GUI: add enable/disable/delete peer actions and sync script-added peers

2026-04-14 12:37:41 +03:00
parent bb6cdb58ed
commit 69f51bd5d7
3 changed files with 270 additions and 4 deletions
--- a/gui/app.py
+++ b/gui/app.py
@@ -40,12 +40,21 @@ def ensure_schema():
              client_address TEXT,
              advertised_routes TEXT,
              client_conf TEXT,
+              peer_psk TEXT,
+              peer_allowed_ips TEXT,
+              enabled INTEGER NOT NULL DEFAULT 1,
              created_at TEXT NOT NULL DEFAULT (datetime('now'))
            );
        """)
        cols = {row[1] for row in cur.execute("PRAGMA table_info(peers)").fetchall()}
        if "client_conf" not in cols:
            cur.execute("ALTER TABLE peers ADD COLUMN client_conf TEXT")
+        if "peer_psk" not in cols:
+            cur.execute("ALTER TABLE peers ADD COLUMN peer_psk TEXT")
+        if "peer_allowed_ips" not in cols:
+            cur.execute("ALTER TABLE peers ADD COLUMN peer_allowed_ips TEXT")
+        if "enabled" not in cols:
+            cur.execute("ALTER TABLE peers ADD COLUMN enabled INTEGER NOT NULL DEFAULT 1")
        conn.commit()


@@ -282,13 +291,13 @@ def new_peer():
    with db_conn() as conn:
        cur = conn.cursor()
        cur.execute(
-            "UPDATE peers SET name=?, client_address=?, advertised_routes=?, client_conf=? WHERE public_key=?",
-            (name, client_addr, routes, client_conf, client_pub),
+            "UPDATE peers SET name=?, client_address=?, advertised_routes=?, client_conf=?, peer_psk=?, peer_allowed_ips=?, enabled=1 WHERE public_key=?",
+            (name, client_addr, routes, client_conf, client_psk, client_addr + (("," + routes) if routes else ""), client_pub),
        )
        if cur.rowcount == 0:
            cur.execute(
-                "INSERT INTO peers(name, public_key, client_address, advertised_routes, client_conf) VALUES (?,?,?,?,?)",
-                (name, client_pub, client_addr, routes, client_conf),
+                "INSERT INTO peers(name, public_key, client_address, advertised_routes, client_conf, peer_psk, peer_allowed_ips, enabled) VALUES (?,?,?,?,?,?,?,1)",
+                (name, client_pub, client_addr, routes, client_conf, client_psk, client_addr + (("," + routes) if routes else "")),
            )
        conn.commit()

@@ -327,6 +336,113 @@ def peer_view(peer_id: int):
    )


+@app.post("/peers/<int:peer_id>/disable")
+def peer_disable(peer_id: int):
+    with db_conn() as conn:
+        cur = conn.cursor()
+        cur.execute("SELECT * FROM peers WHERE id = ?", (peer_id,))
+        row = cur.fetchone()
+        if not row:
+            flash("Клиент не найден", "error")
+            return redirect(url_for("index"))
+        item = dict(row)
+
+    pk = item.get("public_key", "")
+    if not pk:
+        flash("Не найден public key", "error")
+        return redirect(url_for("index"))
+
+    try:
+        run(["/usr/local/sbin/wg-peerctl", "remove", "--client-public-key", pk])
+    except subprocess.CalledProcessError as e:
+        flash(f"Не удалось отключить peer: {e}", "error")
+        return redirect(url_for("index"))
+
+    with db_conn() as conn:
+        cur = conn.cursor()
+        cur.execute("UPDATE peers SET enabled=0 WHERE id = ?", (peer_id,))
+        conn.commit()
+    flash("Peer отключен", "ok")
+    return redirect(url_for("index"))
+
+
+@app.post("/peers/<int:peer_id>/enable")
+def peer_enable(peer_id: int):
+    with db_conn() as conn:
+        cur = conn.cursor()
+        cur.execute("SELECT * FROM peers WHERE id = ?", (peer_id,))
+        row = cur.fetchone()
+        if not row:
+            flash("Клиент не найден", "error")
+            return redirect(url_for("index"))
+        item = dict(row)
+
+    name = item.get("name", "")
+    pk = item.get("public_key", "")
+    addr = item.get("client_address", "")
+    routes = item.get("advertised_routes", "") or ""
+    psk = item.get("peer_psk", "") or ""
+    if not (name and pk and addr and psk):
+        flash("Недостаточно данных для включения peer (нужны name/public key/address/psk)", "error")
+        return redirect(url_for("index"))
+
+    cmd = [
+        "/usr/local/sbin/wg-peerctl",
+        "add",
+        "--client-name",
+        name,
+        "--client-public-key",
+        pk,
+        "--client-address",
+        addr,
+        "--client-preshared-key",
+        psk,
+        "--persistent-keepalive",
+        "25",
+    ]
+    if routes:
+        cmd += ["--client-routes", routes]
+
+    try:
+        run(cmd)
+    except subprocess.CalledProcessError as e:
+        flash(f"Не удалось включить peer: {e}", "error")
+        return redirect(url_for("index"))
+
+    with db_conn() as conn:
+        cur = conn.cursor()
+        cur.execute("UPDATE peers SET enabled=1 WHERE id = ?", (peer_id,))
+        conn.commit()
+    flash("Peer включен", "ok")
+    return redirect(url_for("index"))
+
+
+@app.post("/peers/<int:peer_id>/delete")
+def peer_delete(peer_id: int):
+    with db_conn() as conn:
+        cur = conn.cursor()
+        cur.execute("SELECT * FROM peers WHERE id = ?", (peer_id,))
+        row = cur.fetchone()
+        if not row:
+            flash("Клиент не найден", "error")
+            return redirect(url_for("index"))
+        item = dict(row)
+
+    pk = item.get("public_key", "")
+    if pk:
+        try:
+            run(["/usr/local/sbin/wg-peerctl", "remove", "--client-public-key", pk])
+        except Exception:
+            pass
+
+    with db_conn() as conn:
+        cur = conn.cursor()
+        cur.execute("DELETE FROM peers WHERE id = ?", (peer_id,))
+        conn.commit()
+    flash("Peer удален", "ok")
+    return redirect(url_for("index"))
+
+
@app.route("/scripts")
 def scripts():
    commands = {