Initial daemon draft.

.gitignore

@@ -0,0 +1 @@
+/target

Cargo.toml

@@ -0,0 +1,14 @@
+[package]
+name = "wgvirtipd"
+version = "0.1.0"
+edition = "2021"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+cidr = { version = "0" }
+bytes = { version = "1" }
+serde = "1"
+tokio = { version = "1", features=["full"] }
+clap = { version = "4", features=["derive"] }
+warp = "0"

src/main.rs

@@ -0,0 +1,181 @@
+use clap::Parser;
+use std::str::FromStr;
+use warp::Filter;
+
+#[derive(Parser, Debug)]
+#[command(author, version, about, long_about = None)]
+struct CliArguments {
+    #[arg(short, long)]
+    addr: std::net::SocketAddr,
+    #[arg(short, long)]
+    link: String,
+}
+
+type WgLink = String;
+type WgPeer = String;
+
+#[derive(Debug)]
+struct RejectCommandFailedToExecute;
+impl warp::reject::Reject for RejectCommandFailedToExecute {}
+
+#[derive(Debug)]
+struct CommandError {
+    stdout: String,
+    stderr: String,
+}
+impl warp::reject::Reject for CommandError {}
+impl From<std::process::Output> for CommandError {
+    fn from(value: std::process::Output) -> Self {
+        CommandError {
+            stdout: std::str::from_utf8(value.stdout.as_ref()).unwrap().into(),
+            stderr: std::str::from_utf8(value.stderr.as_ref()).unwrap().into(),
+        }
+    }
+}
+
+fn split_allowed_ips_text_line(text: &str) -> (WgPeer, Vec<cidr::IpInet>) {
+    let mut string_parts = text.split(|c| c == '\t' || c == ' ');
+    let peer = string_parts.next().unwrap();
+    let cidrs = string_parts
+        .map(|p| cidr::IpInet::from_str(p).unwrap())
+        .collect();
+    (peer.into(), cidrs)
+}
+fn split_allowed_ips_text(text: &str, peer: WgPeer) -> (WgPeer, Vec<cidr::IpInet>) {
+    text.split('\n')
+        .map(|p| split_allowed_ips_text_line(p))
+        .filter(|l| l.0 == peer)
+        .next()
+        .unwrap()
+}
+
+async fn wg_add_address(
+    link: WgLink,
+    peer: WgPeer,
+    cidr: cidr::IpInet,
+) -> Result<impl warp::Reply, warp::Rejection> {
+    let output = match tokio::process::Command::new("wg")
+        .arg("show")
+        .arg(&link)
+        .arg("allowed-ips")
+        .output()
+        .await
+    {
+        Ok(v) => v,
+        Err(_) => return Err(warp::reject::custom(RejectCommandFailedToExecute)),
+    };
+    if !output.status.success() {
+        return Err(warp::reject::custom(CommandError::from(output)));
+    }
+    let (peer, ips) =
+        split_allowed_ips_text(std::str::from_utf8(output.stdout.as_ref()).unwrap(), peer);
+    let ips_str =
+        ips.iter()
+            .chain([cidr].iter())
+            .map(|x| x.to_string())
+            .fold("".to_string(), |acc, x| {
+                let mut s = String::from(acc);
+                s.push_str(&x);
+                s.push_str(",");
+                s
+            });
+    let ips_str = &ips_str[0..ips_str.len() - 1];
+    let mut command = tokio::process::Command::new("wg");
+    command
+        .arg("set")
+        .arg(&link)
+        .arg("peer")
+        .arg(&peer)
+        .arg("allowed-ips")
+        .arg(ips_str);
+    println!("command = {:?}", command);
+    let output = match command.output().await {
+        Ok(v) => v,
+        Err(_) => return Err(warp::reject::custom(RejectCommandFailedToExecute)),
+    };
+    println!("{:?}", output);
+
+    if output.status.success() {
+        Ok("")
+    } else {
+        Err(warp::reject::custom(CommandError::from(output)))
+    }
+}
+async fn wg_del_address(
+    link: WgLink,
+    peer: WgPeer,
+    cidr: cidr::IpInet,
+) -> Result<impl warp::Reply, warp::Rejection> {
+    let output = match tokio::process::Command::new("wg")
+        .arg("show")
+        .arg(&link)
+        .arg("allowed-ips")
+        .output()
+        .await
+    {
+        Ok(v) => v,
+        Err(_) => return Err(warp::reject::custom(RejectCommandFailedToExecute)),
+    };
+    if !output.status.success() {
+        return Err(warp::reject::custom(CommandError::from(output)));
+    }
+    let (peer, ips) =
+        split_allowed_ips_text(std::str::from_utf8(output.stdout.as_ref()).unwrap(), peer);
+    let ips_str = ips
+        .iter()
+        .filter(|x| **x != cidr)
+        .map(|x| x.to_string())
+        .fold("".to_string(), |acc, x| {
+            let mut s = String::from(acc);
+            s.push_str(&x);
+            s.push_str(",");
+            s
+        });
+    let ips_str = &ips_str[0..ips_str.len() - 1];
+    let mut command = tokio::process::Command::new("wg");
+    command
+        .arg("set")
+        .arg(&link)
+        .arg("peer")
+        .arg(&peer)
+        .arg("allowed-ips")
+        .arg(ips_str);
+    println!("command = {:?}", command);
+    let output = match command.output().await {
+        Ok(v) => v,
+        Err(_) => return Err(warp::reject::custom(RejectCommandFailedToExecute)),
+    };
+    println!("{:?}", output);
+
+    if output.status.success() {
+        Ok("")
+    } else {
+        Err(warp::reject::custom(CommandError::from(output)))
+    }
+}
+
+#[tokio::main]
+async fn main() {
+    let args = CliArguments::parse();
+
+    let base = warp::path("wireguard")
+        .and(warp::path::param::<WgLink>())
+        .and(warp::path("peer"))
+        .and(warp::path::param::<WgPeer>())
+        .and(warp::path("address"));
+    let address_add = base
+        .and(warp::path::end())
+        .and(warp::post())
+        .and(warp::body::bytes().map(|b: bytes::Bytes| {
+            cidr::IpInet::from_str(std::str::from_utf8(b.as_ref()).unwrap().trim()).unwrap()
+        }))
+        .and_then(wg_add_address);
+    let address_del = base
+        .and(warp::path::param::<cidr::IpInet>())
+        .and(warp::path::end())
+        .and(warp::delete())
+        .and_then(wg_del_address);
+    let routes = address_add.or(address_del);
+
+    warp::serve(routes).run(args.addr).await;
+}