NOXCIS
commented
2 months ago Preshared Keys have to passed as files according to wg set syntax. Heres a fix base on the now defucnt API from V3.
def allowAccessPeers(self, listOfPublicKeys):
# Ensure the configuration is active
if not self.getStatus():
self.toggleConfiguration()
for publicKey in listOfPublicKeys:
peer = sqlSelect(
f"SELECT * FROM '{self.Name}_restrict_access' WHERE id = ?",
(publicKey,)
).fetchone()
if peer is not None:
temp_key_file_path = None # Initialize variable for temp file
try:
# Check if a preshared key exists
if peer['preshared_key']: # Use key-based access instead of .get()
# Create a temporary file for the preshared key
now = datetime.now().strftime("%Y%m%d_%H%M%S")
temp_key_file_path = f"/tmp/{now}_preshared_key.tmp"
with open(temp_key_file_path, 'w') as temp_key_file:
temp_key_file.write(peer['preshared_key'])
# Move the peer from restrict_access to the main table
sqlUpdate(
f"INSERT INTO '{self.Name}' SELECT * FROM {self.Name}_restrict_access WHERE id = ?",
(peer['id'],)
)
# Remove the peer from restrict_access table
sqlUpdate(
f"DELETE FROM '{self.Name}_restrict_access' WHERE id = ?",
(peer['id'],)
)
# Update WireGuard configuration to allow the peer
if temp_key_file_path:
# If the preshared key exists, include it in the command
wg_command = (
f"wg set {self.Name} peer {peer['id']} allowed-ips {peer['allowed_ip']} preshared-key {temp_key_file_path}"
)
else:
# If no preshared key, exclude it from the command
wg_command = (
f"wg set {self.Name} peer {peer['id']} allowed-ips {peer['allowed_ip']}"
)
# Execute the WireGuard command
subprocess.check_output(wg_command, shell=True, stderr=subprocess.STDOUT)
except subprocess.CalledProcessError as e:
error_message = e.output.decode().strip()
return ResponseObject(False, f"Failed to execute WireGuard command for peer {publicKey}: {error_message}")
except Exception as e:
return ResponseObject(False, f"An unexpected error occurred while processing peer {publicKey}: {str(e)}")
finally:
# Clean up the temporary preshared key file, if it exists
if temp_key_file_path and os.path.exists(temp_key_file_path):
os.remove(temp_key_file_path)
else:
return ResponseObject(False, f"Peer {publicKey} not found in restrict_access table")
# Save the WireGuard configuration
if not self.__wgSave():
return ResponseObject(False, "Failed to save configuration through WireGuard")
# Refresh the list of peers
self.__getPeers()
return ResponseObject(True, "Access allowed successfully!")`
donaldzou
Describe The Problem A clear and concise description of what the bug is.
Expected Error / Traceback
To Reproduce Docker Compose Create a peer with a presharded key deactivate and reactivate while checking the .conf in between steps. Toggling Peers acces breaks peer config when peer has a preshared key.
OS Information:
Sample of your
.conffile