pR0Ps/warpwg.sh

## warpwg.sh
#!/usr/bin/env bash
set -eou pipefail

# This script takes/generates a Wireguard private/public key pair, registers it with CloudFlare's WARP
# service, and outputs a Wireguard config file.

# Adapted from @saurik's script here: https://twitter.com/saurik/status/1176893448445558784

if [ "$#" -gt 0 ] && [ "$1" = "--help" ]; then
    echo "Creates a Wireguard config file for CloudFlare's WARP service."
    echo "THIS IS NOT AN OFFICIAL CLIENT."
    echo ""
    echo "Usage:"
    echo "$(basename "$0") [<private key> [<public key>]]"
    echo ""
    echo "Will output a config file that can be imported into most Wireguard clients."
    echo "If 'qrencode' is availible a QR code will also be output to the terminal."
    echo ""
    echo "If the private or public keys are not provided, they will be generated"
    echo "(this requires 'wg' from the 'wireguard-tools' package)."
    exit 0
fi

# Generate keys
if [ $# -lt 1 ]; then
    priv="$(wg genkey)"
else
    priv="$1"
fi
if [ $# -lt 2 ]; then
    pub=$(echo "${priv}" | wg pubkey)
else
    pub="$2"
fi
test -n "${priv}"
test -n "${pub}"

api="https://api.cloudflareclient.com/v0i1909051800"
ins() { vrb=$1; shift; path=$1; shift; curl -s -H 'user-agent:' -H 'content-type: application/json' -X "${vrb}" "${api}/${path}" "$@"; }
sec() { token=$1; shift; ins "$@" -H 'authorization: Bearer '"${token}"''; }

# Get ID and auth token
tmp=($(ins POST "reg" -d '{"install_id":"","tos":"'"$(date -u +%FT%T.000Z)"'","key":"'"${pub}"'","fcm_token":"","type":"ios","locale":"en_US"}' |
    jq -r '.result|.id+" "+.token'
))
test "${#tmp[@]}" -eq 2
id="${tmp[0]}"
token="${tmp[1]}"

# Enable WARP
tmp=($(sec "${token}" PATCH "reg/${id}" -d '{"warp_enabled":true}' |
    jq -r '.result.config|(.peers[0]|.public_key+" "+.endpoint.host)+" "+.interface.addresses.v4+" "+.interface.addresses.v6'
))
test "${#tmp[@]}" -eq 4
peer_pub="${tmp[0]}"
peer_endpoint="${tmp[1]}"
client_ipv4="${tmp[2]}"
client_ipv6="${tmp[3]}"

# Generate and output config
conf=$(cat <<-EOM
[Interface]
PrivateKey = ${priv}
Address = ${client_ipv4}, ${client_ipv6}
DNS = 1.1.1.1, 2606:4700:4700::1111, 1.0.0.1, 2606:4700:4700::1001

[Peer]
PublicKey = ${peer_pub}
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = ${peer_endpoint}
EOM
)

[ -t 1 ] && echo "########## START CONFIG ##########"
echo "${conf}"
[ -t 1 ] && echo "########### END CONFIG ###########"

if [ -t 1 ] && command -v qrencode > /dev/null; then
    echo "${conf}" | qrencode -t ansiutf8
fi
	#!/usr/bin/env bash
	set -eou pipefail

	# This script takes/generates a Wireguard private/public key pair, registers it with CloudFlare's WARP
	# service, and outputs a Wireguard config file.

	# Adapted from @saurik's script here: https://twitter.com/saurik/status/1176893448445558784

	if [ "$#" -gt 0 ] && [ "$1" = "--help" ]; then
	echo "Creates a Wireguard config file for CloudFlare's WARP service."
	echo "THIS IS NOT AN OFFICIAL CLIENT."
	echo ""
	echo "Usage:"
	echo "$(basename "$0") [<private key> [<public key>]]"
	echo ""
	echo "Will output a config file that can be imported into most Wireguard clients."
	echo "If 'qrencode' is availible a QR code will also be output to the terminal."
	echo ""
	echo "If the private or public keys are not provided, they will be generated"
	echo "(this requires 'wg' from the 'wireguard-tools' package)."
	exit 0
	fi

	# Generate keys
	if [ $# -lt 1 ]; then
	priv="$(wg genkey)"
	else
	priv="$1"
	fi
	if [ $# -lt 2 ]; then
	pub=$(echo "${priv}" \| wg pubkey)
	else
	pub="$2"
	fi
	test -n "${priv}"
	test -n "${pub}"

	api="https://api.cloudflareclient.com/v0i1909051800"
	ins() { vrb=$1; shift; path=$1; shift; curl -s -H 'user-agent:' -H 'content-type: application/json' -X "${vrb}" "${api}/${path}" "$@"; }
	sec() { token=$1; shift; ins "$@" -H 'authorization: Bearer '"${token}"''; }

	# Get ID and auth token
	tmp=($(ins POST "reg" -d '{"install_id":"","tos":"'"$(date -u +%FT%T.000Z)"'","key":"'"${pub}"'","fcm_token":"","type":"ios","locale":"en_US"}' \|
	jq -r '.result\|.id+" "+.token'
	))
	test "${#tmp[@]}" -eq 2
	id="${tmp[0]}"
	token="${tmp[1]}"

	# Enable WARP
	tmp=($(sec "${token}" PATCH "reg/${id}" -d '{"warp_enabled":true}' \|
	jq -r '.result.config\|(.peers[0]\|.public_key+" "+.endpoint.host)+" "+.interface.addresses.v4+" "+.interface.addresses.v6'
	))
	test "${#tmp[@]}" -eq 4
	peer_pub="${tmp[0]}"
	peer_endpoint="${tmp[1]}"
	client_ipv4="${tmp[2]}"
	client_ipv6="${tmp[3]}"

	# Generate and output config
	conf=$(cat <<-EOM
	[Interface]
	PrivateKey = ${priv}
	Address = ${client_ipv4}, ${client_ipv6}
	DNS = 1.1.1.1, 2606:4700:4700::1111, 1.0.0.1, 2606:4700:4700::1001

	[Peer]
	PublicKey = ${peer_pub}
	AllowedIPs = 0.0.0.0/0, ::/0
	Endpoint = ${peer_endpoint}
	EOM
	)

	[ -t 1 ] && echo "########## START CONFIG ##########"
	echo "${conf}"
	[ -t 1 ] && echo "########### END CONFIG ###########"

	if [ -t 1 ] && command -v qrencode > /dev/null; then
	echo "${conf}" \| qrencode -t ansiutf8
	fi