From fd9a46377b7c6ef1882f6f9b974825ce55da8950 Mon Sep 17 00:00:00 2001
From: Timotej Lazar <timotej.lazar@fri.uni-lj.si>
Date: Tue, 26 Nov 2024 13:18:48 +0100
Subject: [PATCH] vpn: fix active tunnel detection

For IPv6 addresses we cannot just compare string data, since we
register a whole subnet for each WG key. Also drop the active tunnel
check from list_custom endpoint.
---
 web/vpn.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/web/vpn.py b/web/vpn.py
index 0b77e45..9d6f4c3 100644
--- a/web/vpn.py
+++ b/web/vpn.py
@@ -33,8 +33,9 @@ def custom():
 def list():
     # Return logged-in user’s keys, marking the key used for current connection (if any).
     user = flask_login.current_user.get_id()
+    remote_addr = ipaddress.ip_address(flask.request.remote_addr)
     return flask.jsonify([
-        data | {'ip': ip, 'active': flask.request.remote_addr in (ip, data.get('ip6'))}
+        data | {'ip': ip, 'active': any(remote_addr in ipaddress.ip_network(addr) for addr in (ip, data.get('ip6')))}
             for ip, data in db.load('wireguard').items() if data.get('user') == user
     ])
 
@@ -45,7 +46,7 @@ def list_custom():
     if not flask_login.current_user.is_admin:
         return flask.Response('forbidden', status=403, mimetype='text/plain')
     return flask.jsonify([
-        data | {'ip': ip, 'active': flask.request.remote_addr in (ip, data.get('ip6'))}
+        data | {'ip': ip}
             for ip, data in db.load('wireguard').items() if data.get('networks') and not data.get('user')
     ])