adds API endpoints for managing wireguard peers

2025-06-26 18:28:06 +00:00 · 2023-09-25 15:28:45 +03:30 · 2023-09-25 15:28:45 +03:30 · 0b18182103
commit 0b18182103
parent 4e4449435d
4 changed files with 250 additions and 0 deletions
--- a/src/pages/api/wireguard/[serverId]/[clientId]/config.ts
+++ b/src/pages/api/wireguard/[serverId]/[clientId]/config.ts
@ -0,0 +1,47 @@
+import { NextApiRequest, NextApiResponse } from "next";
+import safeServe from "@lib/safe-serve";
+import { zodErrorToResponse } from "@lib/zod";
+import { z } from "zod";
+import { findServer, WGServer } from "@lib/wireguard";
+import { ServerId } from "@lib/schemas/WireGuard";
+
+export default async function handler(req: NextApiRequest, res: NextApiResponse) {
+  return safeServe(res, async () => {
+
+    if (req.method !== 'GET') {
+      return res
+         .status(400)
+         .json({ ok: false, details: 'Method not allowed' })
+    }
+
+    const parsed = RequestSchema.safeParse(req.query)
+    if (!parsed.success) {
+      return zodErrorToResponse(res, parsed.error)
+    }
+
+    const { serverId, clientId } = req.query as z.infer<typeof RequestSchema>
+    const server = await findServer(serverId)
+    if (!server) {
+      return res
+         .status(404)
+         .json({ ok: false, message: 'Not Found' })
+    }
+
+    const conf = await WGServer.generatePeerConfig(server.id, clientId)
+    if (!conf) {
+      return res
+         .status(500)
+         .json({ ok: false, message: 'Server Internal Error' })
+    }
+
+    return res
+       .status(200)
+       .end(conf)
+
+  })
+}
+
+const RequestSchema = z.object({
+  serverId: ServerId,
+  clientId: z.string().uuid()
+})
--- a/src/pages/api/wireguard/[serverId]/[clientId]/download.ts
+++ b/src/pages/api/wireguard/[serverId]/[clientId]/download.ts
@ -0,0 +1,37 @@
+import { NextApiRequest, NextApiResponse } from "next";
+import safeServe from "@lib/safe-serve";
+import { zodErrorToResponse } from "@lib/zod";
+import { z } from "zod";
+import { findServer } from "@lib/wireguard";
+import { AddressSchema, ServerId } from "@lib/schemas/WireGuard";
+
+export default async function handler(req: NextApiRequest, res: NextApiResponse) {
+  return safeServe(res, async () => {
+
+    if (req.method !== 'GET') {
+      return res
+         .status(400)
+         .json({ ok: false, details: 'Method not allowed' })
+    }
+
+    const parsed = RequestSchema.safeParse(req.query)
+    if (!parsed.success) {
+      return zodErrorToResponse(res, parsed.error)
+    }
+
+    const { serverId, clientId } = req.query as z.infer<typeof RequestSchema>
+    const server = await findServer(serverId)
+    if (!server) {
+      return res
+         .status(404)
+         .json({ ok: false, message: 'Not Found' })
+    }
+
+
+  })
+}
+
+const RequestSchema = z.object({
+  serverId: ServerId,
+  clientId: AddressSchema
+})
--- a/src/pages/api/wireguard/[serverId]/[clientId]/index.ts
+++ b/src/pages/api/wireguard/[serverId]/[clientId]/index.ts
@ -0,0 +1,92 @@
+import type { NextApiRequest, NextApiResponse } from "next";
+import safeServe from "@lib/safe-serve";
+import { findServer, WGServer } from "@lib/wireguard";
+import { z } from "zod";
+import { ClientId, NameSchema, ServerId } from "@lib/schemas/WireGuard";
+import { WgServer } from "@lib/typings";
+import { zodErrorToResponse } from "@lib/zod";
+
+export default async function handler(req: NextApiRequest, res: NextApiResponse) {
+  return safeServe(res, async () => {
+
+    const parsed = RequestSchema.safeParse(req.query)
+    if (!parsed.success) {
+      return zodErrorToResponse(res, parsed.error)
+    }
+
+    const { serverId, clientId } = req.query as z.infer<typeof RequestSchema>
+    const server = await findServer(serverId)
+    if (!server) {
+      return res
+         .status(404)
+         .json({ ok: false, message: 'Not Found' })
+    }
+
+    const peer = server.peers.find((p) => p.id === clientId)
+    if (!peer) {
+      return res
+         .status(404)
+         .json({ ok: false, message: 'Not Found' })
+    }
+
+    if (req.method === 'GET') {
+      return res
+         .status(200)
+         .json({ ok: true, result: peer })
+    }
+
+    if (req.method === 'PUT') {
+      return await update(server, peer, req, res)
+    }
+
+    if (req.method === 'DELETE') {
+      return await remove(server, peer, req, res)
+    }
+
+    return res
+       .status(400)
+       .json({ ok: false, details: 'Method not allowed' })
+
+  })
+}
+
+const RequestSchema = z.object({
+  serverId: ServerId,
+  clientId: ClientId
+})
+
+type Peer = WgServer['peers'][0]
+
+async function update(server: WgServer, peer: Peer, req: NextApiRequest, res: NextApiResponse) {
+  return safeServe(res, async () => {
+
+    const parsed = PutRequestSchema.safeParse(req.body)
+    if (!parsed.success) {
+      return zodErrorToResponse(res, parsed.error)
+    }
+
+    const { name } = req.body as z.infer<typeof PutRequestSchema>
+
+    if (name) {
+      await WGServer.update(server.id, { name })
+    }
+
+    return res
+       .status(200)
+       .json({ ok: true })
+
+  })
+}
+
+const PutRequestSchema = z.object({
+  name: NameSchema.optional()
+})
+
+async function remove(server: WgServer, peer: Peer, req: NextApiRequest, res: NextApiResponse) {
+  return safeServe(res, async () => {
+    await WGServer.removePeer(server.id, peer.publicKey)
+    return res
+       .status(200)
+       .json({ ok: true })
+  })
+}
--- a/src/pages/api/wireguard/[serverId]/createClient.ts
+++ b/src/pages/api/wireguard/[serverId]/createClient.ts
@ -0,0 +1,74 @@
+import type { NextApiRequest, NextApiResponse } from "next";
+import safeServe from "@lib/safe-serve";
+import { findServer, generateWgKey, WGServer } from "@lib/wireguard";
+import { z } from "zod";
+import { NameSchema, ServerId } from "@lib/schemas/WireGuard";
+import { zodErrorToResponse } from "@lib/zod";
+
+export default async function handler(req: NextApiRequest, res: NextApiResponse) {
+  return safeServe(res, async () => {
+
+    if (req.method !== 'POST') {
+      return res
+         .status(400)
+         .json({ ok: false, details: 'Method not allowed' })
+    }
+
+    const parsed = RequestQuerySchema.safeParse(req.query)
+    if (!parsed.success) {
+      return zodErrorToResponse(res, parsed.error)
+    }
+
+    const bodyParsed = RequestBodySchema.safeParse(req.body)
+    if (!bodyParsed.success) {
+      return zodErrorToResponse(res, bodyParsed.error)
+    }
+
+    const { name } = req.body as z.infer<typeof RequestBodySchema>
+    const { serverId } = req.query as z.infer<typeof RequestQuerySchema>
+
+    const server = await findServer(serverId)
+    if (!server) {
+      return res
+         .status(404)
+         .json({ ok: false, message: 'Not Found' })
+    }
+
+    const freeAddress = await WGServer.getFreePeerIp(server.id)
+    if (!freeAddress) {
+      return res
+         .status(400)
+         .json({ ok: false, details: 'No free addresses' })
+    }
+
+    const peerKeys = await generateWgKey()
+
+    const addedPeer = await WGServer.addPeer(server.id, {
+      id: crypto.randomUUID(),
+      name,
+      allowedIps: freeAddress,
+      publicKey: peerKeys.publicKey,
+      privateKey: peerKeys.privateKey,
+      preSharedKey: peerKeys.preSharedKey,
+      persistentKeepalive: 25,
+    })
+    if (!addedPeer) {
+      return res
+         .status(500)
+         .json({ ok: false, details: 'Failed to add peer' })
+    }
+
+    return res
+       .status(200)
+       .json({ ok: true })
+
+  })
+}
+
+const RequestQuerySchema = z.object({
+  serverId: ServerId,
+})
+
+const RequestBodySchema = z.object({
+  name: NameSchema,
+})