- HTTP server listens on port
- Server creates wireguard interface with no peers
- Client connects to server, sends POST (with JSON body) to /connect using HTTP Basic Auth
- Server validates username/password
- Using SQL database (probably sqlite)
- Gets user's wireguard IP address from database
- (Assuming successful authentication) server sends reply with following information (as JSON):
- Server's public wireguard key (randomly generated at server startup)
- IP address that client must use for its wireguard interface
- Server's IP address that shall be used as client's peer's address
- Server adds peer to wireguard interface using client's public key (with the IP address that client connected from being used as the peer address)
- Client creates wireguard interface using server's IP address and public key
- Connect
- Disconnect
- Add Peer
- Delete Peer
- Modify Peer
- List Peers (per-user)
- List Peers (global)
- Add User
- Delete User
- Modify User
- List Users
- Connect
- Disconnect
- Add Peer
- Delete Peer
- Modify Peer
- List Peers
- Add User
- Delete User
- Modify User
- List Users
- Server:
- Add block time to rate-limit ban list (if feasible)
- Add post-up/post-down hooks