UniqueSoft/wg-portal
2
0
Fork 0
mirror of https://github.com/h44z/wg-portal synced 2025-02-26 05:49:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

automatic API access for default admin (#357)
Some checks failed
Chart / lint-test (push) Has been cancelled
Details
Chart / publish (push) Has been cancelled
Details
Docker / Build and Push (push) Has been cancelled
Details
github-pages / deploy (push) Has been cancelled
Details
Docker / release (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Christoph Haas 2025-02-07 22:42:48 +01:00
parent c33eaba1c0
commit e983a7b8f3
5 changed files with 112 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
deploy/helm/README.md
View File

@ -28,7 +28,7 @@ The [Values](#values) section lists the parameters that can be configured during
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
|----------------------------------|------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| nameOverride | string | `""` | Partially override resource names (adds suffix) |
| fullnameOverride | string | `""` | Fully override resource names |
| extraDeploy | list | `[]` | Array of extra objects to deploy with the release |

1
docs/documentation/configuration/examples.md
View File

@ -6,6 +6,7 @@ Below are some sample YAML configurations demonstrating how to override some def
core:
admin_user: test@example.com
admin_password: password
admin_api_token: super-s3cr3t-api-token-or-a-UUID
import_existing: false
create_default_peer: true
self_provisioning_allowed: true

4
docs/documentation/configuration/overview.md
View File

@ -111,6 +111,10 @@ More advanced options are found in the subsequent `Advanced` section.
- **Default:** `wgportal`
- **Description:** The administrator password. The default password of `wgportal` should be changed immediately.
### `admin_api_token`
- **Default:** *(empty)*
- **Description:** An API token for the admin user. If a token is provided, the REST API can be accessed using this token. If empty, the API is initially disabled for the admin user.
### `editable_keys`
- **Default:** `true`
- **Description:** Allow editing of WireGuard key-pairs directly in the UI.

13
internal/app/app.go
View File

@ -127,7 +127,7 @@ func (a *App) createDefaultUser(ctx context.Context) error {
}
now := time.Now()
admin, err := a.CreateUser(ctx, &domain.User{
defaultAdmin := &domain.User{
BaseModel: domain.BaseModel{
CreatedBy: domain.CtxSystemAdminId,
UpdatedBy: domain.CtxSystemAdminId,
@ -150,7 +150,16 @@ func (a *App) createDefaultUser(ctx context.Context) error {
Locked: nil,
LockedReason: "",
LinkedPeerCount: 0,
})
}
if a.Config.Core.AdminApiToken != "" {
if len(a.Config.Core.AdminApiToken) < 18 {
logrus.Warnf("[SECURITY WARNING] admin API token is too short, should be at least 18 characters long")
}
defaultAdmin.ApiToken = a.Config.Core.AdminApiToken
defaultAdmin.ApiTokenCreated = &now
}
admin, err := a.CreateUser(ctx, defaultAdmin)
if err != nil {
return err
}

2
internal/config/config.go
View File

@ -16,6 +16,7 @@ type Config struct {
// AdminUser defines the default administrator account that will be created
AdminUser string `yaml:"admin_user"`
AdminPassword string `yaml:"admin_password"`
AdminApiToken string `yaml:"admin_api_token"` // if set, the API access is enabled automatically
EditableKeys bool `yaml:"editable_keys"`
CreateDefaultPeer bool `yaml:"create_default_peer"`
@ -94,6 +95,7 @@ func defaultConfig() *Config {
cfg.Core.AdminUser = "admin@wgportal.local"
cfg.Core.AdminPassword = "wgportal"
cfg.Core.AdminApiToken = "" // by default, the API access is disabled
cfg.Core.ImportExisting = true
cfg.Core.RestoreState = true
cfg.Core.CreateDefaultPeer = false