root/telebit
1
0
Fork 0
mirror of https://github.com/therootcompany/telebit.git synced 2025-11-04 07:12:52 +00:00
Code Issues Projects Releases Wiki Activity

add back SECRET for ACME relay

Browse Source
This commit is contained in:
AJ ONeal 2020-07-17 07:50:55 +00:00
parent 634bd1b67f
commit 64d12ec535
3 changed files with 25 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
cmd/telebit/telebit.go
View File

@ -54,6 +54,10 @@ var authorizer telebit.Authorizer
var isHostname = regexp.MustCompile(`^[A-Za-z0-9_\.\-]+$`).MatchString var isHostname = regexp.MustCompile(`^[A-Za-z0-9_\.\-]+$`).MatchString
// ClientID may be baked in, or may be supplied via command line
var ClientID string
var ClientSecret string
func main() { func main() {
var domains []string var domains []string
var forwards []Forward var forwards []Forward
@ -150,10 +154,20 @@ func main() {
return return
} }
if 0 == len(*secret) { // Baked-in takes precedence
*secret = os.Getenv("SECRET") if 0 == len(ClientID) {
ClientID = *appID
} }
ppid, err := machineid.ProtectedID(fmt.Sprintf("%s|%s", *appID, *secret)) if 0 == len(ClientID) {
ClientID = os.Getenv("APP_ID")
}
if 0 == len(ClientSecret) {
ClientSecret = *secret
}
if 0 == len(ClientSecret) {
ClientSecret = os.Getenv("SECRET")
}
ppid, err := machineid.ProtectedID(fmt.Sprintf("%s|%s", ClientID, ClientSecret))
if nil != err { if nil != err {
fmt.Fprintf(os.Stderr, "unauthorized device\n") fmt.Fprintf(os.Stderr, "unauthorized device\n")
os.Exit(1) os.Exit(1)
@ -162,6 +176,9 @@ func main() {
ppidBytes, err := hex.DecodeString(ppid) ppidBytes, err := hex.DecodeString(ppid)
ppid = base64.RawURLEncoding.EncodeToString(ppidBytes) ppid = base64.RawURLEncoding.EncodeToString(ppidBytes)
if 0 == len(*token) {
*token = os.Getenv("TOKEN")
}
if 0 == len(*token) { if 0 == len(*token) {
*token, err = authstore.HMACToken(ppid) *token, err = authstore.HMACToken(ppid)
if nil != err { if nil != err {
@ -194,14 +211,14 @@ func main() {
} }
if len(*relay) > 0 /* || len(*acmeRelay) > 0 */ { if len(*relay) > 0 /* || len(*acmeRelay) > 0 */ {
if "" == *authURL { if "" == *authURL {
*authURL = strings.Replace(*relay, "ws", "http", 1) // "https://example.com:443" *authURL = strings.Replace(*relay, "ws", "http", 1) + "/api" // "https://example.com:443"
} }
// TODO look at relay rather than authURL? // TODO look at relay rather than authURL?
fmt.Println("Auth URL", *authURL) fmt.Println("Auth URL", *authURL)
authorizer = NewAuthorizer(*authURL) authorizer = NewAuthorizer(*authURL)
grants, err := telebit.Inspect(*authURL, *token) grants, err := telebit.Inspect(*authURL, *token)
if nil != err { if nil != err {
_, err := mgmt.Register(*authURL, *secret, ppid) _, err := mgmt.Register(*authURL, ClientSecret, ppid)
if nil != err { if nil != err {
fmt.Fprintf(os.Stderr, "failed to register client: %s\n", err) fmt.Fprintf(os.Stderr, "failed to register client: %s\n", err)
os.Exit(1) os.Exit(1)

1
examples/relay.env
View File

@ -11,6 +11,7 @@ ACME_EMAIL=jon.doe@example.com
# For Let's Encrypt ACME Challenges (pick one) # For Let's Encrypt ACME Challenges (pick one)
ACME_RELAY_URL=http://localhost:4200 ACME_RELAY_URL=http://localhost:4200
SECRET=xxxxxxxxxxxxxxxx
#DUCKDNS_TOKEN=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX #DUCKDNS_TOKEN=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
#GODADDY_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx #GODADDY_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
#GODADDY_API_SECRET=XXXXXXXXXXXXXXXXXXXXXX #GODADDY_API_SECRET=XXXXXXXXXXXXXXXXXXXXXX

2
examples/run-as-relay.sh
View File

@ -22,6 +22,7 @@ AUTH_URL=${AUTH_URL:-"https://devices.example.com/api"}
# For Let's Encrypt / ACME challenges # For Let's Encrypt / ACME challenges
ACME_RELAY_URL=${ACME_RELAY_URL:-"http://localhost:4200"} ACME_RELAY_URL=${ACME_RELAY_URL:-"http://localhost:4200"}
SECRET=${SECRET:-"xxxxxxxxxxxxxxxx"}
# For Let's Encrypt / ACME registration # For Let's Encrypt / ACME registration
ACME_AGREE=${ACME_AGREE:-} ACME_AGREE=${ACME_AGREE:-}
@ -33,4 +34,5 @@ ACME_EMAIL="${ACME_EMAIL:-}"
--acme-agree "$ACME_AGREE" \ --acme-agree "$ACME_AGREE" \
--acme-email "$ACME_EMAIL" \ --acme-email "$ACME_EMAIL" \
--acme-relay-url "$ACME_RELAY_URL" \ --acme-relay-url "$ACME_RELAY_URL" \
--secret "$SECRET" \
--listen "$LISTEN" --listen "$LISTEN"