A large release that adds Webauthn support to wag.
This release adds new options to the configuration file, and (if webauthn is desired) will require users to set the Authenticators.DomainURL variable.
This release also contains a number of small fixes, some of which will be listed here.
Breaking changes:
Authenticators.DomainURLis now required if the webauthn method is enabled (which it is by default)
Changes:
- Content Security Policy now allows
script-src: self - SIGPIPE is no longer considered an exit condition
Features:
- The tunnel server now has a
/public_keyroute to return the wireguard public key - Device registration can now display configuration as a QR code for mobile devices (use
/register_device?type=mobile) - Wag now supports both TOTP and Webauthn authorisation methods
- The configuration file now allows for specification of default authentication method, and enabled methods
Bug Fixes:
- Denial of server due to unreleased lock if a user re-uses a valid code within 30 seconds. (basically impossible to hit)