' + key.key + '
' + key.name +
- (key.active ? '★ ' : '');
- li.prepend(a);
- keys.appendChild(li);
- if (key.active)
- warning.hidden = false;
- }
- document.querySelector('section.keys').style.display = (Object.keys(data).length ? 'unset' : 'none');
+ update(Object.values(data));
})
.catch(error => console.error(error));
}
diff --git a/web/system.py b/web/system.py
index 3bb66b9..1bde640 100644
--- a/web/system.py
+++ b/web/system.py
@@ -77,17 +77,24 @@ def save_config():
settings = db.read('settings')
version = settings['version'] = int(settings.get('version') or '0') + 1
- # Update IP sets with VPN addresses based on AD group membership.
- vpn_groups = set([e['vpn'] for e in ipsets.values() if e.get('vpn')])
+ # Find networks accessible to VPN users for each AD group.
+ vpn_groups = {e['vpn'] for e in ipsets.values() if e.get('vpn')}
group_networks = {
group: [name for name, data in ipsets.items() if data['vpn'] == group] for group in vpn_groups
}
+
+ # Add VPN addresses to IP sets.
for ip, key in wireguard.items():
+ # Find all networks this IP should belong to:
+ # - manually specified networks for custom keys,
+ # - networks accessible to any of the user’s groups.
+ key_networks = set(key.get('networks', ()))
for group in user_groups.get(key.get('user', ''), ()):
- for network in group_networks.get(group, ()):
- ipsets[network]['ip'].append(f'{ip}/32')
- if ip6 := key.get('ip6'):
- ipsets[network]['ip6'].append(ip6)
+ key_networks |= set(group_networks.get(group, ()))
+ for network in key_networks:
+ ipsets[network]['ip'].append(f'{ip}/32')
+ if ip6 := key.get('ip6'):
+ ipsets[network]['ip6'].append(ip6)
# Create config files.
output = pathlib.Path.home() / 'config' / f'{version}'
diff --git a/web/templates/base.html b/web/templates/base.html
index add9ed1..7b0832c 100644
--- a/web/templates/base.html
+++ b/web/templates/base.html
@@ -9,7 +9,8 @@ body {
margin: 1em auto;
}
code {
- background-color: #eeeeee;
+ background-color: #f8f8f8;
+ padding: 0.1em 0.25em;
}
details {
margin: 0.5em 1em;
@@ -31,18 +32,22 @@ input:read-only {
border-style: dotted;
}
pre {
- background-color: #eeeeee;
+ background-color: #f8f8f8;
border: 1px solid #cccccc;
padding: 0.5em;
}
+table {
+ border-spacing: 0 0.1em;
+}
th {
text-align: left;
}
th, td {
padding-right: 1em;
+ vertical-align: middle;
}
-th {
- border-bottom: 1px solid black;
+tbody > tr:hover {
+ background-color: #f8f8f8;
}
ul.keys {
margin: 0 0.5em 0.5em;
diff --git a/web/templates/index.html b/web/templates/index.html
index 01320ba..80ea4a6 100644
--- a/web/templates/index.html
+++ b/web/templates/index.html
@@ -3,7 +3,7 @@
+Urejate ključe WireGuard s posebnimi dostopi. + +
Ključ | IP | IPv6 | Naprava | Omrežja + | +
---|
AllowedIPs
. Ti dolo
Če ključa ne uporabljamo, smo ga izgubili ali so nam ga ukradli, ga tukaj odstranimo. Trenutno so registrirani ključi: -
+ +
Ključ | IP | IPv6 | Naprava + | +
---|
★ Ta ključ uporablja trenutna povezava. Če ga odstranite, bo prekinjena.