gravitl/netmaker
1
1
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2024-09-20 23:36:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

compiling with changes pushed for json token. Have NOT TESTED. Will probably run into issues. Need to test multiple egress ranges, AllowedIPs, and overriding connection strings.

Browse source
This commit is contained in:
afeiszli 2021-07-11 00:49:31 -04:00
parent e11a15dfff
commit 977da6b129
13 changed files with 243 additions and 61 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
config/config.go
View file

@ -36,10 +36,13 @@ type EnvironmentConfig struct {
// ServerConfig : // ServerConfig :
type ServerConfig struct { type ServerConfig struct {
APIConnString string `yaml:"apiconn"`
APIHost string `yaml:"apihost"` APIHost string `yaml:"apihost"`
APIPort string `yaml:"apiport"` APIPort string `yaml:"apiport"`
GRPCConnString string `yaml:"grpcconn"`
GRPCHost string `yaml:"grpchost"` GRPCHost string `yaml:"grpchost"`
GRPCPort string `yaml:"grpcport"` GRPCPort string `yaml:"grpcport"`
GRPCSecure string `yaml:"grpcsecure"`
DefaultNodeLimit int32 `yaml:"defaultnodelimit"` DefaultNodeLimit int32 `yaml:"defaultnodelimit"`
MasterKey string `yaml:"masterkey"` MasterKey string `yaml:"masterkey"`
AllowedOrigin string `yaml:"allowedorigin"` AllowedOrigin string `yaml:"allowedorigin"`
@ -48,6 +51,8 @@ type ServerConfig struct {
ClientMode string `yaml:"clientmode"` ClientMode string `yaml:"clientmode"`
DNSMode string `yaml:"dnsmode"` DNSMode string `yaml:"dnsmode"`
DisableRemoteIPCheck string `yaml:"disableremoteipcheck"` DisableRemoteIPCheck string `yaml:"disableremoteipcheck"`
DisableDefaultNet string `yaml:"disabledefaultnet"`
GRPCSSL string `yaml:"grpcssl"`
} }
type WG struct { type WG struct {

2
controllers/authGrpc.go
View file

@ -84,7 +84,7 @@ func grpcAuthorize(ctx context.Context) error {
} }
emptynode := models.Node{} emptynode := models.Node{}
node, err := functions.GetNodeByMacAddress(network, mac) node, err := functions.GetNodeByMacAddress(network, mac)
if err != nil || node == emptynode { if err != nil || node.MacAddress == emptynode.MacAddress {
return status.Errorf(codes.Unauthenticated, "Node does not exist.") return status.Errorf(codes.Unauthenticated, "Node does not exist.")
} }

57
controllers/networkHttpController.go
View file

@ -6,11 +6,10 @@ import (
"encoding/json" "encoding/json"
"errors" "errors"
"fmt" "fmt"
"net"
"net/http" "net/http"
"strings" "strings"
"time" "time"
"github.com/jinzhu/copier"
"github.com/go-playground/validator/v10" "github.com/go-playground/validator/v10"
"github.com/gorilla/mux" "github.com/gorilla/mux"
"github.com/gravitl/netmaker/functions" "github.com/gravitl/netmaker/functions"
@ -194,13 +193,14 @@ func ValidateNetworkCreate(network models.Network) error {
// //
_ = v.RegisterValidation("netid_valid", func(fl validator.FieldLevel) bool { _ = v.RegisterValidation("netid_valid", func(fl validator.FieldLevel) bool {
isFieldUnique, _ := functions.IsNetworkNameUnique(fl.Field().String()) isFieldUnique, _ := functions.IsNetworkNameUnique(fl.Field().String())
// inCharSet := functions.NameInNetworkCharSet(fl.Field().String()) inCharSet := functions.NameInNetworkCharSet(fl.Field().String())
return isFieldUnique return isFieldUnique && inCharSet
}) })
// //
_ = v.RegisterValidation("displayname_unique", func(fl validator.FieldLevel) bool { _ = v.RegisterValidation("displayname_valid", func(fl validator.FieldLevel) bool {
isFieldUnique, _ := functions.IsNetworkDisplayNameUnique(fl.Field().String()) isFieldUnique, _ := functions.IsNetworkDisplayNameUnique(fl.Field().String())
return isFieldUnique inCharSet := functions.NameInNetworkCharSet(fl.Field().String())
return isFieldUnique && inCharSet
}) })
err := v.Struct(network) err := v.Struct(network)
@ -677,12 +677,28 @@ func CreateAccessKey(accesskey models.AccessKey, network models.Network) (models
} }
netID := network.NetID netID := network.NetID
grpcaddress := net.JoinHostPort(servercfg.GetGRPCHost(), servercfg.GetGRPCPort())
apiaddress := net.JoinHostPort(servercfg.GetAPIHost(), servercfg.GetAPIPort())
wgport := servercfg.GetGRPCWGPort()
accessstringdec := wgport + "|" +grpcaddress + "|" + apiaddress + "|" + netID + "|" + accesskey.Value + "|" + privAddr var accessToken models.AccessToken
accesskey.AccessString = base64.StdEncoding.EncodeToString([]byte(accessstringdec)) var tokensrvcfg models.ServerConfig
var tokenwgcfg models.WG
srvcfg := servercfg.GetServerConfig()
wgcfg := servercfg.GetWGConfig()
copier.Copy(tokensrvcfg, srvcfg)
copier.Copy(tokenwgcfg, wgcfg)
accessToken.ServerConfig = tokensrvcfg
accessToken.WG = tokenwgcfg
accessToken.ClientConfig.Network = netID
accessToken.ClientConfig.Key = accesskey.Value
accessToken.ClientConfig.LocalRange = privAddr
tokenjson, err := json.Marshal(accessToken)
if err != nil {
return accesskey, err
}
accesskey.AccessString = base64.StdEncoding.EncodeToString([]byte(tokenjson))
//validate accesskey //validate accesskey
v := validator.New() v := validator.New()
err = v.Struct(accesskey) err = v.Struct(accesskey)
@ -716,10 +732,23 @@ func CreateAccessKey(accesskey models.AccessKey, network models.Network) (models
func GetSignupToken(netID string) (models.AccessKey, error) { func GetSignupToken(netID string) (models.AccessKey, error) {
var accesskey models.AccessKey var accesskey models.AccessKey
address := net.JoinHostPort(servercfg.GetGRPCHost(), servercfg.GetGRPCPort()) var accessToken models.AccessToken
var tokensrvcfg models.ServerConfig
var tokenwgcfg models.WG
srvcfg := servercfg.GetServerConfig()
wgcfg := servercfg.GetWGConfig()
copier.Copy(tokensrvcfg, srvcfg)
copier.Copy(tokenwgcfg, wgcfg)
accessstringdec := address + "|" + netID + "|" + "" + "|" accessToken.ServerConfig = tokensrvcfg
accesskey.AccessString = base64.StdEncoding.EncodeToString([]byte(accessstringdec)) accessToken.WG = tokenwgcfg
tokenjson, err := json.Marshal(accessToken)
if err != nil {
return accesskey, err
}
accesskey.AccessString = base64.StdEncoding.EncodeToString([]byte(tokenjson))
return accesskey, nil return accesskey, nil
} }
func getSignupToken(w http.ResponseWriter, r *http.Request) { func getSignupToken(w http.ResponseWriter, r *http.Request) {

14
controllers/nodeHttpController.go
View file

@ -612,7 +612,7 @@ func CreateEgressGateway(gateway models.EgressGatewayRequest) (models.Node, erro
{"postup", nodechange.PostUp}, {"postup", nodechange.PostUp},
{"postdown", nodechange.PostDown}, {"postdown", nodechange.PostDown},
{"isegressgateway", nodechange.IsEgressGateway}, {"isegressgateway", nodechange.IsEgressGateway},
{"egressgatewayrange", nodechange.EgressGatewayRange}, {"egressgatewayranges", nodechange.EgressGatewayRanges},
{"lastmodified", nodechange.LastModified}, {"lastmodified", nodechange.LastModified},
}}, }},
} }
@ -636,10 +636,10 @@ func CreateEgressGateway(gateway models.EgressGatewayRequest) (models.Node, erro
func ValidateEgressGateway(gateway models.EgressGatewayRequest) error { func ValidateEgressGateway(gateway models.EgressGatewayRequest) error {
var err error var err error
isIp := functions.IsIpCIDR(gateway.RangeString) //isIp := functions.IsIpCIDR(gateway.RangeString)
empty := gateway.RangeString == "" empty := len(gateway.Ranges)==0
if empty || !isIp { if empty {
err = errors.New("IP Range Not Valid") err = errors.New("IP Ranges Cannot Be Empty")
} }
empty = gateway.Interface == "" empty = gateway.Interface == ""
if empty { if empty {
@ -670,7 +670,7 @@ func DeleteEgressGateway(network, macaddress string) (models.Node, error) {
} }
nodechange.IsEgressGateway = false nodechange.IsEgressGateway = false
nodechange.EgressGatewayRange = "" nodechange.EgressGatewayRanges = []string{}
nodechange.PostUp = "" nodechange.PostUp = ""
nodechange.PostDown = "" nodechange.PostDown = ""
@ -685,7 +685,7 @@ func DeleteEgressGateway(network, macaddress string) (models.Node, error) {
{"postup", nodechange.PostUp}, {"postup", nodechange.PostUp},
{"postdown", nodechange.PostDown}, {"postdown", nodechange.PostDown},
{"isegressgateway", nodechange.IsEgressGateway}, {"isegressgateway", nodechange.IsEgressGateway},
{"egressgatewayrange", nodechange.EgressGatewayRange}, {"egressgatewayranges", nodechange.EgressGatewayRanges},
{"lastmodified", nodechange.LastModified}, {"lastmodified", nodechange.LastModified},
}}, }},
} }

2
functions/helpers.go
View file

@ -555,7 +555,7 @@ func GetNodeObj(id primitive.ObjectID) models.Node {
//Switch to REGEX? //Switch to REGEX?
func NameInNetworkCharSet(name string) bool { func NameInNetworkCharSet(name string) bool {
charset := "abcdefghijklmnopqrstuvwxyz1234567890-_" charset := "abcdefghijklmnopqrstuvwxyz1234567890-_."
for _, char := range name { for _, char := range name {
if !strings.Contains(charset, strings.ToLower(string(char))) { if !strings.Contains(charset, strings.ToLower(string(char))) {

1
go.mod
View file

@ -9,6 +9,7 @@ require (
github.com/golang/protobuf v1.5.2 // indirect github.com/golang/protobuf v1.5.2 // indirect
github.com/gorilla/handlers v1.5.1 github.com/gorilla/handlers v1.5.1
github.com/gorilla/mux v1.8.0 github.com/gorilla/mux v1.8.0
github.com/jinzhu/copier v0.3.2 // indirect
github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e // indirect github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e // indirect
github.com/stretchr/testify v1.6.1 github.com/stretchr/testify v1.6.1
github.com/txn2/txeh v1.3.0 github.com/txn2/txeh v1.3.0

2
go.sum
View file

@ -93,6 +93,8 @@ github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
github.com/jinzhu/copier v0.3.2 h1:QdBOCbaouLDYaIPFfi1bKv5F5tPpeTwXe4sD0jqtz5w=
github.com/jinzhu/copier v0.3.2/go.mod h1:24xnZezI2Yqac9J61UC6/dG/k76ttpq0DdJI3QmUvro=
github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=

5
main.go
View file

@ -146,8 +146,11 @@ func runGRPC(wg *sync.WaitGroup, installserver bool) {
log.Println("Agent Server succesfully started on port " + grpcport + " (gRPC)") log.Println("Agent Server succesfully started on port " + grpcport + " (gRPC)")
if installserver { if installserver {
success := true
if !servercfg.DisableDefaultNet() {
log.Println("Adding server to default network") log.Println("Adding server to default network")
success, err := serverctl.AddNetwork("default") success, err = serverctl.AddNetwork("default")
}
if err != nil { if err != nil {
log.Printf("Error adding to default network: %v", err) log.Printf("Error adding to default network: %v", err)
log.Println("Unable to add server to network. Continuing.") log.Println("Unable to add server to network. Continuing.")

31
models/accessToken.go Normal file
View file

@ -0,0 +1,31 @@
package models
type AccessToken struct {
ServerConfig
ClientConfig
WG
}
type ClientConfig struct {
Network string `json:"network"`
Key string `json:"key"`
LocalRange string `json:"localrange"`
}
type ServerConfig struct {
APIConnString string `json:"apiconn"`
APIHost string `json:"apihost"`
APIPort string `json:"apiport"`
GRPCConnString string `json:"grpcconn"`
GRPCHost string `json:"grpchost"`
GRPCPort string `json:"grpcport"`
GRPCSSL string `json:"grpcssl"`
}
type WG struct {
GRPCWireGuard string `json:"grpcwg"`
GRPCWGAddress string `json:"grpcaddr"`
GRPCWGPort string `json:"grpcport"`
GRPCWGPubKey string `json:"pubkey"`
GRPCWGEndpoint string `json:"endpoint"`
}

12
models/network.go
View file

@ -16,8 +16,8 @@ type Network struct {
// AddressRange6 string `json:"addressrange6" bson:"addressrange6" validate:"required_with=isdualstack true,cidrv6"` // AddressRange6 string `json:"addressrange6" bson:"addressrange6" validate:"required_with=isdualstack true,cidrv6"`
AddressRange6 string `json:"addressrange6" bson:"addressrange6" validate:"addressrange6_valid"` AddressRange6 string `json:"addressrange6" bson:"addressrange6" validate:"addressrange6_valid"`
//can't have min=1 with omitempty //can't have min=1 with omitempty
DisplayName string `json:"displayname,omitempty" bson:"displayname,omitempty" validate:"omitempty,alphanum,min=2,max=20,displayname_unique"` DisplayName string `json:"displayname,omitempty" bson:"displayname,omitempty" validate:"omitempty,min=1,max=20,displayname_valid"`
NetID string `json:"netid" bson:"netid" validate:"required,alphanum,min=1,max=12,netid_valid"` NetID string `json:"netid" bson:"netid" validate:"required,min=1,max=12,netid_valid"`
NodesLastModified int64 `json:"nodeslastmodified" bson:"nodeslastmodified"` NodesLastModified int64 `json:"nodeslastmodified" bson:"nodeslastmodified"`
NetworkLastModified int64 `json:"networklastmodified" bson:"networklastmodified"` NetworkLastModified int64 `json:"networklastmodified" bson:"networklastmodified"`
DefaultInterface string `json:"defaultinterface" bson:"defaultinterface"` DefaultInterface string `json:"defaultinterface" bson:"defaultinterface"`
@ -47,8 +47,8 @@ type NetworkUpdate struct {
// AddressRange6 string `json:"addressrange6" bson:"addressrange6" validate:"required_with=isdualstack true,cidrv6"` // AddressRange6 string `json:"addressrange6" bson:"addressrange6" validate:"required_with=isdualstack true,cidrv6"`
AddressRange6 string `json:"addressrange6" bson:"addressrange6" validate:"omitempty,cidr"` AddressRange6 string `json:"addressrange6" bson:"addressrange6" validate:"omitempty,cidr"`
//can't have min=1 with omitempty //can't have min=1 with omitempty
DisplayName string `json:"displayname,omitempty" bson:"displayname,omitempty" validate:"omitempty,alphanum,min=2,max=20"` DisplayName string `json:"displayname,omitempty" bson:"displayname,omitempty" validate:"omitempty,validnetid,min=1,max=20"`
NetID string `json:"netid" bson:"netid" validate:"omitempty,alphanum,min=1,max=12"` NetID string `json:"netid" bson:"netid" validate:"omitempty,validnetid,min=1,max=15"`
NodesLastModified int64 `json:"nodeslastmodified" bson:"nodeslastmodified"` NodesLastModified int64 `json:"nodeslastmodified" bson:"nodeslastmodified"`
NetworkLastModified int64 `json:"networklastmodified" bson:"networklastmodified"` NetworkLastModified int64 `json:"networklastmodified" bson:"networklastmodified"`
DefaultInterface string `json:"defaultinterface" bson:"defaultinterface"` DefaultInterface string `json:"defaultinterface" bson:"defaultinterface"`
@ -86,7 +86,11 @@ func (network *Network) SetDefaults() {
network.DisplayName = network.NetID network.DisplayName = network.NetID
} }
if network.DefaultInterface == "" { if network.DefaultInterface == "" {
if len(network.NetID) < 13 {
network.DefaultInterface = "nm-" + network.NetID network.DefaultInterface = "nm-" + network.NetID
} else {
network.DefaultInterface = network.NetID
}
} }
if network.DefaultListenPort == 0 { if network.DefaultListenPort == 0 {
network.DefaultListenPort = 51821 network.DefaultListenPort = 51821

17
models/node.go
View file

@ -28,7 +28,7 @@ type Node struct {
Endpoint string `json:"endpoint" bson:"endpoint" validate:"required,ip"` Endpoint string `json:"endpoint" bson:"endpoint" validate:"required,ip"`
PostUp string `json:"postup" bson:"postup"` PostUp string `json:"postup" bson:"postup"`
PostDown string `json:"postdown" bson:"postdown"` PostDown string `json:"postdown" bson:"postdown"`
AllowedIPs string `json:"allowedips" bson:"allowedips"` AllowedIPs []string `json:"allowedips" bson:"allowedips"`
PersistentKeepalive int32 `json:"persistentkeepalive" bson:"persistentkeepalive" validate:"omitempty,numeric,max=1000"` PersistentKeepalive int32 `json:"persistentkeepalive" bson:"persistentkeepalive" validate:"omitempty,numeric,max=1000"`
SaveConfig *bool `json:"saveconfig" bson:"saveconfig"` SaveConfig *bool `json:"saveconfig" bson:"saveconfig"`
AccessKey string `json:"accesskey" bson:"accesskey"` AccessKey string `json:"accesskey" bson:"accesskey"`
@ -48,6 +48,8 @@ type Node struct {
EgressGatewayRanges []string `json:"egressgatewayranges" bson:"egressgatewayranges"` EgressGatewayRanges []string `json:"egressgatewayranges" bson:"egressgatewayranges"`
IngressGatewayRange string `json:"ingressgatewayrange" bson:"ingressgatewayrange"` IngressGatewayRange string `json:"ingressgatewayrange" bson:"ingressgatewayrange"`
PostChanges string `json:"postchanges" bson:"postchanges"` PostChanges string `json:"postchanges" bson:"postchanges"`
StaticIP string `json:"staticip" bson:"staticip"`
StaticPubKey string `json:"staticpubkey" bson:"staticpubkey"`
} }
//node update struct --- only validations are different //node update struct --- only validations are different
@ -62,7 +64,7 @@ type NodeUpdate struct {
Endpoint string `json:"endpoint" bson:"endpoint" validate:"omitempty,ip"` Endpoint string `json:"endpoint" bson:"endpoint" validate:"omitempty,ip"`
PostUp string `json:"postup" bson:"postup"` PostUp string `json:"postup" bson:"postup"`
PostDown string `json:"postdown" bson:"postdown"` PostDown string `json:"postdown" bson:"postdown"`
AllowedIPs string `json:"allowedips" bson:"allowedips"` AllowedIPs []string `json:"allowedips" bson:"allowedips"`
PersistentKeepalive int32 `json:"persistentkeepalive" bson:"persistentkeepalive" validate:"omitempty,numeric,max=1000"` PersistentKeepalive int32 `json:"persistentkeepalive" bson:"persistentkeepalive" validate:"omitempty,numeric,max=1000"`
SaveConfig *bool `json:"saveconfig" bson:"saveconfig"` SaveConfig *bool `json:"saveconfig" bson:"saveconfig"`
AccessKey string `json:"accesskey" bson:"accesskey"` AccessKey string `json:"accesskey" bson:"accesskey"`
@ -80,8 +82,10 @@ type NodeUpdate struct {
IsIngressGateway bool `json:"isingressgateway" bson:"isingressgateway"` IsIngressGateway bool `json:"isingressgateway" bson:"isingressgateway"`
IsEgressGateway bool `json:"isegressgateway" bson:"isegressgateway"` IsEgressGateway bool `json:"isegressgateway" bson:"isegressgateway"`
IngressGatewayRange string `json:"ingressgatewayrange" bson:"ingressgatewayrange"` IngressGatewayRange string `json:"ingressgatewayrange" bson:"ingressgatewayrange"`
EgressGatewayRange string `json:"gatewayrange" bson:"gatewayrange"` EgressGatewayRanges []string `json:"egressgatewayranges" bson:"egressgatewayranges"`
PostChanges string `json:"postchanges" bson:"postchanges"` PostChanges string `json:"postchanges" bson:"postchanges"`
StaticIP string `json:"staticip" bson:"staticip"`
StaticPubKey string `json:"staticpubkey" bson:"staticpubkey"`
} }
//Duplicated function for NodeUpdates //Duplicated function for NodeUpdates
@ -191,6 +195,13 @@ func (node *Node) SetDefaults() {
postup := parentNetwork.DefaultPostUp postup := parentNetwork.DefaultPostUp
node.PostUp = postup node.PostUp = postup
} }
if node.StaticIP == "" {
node.StaticIP = "no"
}
if node.StaticPubKey == "" {
node.StaticPubKey = "no"
}
node.CheckInInterval = parentNetwork.DefaultCheckInInterval node.CheckInInterval = parentNetwork.DefaultCheckInInterval
} }

85
netclient/config/config.go
View file

@ -6,10 +6,9 @@ import (
"os" "os"
"encoding/base64" "encoding/base64"
"errors" "errors"
"strings"
"fmt" "fmt"
"net"
"log" "log"
"encoding/json"
"gopkg.in/yaml.v3" "gopkg.in/yaml.v3"
nodepb "github.com/gravitl/netmaker/grpc" nodepb "github.com/gravitl/netmaker/grpc"
"github.com/gravitl/netmaker/models" "github.com/gravitl/netmaker/models"
@ -29,6 +28,8 @@ type ServerConfig struct {
GRPCAddress string `yaml:"grpcaddress"` GRPCAddress string `yaml:"grpcaddress"`
APIAddress string `yaml:"apiaddress"` APIAddress string `yaml:"apiaddress"`
AccessKey string `yaml:"accesskey"` AccessKey string `yaml:"accesskey"`
GRPCSSL string `yaml:"grpcssl"`
GRPCWireGuard string `yaml:"grpcwg"`
} }
type ListConfig struct { type ListConfig struct {
@ -53,16 +54,19 @@ type NodeConfig struct {
IsLocal string `yaml:"islocal"` IsLocal string `yaml:"islocal"`
IsDualStack string `yaml:"isdualstack"` IsDualStack string `yaml:"isdualstack"`
IsIngressGateway string `yaml:"isingressgateway"` IsIngressGateway string `yaml:"isingressgateway"`
AllowedIPs string `yaml:"allowedips"` AllowedIPs []string `yaml:"allowedips"`
LocalRange string `yaml:"localrange"` LocalRange string `yaml:"localrange"`
PostUp string `yaml:"postup"` PostUp string `yaml:"postup"`
PostDown string `yaml:"postdown"` PostDown string `yaml:"postdown"`
Port int32 `yaml:"port"` Port int32 `yaml:"port"`
KeepAlive int32 `yaml:"keepalive"` KeepAlive int32 `yaml:"keepalive"`
PublicKey string `yaml:"publickey"` PublicKey string `yaml:"publickey"`
ServerPubKey string `yaml:"serverpubkey"`
PrivateKey string `yaml:"privatekey"` PrivateKey string `yaml:"privatekey"`
Endpoint string `yaml:"endpoint"` Endpoint string `yaml:"endpoint"`
PostChanges string `yaml:"postchanges"` PostChanges string `yaml:"postchanges"`
StaticIP string `yaml:"staticip"`
StaticPubKey string `yaml:"staticpubkey"`
IPForwarding string `yaml:"ipforwarding"` IPForwarding string `yaml:"ipforwarding"`
} }
@ -375,16 +379,34 @@ func GetCLIConfig(c *cli.Context) (ClientConfig, error){
log.Println("error decoding token") log.Println("error decoding token")
return cfg, err return cfg, err
} }
token := string(tokenbytes) var accesstoken models.AccessToken
tokenvals := strings.Split(token, "|") if err := json.Unmarshal(tokenbytes, &accesstoken); err != nil {
log.Println("error converting token json to object", tokenbytes )
cfg.Server.GRPCAddress = tokenvals[1] return cfg, err
cfg.Network = tokenvals[3]
cfg.Node.Network = tokenvals[3]
cfg.Server.AccessKey = tokenvals[4]
if len(tokenvals) > 4 {
cfg.Node.LocalRange = tokenvals[5]
} }
if accesstoken.ServerConfig.APIConnString != "" {
cfg.Server.APIAddress = accesstoken.ServerConfig.APIConnString
} else {
cfg.Server.APIAddress = accesstoken.ServerConfig.APIHost
if accesstoken.ServerConfig.APIPort != "" {
cfg.Server.APIAddress = cfg.Server.APIAddress + ":" + accesstoken.ServerConfig.APIPort
}
}
if accesstoken.ServerConfig.GRPCConnString != "" {
cfg.Server.GRPCAddress = accesstoken.ServerConfig.GRPCConnString
} else {
cfg.Server.GRPCAddress = accesstoken.ServerConfig.GRPCHost
if accesstoken.ServerConfig.GRPCPort != "" {
cfg.Server.GRPCAddress = cfg.Server.GRPCAddress + ":" + accesstoken.ServerConfig.GRPCPort
}
}
cfg.Network = accesstoken.ClientConfig.Network
cfg.Node.Network = accesstoken.ClientConfig.Network
cfg.Server.AccessKey = accesstoken.ClientConfig.Key
cfg.Node.LocalRange = accesstoken.ClientConfig.LocalRange
cfg.Server.GRPCSSL = accesstoken.ServerConfig.GRPCSSL
cfg.Server.GRPCWireGuard = accesstoken.WG.GRPCWireGuard
if c.String("grpcserver") != "" { if c.String("grpcserver") != "" {
cfg.Server.GRPCAddress = c.String("grpcserver") cfg.Server.GRPCAddress = c.String("grpcserver")
} }
@ -401,6 +423,13 @@ func GetCLIConfig(c *cli.Context) (ClientConfig, error){
if c.String("localrange") != "" { if c.String("localrange") != "" {
cfg.Node.LocalRange = c.String("localrange") cfg.Node.LocalRange = c.String("localrange")
} }
if c.String("grpcssl") != "" {
cfg.Server.GRPCSSL = c.String("grpcssl")
}
if c.String("grpcwg") != "" {
cfg.Server.GRPCWireGuard = c.String("grpcwg")
}
} else { } else {
cfg.Server.GRPCAddress = c.String("grpcserver") cfg.Server.GRPCAddress = c.String("grpcserver")
cfg.Server.APIAddress = c.String("apiserver") cfg.Server.APIAddress = c.String("apiserver")
@ -408,6 +437,8 @@ func GetCLIConfig(c *cli.Context) (ClientConfig, error){
cfg.Network = c.String("network") cfg.Network = c.String("network")
cfg.Node.Network = c.String("network") cfg.Node.Network = c.String("network")
cfg.Node.LocalRange = c.String("localrange") cfg.Node.LocalRange = c.String("localrange")
cfg.Server.GRPCWireGuard = c.String("grpcwg")
cfg.Server.GRPCSSL = c.String("grpcssl")
} }
cfg.Node.Name = c.String("name") cfg.Node.Name = c.String("name")
cfg.Node.Interface = c.String("interface") cfg.Node.Interface = c.String("interface")
@ -442,22 +473,32 @@ func GetCLIConfigRegister(c *cli.Context) (GlobalConfig, error){
log.Println("error decoding token") log.Println("error decoding token")
return cfg, err return cfg, err
} }
token := string(tokenbytes) var accesstoken models.AccessToken
tokenvals := strings.Split(token, "|") if err := json.Unmarshal(tokenbytes, &accesstoken); err != nil {
log.Println("error converting token json to object", tokenbytes )
cfg.Client.ServerPrivateAddress, cfg.Client.ServerGRPCPort, err = net.SplitHostPort(tokenvals[1]) return cfg, err
}
cfg.Client.ServerPrivateAddress = accesstoken.WG.GRPCWGAddress
cfg.Client.ServerGRPCPort = accesstoken.WG.GRPCWGPort
if err != nil { if err != nil {
log.Println("error decoding token grpcserver") log.Println("error decoding token grpcserver")
return cfg, err return cfg, err
} }
cfg.Client.ServerPublicEndpoint, cfg.Client.ServerAPIPort, err = net.SplitHostPort(tokenvals[2])
if err != nil { if err != nil {
log.Println("error decoding token apiserver") log.Println("error decoding token apiserver")
return cfg, err return cfg, err
} }
if accesstoken.ServerConfig.APIConnString != "" {
cfg.Client.ServerWGPort = tokenvals[0] cfg.Client.ServerPublicEndpoint = accesstoken.ServerConfig.APIConnString
cfg.Client.ServerKey = tokenvals[4] } else {
cfg.Client.ServerPublicEndpoint = accesstoken.ServerConfig.APIHost
if accesstoken.ServerConfig.APIPort != "" {
cfg.Client.ServerAPIPort = accesstoken.ServerConfig.APIPort
}
}
cfg.Client.ServerWGPort = accesstoken.WG.GRPCWGPort
cfg.Client.ServerKey = accesstoken.ClientConfig.Key
cfg.Client.ServerKey = accesstoken.WG.GRPCWGPubKey
if c.String("grpcserver") != "" { if c.String("grpcserver") != "" {
cfg.Client.ServerPrivateAddress = c.String("grpcserver") cfg.Client.ServerPrivateAddress = c.String("grpcserver")
@ -465,8 +506,8 @@ func GetCLIConfigRegister(c *cli.Context) (GlobalConfig, error){
if c.String("apiserver") != "" { if c.String("apiserver") != "" {
cfg.Client.ServerPublicEndpoint = c.String("apiserver") cfg.Client.ServerPublicEndpoint = c.String("apiserver")
} }
if c.String("key") != "" { if c.String("pubkey") != "" {
cfg.Client.ServerKey = c.String("key") cfg.Client.ServerKey = c.String("pubkey")
} }
if c.String("network") != "all" { if c.String("network") != "all" {
cfg.Client.Network = c.String("network") cfg.Client.Network = c.String("network")

57
servercfg/serverconf.go
View file

@ -19,8 +19,10 @@ func SetHost() error {
} }
func GetServerConfig() config.ServerConfig { func GetServerConfig() config.ServerConfig {
var cfg config.ServerConfig var cfg config.ServerConfig
cfg.APIConnString = GetAPIConnString()
cfg.APIHost = GetAPIHost() cfg.APIHost = GetAPIHost()
cfg.APIPort = GetAPIPort() cfg.APIPort = GetAPIPort()
cfg.GRPCConnString = GetGRPCConnString()
cfg.GRPCHost = GetGRPCHost() cfg.GRPCHost = GetGRPCHost()
cfg.GRPCPort = GetGRPCPort() cfg.GRPCPort = GetGRPCPort()
cfg.MasterKey = "(hidden)" cfg.MasterKey = "(hidden)"
@ -41,10 +43,18 @@ func GetServerConfig() config.ServerConfig {
if IsDNSMode() { if IsDNSMode() {
cfg.DNSMode = "on" cfg.DNSMode = "on"
} }
cfg.GRPCSSL = "off"
if IsGRPCSSL() {
cfg.GRPCSSL = "on"
}
cfg.DisableRemoteIPCheck = "off" cfg.DisableRemoteIPCheck = "off"
if DisableRemoteIPCheck() { if DisableRemoteIPCheck() {
cfg.DisableRemoteIPCheck = "on" cfg.DisableRemoteIPCheck = "on"
} }
cfg.DisableDefaultNet = "off"
if DisableDefaultNet() {
cfg.DisableRemoteIPCheck = "on"
}
return cfg return cfg
} }
@ -63,7 +73,15 @@ func GetWGConfig() config.WG{
cfg.GRPCWGPrivKey = GetGRPCWGPrivKey() cfg.GRPCWGPrivKey = GetGRPCWGPrivKey()
return cfg return cfg
} }
func GetAPIConnString() string {
conn := ""
if os.Getenv("SERVER_API_CONN_STRING") != "" {
conn = os.Getenv("SERVER_API_CONN_STRING")
} else if config.Config.Server.APIConnString != "" {
conn = config.Config.Server.APIConnString
}
return conn
}
func GetAPIHost() string { func GetAPIHost() string {
serverhost := "127.0.0.1" serverhost := "127.0.0.1"
if os.Getenv("SERVER_HTTP_HOST") != "" { if os.Getenv("SERVER_HTTP_HOST") != "" {
@ -101,6 +119,15 @@ func GetDefaultNodeLimit() int32 {
} }
return limit return limit
} }
func GetGRPCConnString() string {
conn := ""
if os.Getenv("SERVER_GRPC_CONN_STRING") != "" {
conn = os.Getenv("SERVER_GRPC_CONN_STRING")
} else if config.Config.Server.GRPCConnString != "" {
conn = config.Config.Server.GRPCConnString
}
return conn
}
func GetGRPCHost() string { func GetGRPCHost() string {
serverhost := "127.0.0.1" serverhost := "127.0.0.1"
@ -201,6 +228,21 @@ func IsDNSMode() bool {
} }
return isdns return isdns
} }
func IsGRPCSSL() bool {
isssl := false
if os.Getenv("GRPC_SSL") != "" {
if os.Getenv("GRPC_SSL") == "on" {
isssl = true
}
} else if config.Config.Server.DNSMode != "" {
if config.Config.Server.DNSMode == "on" {
isssl = true
}
}
return isssl
}
func DisableRemoteIPCheck() bool { func DisableRemoteIPCheck() bool {
disabled := false disabled := false
if os.Getenv("DISABLE_REMOTE_IP_CHECK") != "" { if os.Getenv("DISABLE_REMOTE_IP_CHECK") != "" {
@ -214,6 +256,19 @@ func DisableRemoteIPCheck() bool {
} }
return disabled return disabled
} }
func DisableDefaultNet() bool {
disabled := false
if os.Getenv("DISABLE_DEFAULT_NET") != "" {
if os.Getenv("DISABLE_DEFAULT_NET") == "on" {
disabled = true
}
} else if config.Config.Server.DisableDefaultNet != "" {
if config.Config.Server.DisableDefaultNet == "on" {
disabled= true
}
}
return disabled
}
func GetPublicIP() (string, error) { func GetPublicIP() (string, error) {
endpoint := "" endpoint := ""