From 6ca685457fa1267f3b736b26a8aeefd0b165a1bc Mon Sep 17 00:00:00 2001
From: "R. Christian McDonald" <rcmcdonald91@gmail.com>
Date: Thu, 10 Jun 2021 14:06:34 -0400
Subject: [PATCH] Devel (#111)

* back merge main onto devel (#94)

* Update main to latest (#77)

* Updated pkg-plist

* Makefile fix

* Experimenting with wireguard service

* Update README.md

Co-authored-by: vajonam <152501+vajonam@users.noreply.github.com>
Co-authored-by: Manojav Sridhar <manojav@manojav.com>

* docs: add theonemcdonald as a contributor (#84)

* docs: update README.md [skip ci]

* docs: create .all-contributorsrc [skip ci]

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>

* Update README.md

* Update README.md

* Update .all-contributorsrc

* Update .all-contributorsrc

* Update README.md

* Update README.md

* Update Makefile

* Cleanup

* Cleanup

* Clean upload of v0.1.2

* Create FUNDING.yml

* Add files via upload

Co-authored-by: vajonam <152501+vajonam@users.noreply.github.com>
Co-authored-by: Manojav Sridhar <manojav@manojav.com>
Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>

* Clean ups

* Syntax

* Updated README

* Improve input error clarity

* Syntax

* More syntax

* Fix missing address, allowedip fields after tunnel or peer input errors

* Reorganized peer post validation

* Reorder all input errors to be consistent with UI order

* Fix input being flushed on peer validation error

* Fix

* Test

* Fix #98

* Also Fix #98

* v0.1.3 will be reserved for the next PR with Netgate

* Further fixes #98

* More fixes for #98...

* Removed exit() while working on #98

* Refactor wg_generate_tunnel_address_popover_link for readability

* Working on guiconfig cleaning

* Should fix #99

* Fix variable #99

* Fix re-saving unchanged tunnel or peer

* Fix broke status icon

* Back out some boiler plate code

* Relocate pf reload trigger on tunnel sync

* Test

* Fixes some php errors on newer PHP versions

* this has to be absolute apparently

* Can't redeclare this

* wg_clamp_key and wg_is_key_clamped functions

* wg_gen_publickey now detects if a privkey was clamped or not

* fix wg_gen_keypair to correctly consume new gen_publickey

* Bump net/wireguard-kmod to 0.0.20210606

* Fix some logic in new functioons

* syntax

* Clamp private keys on UI

* Don't block unclamped private keys in the UI

* Validate pre-shared key

* Missed a call that needs tweaking

* Slight cleanup

* Candidate 0.1.3 build for Netgate PR

* Small bump

* Tweak subsystem names

* Testing

* Add some comments to .conf files for the curious

* Add some useful debug bits to .conf files

* Testing extra services restart on apply

* We are now going to restart extra services (currently dpinger and unbound) on config apply (in addition to service restart)

* Bump v0.1.2_5

* Enable data-sortable on relevant tables

* Missed a table

* Peers should become unassigned when their tunnel is deleted

* allowedips needs to be an array even when empty

* Implement package apply conf on tunnels_edit.php

* Tweaks to form post handling

* Syntax

* Private and PSKs are now hidden by default

* Syntax

* sortable tables doesn't play nicely with popovers, will revisit in the future

* Slight UI tweaks

* syntax

* Improve sync logic

* Test

* Testing

* Implement conf file downloads from UI

* Fixed incorrect tunnel name variable

* Bump 0.1.2_6

* Testing

* fix plist

* Add timestamp to conf download

* Typo

* "

Co-authored-by: vajonam <152501+vajonam@users.noreply.github.com>
Co-authored-by: Manojav Sridhar <manojav@manojav.com>
Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
---
 net/pfSense-pkg-WireGuard/Makefile            |  3 +-
 .../files/usr/local/pkg/wireguard/wg.inc      | 37 ++++++++++++++++++-
 .../files/usr/local/pkg/wireguard/wg_api.inc  | 26 ++++++++-----
 .../files/usr/local/www/wg/vpn_wg_tunnels.php |  4 +-
 net/pfSense-pkg-WireGuard/pkg-plist           |  2 +-
 5 files changed, 57 insertions(+), 15 deletions(-)

diff --git a/net/pfSense-pkg-WireGuard/Makefile b/net/pfSense-pkg-WireGuard/Makefile
index 092a9ba9..18f19384 100644
--- a/net/pfSense-pkg-WireGuard/Makefile
+++ b/net/pfSense-pkg-WireGuard/Makefile
@@ -1,6 +1,5 @@
 PORTNAME=	pfSense-pkg-WireGuard
-PORTVERSION=	0.1.2
-PORTREVISION=	6
+PORTVERSION=	0.1.3
 CATEGORIES=	net
 MASTER_SITES=	# empty
 DISTFILES=	# empty
diff --git a/net/pfSense-pkg-WireGuard/files/usr/local/pkg/wireguard/wg.inc b/net/pfSense-pkg-WireGuard/files/usr/local/pkg/wireguard/wg.inc
index e6e0009c..2617b62e 100644
--- a/net/pfSense-pkg-WireGuard/files/usr/local/pkg/wireguard/wg.inc
+++ b/net/pfSense-pkg-WireGuard/files/usr/local/pkg/wireguard/wg.inc
@@ -228,6 +228,9 @@ function wg_delete_tunnel($tunnel_name) {
 
 			// Sync with configuration backend
 			write_config("[{$wgg['pkg_name']}] Tunnel {$tunnel['name']} deleted.");
+			
+			// Mark any peers as unassigned
+			wg_tunnel_unassign_peers($tunnel['name']);
 
 			// We've got meaningful changes...
 			$changes = true;
@@ -243,6 +246,32 @@ function wg_delete_tunnel($tunnel_name) {
 
 }
 
+function wg_tunnel_unassign_peers($tunnel_name) {
+	global $wgg;
+
+	wg_globals();
+
+	if (isset($wgg['peers']) && is_array($wgg['peers'])) {
+
+		$peers = $wgg['peers'];
+
+		foreach ($peers as $peer_idx => $peer) {
+
+			if ($peer['tun'] == $tunnel_name) {
+
+				$wgg['peers'][$peer_idx]['tun'] = 'unassigned';
+
+			}
+
+		}
+
+		// Sync with configuration backend
+		write_config("[{$wgg['pkg_name']}] Tunnel {$tunnel_name} peers unassigned.");
+
+	}
+
+}
+
 /*
  * This transforms a raw peer post consisting of repeatables 
  */
@@ -1018,11 +1047,17 @@ function wg_download_tunnel($tunnel_name, $failure_redirect) {
 	// Make sure conf files are current
 	wg_resync();
 
+	$now = new DateTimeImmutable();
+
+	$stamp = $now->format('YmdHis');
+
 	$conf_path = "{$wgg['conf_path']}/{$tunnel_name}.conf";
 
+	$name = "tunnel-{$tunnel_name}-{$stamp}.conf";
+
 	if (file_exists($conf_path)) {
 
-		send_user_download('file', $conf_path);
+		send_user_download('file', $conf_path, $name);
 
 	}
 
diff --git a/net/pfSense-pkg-WireGuard/files/usr/local/pkg/wireguard/wg_api.inc b/net/pfSense-pkg-WireGuard/files/usr/local/pkg/wireguard/wg_api.inc
index 90ea65ea..0a0d14be 100644
--- a/net/pfSense-pkg-WireGuard/files/usr/local/pkg/wireguard/wg_api.inc
+++ b/net/pfSense-pkg-WireGuard/files/usr/local/pkg/wireguard/wg_api.inc
@@ -130,11 +130,15 @@ function wg_status_json($pretty = false) {
 function wg_get_peer_id($public_key, $tunnel_name) {
 	global $wgg;
 
-	foreach ($wgg['peers'] as $peer_id => $peer){
+	if (isset($wgg['peers']) && is_array($wgg['peers'])) {
 
-		if ($public_key == $peer['publickey'] && $tunnel_name = $peer['tun']) {
+		foreach ($wgg['peers'] as $peer_id => $peer){
 
-			return $peer_id;
+			if ($public_key == $peer['publickey'] && $tunnel_name = $peer['tun']) {
+
+				return $peer_id;
+
+			}
 
 		}
 
@@ -732,15 +736,19 @@ function wg_get_tunnel_peers($tunnel_name) {
 
 	if (isset($wgg['tunnels'][$tun_idx])) {
 
-		// Look through array of peers for matching tunnel name
-		foreach ($wgg['peers'] as $peer_idx => $peer) {
+		if (isset($wgg['peers']) && is_array($wgg['peers'])) {
 
-			if ($peer['tun'] == $tunnel_name) {
+			// Look through array of peers for matching tunnel name
+			foreach ($wgg['peers'] as $peer_idx => $peer) {
 
-				// We need the array index for future manipulations
-				$peer['index'] = $peer_idx;
+				if ($peer['tun'] == $tunnel_name) {
 
-				$a_ret[] = $peer;
+					// We need the array index for future manipulations
+					$peer['index'] = $peer_idx;
+
+					$a_ret[] = $peer;
+
+				}
 
 			}
 
diff --git a/net/pfSense-pkg-WireGuard/files/usr/local/www/wg/vpn_wg_tunnels.php b/net/pfSense-pkg-WireGuard/files/usr/local/www/wg/vpn_wg_tunnels.php
index 4e1f329d..f34a035e 100644
--- a/net/pfSense-pkg-WireGuard/files/usr/local/www/wg/vpn_wg_tunnels.php
+++ b/net/pfSense-pkg-WireGuard/files/usr/local/www/wg/vpn_wg_tunnels.php
@@ -99,7 +99,7 @@
 			default:
 
 				// Shouldn't be here, so bail out.
-				header("Location: /wg/vpn_wg_tunnels.php");
+				header('Location: /wg/vpn_wg_tunnels.php');
 
 				break;
 
@@ -198,7 +198,7 @@
 							<a class="fa fa-pencil" title="<?=gettext('Edit Tunnel')?>" href="<?="vpn_wg_tunnels_edit.php?tun={$tunnel['name']}"?>"></a>
 							<a class="fa fa-download" title="<?=gettext('Download Configuration')?>" href="<?="?act=download&tun={$tunnel['name']}"?>" usepost></a>
 							<?=wg_generate_toggle_icon_link($tunnel, 'Click to toggle enabled/disabled status', "?act=toggle&tun={$tunnel['name']}")?>
-							<a class="fa fa-trash text-danger" title="<?=gettext('Delete Yunnel')?>" href="<?="?act=delete&tun={$tunnel['name']}"?>" usepost></a>
+							<a class="fa fa-trash text-danger" title="<?=gettext('Delete Tunnel')?>" href="<?="?act=delete&tun={$tunnel['name']}"?>" usepost></a>
 						</td>
 					</tr>
 
diff --git a/net/pfSense-pkg-WireGuard/pkg-plist b/net/pfSense-pkg-WireGuard/pkg-plist
index 6a9e4a61..5c2449b6 100644
--- a/net/pfSense-pkg-WireGuard/pkg-plist
+++ b/net/pfSense-pkg-WireGuard/pkg-plist
@@ -8,13 +8,13 @@ pkg/wireguard/wg_install.inc
 pkg/wireguard/wg_service.inc
 pkg/wireguard/wg_validate.inc
 www/shortcuts/pkg_wireguard.inc
+www/wg/js/WireGuardHelpers.js
 www/wg/status_wireguard.php
 www/wg/vpn_wg_peers.php
 www/wg/vpn_wg_peers_edit.php
 www/wg/vpn_wg_settings.php
 www/wg/vpn_wg_tunnels.php
 www/wg/vpn_wg_tunnels_edit.php
-www/wg/js/WireGuardHelpers.js
 /etc/inc/priv/wireguard.priv.inc
 %%DATADIR%%/info.xml
 @dir /etc/inc/priv