wireguardhttps

package module
v0.0.0-...-8c4a66f Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 11, 2020 License: MIT Imports: 26 Imported by: 0

README

WireguardHTTPS

WireguardHTTPS is a Wireguard VPN controller. It allows users to authenticate using Microsoft Azure AD and manage devices that belong to them. The intention is to allow users to create arbitrary networks. This program interfaces with wgrpcd and should not be run as root.

"WireGuard" and the "WireGuard" logo are registered trademarks of Jason A. Donenfeld." You can download Wireguard at https://www.wireguard.com/

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AuthenticationRequiredMiddleware 

func AuthenticationRequiredMiddleware(store sessions.Store, sessionName string) func(*gin.Context)

func ProviderWhitelistMiddleware 

func ProviderWhitelistMiddleware(c *gin.Context)

func Router 

func Router(config *ServerConfig) *gin.Engine

Types

type AddressRange 

type AddressRange struct {
	Network net.IPNet
}

AddressRange provides methods for assigning IP addresses within a subnet.

func (*AddressRange) Addresses 

func (a *AddressRange) Addresses() []net.IP

Addresses returns all IP addresses within a CIDR.

func (*AddressRange) Finish 

func (a *AddressRange) Finish() net.IP

func (*AddressRange) Next 

func (a *AddressRange) Next(current net.IP) (net.IP, error)

Next returns the next IP address within a subnet given the last IP address. It will fail with an error if the IP address in not within the subnet, or if the subnet has run out of IP addresses. Callers should prevent IP address conflicts by ensuring only one IP address can be assigned at a time in a subnet, such as by using a `sync.Mutex` before checking the IP address data store and unlocking it after updating the data store with the newly allocated IP.

func (*AddressRange) Start 

func (a *AddressRange) Start() net.IP

type Database 

type Database interface {
	Initialize() error
	Addresses() ([]IPAddress, error)
	AllocateSubnet(addresses []net.IP) error
	CreateDevice(owner UserProfile, name, os string, deviceFunc DeviceFunc) (Device, *wgrpcd.PeerConfigInfo, error)
	RekeyDevice(owner UserProfile, device Device, deviceFunc DeviceFunc) (Device, *wgrpcd.PeerConfigInfo, error)
	Devices(owner UserProfile) ([]Device, error)
	Device(owner UserProfile, deviceID int) (Device, error)
	RemoveDevice(owner UserProfile, device Device, deleteFunc DeleteFunc) error
	RegisterUser(authPlatformUserID, authPlatform string) (UserProfile, error)
	GetUser(userID int) (UserProfile, error)
	DeleteUser(userID int) error
	Close() error
}

Database represents all operations needed to persist devices, IP address and user info. Implementations of Database should ensure all errors are wrapped in the appropriate wireguardhttps error type.

func NewPostgresDatabase 

func NewPostgresDatabase(connectionString string) (Database, error)

func NewSQLiteDatabase 

func NewSQLiteDatabase(path string) (Database, error)

type DatabaseError 

type DatabaseError struct {
	// contains filtered or unexported fields
}

DatabaseError is our package specific error for all other errors. If a Database implementation cannot fit an error into any other error type, it should return DatabaseError.

func (*DatabaseError) Error 

func (d *DatabaseError) Error() string

type DeleteFunc 

type DeleteFunc func() error

DeleteFunc deletes a device on the Wireguard interface.

type Device 

type Device struct {
	gorm.Model
	IP        IPAddress `gorm:"foreignkey:IPAddress;auto_preload"`
	IPAddress string    `gorm:"UNIQUE"`
	Name      string
	OS        string
	Owner     UserProfile `gorm:"foreignkey:OwnerID;auto_preload"`
	OwnerID   int
	PublicKey string `gorm:"UNIQUE"`
}

Device is a connected Wireguard peer. Devices must be assigned an unassigned IP address from the `IPAddress` table Each device must have a unique IP address and public key, and we use the UNIQUE SQL constraint to enforce this.

type DeviceFunc 

type DeviceFunc func(IPAddress) (*wgrpcd.PeerConfigInfo, error)

DeviceFunc creates a device on the Wireguard interface and returns an error on failure. This allows us to take advantage of SQL transactions.

type DeviceRequest 

type DeviceRequest struct {
	Name string `json:"name"`
	OS   string `json:"os"`
}

type IPAddress 

type IPAddress struct {
	gorm.Model
	Address string `gorm:"PRIMARY_KEY;UNIQUE"`
}

IPAddress is a single IP address. IPAddresses are meant to be allocated at program initialization and all stored in the database. For example, if wireguardhttps is initialized with the subnet 10.0.0.0/24, an entry will be created in this table for every IP address between 10.0.0.0 and 10.0.0.255.

type IPNotInSubnetError 

type IPNotInSubnetError struct {
	Network net.IPNet
	IP      net.IP
}

func (*IPNotInSubnetError) Error 

func (i *IPNotInSubnetError) Error() string

type IPsExhaustedError 

type IPsExhaustedError struct {
	Network net.IPNet
}

func (*IPsExhaustedError) Error 

func (i *IPsExhaustedError) Error() string

type PeerConfigINI 

type PeerConfigINI struct {
	PublicKey  string
	PrivateKey string
	AllowedIPs []string
	Addresses  []string
	DNSServers []string
	ServerName string
}

type RecordNotFoundError 

type RecordNotFoundError struct {
	// contains filtered or unexported fields
}

RecordNotFoundError is our package specific not found error. Database implementations should return this when they can't find a record, so the caller can handle this case without knowing about the underlying database.

func (*RecordNotFoundError) Error 

func (r *RecordNotFoundError) Error() string

type ServerConfig 

type ServerConfig struct {
	DNSServers          []net.IP
	Endpoint            *url.URL
	HTTPHost            *url.URL
	Templates           map[string]*template.Template
	WireguardDeviceName string
	WireguardClient     *wgrpcd.Client
	Database            Database
	AuthProviders       []goth.Provider
	IsDebug             bool
	SessionStore        sessions.Store
	SessionName         string
	CSRFKey             []byte
	StaticAssetsDir     string
	CDNWhitelist        []*url.URL
	MaxCookieAge        int
	IsHeroku            bool
}

ServerConfig contains all info needed to configure a WireguardHTTPS instance.

type UserProfile 

type UserProfile struct {
	gorm.Model
	AuthPlatformUserID string `gorm:"UNIQUE;PRIMARY_KEY"`
	AuthPlatform       string
}

UserProfile represents a user who authenticated using an OpenID integration. We maintain as little information as possible about users to make this application a less attractive target to hackers.

type WireguardHandlers 

type WireguardHandlers struct {
	*ServerConfig
}

func (*WireguardHandlers) AuthenticateHandler 

func (wh *WireguardHandlers) AuthenticateHandler(c *gin.Context)

func (*WireguardHandlers) DeleteDeviceHandler 

func (wh *WireguardHandlers) DeleteDeviceHandler(c *gin.Context)

func (*WireguardHandlers) ListUserDevicesHandler 

func (wh *WireguardHandlers) ListUserDevicesHandler(c *gin.Context)

func (*WireguardHandlers) LogoutHandler 

func (wh *WireguardHandlers) LogoutHandler(c *gin.Context)

func (*WireguardHandlers) NewDeviceHandler 

func (wh *WireguardHandlers) NewDeviceHandler(c *gin.Context)

func (*WireguardHandlers) OAuthCallbackHandler 

func (wh *WireguardHandlers) OAuthCallbackHandler(c *gin.Context)

func (*WireguardHandlers) RekeyDeviceHandler 

func (wh *WireguardHandlers) RekeyDeviceHandler(c *gin.Context)

func (*WireguardHandlers) UserProfileInfoHandler 

func (wh *WireguardHandlers) UserProfileInfoHandler(c *gin.Context)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.