UniqueSoft/wireadmin
2
0
Fork 0
mirror of https://github.com/wireadmin/wireadmin synced 2025-06-26 18:28:06 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Shahrad Elahi
2023-12-11 05:13:05 +03:30
parent 4aa94a787c
commit 84284360a2
8 changed files with 48 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/docker-image.yaml vendored
View File

@@ -76,7 +76,7 @@ jobs:
echo "RELEASE_TAG=,docker.io/${IMAGE_NAME}:latest" >> $GITHUB_ENV echo "RELEASE_TAG=,docker.io/${IMAGE_NAME}:latest" >> $GITHUB_ENV
else else
echo "Labeling image with commit SHA: ${GITHUB_SHA}" echo "Labeling image with commit SHA: ${GITHUB_SHA}"
echo "IMAGE_TAG=${GITHUB_SHA}" >> $GITHUB_ENV echo "IMAGE_TAG=canary-${GITHUB_SHA}" >> $GITHUB_ENV
fi fi
- name: Push to DockerHub - name: Push to DockerHub

14
README.md
View File

@@ -69,13 +69,13 @@ Please feel free to open an issue if you have any questions or suggestions.
These options can be configured by setting environment variables using `-e KEY="VALUE"` in the `docker run` command. These options can be configured by setting environment variables using `-e KEY="VALUE"` in the `docker run` command.
| Option | Description | Optional | | Option | Description | Optional |
|-------------------|--------------------------------------------------------------------------------------------------------------------------------------|----------| |-------------------|----------------------------------------------------------------------------------------------------------------------------------------|----------|
| `WG_HOST` | The public IP address of the WireGuard server. | | | `WG_HOST` | The public IP address of the WireGuard server. | |
| `UI_PASSWORD` | The password for the admin UI. | | | `UI_PASSWORD` | The password for the admin UI. | |
| `ORIGIN` | In case you want to access the web-admin remotely, you must set this to the host you are using, for example, `http://hostname:port`. | ✔️ | | `ORIGIN` | In case you want to access the web-admin remotely, you must set this to the host you are using, for example, `http://<hostname>:3000`. | ✔️ |
| `TOR_USE_BRIDGES` | Set this to `1` and then mount the bridges file at `/etc/torrc.d/bridges.conf`. | ✔️ | | `TOR_USE_BRIDGES` | Set this to `1` and then mount the bridges file at `/etc/torrc.d/bridges.conf`. | ✔️ |
| `TOR_*` | The `Torrc` proxy configuration. (e.g. `SocksPort` as `TOR_SOCKSPORT="9050"`) | ✔️ | | `TOR_*` | The `Torrc` proxy configuration. (e.g. `SocksPort` as `TOR_SOCKSPORT="9050"`) | ✔️ |
## Support the Project ## Support the Project

44
docker-entrypoint.sh
View File

@@ -11,27 +11,25 @@ remove_duplicated_lines() {
mv "$temp_file" "$file" mv "$temp_file" "$file"
} }
remove_duplicate_env() {
local file="$1"
local temp_file="/tmp/$(basename "$file")"
awk -F "=" -e '!seen[$1]++' "$file" >"$temp_file"
mv "$temp_file" "$file"
}
to_camel_case() { to_camel_case() {
echo "${1}" | awk -F_ '{for(i=1;i<=NF;i++) $i=toupper(substr($i,1,1)) tolower(substr($i,2));}1' OFS="" echo "${1}" | awk -F_ '{for(i=1;i<=NF;i++) $i=toupper(substr($i,1,1)) tolower(substr($i,2));}1' OFS=""
} }
echo " "
echo " _ ___ ___ __ _ "
echo "| | / (_)_______ / | ____/ /___ ___ (_)___ "
echo "| | /| / / / ___/ _ \/ /| |/ __ / __ \`__ \/ / __ \\"
echo "| |/ |/ / / / / __/ ___ / /_/ / / / / / / / / / /"
echo "|__/|__/_/_/ \___/_/ |_\__,_/_/ /_/ /_/_/_/ /_/ "
echo " "
mkdir -p /var/vlogs mkdir -p /var/vlogs
if [ ! -f "${ENV_FILE}" ]; then touch "${ENV_FILE}"
echo "" >"${ENV_FILE}"
fi
chmod 400 "${ENV_FILE}" chmod 400 "${ENV_FILE}"
if ! grep -q "AUTH_SECRET" "${ENV_FILE}"; then if ! grep -q "AUTH_SECRET" "${ENV_FILE}"; then
cat "${ENV_FILE}" &>/dev/null <<EOF tee -a "${ENV_FILE}" &>/dev/null <<EOF
AUTH_SECRET=$(openssl rand -base64 32) AUTH_SECRET=$(openssl rand -base64 32)
EOF EOF
fi fi
@@ -40,15 +38,19 @@ fi
# if there was, converting it to hex and storing it to # if there was, converting it to hex and storing it to
# the .env # the .env
if [ -n "$UI_PASSWORD" ]; then if [ -n "$UI_PASSWORD" ]; then
ui_password_hex=$(echo -n "$UI_PASSWORD" | xxd -ps -u) sed -i '/^HASHED_PASSWORD/d' "${ENV_FILE}"
sed -e '/^HASHED_PASSWORD=/d' "${ENV_FILE}" tee -a "${ENV_FILE}" &>/dev/null <<EOF
cat "${ENV_FILE}" &>/dev/null <<EOF HASHED_PASSWORD=$(echo -n "$UI_PASSWORD" | xxd -ps -u)
HASHED_PASSWORD=$ui_password_hex
EOF EOF
unset UI_PASSWORD unset UI_PASSWORD
else
echo "[error] no password set for the UI"
exit 1
fi fi
remove_duplicate_env "${ENV_FILE}" # Remove duplicated envs
awk -F= '!a[$1]++' "${ENV_FILE}" >"/tmp/$(basename "${ENV_FILE}")" &&
mv "/tmp/$(basename "${ENV_FILE}")" "${ENV_FILE}"
# IP address of the container # IP address of the container
inet_address="$(hostname -i | awk '{print $1}')" inet_address="$(hostname -i | awk '{print $1}')"
@@ -91,14 +93,6 @@ screen -L -Logfile /var/vlogs/tor -dmS tor \
screen -L -Logfile /var/vlogs/redis -dmS redis \ screen -L -Logfile /var/vlogs/redis -dmS redis \
bash -c "redis-server --port 6479 --daemonize no --dir /data --appendonly yes" bash -c "redis-server --port 6479 --daemonize no --dir /data --appendonly yes"
echo " "
echo " _ ___ ___ __ _ "
echo "| | / (_)_______ / | ____/ /___ ___ (_)___ "
echo "| | /| / / / ___/ _ \/ /| |/ __ / __ \`__ \/ / __ \\"
echo "| |/ |/ / / / / __/ ___ / /_/ / / / / / / / / / /"
echo "|__/|__/_/_/ \___/_/ |_\__,_/_/ /_/ /_/_/_/ /_/ "
echo " "
sleep 1 sleep 1
echo -e "\n======================== Versions ========================" echo -e "\n======================== Versions ========================"
echo -e "Alpine Version: \c" && cat /etc/alpine-release echo -e "Alpine Version: \c" && cat /etc/alpine-release

4
web/src/hooks.server.ts
View File

@@ -3,9 +3,7 @@ import { verifyToken } from '$lib/auth';
import 'dotenv/config'; import 'dotenv/config';
export const handle: Handle = async ({ event, resolve }) => { export const handle: Handle = async ({ event, resolve }) => {
const { HASHED_PASSWORD } = process.env; if (!AUTH_EXCEPTION.includes(event.url.pathname)) {
if (!!HASHED_PASSWORD && !AUTH_EXCEPTION.includes(event.url.pathname)) {
const token = event.cookies.get('authorization'); const token = event.cookies.get('authorization');
const token_valid = await verifyToken(token ?? ''); const token_valid = await verifyToken(token ?? '');

7
web/src/index.test.ts
View File

@@ -1,7 +0,0 @@
import { describe, expect, it } from 'vitest';
describe('sum test', () => {
it('adds 1 + 2 to equal 3', () => {
expect(1 + 2).toBe(3);
});
});

16
web/src/lib/auth.ts
View File

@@ -3,26 +3,36 @@ import 'dotenv/config';
import Hex from 'crypto-js/enc-hex'; import Hex from 'crypto-js/enc-hex';
import { randomUUID } from 'node:crypto'; import { randomUUID } from 'node:crypto';
import SHA256 from 'crypto-js/sha256'; import SHA256 from 'crypto-js/sha256';
import { client } from '$lib/redis';
export const AUTH_SECRET = process.env.AUTH_SECRET || Hex.stringify(SHA256(randomUUID())); export const AUTH_SECRET = process.env.AUTH_SECRET || Hex.stringify(SHA256(randomUUID()));
export async function generateToken(): Promise<string> { export async function generateToken(): Promise<string> {
const now = Math.floor(Date.now() / 1000); const now = Math.floor(Date.now() / 1000);
return jwt.sign( const oneHour = 60 * 60;
const token = jwt.sign(
{ {
ok: true, ok: true,
iat: now, iat: now,
exp: now + 60 * 60, exp: now + oneHour,
}, },
AUTH_SECRET, AUTH_SECRET,
); );
await client.setex(token, oneHour, '1');
return token;
} }
export async function verifyToken(token: string): Promise<boolean> { export async function verifyToken(token: string): Promise<boolean> {
try { try {
const decode = jwt.verify(token, AUTH_SECRET); const decode = jwt.verify(token, AUTH_SECRET);
return !!decode; if (!decode) return false;
const exists = await client.exists(token);
return exists === 1;
} catch (e) { } catch (e) {
return false; return false;
} }
} }
export async function revokeToken(token: string): Promise<void> {
await client.del(token);
}

2
web/src/routes/login/+page.server.ts
View File

@@ -50,6 +50,6 @@ export const actions: Actions = {
event.cookies.set('authorization', token); event.cookies.set('authorization', token);
} }
return { ok: true }; return { form, ok: true };
}, },
}; };

7
web/src/routes/logout/+page.server.ts
View File

@@ -1,7 +1,12 @@
import type { PageServerLoad } from './$types'; import type { PageServerLoad } from './$types';
import { redirect } from '@sveltejs/kit'; import { redirect } from '@sveltejs/kit';
import { revokeToken } from '$lib/auth';
export const load: PageServerLoad = ({ cookies }) => { export const load: PageServerLoad = async ({ cookies }) => {
if (!!cookies.get('authorization')) {
const token = cookies.get('authorization')!;
await revokeToken(token).catch(() => {});
}
cookies.delete('authorization'); cookies.delete('authorization');
throw redirect(302, '/login'); throw redirect(302, '/login');
}; };