rc/friwall
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

vpn: fix active tunnel detection

Browse source 
For IPv6 addresses we cannot just compare string data, since we
register a whole subnet for each WG key. Also drop the active tunnel
check from list_custom endpoint.
This commit is contained in:
Timotej Lazar 2024-11-26 13:18:48 +01:00
parent 501a3745bb
commit fd9a46377b
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
web/vpn.py
View file

@ -33,8 +33,9 @@ def custom():
def list(): def list():
# Return logged-in user’s keys, marking the key used for current connection (if any). # Return logged-in user’s keys, marking the key used for current connection (if any).
user = flask_login.current_user.get_id() user = flask_login.current_user.get_id()
remote_addr = ipaddress.ip_address(flask.request.remote_addr)
return flask.jsonify([ return flask.jsonify([
data | {'ip': ip, 'active': flask.request.remote_addr in (ip, data.get('ip6'))} data | {'ip': ip, 'active': any(remote_addr in ipaddress.ip_network(addr) for addr in (ip, data.get('ip6')))}
for ip, data in db.load('wireguard').items() if data.get('user') == user for ip, data in db.load('wireguard').items() if data.get('user') == user
]) ])
@ -45,7 +46,7 @@ def list_custom():
if not flask_login.current_user.is_admin: if not flask_login.current_user.is_admin:
return flask.Response('forbidden', status=403, mimetype='text/plain') return flask.Response('forbidden', status=403, mimetype='text/plain')
return flask.jsonify([ return flask.jsonify([
data | {'ip': ip, 'active': flask.request.remote_addr in (ip, data.get('ip6'))} data | {'ip': ip}
for ip, data in db.load('wireguard').items() if data.get('networks') and not data.get('user') for ip, data in db.load('wireguard').items() if data.get('networks') and not data.get('user')
]) ])