All: Remove ProxyGuard integration

This should be done in WireGuard-go or in case of a linux a small daemon
author: Jeroen Wijenbergh <jeroen.wijenbergh@geant.org> 2025-05-06 10:31:57 +0200
committer: Jeroen Wijenbergh <jeroen.wijenbergh@geant.org> 2025-05-06 13:25:48 +0200
commit: 6b939462fb1064abd42e8cb8316700ec844172ea (patch)
tree: b572daecdf0f25e3beec9883a8b7bb2522628212 /internal/wireguard
parent: 347b20fc91505584bc9efbeca89590a411b95e79 (diff)
4 files changed, 17 insertions, 214 deletions
diff --git a/internal/wireguard/ini/ini.go b/internal/wireguard/ini/ini.go
index 842928a..46c6f8b 100644
--- a/internal/wireguard/ini/ini.go
+++ b/internal/wireguard/ini/ini.go
@@ -7,7 +7,6 @@ package ini
 import (
 	"errors"
 	"fmt"
-	"slices"
 	"strings"
 )
 
@@ -47,28 +46,6 @@ func keyValue(f string) (string, string, error) {
 // OrderedKeys is a slice of strings that is used for an ordered map
 type OrderedKeys []string
 
-func (ok *OrderedKeys) find(name string) int {
-	if ok == nil {
-		return -1
-	}
-	for i, v := range *ok {
-		if v == name {
-			return i
-		}
-	}
-	return -1
-}
-
-// Remove removes a `name` from the OrderedKeys slice by finding the name
-// It is a no-op if the key does not exist
-func (ok *OrderedKeys) Remove(name string) {
-	idx := ok.find(name)
-	if idx == -1 {
-		return
-	}
-	*ok = slices.Delete((*ok), idx, idx+1)
-}
-
 // Section represents a single section within an ini file
 // It consists of multiple key and values
 type Section struct {
@@ -78,7 +55,7 @@ type Section struct {
 
 // KeyValue gets a value for key `key`
 // It returns an error if the key does not exist
-func (sec *Section) KeyValue(key string) (string, error) {
+func (sec *Section) keyValue(key string) (string, error) {
 	if v, ok := sec.keyValues[key]; ok {
 		return v, nil
 	}
@@ -96,7 +73,7 @@ func (sec *Section) newKeyValue(key string, value string) {
 // AddOrReplaceKeyValue adds a key `key` with value `value`
 // If the key already exists it modifies the value
 func (sec *Section) AddOrReplaceKeyValue(key string, value string) {
-	_, err := sec.KeyValue(key)
+	_, err := sec.keyValue(key)
 	if err == nil {
 		sec.keyValues[key] = value
 		return
@@ -108,7 +85,7 @@ func (sec *Section) AddOrReplaceKeyValue(key string, value string) {
 // It returns an error if the key already exists
 func (sec *Section) AddKeyValue(key string, value string) error {
 	// get an existing key
-	_, err := sec.KeyValue(key)
+	_, err := sec.keyValue(key)
 	if err == nil {
 		return fmt.Errorf("key: '%s' already exists", key)
 	}
@@ -116,17 +93,6 @@ func (sec *Section) AddKeyValue(key string, value string) error {
 	return nil
 }
 
-// RemoveKey removes a key `key` from the section
-// It returns an error if the key cannot be found
-func (sec *Section) RemoveKey(key string) (string, error) {
-	if v, ok := sec.keyValues[key]; ok {
-		sec.keys.Remove(key)
-		delete(sec.keyValues, key)
-		return v, nil
-	}
-	return "", fmt.Errorf("no key to remove with name: '%s'", key)
-}
-
 // INI is the struct for a ini file
 type INI struct {
 	sections map[string]*Section
@@ -172,7 +138,7 @@ func (i *INI) String() string {
 		out.WriteString(fmt.Sprintf("[%s]\n", s))
 
 		for _, k := range sec.keys {
-			v, err := sec.KeyValue(k)
+			v, err := sec.keyValue(k)
 			if err != nil {
 				continue
 			}
diff --git a/internal/wireguard/ini/ini_test.go b/internal/wireguard/ini/ini_test.go
index faa45f2..d28ad4d 100644
--- a/internal/wireguard/ini/ini_test.go
+++ b/internal/wireguard/ini/ini_test.go
@@ -160,73 +160,6 @@ func TestKeyValue(t *testing.T) {
 	}
 }
 
-func TestOrderedKeysFind(t *testing.T) {
-	cases := []struct {
-		v  OrderedKeys
-		in string
-		w  int
-	}{
-		{
-			v:  []string{""},
-			in: "test",
-			w:  -1,
-		},
-		{
-			v:  []string{"bla"},
-			in: "bla",
-			w:  0,
-		},
-		{
-			v:  []string{"ha"},
-			in: "bla",
-			w:  -1,
-		},
-		{
-			v:  []string{"ha", "ga"},
-			in: "ga",
-			w:  1,
-		},
-	}
-
-	for _, c := range cases {
-		g := c.v.find(c.in)
-		if g != c.w {
-			t.Fatalf("got: %v, want: %v", g, c.w)
-		}
-	}
-}
-
-func TestOrderedKeysRemove(t *testing.T) {
-	cases := []struct {
-		v   OrderedKeys
-		rem string
-		out OrderedKeys
-	}{
-		{
-			v:   []string{"bla"},
-			rem: "test",
-			out: []string{"bla"},
-		},
-		{
-			v:   []string{"bla"},
-			rem: "bla",
-			out: []string{},
-		},
-		{
-			v:   []string{"ha", "ga"},
-			rem: "ga",
-			out: []string{"ha"},
-		},
-	}
-
-	for _, c := range cases {
-		c.v.Remove(c.rem)
-		if !reflect.DeepEqual(c.v, c.out) {
-			t.Fatalf("got: %v, want: %v", c.v, c.out)
-		}
-	}
-}
-
 func TestParse(t *testing.T) {
 	// parse correct file
 
diff --git a/internal/wireguard/wireguard.go b/internal/wireguard/wireguard.go
index b156430..d2a0ae0 100644
--- a/internal/wireguard/wireguard.go
+++ b/internal/wireguard/wireguard.go
@@ -3,115 +3,30 @@ package wireguard
 
 import (
 	"errors"
-	"fmt"
-	"net"
 
 	"codeberg.org/eduVPN/eduvpn-common/internal/wireguard/ini"
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 )
 
-func availableTCPPort() (int, error) {
-	tcpaddr, err := net.ResolveTCPAddr("tcp", "127.0.0.1:0")
-	if err != nil {
-		return -1, err
-	}
-	ltcp, err := net.ListenTCP("tcp", tcpaddr)
-	if err != nil {
-		return -1, err
-	}
-	defer ltcp.Close() //nolint:errcheck
-	return ltcp.Addr().(*net.TCPAddr).Port, nil
-}
-
-func availableUDPPort() (int, error) {
-	udpaddr, err := net.ResolveUDPAddr("udp", "127.0.0.1:0")
-	if err != nil {
-		return -1, err
-	}
-	ludp, err := net.ListenUDP("udp", udpaddr)
-	if err != nil {
-		return -1, err
-	}
-	defer ludp.Close() //nolint:errcheck
-	return ludp.LocalAddr().(*net.UDPAddr).Port, nil
-}
-
-// Proxy is the proxyguard information
-type Proxy struct {
-	// SourcePort is the source port of the TCP socket
-	SourcePort int
-	// ListenPort is the PORT of the udp listener
-	ListenPort int
-	// Peer is the hostname/ip:port of the WireGuard peer
-	Peer string
-}
-
-// Config gets a wireguard config with API config `cfg`, wg key `key` and whether to use proxyguard `proxy`
-func Config(cfg string, key *wgtypes.Key, proxy bool) (string, *Proxy, error) {
+// Config places a WireGuard key `key` inside of the WireGuard config `cfg`
+func Config(cfg string, key *wgtypes.Key) (string, error) {
 	// the key is nil if the client does not accept WireGuard
 	if key == nil {
-		return "", nil, errors.New("the server sent us a WireGuard profile but the client does not accept WireGuard")
-	}
-
-	var tcpp int
-	var udpp int
-	var err error
-	var udpl string
-
-	if proxy {
-		tcpp, err = availableTCPPort()
-		if err != nil {
-			return "", nil, err
-		}
-		udpp, err = availableUDPPort()
-		if err != nil {
-			return "", nil, err
-		}
-		udpl = fmt.Sprintf("127.0.0.1:%d", udpp)
-	}
-
-	rcfg, peer, err := configReplace(cfg, *key, udpl)
-	if err != nil {
-		return "", nil, err
-	}
-	var retP *Proxy
-	if proxy {
-		retP = &Proxy{
-			SourcePort: tcpp,
-			ListenPort: udpp,
-			Peer:       peer,
-		}
+		return "", errors.New("the server sent us a WireGuard profile but the client does not accept WireGuard")
 	}
-	return rcfg, retP, nil
-}
 
-// ConfigReplace replaces the wireguard config with our private key and proxy in case of TCP
-func configReplace(cfg string, key wgtypes.Key, proxy string) (string, string, error) {
 	// first parse the config
 	secs := ini.Parse(cfg)
 	if secs.Empty() {
-		return "", "", errors.New("parsed ini is empty")
+		return "", errors.New("parsed ini is empty")
 	}
 
 	// find the interface section
 	// and set the private key
 	is, err := secs.Section("Interface")
 	if err != nil {
-		return "", "", err
+		return "", err
 	}
 	is.AddOrReplaceKeyValue("PrivateKey", key.String())
-	peer := ""
-	if proxy != "" {
-		ps, err := secs.Section("Peer")
-		if err != nil {
-			return "", "", err
-		}
-		peer, err = ps.RemoveKey("ProxyEndpoint")
-		if err != nil {
-			return "", "", err
-		}
-		ps.AddOrReplaceKeyValue("Endpoint", proxy)
-	}
-
-	return secs.String(), peer, nil
+	return secs.String(), nil
 }
diff --git a/internal/wireguard/wireguard_test.go b/internal/wireguard/wireguard_test.go
index bd68afb..5092320 100644
--- a/internal/wireguard/wireguard_test.go
+++ b/internal/wireguard/wireguard_test.go
@@ -8,7 +8,7 @@ import (
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 )
 
-func TestConfigReplace(t *testing.T) {
+func TestConfig(t *testing.T) {
 	k, err := wgtypes.GeneratePrivateKey()
 	if err != nil {
 		t.Fatalf("Failed to generate key for wg config replace: %v", err)
@@ -16,7 +16,6 @@ func TestConfigReplace(t *testing.T) {
 
 	cases := []struct {
 		config string
-		proxy  string
 		want   string
 		wantep string
 		werr   string
@@ -24,10 +23,8 @@ func TestConfigReplace(t *testing.T) {
 		{
 			config: `
 `,
-			want:   "",
-			wantep: "",
-			proxy:  "",
-			werr:   "parsed ini is empty",
+			want: "",
+			werr: "parsed ini is empty",
 		},
 		{
 			config: `
@@ -48,9 +45,7 @@ PrivateKey = %s
 [interface]
 [interface2]
 `, k.String()),
-			wantep: "",
-			proxy:  "",
-			werr:   "",
+			werr: "",
 		},
 		{
 			config: `
@@ -73,23 +68,17 @@ DNS = 9.9.9.9,2620:fe::fe
 [Peer]
 PublicKey =
 AllowedIPs = 0.0.0.0/0,::/0
-Endpoint = 127.0.0.1:1337
+ProxyEndpoint = https://vpn.example.org/example
 `, k.String()),
-			wantep: "https://vpn.example.org/example",
-			proxy:  "127.0.0.1:1337",
-			werr:   "",
+			werr: "",
 		},
 	}
 
 	for _, c := range cases {
-		gcfg, gep, err := configReplace(c.config, k, c.proxy)
+		gcfg, err := Config(c.config, &k)
 		test.AssertError(t, err, c.werr)
 		if gcfg != c.want {
 			t.Fatalf("Got config: %s, not equal to config: %s", gcfg, c.want)
 		}
-
-		if gep != c.wantep {
-			t.Fatalf("Got endpoint: %s, not equal to endpoint: %s", gep, c.wantep)
-		}
 	}
 }
author	Jeroen Wijenbergh <jeroen.wijenbergh@geant.org>	2025-05-06 10:31:57 +0200
committer	Jeroen Wijenbergh <jeroen.wijenbergh@geant.org>	2025-05-06 13:25:48 +0200
commit	6b939462fb1064abd42e8cb8316700ec844172ea (patch)
tree	b572daecdf0f25e3beec9883a8b7bb2522628212 /internal/wireguard
parent	347b20fc91505584bc9efbeca89590a411b95e79 (diff)