CaZzzer/vpgen
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: CaZzzer:master
Branches Tags
CaZzzer:develop CaZzzer:feature/wg-quick CaZzzer:feature/invite CaZzzer:feature/auth CaZzzer:feature/auth-1 CaZzzer:feature/ci CaZzzer:feature/api CaZzzer:feature/provider-interface-1 CaZzzer:feature/provider-interface CaZzzer:feature/logging CaZzzer:feature/qrcode CaZzzer:feature/trailing-slashes CaZzzer:feature/opnsense CaZzzer:master
..
compare: CaZzzer:feature/opnsense
Branches Tags
CaZzzer:feature/wg-quick CaZzzer:develop CaZzzer:feature/invite CaZzzer:feature/auth CaZzzer:feature/auth-1 CaZzzer:feature/ci CaZzzer:feature/api CaZzzer:feature/provider-interface-1 CaZzzer:feature/provider-interface CaZzzer:feature/logging CaZzzer:feature/qrcode CaZzzer:feature/trailing-slashes CaZzzer:feature/opnsense CaZzzer:master

16 Commits
master ... feature/op

Author SHA1 Message Date
Yuri Tatishchev
76b5d9bf97 drizzle initial migration 2024-12-24 00:19:48 -08:00
Yuri Tatishchev
85573f5791 add config qr code to client page 2024-12-23 19:23:31 -08:00
Yuri Tatishchev
03fb89dc8b ui, server handling improvements 2024-12-23 18:49:55 -08:00
Yuri Tatishchev
32927dfd55 add client info page 2024-12-23 03:16:56 -08:00
Yuri Tatishchev
d5b5f037ac clients page improvements: convert ip allocation index to addresses 2024-12-23 00:33:08 -08:00
Yuri Tatishchev
2b56cba770 initial implementation of adding clients 2024-12-23 00:05:00 -08:00
Yuri Tatishchev
5e3772d39b minor improvements 2024-12-22 19:45:46 -08:00
Yuri Tatishchev
3909281bc7 opnsense: add initial api to create new clients 2024-12-22 19:45:03 -08:00
Yuri Tatishchev
5015246a24 new clients page 2024-12-22 02:39:15 -08:00
Yuri Tatishchev
bdea663178 opnsense: filter queried connections 2024-12-22 01:28:46 -08:00
Yuri Tatishchev
e03bf11fa5 connections page overhaul 2024-12-20 00:08:17 -08:00
Yuri Tatishchev
686383e4d1 change title to VPGen 2024-12-19 22:18:47 -08:00
Yuri Tatishchev
c022baa97c connections page improvements 2024-12-19 22:18:47 -08:00
Yuri Tatishchev
589c3f2890 add opnsense-api requests to bruno 2024-12-19 22:18:46 -08:00
Yuri Tatishchev
d526839bfa opnsense connections page ui improvements 2024-12-19 22:18:46 -08:00
Yuri Tatishchev
922e4c0580 initial opnsense connections page 2024-12-19 22:18:31 -08:00
62 changed files with 1752 additions and 77 deletions
Expand all files Collapse all files

15
.env.example
View File

@@ -1,5 +1,18 @@
DATABASE_URL=local.db DATABASE_URL=file:local.db
AUTH_DOMAIN=auth.lab.cazzzer.com AUTH_DOMAIN=auth.lab.cazzzer.com
AUTH_CLIENT_ID= AUTH_CLIENT_ID=
AUTH_CLIENT_SECRET= AUTH_CLIENT_SECRET=
AUTH_REDIRECT_URI=http://localhost:5173/auth/authentik/callback AUTH_REDIRECT_URI=http://localhost:5173/auth/authentik/callback
OPNSENSE_API_URL=https://opnsense.home
OPNSENSE_API_KEY=
OPNSENSE_API_SECRET=
OPNSENSE_WG_IFNAME=wg2
IPV4_STARTING_ADDR=10.18.11.100
IPV6_STARTING_ADDR=fd00:10:18:11::100:0
IPV6_CLIENT_PREFIX_SIZE=112
IP_MAX_INDEX=100
VPN_ENDPOINT=vpn.lab.cazzzer.com:51820
VPN_DNS=10.18.11.1,fd00:10:18:11::1
MAX_CLIENTS_PER_USER=20

4
.idea/codeStyles/Project.xml generated
View File

@@ -9,7 +9,7 @@
<option name="SPACE_BEFORE_FUNCTION_LEFT_PARENTH" value="false" /> <option name="SPACE_BEFORE_FUNCTION_LEFT_PARENTH" value="false" />
<option name="USE_DOUBLE_QUOTES" value="false" /> <option name="USE_DOUBLE_QUOTES" value="false" />
<option name="FORCE_QUOTE_STYlE" value="true" /> <option name="FORCE_QUOTE_STYlE" value="true" />
<option name="ENFORCE_TRAILING_COMMA" value="Remove" /> <option name="ENFORCE_TRAILING_COMMA" value="WhenMultiline" />
<option name="SPACES_WITHIN_OBJECT_LITERAL_BRACES" value="true" /> <option name="SPACES_WITHIN_OBJECT_LITERAL_BRACES" value="true" />
<option name="SPACES_WITHIN_IMPORTS" value="true" /> <option name="SPACES_WITHIN_IMPORTS" value="true" />
</JSCodeStyleSettings> </JSCodeStyleSettings>
@@ -120,7 +120,7 @@
<option name="SPACE_BEFORE_FUNCTION_LEFT_PARENTH" value="false" /> <option name="SPACE_BEFORE_FUNCTION_LEFT_PARENTH" value="false" />
<option name="USE_DOUBLE_QUOTES" value="false" /> <option name="USE_DOUBLE_QUOTES" value="false" />
<option name="FORCE_QUOTE_STYlE" value="true" /> <option name="FORCE_QUOTE_STYlE" value="true" />
<option name="ENFORCE_TRAILING_COMMA" value="Remove" /> <option name="ENFORCE_TRAILING_COMMA" value="WhenMultiline" />
<option name="SPACES_WITHIN_OBJECT_LITERAL_BRACES" value="true" /> <option name="SPACES_WITHIN_OBJECT_LITERAL_BRACES" value="true" />
<option name="SPACES_WITHIN_IMPORTS" value="true" /> <option name="SPACES_WITHIN_IMPORTS" value="true" />
</TypeScriptCodeStyleSettings> </TypeScriptCodeStyleSettings>

20
.idea/dataSources.xml generated Normal file
View File

@@ -0,0 +1,20 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="DataSourceManagerImpl" format="xml" multifile-model="true">
<data-source source="LOCAL" name="local" uuid="f362368b-ba47-4270-9f81-b0d8484b9928">
<driver-ref>sqlite.xerial</driver-ref>
<synchronize>true</synchronize>
<jdbc-driver>org.sqlite.JDBC</jdbc-driver>
<jdbc-url>jdbc:sqlite:$PROJECT_DIR$/local.db</jdbc-url>
<working-dir>$ProjectFileDir$</working-dir>
<libraries>
<library>
<url>file://$APPLICATION_CONFIG_DIR$/jdbc-drivers/Xerial SQLiteJDBC/3.45.1/org/xerial/sqlite-jdbc/3.45.1.0/sqlite-jdbc-3.45.1.0.jar</url>
</library>
<library>
<url>file://$APPLICATION_CONFIG_DIR$/jdbc-drivers/Xerial SQLiteJDBC/3.45.1/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar</url>
</library>
</libraries>
</data-source>
</component>
</project>

1
.prettierrc
View File

@@ -1,7 +1,6 @@
{ {
"useTabs": true, "useTabs": true,
"singleQuote": true, "singleQuote": true,
"trailingComma": "none",
"printWidth": 100, "printWidth": 100,
"plugins": ["prettier-plugin-svelte", "prettier-plugin-tailwindcss"], "plugins": ["prettier-plugin-svelte", "prettier-plugin-tailwindcss"],
"overrides": [ "overrides": [

9
bruno/bruno.json Normal file
View File

@@ -0,0 +1,9 @@
{
"version": "1",
"name": "vpgen",
"type": "collection",
"ignore": [
"node_modules",
".git"
]
}

8
bruno/collection.bru Normal file
View File

@@ -0,0 +1,8 @@
auth {
mode: basic
}
auth:basic {
username: {{opnsense_key}}
password: {{opnsense_secret}}
}

8
bruno/environments/dev.bru Normal file
View File

@@ -0,0 +1,8 @@
vars {
opnsense_key: 33NhXqaJwrWy1T4Qi60GK90RXJuS3PWIYwlwYPnQ8f5YPe/J1q/g6/l4bZ2/kJk71MFhwP+9mr+IiQPi
base: https://opnsense.home
}
vars:secret [
vpn_endpoint,
opnsense_secret
]

37
bruno/opnsense-api/Add Client Builder.bru Normal file
View File

@@ -0,0 +1,37 @@
meta {
name: Add Client Builder
type: http
seq: 9
}
post {
url: {{base}}/api/wireguard/client/addClientBuilder
body: json
auth: inherit
}
headers {
Content-Type: application/json
}
body:json {
{
"configbuilder": {
"enabled": "1",
"name": "{{clientName}}",
"pubkey": "{{clientPubkey}}",
"psk": "{{psk}}",
"tunneladdress": "{{clientTunnelAddress}}",
"server": "{{serverUuid}}",
"endpoint": "{{vpn_endpoint}}"
}
}
}
vars:pre-request {
clientName: vpgen-CaZzzer
clientPubkey: BJ5faPVJsDP4CCxNYilmKnwlQXOtXEOJjqIwb4U/CgM=
psk: 0LWopbrISXBNHUxr+WOhCSAg+0hD8j3TLmpyzHkBHCQ=
clientTunnelAddress: 10.18.11.101/32,fd00::1/128
serverUuid: 99f278fb-5b79-4fde-b3d8-afab19f1fc07
}

31
bruno/opnsense-api/Get Interfaces.bru Normal file
View File

@@ -0,0 +1,31 @@
meta {
name: Get Interfaces
type: http
seq: 2
}
post {
url: {{base}}/api/wireguard/service/show
body: json
auth: inherit
}
headers {
Content-Type: application/json
}
body:json {
{
"current": 1,
"rowCount": 7,
"sort": {},
"searchPhrase": "{{searchPhrase}}",
"type": [
"interface"
]
}
}
vars:pre-request {
searchPhrase:
}

11
bruno/opnsense-api/Get Key Pair.bru Normal file
View File

@@ -0,0 +1,11 @@
meta {
name: Get Key Pair
type: http
seq: 7
}
get {
url: {{base}}/api/wireguard/server/key_pair
body: none
auth: inherit
}

11
bruno/opnsense-api/Get PSK.bru Normal file
View File

@@ -0,0 +1,11 @@
meta {
name: Get PSK
type: http
seq: 8
}
get {
url: {{base}}/api/wireguard/client/psk
body: none
auth: inherit
}

31
bruno/opnsense-api/Get Peers.bru Normal file
View File

@@ -0,0 +1,31 @@
meta {
name: Get Peers
type: http
seq: 1
}
post {
url: {{base}}/api/wireguard/service/show
body: json
auth: inherit
}
headers {
Content-Type: application/json
}
body:json {
{
"current": 1,
"rowCount": 7,
"sort": {},
"searchPhrase": "{{searchPhrase}}",
"type": [
"peer"
]
}
}
vars:pre-request {
searchPhrase:
}

15
bruno/opnsense-api/Get Server Info.bru Normal file
View File

@@ -0,0 +1,15 @@
meta {
name: Get Server Info
type: http
seq: 6
}
get {
url: {{base}}/api/wireguard/client/get_server_info/:server_uuid
body: none
auth: inherit
}
params:path {
server_uuid: 8799c789-b6fb-4aa8-9dac-edf18d860340
}

11
bruno/opnsense-api/List Servers.bru Normal file
View File

@@ -0,0 +1,11 @@
meta {
name: List Servers
type: http
seq: 6
}
get {
url: {{base}}/api/wireguard/client/list_servers
body: none
auth: inherit
}

11
bruno/opnsense-api/Reconfigure.bru Normal file
View File

@@ -0,0 +1,11 @@
meta {
name: Reconfigure
type: http
seq: 10
}
post {
url: {{base}}/api/wireguard/service/reconfigure
body: none
auth: inherit
}

30
bruno/opnsense-api/Search Client.bru Normal file
View File

@@ -0,0 +1,30 @@
meta {
name: Search Client
type: http
seq: 5
}
post {
url: {{base}}/api/wireguard/client/searchClient
body: json
auth: inherit
}
headers {
Content-Type: application/json
}
body:json {
{
"current": 1,
"rowCount": 7,
"sort": {},
"servers": ["{{serverUuid}}"],
"searchPhrase": "{{searchPhrase}}"
}
}
vars:pre-request {
searchPhrase:
serverUuid: 64e1d6ec-980a-463d-8583-c863d8e9852b
}

28
bruno/opnsense-api/Search Server.bru Normal file
View File

@@ -0,0 +1,28 @@
meta {
name: Search Server
type: http
seq: 4
}
post {
url: {{base}}/api/wireguard/server/searchServer
body: json
auth: inherit
}
headers {
Content-Type: application/json
}
body:json {
{
"current": 1,
"rowCount": 7,
"sort": {},
"searchPhrase": "{{searchPhrase}}"
}
}
vars:pre-request {
searchPhrase:
}

7
bruno/opnsense-api/folder.bru Normal file
View File

@@ -0,0 +1,7 @@
meta {
name: opnsense-api
}
headers {
Accept: application/json
}

BIN
bun.lockb
View File

Binary file not shown.

32
drizzle/0000_young_wong.sql Normal file
View File

@@ -0,0 +1,32 @@
CREATE TABLE `ip_allocations` (
`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
`client_id` integer,
FOREIGN KEY (`client_id`) REFERENCES `wg_clients`(`id`) ON UPDATE no action ON DELETE set null
);
--> statement-breakpoint
CREATE UNIQUE INDEX `ip_allocations_client_id_unique` ON `ip_allocations` (`client_id`);--> statement-breakpoint
CREATE TABLE `sessions` (
`id` text PRIMARY KEY NOT NULL,
`user_id` text NOT NULL,
`expires_at` integer NOT NULL,
FOREIGN KEY (`user_id`) REFERENCES `users`(`id`) ON UPDATE no action ON DELETE no action
);
--> statement-breakpoint
CREATE TABLE `users` (
`id` text PRIMARY KEY NOT NULL,
`username` text NOT NULL,
`name` text NOT NULL
);
--> statement-breakpoint
CREATE TABLE `wg_clients` (
`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
`user_id` text NOT NULL,
`name` text NOT NULL,
`opnsense_id` text,
`public_key` text NOT NULL,
`private_key` text,
`pre_shared_key` text,
FOREIGN KEY (`user_id`) REFERENCES `users`(`id`) ON UPDATE no action ON DELETE no action
);
--> statement-breakpoint
CREATE UNIQUE INDEX `wg_clients_public_key_unique` ON `wg_clients` (`public_key`);

221
drizzle/meta/0000_snapshot.json Normal file
View File

@@ -0,0 +1,221 @@
{
"version": "6",
"dialect": "sqlite",
"id": "29e6fd88-fa47-4f79-ad83-c52538bc36a6",
"prevId": "00000000-0000-0000-0000-000000000000",
"tables": {
"ip_allocations": {
"name": "ip_allocations",
"columns": {
"id": {
"name": "id",
"type": "integer",
"primaryKey": true,
"notNull": true,
"autoincrement": true
},
"client_id": {
"name": "client_id",
"type": "integer",
"primaryKey": false,
"notNull": false,
"autoincrement": false
}
},
"indexes": {
"ip_allocations_client_id_unique": {
"name": "ip_allocations_client_id_unique",
"columns": [
"client_id"
],
"isUnique": true
}
},
"foreignKeys": {
"ip_allocations_client_id_wg_clients_id_fk": {
"name": "ip_allocations_client_id_wg_clients_id_fk",
"tableFrom": "ip_allocations",
"tableTo": "wg_clients",
"columnsFrom": [
"client_id"
],
"columnsTo": [
"id"
],
"onDelete": "set null",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraints": {}
},
"sessions": {
"name": "sessions",
"columns": {
"id": {
"name": "id",
"type": "text",
"primaryKey": true,
"notNull": true,
"autoincrement": false
},
"user_id": {
"name": "user_id",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"expires_at": {
"name": "expires_at",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false
}
},
"indexes": {},
"foreignKeys": {
"sessions_user_id_users_id_fk": {
"name": "sessions_user_id_users_id_fk",
"tableFrom": "sessions",
"tableTo": "users",
"columnsFrom": [
"user_id"
],
"columnsTo": [
"id"
],
"onDelete": "no action",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraints": {}
},
"users": {
"name": "users",
"columns": {
"id": {
"name": "id",
"type": "text",
"primaryKey": true,
"notNull": true,
"autoincrement": false
},
"username": {
"name": "username",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"name": {
"name": "name",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
}
},
"indexes": {},
"foreignKeys": {},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraints": {}
},
"wg_clients": {
"name": "wg_clients",
"columns": {
"id": {
"name": "id",
"type": "integer",
"primaryKey": true,
"notNull": true,
"autoincrement": true
},
"user_id": {
"name": "user_id",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"name": {
"name": "name",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"opnsense_id": {
"name": "opnsense_id",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"public_key": {
"name": "public_key",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"private_key": {
"name": "private_key",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"pre_shared_key": {
"name": "pre_shared_key",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
}
},
"indexes": {
"wg_clients_public_key_unique": {
"name": "wg_clients_public_key_unique",
"columns": [
"public_key"
],
"isUnique": true
}
},
"foreignKeys": {
"wg_clients_user_id_users_id_fk": {
"name": "wg_clients_user_id_users_id_fk",
"tableFrom": "wg_clients",
"tableTo": "users",
"columnsFrom": [
"user_id"
],
"columnsTo": [
"id"
],
"onDelete": "no action",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraints": {}
}
},
"views": {},
"enums": {},
"_meta": {
"schemas": {},
"tables": {},
"columns": {}
},
"internal": {
"indexes": {}
}
}

13
drizzle/meta/_journal.json Normal file
View File

@@ -0,0 +1,13 @@
{
"version": "7",
"dialect": "sqlite",
"entries": [
{
"idx": 0,
"version": "6",
"when": 1735028333867,
"tag": "0000_young_wong",
"breakpoints": true
}
]
}

15
package.json
View File

@@ -11,8 +11,10 @@
"format": "prettier --write .", "format": "prettier --write .",
"lint": "prettier --check . && eslint .", "lint": "prettier --check . && eslint .",
"db:push": "drizzle-kit push", "db:push": "drizzle-kit push",
"db:generate": "drizzle-kit generate",
"db:migrate": "drizzle-kit migrate", "db:migrate": "drizzle-kit migrate",
"db:studio": "drizzle-kit studio" "db:studio": "drizzle-kit studio",
"db:seed": "bun run ./src/lib/server/db/seed.ts"
}, },
"devDependencies": { "devDependencies": {
"@sveltejs/adapter-auto": "^3.0.0", "@sveltejs/adapter-auto": "^3.0.0",
@@ -23,10 +25,11 @@
"@tailwindcss/typography": "^0.5.15", "@tailwindcss/typography": "^0.5.15",
"@types/better-sqlite3": "^7.6.11", "@types/better-sqlite3": "^7.6.11",
"@types/eslint": "^9.6.0", "@types/eslint": "^9.6.0",
"@types/qrcode-svg": "^1.1.5",
"autoprefixer": "^10.4.20", "autoprefixer": "^10.4.20",
"bits-ui": "^0.21.16", "bits-ui": "^0.21.16",
"clsx": "^2.1.1", "clsx": "^2.1.1",
"drizzle-kit": "^0.22.0", "drizzle-kit": "^0.30.1",
"eslint": "^9.7.0", "eslint": "^9.7.0",
"eslint-config-prettier": "^9.1.0", "eslint-config-prettier": "^9.1.0",
"eslint-plugin-svelte": "^2.36.0", "eslint-plugin-svelte": "^2.36.0",
@@ -44,11 +47,13 @@
"vite": "^5.0.3" "vite": "^5.0.3"
}, },
"dependencies": { "dependencies": {
"@libsql/client": "^0.14.0",
"@oslojs/crypto": "^1.0.1", "@oslojs/crypto": "^1.0.1",
"@oslojs/encoding": "^1.1.0", "@oslojs/encoding": "^1.1.0",
"arctic": "^2.2.1", "arctic": "^2.2.1",
"better-sqlite3": "^11.1.2", "drizzle-orm": "^0.38.2",
"drizzle-orm": "^0.33.0", "ip-address": "^10.0.1",
"lucide-svelte": "^0.454.0" "lucide-svelte": "^0.454.0",
"qrcode-svg": "^1.1.0"
} }
} }

24
src/app.css
View File

@@ -4,16 +4,16 @@
@layer base { @layer base {
:root { :root {
--background: 0 0% 100%; --background: 0 0% 90%;
--foreground: 222.2 84% 4.9%; --foreground: 222.2 84% 4.9%;
--muted: 210 40% 96.1%; --muted: 210 40% 96.1%;
--muted-foreground: 215.4 16.3% 46.9%; --muted-foreground: 215.4 16.3% 46.9%;
--popover: 0 0% 100%; --popover: 0 0% 90%;
--popover-foreground: 222.2 84% 4.9%; --popover-foreground: 222.2 84% 4.9%;
--card: 0 0% 100%; --card: 0 0% 90%;
--card-foreground: 222.2 84% 4.9%; --card-foreground: 222.2 84% 4.9%;
--border: 214.3 31.8% 91.4%; --border: 214.3 31.8% 91.4%;
@@ -22,10 +22,10 @@
--primary: 222.2 47.4% 11.2%; --primary: 222.2 47.4% 11.2%;
--primary-foreground: 210 40% 98%; --primary-foreground: 210 40% 98%;
--secondary: 210 40% 96.1%; --secondary: 210 26% 86%;
--secondary-foreground: 222.2 47.4% 11.2%; --secondary-foreground: 222.2 47.4% 11.2%;
--accent: 210 40% 96.1%; --accent: 210 26% 86%;
--accent-foreground: 222.2 47.4% 11.2%; --accent-foreground: 222.2 47.4% 11.2%;
--destructive: 0 72.2% 50.6%; --destructive: 0 72.2% 50.6%;
@@ -39,31 +39,31 @@
@media (prefers-color-scheme: dark) { @media (prefers-color-scheme: dark) {
:root { :root {
--background: 222.2 84% 4.9%; --background: 222.2 84% 4.9%;
--foreground: 210 40% 98%; --foreground: 210 40% 90%;
--muted: 217.2 32.6% 17.5%; --muted: 217.2 32.6% 17.5%;
--muted-foreground: 215 20.2% 65.1%; --muted-foreground: 215 20.2% 65.1%;
--popover: 222.2 84% 4.9%; --popover: 222.2 84% 4.9%;
--popover-foreground: 210 40% 98%; --popover-foreground: 210 40% 90%;
--card: 222.2 84% 4.9%; --card: 222.2 84% 4.9%;
--card-foreground: 210 40% 98%; --card-foreground: 210 40% 90%;
--border: 217.2 32.6% 17.5%; --border: 217.2 32.6% 17.5%;
--input: 217.2 32.6% 17.5%; --input: 217.2 32.6% 17.5%;
--primary: 210 40% 98%; --primary: 210 40% 90%;
--primary-foreground: 222.2 47.4% 11.2%; --primary-foreground: 222.2 47.4% 11.2%;
--secondary: 217.2 32.6% 17.5%; --secondary: 217.2 32.6% 17.5%;
--secondary-foreground: 210 40% 98%; --secondary-foreground: 210 40% 90%;
--accent: 217.2 32.6% 17.5%; --accent: 217.2 32.6% 17.5%;
--accent-foreground: 210 40% 98%; --accent-foreground: 210 40% 90%;
--destructive: 0 62.8% 30.6%; --destructive: 0 62.8% 30.6%;
--destructive-foreground: 210 40% 98%; --destructive-foreground: 210 40% 90%;
--ring: 212.7 26.8% 83.9%; --ring: 212.7 26.8% 83.9%;
} }

16
src/hooks.server.ts
View File

@@ -31,13 +31,17 @@ const handleAuth: Handle = async ({ event, resolve }) => {
}; };
const authRequired = new Set([ const authRequired = [
'/user', /^\/api/,
'/connections', /^\/user/,
]); /^\/connections/,
/^\/clients/,
];
const handleProtectedPaths: Handle = ({ event, resolve }) => { const handleProtectedPaths: Handle = ({ event, resolve }) => {
if (authRequired.has(event.url.pathname) && !event.locals.user) { const isProtected = authRequired.some((re) => re.test(event.url.pathname));
return redirect(302, '/');
if (!event.locals.user && isProtected) {
return redirect(302, '/');
} }
return resolve(event); return resolve(event);
} }

33
src/lib/clients.ts Normal file
View File

@@ -0,0 +1,33 @@
import type { ClientDetails } from '$lib/types/clients';
/**
* Convert client details to WireGuard configuration.
*
* ```conf
* [Interface]
* PrivateKey = wPa07zR0H4wYoc1ljfeiqlSbR8Z28pPc6jplwE7zPms=
* Address = 10.18.11.100/32,fd00::1/128
* DNS = 10.18.11.1,fd00::0
*
* [Peer]
* PublicKey = BJ5faPVJsDP4CCxNYilmKnwlQXOtXEOJjqIwb4U/CgM=
* PresharedKey = uhZUVqXKF0oayP0BS6yPu6Gepgh68Nz9prtbE5Cuok0=
* Endpoint = vpn.lab.cazzzer.com:51820
* AllowedIPs = 0.0.0.0/0,::/0
* ```
* @param client
*/
export function clientDetailsToConfig(client: ClientDetails): string {
return `\
[Interface]
PrivateKey = ${client.privateKey}
Address = ${client.ips.join(', ')}
DNS = ${client.vpnDns}
[Peer]
PublicKey = ${client.vpnPublicKey}
PresharedKey = ${client.preSharedKey}
Endpoint = ${client.vpnEndpoint}
AllowedIPs = 0.0.0.0/0,::/0
`;
}

18
src/lib/components/ui/badge/badge.svelte Normal file
View File

@@ -0,0 +1,18 @@
<script lang="ts">
import { type Variant, badgeVariants } from "./index.js";
import { cn } from "$lib/utils.js";
let className: string | undefined | null = undefined;
export let href: string | undefined = undefined;
export let variant: Variant = "default";
export { className as class };
</script>
<svelte:element
this={href ? "a" : "span"}
{href}
class={cn(badgeVariants({ variant, className }))}
{...$$restProps}
>
<slot />
</svelte:element>

21
src/lib/components/ui/badge/index.ts Normal file
View File

@@ -0,0 +1,21 @@
import { type VariantProps, tv } from "tailwind-variants";
export { default as Badge } from "./badge.svelte";
export const badgeVariants = tv({
base: "focus:ring-ring inline-flex select-none items-center rounded-full border px-2.5 py-0.5 text-xs font-semibold transition-colors focus:outline-none focus:ring-2 focus:ring-offset-2",
variants: {
variant: {
default: "bg-primary text-primary-foreground hover:bg-primary/80 border-transparent",
secondary:
"bg-secondary text-secondary-foreground hover:bg-secondary/80 border-transparent",
destructive:
"bg-destructive text-destructive-foreground hover:bg-destructive/80 border-transparent",
outline: "text-foreground",
},
},
defaultVariants: {
variant: "default",
},
});
export type Variant = VariantProps<typeof badgeVariants>["variant"];

35
src/lib/components/ui/checkbox/checkbox.svelte Normal file
View File

@@ -0,0 +1,35 @@
<script lang="ts">
import { Checkbox as CheckboxPrimitive } from "bits-ui";
import Check from "lucide-svelte/icons/check";
import Minus from "lucide-svelte/icons/minus";
import { cn } from "$lib/utils.js";
type $$Props = CheckboxPrimitive.Props;
type $$Events = CheckboxPrimitive.Events;
let className: $$Props["class"] = undefined;
export let checked: $$Props["checked"] = false;
export { className as class };
</script>
<CheckboxPrimitive.Root
class={cn(
"border-primary ring-offset-background focus-visible:ring-ring data-[state=checked]:bg-primary data-[state=checked]:text-primary-foreground peer box-content h-4 w-4 shrink-0 rounded-sm border focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-offset-2 disabled:cursor-not-allowed disabled:opacity-50 data-[disabled=true]:cursor-not-allowed data-[disabled=true]:opacity-50",
className
)}
bind:checked
{...$$restProps}
on:click
>
<CheckboxPrimitive.Indicator
class={cn("flex h-4 w-4 items-center justify-center text-current")}
let:isChecked
let:isIndeterminate
>
{#if isChecked}
<Check class="h-3.5 w-3.5" />
{:else if isIndeterminate}
<Minus class="h-3.5 w-3.5" />
{/if}
</CheckboxPrimitive.Indicator>
</CheckboxPrimitive.Root>

6
src/lib/components/ui/checkbox/index.ts Normal file
View File

@@ -0,0 +1,6 @@
import Root from "./checkbox.svelte";
export {
Root,
//
Root as Checkbox,
};

28
src/lib/components/ui/table/index.ts Normal file
View File

@@ -0,0 +1,28 @@
import Root from "./table.svelte";
import Body from "./table-body.svelte";
import Caption from "./table-caption.svelte";
import Cell from "./table-cell.svelte";
import Footer from "./table-footer.svelte";
import Head from "./table-head.svelte";
import Header from "./table-header.svelte";
import Row from "./table-row.svelte";
export {
Root,
Body,
Caption,
Cell,
Footer,
Head,
Header,
Row,
//
Root as Table,
Body as TableBody,
Caption as TableCaption,
Cell as TableCell,
Footer as TableFooter,
Head as TableHead,
Header as TableHeader,
Row as TableRow,
};

13
src/lib/components/ui/table/table-body.svelte Normal file
View File

@@ -0,0 +1,13 @@
<script lang="ts">
import type { HTMLAttributes } from "svelte/elements";
import { cn } from "$lib/utils.js";
type $$Props = HTMLAttributes<HTMLTableSectionElement>;
let className: $$Props["class"] = undefined;
export { className as class };
</script>
<tbody class={cn("[&_tr:last-child]:border-0", className)} {...$$restProps}>
<slot />
</tbody>

13
src/lib/components/ui/table/table-caption.svelte Normal file
View File

@@ -0,0 +1,13 @@
<script lang="ts">
import type { HTMLAttributes } from "svelte/elements";
import { cn } from "$lib/utils.js";
type $$Props = HTMLAttributes<HTMLTableCaptionElement>;
let className: $$Props["class"] = undefined;
export { className as class };
</script>
<caption class={cn("text-muted-foreground mt-4 text-sm", className)} {...$$restProps}>
<slot />
</caption>

18
src/lib/components/ui/table/table-cell.svelte Normal file
View File

@@ -0,0 +1,18 @@
<script lang="ts">
import type { HTMLTdAttributes } from "svelte/elements";
import { cn } from "$lib/utils.js";
type $$Props = HTMLTdAttributes;
let className: $$Props["class"] = undefined;
export { className as class };
</script>
<td
class={cn("p-4 align-middle [&:has([role=checkbox])]:pr-0", className)}
{...$$restProps}
on:click
on:keydown
>
<slot />
</td>

13
src/lib/components/ui/table/table-footer.svelte Normal file
View File

@@ -0,0 +1,13 @@
<script lang="ts">
import type { HTMLAttributes } from "svelte/elements";
import { cn } from "$lib/utils.js";
type $$Props = HTMLAttributes<HTMLTableSectionElement>;
let className: $$Props["class"] = undefined;
export { className as class };
</script>
<tfoot class={cn("bg-muted/50 text-primary-foreground font-medium", className)} {...$$restProps}>
<slot />
</tfoot>

19
src/lib/components/ui/table/table-head.svelte Normal file
View File

@@ -0,0 +1,19 @@
<script lang="ts">
import type { HTMLThAttributes } from "svelte/elements";
import { cn } from "$lib/utils.js";
type $$Props = HTMLThAttributes;
let className: $$Props["class"] = undefined;
export { className as class };
</script>
<th
class={cn(
"text-muted-foreground h-12 px-4 text-left align-middle font-medium [&:has([role=checkbox])]:pr-0",
className
)}
{...$$restProps}
>
<slot />
</th>

14
src/lib/components/ui/table/table-header.svelte Normal file
View File

@@ -0,0 +1,14 @@
<script lang="ts">
import type { HTMLAttributes } from "svelte/elements";
import { cn } from "$lib/utils.js";
type $$Props = HTMLAttributes<HTMLTableSectionElement>;
let className: $$Props["class"] = undefined;
export { className as class };
</script>
<!-- svelte-ignore a11y-no-noninteractive-element-interactions -->
<thead class={cn("[&_tr]:border-b", className)} {...$$restProps} on:click on:keydown>
<slot />
</thead>

23
src/lib/components/ui/table/table-row.svelte Normal file
View File

@@ -0,0 +1,23 @@
<script lang="ts">
import type { HTMLAttributes } from "svelte/elements";
import { cn } from "$lib/utils.js";
type $$Props = HTMLAttributes<HTMLTableRowElement> & {
"data-state"?: unknown;
};
let className: $$Props["class"] = undefined;
export { className as class };
</script>
<tr
class={cn(
"hover:bg-muted/50 data-[state=selected]:bg-muted border-b transition-colors",
className
)}
{...$$restProps}
on:click
on:keydown
>
<slot />
</tr>

15
src/lib/components/ui/table/table.svelte Normal file
View File

@@ -0,0 +1,15 @@
<script lang="ts">
import type { HTMLTableAttributes } from "svelte/elements";
import { cn } from "$lib/utils.js";
type $$Props = HTMLTableAttributes;
let className: $$Props["class"] = undefined;
export { className as class };
</script>
<div class="relative w-full overflow-auto">
<table class={cn("w-full caption-bottom text-sm", className)} {...$$restProps}>
<slot />
</table>
</div>

107
src/lib/opnsense/wg.ts Normal file
View File

@@ -0,0 +1,107 @@
export interface PeerRow {
if: string;
type: "peer";
'public-key': string;
endpoint: string;
'allowed-ips': string;
'latest-handshake': number;
'transfer-rx': number;
'transfer-tx': number;
'persistent-keepalive': string;
name: string;
ifname: string;
}
/**
* Sample response from OPNsense WireGuard API
* ```json
* {
* "total": 17,
* "rowCount": 7,
* "current": 1,
* "rows": [
* {
* "if": "wg0",
* "type": "peer",
* "public-key": "iJa5JmJbMHNlbEluNwoB2Q8LyrPAfb7S/mluanMcI08=",
* "endpoint": "10.17.20.107:42516",
* "allowed-ips": "fd00::1/112,10.6.0.3/32",
* "latest-handshake": 1729319339,
* "transfer-rx": 1052194743,
* "transfer-tx": 25203263456,
* "persistent-keepalive": "off",
* "name": "Yura-TPX13",
* "ifname": "wg0"
* }
* ]
* }
* ```
*/
export interface OpnsenseWgPeers {
total: number;
rowCount: number;
current: number;
rows: PeerRow[];
}
/**
* Sample request to OPNsense WireGuard API
* ```js
* const url = 'https://opnsense.home/api/wireguard/service/show';
* const options = {
* method: 'POST',
* headers: {
* Authorization: 'Basic ...',
* 'Content-Type': 'application/json',
* Accept: 'application/json',
* },
* body: '{"current":1,"rowCount":7,"sort":{},"searchPhrase":"","type":["peer"]}'
* };
* ```
*/
export interface OpnsenseWgServers {
status: "ok" | string | number;
rows: {
name: string;
uuid: string;
}[];
}
/**
* Sample response for OPNsense WireGuard clients
* ```json
* {
* "rows": [
* {
* "uuid": "d99334de-7671-4ca7-9c9b-5f5578acae70",
* "enabled": "1",
* "name": "Yura-TPX13",
* "pubkey": "iJa5JmJbMHNlbEluNwoB2Q8LyrPAfb7S/mluanMcI08=",
* "tunneladdress": "fd00::1/112,10.6.0.3/32",
* "serveraddress": "",
* "serverport": "",
* "servers": "wg0"
* }
* ],
* "rowCount": 1,
* "total": 10,
* "current": 1
* }
* ```
*/
export interface OpnsenseWgClients {
rowCount: number;
total: number;
current: number;
rows: {
uuid: string;
enabled: string;
name: string;
pubkey: string;
tunneladdress: string;
serveraddress: string;
serverport: string;
servers: string;
}[];
}

20
src/lib/server/auth.ts
View File

@@ -23,7 +23,7 @@ export async function createSession(userId: string): Promise<table.Session> {
userId, userId,
expiresAt: new Date(Date.now() + DAY_IN_MS * 30) expiresAt: new Date(Date.now() + DAY_IN_MS * 30)
}; };
await db.insert(table.session).values(session); await db.insert(table.sessions).values(session);
return session; return session;
} }
@@ -38,7 +38,7 @@ export function setSessionTokenCookie(event: RequestEvent, sessionId: string, ex
} }
export async function invalidateSession(sessionId: string): Promise<void> { export async function invalidateSession(sessionId: string): Promise<void> {
await db.delete(table.session).where(eq(table.session.id, sessionId)); await db.delete(table.sessions).where(eq(table.sessions.id, sessionId));
} }
export function deleteSessionTokenCookie(event: RequestEvent) { export function deleteSessionTokenCookie(event: RequestEvent) {
@@ -49,12 +49,12 @@ export async function validateSession(sessionId: string) {
const [result] = await db const [result] = await db
.select({ .select({
// Adjust user table here to tweak returned data // Adjust user table here to tweak returned data
user: { id: table.user.id, username: table.user.username, name: table.user.name }, user: { id: table.users.id, username: table.users.username, name: table.users.name },
session: table.session session: table.sessions
}) })
.from(table.session) .from(table.sessions)
.innerJoin(table.user, eq(table.session.userId, table.user.id)) .innerJoin(table.users, eq(table.sessions.userId, table.users.id))
.where(eq(table.session.id, sessionId)); .where(eq(table.sessions.id, sessionId));
if (!result) { if (!result) {
return { session: null, user: null }; return { session: null, user: null };
@@ -63,7 +63,7 @@ export async function validateSession(sessionId: string) {
const sessionExpired = Date.now() >= session.expiresAt.getTime(); const sessionExpired = Date.now() >= session.expiresAt.getTime();
if (sessionExpired) { if (sessionExpired) {
await db.delete(table.session).where(eq(table.session.id, session.id)); await db.delete(table.sessions).where(eq(table.sessions.id, session.id));
return { session: null, user: null }; return { session: null, user: null };
} }
@@ -71,9 +71,9 @@ export async function validateSession(sessionId: string) {
if (renewSession) { if (renewSession) {
session.expiresAt = new Date(Date.now() + DAY_IN_MS * 30); session.expiresAt = new Date(Date.now() + DAY_IN_MS * 30);
await db await db
.update(table.session) .update(table.sessions)
.set({ expiresAt: session.expiresAt }) .set({ expiresAt: session.expiresAt })
.where(eq(table.session.id, session.id)); .where(eq(table.sessions.id, session.id));
} }
return { session, user }; return { session, user };

227
src/lib/server/clients.ts Normal file
View File

@@ -0,0 +1,227 @@
import type { User } from '$lib/server/db/schema';
import { db } from '$lib/server/db';
import { wgClients, ipAllocations } from '$lib/server/db/schema';
import { opnsenseAuth, opnsenseUrl, serverPublicKey, serverUuid } from '$lib/server/opnsense';
import { Address4, Address6 } from 'ip-address';
import {
IP_MAX_INDEX,
IPV4_STARTING_ADDR,
IPV6_CLIENT_PREFIX_SIZE,
IPV6_STARTING_ADDR,
MAX_CLIENTS_PER_USER,
VPN_DNS,
VPN_ENDPOINT,
} from '$env/static/private';
import { and, count, eq, isNull } from 'drizzle-orm';
import { err, ok, type Result } from '$lib/types';
import type { ClientDetails } from '$lib/types/clients';
export async function findClients(userId: string) {
return db.query.wgClients.findMany({
columns: {
id: true,
name: true,
publicKey: true,
privateKey: true,
preSharedKey: true,
},
with: {
ipAllocation: true,
},
where: eq(wgClients.userId, userId),
});
}
export async function findClient(userId: string, clientId: number) {
return db.query.wgClients.findFirst({
columns: {
id: true,
name: true,
publicKey: true,
privateKey: true,
preSharedKey: true,
},
with: {
ipAllocation: true,
},
where: and(eq(wgClients.userId, userId), eq(wgClients.id, clientId)),
});
}
export function mapClientToDetails(
client: Awaited<ReturnType<typeof findClients>>[0],
): ClientDetails {
const ips = getIpsFromIndex(client.ipAllocation.id);
return {
id: client.id,
name: client.name,
publicKey: client.publicKey,
privateKey: client.privateKey,
preSharedKey: client.preSharedKey,
ips,
vpnPublicKey: serverPublicKey,
vpnEndpoint: VPN_ENDPOINT,
vpnDns: VPN_DNS,
};
}
export async function createClient(params: {
name: string;
user: User;
}): Promise<Result<null, [400 | 500, string]>> {
// check if user exceeds the limit of clients
const [{ clientCount }] = await db
.select({ clientCount: count() })
.from(wgClients)
.where(eq(wgClients.userId, params.user.id));
if (clientCount >= parseInt(MAX_CLIENTS_PER_USER))
return err([400, 'Maximum number of clients reached'] as [400, string]);
// this is going to be quite long
// 1. fetch params for new client from opnsense api
// 2.1 get an allocation for the client
// 2.2. insert new client into db
// 2.3. update the allocation with the client id
// 3. create the client in opnsense
// 4. reconfigure opnsense to enable the new client
const error = await db.transaction(async (tx) => {
const [keys, availableAllocation, lastAllocation] = await Promise.all([
// fetch params for new client from opnsense api
getKeys(),
// find first unallocated IP
await tx.query.ipAllocations.findFirst({
columns: {
id: true,
},
where: isNull(ipAllocations.clientId),
}),
// find last allocation to check if we have any IPs left
await tx.query.ipAllocations.findFirst({
columns: {
id: true,
},
orderBy: (ipAllocations, { desc }) => desc(ipAllocations.id),
}),
]);
// check for existing allocation or if we have any IPs left
if (!availableAllocation && lastAllocation && lastAllocation.id >= parseInt(IP_MAX_INDEX)) {
return err([500, 'No more IP addresses available'] as [500, string]);
}
// use existing allocation or create a new one
const ipAllocationId =
availableAllocation?.id ??
(await tx.insert(ipAllocations).values({}).returning({ id: ipAllocations.id }))[0].id;
// transaction savepoint after creating a new IP allocation
// TODO: not sure if this is needed
return await tx.transaction(async (tx2) => {
// create new client in db
const [newClient] = await tx2
.insert(wgClients)
.values({
userId: params.user.id,
name: params.name,
publicKey: keys.pubkey,
privateKey: keys.privkey,
preSharedKey: keys.psk,
})
.returning({ id: wgClients.id });
// update IP allocation with client ID
await tx2
.update(ipAllocations)
.set({ clientId: newClient.id })
.where(eq(ipAllocations.id, ipAllocationId));
// create client in opnsense
const opnsenseRes = await opnsenseCreateClient({
username: params.user.username,
pubkey: keys.pubkey,
psk: keys.psk,
allowedIps: getIpsFromIndex(ipAllocationId).join(','),
});
const opnsenseResJson = await opnsenseRes.json();
if (opnsenseResJson['result'] !== 'saved') {
tx2.rollback();
console.error(`Error creating client in OPNsense: \n${opnsenseResJson}`);
return err([500, 'Error creating client in OPNsense'] as [500, string]);
}
// reconfigure opnsense
await opnsenseReconfigure();
});
});
if (error) return error;
return ok(null);
}
async function getKeys() {
// fetch key pair from opnsense
const options: RequestInit = {
method: 'GET',
headers: {
Authorization: opnsenseAuth,
Accept: 'application/json',
},
};
const resKeyPair = await fetch(`${opnsenseUrl}/api/wireguard/server/key_pair`, options);
const resPsk = await fetch(`${opnsenseUrl}/api/wireguard/client/psk`, options);
const keyPair = await resKeyPair.json();
const psk = await resPsk.json();
return {
pubkey: keyPair['pubkey'] as string,
privkey: keyPair['privkey'] as string,
psk: psk['psk'] as string,
};
}
export function getIpsFromIndex(ipIndex: number) {
ipIndex -= 1; // 1-indexed in the db
const v4StartingAddr = new Address4(IPV4_STARTING_ADDR);
const v6StartingAddr = new Address6(IPV6_STARTING_ADDR);
const v4Allowed = Address4.fromBigInt(v4StartingAddr.bigInt() + BigInt(ipIndex));
const v6Offset = BigInt(ipIndex) << (128n - BigInt(IPV6_CLIENT_PREFIX_SIZE));
const v6Allowed = Address6.fromBigInt(v6StartingAddr.bigInt() + v6Offset);
const v6AllowedShort = v6Allowed.parsedAddress.join(':');
return [v4Allowed.address + '/32', v6AllowedShort + '/' + IPV6_CLIENT_PREFIX_SIZE];
}
async function opnsenseCreateClient(params: {
username: string;
pubkey: string;
psk: string;
allowedIps: string;
}) {
return fetch(`${opnsenseUrl}/api/wireguard/client/addClientBuilder`, {
method: 'POST',
headers: {
Authorization: opnsenseAuth,
Accept: 'application/json',
'Content-Type': 'application/json',
},
body: JSON.stringify({
configbuilder: {
enabled: '1',
name: `vpgen-${params.username}`,
pubkey: params.pubkey,
psk: params.psk,
tunneladdress: params.allowedIps,
server: serverUuid,
endpoint: VPN_ENDPOINT,
},
}),
});
}
async function opnsenseReconfigure() {
return fetch(`${opnsenseUrl}/api/wireguard/service/reconfigure`, {
method: 'POST',
headers: {
Authorization: opnsenseAuth,
Accept: 'application/json',
},
});
}

11
src/lib/server/db/index.ts
View File

@@ -1,8 +1,5 @@
import { drizzle } from 'drizzle-orm/better-sqlite3'; import { drizzle } from 'drizzle-orm/libsql';
import Database from 'better-sqlite3'; import * as schema from './schema';
import { env } from '$env/dynamic/private'; import { DATABASE_URL } from '$env/static/private';
import assert from 'node:assert';
assert(env.DATABASE_URL, 'DATABASE_URL is not set'); export const db= drizzle(DATABASE_URL, { schema });
const client = new Database(env.DATABASE_URL);
export const db = drizzle(client);

59
src/lib/server/db/schema.ts
View File

@@ -1,19 +1,66 @@
import { sqliteTable, text, integer } from 'drizzle-orm/sqlite-core'; import { sqliteTable, text, integer } from 'drizzle-orm/sqlite-core';
import { relations } from 'drizzle-orm';
export const user = sqliteTable('user', { export const users = sqliteTable('users', {
id: text('id').primaryKey(), id: text('id').primaryKey(),
username: text('username').notNull(), username: text('username').notNull(),
name: text('name').notNull(), name: text('name').notNull(),
}); });
export const session = sqliteTable('session', { export const usersRelations = relations(users, ({ many }) => ({
wgClients: many(wgClients),
}));
export const sessions = sqliteTable('sessions', {
id: text('id').primaryKey(), id: text('id').primaryKey(),
userId: text('user_id') userId: text('user_id')
.notNull() .notNull()
.references(() => user.id), .references(() => users.id),
expiresAt: integer('expires_at', { mode: 'timestamp' }).notNull() expiresAt: integer('expires_at', { mode: 'timestamp' }).notNull(),
}); });
export type Session = typeof session.$inferSelect; export const ipAllocations = sqliteTable('ip_allocations', {
// for now, id will be the same as the ipIndex
id: integer('id').primaryKey({ autoIncrement: true }),
// clientId is nullable because allocations can remain after the client is deleted
// unique for now, only allowing one allocation per client
clientId: integer('client_id')
.unique()
.references(() => wgClients.id, { onDelete: 'set null' }),
});
export type User = typeof user.$inferSelect; export const wgClients = sqliteTable('wg_clients', {
id: integer().primaryKey({ autoIncrement: true }),
userId: text('user_id')
.notNull()
.references(() => users.id),
name: text('name').notNull(),
// questioning whether this should be nullable
opnsenseId: text('opnsense_id'),
publicKey: text('public_key').notNull().unique(),
// nullable for the possibility of a client supplying their own private key
privateKey: text('private_key'),
// nullable for the possibility of no psk
preSharedKey: text('pre_shared_key'),
// discarded ideas:
// (mostly because they make finding the next available ipIndex difficult)
// ipIndex: integer('ip_index').notNull().unique(),
// allowedIps: text('allowed_ips').notNull(),
});
export const wgClientsRelations = relations(wgClients, ({ one }) => ({
user: one(users, {
fields: [wgClients.userId],
references: [users.id],
}),
ipAllocation: one(ipAllocations, {
fields: [wgClients.id],
references: [ipAllocations.clientId],
}),
}));
export type WgClient = typeof wgClients.$inferSelect;
export type Session = typeof sessions.$inferSelect;
export type User = typeof users.$inferSelect;

33
src/lib/server/db/seed.ts Normal file
View File

@@ -0,0 +1,33 @@
import { ipAllocations, users, wgClients } from './schema';
import { eq } from 'drizzle-orm';
import assert from 'node:assert';
import { drizzle } from 'drizzle-orm/libsql';
import * as schema from '$lib/server/db/schema';
assert(process.env.DATABASE_URL, 'DATABASE_URL is not set');
const db = drizzle(process.env.DATABASE_URL, { schema });
async function seed() {
const user = await db.query.users.findFirst({ where: eq(users.username, 'CaZzzer') });
assert(user, 'User not found');
const clients: typeof wgClients.$inferInsert[] = [
{
userId: user.id,
name: 'Client1',
publicKey: 'BJ5faPVJsDP4CCxNYilmKnwlQXOtXEOJjqIwb4U/CgM=',
privateKey: 'KKqsHDu30WCSrVsyzMkOKbE3saQ+wlx0sBwGs61UGXk=',
preSharedKey: '0LWopbrISXBNHUxr+WOhCSAg+0hD8j3TLmpyzHkBHCQ=',
// ipIndex: 1,
// allowedIps: '10.18.11.101/32,fd00::1/112',
},
];
const returned = await db.insert(wgClients).values(clients).returning({ insertedId: wgClients.id });
const ipAllocation: typeof ipAllocations.$inferInsert = {
clientId: returned[0].insertedId,
};
await db.insert(ipAllocations).values(ipAllocation);
}
seed();

49
src/lib/server/opnsense/index.ts Normal file
View File

@@ -0,0 +1,49 @@
import { env } from '$env/dynamic/private';
import assert from 'node:assert';
import { encodeBasicCredentials } from 'arctic/dist/request';
import { dev } from '$app/environment';
import type { OpnsenseWgServers } from '$lib/opnsense/wg';
assert(env.OPNSENSE_API_URL, 'OPNSENSE_API_URL is not set');
assert(env.OPNSENSE_API_KEY, 'OPNSENSE_API_KEY is not set');
assert(env.OPNSENSE_API_SECRET, 'OPNSENSE_API_SECRET is not set');
assert(env.OPNSENSE_WG_IFNAME, 'OPNSENSE_WG_IFNAME is not set');
export const opnsenseUrl = env.OPNSENSE_API_URL;
export const opnsenseAuth =
'Basic ' + encodeBasicCredentials(env.OPNSENSE_API_KEY, env.OPNSENSE_API_SECRET);
export const opnsenseIfname = env.OPNSENSE_WG_IFNAME;
// unset secret for security
if (!dev) env.OPNSENSE_API_SECRET = '';
// this might be pretty bad if the server is down and in a bunch of other cases
// TODO: write a retry loop later
const resServers = await fetch(`${opnsenseUrl}/api/wireguard/client/list_servers`, {
method: 'GET',
headers: {
Authorization: opnsenseAuth,
Accept: 'application/json',
},
});
assert(resServers.ok, 'Failed to fetch OPNsense WireGuard servers');
const servers = (await resServers.json()) as OpnsenseWgServers;
assert.equal(servers.status, 'ok', 'Failed to fetch OPNsense WireGuard servers');
export const serverUuid = servers.rows.find((server) => server.name === opnsenseIfname)?.uuid;
assert(serverUuid, 'Failed to find server UUID for OPNsense WireGuard server');
console.log('OPNsense WireGuard server UUID:', serverUuid);
const resServerInfo = await fetch(
`${opnsenseUrl}/api/wireguard/client/get_server_info/${serverUuid}`,
{
method: 'GET',
headers: {
Authorization: opnsenseAuth,
Accept: 'application/json',
},
},
);
assert(resServerInfo.ok, 'Failed to fetch OPNsense WireGuard server info');
const serverInfo = await resServerInfo.json();
assert.equal(serverInfo.status, 'ok', 'Failed to fetch OPNsense WireGuard server info');
export const serverPublicKey = serverInfo['pubkey'];

11
src/lib/types/clients.ts Normal file
View File

@@ -0,0 +1,11 @@
export type ClientDetails = {
id: number;
name: string;
publicKey: string;
privateKey: string | null;
preSharedKey: string | null;
ips: string[];
vpnPublicKey: string;
vpnEndpoint: string;
vpnDns: string;
};

27
src/lib/types/index.ts Normal file
View File

@@ -0,0 +1,27 @@
class Ok<T> {
readonly _tag = 'ok';
value: T;
constructor(value: T) {
this.value = value;
}
}
class Err<E> {
readonly _tag = 'err';
error: E;
constructor(error: E) {
this.error = error;
}
}
export type Result<T, E> = Ok<T> | Err<E>;
export function err<E>(e: E): Err<E> {
return new Err(e);
}
export function ok<T>(t: T): Ok<T> {
return new Ok(t);
}

17
src/routes/+layout.svelte
View File

@@ -5,20 +5,25 @@
const { data, children } = $props(); const { data, children } = $props();
const { user } = data; const { user } = data;
function getNavClass(path: RegExp) {
return cn('hover:text-foreground/80 transition-colors',
path.test($page.url.pathname) ? 'text-foreground' : 'text-foreground/60');
}
</script> </script>
<header class="p-4 sm:flex"> <header class="p-4 sm:flex">
<span class=" mr-6 font-bold sm:inline-block">My App</span> <span class=" mr-6 font-bold sm:inline-block">VPGen</span>
<nav class="flex items-center gap-6 text-sm"> <nav class="flex items-center gap-6 text-sm">
<a href="/" class={cn("hover:text-foreground/80 transition-colors", <a href="/" class={getNavClass(/^\/$/)}>Home</a>
$page.url.pathname === "/" ? "text-foreground" : "text-foreground/60")}>Home</a>
{#if user} {#if user}
<a href="/user" class={cn("hover:text-foreground/80 transition-colors", <a href="/user" class={getNavClass(/^\/user$/)}>Profile</a>
$page.url.pathname === "/user" ? "text-foreground" : "text-foreground/60")}>Profile</a> <a href="/connections" class={getNavClass(/^\/connections$/)}>Connections</a>
<a href="/clients" class={getNavClass(/^\/clients(\/\d+)?$/)}>Clients</a>
{/if} {/if}
</nav> </nav>
</header> </header>
<main class="flex-grow p-4"> <main class="flex flex-col flex-grow p-4">
{@render children()} {@render children()}
</main> </main>

4
src/routes/+page.svelte
View File

@@ -6,10 +6,10 @@
</script> </script>
<svelte:head> <svelte:head>
<title>VpGen</title> <title>VPGen</title>
</svelte:head> </svelte:head>
<h1>Welcome to SvelteKit</h1> <h1>Welcome to VPGen</h1>
{#if user } {#if user }
<p>Hi {user.name}</p> <p>Hi {user.name}</p>

42
src/routes/api/clients/+server.ts Normal file
View File

@@ -0,0 +1,42 @@
import { error } from '@sveltejs/kit';
import type { RequestHandler } from './$types';
import { createClient, findClients, mapClientToDetails } from '$lib/server/clients';
export const GET: RequestHandler = async (event) => {
if (!event.locals.user) {
return error(401, 'Unauthorized');
}
const clients = await findClients(event.locals.user.id);
return new Response(
JSON.stringify({
clients: clients.map(mapClientToDetails),
}),
);
};
export type Clients = Awaited<ReturnType<typeof findClients>>;
export const POST: RequestHandler = async (event) => {
if (!event.locals.user) {
return error(401, 'Unauthorized');
}
const { name } = await event.request.json();
const res = await createClient({
name,
user: event.locals.user,
});
switch (res._tag) {
case 'ok': {
return new Response(null, {
status: 201,
});
}
case 'err': {
const [status, message] = res.error;
return error(status, message);
}
}
};

20
src/routes/api/clients/[id]/+server.ts Normal file
View File

@@ -0,0 +1,20 @@
import { error } from '@sveltejs/kit';
import type { RequestHandler } from './$types';
import { findClient, mapClientToDetails } from '$lib/server/clients';
export const GET: RequestHandler = async (event) => {
if (!event.locals.user) {
return error(401, 'Unauthorized');
}
const { id } = event.params;
const clientId = parseInt(id);
if (isNaN(clientId)) {
return error(400, 'Invalid client ID');
}
const client = await findClient(event.locals.user.id, clientId);
if (!client) {
return error(404, 'Client not found');
}
return new Response(JSON.stringify(mapClientToDetails(client)));
};

43
src/routes/api/connections/+server.ts Normal file
View File

@@ -0,0 +1,43 @@
import { error } from '@sveltejs/kit';
import type { RequestHandler } from './$types';
import { opnsenseAuth, opnsenseUrl } from '$lib/server/opnsense';
import type { OpnsenseWgPeers } from '$lib/opnsense/wg';
export const GET: RequestHandler = async (event) => {
if (!event.locals.user) {
return error(401, 'Unauthorized');
}
const apiUrl = `${opnsenseUrl}/api/wireguard/service/show`;
const options: RequestInit = {
method: 'POST',
headers: {
Authorization: opnsenseAuth,
Accept: 'application/json',
'Content-Type': 'application/json',
},
body: JSON.stringify({
'current': 1,
// "rowCount": 7,
'sort': {},
// TODO: use a more unique search phrase
// unfortunately 64 character limit,
// but it should be fine if users can't change their own username
'searchPhrase': `vpgen-${event.locals.user.username}`,
'type': ['peer'],
}),
};
const res = await fetch(apiUrl, options);
const peers = await res.json() as OpnsenseWgPeers;
peers.rows = peers.rows.filter(peer => peer['latest-handshake'])
if (!peers) {
return error(500, 'Error getting info from OPNsense API');
}
return new Response(JSON.stringify(peers), {
headers: {
'Content-Type': 'application/json',
'Cache-Control': 'max-age=5',
}
});
};

4
src/routes/auth/authentik/callback/+server.ts
View File

@@ -39,7 +39,7 @@ export async function GET(event: RequestEvent): Promise<Response> {
const userId: string = claims.sub; const userId: string = claims.sub;
const username: string = claims.preferred_username; const username: string = claims.preferred_username;
const [existingUser] = await db.select().from(table.user).where(eq(table.user.id, userId)); const existingUser = await db.query.users.findFirst({where: eq(table.users.id, userId)});
if (existingUser) { if (existingUser) {
const session = await createSession(existingUser.id); const session = await createSession(existingUser.id);
@@ -59,7 +59,7 @@ export async function GET(event: RequestEvent): Promise<Response> {
}; };
try { try {
await db.insert(table.user).values(user); await db.insert(table.users).values(user);
const session = await createSession(user.id); const session = await createSession(user.id);
setSessionTokenCookie(event, session.id, session.expiresAt); setSessionTokenCookie(event, session.id, session.expiresAt);
} catch (e) { } catch (e) {

28
src/routes/clients/+page.server.ts Normal file
View File

@@ -0,0 +1,28 @@
import type { Actions } from './$types';
import { createClient } from '$lib/server/clients';
import { error } from '@sveltejs/kit';
export const actions = {
create: async (event) => {
if (!event.locals.user) return error(401, 'Unauthorized');
const formData = await event.request.formData();
const name = formData.get('name');
if (typeof name !== 'string' || name.trim() === '') return error(400, 'Invalid name');
const res = await createClient({
name: name.trim(),
user: event.locals.user,
});
switch (res._tag) {
case 'ok': {
return {
status: 201,
};
}
case 'err': {
const [status, message] = res.error;
return error(status, message);
}
}
},
} satisfies Actions;

55
src/routes/clients/+page.svelte Normal file
View File

@@ -0,0 +1,55 @@
<script lang="ts">
import * as Table from '$lib/components/ui/table';
import { Badge } from '$lib/components/ui/badge';
import { Button } from '$lib/components/ui/button';
import { Input } from '$lib/components/ui/input';
import type { PageData } from './$types';
import { LucidePlus } from 'lucide-svelte';
const { data }: { data: PageData } = $props();
</script>
<svelte:head>
<title>Clients</title>
</svelte:head>
<Table.Root class="bg-accent rounded-lg overflow-hidden divide-y-2 divide-background">
<Table.Header>
<Table.Row>
<Table.Head scope="col">Name</Table.Head>
<Table.Head scope="col">Public Key</Table.Head>
<!-- <Table.Head scope="col">Private Key</Table.Head>-->
<!-- <Table.Head scope="col">Pre-Shared Key</Table.Head>-->
<Table.Head scope="col">IP Allocation</Table.Head>
</Table.Row>
</Table.Header>
<Table.Body class="divide-y-2 divide-background">
{#each data.clients as client}
<Table.Row class="hover:bg-background hover:bg-opacity-40 group">
<Table.Head scope="row">
<a href={`/clients/${client.id}`} class="flex items-center size-full group-hover:underline">
{client.name}
</a>
</Table.Head>
<Table.Cell class="truncate">{client.publicKey}</Table.Cell>
<!-- <Table.Cell class="truncate max-w-[10ch]">{client.privateKey}</Table.Cell>-->
<!-- <Table.Cell class="truncate max-w-[10ch]">{client.preSharedKey}</Table.Cell>-->
<Table.Cell class="flex flex-wrap gap-1">
{#each client.ips as ip}
<Badge class="bg-background select-auto" variant="secondary">{ip}</Badge>
{/each}
</Table.Cell>
</Table.Row>
{/each}
</Table.Body>
</Table.Root>
<!--Floating action button for adding a new client-->
<!--Not sure if this is the best place for the input field, will think about it later-->
<form class="flex self-end mt-auto pt-4" method="post" action="?/create">
<Input type="text" name="name" placeholder="New Client" class="mr-2" />
<Button type="submit">
<LucidePlus class="mr-2 h-4 w-4" />
Add Client
</Button>
</form>

9
src/routes/clients/+page.ts Normal file
View File

@@ -0,0 +1,9 @@
import type { PageLoad } from './$types';
import type { ClientDetails } from '$lib/types/clients';
export const load: PageLoad = async ({ fetch }) => {
const res = await fetch('/api/clients');
const { clients } = await res.json() as { clients: ClientDetails[] };
return { clients };
};

55
src/routes/clients/[id]/+page.svelte Normal file
View File

@@ -0,0 +1,55 @@
<script lang="ts">
import type { PageData } from './$types';
import { LucideClipboardCopy } from 'lucide-svelte';
import { Button } from '$lib/components/ui/button';
import QRCode from 'qrcode-svg';
const { data }: { data: PageData } = $props();
let tooltipText = $state('Copy to clipboard');
let qrCode = new QRCode({
content: data.config,
join: true,
});
async function copyToClipboard() {
await navigator.clipboard.writeText(data.config);
tooltipText = 'Copied!';
}
function onMouseLeave() {
tooltipText = 'Copy to clipboard';
}
</script>
<svelte:head>
<title></title>
</svelte:head>
<h1 class="bg-accent text-lg w-fit rounded-lg p-2 mb-4">{data.client.name}</h1>
<div class="flex flex-wrap gap-4">
<div class="relative bg-accent rounded-lg max-w-fit">
<div class="flex items-start p-2 overflow-x-auto">
<pre><code>{data.config}</code></pre>
<!--Copy button for the configuration-->
<!--Flex reverse for peer hover to work properly-->
<div class="absolute group flex flex-row-reverse items-center gap-1 right-2">
<Button class="peer size-10 p-2"
onclick={copyToClipboard}
onmouseleave={onMouseLeave}
>
<LucideClipboardCopy />
</Button>
<span class="hidden peer-hover:block bg-background text-xs rounded-lg p-2">
{tooltipText}
</span>
</div>
</div>
</div>
<div class="rounded-lg overflow-hidden">
{@html qrCode.svg()}
</div>
</div>

16
src/routes/clients/[id]/+page.ts Normal file
View File

@@ -0,0 +1,16 @@
import type { PageLoad } from './$types';
import type { ClientDetails } from '$lib/types/clients';
import { clientDetailsToConfig } from '$lib/clients';
import { error } from '@sveltejs/kit';
export const load: PageLoad = async ({ fetch, params }) => {
const res = await fetch(`/api/clients/${params.id}`);
const resJson = await res.json();
if (!res.ok) {
return error(res.status, resJson['message']);
}
const client = resJson as ClientDetails;
const config = clientDetailsToConfig(client);
return { client, config };
};

71
src/routes/connections/+page.svelte Normal file
View File

@@ -0,0 +1,71 @@
<script lang="ts">
import type { PageData } from './$types';
import { invalidate } from '$app/navigation';
import * as Table from '$lib/components/ui/table';
import { Badge } from '$lib/components/ui/badge';
const { data }: { data: PageData } = $props();
$effect(() => {
// refresh every 5 seconds
const interval = setInterval(() => {
console.log('Refreshing connections');
invalidate('/api/connections');
}, 5000);
return () => clearInterval(interval);
});
function getSize(size: number) {
let sizes = ['Bytes', 'KiB', 'MiB', 'GiB',
'TiB', 'PiB', 'EiB', 'ZiB', 'YiB'];
for (let i = 1; i < sizes.length; i++) {
if (size < Math.pow(1024, i))
return (Math.round((size / Math.pow(
1024, i - 1)) * 100) / 100) + ' ' + sizes[i - 1];
}
return size;
}
</script>
<svelte:head>
<title>Connections</title>
</svelte:head>
<Table.Root class="bg-accent rounded-lg overflow-hidden divide-y-2 divide-background">
<Table.Header>
<Table.Row>
<Table.Head scope="col">Name</Table.Head>
<Table.Head scope="col">Public Key</Table.Head>
<Table.Head scope="col">Endpoint</Table.Head>
<Table.Head scope="col">Allowed IPs</Table.Head>
<Table.Head scope="col">Latest Handshake</Table.Head>
<Table.Head scope="col">RX</Table.Head>
<Table.Head scope="col">TX</Table.Head>
<Table.Head scope="col" class="hidden">Persistent Keepalive</Table.Head>
<Table.Head scope="col" class="hidden">Interface Name</Table.Head>
</Table.Row>
</Table.Header>
<Table.Body class="divide-y-2 divide-background">
{#each data.peers.rows as peer}
<Table.Row class="hover:bg-background hover:bg-opacity-40">
<Table.Head scope="row">{peer.name}</Table.Head>
<Table.Cell class="truncate max-w-[10ch]">{peer['public-key']}</Table.Cell>
<Table.Cell>{peer.endpoint}</Table.Cell>
<Table.Cell>
<div class="flex flex-wrap gap-1">
{#each peer['allowed-ips'].split(',') as addr}
<Badge class="bg-background select-auto" variant="secondary">{addr}</Badge>
{/each}
</div>
</Table.Cell>
<Table.Cell>{new Date(peer['latest-handshake'] * 1000).toLocaleString()}</Table.Cell>
<Table.Cell>{getSize(peer['transfer-rx'])}</Table.Cell>
<Table.Cell>{getSize(peer['transfer-tx'])}</Table.Cell>
<Table.Cell class="hidden">{peer['persistent-keepalive']}</Table.Cell>
<Table.Cell class="hidden">{peer.ifname}</Table.Cell>
</Table.Row>
{/each}
</Table.Body>
</Table.Root>

9
src/routes/connections/+page.ts Normal file
View File

@@ -0,0 +1,9 @@
import type { PageLoad } from './$types';
import type { OpnsenseWgPeers } from '$lib/opnsense/wg';
export const load: PageLoad = async ({ fetch }) => {
const res = await fetch('/api/connections');
const peers = await res.json() as OpnsenseWgPeers;
return { peers };
};

34
src/routes/user/+page.svelte
View File

@@ -7,9 +7,9 @@
let isLoadingSignOut = $state(false); let isLoadingSignOut = $state(false);
function refetch() { function refetch() {
console.log("refetching"); console.log('refetching');
invalidate((url) => { invalidate((url) => {
console.log("invalidation url", url); console.log('invalidation url', url);
return true; return true;
}); });
invalidateAll(); invalidateAll();
@@ -20,21 +20,21 @@
<title>User Profile</title> <title>User Profile</title>
</svelte:head> </svelte:head>
<p> <pre>{JSON.stringify(data.user, null, 2)}</pre>
{JSON.stringify(data.user)}
</p>
<Button onclick={refetch}> <div class="flex gap-2">
<Button onclick={refetch}>
<LucideRefreshCw class="mr-2 h-4 w-4" /> <LucideRefreshCw class="mr-2 h-4 w-4" />
Invalidate Data Invalidate Data
</Button>
<form class="inline-flex" method="post" action="/auth?/logout">
<Button type="submit" onclick={() => {isLoadingSignOut = true}}>
{#if isLoadingSignOut}
<LucideLoaderCircle class="mr-2 h-4 w-4 animate-spin" />
{:else}
<LucideLogOut class="mr-2 h-4 w-4" />
{/if}
Sign Out
</Button> </Button>
</form> <form class="inline-flex" method="post" action="/auth?/logout">
<Button type="submit" onclick={() => {isLoadingSignOut = true}}>
{#if isLoadingSignOut}
<LucideLoaderCircle class="mr-2 h-4 w-4 animate-spin" />
{:else}
<LucideLogOut class="mr-2 h-4 w-4" />
{/if}
Sign Out
</Button>
</form>
</div>