Browse Source

debugging desktop app registration stuff

master
forest 5 months ago
parent
commit
2854a2a90e
8 changed files with 29 additions and 17 deletions
  1. +4
    -3
      backend.go
  2. +2
    -2
      easypki_db_adapter.go
  3. +1
    -0
      frontend.go
  4. +1
    -1
      main.go
  5. +3
    -7
      pki/pki_service.go
  6. +4
    -1
      public_api.go
  7. +9
    -1
      ssh_service.go
  8. +5
    -2
      threshold_provisioning_service.go

+ 4
- 3
backend.go View File

@ -94,6 +94,7 @@ const TERABYTE = int64(1000000000000)
const managementClientCertSubject = "management@greenhouse.server.garden"
const freeSubdomainDomain = "greenhouseusers.com"
const adminThresholdNodeId = "greenhouse_internal_node"
var projectedOverageAllowedBeforeSpawningNewInstance int64 = GIGABYTE * 250
var projectedUnderageAllowedBeforeTerminatingInstance int64 = TERABYTE
@ -106,7 +107,6 @@ func initBackend(
emailService *EmailService,
) *BackendApp {
adminThresholdNodeId := "greenhouse_node_id"
greenhouseThresholdServiceId := "greenhouse_https"
toReturn := BackendApp{
@ -323,7 +323,7 @@ func (app *BackendApp) GetActiveNodeIdsForTenant(tenantId int) (map[string]bool,
result := []string{}
responseBytes, err := app.MyHTTP200(
"GET",
fmt.Sprintf("https://%s:%d/clientStates?tenantId=%d", vpsInstance.IPV4, app.ThresholdPort, tenantId),
fmt.Sprintf("https://%s:%d/clientStates?tenantId=%d", vpsInstance.IPV4, app.ThresholdManagementPort, tenantId),
nil,
nil,
)
@ -1053,11 +1053,12 @@ func (app *BackendApp) WriteAdminTenantThresholdConfig() error {
for tenantId, tenant := range tenants {
if tenantId == app.AdminTenantId {
clientConfig, err := app.ThresholdProvisioning.GetClientConfig(
app.AdminTenantId, fmt.Sprintf("%s.%s", tenant.Subdomain, app.FreeSubdomainDomain), "greenhouse",
app.AdminTenantId, fmt.Sprintf("%s.%s", tenant.Subdomain, app.FreeSubdomainDomain), adminThresholdNodeId, "api_key_n_a",
)
if err != nil {
return err
}
clientConfig.ServiceToLocalAddrMap = &(map[string]string{"greenhouse_https": "127.0.0.1:8081"})
clientConfigBytes, err := json.MarshalIndent(clientConfig, "", " ")
if err != nil {
return err


+ 2
- 2
easypki_db_adapter.go View File

@ -6,7 +6,7 @@ import (
easypkiCertificate "git.sequentialread.com/forest/easypki.git/pkg/certificate"
"git.sequentialread.com/forest/easypki.git/pkg/easypki"
"git.sequentialread.com/forest/greenhouse/pki"
errors "git.sequentialread.com/forest/pkg-errors"
)
type GreenhouseEasyPKIStore struct {
@ -34,7 +34,7 @@ func (store *GreenhouseEasyPKIStore) Add(caName, name string, isCa bool, key, ce
func (store *GreenhouseEasyPKIStore) Fetch(caName, name string) ([]byte, []byte, error) {
key, cert, err := store.DB.GetServerKeyPair(caName, name)
if key == nil || cert == nil {
return nil, nil, pki.ErrDoesNotExist
return nil, nil, errors.New("does not exist")
}
return key, cert, err
}


+ 1
- 0
frontend.go View File

@ -38,6 +38,7 @@ type Session struct {
Email string
EmailVerified bool
LaxCookie bool
APIToken string
Expires time.Time
Flash *map[string]string
}


+ 1
- 1
main.go View File

@ -138,7 +138,7 @@ func getConfig(workingDirectory string) *Config {
}
if config.AdminTenantId == 0 {
config.AdminTenantId = 1
config.AdminTenantId = 2
}
configToLog, _ := json.MarshalIndent(config, "", " ")


+ 3
- 7
pki/pki_service.go View File

@ -6,8 +6,8 @@ import (
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"errors"
"net"
"strings"
"time"
easypkiCertificate "git.sequentialread.com/forest/easypki.git/pkg/certificate"
@ -18,10 +18,6 @@ type PKIService struct {
EasyPKI *easypki.EasyPKI
}
var (
ErrDoesNotExist = errors.New("does not exist")
)
func NewPKIService(easyPKI *easypki.EasyPKI) *PKIService {
return &PKIService{
EasyPKI: easyPKI,
@ -99,7 +95,7 @@ func (service *PKIService) GetKeyPairImpl(
}
bundle, err := service.EasyPKI.GetBundle(signer.Name, subject)
if err == ErrDoesNotExist || time.Now().After(bundle.Cert.NotAfter) {
if (err != nil && strings.Contains(err.Error(), "does not exist")) || time.Now().After(bundle.Cert.NotAfter) {
err = service.EasyPKI.Sign(signer, &request)
if err != nil {
return nil, nil, err
@ -120,7 +116,7 @@ func (service *PKIService) GetCACertificate(caName string) (*x509.Certificate, e
func (service *PKIService) getCA(caName string) (*easypkiCertificate.Bundle, error) {
ca, err := service.EasyPKI.GetCA(caName)
if err == ErrDoesNotExist {
if err != nil && strings.Contains(err.Error(), "does not exist") {
err = service.EasyPKI.Sign(
nil,
&easypki.Request{


+ 4
- 1
public_api.go View File

@ -23,7 +23,9 @@ func AddAPIRoutesToFrontend(app *FrontendApp) {
return
}
log.Println("asd1")
activeNodeIds, err := app.Backend.GetActiveNodeIdsForTenant(user.TenantId)
log.Println("asd2")
if err != nil {
app.unhandledError(responseWriter, err)
return
@ -55,7 +57,7 @@ func AddAPIRoutesToFrontend(app *FrontendApp) {
return
}
clientConfig, err := app.Backend.ThresholdProvisioning.GetClientConfig(
user.TenantId, fmt.Sprintf("%s.%s", tenant.Subdomain, app.Backend.FreeSubdomainDomain), newNodeId,
user.TenantId, fmt.Sprintf("%s.%s", tenant.Subdomain, app.Backend.FreeSubdomainDomain), newNodeId, user.APIToken,
)
if err != nil {
app.unhandledError(responseWriter, err)
@ -96,6 +98,7 @@ func handleWithAPIToken(app *FrontendApp, path string, handler func(http.Respons
http.Error(responseWriter, "Unauthorized", http.StatusUnauthorized)
return
}
user.APIToken = apiToken
handler(responseWriter, request, *user)
})


+ 9
- 1
ssh_service.go View File

@ -166,9 +166,17 @@ func errorFromShellExecResult(command string, exitCode int, stdout []byte, stder
errorString := "nil"
if err != nil {
errorString = err.Error()
lines := strings.Split(errorString, "\n")
includeStack := []string{}
for _, line := range lines {
if !strings.Contains(line, "can't shellExecInputPipe") {
includeStack = append(includeStack, line)
}
}
errorString = strings.Join(includeStack, "\n")
}
return fmt.Errorf(
"%s failed with exit code %d, stdout: \n----\n%s\n----\nstderr: \n----\n%s\n----\nerror: %s",
"%s failed with exit code %d, stdout: \n----\n%s\n----\nstderr: \n----\n%s\n----\nstack: %s",
command, exitCode, stdout, stderr, errorString,
)
}


+ 5
- 2
threshold_provisioning_service.go View File

@ -37,6 +37,8 @@ type ThresholdTunnel struct {
type ThresholdClientConfig struct {
ClientId string
GreenhouseDomain string
GreenhouseAPIKey string
ServiceToLocalAddrMap *map[string]string
GreenhouseThresholdPort int
CaCertificate string
ClientTlsKey string
@ -86,7 +88,7 @@ func NewThresholdProvisioningService(config *Config, pkiService *pki.PKIService,
return toReturn
}
func (service *ThresholdProvisioningService) GetClientConfig(tenantId int, greenhouseDomain string, nodeId string) (*ThresholdClientConfig, error) {
func (service *ThresholdProvisioningService) GetClientConfig(tenantId int, greenhouseDomain, nodeId, apiKey string) (*ThresholdClientConfig, error) {
clientId := fmt.Sprintf("%d.%s", tenantId, nodeId)
certificateSubject := fmt.Sprintf("%s@%s", clientId, thresholdCertsDomain)
@ -118,6 +120,7 @@ func (service *ThresholdProvisioningService) GetClientConfig(tenantId int, green
clientConfig := ThresholdClientConfig{
ClientId: clientId,
GreenhouseDomain: greenhouseDomain,
GreenhouseAPIKey: apiKey,
GreenhouseThresholdPort: 9056,
CaCertificate: string(mainCABytes),
ClientTlsKey: string(thresholdKeyBytes),
@ -299,7 +302,7 @@ WantedBy=multi-user.target
substitutions := map[string]string{
"ARTIFACTS_BASE_URL": "https://f000.backblazeb2.com/file/server-garden-artifacts",
"ARCH": "amd64",
"TAR_SHA256": "3f9a0e0d92d3b2073392cff5ebc2bccfb1caca067163c624a96cbc6075a5bd37",
"TAR_SHA256": "e7f030c188e43d5867cea8a3763de6b610f9b2b6bba30eb7cfc4c6bb3271f9f9",
"THRESHOLD_DOMAIN": "greenhouse.server.garden",
"GREENHOUSE_MANAGEMENT_API_AUTH_CA": string(managementAPIAuthCABytes),
"GREENHOUSE_CA": string(mainCABytes),


Loading…
Cancel
Save