feat: generate personal nginx URLs

api/pwapi.proto

@@ -152,6 +152,7 @@ message AgentRegister {
     string domain_suffix = 7 [(gogoproto.moretags) = "url:\"domain_suffix\""];
     string metadata = 8 [(gogoproto.moretags) = "url:\"metadata\""];
     int32 nginx_port = 9 [(gogoproto.moretags) = "url:\"nginx_port\""];
+    string auth_salt = 10 [(gogoproto.moretags) = "url:\"auth_salt\""];
     // FIXME: capabilities
   }
   message Output {

api/pwdb.proto

@@ -46,6 +46,7 @@ message ChallengeFlavor {
   Challenge challenge = 200 [(gogoproto.moretags) = "gorm:\"foreignkey:ChallengeID\""];
   int64 challenge_id = 201 [(gogoproto.customname) = "ChallengeID", (gogoproto.moretags) = "sql:\"not null\" gorm:\"index\""];
   repeated SeasonChallenge season_challenges = 202 [(gogoproto.moretags) = "gorm:\"PRELOAD:false;foreignkey:FlavorID\""];
+  repeated ChallengeInstance instances = 203 [(gogoproto.moretags) = "gorm:\"PRELOAD:false;foreignkey:FlavorID\""];
   //repeated ChallengeSubscription subscriptions = 203 [(gogoproto.moretags) = "gorm:\"PRELOAD:false\""];
 
   enum Driver {
@@ -92,6 +93,10 @@ message ChallengeInstance {
   ChallengeFlavor flavor = 202 [(gogoproto.moretags) = "gorm:\"foreignkey:FlavorID\""];
   int64 flavor_id = 203 [(gogoproto.customname) = "FlavorID", (gogoproto.moretags) = "sql:\"not null\" gorm:\"index\""];
 
+  /// non-db fields
+
+  string nginx_url = 250 [(gogoproto.moretags) = "gorm:\"-\"", (gogoproto.customname) = "NginxURL"];
+
   enum Status {
     Unknown = 0;
     IsNew = 1;           // instance freshly created and never started before
@@ -123,6 +128,7 @@ message Agent {
   int32 times_registered = 112;
   google.protobuf.Timestamp last_registration_at = 113 [(gogoproto.stdtime) = true, (gogoproto.nullable) = true];
   google.protobuf.Timestamp last_seen_at = 114 [(gogoproto.stdtime) = true, (gogoproto.nullable) = true];
+  string auth_salt = 115;
   // FIXME: capabilities
   // FIXME: metrics -> cpu/memory/containers/etc
 

go.mod

@@ -2,14 +2,19 @@ module pathwar.land/v2
 
 require (
 	github.com/Bearer/bearer-go v1.2.1
+	github.com/Microsoft/go-winio v0.4.14 // indirect
 	github.com/brianvoe/gofakeit v3.18.0+incompatible
 	github.com/bwmarrin/snowflake v0.3.0
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
+	github.com/docker/distribution v2.7.1+incompatible // indirect
 	github.com/docker/docker v1.13.1
 	github.com/docker/go-connections v0.4.0
+	github.com/docker/go-units v0.4.0 // indirect
 	github.com/dustin/go-humanize v1.0.0
 	github.com/go-chi/chi v4.0.2+incompatible
 	github.com/go-sql-driver/mysql v1.4.1
+	github.com/gobuffalo/envy v1.8.1 // indirect
+	github.com/gobuffalo/logger v1.0.3 // indirect
 	github.com/gobuffalo/packr/v2 v2.7.1
 	github.com/gogo/gateway v1.1.0
 	github.com/gogo/protobuf v1.3.1
@@ -23,27 +28,36 @@ require (
 	github.com/moby/moby v1.13.1
 	github.com/oklog/run v1.0.0
 	github.com/olekukonko/tablewriter v0.0.4
+	github.com/opencontainers/go-digest v1.0.0-rc1 // indirect
 	github.com/opentracing/opentracing-go v1.1.0
 	github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5
 	github.com/openzipkin/zipkin-go v0.2.1
 	github.com/peterbourgon/ff v1.7.0
 	github.com/pkg/errors v0.8.1
+	github.com/rogpeppe/go-internal v1.5.1 // indirect
 	github.com/rs/cors v1.7.0
 	github.com/soheilhy/cmux v0.1.4
 	github.com/stretchr/testify v1.4.0
 	github.com/treastech/logger v0.0.0-20180705232552-e381e9ecf2e3
+	go.uber.org/atomic v1.5.1 // indirect
+	go.uber.org/multierr v1.4.0 // indirect
 	go.uber.org/zap v1.13.0
 	golang.org/x/crypto v0.0.0-20191227163750-53104e6ec876
+	golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f // indirect
+	golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553 // indirect
 	golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421
+	golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8 // indirect
+	golang.org/x/tools v0.0.0-20191230220329-2aa90c603ae3 // indirect
 	golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898
+	google.golang.org/appengine v1.6.5 // indirect
 	google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb
 	google.golang.org/grpc v1.26.0
 	gopkg.in/gormigrate.v1 v1.6.0
+	gopkg.in/yaml.v2 v2.2.7 // indirect
 	gopkg.in/yaml.v3 v3.0.0-20200121175148-a6ecf24a6d71
 	moul.io/godev v1.5.0
 	moul.io/srand v1.4.0
 	moul.io/zapgorm v1.0.0
-	pathwar.land/go v0.0.0-20200221213905-360dbeca3133
 )
 
 replace (

go/cmd/pathwar/main.go

@@ -762,7 +762,7 @@ func main() {
 				HostPort:          agentHostPort,
 				DomainSuffix:      agentDomainSuffix,
 				ModeratorPassword: agentModeratorPassword,
-				Salt:              agentSalt,
+				AuthSalt:          agentSalt,
 				ForceRecreate:     agentForceRecreate,
 				NginxDockerImage:  agentNginxDockerImage,
 				Cleanup:           agentClean,

go/pkg/pwagent/daemon.go

@@ -12,10 +12,10 @@ import (
 	"github.com/docker/docker/client"
 	"go.uber.org/zap"
 	"moul.io/godev"
-	"pathwar.land/go/pkg/pwversion"
 	"pathwar.land/v2/go/pkg/errcode"
 	"pathwar.land/v2/go/pkg/pwapi"
 	"pathwar.land/v2/go/pkg/pwcompose"
+	"pathwar.land/v2/go/pkg/pwversion"
 )
 
 func Daemon(ctx context.Context, cli *client.Client, apiClient *pwapi.HTTPClient, opts Opts) error {
@@ -119,6 +119,7 @@ func agentRegister(ctx context.Context, apiClient *pwapi.HTTPClient, opts Opts)
 		Version:      pwversion.Version,
 		Tags:         []string{},
 		DomainSuffix: opts.DomainSuffix,
+		AuthSalt:     opts.AuthSalt,
 		Metadata:     string(metadataStr),
 	})
 	if err != nil {

go/pkg/pwagent/nginx.go

@@ -9,17 +9,14 @@ import (
 	"io/ioutil"
 	"os"
 	"strconv"
-	"strings"
 	"text/template"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/client"
 	"github.com/docker/go-connections/nat"
-	"github.com/martinlindhe/base36"
 	"github.com/moby/moby/pkg/stdcopy"
 	"go.uber.org/zap"
-	"golang.org/x/crypto/sha3"
 	"pathwar.land/v2/go/pkg/errcode"
 	"pathwar.land/v2/go/pkg/pwapi"
 	"pathwar.land/v2/go/pkg/pwcompose"
@@ -211,7 +208,7 @@ func genNginxConfig(apiInstances *pwapi.AgentListInstances_Output, containersInf
 	for idx, upstream := range config.Upstreams {
 		upstream.Hashes = make([]string, len(upstream.AllowedUsers))
 		for j, userID := range upstream.AllowedUsers {
-			hash, err := generatePrefixHash(upstream.InstanceID, userID, opts.Salt)
+			hash, err := pwdb.ChallengeInstancePrefixHash(upstream.InstanceID, userID, opts.AuthSalt)
 			if err != nil {
 				return nil, errcode.ErrGeneratePrefixHash.Wrap(err)
 			}
@@ -381,22 +378,6 @@ func nginxSendCommand(ctx context.Context, cli *client.Client, nginxContainerID
 	return nil
 }
 
-func generatePrefixHash(instanceID string, userID int64, salt string) (string, error) {
-	stringToHash := fmt.Sprintf("%s%d%s", instanceID, userID, salt)
-	hashBytes := make([]byte, 8)
-	hasher := sha3.NewShake256()
-	_, err := hasher.Write([]byte(stringToHash))
-	if err != nil {
-		return "", errcode.ErrWriteBytesToHashBuilder.Wrap(err)
-	}
-	_, err = hasher.Read(hashBytes)
-	if err != nil {
-		return "", errcode.ErrReadBytesFromHashBuilder.Wrap(err)
-	}
-	userHash := strings.ToLower(base36.EncodeBytes(hashBytes))[:8] // we voluntarily expect short hashes here
-	return userHash, nil
-}
-
 type nginxConfig struct {
 	Opts      Opts
 	Upstreams map[string]nginxUpstream

go/pkg/pwagent/types.go

@@ -12,7 +12,7 @@ type Opts struct {
 	HostIP            string
 	HostPort          string
 	ModeratorPassword string
-	Salt              string
+	AuthSalt          string
 	ForceRecreate     bool
 	NginxDockerImage  string
 	Cleanup           bool
@@ -28,9 +28,9 @@ func (opts *Opts) applyDefaults() error {
 	if opts.Logger == nil {
 		opts.Logger = zap.NewNop()
 	}
-	if opts.Salt == "" {
-		opts.Salt = randstring.RandString(10)
-		opts.Logger.Warn("random salt generated", zap.String("salt", opts.Salt))
+	if opts.AuthSalt == "" {
+		opts.AuthSalt = randstring.RandString(10)
+		opts.Logger.Warn("random salt generated", zap.String("salt", opts.AuthSalt))
 	}
 	if opts.ModeratorPassword == "" {
 		opts.ModeratorPassword = randstring.RandString(10)

go/pkg/pwapi/api_agent-register.go

@@ -37,6 +37,7 @@ func (svc *service) AgentRegister(ctx context.Context, in *AgentRegister_Input)
 	agent.NginxPort = in.NginxPort
 	agent.Metadata = in.Metadata
 	agent.DomainSuffix = in.DomainSuffix
+	agent.AuthSalt = in.AuthSalt
 	agent.Status = pwdb.Agent_Active
 	now := time.Now()
 	agent.LastRegistrationAt = &now

go/pkg/pwapi/api_season-challenge-list.go

@@ -2,6 +2,7 @@ package pwapi
 
 import (
 	"context"
+	"fmt"
 
 	"pathwar.land/v2/go/pkg/errcode"
 	"pathwar.land/v2/go/pkg/pwdb"
@@ -32,15 +33,33 @@ func (svc *service) SeasonChallengeList(ctx context.Context, in *SeasonChallenge
 		//Preload("Season").
 		Preload("Flavor").
 		Preload("Flavor.Challenge").
+		Preload("Flavor.Instances").
+		Preload("Flavor.Instances.Agent"). // FIXME: where status==active
 		Preload("Subscriptions", "team_id = ?", team.ID).
-		//Preload("Subscriptions.Validations").
 		Where(pwdb.SeasonChallenge{SeasonID: in.SeasonID}).
 		Find(&seasonChallenges).
 		Error
 	if err != nil {
 		return nil, errcode.ErrGetSeasonChallenges.Wrap(err)
 	}
 
+	// prepare & cleanup
+	for _, sc := range seasonChallenges {
+		// FIXME: hide challenges without flavors?
+		//fmt.Println(sc.ID, godev.PrettyJSON(sc.Flavor.Instances))
+		for _, instance := range sc.Flavor.Instances {
+			// FIXME: hide instances without nginx-url?
+			if instance.Agent != nil {
+				hash, err := pwdb.ChallengeInstancePrefixHash(fmt.Sprintf("%d", instance.ID), userID, instance.Agent.AuthSalt)
+				if err != nil {
+					return nil, errcode.ErrGeneratePrefixHash.Wrap(err)
+				}
+				instance.NginxURL = fmt.Sprintf("http://%s.%s", hash, instance.Agent.DomainSuffix)
+				instance.Agent = nil
+			}
+		}
+	}
+
 	ret := SeasonChallengeList_Output{
 		Items: seasonChallenges,
 	}