update examples

examples/admin-list-devices.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+set -e
+set -u
+
+source .env
+TUNNEL_RELAY_API="${TUNNEL_RELAY_API:-"https://devices.example.com/api"}"
+
+echo "RELAY_SECRET: $RELAY_SECRET"
+TOKEN=$(go run cmd/signjwt/*.go \
+    --vendor-id "$VENDOR_ID" \
+    --secret "$RELAY_SECRET" \
+    --machine-ppid "$RELAY_SECRET"
+)
+echo "ADMIN TOKEN: '$TOKEN'"
+
+echo "Auth URL: $TUNNEL_RELAY_API"
+curl "$TUNNEL_RELAY_API/subscribers" -H "Authorization: Bearer ${TOKEN}"
+curl "$TUNNEL_RELAY_API/subscribers/$CLIENT_SUBJECT" -H "Authorization: Bearer ${TOKEN}"
+curl "$TUNNEL_RELAY_API/subscribers/DOESNT_EXIST" -H "Authorization: Bearer ${TOKEN}"
+echo ""

examples/client.env

@@ -1,8 +1,6 @@
 CLIENT_SUBJECT=newbie
-ACME_RELAY_URL=https://mgmt.example.com/api/dns
-AUTH_URL=https://devices.example.com/api
-TUNNEL_RELAY_URL=wss://devices.example.com
+TUNNEL_RELAY_URL=https://devices.example.com/
 CLIENT_SECRET=xxxxxxxxxxxxxxxx
-LOCALS=https:$CLIENT_SUBJECT.devices.example.com:3000,http:$CLIENT_SUBJECT.devices.example.com:3000
+LOCALS=https:$CLIENT_SUBJECT.devices.example.com:3000,https:*.$CLIENT_SUBJECT.devices.example.com:3000
 #PORT_FORWARDS=3443:3001,8443:3002
 #DUCKDNS_TOKEN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

examples/mgmt-add-device.sh

@@ -0,0 +1,22 @@
+source .env
+
+# 1. (srv) create a new shared key for a given slug
+# 2. (dev) try to update via ping
+# 3. (dev) use key to exchange machine id
+# 4. (dev) use key to connect to remote
+# 5. (dev) ping occasionally
+
+TOKEN=$(go run cmd/signjwt/*.go \
+    --expires-in 1m \
+    --vendor-id "$VENDOR_ID" \
+    --secret "$RELAY_SECRET" \
+    --machine-ppid "$RELAY_SECRET"
+)
+
+MGMT_URL=${MGMT_URL:-"http://mgmt.example.com:3010/api"}
+
+CLIENT_SUBJECT=${CLIENT_SUBJECT:-"newbie"}
+curl -X POST "$MGMT_URL/devices" \
+    -H "Authorization: Bearer ${TOKEN}" \
+    -H "Content-Type: application/json" \
+    -d '{ "slug": "'$CLIENT_SUBJECT'" }'

examples/mgmt-ping-as-admin.sh

@@ -4,35 +4,17 @@ set -e
 set -u
 
 source .env
-AUTH_URL="${AUTH_URL:-"http://localhost:3000/api"}"
+MGMT_URL="${MGMT_URL:-"http://localhost:3000/api"}"
 
-# 1. (srv) create a new shared key for a given slug
-# 2. (dev) try to update via ping
-# 3. (dev) use key to exchange machine id
-# 4. (dev) use key to connect to remote
-# 5. (dev) ping occasionally
-
-echo "RELAY_SECRET: $RELAY_SECRET"
 TOKEN=$(go run cmd/signjwt/*.go \
     --expires-in 1m \
     --vendor-id "$VENDOR_ID" \
     --secret "$RELAY_SECRET" \
     --machine-ppid "$RELAY_SECRET"
 )
-echo "TOKEN 2: '$TOKEN'"
 
-my_parts=$(go run cmd/signjwt/*.go \
-    --vendor-id "$VENDOR_ID" \
-    --secret $RELAY_SECRET \
-    --machine-ppid "$RELAY_SECRET" \
-    --machine-ppid-only
-)
-my_ppid=$(echo $my_parts | cut -d' ' -f1)
-my_keyid=$(echo $my_parts | cut -d' ' -f2)
-echo "PPID: $my_ppid KeyID: $my_keyid"
-
-echo "Auth URL: $AUTH_URL"
-curl -X POST "$AUTH_URL/ping" -H "Authorization: Bearer ${TOKEN}"
+echo "MGMT URL: $MGMT_URL"
+curl -X POST "$MGMT_URL/ping" -H "Authorization: Bearer ${TOKEN}"
 echo ""
-curl "$AUTH_URL/inspect" -H "Authorization: Bearer ${TOKEN}"
+curl "$MGMT_URL/inspect" -H "Authorization: Bearer ${TOKEN}"
 echo ""

examples/mgmt-ping-as-client.sh

@@ -4,25 +4,16 @@ set -e
 set -u
 
 source .env
-AUTH_URL="${AUTH_URL:-"http://localhost:3000/api"}"
+MGMT_URL="${MGMT_URL:-"http://localhost:3000/api"}"
 
-# 1. (srv) create a new shared key for a given slug
-# 2. (dev) try to update via ping
-# 3. (dev) use key to exchange machine id
-# 4. (dev) use key to connect to remote
-# 5. (dev) ping occasionally
+TOKEN=$(go run cmd/signjwt/*.go \
+    --expires-in 1m \
+    --vendor-id "$VENDOR_ID" \
+    --secret "$CLIENT_SECRET"
+)
 
-echo "CLIENT_SECRET: $CLIENT_SECRET"
-TOKEN=$(go run cmd/signjwt/*.go --vendor-id "$VENDOR_ID" --secret "$CLIENT_SECRET")
-echo "TOKEN 1: '$TOKEN'"
-
-my_parts=$(go run cmd/signjwt/*.go --vendor-id "$VENDOR_ID" --secret $CLIENT_SECRET --machine-ppid-only)
-my_ppid=$(echo $my_parts | cut -d' ' -f1)
-my_keyid=$(echo $my_parts | cut -d' ' -f2)
-echo "PPID: $my_ppid KeyID: $my_keyid"
-
-echo "$AUTH_URL"
-curl -X POST "$AUTH_URL/ping" -H "Authorization: Bearer ${TOKEN}"
+echo "$MGMT_URL"
+curl -X POST "$MGMT_URL/ping" -H "Authorization: Bearer ${TOKEN}"
 echo ""
-curl "$AUTH_URL/inspect" -H "Authorization: Bearer ${TOKEN}"
+curl "$MGMT_URL/inspect" -H "Authorization: Bearer ${TOKEN}"
 echo ""

examples/mgmt-remove-device.sh

@@ -0,0 +1,16 @@
+source .env
+
+TOKEN=$(go run cmd/signjwt/*.go \
+    --expires-in 1m \
+    --vendor-id "$VENDOR_ID" \
+    --secret "$RELAY_SECRET" \
+    --machine-ppid "$RELAY_SECRET"
+)
+
+MGMT_URL=${MGMT_URL:-"http://mgmt.example.com:3010/api"}
+
+CLIENT_SUBJECT=${CLIENT_SUBJECT:-"newbie"}
+curl -X DELETE "$MGMT_URL/devices/$CLIENT_SUBJECT" \
+    -H "Authorization: Bearer ${TOKEN}" \
+    -H "Content-Type: application/json" \
+    -d '{ "slug": "'$CLIENT_SUBJECT'" }'

examples/mgmt.env

@@ -1,5 +1,8 @@
+# For bash tests
 MGMT_SECRET=xxxxxxxxxxxxxxxx
-AUTH_BASEURL=https://devices.example.com
+MGMT_URL=https://devices.example.com
+
+# For mgmt server itself
 DUCKDNS_TOKEN=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
 GODADDY_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 GODADDY_API_SECRET=XXXXXXXXXXXXXXXXXXXXXX

examples/postgres-install.sh

@@ -1,90 +1,9 @@
 #!/bin/bash
-echo "=== INSTALLING POSTGRES ==="
-sleep 1
 
-set -e
-set -u
+# Works for Mac and Linux
 
-# Notes on convention:
-# variables expected to be imported or exported are ALL_CAPS and prefixed with POSTGRES_
-# variables expected to remain private are lowercase and prefixed as to not be affected by `source`
+# Postgres will install to ~/.local/opt/postgres/
+# Database will be initialized at ~/.local/share/postgres/var/
+# Username and Password will print tothe screen
 
-# source .env
-DOWNLOADS_DIR=${DOWNLOADS_DIR:-"$HOME/Downloads"}
-OPT_DIR=${OPT_DIR:-"$HOME/Applications"}
-DATA_DIR=${DATA_DIR:-"$HOME/.local/share"}
-POSTGRES_DATA_DIR=${POSTGRES_DATA_DIR:-"$DATA_DIR/postgres/var"}
-mkdir -p "$DOWNLOADS_DIR"
-mkdir -p "$OPT_DIR"
-mkdir -p "$POSTGRES_DATA_DIR"
-
-is_macos="$(uname -a | grep -i darwin)"
-if [ -n "$is_macos" ]; then
-  TRASH_DIR=${TRASH_DIR:-"$HOME/.Trash"}
-  POSTGRES_VERSION=${POSTGRES_VERSION:-"10.13"} # 10.13-1
-  POSTGRES_BUILD=${POSTGRES_BUILD:-"1-osx"}
-  postgres_pkg="postgresql-${POSTGRES_VERSION}-${POSTGRES_BUILD}-binaries.zip"
-  is_zip="true"
-else
-  TRASH_DIR=${TRASH_DIR:-"$HOME/tmp"}
-  POSTGRES_VERSION=${POSTGRES_VERSION:-"10.12"} # 10.12-1
-  POSTGRES_BUILD=${POSTGRES_BUILD:-"1-linux-x64"}
-  postgres_pkg="postgresql-${POSTGRES_VERSION}-${POSTGRES_BUILD}-binaries.tar.gz"
-  is_zip=""
-fi
-
-mkdir -p "$TRASH_DIR"
-
-# https://www.enterprisedb.com/download-postgresql-binaries
-
-postgres_tmp="$(mktemp -d -t postgres-installer.XXXXXXXX)"
-postgres_unpack="pgsql"
-postgres_dir="postgres-server-${POSTGRES_VERSION}"
-postgres_lnk="postgres-server"
-
-echo "Here's what this script will do:"
-echo "    • Download postgres server v${POSTGRES_VERSION}"
-echo "    • Install it to ${OPT_DIR}/${postgres_dir}"
-echo "    • Link that to ${OPT_DIR}/${postgres_lnk}"
-echo "    • Create a database in $POSTGRES_DATA_DIR (first-time only)"
-echo "    • Start Postgres with $OPT_DIR/${postgres_lnk}/bin/pg_ctl"
-
-echo ""
-echo "Working directory is ${postgres_tmp}"
-echo ""
-if [ -f "${DOWNLOADS_DIR}/${postgres_pkg}" ]; then
-  rsync -aq "${DOWNLOADS_DIR}/${postgres_pkg}" "$postgres_tmp/$postgres_pkg"
-else
-  echo "Downloading $postgres_pkg"
-  curl -fSL --progress-bar 'https://get.enterprisedb.com/postgresql/'"${postgres_pkg}"'?ls=Crossover&type=Crossover' -o "$postgres_tmp/$postgres_pkg"
-  rsync -aq "$postgres_tmp/$postgres_pkg" "${DOWNLOADS_DIR}/"
-fi
-pushd "$postgres_tmp" >/dev/null
-  if [ -n "$is_zip" ]; then
-    unzip -q "$postgres_pkg"
-  else
-    tar xvf "$postgres_pkg"
-  fi
-  mv "$postgres_unpack" "$postgres_dir"
-popd >/dev/null
-if [ -d "$OPT_DIR/$postgres_dir" ]; then
-  mv "$OPT_DIR/$postgres_dir" "$TRASH_DIR/$postgres_dir".$(date '+%Y-%m-%d_%H-%M-%S' )
-  echo "moved old $OPT_DIR/$postgres_dir to the Trash folder"
-fi
-mv "$postgres_tmp/$postgres_dir" "$OPT_DIR/"
-rm -f "$OPT_DIR/$postgres_lnk"
-ln -s "$OPT_DIR/$postgres_dir" "$OPT_DIR/$postgres_lnk"
-
-mkdir -p "$POSTGRES_DATA_DIR"
-chmod 0700 "$POSTGRES_DATA_DIR"
-if [ ! -f "$POSTGRES_DATA_DIR/postgresql.conf" ]; then
-  echo "postgres" > "${postgres_tmp}/pwfile"
-  "$OPT_DIR/$postgres_lnk/bin/initdb" \
-    -D "$POSTGRES_DATA_DIR/" \
-    --username postgres --pwfile "${postgres_tmp}/pwfile" \
-    --auth-local=password --auth-host=password
-fi
-
-echo "PostgreSQL installed, database initialized in $POSTGRES_DATA_DIR/"
-
-rm -rf "${postgres_tmp}"
+curl -fsS https://webinstall.dev/postgres | bash

examples/register-new-device.sh

@@ -1,10 +0,0 @@
-source .env
-
-TOKEN=$(go run -mod=vendor cmd/signjwt/*.go $SECRET)
-AUTH_URL=${AUTH_URL:-"http://mgmt.example.com:3010/api"}
-
-CLIENT_SUBJECT=${CLIENT_SUBJECT:-"newbie"}
-curl -X POST $AUTH_URL/devices \
-    -H "Authorization: Bearer ${TOKEN}" \
-    -H "Content-Type: application/json" \
-    -d '{ "slug": "'$CLIENT_SUBJECT'" }'

examples/relay.env

@@ -1,7 +1,7 @@
 # For Tunnel Relay Service
 VERBOSE=true
 API_HOSTNAME=devices.example.com
-LISTEN=":80 :443"
+LISTEN=":443"
 
 # To proxy incoming requests for 'https://mgmt.devices.example.com' to localhost:3010
 LOCALS=https:mgmt.devices.example.com:3010

examples/run-as-client.sh

@@ -8,14 +8,14 @@ source .env
 #go generate -mod=vendor ./...
 VENDOR_ID="${VENDOR_ID:-"${VENDOR_ID:-"test-id"}"}"
 CLIENT_SECRET="${CLIENT_SECRET:-}"
-go build -mod=vendor -o ./telebit \
-    -ldflags="-X 'main.VendorID=$VENDOR_ID' -X 'main.ClientSecret=$CLIENT_SECRET'" \
-    cmd/telebit/*.go
-#go build -mod=vendor -o telebit \
+#go build -mod=vendor -o ./telebit \
+#    -ldflags="-X 'main.VendorID=$VENDOR_ID' -X 'main.ClientSecret=$CLIENT_SECRET'" \
 #    cmd/telebit/*.go
+go build -mod=vendor -o telebit \
+    cmd/telebit/*.go
 
 # For Device Authorization across services
-AUTH_URL=${AUTH_URL:-"https://devices.examples.com/api"}
+#AUTH_URL=${AUTH_URL:-"https://devices.examples.com/api"}
 VENDOR_ID="$VENDOR_ID"
 SECRET="${CLIENT_SECRET:-"xxxxxxxxxxxxxxxx"}"
 #CLIENT_SECRET=${CLIENT_SECRET:-"yyyyyyyyyyyyyyyy"}
@@ -38,7 +38,6 @@ VERBOSE_RAW=${VERBOSE_RAW:-}
 
 
 ./telebit \
-    --auth-url $AUTH_URL \
     --vendor-id "$VENDOR_ID" \
     --secret "$CLIENT_SECRET" \
     --tunnel-relay-url $TUNNEL_RELAY_URL \
@@ -46,9 +45,10 @@ VERBOSE_RAW=${VERBOSE_RAW:-}
     --locals "$LOCALS" \
     --acme-agree=${ACME_AGREE} \
     --acme-email "$ACME_EMAIL" \
-    --acme-relay-url $ACME_RELAY_URL \
     --verbose=$VERBOSE
 
+#    --auth-url $AUTH_URL \
+#    --acme-relay-url $ACME_RELAY_URL \
 #    --subject "$CLIENT_SUBJECT" \
 
 #PORT_FORWARDS=3443:3001,8443:3002

examples/signjwt-admin.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+source .env
+
+TOKEN=$(go run cmd/signjwt/*.go \
+    --expires-in 1m \
+    --vendor-id "$VENDOR_ID" \
+    --secret "$MGMT_SECRET" \
+    --machine-ppid "$MGMT_SECRET"
+)
+echo "MGMT_TOKEN: $TOKEN"
+
+my_parts=$(
+go run cmd/signjwt/*.go \
+    --vendor-id "$VENDOR_ID" \
+    --secret "$MGMT_SECRET" \
+    --machine-ppid "$MGMT_SECRET" \
+    --machine-ppid-only
+)
+my_ppid=$(echo $my_parts | cut -d' ' -f1)
+my_keyid=$(echo $my_parts | cut -d' ' -f2)
+echo "PPID (Priv): $my_ppid KeyID (Pub): $my_keyid"

examples/signjwt-client.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+source .env
+
+TOKEN=$(go run cmd/signjwt/*.go \
+    --expires-in 1m \
+    --vendor-id "$VENDOR_ID" \
+    --secret "$CLIENT_SECRET"
+)
+echo "CLIENT_TOKEN: $TOKEN"
+
+
+my_parts=$(
+go run cmd/signjwt/*.go \
+    --vendor-id "$VENDOR_ID" \
+    --secret "$CLIENT_SECRET" \
+    --machine-ppid-only
+)
+my_ppid=$(echo $my_parts | cut -d' ' -f1)
+my_keyid=$(echo $my_parts | cut -d' ' -f2)
+echo "PPID (Priv): $my_ppid KeyID (Pub): $my_keyid"