35 lines
1.4 KiB
Bash
Executable File
35 lines
1.4 KiB
Bash
Executable File
#!/bin/bash
|
|
# FILE: fed/peer/add
|
|
# DESCRIPTION: Add a new peer from a federated server
|
|
# USAGE: add $remote_ip $querystring
|
|
# QUERYSTRING: ?secret=$secret&pubkey=$pubkey&psk=$psk&ips=$allowedips
|
|
|
|
source /etc/wgapi/config
|
|
ip="${1}"; qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
|
|
secret="$(<<<"${qs}" grep -oP 'secret=(.*)' | sed 's/^secret//' | xargs)"
|
|
pubkey="$(<<<"${qs}" grep -oP 'pubkey=(.*)' | sed 's/^pubkey//' | xargs)"
|
|
psk="$(<<<"${qs}" grep -oP 'psk=(.*)' | sed 's/^psk//' | xargs)"
|
|
allowedips="$(<<<"${qs}" grep -oP 'ips=(.*)' | sed 's/^ips//' | xargs)"
|
|
|
|
# Check that requesting ip is in the servers file
|
|
if ! sed '/^#/d' /etc/wgapi/servers | cut -f2,3 | grep -w "${ip}"; then
|
|
printf "ERROR! Federated server %s requested to create new peer but isn't in servers file!/n" "${ip}" >&2
|
|
/usr/lib/wgapi/http_res 403; exit
|
|
fi
|
|
|
|
# Check server secret
|
|
local_secret="$(grep -w "^${LOCAL_SERVER}" /etc/wgapi/servers | cut -f7)"
|
|
if ! [ "${local_secret}" == "${secret}" ]; then
|
|
printf "ERROR! Federated server %s provided a secret, %s, that doesn't match the one in our servers file, %s\n" "${ip}" "${secret}" "${local_secret}" >&2
|
|
/usr/lib/wgapi/http_res 403; exit
|
|
fi
|
|
|
|
# Add peer to wireguard
|
|
if /usr/lib/wgapi/wg_peer_add "${pubkey}" "${psk}" "${allowedips}"; then
|
|
printf 'Added %s to wireguard.\n' "${pubkey}" >&2
|
|
else
|
|
printf 'ERROR! Failed to add %s to wireguard!\n' "${pubkey}" >&2
|
|
/usr/lib/wgapi/http_res 500; exit
|
|
fi
|
|
/usr/lib/wgapi/http_res 200
|