diff --git a/.gitignore b/.gitignore index eca6507..8e22740 100644 --- a/.gitignore +++ b/.gitignore @@ -34,6 +34,7 @@ telebit-client-windows.exe /cmd/telebit-relay/telebit-relay-linux /cmd/telebit-relay/telebit-relay-macos +*.zip .*.sw* log.txt *.log diff --git a/cmd/signjwt/signjwt.go b/cmd/signjwt/signjwt.go index a6d7a67..275bccf 100644 --- a/cmd/signjwt/signjwt.go +++ b/cmd/signjwt/signjwt.go @@ -11,6 +11,7 @@ import ( "strconv" telebit "git.rootprojects.org/root/telebit" + "git.rootprojects.org/root/telebit/dbg" "git.rootprojects.org/root/telebit/mgmt/authstore" "github.com/denisbrodbeck/machineid" @@ -120,12 +121,16 @@ func main() { ppid = base64.RawURLEncoding.EncodeToString(muidBytes) } - fmt.Fprintf(os.Stderr, "[debug] vendorID = %s\n", *vendorID) - fmt.Fprintf(os.Stderr, "[debug] secret = %s\n", secret) + if dbg.Debug { + fmt.Fprintf(os.Stderr, "[debug] vendorID = %s\n", *vendorID) + fmt.Fprintf(os.Stderr, "[debug] secret = %s\n", secret) + } pub := authstore.ToPublicKeyString(ppid) if *getMachinePPID { - fmt.Fprintf(os.Stderr, "[debug]: \n") + if dbg.Debug { + fmt.Fprintf(os.Stderr, "[debug]: \n") + } fmt.Fprintf( os.Stdout, "%s %s\n", @@ -135,8 +140,10 @@ func main() { return } - fmt.Fprintf(os.Stderr, "[debug] ppid = %s\n", ppid) - fmt.Fprintf(os.Stderr, "[debug] pub = %s\n", pub) + if dbg.Debug { + fmt.Fprintf(os.Stderr, "[debug] ppid = %s\n", ppid) + fmt.Fprintf(os.Stderr, "[debug] pub = %s\n", pub) + } tok, err := authstore.HMACToken(ppid, expNum) if nil != err { @@ -145,8 +152,10 @@ func main() { return } - fmt.Fprintf(os.Stderr, "[debug] \n") - fmt.Fprintf(os.Stdout, "%s\n", tok) + if dbg.Debug { + fmt.Fprintf(os.Stderr, "[debug] \n") + } + fmt.Printf("%s\n", tok) if "" != *authURL { grants, err := telebit.Inspect(*authURL, tok) @@ -154,8 +163,10 @@ func main() { fmt.Fprintf(os.Stderr, "inspect relay token failed:\n%s\n", err) os.Exit(1) } - fmt.Fprintf(os.Stderr, "[debug] \n") - fmt.Fprintf(os.Stderr, "%+v\n", grants) + if dbg.Debug { + fmt.Fprintf(os.Stderr, "[debug] \n") + fmt.Fprintf(os.Stderr, "%+v\n", grants) + } } } diff --git a/cmd/telebit/telebit.go b/cmd/telebit/telebit.go index 396b693..df8f7ce 100644 --- a/cmd/telebit/telebit.go +++ b/cmd/telebit/telebit.go @@ -6,6 +6,7 @@ import ( "context" "encoding/base64" "encoding/hex" + "encoding/json" "flag" "fmt" "io" @@ -249,7 +250,9 @@ func main() { fmt.Fprintf(os.Stderr, "Error: invalid Tunnel Relay URL %q: %s\n", *relay, err) os.Exit(1) } - fmt.Printf("[Directory] %s\n\t%#v\n", *relay, directory) + fmt.Printf("[Directory] %s\n", *relay) + jsonb, _ := json.Marshal(directory) + fmt.Printf("\t%s\n", string(jsonb)) authBase := strings.TrimSuffix(directory.Authenticate.URL, "/inspect") if "" == *authURL { @@ -260,14 +263,28 @@ func main() { } if "" == *authURL { fmt.Fprintf(os.Stderr, "Discovered Directory Endpoints: %+v\n", directory) - fmt.Fprintf(os.Stderr, "No Auth URL detected, no supplied\n") + fmt.Fprintf(os.Stderr, "No Auth URL detected, nor supplied\n") os.Exit(1) return } - - // TODO look at relay rather than authURL? fmt.Println("Auth URL", *authURL) authorizer = NewAuthorizer(*authURL) + + dns01Base := directory.DNS01Proxy.URL + if "" == *acmeRelay { + *acmeRelay = dns01Base + } else { + fmt.Println("Suggested ACME DNS 01 Proxy URL:", dns01Base) + fmt.Println("--acme-relay-url ACME DNS 01 Proxy URL:", *acmeRelay) + } + if "" == *authURL { + fmt.Fprintf(os.Stderr, "Discovered Directory Endpoints: %+v\n", directory) + fmt.Fprintf(os.Stderr, "No ACME DNS 01 Proxy URL detected, nor supplied\n") + os.Exit(1) + return + } + fmt.Println("DNS 01 URL", *acmeRelay) + grants, err = telebit.Inspect(*authURL, *token) if nil != err { _, err := mgmt.Register(*authURL, ClientSecret, ppid) diff --git a/telebit.go b/telebit.go index d6ec5be..01f5cc0 100644 --- a/telebit.go +++ b/telebit.go @@ -16,6 +16,7 @@ import ( "strings" "time" + "git.rootprojects.org/root/telebit/dbg" httpshim "git.rootprojects.org/root/telebit/tunnel" "github.com/caddyserver/certmagic" @@ -372,7 +373,9 @@ type Grants struct { func Inspect(authURL, token string) (*Grants, error) { inspectURL := strings.TrimSuffix(authURL, "/inspect") + "/inspect" - //fmt.Fprintf(os.Stderr, "[debug] telebit.Inspect(\n\tinspectURL = %s,\n\ttoken = %s,\n)", inspectURL, token) + if dbg.Debug { + fmt.Fprintf(os.Stderr, "[debug] telebit.Inspect(\n\tinspectURL = %s,\n\ttoken = %s,\n)\n", inspectURL, token) + } msg, err := Request("GET", inspectURL, token, nil) if nil != err { return nil, err diff --git a/tunnel/discover.go b/tunnel/discover.go index 3e13bfb..fadfff8 100644 --- a/tunnel/discover.go +++ b/tunnel/discover.go @@ -19,6 +19,7 @@ type Endpoints struct { APIHost string `json:"api_host"` Tunnel Endpoint `json:"tunnel"` Authenticate Endpoint `json:"authn"` + DNS01Proxy Endpoint `json:"acme_dns_01_proxy"` /* { "terms_of_service": ":hostname/tos/", @@ -33,10 +34,10 @@ type Endpoints struct { // Endpoint represents a URL Request type Endpoint struct { - URL string `json:"-"` - Method string `json:"method"` - Scheme string `json:"scheme"` - Host string `json:"host"` + URL string `json:"url,omitempty"` + Method string `json:"method,omitempty"` + Scheme string `json:"scheme,omitempty"` + Host string `json:"host,omitempty"` Pathname string `json:"pathname"` } @@ -79,15 +80,18 @@ func Discover(relay string) (*Endpoints, error) { } directives.Authenticate.URL = endpointToURLString(directives.APIHost, directives.Authenticate) + directives.DNS01Proxy.URL = endpointToURLString(directives.APIHost, directives.DNS01Proxy) return directives, nil } func endpointToURLString(apiHost string, endpoint Endpoint) string { pathname := endpoint.Pathname - if "" == pathname { - return "" - } + /* + if "" == pathname { + return "" + } + */ host := endpoint.Host if "" == host { @@ -99,5 +103,8 @@ func endpointToURLString(apiHost string, endpoint Endpoint) string { scheme = "https:" } + if "" == pathname { + return fmt.Sprintf("%s//%s", scheme, host) + } return fmt.Sprintf("%s//%s/%s", scheme, host, pathname) }