gf4
/
wagon
2
0
Fork 0
Code Issues 3 Pull Requests Projects Releases Wiki Activity
Manage a community vpn/dns network
51 Commits
1 Branch
0 Tags
2.8 MiB
Shell 73.6%
JavaScript 14.8%
HTML 6.6%
Dockerfile 5%
 
 
 
 
Go to file
Cloud9 GF4 wgapi 007eb357d2 #9 Improved README 2021-10-23 19:34:43 -06:00
admin Seperated environment, fixed bugs 2021-10-22 00:34:09 -06:00
app #10 Fixed missing check for IPv4 2021-10-23 16:24:07 -06:00
includes Nsupdate in production only; removed CIDR part from user.peers ip addresses 2021-10-22 01:29:43 -06:00
systemd Fixed systemd unit files 2021-10-23 15:44:55 -06:00
.dockerignore Seperated environment, fixed bugs 2021-10-22 00:34:09 -06:00
.gitignore Seperated environment, fixed bugs 2021-10-22 00:34:09 -06:00
Dockerfile Improved dockerfile speed, better docker-compose.yml.sample, debugging nsupdate 2021-10-22 00:58:02 -06:00
LICENSE.md Must be GPLv2 2021-10-14 17:03:14 -06:00
README.md #9 Improved README 2021-10-23 19:34:43 -06:00
docker-compose.yml.sample Improved dockerfile speed, better docker-compose.yml.sample, debugging nsupdate 2021-10-22 00:58:02 -06:00
env.json.sample Seperated environment, fixed bugs 2021-10-22 00:34:09 -06:00
index.js #10 added check for double colons 2021-10-23 16:08:37 -06:00
package-lock.json package lock 2021-10-23 15:44:25 -06:00
package.json Updated version to 1.0.4 2021-10-18 17:18:42 -06:00

README.md

wgapi

NodeJS server to add and remove wireguard configs

Installation

with Docker

Install docker and docker-compose. Then create a project directory and pull the sample environment files.

sudo mkdir /srv/wgapi
cd /srv/wgapi
sudo wget 'https://gitea.gf4.pw/gf4/wgapi/raw/branch/master/docker-compose.yml.sample'
sudo wget 'https://gitea.gf4.pw/gf4/wgapi/raw/branch/master/env.json.sample'
sudo cp docker-compose.yml.sample docker-compose.yml
sudo cp env.json.sample env.json

Edit docker-compose.yml and env.json files according to their comments. Then you can start the service:

docker-compose up -d

The API will modify your wireguard configuration file. Changes will not take effect unless the interface is restarted periodically. One way of doing this is with a systemd timer.

systemd

The API edits the wireguard config in the background but doesn't restart the service. To have changes take effect every 10 minutes, you can use this repo's systemd unit files:

cd /etc/systemd/system
sudo wget 'https://gitea.gf4.pw/gf4/wgapi/raw/branch/master/systemd/restart-wg-quick@.service'
sudo wget 'https://gitea.gf4.pw/gf4/wgapi/raw/branch/master/systemd/restart-wg-quick@.timer'
sudo systemctl daemon-reload
# Replace this with your interface
sudo systemctl start restart-wg-quick@wg0.timer

If that works, make it run on boot:

sudo systemctl enable restart-wg-quick@wg0.timer

Usage

Once the server is listening, there are three endpoints that clients can direct requests to.

List (/list)

This endpoint returns a user's user object, including an auth token, containing all the peer information in user.peers.

Request

Just GET /list and this endpoint will detect who you are based on your IP and return your user object.

Response

Returns the user object and peers as json.

{
	"name": myusername,
	"token": longsecrettokenhere,
	"subnet": "8",
	"peers": [
		{
			"name": "host1",
			"ipv4": "10.5.8.1"
			"ipv6": "fd69:1337:0:420:f4:f5:8:1"
		},
		{
			"name": "host2",
			"ipv4": "10.5.8.2"
			"ipv6": "fd69:1337:0:420:f4:f5:8:2"
		}
	]
}

...

Add

This endpoint adds a peer to the wireguard servers and adds its IP address to the nameserver. To guard against IP spoofing, it requires a token from a /list request.

Request

Simply GET /add?token=MYTOKEN&name=host3 where MYTOKEN is the secret token from the /list request and host3 is the new hostname. The backend will add your new peer to its wireguard config and inform other servers of the new peer. Then it will modify the nameserver to add your peer's IP addresses under the domain host3.myusername.tld.

Response

A successful /add request will return the new peer's wireguard configuration as plaintext. Copy and paste it to your client machine's /etc/wireguard/wg0.conf file.

A failed requst will return an error code. 5XX HTTP codes provide have errors in the log.

Delete

This endpoint deletes a peer from the wireguard servers and removes its domain from the nameserver. To guard against IP spoofing, it requires a token from a /list request.

Request

After getting a token from a /list request, a peer can be identified and deleted using any of these requests:

  • GET /del?token=MYTOKEN&name=host3 using the hostname
  • GET /del?token=MYTOKEN&pubkey=PUBKEY using a wireguard public key
  • GET /del?token=MYTOKEN&privkey=PRIVKEY using a wireguard private key
  • GET /del?token=MYTOKEN&psk=PSK using the wireguard preshared key
  • GET /del?token=MYTOKEN&ip=IP using an IPv4 or IPv6 address

Response

It will simply return 200 OK in case of success. 5XX HTTP codes provide have errors in the log.

License (GPLv2)

Copyright © 2021 Keith Irwin

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.