list peers working
parent
fcfa70c161
commit
355c527871
|
@ -1 +1,2 @@
|
|||
srv/env
|
||||
srv/tokens
|
||||
|
|
|
@ -0,0 +1,18 @@
|
|||
# wgapi
|
||||
2022 Keith Irwin (ki9.gf4.pw)
|
||||
|
||||
### Allow cgi scripts to run as root
|
||||
|
||||
To ensure the `srv/send/wg` and `srv/send/ssl` commands can run as root, run
|
||||
|
||||
```sh
|
||||
sudo visudo
|
||||
```
|
||||
|
||||
And add these lines:
|
||||
|
||||
```
|
||||
# Let http run these cgi scripts as root
|
||||
http ALL=(ALL) NOPASSWD: /path/to/wgapi/srv/send/ssl
|
||||
http ALL=(ALL) NOPASSWD: /path/to/wgapi/srv/send/wg
|
||||
```
|
24
srv/client
24
srv/client
|
@ -1,19 +1,25 @@
|
|||
#!/bin/sh
|
||||
# client
|
||||
|
||||
TOKENS_FILE='tokens'
|
||||
source ./env
|
||||
|
||||
case "${REQUEST_METHOD}" in
|
||||
|
||||
# List peers
|
||||
"GET")
|
||||
# Get user from IP
|
||||
user="$(lib/get-user-from-ip ${REMOTE_ADDR})"
|
||||
printf "Content-Type: text/plain\n\nHello ${user}\n"
|
||||
printf "TLD: ${TLD}\n"
|
||||
#TODO Get or set token
|
||||
#TODO Send user peers
|
||||
;;
|
||||
'GET')
|
||||
# Get username (rDNS lookup) TODO Handle timeout
|
||||
username="$(nslookup ${REMOTE_ADDR} ${DNS_MASTER} | cut -d'=' -f2 | cut -d'.' -f3)"
|
||||
# Get token
|
||||
token="$(grep ${REMOTE_ADDR} ${TOKENS_FILE} | cut -f2)"
|
||||
# Set token?
|
||||
if [ "${token}" == "" ]; then
|
||||
token="$(</dev/urandom tr -dc '[:alnum:]' | fold -w 64 | head -n 1)"
|
||||
printf "${REMOTE_ADDR}\t${token}\n" >>"${TOKENS_FILE}"
|
||||
fi
|
||||
# Get peers
|
||||
peers="[\n$(sudo send/wg get_peers ${TLD} ${REMOTE_ADDR} ${DNS_MASTER})\n\t]"
|
||||
# Send response
|
||||
printf "Content-Type: text/json\n\n{\n\t\"name\": \"${username}\",\n\t\"token\": \"${token}\",\n\t\"peers\": ${peers}\n}";;
|
||||
|
||||
# Add peer
|
||||
"POST")
|
||||
|
|
|
@ -1,11 +0,0 @@
|
|||
#!/bin/sh
|
||||
# get-user-from-ip
|
||||
# https://gitea.ksn.gf4/gf4/wgapi/src/branch/master/includes/helpers.js#L12
|
||||
|
||||
# Check args
|
||||
[ "$#" -ne "1" ] && exit 1
|
||||
echo "$1"
|
||||
# Get subnet
|
||||
# Read wg
|
||||
#"$1" is the request ip
|
||||
|
|
@ -1,4 +1,23 @@
|
|||
#!/bin/sh
|
||||
# send/wg
|
||||
# wg
|
||||
|
||||
printf 'send/wg\n'
|
||||
case "${1}" in
|
||||
|
||||
'get_peers') shift
|
||||
wg show "${1}" allowed-ips | \
|
||||
grep '/32\|/128' | grep ${2%[.:]*} | \
|
||||
while read pubkey ipv4 ipv6; do
|
||||
ipv4="${ipv4%%/*}"
|
||||
ipv6="${ipv6%%/*}"
|
||||
hostname="$(nslookup ${ipv4} ${3} | cut -d'=' -f2 | cut -d'.' -f1 | xargs)"
|
||||
printf " {
|
||||
\"hostname\": \"${hostname}\",
|
||||
\"ipv4\": \"${ipv4}\",
|
||||
\"ipv6\": \"${ipv6}\",
|
||||
\"pubkey\": \"${pubkey}\"
|
||||
},\n"
|
||||
done
|
||||
;;
|
||||
|
||||
*) exit 1;;
|
||||
esac
|
||||
|
|
Loading…
Reference in New Issue