add inspect to server, move Inspect from mgmt
This commit is contained in:
parent
309ecf89f5
commit
24f5b4b2d2
|
|
@ -14,12 +14,13 @@ import (
|
|||
"strings"
|
||||
|
||||
"git.coolaj86.com/coolaj86/go-telebitd/log"
|
||||
"git.coolaj86.com/coolaj86/go-telebitd/mplexer/mgmt"
|
||||
"git.coolaj86.com/coolaj86/go-telebitd/relay"
|
||||
"git.coolaj86.com/coolaj86/go-telebitd/relay/api"
|
||||
"git.coolaj86.com/coolaj86/go-telebitd/relay/mplexy"
|
||||
|
||||
"github.com/caddyserver/certmagic"
|
||||
jwt "github.com/dgrijalva/jwt-go"
|
||||
//jwt "github.com/dgrijalva/jwt-go"
|
||||
"github.com/go-acme/lego/v3/providers/dns/duckdns"
|
||||
lumberjack "gopkg.in/natefinch/lumberjack.v2"
|
||||
|
||||
|
|
@ -57,6 +58,8 @@ var (
|
|||
acmeAgree bool
|
||||
acmeStaging bool
|
||||
allclients string
|
||||
authURL string
|
||||
acmeRelay string
|
||||
)
|
||||
|
||||
func init() {
|
||||
|
|
@ -66,6 +69,8 @@ func init() {
|
|||
flag.BoolVar(&acmeAgree, "acme-agree", false, "agree to the terms of the ACME service provider (required)")
|
||||
flag.BoolVar(&acmeStaging, "staging", false, "get fake certificates for testing")
|
||||
flag.StringVar(&adminHostName, "admin-hostname", "", "the management domain")
|
||||
flag.StringVar(&authURL, "auth-url", "http://localhost:3010/api", "the auth server url")
|
||||
flag.StringVar(&acmeRelay, "acme-relay", "", "the ACME DNS-01 relay, if any")
|
||||
flag.StringVar(&wssHostName, "wss-hostname", "", "the wss domain for connecting devices, if different from admin")
|
||||
flag.StringVar(&configPath, "config-path", configPath, "Configuration File Path")
|
||||
flag.StringVar(&secretKey, "secret", "", "a >= 16-character random string for JWT key signing") // SECRET
|
||||
|
|
@ -220,9 +225,12 @@ func main() {
|
|||
tokenString = r.URL.Query().Get("access_token")
|
||||
}
|
||||
|
||||
tok, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
|
||||
return []byte(secretKey), nil
|
||||
})
|
||||
grants, err := mgmt.Inspect(authURL, tokenString)
|
||||
/*
|
||||
tok, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
|
||||
return []byte(secretKey), nil
|
||||
})
|
||||
*/
|
||||
if nil != err {
|
||||
fmt.Println("return an error, do not go on")
|
||||
return nil, err
|
||||
|
|
@ -230,9 +238,11 @@ func main() {
|
|||
fmt.Printf("client claims:\n%+v\n", tok.Claims)
|
||||
|
||||
domains := []string{}
|
||||
for _, name := range tok.Claims.(jwt.MapClaims)["domains"].([]interface{}) {
|
||||
domains = append(domains, name.(string))
|
||||
}
|
||||
/*
|
||||
for _, name := range tok.Claims.(jwt.MapClaims)["domains"].([]interface{}) {
|
||||
domains = append(domains, name.(string))
|
||||
}
|
||||
*/
|
||||
authz := &mplexy.Authz{
|
||||
Domains: domains,
|
||||
}
|
||||
|
|
|
|||
|
|
@ -165,14 +165,14 @@ func main() {
|
|||
}
|
||||
}
|
||||
|
||||
grants, err := mgmt.Inspect(*authURL, *token)
|
||||
grants, err := telebit.Inspect(*authURL, *token)
|
||||
if nil != err {
|
||||
_, err := mgmt.Register(*authURL, *secret, ppid)
|
||||
if nil != err {
|
||||
fmt.Fprintf(os.Stderr, "failed to register client: %s", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
grants, err = mgmt.Inspect(*authURL, *token)
|
||||
grants, err = telebit.Inspect(*authURL, *token)
|
||||
if nil != err {
|
||||
fmt.Fprintf(os.Stderr, "failed to authenticate after registering client: %s", err)
|
||||
os.Exit(1)
|
||||
|
|
|
|||
|
|
@ -0,0 +1,10 @@
|
|||
TOKEN=$(go run cmd/signjwt/*.go)
|
||||
echo "TOKEN: $TOKEN"
|
||||
|
||||
my_shared="k7nsLSwNKbOeBhDFpbhwGHv"
|
||||
my_domain="duckdns.org"
|
||||
my_client="rooted"
|
||||
curl -X POST http://roottest.duckdns.org:3010/api/devices \
|
||||
-H "Authorization: Bearer ${TOKEN}" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d '{ "slug": "'$my_client'", "shared_key": "'$my_shared'" }'
|
||||
|
|
@ -10,10 +10,6 @@ import (
|
|||
"git.coolaj86.com/coolaj86/go-telebitd/mplexer/mgmt/authstore"
|
||||
)
|
||||
|
||||
type Grants struct {
|
||||
Domains []string `json:"domains"`
|
||||
}
|
||||
|
||||
type SuccessResponse struct {
|
||||
Success bool `json:"success"`
|
||||
}
|
||||
|
|
@ -37,23 +33,6 @@ func Ping(authURL, token string) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func Inspect(authURL, token string) (*Grants, error) {
|
||||
msg, err := telebit.Request("GET", authURL+"/inspect", token, nil)
|
||||
if nil != err {
|
||||
return nil, err
|
||||
}
|
||||
if nil == msg {
|
||||
return nil, fmt.Errorf("invalid response")
|
||||
}
|
||||
|
||||
grants := &Grants{}
|
||||
err = json.NewDecoder(msg).Decode(grants)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return grants, nil
|
||||
}
|
||||
|
||||
func Register(authURL, secret, ppid string) (kid string, err error) {
|
||||
pub := authstore.ToPublicKeyString(ppid)
|
||||
jsonb := bytes.NewBuffer([]byte(
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ package telebit
|
|||
import (
|
||||
"bytes"
|
||||
"crypto/tls"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
|
|
@ -258,6 +259,27 @@ func newCertMagic(acme *ACME) (*certmagic.Config, error) {
|
|||
return magic, nil
|
||||
}
|
||||
|
||||
type Grants struct {
|
||||
Domains []string `json:"domains"`
|
||||
}
|
||||
|
||||
func Inspect(authURL, token string) (*Grants, error) {
|
||||
msg, err := Request("GET", authURL+"/inspect", token, nil)
|
||||
if nil != err {
|
||||
return nil, err
|
||||
}
|
||||
if nil == msg {
|
||||
return nil, fmt.Errorf("invalid response")
|
||||
}
|
||||
|
||||
grants := &Grants{}
|
||||
err = json.NewDecoder(msg).Decode(grants)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return grants, nil
|
||||
}
|
||||
|
||||
func Request(method, fullurl, token string, payload io.Reader) (io.Reader, error) {
|
||||
HTTPClient := &http.Client{
|
||||
Timeout: 15 * time.Second,
|
||||
|
|
|
|||
Loading…
Reference in New Issue