Skip to content

Commit

Permalink
refactor: adjust MFA peer disconnect settings (#517)
Browse files Browse the repository at this point in the history 
* adjust default value

* run disconnect task more frequently

* adjust default value in postgres

* adjust default value frontend

* add missing newline

---------

Co-authored-by: Maciej Wójcik <[email protected]>
  • Loading branch information
@wojcik91
wojcik91 and Maciej Wójcik authored Jan 24, 2024
1 parent 3c1d72c commit 470e18a
Show file tree
Hide file tree
Showing 14 changed files with 26 additions and 24 deletions.
1 change: 1 addition & 0 deletions migrations/20240124063948_adjust_peer_disconnect.down.sql
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE wireguard_network ALTER COLUMN peer_disconnect_threshold SET DEFAULT 75;
1 change: 1 addition & 0 deletions migrations/20240124063948_adjust_peer_disconnect.up.sql
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE wireguard_network ALTER COLUMN peer_disconnect_threshold SET DEFAULT 180;
2 changes: 1 addition & 1 deletion src/db/models/wireguard.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ use crate::{
};

pub const DEFAULT_KEEPALIVE_INTERVAL: i32 = 25;
pub const DEFAULT_DISCONNECT_THRESHOLD: i32 = 25;
pub const DEFAULT_DISCONNECT_THRESHOLD: i32 = 180;

// Used in process of importing network from wireguard config
#[derive(Debug, Clone, Deserialize, Serialize)]
Expand Down
2 changes: 1 addition & 1 deletion src/wireguard_peer_disconnect.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ use thiserror::Error;
use tokio::{sync::broadcast::Sender, time::sleep};

// How long to sleep between loop iterations
const DISCONNECT_LOOP_SLEEP_SECONDS: u64 = 180; // 3 minutes
const DISCONNECT_LOOP_SLEEP_SECONDS: u64 = 60; // 1 minute

#[derive(Debug, Error)]
pub enum PeerDisconnectError {
Expand Down
2 changes: 1 addition & 1 deletion tests/user.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -571,7 +571,7 @@ fn make_network() -> Value {
"allowed_groups": [],
"mfa_enabled": false,
"keepalive_interval": 25,
"peer_disconnect_threshold": 75
"peer_disconnect_threshold": 180
})
}

Expand Down
2 changes: 1 addition & 1 deletion tests/wireguard.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ fn make_network() -> Value {
"allowed_groups": [],
"mfa_enabled": false,
"keepalive_interval": 25,
"peer_disconnect_threshold": 75
"peer_disconnect_threshold": 180
})
}

Expand Down
14 changes: 7 additions & 7 deletions tests/wireguard_network_allowed_groups.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@ async fn test_create_new_network() {
"allowed_groups": ["allowed group"],
"mfa_enabled": false,
"keepalive_interval": 25,
"peer_disconnect_threshold": 75
"peer_disconnect_threshold": 180
}))
.send()
.await;
Expand Down Expand Up @@ -162,7 +162,7 @@ async fn test_modify_network() {
"allowed_groups": [],
"mfa_enabled": false,
"keepalive_interval": 25,
"peer_disconnect_threshold": 75
"peer_disconnect_threshold": 180
}))
.send()
.await;
Expand Down Expand Up @@ -193,7 +193,7 @@ async fn test_modify_network() {
"allowed_groups": ["allowed group"],
"mfa_enabled": false,
"keepalive_interval": 25,
"peer_disconnect_threshold": 75
"peer_disconnect_threshold": 180
}))
.send()
.await;
Expand All @@ -218,7 +218,7 @@ async fn test_modify_network() {
"allowed_groups": ["allowed group", "not allowed group"],
"mfa_enabled": false,
"keepalive_interval": 25,
"peer_disconnect_threshold": 75
"peer_disconnect_threshold": 180
}))
.send()
.await;
Expand All @@ -244,7 +244,7 @@ async fn test_modify_network() {
"allowed_groups": ["not allowed group"],
"mfa_enabled": false,
"keepalive_interval": 25,
"peer_disconnect_threshold": 75
"peer_disconnect_threshold": 180
}))
.send()
.await;
Expand All @@ -269,7 +269,7 @@ async fn test_modify_network() {
"allowed_groups": [],
"mfa_enabled": false,
"keepalive_interval": 25,
"peer_disconnect_threshold": 75
"peer_disconnect_threshold": 180
}))
.send()
.await;
Expand Down Expand Up @@ -507,7 +507,7 @@ async fn test_modify_user() {
"allowed_groups": ["allowed group"],
"mfa_enabled": false,
"keepalive_interval": 25,
"peer_disconnect_threshold": 75
"peer_disconnect_threshold": 180
}))
.send()
.await;
Expand Down
2 changes: 1 addition & 1 deletion tests/wireguard_network_stats.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ fn make_network() -> Value {
"allowed_groups": [],
"mfa_enabled": false,
"keepalive_interval": 25,
"peer_disconnect_threshold": 75
"peer_disconnect_threshold": 180
})
}

Expand Down
4 changes: 2 additions & 2 deletions web/src/i18n/en/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1287,10 +1287,10 @@ const en: BaseTranslation = {
label: 'Require MFA for this Location',
},
keepalive_interval: {
label: 'Keepalive interval',
label: 'Keepalive interval [seconds]',
},
peer_disconnect_threshold: {
label: 'Peer disconnect threshold',
label: 'Peer disconnect threshold [seconds]',
},
},
controls: {
Expand Down
8 changes: 4 additions & 4 deletions web/src/i18n/i18n-types.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3011,13 +3011,13 @@ type RootTranslation = {
}
keepalive_interval: {
/**
* K​e​e​p​a​l​i​v​e​ ​i​n​t​e​r​v​a​l
* K​e​e​p​a​l​i​v​e​ ​i​n​t​e​r​v​a​l​ ​[​s​e​c​o​n​d​s​]
*/
label: string
}
peer_disconnect_threshold: {
/**
* P​e​e​r​ ​d​i​s​c​o​n​n​e​c​t​ ​t​h​r​e​s​h​o​l​d
* P​e​e​r​ ​d​i​s​c​o​n​n​e​c​t​ ​t​h​r​e​s​h​o​l​d​ ​[​s​e​c​o​n​d​s​]
*/
label: string
}
Expand Down Expand Up @@ -6541,13 +6541,13 @@ export type TranslationFunctions = {
}
keepalive_interval: {
/**
* Keepalive interval
* Keepalive interval [seconds]
*/
label: () => LocalizedString
}
peer_disconnect_threshold: {
/**
* Peer disconnect threshold
* Peer disconnect threshold [seconds]
*/
label: () => LocalizedString
}
Expand Down
4 changes: 2 additions & 2 deletions web/src/i18n/pl/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1272,10 +1272,10 @@ Uwaga, konfiguracje tutaj podane, nie posiadają twojego klucza prywatnego. Musi
label: 'Wymagaj MFA dla tej lokalizacji',
},
keepalive_interval: {
label: 'Utrzymanie połączenia',
label: 'Utrzymanie połączenia [sekundy]',
},
peer_disconnect_threshold: {
label: 'Peer disconnect threshold',
label: 'Peer disconnect threshold [sekundy]',
},
},
controls: {
Expand Down
4 changes: 2 additions & 2 deletions web/src/pages/network/NetworkEditForm/NetworkEditForm.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ const defaultValues: FormFields = {
dns: '',
mfa_enabled: false,
keepalive_interval: 25,
peer_disconnect_threshold: 75,
peer_disconnect_threshold: 180,
};

const networkToForm = (data?: Network): FormFields => {
Expand Down Expand Up @@ -197,7 +197,7 @@ export const NetworkEditForm = () => {
peer_disconnect_threshold: yup
.number()
.positive()
.min(1)
.min(120)
.required(LL.form.error.required()),
})
.required();
Expand Down
2 changes: 1 addition & 1 deletion web/src/pages/wizard/components/WizardNetworkConfiguration/WizardNetworkConfiguration.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,7 +140,7 @@ export const WizardNetworkConfiguration = () => {
peer_disconnect_threshold: yup
.number()
.positive()
.min(1)
.min(120)
.required(LL.form.error.required()),
})
.required(),
Expand Down
2 changes: 1 addition & 1 deletion web/src/pages/wizard/hooks/useWizardStore.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ const defaultValues: StoreFields = {
dns: '',
mfa_enabled: false,
keepalive_interval: 25,
peer_disconnect_threshold: 75,
peer_disconnect_threshold: 180,
},
};

Expand Down

0 comments on commit 470e18a

Please sign in to comment.