Use preshared keys and make pingable (#15)

fbuetler · web-flow · commit 971edbb76e35 · 2023-03-12T17:00:07.000+01:00
* make wireguard pingable * accept preshared key for a peer * forked to inventage * Revert "forked to inventage" This reverts commit d7cdee9.
diff --git a/pkg/wgembed/iface.go b/pkg/wgembed/iface.go
@@ -8,11 +8,12 @@ import (
 
 type WireGuardInterface interface {
 	LoadConfig(config *ConfigFile) error
-	AddPeer(publicKey string, addressCIDR []string) error
+	AddPeer(publicKey string, presharedKey string, addressCIDR []string) error
 	ListPeers() ([]wgtypes.Peer, error)
 	RemovePeer(publicKey string) error
 	PublicKey() (string, error)
 	Close() error
+	Ping() error
 }
 
 // Options contains configuration options for the interface
diff --git a/pkg/wgembed/management.go b/pkg/wgembed/management.go
@@ -12,12 +12,23 @@ import (
 // AddPeer adds a new peer to the interface.
 // The subnet sizes in addressCIDR should be /32 for IPv4 and /128 for IPv6,
 // as the whole subnet will be added to AllowedIPs for this device.
-func (wg *commonInterface) AddPeer(publicKey string, addressCIDR []string) error {
-	key, err := wgtypes.ParseKey(publicKey)
+// The presharedKey is optinal and can be omitted with nil
+func (wg *commonInterface) AddPeer(publicKey string, presharedKey string, addressCIDR []string) error {
+	wgPublicKey, err := wgtypes.ParseKey(publicKey)
 	if err != nil {
 		return errors.Wrapf(err, "bad public key %v", publicKey)
 	}
 
+	var wgPresharedKey *wgtypes.Key
+	if len(presharedKey) != 0 {
+		psk, err := wgtypes.ParseKey(presharedKey)
+		if err != nil {
+			logrus.WithError(err).Warnf("ignoring bad pre-shared key: %v", presharedKey)
+		} else {
+			wgPresharedKey = &psk
+		}
+	}
+
 	parsedAddresses := make([]net.IPNet, 0, len(addressCIDR))
 	for _, addr := range addressCIDR {
 		_, allowedIPs, err := net.ParseCIDR(addr)
@@ -31,7 +42,8 @@ func (wg *commonInterface) AddPeer(publicKey string, addressCIDR []string) error
 		config.ReplacePeers = false
 		config.Peers = []wgtypes.PeerConfig{
 			{
-				PublicKey:         key,
+				PublicKey:         wgPublicKey,
+				PresharedKey:      wgPresharedKey,
 				AllowedIPs:        parsedAddresses,
 				ReplaceAllowedIPs: true,
 			},
@@ -109,6 +121,13 @@ func (wg *commonInterface) Port() (int, error) {
 	return device.ListenPort, nil
 }
 
+func (wg *commonInterface) Ping() error {
+	if _, err := wg.ListPeers(); err != nil {
+		return errors.New("failed to ping wireguard")
+	}
+	return nil
+}
+
 func (wg *commonInterface) configure(cb func(*wgtypes.Config) error) error {
 	// TODO: concurrency
 	// s.lock.Lock()
diff --git a/pkg/wgembed/noop.go b/pkg/wgembed/noop.go
@@ -13,7 +13,7 @@ func (wg *NoOpWireguardInterface) LoadConfig(config *ConfigFile) error {
 	return nil
 }
 
-func (wg *NoOpWireguardInterface) AddPeer(publicKey string, addressCIDR []string) error {
+func (wg *NoOpWireguardInterface) AddPeer(publicKey string, presharedKey string, addressCIDR []string) error {
 	return nil
 }
 
@@ -32,3 +32,7 @@ func (wg *NoOpWireguardInterface) PublicKey() (string, error) {
 func (wg *NoOpWireguardInterface) Close() error {
 	return nil
 }
+
+func (wg *NoOpWireguardInterface) Ping() error {
+	return nil
+}

Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@ func (wg NoOpWireguardInterface) LoadConfig(config ConfigFile) error {`
`13`	`13`	`return nil`
`14`	`14`	`}`
`15`	`15`
`16`		`-func (wg *NoOpWireguardInterface) AddPeer(publicKey string, addressCIDR []string) error {`
	`16`	`+func (wg *NoOpWireguardInterface) AddPeer(publicKey string, presharedKey string, addressCIDR []string) error {`
`17`	`17`	`return nil`
`18`	`18`	`}`
`19`	`19`
`@@ -32,3 +32,7 @@ func (wg *NoOpWireguardInterface) PublicKey() (string, error) {`
`32`	`32`	`func (wg *NoOpWireguardInterface) Close() error {`
`33`	`33`	`return nil`
`34`	`34`	`}`
	`35`	`+`
	`36`	`+func (wg *NoOpWireguardInterface) Ping() error {`
	`37`	`+ return nil`
	`38`	`+}`