From bc2ca23c9384e301fd2605661d0c3adca30a7a93 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Sun, 17 Mar 2024 13:34:02 +0100
Subject: [PATCH] VPN: WireGuard: Peers - add instances column and move
 backreference logic to model using the volatile switch recently introduced
 for the Trust section. closes https://github.com/opnsense/core/issues/7221

---
 .../Wireguard/Api/ClientController.php        | 36 +++++++----
 .../app/models/OPNsense/Wireguard/Client.xml  | 12 +++-
 .../Wireguard/FieldTypes/ClientField.php      | 59 +++++++++++++++++
 .../mvc/app/views/OPNsense/Trust/cert.volt    |  4 +-
 .../app/views/OPNsense/Wireguard/general.volt | 64 +++++++++++++++----
 5 files changed, 147 insertions(+), 28 deletions(-)
 create mode 100644 src/opnsense/mvc/app/models/OPNsense/Wireguard/FieldTypes/ClientField.php

diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Wireguard/Api/ClientController.php b/src/opnsense/mvc/app/controllers/OPNsense/Wireguard/Api/ClientController.php
index 26e98667f13..1b7cec16435 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Wireguard/Api/ClientController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Wireguard/Api/ClientController.php
@@ -44,27 +44,39 @@ public function pskAction()
         return ['psk' => trim((new Backend())->configdRun('wireguard gen_psk')), 'status' => 'ok' ];
     }
 
+    public function listServersAction()
+    {
+        if ($this->request->isGet()) {
+            $results = ['rows' => [], 'status' => 'ok'];
+            foreach ((new Server())->servers->server->iterateItems() as $key => $node) {
+                $results['rows'][] = [
+                    'uuid' => $key,
+                    'name' => (string)$node->name
+                ];
+            }
+            return $results;
+        }
+        return ['status' => 'failed'];
+    }
+
     public function searchClientAction()
     {
+        $servers = $this->request->get('servers');
+        $filter_funct = function ($record) use ($servers) {
+            return empty($servers) || array_intersect(explode(',', $record->servers), $servers);
+        };
+
         return $this->searchBase(
             'clients.client',
-            ["enabled", "name", "pubkey", "tunneladdress", "serveraddress", "serverport"]
+            ["enabled", "name", "pubkey", "tunneladdress", "serveraddress", "serverport", "servers"],
+            null,
+            $filter_funct
         );
     }
 
     public function getClientAction($uuid = null)
     {
-        $result = $this->getBase('client', 'clients.client', $uuid);
-        if (!empty($result['client'])) {
-            $result['client']['servers'] = [];
-            foreach ((new Server())->servers->server->iterateItems() as $key => $node) {
-                $result['client']['servers'][$key] = [
-                    'value' => (string)$node->name,
-                    'selected' => in_array($uuid, explode(',', (string)$node->peers)) ? '1' : '0'
-                ];
-            }
-        }
-        return $result;
+        return $this->getBase('client', 'clients.client', $uuid);
     }
 
     public function addClientAction()
diff --git a/src/opnsense/mvc/app/models/OPNsense/Wireguard/Client.xml b/src/opnsense/mvc/app/models/OPNsense/Wireguard/Client.xml
index cb498d80826..f317ced7210 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Wireguard/Client.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/Wireguard/Client.xml
@@ -4,7 +4,7 @@
     <version>1.0.0</version>
     <items>
         <clients>
-            <client type="ArrayField">
+            <client type=".\ClientField">
                 <enabled type="BooleanField">
                     <Default>1</Default>
                     <Required>Y</Required>
@@ -53,6 +53,16 @@
                     <MaximumValue>86400</MaximumValue>
                     <ValidationMessage>Please specify a value between 1 and 86400.</ValidationMessage>
                 </keepalive>
+                <servers type="ModelRelationField" volatile="true">
+                    <Model>
+                        <template>
+                            <source>OPNsense.Wireguard.Server</source>
+                            <items>servers.server</items>
+                            <display>name</display>
+                        </template>
+                    </Model>
+                    <Multiple>Y</Multiple>
+                </servers>
             </client>
         </clients>
     </items>
diff --git a/src/opnsense/mvc/app/models/OPNsense/Wireguard/FieldTypes/ClientField.php b/src/opnsense/mvc/app/models/OPNsense/Wireguard/FieldTypes/ClientField.php
new file mode 100644
index 00000000000..4d2d25788ed
--- /dev/null
+++ b/src/opnsense/mvc/app/models/OPNsense/Wireguard/FieldTypes/ClientField.php
@@ -0,0 +1,59 @@
+<?php
+
+/*
+ * Copyright (C) 2024 Deciso B.V.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+namespace OPNsense\Wireguard\FieldTypes;
+
+use OPNsense\Base\FieldTypes\ArrayField;
+use OPNsense\Wireguard\Server;
+
+class ClientField extends ArrayField
+{
+    /**
+     * backreference servers
+     */
+    protected function actionPostLoadingEvent()
+    {
+        $peers = [];
+        foreach ((new Server())->servers->server->iterateItems() as $key => $node) {
+            if (!empty((string)$node->peers)) {
+                foreach (explode(',', (string)$node->peers) as $peer) {
+                    if (!isset($peers[$peer])) {
+                        $peers[$peer] = [];
+                    }
+                    $peers[$peer][] = $key;
+                }
+            }
+        }
+        foreach ($this->internalChildnodes as $key => $node) {
+            if (isset($peers[$key])) {
+                $node->servers->setValue(implode(',', $peers[$key]));
+            }
+        }
+        return parent::actionPostLoadingEvent();
+    }
+}
diff --git a/src/opnsense/mvc/app/views/OPNsense/Trust/cert.volt b/src/opnsense/mvc/app/views/OPNsense/Trust/cert.volt
index 5db6ad2753f..343fa1228c4 100644
--- a/src/opnsense/mvc/app/views/OPNsense/Trust/cert.volt
+++ b/src/opnsense/mvc/app/views/OPNsense/Trust/cert.volt
@@ -35,8 +35,8 @@
             del:'/api/trust/cert/del/',
             options:{
                 requestHandler: function(request){
-                    if ( $('#ca_filter').val().length > 0) {
-                        request['carefs'] = $('#ca_filter').val();
+                    if ( $('#server_filter').val().length > 0) {
+                        request['servers'] = $('#server_filter').val();
                     }
                     return request;
                 }
diff --git a/src/opnsense/mvc/app/views/OPNsense/Wireguard/general.volt b/src/opnsense/mvc/app/views/OPNsense/Wireguard/general.volt
index 55f0e46d984..4b58d55a49b 100644
--- a/src/opnsense/mvc/app/views/OPNsense/Wireguard/general.volt
+++ b/src/opnsense/mvc/app/views/OPNsense/Wireguard/general.volt
@@ -33,25 +33,49 @@
             $('.selectpicker').selectpicker('refresh');
         });
 
-        $("#grid-peers").UIBootgrid(
+        let grid_peers = $("#grid-peers").UIBootgrid(
             {
-                'search':'/api/wireguard/client/searchClient',
-                'get':'/api/wireguard/client/getClient/',
-                'set':'/api/wireguard/client/setClient/',
-                'add':'/api/wireguard/client/addClient/',
-                'del':'/api/wireguard/client/delClient/',
-                'toggle':'/api/wireguard/client/toggleClient/'
+                search: '/api/wireguard/client/searchClient',
+                get: '/api/wireguard/client/getClient/',
+                set: '/api/wireguard/client/setClient/',
+                add: '/api/wireguard/client/addClient/',
+                del: '/api/wireguard/client/delClient/',
+                toggle: '/api/wireguard/client/toggleClient/',
+                options:{
+                requestHandler: function(request){
+                    if ( $('#server_filter').val().length > 0) {
+                        request['servers'] = $('#server_filter').val();
+                    }
+                    return request;
+                }
+            },
+
+
             }
         );
+        grid_peers.on("loaded.rs.jquery.bootgrid", function (e){
+            // reload servers before grid load
+            if ($("#server_filter > option").length == 0) {
+                ajaxGet('/api/wireguard/client/list_servers', {}, function(data, status){
+                    if (data.rows !== undefined) {
+                        for (let i=0; i < data.rows.length ; ++i) {
+                            let row = data.rows[i];
+                            $("#server_filter").append($("<option/>").val(row.uuid).html(row.name));
+                        }
+                        $("#server_filter").selectpicker('refresh');
+                    }
+                });
+            }
+        });
 
         $("#grid-instances").UIBootgrid(
             {
-                'search':'/api/wireguard/server/searchServer',
-                'get':'/api/wireguard/server/getServer/',
-                'set':'/api/wireguard/server/setServer/',
-                'add':'/api/wireguard/server/addServer/',
-                'del':'/api/wireguard/server/delServer/',
-                'toggle':'/api/wireguard/server/toggleServer/'
+                search: '/api/wireguard/server/searchServer',
+                get: '/api/wireguard/server/getServer/',
+                set: '/api/wireguard/server/setServer/',
+                add: '/api/wireguard/server/addServer/',
+                del: '/api/wireguard/server/delServer/',
+                toggle: '/api/wireguard/server/toggleServer/'
             }
         );
 
@@ -86,6 +110,11 @@
                 }
             });
         })
+        $("#filter_container").detach().prependTo('#grid-peers-header > .row > .actionBar > .actions');
+        $("#server_filter").change(function(){
+            $('#grid-peers').bootgrid('reload');
+        });
+
         // update history on tab state and implement navigation
         if(window.location.hash != "") {
             $('a[href="' + window.location.hash + '"]').click()
@@ -112,6 +141,14 @@
               <i class="fa fa-fw fa-gear"></i>
             </button>
         </span>
+        <div class="hidden">
+            <!-- filter per server container -->
+            <div id="filter_container" class="btn-group">
+                <select id="server_filter"  data-title="{{ lang._('Instances') }}" class="selectpicker" data-live-search="true" data-size="5"  multiple data-width="200px">
+                </select>
+            </div>
+        </div>
+
         <table id="grid-peers" class="table table-condensed table-hover table-striped" data-editDialog="dialogEditWireguardClient">
             <thead>
                 <tr>
@@ -121,6 +158,7 @@
                     <th data-column-id="serveraddress" data-type="string" data-visible="true">{{ lang._('Endpoint address') }}</th>
                     <th data-column-id="serverport" data-type="string" data-visible="true">{{ lang._('Endpoint port') }}</th>
                     <th data-column-id="tunneladdress" data-type="string" data-visible="true">{{ lang._('Allowed IPs') }}</th>
+                    <th data-column-id="servers" data-type="string" data-visible="true">{{ lang._('Instances') }}</th>
                     <th data-column-id="commands" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
                 </tr>
             </thead>