2020-05-26 07:47:22 +00:00
|
|
|
//go:generate go run -mod=vendor git.rootprojects.org/root/go-gitver
|
|
|
|
|
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"flag"
|
|
|
|
"fmt"
|
2020-05-30 23:14:40 +00:00
|
|
|
"log"
|
2020-05-26 07:47:22 +00:00
|
|
|
"net/http"
|
|
|
|
"os"
|
2020-05-26 09:05:39 +00:00
|
|
|
"strings"
|
2020-05-26 07:47:22 +00:00
|
|
|
|
2020-07-20 22:20:59 +00:00
|
|
|
"git.rootprojects.org/root/telebit/mgmt/authstore"
|
2020-05-30 23:14:40 +00:00
|
|
|
|
2020-05-26 07:47:22 +00:00
|
|
|
"github.com/go-acme/lego/v3/challenge"
|
|
|
|
"github.com/go-acme/lego/v3/providers/dns/duckdns"
|
|
|
|
"github.com/go-acme/lego/v3/providers/dns/godaddy"
|
|
|
|
_ "github.com/joho/godotenv/autoload"
|
|
|
|
)
|
|
|
|
|
|
|
|
var (
|
|
|
|
// GitRev refers to the abbreviated commit hash
|
|
|
|
GitRev = "0000000"
|
|
|
|
// GitVersion refers to the most recent tag, plus any commits made since then
|
|
|
|
GitVersion = "v0.0.0-pre0+0000000"
|
|
|
|
// GitTimestamp refers to the timestamp of the most recent commit
|
|
|
|
GitTimestamp = "0000-00-00T00:00:00+0000"
|
|
|
|
)
|
|
|
|
|
2020-11-05 09:11:17 +00:00
|
|
|
// MWKey is a type guard
|
2020-05-26 09:05:39 +00:00
|
|
|
type MWKey string
|
|
|
|
|
2020-05-30 23:14:40 +00:00
|
|
|
var store authstore.Store
|
|
|
|
var provider challenge.Provider = nil // TODO is this concurrency-safe?
|
2020-07-22 03:56:46 +00:00
|
|
|
var secret string
|
2020-05-31 13:02:46 +00:00
|
|
|
var primaryDomain string
|
2020-07-22 03:56:46 +00:00
|
|
|
var relayDomain string
|
2020-05-31 13:02:46 +00:00
|
|
|
|
|
|
|
func help() {
|
2020-07-22 05:47:47 +00:00
|
|
|
fmt.Fprintf(os.Stderr, "Usage: mgmt --domain <devices.example.com> --secret <128-bit secret>\n")
|
2020-05-31 13:02:46 +00:00
|
|
|
}
|
2020-05-30 23:14:40 +00:00
|
|
|
|
2020-05-26 07:47:22 +00:00
|
|
|
func main() {
|
|
|
|
var err error
|
|
|
|
|
|
|
|
addr := flag.String("address", "", "IPv4 or IPv6 bind address")
|
|
|
|
port := flag.String("port", "3000", "port to listen to")
|
2020-11-05 09:11:17 +00:00
|
|
|
challengesPort := flag.String("challenges-port", "80", "port to use to respond to .well-known/acme-challenge tokens")
|
2020-05-30 23:14:40 +00:00
|
|
|
dbURL := flag.String(
|
|
|
|
"db-url",
|
|
|
|
"postgres://postgres:postgres@localhost/postgres",
|
|
|
|
"database (postgres) connection url",
|
|
|
|
)
|
2020-07-22 03:56:46 +00:00
|
|
|
flag.StringVar(&secret, "secret", "", "a >= 16-character random string for JWT key signing")
|
|
|
|
flag.StringVar(&primaryDomain, "domain", "", "the base domain to use for all clients")
|
2020-07-22 05:47:47 +00:00
|
|
|
flag.StringVar(&relayDomain, "tunnel-domain", "", "the domain name of the tunnel relay service, if different from base domain")
|
2020-05-26 07:47:22 +00:00
|
|
|
flag.Parse()
|
|
|
|
|
2020-07-22 05:47:47 +00:00
|
|
|
if "" == primaryDomain {
|
2020-05-31 13:02:46 +00:00
|
|
|
help()
|
|
|
|
os.Exit(1)
|
|
|
|
}
|
2020-07-22 05:47:47 +00:00
|
|
|
if "" == relayDomain {
|
|
|
|
relayDomain = primaryDomain
|
|
|
|
}
|
2020-05-31 13:02:46 +00:00
|
|
|
|
2020-05-26 07:47:22 +00:00
|
|
|
if "" != os.Getenv("GODADDY_API_KEY") {
|
|
|
|
id := os.Getenv("GODADDY_API_KEY")
|
2020-05-26 09:05:39 +00:00
|
|
|
apiSecret := os.Getenv("GODADDY_API_SECRET")
|
|
|
|
if provider, err = newGoDaddyDNSProvider(id, apiSecret); nil != err {
|
2020-05-26 07:47:22 +00:00
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
} else if "" != os.Getenv("DUCKDNS_TOKEN") {
|
|
|
|
if provider, err = newDuckDNSProvider(os.Getenv("DUCKDNS_TOKEN")); nil != err {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
panic("Must provide either DUCKDNS or GODADDY credentials")
|
|
|
|
}
|
|
|
|
|
2020-07-22 03:56:46 +00:00
|
|
|
if "" == secret {
|
|
|
|
secret = os.Getenv("SECRET")
|
2020-05-26 09:05:39 +00:00
|
|
|
}
|
2020-07-22 03:56:46 +00:00
|
|
|
if "" == secret {
|
2020-05-31 13:02:46 +00:00
|
|
|
help()
|
2020-05-26 09:05:39 +00:00
|
|
|
os.Exit(1)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2020-05-30 23:14:40 +00:00
|
|
|
connStr := *dbURL
|
|
|
|
// TODO url.Parse
|
2020-06-03 06:17:30 +00:00
|
|
|
if strings.Contains(connStr, "@localhost/") || strings.Contains(connStr, "@localhost:") {
|
2020-05-30 23:14:40 +00:00
|
|
|
connStr += "?sslmode=disable"
|
|
|
|
} else {
|
|
|
|
connStr += "?sslmode=required"
|
|
|
|
}
|
|
|
|
|
|
|
|
store, err = authstore.NewStore(connStr, initSQL)
|
|
|
|
if nil != err {
|
|
|
|
log.Fatal("connection error", err)
|
|
|
|
return
|
|
|
|
}
|
2020-07-22 03:56:46 +00:00
|
|
|
_ = store.SetMaster(secret)
|
2020-05-30 23:14:40 +00:00
|
|
|
defer store.Close()
|
2020-05-26 07:47:22 +00:00
|
|
|
|
2020-11-05 09:11:17 +00:00
|
|
|
go func() {
|
2020-11-05 09:19:27 +00:00
|
|
|
fmt.Println("Listening for ACME challenges on :" + *challengesPort)
|
|
|
|
if err := http.ListenAndServe(":"+*challengesPort, routeStatic()); nil != err {
|
|
|
|
log.Fatal(err)
|
|
|
|
os.Exit(1)
|
|
|
|
}
|
2020-11-05 09:11:17 +00:00
|
|
|
}()
|
|
|
|
|
2020-05-26 07:47:22 +00:00
|
|
|
bind := *addr + ":" + *port
|
|
|
|
fmt.Println("Listening on", bind)
|
2020-06-03 06:17:30 +00:00
|
|
|
fmt.Fprintf(os.Stderr, "failed: %s", http.ListenAndServe(bind, routeAll()))
|
2020-05-26 07:47:22 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// newDuckDNSProvider is for the sake of demoing the tunnel
|
|
|
|
func newDuckDNSProvider(token string) (*duckdns.DNSProvider, error) {
|
|
|
|
config := duckdns.NewDefaultConfig()
|
|
|
|
config.Token = token
|
|
|
|
return duckdns.NewDNSProviderConfig(config)
|
|
|
|
}
|
|
|
|
|
|
|
|
// newGoDaddyDNSProvider is for the sake of demoing the tunnel
|
|
|
|
func newGoDaddyDNSProvider(id, secret string) (*godaddy.DNSProvider, error) {
|
|
|
|
config := godaddy.NewDefaultConfig()
|
|
|
|
config.APIKey = id
|
|
|
|
config.APISecret = secret
|
|
|
|
return godaddy.NewDNSProviderConfig(config)
|
|
|
|
}
|