Peer management login (#83)

* feature: replace RegisterPeer with Login method that does both - registration and login

* test: add management login test

* feature: add WiretrusteeConfig to the Login response to configure peer global config

* feature: add client peer login support

* fix: missing parts

* chore: update go deps

* feature: support Management Service gRPC endpoints [CLIENT]

* feature: finalize client sync with management

* fix: management store peer key lower case restore

* fix: management returns peer ip without a mask

* refactor: remove cmd pkg

* fix: invalid tun interface name on mac

* fix: timeout when calling management client

* fix: tests and lint errors

* fix: golang-test workflow

* fix: client service tests

* fix: iface build

* feature: detect management scheme on startup

* chore: better logs for management

* fix: goreleaser

* fix: lint errors

* fix: signal TLS

* fix: direct Wireguard connection

* chore: verbose logging on direct connection

client/cmd/root.go

@@ -0,0 +1,74 @@
+package cmd
+
+import (
+	"fmt"
+	"os"
+	"os/signal"
+	"runtime"
+
+	log "github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+)
+
+const (
+	// ExitSetupFailed defines exit code
+	ExitSetupFailed   = 1
+	DefaultConfigPath = ""
+)
+
+var (
+	configPath        string
+	defaultConfigPath string
+	logLevel          string
+
+	rootCmd = &cobra.Command{
+		Use:   "wiretrustee",
+		Short: "",
+		Long:  "",
+	}
+
+	// Execution control channel for stopCh signal
+	stopCh chan int
+)
+
+// Execute executes the root command.
+func Execute() error {
+	return rootCmd.Execute()
+}
+func init() {
+
+	stopCh = make(chan int)
+
+	defaultConfigPath = "/etc/wiretrustee/config.json"
+	if runtime.GOOS == "windows" {
+		defaultConfigPath = os.Getenv("PROGRAMDATA") + "\\Wiretrustee\\" + "config.json"
+	}
+	rootCmd.PersistentFlags().StringVar(&configPath, "config", defaultConfigPath, "Wiretrustee config file location to write new config to")
+	rootCmd.PersistentFlags().StringVar(&logLevel, "log-level", "info", "")
+	rootCmd.AddCommand(serviceCmd)
+	rootCmd.AddCommand(upCmd)
+	serviceCmd.AddCommand(runCmd, startCmd, stopCmd, restartCmd) // service control commands are subcommands of service
+	serviceCmd.AddCommand(installCmd, uninstallCmd)              // service installer commands are subcommands of service
+}
+
+// SetupCloseHandler handles SIGTERM signal and exits with success
+func SetupCloseHandler() {
+	c := make(chan os.Signal, 1)
+	signal.Notify(c, os.Interrupt)
+	go func() {
+		for range c {
+			fmt.Println("\r- Ctrl+C pressed in Terminal")
+			stopCh <- 0
+		}
+	}()
+}
+
+// InitLog parses and sets log-level input
+func InitLog(logLevel string) {
+	level, err := log.ParseLevel(logLevel)
+	if err != nil {
+		log.Errorf("Failed parsing log-level %s: %s", logLevel, err)
+		os.Exit(ExitSetupFailed)
+	}
+	log.SetLevel(level)
+}

client/cmd/service.go

@@ -0,0 +1,48 @@
+package cmd
+
+import (
+	"github.com/kardianos/service"
+	log "github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+)
+
+type program struct {
+	cmd  *cobra.Command
+	args []string
+}
+
+var logger service.Logger
+
+func newSVCConfig() *service.Config {
+	return &service.Config{
+		Name:        "wiretrustee",
+		DisplayName: "Wiretrustee",
+		Description: "A WireGuard-based mesh network that connects your devices into a single private network.",
+	}
+}
+
+func newSVC(prg *program, conf *service.Config) (service.Service, error) {
+	s, err := service.New(prg, conf)
+	if err != nil {
+		log.Fatal(err)
+		return nil, err
+	}
+	logger, err = s.Logger(nil)
+	if err != nil {
+		log.Fatal(err)
+		return nil, err
+	}
+	return s, nil
+}
+
+var (
+	serviceCmd = &cobra.Command{
+		Use:   "service",
+		Short: "manages wiretrustee service",
+		//Run: func(cmd *cobra.Command, args []string) {
+		//},
+	}
+)
+
+func init() {
+}

client/cmd/service_controller.go

@@ -0,0 +1,109 @@
+package cmd
+
+import (
+	"github.com/kardianos/service"
+	"github.com/spf13/cobra"
+)
+
+func (p *program) Start(s service.Service) error {
+	// Start should not block. Do the actual work async.
+	logger.Info("Starting service") //nolint
+	return nil
+}
+
+func (p *program) Stop(s service.Service) error {
+	stopCh <- 1
+	return nil
+}
+
+var (
+	runCmd = &cobra.Command{
+		Use:   "run",
+		Short: "runs wiretrustee as service",
+		Run: func(cmd *cobra.Command, args []string) {
+
+			prg := &program{
+				cmd:  cmd,
+				args: args,
+			}
+
+			s, err := newSVC(prg, newSVCConfig())
+			if err != nil {
+				cmd.PrintErrln(err)
+				return
+			}
+			err = s.Run()
+			if err != nil {
+				cmd.PrintErrln(err)
+				return
+			}
+			cmd.Printf("Wiretrustee service is running")
+		},
+	}
+)
+
+var (
+	startCmd = &cobra.Command{
+		Use:   "start",
+		Short: "starts wiretrustee service",
+		Run: func(cmd *cobra.Command, args []string) {
+
+			s, err := newSVC(&program{}, newSVCConfig())
+			if err != nil {
+				cmd.PrintErrln(err)
+				return
+			}
+			err = s.Start()
+			if err != nil {
+				cmd.PrintErrln(err)
+				return
+			}
+			cmd.Printf("Wiretrustee service has been started")
+		},
+	}
+)
+
+var (
+	stopCmd = &cobra.Command{
+		Use:   "stop",
+		Short: "stops wiretrustee service",
+		Run: func(cmd *cobra.Command, args []string) {
+
+			s, err := newSVC(&program{}, newSVCConfig())
+			if err != nil {
+				cmd.PrintErrln(err)
+				return
+			}
+			err = s.Stop()
+			if err != nil {
+				cmd.PrintErrln(err)
+				return
+			}
+			cmd.Printf("Wiretrustee service has been stopped")
+		},
+	}
+)
+
+var (
+	restartCmd = &cobra.Command{
+		Use:   "restart",
+		Short: "restarts wiretrustee service",
+		Run: func(cmd *cobra.Command, args []string) {
+
+			s, err := newSVC(&program{}, newSVCConfig())
+			if err != nil {
+				cmd.PrintErrln(err)
+				return
+			}
+			err = s.Restart()
+			if err != nil {
+				cmd.PrintErrln(err)
+				return
+			}
+			cmd.Printf("Wiretrustee service has been restarted")
+		},
+	}
+)
+
+func init() {
+}

client/cmd/service_installer.go

@@ -0,0 +1,69 @@
+package cmd
+
+import (
+	"github.com/spf13/cobra"
+	"runtime"
+)
+
+var (
+	installCmd = &cobra.Command{
+		Use:   "install",
+		Short: "installs wiretrustee service",
+		Run: func(cmd *cobra.Command, args []string) {
+
+			svcConfig := newSVCConfig()
+
+			svcConfig.Arguments = []string{
+				"service",
+				"run",
+				"--config",
+				configPath,
+				"--log-level",
+				logLevel,
+			}
+
+			if runtime.GOOS == "linux" {
+				// Respected only by systemd systems
+				svcConfig.Dependencies = []string{"After=network.target syslog.target"}
+			}
+
+			s, err := newSVC(&program{}, svcConfig)
+			if err != nil {
+				cmd.PrintErrln(err)
+				return
+			}
+
+			err = s.Install()
+			if err != nil {
+				cmd.PrintErrln(err)
+				return
+			}
+			cmd.Printf("Wiretrustee service has been installed")
+		},
+	}
+)
+
+var (
+	uninstallCmd = &cobra.Command{
+		Use:   "uninstall",
+		Short: "uninstalls wiretrustee service from system",
+		Run: func(cmd *cobra.Command, args []string) {
+
+			s, err := newSVC(&program{}, newSVCConfig())
+			if err != nil {
+				cmd.PrintErrln(err)
+				return
+			}
+
+			err = s.Uninstall()
+			if err != nil {
+				cmd.PrintErrln(err)
+				return
+			}
+			cmd.Printf("Wiretrustee has been uninstalled")
+		},
+	}
+)
+
+func init() {
+}

client/cmd/service_test.go

@@ -0,0 +1,129 @@
+package cmd
+
+import (
+	"bytes"
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/kardianos/service"
+)
+
+func Test_ServiceInstallCMD(t *testing.T) {
+	b := bytes.NewBufferString("")
+	rootCmd.SetOut(b)
+	rootCmd.SetErr(b)
+	rootCmd.SetArgs([]string{
+		"service",
+		"install",
+		"--config",
+		"/tmp/config.json",
+	})
+	err := rootCmd.Execute()
+	if err != nil {
+		t.Fatal(err)
+	}
+	out, err := ioutil.ReadAll(b)
+	if err != nil {
+		t.Fatal(err)
+	}
+	expectedMSG := "Wiretrustee service has been installed"
+	if string(out) != expectedMSG {
+		t.Fatalf("expected \"%s\" got \"%s\"", expectedMSG, string(out))
+	}
+}
+
+func Test_ServiceStartCMD(t *testing.T) {
+	b := bytes.NewBufferString("")
+	rootCmd.SetOut(b)
+	rootCmd.SetErr(b)
+	rootCmd.SetArgs([]string{"service", "start"})
+	err := rootCmd.Execute()
+	if err != nil {
+		t.Fatal(err)
+	}
+	out, err := ioutil.ReadAll(b)
+	if err != nil {
+		t.Fatal(err)
+	}
+	expectedMSG := "Wiretrustee service has been started"
+	if string(out) != expectedMSG {
+		t.Fatalf("expected \"%s\" got \"%s\"", expectedMSG, string(out))
+	}
+}
+
+func Test_ServiceRunCMD(t *testing.T) {
+	configFilePath := "/tmp/config.json"
+	if _, err := os.Stat(configFilePath); err == nil {
+		e := os.Remove(configFilePath)
+		if e != nil {
+			t.Fatal(err)
+		}
+	}
+	rootCmd.SetArgs([]string{
+		"--config",
+		configFilePath,
+	})
+	err := rootCmd.Execute()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	rootCmd.ResetFlags()
+	rootCmd.SetArgs([]string{"service", "start"})
+	err = rootCmd.Execute()
+	if err != nil {
+		t.Fatal(err)
+	}
+	s, err := newSVC(&program{}, newSVCConfig())
+	if err != nil {
+		t.Fatal(err)
+	}
+	status, err := s.Status()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if status != service.StatusRunning {
+		t.Fatalf("expected running status of \"%d\" got \"%d\"", service.StatusRunning, status)
+	}
+}
+
+/*func Test_ServiceStopCMD(t *testing.T) {
+	b := bytes.NewBufferString("")
+	rootCmd.SetOut(b)
+	rootCmd.SetErr(b)
+	rootCmd.SetArgs([]string{"service", "stop"})
+	err := rootCmd.Execute()
+	if err != nil {
+		t.Fatal(err)
+	}
+	out, err := ioutil.ReadAll(b)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	expectedMSG := "Wiretrustee service has been stopped"
+	if string(out) != expectedMSG {
+		t.Fatalf("expected \"%s\" got \"%s\"", expectedMSG, string(out))
+	}
+}*/
+
+func Test_ServiceUninstallCMD(t *testing.T) {
+	b := bytes.NewBufferString("")
+	rootCmd.SetOut(b)
+	rootCmd.SetErr(b)
+	rootCmd.SetArgs([]string{"service", "uninstall"})
+	err := rootCmd.Execute()
+	if err != nil {
+		t.Fatal(err)
+	}
+	out, err := ioutil.ReadAll(b)
+	if err != nil {
+		t.Fatal(err)
+	}
+	expectedMSG := "Wiretrustee has been uninstalled"
+	if string(out) != expectedMSG {
+		t.Fatalf("expected \"%s\" got \"%s\"", expectedMSG, string(out))
+	}
+}

client/cmd/up.go

@@ -0,0 +1,246 @@
+package cmd
+
+import (
+	"bufio"
+	"context"
+	"fmt"
+	"github.com/pion/ice/v2"
+	log "github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+	"github.com/wiretrustee/wiretrustee/client/internal"
+	"github.com/wiretrustee/wiretrustee/iface"
+	mgm "github.com/wiretrustee/wiretrustee/management/client"
+	mgmProto "github.com/wiretrustee/wiretrustee/management/proto"
+	signal "github.com/wiretrustee/wiretrustee/signal/client"
+	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+	"net/url"
+	"os"
+	"strings"
+)
+
+var (
+	managementAddr string
+
+	upCmd = &cobra.Command{
+		Use:   "up",
+		Short: "start wiretrustee",
+		Run: func(cmd *cobra.Command, args []string) {
+			InitLog(logLevel)
+
+			config, err := internal.GetConfig(managementAddr, configPath)
+			if err != nil {
+				log.Errorf("failed getting config %s %v", configPath, err)
+				os.Exit(ExitSetupFailed)
+			}
+
+			//validate our peer's Wireguard PRIVATE key
+			myPrivateKey, err := wgtypes.ParseKey(config.PrivateKey)
+			if err != nil {
+				log.Errorf("failed parsing Wireguard key %s: [%s]", config.PrivateKey, err.Error())
+				os.Exit(ExitSetupFailed)
+			}
+
+			ctx := context.Background()
+
+			managementURL, err := url.Parse(config.ManagementURL)
+			if err != nil {
+				log.Errorf("failed parsing managemtn URL%s: [%s]", config.ManagementURL, err.Error())
+				os.Exit(ExitSetupFailed)
+			}
+
+			mgmTlsEnabled := false
+			if managementURL.Scheme == "https" {
+				mgmTlsEnabled = true
+			}
+
+			// connect (just a connection, no stream yet) and login to Management Service to get an initial global Wiretrustee config
+
+			mgmClient, loginResp, err := connectToManagement(ctx, managementURL.Host, myPrivateKey, mgmTlsEnabled)
+			if err != nil {
+				log.Error(err)
+				os.Exit(ExitSetupFailed)
+			}
+
+			// with the global Wiretrustee config in hand connect (just a connection, no stream yet) Signal
+			signalClient, err := connectToSignal(ctx, loginResp.GetWiretrusteeConfig(), myPrivateKey)
+			if err != nil {
+				log.Error(err)
+				os.Exit(ExitSetupFailed)
+			}
+
+			engineConfig, err := createEngineConfig(myPrivateKey, config, loginResp.GetWiretrusteeConfig(), loginResp.GetPeerConfig())
+			if err != nil {
+				log.Error(err)
+				os.Exit(ExitSetupFailed)
+			}
+
+			// create start the Wiretrustee Engine that will connect to the Signal and Management streams and manage connections to remote peers.
+			engine := internal.NewEngine(signalClient, mgmClient, engineConfig)
+			err = engine.Start()
+			if err != nil {
+				log.Errorf("error while starting Wiretrustee Connection Engine: %s", err)
+				os.Exit(ExitSetupFailed)
+			}
+
+			SetupCloseHandler()
+			<-stopCh
+			log.Infof("receive signal to stop running")
+			err = mgmClient.Close()
+			if err != nil {
+				log.Errorf("failed closing Management Service client %v", err)
+			}
+			err = signalClient.Close()
+			if err != nil {
+				log.Errorf("failed closing Signal Service client %v", err)
+			}
+
+			log.Debugf("removing Wiretrustee interface %s", config.WgIface)
+			err = iface.Close()
+			if err != nil {
+				log.Errorf("failed closing Wiretrustee interface %s %v", config.WgIface, err)
+			}
+		},
+	}
+)
+
+func init() {
+	upCmd.PersistentFlags().StringVar(&managementAddr, "management-addr", "", "Management Service address (e.g. app.wiretrustee.com")
+}
+
+// createEngineConfig converts configuration received from Management Service to EngineConfig
+func createEngineConfig(key wgtypes.Key, config *internal.Config, wtConfig *mgmProto.WiretrusteeConfig, peerConfig *mgmProto.PeerConfig) (*internal.EngineConfig, error) {
+	iFaceBlackList := make(map[string]struct{})
+	for i := 0; i < len(config.IFaceBlackList); i += 2 {
+		iFaceBlackList[config.IFaceBlackList[i]] = struct{}{}
+	}
+
+	stunTurns, err := toStunTurnURLs(wtConfig)
+	if err != nil {
+		return nil, status.Errorf(codes.FailedPrecondition, "failed parsing STUN and TURN URLs received from Management Service : %s", err)
+	}
+
+	return &internal.EngineConfig{
+		StunsTurns:     stunTurns,
+		WgIface:        config.WgIface,
+		WgAddr:         peerConfig.Address,
+		IFaceBlackList: iFaceBlackList,
+		WgPrivateKey:   key,
+	}, nil
+}
+
+// toStunTurnURLs converts Wiretrustee STUN and TURN configs to ice.URL array
+func toStunTurnURLs(wtConfig *mgmProto.WiretrusteeConfig) ([]*ice.URL, error) {
+
+	var stunsTurns []*ice.URL
+	for _, stun := range wtConfig.Stuns {
+		url, err := ice.ParseURL(stun.Uri)
+		if err != nil {
+			return nil, err
+		}
+		stunsTurns = append(stunsTurns, url)
+	}
+	for _, turn := range wtConfig.Turns {
+		url, err := ice.ParseURL(turn.HostConfig.Uri)
+		if err != nil {
+			return nil, err
+		}
+		url.Username = turn.User
+		url.Password = turn.Password
+		stunsTurns = append(stunsTurns, url)
+	}
+
+	return stunsTurns, nil
+}
+
+// connectToSignal creates Signal Service client and established a connection
+func connectToSignal(ctx context.Context, wtConfig *mgmProto.WiretrusteeConfig, ourPrivateKey wgtypes.Key) (*signal.Client, error) {
+	var sigTLSEnabled bool
+	if wtConfig.Signal.Protocol == mgmProto.HostConfig_HTTPS {
+		sigTLSEnabled = true
+	} else {
+		sigTLSEnabled = false
+	}
+	signalClient, err := signal.NewClient(ctx, wtConfig.Signal.Uri, ourPrivateKey, sigTLSEnabled)
+	if err != nil {
+		log.Errorf("error while connecting to the Signal Exchange Service %s: %s", wtConfig.Signal.Uri, err)
+		return nil, status.Errorf(codes.FailedPrecondition, "failed connecting to Signal Service : %s", err)
+	}
+
+	return signalClient, nil
+}
+
+// connectToManagement creates Management Services client, establishes a connection and gets a global Wiretrustee config (signal, turn, stun hosts, etc)
+func connectToManagement(ctx context.Context, managementAddr string, ourPrivateKey wgtypes.Key, tlsEnabled bool) (*mgm.Client, *mgmProto.LoginResponse, error) {
+	log.Debugf("connecting to management server %s", managementAddr)
+	mgmClient, err := mgm.NewClient(ctx, managementAddr, ourPrivateKey, tlsEnabled)
+	if err != nil {
+		return nil, nil, status.Errorf(codes.FailedPrecondition, "failed connecting to Management Service : %s", err)
+	}
+	log.Debugf("connected to management server %s", managementAddr)
+
+	serverKey, err := mgmClient.GetServerPublicKey()
+	if err != nil {
+		return nil, nil, status.Errorf(codes.FailedPrecondition, "failed while getting Management Service public key: %s", err)
+	}
+
+	wtConfig, err := loginPeer(*serverKey, mgmClient)
+	if err != nil {
+		return nil, nil, status.Errorf(codes.FailedPrecondition, "failed logging-in peer on Management Service : %s", err)
+	}
+
+	log.Debugf("peer logged in to Management Service %s", wtConfig)
+
+	return mgmClient, wtConfig, nil
+}
+
+func registerPeer(serverPublicKey wgtypes.Key, client *mgm.Client) (*mgmProto.LoginResponse, error) {
+	setupKey, err := promptPeerSetupKey()
+	if err != nil {
+		log.Errorf("failed getting setup key: %s", err)
+		return nil, err
+	}
+
+	log.Debugf("sending peer registration request")
+	loginResp, err := client.Register(serverPublicKey, *setupKey)
+	if err != nil {
+		log.Errorf("failed registering peer %v", err)
+		return nil, err
+	}
+
+	return loginResp, nil
+}
+
+func loginPeer(serverPublicKey wgtypes.Key, client *mgm.Client) (*mgmProto.LoginResponse, error) {
+
+	loginResp, err := client.Login(serverPublicKey)
+	if err != nil {
+		if s, ok := status.FromError(err); ok && s.Code() == codes.PermissionDenied {
+			log.Debugf("peer registration required")
+			return registerPeer(serverPublicKey, client)
+		} else {
+			return nil, err
+		}
+	}
+
+	return loginResp, nil
+}
+
+// promptPeerSetupKey prompts user to input a Setup Key
+func promptPeerSetupKey() (*string, error) {
+	fmt.Print("Enter setup key: ")
+	reader := bufio.NewReader(os.Stdin)
+	input, err := reader.ReadString('\n')
+	if err != nil {
+		return nil, err
+	}
+	input = strings.TrimSuffix(input, "\n")
+
+	if input == "" {
+		fmt.Print("Specified key is empty, try again.")
+		return promptPeerSetupKey()
+	}
+
+	return &input, err
+}