verify edge

24e571ad · anun · a1db662c · 24e571ad · 24e571ad · 24e571ad
Commit 24e571ad authored Jun 17, 2024 by anun
Show whitespace changes
Inline Side-by-side

Showing with 87 additions and 15 deletions

chisel
+0 -0

client/client.go
+11 -0

go.mod
+1 -0

go.sum
+2 -0

server/server.go
+33 -11

server/server_handler.go
+30 -0

share/settings/env.go
+9 -4

share/settings/remote.go
+1 -0

No files found.
--- a/chisel
+++ b/chisel
--- a/client/client.go
+++ b/client/client.go
@@ -175,11 +175,14 @@ func NewClient(c *Config) (*Client, error) {
 	if c.Edge.EdgeSecret != "" {
 		client.computed.Edge.EdgeSecret = c.Edge.EdgeSecret
 	}
+/*
 	client.Debugf("---> c.Edge = %s", c.Edge)
 	client.Debugf("---> c.EdgeId = %s", c.Edge.EdgeId)
 	client.Debugf("---> c.EdgeSecret = %s", c.Edge.EdgeSecret)
 	//validate remotes
 //	client.Debugf("---> c.Remotes = %s", c.Remotes)
+*/
 	for _, s := range c.Remotes {
 //Anun
 /*
@@ -207,6 +210,14 @@ func NewClient(c *Config) (*Client, error) {
 		if !r.Reverse && !r.Stdio && !r.CanListen() {
 			return nil, fmt.Errorf("Client cannot listen on %s", r.String())
 		}
+                if c.Edge.EdgeId != "" {
+                        r.EdgeId = c.Edge.EdgeId
+                }
+                if c.Edge.EdgeSecret != "" {
+                        r.EdgeSecret = c.Edge.EdgeSecret
+                }
 		client.computed.Remotes = append(client.computed.Remotes, r)
 	}
 //	client.computed.Edge = c.Edge

--- a/go.mod
+++ b/go.mod
@@ -17,6 +17,7 @@ require (
 require (
 	github.com/andrew-d/go-termutil v0.0.0-20150726205930-009166a695a2 // indirect
 	github.com/jmoiron/sqlx v1.4.0 // indirect
+	github.com/joho/godotenv v1.5.1 // indirect
 	github.com/jpillora/ansi v1.0.3 // indirect
 	github.com/lib/pq v1.10.9 // indirect
 	github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce // indirect

--- a/go.sum
+++ b/go.sum
@@ -12,6 +12,8 @@ github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWm
 github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o=
 github.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY=
+github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
+github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
 github.com/jpillora/ansi v1.0.3 h1:nn4Jzti0EmRfDxm7JtEs5LzCbNwd5sv+0aE+LdS9/ZQ=
 github.com/jpillora/ansi v1.0.3/go.mod h1:D2tT+6uzJvN1nBVQILYWkIdq7zG+b5gcFN5WI/VyjMY=
 github.com/jpillora/backoff v1.0.0 h1:uvFg412JmmHBHw7iwprIxkPMI+sGQ4kzOWsMeHnm2EA=

--- a/server/server.go
+++ b/server/server.go
@@ -21,11 +21,12 @@ import (
 	"golang.org/x/crypto/ssh"
        "fmt"
-        "github.com/jmoiron/sqlx"
+        "database/sql"
        _ "github.com/lib/pq" // The database driver in use.
 )
+/*
 // Anun
 type DdConfig struct {
        User       string
@@ -44,6 +45,7 @@ func DbOpen(cfg DdConfig) (*sqlx.DB, error) {
        var dataSoruce = fmt.Sprintf("host=%s port=%d user=%s password=%s dbname=%s sslmode=%s", cfg.Host, cfg.Port, cfg.User, cfg.Password, cfg.Name, sslmode)
        return sqlx.Connect("postgres", dataSoruce)
 }
+*/
 // Config is the configuration for the chisel service
 type Config struct {
@@ -69,6 +71,7 @@ type Server struct {
 	sessions     *settings.Users
 	sshConfig    *ssh.ServerConfig
 	users        *settings.UserIndex
+	db           *sql.DB
 }
 var upgrader = websocket.Upgrader{
@@ -167,12 +170,14 @@ func NewServer(c *Config) (*Server, error) {
 //Anun
+	if settings.InitEnv() {
+/*
 		dbenable:= settings.EnvBool("DB_ENABLE")
-	dbuser:= settings.EnvString("DB_USERNAME")
+		dbuser:= settings.Env("DB_USERNAME")
-	dbpassword:= settings.EnvString("DB_PASSWORD")
+		dbpassword:= settings.Env("DB_PASSWORD")
-	dbhost:= settings.EnvString("DB_HOST")
+		dbhost:= settings.Env("DB_HOST")
 		dbport:= settings.EnvInt("DB_PORT",0)
-	dbschema:= settings.EnvString("DB_NAME")
+		dbschema:= settings.Env("DB_NAME")
 		dbDisableTLS:= settings.EnvBool("DB_DISABLE_TLS")
 		dbConfig := DdConfig{
@@ -184,7 +189,7 @@ func NewServer(c *Config) (*Server, error) {
 			DisableTLS: dbDisableTLS,
 		}
-	server.Infof("dbConfig %s", dbConfig)
+server.Infof("dbConfig %s", dbConfig)
 server.Infof("%s", dbenable)
 server.Infof("%s", dbuser)
 server.Infof("%s", dbpassword)
@@ -192,18 +197,35 @@ server.Infof("%s", dbhost)
 server.Infof("%s", dbport)
 server.Infof("%s", dbschema)
 server.Infof("%s", dbDisableTLS)
 		db, err := DbOpen(dbConfig)
 		if err != nil {
 			server.Infof("connecting database fail", err)
 		}else{
 			server.Infof("connecting database, %s", db)
+			server.db = db
 		}
+*/
-	dbEnable := settings.EnvBool("DB_ENABLE")
+		// Connect to database
-	server.Infof("dbEnable: %s", dbEnable)
+		connStr := settings.Env("DB_URI")
-	if settings.EnvBool("DB_ENABLE") {
+		db, err := sql.Open("postgres", connStr)
-		server.Infof("Edge Platform enabled")
+		if err != nil {
+			log.Fatal(err)
+		}
+		if err != nil {
+			fmt.Fprintf(os.Stdout, "Connection to the database failed\n")
+			 return server, nil
+		}
+		err = db.Ping()
+		if err != nil {
+			fmt.Fprintf(os.Stdout, "Connection to the database failed\n")
+			return server, nil
+		}
+		if err == nil {
+		        fmt.Fprintf(os.Stdout, "You have connected to the database successfully\n")
+			server.db = db
+		}
 	}
 	return server, nil
 }

--- a/server/server_handler.go
+++ b/server/server_handler.go
@@ -7,6 +7,8 @@ import (
 	"time"
 	"net"
 	"strconv"
+	"fmt"
+	"database/sql"
 	chshare "dev.nexpie.com/anun/chisel/share"
 	"dev.nexpie.com/anun/chisel/share/cnet"
@@ -14,8 +16,15 @@ import (
 	"dev.nexpie.com/anun/chisel/share/tunnel"
 	"golang.org/x/crypto/ssh"
 	"golang.org/x/sync/errgroup"
+	 _ "github.com/lib/pq"
 )
+type Edge struct {
+   EdgeId      string
+   EdgeSecret  string
+   Active      bool
+}
 func getTCPPort() (port int, err error) {
        var a *net.TCPAddr
        if a, err = net.ResolveTCPAddr("tcp", "localhost:0"); err == nil {
@@ -144,8 +153,17 @@ func (s *Server) handleWebsocket(w http.ResponseWriter, req *http.Request) {
 		l.Infof("Client version (%s) differs from server version (%s)",
 			v, chshare.BuildVersion)
 	}
+	// Anun : Check edge is active
+	edgeActive, err := checkEdge(s.db, c.EdgeId, c.EdgeSecret)
+	if !edgeActive {
+		failed(s.Errorf("Edge '%s' is denied", c.EdgeId))
+		return
+	}
 	//validate remotes
 	for _, r := range c.Remotes {
 		//if user is provided, ensure they have
 		//access to the desired remotes
 		if user != nil {
@@ -166,6 +184,7 @@ func (s *Server) handleWebsocket(w http.ResponseWriter, req *http.Request) {
 			failed(s.Errorf("Server cannot listen on %s", r.String()))
 			return
 		}
 	}
 	//successfuly validated config!
 	r.Reply(true, nil)
@@ -201,3 +220,14 @@ func (s *Server) handleWebsocket(w http.ResponseWriter, req *http.Request) {
 		l.Debugf("Code (%s)", s.config)
 	}
 }
+func checkEdge(db *sql.DB, edgeid string, edgesecret string) (bool, error) {
+    var active bool
+    if err := db.QueryRow(`SELECT x.active FROM edgeregistry."EdgeDevice" x WHERE x.edgeid = $1 AND x.edgesecret = $2 AND x.active = true`, edgeid, edgesecret).Scan(&active); err != nil {
+        if err == sql.ErrNoRows {
+            return false, fmt.Errorf("Edge %s: unknown", edgeid)
+        }
+        return false, fmt.Errorf("Edge %s: %v", edgeid, err)
+    }
+    return active, nil
+}
--- a/share/settings/env.go
+++ b/share/settings/env.go
@@ -5,6 +5,8 @@ import (
 	"strconv"
 	"strings"
 	"time"
+        "github.com/joho/godotenv"
 )
 // Env returns a chisel environment variable
@@ -34,8 +36,11 @@ func EnvBool(name string) bool {
 	return v == "1" || strings.ToLower(v) == "true"
 }
-//Anun
+func InitEnv() bool {
-func EnvString(name string) string {
+        err := godotenv.Load()
-	return os.Getenv(name)
+        if err != nil {
+                return false
+        } else {
+                return true
+        }
 }
--- a/share/settings/remote.go
+++ b/share/settings/remote.go
@@ -38,6 +38,7 @@ type Remote struct {
 	LocalHost, LocalPort, LocalProto    string
 	RemoteHost, RemotePort, RemoteProto string
 	Socks, Reverse, Stdio               bool
+	EdgeId, EdgeSecret                  string
 }
 // Anun