CaZzzer/vpgen
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

change env static variables to dynamic

Browse Source
This commit is contained in:
Yuri Tatishchev 2024-12-24 00:50:39 -08:00
parent 76b5d9bf97
commit 3372575e9a
Signed by: CaZzzer
GPG Key ID: E0EBF441EA424369
6 changed files with 17 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.env.example
View File

@ -2,9 +2,9 @@ DATABASE_URL=file:local.db
AUTH_DOMAIN=auth.lab.cazzzer.com AUTH_DOMAIN=auth.lab.cazzzer.com
AUTH_CLIENT_ID= AUTH_CLIENT_ID=
AUTH_CLIENT_SECRET= AUTH_CLIENT_SECRET=
AUTH_REDIRECT_URI=http://localhost:5173/auth/authentik/callback AUTH_REDIRECT_URL=http://localhost:5173/auth/authentik/callback
OPNSENSE_API_URL=https://opnsense.home OPNSENSE_API_URL=https://opnsense.cazzzer.com
OPNSENSE_API_KEY= OPNSENSE_API_KEY=
OPNSENSE_API_SECRET= OPNSENSE_API_SECRET=
OPNSENSE_WG_IFNAME=wg2 OPNSENSE_WG_IFNAME=wg2

28
src/lib/server/clients.ts
View File

@ -3,15 +3,7 @@ import { db } from '$lib/server/db';
import { wgClients, ipAllocations } from '$lib/server/db/schema'; import { wgClients, ipAllocations } from '$lib/server/db/schema';
import { opnsenseAuth, opnsenseUrl, serverPublicKey, serverUuid } from '$lib/server/opnsense'; import { opnsenseAuth, opnsenseUrl, serverPublicKey, serverUuid } from '$lib/server/opnsense';
import { Address4, Address6 } from 'ip-address'; import { Address4, Address6 } from 'ip-address';
import { import { env } from '$env/dynamic/private';
IP_MAX_INDEX,
IPV4_STARTING_ADDR,
IPV6_CLIENT_PREFIX_SIZE,
IPV6_STARTING_ADDR,
MAX_CLIENTS_PER_USER,
VPN_DNS,
VPN_ENDPOINT,
} from '$env/static/private';
import { and, count, eq, isNull } from 'drizzle-orm'; import { and, count, eq, isNull } from 'drizzle-orm';
import { err, ok, type Result } from '$lib/types'; import { err, ok, type Result } from '$lib/types';
import type { ClientDetails } from '$lib/types/clients'; import type { ClientDetails } from '$lib/types/clients';
@ -60,8 +52,8 @@ export function mapClientToDetails(
preSharedKey: client.preSharedKey, preSharedKey: client.preSharedKey,
ips, ips,
vpnPublicKey: serverPublicKey, vpnPublicKey: serverPublicKey,
vpnEndpoint: VPN_ENDPOINT, vpnEndpoint: env.VPN_ENDPOINT,
vpnDns: VPN_DNS, vpnDns: env.VPN_DNS,
}; };
} }
@ -74,7 +66,7 @@ export async function createClient(params: {
.select({ clientCount: count() }) .select({ clientCount: count() })
.from(wgClients) .from(wgClients)
.where(eq(wgClients.userId, params.user.id)); .where(eq(wgClients.userId, params.user.id));
if (clientCount >= parseInt(MAX_CLIENTS_PER_USER)) if (clientCount >= parseInt(env.MAX_CLIENTS_PER_USER))
return err([400, 'Maximum number of clients reached'] as [400, string]); return err([400, 'Maximum number of clients reached'] as [400, string]);
// this is going to be quite long // this is going to be quite long
@ -105,7 +97,7 @@ export async function createClient(params: {
]); ]);
// check for existing allocation or if we have any IPs left // check for existing allocation or if we have any IPs left
if (!availableAllocation && lastAllocation && lastAllocation.id >= parseInt(IP_MAX_INDEX)) { if (!availableAllocation && lastAllocation && lastAllocation.id >= parseInt(env.IP_MAX_INDEX)) {
return err([500, 'No more IP addresses available'] as [500, string]); return err([500, 'No more IP addresses available'] as [500, string]);
} }
@ -179,14 +171,14 @@ async function getKeys() {
export function getIpsFromIndex(ipIndex: number) { export function getIpsFromIndex(ipIndex: number) {
ipIndex -= 1; // 1-indexed in the db ipIndex -= 1; // 1-indexed in the db
const v4StartingAddr = new Address4(IPV4_STARTING_ADDR); const v4StartingAddr = new Address4(env.IPV4_STARTING_ADDR);
const v6StartingAddr = new Address6(IPV6_STARTING_ADDR); const v6StartingAddr = new Address6(env.IPV6_STARTING_ADDR);
const v4Allowed = Address4.fromBigInt(v4StartingAddr.bigInt() + BigInt(ipIndex)); const v4Allowed = Address4.fromBigInt(v4StartingAddr.bigInt() + BigInt(ipIndex));
const v6Offset = BigInt(ipIndex) << (128n - BigInt(IPV6_CLIENT_PREFIX_SIZE)); const v6Offset = BigInt(ipIndex) << (128n - BigInt(env.IPV6_CLIENT_PREFIX_SIZE));
const v6Allowed = Address6.fromBigInt(v6StartingAddr.bigInt() + v6Offset); const v6Allowed = Address6.fromBigInt(v6StartingAddr.bigInt() + v6Offset);
const v6AllowedShort = v6Allowed.parsedAddress.join(':'); const v6AllowedShort = v6Allowed.parsedAddress.join(':');
return [v4Allowed.address + '/32', v6AllowedShort + '/' + IPV6_CLIENT_PREFIX_SIZE]; return [v4Allowed.address + '/32', v6AllowedShort + '/' + env.IPV6_CLIENT_PREFIX_SIZE];
} }
async function opnsenseCreateClient(params: { async function opnsenseCreateClient(params: {
@ -210,7 +202,7 @@ async function opnsenseCreateClient(params: {
psk: params.psk, psk: params.psk,
tunneladdress: params.allowedIps, tunneladdress: params.allowedIps,
server: serverUuid, server: serverUuid,
endpoint: VPN_ENDPOINT, endpoint: env.VPN_ENDPOINT,
}, },
}), }),
}); });

4
src/lib/server/db/index.ts
View File

@ -1,5 +1,5 @@
import { drizzle } from 'drizzle-orm/libsql'; import { drizzle } from 'drizzle-orm/libsql';
import * as schema from './schema'; import * as schema from './schema';
import { DATABASE_URL } from '$env/static/private'; import { env } from '$env/dynamic/private';
export const db= drizzle(DATABASE_URL, { schema }); export const db= drizzle(env.DATABASE_URL, { schema });

4
src/lib/server/oauth.ts
View File

@ -1,9 +1,9 @@
import { Authentik } from 'arctic'; import { Authentik } from 'arctic';
import * as env from '$env/static/private'; import { env } from '$env/dynamic/private';
export const authentik = new Authentik( export const authentik = new Authentik(
env.AUTH_DOMAIN, env.AUTH_DOMAIN,
env.AUTH_CLIENT_ID, env.AUTH_CLIENT_ID,
env.AUTH_CLIENT_SECRET, env.AUTH_CLIENT_SECRET,
env.AUTH_REDIRECT_URI env.AUTH_REDIRECT_URL
); );

5
src/lib/server/opnsense/index.ts
View File

@ -4,11 +4,6 @@ import { encodeBasicCredentials } from 'arctic/dist/request';
import { dev } from '$app/environment'; import { dev } from '$app/environment';
import type { OpnsenseWgServers } from '$lib/opnsense/wg'; import type { OpnsenseWgServers } from '$lib/opnsense/wg';
assert(env.OPNSENSE_API_URL, 'OPNSENSE_API_URL is not set');
assert(env.OPNSENSE_API_KEY, 'OPNSENSE_API_KEY is not set');
assert(env.OPNSENSE_API_SECRET, 'OPNSENSE_API_SECRET is not set');
assert(env.OPNSENSE_WG_IFNAME, 'OPNSENSE_WG_IFNAME is not set');
export const opnsenseUrl = env.OPNSENSE_API_URL; export const opnsenseUrl = env.OPNSENSE_API_URL;
export const opnsenseAuth = export const opnsenseAuth =
'Basic ' + encodeBasicCredentials(env.OPNSENSE_API_KEY, env.OPNSENSE_API_SECRET); 'Basic ' + encodeBasicCredentials(env.OPNSENSE_API_KEY, env.OPNSENSE_API_SECRET);

2
src/routes/auth/authentik/callback/+server.ts
View File

@ -34,7 +34,7 @@ export async function GET(event: RequestEvent): Promise<Response> {
status: 400 status: 400
}); });
} }
const claims = decodeIdToken(tokens.idToken()); const claims = decodeIdToken(tokens.idToken()) as { sub: string, preferred_username: string, name: string };
console.log("claims", claims); console.log("claims", claims);
const userId: string = claims.sub; const userId: string = claims.sub;
const username: string = claims.preferred_username; const username: string = claims.preferred_username;