diff options
| author | Jo-Philipp Wich <jo@mein.io> | 2022-05-17 15:45:20 +0200 |
|---|---|---|
| committer | Jo-Philipp Wich <jo@mein.io> | 2022-05-17 15:45:20 +0200 |
| commit | 9ba20645b01aacb391ab8c69f57b3da60db8f630 (patch) | |
| tree | 71144e46bb8d1990aa897347697adf0f4057471f /protocols/luci-proto-wireguard/root/usr | |
| parent | c19020b2a4236945c1ad4a699ebb761a5dd7dc1f (diff) | |
luci-proto-wireguard: rewrite protocol handler
This commit rewrites large chunks of the WireGuard protocol handler in order
to simplify the process of importing and exporting configuration. The major
changes are:
1) The wireguard interface configuration tab (General Settings) gained an
import assistant which allows dragging or pasting a native WireGuard
configuration file in order to import required settrings into uci
2) The peer configuration tab gained a similar import assistant which allows
importing the settings for a WireGuard peer from an existing native
WireGuard configuration file
3) The QR code export feature has been rewritten to make the resulting codes
actually useful for importing into a WireGuard client application.
Additionally the plaintext native WireGuard configuration is displayed
to allow copy-pasting it for use on a Linux or OS X system
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'protocols/luci-proto-wireguard/root/usr')
| -rwxr-xr-x | protocols/luci-proto-wireguard/root/usr/libexec/rpcd/luci.wireguard | 39 | ||||
| -rw-r--r-- | protocols/luci-proto-wireguard/root/usr/share/rpcd/acl.d/luci-wireguard.json | 6 |
2 files changed, 5 insertions, 40 deletions
diff --git a/protocols/luci-proto-wireguard/root/usr/libexec/rpcd/luci.wireguard b/protocols/luci-proto-wireguard/root/usr/libexec/rpcd/luci.wireguard index f1f8f16d00..a42b6fac85 100755 --- a/protocols/luci-proto-wireguard/root/usr/libexec/rpcd/luci.wireguard +++ b/protocols/luci-proto-wireguard/root/usr/libexec/rpcd/luci.wireguard @@ -31,45 +31,6 @@ local methods = { return {keys = {priv = args.privkey, pub = pubkey}} end }, - generateQrCode = { - args = {privkey = "privkey", psk = "psk", allowed_ips = {"allowed_ips"}}, - call = function(args) - local qr_code - - if fs.access("/usr/bin/qrencode") then - local psk = args.psk - local listen_port = args.listen_port - local allowed_ips = args.allowed_ips - - local pubkey = sys.exec("echo %s | wg pubkey 2>/dev/null" % util.shellquote(args.privkey)):sub(1, -2) - local client_privkey = sys.exec("wg genkey 2>/dev/null"):sub(1, -2) - - local iface_qr = { - "[Interface]", - "PrivateKey = " .. client_privkey, - } - - local peer_qr = { - "[Peer]", - "PublicKey = " .. pubkey, - } - - if not allowed_ips or next(allowed_ips) == nil then - allowed_ips = {"0.0.0.0/0", "::/0"} - end - table.insert(peer_qr, "AllowedIPs = " .. table.concat(allowed_ips, ", ")) - - if psk then - table.insert(peer_qr, "PresharedKey = " .. psk) - end - - qr_enc = table.concat(iface_qr, "\n") .. "\n\n" .. table.concat(peer_qr, "\n") - qr_code = sys.exec("/usr/bin/qrencode --inline --8bit --type=SVG --output=- %s 2>/dev/null" % util.shellquote(qr_enc)) - end - - return {qr_code = qr_code} - end - }, getWgInstances = { call = function() local data = {} diff --git a/protocols/luci-proto-wireguard/root/usr/share/rpcd/acl.d/luci-wireguard.json b/protocols/luci-proto-wireguard/root/usr/share/rpcd/acl.d/luci-wireguard.json index 9d0a561411..079be14793 100644 --- a/protocols/luci-proto-wireguard/root/usr/share/rpcd/acl.d/luci-wireguard.json +++ b/protocols/luci-proto-wireguard/root/usr/share/rpcd/acl.d/luci-wireguard.json @@ -1,12 +1,16 @@ { "luci-proto-wireguard": { "description": "Grant access to LuCI Wireguard procedures", + "read": { + "file": { + "/usr/bin/qrencode --inline --8bit --type=SVG --output=- -- *": [ "exec" ] + } + }, "write": { "ubus": { "luci.wireguard": [ "generateKeyPair", "getPublicAndPrivateKeyFromPrivate", - "generateQrCode", "generatePsk" ] } |