diff --git a/cmd/telebit/telebit.go b/cmd/telebit/telebit.go index a5838b8..a161155 100644 --- a/cmd/telebit/telebit.go +++ b/cmd/telebit/telebit.go @@ -54,6 +54,10 @@ var authorizer telebit.Authorizer var isHostname = regexp.MustCompile(`^[A-Za-z0-9_\.\-]+$`).MatchString +// ClientID may be baked in, or may be supplied via command line +var ClientID string +var ClientSecret string + func main() { var domains []string var forwards []Forward @@ -150,10 +154,20 @@ func main() { return } - if 0 == len(*secret) { - *secret = os.Getenv("SECRET") + // Baked-in takes precedence + if 0 == len(ClientID) { + ClientID = *appID } - ppid, err := machineid.ProtectedID(fmt.Sprintf("%s|%s", *appID, *secret)) + if 0 == len(ClientID) { + ClientID = os.Getenv("APP_ID") + } + if 0 == len(ClientSecret) { + ClientSecret = *secret + } + if 0 == len(ClientSecret) { + ClientSecret = os.Getenv("SECRET") + } + ppid, err := machineid.ProtectedID(fmt.Sprintf("%s|%s", ClientID, ClientSecret)) if nil != err { fmt.Fprintf(os.Stderr, "unauthorized device\n") os.Exit(1) @@ -162,6 +176,9 @@ func main() { ppidBytes, err := hex.DecodeString(ppid) ppid = base64.RawURLEncoding.EncodeToString(ppidBytes) + if 0 == len(*token) { + *token = os.Getenv("TOKEN") + } if 0 == len(*token) { *token, err = authstore.HMACToken(ppid) if nil != err { @@ -194,14 +211,14 @@ func main() { } if len(*relay) > 0 /* || len(*acmeRelay) > 0 */ { if "" == *authURL { - *authURL = strings.Replace(*relay, "ws", "http", 1) // "https://example.com:443" + *authURL = strings.Replace(*relay, "ws", "http", 1) + "/api" // "https://example.com:443" } // TODO look at relay rather than authURL? fmt.Println("Auth URL", *authURL) authorizer = NewAuthorizer(*authURL) grants, err := telebit.Inspect(*authURL, *token) if nil != err { - _, err := mgmt.Register(*authURL, *secret, ppid) + _, err := mgmt.Register(*authURL, ClientSecret, ppid) if nil != err { fmt.Fprintf(os.Stderr, "failed to register client: %s\n", err) os.Exit(1) diff --git a/examples/relay.env b/examples/relay.env index 2b0e323..5142b91 100644 --- a/examples/relay.env +++ b/examples/relay.env @@ -11,6 +11,7 @@ ACME_EMAIL=jon.doe@example.com # For Let's Encrypt ACME Challenges (pick one) ACME_RELAY_URL=http://localhost:4200 +SECRET=xxxxxxxxxxxxxxxx #DUCKDNS_TOKEN=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX #GODADDY_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx #GODADDY_API_SECRET=XXXXXXXXXXXXXXXXXXXXXX diff --git a/examples/run-as-relay.sh b/examples/run-as-relay.sh index 74a6916..4edd2ec 100644 --- a/examples/run-as-relay.sh +++ b/examples/run-as-relay.sh @@ -22,6 +22,7 @@ AUTH_URL=${AUTH_URL:-"https://devices.example.com/api"} # For Let's Encrypt / ACME challenges ACME_RELAY_URL=${ACME_RELAY_URL:-"http://localhost:4200"} +SECRET=${SECRET:-"xxxxxxxxxxxxxxxx"} # For Let's Encrypt / ACME registration ACME_AGREE=${ACME_AGREE:-} @@ -33,4 +34,5 @@ ACME_EMAIL="${ACME_EMAIL:-}" --acme-agree "$ACME_AGREE" \ --acme-email "$ACME_EMAIL" \ --acme-relay-url "$ACME_RELAY_URL" \ + --secret "$SECRET" \ --listen "$LISTEN"