From 66c62fc8c99d7076623180d2a9f3b0a37d59c62d Mon Sep 17 00:00:00 2001
From: wgapi Cloud9 <c9@gitea.gf4>
Date: Fri, 22 Oct 2021 01:29:43 -0600
Subject: [PATCH 01/17] Nsupdate in production only; removed CIDR part from
 user.peers ip addresses

---
 app/add.js          | 28 +++++++++++++++-------------
 app/del.js          | 24 +++++++++++++-----------
 includes/helpers.js |  6 +++---
 3 files changed, 31 insertions(+), 27 deletions(-)

diff --git a/app/add.js b/app/add.js
index 0869f28..08de1d9 100644
--- a/app/add.js
+++ b/app/add.js
@@ -49,10 +49,10 @@ module.exports = async (req, res) => {
 	// Find next available host part
 	const used_ipv4_hosts = user.peers
 		.map((host) => host.ipv4).map((found_ipv4) => 
-			found_ipv4.toString().split('.')[3].split('/')[0])
+			found_ipv4.toString().split('.')[3])
 	const used_ipv6_hosts = user.peers
 		.map((host) => host.ipv6).map((found_ipv6) => 
-			found_ipv6.toString().split(':')[3].split('/')[0])
+			found_ipv6.toString().split(':')[3])
 	let host = 1
 	while ([...used_ipv4_hosts,...used_ipv6_hosts].includes(host.toString())) host++
 	
@@ -118,18 +118,20 @@ AllowedIPs = ${ipv4_addr}/32, ${ipv6_addr}/128`
 	}
 
 	// Update nameserver
-	const domain = `${new_hostname}.${user.name}.${env.TLD}.`
-	try {
-		await helper.nsUpdate(dns_key, env.DNS_MASTER, 
-`update add ${domain} ${env.DNS_TTL} A ${ipv4_addr}
-update add ${domain} ${env.DNS_TTL} AAAA ${ipv6_addr}
-update add *.${domain} ${env.DNS_TTL} CNAME ${domain}`)
+	if (env.ENV==='prod') {
+		const domain = `${new_hostname}.${user.name}.${env.TLD}.`
+		try {
+			await helper.nsUpdate(dns_key, env.DNS_MASTER, 
+	`update add ${domain} ${env.DNS_TTL} A ${ipv4_addr}
+	update add ${domain} ${env.DNS_TTL} AAAA ${ipv6_addr}
+	update add *.${domain} ${env.DNS_TTL} CNAME ${domain}`)
+		}
+		catch (err) {
+			console.error(`Failed to add ns record.`)
+			if (err) console.error(err)
+		}
+		console.log(`Updated nameserver to add ${domain}.`)
 	}
-	catch (err) {
-		console.error(`Failed to add ns record.`)
-		if (err) console.error(err)
-	}
-	console.log(`Updated nameserver to add ${domain}.`)
 
 	// Generate user config
 	const listen_port = Math.floor(50000 + Math.random() * 10000)
diff --git a/app/del.js b/app/del.js
index 5b4cd55..b323a8b 100644
--- a/app/del.js
+++ b/app/del.js
@@ -129,18 +129,20 @@ module.exports = async (req, res) => {
 	}
 		
 	// Delete domains from nameserver
-	try {
-		await helper.nsUpdate(dns_key, env.DNS_MASTER, 
-`update delete ${peer_name}. A
-update delete ${peer_name}. AAAA
-update delete *.${peer_name}. CNAME`)
+	if (env.ENV==='prod') {
+		try {
+			await helper.nsUpdate(dns_key, env.DNS_MASTER, 
+	`update delete ${peer_name}. A
+	update delete ${peer_name}. AAAA
+	update delete *.${peer_name}. CNAME`)
+		}
+		catch (err) {
+			console.error(`Failed to delete ns record`)
+			if (err) console.error(err)
+			return res.sendStatus(500)
+		}
+		console.log(`Updated nameserver to delete ${peer_name}.`)
 	}
-	catch (err) {
-		console.error(`Failed to delete ns record`)
-		if (err) console.error(err)
-		return res.sendStatus(500)
-	}
-	console.log(`Updated nameserver to delete ${peer_name}.`)
 	
 	return res.sendStatus(200)
 
diff --git a/includes/helpers.js b/includes/helpers.js
index 14c1a28..f48e4e0 100644
--- a/includes/helpers.js
+++ b/includes/helpers.js
@@ -38,8 +38,8 @@ module.exports = {
 						}
 						else if (line.includes('AllowedIPs = ')) {
 							const ips = line.split('=')[1].split(', ')
-							userpeer_obj.ipv4 = ips.filter( (ip) => ip.includes(env.IPV4_NET) )[0].trim()
-							userpeer_obj.ipv6 = ips.filter( (ip) => ip.includes(env.IPV6_NET) )[0].trim()
+							userpeer_obj.ipv4 = ips.filter( (ip) => ip.includes(env.IPV4_NET) )[0].trim().split('/')[0]
+							userpeer_obj.ipv6 = ips.filter( (ip) => ip.includes(env.IPV6_NET) )[0].trim().split('/')[0]
 						}
 					}
 					found_hosts.push(userpeer_obj)
@@ -110,7 +110,7 @@ module.exports = {
 				})
 				nsupdate.on('exit', (status) => {
 					console.log(`nsupdate exited with status: ${status}`)
-					if (status===0) reject(errors)
+					if (status!==0) reject(errors)
 					else resolve()
 				})
 			

From 7e30e9262909461b5793d870ecf511f169293243 Mon Sep 17 00:00:00 2001
From: wgapi Cloud9 <c9@gitea.gf4>
Date: Fri, 22 Oct 2021 12:33:15 -0600
Subject: [PATCH 02/17] Fixed nsupdate commands formatting

---
 app/add.js | 6 +++---
 app/del.js | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/app/add.js b/app/add.js
index 08de1d9..5903de6 100644
--- a/app/add.js
+++ b/app/add.js
@@ -122,9 +122,9 @@ AllowedIPs = ${ipv4_addr}/32, ${ipv6_addr}/128`
 		const domain = `${new_hostname}.${user.name}.${env.TLD}.`
 		try {
 			await helper.nsUpdate(dns_key, env.DNS_MASTER, 
-	`update add ${domain} ${env.DNS_TTL} A ${ipv4_addr}
-	update add ${domain} ${env.DNS_TTL} AAAA ${ipv6_addr}
-	update add *.${domain} ${env.DNS_TTL} CNAME ${domain}`)
+`update add ${domain} ${env.DNS_TTL} A ${ipv4_addr}
+update add ${domain} ${env.DNS_TTL} AAAA ${ipv6_addr}
+update add *.${domain} ${env.DNS_TTL} CNAME ${domain}`)
 		}
 		catch (err) {
 			console.error(`Failed to add ns record.`)
diff --git a/app/del.js b/app/del.js
index b323a8b..5bfcf0e 100644
--- a/app/del.js
+++ b/app/del.js
@@ -132,9 +132,9 @@ module.exports = async (req, res) => {
 	if (env.ENV==='prod') {
 		try {
 			await helper.nsUpdate(dns_key, env.DNS_MASTER, 
-	`update delete ${peer_name}. A
-	update delete ${peer_name}. AAAA
-	update delete *.${peer_name}. CNAME`)
+`update delete ${peer_name}. A
+update delete ${peer_name}. AAAA
+update delete *.${peer_name}. CNAME`)
 		}
 		catch (err) {
 			console.error(`Failed to delete ns record`)

From 12dcc3f18f766929388bdd3713006bc34d9d38fa Mon Sep 17 00:00:00 2001
From: wgapi Cloud9 <c9@gitea.gf4>
Date: Fri, 22 Oct 2021 12:35:02 -0600
Subject: [PATCH 03/17] Fixed overzealous self deletion prevention

---
 app/del.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/del.js b/app/del.js
index 5bfcf0e..d9f4f88 100644
--- a/app/del.js
+++ b/app/del.js
@@ -89,7 +89,7 @@ module.exports = async (req, res) => {
 		.split(' # ')[1]
 	const peer_ips = peer_lines
 		.filter( (line) => line.includes('AllowedIPs = '))[0]
-		.split(' = ')[1]
+		.split(' = ')[1].split(', ')
 	if (peer_pubkey===undefined) {
 		peer_pubkey = peer_lines
 			.filter( (line) => line.includes('PublicKey = ') )[0]

From c5b8ab2001aff0ed06c127aeceaaa717516fdb62 Mon Sep 17 00:00:00 2001
From: wgapi Cloud9 <c9@gitea.gf4>
Date: Fri, 22 Oct 2021 14:28:18 -0600
Subject: [PATCH 04/17] Made logging more readable by not showing token

---
 app/del.js | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/app/del.js b/app/del.js
index d9f4f88..de9a9c1 100644
--- a/app/del.js
+++ b/app/del.js
@@ -21,7 +21,12 @@ let axios; (async()=>{
 const dns_key = `hmac-sha512:wgapi-${env.LOCAL_SERVER}:${env.DNS_KEY}`
 
 module.exports = async (req, res) => {
-	console.log(`Received request from ${req.requester} to delete ${JSON.stringify(req.query)}`)
+	const target  = req.query['name']
+		|| req.query['psk']
+		|| req.query['ip']
+		|| req.query['pubkey']
+		|| req.query['privkey']
+	console.log(`Received request from ${req.requester} to delete ${target}`)
 
 	// Get user from IP
 	let user; try { user = await helper.getUserFromIp(req.requester) }

From f85151d5e71646da2b0cce1f992e364422afa384 Mon Sep 17 00:00:00 2001
From: wgapi Cloud9 <c9@gitea.gf4>
Date: Fri, 22 Oct 2021 21:28:39 -0600
Subject: [PATCH 05/17] Created domain var and added it to newconfig as comment

---
 app/add.js | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/app/add.js b/app/add.js
index 5903de6..7bb27a8 100644
--- a/app/add.js
+++ b/app/add.js
@@ -42,10 +42,12 @@ module.exports = async (req, res) => {
 	
 	// Check if new peer already exists
 	if (user.peers.map((peer) => peer.name).includes(new_hostname)) {
-		console.log(`Host already exists for ${new_hostname}.${user.name}.${env.TLD}`)
+		console.log(`Host already exists for ${domain}`)
 		return res.sendStatus(409)
 	}
 	
+	const domain = `${new_hostname}.${user.name}.${env.TLD}`
+	
 	// Find next available host part
 	const used_ipv4_hosts = user.peers
 		.map((host) => host.ipv4).map((found_ipv4) => 
@@ -89,7 +91,7 @@ PersistentKeepAlive = 25`)
 
 		// Add new user device to server config as [Peer]
 		const server_config = `\n
-[Peer] # ${new_hostname}.${user.name}.${env.TLD}
+[Peer] # ${domain}
 PublicKey = ${keypair[0]}
 PresharedKey = ${psk}
 AllowedIPs = ${ipv4_addr}/32, ${ipv6_addr}/128`
@@ -119,12 +121,11 @@ AllowedIPs = ${ipv4_addr}/32, ${ipv6_addr}/128`
 
 	// Update nameserver
 	if (env.ENV==='prod') {
-		const domain = `${new_hostname}.${user.name}.${env.TLD}.`
 		try {
 			await helper.nsUpdate(dns_key, env.DNS_MASTER, 
-`update add ${domain} ${env.DNS_TTL} A ${ipv4_addr}
-update add ${domain} ${env.DNS_TTL} AAAA ${ipv6_addr}
-update add *.${domain} ${env.DNS_TTL} CNAME ${domain}`)
+`update add ${domain}. ${env.DNS_TTL} A ${ipv4_addr}
+update add ${domain}. ${env.DNS_TTL} AAAA ${ipv6_addr}
+update add *.${domain}. ${env.DNS_TTL} CNAME ${domain}.`)
 		}
 		catch (err) {
 			console.error(`Failed to add ns record.`)
@@ -135,7 +136,7 @@ update add *.${domain} ${env.DNS_TTL} CNAME ${domain}`)
 
 	// Generate user config
 	const listen_port = Math.floor(50000 + Math.random() * 10000)
-	const config = `[Interface]
+	const config = `[Interface] # ${domain}
 PrivateKey = ${keypair[1]}
 Address = ${ipv4_addr}/${env.IPV4_CIDR}, ${ipv6_addr}/${env.IPV6_CIDR}
 DNS = ${res.locals.DNS_SERVERS_STRING}

From 71eae60c4dfb6d8826dd3f66e61a855d42f456d6 Mon Sep 17 00:00:00 2001
From: wgapi Cloud9 <c9@gitea.gf4>
Date: Fri, 22 Oct 2021 21:32:01 -0600
Subject: [PATCH 06/17] Validated user input

---
 app/add.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/app/add.js b/app/add.js
index 7bb27a8..bc5a6a1 100644
--- a/app/add.js
+++ b/app/add.js
@@ -21,10 +21,13 @@ let axios; (async()=>{
 const dns_key = `hmac-sha512:wgapi-${env.LOCAL_SERVER}:${env.DNS_KEY}`
 
 module.exports = async (req, res) => {
-	const new_hostname = req.query['name']
+	const new_hostname = req.query['name'].trim().toLowerCase()
 	if (!new_hostname) {
 		console.log(`New peer request from ${req.requester} didn't provide a hostname`)
 		return res.sendStatus(400)
+	} else if (!/^([\-\_a-z0-9]{1,20})$/.test(new_hostname)) {
+		console.log(`New peer request from ${req.requester} provided an invalid hostname: ${new_hostname}`)
+		return res.sendStatus(400)
 	} else console.log(`New peer request from ${req.requester} for ${new_hostname}`)
 	
 	// Get user from IP

From acfcaf6f217bfd3bcede715e96e497d2d201d4e4 Mon Sep 17 00:00:00 2001
From: wgapi Cloud9 <c9@gitea.gf4>
Date: Fri, 22 Oct 2021 21:48:01 -0600
Subject: [PATCH 07/17] #12 log failed attempts to reach other servers

---
 app/add.js | 7 ++++---
 app/del.js | 3 ++-
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/app/add.js b/app/add.js
index bc5a6a1..eb1df61 100644
--- a/app/add.js
+++ b/app/add.js
@@ -19,6 +19,7 @@ let axios; (async()=>{
 	} catch (err) { console.error(err) }
 })()
 const dns_key = `hmac-sha512:wgapi-${env.LOCAL_SERVER}:${env.DNS_KEY}`
+let config_queue = []
 
 module.exports = async (req, res) => {
 	const new_hostname = req.query['name'].trim().toLowerCase()
@@ -111,12 +112,12 @@ AllowedIPs = ${ipv4_addr}/32, ${ipv6_addr}/128`
 				await axios.post(`${server.admin_endpoint}/add?secret=${server.secret}`, server_config, {
 					headers: {'Content-Type': 'text/plain'},
 				})
-			} catch (err) { 
+			} catch (err) {
 				if (err.message==='Request failed with status code 403') {
 					console.error(`Received 403 from ${server.admin_endpoint}/add`)
 				} else {
-					console.error(err)
-					//TODO: Handle other servers that are down (hold the config and retry?)
+					console.error(`Failed to add peer to ${server.host}:\n${server_config}`)
+					if (err) console.error(err.message)
 				}
 			}
 		}
diff --git a/app/del.js b/app/del.js
index de9a9c1..56919a1 100644
--- a/app/del.js
+++ b/app/del.js
@@ -127,7 +127,8 @@ module.exports = async (req, res) => {
 					headers: {'Content-Type': 'text/plain'},
 				})
 			} catch (err) {
-				console.error(`Failed to inform ${server.host} to delete ${peer_name}:\n\n`,err)
+				if (err) console.error(err)
+				console.error(`Failed to inform ${server.host} to delete ${peer_name}!`)
 				return res.sendStatus(500)
 			}
 		}

From 78b92b0969881486e38e7d31894852ce7f918175 Mon Sep 17 00:00:00 2001
From: Cloud9 GF4 wgapi <c9@gitea.gf4>
Date: Sat, 23 Oct 2021 15:44:25 -0600
Subject: [PATCH 08/17] package lock

---
 package-lock.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 7b16e0f..126fd8a 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "wgapi",
-  "version": "1.0.1",
+  "version": "1.0.4",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "wgapi",
-      "version": "1.0.1",
+      "version": "1.0.4",
       "license": "MIT",
       "dependencies": {
         "axios": "^0.23.0",

From 6fe01eb1dcb327f40793bfc14f6f0d1dbdd15c8b Mon Sep 17 00:00:00 2001
From: Cloud9 GF4 wgapi <c9@gitea.gf4>
Date: Sat, 23 Oct 2021 15:44:55 -0600
Subject: [PATCH 09/17] Fixed systemd unit files

---
 systemd/restart-wg-quick@.service | 2 +-
 systemd/restart-wg-quick@.timer   | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/systemd/restart-wg-quick@.service b/systemd/restart-wg-quick@.service
index 076af8f..40e387c 100644
--- a/systemd/restart-wg-quick@.service
+++ b/systemd/restart-wg-quick@.service
@@ -1,6 +1,6 @@
 [Unit]
 Description=Restart a wireguard service
-Requires=wg-quick@%i
+After=wg-quick@%i.service
 
 [Service]
 Type=oneshot
diff --git a/systemd/restart-wg-quick@.timer b/systemd/restart-wg-quick@.timer
index 6ee22c1..80fe262 100644
--- a/systemd/restart-wg-quick@.timer
+++ b/systemd/restart-wg-quick@.timer
@@ -1,9 +1,9 @@
 [Unit]
 Description=Restart wg-quick@%i every 10 minutes
-Requires=wg-quick@%i.service
+After=wg-quick@%i.service
 
 [Timer]
-OnCalendar=OnCalendar=*:0/10
+OnCalendar=*:0/10
 Unit=restart-wg-quick@%i.service
 
 [Install]

From b5580ddb920bcb529fc3b1abbcd6fa9aedde23dc Mon Sep 17 00:00:00 2001
From: Cloud9 GF4 wgapi <c9@gitea.gf4>
Date: Sat, 23 Oct 2021 15:49:54 -0600
Subject: [PATCH 10/17] Added helpful comment

---
 app/add.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/add.js b/app/add.js
index eb1df61..707aa84 100644
--- a/app/add.js
+++ b/app/add.js
@@ -22,6 +22,8 @@ const dns_key = `hmac-sha512:wgapi-${env.LOCAL_SERVER}:${env.DNS_KEY}`
 let config_queue = []
 
 module.exports = async (req, res) => {
+	
+	// Parse, sanitize, and validate hostname
 	const new_hostname = req.query['name'].trim().toLowerCase()
 	if (!new_hostname) {
 		console.log(`New peer request from ${req.requester} didn't provide a hostname`)

From 32c7c0b19a3e8a1137f6aaa8cbf75f9400e9329c Mon Sep 17 00:00:00 2001
From: Cloud9 GF4 wgapi <c9@gitea.gf4>
Date: Sat, 23 Oct 2021 16:08:37 -0600
Subject: [PATCH 11/17] #10 added check for double colons

---
 index.js | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/index.js b/index.js
index 7d16e5e..8e65ba7 100644
--- a/index.js
+++ b/index.js
@@ -6,9 +6,22 @@
 const env = require(process.argv[2]||'./env.json')
 const mw = require('./includes/middleware.js')
 const express = require('express')
+const fs = require('fs').promises
 const app = express()
 const admin = express()
 
+// Check the wireguard config file for '::'
+;(async (f) => {
+	let config; try {
+		config = (await fs.readFile(f)).toString()
+	} catch (err) {
+		console.error(`Failed to read ${f}!`)
+		if (err) console.error(err.message)
+	}
+	if (config.includes('::'))
+		console.error(`Found double colons (::) in ${f}!  Please expand all IPv6 addresses to prevent parsing issues!`)
+})(env.WG_CONFIG_FILE)
+
 app.set('trust proxy', true)
 	.use(mw.getRequester)
 	.get('/', (req, res) => res.redirect('/list'))

From 8bd30e84a490de401083ee7571c5ee3c278c4084 Mon Sep 17 00:00:00 2001
From: Cloud9 GF4 wgapi <c9@gitea.gf4>
Date: Sat, 23 Oct 2021 16:20:28 -0600
Subject: [PATCH 12/17] #7 stop providing IPv4s avter .254 and IPv6 after :9999

---
 app/add.js | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/app/add.js b/app/add.js
index 707aa84..bc28840 100644
--- a/app/add.js
+++ b/app/add.js
@@ -63,9 +63,14 @@ module.exports = async (req, res) => {
 			found_ipv6.toString().split(':')[3])
 	let host = 1
 	while ([...used_ipv4_hosts,...used_ipv6_hosts].includes(host.toString())) host++
+	if (host>9999) {
+		console.error(`New host part for ${user.name} is higher than 9999: ${host}`)
+		return res.sendStatus(507)
+	}
 	
 	// Create IP Addresses and keys
-	const ipv4_addr = `${env.IPV4_NET}.${user.subnet}.${host}`
+	let ipv4_addr; if (host<254)
+		ipv4_addr = `${env.IPV4_NET}.${user.subnet}.${host}`
 	const ipv6_addr = `${env.IPV6_NET}:${user.subnet}:${host}`
 	let keypair; try {
 		keypair = await wg.generateKeypair()
@@ -96,11 +101,14 @@ Endpoint = ${server.endpoint}
 PersistentKeepAlive = 25`)
 
 		// Add new user device to server config as [Peer]
+		const allowed_ips = ipv4_addr
+			? `${ipv4_addr}/32, ${ipv6_addr}/128`
+			: `${ipv6_addr}/128`
 		const server_config = `\n
 [Peer] # ${domain}
 PublicKey = ${keypair[0]}
 PresharedKey = ${psk}
-AllowedIPs = ${ipv4_addr}/32, ${ipv6_addr}/128`
+AllowedIPs = ${allowed_ips}`
 
 		// Add server_config to local wg0.conf
 		if (server.host===env.LOCAL_SERVER) {

From 1d22f309193f5888e7e162f3b530c4539fb6b5b4 Mon Sep 17 00:00:00 2001
From: Cloud9 GF4 wgapi <c9@gitea.gf4>
Date: Sat, 23 Oct 2021 16:24:07 -0600
Subject: [PATCH 13/17] #10 Fixed missing check for IPv4

---
 app/add.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/app/add.js b/app/add.js
index bc28840..0aadb2d 100644
--- a/app/add.js
+++ b/app/add.js
@@ -150,9 +150,12 @@ update add *.${domain}. ${env.DNS_TTL} CNAME ${domain}.`)
 
 	// Generate user config
 	const listen_port = Math.floor(50000 + Math.random() * 10000)
+	const config_address = ipv4_addr
+		? `${ipv4_addr}/${env.IPV4_CIDR}, ${ipv6_addr}/${env.IPV6_CIDR}`
+		: `${ipv6_addr}/${env.IPV6_CIDR}`
 	const config = `[Interface] # ${domain}
 PrivateKey = ${keypair[1]}
-Address = ${ipv4_addr}/${env.IPV4_CIDR}, ${ipv6_addr}/${env.IPV6_CIDR}
+Address = ${config_address}
 DNS = ${res.locals.DNS_SERVERS_STRING}
 ListenPort = ${listen_port}
 PostUp = resolvectl domain ${env.TLD} ${env.TLD}

From 007eb357d28862856df02e2e3adeb75c78a19852 Mon Sep 17 00:00:00 2001
From: Cloud9 GF4 wgapi <c9@gitea.gf4>
Date: Sat, 23 Oct 2021 19:34:43 -0600
Subject: [PATCH 14/17] #9 Improved README

---
 README.md | 103 ++++++++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 84 insertions(+), 19 deletions(-)

diff --git a/README.md b/README.md
index 8919570..7a0b220 100644
--- a/README.md
+++ b/README.md
@@ -4,53 +4,118 @@
 
 ## Installation
 
-### Docker
+### with Docker
 
-Install docker and docker-compose.  Then create a project directory and pull the `docker-compose.yml` file
+Install docker and docker-compose.  Then create a project directory and pull the sample environment files.  
 
-```
-$ sudo mkdir /srv/wgapi
-$ cd /srv/wgapi
-$ sudo wget https://gitea.gf4.pw/gf4/wgapi/raw/branch/master/docker-compose.yml
+```sh
+sudo mkdir /srv/wgapi
+cd /srv/wgapi
+sudo wget 'https://gitea.gf4.pw/gf4/wgapi/raw/branch/master/docker-compose.yml.sample'
+sudo wget 'https://gitea.gf4.pw/gf4/wgapi/raw/branch/master/env.json.sample'
+sudo cp docker-compose.yml.sample docker-compose.yml
+sudo cp env.json.sample env.json
 ```
 
-Edit the compose file according to its comments.  Then you can start the service.  
+Edit `docker-compose.yml` and `env.json` files according to their comments.  Then you can start the service:  
 
-```
+```sh
 docker-compose up -d
 ```
 
 The API will modify your wireguard configuration file.  Changes will not take effect unless the interface is restarted periodically.  One way of doing this is with a systemd timer.  
 
-TODO: Add systemd timer and instructions
+### systemd
 
-**NOTE:** The API is not protected by any authentication.  As it stands, anyone can connect to your API and access your wireguard network!  Be sure to protect it with authentication in a web proxy or by blocking access with a firewall.  
+The API edits the wireguard config in the background but doesn't restart the service.  To have changes take effect every 10 minutes, you can use this repo's systemd unit files:
+
+```sh
+cd /etc/systemd/system
+sudo wget 'https://gitea.gf4.pw/gf4/wgapi/raw/branch/master/systemd/restart-wg-quick@.service'
+sudo wget 'https://gitea.gf4.pw/gf4/wgapi/raw/branch/master/systemd/restart-wg-quick@.timer'
+sudo systemctl daemon-reload
+# Replace this with your interface
+sudo systemctl start restart-wg-quick@wg0.timer
+```
+
+If that works, make it run on boot:
+
+```sh
+sudo systemctl enable restart-wg-quick@wg0.timer
+```
 
 ## Usage
 
-Once the server is listening, there are two endpoints that clients can direct requests to.  
+Once the server is listening, there are three endpoints that clients can direct requests to.  
+
+### List (/list)
+
+This endpoint returns a user's `user` object, including an auth token, containing all the peer information in `user.peers`.  
+
+#### Request
+
+Just `GET /list` and this endpoint will detect who you are based on your IP and return your user object.  
+
+#### Response
+
+Returns the user object and peers as json.  
+
+```json
+{
+	"name": myusername,
+	"token": longsecrettokenhere,
+	"subnet": "8",
+	"peers": [
+		{
+			"name": "host1",
+			"ipv4": "10.5.8.1"
+			"ipv6": "fd69:1337:0:420:f4:f5:8:1"
+		},
+		{
+			"name": "host2",
+			"ipv4": "10.5.8.2"
+			"ipv6": "fd69:1337:0:420:f4:f5:8:2"
+		}
+	]
+}
+```
+
+...
 
 ### Add
 
-This endpoint adds a peer to the wireguard server.  
+This endpoint adds a peer to the wireguard servers and adds its IP address to the nameserver.  To guard against IP spoofing, it requires a token from a `/list` request.  
 
-TODO: Write how to use it. 
+#### Request
+
+Simply `GET /add?token=MYTOKEN&name=host3` where `MYTOKEN` is the secret token from the `/list` request and `host3` is the new hostname.  The backend will add your new peer to its wireguard config and inform other servers of the new peer.  Then it will modify the nameserver to add your peer's IP addresses under the domain `host3.myusername.tld`.  
+
+#### Response
+
+A successful `/add` request will return the new peer's wireguard configuration as plaintext.  Copy and paste it to your client machine's `/etc/wireguard/wg0.conf` file.
+
+A failed requst will return an error code.  `5XX` HTTP codes provide have errors in the log.  
 
 ### Delete
 
-This endpoint deletes a peer from the server.  
+This endpoint deletes a peer from the wireguard servers and removes its domain from the nameserver.  To guard against IP spoofing, it requires a token from a `/list` request.
 
-TODO: Write how to use it. 
+#### Request
 
-## Notes
+After getting a token from a `/list` request, a peer can be identified and deleted using any of these requests: 
 
-After a config has been downloaded by a client, the user is free to modify it to peer with friends' hosts.  
+ - `GET /del?token=MYTOKEN&name=host3` using the hostname
+ - `GET /del?token=MYTOKEN&pubkey=PUBKEY` using a wireguard public key
+ - `GET /del?token=MYTOKEN&privkey=PRIVKEY` using a wireguard private key
+ - `GET /del?token=MYTOKEN&psk=PSK` using the wireguard preshared key
+ - `GET /del?token=MYTOKEN&ip=IP` using an IPv4 or IPv6 address
 
-TODO: Add instructions on how to do this.  
+#### Response
+
+It will simply return `200 OK` in case of success.  `5XX` HTTP codes provide have errors in the log.  
 
 ## License (GPLv2)
 
- 
 Copyright © 2021 Keith Irwin
 
 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

From a07fb7d5233f862369e056258cebf0ef7f32ae45 Mon Sep 17 00:00:00 2001
From: Cloud9 GF4 wgapi <c9@gitea.gf4>
Date: Sat, 23 Oct 2021 19:35:23 -0600
Subject: [PATCH 15/17] Updated version

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index f917500..f9a16b7 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "wgapi",
-  "version": "1.0.4",
+  "version": "1.1.1",
   "description": "HTTP API to add and remove wireguard configs",
   "main": "index.js",
   "scripts": {

From f54eb79d0d6efcbb2a691e519b234785695d5b99 Mon Sep 17 00:00:00 2001
From: Cloud9 GF4 wgapi <c9@gitea.gf4>
Date: Thu, 11 Nov 2021 12:43:15 -0700
Subject: [PATCH 16/17] Package-lock

---
 package-lock.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 126fd8a..77f7fb4 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "wgapi",
-  "version": "1.0.4",
+  "version": "1.1.1",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "wgapi",
-      "version": "1.0.4",
+      "version": "1.1.1",
       "license": "MIT",
       "dependencies": {
         "axios": "^0.23.0",

From a8d6070adcb5c7a63dd6f80255118d188835255d Mon Sep 17 00:00:00 2001
From: Cloud9 GF4 wgapi <c9@gitea.gf4>
Date: Fri, 12 Nov 2021 15:53:34 -0700
Subject: [PATCH 17/17] Fixed newline bug

---
 app/add.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/app/add.js b/app/add.js
index 0aadb2d..8ea2c6c 100644
--- a/app/add.js
+++ b/app/add.js
@@ -104,11 +104,12 @@ PersistentKeepAlive = 25`)
 		const allowed_ips = ipv4_addr
 			? `${ipv4_addr}/32, ${ipv6_addr}/128`
 			: `${ipv6_addr}/128`
-		const server_config = `\n
+		const server_config = `
 [Peer] # ${domain}
 PublicKey = ${keypair[0]}
 PresharedKey = ${psk}
-AllowedIPs = ${allowed_ips}`
+AllowedIPs = ${allowed_ips}
+`
 
 		// Add server_config to local wg0.conf
 		if (server.host===env.LOCAL_SERVER) {