chore: initial commit of wgtool

SCRIPT_IMPROVEMENTS.md

@@ -0,0 +1,138 @@
+# WireGuard Script Improvements Summary
+
+This document outlines the errors found and optimizations made to the WireGuard setup scripts.
+
+## Scripts Analyzed
+
+1. `generate_zion_peer.sh` - Zion peer configuration generator
+2. `wireguard_setup.sh` - Interactive WireGuard setup script
+3. `wireguard_setup.go` - Go-based WireGuard setup tool
+
+## Issues Found and Fixed
+
+### 1. generate_zion_peer.sh
+
+#### Issues Fixed:
+- **Shebang**: Changed from `/bin/bash` to `/usr/bin/env bash` for better portability
+- **Error handling**: Added `set -euo pipefail` for stricter error handling
+- **IP validation**: Improved regex to properly validate 10.8.0.x format and exclude reserved addresses
+- **Public key validation**: Enhanced validation for WireGuard public keys (44 character base64)
+- **Input sanitization**: Added validation for node names
+- **Configuration loading**: Added ability to load Zion config from file with fallback to hardcoded values
+
+#### Optimizations Added:
+- **Command line options**: Added `-c/--config` and `-h/--help` flags
+- **Dynamic config loading**: Script now attempts to read Zion configuration from `CURRENT_WORKING/zion.conf`
+- **Better error messages**: More descriptive error messages with specific validation failures
+- **Safe fallbacks**: Graceful degradation when configuration files are not available
+
+### 2. wireguard_setup.sh
+
+#### Issues Fixed:
+- **Shebang**: Changed from `/bin/bash` to `/usr/bin/env bash`
+- **Error handling**: Added `set -euo pipefail` for stricter error handling
+- **IP validation**: Completely rewrote validation function to properly check IP format and subnet
+- **Port validation**: Enhanced port validation with warnings for privileged ports
+- **Public key validation**: Added validation for WireGuard public keys
+- **Network interface detection**: Added automatic detection of network interfaces instead of hardcoded `eth0`
+- **File permissions**: Added proper file permission setting (600) for security
+- **Variable scope**: Fixed variable scoping issues and made variables local where appropriate
+
+#### Optimizations Added:
+- **Configuration file support**: Added `-c/--config` option for custom Zion config files
+- **Safe filename creation**: Added function to sanitize user input for filenames
+- **Network interface detection**: Automatic detection of available network interfaces
+- **Better validation loops**: Improved input validation with retry logic
+- **Enhanced error messages**: More descriptive error messages and warnings
+- **Fedora support**: Added Fedora package installation instructions
+
+### 3. wireguard_setup.go
+
+#### Issues Fixed:
+- **Deprecated packages**: Replaced `ioutil` with `os` package (Go 1.16+ compatibility)
+- **Version bump**: Updated script version to 2.4
+
+#### Optimizations Added:
+- **Modern Go**: Uses current Go standard library practices
+- **Better error handling**: More comprehensive error checking throughout
+
+## Security Improvements
+
+### File Permissions
+- All WireGuard configuration files now use 600 permissions (owner read/write only)
+- Private keys are properly secured with restrictive permissions
+
+### Input Validation
+- Enhanced validation for all user inputs
+- Sanitization of filenames and node names
+- Proper IP address format and range validation
+- WireGuard public key format validation
+
+### Error Handling
+- Stricter error handling with `set -euo pipefail` in bash scripts
+- Better error messages for debugging
+- Graceful fallbacks when configuration files are missing
+
+## Portability Improvements
+
+### Shebang
+- Changed from hardcoded `/bin/bash` to `/usr/bin/env bash`
+- Better compatibility across different Unix-like systems
+
+### Network Interface Detection
+- Automatic detection of network interfaces instead of hardcoded names
+- Support for various interface naming conventions (eth0, ens33, ens160, enp0s3, eno1)
+
+### Configuration Management
+- External configuration file support
+- Fallback to hardcoded values when files are not available
+- Better separation of configuration and logic
+
+## User Experience Improvements
+
+### Better Help
+- Enhanced usage messages with examples
+- Command line option support
+- More descriptive error messages
+
+### Input Validation
+- Real-time validation with retry loops
+- Clear error messages explaining what went wrong
+- Suggestions for correct input formats
+
+### Configuration Preview
+- Show generated configuration before saving
+- Clear instructions for next steps
+- Integration instructions for Zion server
+
+## Compatibility Notes
+
+### Go Version
+- The Go script now requires Go 1.16 or later due to `os.WriteFile` usage
+- Replaced deprecated `ioutil.WriteFile` with `os.WriteFile`
+
+### Bash Version
+- Bash scripts now use stricter error handling
+- May require bash 4.0+ for some features
+- Tested with bash 4.4+ and 5.0+
+
+### System Requirements
+- All scripts now properly check for WireGuard tools
+- Better package installation instructions for various distributions
+- Network interface detection works on most Linux distributions
+
+## Testing Recommendations
+
+1. **Test on different distributions**: Ubuntu, CentOS, Fedora, Arch
+2. **Test with different bash versions**: Ensure compatibility with older systems
+3. **Test network interface detection**: Various interface naming schemes
+4. **Test error conditions**: Missing dependencies, invalid inputs, permission issues
+5. **Test configuration loading**: With and without Zion config files
+
+## Future Improvements
+
+1. **Configuration file format**: Consider YAML or TOML for better readability
+2. **Logging**: Add proper logging with different verbosity levels
+3. **Testing**: Add unit tests for validation functions
+4. **CI/CD**: Add automated testing and linting
+5. **Documentation**: Add man pages and more detailed usage examples