update examples

This commit is contained in:
AJ ONeal 2020-07-22 02:05:30 -06:00
parent b5b6c1ea03
commit afbbb8fca7
14 changed files with 134 additions and 149 deletions

View File

@ -0,0 +1,21 @@
#!/bin/bash
set -e
set -u
source .env
TUNNEL_RELAY_API="${TUNNEL_RELAY_API:-"https://devices.example.com/api"}"
echo "RELAY_SECRET: $RELAY_SECRET"
TOKEN=$(go run cmd/signjwt/*.go \
--vendor-id "$VENDOR_ID" \
--secret "$RELAY_SECRET" \
--machine-ppid "$RELAY_SECRET"
)
echo "ADMIN TOKEN: '$TOKEN'"
echo "Auth URL: $TUNNEL_RELAY_API"
curl "$TUNNEL_RELAY_API/subscribers" -H "Authorization: Bearer ${TOKEN}"
curl "$TUNNEL_RELAY_API/subscribers/$CLIENT_SUBJECT" -H "Authorization: Bearer ${TOKEN}"
curl "$TUNNEL_RELAY_API/subscribers/DOESNT_EXIST" -H "Authorization: Bearer ${TOKEN}"
echo ""

View File

@ -1,8 +1,6 @@
CLIENT_SUBJECT=newbie CLIENT_SUBJECT=newbie
ACME_RELAY_URL=https://mgmt.example.com/api/dns TUNNEL_RELAY_URL=https://devices.example.com/
AUTH_URL=https://devices.example.com/api
TUNNEL_RELAY_URL=wss://devices.example.com
CLIENT_SECRET=xxxxxxxxxxxxxxxx CLIENT_SECRET=xxxxxxxxxxxxxxxx
LOCALS=https:$CLIENT_SUBJECT.devices.example.com:3000,http:$CLIENT_SUBJECT.devices.example.com:3000 LOCALS=https:$CLIENT_SUBJECT.devices.example.com:3000,https:*.$CLIENT_SUBJECT.devices.example.com:3000
#PORT_FORWARDS=3443:3001,8443:3002 #PORT_FORWARDS=3443:3001,8443:3002
#DUCKDNS_TOKEN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx #DUCKDNS_TOKEN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

View File

@ -0,0 +1,22 @@
source .env
# 1. (srv) create a new shared key for a given slug
# 2. (dev) try to update via ping
# 3. (dev) use key to exchange machine id
# 4. (dev) use key to connect to remote
# 5. (dev) ping occasionally
TOKEN=$(go run cmd/signjwt/*.go \
--expires-in 1m \
--vendor-id "$VENDOR_ID" \
--secret "$RELAY_SECRET" \
--machine-ppid "$RELAY_SECRET"
)
MGMT_URL=${MGMT_URL:-"http://mgmt.example.com:3010/api"}
CLIENT_SUBJECT=${CLIENT_SUBJECT:-"newbie"}
curl -X POST "$MGMT_URL/devices" \
-H "Authorization: Bearer ${TOKEN}" \
-H "Content-Type: application/json" \
-d '{ "slug": "'$CLIENT_SUBJECT'" }'

View File

@ -4,35 +4,17 @@ set -e
set -u set -u
source .env source .env
AUTH_URL="${AUTH_URL:-"http://localhost:3000/api"}" MGMT_URL="${MGMT_URL:-"http://localhost:3000/api"}"
# 1. (srv) create a new shared key for a given slug
# 2. (dev) try to update via ping
# 3. (dev) use key to exchange machine id
# 4. (dev) use key to connect to remote
# 5. (dev) ping occasionally
echo "RELAY_SECRET: $RELAY_SECRET"
TOKEN=$(go run cmd/signjwt/*.go \ TOKEN=$(go run cmd/signjwt/*.go \
--expires-in 1m \ --expires-in 1m \
--vendor-id "$VENDOR_ID" \ --vendor-id "$VENDOR_ID" \
--secret "$RELAY_SECRET" \ --secret "$RELAY_SECRET" \
--machine-ppid "$RELAY_SECRET" --machine-ppid "$RELAY_SECRET"
) )
echo "TOKEN 2: '$TOKEN'"
my_parts=$(go run cmd/signjwt/*.go \ echo "MGMT URL: $MGMT_URL"
--vendor-id "$VENDOR_ID" \ curl -X POST "$MGMT_URL/ping" -H "Authorization: Bearer ${TOKEN}"
--secret $RELAY_SECRET \
--machine-ppid "$RELAY_SECRET" \
--machine-ppid-only
)
my_ppid=$(echo $my_parts | cut -d' ' -f1)
my_keyid=$(echo $my_parts | cut -d' ' -f2)
echo "PPID: $my_ppid KeyID: $my_keyid"
echo "Auth URL: $AUTH_URL"
curl -X POST "$AUTH_URL/ping" -H "Authorization: Bearer ${TOKEN}"
echo "" echo ""
curl "$AUTH_URL/inspect" -H "Authorization: Bearer ${TOKEN}" curl "$MGMT_URL/inspect" -H "Authorization: Bearer ${TOKEN}"
echo "" echo ""

View File

@ -4,25 +4,16 @@ set -e
set -u set -u
source .env source .env
AUTH_URL="${AUTH_URL:-"http://localhost:3000/api"}" MGMT_URL="${MGMT_URL:-"http://localhost:3000/api"}"
# 1. (srv) create a new shared key for a given slug TOKEN=$(go run cmd/signjwt/*.go \
# 2. (dev) try to update via ping --expires-in 1m \
# 3. (dev) use key to exchange machine id --vendor-id "$VENDOR_ID" \
# 4. (dev) use key to connect to remote --secret "$CLIENT_SECRET"
# 5. (dev) ping occasionally )
echo "CLIENT_SECRET: $CLIENT_SECRET" echo "$MGMT_URL"
TOKEN=$(go run cmd/signjwt/*.go --vendor-id "$VENDOR_ID" --secret "$CLIENT_SECRET") curl -X POST "$MGMT_URL/ping" -H "Authorization: Bearer ${TOKEN}"
echo "TOKEN 1: '$TOKEN'"
my_parts=$(go run cmd/signjwt/*.go --vendor-id "$VENDOR_ID" --secret $CLIENT_SECRET --machine-ppid-only)
my_ppid=$(echo $my_parts | cut -d' ' -f1)
my_keyid=$(echo $my_parts | cut -d' ' -f2)
echo "PPID: $my_ppid KeyID: $my_keyid"
echo "$AUTH_URL"
curl -X POST "$AUTH_URL/ping" -H "Authorization: Bearer ${TOKEN}"
echo "" echo ""
curl "$AUTH_URL/inspect" -H "Authorization: Bearer ${TOKEN}" curl "$MGMT_URL/inspect" -H "Authorization: Bearer ${TOKEN}"
echo "" echo ""

View File

@ -0,0 +1,16 @@
source .env
TOKEN=$(go run cmd/signjwt/*.go \
--expires-in 1m \
--vendor-id "$VENDOR_ID" \
--secret "$RELAY_SECRET" \
--machine-ppid "$RELAY_SECRET"
)
MGMT_URL=${MGMT_URL:-"http://mgmt.example.com:3010/api"}
CLIENT_SUBJECT=${CLIENT_SUBJECT:-"newbie"}
curl -X DELETE "$MGMT_URL/devices/$CLIENT_SUBJECT" \
-H "Authorization: Bearer ${TOKEN}" \
-H "Content-Type: application/json" \
-d '{ "slug": "'$CLIENT_SUBJECT'" }'

View File

@ -1,5 +1,8 @@
# For bash tests
MGMT_SECRET=xxxxxxxxxxxxxxxx MGMT_SECRET=xxxxxxxxxxxxxxxx
AUTH_BASEURL=https://devices.example.com MGMT_URL=https://devices.example.com
# For mgmt server itself
DUCKDNS_TOKEN=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX DUCKDNS_TOKEN=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
GODADDY_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx GODADDY_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
GODADDY_API_SECRET=XXXXXXXXXXXXXXXXXXXXXX GODADDY_API_SECRET=XXXXXXXXXXXXXXXXXXXXXX

View File

@ -1,90 +1,9 @@
#!/bin/bash #!/bin/bash
echo "=== INSTALLING POSTGRES ==="
sleep 1
set -e # Works for Mac and Linux
set -u
# Notes on convention: # Postgres will install to ~/.local/opt/postgres/
# variables expected to be imported or exported are ALL_CAPS and prefixed with POSTGRES_ # Database will be initialized at ~/.local/share/postgres/var/
# variables expected to remain private are lowercase and prefixed as to not be affected by `source` # Username and Password will print tothe screen
# source .env curl -fsS https://webinstall.dev/postgres | bash
DOWNLOADS_DIR=${DOWNLOADS_DIR:-"$HOME/Downloads"}
OPT_DIR=${OPT_DIR:-"$HOME/Applications"}
DATA_DIR=${DATA_DIR:-"$HOME/.local/share"}
POSTGRES_DATA_DIR=${POSTGRES_DATA_DIR:-"$DATA_DIR/postgres/var"}
mkdir -p "$DOWNLOADS_DIR"
mkdir -p "$OPT_DIR"
mkdir -p "$POSTGRES_DATA_DIR"
is_macos="$(uname -a | grep -i darwin)"
if [ -n "$is_macos" ]; then
TRASH_DIR=${TRASH_DIR:-"$HOME/.Trash"}
POSTGRES_VERSION=${POSTGRES_VERSION:-"10.13"} # 10.13-1
POSTGRES_BUILD=${POSTGRES_BUILD:-"1-osx"}
postgres_pkg="postgresql-${POSTGRES_VERSION}-${POSTGRES_BUILD}-binaries.zip"
is_zip="true"
else
TRASH_DIR=${TRASH_DIR:-"$HOME/tmp"}
POSTGRES_VERSION=${POSTGRES_VERSION:-"10.12"} # 10.12-1
POSTGRES_BUILD=${POSTGRES_BUILD:-"1-linux-x64"}
postgres_pkg="postgresql-${POSTGRES_VERSION}-${POSTGRES_BUILD}-binaries.tar.gz"
is_zip=""
fi
mkdir -p "$TRASH_DIR"
# https://www.enterprisedb.com/download-postgresql-binaries
postgres_tmp="$(mktemp -d -t postgres-installer.XXXXXXXX)"
postgres_unpack="pgsql"
postgres_dir="postgres-server-${POSTGRES_VERSION}"
postgres_lnk="postgres-server"
echo "Here's what this script will do:"
echo " • Download postgres server v${POSTGRES_VERSION}"
echo " • Install it to ${OPT_DIR}/${postgres_dir}"
echo " • Link that to ${OPT_DIR}/${postgres_lnk}"
echo " • Create a database in $POSTGRES_DATA_DIR (first-time only)"
echo " • Start Postgres with $OPT_DIR/${postgres_lnk}/bin/pg_ctl"
echo ""
echo "Working directory is ${postgres_tmp}"
echo ""
if [ -f "${DOWNLOADS_DIR}/${postgres_pkg}" ]; then
rsync -aq "${DOWNLOADS_DIR}/${postgres_pkg}" "$postgres_tmp/$postgres_pkg"
else
echo "Downloading $postgres_pkg"
curl -fSL --progress-bar 'https://get.enterprisedb.com/postgresql/'"${postgres_pkg}"'?ls=Crossover&type=Crossover' -o "$postgres_tmp/$postgres_pkg"
rsync -aq "$postgres_tmp/$postgres_pkg" "${DOWNLOADS_DIR}/"
fi
pushd "$postgres_tmp" >/dev/null
if [ -n "$is_zip" ]; then
unzip -q "$postgres_pkg"
else
tar xvf "$postgres_pkg"
fi
mv "$postgres_unpack" "$postgres_dir"
popd >/dev/null
if [ -d "$OPT_DIR/$postgres_dir" ]; then
mv "$OPT_DIR/$postgres_dir" "$TRASH_DIR/$postgres_dir".$(date '+%Y-%m-%d_%H-%M-%S' )
echo "moved old $OPT_DIR/$postgres_dir to the Trash folder"
fi
mv "$postgres_tmp/$postgres_dir" "$OPT_DIR/"
rm -f "$OPT_DIR/$postgres_lnk"
ln -s "$OPT_DIR/$postgres_dir" "$OPT_DIR/$postgres_lnk"
mkdir -p "$POSTGRES_DATA_DIR"
chmod 0700 "$POSTGRES_DATA_DIR"
if [ ! -f "$POSTGRES_DATA_DIR/postgresql.conf" ]; then
echo "postgres" > "${postgres_tmp}/pwfile"
"$OPT_DIR/$postgres_lnk/bin/initdb" \
-D "$POSTGRES_DATA_DIR/" \
--username postgres --pwfile "${postgres_tmp}/pwfile" \
--auth-local=password --auth-host=password
fi
echo "PostgreSQL installed, database initialized in $POSTGRES_DATA_DIR/"
rm -rf "${postgres_tmp}"

View File

@ -1,10 +0,0 @@
source .env
TOKEN=$(go run -mod=vendor cmd/signjwt/*.go $SECRET)
AUTH_URL=${AUTH_URL:-"http://mgmt.example.com:3010/api"}
CLIENT_SUBJECT=${CLIENT_SUBJECT:-"newbie"}
curl -X POST $AUTH_URL/devices \
-H "Authorization: Bearer ${TOKEN}" \
-H "Content-Type: application/json" \
-d '{ "slug": "'$CLIENT_SUBJECT'" }'

View File

@ -1,7 +1,7 @@
# For Tunnel Relay Service # For Tunnel Relay Service
VERBOSE=true VERBOSE=true
API_HOSTNAME=devices.example.com API_HOSTNAME=devices.example.com
LISTEN=":80 :443" LISTEN=":443"
# To proxy incoming requests for 'https://mgmt.devices.example.com' to localhost:3010 # To proxy incoming requests for 'https://mgmt.devices.example.com' to localhost:3010
LOCALS=https:mgmt.devices.example.com:3010 LOCALS=https:mgmt.devices.example.com:3010

View File

@ -8,14 +8,14 @@ source .env
#go generate -mod=vendor ./... #go generate -mod=vendor ./...
VENDOR_ID="${VENDOR_ID:-"${VENDOR_ID:-"test-id"}"}" VENDOR_ID="${VENDOR_ID:-"${VENDOR_ID:-"test-id"}"}"
CLIENT_SECRET="${CLIENT_SECRET:-}" CLIENT_SECRET="${CLIENT_SECRET:-}"
go build -mod=vendor -o ./telebit \ #go build -mod=vendor -o ./telebit \
-ldflags="-X 'main.VendorID=$VENDOR_ID' -X 'main.ClientSecret=$CLIENT_SECRET'" \ # -ldflags="-X 'main.VendorID=$VENDOR_ID' -X 'main.ClientSecret=$CLIENT_SECRET'" \
cmd/telebit/*.go
#go build -mod=vendor -o telebit \
# cmd/telebit/*.go # cmd/telebit/*.go
go build -mod=vendor -o telebit \
cmd/telebit/*.go
# For Device Authorization across services # For Device Authorization across services
AUTH_URL=${AUTH_URL:-"https://devices.examples.com/api"} #AUTH_URL=${AUTH_URL:-"https://devices.examples.com/api"}
VENDOR_ID="$VENDOR_ID" VENDOR_ID="$VENDOR_ID"
SECRET="${CLIENT_SECRET:-"xxxxxxxxxxxxxxxx"}" SECRET="${CLIENT_SECRET:-"xxxxxxxxxxxxxxxx"}"
#CLIENT_SECRET=${CLIENT_SECRET:-"yyyyyyyyyyyyyyyy"} #CLIENT_SECRET=${CLIENT_SECRET:-"yyyyyyyyyyyyyyyy"}
@ -38,7 +38,6 @@ VERBOSE_RAW=${VERBOSE_RAW:-}
./telebit \ ./telebit \
--auth-url $AUTH_URL \
--vendor-id "$VENDOR_ID" \ --vendor-id "$VENDOR_ID" \
--secret "$CLIENT_SECRET" \ --secret "$CLIENT_SECRET" \
--tunnel-relay-url $TUNNEL_RELAY_URL \ --tunnel-relay-url $TUNNEL_RELAY_URL \
@ -46,9 +45,10 @@ VERBOSE_RAW=${VERBOSE_RAW:-}
--locals "$LOCALS" \ --locals "$LOCALS" \
--acme-agree=${ACME_AGREE} \ --acme-agree=${ACME_AGREE} \
--acme-email "$ACME_EMAIL" \ --acme-email "$ACME_EMAIL" \
--acme-relay-url $ACME_RELAY_URL \
--verbose=$VERBOSE --verbose=$VERBOSE
# --auth-url $AUTH_URL \
# --acme-relay-url $ACME_RELAY_URL \
# --subject "$CLIENT_SUBJECT" \ # --subject "$CLIENT_SUBJECT" \
#PORT_FORWARDS=3443:3001,8443:3002 #PORT_FORWARDS=3443:3001,8443:3002

22
examples/signjwt-admin.sh Normal file
View File

@ -0,0 +1,22 @@
#!/bin/bash
source .env
TOKEN=$(go run cmd/signjwt/*.go \
--expires-in 1m \
--vendor-id "$VENDOR_ID" \
--secret "$MGMT_SECRET" \
--machine-ppid "$MGMT_SECRET"
)
echo "MGMT_TOKEN: $TOKEN"
my_parts=$(
go run cmd/signjwt/*.go \
--vendor-id "$VENDOR_ID" \
--secret "$MGMT_SECRET" \
--machine-ppid "$MGMT_SECRET" \
--machine-ppid-only
)
my_ppid=$(echo $my_parts | cut -d' ' -f1)
my_keyid=$(echo $my_parts | cut -d' ' -f2)
echo "PPID (Priv): $my_ppid KeyID (Pub): $my_keyid"

View File

@ -0,0 +1,21 @@
#!/bin/bash
source .env
TOKEN=$(go run cmd/signjwt/*.go \
--expires-in 1m \
--vendor-id "$VENDOR_ID" \
--secret "$CLIENT_SECRET"
)
echo "CLIENT_TOKEN: $TOKEN"
my_parts=$(
go run cmd/signjwt/*.go \
--vendor-id "$VENDOR_ID" \
--secret "$CLIENT_SECRET" \
--machine-ppid-only
)
my_ppid=$(echo $my_parts | cut -d' ' -f1)
my_keyid=$(echo $my_parts | cut -d' ' -f2)
echo "PPID (Priv): $my_ppid KeyID (Pub): $my_keyid"