diff --git a/install/fs/config.yml b/install/fs/config.yml index cf9e6464..620ccbf3 100644 --- a/install/fs/config.yml +++ b/install/fs/config.yml @@ -35,7 +35,8 @@ gerbil: wg_site: start_port: 51820 block_size: 24 - subnet_group: 100.89.137.0/20 + subnet_group: 100.89.138.0/20 + site_block_size: 30 rate_limits: global: diff --git a/server/db/schema.ts b/server/db/schema.ts index 449618f7..6b7dcfda 100644 --- a/server/db/schema.ts +++ b/server/db/schema.ts @@ -173,7 +173,7 @@ export const olmSessions = sqliteTable("clientSession", { sessionId: text("id").primaryKey(), olmId: text("olmId") .notNull() - .references(() => newts.newtId, { onDelete: "cascade" }), + .references(() => olms.olmId, { onDelete: "cascade" }), expiresAt: integer("expiresAt").notNull() }); diff --git a/server/lib/config.ts b/server/lib/config.ts index f607fe0d..336b3ccb 100644 --- a/server/lib/config.ts +++ b/server/lib/config.ts @@ -113,7 +113,8 @@ const configSchema = z.object({ wg_site: z.object({ block_size: z.number().positive().gt(0), subnet_group: z.string(), - start_port: portSchema + start_port: portSchema, + site_block_size: z.number().positive().gt(0) }), rate_limits: z.object({ global: z.object({ diff --git a/server/routers/client/createClient.ts b/server/routers/client/createClient.ts index 85f1735e..ef5be02f 100644 --- a/server/routers/client/createClient.ts +++ b/server/routers/client/createClient.ts @@ -37,10 +37,10 @@ const createClientSchema = z .object({ name: z.string().min(1).max(255), siteId: z.number().int().positive(), - pubKey: z.string(), - subnet: z.string(), - olmId: z.string(), - secret: z.string(), + pubKey: z.string().optional(), + subnet: z.string().optional(), + olmId: z.string().optional(), + secret: z.string().optional(), type: z.enum(["olm"]) }) .strict(); diff --git a/server/routers/client/pickClientDefaults.ts b/server/routers/client/pickClientDefaults.ts index fd048259..c8292374 100644 --- a/server/routers/client/pickClientDefaults.ts +++ b/server/routers/client/pickClientDefaults.ts @@ -14,7 +14,7 @@ import { fromError } from "zod-validation-error"; const getSiteSchema = z .object({ - siteId: z.number().int().positive() + siteId: z.string().transform(Number).pipe(z.number()) }) .strict(); @@ -92,12 +92,16 @@ export async function pickClientDefaults( subnets.push( address.replace( /\/\d+$/, - `/${config.getRawConfig().wg_site.block_size}` + `/${config.getRawConfig().wg_site.site_block_size}` ) ); + logger.debug(`Subnets: ${subnets}`); + logger.debug(`Address: ${address}`); + logger.debug(`Block size: ${config.getRawConfig().wg_site.block_size}`); + logger.debug(`Site block size: ${config.getRawConfig().wg_site.site_block_size}`); const newSubnet = findNextAvailableCidr( subnets, - config.getRawConfig().wg_site.block_size, + config.getRawConfig().wg_site.site_block_size, address ); if (!newSubnet) { diff --git a/server/routers/external.ts b/server/routers/external.ts index bc831bdf..8c5fcb93 100644 --- a/server/routers/external.ts +++ b/server/routers/external.ts @@ -28,7 +28,8 @@ import { import { verifyUserHasAction } from "../middlewares/verifyUserHasAction"; import { ActionsEnum } from "@server/auth/actions"; import { verifyUserIsOrgOwner } from "../middlewares/verifyUserIsOrgOwner"; -import { createNewt, getToken } from "./newt"; +import { createNewt, getNewtToken } from "./newt"; +import { getOlmToken } from "./olm"; import rateLimit from "express-rate-limit"; import createHttpError from "http-errors"; @@ -501,7 +502,8 @@ authRouter.use( authRouter.put("/signup", auth.signup); authRouter.post("/login", auth.login); authRouter.post("/logout", auth.logout); -authRouter.post("/newt/get-token", getToken); +authRouter.post("/newt/get-token", getNewtToken); +authRouter.post("/olm/get-token", getOlmToken); authRouter.post("/2fa/enable", verifySessionUserMiddleware, auth.verifyTotp); authRouter.post( diff --git a/server/routers/newt/getToken.ts b/server/routers/newt/getNewtToken.ts similarity index 98% rename from server/routers/newt/getToken.ts rename to server/routers/newt/getNewtToken.ts index e6ae0cd6..80977f81 100644 --- a/server/routers/newt/getToken.ts +++ b/server/routers/newt/getNewtToken.ts @@ -24,7 +24,7 @@ export const newtGetTokenBodySchema = z.object({ export type NewtGetTokenBody = z.infer; -export async function getToken( +export async function getNewtToken( req: Request, res: Response, next: NextFunction diff --git a/server/routers/newt/handleGetConfigMessage.ts b/server/routers/newt/handleGetConfigMessage.ts index 6d8cb8c8..7058a0c7 100644 --- a/server/routers/newt/handleGetConfigMessage.ts +++ b/server/routers/newt/handleGetConfigMessage.ts @@ -10,8 +10,7 @@ import config from "@server/lib/config"; const inputSchema = z.object({ publicKey: z.string(), - endpoint: z.string(), - listenPort: z.number() + endpoint: z.string() }); type Input = z.infer; @@ -20,6 +19,9 @@ export const handleGetConfigMessage: MessageHandler = async (context) => { const { message, client, sendToClient } = context; const newt = client as Newt; + logger.debug(JSON.stringify(message.data)); + + logger.debug("Handling Newt get config message!"); if (!newt) { @@ -99,8 +101,8 @@ export const handleGetConfigMessage: MessageHandler = async (context) => { ); const configResponse = { - listenPort: site.listenPort, // ????? - // ipAddress: exitNode[0].address, + listenPort: site.listenPort, + ipAddress: site.address, peers }; diff --git a/server/routers/newt/handleReceiveBandwidthMessage.ts b/server/routers/newt/handleReceiveBandwidthMessage.ts index 1e1642aa..a20e2426 100644 --- a/server/routers/newt/handleReceiveBandwidthMessage.ts +++ b/server/routers/newt/handleReceiveBandwidthMessage.ts @@ -12,9 +12,12 @@ interface PeerBandwidth { export const handleReceiveBandwidthMessage: MessageHandler = async (context) => { const { message, client, sendToClient } = context; - const newt = client as Newt; - const bandwidthData: PeerBandwidth[] = message.data; + if (!message.data.bandwidthData) { + logger.warn("No bandwidth data provided"); + } + + const bandwidthData: PeerBandwidth[] = message.data.bandwidthData; if (!Array.isArray(bandwidthData)) { throw new Error("Invalid bandwidth data"); @@ -63,6 +66,4 @@ export const handleReceiveBandwidthMessage: MessageHandler = async (context) => .where(eq(clients.clientId, client.clientId)); } }); - - logger.info("Handling register olm message!"); }; diff --git a/server/routers/newt/index.ts b/server/routers/newt/index.ts index 84b9a6e9..aa72fc6f 100644 --- a/server/routers/newt/index.ts +++ b/server/routers/newt/index.ts @@ -1,4 +1,4 @@ export * from "./createNewt"; -export * from "./getToken"; +export * from "./getNewtToken"; export * from "./handleNewtRegisterMessage"; export* from "./handleReceiveBandwidthMessage"; \ No newline at end of file diff --git a/server/routers/olm/getToken.ts b/server/routers/olm/getOlmToken.ts similarity index 64% rename from server/routers/olm/getToken.ts rename to server/routers/olm/getOlmToken.ts index e6ae0cd6..ce40a35e 100644 --- a/server/routers/olm/getToken.ts +++ b/server/routers/olm/getOlmToken.ts @@ -1,6 +1,6 @@ import { generateSessionToken } from "@server/auth/sessions/app"; import db from "@server/db"; -import { newts } from "@server/db/schema"; +import { olms } from "@server/db/schema"; import HttpCode from "@server/types/HttpCode"; import response from "@server/lib/response"; import { eq } from "drizzle-orm"; @@ -9,27 +9,27 @@ import createHttpError from "http-errors"; import { z } from "zod"; import { fromError } from "zod-validation-error"; import { - createNewtSession, - validateNewtSessionToken -} from "@server/auth/sessions/newt"; + createOlmSession, + validateOlmSessionToken +} from "@server/auth/sessions/olm"; import { verifyPassword } from "@server/auth/password"; import logger from "@server/logger"; import config from "@server/lib/config"; -export const newtGetTokenBodySchema = z.object({ - newtId: z.string(), +export const olmGetTokenBodySchema = z.object({ + olmId: z.string(), secret: z.string(), token: z.string().optional() }); -export type NewtGetTokenBody = z.infer; +export type OlmGetTokenBody = z.infer; -export async function getToken( +export async function getOlmToken( req: Request, res: Response, next: NextFunction ): Promise { - const parsedBody = newtGetTokenBodySchema.safeParse(req.body); + const parsedBody = olmGetTokenBodySchema.safeParse(req.body); if (!parsedBody.success) { return next( @@ -40,15 +40,15 @@ export async function getToken( ); } - const { newtId, secret, token } = parsedBody.data; + const { olmId, secret, token } = parsedBody.data; try { if (token) { - const { session, newt } = await validateNewtSessionToken(token); + const { session, olm } = await validateOlmSessionToken(token); if (session) { if (config.getRawConfig().app.log_failed_attempts) { logger.info( - `Newt session already valid. Newt ID: ${newtId}. IP: ${req.ip}.` + `Olm session already valid. Olm ID: ${olmId}. IP: ${req.ip}.` ); } return response(res, { @@ -61,29 +61,31 @@ export async function getToken( } } - const existingNewtRes = await db + const existingOlmRes = await db .select() - .from(newts) - .where(eq(newts.newtId, newtId)); - if (!existingNewtRes || !existingNewtRes.length) { + .from(olms) + .where(eq(olms.olmId, olmId)); + if (!existingOlmRes || !existingOlmRes.length) { return next( createHttpError( HttpCode.BAD_REQUEST, - "No newt found with that newtId" + "No olm found with that olmId" ) ); } - const existingNewt = existingNewtRes[0]; + logger.debug("Existing olm: ", existingOlmRes); + + const existingOlm = existingOlmRes[0]; const validSecret = await verifyPassword( secret, - existingNewt.secretHash + existingOlm.secretHash ); if (!validSecret) { if (config.getRawConfig().app.log_failed_attempts) { logger.info( - `Newt id or secret is incorrect. Newt: ID ${newtId}. IP: ${req.ip}.` + `Olm id or secret is incorrect. Olm: ID ${olmId}. IP: ${req.ip}.` ); } return next( @@ -91,8 +93,12 @@ export async function getToken( ); } + logger.debug("Creating new olm session token"); + const resToken = generateSessionToken(); - await createNewtSession(resToken, existingNewt.newtId); + await createOlmSession(resToken, existingOlm.olmId); + + logger.debug("Token created successfully"); return response<{ token: string }>(res, { data: { @@ -103,12 +109,12 @@ export async function getToken( message: "Token created successfully", status: HttpCode.OK }); - } catch (e) { - console.error(e); + } catch (error) { + logger.error(error); return next( createHttpError( HttpCode.INTERNAL_SERVER_ERROR, - "Failed to authenticate newt" + "Failed to authenticate olm" ) ); } diff --git a/server/routers/olm/index.ts b/server/routers/olm/index.ts index d29a2ef1..616480cc 100644 --- a/server/routers/olm/index.ts +++ b/server/routers/olm/index.ts @@ -1 +1,3 @@ export * from "./handleOlmRegisterMessage"; +export * from "./getOlmToken"; +export * from "./createOlm"; \ No newline at end of file diff --git a/server/routers/site/pickSiteDefaults.ts b/server/routers/site/pickSiteDefaults.ts index 56d072e0..79c2b324 100644 --- a/server/routers/site/pickSiteDefaults.ts +++ b/server/routers/site/pickSiteDefaults.ts @@ -45,7 +45,7 @@ export async function pickSiteDefaults( // list all of the sites on that exit node const sitesQuery = await db .select({ - subnet: sites.subnet, + subnet: sites.subnet }) .from(sites) .where(eq(sites.exitNodeId, exitNode.exitNodeId)); @@ -53,8 +53,17 @@ export async function pickSiteDefaults( // TODO: we need to lock this subnet for some time so someone else does not take it let subnets = sitesQuery.map((site) => site.subnet); // exclude the exit node address by replacing after the / with a site block size - subnets.push(exitNode.address.replace(/\/\d+$/, `/${config.getRawConfig().gerbil.site_block_size}`)); - const newSubnet = findNextAvailableCidr(subnets, config.getRawConfig().gerbil.site_block_size, exitNode.address); + subnets.push( + exitNode.address.replace( + /\/\d+$/, + `/${config.getRawConfig().gerbil.site_block_size}` + ) + ); + const newSubnet = findNextAvailableCidr( + subnets, + config.getRawConfig().gerbil.site_block_size, + exitNode.address + ); if (!newSubnet) { return next( createHttpError( @@ -77,12 +86,12 @@ export async function pickSiteDefaults( endpoint: exitNode.endpoint, subnet: newSubnet, newtId, - newtSecret: secret, + newtSecret: secret }, success: true, error: false, message: "Organization retrieved successfully", - status: HttpCode.OK, + status: HttpCode.OK }); } catch (error) { logger.error(error);