CaZzzer/vpgen
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: CaZzzer:c8d609635419e3768d3c443d1a31aff7ff2ebe23
Branches Tags
CaZzzer:develop
CaZzzer:feature/wg-quick
CaZzzer:feature/invite
CaZzzer:feature/auth
CaZzzer:feature/auth-1
CaZzzer:feature/ci
CaZzzer:feature/api
CaZzzer:feature/provider-interface-1
CaZzzer:feature/provider-interface
CaZzzer:feature/logging
CaZzzer:feature/qrcode
CaZzzer:feature/trailing-slashes
CaZzzer:feature/opnsense
CaZzzer:master
...
compare: CaZzzer:fc271c73c9dfd9fa3cda734b455757ecdbd4abe6
Branches Tags
CaZzzer:feature/wg-quick
CaZzzer:develop
CaZzzer:feature/invite
CaZzzer:feature/auth
CaZzzer:feature/auth-1
CaZzzer:feature/ci
CaZzzer:feature/api
CaZzzer:feature/provider-interface-1
CaZzzer:feature/provider-interface
CaZzzer:feature/logging
CaZzzer:feature/qrcode
CaZzzer:feature/trailing-slashes
CaZzzer:feature/opnsense
CaZzzer:master

19 Commits
c8d6096354 ... fc271c73c9

Author SHA1 Message Date
Yuri Tatishchev
fc271c73c9
add woodpecker ci 2025-04-21 21:40:56 -07:00
Yuri Tatishchev
190b1d0c90
WIP: auth: refactor to page routes instead of api routes 2025-04-12 01:34:07 -07:00
Yuri Tatishchev
5b72ab28dd
WIP: temp 2025-04-11 18:43:51 -07:00
Yuri Tatishchev
8f20c168a2
WIP: auth: improve handling of invite tokens 2025-04-11 18:39:45 -07:00
Yuri Tatishchev
12a3001aec
add editorconfig and zed settings 2025-04-10 19:02:55 -07:00
Yuri Tatishchev
06a7f1bd51
ui: update shadcn components 2025-04-08 21:56:27 -07:00
Yuri Tatishchev
d430f1db17
db: drop opnsense_id from devices schema 2025-03-30 19:55:05 -07:00
Yuri Tatishchev
0e23c8e21c
refactor: add interface for wg provider with opnsense implementation 2025-03-30 19:54:10 -07:00
Yuri Tatishchev
e9d4be1d53
add typia for type validation 2025-03-15 21:07:17 -07:00
Yuri Tatishchev
02ff13e4d3
auth: work on adding google auth via invite 2025-03-15 21:00:34 -07:00
Yuri Tatishchev
073bf65094
update readme 2025-03-03 15:39:37 -08:00
Yuri Tatishchev
e04e6db22a
updates: bun, text lockfile 2025-02-17 23:58:54 -08:00
Yuri Tatishchev
380b60e571
lib/components/ui: set dialog portal position to absolute 
This prevents the dimensionless portal div from being treated as a flex item and creating extra gaps below the footer.
 2025-01-09 20:08:49 -08:00
Yuri Tatishchev
99f4016eb3
devices page: implement delete option 2025-01-09 19:22:08 -08:00
Yuri Tatishchev
e764f78501
lib/server/devices: refactor 2025-01-09 16:08:26 -08:00
Yuri Tatishchev
80acec720c
opnsense: sanitize usernames for creating peers 2025-01-09 14:44:48 -08:00
Yuri Tatishchev
29fbccc953
connections page: update API, combine opnsense data with db data 2025-01-07 19:03:54 -08:00
Yuri Tatishchev
76559d2931
update guide video for android 2025-01-07 17:58:31 -08:00
Yuri Tatishchev
cc7c94417d
rename clients to devices 2025-01-07 16:22:43 -08:00
88 changed files with 3001 additions and 765 deletions
Show Stats Expand all files Collapse all files

10
.editorconfig Normal file
View File

@ -0,0 +1,10 @@
[*]
charset = utf-8
insert_final_newline = true
end_of_line = lf
indent_style = tab
indent_size = 2
max_line_length = 100
quote_type = single
trim_trailing_whitespace = true

5
.env.example
View File

@ -1,7 +1,12 @@
DATABASE_URL=file:local.db
AUTH_DOMAIN=auth.lab.cazzzer.com
AUTH_CLIENT_ID=
AUTH_CLIENT_SECRET=
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
INVITE_TOKEN=GUjdsz9aREFTEBYDrA3AajUE8oVys2xW
OPNSENSE_API_URL=https://opnsense.cazzzer.com
OPNSENSE_API_KEY=

6
.idea/bun.xml generated Normal file
View File

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="BunSettings">
<option name="bunPath" value="bun" />
</component>
</project>

2
.idea/modules.xml generated
View File

@ -2,7 +2,7 @@
<project version="4">
<component name="ProjectModuleManager">
<modules>
<module fileurl="file://$PROJECT_DIR$/.idea/vpgen-sv5.iml" filepath="$PROJECT_DIR$/.idea/vpgen-sv5.iml" />
<module fileurl="file://$PROJECT_DIR$/.idea/vpgen.iml" filepath="$PROJECT_DIR$/.idea/vpgen.iml" />
</modules>
</component>
</project>

0
.idea/vpgen-sv5.iml → .idea/vpgen.iml generated
View File

1
.npmrc
View File

@ -1 +1,2 @@
engine-strict=true
@jsr:registry=https://npm.jsr.io

32
.woodpecker/build-image.yml Normal file
View File

@ -0,0 +1,32 @@
when:
- event: [push]
steps:
- name: echos
image: alpine
commands:
- echo $CI_REPO
- echo $CI_REPO_REMOTE_ID
- echo $CI_REPO_URL
- echo $CI_REPO_CLONE_URL
- echo $${CI_COMMIT_BRANCH/\\//-}
- echo $USERNAME:$PASSWORD
environment:
USERNAME:
from_secret: registry-username
PASSWORD:
from_secret: registry-password
- name: build
image: woodpeckerci/plugin-kaniko
settings:
registry: gitea.cazzzer.com
username:
from_secret: registry-username
password:
from_secret: registry-password
repo: gitea.cazzzer.com/${CI_REPO}
# replace '/' with '_' in branch name
# remove 'feature/' prefix in branch name
# tags: ${CI_COMMIT_BRANCH##feature/}
# auto_tag: true
tags: ci
# cache: true

7
.zed/settings.json Normal file
View File

@ -0,0 +1,7 @@
// Folder-specific settings
//
// For a full list of overridable settings, and general information on folder-specific settings,
// see the documentation: https://zed.dev/docs/configuring-zed#settings-files
{
"formatter": "prettier"
}

4
Dockerfile
View File

@ -8,12 +8,12 @@ COPY package.json bun.lockb /app/
# this will cache them and speed up future builds
FROM base AS install
RUN mkdir -p /temp/dev
COPY package.json bun.lockb /temp/dev/
COPY package.json bun.lock /temp/dev/
RUN cd /temp/dev && bun install --frozen-lockfile
# install with --production (exclude devDependencies)
RUN mkdir -p /temp/prod
COPY package.json bun.lockb /temp/prod/
COPY package.json bun.lock /temp/prod/
RUN cd /temp/prod && bun install --frozen-lockfile --production
# copy node_modules from temp directory

64
README.md
View File

@ -1,40 +1,40 @@
# sv
# VPGen
Everything you need to build a Svelte project, powered by [`sv`](https://github.com/sveltejs/cli).
One-click WireGuard config generator, work in progress.
## Creating a project
## Why?
If you're seeing this, you've probably already done this step. Congrats!
Make it easier to share VPN access with friends/family,
making use of existing networking infrastructure.
```bash
# create a new project in the current directory
npx sv create
## How?
# create a new project in my-app
npx sv create my-app
Currently, the supported backend is [OPNsense](https://opnsense.org/).
VPGen just creates WireGuard clients on the configured interface via the OPNsense API.
Future plans include supporting other API backends (e.g. [Netmaker](https://github.com/gravitl/netmaker))
and [wg-quick](https://www.wireguard.com/quickstart/) for standalone setups.
## Development
Development uses bun.
An additional prepare step is needed to set up typia for type validation.
For example .env settings, see [.env.example](.env.example)
```shell
bun install
bun run prepare
bun run dev
```
## Developing
## To Do
Once you've created a project and installed dependencies with `npm install` (or `pnpm install` or `yarn`), start a development server:
```bash
npm run dev
# or start the server and open the app in a new browser tab
npm run dev -- --open
```
## Building
To create a production version of your app:
```bash
npm run build
```
You can preview the production build with `npm run preview`.
> To deploy your app, you may need to install an [adapter](https://svelte.dev/docs/kit/adapters) for your target environment.
When deploying, set `ORIGIN` to the URL of your site to prevent cross-site request errors.
- [ ] Proper invite page
- [ ] Proper error page for login without invite
- [ ] Support file provider (for wg-quick)
- [ ] Fix accessibility issues (lighthouse)
- [ ] Add title to profile page (lighthouse)
- [ ] wg-quick scripts (maybe?)
- [ ] Get rid of api routes (maybe?)
- [ ] Get rid of custom result types (maybe?)

25
bruno/opnsense-api/Delete Client.bru Normal file
View File

@ -0,0 +1,25 @@
meta {
name: Delete Client
type: http
seq: 11
}
post {
url: {{base}}/api/wireguard/client/delClient/:clientUuid
body: none
auth: inherit
}
params:path {
clientUuid: d484d381-4d6f-4444-8e9d-9cda7b5b2243
}
body:json {
{
"current": 1,
"rowCount": 7,
"sort": {},
"servers": ["{{serverUuid}}"],
"searchPhrase": "{{searchPhrase}}"
}
}

1164
bun.lock Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
bun.lockb
View File

Binary file not shown.

33
drizzle/0000_young_wong.sql → drizzle/0000_fair_tarantula.sql
View File

@ -1,10 +1,22 @@
CREATE TABLE `ip_allocations` (
CREATE TABLE `devices` (
`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
`client_id` integer,
FOREIGN KEY (`client_id`) REFERENCES `wg_clients`(`id`) ON UPDATE no action ON DELETE set null
`user_id` text NOT NULL,
`name` text NOT NULL,
`opnsense_id` text,
`public_key` text NOT NULL,
`private_key` text,
`pre_shared_key` text,
FOREIGN KEY (`user_id`) REFERENCES `users`(`id`) ON UPDATE no action ON DELETE no action
);
--> statement-breakpoint
CREATE UNIQUE INDEX `ip_allocations_client_id_unique` ON `ip_allocations` (`client_id`);--> statement-breakpoint
CREATE UNIQUE INDEX `devices_public_key_unique` ON `devices` (`public_key`);--> statement-breakpoint
CREATE TABLE `ip_allocations` (
`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
`device_id` integer,
FOREIGN KEY (`device_id`) REFERENCES `devices`(`id`) ON UPDATE no action ON DELETE set null
);
--> statement-breakpoint
CREATE UNIQUE INDEX `ip_allocations_device_id_unique` ON `ip_allocations` (`device_id`);--> statement-breakpoint
CREATE TABLE `sessions` (
`id` text PRIMARY KEY NOT NULL,
`user_id` text NOT NULL,
@ -17,16 +29,3 @@ CREATE TABLE `users` (
`username` text NOT NULL,
`name` text NOT NULL
);
--> statement-breakpoint
CREATE TABLE `wg_clients` (
`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
`user_id` text NOT NULL,
`name` text NOT NULL,
`opnsense_id` text,
`public_key` text NOT NULL,
`private_key` text,
`pre_shared_key` text,
FOREIGN KEY (`user_id`) REFERENCES `users`(`id`) ON UPDATE no action ON DELETE no action
);
--> statement-breakpoint
CREATE UNIQUE INDEX `wg_clients_public_key_unique` ON `wg_clients` (`public_key`);

1
drizzle/0001_equal_unicorn.sql Normal file
View File

@ -0,0 +1 @@
ALTER TABLE `users` ADD `auth_source` text DEFAULT 'authentik' NOT NULL;

1
drizzle/0002_minor_black_panther.sql Normal file
View File

@ -0,0 +1 @@
ALTER TABLE `devices` DROP COLUMN `opnsense_id`;

182
drizzle/meta/0000_snapshot.json
View File

@ -1,9 +1,90 @@
{
"version": "6",
"dialect": "sqlite",
"id": "29e6fd88-fa47-4f79-ad83-c52538bc36a6",
"id": "48b7ce55-58f1-4b97-a144-ca733576dba6",
"prevId": "00000000-0000-0000-0000-000000000000",
"tables": {
"devices": {
"name": "devices",
"columns": {
"id": {
"name": "id",
"type": "integer",
"primaryKey": true,
"notNull": true,
"autoincrement": true
},
"user_id": {
"name": "user_id",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"name": {
"name": "name",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"opnsense_id": {
"name": "opnsense_id",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"public_key": {
"name": "public_key",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"private_key": {
"name": "private_key",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"pre_shared_key": {
"name": "pre_shared_key",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
}
},
"indexes": {
"devices_public_key_unique": {
"name": "devices_public_key_unique",
"columns": [
"public_key"
],
"isUnique": true
}
},
"foreignKeys": {
"devices_user_id_users_id_fk": {
"name": "devices_user_id_users_id_fk",
"tableFrom": "devices",
"tableTo": "users",
"columnsFrom": [
"user_id"
],
"columnsTo": [
"id"
],
"onDelete": "no action",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraints": {}
},
"ip_allocations": {
"name": "ip_allocations",
"columns": {
@ -14,8 +95,8 @@
"notNull": true,
"autoincrement": true
},
"client_id": {
"name": "client_id",
"device_id": {
"name": "device_id",
"type": "integer",
"primaryKey": false,
"notNull": false,
@ -23,21 +104,21 @@
}
},
"indexes": {
"ip_allocations_client_id_unique": {
"name": "ip_allocations_client_id_unique",
"ip_allocations_device_id_unique": {
"name": "ip_allocations_device_id_unique",
"columns": [
"client_id"
"device_id"
],
"isUnique": true
}
},
"foreignKeys": {
"ip_allocations_client_id_wg_clients_id_fk": {
"name": "ip_allocations_client_id_wg_clients_id_fk",
"ip_allocations_device_id_devices_id_fk": {
"name": "ip_allocations_device_id_devices_id_fk",
"tableFrom": "ip_allocations",
"tableTo": "wg_clients",
"tableTo": "devices",
"columnsFrom": [
"client_id"
"device_id"
],
"columnsTo": [
"id"
@ -125,87 +206,6 @@
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraints": {}
},
"wg_clients": {
"name": "wg_clients",
"columns": {
"id": {
"name": "id",
"type": "integer",
"primaryKey": true,
"notNull": true,
"autoincrement": true
},
"user_id": {
"name": "user_id",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"name": {
"name": "name",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"opnsense_id": {
"name": "opnsense_id",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"public_key": {
"name": "public_key",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"private_key": {
"name": "private_key",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"pre_shared_key": {
"name": "pre_shared_key",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
}
},
"indexes": {
"wg_clients_public_key_unique": {
"name": "wg_clients_public_key_unique",
"columns": [
"public_key"
],
"isUnique": true
}
},
"foreignKeys": {
"wg_clients_user_id_users_id_fk": {
"name": "wg_clients_user_id_users_id_fk",
"tableFrom": "wg_clients",
"tableTo": "users",
"columnsFrom": [
"user_id"
],
"columnsTo": [
"id"
],
"onDelete": "no action",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraints": {}
}
},
"views": {},

229
drizzle/meta/0001_snapshot.json Normal file
View File

@ -0,0 +1,229 @@
{
"version": "6",
"dialect": "sqlite",
"id": "cc1fa973-1e9c-4bd6-b082-d7cf36f7342c",
"prevId": "48b7ce55-58f1-4b97-a144-ca733576dba6",
"tables": {
"devices": {
"name": "devices",
"columns": {
"id": {
"name": "id",
"type": "integer",
"primaryKey": true,
"notNull": true,
"autoincrement": true
},
"user_id": {
"name": "user_id",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"name": {
"name": "name",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"opnsense_id": {
"name": "opnsense_id",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"public_key": {
"name": "public_key",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"private_key": {
"name": "private_key",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"pre_shared_key": {
"name": "pre_shared_key",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
}
},
"indexes": {
"devices_public_key_unique": {
"name": "devices_public_key_unique",
"columns": [
"public_key"
],
"isUnique": true
}
},
"foreignKeys": {
"devices_user_id_users_id_fk": {
"name": "devices_user_id_users_id_fk",
"tableFrom": "devices",
"tableTo": "users",
"columnsFrom": [
"user_id"
],
"columnsTo": [
"id"
],
"onDelete": "no action",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraints": {}
},
"ip_allocations": {
"name": "ip_allocations",
"columns": {
"id": {
"name": "id",
"type": "integer",
"primaryKey": true,
"notNull": true,
"autoincrement": true
},
"device_id": {
"name": "device_id",
"type": "integer",
"primaryKey": false,
"notNull": false,
"autoincrement": false
}
},
"indexes": {
"ip_allocations_device_id_unique": {
"name": "ip_allocations_device_id_unique",
"columns": [
"device_id"
],
"isUnique": true
}
},
"foreignKeys": {
"ip_allocations_device_id_devices_id_fk": {
"name": "ip_allocations_device_id_devices_id_fk",
"tableFrom": "ip_allocations",
"tableTo": "devices",
"columnsFrom": [
"device_id"
],
"columnsTo": [
"id"
],
"onDelete": "set null",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraints": {}
},
"sessions": {
"name": "sessions",
"columns": {
"id": {
"name": "id",
"type": "text",
"primaryKey": true,
"notNull": true,
"autoincrement": false
},
"user_id": {
"name": "user_id",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"expires_at": {
"name": "expires_at",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false
}
},
"indexes": {},
"foreignKeys": {
"sessions_user_id_users_id_fk": {
"name": "sessions_user_id_users_id_fk",
"tableFrom": "sessions",
"tableTo": "users",
"columnsFrom": [
"user_id"
],
"columnsTo": [
"id"
],
"onDelete": "no action",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraints": {}
},
"users": {
"name": "users",
"columns": {
"id": {
"name": "id",
"type": "text",
"primaryKey": true,
"notNull": true,
"autoincrement": false
},
"auth_source": {
"name": "auth_source",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "'authentik'"
},
"username": {
"name": "username",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"name": {
"name": "name",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
}
},
"indexes": {},
"foreignKeys": {},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraints": {}
}
},
"views": {},
"enums": {},
"_meta": {
"schemas": {},
"tables": {},
"columns": {}
},
"internal": {
"indexes": {}
}
}

222
drizzle/meta/0002_snapshot.json Normal file
View File

@ -0,0 +1,222 @@
{
"version": "6",
"dialect": "sqlite",
"id": "0b364191-58d0-46a3-8372-4a30b0b88d85",
"prevId": "cc1fa973-1e9c-4bd6-b082-d7cf36f7342c",
"tables": {
"devices": {
"name": "devices",
"columns": {
"id": {
"name": "id",
"type": "integer",
"primaryKey": true,
"notNull": true,
"autoincrement": true
},
"user_id": {
"name": "user_id",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"name": {
"name": "name",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"public_key": {
"name": "public_key",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"private_key": {
"name": "private_key",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"pre_shared_key": {
"name": "pre_shared_key",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
}
},
"indexes": {
"devices_public_key_unique": {
"name": "devices_public_key_unique",
"columns": [
"public_key"
],
"isUnique": true
}
},
"foreignKeys": {
"devices_user_id_users_id_fk": {
"name": "devices_user_id_users_id_fk",
"tableFrom": "devices",
"tableTo": "users",
"columnsFrom": [
"user_id"
],
"columnsTo": [
"id"
],
"onDelete": "no action",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraints": {}
},
"ip_allocations": {
"name": "ip_allocations",
"columns": {
"id": {
"name": "id",
"type": "integer",
"primaryKey": true,
"notNull": true,
"autoincrement": true
},
"device_id": {
"name": "device_id",
"type": "integer",
"primaryKey": false,
"notNull": false,
"autoincrement": false
}
},
"indexes": {
"ip_allocations_device_id_unique": {
"name": "ip_allocations_device_id_unique",
"columns": [
"device_id"
],
"isUnique": true
}
},
"foreignKeys": {
"ip_allocations_device_id_devices_id_fk": {
"name": "ip_allocations_device_id_devices_id_fk",
"tableFrom": "ip_allocations",
"tableTo": "devices",
"columnsFrom": [
"device_id"
],
"columnsTo": [
"id"
],
"onDelete": "set null",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraints": {}
},
"sessions": {
"name": "sessions",
"columns": {
"id": {
"name": "id",
"type": "text",
"primaryKey": true,
"notNull": true,
"autoincrement": false
},
"user_id": {
"name": "user_id",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"expires_at": {
"name": "expires_at",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false
}
},
"indexes": {},
"foreignKeys": {
"sessions_user_id_users_id_fk": {
"name": "sessions_user_id_users_id_fk",
"tableFrom": "sessions",
"tableTo": "users",
"columnsFrom": [
"user_id"
],
"columnsTo": [
"id"
],
"onDelete": "no action",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraints": {}
},
"users": {
"name": "users",
"columns": {
"id": {
"name": "id",
"type": "text",
"primaryKey": true,
"notNull": true,
"autoincrement": false
},
"auth_source": {
"name": "auth_source",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "'authentik'"
},
"username": {
"name": "username",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"name": {
"name": "name",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
}
},
"indexes": {},
"foreignKeys": {},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraints": {}
}
},
"views": {},
"enums": {},
"_meta": {
"schemas": {},
"tables": {},
"columns": {}
},
"internal": {
"indexes": {}
}
}

18
drizzle/meta/_journal.json
View File

@ -5,8 +5,22 @@
{
"idx": 0,
"version": "6",
"when": 1735028333867,
"tag": "0000_young_wong",
"when": 1736295566569,
"tag": "0000_fair_tarantula",
"breakpoints": true
},
{
"idx": 1,
"version": "6",
"when": 1741936760967,
"tag": "0001_equal_unicorn",
"breakpoints": true
},
{
"idx": 2,
"version": "6",
"when": 1743389268079,
"tag": "0002_minor_black_panther",
"breakpoints": true
}
]

53
package.json
View File

@ -1,6 +1,7 @@
{
"name": "vpgen-sv5",
"name": "vpgen",
"version": "0.0.1",
"license": "AGPL-3.0-or-later",
"type": "module",
"scripts": {
"dev": "vite dev",
@ -14,48 +15,52 @@
"db:generate": "drizzle-kit generate",
"db:migrate": "drizzle-kit migrate",
"db:studio": "drizzle-kit studio",
"db:seed": "bun run ./src/lib/server/db/seed.ts"
"db:seed": "bun run ./src/lib/server/db/seed.ts",
"prepare": "ts-patch install"
},
"devDependencies": {
"@lucide/svelte": "^0.487.0",
"@oslojs/crypto": "^1.0.1",
"@oslojs/encoding": "^1.1.0",
"@ryoppippi/unplugin-typia": "npm:@jsr/ryoppippi__unplugin-typia",
"@sveltejs/adapter-auto": "^3.3.1",
"@sveltejs/adapter-node": "^5.2.11",
"@sveltejs/kit": "^2.15.0",
"@sveltejs/adapter-node": "^5.2.12",
"@sveltejs/kit": "^2.19.1",
"@sveltejs/vite-plugin-svelte": "^5.0.3",
"@tailwindcss/container-queries": "^0.1.1",
"@tailwindcss/forms": "^0.5.9",
"@tailwindcss/typography": "^0.5.15",
"@tailwindcss/forms": "^0.5.10",
"@tailwindcss/typography": "^0.5.16",
"@types/better-sqlite3": "^7.6.12",
"@types/eslint": "^9.6.1",
"@types/qrcode-svg": "^1.1.5",
"arctic": "^2.3.3",
"autoprefixer": "^10.4.20",
"bits-ui": "^0.22.0",
"arctic": "^2.3.4",
"autoprefixer": "^10.4.21",
"bits-ui": "^1.3.18",
"clsx": "^2.1.1",
"eslint": "^9.17.0",
"eslint": "^9.22.0",
"eslint-config-prettier": "^9.1.0",
"eslint-plugin-svelte": "^2.46.1",
"globals": "^15.14.0",
"globals": "^15.15.0",
"ip-address": "^10.0.1",
"lucide-svelte": "^0.469.0",
"prettier": "^3.4.2",
"prettier-plugin-svelte": "^3.3.2",
"prettier-plugin-tailwindcss": "^0.6.9",
"prettier": "^3.5.3",
"prettier-plugin-svelte": "^3.3.3",
"prettier-plugin-tailwindcss": "^0.6.11",
"qrcode-svg": "^1.1.0",
"svelte": "^5.16.0",
"svelte-check": "^4.1.1",
"svelte": "^5.23.0",
"svelte-check": "^4.1.5",
"tailwind-merge": "^2.6.0",
"tailwind-variants": "^0.3.0",
"tailwind-variants": "^0.3.1",
"tailwindcss": "^3.4.17",
"tailwindcss-animate": "^1.0.7",
"typescript": "^5.7.2",
"typescript-eslint": "^8.18.2",
"vite": "^6.0.6"
"ts-patch": "^3.3.0",
"typescript": "~5.8.2",
"typescript-eslint": "^8.26.1",
"typia": "^8.0.2",
"vite": "^6.2.2"
},
"dependencies": {
"@libsql/client": "^0.14.0",
"drizzle-kit": "^0.30.1",
"drizzle-orm": "^0.38.3"
"drizzle-kit": "^0.30.5",
"drizzle-orm": "^0.38.4"
}
}
}

2
src/app.css
View File

@ -88,7 +88,7 @@
--sidebar-border: 240 3.7% 15.9%;
--sidebar-ring: 217.2 91.2% 59.8%;
--surface: 217.2 40.6% 10.5%;
--surface: 217.2 40.6% 11.5%;
}
}
}

7
src/hooks.server.ts
View File

@ -2,10 +2,9 @@ import { type Handle, redirect } from '@sveltejs/kit';
import { sequence } from '@sveltejs/kit/hooks';
import { dev } from '$app/environment';
import * as auth from '$lib/server/auth';
import { fetchOpnsenseServer } from '$lib/server/opnsense';
import wgProvider from '$lib/server/wg-provider';
// fetch opnsense server info on startup
await fetchOpnsenseServer();
await wgProvider.init();
const handleAuth: Handle = async ({ event, resolve }) => {
const sessionId = event.cookies.get(auth.sessionCookieName);
@ -39,7 +38,7 @@ const authRequired = [
/^\/api/,
/^\/user/,
/^\/connections/,
/^\/clients/,
/^\/devices/,
];
const handleProtectedPaths: Handle = ({ event, resolve }) => {
const isProtected = authRequired.some((re) => re.test(event.url.pathname));

13
src/lib/assets/google.svg Normal file
View File

@ -0,0 +1,13 @@
<svg width="40" height="40" viewBox="10 10 20 20" fill="none" xmlns="http://www.w3.org/2000/svg">
<g clip-path="url(#clip0_710_6221)">
<path d="M29.6 20.2273C29.6 19.5182 29.5364 18.8364 29.4182 18.1818H20V22.05H25.3818C25.15 23.3 24.4455 24.3591 23.3864 25.0682V27.5773H26.6182C28.5091 25.8364 29.6 23.2727 29.6 20.2273Z" fill="#4285F4"/>
<path d="M20 30C22.7 30 24.9636 29.1045 26.6181 27.5773L23.3863 25.0682C22.4909 25.6682 21.3454 26.0227 20 26.0227C17.3954 26.0227 15.1909 24.2636 14.4045 21.9H11.0636V24.4909C12.7091 27.7591 16.0909 30 20 30Z" fill="#34A853"/>
<path d="M14.4045 21.9C14.2045 21.3 14.0909 20.6591 14.0909 20C14.0909 19.3409 14.2045 18.7 14.4045 18.1V15.5091H11.0636C10.3864 16.8591 10 18.3864 10 20C10 21.6136 10.3864 23.1409 11.0636 24.4909L14.4045 21.9Z" fill="#FBBC04"/>
<path d="M20 13.9773C21.4681 13.9773 22.7863 14.4818 23.8227 15.4727L26.6909 12.6045C24.9591 10.9909 22.6954 10 20 10C16.0909 10 12.7091 12.2409 11.0636 15.5091L14.4045 18.1C15.1909 15.7364 17.3954 13.9773 20 13.9773Z" fill="#E94235"/>
</g>
<defs>
<clipPath id="clip0_710_6221">
<rect width="20" height="20" fill="white" transform="translate(10 10)"/>
</clipPath>
</defs>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 1.1 KiB

BIN
src/lib/assets/guide-android.mp4 (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
src/lib/assets/guide-client.mp4 (Stored with Git LFS)
View File

Binary file not shown.

33
src/lib/clients.ts
View File

@ -1,33 +0,0 @@
import type { ClientDetails } from '$lib/types/clients';
/**
* Convert client details to WireGuard configuration.
*
* ```conf
* [Interface]
* PrivateKey = wPa07zR0H4wYoc1ljfeiqlSbR8Z28pPc6jplwE7zPms=
* Address = 10.18.11.100/32,fd00::1/128
* DNS = 10.18.11.1,fd00::0
*
* [Peer]
* PublicKey = BJ5faPVJsDP4CCxNYilmKnwlQXOtXEOJjqIwb4U/CgM=
* PresharedKey = uhZUVqXKF0oayP0BS6yPu6Gepgh68Nz9prtbE5Cuok0=
* Endpoint = vpn.lab.cazzzer.com:51820
* AllowedIPs = 0.0.0.0/0,::/0
* ```
* @param client
*/
export function clientDetailsToConfig(client: ClientDetails): string {
return `\
[Interface]
PrivateKey = ${client.privateKey}
Address = ${client.ips.join(', ')}
DNS = ${client.vpnDns}
[Peer]
PublicKey = ${client.vpnPublicKey}
PresharedKey = ${client.preSharedKey}
Endpoint = ${client.vpnEndpoint}
AllowedIPs = 0.0.0.0/0,::/0
`;
}

40
src/lib/components/app/auth-form/auth-form.svelte
View File

@ -1,22 +1,24 @@
<script lang="ts">
import { LucideLoaderCircle } from 'lucide-svelte';
import { LucideLoaderCircle } from '@lucide/svelte';
import { Button } from '$lib/components/ui/button';
import { cn } from '$lib/utils.js';
import googleIcon from '$lib/assets/google.svg';
let { class: className, ...rest }: { class?: string; rest?: { [p: string]: unknown } } = $props();
let { inviteToken, class: className, ...rest }: {
inviteToken?: string;
class?: string;
rest?: { [p: string]: unknown }
} = $props();
let isLoading = $state(false);
let submitted = $state(false);
</script>
<div class={cn('flex gap-6', className)} {...rest}>
<form method="get" action="/auth/authentik">
<Button
type="submit"
onclick={() => {
isLoading = true;
}}
>
{#if isLoading}
<form method="get" onsubmit={() => submitted = true}
action="/auth/authentik{inviteToken ? `?invite=${inviteToken}` : ''}">
<input type="hidden" value={inviteToken} name="invite" />
<Button type="submit" disabled={submitted}>
{#if submitted}
<LucideLoaderCircle class="mr-2 h-4 w-4 animate-spin" />
{:else}
<img
@ -28,4 +30,20 @@
Sign in with Authentik
</Button>
</form>
<form method="get" onsubmit={() => submitted = true}
action="/auth/google{inviteToken ? `?invite=${inviteToken}` : ''}">
<input type="hidden" value={inviteToken} name="invite" />
<Button type="submit" disabled={submitted}>
{#if submitted}
<LucideLoaderCircle class="mr-2 h-4 w-4 animate-spin" />
{:else}
<img
class="mr-2 h-4 w-4"
alt="Google Logo"
src={googleIcon}
/>
{/if}
Sign in with Google
</Button>
</form>
</div>

2
src/lib/components/app/code-snippet/code-snippet.svelte
View File

@ -1,6 +1,6 @@
<script lang="ts">
import { Button } from '$lib/components/ui/button';
import { LucideClipboardCopy, LucideDownload } from 'lucide-svelte';
import { LucideClipboardCopy, LucideDownload } from '@lucide/svelte';
const {
data,

4
src/lib/components/app/wireguard-guide/wireguard-guide.svelte
View File

@ -2,7 +2,7 @@
import * as Tabs from '$lib/components/ui/tabs';
import * as Card from '$lib/components/ui/card';
import getItOnGooglePlay from '$lib/assets/GetItOnGooglePlay_Badge_Web_color_English.png';
import guideVideo from '$lib/assets/guide-client.mp4';
import guideVideoAndroid from '$lib/assets/guide-android.mp4';
</script>
<Tabs.Root value="android">
@ -36,7 +36,7 @@
<p>Download the configuration file and import it</p>
<aside>Alternatively, you can scan the QR code with the WireGuard app</aside>
<video autoplay loop controls muted preload="metadata" class="max-h-screen">
<source src={guideVideo} type="video/mp4" />
<source src={guideVideoAndroid} type="video/mp4" />
</video>
</div>
</li>

2
src/lib/components/ui/badge/badge.svelte
View File

@ -43,7 +43,7 @@
this={href ? "a" : "span"}
bind:this={ref}
{href}
class={cn(badgeVariants({ variant, className }))}
class={cn(badgeVariants({ variant }), className)}
{...restProps}
>
{@render children?.()}

4
src/lib/components/ui/button/button.svelte
View File

@ -56,7 +56,7 @@
{#if href}
<a
bind:this={ref}
class={cn(buttonVariants({ variant, size, className }))}
class={cn(buttonVariants({ variant, size }), className)}
{href}
{...restProps}
>
@ -65,7 +65,7 @@
{:else}
<button
bind:this={ref}
class={cn(buttonVariants({ variant, size, className }))}
class={cn(buttonVariants({ variant, size }), className)}
{type}
{...restProps}
>

4
src/lib/components/ui/checkbox/checkbox.svelte
View File

@ -1,7 +1,7 @@
<script lang="ts">
import { Checkbox as CheckboxPrimitive, type WithoutChildrenOrChild } from "bits-ui";
import Check from "lucide-svelte/icons/check";
import Minus from "lucide-svelte/icons/minus";
import Check from "@lucide/svelte/icons/check";
import Minus from "@lucide/svelte/icons/minus";
import { cn } from "$lib/utils.js";
let {

2
src/lib/components/ui/dialog/dialog-content.svelte
View File

@ -1,6 +1,6 @@
<script lang="ts">
import { Dialog as DialogPrimitive, type WithoutChildrenOrChild } from "bits-ui";
import X from "lucide-svelte/icons/x";
import X from "@lucide/svelte/icons/x";
import type { Snippet } from "svelte";
import * as Dialog from "./index.js";
import { cn } from "$lib/utils.js";

5
src/lib/components/ui/dialog/dialog-description.svelte
View File

@ -5,7 +5,6 @@
let {
ref = $bindable(null),
class: className,
children,
...restProps
}: DialogPrimitive.DescriptionProps = $props();
</script>
@ -14,6 +13,4 @@
bind:ref
class={cn("text-muted-foreground text-sm", className)}
{...restProps}
>
{@render children?.()}
</DialogPrimitive.Description>
/>

5
src/lib/components/ui/dialog/dialog-overlay.svelte
View File

@ -5,7 +5,6 @@
let {
ref = $bindable(null),
class: className,
children,
...restProps
}: DialogPrimitive.OverlayProps = $props();
</script>
@ -17,6 +16,4 @@
className
)}
{...restProps}
>
{@render children?.()}
</DialogPrimitive.Overlay>
/>

5
src/lib/components/ui/dialog/dialog-title.svelte
View File

@ -5,7 +5,6 @@
let {
ref = $bindable(null),
class: className,
children,
...restProps
}: DialogPrimitive.TitleProps = $props();
</script>
@ -14,6 +13,4 @@
bind:ref
class={cn("text-lg font-semibold leading-none tracking-tight", className)}
{...restProps}
>
{@render children?.()}
</DialogPrimitive.Title>
/>

46
src/lib/components/ui/input/input.svelte
View File

@ -1,22 +1,46 @@
<script lang="ts">
import type { HTMLInputAttributes } from "svelte/elements";
import type { HTMLInputAttributes, HTMLInputTypeAttribute } from "svelte/elements";
import type { WithElementRef } from "bits-ui";
import { cn } from "$lib/utils.js";
type InputType = Exclude<HTMLInputTypeAttribute, "file">;
type Props = WithElementRef<
Omit<HTMLInputAttributes, "type"> &
({ type: "file"; files?: FileList } | { type?: InputType; files?: undefined })
>;
let {
ref = $bindable(null),
value = $bindable(),
type,
files = $bindable(),
class: className,
...restProps
}: WithElementRef<HTMLInputAttributes> = $props();
}: Props = $props();
</script>
<input
bind:this={ref}
class={cn(
"border-input bg-background ring-offset-background placeholder:text-muted-foreground focus-visible:ring-ring flex h-10 w-full rounded-md border px-3 py-2 text-base file:border-0 file:bg-transparent file:text-sm file:font-medium focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-offset-2 disabled:cursor-not-allowed disabled:opacity-50 md:text-sm",
className
)}
bind:value
{...restProps}
/>
{#if type === "file"}
<input
bind:this={ref}
class={cn(
"border-input bg-background ring-offset-background placeholder:text-muted-foreground focus-visible:ring-ring flex h-10 w-full rounded-md border px-3 py-2 text-base file:border-0 file:bg-transparent file:text-sm file:font-medium focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-offset-2 disabled:cursor-not-allowed disabled:opacity-50 md:text-sm",
className
)}
type="file"
bind:files
bind:value
{...restProps}
/>
{:else}
<input
bind:this={ref}
class={cn(
"border-input bg-background ring-offset-background placeholder:text-muted-foreground focus-visible:ring-ring flex h-10 w-full rounded-md border px-3 py-2 text-base file:border-0 file:bg-transparent file:text-sm file:font-medium focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-offset-2 disabled:cursor-not-allowed disabled:opacity-50 md:text-sm",
className
)}
{type}
bind:value
{...restProps}
/>
{/if}

5
src/lib/components/ui/label/label.svelte
View File

@ -5,7 +5,6 @@
let {
ref = $bindable(null),
class: className,
children,
...restProps
}: LabelPrimitive.RootProps = $props();
</script>
@ -17,6 +16,4 @@
className
)}
{...restProps}
>
{@render children?.()}
</LabelPrimitive.Root>
/>

5
src/lib/components/ui/tabs/tabs-content.svelte
View File

@ -5,7 +5,6 @@
let {
ref = $bindable(null),
class: className,
children,
...restProps
}: TabsPrimitive.ContentProps = $props();
</script>
@ -17,6 +16,4 @@
className
)}
{...restProps}
>
{@render children?.()}
</TabsPrimitive.Content>
/>

5
src/lib/components/ui/tabs/tabs-list.svelte
View File

@ -5,7 +5,6 @@
let {
ref = $bindable(null),
class: className,
children,
...restProps
}: TabsPrimitive.ListProps = $props();
</script>
@ -17,6 +16,4 @@
className
)}
{...restProps}
>
{@render children?.()}
</TabsPrimitive.List>
/>

5
src/lib/components/ui/tabs/tabs-trigger.svelte
View File

@ -5,7 +5,6 @@
let {
ref = $bindable(null),
class: className,
children,
...restProps
}: TabsPrimitive.TriggerProps = $props();
</script>
@ -17,6 +16,4 @@
className
)}
{...restProps}
>
{@render children?.()}
</TabsPrimitive.Trigger>
/>

10
src/lib/connections.ts Normal file
View File

@ -0,0 +1,10 @@
export type ConnectionDetails = {
deviceId: number;
deviceName: string;
devicePublicKey: string;
deviceIps: string[];
endpoint: string;
transferRx: number;
transferTx: number;
latestHandshake: number;
};

43
src/lib/devices.ts Normal file
View File

@ -0,0 +1,43 @@
/**
* Convert device details to WireGuard configuration.
*
* ```conf
* [Interface]
* PrivateKey = wPa07zR0H4wYoc1ljfeiqlSbR8Z28pPc6jplwE7zPms=
* Address = 10.18.11.100/32,fd00::1/128
* DNS = 10.18.11.1,fd00::0
*
* [Peer]
* PublicKey = BJ5faPVJsDP4CCxNYilmKnwlQXOtXEOJjqIwb4U/CgM=
* PresharedKey = uhZUVqXKF0oayP0BS6yPu6Gepgh68Nz9prtbE5Cuok0=
* Endpoint = vpn.lab.cazzzer.com:51820
* AllowedIPs = 0.0.0.0/0,::/0
* ```
* @param device
*/
export function deviceDetailsToConfig(device: DeviceDetails): string {
return `\
[Interface]
PrivateKey = ${device.privateKey}
Address = ${device.ips.join(', ')}
DNS = ${device.vpnDns}
[Peer]
PublicKey = ${device.vpnPublicKey}
PresharedKey = ${device.preSharedKey}
Endpoint = ${device.vpnEndpoint}
AllowedIPs = 0.0.0.0/0,::/0
`;
}
export type DeviceDetails = {
id: number;
name: string;
publicKey: string;
privateKey: string | null;
preSharedKey: string | null;
ips: string[];
vpnPublicKey: string;
vpnEndpoint: string;
vpnDns: string;
};

26
src/lib/server/auth.ts
View File

@ -3,8 +3,9 @@ import { sha256 } from '@oslojs/crypto/sha2';
import { encodeBase32LowerCaseNoPadding, encodeHexLowerCase } from '@oslojs/encoding';
import { db } from '$lib/server/db';
import * as table from '$lib/server/db/schema';
import type { RequestEvent } from '@sveltejs/kit';
import type { Cookies } from '@sveltejs/kit';
import { dev } from '$app/environment';
import { env } from '$env/dynamic/private';
const DAY_IN_MS = 1000 * 60 * 60 * 24;
@ -21,14 +22,14 @@ export async function createSession(userId: string): Promise<table.Session> {
const session: table.Session = {
id: sessionId,
userId,
expiresAt: new Date(Date.now() + DAY_IN_MS * 30)
expiresAt: new Date(Date.now() + DAY_IN_MS * 30),
};
await db.insert(table.sessions).values(session);
return session;
}
export function setSessionTokenCookie(event: RequestEvent, sessionId: string, expiresAt: Date) {
event.cookies.set(sessionCookieName, sessionId, {
export function setSessionTokenCookie(cookies: Cookies, sessionId: string, expiresAt: Date) {
cookies.set(sessionCookieName, sessionId, {
path: '/',
sameSite: 'lax',
httpOnly: true,
@ -41,16 +42,21 @@ export async function invalidateSession(sessionId: string): Promise<void> {
await db.delete(table.sessions).where(eq(table.sessions.id, sessionId));
}
export function deleteSessionTokenCookie(event: RequestEvent) {
event.cookies.delete(sessionCookieName, { path: '/' });
export function deleteSessionTokenCookie(cookies: Cookies) {
cookies.delete(sessionCookieName, { path: '/' });
}
export async function validateSession(sessionId: string) {
const [result] = await db
.select({
// Adjust user table here to tweak returned data
user: { id: table.users.id, username: table.users.username, name: table.users.name },
session: table.sessions
user: {
id: table.users.id,
authSource: table.users.authSource,
username: table.users.username,
name: table.users.name,
},
session: table.sessions,
})
.from(table.sessions)
.innerJoin(table.users, eq(table.sessions.userId, table.users.id))
@ -79,4 +85,8 @@ export async function validateSession(sessionId: string) {
return { session, user };
}
export function isValidInviteToken(inviteToken: string) {
return inviteToken === env.INVITE_TOKEN;
}
export type SessionValidationResult = Awaited<ReturnType<typeof validateSession>>;

218
src/lib/server/clients.ts
View File

@ -1,218 +0,0 @@
import type { User } from '$lib/server/db/schema';
import { ipAllocations, wgClients } from '$lib/server/db/schema';
import { db } from '$lib/server/db';
import { opnsenseAuth, opnsenseUrl, serverPublicKey, serverUuid } from '$lib/server/opnsense';
import { Address4, Address6 } from 'ip-address';
import { env } from '$env/dynamic/private';
import { and, count, eq, isNull } from 'drizzle-orm';
import { err, ok, type Result } from '$lib/types';
import type { ClientDetails } from '$lib/types/clients';
export async function findClients(userId: string) {
return db.query.wgClients.findMany({
columns: {
id: true,
name: true,
publicKey: true,
privateKey: true,
preSharedKey: true,
},
with: {
ipAllocation: true,
},
where: eq(wgClients.userId, userId),
});
}
export async function findClient(userId: string, clientId: number) {
return db.query.wgClients.findFirst({
columns: {
id: true,
name: true,
publicKey: true,
privateKey: true,
preSharedKey: true,
},
with: {
ipAllocation: true,
},
where: and(eq(wgClients.userId, userId), eq(wgClients.id, clientId)),
});
}
export function mapClientToDetails(
client: Awaited<ReturnType<typeof findClients>>[0],
): ClientDetails {
const ips = getIpsFromIndex(client.ipAllocation.id);
return {
id: client.id,
name: client.name,
publicKey: client.publicKey,
privateKey: client.privateKey,
preSharedKey: client.preSharedKey,
ips,
vpnPublicKey: serverPublicKey,
vpnEndpoint: env.VPN_ENDPOINT,
vpnDns: env.VPN_DNS,
};
}
export async function createClient(params: {
name: string;
user: User;
}): Promise<Result<number, [400 | 500, string]>> {
// check if user exceeds the limit of clients
const [{ clientCount }] = await db
.select({ clientCount: count() })
.from(wgClients)
.where(eq(wgClients.userId, params.user.id));
if (clientCount >= parseInt(env.MAX_CLIENTS_PER_USER))
return err([400, 'Maximum number of clients reached'] as [400, string]);
// this is going to be quite long
// 1. fetch params for new client from opnsense api
// 2.1 get an allocation for the client
// 2.2. insert new client into db
// 2.3. update the allocation with the client id
// 3. create the client in opnsense
// 4. reconfigure opnsense to enable the new client
return await db.transaction(async (tx) => {
const [keys, availableAllocation, lastAllocation] = await Promise.all([
// fetch params for new client from opnsense api
getKeys(),
// find first unallocated IP
await tx.query.ipAllocations.findFirst({
columns: {
id: true,
},
where: isNull(ipAllocations.clientId),
}),
// find last allocation to check if we have any IPs left
await tx.query.ipAllocations.findFirst({
columns: {
id: true,
},
orderBy: (ipAllocations, { desc }) => desc(ipAllocations.id),
}),
]);
// check for existing allocation or if we have any IPs left
if (!availableAllocation && lastAllocation && lastAllocation.id >= parseInt(env.IP_MAX_INDEX)) {
return err([500, 'No more IP addresses available'] as [500, string]);
}
// use existing allocation or create a new one
const ipAllocationId =
availableAllocation?.id ??
(await tx.insert(ipAllocations).values({}).returning({ id: ipAllocations.id }))[0].id;
// transaction savepoint after creating a new IP allocation
// TODO: not sure if this is needed
return await tx.transaction(async (tx2) => {
// create new client in db
const [newClient] = await tx2
.insert(wgClients)
.values({
userId: params.user.id,
name: params.name,
publicKey: keys.pubkey,
privateKey: keys.privkey,
preSharedKey: keys.psk,
})
.returning({ id: wgClients.id });
// update IP allocation with client ID
await tx2
.update(ipAllocations)
.set({ clientId: newClient.id })
.where(eq(ipAllocations.id, ipAllocationId));
// create client in opnsense
const opnsenseRes = await opnsenseCreateClient({
username: params.user.username,
pubkey: keys.pubkey,
psk: keys.psk,
allowedIps: getIpsFromIndex(ipAllocationId).join(','),
});
const opnsenseResJson = await opnsenseRes.json();
if (opnsenseResJson['result'] !== 'saved') {
tx2.rollback();
console.error(`Error creating client in OPNsense: \n${opnsenseResJson}`);
return err([500, 'Error creating client in OPNsense'] as [500, string]);
}
// reconfigure opnsense
await opnsenseReconfigure();
return ok(newClient.id);
});
});
}
async function getKeys() {
// fetch key pair from opnsense
const options: RequestInit = {
method: 'GET',
headers: {
Authorization: opnsenseAuth,
Accept: 'application/json',
},
};
const resKeyPair = await fetch(`${opnsenseUrl}/api/wireguard/server/key_pair`, options);
const resPsk = await fetch(`${opnsenseUrl}/api/wireguard/client/psk`, options);
const keyPair = await resKeyPair.json();
const psk = await resPsk.json();
return {
pubkey: keyPair['pubkey'] as string,
privkey: keyPair['privkey'] as string,
psk: psk['psk'] as string,
};
}
export function getIpsFromIndex(ipIndex: number) {
ipIndex -= 1; // 1-indexed in the db
const v4StartingAddr = new Address4(env.IPV4_STARTING_ADDR);
const v6StartingAddr = new Address6(env.IPV6_STARTING_ADDR);
const v4Allowed = Address4.fromBigInt(v4StartingAddr.bigInt() + BigInt(ipIndex));
const v6Offset = BigInt(ipIndex) << (128n - BigInt(env.IPV6_CLIENT_PREFIX_SIZE));
const v6Allowed = Address6.fromBigInt(v6StartingAddr.bigInt() + v6Offset);
const v6AllowedShort = v6Allowed.parsedAddress.join(':');
return [v4Allowed.address + '/32', v6AllowedShort + '/' + env.IPV6_CLIENT_PREFIX_SIZE];
}
async function opnsenseCreateClient(params: {
username: string;
pubkey: string;
psk: string;
allowedIps: string;
}) {
return fetch(`${opnsenseUrl}/api/wireguard/client/addClientBuilder`, {
method: 'POST',
headers: {
Authorization: opnsenseAuth,
Accept: 'application/json',
'Content-Type': 'application/json',
},
body: JSON.stringify({
configbuilder: {
enabled: '1',
name: `vpgen-${params.username}`,
pubkey: params.pubkey,
psk: params.psk,
tunneladdress: params.allowedIps,
server: serverUuid,
endpoint: env.VPN_ENDPOINT,
},
}),
});
}
async function opnsenseReconfigure() {
return fetch(`${opnsenseUrl}/api/wireguard/service/reconfigure`, {
method: 'POST',
headers: {
Authorization: opnsenseAuth,
Accept: 'application/json',
},
});
}

27
src/lib/server/db/schema.ts
View File

@ -3,12 +3,13 @@ import { relations } from 'drizzle-orm';
export const users = sqliteTable('users', {
id: text('id').primaryKey(),
authSource: text('auth_source').notNull().default('authentik'),
username: text('username').notNull(),
name: text('name').notNull(),
});
export const usersRelations = relations(users, ({ many }) => ({
wgClients: many(wgClients),
devices: many(devices),
}));
export const sessions = sqliteTable('sessions', {
@ -22,23 +23,21 @@ export const sessions = sqliteTable('sessions', {
export const ipAllocations = sqliteTable('ip_allocations', {
// for now, id will be the same as the ipIndex
id: integer('id').primaryKey({ autoIncrement: true }),
// clientId is nullable because allocations can remain after the client is deleted
// unique for now, only allowing one allocation per client
clientId: integer('client_id')
// deviceId is nullable because allocations can remain after the device is deleted
// unique for now, only allowing one allocation per device
deviceId: integer('device_id')
.unique()
.references(() => wgClients.id, { onDelete: 'set null' }),
.references(() => devices.id, { onDelete: 'set null' }),
});
export const wgClients = sqliteTable('wg_clients', {
export const devices = sqliteTable('devices', {
id: integer().primaryKey({ autoIncrement: true }),
userId: text('user_id')
.notNull()
.references(() => users.id),
name: text('name').notNull(),
// questioning whether this should be nullable
opnsenseId: text('opnsense_id'),
publicKey: text('public_key').notNull().unique(),
// nullable for the possibility of a client supplying their own private key
// nullable for the possibility of a user supplying their own private key
privateKey: text('private_key'),
// nullable for the possibility of no psk
preSharedKey: text('pre_shared_key'),
@ -48,18 +47,18 @@ export const wgClients = sqliteTable('wg_clients', {
// allowedIps: text('allowed_ips').notNull(),
});
export const wgClientsRelations = relations(wgClients, ({ one }) => ({
export const devicesRelations = relations(devices, ({ one }) => ({
user: one(users, {
fields: [wgClients.userId],
fields: [devices.userId],
references: [users.id],
}),
ipAllocation: one(ipAllocations, {
fields: [wgClients.id],
references: [ipAllocations.clientId],
fields: [devices.id],
references: [ipAllocations.deviceId],
}),
}));
export type WgClient = typeof wgClients.$inferSelect;
export type Device = typeof devices.$inferSelect;
export type Session = typeof sessions.$inferSelect;

12
src/lib/server/db/seed.ts
View File

@ -1,8 +1,8 @@
import { ipAllocations, users, wgClients } from './schema';
import { ipAllocations, users, devices } from './schema';
import { eq } from 'drizzle-orm';
import assert from 'node:assert';
import { drizzle } from 'drizzle-orm/libsql';
import * as schema from '$lib/server/db/schema';
import * as schema from './schema';
assert(process.env.DATABASE_URL, 'DATABASE_URL is not set');
const db = drizzle(process.env.DATABASE_URL, { schema });
@ -11,10 +11,10 @@ async function seed() {
const user = await db.query.users.findFirst({ where: eq(users.username, 'CaZzzer') });
assert(user, 'User not found');
const clients: typeof wgClients.$inferInsert[] = [
const newDevices: typeof devices.$inferInsert[] = [
{
userId: user.id,
name: 'Client1',
name: 'Device1',
publicKey: 'BJ5faPVJsDP4CCxNYilmKnwlQXOtXEOJjqIwb4U/CgM=',
privateKey: 'KKqsHDu30WCSrVsyzMkOKbE3saQ+wlx0sBwGs61UGXk=',
preSharedKey: '0LWopbrISXBNHUxr+WOhCSAg+0hD8j3TLmpyzHkBHCQ=',
@ -22,10 +22,10 @@ async function seed() {
// allowedIps: '10.18.11.101/32,fd00::1/112',
},
];
const returned = await db.insert(wgClients).values(clients).returning({ insertedId: wgClients.id });
const returned = await db.insert(devices).values(newDevices).returning({ insertedId: devices.id });
const ipAllocation: typeof ipAllocations.$inferInsert = {
clientId: returned[0].insertedId,
deviceId: returned[0].insertedId,
};
await db.insert(ipAllocations).values(ipAllocation);
}

94
src/lib/server/devices/create.ts Normal file
View File

@ -0,0 +1,94 @@
import { devices, ipAllocations, type User } from '$lib/server/db/schema';
import { err, ok, type Result } from '$lib/types';
import { db } from '$lib/server/db';
import { count, eq, isNull } from 'drizzle-orm';
import { env } from '$env/dynamic/private';
import { getIpsFromIndex } from './utils';
import wgProvider from '$lib/server/wg-provider';
export async function createDevice(params: {
name: string;
user: User;
}): Promise<Result<number, [400 | 500, string]>> {
// check if user exceeds the limit of devices
const [{ deviceCount }] = await db
.select({ deviceCount: count() })
.from(devices)
.where(eq(devices.userId, params.user.id));
if (deviceCount >= parseInt(env.MAX_CLIENTS_PER_USER))
return err([400, 'Maximum number of devices reached'] as [400, string]);
// 1. fetch params for new device from provider
// 2.1 get an allocation for the device
// 2.2. insert new device into db
// 2.3. update the allocation with the device id
// 3. create the client in provider
return await db.transaction(async (tx) => {
const [keysResult, availableAllocation, lastAllocation] = await Promise.all([
// fetch params for new device from provider
wgProvider.generateKeys(),
// find first unallocated IP
await tx.query.ipAllocations.findFirst({
columns: {
id: true,
},
where: isNull(ipAllocations.deviceId),
}),
// find last allocation to check if we have any IPs left
await tx.query.ipAllocations.findFirst({
columns: {
id: true,
},
orderBy: (ipAllocations, { desc }) => desc(ipAllocations.id),
}),
]);
if (keysResult?._tag === 'err') return err([500, 'Failed to get keys']);
const keys = keysResult.value;
// check for existing allocation or if we have any IPs left
if (!availableAllocation && lastAllocation && lastAllocation.id >= parseInt(env.IP_MAX_INDEX)) {
return err([500, 'No more IP addresses available']);
}
// use existing allocation or create a new one
const ipAllocationId =
availableAllocation?.id ??
(await tx.insert(ipAllocations).values({}).returning({ id: ipAllocations.id }))[0].id;
// transaction savepoint after creating a new IP allocation
// TODO: not sure if this is needed
return await tx.transaction(async (tx2) => {
// create new device in db
const [newDevice] = await tx2
.insert(devices)
.values({
userId: params.user.id,
name: params.name,
publicKey: keys.publicKey,
privateKey: keys.privateKey,
preSharedKey: keys.preSharedKey,
})
.returning({ id: devices.id });
// update IP allocation with device ID
await tx2
.update(ipAllocations)
.set({ deviceId: newDevice.id })
.where(eq(ipAllocations.id, ipAllocationId));
// create client in provider
const providerRes = await wgProvider.createClient({
user: params.user,
publicKey: keys.publicKey,
preSharedKey: keys.preSharedKey,
allowedIps: getIpsFromIndex(ipAllocationId).join(','),
});
if (providerRes._tag === 'err') {
tx2.rollback();
return err([500, 'Failed to create client in provider']);
}
return ok(newDevice.id);
});
});
}

27
src/lib/server/devices/delete.ts Normal file
View File

@ -0,0 +1,27 @@
import { and, eq } from 'drizzle-orm';
import { db } from '$lib/server/db';
import { devices } from '$lib/server/db/schema';
import { err, ok, type Result } from '$lib/types';
import wgProvider from '$lib/server/wg-provider';
export async function deleteDevice(
userId: string,
deviceId: number,
): Promise<Result<null, [400 | 500, string]>> {
const device = await db.query.devices.findFirst({
columns: {
publicKey: true,
},
where: and(eq(devices.userId, userId), eq(devices.id, deviceId)),
});
if (!device) return err([400, 'Device not found']);
const providerDeletionResult = await wgProvider.deleteClient(device.publicKey);
if (providerDeletionResult._tag === 'err') {
console.error('failed to delete provider client for device', deviceId, device.publicKey);
return err([500, 'Error deleting client in provider']);
}
await db.delete(devices).where(eq(devices.id, deviceId));
return ok(null);
}

56
src/lib/server/devices/find.ts Normal file
View File

@ -0,0 +1,56 @@
import { db } from '$lib/server/db';
import { and, eq } from 'drizzle-orm';
import { devices } from '$lib/server/db/schema';
import type { DeviceDetails } from '$lib/devices';
import { env } from '$env/dynamic/private';
import { getIpsFromIndex } from '$lib/server/devices/index';
import wgProvider from '$lib/server/wg-provider';
export async function findDevices(userId: string) {
return db.query.devices.findMany({
columns: {
id: true,
name: true,
publicKey: true,
privateKey: true,
preSharedKey: true,
},
with: {
ipAllocation: true,
},
where: eq(devices.userId, userId),
});
}
export async function findDevice(userId: string, deviceId: number) {
return db.query.devices.findFirst({
columns: {
id: true,
name: true,
publicKey: true,
privateKey: true,
preSharedKey: true,
},
with: {
ipAllocation: true,
},
where: and(eq(devices.userId, userId), eq(devices.id, deviceId)),
});
}
export function mapDeviceToDetails(
device: Awaited<ReturnType<typeof findDevices>>[0],
): DeviceDetails {
const ips = getIpsFromIndex(device.ipAllocation.id);
return {
id: device.id,
name: device.name,
publicKey: device.publicKey,
privateKey: device.privateKey,
preSharedKey: device.preSharedKey,
ips,
vpnPublicKey: wgProvider.getServerPublicKey(),
vpnEndpoint: env.VPN_ENDPOINT,
vpnDns: env.VPN_DNS,
};
}

3
src/lib/server/devices/index.ts Normal file
View File

@ -0,0 +1,3 @@
export { findDevices, findDevice, mapDeviceToDetails } from './find';
export { createDevice } from './create';
export { getIpsFromIndex } from './utils';

14
src/lib/server/devices/utils.ts Normal file
View File

@ -0,0 +1,14 @@
import { Address4, Address6 } from 'ip-address';
import { env } from '$env/dynamic/private';
export function getIpsFromIndex(ipIndex: number) {
ipIndex -= 1; // 1-indexed in the db
const v4StartingAddr = new Address4(env.IPV4_STARTING_ADDR);
const v6StartingAddr = new Address6(env.IPV6_STARTING_ADDR);
const v4Allowed = Address4.fromBigInt(v4StartingAddr.bigInt() + BigInt(ipIndex));
const v6Offset = BigInt(ipIndex) << (128n - BigInt(env.IPV6_CLIENT_PREFIX_SIZE));
const v6Allowed = Address6.fromBigInt(v6StartingAddr.bigInt() + v6Offset);
const v6AllowedShort = v6Allowed.parsedAddress.join(':');
return [v4Allowed.address + '/32', v6AllowedShort + '/' + env.IPV6_CLIENT_PREFIX_SIZE];
}

8
src/lib/server/oauth.ts
View File

@ -1,4 +1,4 @@
import { Authentik } from 'arctic';
import { Authentik, Google } from 'arctic';
import { env } from '$env/dynamic/private';
export const authentik = new Authentik(
@ -7,3 +7,9 @@ export const authentik = new Authentik(
env.AUTH_CLIENT_SECRET,
`${env.ORIGIN}/auth/authentik/callback`,
);
export const google = new Google(
env.GOOGLE_CLIENT_ID,
env.GOOGLE_CLIENT_SECRET,
`${env.ORIGIN}/auth/google/callback`,
);

49
src/lib/server/opnsense/index.ts
View File

@ -1,49 +0,0 @@
import { env } from '$env/dynamic/private';
import assert from 'node:assert';
import { encodeBasicCredentials } from 'arctic/dist/request';
import { dev } from '$app/environment';
import type { OpnsenseWgServers } from '$lib/opnsense/wg';
export const opnsenseUrl = env.OPNSENSE_API_URL;
export const opnsenseAuth =
'Basic ' + encodeBasicCredentials(env.OPNSENSE_API_KEY, env.OPNSENSE_API_SECRET);
export const opnsenseIfname = env.OPNSENSE_WG_IFNAME;
// unset secret for security
if (!dev) env.OPNSENSE_API_SECRET = '';
export let serverUuid: string, serverPublicKey: string;
export async function fetchOpnsenseServer() {
// this might be pretty bad if the server is down and in a bunch of other cases
// TODO: write a retry loop later
const resServers = await fetch(`${opnsenseUrl}/api/wireguard/client/list_servers`, {
method: 'GET',
headers: {
Authorization: opnsenseAuth,
Accept: 'application/json',
},
});
assert(resServers.ok, 'Failed to fetch OPNsense WireGuard servers');
const servers = (await resServers.json()) as OpnsenseWgServers;
assert.equal(servers.status, 'ok', 'Failed to fetch OPNsense WireGuard servers');
const uuid = servers.rows.find((server) => server.name === opnsenseIfname)?.uuid;
assert(uuid, 'Failed to find server UUID for OPNsense WireGuard server');
serverUuid = uuid;
console.log('OPNsense WireGuard server UUID:', serverUuid);
const resServerInfo = await fetch(
`${opnsenseUrl}/api/wireguard/client/get_server_info/${serverUuid}`,
{
method: 'GET',
headers: {
Authorization: opnsenseAuth,
Accept: 'application/json',
},
},
);
assert(resServerInfo.ok, 'Failed to fetch OPNsense WireGuard server info');
const serverInfo = await resServerInfo.json();
assert.equal(serverInfo.status, 'ok', 'Failed to fetch OPNsense WireGuard server info');
serverPublicKey = serverInfo['pubkey'];
}

38
src/lib/server/types/index.ts Normal file
View File

@ -0,0 +1,38 @@
import type { Result } from '$lib/types';
import type { User } from '$lib/server/db/schema';
export interface IWgProvider {
init(): Promise<Result<null, Error>>;
getServerPublicKey(): string;
generateKeys(): Promise<Result<WgKeys, Error>>;
createClient(params: CreateClientParams): Promise<Result<null, Error>>;
findConnections(user: User): Promise<Result<ClientConnection[], Error>>;
deleteClient(publicKey: string): Promise<Result<null, Error>>;
}
export type WgKeys = {
publicKey: string;
privateKey: string;
preSharedKey: string;
};
export type CreateClientParams = {
user: User;
publicKey: string;
preSharedKey: string;
allowedIps: string;
}
export type ClientConnection = {
publicKey: string;
endpoint: string;
allowedIps: string;
transferRx: number;
transferTx: number;
latestHandshake: number;
}

12
src/lib/server/wg-provider.ts Normal file
View File

@ -0,0 +1,12 @@
import { WgProviderOpnsense } from '$lib/server/wg-providers/opnsense';
import { env } from '$env/dynamic/private';
import type { IWgProvider } from '$lib/server/types';
const wgProvider: IWgProvider = new WgProviderOpnsense({
opnsenseUrl: env.OPNSENSE_API_URL,
opnsenseApiKey: env.OPNSENSE_API_KEY,
opnsenseApiSecret: env.OPNSENSE_API_SECRET,
opnsenseWgIfname: env.OPNSENSE_WG_IFNAME,
});
export default wgProvider;

244
src/lib/server/wg-providers/opnsense/index.ts Normal file
View File

@ -0,0 +1,244 @@
import type { ClientConnection, CreateClientParams, IWgProvider, WgKeys } from '$lib/server/types';
import { encodeBasicCredentials } from 'arctic/dist/request';
import { is } from 'typia';
import type { OpnsenseWgPeers, OpnsenseWgServers } from '$lib/server/wg-providers/opnsense/types';
import { err, ok, type Result } from '$lib/types';
import assert from 'node:assert';
import type { User } from '$lib/server/db/schema';
export class WgProviderOpnsense implements IWgProvider {
private opnsenseUrl: string;
private opnsenseAuth: string;
private opnsenseIfname: string;
private opnsenseWgServerUuid: string | undefined;
private opnsenseWgServerPublicKey: string | undefined;
public constructor(params: OpnsenseParams) {
this.opnsenseUrl = params.opnsenseUrl;
this.opnsenseAuth =
'Basic ' + encodeBasicCredentials(params.opnsenseApiKey, params.opnsenseApiSecret);
this.opnsenseIfname = params.opnsenseWgIfname;
}
public async init(): Promise<Result<null, Error>> {
const resServers = await fetch(`${this.opnsenseUrl}/api/wireguard/client/list_servers`, {
method: 'GET',
headers: {
Authorization: this.opnsenseAuth,
Accept: 'application/json',
},
});
const servers = await resServers.json();
if (!is<OpnsenseWgServers>(servers)) {
console.error('Unexpected response for OPNsense WireGuard servers', servers);
return err(new Error('Failed to fetch OPNsense WireGuard servers'));
}
const uuid = servers.rows.find((server) => server.name === this.opnsenseIfname)?.uuid;
if (!uuid) {
console.error('OPNsense WireGuard servers', servers);
return err(new Error('Failed to find server UUID for OPNsense WireGuard server'));
}
const resServerInfo = await fetch(
`${this.opnsenseUrl}/api/wireguard/client/get_server_info/${uuid}`,
{
method: 'GET',
headers: {
Authorization: this.opnsenseAuth,
Accept: 'application/json',
},
},
);
const serverInfo = await resServerInfo.json();
const serverPublicKey = serverInfo['pubkey'];
if (serverInfo['status'] !== 'ok' || typeof serverPublicKey !== 'string') {
console.error('Failed to fetch OPNsense WireGuard server info', serverInfo);
return err(new Error('Failed to fetch OPNsense WireGuard server info'));
}
console.debug('OPNsense WireGuard server UUID:', uuid);
console.debug('OPNsense WireGuard server public key:', serverPublicKey);
this.opnsenseWgServerUuid = uuid;
this.opnsenseWgServerPublicKey = serverPublicKey;
return ok(null);
}
getServerPublicKey(): string {
assert(
this.opnsenseWgServerPublicKey,
'OPNsense server public key not set, init() must be called first',
);
return this.opnsenseWgServerPublicKey;
}
public async generateKeys(): Promise<Result<WgKeys, Error>> {
const options: RequestInit = {
method: 'GET',
headers: {
Authorization: this.opnsenseAuth,
Accept: 'application/json',
},
};
const resKeyPair = await fetch(`${this.opnsenseUrl}/api/wireguard/server/key_pair`, options);
const resPsk = await fetch(`${this.opnsenseUrl}/api/wireguard/client/psk`, options);
const keyPair = await resKeyPair.json();
const psk = await resPsk.json();
if (!is<{ pubkey: string; privkey: string }>(keyPair)) {
console.error('Unexpected response for OPNsense key pair', keyPair);
return err(new Error('Failed to fetch OPNsense key pair'));
}
if (!is<{ psk: string }>(psk)) {
console.error('Unexpected response for OPNsense PSK', psk);
return err(new Error('Failed to fetch OPNsense PSK'));
}
return ok({
publicKey: keyPair.pubkey,
privateKey: keyPair.privkey,
preSharedKey: psk.psk,
});
}
async createClient(params: CreateClientParams): Promise<Result<null, Error>> {
assert(this.opnsenseWgServerUuid, 'OPNsense server UUID not set, init() must be called first');
const createClientRes = await fetch(
`${this.opnsenseUrl}/api/wireguard/client/addClientBuilder`,
{
method: 'POST',
headers: {
Authorization: this.opnsenseAuth,
Accept: 'application/json',
'Content-Type': 'application/json',
},
body: JSON.stringify({
configbuilder: {
enabled: '1',
name: `vpgen-${opnsenseSanitezedUsername(params.user.username)}`,
pubkey: params.publicKey,
psk: params.preSharedKey,
tunneladdress: params.allowedIps,
server: this.opnsenseWgServerUuid,
endpoint: '',
},
}),
},
);
const createClientResJson = await createClientRes.json();
if (createClientResJson['result'] !== 'saved') {
console.error('Error creating client in OPNsense', createClientResJson);
return err(new Error('Failed to create client in OPNsense'));
}
const reconfigureRes = await fetch(`${this.opnsenseUrl}/api/wireguard/service/reconfigure`, {
method: 'POST',
headers: {
Authorization: this.opnsenseAuth,
Accept: 'application/json',
},
});
if (reconfigureRes.status !== 200) {
console.error('Error reconfiguring OPNsense', reconfigureRes);
return err(new Error('Failed to reconfigure OPNsense'));
}
return ok(null);
}
async findConnections(user: User): Promise<Result<ClientConnection[], Error>> {
const res = await fetch(`${this.opnsenseUrl}/api/wireguard/service/show`, {
method: 'POST',
headers: {
Authorization: this.opnsenseAuth,
Accept: 'application/json',
'Content-Type': 'application/json',
},
body: JSON.stringify({
current: 1,
// "rowCount": 7,
sort: {},
// TODO: use a more unique search phrase
// unfortunately 64 character limit,
// but it should be fine if users can't change their own username
searchPhrase: `vpgen-${opnsenseSanitezedUsername(user.username)}`,
type: ['peer'],
}),
});
const peers = await res.json();
if (!is<OpnsenseWgPeers>(peers)) {
console.error('Unexpected response for OPNsense WireGuard peers', peers);
return err(new Error('Failed to fetch OPNsense WireGuard peers'));
}
return ok(
peers.rows.map((peer) => {
return {
publicKey: peer['public-key'],
endpoint: peer['endpoint'],
allowedIps: peer['allowed-ips'],
transferRx: peer['transfer-rx'],
transferTx: peer['transfer-tx'],
latestHandshake: peer['latest-handshake'] * 1000,
};
}),
);
}
async deleteClient(publicKey: string): Promise<Result<null, Error>> {
const client = await this.findOpnsenseClient(publicKey);
const clientUuid = client?.uuid;
if (typeof clientUuid !== 'string') {
console.error('Failed to get OPNsense client UUID for deletion', client);
return err(new Error('Failed to get OPNsense client UUID for deletion'));
}
const res = await fetch(`${this.opnsenseUrl}/api/wireguard/client/delClient/${clientUuid}`, {
method: 'POST',
headers: {
Authorization: this.opnsenseAuth,
Accept: 'application/json',
},
});
const resJson = await res.json();
if (resJson['result'] !== 'deleted') {
console.error('Failed to delete OPNsense client', resJson);
return err(new Error('Failed to delete OPNsense client'));
}
return ok(null);
}
private async findOpnsenseClient(publicKey: string) {
const res = await fetch(`${this.opnsenseUrl}/api/wireguard/client/searchClient`, {
method: 'POST',
headers: {
Authorization: this.opnsenseAuth,
Accept: 'application/json',
'Content-Type': 'application/json',
},
body: JSON.stringify({
current: 1,
sort: {},
searchPhrase: publicKey,
type: ['peer'],
}),
});
return (await res.json())?.rows?.[0] ?? null;
}
}
function opnsenseSanitezedUsername(username: string) {
return username.slice(0, 63).replace(/[^a-zA-Z0-9_-]/g, '_');
}
export type OpnsenseParams = {
opnsenseUrl: string;
opnsenseApiKey: string;
opnsenseApiSecret: string;
opnsenseWgIfname: string;
};

0
src/lib/opnsense/wg.ts → src/lib/server/wg-providers/opnsense/types.ts
View File

11
src/lib/types/clients.ts
View File

@ -1,11 +0,0 @@
export type ClientDetails = {
id: number;
name: string;
publicKey: string;
privateKey: string | null;
preSharedKey: string | null;
ips: string[];
vpnPublicKey: string;
vpnEndpoint: string;
vpnDns: string;
};

29
src/lib/types/index.ts
View File

@ -1,27 +1,2 @@
class Ok<T> {
readonly _tag = 'ok';
value: T;
constructor(value: T) {
this.value = value;
}
}
class Err<E> {
readonly _tag = 'err';
error: E;
constructor(error: E) {
this.error = error;
}
}
export type Result<T, E> = Ok<T> | Err<E>;
export function err<E>(e: E): Err<E> {
return new Err(e);
}
export function ok<T>(t: T): Ok<T> {
return new Ok(t);
}
export type { Result } from './result';
export { ok, err } from './result';

27
src/lib/types/result.ts Normal file
View File

@ -0,0 +1,27 @@
class Ok<T> {
readonly _tag = 'ok';
value: T;
constructor(value: T) {
this.value = value;
}
}
class Err<E> {
readonly _tag = 'err';
error: E;
constructor(error: E) {
this.error = error;
}
}
export type Result<T, E> = Ok<T> | Err<E>;
export function err<E>(e: E): Err<E> {
return new Err(e);
}
export function ok<T>(t: T): Ok<T> {
return new Ok(t);
}

4
src/routes/+layout.svelte
View File

@ -24,7 +24,7 @@
{#if user}
<li><a href="/user" class={getNavClass(/^\/user$/)}>Profile</a></li>
<li><a href="/connections" class={getNavClass(/^\/connections$/)}>Connections</a></li>
<li><a href="/clients" class={getNavClass(/^\/clients(\/\d+)?$/)}>Clients</a></li>
<li><a href="/devices" class={getNavClass(/^\/devices(\/\d+)?$/)}>Devices</a></li>
{/if}
</ul>
</nav>
@ -37,7 +37,7 @@
<!--Some shenanings needed to be done to get the footer position to stick correctly,
didn't work with display: contents-->
<footer class="inset-x-0 bottom-0 w-full text-center">
<p>&copy; 2024</p>
<p>&copy; 2025</p>
</footer>
<style>

2
src/routes/+page.svelte
View File

@ -21,7 +21,7 @@
<section id="get-started" class="border-l-2 pl-6">
<p>
To get started,
<Button class="ml-2" href="/clients?add=New+Client">Create a New Client</Button>
<Button class="ml-2" href="/devices?add=New+Device">Add a New Device</Button>
</p>
</section>
<!-- <section id="using-wireguard">-->

20
src/routes/api/clients/[id]/+server.ts
View File

@ -1,20 +0,0 @@
import { error } from '@sveltejs/kit';
import type { RequestHandler } from './$types';
import { findClient, mapClientToDetails } from '$lib/server/clients';
export const GET: RequestHandler = async (event) => {
if (!event.locals.user) {
return error(401, 'Unauthorized');
}
const { id } = event.params;
const clientId = parseInt(id);
if (isNaN(clientId)) {
return error(400, 'Invalid client ID');
}
const client = await findClient(event.locals.user.id, clientId);
if (!client) {
return error(404, 'Client not found');
}
return new Response(JSON.stringify(mapClientToDetails(client)));
};

63
src/routes/api/connections/+server.ts
View File

@ -1,43 +1,50 @@
import { error } from '@sveltejs/kit';
import type { RequestHandler } from './$types';
import { opnsenseAuth, opnsenseUrl } from '$lib/server/opnsense';
import type { OpnsenseWgPeers } from '$lib/opnsense/wg';
import { findDevices } from '$lib/server/devices';
import type { ConnectionDetails } from '$lib/connections';
import type { Result } from '$lib/types';
import type { ClientConnection } from '$lib/server/types';
import wgProvider from '$lib/server/wg-provider';
export const GET: RequestHandler = async (event) => {
if (!event.locals.user) {
return error(401, 'Unauthorized');
}
const apiUrl = `${opnsenseUrl}/api/wireguard/service/show`;
const options: RequestInit = {
method: 'POST',
headers: {
Authorization: opnsenseAuth,
Accept: 'application/json',
'Content-Type': 'application/json',
},
body: JSON.stringify({
'current': 1,
// "rowCount": 7,
'sort': {},
// TODO: use a more unique search phrase
// unfortunately 64 character limit,
// but it should be fine if users can't change their own username
'searchPhrase': `vpgen-${event.locals.user.username}`,
'type': ['peer'],
}),
};
console.debug('/api/connections');
const res = await fetch(apiUrl, options);
const peers = await res.json() as OpnsenseWgPeers;
peers.rows = peers.rows.filter(peer => peer['latest-handshake'])
const peersResult: Result<ClientConnection[], Error> = await wgProvider.findConnections(event.locals.user);
if (peersResult._tag === 'err') return error(500, peersResult.error.message);
if (!peers) {
return error(500, 'Error getting info from OPNsense API');
const devices = await findDevices(event.locals.user.id);
console.debug('/api/connections: fetched db devices');
// TODO: this is all garbage performance
// filter devices with no recent handshakes
const peers = peersResult.value.filter((peer) => peer.latestHandshake);
// start from devices, to treat db as the source of truth
const connections: ConnectionDetails[] = [];
for (const device of devices) {
const peerData = peers.find((peer) => peer.publicKey === device.publicKey);
if (!peerData) continue;
connections.push({
deviceId: device.id,
deviceName: device.name,
devicePublicKey: device.publicKey,
deviceIps: peerData.allowedIps.split(','),
endpoint: peerData.endpoint,
// swap rx and tx, since the opnsense values are from the server perspective
transferRx: peerData.transferTx,
transferTx: peerData.transferRx,
latestHandshake: peerData.latestHandshake,
});
}
return new Response(JSON.stringify(peers), {
return new Response(JSON.stringify(connections), {
headers: {
'Content-Type': 'application/json',
'Cache-Control': 'max-age=5',
}
},
});
};

10
src/routes/api/clients/+server.ts → src/routes/api/devices/+server.ts
View File

@ -1,29 +1,29 @@
import { error } from '@sveltejs/kit';
import type { RequestHandler } from './$types';
import { createClient, findClients, mapClientToDetails } from '$lib/server/clients';
import { createDevice, findDevices, mapDeviceToDetails } from '$lib/server/devices';
export const GET: RequestHandler = async (event) => {
if (!event.locals.user) {
return error(401, 'Unauthorized');
}
const clients = await findClients(event.locals.user.id);
const devices = await findDevices(event.locals.user.id);
return new Response(
JSON.stringify({
clients: clients.map(mapClientToDetails),
devices: devices.map(mapDeviceToDetails),
}),
);
};
export type Clients = Awaited<ReturnType<typeof findClients>>;
export type Devices = Awaited<ReturnType<typeof findDevices>>;
export const POST: RequestHandler = async (event) => {
if (!event.locals.user) {
return error(401, 'Unauthorized');
}
const { name } = await event.request.json();
const res = await createClient({
const res = await createDevice({
name,
user: event.locals.user,
});

20
src/routes/api/devices/[id]/+server.ts Normal file
View File

@ -0,0 +1,20 @@
import { error } from '@sveltejs/kit';
import type { RequestHandler } from './$types';
import { findDevice, mapDeviceToDetails } from '$lib/server/devices';
export const GET: RequestHandler = async (event) => {
if (!event.locals.user) {
return error(401, 'Unauthorized');
}
const { id } = event.params;
const deviceId = parseInt(id);
if (isNaN(deviceId)) {
return error(400, 'Invalid device ID');
}
const device = await findDevice(event.locals.user.id, deviceId);
if (!device) {
return error(404, 'Device not found');
}
return new Response(JSON.stringify(mapDeviceToDetails(device)));
};

18
src/routes/auth/+page.server.ts
View File

@ -1,14 +1,14 @@
import { fail, redirect } from "@sveltejs/kit";
import { invalidateSession, deleteSessionTokenCookie } from "$lib/server/auth";
import type { Actions } from "./$types";
import { fail, redirect } from '@sveltejs/kit';
import { invalidateSession, deleteSessionTokenCookie } from '$lib/server/auth';
import type { Actions } from './$types';
export const actions: Actions = {
logout: async (event) => {
if (event.locals.session === null) {
logout: async ({ locals, cookies }) => {
if (locals.session === null) {
return fail(401);
}
await invalidateSession(event.locals.session.id);
deleteSessionTokenCookie(event);
return redirect(302, "/");
}
await invalidateSession(locals.session.id);
deleteSessionTokenCookie(cookies);
redirect(302, '/');
},
};

50
src/routes/auth/authentik/callback/+server.ts
View File

@ -1,27 +1,28 @@
import { createSession, setSessionTokenCookie } from "$lib/server/auth";
import { authentik } from "$lib/server/oauth";
import { decodeIdToken } from "arctic";
import { createSession, setSessionTokenCookie } from '$lib/server/auth';
import { authentik } from '$lib/server/oauth';
import { decodeIdToken } from 'arctic';
import type { RequestEvent } from "@sveltejs/kit";
import type { OAuth2Tokens } from "arctic";
import type { RequestEvent } from '@sveltejs/kit';
import type { OAuth2Tokens } from 'arctic';
import { db } from '$lib/server/db';
import { eq } from 'drizzle-orm';
import * as table from '$lib/server/db/schema';
export async function GET(event: RequestEvent): Promise<Response> {
const code = event.url.searchParams.get("code");
const state = event.url.searchParams.get("state");
const storedState = event.cookies.get("authentik_oauth_state") ?? null;
const codeVerifier = event.cookies.get("authentik_code_verifier") ?? null;
const code = event.url.searchParams.get('code');
const state = event.url.searchParams.get('state');
const storedState = event.cookies.get('authentik_oauth_state') ?? null;
const codeVerifier = event.cookies.get('authentik_code_verifier') ?? null;
if (code === null || state === null || storedState === null || codeVerifier === null) {
return new Response(null, {
status: 400
status: 400,
});
}
if (state !== storedState) {
return new Response(null, {
status: 400
status: 400,
});
}
@ -31,29 +32,34 @@ export async function GET(event: RequestEvent): Promise<Response> {
} catch (e) {
// Invalid code or client credentials
return new Response(null, {
status: 400
status: 400,
});
}
const claims = decodeIdToken(tokens.idToken()) as { sub: string, preferred_username: string, name: string };
console.log("claims", claims);
const claims = decodeIdToken(tokens.idToken()) as {
sub: string;
preferred_username: string;
name: string;
};
console.log('claims', claims);
const userId: string = claims.sub;
const username: string = claims.preferred_username;
const existingUser = await db.query.users.findFirst({where: eq(table.users.id, userId)});
const existingUser = await db.query.users.findFirst({ where: eq(table.users.id, userId) });
if (existingUser) {
const session = await createSession(existingUser.id);
setSessionTokenCookie(event, session.id, session.expiresAt);
setSessionTokenCookie(event.cookies, session.id, session.expiresAt);
return new Response(null, {
status: 302,
headers: {
Location: "/"
}
Location: '/',
},
});
}
const user: table.User = {
id: userId,
authSource: 'authentik',
username,
name: claims.name as string,
};
@ -61,18 +67,18 @@ export async function GET(event: RequestEvent): Promise<Response> {
try {
await db.insert(table.users).values(user);
const session = await createSession(user.id);
setSessionTokenCookie(event, session.id, session.expiresAt);
setSessionTokenCookie(event.cookies, session.id, session.expiresAt);
} catch (e) {
console.error('failed to create user', e);
return new Response(null, {
status: 500
status: 500,
});
}
return new Response(null, {
status: 302,
headers: {
Location: "/"
}
Location: '/',
},
});
}

32
src/routes/auth/google/+server.ts Normal file
View File

@ -0,0 +1,32 @@
import type { RequestHandler } from './$types';
import { generateCodeVerifier, generateState } from 'arctic';
import { google } from '$lib/server/oauth';
export const GET: RequestHandler = ({ url, cookies }) => {
const inviteToken = url.searchParams.get('invite');
const state = generateState();
const codeVerifier = generateCodeVerifier();
const scopes = ['openid', 'profile', 'email'];
const authUrl = google.createAuthorizationURL(state + inviteToken, codeVerifier, scopes);
cookies.set('google_oauth_state', state, {
path: '/',
httpOnly: true,
maxAge: 60 * 10, // 10 minutes
sameSite: 'lax',
});
cookies.set('google_code_verifier', codeVerifier, {
path: '/',
httpOnly: true,
maxAge: 60 * 10, // 10 minutes
sameSite: 'lax',
});
return new Response(null, {
status: 302,
headers: {
Location: authUrl.toString(),
},
});
};

88
src/routes/auth/google/callback/+page.server.ts Normal file
View File

@ -0,0 +1,88 @@
import { createSession, isValidInviteToken, setSessionTokenCookie } from '$lib/server/auth';
import { db } from '$lib/server/db';
import * as table from '$lib/server/db/schema';
import { google } from '$lib/server/oauth';
import { error, redirect } from '@sveltejs/kit';
import type { OAuth2Tokens } from 'arctic';
import * as arctic from 'arctic';
import { eq } from 'drizzle-orm';
import { assertGuard } from 'typia';
import type { PageServerLoad } from './$types';
export const load: PageServerLoad = async (event) => {
const { url, cookies } = event;
const code = url.searchParams.get('code');
const state = url.searchParams.get('state');
const storedState = cookies.get('google_oauth_state') ?? null;
const codeVerifier = cookies.get('google_code_verifier') ?? null;
if (code === null || state === null || storedState === null || codeVerifier === null) {
error(400, 'Missing url parameters');
}
const stateGeneratedToken = state.slice(0, storedState.length);
const stateInviteToken = state.slice(storedState.length);
if (stateGeneratedToken !== storedState) {
error(400, 'Invalid state in url');
}
let tokens: OAuth2Tokens;
try {
tokens = await google.validateAuthorizationCode(code, codeVerifier);
} catch (e) {
if (e instanceof arctic.OAuth2RequestError) {
console.debug('Arctic: OAuth: invalid authorization code, credentials, or redirect URI', e);
throw error(400, 'Invalid authorization code');
}
if (e instanceof arctic.ArcticFetchError) {
console.debug('Arctic: failed to call `fetch()`', e);
error(400, 'Failed to validate authorization code');
}
console.error('Unxepcted error validating authorization code', code, e);
error(500);
}
const idToken = tokens.idToken();
const claims = arctic.decodeIdToken(idToken);
console.log('claims', claims);
assertGuard<{
sub: string;
email: string;
name: string;
}>(claims);
const userId = claims.sub;
const existingUser = await db.query.users.findFirst({ where: eq(table.users.id, userId) });
if (existingUser) {
const session = await createSession(existingUser.id);
setSessionTokenCookie(cookies, session.id, session.expiresAt);
redirect(302, '/');
}
if (!isValidInviteToken(stateInviteToken)) {
const message =
stateInviteToken.length === 0 ? 'sign up with an invite link first' : 'invalid invite link';
error(403, 'Not Authorized: ' + message);
}
const user: table.User = {
id: userId,
authSource: 'google',
username: claims.email,
name: claims.name,
};
// TODO: proper error handling, delete cookies
await db.insert(table.users).values(user);
console.log('created user', user, 'with invite token', stateInviteToken);
const session = await createSession(user.id);
setSessionTokenCookie(cookies, session.id, session.expiresAt);
redirect(302, '/');
};

9
src/routes/clients/+page.ts
View File

@ -1,9 +0,0 @@
import type { PageLoad } from './$types';
import type { ClientDetails } from '$lib/types/clients';
export const load: PageLoad = async ({ fetch }) => {
const res = await fetch('/api/clients');
const { clients } = await res.json() as { clients: ClientDetails[] };
return { clients };
};

16
src/routes/clients/[id]/+page.ts
View File

@ -1,16 +0,0 @@
import type { PageLoad } from './$types';
import type { ClientDetails } from '$lib/types/clients';
import { clientDetailsToConfig } from '$lib/clients';
import { error } from '@sveltejs/kit';
export const load: PageLoad = async ({ fetch, params }) => {
const res = await fetch(`/api/clients/${params.id}`);
const resJson = await res.json();
if (!res.ok) {
return error(res.status, resJson['message']);
}
const client = resJson as ClientDetails;
const config = clientDetailsToConfig(client);
return { client, config };
};

26
src/routes/connections/+page.svelte
View File

@ -16,7 +16,7 @@
return () => clearInterval(interval);
});
function getSize(size: number) {
function toSizeString(size: number) {
let sizes = ['Bytes', 'KiB', 'MiB', 'GiB', 'TiB', 'PiB', 'EiB', 'ZiB', 'YiB'];
for (let i = 1; i < sizes.length; i++) {
@ -34,35 +34,31 @@
<Table.Root class="divide-y-2 divide-background overflow-hidden rounded-lg bg-accent">
<Table.Header>
<Table.Row>
<Table.Head scope="col">Name</Table.Head>
<Table.Head scope="col">Device</Table.Head>
<Table.Head scope="col">Public Key</Table.Head>
<Table.Head scope="col">Endpoint</Table.Head>
<Table.Head scope="col">Allowed IPs</Table.Head>
<Table.Head scope="col">Device IPs</Table.Head>
<Table.Head scope="col">Latest Handshake</Table.Head>
<Table.Head scope="col">RX</Table.Head>
<Table.Head scope="col">TX</Table.Head>
<Table.Head scope="col" class="hidden">Persistent Keepalive</Table.Head>
<Table.Head scope="col" class="hidden">Interface Name</Table.Head>
</Table.Row>
</Table.Header>
<Table.Body class="divide-y-2 divide-background">
{#each data.peers.rows as peer}
{#each data.connections as conn}
<Table.Row class="hover:bg-surface">
<Table.Head scope="row">{peer.name}</Table.Head>
<Table.Cell class="max-w-[10ch] truncate">{peer['public-key']}</Table.Cell>
<Table.Cell>{peer.endpoint}</Table.Cell>
<Table.Head scope="row">{conn.deviceName}</Table.Head>
<Table.Cell class="max-w-[10ch] truncate">{conn.devicePublicKey}</Table.Cell>
<Table.Cell>{conn.endpoint}</Table.Cell>
<Table.Cell>
<div class="flex flex-wrap gap-1">
{#each peer['allowed-ips'].split(',') as addr}
{#each conn.deviceIps as addr}
<Badge class="select-auto bg-background" variant="secondary">{addr}</Badge>
{/each}
</div>
</Table.Cell>
<Table.Cell>{new Date(peer['latest-handshake'] * 1000).toLocaleString()}</Table.Cell>
<Table.Cell>{getSize(peer['transfer-rx'])}</Table.Cell>
<Table.Cell>{getSize(peer['transfer-tx'])}</Table.Cell>
<Table.Cell class="hidden">{peer['persistent-keepalive']}</Table.Cell>
<Table.Cell class="hidden">{peer.ifname}</Table.Cell>
<Table.Cell>{new Date(conn.latestHandshake).toLocaleString()}</Table.Cell>
<Table.Cell>{toSizeString(conn.transferRx)}</Table.Cell>
<Table.Cell>{toSizeString(conn.transferTx)}</Table.Cell>
</Table.Row>
{/each}
</Table.Body>

6
src/routes/connections/+page.ts
View File

@ -1,9 +1,9 @@
import type { PageLoad } from './$types';
import type { OpnsenseWgPeers } from '$lib/opnsense/wg';
import type { ConnectionDetails } from '$lib/connections';
export const load: PageLoad = async ({ fetch }) => {
const res = await fetch('/api/connections');
const peers = await res.json() as OpnsenseWgPeers;
const connections = await res.json() as ConnectionDetails[];
return { peers };
return { connections };
};

11
src/routes/clients/+page.server.ts → src/routes/devices/+page.server.ts
View File

@ -1,21 +1,22 @@
import type { Actions } from './$types';
import { createClient } from '$lib/server/clients';
import { error, redirect } from '@sveltejs/kit';
import { createDevice } from '$lib/server/devices';
import { error, fail, redirect } from '@sveltejs/kit';
import wgProvider from '$lib/server/wg-provider';
export const actions = {
create: async (event) => {
if (!event.locals.user) return error(401, 'Unauthorized');
const formData = await event.request.formData();
const name = formData.get('name');
if (typeof name !== 'string' || name.trim() === '') return error(400, 'Invalid name');
const res = await createClient({
if (typeof name !== 'string' || name.trim() === '') return fail(400, { name, invalid: true });
const res = await createDevice({
name: name.trim(),
user: event.locals.user,
});
switch (res._tag) {
case 'ok': {
return redirect(303, `/clients/${res.value}`);
return redirect(303, `/devices/${res.value}`);
}
case 'err': {
const [status, message] = res.error;

42
src/routes/clients/+page.svelte → src/routes/devices/+page.svelte
View File

@ -4,15 +4,17 @@
import { Badge } from '$lib/components/ui/badge';
import { Button, buttonVariants } from '$lib/components/ui/button';
import { Input } from '$lib/components/ui/input';
import { LucidePlus } from 'lucide-svelte';
import { LucideLoaderCircle, LucidePlus } from '@lucide/svelte';
import type { PageData } from './$types';
import { Label } from '$lib/components/ui/label';
import { page } from '$app/state';
import DeleteDevice from './delete-device.svelte';
const { data }: { data: PageData } = $props();
let dialogOpen = $state(page.url.searchParams.has('add'));
let dialogVal = $state(page.url.searchParams.get('add') ?? '');
let submitted = $state(false);
$effect(() => {
if (dialogOpen) page.url.searchParams.set('add', dialogVal);
@ -23,7 +25,7 @@
</script>
<svelte:head>
<title>Clients</title>
<title>Devices</title>
</svelte:head>
<Table.Root class="divide-y-2 divide-background overflow-hidden rounded-lg bg-accent">
@ -37,41 +39,44 @@
</Table.Row>
</Table.Header>
<Table.Body class="divide-y-2 divide-background">
{#each data.clients as client}
{#each data.devices as device}
<Table.Row class="hover:bg-surface group">
<Table.Head scope="row">
<a
href={`/clients/${client.id}`}
href="/devices/{device.id}"
class="flex size-full items-center group-hover:underline"
>
{client.name}
{device.name}
</a>
</Table.Head>
<Table.Cell class="truncate">{client.publicKey}</Table.Cell>
<!-- <Table.Cell class="truncate max-w-[10ch]">{client.privateKey}</Table.Cell>-->
<!-- <Table.Cell class="truncate max-w-[10ch]">{client.preSharedKey}</Table.Cell>-->
<Table.Cell class="truncate">{device.publicKey}</Table.Cell>
<!-- <Table.Cell class="truncate max-w-[10ch]">{device.privateKey}</Table.Cell>-->
<!-- <Table.Cell class="truncate max-w-[10ch]">{device.preSharedKey}</Table.Cell>-->
<Table.Cell class="flex flex-wrap gap-1">
{#each client.ips as ip}
{#each device.ips as ip}
<Badge class="select-auto bg-background" variant="secondary">{ip}</Badge>
{/each}
</Table.Cell>
<Table.Cell class="py-0">
<DeleteDevice device={device} />
</Table.Cell>
</Table.Row>
{/each}
</Table.Body>
</Table.Root>
<!--Floating action button for adding a new client-->
<!--Floating action button for adding a new device-->
<Dialog.Root bind:open={dialogOpen}>
<div class="mt-auto flex self-end pt-4">
<Dialog.Trigger class={buttonVariants({ variant: 'default' }) + ' flex gap-4'}>
<LucidePlus />
New Client
New Device
</Dialog.Trigger>
</div>
<Dialog.Content class="max-w-xs">
<form class="contents" method="post" action="?/create">
<form class="contents" method="post" onsubmit={() => submitted = true} action="?/create">
<Dialog.Header class="">
<Dialog.Title>Create a new client</Dialog.Title>
<Dialog.Title>Add a new device</Dialog.Title>
</Dialog.Header>
<div class="flex flex-wrap items-center justify-between gap-4">
<Label for="name">Name</Label>
@ -81,12 +86,17 @@
pattern=".*[^\s]+.*"
type="text"
name="name"
placeholder="New Client"
placeholder="New Device"
class="max-w-[20ch]"
/>
</div>
<Dialog.Footer>
<Button type="submit">Create</Button>
<Dialog.Footer class="gap-y-2">
{#if submitted}
<LucideLoaderCircle class="size-4 animate-spin place-self-center" />
{/if}
<Button type="submit" disabled={submitted} class="">
Add
</Button>
</Dialog.Footer>
</form>
</Dialog.Content>

9
src/routes/devices/+page.ts Normal file
View File

@ -0,0 +1,9 @@
import type { PageLoad } from './$types';
import type { DeviceDetails } from '$lib/devices';
export const load: PageLoad = async ({ fetch }) => {
const res = await fetch('/api/devices');
const { devices } = await res.json() as { devices: DeviceDetails[] };
return { devices };
};

23
src/routes/devices/[id]/+page.server.ts Normal file
View File

@ -0,0 +1,23 @@
import { error, redirect } from '@sveltejs/kit';
import { deleteDevice } from '$lib/server/devices/delete';
import type { Actions } from './$types';
export const actions = {
delete: async (event) => {
if (!event.locals.user) return error(401, 'Unauthorized');
const deviceId = Number.parseInt(event.params.id);
if (Number.isNaN(deviceId)) return error(400, 'Invalid device id');
const res = await deleteDevice(event.locals.user.id, deviceId);
switch (res._tag) {
case 'ok': {
return redirect(303, '/devices');
}
case 'err': {
const [status, message] = res.error;
return error(status, message);
}
}
},
} satisfies Actions;

18
src/routes/clients/[id]/+page.svelte → src/routes/devices/[id]/+page.svelte
View File

@ -3,14 +3,15 @@
import QRCode from 'qrcode-svg';
import { CodeSnippet } from '$lib/components/app/code-snippet';
import { WireguardGuide } from '$lib/components/app/wireguard-guide';
import DeleteDevice from '../delete-device.svelte';
const { data }: { data: PageData } = $props();
// Clean the client name for the file name,
// Clean the device name for the wg config filename,
// things can break otherwise (too long or invalid characters)
// https://github.com/pirate/wireguard-docs
const clientWgCleanedName =
data.client.name.slice(0, 15).replace(/[^a-zA-Z0-9_=+.-]/g, '_') + '.conf';
const deviceWgCleanedName =
data.device.name.slice(0, 15).replace(/[^a-zA-Z0-9_=+.-]/g, '_') + '.conf';
let qrCode = new QRCode({
content: data.config,
@ -22,13 +23,16 @@
</script>
<svelte:head>
<title>{data.client.name}</title>
<title>{data.device.name}</title>
</svelte:head>
<h1 class="w-fit rounded-lg bg-accent p-2 text-lg">{data.client.name}</h1>
<div class="flex justify-between">
<h1 class="w-fit rounded-lg bg-accent p-2 text-lg">{data.device.name}</h1>
<DeleteDevice device={data.device} />
</div>
<section id="client-configuration" class="flex flex-wrap items-center justify-center gap-4">
<CodeSnippet data={data.config} filename={clientWgCleanedName} copy download />
<section id="device-configuration" class="flex flex-wrap items-center justify-center gap-4">
<CodeSnippet data={data.config} filename={deviceWgCleanedName} copy download />
<div class="size-fit overflow-auto rounded-lg">
{@html qrCode.svg()}

15
src/routes/devices/[id]/+page.ts Normal file
View File

@ -0,0 +1,15 @@
import type { PageLoad } from './$types';
import { type DeviceDetails, deviceDetailsToConfig } from '$lib/devices';
import { error } from '@sveltejs/kit';
export const load: PageLoad = async ({ fetch, params }) => {
const res = await fetch(`/api/devices/${params.id}`);
const resJson = await res.json();
if (!res.ok) {
return error(res.status, resJson['message']);
}
const device = resJson as DeviceDetails;
const config = deviceDetailsToConfig(device);
return { device, config };
};

39
src/routes/devices/delete-device.svelte Normal file
View File

@ -0,0 +1,39 @@
<script>
import { Button, buttonVariants } from '$lib/components/ui/button';
import * as Dialog from '$lib/components/ui/dialog';
import { LucideLoaderCircle, LucideTrash } from '@lucide/svelte';
const { device } = $props();
let submitted = $state(false);
</script>
<Dialog.Root>
<Dialog.Trigger class={buttonVariants({ variant: 'destructive', size: 'sm', class: 'bg-accent hover:bg-destructive' })}>
<LucideTrash />
</Dialog.Trigger>
<Dialog.Content>
<form class="contents" method="post" action="/devices/{device.id}?/delete"
onsubmit={() => submitted = true}
>
<Dialog.Header>
Are you sure you want to permanently delete "{device.name}"?
</Dialog.Header>
You will no longer be able to connect from this device.
<Dialog.Footer class="gap-y-2">
{#if submitted}
<LucideLoaderCircle class="size-4 animate-spin place-self-center" />
{/if}
<Button type="submit" variant="destructive" disabled={submitted}>
Delete
</Button>
<Dialog.Close>
{#snippet child({ props })}
<Button {...props} disabled={submitted}>
Cancel
</Button>
{/snippet}
</Dialog.Close>
</Dialog.Footer>
</form>
</Dialog.Content>
</Dialog.Root>

7
src/routes/invite/[id]/+layout.server.ts Normal file
View File

@ -0,0 +1,7 @@
import type { LayoutServerLoad } from './$types';
import { redirect } from '@sveltejs/kit';
import { isValidInviteToken } from '$lib/server/auth';
export const load: LayoutServerLoad = ({ params }) => {
if (!isValidInviteToken(params.id)) redirect(307, '/')
};

16
src/routes/invite/[id]/+page.svelte Normal file
View File

@ -0,0 +1,16 @@
<script lang="ts">
import { AuthForm } from '$lib/components/app/auth-form';
import { page } from '$app/state';
let inviteToken = page.params.id;
</script>
<svelte:head>
<title>You are Invited to VPGen</title>
</svelte:head>
<h1 class="mb-2 scroll-m-20 text-center text-3xl font-extrabold tracking-tight lg:text-4xl">
Welcome to VPGen
</h1>
<AuthForm inviteToken={inviteToken} />

2
src/routes/user/+page.svelte
View File

@ -1,7 +1,7 @@
<script lang="ts">
import { invalidate, invalidateAll } from '$app/navigation';
import { Button } from '$lib/components/ui/button';
import { LucideLoaderCircle, LucideLogOut, LucideRefreshCw } from 'lucide-svelte';
import { LucideLoaderCircle, LucideLogOut, LucideRefreshCw } from '@lucide/svelte';
import { CodeSnippet } from '$lib/components/app/code-snippet/index.js';
let { data } = $props();

10
tsconfig.json
View File

@ -9,11 +9,17 @@
"skipLibCheck": true,
"sourceMap": true,
"strict": true,
"moduleResolution": "bundler"
"moduleResolution": "bundler",
"plugins": [
{
"transform": "typia/lib/transform"
}
],
"strictNullChecks": true
}
// Path aliases are handled by https://svelte.dev/docs/kit/configuration#alias
// except $lib which is handled by https://svelte.dev/docs/kit/configuration#files
//
// If you want to overwrite includes/excludes, make sure to copy over the relevant includes/excludes
// from the referenced tsconfig.json - TypeScript does not merge them in
}
}

3
vite.config.ts
View File

@ -1,6 +1,7 @@
import { sveltekit } from '@sveltejs/kit/vite';
import { defineConfig } from 'vite';
import UnpluginTypia from '@ryoppippi/unplugin-typia/vite';
export default defineConfig({
plugins: [sveltekit()]
plugins: [sveltekit(), UnpluginTypia()],
});