netmaker/mq/util.go

package mq

import (
	"errors"
	"fmt"
	"strings"
	"time"

	"github.com/gravitl/netmaker/logic"
	"github.com/gravitl/netmaker/models"
	"github.com/gravitl/netmaker/netclient/ncutils"
)

func decryptMsgWithHost(host *models.Host, msg []byte) ([]byte, error) {
	if host.OS == models.OS_Types.IoT { // just pass along IoT messages
		return msg, nil
	}

	trafficKey, trafficErr := logic.RetrievePrivateTrafficKey() // get server private key
	if trafficErr != nil {
		return nil, trafficErr
	}
	serverPrivTKey, err := ncutils.ConvertBytesToKey(trafficKey)
	if err != nil {
		return nil, err
	}
	nodePubTKey, err := ncutils.ConvertBytesToKey(host.TrafficKeyPublic)
	if err != nil {
		return nil, err
	}

	return ncutils.DeChunk(msg, nodePubTKey, serverPrivTKey)
}

func DecryptMsg(node *models.Node, msg []byte) ([]byte, error) {
	if len(msg) <= 24 { // make sure message is of appropriate length
		return nil, fmt.Errorf("received invalid message from broker %v", msg)
	}
	host, err := logic.GetHost(node.HostID.String())
	if err != nil {
		return nil, err
	}

	return decryptMsgWithHost(host, msg)
}

func encryptMsg(host *models.Host, msg []byte) ([]byte, error) {
	if host.OS == models.OS_Types.IoT {
		return msg, nil
	}

	// fetch server public key to be certain hasn't changed in transit
	trafficKey, trafficErr := logic.RetrievePrivateTrafficKey()
	if trafficErr != nil {
		return nil, trafficErr
	}

	serverPrivKey, err := ncutils.ConvertBytesToKey(trafficKey)
	if err != nil {
		return nil, err
	}

	nodePubKey, err := ncutils.ConvertBytesToKey(host.TrafficKeyPublic)
	if err != nil {
		return nil, err
	}

	if strings.Contains(host.Version, "0.10.0") {
		return ncutils.BoxEncrypt(msg, nodePubKey, serverPrivKey)
	}

	return ncutils.Chunk(msg, nodePubKey, serverPrivKey)
}

func publish(host *models.Host, dest string, msg []byte) error {

	encrypted, encryptErr := encryptMsg(host, msg)
	if encryptErr != nil {
		return encryptErr
	}
	if mqclient == nil || !mqclient.IsConnectionOpen() {
		return errors.New("cannot publish ... mqclient not connected")
	}

	if token := mqclient.Publish(dest, 0, true, encrypted); !token.WaitTimeout(MQ_TIMEOUT*time.Second) || token.Error() != nil {
		var err error
		if token.Error() == nil {
			err = errors.New("connection timeout")
		} else {
			err = token.Error()
		}
		return err
	}
	return nil
}

// decodes a message queue topic and returns the embedded node.ID
func GetID(topic string) (string, error) {
	parts := strings.Split(topic, "/")
	count := len(parts)
	if count == 1 {
		return "", fmt.Errorf("invalid topic")
	}
	//the last part of the topic will be the node.ID
	return parts[count-1], nil
}
added encryption/decryption strategy 2022-01-29 04:33:30 +08:00			`package mq`

			`import (`
use token.WaitTimeout() 2022-05-16 21:38:47 +08:00			`"errors"`
edited so that if certain error detected, restart daemon, log changes 2022-02-07 04:02:05 +08:00			`"fmt"`
added compatibility with 0.10.0 clients 2022-02-15 23:22:11 +08:00			`"strings"`
use token.WaitTimeout() 2022-05-16 21:38:47 +08:00			`"time"`
edited so that if certain error detected, restart daemon, log changes 2022-02-07 04:02:05 +08:00
added encryption/decryption strategy 2022-01-29 04:33:30 +08:00			`"github.com/gravitl/netmaker/logic"`
remove db read 2022-01-29 22:14:18 +08:00			`"github.com/gravitl/netmaker/models"`
added encryption/decryption strategy 2022-01-29 04:33:30 +08:00			`"github.com/gravitl/netmaker/netclient/ncutils"`
			`)`

added ability for server to receive and publish host model updates via MQ 2023-01-11 23:33:43 +08:00			`func decryptMsgWithHost(host *models.Host, msg []byte) ([]byte, error) {`
added iot check in mq message handlers 2023-03-14 22:46:12 +08:00			`if host.OS == models.OS_Types.IoT { // just pass along IoT messages`
			`return msg, nil`
			`}`

switched to eliptical strategy 2022-01-30 04:02:37 +08:00			`trafficKey, trafficErr := logic.RetrievePrivateTrafficKey() // get server private key`
added encryption/decryption strategy 2022-01-29 04:33:30 +08:00			`if trafficErr != nil {`
			`return nil, trafficErr`
			`}`
switched to eliptical strategy 2022-01-30 04:02:37 +08:00			`serverPrivTKey, err := ncutils.ConvertBytesToKey(trafficKey)`
			`if err != nil {`
			`return nil, err`
			`}`
refactor join also removes server node suspect there may be issues with proxy and UI interactions with nodes 2022-12-21 04:29:09 +08:00			`nodePubTKey, err := ncutils.ConvertBytesToKey(host.TrafficKeyPublic)`
switched to eliptical strategy 2022-01-30 04:02:37 +08:00			`if err != nil {`
			`return nil, err`
			`}`

added ability for server to receive and publish host model updates via MQ 2023-01-11 23:33:43 +08:00			`return ncutils.DeChunk(msg, nodePubTKey, serverPrivTKey)`
			`}`

[NET-546] Move ee code to ee package, unify ee status and terminology (#2538) * Move ee code to ee package and unify ee status to IsPro * Consolidate naming for paid/professional/enterprise version as "pro". Notes: - Changes image tags - Changes build tags - Changes package names - Doesn't change links to docs that mention "ee" - Doesn't change parameters sent to PostHog that mention "ee" * Revert docker image tag being -pro, back to -ee * Revert go build tag being pro, back to ee * Add build tags for some ee content * [2] Revert go build tag being pro, back to ee * Fix test workflow * Add a json tag to be backwards compatible with frontend "IsEE" check * Add a json tag for the serverconfig struct for IsEE * Ammend json tag to Is_EE * fix ee tags --------- Co-authored-by: Abhishek Kondur <abhi281342@gmail.com> 2023-09-01 10:12:05 +08:00			`func DecryptMsg(node *models.Node, msg []byte) ([]byte, error) {`
added ability for server to receive and publish host model updates via MQ 2023-01-11 23:33:43 +08:00			`if len(msg) <= 24 { // make sure message is of appropriate length`
fix: typo (#2624) 2023-10-25 00:52:40 +08:00			`return nil, fmt.Errorf("received invalid message from broker %v", msg)`
added ability for server to receive and publish host model updates via MQ 2023-01-11 23:33:43 +08:00			`}`
			`host, err := logic.GetHost(node.HostID.String())`
			`if err != nil {`
			`return nil, err`
added compatibility with 0.10.0 clients 2022-02-15 23:22:11 +08:00			`}`

added ability for server to receive and publish host model updates via MQ 2023-01-11 23:33:43 +08:00			`return decryptMsgWithHost(host, msg)`
added encryption/decryption strategy 2022-01-29 04:33:30 +08:00			`}`

add new host role with acls 2023-01-04 12:35:05 +08:00			`func encryptMsg(host *models.Host, msg []byte) ([]byte, error) {`
added iot check in mq message handlers 2023-03-14 22:46:12 +08:00			`if host.OS == models.OS_Types.IoT {`
			`return msg, nil`
			`}`

switched to eliptical strategy 2022-01-30 04:02:37 +08:00			`// fetch server public key to be certain hasn't changed in transit`
			`trafficKey, trafficErr := logic.RetrievePrivateTrafficKey()`
			`if trafficErr != nil {`
			`return nil, trafficErr`
			`}`

			`serverPrivKey, err := ncutils.ConvertBytesToKey(trafficKey)`
			`if err != nil {`
			`return nil, err`
added encryption/decryption strategy 2022-01-29 04:33:30 +08:00			`}`
switched to eliptical strategy 2022-01-30 04:02:37 +08:00
refactor join also removes server node suspect there may be issues with proxy and UI interactions with nodes 2022-12-21 04:29:09 +08:00			`nodePubKey, err := ncutils.ConvertBytesToKey(host.TrafficKeyPublic)`
switched to eliptical strategy 2022-01-30 04:02:37 +08:00			`if err != nil {`
			`return nil, err`
			`}`

refactor join also removes server node suspect there may be issues with proxy and UI interactions with nodes 2022-12-21 04:29:09 +08:00			`if strings.Contains(host.Version, "0.10.0") {`
added compatibility with 0.10.0 clients 2022-02-15 23:22:11 +08:00			`return ncutils.BoxEncrypt(msg, nodePubKey, serverPrivKey)`
			`}`

initial chunk approach 2022-02-15 03:21:56 +08:00			`return ncutils.Chunk(msg, nodePubKey, serverPrivKey)`
added encryption/decryption strategy 2022-01-29 04:33:30 +08:00			`}`

add new host role with acls 2023-01-04 12:35:05 +08:00			`func publish(host *models.Host, dest string, msg []byte) error {`
NET-725: Failovers (#2685) * api to to get host relayed from client * add auto relay to api host * add peer nat type * set pro field on signal * rm net check on relay me handler * return success response * re-establish failover logic * set failOver ctx * failOver with peer pub key * failovered peer updates * failover handlers, reset failovered peer on deletion * rm unused funcs * initialize failover handler on EE * ignore failover node on signal * failover changes * set host id on signal * extend signal model to include node ids * add backwards compatibility * add failover as node api * set json response on failover handers * add failover field to api node * fix signal data check * initialize failover peer map * reset failovered status when relayed or deleted * add failover info to api node * reset network failover * only proceed furtuer if failover exists in the network * set failOver node defaults * cannot set failover node as relayed * debug log * debug log * debug changes * debug changes * debug changes * revert debug changes * don't add peers to idmap when removed * reset failed Over * fix static checks * rm debug log * add check for linux host 2023-11-30 00:10:07 +08:00
add new host role with acls 2023-01-04 12:35:05 +08:00			`encrypted, encryptErr := encryptMsg(host, msg)`
added encryption/decryption strategy 2022-01-29 04:33:30 +08:00			`if encryptErr != nil {`
			`return encryptErr`
			`}`
NET-655 (#2670) * NET-655 * Updated HostPull structure to include EgressRoutes and FirewallUpdate models. * added ServerVersion structure to hostpull model * added ServerVersion structure to hostpull model * removed ServerVersion structure * removed ServerVersion structure * added egressroute and fwupdate to hostpull handler * add host update fallback handler * set broker type on server cfg * use actual host password to create emqx user --------- Co-authored-by: Christopher Blaha <crispspiceguitar@gmail.com> Co-authored-by: Abhishek Kondur <abhi281342@gmail.com> 2023-12-21 14:43:06 +08:00			`if mqclient == nil \|\| !mqclient.IsConnectionOpen() {`
reuse mq connections 2022-08-30 02:08:01 +08:00			`return errors.New("cannot publish ... mqclient not connected")`
			`}`
NET-725: Failovers (#2685) * api to to get host relayed from client * add auto relay to api host * add peer nat type * set pro field on signal * rm net check on relay me handler * return success response * re-establish failover logic * set failOver ctx * failOver with peer pub key * failovered peer updates * failover handlers, reset failovered peer on deletion * rm unused funcs * initialize failover handler on EE * ignore failover node on signal * failover changes * set host id on signal * extend signal model to include node ids * add backwards compatibility * add failover as node api * set json response on failover handers * add failover field to api node * fix signal data check * initialize failover peer map * reset failovered status when relayed or deleted * add failover info to api node * reset network failover * only proceed furtuer if failover exists in the network * set failOver node defaults * cannot set failover node as relayed * debug log * debug log * debug changes * debug changes * debug changes * revert debug changes * don't add peers to idmap when removed * reset failed Over * fix static checks * rm debug log * add check for linux host 2023-11-30 00:10:07 +08:00
reuse mq connections 2022-08-30 02:08:01 +08:00			`if token := mqclient.Publish(dest, 0, true, encrypted); !token.WaitTimeout(MQ_TIMEOUT*time.Second) \|\| token.Error() != nil {`
use token.WaitTimeout() 2022-05-16 21:38:47 +08:00			`var err error`
			`if token.Error() == nil {`
			`err = errors.New("connection timeout")`
			`} else {`
			`err = token.Error()`
			`}`
			`return err`
added encryption/decryption strategy 2022-01-29 04:33:30 +08:00			`}`
			`return nil`
			`}`
refactored and cleaned up code, added peer update from clients 2022-02-17 04:40:51 +08:00
reuse mq connections 2022-08-30 02:08:01 +08:00			`// decodes a message queue topic and returns the embedded node.ID`
[NET-546] Move ee code to ee package, unify ee status and terminology (#2538) * Move ee code to ee package and unify ee status to IsPro * Consolidate naming for paid/professional/enterprise version as "pro". Notes: - Changes image tags - Changes build tags - Changes package names - Doesn't change links to docs that mention "ee" - Doesn't change parameters sent to PostHog that mention "ee" * Revert docker image tag being -pro, back to -ee * Revert go build tag being pro, back to ee * Add build tags for some ee content * [2] Revert go build tag being pro, back to ee * Fix test workflow * Add a json tag to be backwards compatible with frontend "IsEE" check * Add a json tag for the serverconfig struct for IsEE * Ammend json tag to Is_EE * fix ee tags --------- Co-authored-by: Abhishek Kondur <abhi281342@gmail.com> 2023-09-01 10:12:05 +08:00			`func GetID(topic string) (string, error) {`
refactored and cleaned up code, added peer update from clients 2022-02-17 04:40:51 +08:00			`parts := strings.Split(topic, "/")`
			`count := len(parts)`
			`if count == 1 {`
			`return "", fmt.Errorf("invalid topic")`
			`}`
			`//the last part of the topic will be the node.ID`
			`return parts[count-1], nil`
			`}`