feat(wireguard): WIREGUARD_ALLOWED_IPS variable (#1291)

2023-07-06 10:08:59 +03:00
parent 9c0f187a12
commit 919b55c3aa
11 changed files with 225 additions and 69 deletions
--- a/internal/provider/utils/wireguard.go
+++ b/internal/provider/utils/wireguard.go
@@ -32,5 +32,13 @@ func BuildWireguardSettings(connection models.Connection,
 		settings.Addresses = append(settings.Addresses, addressCopy)
 	}

+	settings.AllowedIPs = make([]netip.Prefix, 0, len(userSettings.AllowedIPs))
+	for _, allowedIP := range userSettings.AllowedIPs {
+		if !ipv6Supported && allowedIP.Addr().Is6() {
+			continue
+		}
+		settings.AllowedIPs = append(settings.AllowedIPs, allowedIP)
+	}
+
 	return settings
 }
--- a/internal/provider/utils/wireguard_test.go
+++ b/internal/provider/utils/wireguard_test.go
@@ -34,6 +34,10 @@ func Test_BuildWireguardSettings(t *testing.T) {
 					netip.PrefixFrom(netip.AddrFrom4([4]byte{1, 1, 1, 1}), 32),
 					netip.PrefixFrom(netip.AddrFrom16([16]byte{}), 32),
 				},
+				AllowedIPs: []netip.Prefix{
+					netip.PrefixFrom(netip.AddrFrom4([4]byte{2, 2, 2, 2}), 32),
+					netip.PrefixFrom(netip.AddrFrom16([16]byte{}), 32),
+				},
 				Interface: "wg1",
 			},
 			ipv6Supported: false,
@@ -46,6 +50,9 @@ func Test_BuildWireguardSettings(t *testing.T) {
 				Addresses: []netip.Prefix{
 					netip.PrefixFrom(netip.AddrFrom4([4]byte{1, 1, 1, 1}), 32),
 				},
+				AllowedIPs: []netip.Prefix{
+					netip.PrefixFrom(netip.AddrFrom4([4]byte{2, 2, 2, 2}), 32),
+				},
 				RulePriority: 101,
 				IPv6:         boolPtr(false),
 			},