UniqueSoft/wireadmin
2
0
Fork 0
mirror of https://github.com/wireadmin/wireadmin synced 2025-02-26 05:48:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Shahrad Elahi 2023-12-11 05:13:05 +03:30
parent 4aa94a787c
commit 84284360a2
8 changed files with 48 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/docker-image.yaml vendored
View File

@ -76,7 +76,7 @@ jobs:
echo "RELEASE_TAG=,docker.io/${IMAGE_NAME}:latest" >> $GITHUB_ENV
else
echo "Labeling image with commit SHA: ${GITHUB_SHA}"
echo "IMAGE_TAG=${GITHUB_SHA}" >> $GITHUB_ENV
echo "IMAGE_TAG=canary-${GITHUB_SHA}" >> $GITHUB_ENV
fi
- name: Push to DockerHub

14
README.md
View File

@ -69,13 +69,13 @@ Please feel free to open an issue if you have any questions or suggestions.
These options can be configured by setting environment variables using `-e KEY="VALUE"` in the `docker run` command.
| Option | Description | Optional |
|-------------------|--------------------------------------------------------------------------------------------------------------------------------------|----------|
| `WG_HOST` | The public IP address of the WireGuard server. | |
| `UI_PASSWORD` | The password for the admin UI. | |
| `ORIGIN` | In case you want to access the web-admin remotely, you must set this to the host you are using, for example, `http://hostname:port`. | ✔️ |
| `TOR_USE_BRIDGES` | Set this to `1` and then mount the bridges file at `/etc/torrc.d/bridges.conf`. | ✔️ |
| `TOR_*` | The `Torrc` proxy configuration. (e.g. `SocksPort` as `TOR_SOCKSPORT="9050"`) | ✔️ |
| Option | Description | Optional |
|-------------------|----------------------------------------------------------------------------------------------------------------------------------------|----------|
| `WG_HOST` | The public IP address of the WireGuard server. | |
| `UI_PASSWORD` | The password for the admin UI. | |
| `ORIGIN` | In case you want to access the web-admin remotely, you must set this to the host you are using, for example, `http://<hostname>:3000`. | ✔️ |
| `TOR_USE_BRIDGES` | Set this to `1` and then mount the bridges file at `/etc/torrc.d/bridges.conf`. | ✔️ |
| `TOR_*` | The `Torrc` proxy configuration. (e.g. `SocksPort` as `TOR_SOCKSPORT="9050"`) | ✔️ |
## Support the Project

44
docker-entrypoint.sh
View File

@ -11,27 +11,25 @@ remove_duplicated_lines() {
mv "$temp_file" "$file"
}
remove_duplicate_env() {
local file="$1"
local temp_file="/tmp/$(basename "$file")"
awk -F "=" -e '!seen[$1]++' "$file" >"$temp_file"
mv "$temp_file" "$file"
}
to_camel_case() {
echo "${1}" | awk -F_ '{for(i=1;i<=NF;i++) $i=toupper(substr($i,1,1)) tolower(substr($i,2));}1' OFS=""
}
echo " "
echo " _ ___ ___ __ _ "
echo "| | / (_)_______ / | ____/ /___ ___ (_)___ "
echo "| | /| / / / ___/ _ \/ /| |/ __ / __ \`__ \/ / __ \\"
echo "| |/ |/ / / / / __/ ___ / /_/ / / / / / / / / / /"
echo "|__/|__/_/_/ \___/_/ |_\__,_/_/ /_/ /_/_/_/ /_/ "
echo " "
mkdir -p /var/vlogs
if [ ! -f "${ENV_FILE}" ]; then
echo "" >"${ENV_FILE}"
fi
touch "${ENV_FILE}"
chmod 400 "${ENV_FILE}"
if ! grep -q "AUTH_SECRET" "${ENV_FILE}"; then
cat "${ENV_FILE}" &>/dev/null <<EOF
tee -a "${ENV_FILE}" &>/dev/null <<EOF
AUTH_SECRET=$(openssl rand -base64 32)
EOF
fi
@ -40,15 +38,19 @@ fi
# if there was, converting it to hex and storing it to
# the .env
if [ -n "$UI_PASSWORD" ]; then
ui_password_hex=$(echo -n "$UI_PASSWORD" | xxd -ps -u)
sed -e '/^HASHED_PASSWORD=/d' "${ENV_FILE}"
cat "${ENV_FILE}" &>/dev/null <<EOF
HASHED_PASSWORD=$ui_password_hex
sed -i '/^HASHED_PASSWORD/d' "${ENV_FILE}"
tee -a "${ENV_FILE}" &>/dev/null <<EOF
HASHED_PASSWORD=$(echo -n "$UI_PASSWORD" | xxd -ps -u)
EOF
unset UI_PASSWORD
else
echo "[error] no password set for the UI"
exit 1
fi
remove_duplicate_env "${ENV_FILE}"
# Remove duplicated envs
awk -F= '!a[$1]++' "${ENV_FILE}" >"/tmp/$(basename "${ENV_FILE}")" &&
mv "/tmp/$(basename "${ENV_FILE}")" "${ENV_FILE}"
# IP address of the container
inet_address="$(hostname -i | awk '{print $1}')"
@ -91,14 +93,6 @@ screen -L -Logfile /var/vlogs/tor -dmS tor \
screen -L -Logfile /var/vlogs/redis -dmS redis \
bash -c "redis-server --port 6479 --daemonize no --dir /data --appendonly yes"
echo " "
echo " _ ___ ___ __ _ "
echo "| | / (_)_______ / | ____/ /___ ___ (_)___ "
echo "| | /| / / / ___/ _ \/ /| |/ __ / __ \`__ \/ / __ \\"
echo "| |/ |/ / / / / __/ ___ / /_/ / / / / / / / / / /"
echo "|__/|__/_/_/ \___/_/ |_\__,_/_/ /_/ /_/_/_/ /_/ "
echo " "
sleep 1
echo -e "\n======================== Versions ========================"
echo -e "Alpine Version: \c" && cat /etc/alpine-release

4
web/src/hooks.server.ts
View File

@ -3,9 +3,7 @@ import { verifyToken } from '$lib/auth';
import 'dotenv/config';
export const handle: Handle = async ({ event, resolve }) => {
const { HASHED_PASSWORD } = process.env;
if (!!HASHED_PASSWORD && !AUTH_EXCEPTION.includes(event.url.pathname)) {
if (!AUTH_EXCEPTION.includes(event.url.pathname)) {
const token = event.cookies.get('authorization');
const token_valid = await verifyToken(token ?? '');

7
web/src/index.test.ts
View File

@ -1,7 +0,0 @@
import { describe, expect, it } from 'vitest';
describe('sum test', () => {
it('adds 1 + 2 to equal 3', () => {
expect(1 + 2).toBe(3);
});
});

16
web/src/lib/auth.ts
View File

@ -3,26 +3,36 @@ import 'dotenv/config';
import Hex from 'crypto-js/enc-hex';
import { randomUUID } from 'node:crypto';
import SHA256 from 'crypto-js/sha256';
import { client } from '$lib/redis';
export const AUTH_SECRET = process.env.AUTH_SECRET || Hex.stringify(SHA256(randomUUID()));
export async function generateToken(): Promise<string> {
const now = Math.floor(Date.now() / 1000);
return jwt.sign(
const oneHour = 60 * 60;
const token = jwt.sign(
{
ok: true,
iat: now,
exp: now + 60 * 60,
exp: now + oneHour,
},
AUTH_SECRET,
);
await client.setex(token, oneHour, '1');
return token;
}
export async function verifyToken(token: string): Promise<boolean> {
try {
const decode = jwt.verify(token, AUTH_SECRET);
return !!decode;
if (!decode) return false;
const exists = await client.exists(token);
return exists === 1;
} catch (e) {
return false;
}
}
export async function revokeToken(token: string): Promise<void> {
await client.del(token);
}

2
web/src/routes/login/+page.server.ts
View File

@ -50,6 +50,6 @@ export const actions: Actions = {
event.cookies.set('authorization', token);
}
return { ok: true };
return { form, ok: true };
},
};

7
web/src/routes/logout/+page.server.ts
View File

@ -1,7 +1,12 @@
import type { PageServerLoad } from './$types';
import { redirect } from '@sveltejs/kit';
import { revokeToken } from '$lib/auth';
export const load: PageServerLoad = ({ cookies }) => {
export const load: PageServerLoad = async ({ cookies }) => {
if (!!cookies.get('authorization')) {
const token = cookies.get('authorization')!;
await revokeToken(token).catch(() => {});
}
cookies.delete('authorization');
throw redirect(302, '/login');
};