diff --git a/.sqlx/query-5d629b503d4d9f76b4e9b8981139753077bf164f59900f29d54ff35bc294c9b4.json b/.sqlx/query-06f847d99d452dafd10f4a6bec309c330d76eb5d0a34012bd75395b13e3ff659.json similarity index 74% rename from .sqlx/query-5d629b503d4d9f76b4e9b8981139753077bf164f59900f29d54ff35bc294c9b4.json rename to .sqlx/query-06f847d99d452dafd10f4a6bec309c330d76eb5d0a34012bd75395b13e3ff659.json index c89652bd4..c291b5a4e 100644 --- a/.sqlx/query-5d629b503d4d9f76b4e9b8981139753077bf164f59900f29d54ff35bc294c9b4.json +++ b/.sqlx/query-06f847d99d452dafd10f4a6bec309c330d76eb5d0a34012bd75395b13e3ff659.json @@ -1,6 +1,6 @@ { "db_name": "PostgreSQL", - "query": "SELECT id \"id?\", \"name\",\"wireguard_pubkey\",\"user_id\",\"created\",\"preshared_key\" FROM \"device\"", + "query": "SELECT id \"id?\", \"name\",\"wireguard_pubkey\",\"user_id\",\"created\" FROM \"device\"", "describe": { "columns": [ { @@ -27,11 +27,6 @@ "ordinal": 4, "name": "created", "type_info": "Timestamp" - }, - { - "ordinal": 5, - "name": "preshared_key", - "type_info": "Text" } ], "parameters": { @@ -42,9 +37,8 @@ false, false, false, - false, - true + false ] }, - "hash": "5d629b503d4d9f76b4e9b8981139753077bf164f59900f29d54ff35bc294c9b4" + "hash": "06f847d99d452dafd10f4a6bec309c330d76eb5d0a34012bd75395b13e3ff659" } diff --git a/.sqlx/query-1a01b8b88444b493abf74b2ec0ad649018244de3c7f23d98bfab71faa1a9fae1.json b/.sqlx/query-1a01b8b88444b493abf74b2ec0ad649018244de3c7f23d98bfab71faa1a9fae1.json new file mode 100644 index 000000000..c6790b55f --- /dev/null +++ b/.sqlx/query-1a01b8b88444b493abf74b2ec0ad649018244de3c7f23d98bfab71faa1a9fae1.json @@ -0,0 +1,92 @@ +{ + "db_name": "PostgreSQL", + "query": "SELECT id as \"id?\", name, address, port, pubkey, prvkey, endpoint, dns, allowed_ips, connected_at, mfa_enabled, keepalive_interval, peer_disconnect_threshold FROM wireguard_network WHERE mfa_enabled = true", + "describe": { + "columns": [ + { + "ordinal": 0, + "name": "id?", + "type_info": "Int8" + }, + { + "ordinal": 1, + "name": "name", + "type_info": "Text" + }, + { + "ordinal": 2, + "name": "address", + "type_info": "Inet" + }, + { + "ordinal": 3, + "name": "port", + "type_info": "Int4" + }, + { + "ordinal": 4, + "name": "pubkey", + "type_info": "Text" + }, + { + "ordinal": 5, + "name": "prvkey", + "type_info": "Text" + }, + { + "ordinal": 6, + "name": "endpoint", + "type_info": "Text" + }, + { + "ordinal": 7, + "name": "dns", + "type_info": "Text" + }, + { + "ordinal": 8, + "name": "allowed_ips", + "type_info": "InetArray" + }, + { + "ordinal": 9, + "name": "connected_at", + "type_info": "Timestamp" + }, + { + "ordinal": 10, + "name": "mfa_enabled", + "type_info": "Bool" + }, + { + "ordinal": 11, + "name": "keepalive_interval", + "type_info": "Int4" + }, + { + "ordinal": 12, + "name": "peer_disconnect_threshold", + "type_info": "Int4" + } + ], + "parameters": { + "Left": [] + }, + "nullable": [ + false, + false, + false, + false, + false, + false, + false, + true, + false, + true, + false, + false, + false + ] + }, + "hash": "1a01b8b88444b493abf74b2ec0ad649018244de3c7f23d98bfab71faa1a9fae1" +} diff --git a/.sqlx/query-35a4ec60785870b07495258a3ea5faf0d7a9d5f523db44f7da17ca1bf31d4576.json b/.sqlx/query-33a1e2f1904757c775d389fa99d67916b7b220d6aa1fe8bb6690f85ed1cd5666.json similarity index 70% rename from .sqlx/query-35a4ec60785870b07495258a3ea5faf0d7a9d5f523db44f7da17ca1bf31d4576.json rename to .sqlx/query-33a1e2f1904757c775d389fa99d67916b7b220d6aa1fe8bb6690f85ed1cd5666.json index 1835956e7..462ab0695 100644 --- a/.sqlx/query-35a4ec60785870b07495258a3ea5faf0d7a9d5f523db44f7da17ca1bf31d4576.json +++ b/.sqlx/query-33a1e2f1904757c775d389fa99d67916b7b220d6aa1fe8bb6690f85ed1cd5666.json @@ -1,6 +1,6 @@ { "db_name": "PostgreSQL", - "query": "SELECT device.id \"id?\", name, wireguard_pubkey, user_id, created, preshared_key FROM device JOIN \"user\" ON device.user_id = \"user\".id WHERE \"user\".username = $1", + "query": "SELECT device.id \"id?\", name, wireguard_pubkey, user_id, created FROM device JOIN \"user\" ON device.user_id = \"user\".id WHERE \"user\".username = $1", "describe": { "columns": [ { @@ -27,11 +27,6 @@ "ordinal": 4, "name": "created", "type_info": "Timestamp" - }, - { - "ordinal": 5, - "name": "preshared_key", - "type_info": "Text" } ], "parameters": { @@ -44,9 +39,8 @@ false, false, false, - false, - true + false ] }, - "hash": "35a4ec60785870b07495258a3ea5faf0d7a9d5f523db44f7da17ca1bf31d4576" + "hash": "33a1e2f1904757c775d389fa99d67916b7b220d6aa1fe8bb6690f85ed1cd5666" } diff --git a/.sqlx/query-43fe6ac793c1a59664383338f83488788ae61d74d3e86bbe123b1d41c8e19af4.json b/.sqlx/query-3e6fa53cc900724e25e127f472cb0cb5b5e76fbcf424a79b94862f623ea975fc.json similarity index 74% rename from .sqlx/query-43fe6ac793c1a59664383338f83488788ae61d74d3e86bbe123b1d41c8e19af4.json rename to .sqlx/query-3e6fa53cc900724e25e127f472cb0cb5b5e76fbcf424a79b94862f623ea975fc.json index a4455a8ac..431b7f8fa 100644 --- a/.sqlx/query-43fe6ac793c1a59664383338f83488788ae61d74d3e86bbe123b1d41c8e19af4.json +++ b/.sqlx/query-3e6fa53cc900724e25e127f472cb0cb5b5e76fbcf424a79b94862f623ea975fc.json @@ -1,6 +1,6 @@ { "db_name": "PostgreSQL", - "query": "SELECT device.id \"id?\", name, wireguard_pubkey, user_id, created, preshared_key FROM device WHERE user_id = $1", + "query": "SELECT device.id \"id?\", name, wireguard_pubkey, user_id, created FROM device WHERE user_id = $1", "describe": { "columns": [ { @@ -27,11 +27,6 @@ "ordinal": 4, "name": "created", "type_info": "Timestamp" - }, - { - "ordinal": 5, - "name": "preshared_key", - "type_info": "Text" } ], "parameters": { @@ -44,9 +39,8 @@ false, false, false, - false, - true + false ] }, - "hash": "43fe6ac793c1a59664383338f83488788ae61d74d3e86bbe123b1d41c8e19af4" + "hash": "3e6fa53cc900724e25e127f472cb0cb5b5e76fbcf424a79b94862f623ea975fc" } diff --git a/.sqlx/query-ea731a5dd05cf3c68a4f479ec978571325c844ae1f4d222193bebd61a1859ee2.json b/.sqlx/query-439bef62ccc846cccca2c6979e5698a7aaba2beb19645b720eefa73e4dcac942.json similarity index 69% rename from .sqlx/query-ea731a5dd05cf3c68a4f479ec978571325c844ae1f4d222193bebd61a1859ee2.json rename to .sqlx/query-439bef62ccc846cccca2c6979e5698a7aaba2beb19645b720eefa73e4dcac942.json index 2e83afa95..b5ca2d931 100644 --- a/.sqlx/query-ea731a5dd05cf3c68a4f479ec978571325c844ae1f4d222193bebd61a1859ee2.json +++ b/.sqlx/query-439bef62ccc846cccca2c6979e5698a7aaba2beb19645b720eefa73e4dcac942.json @@ -1,6 +1,6 @@ { "db_name": "PostgreSQL", - "query": "SELECT device.id \"id?\", name, wireguard_pubkey, user_id, created, preshared_key FROM device JOIN \"user\" ON device.user_id = \"user\".id WHERE device.id = $1 AND \"user\".username = $2", + "query": "SELECT device.id \"id?\", name, wireguard_pubkey, user_id, created FROM device JOIN \"user\" ON device.user_id = \"user\".id WHERE device.id = $1 AND \"user\".username = $2", "describe": { "columns": [ { @@ -27,11 +27,6 @@ "ordinal": 4, "name": "created", "type_info": "Timestamp" - }, - { - "ordinal": 5, - "name": "preshared_key", - "type_info": "Text" } ], "parameters": { @@ -45,9 +40,8 @@ false, false, false, - false, - true + false ] }, - "hash": "ea731a5dd05cf3c68a4f479ec978571325c844ae1f4d222193bebd61a1859ee2" + "hash": "439bef62ccc846cccca2c6979e5698a7aaba2beb19645b720eefa73e4dcac942" } diff --git a/.sqlx/query-01ef7ff2c9dc9bbaba01b9e6bc4adf4c4cbe70d3dd64b503b387a8cf948fab2c.json b/.sqlx/query-442aac6474b466acc15578483d7d582a6face350a9c4c11db8b32fc251605cd6.json similarity index 58% rename from .sqlx/query-01ef7ff2c9dc9bbaba01b9e6bc4adf4c4cbe70d3dd64b503b387a8cf948fab2c.json rename to .sqlx/query-442aac6474b466acc15578483d7d582a6face350a9c4c11db8b32fc251605cd6.json index 621919ad8..7e6961bbf 100644 --- a/.sqlx/query-01ef7ff2c9dc9bbaba01b9e6bc4adf4c4cbe70d3dd64b503b387a8cf948fab2c.json +++ b/.sqlx/query-442aac6474b466acc15578483d7d582a6face350a9c4c11db8b32fc251605cd6.json @@ -1,6 +1,6 @@ { "db_name": "PostgreSQL", - "query": "SELECT device_id, wireguard_network_id, wireguard_ip as \"wireguard_ip: IpAddr\" FROM wireguard_network_device WHERE device_id = $1", + "query": "SELECT device_id, wireguard_network_id, wireguard_ip as \"wireguard_ip: IpAddr\", preshared_key, is_authorized FROM wireguard_network_device WHERE device_id = $1", "describe": { "columns": [ { @@ -17,6 +17,16 @@ "ordinal": 2, "name": "wireguard_ip: IpAddr", "type_info": "Inet" + }, + { + "ordinal": 3, + "name": "preshared_key", + "type_info": "Text" + }, + { + "ordinal": 4, + "name": "is_authorized", + "type_info": "Bool" } ], "parameters": { @@ -27,8 +37,10 @@ "nullable": [ false, false, + false, + true, false ] }, - "hash": "01ef7ff2c9dc9bbaba01b9e6bc4adf4c4cbe70d3dd64b503b387a8cf948fab2c" + "hash": "442aac6474b466acc15578483d7d582a6face350a9c4c11db8b32fc251605cd6" } diff --git a/.sqlx/query-7381a3487396a1d7e562e21bb2804fd82b538b4ed436ad714408a72657e8a9e2.json b/.sqlx/query-481658620e98faa574e26fe49abbecafa1166f16151c69b465cd49f334de7190.json similarity index 55% rename from .sqlx/query-7381a3487396a1d7e562e21bb2804fd82b538b4ed436ad714408a72657e8a9e2.json rename to .sqlx/query-481658620e98faa574e26fe49abbecafa1166f16151c69b465cd49f334de7190.json index eb365a6f6..b3830140f 100644 --- a/.sqlx/query-7381a3487396a1d7e562e21bb2804fd82b538b4ed436ad714408a72657e8a9e2.json +++ b/.sqlx/query-481658620e98faa574e26fe49abbecafa1166f16151c69b465cd49f334de7190.json @@ -1,6 +1,6 @@ { "db_name": "PostgreSQL", - "query": "SELECT device_id, wireguard_network_id, wireguard_ip as \"wireguard_ip: IpAddr\" FROM wireguard_network_device WHERE wireguard_network_id = $1", + "query": "SELECT device_id, wireguard_network_id, wireguard_ip as \"wireguard_ip: IpAddr\", preshared_key, is_authorized FROM wireguard_network_device WHERE device_id = $1 AND wireguard_network_id = $2", "describe": { "columns": [ { @@ -17,18 +17,31 @@ "ordinal": 2, "name": "wireguard_ip: IpAddr", "type_info": "Inet" + }, + { + "ordinal": 3, + "name": "preshared_key", + "type_info": "Text" + }, + { + "ordinal": 4, + "name": "is_authorized", + "type_info": "Bool" } ], "parameters": { "Left": [ + "Int8", "Int8" ] }, "nullable": [ false, false, + false, + true, false ] }, - "hash": "7381a3487396a1d7e562e21bb2804fd82b538b4ed436ad714408a72657e8a9e2" + "hash": "481658620e98faa574e26fe49abbecafa1166f16151c69b465cd49f334de7190" } diff --git a/.sqlx/query-580741c18880eb98a7073dbb8e1cd907893fedd70f7d752521d515230397f3ee.json b/.sqlx/query-580741c18880eb98a7073dbb8e1cd907893fedd70f7d752521d515230397f3ee.json new file mode 100644 index 000000000..8323d4d07 --- /dev/null +++ b/.sqlx/query-580741c18880eb98a7073dbb8e1cd907893fedd70f7d752521d515230397f3ee.json @@ -0,0 +1,47 @@ +{ + "db_name": "PostgreSQL", + "query": "WITH stats AS ( SELECT DISTINCT ON (device_id) device_id, endpoint, latest_handshake FROM wireguard_peer_stats WHERE network = $1 ORDER BY device_id, collected_at DESC ) SELECT d.id as \"id?\", d.name, d.wireguard_pubkey, d.user_id, d.created FROM device d JOIN wireguard_network_device wnd ON wnd.device_id = d.id LEFT JOIN stats on d.id = stats.device_id WHERE wnd.wireguard_network_id = $1 AND wnd.is_authorized = true AND (NOW() - stats.latest_handshake) > $2 * interval '1 second'", + "describe": { + "columns": [ + { + "ordinal": 0, + "name": "id?", + "type_info": "Int8" + }, + { + "ordinal": 1, + "name": "name", + "type_info": "Text" + }, + { + "ordinal": 2, + "name": "wireguard_pubkey", + "type_info": "Text" + }, + { + "ordinal": 3, + "name": "user_id", + "type_info": "Int8" + }, + { + "ordinal": 4, + "name": "created", + "type_info": "Timestamp" + } + ], + "parameters": { + "Left": [ + "Int8", + "Float8" + ] + }, + "nullable": [ + false, + false, + false, + false, + false + ] + }, + "hash": "580741c18880eb98a7073dbb8e1cd907893fedd70f7d752521d515230397f3ee" +} diff --git a/.sqlx/query-dba6275f3895b8725bdce57c4617956773817874aeccc8c9f73527018e5d10cb.json b/.sqlx/query-5f1da7400599669d9591f6dded6c38d6f74286fd5660c1ccae20ce43617bbc8f.json similarity index 74% rename from .sqlx/query-dba6275f3895b8725bdce57c4617956773817874aeccc8c9f73527018e5d10cb.json rename to .sqlx/query-5f1da7400599669d9591f6dded6c38d6f74286fd5660c1ccae20ce43617bbc8f.json index 265377aa3..fbd018000 100644 --- a/.sqlx/query-dba6275f3895b8725bdce57c4617956773817874aeccc8c9f73527018e5d10cb.json +++ b/.sqlx/query-5f1da7400599669d9591f6dded6c38d6f74286fd5660c1ccae20ce43617bbc8f.json @@ -1,6 +1,6 @@ { "db_name": "PostgreSQL", - "query": "WITH s AS ( SELECT DISTINCT ON (device_id) * FROM wireguard_peer_stats ORDER BY device_id, latest_handshake DESC ) SELECT d.id \"id?\", d.name, d.wireguard_pubkey, d.user_id, d.created, d.preshared_key FROM device d JOIN s ON d.id = s.device_id WHERE s.latest_handshake >= $1 AND s.network = $2", + "query": "WITH s AS ( SELECT DISTINCT ON (device_id) * FROM wireguard_peer_stats ORDER BY device_id, latest_handshake DESC ) SELECT d.id \"id?\", d.name, d.wireguard_pubkey, d.user_id, d.created FROM device d JOIN s ON d.id = s.device_id WHERE s.latest_handshake >= $1 AND s.network = $2", "describe": { "columns": [ { @@ -27,11 +27,6 @@ "ordinal": 4, "name": "created", "type_info": "Timestamp" - }, - { - "ordinal": 5, - "name": "preshared_key", - "type_info": "Text" } ], "parameters": { @@ -45,9 +40,8 @@ false, false, false, - false, - true + false ] }, - "hash": "dba6275f3895b8725bdce57c4617956773817874aeccc8c9f73527018e5d10cb" + "hash": "5f1da7400599669d9591f6dded6c38d6f74286fd5660c1ccae20ce43617bbc8f" } diff --git a/.sqlx/query-c91e2bc58d379bbc7ed29d008f1806ff6f0efe4fd55a198682d52d2edc7de24d.json b/.sqlx/query-6dfb9442da967755230ab2b7c5baf8eec06d64af5886e840bea1b32d2be10ca0.json similarity index 57% rename from .sqlx/query-c91e2bc58d379bbc7ed29d008f1806ff6f0efe4fd55a198682d52d2edc7de24d.json rename to .sqlx/query-6dfb9442da967755230ab2b7c5baf8eec06d64af5886e840bea1b32d2be10ca0.json index e9d042263..1a836e180 100644 --- a/.sqlx/query-c91e2bc58d379bbc7ed29d008f1806ff6f0efe4fd55a198682d52d2edc7de24d.json +++ b/.sqlx/query-6dfb9442da967755230ab2b7c5baf8eec06d64af5886e840bea1b32d2be10ca0.json @@ -1,6 +1,6 @@ { "db_name": "PostgreSQL", - "query": "UPDATE \"device\" SET \"name\" = $2,\"wireguard_pubkey\" = $3,\"user_id\" = $4,\"created\" = $5,\"preshared_key\" = $6 WHERE id = $1", + "query": "UPDATE \"device\" SET \"name\" = $2,\"wireguard_pubkey\" = $3,\"user_id\" = $4,\"created\" = $5 WHERE id = $1", "describe": { "columns": [], "parameters": { @@ -9,11 +9,10 @@ "Text", "Text", "Int8", - "Timestamp", - "Text" + "Timestamp" ] }, "nullable": [] }, - "hash": "c91e2bc58d379bbc7ed29d008f1806ff6f0efe4fd55a198682d52d2edc7de24d" + "hash": "6dfb9442da967755230ab2b7c5baf8eec06d64af5886e840bea1b32d2be10ca0" } diff --git a/.sqlx/query-fbfe27851d858408d81529e6e77190e332d85f9162249ef56c98edc2582c288a.json b/.sqlx/query-6eff81e0ddc89652014c10c9b5c1561dfa68bc80db59bc000dc217ffa639b53b.json similarity index 59% rename from .sqlx/query-fbfe27851d858408d81529e6e77190e332d85f9162249ef56c98edc2582c288a.json rename to .sqlx/query-6eff81e0ddc89652014c10c9b5c1561dfa68bc80db59bc000dc217ffa639b53b.json index cc2c45570..15d12798f 100644 --- a/.sqlx/query-fbfe27851d858408d81529e6e77190e332d85f9162249ef56c98edc2582c288a.json +++ b/.sqlx/query-6eff81e0ddc89652014c10c9b5c1561dfa68bc80db59bc000dc217ffa639b53b.json @@ -1,6 +1,6 @@ { "db_name": "PostgreSQL", - "query": "SELECT wireguard_network_id as network_id, wireguard_ip as \"device_wireguard_ip: IpAddr\" FROM wireguard_network_device WHERE device_id = $1", + "query": "SELECT wireguard_network_id as network_id, wireguard_ip as \"device_wireguard_ip: IpAddr\", preshared_key FROM wireguard_network_device WHERE device_id = $1", "describe": { "columns": [ { @@ -12,6 +12,11 @@ "ordinal": 1, "name": "device_wireguard_ip: IpAddr", "type_info": "Inet" + }, + { + "ordinal": 2, + "name": "preshared_key", + "type_info": "Text" } ], "parameters": { @@ -21,8 +26,9 @@ }, "nullable": [ false, - false + false, + true ] }, - "hash": "fbfe27851d858408d81529e6e77190e332d85f9162249ef56c98edc2582c288a" + "hash": "6eff81e0ddc89652014c10c9b5c1561dfa68bc80db59bc000dc217ffa639b53b" } diff --git a/.sqlx/query-ca2755ead4852207d09bcd46ffcaadf33061fbb6cf7e1e7c58d5bee1692351e2.json b/.sqlx/query-84679835466cb41a74dd9ef281c9a69451102dae52ffb5a4df99e160a1ec8907.json similarity index 67% rename from .sqlx/query-ca2755ead4852207d09bcd46ffcaadf33061fbb6cf7e1e7c58d5bee1692351e2.json rename to .sqlx/query-84679835466cb41a74dd9ef281c9a69451102dae52ffb5a4df99e160a1ec8907.json index 4b0364ac1..15003141b 100644 --- a/.sqlx/query-ca2755ead4852207d09bcd46ffcaadf33061fbb6cf7e1e7c58d5bee1692351e2.json +++ b/.sqlx/query-84679835466cb41a74dd9ef281c9a69451102dae52ffb5a4df99e160a1ec8907.json @@ -1,6 +1,6 @@ { "db_name": "PostgreSQL", - "query": "SELECT d.id \"id?\", d.name, d.wireguard_pubkey, d.user_id, d.created, d.preshared_key FROM device d JOIN wireguard_network_device wnd ON d.id = wnd.device_id WHERE wnd.wireguard_ip = $1 AND wnd.wireguard_network_id = $2", + "query": "SELECT d.id \"id?\", d.name, d.wireguard_pubkey, d.user_id, d.created FROM device d JOIN wireguard_network_device wnd ON d.id = wnd.device_id WHERE wnd.wireguard_ip = $1 AND wnd.wireguard_network_id = $2", "describe": { "columns": [ { @@ -27,11 +27,6 @@ "ordinal": 4, "name": "created", "type_info": "Timestamp" - }, - { - "ordinal": 5, - "name": "preshared_key", - "type_info": "Text" } ], "parameters": { @@ -45,9 +40,8 @@ false, false, false, - false, - true + false ] }, - "hash": "ca2755ead4852207d09bcd46ffcaadf33061fbb6cf7e1e7c58d5bee1692351e2" + "hash": "84679835466cb41a74dd9ef281c9a69451102dae52ffb5a4df99e160a1ec8907" } diff --git a/.sqlx/query-9132a40b7729383ce9c108baa1b412e872ae9c96792ae9722f66ccfb24f0a144.json b/.sqlx/query-9132a40b7729383ce9c108baa1b412e872ae9c96792ae9722f66ccfb24f0a144.json new file mode 100644 index 000000000..caa6121c9 --- /dev/null +++ b/.sqlx/query-9132a40b7729383ce9c108baa1b412e872ae9c96792ae9722f66ccfb24f0a144.json @@ -0,0 +1,17 @@ +{ + "db_name": "PostgreSQL", + "query": "INSERT INTO wireguard_network_device (device_id, wireguard_network_id, wireguard_ip, is_authorized) VALUES ($1, $2, $3, $4) ON CONFLICT ON CONSTRAINT device_network DO UPDATE SET wireguard_ip = $3, is_authorized = $4", + "describe": { + "columns": [], + "parameters": { + "Left": [ + "Int8", + "Int8", + "Inet", + "Bool" + ] + }, + "nullable": [] + }, + "hash": "9132a40b7729383ce9c108baa1b412e872ae9c96792ae9722f66ccfb24f0a144" +} diff --git a/.sqlx/query-55aac498ce61c0b42f4895add96dfbf99606684a681883600a7aca610c7c6e8b.json b/.sqlx/query-9213729a9a1ce371ef77898f5792d914a67400cb4cce9a8bf86227ffe7d42eda.json similarity index 64% rename from .sqlx/query-55aac498ce61c0b42f4895add96dfbf99606684a681883600a7aca610c7c6e8b.json rename to .sqlx/query-9213729a9a1ce371ef77898f5792d914a67400cb4cce9a8bf86227ffe7d42eda.json index 5f222745a..285e7121c 100644 --- a/.sqlx/query-55aac498ce61c0b42f4895add96dfbf99606684a681883600a7aca610c7c6e8b.json +++ b/.sqlx/query-9213729a9a1ce371ef77898f5792d914a67400cb4cce9a8bf86227ffe7d42eda.json @@ -1,6 +1,6 @@ { "db_name": "PostgreSQL", - "query": "INSERT INTO \"device\" (\"name\",\"wireguard_pubkey\",\"user_id\",\"created\",\"preshared_key\") VALUES ($1,$2,$3,$4,$5) RETURNING id", + "query": "INSERT INTO \"device\" (\"name\",\"wireguard_pubkey\",\"user_id\",\"created\") VALUES ($1,$2,$3,$4) RETURNING id", "describe": { "columns": [ { @@ -14,13 +14,12 @@ "Text", "Text", "Int8", - "Timestamp", - "Text" + "Timestamp" ] }, "nullable": [ false ] }, - "hash": "55aac498ce61c0b42f4895add96dfbf99606684a681883600a7aca610c7c6e8b" + "hash": "9213729a9a1ce371ef77898f5792d914a67400cb4cce9a8bf86227ffe7d42eda" } diff --git a/.sqlx/query-b1b93736fd91a6445bb072e5bbe619c59d9a535dc70d226de618e549c203e88b.json b/.sqlx/query-9e3c1c1f52bc1a576012c57c7472f9f7601e1128b15fc0ecc7676cd5aa01c88c.json similarity index 69% rename from .sqlx/query-b1b93736fd91a6445bb072e5bbe619c59d9a535dc70d226de618e549c203e88b.json rename to .sqlx/query-9e3c1c1f52bc1a576012c57c7472f9f7601e1128b15fc0ecc7676cd5aa01c88c.json index afd9e39e3..82874b3d7 100644 --- a/.sqlx/query-b1b93736fd91a6445bb072e5bbe619c59d9a535dc70d226de618e549c203e88b.json +++ b/.sqlx/query-9e3c1c1f52bc1a576012c57c7472f9f7601e1128b15fc0ecc7676cd5aa01c88c.json @@ -1,6 +1,6 @@ { "db_name": "PostgreSQL", - "query": "SELECT device.id \"id?\", name, wireguard_pubkey, user_id, created, preshared_key FROM device JOIN \"user\" ON device.user_id = \"user\".id WHERE device.id = $1 AND \"user\".id = $2", + "query": "SELECT device.id \"id?\", name, wireguard_pubkey, user_id, created FROM device JOIN \"user\" ON device.user_id = \"user\".id WHERE device.id = $1 AND \"user\".id = $2", "describe": { "columns": [ { @@ -27,11 +27,6 @@ "ordinal": 4, "name": "created", "type_info": "Timestamp" - }, - { - "ordinal": 5, - "name": "preshared_key", - "type_info": "Text" } ], "parameters": { @@ -45,9 +40,8 @@ false, false, false, - false, - true + false ] }, - "hash": "b1b93736fd91a6445bb072e5bbe619c59d9a535dc70d226de618e549c203e88b" + "hash": "9e3c1c1f52bc1a576012c57c7472f9f7601e1128b15fc0ecc7676cd5aa01c88c" } diff --git a/.sqlx/query-c3566263419aab9ba0172d59b105c03a8f5b70a8813849956e9d32b5da5a407f.json b/.sqlx/query-9e659e4a6d973f6603f8c64ea6e7deaf8eb6824c4246d4135274e760b6af73e0.json similarity index 56% rename from .sqlx/query-c3566263419aab9ba0172d59b105c03a8f5b70a8813849956e9d32b5da5a407f.json rename to .sqlx/query-9e659e4a6d973f6603f8c64ea6e7deaf8eb6824c4246d4135274e760b6af73e0.json index 82ebe7c72..7cf799593 100644 --- a/.sqlx/query-c3566263419aab9ba0172d59b105c03a8f5b70a8813849956e9d32b5da5a407f.json +++ b/.sqlx/query-9e659e4a6d973f6603f8c64ea6e7deaf8eb6824c4246d4135274e760b6af73e0.json @@ -1,16 +1,17 @@ { "db_name": "PostgreSQL", - "query": "UPDATE wireguard_network_device SET wireguard_ip = $3 WHERE device_id = $1 AND wireguard_network_id = $2", + "query": "UPDATE wireguard_network_device SET wireguard_ip = $3, is_authorized = $4 WHERE device_id = $1 AND wireguard_network_id = $2", "describe": { "columns": [], "parameters": { "Left": [ "Int8", "Int8", - "Inet" + "Inet", + "Bool" ] }, "nullable": [] }, - "hash": "c3566263419aab9ba0172d59b105c03a8f5b70a8813849956e9d32b5da5a407f" + "hash": "9e659e4a6d973f6603f8c64ea6e7deaf8eb6824c4246d4135274e760b6af73e0" } diff --git a/.sqlx/query-a5aa90dcb89a4e7f1908171b4e4ed6027dd5c770a1330689a029cc31f731bf33.json b/.sqlx/query-a5aa90dcb89a4e7f1908171b4e4ed6027dd5c770a1330689a029cc31f731bf33.json deleted file mode 100644 index 8bbfec8e8..000000000 --- a/.sqlx/query-a5aa90dcb89a4e7f1908171b4e4ed6027dd5c770a1330689a029cc31f731bf33.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "db_name": "PostgreSQL", - "query": "INSERT INTO wireguard_network_device (device_id, wireguard_network_id, wireguard_ip) VALUES ($1, $2, $3) ON CONFLICT ON CONSTRAINT device_network DO UPDATE SET wireguard_ip = $3", - "describe": { - "columns": [], - "parameters": { - "Left": [ - "Int8", - "Int8", - "Inet" - ] - }, - "nullable": [] - }, - "hash": "a5aa90dcb89a4e7f1908171b4e4ed6027dd5c770a1330689a029cc31f731bf33" -} diff --git a/.sqlx/query-d069191fedf7628f2d62be632911845278cca5ceb21718f37082728fa052c33c.json b/.sqlx/query-c64f247f81e332689e35c224656847b246deb6f92a5790a4fdd0d5733defbb57.json similarity index 73% rename from .sqlx/query-d069191fedf7628f2d62be632911845278cca5ceb21718f37082728fa052c33c.json rename to .sqlx/query-c64f247f81e332689e35c224656847b246deb6f92a5790a4fdd0d5733defbb57.json index 3cf4488e3..4a03705f0 100644 --- a/.sqlx/query-d069191fedf7628f2d62be632911845278cca5ceb21718f37082728fa052c33c.json +++ b/.sqlx/query-c64f247f81e332689e35c224656847b246deb6f92a5790a4fdd0d5733defbb57.json @@ -1,6 +1,6 @@ { "db_name": "PostgreSQL", - "query": "SELECT id \"id?\", \"name\",\"wireguard_pubkey\",\"user_id\",\"created\",\"preshared_key\" FROM \"device\" WHERE id = $1", + "query": "SELECT id \"id?\", \"name\",\"wireguard_pubkey\",\"user_id\",\"created\" FROM \"device\" WHERE id = $1", "describe": { "columns": [ { @@ -27,11 +27,6 @@ "ordinal": 4, "name": "created", "type_info": "Timestamp" - }, - { - "ordinal": 5, - "name": "preshared_key", - "type_info": "Text" } ], "parameters": { @@ -44,9 +39,8 @@ false, false, false, - false, - true + false ] }, - "hash": "d069191fedf7628f2d62be632911845278cca5ceb21718f37082728fa052c33c" + "hash": "c64f247f81e332689e35c224656847b246deb6f92a5790a4fdd0d5733defbb57" } diff --git a/.sqlx/query-7878106cb8e9cc315310cf7c0946c3782f2bc80e3f2e0f015bea23717604709f.json b/.sqlx/query-caf97c3a058eac0f9deb4e474b0d76a2d14a75d04f4ea5474e06adc9466a544d.json similarity index 77% rename from .sqlx/query-7878106cb8e9cc315310cf7c0946c3782f2bc80e3f2e0f015bea23717604709f.json rename to .sqlx/query-caf97c3a058eac0f9deb4e474b0d76a2d14a75d04f4ea5474e06adc9466a544d.json index 2a247f079..72c3f6bd6 100644 --- a/.sqlx/query-7878106cb8e9cc315310cf7c0946c3782f2bc80e3f2e0f015bea23717604709f.json +++ b/.sqlx/query-caf97c3a058eac0f9deb4e474b0d76a2d14a75d04f4ea5474e06adc9466a544d.json @@ -1,6 +1,6 @@ { "db_name": "PostgreSQL", - "query": "SELECT d.wireguard_pubkey as pubkey, preshared_key, array[host(wnd.wireguard_ip)] as \"allowed_ips!: Vec\" FROM wireguard_network_device wnd JOIN device d ON wnd.device_id = d.id WHERE wireguard_network_id = $1 ORDER BY d.id ASC", + "query": "SELECT d.wireguard_pubkey as pubkey, preshared_key, array[host(wnd.wireguard_ip)] as \"allowed_ips!: Vec\" FROM wireguard_network_device wnd JOIN device d ON wnd.device_id = d.id WHERE wireguard_network_id = $1 AND (is_authorized = true OR NOT $2) ORDER BY d.id ASC", "describe": { "columns": [ { @@ -21,7 +21,8 @@ ], "parameters": { "Left": [ - "Int8" + "Int8", + "Bool" ] }, "nullable": [ @@ -30,5 +31,5 @@ null ] }, - "hash": "7878106cb8e9cc315310cf7c0946c3782f2bc80e3f2e0f015bea23717604709f" + "hash": "caf97c3a058eac0f9deb4e474b0d76a2d14a75d04f4ea5474e06adc9466a544d" } diff --git a/.sqlx/query-2fadd2533949c86b10d2fb2bcac3b3844f0cedcc82d465c0cc4baeec552e8c98.json b/.sqlx/query-eb6dee5462657ac5ce0ecf31d1477ce7cc874d9ad8b3119977168f601b3e8072.json similarity index 74% rename from .sqlx/query-2fadd2533949c86b10d2fb2bcac3b3844f0cedcc82d465c0cc4baeec552e8c98.json rename to .sqlx/query-eb6dee5462657ac5ce0ecf31d1477ce7cc874d9ad8b3119977168f601b3e8072.json index 878e77680..b0e4fe52a 100644 --- a/.sqlx/query-2fadd2533949c86b10d2fb2bcac3b3844f0cedcc82d465c0cc4baeec552e8c98.json +++ b/.sqlx/query-eb6dee5462657ac5ce0ecf31d1477ce7cc874d9ad8b3119977168f601b3e8072.json @@ -1,6 +1,6 @@ { "db_name": "PostgreSQL", - "query": "SELECT id \"id?\", name, wireguard_pubkey, user_id, created, preshared_key FROM device WHERE wireguard_pubkey = $1", + "query": "SELECT id \"id?\", name, wireguard_pubkey, user_id, created FROM device WHERE wireguard_pubkey = $1", "describe": { "columns": [ { @@ -27,11 +27,6 @@ "ordinal": 4, "name": "created", "type_info": "Timestamp" - }, - { - "ordinal": 5, - "name": "preshared_key", - "type_info": "Text" } ], "parameters": { @@ -44,9 +39,8 @@ false, false, false, - false, - true + false ] }, - "hash": "2fadd2533949c86b10d2fb2bcac3b3844f0cedcc82d465c0cc4baeec552e8c98" + "hash": "eb6dee5462657ac5ce0ecf31d1477ce7cc874d9ad8b3119977168f601b3e8072" } diff --git a/.sqlx/query-d5761193c11c9029731464a6824600203ca943272969aff90da38088f9f55097.json b/.sqlx/query-fdbb9308a58ade3fd1cba272fe3979ed4bafb1ee079fd8b23ac9c2ef95db2312.json similarity index 61% rename from .sqlx/query-d5761193c11c9029731464a6824600203ca943272969aff90da38088f9f55097.json rename to .sqlx/query-fdbb9308a58ade3fd1cba272fe3979ed4bafb1ee079fd8b23ac9c2ef95db2312.json index 8bad0a958..dd54ba7fc 100644 --- a/.sqlx/query-d5761193c11c9029731464a6824600203ca943272969aff90da38088f9f55097.json +++ b/.sqlx/query-fdbb9308a58ade3fd1cba272fe3979ed4bafb1ee079fd8b23ac9c2ef95db2312.json @@ -1,6 +1,6 @@ { "db_name": "PostgreSQL", - "query": "SELECT DISTINCT ON (d.id) d.id as \"id?\", d.name, d.wireguard_pubkey, d.user_id, d.created, d.preshared_key FROM device d JOIN \"user\" u ON d.user_id = u.id JOIN group_user gu ON u.id = gu.user_id JOIN \"group\" g ON gu.group_id = g.id WHERE g.\"name\" IN (SELECT * FROM UNNEST($1::text[]))\n ORDER BY d.id ASC", + "query": "SELECT DISTINCT ON (d.id) d.id as \"id?\", d.name, d.wireguard_pubkey, d.user_id, d.created FROM device d JOIN \"user\" u ON d.user_id = u.id JOIN group_user gu ON u.id = gu.user_id JOIN \"group\" g ON gu.group_id = g.id WHERE g.\"name\" IN (SELECT * FROM UNNEST($1::text[]))\n ORDER BY d.id ASC", "describe": { "columns": [ { @@ -27,11 +27,6 @@ "ordinal": 4, "name": "created", "type_info": "Timestamp" - }, - { - "ordinal": 5, - "name": "preshared_key", - "type_info": "Text" } ], "parameters": { @@ -44,9 +39,8 @@ false, false, false, - false, - true + false ] }, - "hash": "d5761193c11c9029731464a6824600203ca943272969aff90da38088f9f55097" + "hash": "fdbb9308a58ade3fd1cba272fe3979ed4bafb1ee079fd8b23ac9c2ef95db2312" } diff --git a/.sqlx/query-8ae08ad03e745e8f3d65707bb8637a9277805ca9c7a22faeb66230ce0fa87ea9.json b/.sqlx/query-ff9f1363df5b9dc633767b0d3addedea0baba7447d4557f681f26c666a2c47bc.json similarity index 57% rename from .sqlx/query-8ae08ad03e745e8f3d65707bb8637a9277805ca9c7a22faeb66230ce0fa87ea9.json rename to .sqlx/query-ff9f1363df5b9dc633767b0d3addedea0baba7447d4557f681f26c666a2c47bc.json index 5c37678ae..b4ff83fef 100644 --- a/.sqlx/query-8ae08ad03e745e8f3d65707bb8637a9277805ca9c7a22faeb66230ce0fa87ea9.json +++ b/.sqlx/query-ff9f1363df5b9dc633767b0d3addedea0baba7447d4557f681f26c666a2c47bc.json @@ -1,6 +1,6 @@ { "db_name": "PostgreSQL", - "query": "SELECT device_id, wireguard_network_id, wireguard_ip as \"wireguard_ip: IpAddr\" FROM wireguard_network_device WHERE device_id = $1 AND wireguard_network_id = $2", + "query": "SELECT device_id, wireguard_network_id, wireguard_ip as \"wireguard_ip: IpAddr\", preshared_key, is_authorized FROM wireguard_network_device WHERE wireguard_network_id = $1", "describe": { "columns": [ { @@ -17,19 +17,30 @@ "ordinal": 2, "name": "wireguard_ip: IpAddr", "type_info": "Inet" + }, + { + "ordinal": 3, + "name": "preshared_key", + "type_info": "Text" + }, + { + "ordinal": 4, + "name": "is_authorized", + "type_info": "Bool" } ], "parameters": { "Left": [ - "Int8", "Int8" ] }, "nullable": [ false, false, + false, + true, false ] }, - "hash": "8ae08ad03e745e8f3d65707bb8637a9277805ca9c7a22faeb66230ce0fa87ea9" + "hash": "ff9f1363df5b9dc633767b0d3addedea0baba7447d4557f681f26c666a2c47bc" } diff --git a/Cargo.lock b/Cargo.lock index 5c004874c..fbcd2fe2f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -145,9 +145,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.76" +version = "1.0.77" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "59d2a3357dde987206219e78ecfbbb6e8dad06cbb65292758d3270e6254f7355" +checksum = "c9d19de80eff169429ac1e9f48fffb163916b448a44e8e046186232046d9e1f9" [[package]] name = "argon2" @@ -225,7 +225,7 @@ checksum = "16e62a023e7c117e27523144c5d2459f4397fcc3cab0085af8e2224f643a0193" dependencies = [ "proc-macro2", "quote", - "syn 2.0.42", + "syn 2.0.43", ] [[package]] @@ -236,7 +236,7 @@ checksum = "fdf6721fb0140e4f897002dd086c06f6c27775df19cfe1fccb21181a48fd2c98" dependencies = [ "proc-macro2", "quote", - "syn 2.0.42", + "syn 2.0.43", ] [[package]] @@ -667,7 +667,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.42", + "syn 2.0.43", ] [[package]] @@ -849,21 +849,20 @@ dependencies = [ [[package]] name = "crossbeam-epoch" -version = "0.9.16" +version = "0.9.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2d2fe95351b870527a5d09bf563ed3c97c0cffb87cf1c78a591bf48bb218d9aa" +checksum = "0e3681d554572a651dda4186cd47240627c3d0114d45a95f6ad27f2f22e7548d" dependencies = [ "autocfg", "cfg-if", "crossbeam-utils", - "memoffset", ] [[package]] name = "crossbeam-queue" -version = "0.3.9" +version = "0.3.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b9bcf5bdbfdd6030fb4a1c497b5d5fc5921aa2f60d359a17e249c0e6df3de153" +checksum = "adc6598521bb5a83d491e8c1fe51db7296019d2ca3cb93cc6c2a20369a4d78a2" dependencies = [ "cfg-if", "crossbeam-utils", @@ -871,9 +870,9 @@ dependencies = [ [[package]] name = "crossbeam-utils" -version = "0.8.17" +version = "0.8.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c06d96137f14f244c37f989d9fff8f95e6c18b918e71f36638f8c49112e4c78f" +checksum = "c3a430a770ebd84726f584a90ee7f020d28db52c6d02138900f22341f866d39c" dependencies = [ "cfg-if", ] @@ -941,7 +940,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.42", + "syn 2.0.43", ] [[package]] @@ -965,7 +964,7 @@ dependencies = [ "proc-macro2", "quote", "strsim", - "syn 2.0.42", + "syn 2.0.43", ] [[package]] @@ -976,7 +975,7 @@ checksum = "836a9bbc7ad63342d6d6e7b815ccab164bc77a2d95d84bc3117a8c0d5c98e2d5" dependencies = [ "darling_core", "quote", - "syn 2.0.42", + "syn 2.0.43", ] [[package]] @@ -1124,7 +1123,7 @@ checksum = "487585f4d0c6655fe74905e2504d8ad6908e4db67f744eb140876906c2f3175d" dependencies = [ "proc-macro2", "quote", - "syn 2.0.42", + "syn 2.0.43", ] [[package]] @@ -1464,9 +1463,9 @@ checksum = "e6d5a32815ae3f33302d95fdcb2ce17862f8c65363dcfd29360480ba1001fc9c" [[package]] name = "futures" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da0290714b38af9b4a7b094b8a37086d1b4e61f2df9122c3cad2577669145335" +checksum = "645c6916888f6cb6350d2550b80fb63e734897a8498abe35cfb732b6487804b0" dependencies = [ "futures-channel", "futures-core", @@ -1479,9 +1478,9 @@ dependencies = [ [[package]] name = "futures-channel" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ff4dd66668b557604244583e3e1e1eada8c5c2e96a6d0d6653ede395b78bbacb" +checksum = "eac8f7d7865dcb88bd4373ab671c8cf4508703796caa2b1985a9ca867b3fcb78" dependencies = [ "futures-core", "futures-sink", @@ -1489,15 +1488,15 @@ dependencies = [ [[package]] name = "futures-core" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eb1d22c66e66d9d72e1758f0bd7d4fd0bee04cad842ee34587d68c07e45d088c" +checksum = "dfc6580bb841c5a68e9ef15c77ccc837b40a7504914d52e47b8b0e9bbda25a1d" [[package]] name = "futures-executor" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0f4fb8693db0cf099eadcca0efe2a5a22e4550f98ed16aba6c48700da29597bc" +checksum = "a576fc72ae164fca6b9db127eaa9a9dda0d61316034f33a0a0d4eda41f02b01d" dependencies = [ "futures-core", "futures-task", @@ -1517,38 +1516,38 @@ dependencies = [ [[package]] name = "futures-io" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8bf34a163b5c4c52d0478a4d757da8fb65cabef42ba90515efee0f6f9fa45aaa" +checksum = "a44623e20b9681a318efdd71c299b6b222ed6f231972bfe2f224ebad6311f0c1" [[package]] name = "futures-macro" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53b153fd91e4b0147f4aced87be237c98248656bb01050b96bf3ee89220a8ddb" +checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac" dependencies = [ "proc-macro2", "quote", - "syn 2.0.42", + "syn 2.0.43", ] [[package]] name = "futures-sink" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e36d3378ee38c2a36ad710c5d30c2911d752cb941c00c72dbabfb786a7970817" +checksum = "9fb8e00e87438d937621c1c6269e53f536c14d3fbd6a042bb24879e57d474fb5" [[package]] name = "futures-task" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "efd193069b0ddadc69c46389b740bbccdd97203899b48d09c5f7969591d6bae2" +checksum = "38d84fa142264698cdce1a9f9172cf383a0c82de1bddcf3092901442c4097004" [[package]] name = "futures-util" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a19526d624e703a3179b3d322efec918b6246ea0fa51d41124525f00f1cc8104" +checksum = "3d6401deb83407ab3da39eba7e33987a73c3df0c82b4bb5813ee871c19c41d48" dependencies = [ "futures-channel", "futures-core", @@ -2400,15 +2399,6 @@ version = "2.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f665ee40bc4a3c5590afb1e9677db74a508659dfd71e126420da8274909a0167" -[[package]] -name = "memoffset" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a634b1c61a95585bd15607c6ab0c4e5b226e695ff2800ba0cdccddf208c406c" -dependencies = [ - "autocfg", -] - [[package]] name = "mime" version = "0.3.17" @@ -2456,7 +2446,7 @@ name = "model_derive" version = "0.1.2" dependencies = [ "quote", - "syn 2.0.42", + "syn 2.0.43", ] [[package]] @@ -2607,7 +2597,7 @@ dependencies = [ "proc-macro-crate 2.0.1", "proc-macro2", "quote", - "syn 2.0.42", + "syn 2.0.43", ] [[package]] @@ -2631,9 +2621,9 @@ dependencies = [ [[package]] name = "object" -version = "0.32.1" +version = "0.32.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9cf5f9dd3933bd50a9e1f149ec995f39ae2c496d31fd772c1fd45ebc27e902b0" +checksum = "a6a622008b6e321afc04970976f62ee297fdbaa6f95318ca343e3eebb9648441" dependencies = [ "memchr", ] @@ -2718,9 +2708,9 @@ dependencies = [ [[package]] name = "openssl" -version = "0.10.61" +version = "0.10.62" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6b8419dc8cc6d866deb801274bba2e6f8f6108c1bb7fcc10ee5ab864931dbb45" +checksum = "8cde4d2d9200ad5909f8dac647e29482e07c3a35de8a13fce7c9c7747ad9f671" dependencies = [ "bitflags 2.4.1", "cfg-if", @@ -2739,7 +2729,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.42", + "syn 2.0.43", ] [[package]] @@ -2750,9 +2740,9 @@ checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" [[package]] name = "openssl-sys" -version = "0.9.97" +version = "0.9.98" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c3eaad34cdd97d81de97964fc7f29e2d104f483840d906ef56daa1912338460b" +checksum = "c1665caf8ab2dc9aef43d1c0023bd904633a6a05cb30b0ad59bec2ae986e57a7" dependencies = [ "cc", "libc", @@ -2951,7 +2941,7 @@ dependencies = [ "pest_meta", "proc-macro2", "quote", - "syn 2.0.42", + "syn 2.0.43", ] [[package]] @@ -3030,7 +3020,7 @@ checksum = "4359fd9c9171ec6e8c62926d6faaf553a8dc3f64e1507e76da7911b4f6a04405" dependencies = [ "proc-macro2", "quote", - "syn 2.0.42", + "syn 2.0.43", ] [[package]] @@ -3109,7 +3099,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ae005bd773ab59b4725093fd7df83fd7892f7d8eafb48dbd7de6e024e4215f9d" dependencies = [ "proc-macro2", - "syn 2.0.42", + "syn 2.0.43", ] [[package]] @@ -3181,9 +3171,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.70" +version = "1.0.71" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "39278fbbf5fb4f646ce651690877f89d1c5811a3d4acb27700c1cb3cdb78fd3b" +checksum = "75cb1540fadbd5b8fbccc4dddad2734eba435053f725621c070711a14bb5f4b8" dependencies = [ "unicode-ident", ] @@ -3231,7 +3221,7 @@ dependencies = [ "prost", "prost-types", "regex", - "syn 2.0.42", + "syn 2.0.43", "tempfile", "which", ] @@ -3246,7 +3236,7 @@ dependencies = [ "itertools 0.11.0", "proc-macro2", "quote", - "syn 2.0.42", + "syn 2.0.43", ] [[package]] @@ -3690,11 +3680,11 @@ dependencies = [ [[package]] name = "schannel" -version = "0.1.22" +version = "0.1.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c3733bf4cf7ea0880754e19cb5a462007c4a8c1914bff372ccc95b464f1df88" +checksum = "fbc91545643bcf3a0bbb6569265615222618bdf33ce4ffbbd13c4bbd4c093534" dependencies = [ - "windows-sys 0.48.0", + "windows-sys 0.52.0", ] [[package]] @@ -3822,7 +3812,7 @@ checksum = "43576ca501357b9b071ac53cdc7da8ef0cbd9493d8df094cd821777ea6e894d3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.42", + "syn 2.0.43", ] [[package]] @@ -3904,7 +3894,7 @@ dependencies = [ "darling", "proc-macro2", "quote", - "syn 2.0.42", + "syn 2.0.43", ] [[package]] @@ -4331,7 +4321,7 @@ checksum = "f14a349c27ebe59faba22f933c9c734d428da7231e88a247e9d8c61eea964ddb" dependencies = [ "proc-macro2", "quote", - "syn 2.0.42", + "syn 2.0.43", ] [[package]] @@ -4353,7 +4343,7 @@ dependencies = [ "proc-macro2", "quote", "rustversion", - "syn 2.0.42", + "syn 2.0.43", ] [[package]] @@ -4375,9 +4365,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.42" +version = "2.0.43" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b7d0a2c048d661a1a59fcd7355baa232f7ed34e0ee4df2eef3c1c1c0d3852d8" +checksum = "ee659fb5f3d355364e1f3e5bc10fb82068efbf824a1e9d1c9504244a6469ad53" dependencies = [ "proc-macro2", "quote", @@ -4466,22 +4456,22 @@ dependencies = [ [[package]] name = "thiserror" -version = "1.0.51" +version = "1.0.52" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f11c217e1416d6f036b870f14e0413d480dbf28edbee1f877abaf0206af43bb7" +checksum = "83a48fd946b02c0a526b2e9481c8e2a17755e47039164a86c4070446e3a4614d" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.51" +version = "1.0.52" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "01742297787513b79cf8e29d1056ede1313e2420b7b3b15d0a768b4921f549df" +checksum = "e7fbe9b594d6568a6a1443250a7e67d80b74e1e96f6d1715e1e21cc1888291d3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.42", + "syn 2.0.43", ] [[package]] @@ -4583,7 +4573,7 @@ checksum = "5b8a1e28f2deaa14e508979454cb3a223b10b938b45af148bc0986de36f1923b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.42", + "syn 2.0.43", ] [[package]] @@ -4701,7 +4691,7 @@ dependencies = [ "proc-macro2", "prost-build", "quote", - "syn 2.0.42", + "syn 2.0.43", ] [[package]] @@ -4781,7 +4771,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.42", + "syn 2.0.43", ] [[package]] @@ -5097,7 +5087,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.42", + "syn 2.0.43", "wasm-bindgen-shared", ] @@ -5131,7 +5121,7 @@ checksum = "f0eb82fcb7930ae6219a7ecfd55b217f5f0893484b7a13022ebb2b2bf20b5283" dependencies = [ "proc-macro2", "quote", - "syn 2.0.42", + "syn 2.0.43", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -5499,22 +5489,22 @@ dependencies = [ [[package]] name = "zerocopy" -version = "0.7.31" +version = "0.7.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1c4061bedbb353041c12f413700357bec76df2c7e2ca8e4df8bac24c6bf68e3d" +checksum = "74d4d3961e53fa4c9a25a8637fc2bfaf2595b3d3ae34875568a5cf64787716be" dependencies = [ "zerocopy-derive", ] [[package]] name = "zerocopy-derive" -version = "0.7.31" +version = "0.7.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b3c129550b3e6de3fd0ba67ba5c81818f9805e58b8d7fee80a3a59d2c9fc601a" +checksum = "9ce1b18ccd8e73a9321186f97e46f9f04b778851177567b1975109d26a08d2a6" dependencies = [ "proc-macro2", "quote", - "syn 2.0.42", + "syn 2.0.43", ] [[package]] @@ -5534,5 +5524,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.42", + "syn 2.0.43", ] diff --git a/migrations/20231222094917_support_gateway_disconnect.down.sql b/migrations/20231222094917_support_gateway_disconnect.down.sql new file mode 100644 index 000000000..3381636e3 --- /dev/null +++ b/migrations/20231222094917_support_gateway_disconnect.down.sql @@ -0,0 +1 @@ +ALTER TABLE wireguard_network_device DROP COLUMN is_authorized; diff --git a/migrations/20231222094917_support_gateway_disconnect.up.sql b/migrations/20231222094917_support_gateway_disconnect.up.sql new file mode 100644 index 000000000..45c49cd96 --- /dev/null +++ b/migrations/20231222094917_support_gateway_disconnect.up.sql @@ -0,0 +1 @@ +ALTER TABLE wireguard_network_device ADD COLUMN is_authorized bool NOT NULL DEFAULT false; diff --git a/migrations/20231227091628_fix_preshared_key.down.sql b/migrations/20231227091628_fix_preshared_key.down.sql new file mode 100644 index 000000000..f3574d87d --- /dev/null +++ b/migrations/20231227091628_fix_preshared_key.down.sql @@ -0,0 +1,4 @@ +ALTER TABLE device ADD COLUMN preshared_key text NULL; + +-- remove previous column +ALTER TABLE wireguard_network_device DROP COLUMN preshared_key; diff --git a/migrations/20231227091628_fix_preshared_key.up.sql b/migrations/20231227091628_fix_preshared_key.up.sql new file mode 100644 index 000000000..41e5db5e0 --- /dev/null +++ b/migrations/20231227091628_fix_preshared_key.up.sql @@ -0,0 +1,4 @@ +ALTER TABLE wireguard_network_device ADD COLUMN preshared_key text NULL; + +-- remove previous column +ALTER TABLE device DROP COLUMN preshared_key; diff --git a/src/bin/defguard.rs b/src/bin/defguard.rs index 851d1831a..59beccd03 100644 --- a/src/bin/defguard.rs +++ b/src/bin/defguard.rs @@ -16,6 +16,7 @@ use defguard::{ init_dev_env, init_vpn_location, mail::{run_mail_handler, Mail}, run_web_server, + wireguard_peer_disconnect::run_periodic_peer_disconnect, wireguard_stats_purge::run_periodic_stats_purge, SERVER_CONFIG, }; @@ -107,8 +108,9 @@ async fn main() -> Result<(), anyhow::Error> { // run services tokio::select! { _ = run_grpc_server(&config, Arc::clone(&worker_state), pool.clone(), Arc::clone(&gateway_state), wireguard_tx.clone(), mail_tx.clone(), grpc_cert, grpc_key, user_agent_parser.clone(), failed_logins.clone()) => (), - _ = run_web_server(&config, worker_state, gateway_state, webhook_tx, webhook_rx, wireguard_tx, mail_tx, pool.clone(), user_agent_parser, failed_logins) => (), + _ = run_web_server(&config, worker_state, gateway_state, webhook_tx, webhook_rx, wireguard_tx.clone(), mail_tx, pool.clone(), user_agent_parser, failed_logins) => (), () = run_mail_handler(mail_rx, pool.clone()) => (), + _ = run_periodic_peer_disconnect(pool.clone(), wireguard_tx) => (), _ = run_periodic_stats_purge(pool, config.stats_purge_frequency.into(), config.stats_purge_threshold.into()), if !config.disable_stats_purge => (), } Ok(()) diff --git a/src/db/models/device.rs b/src/db/models/device.rs index a74df7ce7..eb66adc18 100644 --- a/src/db/models/device.rs +++ b/src/db/models/device.rs @@ -35,7 +35,6 @@ pub struct Device { pub wireguard_pubkey: String, pub user_id: i64, pub created: NaiveDateTime, - pub preshared_key: Option, } impl Display for Device { @@ -59,6 +58,8 @@ pub struct DeviceInfo { pub struct DeviceNetworkInfo { pub network_id: i64, pub device_wireguard_ip: IpAddr, + #[serde(skip_serializing)] + pub preshared_key: Option, } impl DeviceInfo { @@ -70,7 +71,7 @@ impl DeviceInfo { let device_id = device.get_id()?; let network_info = query_as!( DeviceNetworkInfo, - "SELECT wireguard_network_id as network_id, wireguard_ip as \"device_wireguard_ip: IpAddr\" \ + "SELECT wireguard_network_id as network_id, wireguard_ip as \"device_wireguard_ip: IpAddr\", preshared_key \ FROM wireguard_network_device \ WHERE device_id = $1", device_id @@ -165,6 +166,8 @@ pub struct WireguardNetworkDevice { pub wireguard_network_id: i64, pub wireguard_ip: IpAddr, pub device_id: i64, + pub preshared_key: Option, + pub is_authorized: bool, } #[derive(Serialize, Deserialize, Debug)] @@ -186,6 +189,8 @@ impl WireguardNetworkDevice { wireguard_network_id: network_id, wireguard_ip, device_id, + preshared_key: None, + is_authorized: false, } } @@ -195,13 +200,14 @@ impl WireguardNetworkDevice { { query!( "INSERT INTO wireguard_network_device \ - (device_id, wireguard_network_id, wireguard_ip) \ - VALUES ($1, $2, $3) \ + (device_id, wireguard_network_id, wireguard_ip, is_authorized) \ + VALUES ($1, $2, $3, $4) \ ON CONFLICT ON CONSTRAINT device_network \ - DO UPDATE SET wireguard_ip = $3", + DO UPDATE SET wireguard_ip = $3, is_authorized = $4", self.device_id, self.wireguard_network_id, IpNetwork::from(self.wireguard_ip.clone()), + self.is_authorized, ) .execute(executor) .await?; @@ -214,11 +220,12 @@ impl WireguardNetworkDevice { { query!( "UPDATE wireguard_network_device \ - SET wireguard_ip = $3 \ + SET wireguard_ip = $3, is_authorized = $4 \ WHERE device_id = $1 AND wireguard_network_id = $2", self.device_id, self.wireguard_network_id, - IpNetwork::from(self.wireguard_ip.clone()) + IpNetwork::from(self.wireguard_ip.clone()), + self.is_authorized, ) .execute(executor) .await?; @@ -250,8 +257,8 @@ impl WireguardNetworkDevice { { let res = query_as!( Self, - "SELECT device_id, wireguard_network_id, wireguard_ip as \"wireguard_ip: IpAddr\" FROM \ - wireguard_network_device \ + "SELECT device_id, wireguard_network_id, wireguard_ip as \"wireguard_ip: IpAddr\", preshared_key, is_authorized \ + FROM wireguard_network_device \ WHERE device_id = $1 AND wireguard_network_id = $2", device_id, network_id @@ -267,7 +274,7 @@ impl WireguardNetworkDevice { ) -> Result>, SqlxError> { let result = query_as!( Self, - "SELECT device_id, wireguard_network_id, wireguard_ip as \"wireguard_ip: IpAddr\" \ + "SELECT device_id, wireguard_network_id, wireguard_ip as \"wireguard_ip: IpAddr\", preshared_key, is_authorized \ FROM wireguard_network_device WHERE device_id = $1", device_id ) @@ -288,8 +295,8 @@ impl WireguardNetworkDevice { { let res = query_as!( Self, - "SELECT device_id, wireguard_network_id, wireguard_ip as \"wireguard_ip: IpAddr\" FROM \ - wireguard_network_device \ + "SELECT device_id, wireguard_network_id, wireguard_ip as \"wireguard_ip: IpAddr\", preshared_key, is_authorized \ + FROM wireguard_network_device \ WHERE wireguard_network_id = $1", network_id ) @@ -313,19 +320,13 @@ pub enum DeviceError { impl Device { #[must_use] - pub fn new( - name: String, - wireguard_pubkey: String, - preshared_key: Option, - user_id: i64, - ) -> Self { + pub fn new(name: String, wireguard_pubkey: String, user_id: i64) -> Self { Self { id: None, name, wireguard_pubkey, user_id, created: Utc::now().naive_utc(), - preshared_key, } } @@ -391,7 +392,7 @@ impl Device { { query_as!( Self, - "SELECT d.id \"id?\", d.name, d.wireguard_pubkey, d.user_id, d.created, d.preshared_key \ + "SELECT d.id \"id?\", d.name, d.wireguard_pubkey, d.user_id, d.created \ FROM device d \ JOIN wireguard_network_device wnd \ ON d.id = wnd.device_id \ @@ -409,7 +410,7 @@ impl Device { { query_as!( Self, - "SELECT id \"id?\", name, wireguard_pubkey, user_id, created, preshared_key \ + "SELECT id \"id?\", name, wireguard_pubkey, user_id, created \ FROM device WHERE wireguard_pubkey = $1", pubkey ) @@ -424,7 +425,7 @@ impl Device { ) -> Result, SqlxError> { query_as!( Self, - "SELECT device.id \"id?\", name, wireguard_pubkey, user_id, created, preshared_key \ + "SELECT device.id \"id?\", name, wireguard_pubkey, user_id, created \ FROM device JOIN \"user\" ON device.user_id = \"user\".id \ WHERE device.id = $1 AND \"user\".username = $2", id, @@ -441,7 +442,7 @@ impl Device { ) -> Result, SqlxError> { query_as!( Self, - "SELECT device.id \"id?\", name, wireguard_pubkey, user_id, created, preshared_key \ + "SELECT device.id \"id?\", name, wireguard_pubkey, user_id, created \ FROM device JOIN \"user\" ON device.user_id = \"user\".id \ WHERE device.id = $1 AND \"user\".id = $2", id, @@ -475,7 +476,7 @@ impl Device { pub async fn all_for_username(pool: &DbPool, username: &str) -> Result, SqlxError> { query_as!( Self, - "SELECT device.id \"id?\", name, wireguard_pubkey, user_id, created, preshared_key \ + "SELECT device.id \"id?\", name, wireguard_pubkey, user_id, created \ FROM device JOIN \"user\" ON device.user_id = \"user\".id \ WHERE \"user\".username = $1", username @@ -535,6 +536,7 @@ impl Device { let device_network_info = DeviceNetworkInfo { network_id, device_wireguard_ip: wireguard_network_device.wireguard_ip, + preshared_key: wireguard_network_device.preshared_key.clone(), }; network_info.push(device_network_info); @@ -630,7 +632,7 @@ mod test { } // Break loop if IP is unassigned and return device if Self::find_by_ip(pool, ip, network_id).await?.is_none() { - let mut device = Self::new(name.clone(), pubkey, None, user_id); + let mut device = Self::new(name.clone(), pubkey, user_id); device.save(pool).await?; info!("Created device: {}", device.name); debug!("For user: {}", device.user_id); diff --git a/src/db/models/user.rs b/src/db/models/user.rs index 0ad9a3cba..c50328434 100644 --- a/src/db/models/user.rs +++ b/src/db/models/user.rs @@ -633,7 +633,7 @@ impl User { if let Some(id) = self.id { let devices = query_as!( Device, - "SELECT device.id \"id?\", name, wireguard_pubkey, user_id, created, preshared_key \ + "SELECT device.id \"id?\", name, wireguard_pubkey, user_id, created \ FROM device WHERE user_id = $1", id ) diff --git a/src/db/models/wireguard.rs b/src/db/models/wireguard.rs index ab58d69ca..a8107b436 100644 --- a/src/db/models/wireguard.rs +++ b/src/db/models/wireguard.rs @@ -311,18 +311,18 @@ impl WireguardNetwork { // devices need to be filtered by allowed group Some(allowed_groups) => { query_as!( - Device, - "SELECT DISTINCT ON (d.id) d.id as \"id?\", d.name, d.wireguard_pubkey, d.user_id, d.created, d.preshared_key \ - FROM device d \ - JOIN \"user\" u ON d.user_id = u.id \ - JOIN group_user gu ON u.id = gu.user_id \ - JOIN \"group\" g ON gu.group_id = g.id \ - WHERE g.\"name\" IN (SELECT * FROM UNNEST($1::text[])) - ORDER BY d.id ASC", - &allowed_groups - ) - .fetch_all(&mut *transaction) - .await? + Device, + "SELECT DISTINCT ON (d.id) d.id as \"id?\", d.name, d.wireguard_pubkey, d.user_id, d.created \ + FROM device d \ + JOIN \"user\" u ON d.user_id = u.id \ + JOIN group_user gu ON u.id = gu.user_id \ + JOIN \"group\" g ON gu.group_id = g.id \ + WHERE g.\"name\" IN (SELECT * FROM UNNEST($1::text[])) + ORDER BY d.id ASC", + &allowed_groups + ) + .fetch_all(&mut *transaction) + .await? }, // all devices are allowed None => { @@ -429,6 +429,7 @@ impl WireguardNetwork { network_info: vec![DeviceNetworkInfo { network_id, device_wireguard_ip: wireguard_network_device.wireguard_ip, + preshared_key: wireguard_network_device.preshared_key, }], })); } @@ -447,6 +448,7 @@ impl WireguardNetwork { network_info: vec![DeviceNetworkInfo { network_id, device_wireguard_ip: device_network_config.wireguard_ip, + preshared_key: device_network_config.preshared_key, }], })); } else { @@ -467,6 +469,7 @@ impl WireguardNetwork { network_info: vec![DeviceNetworkInfo { network_id, device_wireguard_ip: wireguard_network_device.wireguard_ip, + preshared_key: wireguard_network_device.preshared_key, }], })); } @@ -525,6 +528,7 @@ impl WireguardNetwork { network_info: vec![DeviceNetworkInfo { network_id, device_wireguard_ip: wireguard_network_device.wireguard_ip, + preshared_key: wireguard_network_device.preshared_key, }], })); } @@ -569,7 +573,6 @@ impl WireguardNetwork { let mut device = Device::new( mapped_device.name.clone(), mapped_device.wireguard_pubkey.clone(), - None, mapped_device.user_id, ); device.save(&mut *transaction).await?; @@ -603,6 +606,7 @@ impl WireguardNetwork { network_info.push(DeviceNetworkInfo { network_id, device_wireguard_ip: wireguard_network_device.wireguard_ip, + preshared_key: wireguard_network_device.preshared_key, }); } Some(allowed) => { @@ -618,6 +622,7 @@ impl WireguardNetwork { network_info.push(DeviceNetworkInfo { network_id, device_wireguard_ip: wireguard_network_device.wireguard_ip, + preshared_key: wireguard_network_device.preshared_key, }); } } @@ -783,7 +788,7 @@ impl WireguardNetwork { ORDER BY device_id, latest_handshake DESC \ ) \ SELECT \ - d.id \"id?\", d.name, d.wireguard_pubkey, d.user_id, d.created, d.preshared_key \ + d.id \"id?\", d.name, d.wireguard_pubkey, d.user_id, d.created \ FROM device d \ JOIN s ON d.id = s.device_id \ WHERE s.latest_handshake >= $1 AND s.network = $2", @@ -1105,7 +1110,7 @@ mod test { None, ); user.save(&pool).await.unwrap(); - let mut device = Device::new(String::new(), String::new(), None, user.id.unwrap()); + let mut device = Device::new(String::new(), String::new(), user.id.unwrap()); device.save(&pool).await.unwrap(); // insert stats @@ -1155,7 +1160,7 @@ mod test { None, ); user.save(&pool).await.unwrap(); - let mut device = Device::new(String::new(), String::new(), None, user.id.unwrap()); + let mut device = Device::new(String::new(), String::new(), user.id.unwrap()); device.save(&pool).await.unwrap(); // insert stats diff --git a/src/grpc/enrollment.rs b/src/grpc/enrollment.rs index a7fe62836..5b055e2d5 100644 --- a/src/grpc/enrollment.rs +++ b/src/grpc/enrollment.rs @@ -320,7 +320,7 @@ impl enrollment_service_server::EnrollmentService for EnrollmentServer { error!("Invalid pubkey {}", request.pubkey); Status::invalid_argument("invalid pubkey") })?; - let mut device = Device::new(request.name, request.pubkey, None, enrollment.user_id); + let mut device = Device::new(request.name, request.pubkey, enrollment.user_id); let mut transaction = self.pool.begin().await.map_err(|_| { error!("Failed to begin transaction"); diff --git a/src/grpc/gateway.rs b/src/grpc/gateway.rs index 6f5b83bbd..328734daa 100644 --- a/src/grpc/gateway.rs +++ b/src/grpc/gateway.rs @@ -35,7 +35,10 @@ pub struct GatewayServer { } impl WireguardNetwork { - /// Get a list of all peers + /// Get a list of all allowed peers + /// + /// Each device is marked as allowed or not allowed in a given network, + /// which enables enforcing peer disconnect in MFA-protected networks. pub async fn get_peers<'e, E>(&self, executor: E) -> Result, SqlxError> where E: PgExecutor<'e>, @@ -46,9 +49,10 @@ impl WireguardNetwork { array[host(wnd.wireguard_ip)] as \"allowed_ips!: Vec\" \ FROM wireguard_network_device wnd \ JOIN device d ON wnd.device_id = d.id \ - WHERE wireguard_network_id = $1 \ + WHERE wireguard_network_id = $1 AND (is_authorized = true OR NOT $2) \ ORDER BY d.id ASC", self.id, + self.mfa_enabled ) .fetch_all(executor) .await?; @@ -230,7 +234,7 @@ impl GatewayUpdatesHandler { Peer { pubkey: device.device.wireguard_pubkey, allowed_ips: vec![network_info.device_wireguard_ip.to_string()], - preshared_key: device.device.preshared_key, + preshared_key: network_info.preshared_key.clone(), keepalive_interval: Some( self.network.keepalive_interval as u32, ), @@ -254,7 +258,7 @@ impl GatewayUpdatesHandler { Peer { pubkey: device.device.wireguard_pubkey, allowed_ips: vec![network_info.device_wireguard_ip.to_string()], - preshared_key: device.device.preshared_key, + preshared_key: network_info.preshared_key.clone(), keepalive_interval: Some( self.network.keepalive_interval as u32, ), @@ -515,6 +519,7 @@ impl gateway_service_server::GatewayService for GatewayServer { info!("Sending configuration to gateway client, network {network}."); + // store connected gateway in memory { let mut state = self.state.lock().unwrap(); state.add_gateway( diff --git a/src/handlers/wireguard.rs b/src/handlers/wireguard.rs index 7096e2a88..96cbc6b00 100644 --- a/src/handlers/wireguard.rs +++ b/src/handlers/wireguard.rs @@ -488,7 +488,7 @@ pub async fn add_device( let Some(user_id) = user.id else { return Err(WebError::ModelError("User has no id".to_string())); }; - let mut device = Device::new(add_device.name, add_device.wireguard_pubkey, None, user_id); + let mut device = Device::new(add_device.name, add_device.wireguard_pubkey, user_id); let mut transaction = appstate.pool.begin().await?; device.save(&mut *transaction).await?; @@ -599,6 +599,7 @@ pub async fn modify_device( let device_network_info = DeviceNetworkInfo { network_id, device_wireguard_ip: wireguard_network_device.wireguard_ip, + preshared_key: wireguard_network_device.preshared_key, }; network_info.push(device_network_info); } diff --git a/src/lib.rs b/src/lib.rs index ed0fdc81b..51c902410 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -115,6 +115,7 @@ pub mod secret; pub mod support; pub mod templates; pub mod wg_config; +pub mod wireguard_peer_disconnect; pub mod wireguard_stats_purge; #[macro_use] @@ -441,7 +442,6 @@ pub async fn init_dev_env(config: &DefGuardConfig) { let mut device = Device::new( "TestDevice".to_string(), "gQYL5eMeFDj0R+lpC7oZyIl0/sNVmQDC6ckP7husZjc=".to_string(), - None, 1, ); device diff --git a/src/wireguard_peer_disconnect.rs b/src/wireguard_peer_disconnect.rs new file mode 100644 index 000000000..ea025cb8f --- /dev/null +++ b/src/wireguard_peer_disconnect.rs @@ -0,0 +1,126 @@ +//! This module implements a functionality of disconnecting inactive peers +//! in MFA-protected locations. +//! If a device does not disconnect explicitly and just becomes inactive +//! it should be removed from gateway configuration and marked as "not allowed", +//! which enforces an authentication requirement to connect again. + +use crate::db::{ + models::{ + device::{DeviceInfo, DeviceNetworkInfo, WireguardNetworkDevice}, + error::ModelError, + wireguard::WireguardNetworkError, + }, + DbPool, Device, GatewayEvent, WireguardNetwork, +}; +use sqlx::{query_as, Error as SqlxError}; +use std::time::Duration; +use thiserror::Error; +use tokio::{sync::broadcast::Sender, time::sleep}; + +// How long to sleep between loop iterations +const DISCONNECT_LOOP_SLEEP_SECONDS: u64 = 180; // 3 minutes + +#[derive(Debug, Error)] +pub enum PeerDisconnectError { + #[error(transparent)] + DbError(#[from] SqlxError), + #[error(transparent)] + ModelError(#[from] ModelError), + #[error(transparent)] + WireguardError(#[from] WireguardNetworkError), + #[error("Failed to send gateway event: {0}")] + EventError(String), +} + +/// Run periodic disconnect task +/// +/// Run with a specified frequency and disconnect all inactive peers in MFA-protected locations. +pub async fn run_periodic_peer_disconnect( + pool: DbPool, + wireguard_tx: Sender, +) -> Result<(), PeerDisconnectError> { + info!("Starting periodic disconnect of inactive devices in MFA-protected locations"); + loop { + debug!("Starting periodic inactive device disconnect"); + + // get all MFA-protected locations + let locations = query_as!( + WireguardNetwork, + "SELECT \ + id as \"id?\", name, address, port, pubkey, prvkey, endpoint, dns, allowed_ips, \ + connected_at, mfa_enabled, keepalive_interval, peer_disconnect_threshold \ + FROM wireguard_network WHERE mfa_enabled = true", + ) + .fetch_all(&pool) + .await?; + + // loop over all locations + for location in locations { + debug!("Fetching inactive devices for location {location}"); + let location_id = location.get_id()?; + let devices = query_as!( + Device, + "WITH stats AS ( \ + SELECT DISTINCT ON (device_id) device_id, endpoint, latest_handshake \ + FROM wireguard_peer_stats \ + WHERE network = $1 \ + ORDER BY device_id, collected_at DESC \ + ) \ + SELECT d.id as \"id?\", d.name, d.wireguard_pubkey, d.user_id, d.created \ + FROM device d \ + JOIN wireguard_network_device wnd ON wnd.device_id = d.id \ + LEFT JOIN stats on d.id = stats.device_id \ + WHERE wnd.wireguard_network_id = $1 AND wnd.is_authorized = true AND (NOW() - stats.latest_handshake) > $2 * interval '1 second'", + location_id, + location.peer_disconnect_threshold as f64 + ) + .fetch_all(&pool) + .await?; + + for device in devices { + debug!("Processing inactive device {device}"); + let device_id = device.get_id()?; + + // start transaction + let mut transaction = pool.begin().await?; + + // get network config for device + if let Some(mut device_network_config) = + WireguardNetworkDevice::find(&mut *transaction, device_id, location_id).await? + { + info!("Marking device {device} as not authorized to connect to location {location}"); + // change `is_authorized` value for device + device_network_config.is_authorized = false; + // clear `preshared_key` value + device_network_config.preshared_key = None; + device_network_config.update(&mut *transaction).await?; + + debug!("Sending `peer_delete` message to gateway"); + let device_info = DeviceInfo { + device, + network_info: vec![DeviceNetworkInfo { + network_id: location_id, + device_wireguard_ip: device_network_config.wireguard_ip, + preshared_key: device_network_config.preshared_key, + }], + }; + let event = GatewayEvent::DeviceDeleted(device_info); + wireguard_tx.send(event).map_err(|err| { + error!("Error sending WireGuard event: {err}"); + PeerDisconnectError::EventError(err.to_string()) + })?; + } else { + error!("Network config for device {device} in location {location} not found. Skipping device..."); + continue; + } + + // commit transaction + transaction.commit().await?; + } + } + + // wait till next iteration + debug!("Sleeping until next iteration"); + sleep(Duration::from_secs(DISCONNECT_LOOP_SLEEP_SECONDS)).await; + } +} diff --git a/tests/wireguard_network_allowed_groups.rs b/tests/wireguard_network_allowed_groups.rs index 4b8c53ab9..0822163a6 100644 --- a/tests/wireguard_network_allowed_groups.rs +++ b/tests/wireguard_network_allowed_groups.rs @@ -30,7 +30,6 @@ async fn setup_test_users(pool: &DbPool) -> (Vec, Vec) { let mut admin_device = Device::new( "admin device".into(), "nst4lmZz9kPTq6OdeQq2G2th3n+QneHKmG1wJJ3Jrq0=".into(), - None, admin_user.id.unwrap(), ); admin_device.save(pool).await.unwrap(); @@ -46,7 +45,6 @@ async fn setup_test_users(pool: &DbPool) -> (Vec, Vec) { let mut test_device = Device::new( "test device".into(), "wYOt6ImBaQ3BEMQ3Xf5P5fTnbqwOvjcqYkkSBt+1xOg=".into(), - None, test_user.id.unwrap(), ); test_device.save(pool).await.unwrap(); @@ -70,7 +68,6 @@ async fn setup_test_users(pool: &DbPool) -> (Vec, Vec) { let mut other_device = Device::new( "other device".into(), "v2U14sjNN4tOYD3P15z0WkjriKY9Hl85I3vIEPomrYs=".into(), - None, other_user.id.unwrap(), ); other_device.save(pool).await.unwrap(); @@ -90,7 +87,6 @@ async fn setup_test_users(pool: &DbPool) -> (Vec, Vec) { let mut non_group_device = Device::new( "non group device".into(), "6xmL/jRuxmzQ3J2/kVZnKnh+6dwODcEEczmmkIKU4sM=".into(), - None, non_group_user.id.unwrap(), ); non_group_device.save(pool).await.unwrap(); diff --git a/tests/wireguard_network_import.rs b/tests/wireguard_network_import.rs index aeeb7e4f8..9ddbcc91b 100644 --- a/tests/wireguard_network_import.rs +++ b/tests/wireguard_network_import.rs @@ -65,7 +65,6 @@ async fn test_config_import() { let mut device_1 = Device::new( "test device".into(), "l07+qPWs4jzW3Gp1DKbHgBMRRm4Jg3q2BJxw0ZYl6c4=".into(), - None, 1, ); device_1.save(&mut *transaction).await.unwrap(); @@ -77,7 +76,6 @@ async fn test_config_import() { let mut device_2 = Device::new( "another test device".into(), "v2U14sjNN4tOYD3P15z0WkjriKY9Hl85I3vIEPomrYs=".into(), - None, 1, ); device_2.save(&mut *transaction).await.unwrap();