74 lines
2.4 KiB
TypeScript
74 lines
2.4 KiB
TypeScript
import { error } from '@sveltejs/kit';
|
|
import type { RequestHandler } from './$types';
|
|
import { opnsenseAuth, opnsenseUrl } from '$lib/server/opnsense';
|
|
import type { OpnsenseWgPeers } from '$lib/opnsense/wg';
|
|
import { findDevices } from '$lib/server/devices';
|
|
import type { ConnectionDetails } from '$lib/connections';
|
|
import { opnsenseSanitezedUsername } from '$lib/opnsense';
|
|
|
|
export const GET: RequestHandler = async (event) => {
|
|
if (!event.locals.user) {
|
|
return error(401, 'Unauthorized');
|
|
}
|
|
console.debug('/api/connections');
|
|
const peers = await fetchOpnsensePeers(event.locals.user.username);
|
|
console.debug('/api/connections: fetched opnsense peers', peers.rowCount);
|
|
const devices = await findDevices(event.locals.user.id);
|
|
console.debug('/api/connections: fetched db devices');
|
|
|
|
if (!peers) {
|
|
return error(500, 'Error getting info from OPNsense API');
|
|
}
|
|
|
|
// TODO: this is all garbage performance
|
|
// filter devices with no recent handshakes
|
|
peers.rows = peers.rows.filter((peer) => peer['latest-handshake']);
|
|
|
|
// start from devices, to treat db as the source of truth
|
|
const connections: ConnectionDetails[] = [];
|
|
for (const device of devices) {
|
|
const peerData = peers.rows.find((peer) => peer['public-key'] === device.publicKey);
|
|
if (!peerData) continue;
|
|
connections.push({
|
|
deviceId: device.id,
|
|
deviceName: device.name,
|
|
devicePublicKey: device.publicKey,
|
|
deviceIps: peerData['allowed-ips'].split(','),
|
|
endpoint: peerData['endpoint'],
|
|
// swap rx and tx, since the opnsense values are from the server perspective
|
|
transferRx: peerData['transfer-tx'],
|
|
transferTx: peerData['transfer-rx'],
|
|
latestHandshake: peerData['latest-handshake'] * 1000,
|
|
});
|
|
}
|
|
|
|
return new Response(JSON.stringify(connections), {
|
|
headers: {
|
|
'Content-Type': 'application/json',
|
|
'Cache-Control': 'max-age=5',
|
|
},
|
|
});
|
|
};
|
|
|
|
async function fetchOpnsensePeers(username: string) {
|
|
const res = await fetch(`${opnsenseUrl}/api/wireguard/service/show`, {
|
|
method: 'POST',
|
|
headers: {
|
|
Authorization: opnsenseAuth,
|
|
Accept: 'application/json',
|
|
'Content-Type': 'application/json',
|
|
},
|
|
body: JSON.stringify({
|
|
current: 1,
|
|
// "rowCount": 7,
|
|
sort: {},
|
|
// TODO: use a more unique search phrase
|
|
// unfortunately 64 character limit,
|
|
// but it should be fine if users can't change their own username
|
|
searchPhrase: `vpgen-${opnsenseSanitezedUsername(username)}`,
|
|
type: ['peer'],
|
|
}),
|
|
});
|
|
return (await res.json()) as OpnsenseWgPeers;
|
|
}
|