diff options
Diffstat (limited to 'pkg')
-rw-r--r-- | pkg/backend/actions.go | 20 | ||||
-rw-r--r-- | pkg/backend/api.go | 10 | ||||
-rw-r--r-- | pkg/backend/webapi.go | 54 | ||||
-rw-r--r-- | pkg/bitmask/bitmask.go | 3 | ||||
-rw-r--r-- | pkg/vpn/bonafide/bonafide.go | 17 | ||||
-rw-r--r-- | pkg/vpn/bonafide/gateways.go | 8 | ||||
-rw-r--r-- | pkg/vpn/main.go | 6 | ||||
-rw-r--r-- | pkg/vpn/openvpn.go | 13 | ||||
-rw-r--r-- | pkg/vpn/status.go | 14 |
9 files changed, 133 insertions, 12 deletions
diff --git a/pkg/backend/actions.go b/pkg/backend/actions.go index e45b026..6e143f9 100644 --- a/pkg/backend/actions.go +++ b/pkg/backend/actions.go @@ -19,3 +19,23 @@ func stopVPN() { log.Println(err) } } + +// TODO return bool? +func useGateway(label string) { + err := ctx.bm.UseGateway(label) + if err != nil { + log.Println(err) + } +} + +func getGateway() string { + return ctx.bm.GetCurrentGateway() +} + +// TODO return bool? +func useTransport(transport string) { + err := ctx.bm.UseTransport(transport) + if err != nil { + log.Println(err) + } +} diff --git a/pkg/backend/api.go b/pkg/backend/api.go index 293dd9e..8d6d049 100644 --- a/pkg/backend/api.go +++ b/pkg/backend/api.go @@ -54,6 +54,16 @@ func SwitchOff() { go stopVPN() } +// TODO implement Reconnect? + +func UseGateway(label string) { + ctx.bm.UseGateway(label) +} + +func UseTransport(label string) { + ctx.bm.UseTransport(label) +} + func Quit() { if ctx.autostart != nil { ctx.autostart.Disable() diff --git a/pkg/backend/webapi.go b/pkg/backend/webapi.go index 568980d..11abc24 100644 --- a/pkg/backend/webapi.go +++ b/pkg/backend/webapi.go @@ -1,11 +1,13 @@ package backend import ( + "encoding/json" "fmt" "log" "net/http" "os" "strconv" + "time" "0xacab.org/leap/bitmask-vpn/pkg/bitmask" ) @@ -36,6 +38,52 @@ func webStatus(w http.ResponseWriter, r *http.Request) { fmt.Fprintf(w, ctx.Status.String()) } +func webGatewayGet(w http.ResponseWriter, r *http.Request) { + fmt.Fprintf(w, ctx.bm.GetCurrentGateway()) +} + +func webGatewaySet(w http.ResponseWriter, r *http.Request) { + switch r.Method { + case "POST": + if err := r.ParseForm(); err != nil { + fmt.Fprintf(w, "ParseForm() err: %v", err) + return + } + gwLabel := r.FormValue("gw") + fmt.Fprintf(w, "selected gateway: %s\n", gwLabel) + // FIXME catch error here, return it (error code) + useGateway(gwLabel) + // TODO make sure we don't tear the fw down on reconnect... + SwitchOff() + // a little sleep is needed, though, because iptables takes some time + time.Sleep(500 * time.Millisecond) + SwitchOn() + default: + fmt.Fprintf(w, "Only POST supported.") + } +} + +func webGatewayList(w http.ResponseWriter, r *http.Request) { + gws, err := ctx.bm.ListGateways(ctx.Provider) + if err != nil { + fmt.Fprintf(w, "ListGateways() err: %v", err) + } + gwJson, _ := json.Marshal(gws) + fmt.Fprintf(w, string(gwJson)) +} + +// TODO +func webTransportGet(w http.ResponseWriter, r *http.Request) { +} + +// TODO +func webTransportSet(w http.ResponseWriter, r *http.Request) { +} + +// TODO +func webTransportList(w http.ResponseWriter, r *http.Request) { +} + func webQuit(w http.ResponseWriter, r *http.Request) { log.Println("Web UI: quit") Quit() @@ -48,6 +96,12 @@ func enableWebAPI(port int) { token := bitmask.ReadAuthToken() http.Handle("/vpn/start", CheckAuth(http.HandlerFunc(webOn), token)) http.Handle("/vpn/stop", CheckAuth(http.HandlerFunc(webOff), token)) + http.Handle("/vpn/gw/get", CheckAuth(http.HandlerFunc(webGatewayGet), token)) + http.Handle("/vpn/gw/set", CheckAuth(http.HandlerFunc(webGatewaySet), token)) + http.Handle("/vpn/gw/list", CheckAuth(http.HandlerFunc(webGatewayList), token)) + //http.Handle("/vpn/transport/get", CheckAuth(http.HandlerFunc(webTransportGet), token)) + //http.Handle("/vpn/transport/set", CheckAuth(http.HandlerFunc(webTransportSet), token)) + //http.Handle("/vpn/transport/list", CheckAuth(http.HandlerFunc(webTransportList), token)) http.Handle("/vpn/status", CheckAuth(http.HandlerFunc(webStatus), token)) http.Handle("/vpn/quit", CheckAuth(http.HandlerFunc(webQuit), token)) http.ListenAndServe(":"+strconv.Itoa(port), nil) diff --git a/pkg/bitmask/bitmask.go b/pkg/bitmask/bitmask.go index adfc849..7ffe01a 100644 --- a/pkg/bitmask/bitmask.go +++ b/pkg/bitmask/bitmask.go @@ -1,4 +1,4 @@ -// Copyright (C) 2018 LEAP +// Copyright (C) 2018-2020 LEAP // // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by @@ -28,6 +28,7 @@ type Bitmask interface { VPNCheck() (helpers bool, priviledge bool, err error) ListGateways(provider string) ([]string, error) UseGateway(name string) error + GetCurrentGateway() string UseTransport(transport string) error NeedsCredentials() bool DoLogin(username, password string) (bool, error) diff --git a/pkg/vpn/bonafide/bonafide.go b/pkg/vpn/bonafide/bonafide.go index 22e3051..8b60641 100644 --- a/pkg/vpn/bonafide/bonafide.go +++ b/pkg/vpn/bonafide/bonafide.go @@ -197,6 +197,8 @@ func (b *Bonafide) maybeInitializeEIP() error { return nil } +// GetGateways filters by transport, and will return the maximum number defined +// in bonafide.maxGateways, or the maximum by default (3). func (b *Bonafide) GetGateways(transport string) ([]Gateway, error) { err := b.maybeInitializeEIP() if err != nil { @@ -211,6 +213,17 @@ func (b *Bonafide) GetGateways(transport string) ([]Gateway, error) { return gws, err } +// GetAllGateways only filters gateways by transport. +// TODO could pass "any" instead? +func (b *Bonafide) GetAllGateways(transport string) ([]Gateway, error) { + err := b.maybeInitializeEIP() + if err != nil { + return nil, err + } + gws, err := b.gateways.getAll(transport, b.tzOffsetHours) + return gws, err +} + func (b *Bonafide) SetManualGateway(label string) { b.gateways.setUserChoice(label) } @@ -219,6 +232,10 @@ func (b *Bonafide) SetAutomaticGateway() { b.gateways.setAutomaticChoice() } +func (b *Bonafide) GetGatewayByIP(ip string) (Gateway, error) { + return b.gateways.getGatewayByIP(ip) +} + /* TODO this still needs to be called periodically */ func (b *Bonafide) fetchGatewayRanking() error { /* FIXME in float deployments, geolocation is served on gemyip.domain/json, with a LE certificate, but in riseup is served behind the api certificate. diff --git a/pkg/vpn/bonafide/gateways.go b/pkg/vpn/bonafide/gateways.go index 6084985..d973530 100644 --- a/pkg/vpn/bonafide/gateways.go +++ b/pkg/vpn/bonafide/gateways.go @@ -142,6 +142,14 @@ func (p *gatewayPool) getBest(transport string, tz, max int) ([]Gateway, error) } } +func (p *gatewayPool) getAll(transport string, tz int) ([]Gateway, error) { + if len(p.ranked) != 0 { + return p.getGatewaysByServiceRank(transport, 999) + } else { + return p.getGatewaysByTimezone(transport, tz, 999) + } +} + func (p *gatewayPool) getGatewaysByServiceRank(transport string, max int) ([]Gateway, error) { gws := make([]Gateway, 0) for _, host := range p.ranked { diff --git a/pkg/vpn/main.go b/pkg/vpn/main.go index 9ddd9fd..29b843b 100644 --- a/pkg/vpn/main.go +++ b/pkg/vpn/main.go @@ -29,7 +29,7 @@ import ( // Bitmask holds the bitmask client data type Bitmask struct { tempdir string - onGateway string + onGateway bonafide.Gateway statusCh chan string managementClient *openvpn.MgmtClient bonafide *bonafide.Bonafide @@ -45,12 +45,12 @@ func Init() (*Bitmask, error) { if err != nil { return nil, err } - bonafide := bonafide.New() + bf := bonafide.New() launch, err := newLauncher() if err != nil { return nil, err } - b := Bitmask{tempdir, "", statusCh, nil, bonafide, launch, "", nil} + b := Bitmask{tempdir, bonafide.Gateway{}, statusCh, nil, bf, launch, "", nil} /* TODO -- we still want to do this, since it resets the fw/vpn if running diff --git a/pkg/vpn/openvpn.go b/pkg/vpn/openvpn.go index b6593f2..38a64a9 100644 --- a/pkg/vpn/openvpn.go +++ b/pkg/vpn/openvpn.go @@ -230,22 +230,23 @@ func (b *Bitmask) VPNCheck() (helpers bool, privilege bool, err error) { return b.launch.check() } -// ListGateways return the names of the gateways +// ListGateways return the labels of the gateways (only for transport=openvpn, at the moment) +// TODO return other transports too func (b *Bitmask) ListGateways(provider string) ([]string, error) { - gateways, err := b.bonafide.GetGateways("openvpn") + gateways, err := b.bonafide.GetAllGateways("openvpn") if err != nil { return nil, err } gatewayNames := make([]string, len(gateways)) for i, gw := range gateways { - gatewayNames[i] = gw.Location + gatewayNames[i] = gw.Label } return gatewayNames, nil } -// UseGateway selects name as the default gateway -func (b *Bitmask) UseGateway(name string) error { - b.bonafide.SetManualGateway(name) +// UseGateway selects a gateway, by label, as the default gateway +func (b *Bitmask) UseGateway(label string) error { + b.bonafide.SetManualGateway(label) return nil } diff --git a/pkg/vpn/status.go b/pkg/vpn/status.go index 7901276..005db7e 100644 --- a/pkg/vpn/status.go +++ b/pkg/vpn/status.go @@ -73,13 +73,23 @@ func (b *Bitmask) eventHandler(eventCh <-chan openvpn.Event) { b.statusCh <- status } if statusName == "CONNECTED" { - b.onGateway = strings.Split(stateEvent.String(), ": ")[1] - log.Println(">>> CONNECTED TO", b.onGateway) + ip := strings.Split(stateEvent.String(), ": ")[1] + gw, err := b.bonafide.GetGatewayByIP(ip) + if err == nil { + b.onGateway = gw + log.Println("Connected to gateway:", b.onGateway.Label) + } else { + log.Println("ERROR: connected to unknown gateway", ip) + } } } b.statusCh <- Off } +func (b *Bitmask) GetCurrentGateway() string { + return b.onGateway.Label +} + func (b *Bitmask) getOpenvpnState() (string, error) { if b.managementClient == nil { return "", fmt.Errorf("No management connected") |