luci-app-wireguard: replace luci-app-wireguard

Signed-off-by: lvoegl <lvoegl@tdt.de>
author: lvoegl <lvoegl@tdt.de> 2021-08-31 13:48:31 +0200
committer: Lukas Voegl <lvoegl@tdt.de> 2021-09-17 12:28:36 +0200
commit: 8950c9f66c5d2e6123aeb5359fc3861d2f09ca72 (patch)
tree: bb4f90c77acb3033ffe5754bba40387a53b5e403 /applications/luci-app-wireguard/root
parent: 584301a9022b79482af55cbcf6b9f54136400bf1 (diff)
3 files changed, 154 insertions, 3 deletions
diff --git a/applications/luci-app-wireguard/root/usr/libexec/rpcd/luci.wireguard_status b/applications/luci-app-wireguard/root/usr/libexec/rpcd/luci.wireguard_status
new file mode 100644
index 0000000000..892e74dbf1
--- /dev/null
+++ b/applications/luci-app-wireguard/root/usr/libexec/rpcd/luci.wireguard_status
@@ -0,0 +1,138 @@
+#!/usr/bin/env lua
+
+local json = require "luci.jsonc"
+local sys = require "luci.sys"
+local io = require "io"
+local uci = require "uci"
+
+local methods = {
+	getWgInstances = {
+		call = function()
+			local data = {}
+			local last_device = ""
+			local qr_pubkey = {}
+
+			local wg_dump = io.popen("wg show all dump 2>/dev/null")
+			if wg_dump then
+				local line
+				for line in wg_dump:lines() do
+					local line = string.split(line, "\t")
+					if not (last_device == line[1]) then
+						last_device = line[1]
+						data[line[1]] = {
+							name = line[1],
+							public_key = line[3],
+							listen_port = line[4],
+							fwmark = line[5],
+							peers = {}
+						}
+						if not line[3] or line[3] == "" or line[3] == "(none)" then
+							qr_pubkey[line[1]] = ""
+						else
+							qr_pubkey[line[1]] = "PublicKey = " .. line[3]
+						end
+					else
+						local peer_name
+						local cur = uci.cursor()
+
+						cur:foreach(
+							"network",
+							"wireguard_" .. line[1],
+							function(s)
+								if s.public_key == line[2] then
+									peer_name = s.description
+								end
+							end
+						)
+
+						table.insert(
+							data[line[1]].peers,
+							{
+								name = peer_name,
+								public_key = line[2],
+								endpoint = line[4],
+								allowed_ips = {},
+								latest_handshake = line[6],
+								transfer_rx = line[7],
+								transfer_tx = line[8],
+								persistent_keepalive = line[9]
+							}
+						)
+
+						if not (line[4] == "(none)") then
+							local ipkey, ipvalue
+							for ipkey, ipvalue in pairs(string.split(line[5], ",")) do
+								if #ipvalue > 0 then
+									table.insert(data[line[1]].peers[peer_name]["allowed_ips"], ipvalue)
+								end
+							end
+						end
+					end
+				end
+			end
+
+			return data
+		end
+	}
+}
+
+local function parseInput()
+	local parse = json.new()
+	local done, err
+
+	while true do
+		local chunk = io.read(4096)
+		if not chunk then
+			break
+		elseif not done and not err then
+			done, err = parse:parse(chunk)
+		end
+	end
+
+	if not done then
+		print(json.stringify({error = err or "Incomplete input"}))
+		os.exit(1)
+	end
+
+	return parse:get()
+end
+
+local function validateArgs(func, uargs)
+	local method = methods[func]
+	if not method then
+		print(json.stringify({error = "Method not found"}))
+		os.exit(1)
+	end
+
+	if type(uargs) ~= "table" then
+		print(json.stringify({error = "Invalid arguments"}))
+		os.exit(1)
+	end
+
+	uargs.ubus_rpc_session = nil
+
+	local k, v
+	local margs = method.args or {}
+	for k, v in pairs(uargs) do
+		if margs[k] == nil or (v ~= nil and type(v) ~= type(margs[k])) then
+			print(json.stringify({error = "Invalid arguments"}))
+			os.exit(1)
+		end
+	end
+
+	return method
+end
+
+if arg[1] == "list" then
+	local _, method, rv = nil, nil, {}
+	for _, method in pairs(methods) do
+		rv[_] = method.args or {}
+	end
+	print((json.stringify(rv):gsub(":%[%]", ":{}")))
+elseif arg[1] == "call" then
+	local args = parseInput()
+	local method = validateArgs(arg[2], args)
+	local result, code = method.call(args)
+	print((json.stringify(result):gsub("^%[%]$", "{}")))
+	os.exit(code or 0)
+end
diff --git a/applications/luci-app-wireguard/root/usr/share/luci/menu.d/luci-app-wireguard.json b/applications/luci-app-wireguard/root/usr/share/luci/menu.d/luci-app-wireguard.json
index 3652bdabb4..02cdb5e871 100644
--- a/applications/luci-app-wireguard/root/usr/share/luci/menu.d/luci-app-wireguard.json
+++ b/applications/luci-app-wireguard/root/usr/share/luci/menu.d/luci-app-wireguard.json
@@ -3,11 +3,12 @@
 		"title": "WireGuard",
 		"order": 92,
 		"action": {
-			"type": "template",
-			"path": "wireguard"
+			"type": "view",
+			"path": "wireguard/status"
 		},
 		"depends": {
-			"acl": [ "luci-mod-status-index" ]
+			"acl": [ "luci-app-wireguard" ],
+			"uci": { "network": true }
 		}
 	}
 }
diff --git a/applications/luci-app-wireguard/root/usr/share/rpcd/acl.d/luci-app-wireguard.json b/applications/luci-app-wireguard/root/usr/share/rpcd/acl.d/luci-app-wireguard.json
new file mode 100644
index 0000000000..f0938e5b00
--- /dev/null
+++ b/applications/luci-app-wireguard/root/usr/share/rpcd/acl.d/luci-app-wireguard.json
@@ -0,0 +1,12 @@
+{
+	"luci-app-wireguard": {
+		"description": "Grant access to LuCI app wireguard",
+		"read": {
+			"ubus": {
+				"luci.wireguard_status": [
+					"getWgInstances"
+				]
+			}
+		}
+	}
+}
author	lvoegl <lvoegl@tdt.de>	2021-08-31 13:48:31 +0200
committer	Lukas Voegl <lvoegl@tdt.de>	2021-09-17 12:28:36 +0200
commit	8950c9f66c5d2e6123aeb5359fc3861d2f09ca72 (patch)
tree	bb4f90c77acb3033ffe5754bba40387a53b5e403 /applications/luci-app-wireguard/root
parent	584301a9022b79482af55cbcf6b9f54136400bf1 (diff)