Public accessible and usable Wireguard-UIs

[Mariuxdeangelo]

Open Problem / Issue.
I was looking for a Wireguard UI which I could use to setup a VPN myself and encountered this cool repo. I really appreciate this product. But I didn't understand your authentication method. When I setup your system (I used your Docker container) It exposes the Ports to the Public and there is no authentication or Passwort at all. Or is your project supposed to run in a secure network?

Solution
It would be great if you could add some authentication to the WebUI so not everybody on the internet can use it. (Login or something)

alternatives
Maybe you could also change your setup descriptions. So that the ports don't get exposed and give a piece of quick information to the users so that they are aware, that the UI is publicly accessible.

Additional context
I write this Issue because I'm practically conserned. I think a lot of people who are using the system are not aware of this issue.
I actually was able to find 9 systems on the Internet with shodan (excluded my own Honeypot). You can simply search for the Session Cookie which is always wguser=anonymous.

Here a link with a preconfigured search: shodan

Also here a typically firewall-scan result:

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 927
Content-Type: text/html; charset=utf-8
Last-Modified: Mon, 01 Feb 2021 09:46:20 GMT
Set-Cookie: wguser=anonymous; Path=/
Date: Mon, 29 Mar 2021 18:00:48 GMT

[findmyname666]

Just looking around and wau that is scary :) Possible workaround - you can put Nginx before it and use mtls or basic auth.