mirror of
https://github.com/aljazceru/ark.git
synced 2025-12-17 12:14:21 +01:00
57ce08f239
* Update protos * Update handlers * Support macaroons and TLS * Add arkd cli * Minor fixes * Update deps * Fixes * Update makefile * Fixes * Fix * Fix * Fix * Remove trusted onboarding from client * Completely remove trusted onboarding * Fix compose files and add --no-macaroon flag to arkd cli * Lint * Remove e2e for trusted onboarding * Add sleep time
129 lines
2.9 KiB
Go
129 lines
2.9 KiB
Go
package grpcservice
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"crypto/tls"
|
|
"fmt"
|
|
"net"
|
|
"path/filepath"
|
|
|
|
"golang.org/x/net/http2"
|
|
)
|
|
|
|
type Config struct {
|
|
Datadir string
|
|
Port uint32
|
|
NoTLS bool
|
|
NoMacaroons bool
|
|
TLSExtraIPs []string
|
|
TLSExtraDomains []string
|
|
}
|
|
|
|
func (c Config) Validate() error {
|
|
lis, err := net.Listen("tcp", c.address())
|
|
if err != nil {
|
|
return fmt.Errorf("invalid port: %s", err)
|
|
}
|
|
defer lis.Close()
|
|
|
|
if !c.NoTLS {
|
|
tlsDir := c.tlsDatadir()
|
|
tlsKeyExists := pathExists(filepath.Join(tlsDir, tlsKeyFile))
|
|
tlsCertExists := pathExists(filepath.Join(tlsDir, tlsCertFile))
|
|
if !tlsKeyExists && tlsCertExists {
|
|
return fmt.Errorf(
|
|
"found %s file but %s is missing. Please delete %s to make the "+
|
|
"daemon recreating both files in path %s",
|
|
tlsCertFile, tlsKeyFile, tlsCertFile, tlsDir,
|
|
)
|
|
}
|
|
|
|
if len(c.TLSExtraIPs) > 0 {
|
|
for _, ip := range c.TLSExtraIPs {
|
|
if net.ParseIP(ip) == nil {
|
|
return fmt.Errorf("invalid operator extra ip %s", ip)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if !c.NoMacaroons {
|
|
macDir := c.macaroonsDatadir()
|
|
adminMacExists := pathExists(filepath.Join(macDir, adminMacaroonFile))
|
|
roMacExists := pathExists(filepath.Join(macDir, roMacaroonFile))
|
|
walletMacExists := pathExists(filepath.Join(macDir, walletMacaroonFile))
|
|
managerMacExists := pathExists(filepath.Join(macDir, managerMacaroonFile))
|
|
|
|
if adminMacExists != roMacExists ||
|
|
adminMacExists != walletMacExists ||
|
|
adminMacExists != managerMacExists {
|
|
return fmt.Errorf(
|
|
"all macaroons must be either existing or not in path %s", macDir,
|
|
)
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (c Config) insecure() bool {
|
|
return c.NoTLS
|
|
}
|
|
|
|
func (c Config) address() string {
|
|
return fmt.Sprintf(":%d", c.Port)
|
|
}
|
|
|
|
func (c Config) gatewayAddress() string {
|
|
return fmt.Sprintf("localhost:%d", c.Port)
|
|
}
|
|
|
|
func (c Config) macaroonsDatadir() string {
|
|
return filepath.Join(c.Datadir, macaroonsFolder)
|
|
}
|
|
|
|
func (c Config) tlsDatadir() string {
|
|
return filepath.Join(c.Datadir, tlsFolder)
|
|
}
|
|
|
|
func (c Config) tlsKey() string {
|
|
if c.NoTLS {
|
|
return ""
|
|
}
|
|
return filepath.Join(c.tlsDatadir(), tlsKeyFile)
|
|
}
|
|
|
|
func (c Config) tlsCert() string {
|
|
if c.NoTLS {
|
|
return ""
|
|
}
|
|
return filepath.Join(c.tlsDatadir(), tlsCertFile)
|
|
}
|
|
|
|
func (c Config) tlsConfig() (*tls.Config, error) {
|
|
if c.NoTLS {
|
|
return nil, nil
|
|
}
|
|
|
|
if c.tlsKey() == "" || c.tlsCert() == "" {
|
|
return nil, fmt.Errorf("tls_key and tls_cert both needs to be provided")
|
|
}
|
|
|
|
certificate, err := tls.LoadX509KeyPair(c.tlsCert(), c.tlsKey())
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
config := &tls.Config{
|
|
MinVersion: tls.VersionTLS12,
|
|
NextProtos: []string{"http/1.1", http2.NextProtoTLS, "h2-14"}, // h2-14 is just for compatibility. will be eventually removed.
|
|
Certificates: []tls.Certificate{certificate},
|
|
CipherSuites: []uint16{
|
|
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
|
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
|
},
|
|
}
|
|
config.Rand = rand.Reader
|
|
|
|
return config, nil
|
|
}
|