V3 release

client/itnsconnect.py

@@ -0,0 +1,83 @@
+#!/usr/bin/python
+
+import os
+import sys
+# Add lib directory to search path
+sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '../lib')))
+
+import ed25519
+import getopt
+import log
+import logging
+import logging.config
+import config
+import configargparse
+from util import *
+import services
+
+# Starting here
+def main(argv):
+    config.CONFIG = config.Config("dummy")
+    p = configargparse.getArgumentParser(ignore_unknown_config_file_keys=True, fromfile_prefix_chars='@')
+    p.add('-f', '--config',                  metavar='CONFIGFILE', required=None, is_config_file=True, default=config.Config.CONFIGFILE, help='Config file')
+    p.add('-h', '--help',                    metavar='HELP', required=None, action='store_const', dest='h', const='h', help='Help')
+    p.add('-s', '--sdp',                     metavar='SDPFILE', required=None, default=config.Config.SDPFILE, help='SDP file')
+    p.add('-l', '--log-level',               dest='d', metavar='LEVEL', help='Log level', default='WARNING')
+    p.add('-a', '--audit-log',               dest='a', metavar='FILE', help='Audit log file', default=config.CONFIG.PREFIX + '/var/log/audit.log')
+    p.add('-v', '--verbose',                 metavar='VERBOSITY', action='store_const', dest='v', const='v', help='Be more verbose')
+    p.add(       '--wallet-address',            dest='walletAddr', metavar='ADDRESS', required=True, help='Wallet address')
+    p.add(       '--wallet-rpc-uri',            dest='walletUri', metavar='URI', default='http://127.0.0.1:13660/json_rpc', help='Wallet URI')
+    p.add(       '--wallet-username',           dest='walletUsername', metavar='USER', required=None, default='dispatcher', help='Wallet username')
+    p.add(       '--wallet-password',           dest='walletPassword', metavar='PW', required=None, help='Wallet passwd')
+    p.add(       '--sdp-server-uri',            dest='sdpUri', metavar='URL', required=None, help='SDP server(s)', default='https://sdp.staging.cloud.lethean.io/v1')
+
+    cfg = p.parse_args()
+
+    log.L = log.Log(level=cfg.d)
+    ah = logging.FileHandler(cfg.a)
+    log.A = log.Audit(handler=ah)
+
+    # Initialise config
+    config.CONFIG = config.Config("dummy")
+    config.Config.CAP = cfg
+    config.Config.VERBOSE = cfg.v
+    config.Config.CONFIGFILE = cfg.config
+    config.Config.SDPFILE = cfg.sdp
+    config.Config.d = cfg.d
+    config.Config.SDPURI = cfg.sdpUri
+
+    if cfg.sdpUri.endswith('/'):
+        cfg.sdpUri = cfg.sdpUri[:-1]
+
+    # Initialise services
+    services.SERVICES = services.Services()
+
+    if (cfg.h):
+        print(p.format_help())
+        if (config.Config.VERBOSE):
+            print(p.format_values())
+            print('Service options (can be set by [service-id] sections in ini file:')
+            ha = ServiceHa()
+            ha.helpOpts("==Haproxy==")
+            ovpn = ServiceOvpn()
+            ovpn.helpOpts("==OpenVPN==")
+            print('Use log level DEBUG during startup to see values assigned to services from SDP.')
+            print()
+        else:
+            print("Use -v option to more help info.")
+            print("Happy flying with better privacy!")
+        sys.exit()
+
+    log.A.audit(log.A.START, log.A.SERVICE, "itnsconnect")
+    services.SERVICES.load()
+
+    services.SERVICES.load()
+    # Generate client config for service id and put to stdout
+    id = "1a"
+    services.SERVICES.get(id).createClientConfig()
+
+    sys.exit()
+
+if __name__ == "__main__":
+    main(sys.argv[1:])
+

conf/dispatcher.ini.tmpl

@@ -29,4 +29,4 @@ crt={vpncrt}
 key={vpnkey}
 crtkey={vpnboth}
 reneg=60
-
+enabled=false

conf/haproxy_client.tmpl

@@ -16,7 +16,7 @@ frontend icproxy
         maxconn         8000
         timeout client  {timeout}
 
-        acl is_mgmt_host url_dom {ctrldomain}
+        acl is_mgmt_host hdr_reg(host) {ctrldomain}
         acl is_mgmt_path path_beg {ctrlpath}
         acl is_stats_path path_beg /stats
         acl is_mgmt_id hdr_reg({mgmt_header}) ^{mgmtid}$

conf/haproxy_server.tmpl

@@ -28,7 +28,7 @@ frontend ssltunnel
         capture request header {payment_header} len 64
 
         acl allowed_payments hdr({payment_header}) -u 20 -M
-	acl is_mgmt_host url_dom {ctrldomain}
+	acl is_mgmt_host hdr_reg(host) {ctrldomain}
         acl is_mgmt_path path_beg {ctrlpath}
         acl is_mgmt_id hdr_reg({mgmt_header}) ^{mgmtid}$
         acl is_proxy_request url_reg '.*://.*'
@@ -40,7 +40,7 @@ frontend ssltunnel
 	acl allowed_src_ips src -u 10 -f {f_allow_src_ips}        
         acl deny_src_ips src -u 11 -f {f_deny_src_ips}
         acl deny_dst_urlips url_ip -u 12 -f {f_deny_dst_ips}
-        acl deny_dst_doms url_reg -u 14 -f {f_deny_dst_doms}
+        acl deny_dst_doms url_dom -m reg -i -u 14 -f {f_deny_dst_doms}
 
         tcp-request content track-sc0 hdr_ip(CF-Connecting-IP,-1) if HTTP has_cf
         tcp-request content track-sc0 hdr_ip(X-Forwarded-For,-1) if HTTP !has_cf has_ff

configure.sh

@@ -325,7 +325,7 @@ if [ -n "$PROVIDERID" ]; then
     echo $PROVIDERKEY >build/etc/provider.private
 else
     if [ -n "$generate_providerid" ]; then
-        "$PYTHON_BIN" server/dispatcher/itnsdispatcher.py --wallet-address 'izxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' --audit-log build/audit.log --ca '' -f conf/dispatcher.ini.tmpl --generate-providerid build/etc/provider || exit 1
+        "$PYTHON_BIN" server/itnsdispatcher.py --wallet-address 'izxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' --audit-log build/audit.log --ca '' -f conf/dispatcher.ini.tmpl --generate-providerid build/etc/provider || exit 1
     fi
 fi
 

doc/timing.puml

@@ -0,0 +1,78 @@
+@startuml
+robust "Wallet" as W
+robust "HaClient" as HC
+robust "HaServer" as HS
+robust "Dispatcher" as D
+robust "Browser" as B
+
+@0
+W is Idle
+D is Idle
+HC is Idle
+HS is "NO_PAYMENT"
+B is Idle
+
+@10
+W is "Create config"
+
+@20
+W is "Run client"
+
+@30
+W is "Test local status"
+W -> HC@+5 : GET local/status
+
+@40 
+W is "Test remote status"
+HC is "Connected"
+HC -> HS@+5 : GET remote/status
+
+@50
+W is "Send payment1"
+HS is "NO_PAYMENT"
+D is "Waiting for payment"
+W -> D@+5 : Payment1
+
+@60
+D is "Waiting for first_confirmation,first_minutes"
+
+@70
+D is "Confirmed"
+D -> HS@+5 : Activate payment
+HS is "NOT_SPENDING"
+
+@80
+B is "Working"
+D is "Waiting for session"
+D@80 <-> @90 : Maximum timeout
+B -> D@+5 : Sessions
+
+@90
+D is "Spending"
+HS is "OK"
+W@90 <-> @150 : "First period"
+W -> D@+50 : Payment2
+W is "Send payment2"
+
+@150
+HS is "OK"
+W@150 <-> @250 : Second period
+
+@250
+D is "Spending"
+HS is "OK"
+W@200 -> D@250 : Paymentx
+
+@300
+D -> HS@+5 : Deactivating
+W@250 <-> @300 : xth period
+W@300 <-> @320 : No credit
+
+@310
+HS is "NO_PAYMENT"
+W is Idle
+HC is Idle
+D is Idle
+B is Idle
+
+@enduml