{"id":27160394,"url":"https://github.com/suquant/wgrest","last_synced_at":"2026-02-06T10:00:59.661Z","repository":{"id":45922847,"uuid":"214415120","full_name":"suquant/wgrest","owner":"suquant","description":"WireGuard REST API","archived":false,"fork":false,"pushed_at":"2026-02-06T07:40:04.000Z","size":1157,"stargazers_count":220,"open_issues_count":12,"forks_count":45,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-02-06T07:45:29.800Z","etag":null,"topics":["rest-api","restful-api","vpn","vpn-manager","wireguard","wireguard-ui","wireguard-vpn"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/suquant.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2019-10-11T11:07:50.000Z","updated_at":"2026-02-06T07:39:51.000Z","dependencies_parsed_at":"2024-06-18T22:32:03.938Z","dependency_job_id":"c7098f4a-53ed-4b3b-b763-5d65e93a27e7","html_url":"https://github.com/suquant/wgrest","commit_stats":null,"previous_names":[],"tags_count":20,"template":false,"template_full_name":null,"purl":"pkg:github/suquant/wgrest","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/suquant%2Fwgrest","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/suquant%2Fwgrest/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/suquant%2Fwgrest/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/suquant%2Fwgrest/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/suquant","download_url":"https://codeload.github.com/suquant/wgrest/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/suquant%2Fwgrest/sbom","scorecard":{"id":860011,"data":{"date":"2025-08-11","repo":{"name":"github.com/suquant/wgrest","commit":"04d986bd661ead87b9541d816c3a0240950a8304"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":1.6,"checks":[{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Code-Review","score":2,"reason":"Found 3/15 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: containerImage not pinned by hash: Dockerfile:1","Warn: containerImage not pinned by hash: Dockerfile:16: pin your Docker image by updating alpine:3.14 to alpine:3.14@sha256:0f2d5c38dd7a4f4f733e688e3a6733cb5ab1ac6e3cb4603a5dd564e5bfb80eed","Warn: containerImage not pinned by hash: Dockerfile.swagger-ui:1: pin your Docker image by updating swaggerapi/swagger-ui:v5.27.0 to swaggerapi/swagger-ui:v5.27.0@sha256:fb5712e95effab4479ef8c80d2b0bcada26e4ebfdac29f4b3c3b95b8276aeb1f","Info:   0 out of   3 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact 1.0.0-alpha10.5 not signed: https://api.github.com/repos/suquant/wgrest/releases/54388540","Warn: release artifact 1.0.0-alpha10.4 not signed: https://api.github.com/repos/suquant/wgrest/releases/54220115","Warn: release artifact 1.0.0-alpha10.3 not signed: https://api.github.com/repos/suquant/wgrest/releases/54197749","Warn: release artifact 1.0.0-alpha10.2 not signed: https://api.github.com/repos/suquant/wgrest/releases/54196883","Warn: release artifact 1.0.0-alpha10.1 not signed: https://api.github.com/repos/suquant/wgrest/releases/54184783","Warn: release artifact 1.0.0-alpha10.5 does not have provenance: https://api.github.com/repos/suquant/wgrest/releases/54388540","Warn: release artifact 1.0.0-alpha10.4 does not have provenance: https://api.github.com/repos/suquant/wgrest/releases/54220115","Warn: release artifact 1.0.0-alpha10.3 does not have provenance: https://api.github.com/repos/suquant/wgrest/releases/54197749","Warn: release artifact 1.0.0-alpha10.2 does not have provenance: https://api.github.com/repos/suquant/wgrest/releases/54196883","Warn: release artifact 1.0.0-alpha10.1 does not have provenance: https://api.github.com/repos/suquant/wgrest/releases/54184783"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 18 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"19 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-1031 / GHSA-crxj-hrmp-4rwf","Warn: Project is vulnerable to: GO-2022-0968 / GHSA-gwc9-m7rh-j2ww","Warn: Project is vulnerable to: GO-2021-0356 / GHSA-8c26-wmh5-6g9v","Warn: Project is vulnerable to: GO-2024-2961","Warn: Project is vulnerable to: GO-2023-2402 / GHSA-45x7-px36-x8w8","Warn: Project is vulnerable to: GO-2024-3321 / GHSA-v778-237x-gjrc","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2022-0288","Warn: Project is vulnerable to: GO-2022-0969 / GHSA-69cg-p879-7622","Warn: Project is vulnerable to: GO-2022-1144 / GHSA-xrjj-mj9h-534m","Warn: Project is vulnerable to: GO-2023-1571 / GHSA-vvpx-j8f3-3w6h","Warn: Project is vulnerable to: GO-2023-1988 / GHSA-2wrh-6pvc-2jm9","Warn: Project is vulnerable to: GO-2023-2102 / GHSA-4374-p667-p6c8","Warn: Project is vulnerable to: GHSA-qppj-fm5r-hxr3","Warn: Project is vulnerable to: GO-2024-2687 / GHSA-4v7x-pqxf-cx7m","Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GO-2022-0493 / GHSA-p782-xgp4-8hr8"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-24T00:58:17.055Z","repository_id":45922847,"created_at":"2025-08-24T00:58:17.055Z","updated_at":"2025-08-24T00:58:17.055Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29157463,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-06T07:18:23.844Z","status":"ssl_error","status_checked_at":"2026-02-06T07:13:32.659Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["rest-api","restful-api","vpn","vpn-manager","wireguard","wireguard-ui","wireguard-vpn"],"created_at":"2025-04-08T23:45:11.495Z","updated_at":"2026-02-06T10:00:59.651Z","avatar_url":"https://github.com/suquant.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# WGRest\n\n[![Build Status](https://github.com/suquant/wgrest/actions/workflows/ci.yml/badge.svg)](https://github.com/suquant/wgrest/actions/workflows/ci.yml)\n[![codecov](https://codecov.io/gh/suquant/wgrest/branch/master/graph/badge.svg?token=NM179YJFEJ)](https://codecov.io/gh/suquant/wgrest)\n\nWGRest is a WireGuard REST API server. It operates WireGuard through IPC and doesn't require any dependencies. It uses wg-quick style configuration files for persistent storage, providing full compatibility with standard WireGuard tooling.\n\nDesigned to be simple, fast, and lightweight — making it ideal for embedded devices such as routers or any other low-power, low-memory devices.\n\n[WireGuard](https://www.wireguard.com/) is a simple and modern VPN. It is cross-platform (Windows, macOS, BSD, iOS, Android).\n\n## Features\n\n- **Full wg-quick compatibility** - Uses standard `/etc/wireguard/*.conf` files\n- **Device management** - Create, update, delete WireGuard interfaces\n- **Peer management** - Full CRUD operations with search and sorting\n- **Interface lifecycle** - Bring interfaces up/down via API (`wg-quick up/down`)\n- **wg-quick config export** - Download peer configurations as `quick.conf`\n- **ACME TLS support** - Automatic Let's Encrypt certificates\n- **Bearer token auth** - Simple token-based authorization\n- **Swagger UI** - Interactive API documentation at `/docs/`\n\n## Requirements\n\n- Linux with WireGuard kernel module\n- `wireguard-tools` package (provides `wg` and `wg-quick`)\n\n## Install\n\n### On Debian / Ubuntu\n\n```shell\n# amd64\ncurl -L https://github.com/suquant/wgrest/releases/latest/download/wgrest_amd64.deb -o wgrest_amd64.deb\ndpkg -i wgrest_amd64.deb\n\n# arm64\ncurl -L https://github.com/suquant/wgrest/releases/latest/download/wgrest_arm64.deb -o wgrest_arm64.deb\ndpkg -i wgrest_arm64.deb\n```\n\n### Manual\n\n```shell\ncurl -L https://github.com/suquant/wgrest/releases/latest/download/wgrest-linux-amd64 -o wgrest\nchmod +x wgrest\nsudo mv wgrest /usr/local/bin/\n```\n\n## Configuration\n\n```shell\nwgrest --help\n\nNAME:\n   wgrest - REST API for WireGuard\n\nGLOBAL OPTIONS:\n   --conf value           wgrest config file path (default: \"/etc/wgrest/wgrest.conf\")\n   --version              Print version and exit\n   --listen value         Listen address (default: \"127.0.0.1:8000\")\n   --config-dir value     WireGuard config directory (default: \"/etc/wireguard\")\n   --certs-dir value      ACME TLS certificates cache directory (default: \"/var/lib/wgrest/certs\")\n   --dump-interval value  Config dump interval (default: 10m)\n   --static-auth-token value  Bearer token for authorization\n   --tls-domain value     TLS Domains for ACME (Let's Encrypt)\n   --help, -h             show help\n```\n\n### Environment Variables\n\n| Variable | Description | Default |\n|----------|-------------|---------|\n| `WGREST_CONF` | Config file path | `/etc/wgrest/wgrest.conf` |\n| `WGREST_LISTEN` | Listen address | `127.0.0.1:8000` |\n| `WGREST_CONFIG_DIR` | WireGuard config dir | `/etc/wireguard` |\n| `WGREST_CERTS_DIR` | TLS certificates dir | `/var/lib/wgrest/certs` |\n| `WGREST_DUMP_INTERVAL` | Config dump interval | `10m` |\n| `WGREST_STATIC_AUTH_TOKEN` | Bearer token | - |\n| `WGREST_TLS_DOMAIN` | ACME domains | - |\n\n## Quick Start\n\n```shell\n# Start server with auth token\nwgrest --static-auth-token \"secret\" --listen \"127.0.0.1:8000\"\n\n# Open Swagger UI\nopen http://127.0.0.1:8000/docs/\n```\n\n## API Examples\n\n### Create a device\n\n```shell\ncurl -X POST \\\n    -H \"Content-Type: application/json\" \\\n    -H \"Authorization: Bearer secret\" \\\n    -d '{\n        \"name\": \"wg0\",\n        \"listen_port\": 51820,\n        \"address\": [\"10.0.0.1/24\"]\n    }' \\\n    http://127.0.0.1:8000/v1/devices/\n```\n\n### Get devices\n\n```shell\ncurl -H \"Authorization: Bearer secret\" \\\n    http://127.0.0.1:8000/v1/devices/\n```\n\n### Update device\n\n```shell\ncurl -X PATCH \\\n    -H \"Content-Type: application/json\" \\\n    -H \"Authorization: Bearer secret\" \\\n    -d '{\"listen_port\": 51821}' \\\n    http://127.0.0.1:8000/v1/devices/wg0/\n```\n\n### Add peer\n\n```shell\ncurl -X POST \\\n    -H \"Content-Type: application/json\" \\\n    -H \"Authorization: Bearer secret\" \\\n    -d '{\"allowed_ips\": [\"10.0.0.2/32\"]}' \\\n    http://127.0.0.1:8000/v1/devices/wg0/peers/\n```\n\n### Get peers\n\n```shell\ncurl -H \"Authorization: Bearer secret\" \\\n    http://127.0.0.1:8000/v1/devices/wg0/peers/\n```\n\n### Bring interface up/down\n\n```shell\n# Bring up\ncurl -X POST \\\n    -H \"Authorization: Bearer secret\" \\\n    http://127.0.0.1:8000/v1/devices/wg0/up/\n\n# Bring down\ncurl -X POST \\\n    -H \"Authorization: Bearer secret\" \\\n    http://127.0.0.1:8000/v1/devices/wg0/down/\n```\n\n### Delete peer\n\n```shell\ncurl -X DELETE \\\n    -H \"Authorization: Bearer secret\" \\\n    http://127.0.0.1:8000/v1/devices/wg0/peers/{urlSafePubKey}/\n```\n\n## URL-Safe Public Keys\n\nPeer public keys in URLs use URL-safe base64 encoding. Convert standard base64:\n\n```python\nimport base64\npub_key = \"hQ1yeyFy+bZn/5jpQNNrZ8MTIGaimZxT6LbWAkvmKjA=\"\nurl_safe = base64.urlsafe_b64encode(base64.b64decode(pub_key)).decode()\nprint(url_safe)  # hQ1yeyFy-bZn_5jpQNNrZ8MTIGaimZxT6LbWAkvmKjA=\n```\n\n## Development\n\n```shell\n# Build\nmake build\n\n# Run tests\nmake test\n\n# Generate swagger docs\nmake swagger\n\n# Run linter\nmake lint\n```\n\n## Credits\n\n- [ForestVPN.com](https://forestvpn.com) - Free VPN for all\n- [SpaceV.net](https://spacev.net) - VPN for teams\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsuquant%2Fwgrest","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsuquant%2Fwgrest","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsuquant%2Fwgrest/lists"}