From fc6e80b1bf0bc727b9bf64b75909212f481c4de4 Mon Sep 17 00:00:00 2001 From: postmannen Date: Thu, 7 Mar 2024 23:17:24 +0100 Subject: [PATCH] fixed linter errors, and added the direct use of nkey as flag --- Dockerfile | 37 ++++++++++++++++-------------------- central_auth_acl_handling.go | 2 +- central_auth_key_handling.go | 2 +- configuration_flags.go | 10 ++++++++++ go.mod | 2 +- node_auth.go | 2 +- server.go | 36 ++++++++++++++++++++++++++++++++--- 7 files changed, 63 insertions(+), 28 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5134c5b..6b1955c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # build stage -FROM golang:1.17.7-alpine AS build-env +FROM golang:1.22-alpine AS build-env RUN apk --no-cache add build-base git gcc RUN mkdir -p /build @@ -17,8 +17,6 @@ RUN apk update && apk add curl && apk add nmap WORKDIR /app COPY --from=build-env /build/cmd/ctrl/ctrl /app/ -ENV RING_BUFFER_PERSIST_STORE "1" -ENV RING_BUFFER_SIZE "1000" ENV CONFIG_FOLDER "./etc" ENV SOCKET_FOLDER "./tmp" ENV TCP_LISTENER "" @@ -41,6 +39,7 @@ ENV SUBSCRIBERS_DATA_FOLDER "./var" ENV CENTRAL_NODE_NAME "central" ENV ROOT_CA_PATH "" ENV NKEY_SEED_FILE "" +ENV NKEY_SEED "" ENV EXPOSE_DATA_FOLDER "127.0.0.1:8090" ENV ERROR_MESSAGE_RETRIES 3 ENV ERROR_MESSAGE_TIMEOUT 10 @@ -58,25 +57,21 @@ ENV START_PUB_REQ_HELLO 60 ENV ENABLE_KEY_UPDATES "1" ENV ENABLE_ACL_UPDATES "1" -ENV IS_CENTRAL_ERROR_LOGGER "" -ENV START_SUB_REQ_HELLO "" -ENV START_SUB_REQ_TO_FILE_APPEND "" -ENV START_SUB_REQ_TO_FILE "" -ENV START_SUB_REQ_TO_FILE_NACK "" -ENV START_SUB_REQ_COPY_SRC "" -ENV START_SUB_REQ_COPY_DST "" -ENV START_SUB_REQ_PING "" -ENV START_SUB_REQ_PONG "" -ENV START_SUB_REQ_CLI_COMMAND "" -ENV START_SUB_REQ_TO_CONSOLE "" -ENV START_SUB_REQ_HTTP_GET "" -ENV START_SUB_REQ_HTTP_GET_SCHEDULED "" -ENV START_SUB_REQ_TAIL_FILE "" -ENV START_SUB_REQ_CLI_COMMAND_CONT "" +ENV IS_CENTRAL_ERROR_LOGGER "0" +ENV START_SUB_REQ_HELLO "1" +ENV START_SUB_REQ_TO_FILE_APPEND "1" +ENV START_SUB_REQ_TO_FILE "1" +ENV START_SUB_REQ_TO_FILE_NACK "1" +ENV START_SUB_REQ_COPY_SRC "1" +ENV START_SUB_REQ_COPY_DST "1" +ENV START_SUB_REQ_CLI_COMMAND "1" +ENV START_SUB_REQ_TO_CONSOLE "1" +ENV START_SUB_REQ_HTTP_GET "1" +ENV START_SUB_REQ_HTTP_GET_SCHEDULED "1" +ENV START_SUB_REQ_TAIL_FILE "1" +ENV START_SUB_REQ_CLI_COMMAND_CONT "1" CMD ["ash","-c","env CONFIGFOLDER=./etc/ /app/ctrl\ - -ringBufferPersistStore=${RING_BUFFER_PERSIST_STORE}\ - -ringBufferSize=${RING_BUFFER_SIZE}\ -socketFolder=${SOCKET_FOLDER}\ -tcpListener=${TCP_LISTENER}\ -httpListener=${HTTP_LISTENER}\ @@ -98,6 +93,7 @@ CMD ["ash","-c","env CONFIGFOLDER=./etc/ /app/ctrl\ -centralNodeName=${CENTRAL_NODE_NAME}\ -rootCAPath=${ROOT_CA_PATH}\ -nkeySeedFile=${NKEY_SEED_FILE}\ + -nkeySeed=${NKEY_SEED}\ -exposeDataFolder=${EXPOSE_DATA_FOLDER}\ -errorMessageRetries=${ERROR_MESSAGE_RETRIES}\ -errorMessageTimeout=${ERROR_MESSAGE_TIMEOUT}\ @@ -120,7 +116,6 @@ CMD ["ash","-c","env CONFIGFOLDER=./etc/ /app/ctrl\ -startSubREQCopySrc=${START_SUB_REQ_COPY_SRC}\ -startSubREQCopyDst=${START_SUB_REQ_COPY_DST}\ -startSubREQToFileNACK=${START_SUB_REQ_TO_FILE_NACK}\ - -startSubREQPong=${START_SUB_REQ_PONG}\ -startSubREQCliCommand=${START_SUB_REQ_CLI_COMMAND}\ -startSubREQToConsole=${START_SUB_REQ_TO_CONSOLE}\ -startSubREQHttpGet=${START_SUB_REQ_HTTP_GET}\ diff --git a/central_auth_acl_handling.go b/central_auth_acl_handling.go index 55f129c..407672e 100644 --- a/central_auth_acl_handling.go +++ b/central_auth_acl_handling.go @@ -308,7 +308,7 @@ func (c *centralAuth) generateACLsForAllNodes() error { // defer a.schemaMain.mu.Unlock() enc := json.NewEncoder(fh) enc.SetEscapeHTML(false) - enc.Encode(c.accessLists.schemaMain.ACLMap) + err = enc.Encode(c.accessLists.schemaMain.ACLMap) if err != nil { er := fmt.Errorf("error: generateACLsForAllNodes: encoding json to file failed: %v, err: %v", c.accessLists.schemaMain.ACLMapFilePath, err) c.errorKernel.logError(er, c.configuration) diff --git a/central_auth_key_handling.go b/central_auth_key_handling.go index 2f2f74a..eb18b0f 100644 --- a/central_auth_key_handling.go +++ b/central_auth_key_handling.go @@ -305,7 +305,7 @@ func (c *centralAuth) updateHash(proc process, message Message) { c.pki.nodesAcked.keysAndHash.Hash = hash // Store the key to the db for persistence. - c.pki.dbUpdateHash(hash[:]) + err = c.pki.dbUpdateHash(hash[:]) if err != nil { er := fmt.Errorf("error: methodREQKeysAllow, failed to store the hash into the db: %v", err) c.pki.errorKernel.errSend(proc, message, er, logError) diff --git a/configuration_flags.go b/configuration_flags.go index dd004c0..a5c0a4b 100644 --- a/configuration_flags.go +++ b/configuration_flags.go @@ -69,6 +69,8 @@ type Configuration struct { NkeyPublicKey string `toml:"-"` // NkeyFromED25519SSHKeyFile string `comment:"Full path to the ED25519 SSH private key. Will generate the NKEY Seed from an SSH ED25519 private key file. NB: This option will take precedence over NkeySeedFile if specified"` + // NkeySeed + NkeySeed string `toml:"-"` // The host and port to expose the data folder, : ExposeDataFolder string `comment:"The host and port to expose the data folder, :"` // Timeout in seconds for error messages @@ -169,6 +171,7 @@ type ConfigurationFromFile struct { RootCAPath *string NkeySeedFile *string NkeyFromED25519SSHKeyFile *string + NkeySeed *string ExposeDataFolder *string ErrorMessageTimeout *int ErrorMessageRetries *int @@ -236,6 +239,7 @@ func newConfigurationDefaults() Configuration { RootCAPath: "", NkeySeedFile: "", NkeyFromED25519SSHKeyFile: "", + NkeySeed: "", ExposeDataFolder: "", ErrorMessageTimeout: 60, ErrorMessageRetries: 10, @@ -402,6 +406,11 @@ func checkConfigValues(cf ConfigurationFromFile) Configuration { } else { conf.NkeyFromED25519SSHKeyFile = *cf.NkeyFromED25519SSHKeyFile } + if cf.NkeySeed == nil { + conf.NkeySeed = cd.NkeySeed + } else { + conf.NkeySeed = *cf.NkeySeed + } if cf.ExposeDataFolder == nil { conf.ExposeDataFolder = cd.ExposeDataFolder } else { @@ -613,6 +622,7 @@ func (c *Configuration) CheckFlags(version string) error { flag.StringVar(&c.RootCAPath, "rootCAPath", fc.RootCAPath, "If TLS, enter the path for where to find the root CA certificate") flag.StringVar(&c.NkeyFromED25519SSHKeyFile, "nkeyFromED25519SSHKeyFile", fc.NkeyFromED25519SSHKeyFile, "The full path of the nkeys seed file") flag.StringVar(&c.NkeySeedFile, "nkeySeedFile", fc.NkeySeedFile, "Full path to the ED25519 SSH private key. Will generate the NKEY Seed from an SSH ED25519 private key file. NB: This option will take precedence over NkeySeedFile if specified") + flag.StringVar(&c.NkeySeed, "nkeySeed", fc.NkeySeed, "The actual nkey seed. To use if not stored in file") flag.StringVar(&c.ExposeDataFolder, "exposeDataFolder", fc.ExposeDataFolder, "If set the data folder will be exposed on the given host:port. Default value is not exposed at all") flag.IntVar(&c.ErrorMessageTimeout, "errorMessageTimeout", fc.ErrorMessageTimeout, "The number of seconds to wait for an error message to time out") flag.IntVar(&c.ErrorMessageRetries, "errorMessageRetries", fc.ErrorMessageRetries, "The number of if times to retry an error message before we drop it") diff --git a/go.mod b/go.mod index 7bcac33..30a3ae9 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/postmannen/ctrl -go 1.21 +go 1.22 require ( github.com/fsnotify/fsnotify v1.6.0 diff --git a/node_auth.go b/node_auth.go index 7a0a56c..d2644d2 100644 --- a/node_auth.go +++ b/node_auth.go @@ -154,7 +154,7 @@ func (n *nodeAcl) saveToFile() error { enc := json.NewEncoder(fh) enc.SetEscapeHTML(false) - enc.Encode(n.aclAndHash) + err = enc.Encode(n.aclAndHash) // HERE // b, err := json.Marshal(n.aclAndHash) diff --git a/server.go b/server.go index 9f69c04..91eb1e5 100644 --- a/server.go +++ b/server.go @@ -97,7 +97,37 @@ func NewServer(configuration *Configuration, version string) (*server, error) { opt = nats.RootCAs(configuration.RootCAPath) } - if configuration.NkeySeedFile != "" && configuration.NkeyFromED25519SSHKeyFile == "" { + switch { + case configuration.NkeySeed != "": + cwd, err := os.Getwd() + if err != nil { + return nil, fmt.Errorf("error: failed to get current working directory when creating tmp seed file: %v", err) + } + + pth := filepath.Join(cwd, "seed.txt") + + // f, err := os.CreateTemp(pth, "") + // if err != nil { + // return nil, fmt.Errorf("error: failed to create tmp seed file: %v", err) + // } + + err = os.WriteFile(pth, []byte(configuration.NkeySeed), 0700) + if err != nil { + return nil, fmt.Errorf("error: failed to write temp seed file: %v", err) + } + + opt, err = nats.NkeyOptionFromSeed(pth) + if err != nil { + cancel() + return nil, fmt.Errorf("error: failed to read temp nkey seed file: %v", err) + } + err = os.Remove(pth) + if err != nil { + cancel() + return nil, fmt.Errorf("error: failed to remove temp seed file: %v", err) + } + + case configuration.NkeySeedFile != "" && configuration.NkeyFromED25519SSHKeyFile == "": var err error opt, err = nats.NkeyOptionFromSeed(configuration.NkeySeedFile) @@ -105,9 +135,8 @@ func NewServer(configuration *Configuration, version string) (*server, error) { cancel() return nil, fmt.Errorf("error: failed to read nkey seed file: %v", err) } - } - if configuration.NkeyFromED25519SSHKeyFile != "" { + case configuration.NkeyFromED25519SSHKeyFile != "": var err error opt, err = configuration.nkeyOptFromSSHKey() @@ -115,6 +144,7 @@ func NewServer(configuration *Configuration, version string) (*server, error) { cancel() return nil, fmt.Errorf("error: failed to read nkey seed file: %v", err) } + } var conn *nats.Conn