From 2e17ce8ca150bca46dfd441f88c61dde32a55086 Mon Sep 17 00:00:00 2001 From: Myzel394 <50424412+Myzel394@users.noreply.github.com> Date: Thu, 15 Aug 2024 22:44:34 +0200 Subject: [PATCH] fix(wireguard): Improvements --- doc-values/value-documentation.go | 28 +++ handlers/wireguard/documentation-fields.go | 202 +++++++++--------- handlers/wireguard/parser_completions_test.go | 4 +- handlers/wireguard/wg-section.go | 42 +--- utils/common.go | 10 + 5 files changed, 155 insertions(+), 131 deletions(-) create mode 100644 doc-values/value-documentation.go diff --git a/doc-values/value-documentation.go b/doc-values/value-documentation.go new file mode 100644 index 0000000..7666356 --- /dev/null +++ b/doc-values/value-documentation.go @@ -0,0 +1,28 @@ +package docvalues + +import ( + "strings" + + protocol "github.com/tliron/glsp/protocol_3_16" +) + +type DocumentationValue struct { + Documentation string + Value Value +} + +func (v DocumentationValue) GetTypeDescription() []string { + return v.Value.GetTypeDescription() +} + +func (v DocumentationValue) CheckIsValid(value string) []*InvalidValue { + return v.Value.CheckIsValid(value) +} + +func (v DocumentationValue) FetchCompletions(line string, cursor uint32) []protocol.CompletionItem { + return v.Value.FetchCompletions(line, cursor) +} + +func (v DocumentationValue) FetchHoverInfo(line string, cursor uint32) []string { + return strings.Split(v.Documentation, "\n") +} diff --git a/handlers/wireguard/documentation-fields.go b/handlers/wireguard/documentation-fields.go index e8000f2..4ef1081 100644 --- a/handlers/wireguard/documentation-fields.go +++ b/handlers/wireguard/documentation-fields.go @@ -25,10 +25,9 @@ var maxPortValue = 65535 var minMTUValue = 68 var maxMTUValue = 1500 -var interfaceOptions map[docvalues.EnumString]docvalues.Value = map[docvalues.EnumString]docvalues.Value{ - docvalues.CreateEnumStringWithDoc( - "Address", - `Defines what address range the local node should route traffic for. Depending on whether the node is a simple client joining the VPN subnet, or a bounce server that's relaying traffic between multiple clients, this can be set to a single IP of the node itself (specified with CIDR notation), e.g. 192.0.2.3/32), or a range of IPv4/IPv6 subnets that the node can route traffic for. +var interfaceOptions = map[string]docvalues.DocumentationValue{ + "Address": { + Documentation: `Defines what address range the local node should route traffic for. Depending on whether the node is a simple client joining the VPN subnet, or a bounce server that's relaying traffic between multiple clients, this can be set to a single IP of the node itself (specified with CIDR notation), e.g. 192.0.2.3/32), or a range of IPv4/IPv6 subnets that the node can route traffic for. ## Examples Node is a client that only routes traffic for itself @@ -44,13 +43,13 @@ You can also specify multiple subnets or IPv6 subnets like so: Address = 192.0.2.1/24,2001:DB8::/64 `, - ): docvalues.IPAddressValue{ - AllowIPv4: true, - AllowIPv6: true, + Value: docvalues.IPAddressValue{ + AllowIPv4: true, + AllowIPv6: true, + }, }, - docvalues.CreateEnumStringWithDoc( - "ListenPort", - `When the node is acting as a public bounce server, it should hardcode a port to listen for incoming VPN connections from the public internet. Clients not acting as relays should not set this value. + "ListenPort": { + Documentation: `When the node is acting as a public bounce server, it should hardcode a port to listen for incoming VPN connections from the public internet. Clients not acting as relays should not set this value. ## Examples Using default WireGuard port @@ -60,20 +59,21 @@ Using default WireGuard port Using custom WireGuard port ListenPort = 7000 -`): docvalues.NumberValue{ - Min: &minPortValue, - Max: &maxPortValue, +`, + Value: docvalues.NumberValue{ + Min: &minPortValue, + Max: &maxPortValue, + }, }, - docvalues.CreateEnumStringWithDoc( - "PrivateKey", - `This is the private key for the local node, never shared with other servers. All nodes must have a private key set, regardless of whether they are public bounce servers relaying traffic, or simple clients joining the VPN. + "PrivateKey": { + Documentation: `This is the private key for the local node, never shared with other servers. All nodes must have a private key set, regardless of whether they are public bounce servers relaying traffic, or simple clients joining the VPN. This key can be generated with [wg genkey > example.key] `, - ): docvalues.StringValue{}, - docvalues.CreateEnumStringWithDoc( - "DNS", - `The DNS server(s) to announce to VPN clients via DHCP, most clients will use this server for DNS requests over the VPN, but clients can also override this value locally on their nodes + Value: docvalues.StringValue{}, + }, + "DNS": { + Documentation: `The DNS server(s) to announce to VPN clients via DHCP, most clients will use this server for DNS requests over the VPN, but clients can also override this value locally on their nodes The value can be left unconfigured to use the system's default DNS servers @@ -86,18 +86,18 @@ or multiple DNS servers can be provided DNS = 9.9.9.9,1.1.1.1,8.8.8.8 `, - ): docvalues.ArrayValue{ - Separator: ",", - DuplicatesExtractor: &docvalues.SimpleDuplicatesExtractor, - SubValue: docvalues.IPAddressValue{ - AllowIPv4: true, - AllowIPv6: true, - AllowRange: false, + Value: docvalues.ArrayValue{ + Separator: ",", + DuplicatesExtractor: &docvalues.SimpleDuplicatesExtractor, + SubValue: docvalues.IPAddressValue{ + AllowIPv4: true, + AllowIPv6: true, + AllowRange: false, + }, }, }, - docvalues.CreateEnumStringWithDoc( - "Table", - `Optionally defines which routing table to use for the WireGuard routes, not necessary to configure for most setups. + "Table": { + Documentation: `Optionally defines which routing table to use for the WireGuard routes, not necessary to configure for most setups. There are two special values: ‘off’ disables the creation of routes altogether, and ‘auto’ (the default) adds routes to the default table and enables special handling of default routes. @@ -106,27 +106,28 @@ https://git.zx2c4.com/WireGuard/about/src/tools/man/wg-quick.8 ## Examples Table = 1234 - `): docvalues.OrValue{ - Values: []docvalues.Value{ - docvalues.EnumValue{ - EnforceValues: false, - Values: []docvalues.EnumString{ - docvalues.CreateEnumStringWithDoc( - "off", - "Disable the creation of routes altogether", - ), - docvalues.CreateEnumStringWithDoc( - "auto", - "Adds routes to the default table and enables special handling of default routes", - ), + `, + Value: docvalues.OrValue{ + Values: []docvalues.Value{ + docvalues.EnumValue{ + EnforceValues: false, + Values: []docvalues.EnumString{ + docvalues.CreateEnumStringWithDoc( + "off", + "Disable the creation of routes altogether", + ), + docvalues.CreateEnumStringWithDoc( + "auto", + "Adds routes to the default table and enables special handling of default routes", + ), + }, }, + docvalues.StringValue{}, }, - docvalues.StringValue{}, }, }, - docvalues.CreateEnumStringWithDoc( - "MTU", - `Optionally defines the maximum transmission unit (MTU, aka packet/frame size) to use when connecting to the peer, not necessary to configure for most setups. + "MTU": { + Documentation: `Optionally defines the maximum transmission unit (MTU, aka packet/frame size) to use when connecting to the peer, not necessary to configure for most setups. The MTU is automatically determined from the endpoint addresses or the system default route, which is usually a sane choice. @@ -135,23 +136,23 @@ https://git.zx2c4.com/WireGuard/about/src/tools/man/wg-quick.8 ## Examples MTU = 1500 - `): docvalues.NumberValue{ - Min: &minMTUValue, - Max: &maxMTUValue, + `, Value: docvalues.NumberValue{ + Min: &minMTUValue, + Max: &maxMTUValue, + }, }, - docvalues.CreateEnumStringWithDoc( - "PreUp", - `Optionally run a command before the interface is brought up. This option can be specified multiple times, with commands executed in the order they appear in the file. + "PreUp": { + Documentation: `Optionally run a command before the interface is brought up. This option can be specified multiple times, with commands executed in the order they appear in the file. ## Examples Add an IP route PreUp = ip rule add ipproto tcp dport 22 table 1234 - `): docvalues.StringValue{}, - docvalues.CreateEnumStringWithDoc( - "PostUp", - `Optionally run a command after the interface is brought up. This option can appear multiple times, as with PreUp + `, Value: docvalues.StringValue{}, + }, + "PostUp": { + Documentation: `Optionally run a command after the interface is brought up. This option can appear multiple times, as with PreUp ## Examples Read in a config value from a file or some command's output @@ -177,10 +178,11 @@ Add an iptables rule to enable packet forwarding on the WireGuard interface Force WireGuard to re-resolve IP address for peer domain PostUp = resolvectl domain %i "~."; resolvectl dns %i 192.0.2.1; resolvectl dnssec %i yes - `): docvalues.StringValue{}, - docvalues.CreateEnumStringWithDoc( - "PreDown", - `Optionally run a command before the interface is brought down. This option can appear multiple times, as with PreUp + `, + Value: docvalues.StringValue{}, + }, + "PreDown": { + Documentation: `Optionally run a command before the interface is brought down. This option can appear multiple times, as with PreUp ## Examples Log a line to a file @@ -190,10 +192,11 @@ Log a line to a file Hit a webhook on another server PostDown = curl https://events.example.dev/wireguard/stopping/?key=abcdefg - `): docvalues.StringValue{}, - docvalues.CreateEnumStringWithDoc( - "PostDown", - `Optionally run a command after the interface is brought down. This option can appear multiple times, as with PreUp + `, + Value: docvalues.StringValue{}, + }, + "PostDown": { + Documentation: `Optionally run a command after the interface is brought down. This option can appear multiple times, as with PreUp ## Examples @@ -208,11 +211,13 @@ Hit a webhook on another server Remove the iptables rule that forwards packets on the WireGuard interface PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE - `): docvalues.StringValue{}, - docvalues.CreateEnumStringWithDoc( - "PreSharedKey", - "Optionally defines a pre-shared key for the peer, used to authenticate the connection. This is not necessary, but strongly recommended for security.", - ): docvalues.StringValue{}, + `, + Value: docvalues.StringValue{}, + }, + "PreSharedKey": { + Documentation: "Optionally defines a pre-shared key for the peer, used to authenticate the connection. This is not necessary, but strongly recommended for security.", + Value: docvalues.StringValue{}, + }, } var interfaceAllowedDuplicateFields = map[string]struct{}{ @@ -222,10 +227,9 @@ var interfaceAllowedDuplicateFields = map[string]struct{}{ "PostDown": {}, } -var peerOptions map[docvalues.EnumString]docvalues.Value = map[docvalues.EnumString]docvalues.Value{ - docvalues.CreateEnumStringWithDoc( - "Endpoint", - `Defines the publicly accessible address for a remote peer. This should be left out for peers behind a NAT or peers that don't have a stable publicly accessible IP:PORT pair. Typically, this only needs to be defined on the main bounce server, but it can also be defined on other public nodes with stable IPs like public-server2 in the example config below. +var peerOptions = map[string]docvalues.DocumentationValue{ + "Endpoint": { + Documentation: `Defines the publicly accessible address for a remote peer. This should be left out for peers behind a NAT or peers that don't have a stable publicly accessible IP:PORT pair. Typically, this only needs to be defined on the main bounce server, but it can also be defined on other public nodes with stable IPs like public-server2 in the example config below. ## Examples Endpoint is an IP address @@ -235,10 +239,11 @@ Endpoint is an IP address Endpoint is a hostname/FQDN Endpoint = public-server1.example-vpn.tld:51820 - `): docvalues.StringValue{}, - docvalues.CreateEnumStringWithDoc( - "AllowedIPs", - `This defines the IP ranges for which a peer will route traffic. On simple clients, this is usually a single address (the VPN address of the simple client itself). For bounce servers this will be a range of the IPs or subnets that the relay server is capable of routing traffic for. Multiple IPs and subnets may be specified using comma-separated IPv4 or IPv6 CIDR notation (from a single /32 or /128 address, all the way up to 0.0.0.0/0 and ::/0 to indicate a default route to send all internet and VPN traffic through that peer). This option may be specified multiple times. + `, + Value: docvalues.StringValue{}, + }, + "AllowedIPs": { + Documentation: `This defines the IP ranges for which a peer will route traffic. On simple clients, this is usually a single address (the VPN address of the simple client itself). For bounce servers this will be a range of the IPs or subnets that the relay server is capable of routing traffic for. Multiple IPs and subnets may be specified using comma-separated IPv4 or IPv6 CIDR notation (from a single /32 or /128 address, all the way up to 0.0.0.0/0 and ::/0 to indicate a default route to send all internet and VPN traffic through that peer). This option may be specified multiple times. When deciding how to route a packet, the system chooses the most specific route first, and falls back to broader routes. So for a packet destined to 192.0.2.3, the system would first look for a peer advertising 192.0.2.3/32 specifically, and would fall back to a peer advertising 192.0.2.1/24 or a larger range like 0.0.0.0/0 as a last resort. @@ -264,28 +269,29 @@ Peer is a relay server that routes to itself and all nodes on its local LAN AllowedIPs = 192.0.2.3/32,192.168.1.1/24 `, - ): docvalues.ArrayValue{ - Separator: ",", - DuplicatesExtractor: &docvalues.SimpleDuplicatesExtractor, - SubValue: docvalues.IPAddressValue{ - AllowIPv4: true, - AllowIPv6: true, - AllowRange: true, + Value: docvalues.ArrayValue{ + Separator: ",", + DuplicatesExtractor: &docvalues.SimpleDuplicatesExtractor, + SubValue: docvalues.IPAddressValue{ + AllowIPv4: true, + AllowIPv6: true, + AllowRange: true, + }, }, }, - docvalues.CreateEnumStringWithDoc( - "PublicKey", - `This is the public key for the remote node, shareable with all peers. All nodes must have a public key set, regardless of whether they are public bounce servers relaying traffic, or simple clients joining the VPN. + "PublicKey": { + Documentation: `This is the public key for the remote node, shareable with all peers. All nodes must have a public key set, regardless of whether they are public bounce servers relaying traffic, or simple clients joining the VPN. This key can be generated with wg pubkey < example.key > example.key.pub. (see above for how to generate the private key example.key) ## Examples PublicKey = somePublicKeyAbcdAbcdAbcdAbcd= - `): docvalues.StringValue{}, - docvalues.CreateEnumStringWithDoc( - "PersistentKeepalive", - `If the connection is going from a NAT-ed peer to a public peer, the node behind the NAT must regularly send an outgoing ping in order to keep the bidirectional connection alive in the NAT router's connection table. + `, + Value: docvalues.StringValue{}, + }, + "PersistentKeepalive": { + Documentation: `If the connection is going from a NAT-ed peer to a public peer, the node behind the NAT must regularly send an outgoing ping in order to keep the bidirectional connection alive in the NAT router's connection table. ## Examples @@ -300,11 +306,13 @@ Local public node to remote NAT-ed node Oocal NAT-ed node to remote public node PersistentKeepalive = 25 this will send a ping to every 25 seconds keeping the connection open in the local NAT router's connection table. -`): docvalues.PositiveNumberValue(), - docvalues.CreateEnumStringWithDoc( - "PreSharedKey", - "Optionally defines a pre-shared key for the peer, used to authenticate the connection. This is not necessary, but strongly recommended for security.", - ): docvalues.StringValue{}, +`, + Value: docvalues.PositiveNumberValue(), + }, + "PreSharedKey": { + Documentation: "Optionally defines a pre-shared key for the peer, used to authenticate the connection. This is not necessary, but strongly recommended for security.", + Value: docvalues.StringValue{}, + }, } var peerAllowedDuplicateFields = map[string]struct{}{} diff --git a/handlers/wireguard/parser_completions_test.go b/handlers/wireguard/parser_completions_test.go index df842c4..ca3e9e0 100644 --- a/handlers/wireguard/parser_completions_test.go +++ b/handlers/wireguard/parser_completions_test.go @@ -117,8 +117,8 @@ DNS t.Fatalf("getCompletionsForPropertyLine: Expected 1 completion, but got %v", len(completions)) } - if *completions[0].InsertText != " = " { - t.Fatalf("getCompletionsForPropertyLine: Expected completion to be ' = ', but got '%v'", completions[0].Label) + if *completions[0].InsertText != "DNS = " { + t.Fatalf("getCompletionsForPropertyLine: Expected completion to be 'DNS = ', but got '%v'", completions[0].Label) } } diff --git a/handlers/wireguard/wg-section.go b/handlers/wireguard/wg-section.go index b7a4438..4eb8c68 100644 --- a/handlers/wireguard/wg-section.go +++ b/handlers/wireguard/wg-section.go @@ -57,7 +57,7 @@ func (s wireguardSection) getCompletionsForEmptyLine() ([]protocol.CompletionIte return nil, nil } - options := make(map[docvalues.EnumString]docvalues.Value) + options := make(map[string]docvalues.DocumentationValue) switch *s.Name { case "Interface": @@ -69,13 +69,7 @@ func (s wireguardSection) getCompletionsForEmptyLine() ([]protocol.CompletionIte continue } - // Remove the option from the available options - maps.DeleteFunc( - options, - func(key docvalues.EnumString, value docvalues.Value) bool { - return key.DescriptionText == property.Key.Name - }, - ) + delete(options, property.Key.Name) } case "Peer": maps.Copy(options, peerOptions) @@ -86,13 +80,7 @@ func (s wireguardSection) getCompletionsForEmptyLine() ([]protocol.CompletionIte continue } - // Remove the option from the available options - maps.DeleteFunc( - options, - func(key docvalues.EnumString, value docvalues.Value) bool { - return key.DescriptionText == property.Key.Name - }, - ) + delete(options, property.Key.Name) } } @@ -100,14 +88,14 @@ func (s wireguardSection) getCompletionsForEmptyLine() ([]protocol.CompletionIte return utils.MapMapToSlice( options, - func(key docvalues.EnumString, value docvalues.Value) protocol.CompletionItem { - insertText := key.InsertText + " = " + func(optionName string, value docvalues.DocumentationValue) protocol.CompletionItem { + insertText := optionName + " = " return protocol.CompletionItem{ - Label: key.InsertText, - InsertText: &insertText, - Documentation: key.Documentation, Kind: &kind, + Documentation: value.Documentation, + Label: optionName, + InsertText: &insertText, } }, ), nil @@ -151,19 +139,9 @@ func (p wireguardSection) getCompletionsForPropertyLine( switch *p.Name { case "Interface": - for enum, opt := range interfaceOptions { - if enum.InsertText == property.Key.Name { - option = opt - break - } - } + option = interfaceOptions[property.Key.Name] case "Peer": - for enum, opt := range peerOptions { - if enum.InsertText == property.Key.Name { - option = opt - break - } - } + option = peerOptions[property.Key.Name] } if option == nil { diff --git a/utils/common.go b/utils/common.go index e972a0b..d5f7642 100644 --- a/utils/common.go +++ b/utils/common.go @@ -128,6 +128,16 @@ func KeysOfMap[T comparable, O any](values map[T]O) []T { return keys } +func ValuesOfMap[T comparable, O any](values map[T]O) []O { + keys := make([]O, 0) + + for _, value := range values { + keys = append(keys, value) + } + + return keys +} + func DoesPathExist(path string) bool { _, err := os.Stat(path)