24840246726

Committed 23 Apr 2026 02:13PM UTC coverage: 82.374% (-0.1%) from 82.477%

Build # 24840246726

Build Type

push

github

Committed by

web-flow

Commit Message

Release fixes (#12)

* Release fixes

* fixes

* test

Coverage Stats

441 of 558 branches covered (79.03%)

Branch coverage included in aggregate %.

2 of 2 new or added lines in 1 file covered. (100.0%)

2 existing lines in 1 file now uncovered.

2849 of 3436 relevant lines covered (82.92%)

13.83 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

87.37

/store/sqlitedb/sqlitedb.go

package sqlitedb

import (
        "database/sql"
        "embed"
        "encoding/base64"
        "encoding/json"
        "fmt"
        "net"
        "os"
        "path/filepath"
        "time"

        _ "modernc.org/sqlite"

        "github.com/skip2/go-qrcode"
        "golang.zx2c4.com/wireguard/wgctrl/wgtypes"

        "github.com/DigitalTolk/wireguard-ui/model"
        "github.com/DigitalTolk/wireguard-ui/util"
)

const (
        userColumns         = "username, email, display_name, COALESCE(oidc_sub, ''), admin, created_at, updated_at"
        qrCodeDataURIPrefix = "data:image/png;base64,"
)

//go:embed schema.sql
var schemaFS embed.FS

// SqliteDB implements store.IStore using SQLite
type SqliteDB struct {
        db     *sql.DB
        dbPath string
}

// New creates a new SqliteDB instance
func New(dbPath string) (*SqliteDB, error) {
        // ensure parent directory exists
        dir := filepath.Dir(dbPath)
        if err := os.MkdirAll(dir, 0750); err != nil {
                return nil, fmt.Errorf("cannot create database directory: %w", err)
        }

        db, err := sql.Open("sqlite", dbPath+"?_journal_mode=WAL&_busy_timeout=5000&_foreign_keys=ON")
        if err != nil {
                return nil, fmt.Errorf("cannot open database: %w", err)
        }

        // apply schema
        schema, err := schemaFS.ReadFile("schema.sql")
        if err != nil {
                return nil, fmt.Errorf("cannot read schema: %w", err)
        }
        if _, err := db.Exec(string(schema)); err != nil {
                return nil, fmt.Errorf("cannot apply schema: %w", err)
        }

        return &SqliteDB{db: db, dbPath: dbPath}, nil
}

// Init initializes the database with default values if they don't exist
func (o *SqliteDB) Init() error {
        // server interface
        var ifaceCount int
        o.db.QueryRow("SELECT COUNT(*) FROM server_interface").Scan(&ifaceCount)
        if ifaceCount == 0 {
                addresses := util.LookupEnvOrStrings(util.ServerAddressesEnvVar, []string{util.DefaultServerAddress})
                listenPort := util.LookupEnvOrInt(util.ServerListenPortEnvVar, util.DefaultServerPort)
                postUp := util.LookupEnvOrString(util.ServerPostUpScriptEnvVar, "")
                postDown := util.LookupEnvOrString(util.ServerPostDownScriptEnvVar, "")
                addrJSON, _ := json.Marshal(addresses)
                _, err := o.db.Exec(
                        `INSERT INTO server_interface (id, addresses, listen_port, post_up, post_down, updated_at) VALUES (1, ?, ?, ?, ?, ?)`,
                        string(addrJSON), listenPort, postUp, postDown, time.Now().UTC(),
                )
                if err != nil {
                        return fmt.Errorf("cannot init server interface: %w", err)
                }
        }

        // server keypair
        var kpCount int
        o.db.QueryRow("SELECT COUNT(*) FROM server_keypair").Scan(&kpCount)
        if kpCount == 0 {
                key, err := wgtypes.GeneratePrivateKey()
                if err != nil {
                        return fmt.Errorf("cannot generate server keypair: %w", err)
                }
                _, err = o.db.Exec(
                        `INSERT INTO server_keypair (id, private_key, public_key, updated_at) VALUES (1, ?, ?, ?)`,
                        key.String(), key.PublicKey().String(), time.Now().UTC(),
                )
                if err != nil {
                        return fmt.Errorf("cannot init server keypair: %w", err)
                }
        }

        // global settings
        var gsCount int
        o.db.QueryRow("SELECT COUNT(*) FROM global_settings").Scan(&gsCount)
        if gsCount == 0 {
                endpointAddress := util.LookupEnvOrString(util.EndpointAddressEnvVar, "")
                if endpointAddress == "" {
                        publicInterface, err := util.GetPublicIP()
                        if err != nil {
                                return fmt.Errorf("cannot detect public IP: %w", err)
                        }
                        endpointAddress = publicInterface.IPAddress
                }
                dnsServers := util.LookupEnvOrStrings(util.DNSEnvVar, []string{util.DefaultDNS})
                dnsJSON, _ := json.Marshal(dnsServers)
                _, err := o.db.Exec(
                        `INSERT INTO global_settings (id, endpoint_address, dns_servers, mtu, persistent_keepalive, firewall_mark, "table", config_file_path, updated_at)
                         VALUES (1, ?, ?, ?, ?, ?, ?, ?, ?)`,
                        endpointAddress,
                        string(dnsJSON),
                        util.LookupEnvOrInt(util.MTUEnvVar, util.DefaultMTU),
                        util.LookupEnvOrInt(util.PersistentKeepaliveEnvVar, util.DefaultPersistentKeepalive),
                        util.LookupEnvOrString(util.FirewallMarkEnvVar, util.DefaultFirewallMark),
                        util.LookupEnvOrString(util.TableEnvVar, util.DefaultTable),
                        util.LookupEnvOrString(util.ConfigFilePathEnvVar, util.DefaultConfigFilePath),
                        time.Now().UTC(),
                )
                if err != nil {
                        return fmt.Errorf("cannot init global settings: %w", err)
                }
        }

        // hashes
        var hashCount int
        o.db.QueryRow("SELECT COUNT(*) FROM hashes").Scan(&hashCount)
        if hashCount == 0 {
                o.db.Exec(`INSERT INTO hashes (id, client, server) VALUES (1, 'none', 'none')`)
        }

        // init caches (first OIDC login auto-provisions admin user)
        users, err := o.GetUsers()
        if err == nil {
                util.DBUsersToCRC32Mutex.Lock()
                for _, user := range users {
                        util.DBUsersToCRC32[user.Username] = util.GetDBUserCRC32(user)
                }
                util.DBUsersToCRC32Mutex.Unlock()
        }

        return nil
}

// GetUsers returns all users
func (o *SqliteDB) GetUsers() ([]model.User, error) {
        rows, err := o.db.Query("SELECT " + userColumns + " FROM users")
        if err != nil {
                return nil, err
        }
        defer rows.Close()

        var users []model.User
        for rows.Next() {
                var u model.User
                if err := rows.Scan(&u.Username, &u.Email, &u.DisplayName, &u.OIDCSub, &u.Admin, &u.CreatedAt, &u.UpdatedAt); err != nil {
                        return nil, err
                }
                users = append(users, u)
        }
        return users, rows.Err()
}

// GetUserByName returns a single user by username
func (o *SqliteDB) GetUserByName(username string) (model.User, error) {
        var u model.User
        err := o.db.QueryRow(
                "SELECT "+userColumns+" FROM users WHERE username = ?",
                username,
        ).Scan(&u.Username, &u.Email, &u.DisplayName, &u.OIDCSub, &u.Admin, &u.CreatedAt, &u.UpdatedAt)
        if err != nil {
                return u, err
        }
        return u, nil
}

// SaveUser creates or updates a user
func (o *SqliteDB) SaveUser(user model.User) error {
        now := time.Now().UTC()
        if user.UpdatedAt.IsZero() {
                user.UpdatedAt = now
        }
        if user.CreatedAt.IsZero() {
                user.CreatedAt = now
        }

        _, err := o.db.Exec(
                `INSERT INTO users (username, email, display_name, oidc_sub, admin, created_at, updated_at)
                 VALUES (?, ?, ?, NULLIF(?, ''), ?, ?, ?)
                 ON CONFLICT(username) DO UPDATE SET
                   email = excluded.email,
                   display_name = excluded.display_name,
                   oidc_sub = excluded.oidc_sub,
                   admin = excluded.admin,
                   updated_at = excluded.updated_at`,
                user.Username, user.Email, user.DisplayName, user.OIDCSub, user.Admin, user.CreatedAt, user.UpdatedAt,
        )
        if err != nil {
                return err
        }
        util.DBUsersToCRC32Mutex.Lock()
        util.DBUsersToCRC32[user.Username] = util.GetDBUserCRC32(user)
        util.DBUsersToCRC32Mutex.Unlock()
        return nil
}

// DeleteUser removes a user by username
func (o *SqliteDB) DeleteUser(username string) error {
        util.DBUsersToCRC32Mutex.Lock()
        delete(util.DBUsersToCRC32, username)
        util.DBUsersToCRC32Mutex.Unlock()
        _, err := o.db.Exec("DELETE FROM users WHERE username = ?", username)
        return err
}

// GetGlobalSettings returns global WireGuard settings
func (o *SqliteDB) GetGlobalSettings() (model.GlobalSetting, error) {
        var gs model.GlobalSetting
        var dnsJSON string
        err := o.db.QueryRow(
                `SELECT endpoint_address, dns_servers, mtu, persistent_keepalive, firewall_mark, "table", config_file_path, updated_at
                 FROM global_settings WHERE id = 1`,
        ).Scan(&gs.EndpointAddress, &dnsJSON, &gs.MTU, &gs.PersistentKeepalive, &gs.FirewallMark, &gs.Table, &gs.ConfigFilePath, &gs.UpdatedAt)
        if err != nil {
                return gs, err
        }
        json.Unmarshal([]byte(dnsJSON), &gs.DNSServers)
        return gs, nil
}

// GetServer returns the server config (interface + keypair)
func (o *SqliteDB) GetServer() (model.Server, error) {
        server := model.Server{}

        // interface
        iface := model.ServerInterface{}
        var addrJSON string
        err := o.db.QueryRow(
                "SELECT addresses, listen_port, post_up, pre_down, post_down, updated_at FROM server_interface WHERE id = 1",
        ).Scan(&addrJSON, &iface.ListenPort, &iface.PostUp, &iface.PreDown, &iface.PostDown, &iface.UpdatedAt)
        if err != nil {
                return server, fmt.Errorf("cannot read server interface: %w", err)
        }
        json.Unmarshal([]byte(addrJSON), &iface.Addresses)
        server.Interface = &iface

        // keypair
        kp := model.ServerKeypair{}
        err = o.db.QueryRow(
                "SELECT private_key, public_key, updated_at FROM server_keypair WHERE id = 1",
        ).Scan(&kp.PrivateKey, &kp.PublicKey, &kp.UpdatedAt)
        if err != nil {
                return server, fmt.Errorf("cannot read server keypair: %w", err)
        }
        server.KeyPair = &kp

        return server, nil
}

// GetClients returns all clients, optionally with QR codes
func (o *SqliteDB) GetClients(hasQRCode bool) ([]model.ClientData, error) {
        rows, err := o.db.Query(
                `SELECT id, private_key, public_key, preshared_key, name, email, telegram_userid,
                        subnet_ranges, allocated_ips, allowed_ips, extra_allowed_ips,
                        endpoint, additional_notes, use_server_dns, enabled, created_at, updated_at
                 FROM clients`,
        )
        if err != nil {
                return nil, err
        }
        defer rows.Close()

        // fetch server/settings once outside the loop for QR generation
        var server model.Server
        var globalSettings model.GlobalSetting
        if hasQRCode {
                server, _ = o.GetServer()
                globalSettings, _ = o.GetGlobalSettings()
        }

        var clients []model.ClientData
        for rows.Next() {
                client, err := scanClientFrom(rows)
                if err != nil {
                        return nil, err
                }

                clientData := model.ClientData{Client: &client}

                if hasQRCode && client.PrivateKey != "" {
                        png, err := qrcode.Encode(util.BuildClientConfig(client, server, globalSettings), qrcode.Medium, 256)
                        if err == nil {
                                clientData.QRCode = qrCodeDataURIPrefix + base64.StdEncoding.EncodeToString(png)
                        }
                }

                clients = append(clients, clientData)
        }
        return clients, rows.Err()
}

// GetClientByID returns a single client by ID
func (o *SqliteDB) GetClientByID(clientID string, qrCodeSettings model.QRCodeSettings) (model.ClientData, error) {
        clientData := model.ClientData{}

        row := o.db.QueryRow(
                `SELECT id, private_key, public_key, preshared_key, name, email, telegram_userid,
                        subnet_ranges, allocated_ips, allowed_ips, extra_allowed_ips,
                        endpoint, additional_notes, use_server_dns, enabled, created_at, updated_at
                 FROM clients WHERE id = ?`, clientID,
        )

        client, err := scanClientFrom(row)
        if err != nil {
                return clientData, err
        }

        if qrCodeSettings.Enabled && client.PrivateKey != "" {
                server, _ := o.GetServer()
                globalSettings, _ := o.GetGlobalSettings()
                if !qrCodeSettings.IncludeDNS {
                        globalSettings.DNSServers = []string{}
                }
                if !qrCodeSettings.IncludeMTU {
                        globalSettings.MTU = 0
                }
                png, err := qrcode.Encode(util.BuildClientConfig(client, server, globalSettings), qrcode.Medium, 256)
                if err == nil {
                        clientData.QRCode = qrCodeDataURIPrefix + base64.StdEncoding.EncodeToString(png)
                }
        }

        clientData.Client = &client
        return clientData, nil
}

// SaveClient creates or updates a client
func (o *SqliteDB) SaveClient(client model.Client) error {
        subnetJSON, _ := json.Marshal(client.SubnetRanges)
        allocJSON, _ := json.Marshal(client.AllocatedIPs)
        allowJSON, _ := json.Marshal(client.AllowedIPs)
        extraJSON, _ := json.Marshal(client.ExtraAllowedIPs)

        _, err := o.db.Exec(
                `INSERT INTO clients (id, private_key, public_key, preshared_key, name, email, telegram_userid,
                                      subnet_ranges, allocated_ips, allowed_ips, extra_allowed_ips,
                                      endpoint, additional_notes, use_server_dns, enabled, created_at, updated_at)
                 VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
                 ON CONFLICT(id) DO UPDATE SET
                   private_key = excluded.private_key,
                   public_key = excluded.public_key,
                   preshared_key = excluded.preshared_key,
                   name = excluded.name,
                   email = excluded.email,
                   telegram_userid = excluded.telegram_userid,
                   subnet_ranges = excluded.subnet_ranges,
                   allocated_ips = excluded.allocated_ips,
                   allowed_ips = excluded.allowed_ips,
                   extra_allowed_ips = excluded.extra_allowed_ips,
                   endpoint = excluded.endpoint,
                   additional_notes = excluded.additional_notes,
                   use_server_dns = excluded.use_server_dns,
                   enabled = excluded.enabled,
                   updated_at = excluded.updated_at`,
                client.ID, client.PrivateKey, client.PublicKey, client.PresharedKey,
                client.Name, client.Email, client.TgUserid,
                string(subnetJSON), string(allocJSON), string(allowJSON), string(extraJSON),
                client.Endpoint, client.AdditionalNotes, client.UseServerDNS, client.Enabled,
                client.CreatedAt, client.UpdatedAt,
        )
        return err
}

// DeleteClient removes a client by ID
func (o *SqliteDB) DeleteClient(clientID string) error {
        _, err := o.db.Exec("DELETE FROM clients WHERE id = ?", clientID)
        return err
}

// SaveServerInterface updates the server interface config
func (o *SqliteDB) SaveServerInterface(serverInterface model.ServerInterface) error {
        addrJSON, _ := json.Marshal(serverInterface.Addresses)
        _, err := o.db.Exec(
                `UPDATE server_interface SET addresses = ?, listen_port = ?, post_up = ?, pre_down = ?, post_down = ?, updated_at = ? WHERE id = 1`,
                string(addrJSON), serverInterface.ListenPort, serverInterface.PostUp, serverInterface.PreDown, serverInterface.PostDown, serverInterface.UpdatedAt,
        )
        return err
}

// SaveServerKeyPair updates the server keypair
func (o *SqliteDB) SaveServerKeyPair(serverKeyPair model.ServerKeypair) error {
        _, err := o.db.Exec(
                `UPDATE server_keypair SET private_key = ?, public_key = ?, updated_at = ? WHERE id = 1`,
                serverKeyPair.PrivateKey, serverKeyPair.PublicKey, serverKeyPair.UpdatedAt,
        )
        return err
}

// SaveGlobalSettings updates global settings
func (o *SqliteDB) SaveGlobalSettings(globalSettings model.GlobalSetting) error {
        dnsJSON, _ := json.Marshal(globalSettings.DNSServers)
        _, err := o.db.Exec(
                `UPDATE global_settings SET endpoint_address = ?, dns_servers = ?, mtu = ?, persistent_keepalive = ?,
                 firewall_mark = ?, "table" = ?, config_file_path = ?, updated_at = ? WHERE id = 1`,
                globalSettings.EndpointAddress, string(dnsJSON), globalSettings.MTU, globalSettings.PersistentKeepalive,
                globalSettings.FirewallMark, globalSettings.Table, globalSettings.ConfigFilePath, globalSettings.UpdatedAt,
        )
        return err
}

// GetAllocatedIPs returns all IP addresses allocated to clients and server
func (o *SqliteDB) GetAllocatedIPs(excludeClientID string) ([]string, error) {
        allocatedIPs := make([]string, 0)

        // server addresses
        var addrJSON string
        err := o.db.QueryRow("SELECT addresses FROM server_interface WHERE id = 1").Scan(&addrJSON)
        if err != nil {
                return nil, err
        }
        var serverAddrs []string
        json.Unmarshal([]byte(addrJSON), &serverAddrs)
        for _, cidr := range serverAddrs {
                ip, _, err := net.ParseCIDR(cidr)
                if err != nil {
                        return nil, err
                }
                allocatedIPs = append(allocatedIPs, ip.String())
        }

        // client addresses
        rows, err := o.db.Query("SELECT allocated_ips FROM clients WHERE id != ?", excludeClientID)
        if err != nil {
                return nil, err
        }
        defer rows.Close()
        for rows.Next() {
                var ipsJSON string
                if err := rows.Scan(&ipsJSON); err != nil {
                        return nil, err
                }
                var ips []string
                json.Unmarshal([]byte(ipsJSON), &ips)
                for _, cidr := range ips {
                        ip, _, err := net.ParseCIDR(cidr)
                        if err != nil {
                                return nil, err
                        }
                        allocatedIPs = append(allocatedIPs, ip.String())
                }
        }

        return allocatedIPs, rows.Err()
}

// GetPath returns the database file path
func (o *SqliteDB) GetPath() string {
        return filepath.Dir(o.dbPath)
}

// GetHashes returns stored hashes
func (o *SqliteDB) GetHashes() (model.ClientServerHashes, error) {
        var h model.ClientServerHashes
        err := o.db.QueryRow("SELECT client, server FROM hashes WHERE id = 1").Scan(&h.Client, &h.Server)
        return h, err
}

// SaveHashes updates stored hashes
func (o *SqliteDB) SaveHashes(hashes model.ClientServerHashes) error {
        _, err := o.db.Exec("UPDATE hashes SET client = ?, server = ? WHERE id = 1", hashes.Client, hashes.Server)
        return err
}

// DB returns the underlying sql.DB for direct access (e.g., audit logs)
func (o *SqliteDB) DB() *sql.DB {
        return o.db
}

// GetUserByOIDCSub returns a user by their OIDC subject identifier
func (o *SqliteDB) GetUserByOIDCSub(sub string) (model.User, error) {
        var u model.User
        err := o.db.QueryRow(
                "SELECT "+userColumns+" FROM users WHERE oidc_sub = ?", sub,
        ).Scan(&u.Username, &u.Email, &u.DisplayName, &u.OIDCSub, &u.Admin, &u.CreatedAt, &u.UpdatedAt)
        return u, err
}

// scanner is satisfied by both *sql.Rows and *sql.Row
type scanner interface {
        Scan(dest ...interface{}) error
}

func scanClientFrom(s scanner) (model.Client, error) {
        var c model.Client
        var subnetJSON, allocJSON, allowJSON, extraJSON string
        err := s.Scan(
                &c.ID, &c.PrivateKey, &c.PublicKey, &c.PresharedKey,
                &c.Name, &c.Email, &c.TgUserid,
                &subnetJSON, &allocJSON, &allowJSON, &extraJSON,
                &c.Endpoint, &c.AdditionalNotes, &c.UseServerDNS, &c.Enabled,
                &c.CreatedAt, &c.UpdatedAt,
        )
        if err != nil {
                return c, err
        }
        json.Unmarshal([]byte(subnetJSON), &c.SubnetRanges)
        json.Unmarshal([]byte(allocJSON), &c.AllocatedIPs)
        json.Unmarshal([]byte(allowJSON), &c.AllowedIPs)
        json.Unmarshal([]byte(extraJSON), &c.ExtraAllowedIPs)
        return c, nil
}

1	package sqlitedb
2
3	import (
4	"database/sql"
5	"embed"
6	"encoding/base64"
7	"encoding/json"
8	"fmt"
9	"net"
10	"os"
11	"path/filepath"
12	"time"
13
14	_ "modernc.org/sqlite"
15
16	"github.com/skip2/go-qrcode"
17	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
18
19	"github.com/DigitalTolk/wireguard-ui/model"
20	"github.com/DigitalTolk/wireguard-ui/util"
21	)
22
23	const (
24	userColumns = "username, email, display_name, COALESCE(oidc_sub, ''), admin, created_at, updated_at"
25	qrCodeDataURIPrefix = "data:image/png;base64,"
26	)
27
28	//go:embed schema.sql
29	var schemaFS embed.FS
30
31	// SqliteDB implements store.IStore using SQLite
32	type SqliteDB struct {
33	db *sql.DB
34	dbPath string
35	}
36
37	// New creates a new SqliteDB instance
38	func New(dbPath string) (*SqliteDB, error) {	58✔
39	// ensure parent directory exists	58✔
40	dir := filepath.Dir(dbPath)	58✔
41	if err := os.MkdirAll(dir, 0750); err != nil {	58✔
42	return nil, fmt.Errorf("cannot create database directory: %w", err)	×
43	}	×
44
45	db, err := sql.Open("sqlite", dbPath+"?_journal_mode=WAL&_busy_timeout=5000&_foreign_keys=ON")	58✔
46	if err != nil {	58✔
47	return nil, fmt.Errorf("cannot open database: %w", err)	×
48	}	×
49
50	// apply schema
51	schema, err := schemaFS.ReadFile("schema.sql")	58✔
52	if err != nil {	58✔
53	return nil, fmt.Errorf("cannot read schema: %w", err)	×
54	}	×
55	if _, err := db.Exec(string(schema)); err != nil {	58✔
56	return nil, fmt.Errorf("cannot apply schema: %w", err)	×
57	}	×
58
59	return &SqliteDB{db: db, dbPath: dbPath}, nil	58✔
60	}
61
62	// Init initializes the database with default values if they don't exist
63	func (o *SqliteDB) Init() error {	29✔
64	// server interface	29✔
65	var ifaceCount int	29✔
66	o.db.QueryRow("SELECT COUNT(*) FROM server_interface").Scan(&ifaceCount)	29✔
67	if ifaceCount == 0 {	57✔
68	addresses := util.LookupEnvOrStrings(util.ServerAddressesEnvVar, []string{util.DefaultServerAddress})	28✔
69	listenPort := util.LookupEnvOrInt(util.ServerListenPortEnvVar, util.DefaultServerPort)	28✔
70	postUp := util.LookupEnvOrString(util.ServerPostUpScriptEnvVar, "")	28✔
71	postDown := util.LookupEnvOrString(util.ServerPostDownScriptEnvVar, "")	28✔
72	addrJSON, _ := json.Marshal(addresses)	28✔
73	_, err := o.db.Exec(	28✔
74	`INSERT INTO server_interface (id, addresses, listen_port, post_up, post_down, updated_at) VALUES (1, ?, ?, ?, ?, ?)`,	28✔
75	string(addrJSON), listenPort, postUp, postDown, time.Now().UTC(),	28✔
76	)	28✔
77	if err != nil {	28✔
78	return fmt.Errorf("cannot init server interface: %w", err)	×
79	}	×
80	}
81
82	// server keypair
83	var kpCount int	29✔
84	o.db.QueryRow("SELECT COUNT(*) FROM server_keypair").Scan(&kpCount)	29✔
85	if kpCount == 0 {	57✔
86	key, err := wgtypes.GeneratePrivateKey()	28✔
87	if err != nil {	28✔
88	return fmt.Errorf("cannot generate server keypair: %w", err)	×
89	}	×
90	_, err = o.db.Exec(	28✔
91	`INSERT INTO server_keypair (id, private_key, public_key, updated_at) VALUES (1, ?, ?, ?)`,	28✔
92	key.String(), key.PublicKey().String(), time.Now().UTC(),	28✔
93	)	28✔
94	if err != nil {	28✔
95	return fmt.Errorf("cannot init server keypair: %w", err)	×
96	}	×
97	}
98
99	// global settings
100	var gsCount int	29✔
101	o.db.QueryRow("SELECT COUNT(*) FROM global_settings").Scan(&gsCount)	29✔
102	if gsCount == 0 {	57✔
103	endpointAddress := util.LookupEnvOrString(util.EndpointAddressEnvVar, "")	28✔
104	if endpointAddress == "" {	28✔
105	publicInterface, err := util.GetPublicIP()	×
106	if err != nil {	×
107	return fmt.Errorf("cannot detect public IP: %w", err)	×
108	}	×
109	endpointAddress = publicInterface.IPAddress	×
110	}
111	dnsServers := util.LookupEnvOrStrings(util.DNSEnvVar, []string{util.DefaultDNS})	28✔
112	dnsJSON, _ := json.Marshal(dnsServers)	28✔
113	_, err := o.db.Exec(	28✔
114	`INSERT INTO global_settings (id, endpoint_address, dns_servers, mtu, persistent_keepalive, firewall_mark, "table", config_file_path, updated_at)	28✔
115	VALUES (1, ?, ?, ?, ?, ?, ?, ?, ?)`,	28✔
116	endpointAddress,	28✔
117	string(dnsJSON),	28✔
118	util.LookupEnvOrInt(util.MTUEnvVar, util.DefaultMTU),	28✔
119	util.LookupEnvOrInt(util.PersistentKeepaliveEnvVar, util.DefaultPersistentKeepalive),	28✔
120	util.LookupEnvOrString(util.FirewallMarkEnvVar, util.DefaultFirewallMark),	28✔
121	util.LookupEnvOrString(util.TableEnvVar, util.DefaultTable),	28✔
122	util.LookupEnvOrString(util.ConfigFilePathEnvVar, util.DefaultConfigFilePath),	28✔
123	time.Now().UTC(),	28✔
124	)	28✔
125	if err != nil {	28✔
126	return fmt.Errorf("cannot init global settings: %w", err)	×
127	}	×
128	}
129
130	// hashes
131	var hashCount int	29✔
132	o.db.QueryRow("SELECT COUNT(*) FROM hashes").Scan(&hashCount)	29✔
133	if hashCount == 0 {	57✔
134	o.db.Exec(`INSERT INTO hashes (id, client, server) VALUES (1, 'none', 'none')`)	28✔
135	}	28✔
136
137	// init caches (first OIDC login auto-provisions admin user)
138	users, err := o.GetUsers()	29✔
139	if err == nil {	58✔
140	util.DBUsersToCRC32Mutex.Lock()	29✔
141	for _, user := range users {	29✔
UNCOV 142	util.DBUsersToCRC32[user.Username] = util.GetDBUserCRC32(user)	×
UNCOV 143	}	×
144	util.DBUsersToCRC32Mutex.Unlock()	29✔
145	}
146
147	return nil	29✔
148	}
149
150	// GetUsers returns all users
151	func (o *SqliteDB) GetUsers() ([]model.User, error) {	31✔
152	rows, err := o.db.Query("SELECT " + userColumns + " FROM users")	31✔
153	if err != nil {	31✔
154	return nil, err	×
155	}	×
156	defer rows.Close()	31✔
157		31✔
158	var users []model.User	31✔
159	for rows.Next() {	33✔
160	var u model.User	2✔
161	if err := rows.Scan(&u.Username, &u.Email, &u.DisplayName, &u.OIDCSub, &u.Admin, &u.CreatedAt, &u.UpdatedAt); err != nil {	2✔
162	return nil, err	×
163	}	×
164	users = append(users, u)	2✔
165	}
166	return users, rows.Err()	31✔
167	}
168
169	// GetUserByName returns a single user by username
170	func (o *SqliteDB) GetUserByName(username string) (model.User, error) {	7✔
171	var u model.User	7✔
172	err := o.db.QueryRow(	7✔
173	"SELECT "+userColumns+" FROM users WHERE username = ?",	7✔
174	username,	7✔
175	).Scan(&u.Username, &u.Email, &u.DisplayName, &u.OIDCSub, &u.Admin, &u.CreatedAt, &u.UpdatedAt)	7✔
176	if err != nil {	9✔
177	return u, err	2✔
178	}	2✔
179	return u, nil	5✔
180	}
181
182	// SaveUser creates or updates a user
183	func (o *SqliteDB) SaveUser(user model.User) error {	10✔
184	now := time.Now().UTC()	10✔
185	if user.UpdatedAt.IsZero() {	11✔
186	user.UpdatedAt = now	1✔
187	}	1✔
188	if user.CreatedAt.IsZero() {	11✔
189	user.CreatedAt = now	1✔
190	}	1✔
191
192	_, err := o.db.Exec(	10✔
193	`INSERT INTO users (username, email, display_name, oidc_sub, admin, created_at, updated_at)	10✔
194	VALUES (?, ?, ?, NULLIF(?, ''), ?, ?, ?)	10✔
195	ON CONFLICT(username) DO UPDATE SET	10✔
196	email = excluded.email,	10✔
197	display_name = excluded.display_name,	10✔
198	oidc_sub = excluded.oidc_sub,	10✔
199	admin = excluded.admin,	10✔
200	updated_at = excluded.updated_at`,	10✔
201	user.Username, user.Email, user.DisplayName, user.OIDCSub, user.Admin, user.CreatedAt, user.UpdatedAt,	10✔
202	)	10✔
203	if err != nil {	10✔
204	return err	×
205	}	×
206	util.DBUsersToCRC32Mutex.Lock()	10✔
207	util.DBUsersToCRC32[user.Username] = util.GetDBUserCRC32(user)	10✔
208	util.DBUsersToCRC32Mutex.Unlock()	10✔
209	return nil	10✔
210	}
211
212	// DeleteUser removes a user by username
213	func (o *SqliteDB) DeleteUser(username string) error {	1✔
214	util.DBUsersToCRC32Mutex.Lock()	1✔
215	delete(util.DBUsersToCRC32, username)	1✔
216	util.DBUsersToCRC32Mutex.Unlock()	1✔
217	_, err := o.db.Exec("DELETE FROM users WHERE username = ?", username)	1✔
218	return err	1✔
219	}	1✔
220
221	// GetGlobalSettings returns global WireGuard settings
222	func (o *SqliteDB) GetGlobalSettings() (model.GlobalSetting, error) {	16✔
223	var gs model.GlobalSetting	16✔
224	var dnsJSON string	16✔
225	err := o.db.QueryRow(	16✔
226	`SELECT endpoint_address, dns_servers, mtu, persistent_keepalive, firewall_mark, "table", config_file_path, updated_at	16✔
227	FROM global_settings WHERE id = 1`,	16✔
228	).Scan(&gs.EndpointAddress, &dnsJSON, &gs.MTU, &gs.PersistentKeepalive, &gs.FirewallMark, &gs.Table, &gs.ConfigFilePath, &gs.UpdatedAt)	16✔
229	if err != nil {	16✔
230	return gs, err	×
231	}	×
232	json.Unmarshal([]byte(dnsJSON), &gs.DNSServers)	16✔
233	return gs, nil	16✔
234	}
235
236	// GetServer returns the server config (interface + keypair)
237	func (o *SqliteDB) GetServer() (model.Server, error) {	19✔
238	server := model.Server{}	19✔
239		19✔
240	// interface	19✔
241	iface := model.ServerInterface{}	19✔
242	var addrJSON string	19✔
243	err := o.db.QueryRow(	19✔
244	"SELECT addresses, listen_port, post_up, pre_down, post_down, updated_at FROM server_interface WHERE id = 1",	19✔
245	).Scan(&addrJSON, &iface.ListenPort, &iface.PostUp, &iface.PreDown, &iface.PostDown, &iface.UpdatedAt)	19✔
246	if err != nil {	19✔
247	return server, fmt.Errorf("cannot read server interface: %w", err)	×
248	}	×
249	json.Unmarshal([]byte(addrJSON), &iface.Addresses)	19✔
250	server.Interface = &iface	19✔
251		19✔
252	// keypair	19✔
253	kp := model.ServerKeypair{}	19✔
254	err = o.db.QueryRow(	19✔
255	"SELECT private_key, public_key, updated_at FROM server_keypair WHERE id = 1",	19✔
256	).Scan(&kp.PrivateKey, &kp.PublicKey, &kp.UpdatedAt)	19✔
257	if err != nil {	19✔
258	return server, fmt.Errorf("cannot read server keypair: %w", err)	×
259	}	×
260	server.KeyPair = &kp	19✔
261		19✔
262	return server, nil	19✔
263	}
264
265	// GetClients returns all clients, optionally with QR codes
266	func (o *SqliteDB) GetClients(hasQRCode bool) ([]model.ClientData, error) {	11✔
267	rows, err := o.db.Query(	11✔
268	`SELECT id, private_key, public_key, preshared_key, name, email, telegram_userid,	11✔
269	subnet_ranges, allocated_ips, allowed_ips, extra_allowed_ips,	11✔
270	endpoint, additional_notes, use_server_dns, enabled, created_at, updated_at	11✔
271	FROM clients`,	11✔
272	)	11✔
273	if err != nil {	11✔
274	return nil, err	×
275	}	×
276	defer rows.Close()	11✔
277		11✔
278	// fetch server/settings once outside the loop for QR generation	11✔
279	var server model.Server	11✔
280	var globalSettings model.GlobalSetting	11✔
281	if hasQRCode {	13✔
282	server, _ = o.GetServer()	2✔
283	globalSettings, _ = o.GetGlobalSettings()	2✔
284	}	2✔
285
286	var clients []model.ClientData	11✔
287	for rows.Next() {	18✔
288	client, err := scanClientFrom(rows)	7✔
289	if err != nil {	7✔
290	return nil, err	×
291	}	×
292
293	clientData := model.ClientData{Client: &client}	7✔
294		7✔
295	if hasQRCode && client.PrivateKey != "" {	8✔
296	png, err := qrcode.Encode(util.BuildClientConfig(client, server, globalSettings), qrcode.Medium, 256)	1✔
297	if err == nil {	2✔
298	clientData.QRCode = qrCodeDataURIPrefix + base64.StdEncoding.EncodeToString(png)	1✔
299	}	1✔
300	}
301
302	clients = append(clients, clientData)	7✔
303	}
304	return clients, rows.Err()	11✔
305	}
306
307	// GetClientByID returns a single client by ID
308	func (o *SqliteDB) GetClientByID(clientID string, qrCodeSettings model.QRCodeSettings) (model.ClientData, error) {	10✔
309	clientData := model.ClientData{}	10✔
310		10✔
311	row := o.db.QueryRow(	10✔
312	`SELECT id, private_key, public_key, preshared_key, name, email, telegram_userid,	10✔
313	subnet_ranges, allocated_ips, allowed_ips, extra_allowed_ips,	10✔
314	endpoint, additional_notes, use_server_dns, enabled, created_at, updated_at	10✔
315	FROM clients WHERE id = ?`, clientID,	10✔
316	)	10✔
317		10✔
318	client, err := scanClientFrom(row)	10✔
319	if err != nil {	12✔
320	return clientData, err	2✔
321	}	2✔
322
323	if qrCodeSettings.Enabled && client.PrivateKey != "" {	10✔
324	server, _ := o.GetServer()	2✔
325	globalSettings, _ := o.GetGlobalSettings()	2✔
326	if !qrCodeSettings.IncludeDNS {	3✔
327	globalSettings.DNSServers = []string{}	1✔
328	}	1✔
329	if !qrCodeSettings.IncludeMTU {	3✔
330	globalSettings.MTU = 0	1✔
331	}	1✔
332	png, err := qrcode.Encode(util.BuildClientConfig(client, server, globalSettings), qrcode.Medium, 256)	2✔
333	if err == nil {	4✔
334	clientData.QRCode = qrCodeDataURIPrefix + base64.StdEncoding.EncodeToString(png)	2✔
335	}	2✔
336	}
337
338	clientData.Client = &client	8✔
339	return clientData, nil	8✔
340	}
341
342	// SaveClient creates or updates a client
343	func (o *SqliteDB) SaveClient(client model.Client) error {	19✔
344	subnetJSON, _ := json.Marshal(client.SubnetRanges)	19✔
345	allocJSON, _ := json.Marshal(client.AllocatedIPs)	19✔
346	allowJSON, _ := json.Marshal(client.AllowedIPs)	19✔
347	extraJSON, _ := json.Marshal(client.ExtraAllowedIPs)	19✔
348		19✔
349	_, err := o.db.Exec(	19✔
350	`INSERT INTO clients (id, private_key, public_key, preshared_key, name, email, telegram_userid,	19✔
351	subnet_ranges, allocated_ips, allowed_ips, extra_allowed_ips,	19✔
352	endpoint, additional_notes, use_server_dns, enabled, created_at, updated_at)	19✔
353	VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)	19✔
354	ON CONFLICT(id) DO UPDATE SET	19✔
355	private_key = excluded.private_key,	19✔
356	public_key = excluded.public_key,	19✔
357	preshared_key = excluded.preshared_key,	19✔
358	name = excluded.name,	19✔
359	email = excluded.email,	19✔
360	telegram_userid = excluded.telegram_userid,	19✔
361	subnet_ranges = excluded.subnet_ranges,	19✔
362	allocated_ips = excluded.allocated_ips,	19✔
363	allowed_ips = excluded.allowed_ips,	19✔
364	extra_allowed_ips = excluded.extra_allowed_ips,	19✔
365	endpoint = excluded.endpoint,	19✔
366	additional_notes = excluded.additional_notes,	19✔
367	use_server_dns = excluded.use_server_dns,	19✔
368	enabled = excluded.enabled,	19✔
369	updated_at = excluded.updated_at`,	19✔
370	client.ID, client.PrivateKey, client.PublicKey, client.PresharedKey,	19✔
371	client.Name, client.Email, client.TgUserid,	19✔
372	string(subnetJSON), string(allocJSON), string(allowJSON), string(extraJSON),	19✔
373	client.Endpoint, client.AdditionalNotes, client.UseServerDNS, client.Enabled,	19✔
374	client.CreatedAt, client.UpdatedAt,	19✔
375	)	19✔
376	return err	19✔
377	}	19✔
378
379	// DeleteClient removes a client by ID
380	func (o *SqliteDB) DeleteClient(clientID string) error {	1✔
381	_, err := o.db.Exec("DELETE FROM clients WHERE id = ?", clientID)	1✔
382	return err	1✔
383	}	1✔
384
385	// SaveServerInterface updates the server interface config
386	func (o *SqliteDB) SaveServerInterface(serverInterface model.ServerInterface) error {	2✔
387	addrJSON, _ := json.Marshal(serverInterface.Addresses)	2✔
388	_, err := o.db.Exec(	2✔
389	`UPDATE server_interface SET addresses = ?, listen_port = ?, post_up = ?, pre_down = ?, post_down = ?, updated_at = ? WHERE id = 1`,	2✔
390	string(addrJSON), serverInterface.ListenPort, serverInterface.PostUp, serverInterface.PreDown, serverInterface.PostDown, serverInterface.UpdatedAt,	2✔
391	)	2✔
392	return err	2✔
393	}	2✔
394
395	// SaveServerKeyPair updates the server keypair
396	func (o *SqliteDB) SaveServerKeyPair(serverKeyPair model.ServerKeypair) error {	1✔
397	_, err := o.db.Exec(	1✔
398	`UPDATE server_keypair SET private_key = ?, public_key = ?, updated_at = ? WHERE id = 1`,	1✔
399	serverKeyPair.PrivateKey, serverKeyPair.PublicKey, serverKeyPair.UpdatedAt,	1✔
400	)	1✔
401	return err	1✔
402	}	1✔
403
404	// SaveGlobalSettings updates global settings
405	func (o *SqliteDB) SaveGlobalSettings(globalSettings model.GlobalSetting) error {	1✔
406	dnsJSON, _ := json.Marshal(globalSettings.DNSServers)	1✔
407	_, err := o.db.Exec(	1✔
408	`UPDATE global_settings SET endpoint_address = ?, dns_servers = ?, mtu = ?, persistent_keepalive = ?,	1✔
409	firewall_mark = ?, "table" = ?, config_file_path = ?, updated_at = ? WHERE id = 1`,	1✔
410	globalSettings.EndpointAddress, string(dnsJSON), globalSettings.MTU, globalSettings.PersistentKeepalive,	1✔
411	globalSettings.FirewallMark, globalSettings.Table, globalSettings.ConfigFilePath, globalSettings.UpdatedAt,	1✔
412	)	1✔
413	return err	1✔
414	}	1✔
415
416	// GetAllocatedIPs returns all IP addresses allocated to clients and server
417	func (o *SqliteDB) GetAllocatedIPs(excludeClientID string) ([]string, error) {	2✔
418	allocatedIPs := make([]string, 0)	2✔
419		2✔
420	// server addresses	2✔
421	var addrJSON string	2✔
422	err := o.db.QueryRow("SELECT addresses FROM server_interface WHERE id = 1").Scan(&addrJSON)	2✔
423	if err != nil {	2✔
424	return nil, err	×
425	}	×
426	var serverAddrs []string	2✔
427	json.Unmarshal([]byte(addrJSON), &serverAddrs)	2✔
428	for _, cidr := range serverAddrs {	4✔
429	ip, _, err := net.ParseCIDR(cidr)	2✔
430	if err != nil {	2✔
431	return nil, err	×
432	}	×
433	allocatedIPs = append(allocatedIPs, ip.String())	2✔
434	}
435
436	// client addresses
437	rows, err := o.db.Query("SELECT allocated_ips FROM clients WHERE id != ?", excludeClientID)	2✔
438	if err != nil {	2✔
439	return nil, err	×
440	}	×
441	defer rows.Close()	2✔
442	for rows.Next() {	4✔
443	var ipsJSON string	2✔
444	if err := rows.Scan(&ipsJSON); err != nil {	2✔
445	return nil, err	×
446	}	×
447	var ips []string	2✔
448	json.Unmarshal([]byte(ipsJSON), &ips)	2✔
449	for _, cidr := range ips {	4✔
450	ip, _, err := net.ParseCIDR(cidr)	2✔
451	if err != nil {	2✔
452	return nil, err	×
453	}	×
454	allocatedIPs = append(allocatedIPs, ip.String())	2✔
455	}
456	}
457
458	return allocatedIPs, rows.Err()	2✔
459	}
460
461	// GetPath returns the database file path
462	func (o *SqliteDB) GetPath() string {	1✔
463	return filepath.Dir(o.dbPath)	1✔
464	}	1✔
465
466	// GetHashes returns stored hashes
467	func (o *SqliteDB) GetHashes() (model.ClientServerHashes, error) {	7✔
468	var h model.ClientServerHashes	7✔
469	err := o.db.QueryRow("SELECT client, server FROM hashes WHERE id = 1").Scan(&h.Client, &h.Server)	7✔
470	return h, err	7✔
471	}	7✔
472
473	// SaveHashes updates stored hashes
474	func (o *SqliteDB) SaveHashes(hashes model.ClientServerHashes) error {	3✔
475	_, err := o.db.Exec("UPDATE hashes SET client = ?, server = ? WHERE id = 1", hashes.Client, hashes.Server)	3✔
476	return err	3✔
477	}	3✔
478
479	// DB returns the underlying sql.DB for direct access (e.g., audit logs)
480	func (o SqliteDB) DB() sql.DB {	1✔
481	return o.db	1✔
482	}	1✔
483
484	// GetUserByOIDCSub returns a user by their OIDC subject identifier
485	func (o *SqliteDB) GetUserByOIDCSub(sub string) (model.User, error) {	3✔
486	var u model.User	3✔
487	err := o.db.QueryRow(	3✔
488	"SELECT "+userColumns+" FROM users WHERE oidc_sub = ?", sub,	3✔
489	).Scan(&u.Username, &u.Email, &u.DisplayName, &u.OIDCSub, &u.Admin, &u.CreatedAt, &u.UpdatedAt)	3✔
490	return u, err	3✔
491	}	3✔
492
493	// scanner is satisfied by both sql.Rows and sql.Row
494	type scanner interface {
495	Scan(dest ...interface{}) error
496	}
497
498	func scanClientFrom(s scanner) (model.Client, error) {	17✔
499	var c model.Client	17✔
500	var subnetJSON, allocJSON, allowJSON, extraJSON string	17✔
501	err := s.Scan(	17✔
502	&c.ID, &c.PrivateKey, &c.PublicKey, &c.PresharedKey,	17✔
503	&c.Name, &c.Email, &c.TgUserid,	17✔
504	&subnetJSON, &allocJSON, &allowJSON, &extraJSON,	17✔
505	&c.Endpoint, &c.AdditionalNotes, &c.UseServerDNS, &c.Enabled,	17✔
506	&c.CreatedAt, &c.UpdatedAt,	17✔
507	)	17✔
508	if err != nil {	19✔
509	return c, err	2✔
510	}	2✔
511	json.Unmarshal([]byte(subnetJSON), &c.SubnetRanges)	15✔
512	json.Unmarshal([]byte(allocJSON), &c.AllocatedIPs)	15✔
513	json.Unmarshal([]byte(allowJSON), &c.AllowedIPs)	15✔
514	json.Unmarshal([]byte(extraJSON), &c.ExtraAllowedIPs)	15✔
515	return c, nil	15✔
516	}

DigitalTolk / wireguard-ui / 24840246726

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous