From c7a1d8d3a2021cd2890331bae80bf9af1fd1d2c9 Mon Sep 17 00:00:00 2001
From: AJ ONeal <coolaj86@gmail.com>
Date: Tue, 21 Jul 2020 23:47:47 -0600
Subject: [PATCH] update auth, and admin stats

---
 cmd/mgmt/mgmt.go       |  9 ++++++---
 cmd/telebit/admin.go   | 26 ++++++++++++++------------
 cmd/telebit/telebit.go |  9 +++++++--
 mgmt/auth.go           |  6 ++++--
 4 files changed, 31 insertions(+), 19 deletions(-)

diff --git a/cmd/mgmt/mgmt.go b/cmd/mgmt/mgmt.go
index 8f8e5ed..7d4d7d8 100644
--- a/cmd/mgmt/mgmt.go
+++ b/cmd/mgmt/mgmt.go
@@ -36,7 +36,7 @@ var primaryDomain string
 var relayDomain string
 
 func help() {
-	fmt.Fprintf(os.Stderr, "Usage: mgmt --domain <mgmt.example.com> --tunnel-domain <devices.example.com> --secret <128-bit secret>\n")
+	fmt.Fprintf(os.Stderr, "Usage: mgmt --domain <devices.example.com> --secret <128-bit secret>\n")
 }
 
 func main() {
@@ -51,13 +51,16 @@ func main() {
 	)
 	flag.StringVar(&secret, "secret", "", "a >= 16-character random string for JWT key signing")
 	flag.StringVar(&primaryDomain, "domain", "", "the base domain to use for all clients")
-	flag.StringVar(&relayDomain, "tunnel-domain", "", "the domain name of the tunnel relay service")
+	flag.StringVar(&relayDomain, "tunnel-domain", "", "the domain name of the tunnel relay service, if different from base domain")
 	flag.Parse()
 
-	if "" == primaryDomain || "" == relayDomain {
+	if "" == primaryDomain {
 		help()
 		os.Exit(1)
 	}
+	if "" == relayDomain {
+		relayDomain = primaryDomain
+	}
 
 	if "" != os.Getenv("GODADDY_API_KEY") {
 		id := os.Getenv("GODADDY_API_KEY")
diff --git a/cmd/telebit/admin.go b/cmd/telebit/admin.go
index 7c2ee69..a79ef23 100644
--- a/cmd/telebit/admin.go
+++ b/cmd/telebit/admin.go
@@ -107,34 +107,36 @@ func apiNotFoundHandler(w http.ResponseWriter, r *http.Request) {
 }
 
 type SubscriberStatus struct {
-	Subject string
-	Tunnels int
-	Clients int
+	Subject    string `json:"sub"`
+	RemoteAddr string `json:"socket"`
+	Tunnels    int    `json:"tunnels"`
+	Clients    int    `json:"clients"`
 	// TODO bytes read
 }
 
 func getSubscribers(w http.ResponseWriter, r *http.Request) {
 	statuses := []*SubscriberStatus{}
 	table.Servers.Range(func(key, value interface{}) bool {
-		tunnels := 0
-		clients := 0
+		status := &SubscriberStatus{
+			Subject: "",
+			//RemoteAddr: k.(string),
+			Tunnels: 0,
+			Clients: 0,
+		}
 		//subject := key.(string)
 		srvMap := value.(*sync.Map)
 		srvMap.Range(func(k, v interface{}) bool {
-			tunnels += 1
+			status.Tunnels++
 			srv := v.(*table.SubscriberConn)
+			status.Subject = srv.Grants.Subject
 			srv.Clients.Range(func(k, v interface{}) bool {
-				clients += 1
+				status.Clients++
 				return true
 			})
 
-			statuses = append(statuses, &SubscriberStatus{
-				Subject: k.(string),
-				Tunnels: tunnels,
-				Clients: clients,
-			})
 			return true
 		})
+		statuses = append(statuses, status)
 		return true
 	})
 	_ = json.NewEncoder(w).Encode(&struct {
diff --git a/cmd/telebit/telebit.go b/cmd/telebit/telebit.go
index 7dce61e..396b693 100644
--- a/cmd/telebit/telebit.go
+++ b/cmd/telebit/telebit.go
@@ -251,10 +251,11 @@ func main() {
 		}
 		fmt.Printf("[Directory] %s\n\t%#v\n", *relay, directory)
 
+		authBase := strings.TrimSuffix(directory.Authenticate.URL, "/inspect")
 		if "" == *authURL {
-			*authURL = directory.Authenticate.URL
+			*authURL = authBase
 		} else {
-			fmt.Println("Suggested Auth URL:", directory.Authenticate.URL)
+			fmt.Println("Suggested Auth URL:", authBase)
 			fmt.Println("--auth-url Auth URL:", *authURL)
 		}
 		if "" == *authURL {
@@ -362,6 +363,10 @@ func main() {
 		go func() {
 			for {
 				time.Sleep(10 * time.Minute)
+				if "" != ClientSecret {
+					// re-create token unless no secret was supplied
+					*token, err = authstore.HMACToken(ppid)
+				}
 				err = mgmt.Ping(*authURL, *token)
 				if nil != err {
 					fmt.Fprintf(os.Stderr, "failed to ping mgmt server: %s\n", err)
diff --git a/mgmt/auth.go b/mgmt/auth.go
index 32f8ca1..5f2d098 100644
--- a/mgmt/auth.go
+++ b/mgmt/auth.go
@@ -52,11 +52,13 @@ func Register(authURL, secret, ppid string) (kid string, err error) {
 	}
 
 	auth := &authstore.Authorization{}
-	err = json.NewDecoder(msg).Decode(auth)
+	msgBytes, _ := ioutil.ReadAll(msg)
+	//err = json.NewDecoder(msg).Decode(auth)
+	err = json.Unmarshal(msgBytes, auth)
 	if err != nil {
 		return "", err
 	}
-	msgBytes, _ := ioutil.ReadAll(msg)
+	//msgBytes, _ := ioutil.ReadAll(msg)
 	if "" == auth.PublicKey {
 		return "", fmt.Errorf("unexpected server response: no public key: %s", string(msgBytes))
 	}