add inspect to server, move Inspect from mgmt

2020-06-01 04:16:25 -06:00 · 2020-06-01 04:16:25 -06:00 · 24f5b4b2d2
parent 309ecf89f5
commit 24f5b4b2d2
5 changed files with 51 additions and 30 deletions
--- a/cmd/telebit-relay/telebit-relay.go
+++ b/cmd/telebit-relay/telebit-relay.go
@ -14,12 +14,13 @@ import (
 	"strings"
 	"git.coolaj86.com/coolaj86/go-telebitd/log"
 	"git.coolaj86.com/coolaj86/go-telebitd/mplexer/mgmt"
 	"git.coolaj86.com/coolaj86/go-telebitd/relay"
 	"git.coolaj86.com/coolaj86/go-telebitd/relay/api"
 	"git.coolaj86.com/coolaj86/go-telebitd/relay/mplexy"
 	"github.com/caddyserver/certmagic"
-	jwt "github.com/dgrijalva/jwt-go"
+	//jwt "github.com/dgrijalva/jwt-go"
 	"github.com/go-acme/lego/v3/providers/dns/duckdns"
 	lumberjack "gopkg.in/natefinch/lumberjack.v2"
@ -57,6 +58,8 @@ var (
 	acmeAgree         bool
 	acmeStaging       bool
 	allclients        string
 	authURL           string
 	acmeRelay         string
 )
 func init() {
@ -66,6 +69,8 @@ func init() {
 	flag.BoolVar(&acmeAgree, "acme-agree", false, "agree to the terms of the ACME service provider (required)")
 	flag.BoolVar(&acmeStaging, "staging", false, "get fake certificates for testing")
 	flag.StringVar(&adminHostName, "admin-hostname", "", "the management domain")
 	flag.StringVar(&authURL, "auth-url", "http://localhost:3010/api", "the auth server url")
 	flag.StringVar(&acmeRelay, "acme-relay", "", "the ACME DNS-01 relay, if any")
 	flag.StringVar(&wssHostName, "wss-hostname", "", "the wss domain for connecting devices, if different from admin")
 	flag.StringVar(&configPath, "config-path", configPath, "Configuration File Path")
 	flag.StringVar(&secretKey, "secret", "", "a >= 16-character random string for JWT key signing") // SECRET
@ -220,9 +225,12 @@ func main() {
 			tokenString = r.URL.Query().Get("access_token")
 		}
-		tok, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
+		grants, err := mgmt.Inspect(authURL, tokenString)
-			return []byte(secretKey), nil
+		/*
-		})
+			tok, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
 				return []byte(secretKey), nil
 			})
 		*/
 		if nil != err {
 			fmt.Println("return an error, do not go on")
 			return nil, err
@ -230,9 +238,11 @@ func main() {
 		fmt.Printf("client claims:\n%+v\n", tok.Claims)
 		domains := []string{}
-		for _, name := range tok.Claims.(jwt.MapClaims)["domains"].([]interface{}) {
+		/*
-			domains = append(domains, name.(string))
+			for _, name := range tok.Claims.(jwt.MapClaims)["domains"].([]interface{}) {
-		}
+				domains = append(domains, name.(string))
 			}
 		*/
 		authz := &mplexy.Authz{
 			Domains: domains,
 		}
--- a/mplexer/cmd/telebit/telebit.go
+++ b/mplexer/cmd/telebit/telebit.go
@ -165,14 +165,14 @@ func main() {
 		}
 	}
-	grants, err := mgmt.Inspect(*authURL, *token)
+	grants, err := telebit.Inspect(*authURL, *token)
 	if nil != err {
 		_, err := mgmt.Register(*authURL, *secret, ppid)
 		if nil != err {
 			fmt.Fprintf(os.Stderr, "failed to register client: %s", err)
 			os.Exit(1)
 		}
-		grants, err = mgmt.Inspect(*authURL, *token)
+		grants, err = telebit.Inspect(*authURL, *token)
 		if nil != err {
 			fmt.Fprintf(os.Stderr, "failed to authenticate after registering client: %s", err)
 			os.Exit(1)
--- a/mplexer/mgmt-prereg.sh
+++ b/mplexer/mgmt-prereg.sh
@ -0,0 +1,10 @@
 TOKEN=$(go run cmd/signjwt/*.go)
 echo "TOKEN: $TOKEN"
 my_shared="k7nsLSwNKbOeBhDFpbhwGHv"
 my_domain="duckdns.org"
 my_client="rooted"
 curl -X POST http://roottest.duckdns.org:3010/api/devices \
    -H "Authorization: Bearer ${TOKEN}" \
    -H "Content-Type: application/json" \
    -d '{ "slug": "'$my_client'", "shared_key": "'$my_shared'" }'
--- a/mplexer/mgmt/auth.go
+++ b/mplexer/mgmt/auth.go
@ -10,10 +10,6 @@ import (
 	"git.coolaj86.com/coolaj86/go-telebitd/mplexer/mgmt/authstore"
 )
 type Grants struct {
 	Domains []string `json:"domains"`
 }
 type SuccessResponse struct {
 	Success bool `json:"success"`
 }
@ -37,23 +33,6 @@ func Ping(authURL, token string) error {
 	return nil
 }
 func Inspect(authURL, token string) (*Grants, error) {
 	msg, err := telebit.Request("GET", authURL+"/inspect", token, nil)
 	if nil != err {
 		return nil, err
 	}
 	if nil == msg {
 		return nil, fmt.Errorf("invalid response")
 	}
 	grants := &Grants{}
 	err = json.NewDecoder(msg).Decode(grants)
 	if err != nil {
 		return nil, err
 	}
 	return grants, nil
 }
 func Register(authURL, secret, ppid string) (kid string, err error) {
 	pub := authstore.ToPublicKeyString(ppid)
 	jsonb := bytes.NewBuffer([]byte(
--- a/mplexer/telebit.go
+++ b/mplexer/telebit.go
@ -3,6 +3,7 @@ package telebit
 import (
 	"bytes"
 	"crypto/tls"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
@ -258,6 +259,27 @@ func newCertMagic(acme *ACME) (*certmagic.Config, error) {
 	return magic, nil
 }
 type Grants struct {
 	Domains []string `json:"domains"`
 }
 func Inspect(authURL, token string) (*Grants, error) {
 	msg, err := Request("GET", authURL+"/inspect", token, nil)
 	if nil != err {
 		return nil, err
 	}
 	if nil == msg {
 		return nil, fmt.Errorf("invalid response")
 	}
 	grants := &Grants{}
 	err = json.NewDecoder(msg).Decode(grants)
 	if err != nil {
 		return nil, err
 	}
 	return grants, nil
 }
 func Request(method, fullurl, token string, payload io.Reader) (io.Reader, error) {
 	HTTPClient := &http.Client{
 		Timeout: 15 * time.Second,