wg-admin 0.0.2

data/lib/wire_guard/admin/cli/clients.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+require 'thor'
+
+module WireGuard
+  module Admin
+    #
+    # Commands for working with clients
+    #
+    class Clients < Thor
+      extend ClassHelpers
+      include InstanceHelpers
+
+      # rubocop:disable Metrics/AbcSize
+      desc 'add NAME', 'Adds a new client with the given NAME'
+      long_desc 'Adds a new client to the configuration database.'
+      method_option :network, desc: 'network', aliases: '-n', default: default_network
+      method_option :ip, desc: 'the IP address of the new client', aliases: '-i', required: false
+      def add(name)
+        warn "Using database #{repository.path}" if options[:verbose]
+        client = Client.new(name: name, ip: ip)
+        repository.add_peer(network, client)
+        if options[:verbose]
+          warn 'New client was successfully added:'
+          warn ''
+          warn client
+        end
+      rescue StandardError => e
+        raise Thor::Error, "Error: #{e.message}"
+      end
+
+      desc 'list', 'Lists all clients'
+      long_desc 'For a given network, lists all clients in the configuration database.'
+      method_option :network, desc: 'network', aliases: '-n', default: default_network
+      def list
+        if options[:verbose]
+          warn "Using database #{repository.path}"
+          warn "No clients in network #{network}." if repository.networks.empty?
+        end
+        repository.clients(network).each do |client|
+          puts client
+        end
+      rescue StandardError => e
+        raise Thor::Error, "Error: #{e.message}"
+      end
+      # rubocop:enable Metrics/AbcSize
+    end
+  end
+end

data/lib/wire_guard/admin/cli/helpers.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+# TODO: Check ~/workspace/rtc-cli/test/test_helper.rb on how to improve this
+
+module WireGuard
+  module Admin
+    #
+    # Shared class methods
+    #
+    module ClassHelpers
+      def default_network
+        if repository.networks.size != 1
+          ENV['WG_ADMIN_NETWORK']
+        else
+          nw = repository.networks.first
+          ENV.fetch('WG_ADMIN_NETWORK', "#{nw}/#{nw.prefix}")
+        end
+      end
+
+      def path
+        ENV['WG_ADMIN_STORE'] || File.expand_path('~/.wg-admin.pstore')
+      end
+
+      def repository
+        @repository ||= Repository.new(path)
+      end
+
+      Thor.class_option :verbose, type: :boolean, aliases: '-v'
+    end
+
+    #
+    # Shared instance methods
+    #
+    module InstanceHelpers
+      def repository
+        self.class.repository
+      end
+
+      def ip
+        if options[:ip]
+          IPAddr.new(options[:ip])
+        else
+          repository.next_address(network)
+        end
+      end
+
+      def network
+        IPAddr.new(options[:network])
+      end
+    end
+  end
+end

data/lib/wire_guard/admin/cli/networks.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+require 'thor'
+require 'wire_guard/admin/cli/helpers'
+
+module WireGuard
+  module Admin
+    #
+    # Commands for working with networks
+    #
+    class Networks < Thor
+      extend ClassHelpers
+      include InstanceHelpers
+
+      # rubocop:disable Metrics/AbcSize
+      desc 'list', 'Lists all known networks'
+      long_desc 'List the networks in the configuration database.'
+      def list
+        if options[:verbose]
+          warn "Using database #{repository.path}"
+          warn 'No networks defined.' if repository.networks.empty?
+        end
+
+        repository.networks.each do |network|
+          puts "#{network}/#{network.prefix}"
+        end
+      rescue StandardError => e
+        raise Thor::Error, "Error: #{e.message}"
+      end
+      # rubocop:enable Metrics/AbcSize
+
+      desc 'add NETWORK', 'Adds a new network'
+      long_desc 'Adds a new network to the configuration database.'
+      def add(network)
+        warn "Using database #{repository.path}" if options[:verbose]
+        nw = IPAddr.new(network)
+        repository.add_network(nw)
+        warn "Network #{nw}/#{nw.prefix} was successfully added." if options[:verbose]
+      rescue Repository::NetworkAlreadyExists => e
+        raise Thor::Error, "Error: #{e.message}"
+      end
+
+      desc 'delete NETWORK', 'Deletes a network'
+      long_desc 'Deletes an existingnetwork from the configuration database.'
+      def delete(network)
+        warn "Using database #{repository.path}" if options[:verbose]
+        nw = IPAddr.new(network)
+        repository.delete_network(nw)
+        warn "Network #{nw}/#{nw.prefix} was successfully deleted." if options[:verbose]
+      rescue StandardError => e
+        raise Thor::Error, "Error: #{e.message}"
+      end
+    end
+  end
+end

data/lib/wire_guard/admin/cli/peers.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+require 'thor'
+
+module WireGuard
+  module Admin
+    #
+    # Commands for working with peers (servers and clients)
+    #
+    class Peers < Thor
+      extend ClassHelpers
+      include InstanceHelpers
+
+      # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+      desc 'list', 'Lists all peers'
+      long_desc 'For a given network, lists all peers (servers and clients) in the configuration database.'
+      method_option :network, desc: 'network', aliases: '-n', default: default_network
+      def list
+        if options[:verbose]
+          warn "Using database #{repository.path}"
+          warn "No clients in network #{network}." if repository.networks.empty?
+        end
+        repository.peers(network).each do |peer|
+          if STDOUT.tty?
+            puts peer
+          else
+            puts peer.name
+          end
+        end
+      rescue StandardError => e
+        raise Thor::Error, "Error: #{e.message}"
+      end
+      # rubocop:enable Metrics/AbcSize, Metrics/MethodLength
+    end
+  end
+end

data/lib/wire_guard/admin/cli/servers.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+require 'thor'
+
+module WireGuard
+  module Admin
+    #
+    # Commands for working with servers
+    #
+    class Servers < Thor
+      extend ClassHelpers
+      include InstanceHelpers
+
+      # rubocop:disable Metrics/MethodLength, Metrics/CyclomaticComplexity, Metrics/AbcSize
+      desc 'add NAME', 'Adds a new server'
+      long_desc 'Adds a new server with the given public DNS NAME to the configuration database.'
+      method_option :network, desc: 'network', aliases: '-n', default: default_network
+      method_option :ip, desc: 'the (private) IP address of the new server (within the VPN)', aliases: '-i', required: false
+      method_option :port, desc: 'port to listen on', aliases: '-p', required: false
+      method_option :allowed_ips, desc: 'The range of allowed IP addresses that this server is routing', aliases: '-a', required: false
+      method_option :device, desc: 'The network device used for forwarding traffic', aliases: '-d', required: false
+      def add(name)
+        warn "Using database #{repository.path}" if options[:verbose]
+        server = Server.new(name: name, ip: ip, allowed_ips: options[:allowed_ips] || repository.find_network(network))
+        server.device = options[:device] if options[:device]
+        server.port = options[:port] if options[:port]
+        repository.add_peer(network, server)
+        if options[:verbose]
+          warn 'New server was successfully added:'
+          warn ''
+          warn server
+        end
+      rescue StandardError => e
+        raise Thor::Error, "Error: #{e.message}"
+      end
+
+      desc 'list', 'Lists all servers'
+      long_desc 'For a given network, lists all servers in the configuration database.'
+      method_option :network, desc: 'network', aliases: '-n', default: default_network
+      def list
+        if options[:verbose]
+          warn "Using database #{repository.path}"
+          warn "No servers in network #{network}." if repository.networks.empty?
+        end
+        repository.servers(network).each do |server|
+          puts server
+        end
+      rescue StandardError => e
+        raise Thor::Error, "Error: #{e.message}"
+      end
+      # rubocop:enable Metrics/MethodLength, Metrics/CyclomaticComplexity, Metrics/AbcSize
+    end
+  end
+end

data/lib/wire_guard/admin/client.rb

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+
+require 'open3'
+
+module WireGuard
+  module Admin
+    InvocationError = Class.new(StandardError) do
+      def initialize(lines)
+        super(lines.first)
+      end
+    end
+
+    ProgramNotFoundError = Class.new(StandardError) do
+      def initialize
+        super('wg was not found in the PATH. Perhaps it is not installed?')
+      end
+    end
+
+    #
+    # A host that connects to the VPN and registers a VPN subnet address such as 192.0.2.3 for itself.
+    #
+    # @see https://github.com/pirate/wireguard-docs#peernodedevice
+    #
+    class Client
+      attr_reader :name, :ip, :private_key, :public_key
+
+      # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+      def initialize(name:, ip:, private_key: nil, public_key: nil)
+        raise ArgumentError, 'name must be present' if name.nil?
+        raise ArgumentError, 'name must not be empty' if name.empty?
+        raise ArgumentError, 'ip must be present' if ip.nil?
+        raise ArgumentError, 'private_key must not be empty' if private_key&.empty?
+        raise ArgumentError, 'public_key must not be empty' if public_key&.empty?
+
+        @name = name
+        @ip = ip
+        @private_key = private_key || generate_private_key
+        @public_key = public_key || generate_public_key
+      end
+      # rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+
+      def to_s
+        "#{self.class.name.split('::').last} #{name}: #{ip}"
+      end
+
+      def hash
+        name.hash
+      end
+
+      def eql?(other)
+        hash == other.hash
+      end
+
+      def ==(other)
+        name == other.name
+      end
+
+      private
+
+      def generate_public_key
+        Open3.popen3('wg pubkey') do |stdin, stdout, stderr, waiter|
+          stdin.write(private_key)
+          stdin.close
+          raise InvocationError, stderr.lines unless waiter.value.success?
+
+          stdout.read.chomp
+        end
+      rescue SystemCallError => e
+        raise ProgramNotFoundError if e.message =~ /No such file or directory/
+
+        raise
+      end
+
+      def generate_private_key
+        Open3.popen3('wg genkey') do |_, stdout, stderr, waiter|
+          raise InvocationError, stderr.lines unless waiter.value.success?
+
+          stdout.read.chomp
+        end
+      rescue SystemCallError => e
+        raise ProgramNotFoundError if e.message =~ /No such file or directory/
+
+        raise
+      end
+    end
+  end
+end

data/lib/wire_guard/admin/repository.rb

@@ -0,0 +1,150 @@
+# frozen_string_literal: true
+
+require 'pstore'
+
+module WireGuard
+  module Admin
+    #
+    # The place where networks, clients and servers can be found and are persisted
+    #
+    class Repository
+      #
+      # Raised if the network was not specified
+      #
+      class NetworkNotSpecified < StandardError
+        def initialize
+          super('Network not specified')
+        end
+      end
+
+      #
+      # Raised if the network is not known
+      #
+      class UnknownNetwork < StandardError
+        def initialize(unknown)
+          super("Network #{unknown} is unknown")
+        end
+      end
+
+      #
+      # Raised if the network already exists
+      #
+      class NetworkAlreadyExists < StandardError
+        def initialize(existing)
+          super("Network #{existing} already exists")
+        end
+      end
+
+      #
+      # Raised if the network already exists
+      #
+      class PeerAlreadyExists < StandardError
+        def initialize(peer, network)
+          super("A peer named #{peer.name} already exists in network #{network}.")
+        end
+      end
+
+      attr_reader :path
+
+      def initialize(path)
+        @path = path
+        @backend = PStore.new(@path)
+      end
+
+      #
+      # Get all networks
+      #
+      def networks
+        @backend.transaction do
+          @backend.roots
+        end
+      end
+
+      #
+      # Find a network within all known ones
+      #
+      def find_network(network)
+        raise ArgumentError, 'network must be an IP address range' unless network.is_a?(IPAddr)
+
+        networks.select { |n| n == network }.first
+      end
+
+      #
+      # Find a peer by name within the given network
+      #
+      def find_peer(network, name)
+        raise ArgumentError, 'network must be an IP address range' unless network.is_a?(IPAddr)
+
+        peers(network).select { |p| p.name == name }.first
+      end
+
+      #
+      # Get all peers of the given network
+      #
+      def peers(network)
+        raise ArgumentError, 'network must be an IP address range' unless network.is_a?(IPAddr)
+
+        @backend.transaction do
+          raise UnknownNetwork, network unless @backend.root?(network)
+
+          @backend[network]
+        end
+      end
+
+      #
+      # Add a new network
+      #
+      def add_network(network)
+        raise ArgumentError, 'network must be an IP address range' unless network.is_a?(IPAddr)
+
+        @backend.transaction do
+          raise NetworkAlreadyExists, network if @backend.root?(network)
+
+          @backend[network] = []
+        end
+      end
+
+      def delete_network(network)
+        raise ArgumentError, 'network must be an IP address range' unless network.is_a?(IPAddr)
+
+        @backend.transaction do
+          raise UnknownNetwork, network unless @backend.root?(network)
+
+          @backend.delete(network)
+        end
+      end
+
+      #
+      # Add a peer to the given network
+      #
+      def add_peer(network, peer)
+        raise PeerAlreadyExists.new(peer, network) if find_peer(network, peer.name)
+
+        @backend.transaction do
+          raise UnknownNetwork, network unless @backend.root?(network)
+
+          @backend[network] << peer
+        end
+      end
+
+      #
+      # Find the next address within the given network that is not assigned to a peer
+      #
+      def next_address(network)
+        raise ArgumentError, 'network must be an IP address range' unless network.is_a?(IPAddr)
+
+        peers(network).inject(network.succ) do |candidate, peer|
+          candidate == peer.ip ? candidate.succ : peer.ip
+        end
+      end
+
+      def servers(network)
+        peers(network).select { |p| p.is_a?(Server) }
+      end
+
+      def clients(network)
+        peers(network).select { |p| p.is_a?(Client) }
+      end
+    end
+  end
+end