From 260f73336fa37a7abb8b27648611ca132513a9bb Mon Sep 17 00:00:00 2001
From: Stephen Boyle <stephen@thirdvantage.com>
Date: Tue, 14 Apr 2020 12:47:56 -0400
Subject: [PATCH] default client allowed ips in server config

---
 core/server.go                |  4 ++++
 model/server.go               |  7 +++++++
 ui/src/components/Clients.vue |  2 +-
 ui/src/components/Server.vue  | 32 ++++++++++++++++++++++++++++++++
 4 files changed, 44 insertions(+), 1 deletion(-)

diff --git a/core/server.go b/core/server.go
index 49d8af9..c2287f7 100644
--- a/core/server.go
+++ b/core/server.go
@@ -36,6 +36,10 @@ func ReadServer() (*model.Server, error) {
 		server.Dns = append(server.Dns, "fd9f::10:0:0:2")
 		server.Dns = append(server.Dns, "10.0.0.2")
 
+		server.AllowedIPs = make([]string, 0)
+		server.AllowedIPs = append(server.AllowedIPs, "0.0.0.0/0")
+		server.AllowedIPs = append(server.AllowedIPs, "::/0")
+
 		server.PersistentKeepalive = 16
 		server.Mtu = 0
 		server.PreUp = "echo WireGuard PreUp"
diff --git a/model/server.go b/model/server.go
index c495e15..b7c2cdf 100644
--- a/model/server.go
+++ b/model/server.go
@@ -16,6 +16,7 @@ type Server struct {
 	Endpoint            string    `json:"endpoint"`
 	PersistentKeepalive int       `json:"persistentKeepalive"`
 	Dns                 []string  `json:"dns"`
+	AllowedIPs          []string  `json:"allowedips"`
 	PreUp               string    `json:"preUp"`
 	PostUp              string    `json:"postUp"`
 	PreDown             string    `json:"preDown"`
@@ -59,6 +60,12 @@ func (a Server) IsValid() []error {
 			errs = append(errs, fmt.Errorf("dns %s is invalid", dns))
 		}
 	}
+	// check if the allowedIPs are valid
+	for _, allowedIP := range a.AllowedIPs {
+		if !util.IsValidCidr(allowedIP) {
+			errs = append(errs, fmt.Errorf("allowedIP %s is invalid", allowedIP))
+		}
+	}
 
 	return errs
 }
diff --git a/ui/src/components/Clients.vue b/ui/src/components/Clients.vue
index f383e77..e2c5786 100644
--- a/ui/src/components/Clients.vue
+++ b/ui/src/components/Clients.vue
@@ -382,7 +382,7 @@
           name: "",
           email: "",
           enable: true,
-          allowedIPs: ["0.0.0.0/0", "::/0"],
+          allowedIPs: this.server.allowedips,
           address: this.server.address,
         }
       },
diff --git a/ui/src/components/Server.vue b/ui/src/components/Server.vue
index eb37cb2..c8fdffc 100644
--- a/ui/src/components/Server.vue
+++ b/ui/src/components/Server.vue
@@ -85,6 +85,26 @@
                                     </v-chip>
                                 </template>
                             </v-combobox>
+                            <v-combobox
+                                    v-model="server.allowedips"
+                                    chips
+                                    hint="Write IPv4 or IPv6 address and hit enter"
+                                    label="Default Allowed IPs for clients"
+                                    multiple
+                                    dark
+                            >
+                                <template v-slot:selection="{ attrs, item, select, selected }">
+                                    <v-chip
+                                            v-bind="attrs"
+                                            :input-value="selected"
+                                            close
+                                            @click="select"
+                                            @click:close="server.allowedips.splice(server.allowedips.indexOf(item), 1)"
+                                    >
+                                        <strong>{{ item }}</strong>&nbsp;
+                                    </v-chip>
+                                </template>
+                            </v-combobox>
                             <v-text-field
                                     type="number"
                                     v-model="server.mtu"
@@ -218,6 +238,18 @@
           }
         }
 
+        // check client AllowedIPs
+        if (this.server.allowedips.length < 1) {
+          this.notify('error', 'Please provide at least one valid CIDR address for client allowed IPs');
+          return;
+        }
+        for (let i = 0; i < this.server.allowedips.length; i++){
+          if (this.$isCidr(this.server.allowedips[i]) === 0) {
+            this.notify('error', 'Invalid CIDR detected, please correct before submitting');
+            return
+          }
+        }
+
         this.api.patch('/server', this.server).then((res) => {
           this.notify('success', "Server successfully updated");
           this.server = res;
-- 
GitLab