From 85771efebafb3db5b4da4e76dcdac258786f7e46 Mon Sep 17 00:00:00 2001 From: Filip Slezak Date: Tue, 16 Apr 2024 20:49:46 +0200 Subject: [PATCH 1/4] docs: update readme --- README.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a63f4245..cf32613f 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,12 @@ To learn more about the system see our [documentation](https://defguard.gitbook. Make sure to install prerequisites from [tauri](https://tauri.app/v1/guides/getting-started/prerequisites/). +### Proto submodule +Make sure you have cloned, and up to date, proto submodule in `src-tauri/proto` + +### Protoc compiler +Make sure you have [protoc](https://grpc.io/docs/protoc-installation/) available. + ### Install pnpm and node deps ```bash @@ -37,10 +43,16 @@ pnpm install pnpm tauri dev ``` +### Build command +```bash +pnpm tauri build +``` +Built packages are available after in `src-tauri/target/release/bundle`. + ### Windows Remove `default-run` line from `[package]` section in `Cargo.toml` to build the project. # Legal - - *defguard is not an official WireGuard project, and WireGuard is a registered trademark of Jason A. Donenfeld.* \ No newline at end of file + - *defguard is not an official WireGuard project, and WireGuard is a registered trademark of Jason A. Donenfeld.* From df687040e3f9307019d363339087ff31784505a5 Mon Sep 17 00:00:00 2001 From: Jacek Chmielewski Date: Wed, 17 Apr 2024 12:11:55 +0200 Subject: [PATCH 2/4] Detach, sign and reattach burn-engine during windows CI --- .github/workflows/release.yaml | 78 ++++++++++++++++++++++++++++++---- 1 file changed, 69 insertions(+), 9 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 5757b09b..8c9922f4 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -225,6 +225,14 @@ jobs: asset_path: src-tauri/target/${{ matrix.target }}/product-signed/defguard.pkg asset_name: defguard-${{ matrix.target }}-${{ env.VERSION }}.pkg asset_content_type: application/octet-stream + + # Building signed windows bundle involves a few steps as described here: + # https://wixtoolset.org/docs/tools/signing/#signing-bundles-at-the-command-line + # 1. Build defguard & bundle the binaries (defguard & wireguard) using wix (windows) + # 2. Detach the burn engine from the bundle so that it can be signed (also windows) + # 3. Sign the burn engine (linux) + # 4. Reattach the burn engine back to the bundle (windows again) + # 5. Sign the whole bundle (linux) build-windows: needs: - create-release @@ -271,18 +279,70 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Bundle application run: | + # prepare wix extension dotnet tool install --global wix --version 4.0.5 wix extension add WixToolset.Bal.wixext/4 + # bundle defguard & wireguard binaries together wix build .\src-tauri\resources-windows\defguard-client.wxs -ext .\.wix\extensions\WixToolset.Bal.wixext\4\wixext4\WixToolset.Bal.wixext.dll - - name: Upload installer artifact + # detach burn engine from the bundle to be signed + wix burn detach .\src-tauri\resources-windows\defguard-client.exe -engine .\src-tauri\resources-windows\burnengine.exe + - name: Upload unsigned bundle and burn-engine uses: actions/upload-artifact@v4 with: - name: defguard-client.exe - path: src-tauri/resources-windows/defguard-client.exe - sign-msi: + name: unsigned-bundle-and-burnengine + path: | + src-tauri/resources-windows/defguard-client.exe + src-tauri/resources-windows/burnengine.exe + sign-burn-engine: needs: - build-windows + runs-on: + - self-hosted + - Linux + steps: + - name: Write release version + run: | + VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1) + echo Version: $VERSION + echo "VERSION=$VERSION" >> $GITHUB_ENV + - name: Download unsigned bundle & burn-engine + uses: actions/download-artifact@v4 + with: + name: unsigned-bundle-and-burnengine + - name: Sign burn-engine + run: osslsigncode sign -pkcs11module /srv/codesign/certum/sc30pkcs11-3.0.6.68-MS.so -certs /srv/codesign/29ee7778ca5217107841bbbf6b3062e1.pem -key ${{ secrets.CODESIGN_KEYID }} -pass ${{ secrets.CODESIGN_PIN }} -h sha256 -t http://time.certum.pl/ -in burnengine.exe -out burnengine-signed.exe + - name: Upload bundle and burn-engine artifact + uses: actions/upload-artifact@v4 + with: + name: unsigned-bundle-and-signed-burnengine + path: | + src-tauri/resources-windows/defguard-client.exe + src-tauri/resources-windows/burnengine-signed.exe + reattach-burn-engine: + needs: + - sign-burn-engine + runs-on: windows-latest + steps: + - name: Download unsigned bundle & signed burn-engine + uses: actions/download-artifact@v4 + with: + name: unsigned-bundle-and-signed-burnengine + - name: Reattach burn-engine + run: | + # prepare wix extension + dotnet tool install --global wix --version 4.0.5 + wix extension add WixToolset.Bal.wixext/4 + # reattach burn engine to the bundle + wix burn reattach .\src-tauri\resources-windows\defguard-client.exe -engine .\src-tauri\resources-windows\burnengine-signed.exe -o defguard-client-reattached.exe + - name: Upload bundle with reattached burn-engine + uses: actions/upload-artifact@v4 + with: + name: unsigned-bundle-with-reattached-signed-burn-engine + path: defguard-client-reattached.exe + sign-bundle: + needs: - create-release + - reattach-burn-engine runs-on: - self-hosted - Linux @@ -292,13 +352,13 @@ jobs: VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1) echo Version: $VERSION echo "VERSION=$VERSION" >> $GITHUB_ENV - - name: Download a single artifact + - name: Download unsigned bundle & signed burn-engine uses: actions/download-artifact@v4 with: - name: defguard-client.exe - - name: Sign MSI - run: osslsigncode sign -pkcs11module /srv/codesign/certum/sc30pkcs11-3.0.6.68-MS.so -certs /srv/codesign/29ee7778ca5217107841bbbf6b3062e1.pem -key ${{ secrets.CODESIGN_KEYID }} -pass ${{ secrets.CODESIGN_PIN }} -h sha256 -t http://time.certum.pl/ -in defguard-client.exe -out defguard-client-signed.exe - - name: Upload installer + name: unsigned-bundle-with-reattached-signed-burn-engine + - name: Sign bundle + run: osslsigncode sign -pkcs11module /srv/codesign/certum/sc30pkcs11-3.0.6.68-MS.so -certs /srv/codesign/29ee7778ca5217107841bbbf6b3062e1.pem -key ${{ secrets.CODESIGN_KEYID }} -pass ${{ secrets.CODESIGN_PIN }} -h sha256 -t http://time.certum.pl/ -in defguard-client-reattached.exe -out defguard-client-signed.exe + - name: Upload installer asset uses: actions/upload-release-asset@v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 8bb5c14bddc5a4af100a4971fb096148378d8e92 Mon Sep 17 00:00:00 2001 From: Jacek Chmielewski Date: Wed, 17 Apr 2024 13:52:35 +0200 Subject: [PATCH 3/4] Fix windows CI binary paths --- .github/workflows/release.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 8c9922f4..2b33a885 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -316,8 +316,8 @@ jobs: with: name: unsigned-bundle-and-signed-burnengine path: | - src-tauri/resources-windows/defguard-client.exe - src-tauri/resources-windows/burnengine-signed.exe + defguard-client.exe + burnengine-signed.exe reattach-burn-engine: needs: - sign-burn-engine @@ -333,7 +333,7 @@ jobs: dotnet tool install --global wix --version 4.0.5 wix extension add WixToolset.Bal.wixext/4 # reattach burn engine to the bundle - wix burn reattach .\src-tauri\resources-windows\defguard-client.exe -engine .\src-tauri\resources-windows\burnengine-signed.exe -o defguard-client-reattached.exe + wix burn reattach defguard-client.exe -engine burnengine-signed.exe -o defguard-client-reattached.exe - name: Upload bundle with reattached burn-engine uses: actions/upload-artifact@v4 with: From 604bcae07ad1485ac6ea9a3ee3e7cf1585f1fccb Mon Sep 17 00:00:00 2001 From: Maciek Date: Thu, 18 Apr 2024 15:44:21 +0200 Subject: [PATCH 4/4] feat: support for preshared keys in non-defguard tunnel configuration (#226) * add preshared key to Tunnel model * update tunnel configuration forms * update config parser * fix empty string serialization * actually set tunnel psk --- ...e3028e88be06d10c112e4b4a16b1599f8657.json} | 28 +++++++++------- ...9b9fb274d4254b479816b3892c9593f76b13.json} | 28 +++++++++------- ...ff153682182940f382d977a59ebf8cf7def0.json} | 28 +++++++++------- ...1fafaff49e75319a3533279ec6ff574fd77cc.json | 12 ------- ...3cd8f85e45098d2fe5fc58ca81a43f57fd324.json | 12 +++++++ ...e37c97a45f123d0fd59029b13ac4488cbaf67.json | 20 +++++++++++ ...4b9dfc7d69250bdf2799a8684fd4d93986701.json | 20 ----------- ...0240418065649_add_tunnel_preshared_key.sql | 1 + src-tauri/src/database/models/tunnel.rs | 33 +++++++++++++------ src-tauri/src/utils.rs | 5 +++ src-tauri/src/wg_config.rs | 3 ++ src/i18n/en/index.ts | 2 ++ src/i18n/i18n-types.ts | 16 +++++++++ .../AddTunnelFormCard/AddTunnelFormCard.tsx | 13 ++++++++ .../components/EditTunnelFormCard.tsx | 15 +++++++++ src/pages/client/types.ts | 1 + 16 files changed, 162 insertions(+), 75 deletions(-) rename src-tauri/.sqlx/{query-66208ae39fb096ab67d767447c7671429006b303eb6aeb452b1a99716a933ba6.json => query-25e253a71c188be173e3dce3c640e3028e88be06d10c112e4b4a16b1599f8657.json} (84%) rename src-tauri/.sqlx/{query-e7e1186f31f01b80f2bd575e704db5377b5aa389e4e71d0aaf1f7fc5312574d2.json => query-294b2d391d5cf01a2e756ae357869b9fb274d4254b479816b3892c9593f76b13.json} (83%) rename src-tauri/.sqlx/{query-c372f0b7ed83311ea369a309b6da796e6944d87b1be160ce7aa2cdbf57c20e78.json => query-31cce786a98f42f93bef6beb172aff153682182940f382d977a59ebf8cf7def0.json} (82%) delete mode 100644 src-tauri/.sqlx/query-45dee5e00c040e079779b1202cd1fafaff49e75319a3533279ec6ff574fd77cc.json create mode 100644 src-tauri/.sqlx/query-ad7da802eaf8c3ff61dc3d9811a3cd8f85e45098d2fe5fc58ca81a43f57fd324.json create mode 100644 src-tauri/.sqlx/query-aee2085be1fbcb527eb15059c07e37c97a45f123d0fd59029b13ac4488cbaf67.json delete mode 100644 src-tauri/.sqlx/query-d7cf32155e5dc7d775d5884014d4b9dfc7d69250bdf2799a8684fd4d93986701.json create mode 100644 src-tauri/migrations/20240418065649_add_tunnel_preshared_key.sql diff --git a/src-tauri/.sqlx/query-66208ae39fb096ab67d767447c7671429006b303eb6aeb452b1a99716a933ba6.json b/src-tauri/.sqlx/query-25e253a71c188be173e3dce3c640e3028e88be06d10c112e4b4a16b1599f8657.json similarity index 84% rename from src-tauri/.sqlx/query-66208ae39fb096ab67d767447c7671429006b303eb6aeb452b1a99716a933ba6.json rename to src-tauri/.sqlx/query-25e253a71c188be173e3dce3c640e3028e88be06d10c112e4b4a16b1599f8657.json index 75f9cb7e..278bb272 100644 --- a/src-tauri/.sqlx/query-66208ae39fb096ab67d767447c7671429006b303eb6aeb452b1a99716a933ba6.json +++ b/src-tauri/.sqlx/query-25e253a71c188be173e3dce3c640e3028e88be06d10c112e4b4a16b1599f8657.json @@ -1,6 +1,6 @@ { "db_name": "SQLite", - "query": "SELECT id \"id?\", name, pubkey, prvkey, address, server_pubkey, allowed_ips, endpoint, dns, persistent_keep_alive, route_all_traffic, pre_up, post_up, pre_down, post_down FROM tunnel;", + "query": "SELECT id \"id?\", name, pubkey, prvkey, address, server_pubkey, preshared_key, allowed_ips, endpoint, dns, persistent_keep_alive, route_all_traffic, pre_up, post_up, pre_down, post_down FROM tunnel;", "describe": { "columns": [ { @@ -34,48 +34,53 @@ "type_info": "Text" }, { - "name": "allowed_ips", + "name": "preshared_key", "ordinal": 6, "type_info": "Text" }, { - "name": "endpoint", + "name": "allowed_ips", "ordinal": 7, "type_info": "Text" }, { - "name": "dns", + "name": "endpoint", "ordinal": 8, "type_info": "Text" }, { - "name": "persistent_keep_alive", + "name": "dns", "ordinal": 9, + "type_info": "Text" + }, + { + "name": "persistent_keep_alive", + "ordinal": 10, "type_info": "Int64" }, { "name": "route_all_traffic", - "ordinal": 10, + "ordinal": 11, "type_info": "Bool" }, { "name": "pre_up", - "ordinal": 11, + "ordinal": 12, "type_info": "Text" }, { "name": "post_up", - "ordinal": 12, + "ordinal": 13, "type_info": "Text" }, { "name": "pre_down", - "ordinal": 13, + "ordinal": 14, "type_info": "Text" }, { "name": "post_down", - "ordinal": 14, + "ordinal": 15, "type_info": "Text" } ], @@ -90,6 +95,7 @@ false, false, true, + true, false, true, false, @@ -100,5 +106,5 @@ true ] }, - "hash": "66208ae39fb096ab67d767447c7671429006b303eb6aeb452b1a99716a933ba6" + "hash": "25e253a71c188be173e3dce3c640e3028e88be06d10c112e4b4a16b1599f8657" } diff --git a/src-tauri/.sqlx/query-e7e1186f31f01b80f2bd575e704db5377b5aa389e4e71d0aaf1f7fc5312574d2.json b/src-tauri/.sqlx/query-294b2d391d5cf01a2e756ae357869b9fb274d4254b479816b3892c9593f76b13.json similarity index 83% rename from src-tauri/.sqlx/query-e7e1186f31f01b80f2bd575e704db5377b5aa389e4e71d0aaf1f7fc5312574d2.json rename to src-tauri/.sqlx/query-294b2d391d5cf01a2e756ae357869b9fb274d4254b479816b3892c9593f76b13.json index f7cac7d2..eef275ed 100644 --- a/src-tauri/.sqlx/query-e7e1186f31f01b80f2bd575e704db5377b5aa389e4e71d0aaf1f7fc5312574d2.json +++ b/src-tauri/.sqlx/query-294b2d391d5cf01a2e756ae357869b9fb274d4254b479816b3892c9593f76b13.json @@ -1,6 +1,6 @@ { "db_name": "SQLite", - "query": "SELECT id \"id?\", name, pubkey, prvkey, address, server_pubkey, allowed_ips, endpoint, dns, persistent_keep_alive, route_all_traffic, pre_up, post_up, pre_down, post_down FROM tunnel WHERE id = $1;", + "query": "SELECT id \"id?\", name, pubkey, prvkey, address, server_pubkey, preshared_key, allowed_ips, endpoint, dns, persistent_keep_alive, route_all_traffic, pre_up, post_up, pre_down, post_down FROM tunnel WHERE id = $1;", "describe": { "columns": [ { @@ -34,48 +34,53 @@ "type_info": "Text" }, { - "name": "allowed_ips", + "name": "preshared_key", "ordinal": 6, "type_info": "Text" }, { - "name": "endpoint", + "name": "allowed_ips", "ordinal": 7, "type_info": "Text" }, { - "name": "dns", + "name": "endpoint", "ordinal": 8, "type_info": "Text" }, { - "name": "persistent_keep_alive", + "name": "dns", "ordinal": 9, + "type_info": "Text" + }, + { + "name": "persistent_keep_alive", + "ordinal": 10, "type_info": "Int64" }, { "name": "route_all_traffic", - "ordinal": 10, + "ordinal": 11, "type_info": "Bool" }, { "name": "pre_up", - "ordinal": 11, + "ordinal": 12, "type_info": "Text" }, { "name": "post_up", - "ordinal": 12, + "ordinal": 13, "type_info": "Text" }, { "name": "pre_down", - "ordinal": 13, + "ordinal": 14, "type_info": "Text" }, { "name": "post_down", - "ordinal": 14, + "ordinal": 15, "type_info": "Text" } ], @@ -90,6 +95,7 @@ false, false, true, + true, false, true, false, @@ -100,5 +106,5 @@ true ] }, - "hash": "e7e1186f31f01b80f2bd575e704db5377b5aa389e4e71d0aaf1f7fc5312574d2" + "hash": "294b2d391d5cf01a2e756ae357869b9fb274d4254b479816b3892c9593f76b13" } diff --git a/src-tauri/.sqlx/query-c372f0b7ed83311ea369a309b6da796e6944d87b1be160ce7aa2cdbf57c20e78.json b/src-tauri/.sqlx/query-31cce786a98f42f93bef6beb172aff153682182940f382d977a59ebf8cf7def0.json similarity index 82% rename from src-tauri/.sqlx/query-c372f0b7ed83311ea369a309b6da796e6944d87b1be160ce7aa2cdbf57c20e78.json rename to src-tauri/.sqlx/query-31cce786a98f42f93bef6beb172aff153682182940f382d977a59ebf8cf7def0.json index 5d303f03..8b64d203 100644 --- a/src-tauri/.sqlx/query-c372f0b7ed83311ea369a309b6da796e6944d87b1be160ce7aa2cdbf57c20e78.json +++ b/src-tauri/.sqlx/query-31cce786a98f42f93bef6beb172aff153682182940f382d977a59ebf8cf7def0.json @@ -1,6 +1,6 @@ { "db_name": "SQLite", - "query": "SELECT id \"id?\", name, pubkey, prvkey, address, server_pubkey, allowed_ips, endpoint, dns, persistent_keep_alive, \n route_all_traffic, pre_up, post_up, pre_down, post_down FROM tunnel WHERE server_pubkey = $1;", + "query": "SELECT id \"id?\", name, pubkey, prvkey, address, server_pubkey, preshared_key, allowed_ips, endpoint, dns, persistent_keep_alive, \n route_all_traffic, pre_up, post_up, pre_down, post_down FROM tunnel WHERE server_pubkey = $1;", "describe": { "columns": [ { @@ -34,48 +34,53 @@ "type_info": "Text" }, { - "name": "allowed_ips", + "name": "preshared_key", "ordinal": 6, "type_info": "Text" }, { - "name": "endpoint", + "name": "allowed_ips", "ordinal": 7, "type_info": "Text" }, { - "name": "dns", + "name": "endpoint", "ordinal": 8, "type_info": "Text" }, { - "name": "persistent_keep_alive", + "name": "dns", "ordinal": 9, + "type_info": "Text" + }, + { + "name": "persistent_keep_alive", + "ordinal": 10, "type_info": "Int64" }, { "name": "route_all_traffic", - "ordinal": 10, + "ordinal": 11, "type_info": "Bool" }, { "name": "pre_up", - "ordinal": 11, + "ordinal": 12, "type_info": "Text" }, { "name": "post_up", - "ordinal": 12, + "ordinal": 13, "type_info": "Text" }, { "name": "pre_down", - "ordinal": 13, + "ordinal": 14, "type_info": "Text" }, { "name": "post_down", - "ordinal": 14, + "ordinal": 15, "type_info": "Text" } ], @@ -90,6 +95,7 @@ false, false, true, + true, false, true, false, @@ -100,5 +106,5 @@ true ] }, - "hash": "c372f0b7ed83311ea369a309b6da796e6944d87b1be160ce7aa2cdbf57c20e78" + "hash": "31cce786a98f42f93bef6beb172aff153682182940f382d977a59ebf8cf7def0" } diff --git a/src-tauri/.sqlx/query-45dee5e00c040e079779b1202cd1fafaff49e75319a3533279ec6ff574fd77cc.json b/src-tauri/.sqlx/query-45dee5e00c040e079779b1202cd1fafaff49e75319a3533279ec6ff574fd77cc.json deleted file mode 100644 index d5183b62..00000000 --- a/src-tauri/.sqlx/query-45dee5e00c040e079779b1202cd1fafaff49e75319a3533279ec6ff574fd77cc.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "db_name": "SQLite", - "query": "UPDATE tunnel SET name = $1, pubkey = $2, prvkey = $3, address = $4, server_pubkey = $5, allowed_ips = $6, endpoint = $7, dns = $8, persistent_keep_alive = $9, route_all_traffic = $10, pre_up = $11, post_up = $12, pre_down = $13, post_down = $14 WHERE id = $15;", - "describe": { - "columns": [], - "parameters": { - "Right": 15 - }, - "nullable": [] - }, - "hash": "45dee5e00c040e079779b1202cd1fafaff49e75319a3533279ec6ff574fd77cc" -} diff --git a/src-tauri/.sqlx/query-ad7da802eaf8c3ff61dc3d9811a3cd8f85e45098d2fe5fc58ca81a43f57fd324.json b/src-tauri/.sqlx/query-ad7da802eaf8c3ff61dc3d9811a3cd8f85e45098d2fe5fc58ca81a43f57fd324.json new file mode 100644 index 00000000..a14d8464 --- /dev/null +++ b/src-tauri/.sqlx/query-ad7da802eaf8c3ff61dc3d9811a3cd8f85e45098d2fe5fc58ca81a43f57fd324.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "UPDATE tunnel SET name = $1, pubkey = $2, prvkey = $3, address = $4, server_pubkey = $5, preshared_key = $6, allowed_ips = $7, endpoint = $8, dns = $9, persistent_keep_alive = $10, route_all_traffic = $11, pre_up = $12, post_up = $13, pre_down = $14, post_down = $15 WHERE id = $16;", + "describe": { + "columns": [], + "parameters": { + "Right": 16 + }, + "nullable": [] + }, + "hash": "ad7da802eaf8c3ff61dc3d9811a3cd8f85e45098d2fe5fc58ca81a43f57fd324" +} diff --git a/src-tauri/.sqlx/query-aee2085be1fbcb527eb15059c07e37c97a45f123d0fd59029b13ac4488cbaf67.json b/src-tauri/.sqlx/query-aee2085be1fbcb527eb15059c07e37c97a45f123d0fd59029b13ac4488cbaf67.json new file mode 100644 index 00000000..e03b7cc0 --- /dev/null +++ b/src-tauri/.sqlx/query-aee2085be1fbcb527eb15059c07e37c97a45f123d0fd59029b13ac4488cbaf67.json @@ -0,0 +1,20 @@ +{ + "db_name": "SQLite", + "query": "INSERT INTO tunnel (name, pubkey, prvkey, address, server_pubkey, allowed_ips, preshared_key, endpoint, dns, persistent_keep_alive, route_all_traffic, pre_up, post_up, pre_down, post_down) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15) RETURNING id;", + "describe": { + "columns": [ + { + "name": "id", + "ordinal": 0, + "type_info": "Int64" + } + ], + "parameters": { + "Right": 15 + }, + "nullable": [ + false + ] + }, + "hash": "aee2085be1fbcb527eb15059c07e37c97a45f123d0fd59029b13ac4488cbaf67" +} diff --git a/src-tauri/.sqlx/query-d7cf32155e5dc7d775d5884014d4b9dfc7d69250bdf2799a8684fd4d93986701.json b/src-tauri/.sqlx/query-d7cf32155e5dc7d775d5884014d4b9dfc7d69250bdf2799a8684fd4d93986701.json deleted file mode 100644 index ef8510dc..00000000 --- a/src-tauri/.sqlx/query-d7cf32155e5dc7d775d5884014d4b9dfc7d69250bdf2799a8684fd4d93986701.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "db_name": "SQLite", - "query": "INSERT INTO tunnel (name, pubkey, prvkey, address, server_pubkey, allowed_ips, endpoint, dns, persistent_keep_alive, route_all_traffic, pre_up, post_up, pre_down, post_down) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14) RETURNING id;", - "describe": { - "columns": [ - { - "name": "id", - "ordinal": 0, - "type_info": "Int64" - } - ], - "parameters": { - "Right": 14 - }, - "nullable": [ - false - ] - }, - "hash": "d7cf32155e5dc7d775d5884014d4b9dfc7d69250bdf2799a8684fd4d93986701" -} diff --git a/src-tauri/migrations/20240418065649_add_tunnel_preshared_key.sql b/src-tauri/migrations/20240418065649_add_tunnel_preshared_key.sql new file mode 100644 index 00000000..6d294d60 --- /dev/null +++ b/src-tauri/migrations/20240418065649_add_tunnel_preshared_key.sql @@ -0,0 +1 @@ +ALTER TABLE tunnel ADD COLUMN preshared_key TEXT NULL; diff --git a/src-tauri/src/database/models/tunnel.rs b/src-tauri/src/database/models/tunnel.rs index cecf1130..989d99d8 100644 --- a/src-tauri/src/database/models/tunnel.rs +++ b/src-tauri/src/database/models/tunnel.rs @@ -22,17 +22,24 @@ pub struct Tunnel { // server config pub address: String, pub server_pubkey: String, + #[serde_as(as = "NoneAsEmptyString")] + pub preshared_key: Option, + #[serde_as(as = "NoneAsEmptyString")] pub allowed_ips: Option, // server_address:port pub endpoint: String, - #[serde_as(deserialize_as = "NoneAsEmptyString")] + #[serde_as(as = "NoneAsEmptyString")] pub dns: Option, pub persistent_keep_alive: i64, // New field pub route_all_traffic: bool, // additional commands + #[serde_as(as = "NoneAsEmptyString")] pub pre_up: Option, + #[serde_as(as = "NoneAsEmptyString")] pub post_up: Option, + #[serde_as(as = "NoneAsEmptyString")] pub pre_down: Option, + #[serde_as(as = "NoneAsEmptyString")] pub post_down: Option, } @@ -45,6 +52,7 @@ impl Tunnel { prvkey: String, address: String, server_pubkey: String, + preshared_key: Option, allowed_ips: Option, endpoint: String, dns: Option, @@ -62,6 +70,7 @@ impl Tunnel { prvkey, address, server_pubkey, + preshared_key, allowed_ips, endpoint, dns, @@ -79,15 +88,16 @@ impl Tunnel { None => { // Insert a new record when there is no ID let result = query!( - "INSERT INTO tunnel (name, pubkey, prvkey, address, server_pubkey, allowed_ips, \ + "INSERT INTO tunnel (name, pubkey, prvkey, address, server_pubkey, allowed_ips, preshared_key, \ endpoint, dns, persistent_keep_alive, route_all_traffic, pre_up, post_up, pre_down, post_down) \ - VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14) RETURNING id;", + VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15) RETURNING id;", self.name, self.pubkey, self.prvkey, self.address, self.server_pubkey, self.allowed_ips, + self.preshared_key, self.endpoint, self.dns, self.persistent_keep_alive, @@ -105,14 +115,15 @@ impl Tunnel { // Update the existing record when there is an ID query!( "UPDATE tunnel SET name = $1, pubkey = $2, prvkey = $3, address = $4, \ - server_pubkey = $5, allowed_ips = $6, endpoint = $7, dns = $8, \ - persistent_keep_alive = $9, route_all_traffic = $10, pre_up = $11, post_up = $12, pre_down = $13, post_down = $14 \ - WHERE id = $15;", + server_pubkey = $5, preshared_key = $6, allowed_ips = $7, endpoint = $8, dns = $9, \ + persistent_keep_alive = $10, route_all_traffic = $11, pre_up = $12, post_up = $13, pre_down = $14, post_down = $15 \ + WHERE id = $16;", self.name, self.pubkey, self.prvkey, self.address, self.server_pubkey, + self.preshared_key, self.allowed_ips, self.endpoint, self.dns, @@ -135,7 +146,7 @@ impl Tunnel { pub async fn find_by_id(pool: &DbPool, tunnel_id: i64) -> Result, SqlxError> { query_as!( Self, - "SELECT id \"id?\", name, pubkey, prvkey, address, server_pubkey, allowed_ips, endpoint, dns, \ + "SELECT id \"id?\", name, pubkey, prvkey, address, server_pubkey, preshared_key, allowed_ips, endpoint, dns, \ persistent_keep_alive, route_all_traffic, pre_up, post_up, pre_down, post_down FROM tunnel WHERE id = $1;", tunnel_id ) @@ -146,17 +157,18 @@ impl Tunnel { pub async fn all(pool: &DbPool) -> Result, SqlxError> { let tunnels = query_as!( Self, - "SELECT id \"id?\", name, pubkey, prvkey, address, server_pubkey, allowed_ips, endpoint, dns, \ + "SELECT id \"id?\", name, pubkey, prvkey, address, server_pubkey, preshared_key, allowed_ips, endpoint, dns, \ persistent_keep_alive, route_all_traffic, pre_up, post_up, pre_down, post_down FROM tunnel;" ) .fetch_all(pool) .await?; Ok(tunnels) } + pub async fn find_by_server_public_key(pool: &DbPool, pubkey: &str) -> Result { query_as!( - Tunnel, - "SELECT id \"id?\", name, pubkey, prvkey, address, server_pubkey, allowed_ips, endpoint, dns, persistent_keep_alive, + Self, + "SELECT id \"id?\", name, pubkey, prvkey, address, server_pubkey, preshared_key, allowed_ips, endpoint, dns, persistent_keep_alive, route_all_traffic, pre_up, post_up, pre_down, post_down \ FROM tunnel WHERE server_pubkey = $1;", pubkey @@ -164,6 +176,7 @@ impl Tunnel { .fetch_one(pool) .await } + pub async fn delete_by_id(pool: &DbPool, id: i64) -> Result<(), Error> { // delete instance query!("DELETE FROM tunnel WHERE id = $1", id) diff --git a/src-tauri/src/utils.rs b/src-tauri/src/utils.rs index 1af569da..0516d586 100644 --- a/src-tauri/src/utils.rs +++ b/src-tauri/src/utils.rs @@ -287,6 +287,11 @@ pub async fn setup_interface_tunnel( .expect("Failed to parse persistent keep alive"), ); + if let Some(psk) = &tunnel.preshared_key { + let peer_psk = Key::from_str(psk)?; + peer.preshared_key = Some(peer_psk); + } + debug!("Parsing location allowed ips: {:?}", tunnel.allowed_ips); let allowed_ips: Vec = if tunnel.route_all_traffic { debug!("Using all traffic routing: {DEFAULT_ROUTE}"); diff --git a/src-tauri/src/wg_config.rs b/src-tauri/src/wg_config.rs index 6937e58c..4f1de3e1 100644 --- a/src-tauri/src/wg_config.rs +++ b/src-tauri/src/wg_config.rs @@ -74,6 +74,7 @@ pub fn parse_wireguard_config(config: &str) -> Result Result LocalizedString + /** + * Pre-shared Key + */ + presharedKey: () => LocalizedString /** * VPN Server Address:Port */ @@ -2187,6 +2199,10 @@ export type TranslationFunctions = { * The public key of the WireGuard server for secure communication. */ serverPubkey: () => LocalizedString + /** + * Optional symmetric secret key for enhanced security. + */ + presharedKey: () => LocalizedString /** * A comma-separated list of IP addresses or CIDR ranges that are allowed for communication through the tunnel. */ diff --git a/src/pages/client/pages/ClientAddTunnelPage/components/AddTunnelFormCard/AddTunnelFormCard.tsx b/src/pages/client/pages/ClientAddTunnelPage/components/AddTunnelFormCard/AddTunnelFormCard.tsx index 8aea8197..7f7c742d 100644 --- a/src/pages/client/pages/ClientAddTunnelPage/components/AddTunnelFormCard/AddTunnelFormCard.tsx +++ b/src/pages/client/pages/ClientAddTunnelPage/components/AddTunnelFormCard/AddTunnelFormCard.tsx @@ -41,6 +41,7 @@ type FormFields = { prvkey: string; address: string; server_pubkey: string; + preshared_key: string; allowed_ips?: string; endpoint: string; dns?: string; @@ -57,6 +58,7 @@ const defaultValues: FormFields = { prvkey: '', address: '', server_pubkey: '', + preshared_key: '', allowed_ips: '', endpoint: '', dns: '', @@ -101,6 +103,12 @@ export const AddTunnelFormCard = () => { .refine((value) => { return patternValidWireguardKey.test(value); }, LL.form.errors.invalid()), + preshared_key: z + .string() + .trim() + .refine((value) => { + return value === '' || patternValidWireguardKey.test(value); + }, LL.form.errors.invalid()), address: z.string().refine((value) => { return patternValidIp.test(value) || patternValidIpV6.test(value); }, LL.form.errors.invalid()), @@ -264,6 +272,11 @@ export const AddTunnelFormCard = () => { label={localLL.labels.serverPubkey()} labelExtras={{localLL.helpers.serverPubkey()}} /> + {localLL.helpers.presharedKey()}} + /> { pubkey, prvkey, server_pubkey, + preshared_key, allowed_ips, dns, persistent_keep_alive, @@ -88,6 +91,7 @@ const tunnelToForm = (tunnel: Tunnel): FormFields => { pubkey, prvkey, server_pubkey, + preshared_key: preshared_key || '', allowed_ips: allowed_ips || '', dns: dns || '', persistent_keep_alive, @@ -138,6 +142,12 @@ export const EditTunnelFormCard = ({ tunnel, submitRef }: Props) => { .refine((value) => { return patternValidWireguardKey.test(value); }, LL.form.errors.invalid()), + preshared_key: z + .string() + .trim() + .refine((value) => { + return value === '' || patternValidWireguardKey.test(value); + }, LL.form.errors.invalid()), address: z.string().refine((value) => { return patternValidIp.test(value) || patternValidIpV6.test(value); }, LL.form.errors.invalid()), @@ -236,6 +246,11 @@ export const EditTunnelFormCard = ({ tunnel, submitRef }: Props) => { label={localLL.labels.serverPubkey()} labelExtras={{localLL.helpers.serverPubkey()}} /> + {localLL.helpers.presharedKey()}} + />