Corrections to IP address allocations for clients (#121)

leonovk · web-flow · commit 3507751ccec0 · 2025-01-24T12:32:43.000+03:00
diff --git a/README.md b/README.md
@@ -109,7 +109,7 @@ Example response:
   {
     "id": 15,
     "server_public_key": "server_public_key",
-    "address": "10.8.0.16/24",
+    "address": "10.8.0.16/29",
     "private_key": "private_key",
     "preshared_key": "preshared_key",
     "enable": true,
@@ -139,7 +139,7 @@ Example response:
 {
   "id": 15,
   "server_public_key": "server_public_key",
-  "address": "10.8.0.16/24",
+  "address": "10.8.0.16/29",
   "private_key": "private_key",
   "preshared_key": "preshared_key",
   "enable": true,
diff --git a/app/errors/connection_limit_exceeded_error.rb b/app/errors/connection_limit_exceeded_error.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module Errors
+  class ConnectionLimitExceededError < BaseError # rubocop:disable Style/Documentation
+    def message
+      'The server connection limit has been exceeded.'
+    end
+  end
+end
diff --git a/config/settings/test.yaml b/config/settings/test.yaml
@@ -8,4 +8,4 @@ wg_default_dns: '1.1.1.1'
 wg_persistent_keepalive: 0
 auth_token: '123-Ab'
 webhooks_url: 'https://test.webhooks.com/event'
-connecting_client_limit: '24'
+connecting_client_limit: '29'
diff --git a/lib/wire_guard/client_config_builder.rb b/lib/wire_guard/client_config_builder.rb
@@ -3,39 +3,67 @@
 module WireGuard
   # The class generates a config file for the client
   class ClientConfigBuilder
+    WG_DEFAULT_ADDRESS = IPAddr.new(Settings.wg_default_address.gsub('x', '1'))
+    CONNECTING_CLIENT_LIMIT = Settings.connecting_client_limit.to_i
+
     attr_reader :config
 
     def initialize(configs, params)
       @wg_genkey = KeyGenerator.wg_genkey
-      @wg_pubkey = KeyGenerator.wg_pubkey(@wg_genkey)
-      @wg_genpsk = KeyGenerator.wg_genpsk
       @configs = configs
+      check_availability_of_space!
       @config = build_config(params)
     end
 
     private
 
-    attr_reader :wg_genkey, :wg_pubkey, :wg_genpsk, :configs
+    attr_reader :wg_genkey, :configs
 
     def build_config(params)
       {
-        id: new_last_id,
+        id: configs['last_id'] + 1,
         address: new_last_ip,
         private_key: wg_genkey,
-        public_key: wg_pubkey,
-        preshared_key: wg_genpsk,
+        public_key: KeyGenerator.wg_pubkey(wg_genkey),
+        preshared_key: KeyGenerator.wg_genpsk,
         enable: true,
         data: params
       }
     end
 
-    def new_last_id
-      configs['last_id'] + 1
+    def new_last_ip
+      IPAddr.new(find_current_last_ip.to_i + 1, Socket::AF_INET).to_s
     end
 
-    def new_last_ip
-      current_ip = IPAddr.new(configs['last_address'])
-      IPAddr.new(current_ip.to_i + 1, Socket::AF_INET).to_s
+    def check_availability_of_space!
+      return unless all_ip_addresses.size >= available_addresses_count
+
+      raise Errors::ConnectionLimitExceededError
+    end
+
+    def available_addresses_count
+      (2**(32 - CONNECTING_CLIENT_LIMIT)) - 2
+    end
+
+    def all_ip_addresses
+      @all_ip_addresses ||= begin
+        configs.except('last_id').filter_map do |_id, config|
+          # NOTE: This is necessary in order to maintain backward compatibility
+          # with those who still have the "last_address" field in the config.
+          # In the next versions this needs to be removed along with the `filter_map`.
+          next unless config.is_a?(Hash)
+
+          IPAddr.new(config['address'])
+        end << WG_DEFAULT_ADDRESS
+      end.sort
+    end
+
+    def find_current_last_ip
+      all_ip_addresses.each_with_index do |ip, index|
+        next_ip = all_ip_addresses[index + 1]
+
+        return ip if next_ip.nil? || (next_ip.to_i - ip.to_i) > 1
+      end
     end
   end
 end
diff --git a/lib/wire_guard/server.rb b/lib/wire_guard/server.rb
@@ -5,7 +5,7 @@ module WireGuard
   # Allows you to manage configuration files on the server
   class Server
     WG_JSON_PATH = "#{Settings.wg_path}/wg0.json".freeze
-    WG_DEFAULT_ADDRESS = Settings.wg_default_address
+    WG_DEFAULT_ADDRESS = Settings.wg_default_address.gsub('x', '1')
 
     attr_reader :server_private_key, :server_public_key
 
@@ -26,7 +26,7 @@ def new_config(params)
     def all_configs
       return {} if configs_empty?
 
-      @configs.except('last_id', 'last_address')
+      @configs.except('last_id')
     end
 
     def config(id)
@@ -89,11 +89,10 @@ def create_json_server_config # rubocop:disable Metrics/MethodLength
         server: {
           private_key: @server_private_key,
           public_key: @server_public_key,
-          address: WG_DEFAULT_ADDRESS.gsub('x', '1')
+          address: WG_DEFAULT_ADDRESS
         },
         configs: {
-          last_id: 0,
-          last_address: WG_DEFAULT_ADDRESS.gsub('x', '1')
+          last_id: 0
         }
       }
 
@@ -115,7 +114,6 @@ def dump_wireguard_config
     def update_json_config(config)
       json_config['configs'][config[:id].to_s] = config
       json_config['configs']['last_id'] = config[:id]
-      json_config['configs']['last_address'] = config[:address]
     end
 
     def generate_server_private_key
diff --git a/lib/wire_guard/server_config_updater.rb b/lib/wire_guard/server_config_updater.rb
@@ -29,7 +29,7 @@ def update
       new_config_build = []
       new_config_build << base_config
 
-      json_config['configs'].except('last_id', 'last_address').each_value do |config|
+      json_config['configs'].except('last_id').each_value do |config|
         # NOTE: We simply skip the config and do not add it to the initial configuration,
         # if the 'enable == false'
         next if config['enable'] == false
diff --git a/spec/app/clients_controller_spec.rb b/spec/app/clients_controller_spec.rb
@@ -26,8 +26,7 @@
             address: '10.8.0.1'
           },
           configs: {
-            last_id: 0,
-            last_address: '10.8.0.1'
+            last_id: 0
           }
         }
       end
@@ -63,7 +62,7 @@
           {
             id: 1,
             server_public_key: 'uygGKpQt7gOwrP+bqkiXytafHiM+XqFGc0jtZVJ5bnw=',
-            address: '10.8.0.2/24',
+            address: '10.8.0.2/29',
             private_key: 'MJn6fwoyqG8S6wsrJzWrUow4leZuEM9O8s+G+kcXElU=',
             public_key: 'LiXk4UOfnScgf4UnkcYNcz4wWeqTOW1UrHKRVhZ1OXg=',
             preshared_key: '3UzAMA6mLIGjHOImShNb5tWlkwxsha8LZZP7dm49meQ=',
@@ -81,7 +80,7 @@
           {
             id: 2,
             server_public_key: 'uygGKpQt7gOwrP+bqkiXytafHiM+XqFGc0jtZVJ5bnw=',
-            address: '10.8.0.3/24',
+            address: '10.8.0.3/29',
             private_key: 'aN7ye98FKrmydwfA6tHgHE1PbiidWzUJ9cltnies8F4=',
             public_key: 'hvIyIW2o8JROVKuY2yYFdUn0oA+43aLuT8KCy0YbORE=',
             preshared_key: 'dVW/5kF8wnsx0zAwR4uPIa06btACxpQ/rHBL1B3qPnk=',
@@ -99,7 +98,7 @@
           {
             id: 3,
             server_public_key: 'uygGKpQt7gOwrP+bqkiXytafHiM+XqFGc0jtZVJ5bnw=',
-            address: '10.8.0.4/24',
+            address: '10.8.0.4/29',
             private_key: 'eF3Owsqd5MGAIXjmALGBi8ea8mkFUmAiyh80U3hVXn8=',
             public_key: 'bPKBg66uC1J2hlkE31Of5wnkg+IjowVXgoLcjcLn0js=',
             preshared_key: 'IyVg7fktkSBxJ0uK82j6nlI7Vmo0E53eBmYZ723/45E=',
@@ -135,7 +134,7 @@
         {
           id: 2,
           server_public_key: 'uygGKpQt7gOwrP+bqkiXytafHiM+XqFGc0jtZVJ5bnw=',
-          address: '10.8.0.3/24',
+          address: '10.8.0.3/29',
           private_key: 'aN7ye98FKrmydwfA6tHgHE1PbiidWzUJ9cltnies8F4=',
           public_key: 'hvIyIW2o8JROVKuY2yYFdUn0oA+43aLuT8KCy0YbORE=',
           preshared_key: 'dVW/5kF8wnsx0zAwR4uPIa06btACxpQ/rHBL1B3qPnk=',
@@ -171,7 +170,7 @@
       {
         id: 1,
         server_public_key: 'wg_pubkey',
-        address: '10.8.0.2/24',
+        address: '10.8.0.2/29',
         private_key: 'wg_genkey',
         public_key: 'wg_pubkey',
         preshared_key: 'wg_genpsk',
@@ -195,7 +194,6 @@
         },
         configs: {
           last_id: 1,
-          last_address: '10.8.0.2',
           '1' => {
             id: 1,
             address: '10.8.0.2',
@@ -237,7 +235,6 @@
           },
           configs: {
             last_id: 3,
-            last_address: '10.8.0.4',
             '1' => {
               id: 1,
               address: '10.8.0.2',
@@ -312,7 +309,6 @@
             },
             'configs' => {
               'last_id' => 3,
-              'last_address' => '10.8.0.4',
               '1' => {
                 'id' => 1,
                 'address' => '10.8.0.200',
@@ -351,7 +347,7 @@
           {
             id: 1,
             server_public_key: 'uygGKpQt7gOwrP+bqkiXytafHiM+XqFGc0jtZVJ5bnw=',
-            address: '10.8.0.200/24',
+            address: '10.8.0.200/29',
             private_key: 'a',
             public_key: 'b',
             preshared_key: 'c',
diff --git a/spec/app/clients_serializer_spec.rb b/spec/app/clients_serializer_spec.rb
@@ -35,7 +35,7 @@
       {
         id: 1,
         server_public_key: '4',
-        address: '10.8.0.2/24',
+        address: '10.8.0.2/29',
         private_key: '1',
         public_key: 'LiXk4UOfnScgf4UnkcYNcz4wWeqTOW1UrHKRVhZ1OXg=',
         preshared_key: '3',
@@ -98,7 +98,7 @@
         {
           id: 1,
           server_public_key: '4',
-          address: '10.8.0.2/24',
+          address: '10.8.0.2/29',
           private_key: '1',
           public_key: 'LiXk4UOfnScgf4UnkcYNcz4wWeqTOW1UrHKRVhZ1OXg=',
           preshared_key: '3',
@@ -117,7 +117,7 @@
         {
           id: 2,
           server_public_key: '4',
-          address: '10.8.0.3/24',
+          address: '10.8.0.3/29',
           private_key: '1',
           public_key: 'hvIyIW2o8JROVKuY2yYFdUn0oA+43aLuT8KCy0YbORE=',
           preshared_key: '3',
@@ -136,7 +136,7 @@
         {
           id: 3,
           server_public_key: '4',
-          address: '10.8.0.4/24',
+          address: '10.8.0.4/29',
           private_key: '1',
           public_key: 'bPKBg66uC1J2hlkE31Of5wnkg+IjowVXgoLcjcLn0js=',
           preshared_key: '3',
diff --git a/spec/fixtures/empty_wg0.json b/spec/fixtures/empty_wg0.json
@@ -5,7 +5,6 @@
     "address": "10.8.0.1"
   },
   "configs": {
-    "last_id": 0,
-    "last_address": "10.8.0.1"
+    "last_id": 0
   }
 }
diff --git a/spec/fixtures/wg0.conf b/spec/fixtures/wg0.conf
@@ -4,12 +4,12 @@
 # Server
 [Interface]
 PrivateKey = 6Mlqg+1Umojm7a4VvgIi+YMp4oPrWNnZ5HLRFu4my2w=
-Address = 10.8.0.1/24
+Address = 10.8.0.1/29
 ListenPort = 51820
 PreUp = 
-PostUp = iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE; iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT;
+PostUp = iptables -t nat -A POSTROUTING -s 10.8.0.0/29 -o eth0 -j MASQUERADE; iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT;
 PreDown = 
-PostDown = iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE; iptables -D INPUT -p udp -m udp --dport 51820 -j ACCEPT; iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT;
+PostDown = iptables -t nat -D POSTROUTING -s 10.8.0.0/29 -o eth0 -j MASQUERADE; iptables -D INPUT -p udp -m udp --dport 51820 -j ACCEPT; iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT;
 
 # Client ID: 1
 [Peer]
diff --git a/spec/fixtures/wg0.json b/spec/fixtures/wg0.json
@@ -6,7 +6,6 @@
   },
   "configs": {
     "last_id": 3,
-    "last_address": "10.8.0.4",
     "1": {
       "id": 1,
       "address": "10.8.0.2",
diff --git a/spec/lib/wire_guard/client_config_builder_spec.rb b/spec/lib/wire_guard/client_config_builder_spec.rb
diff --git a/spec/lib/wire_guard/server_spec.rb b/spec/lib/wire_guard/server_spec.rb
diff --git a/spec/requests/application_spec.rb b/spec/requests/application_spec.rb
diff --git a/swagger/swagger.yaml b/swagger/swagger.yaml

Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,6 @@`
`5`	`5`	`"address": "10.8.0.1"`
`6`	`6`	`},`
`7`	`7`	`"configs": {`
`8`		`- "last_id": 0,`
`9`		`- "last_address": "10.8.0.1"`
	`8`	`+ "last_id": 0`
`10`	`9`	`}`
`11`	`10`	`}`