Rewrite of the entrypoint in Golang (#71)

- General improvements - Parallel download of only needed files at start - Prettier console output with all streams merged (openvpn, unbound, shadowsocks etc.) - Simplified Docker final image - Faster bootup - DNS over TLS - Finer grain blocking at DNS level: malicious, ads and surveillance - Choose your DNS over TLS providers - Ability to use multiple DNS over TLS providers for DNS split horizon - Environment variables for DNS logging - DNS block lists needed are downloaded and built automatically at start, in parallel - PIA - A random region is selected if the REGION parameter is left empty (thanks @rorph for your PR) - Routing and iptables adjusted so it can work as a Kubernetes pod sidecar (thanks @rorph for your PR)
2020-02-06 20:42:46 -05:00
parent 3de4ffcf66
commit 64649039d9
74 changed files with 4598 additions and 1019 deletions
--- a/internal/shadowsocks/command.go
+++ b/internal/shadowsocks/command.go
@@ -0,0 +1,40 @@
+package shadowsocks
+
+import (
+	"fmt"
+	"io"
+	"strings"
+
+	"github.com/qdm12/private-internet-access-docker/internal/constants"
+)
+
+func (c *configurator) Start(server string, port uint16, password string, log bool) (stdout io.ReadCloser, err error) {
+	c.logger.Info("%s: starting shadowsocks server", logPrefix)
+	args := []string{
+		"-c", string(constants.ShadowsocksConf),
+		"-p", fmt.Sprintf("%d", port),
+		"-k", password,
+	}
+	if log {
+		args = append(args, "-v")
+	}
+	stdout, _, _, err = c.commander.Start("ss-server", args...)
+	return stdout, err
+}
+
+// Version obtains the version of the installed shadowsocks server
+func (c *configurator) Version() (string, error) {
+	output, err := c.commander.Run("ss-server", "-h")
+	if err != nil {
+		return "", err
+	}
+	lines := strings.Split(output, "\n")
+	if len(lines) < 2 {
+		return "", fmt.Errorf("ss-server -h: not enough lines in %q", output)
+	}
+	words := strings.Fields(lines[1])
+	if len(words) < 2 {
+		return "", fmt.Errorf("ss-server -h: line 2 is too short: %q", lines[1])
+	}
+	return words[1], nil
+}
--- a/internal/shadowsocks/conf.go
+++ b/internal/shadowsocks/conf.go
@@ -0,0 +1,49 @@
+package shadowsocks
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"github.com/qdm12/golibs/files"
+	"github.com/qdm12/private-internet-access-docker/internal/constants"
+)
+
+func (c *configurator) MakeConf(port uint16, password string, uid, gid int) (err error) {
+	c.logger.Info("%s: generating configuration file", logPrefix)
+	data := generateConf(port, password)
+	return c.fileManager.WriteToFile(
+		string(constants.ShadowsocksConf),
+		data,
+		files.FileOwnership(uid, gid),
+		files.FilePermissions(0400))
+}
+
+func generateConf(port uint16, password string) (data []byte) {
+	conf := struct {
+		Server       string            `json:"server"`
+		User         string            `json:"user"`
+		Method       string            `json:"method"`
+		Timeout      uint              `json:"timeout"`
+		FastOpen     bool              `json:"fast_open"`
+		Mode         string            `json:"mode"`
+		PortPassword map[string]string `json:"port_password"`
+		Workers      uint              `json:"workers"`
+		Interface    string            `json:"interface"`
+		Nameserver   string            `json:"nameserver"`
+	}{
+		Server:   "0.0.0.0",
+		User:     "nonrootuser",
+		Method:   "chacha20-ietf-poly1305",
+		Timeout:  30,
+		FastOpen: false,
+		Mode:     "tcp_and_udp",
+		PortPassword: map[string]string{
+			fmt.Sprintf("%d", port): password,
+		},
+		Workers:    2,
+		Interface:  "tun",
+		Nameserver: "127.0.0.1",
+	}
+	data, _ = json.Marshal(conf)
+	return data
+}
--- a/internal/shadowsocks/conf_test.go
+++ b/internal/shadowsocks/conf_test.go
@@ -0,0 +1,79 @@
+package shadowsocks
+
+import (
+	"fmt"
+	"testing"
+
+	filesMocks "github.com/qdm12/golibs/files/mocks"
+	loggingMocks "github.com/qdm12/golibs/logging/mocks"
+	"github.com/qdm12/private-internet-access-docker/internal/constants"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/mock"
+	"github.com/stretchr/testify/require"
+)
+
+func Test_generateConf(t *testing.T) {
+	t.Parallel()
+	tests := map[string]struct {
+		port     uint16
+		password string
+		data     []byte
+	}{
+		"no data": {
+			data: []byte(`{"server":"0.0.0.0","user":"nonrootuser","method":"chacha20-ietf-poly1305","timeout":30,"fast_open":false,"mode":"tcp_and_udp","port_password":{"0":""},"workers":2,"interface":"tun","nameserver":"127.0.0.1"}`),
+		},
+		"data": {
+			port:     2000,
+			password: "abcde",
+			data:     []byte(`{"server":"0.0.0.0","user":"nonrootuser","method":"chacha20-ietf-poly1305","timeout":30,"fast_open":false,"mode":"tcp_and_udp","port_password":{"2000":"abcde"},"workers":2,"interface":"tun","nameserver":"127.0.0.1"}`),
+		},
+	}
+	for name, tc := range tests {
+		tc := tc
+		t.Run(name, func(t *testing.T) {
+			t.Parallel()
+			data := generateConf(tc.port, tc.password)
+			assert.Equal(t, tc.data, data)
+		})
+	}
+}
+
+func Test_MakeConf(t *testing.T) {
+	t.Parallel()
+	tests := map[string]struct {
+		writeErr error
+		err      error
+	}{
+		"no write error": {},
+		"write error": {
+			writeErr: fmt.Errorf("error"),
+			err:      fmt.Errorf("error"),
+		},
+	}
+	for name, tc := range tests {
+		tc := tc
+		t.Run(name, func(t *testing.T) {
+			t.Parallel()
+			logger := &loggingMocks.Logger{}
+			logger.On("Info", "%s: generating configuration file", logPrefix).Once()
+			fileManager := &filesMocks.FileManager{}
+			fileManager.On("WriteToFile",
+				string(constants.ShadowsocksConf),
+				[]byte(`{"server":"0.0.0.0","user":"nonrootuser","method":"chacha20-ietf-poly1305","timeout":30,"fast_open":false,"mode":"tcp_and_udp","port_password":{"2000":"abcde"},"workers":2,"interface":"tun","nameserver":"127.0.0.1"}`),
+				mock.AnythingOfType("files.WriteOptionSetter"),
+				mock.AnythingOfType("files.WriteOptionSetter"),
+			).
+				Return(tc.writeErr).Once()
+			c := &configurator{logger: logger, fileManager: fileManager}
+			err := c.MakeConf(2000, "abcde", 1000, 1001)
+			if tc.err != nil {
+				require.Error(t, err)
+				assert.Equal(t, tc.err.Error(), err.Error())
+			} else {
+				assert.NoError(t, err)
+			}
+			logger.AssertExpectations(t)
+			fileManager.AssertExpectations(t)
+		})
+	}
+}
--- a/internal/shadowsocks/shadowsocks.go
+++ b/internal/shadowsocks/shadowsocks.go
@@ -0,0 +1,27 @@
+package shadowsocks
+
+import (
+	"io"
+
+	"github.com/qdm12/golibs/command"
+	"github.com/qdm12/golibs/files"
+	"github.com/qdm12/golibs/logging"
+)
+
+const logPrefix = "shadowsocks configurator"
+
+type Configurator interface {
+	Version() (string, error)
+	MakeConf(port uint16, password string, uid, gid int) (err error)
+	Start(server string, port uint16, password string, log bool) (stdout io.ReadCloser, err error)
+}
+
+type configurator struct {
+	fileManager files.FileManager
+	logger      logging.Logger
+	commander   command.Commander
+}
+
+func NewConfigurator(fileManager files.FileManager, logger logging.Logger) Configurator {
+	return &configurator{fileManager, logger, command.NewCommander()}
+}