pR0Ps · September 29, 2019 00:02
diff --git a/warpwg.sh b/warpwg.sh
 #!/usr/bin/env bash
 set -eou pipefail

 # This script takes/generates a Wireguard private/public key pair, registers it with CloudFlare's WARP
 # service, and outputs a Wireguard config file.

 # Adapted from @saurik's script here: https://twitter.com/saurik/status/1176893448445558784

 if [ "$#" -gt 0 ] && [ "$1" = "--help" ]; then
    echo "Creates a Wireguard config file for CloudFlare's WARP service."
    echo "THIS IS NOT AN OFFICIAL CLIENT."
    echo ""
    echo "Usage:"
    echo "$(basename "$0") [<private key> [<public key>]]"
    echo ""
    echo "Will output a config file that can be imported into most Wireguard clients."
    echo "If 'qrencode' is availible a QR code will also be output to the terminal."
    echo ""
    echo "If the private or public keys are not provided, they will be generated"
    echo "(this requires 'wg' from the 'wireguard-tools' package)."
    exit 0
 fi

 # Generate keys
 if [ $# -lt 1 ]; then
    priv="$(wg genkey)"
 else
    priv="$1"
 fi
 if [ $# -lt 2 ]; then
    pub=$(echo "${priv}" | wg pubkey)
 else
    pub="$2"
 fi
 test -n "${priv}"
 test -n "${pub}"

 api="https://api.cloudflareclient.com/v0i1909051800"
 ins() { vrb=$1; shift; path=$1; shift; curl -s -H 'user-agent:' -H 'content-type: application/json' -X "${vrb}" "${api}/${path}" "$@"; }
 sec() { token=$1; shift; ins "$@" -H 'authorization: Bearer '"${token}"''; }

 # Get ID and auth token
 tmp=($(ins POST "reg" -d '{"install_id":"","tos":"'"$(date -u +%FT%T.000Z)"'","key":"'"${pub}"'","fcm_token":"","type":"ios","locale":"en_US"}' |
    jq -r '.result|.id+" "+.token'
 ))
 test "${#tmp[@]}" -eq 2
 id="${tmp[0]}"
 token="${tmp[1]}"

 # Enable WARP
 tmp=($(sec "${token}" PATCH "reg/${id}" -d '{"warp_enabled":true}' |
    jq -r '.result.config|(.peers[0]|.public_key+" "+.endpoint.host)+" "+.interface.addresses.v4+" "+.interface.addresses.v6'
 ))
 test "${#tmp[@]}" -eq 4
 peer_pub="${tmp[0]}"
 peer_endpoint="${tmp[1]}"
 client_ipv4="${tmp[2]}"
 client_ipv6="${tmp[3]}"

 # Generate and output config
 conf=$(cat <<-EOM
 [Interface]
 PrivateKey = ${priv}
 Address = ${client_ipv4}, ${client_ipv6}
 DNS = 1.1.1.1, 2606:4700:4700::1111, 1.0.0.1, 2606:4700:4700::1001

 [Peer]
 PublicKey = ${peer_pub}
 AllowedIPs = 0.0.0.0/0, ::/0
 Endpoint = ${peer_endpoint}
 EOM
 )

 [ -t 1 ] && echo "########## START CONFIG ##########"
 echo "${conf}"
 [ -t 1 ] && echo "########### END CONFIG ###########"

 if [ -t 1 ] && command -v qrencode > /dev/null; then
    echo "${conf}" | qrencode -t ansiutf8
 fi
	#!/usr/bin/env bash
	set -eou pipefail

	# This script takes/generates a Wireguard private/public key pair, registers it with CloudFlare's WARP
	# service, and outputs a Wireguard config file.

	# Adapted from @saurik's script here: https://twitter.com/saurik/status/1176893448445558784

	if [ "$#" -gt 0 ] && [ "$1" = "--help" ]; then
	echo "Creates a Wireguard config file for CloudFlare's WARP service."
	echo "THIS IS NOT AN OFFICIAL CLIENT."
	echo ""
	echo "Usage:"
	echo "$(basename "$0") [<private key> [<public key>]]"
	echo ""
	echo "Will output a config file that can be imported into most Wireguard clients."
	echo "If 'qrencode' is availible a QR code will also be output to the terminal."
	echo ""
	echo "If the private or public keys are not provided, they will be generated"
	echo "(this requires 'wg' from the 'wireguard-tools' package)."
	exit 0
	fi

	# Generate keys
	if [ $# -lt 1 ]; then
	priv="$(wg genkey)"
	else
	priv="$1"
	fi
	if [ $# -lt 2 ]; then
	pub=$(echo "${priv}" \| wg pubkey)
	else
	pub="$2"
	fi
	test -n "${priv}"
	test -n "${pub}"

	api="https://api.cloudflareclient.com/v0i1909051800"
	ins() { vrb=$1; shift; path=$1; shift; curl -s -H 'user-agent:' -H 'content-type: application/json' -X "${vrb}" "${api}/${path}" "$@"; }
	sec() { token=$1; shift; ins "$@" -H 'authorization: Bearer '"${token}"''; }

	# Get ID and auth token
	tmp=($(ins POST "reg" -d '{"install_id":"","tos":"'"$(date -u +%FT%T.000Z)"'","key":"'"${pub}"'","fcm_token":"","type":"ios","locale":"en_US"}' \|
	jq -r '.result\|.id+" "+.token'
	))
	test "${#tmp[@]}" -eq 2
	id="${tmp[0]}"
	token="${tmp[1]}"

	# Enable WARP
	tmp=($(sec "${token}" PATCH "reg/${id}" -d '{"warp_enabled":true}' \|
	jq -r '.result.config\|(.peers[0]\|.public_key+" "+.endpoint.host)+" "+.interface.addresses.v4+" "+.interface.addresses.v6'
	))
	test "${#tmp[@]}" -eq 4
	peer_pub="${tmp[0]}"
	peer_endpoint="${tmp[1]}"
	client_ipv4="${tmp[2]}"
	client_ipv6="${tmp[3]}"

	# Generate and output config
	conf=$(cat <<-EOM
	[Interface]
	PrivateKey = ${priv}
	Address = ${client_ipv4}, ${client_ipv6}
	DNS = 1.1.1.1, 2606:4700:4700::1111, 1.0.0.1, 2606:4700:4700::1001

	[Peer]
	PublicKey = ${peer_pub}
	AllowedIPs = 0.0.0.0/0, ::/0
	Endpoint = ${peer_endpoint}
	EOM
	)

	[ -t 1 ] && echo "########## START CONFIG ##########"
	echo "${conf}"
	[ -t 1 ] && echo "########### END CONFIG ###########"

	if [ -t 1 ] && command -v qrencode > /dev/null; then
	echo "${conf}" \| qrencode -t ansiutf8
	fi