Bump version to 15.0.0-beta.8

Fix: Add ui port to template (#1735 )
* add ui port to template * update changelog
2025-03-12 13:47:46 +01:00 · 2025-03-12 13:44:45 +01:00 · 2025-03-12 12:47:12 +01:00 · 2025-03-10 12:26:21 +01:00 · 2025-03-10 08:11:31 +01:00 · 2025-03-10 07:34:37 +01:00
12 changed files with 1300 additions and 1623 deletions
@@ -24,6 +24,8 @@ This update is an entire rewrite to make it even easier to set up your own VPN.
 - Deprecated Dockerless Installations
 - Added Docker Volume Mount (`/lib/modules`)
 - Removed ARMv6 and ARMv7 support
+- Connections over HTTP require setting the `INSECURE` env var
+- Changed license from CC BY-NC-SA 4.0 to AGPL-3.0-only

 ## [14.0.0] - 2024-09-04

@@ -88,7 +88,7 @@ In the Admin Panel of your WireGuard server, go to the `Hooks` tab and add the f
 1. PostUp

   ```shell
-   apk add nftables; nft add table inet wg_table; nft add chain inet wg_table postrouting { type nat hook postrouting priority 100 \; }; nft add rule inet wg_table postrouting ip saddr {{ipv4Cidr}} oifname {{device}} masquerade; nft add rule inet wg_table postrouting ip6 saddr {{ipv6Cidr}} oifname {{device}} masquerade; nft add chain inet wg_table input { type filter hook input priority 0 \; policy drop \; }; nft add rule inet wg_table input udp dport {{port}} accept; nft add chain inet wg_table forward { type filter hook forward priority 0 \; policy drop \; }; nft add rule inet wg_table forward iifname "wg0" accept; nft add rule inet wg_table forward oifname "wg0" accept;
+   apk add nftables; nft add table inet wg_table; nft add chain inet wg_table postrouting { type nat hook postrouting priority 100 \; }; nft add rule inet wg_table postrouting ip saddr {{ipv4Cidr}} oifname {{device}} masquerade; nft add rule inet wg_table postrouting ip6 saddr {{ipv6Cidr}} oifname {{device}} masquerade; nft add chain inet wg_table input { type filter hook input priority 0 \; policy drop \; }; nft add rule inet wg_table input udp dport {{port}} accept; nft add rule inet wg_table input tcp dport {{uiPort}} accept; nft add chain inet wg_table forward { type filter hook forward priority 0 \; policy drop \; }; nft add rule inet wg_table forward iifname "wg0" accept; nft add rule inet wg_table forward oifname "wg0" accept;
   ```

 2. PostDown
@@ -7,5 +7,5 @@
    "docs:preview": "docker run --rm -it -p 8080:8080 -v ./docs:/docs squidfunk/mkdocs-material serve -a 0.0.0.0:8080",
    "scripts:version": "bash scripts/version.sh"
  },
-  "packageManager": "pnpm@10.5.2"
+  "packageManager": "pnpm@10.6.2"
 }
@@ -40,7 +40,7 @@
              id="confirm-password"
              v-model="confirmPassword"
              autocomplete="new-password"
-              :label="$t('me.confirmPassword')"
+              :label="$t('general.confirmPassword')"
            />
            <FormActionField
              type="submit"
@@ -20,6 +20,14 @@
          :label="$t('general.password')"
        />
      </div>
+      <div class="flex flex-col">
+        <FormPasswordField
+          id="confirmPassword"
+          v-model="confirmPassword"
+          autocomplete="new-password"
+          :label="$t('general.confirmPassword')"
+        />
+      </div>
      <div>
        <BaseButton @click="submit">{{ $t('setup.createAccount') }}</BaseButton>
      </div>
@@ -37,6 +45,7 @@ setupStore.setStep(2);

 const username = ref<null | string>(null);
 const password = ref<string>('');
+const confirmPassword = ref<string>('');

 const _submit = useSubmit(
  '/api/setup/2',
@@ -54,6 +63,10 @@ const _submit = useSubmit(
 );

 function submit() {
-  return _submit({ username: username.value, password: password.value });
+  return _submit({
+    username: username.value,
+    password: password.value,
+    confirmPassword: confirmPassword.value,
+  });
 }
 </script>
@@ -14,8 +14,7 @@
    "email": "E-Mail"
  },
  "me": {
-    "currentPassword": "Current Password",
-    "confirmPassword": "Confirm Password"
+    "currentPassword": "Current Password"
  },
  "general": {
    "name": "Name",
@@ -32,7 +31,8 @@
    "host": "Host",
    "port": "Port",
    "yes": "Yes",
-    "no": "No"
+    "no": "No",
+    "confirmPassword": "Confirm Password"
  },
  "setup": {
    "welcome": "Welcome to your first setup of wg-easy !",
@@ -1,6 +1,6 @@
 {
  "name": "wg-easy",
-  "version": "15.0.0-beta.7",
+  "version": "15.0.0-beta.8",
  "description": "The easiest way to run WireGuard VPN + Web-based Admin UI.",
  "private": true,
  "type": "module",
@@ -20,8 +20,8 @@
  "dependencies": {
    "@eschricht/nuxt-color-mode": "^1.1.5",
    "@libsql/client": "^0.14.0",
-    "@nuxtjs/i18n": "^9.2.1",
-    "@nuxtjs/tailwindcss": "^6.13.1",
+    "@nuxtjs/i18n": "^9.3.1",
+    "@nuxtjs/tailwindcss": "^6.13.2",
    "@pinia/nuxt": "^0.10.1",
    "@tailwindcss/forms": "^0.5.10",
    "apexcharts": "^4.5.0",
@@ -36,7 +36,7 @@
    "is-ip": "^5.0.1",
    "js-sha256": "^0.11.0",
    "lowdb": "^7.0.1",
-    "nuxt": "^3.15.4",
+    "nuxt": "^3.16.0",
    "pinia": "^3.0.1",
    "qrcode": "^1.5.4",
    "radix-vue": "^1.9.17",
@@ -48,17 +48,17 @@
    "zod": "^3.24.2"
  },
  "devDependencies": {
-    "@nuxt/eslint": "1.1.0",
+    "@nuxt/eslint": "1.2.0",
    "@types/debug": "^4.1.12",
    "@types/qrcode": "^1.5.5",
    "@types/semver": "^7.5.8",
    "drizzle-kit": "^0.30.5",
-    "eslint": "^9.21.0",
-    "eslint-config-prettier": "^10.0.2",
+    "eslint": "^9.22.0",
+    "eslint-config-prettier": "^10.1.1",
    "prettier": "^3.5.3",
    "prettier-plugin-tailwindcss": "^0.6.11",
    "typescript": "^5.8.2",
    "vue-tsc": "^2.2.8"
  },
-  "packageManager": "pnpm@10.5.2"
+  "packageManager": "pnpm@10.6.2"
 }
@@ -1,5 +1,5 @@
 import { eq, sql } from 'drizzle-orm';
-import { parseCidr } from 'cidr-tools';
+import { containsCidr, parseCidr } from 'cidr-tools';
 import { client } from './schema';
 import type {
  ClientCreateFromExistingType,
@@ -132,7 +132,27 @@ export class ClientService {
  }

  update(id: ID, data: UpdateClientType) {
-    return this.#db.update(client).set(data).where(eq(client.id, id)).execute();
+    return this.#db.transaction(async (tx) => {
+      const clientInterface = await tx.query.wgInterface
+        .findFirst({
+          where: eq(wgInterface.name, 'wg0'),
+        })
+        .execute();
+
+      if (!clientInterface) {
+        throw new Error('WireGuard interface not found');
+      }
+
+      if (!containsCidr(clientInterface.ipv4Cidr, data.ipv4Address)) {
+        throw new Error('IPv4 address is not within the CIDR range');
+      }
+
+      if (!containsCidr(clientInterface.ipv6Cidr, data.ipv6Address)) {
+        throw new Error('IPv6 address is not within the CIDR range');
+      }
+
+      await tx.update(client).set(data).where(eq(client.id, id)).execute();
+    });
  }

  async createFromExisting({
@@ -26,10 +26,15 @@ export const UserLoginSchema = z.object({
  remember: remember,
 });

-export const UserSetupSchema = z.object({
-  username: username,
-  password: password,
-});
+export const UserSetupSchema = z
+  .object({
+    username: username,
+    password: password,
+    confirmPassword: password,
+  })
+  .refine((val) => val.password === val.confirmPassword, {
+    message: t('zod.user.passwordMatch'),
+  });

 const name = z
  .string({ message: t('zod.user.name') })
@@ -15,4 +15,16 @@ export const OLD_ENV = {
 export const WG_ENV = {
  /** UI is hosted on HTTP instead of HTTPS */
  INSECURE: process.env.INSECURE === 'true',
+  /** Port the UI is listening on */
+  PORT: assertEnv('PORT'),
 };
+
+function assertEnv<T extends string>(env: T) {
+  const val = process.env[env];
+
+  if (!val) {
+    throw new Error(`Missing environment variable: ${env}`);
+  }
+
+  return val;
+}
@@ -15,6 +15,7 @@ export function template(templ: string, values: Record<string, string>) {
 * - ipv6Cidr: IPv6 CIDR
 * - device: Network device
 * - port: Port number
+ * - uiPort: UI port number
 */
 export function iptablesTemplate(templ: string, wgInterface: InterfaceType) {
  return template(templ, {
@@ -22,5 +23,6 @@ export function iptablesTemplate(templ: string, wgInterface: InterfaceType) {
    ipv6Cidr: wgInterface.ipv6Cidr,
    device: wgInterface.device,
    port: wgInterface.port.toString(),
+    uiPort: WG_ENV.PORT,
  });
 }
Author	SHA1	Message	Date
Bernd Storath	4890bb28e5	Bump version to 15.0.0-beta.8	2025-03-12 13:47:46 +01:00
Bernd Storath	c3dbd3a815	Fix: Add ui port to template (#1735 ) * add ui port to template * update changelog	2025-03-12 13:44:45 +01:00
Bernd Storath	fc480df910	Fix: Update ip outside of cidr (#1733 ) * update packages * check if ip is included on update * update package manager	2025-03-12 12:47:12 +01:00
dependabot[bot]	b3bd2502af	build(deps): bump nuxt from 3.15.4 to 3.16.0 in /src (#1727 ) Bumps [nuxt](https://github.com/nuxt/nuxt/tree/HEAD/packages/nuxt) from 3.15.4 to 3.16.0. - [Release notes](https://github.com/nuxt/nuxt/releases) - [Commits](https://github.com/nuxt/nuxt/commits/v3.16.0/packages/nuxt) --- updated-dependencies: - dependency-name: nuxt dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-03-10 12:26:21 +01:00
dependabot[bot]	eb5ad91022	build(deps-dev): bump eslint from 9.21.0 to 9.22.0 in /src (#1726 ) Bumps [eslint](https://github.com/eslint/eslint) from 9.21.0 to 9.22.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](https://github.com/eslint/eslint/compare/v9.21.0...v9.22.0) --- updated-dependencies: - dependency-name: eslint dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-03-10 08:11:31 +01:00
dependabot[bot]	f2955a1278	build(deps): bump @nuxtjs/i18n from 9.2.1 to 9.3.1 in /src (#1728 ) Bumps [@nuxtjs/i18n](https://github.com/nuxt-modules/i18n) from 9.2.1 to 9.3.1. - [Release notes](https://github.com/nuxt-modules/i18n/releases) - [Changelog](https://github.com/nuxt-modules/i18n/blob/main/CHANGELOG.md) - [Commits](https://github.com/nuxt-modules/i18n/compare/v9.2.1...v9.3.1) --- updated-dependencies: - dependency-name: "@nuxtjs/i18n" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-03-10 07:34:37 +01:00
dependabot[bot]	1b76c066e0	build(deps-dev): bump @nuxt/eslint from 1.1.0 to 1.2.0 in /src (#1729 ) Bumps [@nuxt/eslint](https://github.com/nuxt/eslint/tree/HEAD/packages/module) from 1.1.0 to 1.2.0. - [Release notes](https://github.com/nuxt/eslint/releases) - [Commits](https://github.com/nuxt/eslint/commits/v1.2.0/packages/module) --- updated-dependencies: - dependency-name: "@nuxt/eslint" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-03-10 07:27:29 +01:00
Bernd Storath	5b68cc7311	Feat: Confirm setup password (#1722 ) confirm setup password	2025-03-07 16:05:40 +01:00