@@ -95,7 +105,7 @@
Public Key
E-Mail
IP's
-
Last Handshake
+
Handshake
@@ -110,11 +120,7 @@
{{$p.PublicKey}}
{{$p.Email}}
{{$p.IPsStr}}
- {{if not $p.Peer}}
-
?
- {{else}}
-
{{if $p.DeactivatedAt}}-{{else}}{{$p.Peer.LastHandshakeTime}}{{end}}
- {{end}}
+
{{$p.LastHandshake}}
{{if eq $.Session.IsAdmin true}}
@@ -166,9 +172,15 @@
-
diff --git a/assets/tpl/email.html b/assets/tpl/email.html
new file mode 100644
index 0000000..4231e48
--- /dev/null
+++ b/assets/tpl/email.html
@@ -0,0 +1,187 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Email Template
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ {{if not .Client.LdapUser}}
+ Hello {{.Client.LdapUser.Firstname}} {{.Client.LdapUser.Lastname}}
+ {{else}}
+ Hello
+ {{end}}
+
+
+ You or your administrator probably requested this VPN configuration. Scan the Qrcode or open the attached configuration file ({{.Client.GetConfigFileName}}) in the WireGuard VPN client to establish a secure VPN connection.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ About WireGuard
+
+
+ WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/assets/tpl/prt_nav.html b/assets/tpl/prt_nav.html
index d0772e6..1ff1697 100644
--- a/assets/tpl/prt_nav.html
+++ b/assets/tpl/prt_nav.html
@@ -8,8 +8,8 @@
{{with eq $.Session.LoggedIn true}}{{with eq $.Session.IsAdmin true}}
-
{{end}}{{end}}
diff --git a/go.mod b/go.mod
index d8456bd..0fc1aed 100644
--- a/go.mod
+++ b/go.mod
@@ -3,12 +3,12 @@ module github.com/h44z/wg-portal
go 1.14
require (
- github.com/boj/redistore v0.0.0-20180917114910-cd5dcc76aeff // indirect
- github.com/gin-gonic/contrib v0.0.0-20201005132743-ca038bbf2944
+ github.com/gin-contrib/sessions v0.0.3
github.com/gin-gonic/gin v1.6.3
github.com/go-ldap/ldap/v3 v3.2.4
github.com/go-playground/validator/v10 v10.2.0
github.com/gorilla/sessions v1.2.1 // indirect
+ github.com/jordan-wright/email v4.0.1-0.20200917010138-e1c00e156980+incompatible
github.com/kelseyhightower/envconfig v1.4.0
github.com/sirupsen/logrus v1.7.0
github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
diff --git a/go.sum b/go.sum
index 3cbdf5a..b39b5c0 100644
--- a/go.sum
+++ b/go.sum
@@ -2,27 +2,34 @@ github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c h1:/IBSNwUN8+eKzU
github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
github.com/boj/redistore v0.0.0-20180917114910-cd5dcc76aeff h1:RmdPFa+slIr4SCBg4st/l/vZWVe9QJKMXGO60Bxbe04=
github.com/boj/redistore v0.0.0-20180917114910-cd5dcc76aeff/go.mod h1:+RTT1BOk5P97fT2CiHkbFQwkK3mjsFAP6zCYV2aXtjw=
+github.com/bradfitz/gomemcache v0.0.0-20190329173943-551aad21a668/go.mod h1:H0wQNHz2YrLsuXOZozoeDmnHXkNCRmMW0gwFWDfEZDA=
+github.com/bradleypeabody/gorilla-sessions-memcache v0.0.0-20181103040241-659414f458e1/go.mod h1:dkChI7Tbtx7H1Tj7TqGSZMOeGpMP5gLHtjroHd4agiI=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/gin-contrib/sessions v0.0.3 h1:PoBXki+44XdJdlgDqDrY5nDVe3Wk7wDV/UCOuLP6fBI=
+github.com/gin-contrib/sessions v0.0.3/go.mod h1:8C/J6cad3Il1mWYYgtw0w+hqasmpvy25mPkXdOgeB9I=
github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
-github.com/gin-gonic/contrib v0.0.0-20201005132743-ca038bbf2944 h1:CUXsTZuAAdpQinpKgInZqKTOfn/jkIA9DLnozeybVRQ=
-github.com/gin-gonic/contrib v0.0.0-20201005132743-ca038bbf2944/go.mod h1:iqneQ2Df3omzIVTkIfn7c1acsVnMGiSLn4XF5Blh3Yg=
+github.com/gin-gonic/gin v1.5.0/go.mod h1:Nd6IXA8m5kNZdNEHMBd93KT+mdY3+bewLgRvmCsR2Do=
github.com/gin-gonic/gin v1.6.3 h1:ahKqKTFpO5KTPHxWZjEdPScmYaGtLo8Y4DMHoEsnp14=
github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M=
+github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q=
github.com/go-asn1-ber/asn1-ber v1.5.1 h1:pDbRAunXzIUXfx4CB2QJFv5IuPiuoW+sWvr/Us009o8=
github.com/go-asn1-ber/asn1-ber v1.5.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
github.com/go-ldap/ldap/v3 v3.2.4 h1:PFavAq2xTgzo/loE8qNXcQaofAaqIpI4WgaLdv+1l3E=
github.com/go-ldap/ldap/v3 v3.2.4/go.mod h1:iYS1MdmrmceOJ1QOTnRXrIs7i3kloqtmGQjRvjKpyMg=
github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A=
github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
+github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM=
github.com/go-playground/locales v0.13.0 h1:HyWk6mgj5qFqCT5fjGBuRArbVDfE4hi8+e8ceBS/t7Q=
github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
+github.com/go-playground/universal-translator v0.16.0/go.mod h1:1AnU7NaIRDWWzGEKwgtJRd2xk99HeFyHw3yid4rvQIY=
github.com/go-playground/universal-translator v0.17.0 h1:icxd5fm+REJzpZx7ZfpaD876Lmtgy7VtROAbHHXk8no=
github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA=
github.com/go-playground/validator/v10 v10.2.0 h1:KgJ0snyC2R9VXYN2rneOtQcw5aHQB1Vv0sFl1UcHBOY=
github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.3 h1:gyjaxf+svBWX08ZjK86iN9geUJF0H6gp2IRKX6Nf6/I=
github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
github.com/gomodule/redigo v2.0.0+incompatible h1:K/R+8tc58AaqLkqG2Ol3Qk+DR/TlNuhuh457pBFPtt0=
@@ -37,21 +44,28 @@ github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51
github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
github.com/gorilla/sessions v1.1.1/go.mod h1:8KCfur6+4Mqcc6S0FEfKuN15Vl5MgXW92AE8ovaJD0w=
+github.com/gorilla/sessions v1.1.3/go.mod h1:8KCfur6+4Mqcc6S0FEfKuN15Vl5MgXW92AE8ovaJD0w=
github.com/gorilla/sessions v1.2.1 h1:DHd3rPN5lE3Ts3D8rKkQ8x/0kqfeNmBAaiSi+o7FsgI=
github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
github.com/jinzhu/now v1.1.1 h1:g39TucaRWyV3dwDO++eEc6qf8TVIQ/Da48WmqjZ3i7E=
github.com/jinzhu/now v1.1.1/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
+github.com/jordan-wright/email v4.0.1-0.20200917010138-e1c00e156980+incompatible h1:CL0ooBNfbNyJTJATno+m0h+zM5bW6v7fKlboKUGP/dI=
+github.com/jordan-wright/email v4.0.1-0.20200917010138-e1c00e156980+incompatible/go.mod h1:1c7szIrayyPPB/987hsnvNzLushdWf4o/79s3P08L8A=
github.com/jsimonetti/rtnetlink v0.0.0-20190606172950-9527aa82566a/go.mod h1:Oz+70psSo5OFh8DBl0Zv2ACw7Esh6pPUphlvZG9x7uw=
github.com/jsimonetti/rtnetlink v0.0.0-20200117123717-f846d4f6c1f4 h1:nwOc1YaOrYJ37sEBrtWZrdqzK22hiJs3GpDmP3sR2Yw=
github.com/jsimonetti/rtnetlink v0.0.0-20200117123717-f846d4f6c1f4/go.mod h1:WGuG/smIU4J/54PblvSbh+xvCZmpJnFgr3ds6Z55XMQ=
+github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
github.com/json-iterator/go v1.1.9 h1:9yzud/Ht36ygwatGx56VwCZtlI/2AD15T1X2sjSuGns=
github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
github.com/kelseyhightower/envconfig v1.4.0 h1:Im6hONhd3pLkfDFsbRgu68RDNkGF1r3dvMUtDTo2cv8=
github.com/kelseyhightower/envconfig v1.4.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg=
+github.com/kidstuff/mongostore v0.0.0-20181113001930-e650cd85ee4b/go.mod h1:g2nVr8KZVXJSS97Jo8pJ0jgq29P6H7dG0oplUA86MQw=
+github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw=
github.com/leodido/go-urn v1.2.0 h1:hpXL4XnriNwQ/ABnpepYM/1vCLWNDfUNts8dX3xTG6Y=
github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
+github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ=
github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY=
github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
github.com/mattn/go-sqlite3 v1.14.3 h1:j7a/xn1U6TKA/PHHxqZuzh64CdtRc7rU9M+AvkOl5bA=
@@ -62,6 +76,7 @@ github.com/mdlayher/netlink v0.0.0-20190409211403-11939a169225/go.mod h1:eQB3mZE
github.com/mdlayher/netlink v1.0.0/go.mod h1:KxeJAFOFLG6AjpyDkQ/iIhxygIUKD+vcwqcnu43w/+M=
github.com/mdlayher/netlink v1.1.0 h1:mpdLgm+brq10nI9zM1BpX1kpDbh3NLl3RSnVq6ZSkfg=
github.com/mdlayher/netlink v1.1.0/go.mod h1:H4WCitaheIsdF9yOYu8CFmCgQthAPIWZmcKp9uZHgmY=
+github.com/memcachier/mc v2.0.1+incompatible/go.mod h1:7bkvFE61leUBvXz+yxsOnGBQSZpBSPIMUQSmmSHvuXc=
github.com/mikioh/ipaddr v0.0.0-20190404000644-d465c8ab6721 h1:RlZweED6sbSArvlE924+mUcZuXKLBHA35U7LN621Bws=
github.com/mikioh/ipaddr v0.0.0-20190404000644-d465c8ab6721/go.mod h1:Ickgr2WtCLZ2MDGd4Gr0geeCH5HybhRJbonOgQpvSxc=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421 h1:ZqeYNhU3OHLH3mGKHDcjJRFFRrJa6eAM5H+CtDdOsPc=
@@ -70,6 +85,8 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742 h1:Esafd1046DLD
github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/quasoft/memstore v0.0.0-20180925164028-84a050167438 h1:jnz/4VenymvySjE+Ez511s0pqVzkUOmr1fwCVytNNWk=
+github.com/quasoft/memstore v0.0.0-20180925164028-84a050167438/go.mod h1:wTPjTepVu7uJBYgZ0SdWHQlIas582j6cn2jgk4DDdlg=
github.com/sirupsen/logrus v1.7.0 h1:ShrD1U9pZB12TX0cVy0DtePoCH97K8EtX+mg7ZARUtM=
github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e h1:MRM5ITcdelLK2j1vwZ3Je0FKVCfqOLp5zO6trqMLYs0=
@@ -99,6 +116,7 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h
golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190411185658-b44545bcd369/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191003212358-c178f38b412c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -117,6 +135,8 @@ golang.zx2c4.com/wireguard/wgctrl v0.0.0-20200609130330-bd2cb7843e1b h1:l4mBVCYi
golang.zx2c4.com/wireguard/wgctrl v0.0.0-20200609130330-bd2cb7843e1b/go.mod h1:UdS9frhv65KTfwxME1xE8+rHYoFpbm36gOud1GhBe9c=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE=
+gopkg.in/go-playground/validator.v9 v9.29.1/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWdVbfP1avr/N00E2vyQ=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
diff --git a/internal/common/email.go b/internal/common/email.go
new file mode 100644
index 0000000..a70e6d2
--- /dev/null
+++ b/internal/common/email.go
@@ -0,0 +1,79 @@
+package common
+
+import (
+ "crypto/tls"
+ "io"
+ "net/smtp"
+ "strconv"
+ "strings"
+
+ "github.com/jordan-wright/email"
+)
+
+type MailConfig struct {
+ Host string `yaml:"host" envconfig:"EMAIL_HOST"`
+ Port int `yaml:"port" envconfig:"EMAIL_PORT"`
+ TLS bool `yaml:"tls" envconfig:"EMAIL_TLS"`
+ CertValidation bool `yaml:"certcheck" envconfig:"EMAIL_CERT_VALIDATION"`
+ Username string `yaml:"user" envconfig:"EMAIL_USERNAME"`
+ Password string `yaml:"pass" envconfig:"EMAIL_PASSWORD"`
+}
+
+type MailAttachment struct {
+ Name string
+ ContentType string
+ Data io.Reader
+ Embedded bool
+}
+
+// SendEmailWithAttachments sends a mail with attachments.
+func SendEmailWithAttachments(cfg MailConfig, sender, replyTo, subject, body string, htmlBody string, receivers []string, attachments []MailAttachment) error {
+ e := email.NewEmail()
+
+ hostname := cfg.Host + ":" + strconv.Itoa(cfg.Port)
+ subject = strings.Trim(subject, "\n\r\t")
+ sender = strings.Trim(sender, "\n\r\t")
+ replyTo = strings.Trim(replyTo, "\n\r\t")
+ if replyTo == "" {
+ replyTo = sender
+ }
+
+ var auth smtp.Auth
+ if cfg.Username == "" {
+ auth = nil
+ } else {
+ // Set up authentication information.
+ auth = smtp.PlainAuth(
+ "",
+ cfg.Username,
+ cfg.Password,
+ cfg.Host,
+ )
+ }
+
+ // Set email data.
+ e.From = sender
+ e.To = receivers
+ e.ReplyTo = []string{replyTo}
+ e.Subject = subject
+ e.Text = []byte(body)
+ if htmlBody != "" {
+ e.HTML = []byte(htmlBody)
+ }
+
+ for _, attachment := range attachments {
+ a, err := e.Attach(attachment.Data, attachment.Name, attachment.ContentType)
+ if err != nil {
+ return err
+ }
+ if attachment.Embedded {
+ a.HTMLRelated = true
+ }
+ }
+
+ if cfg.CertValidation {
+ return e.Send(hostname, auth)
+ } else {
+ return e.SendWithStartTLS(hostname, auth, &tls.Config{InsecureSkipVerify: true})
+ }
+}
diff --git a/internal/server/core.go b/internal/server/core.go
index c55e090..959b054 100644
--- a/internal/server/core.go
+++ b/internal/server/core.go
@@ -3,6 +3,7 @@ package server
import (
"encoding/gob"
"errors"
+ "html/template"
"math/rand"
"os"
"path/filepath"
@@ -15,7 +16,8 @@ import (
"github.com/h44z/wg-portal/internal/ldap"
log "github.com/sirupsen/logrus"
- "github.com/gin-gonic/contrib/sessions"
+ "github.com/gin-contrib/sessions"
+ "github.com/gin-contrib/sessions/memstore"
"github.com/gin-gonic/gin"
)
@@ -59,9 +61,10 @@ type StaticData struct {
type Server struct {
// Core components
- config *common.Config
- server *gin.Engine
- users *UserManager
+ config *common.Config
+ server *gin.Engine
+ users *UserManager
+ mailTpl *template.Template
// WireGuard stuff
wg *wireguard.Manager
@@ -105,6 +108,11 @@ func (s *Server) Setup() error {
rDir, _ := filepath.Abs(filepath.Dir(os.Args[0]))
log.Infof("Real working directory: %s", rDir)
log.Infof("Current working directory: %s", dir)
+ var err error
+ s.mailTpl, err = template.New("email").ParseGlob(filepath.Join(dir, "/assets/tpl/email.html"))
+ if err != nil {
+ return errors.New("unable to pare mail template")
+ }
// Setup http server
s.server = gin.Default()
@@ -112,7 +120,7 @@ func (s *Server) Setup() error {
// Setup templates
log.Infof("Loading templates from: %s", filepath.Join(dir, "/assets/tpl/*.html"))
s.server.LoadHTMLGlob(filepath.Join(dir, "/assets/tpl/*.html"))
- s.server.Use(sessions.Sessions("authsession", sessions.NewCookieStore([]byte("secret"))))
+ s.server.Use(sessions.Sessions("authsession", memstore.NewStore([]byte("secret")))) // TODO: change key?
// Serve static files
s.server.Static("/css", filepath.Join(dir, "/assets/css"))
@@ -168,7 +176,7 @@ func (s *Server) getSessionData(c *gin.Context) SessionData {
sessionData = rawSessionData.(SessionData)
} else {
sessionData = SessionData{
- SortedBy: "sn",
+ SortedBy: "mail",
SortDirection: "asc",
Firstname: "",
Lastname: "",
diff --git a/internal/server/handlers.go b/internal/server/handlers.go
index 364b870..b6af109 100644
--- a/internal/server/handlers.go
+++ b/internal/server/handlers.go
@@ -1,6 +1,7 @@
package server
import (
+ "bytes"
"net/http"
"net/url"
"strconv"
@@ -54,21 +55,60 @@ func (s *Server) HandleError(c *gin.Context, code int, message, details string)
}
func (s *Server) GetAdminIndex(c *gin.Context) {
+ currentSession := s.getSessionData(c)
+
+ sort := c.Query("sort")
+ if sort != "" {
+ if currentSession.SortedBy != sort {
+ currentSession.SortedBy = sort
+ currentSession.SortDirection = "asc"
+ } else {
+ if currentSession.SortDirection == "asc" {
+ currentSession.SortDirection = "desc"
+ } else {
+ currentSession.SortDirection = "asc"
+ }
+ }
+
+ if err := s.updateSessionData(c, currentSession); err != nil {
+ s.HandleError(c, http.StatusInternalServerError, "sort error", "failed to save session")
+ return
+ }
+ c.Redirect(http.StatusSeeOther, "/admin")
+ return
+ }
+
+ search, searching := c.GetQuery("search")
+ if searching {
+ currentSession.Search = search
+
+ if err := s.updateSessionData(c, currentSession); err != nil {
+ s.HandleError(c, http.StatusInternalServerError, "search error", "failed to save session")
+ return
+ }
+ c.Redirect(http.StatusSeeOther, "/admin")
+ return
+ }
+
device := s.users.GetDevice()
- users := s.users.GetAllUsers()
+ users := s.users.GetFilteredAndSortedUsers(currentSession.SortedBy, currentSession.SortDirection, currentSession.Search)
c.HTML(http.StatusOK, "admin_index.html", struct {
- Route string
- Session SessionData
- Static StaticData
- Peers []User
- Device Device
+ Route string
+ Alerts AlertData
+ Session SessionData
+ Static StaticData
+ Peers []User
+ TotalPeers int
+ Device Device
}{
- Route: c.Request.URL.Path,
- Session: s.getSessionData(c),
- Static: s.getStaticData(),
- Peers: users,
- Device: device,
+ Route: c.Request.URL.Path,
+ Alerts: s.getAlertData(c),
+ Session: currentSession,
+ Static: s.getStaticData(),
+ Peers: users,
+ TotalPeers: len(s.users.GetAllUsers()),
+ Device: device,
})
}
@@ -357,6 +397,85 @@ func (s *Server) GetUserQRCode(c *gin.Context) {
return
}
+func (s *Server) GetUserConfig(c *gin.Context) {
+ user := s.users.GetUserByKey(c.Query("pkey"))
+ cfg, err := user.GetClientConfigFile(s.users.GetDevice())
+ if err != nil {
+ s.HandleError(c, http.StatusInternalServerError, "ConfigFile error", err.Error())
+ return
+ }
+
+ c.Header("Content-Disposition", "attachment; filename="+user.GetConfigFileName())
+ c.Data(http.StatusOK, "application/config", cfg)
+ return
+}
+
+func (s *Server) GetUserConfigMail(c *gin.Context) {
+ user := s.users.GetUserByKey(c.Query("pkey"))
+ cfg, err := user.GetClientConfigFile(s.users.GetDevice())
+ if err != nil {
+ s.HandleError(c, http.StatusInternalServerError, "ConfigFile error", err.Error())
+ return
+ }
+ png, err := user.GetQRCode()
+ if err != nil {
+ s.HandleError(c, http.StatusInternalServerError, "QRCode error", err.Error())
+ return
+ }
+ // Apply mail template
+ var tplBuff bytes.Buffer
+ if err := s.mailTpl.Execute(&tplBuff, struct {
+ Client User
+ QrcodePngName string
+ }{
+ Client: user,
+ QrcodePngName: "wireguard-config.png",
+ }); err != nil {
+ s.HandleError(c, http.StatusInternalServerError, "Template error", err.Error())
+ return
+ }
+
+ // Send mail
+ attachments := []common.MailAttachment{
+ {
+ Name: user.GetConfigFileName(),
+ ContentType: "application/config",
+ Data: bytes.NewReader(cfg),
+ },
+ {
+ Name: "wireguard-config.png",
+ ContentType: "image/png",
+ Data: bytes.NewReader(png),
+ },
+ }
+
+ if err := common.SendEmailWithAttachments(s.config.Email, s.config.Core.MailFrom, "", "WireGuard VPN Configuration",
+ "Your mail client does not support HTML. Please find the configuration attached to this mail.", tplBuff.String(),
+ []string{user.Email}, attachments); err != nil {
+ s.HandleError(c, http.StatusInternalServerError, "Email error", err.Error())
+ return
+ }
+
+ s.setAlert(c, "mail sent successfully", "success")
+ c.Redirect(http.StatusSeeOther, "/admin")
+}
+
+func (s *Server) GetDeviceConfig(c *gin.Context) {
+ device := s.users.GetDevice()
+ users := s.users.GetActiveUsers()
+ cfg, err := device.GetDeviceConfigFile(users)
+ if err != nil {
+ s.HandleError(c, http.StatusInternalServerError, "ConfigFile error", err.Error())
+ return
+ }
+
+ filename := strings.ToLower(device.DeviceName) + ".conf"
+
+ c.Header("Content-Disposition", "attachment; filename="+filename)
+ c.Data(http.StatusOK, "application/config", cfg)
+ return
+}
+
func (s *Server) updateFormInSession(c *gin.Context, formData interface{}) error {
currentSession := s.getSessionData(c)
currentSession.FormData = formData
diff --git a/internal/server/handlers_auth.go b/internal/server/handlers_auth.go
index f35e5bc..55b4b44 100644
--- a/internal/server/handlers_auth.go
+++ b/internal/server/handlers_auth.go
@@ -68,7 +68,7 @@ func (s *Server) PostLogin(c *gin.Context) {
UserName: username,
Firstname: userData.Firstname,
Lastname: userData.Lastname,
- SortedBy: "sn",
+ SortedBy: "mail",
SortDirection: "asc",
Search: "",
}
diff --git a/internal/server/routes.go b/internal/server/routes.go
index b9ef91d..c817d6b 100644
--- a/internal/server/routes.go
+++ b/internal/server/routes.go
@@ -22,6 +22,7 @@ func SetupRoutes(s *Server) {
admin.GET("/", s.GetAdminIndex)
admin.GET("/device/edit", s.GetAdminEditInterface)
admin.POST("/device/edit", s.PostAdminEditInterface)
+ admin.GET("/device/download", s.GetDeviceConfig)
admin.GET("/peer/edit", s.GetAdminEditPeer)
admin.POST("/peer/edit", s.PostAdminEditPeer)
admin.GET("/peer/create", s.GetAdminCreatePeer)
@@ -29,6 +30,8 @@ func SetupRoutes(s *Server) {
admin.GET("/peer/createldap", s.GetAdminCreateLdapPeers)
admin.POST("/peer/createldap", s.PostAdminCreateLdapPeers)
admin.GET("/peer/delete", s.GetAdminDeletePeer)
+ admin.GET("/peer/download", s.GetUserConfig)
+ admin.GET("/peer/email", s.GetUserConfigMail)
// User routes
user := s.server.Group("/user")
diff --git a/internal/server/usermanager.go b/internal/server/usermanager.go
index 1af6f0f..6f833d1 100644
--- a/internal/server/usermanager.go
+++ b/internal/server/usermanager.go
@@ -7,6 +7,8 @@ import (
"fmt"
"net"
"reflect"
+ "regexp"
+ "sort"
"strings"
"text/template"
"time"
@@ -72,11 +74,13 @@ type User struct {
LdapUser *ldap.UserCacheHolderEntry `gorm:"-"` // optional, it is still possible to have users without ldap
Config string `gorm:"-"`
- UID string `form:"uid" binding:"alphanum"` // uid for html identification
- IsOnline bool `gorm:"-"`
- IsNew bool `gorm:"-"`
- Identifier string `form:"identifier" binding:"required,lt=64"` // Identifier AND Email make a WireGuard peer unique
- Email string `gorm:"index" form:"mail" binding:"required,email"`
+ UID string `form:"uid" binding:"alphanum"` // uid for html identification
+ IsOnline bool `gorm:"-"`
+ IsNew bool `gorm:"-"`
+ Identifier string `form:"identifier" binding:"required,lt=64"` // Identifier AND Email make a WireGuard peer unique
+ Email string `gorm:"index" form:"mail" binding:"required,email"`
+ LastHandshake string `gorm:"-"`
+ LastHandshakeTime string `gorm:"-"`
IgnorePersistentKeepalive bool `form:"ignorekeepalive"`
PresharedKey string `form:"presharedkey" binding:"omitempty,base64"`
@@ -183,6 +187,11 @@ func (u User) ToMap() map[string]string {
return out
}
+func (u User) GetConfigFileName() string {
+ reg := regexp.MustCompile("[^a-zA-Z0-9_-]+")
+ return reg.ReplaceAllString(strings.ReplaceAll(u.Identifier, " ", "-"), "") + ".conf"
+}
+
//
// DEVICE --------------------------------------------------------------------------------------
//
@@ -240,6 +249,28 @@ func (d Device) GetDeviceConfig() wgtypes.Config {
return cfg
}
+func (d Device) GetDeviceConfigFile(clients []User) ([]byte, error) {
+ tpl, err := template.New("server").Funcs(template.FuncMap{"StringsJoin": strings.Join}).Parse(wireguard.DeviceCfgTpl)
+ if err != nil {
+ return nil, err
+ }
+
+ var tplBuff bytes.Buffer
+
+ err = tpl.Execute(&tplBuff, struct {
+ Clients []User
+ Server Device
+ }{
+ Clients: clients,
+ Server: d,
+ })
+ if err != nil {
+ return nil, err
+ }
+
+ return tplBuff.Bytes(), nil
+}
+
//
// USER-MANAGER --------------------------------------------------------------------------------
//
@@ -357,6 +388,23 @@ func (u *UserManager) populateUserData(user *User) {
// set data from WireGuard interface
user.Peer, _ = u.wg.GetPeer(user.PublicKey)
+ user.LastHandshake = "never"
+ user.LastHandshakeTime = "Never connected, or user is disabled."
+ if user.Peer != nil {
+ since := time.Since(user.Peer.LastHandshakeTime)
+ sinceSeconds := int(since.Round(time.Second).Seconds())
+ sinceMinutes := int(sinceSeconds / 60)
+ sinceSeconds -= sinceMinutes * 60
+
+ if sinceMinutes > 2*10080 { // 2 weeks
+ user.LastHandshake = "a while ago"
+ } else if sinceMinutes > 10080 { // 1 week
+ user.LastHandshake = "a week ago"
+ } else {
+ user.LastHandshake = fmt.Sprintf("%02dm %02ds", sinceMinutes, sinceSeconds)
+ }
+ user.LastHandshakeTime = user.Peer.LastHandshakeTime.Format(time.UnixDate)
+ }
user.IsOnline = false // todo: calculate online status
// set ldap data
@@ -383,6 +431,70 @@ func (u *UserManager) GetAllUsers() []User {
return users
}
+func (u *UserManager) GetActiveUsers() []User {
+ users := make([]User, 0)
+ u.db.Where("deactivated_at IS NULL").Find(&users)
+
+ for i := range users {
+ u.populateUserData(&users[i])
+ }
+
+ return users
+}
+
+func (u *UserManager) GetFilteredAndSortedUsers(sortKey, sortDirection, search string) []User {
+ users := make([]User, 0)
+ u.db.Find(&users)
+
+ filteredUsers := make([]User, 0, len(users))
+ for i := range users {
+ u.populateUserData(&users[i])
+
+ if search == "" ||
+ strings.Contains(users[i].Email, search) ||
+ strings.Contains(users[i].Identifier, search) ||
+ strings.Contains(users[i].PublicKey, search) {
+ filteredUsers = append(filteredUsers, users[i])
+ }
+ }
+
+ sort.Slice(filteredUsers, func(i, j int) bool {
+ var sortValueLeft string
+ var sortValueRight string
+
+ switch sortKey {
+ case "id":
+ sortValueLeft = filteredUsers[i].Identifier
+ sortValueRight = filteredUsers[j].Identifier
+ case "pubKey":
+ sortValueLeft = filteredUsers[i].PublicKey
+ sortValueRight = filteredUsers[j].PublicKey
+ case "mail":
+ sortValueLeft = filteredUsers[i].Email
+ sortValueRight = filteredUsers[j].Email
+ case "ip":
+ sortValueLeft = filteredUsers[i].IPsStr
+ sortValueRight = filteredUsers[j].IPsStr
+ case "handshake":
+ if filteredUsers[i].Peer == nil {
+ return true
+ } else if filteredUsers[j].Peer == nil {
+ return false
+ }
+ sortValueLeft = filteredUsers[i].Peer.LastHandshakeTime.Format(time.RFC3339)
+ sortValueRight = filteredUsers[j].Peer.LastHandshakeTime.Format(time.RFC3339)
+ }
+
+ if sortDirection == "asc" {
+ return sortValueLeft < sortValueRight
+ } else {
+ return sortValueLeft > sortValueRight
+ }
+ })
+
+ return filteredUsers
+}
+
func (u *UserManager) GetDevice() Device {
devices := make([]Device, 0, 1)
u.db.Find(&devices)
diff --git a/internal/wireguard/template.go b/internal/wireguard/template.go
index a1ef935..ef19515 100644
--- a/internal/wireguard/template.go
+++ b/internal/wireguard/template.go
@@ -1,6 +1,192 @@
package wireguard
var (
+ emailTpl = `
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Email Template
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Hello
+
+
+ You probably requested VPN configuration. Here is {{.Client.Name}} configuration created {{.Client.Created.Format "Monday, 02 January 06 15:04:05 MST"}} . Scan the Qrcode or open attached configuration file in VPN client.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ About WireGuard
+
+
+ WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+`
+
ClientCfgTpl = `[Interface]
#{{ .Client.Identifier }}
Address = {{ .Client.IPsStr }}
@@ -20,4 +206,28 @@ Endpoint = {{ .Server.Endpoint }}
PersistentKeepalive = {{.Server.PersistentKeepalive}}
{{- end}}
`
+ DeviceCfgTpl = `# Updated: {{ .Server.UpdatedAt }} / Created: {{ .Server.CreatedAt }}
+[Interface]
+{{- range .Server.IPs }}
+Address = {{ . }}
+{{- end }}
+ListenPort = {{ .Server.ListenPort }}
+PrivateKey = {{ .Server.PrivateKey }}
+{{ if ne .Server.Mtu 0 -}}
+MTU = {{.Server.Mtu}}
+{{- end}}
+PreUp = {{ .Server.PreUp }}
+PostUp = {{ .Server.PostUp }}
+PreDown = {{ .Server.PreDown }}
+PostDown = {{ .Server.PostDown }}
+
+{{ range .Clients }}
+{{ if not .DeactivatedAt -}}
+# {{.Identifier}} / {{.Email}} / Updated: {{.UpdatedAt}} / Created: {{.CreatedAt}}
+[Peer]
+PublicKey = {{ .PublicKey }}
+PresharedKey = {{ .PresharedKey }}
+AllowedIPs = {{ StringsJoin .IPs ", " }}
+{{- end }}
+{{ end }}`
)