diff --git a/examples/remove-active-device.sh b/examples/admin-disconnect-device.sh similarity index 100% rename from examples/remove-active-device.sh rename to examples/admin-disconnect-device.sh diff --git a/examples/admin-list-devices.sh b/examples/admin-list-devices.sh new file mode 100644 index 0000000..d3ddca6 --- /dev/null +++ b/examples/admin-list-devices.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +set -e +set -u + +source .env +TUNNEL_RELAY_API="${TUNNEL_RELAY_API:-"https://devices.example.com/api"}" + +echo "RELAY_SECRET: $RELAY_SECRET" +TOKEN=$(go run cmd/signjwt/*.go \ + --vendor-id "$VENDOR_ID" \ + --secret "$RELAY_SECRET" \ + --machine-ppid "$RELAY_SECRET" +) +echo "ADMIN TOKEN: '$TOKEN'" + +echo "Auth URL: $TUNNEL_RELAY_API" +curl "$TUNNEL_RELAY_API/subscribers" -H "Authorization: Bearer ${TOKEN}" +curl "$TUNNEL_RELAY_API/subscribers/$CLIENT_SUBJECT" -H "Authorization: Bearer ${TOKEN}" +curl "$TUNNEL_RELAY_API/subscribers/DOESNT_EXIST" -H "Authorization: Bearer ${TOKEN}" +echo "" diff --git a/examples/client.env b/examples/client.env index 4e4e30f..06f80ab 100644 --- a/examples/client.env +++ b/examples/client.env @@ -1,8 +1,6 @@ CLIENT_SUBJECT=newbie -ACME_RELAY_URL=https://mgmt.example.com/api/dns -AUTH_URL=https://devices.example.com/api -TUNNEL_RELAY_URL=wss://devices.example.com +TUNNEL_RELAY_URL=https://devices.example.com/ CLIENT_SECRET=xxxxxxxxxxxxxxxx -LOCALS=https:$CLIENT_SUBJECT.devices.example.com:3000,http:$CLIENT_SUBJECT.devices.example.com:3000 +LOCALS=https:$CLIENT_SUBJECT.devices.example.com:3000,https:*.$CLIENT_SUBJECT.devices.example.com:3000 #PORT_FORWARDS=3443:3001,8443:3002 #DUCKDNS_TOKEN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx diff --git a/examples/mgmt-add-device.sh b/examples/mgmt-add-device.sh new file mode 100644 index 0000000..697ed04 --- /dev/null +++ b/examples/mgmt-add-device.sh @@ -0,0 +1,22 @@ +source .env + +# 1. (srv) create a new shared key for a given slug +# 2. (dev) try to update via ping +# 3. (dev) use key to exchange machine id +# 4. (dev) use key to connect to remote +# 5. (dev) ping occasionally + +TOKEN=$(go run cmd/signjwt/*.go \ + --expires-in 1m \ + --vendor-id "$VENDOR_ID" \ + --secret "$RELAY_SECRET" \ + --machine-ppid "$RELAY_SECRET" +) + +MGMT_URL=${MGMT_URL:-"http://mgmt.example.com:3010/api"} + +CLIENT_SUBJECT=${CLIENT_SUBJECT:-"newbie"} +curl -X POST "$MGMT_URL/devices" \ + -H "Authorization: Bearer ${TOKEN}" \ + -H "Content-Type: application/json" \ + -d '{ "slug": "'$CLIENT_SUBJECT'" }' diff --git a/examples/mgmt-ping-as-admin.sh b/examples/mgmt-ping-as-admin.sh index 3d2b1aa..5a5d489 100644 --- a/examples/mgmt-ping-as-admin.sh +++ b/examples/mgmt-ping-as-admin.sh @@ -4,35 +4,17 @@ set -e set -u source .env -AUTH_URL="${AUTH_URL:-"http://localhost:3000/api"}" +MGMT_URL="${MGMT_URL:-"http://localhost:3000/api"}" -# 1. (srv) create a new shared key for a given slug -# 2. (dev) try to update via ping -# 3. (dev) use key to exchange machine id -# 4. (dev) use key to connect to remote -# 5. (dev) ping occasionally - -echo "RELAY_SECRET: $RELAY_SECRET" TOKEN=$(go run cmd/signjwt/*.go \ --expires-in 1m \ --vendor-id "$VENDOR_ID" \ --secret "$RELAY_SECRET" \ --machine-ppid "$RELAY_SECRET" ) -echo "TOKEN 2: '$TOKEN'" -my_parts=$(go run cmd/signjwt/*.go \ - --vendor-id "$VENDOR_ID" \ - --secret $RELAY_SECRET \ - --machine-ppid "$RELAY_SECRET" \ - --machine-ppid-only -) -my_ppid=$(echo $my_parts | cut -d' ' -f1) -my_keyid=$(echo $my_parts | cut -d' ' -f2) -echo "PPID: $my_ppid KeyID: $my_keyid" - -echo "Auth URL: $AUTH_URL" -curl -X POST "$AUTH_URL/ping" -H "Authorization: Bearer ${TOKEN}" +echo "MGMT URL: $MGMT_URL" +curl -X POST "$MGMT_URL/ping" -H "Authorization: Bearer ${TOKEN}" echo "" -curl "$AUTH_URL/inspect" -H "Authorization: Bearer ${TOKEN}" +curl "$MGMT_URL/inspect" -H "Authorization: Bearer ${TOKEN}" echo "" diff --git a/examples/mgmt-ping-as-client.sh b/examples/mgmt-ping-as-client.sh index 02a473d..8516c62 100644 --- a/examples/mgmt-ping-as-client.sh +++ b/examples/mgmt-ping-as-client.sh @@ -4,25 +4,16 @@ set -e set -u source .env -AUTH_URL="${AUTH_URL:-"http://localhost:3000/api"}" +MGMT_URL="${MGMT_URL:-"http://localhost:3000/api"}" -# 1. (srv) create a new shared key for a given slug -# 2. (dev) try to update via ping -# 3. (dev) use key to exchange machine id -# 4. (dev) use key to connect to remote -# 5. (dev) ping occasionally +TOKEN=$(go run cmd/signjwt/*.go \ + --expires-in 1m \ + --vendor-id "$VENDOR_ID" \ + --secret "$CLIENT_SECRET" +) -echo "CLIENT_SECRET: $CLIENT_SECRET" -TOKEN=$(go run cmd/signjwt/*.go --vendor-id "$VENDOR_ID" --secret "$CLIENT_SECRET") -echo "TOKEN 1: '$TOKEN'" - -my_parts=$(go run cmd/signjwt/*.go --vendor-id "$VENDOR_ID" --secret $CLIENT_SECRET --machine-ppid-only) -my_ppid=$(echo $my_parts | cut -d' ' -f1) -my_keyid=$(echo $my_parts | cut -d' ' -f2) -echo "PPID: $my_ppid KeyID: $my_keyid" - -echo "$AUTH_URL" -curl -X POST "$AUTH_URL/ping" -H "Authorization: Bearer ${TOKEN}" +echo "$MGMT_URL" +curl -X POST "$MGMT_URL/ping" -H "Authorization: Bearer ${TOKEN}" echo "" -curl "$AUTH_URL/inspect" -H "Authorization: Bearer ${TOKEN}" +curl "$MGMT_URL/inspect" -H "Authorization: Bearer ${TOKEN}" echo "" diff --git a/examples/mgmt-remove-device.sh b/examples/mgmt-remove-device.sh new file mode 100644 index 0000000..987dcbe --- /dev/null +++ b/examples/mgmt-remove-device.sh @@ -0,0 +1,16 @@ +source .env + +TOKEN=$(go run cmd/signjwt/*.go \ + --expires-in 1m \ + --vendor-id "$VENDOR_ID" \ + --secret "$RELAY_SECRET" \ + --machine-ppid "$RELAY_SECRET" +) + +MGMT_URL=${MGMT_URL:-"http://mgmt.example.com:3010/api"} + +CLIENT_SUBJECT=${CLIENT_SUBJECT:-"newbie"} +curl -X DELETE "$MGMT_URL/devices/$CLIENT_SUBJECT" \ + -H "Authorization: Bearer ${TOKEN}" \ + -H "Content-Type: application/json" \ + -d '{ "slug": "'$CLIENT_SUBJECT'" }' diff --git a/examples/mgmt.env b/examples/mgmt.env index 6159372..314ef46 100644 --- a/examples/mgmt.env +++ b/examples/mgmt.env @@ -1,5 +1,8 @@ +# For bash tests MGMT_SECRET=xxxxxxxxxxxxxxxx -AUTH_BASEURL=https://devices.example.com +MGMT_URL=https://devices.example.com + +# For mgmt server itself DUCKDNS_TOKEN=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX GODADDY_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx GODADDY_API_SECRET=XXXXXXXXXXXXXXXXXXXXXX diff --git a/examples/postgres-install.sh b/examples/postgres-install.sh index ed6be03..138b766 100755 --- a/examples/postgres-install.sh +++ b/examples/postgres-install.sh @@ -1,90 +1,9 @@ #!/bin/bash -echo "=== INSTALLING POSTGRES ===" -sleep 1 -set -e -set -u +# Works for Mac and Linux -# Notes on convention: -# variables expected to be imported or exported are ALL_CAPS and prefixed with POSTGRES_ -# variables expected to remain private are lowercase and prefixed as to not be affected by `source` +# Postgres will install to ~/.local/opt/postgres/ +# Database will be initialized at ~/.local/share/postgres/var/ +# Username and Password will print tothe screen -# source .env -DOWNLOADS_DIR=${DOWNLOADS_DIR:-"$HOME/Downloads"} -OPT_DIR=${OPT_DIR:-"$HOME/Applications"} -DATA_DIR=${DATA_DIR:-"$HOME/.local/share"} -POSTGRES_DATA_DIR=${POSTGRES_DATA_DIR:-"$DATA_DIR/postgres/var"} -mkdir -p "$DOWNLOADS_DIR" -mkdir -p "$OPT_DIR" -mkdir -p "$POSTGRES_DATA_DIR" - -is_macos="$(uname -a | grep -i darwin)" -if [ -n "$is_macos" ]; then - TRASH_DIR=${TRASH_DIR:-"$HOME/.Trash"} - POSTGRES_VERSION=${POSTGRES_VERSION:-"10.13"} # 10.13-1 - POSTGRES_BUILD=${POSTGRES_BUILD:-"1-osx"} - postgres_pkg="postgresql-${POSTGRES_VERSION}-${POSTGRES_BUILD}-binaries.zip" - is_zip="true" -else - TRASH_DIR=${TRASH_DIR:-"$HOME/tmp"} - POSTGRES_VERSION=${POSTGRES_VERSION:-"10.12"} # 10.12-1 - POSTGRES_BUILD=${POSTGRES_BUILD:-"1-linux-x64"} - postgres_pkg="postgresql-${POSTGRES_VERSION}-${POSTGRES_BUILD}-binaries.tar.gz" - is_zip="" -fi - -mkdir -p "$TRASH_DIR" - -# https://www.enterprisedb.com/download-postgresql-binaries - -postgres_tmp="$(mktemp -d -t postgres-installer.XXXXXXXX)" -postgres_unpack="pgsql" -postgres_dir="postgres-server-${POSTGRES_VERSION}" -postgres_lnk="postgres-server" - -echo "Here's what this script will do:" -echo " • Download postgres server v${POSTGRES_VERSION}" -echo " • Install it to ${OPT_DIR}/${postgres_dir}" -echo " • Link that to ${OPT_DIR}/${postgres_lnk}" -echo " • Create a database in $POSTGRES_DATA_DIR (first-time only)" -echo " • Start Postgres with $OPT_DIR/${postgres_lnk}/bin/pg_ctl" - -echo "" -echo "Working directory is ${postgres_tmp}" -echo "" -if [ -f "${DOWNLOADS_DIR}/${postgres_pkg}" ]; then - rsync -aq "${DOWNLOADS_DIR}/${postgres_pkg}" "$postgres_tmp/$postgres_pkg" -else - echo "Downloading $postgres_pkg" - curl -fSL --progress-bar 'https://get.enterprisedb.com/postgresql/'"${postgres_pkg}"'?ls=Crossover&type=Crossover' -o "$postgres_tmp/$postgres_pkg" - rsync -aq "$postgres_tmp/$postgres_pkg" "${DOWNLOADS_DIR}/" -fi -pushd "$postgres_tmp" >/dev/null - if [ -n "$is_zip" ]; then - unzip -q "$postgres_pkg" - else - tar xvf "$postgres_pkg" - fi - mv "$postgres_unpack" "$postgres_dir" -popd >/dev/null -if [ -d "$OPT_DIR/$postgres_dir" ]; then - mv "$OPT_DIR/$postgres_dir" "$TRASH_DIR/$postgres_dir".$(date '+%Y-%m-%d_%H-%M-%S' ) - echo "moved old $OPT_DIR/$postgres_dir to the Trash folder" -fi -mv "$postgres_tmp/$postgres_dir" "$OPT_DIR/" -rm -f "$OPT_DIR/$postgres_lnk" -ln -s "$OPT_DIR/$postgres_dir" "$OPT_DIR/$postgres_lnk" - -mkdir -p "$POSTGRES_DATA_DIR" -chmod 0700 "$POSTGRES_DATA_DIR" -if [ ! -f "$POSTGRES_DATA_DIR/postgresql.conf" ]; then - echo "postgres" > "${postgres_tmp}/pwfile" - "$OPT_DIR/$postgres_lnk/bin/initdb" \ - -D "$POSTGRES_DATA_DIR/" \ - --username postgres --pwfile "${postgres_tmp}/pwfile" \ - --auth-local=password --auth-host=password -fi - -echo "PostgreSQL installed, database initialized in $POSTGRES_DATA_DIR/" - -rm -rf "${postgres_tmp}" +curl -fsS https://webinstall.dev/postgres | bash diff --git a/examples/register-new-device.sh b/examples/register-new-device.sh deleted file mode 100644 index 3415732..0000000 --- a/examples/register-new-device.sh +++ /dev/null @@ -1,10 +0,0 @@ -source .env - -TOKEN=$(go run -mod=vendor cmd/signjwt/*.go $SECRET) -AUTH_URL=${AUTH_URL:-"http://mgmt.example.com:3010/api"} - -CLIENT_SUBJECT=${CLIENT_SUBJECT:-"newbie"} -curl -X POST $AUTH_URL/devices \ - -H "Authorization: Bearer ${TOKEN}" \ - -H "Content-Type: application/json" \ - -d '{ "slug": "'$CLIENT_SUBJECT'" }' diff --git a/examples/relay.env b/examples/relay.env index 2d3853b..2cc5c1a 100644 --- a/examples/relay.env +++ b/examples/relay.env @@ -1,7 +1,7 @@ # For Tunnel Relay Service VERBOSE=true API_HOSTNAME=devices.example.com -LISTEN=":80 :443" +LISTEN=":443" # To proxy incoming requests for 'https://mgmt.devices.example.com' to localhost:3010 LOCALS=https:mgmt.devices.example.com:3010 diff --git a/examples/run-as-client.sh b/examples/run-as-client.sh index 08ccfdd..01f9d06 100644 --- a/examples/run-as-client.sh +++ b/examples/run-as-client.sh @@ -8,14 +8,14 @@ source .env #go generate -mod=vendor ./... VENDOR_ID="${VENDOR_ID:-"${VENDOR_ID:-"test-id"}"}" CLIENT_SECRET="${CLIENT_SECRET:-}" -go build -mod=vendor -o ./telebit \ - -ldflags="-X 'main.VendorID=$VENDOR_ID' -X 'main.ClientSecret=$CLIENT_SECRET'" \ - cmd/telebit/*.go -#go build -mod=vendor -o telebit \ +#go build -mod=vendor -o ./telebit \ +# -ldflags="-X 'main.VendorID=$VENDOR_ID' -X 'main.ClientSecret=$CLIENT_SECRET'" \ # cmd/telebit/*.go +go build -mod=vendor -o telebit \ + cmd/telebit/*.go # For Device Authorization across services -AUTH_URL=${AUTH_URL:-"https://devices.examples.com/api"} +#AUTH_URL=${AUTH_URL:-"https://devices.examples.com/api"} VENDOR_ID="$VENDOR_ID" SECRET="${CLIENT_SECRET:-"xxxxxxxxxxxxxxxx"}" #CLIENT_SECRET=${CLIENT_SECRET:-"yyyyyyyyyyyyyyyy"} @@ -38,7 +38,6 @@ VERBOSE_RAW=${VERBOSE_RAW:-} ./telebit \ - --auth-url $AUTH_URL \ --vendor-id "$VENDOR_ID" \ --secret "$CLIENT_SECRET" \ --tunnel-relay-url $TUNNEL_RELAY_URL \ @@ -46,9 +45,10 @@ VERBOSE_RAW=${VERBOSE_RAW:-} --locals "$LOCALS" \ --acme-agree=${ACME_AGREE} \ --acme-email "$ACME_EMAIL" \ - --acme-relay-url $ACME_RELAY_URL \ --verbose=$VERBOSE +# --auth-url $AUTH_URL \ +# --acme-relay-url $ACME_RELAY_URL \ # --subject "$CLIENT_SUBJECT" \ #PORT_FORWARDS=3443:3001,8443:3002 diff --git a/examples/signjwt-admin.sh b/examples/signjwt-admin.sh new file mode 100644 index 0000000..acc7eac --- /dev/null +++ b/examples/signjwt-admin.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +source .env + +TOKEN=$(go run cmd/signjwt/*.go \ + --expires-in 1m \ + --vendor-id "$VENDOR_ID" \ + --secret "$MGMT_SECRET" \ + --machine-ppid "$MGMT_SECRET" +) +echo "MGMT_TOKEN: $TOKEN" + +my_parts=$( +go run cmd/signjwt/*.go \ + --vendor-id "$VENDOR_ID" \ + --secret "$MGMT_SECRET" \ + --machine-ppid "$MGMT_SECRET" \ + --machine-ppid-only +) +my_ppid=$(echo $my_parts | cut -d' ' -f1) +my_keyid=$(echo $my_parts | cut -d' ' -f2) +echo "PPID (Priv): $my_ppid KeyID (Pub): $my_keyid" diff --git a/examples/signjwt-client.sh b/examples/signjwt-client.sh new file mode 100644 index 0000000..6b843d9 --- /dev/null +++ b/examples/signjwt-client.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +source .env + +TOKEN=$(go run cmd/signjwt/*.go \ + --expires-in 1m \ + --vendor-id "$VENDOR_ID" \ + --secret "$CLIENT_SECRET" +) +echo "CLIENT_TOKEN: $TOKEN" + + +my_parts=$( +go run cmd/signjwt/*.go \ + --vendor-id "$VENDOR_ID" \ + --secret "$CLIENT_SECRET" \ + --machine-ppid-only +) +my_ppid=$(echo $my_parts | cut -d' ' -f1) +my_keyid=$(echo $my_parts | cut -d' ' -f2) +echo "PPID (Priv): $my_ppid KeyID (Pub): $my_keyid"