internal/pia/portforward.go

package pia

import (
	"encoding/hex"
	"encoding/json"
	"fmt"
	"net/http"

	"github.com/qdm12/golibs/files"
	"github.com/qdm12/private-internet-access-docker/internal/constants"
	"github.com/qdm12/private-internet-access-docker/internal/models"
)

func (c *configurator) GetPortForward() (port uint16, err error) {
	c.logger.Info("Obtaining port to be forwarded")
	b, err := c.random.GenerateRandomBytes(32)
	if err != nil {
		return 0, err
	}
	clientID := hex.EncodeToString(b)
	url := fmt.Sprintf("%s/?client_id=%s", constants.PIAPortForwardURL, clientID)
	content, status, err := c.client.GetContent(url)
	switch {
	case err != nil:
		return 0, err
	case status != http.StatusOK:
		return 0, fmt.Errorf("status is %d for %s; does your PIA server support port forwarding?", status, url)
	case len(content) == 0:
		return 0, fmt.Errorf("port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding")
	}
	body := struct {
		Port uint16 `json:"port"`
	}{}
	if err := json.Unmarshal(content, &body); err != nil {
		return 0, fmt.Errorf("port forwarding response: %w", err)
	}
	c.logger.Info("Port forwarded is %d", body.Port)
	return body.Port, nil
}

func (c *configurator) WritePortForward(filepath models.Filepath, port uint16, uid, gid int) (err error) {
	c.logger.Info("Writing forwarded port to %s", filepath)
	return c.fileManager.WriteLinesToFile(
		string(filepath),
		[]string{fmt.Sprintf("%d", port)},
		files.Ownership(uid, gid),
		files.Permissions(0400))
}

func (c *configurator) AllowPortForwardFirewall(device models.VPNDevice, port uint16) (err error) {
	c.logger.Info("Allowing forwarded port %d through firewall", port)
	return c.firewall.AllowInputTrafficOnPort(device, port)
}

func (c *configurator) ClearPortForward(filepath models.Filepath, uid, gid int) (err error) {
	c.logger.Info("Clearing forwarded port status file %s", filepath)
	return c.fileManager.WriteToFile(string(filepath), nil, files.Ownership(uid, gid), files.Permissions(0400))
}
Rewrite of the entrypoint in Golang (#71) - General improvements - Parallel download of only needed files at start - Prettier console output with all streams merged (openvpn, unbound, shadowsocks etc.) - Simplified Docker final image - Faster bootup - DNS over TLS - Finer grain blocking at DNS level: malicious, ads and surveillance - Choose your DNS over TLS providers - Ability to use multiple DNS over TLS providers for DNS split horizon - Environment variables for DNS logging - DNS block lists needed are downloaded and built automatically at start, in parallel - PIA - A random region is selected if the REGION parameter is left empty (thanks @rorph for your PR) - Routing and iptables adjusted so it can work as a Kubernetes pod sidecar (thanks @rorph for your PR) 2020-02-06 20:42:46 -05:00			`package pia`

			`import (`
			`"encoding/hex"`
			`"encoding/json"`
			`"fmt"`
Golangcilint in build pipeline and fix lint errors - Fix bad permissions bits for files - VPNSP is 'private internet access' instead of 'pia' (retro compatible) - Check errors of deferred unsetEnv functions in params package - Other lint errors fixing and code simplifications 2020-04-12 20:05:28 +00:00			`"net/http"`
Rewrite of the entrypoint in Golang (#71) - General improvements - Parallel download of only needed files at start - Prettier console output with all streams merged (openvpn, unbound, shadowsocks etc.) - Simplified Docker final image - Faster bootup - DNS over TLS - Finer grain blocking at DNS level: malicious, ads and surveillance - Choose your DNS over TLS providers - Ability to use multiple DNS over TLS providers for DNS split horizon - Environment variables for DNS logging - DNS block lists needed are downloaded and built automatically at start, in parallel - PIA - A random region is selected if the REGION parameter is left empty (thanks @rorph for your PR) - Routing and iptables adjusted so it can work as a Kubernetes pod sidecar (thanks @rorph for your PR) 2020-02-06 20:42:46 -05:00
Custom UID and GID for subprocesses and files written (#116) Fix #116 - Environment variables `UID` and `GID`, both defaulting to `1000` - All subprocesses (openvpn, tinyproxy, etc.) run using the UID and GID given - All files are written with an ownership for the UID and GID given - Port forwarded file has also ownership for UID, GID and read permission only 2020-03-29 19:52:49 -04:00			`"github.com/qdm12/golibs/files"`
Rewrite of the entrypoint in Golang (#71) - General improvements - Parallel download of only needed files at start - Prettier console output with all streams merged (openvpn, unbound, shadowsocks etc.) - Simplified Docker final image - Faster bootup - DNS over TLS - Finer grain blocking at DNS level: malicious, ads and surveillance - Choose your DNS over TLS providers - Ability to use multiple DNS over TLS providers for DNS split horizon - Environment variables for DNS logging - DNS block lists needed are downloaded and built automatically at start, in parallel - PIA - A random region is selected if the REGION parameter is left empty (thanks @rorph for your PR) - Routing and iptables adjusted so it can work as a Kubernetes pod sidecar (thanks @rorph for your PR) 2020-02-06 20:42:46 -05:00			`"github.com/qdm12/private-internet-access-docker/internal/constants"`
			`"github.com/qdm12/private-internet-access-docker/internal/models"`
			`)`

			`func (c *configurator) GetPortForward() (port uint16, err error) {`
Using WithPrefix for loggers 2020-04-12 19:07:19 +00:00			`c.logger.Info("Obtaining port to be forwarded")`
Rewrite of the entrypoint in Golang (#71) - General improvements - Parallel download of only needed files at start - Prettier console output with all streams merged (openvpn, unbound, shadowsocks etc.) - Simplified Docker final image - Faster bootup - DNS over TLS - Finer grain blocking at DNS level: malicious, ads and surveillance - Choose your DNS over TLS providers - Ability to use multiple DNS over TLS providers for DNS split horizon - Environment variables for DNS logging - DNS block lists needed are downloaded and built automatically at start, in parallel - PIA - A random region is selected if the REGION parameter is left empty (thanks @rorph for your PR) - Routing and iptables adjusted so it can work as a Kubernetes pod sidecar (thanks @rorph for your PR) 2020-02-06 20:42:46 -05:00			`b, err := c.random.GenerateRandomBytes(32)`
			`if err != nil {`
			`return 0, err`
			`}`
			`clientID := hex.EncodeToString(b)`
			`url := fmt.Sprintf("%s/?client_id=%s", constants.PIAPortForwardURL, clientID)`
			`content, status, err := c.client.GetContent(url)`
Golangcilint in build pipeline and fix lint errors - Fix bad permissions bits for files - VPNSP is 'private internet access' instead of 'pia' (retro compatible) - Check errors of deferred unsetEnv functions in params package - Other lint errors fixing and code simplifications 2020-04-12 20:05:28 +00:00			`switch {`
			`case err != nil:`
Rewrite of the entrypoint in Golang (#71) - General improvements - Parallel download of only needed files at start - Prettier console output with all streams merged (openvpn, unbound, shadowsocks etc.) - Simplified Docker final image - Faster bootup - DNS over TLS - Finer grain blocking at DNS level: malicious, ads and surveillance - Choose your DNS over TLS providers - Ability to use multiple DNS over TLS providers for DNS split horizon - Environment variables for DNS logging - DNS block lists needed are downloaded and built automatically at start, in parallel - PIA - A random region is selected if the REGION parameter is left empty (thanks @rorph for your PR) - Routing and iptables adjusted so it can work as a Kubernetes pod sidecar (thanks @rorph for your PR) 2020-02-06 20:42:46 -05:00			`return 0, err`
Golangcilint in build pipeline and fix lint errors - Fix bad permissions bits for files - VPNSP is 'private internet access' instead of 'pia' (retro compatible) - Check errors of deferred unsetEnv functions in params package - Other lint errors fixing and code simplifications 2020-04-12 20:05:28 +00:00			`case status != http.StatusOK:`
Rewrite of the entrypoint in Golang (#71) - General improvements - Parallel download of only needed files at start - Prettier console output with all streams merged (openvpn, unbound, shadowsocks etc.) - Simplified Docker final image - Faster bootup - DNS over TLS - Finer grain blocking at DNS level: malicious, ads and surveillance - Choose your DNS over TLS providers - Ability to use multiple DNS over TLS providers for DNS split horizon - Environment variables for DNS logging - DNS block lists needed are downloaded and built automatically at start, in parallel - PIA - A random region is selected if the REGION parameter is left empty (thanks @rorph for your PR) - Routing and iptables adjusted so it can work as a Kubernetes pod sidecar (thanks @rorph for your PR) 2020-02-06 20:42:46 -05:00			`return 0, fmt.Errorf("status is %d for %s; does your PIA server support port forwarding?", status, url)`
Golangcilint in build pipeline and fix lint errors - Fix bad permissions bits for files - VPNSP is 'private internet access' instead of 'pia' (retro compatible) - Check errors of deferred unsetEnv functions in params package - Other lint errors fixing and code simplifications 2020-04-12 20:05:28 +00:00			`case len(content) == 0:`
Rewrite of the entrypoint in Golang (#71) - General improvements - Parallel download of only needed files at start - Prettier console output with all streams merged (openvpn, unbound, shadowsocks etc.) - Simplified Docker final image - Faster bootup - DNS over TLS - Finer grain blocking at DNS level: malicious, ads and surveillance - Choose your DNS over TLS providers - Ability to use multiple DNS over TLS providers for DNS split horizon - Environment variables for DNS logging - DNS block lists needed are downloaded and built automatically at start, in parallel - PIA - A random region is selected if the REGION parameter is left empty (thanks @rorph for your PR) - Routing and iptables adjusted so it can work as a Kubernetes pod sidecar (thanks @rorph for your PR) 2020-02-06 20:42:46 -05:00			`return 0, fmt.Errorf("port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding")`
			`}`
			`body := struct {`
			Port uint16 `json:"port"`
			`}{}`
			`if err := json.Unmarshal(content, &body); err != nil {`
			`return 0, fmt.Errorf("port forwarding response: %w", err)`
			`}`
Using WithPrefix for loggers 2020-04-12 19:07:19 +00:00			`c.logger.Info("Port forwarded is %d", body.Port)`
Rewrite of the entrypoint in Golang (#71) - General improvements - Parallel download of only needed files at start - Prettier console output with all streams merged (openvpn, unbound, shadowsocks etc.) - Simplified Docker final image - Faster bootup - DNS over TLS - Finer grain blocking at DNS level: malicious, ads and surveillance - Choose your DNS over TLS providers - Ability to use multiple DNS over TLS providers for DNS split horizon - Environment variables for DNS logging - DNS block lists needed are downloaded and built automatically at start, in parallel - PIA - A random region is selected if the REGION parameter is left empty (thanks @rorph for your PR) - Routing and iptables adjusted so it can work as a Kubernetes pod sidecar (thanks @rorph for your PR) 2020-02-06 20:42:46 -05:00			`return body.Port, nil`
			`}`

Custom UID and GID for subprocesses and files written (#116) Fix #116 - Environment variables `UID` and `GID`, both defaulting to `1000` - All subprocesses (openvpn, tinyproxy, etc.) run using the UID and GID given - All files are written with an ownership for the UID and GID given - Port forwarded file has also ownership for UID, GID and read permission only 2020-03-29 19:52:49 -04:00			`func (c *configurator) WritePortForward(filepath models.Filepath, port uint16, uid, gid int) (err error) {`
Using WithPrefix for loggers 2020-04-12 19:07:19 +00:00			`c.logger.Info("Writing forwarded port to %s", filepath)`
Custom UID and GID for subprocesses and files written (#116) Fix #116 - Environment variables `UID` and `GID`, both defaulting to `1000` - All subprocesses (openvpn, tinyproxy, etc.) run using the UID and GID given - All files are written with an ownership for the UID and GID given - Port forwarded file has also ownership for UID, GID and read permission only 2020-03-29 19:52:49 -04:00			`return c.fileManager.WriteLinesToFile(`
			`string(filepath),`
			`[]string{fmt.Sprintf("%d", port)},`
			`files.Ownership(uid, gid),`
Golangcilint in build pipeline and fix lint errors - Fix bad permissions bits for files - VPNSP is 'private internet access' instead of 'pia' (retro compatible) - Check errors of deferred unsetEnv functions in params package - Other lint errors fixing and code simplifications 2020-04-12 20:05:28 +00:00			`files.Permissions(0400))`
Rewrite of the entrypoint in Golang (#71) - General improvements - Parallel download of only needed files at start - Prettier console output with all streams merged (openvpn, unbound, shadowsocks etc.) - Simplified Docker final image - Faster bootup - DNS over TLS - Finer grain blocking at DNS level: malicious, ads and surveillance - Choose your DNS over TLS providers - Ability to use multiple DNS over TLS providers for DNS split horizon - Environment variables for DNS logging - DNS block lists needed are downloaded and built automatically at start, in parallel - PIA - A random region is selected if the REGION parameter is left empty (thanks @rorph for your PR) - Routing and iptables adjusted so it can work as a Kubernetes pod sidecar (thanks @rorph for your PR) 2020-02-06 20:42:46 -05:00			`}`

			`func (c *configurator) AllowPortForwardFirewall(device models.VPNDevice, port uint16) (err error) {`
Using WithPrefix for loggers 2020-04-12 19:07:19 +00:00			`c.logger.Info("Allowing forwarded port %d through firewall", port)`
Rewrite of the entrypoint in Golang (#71) - General improvements - Parallel download of only needed files at start - Prettier console output with all streams merged (openvpn, unbound, shadowsocks etc.) - Simplified Docker final image - Faster bootup - DNS over TLS - Finer grain blocking at DNS level: malicious, ads and surveillance - Choose your DNS over TLS providers - Ability to use multiple DNS over TLS providers for DNS split horizon - Environment variables for DNS logging - DNS block lists needed are downloaded and built automatically at start, in parallel - PIA - A random region is selected if the REGION parameter is left empty (thanks @rorph for your PR) - Routing and iptables adjusted so it can work as a Kubernetes pod sidecar (thanks @rorph for your PR) 2020-02-06 20:42:46 -05:00			`return c.firewall.AllowInputTrafficOnPort(device, port)`
			`}`
Clears port forward status file at exit, fix #125 2020-04-09 12:11:36 +00:00
			`func (c *configurator) ClearPortForward(filepath models.Filepath, uid, gid int) (err error) {`
Using WithPrefix for loggers 2020-04-12 19:07:19 +00:00			`c.logger.Info("Clearing forwarded port status file %s", filepath)`
Golangcilint in build pipeline and fix lint errors - Fix bad permissions bits for files - VPNSP is 'private internet access' instead of 'pia' (retro compatible) - Check errors of deferred unsetEnv functions in params package - Other lint errors fixing and code simplifications 2020-04-12 20:05:28 +00:00			`return c.fileManager.WriteToFile(string(filepath), nil, files.Ownership(uid, gid), files.Permissions(0400))`
Clears port forward status file at exit, fix #125 2020-04-09 12:11:36 +00:00			`}`