Refactor: Split internal server into multiple packages

- Pass contexts - Have separate packages for e.g. custom, institute and secure - internet servers, profiles.... - Return types from the public ./types package with a Public() method
author: jwijenbergh <jeroenwijenbergh@protonmail.com> 2023-04-12 22:52:49 +0200
committer: Jeroen Wijenbergh <46386452+jwijenbergh@users.noreply.github.com> 2023-09-25 09:43:37 +0200
commit: a23c3e61c5d89ef67973891b5b3a176c06e1b174 (patch)
tree: f1eed03b047f8affd3d5123fa5c9e868ac7d8bec /internal/server/api/api.go
parent: ee95eb45708e1fa766a63866d26d05d13f23e8c9 (diff)
1 files changed, 217 insertions, 0 deletions
diff --git a/internal/server/api/api.go b/internal/server/api/api.go
new file mode 100644
index 0000000..9ad6f2d
--- /dev/null
+++ b/internal/server/api/api.go
@@ -0,0 +1,217 @@
+package api
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/url"
+	"path"
+	"time"
+
+	httpw "github.com/eduvpn/eduvpn-common/internal/http"
+	"github.com/eduvpn/eduvpn-common/internal/log"
+	"github.com/eduvpn/eduvpn-common/internal/oauth"
+	"github.com/eduvpn/eduvpn-common/internal/server/base"
+	"github.com/eduvpn/eduvpn-common/internal/server/endpoints"
+	"github.com/eduvpn/eduvpn-common/internal/server/profile"
+	"github.com/go-errors/errors"
+)
+
+func Endpoints(ctx context.Context, b *base.Base) error {
+	uStr, err := httpw.JoinURLPath(b.URL, "/.well-known/vpn-user-portal")
+	if err != nil {
+		return err
+	}
+	if b.HTTPClient == nil {
+		b.HTTPClient = httpw.NewClient()
+	}
+	_, body, err := b.HTTPClient.Get(ctx, uStr)
+	if err != nil {
+		return errors.WrapPrefix(err, "failed getting server endpoints", 0)
+	}
+
+	ep := endpoints.Endpoints{}
+	if err = json.Unmarshal(body, &ep); err != nil {
+		return errors.WrapPrefix(err, "failed getting server endpoints", 0)
+	}
+	err = ep.Validate()
+	if err != nil {
+		return err
+	}
+
+	b.Endpoints = ep
+	return nil
+}
+
+func authorized(
+	ctx context.Context,
+	b *base.Base,
+	oauth *oauth.OAuth,
+	method string,
+	endpoint string,
+	opts *httpw.OptionalParams,
+) (http.Header, []byte, error) {
+	// Ensure optional is not nil as we will fill it with headers
+	if opts == nil {
+		opts = &httpw.OptionalParams{}
+	}
+	errorMessage := "failed API authorized"
+
+	// Join the paths
+	u, err := url.Parse(b.Endpoints.API.V3.API)
+	if err != nil {
+		return nil, nil, errors.WrapPrefix(err, errorMessage, 0)
+	}
+	u.Path = path.Join(u.Path, endpoint)
+
+	// Make sure the tokens are valid, this will return an error if re-login is needed
+	t, err := oauth.AccessToken(ctx)
+	if err != nil {
+		return nil, nil, errors.WrapPrefix(err, errorMessage, 0)
+	}
+
+	key := "Authorization"
+	val := fmt.Sprintf("Bearer %s", t)
+	if opts.Headers != nil {
+		opts.Headers.Add(key, val)
+	} else {
+		opts.Headers = http.Header{key: {val}}
+	}
+
+	// Create a client if it doesn't exist
+	if b.HTTPClient == nil {
+		b.HTTPClient = httpw.NewClient()
+	}
+	return b.HTTPClient.Do(ctx, method, u.String(), opts)
+}
+
+func authorizedRetry(
+	ctx context.Context,
+	b *base.Base,
+	auth *oauth.OAuth,
+	method string,
+	endpoint string,
+	opts *httpw.OptionalParams,
+) (http.Header, []byte, error) {
+	h, body, err := authorized(ctx, b, auth, method, endpoint, opts)
+	if err == nil {
+		return h, body, nil
+	}
+
+	statErr := &httpw.StatusError{}
+	// Only retry authorized if we get an HTTP 401
+	if errors.As(err, &statErr) && statErr.Status == 401 {
+		log.Logger.Debugf("Got a 401 error after HTTP method: %s, endpoint: %s. Marking token as expired...", method, endpoint)
+		// Mark the token as expired and retry, so we trigger the refresh flow
+		auth.SetTokenExpired()
+		h, body, err = authorized(ctx, b, auth, method, endpoint, opts)
+	}
+	return h, body, err
+}
+
+func Info(ctx context.Context, b *base.Base, auth *oauth.OAuth) error {
+	_, body, err := authorizedRetry(ctx, b, auth, http.MethodGet, "/info", nil)
+	if err != nil {
+		return err
+	}
+	profiles := profile.Info{}
+	if err = json.Unmarshal(body, &profiles); err != nil {
+		return errors.WrapPrefix(err, "failed API /info", 0)
+	}
+
+	// Store the profiles and make sure that the current profile is not overwritten
+	prev := b.Profiles.Current
+	b.Profiles = profiles
+	b.Profiles.Current = prev
+	return nil
+}
+
+// see https://github.com/eduvpn/documentation/blob/v3/API.md#request-1
+func boolToYesNo(preferTCP bool) string {
+	if preferTCP {
+		return "yes"
+	}
+	return "no"
+}
+
+func ConnectWireguard(
+	ctx context.Context,
+	b *base.Base,
+	auth *oauth.OAuth,
+	profileID string,
+	pubkey string,
+	preferTCP bool,
+	openVPNSupport bool,
+) (string, string, time.Time, error) {
+	hdrs := http.Header{
+		"content-type": {"application/x-www-form-urlencoded"},
+		"accept":       {"application/x-wireguard-profile"},
+	}
+
+	// This profile also supports OpenVPN
+	// Indicate that we also accept OpenVPN profiles
+	if openVPNSupport {
+		hdrs.Add("accept", "application/x-openvpn-profile")
+	}
+
+	vals := url.Values{
+		"profile_id": {profileID},
+		"public_key": {pubkey},
+		"prefer_tcp": {boolToYesNo(preferTCP)},
+	}
+	h, body, err := authorizedRetry(ctx, b, auth, http.MethodPost, "/connect",
+		&httpw.OptionalParams{Headers: hdrs, Body: vals})
+	if err != nil {
+		return "", "", time.Time{}, err
+	}
+
+	exp := h.Get("expires")
+
+	expTime, err := http.ParseTime(exp)
+	if err != nil {
+		return "", "", time.Time{}, errors.WrapPrefix(err, "failed obtaining a WireGuard configuration", 0)
+	}
+
+	contentH := h.Get("content-type")
+	content := "openvpn"
+	if contentH == "application/x-wireguard-profile" {
+		content = "wireguard"
+	}
+
+	return string(body), content, expTime, nil
+}
+
+func ConnectOpenVPN(ctx context.Context, b *base.Base, auth *oauth.OAuth, profileID string, preferTCP bool) (string, time.Time, error) {
+	hdrs := http.Header{
+		"content-type": {"application/x-www-form-urlencoded"},
+		"accept":       {"application/x-openvpn-profile"},
+	}
+
+	vals := url.Values{
+		"profile_id": {profileID},
+		"prefer_tcp": {boolToYesNo(preferTCP)},
+	}
+
+	h, body, err := authorizedRetry(ctx, b, auth, http.MethodPost, "/connect",
+		&httpw.OptionalParams{Headers: hdrs, Body: vals})
+	if err != nil {
+		return "", time.Time{}, err
+	}
+
+	expH := h.Get("expires")
+	expT, err := http.ParseTime(expH)
+	if err != nil {
+		return "", time.Time{}, errors.WrapPrefix(err, "failed obtaining an OpenVPN configuration", 0)
+	}
+
+	return string(body), expT, nil
+}
+
+// Disconnect disconnects the VPN using the API.
+func Disconnect(ctx context.Context, b *base.Base, auth *oauth.OAuth) error {
+	// The timeout is a bit lower here such that this does not take a too long time for disconnecting
+	// Clients may wish to retry this
+	_, _, err := authorized(ctx, b, auth, http.MethodPost, "/disconnect", &httpw.OptionalParams{Timeout: 5 * time.Second})
+	return err
+}
author	jwijenbergh <jeroenwijenbergh@protonmail.com>	2023-04-12 22:52:49 +0200
committer	Jeroen Wijenbergh <46386452+jwijenbergh@users.noreply.github.com>	2023-09-25 09:43:37 +0200
commit	a23c3e61c5d89ef67973891b5b3a176c06e1b174 (patch)
tree	f1eed03b047f8affd3d5123fa5c9e868ac7d8bec /internal/server/api/api.go
parent	ee95eb45708e1fa766a63866d26d05d13f23e8c9 (diff)