Commit 24e571ad by anun

verify edge

parent a1db662c
No preview for this file type
......@@ -175,11 +175,14 @@ func NewClient(c *Config) (*Client, error) {
if c.Edge.EdgeSecret != "" {
client.computed.Edge.EdgeSecret = c.Edge.EdgeSecret
}
/*
client.Debugf("---> c.Edge = %s", c.Edge)
client.Debugf("---> c.EdgeId = %s", c.Edge.EdgeId)
client.Debugf("---> c.EdgeSecret = %s", c.Edge.EdgeSecret)
//validate remotes
// client.Debugf("---> c.Remotes = %s", c.Remotes)
*/
for _, s := range c.Remotes {
//Anun
/*
......@@ -207,6 +210,14 @@ func NewClient(c *Config) (*Client, error) {
if !r.Reverse && !r.Stdio && !r.CanListen() {
return nil, fmt.Errorf("Client cannot listen on %s", r.String())
}
if c.Edge.EdgeId != "" {
r.EdgeId = c.Edge.EdgeId
}
if c.Edge.EdgeSecret != "" {
r.EdgeSecret = c.Edge.EdgeSecret
}
client.computed.Remotes = append(client.computed.Remotes, r)
}
// client.computed.Edge = c.Edge
......
......@@ -17,6 +17,7 @@ require (
require (
github.com/andrew-d/go-termutil v0.0.0-20150726205930-009166a695a2 // indirect
github.com/jmoiron/sqlx v1.4.0 // indirect
github.com/joho/godotenv v1.5.1 // indirect
github.com/jpillora/ansi v1.0.3 // indirect
github.com/lib/pq v1.10.9 // indirect
github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce // indirect
......
......@@ -12,6 +12,8 @@ github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWm
github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o=
github.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY=
github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
github.com/jpillora/ansi v1.0.3 h1:nn4Jzti0EmRfDxm7JtEs5LzCbNwd5sv+0aE+LdS9/ZQ=
github.com/jpillora/ansi v1.0.3/go.mod h1:D2tT+6uzJvN1nBVQILYWkIdq7zG+b5gcFN5WI/VyjMY=
github.com/jpillora/backoff v1.0.0 h1:uvFg412JmmHBHw7iwprIxkPMI+sGQ4kzOWsMeHnm2EA=
......
......@@ -21,11 +21,12 @@ import (
"golang.org/x/crypto/ssh"
"fmt"
"github.com/jmoiron/sqlx"
"database/sql"
_ "github.com/lib/pq" // The database driver in use.
)
/*
// Anun
type DdConfig struct {
User string
......@@ -44,6 +45,7 @@ func DbOpen(cfg DdConfig) (*sqlx.DB, error) {
var dataSoruce = fmt.Sprintf("host=%s port=%d user=%s password=%s dbname=%s sslmode=%s", cfg.Host, cfg.Port, cfg.User, cfg.Password, cfg.Name, sslmode)
return sqlx.Connect("postgres", dataSoruce)
}
*/
// Config is the configuration for the chisel service
type Config struct {
......@@ -69,6 +71,7 @@ type Server struct {
sessions *settings.Users
sshConfig *ssh.ServerConfig
users *settings.UserIndex
db *sql.DB
}
var upgrader = websocket.Upgrader{
......@@ -167,24 +170,26 @@ func NewServer(c *Config) (*Server, error) {
//Anun
dbenable:= settings.EnvBool("DB_ENABLE")
dbuser:= settings.EnvString("DB_USERNAME")
dbpassword:= settings.EnvString("DB_PASSWORD")
dbhost:= settings.EnvString("DB_HOST")
dbport:= settings.EnvInt("DB_PORT",0)
dbschema:= settings.EnvString("DB_NAME")
dbDisableTLS:= settings.EnvBool("DB_DISABLE_TLS")
if settings.InitEnv() {
/*
dbenable:= settings.EnvBool("DB_ENABLE")
dbuser:= settings.Env("DB_USERNAME")
dbpassword:= settings.Env("DB_PASSWORD")
dbhost:= settings.Env("DB_HOST")
dbport:= settings.EnvInt("DB_PORT",0)
dbschema:= settings.Env("DB_NAME")
dbDisableTLS:= settings.EnvBool("DB_DISABLE_TLS")
dbConfig := DdConfig{
User: dbuser,
Password: dbpassword,
Host: dbhost,
Port: dbport,
Name: dbschema,
DisableTLS: dbDisableTLS,
}
dbConfig := DdConfig{
User: dbuser,
Password: dbpassword,
Host: dbhost,
Port: dbport,
Name: dbschema,
DisableTLS: dbDisableTLS,
}
server.Infof("dbConfig %s", dbConfig)
server.Infof("dbConfig %s", dbConfig)
server.Infof("%s", dbenable)
server.Infof("%s", dbuser)
server.Infof("%s", dbpassword)
......@@ -192,18 +197,35 @@ server.Infof("%s", dbhost)
server.Infof("%s", dbport)
server.Infof("%s", dbschema)
server.Infof("%s", dbDisableTLS)
db, err := DbOpen(dbConfig)
if err != nil {
server.Infof("connecting database fail", err)
}else{
server.Infof("connecting database, %s", db)
server.db = db
}
*/
db, err := DbOpen(dbConfig)
if err != nil {
server.Infof("connecting database fail", err)
}else{
server.Infof("connecting database, %s", db)
}
dbEnable := settings.EnvBool("DB_ENABLE")
server.Infof("dbEnable: %s", dbEnable)
if settings.EnvBool("DB_ENABLE") {
server.Infof("Edge Platform enabled")
// Connect to database
connStr := settings.Env("DB_URI")
db, err := sql.Open("postgres", connStr)
if err != nil {
log.Fatal(err)
}
if err != nil {
fmt.Fprintf(os.Stdout, "Connection to the database failed\n")
return server, nil
}
err = db.Ping()
if err != nil {
fmt.Fprintf(os.Stdout, "Connection to the database failed\n")
return server, nil
}
if err == nil {
fmt.Fprintf(os.Stdout, "You have connected to the database successfully\n")
server.db = db
}
}
return server, nil
}
......
......@@ -7,6 +7,8 @@ import (
"time"
"net"
"strconv"
"fmt"
"database/sql"
chshare "dev.nexpie.com/anun/chisel/share"
"dev.nexpie.com/anun/chisel/share/cnet"
......@@ -14,8 +16,15 @@ import (
"dev.nexpie.com/anun/chisel/share/tunnel"
"golang.org/x/crypto/ssh"
"golang.org/x/sync/errgroup"
_ "github.com/lib/pq"
)
type Edge struct {
EdgeId string
EdgeSecret string
Active bool
}
func getTCPPort() (port int, err error) {
var a *net.TCPAddr
if a, err = net.ResolveTCPAddr("tcp", "localhost:0"); err == nil {
......@@ -144,8 +153,17 @@ func (s *Server) handleWebsocket(w http.ResponseWriter, req *http.Request) {
l.Infof("Client version (%s) differs from server version (%s)",
v, chshare.BuildVersion)
}
// Anun : Check edge is active
edgeActive, err := checkEdge(s.db, c.EdgeId, c.EdgeSecret)
if !edgeActive {
failed(s.Errorf("Edge '%s' is denied", c.EdgeId))
return
}
//validate remotes
for _, r := range c.Remotes {
//if user is provided, ensure they have
//access to the desired remotes
if user != nil {
......@@ -166,6 +184,7 @@ func (s *Server) handleWebsocket(w http.ResponseWriter, req *http.Request) {
failed(s.Errorf("Server cannot listen on %s", r.String()))
return
}
}
//successfuly validated config!
r.Reply(true, nil)
......@@ -201,3 +220,14 @@ func (s *Server) handleWebsocket(w http.ResponseWriter, req *http.Request) {
l.Debugf("Code (%s)", s.config)
}
}
func checkEdge(db *sql.DB, edgeid string, edgesecret string) (bool, error) {
var active bool
if err := db.QueryRow(`SELECT x.active FROM edgeregistry."EdgeDevice" x WHERE x.edgeid = $1 AND x.edgesecret = $2 AND x.active = true`, edgeid, edgesecret).Scan(&active); err != nil {
if err == sql.ErrNoRows {
return false, fmt.Errorf("Edge %s: unknown", edgeid)
}
return false, fmt.Errorf("Edge %s: %v", edgeid, err)
}
return active, nil
}
......@@ -5,6 +5,8 @@ import (
"strconv"
"strings"
"time"
"github.com/joho/godotenv"
)
// Env returns a chisel environment variable
......@@ -34,8 +36,11 @@ func EnvBool(name string) bool {
return v == "1" || strings.ToLower(v) == "true"
}
//Anun
func EnvString(name string) string {
return os.Getenv(name)
func InitEnv() bool {
err := godotenv.Load()
if err != nil {
return false
} else {
return true
}
}
......@@ -38,11 +38,12 @@ type Remote struct {
LocalHost, LocalPort, LocalProto string
RemoteHost, RemotePort, RemoteProto string
Socks, Reverse, Stdio bool
EdgeId, EdgeSecret string
}
// Anun
type Edge struct {
EdgeId, EdgeSecret string
EdgeId, EdgeSecret string
}
const revPrefix = "R:"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment