Merge remote-tracking branch 'wg-easy/master'

Dartegnian · Mar 24, 2024 · e4144f1 · e4144f1
2 parents ecc26c1 + 62703ff
commit e4144f1
Show file tree

Hide file tree

Showing 26 changed files with 1,936 additions and 1,242 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,7 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    rebase-strategy: "auto"
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -12,6 +12,7 @@ jobs:
   analyze:
     name: Analyze
     runs-on: ubuntu-latest
+    if: github.repository_owner == 'wg-easy'
     permissions:
       actions: read
       contents: read

diff --git a/.github/workflows/deploy-development.yml b/.github/workflows/deploy-development.yml
@@ -2,11 +2,13 @@ name: Build & Publish Development
 
 on:
   workflow_dispatch:
+  pull_request:
 
 jobs:
   deploy:
     name: Build & Deploy
     runs-on: ubuntu-latest
+    if: github.repository_owner == 'wg-easy'
     permissions:
       packages: write
       contents: read

diff --git a/.github/workflows/deploy-pr.yml b/.github/workflows/deploy-pr.yml
@@ -0,0 +1,38 @@
+name: Build Pull Request
+
+on:
+  workflow_dispatch:
+  pull_request:
+
+jobs:
+  deploy:
+    name: Build & Deploy
+    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wg-easy'
+    permissions:
+      packages: write
+      contents: read
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        ref: production
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Build Docker Image
+      uses: docker/build-push-action@v5
+      with:
+        push: false
+        platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8
+        tags: ghcr.io/wg-easy/wg-easy:pr
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -11,6 +11,7 @@ jobs:
   lint:
     name: Lint
     runs-on: ubuntu-latest
+    if: github.repository_owner == 'wg-easy'
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4

diff --git a/.github/workflows/npm-update-bot.yml b/.github/workflows/npm-update-bot.yml
@@ -4,12 +4,13 @@ on:
   push:
     branches: [ "master" ]
   schedule:
-    - cron: "0 0 * * *"
+    - cron: "0 0 * * 1"
 
 jobs:
   npmupbot:
     name: NPM Update Bot 🤖
     runs-on: ubuntu-latest
+    if: github.repository_owner == 'wg-easy'
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4

diff --git a/Dockerfile b/Dockerfile
@@ -6,7 +6,8 @@ FROM docker.io/library/node:18-alpine AS build_node_modules
 # Copy Web UI
 COPY src/ /app/
 WORKDIR /app
-RUN npm ci --omit=dev
+RUN npm ci --omit=dev &&\
+    mv node_modules /node_modules
 
 # Copy build result to a new image.
 # This saves a lot of disk space.
@@ -20,10 +21,15 @@ COPY --from=build_node_modules /app /app
 # Also, some node_modules might be native, and
 # the architecture & OS of your development machine might differ
 # than what runs inside of docker.
-RUN mv /app/node_modules /node_modules
-
-# Enable this to run `npm run serve`
-RUN npm i -g nodemon
+COPY --from=build_node_modules /node_modules /node_modules
+
+RUN \
+    # Enable this to run `npm run serve`
+    npm i -g nodemon &&\
+    # Workaround CVE-2023-42282
+    npm uninstall -g ip &&\
+    # Delete unnecessary files 
+    npm cache clean --force && rm -rf ~/.npm
 
 # Install Linux packages
 RUN apk add --no-cache \

diff --git a/README.md b/README.md
@@ -27,6 +27,8 @@ You have found the easiest way to install & manage WireGuard on any Linux host!
 * Tx/Rx charts for each connected client.
 * Gravatar support.
 * Automatic Light / Dark Mode
+* Multilanguage Support
+* UI_TRAFFIC_STATS (default off)
 
 ## Requirements
 
@@ -40,9 +42,9 @@ You have found the easiest way to install & manage WireGuard on any Linux host!
 If you haven't installed Docker yet, install it by running:
 
 ```bash
-$ curl -sSL https://get.docker.com | sh
-$ sudo usermod -aG docker $(whoami)
-$ exit
+curl -sSL https://get.docker.com | sh
+sudo usermod -aG docker $(whoami)
+exit
 ```
 
 And log in again.
@@ -76,6 +78,10 @@ The Web UI will now be available on `http://0.0.0.0:51821`.
 
 > 💡 Your configuration files will be saved in `~/.wg-easy`
 
+WireGuard Easy can be launched with Docker Compose as well - just download
+[`docker-compose.yml`](docker-compose.yml), make necessary adjustments and
+execute `docker compose up --detach`.
+
 ### 3. Sponsor
 
 Are you enjoying this project? [Buy Emile a beer!](https://github.com/sponsors/WeeJeWel) 🍻
@@ -101,6 +107,8 @@ These options can be configured by setting environment variables using `-e KEY="
 | `WG_POST_UP` | `...` | `iptables ...` | See [config.js](https://github.com/wg-easy/wg-easy/blob/master/src/config.js#L20) for the default value. |
 | `WG_PRE_DOWN` | `...` | - | See [config.js](https://github.com/wg-easy/wg-easy/blob/master/src/config.js#L27) for the default value. |
 | `WG_POST_DOWN` | `...` | `iptables ...` | See [config.js](https://github.com/wg-easy/wg-easy/blob/master/src/config.js#L28) for the default value. |
+| `LANG` | `en` | `de` | Web UI language (Supports: en, ua, ru, tr, no, pl, fr, de, ca, es, ko, vi, nl, is, pt, chs, cht, it, th, hi). |
+| `UI_TRAFFIC_STATS` | `false` | `true` | Enable detailed RX / TX client stats in Web UI |
 
 > If you change `WG_PORT`, make sure to also change the exposed port.
 
@@ -116,6 +124,16 @@ docker pull dartegnian/wg-easy-m3
 
 And then run the `docker run -d \ ...` command above again.
 
+To update using Docker Compose:
+
+```shell
+docker compose pull
+docker compose up --detach
+```
+
+The WireGuared Easy container will be automatically recreated if a newer image
+was pulled.
+
 ## Common Use Cases
 
 * [Using WireGuard-Easy with Pi-Hole](https://github.com/wg-easy/wg-easy/wiki/Using-WireGuard-Easy-with-Pi-Hole)

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -6,7 +6,7 @@ services:
   wg-easy-m3:
     environment:
       # Change Language:
-      # (Supports: en, ru, tr, no, pl, fr, de)
+      # (Supports: en, ua, ru, tr, no, pl, fr, de, ca, es, ko, vi, nl, is, pt, chs, cht, it, th, hi)
       - LANG=en
       # ⚠️ Required:
       # Change this to your host's public address
@@ -24,7 +24,9 @@ services:
       # - WG_POST_UP=echo "Post Up" > /etc/wireguard/post-up.txt
       # - WG_PRE_DOWN=echo "Pre Down" > /etc/wireguard/pre-down.txt
       # - WG_POST_DOWN=echo "Post Down" > /etc/wireguard/post-down.txt
-
+      # - UI_TRAFFIC_STATS=true
+      # - UI_CHART_TYPE=0 (0 # Charts disabled, 1 # Line chart, 2 # Area chart, 3 # Bar chart)
+
     image: dartegnian/wg-easy-m3
     container_name: wg-easy-m3
     volumes:

diff --git a/docs/changelog.json b/docs/changelog.json
@@ -8,6 +8,7 @@
   "7": "Improved the look & performance of the upload/download chart.",
   "8": "Updated to Node.js v18.",
   "9": "Fixed issue running on devices with older kernels.",
-  "10": "Added sessionless HTTP API auth & automatic dark mode."
-  "11": "Multilanguage Support & various bugfixes"
+  "10": "Added sessionless HTTP API auth & automatic dark mode.",
+  "11": "Multilanguage Support & various bugfixes",
+  "12": "UI_TRAFFIC_STATS, Import json configurations with no PreShared-Key, allow clients with no privateKey & more."
 }
diff --git a/src/config.js b/src/config.js
@@ -3,15 +3,15 @@
 const { release } = require('./package.json');
 
 module.exports.RELEASE = release;
-module.exports.PORT = process.env.PORT || 51821;
+module.exports.PORT = process.env.PORT || '51821';
 module.exports.WEBUI_HOST = process.env.WEBUI_HOST || '0.0.0.0';
 module.exports.PASSWORD = process.env.PASSWORD;
 module.exports.WG_PATH = process.env.WG_PATH || '/etc/wireguard/';
 module.exports.WG_DEVICE = process.env.WG_DEVICE || 'eth0';
 module.exports.WG_HOST = process.env.WG_HOST;
-module.exports.WG_PORT = process.env.WG_PORT || 51820;
+module.exports.WG_PORT = process.env.WG_PORT || '51820';
 module.exports.WG_MTU = process.env.WG_MTU || null;
-module.exports.WG_PERSISTENT_KEEPALIVE = process.env.WG_PERSISTENT_KEEPALIVE || 0;
+module.exports.WG_PERSISTENT_KEEPALIVE = process.env.WG_PERSISTENT_KEEPALIVE || '0';
 module.exports.WG_DEFAULT_ADDRESS = process.env.WG_DEFAULT_ADDRESS || '10.8.0.x';
 module.exports.WG_DEFAULT_DNS = typeof process.env.WG_DEFAULT_DNS === 'string'
   ? process.env.WG_DEFAULT_DNS
@@ -27,5 +27,12 @@ iptables -A FORWARD -o wg0 -j ACCEPT;
 `.split('\n').join(' ');
 
 module.exports.WG_PRE_DOWN = process.env.WG_PRE_DOWN || '';
-module.exports.WG_POST_DOWN = process.env.WG_POST_DOWN || '';
+module.exports.WG_POST_DOWN = process.env.WG_POST_DOWN || `
+iptables -t nat -D POSTROUTING -s ${module.exports.WG_DEFAULT_ADDRESS.replace('x', '0')}/24 -o ${module.exports.WG_DEVICE} -j MASQUERADE;
+iptables -D INPUT -p udp -m udp --dport 51820 -j ACCEPT;
+iptables -D FORWARD -i wg0 -j ACCEPT;
+iptables -D FORWARD -o wg0 -j ACCEPT;
+`.split('\n').join(' ');
 module.exports.LANG = process.env.LANG || 'en';
+module.exports.UI_TRAFFIC_STATS = process.env.UI_TRAFFIC_STATS || 'false';
+module.exports.UI_CHART_TYPE = process.env.UI_CHART_TYPE || 0;