wireguard-ui icon indicating copy to clipboard operation
wireguard-ui copied to clipboard
verified publisher icon ngoduykhanh

No Login after update

Open mg1067 opened this issue 1 year ago • 7 comments

When I update from version v0.3.7 to version v.0.6.2, I can no longer log in to the web-ui. Is there a solution?

mg1067 avatar Oct 23 '24 15:10 mg1067

I confirm there's an infinite login loop. Here's basic reproduction steps with a Dockerfile.

FROM alpine
SHELL ["/bin/sh", "-exc"]
RUN \
  apk add bash; \
  wget -P /usr/local/bin https://raw.githubusercontent.com/samrocketman/yml-install-files/33f873043002ef1923859046652b284581b988b6/download-utilities.sh; \
  chmod 755 /usr/local/bin/download-utilities.sh
SHELL ["/bin/bash", "-exc"]
RUN /usr/local/bin/download-utilities.sh --download - <<'EOF'
versions:
  wireguard-ui: 0.6.2
checksums:
  wireguard-ui:
    arm64: 362e8554a745d2e3ee205c6ba86220b491b52c861cc05e1e2963f388547c75bc
    amd64: 439e49cc4eacb552bf3c992c884538aedce1bcc29b297a8a8f23cbca2beb7bdc
    arm: 9d8bed77c5252f749a9ea3be8291a2c20093d102a8e1d3ab3c2caf5934cc395a
utility:
  wireguard-ui:
    dest: "${DEST_DIR:-/.}"
    only: '[ "${os}" = linux ] && case "${arch}" in amd64|arm64|arm) true;; *) false;; esac'
    perm: '755'
    os:
      Linux: linux
    arch:
      aarch64: arm64
      armv7: arm
      armv7l: arm
      x86_64: amd64
    download: https://github.com/ngoduykhanh/wireguard-ui/releases/download/v${version}/wireguard-ui-v${version}-${os}-${arch}.tar.gz
    extract: tar -xzC ${dest}/ --no-same-owner ${utility}
    update: |
      owner="$(awk -F/ '{print $4"/"$5}' <<< "${download}")"
      export download=https://github.com/"${owner}"/releases/latest
      eval "${default_download_head}" |
      awk '$1 ~ /[Ll]ocation:/ { gsub(".*/[^0-9.]*", "", $0); print;exit}'
EOF
RUN [ -x /wireguard-ui ]
WORKDIR /
CMD ["/bin/bash", "-exo", "pipefail", "-c", "ensure() { [ -d \"$1\" ] || mkdir -p \"$1\"; }; ensure /etc/wireguard; ensure db; exec /wireguard-ui -bind-address 0.0.0.0:8080"]

And then build and run.

docker build -t wg-ui .
docker run -p 127.0.0.1:8080:8080 --name wg-ui -d wg-ui

Visit http://127.0.0.1 and log in with admin/admin. There's definitely a "Successfully logged in" message but it loops back to login screen.

samrocketman avatar May 05 '25 14:05 samrocketman

I built from the latest master and login works. @ngoduykhanh can you cut another release?

There's an infinite login loop from both docker distribution and github releases binary.

samrocketman avatar May 05 '25 15:05 samrocketman

For now, I'm going to use the following Dockerfile which includes patching function. There's a few "makes sense" pull requests that I want to include in my application. I'll share it here for those who want it.

Dockerfile

FROM golang:1.21-alpine3.19 AS builder
SHELL ["/bin/sh", "-exc"]
ENV APP_VERSION=wg-ui-homeassistant
ENV GIT_REPO=https://github.com/ngoduykhanh/wireguard-ui
ENV GIT_COMMIT=2fdafd34ca6c8f7f1415a3a1d89498bb575a7171
# you should potentially disable APPLY_PATCHES if changing GIT_COMMIT
ENV APPLY_PATCHES=true
RUN apk add --update --no-cache npm yarn curl patch
WORKDIR /build
#Download source code
RUN \
  curl -sSfL "${GIT_REPO}/archive/${GIT_COMMIT}.tar.gz" | \
    tar --no-same-owner -xzC /build --strip-components=1
# Applying patches which make sense
RUN \
  if [ ! "${APPLY_PATCHES}" = true ]; then touch /applied_patches; exit 0; fi; \
  apply_patch() { \
    if [ ! "$#" = 2 ]; then echo ERROR: apply_patch expects 2 arguments >&2; fi; \
    curl -sSfL "${GIT_REPO}/compare/${GIT_COMMIT}...${1}.patch" | \
      awk '$1 ~ /^diff/ {out=1}; out == 1 {print}' | \
      patch -p1; \
      if [ ! -f /applied_patches ]; then \
        echo 'Built from source:' >> /applied_patches; \
        echo "  Repository: ${GIT_REPO}" >> /applied_patches; \
        echo "  Git commit: ${GIT_COMMIT}" >> /applied_patches; \
        echo 'Applied Patches:' >> /applied_patches; \
      fi; \
      echo "  $2" >> /applied_patches; \
      echo "    Applied from commit: $1" >> /applied_patches; \
  }; \
  apply_patch b3ff328afc56bf449c022454f9a1243f167ce742 "PR660: Fix default MTU to 1420; https://github.com/ngoduykhanh/wireguard-ui/pull/660"; \
  apply_patch 8b75583a0470035d93320fc14c8d8e7f69e4a61a "PR653: Add login logging for banning brute force attacks; https://github.com/ngoduykhanh/wireguard-ui/pull/653"; \
  apply_patch 3064ec79a6710a2956596a69c80ba0c24d408ed7 "PR573: Update about.html to open page in a new tab; https://github.com/ngoduykhanh/wireguard-ui/pull/573";
  #apply_patch 872dc998ef70e55ab7f3f2d419a16e46b77e28de "PR656: Escape html special chars; https://github.com/ngoduykhanh/wireguard-ui/pull/656";
# Prepare assets
RUN yarn install --pure-lockfile --production && \
    yarn cache clean
# Move admin-lte dist
RUN mkdir -p assets/dist/js assets/dist/css && \
    cp /build/node_modules/admin-lte/dist/js/adminlte.min.js \
    assets/dist/js/adminlte.min.js && \
    cp /build/node_modules/admin-lte/dist/css/adminlte.min.css \
    assets/dist/css/adminlte.min.css
# Move plugin assets
RUN mkdir -p assets/plugins && \
    cp -r /build/node_modules/admin-lte/plugins/jquery/ \
    /build/node_modules/admin-lte/plugins/fontawesome-free/ \
    /build/node_modules/admin-lte/plugins/bootstrap/ \
    /build/node_modules/admin-lte/plugins/icheck-bootstrap/ \
    /build/node_modules/admin-lte/plugins/toastr/ \
    /build/node_modules/admin-lte/plugins/jquery-validation/ \
    /build/node_modules/admin-lte/plugins/select2/ \
    /build/node_modules/jquery-tags-input/ \
    assets/plugins/
# Move custom assets
RUN cp -r /build/custom/ assets/
# Build
RUN \
  flags="-X 'main.gitRef=refs/heads/master'"; \
  flags="${flags} -X 'main.appVersion=${APP_VERSION}'"; \
  flags="${flags} -X 'main.buildTime=$(date)'"; \
  flags="${flags} -X 'main.gitCommit=${GIT_COMMIT}'"; \
  CGO_ENABLED=0 go build -ldflags="${flags}" -a -o /wireguard-ui .


FROM alpine
SHELL ["/bin/sh", "-exc"]
RUN apk add --update --no-cache bash
SHELL ["/bin/bash", "-exc"]
COPY --from=builder /wireguard-ui /wireguard-ui
COPY --from=builder /applied_patches /applied_patches
RUN [ -x /wireguard-ui ]
WORKDIR /
CMD ["/bin/bash", "-exo", "pipefail", "-c", "ensure() { [ -d \"$1\" ] || mkdir -p \"$1\"; }; ensure /etc/wireguard; ensure db; cat /applied_patches; exec /wireguard-ui -bind-address 0.0.0.0:8080"]

Start up logs

docker build -t wg-ui .
docker run -p 127.0.0.1:8080:8080 --name wg-ui -d wg-ui
docker logs -f wg-ui

Log output

+ ensure /etc/wireguard
+ '[' -d /etc/wireguard ']'
+ mkdir -p /etc/wireguard
+ ensure db
+ '[' -d db ']'
+ mkdir -p db
+ cat /applied_patches
Built from source:
  Repository: https://github.com/ngoduykhanh/wireguard-ui
  Git commit: 2fdafd34ca6c8f7f1415a3a1d89498bb575a7171
Applied Patches:
  PR660: Fix default MTU to 1420; https://github.com/ngoduykhanh/wireguard-ui/pull/660
    Applied from commit: b3ff328afc56bf449c022454f9a1243f167ce742
  PR653: Add login logging for banning brute force attacks; https://github.com/ngoduykhanh/wireguard-ui/pull/653
    Applied from commit: 8b75583a0470035d93320fc14c8d8e7f69e4a61a
  PR573: Update about.html to open page in a new tab; https://github.com/ngoduykhanh/wireguard-ui/pull/573
    Applied from commit: 3064ec79a6710a2956596a69c80ba0c24d408ed7
+ exec /wireguard-ui -bind-address 0.0.0.0:8080
Wireguard UI
App Version	: wg-ui-homeassistant
Git Commit	: 2fdafd34ca6c8f7f1415a3a1d89498bb575a7171
Git Ref		: refs/heads/master
Build Time	: 05-05-2025 16:43:43
Git Repo	: https://github.com/ngoduykhanh/wireguard-ui
Authentication	: true
Bind address	: 0.0.0.0:8080
Email from	: 
Email from name	: WireGuard UI
Custom wg.conf	: 
Base path	: /
Subnet ranges	: 
Valid subnet ranges: 
⇨ http server started on [::]:8080

This isn't the final version of my application but I thought I would at least share what I have for others since the latest release appears to be broken.

Worth noting latest release does work if you run with -disable-login.

samrocketman avatar May 05 '25 16:05 samrocketman

I experienced the same behaviour, however only on the first start. After restarting the UI I was able to load the interface.

jaarenhoevel avatar May 19 '25 13:05 jaarenhoevel

In my case, it never allowed login. Verify which version you used because there was an older release which had a first login issue with subsequent success. But that was fixed according to older github issues.

It would always fail so I'm no longer using a release of wireguard-ui. Instead, I compile it from source with extra patches.

samrocketman avatar May 19 '25 14:05 samrocketman

I'm using v0.6.2. On first start I experienced the infinite loop. Then, thanks to your comment, I tried it with the -disable-login option, which allowed me to access the UI. After that I removed the parameter and I'm still able to login.

Thanks for the link, I'll take a look at the patches.

jaarenhoevel avatar May 19 '25 14:05 jaarenhoevel

If you look at the patches: The patches are just applied from existing pull requests (all of the commit hashes match). Because they're not merged I am "merging" them as part of my build process.

Any modifications I made I have also opened as pull requests in case the maintainer ever becomes active again. I'm resisting doing a hard fork of the project but at some point I will have too many patches (as in they will conflict) and so I'll have to decide what to do to move forward. For now, I'm good with the build process.

I never did nail down "why" the login issue occurs; just that it no longer occurs when I built from master branch. And so I ran with it from there (since I am building anyways might as well make it nice).

samrocketman avatar May 21 '25 03:05 samrocketman