xtcnet/D3V-Server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
83 commits 1 branch 1 tag 4.1 MiB
Commit graph

22 commits

Author SHA1 Message Date
xtcnet
9b5152d81f feat(security): AES-256-GCM encryption for WireGuard private keys in DB
Some checks failed
Docker Cloud Build / Build & Publish Image (push) Failing after 10m4s
Details 
- Add backend/lib/crypto.js: transparent encrypt/decrypt with DB_ENCRYPTION_KEY env var
- Add migration 20260319000000: idempotent data migration encrypts existing plaintext keys
- Patch wireguard.js: encrypt on write (3 points), decrypt on read (4 points)
- install.sh: auto-generate DB_ENCRYPTION_KEY via openssl, save to .env (chmod 600)
- AI_CONTEXT.md: document crypto.js and DB_ENCRYPTION_KEY requirement
 2026-03-18 23:21:00 +07:00
xtcnet
6c3122d03d feat(wg-public): add file manager UI with upload, rename, delete 
- Add File Manager card above REST API Documentation on /wg-public page
  with table showing name, size, modified date and action buttons
- Upload: file picker button, enforces storage quota
- Rename: inline editable row (Enter to confirm, Escape to cancel)
- Delete: with confirmation dialog
- Download: opens decrypted file in new tab
- Add renameFile() method to wireguard-fs.js (fs.rename, no re-encryption)
- Add PATCH /api/wg-public/files/:filename endpoint for rename
- Fix bug: saveEncryptedFile -> uploadFile in wg_public.js
- Fix bug: getDecryptedFileStream + pipe -> downloadFile in wg_public.js
- Add Rename curl example to REST API Documentation section

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-17 21:57:49 +07:00
xtcnet
5d65eafc65 fix: allow client-to-client traffic when isolation is disabled 
The wg+ wildcard in the server isolation DROP rule was also matching
same-interface traffic (wg0->wg0), blocking clients from pinging each
other even with Client Isolation turned off.

Fix: always insert an explicit same-interface ACCEPT (or REJECT if
isolated) rule AFTER the wg+ DROP, so it lands at position 1 in the
chain and is evaluated before the DROP.

Also update syncIptablesRules to apply the ACCEPT rule (not just remove
the REJECT) when isolation is toggled off at runtime.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-17 20:14:33 +07:00
xtcnet
fd8baf878c fix: apply client isolation iptables rules immediately on config save 
wg syncconf does not execute PostUp/PostDown, so toggling isolate_clients
had no effect until container restart. Add syncIptablesRules() to directly
apply/remove the REJECT rule after every syncconf call.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-17 20:02:53 +07:00
xtcnet
090894021a Refactor: Standardize units to GB/MB, fix Dashboard live traffic aggregation, and optimize WireGuard client layout with expanded actions. 2026-03-10 19:02:44 +07:00
xtcnet
b77da8e6de feat(wireguard): massive scale extensions for Quotas, Web Dashboards, Connection Logs, and Zero-Auth Public VPN file portals 2026-03-10 13:09:51 +07:00
xtcnet
66dc95bc6b fix(wireguard): resolve 500 parse failure on encrypted file upload stream memory buffers 2026-03-10 11:53:20 +07:00
xtcnet
bd04298843 feat(wireguard): add isolated encrypted file manager per wg client, drop sql editor 2026-03-10 11:40:19 +07:00
xtcnet
e057aee8ba feat(wireguard): harden security constraints and fix db manager UI 2026-03-10 11:25:40 +07:00
xtcnet
b99b623355 feat(database): add native SQLite database manager and fix wireguard admin visibility 2026-03-10 10:58:08 +07:00
xtcnet
3f0d529d14 fix(wireguard): isolate user data by owner_user_id 2026-03-10 10:39:46 +07:00
xtcnet
d67081492d fix: map interfaceId to WireGuard client response 2026-03-08 20:55:47 +07:00
xtcnet
497482aef3 fix: WireGuard client filter, feat: system monitor storage and total ram 2026-03-08 20:49:00 +07:00
xtcnet
e48fef3154 feat: real-time system monitor in footer 2026-03-08 20:35:06 +07:00
xtcnet
34020bc562 feat: custom Stream port manager UI and WireGuard config Zip download API 2026-03-08 15:50:25 +07:00
xtcnet
ec55362d15 feat: fix audit log display, add dashboard counts, restructure WireGuard page, add translations 2026-03-08 14:17:18 +07:00
xtcnet
f9d687c131 fix: resolve multi-server iptables bridging and hook audit logging 2026-03-08 10:58:19 +07:00
xtcnet
dd8dd605f1 fix: resolve 500 error on server creation due to ipv6_cidr schema violation 2026-03-08 10:45:19 +07:00
xtcnet
3960d6025f fix: resolve 404 on server creation and 500 on client creation and reposition buttons to tables 2026-03-08 10:39:17 +07:00
xtcnet
36acc3ea65 fix: resolve WireGuard server tab crash and enforce client creation server prerequisite 2026-03-08 09:47:20 +07:00
xtcnet
54d1623551 feat: implement wireguard multi-server UI and backend logic 2026-03-08 09:33:24 +07:00
xtcnet
0397a67ae8 Initial commit for D3V-NPMWG 2026-03-07 20:49:44 +07:00