From 303f811025b6d2672b8535d63b039e2d76a2260a Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 25 Apr 2024 17:32:32 +0200
Subject: [PATCH] wireguard.cgi: Show a QR code that contains the client
 configuration

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 doc/language_issues.de     |  2 ++
 doc/language_issues.en     |  2 ++
 doc/language_issues.es     |  2 ++
 doc/language_issues.fr     |  2 ++
 doc/language_issues.it     |  2 ++
 doc/language_issues.nl     |  2 ++
 doc/language_issues.pl     |  2 ++
 doc/language_issues.ru     |  2 ++
 doc/language_issues.tr     |  2 ++
 doc/language_missings      | 16 ++++++++++++++++
 html/cgi-bin/wireguard.cgi | 35 +++++++++++++++++++++++++++++++++++
 langs/en/cgi-bin/en.pl     |  2 ++
 12 files changed, 71 insertions(+)

diff --git a/doc/language_issues.de b/doc/language_issues.de
index b2e03ec38..c57603fc6 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -1017,6 +1017,7 @@ WARNING: untranslated string: optional = Optional
 WARNING: untranslated string: ovpn roadwarrior server = OpenVPN Roadwarrior Server
 WARNING: untranslated string: pakfire invalid tree = Invalid repository selected
 WARNING: untranslated string: public key = Public Key
+WARNING: untranslated string: qr code = QR Code
 WARNING: untranslated string: reg_file_data_sampling = Register File Data Sampling (RFDS)
 WARNING: untranslated string: regenerate host certificate = Renew Host Certificate
 WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025.
@@ -1053,6 +1054,7 @@ WARNING: untranslated string: wg no local subnets = No local subnets given
 WARNING: untranslated string: wg no remote subnets = No remote subnets given
 WARNING: untranslated string: wg peer configuration = Peer Configuration
 WARNING: untranslated string: wg peer does not exist = Peer does not exist
+WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client.
 WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire.
 WARNING: untranslated string: winbind daemon = Winbind Daemon
 WARNING: untranslated string: wio = unknown string
diff --git a/doc/language_issues.en b/doc/language_issues.en
index 0714a8cd3..5ddce9b81 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -1543,6 +1543,7 @@ WARNING: untranslated string: pulse dial = Pulse dial:
 WARNING: untranslated string: qos enter bandwidths = You will need to enter your downstream and upstream bandwidth!
 WARNING: untranslated string: qos graphs = Qos Graphs
 WARNING: untranslated string: qos warning = The rule <strong>must</strong> be saved, otherwise it will be discarded!
+WARNING: untranslated string: qr code = QR Code
 WARNING: untranslated string: ram = RAM
 WARNING: untranslated string: rdns = rDNS
 WARNING: untranslated string: read bytes = Bytes Read
@@ -2160,6 +2161,7 @@ WARNING: untranslated string: wg no local subnets = No local subnets given
 WARNING: untranslated string: wg no remote subnets = No remote subnets given
 WARNING: untranslated string: wg peer configuration = Peer Configuration
 WARNING: untranslated string: wg peer does not exist = Peer does not exist
+WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client.
 WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire.
 WARNING: untranslated string: whitelisted = Whitelisted
 WARNING: untranslated string: whois results from = WHOIS results from
diff --git a/doc/language_issues.es b/doc/language_issues.es
index f9cbc9a6e..9d2d5d0dd 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -1082,6 +1082,7 @@ WARNING: untranslated string: pakfire ago = ago.
 WARNING: untranslated string: password has quotation mark = Password contains an illegal double quotation mark.
 WARNING: untranslated string: processors = Processors
 WARNING: untranslated string: public key = Public Key
+WARNING: untranslated string: qr code = QR Code
 WARNING: untranslated string: reg_file_data_sampling = Register File Data Sampling (RFDS)
 WARNING: untranslated string: regenerate host certificate = Renew Host Certificate
 WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025.
@@ -1120,6 +1121,7 @@ WARNING: untranslated string: wg no local subnets = No local subnets given
 WARNING: untranslated string: wg no remote subnets = No remote subnets given
 WARNING: untranslated string: wg peer configuration = Peer Configuration
 WARNING: untranslated string: wg peer does not exist = Peer does not exist
+WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client.
 WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire.
 WARNING: untranslated string: whitelisted = Whitelisted
 WARNING: untranslated string: wio = unknown string
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index d0545fc34..a7af2c1d0 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -1030,6 +1030,7 @@ WARNING: untranslated string: pakfire ago = ago.
 WARNING: untranslated string: password has quotation mark = Password contains an illegal double quotation mark.
 WARNING: untranslated string: processors = Processors
 WARNING: untranslated string: public key = Public Key
+WARNING: untranslated string: qr code = QR Code
 WARNING: untranslated string: reg_file_data_sampling = Register File Data Sampling (RFDS)
 WARNING: untranslated string: remarks = unknown string
 WARNING: untranslated string: remote subnets = Remote Subnets
@@ -1060,6 +1061,7 @@ WARNING: untranslated string: wg no local subnets = No local subnets given
 WARNING: untranslated string: wg no remote subnets = No remote subnets given
 WARNING: untranslated string: wg peer configuration = Peer Configuration
 WARNING: untranslated string: wg peer does not exist = Peer does not exist
+WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client.
 WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire.
 WARNING: untranslated string: whitelisted = Whitelisted
 WARNING: untranslated string: wio = unknown string
diff --git a/doc/language_issues.it b/doc/language_issues.it
index 482546b51..069cf7f27 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -1292,6 +1292,7 @@ WARNING: untranslated string: processor vulnerability mitigations = Processor Vu
 WARNING: untranslated string: processors = Processors
 WARNING: untranslated string: ptr = PTR
 WARNING: untranslated string: public key = Public Key
+WARNING: untranslated string: qr code = QR Code
 WARNING: untranslated string: rdns = rDNS
 WARNING: untranslated string: reboot fsck = Reboot & run &lsquo;fsck&rsquo;
 WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check
@@ -1406,6 +1407,7 @@ WARNING: untranslated string: wg no local subnets = No local subnets given
 WARNING: untranslated string: wg no remote subnets = No remote subnets given
 WARNING: untranslated string: wg peer configuration = Peer Configuration
 WARNING: untranslated string: wg peer does not exist = Peer does not exist
+WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client.
 WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire.
 WARNING: untranslated string: whitelisted = Whitelisted
 WARNING: untranslated string: whois results from = WHOIS results from
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index 125211290..c49c7ad9a 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -1315,6 +1315,7 @@ WARNING: untranslated string: processor vulnerability mitigations = Processor Vu
 WARNING: untranslated string: processors = Processors
 WARNING: untranslated string: ptr = PTR
 WARNING: untranslated string: public key = Public Key
+WARNING: untranslated string: qr code = QR Code
 WARNING: untranslated string: rdns = rDNS
 WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check
 WARNING: untranslated string: received = Received
@@ -1427,6 +1428,7 @@ WARNING: untranslated string: wg no local subnets = No local subnets given
 WARNING: untranslated string: wg no remote subnets = No remote subnets given
 WARNING: untranslated string: wg peer configuration = Peer Configuration
 WARNING: untranslated string: wg peer does not exist = Peer does not exist
+WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client.
 WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire.
 WARNING: untranslated string: whitelisted = Whitelisted
 WARNING: untranslated string: whois results from = WHOIS results from
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index 2b3a9f3b8..5a599ff50 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -1492,6 +1492,7 @@ WARNING: untranslated string: proxy reports weekly = Weekly reports
 WARNING: untranslated string: ptr = PTR
 WARNING: untranslated string: public key = Public Key
 WARNING: untranslated string: qos enter bandwidths = You will need to enter your downstream and upstream bandwidth!
+WARNING: untranslated string: qr code = QR Code
 WARNING: untranslated string: rdns = rDNS
 WARNING: untranslated string: reboot fsck = Reboot & run &lsquo;fsck&rsquo;
 WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check
@@ -1669,6 +1670,7 @@ WARNING: untranslated string: wg no local subnets = No local subnets given
 WARNING: untranslated string: wg no remote subnets = No remote subnets given
 WARNING: untranslated string: wg peer configuration = Peer Configuration
 WARNING: untranslated string: wg peer does not exist = Peer does not exist
+WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client.
 WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire.
 WARNING: untranslated string: whitelisted = Whitelisted
 WARNING: untranslated string: whois results from = WHOIS results from
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 15af06525..f70efde44 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -1485,6 +1485,7 @@ WARNING: untranslated string: proxy reports weekly = Weekly reports
 WARNING: untranslated string: ptr = PTR
 WARNING: untranslated string: public key = Public Key
 WARNING: untranslated string: qos enter bandwidths = You will need to enter your downstream and upstream bandwidth!
+WARNING: untranslated string: qr code = QR Code
 WARNING: untranslated string: rdns = rDNS
 WARNING: untranslated string: reboot fsck = Reboot & run &lsquo;fsck&rsquo;
 WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check
@@ -1662,6 +1663,7 @@ WARNING: untranslated string: wg no local subnets = No local subnets given
 WARNING: untranslated string: wg no remote subnets = No remote subnets given
 WARNING: untranslated string: wg peer configuration = Peer Configuration
 WARNING: untranslated string: wg peer does not exist = Peer does not exist
+WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client.
 WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire.
 WARNING: untranslated string: whitelisted = Whitelisted
 WARNING: untranslated string: whois results from = WHOIS results from
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index 1cb9134dd..ba2f4871c 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -1202,6 +1202,7 @@ WARNING: untranslated string: processor vulnerability mitigations = Processor Vu
 WARNING: untranslated string: processors = Processors
 WARNING: untranslated string: ptr = PTR
 WARNING: untranslated string: public key = Public Key
+WARNING: untranslated string: qr code = QR Code
 WARNING: untranslated string: reboot fsck = Reboot & run &lsquo;fsck&rsquo;
 WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check
 WARNING: untranslated string: received = Received
@@ -1289,6 +1290,7 @@ WARNING: untranslated string: wg no local subnets = No local subnets given
 WARNING: untranslated string: wg no remote subnets = No remote subnets given
 WARNING: untranslated string: wg peer configuration = Peer Configuration
 WARNING: untranslated string: wg peer does not exist = Peer does not exist
+WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client.
 WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire.
 WARNING: untranslated string: whitelisted = Whitelisted
 WARNING: untranslated string: whois results from = WHOIS results from
diff --git a/doc/language_missings b/doc/language_missings
index 9e2df8913..10013f2f2 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -90,6 +90,7 @@
 < pakfire no dependencies found
 < pakfire resolvedeps wait
 < public key
+< qr code
 < quick control
 < random number generator daemon
 < regenerate host certificate
@@ -135,6 +136,7 @@
 < wg peer configuration
 < wg peer does not exist
 < wg pre-shared key (optional)
+< wg scan the qr code
 < wg warning configuration only shown once
 < winbind daemon
 < wireguard
@@ -190,6 +192,7 @@
 < password has quotation mark
 < processors
 < public key
+< qr code
 < regenerate host certificate
 < reg_file_data_sampling
 < reiserfs warning1
@@ -225,6 +228,7 @@
 < wg peer configuration
 < wg peer does not exist
 < wg pre-shared key (optional)
+< wg scan the qr code
 < wg warning configuration only shown once
 < whitelisted
 < wireguard
@@ -263,6 +267,7 @@
 < password has quotation mark
 < processors
 < public key
+< qr code
 < reg_file_data_sampling
 < remote subnets
 < routing
@@ -293,6 +298,7 @@
 < wg peer configuration
 < wg peer does not exist
 < wg pre-shared key (optional)
+< wg scan the qr code
 < wg warning configuration only shown once
 < whitelisted
 < wireguard
@@ -699,6 +705,7 @@
 < processor vulnerability mitigations
 < ptr
 < public key
+< qr code
 < random number generator daemon
 < rdns
 < reboot fsck
@@ -815,6 +822,7 @@
 < wg peer configuration
 < wg peer does not exist
 < wg pre-shared key (optional)
+< wg scan the qr code
 < wg warning configuration only shown once
 < whitelisted
 < whois results from
@@ -1298,6 +1306,7 @@
 < processor vulnerability mitigations
 < ptr
 < public key
+< qr code
 < random number generator daemon
 < rdns
 < rebooting ipfire fsck
@@ -1413,6 +1422,7 @@
 < wg peer configuration
 < wg peer does not exist
 < wg pre-shared key (optional)
+< wg scan the qr code
 < wg warning configuration only shown once
 < whitelisted
 < whois results from
@@ -2235,6 +2245,7 @@
 < ptr
 < public key
 < qos enter bandwidths
+< qr code
 < random number generator daemon
 < rdns
 < reboot fsck
@@ -2427,6 +2438,7 @@
 < wg peer configuration
 < wg peer does not exist
 < wg pre-shared key (optional)
+< wg scan the qr code
 < wg warning configuration only shown once
 < whitelisted
 < whois results from
@@ -3285,6 +3297,7 @@
 < ptr
 < public key
 < qos enter bandwidths
+< qr code
 < random number generator daemon
 < rdns
 < reboot fsck
@@ -3478,6 +3491,7 @@
 < wg peer configuration
 < wg peer does not exist
 < wg pre-shared key (optional)
+< wg scan the qr code
 < wg warning configuration only shown once
 < whitelisted
 < whois results from
@@ -3817,6 +3831,7 @@
 < processor vulnerability mitigations
 < ptr
 < public key
+< qr code
 < random number generator daemon
 < reboot fsck
 < rebooting ipfire fsck
@@ -3906,6 +3921,7 @@
 < wg peer configuration
 < wg peer does not exist
 < wg pre-shared key (optional)
+< wg scan the qr code
 < wg warning configuration only shown once
 < whitelisted
 < whois results from
diff --git a/html/cgi-bin/wireguard.cgi b/html/cgi-bin/wireguard.cgi
index e8d33b486..45363c0d4 100644
--- a/html/cgi-bin/wireguard.cgi
+++ b/html/cgi-bin/wireguard.cgi
@@ -24,6 +24,7 @@ use strict;
 # enable only the following on debugging purpose
 use warnings;
 use CGI::Carp 'fatalsToBrowser';
+use Imager::QRCode;
 use MIME::Base64;
 
 require "/var/ipfire/general-functions.pl";
@@ -878,6 +879,9 @@ sub show_peer_configuration($$) {
 	my $key = shift;
 	my $private_key = shift;
 
+	# The generated QR code
+	my $qrcode;
+
 	# Send HTTP Headers
 	&Header::showhttpheaders();
 
@@ -899,10 +903,41 @@ sub show_peer_configuration($$) {
 	# Generate the client configuration
 	my $config = &generate_client_configuration(\%peer);
 
+	# Create a QR code generator
+	my $qrgen = Imager::QRCode->new(
+		size          => 6,
+		margin        => 0,
+		version       => 0,
+		level         => 'M',
+		mode          => '8-bit',
+		casesensitive => 1,
+		lightcolor    => Imager::Color->new(255, 255, 255),
+		darkcolor     => Imager::Color->new(0, 0, 0),
+	);
+
+	# Encode the configuration
+	my $img = $qrgen->plot("$config");
+
+	# Encode the image as PNG
+	$img->write(data => \$qrcode, type => "png") or die $img->errstr;
+
+	# Encode the image as bas64
+	$qrcode = &MIME::Base64::encode_base64($qrcode);
+
 	# Open a new box
 	&Header::openbox('100%', '', "$Lang::tr{'wg peer configuration'}: $peer{'NAME'}");
 
 	print <<END;
+		<div class="text-center">
+			<p>
+				<img src="data:image/png;base64,${qrcode}" alt="$Lang::tr{'qr code'}">
+			</p>
+
+			<p>
+				$Lang::tr{'wg scan the qr code'}
+			</p>
+		</div>
+
 		<h6>$Lang::tr{'wg client configuration file'}</h6>
 
 		<code><pre>$config</textarea></code>
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index cf82ff8d2..feee700f4 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -2207,6 +2207,7 @@
 'qos enter bandwidths' => 'You will need to enter your downstream and upstream bandwidth!',
 'qos graphs' => 'Qos Graphs',
 'qos warning' => 'The rule <strong>must</strong> be saved, otherwise it will be discarded!',
+'qr code' => 'QR Code',
 'quick control' => 'Quick Control',
 'quick playlist' => 'Quick Playlist',
 'ram' => 'RAM',
@@ -3058,6 +3059,7 @@
 'wg peer configuration' => 'Peer Configuration',
 'wg peer does not exist' => 'Peer does not exist',
 'wg pre-shared key (optional)' => 'Pre-Shared Key (optional)',
+'wg scan the qr code' => 'Scan the QR code to import the WireGuard configuration into a mobile client.',
 'wg warning configuration only shown once' => 'Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire.',
 'whitelisted' => 'Whitelisted',
 'whois results from' => 'WHOIS results from',
-- 
2.39.5