Merge pull request #1 from aau-network-security/hotfix/remove-viper-#000

Hotfix/remove viper #000

Dockerfile

@@ -8,6 +8,5 @@ RUN CGO_ENABLED=0 GOOS=linux go build -o app -a -ldflags '-w -extldflags "-stati
 FROM alpine
 WORKDIR /app
 RUN apk update && apk add sudo && apk add iptables && apk add -U wireguard-tools
-COPY --from=builder /wg/config/config.yml /app/config.yml
 COPY --from=builder /wg/app /app/app
 ENTRYPOINT ["/app/app"]

config/config.go

@@ -1,60 +1,50 @@
 package config
 
 import (
-	"fmt"
-	"runtime"
+	"io/ioutil"
 
-	"github.com/spf13/viper"
-)
-
-var (
-	configuration *Config
-	_, b, _, _    = runtime.Caller(0)
-	//configurationDirectory = filepath.Join(filepath.Dir(b))
+	"github.com/rs/zerolog/log"
+	"gopkg.in/yaml.v2"
 )
 
 type Config struct {
-	WgInterface WgConfig
-	GrpcConfig  ConnConfig
-}
-
-type WgConfig struct {
-	Eth string
-	Dir string
-}
-
-type ConnConfig struct {
-	Domain struct {
-		Endpoint string
-		Port     uint
-	}
-	Tls  CertConfig
-	Auth struct {
-		AKey string
-		SKey string
-	}
+	WgConfig struct {
+		Eth string `yaml:"eth"`
+		Dir string `yaml:"dir"`
+	} `yaml:"wireguard-config"`
+	ServiceConfig struct {
+		Domain struct {
+			Endpoint string `yaml:"endpoint"`
+			Port     uint   `yaml:"port"`
+		} `yaml:"domain"`
+		TLS struct {
+			Enabled  bool   `yaml:"enabled"`
+			CertFile string `yaml:"certFile"`
+			CertKey  string `yaml:"certKey"`
+			CAFile   string `yaml:"caFile"`
+
+			Directory string `yaml:"directory"`
+		} `yaml:"tls"`
+		Auth struct {
+			AKey string `yaml:"aKey"`
+			SKey string `yaml:"sKey"`
+		} `yaml:"auth"`
+	} `yaml:"service-config"`
 }
 
-type CertConfig struct {
-	Enabled   bool
-	Directory string
-	CertFile  string
-	CertKey   string
-	CAFile    string
-}
+func NewConfig(path string) (*Config, error) {
+	f, err := ioutil.ReadFile(path)
 
-func InitializeConfig(configPath string) (*Config, error) {
-	viper.AddConfigPath(configPath)
-	viper.SetConfigType("yaml")
-	err := viper.ReadInConfig()
 	if err != nil {
-		fmt.Println("fatal error config file: config \n ", err)
+		log.Error().Msgf("Reading config file err: %v", err)
 		return nil, err
 	}
-	err = viper.Unmarshal(&configuration)
+
+	var c Config
+	err = yaml.Unmarshal(f, &c)
 	if err != nil {
-		fmt.Println("Unmarshalling fatal error config file: config \n ", err)
+		log.Error().Msgf("Unmarshall error %v \n", err)
 		return nil, err
 	}
-	return configuration, nil
+	return &c, nil
 }

config/config.yml

@@ -1,9 +1,9 @@
-WgInterface:
+wireguard-config:
   eth: eth0
   # dir is the place where configuration files of wg are located.
   dir: /etc/wireguard/
 
-GrpcConfig:
+service-config:
   domain:
     endpoint: localhost
     port: 5353

go.mod

@@ -6,6 +6,6 @@ require (
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/golang/protobuf v1.3.5
 	github.com/rs/zerolog v1.19.0
-	github.com/spf13/viper v1.7.1
 	google.golang.org/grpc v1.28.0
+	gopkg.in/yaml.v2 v2.3.0
 )

grpc/server/main.go

@@ -20,11 +20,14 @@ var (
 )
 
 func main() {
-	configuration, err := config.InitializeConfig(configPath)
+	if configPath == "" {
+		panic("Set CONFIG_PATH environment variable correctly ! ")
+	}
+	configuration, err := config.NewConfig(configPath)
 	if err != nil {
 		panic("Configuration initialization error: " + err.Error())
 	}
-	port := strconv.FormatUint(uint64(configuration.GrpcConfig.Domain.Port), 10)
+	port := strconv.FormatUint(uint64(configuration.ServiceConfig.Domain.Port), 10)
 
 	lis, err := net.Listen("tcp", ":"+port)
 	if err != nil {
@@ -35,7 +38,7 @@ func main() {
 	if err != nil {
 		return
 	}
-	opts, err := wg.SecureConn(configuration.GrpcConfig.Tls)
+	opts, err := wg.SecureConn(configuration)
 	if err != nil {
 		log.Fatalf("failed to retrieve secure options %s", err.Error())
 	}

readme.md

@@ -27,14 +27,14 @@ $ apt-get install wireguard-dkms wireguard-tools linux-headers-$(uname -r)
 ```bash 
 $ docker build -t wg .
 
-$ docker run -e CONFIG_PATH=/app/ \ 
-            --name=wireguard-service
-            --net=host \
-            --cap-add=NET_ADMIN  \
-            --cap-add=SYS_MODULE \ 
-            -v /path/to/service/config:/app/
-            -v /lib/modules:/lib/modules \  
-            --sysctl="net.ipv4.conf.all.src_valid_mark=1" \ 
+$ docker run -v /path/to/service/config:/app/ \
+             -e CONFIG_PATH=/app/
+             --name=wireguard-service \ 
+             --net=host \
+             --cap-add=NET_ADMIN  \
+             --cap-add=SYS_MODULE \ 
+             -v /lib/modules:/lib/modules \  
+             --sysctl="net.ipv4.conf.all.src_valid_mark=1" \ 
              wg 
 ```
 

vpn/backend.go

@@ -30,12 +30,12 @@ type wireguard struct {
 func (w *wireguard) InitializeI(ctx context.Context, r *pb.IReq) (*pb.IResp, error) {
 
 	log.Info().Msgf("Initializing interface for %s ", r.IName)
-	privKey, err := generatePrivateKey(w.config.WgInterface.Dir + r.IName + "_priv")
+	privKey, err := generatePrivateKey(w.config.WgConfig.Dir + r.IName + "_priv")
 	if err != nil {
 		return &pb.IResp{}, err
 	}
-	log.Info().Msgf("Private key is generated %s with name %s", w.config.WgInterface.Dir, r.IName)
-	if err := generatePublicKey(ctx, w.config.WgInterface.Dir+r.IName+"_priv", w.config.WgInterface.Dir+r.IName+"_pub"); err != nil {
+	log.Info().Msgf("Private key is generated %s with name %s", w.config.WgConfig.Dir, r.IName)
+	if err := generatePublicKey(ctx, w.config.WgConfig.Dir+r.IName+"_priv", w.config.WgConfig.Dir+r.IName+"_pub"); err != nil {
 		return &pb.IResp{}, err
 	}
 
@@ -47,7 +47,7 @@ func (w *wireguard) InitializeI(ctx context.Context, r *pb.IReq) (*pb.IResp, err
 		saveConfig: r.SaveConfig,
 		iName:      r.IName,
 	}
-	out, err := genInterfaceConf(wgI, w.config.WgInterface.Dir)
+	out, err := genInterfaceConf(wgI, w.config.WgConfig.Dir)
 	if err != nil {
 		return &pb.IResp{Message: out}, err
 	}
@@ -133,29 +133,29 @@ func (w *wireguard) ListPeers(ctx context.Context, r *pb.ListPeersReq) (*pb.List
 // GenPrivateKey generates PrivateKey for wireguard interface
 func (w *wireguard) GenPrivateKey(ctx context.Context, r *pb.PrivKeyReq) (*pb.PrivKeyResp, error) {
 
-	_, err := generatePrivateKey(w.config.WgInterface.Dir + r.PrivateKeyName + "_priv")
+	_, err := generatePrivateKey(w.config.WgConfig.Dir + r.PrivateKeyName + "_priv")
 	if err != nil {
 		return &pb.PrivKeyResp{}, err
 	}
 	log.Info().Msgf("GenPrivateKey is called to generate new private key with filename %s", r.PrivateKeyName)
-	return &pb.PrivKeyResp{Message: "Private Key is created with name " + w.config.WgInterface.Dir + r.PrivateKeyName}, nil
+	return &pb.PrivKeyResp{Message: "Private Key is created with name " + w.config.WgConfig.Dir + r.PrivateKeyName}, nil
 }
 
 // GenPublicKey generates PublicKey for wireguard interface
 func (w *wireguard) GenPublicKey(ctx context.Context, r *pb.PubKeyReq) (*pb.PubKeyResp, error) {
 	// check whether private key exists or not, if not generate one
-	if _, err := os.Stat(w.config.WgInterface.Dir + r.PrivKeyName + "_pub"); os.IsNotExist(err) {
+	if _, err := os.Stat(w.config.WgConfig.Dir + r.PrivKeyName + "_pub"); os.IsNotExist(err) {
 		fmt.Printf("PrivateKeyFile is not exists, creating one ... %s\n", r.PrivKeyName)
-		_, err := generatePrivateKey(w.config.WgInterface.Dir + r.PrivKeyName + "_priv")
+		_, err := generatePrivateKey(w.config.WgConfig.Dir + r.PrivKeyName + "_priv")
 		if err != nil {
 			return &pb.PubKeyResp{Message: "Error"}, fmt.Errorf("error in generation of private key %v", err)
 		}
 	}
 
-	if err := generatePublicKey(ctx, w.config.WgInterface.Dir+r.PrivKeyName+"_priv", w.config.WgInterface.Dir+r.PubKeyName+"_pub"); err != nil {
+	if err := generatePublicKey(ctx, w.config.WgConfig.Dir+r.PrivKeyName+"_priv", w.config.WgConfig.Dir+r.PubKeyName+"_pub"); err != nil {
 		return &pb.PubKeyResp{}, err
 	}
-	return &pb.PubKeyResp{Message: "Public key is generated with " + w.config.WgInterface.Dir + r.PubKeyName + " name"}, nil
+	return &pb.PubKeyResp{Message: "Public key is generated with " + w.config.WgConfig.Dir + r.PubKeyName + " name"}, nil
 }
 
 // GetPublicKey returns content of given PublicKey
@@ -181,17 +181,17 @@ func (w *wireguard) GetPrivateKey(ctx context.Context, req *pb.PrivKeyReq) (*pb.
 	return &pb.PrivKeyResp{Message: out}, nil
 }
 
-func GetCreds(conf config.CertConfig) (credentials.TransportCredentials, error) {
+func GetCreds(conf config.Config) (credentials.TransportCredentials, error) {
 	log.Printf("Preparing credentials for RPC")
 
-	certificate, err := tls.LoadX509KeyPair(conf.CertFile, conf.CertKey)
+	certificate, err := tls.LoadX509KeyPair(conf.ServiceConfig.TLS.CertFile, conf.ServiceConfig.TLS.CertKey)
 	if err != nil {
 		return nil, fmt.Errorf("could not load server key pair: %s", err)
 	}
 
 	// Create a certificate pool from the certificate authority
 	certPool := x509.NewCertPool()
-	ca, err := ioutil.ReadFile(conf.CAFile)
+	ca, err := ioutil.ReadFile(conf.ServiceConfig.TLS.CAFile)
 	if err != nil {
 		return nil, fmt.Errorf("could not read ca certificate: %s", err)
 	}
@@ -212,10 +212,10 @@ func GetCreds(conf config.CertConfig) (credentials.TransportCredentials, error)
 }
 
 // SecureConn enables communication over secure channel
-func SecureConn(conf config.CertConfig) ([]grpc.ServerOption, error) {
-	if conf.Enabled {
-		log.Info().Msgf("Conf cert-file: %s, cert-key: %s ca: %s", conf.CertFile, conf.CertKey, conf.CAFile)
-		creds, err := GetCreds(conf)
+func SecureConn(conf *config.Config) ([]grpc.ServerOption, error) {
+	if conf.ServiceConfig.TLS.Enabled {
+		log.Info().Msgf("Conf cert-file: %s, cert-key: %s ca: %s", conf.ServiceConfig.TLS.CertFile, conf.ServiceConfig.TLS.CertKey, conf.ServiceConfig.TLS.CAFile)
+		creds, err := GetCreds(*conf)
 
 		if err != nil {
 			return []grpc.ServerOption{}, errors.New("Error on retrieving certificates: " + err.Error())
@@ -229,7 +229,7 @@ func SecureConn(conf config.CertConfig) ([]grpc.ServerOption, error) {
 func InitServer(conf *config.Config) (*wireguard, error) {
 
 	gRPCServer := &wireguard{
-		auth:   NewAuthenticator(conf.GrpcConfig.Auth.SKey, conf.GrpcConfig.Auth.AKey),
+		auth:   NewAuthenticator(conf.ServiceConfig.Auth.SKey, conf.ServiceConfig.Auth.AKey),
 		config: conf,
 	}
 	return gRPCServer, nil

vpn/vpn.go

@@ -28,7 +28,7 @@ const (
 
 var (
 	// todo: fix configuration variables
-	configuration, _ = config.InitializeConfig(os.Getenv("CONFIG_PATH"))
+	configuration, _ = config.NewConfig(os.Getenv("CONFIG_PATH"))
 )
 
 type Interface struct {
@@ -186,7 +186,7 @@ func generatePrivateKey(privateKeyName string) (string, error) {
 
 // getContent returns content of privateKey or publicKey depending on keyName
 func getContent(keyName string) (string, error) {
-	out, err := ioutil.ReadFile(configuration.WgInterface.Dir + keyName)
+	out, err := ioutil.ReadFile(configuration.WgConfig.Dir + keyName)
 	if err != nil {
 		return "", fmt.Errorf("could not read the file %s err: %v", keyName, err)
 	}
@@ -200,19 +200,19 @@ func genInterfaceConf(i Interface, confPath string) (string, error) {
 	downRule := "iptables -D FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT;"
 	wgConf := fmt.Sprintf(
 		`
-[Interface]
-Address = %s
-ListenPort = %d
-SaveConfig = %v
-PrivateKey = %s
-PostUp = %siptables -t nat -A POSTROUTING -o %s -j MASQUERADE
-PostDown = %siptables -t nat -D POSTROUTING -o %s -j MASQUERADE`, i.address, i.listenPort, i.saveConfig, i.privateKey,
+		[Interface]
+		Address = %s
+		ListenPort = %d
+		SaveConfig = %v
+		PrivateKey = %s
+		PostUp = %siptables -t nat -A POSTROUTING -o %s -j MASQUERADE
+		PostDown = %siptables -t nat -D POSTROUTING -o %s -j MASQUERADE`, i.address, i.listenPort, i.saveConfig, i.privateKey,
 		upRule, i.eth, downRule, i.eth)
 
 	if err := writeToFile(confPath+i.iName+".conf", wgConf); err != nil {
 		return "GenInterface Error:  ", err
 	}
-	return i.iName + " configuration saved to " + configuration.WgInterface.Dir, nil
+	return i.iName + " configuration saved to " + configuration.WgConfig.Dir, nil
 }
 
 func WireGuardCmd(cmd string) ([]byte, error) {