diff --git a/cmd/telebit-relay/telebit-relay.go b/cmd/telebit-relay/telebit-relay.go index c9574b3..a2e2317 100644 --- a/cmd/telebit-relay/telebit-relay.go +++ b/cmd/telebit-relay/telebit-relay.go @@ -14,12 +14,13 @@ import ( "strings" "git.coolaj86.com/coolaj86/go-telebitd/log" + "git.coolaj86.com/coolaj86/go-telebitd/mplexer/mgmt" "git.coolaj86.com/coolaj86/go-telebitd/relay" "git.coolaj86.com/coolaj86/go-telebitd/relay/api" "git.coolaj86.com/coolaj86/go-telebitd/relay/mplexy" "github.com/caddyserver/certmagic" - jwt "github.com/dgrijalva/jwt-go" + //jwt "github.com/dgrijalva/jwt-go" "github.com/go-acme/lego/v3/providers/dns/duckdns" lumberjack "gopkg.in/natefinch/lumberjack.v2" @@ -57,6 +58,8 @@ var ( acmeAgree bool acmeStaging bool allclients string + authURL string + acmeRelay string ) func init() { @@ -66,6 +69,8 @@ func init() { flag.BoolVar(&acmeAgree, "acme-agree", false, "agree to the terms of the ACME service provider (required)") flag.BoolVar(&acmeStaging, "staging", false, "get fake certificates for testing") flag.StringVar(&adminHostName, "admin-hostname", "", "the management domain") + flag.StringVar(&authURL, "auth-url", "http://localhost:3010/api", "the auth server url") + flag.StringVar(&acmeRelay, "acme-relay", "", "the ACME DNS-01 relay, if any") flag.StringVar(&wssHostName, "wss-hostname", "", "the wss domain for connecting devices, if different from admin") flag.StringVar(&configPath, "config-path", configPath, "Configuration File Path") flag.StringVar(&secretKey, "secret", "", "a >= 16-character random string for JWT key signing") // SECRET @@ -220,9 +225,12 @@ func main() { tokenString = r.URL.Query().Get("access_token") } - tok, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) { - return []byte(secretKey), nil - }) + grants, err := mgmt.Inspect(authURL, tokenString) + /* + tok, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) { + return []byte(secretKey), nil + }) + */ if nil != err { fmt.Println("return an error, do not go on") return nil, err @@ -230,9 +238,11 @@ func main() { fmt.Printf("client claims:\n%+v\n", tok.Claims) domains := []string{} - for _, name := range tok.Claims.(jwt.MapClaims)["domains"].([]interface{}) { - domains = append(domains, name.(string)) - } + /* + for _, name := range tok.Claims.(jwt.MapClaims)["domains"].([]interface{}) { + domains = append(domains, name.(string)) + } + */ authz := &mplexy.Authz{ Domains: domains, } diff --git a/mplexer/cmd/telebit/telebit.go b/mplexer/cmd/telebit/telebit.go index 40ef4ca..a669590 100644 --- a/mplexer/cmd/telebit/telebit.go +++ b/mplexer/cmd/telebit/telebit.go @@ -165,14 +165,14 @@ func main() { } } - grants, err := mgmt.Inspect(*authURL, *token) + grants, err := telebit.Inspect(*authURL, *token) if nil != err { _, err := mgmt.Register(*authURL, *secret, ppid) if nil != err { fmt.Fprintf(os.Stderr, "failed to register client: %s", err) os.Exit(1) } - grants, err = mgmt.Inspect(*authURL, *token) + grants, err = telebit.Inspect(*authURL, *token) if nil != err { fmt.Fprintf(os.Stderr, "failed to authenticate after registering client: %s", err) os.Exit(1) diff --git a/mplexer/mgmt-prereg.sh b/mplexer/mgmt-prereg.sh new file mode 100644 index 0000000..5d946be --- /dev/null +++ b/mplexer/mgmt-prereg.sh @@ -0,0 +1,10 @@ +TOKEN=$(go run cmd/signjwt/*.go) +echo "TOKEN: $TOKEN" + +my_shared="k7nsLSwNKbOeBhDFpbhwGHv" +my_domain="duckdns.org" +my_client="rooted" +curl -X POST http://roottest.duckdns.org:3010/api/devices \ + -H "Authorization: Bearer ${TOKEN}" \ + -H "Content-Type: application/json" \ + -d '{ "slug": "'$my_client'", "shared_key": "'$my_shared'" }' diff --git a/mplexer/mgmt/auth.go b/mplexer/mgmt/auth.go index 13e7144..7892835 100644 --- a/mplexer/mgmt/auth.go +++ b/mplexer/mgmt/auth.go @@ -10,10 +10,6 @@ import ( "git.coolaj86.com/coolaj86/go-telebitd/mplexer/mgmt/authstore" ) -type Grants struct { - Domains []string `json:"domains"` -} - type SuccessResponse struct { Success bool `json:"success"` } @@ -37,23 +33,6 @@ func Ping(authURL, token string) error { return nil } -func Inspect(authURL, token string) (*Grants, error) { - msg, err := telebit.Request("GET", authURL+"/inspect", token, nil) - if nil != err { - return nil, err - } - if nil == msg { - return nil, fmt.Errorf("invalid response") - } - - grants := &Grants{} - err = json.NewDecoder(msg).Decode(grants) - if err != nil { - return nil, err - } - return grants, nil -} - func Register(authURL, secret, ppid string) (kid string, err error) { pub := authstore.ToPublicKeyString(ppid) jsonb := bytes.NewBuffer([]byte( diff --git a/mplexer/telebit.go b/mplexer/telebit.go index 7270967..b7ef0e9 100644 --- a/mplexer/telebit.go +++ b/mplexer/telebit.go @@ -3,6 +3,7 @@ package telebit import ( "bytes" "crypto/tls" + "encoding/json" "errors" "fmt" "io" @@ -258,6 +259,27 @@ func newCertMagic(acme *ACME) (*certmagic.Config, error) { return magic, nil } +type Grants struct { + Domains []string `json:"domains"` +} + +func Inspect(authURL, token string) (*Grants, error) { + msg, err := Request("GET", authURL+"/inspect", token, nil) + if nil != err { + return nil, err + } + if nil == msg { + return nil, fmt.Errorf("invalid response") + } + + grants := &Grants{} + err = json.NewDecoder(msg).Decode(grants) + if err != nil { + return nil, err + } + return grants, nil +} + func Request(method, fullurl, token string, payload io.Reader) (io.Reader, error) { HTTPClient := &http.Client{ Timeout: 15 * time.Second,