def wg_quick_up(interface_name):
try:
wg_quick.up(interface_name)
except wg_quick.WgQuickError as e:
raise ApiError(
422,
{
"message": "Failed to bring interface up",
"interface": interface_name
},
) from e
def wg_syncconf(config_data):
interface = config_data["interface"]
interface_name = interface["name"]
# FIXME: For `SaveConfig` to work this needs to be in `/etc/wireguard/`
with TemporaryFile() as ini_file:
ini_file.write("\n".join(ini_lines(interface)))
try:
wg.syncconf(interface_name, ini_file)
except wg.WgError as e:
# TODO: Log stuff on WgError
raise ApiError(
422,
{
"message": "Failed to sync configuration",
"interface": interface_name,
},
) from e
def authorize_modify_item(self, item, action):
if item.owner_id != self.get_request_credentials():
raise ApiError(403, {"code": "invalid_user"})
def authorize_create_item(self, item):
super().authorize_create_item(item)
if item.name == "Updated":
raise ApiError(403, {"code": "invalid_name"})
def get(self):
raise ApiError(int(flask.request.args.get('status_code', 400)))
def wg_show():
try:
show_output = StringIO(wg.show()) # FIXME: Maybe have to decode utf-8
except wg.WgError as e:
# TODO: Log stuff on WgError
raise ApiError(500, {"message": "Failed to retrieve stats"}) from e
results = []
current_interface = None
while True:
raw_entry = show_output.readline()
if raw_entry == "":
break
entry = raw_entry.split("\t")
if is_interface(entry):
interface_name, private_key, public_key, listen_port, fwmark = entry
if current_interface is not None:
results.append(current_interface)
current_interface = {
"name": interface_name,
"private_key": private_key,
"public_key": public_key,
"listen_port": int(listen_port),
"fwmark": fwmark,
"peers": [],
}
else:
(
_,
public_key,
preshared_key,
endpoint,
allowed_ips,
latest_handshake,
transfer_rx,
transfer_tx,
persistent_keepalive,
) = entry
current_interface["peers"].append({
"public_key":
public_key,
"preshared_key":
preshared_key,
"endpoint":
endpoint,
"allowed_ips":
allowed_ips.split(","),
"latest_handshake":
latest_handshake,
"transfer_rx":
transfer_rx,
"transfer_tx":
transfer_tx,
"persistent_keepalive":
persistent_keepalive,
})
return {"interfaces": results}
def post(self) -> Response:
"""
Endpoint returning authenticated user's basic info and access token
User credentials must be sent via request Basic Auth header to log in and receive access token.
---
tags:
- auth
definitions:
User:
type: object
properties:
user_id:
type: integer
description: The id of the user entry
username:
type: string
description: The user name of the user entry
email:
type: string
description: The email of the user entry
password:
type: string
description: The password of the user entry
security:
- basicAuth: []
responses:
200:
description: Basic info of authenticated user with access token
content:
application/json:
schema:
type: object
properties:
data:
allOf:
- $ref: '#/definitions/User'
- type: object
properties:
token:
type: string
description: JWT token
example:
user_id: 1
username: "******"
email: "*****@*****.**"
token: "JWT-TOKEN"
"""
auth = request.authorization
if not auth:
raise ApiError(401,
{"code": "invalid_credentials.missing_auth_header"})
username = auth.username
password = auth.password
user = User.query.filter(User.username == username).first()
if not user.valid_credentials(password):
raise ApiError(401, {"code": "invalid_credentials"})
data = self.schema.dump(user)
return self.make_response(data)
def authorize_create_item(self, item):
super(UserAuthorization, self).authorize_create_item(item)
if item.name == "Updated":
raise ApiError(403, {'code': 'invalid_name'})
def authorize_modify_item(self, item):
if item.owner_id != self.get_request_credentials():
raise ApiError(403, {'code': 'invalid_user'})
def authenticate_request(self, token):
try:
models.User.query.filter(token=token).one()
except NoResultFound:
raise ApiError(401, {"message": "Invalid credentials"})