A new /cron endpoint has been introduced, which triggers a cleanup routine.
The cleanup routine loops over all existing clients and deletes all that are
older than the value configured in config.ini.
Periodically calling the cron endpoint is the responsibility of the server admin.
Basically all configuration variables are set in the if block governed by
the existence of config.ini. If the file already exists, the script would
quickly run into uninitialized variables and crash. The script will now
refuse to proceed if config.ini exists.
The UserInfo endpoint is for fetching the users profile (name, email, phone number, picture, and so on). Token introspection is for inspecting the access token and determining the authorities the user has (subject (principal), entitlements, and scopes granted).
Also made a small change to the python startup handling, ensuring that
there is always a tunnel configuration file as soon as the service
successfully starts for the first time.
The information is sent via the cookie 'server_settings'. The value is a
base64-encoded json object containing the data necessary
for site-specific customization.
Also fixed a bug that was preventing the 'add new client' button from being
disabled when the client limit is reached.
- The create button is now disabled when reaching the client limit
- The client list is now always sorted by case-insensitive config name
- Focus moves to the form when opening a dialog
- Fixed some inconsistent use of snake_case vs perlCase
If configured, anyone missing the required entitlement will now be denied
access to the application and its api endpoints. If unset, any authenticated
user is accepted.
Config id:s must now match the regex ^[A-Za-z0-9-]$ in order to be considered
valid. Also rearranged early declarations to make more sense and removed
some dead code.
- Created commands.sh, which is now responsible for all operations that
require root permissions: addin/deleting routes and reloading wireguard
- Added creation and deletion of routes when creating or deleting a client.
This *feels* like a bug in wg-quick, considering that the routes are
created/deleted as expected on start/stop. Reload informs wireguard of a
peer's existence but fails to set routes. For now, this is
a suitable workaround.
