updates

lib/cli/commands/service/start.js

@@ -72,18 +72,18 @@ module.exports = async cli => {
         return;
     }
 
-    const procs = await findProcess('port', config.get().service.listen.port);
+    const procs = await findProcess('port', config.get().service.network.port);
     if (procs.length > 0) {
         const [ proc ] = procs;
 
         if (proc.cmd.includes('service start')) {
             cli.error(
-                `A coattail service may already be running on port '${chalk.hex('#4e88e6')(config.service.listen.port)}'.`, 
+                `A coattail service may already be running on port '${chalk.hex('#4e88e6')(config.service.network.port)}'.`, 
                 `Use '${chalk.hex('#4e88e6')('coattail service status')}' for more information.`
             );
         } else {
             cli.error(
-                `Another process is already using the desired port '${chalk.hex('#4e88e6')(config.service.listen.port)}'.`,
+                `Another process is already using the desired port '${chalk.hex('#4e88e6')(config.service.network.port)}'.`,
                 `Offending process: PID ${proc.pid}, CMD ${proc.cmd}`
             );
         }
@@ -114,13 +114,13 @@ module.exports = async cli => {
         }).then(() => {
             cli.success(
                 chalk.hex('#6ce64e')('Service started'),
-                `PID ${spawned.pid}, PORT ${config.get().service.listen.port}`
+                `PID ${spawned.pid}, PORT ${config.get().service.network.port}`
             );
         }).catch(code => {
             if (code === 5) {
                 cli.error(
                     `Failed to start service.`,
-                    `Port ${config.get().service.listen.port} is in use.`
+                    `Port ${config.get().service.network.port} is in use.`
                 );
             } else {
                 cli.error(

lib/cli/commands/service/status.js

@@ -58,9 +58,9 @@ module.exports = async cli => {
 
     const processes = [];
 
-    let procs = await findProcess('port', config.get().service.listen.port);
+    let procs = await findProcess('port', config.get().service.network.port);
     for (const proc of procs) {
-        proc.port = config.get().service.listen.port;
+        proc.port = config.get().service.network.port;
         proc.instance = config.get().paths.root;
         processes.push(proc);
     }
@@ -73,7 +73,7 @@ module.exports = async cli => {
             }
 
             if (proc.cmd.includes('service start')) {
-                proc.port = config.get().service.listen.port;
+                proc.port = config.get().service.network.port;
                 if (proc.cmd.includes('--instance') || proc.cmd.includes('-i')) {
                     const subProcParams = commandLineArgs(options, {
                         argv: proc.cmd.split(' ').slice(4),
@@ -82,7 +82,7 @@ module.exports = async cli => {
                     if (subProcParams.instance) {
                         proc.instance = subProcParams.instance;
                         config.load(subProcParams.instance);
-                        proc.port = config.get().service.listen.port;
+                        proc.port = config.get().service.network.port;
                         config.load(parameters.instance);
                     }
                 }

lib/peer.js

@@ -31,10 +31,6 @@ class Peer extends Model {
         this.token = new Token({jwt});
     }
 
-    bearerKey() {
-        return `ipv4://${this.token.claims().host}/32`;
-    }
-
     performAction({name, data, publish, verbose, logger}={}) {
         return new Promise(async (resolve, reject) => {
             if (this.isLocal()) {

lib/service/service.js

@@ -84,8 +84,8 @@ class Service extends EventEmitter {
             this.emit('error', error);
         });
 
-        this.service.listen(config.get().service.listen.port, config.get().service.listen.address, () => {
-            this.emit('listening', config.get().service.listen.port, config.get().service.listen.address);
+        this.service.listen(config.get().service.network.port, config.get().service.network.address.bind, () => {
+            this.emit('listening', config.get().service.network.port, config.get().service.network.address.bind);
         });
     }
 

lib/tokens/token.js

@@ -2,7 +2,7 @@ const jwt = require('jsonwebtoken');
 const { v4: uuid } = require('uuid');
 const moment = require(`moment`);
 const { pick } = require(`lodash`);
-const { EOL } = require('os');
+const crypto = require(`crypto`);
 const fs = require(`fs`);
 const { table, getBorderCharacters  } = require(`table`);
 const chalk = require(`chalk`);
@@ -41,8 +41,8 @@ class Token extends Model {
         const id = uuid();
         jwtConfig.jwtid = id;
         const token = jwt.sign({
-            host: config.get().service.listen.address,
-            port: config.get().service.listen.port,
+            host: config.get().service.network.address.connection,
+            port: config.get().service.network.port,
             tls: !!config.get().service.tls.use_tls,
             validBearers,
             performable,
@@ -68,7 +68,12 @@ class Token extends Model {
     }
 
     static getTokenIssuer() {
-        return `${config.get().service.listen.address}:${config.get().service.listen.port}`;
+        let key = config.get().validation.public_key.value;
+        if (config.get().validation.public_key.type === 'file') {
+            key = fs.readFileSync(key).toString();
+        }
+
+        return crypto.createHash('sha256').update(key).digest('base64').toString();
     }
 
     isValid() {
@@ -190,8 +195,8 @@ class Token extends Model {
         data.push([chalk.hex('#4e88e6')('Issued At'), chalk.italic(moment(claims.iat * 1000).toISOString())]);
         data.push([chalk.hex('#4e88e6')('Effective At'), chalk.italic(effective_at)]);
         data.push([chalk.hex('#4e88e6')('Expires At'), chalk.italic(expires_at)]);
-        data.push([chalk.hex('#4e88e6')('Issuer'), chalk.italic(claims.iss)]);
-        data.push([chalk.hex('#4e88e6')('Audience'), chalk.italic(claims.aud)]);
+        data.push([chalk.hex('#4e88e6')('Issuer Hash'), chalk.italic(claims.iss)]);
+        data.push([chalk.hex('#4e88e6')('Audience Hash'), chalk.italic(claims.aud)]);
         data.push([chalk.hex('#4e88e6')('Host'), chalk.italic(claims.host)]);
         data.push([chalk.hex('#4e88e6')('Port'), chalk.italic(claims.port)]);
         data.push([chalk.hex('#4e88e6')('Use TLS'), chalk.italic(claims.tls ? chalk.hex('#6ce64e')('Yes') : chalk.hex('#e6d74e')('No'))]);

lib/tokens/validation-token.js

@@ -2,7 +2,6 @@ const jsonwebtoken = require(`jsonwebtoken`);
 const Model = require(`../data/model`);
 const tables = require(`../data/tables`);
 const fs = require(`fs`);
-const { EOL } = require('os');
 const moment = require(`moment`);
 const chalk = require(`chalk`);
 const { table, getBorderCharacters  } = require(`table`);
@@ -38,7 +37,12 @@ class ValidationToken extends Model {
     }
 
     static getTokenIssuer() {
-        return `${config.get().service.listen.address}:${config.get().service.listen.port}`;
+        let key = config.get().validation.public_key.value;
+        if (config.get().validation.public_key.type === 'file') {
+            key = fs.readFileSync(key).toString();
+        }
+
+        return crypto.createHash('sha256').update(key).digest('base64').toString();
     }
 
     static async getSignature() {
@@ -103,7 +107,7 @@ class ValidationToken extends Model {
             [chalk.hex('#4e88e6')('Issued At'), chalk.italic(moment(claims.iat * 1000).toISOString())],
             [chalk.hex('#4e88e6')('Effective At'), chalk.italic(effective_at)],
             [chalk.hex('#4e88e6')('Expires At'), chalk.italic(expires_at)],
-            [chalk.hex('#4e88e6')('Issuer'), chalk.italic(claims.iss)],
+            [chalk.hex('#4e88e6')('Issuer Hash'), chalk.italic(claims.iss)],
         ];
 
         if (showId) {

notes.txt

@@ -27,4 +27,23 @@ per peer notifications
 $ coattail action schema --action --peer
 $ coattail token purge                                                 !! NEW !!
 move colors to class or consts
-get rid of paths module
+get rid of paths module
+key rotation
+bind address was stupid like you thought it would be
+tls without hostname verification
+
+
+service:
+  # TLS Configuration
+  tls:
+    # TLS is not yet supported in Coattail.
+    use_tls: false
+  # The local address and port to bind to.
+  network:
+    address:
+      # The address that other peers should use to connect to this instance.
+      connection: "127.0.0.1"
+      # The address that this peer should bind to when setting up it's server.
+      listen: "127.0.0.1"
+    # The port to use.
+    port: 49365

templates/config.template.yml

@@ -8,9 +8,16 @@ service:
   tls:
     # TLS is not yet supported in Coattail.
     use_tls: false
-  listen:
-    # Address must be a valid IPv4 address. Hostnames are not supported.
-    address: "127.0.0.1"
+  # The local address and port to bind to.
+  network:
+    address:
+      # The address that other peers should use to connect to this instance.
+      inbound: "127.0.0.1"
+      # The address that other peers will see when this peer connects to them.
+      outbound: "127.0.0.1"
+      # The address that this peer should bind to when setting up it's server.
+      listen: "127.0.0.1"
+    # The port to use.
     port: 49365
   # How frequently to ask clients to send keep-alive packets.
   keep_alive_interval: 2000

test.js

@@ -1,3 +1,6 @@
-const test = require(`./lib/cli/index`);
+const crypto = require(`crypto`);
+const fs = require(`fs`);
 
-test();
+console.log(
+    crypto.createHash('sha256').update(fs.readFileSync('/home/nathan/coattail-demo/ct1/keys/auth-key.pem').toString()).digest('hex').toString()
+);