From 2e21e6122fdcd7e17f6da5bcef8806bcd5e1e151 Mon Sep 17 00:00:00 2001
From: sergiotarxz <sergiotarxz@posteo.net>
Date: Fri, 19 Jul 2024 20:01:15 +0200
Subject: [PATCH] Adding whitelist control.

---
 lib/VPNManager.pm                 |  3 +-
 lib/VPNManager/Controller/Main.pm | 52 +++++++++++++------------------
 lib/VPNManager/DB/Migrations.pm   |  4 +++
 script/get_whitelist_json.pl      | 23 ++++++++++++++
 script/installer.pl               | 27 ++++++++++------
 templates/main/index.html.ep      | 22 +++++++++++--
 6 files changed, 88 insertions(+), 43 deletions(-)
 create mode 100644 script/get_whitelist_json.pl

diff --git a/lib/VPNManager.pm b/lib/VPNManager.pm
index 5d7d600..b3e261f 100644
--- a/lib/VPNManager.pm
+++ b/lib/VPNManager.pm
@@ -65,6 +65,7 @@ sub startup ($self) {
     $routes->post('/vpn/user/:id/download')->to('Main#download_file');
     $routes->post('/vpn/user/:id/enable')->to('Main#enable_user');
     $routes->post('/vpn/user/:id/disable')->to('Main#disable_user');
-    # $routes->post('/vpn/save')->to('Main#save_vpn_settings');
+    $routes->post('/whitelist/add')->to('Main#whitelist_add');
+    $routes->post('/whitelist/:id/remove')->to('Main#whitelist_remove');
 }
 1;
diff --git a/lib/VPNManager/Controller/Main.pm b/lib/VPNManager/Controller/Main.pm
index afdd97b..b18f62f 100644
--- a/lib/VPNManager/Controller/Main.pm
+++ b/lib/VPNManager/Controller/Main.pm
@@ -15,7 +15,11 @@ use Path::Tiny;
 sub main($self) {
     my $resultset = VPNManager::Schema->Schema->resultset('VPNUser');
     my @users     = $resultset->search( {} );
+    my $resultset_console = VPNManager::Schema->Schema->resultset('WhitelistConsole');
+    my @whitelist_users = $resultset_console->search({});
+    warn @whitelist_users;
     $self->stash( users => \@users );
+    $self->stash( whitelist_users => \@whitelist_users );
     $self->render( template => 'main/index' );
 }
 
@@ -162,34 +166,20 @@ sub disable_user($self) {
     return $self->redirect_to('/');
 }
 
-#sub save_vpn_settings($self) {
-#    my $out_dir = path(__FILE__)->parent->parent->parent->parent->child('out');
-#    $out_dir->mkpath;
-#    system 'chmod', '700', $out_dir;
-#    my $config     = $self->config;
-#    my $vpn_config = <<"EOF";
-#[Interface]
-#Address = @{[$config->{vpn}{host}]}/@{[$config->{vpn}{submask}]}
-#MTU = @{[$config->{vpn}{mtu}]} 
-#SaveConfig = false
-#ListenPort = @{[$config->{vpnclients}{server_port}]}
-#PrivateKey = @{[$config->{vpn}{privkey}]}
-#EOF
-#    my $resultset = VPNManager::Schema->Schema->resultset('VPNUser');
-#    my @users     = $resultset->search( {} );
-#
-#    for my $user (@users) {
-#        next if !$user->is_enabled;
-#
-#        $vpn_config .= <<"EOF";
-#
-#[Peer]
-#PublicKey = @{[$user->publickey]}
-#AllowedIPs = @{[$user->ip_to_text]}/32
-#Endpoint = @{[$config->{vpn}{endpoint}]}:@{[$config->{vpnclients}{server_port}]}
-#EOF
-#    }
-#    $out_dir->child('wg0.conf')->spew_raw($vpn_config);
-#    return $self->redirect_to('/');
-#}
-1;
+sub whitelist_add($self) {
+    my $resultset = VPNManager::Schema->Schema->resultset('WhitelistConsole');
+    my $username = $self->param('username');
+    eval {
+    $resultset->populate([{username => $username}]);
+    };
+    if ($@) {
+        warn $@;
+    }
+    return $self->redirect_to('/');
+}
+sub whitelist_remove($self) {
+    my $resultset = VPNManager::Schema->Schema->resultset('WhitelistConsole');
+    my $id = $self->param('id');
+    $resultset->search({id => $id})->delete;
+    return $self->redirect_to('/');
+}1;
diff --git a/lib/VPNManager/DB/Migrations.pm b/lib/VPNManager/DB/Migrations.pm
index 527f496..911b6d4 100644
--- a/lib/VPNManager/DB/Migrations.pm
+++ b/lib/VPNManager/DB/Migrations.pm
@@ -31,6 +31,10 @@ sub MIGRATIONS {
         'ALTER TABLE vpn_users rename column is_protected to is_protected_old;',
         'ALTER TABLE vpn_users add is_protected NOT NULL DEFAULT false;',
         'UPDATE vpn_users set is_protected = is_protected_old;',
+        'CREATE TABLE whitelist_console (
+            id INTEGER PRIMARY KEY,
+            username TEXT NOT NULL UNIQUE
+        );',
     );
 }
 1;
diff --git a/script/get_whitelist_json.pl b/script/get_whitelist_json.pl
new file mode 100644
index 0000000..4828784
--- /dev/null
+++ b/script/get_whitelist_json.pl
@@ -0,0 +1,23 @@
+#!/usr/bin/env perl
+use v5.38.2;
+
+use strict;
+use warnings;
+
+use Moo;
+use File::Basename qw/dirname/;
+use lib dirname(dirname(__FILE__)).'/lib';
+use VPNManager::Schema;
+use JSON::PP;
+
+sub get_json($self) {
+    require VPNManager;
+    my $config     = VPNManager->new->config;
+    my $resultset = VPNManager::Schema->Schema->resultset('WhitelistConsole');
+    my @users     = map { $_->username } $resultset->search( {} );
+    my $json = JSON::PP->new;
+    $json->canonical([1]);
+    $json->pretty([1]);
+    print $json->encode([@users]);
+}
+__PACKAGE__->new->get_json;
diff --git a/script/installer.pl b/script/installer.pl
index aad5c7b..e19e54a 100644
--- a/script/installer.pl
+++ b/script/installer.pl
@@ -13,7 +13,8 @@ if ($> != 0) {
 
 while (1) {
     eval {
-        install_if_new();
+#        install_if_new_wireguard();
+        install_if_new_whitelist();
         sleep 15;
     };
     if ($@) {
@@ -21,22 +22,30 @@ while (1) {
     }
 }
 
-sub install_if_new {
-    my $script_get_wg_config = abs_path(dirname(__FILE__).'/get_wg_config.pl');
-    my $user = 'vpnmanager';
-    open my $fh, '-|', 'sudo', '-i', '-u', $user, 'perl', $script_get_wg_config;
+sub install_from_script($script, $output_file) {
+    my $script_abs = abs_path(dirname(__FILE__). '/'. $script);
+    my $user = 'sergio';
+    open my $fh, '-|', 'sudo', '-i', '-u', $user, 'perl', $script_abs;
     my $contents = join '', <$fh>;
-    my $output_file = '/etc/wireguard/wg0.conf';
     my $output_exists;
     open $fh, '<', $output_file and ($output_exists = 1);
     my $contents_output_file = '';
     $contents_output_file = join '', <$fh> if $output_exists;
     if ($contents ne $contents_output_file) {
         say 'Writting new file';
+        say "Writting new file for $script -> $output_file";;
+        system 'mkdir', '-p', dirname($output_file);
         open $fh, '>', $output_file;
         print $fh $contents;
-        system 'systemctl', 'restart', 'wg-quick@wg0';
-        return;
+        return 1;
     }
-    say 'Files equal';
+    say "Files equal for $script -> $output_file";;
+}
+
+sub install_if_new_wireguard {
+    system 'systemctl', 'restart', 'wg-quick@wg0' if install_from_script('get_wg_config.pl', '/etc/wireguard/wg5.conf');
+}
+
+sub install_if_new_whitelist {
+    install_from_script('get_whitelist_json.pl', '/etc/geyser-console/whitelist.json');
 }
diff --git a/templates/main/index.html.ep b/templates/main/index.html.ep
index 5a24a10..6eca886 100644
--- a/templates/main/index.html.ep
+++ b/templates/main/index.html.ep
@@ -4,6 +4,7 @@
         <link rel="stylesheet" href="/style.css"/>
     </head>
     <body class="main">
+        <h2>VPN Users</h2>
         <p><a href="/vpn/create-user">Create new vpn user</a>.</p>
 % if (defined $users && @$users) {
         <ul>
@@ -15,8 +16,25 @@
 %       }
 % }
         </ul>
-        <form action="/vpn/save" method="post">
-            <input type="submit" value="Save VPN Settings"/>
+        <h2>Console whitelist</h2>
+        <h3>Add a user to the console whitelist</h3>
+        <form action="/whitelist/add" method="post">
+            <div>
+                <label for="name">Name</label>
+                <input name="username"/>
+            </div>
+            <input type="submit" value="Submit"/> 
         </form>
+% my $whitelist_users = stash 'whitelist_users';
+% if (defined $whitelist_users && @$whitelist_users) {
+        <h3>List of console users in whitelist</h3>
+        <ul>
+%       for my $user (@$whitelist_users) {
+            <li><%=$user->username%> <form class="inline" method="post" action="/whitelist/<%=$user->id%>/remove">
+                <input type="submit" value="Delete"/> 
+            </form></li>
+%       }
+        </ul>
+% }
     </body>
 </html>