Add limit in how many configurations each user may have. (#47)

* Add limit in how many configurations each user may have. If the option max-number-client-config is more than 0 this number is the maximum number of clients a user can create. The setting only limits creation. If a user had created more configurations before this setting is enforced or lowered the user may user the service as before, just cant create any more configurations. * Fix spelling and fmt as suggested by @luna-duclos * Alert user when limit is reached. When the user tries to create more configurations than are allow an alert will pop up. * Change http status as discussed with @freddd http 400 seems a better fit than 429 as a more generic error.
2026-05-21 22:33:29 +02:00 · 2020-03-20 15:09:01 +01:00
parent 005b2413b7
commit fb5cf90751
2 changed files with 41 additions and 8 deletions
@@ -33,11 +33,12 @@ import (
 var (
 	dataDir = kingpin.Flag("data-dir", "Directory used for storage").Default("/var/lib/wireguard-ui").String()

-	listenAddr     = kingpin.Flag("listen-address", "Address to listen to").Default(":8080").String()
-	natEnabled     = kingpin.Flag("nat", "Whether NAT is enabled or not").Default("true").Bool()
-	natLink        = kingpin.Flag("nat-device", "Network interface to masquerade").Default("wlp2s0").String()
-	clientIPRange  = kingpin.Flag("client-ip-range", "Client IP CIDR").Default("172.31.255.0/24").String()
-	authUserHeader = kingpin.Flag("auth-user-header", "Header containing username").Default("X-Forwarded-User").String()
+	listenAddr            = kingpin.Flag("listen-address", "Address to listen to").Default(":8080").String()
+	natEnabled            = kingpin.Flag("nat", "Whether NAT is enabled or not").Default("true").Bool()
+	natLink               = kingpin.Flag("nat-device", "Network interface to masquerade").Default("wlp2s0").String()
+	clientIPRange         = kingpin.Flag("client-ip-range", "Client IP CIDR").Default("172.31.255.0/24").String()
+	authUserHeader        = kingpin.Flag("auth-user-header", "Header containing username").Default("X-Forwarded-User").String()
+	maxNumberClientConfig = kingpin.Flag("max-number-client-config", "Max number of configs an client can use. 0 is unlimited").Default("0").Int()

 	wgLinkName   = kingpin.Flag("wg-device-name", "WireGuard network device name").Default("wg0").String()
 	wgListenPort = kingpin.Flag("wg-listen-port", "WireGuard UDP port to listen to").Default("51820").Int()
@@ -592,6 +593,28 @@ func (s *Server) CreateClient(w http.ResponseWriter, r *http.Request, ps httprou
 	c := s.Config.GetUserConfig(user)
 	log.Debugf("user config: %#v", c)

+	if *maxNumberClientConfig > 0 {
+		if len(c.Clients) >= *maxNumberClientConfig {
+			log.Error(fmt.Errorf("user %q have too many configs", c.Name))
+
+			e := struct {
+				Error string
+			}{
+				Error: "Max number of configs: " + strconv.Itoa(*maxNumberClientConfig),
+			}
+
+			j, err := json.Marshal(e)
+			if err != nil {
+				log.Error(err)
+				return
+			}
+
+			w.WriteHeader(http.StatusBadRequest)
+			fmt.Fprintf(w, string(j))
+			return
+		}
+	}
+
 	i := 0
 	for k := range c.Clients {
 		n, err := strconv.Atoi(k)