GUI: add enable/disable/delete peer actions and sync script-added peers
This commit is contained in:
Ruslan
@@ -15,6 +15,7 @@ fi
|
||||
|
||||
LOG_FILE="/var/log/wireguard-peerctl.log"
|
||||
WG_META_FILE="/etc/wireguard/wg-meta.env"
|
||||
GUI_DB_FILE="/opt/wg-admin-gui/data/wgadmin.db"
|
||||
|
||||
usage() {
|
||||
cat <<'USAGE'
|
||||
@@ -27,12 +28,89 @@ usage() {
|
||||
[--client-preshared-key <psk>] \
|
||||
[--persistent-keepalive 25]
|
||||
|
||||
wg-peerctl.sh remove \
|
||||
--client-public-key <pubkey>
|
||||
|
||||
Описание:
|
||||
Скрипт добавляет peer в конфигурацию WireGuard-сервера идемпотентно.
|
||||
Если peer с таким public key уже существует, повторно не добавляет.
|
||||
USAGE
|
||||
}
|
||||
|
||||
sql_escape() {
|
||||
local s="$1"
|
||||
s="${s//\'/\'\'}"
|
||||
printf "%s" "$s"
|
||||
}
|
||||
|
||||
ensure_gui_db_schema() {
|
||||
command -v sqlite3 >/dev/null 2>&1 || return 0
|
||||
[[ -f "$GUI_DB_FILE" ]] || return 0
|
||||
sqlite3 "$GUI_DB_FILE" <<'SQL' >/dev/null 2>&1 || true
|
||||
CREATE TABLE IF NOT EXISTS peers (
|
||||
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
||||
name TEXT NOT NULL,
|
||||
public_key TEXT UNIQUE NOT NULL,
|
||||
client_address TEXT,
|
||||
advertised_routes TEXT,
|
||||
client_conf TEXT,
|
||||
peer_psk TEXT,
|
||||
peer_allowed_ips TEXT,
|
||||
enabled INTEGER NOT NULL DEFAULT 1,
|
||||
created_at TEXT NOT NULL DEFAULT (datetime('now'))
|
||||
);
|
||||
ALTER TABLE peers ADD COLUMN client_conf TEXT;
|
||||
ALTER TABLE peers ADD COLUMN peer_psk TEXT;
|
||||
ALTER TABLE peers ADD COLUMN peer_allowed_ips TEXT;
|
||||
ALTER TABLE peers ADD COLUMN enabled INTEGER NOT NULL DEFAULT 1;
|
||||
SQL
|
||||
}
|
||||
|
||||
sync_gui_db_upsert_peer() {
|
||||
local name="$1"
|
||||
local pubkey="$2"
|
||||
local address="$3"
|
||||
local routes="$4"
|
||||
local psk="$5"
|
||||
local peer_allowed_ips="$6"
|
||||
local enabled="${7:-1}"
|
||||
|
||||
command -v sqlite3 >/dev/null 2>&1 || return 0
|
||||
[[ -f "$GUI_DB_FILE" ]] || return 0
|
||||
ensure_gui_db_schema
|
||||
|
||||
local e_name e_pub e_addr e_routes e_psk e_allowed
|
||||
e_name="$(sql_escape "$name")"
|
||||
e_pub="$(sql_escape "$pubkey")"
|
||||
e_addr="$(sql_escape "$address")"
|
||||
e_routes="$(sql_escape "$routes")"
|
||||
e_psk="$(sql_escape "$psk")"
|
||||
e_allowed="$(sql_escape "$peer_allowed_ips")"
|
||||
|
||||
sqlite3 "$GUI_DB_FILE" <<SQL >/dev/null 2>&1 || true
|
||||
INSERT INTO peers(name, public_key, client_address, advertised_routes, peer_psk, peer_allowed_ips, enabled)
|
||||
VALUES ('$e_name', '$e_pub', '$e_addr', '$e_routes', '$e_psk', '$e_allowed', $enabled)
|
||||
ON CONFLICT(public_key)
|
||||
DO UPDATE SET
|
||||
name=excluded.name,
|
||||
client_address=excluded.client_address,
|
||||
advertised_routes=excluded.advertised_routes,
|
||||
peer_psk=excluded.peer_psk,
|
||||
peer_allowed_ips=excluded.peer_allowed_ips,
|
||||
enabled=excluded.enabled;
|
||||
SQL
|
||||
}
|
||||
|
||||
sync_gui_db_set_enabled() {
|
||||
local pubkey="$1"
|
||||
local enabled="$2"
|
||||
command -v sqlite3 >/dev/null 2>&1 || return 0
|
||||
[[ -f "$GUI_DB_FILE" ]] || return 0
|
||||
local e_pub
|
||||
e_pub="$(sql_escape "$pubkey")"
|
||||
sqlite3 "$GUI_DB_FILE" "UPDATE peers SET enabled=${enabled} WHERE public_key='${e_pub}';" >/dev/null 2>&1 || true
|
||||
}
|
||||
|
||||
load_meta() {
|
||||
[[ -f "$WG_META_FILE" ]] || die "Не найден $WG_META_FILE. Сначала выполните install_server.sh"
|
||||
# shellcheck disable=SC1090
|
||||
@@ -219,6 +297,7 @@ EOF_OUT
|
||||
} >> "$WG_CONF"
|
||||
|
||||
apply_config
|
||||
sync_gui_db_upsert_peer "$client_name" "$client_pubkey" "$client_address" "$client_routes" "$client_psk" "$peer_allowed_ips" 1
|
||||
|
||||
cat <<EOF_OUT
|
||||
STATUS=created
|
||||
@@ -232,6 +311,60 @@ WG_NETWORK=${WG_NETWORK}
|
||||
EOF_OUT
|
||||
}
|
||||
|
||||
cmd_remove() {
|
||||
local client_pubkey=""
|
||||
while [[ $# -gt 0 ]]; do
|
||||
case "$1" in
|
||||
--client-public-key)
|
||||
client_pubkey="$2"; shift 2 ;;
|
||||
*)
|
||||
die "Неизвестный аргумент: $1"
|
||||
;;
|
||||
esac
|
||||
done
|
||||
[[ -n "$client_pubkey" ]] || die "Не указан --client-public-key"
|
||||
|
||||
load_meta
|
||||
[[ -f "$WG_CONF" ]] || die "Не найден конфиг WireGuard: $WG_CONF"
|
||||
backup_file "$WG_CONF"
|
||||
|
||||
local tmp
|
||||
tmp="$(mktemp)"
|
||||
awk -v pk="$client_pubkey" '
|
||||
BEGIN {in=0; block=""; keep=1}
|
||||
/^\[Peer\]/ {
|
||||
if (in && keep) printf "%s", block
|
||||
in=1; block=$0 ORS; keep=1; next
|
||||
}
|
||||
{
|
||||
if (in) {
|
||||
block = block $0 ORS
|
||||
if ($0 ~ /^PublicKey[[:space:]]*=/) {
|
||||
line=$0
|
||||
sub(/^[^=]*=[[:space:]]*/, "", line)
|
||||
if (line == pk) keep=0
|
||||
}
|
||||
next
|
||||
}
|
||||
print
|
||||
}
|
||||
END {
|
||||
if (in && keep) printf "%s", block
|
||||
}
|
||||
' "$WG_CONF" > "$tmp"
|
||||
mv "$tmp" "$WG_CONF"
|
||||
safe_chmod_600 "$WG_CONF"
|
||||
|
||||
apply_config
|
||||
sync_gui_db_set_enabled "$client_pubkey" 0
|
||||
|
||||
cat <<EOF_OUT
|
||||
STATUS=removed
|
||||
PUBLIC_KEY=${client_pubkey}
|
||||
WG_INTERFACE=${WG_INTERFACE}
|
||||
EOF_OUT
|
||||
}
|
||||
|
||||
main() {
|
||||
local cmd="${1:-}"
|
||||
if [[ -z "$cmd" ]]; then
|
||||
@@ -246,6 +379,11 @@ main() {
|
||||
check_os_supported
|
||||
cmd_add "$@"
|
||||
;;
|
||||
remove)
|
||||
require_root
|
||||
check_os_supported
|
||||
cmd_remove "$@"
|
||||
;;
|
||||
-h|--help|help)
|
||||
usage
|
||||
;;
|
||||
|
||||
Reference in New Issue
Block a user