From 440a6189bd973f1396bc66965adf2988edb3468a Mon Sep 17 00:00:00 2001
From: Shahrad Elahi <shahradq@gmail.com>
Date: Tue, 26 Sep 2023 06:26:03 +0330
Subject: [PATCH] Initials support for `WireGuard` as `Tor`

---
 config/torrc                       |  5 +++
 src/lib/redis.ts                   |  1 +
 src/lib/wireguard.ts               | 61 +++++++++++++++++++++++++++---
 src/ui/Modal/CreateServerModal.tsx |  2 +-
 4 files changed, 63 insertions(+), 6 deletions(-)

diff --git a/config/torrc b/config/torrc
index e69de29..ad6b7cc 100644
--- a/config/torrc
+++ b/config/torrc
@@ -0,0 +1,5 @@
+VirtualAddrNetwork 10.192.0.0/10
+SOCKSPort 9055
+ControlPort 9051
+DNSPort 10.8.0.1:53530
+TransPort 10.8.0.1:9040
\ No newline at end of file
diff --git a/src/lib/redis.ts b/src/lib/redis.ts
index e877c9c..8ea72e2 100644
--- a/src/lib/redis.ts
+++ b/src/lib/redis.ts
@@ -8,3 +8,4 @@ export type RedisClient = typeof client;
 
 export const WG_SEVER_PATH = `WG::SERVERS`
 
+
diff --git a/src/lib/wireguard.ts b/src/lib/wireguard.ts
index 022e9fb..f9758f7 100644
--- a/src/lib/wireguard.ts
+++ b/src/lib/wireguard.ts
@@ -39,17 +39,26 @@ export class WGServer {
       console.error('server could not be updated (reason: not exists)')
       return false
     }
+
     await this.stop(id)
     await dropInterface(server.confId)
-    await fs.unlink(path.join(WG_PATH, `wg${server.confId}.conf`)).catch(() => null)
+    await fs.unlink(path.join(WG_PATH, `wg${server.confId}.conf`))
+       .catch(() => null)
+
     const index = await findServerIndex(id)
-    console.log('index', index)
     if (typeof index !== 'number') {
       console.warn('findServerIndex: index not found')
       return true
-    } else {
-      await client.lrem(WG_SEVER_PATH, 1, JSON.stringify(server))
     }
+
+    const element = await client.lindex(WG_SEVER_PATH, index)
+    if (!element) {
+      console.warn('remove: element not found')
+      return true
+    }
+
+    await client.lrem(WG_SEVER_PATH, 1, element)
+
     return true
   }
 
@@ -342,7 +351,7 @@ export async function generateWgServer(config: {
   const confId = await maxConfId() + 1
   const uuid = crypto.randomUUID()
 
-  const server: WgServer = {
+  let server: WgServer = {
     id: uuid,
     confId,
     type: config.type,
@@ -375,6 +384,11 @@ export async function generateWgServer(config: {
     throw new Error(`Port ${config.port} is already reserved!`)
   }
 
+  // setting iptables
+  const iptables = await makeWgIptables(server)
+  server.postUp = iptables.up
+  server.postDown = iptables.down
+
   // save server config
   if (false !== config.insertDb) {
     await client.lpush(WG_SEVER_PATH, JSON.stringify(server))
@@ -483,3 +497,40 @@ export async function findServer(id: string | undefined, hash?: string): Promise
      hash && isJson(hash) ? servers.find((s) => JSON.stringify(s) === hash) :
         undefined
 }
+
+async function makeWgIptables(s: WgServer): Promise<{
+  up: string
+  down: string
+}> {
+  const inet = Shell.exec('ip route | grep default | grep -oP "(?<=dev )[^ ]+"')
+  const wgAddress = `${s.address}/24`
+  const wgInet = `wg${s.confId}`
+
+  if (s.type === 'direct') {
+    const up = dynaJoin([
+      `iptables -t nat -A POSTROUTING -s ${wgAddress} -o ${inet} -j MASQUERADE`,
+      `iptables -A INPUT -p udp -m udp --dport ${s.listen} -j ACCEPT`,
+      `iptables -A INPUT -p tcp -m tcp --dport ${s.listen} -j ACCEPT`,
+      `iptables -A FORWARD -i ${wgInet} -j ACCEPT`,
+      `iptables -A FORWARD -o ${wgInet} -j ACCEPT`,
+    ]).join('; ')
+    return { up, down: up.replace(/ -A /g, ' -D ') }
+  }
+
+  if (s.type === 'tor') {
+    const up = dynaJoin([
+      `iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT`,
+      `iptables -A INPUT -i ${wgInet} -m state --state NEW -j ACCEPT`,
+      `iptables -t nat -A PREROUTING -i ${wgInet} -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:53530`,
+      `iptables -t nat -A PREROUTING -i ${wgInet} -p tcp -j DNAT --to-destination 127.0.0.1:9040`,
+      `iptables -t nat -A PREROUTING -i ${wgInet} -p udp -j DNAT --to-destination 127.0.0.1:9040`,
+      `iptables -t nat -A OUTPUT -o lo -j RETURN`,
+      `iptables -A OUTPUT -m conntrack --ctstate INVALID -j DROP`,
+      `iptables -A OUTPUT -m state --state INVALID -j DROP`,
+      `iptables -A OUTPUT ! -o lo ! -d 127.0.0.1 ! -s 127.0.0.1 -p tcp -m tcp --tcp-flags ACK,FIN ACK,FIN -j DROP`,
+    ]).join('; ')
+    return { up, down: up.replace(/-A/g, '-D') }
+  }
+
+  return { up: '', down: '' }
+}
diff --git a/src/ui/Modal/CreateServerModal.tsx b/src/ui/Modal/CreateServerModal.tsx
index 246962f..9215be3 100644
--- a/src/ui/Modal/CreateServerModal.tsx
+++ b/src/ui/Modal/CreateServerModal.tsx
@@ -150,7 +150,7 @@ const CreateServerModal = React.forwardRef<
               onChange={(v) => setType(v as any)}
               options={[
                 { label: 'Direct', value: 'direct', icon: <i className={'fal fa-arrows-left-right-to-line'} /> },
-                { label: 'Tor', value: 'tor', icon: <TorOnion />, disabled: true }
+                { label: 'Tor', value: 'tor', icon: <TorOnion width={18} height={18} /> }
               ]}
            />
          </Form.Item>