-
Notifications
You must be signed in to change notification settings - Fork 24
/
Copy pathserver.js
149 lines (136 loc) · 5.68 KB
/
server.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
const config = require('./config.json')
var fs = require('fs')
var ini = require('ini')
const chalk = require('chalk')
const path = require('path')
const exec = require('child_process').exec
const fastify = require('fastify')({ logger: false })
fastify.register(require('fastify-static'), { root: path.join(__dirname) })
function cliMsg(msg, type) {
if (type !== 1) {
console.log(chalk.black.bgWhite("wg-api") + " " + msg)
} else {
console.log(chalk.black.bgWhite("wg-api") + " " + chalk.white.bgRed.bold(msg))
}
}
function formatBytes(a, b) {
if (0 == a) return "0 Bytes";
var c = 1024,
d = b || 2,
e = ["B", "KB", "MB", "GB", "TB", "PB", "EB", "ZB", "YB"],
f = Math.floor(Math.log(a) / Math.log(c));
return parseFloat((a / Math.pow(c, f)).toFixed(d)) + " " + e[f]
}
function formatTime(unixtimestamp) {
var months_arr = ['Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec']
var date = new Date(unixtimestamp * 1000);
var min = date.getMinutes().toString();
var sec = date.getSeconds().toString();
var resp = months_arr[date.getMonth()] +
' ' + date.getDate() + ', ' +
date.getFullYear() + ' ' +
date.getHours() + ':' +
min.substr(-2) +
':' + sec.substr(-2) + " UTC"
return resp;
}
function genError(code, msg) {
var res = { code: code, msg: msg }
return JSON.stringify(res, null, 2)
}
function authReq(req, reply, b) {
var checkVal = false;
if (config.allowedHosts.includes(req.ip)) {
checkVal = true;
}
if (config.allowedHosts.includes("*")) {
checkVal = true;
}
if (checkVal) {
reply.send(JSON.stringify(b, null, 2))
} else {
reply.send(genError(500, "unauthenticated"))
}
}
function authAction(req) {
if (config.allowedHosts.includes(req.ip)) {
return true
}
if (config.allowedHosts.includes("*")) {
return true
}
cliMsg(`${req.ip} denied access, please note this activity.`)
return false
}
fastify.get('/interface/info', function(req, reply) {
cliMsg(`${req.ip} requested server overview`)
exec('bash ./scripts/bash/json.sh', (err, stdout, stderr) => {
var temp = {}
temp.output = JSON.parse(stdout)
for (var inf in temp.output) {
temp.output[inf]['privateKey'] = "[hidden]"
for (var key in temp.output[inf]['peers']) {
temp.output[inf]['peers'][key]['transferRx'] = formatBytes(temp.output[inf]['peers'][key]['transferRx'], 3)
temp.output[inf]['peers'][key]['transferTx'] = formatBytes(temp.output[inf]['peers'][key]['transferTx'], 3)
temp.output[inf]['peers'][key]['latestHandshake'] = formatTime(Number(temp.output[inf]['peers'][key]['latestHandshake']))
}
}
authReq(req, reply, temp.output)
})
})
fastify.get('/peer/info/:username', function(request, reply) {
cliMsg(`${request.ip} requested info of peer ${request.params.username}`)
if (!authAction(request)) return
try {
var profile = ini.parse(fs.readFileSync('./profiles/' + request.params.username + '/wg0.conf', 'utf-8'))
profile.qr = "/peer/qr/" + request.params.username
reply.send(JSON.stringify({ code: 200, profile }, null, 2))
} catch (error) {
reply.send(JSON.stringify({ code: 404, error: "Profile not found" }, null, 2))
}
})
fastify.get('/peer/create/:username', function(request, reply) {
cliMsg(`${request.ip} requested new peer named ${request.params.username}`)
if (!authAction(request)) return
try {
var profile = ini.parse(fs.readFileSync('./profiles/' + request.params.username + '/wg0.conf', 'utf-8'))
profile.qr = "/peer/qr/" + request.params.username
reply.send(JSON.stringify({ code: 500, error: "Profile already exists", profile }, null, 2))
} catch (error) {
exec('bash ./scripts/bash/wg.sh -a ' + request.params.username, (err, stdout, stderr) => {
var profile = ini.parse(fs.readFileSync('./profiles/' + request.params.username + '/wg0.conf', 'utf-8'))
profile.qr = "/peer/qr/" + request.params.username
reply.send(JSON.stringify({ code: 200, profile }, null, 2))
})
}
})
fastify.get('/client/remove/:username', function(request, reply) {
cliMsg(`${request.ip} requested removal of peer ${request.params.username}`)
if (!authAction(request)) return
exec(`bash ./scripts/bash/wg.sh -d ${request.params.username}`, (err, stdout, stderr) => {
reply.send(JSON.stringify({ code: 200, profile: "Revoked" }, null, 2))
});
})
fastify.get('/peer/qr/:username', function(request, reply) {
cliMsg(`${request.ip} requested QR .png of peer ${request.params.username}`)
if (!authAction(request)) return
try {
reply.sendFile(path.join("profiles", request.params.username, request.params.username + ".png"))
} catch (error) {
reply.send(JSON.stringify({ code: 404, error: "Profile not found." }, null, 2))
}
})
fastify.get('/peer/plaintext/:username', function(request, reply) {
cliMsg(`${request.ip} requested plaintext cert of peer ${request.params.username}`)
if (!authAction(request)) return
try {
reply.sendFile(path.join("profiles", request.params.username, "wg0.conf"))
} catch (error) {
reply.send(JSON.stringify({ code: 404, error: "Profile not found." }, null, 2))
}
})
fastify.listen(config.listen.port, config.listen.host, err => {
if (err) throw err
cliMsg(`Now listening on ${config.listen.host}:${fastify.server.address().port}`)
cliMsg(`This endpoint is very insecure! Make sure you reverse-proxy it and properly configure allowed hosts.`, 1)
})