Initial daemon draft.

This commit is contained in:
redxef 2023-06-16 17:59:24 +02:00
commit 8481ff63d5
Signed by: redxef
GPG key ID: 7DAC3AA211CBD921
4 changed files with 1396 additions and 0 deletions

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
/target

1200
Cargo.lock generated Normal file

File diff suppressed because it is too large Load diff

14
Cargo.toml Normal file
View file

@ -0,0 +1,14 @@
[package]
name = "wgvirtipd"
version = "0.1.0"
edition = "2021"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]
cidr = { version = "0" }
bytes = { version = "1" }
serde = "1"
tokio = { version = "1", features=["full"] }
clap = { version = "4", features=["derive"] }
warp = "0"

181
src/main.rs Normal file
View file

@ -0,0 +1,181 @@
use clap::Parser;
use std::str::FromStr;
use warp::Filter;
#[derive(Parser, Debug)]
#[command(author, version, about, long_about = None)]
struct CliArguments {
#[arg(short, long)]
addr: std::net::SocketAddr,
#[arg(short, long)]
link: String,
}
type WgLink = String;
type WgPeer = String;
#[derive(Debug)]
struct RejectCommandFailedToExecute;
impl warp::reject::Reject for RejectCommandFailedToExecute {}
#[derive(Debug)]
struct CommandError {
stdout: String,
stderr: String,
}
impl warp::reject::Reject for CommandError {}
impl From<std::process::Output> for CommandError {
fn from(value: std::process::Output) -> Self {
CommandError {
stdout: std::str::from_utf8(value.stdout.as_ref()).unwrap().into(),
stderr: std::str::from_utf8(value.stderr.as_ref()).unwrap().into(),
}
}
}
fn split_allowed_ips_text_line(text: &str) -> (WgPeer, Vec<cidr::IpInet>) {
let mut string_parts = text.split(|c| c == '\t' || c == ' ');
let peer = string_parts.next().unwrap();
let cidrs = string_parts
.map(|p| cidr::IpInet::from_str(p).unwrap())
.collect();
(peer.into(), cidrs)
}
fn split_allowed_ips_text(text: &str, peer: WgPeer) -> (WgPeer, Vec<cidr::IpInet>) {
text.split('\n')
.map(|p| split_allowed_ips_text_line(p))
.filter(|l| l.0 == peer)
.next()
.unwrap()
}
async fn wg_add_address(
link: WgLink,
peer: WgPeer,
cidr: cidr::IpInet,
) -> Result<impl warp::Reply, warp::Rejection> {
let output = match tokio::process::Command::new("wg")
.arg("show")
.arg(&link)
.arg("allowed-ips")
.output()
.await
{
Ok(v) => v,
Err(_) => return Err(warp::reject::custom(RejectCommandFailedToExecute)),
};
if !output.status.success() {
return Err(warp::reject::custom(CommandError::from(output)));
}
let (peer, ips) =
split_allowed_ips_text(std::str::from_utf8(output.stdout.as_ref()).unwrap(), peer);
let ips_str =
ips.iter()
.chain([cidr].iter())
.map(|x| x.to_string())
.fold("".to_string(), |acc, x| {
let mut s = String::from(acc);
s.push_str(&x);
s.push_str(",");
s
});
let ips_str = &ips_str[0..ips_str.len() - 1];
let mut command = tokio::process::Command::new("wg");
command
.arg("set")
.arg(&link)
.arg("peer")
.arg(&peer)
.arg("allowed-ips")
.arg(ips_str);
println!("command = {:?}", command);
let output = match command.output().await {
Ok(v) => v,
Err(_) => return Err(warp::reject::custom(RejectCommandFailedToExecute)),
};
println!("{:?}", output);
if output.status.success() {
Ok("")
} else {
Err(warp::reject::custom(CommandError::from(output)))
}
}
async fn wg_del_address(
link: WgLink,
peer: WgPeer,
cidr: cidr::IpInet,
) -> Result<impl warp::Reply, warp::Rejection> {
let output = match tokio::process::Command::new("wg")
.arg("show")
.arg(&link)
.arg("allowed-ips")
.output()
.await
{
Ok(v) => v,
Err(_) => return Err(warp::reject::custom(RejectCommandFailedToExecute)),
};
if !output.status.success() {
return Err(warp::reject::custom(CommandError::from(output)));
}
let (peer, ips) =
split_allowed_ips_text(std::str::from_utf8(output.stdout.as_ref()).unwrap(), peer);
let ips_str = ips
.iter()
.filter(|x| **x != cidr)
.map(|x| x.to_string())
.fold("".to_string(), |acc, x| {
let mut s = String::from(acc);
s.push_str(&x);
s.push_str(",");
s
});
let ips_str = &ips_str[0..ips_str.len() - 1];
let mut command = tokio::process::Command::new("wg");
command
.arg("set")
.arg(&link)
.arg("peer")
.arg(&peer)
.arg("allowed-ips")
.arg(ips_str);
println!("command = {:?}", command);
let output = match command.output().await {
Ok(v) => v,
Err(_) => return Err(warp::reject::custom(RejectCommandFailedToExecute)),
};
println!("{:?}", output);
if output.status.success() {
Ok("")
} else {
Err(warp::reject::custom(CommandError::from(output)))
}
}
#[tokio::main]
async fn main() {
let args = CliArguments::parse();
let base = warp::path("wireguard")
.and(warp::path::param::<WgLink>())
.and(warp::path("peer"))
.and(warp::path::param::<WgPeer>())
.and(warp::path("address"));
let address_add = base
.and(warp::path::end())
.and(warp::post())
.and(warp::body::bytes().map(|b: bytes::Bytes| {
cidr::IpInet::from_str(std::str::from_utf8(b.as_ref()).unwrap().trim()).unwrap()
}))
.and_then(wg_add_address);
let address_del = base
.and(warp::path::param::<cidr::IpInet>())
.and(warp::path::end())
.and(warp::delete())
.and_then(wg_del_address);
let routes = address_add.or(address_del);
warp::serve(routes).run(args.addr).await;
}