Merge branch 'master' into lash/purify-more

2025-01-06 07:50:55 +00:00
parent 51b6fc0dde 2024cc96e2
commit cc2f7b41df
16 changed files with 584 additions and 37 deletions
--- a/internal/handlers/single.go
+++ b/internal/handlers/single.go
@@ -6,9 +6,9 @@ import (
 	"io"

 	"git.defalsify.org/vise.git/engine"
-	"git.defalsify.org/vise.git/resource"
-	"git.defalsify.org/vise.git/persist"
 	"git.defalsify.org/vise.git/logging"
+	"git.defalsify.org/vise.git/persist"
+	"git.defalsify.org/vise.git/resource"

 	"git.grassecon.net/urdt/ussd/internal/storage"
 )
@@ -20,33 +20,33 @@ var (
 var (
 	ErrInvalidRequest = errors.New("invalid request for context")
 	ErrSessionMissing = errors.New("missing session")
-	ErrInvalidInput = errors.New("invalid input")
-	ErrStorage = errors.New("storage retrieval fail")
-	ErrEngineType = errors.New("incompatible engine")
-	ErrEngineInit = errors.New("engine init fail")
-	ErrEngineExec = errors.New("engine exec fail")
+	ErrInvalidInput   = errors.New("invalid input")
+	ErrStorage        = errors.New("storage retrieval fail")
+	ErrEngineType     = errors.New("incompatible engine")
+	ErrEngineInit     = errors.New("engine init fail")
+	ErrEngineExec     = errors.New("engine exec fail")
 )

 type RequestSession struct {
-	Ctx context.Context
-	Config engine.Config
-	Engine engine.Engine
-	Input []byte
-	Storage *storage.Storage
-	Writer io.Writer
+	Ctx      context.Context
+	Config   engine.Config
+	Engine   engine.Engine
+	Input    []byte
+	Storage  *storage.Storage
+	Writer   io.Writer
 	Continue bool
 }

 // TODO: seems like can remove this.
 type RequestParser interface {
-	GetSessionId(rq any) (string, error)
+	GetSessionId(context context.Context, rq any) (string, error)
 	GetInput(rq any) ([]byte, error)
 }

 type RequestHandler interface {
 	GetConfig() engine.Config
 	GetRequestParser() RequestParser
-	GetEngine(cfg engine.Config, rs resource.Resource, pe *persist.Persister) engine.Engine 
+	GetEngine(cfg engine.Config, rs resource.Resource, pe *persist.Persister) engine.Engine
 	Process(rs RequestSession) (RequestSession, error)
 	Output(rs RequestSession) (RequestSession, error)
 	Reset(rs RequestSession) (RequestSession, error)
--- a/internal/handlers/ussd/menuhandler.go
+++ b/internal/handlers/ussd/menuhandler.go
@@ -28,7 +28,7 @@ import (
 )

 var (
-	logg           = logging.NewVanilla().WithDomain("ussdmenuhandler").WithContextKey("session-id")
+	logg           = logging.NewVanilla().WithDomain("ussdmenuhandler").WithContextKey("SessionId")
 	scriptDir      = path.Join("services", "registration")
 	translationDir = path.Join(scriptDir, "locale")
 )
@@ -124,7 +124,7 @@ func (h *Handlers) Init(ctx context.Context, sym string, input []byte) (resource

 	sessionId, ok := ctx.Value("SessionId").(string)
 	if ok {
-		context.WithValue(ctx, "session-id", sessionId)
+		ctx = context.WithValue(ctx, "SessionId", sessionId)
 	}

 	flag_admin_privilege, _ := h.flagManager.GetFlag("flag_admin_privilege")
--- a/internal/http/at/parse.go
+++ b/internal/http/at/parse.go
@@ -15,16 +15,14 @@ import (
 )

 type ATRequestParser struct {
-	Context context.Context
 }

-func (arp *ATRequestParser) GetSessionId(rq any) (string, error) {
+func (arp *ATRequestParser) GetSessionId(ctx context.Context, rq any) (string, error) {
 	rqv, ok := rq.(*http.Request)
 	if !ok {
 		logg.Warnf("got an invalid request", "req", rq)
 		return "", handlers.ErrInvalidRequest
 	}
-
 	// Capture body (if any) for logging
 	body, err := io.ReadAll(rqv.Body)
 	if err != nil {
@@ -43,9 +41,9 @@ func (arp *ATRequestParser) GetSessionId(rq any) (string, error) {
 		decodedStr := string(logBytes)
 		sessionId, err := extractATSessionId(decodedStr)
 		if err != nil {
-			context.WithValue(arp.Context, "at-session-id", sessionId)
+			ctx = context.WithValue(ctx, "AT-SessionId", sessionId)
 		}
-		logg.Debugf("Received request:", decodedStr)
+		logg.DebugCtxf(ctx, "Received request:", decodedStr)
 	}

 	if err := rqv.ParseForm(); err != nil {
--- a/internal/http/at/server.go
+++ b/internal/http/at/server.go
@@ -10,7 +10,7 @@ import (
 )

 var (
-	logg = logging.NewVanilla().WithDomain("atserver")
+	logg = logging.NewVanilla().WithDomain("atserver").WithContextKey("SessionId").WithContextKey("AT-SessionId")
 )

 type ATSessionHandler struct {
@@ -34,7 +34,7 @@ func (ash *ATSessionHandler) ServeHTTP(w http.ResponseWriter, req *http.Request)

 	rp := ash.GetRequestParser()
 	cfg := ash.GetConfig()
-	cfg.SessionId, err = rp.GetSessionId(req)
+	cfg.SessionId, err = rp.GetSessionId(req.Context(), req)
 	if err != nil {
 		logg.ErrorCtxf(rqs.Ctx, "", "header processing error", err)
 		ash.WriteError(w, 400, err)
@@ -48,7 +48,7 @@ func (ash *ATSessionHandler) ServeHTTP(w http.ResponseWriter, req *http.Request)
 		return
 	}

-	rqs, err = ash.Process(rqs) 
+	rqs, err = ash.Process(rqs)
 	switch err {
 	case nil: // set code to 200 if no err
 		code = 200
--- a/internal/http/parse.go
+++ b/internal/http/parse.go
@@ -1,6 +1,7 @@
 package http

 import (
+	"context"
 	"io/ioutil"
 	"net/http"

@@ -10,7 +11,7 @@ import (
 type DefaultRequestParser struct {
 }

-func (rp *DefaultRequestParser) GetSessionId(rq any) (string, error) {
+func (rp *DefaultRequestParser) GetSessionId(ctx context.Context, rq any) (string, error) {
 	rqv, ok := rq.(*http.Request)
 	if !ok {
 		return "", handlers.ErrInvalidRequest
@@ -34,5 +35,3 @@ func (rp *DefaultRequestParser) GetInput(rq any) ([]byte, error) {
 	}
 	return v, nil
 }
-
-
--- a/internal/http/server.go
+++ b/internal/http/server.go
@@ -46,7 +46,7 @@ func (f *SessionHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {

 	rp := f.GetRequestParser()
 	cfg := f.GetConfig()
-	cfg.SessionId, err = rp.GetSessionId(req)
+	cfg.SessionId, err = rp.GetSessionId(req.Context(), req)
 	if err != nil {
 		logg.ErrorCtxf(rqs.Ctx, "", "header processing error", err)
 		f.WriteError(w, 400, err)
--- a/internal/http/server_test.go
+++ b/internal/http/server_test.go
@@ -2,6 +2,7 @@ package http

 import (
 	"bytes"
+	"context"
 	"errors"
 	"net/http"
 	"net/http/httptest"
@@ -161,7 +162,7 @@ func TestDefaultRequestParser_GetSessionId(t *testing.T) {

 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			id, err := parser.GetSessionId(tt.request)
+			id, err := parser.GetSessionId(context.Background(),tt.request)

 			if id != tt.expectedID {
 				t.Errorf("Expected session ID %s, got %s", tt.expectedID, id)
--- a/internal/ssh/keystore.go
+++ b/internal/ssh/keystore.go
@@ -0,0 +1,65 @@
+package ssh
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"path"
+
+	"golang.org/x/crypto/ssh"
+
+	"git.defalsify.org/vise.git/db"
+
+	"git.grassecon.net/urdt/ussd/internal/storage"
+	dbstorage "git.grassecon.net/urdt/ussd/internal/storage/db/gdbm"
+)
+
+type SshKeyStore struct {
+	store db.Db
+}
+
+func NewSshKeyStore(ctx context.Context, dbDir string) (*SshKeyStore, error) {
+	keyStore := &SshKeyStore{}
+	keyStoreFile := path.Join(dbDir, "ssh_authorized_keys.gdbm")
+	keyStore.store = dbstorage.NewThreadGdbmDb()
+	err := keyStore.store.Connect(ctx, keyStoreFile)
+	if err != nil {
+		return nil, err
+	}
+	return keyStore, nil
+}
+
+func(s *SshKeyStore) AddFromFile(ctx context.Context, fp string, sessionId string) error {
+	_, err := os.Stat(fp)
+	if err != nil {
+		return fmt.Errorf("cannot open ssh server public key file: %v\n", err)
+	}
+
+	publicBytes, err := os.ReadFile(fp)
+	if err != nil {
+		return fmt.Errorf("Failed to load public key: %v", err)
+	}
+	pubKey, _, _, _, err := ssh.ParseAuthorizedKey(publicBytes)
+	if err != nil {
+		return fmt.Errorf("Failed to parse public key: %v", err)
+	}
+	k := append([]byte{0x01}, pubKey.Marshal()...)
+	s.store.SetPrefix(storage.DATATYPE_EXTEND)
+	logg.Infof("Added key", "sessionId", sessionId, "public key", string(publicBytes))
+	return s.store.Put(ctx, k, []byte(sessionId))
+}
+
+func(s *SshKeyStore) Get(ctx context.Context, pubKey ssh.PublicKey) (string, error) {
+	s.store.SetLanguage(nil)
+	s.store.SetPrefix(storage.DATATYPE_EXTEND)
+	k := append([]byte{0x01}, pubKey.Marshal()...)
+	v, err := s.store.Get(ctx, k)
+	if err != nil {
+		return "", err
+	}
+	return string(v), nil
+}
+
+func(s *SshKeyStore) Close() error {
+	return s.store.Close()
+}
--- a/internal/ssh/ssh.go
+++ b/internal/ssh/ssh.go
@@ -0,0 +1,287 @@
+package ssh
+
+import (
+	"context"
+	"encoding/hex"
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"net"
+	"os"
+	"sync"
+
+	"golang.org/x/crypto/ssh"
+
+	"git.defalsify.org/vise.git/engine"
+	"git.defalsify.org/vise.git/logging"
+	"git.defalsify.org/vise.git/resource"
+	"git.defalsify.org/vise.git/state"
+
+	"git.grassecon.net/urdt/ussd/internal/handlers"
+	"git.grassecon.net/urdt/ussd/internal/storage"
+	"git.grassecon.net/urdt/ussd/remote"
+)
+
+var (
+	logg = logging.NewVanilla().WithDomain("ssh")
+)
+
+type auther struct {
+	Ctx context.Context
+	keyStore *SshKeyStore
+	auth map[string]string
+}
+
+func NewAuther(ctx context.Context, keyStore *SshKeyStore) *auther {
+	return &auther{
+		Ctx: ctx,
+		keyStore: keyStore,
+		auth: make(map[string]string),
+	}
+}
+
+func(a *auther) Check(conn ssh.ConnMetadata, pubKey ssh.PublicKey) (*ssh.Permissions, error) {
+	va, err := a.keyStore.Get(a.Ctx, pubKey)
+	if err != nil {
+		return nil, err
+	}
+	ka := hex.EncodeToString(conn.SessionID())
+	a.auth[ka] = va 
+	fmt.Fprintf(os.Stderr, "connect: %s -> %s\n", ka, va)
+	return nil, nil
+}
+
+func(a *auther) FromConn(c *ssh.ServerConn) (string, error) {
+	if c == nil {
+		return "", errors.New("nil server conn")
+	}
+	if c.Conn == nil {
+		return "", errors.New("nil underlying conn")
+	}
+	return a.Get(c.Conn.SessionID())
+}
+
+
+func(a *auther) Get(k []byte) (string, error) {
+	ka := hex.EncodeToString(k)
+	v, ok := a.auth[ka]
+	if !ok {
+		return "", errors.New("not found")
+	}
+	return v, nil
+}
+
+func(s *SshRunner) serve(ctx context.Context, sessionId string, ch ssh.NewChannel, en engine.Engine) error {
+	if ch == nil {
+		return errors.New("nil channel")
+	}
+	if ch.ChannelType() != "session" {
+		ch.Reject(ssh.UnknownChannelType, "that is not the channel you are looking for")
+		return errors.New("not a session")
+	}
+	channel, requests, err := ch.Accept()
+	if err != nil {
+		panic(err)
+	}
+	defer channel.Close()
+	s.wg.Add(1)
+	go func(reqIn <-chan *ssh.Request) {
+		defer s.wg.Done()
+		for req := range reqIn {
+			req.Reply(req.Type == "shell", nil)	
+		}
+		_ = requests
+	}(requests)
+
+	cont, err := en.Exec(ctx, []byte{})
+	if err != nil {
+		return fmt.Errorf("initial engine exec err: %v", err)
+	}
+
+	var input [state.INPUT_LIMIT]byte
+	for cont {
+		c, err := en.Flush(ctx, channel)
+		if err != nil {
+			return fmt.Errorf("flush err: %v", err)
+		}
+		_, err = channel.Write([]byte{0x0a})
+		if err != nil {
+			return fmt.Errorf("newline err: %v", err)
+		}
+		c, err = channel.Read(input[:])
+		if err != nil {
+			return fmt.Errorf("read input fail: %v", err)
+		}
+		logg.TraceCtxf(ctx, "input read", "c", c, "input", input[:c-1])
+		cont, err = en.Exec(ctx, input[:c-1])
+		if err != nil {
+			return fmt.Errorf("engine exec err: %v", err)
+		}
+		logg.TraceCtxf(ctx, "exec cont", "cont", cont, "en", en)
+		_ = c
+	}
+	c, err := en.Flush(ctx, channel)
+	if err != nil {
+		return fmt.Errorf("last flush err: %v", err)
+	}
+	_ = c
+	return nil
+}
+
+type SshRunner struct {
+	Ctx context.Context
+	Cfg engine.Config
+	FlagFile string
+	DbDir string
+	ResourceDir string
+	Debug bool
+	SrvKeyFile string
+	Host string
+	Port uint
+	wg sync.WaitGroup
+	lst net.Listener
+}
+
+func(s *SshRunner) Stop() error {
+	return s.lst.Close()
+}
+
+func(s *SshRunner) GetEngine(sessionId string) (engine.Engine, func(), error) {
+	ctx := s.Ctx
+	menuStorageService := storage.NewMenuStorageService(s.DbDir, s.ResourceDir)
+
+	err := menuStorageService.EnsureDbDir()
+	if err != nil {
+		return nil, nil, err
+	}
+
+	rs, err := menuStorageService.GetResource(ctx)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	pe, err := menuStorageService.GetPersister(ctx)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	userdatastore, err := menuStorageService.GetUserdataDb(ctx)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	dbResource, ok := rs.(*resource.DbResource)
+	if !ok {
+		return nil, nil, err
+	}
+
+	lhs, err := handlers.NewLocalHandlerService(ctx, s.FlagFile, true, dbResource, s.Cfg, rs)
+	lhs.SetDataStore(&userdatastore)
+	lhs.SetPersister(pe)
+	lhs.Cfg.SessionId = sessionId
+
+	if err != nil {
+		return nil, nil, err
+	}
+
+	// TODO: clear up why pointer here and by-value other cmds
+	accountService := &remote.AccountService{}
+	hl, err := lhs.GetHandler(accountService)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	en := lhs.GetEngine()
+	en = en.WithFirst(hl.Init)
+	if s.Debug {
+		en = en.WithDebug(nil)
+	}
+	// TODO: this is getting very hacky!
+	closer := func() {
+		err := menuStorageService.Close()
+		if err != nil {
+			logg.ErrorCtxf(ctx, "menu storage service cleanup fail", "err", err)
+		}
+	}
+	return en, closer, nil
+}
+
+// adapted example from crypto/ssh package, NewServerConn doc
+func(s *SshRunner) Run(ctx context.Context, keyStore *SshKeyStore) {
+	running := true
+
+	// TODO: waitgroup should probably not be global
+	defer s.wg.Wait()
+
+	auth := NewAuther(ctx, keyStore)
+	cfg := ssh.ServerConfig{
+		PublicKeyCallback: auth.Check,
+	}
+
+	privateBytes, err := os.ReadFile(s.SrvKeyFile)
+	if err != nil {
+		logg.ErrorCtxf(ctx, "Failed to load private key", "err", err)
+	}
+	private, err := ssh.ParsePrivateKey(privateBytes)
+	if err != nil {
+		logg.ErrorCtxf(ctx, "Failed to parse private key", "err", err)
+	}
+	srvPub := private.PublicKey()
+	srvPubStr := base64.StdEncoding.EncodeToString(srvPub.Marshal())
+	logg.InfoCtxf(ctx, "have server key", "type", srvPub.Type(), "public", srvPubStr)
+	cfg.AddHostKey(private)
+
+	s.lst, err = net.Listen("tcp", fmt.Sprintf("%s:%d", s.Host, s.Port))
+	if err != nil {
+		panic(err)
+	}
+
+	for running {
+		conn, err := s.lst.Accept()
+		if err != nil {
+			logg.ErrorCtxf(ctx, "ssh accept error", "err", err)
+			running = false
+			continue
+		}
+
+		go func(conn net.Conn) {
+			defer conn.Close()
+			for true {
+				srvConn, nC, rC, err := ssh.NewServerConn(conn, &cfg)
+				if err != nil {
+					logg.InfoCtxf(ctx, "rejected client", "err", err)
+					return
+				}
+				logg.DebugCtxf(ctx, "ssh client connected", "conn", srvConn)
+
+				s.wg.Add(1)
+				go func() {
+					ssh.DiscardRequests(rC)
+					s.wg.Done()
+				}()
+				
+				sessionId, err := auth.FromConn(srvConn)
+				if err != nil {
+					logg.ErrorCtxf(ctx, "Cannot find authentication")
+					return
+				}
+				en, closer, err := s.GetEngine(sessionId)
+				if err != nil {
+					logg.ErrorCtxf(ctx, "engine won't start", "err", err)
+					return
+				}
+				defer func() {
+					err := en.Finish()
+					if err != nil {
+						logg.ErrorCtxf(ctx, "engine won't stop", "err", err)
+					}
+					closer()
+				}()
+				for ch := range nC {
+					err = s.serve(ctx, sessionId, ch, en)
+					logg.ErrorCtxf(ctx, "ssh server finish", "err", err)
+				}
+			}
+		}(conn)
+	}
+}
--- a/internal/storage/storage.go
+++ b/internal/storage/storage.go
@@ -5,6 +5,10 @@ import (
 	"git.defalsify.org/vise.git/persist"
 )

+const (
+	DATATYPE_EXTEND = 128
+)
+
 type Storage struct {
 	Persister *persist.Persister
 	UserdataDb db.Db	
--- a/internal/testutil/mocks/httpmocks/requestparsermock.go
+++ b/internal/testutil/mocks/httpmocks/requestparsermock.go
@@ -1,12 +1,14 @@
 package httpmocks

+import "context"
+
 // MockRequestParser implements the handlers.RequestParser interface for testing
 type MockRequestParser struct {
 	GetSessionIdFunc func(any) (string, error)
 	GetInputFunc     func(any) ([]byte, error)
 }

-func (m *MockRequestParser) GetSessionId(rq any) (string, error) {
+func (m *MockRequestParser) GetSessionId(ctx context.Context, rq any) (string, error) {
 	return m.GetSessionIdFunc(rq)
 }