zishuo/netmaker
1
0
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-10-07 09:41:37 +08:00
Code Issues Packages Projects Releases Wiki Activity

token configs and secure grpc working

Browse Source
This commit is contained in:
afeiszli
2021-07-11 10:18:31 -04:00
parent 977da6b129
commit 9860082b7c
11 changed files with 98 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
compose/docker-compose.localserver.yml
View File

@@ -21,6 +21,6 @@ services:
ports:
- "80:80"
environment:
BACKEND_URL: "http://HOST_IP:8081"
BACKEND_URL: "http://localhost:8081"
volumes:
mongovol: {}

57
controllers/networkHttpController.go
View File

@@ -9,7 +9,6 @@ import (
"net/http"
"strings"
"time"
"github.com/jinzhu/copier"
"github.com/go-playground/validator/v10"
"github.com/gorilla/mux"
"github.com/gravitl/netmaker/functions"
@@ -679,15 +678,27 @@ func CreateAccessKey(accesskey models.AccessKey, network models.Network) (models
netID := network.NetID
var accessToken models.AccessToken
var tokensrvcfg models.ServerConfig
var tokenwgcfg models.WG
srvcfg := servercfg.GetServerConfig()
wgcfg := servercfg.GetWGConfig()
copier.Copy(tokensrvcfg, srvcfg)
copier.Copy(tokenwgcfg, wgcfg)
s := servercfg.GetServerConfig()
w := servercfg.GetWGConfig()
servervals := models.ServerConfig{
APIConnString: s.APIConnString,
APIHost: s.APIHost,
APIPort: s.APIPort,
GRPCConnString: s.GRPCConnString,
GRPCHost: s.GRPCHost,
GRPCPort: s.GRPCPort,
GRPCSSL: s.GRPCSSL,
}
wgvals := models.WG{
GRPCWireGuard: w.GRPCWireGuard,
GRPCWGAddress: w.GRPCWGAddress,
GRPCWGPort: w.GRPCWGPort,
GRPCWGPubKey: w.GRPCWGPubKey,
GRPCWGEndpoint: s.APIHost,
}
accessToken.ServerConfig = tokensrvcfg
accessToken.WG = tokenwgcfg
accessToken.ServerConfig = servervals
accessToken.WG = wgvals
accessToken.ClientConfig.Network = netID
accessToken.ClientConfig.Key = accesskey.Value
accessToken.ClientConfig.LocalRange = privAddr
@@ -733,15 +744,27 @@ func GetSignupToken(netID string) (models.AccessKey, error) {
var accesskey models.AccessKey
var accessToken models.AccessToken
var tokensrvcfg models.ServerConfig
var tokenwgcfg models.WG
srvcfg := servercfg.GetServerConfig()
wgcfg := servercfg.GetWGConfig()
copier.Copy(tokensrvcfg, srvcfg)
copier.Copy(tokenwgcfg, wgcfg)
s := servercfg.GetServerConfig()
w := servercfg.GetWGConfig()
servervals := models.ServerConfig{
APIConnString: s.APIConnString,
APIHost: s.APIHost,
APIPort: s.APIPort,
GRPCConnString: s.GRPCConnString,
GRPCHost: s.GRPCHost,
GRPCPort: s.GRPCPort,
GRPCSSL: s.GRPCSSL,
}
wgvals := models.WG{
GRPCWireGuard: w.GRPCWireGuard,
GRPCWGAddress: w.GRPCWGAddress,
GRPCWGPort: w.GRPCWGPort,
GRPCWGPubKey: w.GRPCWGPubKey,
GRPCWGEndpoint: s.APIHost,
}
accessToken.ServerConfig = tokensrvcfg
accessToken.WG = tokenwgcfg
accessToken.ServerConfig = servervals
accessToken.WG = wgvals
tokenjson, err := json.Marshal(accessToken)
if err != nil {

8
models/accessToken.go
View File

@@ -24,8 +24,8 @@ type ServerConfig struct {
type WG struct {
GRPCWireGuard string `json:"grpcwg"`
GRPCWGAddress string `json:"grpcaddr"`
GRPCWGPort string `json:"grpcport"`
GRPCWGPubKey string `json:"pubkey"`
GRPCWGEndpoint string `json:"endpoint"`
GRPCWGAddress string `json:"grpcwgaddr"`
GRPCWGPort string `json:"grpcwgport"`
GRPCWGPubKey string `json:"grpcwgpubkey"`
GRPCWGEndpoint string `json:"grpcwgendpoint"`
}

BIN
netclient/config/.config.go.swp Normal file
View File

Binary file not shown.

2
netclient/config/config.go
View File

@@ -14,6 +14,7 @@ import (
"github.com/gravitl/netmaker/models"
)
type GlobalConfig struct {
GRPCWireGuard string `yaml:"grpcwg"`
Client models.IntClient
}
@@ -478,6 +479,7 @@ func GetCLIConfigRegister(c *cli.Context) (GlobalConfig, error){
log.Println("error converting token json to object", tokenbytes )
return cfg, err
}
cfg.GRPCWireGuard = accesstoken.WG.GRPCWireGuard
cfg.Client.ServerPrivateAddress = accesstoken.WG.GRPCWGAddress
cfg.Client.ServerGRPCPort = accesstoken.WG.GRPCWGPort
if err != nil {

15
netclient/functions/checkin.go
View File

@@ -1,6 +1,8 @@
package functions
import (
"google.golang.org/grpc/credentials"
"crypto/tls"
"fmt"
"context"
"strings"
@@ -120,10 +122,13 @@ func CheckIn(network string) error {
nodecfg = cfg.Node
}
var wcclient nodepb.NodeServiceClient
var requestOpts grpc.DialOption
requestOpts = grpc.WithInsecure()
if cfg.Server.GRPCSSL == "on" {
h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}})
requestOpts = grpc.WithTransportCredentials(h2creds)
}
conn, err := grpc.Dial(servercfg.GRPCAddress, requestOpts)
if err != nil {
fmt.Printf("Cant dial GRPC server: %v", err)
@@ -296,6 +301,10 @@ func Pull (network string) error{
var wcclient nodepb.NodeServiceClient
var requestOpts grpc.DialOption
requestOpts = grpc.WithInsecure()
if cfg.Server.GRPCSSL == "on" {
h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}})
requestOpts = grpc.WithTransportCredentials(h2creds)
}
conn, err := grpc.Dial(servercfg.GRPCAddress, requestOpts)
if err != nil {
fmt.Printf("Cant dial GRPC server: %v", err)
@@ -342,6 +351,10 @@ func Push (network string) error{
var wcclient nodepb.NodeServiceClient
var requestOpts grpc.DialOption
requestOpts = grpc.WithInsecure()
if cfg.Server.GRPCSSL == "on" {
h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}})
requestOpts = grpc.WithTransportCredentials(h2creds)
}
conn, err := grpc.Dial(servercfg.GRPCAddress, requestOpts)
if err != nil {
fmt.Printf("Cant dial GRPC server: %v", err)

6
netclient/functions/common.go
View File

@@ -1,6 +1,8 @@
package functions
import (
"google.golang.org/grpc/credentials"
"crypto/tls"
"fmt"
"encoding/json"
"errors"
@@ -287,6 +289,10 @@ func LeaveNetwork(network string) error {
var wcclient nodepb.NodeServiceClient
var requestOpts grpc.DialOption
requestOpts = grpc.WithInsecure()
if cfg.Server.GRPCSSL == "on" {
h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}})
requestOpts = grpc.WithTransportCredentials(h2creds)
}
conn, err := grpc.Dial(servercfg.GRPCAddress, requestOpts)
if err != nil {
log.Printf("Unable to establish client connection to " + servercfg.GRPCAddress + ": %v", err)

17
netclient/functions/join.go
View File

@@ -28,7 +28,7 @@ func JoinNetwork(cfg config.ClientConfig) error {
err := errors.New("ALREADY_INSTALLED. Netclient appears to already be installed for " + cfg.Network + ". To re-install, please remove by executing 'sudo netclient leave -n " + cfg.Network + "'. Then re-run the install command.")
return err
}
log.Println("attempting to joining " + cfg.Network + " at " + cfg.Server.GRPCAddress)
log.Println("attempting to join " + cfg.Network + " at " + cfg.Server.GRPCAddress)
err := config.Write(&cfg, cfg.Network)
if err != nil {
return err
@@ -141,17 +141,16 @@ func JoinNetwork(cfg config.ClientConfig) error {
}
var wcclient nodepb.NodeServiceClient
var requestOpts grpc.DialOption
log.Println("cant believe we made it")
//requestOpts = grpc.WithInsecure()
requestOpts = grpc.WithInsecure()
if cfg.Server.GRPCSSL == "on" {
h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}})
requestOpts = grpc.WithTransportCredentials(h2creds)
}
conn, err := grpc.Dial(cfg.Server.GRPCAddress, requestOpts)
if err != nil {
log.Fatalf("Unable to establish client connection to localhost:50051: %v", err)
log.Fatalf("Unable to establish client connection to " + cfg.Server.GRPCAddress + ": %v", err)
}
log.Println("cant believe we made it 2")
wcclient = nodepb.NewNodeServiceClient(conn)
@@ -174,7 +173,6 @@ func JoinNetwork(cfg config.ClientConfig) error {
if err != nil {
return err
}
log.Println("cant believe we made it 3")
res, err := wcclient.CreateNode(
context.TODO(),
@@ -182,8 +180,6 @@ func JoinNetwork(cfg config.ClientConfig) error {
Node: postnode,
},
)
log.Println(res)
log.Println("cant believe we made it 3.5")
if err != nil {
return err
}
@@ -192,7 +188,6 @@ func JoinNetwork(cfg config.ClientConfig) error {
return err
}
log.Println("cant believe we made it 3.75")
if node.Dnsoff==true {
cfg.Node.DNS = "yes"
}
@@ -203,8 +198,6 @@ func JoinNetwork(cfg config.ClientConfig) error {
}
node.Endpoint = node.Localaddress
}
log.Println("cant believe we made it 4")
err = config.ModConfig(node)
if err != nil {
return err

4
netclient/main.go
View File

@@ -203,6 +203,10 @@ func main() {
if err != nil {
return err
}
if cfg.GRPCWireGuard == "off" {
log.Println("Server is not using WireGuard to secure GRPC. Skipping.")
return err
}
if cfg.Client.ServerPrivateAddress == "" {
err = errors.New("No server address provided.")
return err

7
netclient/server/grpc.go
View File

@@ -1,6 +1,8 @@
package server
import (
"google.golang.org/grpc/credentials"
"crypto/tls"
"fmt"
"context"
"log"
@@ -73,10 +75,13 @@ func RemoveNetwork(network string) error {
node := cfg.Node
fmt.Println("Deleting remote node with MAC: " + node.MacAddress)
var wcclient nodepb.NodeServiceClient
var requestOpts grpc.DialOption
requestOpts = grpc.WithInsecure()
if cfg.Server.GRPCSSL == "on" {
h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}})
requestOpts = grpc.WithTransportCredentials(h2creds)
}
conn, err := grpc.Dial(servercfg.GRPCAddress, requestOpts)
if err != nil {
log.Printf("Unable to establish client connection to " + servercfg.GRPCAddress + ": %v", err)

12
netclient/wireguard/kernel.go
View File

@@ -2,6 +2,8 @@ package wireguard
import (
//"github.com/davecgh/go-spew/spew"
"google.golang.org/grpc/credentials"
"crypto/tls"
"fmt"
"strconv"
"errors"
@@ -328,9 +330,19 @@ func SetWGKeyConfig(network string, serveraddr string) error {
ctx := context.Background()
var header metadata.MD
cfg, err := config.ReadConfig(network)
if err != nil {
return err
}
var wcclient nodepb.NodeServiceClient
var requestOpts grpc.DialOption
requestOpts = grpc.WithInsecure()
if cfg.Server.GRPCSSL == "on" {
h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}})
requestOpts = grpc.WithTransportCredentials(h2creds)
}
conn, err := grpc.Dial(serveraddr, requestOpts)
if err != nil {
fmt.Printf("Cant dial GRPC server: %v", err)