9ba20645b0
This commit rewrites large chunks of the WireGuard protocol handler in order to simplify the process of importing and exporting configuration. The major changes are: 1) The wireguard interface configuration tab (General Settings) gained an import assistant which allows dragging or pasting a native WireGuard configuration file in order to import required settrings into uci 2) The peer configuration tab gained a similar import assistant which allows importing the settings for a WireGuard peer from an existing native WireGuard configuration file 3) The QR code export feature has been rewritten to make the resulting codes actually useful for importing into a WireGuard client application. Additionally the plaintext native WireGuard configuration is displayed to allow copy-pasting it for use on a Linux or OS X system Signed-off-by: Jo-Philipp Wich <jo@mein.io>
162 lines
3.6 KiB
Lua
Executable file
162 lines
3.6 KiB
Lua
Executable file
#!/usr/bin/env lua
|
|
|
|
local json = require "luci.jsonc"
|
|
local util = require "luci.util"
|
|
local sys = require "luci.sys"
|
|
local io = require "io"
|
|
local uci = require "uci"
|
|
local fs = require "nixio.fs"
|
|
|
|
local methods = {
|
|
generatePsk = {
|
|
call = function()
|
|
local psk = sys.exec("wg genpsk"):sub(1, -2)
|
|
|
|
return {psk = psk}
|
|
end
|
|
},
|
|
generateKeyPair = {
|
|
call = function()
|
|
local prv = sys.exec("wg genkey 2>/dev/null"):sub(1, -2)
|
|
local pub = sys.exec("echo %s | wg pubkey 2>/dev/null" % util.shellquote(prv)):sub(1, -2)
|
|
|
|
return {keys = {priv = prv, pub = pub}}
|
|
end
|
|
},
|
|
getPublicAndPrivateKeyFromPrivate = {
|
|
args = {privkey = "privkey"},
|
|
call = function(args)
|
|
local pubkey = sys.exec("echo %s | wg pubkey 2>/dev/null" % util.shellquote(args.privkey)):sub(1, -2)
|
|
|
|
return {keys = {priv = args.privkey, pub = pubkey}}
|
|
end
|
|
},
|
|
getWgInstances = {
|
|
call = function()
|
|
local data = {}
|
|
local last_device = ""
|
|
local qr_pubkey = {}
|
|
|
|
local wg_dump = io.popen("wg show all dump 2>/dev/null")
|
|
if wg_dump then
|
|
local line
|
|
for line in wg_dump:lines() do
|
|
local line = string.split(line, "\t")
|
|
if not (last_device == line[1]) then
|
|
last_device = line[1]
|
|
data[line[1]] = {
|
|
name = line[1],
|
|
public_key = line[3],
|
|
listen_port = line[4],
|
|
fwmark = line[5],
|
|
peers = {}
|
|
}
|
|
if not line[3] or line[3] == "" or line[3] == "(none)" then
|
|
qr_pubkey[line[1]] = ""
|
|
else
|
|
qr_pubkey[line[1]] = "PublicKey = " .. line[3]
|
|
end
|
|
else
|
|
local peer_name
|
|
local cur = uci.cursor()
|
|
|
|
cur:foreach(
|
|
"network",
|
|
"wireguard_" .. line[1],
|
|
function(s)
|
|
if s.public_key == line[2] then
|
|
peer_name = s.description
|
|
end
|
|
end
|
|
)
|
|
|
|
local peer = {
|
|
name = peer_name,
|
|
public_key = line[2],
|
|
endpoint = line[4],
|
|
allowed_ips = {},
|
|
latest_handshake = line[6],
|
|
transfer_rx = line[7],
|
|
transfer_tx = line[8],
|
|
persistent_keepalive = line[9]
|
|
}
|
|
|
|
if not (line[4] == "(none)") then
|
|
local ipkey, ipvalue
|
|
for ipkey, ipvalue in pairs(string.split(line[5], ",")) do
|
|
if #ipvalue > 0 then
|
|
table.insert(peer["allowed_ips"], ipvalue)
|
|
end
|
|
end
|
|
end
|
|
|
|
table.insert(data[line[1]].peers, peer)
|
|
end
|
|
end
|
|
end
|
|
|
|
return data
|
|
end
|
|
}
|
|
}
|
|
|
|
local function parseInput()
|
|
local parse = json.new()
|
|
local done, err
|
|
|
|
while true do
|
|
local chunk = io.read(4096)
|
|
if not chunk then
|
|
break
|
|
elseif not done and not err then
|
|
done, err = parse:parse(chunk)
|
|
end
|
|
end
|
|
|
|
if not done then
|
|
print(json.stringify({error = err or "Incomplete input"}))
|
|
os.exit(1)
|
|
end
|
|
|
|
return parse:get()
|
|
end
|
|
|
|
local function validateArgs(func, uargs)
|
|
local method = methods[func]
|
|
if not method then
|
|
print(json.stringify({error = "Method not found"}))
|
|
os.exit(1)
|
|
end
|
|
|
|
if type(uargs) ~= "table" then
|
|
print(json.stringify({error = "Invalid arguments"}))
|
|
os.exit(1)
|
|
end
|
|
|
|
uargs.ubus_rpc_session = nil
|
|
|
|
local k, v
|
|
local margs = method.args or {}
|
|
for k, v in pairs(uargs) do
|
|
if margs[k] == nil or (v ~= nil and type(v) ~= type(margs[k])) then
|
|
print(json.stringify({error = "Invalid arguments"}))
|
|
os.exit(1)
|
|
end
|
|
end
|
|
|
|
return method
|
|
end
|
|
|
|
if arg[1] == "list" then
|
|
local _, method, rv = nil, nil, {}
|
|
for _, method in pairs(methods) do
|
|
rv[_] = method.args or {}
|
|
end
|
|
print((json.stringify(rv):gsub(":%[%]", ":{}")))
|
|
elseif arg[1] == "call" then
|
|
local args = parseInput()
|
|
local method = validateArgs(arg[2], args)
|
|
local result, code = method.call(args)
|
|
print((json.stringify(result):gsub("^%[%]$", "{}")))
|
|
os.exit(code or 0)
|
|
end
|