template>
<BaseButton @click="toggleSort">
<BasePrimaryButton @click="toggleSort">
<IconsArrowDown
v-if="globalStore.sortClient === true"
class="w-4 md:mr-2"
/>
<IconsArrowUp v-else class="w-4 md:mr-2" />
<span class="text-sm max-md:hidden"> {{ $t('client.sort') }}</span>
</BaseButton>
</BasePrimaryButton>
</template>
<script setup lang="ts">
src/app/components/Form/ArrayField.vue
+2 -2
View File
@@ -12,7 +12,7 @@
class="rounded-lg border-2 border-gray-100 text-gray-500 focus:border-red-800 focus:outline-0 focus:ring-0 dark:border-neutral-800 dark:bg-neutral-700 dark:text-neutral-200 dark:placeholder:text-neutral-400"
@input="update($event, i)"
/>
<BaseButton
<BaseSecondaryButton
as="input"
type="button"
class="rounded-lg"
@@ -22,7 +22,7 @@
</div>
</div>
<div class="mt-2">
<BaseButton
<BasePrimaryButton
as="input"
type="button"
class="rounded-lg"
src/app/components/Form/HostField.vue
+3 -3
View File
@@ -7,7 +7,7 @@
<IconsInfo class="size-4" />
</BaseTooltip>
</div>
<div class="flex">
<div class="flex gap-1">
<BaseInput
:id="id"
v-model.trim="data"
@@ -18,12 +18,12 @@
/>
<ClientOnly>
<AdminSuggestDialog :url="url" @change="data = $event">
<BaseButton as="span">
<BasePrimaryButton as="span">
<div class="flex items-center gap-3">
<IconsSparkles class="w-4" />
<span>{{ $t('admin.config.suggest') }}</span>
</div>
</BaseButton>
</BasePrimaryButton>
</AdminSuggestDialog>
</ClientOnly>
</div>
src/app/components/Form/NullArrayField.vue
+2 -2
View File
@@ -12,7 +12,7 @@
class="rounded-lg border-2 border-gray-100 text-gray-500 focus:border-red-800 focus:outline-0 focus:ring-0 dark:border-neutral-800 dark:bg-neutral-700 dark:text-neutral-200 dark:placeholder:text-neutral-400"
@input="update($event, i)"
/>
<BaseButton
<BaseSecondaryButton
as="input"
type="button"
class="rounded-lg"
@@ -22,7 +22,7 @@
</div>
</div>
<div class="mt-2">
<BaseButton
<BasePrimaryButton
as="input"
type="button"
class="rounded-lg"
src/app/components/Form/NullTextField.vue
+1 -1
View File
@@ -12,7 +12,7 @@
v-model.trim="data"
:name="id"
type="text"
:autcomplete="autocomplete"
:autocomplete="autocomplete"
:placeholder="placeholder"
/>
</template>
src/app/components/Form/PrimaryActionField.vue
+16
View File
@@ -0,0 +1,16 @@
<template>
<input
:value="label"
:type="type ?? 'button'"
class="col-span-2 rounded-lg border-2 border-red-800 bg-red-800 py-2 text-white hover:border-red-600 hover:bg-red-600 focus:border-red-800 focus:outline-0 focus:ring-0"
/>
</template>
<script lang="ts" setup>
import type { InputTypeHTMLAttribute } from 'vue';
defineProps<{
label: string;
type?: InputTypeHTMLAttribute;
}>();
</script>
src/app/components/Form/ActionField.vue → src/app/components/Form/SecondaryActionField.vue
View File
src/app/components/Form/TextField.vue
+3 -1
View File
@@ -12,7 +12,8 @@
v-model.trim="data"
:name="id"
type="text"
:autcomplete="autocomplete"
:autocomplete="autocomplete"
:disabled="disabled"
/>
</template>
@@ -22,6 +23,7 @@ defineProps<{
label: string;
description?: string;
autocomplete?: string;
disabled?: boolean;
}>();
const data = defineModel<string>();
src/app/composables/useSubmit.ts
+31 -14
View File
@@ -1,21 +1,42 @@
import type { NitroFetchRequest, NitroFetchOptions } from 'nitropack/types';
import type {
NitroFetchRequest,
NitroFetchOptions,
TypedInternalResponse,
ExtractedRouteMethod,
} from 'nitropack/types';
import { FetchError } from 'ofetch';
type RevertFn = (success: boolean) => Promise<void>;
type RevertFn<
R extends NitroFetchRequest,
T = unknown,
O extends NitroFetchOptions<R> = NitroFetchOptions<R>,
> = (
success: boolean,
data:
| TypedInternalResponse<
R,
T,
NitroFetchOptions<R> extends O ? 'get' : ExtractedRouteMethod<R, O>
>
| undefined
) => Promise<void>;
type SubmitOpts = {
revert: RevertFn;
type SubmitOpts<
R extends NitroFetchRequest,
T = unknown,
O extends NitroFetchOptions<R> = NitroFetchOptions<R>,
> = {
revert: RevertFn<R, T, O>;
successMsg?: string;
errorMsg?: string;
noSuccessToast?: boolean;
};
export function useSubmit<
R extends NitroFetchRequest,
O extends NitroFetchOptions<R> & { body?: never },
>(url: R, options: O, opts: SubmitOpts) {
T = unknown,
>(url: R, options: O, opts: SubmitOpts<R, T, O>) {
const toast = useToast();
const { t: $t } = useI18n();
return async (data: unknown) => {
try {
@@ -24,11 +45,6 @@ export function useSubmit<
body: data,
});
// eslint-disable-next-line @typescript-eslint/no-explicit-any
if (!(res as any).success) {
throw new Error(opts.errorMsg || $t('toast.errored'));
}
if (!opts.noSuccessToast) {
toast.showToast({
type: 'success',
@@ -36,7 +52,8 @@ export function useSubmit<
});
}
await opts.revert(true);
// eslint-disable-next-line @typescript-eslint/no-explicit-any
await opts.revert(true, res as any);
} catch (e) {
if (e instanceof FetchError) {
toast.showToast({
@@ -51,7 +68,7 @@ export function useSubmit<
} else {
console.error(e);
}
await opts.revert(false);
await opts.revert(false, undefined);
}
};
}
src/app/pages/admin.vue
+2 -2
View File
@@ -15,12 +15,12 @@
:to="`/admin/${item.id}`"
active-class="bg-red-800 rounded"
>
<BaseButton
<BaseSecondaryButton
as="span"
class="w-full cursor-pointer rounded p-2 font-medium transition-colors duration-200 hover:bg-red-800 dark:text-neutral-200"
>
{{ item.name }}
</BaseButton>
</BaseSecondaryButton>
</NuxtLink>
</div>
</div>
src/app/pages/admin/config.vue
+2 -2
View File
@@ -49,8 +49,8 @@
</FormGroup>
<FormGroup>
<FormHeading>{{ $t('form.actions') }}</FormHeading>
<FormActionField type="submit" :label="$t('form.save')" />
<FormActionField :label="$t('form.revert')" @click="revert" />
<FormPrimaryActionField type="submit" :label="$t('form.save')" />
<FormSecondaryActionField :label="$t('form.revert')" @click="revert" />
</FormGroup>
</FormElement>
</main>
src/app/pages/admin/general.vue
+2 -2
View File
@@ -32,8 +32,8 @@
</FormGroup>
<FormGroup>
<FormHeading>{{ $t('form.actions') }}</FormHeading>
<FormActionField type="submit" :label="$t('form.save')" />
<FormActionField :label="$t('form.revert')" @click="revert" />
<FormPrimaryActionField type="submit" :label="$t('form.save')" />
<FormSecondaryActionField :label="$t('form.revert')" @click="revert" />
</FormGroup>
</FormElement>
</main>
src/app/pages/admin/hooks.vue
+2 -2
View File
@@ -25,8 +25,8 @@
</FormGroup>
<FormGroup>
<FormHeading>{{ $t('form.actions') }}</FormHeading>
<FormActionField type="submit" :label="$t('form.save')" />
<FormActionField :label="$t('form.revert')" @click="revert" />
<FormPrimaryActionField type="submit" :label="$t('form.save')" />
<FormSecondaryActionField :label="$t('form.revert')" @click="revert" />
</FormGroup>
</FormElement>
</main>
src/app/pages/admin/interface.vue
+4 -6
View File
@@ -23,15 +23,15 @@
</FormGroup>
<FormGroup>
<FormHeading>{{ $t('form.actions') }}</FormHeading>
<FormActionField type="submit" :label="$t('form.save')" />
<FormActionField :label="$t('form.revert')" @click="revert" />
<FormPrimaryActionField type="submit" :label="$t('form.save')" />
<FormSecondaryActionField :label="$t('form.revert')" @click="revert" />
<AdminCidrDialog
trigger-class="col-span-2"
:ipv4-cidr="data.ipv4Cidr"
:ipv6-cidr="data.ipv6Cidr"
@change="changeCidr"
>
<FormActionField
<FormSecondaryActionField
:label="$t('admin.interface.changeCidr')"
class="w-full"
tabindex="-1"
@@ -41,7 +41,7 @@
trigger-class="col-span-2"
@restart="restartInterface"
>
<FormActionField
<FormSecondaryActionField
:label="$t('admin.interface.restart')"
class="w-full"
tabindex="-1"
@@ -86,7 +86,6 @@ const _changeCidr = useSubmit(
{
revert,
successMsg: t('admin.interface.cidrSuccess'),
errorMsg: t('admin.interface.cidrError'),
}
);
@@ -102,7 +101,6 @@ const _restartInterface = useSubmit(
{
revert,
successMsg: t('admin.interface.restartSuccess'),
errorMsg: t('admin.interface.restartError'),
}
);
src/app/pages/clients/[id].vue
+6 -3
View File
@@ -107,14 +107,17 @@
</FormGroup>
<FormGroup>
<FormHeading>{{ $t('form.actions') }}</FormHeading>
<FormActionField type="submit" :label="$t('form.save')" />
<FormActionField :label="$t('form.revert')" @click="revert" />
<FormPrimaryActionField type="submit" :label="$t('form.save')" />
<FormSecondaryActionField
:label="$t('form.revert')"
@click="revert"
/>
<ClientsDeleteDialog
trigger-class="col-span-2"
:client-name="data.name"
@delete="deleteClient"
>
<FormActionField
<FormSecondaryActionField
label="Delete"
class="w-full"
type="button"
src/app/pages/login.vue
+44 -7
View File
@@ -30,6 +30,18 @@
autocomplete="current-password"
/>
<BaseInput
v-if="totpRequired"
v-model="totp"
type="text"
name="totp"
:placeholder="$t('general.2faCode')"
autocomplete="one-time-code"
inputmode="numeric"
maxlength="6"
pattern="\d{6}"
/>
<label
class="flex gap-2 whitespace-nowrap"
:title="$t('login.rememberMeDesc')"
@@ -58,10 +70,15 @@
const authStore = useAuthStore();
authStore.update();
const toast = useToast();
const { t } = useI18n();
const authenticating = ref(false);
const remember = ref(false);
const username = ref<null | string>(null);
const password = ref<null | string>(null);
const username = ref<string>('');
const password = ref<string>('');
const totpRequired = ref(false);
const totp = ref<string>('');
const _submit = useSubmit(
'/api/session',
@@ -69,13 +86,32 @@ const _submit = useSubmit(
method: 'post',
},
{
revert: async (success) => {
authenticating.value = false;
password.value = null;
revert: async (success, data) => {
if (success) {
await navigateTo('/');
if (data?.status === 'success') {
await navigateTo('/');
} else if (data?.status === 'TOTP_REQUIRED') {
authenticating.value = false;
totpRequired.value = true;
toast.showToast({
title: t('general.2fa'),
message: t('login.2faRequired'),
type: 'error',
});
return;
} else if (data?.status === 'INVALID_TOTP_CODE') {
authenticating.value = false;
totp.value = '';
toast.showToast({
title: t('general.2fa'),
message: t('login.2faWrong'),
type: 'error',
});
return;
}
}
authenticating.value = false;
password.value = '';
},
noSuccessToast: true,
}
@@ -90,6 +126,7 @@ async function submit() {
username: username.value,
password: password.value,
remember: remember.value,
totpCode: totpRequired.value ? totp.value : undefined,
});
}
</script>
src/app/pages/me.vue
+144 -2
View File
@@ -18,7 +18,7 @@
v-model="email"
:label="$t('user.email')"
/>
<FormActionField type="submit" :label="$t('form.save')" />
<FormSecondaryActionField type="submit" :label="$t('form.save')" />
</FormGroup>
</FormElement>
<FormElement @submit.prevent="updatePassword">
@@ -42,18 +42,83 @@
autocomplete="new-password"
:label="$t('general.confirmPassword')"
/>
<FormActionField
<FormSecondaryActionField
type="submit"
:label="$t('general.updatePassword')"
/>
</FormGroup>
</FormElement>
<FormElement @submit.prevent>
<FormGroup>
<FormHeading>{{ $t('general.2fa') }}</FormHeading>
<div
v-if="!authStore.userData?.totpVerified && !twofa"
class="col-span-2 flex flex-col"
>
<FormSecondaryActionField
:label="$t('me.enable2fa')"
@click="setup2fa"
/>
</div>
<div
v-if="!authStore.userData?.totpVerified && twofa"
class="col-span-2"
>
<p class="text-sm text-gray-500 dark:text-gray-400">
{{ $t('me.enable2faDesc') }}
</p>
<div class="mt-2 flex flex-col gap-2">
<img :src="twofa.qrcode" size="128" class="bg-white" />
<FormTextField
id="2fakey"
:model-value="twofa.key"
:on-update:model-value="() => {}"
:label="$t('me.2faKey')"
:disabled="true"
/>
<p class="text-sm text-gray-500 dark:text-gray-400">
{{ $t('me.2faCodeDesc') }}
</p>
<FormTextField
id="2facode"
v-model="code"
:label="$t('general.2faCode')"
/>
<FormSecondaryActionField
:label="$t('me.enable2fa')"
@click="enable2fa"
/>
</div>
</div>
<div
v-if="authStore.userData?.totpVerified"
class="col-span-2 flex flex-col gap-2"
>
<p class="text-sm text-gray-500 dark:text-gray-400">
{{ $t('me.disable2faDesc') }}
</p>
<FormPasswordField
id="2fapassword"
v-model="disable2faPassword"
:label="$t('me.currentPassword')"
type="password"
autocomplete="current-password"
/>
<FormSecondaryActionField
:label="$t('me.disable2fa')"
@click="disable2fa"
/>
</div>
</FormGroup>
</FormElement>
</PanelBody>
</Panel>
</main>
</template>
<script setup lang="ts">
import { encodeQR } from 'qr';
const authStore = useAuthStore();
authStore.update();
@@ -101,4 +166,81 @@ function updatePassword() {
confirmPassword: confirmPassword.value,
});
}
const twofa = ref<{ key: string; qrcode: string } | null>(null);
const _setup2fa = useSubmit(
`/api/me/totp`,
{
method: 'post',
},
{
revert: async (success, data) => {
if (success && data?.type === 'setup') {
const qrcode = encodeQR(data.uri, 'svg', {
ecc: 'high',
scale: 4,
encoding: 'byte',
});
const svg = new Blob([qrcode], { type: 'image/svg+xml' });
twofa.value = { key: data.key, qrcode: URL.createObjectURL(svg) };
}
},
}
);
async function setup2fa() {
return _setup2fa({
type: 'setup',
});
}
const code = ref<string>('');
const _enable2fa = useSubmit(
`/api/me/totp`,
{
method: 'post',
},
{
revert: async (success, data) => {
if (success && data?.type === 'created') {
authStore.update();
twofa.value = null;
code.value = '';
}
},
}
);
async function enable2fa() {
return _enable2fa({
type: 'create',
code: code.value,
});
}
const disable2faPassword = ref('');
const _disable2fa = useSubmit(
`/api/me/totp`,
{
method: 'post',
},
{
revert: async (success, data) => {
if (success && data?.type === 'deleted') {
authStore.update();
disable2faPassword.value = '';
}
},
}
);
async function disable2fa() {
return _disable2fa({
type: 'delete',
currentPassword: disable2faPassword.value,
});
}
</script>
src/app/pages/setup/1.vue
+3 -1
View File
@@ -4,7 +4,9 @@
{{ $t('setup.welcomeDesc') }}
</p>
<NuxtLink to="/setup/2" class="mt-8">
<BaseButton as="span">{{ $t('general.continue') }}</BaseButton>
<BasePrimaryButton as="span">
{{ $t('general.continue') }}
</BasePrimaryButton>
</NuxtLink>
</div>
</template>
src/app/pages/setup/2.vue
+3 -1
View File
@@ -29,7 +29,9 @@
/>
</div>
<div class="mt-4 flex justify-center">
<BaseButton @click="submit">{{ $t('setup.createAccount') }}</BaseButton>
<BasePrimaryButton @click="submit">
{{ $t('setup.createAccount') }}
</BasePrimaryButton>
</div>
</div>
</div>
src/app/pages/setup/3.vue
+4 -4
View File
@@ -5,14 +5,14 @@
</p>
<div class="mt-4 flex justify-center gap-3">
<NuxtLink to="/setup/4" class="w-20">
<BaseButton as="span" class="w-full justify-center">
<BasePrimaryButton as="span" class="w-full justify-center">
{{ $t('general.no') }}
</BaseButton>
</BasePrimaryButton>
</NuxtLink>
<NuxtLink to="/setup/migrate" class="w-20">
<BaseButton as="span" class="w-full justify-center">
<BaseSecondaryButton as="span" class="w-full justify-center">
{{ $t('general.yes') }}
</BaseButton>
</BaseSecondaryButton>
</NuxtLink>
</div>
</div>
src/app/pages/setup/4.vue
+3 -1
View File
@@ -23,7 +23,9 @@
/>
</div>
<div class="mt-4 flex justify-center">
<BaseButton @click="submit">{{ $t('general.continue') }}</BaseButton>
<BasePrimaryButton @click="submit">
{{ $t('general.continue') }}
</BasePrimaryButton>
</div>
</div>
</div>
src/app/pages/setup/migrate.vue
+3 -1
View File
@@ -8,7 +8,9 @@
<input id="migration" type="file" @change="onChangeFile" />
</div>
<div class="mt-4">
<BaseButton @click="submit">{{ $t('setup.upload') }}</BaseButton>
<BasePrimaryButton @click="submit">
{{ $t('setup.upload') }}
</BasePrimaryButton>
</div>
</div>
</template>
src/app/pages/setup/success.vue
+1 -1
View File
@@ -2,7 +2,7 @@
<div class="flex flex-col items-center">
<p>{{ $t('setup.successful') }}</p>
<NuxtLink to="/login" class="mt-4">
<BaseButton as="span">{{ $t('login.signIn') }}</BaseButton>
<BasePrimaryButton as="span">{{ $t('login.signIn') }}</BasePrimaryButton>
</NuxtLink>
</div>
</template>
src/cli/build.js
+25
View File
@@ -0,0 +1,25 @@
// @ts-check
import { fileURLToPath } from 'node:url';
import esbuild from 'esbuild';
esbuild.build({
entryPoints: [fileURLToPath(new URL('./index.ts', import.meta.url))],
bundle: true,
outfile: fileURLToPath(new URL('../.output/server/cli.mjs', import.meta.url)),
platform: 'node',
format: 'esm',
plugins: [
{
name: 'make-all-packages-external',
setup(build) {
let filter = /^[^./]|^\.[^./]|^\.\.[^/]/; // Must not start with "/" or "./" or "../"
build.onResolve({ filter }, (args) => ({
path: args.path,
external: true,
}));
},
},
],
logLevel: 'info',
});
src/cli/cli.sh
+5
View File
@@ -0,0 +1,5 @@
#!/bin/sh
set -e
node /app/server/cli.mjs "$@"
src/cli/index.ts
+92
View File
@@ -0,0 +1,92 @@
#!/usr/bin/env node
// ! Auto Imports are not supported in this file
import { drizzle } from 'drizzle-orm/libsql';
import { createClient } from '@libsql/client';
import { defineCommand, runMain } from 'citty';
import { consola } from 'consola';
import { eq } from 'drizzle-orm';
import packageJson from '../package.json';
import * as schema from '../server/database/schema';
import { hashPassword } from '../server/utils/password';
const client = createClient({ url: 'file:/etc/wireguard/wg-easy.db' });
const db = drizzle({ client, schema });
const dbAdminReset = defineCommand({
meta: {
name: 'db:admin:reset',
description: 'Reset the admin user',
},
args: {
password: {
type: 'string',
description: 'New password for the admin user',
required: false,
},
},
async run(ctx) {
let password = ctx.args.password || undefined;
if (!password) {
password = await consola.prompt('Please enter a new password:', {
type: 'text',
});
}
if (!password) {
consola.error('Password is required');
return;
}
if (password.length < 12) {
consola.error('Password must be at least 12 characters long');
return;
}
console.info('Setting new password for admin user...');
const hash = await hashPassword(password);
const user = await db.transaction(async (tx) => {
const user = await tx
.select()
.from(schema.user)
.where(eq(schema.user.id, 1))
.get();
if (!user) {
consola.error('Admin user not found');
return;
}
await tx
.update(schema.user)
.set({
password: hash,
})
.where(eq(schema.user.id, 1));
return user;
});
if (!user) {
consola.error('Failed to update admin user');
return;
}
consola.success(
`Successfully updated admin user ${user.id} (${user.username})`
);
},
});
const main = defineCommand({
meta: {
name: 'wg-easy',
version: packageJson.version,
description: 'Command Line Interface',
},
subCommands: {
'db:admin:reset': dbAdminReset,
},
});
runMain(main);
src/i18n/locales/en.json
+19 -13
View File
@@ -14,7 +14,13 @@
"email": "E-Mail"
},
"me": {
"currentPassword": "Current Password"
"currentPassword": "Current Password",
"enable2fa": "Enable Two Factor Authentication",
"enable2faDesc": "Scan the QR code with your authenticator app or enter the key manually.",
"2faKey": "TOTP Key",
"2faCodeDesc": "Enter the code from your authenticator app.",
"disable2fa": "Disable Two Factor Authentication",
"disable2faDesc": "Enter your password to disable Two Factor Authentication."
},
"general": {
"name": "Name",
@@ -33,7 +39,9 @@
"yes": "Yes",
"no": "No",
"confirmPassword": "Confirm Password",
"loading": "Loading..."
"loading": "Loading...",
"2fa": "Two Factor Authentication",
"2faCode": "TOTP Code"
},
"setup": {
"welcome": "Welcome to your first setup of wg-easy",
@@ -66,11 +74,9 @@
"signIn": "Sign In",
"rememberMe": "Remember me",
"rememberMeDesc": "Stay logged after closing the browser",
"insecure": "You can't log in with an insecure connection. Use HTTPS."
},
"error": {
"clear": "Clear",
"login": "Log in error"
"insecure": "You can't log in with an insecure connection. Use HTTPS.",
"2faRequired": "Two Factor Authentication is required",
"2faWrong": "Two Factor Authentication is wrong"
},
"client": {
"empty": "There are no clients yet.",
@@ -117,8 +123,7 @@
"toast": {
"success": "Success",
"saved": "Saved",
"error": "Error",
"errored": "Failed to save"
"error": "Error"
},
"form": {
"actions": "Actions",
@@ -155,7 +160,6 @@
},
"interface": {
"cidrSuccess": "Changed CIDR",
"cidrError": "Failed to change CIDR",
"device": "Device",
"deviceDesc": "Ethernet device the wireguard traffic should be forwarded through",
"mtuDesc": "MTU WireGuard will use",
@@ -164,8 +168,7 @@
"restart": "Restart Interface",
"restartDesc": "Restart the WireGuard interface",
"restartWarn": "Are you sure to restart the interface? This will disconnect all clients.",
"restartSuccess": "Interface restarted",
"restartError": "Failed to restart interface"
"restartSuccess": "Interface restarted"
},
"introText": "Welcome to the admin panel.\n\nHere you can manage the general settings, the configuration, the interface settings and the hooks.\n\nStart by choosing one of the sections in the sidebar."
},
@@ -194,7 +197,10 @@
"name": "Name",
"email": "Email",
"emailInvalid": "Email must be a valid email",
"passwordMatch": "Passwords must match"
"passwordMatch": "Passwords must match",
"totpEnable": "TOTP Enable",
"totpEnableTrue": "TOTP Enable must be true",
"totpCode": "TOTP Code"
},
"userConfig": {
"host": "Host"
src/nuxt.config.ts
+6
View File
@@ -41,6 +41,9 @@ export default defineNuxtConfig({
detectBrowserLanguage: {
useCookie: true,
},
bundle: {
optimizeTranslationDirective: false,
},
},
nitro: {
esbuild: {
@@ -52,6 +55,9 @@ export default defineNuxtConfig({
alias: {
'#db': fileURLToPath(new URL('./server/database/', import.meta.url)),
},
externals: {
traceInclude: [fileURLToPath(new URL('./cli/index.ts', import.meta.url))],
},
},
alias: {
// for typecheck reasons (https://github.com/nuxt/cli/issues/323)
src/package.json
+36 -27
View File
@@ -1,11 +1,11 @@
{
"name": "wg-easy",
"version": "15.0.0-beta.11",
"version": "15.0.0-beta.13",
"description": "The easiest way to run WireGuard VPN + Web-based Admin UI.",
"private": true,
"type": "module",
"scripts": {
"build": "nuxt build",
"build": "nuxt build && pnpm cli:build",
"dev": "nuxt dev",
"generate": "nuxt generate",
"preview": "nuxt preview",
@@ -15,53 +15,62 @@
"format:check": "prettier . --check",
"typecheck": "nuxt typecheck",
"check:all": "pnpm typecheck && pnpm lint && pnpm format:check && pnpm build",
"db:generate": "drizzle-kit generate"
"db:generate": "drizzle-kit generate",
"cli:build": "node cli/build.js",
"cli:dev": "tsx cli/index.ts"
},
"dependencies": {
"@eschricht/nuxt-color-mode": "^1.1.5",
"@heroicons/vue": "^2.2.0",
"@libsql/client": "^0.15.1",
"@nuxtjs/i18n": "^9.4.0",
"@nuxtjs/tailwindcss": "^6.13.2",
"@libsql/client": "^0.15.7",
"@nuxtjs/i18n": "^9.5.4",
"@nuxtjs/tailwindcss": "^6.14.0",
"@phc/format": "^1.0.0",
"@pinia/nuxt": "^0.10.1",
"@pinia/nuxt": "^0.11.0",
"@tailwindcss/forms": "^0.5.10",
"apexcharts": "^4.5.0",
"argon2": "^0.41.1",
"basic-auth": "^2.0.1",
"apexcharts": "^4.7.0",
"argon2": "^0.43.0",
"cidr-tools": "^11.0.3",
"citty": "^0.1.6",
"consola": "^3.4.2",
"crc-32": "^1.2.2",
"debug": "^4.4.0",
"drizzle-orm": "^0.41.0",
"debug": "^4.4.1",
"drizzle-orm": "^0.43.1",
"ip-bigint": "^8.2.1",
"is-cidr": "^5.1.1",
"is-ip": "^5.0.1",
"js-sha256": "^0.11.0",
"lowdb": "^7.0.1",
"nuxt": "^3.16.1",
"pinia": "^3.0.1",
"qrcode": "^1.5.4",
"js-sha256": "^0.11.1",
"nuxt": "^3.17.4",
"otpauth": "^9.4.0",
"pinia": "^3.0.2",
"qr": "^0.4.2",
"radix-vue": "^1.9.17",
"semver": "^7.7.1",
"semver": "^7.7.2",
"tailwindcss": "^3.4.17",
"timeago.js": "^4.0.2",
"vue": "latest",
"vue3-apexcharts": "^1.8.0",
"zod": "^3.24.2"
"zod": "^3.25.30"
},
"devDependencies": {
"@nuxt/eslint": "1.3.0",
"@nuxt/eslint": "^1.4.1",
"@types/debug": "^4.1.12",
"@types/phc__format": "^1.0.1",
"@types/qrcode": "^1.5.5",
"@types/semver": "^7.7.0",
"drizzle-kit": "^0.30.6",
"eslint": "^9.23.0",
"eslint-config-prettier": "^10.1.1",
"drizzle-kit": "^0.31.1",
"esbuild": "^0.25.5",
"eslint": "^9.27.0",
"eslint-config-prettier": "^10.1.5",
"prettier": "^3.5.3",
"prettier-plugin-tailwindcss": "^0.6.11",
"typescript": "^5.8.2",
"vue-tsc": "^2.2.8"
"tsx": "^4.19.4",
"typescript": "^5.8.3",
"vue-tsc": "^2.2.10"
},
"packageManager": "pnpm@10.7.0"
"packageManager": "pnpm@10.11.0",
"pnpm": {
"overrides": {
"oxc-parser": "^0.70.0"
}
}
}
src/pnpm-lock.yaml
Generated
+3049 -2287
View File
File diff suppressed because it is too large Load Diff
src/server/api/me/totp.post.ts
+65
View File
@@ -0,0 +1,65 @@
import { Secret, TOTP } from 'otpauth';
import { UserUpdateTotpSchema } from '#db/repositories/user/types';
type Response =
| {
success: boolean;
type: 'setup';
key: string;
uri: string;
}
| { success: boolean; type: 'created' }
| { success: boolean; type: 'deleted' };
export default definePermissionEventHandler(
'me',
'update',
async ({ event, user, checkPermissions }) => {
const body = await readValidatedBody(
event,
validateZod(UserUpdateTotpSchema, event)
);
checkPermissions(user);
if (body.type === 'setup') {
const key = new Secret({ size: 20 });
const totp = new TOTP({
issuer: 'wg-easy',
label: user.username,
algorithm: 'SHA1',
digits: 6,
period: 30,
secret: key,
});
await Database.users.updateTotpKey(user.id, key.base32);
return {
success: true,
type: 'setup',
key: key.base32,
uri: totp.toString(),
} as Response;
} else if (body.type === 'create') {
await Database.users.verifyTotp(user.id, body.code);
return {
success: true,
type: 'created',
} as Response;
} else if (body.type === 'delete') {
await Database.users.deleteTotpKey(user.id, body.currentPassword);
return {
success: true,
type: 'deleted',
} as Response;
}
throw createError({
statusCode: 400,
statusMessage: 'Invalid request',
});
}
);
src/server/api/session.get.ts
+1
View File
@@ -20,5 +20,6 @@ export default defineEventHandler(async (event) => {
username: user.username,
name: user.name,
email: user.email,
totpVerified: user.totpVerified,
};
});
src/server/api/session.post.ts
+29 -16
View File
@@ -1,29 +1,42 @@
import { UserLoginSchema } from '#db/repositories/user/types';
export default defineEventHandler(async (event) => {
const { username, password, remember } = await readValidatedBody(
const { username, password, remember, totpCode } = await readValidatedBody(
event,
validateZod(UserLoginSchema, event)
);
// TODO: timing can be used to enumerate usernames
const result = await Database.users.login(username, password, totpCode);
const user = await Database.users.getByUsername(username);
if (!user)
throw createError({
statusCode: 401,
statusMessage: 'Incorrect credentials',
});
// TODO: add localization support
const userHashPassword = user.password;
const passwordValid = await isPasswordValid(password, userHashPassword);
if (!passwordValid) {
throw createError({
statusCode: 401,
statusMessage: 'Incorrect credentials',
});
if (!result.success) {
switch (result.error) {
case 'INCORRECT_CREDENTIALS':
throw createError({
statusCode: 401,
statusMessage: 'Invalid username or password',
});
case 'TOTP_REQUIRED':
return { status: 'TOTP_REQUIRED' };
case 'INVALID_TOTP_CODE':
return { status: 'INVALID_TOTP_CODE' };
case 'USER_DISABLED':
throw createError({
statusCode: 401,
statusMessage: 'User disabled',
});
case 'UNEXPECTED_ERROR':
throw createError({
statusCode: 500,
statusMessage: 'Unexpected error',
});
}
assertUnreachable(result.error);
}
const user = result.user;
const session = await useWGSession(event, remember);
const data = await session.update({
@@ -34,5 +47,5 @@ export default defineEventHandler(async (event) => {
SERVER_DEBUG(`New Session: ${data.id} for ${user.id} (${user.username})`);
return { success: true };
return { status: 'success' };
});
src/server/database/migrations/0000_short_skin.sql
+6 -1
View File
@@ -1,6 +1,7 @@
CREATE TABLE `clients_table` (
`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
`user_id` integer NOT NULL,
`interface_id` text NOT NULL,
`name` text NOT NULL,
`ipv4_address` text NOT NULL,
`ipv6_address` text NOT NULL,
@@ -17,10 +18,12 @@ CREATE TABLE `clients_table` (
`persistent_keepalive` integer NOT NULL,
`mtu` integer NOT NULL,
`dns` text,
`server_endpoint` text,
`enabled` integer NOT NULL,
`created_at` text DEFAULT (CURRENT_TIMESTAMP) NOT NULL,
`updated_at` text DEFAULT (CURRENT_TIMESTAMP) NOT NULL,
FOREIGN KEY (`user_id`) REFERENCES `users_table`(`id`) ON UPDATE cascade ON DELETE restrict
FOREIGN KEY (`user_id`) REFERENCES `users_table`(`id`) ON UPDATE cascade ON DELETE restrict,
FOREIGN KEY (`interface_id`) REFERENCES `interfaces_table`(`name`) ON UPDATE cascade ON DELETE cascade
);
--> statement-breakpoint
CREATE UNIQUE INDEX `clients_table_ipv4_address_unique` ON `clients_table` (`ipv4_address`);--> statement-breakpoint
@@ -80,6 +83,8 @@ CREATE TABLE `users_table` (
`email` text,
`name` text NOT NULL,
`role` integer NOT NULL,
`totp_key` text,
`totp_verified` integer NOT NULL,
`enabled` integer NOT NULL,
`created_at` text DEFAULT (CURRENT_TIMESTAMP) NOT NULL,
`updated_at` text DEFAULT (CURRENT_TIMESTAMP) NOT NULL
src/server/database/migrations/meta/0000_snapshot.json
+42 -1
View File
@@ -1,7 +1,7 @@
{
"version": "6",
"dialect": "sqlite",
"id": "8c2af02b-c4bd-4880-a9ad-b38805636208",
"id": "dae61656-1107-4729-ac83-f43d4cab3881",
"prevId": "00000000-0000-0000-0000-000000000000",
"tables": {
"clients_table": {
@@ -21,6 +21,13 @@
"notNull": true,
"autoincrement": false
},
"interface_id": {
"name": "interface_id",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"name": {
"name": "name",
"type": "text",
@@ -137,6 +144,13 @@
"notNull": false,
"autoincrement": false
},
"server_endpoint": {
"name": "server_endpoint",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"enabled": {
"name": "enabled",
"type": "integer",
@@ -190,6 +204,19 @@
],
"onDelete": "restrict",
"onUpdate": "cascade"
},
"clients_table_interface_id_interfaces_table_name_fk": {
"name": "clients_table_interface_id_interfaces_table_name_fk",
"tableFrom": "clients_table",
"tableTo": "interfaces_table",
"columnsFrom": [
"interface_id"
],
"columnsTo": [
"name"
],
"onDelete": "cascade",
"onUpdate": "cascade"
}
},
"compositePrimaryKeys": {},
@@ -558,6 +585,20 @@
"notNull": true,
"autoincrement": false
},
"totp_key": {
"name": "totp_key",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"totp_verified": {
"name": "totp_verified",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"enabled": {
"name": "enabled",
"type": "integer",
src/server/database/migrations/meta/0001_snapshot.json
+43 -2
View File
@@ -1,6 +1,6 @@
{
"id": "a61263b1-9af1-4d2e-99e9-80d08127b545",
"prevId": "8c2af02b-c4bd-4880-a9ad-b38805636208",
"id": "78de2e52-c4a8-4900-86c5-92f34739623a",
"prevId": "dae61656-1107-4729-ac83-f43d4cab3881",
"version": "6",
"dialect": "sqlite",
"tables": {
@@ -21,6 +21,13 @@
"notNull": true,
"autoincrement": false
},
"interface_id": {
"name": "interface_id",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"name": {
"name": "name",
"type": "text",
@@ -137,6 +144,13 @@
"notNull": false,
"autoincrement": false
},
"server_endpoint": {
"name": "server_endpoint",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"enabled": {
"name": "enabled",
"type": "integer",
@@ -190,6 +204,19 @@
],
"onUpdate": "cascade",
"onDelete": "restrict"
},
"clients_table_interface_id_interfaces_table_name_fk": {
"name": "clients_table_interface_id_interfaces_table_name_fk",
"tableFrom": "clients_table",
"columnsFrom": [
"interface_id"
],
"tableTo": "interfaces_table",
"columnsTo": [
"name"
],
"onUpdate": "cascade",
"onDelete": "cascade"
}
},
"compositePrimaryKeys": {},
@@ -558,6 +585,20 @@
"notNull": true,
"autoincrement": false
},
"totp_key": {
"name": "totp_key",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"totp_verified": {
"name": "totp_verified",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"enabled": {
"name": "enabled",
"type": "integer",
src/server/database/migrations/meta/_journal.json
+2 -2
View File
@@ -5,14 +5,14 @@
{
"idx": 0,
"version": "6",
"when": 1741355094140,
"when": 1748426990392,
"tag": "0000_short_skin",
"breakpoints": true
},
{
"idx": 1,
"version": "6",
"when": 1741355098159,
"when": 1748427001203,
"tag": "0001_classy_the_stranger",
"breakpoints": true
}
src/server/database/repositories/client/schema.ts
+12 -1
View File
@@ -1,7 +1,7 @@
import { sql, relations } from 'drizzle-orm';
import { int, sqliteTable, text } from 'drizzle-orm/sqlite-core';
import { oneTimeLink, user } from '../../schema';
import { oneTimeLink, user, wgInterface } from '../../schema';
/** null means use value from userConfig */
@@ -13,6 +13,12 @@ export const client = sqliteTable('clients_table', {
onDelete: 'restrict',
onUpdate: 'cascade',
}),
interfaceId: text('interface_id')
.notNull()
.references(() => wgInterface.name, {
onDelete: 'cascade',
onUpdate: 'cascade',
}),
name: text().notNull(),
ipv4Address: text('ipv4_address').notNull().unique(),
ipv6Address: text('ipv6_address').notNull().unique(),
@@ -31,6 +37,7 @@ export const client = sqliteTable('clients_table', {
persistentKeepalive: int('persistent_keepalive').notNull(),
mtu: int().notNull(),
dns: text({ mode: 'json' }).$type<string[]>(),
serverEndpoint: text('server_endpoint'),
enabled: int({ mode: 'boolean' }).notNull(),
createdAt: text('created_at')
.notNull()
@@ -50,4 +57,8 @@ export const clientsRelations = relations(client, ({ one }) => ({
fields: [client.userId],
references: [user.id],
}),
interface: one(wgInterface, {
fields: [client.interfaceId],
references: [wgInterface.name],
}),
}));
src/server/database/repositories/client/service.ts
+2
View File
@@ -108,6 +108,7 @@ export class ClientService {
name,
// TODO: properly assign user id
userId: 1,
interfaceId: 'wg0',
expiresAt,
privateKey,
publicKey,
@@ -171,6 +172,7 @@ export class ClientService {
.values({
name,
userId: 1,
interfaceId: 'wg0',
privateKey,
publicKey,
preSharedKey,
src/server/database/repositories/client/types.ts
+2 -1
View File
@@ -14,7 +14,7 @@ export type CreateClientType = Omit<
export type UpdateClientType = Omit<
CreateClientType,
'privateKey' | 'publicKey' | 'preSharedKey' | 'userId'
'privateKey' | 'publicKey' | 'preSharedKey' | 'userId' | 'interfaceId'
>;
const name = z
@@ -65,6 +65,7 @@ export const ClientUpdateSchema = schemaForType<UpdateClientType>()(
serverAllowedIps: serverAllowedIps,
mtu: MtuSchema,
persistentKeepalive: PersistentKeepaliveSchema,
serverEndpoint: AddressSchema.nullable(),
dns: DnsSchema.nullable(),
})
);
src/server/database/repositories/user/schema.ts
+2
View File
@@ -10,6 +10,8 @@ export const user = sqliteTable('users_table', {
email: text(),
name: text().notNull(),
role: int().$type<Role>().notNull(),
totpKey: text('totp_key'),
totpVerified: int('totp_verified', { mode: 'boolean' }).notNull(),
enabled: int({ mode: 'boolean' }).notNull(),
createdAt: text('created_at')
.notNull()
src/server/database/repositories/user/service.ts
+143
View File
@@ -1,7 +1,24 @@
import { eq, sql } from 'drizzle-orm';
import { TOTP } from 'otpauth';
import { user } from './schema';
import type { UserType } from './types';
import type { DBType } from '#db/sqlite';
type LoginResult =
| {
success: true;
user: UserType;
}
| {
success: false;
error:
| 'INCORRECT_CREDENTIALS'
| 'TOTP_REQUIRED'
| 'USER_DISABLED'
| 'INVALID_TOTP_CODE'
| 'UNEXPECTED_ERROR';
};
function createPreparedStatement(db: DBType) {
return {
findAll: db.query.user.findMany().prepare(),
@@ -21,6 +38,14 @@ function createPreparedStatement(db: DBType) {
})
.where(eq(user.id, sql.placeholder('id')))
.prepare(),
updateKey: db
.update(user)
.set({
totpKey: sql.placeholder('key') as never as string,
totpVerified: false,
})
.where(eq(user.id, sql.placeholder('id')))
.prepare(),
};
}
@@ -67,6 +92,7 @@ export class UserService {
email: null,
name: 'Administrator',
role: userCount === 0 ? roles.ADMIN : roles.CLIENT,
totpVerified: false,
enabled: true,
});
});
@@ -105,4 +131,121 @@ export class UserService {
.execute();
});
}
updateTotpKey(id: ID, key: string | null) {
return this.#statements.updateKey.execute({ id, key });
}
login(username: string, password: string, code: string | undefined) {
return this.#db.transaction(async (tx): Promise<LoginResult> => {
const txUser = await tx.query.user
.findFirst({ where: eq(user.username, username) })
.execute();
if (!txUser) {
return { success: false, error: 'INCORRECT_CREDENTIALS' };
}
const passwordValid = await isPasswordValid(password, txUser.password);
if (!passwordValid) {
return { success: false, error: 'INCORRECT_CREDENTIALS' };
}
if (txUser.totpVerified) {
if (!code) {
return { success: false, error: 'TOTP_REQUIRED' };
} else {
if (!txUser.totpKey) {
return { success: false, error: 'UNEXPECTED_ERROR' };
}
const totp = new TOTP({
issuer: 'wg-easy',
label: txUser.username,
algorithm: 'SHA1',
digits: 6,
period: 30,
secret: txUser.totpKey,
});
const valid = totp.validate({ token: code, window: 1 });
if (valid === null) {
return { success: false, error: 'INVALID_TOTP_CODE' };
}
}
}
if (!txUser.enabled) {
return { success: false, error: 'USER_DISABLED' };
}
return { success: true, user: txUser };
});
}
verifyTotp(id: ID, code: string) {
return this.#db.transaction(async (tx) => {
const txUser = await tx.query.user
.findFirst({ where: eq(user.id, id) })
.execute();
if (!txUser) {
throw new Error('User not found');
}
if (!txUser.totpKey) {
throw new Error('TOTP key is not set');
}
const totp = new TOTP({
issuer: 'wg-easy',
label: txUser.username,
algorithm: 'SHA1',
digits: 6,
period: 30,
secret: txUser.totpKey,
});
const valid = totp.validate({ token: code, window: 1 });
if (valid === null) {
throw new Error('Invalid TOTP code');
}
await tx
.update(user)
.set({ totpVerified: true })
.where(eq(user.id, id))
.execute();
});
}
deleteTotpKey(id: ID, currentPassword: string) {
return this.#db.transaction(async (tx) => {
const txUser = await tx.query.user
.findFirst({ where: eq(user.id, id) })
.execute();
if (!txUser) {
throw new Error('User not found');
}
const passwordValid = await isPasswordValid(
currentPassword,
txUser.password
);
if (!passwordValid) {
throw new Error('Invalid password');
}
await tx
.update(user)
.set({ totpKey: null, totpVerified: false })
.where(eq(user.id, id))
.execute();
});
}
}

Some files were not shown because too many files have changed in this diff Show More