Merge branch '34-add-wireguard-public-key'

88fea398 · Frank Sauerburger · a5f7288a · 8359de1d · 88fea398 · 88fea398
Verified Commit 88fea398 authored 2 years ago by Frank Sauerburger
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -112,6 +112,8 @@ container-test:
    - echo "${CI_REGISTRY_PASSWORD}" | docker login -u ${CI_REGISTRY_USER} --password-stdin ${CI_REGISTRY}
    - docker-compose -f docker-compose.yml -f docker-compose.ci.yml pull -q
    - docker-compose -f docker-compose.yml -f docker-compose.ci.yml up -d
+    - sleep 10
+    - docker-compose restart webserver
 deploy_staging:
  # Deploy the current image to the production machine.

--- a/app/Dockerfile
+++ b/app/Dockerfile
@@ -13,6 +13,7 @@ COPY owlca /app/owlca
 COPY pgp /app/pgp
 COPY ssh /app/ssh
 COPY wkd /app/wkd
+COPY wireguard /app/wireguard
 RUN useradd -rMd /app app
 RUN chown -R app:app /app

--- a/app/keys/settings.py
+++ b/app/keys/settings.py
@@ -72,6 +72,7 @@ INSTALLED_APPS = [
    'owlca',
    'pgp',
    'ssh',
+    'wireguard',
    'guardian',
    'fontawesome-free',
    'crispy_forms',

--- a/app/keys/urls.py
+++ b/app/keys/urls.py
@@ -21,6 +21,7 @@ urlpatterns = [
    path('pgp/', include('pgp.urls')),
    path('ssh/', include('ssh.urls')),
    path('pks/', include('hkp.urls')),
+    path('wireguard/', include('wireguard.urls')),
    path('.well-known/openpgpkey/', include('wkd.urls')),
    path('admin/', admin.site.urls),
    path('', include('keys_home.urls')),

--- a/app/keys_home/static/keys_home/css/main.scss
+++ b/app/keys_home/static/keys_home/css/main.scss
@@ -440,3 +440,61 @@ body {
    @extend .my-3;
  }
 }
+/********************************************************/
+/* Wireguard Key                                              */
+/********************************************************/
+.wireguardkey-item {
+  @extend .border, .my-3, .rounded;
+  // every (except last) content box should have a border below
+  & > div {
+    @extend .border-bottom, .px-4, .py-2;
+  }
+  & > div:last-child {
+    border-bottom: none !important;
+    @extend .rounded;
+  }
+  /********************************/
+  /* Heading                      */
+  /********************************/
+  h3 {
+    // dark heading per key
+    position: relative; // stretched link inside
+    justify-content: space-between;
+    display: flex;
+    @extend .rounded-top, .text-light, .bg-dark, .p-2;
+    margin-bottom: 0;
+    a {
+      @extend .text-light, .stretched-link;
+    }
+  }
+  /********************************/
+  /* Fingerprint                  */
+  /********************************/
+  .wireguardkey-fingerprint {
+    @extend .bg-light;
+  }
+  .wireguardkey-fingerprint-title {
+    @extend .text-muted, .mb-1;
+    i, svg {
+      @extend .mr-1;
+    }
+  }
+  .wireguardkey-fingerprint-hash {
+    @extend .input-group, .mb-2;
+    input {
+      @extend .form-control, .bg-white;
+      font-family: monospace;
+    }
+    input + div {
+      @extend .input-group-append;
+      span { 
+        @extend .input-group-text;
+      }
+    }
+  }
+}
--- a/app/keys_home/templates/keys_home/base.html
+++ b/app/keys_home/templates/keys_home/base.html
@@ -51,6 +51,11 @@
              <i class="fas fa-network-wired"></i> PKI
            </a>
          </li>
+          <li>
+            <a href="{% url 'wireguard-list' %}">
+              <i class="fas fa-dragon"></i> Wireguard
+            </a>
+          </li>
          {% if request.user.is_anonymous %}
          <li class="navbar-login">
            <a href="{% url 'login' %}">

--- a/app/keys_home/templates/keys_home/home.html
+++ b/app/keys_home/templates/keys_home/home.html
@@ -16,6 +16,10 @@
        <i class="fas fa-network-wired mb-2"></i><br />
        CAs and Certificates
    </a></h3></li>
+    <li><h3><a href="{% url 'wireguard-list' %}">
+        <i class="fas fa-dragon mb-2"></i><br />
+        Wireguard
+    </a></h3></li>
 </ul>
 {% endblock %}
--- a/app/wireguard/__init__.py
+++ b/app/wireguard/__init__.py
--- a/app/wireguard/admin.py
+++ b/app/wireguard/admin.py
+from django.contrib import admin
+from guardian.admin import GuardedModelAdmin
+from . import models
+class WireguardPublicKeyAdmin(GuardedModelAdmin):
+    pass
+admin.site.register(models.WireguardPublicKey, WireguardPublicKeyAdmin)
--- a/app/wireguard/apps.py
+++ b/app/wireguard/apps.py
+from django.apps import AppConfig
+class WireguardConfig(AppConfig):
+    name = 'wireguard'
--- a/app/wireguard/forms.py
+++ b/app/wireguard/forms.py
+from django import forms
+from django.core.exceptions import ValidationError
+class PublicKeyCreateForm(forms.Form):
+    interface = forms.CharField(max_length=128)
+    key = forms.CharField(max_length=128)
+    public = forms.BooleanField(required=False)
--- a/app/wireguard/migrations/0001_initial.py
+++ b/app/wireguard/migrations/0001_initial.py
+# Generated by Django 3.1.14 on 2022-06-10 08:28
+from django.db import migrations, models
+class Migration(migrations.Migration):
+    initial = True
+    dependencies = [
+    ]
+    operations = [
+        migrations.CreateModel(
+            name='WireguardPublicKey',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('interface', models.CharField(max_length=128)),
+                ('key', models.CharField(max_length=128)),
+                ('created', models.DateTimeField(auto_now_add=True)),
+            ],
+        ),
+    ]
--- a/app/wireguard/migrations/__init__.py
+++ b/app/wireguard/migrations/__init__.py
--- a/app/wireguard/models.py
+++ b/app/wireguard/models.py
+from django.db import models
+class WireguardPublicKey(models.Model):
+    interface = models.CharField(max_length=128)
+    key = models.CharField(max_length=128)
+    created = models.DateTimeField(auto_now_add=True)
+    def __str__(self):
+        return f"{self.interface}"
--- a/app/wireguard/templates/wireguard/wireguardpublickey_create.html
+++ b/app/wireguard/templates/wireguard/wireguardpublickey_create.html
+{% extends 'keys_home/base.html' %}
+{% load crispy_forms_tags %}
+{% block content %}
+<nav class="nav-breadcrumb" aria-label="breadcrumb">
+<ol>
+  <li><a href="{% url 'home' %}">Home</a></li>
+  <li><a href="{% url 'wireguard-list' %}">Wireguard Keys</a></li>
+  <li aria-current="page">
+    <a href="{% url 'wireguard-create' %}">Add</a>
+  </li>
+</ol>
+</nav>
+<h2>Add Wireguard Public Key</h2>
+<form action="" method="post">
+  {% csrf_token %}
+  {{ form|crispy }}
+  <button class="btn btn-primary" type="submit">Add public key</button>
+</form>
+{% endblock %}
--- a/app/wireguard/templates/wireguard/wireguardpublickey_item.html
+++ b/app/wireguard/templates/wireguard/wireguardpublickey_item.html
+<li class="wireguardkey-item">
+  <h3>
+    <div>
+        <i class="fas fa-dragon" title="Interface"></i>
+        {{ publickey.interface }}
+      </a>
+    </div>
+  </h3>
+  <div class="wireguardkey-fingerprint">
+    <div class="wireguardkey-fingerprint-title">
+      <i class="fas fa-fingerprint"></i> Public key
+    </div>
+    <div class="wireguardkey-fingerprint-hash">
+      <input title="publickey" type="text" readonly value="{{publickey.key }}" />
+      <div><span>Base64</span></div>
+    </div>
+  </div>
+</li>
--- a/app/wireguard/templates/wireguard/wireguardpublickey_list.html
+++ b/app/wireguard/templates/wireguard/wireguardpublickey_list.html
+{% extends 'keys_home/base.html' %}
+{% block content %}
+<nav class="nav-breadcrumb" aria-label="breadcrumb">
+<ol>
+  <li><a href="{% url 'home' %}">Home</a></li>
+  <li aria-current="page">
+    <a href="{% url 'wireguard-list' %}">Wireguard Keys</a>
+  </li>
+</ol>
+</nav>
+<h2 class="h-control">
+  <div>Wireguard Public Keys</div>
+  {% if perms.wireguard.add_wireguardpublickey %}
+  <a class="btn btn-outline-primary" href="{% url 'wireguard-create' %}">
+    <i class="fas fa-plus"></i>
+  </a>
+  {% endif %}
+</h2>
+{% if wireguardpublickey_list %}
+<ul class="list-unstyled">
+{% for publickey in wireguardpublickey_list %}
+  {% include 'wireguard/wireguardpublickey_item.html' with fingerprint_only=True %}
+{% endfor %}
+</ul>
+{% else %}
+<p>There are not public keys.</p>
+{% endif %}
+{% endblock %}
--- a/app/wireguard/tests.py
+++ b/app/wireguard/tests.py
+from django.test import TestCase
+from django.urls import reverse
+from django.contrib.auth.models import Group
+from guardian.shortcuts import assign_perm
+from . import models
+class WireguardTest(TestCase):
+    """Check keys are listed"""
+    def test_list_public(self):
+        """Check that public keys are listed"""
+        toykey = models.WireguardPublicKey.objects.create(
+            interface="example.com",
+            key="mykey",
+        )
+        any_user = Group.objects.get(name="any-user")
+        assign_perm('view_wireguardpublickey', any_user, toykey)
+        response = self.client.get(
+            reverse('wireguard-list')
+        )
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, toykey.key)
+    def test_list_private(self):
+        """Check that private keys are not listed"""
+        toykey = models.WireguardPublicKey.objects.create(
+            interface="example.com",
+            key="mykey",
+        )
+        response = self.client.get(
+            reverse('wireguard-list')
+        )
+        self.assertEqual(response.status_code, 200)
+        self.assertNotContains(response, toykey.key)
--- a/app/wireguard/urls.py
+++ b/app/wireguard/urls.py
+from django.urls import path
+from . import views
+urlpatterns = [
+    path("", views.PublicKeyListView.as_view(), name="wireguard-list"),
+    path("new", views.publickey_create, name="wireguard-create"),
+]
--- a/app/wireguard/views.py
+++ b/app/wireguard/views.py
+from django.shortcuts import render, reverse
+from django.views.generic import DetailView, ListView, CreateView
+from django.http import HttpResponseRedirect
+from django.contrib.auth.models import Group
+from guardian.mixins import PermissionRequiredMixin, PermissionListMixin
+from guardian.decorators import permission_required
+from guardian.shortcuts import assign_perm
+from . import models
+from . import forms
+class PublicKeyListView(PermissionListMixin, ListView):
+    model = models.WireguardPublicKey
+    permission_required = ['view_wireguardpublickey']
+@permission_required('wireguard.add_wireguardpublickey')
+def publickey_create(request):
+    if request.method == 'POST':
+        form = forms.PublicKeyCreateForm(request.POST)
+        if form.is_valid():
+            pk = models.WireguardPublicKey()
+            pk.interface = form.cleaned_data['interface']
+            pk.key = form.cleaned_data['key']
+            pk.save()
+            assign_perm('view_wireguardpublickey', request.user, pk)
+            assign_perm('change_wireguardpublickey', request.user, pk)
+            if form.cleaned_data['public']:
+                any_user = Group.objects.get(name="any-user")
+                assign_perm('view_wireguardpublickey', any_user, pk)
+            return HttpResponseRedirect(reverse('wireguard-list'))
+    # if a GET (or any other method) we'll create a blank form
+    else:
+        form = forms.PublicKeyCreateForm()
+    return render(request,
+                  'wireguard/wireguardpublickey_create.html',
+                  {'form': form})