wg-portal/internal/server/configuration.go

package server

import (
	"os"
	"reflect"
	"runtime"

	"github.com/h44z/wg-portal/internal/common"
	"github.com/h44z/wg-portal/internal/ldap"
	"github.com/h44z/wg-portal/internal/wireguard"
	"github.com/kelseyhightower/envconfig"
	"github.com/pkg/errors"
	"github.com/sirupsen/logrus"
	"gopkg.in/yaml.v3"
)

var ErrInvalidSpecification = errors.New("specification must be a struct pointer")

// loadConfigFile parses yaml files. It uses yaml annotation to store the data in a struct.
func loadConfigFile(cfg interface{}, filename string) error {
	s := reflect.ValueOf(cfg)

	if s.Kind() != reflect.Ptr {
		return ErrInvalidSpecification
	}
	s = s.Elem()
	if s.Kind() != reflect.Struct {
		return ErrInvalidSpecification
	}

	f, err := os.Open(filename)
	if err != nil {
		return errors.Wrapf(err, "failed to open config file %s", filename)
	}
	defer f.Close()

	decoder := yaml.NewDecoder(f)
	err = decoder.Decode(cfg)
	if err != nil {
		return errors.Wrapf(err, "failed to decode config file %s", filename)
	}

	return nil
}

// loadConfigEnv processes envconfig annotations and loads environment variables to the given configuration struct.
func loadConfigEnv(cfg interface{}) error {
	err := envconfig.Process("", cfg)
	if err != nil {
		return errors.Wrap(err, "failed to process environment config")
	}

	return nil
}

type Config struct {
	Core struct {
		ListeningAddress  string `yaml:"listeningAddress" envconfig:"LISTENING_ADDRESS"`
		ExternalUrl       string `yaml:"externalUrl" envconfig:"EXTERNAL_URL"`
		Title             string `yaml:"title" envconfig:"WEBSITE_TITLE"`
		CompanyName       string `yaml:"company" envconfig:"COMPANY_NAME"`
		MailFrom          string `yaml:"mailFrom" envconfig:"MAIL_FROM"`
		AdminUser         string `yaml:"adminUser" envconfig:"ADMIN_USER"` // must be an email address
		AdminPassword     string `yaml:"adminPass" envconfig:"ADMIN_PASS"`
		EditableKeys      bool   `yaml:"editableKeys" envconfig:"EDITABLE_KEYS"`
		CreateDefaultPeer bool   `yaml:"createDefaultPeer" envconfig:"CREATE_DEFAULT_PEER"`
		LdapEnabled       bool   `yaml:"ldapEnabled" envconfig:"LDAP_ENABLED"`
		SessionSecret     string `yaml:"sessionSecret" envconfig:"SESSION_SECRET"`
	} `yaml:"core"`
	Database common.DatabaseConfig `yaml:"database"`
	Email    common.MailConfig     `yaml:"email"`
	LDAP     ldap.Config           `yaml:"ldap"`
	WG       wireguard.Config      `yaml:"wg"`
}

func NewConfig() *Config {
	cfg := &Config{}

	// Default config
	cfg.Core.ListeningAddress = ":8123"
	cfg.Core.Title = "WireGuard VPN"
	cfg.Core.CompanyName = "WireGuard Portal"
	cfg.Core.ExternalUrl = "http://localhost:8123"
	cfg.Core.MailFrom = "WireGuard VPN <noreply@company.com>"
	cfg.Core.AdminUser = "admin@wgportal.local"
	cfg.Core.AdminPassword = "wgportal"
	cfg.Core.LdapEnabled = false
	cfg.Core.EditableKeys = true
	cfg.Core.SessionSecret = "secret"

	cfg.Database.Typ = "sqlite"
	cfg.Database.Database = "data/wg_portal.db"

	cfg.LDAP.URL = "ldap://srv-ad01.company.local:389"
	cfg.LDAP.BaseDN = "DC=COMPANY,DC=LOCAL"
	cfg.LDAP.StartTLS = true
	cfg.LDAP.BindUser = "company\\\\ldap_wireguard"
	cfg.LDAP.BindPass = "SuperSecret"
	cfg.LDAP.Type = "AD"
	cfg.LDAP.UserClass = "organizationalPerson"
	cfg.LDAP.EmailAttribute = "mail"
	cfg.LDAP.FirstNameAttribute = "givenName"
	cfg.LDAP.LastNameAttribute = "sn"
	cfg.LDAP.PhoneAttribute = "telephoneNumber"
	cfg.LDAP.GroupMemberAttribute = "memberOf"
	cfg.LDAP.DisabledAttribute = "userAccountControl"
	cfg.LDAP.AdminLdapGroup = "CN=WireGuardAdmins,OU=_O_IT,DC=COMPANY,DC=LOCAL"

	cfg.WG.DeviceNames = []string{"wg0"}
	cfg.WG.DefaultDeviceName = "wg0"
	cfg.WG.ConfigDirectoryPath = "/etc/wireguard"
	cfg.WG.ManageIPAddresses = true
	cfg.Email.Host = "127.0.0.1"
	cfg.Email.Port = 25

	// Load config from file and environment
	cfgFile, ok := os.LookupEnv("CONFIG_FILE")
	if !ok {
		cfgFile = "config.yml" // Default config file
	}
	err := loadConfigFile(cfg, cfgFile)
	if err != nil {
		logrus.Warnf("unable to load config.yml file: %v, using default configuration...", err)
	}
	err = loadConfigEnv(cfg)
	if err != nil {
		logrus.Warnf("unable to load environment config: %v", err)
	}

	if cfg.WG.ManageIPAddresses && runtime.GOOS != "linux" {
		logrus.Warnf("managing IP addresses only works on linux, feature disabled...")
		cfg.WG.ManageIPAddresses = false
	}

	return cfg
}
WIP: support for multiple WireGuard devices (#2) 2021-03-21 07:36:11 -04:00			`package server`
initial commit 2020-11-05 13:37:51 -05:00
			`import (`
			`"os"`
			`"reflect"`
ip and mtu updates (linux only) 2020-12-18 15:54:57 -05:00			`"runtime"`
initial commit 2020-11-05 13:37:51 -05:00
WIP: support for multiple WireGuard devices (#2) 2021-03-21 07:36:11 -04:00			`"github.com/h44z/wg-portal/internal/common"`
initial commit 2020-11-05 13:37:51 -05:00			`"github.com/h44z/wg-portal/internal/ldap"`
cleanup, typos, ... 2021-02-08 16:56:02 -05:00			`"github.com/h44z/wg-portal/internal/wireguard"`
initial commit 2020-11-05 13:37:51 -05:00			`"github.com/kelseyhightower/envconfig"`
cleanup 2021-02-26 16:17:04 -05:00			`"github.com/pkg/errors"`
cleanup, typos, ... 2021-02-08 16:56:02 -05:00			`"github.com/sirupsen/logrus"`
initial commit 2020-11-05 13:37:51 -05:00			`"gopkg.in/yaml.v3"`
			`)`

			`var ErrInvalidSpecification = errors.New("specification must be a struct pointer")`

cleanup 2021-02-26 16:17:04 -05:00			`// loadConfigFile parses yaml files. It uses yaml annotation to store the data in a struct.`
initial commit 2020-11-05 13:37:51 -05:00			`func loadConfigFile(cfg interface{}, filename string) error {`
			`s := reflect.ValueOf(cfg)`

			`if s.Kind() != reflect.Ptr {`
			`return ErrInvalidSpecification`
			`}`
			`s = s.Elem()`
			`if s.Kind() != reflect.Struct {`
			`return ErrInvalidSpecification`
			`}`

			`f, err := os.Open(filename)`
			`if err != nil {`
cleanup 2021-02-26 16:17:04 -05:00			`return errors.Wrapf(err, "failed to open config file %s", filename)`
initial commit 2020-11-05 13:37:51 -05:00			`}`
			`defer f.Close()`

			`decoder := yaml.NewDecoder(f)`
			`err = decoder.Decode(cfg)`
			`if err != nil {`
cleanup 2021-02-26 16:17:04 -05:00			`return errors.Wrapf(err, "failed to decode config file %s", filename)`
initial commit 2020-11-05 13:37:51 -05:00			`}`

			`return nil`
			`}`

cleanup 2021-02-26 16:17:04 -05:00			`// loadConfigEnv processes envconfig annotations and loads environment variables to the given configuration struct.`
initial commit 2020-11-05 13:37:51 -05:00			`func loadConfigEnv(cfg interface{}) error {`
			`err := envconfig.Process("", cfg)`
			`if err != nil {`
cleanup 2021-02-26 16:17:04 -05:00			`return errors.Wrap(err, "failed to process environment config")`
initial commit 2020-11-05 13:37:51 -05:00			`}`

			`return nil`
			`}`

			`type Config struct {`
			`Core struct {`
WIP: new user management and authentication system, use go 1.16 embed 2021-02-24 15:24:45 -05:00			ListeningAddress string `yaml:"listeningAddress" envconfig:"LISTENING_ADDRESS"`
			ExternalUrl string `yaml:"externalUrl" envconfig:"EXTERNAL_URL"`
			Title string `yaml:"title" envconfig:"WEBSITE_TITLE"`
			CompanyName string `yaml:"company" envconfig:"COMPANY_NAME"`
			MailFrom string `yaml:"mailFrom" envconfig:"MAIL_FROM"`
fix ldap sync for disabled users, check if admin username is an email address, rename username to email 2021-02-26 17:43:29 -05:00			AdminUser string `yaml:"adminUser" envconfig:"ADMIN_USER"` // must be an email address
WIP: new user management and authentication system, use go 1.16 embed 2021-02-24 15:24:45 -05:00			AdminPassword string `yaml:"adminPass" envconfig:"ADMIN_PASS"`
			EditableKeys bool `yaml:"editableKeys" envconfig:"EDITABLE_KEYS"`
			CreateDefaultPeer bool `yaml:"createDefaultPeer" envconfig:"CREATE_DEFAULT_PEER"`
			LdapEnabled bool `yaml:"ldapEnabled" envconfig:"LDAP_ENABLED"`
add csrf 2021-03-22 17:51:37 -04:00			SessionSecret string `yaml:"sessionSecret" envconfig:"SESSION_SECRET"`
initial commit 2020-11-05 13:37:51 -05:00			} `yaml:"core"`
WIP: support for multiple WireGuard devices (#2) 2021-03-21 07:36:11 -04:00			Database common.DatabaseConfig `yaml:"database"`
			Email common.MailConfig `yaml:"email"`
			LDAP ldap.Config `yaml:"ldap"`
			WG wireguard.Config `yaml:"wg"`
initial commit 2020-11-05 13:37:51 -05:00			`}`

			`func NewConfig() *Config {`
			`cfg := &Config{}`

			`// Default config`
wip: cleanup 2020-11-10 03:31:02 -05:00			`cfg.Core.ListeningAddress = ":8123"`
initial commit 2020-11-05 13:37:51 -05:00			`cfg.Core.Title = "WireGuard VPN"`
wip: cleanup 2020-11-10 03:31:02 -05:00			`cfg.Core.CompanyName = "WireGuard Portal"`
			`cfg.Core.ExternalUrl = "http://localhost:8123"`
			`cfg.Core.MailFrom = "WireGuard VPN <noreply@company.com>"`
WIP: new user management and authentication system, use go 1.16 embed 2021-02-24 15:24:45 -05:00			`cfg.Core.AdminUser = "admin@wgportal.local"`
			`cfg.Core.AdminPassword = "wgportal"`
			`cfg.Core.LdapEnabled = false`
WIP: support different interface types: server, client and custom. Show different UI for each type. 2021-04-03 13:11:05 -04:00			`cfg.Core.EditableKeys = true`
add csrf 2021-03-22 17:51:37 -04:00			`cfg.Core.SessionSecret = "secret"`
WIP: new user management and authentication system, use go 1.16 embed 2021-02-24 15:24:45 -05:00
			`cfg.Database.Typ = "sqlite"`
			`cfg.Database.Database = "data/wg_portal.db"`

initial commit 2020-11-05 13:37:51 -05:00			`cfg.LDAP.URL = "ldap://srv-ad01.company.local:389"`
			`cfg.LDAP.BaseDN = "DC=COMPANY,DC=LOCAL"`
			`cfg.LDAP.StartTLS = true`
wip: cleanup 2020-11-10 03:31:02 -05:00			`cfg.LDAP.BindUser = "company\\\\ldap_wireguard"`
initial commit 2020-11-05 13:37:51 -05:00			`cfg.LDAP.BindPass = "SuperSecret"`
WIP: new user management and authentication system, use go 1.16 embed 2021-02-24 15:24:45 -05:00			`cfg.LDAP.Type = "AD"`
			`cfg.LDAP.UserClass = "organizationalPerson"`
			`cfg.LDAP.EmailAttribute = "mail"`
			`cfg.LDAP.FirstNameAttribute = "givenName"`
			`cfg.LDAP.LastNameAttribute = "sn"`
			`cfg.LDAP.PhoneAttribute = "telephoneNumber"`
			`cfg.LDAP.GroupMemberAttribute = "memberOf"`
			`cfg.LDAP.DisabledAttribute = "userAccountControl"`
			`cfg.LDAP.AdminLdapGroup = "CN=WireGuardAdmins,OU=_O_IT,DC=COMPANY,DC=LOCAL"`

more ui improvements, fix peer template for clients 2021-04-05 17:18:02 -04:00			`cfg.WG.DeviceNames = []string{"wg0"}`
WIP: support for multiple WireGuard devices (#2) 2021-03-21 07:36:11 -04:00			`cfg.WG.DefaultDeviceName = "wg0"`
			`cfg.WG.ConfigDirectoryPath = "/etc/wireguard"`
ip and mtu updates (linux only) 2020-12-18 15:54:57 -05:00			`cfg.WG.ManageIPAddresses = true`
wip: cleanup 2020-11-10 03:31:02 -05:00			`cfg.Email.Host = "127.0.0.1"`
			`cfg.Email.Port = 25`
initial commit 2020-11-05 13:37:51 -05:00
			`// Load config from file and environment`
			`cfgFile, ok := os.LookupEnv("CONFIG_FILE")`
			`if !ok {`
			`cfgFile = "config.yml" // Default config file`
			`}`
			`err := loadConfigFile(cfg, cfgFile)`
			`if err != nil {`
cleanup, typos, ... 2021-02-08 16:56:02 -05:00			`logrus.Warnf("unable to load config.yml file: %v, using default configuration...", err)`
initial commit 2020-11-05 13:37:51 -05:00			`}`
			`err = loadConfigEnv(cfg)`
			`if err != nil {`
cleanup, typos, ... 2021-02-08 16:56:02 -05:00			`logrus.Warnf("unable to load environment config: %v", err)`
initial commit 2020-11-05 13:37:51 -05:00			`}`

ip and mtu updates (linux only) 2020-12-18 15:54:57 -05:00			`if cfg.WG.ManageIPAddresses && runtime.GOOS != "linux" {`
cleanup 2021-02-26 16:17:04 -05:00			`logrus.Warnf("managing IP addresses only works on linux, feature disabled...")`
ip and mtu updates (linux only) 2020-12-18 15:54:57 -05:00			`cfg.WG.ManageIPAddresses = false`
			`}`

initial commit 2020-11-05 13:37:51 -05:00			`return cfg`
			`}`