From 3372575e9ac28c2f54d1d7d38adf6301551baf27 Mon Sep 17 00:00:00 2001 From: Yuri Tatishchev Date: Tue, 24 Dec 2024 00:50:39 -0800 Subject: [PATCH] change env static variables to dynamic --- .env.example | 4 +-- src/lib/server/clients.ts | 28 +++++++------------ src/lib/server/db/index.ts | 4 +-- src/lib/server/oauth.ts | 4 +-- src/lib/server/opnsense/index.ts | 5 ---- src/routes/auth/authentik/callback/+server.ts | 2 +- 6 files changed, 17 insertions(+), 30 deletions(-) diff --git a/.env.example b/.env.example index 7baed01..c01debe 100644 --- a/.env.example +++ b/.env.example @@ -2,9 +2,9 @@ DATABASE_URL=file:local.db AUTH_DOMAIN=auth.lab.cazzzer.com AUTH_CLIENT_ID= AUTH_CLIENT_SECRET= -AUTH_REDIRECT_URI=http://localhost:5173/auth/authentik/callback +AUTH_REDIRECT_URL=http://localhost:5173/auth/authentik/callback -OPNSENSE_API_URL=https://opnsense.home +OPNSENSE_API_URL=https://opnsense.cazzzer.com OPNSENSE_API_KEY= OPNSENSE_API_SECRET= OPNSENSE_WG_IFNAME=wg2 diff --git a/src/lib/server/clients.ts b/src/lib/server/clients.ts index b0bf3af..36a255a 100644 --- a/src/lib/server/clients.ts +++ b/src/lib/server/clients.ts @@ -3,15 +3,7 @@ import { db } from '$lib/server/db'; import { wgClients, ipAllocations } from '$lib/server/db/schema'; import { opnsenseAuth, opnsenseUrl, serverPublicKey, serverUuid } from '$lib/server/opnsense'; import { Address4, Address6 } from 'ip-address'; -import { - IP_MAX_INDEX, - IPV4_STARTING_ADDR, - IPV6_CLIENT_PREFIX_SIZE, - IPV6_STARTING_ADDR, - MAX_CLIENTS_PER_USER, - VPN_DNS, - VPN_ENDPOINT, -} from '$env/static/private'; +import { env } from '$env/dynamic/private'; import { and, count, eq, isNull } from 'drizzle-orm'; import { err, ok, type Result } from '$lib/types'; import type { ClientDetails } from '$lib/types/clients'; @@ -60,8 +52,8 @@ export function mapClientToDetails( preSharedKey: client.preSharedKey, ips, vpnPublicKey: serverPublicKey, - vpnEndpoint: VPN_ENDPOINT, - vpnDns: VPN_DNS, + vpnEndpoint: env.VPN_ENDPOINT, + vpnDns: env.VPN_DNS, }; } @@ -74,7 +66,7 @@ export async function createClient(params: { .select({ clientCount: count() }) .from(wgClients) .where(eq(wgClients.userId, params.user.id)); - if (clientCount >= parseInt(MAX_CLIENTS_PER_USER)) + if (clientCount >= parseInt(env.MAX_CLIENTS_PER_USER)) return err([400, 'Maximum number of clients reached'] as [400, string]); // this is going to be quite long @@ -105,7 +97,7 @@ export async function createClient(params: { ]); // check for existing allocation or if we have any IPs left - if (!availableAllocation && lastAllocation && lastAllocation.id >= parseInt(IP_MAX_INDEX)) { + if (!availableAllocation && lastAllocation && lastAllocation.id >= parseInt(env.IP_MAX_INDEX)) { return err([500, 'No more IP addresses available'] as [500, string]); } @@ -179,14 +171,14 @@ async function getKeys() { export function getIpsFromIndex(ipIndex: number) { ipIndex -= 1; // 1-indexed in the db - const v4StartingAddr = new Address4(IPV4_STARTING_ADDR); - const v6StartingAddr = new Address6(IPV6_STARTING_ADDR); + const v4StartingAddr = new Address4(env.IPV4_STARTING_ADDR); + const v6StartingAddr = new Address6(env.IPV6_STARTING_ADDR); const v4Allowed = Address4.fromBigInt(v4StartingAddr.bigInt() + BigInt(ipIndex)); - const v6Offset = BigInt(ipIndex) << (128n - BigInt(IPV6_CLIENT_PREFIX_SIZE)); + const v6Offset = BigInt(ipIndex) << (128n - BigInt(env.IPV6_CLIENT_PREFIX_SIZE)); const v6Allowed = Address6.fromBigInt(v6StartingAddr.bigInt() + v6Offset); const v6AllowedShort = v6Allowed.parsedAddress.join(':'); - return [v4Allowed.address + '/32', v6AllowedShort + '/' + IPV6_CLIENT_PREFIX_SIZE]; + return [v4Allowed.address + '/32', v6AllowedShort + '/' + env.IPV6_CLIENT_PREFIX_SIZE]; } async function opnsenseCreateClient(params: { @@ -210,7 +202,7 @@ async function opnsenseCreateClient(params: { psk: params.psk, tunneladdress: params.allowedIps, server: serverUuid, - endpoint: VPN_ENDPOINT, + endpoint: env.VPN_ENDPOINT, }, }), }); diff --git a/src/lib/server/db/index.ts b/src/lib/server/db/index.ts index b11b9a7..2c6058a 100644 --- a/src/lib/server/db/index.ts +++ b/src/lib/server/db/index.ts @@ -1,5 +1,5 @@ import { drizzle } from 'drizzle-orm/libsql'; import * as schema from './schema'; -import { DATABASE_URL } from '$env/static/private'; +import { env } from '$env/dynamic/private'; -export const db= drizzle(DATABASE_URL, { schema }); +export const db= drizzle(env.DATABASE_URL, { schema }); diff --git a/src/lib/server/oauth.ts b/src/lib/server/oauth.ts index 9d11186..e8b3208 100644 --- a/src/lib/server/oauth.ts +++ b/src/lib/server/oauth.ts @@ -1,9 +1,9 @@ import { Authentik } from 'arctic'; -import * as env from '$env/static/private'; +import { env } from '$env/dynamic/private'; export const authentik = new Authentik( env.AUTH_DOMAIN, env.AUTH_CLIENT_ID, env.AUTH_CLIENT_SECRET, - env.AUTH_REDIRECT_URI + env.AUTH_REDIRECT_URL ); diff --git a/src/lib/server/opnsense/index.ts b/src/lib/server/opnsense/index.ts index 226bdd8..f2a3ee4 100644 --- a/src/lib/server/opnsense/index.ts +++ b/src/lib/server/opnsense/index.ts @@ -4,11 +4,6 @@ import { encodeBasicCredentials } from 'arctic/dist/request'; import { dev } from '$app/environment'; import type { OpnsenseWgServers } from '$lib/opnsense/wg'; -assert(env.OPNSENSE_API_URL, 'OPNSENSE_API_URL is not set'); -assert(env.OPNSENSE_API_KEY, 'OPNSENSE_API_KEY is not set'); -assert(env.OPNSENSE_API_SECRET, 'OPNSENSE_API_SECRET is not set'); -assert(env.OPNSENSE_WG_IFNAME, 'OPNSENSE_WG_IFNAME is not set'); - export const opnsenseUrl = env.OPNSENSE_API_URL; export const opnsenseAuth = 'Basic ' + encodeBasicCredentials(env.OPNSENSE_API_KEY, env.OPNSENSE_API_SECRET); diff --git a/src/routes/auth/authentik/callback/+server.ts b/src/routes/auth/authentik/callback/+server.ts index a150155..f7c6f63 100644 --- a/src/routes/auth/authentik/callback/+server.ts +++ b/src/routes/auth/authentik/callback/+server.ts @@ -34,7 +34,7 @@ export async function GET(event: RequestEvent): Promise { status: 400 }); } - const claims = decodeIdToken(tokens.idToken()); + const claims = decodeIdToken(tokens.idToken()) as { sub: string, preferred_username: string, name: string }; console.log("claims", claims); const userId: string = claims.sub; const username: string = claims.preferred_username;