Merge pull request #527 from amnezia-vpn/feature/api-awg

added support for awg configs for api

client/android/protocolApi/src/main/kotlin/ProtocolConfig.kt

@@ -128,7 +128,8 @@ open class ProtocolConfig protected constructor(
         }
 
         private fun processExcludedRoutes() {
-            if (Build.VERSION.SDK_INT < Build.VERSION_CODES.TIRAMISU) {
+            if (Build.VERSION.SDK_INT < Build.VERSION_CODES.TIRAMISU && excludedRoutes.isNotEmpty()) {
+                // todo: rewrite, taking into account the current routes
                 // for older versions of Android, build a list of subnets without excluded routes
                 // and add them to routes
                 val ipRangeSet = IpRangeSet()

client/configurators/wireguard_configurator.h

@@ -31,11 +31,11 @@ public:
     QString processConfigWithLocalSettings(QString config);
     QString processConfigWithExportSettings(QString config);
 
+    static ConnectionData genClientKeys();
+
 private:
     ConnectionData prepareWireguardConfig(const ServerCredentials &credentials, DockerContainer container,
                                           const QJsonObject &containerConfig, ErrorCode *errorCode = nullptr);
-
-    ConnectionData genClientKeys();
     
     bool m_isAwg;
     QString m_serverConfigPath;

client/ui/controllers/apiController.cpp

@@ -5,12 +5,14 @@
 #include <QNetworkReply>
 
 #include "configurators/openvpn_configurator.h"
+#include "configurators/wireguard_configurator.h"
 
 namespace
 {
     namespace configKey
     {
         constexpr char cloak[] = "cloak";
+        constexpr char awg[] = "awg";
 
         constexpr char apiEdnpoint[] = "api_endpoint";
         constexpr char accessToken[] = "api_key";
@@ -26,33 +28,42 @@ ApiController::ApiController(const QSharedPointer<ServersModel> &serversModel,
 {
 }
 
-QString ApiController::genPublicKey(const QString &protocol)
+void ApiController::processCloudConfig(const QString &protocol, const ApiController::ApiPayloadData &apiPayloadData, QString &config)
-{
-    if (protocol == configKey::cloak) {
-        return ".";
-    }
-    return QString();
-}
-
-QString ApiController::genCertificateRequest(const QString &protocol)
-{
-    if (protocol == configKey::cloak) {
-        m_certRequest = OpenVpnConfigurator::createCertRequest();
-        return m_certRequest.request;
-    }
-    return QString();
-}
-
-void ApiController::processCloudConfig(const QString &protocol, QString &config)
 {
     if (protocol == configKey::cloak) {
         config.replace("<key>", "<key>\n");
-        config.replace("$OPENVPN_PRIV_KEY", m_certRequest.privKey);
+        config.replace("$OPENVPN_PRIV_KEY", apiPayloadData.certRequest.privKey);
         return;
+    } else if (protocol == configKey::awg) {
+        config.replace("$WIREGUARD_CLIENT_PRIVATE_KEY", apiPayloadData.wireGuardClientPrivKey);
     }
     return;
 }
 
+ApiController::ApiPayloadData ApiController::generateApiPayloadData(const QString &protocol)
+{
+    ApiController::ApiPayloadData apiPayload;
+    if (protocol == configKey::cloak) {
+        apiPayload.certRequest = OpenVpnConfigurator::createCertRequest();
+    } else if (protocol == configKey::awg) {
+        auto connData = WireguardConfigurator::genClientKeys();
+        apiPayload.wireGuardClientPubKey = connData.clientPubKey;
+        apiPayload.wireGuardClientPrivKey = connData.clientPrivKey;
+    }
+    return apiPayload;
+}
+
+QJsonObject ApiController::fillApiPayload(const QString &protocol, const ApiController::ApiPayloadData &apiPayloadData)
+{
+    QJsonObject obj;
+    if (protocol == configKey::cloak) {
+        obj[configKey::certificate] = apiPayloadData.certRequest.request;
+    } else if (protocol == configKey::awg) {
+        obj[configKey::publicKey] = apiPayloadData.wireGuardClientPubKey;
+    }
+    return obj;
+}
+
 bool ApiController::updateServerConfigFromApi()
 {
     auto serverConfig = m_serversModel->getDefaultServerConfig();
@@ -71,13 +82,9 @@ bool ApiController::updateServerConfigFromApi()
 
         QString protocol = serverConfig.value(configKey::protocol).toString();
 
-        QJsonObject obj;
+        auto apiPayloadData = generateApiPayloadData(protocol);
 
-        obj[configKey::publicKey] = genPublicKey(protocol);
+        QByteArray requestBody = QJsonDocument(fillApiPayload(protocol, apiPayloadData)).toJson();
-        obj[configKey::certificate] = genCertificateRequest(protocol);
-
-        QByteArray requestBody = QJsonDocument(obj).toJson();
-        qDebug() << requestBody;
 
         QScopedPointer<QNetworkReply> reply;
         reply.reset(manager.post(request, requestBody));
@@ -100,7 +107,7 @@ bool ApiController::updateServerConfigFromApi()
             }
 
             QString configStr = ba;
-            processCloudConfig(protocol, configStr);
+            processCloudConfig(protocol, apiPayloadData, configStr);
 
             QJsonObject cloudConfig = QJsonDocument::fromJson(configStr.toUtf8()).object();
 

client/ui/controllers/apiController.h

@@ -22,15 +22,19 @@ signals:
     void errorOccurred(const QString &errorMessage);
 
 private:
-    QString genPublicKey(const QString &protocol);
+    struct ApiPayloadData {
-    QString genCertificateRequest(const QString &protocol);
+        OpenVpnConfigurator::ConnectionData certRequest;
 
-    void processCloudConfig(const QString &protocol, QString &config);
+        QString wireGuardClientPrivKey;
+        QString wireGuardClientPubKey;
+    };
+
+    ApiPayloadData generateApiPayloadData(const QString &protocol);
+    QJsonObject fillApiPayload(const QString &protocol, const ApiController::ApiPayloadData &apiPayloadData);
+    void processCloudConfig(const QString &protocol, const ApiController::ApiPayloadData &apiPayloadData, QString &config);
 
     QSharedPointer<ServersModel> m_serversModel;
     QSharedPointer<ContainersModel> m_containersModel;
-
-    OpenVpnConfigurator::ConnectionData m_certRequest;
 };
 
 #endif // APICONTROLLER_H

client/vpnconnection.cpp

@@ -388,6 +388,25 @@ void VpnConnection::createProtocolConnections()
 
 void VpnConnection::appendSplitTunnelingConfig()
 {
+    if (m_vpnConfiguration.value(config_key::configVersion).toInt()) {
+        auto protocolName = m_vpnConfiguration.value(config_key::vpnproto).toString();
+        if (protocolName == ProtocolProps::protoToString(Proto::Awg)) {
+            auto configData = m_vpnConfiguration.value(protocolName + "_config_data").toObject();
+            QJsonArray allowedIpsJsonArray = QJsonArray::fromStringList(configData.value("allowed_ips").toString().split(","));
+            QJsonArray defaultAllowedIP = QJsonArray::fromStringList(QString("0.0.0.0/0, ::/0").split(","));
+
+            if (allowedIpsJsonArray != defaultAllowedIP) {
+                allowedIpsJsonArray.append(m_vpnConfiguration.value(config_key::dns1).toString());
+                allowedIpsJsonArray.append(m_vpnConfiguration.value(config_key::dns2).toString());
+
+                m_vpnConfiguration.insert(config_key::splitTunnelType, Settings::RouteMode::VpnOnlyForwardSites);
+                m_vpnConfiguration.insert(config_key::splitTunnelSites, allowedIpsJsonArray);
+
+                return;
+            }
+        }
+    }
+
     auto routeMode = m_settings->routeMode();
     auto sites = m_settings->getVpnIps(routeMode);
 
@@ -397,7 +416,7 @@ void VpnConnection::appendSplitTunnelingConfig()
     }
 
     // Allow traffic to Amezia DNS
-    if (routeMode == Settings::VpnOnlyForwardSites){
+    if (routeMode == Settings::VpnOnlyForwardSites) {
         sitesJsonArray.append(m_vpnConfiguration.value(config_key::dns1).toString());
         sitesJsonArray.append(m_vpnConfiguration.value(config_key::dns2).toString());
     }