imterah/hermes
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases 1 Packages Wiki Activity Actions

Compare commits

base: imterah:v1.9.9-beta-actiontest12
Branches Tags
imterah:dev
imterah:sshappbackend
imterah:legacy
imterah:v2.2.4
imterah:v2.2.3
imterah:v2.2.2
imterah:v2.2.1
imterah:v2.2.0
imterah:v2.1.1
imterah:v2.1.0
imterah:v2.0.2
imterah:v2.0.1
imterah:v2.0.0
imterah:v2.0.0-rc2
imterah:v2.0.0-rc1
imterah:v1.9.9-beta3
imterah:v1.9.9-beta2-actiontest2
imterah:v1.9.9-beta2-actiontest1
imterah:v1.9.9-beta-actiontest18
imterah:v1.9.9-beta-actiontest17
imterah:v1.9.9-beta-actiontest16
imterah:v1.9.9-beta-actiontest15
imterah:v1.9.9-beta-actiontest14
imterah:v1.9.9-beta-actiontest13
imterah:v1.9.9-beta-actiontest12
imterah:v1.9.9-beta-actiontest11
imterah:v1.9.9-beta-actiontest10
imterah:v1.9.9-beta-actiontest9
imterah:v1.9.9-beta-actiontest8
imterah:v1.9.9-beta-actiontest7
imterah:v1.9.9-beta-actiontest6
imterah:v1.9.9-beta-actiontest5
imterah:v1.9.9-beta-actiontest4
imterah:v1.9.9-beta-actiontest3
imterah:v1.9.9-beta-actiontest2
imterah:v1.9.9-beta
imterah:v1.1.2
imterah:v1.1.1
imterah:v1.1.0
imterah:v1.0.1
imterah:v1.0.0
imterah:v0.1.1
imterah:v0.1.0
...
compare: imterah:dev
Branches Tags
imterah:dev
imterah:sshappbackend
imterah:legacy
imterah:v2.2.4
imterah:v2.2.3
imterah:v2.2.2
imterah:v2.2.1
imterah:v2.2.0
imterah:v2.1.1
imterah:v2.1.0
imterah:v2.0.2
imterah:v2.0.1
imterah:v2.0.0
imterah:v2.0.0-rc2
imterah:v2.0.0-rc1
imterah:v1.9.9-beta3
imterah:v1.9.9-beta2-actiontest2
imterah:v1.9.9-beta2-actiontest1
imterah:v1.9.9-beta-actiontest18
imterah:v1.9.9-beta-actiontest17
imterah:v1.9.9-beta-actiontest16
imterah:v1.9.9-beta-actiontest15
imterah:v1.9.9-beta-actiontest14
imterah:v1.9.9-beta-actiontest13
imterah:v1.9.9-beta-actiontest12
imterah:v1.9.9-beta-actiontest11
imterah:v1.9.9-beta-actiontest10
imterah:v1.9.9-beta-actiontest9
imterah:v1.9.9-beta-actiontest8
imterah:v1.9.9-beta-actiontest7
imterah:v1.9.9-beta-actiontest6
imterah:v1.9.9-beta-actiontest5
imterah:v1.9.9-beta-actiontest4
imterah:v1.9.9-beta-actiontest3
imterah:v1.9.9-beta-actiontest2
imterah:v1.9.9-beta
imterah:v1.1.2
imterah:v1.1.1
imterah:v1.1.0
imterah:v1.0.1
imterah:v1.0.0
imterah:v0.1.1
imterah:v0.1.0

65 commits
v1.9.9-bet ... dev

Author SHA1 Message Date
imterah
8e9c7f120f
fix: Fix regression where Postgres DSN wouldn't be detected
All checks were successful
Release code / build (push) Successful in 5m47s
Details 
There was a typo where databaseBackendName == "postgresql" was
"postgres" instead on accident.
 2025-03-21 13:39:51 -04:00
imterah
75b12f2053
fix: Avoid recreating validator in SSHBackend and SSHAppBackend
All checks were successful
Release code / build (push) Successful in 5m46s
Details
2025-03-21 13:24:59 -04:00
imterah
b93bf456b5
fix: Fixes 100% CPU usage in the backend runtime 
This makes the backend runtime not constantly search for messages to be
processed. Instead, it only wakes up when it needs to be woken up via
goroutines.
 2025-03-21 13:17:08 -04:00
imterah
d56a8eb7bf
feature: Change state management from global variables to object passing 
This restructures dbcore (now the db package) and jwtcore (now the jwt
package) to use a single struct. There is now a state package, which
contains a struct with the full application state.

After this, instead of initializing the API routes directly in the main
function, the state object gets passed, and the API routes get
initialized with their accompanying code.

One fix done to reduce memory usage and increase speed is that the
validator object is now persistent across requests, instead of
recreating it each time. This should speed things up slightly, and
improve memory usage.

One additional chore done is that the database models have been moved to
be a seperate file from the DB initialization itself.
 2025-03-21 12:59:51 -04:00
imterah
71d53990de
chore: Fix sample code to remove the deprecated LOM, and add JWT secrets 2025-03-18 20:51:01 -04:00
imterah
1cefe64f88
chore: Remove Node.JS from the nix shell 2025-03-18 20:36:20 -04:00
imterah
83f80af405 chore: Delete unmaintained CHANGELOG 2025-03-19 00:34:36 +00:00
imterah
7dee159d5f
chore: Change license name 2025-03-18 20:33:59 -04:00
imterah
17b10c9b19
fix: Add system to detect duplicate running remote processes and kill them accordingly
All checks were successful
Release code / build (push) Successful in 6m3s
Details
2025-03-18 20:31:28 -04:00
imterah
5c503f0421
fix: Make logging options more clear for the backend runtime's backend logs 2025-03-18 20:27:40 -04:00
imterah
959718163e
fix: Fix disconnect handler not working in production
All checks were successful
Release code / build (push) Successful in 8m28s
Details
2025-03-16 21:34:20 -04:00
Tera 8
24b165c9bb Merge pull request 'Add new backend callled SSHAppBackend.' (#10) from sshappbackend into dev
All checks were successful
Release code / build (push) Successful in 4m46s
Details 
Reviewed-on: #10
 2025-02-20 14:13:12 +00:00
imterah
34b605c1b1
feature: Adds API manifest definitions, and implement GetAllClientConnections()
Some checks failed
Release code / build (push) Has been cancelled
Details
2025-02-20 09:11:28 -05:00
imterah
f8a4fe00a0
feature: Adds basic UDP support. 2025-02-19 07:58:42 -05:00
imterah
15176831e6
feature: Adds basic TCP support for SSHAppBackend. 2025-02-18 13:15:09 -05:00
imterah
432d457ad7
feature: Adds remote implementation of code. 2025-02-16 21:51:33 -05:00
imterah
cf90ddb104
chore: Strip unneeded components from code. 2025-02-16 19:12:17 -05:00
imterah
62cc8b39ad
chore: Cleanup code by switching to type switching instead of string switching. 2025-02-16 18:11:01 -05:00
imterah
17e1491f96
feature: Adds basic data command support. 2025-02-16 15:02:50 -05:00
imterah
ede4d528aa
feature: Adds basic backend starting for sshappbackend. 2025-01-27 07:36:29 -05:00
imterah
a35602a6f2
chore: Initialize sshappbackend. 2025-01-24 13:26:25 -05:00
imterah
4101ce7007
Revert "chore: Delete old commonbackend code." 
Wrong branch oops

This reverts commit 737ba2887f.
 2025-01-10 20:44:02 -05:00
imterah
737ba2887f
chore: Delete old commonbackend code. 2025-01-10 20:34:50 -05:00
imterah
48adfc88db
fix: Fixes performance regression introduced in 4cb648cd66 / v2.1.0. (closes #7)
All checks were successful
Release code / build (push) Successful in 5m43s
Details
2025-01-10 16:37:38 -05:00
imterah
0efda4b283
feature: Add profiling documentation for backends based on BackendUtil. 2025-01-10 16:23:26 -05:00
imterah
356cfb8dca
fix: Fixes action workflows.
All checks were successful
Release code / build (push) Successful in 5m33s
Details
2025-01-09 08:00:37 -05:00
imterah
ea0a953b0e
chore: Remove unneeded debug messages.
Some checks failed
Release code / build (push) Failing after 3m20s
Details
2025-01-09 07:50:32 -05:00
imterah
3429f2cd37
chore: Reword restart notification message. 2025-01-09 07:39:35 -05:00
imterah
a3519220be
fix: Adds automatic restarting upon failure for SSH. 2025-01-09 07:22:12 -05:00
imterah
4cb648cd66
fix: Fixes errors showing for no reason. 2025-01-08 12:38:10 -05:00
imterah
7837334361
fix: Fixes various crashes. 2025-01-08 11:40:42 -05:00
Tera 8
e456de9802 Merge pull request 'Makes backend infrastructure more stable, concurrent, and fault tolerant' (#6) from backend-runtime-stability-fixes into dev 
Reviewed-on: #6
 2025-01-08 16:23:35 +00:00
imterah
f24daabe45
Reapply "feature: Adds semi-broken stability improvements into the runtime environment." 
This reverts commit 157e1c8712.
 2025-01-08 11:23:05 -05:00
imterah
f8d32fb1c6
fix: Fixes more instability issues. :) 2025-01-08 09:12:48 -05:00
imterah
1e1a330a4b
feature: Refactors backend runtime's communication mechanism to be more stable. 2025-01-06 01:24:11 -05:00
imterah
93f2f9cbee
fix: Adds missing backend status command implementations. 2025-01-06 00:09:14 -05:00
imterah
157e1c8712
Revert "feature: Adds semi-broken stability improvements into the runtime environment." 
This wasn't meant to be pushed to dev.

This reverts commit 605ad31dd6.
 2025-01-06 00:04:35 -05:00
imterah
605ad31dd6
feature: Adds semi-broken stability improvements into the runtime environment. 2025-01-05 23:45:44 -05:00
imterah
f505ff6605
fix: Fixes SQLite not working with Docker. 2025-01-05 20:51:30 -05:00
imterah
843cd34785
chore: Adds login and user creation support to the API. 2025-01-05 20:51:06 -05:00
imterah
96833b238b
chore: Tidies Go module files. 2024-12-28 17:23:25 -05:00
imterah
4ca2c809c9
chore: Remove old TypeScript git hooks. 2024-12-28 16:00:37 -05:00
imterah
aaacdfd5f4
chore: Remove all legacy code. 2024-12-28 15:43:21 -05:00
imterah
fd4d6bfd65
fix: Fixes rare errors regarding Nix shell not finding the initialization script. 2024-12-28 15:41:05 -05:00
imterah
49db323e81
chore: Prepare for frontend support by moving the Go module files. 
This moves the Go module files to the root of the project and fixes
all of the imports.
 2024-12-28 15:37:32 -05:00
imterah
201007f7a0
chore: Make lookup fields in the API omit when they're empty. 
This makes the API more accurate to the previous API's responses.
 2024-12-28 15:26:48 -05:00
imterah
be92c5a569
chore: Slims up shell.nix. 2024-12-28 12:11:08 -05:00
imterah
c55510eb04
fix: Fixes migration code incorrectly decoding bcrypt basswords as hex.
All checks were successful
Release code / build (push) Successful in 11m56s
Details
2024-12-27 09:10:17 -05:00
imterah
538c5b6c51
chore: Adds "day-one"/v2.0.1 bug fixes.
All checks were successful
Release code / build (push) Successful in 11m41s
Details 
This fixes database error reporting, as well as majorly fixes users
not being able to authenticate to the API if you used the automated
migration setup, as the password would remain in hex encoding.

We now decode the hexadecimal and then change it to the far more
compact base64 encoding before adding it to the database. This should
fix login, and not cause 500 Interal Server Errors anymore.

Sorry folks!
 2024-12-27 00:10:13 -05:00
imterah
d334878599
feature: Fixes all backup and API related things to make everything work in production.
All checks were successful
Release code / build (push) Successful in 14m13s
Details
2024-12-26 22:54:05 -05:00
imterah
c2eb2d15aa
fix: Fixes migration Dockerfile. 2024-12-26 21:56:47 -05:00
imterah
0bc41c430a
fix: Fixes PostgreSQL database deletion.
All checks were successful
Release code / build (push) Successful in 10m1s
Details
2024-12-26 18:26:26 -05:00
imterah
e056911af4
feature: Implements backup code.
All checks were successful
Release code / build (push) Successful in 9m35s
Details
2024-12-26 15:14:26 -05:00
imterah
862f307e56
fix: Fixes documentation and migration code.
All checks were successful
Release code / build (push) Successful in 9m48s
Details
2024-12-26 14:59:01 -05:00
imterah
84e1a437a4
chore: Adds documentation. 2024-12-26 14:37:38 -05:00
imterah
c4c5e1cd16
fix: Change packages server to GitHub.
All checks were successful
Release code / build (push) Successful in 12m43s
Details
2024-12-25 20:19:01 -05:00
imterah
51ebfe46d3
fix: Attempts to fix workflow to allow for uploading packages.
Some checks failed
Release code / build (push) Failing after 8m38s
Details
2024-12-25 20:04:45 -05:00
imterah
4a46b5aca0
feature: Adds migration Docker image. 2024-12-25 20:00:16 -05:00
imterah
217e73d9ec
feature: Adds backup importing support. 2024-12-25 19:21:22 -05:00
imterah
ed90f66b2b
fix: Reorders container authentication, and removes custom permissions.
Some checks failed
Release code / build (push) Failing after 6m8s
Details
2024-12-24 13:20:47 -05:00
imterah
50281df8d0
fix: Finally fixes TLS.
Some checks failed
Release code / build (push) Failing after 6m18s
Details
2024-12-24 13:02:12 -05:00
imterah
0515ffe5da
fix: Patches TLS certificates.
Some checks failed
Release code / build (push) Has been cancelled
Details
2024-12-24 12:41:11 -05:00
imterah
6fb4a9b5c1
hack: Reorder steps in action.
Some checks failed
Release code / build (push) Failing after 1m46s
Details
2024-12-24 12:37:32 -05:00
imterah
2e6e8d38dd
fix: Switches back to using local network communication inside action.
Some checks failed
Release code / build (push) Failing after 1m49s
Details
2024-12-24 12:27:02 -05:00
imterah
65ccd716ff
fix: Try more shenanigans to try to get actions working.
Some checks failed
Release code / build (push) Failing after 1m52s
Details
2024-12-24 12:24:16 -05:00
114 changed files with 7260 additions and 11139 deletions
Download patch file Download diff file Expand all files Collapse all files

18
.devcontainer/devcontainer.json
View file

@ -13,16 +13,14 @@
},
// run arguments passed to docker
"runArgs": [
"--security-opt", "label=disable"
],
"runArgs": ["--security-opt", "label=disable"],
"containerEnv": {
// extensions to preload before other extensions
// extensions to preload before other extensions
"PRELOAD_EXTENSIONS": "arrterian.nix-env-selector"
},
// disable command overriding and updating remote user ID
// disable command overriding and updating remote user ID
"overrideCommand": false,
"userEnvProbe": "loginShell",
"updateRemoteUserUID": false,
@ -31,18 +29,14 @@
"onCreateCommand": "nix-shell --command 'echo done building nix dev environment'",
// Use 'forwardPorts' to make a list of ports inside the container available locally.
"forwardPorts": [
3000
],
"forwardPorts": [8000],
"customizations": {
"vscode": {
"extensions": [
"arrterian.nix-env-selector"
]
"extensions": ["arrterian.nix-env-selector"]
}
}
// Use 'postCreateCommand' to run commands after the container is created.
// "postCreateCommand": "go version",
}
}

34
.forgejo/workflows/release.yml
View file

@ -11,11 +11,8 @@ jobs:
services:
dind:
image: docker:dind
options: --privileged
ports:
- 12376:2376
permissions:
packages: write
env:
DOCKER_TLS_CERTDIR: ""
steps:
- name: Checkout code using Git
@ -25,27 +22,22 @@ jobs:
run: |
apt update
apt-get install -y docker.io
docker context create forgejo --docker host=tcp://0.0.0.0:12376
docker context create forgejo --docker host=tcp://dind:2375
docker context use forgejo
- name: Log in to Forgejo container registry
- name: Log in to our container registry
uses: https://github.com/docker/login-action@v3
with:
registry: git.terah.dev
username: ${{github.actor}}
password: ${{secrets.GITHUB_TOKEN}}
registry: ghcr.io
username: imterah
password: ${{secrets.ACTIONS_PACKAGES_DEPL_KEY}}
- name: Build all docker images
- name: Build Docker image
run: |
docker build ./backend --tag git.terah.dev/imterah/hermes:$GITHUB_REF_NAME
docker build ./sshfrontend --tag git.terah.dev/imterah/hermes-lom:$GITHUB_REF_NAME
docker build . --tag ghcr.io/imterah/hermes:$GITHUB_REF_NAME
- name: Upload all docker images
- name: Upload Docker image
run: |
docker tag git.terah.dev/imterah/hermes:$GITHUB_REF_NAME git.terah.dev/imterah/hermes:latest
docker push git.terah.dev/imterah/hermes:$GITHUB_REF_NAME
docker push git.terah.dev/imterah/hermes:latest
docker tag git.terah.dev/imterah/hermes-lom:$GITHUB_REF_NAME git.terah.dev/imterah/hermes-lom:latest
docker push git.terah.dev/imterah/hermes-lom:$GITHUB_REF_NAME
docker push git.terah.dev/imterah/hermes-lom:latest
docker tag ghcr.io/imterah/hermes:$GITHUB_REF_NAME ghcr.io/imterah/hermes:latest
docker push ghcr.io/imterah/hermes:$GITHUB_REF_NAME
docker push ghcr.io/imterah/hermes:latest

2
.gitconfig
View file

@ -1,2 +0,0 @@
[core]
hooksPath = .githooks/

18
.githooks/pre-commit
View file

@ -1,18 +0,0 @@
#!/usr/bin/env bash
shopt -s globstar
set -e
ROOT="$(git rev-parse --show-toplevel)"
pushd $ROOT/api
npx eslint src
popd
pushd $ROOT/lom
npx eslint src
popd
# Formatting step
$ROOT/api/node_modules/.bin/prettier --ignore-unknown --write $ROOT/{api,lom}/{eslint.config.js,src/**/*.ts}
git update-index --again
exit 0

9
.gitignore vendored
View file

@ -1,11 +1,14 @@
# Go artifacts
backend/api/api
backend/sshbackend/sshbackend
backend/dummybackend/dummybackend
backend/sshappbackend/local-code/remote-bin
backend/sshappbackend/local-code/sshappbackend
backend/externalbackendlauncher/externalbackendlauncher
backend/api/api
frontend/frontend
# LOM
sshfrontend/keys
# Backup artifacts
*.json.gz
# Output
out

16
.prettierrc
View file

@ -1,16 +0,0 @@
{
"arrowParens": "avoid",
"bracketSpacing": true,
"htmlWhitespaceSensitivity": "css",
"insertPragma": false,
"jsxSingleQuote": false,
"printWidth": 80,
"proseWrap": "always",
"quoteProps": "as-needed",
"requirePragma": false,
"semi": true,
"singleQuote": false,
"tabWidth": 2,
"trailingComma": "all",
"useTabs": false
}

49
CHANGELOG.md
View file

@ -1,49 +0,0 @@
# Changelog
## [v1.1.2](https://github.com/imterah/nextnet/tree/v1.1.2) (2024-09-29)
## [v1.1.1](https://github.com/imterah/nextnet/tree/v1.1.1) (2024-09-29)
## [v1.1.0](https://github.com/imterah/nextnet/tree/v1.1.0) (2024-09-22)
**Fixed bugs:**
- Desktop app fails to build on macOS w/ `nix-shell` [\#1](https://github.com/imterah/nextnet/issues/1)
**Merged pull requests:**
- chore\(deps\): bump find-my-way from 8.1.0 to 8.2.2 in /api [\#17](https://github.com/imterah/nextnet/pull/17)
- chore\(deps\): bump axios from 1.6.8 to 1.7.4 in /lom [\#16](https://github.com/imterah/nextnet/pull/16)
- chore\(deps\): bump micromatch from 4.0.5 to 4.0.8 in /lom [\#15](https://github.com/imterah/nextnet/pull/15)
- chore\(deps\): bump braces from 3.0.2 to 3.0.3 in /lom [\#13](https://github.com/imterah/nextnet/pull/13)
- chore\(deps-dev\): bump braces from 3.0.2 to 3.0.3 in /api [\#11](https://github.com/imterah/nextnet/pull/11)
- chore\(deps\): bump ws from 8.17.0 to 8.17.1 in /api [\#10](https://github.com/imterah/nextnet/pull/10)
## [v1.0.1](https://github.com/imterah/nextnet/tree/v1.0.1) (2024-05-18)
**Merged pull requests:**
- Adds public key authentication [\#6](https://github.com/imterah/nextnet/pull/6)
- Add support for eslint [\#5](https://github.com/imterah/nextnet/pull/5)
## [v1.0.0](https://github.com/imterah/nextnet/tree/v1.0.0) (2024-05-10)
## [v0.1.1](https://github.com/imterah/nextnet/tree/v0.1.1) (2024-05-05)
## [v0.1.0](https://github.com/imterah/nextnet/tree/v0.1.0) (2024-05-05)
**Implemented enhancements:**
- \(potentially\) Migrate nix shell to nix flake [\#2](https://github.com/imterah/nextnet/issues/2)
**Closed issues:**
- add precommit hooks [\#3](https://github.com/imterah/nextnet/issues/3)
**Merged pull requests:**
- Reimplements PassyFire as a possible backend [\#4](https://github.com/imterah/nextnet/pull/4)
\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*

11
Dockerfile Normal file
View file

@ -0,0 +1,11 @@
FROM golang:latest AS build
WORKDIR /build
COPY . /build
RUN cd backend; bash build.sh
FROM busybox:stable-glibc AS run
WORKDIR /app
COPY --from=build /build/backend/backends.prod.json /app/backends.json
COPY --from=build /build/backend/api/api /app/hermes
COPY --from=build /build/backend/sshbackend/sshbackend /app/sshbackend
COPY --from=build /build/backend/sshappbackend/local-code/sshappbackend /app/sshappbackend
ENTRYPOINT ["/app/hermes", "--backends-path", "/app/backends.json"]

2
LICENSE
View file

@ -1,6 +1,6 @@
BSD 3-Clause License
Copyright (c) 2024, Greyson
Copyright (c) 2024, Tera
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:

21
README.md
View file

@ -13,20 +13,17 @@
<h2 align="center">Local Development</h2>
> [!NOTE]
> Using [Nix](https://builtwithnix.org) is recommended for the development environment. If you're not using it, install Go and NodeJS.
Using [Docker](https://www.docker.com/) is required for database configuration.
> Using [Nix](https://builtwithnix.org) is recommended for the development environment. If you're not using it, install Go. For legacy maintence tasks, install NodeJS.
1. First, make sure you have a sane copy of Docker installed, and make sure the copy of Docker works.
1. Firstly, check if you have a working Nix environment if you're using Nix.
2. Secondly, check if you have a working Nix environment if you're using Nix.
3. Lastly, Run `nix-shell`, or alternatively `source init.sh` if you're not using Nix.
2. Secondly, Run `nix-shell`, or alternatively `source init.sh` if you're not using Nix.
<h3 align="center">API Development</h3>
1. After that, run the project in development mode: `npm run dev`.
1. After that, run the backend build script: `./build.sh`.
2. If you want to explore your database, run `npx prisma studio` to open the database editor.
2. Then, go into the `api/` directory, and then start it up: `go run . -b ../backends.dev.json`
<h2 align="center">Production Deployment</h2>
@ -35,13 +32,15 @@
1. Copy and change the default password (or username & db name too) from the template file `prod-docker.env`:
```bash
sed "s/POSTGRES_PASSWORD=nextnet/POSTGRES_PASSWORD=$(head -c 500 /dev/random | sha512sum | cut -d " " -f 1)/g" prod-docker.env > .env
sed -e "s/POSTGRES_PASSWORD=hermes/POSTGRES_PASSWORD=$(head -c 500 /dev/random | sha512sum | cut -d " " -f 1)/g" -e "s/JWT_SECRET=hermes/JWT_SECRET=$(head -c 500 /dev/random | sha512sum | cut -d " " -f 1)/g" prod-docker.env > .env
```
2. Build the docker stack: `docker compose --env-file .env up -d`
<h2 align="center">Troubleshooting</h2>
* I'm using SSH tunneling, and I can't reach any of the tunnels publicly.
This has been moved [here.](docs/troubleshooting.md)
- Be sure to enable GatewayPorts in your sshd config (in `/etc/ssh/sshd_config` on most systems). Also, be sure to check your firewall rules on your system and your network.
<h2 align="center">Documentation</h2>
Go to the `docs/` folder.

21
apiclient/apiclient.go Normal file
View file

@ -0,0 +1,21 @@
package apiclient
import "git.terah.dev/imterah/hermes/apiclient/users"
type HermesAPIClient struct {
URL string
}
/// Users
func (api *HermesAPIClient) UserGetRefreshToken(username *string, email *string, password string) (string, error) {
return users.GetRefreshToken(api.URL, username, email, password)
}
func (api *HermesAPIClient) UserGetJWTFromToken(refreshToken string) (string, error) {
return users.GetJWTFromToken(api.URL, refreshToken)
}
func (api *HermesAPIClient) UserCreate(fullName, username, email, password string, isBot bool) (string, error) {
return users.CreateUser(api.URL, fullName, username, email, password, isBot)
}

102
apiclient/backendstructs/struct.go Normal file
View file

@ -0,0 +1,102 @@
package backendstructs
type BackendCreationRequest struct {
Token string `validate:"required"`
Name string `validate:"required"`
Description *string `json:"description"`
Backend string `validate:"required"`
BackendParameters interface{} `json:"connectionDetails" validate:"required"`
}
type BackendLookupRequest struct {
Token string `validate:"required"`
BackendID *uint `json:"id"`
Name *string `json:"name"`
Description *string `json:"description"`
Backend *string `json:"backend"`
}
type BackendRemovalRequest struct {
Token string `validate:"required"`
BackendID uint `json:"id" validate:"required"`
}
type ConnectionsRequest struct {
Token string `validate:"required" json:"token"`
Id uint `validate:"required" json:"id"`
}
type ProxyCreationRequest struct {
Token string `validate:"required" json:"token"`
Name string `validate:"required" json:"name"`
Description *string `json:"description"`
Protocol string `validate:"required" json:"protocol"`
SourceIP string `validate:"required" json:"sourceIP"`
SourcePort uint16 `validate:"required" json:"sourcePort"`
DestinationPort uint16 `validate:"required" json:"destinationPort"`
ProviderID uint `validate:"required" json:"providerID"`
AutoStart *bool `json:"autoStart"`
}
type ProxyLookupRequest struct {
Token string `validate:"required" json:"token"`
Id *uint `json:"id"`
Name *string `json:"name"`
Description *string `json:"description"`
Protocol *string `json:"protocol"`
SourceIP *string `json:"sourceIP"`
SourcePort *uint16 `json:"sourcePort"`
DestinationPort *uint16 `json:"destPort"`
ProviderID *uint `json:"providerID"`
AutoStart *bool `json:"autoStart"`
}
type ProxyRemovalRequest struct {
Token string `validate:"required" json:"token"`
ID uint `validate:"required" json:"id"`
}
type ProxyStartRequest struct {
Token string `validate:"required" json:"token"`
ID uint `validate:"required" json:"id"`
}
type ProxyStopRequest struct {
Token string `validate:"required" json:"token"`
ID uint `validate:"required" json:"id"`
}
type UserCreationRequest struct {
Name string `json:"name" validate:"required"`
Email string `json:"email" validate:"required"`
Password string `json:"password" validate:"required"`
Username string `json:"username" validate:"required"`
ExistingUserToken string `json:"token"`
IsBot bool `json:"isBot"`
}
type UserLoginRequest struct {
Username *string `json:"username"`
Email *string `json:"email"`
Password string `json:"password" validate:"required"`
}
type UserLookupRequest struct {
Token string `validate:"required"`
UID *uint `json:"id"`
Name *string `json:"name"`
Email *string `json:"email"`
Username *string `json:"username"`
IsBot *bool `json:"isServiceAccount"`
}
type UserRefreshRequest struct {
Token string `json:"token" validate:"required"`
}
type UserRemovalRequest struct {
Token string `json:"token" validate:"required"`
UID *uint `json:"uid"`
}

99
apiclient/users/auth.go Normal file
View file

@ -0,0 +1,99 @@
package users
import (
"bytes"
"encoding/json"
"fmt"
"io"
"net/http"
"git.terah.dev/imterah/hermes/apiclient/backendstructs"
)
type refreshTokenResponse struct {
Success bool `json:"success"`
RefreshToken string `json:"refreshToken"`
}
type jwtTokenResponse struct {
Success bool `json:"success"`
JWT string `json:"token"`
}
func GetRefreshToken(url string, username, email *string, password string) (string, error) {
body, err := json.Marshal(&backendstructs.UserLoginRequest{
Username: username,
Email: email,
Password: password,
})
if err != nil {
return "", err
}
res, err := http.Post(fmt.Sprintf("%s/api/v1/users/login", url), "application/json", bytes.NewBuffer(body))
if err != nil {
return "", err
}
bodyContents, err := io.ReadAll(res.Body)
if err != nil {
return "", fmt.Errorf("failed to read response body: %s", err.Error())
}
response := &refreshTokenResponse{}
if err := json.Unmarshal(bodyContents, response); err != nil {
return "", err
}
if !response.Success {
return "", fmt.Errorf("failed to get refresh token")
}
if response.RefreshToken == "" {
return "", fmt.Errorf("refresh token is empty")
}
return response.RefreshToken, nil
}
func GetJWTFromToken(url, refreshToken string) (string, error) {
body, err := json.Marshal(&backendstructs.UserRefreshRequest{
Token: refreshToken,
})
if err != nil {
return "", err
}
res, err := http.Post(fmt.Sprintf("%s/api/v1/users/refresh", url), "application/json", bytes.NewBuffer(body))
if err != nil {
return "", err
}
bodyContents, err := io.ReadAll(res.Body)
if err != nil {
return "", fmt.Errorf("failed to read response body: %s", err.Error())
}
response := &jwtTokenResponse{}
if err := json.Unmarshal(bodyContents, response); err != nil {
return "", err
}
if !response.Success {
return "", fmt.Errorf("failed to get JWT token")
}
if response.JWT == "" {
return "", fmt.Errorf("JWT token is empty")
}
return response.JWT, nil
}

63
apiclient/users/create.go Normal file
View file

@ -0,0 +1,63 @@
package users
import (
"bytes"
"encoding/json"
"fmt"
"io"
"net/http"
"git.terah.dev/imterah/hermes/apiclient/backendstructs"
)
type createUserResponse struct {
Error string `json:"error"`
Success bool `json:"success"`
RefreshToken string `json:"refreshToken"`
}
func CreateUser(url, fullName, username, email, password string, isBot bool) (string, error) {
body, err := json.Marshal(&backendstructs.UserCreationRequest{
Username: username,
Name: fullName,
Email: email,
Password: password,
IsBot: isBot,
})
if err != nil {
return "", err
}
res, err := http.Post(fmt.Sprintf("%s/api/v1/users/create", url), "application/json", bytes.NewBuffer(body))
if err != nil {
return "", err
}
bodyContents, err := io.ReadAll(res.Body)
if err != nil {
return "", fmt.Errorf("failed to read response body: %s", err.Error())
}
response := &createUserResponse{}
if err := json.Unmarshal(bodyContents, response); err != nil {
return "", err
}
if response.Error != "" {
return "", fmt.Errorf("error from server: %s", response.Error)
}
if !response.Success {
return "", fmt.Errorf("failed to get refresh token")
}
if response.RefreshToken == "" {
return "", fmt.Errorf("refresh token is empty")
}
return response.RefreshToken, nil
}

17
backend-legacy/Dockerfile
View file

@ -1,17 +0,0 @@
FROM node:22.11.0-bookworm
LABEL org.opencontainers.image.source="https://github.com/greysoh/nextnet"
WORKDIR /app/
COPY src /app/src
COPY prisma /app/prisma
COPY docker-entrypoint.sh /app/
COPY tsconfig.json /app/
COPY package.json /app/
COPY package-lock.json /app/
COPY srcpatch.sh /app/
RUN sh srcpatch.sh
RUN npm install --save-dev
RUN npm run build
RUN rm srcpatch.sh out/**/*.ts out/**/*.map
RUN rm -rf src
RUN npm prune --production
ENTRYPOINT sh docker-entrypoint.sh

7
backend-legacy/dev.env
View file

@ -1,7 +0,0 @@
# Environment variables declared in this file are automatically made available to Prisma.
# See the documentation for more detail: https://pris.ly/d/prisma-schema#accessing-environment-variables-from-the-schema
# Prisma supports the native connection string format for PostgreSQL, MySQL, SQLite, SQL Server, MongoDB and CockroachDB.
# See the documentation for all the connection string options: https://pris.ly/d/connection-strings
DATABASE_URL="postgresql://nextnet:nextnet@localhost:5432/nextnet?schema=nextnet"

12
backend-legacy/docker-entrypoint.sh
View file

@ -1,12 +0,0 @@
#!/bin/bash
export NODE_ENV="production"
if [[ "$DATABASE_URL" == "" ]]; then
export DATABASE_URL="postgresql://$POSTGRES_USERNAME:$POSTGRES_PASSWORD@nextnet-postgres:5432/$POSTGRES_DB?schema=nextnet"
fi
echo "Welcome to NextNet."
echo "Running database migrations..."
npx prisma migrate deploy
echo "Starting application..."
npm start

19
backend-legacy/eslint.config.js
View file

@ -1,19 +0,0 @@
import globals from "globals";
import pluginJs from "@eslint/js";
import tseslint from "typescript-eslint";
export default [
pluginJs.configs.recommended,
...tseslint.configs.recommended,
{
languageOptions: {
globals: globals.node,
},
rules: {
"no-unused-vars": "off",
"@typescript-eslint/no-unused-vars": "off",
},
},
];

3302
backend-legacy/package-lock.json generated
View file

File diff suppressed because it is too large Load diff

38
backend-legacy/package.json
View file

@ -1,38 +0,0 @@
{
"name": "nextnet",
"version": "1.1.2",
"description": "Yet another dashboard to manage portforwarding technologies",
"main": "index.js",
"type": "module",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1",
"build": "tsc",
"start": "cd out && node --enable-source-maps index.js",
"dev": "nodemon --watch src --ext ts,js,mjs,json --exec \"tsc && cd out && node --enable-source-maps index.js\""
},
"keywords": [],
"author": "greysoh",
"license": "BSD-3-Clause",
"devDependencies": {
"@eslint/js": "^9.16.0",
"@types/bcrypt": "^5.0.2",
"@types/node": "^22.10.1",
"@types/ssh2": "^1.15.1",
"@types/ws": "^8.5.13",
"eslint": "^9.16.0",
"globals": "^15.12.0",
"nodemon": "^3.1.7",
"pino-pretty": "^13.0.0",
"prettier": "^3.4.1",
"prisma": "^5.22.0",
"typescript": "^5.7.2",
"typescript-eslint": "^8.16.0"
},
"dependencies": {
"@fastify/websocket": "^11.0.1",
"@prisma/client": "^6.0.0",
"bcrypt": "^5.1.1",
"fastify": "^5.1.0",
"node-ssh": "^13.2.0"
}
}

53
backend-legacy/prisma/migrations/20240421200334_init/migration.sql
View file

@ -1,53 +0,0 @@
-- CreateTable
CREATE TABLE "DesinationProvider" (
"id" SERIAL NOT NULL,
"name" TEXT NOT NULL,
"description" TEXT,
"backend" TEXT NOT NULL,
"connectionDetails" TEXT NOT NULL,
CONSTRAINT "DesinationProvider_pkey" PRIMARY KEY ("id")
);
-- CreateTable
CREATE TABLE "ForwardRule" (
"id" SERIAL NOT NULL,
"name" TEXT NOT NULL,
"description" TEXT,
"sourceIP" TEXT NOT NULL,
"sourcePort" INTEGER NOT NULL,
"destIP" TEXT NOT NULL,
"destPort" INTEGER NOT NULL,
"destProviderID" INTEGER NOT NULL,
"enabled" BOOLEAN NOT NULL,
CONSTRAINT "ForwardRule_pkey" PRIMARY KEY ("id")
);
-- CreateTable
CREATE TABLE "Permission" (
"id" SERIAL NOT NULL,
"permission" TEXT NOT NULL,
"has" BOOLEAN NOT NULL,
"userID" INTEGER NOT NULL,
CONSTRAINT "Permission_pkey" PRIMARY KEY ("id")
);
-- CreateTable
CREATE TABLE "User" (
"id" SERIAL NOT NULL,
"email" TEXT NOT NULL,
"name" TEXT NOT NULL,
"password" TEXT NOT NULL,
"rootToken" TEXT,
"isRootServiceAccount" BOOLEAN,
CONSTRAINT "User_pkey" PRIMARY KEY ("id")
);
-- CreateIndex
CREATE UNIQUE INDEX "User_email_key" ON "User"("email");
-- AddForeignKey
ALTER TABLE "Permission" ADD CONSTRAINT "Permission_userID_fkey" FOREIGN KEY ("userID") REFERENCES "User"("id") ON DELETE RESTRICT ON UPDATE CASCADE;

8
backend-legacy/prisma/migrations/20240421210417_fix_remove_destip/migration.sql
View file

@ -1,8 +0,0 @@
/*
Warnings:
- You are about to drop the column `destIP` on the `ForwardRule` table. All the data in the column will be lost.
*/
-- AlterTable
ALTER TABLE "ForwardRule" DROP COLUMN "destIP";

8
backend-legacy/prisma/migrations/20240425125737_fix_adds_protocol_field/migration.sql
View file

@ -1,8 +0,0 @@
/*
Warnings:
- Added the required column `protocol` to the `ForwardRule` table without a default value. This is not possible if the table is not empty.
*/
-- AlterTable
ALTER TABLE "ForwardRule" ADD COLUMN "protocol" TEXT NOT NULL;

2
backend-legacy/prisma/migrations/20240505233740_feature_adds_username_support/migration.sql
View file

@ -1,2 +0,0 @@
-- AlterTable
ALTER TABLE "User" ADD COLUMN "username" TEXT;

3
backend-legacy/prisma/migrations/migration_lock.toml
View file

@ -1,3 +0,0 @@
# Please do not edit this file manually
# It should be added in your version-control system (i.e. Git)
provider = "postgresql"

54
backend-legacy/prisma/schema.prisma
View file

@ -1,54 +0,0 @@
// This is your Prisma schema file,
// learn more about it in the docs: https://pris.ly/d/prisma-schema
generator client {
provider = "prisma-client-js"
}
datasource db {
provider = "postgresql"
url = env("DATABASE_URL")
}
model DesinationProvider {
id Int @id @default(autoincrement())
name String
description String?
backend String
connectionDetails String
}
model ForwardRule {
id Int @id @default(autoincrement())
name String
description String?
protocol String
sourceIP String
sourcePort Int
destPort Int
destProviderID Int
enabled Boolean
}
model Permission {
id Int @id @default(autoincrement())
permission String
has Boolean
user User @relation(fields: [userID], references: [id])
userID Int
}
model User {
id Int @id @default(autoincrement())
email String @unique
username String? // NOT optional in the API, but just for backwards compat
name String
password String // Will be hashed using bcrypt
rootToken String?
isRootServiceAccount Boolean?
permissions Permission[]
}

51
backend-legacy/src/tools/exportDBContents.ts
View file

@ -1,51 +0,0 @@
import { createReadStream, createWriteStream } from "node:fs";
import { Readable, pipeline } from "node:stream";
import { createGzip } from "node:zlib";
import process from "node:process";
import { PrismaClient } from "@prisma/client";
const gzip = createGzip();
if (process.argv.length <= 2) {
console.error(
"Missing arguments! Usage: node ./out/tools/exportDBContents.js exportPath.json.gz",
);
process.exit(1);
}
console.log("Initializing Database...");
const prisma = new PrismaClient();
console.log("Initialized Database.");
console.log("Getting all destinationProviders...");
const destinationProviders = await prisma.desinationProvider.findMany();
console.log("Getting all forwardRules...");
const forwardRules = await prisma.forwardRule.findMany();
console.log("Getting all permissions...");
const allPermissions = await prisma.permission.findMany();
console.log("Getting all users...");
const users = await prisma.user.findMany();
const masterList = JSON.stringify({
destinationProviders,
forwardRules,
allPermissions,
});
const source = new Readable();
source.push(masterList);
source.push(null);
const destination = createWriteStream(process.argv[2]);
pipeline(source, gzip, destination, err => {
if (err) {
console.error("Failed to compress JSON data:", err);
} else {
console.log("Sucesfully saved DB contents.");
}
});

6
backend-legacy/srcpatch.sh
View file

@ -1,6 +0,0 @@
# !-- DO NOT USE THIS FOR DEVELOPMENT --!
# This is only to source patch files in production deployments, if prisma isn't configured already.
printf "//@ts-nocheck\n$(cat src/routes/backends/lookup.ts)" > src/routes/backends/lookup.ts
printf "//@ts-nocheck\n$(cat src/routes/forward/lookup.ts)" > src/routes/forward/lookup.ts
printf "//@ts-nocheck\n$(cat src/routes/user/lookup.ts)" > src/routes/user/lookup.ts
printf "//@ts-nocheck\n$(cat src/routes/getPermissions.ts)" > src/routes/getPermissions.ts

22
backend-legacy/tsconfig.json
View file

@ -1,22 +0,0 @@
{
"compilerOptions": {
"target": "es2020",
"module": "es2022",
"moduleResolution": "node",
"outDir": "./out",
"rootDir": "./src",
"strict": true,
"esModuleInterop": true,
"sourceMap": true,
"declaration": true,
"declarationMap": true,
"strictPropertyInitialization": false,
},
"include": ["src/**/*.ts"],
"exclude": ["node_modules"]
}

10
backend/Dockerfile
View file

@ -1,10 +0,0 @@
FROM golang:latest AS build
WORKDIR /build
COPY . /build
RUN bash build.sh
FROM scratch AS run
WORKDIR /app
COPY --from=build /build/backends.prod.json /app/backends.json
COPY --from=build /build/api/api /app/hermes
COPY --from=build /build/sshbackend/sshbackend /app/sshbackend
ENTRYPOINT ["/app/hermes", "--backends-path", "/app/backends.json"]

15
backend/api/backendruntime/core.go Normal file
View file

@ -0,0 +1,15 @@
package backendruntime
import "os"
var (
AvailableBackends []*Backend
RunningBackends map[uint]*Runtime
TempDir string
shouldLog bool
)
func init() {
RunningBackends = make(map[uint]*Runtime)
shouldLog = os.Getenv("HERMES_DEVELOPMENT_MODE") != "" || os.Getenv("HERMES_BACKEND_LOGGING_ENABLED") != "" || os.Getenv("HERMES_LOG_LEVEL") == "debug"
}

279
backend/api/backendruntime/runtime.go
View file

@ -6,50 +6,47 @@ import (
"net"
"os"
"os/exec"
"strings"
"sync"
"time"
"git.terah.dev/imterah/hermes/backendlauncher"
"git.terah.dev/imterah/hermes/commonbackend"
"git.terah.dev/imterah/hermes/backend/backendlauncher"
"git.terah.dev/imterah/hermes/backend/commonbackend"
"github.com/charmbracelet/log"
)
var (
AvailableBackends []*Backend
RunningBackends map[uint]*Runtime
TempDir string
)
// TODO TODO TODO(imterah):
// This code is a mess. This NEEDS to be rearchitected and refactored to work better. Or at the very least, this code needs to be documented heavily.
func init() {
RunningBackends = make(map[uint]*Runtime)
}
func handleCommand(commandType string, command interface{}, sock net.Conn, rtcChan chan interface{}) {
bytes, err := commonbackend.Marshal(commandType, command)
func handleCommand(command interface{}, sock net.Conn, rtcChan chan interface{}) error {
bytes, err := commonbackend.Marshal(command)
if err != nil {
log.Warnf("Failed to marshal message: %s", err.Error())
rtcChan <- fmt.Errorf("failed to marshal message: %s", err.Error())
return
return fmt.Errorf("failed to marshal message: %s", err.Error())
}
if _, err := sock.Write(bytes); err != nil {
log.Warnf("Failed to write message: %s", err.Error())
rtcChan <- fmt.Errorf("failed to write message: %s", err.Error())
return
return fmt.Errorf("failed to write message: %s", err.Error())
}
_, data, err := commonbackend.Unmarshal(sock)
data, err := commonbackend.Unmarshal(sock)
if err != nil {
log.Warnf("Failed to unmarshal message: %s", err.Error())
rtcChan <- fmt.Errorf("failed to unmarshal message: %s", err.Error())
return
return fmt.Errorf("failed to unmarshal message: %s", err.Error())
}
rtcChan <- data
return nil
}
func (runtime *Runtime) goRoutineHandler() error {
@ -69,7 +66,7 @@ func (runtime *Runtime) goRoutineHandler() error {
log.Debugf("Acquired unix socket at: %s", sockPath)
go func() {
log.Debug("Creating new goroutine for socket connection handling")
log.Debug("Created new Goroutine for socket connection handling")
for {
log.Debug("Waiting for Unix socket connections...")
@ -80,56 +77,122 @@ func (runtime *Runtime) goRoutineHandler() error {
return
}
log.Debug("Recieved connection. Initializing...")
log.Debug("Recieved connection. Attempting to figure out backend state...")
defer sock.Close()
timeoutChannel := time.After(500 * time.Millisecond)
for {
commandRaw := <-runtime.RuntimeCommands
select {
case <-timeoutChannel:
log.Debug("Timeout reached. Assuming backend is running.")
case hasRestarted, ok := <-runtime.processRestartNotification:
if !ok {
log.Warnf("Failed to get the process restart notification state!")
}
log.Debug("Got message from server")
if hasRestarted {
if runtime.OnCrashCallback == nil {
log.Warn("The backend has restarted for some reason, but we could not run the on crash callback as the callback is not set!")
} else {
log.Debug("We have restarted. Running the restart callback...")
runtime.OnCrashCallback(sock)
}
switch command := commandRaw.(type) {
case *commonbackend.AddProxy:
handleCommand("addProxy", command, sock, runtime.RuntimeCommands)
case *commonbackend.BackendStatusRequest:
handleCommand("backendStatusRequest", command, sock, runtime.RuntimeCommands)
case *commonbackend.BackendStatusResponse:
handleCommand("backendStatusResponse", command, sock, runtime.RuntimeCommands)
case *commonbackend.CheckClientParameters:
handleCommand("checkClientParameters", command, sock, runtime.RuntimeCommands)
case *commonbackend.CheckParametersResponse:
handleCommand("checkParametersResponse", command, sock, runtime.RuntimeCommands)
case *commonbackend.CheckServerParameters:
handleCommand("checkServerParameters", command, sock, runtime.RuntimeCommands)
case *commonbackend.ProxyClientConnection:
handleCommand("proxyClientConnection", command, sock, runtime.RuntimeCommands)
case *commonbackend.ProxyConnectionsRequest:
handleCommand("proxyConnectionsRequest", command, sock, runtime.RuntimeCommands)
case *commonbackend.ProxyConnectionsResponse:
handleCommand("proxyConnectionsResponse", command, sock, runtime.RuntimeCommands)
case *commonbackend.ProxyInstanceResponse:
handleCommand("proxyInstanceResponse", command, sock, runtime.RuntimeCommands)
case *commonbackend.ProxyInstanceRequest:
handleCommand("proxyInstanceRequest", command, sock, runtime.RuntimeCommands)
case *commonbackend.ProxyStatusRequest:
handleCommand("proxyStatusRequest", command, sock, runtime.RuntimeCommands)
case *commonbackend.ProxyStatusResponse:
handleCommand("proxyStatusResponse", command, sock, runtime.RuntimeCommands)
case *commonbackend.RemoveProxy:
handleCommand("removeProxy", command, sock, runtime.RuntimeCommands)
case *commonbackend.Start:
handleCommand("start", command, sock, runtime.RuntimeCommands)
case *commonbackend.Stop:
handleCommand("stop", command, sock, runtime.RuntimeCommands)
default:
log.Warnf("Recieved unknown command type from channel: %q", command)
runtime.RuntimeCommands <- fmt.Errorf("unknown command recieved")
log.Debug("Clearing caches...")
runtime.cleanUpPendingCommandProcessingJobs()
runtime.messageBufferLock = sync.Mutex{}
} else {
log.Debug("We have not restarted.")
}
}
go func() {
log.Debug("Setting up Hermes keepalive Goroutine")
hasFailedBackendRunningCheckAlready := false
for {
if !runtime.isRuntimeRunning {
return
}
// Asking for the backend status seems to be a "good-enough" keepalive system. Plus, it provides useful telemetry.
// There isn't a ping command in the backend API, so we have to make do with what we have.
//
// To be safe here, we have to use the proper (yet annoying) facilities to prevent cross-talk, since we're in
// a goroutine, and can't talk directly. This actually has benefits, as the OuterLoop should exit on its own, if we
// encounter a critical error.
statusResponse, err := runtime.ProcessCommand(&commonbackend.BackendStatusRequest{})
if err != nil {
log.Warnf("Failed to get response for backend (in backend runtime keep alive): %s", err.Error())
log.Debugf("Attempting to close socket...")
err := sock.Close()
if err != nil {
log.Debugf("Failed to close socket: %s", err.Error())
}
continue
}
switch responseMessage := statusResponse.(type) {
case *commonbackend.BackendStatusResponse:
if !responseMessage.IsRunning {
if hasFailedBackendRunningCheckAlready {
if responseMessage.Message != "" {
log.Warnf("Backend (in backend keepalive) is up but not active: %s", responseMessage.Message)
} else {
log.Warnf("Backend (in backend keepalive) is up but not active")
}
}
hasFailedBackendRunningCheckAlready = true
}
default:
log.Errorf("Got illegal response type for backend (in backend keepalive): %T", responseMessage)
log.Debugf("Attempting to close socket...")
err := sock.Close()
if err != nil {
log.Debugf("Failed to close socket: %s", err.Error())
}
}
time.Sleep(5 * time.Second)
}
}()
OuterLoop:
for {
_ = <-runtime.startProcessingNotification
runtime.isRuntimeCurrentlyProcessing = true
for chanIndex, messageData := range runtime.messageBuffer {
if messageData == nil {
continue
}
err := handleCommand(messageData.Message, sock, messageData.Channel)
if err != nil {
log.Warnf("failed to handle command in backend runtime instance: %s", err.Error())
if strings.HasPrefix(err.Error(), "failed to write message") {
break OuterLoop
}
}
runtime.messageBuffer[chanIndex] = nil
}
runtime.isRuntimeCurrentlyProcessing = false
}
sock.Close()
}
}()
runtime.processRestartNotification <- false
for {
log.Debug("Starting process...")
@ -161,6 +224,14 @@ func (runtime *Runtime) goRoutineHandler() error {
log.Debug("Sleeping 5 seconds, and then restarting process")
time.Sleep(5 * time.Second)
// NOTE(imterah): This could cause hangs if we're not careful. If the process dies so much that we can't keep up, it should deserve to be hung, really.
// There's probably a better way to do this, but this works.
//
// If this does turn out to be a problem, just increase the Goroutine buffer size.
runtime.processRestartNotification <- true
log.Debug("Sent off notification.")
}
}
@ -169,7 +240,11 @@ func (runtime *Runtime) Start() error {
return fmt.Errorf("runtime already running")
}
runtime.RuntimeCommands = make(chan interface{})
runtime.messageBuffer = make([]*messageForBuf, 10)
runtime.messageBufferLock = sync.Mutex{}
runtime.startProcessingNotification = make(chan bool)
runtime.processRestartNotification = make(chan bool, 1)
runtime.logger = &writeLogger{
Runtime: runtime,
@ -217,6 +292,90 @@ func (runtime *Runtime) Stop() error {
return nil
}
func (runtime *Runtime) ProcessCommand(command interface{}) (interface{}, error) {
schedulingAttempts := 0
var commandChannel chan interface{}
SchedulingLoop:
for {
if !runtime.isRuntimeRunning {
time.Sleep(10 * time.Millisecond)
}
if schedulingAttempts > 50 {
return nil, fmt.Errorf("failed to schedule message transmission after 50 tries (REPORT THIS ISSUE)")
}
runtime.messageBufferLock.Lock()
// Attempt to find spot in buffer to schedule message transmission
for i, message := range runtime.messageBuffer {
if message != nil {
continue
}
commandChannel = make(chan interface{})
runtime.messageBuffer[i] = &messageForBuf{
Channel: commandChannel,
Message: command,
}
runtime.messageBufferLock.Unlock()
break SchedulingLoop
}
runtime.messageBufferLock.Unlock()
time.Sleep(100 * time.Millisecond)
schedulingAttempts++
}
if !runtime.isRuntimeCurrentlyProcessing {
runtime.startProcessingNotification <- true
}
// Fetch response and close Channel
response, ok := <-commandChannel
if !ok {
return nil, fmt.Errorf("failed to read from command channel: recieved signal that is not OK")
}
close(commandChannel)
err, ok := response.(error)
if ok {
return nil, err
}
return response, nil
}
func (runtime *Runtime) cleanUpPendingCommandProcessingJobs() {
for messageIndex, message := range runtime.messageBuffer {
if message == nil {
continue
}
timeoutChannel := time.After(100 * time.Millisecond)
select {
case <-timeoutChannel:
log.Warn("Message channel is likely running (timed out reading from it without an error)")
close(message.Channel)
case _, ok := <-message.Channel:
if ok {
log.Warn("Message channel is running, but should be stopped (since message is NOT nil!)")
close(message.Channel)
}
}
runtime.messageBuffer[messageIndex] = nil
}
}
func NewBackend(path string) *Runtime {
return &Runtime{
ProcessPath: path,

43
backend/api/backendruntime/struct.go
View file

@ -4,6 +4,9 @@ import (
"net"
"os/exec"
"strings"
"sync"
"github.com/charmbracelet/log"
)
type Backend struct {
@ -11,15 +14,28 @@ type Backend struct {
Path string `validate:"required"`
}
type Runtime struct {
isRuntimeRunning bool
logger *writeLogger
currentProcess *exec.Cmd
currentListener net.Listener
type messageForBuf struct {
Channel chan interface{}
// TODO(imterah): could this be refactored to just be a []byte instead? Look into this
Message interface{}
}
ProcessPath string
Logs []string
RuntimeCommands chan interface{}
type Runtime struct {
isRuntimeRunning bool
isRuntimeCurrentlyProcessing bool
startProcessingNotification chan bool
logger *writeLogger
currentProcess *exec.Cmd
currentListener net.Listener
processRestartNotification chan bool
messageBufferLock sync.Mutex
messageBuffer []*messageForBuf
ProcessPath string
Logs []string
OnCrashCallback func(sock net.Conn)
}
type writeLogger struct {
@ -28,6 +44,17 @@ type writeLogger struct {
func (writer writeLogger) Write(p []byte) (n int, err error) {
logSplit := strings.Split(string(p), "\n")
if shouldLog {
for _, logLine := range logSplit {
if logLine == "" {
continue
}
log.Debug("spawned backend logs: " + logLine)
}
}
writer.Runtime.Logs = append(writer.Runtime.Logs, logSplit...)
return len(p), err

365
backend/api/controllers/v1/backends/create.go
View file

@ -6,14 +6,13 @@ import (
"fmt"
"net/http"
"git.terah.dev/imterah/hermes/api/backendruntime"
"git.terah.dev/imterah/hermes/api/dbcore"
"git.terah.dev/imterah/hermes/api/jwtcore"
"git.terah.dev/imterah/hermes/api/permissions"
"git.terah.dev/imterah/hermes/commonbackend"
"git.terah.dev/imterah/hermes/backend/api/backendruntime"
"git.terah.dev/imterah/hermes/backend/api/db"
"git.terah.dev/imterah/hermes/backend/api/permissions"
"git.terah.dev/imterah/hermes/backend/api/state"
"git.terah.dev/imterah/hermes/backend/commonbackend"
"github.com/charmbracelet/log"
"github.com/gin-gonic/gin"
"github.com/go-playground/validator/v10"
)
type BackendCreationRequest struct {
@ -24,132 +23,114 @@ type BackendCreationRequest struct {
BackendParameters interface{} `json:"connectionDetails" validate:"required"`
}
func CreateBackend(c *gin.Context) {
var req BackendCreationRequest
func SetupCreateBackend(state *state.State) {
state.Engine.POST("/api/v1/backends/create", func(c *gin.Context) {
var req BackendCreationRequest
if err := c.BindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to parse body: %s", err.Error()),
})
if err := c.BindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to parse body: %s", err.Error()),
})
return
}
return
}
if err := validator.New().Struct(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to validate body: %s", err.Error()),
})
if err := state.Validator.Struct(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to validate body: %s", err.Error()),
})
return
}
return
}
user, err := jwtcore.GetUserFromJWT(req.Token)
user, err := state.JWT.GetUserFromJWT(req.Token)
if err != nil {
if err.Error() == "token is expired" || err.Error() == "user does not exist" {
if err != nil {
if err.Error() == "token is expired" || err.Error() == "user does not exist" {
c.JSON(http.StatusForbidden, gin.H{
"error": err.Error(),
})
return
} else {
log.Warnf("Failed to get user from the provided JWT token: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to parse token",
})
return
}
}
if !permissions.UserHasPermission(user, "backends.add") {
c.JSON(http.StatusForbidden, gin.H{
"error": err.Error(),
})
return
} else {
log.Warnf("Failed to get user from the provided JWT token: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to parse token",
"error": "Missing permissions",
})
return
}
}
if !permissions.UserHasPermission(user, "backends.add") {
c.JSON(http.StatusForbidden, gin.H{
"error": "Missing permissions",
})
var backendParameters []byte
return
}
switch parameters := req.BackendParameters.(type) {
case string:
backendParameters = []byte(parameters)
case map[string]interface{}:
backendParameters, err = json.Marshal(parameters)
var backendParameters []byte
if err != nil {
log.Warnf("Failed to marshal JSON recieved as BackendParameters: %s", err.Error())
switch parameters := req.BackendParameters.(type) {
case string:
backendParameters = []byte(parameters)
case map[string]interface{}:
backendParameters, err = json.Marshal(parameters)
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to prepare parameters",
})
return
}
default:
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Invalid type for connectionDetails (recieved %T)", parameters),
})
return
}
var backendRuntimeFilePath string
for _, runtime := range backendruntime.AvailableBackends {
if runtime.Name == req.Backend {
backendRuntimeFilePath = runtime.Path
}
}
if backendRuntimeFilePath == "" {
c.JSON(http.StatusBadRequest, gin.H{
"error": "Unsupported backend recieved",
})
return
}
backend := backendruntime.NewBackend(backendRuntimeFilePath)
err = backend.Start()
if err != nil {
log.Warnf("Failed to marshal JSON recieved as BackendParameters: %s", err.Error())
log.Warnf("Failed to start backend: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to prepare parameters",
"error": "Failed to start backend",
})
return
}
default:
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Invalid type for connectionDetails (recieved %T)", parameters),
backendParamCheckResponse, err := backend.ProcessCommand(&commonbackend.CheckServerParameters{
Arguments: backendParameters,
})
return
}
var backendRuntimeFilePath string
for _, runtime := range backendruntime.AvailableBackends {
if runtime.Name == req.Backend {
backendRuntimeFilePath = runtime.Path
}
}
if backendRuntimeFilePath == "" {
c.JSON(http.StatusBadRequest, gin.H{
"error": "Unsupported backend recieved",
})
return
}
backend := backendruntime.NewBackend(backendRuntimeFilePath)
err = backend.Start()
if err != nil {
log.Warnf("Failed to start backend: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to start backend",
})
return
}
backend.RuntimeCommands <- &commonbackend.CheckServerParameters{
Type: "checkServerParameters",
Arguments: backendParameters,
}
backendParamCheckResponse := <-backend.RuntimeCommands
switch responseMessage := backendParamCheckResponse.(type) {
case error:
log.Warnf("Failed to get response for backend: %s", responseMessage.Error())
err = backend.Stop()
if err != nil {
log.Warnf("Failed to stop backend: %s", err.Error())
}
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to get status response from backend",
})
return
case *commonbackend.CheckParametersResponse:
if responseMessage.InResponseTo != "checkServerParameters" {
log.Errorf("Got illegal response to CheckServerParameters: %s", responseMessage.InResponseTo)
log.Warnf("Failed to get response for backend: %s", err.Error())
err = backend.Stop()
@ -164,108 +145,126 @@ func CreateBackend(c *gin.Context) {
return
}
if !responseMessage.IsValid {
switch responseMessage := backendParamCheckResponse.(type) {
case *commonbackend.CheckParametersResponse:
if responseMessage.InResponseTo != "checkServerParameters" {
log.Errorf("Got illegal response to CheckServerParameters: %s", responseMessage.InResponseTo)
err = backend.Stop()
if err != nil {
log.Warnf("Failed to stop backend: %s", err.Error())
}
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to get status response from backend",
})
return
}
if !responseMessage.IsValid {
err = backend.Stop()
if err != nil {
log.Warnf("Failed to stop backend: %s", err.Error())
}
var errorMessage string
if responseMessage.Message == "" {
errorMessage = "Unkown error while trying to parse connectionDetails"
} else {
errorMessage = fmt.Sprintf("Invalid backend parameters: %s", responseMessage.Message)
}
c.JSON(http.StatusBadRequest, gin.H{
"error": errorMessage,
})
return
}
default:
log.Warnf("Got illegal response type for backend: %T", responseMessage)
}
log.Info("Passed backend checks successfully")
backendInDatabase := &db.Backend{
UserID: user.ID,
Name: req.Name,
Description: req.Description,
Backend: req.Backend,
BackendParameters: base64.StdEncoding.EncodeToString(backendParameters),
}
if result := state.DB.DB.Create(&backendInDatabase); result.Error != nil {
log.Warnf("Failed to create backend: %s", result.Error.Error())
err = backend.Stop()
if err != nil {
log.Warnf("Failed to stop backend: %s", err.Error())
}
var errorMessage string
if responseMessage.Message == "" {
errorMessage = "Unkown error while trying to parse connectionDetails"
} else {
errorMessage = fmt.Sprintf("Invalid backend parameters: %s", responseMessage.Message)
}
c.JSON(http.StatusBadRequest, gin.H{
"error": errorMessage,
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to add backend into database",
})
return
}
default:
log.Warnf("Got illegal response type for backend: %T", responseMessage)
}
log.Info("Passed backend checks successfully")
backendInDatabase := &dbcore.Backend{
UserID: user.ID,
Name: req.Name,
Description: req.Description,
Backend: req.Backend,
BackendParameters: base64.StdEncoding.EncodeToString(backendParameters),
}
if result := dbcore.DB.Create(&backendInDatabase); result.Error != nil {
log.Warnf("Failed to create backend: %s", result.Error.Error())
err = backend.Stop()
if err != nil {
log.Warnf("Failed to stop backend: %s", err.Error())
}
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to add backend into database",
backendStartResponse, err := backend.ProcessCommand(&commonbackend.Start{
Arguments: backendParameters,
})
return
}
backend.RuntimeCommands <- &commonbackend.Start{
Type: "start",
Arguments: backendParameters,
}
backendStartResponse := <-backend.RuntimeCommands
switch responseMessage := backendStartResponse.(type) {
case error:
log.Warnf("Failed to get response for backend: %s", responseMessage.Error())
err = backend.Stop()
if err != nil {
log.Warnf("Failed to stop backend: %s", err.Error())
}
log.Warnf("Failed to get response for backend: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to get status response from backend",
})
return
case *commonbackend.BackendStatusResponse:
if !responseMessage.IsRunning {
err = backend.Stop()
if err != nil {
log.Warnf("Failed to start backend: %s", err.Error())
log.Warnf("Failed to stop backend: %s", err.Error())
}
var errorMessage string
if responseMessage.Message == "" {
errorMessage = "Unkown error while trying to start the backend"
} else {
errorMessage = fmt.Sprintf("Failed to start backend: %s", responseMessage.Message)
}
c.JSON(http.StatusBadRequest, gin.H{
"error": errorMessage,
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to get status response from backend",
})
return
}
default:
log.Warnf("Got illegal response type for backend: %T", responseMessage)
}
backendruntime.RunningBackends[backendInDatabase.ID] = backend
switch responseMessage := backendStartResponse.(type) {
case *commonbackend.BackendStatusResponse:
if !responseMessage.IsRunning {
err = backend.Stop()
c.JSON(http.StatusOK, gin.H{
"success": true,
if err != nil {
log.Warnf("Failed to start backend: %s", err.Error())
}
var errorMessage string
if responseMessage.Message == "" {
errorMessage = "Unkown error while trying to start the backend"
} else {
errorMessage = fmt.Sprintf("Failed to start backend: %s", responseMessage.Message)
}
c.JSON(http.StatusBadRequest, gin.H{
"error": errorMessage,
})
return
}
default:
log.Warnf("Got illegal response type for backend: %T", responseMessage)
}
backendruntime.RunningBackends[backendInDatabase.ID] = backend
c.JSON(http.StatusOK, gin.H{
"success": true,
})
})
}

195
backend/api/controllers/v1/backends/lookup.go
View file

@ -6,13 +6,12 @@ import (
"net/http"
"strings"
"git.terah.dev/imterah/hermes/api/backendruntime"
"git.terah.dev/imterah/hermes/api/dbcore"
"git.terah.dev/imterah/hermes/api/jwtcore"
"git.terah.dev/imterah/hermes/api/permissions"
"git.terah.dev/imterah/hermes/backend/api/backendruntime"
"git.terah.dev/imterah/hermes/backend/api/db"
"git.terah.dev/imterah/hermes/backend/api/permissions"
"git.terah.dev/imterah/hermes/backend/api/state"
"github.com/charmbracelet/log"
"github.com/gin-gonic/gin"
"github.com/go-playground/validator/v10"
)
type BackendLookupRequest struct {
@ -27,9 +26,9 @@ type SanitizedBackend struct {
Name string `json:"name"`
BackendID uint `json:"id"`
OwnerID uint `json:"ownerID"`
Description *string `json:"description"`
Description *string `json:"description,omitempty"`
Backend string `json:"backend"`
BackendParameters *string `json:"connectionDetails"`
BackendParameters *string `json:"connectionDetails,omitempty"`
Logs []string `json:"logs"`
}
@ -38,95 +37,80 @@ type LookupResponse struct {
Data []*SanitizedBackend `json:"data"`
}
func LookupBackend(c *gin.Context) {
var req BackendLookupRequest
func SetupLookupBackend(state *state.State) {
state.Engine.POST("/api/v1/backends/lookup", func(c *gin.Context) {
var req BackendLookupRequest
if err := c.BindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to parse body: %s", err.Error()),
})
return
}
if err := validator.New().Struct(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to validate body: %s", err.Error()),
})
return
}
user, err := jwtcore.GetUserFromJWT(req.Token)
if err != nil {
if err.Error() == "token is expired" || err.Error() == "user does not exist" {
c.JSON(http.StatusForbidden, gin.H{
"error": err.Error(),
})
return
} else {
log.Warnf("Failed to get user from the provided JWT token: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to parse token",
if err := c.BindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to parse body: %s", err.Error()),
})
return
}
}
if !permissions.UserHasPermission(user, "backends.visible") {
c.JSON(http.StatusForbidden, gin.H{
"error": "Missing permissions",
})
if err := state.Validator.Struct(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to validate body: %s", err.Error()),
})
return
}
return
}
backends := []dbcore.Backend{}
queryString := []string{}
queryParameters := []interface{}{}
user, err := state.JWT.GetUserFromJWT(req.Token)
if req.BackendID != nil {
queryString = append(queryString, "id = ?")
queryParameters = append(queryParameters, req.BackendID)
}
if err != nil {
if err.Error() == "token is expired" || err.Error() == "user does not exist" {
c.JSON(http.StatusForbidden, gin.H{
"error": err.Error(),
})
if req.Name != nil {
queryString = append(queryString, "name = ?")
queryParameters = append(queryParameters, req.Name)
}
return
} else {
log.Warnf("Failed to get user from the provided JWT token: %s", err.Error())
if req.Description != nil {
queryString = append(queryString, "description = ?")
queryParameters = append(queryParameters, req.Description)
}
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to parse token",
})
if req.Backend != nil {
queryString = append(queryString, "is_bot = ?")
queryParameters = append(queryParameters, req.Backend)
}
return
}
}
if err := dbcore.DB.Where(strings.Join(queryString, " AND "), queryParameters...).Find(&backends).Error; err != nil {
log.Warnf("Failed to get backends: %s", err.Error())
if !permissions.UserHasPermission(user, "backends.visible") {
c.JSON(http.StatusForbidden, gin.H{
"error": "Missing permissions",
})
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to get backends",
})
return
}
return
}
backends := []db.Backend{}
queryString := []string{}
queryParameters := []interface{}{}
sanitizedBackends := make([]*SanitizedBackend, len(backends))
hasSecretVisibility := permissions.UserHasPermission(user, "backends.secretVis")
if req.BackendID != nil {
queryString = append(queryString, "id = ?")
queryParameters = append(queryParameters, req.BackendID)
}
for backendIndex, backend := range backends {
foundBackend, ok := backendruntime.RunningBackends[backend.ID]
if req.Name != nil {
queryString = append(queryString, "name = ?")
queryParameters = append(queryParameters, req.Name)
}
if !ok {
log.Warnf("Failed to get backend #%d controller", backend.ID)
if req.Description != nil {
queryString = append(queryString, "description = ?")
queryParameters = append(queryParameters, req.Description)
}
if req.Backend != nil {
queryString = append(queryString, "is_bot = ?")
queryParameters = append(queryParameters, req.Backend)
}
if err := state.DB.DB.Where(strings.Join(queryString, " AND "), queryParameters...).Find(&backends).Error; err != nil {
log.Warnf("Failed to get backends: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to get backends",
@ -135,29 +119,46 @@ func LookupBackend(c *gin.Context) {
return
}
sanitizedBackends[backendIndex] = &SanitizedBackend{
BackendID: backend.ID,
OwnerID: backend.UserID,
Name: backend.Name,
Description: backend.Description,
Backend: backend.Backend,
Logs: foundBackend.Logs,
}
sanitizedBackends := make([]*SanitizedBackend, len(backends))
hasSecretVisibility := permissions.UserHasPermission(user, "backends.secretVis")
if backend.UserID == user.ID || hasSecretVisibility {
backendParametersBytes, err := base64.StdEncoding.DecodeString(backend.BackendParameters)
for backendIndex, backend := range backends {
foundBackend, ok := backendruntime.RunningBackends[backend.ID]
if err != nil {
log.Warnf("Failed to decode base64 backend parameters: %s", err.Error())
if !ok {
log.Warnf("Failed to get backend #%d controller", backend.ID)
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to get backends",
})
return
}
backendParameters := string(backendParametersBytes)
sanitizedBackends[backendIndex].BackendParameters = &backendParameters
}
}
sanitizedBackends[backendIndex] = &SanitizedBackend{
BackendID: backend.ID,
OwnerID: backend.UserID,
Name: backend.Name,
Description: backend.Description,
Backend: backend.Backend,
Logs: foundBackend.Logs,
}
c.JSON(http.StatusOK, &LookupResponse{
Success: true,
Data: sanitizedBackends,
if backend.UserID == user.ID || hasSecretVisibility {
backendParametersBytes, err := base64.StdEncoding.DecodeString(backend.BackendParameters)
if err != nil {
log.Warnf("Failed to decode base64 backend parameters: %s", err.Error())
}
backendParameters := string(backendParametersBytes)
sanitizedBackends[backendIndex].BackendParameters = &backendParameters
}
}
c.JSON(http.StatusOK, &LookupResponse{
Success: true,
Data: sanitizedBackends,
})
})
}

179
backend/api/controllers/v1/backends/remove.go
View file

@ -4,13 +4,12 @@ import (
"fmt"
"net/http"
"git.terah.dev/imterah/hermes/api/backendruntime"
"git.terah.dev/imterah/hermes/api/dbcore"
"git.terah.dev/imterah/hermes/api/jwtcore"
"git.terah.dev/imterah/hermes/api/permissions"
"git.terah.dev/imterah/hermes/backend/api/backendruntime"
"git.terah.dev/imterah/hermes/backend/api/db"
"git.terah.dev/imterah/hermes/backend/api/permissions"
"git.terah.dev/imterah/hermes/backend/api/state"
"github.com/charmbracelet/log"
"github.com/gin-gonic/gin"
"github.com/go-playground/validator/v10"
)
type BackendRemovalRequest struct {
@ -18,106 +17,108 @@ type BackendRemovalRequest struct {
BackendID uint `json:"id" validate:"required"`
}
func RemoveBackend(c *gin.Context) {
var req BackendRemovalRequest
func SetupRemoveBackend(state *state.State) {
state.Engine.POST("/api/v1/backends/remove", func(c *gin.Context) {
var req BackendRemovalRequest
if err := c.BindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to parse body: %s", err.Error()),
})
return
}
if err := validator.New().Struct(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to validate body: %s", err.Error()),
})
return
}
user, err := jwtcore.GetUserFromJWT(req.Token)
if err != nil {
if err.Error() == "token is expired" || err.Error() == "user does not exist" {
c.JSON(http.StatusForbidden, gin.H{
"error": err.Error(),
})
return
} else {
log.Warnf("Failed to get user from the provided JWT token: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to parse token",
if err := c.BindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to parse body: %s", err.Error()),
})
return
}
}
if !permissions.UserHasPermission(user, "backends.remove") {
c.JSON(http.StatusForbidden, gin.H{
"error": "Missing permissions",
})
if err := state.Validator.Struct(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to validate body: %s", err.Error()),
})
return
}
return
}
var backend *dbcore.Backend
backendRequest := dbcore.DB.Where("id = ?", req.BackendID).Find(&backend)
if backendRequest.Error != nil {
log.Warnf("failed to find if backend exists or not: %s", backendRequest.Error)
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to find if backend exists",
})
return
}
backendExists := backendRequest.RowsAffected > 0
if !backendExists {
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Backend doesn't exist",
})
return
}
if err := dbcore.DB.Delete(backend).Error; err != nil {
log.Warnf("failed to delete backend: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to delete backend",
})
return
}
backendInstance, ok := backendruntime.RunningBackends[req.BackendID]
if ok {
err = backendInstance.Stop()
user, err := state.JWT.GetUserFromJWT(req.Token)
if err != nil {
log.Warnf("Failed to stop backend: %s", err.Error())
if err.Error() == "token is expired" || err.Error() == "user does not exist" {
c.JSON(http.StatusForbidden, gin.H{
"error": err.Error(),
})
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Backend deleted, but failed to stop",
return
} else {
log.Warnf("Failed to get user from the provided JWT token: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to parse token",
})
return
}
}
if !permissions.UserHasPermission(user, "backends.remove") {
c.JSON(http.StatusForbidden, gin.H{
"error": "Missing permissions",
})
delete(backendruntime.RunningBackends, req.BackendID)
return
}
delete(backendruntime.RunningBackends, req.BackendID)
}
var backend *db.Backend
backendRequest := state.DB.DB.Where("id = ?", req.BackendID).Find(&backend)
c.JSON(http.StatusOK, gin.H{
"success": true,
if backendRequest.Error != nil {
log.Warnf("failed to find if backend exists or not: %s", backendRequest.Error.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to find if backend exists",
})
return
}
backendExists := backendRequest.RowsAffected > 0
if !backendExists {
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Backend doesn't exist",
})
return
}
if err := state.DB.DB.Delete(backend).Error; err != nil {
log.Warnf("failed to delete backend: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to delete backend",
})
return
}
backendInstance, ok := backendruntime.RunningBackends[req.BackendID]
if ok {
err = backendInstance.Stop()
if err != nil {
log.Warnf("Failed to stop backend: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Backend deleted, but failed to stop",
})
delete(backendruntime.RunningBackends, req.BackendID)
return
}
delete(backendruntime.RunningBackends, req.BackendID)
}
c.JSON(http.StatusOK, gin.H{
"success": true,
})
})
}

232
backend/api/controllers/v1/proxies/connections.go
View file

@ -4,14 +4,13 @@ import (
"fmt"
"net/http"
"git.terah.dev/imterah/hermes/api/backendruntime"
"git.terah.dev/imterah/hermes/api/dbcore"
"git.terah.dev/imterah/hermes/api/jwtcore"
"git.terah.dev/imterah/hermes/api/permissions"
"git.terah.dev/imterah/hermes/commonbackend"
"git.terah.dev/imterah/hermes/backend/api/backendruntime"
"git.terah.dev/imterah/hermes/backend/api/db"
"git.terah.dev/imterah/hermes/backend/api/permissions"
"git.terah.dev/imterah/hermes/backend/api/state"
"git.terah.dev/imterah/hermes/backend/commonbackend"
"github.com/charmbracelet/log"
"github.com/gin-gonic/gin"
"github.com/go-playground/validator/v10"
)
type ConnectionsRequest struct {
@ -37,127 +36,130 @@ type ConnectionsResponse struct {
Data []*SanitizedConnection `json:"data"`
}
func GetConnections(c *gin.Context) {
var req ConnectionsRequest
func SetupGetConnections(state *state.State) {
state.Engine.POST("/api/v1/forward/connections", func(c *gin.Context) {
var req ConnectionsRequest
if err := c.BindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to parse body: %s", err.Error()),
})
return
}
if err := validator.New().Struct(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to validate body: %s", err.Error()),
})
return
}
user, err := jwtcore.GetUserFromJWT(req.Token)
if err != nil {
if err.Error() == "token is expired" || err.Error() == "user does not exist" {
c.JSON(http.StatusForbidden, gin.H{
"error": err.Error(),
})
return
} else {
log.Warnf("Failed to get user from the provided JWT token: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to parse token",
if err := c.BindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to parse body: %s", err.Error()),
})
return
}
}
if !permissions.UserHasPermission(user, "routes.visibleConn") {
c.JSON(http.StatusForbidden, gin.H{
"error": "Missing permissions",
})
if err := state.Validator.Struct(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to validate body: %s", err.Error()),
})
return
}
return
}
var proxy dbcore.Proxy
proxyRequest := dbcore.DB.Where("id = ?", req.Id).First(&proxy)
user, err := state.JWT.GetUserFromJWT(req.Token)
if proxyRequest.Error != nil {
log.Warnf("failed to find proxy: %s", proxyRequest.Error)
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to find forward entry",
})
return
}
proxyExists := proxyRequest.RowsAffected > 0
if !proxyExists {
c.JSON(http.StatusBadRequest, gin.H{
"error": "No forward entry found",
})
return
}
backendRuntime, ok := backendruntime.RunningBackends[proxy.BackendID]
if !ok {
log.Warnf("Couldn't fetch backend runtime from backend ID #%d", proxy.BackendID)
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Couldn't fetch backend runtime",
})
return
}
backendRuntime.RuntimeCommands <- &commonbackend.ProxyConnectionsRequest{
Type: "proxyConnectionsRequest",
}
backendResponse := <-backendRuntime.RuntimeCommands
switch responseMessage := backendResponse.(type) {
case error:
log.Warnf("Failed to get response for backend: %s", responseMessage.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to get status response from backend",
})
case *commonbackend.ProxyConnectionsResponse:
sanitizedConnections := []*SanitizedConnection{}
for _, connection := range responseMessage.Connections {
if connection.SourceIP == proxy.SourceIP && connection.SourcePort == proxy.SourcePort && proxy.DestinationPort == proxy.DestinationPort {
sanitizedConnections = append(sanitizedConnections, &SanitizedConnection{
ClientIP: connection.ClientIP,
Port: connection.ClientPort,
ConnectionDetails: &ConnectionDetailsForConnection{
SourceIP: proxy.SourceIP,
SourcePort: proxy.SourcePort,
DestPort: proxy.DestinationPort,
},
if err != nil {
if err.Error() == "token is expired" || err.Error() == "user does not exist" {
c.JSON(http.StatusForbidden, gin.H{
"error": err.Error(),
})
return
} else {
log.Warnf("Failed to get user from the provided JWT token: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to parse token",
})
return
}
}
c.JSON(http.StatusOK, &ConnectionsResponse{
Success: true,
Data: sanitizedConnections,
})
default:
log.Warnf("Got illegal response type for backend: %T", responseMessage)
if !permissions.UserHasPermission(user, "routes.visibleConn") {
c.JSON(http.StatusForbidden, gin.H{
"error": "Missing permissions",
})
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Got illegal response type",
})
}
return
}
var proxy db.Proxy
proxyRequest := state.DB.DB.Where("id = ?", req.Id).First(&proxy)
if proxyRequest.Error != nil {
log.Warnf("failed to find proxy: %s", proxyRequest.Error.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to find forward entry",
})
return
}
proxyExists := proxyRequest.RowsAffected > 0
if !proxyExists {
c.JSON(http.StatusBadRequest, gin.H{
"error": "No forward entry found",
})
return
}
backendRuntime, ok := backendruntime.RunningBackends[proxy.BackendID]
if !ok {
log.Warnf("Couldn't fetch backend runtime from backend ID #%d", proxy.BackendID)
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Couldn't fetch backend runtime",
})
return
}
backendResponse, err := backendRuntime.ProcessCommand(&commonbackend.ProxyConnectionsRequest{})
if err != nil {
log.Warnf("Failed to get response for backend: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to get status response from backend",
})
return
}
switch responseMessage := backendResponse.(type) {
case *commonbackend.ProxyConnectionsResponse:
sanitizedConnections := []*SanitizedConnection{}
for _, connection := range responseMessage.Connections {
if connection.SourceIP == proxy.SourceIP && connection.SourcePort == proxy.SourcePort && proxy.DestinationPort == proxy.DestinationPort {
sanitizedConnections = append(sanitizedConnections, &SanitizedConnection{
ClientIP: connection.ClientIP,
Port: connection.ClientPort,
ConnectionDetails: &ConnectionDetailsForConnection{
SourceIP: proxy.SourceIP,
SourcePort: proxy.SourcePort,
DestPort: proxy.DestinationPort,
},
})
}
}
c.JSON(http.StatusOK, &ConnectionsResponse{
Success: true,
Data: sanitizedConnections,
})
default:
log.Warnf("Got illegal response type for backend: %T", responseMessage)
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Got illegal response type",
})
}
})
}

279
backend/api/controllers/v1/proxies/create.go
View file

@ -4,14 +4,13 @@ import (
"fmt"
"net/http"
"git.terah.dev/imterah/hermes/api/backendruntime"
"git.terah.dev/imterah/hermes/api/dbcore"
"git.terah.dev/imterah/hermes/api/jwtcore"
"git.terah.dev/imterah/hermes/api/permissions"
"git.terah.dev/imterah/hermes/commonbackend"
"git.terah.dev/imterah/hermes/backend/api/backendruntime"
"git.terah.dev/imterah/hermes/backend/api/db"
"git.terah.dev/imterah/hermes/backend/api/permissions"
"git.terah.dev/imterah/hermes/backend/api/state"
"git.terah.dev/imterah/hermes/backend/commonbackend"
"github.com/charmbracelet/log"
"github.com/gin-gonic/gin"
"github.com/go-playground/validator/v10"
)
type ProxyCreationRequest struct {
@ -26,149 +25,153 @@ type ProxyCreationRequest struct {
AutoStart *bool `json:"autoStart"`
}
func CreateProxy(c *gin.Context) {
var req ProxyCreationRequest
func SetupCreateProxy(state *state.State) {
state.Engine.POST("/api/v1/forward/create", func(c *gin.Context) {
var req ProxyCreationRequest
if err := c.BindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to parse body: %s", err.Error()),
})
return
}
if err := validator.New().Struct(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to validate body: %s", err.Error()),
})
return
}
user, err := jwtcore.GetUserFromJWT(req.Token)
if err != nil {
if err.Error() == "token is expired" || err.Error() == "user does not exist" {
c.JSON(http.StatusForbidden, gin.H{
"error": err.Error(),
})
return
} else {
log.Warnf("Failed to get user from the provided JWT token: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to parse token",
})
return
}
}
if !permissions.UserHasPermission(user, "routes.add") {
c.JSON(http.StatusForbidden, gin.H{
"error": "Missing permissions",
})
return
}
if req.Protocol != "tcp" && req.Protocol != "udp" {
c.JSON(http.StatusBadRequest, gin.H{
"error": "Protocol must be either 'tcp' or 'udp'",
})
return
}
var backend dbcore.Backend
backendRequest := dbcore.DB.Where("id = ?", req.ProviderID).First(&backend)
if backendRequest.Error != nil {
log.Warnf("failed to find if backend exists or not: %s", backendRequest.Error)
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to find if backend exists",
})
}
backendExists := backendRequest.RowsAffected > 0
if !backendExists {
c.JSON(http.StatusBadRequest, gin.H{
"error": "Could not find backend",
})
}
autoStart := false
if req.AutoStart != nil {
autoStart = *req.AutoStart
}
proxy := &dbcore.Proxy{
UserID: user.ID,
BackendID: req.ProviderID,
Name: req.Name,
Description: req.Description,
Protocol: req.Protocol,
SourceIP: req.SourceIP,
SourcePort: req.SourcePort,
DestinationPort: req.DestinationPort,
AutoStart: autoStart,
}
if result := dbcore.DB.Create(proxy); result.Error != nil {
log.Warnf("failed to create proxy: %s", result.Error.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to add forward rule to database",
})
}
if autoStart {
backend, ok := backendruntime.RunningBackends[proxy.BackendID]
if !ok {
log.Warnf("Couldn't fetch backend runtime from backend ID #%d", proxy.BackendID)
c.JSON(http.StatusOK, gin.H{
"success": true,
"id": proxy.ID,
if err := c.BindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to parse body: %s", err.Error()),
})
return
}
backend.RuntimeCommands <- &commonbackend.AddProxy{
Type: "addProxy",
SourceIP: proxy.SourceIP,
SourcePort: proxy.SourcePort,
DestPort: proxy.DestinationPort,
Protocol: proxy.Protocol,
}
backendResponse := <-backend.RuntimeCommands
switch responseMessage := backendResponse.(type) {
case error:
log.Warnf("Failed to get response for backend #%d: %s", proxy.BackendID, responseMessage.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "failed to get response from backend",
if err := state.Validator.Struct(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to validate body: %s", err.Error()),
})
return
case *commonbackend.ProxyStatusResponse:
if !responseMessage.IsActive {
log.Warnf("Failed to start proxy for backend #%d", proxy.BackendID)
}
user, err := state.JWT.GetUserFromJWT(req.Token)
if err != nil {
if err.Error() == "token is expired" || err.Error() == "user does not exist" {
c.JSON(http.StatusForbidden, gin.H{
"error": err.Error(),
})
return
} else {
log.Warnf("Failed to get user from the provided JWT token: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to parse token",
})
return
}
default:
log.Errorf("Got illegal response type for backend #%d: %T", proxy.BackendID, responseMessage)
}
}
c.JSON(http.StatusOK, gin.H{
"success": true,
"id": proxy.ID,
if !permissions.UserHasPermission(user, "routes.add") {
c.JSON(http.StatusForbidden, gin.H{
"error": "Missing permissions",
})
return
}
if req.Protocol != "tcp" && req.Protocol != "udp" {
c.JSON(http.StatusBadRequest, gin.H{
"error": "Protocol must be either 'tcp' or 'udp'",
})
return
}
var backend db.Backend
backendRequest := state.DB.DB.Where("id = ?", req.ProviderID).First(&backend)
if backendRequest.Error != nil {
log.Warnf("failed to find if backend exists or not: %s", backendRequest.Error.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to find if backend exists",
})
}
backendExists := backendRequest.RowsAffected > 0
if !backendExists {
c.JSON(http.StatusBadRequest, gin.H{
"error": "Could not find backend",
})
}
autoStart := false
if req.AutoStart != nil {
autoStart = *req.AutoStart
}
proxy := &db.Proxy{
UserID: user.ID,
BackendID: req.ProviderID,
Name: req.Name,
Description: req.Description,
Protocol: req.Protocol,
SourceIP: req.SourceIP,
SourcePort: req.SourcePort,
DestinationPort: req.DestinationPort,
AutoStart: autoStart,
}
if result := state.DB.DB.Create(proxy); result.Error != nil {
log.Warnf("failed to create proxy: %s", result.Error.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to add forward rule to database",
})
return
}
if autoStart {
backend, ok := backendruntime.RunningBackends[proxy.BackendID]
if !ok {
log.Warnf("Couldn't fetch backend runtime from backend ID #%d", proxy.BackendID)
c.JSON(http.StatusOK, gin.H{
"success": true,
"id": proxy.ID,
})
return
}
backendResponse, err := backend.ProcessCommand(&commonbackend.AddProxy{
SourceIP: proxy.SourceIP,
SourcePort: proxy.SourcePort,
DestPort: proxy.DestinationPort,
Protocol: proxy.Protocol,
})
if err != nil {
log.Warnf("Failed to get response for backend #%d: %s", proxy.BackendID, err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "failed to get response from backend",
})
return
}
switch responseMessage := backendResponse.(type) {
case *commonbackend.ProxyStatusResponse:
if !responseMessage.IsActive {
log.Warnf("Failed to start proxy for backend #%d", proxy.BackendID)
}
default:
log.Errorf("Got illegal response type for backend #%d: %T", proxy.BackendID, responseMessage)
}
}
c.JSON(http.StatusOK, gin.H{
"success": true,
"id": proxy.ID,
})
})
}

251
backend/api/controllers/v1/proxies/lookup.go
View file

@ -5,12 +5,11 @@ import (
"net/http"
"strings"
"git.terah.dev/imterah/hermes/api/dbcore"
"git.terah.dev/imterah/hermes/api/jwtcore"
"git.terah.dev/imterah/hermes/api/permissions"
"git.terah.dev/imterah/hermes/backend/api/db"
"git.terah.dev/imterah/hermes/backend/api/permissions"
"git.terah.dev/imterah/hermes/backend/api/state"
"github.com/charmbracelet/log"
"github.com/gin-gonic/gin"
"github.com/go-playground/validator/v10"
)
type ProxyLookupRequest struct {
@ -29,7 +28,7 @@ type ProxyLookupRequest struct {
type SanitizedProxy struct {
Id uint `json:"id"`
Name string `json:"name"`
Description *string `json:"description"`
Description *string `json:"description,omitempty"`
Protcol string `json:"protocol"`
SourceIP string `json:"sourceIP"`
SourcePort uint16 `json:"sourcePort"`
@ -43,139 +42,143 @@ type ProxyLookupResponse struct {
Data []*SanitizedProxy `json:"data"`
}
func LookupProxy(c *gin.Context) {
var req ProxyLookupRequest
func SetupLookupProxy(state *state.State) {
state.Engine.POST("/api/v1/forward/lookup", func(c *gin.Context) {
var req ProxyLookupRequest
if err := c.BindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to parse body: %s", err.Error()),
})
return
}
if err := validator.New().Struct(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to validate body: %s", err.Error()),
})
return
}
user, err := jwtcore.GetUserFromJWT(req.Token)
if err != nil {
if err.Error() == "token is expired" || err.Error() == "user does not exist" {
c.JSON(http.StatusForbidden, gin.H{
"error": err.Error(),
if err := c.BindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to parse body: %s", err.Error()),
})
return
} else {
log.Warnf("Failed to get user from the provided JWT token: %s", err.Error())
}
if err := state.Validator.Struct(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to validate body: %s", err.Error()),
})
return
}
user, err := state.JWT.GetUserFromJWT(req.Token)
if err != nil {
if err.Error() == "token is expired" || err.Error() == "user does not exist" {
c.JSON(http.StatusForbidden, gin.H{
"error": err.Error(),
})
return
} else {
log.Warnf("Failed to get user from the provided JWT token: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to parse token",
})
return
}
}
if !permissions.UserHasPermission(user, "routes.visible") {
c.JSON(http.StatusForbidden, gin.H{
"error": "Missing permissions",
})
return
}
if req.Protocol != nil {
if *req.Protocol != "tcp" && *req.Protocol != "udp" {
c.JSON(http.StatusBadRequest, gin.H{
"error": "Protocol specified in body must either be 'tcp' or 'udp'",
})
return
}
}
proxies := []db.Proxy{}
queryString := []string{}
queryParameters := []interface{}{}
if req.Id != nil {
queryString = append(queryString, "id = ?")
queryParameters = append(queryParameters, req.Id)
}
if req.Name != nil {
queryString = append(queryString, "name = ?")
queryParameters = append(queryParameters, req.Name)
}
if req.Description != nil {
queryString = append(queryString, "description = ?")
queryParameters = append(queryParameters, req.Description)
}
if req.SourceIP != nil {
queryString = append(queryString, "name = ?")
queryParameters = append(queryParameters, req.Name)
}
if req.SourcePort != nil {
queryString = append(queryString, "source_port = ?")
queryParameters = append(queryParameters, req.SourcePort)
}
if req.DestinationPort != nil {
queryString = append(queryString, "destination_port = ?")
queryParameters = append(queryParameters, req.DestinationPort)
}
if req.ProviderID != nil {
queryString = append(queryString, "backend_id = ?")
queryParameters = append(queryParameters, req.ProviderID)
}
if req.AutoStart != nil {
queryString = append(queryString, "auto_start = ?")
queryParameters = append(queryParameters, req.AutoStart)
}
if req.Protocol != nil {
queryString = append(queryString, "protocol = ?")
queryParameters = append(queryParameters, req.Protocol)
}
if err := state.DB.DB.Where(strings.Join(queryString, " AND "), queryParameters...).Find(&proxies).Error; err != nil {
log.Warnf("failed to get proxies: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to parse token",
"error": "Failed to get proxies",
})
return
}
}
if !permissions.UserHasPermission(user, "routes.visible") {
c.JSON(http.StatusForbidden, gin.H{
"error": "Missing permissions",
})
sanitizedProxies := make([]*SanitizedProxy, len(proxies))
return
}
if req.Protocol != nil {
if *req.Protocol != "tcp" && *req.Protocol != "udp" {
c.JSON(http.StatusBadRequest, gin.H{
"error": "Protocol specified in body must either be 'tcp' or 'udp'",
})
for proxyIndex, proxy := range proxies {
sanitizedProxies[proxyIndex] = &SanitizedProxy{
Id: proxy.ID,
Name: proxy.Name,
Description: proxy.Description,
Protcol: proxy.Protocol,
SourceIP: proxy.SourceIP,
SourcePort: proxy.SourcePort,
DestinationPort: proxy.DestinationPort,
ProviderID: proxy.BackendID,
AutoStart: proxy.AutoStart,
}
}
}
proxies := []dbcore.Proxy{}
queryString := []string{}
queryParameters := []interface{}{}
if req.Id != nil {
queryString = append(queryString, "id = ?")
queryParameters = append(queryParameters, req.Id)
}
if req.Name != nil {
queryString = append(queryString, "name = ?")
queryParameters = append(queryParameters, req.Name)
}
if req.Description != nil {
queryString = append(queryString, "description = ?")
queryParameters = append(queryParameters, req.Description)
}
if req.SourceIP != nil {
queryString = append(queryString, "name = ?")
queryParameters = append(queryParameters, req.Name)
}
if req.SourcePort != nil {
queryString = append(queryString, "source_port = ?")
queryParameters = append(queryParameters, req.SourcePort)
}
if req.DestinationPort != nil {
queryString = append(queryString, "destination_port = ?")
queryParameters = append(queryParameters, req.DestinationPort)
}
if req.ProviderID != nil {
queryString = append(queryString, "backend_id = ?")
queryParameters = append(queryParameters, req.ProviderID)
}
if req.AutoStart != nil {
queryString = append(queryString, "auto_start = ?")
queryParameters = append(queryParameters, req.AutoStart)
}
if req.Protocol != nil {
queryString = append(queryString, "protocol = ?")
queryParameters = append(queryParameters, req.Protocol)
}
if err := dbcore.DB.Where(strings.Join(queryString, " AND "), queryParameters...).Find(&proxies).Error; err != nil {
log.Warnf("failed to get proxies: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to get proxies",
c.JSON(http.StatusOK, &ProxyLookupResponse{
Success: true,
Data: sanitizedProxies,
})
return
}
sanitizedProxies := make([]*SanitizedProxy, len(proxies))
for proxyIndex, proxy := range proxies {
sanitizedProxies[proxyIndex] = &SanitizedProxy{
Id: proxy.ID,
Name: proxy.Name,
Description: proxy.Description,
Protcol: proxy.Protocol,
SourceIP: proxy.SourceIP,
SourcePort: proxy.SourcePort,
DestinationPort: proxy.DestinationPort,
ProviderID: proxy.BackendID,
AutoStart: proxy.AutoStart,
}
}
c.JSON(http.StatusOK, &ProxyLookupResponse{
Success: true,
Data: sanitizedProxies,
})
}

225
backend/api/controllers/v1/proxies/remove.go
View file

@ -4,14 +4,13 @@ import (
"fmt"
"net/http"
"git.terah.dev/imterah/hermes/api/backendruntime"
"git.terah.dev/imterah/hermes/api/dbcore"
"git.terah.dev/imterah/hermes/api/jwtcore"
"git.terah.dev/imterah/hermes/api/permissions"
"git.terah.dev/imterah/hermes/commonbackend"
"git.terah.dev/imterah/hermes/backend/api/backendruntime"
"git.terah.dev/imterah/hermes/backend/api/db"
"git.terah.dev/imterah/hermes/backend/api/permissions"
"git.terah.dev/imterah/hermes/backend/api/state"
"git.terah.dev/imterah/hermes/backend/commonbackend"
"github.com/charmbracelet/log"
"github.com/gin-gonic/gin"
"github.com/go-playground/validator/v10"
)
type ProxyRemovalRequest struct {
@ -19,135 +18,133 @@ type ProxyRemovalRequest struct {
ID uint `validate:"required" json:"id"`
}
func RemoveProxy(c *gin.Context) {
var req ProxyRemovalRequest
func SetupRemoveProxy(state *state.State) {
state.Engine.POST("/api/v1/forward/remove", func(c *gin.Context) {
var req ProxyRemovalRequest
if err := c.BindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to parse body: %s", err.Error()),
})
if err := c.BindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to parse body: %s", err.Error()),
})
return
}
return
}
if err := validator.New().Struct(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to validate body: %s", err.Error()),
})
if err := state.Validator.Struct(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to validate body: %s", err.Error()),
})
return
}
return
}
user, err := jwtcore.GetUserFromJWT(req.Token)
if err != nil {
if err.Error() == "token is expired" || err.Error() == "user does not exist" {
user, err := state.JWT.GetUserFromJWT(req.Token)
if err != nil {
if err.Error() == "token is expired" || err.Error() == "user does not exist" {
c.JSON(http.StatusForbidden, gin.H{
"error": err.Error(),
})
return
} else {
log.Warnf("Failed to get user from the provided JWT token: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to parse token",
})
return
}
}
if !permissions.UserHasPermission(user, "routes.remove") {
c.JSON(http.StatusForbidden, gin.H{
"error": err.Error(),
})
return
} else {
log.Warnf("Failed to get user from the provided JWT token: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to parse token",
"error": "Missing permissions",
})
return
}
}
if !permissions.UserHasPermission(user, "routes.remove") {
c.JSON(http.StatusForbidden, gin.H{
"error": "Missing permissions",
})
var proxy *db.Proxy
proxyRequest := state.DB.DB.Where("id = ?", req.ID).Find(&proxy)
return
}
if proxyRequest.Error != nil {
log.Warnf("failed to find if proxy exists or not: %s", proxyRequest.Error.Error())
var proxy *dbcore.Proxy
proxyRequest := dbcore.DB.Where("id = ?", req.ID).Find(&proxy)
if proxyRequest.Error != nil {
log.Warnf("failed to find if proxy exists or not: %s", proxyRequest.Error)
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to find if forward rule exists",
})
return
}
proxyExists := proxyRequest.RowsAffected > 0
if !proxyExists {
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Forward rule doesn't exist",
})
return
}
if err := dbcore.DB.Delete(proxy).Error; err != nil {
log.Warnf("failed to delete proxy: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to delete forward rule",
})
return
}
backend, ok := backendruntime.RunningBackends[proxy.BackendID]
if !ok {
log.Warnf("Couldn't fetch backend runtime from backend ID #%d", proxy.BackendID)
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Couldn't fetch backend runtime",
})
return
}
backend.RuntimeCommands <- &commonbackend.RemoveProxy{
Type: "removeProxy",
SourceIP: proxy.SourceIP,
SourcePort: proxy.SourcePort,
DestPort: proxy.DestinationPort,
Protocol: proxy.Protocol,
}
backendResponse := <-backend.RuntimeCommands
switch responseMessage := backendResponse.(type) {
case error:
log.Warnf("Failed to get response for backend #%d: %s", proxy.BackendID, responseMessage.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to get response from backend. Proxy was still successfully deleted",
})
return
case *commonbackend.ProxyStatusResponse:
if responseMessage.IsActive {
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to stop proxy. Proxy was still successfully deleted",
"error": "Failed to find if forward rule exists",
})
return
}
default:
log.Errorf("Got illegal response type for backend #%d: %T", proxy.BackendID, responseMessage)
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Got invalid response from backend. Proxy was still successfully deleted",
proxyExists := proxyRequest.RowsAffected > 0
if !proxyExists {
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Forward rule doesn't exist",
})
return
}
if err := state.DB.DB.Delete(proxy).Error; err != nil {
log.Warnf("failed to delete proxy: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to delete forward rule",
})
return
}
backend, ok := backendruntime.RunningBackends[proxy.BackendID]
if !ok {
log.Warnf("Couldn't fetch backend runtime from backend ID #%d", proxy.BackendID)
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Couldn't fetch backend runtime",
})
return
}
backendResponse, err := backend.ProcessCommand(&commonbackend.RemoveProxy{
SourceIP: proxy.SourceIP,
SourcePort: proxy.SourcePort,
DestPort: proxy.DestinationPort,
Protocol: proxy.Protocol,
})
return
}
if err != nil {
log.Warnf("Failed to get response for backend #%d: %s", proxy.BackendID, err.Error())
c.JSON(http.StatusOK, gin.H{
"success": true,
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to get response from backend. Proxy was still successfully deleted",
})
return
}
switch responseMessage := backendResponse.(type) {
case *commonbackend.ProxyStatusResponse:
if responseMessage.IsActive {
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to stop proxy. Proxy was still successfully deleted",
})
} else {
c.JSON(http.StatusOK, gin.H{
"success": true,
})
}
default:
log.Errorf("Got illegal response type for backend #%d: %T", proxy.BackendID, responseMessage)
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Got invalid response from backend. Proxy was still successfully deleted",
})
}
})
}

217
backend/api/controllers/v1/proxies/start.go
View file

@ -4,14 +4,13 @@ import (
"fmt"
"net/http"
"git.terah.dev/imterah/hermes/api/backendruntime"
"git.terah.dev/imterah/hermes/api/dbcore"
"git.terah.dev/imterah/hermes/api/jwtcore"
"git.terah.dev/imterah/hermes/api/permissions"
"git.terah.dev/imterah/hermes/commonbackend"
"git.terah.dev/imterah/hermes/backend/api/backendruntime"
"git.terah.dev/imterah/hermes/backend/api/db"
"git.terah.dev/imterah/hermes/backend/api/permissions"
"git.terah.dev/imterah/hermes/backend/api/state"
"git.terah.dev/imterah/hermes/backend/commonbackend"
"github.com/charmbracelet/log"
"github.com/gin-gonic/gin"
"github.com/go-playground/validator/v10"
)
type ProxyStartRequest struct {
@ -19,127 +18,119 @@ type ProxyStartRequest struct {
ID uint `validate:"required" json:"id"`
}
func StartProxy(c *gin.Context) {
var req ProxyStartRequest
func SetupStartProxy(state *state.State) {
state.Engine.POST("/api/v1/forward/start", func(c *gin.Context) {
var req ProxyStartRequest
if err := c.BindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to parse body: %s", err.Error()),
})
if err := c.BindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to parse body: %s", err.Error()),
})
return
}
return
}
if err := validator.New().Struct(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to validate body: %s", err.Error()),
})
if err := state.Validator.Struct(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to validate body: %s", err.Error()),
})
return
}
return
}
user, err := jwtcore.GetUserFromJWT(req.Token)
if err != nil {
if err.Error() == "token is expired" || err.Error() == "user does not exist" {
user, err := state.JWT.GetUserFromJWT(req.Token)
if err != nil {
if err.Error() == "token is expired" || err.Error() == "user does not exist" {
c.JSON(http.StatusForbidden, gin.H{
"error": err.Error(),
})
return
} else {
log.Warnf("Failed to get user from the provided JWT token: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to parse token",
})
return
}
}
if !permissions.UserHasPermission(user, "routes.start") {
c.JSON(http.StatusForbidden, gin.H{
"error": err.Error(),
})
return
} else {
log.Warnf("Failed to get user from the provided JWT token: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to parse token",
})
return
}
}
if !permissions.UserHasPermission(user, "routes.start") {
c.JSON(http.StatusForbidden, gin.H{
"error": "Missing permissions",
})
return
}
var proxy *dbcore.Proxy
proxyRequest := dbcore.DB.Where("id = ?", req.ID).Find(&proxy)
if proxyRequest.Error != nil {
log.Warnf("failed to find if proxy exists or not: %s", proxyRequest.Error)
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to find if forward rule exists",
})
return
}
proxyExists := proxyRequest.RowsAffected > 0
if !proxyExists {
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Forward rule doesn't exist",
})
return
}
backend, ok := backendruntime.RunningBackends[proxy.BackendID]
if !ok {
log.Warnf("Couldn't fetch backend runtime from backend ID #%d", proxy.BackendID)
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Couldn't fetch backend runtime",
})
return
}
backend.RuntimeCommands <- &commonbackend.AddProxy{
Type: "addProxy",
SourceIP: proxy.SourceIP,
SourcePort: proxy.SourcePort,
DestPort: proxy.DestinationPort,
Protocol: proxy.Protocol,
}
backendResponse := <-backend.RuntimeCommands
switch responseMessage := backendResponse.(type) {
case error:
log.Warnf("Failed to get response for backend #%d: %s", proxy.BackendID, responseMessage.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "failed to get response from backend",
})
return
case *commonbackend.ProxyStatusResponse:
if !responseMessage.IsActive {
c.JSON(http.StatusInternalServerError, gin.H{
"error": "failed to start proxy",
"error": "Missing permissions",
})
return
}
break
default:
log.Errorf("Got illegal response type for backend #%d: %T", proxy.BackendID, responseMessage)
var proxy *db.Proxy
proxyRequest := state.DB.DB.Where("id = ?", req.ID).Find(&proxy)
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Got invalid response from backend. Proxy was still successfully deleted",
if proxyRequest.Error != nil {
log.Warnf("failed to find if proxy exists or not: %s", proxyRequest.Error.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to find if forward rule exists",
})
return
}
proxyExists := proxyRequest.RowsAffected > 0
if !proxyExists {
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Forward rule doesn't exist",
})
return
}
backend, ok := backendruntime.RunningBackends[proxy.BackendID]
if !ok {
log.Warnf("Couldn't fetch backend runtime from backend ID #%d", proxy.BackendID)
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Couldn't fetch backend runtime",
})
return
}
backendResponse, err := backend.ProcessCommand(&commonbackend.AddProxy{
SourceIP: proxy.SourceIP,
SourcePort: proxy.SourcePort,
DestPort: proxy.DestinationPort,
Protocol: proxy.Protocol,
})
return
}
switch responseMessage := backendResponse.(type) {
case error:
log.Warnf("Failed to get response for backend #%d: %s", proxy.BackendID, responseMessage.Error())
c.JSON(http.StatusOK, gin.H{
"success": true,
c.JSON(http.StatusInternalServerError, gin.H{
"error": "failed to get response from backend",
})
case *commonbackend.ProxyStatusResponse:
if !responseMessage.IsActive {
c.JSON(http.StatusInternalServerError, gin.H{
"error": "failed to start proxy",
})
} else {
c.JSON(http.StatusOK, gin.H{
"success": true,
})
}
default:
log.Errorf("Got illegal response type for backend #%d: %T", proxy.BackendID, responseMessage)
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Got invalid response from backend. Proxy was likely still successfully started",
})
}
})
}

201
backend/api/controllers/v1/proxies/stop.go
View file

@ -4,14 +4,13 @@ import (
"fmt"
"net/http"
"git.terah.dev/imterah/hermes/api/backendruntime"
"git.terah.dev/imterah/hermes/api/dbcore"
"git.terah.dev/imterah/hermes/api/jwtcore"
"git.terah.dev/imterah/hermes/api/permissions"
"git.terah.dev/imterah/hermes/commonbackend"
"git.terah.dev/imterah/hermes/backend/api/backendruntime"
"git.terah.dev/imterah/hermes/backend/api/db"
"git.terah.dev/imterah/hermes/backend/api/permissions"
"git.terah.dev/imterah/hermes/backend/api/state"
"git.terah.dev/imterah/hermes/backend/commonbackend"
"github.com/charmbracelet/log"
"github.com/gin-gonic/gin"
"github.com/go-playground/validator/v10"
)
type ProxyStopRequest struct {
@ -19,125 +18,119 @@ type ProxyStopRequest struct {
ID uint `validate:"required" json:"id"`
}
func StopProxy(c *gin.Context) {
var req ProxyStopRequest
func SetupStopProxy(state *state.State) {
state.Engine.POST("/api/v1/forward/stop", func(c *gin.Context) {
var req ProxyStartRequest
if err := c.BindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to parse body: %s", err.Error()),
})
if err := c.BindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to parse body: %s", err.Error()),
})
return
}
return
}
if err := validator.New().Struct(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to validate body: %s", err.Error()),
})
if err := state.Validator.Struct(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to validate body: %s", err.Error()),
})
return
}
return
}
user, err := jwtcore.GetUserFromJWT(req.Token)
if err != nil {
if err.Error() == "token is expired" || err.Error() == "user does not exist" {
user, err := state.JWT.GetUserFromJWT(req.Token)
if err != nil {
if err.Error() == "token is expired" || err.Error() == "user does not exist" {
c.JSON(http.StatusForbidden, gin.H{
"error": err.Error(),
})
return
} else {
log.Warnf("Failed to get user from the provided JWT token: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to parse token",
})
return
}
}
if !permissions.UserHasPermission(user, "routes.stop") {
c.JSON(http.StatusForbidden, gin.H{
"error": err.Error(),
})
return
} else {
log.Warnf("Failed to get user from the provided JWT token: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to parse token",
"error": "Missing permissions",
})
return
}
}
if !permissions.UserHasPermission(user, "routes.stop") {
c.JSON(http.StatusForbidden, gin.H{
"error": "Missing permissions",
})
var proxy *db.Proxy
proxyRequest := state.DB.DB.Where("id = ?", req.ID).Find(&proxy)
return
}
if proxyRequest.Error != nil {
log.Warnf("failed to find if proxy exists or not: %s", proxyRequest.Error.Error())
var proxy *dbcore.Proxy
proxyRequest := dbcore.DB.Where("id = ?", req.ID).Find(&proxy)
if proxyRequest.Error != nil {
log.Warnf("failed to find if proxy exists or not: %s", proxyRequest.Error)
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to find if forward rule exists",
})
return
}
proxyExists := proxyRequest.RowsAffected > 0
if !proxyExists {
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Forward rule doesn't exist",
})
return
}
backend, ok := backendruntime.RunningBackends[proxy.BackendID]
if !ok {
log.Warnf("Couldn't fetch backend runtime from backend ID #%d", proxy.BackendID)
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Couldn't fetch backend runtime",
})
return
}
backend.RuntimeCommands <- &commonbackend.RemoveProxy{
Type: "removeProxy",
SourceIP: proxy.SourceIP,
SourcePort: proxy.SourcePort,
DestPort: proxy.DestinationPort,
Protocol: proxy.Protocol,
}
backendResponse := <-backend.RuntimeCommands
switch responseMessage := backendResponse.(type) {
case error:
log.Warnf("Failed to get response for backend #%d: %s", proxy.BackendID, responseMessage.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "failed to get response from backend",
})
return
case *commonbackend.ProxyStatusResponse:
if responseMessage.IsActive {
c.JSON(http.StatusInternalServerError, gin.H{
"error": "failed to stop proxy",
"error": "Failed to find if forward rule exists",
})
return
}
default:
log.Errorf("Got illegal response type for backend #%d: %T", proxy.BackendID, responseMessage)
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Got invalid response from backend. Proxy was still successfully deleted",
proxyExists := proxyRequest.RowsAffected > 0
if !proxyExists {
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Forward rule doesn't exist",
})
return
}
backend, ok := backendruntime.RunningBackends[proxy.BackendID]
if !ok {
log.Warnf("Couldn't fetch backend runtime from backend ID #%d", proxy.BackendID)
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Couldn't fetch backend runtime",
})
return
}
backendResponse, err := backend.ProcessCommand(&commonbackend.RemoveProxy{
SourceIP: proxy.SourceIP,
SourcePort: proxy.SourcePort,
DestPort: proxy.DestinationPort,
Protocol: proxy.Protocol,
})
return
}
switch responseMessage := backendResponse.(type) {
case error:
log.Warnf("Failed to get response for backend #%d: %s", proxy.BackendID, responseMessage.Error())
c.JSON(http.StatusOK, gin.H{
"success": true,
c.JSON(http.StatusInternalServerError, gin.H{
"error": "failed to get response from backend",
})
case *commonbackend.ProxyStatusResponse:
if responseMessage.IsActive {
c.JSON(http.StatusInternalServerError, gin.H{
"error": "failed to stop proxy",
})
} else {
c.JSON(http.StatusOK, gin.H{
"success": true,
})
}
default:
log.Errorf("Got illegal response type for backend #%d: %T", proxy.BackendID, responseMessage)
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Got invalid response from backend. Proxy was likely still successfully stopped",
})
}
})
}

253
backend/api/controllers/v1/users/create.go
View file

@ -7,11 +7,9 @@ import (
"net/http"
"strings"
"github.com/go-playground/validator/v10"
"git.terah.dev/imterah/hermes/api/dbcore"
"git.terah.dev/imterah/hermes/api/jwtcore"
permissionHelper "git.terah.dev/imterah/hermes/api/permissions"
"git.terah.dev/imterah/hermes/backend/api/db"
permissionHelper "git.terah.dev/imterah/hermes/backend/api/permissions"
"git.terah.dev/imterah/hermes/backend/api/state"
"github.com/charmbracelet/log"
"github.com/gin-gonic/gin"
"golang.org/x/crypto/bcrypt"
@ -22,142 +20,141 @@ type UserCreationRequest struct {
Email string `validate:"required"`
Password string `validate:"required"`
Username string `validate:"required"`
// TODO: implement support
ExistingUserToken string `json:"token"`
IsBot bool
IsBot bool
}
func CreateUser(c *gin.Context) {
if !signupEnabled && !unsafeSignup {
c.JSON(http.StatusForbidden, gin.H{
"error": "Signing up is not enabled at this time.",
})
func SetupCreateUser(state *state.State) {
state.Engine.POST("/api/v1/users/create", func(c *gin.Context) {
if !signupEnabled && !unsafeSignup {
c.JSON(http.StatusForbidden, gin.H{
"error": "Signing up is not enabled at this time.",
})
return
}
var req UserCreationRequest
if err := c.BindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to parse body: %s", err.Error()),
})
return
}
if err := validator.New().Struct(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to validate body: %s", err.Error()),
})
return
}
var user *dbcore.User
userRequest := dbcore.DB.Where("email = ? OR username = ?", req.Email, req.Username).Find(&user)
if userRequest.Error != nil {
log.Warnf("failed to find if user exists or not: %s", userRequest.Error)
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to find if user exists",
})
return
}
userExists := userRequest.RowsAffected > 0
if userExists {
c.JSON(http.StatusBadRequest, gin.H{
"error": "User already exists",
})
return
}
passwordHashed, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost)
if err != nil {
log.Warnf("Failed to generate password for client upon signup: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to generate password hash",
})
return
}
permissions := []dbcore.Permission{}
for _, permission := range permissionHelper.DefaultPermissionNodes {
permissionEnabledState := false
if unsafeSignup || strings.HasPrefix(permission, "routes.") || permission == "permissions.see" {
permissionEnabledState = true
return
}
permissions = append(permissions, dbcore.Permission{
PermissionNode: permission,
HasPermission: permissionEnabledState,
})
}
var req UserCreationRequest
tokenRandomData := make([]byte, 80)
if err := c.BindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to parse body: %s", err.Error()),
})
if _, err := rand.Read(tokenRandomData); err != nil {
log.Warnf("Failed to read random data to use as token: %s", err.Error())
return
}
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to generate refresh token",
})
if err := state.Validator.Struct(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to validate body: %s", err.Error()),
})
return
}
return
}
user = &dbcore.User{
Email: req.Email,
Username: req.Username,
Name: req.Name,
IsBot: &req.IsBot,
Password: base64.StdEncoding.EncodeToString(passwordHashed),
Permissions: permissions,
Tokens: []dbcore.Token{
{
Token: base64.StdEncoding.EncodeToString(tokenRandomData),
DisableExpiry: forceNoExpiryTokens,
CreationIPAddr: c.ClientIP(),
var user *db.User
userRequest := state.DB.DB.Where("email = ? OR username = ?", req.Email, req.Username).Find(&user)
if userRequest.Error != nil {
log.Warnf("failed to find if user exists or not: %s", userRequest.Error.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to find if user exists",
})
return
}
userExists := userRequest.RowsAffected > 0
if userExists {
c.JSON(http.StatusBadRequest, gin.H{
"error": "User already exists",
})
return
}
passwordHashed, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost)
if err != nil {
log.Warnf("Failed to generate password for client upon signup: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to generate password hash",
})
return
}
permissions := []db.Permission{}
for _, permission := range permissionHelper.DefaultPermissionNodes {
permissionEnabledState := false
if unsafeSignup || strings.HasPrefix(permission, "routes.") || permission == "permissions.see" {
permissionEnabledState = true
}
permissions = append(permissions, db.Permission{
PermissionNode: permission,
HasPermission: permissionEnabledState,
})
}
tokenRandomData := make([]byte, 80)
if _, err := rand.Read(tokenRandomData); err != nil {
log.Warnf("Failed to read random data to use as token: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to generate refresh token",
})
return
}
user = &db.User{
Email: req.Email,
Username: req.Username,
Name: req.Name,
IsBot: &req.IsBot,
Password: base64.StdEncoding.EncodeToString(passwordHashed),
Permissions: permissions,
Tokens: []db.Token{
{
Token: base64.StdEncoding.EncodeToString(tokenRandomData),
DisableExpiry: forceNoExpiryTokens,
CreationIPAddr: c.ClientIP(),
},
},
},
}
}
if result := dbcore.DB.Create(&user); result.Error != nil {
log.Warnf("Failed to create user: %s", result.Error.Error())
if result := state.DB.DB.Create(&user); result.Error != nil {
log.Warnf("Failed to create user: %s", result.Error.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to add user into database",
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to add user into database",
})
return
}
jwt, err := state.JWT.Generate(user.ID)
if err != nil {
log.Warnf("Failed to generate JWT: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to generate refresh token",
})
return
}
c.JSON(http.StatusOK, gin.H{
"success": true,
"token": jwt,
"refreshToken": base64.StdEncoding.EncodeToString(tokenRandomData),
})
return
}
jwt, err := jwtcore.Generate(user.ID)
if err != nil {
log.Warnf("Failed to generate JWT: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to generate refresh token",
})
return
}
c.JSON(http.StatusOK, gin.H{
"success": true,
"token": jwt,
"refreshToken": base64.StdEncoding.EncodeToString(tokenRandomData),
})
}

267
backend/api/controllers/v1/users/login.go
View file

@ -6,11 +6,10 @@ import (
"fmt"
"net/http"
"git.terah.dev/imterah/hermes/api/dbcore"
"git.terah.dev/imterah/hermes/api/jwtcore"
"git.terah.dev/imterah/hermes/backend/api/db"
"git.terah.dev/imterah/hermes/backend/api/state"
"github.com/charmbracelet/log"
"github.com/gin-gonic/gin"
"github.com/go-playground/validator/v10"
"golang.org/x/crypto/bcrypt"
)
@ -21,137 +20,139 @@ type UserLoginRequest struct {
Password string `validate:"required"`
}
func LoginUser(c *gin.Context) {
var req UserLoginRequest
func SetupLoginUser(state *state.State) {
state.Engine.POST("/api/v1/users/login", func(c *gin.Context) {
var req UserLoginRequest
if err := c.BindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to parse body: %s", err.Error()),
if err := c.BindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to parse body: %s", err.Error()),
})
return
}
if err := state.Validator.Struct(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to validate body: %s", err.Error()),
})
return
}
if req.Email == nil && req.Username == nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": "Missing both email and username in body",
})
return
}
userFindRequestArguments := make([]interface{}, 1)
userFindRequest := ""
if req.Email != nil {
userFindRequestArguments[0] = &req.Email
userFindRequest += "email = ?"
}
if req.Username != nil {
userFindRequestArguments[0] = &req.Username
userFindRequest += "username = ?"
}
var user *db.User
userRequest := state.DB.DB.Where(userFindRequest, userFindRequestArguments...).Find(&user)
if userRequest.Error != nil {
log.Warnf("failed to find if user exists or not: %s", userRequest.Error.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to find if user exists",
})
return
}
userExists := userRequest.RowsAffected > 0
if !userExists {
c.JSON(http.StatusBadRequest, gin.H{
"error": "User not found",
})
return
}
decodedPassword := make([]byte, base64.StdEncoding.DecodedLen(len(user.Password)))
_, err := base64.StdEncoding.Decode(decodedPassword, []byte(user.Password))
if err != nil {
log.Warnf("failed to decode password in database: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to parse database result for password",
})
return
}
err = bcrypt.CompareHashAndPassword(decodedPassword, []byte(req.Password))
if err != nil {
c.JSON(http.StatusForbidden, gin.H{
"error": "Invalid password",
})
return
}
tokenRandomData := make([]byte, 80)
if _, err := rand.Read(tokenRandomData); err != nil {
log.Warnf("Failed to read random data to use as token: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to generate refresh token",
})
return
}
token := &db.Token{
UserID: user.ID,
Token: base64.StdEncoding.EncodeToString(tokenRandomData),
DisableExpiry: forceNoExpiryTokens,
CreationIPAddr: c.ClientIP(),
}
if result := state.DB.DB.Create(&token); result.Error != nil {
log.Warnf("Failed to create user: %s", result.Error.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to add refresh token into database",
})
return
}
jwt, err := state.JWT.Generate(user.ID)
if err != nil {
log.Warnf("Failed to generate JWT: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to generate refresh token",
})
return
}
c.JSON(http.StatusOK, gin.H{
"success": true,
"token": jwt,
"refreshToken": base64.StdEncoding.EncodeToString(tokenRandomData),
})
return
}
if err := validator.New().Struct(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to validate body: %s", err.Error()),
})
return
}
if req.Email == nil && req.Username == nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": "Missing both email and username in body",
})
return
}
userFindRequestArguments := make([]interface{}, 1)
userFindRequest := ""
if req.Email != nil {
userFindRequestArguments[0] = &req.Email
userFindRequest += "email = ?"
}
if req.Username != nil {
userFindRequestArguments[0] = &req.Username
userFindRequest += "username = ?"
}
var user *dbcore.User
userRequest := dbcore.DB.Where(userFindRequest, userFindRequestArguments...).Find(&user)
if userRequest.Error != nil {
log.Warnf("failed to find if user exists or not: %s", userRequest.Error)
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to find if user exists",
})
return
}
userExists := userRequest.RowsAffected > 0
if !userExists {
c.JSON(http.StatusBadRequest, gin.H{
"error": "User not found",
})
return
}
decodedPassword := make([]byte, base64.StdEncoding.DecodedLen(len(user.Password)))
_, err := base64.StdEncoding.Decode(decodedPassword, []byte(user.Password))
if err != nil {
log.Warnf("failed to decode password in database: %s", userRequest.Error)
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to parse database result for password",
})
return
}
err = bcrypt.CompareHashAndPassword(decodedPassword, []byte(req.Password))
if err != nil {
c.JSON(http.StatusForbidden, gin.H{
"error": "Invalid password",
})
return
}
tokenRandomData := make([]byte, 80)
if _, err := rand.Read(tokenRandomData); err != nil {
log.Warnf("Failed to read random data to use as token: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to generate refresh token",
})
return
}
token := &dbcore.Token{
UserID: user.ID,
Token: base64.StdEncoding.EncodeToString(tokenRandomData),
DisableExpiry: forceNoExpiryTokens,
CreationIPAddr: c.ClientIP(),
}
if result := dbcore.DB.Create(&token); result.Error != nil {
log.Warnf("Failed to create user: %s", result.Error.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to add refresh token into database",
})
return
}
jwt, err := jwtcore.Generate(user.ID)
if err != nil {
log.Warnf("Failed to generate JWT: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to generate refresh token",
})
return
}
c.JSON(http.StatusOK, gin.H{
"success": true,
"token": jwt,
"refreshToken": base64.StdEncoding.EncodeToString(tokenRandomData),
})
}

171
backend/api/controllers/v1/users/lookup.go
View file

@ -5,12 +5,11 @@ import (
"net/http"
"strings"
"git.terah.dev/imterah/hermes/api/dbcore"
"git.terah.dev/imterah/hermes/api/jwtcore"
"git.terah.dev/imterah/hermes/api/permissions"
"git.terah.dev/imterah/hermes/backend/api/db"
"git.terah.dev/imterah/hermes/backend/api/permissions"
"git.terah.dev/imterah/hermes/backend/api/state"
"github.com/charmbracelet/log"
"github.com/gin-gonic/gin"
"github.com/go-playground/validator/v10"
)
type UserLookupRequest struct {
@ -35,102 +34,104 @@ type LookupResponse struct {
Data []*SanitizedUsers `json:"data"`
}
func LookupUser(c *gin.Context) {
var req UserLookupRequest
func SetupLookupUser(state *state.State) {
state.Engine.POST("/api/v1/users/lookup", func(c *gin.Context) {
var req UserLookupRequest
if err := c.BindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to parse body: %s", err.Error()),
})
return
}
if err := validator.New().Struct(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to validate body: %s", err.Error()),
})
return
}
user, err := jwtcore.GetUserFromJWT(req.Token)
if err != nil {
if err.Error() == "token is expired" || err.Error() == "user does not exist" {
c.JSON(http.StatusForbidden, gin.H{
"error": err.Error(),
if err := c.BindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to parse body: %s", err.Error()),
})
return
} else {
log.Warnf("Failed to get user from the provided JWT token: %s", err.Error())
}
if err := state.Validator.Struct(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to validate body: %s", err.Error()),
})
return
}
user, err := state.JWT.GetUserFromJWT(req.Token)
if err != nil {
if err.Error() == "token is expired" || err.Error() == "user does not exist" {
c.JSON(http.StatusForbidden, gin.H{
"error": err.Error(),
})
return
} else {
log.Warnf("Failed to get user from the provided JWT token: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to parse token",
})
return
}
}
users := []db.User{}
queryString := []string{}
queryParameters := []interface{}{}
if !permissions.UserHasPermission(user, "users.lookup") {
queryString = append(queryString, "id = ?")
queryParameters = append(queryParameters, user.ID)
} else if permissions.UserHasPermission(user, "users.lookup") && req.UID != nil {
queryString = append(queryString, "id = ?")
queryParameters = append(queryParameters, req.UID)
}
if req.Name != nil {
queryString = append(queryString, "name = ?")
queryParameters = append(queryParameters, req.Name)
}
if req.Email != nil {
queryString = append(queryString, "email = ?")
queryParameters = append(queryParameters, req.Email)
}
if req.IsBot != nil {
queryString = append(queryString, "is_bot = ?")
queryParameters = append(queryParameters, req.IsBot)
}
if err := state.DB.DB.Where(strings.Join(queryString, " AND "), queryParameters...).Find(&users).Error; err != nil {
log.Warnf("Failed to get users: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to parse token",
"error": "Failed to get users",
})
return
}
}
users := []dbcore.User{}
queryString := []string{}
queryParameters := []interface{}{}
sanitizedUsers := make([]*SanitizedUsers, len(users))
if !permissions.UserHasPermission(user, "users.lookup") {
queryString = append(queryString, "id = ?")
queryParameters = append(queryParameters, user.ID)
} else if permissions.UserHasPermission(user, "users.lookup") && req.UID != nil {
queryString = append(queryString, "id = ?")
queryParameters = append(queryParameters, req.UID)
}
for userIndex, user := range users {
isBot := false
if req.Name != nil {
queryString = append(queryString, "name = ?")
queryParameters = append(queryParameters, req.Name)
}
if user.IsBot != nil {
isBot = *user.IsBot
}
if req.Email != nil {
queryString = append(queryString, "email = ?")
queryParameters = append(queryParameters, req.Email)
}
sanitizedUsers[userIndex] = &SanitizedUsers{
UID: user.ID,
Name: user.Name,
Email: user.Email,
Username: user.Username,
IsBot: isBot,
}
}
if req.IsBot != nil {
queryString = append(queryString, "is_bot = ?")
queryParameters = append(queryParameters, req.IsBot)
}
if err := dbcore.DB.Where(strings.Join(queryString, " AND "), queryParameters...).Find(&users).Error; err != nil {
log.Warnf("Failed to get users: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to get users",
c.JSON(http.StatusOK, &LookupResponse{
Success: true,
Data: sanitizedUsers,
})
return
}
sanitizedUsers := make([]*SanitizedUsers, len(users))
for userIndex, user := range users {
isBot := false
if user.IsBot != nil {
isBot = *user.IsBot
}
sanitizedUsers[userIndex] = &SanitizedUsers{
UID: user.ID,
Name: user.Name,
Email: user.Email,
Username: user.Username,
IsBot: isBot,
}
}
c.JSON(http.StatusOK, &LookupResponse{
Success: true,
Data: sanitizedUsers,
})
}

185
backend/api/controllers/v1/users/refresh.go
View file

@ -5,113 +5,114 @@ import (
"net/http"
"time"
"git.terah.dev/imterah/hermes/api/dbcore"
"git.terah.dev/imterah/hermes/api/jwtcore"
"git.terah.dev/imterah/hermes/backend/api/db"
"git.terah.dev/imterah/hermes/backend/api/state"
"github.com/charmbracelet/log"
"github.com/gin-gonic/gin"
"github.com/go-playground/validator/v10"
)
type UserRefreshRequest struct {
Token string `validate:"required"`
}
func RefreshUserToken(c *gin.Context) {
var req UserRefreshRequest
func SetupRefreshUserToken(state *state.State) {
state.Engine.POST("/api/v1/users/refresh", func(c *gin.Context) {
var req UserRefreshRequest
if err := c.BindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to parse body: %s", err.Error()),
})
if err := c.BindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to parse body: %s", err.Error()),
})
return
}
if err := validator.New().Struct(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to validate body: %s", err.Error()),
})
return
}
var tokenInDatabase *dbcore.Token
tokenRequest := dbcore.DB.Where("token = ?", req.Token).Find(&tokenInDatabase)
if tokenRequest.Error != nil {
log.Warnf("failed to find if token exists or not: %s", tokenRequest.Error)
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to find if token exists",
})
return
}
tokenExists := tokenRequest.RowsAffected > 0
if !tokenExists {
c.JSON(http.StatusBadRequest, gin.H{
"error": "Token not found",
})
return
}
// First, we check to make sure that the key expiry is disabled before checking if the key is expired.
// Then, we check if the IP addresses differ, or if it has been 7 days since the token has been created.
if !tokenInDatabase.DisableExpiry && (c.ClientIP() != tokenInDatabase.CreationIPAddr || time.Now().Before(tokenInDatabase.CreatedAt.Add((24*7)*time.Hour))) {
c.JSON(http.StatusForbidden, gin.H{
"error": "Token has expired",
})
tx := dbcore.DB.Delete(tokenInDatabase)
if tx.Error != nil {
log.Warnf("Failed to delete expired token from database: %s", tx.Error.Error())
return
}
return
}
if err := state.Validator.Struct(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to validate body: %s", err.Error()),
})
// Get the user to check if the user exists before doing anything
var user *dbcore.User
userRequest := dbcore.DB.Where("id = ?", tokenInDatabase.UserID).Find(&user)
return
}
if tokenRequest.Error != nil {
log.Warnf("failed to find if token user or not: %s", userRequest.Error)
var tokenInDatabase *db.Token
tokenRequest := state.DB.DB.Where("token = ?", req.Token).Find(&tokenInDatabase)
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to find user",
if tokenRequest.Error != nil {
log.Warnf("failed to find if token exists or not: %s", tokenRequest.Error.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to find if token exists",
})
return
}
tokenExists := tokenRequest.RowsAffected > 0
if !tokenExists {
c.JSON(http.StatusBadRequest, gin.H{
"error": "Token not found",
})
return
}
// First, we check to make sure that the key expiry is disabled before checking if the key is expired.
// Then, we check if the IP addresses differ, or if it has been 7 days since the token has been created.
if !tokenInDatabase.DisableExpiry && (c.ClientIP() != tokenInDatabase.CreationIPAddr || time.Now().Before(tokenInDatabase.CreatedAt.Add((24*7)*time.Hour))) {
c.JSON(http.StatusForbidden, gin.H{
"error": "Token has expired",
})
tx := state.DB.DB.Delete(tokenInDatabase)
if tx.Error != nil {
log.Warnf("Failed to delete expired token from database: %s", tx.Error.Error())
}
return
}
// Get the user to check if the user exists before doing anything
var user *db.User
userRequest := state.DB.DB.Where("id = ?", tokenInDatabase.UserID).Find(&user)
if tokenRequest.Error != nil {
log.Warnf("failed to find if token user or not: %s", userRequest.Error.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to find user",
})
return
}
userExists := userRequest.RowsAffected > 0
if !userExists {
c.JSON(http.StatusInternalServerError, gin.H{
"error": "User not found",
})
return
}
jwt, err := state.JWT.Generate(user.ID)
if err != nil {
log.Warnf("Failed to generate JWT: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to generate refresh token",
})
return
}
c.JSON(http.StatusOK, gin.H{
"success": true,
"token": jwt,
})
return
}
userExists := userRequest.RowsAffected > 0
if !userExists {
c.JSON(http.StatusInternalServerError, gin.H{
"error": "User not found",
})
return
}
jwt, err := jwtcore.Generate(user.ID)
if err != nil {
log.Warnf("Failed to generate JWT: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to generate refresh token",
})
return
}
c.JSON(http.StatusOK, gin.H{
"success": true,
"token": jwt,
})
}

161
backend/api/controllers/v1/users/remove.go
View file

@ -4,12 +4,11 @@ import (
"fmt"
"net/http"
"git.terah.dev/imterah/hermes/api/dbcore"
"git.terah.dev/imterah/hermes/api/jwtcore"
"git.terah.dev/imterah/hermes/api/permissions"
"git.terah.dev/imterah/hermes/backend/api/db"
"git.terah.dev/imterah/hermes/backend/api/permissions"
"git.terah.dev/imterah/hermes/backend/api/state"
"github.com/charmbracelet/log"
"github.com/gin-gonic/gin"
"github.com/go-playground/validator/v10"
)
type UserRemovalRequest struct {
@ -17,89 +16,91 @@ type UserRemovalRequest struct {
UID *uint `json:"uid"`
}
func RemoveUser(c *gin.Context) {
var req UserRemovalRequest
func SetupRemoveUser(state *state.State) {
state.Engine.POST("/api/v1/users/remove", func(c *gin.Context) {
var req UserRemovalRequest
if err := c.BindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to parse body: %s", err.Error()),
})
return
}
if err := validator.New().Struct(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to validate body: %s", err.Error()),
})
return
}
user, err := jwtcore.GetUserFromJWT(req.Token)
if err != nil {
if err.Error() == "token is expired" || err.Error() == "user does not exist" {
c.JSON(http.StatusForbidden, gin.H{
"error": err.Error(),
})
return
} else {
log.Warnf("Failed to get user from the provided JWT token: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to parse token",
})
return
}
}
uid := user.ID
if req.UID != nil {
uid = *req.UID
if uid != user.ID && !permissions.UserHasPermission(user, "users.remove") {
c.JSON(http.StatusForbidden, gin.H{
"error": "Missing permissions",
})
return
}
}
// Make sure the user exists first if we have a custom UserID
if uid != user.ID {
var customUser *dbcore.User
userRequest := dbcore.DB.Where("id = ?", uid).Find(customUser)
if userRequest.Error != nil {
log.Warnf("failed to find if user exists or not: %s", userRequest.Error)
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to find if user exists",
})
return
}
userExists := userRequest.RowsAffected > 0
if !userExists {
if err := c.BindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": "User doesn't exist",
"error": fmt.Sprintf("Failed to parse body: %s", err.Error()),
})
return
}
}
dbcore.DB.Select("Tokens", "Permissions", "Proxys", "Backends").Where("id = ?", uid).Delete(user)
if err := state.Validator.Struct(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": fmt.Sprintf("Failed to validate body: %s", err.Error()),
})
c.JSON(http.StatusOK, gin.H{
"success": true,
return
}
user, err := state.JWT.GetUserFromJWT(req.Token)
if err != nil {
if err.Error() == "token is expired" || err.Error() == "user does not exist" {
c.JSON(http.StatusForbidden, gin.H{
"error": err.Error(),
})
return
} else {
log.Warnf("Failed to get user from the provided JWT token: %s", err.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to parse token",
})
return
}
}
uid := user.ID
if req.UID != nil {
uid = *req.UID
if uid != user.ID && !permissions.UserHasPermission(user, "users.remove") {
c.JSON(http.StatusForbidden, gin.H{
"error": "Missing permissions",
})
return
}
}
// Make sure the user exists first if we have a custom UserID
if uid != user.ID {
var customUser *db.User
userRequest := state.DB.DB.Where("id = ?", uid).Find(customUser)
if userRequest.Error != nil {
log.Warnf("failed to find if user exists or not: %s", userRequest.Error.Error())
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to find if user exists",
})
return
}
userExists := userRequest.RowsAffected > 0
if !userExists {
c.JSON(http.StatusBadRequest, gin.H{
"error": "User doesn't exist",
})
return
}
}
state.DB.DB.Select("Tokens", "Permissions", "Proxys", "Backends").Where("id = ?", uid).Delete(user)
c.JSON(http.StatusOK, gin.H{
"success": true,
})
})
}

77
backend/api/db/db.go Normal file
View file

@ -0,0 +1,77 @@
package db
import (
"fmt"
"os"
"gorm.io/driver/postgres"
"gorm.io/driver/sqlite"
"gorm.io/gorm"
)
type DB struct {
DB *gorm.DB
}
func New(backend, params string) (*DB, error) {
var err error
dialector, err := initDialector(backend, params)
if err != nil {
return nil, fmt.Errorf("failed to initialize physical database: %s", err)
}
database, err := gorm.Open(dialector)
if err != nil {
return nil, fmt.Errorf("failed to open database: %s", err)
}
return &DB{DB: database}, nil
}
func (db *DB) DoMigrations() error {
if err := db.DB.AutoMigrate(&Proxy{}); err != nil {
return err
}
if err := db.DB.AutoMigrate(&Backend{}); err != nil {
return err
}
if err := db.DB.AutoMigrate(&Permission{}); err != nil {
return err
}
if err := db.DB.AutoMigrate(&Token{}); err != nil {
return err
}
if err := db.DB.AutoMigrate(&User{}); err != nil {
return err
}
return nil
}
func initDialector(backend, params string) (gorm.Dialector, error) {
switch backend {
case "sqlite":
if params == "" {
return nil, fmt.Errorf("sqlite database file not specified")
}
return sqlite.Open(params), nil
case "postgresql":
if params == "" {
return nil, fmt.Errorf("postgres DSN not specified")
}
return postgres.Open(params), nil
case "":
return nil, fmt.Errorf("no database backend specified in environment variables")
default:
return nil, fmt.Errorf("unknown database backend specified: %s", os.Getenv(backend))
}
}

66
backend/api/db/models.go Normal file
View file

@ -0,0 +1,66 @@
package db
import (
"gorm.io/gorm"
)
type Backend struct {
gorm.Model
UserID uint
Name string
Description *string
Backend string
BackendParameters string
Proxies []Proxy
}
type Proxy struct {
gorm.Model
BackendID uint
UserID uint
Name string
Description *string
Protocol string
SourceIP string
SourcePort uint16
DestinationPort uint16
AutoStart bool
}
type Permission struct {
gorm.Model
PermissionNode string
HasPermission bool
UserID uint
}
type Token struct {
gorm.Model
UserID uint
Token string
DisableExpiry bool
CreationIPAddr string
}
type User struct {
gorm.Model
Email string `gorm:"unique"`
Username string `gorm:"unique"`
Name string
Password string
IsBot *bool
Permissions []Permission
OwnedProxies []Proxy
OwnedBackends []Backend
Tokens []Token
}

142
backend/api/dbcore/db.go
View file

@ -1,142 +0,0 @@
package dbcore
import (
"fmt"
"os"
"gorm.io/driver/postgres"
"gorm.io/driver/sqlite"
"gorm.io/gorm"
)
type Backend struct {
gorm.Model
UserID uint
Name string
Description *string
Backend string
BackendParameters string
Proxies []Proxy
}
type Proxy struct {
gorm.Model
BackendID uint
UserID uint
Name string
Description *string
Protocol string
SourceIP string
SourcePort uint16
DestinationPort uint16
AutoStart bool
}
type Permission struct {
gorm.Model
PermissionNode string
HasPermission bool
UserID uint
}
type Token struct {
gorm.Model
UserID uint
Token string
DisableExpiry bool
CreationIPAddr string
}
type User struct {
gorm.Model
Email string `gorm:"unique"`
Username string `gorm:"unique"`
Name string
Password string
IsBot *bool
Permissions []Permission
OwnedProxies []Proxy
OwnedBackends []Backend
Tokens []Token
}
var DB *gorm.DB
func InitializeDatabaseDialector() (gorm.Dialector, error) {
databaseBackend := os.Getenv("HERMES_DATABASE_BACKEND")
switch databaseBackend {
case "sqlite":
filePath := os.Getenv("HERMES_SQLITE_FILEPATH")
if filePath == "" {
return nil, fmt.Errorf("sqlite database file not specified (missing HERMES_SQLITE_FILEPATH)")
}
return sqlite.Open(filePath), nil
case "postgresql":
postgresDSN := os.Getenv("HERMES_POSTGRES_DSN")
if postgresDSN == "" {
return nil, fmt.Errorf("postgres DSN not specified (missing HERMES_POSTGRES_DSN)")
}
return postgres.Open(postgresDSN), nil
case "":
return nil, fmt.Errorf("no database backend specified in environment variables (missing HERMES_DATABASE_BACKEND)")
default:
return nil, fmt.Errorf("unknown database backend specified: %s", os.Getenv(databaseBackend))
}
}
func InitializeDatabase(config *gorm.Config) error {
var err error
dialector, err := InitializeDatabaseDialector()
if err != nil {
return fmt.Errorf("failed to initialize physical database: %s", err)
}
DB, err = gorm.Open(dialector, config)
if err != nil {
return fmt.Errorf("failed to open database: %s", err)
}
return nil
}
func DoDatabaseMigrations(db *gorm.DB) error {
if err := db.AutoMigrate(&Proxy{}); err != nil {
return err
}
if err := db.AutoMigrate(&Backend{}); err != nil {
return err
}
if err := db.AutoMigrate(&Permission{}); err != nil {
return err
}
if err := db.AutoMigrate(&Token{}); err != nil {
return err
}
if err := db.AutoMigrate(&User{}); err != nil {
return err
}
return nil
}

107
backend/api/jwt/jwt.go Normal file
View file

@ -0,0 +1,107 @@
package jwt
import (
"errors"
"fmt"
"strconv"
"time"
"git.terah.dev/imterah/hermes/backend/api/db"
"github.com/golang-jwt/jwt/v5"
)
var (
DevelopmentModeTimings = time.Duration(60*24) * time.Minute
NormalModeTimings = time.Duration(3) * time.Minute
)
type JWTCore struct {
Key []byte
Database *db.DB
TimeMultiplier time.Duration
}
func New(key []byte, database *db.DB, timeMultiplier time.Duration) *JWTCore {
jwtCore := &JWTCore{
Key: key,
Database: database,
TimeMultiplier: timeMultiplier,
}
return jwtCore
}
func (jwtCore *JWTCore) Parse(tokenString string, options ...jwt.ParserOption) (*jwt.Token, error) {
return jwt.Parse(tokenString, jwtCore.jwtKeyCallback, options...)
}
func (jwtCore *JWTCore) GetUserFromJWT(token string) (*db.User, error) {
if jwtCore.Database == nil {
return nil, fmt.Errorf("database is not initialized")
}
parsedJWT, err := jwtCore.Parse(token)
if err != nil {
if errors.Is(err, jwt.ErrTokenExpired) {
return nil, fmt.Errorf("token is expired")
} else {
return nil, err
}
}
audience, err := parsedJWT.Claims.GetAudience()
if err != nil {
return nil, err
}
if len(audience) < 1 {
return nil, fmt.Errorf("audience is too small")
}
uid, err := strconv.Atoi(audience[0])
if err != nil {
return nil, err
}
user := &db.User{}
userRequest := jwtCore.Database.DB.Preload("Permissions").Where("id = ?", uint(uid)).Find(&user)
if userRequest.Error != nil {
return user, fmt.Errorf("failed to find if user exists or not: %s", userRequest.Error.Error())
}
userExists := userRequest.RowsAffected > 0
if !userExists {
return user, fmt.Errorf("user does not exist")
}
return user, nil
}
func (jwtCore *JWTCore) Generate(uid uint) (string, error) {
currentJWTTime := jwt.NewNumericDate(time.Now())
token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.RegisteredClaims{
ExpiresAt: jwt.NewNumericDate(time.Now().Add(jwtCore.TimeMultiplier)),
IssuedAt: currentJWTTime,
NotBefore: currentJWTTime,
// Convert the user ID to a string, and then set it as the audience parameters only value (there's only 1 user per key)
Audience: []string{strconv.Itoa(int(uid))},
})
signedToken, err := token.SignedString(jwtCore.Key)
if err != nil {
return "", err
}
return signedToken, nil
}
func (jwtCore *JWTCore) jwtKeyCallback(*jwt.Token) (any, error) {
return jwtCore.Key, nil
}

117
backend/api/jwtcore/jwt.go
View file

@ -1,117 +0,0 @@
package jwtcore
import (
"encoding/base64"
"errors"
"fmt"
"os"
"strconv"
"time"
"git.terah.dev/imterah/hermes/api/dbcore"
"github.com/golang-jwt/jwt/v5"
)
var (
JWTKey []byte
developmentMode bool
)
func SetupJWT() error {
var err error
jwtDataString := os.Getenv("HERMES_JWT_SECRET")
if jwtDataString == "" {
return fmt.Errorf("JWT secret isn't set (missing HERMES_JWT_SECRET)")
}
if os.Getenv("HERMES_JWT_BASE64_ENCODED") != "" {
JWTKey, err = base64.StdEncoding.DecodeString(jwtDataString)
if err != nil {
return fmt.Errorf("failed to decode base64 JWT: %s", err.Error())
}
} else {
JWTKey = []byte(jwtDataString)
}
if os.Getenv("HERMES_DEVELOPMENT_MODE") != "" {
developmentMode = true
}
return nil
}
func Parse(tokenString string, options ...jwt.ParserOption) (*jwt.Token, error) {
return jwt.Parse(tokenString, JWTKeyCallback, options...)
}
func GetUserFromJWT(token string) (*dbcore.User, error) {
parsedJWT, err := Parse(token)
if err != nil {
if errors.Is(err, jwt.ErrTokenExpired) {
return nil, fmt.Errorf("token is expired")
} else {
return nil, err
}
}
audience, err := parsedJWT.Claims.GetAudience()
if err != nil {
return nil, err
}
if len(audience) < 1 {
return nil, fmt.Errorf("audience is too small")
}
uid, err := strconv.Atoi(audience[0])
if err != nil {
return nil, err
}
user := &dbcore.User{}
userRequest := dbcore.DB.Preload("Permissions").Where("id = ?", uint(uid)).Find(&user)
if userRequest.Error != nil {
return user, fmt.Errorf("failed to find if user exists or not: %s", userRequest.Error)
}
userExists := userRequest.RowsAffected > 0
if !userExists {
return user, fmt.Errorf("user does not exist")
}
return user, nil
}
func Generate(uid uint) (string, error) {
timeMultiplier := 3
if developmentMode {
timeMultiplier = 60 * 24
}
token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.RegisteredClaims{
ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Duration(timeMultiplier) * time.Minute)),
IssuedAt: jwt.NewNumericDate(time.Now()),
NotBefore: jwt.NewNumericDate(time.Now()),
Audience: []string{strconv.Itoa(int(uid))},
})
signedToken, err := token.SignedString(JWTKey)
if err != nil {
return "", err
}
return signedToken, nil
}
func JWTKeyCallback(*jwt.Token) (interface{}, error) {
return JWTKey, nil
}

225
backend/api/main.go
View file

@ -4,25 +4,27 @@ import (
"encoding/base64"
"encoding/json"
"fmt"
"net"
"os"
"path"
"path/filepath"
"strings"
"time"
"git.terah.dev/imterah/hermes/api/backendruntime"
"git.terah.dev/imterah/hermes/api/controllers/v1/backends"
"git.terah.dev/imterah/hermes/api/controllers/v1/proxies"
"git.terah.dev/imterah/hermes/api/controllers/v1/users"
"git.terah.dev/imterah/hermes/api/dbcore"
"git.terah.dev/imterah/hermes/api/jwtcore"
"git.terah.dev/imterah/hermes/commonbackend"
"git.terah.dev/imterah/hermes/backend/api/backendruntime"
"git.terah.dev/imterah/hermes/backend/api/controllers/v1/backends"
"git.terah.dev/imterah/hermes/backend/api/controllers/v1/proxies"
"git.terah.dev/imterah/hermes/backend/api/controllers/v1/users"
"git.terah.dev/imterah/hermes/backend/api/db"
"git.terah.dev/imterah/hermes/backend/api/jwt"
"git.terah.dev/imterah/hermes/backend/api/state"
"git.terah.dev/imterah/hermes/backend/commonbackend"
"github.com/charmbracelet/log"
"github.com/gin-gonic/gin"
"github.com/urfave/cli/v2"
"gorm.io/gorm"
)
func entrypoint(cCtx *cli.Context) error {
func apiEntrypoint(cCtx *cli.Context) error {
developmentMode := false
if os.Getenv("HERMES_DEVELOPMENT_MODE") != "" {
@ -33,7 +35,26 @@ func entrypoint(cCtx *cli.Context) error {
log.Info("Hermes is initializing...")
log.Debug("Initializing database and opening it...")
err := dbcore.InitializeDatabase(&gorm.Config{})
databaseBackendName := os.Getenv("HERMES_DATABASE_BACKEND")
var databaseBackendParams string
if databaseBackendName == "sqlite" {
databaseBackendParams = os.Getenv("HERMES_SQLITE_FILEPATH")
if databaseBackendParams == "" {
log.Fatal("HERMES_SQLITE_FILEPATH is not set")
}
} else if databaseBackendName == "postgresql" {
databaseBackendParams = os.Getenv("HERMES_POSTGRES_DSN")
if databaseBackendParams == "" {
log.Fatal("HERMES_POSTGRES_DSN is not set")
}
} else {
log.Fatalf("Unsupported database backend: %s", databaseBackendName)
}
dbInstance, err := db.New(databaseBackendName, databaseBackendParams)
if err != nil {
log.Fatalf("Failed to initialize database: %s", err)
@ -41,16 +62,38 @@ func entrypoint(cCtx *cli.Context) error {
log.Debug("Running database migrations...")
if err := dbcore.DoDatabaseMigrations(dbcore.DB); err != nil {
if err := dbInstance.DoMigrations(); err != nil {
return fmt.Errorf("Failed to run database migrations: %s", err)
}
log.Debug("Initializing the JWT subsystem...")
if err := jwtcore.SetupJWT(); err != nil {
return fmt.Errorf("Failed to initialize the JWT subsystem: %s", err.Error())
jwtDataString := os.Getenv("HERMES_JWT_SECRET")
var jwtKey []byte
var jwtValidityTimeDuration time.Duration
if jwtDataString == "" {
log.Fatalf("HERMES_JWT_SECRET is not set")
}
if os.Getenv("HERMES_JWT_BASE64_ENCODED") != "" {
jwtKey, err = base64.StdEncoding.DecodeString(jwtDataString)
if err != nil {
log.Fatalf("Failed to decode base64 JWT: %s", err.Error())
}
} else {
jwtKey = []byte(jwtDataString)
}
if developmentMode {
jwtValidityTimeDuration = jwt.DevelopmentModeTimings
} else {
jwtValidityTimeDuration = jwt.NormalModeTimings
}
jwtInstance := jwt.New(jwtKey, dbInstance, jwtValidityTimeDuration)
log.Debug("Initializing the backend subsystem...")
backendMetadataPath := cCtx.String("backends-path")
@ -75,9 +118,9 @@ func entrypoint(cCtx *cli.Context) error {
log.Debug("Enumerating backends...")
backendList := []dbcore.Backend{}
backendList := []db.Backend{}
if err := dbcore.DB.Find(&backendList).Error; err != nil {
if err := dbInstance.DB.Find(&backendList).Error; err != nil {
return fmt.Errorf("Failed to enumerate backends: %s", err.Error())
}
@ -98,6 +141,94 @@ func entrypoint(cCtx *cli.Context) error {
}
backendInstance := backendruntime.NewBackend(backendRuntimeFilePath)
backendInstance.OnCrashCallback = func(conn net.Conn) {
backendParameters, err := base64.StdEncoding.DecodeString(backend.BackendParameters)
if err != nil {
log.Errorf("Failed to decode backend parameters for backend #%d: %s", backend.ID, err.Error())
return
}
marshalledStartCommand, err := commonbackend.Marshal(&commonbackend.Start{
Arguments: backendParameters,
})
if err != nil {
log.Errorf("Failed to marshal start command for backend #%d: %s", backend.ID, err.Error())
return
}
if _, err := conn.Write(marshalledStartCommand); err != nil {
log.Errorf("Failed to send start command for backend #%d: %s", backend.ID, err.Error())
return
}
backendResponse, err := commonbackend.Unmarshal(conn)
if err != nil {
log.Errorf("Failed to get start command response for backend #%d: %s", backend.ID, err.Error())
return
}
switch responseMessage := backendResponse.(type) {
case *commonbackend.BackendStatusResponse:
if !responseMessage.IsRunning {
log.Errorf("Failed to start backend #%d: %s", backend.ID, responseMessage.Message)
return
}
log.Infof("Backend #%d has been reinitialized successfully", backend.ID)
}
log.Warnf("Backend #%d has reinitialized! Starting up auto-starting proxies...", backend.ID)
autoStartProxies := []db.Proxy{}
if err := dbInstance.DB.Where("backend_id = ? AND auto_start = true", backend.ID).Find(&autoStartProxies).Error; err != nil {
log.Errorf("Failed to query proxies to autostart: %s", err.Error())
return
}
for _, proxy := range autoStartProxies {
log.Infof("Starting up route #%d for backend #%d: %s", proxy.ID, backend.ID, proxy.Name)
marhalledCommand, err := commonbackend.Marshal(&commonbackend.AddProxy{
SourceIP: proxy.SourceIP,
SourcePort: proxy.SourcePort,
DestPort: proxy.DestinationPort,
Protocol: proxy.Protocol,
})
if err != nil {
log.Errorf("Failed to marshal proxy adding request for backend #%d and route #%d: %s", proxy.BackendID, proxy.ID, err.Error())
continue
}
if _, err := conn.Write(marhalledCommand); err != nil {
log.Errorf("Failed to send proxy adding request for backend #%d and route #%d: %s", proxy.BackendID, proxy.ID, err.Error())
continue
}
backendResponse, err := commonbackend.Unmarshal(conn)
if err != nil {
log.Errorf("Failed to get response for backend #%d and route #%d: %s", proxy.BackendID, proxy.ID, err.Error())
continue
}
switch responseMessage := backendResponse.(type) {
case *commonbackend.ProxyStatusResponse:
if !responseMessage.IsActive {
log.Warnf("Failed to start proxy for backend #%d and route #%d", proxy.BackendID, proxy.ID)
}
default:
log.Errorf("Got illegal response type for backend #%d and proxy #%d: %T", proxy.BackendID, proxy.ID, responseMessage)
continue
}
}
}
err = backendInstance.Start()
if err != nil {
@ -112,16 +243,12 @@ func entrypoint(cCtx *cli.Context) error {
continue
}
backendInstance.RuntimeCommands <- &commonbackend.Start{
Type: "start",
backendStartResponse, err := backendInstance.ProcessCommand(&commonbackend.Start{
Arguments: backendParameters,
}
})
backendStartResponse := <-backendInstance.RuntimeCommands
switch responseMessage := backendStartResponse.(type) {
case error:
log.Warnf("Failed to get response for backend #%d: %s", backend.ID, responseMessage.Error())
if err != nil {
log.Warnf("Failed to get response for backend #%d: %s", backend.ID, err.Error())
err = backendInstance.Stop()
@ -130,6 +257,9 @@ func entrypoint(cCtx *cli.Context) error {
}
continue
}
switch responseMessage := backendStartResponse.(type) {
case *commonbackend.BackendStatusResponse:
if !responseMessage.IsRunning {
err = backendInstance.Stop()
@ -155,9 +285,9 @@ func entrypoint(cCtx *cli.Context) error {
log.Infof("Successfully initialized backend #%d", backend.ID)
autoStartProxies := []dbcore.Proxy{}
autoStartProxies := []db.Proxy{}
if err := dbcore.DB.Where("backend_id = ? AND auto_start = true", backend.ID).Find(&autoStartProxies).Error; err != nil {
if err := dbInstance.DB.Where("backend_id = ? AND auto_start = true", backend.ID).Find(&autoStartProxies).Error; err != nil {
log.Errorf("Failed to query proxies to autostart: %s", err.Error())
continue
}
@ -165,20 +295,19 @@ func entrypoint(cCtx *cli.Context) error {
for _, proxy := range autoStartProxies {
log.Infof("Starting up route #%d for backend #%d: %s", proxy.ID, backend.ID, proxy.Name)
backendInstance.RuntimeCommands <- &commonbackend.AddProxy{
Type: "addProxy",
backendResponse, err := backendInstance.ProcessCommand(&commonbackend.AddProxy{
SourceIP: proxy.SourceIP,
SourcePort: proxy.SourcePort,
DestPort: proxy.DestinationPort,
Protocol: proxy.Protocol,
})
if err != nil {
log.Errorf("Failed to get response for backend #%d and route #%d: %s", proxy.BackendID, proxy.ID, err.Error())
continue
}
backendResponse := <-backendInstance.RuntimeCommands
switch responseMessage := backendResponse.(type) {
case error:
log.Errorf("Failed to get response for backend #%d and route #%d: %s", proxy.BackendID, proxy.ID, responseMessage.Error())
continue
case *commonbackend.ProxyStatusResponse:
if !responseMessage.IsActive {
log.Warnf("Failed to start proxy for backend #%d and route #%d", proxy.BackendID, proxy.ID)
@ -222,23 +351,25 @@ func entrypoint(cCtx *cli.Context) error {
engine.SetTrustedProxies(nil)
}
state := state.New(dbInstance, jwtInstance, engine)
// Initialize routes
engine.POST("/api/v1/users/create", users.CreateUser)
engine.POST("/api/v1/users/login", users.LoginUser)
engine.POST("/api/v1/users/refresh", users.RefreshUserToken)
engine.POST("/api/v1/users/remove", users.RemoveUser)
engine.POST("/api/v1/users/lookup", users.LookupUser)
users.SetupCreateUser(state)
users.SetupLoginUser(state)
users.SetupRefreshUserToken(state)
users.SetupRemoveUser(state)
users.SetupLookupUser(state)
engine.POST("/api/v1/backends/create", backends.CreateBackend)
engine.POST("/api/v1/backends/remove", backends.RemoveBackend)
engine.POST("/api/v1/backends/lookup", backends.LookupBackend)
backends.SetupCreateBackend(state)
backends.SetupRemoveBackend(state)
backends.SetupLookupBackend(state)
engine.POST("/api/v1/forward/create", proxies.CreateProxy)
engine.POST("/api/v1/forward/lookup", proxies.LookupProxy)
engine.POST("/api/v1/forward/remove", proxies.RemoveProxy)
engine.POST("/api/v1/forward/start", proxies.StartProxy)
engine.POST("/api/v1/forward/stop", proxies.StopProxy)
engine.POST("/api/v1/forward/connections", proxies.GetConnections)
proxies.SetupCreateProxy(state)
proxies.SetupRemoveProxy(state)
proxies.SetupLookupProxy(state)
proxies.SetupStartProxy(state)
proxies.SetupStopProxy(state)
proxies.SetupGetConnections(state)
log.Infof("Listening on '%s'", listeningAddress)
err = engine.Run(listeningAddress)
@ -283,7 +414,7 @@ func main() {
Required: true,
},
},
Action: entrypoint,
Action: apiEntrypoint,
}
if err := app.Run(os.Args); err != nil {

4
backend/api/permissions/permission_nodes.go
View file

@ -1,6 +1,6 @@
package permissions
import "git.terah.dev/imterah/hermes/api/dbcore"
import "git.terah.dev/imterah/hermes/backend/api/db"
var DefaultPermissionNodes []string = []string{
"routes.add",
@ -27,7 +27,7 @@ var DefaultPermissionNodes []string = []string{
"users.edit",
}
func UserHasPermission(user *dbcore.User, node string) bool {
func UserHasPermission(user *db.User, node string) bool {
for _, permission := range user.Permissions {
if permission.PermissionNode == node && permission.HasPermission {
return true

24
backend/api/state/state.go Normal file
View file

@ -0,0 +1,24 @@
package state
import (
"git.terah.dev/imterah/hermes/backend/api/db"
"git.terah.dev/imterah/hermes/backend/api/jwt"
"github.com/gin-gonic/gin"
"github.com/go-playground/validator/v10"
)
type State struct {
DB *db.DB
JWT *jwt.JWTCore
Engine *gin.Engine
Validator *validator.Validate
}
func New(db *db.DB, jwt *jwt.JWTCore, engine *gin.Engine) *State {
return &State{
DB: db,
JWT: jwt,
Engine: engine,
Validator: validator.New(),
}
}

4
backend/backends.dev.json
View file

@ -3,6 +3,10 @@
"name": "ssh",
"path": "./sshbackend/sshbackend"
},
{
"name": "sshapp",
"path": "./sshappbackend/local-code/sshappbackend"
},
{
"name": "dummy",
"path": "./dummybackend/dummybackend"

4
backend/backends.prod.json
View file

@ -2,5 +2,9 @@
{
"name": "ssh",
"path": "./sshbackend"
},
{
"name": "sshapp",
"path": "./sshappbackend"
}
]

142
backend/backendutil/application.go
View file

@ -1,11 +1,10 @@
package backendutil
import (
"fmt"
"net"
"os"
"git.terah.dev/imterah/hermes/commonbackend"
"git.terah.dev/imterah/hermes/backend/commonbackend"
"github.com/charmbracelet/log"
)
@ -18,9 +17,14 @@ type BackendApplicationHelper struct {
func (helper *BackendApplicationHelper) Start() error {
log.Debug("BackendApplicationHelper is starting")
err := ConfigureProfiling()
if err != nil {
return err
}
log.Debug("Currently waiting for Unix socket connection...")
var err error
helper.socket, err = net.Dial("unix", helper.SocketPath)
if err != nil {
@ -30,21 +34,15 @@ func (helper *BackendApplicationHelper) Start() error {
log.Debug("Sucessfully connected")
for {
commandType, commandRaw, err := commonbackend.Unmarshal(helper.socket)
commandRaw, err := commonbackend.Unmarshal(helper.socket)
if err != nil {
return err
}
switch commandType {
case "start":
command, ok := commandRaw.(*commonbackend.Start)
if !ok {
return fmt.Errorf("failed to typecast")
}
ok, err = helper.Backend.StartBackend(command.Arguments)
switch command := commandRaw.(type) {
case *commonbackend.Start:
ok, err := helper.Backend.StartBackend(command.Arguments)
var (
message string
@ -59,13 +57,12 @@ func (helper *BackendApplicationHelper) Start() error {
}
response := &commonbackend.BackendStatusResponse{
Type: "backendStatusResponse",
IsRunning: ok,
StatusCode: statusCode,
Message: message,
}
responseMarshalled, err := commonbackend.Marshal(response.Type, response)
responseMarshalled, err := commonbackend.Marshal(response)
if err != nil {
log.Error("failed to marshal response: %s", err.Error())
@ -73,14 +70,8 @@ func (helper *BackendApplicationHelper) Start() error {
}
helper.socket.Write(responseMarshalled)
case "stop":
_, ok := commandRaw.(*commonbackend.Stop)
if !ok {
return fmt.Errorf("failed to typecast")
}
ok, err = helper.Backend.StopBackend()
case *commonbackend.BackendStatusRequest:
ok, err := helper.Backend.GetBackendStatus()
var (
message string
@ -95,13 +86,12 @@ func (helper *BackendApplicationHelper) Start() error {
}
response := &commonbackend.BackendStatusResponse{
Type: "backendStatusResponse",
IsRunning: !ok,
IsRunning: ok,
StatusCode: statusCode,
Message: message,
}
responseMarshalled, err := commonbackend.Marshal(response.Type, response)
responseMarshalled, err := commonbackend.Marshal(response)
if err != nil {
log.Error("failed to marshal response: %s", err.Error())
@ -109,26 +99,48 @@ func (helper *BackendApplicationHelper) Start() error {
}
helper.socket.Write(responseMarshalled)
case "addProxy":
command, ok := commandRaw.(*commonbackend.AddProxy)
case *commonbackend.Stop:
ok, err := helper.Backend.StopBackend()
if !ok {
return fmt.Errorf("failed to typecast")
var (
message string
statusCode int
)
if err != nil {
message = err.Error()
statusCode = commonbackend.StatusFailure
} else {
statusCode = commonbackend.StatusSuccess
}
ok, err = helper.Backend.StartProxy(command)
response := &commonbackend.BackendStatusResponse{
IsRunning: !ok,
StatusCode: statusCode,
Message: message,
}
responseMarshalled, err := commonbackend.Marshal(response)
if err != nil {
log.Error("failed to marshal response: %s", err.Error())
continue
}
helper.socket.Write(responseMarshalled)
case *commonbackend.AddProxy:
ok, err := helper.Backend.StartProxy(command)
var hasAnyFailed bool
if !ok {
log.Warnf("failed to add proxy (%s:%d -> remote:%d): StartProxy returned into failure state", command.SourceIP, command.SourcePort, command.DestPort)
hasAnyFailed = true
} else if err != nil {
if err != nil {
log.Warnf("failed to add proxy (%s:%d -> remote:%d): %s", command.SourceIP, command.SourcePort, command.DestPort, err.Error())
hasAnyFailed = true
} else if !ok {
log.Warnf("failed to add proxy (%s:%d -> remote:%d): StartProxy returned into failure state", command.SourceIP, command.SourcePort, command.DestPort)
hasAnyFailed = true
}
response := &commonbackend.ProxyStatusResponse{
Type: "proxyStatusResponse",
SourceIP: command.SourceIP,
SourcePort: command.SourcePort,
DestPort: command.DestPort,
@ -136,7 +148,7 @@ func (helper *BackendApplicationHelper) Start() error {
IsActive: !hasAnyFailed,
}
responseMarshalled, err := commonbackend.Marshal(response.Type, response)
responseMarshalled, err := commonbackend.Marshal(response)
if err != nil {
log.Error("failed to marshal response: %s", err.Error())
@ -144,26 +156,19 @@ func (helper *BackendApplicationHelper) Start() error {
}
helper.socket.Write(responseMarshalled)
case "removeProxy":
command, ok := commandRaw.(*commonbackend.RemoveProxy)
if !ok {
return fmt.Errorf("failed to typecast")
}
ok, err = helper.Backend.StopProxy(command)
case *commonbackend.RemoveProxy:
ok, err := helper.Backend.StopProxy(command)
var hasAnyFailed bool
if !ok {
log.Warnf("failed to remove proxy (%s:%d -> remote:%d): RemoveProxy returned into failure state", command.SourceIP, command.SourcePort, command.DestPort)
hasAnyFailed = true
} else if err != nil {
if err != nil {
log.Warnf("failed to remove proxy (%s:%d -> remote:%d): %s", command.SourceIP, command.SourcePort, command.DestPort, err.Error())
hasAnyFailed = true
} else if !ok {
log.Warnf("failed to remove proxy (%s:%d -> remote:%d): RemoveProxy returned into failure state", command.SourceIP, command.SourcePort, command.DestPort)
hasAnyFailed = true
}
response := &commonbackend.ProxyStatusResponse{
Type: "proxyStatusResponse",
SourceIP: command.SourceIP,
SourcePort: command.SourcePort,
DestPort: command.DestPort,
@ -171,7 +176,7 @@ func (helper *BackendApplicationHelper) Start() error {
IsActive: hasAnyFailed,
}
responseMarshalled, err := commonbackend.Marshal(response.Type, response)
responseMarshalled, err := commonbackend.Marshal(response)
if err != nil {
log.Error("failed to marshal response: %s", err.Error())
@ -179,21 +184,14 @@ func (helper *BackendApplicationHelper) Start() error {
}
helper.socket.Write(responseMarshalled)
case "proxyConnectionsRequest":
_, ok := commandRaw.(*commonbackend.ProxyConnectionsRequest)
if !ok {
return fmt.Errorf("failed to typecast")
}
case *commonbackend.ProxyConnectionsRequest:
connections := helper.Backend.GetAllClientConnections()
serverParams := &commonbackend.ProxyConnectionsResponse{
Type: "proxyConnectionsResponse",
Connections: connections,
}
byteData, err := commonbackend.Marshal(serverParams.Type, serverParams)
byteData, err := commonbackend.Marshal(serverParams)
if err != nil {
return err
@ -202,18 +200,11 @@ func (helper *BackendApplicationHelper) Start() error {
if _, err = helper.socket.Write(byteData); err != nil {
return err
}
case "checkClientParameters":
command, ok := commandRaw.(*commonbackend.CheckClientParameters)
if !ok {
return fmt.Errorf("failed to typecast")
}
case *commonbackend.CheckClientParameters:
resp := helper.Backend.CheckParametersForConnections(command)
resp.Type = "checkParametersResponse"
resp.InResponseTo = "checkClientParameters"
byteData, err := commonbackend.Marshal(resp.Type, resp)
byteData, err := commonbackend.Marshal(resp)
if err != nil {
return err
@ -222,18 +213,11 @@ func (helper *BackendApplicationHelper) Start() error {
if _, err = helper.socket.Write(byteData); err != nil {
return err
}
case "checkServerParameters":
command, ok := commandRaw.(*commonbackend.CheckServerParameters)
if !ok {
return fmt.Errorf("failed to typecast")
}
case *commonbackend.CheckServerParameters:
resp := helper.Backend.CheckParametersForBackend(command.Arguments)
resp.Type = "checkParametersResponse"
resp.InResponseTo = "checkServerParameters"
byteData, err := commonbackend.Marshal(resp.Type, resp)
byteData, err := commonbackend.Marshal(resp)
if err != nil {
return err
@ -242,6 +226,8 @@ func (helper *BackendApplicationHelper) Start() error {
if _, err = helper.socket.Write(byteData); err != nil {
return err
}
default:
log.Warnf("Unsupported command recieved: %T", command)
}
}
}

9
backend/backendutil/profiling_disabled.go Normal file
View file

@ -0,0 +1,9 @@
//go:build !debug
package backendutil
var endProfileFunc func()
func ConfigureProfiling() error {
return nil
}

91
backend/backendutil/profiling_enabled.go Normal file
View file

@ -0,0 +1,91 @@
//go:build debug
package backendutil
import (
"errors"
"fmt"
"os"
"os/signal"
"runtime/pprof"
"syscall"
"time"
"github.com/charmbracelet/log"
"golang.org/x/exp/rand"
)
func ConfigureProfiling() error {
profilingMode, err := os.ReadFile("/tmp/hermes.backendlauncher.profilebackends")
if err != nil && errors.Is(err, os.ErrNotExist) {
return nil
}
switch string(profilingMode) {
case "cpu":
log.Debug("Starting CPU profiling as a background task")
go doCPUProfiling()
case "mem":
log.Debug("Starting memory profiling as a background task")
go doMemoryProfiling()
default:
log.Warnf("Unknown profiling mode: %s", string(profilingMode))
return nil
}
return nil
}
func doCPUProfiling() {
// (imterah) WTF? why isn't this being seeded on its own? according to Go docs, this should be seeded automatically...
rand.Seed(uint64(time.Now().UnixNano()))
profileFileName := fmt.Sprintf("/tmp/hermes.backendlauncher.cpu.prof.%d", rand.Int())
profileFile, err := os.Create(profileFileName)
if err != nil {
log.Fatalf("Failed to create CPU profiling file: %s", err.Error())
}
log.Debugf("Writing CPU usage profile to '%s'. Will capture when Ctrl+C/SIGTERM is recieved.", profileFileName)
pprof.StartCPUProfile(profileFile)
exitNotification := make(chan os.Signal, 1)
signal.Notify(exitNotification, os.Interrupt, syscall.SIGTERM)
<-exitNotification
log.Debug("Recieved SIGTERM. Cleaning up and exiting...")
pprof.StopCPUProfile()
profileFile.Close()
log.Debug("Exiting...")
os.Exit(0)
}
func doMemoryProfiling() {
// (imterah) WTF? why isn't this being seeded on its own? according to Go docs, this should be seeded automatically...
rand.Seed(uint64(time.Now().UnixNano()))
profileFileName := fmt.Sprintf("/tmp/hermes.backendlauncher.mem.prof.%d", rand.Int())
profileFile, err := os.Create(profileFileName)
if err != nil {
log.Fatalf("Failed to create memory profiling file: %s", err.Error())
}
log.Debugf("Writing memory profile to '%s'. Will capture when Ctrl+C/SIGTERM is recieved.", profileFileName)
exitNotification := make(chan os.Signal, 1)
signal.Notify(exitNotification, os.Interrupt, syscall.SIGTERM)
<-exitNotification
log.Debug("Recieved SIGTERM. Cleaning up and exiting...")
pprof.WriteHeapProfile(profileFile)
profileFile.Close()
log.Debug("Exiting...")
os.Exit(0)
}

3
backend/backendutil/structure.go
View file

@ -1,10 +1,11 @@
package backendutil
import "git.terah.dev/imterah/hermes/commonbackend"
import "git.terah.dev/imterah/hermes/backend/commonbackend"
type BackendInterface interface {
StartBackend(arguments []byte) (bool, error)
StopBackend() (bool, error)
GetBackendStatus() (bool, error)
StartProxy(command *commonbackend.AddProxy) (bool, error)
StopProxy(command *commonbackend.RemoveProxy) (bool, error)
GetAllClientConnections() []*commonbackend.ProxyClientConnection

55
backend/build.sh
View file

@ -1,20 +1,43 @@
#!/usr/bin/env bash
pushd sshbackend
CGO_ENABLED=0 GOOS=linux go build .
strip sshbackend
popd
pushd sshbackend > /dev/null
echo "building sshbackend"
go build -ldflags="-s -w" -trimpath .
popd > /dev/null
pushd dummybackend
CGO_ENABLED=0 GOOS=linux go build .
strip dummybackend
popd
pushd dummybackend > /dev/null
echo "building dummybackend"
go build -ldflags="-s -w" -trimpath .
popd > /dev/null
pushd externalbackendlauncher
go build .
strip externalbackendlauncher
popd
pushd externalbackendlauncher > /dev/null
echo "building externalbackendlauncher"
go build -ldflags="-s -w" -trimpath .
popd > /dev/null
pushd api
CGO_ENABLED=0 GOOS=linux go build .
strip api
popd
if [ ! -d "sshappbackend/local-code/remote-bin" ]; then
mkdir "sshappbackend/local-code/remote-bin"
fi
pushd sshappbackend/remote-code > /dev/null
echo "building sshappbackend/remote-code"
# Disable dynamic linking by disabling CGo.
# We need to make the remote code as generic as possible, so we do this
echo " - building for arm64"
CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags="-s -w" -trimpath -o ../local-code/remote-bin/rt-arm64 .
echo " - building for arm"
CGO_ENABLED=0 GOOS=linux GOARCH=arm go build -ldflags="-s -w" -trimpath -o ../local-code/remote-bin/rt-arm .
echo " - building for amd64"
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -trimpath -o ../local-code/remote-bin/rt-amd64 .
echo " - building for i386"
CGO_ENABLED=0 GOOS=linux GOARCH=386 go build -ldflags="-s -w" -trimpath -o ../local-code/remote-bin/rt-386 .
popd > /dev/null
pushd sshappbackend/local-code > /dev/null
echo "building sshappbackend/local-code"
go build -ldflags="-s -w" -trimpath -o sshappbackend .
popd > /dev/null
pushd api > /dev/null
echo "building api"
go build -ldflags="-s -w" -trimpath .
popd > /dev/null

15
backend/commonbackend/constants.go
View file

@ -1,16 +1,13 @@
package commonbackend
type Start struct {
Type string // Will be 'start' always
Arguments []byte
}
type Stop struct {
Type string // Will be 'stop' always
}
type AddProxy struct {
Type string // Will be 'addProxy' always
SourceIP string
SourcePort uint16
DestPort uint16
@ -18,7 +15,6 @@ type AddProxy struct {
}
type RemoveProxy struct {
Type string // Will be 'removeProxy' always
SourceIP string
SourcePort uint16
DestPort uint16
@ -26,7 +22,6 @@ type RemoveProxy struct {
}
type ProxyStatusRequest struct {
Type string // Will be 'proxyStatusRequest' always
SourceIP string
SourcePort uint16
DestPort uint16
@ -34,7 +29,6 @@ type ProxyStatusRequest struct {
}
type ProxyStatusResponse struct {
Type string // Will be 'proxyStatusResponse' always
SourceIP string
SourcePort uint16
DestPort uint16
@ -50,27 +44,22 @@ type ProxyInstance struct {
}
type ProxyInstanceResponse struct {
Type string // Will be 'proxyConnectionResponse' always
Proxies []*ProxyInstance // List of connections
}
type ProxyInstanceRequest struct {
Type string // Will be 'proxyConnectionRequest' always
}
type BackendStatusResponse struct {
Type string // Will be 'backendStatusResponse' always
IsRunning bool // True if running, false if not running
StatusCode int // Either the 'Success' or 'Failure' constant
Message string // String message from the client (ex. failed to dial TCP)
}
type BackendStatusRequest struct {
Type string // Will be 'backendStatusRequest' always
}
type ProxyConnectionsRequest struct {
Type string // Will be 'proxyConnectionsRequest' always
}
// Client's connection to a specific proxy
@ -83,12 +72,10 @@ type ProxyClientConnection struct {
}
type ProxyConnectionsResponse struct {
Type string // Will be 'proxyConnectionsResponse' always
Connections []*ProxyClientConnection // List of connections
}
type CheckClientParameters struct {
Type string // Will be 'checkClientParameters' always
SourceIP string
SourcePort uint16
DestPort uint16
@ -96,13 +83,11 @@ type CheckClientParameters struct {
}
type CheckServerParameters struct {
Type string // Will be 'checkServerParameters' always
Arguments []byte
}
// Sent as a response to either CheckClientParameters or CheckBackendParameters
type CheckParametersResponse struct {
Type string // Will be 'checkParametersResponse' always
InResponseTo string // Will be either 'checkClientParameters' or 'checkServerParameters'
IsValid bool // If true, valid, and if false, invalid
Message string // String message from the client (ex. failed to unmarshal JSON: x is not defined)

252
backend/commonbackend/marshal.go
View file

@ -84,37 +84,19 @@ func marshalIndividualProxyStruct(conn *ProxyInstance) ([]byte, error) {
return proxyBlock, nil
}
func Marshal(commandType string, command interface{}) ([]byte, error) {
switch commandType {
case "start":
startCommand, ok := command.(*Start)
if !ok {
return nil, fmt.Errorf("failed to typecast")
}
startCommandBytes := make([]byte, 1+2+len(startCommand.Arguments))
func Marshal(command interface{}) ([]byte, error) {
switch command := command.(type) {
case *Start:
startCommandBytes := make([]byte, 1+2+len(command.Arguments))
startCommandBytes[0] = StartID
binary.BigEndian.PutUint16(startCommandBytes[1:3], uint16(len(startCommand.Arguments)))
copy(startCommandBytes[3:], startCommand.Arguments)
binary.BigEndian.PutUint16(startCommandBytes[1:3], uint16(len(command.Arguments)))
copy(startCommandBytes[3:], command.Arguments)
return startCommandBytes, nil
case "stop":
_, ok := command.(*Stop)
if !ok {
return nil, fmt.Errorf("failed to typecast")
}
case *Stop:
return []byte{StopID}, nil
case "addProxy":
addConnectionCommand, ok := command.(*AddProxy)
if !ok {
return nil, fmt.Errorf("failed to typecast")
}
sourceIP := net.ParseIP(addConnectionCommand.SourceIP)
case *AddProxy:
sourceIP := net.ParseIP(command.SourceIP)
var ipVer uint8
var ipBytes []byte
@ -134,14 +116,14 @@ func Marshal(commandType string, command interface{}) ([]byte, error) {
copy(addConnectionBytes[2:2+len(ipBytes)], ipBytes)
binary.BigEndian.PutUint16(addConnectionBytes[2+len(ipBytes):4+len(ipBytes)], addConnectionCommand.SourcePort)
binary.BigEndian.PutUint16(addConnectionBytes[4+len(ipBytes):6+len(ipBytes)], addConnectionCommand.DestPort)
binary.BigEndian.PutUint16(addConnectionBytes[2+len(ipBytes):4+len(ipBytes)], command.SourcePort)
binary.BigEndian.PutUint16(addConnectionBytes[4+len(ipBytes):6+len(ipBytes)], command.DestPort)
var protocol uint8
if addConnectionCommand.Protocol == "tcp" {
if command.Protocol == "tcp" {
protocol = TCP
} else if addConnectionCommand.Protocol == "udp" {
} else if command.Protocol == "udp" {
protocol = UDP
} else {
return nil, fmt.Errorf("invalid protocol")
@ -150,14 +132,8 @@ func Marshal(commandType string, command interface{}) ([]byte, error) {
addConnectionBytes[6+len(ipBytes)] = protocol
return addConnectionBytes, nil
case "removeProxy":
removeConnectionCommand, ok := command.(*RemoveProxy)
if !ok {
return nil, fmt.Errorf("failed to typecast")
}
sourceIP := net.ParseIP(removeConnectionCommand.SourceIP)
case *RemoveProxy:
sourceIP := net.ParseIP(command.SourceIP)
var ipVer uint8
var ipBytes []byte
@ -175,14 +151,14 @@ func Marshal(commandType string, command interface{}) ([]byte, error) {
removeConnectionBytes[0] = RemoveProxyID
removeConnectionBytes[1] = ipVer
copy(removeConnectionBytes[2:2+len(ipBytes)], ipBytes)
binary.BigEndian.PutUint16(removeConnectionBytes[2+len(ipBytes):4+len(ipBytes)], removeConnectionCommand.SourcePort)
binary.BigEndian.PutUint16(removeConnectionBytes[4+len(ipBytes):6+len(ipBytes)], removeConnectionCommand.DestPort)
binary.BigEndian.PutUint16(removeConnectionBytes[2+len(ipBytes):4+len(ipBytes)], command.SourcePort)
binary.BigEndian.PutUint16(removeConnectionBytes[4+len(ipBytes):6+len(ipBytes)], command.DestPort)
var protocol uint8
if removeConnectionCommand.Protocol == "tcp" {
if command.Protocol == "tcp" {
protocol = TCP
} else if removeConnectionCommand.Protocol == "udp" {
} else if command.Protocol == "udp" {
protocol = UDP
} else {
return nil, fmt.Errorf("invalid protocol")
@ -191,17 +167,11 @@ func Marshal(commandType string, command interface{}) ([]byte, error) {
removeConnectionBytes[6+len(ipBytes)] = protocol
return removeConnectionBytes, nil
case "proxyConnectionsResponse":
allConnectionsCommand, ok := command.(*ProxyConnectionsResponse)
if !ok {
return nil, fmt.Errorf("failed to typecast")
}
connectionsArray := make([][]byte, len(allConnectionsCommand.Connections))
case *ProxyConnectionsResponse:
connectionsArray := make([][]byte, len(command.Connections))
totalSize := 0
for connIndex, conn := range allConnectionsCommand.Connections {
for connIndex, conn := range command.Connections {
connectionsArray[connIndex] = marshalIndividualConnectionStruct(conn)
totalSize += len(connectionsArray[connIndex]) + 1
}
@ -223,14 +193,8 @@ func Marshal(commandType string, command interface{}) ([]byte, error) {
connectionCommandArray[totalSize] = '\n'
return connectionCommandArray, nil
case "checkClientParameters":
checkClientCommand, ok := command.(*CheckClientParameters)
if !ok {
return nil, fmt.Errorf("failed to typecast")
}
sourceIP := net.ParseIP(checkClientCommand.SourceIP)
case *CheckClientParameters:
sourceIP := net.ParseIP(command.SourceIP)
var ipVer uint8
var ipBytes []byte
@ -248,14 +212,14 @@ func Marshal(commandType string, command interface{}) ([]byte, error) {
checkClientBytes[0] = CheckClientParametersID
checkClientBytes[1] = ipVer
copy(checkClientBytes[2:2+len(ipBytes)], ipBytes)
binary.BigEndian.PutUint16(checkClientBytes[2+len(ipBytes):4+len(ipBytes)], checkClientCommand.SourcePort)
binary.BigEndian.PutUint16(checkClientBytes[4+len(ipBytes):6+len(ipBytes)], checkClientCommand.DestPort)
binary.BigEndian.PutUint16(checkClientBytes[2+len(ipBytes):4+len(ipBytes)], command.SourcePort)
binary.BigEndian.PutUint16(checkClientBytes[4+len(ipBytes):6+len(ipBytes)], command.DestPort)
var protocol uint8
if checkClientCommand.Protocol == "tcp" {
if command.Protocol == "tcp" {
protocol = TCP
} else if checkClientCommand.Protocol == "udp" {
} else if command.Protocol == "udp" {
protocol = UDP
} else {
return nil, fmt.Errorf("invalid protocol")
@ -264,31 +228,19 @@ func Marshal(commandType string, command interface{}) ([]byte, error) {
checkClientBytes[6+len(ipBytes)] = protocol
return checkClientBytes, nil
case "checkServerParameters":
checkServerCommand, ok := command.(*CheckServerParameters)
if !ok {
return nil, fmt.Errorf("failed to typecast")
}
serverCommandBytes := make([]byte, 1+2+len(checkServerCommand.Arguments))
case *CheckServerParameters:
serverCommandBytes := make([]byte, 1+2+len(command.Arguments))
serverCommandBytes[0] = CheckServerParametersID
binary.BigEndian.PutUint16(serverCommandBytes[1:3], uint16(len(checkServerCommand.Arguments)))
copy(serverCommandBytes[3:], checkServerCommand.Arguments)
binary.BigEndian.PutUint16(serverCommandBytes[1:3], uint16(len(command.Arguments)))
copy(serverCommandBytes[3:], command.Arguments)
return serverCommandBytes, nil
case "checkParametersResponse":
checkParametersCommand, ok := command.(*CheckParametersResponse)
if !ok {
return nil, fmt.Errorf("failed to typecast")
}
case *CheckParametersResponse:
var checkMethod uint8
if checkParametersCommand.InResponseTo == "checkClientParameters" {
if command.InResponseTo == "checkClientParameters" {
checkMethod = CheckClientParametersID
} else if checkParametersCommand.InResponseTo == "checkServerParameters" {
} else if command.InResponseTo == "checkServerParameters" {
checkMethod = CheckServerParametersID
} else {
return nil, fmt.Errorf("invalid mode recieved (must be either checkClientParameters or checkServerParameters)")
@ -296,68 +248,50 @@ func Marshal(commandType string, command interface{}) ([]byte, error) {
var isValid uint8
if checkParametersCommand.IsValid {
if command.IsValid {
isValid = 1
}
checkResponseBytes := make([]byte, 3+2+len(checkParametersCommand.Message))
checkResponseBytes := make([]byte, 3+2+len(command.Message))
checkResponseBytes[0] = CheckParametersResponseID
checkResponseBytes[1] = checkMethod
checkResponseBytes[2] = isValid
binary.BigEndian.PutUint16(checkResponseBytes[3:5], uint16(len(checkParametersCommand.Message)))
binary.BigEndian.PutUint16(checkResponseBytes[3:5], uint16(len(command.Message)))
if len(checkParametersCommand.Message) != 0 {
copy(checkResponseBytes[5:], []byte(checkParametersCommand.Message))
if len(command.Message) != 0 {
copy(checkResponseBytes[5:], []byte(command.Message))
}
return checkResponseBytes, nil
case "backendStatusResponse":
backendStatusResponse, ok := command.(*BackendStatusResponse)
if !ok {
return nil, fmt.Errorf("failed to typecast")
}
case *BackendStatusResponse:
var isRunning uint8
if backendStatusResponse.IsRunning {
if command.IsRunning {
isRunning = 1
} else {
isRunning = 0
}
statusResponseBytes := make([]byte, 3+2+len(backendStatusResponse.Message))
statusResponseBytes := make([]byte, 3+2+len(command.Message))
statusResponseBytes[0] = BackendStatusResponseID
statusResponseBytes[1] = isRunning
statusResponseBytes[2] = byte(backendStatusResponse.StatusCode)
statusResponseBytes[2] = byte(command.StatusCode)
binary.BigEndian.PutUint16(statusResponseBytes[3:5], uint16(len(backendStatusResponse.Message)))
binary.BigEndian.PutUint16(statusResponseBytes[3:5], uint16(len(command.Message)))
if len(backendStatusResponse.Message) != 0 {
copy(statusResponseBytes[5:], []byte(backendStatusResponse.Message))
if len(command.Message) != 0 {
copy(statusResponseBytes[5:], []byte(command.Message))
}
return statusResponseBytes, nil
case "backendStatusRequest":
_, ok := command.(*BackendStatusRequest)
if !ok {
return nil, fmt.Errorf("failed to typecast")
}
statusRequestBytes := make([]byte, 2)
case *BackendStatusRequest:
statusRequestBytes := make([]byte, 1)
statusRequestBytes[0] = BackendStatusRequestID
return statusRequestBytes, nil
case "proxyStatusRequest":
proxyStatusRequest, ok := command.(*ProxyStatusRequest)
if !ok {
return nil, fmt.Errorf("failed to typecast")
}
sourceIP := net.ParseIP(proxyStatusRequest.SourceIP)
case *ProxyStatusRequest:
sourceIP := net.ParseIP(command.SourceIP)
var ipVer uint8
var ipBytes []byte
@ -370,37 +304,31 @@ func Marshal(commandType string, command interface{}) ([]byte, error) {
ipVer = IPv4
}
proxyStatusRequestBytes := make([]byte, 1+1+len(ipBytes)+2+2+1)
commandBytes := make([]byte, 1+1+len(ipBytes)+2+2+1)
proxyStatusRequestBytes[0] = ProxyStatusRequestID
proxyStatusRequestBytes[1] = ipVer
commandBytes[0] = ProxyStatusRequestID
commandBytes[1] = ipVer
copy(proxyStatusRequestBytes[2:2+len(ipBytes)], ipBytes)
copy(commandBytes[2:2+len(ipBytes)], ipBytes)
binary.BigEndian.PutUint16(proxyStatusRequestBytes[2+len(ipBytes):4+len(ipBytes)], proxyStatusRequest.SourcePort)
binary.BigEndian.PutUint16(proxyStatusRequestBytes[4+len(ipBytes):6+len(ipBytes)], proxyStatusRequest.DestPort)
binary.BigEndian.PutUint16(commandBytes[2+len(ipBytes):4+len(ipBytes)], command.SourcePort)
binary.BigEndian.PutUint16(commandBytes[4+len(ipBytes):6+len(ipBytes)], command.DestPort)
var protocol uint8
if proxyStatusRequest.Protocol == "tcp" {
if command.Protocol == "tcp" {
protocol = TCP
} else if proxyStatusRequest.Protocol == "udp" {
} else if command.Protocol == "udp" {
protocol = UDP
} else {
return nil, fmt.Errorf("invalid protocol")
}
proxyStatusRequestBytes[6+len(ipBytes)] = protocol
commandBytes[6+len(ipBytes)] = protocol
return proxyStatusRequestBytes, nil
case "proxyStatusResponse":
proxyStatusResponse, ok := command.(*ProxyStatusResponse)
if !ok {
return nil, fmt.Errorf("failed to typecast")
}
sourceIP := net.ParseIP(proxyStatusResponse.SourceIP)
return commandBytes, nil
case *ProxyStatusResponse:
sourceIP := net.ParseIP(command.SourceIP)
var ipVer uint8
var ipBytes []byte
@ -413,50 +341,44 @@ func Marshal(commandType string, command interface{}) ([]byte, error) {
ipVer = IPv4
}
proxyStatusResponseBytes := make([]byte, 1+1+len(ipBytes)+2+2+1+1)
commandBytes := make([]byte, 1+1+len(ipBytes)+2+2+1+1)
proxyStatusResponseBytes[0] = ProxyStatusResponseID
proxyStatusResponseBytes[1] = ipVer
commandBytes[0] = ProxyStatusResponseID
commandBytes[1] = ipVer
copy(proxyStatusResponseBytes[2:2+len(ipBytes)], ipBytes)
copy(commandBytes[2:2+len(ipBytes)], ipBytes)
binary.BigEndian.PutUint16(proxyStatusResponseBytes[2+len(ipBytes):4+len(ipBytes)], proxyStatusResponse.SourcePort)
binary.BigEndian.PutUint16(proxyStatusResponseBytes[4+len(ipBytes):6+len(ipBytes)], proxyStatusResponse.DestPort)
binary.BigEndian.PutUint16(commandBytes[2+len(ipBytes):4+len(ipBytes)], command.SourcePort)
binary.BigEndian.PutUint16(commandBytes[4+len(ipBytes):6+len(ipBytes)], command.DestPort)
var protocol uint8
if proxyStatusResponse.Protocol == "tcp" {
if command.Protocol == "tcp" {
protocol = TCP
} else if proxyStatusResponse.Protocol == "udp" {
} else if command.Protocol == "udp" {
protocol = UDP
} else {
return nil, fmt.Errorf("invalid protocol")
}
proxyStatusResponseBytes[6+len(ipBytes)] = protocol
commandBytes[6+len(ipBytes)] = protocol
var isActive uint8
if proxyStatusResponse.IsActive {
if command.IsActive {
isActive = 1
} else {
isActive = 0
}
proxyStatusResponseBytes[7+len(ipBytes)] = isActive
commandBytes[7+len(ipBytes)] = isActive
return proxyStatusResponseBytes, nil
case "proxyInstanceResponse":
proxyConectionResponse, ok := command.(*ProxyInstanceResponse)
if !ok {
return nil, fmt.Errorf("failed to typecast")
}
proxyArray := make([][]byte, len(proxyConectionResponse.Proxies))
return commandBytes, nil
case *ProxyInstanceResponse:
proxyArray := make([][]byte, len(command.Proxies))
totalSize := 0
for proxyIndex, proxy := range proxyConectionResponse.Proxies {
for proxyIndex, proxy := range command.Proxies {
var err error
proxyArray[proxyIndex], err = marshalIndividualProxyStruct(proxy)
@ -485,23 +407,11 @@ func Marshal(commandType string, command interface{}) ([]byte, error) {
connectionCommandArray[totalSize] = '\n'
return connectionCommandArray, nil
case "proxyInstanceRequest":
_, ok := command.(*ProxyInstanceRequest)
if !ok {
return nil, fmt.Errorf("failed to typecast")
}
case *ProxyInstanceRequest:
return []byte{ProxyInstanceRequestID}, nil
case "proxyConnectionsRequest":
_, ok := command.(*ProxyConnectionsRequest)
if !ok {
return nil, fmt.Errorf("failed to typecast")
}
case *ProxyConnectionsRequest:
return []byte{ProxyConnectionsRequestID}, nil
}
return nil, fmt.Errorf("couldn't match command name")
return nil, fmt.Errorf("couldn't match command type")
}

306
backend/commonbackend/marshalling_test.go
View file

@ -9,32 +9,26 @@ import (
var logLevel = os.Getenv("HERMES_LOG_LEVEL")
func TestStartCommandMarshalSupport(t *testing.T) {
func TestStart(t *testing.T) {
commandInput := &Start{
Type: "start",
Arguments: []byte("Hello from automated testing"),
}
commandMarshalled, err := Marshal(commandInput.Type, commandInput)
commandMarshalled, err := Marshal(commandInput)
if logLevel == "debug" {
log.Printf("Generated array contents: %v", commandMarshalled)
}
if err != nil {
t.Fatalf(err.Error())
}
buf := bytes.NewBuffer(commandMarshalled)
commandType, commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
if commandType != commandInput.Type {
t.Fail()
log.Print("command type does not match up!")
buf := bytes.NewBuffer(commandMarshalled)
commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
commandUnmarshalled, ok := commandUnmarshalledRaw.(*Start)
@ -43,84 +37,61 @@ func TestStartCommandMarshalSupport(t *testing.T) {
t.Fatal("failed typecast")
}
if commandInput.Type != commandUnmarshalled.Type {
t.Fail()
log.Printf("Types are not equal (orig: %s, unmsh: %s)", commandInput.Type, commandUnmarshalled.Type)
}
if !bytes.Equal(commandInput.Arguments, commandUnmarshalled.Arguments) {
log.Fatalf("Arguments are not equal (orig: '%s', unmsh: '%s')", string(commandInput.Arguments), string(commandUnmarshalled.Arguments))
}
}
func TestStopCommandMarshalSupport(t *testing.T) {
commandInput := &Stop{
Type: "stop",
}
func TestStop(t *testing.T) {
commandInput := &Stop{}
commandMarshalled, err := Marshal(commandInput.Type, commandInput)
commandMarshalled, err := Marshal(commandInput)
if logLevel == "debug" {
log.Printf("Generated array contents: %v", commandMarshalled)
}
if err != nil {
t.Fatalf(err.Error())
t.Fatal(err.Error())
}
buf := bytes.NewBuffer(commandMarshalled)
commandType, commandUnmarshalledRaw, err := Unmarshal(buf)
commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
if commandType != commandInput.Type {
t.Fail()
log.Print("command type does not match up!")
}
commandUnmarshalled, ok := commandUnmarshalledRaw.(*Stop)
_, ok := commandUnmarshalledRaw.(*Stop)
if !ok {
t.Fatal("failed typecast")
}
if commandInput.Type != commandUnmarshalled.Type {
t.Fail()
log.Printf("Types are not equal (orig: %s, unmsh: %s)", commandInput.Type, commandUnmarshalled.Type)
}
}
func TestAddConnectionCommandMarshalSupport(t *testing.T) {
func TestAddConnection(t *testing.T) {
commandInput := &AddProxy{
Type: "addProxy",
SourceIP: "192.168.0.139",
SourcePort: 19132,
DestPort: 19132,
Protocol: "tcp",
}
commandMarshalled, err := Marshal(commandInput.Type, commandInput)
commandMarshalled, err := Marshal(commandInput)
if logLevel == "debug" {
log.Printf("Generated array contents: %v", commandMarshalled)
}
if err != nil {
t.Fatalf(err.Error())
}
buf := bytes.NewBuffer(commandMarshalled)
commandType, commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
if commandType != commandInput.Type {
t.Fail()
log.Print("command type does not match up!")
buf := bytes.NewBuffer(commandMarshalled)
commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
commandUnmarshalled, ok := commandUnmarshalledRaw.(*AddProxy)
@ -129,11 +100,6 @@ func TestAddConnectionCommandMarshalSupport(t *testing.T) {
t.Fatal("failed typecast")
}
if commandInput.Type != commandUnmarshalled.Type {
t.Fail()
log.Printf("Types are not equal (orig: %s, unmsh: %s)", commandInput.Type, commandUnmarshalled.Type)
}
if commandInput.SourceIP != commandUnmarshalled.SourceIP {
t.Fail()
log.Printf("SourceIP's are not equal (orig: %s, unmsh: %s)", commandInput.SourceIP, commandUnmarshalled.SourceIP)
@ -155,19 +121,18 @@ func TestAddConnectionCommandMarshalSupport(t *testing.T) {
}
}
func TestRemoveConnectionCommandMarshalSupport(t *testing.T) {
func TestRemoveConnection(t *testing.T) {
commandInput := &RemoveProxy{
Type: "removeProxy",
SourceIP: "192.168.0.139",
SourcePort: 19132,
DestPort: 19132,
Protocol: "tcp",
}
commandMarshalled, err := Marshal(commandInput.Type, commandInput)
commandMarshalled, err := Marshal(commandInput)
if err != nil {
t.Fatalf(err.Error())
t.Fatal(err.Error())
}
if logLevel == "debug" {
@ -175,28 +140,18 @@ func TestRemoveConnectionCommandMarshalSupport(t *testing.T) {
}
buf := bytes.NewBuffer(commandMarshalled)
commandType, commandUnmarshalledRaw, err := Unmarshal(buf)
commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
if commandType != commandInput.Type {
t.Fail()
log.Print("command type does not match up!")
}
commandUnmarshalled, ok := commandUnmarshalledRaw.(*RemoveProxy)
if !ok {
t.Fatal("failed typecast")
}
if commandInput.Type != commandUnmarshalled.Type {
t.Fail()
log.Printf("Types are not equal (orig: %s, unmsh: %s)", commandInput.Type, commandUnmarshalled.Type)
}
if commandInput.SourceIP != commandUnmarshalled.SourceIP {
t.Fail()
log.Printf("SourceIP's are not equal (orig: %s, unmsh: %s)", commandInput.SourceIP, commandUnmarshalled.SourceIP)
@ -218,9 +173,8 @@ func TestRemoveConnectionCommandMarshalSupport(t *testing.T) {
}
}
func TestGetAllConnectionsCommandMarshalSupport(t *testing.T) {
func TestGetAllConnections(t *testing.T) {
commandInput := &ProxyConnectionsResponse{
Type: "proxyConnectionsResponse",
Connections: []*ProxyClientConnection{
{
SourceIP: "127.0.0.1",
@ -246,10 +200,10 @@ func TestGetAllConnectionsCommandMarshalSupport(t *testing.T) {
},
}
commandMarshalled, err := Marshal(commandInput.Type, commandInput)
commandMarshalled, err := Marshal(commandInput)
if err != nil {
t.Fatalf(err.Error())
t.Fatal(err.Error())
}
if logLevel == "debug" {
@ -257,28 +211,18 @@ func TestGetAllConnectionsCommandMarshalSupport(t *testing.T) {
}
buf := bytes.NewBuffer(commandMarshalled)
commandType, commandUnmarshalledRaw, err := Unmarshal(buf)
commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
if commandType != commandInput.Type {
t.Fail()
log.Print("command type does not match up!")
}
commandUnmarshalled, ok := commandUnmarshalledRaw.(*ProxyConnectionsResponse)
if !ok {
t.Fatal("failed typecast")
}
if commandInput.Type != commandUnmarshalled.Type {
t.Fail()
log.Printf("Types are not equal (orig: %s, unmsh: %s)", commandInput.Type, commandUnmarshalled.Type)
}
for commandIndex, originalConnection := range commandInput.Connections {
remoteConnection := commandUnmarshalled.Connections[commandIndex]
@ -309,19 +253,18 @@ func TestGetAllConnectionsCommandMarshalSupport(t *testing.T) {
}
}
func TestCheckClientParametersMarshalSupport(t *testing.T) {
func TestCheckClientParameters(t *testing.T) {
commandInput := &CheckClientParameters{
Type: "checkClientParameters",
SourceIP: "192.168.0.139",
SourcePort: 19132,
DestPort: 19132,
Protocol: "tcp",
}
commandMarshalled, err := Marshal(commandInput.Type, commandInput)
commandMarshalled, err := Marshal(commandInput)
if err != nil {
t.Fatalf(err.Error())
t.Fatal(err.Error())
}
if logLevel == "debug" {
@ -329,28 +272,18 @@ func TestCheckClientParametersMarshalSupport(t *testing.T) {
}
buf := bytes.NewBuffer(commandMarshalled)
commandType, commandUnmarshalledRaw, err := Unmarshal(buf)
commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
if commandType != commandInput.Type {
t.Fail()
log.Printf("command type does not match up! (orig: %s, unmsh: %s)", commandType, commandInput.Type)
}
commandUnmarshalled, ok := commandUnmarshalledRaw.(*CheckClientParameters)
if !ok {
t.Fatal("failed typecast")
}
if commandInput.Type != commandUnmarshalled.Type {
t.Fail()
log.Printf("Types are not equal (orig: %s, unmsh: %s)", commandInput.Type, commandUnmarshalled.Type)
}
if commandInput.SourceIP != commandUnmarshalled.SourceIP {
t.Fail()
log.Printf("SourceIP's are not equal (orig: %s, unmsh: %s)", commandInput.SourceIP, commandUnmarshalled.SourceIP)
@ -372,32 +305,26 @@ func TestCheckClientParametersMarshalSupport(t *testing.T) {
}
}
func TestCheckServerParametersMarshalSupport(t *testing.T) {
func TestCheckServerParameters(t *testing.T) {
commandInput := &CheckServerParameters{
Type: "checkServerParameters",
Arguments: []byte("Hello from automated testing"),
}
commandMarshalled, err := Marshal(commandInput.Type, commandInput)
commandMarshalled, err := Marshal(commandInput)
if logLevel == "debug" {
log.Printf("Generated array contents: %v", commandMarshalled)
}
if err != nil {
t.Fatalf(err.Error())
}
buf := bytes.NewBuffer(commandMarshalled)
commandType, commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
if commandType != commandInput.Type {
t.Fail()
log.Print("command type does not match up!")
buf := bytes.NewBuffer(commandMarshalled)
commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
commandUnmarshalled, ok := commandUnmarshalledRaw.(*CheckServerParameters)
@ -406,28 +333,22 @@ func TestCheckServerParametersMarshalSupport(t *testing.T) {
t.Fatal("failed typecast")
}
if commandInput.Type != commandUnmarshalled.Type {
t.Fail()
log.Printf("Types are not equal (orig: %s, unmsh: %s)", commandInput.Type, commandUnmarshalled.Type)
}
if !bytes.Equal(commandInput.Arguments, commandUnmarshalled.Arguments) {
log.Fatalf("Arguments are not equal (orig: '%s', unmsh: '%s')", string(commandInput.Arguments), string(commandUnmarshalled.Arguments))
}
}
func TestCheckParametersResponseMarshalSupport(t *testing.T) {
func TestCheckParametersResponse(t *testing.T) {
commandInput := &CheckParametersResponse{
Type: "checkParametersResponse",
InResponseTo: "checkClientParameters",
IsValid: true,
Message: "Hello from automated testing",
}
commandMarshalled, err := Marshal(commandInput.Type, commandInput)
commandMarshalled, err := Marshal(commandInput)
if err != nil {
t.Fatalf(err.Error())
t.Fatal(err.Error())
}
if logLevel == "debug" {
@ -435,28 +356,18 @@ func TestCheckParametersResponseMarshalSupport(t *testing.T) {
}
buf := bytes.NewBuffer(commandMarshalled)
commandType, commandUnmarshalledRaw, err := Unmarshal(buf)
commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
if commandType != commandInput.Type {
t.Fail()
log.Printf("command type does not match up! (orig: %s, unmsh: %s)", commandType, commandInput.Type)
}
commandUnmarshalled, ok := commandUnmarshalledRaw.(*CheckParametersResponse)
if !ok {
t.Fatal("failed typecast")
}
if commandInput.Type != commandUnmarshalled.Type {
t.Fail()
log.Printf("Types are not equal (orig: %s, unmsh: %s)", commandInput.Type, commandUnmarshalled.Type)
}
if commandInput.InResponseTo != commandUnmarshalled.InResponseTo {
t.Fail()
log.Printf("InResponseTo's are not equal (orig: %s, unmsh: %s)", commandInput.InResponseTo, commandUnmarshalled.InResponseTo)
@ -473,73 +384,54 @@ func TestCheckParametersResponseMarshalSupport(t *testing.T) {
}
}
func TestBackendStatusRequestMarshalSupport(t *testing.T) {
commandInput := &BackendStatusRequest{
Type: "backendStatusRequest",
}
commandMarshalled, err := Marshal(commandInput.Type, commandInput)
func TestBackendStatusRequest(t *testing.T) {
commandInput := &BackendStatusRequest{}
commandMarshalled, err := Marshal(commandInput)
if logLevel == "debug" {
log.Printf("Generated array contents: %v", commandMarshalled)
}
if err != nil {
t.Fatalf(err.Error())
t.Fatal(err.Error())
}
buf := bytes.NewBuffer(commandMarshalled)
commandType, commandUnmarshalledRaw, err := Unmarshal(buf)
commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
if commandType != commandInput.Type {
t.Fail()
log.Print("command type does not match up!")
}
commandUnmarshalled, ok := commandUnmarshalledRaw.(*BackendStatusRequest)
_, ok := commandUnmarshalledRaw.(*BackendStatusRequest)
if !ok {
t.Fatal("failed typecast")
}
if commandInput.Type != commandUnmarshalled.Type {
t.Fail()
log.Printf("Types are not equal (orig: %s, unmsh: %s)", commandInput.Type, commandUnmarshalled.Type)
}
}
func TestBackendStatusResponseMarshalSupport(t *testing.T) {
func TestBackendStatusResponse(t *testing.T) {
commandInput := &BackendStatusResponse{
Type: "backendStatusResponse",
IsRunning: true,
StatusCode: StatusFailure,
Message: "Hello from automated testing",
}
commandMarshalled, err := Marshal(commandInput.Type, commandInput)
commandMarshalled, err := Marshal(commandInput)
if logLevel == "debug" {
log.Printf("Generated array contents: %v", commandMarshalled)
}
if err != nil {
t.Fatalf(err.Error())
}
buf := bytes.NewBuffer(commandMarshalled)
commandType, commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
if commandType != commandInput.Type {
t.Fail()
log.Print("command type does not match up!")
buf := bytes.NewBuffer(commandMarshalled)
commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
commandUnmarshalled, ok := commandUnmarshalledRaw.(*BackendStatusResponse)
@ -548,11 +440,6 @@ func TestBackendStatusResponseMarshalSupport(t *testing.T) {
t.Fatal("failed typecast")
}
if commandInput.Type != commandUnmarshalled.Type {
t.Fail()
log.Printf("Types are not equal (orig: %s, unmsh: %s)", commandInput.Type, commandUnmarshalled.Type)
}
if commandInput.IsRunning != commandUnmarshalled.IsRunning {
t.Fail()
log.Printf("IsRunning's are not equal (orig: %t, unmsh: %t)", commandInput.IsRunning, commandUnmarshalled.IsRunning)
@ -569,19 +456,18 @@ func TestBackendStatusResponseMarshalSupport(t *testing.T) {
}
}
func TestProxyStatusRequestMarshalSupport(t *testing.T) {
func TestProxyStatusRequest(t *testing.T) {
commandInput := &ProxyStatusRequest{
Type: "proxyStatusRequest",
SourceIP: "192.168.0.139",
SourcePort: 19132,
DestPort: 19132,
Protocol: "tcp",
}
commandMarshalled, err := Marshal(commandInput.Type, commandInput)
commandMarshalled, err := Marshal(commandInput)
if err != nil {
t.Fatalf(err.Error())
t.Fatal(err.Error())
}
if logLevel == "debug" {
@ -589,28 +475,18 @@ func TestProxyStatusRequestMarshalSupport(t *testing.T) {
}
buf := bytes.NewBuffer(commandMarshalled)
commandType, commandUnmarshalledRaw, err := Unmarshal(buf)
commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
if commandType != commandInput.Type {
t.Fail()
log.Print("command type does not match up!")
}
commandUnmarshalled, ok := commandUnmarshalledRaw.(*ProxyStatusRequest)
if !ok {
t.Fatal("failed typecast")
}
if commandInput.Type != commandUnmarshalled.Type {
t.Fail()
log.Printf("Types are not equal (orig: %s, unmsh: %s)", commandInput.Type, commandUnmarshalled.Type)
}
if commandInput.SourceIP != commandUnmarshalled.SourceIP {
t.Fail()
log.Printf("SourceIP's are not equal (orig: %s, unmsh: %s)", commandInput.SourceIP, commandUnmarshalled.SourceIP)
@ -632,9 +508,8 @@ func TestProxyStatusRequestMarshalSupport(t *testing.T) {
}
}
func TestProxyStatusResponseMarshalSupport(t *testing.T) {
func TestProxyStatusResponse(t *testing.T) {
commandInput := &ProxyStatusResponse{
Type: "proxyStatusResponse",
SourceIP: "192.168.0.139",
SourcePort: 19132,
DestPort: 19132,
@ -642,10 +517,10 @@ func TestProxyStatusResponseMarshalSupport(t *testing.T) {
IsActive: true,
}
commandMarshalled, err := Marshal(commandInput.Type, commandInput)
commandMarshalled, err := Marshal(commandInput)
if err != nil {
t.Fatalf(err.Error())
t.Fatal(err.Error())
}
if logLevel == "debug" {
@ -653,28 +528,18 @@ func TestProxyStatusResponseMarshalSupport(t *testing.T) {
}
buf := bytes.NewBuffer(commandMarshalled)
commandType, commandUnmarshalledRaw, err := Unmarshal(buf)
commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
if commandType != commandInput.Type {
t.Fail()
log.Print("command type does not match up!")
}
commandUnmarshalled, ok := commandUnmarshalledRaw.(*ProxyStatusResponse)
if !ok {
t.Fatal("failed typecast")
}
if commandInput.Type != commandUnmarshalled.Type {
t.Fail()
log.Printf("Types are not equal (orig: %s, unmsh: %s)", commandInput.Type, commandUnmarshalled.Type)
}
if commandInput.SourceIP != commandUnmarshalled.SourceIP {
t.Fail()
log.Printf("SourceIP's are not equal (orig: %s, unmsh: %s)", commandInput.SourceIP, commandUnmarshalled.SourceIP)
@ -701,48 +566,35 @@ func TestProxyStatusResponseMarshalSupport(t *testing.T) {
}
}
func TestProxyConnectionRequestMarshalSupport(t *testing.T) {
commandInput := &ProxyInstanceRequest{
Type: "proxyInstanceRequest",
}
func TestProxyConnectionRequest(t *testing.T) {
commandInput := &ProxyInstanceRequest{}
commandMarshalled, err := Marshal(commandInput.Type, commandInput)
commandMarshalled, err := Marshal(commandInput)
if logLevel == "debug" {
log.Printf("Generated array contents: %v", commandMarshalled)
}
if err != nil {
t.Fatalf(err.Error())
t.Fatal(err.Error())
}
buf := bytes.NewBuffer(commandMarshalled)
commandType, commandUnmarshalledRaw, err := Unmarshal(buf)
commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
if commandType != commandInput.Type {
t.Fail()
log.Print("command type does not match up!")
}
commandUnmarshalled, ok := commandUnmarshalledRaw.(*ProxyInstanceRequest)
_, ok := commandUnmarshalledRaw.(*ProxyInstanceRequest)
if !ok {
t.Fatal("failed typecast")
}
if commandInput.Type != commandUnmarshalled.Type {
t.Fail()
log.Printf("Types are not equal (orig: %s, unmsh: %s)", commandInput.Type, commandUnmarshalled.Type)
}
}
func TestProxyConnectionResponseMarshalSupport(t *testing.T) {
func TestProxyConnectionResponse(t *testing.T) {
commandInput := &ProxyInstanceResponse{
Type: "proxyInstanceResponse",
Proxies: []*ProxyInstance{
{
SourceIP: "192.168.0.168",
@ -765,10 +617,10 @@ func TestProxyConnectionResponseMarshalSupport(t *testing.T) {
},
}
commandMarshalled, err := Marshal(commandInput.Type, commandInput)
commandMarshalled, err := Marshal(commandInput)
if err != nil {
t.Fatalf(err.Error())
t.Fatal(err.Error())
}
if logLevel == "debug" {
@ -776,28 +628,18 @@ func TestProxyConnectionResponseMarshalSupport(t *testing.T) {
}
buf := bytes.NewBuffer(commandMarshalled)
commandType, commandUnmarshalledRaw, err := Unmarshal(buf)
commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
if commandType != commandInput.Type {
t.Fail()
log.Print("command type does not match up!")
}
commandUnmarshalled, ok := commandUnmarshalledRaw.(*ProxyInstanceResponse)
if !ok {
t.Fatal("failed typecast")
}
if commandInput.Type != commandUnmarshalled.Type {
t.Fail()
log.Printf("Types are not equal (orig: %s, unmsh: %s)", commandInput.Type, commandUnmarshalled.Type)
}
for proxyIndex, originalProxy := range commandInput.Proxies {
remoteProxy := commandUnmarshalled.Proxies[proxyIndex]

171
backend/commonbackend/unmarshal.go
View file

@ -142,11 +142,11 @@ func unmarshalIndividualProxyStruct(conn io.Reader) (*ProxyInstance, error) {
}, nil
}
func Unmarshal(conn io.Reader) (string, interface{}, error) {
func Unmarshal(conn io.Reader) (interface{}, error) {
commandType := make([]byte, 1)
if _, err := conn.Read(commandType); err != nil {
return "", nil, fmt.Errorf("couldn't read command")
return nil, fmt.Errorf("couldn't read command")
}
switch commandType[0] {
@ -154,28 +154,25 @@ func Unmarshal(conn io.Reader) (string, interface{}, error) {
argumentsLength := make([]byte, 2)
if _, err := conn.Read(argumentsLength); err != nil {
return "", nil, fmt.Errorf("couldn't read argument length")
return nil, fmt.Errorf("couldn't read argument length")
}
arguments := make([]byte, binary.BigEndian.Uint16(argumentsLength))
if _, err := conn.Read(arguments); err != nil {
return "", nil, fmt.Errorf("couldn't read arguments")
return nil, fmt.Errorf("couldn't read arguments")
}
return "start", &Start{
Type: "start",
return &Start{
Arguments: arguments,
}, nil
case StopID:
return "stop", &Stop{
Type: "stop",
}, nil
return &Stop{}, nil
case AddProxyID:
ipVersion := make([]byte, 1)
if _, err := conn.Read(ipVersion); err != nil {
return "", nil, fmt.Errorf("couldn't read ip version")
return nil, fmt.Errorf("couldn't read ip version")
}
var ipSize uint8
@ -185,45 +182,44 @@ func Unmarshal(conn io.Reader) (string, interface{}, error) {
} else if ipVersion[0] == 6 {
ipSize = IPv6Size
} else {
return "", nil, fmt.Errorf("invalid IP version recieved")
return nil, fmt.Errorf("invalid IP version recieved")
}
ip := make(net.IP, ipSize)
if _, err := conn.Read(ip); err != nil {
return "", nil, fmt.Errorf("couldn't read source IP")
return nil, fmt.Errorf("couldn't read source IP")
}
sourcePort := make([]byte, 2)
if _, err := conn.Read(sourcePort); err != nil {
return "", nil, fmt.Errorf("couldn't read source port")
return nil, fmt.Errorf("couldn't read source port")
}
destPort := make([]byte, 2)
if _, err := conn.Read(destPort); err != nil {
return "", nil, fmt.Errorf("couldn't read destination port")
return nil, fmt.Errorf("couldn't read destination port")
}
protocolBytes := make([]byte, 1)
if _, err := conn.Read(protocolBytes); err != nil {
return "", nil, fmt.Errorf("couldn't read protocol")
return nil, fmt.Errorf("couldn't read protocol")
}
var protocol string
if protocolBytes[0] == TCP {
protocol = "tcp"
} else if protocolBytes[1] == UDP {
} else if protocolBytes[0] == UDP {
protocol = "udp"
} else {
return "", nil, fmt.Errorf("invalid protocol")
return nil, fmt.Errorf("invalid protocol")
}
return "addProxy", &AddProxy{
Type: "addProxy",
return &AddProxy{
SourceIP: ip.String(),
SourcePort: binary.BigEndian.Uint16(sourcePort),
DestPort: binary.BigEndian.Uint16(destPort),
@ -233,7 +229,7 @@ func Unmarshal(conn io.Reader) (string, interface{}, error) {
ipVersion := make([]byte, 1)
if _, err := conn.Read(ipVersion); err != nil {
return "", nil, fmt.Errorf("couldn't read ip version")
return nil, fmt.Errorf("couldn't read ip version")
}
var ipSize uint8
@ -243,45 +239,44 @@ func Unmarshal(conn io.Reader) (string, interface{}, error) {
} else if ipVersion[0] == 6 {
ipSize = IPv6Size
} else {
return "", nil, fmt.Errorf("invalid IP version recieved")
return nil, fmt.Errorf("invalid IP version recieved")
}
ip := make(net.IP, ipSize)
if _, err := conn.Read(ip); err != nil {
return "", nil, fmt.Errorf("couldn't read source IP")
return nil, fmt.Errorf("couldn't read source IP")
}
sourcePort := make([]byte, 2)
if _, err := conn.Read(sourcePort); err != nil {
return "", nil, fmt.Errorf("couldn't read source port")
return nil, fmt.Errorf("couldn't read source port")
}
destPort := make([]byte, 2)
if _, err := conn.Read(destPort); err != nil {
return "", nil, fmt.Errorf("couldn't read destination port")
return nil, fmt.Errorf("couldn't read destination port")
}
protocolBytes := make([]byte, 1)
if _, err := conn.Read(protocolBytes); err != nil {
return "", nil, fmt.Errorf("couldn't read protocol")
return nil, fmt.Errorf("couldn't read protocol")
}
var protocol string
if protocolBytes[0] == TCP {
protocol = "tcp"
} else if protocolBytes[1] == UDP {
} else if protocolBytes[0] == UDP {
protocol = "udp"
} else {
return "", nil, fmt.Errorf("invalid protocol")
return nil, fmt.Errorf("invalid protocol")
}
return "removeProxy", &RemoveProxy{
Type: "removeProxy",
return &RemoveProxy{
SourceIP: ip.String(),
SourcePort: binary.BigEndian.Uint16(sourcePort),
DestPort: binary.BigEndian.Uint16(destPort),
@ -301,13 +296,13 @@ func Unmarshal(conn io.Reader) (string, interface{}, error) {
break
}
return "", nil, err
return nil, err
}
connections = append(connections, connection)
if _, err := conn.Read(delimiter); err != nil {
return "", nil, fmt.Errorf("couldn't read delimiter")
return nil, fmt.Errorf("couldn't read delimiter")
}
if delimiter[0] == '\r' {
@ -321,15 +316,14 @@ func Unmarshal(conn io.Reader) (string, interface{}, error) {
}
}
return "proxyConnectionsResponse", &ProxyConnectionsResponse{
Type: "proxyConnectionsResponse",
return &ProxyConnectionsResponse{
Connections: connections,
}, errorReturn
case CheckClientParametersID:
ipVersion := make([]byte, 1)
if _, err := conn.Read(ipVersion); err != nil {
return "", nil, fmt.Errorf("couldn't read ip version")
return nil, fmt.Errorf("couldn't read ip version")
}
var ipSize uint8
@ -339,45 +333,44 @@ func Unmarshal(conn io.Reader) (string, interface{}, error) {
} else if ipVersion[0] == 6 {
ipSize = IPv6Size
} else {
return "", nil, fmt.Errorf("invalid IP version recieved")
return nil, fmt.Errorf("invalid IP version recieved")
}
ip := make(net.IP, ipSize)
if _, err := conn.Read(ip); err != nil {
return "", nil, fmt.Errorf("couldn't read source IP")
return nil, fmt.Errorf("couldn't read source IP")
}
sourcePort := make([]byte, 2)
if _, err := conn.Read(sourcePort); err != nil {
return "", nil, fmt.Errorf("couldn't read source port")
return nil, fmt.Errorf("couldn't read source port")
}
destPort := make([]byte, 2)
if _, err := conn.Read(destPort); err != nil {
return "", nil, fmt.Errorf("couldn't read destination port")
return nil, fmt.Errorf("couldn't read destination port")
}
protocolBytes := make([]byte, 1)
if _, err := conn.Read(protocolBytes); err != nil {
return "", nil, fmt.Errorf("couldn't read protocol")
return nil, fmt.Errorf("couldn't read protocol")
}
var protocol string
if protocolBytes[0] == TCP {
protocol = "tcp"
} else if protocolBytes[1] == UDP {
} else if protocolBytes[0] == UDP {
protocol = "udp"
} else {
return "", nil, fmt.Errorf("invalid protocol")
return nil, fmt.Errorf("invalid protocol")
}
return "checkClientParameters", &CheckClientParameters{
Type: "checkClientParameters",
return &CheckClientParameters{
SourceIP: ip.String(),
SourcePort: binary.BigEndian.Uint16(sourcePort),
DestPort: binary.BigEndian.Uint16(destPort),
@ -387,24 +380,23 @@ func Unmarshal(conn io.Reader) (string, interface{}, error) {
argumentsLength := make([]byte, 2)
if _, err := conn.Read(argumentsLength); err != nil {
return "", nil, fmt.Errorf("couldn't read argument length")
return nil, fmt.Errorf("couldn't read argument length")
}
arguments := make([]byte, binary.BigEndian.Uint16(argumentsLength))
if _, err := conn.Read(arguments); err != nil {
return "", nil, fmt.Errorf("couldn't read arguments")
return nil, fmt.Errorf("couldn't read arguments")
}
return "checkServerParameters", &CheckServerParameters{
Type: "checkServerParameters",
return &CheckServerParameters{
Arguments: arguments,
}, nil
case CheckParametersResponseID:
checkMethodByte := make([]byte, 1)
if _, err := conn.Read(checkMethodByte); err != nil {
return "", nil, fmt.Errorf("couldn't read check method byte")
return nil, fmt.Errorf("couldn't read check method byte")
}
var checkMethod string
@ -414,19 +406,19 @@ func Unmarshal(conn io.Reader) (string, interface{}, error) {
} else if checkMethodByte[0] == CheckServerParametersID {
checkMethod = "checkServerParameters"
} else {
return "", nil, fmt.Errorf("invalid check method recieved")
return nil, fmt.Errorf("invalid check method recieved")
}
isValid := make([]byte, 1)
if _, err := conn.Read(isValid); err != nil {
return "", nil, fmt.Errorf("couldn't read isValid byte")
return nil, fmt.Errorf("couldn't read isValid byte")
}
messageLengthBytes := make([]byte, 2)
if _, err := conn.Read(messageLengthBytes); err != nil {
return "", nil, fmt.Errorf("couldn't read message length")
return nil, fmt.Errorf("couldn't read message length")
}
messageLength := binary.BigEndian.Uint16(messageLengthBytes)
@ -436,14 +428,13 @@ func Unmarshal(conn io.Reader) (string, interface{}, error) {
messageBytes := make([]byte, messageLength)
if _, err := conn.Read(messageBytes); err != nil {
return "", nil, fmt.Errorf("couldn't read message")
return nil, fmt.Errorf("couldn't read message")
}
message = string(messageBytes)
}
return "checkParametersResponse", &CheckParametersResponse{
Type: "checkParametersResponse",
return &CheckParametersResponse{
InResponseTo: checkMethod,
IsValid: isValid[0] == 1,
Message: message,
@ -452,19 +443,19 @@ func Unmarshal(conn io.Reader) (string, interface{}, error) {
isRunning := make([]byte, 1)
if _, err := conn.Read(isRunning); err != nil {
return "", nil, fmt.Errorf("couldn't read isRunning field")
return nil, fmt.Errorf("couldn't read isRunning field")
}
statusCode := make([]byte, 1)
if _, err := conn.Read(statusCode); err != nil {
return "", nil, fmt.Errorf("couldn't read status code field")
return nil, fmt.Errorf("couldn't read status code field")
}
messageLengthBytes := make([]byte, 2)
if _, err := conn.Read(messageLengthBytes); err != nil {
return "", nil, fmt.Errorf("couldn't read message length")
return nil, fmt.Errorf("couldn't read message length")
}
messageLength := binary.BigEndian.Uint16(messageLengthBytes)
@ -474,27 +465,24 @@ func Unmarshal(conn io.Reader) (string, interface{}, error) {
messageBytes := make([]byte, messageLength)
if _, err := conn.Read(messageBytes); err != nil {
return "", nil, fmt.Errorf("couldn't read message")
return nil, fmt.Errorf("couldn't read message")
}
message = string(messageBytes)
}
return "backendStatusResponse", &BackendStatusResponse{
Type: "backendStatusResponse",
return &BackendStatusResponse{
IsRunning: isRunning[0] == 1,
StatusCode: int(statusCode[0]),
Message: message,
}, nil
case BackendStatusRequestID:
return "backendStatusRequest", &BackendStatusRequest{
Type: "backendStatusRequest",
}, nil
return &BackendStatusRequest{}, nil
case ProxyStatusRequestID:
ipVersion := make([]byte, 1)
if _, err := conn.Read(ipVersion); err != nil {
return "", nil, fmt.Errorf("couldn't read ip version")
return nil, fmt.Errorf("couldn't read ip version")
}
var ipSize uint8
@ -504,45 +492,44 @@ func Unmarshal(conn io.Reader) (string, interface{}, error) {
} else if ipVersion[0] == 6 {
ipSize = IPv6Size
} else {
return "", nil, fmt.Errorf("invalid IP version recieved")
return nil, fmt.Errorf("invalid IP version recieved")
}
ip := make(net.IP, ipSize)
if _, err := conn.Read(ip); err != nil {
return "", nil, fmt.Errorf("couldn't read source IP")
return nil, fmt.Errorf("couldn't read source IP")
}
sourcePort := make([]byte, 2)
if _, err := conn.Read(sourcePort); err != nil {
return "", nil, fmt.Errorf("couldn't read source port")
return nil, fmt.Errorf("couldn't read source port")
}
destPort := make([]byte, 2)
if _, err := conn.Read(destPort); err != nil {
return "", nil, fmt.Errorf("couldn't read destination port")
return nil, fmt.Errorf("couldn't read destination port")
}
protocolBytes := make([]byte, 1)
if _, err := conn.Read(protocolBytes); err != nil {
return "", nil, fmt.Errorf("couldn't read protocol")
return nil, fmt.Errorf("couldn't read protocol")
}
var protocol string
if protocolBytes[0] == TCP {
protocol = "tcp"
} else if protocolBytes[1] == UDP {
} else if protocolBytes[0] == UDP {
protocol = "udp"
} else {
return "", nil, fmt.Errorf("invalid protocol")
return nil, fmt.Errorf("invalid protocol")
}
return "proxyStatusRequest", &ProxyStatusRequest{
Type: "proxyStatusRequest",
return &ProxyStatusRequest{
SourceIP: ip.String(),
SourcePort: binary.BigEndian.Uint16(sourcePort),
DestPort: binary.BigEndian.Uint16(destPort),
@ -552,7 +539,7 @@ func Unmarshal(conn io.Reader) (string, interface{}, error) {
ipVersion := make([]byte, 1)
if _, err := conn.Read(ipVersion); err != nil {
return "", nil, fmt.Errorf("couldn't read ip version")
return nil, fmt.Errorf("couldn't read ip version")
}
var ipSize uint8
@ -562,51 +549,50 @@ func Unmarshal(conn io.Reader) (string, interface{}, error) {
} else if ipVersion[0] == 6 {
ipSize = IPv6Size
} else {
return "", nil, fmt.Errorf("invalid IP version recieved")
return nil, fmt.Errorf("invalid IP version recieved")
}
ip := make(net.IP, ipSize)
if _, err := conn.Read(ip); err != nil {
return "", nil, fmt.Errorf("couldn't read source IP")
return nil, fmt.Errorf("couldn't read source IP")
}
sourcePort := make([]byte, 2)
if _, err := conn.Read(sourcePort); err != nil {
return "", nil, fmt.Errorf("couldn't read source port")
return nil, fmt.Errorf("couldn't read source port")
}
destPort := make([]byte, 2)
if _, err := conn.Read(destPort); err != nil {
return "", nil, fmt.Errorf("couldn't read destination port")
return nil, fmt.Errorf("couldn't read destination port")
}
protocolBytes := make([]byte, 1)
if _, err := conn.Read(protocolBytes); err != nil {
return "", nil, fmt.Errorf("couldn't read protocol")
return nil, fmt.Errorf("couldn't read protocol")
}
var protocol string
if protocolBytes[0] == TCP {
protocol = "tcp"
} else if protocolBytes[1] == UDP {
} else if protocolBytes[0] == UDP {
protocol = "udp"
} else {
return "", nil, fmt.Errorf("invalid protocol")
return nil, fmt.Errorf("invalid protocol")
}
isActive := make([]byte, 1)
if _, err := conn.Read(isActive); err != nil {
return "", nil, fmt.Errorf("couldn't read isActive field")
return nil, fmt.Errorf("couldn't read isActive field")
}
return "proxyStatusResponse", &ProxyStatusResponse{
Type: "proxyStatusResponse",
return &ProxyStatusResponse{
SourceIP: ip.String(),
SourcePort: binary.BigEndian.Uint16(sourcePort),
DestPort: binary.BigEndian.Uint16(destPort),
@ -614,9 +600,7 @@ func Unmarshal(conn io.Reader) (string, interface{}, error) {
IsActive: isActive[0] == 1,
}, nil
case ProxyInstanceRequestID:
return "proxyInstanceRequest", &ProxyInstanceRequest{
Type: "proxyInstanceRequest",
}, nil
return &ProxyInstanceRequest{}, nil
case ProxyInstanceResponseID:
proxies := []*ProxyInstance{}
delimiter := make([]byte, 1)
@ -631,13 +615,13 @@ func Unmarshal(conn io.Reader) (string, interface{}, error) {
break
}
return "", nil, err
return nil, err
}
proxies = append(proxies, proxy)
if _, err := conn.Read(delimiter); err != nil {
return "", nil, fmt.Errorf("couldn't read delimiter")
return nil, fmt.Errorf("couldn't read delimiter")
}
if delimiter[0] == '\r' {
@ -651,15 +635,12 @@ func Unmarshal(conn io.Reader) (string, interface{}, error) {
}
}
return "proxyInstanceResponse", &ProxyInstanceResponse{
Type: "proxyInstanceResponse",
return &ProxyInstanceResponse{
Proxies: proxies,
}, errorReturn
case ProxyConnectionsRequestID:
return "proxyConnectionsRequest", &ProxyConnectionsRequest{
Type: "proxyConnectionsRequest",
}, nil
return &ProxyConnectionsRequest{}, nil
}
return "", nil, fmt.Errorf("couldn't match command ID")
return nil, fmt.Errorf("couldn't match command ID")
}

8
backend/dummybackend/main.go
View file

@ -3,8 +3,8 @@ package main
import (
"os"
"git.terah.dev/imterah/hermes/backendutil"
"git.terah.dev/imterah/hermes/commonbackend"
"git.terah.dev/imterah/hermes/backend/backendutil"
"git.terah.dev/imterah/hermes/backend/commonbackend"
"github.com/charmbracelet/log"
)
@ -19,6 +19,10 @@ func (backend *DummyBackend) StopBackend() (bool, error) {
return true, nil
}
func (backend *DummyBackend) GetBackendStatus() (bool, error) {
return true, nil
}
func (backend *DummyBackend) StartProxy(command *commonbackend.AddProxy) (bool, error) {
return true, nil
}

45
backend/externalbackendlauncher/main.go
View file

@ -8,8 +8,8 @@ import (
"strings"
"time"
"git.terah.dev/imterah/hermes/backendlauncher"
"git.terah.dev/imterah/hermes/commonbackend"
"git.terah.dev/imterah/hermes/backend/backendlauncher"
"git.terah.dev/imterah/hermes/backend/commonbackend"
"github.com/charmbracelet/log"
"github.com/urfave/cli/v2"
)
@ -21,11 +21,8 @@ type ProxyInstance struct {
Protocol string `json:"protocol"`
}
type WriteLogger struct {
UseError bool
}
type WriteLogger struct{}
// TODO: deprecate UseError switching
func (writer WriteLogger) Write(p []byte) (n int, err error) {
logSplit := strings.Split(string(p), "\n")
@ -34,11 +31,7 @@ func (writer WriteLogger) Write(p []byte) (n int, err error) {
continue
}
if writer.UseError {
log.Errorf("application: %s", line)
} else {
log.Infof("application: %s", line)
}
log.Infof("application: %s", line)
}
return len(p), err
@ -119,11 +112,10 @@ func entrypoint(cCtx *cli.Context) error {
defer sock.Close()
startCommand := &commonbackend.Start{
Type: "start",
Arguments: backendParameters,
}
startMarshalledCommand, err := commonbackend.Marshal("start", startCommand)
startMarshalledCommand, err := commonbackend.Marshal(startCommand)
if err != nil {
log.Errorf("failed to generate start command: %s", err.Error())
@ -135,18 +127,13 @@ func entrypoint(cCtx *cli.Context) error {
continue
}
commandType, commandRaw, err := commonbackend.Unmarshal(sock)
commandRaw, err := commonbackend.Unmarshal(sock)
if err != nil {
log.Errorf("failed to read from/unmarshal from socket: %s", err.Error())
continue
}
if commandType != "backendStatusResponse" {
log.Errorf("recieved commandType '%s', expecting 'backendStatusResponse'", commandType)
continue
}
command, ok := commandRaw.(*commonbackend.BackendStatusResponse)
if !ok {
@ -175,14 +162,13 @@ func entrypoint(cCtx *cli.Context) error {
log.Infof("initializing proxy %s:%d -> remote:%d", proxy.SourceIP, proxy.SourcePort, proxy.DestPort)
proxyAddCommand := &commonbackend.AddProxy{
Type: "addProxy",
SourceIP: proxy.SourceIP,
SourcePort: proxy.SourcePort,
DestPort: proxy.DestPort,
Protocol: proxy.Protocol,
}
marshalledProxyCommand, err := commonbackend.Marshal("addProxy", proxyAddCommand)
marshalledProxyCommand, err := commonbackend.Marshal(proxyAddCommand)
if err != nil {
log.Errorf("failed to generate start command: %s", err.Error())
@ -196,7 +182,7 @@ func entrypoint(cCtx *cli.Context) error {
continue
}
commandType, commandRaw, err := commonbackend.Unmarshal(sock)
commandRaw, err := commonbackend.Unmarshal(sock)
if err != nil {
log.Errorf("failed to read from/unmarshal from socket: %s", err.Error())
@ -204,12 +190,6 @@ func entrypoint(cCtx *cli.Context) error {
continue
}
if commandType != "proxyStatusResponse" {
log.Errorf("recieved commandType '%s', expecting 'proxyStatusResponse'", commandType)
hasAnyFailed = true
continue
}
command, ok := commandRaw.(*commonbackend.ProxyStatusResponse)
if !ok {
@ -242,13 +222,8 @@ func entrypoint(cCtx *cli.Context) error {
log.Debug("entering execution loop (in main goroutine)...")
stdout := WriteLogger{
UseError: false,
}
stderr := WriteLogger{
UseError: true,
}
stdout := WriteLogger{}
stderr := WriteLogger{}
for {
log.Info("starting process...")

90
backend/sshappbackend/datacommands/constants.go Normal file
View file

@ -0,0 +1,90 @@
package datacommands
// DO NOT USE
type ProxyStatusRequest struct {
ProxyID uint16
}
type ProxyStatusResponse struct {
ProxyID uint16
IsActive bool
}
type RemoveProxy struct {
ProxyID uint16
}
type ProxyInstanceResponse struct {
Proxies []uint16
}
type ProxyConnectionsRequest struct {
ProxyID uint16
}
type ProxyConnectionsResponse struct {
Connections []uint16
}
type TCPConnectionOpened struct {
ProxyID uint16
ConnectionID uint16
}
type TCPConnectionClosed struct {
ProxyID uint16
ConnectionID uint16
}
type TCPProxyData struct {
ProxyID uint16
ConnectionID uint16
DataLength uint16
}
type UDPProxyData struct {
ProxyID uint16
ClientIP string
ClientPort uint16
DataLength uint16
}
type ProxyInformationRequest struct {
ProxyID uint16
}
type ProxyInformationResponse struct {
Exists bool
SourceIP string
SourcePort uint16
DestPort uint16
Protocol string // Will be either 'tcp' or 'udp'
}
type ProxyConnectionInformationRequest struct {
ProxyID uint16
ConnectionID uint16
}
type ProxyConnectionInformationResponse struct {
Exists bool
ClientIP string
ClientPort uint16
}
const (
ProxyStatusRequestID = iota + 100
ProxyStatusResponseID
RemoveProxyID
ProxyInstanceResponseID
ProxyConnectionsRequestID
ProxyConnectionsResponseID
TCPConnectionOpenedID
TCPConnectionClosedID
TCPProxyDataID
UDPProxyDataID
ProxyInformationRequestID
ProxyInformationResponseID
ProxyConnectionInformationRequestID
ProxyConnectionInformationResponseID
)

323
backend/sshappbackend/datacommands/marshal.go Normal file
View file

@ -0,0 +1,323 @@
package datacommands
import (
"encoding/binary"
"fmt"
"net"
)
// Example size and protocol constants — adjust as needed.
const (
IPv4Size = 4
IPv6Size = 16
TCP = 1
UDP = 2
)
// Marshal takes a command (pointer to one of our structs) and converts it to a byte slice.
func Marshal(command interface{}) ([]byte, error) {
switch cmd := command.(type) {
// ProxyStatusRequest: 1 byte for the command ID + 2 bytes for the ProxyID.
case *ProxyStatusRequest:
buf := make([]byte, 1+2)
buf[0] = ProxyStatusRequestID
binary.BigEndian.PutUint16(buf[1:], cmd.ProxyID)
return buf, nil
// ProxyStatusResponse: 1 byte for the command ID, 2 bytes for ProxyID, and 1 byte for IsActive.
case *ProxyStatusResponse:
buf := make([]byte, 1+2+1)
buf[0] = ProxyStatusResponseID
binary.BigEndian.PutUint16(buf[1:], cmd.ProxyID)
if cmd.IsActive {
buf[3] = 1
} else {
buf[3] = 0
}
return buf, nil
// RemoveProxy: 1 byte for the command ID + 2 bytes for the ProxyID.
case *RemoveProxy:
buf := make([]byte, 1+2)
buf[0] = RemoveProxyID
binary.BigEndian.PutUint16(buf[1:], cmd.ProxyID)
return buf, nil
// ProxyConnectionsRequest: 1 byte for the command ID + 2 bytes for the ProxyID.
case *ProxyConnectionsRequest:
buf := make([]byte, 1+2)
buf[0] = ProxyConnectionsRequestID
binary.BigEndian.PutUint16(buf[1:], cmd.ProxyID)
return buf, nil
// ProxyConnectionsResponse: 1 byte for the command ID + 2 bytes length of the Connections + 2 bytes for each
// number in the Connection array.
case *ProxyConnectionsResponse:
buf := make([]byte, 1+((len(cmd.Connections)+1)*2))
buf[0] = ProxyConnectionsResponseID
binary.BigEndian.PutUint16(buf[1:], uint16(len(cmd.Connections)))
for connectionIndex, connection := range cmd.Connections {
binary.BigEndian.PutUint16(buf[3+(connectionIndex*2):], connection)
}
return buf, nil
// ProxyConnectionsResponse: 1 byte for the command ID + 2 bytes length of the Proxies + 2 bytes for each
// number in the Proxies array.
case *ProxyInstanceResponse:
buf := make([]byte, 1+((len(cmd.Proxies)+1)*2))
buf[0] = ProxyInstanceResponseID
binary.BigEndian.PutUint16(buf[1:], uint16(len(cmd.Proxies)))
for connectionIndex, connection := range cmd.Proxies {
binary.BigEndian.PutUint16(buf[3+(connectionIndex*2):], connection)
}
return buf, nil
// TCPConnectionOpened: 1 byte for the command ID + 2 bytes ProxyID + 2 bytes ConnectionID.
case *TCPConnectionOpened:
buf := make([]byte, 1+2+2)
buf[0] = TCPConnectionOpenedID
binary.BigEndian.PutUint16(buf[1:], cmd.ProxyID)
binary.BigEndian.PutUint16(buf[3:], cmd.ConnectionID)
return buf, nil
// TCPConnectionClosed: 1 byte for the command ID + 2 bytes ProxyID + 2 bytes ConnectionID.
case *TCPConnectionClosed:
buf := make([]byte, 1+2+2)
buf[0] = TCPConnectionClosedID
binary.BigEndian.PutUint16(buf[1:], cmd.ProxyID)
binary.BigEndian.PutUint16(buf[3:], cmd.ConnectionID)
return buf, nil
// TCPProxyData: 1 byte ID + 2 bytes ProxyID + 2 bytes ConnectionID + 2 bytes DataLength.
case *TCPProxyData:
buf := make([]byte, 1+2+2+2)
buf[0] = TCPProxyDataID
binary.BigEndian.PutUint16(buf[1:], cmd.ProxyID)
binary.BigEndian.PutUint16(buf[3:], cmd.ConnectionID)
binary.BigEndian.PutUint16(buf[5:], cmd.DataLength)
return buf, nil
// UDPProxyData:
// Format: 1 byte ID + 2 bytes ProxyID + 2 bytes ConnectionID +
// 1 byte IP version + IP bytes + 2 bytes ClientPort + 2 bytes DataLength.
case *UDPProxyData:
ip := net.ParseIP(cmd.ClientIP)
if ip == nil {
return nil, fmt.Errorf("invalid client IP: %v", cmd.ClientIP)
}
var ipVer uint8
var ipBytes []byte
if ip4 := ip.To4(); ip4 != nil {
ipBytes = ip4
ipVer = 4
} else if ip16 := ip.To16(); ip16 != nil {
ipBytes = ip16
ipVer = 6
} else {
return nil, fmt.Errorf("unable to detect IP version for: %v", cmd.ClientIP)
}
totalSize := 1 + // id
2 + // ProxyID
1 + // IP version
len(ipBytes) + // client IP bytes
2 + // ClientPort
2 // DataLength
buf := make([]byte, totalSize)
offset := 0
buf[offset] = UDPProxyDataID
offset++
binary.BigEndian.PutUint16(buf[offset:], cmd.ProxyID)
offset += 2
buf[offset] = ipVer
offset++
copy(buf[offset:], ipBytes)
offset += len(ipBytes)
binary.BigEndian.PutUint16(buf[offset:], cmd.ClientPort)
offset += 2
binary.BigEndian.PutUint16(buf[offset:], cmd.DataLength)
return buf, nil
// ProxyInformationRequest: 1 byte ID + 2 bytes ProxyID.
case *ProxyInformationRequest:
buf := make([]byte, 1+2)
buf[0] = ProxyInformationRequestID
binary.BigEndian.PutUint16(buf[1:], cmd.ProxyID)
return buf, nil
// ProxyInformationResponse:
// Format: 1 byte ID + 1 byte Exists + (if exists:)
// 1 byte IP version + IP bytes + 2 bytes SourcePort + 2 bytes DestPort + 1 byte Protocol.
// (For simplicity, this marshaller always writes the IP and port info even if !Exists.)
case *ProxyInformationResponse:
if !cmd.Exists {
buf := make([]byte, 1+1)
buf[0] = ProxyInformationResponseID
buf[1] = 0 /* false */
return buf, nil
}
ip := net.ParseIP(cmd.SourceIP)
if ip == nil {
return nil, fmt.Errorf("invalid source IP: %v", cmd.SourceIP)
}
var ipVer uint8
var ipBytes []byte
if ip4 := ip.To4(); ip4 != nil {
ipBytes = ip4
ipVer = 4
} else if ip16 := ip.To16(); ip16 != nil {
ipBytes = ip16
ipVer = 6
} else {
return nil, fmt.Errorf("unable to detect IP version for: %v", cmd.SourceIP)
}
totalSize := 1 + // id
1 + // Exists flag
1 + // IP version
len(ipBytes) +
2 + // SourcePort
2 + // DestPort
1 // Protocol
buf := make([]byte, totalSize)
offset := 0
buf[offset] = ProxyInformationResponseID
offset++
// We already handle this above
buf[offset] = 1 /* true */
offset++
buf[offset] = ipVer
offset++
copy(buf[offset:], ipBytes)
offset += len(ipBytes)
binary.BigEndian.PutUint16(buf[offset:], cmd.SourcePort)
offset += 2
binary.BigEndian.PutUint16(buf[offset:], cmd.DestPort)
offset += 2
// Encode protocol as 1 byte.
switch cmd.Protocol {
case "tcp":
buf[offset] = TCP
case "udp":
buf[offset] = UDP
default:
return nil, fmt.Errorf("invalid protocol: %v", cmd.Protocol)
}
// offset++ (not needed since we are at the end)
return buf, nil
// ProxyConnectionInformationRequest: 1 byte ID + 2 bytes ProxyID + 2 bytes ConnectionID.
case *ProxyConnectionInformationRequest:
buf := make([]byte, 1+2+2)
buf[0] = ProxyConnectionInformationRequestID
binary.BigEndian.PutUint16(buf[1:], cmd.ProxyID)
binary.BigEndian.PutUint16(buf[3:], cmd.ConnectionID)
return buf, nil
// ProxyConnectionInformationResponse:
// Format: 1 byte ID + 1 byte Exists + (if exists:)
// 1 byte IP version + IP bytes + 2 bytes ClientPort.
// This marshaller only writes the rest of the data if Exists.
case *ProxyConnectionInformationResponse:
if !cmd.Exists {
buf := make([]byte, 1+1)
buf[0] = ProxyConnectionInformationResponseID
buf[1] = 0 /* false */
return buf, nil
}
ip := net.ParseIP(cmd.ClientIP)
if ip == nil {
return nil, fmt.Errorf("invalid client IP: %v", cmd.ClientIP)
}
var ipVer uint8
var ipBytes []byte
if ip4 := ip.To4(); ip4 != nil {
ipBytes = ip4
ipVer = 4
} else if ip16 := ip.To16(); ip16 != nil {
ipBytes = ip16
ipVer = 6
} else {
return nil, fmt.Errorf("unable to detect IP version for: %v", cmd.ClientIP)
}
totalSize := 1 + // id
1 + // Exists flag
1 + // IP version
len(ipBytes) +
2 // ClientPort
buf := make([]byte, totalSize)
offset := 0
buf[offset] = ProxyConnectionInformationResponseID
offset++
// We already handle this above
buf[offset] = 1 /* true */
offset++
buf[offset] = ipVer
offset++
copy(buf[offset:], ipBytes)
offset += len(ipBytes)
binary.BigEndian.PutUint16(buf[offset:], cmd.ClientPort)
return buf, nil
default:
return nil, fmt.Errorf("unsupported command type")
}
}

652
backend/sshappbackend/datacommands/marshalling_test.go Normal file
View file

@ -0,0 +1,652 @@
package datacommands
import (
"bytes"
"log"
"os"
"testing"
)
var logLevel = os.Getenv("HERMES_LOG_LEVEL")
func TestProxyStatusRequest(t *testing.T) {
commandInput := &ProxyStatusRequest{
ProxyID: 19132,
}
commandMarshalled, err := Marshal(commandInput)
if logLevel == "debug" {
log.Printf("Generated array contents: %v", commandMarshalled)
}
if err != nil {
t.Fatal(err.Error())
}
buf := bytes.NewBuffer(commandMarshalled)
commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
commandUnmarshalled, ok := commandUnmarshalledRaw.(*ProxyStatusRequest)
if !ok {
t.Fatal("failed typecast")
}
if commandInput.ProxyID != commandUnmarshalled.ProxyID {
t.Fail()
log.Printf("ProxyID's are not equal (orig: '%d', unmsh: '%d')", commandInput.ProxyID, commandUnmarshalled.ProxyID)
}
}
func TestProxyStatusResponse(t *testing.T) {
commandInput := &ProxyStatusResponse{
ProxyID: 19132,
IsActive: true,
}
commandMarshalled, err := Marshal(commandInput)
if logLevel == "debug" {
log.Printf("Generated array contents: %v", commandMarshalled)
}
if err != nil {
t.Fatal(err.Error())
}
buf := bytes.NewBuffer(commandMarshalled)
commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
commandUnmarshalled, ok := commandUnmarshalledRaw.(*ProxyStatusResponse)
if !ok {
t.Fatal("failed typecast")
}
if commandInput.ProxyID != commandUnmarshalled.ProxyID {
t.Fail()
log.Printf("ProxyID's are not equal (orig: '%d', unmsh: '%d')", commandInput.ProxyID, commandUnmarshalled.ProxyID)
}
if commandInput.IsActive != commandUnmarshalled.IsActive {
t.Fail()
log.Printf("IsActive's are not equal (orig: '%t', unmsh: '%t')", commandInput.IsActive, commandUnmarshalled.IsActive)
}
}
func TestRemoveProxy(t *testing.T) {
commandInput := &RemoveProxy{
ProxyID: 19132,
}
commandMarshalled, err := Marshal(commandInput)
if logLevel == "debug" {
log.Printf("Generated array contents: %v", commandMarshalled)
}
if err != nil {
t.Fatal(err.Error())
}
buf := bytes.NewBuffer(commandMarshalled)
commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
commandUnmarshalled, ok := commandUnmarshalledRaw.(*RemoveProxy)
if !ok {
t.Fatal("failed typecast")
}
if commandInput.ProxyID != commandUnmarshalled.ProxyID {
t.Fail()
log.Printf("ProxyID's are not equal (orig: '%d', unmsh: '%d')", commandInput.ProxyID, commandUnmarshalled.ProxyID)
}
}
func TestProxyConnectionsRequest(t *testing.T) {
commandInput := &ProxyConnectionsRequest{
ProxyID: 19132,
}
commandMarshalled, err := Marshal(commandInput)
if logLevel == "debug" {
log.Printf("Generated array contents: %v", commandMarshalled)
}
if err != nil {
t.Fatal(err.Error())
}
buf := bytes.NewBuffer(commandMarshalled)
commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
commandUnmarshalled, ok := commandUnmarshalledRaw.(*ProxyConnectionsRequest)
if !ok {
t.Fatal("failed typecast")
}
if commandInput.ProxyID != commandUnmarshalled.ProxyID {
t.Fail()
log.Printf("ProxyID's are not equal (orig: '%d', unmsh: '%d')", commandInput.ProxyID, commandUnmarshalled.ProxyID)
}
}
func TestProxyConnectionsResponse(t *testing.T) {
commandInput := &ProxyConnectionsResponse{
Connections: []uint16{12831, 9455, 64219, 12, 32},
}
commandMarshalled, err := Marshal(commandInput)
if logLevel == "debug" {
log.Printf("Generated array contents: %v", commandMarshalled)
}
if err != nil {
t.Fatal(err.Error())
}
buf := bytes.NewBuffer(commandMarshalled)
commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
commandUnmarshalled, ok := commandUnmarshalledRaw.(*ProxyConnectionsResponse)
if !ok {
t.Fatal("failed typecast")
}
for connectionIndex, originalConnection := range commandInput.Connections {
remoteConnection := commandUnmarshalled.Connections[connectionIndex]
if originalConnection != remoteConnection {
t.Fail()
log.Printf("(in #%d) SourceIP's are not equal (orig: %d, unmsh: %d)", connectionIndex, originalConnection, connectionIndex)
}
}
}
func TestProxyInstanceResponse(t *testing.T) {
commandInput := &ProxyInstanceResponse{
Proxies: []uint16{12831, 9455, 64219, 12, 32},
}
commandMarshalled, err := Marshal(commandInput)
if logLevel == "debug" {
log.Printf("Generated array contents: %v", commandMarshalled)
}
if err != nil {
t.Fatal(err.Error())
}
buf := bytes.NewBuffer(commandMarshalled)
commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
commandUnmarshalled, ok := commandUnmarshalledRaw.(*ProxyInstanceResponse)
if !ok {
t.Fatal("failed typecast")
}
for proxyIndex, originalProxy := range commandInput.Proxies {
remoteProxy := commandUnmarshalled.Proxies[proxyIndex]
if originalProxy != remoteProxy {
t.Fail()
log.Printf("(in #%d) Proxy IDs are not equal (orig: %d, unmsh: %d)", proxyIndex, originalProxy, remoteProxy)
}
}
}
func TestTCPConnectionOpened(t *testing.T) {
commandInput := &TCPConnectionOpened{
ProxyID: 19132,
ConnectionID: 25565,
}
commandMarshalled, err := Marshal(commandInput)
if logLevel == "debug" {
log.Printf("Generated array contents: %v", commandMarshalled)
}
if err != nil {
t.Fatal(err.Error())
}
buf := bytes.NewBuffer(commandMarshalled)
commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
commandUnmarshalled, ok := commandUnmarshalledRaw.(*TCPConnectionOpened)
if !ok {
t.Fatal("failed typecast")
}
if commandInput.ProxyID != commandUnmarshalled.ProxyID {
t.Fail()
log.Printf("ProxyID's are not equal (orig: '%d', unmsh: '%d')", commandInput.ProxyID, commandUnmarshalled.ProxyID)
}
if commandInput.ConnectionID != commandUnmarshalled.ConnectionID {
t.Fail()
log.Printf("ConnectionID's are not equal (orig: '%d', unmsh: '%d')", commandInput.ConnectionID, commandUnmarshalled.ConnectionID)
}
}
func TestTCPConnectionClosed(t *testing.T) {
commandInput := &TCPConnectionClosed{
ProxyID: 19132,
ConnectionID: 25565,
}
commandMarshalled, err := Marshal(commandInput)
if logLevel == "debug" {
log.Printf("Generated array contents: %v", commandMarshalled)
}
if err != nil {
t.Fatal(err.Error())
}
buf := bytes.NewBuffer(commandMarshalled)
commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
commandUnmarshalled, ok := commandUnmarshalledRaw.(*TCPConnectionClosed)
if !ok {
t.Fatal("failed typecast")
}
if commandInput.ProxyID != commandUnmarshalled.ProxyID {
t.Fail()
log.Printf("ProxyID's are not equal (orig: '%d', unmsh: '%d')", commandInput.ProxyID, commandUnmarshalled.ProxyID)
}
if commandInput.ConnectionID != commandUnmarshalled.ConnectionID {
t.Fail()
log.Printf("ConnectionID's are not equal (orig: '%d', unmsh: '%d')", commandInput.ConnectionID, commandUnmarshalled.ConnectionID)
}
}
func TestTCPProxyData(t *testing.T) {
commandInput := &TCPProxyData{
ProxyID: 19132,
ConnectionID: 25565,
DataLength: 1234,
}
commandMarshalled, err := Marshal(commandInput)
if logLevel == "debug" {
log.Printf("Generated array contents: %v", commandMarshalled)
}
if err != nil {
t.Fatal(err.Error())
}
buf := bytes.NewBuffer(commandMarshalled)
commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
commandUnmarshalled, ok := commandUnmarshalledRaw.(*TCPProxyData)
if !ok {
t.Fatal("failed typecast")
}
if commandInput.ProxyID != commandUnmarshalled.ProxyID {
t.Fail()
log.Printf("ProxyID's are not equal (orig: '%d', unmsh: '%d')", commandInput.ProxyID, commandUnmarshalled.ProxyID)
}
if commandInput.ConnectionID != commandUnmarshalled.ConnectionID {
t.Fail()
log.Printf("ConnectionID's are not equal (orig: '%d', unmsh: '%d')", commandInput.ConnectionID, commandUnmarshalled.ConnectionID)
}
if commandInput.DataLength != commandUnmarshalled.DataLength {
t.Fail()
log.Printf("DataLength's are not equal (orig: '%d', unmsh: '%d')", commandInput.DataLength, commandUnmarshalled.DataLength)
}
}
func TestUDPProxyData(t *testing.T) {
commandInput := &UDPProxyData{
ProxyID: 19132,
ClientIP: "68.51.23.54",
ClientPort: 28173,
DataLength: 1234,
}
commandMarshalled, err := Marshal(commandInput)
if logLevel == "debug" {
log.Printf("Generated array contents: %v", commandMarshalled)
}
if err != nil {
t.Fatal(err.Error())
}
buf := bytes.NewBuffer(commandMarshalled)
commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
commandUnmarshalled, ok := commandUnmarshalledRaw.(*UDPProxyData)
if !ok {
t.Fatal("failed typecast")
}
if commandInput.ProxyID != commandUnmarshalled.ProxyID {
t.Fail()
log.Printf("ProxyID's are not equal (orig: '%d', unmsh: '%d')", commandInput.ProxyID, commandUnmarshalled.ProxyID)
}
if commandInput.ClientIP != commandUnmarshalled.ClientIP {
t.Fail()
log.Printf("ClientIP's are not equal (orig: '%s', unmsh: '%s')", commandInput.ClientIP, commandUnmarshalled.ClientIP)
}
if commandInput.ClientPort != commandUnmarshalled.ClientPort {
t.Fail()
log.Printf("ClientPort's are not equal (orig: '%d', unmsh: '%d')", commandInput.ClientPort, commandUnmarshalled.ClientPort)
}
if commandInput.DataLength != commandUnmarshalled.DataLength {
t.Fail()
log.Printf("DataLength's are not equal (orig: '%d', unmsh: '%d')", commandInput.DataLength, commandUnmarshalled.DataLength)
}
}
func TestProxyInformationRequest(t *testing.T) {
commandInput := &ProxyInformationRequest{
ProxyID: 19132,
}
commandMarshalled, err := Marshal(commandInput)
if logLevel == "debug" {
log.Printf("Generated array contents: %v", commandMarshalled)
}
if err != nil {
t.Fatal(err.Error())
}
buf := bytes.NewBuffer(commandMarshalled)
commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
commandUnmarshalled, ok := commandUnmarshalledRaw.(*ProxyInformationRequest)
if !ok {
t.Fatal("failed typecast")
}
if commandInput.ProxyID != commandUnmarshalled.ProxyID {
t.Fail()
log.Printf("ProxyID's are not equal (orig: '%d', unmsh: '%d')", commandInput.ProxyID, commandUnmarshalled.ProxyID)
}
}
func TestProxyInformationResponseExists(t *testing.T) {
commandInput := &ProxyInformationResponse{
Exists: true,
SourceIP: "192.168.0.139",
SourcePort: 19132,
DestPort: 19132,
Protocol: "tcp",
}
commandMarshalled, err := Marshal(commandInput)
if err != nil {
t.Fatal(err.Error())
}
if logLevel == "debug" {
log.Printf("Generated array contents: %v", commandMarshalled)
}
buf := bytes.NewBuffer(commandMarshalled)
commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
commandUnmarshalled, ok := commandUnmarshalledRaw.(*ProxyInformationResponse)
if !ok {
t.Fatal("failed typecast")
}
if commandInput.Exists != commandUnmarshalled.Exists {
t.Fail()
log.Printf("Exists's are not equal (orig: '%t', unmsh: '%t')", commandInput.Exists, commandUnmarshalled.Exists)
}
if commandInput.SourceIP != commandUnmarshalled.SourceIP {
t.Fail()
log.Printf("SourceIP's are not equal (orig: %s, unmsh: %s)", commandInput.SourceIP, commandUnmarshalled.SourceIP)
}
if commandInput.SourcePort != commandUnmarshalled.SourcePort {
t.Fail()
log.Printf("SourcePort's are not equal (orig: %d, unmsh: %d)", commandInput.SourcePort, commandUnmarshalled.SourcePort)
}
if commandInput.DestPort != commandUnmarshalled.DestPort {
t.Fail()
log.Printf("DestPort's are not equal (orig: %d, unmsh: %d)", commandInput.DestPort, commandUnmarshalled.DestPort)
}
if commandInput.Protocol != commandUnmarshalled.Protocol {
t.Fail()
log.Printf("Protocols are not equal (orig: %s, unmsh: %s)", commandInput.Protocol, commandUnmarshalled.Protocol)
}
}
func TestProxyInformationResponseNoExist(t *testing.T) {
commandInput := &ProxyInformationResponse{
Exists: false,
}
commandMarshalled, err := Marshal(commandInput)
if err != nil {
t.Fatal(err.Error())
}
if logLevel == "debug" {
log.Printf("Generated array contents: %v", commandMarshalled)
}
buf := bytes.NewBuffer(commandMarshalled)
commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
commandUnmarshalled, ok := commandUnmarshalledRaw.(*ProxyInformationResponse)
if !ok {
t.Fatal("failed typecast")
}
if commandInput.Exists != commandUnmarshalled.Exists {
t.Fail()
log.Printf("Exists's are not equal (orig: '%t', unmsh: '%t')", commandInput.Exists, commandUnmarshalled.Exists)
}
}
func TestProxyConnectionInformationRequest(t *testing.T) {
commandInput := &ProxyConnectionInformationRequest{
ProxyID: 19132,
ConnectionID: 25565,
}
commandMarshalled, err := Marshal(commandInput)
if logLevel == "debug" {
log.Printf("Generated array contents: %v", commandMarshalled)
}
if err != nil {
t.Fatal(err.Error())
}
buf := bytes.NewBuffer(commandMarshalled)
commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
commandUnmarshalled, ok := commandUnmarshalledRaw.(*ProxyConnectionInformationRequest)
if !ok {
t.Fatal("failed typecast")
}
if commandInput.ProxyID != commandUnmarshalled.ProxyID {
t.Fail()
log.Printf("ProxyID's are not equal (orig: '%d', unmsh: '%d')", commandInput.ProxyID, commandUnmarshalled.ProxyID)
}
if commandInput.ConnectionID != commandUnmarshalled.ConnectionID {
t.Fail()
log.Printf("ConnectionID's are not equal (orig: '%d', unmsh: '%d')", commandInput.ConnectionID, commandUnmarshalled.ConnectionID)
}
}
func TestProxyConnectionInformationResponseExists(t *testing.T) {
commandInput := &ProxyConnectionInformationResponse{
Exists: true,
ClientIP: "192.168.0.139",
ClientPort: 19132,
}
commandMarshalled, err := Marshal(commandInput)
if err != nil {
t.Fatal(err.Error())
}
if logLevel == "debug" {
log.Printf("Generated array contents: %v", commandMarshalled)
}
buf := bytes.NewBuffer(commandMarshalled)
commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
commandUnmarshalled, ok := commandUnmarshalledRaw.(*ProxyConnectionInformationResponse)
if !ok {
t.Fatal("failed typecast")
}
if commandInput.Exists != commandUnmarshalled.Exists {
t.Fail()
log.Printf("Exists's are not equal (orig: '%t', unmsh: '%t')", commandInput.Exists, commandUnmarshalled.Exists)
}
if commandInput.ClientIP != commandUnmarshalled.ClientIP {
t.Fail()
log.Printf("SourceIP's are not equal (orig: %s, unmsh: %s)", commandInput.ClientIP, commandUnmarshalled.ClientIP)
}
if commandInput.ClientPort != commandUnmarshalled.ClientPort {
t.Fail()
log.Printf("ClientPort's are not equal (orig: %d, unmsh: %d)", commandInput.ClientPort, commandUnmarshalled.ClientPort)
}
}
func TestProxyConnectionInformationResponseNoExists(t *testing.T) {
commandInput := &ProxyConnectionInformationResponse{
Exists: false,
}
commandMarshalled, err := Marshal(commandInput)
if err != nil {
t.Fatal(err.Error())
}
if logLevel == "debug" {
log.Printf("Generated array contents: %v", commandMarshalled)
}
buf := bytes.NewBuffer(commandMarshalled)
commandUnmarshalledRaw, err := Unmarshal(buf)
if err != nil {
t.Fatal(err.Error())
}
commandUnmarshalled, ok := commandUnmarshalledRaw.(*ProxyConnectionInformationResponse)
if !ok {
t.Fatal("failed typecast")
}
if commandInput.Exists != commandUnmarshalled.Exists {
t.Fail()
log.Printf("Exists's are not equal (orig: '%t', unmsh: '%t')", commandInput.Exists, commandUnmarshalled.Exists)
}
}

422
backend/sshappbackend/datacommands/unmarshal.go Normal file
View file

@ -0,0 +1,422 @@
package datacommands
import (
"encoding/binary"
"fmt"
"io"
"net"
)
// Unmarshal reads from the provided connection and returns
// the message type (as a string), the unmarshalled struct, or an error.
func Unmarshal(conn io.Reader) (interface{}, error) {
// Every command starts with a 1-byte command ID.
header := make([]byte, 1)
if _, err := io.ReadFull(conn, header); err != nil {
return nil, fmt.Errorf("couldn't read command ID: %w", err)
}
cmdID := header[0]
switch cmdID {
// ProxyStatusRequest: 1 byte ID + 2 bytes ProxyID.
case ProxyStatusRequestID:
buf := make([]byte, 2)
if _, err := io.ReadFull(conn, buf); err != nil {
return nil, fmt.Errorf("couldn't read ProxyStatusRequest ProxyID: %w", err)
}
proxyID := binary.BigEndian.Uint16(buf)
return &ProxyStatusRequest{
ProxyID: proxyID,
}, nil
// ProxyStatusResponse: 1 byte ID + 2 bytes ProxyID + 1 byte IsActive.
case ProxyStatusResponseID:
buf := make([]byte, 2)
if _, err := io.ReadFull(conn, buf); err != nil {
return nil, fmt.Errorf("couldn't read ProxyStatusResponse ProxyID: %w", err)
}
proxyID := binary.BigEndian.Uint16(buf)
boolBuf := make([]byte, 1)
if _, err := io.ReadFull(conn, boolBuf); err != nil {
return nil, fmt.Errorf("couldn't read ProxyStatusResponse IsActive: %w", err)
}
isActive := boolBuf[0] != 0
return &ProxyStatusResponse{
ProxyID: proxyID,
IsActive: isActive,
}, nil
// RemoveProxy: 1 byte ID + 2 bytes ProxyID.
case RemoveProxyID:
buf := make([]byte, 2)
if _, err := io.ReadFull(conn, buf); err != nil {
return nil, fmt.Errorf("couldn't read RemoveProxy ProxyID: %w", err)
}
proxyID := binary.BigEndian.Uint16(buf)
return &RemoveProxy{
ProxyID: proxyID,
}, nil
// ProxyConnectionsRequest: 1 byte ID + 2 bytes ProxyID.
case ProxyConnectionsRequestID:
buf := make([]byte, 2)
if _, err := io.ReadFull(conn, buf); err != nil {
return nil, fmt.Errorf("couldn't read ProxyConnectionsRequest ProxyID: %w", err)
}
proxyID := binary.BigEndian.Uint16(buf)
return &ProxyConnectionsRequest{
ProxyID: proxyID,
}, nil
// ProxyConnectionsResponse: 1 byte ID + 2 bytes Connections length + 2 bytes for each Connection in Connections.
case ProxyConnectionsResponseID:
buf := make([]byte, 2)
if _, err := io.ReadFull(conn, buf); err != nil {
return nil, fmt.Errorf("couldn't read ProxyConnectionsResponse length: %w", err)
}
length := binary.BigEndian.Uint16(buf)
connections := make([]uint16, length)
var failedDuringReading error
for connectionIndex := range connections {
if _, err := io.ReadFull(conn, buf); err != nil {
failedDuringReading = fmt.Errorf("couldn't read ProxyConnectionsResponse with position of %d: %w", connectionIndex, err)
break
}
connections[connectionIndex] = binary.BigEndian.Uint16(buf)
}
return &ProxyConnectionsResponse{
Connections: connections,
}, failedDuringReading
// ProxyInstanceResponse: 1 byte ID + 2 bytes Proxies length + 2 bytes for each Proxy in Proxies.
case ProxyInstanceResponseID:
buf := make([]byte, 2)
if _, err := io.ReadFull(conn, buf); err != nil {
return nil, fmt.Errorf("couldn't read ProxyConnectionsResponse length: %w", err)
}
length := binary.BigEndian.Uint16(buf)
proxies := make([]uint16, length)
var failedDuringReading error
for connectionIndex := range proxies {
if _, err := io.ReadFull(conn, buf); err != nil {
failedDuringReading = fmt.Errorf("couldn't read ProxyConnectionsResponse with position of %d: %w", connectionIndex, err)
break
}
proxies[connectionIndex] = binary.BigEndian.Uint16(buf)
}
return &ProxyInstanceResponse{
Proxies: proxies,
}, failedDuringReading
// TCPConnectionOpened: 1 byte ID + 2 bytes ProxyID + 2 bytes ConnectionID.
case TCPConnectionOpenedID:
buf := make([]byte, 2+2)
if _, err := io.ReadFull(conn, buf); err != nil {
return nil, fmt.Errorf("couldn't read TCPConnectionOpened fields: %w", err)
}
proxyID := binary.BigEndian.Uint16(buf[0:2])
connectionID := binary.BigEndian.Uint16(buf[2:4])
return &TCPConnectionOpened{
ProxyID: proxyID,
ConnectionID: connectionID,
}, nil
// TCPConnectionClosed: 1 byte ID + 2 bytes ProxyID + 2 bytes ConnectionID.
case TCPConnectionClosedID:
buf := make([]byte, 2+2)
if _, err := io.ReadFull(conn, buf); err != nil {
return nil, fmt.Errorf("couldn't read TCPConnectionClosed fields: %w", err)
}
proxyID := binary.BigEndian.Uint16(buf[0:2])
connectionID := binary.BigEndian.Uint16(buf[2:4])
return &TCPConnectionClosed{
ProxyID: proxyID,
ConnectionID: connectionID,
}, nil
// TCPProxyData: 1 byte ID + 2 bytes ProxyID + 2 bytes ConnectionID + 2 bytes DataLength.
case TCPProxyDataID:
buf := make([]byte, 2+2+2)
if _, err := io.ReadFull(conn, buf); err != nil {
return nil, fmt.Errorf("couldn't read TCPProxyData fields: %w", err)
}
proxyID := binary.BigEndian.Uint16(buf[0:2])
connectionID := binary.BigEndian.Uint16(buf[2:4])
dataLength := binary.BigEndian.Uint16(buf[4:6])
return &TCPProxyData{
ProxyID: proxyID,
ConnectionID: connectionID,
DataLength: dataLength,
}, nil
// UDPProxyData:
// Format: 1 byte ID + 2 bytes ProxyID + 2 bytes ConnectionID +
// 1 byte IP version + IP bytes + 2 bytes ClientPort + 2 bytes DataLength.
case UDPProxyDataID:
// Read 2 bytes ProxyID + 2 bytes ConnectionID.
buf := make([]byte, 2)
if _, err := io.ReadFull(conn, buf); err != nil {
return nil, fmt.Errorf("couldn't read UDPProxyData ProxyID/ConnectionID: %w", err)
}
proxyID := binary.BigEndian.Uint16(buf)
// Read IP version.
ipVerBuf := make([]byte, 1)
if _, err := io.ReadFull(conn, ipVerBuf); err != nil {
return nil, fmt.Errorf("couldn't read UDPProxyData IP version: %w", err)
}
var ipSize int
if ipVerBuf[0] == 4 {
ipSize = IPv4Size
} else if ipVerBuf[0] == 6 {
ipSize = IPv6Size
} else {
return nil, fmt.Errorf("invalid IP version received: %v", ipVerBuf[0])
}
// Read the IP bytes.
ipBytes := make([]byte, ipSize)
if _, err := io.ReadFull(conn, ipBytes); err != nil {
return nil, fmt.Errorf("couldn't read UDPProxyData IP bytes: %w", err)
}
clientIP := net.IP(ipBytes).String()
// Read ClientPort.
portBuf := make([]byte, 2)
if _, err := io.ReadFull(conn, portBuf); err != nil {
return nil, fmt.Errorf("couldn't read UDPProxyData ClientPort: %w", err)
}
clientPort := binary.BigEndian.Uint16(portBuf)
// Read DataLength.
dataLengthBuf := make([]byte, 2)
if _, err := io.ReadFull(conn, dataLengthBuf); err != nil {
return nil, fmt.Errorf("couldn't read UDPProxyData DataLength: %w", err)
}
dataLength := binary.BigEndian.Uint16(dataLengthBuf)
return &UDPProxyData{
ProxyID: proxyID,
ClientIP: clientIP,
ClientPort: clientPort,
DataLength: dataLength,
}, nil
// ProxyInformationRequest: 1 byte ID + 2 bytes ProxyID.
case ProxyInformationRequestID:
buf := make([]byte, 2)
if _, err := io.ReadFull(conn, buf); err != nil {
return nil, fmt.Errorf("couldn't read ProxyInformationRequest ProxyID: %w", err)
}
proxyID := binary.BigEndian.Uint16(buf)
return &ProxyInformationRequest{
ProxyID: proxyID,
}, nil
// ProxyInformationResponse:
// Format: 1 byte ID + 1 byte Exists +
// 1 byte IP version + IP bytes + 2 bytes SourcePort + 2 bytes DestPort + 1 byte Protocol.
case ProxyInformationResponseID:
// Read Exists flag.
boolBuf := make([]byte, 1)
if _, err := io.ReadFull(conn, boolBuf); err != nil {
return nil, fmt.Errorf("couldn't read ProxyInformationResponse Exists flag: %w", err)
}
exists := boolBuf[0] != 0
if !exists {
return &ProxyInformationResponse{
Exists: exists,
}, nil
}
// Read IP version.
ipVerBuf := make([]byte, 1)
if _, err := io.ReadFull(conn, ipVerBuf); err != nil {
return nil, fmt.Errorf("couldn't read ProxyInformationResponse IP version: %w", err)
}
var ipSize int
if ipVerBuf[0] == 4 {
ipSize = IPv4Size
} else if ipVerBuf[0] == 6 {
ipSize = IPv6Size
} else {
return nil, fmt.Errorf("invalid IP version in ProxyInformationResponse: %v", ipVerBuf[0])
}
// Read the source IP bytes.
ipBytes := make([]byte, ipSize)
if _, err := io.ReadFull(conn, ipBytes); err != nil {
return nil, fmt.Errorf("couldn't read ProxyInformationResponse IP bytes: %w", err)
}
sourceIP := net.IP(ipBytes).String()
// Read SourcePort and DestPort.
portsBuf := make([]byte, 2+2)
if _, err := io.ReadFull(conn, portsBuf); err != nil {
return nil, fmt.Errorf("couldn't read ProxyInformationResponse ports: %w", err)
}
sourcePort := binary.BigEndian.Uint16(portsBuf[0:2])
destPort := binary.BigEndian.Uint16(portsBuf[2:4])
// Read protocol.
protoBuf := make([]byte, 1)
if _, err := io.ReadFull(conn, protoBuf); err != nil {
return nil, fmt.Errorf("couldn't read ProxyInformationResponse protocol: %w", err)
}
var protocol string
if protoBuf[0] == TCP {
protocol = "tcp"
} else if protoBuf[0] == UDP {
protocol = "udp"
} else {
return nil, fmt.Errorf("invalid protocol value in ProxyInformationResponse: %d", protoBuf[0])
}
return &ProxyInformationResponse{
Exists: exists,
SourceIP: sourceIP,
SourcePort: sourcePort,
DestPort: destPort,
Protocol: protocol,
}, nil
// ProxyConnectionInformationRequest: 1 byte ID + 2 bytes ProxyID + 2 bytes ConnectionID.
case ProxyConnectionInformationRequestID:
buf := make([]byte, 2+2)
if _, err := io.ReadFull(conn, buf); err != nil {
return nil, fmt.Errorf("couldn't read ProxyConnectionInformationRequest fields: %w", err)
}
proxyID := binary.BigEndian.Uint16(buf[0:2])
connectionID := binary.BigEndian.Uint16(buf[2:4])
return &ProxyConnectionInformationRequest{
ProxyID: proxyID,
ConnectionID: connectionID,
}, nil
// ProxyConnectionInformationResponse:
// Format: 1 byte ID + 1 byte Exists + 1 byte IP version + IP bytes + 2 bytes ClientPort.
case ProxyConnectionInformationResponseID:
// Read Exists flag.
boolBuf := make([]byte, 1)
if _, err := io.ReadFull(conn, boolBuf); err != nil {
return nil, fmt.Errorf("couldn't read ProxyConnectionInformationResponse Exists flag: %w", err)
}
exists := boolBuf[0] != 0
if !exists {
return &ProxyConnectionInformationResponse{
Exists: exists,
}, nil
}
// Read IP version.
ipVerBuf := make([]byte, 1)
if _, err := io.ReadFull(conn, ipVerBuf); err != nil {
return nil, fmt.Errorf("couldn't read ProxyConnectionInformationResponse IP version: %w", err)
}
if ipVerBuf[0] != 4 && ipVerBuf[0] != 6 {
return nil, fmt.Errorf("invalid IP version in ProxyConnectionInformationResponse: %v", ipVerBuf[0])
}
var ipSize int
if ipVerBuf[0] == 4 {
ipSize = IPv4Size
} else {
ipSize = IPv6Size
}
// Read IP bytes.
ipBytes := make([]byte, ipSize)
if _, err := io.ReadFull(conn, ipBytes); err != nil {
return nil, fmt.Errorf("couldn't read ProxyConnectionInformationResponse IP bytes: %w", err)
}
clientIP := net.IP(ipBytes).String()
// Read ClientPort.
portBuf := make([]byte, 2)
if _, err := io.ReadFull(conn, portBuf); err != nil {
return nil, fmt.Errorf("couldn't read ProxyConnectionInformationResponse ClientPort: %w", err)
}
clientPort := binary.BigEndian.Uint16(portBuf)
return &ProxyConnectionInformationResponse{
Exists: exists,
ClientIP: clientIP,
ClientPort: clientPort,
}, nil
default:
return nil, fmt.Errorf("unknown command id: %v", cmdID)
}
}

30
backend/sshappbackend/gaslighter/gaslighter.go Normal file
View file

@ -0,0 +1,30 @@
package gaslighter
import "io"
type Gaslighter struct {
Byte byte
HasGaslit bool
ProxiedReader io.Reader
}
func (gaslighter *Gaslighter) Read(p []byte) (n int, err error) {
if gaslighter.HasGaslit {
return gaslighter.ProxiedReader.Read(p)
}
if len(p) == 0 {
return 0, nil
}
p[0] = gaslighter.Byte
gaslighter.HasGaslit = true
if len(p) > 1 {
n, err := gaslighter.ProxiedReader.Read(p[1:])
return n + 1, err
} else {
return 1, nil
}
}

8
backend/sshappbackend/local-code/fs.go Normal file
View file

@ -0,0 +1,8 @@
package main
import (
"embed"
)
//go:embed remote-bin
var binFiles embed.FS

23
backend/sshappbackend/local-code/logger.go Normal file
View file

@ -0,0 +1,23 @@
package main
import (
"strings"
"github.com/charmbracelet/log"
)
type WriteLogger struct{}
func (writer WriteLogger) Write(p []byte) (n int, err error) {
logSplit := strings.Split(string(p), "\n")
for _, line := range logSplit {
if line == "" {
continue
}
log.Infof("Process: %s", line)
}
return len(p), err
}

868
backend/sshappbackend/local-code/main.go Normal file
View file

@ -0,0 +1,868 @@
package main
import (
"bytes"
"crypto/md5"
"encoding/hex"
"encoding/json"
"errors"
"fmt"
"io"
"math/rand/v2"
"net"
"os"
"strings"
"sync"
"time"
"git.terah.dev/imterah/hermes/backend/backendutil"
"git.terah.dev/imterah/hermes/backend/commonbackend"
"git.terah.dev/imterah/hermes/backend/sshappbackend/datacommands"
"git.terah.dev/imterah/hermes/backend/sshappbackend/gaslighter"
"git.terah.dev/imterah/hermes/backend/sshappbackend/local-code/porttranslation"
"github.com/charmbracelet/log"
"github.com/go-playground/validator/v10"
"github.com/pkg/sftp"
"golang.org/x/crypto/ssh"
)
var validatorInstance *validator.Validate
type TCPProxy struct {
proxyInformation *commonbackend.AddProxy
connections map[uint16]net.Conn
}
type UDPProxy struct {
proxyInformation *commonbackend.AddProxy
portTranslation *porttranslation.PortTranslation
}
type SSHAppBackendData struct {
IP string `json:"ip" validate:"required"`
Port uint16 `json:"port" validate:"required"`
Username string `json:"username" validate:"required"`
PrivateKey string `json:"privateKey" validate:"required"`
ListenOnIPs []string `json:"listenOnIPs"`
}
type SSHAppBackend struct {
config *SSHAppBackendData
conn *ssh.Client
listener net.Listener
currentSock net.Conn
tcpProxies map[uint16]*TCPProxy
udpProxies map[uint16]*UDPProxy
// globalNonCriticalMessageLock: Locks all messages that don't need low-latency transmissions & high
// speed behind a lock. This ensures safety when it comes to handling messages correctly.
globalNonCriticalMessageLock sync.Mutex
// globalNonCriticalMessageChan: Channel for handling messages that need a reply / aren't critical.
globalNonCriticalMessageChan chan interface{}
}
func (backend *SSHAppBackend) StartBackend(configBytes []byte) (bool, error) {
log.Info("SSHAppBackend is initializing...")
if validatorInstance == nil {
validatorInstance = validator.New()
}
backend.globalNonCriticalMessageChan = make(chan interface{})
backend.tcpProxies = map[uint16]*TCPProxy{}
backend.udpProxies = map[uint16]*UDPProxy{}
var backendData SSHAppBackendData
if err := json.Unmarshal(configBytes, &backendData); err != nil {
return false, err
}
if err := validatorInstance.Struct(&backendData); err != nil {
return false, err
}
backend.config = &backendData
if len(backend.config.ListenOnIPs) == 0 {
backend.config.ListenOnIPs = []string{"0.0.0.0"}
}
signer, err := ssh.ParsePrivateKey([]byte(backendData.PrivateKey))
if err != nil {
log.Warnf("Failed to initialize: %s", err.Error())
return false, err
}
auth := ssh.PublicKeys(signer)
config := &ssh.ClientConfig{
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
User: backendData.Username,
Auth: []ssh.AuthMethod{
auth,
},
}
conn, err := ssh.Dial("tcp", fmt.Sprintf("%s:%d", backendData.IP, backendData.Port), config)
if err != nil {
log.Warnf("Failed to initialize: %s", err.Error())
return false, err
}
backend.conn = conn
log.Debug("SSHAppBackend has connected successfully.")
log.Debug("Getting CPU architecture...")
session, err := backend.conn.NewSession()
if err != nil {
log.Warnf("Failed to create session: %s", err.Error())
conn.Close()
backend.conn = nil
return false, err
}
var stdoutBuf bytes.Buffer
session.Stdout = &stdoutBuf
err = session.Run("uname -m")
if err != nil {
log.Warnf("Failed to run uname command: %s", err.Error())
conn.Close()
backend.conn = nil
return false, err
}
cpuArchBytes := make([]byte, stdoutBuf.Len())
stdoutBuf.Read(cpuArchBytes)
cpuArch := string(cpuArchBytes)
cpuArch = cpuArch[:len(cpuArch)-1]
var backendBinary string
// Ordered in (subjective) popularity
if cpuArch == "x86_64" {
backendBinary = "remote-bin/rt-amd64"
} else if cpuArch == "aarch64" {
backendBinary = "remote-bin/rt-arm64"
} else if cpuArch == "arm" {
backendBinary = "remote-bin/rt-arm"
} else if len(cpuArch) == 4 && string(cpuArch[0]) == "i" && strings.HasSuffix(cpuArch, "86") {
backendBinary = "remote-bin/rt-386"
} else {
log.Warn("Failed to determine executable to use: CPU architecture not compiled/supported currently")
conn.Close()
backend.conn = nil
return false, fmt.Errorf("CPU architecture not compiled/supported currently")
}
log.Debug("Checking if we need to copy the application...")
var binary []byte
needsToCopyBinary := true
session, err = backend.conn.NewSession()
if err != nil {
log.Warnf("Failed to create session: %s", err.Error())
conn.Close()
backend.conn = nil
return false, err
}
session.Stdout = &stdoutBuf
err = session.Start("[ -f /tmp/sshappbackend.runtime ] && md5sum /tmp/sshappbackend.runtime | cut -d \" \" -f 1")
if err != nil {
log.Warnf("Failed to calculate hash of possibly existing backend: %s", err.Error())
conn.Close()
backend.conn = nil
return false, err
}
fileExists := stdoutBuf.Len() != 0
if fileExists {
remoteMD5HashStringBuf := make([]byte, stdoutBuf.Len())
stdoutBuf.Read(remoteMD5HashStringBuf)
remoteMD5HashString := string(remoteMD5HashStringBuf)
remoteMD5HashString = remoteMD5HashString[:len(remoteMD5HashString)-1]
remoteMD5Hash, err := hex.DecodeString(remoteMD5HashString)
if err != nil {
log.Warnf("Failed to decode hex: %s", err.Error())
conn.Close()
backend.conn = nil
return false, err
}
binary, err = binFiles.ReadFile(backendBinary)
if err != nil {
log.Warnf("Failed to read file in the embedded FS: %s", err.Error())
conn.Close()
backend.conn = nil
return false, fmt.Errorf("(embedded FS): %s", err.Error())
}
localMD5Hash := md5.Sum(binary)
log.Infof("remote: %s, local: %s", remoteMD5HashString, hex.EncodeToString(localMD5Hash[:]))
if bytes.Compare(localMD5Hash[:], remoteMD5Hash) == 0 {
needsToCopyBinary = false
}
}
if needsToCopyBinary {
log.Debug("Copying binary...")
sftpInstance, err := sftp.NewClient(conn)
if err != nil {
log.Warnf("Failed to initialize SFTP: %s", err.Error())
conn.Close()
backend.conn = nil
return false, err
}
defer sftpInstance.Close()
if len(binary) == 0 {
binary, err = binFiles.ReadFile(backendBinary)
if err != nil {
log.Warnf("Failed to read file in the embedded FS: %s", err.Error())
conn.Close()
backend.conn = nil
return false, fmt.Errorf("(embedded FS): %s", err.Error())
}
}
var file *sftp.File
if fileExists {
file, err = sftpInstance.OpenFile("/tmp/sshappbackend.runtime", os.O_WRONLY)
} else {
file, err = sftpInstance.Create("/tmp/sshappbackend.runtime")
}
if err != nil {
log.Warnf("Failed to create (or open) file: %s", err.Error())
conn.Close()
backend.conn = nil
return false, err
}
_, err = file.Write(binary)
if err != nil {
log.Warnf("Failed to write file: %s", err.Error())
conn.Close()
backend.conn = nil
return false, err
}
err = file.Chmod(0755)
if err != nil {
log.Warnf("Failed to change permissions on file: %s", err.Error())
conn.Close()
backend.conn = nil
return false, err
}
log.Debug("Done copying file.")
sftpInstance.Close()
} else {
log.Debug("Skipping copying as there's a copy on disk already.")
}
log.Debug("Initializing Unix socket...")
socketPath := fmt.Sprintf("/tmp/sock-%d.sock", rand.Uint())
listener, err := conn.ListenUnix(socketPath)
if err != nil {
log.Warnf("Failed to listen on socket: %s", err.Error())
conn.Close()
backend.conn = nil
return false, err
}
log.Debug("Starting process...")
session, err = backend.conn.NewSession()
if err != nil {
log.Warnf("Failed to create session: %s", err.Error())
conn.Close()
backend.conn = nil
return false, err
}
backend.listener = listener
session.Stdout = WriteLogger{}
session.Stderr = WriteLogger{}
go func() {
for {
err := session.Run(fmt.Sprintf("HERMES_LOG_LEVEL=\"%s\" HERMES_API_SOCK=\"%s\" /tmp/sshappbackend.runtime", os.Getenv("HERMES_LOG_LEVEL"), socketPath))
if err != nil && !errors.Is(err, &ssh.ExitError{}) && !errors.Is(err, &ssh.ExitMissingError{}) {
log.Errorf("Critically failed during execution of remote code: %s", err.Error())
return
} else {
log.Warn("Remote code failed for an unknown reason. Restarting...")
}
}
}()
go backend.sockServerHandler()
log.Debug("Started process. Waiting for Unix socket connection...")
for backend.currentSock == nil {
time.Sleep(10 * time.Millisecond)
}
log.Debug("Detected connection. Sending initialization command...")
proxyStatusRaw, err := backend.SendNonCriticalMessage(&commonbackend.Start{
Arguments: []byte{},
})
if err != nil {
return false, err
}
proxyStatus, ok := proxyStatusRaw.(*commonbackend.BackendStatusResponse)
if !ok {
return false, fmt.Errorf("recieved invalid response type: %T", proxyStatusRaw)
}
if proxyStatus.StatusCode == commonbackend.StatusFailure {
if proxyStatus.Message == "" {
return false, fmt.Errorf("failed to initialize backend in remote code")
} else {
return false, fmt.Errorf("failed to initialize backend in remote code: %s", proxyStatus.Message)
}
}
log.Info("SSHAppBackend has initialized successfully.")
return true, nil
}
func (backend *SSHAppBackend) StopBackend() (bool, error) {
err := backend.conn.Close()
if err != nil {
return false, err
}
return true, nil
}
func (backend *SSHAppBackend) GetBackendStatus() (bool, error) {
return backend.conn != nil, nil
}
func (backend *SSHAppBackend) StartProxy(command *commonbackend.AddProxy) (bool, error) {
proxyStatusRaw, err := backend.SendNonCriticalMessage(command)
if err != nil {
return false, err
}
proxyStatus, ok := proxyStatusRaw.(*datacommands.ProxyStatusResponse)
if !ok {
return false, fmt.Errorf("recieved invalid response type: %T", proxyStatusRaw)
}
if !proxyStatus.IsActive {
return false, fmt.Errorf("failed to initialize proxy in remote code")
}
if command.Protocol == "tcp" {
backend.tcpProxies[proxyStatus.ProxyID] = &TCPProxy{
proxyInformation: command,
}
backend.tcpProxies[proxyStatus.ProxyID].connections = map[uint16]net.Conn{}
} else if command.Protocol == "udp" {
backend.udpProxies[proxyStatus.ProxyID] = &UDPProxy{
proxyInformation: command,
portTranslation: &porttranslation.PortTranslation{},
}
backend.udpProxies[proxyStatus.ProxyID].portTranslation.UDPAddr = &net.UDPAddr{
IP: net.ParseIP(command.SourceIP),
Port: int(command.SourcePort),
}
udpMessageCommand := &datacommands.UDPProxyData{}
udpMessageCommand.ProxyID = proxyStatus.ProxyID
backend.udpProxies[proxyStatus.ProxyID].portTranslation.WriteFrom = func(ip string, port uint16, data []byte) {
udpMessageCommand.ClientIP = ip
udpMessageCommand.ClientPort = port
udpMessageCommand.DataLength = uint16(len(data))
marshalledCommand, err := datacommands.Marshal(udpMessageCommand)
if err != nil {
log.Warnf("Failed to marshal UDP message header")
return
}
if _, err := backend.currentSock.Write(marshalledCommand); err != nil {
log.Warnf("Failed to write UDP message header")
return
}
if _, err := backend.currentSock.Write(data); err != nil {
log.Warnf("Failed to write UDP message")
return
}
}
go func() {
for {
time.Sleep(3 * time.Minute)
// Checks if the proxy still exists before continuing
_, ok := backend.udpProxies[proxyStatus.ProxyID]
if !ok {
return
}
// Then attempt to run cleanup tasks
log.Debug("Running UDP proxy cleanup tasks (invoking CleanupPorts() on portTranslation)")
backend.udpProxies[proxyStatus.ProxyID].portTranslation.CleanupPorts()
}
}()
}
return true, nil
}
func (backend *SSHAppBackend) StopProxy(command *commonbackend.RemoveProxy) (bool, error) {
if command.Protocol == "tcp" {
for proxyIndex, proxy := range backend.tcpProxies {
if proxy.proxyInformation.DestPort != command.DestPort {
continue
}
onDisconnect := &datacommands.TCPConnectionClosed{
ProxyID: proxyIndex,
}
for connectionIndex, connection := range proxy.connections {
connection.Close()
delete(proxy.connections, connectionIndex)
onDisconnect.ConnectionID = connectionIndex
disconnectionCommandMarshalled, err := datacommands.Marshal(onDisconnect)
if err != nil {
log.Errorf("failed to marshal disconnection message: %s", err.Error())
}
backend.currentSock.Write(disconnectionCommandMarshalled)
}
proxyStatusRaw, err := backend.SendNonCriticalMessage(&datacommands.RemoveProxy{
ProxyID: proxyIndex,
})
if err != nil {
return false, err
}
proxyStatus, ok := proxyStatusRaw.(*datacommands.ProxyStatusResponse)
if !ok {
log.Warn("Failed to stop proxy: typecast failed")
return true, fmt.Errorf("failed to stop proxy: typecast failed")
}
if proxyStatus.IsActive {
log.Warn("Failed to stop proxy: still running")
return true, fmt.Errorf("failed to stop proxy: still running")
}
}
} else if command.Protocol == "udp" {
for proxyIndex, proxy := range backend.udpProxies {
if proxy.proxyInformation.DestPort != command.DestPort {
continue
}
proxyStatusRaw, err := backend.SendNonCriticalMessage(&datacommands.RemoveProxy{
ProxyID: proxyIndex,
})
if err != nil {
return false, err
}
proxyStatus, ok := proxyStatusRaw.(*datacommands.ProxyStatusResponse)
if !ok {
log.Warn("Failed to stop proxy: typecast failed")
return true, fmt.Errorf("failed to stop proxy: typecast failed")
}
if proxyStatus.IsActive {
log.Warn("Failed to stop proxy: still running")
return true, fmt.Errorf("failed to stop proxy: still running")
}
proxy.portTranslation.StopAllPorts()
delete(backend.udpProxies, proxyIndex)
}
}
return false, fmt.Errorf("could not find the proxy")
}
func (backend *SSHAppBackend) GetAllClientConnections() []*commonbackend.ProxyClientConnection {
connections := []*commonbackend.ProxyClientConnection{}
informationRequest := &datacommands.ProxyConnectionInformationRequest{}
for proxyID, tcpProxy := range backend.tcpProxies {
informationRequest.ProxyID = proxyID
for connectionID := range tcpProxy.connections {
informationRequest.ConnectionID = connectionID
proxyStatusRaw, err := backend.SendNonCriticalMessage(informationRequest)
if err != nil {
log.Warnf("Failed to get connection information for Proxy ID: %d, Connection ID: %d: %s", proxyID, connectionID, err.Error())
return connections
}
connectionStatus, ok := proxyStatusRaw.(*datacommands.ProxyConnectionInformationResponse)
if !ok {
log.Warn("Failed to get connection response: typecast failed")
return connections
}
if !connectionStatus.Exists {
log.Warnf("Connection with proxy ID: %d, Connection ID: %d is reported to not exist!", proxyID, connectionID)
tcpProxy.connections[connectionID].Close()
}
connections = append(connections, &commonbackend.ProxyClientConnection{
SourceIP: tcpProxy.proxyInformation.SourceIP,
SourcePort: tcpProxy.proxyInformation.SourcePort,
DestPort: tcpProxy.proxyInformation.DestPort,
ClientIP: connectionStatus.ClientIP,
ClientPort: connectionStatus.ClientPort,
})
}
}
return connections
}
// We don't have any parameter limitations, so we should be good.
func (backend *SSHAppBackend) CheckParametersForConnections(clientParameters *commonbackend.CheckClientParameters) *commonbackend.CheckParametersResponse {
return &commonbackend.CheckParametersResponse{
IsValid: true,
}
}
func (backend *SSHAppBackend) CheckParametersForBackend(arguments []byte) *commonbackend.CheckParametersResponse {
var backendData SSHAppBackendData
if validatorInstance == nil {
validatorInstance = validator.New()
}
if err := json.Unmarshal(arguments, &backendData); err != nil {
return &commonbackend.CheckParametersResponse{
IsValid: false,
Message: fmt.Sprintf("could not read json: %s", err.Error()),
}
}
if err := validatorInstance.Struct(&backendData); err != nil {
return &commonbackend.CheckParametersResponse{
IsValid: false,
Message: fmt.Sprintf("failed validation of parameters: %s", err.Error()),
}
}
return &commonbackend.CheckParametersResponse{
IsValid: true,
}
}
func (backend *SSHAppBackend) OnTCPConnectionOpened(proxyID, connectionID uint16) {
conn, err := net.Dial("tcp", fmt.Sprintf("%s:%d", backend.tcpProxies[proxyID].proxyInformation.SourceIP, backend.tcpProxies[proxyID].proxyInformation.SourcePort))
if err != nil {
log.Warnf("failed to dial sock: %s", err.Error())
}
go func() {
dataBuf := make([]byte, 65535)
tcpData := &datacommands.TCPProxyData{
ProxyID: proxyID,
ConnectionID: connectionID,
}
for {
len, err := conn.Read(dataBuf)
if err != nil {
if errors.Is(err, net.ErrClosed) {
return
} else if err.Error() != "EOF" {
log.Warnf("failed to read from sock: %s", err.Error())
}
conn.Close()
break
}
tcpData.DataLength = uint16(len)
marshalledMessageCommand, err := datacommands.Marshal(tcpData)
if err != nil {
log.Warnf("failed to marshal message data: %s", err.Error())
conn.Close()
break
}
if _, err := backend.currentSock.Write(marshalledMessageCommand); err != nil {
log.Warnf("failed to send marshalled message data: %s", err.Error())
conn.Close()
break
}
if _, err := backend.currentSock.Write(dataBuf[:len]); err != nil {
log.Warnf("failed to send raw message data: %s", err.Error())
conn.Close()
break
}
}
onDisconnect := &datacommands.TCPConnectionClosed{
ProxyID: proxyID,
ConnectionID: connectionID,
}
disconnectionCommandMarshalled, err := datacommands.Marshal(onDisconnect)
if err != nil {
log.Errorf("failed to marshal disconnection message: %s", err.Error())
}
backend.currentSock.Write(disconnectionCommandMarshalled)
}()
backend.tcpProxies[proxyID].connections[connectionID] = conn
}
func (backend *SSHAppBackend) OnTCPConnectionClosed(proxyID, connectionID uint16) {
proxy, ok := backend.tcpProxies[proxyID]
if !ok {
log.Warn("Could not find TCP proxy")
}
connection, ok := proxy.connections[connectionID]
if !ok {
log.Warn("Could not find connection in TCP proxy")
}
connection.Close()
delete(proxy.connections, connectionID)
}
func (backend *SSHAppBackend) HandleTCPMessage(message *datacommands.TCPProxyData, data []byte) {
proxy, ok := backend.tcpProxies[message.ProxyID]
if !ok {
log.Warn("Could not find TCP proxy")
}
connection, ok := proxy.connections[message.ConnectionID]
if !ok {
log.Warn("Could not find connection in TCP proxy")
}
connection.Write(data)
}
func (backend *SSHAppBackend) HandleUDPMessage(message *datacommands.UDPProxyData, data []byte) {
proxy, ok := backend.udpProxies[message.ProxyID]
if !ok {
log.Warn("Could not find UDP proxy")
}
if _, err := proxy.portTranslation.WriteTo(message.ClientIP, message.ClientPort, data); err != nil {
log.Warnf("Failed to write to UDP: %s", err.Error())
}
}
func (backend *SSHAppBackend) SendNonCriticalMessage(iface interface{}) (interface{}, error) {
if backend.currentSock == nil {
return nil, fmt.Errorf("socket connection not initialized yet")
}
bytes, err := datacommands.Marshal(iface)
if err != nil && err.Error() == "unsupported command type" {
bytes, err = commonbackend.Marshal(iface)
if err != nil {
return nil, err
}
} else if err != nil {
return nil, err
}
backend.globalNonCriticalMessageLock.Lock()
if _, err := backend.currentSock.Write(bytes); err != nil {
backend.globalNonCriticalMessageLock.Unlock()
return nil, fmt.Errorf("failed to write message: %s", err.Error())
}
reply, ok := <-backend.globalNonCriticalMessageChan
if !ok {
backend.globalNonCriticalMessageLock.Unlock()
return nil, fmt.Errorf("failed to get reply back: chan not OK")
}
backend.globalNonCriticalMessageLock.Unlock()
return reply, nil
}
func (backend *SSHAppBackend) sockServerHandler() {
for {
conn, err := backend.listener.Accept()
if err != nil {
log.Warnf("Failed to accept remote connection: %s", err.Error())
}
log.Debug("Successfully connected.")
backend.currentSock = conn
commandID := make([]byte, 1)
gaslighter := &gaslighter.Gaslighter{}
gaslighter.ProxiedReader = conn
dataBuffer := make([]byte, 65535)
var commandRaw interface{}
for {
if _, err := conn.Read(commandID); err != nil {
log.Warnf("Failed to read command ID: %s", err.Error())
return
}
gaslighter.Byte = commandID[0]
gaslighter.HasGaslit = false
if gaslighter.Byte > 100 {
commandRaw, err = datacommands.Unmarshal(gaslighter)
} else {
commandRaw, err = commonbackend.Unmarshal(gaslighter)
}
if err != nil {
log.Warnf("Failed to parse command: %s", err.Error())
}
switch command := commandRaw.(type) {
case *datacommands.TCPConnectionOpened:
backend.OnTCPConnectionOpened(command.ProxyID, command.ConnectionID)
case *datacommands.TCPConnectionClosed:
backend.OnTCPConnectionClosed(command.ProxyID, command.ConnectionID)
case *datacommands.TCPProxyData:
if _, err := io.ReadFull(conn, dataBuffer[:command.DataLength]); err != nil {
log.Warnf("Failed to read entire data buffer: %s", err.Error())
break
}
backend.HandleTCPMessage(command, dataBuffer[:command.DataLength])
case *datacommands.UDPProxyData:
if _, err := io.ReadFull(conn, dataBuffer[:command.DataLength]); err != nil {
log.Warnf("Failed to read entire data buffer: %s", err.Error())
break
}
backend.HandleUDPMessage(command, dataBuffer[:command.DataLength])
default:
select {
case backend.globalNonCriticalMessageChan <- command:
default:
}
}
}
}
}
func main() {
logLevel := os.Getenv("HERMES_LOG_LEVEL")
if logLevel != "" {
switch logLevel {
case "debug":
log.SetLevel(log.DebugLevel)
case "info":
log.SetLevel(log.InfoLevel)
case "warn":
log.SetLevel(log.WarnLevel)
case "error":
log.SetLevel(log.ErrorLevel)
case "fatal":
log.SetLevel(log.FatalLevel)
}
}
backend := &SSHAppBackend{}
application := backendutil.NewHelper(backend)
err := application.Start()
if err != nil {
log.Fatalf("failed execution in application: %s", err.Error())
}
}

112
backend/sshappbackend/local-code/porttranslation/translation.go Normal file
View file

@ -0,0 +1,112 @@
package porttranslation
import (
"fmt"
"net"
"sync"
"time"
)
type connectionData struct {
udpConn *net.UDPConn
buf []byte
hasBeenAliveFor time.Time
}
type PortTranslation struct {
UDPAddr *net.UDPAddr
WriteFrom func(ip string, port uint16, data []byte)
newConnectionLock sync.Mutex
connections map[string]map[uint16]*connectionData
}
func (translation *PortTranslation) CleanupPorts() {
if translation.connections == nil {
translation.connections = map[string]map[uint16]*connectionData{}
return
}
for connectionIPIndex, connectionPorts := range translation.connections {
anyAreAlive := false
for connectionPortIndex, connectionData := range connectionPorts {
if time.Now().Before(connectionData.hasBeenAliveFor.Add(3 * time.Minute)) {
anyAreAlive = true
continue
}
connectionData.udpConn.Close()
delete(connectionPorts, connectionPortIndex)
}
if !anyAreAlive {
delete(translation.connections, connectionIPIndex)
}
}
}
func (translation *PortTranslation) StopAllPorts() {
if translation.connections == nil {
return
}
for connectionIPIndex, connectionPorts := range translation.connections {
for connectionPortIndex, connectionData := range connectionPorts {
connectionData.udpConn.Close()
delete(connectionPorts, connectionPortIndex)
}
delete(translation.connections, connectionIPIndex)
}
translation.connections = nil
}
func (translation *PortTranslation) WriteTo(ip string, port uint16, data []byte) (int, error) {
if translation.connections == nil {
translation.connections = map[string]map[uint16]*connectionData{}
}
connectionPortData, ok := translation.connections[ip]
if !ok {
translation.connections[ip] = map[uint16]*connectionData{}
connectionPortData = translation.connections[ip]
}
connectionStruct, ok := connectionPortData[port]
if !ok {
connectionPortData[port] = &connectionData{}
connectionStruct = connectionPortData[port]
udpConn, err := net.DialUDP("udp", nil, translation.UDPAddr)
if err != nil {
return 0, fmt.Errorf("failed to initialize UDP socket: %s", err.Error())
}
connectionStruct.udpConn = udpConn
connectionStruct.buf = make([]byte, 65535)
go func() {
for {
n, err := udpConn.Read(connectionStruct.buf)
if err != nil {
udpConn.Close()
delete(connectionPortData, port)
return
}
connectionStruct.hasBeenAliveFor = time.Now()
translation.WriteFrom(ip, port, connectionStruct.buf[:n])
}
}()
}
connectionStruct.hasBeenAliveFor = time.Now()
return connectionStruct.udpConn.Write(data)
}

306
backend/sshappbackend/remote-code/backendutil_custom/application.go Normal file
View file

@ -0,0 +1,306 @@
package backendutil_custom
import (
"io"
"net"
"os"
"git.terah.dev/imterah/hermes/backend/backendutil"
"git.terah.dev/imterah/hermes/backend/commonbackend"
"git.terah.dev/imterah/hermes/backend/sshappbackend/datacommands"
"git.terah.dev/imterah/hermes/backend/sshappbackend/gaslighter"
"github.com/charmbracelet/log"
)
type BackendApplicationHelper struct {
Backend BackendInterface
SocketPath string
socket net.Conn
}
func (helper *BackendApplicationHelper) Start() error {
log.Debug("BackendApplicationHelper is starting")
err := backendutil.ConfigureProfiling()
if err != nil {
return err
}
log.Debug("Currently waiting for Unix socket connection...")
helper.socket, err = net.Dial("unix", helper.SocketPath)
if err != nil {
return err
}
helper.Backend.OnSocketConnection(helper.socket)
log.Debug("Sucessfully connected")
gaslighter := &gaslighter.Gaslighter{}
gaslighter.ProxiedReader = helper.socket
commandID := make([]byte, 1)
for {
if _, err := helper.socket.Read(commandID); err != nil {
return err
}
gaslighter.Byte = commandID[0]
gaslighter.HasGaslit = false
var commandRaw interface{}
if gaslighter.Byte > 100 {
commandRaw, err = datacommands.Unmarshal(gaslighter)
} else {
commandRaw, err = commonbackend.Unmarshal(gaslighter)
}
if err != nil {
return err
}
switch command := commandRaw.(type) {
case *datacommands.ProxyConnectionsRequest:
connections := helper.Backend.GetAllClientConnections(command.ProxyID)
serverParams := &datacommands.ProxyConnectionsResponse{
Connections: connections,
}
byteData, err := datacommands.Marshal(serverParams)
if err != nil {
return err
}
if _, err = helper.socket.Write(byteData); err != nil {
return err
}
case *datacommands.RemoveProxy:
ok, err := helper.Backend.StopProxy(command)
var hasAnyFailed bool
if !ok {
log.Warnf("failed to remove proxy (ID %d): RemoveProxy returned into failure state", command.ProxyID)
hasAnyFailed = true
} else if err != nil {
log.Warnf("failed to remove proxy (ID %d): %s", command.ProxyID, err.Error())
hasAnyFailed = true
}
response := &datacommands.ProxyStatusResponse{
ProxyID: command.ProxyID,
IsActive: hasAnyFailed,
}
responseMarshalled, err := datacommands.Marshal(response)
if err != nil {
log.Error("failed to marshal response: %s", err.Error())
continue
}
helper.socket.Write(responseMarshalled)
case *datacommands.ProxyInformationRequest:
response := helper.Backend.ResolveProxy(command.ProxyID)
responseMarshalled, err := datacommands.Marshal(response)
if err != nil {
log.Error("failed to marshal response: %s", err.Error())
continue
}
helper.socket.Write(responseMarshalled)
case *datacommands.ProxyConnectionInformationRequest:
response := helper.Backend.ResolveConnection(command.ProxyID, command.ConnectionID)
responseMarshalled, err := datacommands.Marshal(response)
if err != nil {
log.Error("failed to marshal response: %s", err.Error())
continue
}
helper.socket.Write(responseMarshalled)
case *datacommands.TCPConnectionClosed:
helper.Backend.OnTCPConnectionClosed(command.ProxyID, command.ConnectionID)
case *datacommands.TCPProxyData:
bytes := make([]byte, command.DataLength)
_, err := io.ReadFull(helper.socket, bytes)
if err != nil {
log.Warn("failed to read TCP data")
}
helper.Backend.HandleTCPMessage(command, bytes)
case *datacommands.UDPProxyData:
bytes := make([]byte, command.DataLength)
_, err := io.ReadFull(helper.socket, bytes)
if err != nil {
log.Warn("failed to read TCP data")
}
helper.Backend.HandleUDPMessage(command, bytes)
case *commonbackend.Start:
ok, err := helper.Backend.StartBackend(command.Arguments)
var (
message string
statusCode int
)
if err != nil {
message = err.Error()
statusCode = commonbackend.StatusFailure
} else {
statusCode = commonbackend.StatusSuccess
}
response := &commonbackend.BackendStatusResponse{
IsRunning: ok,
StatusCode: statusCode,
Message: message,
}
responseMarshalled, err := commonbackend.Marshal(response)
if err != nil {
log.Error("failed to marshal response: %s", err.Error())
continue
}
helper.socket.Write(responseMarshalled)
case *commonbackend.Stop:
ok, err := helper.Backend.StopBackend()
var (
message string
statusCode int
)
if err != nil {
message = err.Error()
statusCode = commonbackend.StatusFailure
} else {
statusCode = commonbackend.StatusSuccess
}
response := &commonbackend.BackendStatusResponse{
IsRunning: !ok,
StatusCode: statusCode,
Message: message,
}
responseMarshalled, err := commonbackend.Marshal(response)
if err != nil {
log.Error("failed to marshal response: %s", err.Error())
continue
}
helper.socket.Write(responseMarshalled)
case *commonbackend.BackendStatusRequest:
ok, err := helper.Backend.GetBackendStatus()
var (
message string
statusCode int
)
if err != nil {
message = err.Error()
statusCode = commonbackend.StatusFailure
} else {
statusCode = commonbackend.StatusSuccess
}
response := &commonbackend.BackendStatusResponse{
IsRunning: ok,
StatusCode: statusCode,
Message: message,
}
responseMarshalled, err := commonbackend.Marshal(response)
if err != nil {
log.Error("failed to marshal response: %s", err.Error())
continue
}
helper.socket.Write(responseMarshalled)
case *commonbackend.AddProxy:
id, ok, err := helper.Backend.StartProxy(command)
var hasAnyFailed bool
if !ok {
log.Warnf("failed to add proxy (%s:%d -> remote:%d): StartProxy returned into failure state", command.SourceIP, command.SourcePort, command.DestPort)
hasAnyFailed = true
} else if err != nil {
log.Warnf("failed to add proxy (%s:%d -> remote:%d): %s", command.SourceIP, command.SourcePort, command.DestPort, err.Error())
hasAnyFailed = true
}
response := &datacommands.ProxyStatusResponse{
ProxyID: id,
IsActive: !hasAnyFailed,
}
responseMarshalled, err := datacommands.Marshal(response)
if err != nil {
log.Error("failed to marshal response: %s", err.Error())
continue
}
helper.socket.Write(responseMarshalled)
case *commonbackend.CheckClientParameters:
resp := helper.Backend.CheckParametersForConnections(command)
resp.InResponseTo = "checkClientParameters"
byteData, err := commonbackend.Marshal(resp)
if err != nil {
return err
}
if _, err = helper.socket.Write(byteData); err != nil {
return err
}
case *commonbackend.CheckServerParameters:
resp := helper.Backend.CheckParametersForBackend(command.Arguments)
resp.InResponseTo = "checkServerParameters"
byteData, err := commonbackend.Marshal(resp)
if err != nil {
return err
}
if _, err = helper.socket.Write(byteData); err != nil {
return err
}
default:
log.Warnf("Unsupported command recieved: %T", command)
}
}
}
func NewHelper(backend BackendInterface) *BackendApplicationHelper {
socketPath, ok := os.LookupEnv("HERMES_API_SOCK")
if !ok {
log.Warn("HERMES_API_SOCK is not defined! This will cause an issue unless the backend manually overwrites it")
}
helper := &BackendApplicationHelper{
Backend: backend,
SocketPath: socketPath,
}
return helper
}

26
backend/sshappbackend/remote-code/backendutil_custom/structure.go Normal file
View file

@ -0,0 +1,26 @@
package backendutil_custom
import (
"net"
"git.terah.dev/imterah/hermes/backend/commonbackend"
"git.terah.dev/imterah/hermes/backend/sshappbackend/datacommands"
)
type BackendInterface interface {
StartBackend(arguments []byte) (bool, error)
StopBackend() (bool, error)
GetBackendStatus() (bool, error)
StartProxy(command *commonbackend.AddProxy) (uint16, bool, error)
StopProxy(command *datacommands.RemoveProxy) (bool, error)
GetAllProxies() []uint16
ResolveProxy(proxyID uint16) *datacommands.ProxyInformationResponse
GetAllClientConnections(proxyID uint16) []uint16
ResolveConnection(proxyID, connectionID uint16) *datacommands.ProxyConnectionInformationResponse
CheckParametersForConnections(clientParameters *commonbackend.CheckClientParameters) *commonbackend.CheckParametersResponse
CheckParametersForBackend(arguments []byte) *commonbackend.CheckParametersResponse
OnTCPConnectionClosed(proxyID, connectionID uint16)
HandleTCPMessage(message *datacommands.TCPProxyData, data []byte)
HandleUDPMessage(message *datacommands.UDPProxyData, data []byte)
OnSocketConnection(sock net.Conn)
}

460
backend/sshappbackend/remote-code/main.go Normal file
View file

@ -0,0 +1,460 @@
package main
import (
"errors"
"fmt"
"net"
"os"
"strconv"
"strings"
"sync"
"git.terah.dev/imterah/hermes/backend/commonbackend"
"git.terah.dev/imterah/hermes/backend/sshappbackend/datacommands"
"git.terah.dev/imterah/hermes/backend/sshappbackend/remote-code/backendutil_custom"
"github.com/charmbracelet/log"
)
type TCPProxy struct {
connectionIDIndex uint16
connectionIDLock sync.Mutex
proxyInformation *commonbackend.AddProxy
connections map[uint16]net.Conn
server net.Listener
}
type UDPProxy struct {
server *net.UDPConn
proxyInformation *commonbackend.AddProxy
}
type SSHRemoteAppBackend struct {
proxyIDIndex uint16
proxyIDLock sync.Mutex
tcpProxies map[uint16]*TCPProxy
udpProxies map[uint16]*UDPProxy
isRunning bool
sock net.Conn
}
func (backend *SSHRemoteAppBackend) StartBackend(byte []byte) (bool, error) {
backend.tcpProxies = map[uint16]*TCPProxy{}
backend.udpProxies = map[uint16]*UDPProxy{}
backend.isRunning = true
return true, nil
}
func (backend *SSHRemoteAppBackend) StopBackend() (bool, error) {
for tcpProxyIndex, tcpProxy := range backend.tcpProxies {
for _, tcpConnection := range tcpProxy.connections {
tcpConnection.Close()
}
tcpProxy.server.Close()
delete(backend.tcpProxies, tcpProxyIndex)
}
for udpProxyIndex, udpProxy := range backend.udpProxies {
udpProxy.server.Close()
delete(backend.udpProxies, udpProxyIndex)
}
backend.isRunning = false
return true, nil
}
func (backend *SSHRemoteAppBackend) GetBackendStatus() (bool, error) {
return backend.isRunning, nil
}
func (backend *SSHRemoteAppBackend) StartProxy(command *commonbackend.AddProxy) (uint16, bool, error) {
// Allocate a new proxy ID
backend.proxyIDLock.Lock()
proxyID := backend.proxyIDIndex
backend.proxyIDIndex++
backend.proxyIDLock.Unlock()
if command.Protocol == "tcp" {
backend.tcpProxies[proxyID] = &TCPProxy{
connections: map[uint16]net.Conn{},
proxyInformation: command,
}
server, err := net.Listen("tcp", fmt.Sprintf(":%d", command.DestPort))
if err != nil {
return 0, false, fmt.Errorf("failed to open server: %s", err.Error())
}
backend.tcpProxies[proxyID].server = server
go func() {
for {
conn, err := server.Accept()
if err != nil {
log.Warnf("failed to accept connection: %s", err.Error())
return
}
go func() {
backend.tcpProxies[proxyID].connectionIDLock.Lock()
connectionID := backend.tcpProxies[proxyID].connectionIDIndex
backend.tcpProxies[proxyID].connectionIDIndex++
backend.tcpProxies[proxyID].connectionIDLock.Unlock()
backend.tcpProxies[proxyID].connections[connectionID] = conn
dataBuf := make([]byte, 65535)
onConnection := &datacommands.TCPConnectionOpened{
ProxyID: proxyID,
ConnectionID: connectionID,
}
connectionCommandMarshalled, err := datacommands.Marshal(onConnection)
if err != nil {
log.Errorf("failed to marshal connection message: %s", err.Error())
}
backend.sock.Write(connectionCommandMarshalled)
tcpData := &datacommands.TCPProxyData{
ProxyID: proxyID,
ConnectionID: connectionID,
}
for {
len, err := conn.Read(dataBuf)
if err != nil {
if errors.Is(err, net.ErrClosed) {
return
} else if err.Error() != "EOF" {
log.Warnf("failed to read from sock: %s", err.Error())
}
conn.Close()
break
}
tcpData.DataLength = uint16(len)
marshalledMessageCommand, err := datacommands.Marshal(tcpData)
if err != nil {
log.Warnf("failed to marshal message data: %s", err.Error())
conn.Close()
break
}
if _, err := backend.sock.Write(marshalledMessageCommand); err != nil {
log.Warnf("failed to send marshalled message data: %s", err.Error())
conn.Close()
break
}
if _, err := backend.sock.Write(dataBuf[:len]); err != nil {
log.Warnf("failed to send raw message data: %s", err.Error())
conn.Close()
break
}
}
onDisconnect := &datacommands.TCPConnectionClosed{
ProxyID: proxyID,
ConnectionID: connectionID,
}
disconnectionCommandMarshalled, err := datacommands.Marshal(onDisconnect)
if err != nil {
log.Errorf("failed to marshal disconnection message: %s", err.Error())
}
backend.sock.Write(disconnectionCommandMarshalled)
}()
}
}()
} else if command.Protocol == "udp" {
backend.udpProxies[proxyID] = &UDPProxy{
proxyInformation: command,
}
server, err := net.ListenUDP("udp", &net.UDPAddr{
IP: net.IPv4(0, 0, 0, 0),
Port: int(command.DestPort),
})
if err != nil {
return 0, false, fmt.Errorf("failed to open server: %s", err.Error())
}
backend.udpProxies[proxyID].server = server
dataBuf := make([]byte, 65535)
udpProxyData := &datacommands.UDPProxyData{
ProxyID: proxyID,
}
go func() {
for {
len, addr, err := server.ReadFromUDP(dataBuf)
if err != nil {
log.Warnf("failed to read from UDP socket: %s", err.Error())
continue
}
udpProxyData.ClientIP = addr.IP.String()
udpProxyData.ClientPort = uint16(addr.Port)
udpProxyData.DataLength = uint16(len)
marshalledMessageCommand, err := datacommands.Marshal(udpProxyData)
if err != nil {
log.Warnf("failed to marshal message data: %s", err.Error())
continue
}
if _, err := backend.sock.Write(marshalledMessageCommand); err != nil {
log.Warnf("failed to send marshalled message data: %s", err.Error())
continue
}
if _, err := backend.sock.Write(dataBuf[:len]); err != nil {
log.Warnf("failed to send raw message data: %s", err.Error())
continue
}
}
}()
}
return proxyID, true, nil
}
func (backend *SSHRemoteAppBackend) StopProxy(command *datacommands.RemoveProxy) (bool, error) {
tcpProxy, ok := backend.tcpProxies[command.ProxyID]
if !ok {
udpProxy, ok := backend.udpProxies[command.ProxyID]
if !ok {
return ok, fmt.Errorf("could not find proxy")
}
udpProxy.server.Close()
delete(backend.udpProxies, command.ProxyID)
} else {
for _, tcpConnection := range tcpProxy.connections {
tcpConnection.Close()
}
tcpProxy.server.Close()
delete(backend.tcpProxies, command.ProxyID)
}
return true, nil
}
func (backend *SSHRemoteAppBackend) GetAllProxies() []uint16 {
proxyList := make([]uint16, len(backend.tcpProxies)+len(backend.udpProxies))
currentPos := 0
for tcpProxy := range backend.tcpProxies {
proxyList[currentPos] = tcpProxy
currentPos += 1
}
for udpProxy := range backend.udpProxies {
proxyList[currentPos] = udpProxy
currentPos += 1
}
return proxyList
}
func (backend *SSHRemoteAppBackend) ResolveProxy(proxyID uint16) *datacommands.ProxyInformationResponse {
var proxyInformation *commonbackend.AddProxy
response := &datacommands.ProxyInformationResponse{}
tcpProxy, ok := backend.tcpProxies[proxyID]
if !ok {
udpProxy, ok := backend.udpProxies[proxyID]
if !ok {
response.Exists = false
return response
}
proxyInformation = udpProxy.proxyInformation
} else {
proxyInformation = tcpProxy.proxyInformation
}
response.Exists = true
response.SourceIP = proxyInformation.SourceIP
response.SourcePort = proxyInformation.SourcePort
response.DestPort = proxyInformation.DestPort
response.Protocol = proxyInformation.Protocol
return response
}
func (backend *SSHRemoteAppBackend) GetAllClientConnections(proxyID uint16) []uint16 {
tcpProxy, ok := backend.tcpProxies[proxyID]
if !ok {
return []uint16{}
}
connectionsArray := make([]uint16, len(tcpProxy.connections))
currentPos := 0
for connectionIndex := range tcpProxy.connections {
connectionsArray[currentPos] = connectionIndex
currentPos++
}
return connectionsArray
}
func (backend *SSHRemoteAppBackend) ResolveConnection(proxyID, connectionID uint16) *datacommands.ProxyConnectionInformationResponse {
response := &datacommands.ProxyConnectionInformationResponse{}
tcpProxy, ok := backend.tcpProxies[proxyID]
if !ok {
response.Exists = false
return response
}
connection, ok := tcpProxy.connections[connectionID]
if !ok {
response.Exists = false
return response
}
addr := connection.RemoteAddr().String()
ip := addr[:strings.LastIndex(addr, ":")]
port, err := strconv.Atoi(addr[strings.LastIndex(addr, ":")+1:])
if err != nil {
log.Warnf("failed to parse client port: %s", err.Error())
response.Exists = false
return response
}
response.ClientIP = ip
response.ClientPort = uint16(port)
return response
}
func (backend *SSHRemoteAppBackend) CheckParametersForConnections(clientParameters *commonbackend.CheckClientParameters) *commonbackend.CheckParametersResponse {
return &commonbackend.CheckParametersResponse{
IsValid: true,
}
}
func (backend *SSHRemoteAppBackend) CheckParametersForBackend(arguments []byte) *commonbackend.CheckParametersResponse {
return &commonbackend.CheckParametersResponse{
IsValid: true,
}
}
func (backend *SSHRemoteAppBackend) HandleTCPMessage(message *datacommands.TCPProxyData, data []byte) {
tcpProxy, ok := backend.tcpProxies[message.ProxyID]
if !ok {
log.Warnf("could not find tcp proxy (ID %d)", message.ProxyID)
return
}
connection, ok := tcpProxy.connections[message.ConnectionID]
if !ok {
log.Warnf("could not find tcp proxy (ID %d) with connection ID (%d)", message.ProxyID, message.ConnectionID)
return
}
connection.Write(data)
}
func (backend *SSHRemoteAppBackend) HandleUDPMessage(message *datacommands.UDPProxyData, data []byte) {
udpProxy, ok := backend.udpProxies[message.ProxyID]
if !ok {
return
}
udpProxy.server.WriteToUDP(data, &net.UDPAddr{
IP: net.ParseIP(message.ClientIP),
Port: int(message.ClientPort),
})
}
func (backend *SSHRemoteAppBackend) OnTCPConnectionClosed(proxyID, connectionID uint16) {
tcpProxy, ok := backend.tcpProxies[proxyID]
if !ok {
return
}
connection, ok := tcpProxy.connections[connectionID]
if !ok {
return
}
connection.Close()
delete(tcpProxy.connections, connectionID)
}
func (backend *SSHRemoteAppBackend) OnSocketConnection(sock net.Conn) {
backend.sock = sock
}
func main() {
logLevel := os.Getenv("HERMES_LOG_LEVEL")
if logLevel != "" {
switch logLevel {
case "debug":
log.SetLevel(log.DebugLevel)
case "info":
log.SetLevel(log.InfoLevel)
case "warn":
log.SetLevel(log.WarnLevel)
case "error":
log.SetLevel(log.ErrorLevel)
case "fatal":
log.SetLevel(log.FatalLevel)
}
}
backend := &SSHRemoteAppBackend{}
application := backendutil_custom.NewHelper(backend)
err := application.Start()
if err != nil {
log.Fatalf("failed execution in application: %s", err.Error())
}
}

329
backend/sshbackend/main.go
View file

@ -2,20 +2,51 @@ package main
import (
"encoding/json"
"errors"
"fmt"
"net"
"os"
"slices"
"strconv"
"strings"
"sync"
"time"
"git.terah.dev/imterah/hermes/backendutil"
"git.terah.dev/imterah/hermes/commonbackend"
"git.terah.dev/imterah/hermes/backend/backendutil"
"git.terah.dev/imterah/hermes/backend/commonbackend"
"github.com/charmbracelet/log"
"github.com/go-playground/validator/v10"
"golang.org/x/crypto/ssh"
)
var validatorInstance *validator.Validate
type ConnWithTimeout struct {
net.Conn
ReadTimeout time.Duration
WriteTimeout time.Duration
}
func (c *ConnWithTimeout) Read(b []byte) (int, error) {
err := c.Conn.SetReadDeadline(time.Now().Add(c.ReadTimeout))
if err != nil {
return 0, err
}
return c.Conn.Read(b)
}
func (c *ConnWithTimeout) Write(b []byte) (int, error) {
err := c.Conn.SetWriteDeadline(time.Now().Add(c.WriteTimeout))
if err != nil {
return 0, err
}
return c.Conn.Write(b)
}
type SSHListener struct {
SourceIP string
SourcePort uint16
@ -24,31 +55,46 @@ type SSHListener struct {
Listeners []net.Listener
}
type SSHBackendData struct {
IP string `json:"ip" validate:"required"`
Port uint16 `json:"port" validate:"required"`
Username string `json:"username" validate:"required"`
PrivateKey string `json:"privateKey" validate:"required"`
DisablePIDCheck bool `json:"disablePIDCheck"`
ListenOnIPs []string `json:"listenOnIPs"`
}
type SSHBackend struct {
config *SSHBackendData
conn *ssh.Client
clients []*commonbackend.ProxyClientConnection
proxies []*SSHListener
arrayPropMutex sync.Mutex
}
type SSHBackendData struct {
IP string `json:"ip" validate:"required"`
Port uint16 `json:"port" validate:"required"`
Username string `json:"username" validate:"required"`
PrivateKey string `json:"privateKey" validate:"required"`
ListenOnIPs []string `json:"listenOnIPs"`
pid int
isReady bool
inReinitLoop bool
}
func (backend *SSHBackend) StartBackend(bytes []byte) (bool, error) {
log.Info("SSHBackend is initializing...")
if validatorInstance == nil {
validatorInstance = validator.New()
}
if backend.inReinitLoop {
for !backend.isReady {
time.Sleep(100 * time.Millisecond)
}
}
var backendData SSHBackendData
if err := json.Unmarshal(bytes, &backendData); err != nil {
return false, err
}
if err := validator.New().Struct(&backendData); err != nil {
if err := validatorInstance.Struct(&backendData); err != nil {
return false, err
}
@ -74,15 +120,71 @@ func (backend *SSHBackend) StartBackend(bytes []byte) (bool, error) {
},
}
conn, err := ssh.Dial("tcp", fmt.Sprintf("%s:%d", backendData.IP, backendData.Port), config)
addr := fmt.Sprintf("%s:%d", backendData.IP, backendData.Port)
timeout := time.Duration(10 * time.Second)
rawTCPConn, err := net.DialTimeout("tcp", addr, timeout)
if err != nil {
return false, err
}
backend.conn = conn
connWithTimeout := &ConnWithTimeout{
Conn: rawTCPConn,
ReadTimeout: timeout,
WriteTimeout: timeout,
}
c, chans, reqs, err := ssh.NewClientConn(connWithTimeout, addr, config)
if err != nil {
return false, err
}
client := ssh.NewClient(c, chans, reqs)
backend.conn = client
if !backendData.DisablePIDCheck {
if backend.pid != 0 {
session, err := client.NewSession()
if err != nil {
return false, err
}
err = session.Run(fmt.Sprintf("kill -9 %d", backend.pid))
if err != nil {
log.Warnf("Failed to kill process: %s", err.Error())
}
}
session, err := client.NewSession()
if err != nil {
return false, err
}
// Get the parent PID of the shell so we can kill it if we disconnect
output, err := session.Output("ps --no-headers -fp $$ | awk '{print $3}'")
if err != nil {
return false, err
}
// Strip the new line and convert to int
backend.pid, err = strconv.Atoi(string(output)[:len(output)-1])
if err != nil {
return false, err
}
}
go backend.backendDisconnectHandler()
go backend.backendKeepaliveHandler()
log.Info("SSHBackend has initialized successfully.")
return true, nil
}
@ -96,6 +198,10 @@ func (backend *SSHBackend) StopBackend() (bool, error) {
return true, nil
}
func (backend *SSHBackend) GetBackendStatus() (bool, error) {
return backend.conn != nil, nil
}
func (backend *SSHBackend) StartProxy(command *commonbackend.AddProxy) (bool, error) {
listenerObject := &SSHListener{
SourceIP: command.SourceIP,
@ -134,6 +240,11 @@ func (backend *SSHBackend) StartProxy(command *commonbackend.AddProxy) (bool, er
if err != nil {
log.Warnf("failed to accept listener connection: %s", err.Error())
if err.Error() == "EOF" {
return
}
continue
}
@ -190,8 +301,7 @@ func (backend *SSHBackend) StartProxy(command *commonbackend.AddProxy) (bool, er
// Splice out the clientInstance by clientIndex
// TODO: change approach. It works but it's a bit wonky imho
// I asked AI to do this as it's a relatively simple task and I forgot how to do this effectively
backend.clients = append(backend.clients[:clientIndex], backend.clients[clientIndex+1:]...)
backend.clients = slices.Delete(backend.clients, clientIndex, clientIndex+1)
return
}
}
@ -207,14 +317,20 @@ func (backend *SSHBackend) StartProxy(command *commonbackend.AddProxy) (bool, er
for {
len, err := forwardedConn.Read(forwardedBuffer)
if err != nil {
log.Errorf("failed to read from forwarded connection: %s", err.Error())
if err.Error() != "EOF" && !errors.Is(err, net.ErrClosed) {
log.Errorf("failed to read from forwarded connection: %s", err.Error())
}
return
}
_, err = sourceConn.Write(forwardedBuffer[:len])
if err != nil {
log.Errorf("failed to write to source connection: %s", err.Error())
if _, err = sourceConn.Write(forwardedBuffer[:len]); err != nil {
if err.Error() != "EOF" && !errors.Is(err, net.ErrClosed) {
log.Errorf("failed to write to source connection: %s", err.Error())
}
return
}
}
@ -225,14 +341,20 @@ func (backend *SSHBackend) StartProxy(command *commonbackend.AddProxy) (bool, er
for {
len, err := sourceConn.Read(sourceBuffer)
if err != nil && err.Error() != "EOF" && strings.HasSuffix(err.Error(), "use of closed network connection") {
log.Errorf("failed to read from source connection: %s", err.Error())
if err != nil {
if err.Error() != "EOF" && !errors.Is(err, net.ErrClosed) {
log.Errorf("failed to read from source connection: %s", err.Error())
}
return
}
_, err = forwardedConn.Write(sourceBuffer[:len])
if err != nil && err.Error() != "EOF" && strings.HasSuffix(err.Error(), "use of closed network connection") {
log.Errorf("failed to write to forwarded connection: %s", err.Error())
if _, err = forwardedConn.Write(sourceBuffer[:len]); err != nil {
if err.Error() != "EOF" && !errors.Is(err, net.ErrClosed) {
log.Errorf("failed to write to forwarded connection: %s", err.Error())
}
return
}
}
@ -253,10 +375,7 @@ func (backend *SSHBackend) StopProxy(command *commonbackend.RemoveProxy) (bool,
backend.arrayPropMutex.Lock()
for proxyIndex, proxy := range backend.proxies {
// Check if memory addresses are equal for the pointer
if command.SourceIP == proxy.SourceIP && command.SourcePort == proxy.SourcePort && command.DestPort == proxy.DestPort && command.Protocol == proxy.Protocol {
log.Debug("found proxy in StopProxy. shutting down listeners")
for _, listener := range proxy.Listeners {
err := listener.Close()
@ -266,10 +385,8 @@ func (backend *SSHBackend) StopProxy(command *commonbackend.RemoveProxy) (bool,
}
// Splice out the proxy instance by proxyIndex
// TODO: change approach. It works but it's a bit wonky imho
// I asked AI to do this as it's a relatively simple task and I forgot how to do this effectively
backend.proxies = append(backend.proxies[:proxyIndex], backend.proxies[proxyIndex+1:]...)
backend.proxies = slices.Delete(backend.proxies, proxyIndex, proxyIndex+1)
return true, nil
}
}
@ -300,6 +417,10 @@ func (backend *SSHBackend) CheckParametersForConnections(clientParameters *commo
func (backend *SSHBackend) CheckParametersForBackend(arguments []byte) *commonbackend.CheckParametersResponse {
var backendData SSHBackendData
if validatorInstance == nil {
validatorInstance = validator.New()
}
if err := json.Unmarshal(arguments, &backendData); err != nil {
return &commonbackend.CheckParametersResponse{
IsValid: false,
@ -307,7 +428,7 @@ func (backend *SSHBackend) CheckParametersForBackend(arguments []byte) *commonba
}
}
if err := validator.New().Struct(&backendData); err != nil {
if err := validatorInstance.Struct(&backendData); err != nil {
return &commonbackend.CheckParametersResponse{
IsValid: false,
Message: fmt.Sprintf("failed validation of parameters: %s", err.Error()),
@ -319,6 +440,152 @@ func (backend *SSHBackend) CheckParametersForBackend(arguments []byte) *commonba
}
}
func (backend *SSHBackend) backendKeepaliveHandler() {
for {
if backend.conn != nil {
_, _, err := backend.conn.SendRequest("keepalive@openssh.com", true, nil)
if err != nil {
log.Warn("Keepalive message failed!")
return
}
}
time.Sleep(5 * time.Second)
}
}
func (backend *SSHBackend) backendDisconnectHandler() {
for {
if backend.conn != nil {
backend.conn.Wait()
backend.conn.Close()
backend.isReady = false
backend.inReinitLoop = true
log.Info("Disconnected from the remote SSH server. Attempting to reconnect in 5 seconds...")
} else {
log.Info("Retrying reconnection in 5 seconds...")
}
time.Sleep(5 * time.Second)
// Make the connection nil to accurately report our status incase GetBackendStatus is called
backend.conn = nil
// Use the last half of the code from the main initialization
signer, err := ssh.ParsePrivateKey([]byte(backend.config.PrivateKey))
if err != nil {
log.Errorf("Failed to parse private key: %s", err.Error())
return
}
auth := ssh.PublicKeys(signer)
config := &ssh.ClientConfig{
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
User: backend.config.Username,
Auth: []ssh.AuthMethod{
auth,
},
}
addr := fmt.Sprintf("%s:%d", backend.config.IP, backend.config.Port)
timeout := time.Duration(10 * time.Second)
rawTCPConn, err := net.DialTimeout("tcp", addr, timeout)
if err != nil {
log.Errorf("Failed to establish connection to the server: %s", err.Error())
continue
}
connWithTimeout := &ConnWithTimeout{
Conn: rawTCPConn,
ReadTimeout: timeout,
WriteTimeout: timeout,
}
c, chans, reqs, err := ssh.NewClientConn(connWithTimeout, addr, config)
if err != nil {
log.Errorf("Failed to create SSH client connection: %s", err.Error())
rawTCPConn.Close()
continue
}
client := ssh.NewClient(c, chans, reqs)
backend.conn = client
if !backend.config.DisablePIDCheck {
if backend.pid != 0 {
session, err := client.NewSession()
if err != nil {
log.Warnf("Failed to create SSH command session: %s", err.Error())
return
}
err = session.Run(fmt.Sprintf("kill -9 %d", backend.pid))
if err != nil {
log.Warnf("Failed to kill process: %s", err.Error())
}
}
session, err := client.NewSession()
if err != nil {
log.Warnf("Failed to create SSH command session: %s", err.Error())
return
}
// Get the parent PID of the shell so we can kill it if we disconnect
output, err := session.Output("ps --no-headers -fp $$ | awk '{print $3}'")
if err != nil {
log.Warnf("Failed to execute command to fetch PID: %s", err.Error())
return
}
// Strip the new line and convert to int
backend.pid, err = strconv.Atoi(string(output)[:len(output)-1])
if err != nil {
log.Warnf("Failed to parse PID: %s", err.Error())
return
}
}
go backend.backendKeepaliveHandler()
log.Info("SSHBackend has reconnected successfully. Attempting to set up proxies again...")
for _, proxy := range backend.proxies {
ok, err := backend.StartProxy(&commonbackend.AddProxy{
SourceIP: proxy.SourceIP,
SourcePort: proxy.SourcePort,
DestPort: proxy.DestPort,
Protocol: proxy.Protocol,
})
if err != nil {
log.Errorf("Failed to set up proxy: %s", err.Error())
continue
}
if !ok {
log.Errorf("Failed to set up proxy: OK status is false")
continue
}
}
log.Info("SSHBackend has reinitialized and restored state successfully.")
}
}
func main() {
logLevel := os.Getenv("HERMES_LOG_LEVEL")

20
dev-docker-compose.yml
View file

@ -1,20 +0,0 @@
# This WILL NOT work for production deployments
# This file only contains dependencies for the backend and frontend,
# excluding the actual backend and frontend.
services:
postgres:
image: postgres:17.2
container_name: hermes-postgres
restart: always
environment:
POSTGRES_DB: nextnet
POSTGRES_PASSWORD: nextnet
POSTGRES_USER: nextnet
ports:
- 5432:5432
volumes:
- nextnet_dev_postgres_data:/var/lib/postgresql/data
volumes:
nextnet_dev_postgres_data:

26
docker-compose.yml
View file

@ -1,28 +1,17 @@
services:
api:
image: ghcr.io/greysoh/nextnet:latest
container_name: nextnet-api
image: ghcr.io/imterah/hermes:latest
container_name: hermes-api
restart: always
env_file:
- .env
environment:
DATABASE_URL: postgresql://${POSTGRES_USERNAME}:${POSTGRES_PASSWORD}@nextnet-postgres:5432/${POSTGRES_DB}?schema=nextnet
HERMES_POSTGRES_DSN: postgres://${POSTGRES_USERNAME}:${POSTGRES_PASSWORD}@nextnet-postgres:5432/${POSTGRES_DB}
HERMES_JWT_SECRET: ${JWT_SECRET}
HERMES_DATABASE_BACKEND: postgresql
depends_on:
- db
ports:
- 3000:3000
# NOTE: For this to work correctly, the nextnet-api must be version > 0.1.1
# or have a version with backported username support, incl. logins
lom:
image: ghcr.io/greysoh/nextnet-lom:latest
container_name: nextnet-lom
restart: always
ports:
- 2222:2222
depends_on:
- api
volumes:
- ssh_key_data:/app/keys
db:
image: postgres:17.2
container_name: nextnet-postgres
@ -33,7 +22,6 @@ services:
POSTGRES_USER: ${POSTGRES_USERNAME}
volumes:
- postgres_data:/var/lib/postgresql/data
volumes:
postgres_data:
ssh_key_data:

43
docs/nextnet_to_hermes_migration.md Normal file
View file

@ -0,0 +1,43 @@
# NextNet to Hermes migration
## Other Environment Variables
Below are existing environment variables that need to be migrated over from NextNet to Hermes, untouched:
* `IS_SIGNUP_ENABLED` -> `HERMES_SIGNUP_ENABLED`
* `UNSAFE_ADMIN_SIGNUP` -> `HERMES_UNSAFE_ADMIN_SIGNUP_ENABLED`
Below are new environment variables that may need to be set up:
* `HERMES_FORCE_DISABLE_REFRESH_TOKEN_EXPIRY`: Disables refresh token expiry for Hermes. Instead of the singular token structure used
by NextNet, there is now a refresh token and JWT token combination.
* `HERMES_LOG_LEVEL`: Log level for Hermes & Hermes backends to run at.
* `HERMES_DEVELOPMENT_MODE`: Development mode for Hermes, disabling security features.
* `HERMES_LISTENING_ADDRESS`: Address to listen on for the API server. Example: `0.0.0.0:8000`.
* `HERMES_TRUSTED_HTTP_PROXIES`: List of trusted HTTP proxies separated by commas.
## Database-Related Environment Variables
* `HERMES_DATABASE_BACKEND`: Can be either `sqlite` for the embedded SQLite-compliant database, or `postgresql` for PostgreSQL support.
* `HERMES_SQLITE_FILEPATH`: Path for the SQLite database to use.
* `HERMES_POSTGRES_DSN`: PostgreSQL DSN for Golang. An example value which should work with minimal changes for PostgreSQL databases is `postgres://username:password@localhost:5432/database_name`.
## Migration steps
1. Remove all old environment variables.
2. Add these variables:
- `HERMES_MIGRATE_POSTGRES_DATABASE` -> `${POSTGRES_DB}`
- `HERMES_DATABASE_BACKEND` -> `postgresql`
- `HERMES_POSTGRES_DSN` -> `postgres://${POSTGRES_USERNAME}:${POSTGRES_PASSWORD}@nextnet-postgres:5432/${POSTGRES_DB}`
- `DATABASE_URL` -> `postgresql://${POSTGRES_USERNAME}:${POSTGRES_PASSWORD}@nextnet-postgres:5432/${POSTGRES_DB}?schema=nextnet`
- `HERMES_JWT_SECRET` -> Random data (recommended to use `head -c 500 /dev/random | sha512sum | cut -d " " -f 1` to seed the data)
3. Switch the API docker image from `ghcr.io/imterah/nextnet:latest` to `ghcr.io/imterah/hermes-backend-migration:latest`
4. Change the exposed ports from `3000:3000` to `3000:8000`.
5. Start the Docker compose stack.
6. Go get the container logs, and make sure no errors get output to the console.
7. Copy the backup as instructed in the log file.
8. DO NOT RESTART THE CONTAINER IF SUCCESSFUL. YOU WILL LOSE ALL YOUR DATA. If the migration fails, follow the steps mentioned in the logs. You do not need to copy the DB backup if it failed to connect or read the database.
9. If successful, remove the environment variables `HERMES_MIGRATE_POSTGRES_DATABASE` and `DATABASE_URL`.
10. Switch the API docker image from `ghcr.io/imterah/hermes-backend-migration:latest` to `ghcr.io/imterah/hermes:latest`.
11. Start the backend.
## Failed Migration / Manual Restoration Steps
1. Get to step 4 in the ordinary migration setps.
2. Add the `entrypoint` option in the API compose section, and set it to `/bin/bash`
3. Add the `command` option in the API compose section, and set it to `"-c 'sleep 10000'"`
4. Get a shell in the container (likely named `nextnet-api`): `docker exec -it nextnet-api /bin/bash`
5. Copy the base64 section (excluding the `BEGIN` and `END` portions) of the backup, and run the following command to begin the transfer: `cat >> /tmp/db.json.gz.b64 << EOF`
6. Paste in the base64 data, and then press enter, type `EOF`, and then press enter again. This should return you to the shell prompt.
7. Decode the base64 backup: `cat /tmp/db.json.gz.b64 | base64 -d > /tmp/db.json.gz`
8. Run the migration script: `./entrypoint.sh`
9. When done, remove the `entrypoint` and `command` sections, and then jump to step 9 in the ordinary migration steps.

6
docs/profiling.md Normal file
View file

@ -0,0 +1,6 @@
# Profiling
To profile any backend code based on `backendutil`, follow these steps:
1. Rebuild the backend with the `debug` flag: `cd $BACKEND_HERE; GOOS=linux go build -tags debug .; cd ..`
2. Copy the binary to the target machine (if applicable), and stop the API server.
3. If you want to profile the CPU utilization, write `cpu` to the file `/tmp/hermes.backendlauncher.profilebackends`: `echo -n "cpu" > /tmp/hermes.backendlauncher.profilebackends`. Else, replace `cpu` with `mem`.
4. Start the API server, with development mode and debug logging enabled.

4
docs/troubleshooting.md Normal file
View file

@ -0,0 +1,4 @@
# Troubleshooting
* I'm using SSH tunneling, and I can't reach any of the tunnels publicly.
- Be sure to enable GatewayPorts in your sshd config (in `/etc/ssh/sshd_config` on most systems). Also, be sure to check your firewall rules on your system and your network.

115
frontend/commands/users/create.go Normal file
View file

@ -0,0 +1,115 @@
package users
import (
"errors"
"fmt"
"os"
"syscall"
"git.terah.dev/imterah/hermes/apiclient"
"git.terah.dev/imterah/hermes/frontend/config"
"github.com/charmbracelet/log"
"github.com/urfave/cli/v2"
"golang.org/x/term"
"gopkg.in/yaml.v3"
)
func CreateUserCommand(cCtx *cli.Context) error {
configPath := cCtx.String("config-path")
var configContents *config.Config
_, err := os.Stat(configPath)
if err != nil {
if errors.Is(err, os.ErrNotExist) {
configContents = &config.Config{}
} else {
return fmt.Errorf("failed to get configuration file information: %s", err.Error())
}
} else {
configContents, err = config.ReadAndParseConfig(configPath)
if err != nil {
return fmt.Errorf("failed to read and parse configuration file: %s", err.Error())
}
}
username := cCtx.String("username")
if username == "" {
if configContents.Username == "" {
return fmt.Errorf("username not specified and username is not in the configuration file")
}
username = configContents.Username
}
var password string
if cCtx.Bool("ask-password") {
fmt.Print("Password: ")
passwordBytes, err := term.ReadPassword(int(syscall.Stdin))
fmt.Print("\n")
if err != nil {
return fmt.Errorf("failed to read password from console: %s", err.Error())
}
password = string(passwordBytes)
} else {
password = cCtx.String("password")
if password == "" {
return fmt.Errorf("password is not specified and password asking is not enabled")
}
}
var serverURL string
if cCtx.String("server-url") == "" {
if configContents.APIPath == "" {
return fmt.Errorf("server URL not specified and server URL is not in the configuration file")
}
serverURL = configContents.APIPath
} else {
serverURL = cCtx.String("server-url")
}
fullName := cCtx.String("full-name")
email := cCtx.String("email")
isBot := cCtx.Bool("user-is-bot")
log.Info("Creating user...")
api := &apiclient.HermesAPIClient{
URL: serverURL,
}
refreshToken, err := api.UserCreate(fullName, username, email, password, isBot)
if err != nil {
return fmt.Errorf("failed to create user: %s", err.Error())
}
log.Info("Successfully created user.")
if cCtx.Bool("do-not-save-configuration") {
return nil
}
configContents.Username = username
configContents.RefreshToken = refreshToken
configContents.APIPath = serverURL
data, err := yaml.Marshal(configContents)
if err != nil {
return fmt.Errorf("failed to marshal configuration data: %s", err.Error())
}
os.WriteFile(configPath, data, 0644)
return nil
}

98
frontend/commands/users/login.go Normal file
View file

@ -0,0 +1,98 @@
package users
import (
"errors"
"fmt"
"os"
"syscall"
"git.terah.dev/imterah/hermes/apiclient"
"git.terah.dev/imterah/hermes/frontend/config"
"github.com/charmbracelet/log"
"github.com/urfave/cli/v2"
"golang.org/x/term"
"gopkg.in/yaml.v3"
)
func GetRefreshTokenCommand(cCtx *cli.Context) error {
configPath := cCtx.String("config-path")
var configContents *config.Config
_, err := os.Stat(configPath)
if err != nil {
if errors.Is(err, os.ErrNotExist) {
configContents = &config.Config{}
} else {
return fmt.Errorf("failed to get configuration file information: %s", err.Error())
}
} else {
configContents, err = config.ReadAndParseConfig(configPath)
if err != nil {
return fmt.Errorf("failed to read and parse configuration file: %s", err.Error())
}
}
var username string
var password string
if cCtx.String("username") == "" {
if configContents.Username == "" {
return fmt.Errorf("username not specified and username is not in the configuration file")
}
username = configContents.Username
} else {
username = cCtx.String("username")
}
if cCtx.Bool("ask-password") {
fmt.Print("Password: ")
passwordBytes, err := term.ReadPassword(int(syscall.Stdin))
fmt.Print("\n")
if err != nil {
return fmt.Errorf("failed to read password from console: %s", err.Error())
}
password = string(passwordBytes)
} else {
password = cCtx.String("password")
if password == "" {
return fmt.Errorf("password is not specified and password asking is not enabled")
}
}
serverURL := cCtx.String("server-url")
log.Info("Authenticating with API...")
api := &apiclient.HermesAPIClient{
URL: serverURL,
}
refreshToken, err := api.UserGetRefreshToken(&username, nil, password)
if err != nil {
return fmt.Errorf("failed to authenticate with the API: %s", err.Error())
}
configContents.Username = username
configContents.RefreshToken = refreshToken
configContents.APIPath = serverURL
log.Info("Writing configuration file...")
data, err := yaml.Marshal(configContents)
if err != nil {
return fmt.Errorf("failed to marshal configuration data: %s", err.Error())
}
log.Infof("config path: %s", configPath)
os.WriteFile(configPath, data, 0644)
return nil
}

30
frontend/config/config.go Normal file
View file

@ -0,0 +1,30 @@
package config
import (
"os"
"gopkg.in/yaml.v3"
)
type Config struct {
Username string `json:"username"`
RefreshToken string `json:"token"`
APIPath string `json:"api_path"`
}
func ReadAndParseConfig(configFile string) (*Config, error) {
configFileContents, err := os.ReadFile(configFile)
if err != nil {
return nil, err
}
config := &Config{}
err = yaml.Unmarshal(configFileContents, config)
if err != nil {
return nil, err
}
return config, nil
}

1
frontend/dev.env Normal file
View file

@ -0,0 +1 @@
HERMES_LOG_LEVEL=debug

143
frontend/main.go Normal file
View file

@ -0,0 +1,143 @@
package main
import (
"os"
"path"
"git.terah.dev/imterah/hermes/frontend/commands/users"
"github.com/charmbracelet/log"
"github.com/urfave/cli/v2"
)
func main() {
logLevel := os.Getenv("HERMES_LOG_LEVEL")
if logLevel != "" {
switch logLevel {
case "debug":
log.SetLevel(log.DebugLevel)
case "info":
log.SetLevel(log.InfoLevel)
case "warn":
log.SetLevel(log.WarnLevel)
case "error":
log.SetLevel(log.ErrorLevel)
case "fatal":
log.SetLevel(log.FatalLevel)
}
}
configDir, err := os.UserConfigDir()
if err != nil {
log.Fatalf("Failed to get configuration directory: %s", err.Error())
}
app := &cli.App{
Name: "hermcli",
Usage: "client for Hermes -- port forwarding across boundaries",
Flags: []cli.Flag{
&cli.StringFlag{
Name: "config-path",
Aliases: []string{"config", "cp", "c"},
Value: path.Join(configDir, "hermcli.yml"),
},
},
Commands: []*cli.Command{
{
Name: "login",
Usage: "log in to the API",
Action: users.GetRefreshTokenCommand,
Aliases: []string{"l"},
Flags: []cli.Flag{
&cli.StringFlag{
Name: "username",
Aliases: []string{"user", "u"},
Usage: "username to authenticate as",
},
&cli.StringFlag{
Name: "password",
Aliases: []string{"pass", "p"},
Usage: "password to authenticate with",
},
&cli.StringFlag{
Name: "server-url",
Aliases: []string{"server", "s"},
Usage: "URL of the server to authenticate with",
},
&cli.BoolFlag{
Name: "ask-password",
Aliases: []string{"ask-pass", "ap"},
Usage: "asks you the password to authenticate with",
},
},
},
{
Name: "users",
Usage: "user management commands",
Aliases: []string{"u"},
Subcommands: []*cli.Command{
{
Name: "create",
Aliases: []string{"c"},
Usage: "create a user",
Action: users.CreateUserCommand,
Flags: []cli.Flag{
&cli.StringFlag{
Name: "full-name",
Aliases: []string{"name", "n"},
Usage: "full name for the user",
Required: true,
},
&cli.StringFlag{
Name: "username",
Aliases: []string{"user", "us"},
Usage: "username to give the user",
Required: true,
},
&cli.StringFlag{
Name: "email",
Aliases: []string{"e"},
Usage: "email to give the user",
Required: true,
},
&cli.StringFlag{
Name: "password",
Aliases: []string{"pass", "p"},
Usage: "password to give the user",
},
&cli.StringFlag{
Name: "server-url",
Aliases: []string{"server", "s"},
Usage: "URL of the server to connect with",
},
&cli.BoolFlag{
Name: "ask-password",
Aliases: []string{"ask-pass", "ap"},
Usage: "asks you the password to give the user",
},
&cli.BoolFlag{
Name: "user-is-bot",
Aliases: []string{"user-bot", "ub", "u"},
Usage: "if set, makes the user flagged as a bot",
},
&cli.BoolFlag{
Name: "do-not-save-configuration",
Aliases: []string{"no-save", "ns"},
Usage: "doesn't save the authenticated user credentials",
},
},
},
},
},
},
}
if err := app.Run(os.Args); err != nil {
log.Fatal(err)
}
}

32
backend/go.mod → go.mod
View file

@ -2,24 +2,36 @@ module git.terah.dev/imterah/hermes
go 1.23.3
require (
github.com/charmbracelet/log v0.4.0
github.com/gin-gonic/gin v1.10.0
github.com/go-playground/validator/v10 v10.23.0
github.com/golang-jwt/jwt/v5 v5.2.1
github.com/pkg/sftp v1.13.7
github.com/urfave/cli/v2 v2.27.5
golang.org/x/crypto v0.31.0
golang.org/x/exp v0.0.0-20231006140011-7918f672742d
golang.org/x/term v0.28.0
gopkg.in/yaml.v3 v3.0.1
gorm.io/driver/postgres v1.5.11
gorm.io/driver/sqlite v1.5.7
gorm.io/gorm v1.25.12
)
require (
github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
github.com/bytedance/sonic v1.12.6 // indirect
github.com/bytedance/sonic/loader v0.2.1 // indirect
github.com/charmbracelet/lipgloss v0.10.0 // indirect
github.com/charmbracelet/log v0.4.0 // indirect
github.com/cloudwego/base64x v0.1.4 // indirect
github.com/cloudwego/iasm v0.2.0 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect
github.com/gabriel-vasile/mimetype v1.4.7 // indirect
github.com/gin-contrib/sse v0.1.0 // indirect
github.com/gin-gonic/gin v1.10.0 // indirect
github.com/go-logfmt/logfmt v0.6.0 // indirect
github.com/go-playground/locales v0.14.1 // indirect
github.com/go-playground/universal-translator v0.18.1 // indirect
github.com/go-playground/validator/v10 v10.23.0 // indirect
github.com/goccy/go-json v0.10.4 // indirect
github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
github.com/jackc/pgpassfile v1.0.0 // indirect
github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
github.com/jackc/pgx/v5 v5.7.2 // indirect
@ -28,6 +40,8 @@ require (
github.com/jinzhu/now v1.1.5 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/klauspost/cpuid/v2 v2.2.9 // indirect
github.com/kr/fs v0.1.0 // indirect
github.com/kr/text v0.2.0 // indirect
github.com/leodido/go-urn v1.4.0 // indirect
github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
@ -39,21 +53,15 @@ require (
github.com/muesli/termenv v0.15.2 // indirect
github.com/pelletier/go-toml/v2 v2.2.3 // indirect
github.com/rivo/uniseg v0.4.7 // indirect
github.com/rogpeppe/go-internal v1.13.1 // indirect
github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
github.com/ugorji/go/codec v1.2.12 // indirect
github.com/urfave/cli/v2 v2.27.5 // indirect
github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
golang.org/x/arch v0.12.0 // indirect
golang.org/x/crypto v0.31.0 // indirect
golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
golang.org/x/net v0.33.0 // indirect
golang.org/x/sync v0.10.0 // indirect
golang.org/x/sys v0.28.0 // indirect
golang.org/x/sys v0.29.0 // indirect
golang.org/x/text v0.21.0 // indirect
google.golang.org/protobuf v1.36.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
gorm.io/driver/postgres v1.5.11 // indirect
gorm.io/driver/sqlite v1.5.7 // indirect
gorm.io/gorm v1.25.12 // indirect
)

73
backend/go.sum → go.sum
View file

@ -15,7 +15,9 @@ github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg=
github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc=
github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/gabriel-vasile/mimetype v1.4.7 h1:SKFKl7kD0RiPdbht0s7hFtjl489WcQ1VyPW8ZzUMYCA=
github.com/gabriel-vasile/mimetype v1.4.7/go.mod h1:GDlAgAyIRT27BhFl53XNAFtfjzOkLaF35JdEG0P7LtU=
@ -25,6 +27,8 @@ github.com/gin-gonic/gin v1.10.0 h1:nTuyha1TYqgedzytsKYqna+DfLos46nTv2ygFy86HFU=
github.com/gin-gonic/gin v1.10.0/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y=
github.com/go-logfmt/logfmt v0.6.0 h1:wGYYu3uicYdqXVgoYbvnkrPVXkuLM1p1ifugDMEdRi4=
github.com/go-logfmt/logfmt v0.6.0/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
@ -35,6 +39,8 @@ github.com/goccy/go-json v0.10.4 h1:JSwxQzIqKfmFX1swYPpUThQZp/Ka4wzJdK0LWVytLPM=
github.com/goccy/go-json v0.10.4/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=
github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
@ -54,12 +60,16 @@ github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa02
github.com/klauspost/cpuid/v2 v2.2.9 h1:66ze0taIn2H33fBvCkXuv9BmCwDfafmiIVpKV9kKGuY=
github.com/klauspost/cpuid/v2 v2.2.9/go.mod h1:rqkxqrZ1EhYM9G+hXH7YdowN5R5RGN6NK4QwQ3WMXF8=
github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
github.com/kr/fs v0.1.0 h1:Jskdu9ieNAYnjxsi0LbQp1ulIKZV1LAFgK1tWhpZgl8=
github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY=
github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=
github.com/mattn/go-isatty v0.0.18 h1:DOKFKCQ7FNG2L1rbrmstDN4QVRdS89Nkh85u68Uwp98=
github.com/mattn/go-isatty v0.0.18/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk=
@ -78,11 +88,16 @@ github.com/muesli/termenv v0.15.2 h1:GohcuySI0QmI3wN8Ok9PtKGkgkFIk7y6Vpb5PvrY+Wo
github.com/muesli/termenv v0.15.2/go.mod h1:Epx+iuz8sNs7mNKhxzH4fWXGNpZwUaJKRS1noLXviQ8=
github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M=
github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc=
github.com/pkg/sftp v1.13.7 h1:uv+I3nNJvlKZIQGSr8JVQLNHFU9YhhNpvC14Y6KgmSM=
github.com/pkg/sftp v1.13.7/go.mod h1:KMKI0t3T6hfA+lTR/ssZdunHo+uwq7ghoN09/FSu3DY=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@ -93,6 +108,7 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
@ -102,30 +118,66 @@ github.com/urfave/cli/v2 v2.27.5 h1:WoHEJLdsXr6dDWoJgMq/CboDmyY/8HMMH1fTECbih+w=
github.com/urfave/cli/v2 v2.27.5/go.mod h1:3Sevf16NykTbInEnD0yKkjDAeZDS0A6bzhBH5hrMvTQ=
github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 h1:gEOO8jv9F4OT7lGCjxCBTO/36wtF6j2nSip77qHd4x4=
github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
golang.org/x/arch v0.12.0 h1:UsYJhbzPYGsT0HbEdmYcqtCv8UNGvnaL561NnIUvaKg=
golang.org/x/arch v0.12.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ=
golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s=
golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg=
golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
google.golang.org/protobuf v1.36.0 h1:mjIs9gYtt56AzC4ZaffQuh88TZurBGhIJMBZGSxNerQ=
google.golang.org/protobuf v1.36.0/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
@ -136,4 +188,3 @@ gorm.io/driver/sqlite v1.5.7/go.mod h1:U+J8craQU6Fzkcvu8oLeAQmi50TkwPEhHDEjQZXDa
gorm.io/gorm v1.25.12 h1:I0u8i2hWQItBq1WfE0o2+WuL9+8L21K9e2HHSTE/0f8=
gorm.io/gorm v1.25.12/go.mod h1:xh7N7RHfYlNc5EmcI/El95gXusucDrQnHXe0+CgWcLQ=
nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=

35
init.sh
View file

@ -1,14 +1,4 @@
#!/usr/bin/env bash
owned_docker=1
# Test if Postgres is up
lsof -i:5432 2> /dev/null > /dev/null
if [ $? -ne 0 ]; then
owned_docker=0
docker compose -f dev-docker-compose.yml up -d
fi
if [ ! -f "backend/.env" ]; then
cp backend/dev.env backend/.env
fi
@ -17,30 +7,11 @@ if [ ! -d "backend/.tmp" ]; then
mkdir backend/.tmp
fi
if [ ! -f "backend-legacy/.env" ]; then
cp backend-legacy/dev.env backend-legacy/.env
fi
if [ ! -d "backend-legacy/node_modules" ]; then
pushd backend-legacy > /dev/null
npm install --save-dev
npx prisma migrate dev
popd > /dev/null
if [ ! -f "frontend/.env" ]; then
cp frontend/dev.env frontend/.env
fi
set -a
source backend-legacy/.env
source backend/.env
source frontend/.env
set +a
on_exit() {
cd $(git rev-parse --show-toplevel)
if [ $owned_docker -ne 0 ]; then
return
fi
docker compose -f dev-docker-compose.yml down
}
trap "on_exit" exit

9
prod-docker.env
View file

@ -1,5 +1,4 @@
# These are default values, please change these!
POSTGRES_USERNAME=nextnet
POSTGRES_PASSWORD=nextnet
POSTGRES_DB=nextnet
POSTGRES_USERNAME=hermes
POSTGRES_PASSWORD=hermes
POSTGRES_DB=hermes
JWT_SECRET=hermes

4
routes/Hermes API/Backend/Lookup.bru
View file

@ -12,8 +12,8 @@ post {
body:json {
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiMSJdLCJleHAiOjE3MzUwNzY0MTEsIm5iZiI6MTczNDk5MDAxMSwiaWF0IjoxNzM0OTkwMDExfQ.N9TLraX4peHt7FKv8tPcHuEzL0K7T2IBEw3piQS_4OY",
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiMSJdLCJleHAiOjE3MzYyMzI2NjEsIm5iZiI6MTczNjE0NjI2MSwiaWF0IjoxNzM2MTQ2MjYxfQ.juoZ74xs-FBnbbT9Zlei1LmcNx7kTEfzymHlVbeMmtQ",
"name": "SSH",
"id": 2
"id": 1
}
}

11
shell.nix
View file

@ -3,18 +3,13 @@
}: pkgs.mkShell {
buildInputs = with pkgs; [
# api/
nodejs
openssl
lsof
go
gopls
];
shellHook = ''
export PRISMA_QUERY_ENGINE_BINARY=${pkgs.prisma-engines}/bin/query-engine
export PRISMA_QUERY_ENGINE_LIBRARY=${pkgs.prisma-engines}/lib/libquery_engine.node
export PRISMA_SCHEMA_ENGINE_BINARY=${pkgs.prisma-engines}/bin/schema-engine
source init.sh
if [ -f init.sh ]; then
source init.sh
fi
'';
}

133
sshfrontend/.gitignore vendored
View file

@ -1,133 +0,0 @@
# Output
out
# Logs
logs
*.log
npm-debug.log*
yarn-debug.log*
yarn-error.log*
lerna-debug.log*
.pnpm-debug.log*
# Diagnostic reports (https://nodejs.org/api/report.html)
report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
# Runtime data
pids
*.pid
*.seed
*.pid.lock
# Directory for instrumented libs generated by jscoverage/JSCover
lib-cov
# Coverage directory used by tools like istanbul
coverage
*.lcov
# nyc test coverage
.nyc_output
# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
.grunt
# Bower dependency directory (https://bower.io/)
bower_components
# node-waf configuration
.lock-wscript
# Compiled binary addons (https://nodejs.org/api/addons.html)
build/Release
# Dependency directories
node_modules/
jspm_packages/
# Snowpack dependency directory (https://snowpack.dev/)
web_modules/
# TypeScript cache
*.tsbuildinfo
# Optional npm cache directory
.npm
# Optional eslint cache
.eslintcache
# Optional stylelint cache
.stylelintcache
# Microbundle cache
.rpt2_cache/
.rts2_cache_cjs/
.rts2_cache_es/
.rts2_cache_umd/
# Optional REPL history
.node_repl_history
# Output of 'npm pack'
*.tgz
# Yarn Integrity file
.yarn-integrity
# dotenv environment variable files
.env
.env.development.local
.env.test.local
.env.production.local
.env.local
# parcel-bundler cache (https://parceljs.org/)
.cache
.parcel-cache
# Next.js build output
.next
out
# Nuxt.js build / generate output
.nuxt
dist
# Gatsby files
.cache/
# Comment in the public line in if your project uses Gatsby and not Next.js
# https://nextjs.org/blog/next-9-1#public-directory-support
# public
# vuepress build output
.vuepress/dist
# vuepress v2.x temp and cache directory
.temp
.cache
# Docusaurus cache and generated files
.docusaurus
# Serverless directories
.serverless/
# FuseBox cache
.fusebox/
# DynamoDB Local files
.dynamodb/
# TernJS port file
.tern-port
# Stores VSCode versions used for testing VSCode extensions
.vscode-test
# yarn v2
.yarn/cache
.yarn/unplugged
.yarn/build-state.yml
.yarn/install-state.gz
.pnp.*

14
sshfrontend/Dockerfile
View file

@ -1,14 +0,0 @@
FROM node:22.11.0-bookworm
LABEL org.opencontainers.image.source="https://github.com/greysoh/nextnet"
WORKDIR /app/
COPY src /app/src
COPY tsconfig.json /app/
COPY package.json /app/
COPY package-lock.json /app/
COPY docker-entrypoint.sh /app/
RUN npm install --save-dev
RUN npm run build
RUN rm out/**/*.ts out/**/*.map
RUN rm -rf src
RUN npm prune --production
ENTRYPOINT sh docker-entrypoint.sh

28
sshfrontend/LICENSE
View file

@ -1,28 +0,0 @@
BSD 3-Clause License
Copyright (c) 2024, Greyson
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
3. Neither the name of the copyright holder nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Some files were not shown because too many files have changed in this diff Show more