From 1bbdcc0d172d6d0b840e457f118195f24043e667 Mon Sep 17 00:00:00 2001 From: Nathan Fiscaletti Date: Wed, 9 Mar 2022 16:06:29 -0600 Subject: [PATCH] updates --- lib/cli/commands/service/start.js | 10 +++++----- lib/cli/commands/service/status.js | 8 ++++---- lib/peer.js | 4 ---- lib/service/service.js | 4 ++-- lib/tokens/token.js | 17 +++++++++++------ lib/tokens/validation-token.js | 10 +++++++--- notes.txt | 21 ++++++++++++++++++++- templates/config.template.yml | 13 ++++++++++--- test.js | 7 +++++-- 9 files changed, 64 insertions(+), 30 deletions(-) diff --git a/lib/cli/commands/service/start.js b/lib/cli/commands/service/start.js index 63e470c..7a3fae3 100644 --- a/lib/cli/commands/service/start.js +++ b/lib/cli/commands/service/start.js @@ -72,18 +72,18 @@ module.exports = async cli => { return; } - const procs = await findProcess('port', config.get().service.listen.port); + const procs = await findProcess('port', config.get().service.network.port); if (procs.length > 0) { const [ proc ] = procs; if (proc.cmd.includes('service start')) { cli.error( - `A coattail service may already be running on port '${chalk.hex('#4e88e6')(config.service.listen.port)}'.`, + `A coattail service may already be running on port '${chalk.hex('#4e88e6')(config.service.network.port)}'.`, `Use '${chalk.hex('#4e88e6')('coattail service status')}' for more information.` ); } else { cli.error( - `Another process is already using the desired port '${chalk.hex('#4e88e6')(config.service.listen.port)}'.`, + `Another process is already using the desired port '${chalk.hex('#4e88e6')(config.service.network.port)}'.`, `Offending process: PID ${proc.pid}, CMD ${proc.cmd}` ); } @@ -114,13 +114,13 @@ module.exports = async cli => { }).then(() => { cli.success( chalk.hex('#6ce64e')('Service started'), - `PID ${spawned.pid}, PORT ${config.get().service.listen.port}` + `PID ${spawned.pid}, PORT ${config.get().service.network.port}` ); }).catch(code => { if (code === 5) { cli.error( `Failed to start service.`, - `Port ${config.get().service.listen.port} is in use.` + `Port ${config.get().service.network.port} is in use.` ); } else { cli.error( diff --git a/lib/cli/commands/service/status.js b/lib/cli/commands/service/status.js index 3057a3a..d494280 100644 --- a/lib/cli/commands/service/status.js +++ b/lib/cli/commands/service/status.js @@ -58,9 +58,9 @@ module.exports = async cli => { const processes = []; - let procs = await findProcess('port', config.get().service.listen.port); + let procs = await findProcess('port', config.get().service.network.port); for (const proc of procs) { - proc.port = config.get().service.listen.port; + proc.port = config.get().service.network.port; proc.instance = config.get().paths.root; processes.push(proc); } @@ -73,7 +73,7 @@ module.exports = async cli => { } if (proc.cmd.includes('service start')) { - proc.port = config.get().service.listen.port; + proc.port = config.get().service.network.port; if (proc.cmd.includes('--instance') || proc.cmd.includes('-i')) { const subProcParams = commandLineArgs(options, { argv: proc.cmd.split(' ').slice(4), @@ -82,7 +82,7 @@ module.exports = async cli => { if (subProcParams.instance) { proc.instance = subProcParams.instance; config.load(subProcParams.instance); - proc.port = config.get().service.listen.port; + proc.port = config.get().service.network.port; config.load(parameters.instance); } } diff --git a/lib/peer.js b/lib/peer.js index f62a8ad..f091e82 100644 --- a/lib/peer.js +++ b/lib/peer.js @@ -31,10 +31,6 @@ class Peer extends Model { this.token = new Token({jwt}); } - bearerKey() { - return `ipv4://${this.token.claims().host}/32`; - } - performAction({name, data, publish, verbose, logger}={}) { return new Promise(async (resolve, reject) => { if (this.isLocal()) { diff --git a/lib/service/service.js b/lib/service/service.js index fcd41db..550fe0a 100644 --- a/lib/service/service.js +++ b/lib/service/service.js @@ -84,8 +84,8 @@ class Service extends EventEmitter { this.emit('error', error); }); - this.service.listen(config.get().service.listen.port, config.get().service.listen.address, () => { - this.emit('listening', config.get().service.listen.port, config.get().service.listen.address); + this.service.listen(config.get().service.network.port, config.get().service.network.address.bind, () => { + this.emit('listening', config.get().service.network.port, config.get().service.network.address.bind); }); } diff --git a/lib/tokens/token.js b/lib/tokens/token.js index cca1b62..a6eedde 100644 --- a/lib/tokens/token.js +++ b/lib/tokens/token.js @@ -2,7 +2,7 @@ const jwt = require('jsonwebtoken'); const { v4: uuid } = require('uuid'); const moment = require(`moment`); const { pick } = require(`lodash`); -const { EOL } = require('os'); +const crypto = require(`crypto`); const fs = require(`fs`); const { table, getBorderCharacters } = require(`table`); const chalk = require(`chalk`); @@ -41,8 +41,8 @@ class Token extends Model { const id = uuid(); jwtConfig.jwtid = id; const token = jwt.sign({ - host: config.get().service.listen.address, - port: config.get().service.listen.port, + host: config.get().service.network.address.connection, + port: config.get().service.network.port, tls: !!config.get().service.tls.use_tls, validBearers, performable, @@ -68,7 +68,12 @@ class Token extends Model { } static getTokenIssuer() { - return `${config.get().service.listen.address}:${config.get().service.listen.port}`; + let key = config.get().validation.public_key.value; + if (config.get().validation.public_key.type === 'file') { + key = fs.readFileSync(key).toString(); + } + + return crypto.createHash('sha256').update(key).digest('base64').toString(); } isValid() { @@ -190,8 +195,8 @@ class Token extends Model { data.push([chalk.hex('#4e88e6')('Issued At'), chalk.italic(moment(claims.iat * 1000).toISOString())]); data.push([chalk.hex('#4e88e6')('Effective At'), chalk.italic(effective_at)]); data.push([chalk.hex('#4e88e6')('Expires At'), chalk.italic(expires_at)]); - data.push([chalk.hex('#4e88e6')('Issuer'), chalk.italic(claims.iss)]); - data.push([chalk.hex('#4e88e6')('Audience'), chalk.italic(claims.aud)]); + data.push([chalk.hex('#4e88e6')('Issuer Hash'), chalk.italic(claims.iss)]); + data.push([chalk.hex('#4e88e6')('Audience Hash'), chalk.italic(claims.aud)]); data.push([chalk.hex('#4e88e6')('Host'), chalk.italic(claims.host)]); data.push([chalk.hex('#4e88e6')('Port'), chalk.italic(claims.port)]); data.push([chalk.hex('#4e88e6')('Use TLS'), chalk.italic(claims.tls ? chalk.hex('#6ce64e')('Yes') : chalk.hex('#e6d74e')('No'))]); diff --git a/lib/tokens/validation-token.js b/lib/tokens/validation-token.js index bbcc788..c8a0603 100644 --- a/lib/tokens/validation-token.js +++ b/lib/tokens/validation-token.js @@ -2,7 +2,6 @@ const jsonwebtoken = require(`jsonwebtoken`); const Model = require(`../data/model`); const tables = require(`../data/tables`); const fs = require(`fs`); -const { EOL } = require('os'); const moment = require(`moment`); const chalk = require(`chalk`); const { table, getBorderCharacters } = require(`table`); @@ -38,7 +37,12 @@ class ValidationToken extends Model { } static getTokenIssuer() { - return `${config.get().service.listen.address}:${config.get().service.listen.port}`; + let key = config.get().validation.public_key.value; + if (config.get().validation.public_key.type === 'file') { + key = fs.readFileSync(key).toString(); + } + + return crypto.createHash('sha256').update(key).digest('base64').toString(); } static async getSignature() { @@ -103,7 +107,7 @@ class ValidationToken extends Model { [chalk.hex('#4e88e6')('Issued At'), chalk.italic(moment(claims.iat * 1000).toISOString())], [chalk.hex('#4e88e6')('Effective At'), chalk.italic(effective_at)], [chalk.hex('#4e88e6')('Expires At'), chalk.italic(expires_at)], - [chalk.hex('#4e88e6')('Issuer'), chalk.italic(claims.iss)], + [chalk.hex('#4e88e6')('Issuer Hash'), chalk.italic(claims.iss)], ]; if (showId) { diff --git a/notes.txt b/notes.txt index 2bb97ca..ccd3c42 100644 --- a/notes.txt +++ b/notes.txt @@ -27,4 +27,23 @@ per peer notifications $ coattail action schema --action --peer $ coattail token purge !! NEW !! move colors to class or consts -get rid of paths module \ No newline at end of file +get rid of paths module +key rotation +bind address was stupid like you thought it would be +tls without hostname verification + + +service: + # TLS Configuration + tls: + # TLS is not yet supported in Coattail. + use_tls: false + # The local address and port to bind to. + network: + address: + # The address that other peers should use to connect to this instance. + connection: "127.0.0.1" + # The address that this peer should bind to when setting up it's server. + listen: "127.0.0.1" + # The port to use. + port: 49365 \ No newline at end of file diff --git a/templates/config.template.yml b/templates/config.template.yml index fa49848..10ba6c4 100644 --- a/templates/config.template.yml +++ b/templates/config.template.yml @@ -8,9 +8,16 @@ service: tls: # TLS is not yet supported in Coattail. use_tls: false - listen: - # Address must be a valid IPv4 address. Hostnames are not supported. - address: "127.0.0.1" + # The local address and port to bind to. + network: + address: + # The address that other peers should use to connect to this instance. + inbound: "127.0.0.1" + # The address that other peers will see when this peer connects to them. + outbound: "127.0.0.1" + # The address that this peer should bind to when setting up it's server. + listen: "127.0.0.1" + # The port to use. port: 49365 # How frequently to ask clients to send keep-alive packets. keep_alive_interval: 2000 diff --git a/test.js b/test.js index 530fa11..5b9e2a9 100644 --- a/test.js +++ b/test.js @@ -1,3 +1,6 @@ -const test = require(`./lib/cli/index`); +const crypto = require(`crypto`); +const fs = require(`fs`); -test(); \ No newline at end of file +console.log( + crypto.createHash('sha256').update(fs.readFileSync('/home/nathan/coattail-demo/ct1/keys/auth-key.pem').toString()).digest('hex').toString() +); \ No newline at end of file