Bring your own public key

[fbuetler]

Hi,

This is a PR in a serie of 6 PRs, as it was asked to split #294 up into multiple PRs.

Serie:

• (THIS PR) feature/bring-your-own-public-key
• feature/remove-all-devices-for-user
• feature/purge-inactive-devices
• feature/health-check
• hygiene/put-common-auth-logic-into-func
• feature/pre-shared-keys

Feature:

This feature extends the wg-access-server, enabling the user to bring its own public key, instead of it being generated by the frontend. Reason for this is that the private key (generated in the browser), should in some circumstance not touch the web in any way.

This adds a new form input to "Add Device":

[mergeable]

Thanks for creating a pull request! A maintainer will review your changes shortly. Please don't be discouraged if it takes a while.

[DasSkelett]

Nice feature!
The generated config file (or QR code) still include a browser-generated private key. I think we should at least replace it with a placeholder to make it more obvious that it needs changing - but if it's not valid base64 the WireGuard mobile app might reject to import the config.
And maybe also point out that users need to replace the privkey in the config, which we could do in the pubkey input help text like my suggestion below.

[fbuetler]

The generated config file (or QR code) still include a browser-generated private key. I think we should at least replace it with a placeholder to make it more obvious that it needs changing - but if it's not valid base64 the WireGuard mobile app might reject to import the config.

Good point!

I tested a few configurations, but the wireguard app rejects the qr code, if

• there is no private key
• the private key is empty
• the private key does not have the correct length
  and hence only accepts private keys like pleaseReplaceThisPrivatekey0000000000000000=

Maybe, it is a good idea to put pleaseReplaceThisPrivatekeyas the private key (note, it has not the correct length). This way the Wireguard app rejects the qr code, as otherwise it accepts it and generates a public key out of it. This might lead to confusion.

[DasSkelett]

Maybe we should remove the QR code entirely when a user brings their own key pair. The QR code is for easy, simple and quick setup, which is already out of the window when someone went through the hoops to generate their own key pair.
They have to edit the config before importing it in a WireGuard client, and this can only be done using with the text file.

[GoliathLabs]

@fbuetler can you rebase your changes again? After that we can merge your PR

[fbuetler]

I think the linting errors have to be resolved on the master branch as they were not introduced by this branch. I guess these errors appreared after a linter update.

See:
4766783
#305