updates WireGuard lib for creating peers

2025-06-26 18:28:06 +00:00 · 2023-09-25 15:27:43 +03:30 · 2023-09-25 15:27:43 +03:30 · 4e4449435d
commit 4e4449435d
parent 2b6083a692
4 changed files with 133 additions and 48 deletions
--- a/src/lib/schemas/WireGuard.ts
+++ b/src/lib/schemas/WireGuard.ts
@ -1,7 +1,6 @@
 import { z } from "zod";
 import { IPV4_REGEX } from "@lib/constants";
 import { isBetween, isPrivateIP } from "@lib/utils";
 import { ZodErrorMap } from "zod/lib/ZodError";
 export const NameSchema = z
   .string()
@ -50,6 +49,10 @@ export const ServerId = z
   .string()
   .uuid({ message: 'Server ID must be a valid UUID' })
 export const ClientId = z
   .string()
   .uuid({ message: 'Client ID must be a valid UUID' })
 export const ServerStatusSchema = z
   .enum([ 'up', 'down' ], {
     errorMap: issue => {
--- a/src/lib/typings.ts
+++ b/src/lib/typings.ts
@ -2,10 +2,12 @@ import { z } from "zod";
 import type React from "react";
 import { IPV4_REGEX } from "@lib/constants";
 import { NextApiRequest as TNextApiRequest } from "next/dist/shared/lib/utils";
 import { NameSchema } from "@lib/schemas/WireGuard";
 export const WgKeySchema = z.object({
  privateKey: z.string(),
  publicKey: z.string(),
  preSharedKey: z.string(),
 })
 export type WgKey = z.infer<typeof WgKeySchema>
@ -32,7 +34,7 @@ export const WgServerSchema = z.object({
  id: z.string().uuid(),
  confId: z.number(),
  type: z.enum([ 'direct', 'bridge', 'tor' ]),
-  name: z.string().regex(/^[A-Za-z\d\s]{3,32}$/),
+  name: NameSchema,
  address: z.string().regex(IPV4_REGEX),
  listen: z.number(),
  preUp: z.string().nullable(),
@ -40,17 +42,21 @@ export const WgServerSchema = z.object({
  preDown: z.string().nullable(),
  postDown: z.string().nullable(),
  dns: z.string().regex(IPV4_REGEX).nullable(),
-  peers: z.array(z.object({
+  peers: z.array(
-    publicKey: z.string(),
+     z.object({
-    preSharedKey: z.string().nullable(),
+       id: z.string().uuid(),
-    allowedIps: z.string().regex(IPV4_REGEX),
+       name: NameSchema,
-    persistentKeepalive: z.number().nullable(),
+       preSharedKey: z.string().nullable(),
-  })),
+       allowedIps: z.string().regex(IPV4_REGEX),
       persistentKeepalive: z.number().nullable(),
     })
        .merge(WgKeySchema)
  ),
  createdAt: z.string().datetime(),
  updatedAt: z.string().datetime(),
  status: z.enum([ 'up', 'down' ]),
 })
-   .merge(WgKeySchema)
+   .merge(WgKeySchema.omit({ preSharedKey: true }))
 export type WgServer = z.infer<typeof WgServerSchema>
--- a/src/lib/wireguard-utils.ts
+++ b/src/lib/wireguard-utils.ts
@ -0,0 +1,55 @@
 import { WgServer } from "@lib/typings";
 export function getServerConf(server: WgServer): string {
  const lines = [
    '# Autogenerated by WireGuard UI (WireAdmin)',
    '[Interface]',
    `PrivateKey = ${server.privateKey}`,
    `Address = ${server.address}/24`,
    `ListenPort = ${server.listen}`,
    `${server.dns ? `DNS = ${server.dns}` : 'OMIT'}`,
    '',
    `${server.preUp ? `PreUp = ${server.preUp}` : 'OMIT'}`,
    `${server.postUp ? `PostUp = ${server.postUp}` : 'OMIT'}`,
    `${server.preDown ? `PreDown = ${server.preDown}` : 'OMIT'}`,
    `${server.postDown ? `PostDown = ${server.postDown}` : 'OMIT'}`,
    ...server.peers.map((peer, index) => ([
      '',
      `## ${peer.name || `Peer #${index + 1}`}`,
      '[Peer]',
      `PublicKey = ${peer.publicKey}`,
      `${peer.preSharedKey ? `PresharedKey = ${peer.preSharedKey}` : 'OMIT'}`,
      `AllowedIPs = ${peer.allowedIps}/32`,
      `${peer.persistentKeepalive ? `PersistentKeepalive = ${peer.persistentKeepalive}` : 'OMIT'}`
    ]))
  ]
  return lines
     .filter((l) => l !== 'OMIT')
     .join('\n')
 }
 type Peer = WgServer['peers'][0]
 interface GenPeerConParams extends Peer {
  serverAddress?: string
  port: number
 }
 export function getPeerConf(params: GenPeerConParams): string {
  const lines = [
    '# Autogenerated by WireGuard UI (WireAdmin)',
    '[Interface]',
    `PrivateKey = ${params.privateKey}`,
    `Address = ${params.allowedIps}/32`,
    '',
    '[Peer]',
    `PublicKey = ${params.publicKey}`,
    `${params.preSharedKey ? `PresharedKey = ${params.preSharedKey}` : 'OMIT'}`,
    `AllowedIPs = ${params.allowedIps}/32`,
    `PersistentKeepalive = ${params.persistentKeepalive}`,
    `Endpoint = ${params.serverAddress || process.env.NEXT_PUBLIC_WG_HOST}:${params.port}`,
  ]
  return lines
     .filter((l) => l !== 'OMIT')
     .join('\n')
 }
--- a/src/lib/wireguard.ts
+++ b/src/lib/wireguard.ts
@ -6,6 +6,7 @@ import { WgKey, WgServer } from "@lib/typings";
 import { client, WG_SEVER_PATH } from "@lib/redis";
 import { isJson } from "@lib/utils";
 import deepmerge from "deepmerge";
 import { getPeerConf, getServerConf } from "@lib/wireguard-utils";
 export class WGServer {
@ -63,7 +64,10 @@ export class WGServer {
      console.warn('findServerIndex: index not found')
      return true
    }
-    const res = await client.lset(WG_SEVER_PATH, index, JSON.stringify(deepmerge(server, update)))
+    const res = await client.lset(WG_SEVER_PATH, index, JSON.stringify({
      ...deepmerge(server, update),
      updatedAt: new Date().toISOString()
    }))
    return res === 'OK'
  }
@ -109,14 +113,23 @@ export class WGServer {
      return false
    }
    const peers = await wgPeersStr(server.confId)
-    const peerIndex = peers.findIndex((p) => p
+
-       .replace(/\s/g, '')
+    const index = await findServerIndex(id)
-       .includes(`PublicKey=${publicKey}`)
+    if (typeof index !== 'number') {
-    )
+      console.warn('findServerIndex: index not found')
      return true
    }
    await client.lset(WG_SEVER_PATH, index, JSON.stringify({
      ...server,
      peers: server.peers.filter((p) => p.publicKey !== publicKey)
    }))
    const peerIndex = peers.findIndex((p) => p.includes(`PublicKey = ${publicKey}`))
    if (peerIndex === -1) {
-      console.warn('no peer found')
+      console.warn('removePeer: no peer found')
      return false
    }
    const confPath = path.join(WG_PATH, `wg${server.confId}.conf`)
    const conf = await fs.readFile(confPath, 'utf-8')
    const serverConfStr = conf.includes('[Peer]') ?
@ -124,14 +137,46 @@ export class WGServer {
       conf
    const peersStr = peers.filter((_, i) => i !== peerIndex).join('\n')
    await fs.writeFile(confPath, `${serverConfStr}\n${peersStr}`)
-    await WGServer.update(server.id, {
+
      peers: server.peers.filter((_, i) => i !== peerIndex)
    })
    await WGServer.stop(server.id)
    await WGServer.start(server.id)
    return true
  }
  static async getFreePeerIp(id: string): Promise<string | undefined> {
    const server = await findServer(id)
    if (!server) {
      console.error('getFreePeerIp: server not found')
      return undefined
    }
    const reservedIps = server.peers.map((p) => p.allowedIps)
    const ips = reservedIps.map((ip) => ip.split('/')[0])
    const net = server.address.split('/')[0].split('.')
    for (let i = 1; i < 255; i++) {
      const ip = `${net[0]}.${net[1]}.${net[2]}.${i}`
      if (!ips.includes(ip) && ip !== server.address.split('/')[0]) {
        return ip
      }
    }
    console.error('getFreePeerIp: no free ip found')
    return undefined
  }
  static async generatePeerConfig(id: string, peerId: string): Promise<string | undefined> {
    const server = await findServer(id)
    if (!server) {
      console.error('generatePeerConfig: server not found')
      return undefined
    }
    const peer = server.peers.find((p) => p.id === peerId)
    if (!peer) {
      console.error('generatePeerConfig: peer not found')
      return undefined
    }
    return getPeerConf({ ...peer, port: server.listen })
  }
 }
 /**
@ -171,8 +216,11 @@ export async function readWgConf(configId: number): Promise<WgServer> {
    if (reachedPeers) {
      if (key === '[Peer]') {
        server.peers.push({
          id: crypto.randomUUID(),
          name: `Unknown #${server.peers.length + 1}`,
          publicKey: '',
-          preSharedKey: null,
+          privateKey: '', // it's okay to be empty because, we not using it on server
          preSharedKey: '',
          allowedIps: '',
          persistentKeepalive: null
        })
@ -268,7 +316,8 @@ async function wgPeersStr(configId: number): Promise<string[]> {
 export async function generateWgKey(): Promise<WgKey> {
  const privateKey = await Shell.exec('wg genkey');
  const publicKey = await Shell.exec(`echo ${privateKey} | wg pubkey`);
-  return { privateKey, publicKey }
+  const preSharedKey = await Shell.exec('wg genkey');
  return { privateKey, publicKey, preSharedKey }
 }
 export async function generateWgServer(config: {
@ -386,34 +435,6 @@ export async function dropInterface(configId: number) {
  await Shell.exec(`ip link delete dev wg${configId}`, true)
 }
 export function getServerConf(server: WgServer): string {
  return `
 # Autogenerated by WireGuard UI (WireAdmin) 
 [Interface]
 PrivateKey = ${server.privateKey}
 Address = ${server.address}/24
 ListenPort = ${server.listen}
 ${server.dns ? `DNS = ${server.dns}` : ''}
 PreUp = ${server.preUp}
 PostUp = ${server.postUp}
 PreDown = ${server.preDown}
 PostDown = ${server.postDown}
 ${server.peers.map(getPeerConf).join('\n')}
 `
 }
 export function getPeerConf(peer: WgServer['peers'][0]): string {
  return `
 [Peer]
 PublicKey = ${peer.publicKey}
 ${peer.preSharedKey ? `PresharedKey = ${peer.preSharedKey}` : ''}
 AllowedIPs = ${peer.allowedIps}/32
 ${peer.persistentKeepalive ? `PersistentKeepalive = ${peer.persistentKeepalive}` : ''}
 `
 }
 export async function maxConfId(): Promise<number> {
  // get files in /etc/wireguard
  const files = await fs.readdir(WG_PATH)