def post(self, req):
js = req.META["WG_BODY"]
userid = js.get("id", "")
username = js.get("un", "")
password1 = js.get("pw1", "")
password2 = js.get("pw2", "")
if userid == "":
return reserr("需要用户id!")
if username == "":
return reserr("需要用户名!")
if password1 == "":
return reserr("需要用户密码!")
# chekc 旧密码是否正确
auth = authenticate(username=username, password=password1)
if auth is None:
return reserr("原密码错误!")
u = User.objects.get(id=userid)
u.username = username
u.set_password(password2)
u.save()
# 修改成功后 跳转到 login 重新登录
logout(req)
return resok()
def get(self, request):
iface_str = request.GET.get("iface", "")
if iface_str == "":
return funcs.reserr("需要指定接口!")
fmt = request.GET.get("format", "")
if fmt == "":
fmt = "conf"
elif fmt not in ("conf", "qrcode", "shell"):
return funcs.reserr("format 只能是 conf 或 qrcode 或 shell")
try:
iface = ClientWg.objects.get(user=request.user, iface=iface_str)
except ClientWg.DoesNotExist:
return funcs.reserr("指定的接口名不存在!")
conf = {}
conf["publickey"] = iface.server.publickey
conf["address"] = iface.ip
conf["privatekey"] = iface.privatekey
conf["presharedkey"] = iface.presharedkey
conf["allowedips"] = iface.allowedips_c
conf["endpoint"] = iface.server.address.split("/")[0] + ":" + str(
iface.server.listenport)
conf["persistentkeepalive"] = iface.persistentkeepalive
if fmt == "qrcode":
make_conf = funcs.render("client.conf", conf)
qr = qrcode.QRCode(box_size=4, border=1)
qr.make(fit=True)
qr.add_data(make_conf)
img = qr.make_image()
with io.BytesIO() as buf:
img.save(buf)
base64img = base64.b64encode(buf.getvalue())
return HttpResponse(base64img)
elif fmt == "conf":
make_conf = funcs.render("client.conf", conf)
res = HttpResponse(make_conf)
res["Content-Type"] = "application/octet-stream"
res['Content-Disposition'] = f'attachment; filename="{iface_str}.conf"'
return res
elif fmt == "shell":
conf["iface"] = iface_str
shell = funcs.render("client.shell", conf)
print(shell)
res = HttpResponse(shell)
res["Content-Type"] = "application/octet-stream"
res['Content-Disposition'] = f'attachment; filename="{iface_str}.sh"'
return res
def clientwg_change(username, wg):
"""
暂时没有,添加修改client功能
"""
client = {}
user_obj = User.objects.get(username=username)
serverid = wg.get("serverid", "")
if serverid == "":
return funcs.reserr("从属server接口是必须的")
try:
serverid = int(serverid)
except Exception:
return funcs.reserr("从属server接口是必须的")
try:
server_obj = ServerWg.objects.get(id=serverid)
except Exception:
return funcs.reserr(f"没有id: {serverid} 的server接口")
client["server"] = server_obj
iface = wg.get("iface", "")
if iface == "":
return funcs.reserr("接口名不能为空!")
else:
if ClientWg.objects.filter(user=user_obj, iface=iface):
return funcs.reserr(f"{iface} 已存在!")
else:
client["iface"] = iface
"""
privatekey = wg.get("privatekey")
if privatekey == "":
return funcs.reserr("privatekey 不能为空")
else:
try:
client["privatekey"] = wgcmd.genkey()
except Exception:
return funcs.reserr("privatekey 错误")
client["publickey"] = wgcmd.pubkey(client["privatekye"])
presharedkey = wg.get("presharedkey")
if presharedkey == "":
return funcs.reserr("presharedkey 不能为空")
else:
try:
client["presharedkey"] =
"""
return funcs.resok()
def serverwg_delete(wg):
iface = wg.get("iface", "")
if iface == "":
return funcs.reserr("删除server接口需要接口名")
try:
iface_model = ServerWg.objects.get(iface=iface)
except ServerWg.DoesNotExist:
return funcs.reserr(f"没有 {iface} server 接口")
funcs.debug(lambda: wgcmd.del_peer(iface_model.iface))
iface_model.delete()
return funcs.resok()
def config(iface, request):
# value: shell or conf
ls = ("conf", "shell")
fmt = checkargs(request, "format", ls)
ls = ("notlinux", "andriod", "linux", "windows", "ios", "macos")
ostype = checkargs(request, "ostype", ls)
iface = request.GET.get("iface", "")
try:
iface = ClientWg.objects.get(user=request.user, iface=iface)
except ClientWg.DoesNotExist:
return funcs.reserr("指定的接口名不存在!")
conf = {}
conf["publickey"] = iface.server.publickey
if ostype in ("andriod", "windows", "ios", "macos"):
conf["address"] = iface.server.ip
conf["privatekey"] = iface.privatekey
conf["presharedkey"] = iface.presharedkey
conf["allowedips"] = iface.allowedips_c
conf["endpoint"] = iface.server.address.split("/")[0] + ":" + str(
iface.server.listenport)
conf["persistentkeepalive"] = iface.persistentkeepalive
return conf
def delete(self, request):
wgid = request.META["WG_BODY"].get("ifaceid", "")
if wgid == "":
return funcs.reserr("需要iface id")
return wgop.clientwg_delete(wgid)
def dispatch(self, request, *args, **kwargs):
username = request.META.get("HTTP_WG_USERNAME")
pw = request.META.get("HTTP_WG_PASSWORD")
self.auth = authenticate(username=username, password=pw)
if self.auth is None:
return funcs.reserr("用户名或密码错误")
else:
return super().dispatch(request, *args, **kwargs)
def clientwg_delete(wgid):
try:
wgid = int(wgid)
except Exception:
return funcs.reserr("iface id 应该是个整数")
try:
clientwg = ClientWg.objects.get(id=wgid)
except Exception:
return funcs.reserr(f"iface id: {wgid} 不存在")
# delete client peer from server
iface = clientwg.server.iface
try:
funcs.debug(wgcmd.wg_delete_peer, iface, clientwg.publickey)
except Exception as e:
print(e)
return funcs.reserr("服务端删除peer失败!")
clientwg.delete()
return funcs.resok()
def get(self, req):
if not settings.DEBUG:
if req.user.username == "easywg" and req.user.password == "easywg":
print("首次登录请修改初始密码。")
return json({"code": 302, "router": "/accounts/chpassword/"})
if req.user.is_authenticated:
return res({
"username": req.user.username,
"serupuser": req.user.is_superuser
})
else:
return reserr("未登录")
def get(self, request):
iface = request.GET.get("iface", "")
if iface == "":
l = []
for queryset in ServerWg.objects.all():
l.append(funcs.serverwg2json(queryset))
return funcs.res(l)
else:
#print(f"查{iface}接口信息.")
try:
iface = ServerWg.objects.get(iface=iface)
except ServerWg.DoesNotExist:
return funcs.reserr(f"没有{iface}接口")
return funcs.res(funcs.serverwg2json(iface))
def post(self, req):
js = req.META["WG_BODY"]
username = js.get("un")
password = js.get("pw")
auth = authenticate(username=username, password=password)
if auth is None:
return reserr("用户名或密码错误")
else:
login(req, auth)
if not settings.DEBUG:
if username == "easywg" and password == "easywg":
return json({
"code": 302,
"router": "/accounts/chpassword/"
})
return res({"username": username, "superuser": auth.is_superuser})
def serverwg_add(wg):
i = {}
iface = wg.get("iface", "")
if iface:
if ServerWg.objects.filter(iface=iface):
return funcs.reserr(f"接口名: {iface} 已存在。")
else:
i["iface"] = iface
else:
# 如果 iface 为空 就自动生成
suffix = ServerWg.objects.aggregate(Max("id")).get("id__max")
if suffix:
p = 1
tmp = "easywg" + str(suffix + p)
while ServerWg.objects.filter(iface=tmp):
p += 1
tmp = "easywg" + str(suffix + p)
i["iface"] = tmp
else:
i["iface"] = "easywg0"
address = wg.get("address", "")
if address == "":
return funcs.reserr("address 是必须的")
else:
i["address"] = address
network = wg.get("network", "")
if network == "":
return funcs.reserr("network 是必须的")
else:
if ServerWg.objects.filter(network=network):
return funcs.reserr(f"network {network} 已存在!")
else:
i["network"] = network
i["ip"] = funcs.gateway(i["network"])
prikey = wg.get("privatekey")
if not prikey:
i["privatekey"] = wgcmd.genkey()
i["publickey"] = wgcmd.pubkey(i["privatekey"])
else:
try:
i["publickey"] = wgcmd.pubkey(prikey)
except Exception:
return funcs.reserr("privatekey 长度不对或格式不正确")
i["privatekey"] = prikey
i["persistentkeepalive"] = wg.get("persistentkeepalive", 35)
i["boot"] = wg.get("boot", True)
i["comment"] = wg.get("comment", "")
lp = wg.get("listenport", "")
if lp == "":
lp = ServerWg.objects.aggregate(
Max("listenport")).get("listenport__max")
if lp:
i["listenport"] = lp + 1
else:
i["listenport"] = 8324
else:
try:
listenport = int(lp)
except Exception:
return funcs.reserr("listenport 必须是 8324 ~ 65535 的数")
if ServerWg.objects.filter(listenport=listenport):
return funcs.reserr(f"listenport {lp} 冲突")
else:
i["listenport"] = listenport
print("添加一个接口:", i)
wgserver = ServerWg(**i)
try:
funcs.debug(wgcmd.add_wg, wgserver.iface, wgserver.ip)
funcs.debug(wgcmd.wg_set, wgserver.iface, wgserver.privatekey,
wgserver.listenport)
except CalledProcessError:
return funcs.reserr(f"添加接口 {wgserver.iface} 失败!")
wgserver.save()
i["id"] = wgserver.id
return funcs.res(i)
def clientwg_add(username, wg):
client = {}
user_obj = User.objects.get(username=username)
client["user"] = user_obj
serverid = wg.get("serverid", "")
if serverid == "":
return funcs.reserr("从属server接口是必须的")
try:
serverid = int(serverid)
except Exception:
return funcs.reserr("从属server接口是必须的")
try:
server_obj = ServerWg.objects.get(id=serverid)
except Exception:
return funcs.reserr(f"没有id: {serverid} 的server接口")
client["server"] = server_obj
iface = wg.get("iface", "")
if iface == "":
suffix = ClientWg.objects.aggregate(Max("id"), ).get("id__max")
if suffix:
p = 1
tmp = "wg" + str(suffix + p)
while ServerWg.objects.filter(iface=tmp):
p += 1
tmp = "wg" + str(suffix + p)
client["iface"] = tmp
else:
client["iface"] = "wg0"
else:
if ClientWg.objects.filter(user=user_obj, iface=iface):
return funcs.reserr(f"{iface} 已存在!")
else:
client["iface"] = iface
genip = funcs.getipaddr(server_obj.network)
for ip in genip:
if ClientWg.objects.filter(ip=ip):
print(f"ip: {ip} 已经存在, 查看下一个")
else:
break
client["ip"] = ip
client["allowedips_s"] = funcs.getnet_s(client["ip"])
client["allowedips_c"] = server_obj.network
client["privatekey"] = wgcmd.genkey()
client["publickey"] = wgcmd.pubkey(client["privatekey"])
client["presharedkey"] = wgcmd.genpsk()
client["comment"] = wg.get("comment", "")
clientwg = ClientWg(**client)
# add client peer to server
peer = {}
peer["preshared_key"] = client["presharedkey"]
peer["allowed_ips"] = client["allowedips_s"]
peer["persistent_keepalive"] = clientwg.persistentkeepalive
try:
funcs.debug(wgcmd.wg_peer, server_obj.iface, client["publickey"], peer)
except Exception as e:
print(f"peer add error: {e}")
return funcs.reserr("服务端添加peer失败!")
clientwg.save()
return funcs.resok()
def serverwg_change(wg):
iface_id = wg.get("id")
try:
iface = ServerWg.objects.get(id=iface_id)
except ServerWg.DoesNotExist:
return funcs.reserr("需要修改的接口不存在,请检查输入。")
iface_name = wg.get("iface", "")
if iface_name == "":
return funcs.reserr("需要修改的接口名不能为空")
iface_old_name = iface.iface
iface.iface = iface_name
address = wg.get("address", "")
if address == "":
return funcs.reserr("address 是必须的")
else:
iface.address = address
network = wg.get("network", "")
if network == "":
return funcs.reserr("network 是必须的")
# 检查是否有其他接口使用了这个net
if ServerWg.objects.filter(network=network).exclude(iface=iface_old_name):
return funcs.reserr("需要修改的网络已存在,请检查输入。")
iface.network = network
prikey = wg.get("privatekey")
if prikey:
iface.privatekey = prikey
try:
iface.publickey = wgcmd.pubkey(prikey)
except Exception:
return funcs.reserr("privatekey 长度不对或格式不正确")
else:
iface.privatekey = wgcmd.genkey()
iface.publickey = wgcmd.pubkey(iface.privatekey)
iface.persistentkeepalive = wg.get("persistentkeepalive", 35)
iface.boot = wg.get("boot", True)
iface.comment = wg.get("comment", "")
lp = wg.get("listenport", "")
if lp == "":
lp_id = ServerWg.objects.aggregate(
Max("listenport")).get("listenport__max")
iface.listenport = lp_id + 1
else:
try:
lp = int(lp)
except Exception:
return funcs.reserr("listenport 必须是 8324 ~ 65535 的数")
if ServerWg.objects.filter(listenport=lp).exclude(
iface=iface_old_name):
return funcs.reserr(f"listenport: {lp} 已存在, 请检查输入。")
else:
iface.listenport = lp
iface.save()
return funcs.resok()
