luci-proto-wireguard: stricter input validation

[project/luci.git] / protocols / luci-proto-wireguard / luasrc / model / cbi / admin_network / proto_wireguard.lua

diff --git a/protocols/luci-proto-wireguard/luasrc/model/cbi/admin_network/proto_wireguard.lua b/protocols/luci-proto-wireguard/luasrc/model/cbi/admin_network/proto_wireguard.lua
index e585324..d950081 100644 (file)
--- a/protocols/luci-proto-wireguard/luasrc/model/cbi/admin_network/proto_wireguard.lua
+++ b/protocols/luci-proto-wireguard/luasrc/model/cbi/admin_network/proto_wireguard.lua
@@ -19,7 +19,7 @@ private_key = section:taboption(
   translate("Required. Base64-encoded private key for this interface.")
 )
 private_key.password = true
-private_key.datatype = "rangelength(44, 44)"
+private_key.datatype = "and(base64,rangelength(44, 44))"
 private_key.optional = false
 
 
@@ -66,8 +66,8 @@ mtu = section:taboption(
   translate("MTU"),
   translate("Optional. Maximum Transmission Unit of tunnel interface.")
 )
-mtu.datatype = "range(1280,1423)"
-mtu.placeholder = "1423"
+mtu.datatype = "range(1280,1420)"
+mtu.placeholder = "1420"
 mtu.optional = true
 
 
@@ -76,11 +76,12 @@ preshared_key = section:taboption(
   Value,
   "preshared_key",
   translate("Preshared Key"),
-  translate("Optional. Adds in an additional layer of symmetric-key " ..
+  translate("Optional. Base64-encoded preshared key. " ..
+            "Adds in an additional layer of symmetric-key " ..
             "cryptography for post-quantum resistance.")
 )
 preshared_key.password = true
-preshared_key.datatype = "rangelength(44, 44)"
+preshared_key.datatype = "and(base64,rangelength(44, 44))"
 preshared_key.optional = true
 
 
@@ -102,9 +103,9 @@ public_key = peers:option(
   Value,
   "public_key",
   translate("Public Key"),
-  translate("Required. Public key of peer.")
+  translate("Required. Base64-encoded public key of peer.")
 )
-public_key.datatype = "rangelength(44, 44)"
+public_key.datatype = "and(base64,rangelength(44, 44))"
 public_key.optional = false