default client allowed ips in server config

260f7333 · Stephen Boyle · eecea63d · 260f7333 · 260f7333 · 260f7333
Commit 260f7333 authored 5 years ago by Stephen Boyle
--- a/core/server.go
+++ b/core/server.go
@@ -36,6 +36,10 @@ func ReadServer() (*model.Server, error) {
 		server.Dns = append(server.Dns, "fd9f::10:0:0:2")
 		server.Dns = append(server.Dns, "10.0.0.2")

+		server.AllowedIPs = make([]string, 0)
+		server.AllowedIPs = append(server.AllowedIPs, "0.0.0.0/0")
+		server.AllowedIPs = append(server.AllowedIPs, "::/0")
+
 		server.PersistentKeepalive = 16
 		server.Mtu = 0
 		server.PreUp = "echo WireGuard PreUp"

--- a/model/server.go
+++ b/model/server.go
@@ -16,6 +16,7 @@ type Server struct {
 	Endpoint            string    `json:"endpoint"`
 	PersistentKeepalive int       `json:"persistentKeepalive"`
 	Dns                 []string  `json:"dns"`
+	AllowedIPs          []string  `json:"allowedips"`
 	PreUp               string    `json:"preUp"`
 	PostUp              string    `json:"postUp"`
 	PreDown             string    `json:"preDown"`
@@ -59,6 +60,12 @@ func (a Server) IsValid() []error {
 			errs = append(errs, fmt.Errorf("dns %s is invalid", dns))
 		}
 	}
+	// check if the allowedIPs are valid
+	for _, allowedIP := range a.AllowedIPs {
+		if !util.IsValidCidr(allowedIP) {
+			errs = append(errs, fmt.Errorf("allowedIP %s is invalid", allowedIP))
+		}
+	}

 	return errs
 }
--- a/ui/src/components/Clients.vue
+++ b/ui/src/components/Clients.vue
@@ -382,7 +382,7 @@
          name: "",
          email: "",
          enable: true,
-          allowedIPs: ["0.0.0.0/0", "::/0"],
+          allowedIPs: this.server.allowedips,
          address: this.server.address,
        }
      },

--- a/ui/src/components/Server.vue
+++ b/ui/src/components/Server.vue
@@ -85,6 +85,26 @@
                                    </v-chip>
                                </template>
                            </v-combobox>
+                            <v-combobox
+                                    v-model="server.allowedips"
+                                    chips
+                                    hint="Write IPv4 or IPv6 address and hit enter"
+                                    label="Default Allowed IPs for clients"
+                                    multiple
+                                    dark
+                            >
+                                <template v-slot:selection="{ attrs, item, select, selected }">
+                                    <v-chip
+                                            v-bind="attrs"
+                                            :input-value="selected"
+                                            close
+                                            @click="select"
+                                            @click:close="server.allowedips.splice(server.allowedips.indexOf(item), 1)"
+                                    >
+                                        <strong>{{ item }}</strong>&nbsp;
+                                    </v-chip>
+                                </template>
+                            </v-combobox>
                            <v-text-field
                                    type="number"
                                    v-model="server.mtu"
@@ -218,6 +238,18 @@
          }
        }

+        // check client AllowedIPs
+        if (this.server.allowedips.length < 1) {
+          this.notify('error', 'Please provide at least one valid CIDR address for client allowed IPs');
+          return;
+        }
+        for (let i = 0; i < this.server.allowedips.length; i++){
+          if (this.$isCidr(this.server.allowedips[i]) === 0) {
+            this.notify('error', 'Invalid CIDR detected, please correct before submitting');
+            return
+          }
+        }
+
        this.api.patch('/server', this.server).then((res) => {
          this.notify('success', "Server successfully updated");
          this.server = res;