DMC/wg-selfserve
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
98 Commits 2 Branches 0 Tags
Commit Graph

98 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Thuning
4d25833a25 Bumped query arguments to script and css files 
This will force clients to fetch the latest version
 2025-05-14 11:47:02 +02:00
Erik Thuning
04bbe17b48 Added a VPN status banner 
The banner calls ip.dsv.su.se and uses the returned information to determine
whether the client is using a VPN connection.
 2025-05-14 11:44:02 +02:00
Erik Thuning
45f4e31e45 Removed dead code 2025-05-14 10:44:05 +02:00
Erik Thuning
5c2419eef5 Avoid WSOD on access denied 2025-04-01 12:53:46 +02:00
Erik Thuning
0278f4f04b Ensuring no cache issues 2025-03-28 16:09:51 +01:00
Erik Thuning
c24d3405d2 App no longer flashes the uninitialized page before auth 2025-03-28 16:08:03 +01:00
Erik Thuning
c1538a8912 Moved qr code generation to server side in order to get more compatible codes 2025-03-28 15:44:59 +01:00
Erik Thuning
409123b038 Rearranged client population code to be more legible 
Also changed the css to use a class instead of svg elements directly.
This makes it easier to switch libraries for qr generation.
 2025-03-28 13:38:31 +01:00
Erik Thuning
098e380436 FIX: Accidentally put the version query on the wrong file 2025-03-28 13:29:08 +01:00
Erik Thuning
8b2baba214 QR codes: Lowered error correction level and set them to crisp rendering 
Hopefully this should make it easier to scan the codes when the config
data is very large.
 2025-03-28 11:04:59 +01:00
Erik Thuning
1eaf180fbe Adding a fake query string to css and js includes to avoid cache issues 2025-03-27 15:30:35 +01:00
Erik Thuning
8a47e99ae2 Explicitly unsetting height and width on qr codes 
This to make them scale properly when zooming the page
 2025-03-27 15:28:52 +01:00
Erik Thuning
e5d1b9809e Apparently wg-quick did handle the routes correctly after all? 2025-03-26 16:27:41 +01:00
Erik Thuning
580b10137f Typo + oversight 2025-03-26 15:59:07 +01:00
Erik Thuning
184d914107 Implemented adding of routes for all clients on startup 2025-03-26 15:55:13 +01:00
Erik Thuning
670c88c7f3 Added display of expiration date to the user interface 
Also stopped ever displaying creation time and rearranged some CSS
 2025-03-26 15:34:55 +01:00
Erik Thuning
ca3d536868 Added support for limited client validity 
A new /cron endpoint has been introduced, which triggers a cleanup routine.
The cleanup routine loops over all existing clients and deletes all that are
older than the value configured in config.ini.

Periodically calling the cron endpoint is the responsibility of the server admin.
 2025-03-26 13:30:53 +01:00
Erik Thuning
20107335d8 Simplified calls reading and writing json 2025-03-25 16:40:01 +01:00
Erik Thuning
3f0280d3ca Removed obsolete import 2025-03-24 16:17:57 +01:00
Erik Thuning
4ba871c49e Set a static flask application name 2025-03-24 16:16:13 +01:00
Erik Thuning
23941176ba FIX: setup script would crash if proceeding when config file exists 
Basically all configuration variables are set in the if block governed by
the existence of config.ini. If the file already exists, the script would
quickly run into uninitialized variables and crash. The script will now
refuse to proceed if config.ini exists.
 2025-03-24 15:28:31 +01:00
Erik Thuning
a399fd11a5 Added setup script. As of yet untested. 2025-03-24 15:21:49 +01:00
erth9960
dcacd0cc1d Merge pull request 'Switch from OIDC UserInfo to OAuth 2.0 Token Introspection' (#1) from token-introspection into main 
Reviewed-on: #1
 2025-03-24 13:59:07 +01:00
Erik Thuning
69fd819ee5 FIX: bad syntax when looking up dict key 2025-03-24 13:20:10 +01:00
Andreas Svanberg
dce824b5dd
Switch from OIDC UserInfo to OAuth 2.0 Token Introspection 
The UserInfo endpoint is for fetching the users profile (name, email, phone number, picture, and so on). Token introspection is for inspecting the access token and determining the authorities the user has (subject (principal), entitlements, and scopes granted).
 2025-03-24 11:03:03 +01:00
Erik Thuning
09babb829a FIX: case mismatch when comparing strings 2025-03-21 11:53:14 +01:00
Erik Thuning
9210504195 Whitespace 2025-03-11 16:58:42 +01:00
Erik Thuning
1878620eba Starting the service is usually a good plan 2025-03-11 16:53:36 +01:00
Erik Thuning
5a14f225b4 Added documentation for setting up the service. 
Also made a small change to the python startup handling, ensuring that
there is always a tunnel configuration file as soon as the service
successfully starts for the first time.
 2025-03-11 16:31:59 +01:00
Erik Thuning
5c783d95aa Started logging client creation/deletion directly to syslog 2025-03-06 15:48:41 +01:00
Erik Thuning
4438270e78 Stylistic changes 
Optional keys are now denoted as optionalat the strat of the comment block
instead of at the end.
 2025-03-06 15:08:49 +01:00
Erik Thuning
e9f180805a Started sending some serverside configuration to the client-side javascript 
The information is sent via the cookie 'server_settings'. The value is a
base64-encoded json object containing the data necessary
for site-specific customization.

Also fixed a bug that was preventing the 'add new client' button from being
disabled when the client limit is reached.
 2025-03-06 15:08:37 +01:00
Erik Thuning
ebc430407a Added rudimentary logging 
Only logging creation and deletion of configs for the time being,
log goes straight to stdout
 2025-03-04 15:30:11 +01:00
Erik Thuning
c72d079342 Fixing a wireguard warning 
by setting restrictive access to the interface config file.
 2025-03-04 14:06:24 +01:00
Erik Thuning
b6865f9635 Working around an issue with configparser insisting on a default section 2025-03-04 14:02:25 +01:00
Erik Thuning
f43aa53ca8 Added support for multiple entitlements granting site access 2025-03-04 13:53:56 +01:00
Erik Thuning
ee83905291 Typo 2025-03-04 13:28:49 +01:00
Erik Thuning
edcabb3160 Configparser does some interpolations by default 
They interfere with wildcards passed to wireguard, so disabling it.
 2025-03-04 13:27:09 +01:00
Erik Thuning
44dad4430c Fixed a type error 2025-03-04 13:12:38 +01:00
Erik Thuning
27b7b5d7de Made user_client_limit be truly optional in config.ini 2025-03-04 13:10:21 +01:00
Erik Thuning
f0169b89bb Accidentally committed some debug changes, reverting 2025-03-04 13:06:07 +01:00
Erik Thuning
dc051e9439 Implemented support for configurable client configuration fragments 2025-03-04 13:05:51 +01:00
Erik Thuning
49abf8ad21 Implemented handling of client limits, and some general tweaks 
- The create button is now disabled when reaching the client limit
 - The client list is now always sorted by case-insensitive config name
 - Focus moves to the form when opening a dialog
 - Fixed some inconsistent use of snake_case vs perlCase
 2025-03-04 11:14:02 +01:00
Erik Thuning
d8dcbc6d6b Improved page accessibility 2025-03-04 11:12:22 +01:00
Erik Thuning
c886a7b32c Implemented support for limiting number of clients per user 
The setting is global for all users and optional.
 2025-03-03 13:49:42 +01:00
Erik Thuning
d56e5e2cb2 Folded all failure responses into a single function 2025-03-03 13:15:52 +01:00
Erik Thuning
311ae0276e Implemented support for entitlements-based access control 
If configured, anyone missing the required entitlement will now be denied
access to the application and its api endpoints. If unset, any authenticated
user is accepted.
 2025-02-27 17:25:32 +01:00
Erik Thuning
a636f4f84a Apparently shell=True caused problems instead of solving them 2025-02-27 15:35:44 +01:00
Erik Thuning
59ae5f96a5 Fixed a typo and hopefully prevented sudo issues with shell=True 2025-02-27 15:29:25 +01:00
Erik Thuning
9b925faec3 Updated example config file to reflect reality 2025-02-27 15:26:23 +01:00