Merge pull request #68 from dappnode/v0.1.14

V0.1.14

build/Dockerfile

@@ -85,6 +85,7 @@ RUN chmod 755 check_upnp.sh
 RUN mkdir -p /usr/src/app/secrets
 # envs for init.sh -> node communication
 ENV DB_PATH /usr/src/app/secrets/db.json
+ENV INSTALLATION_STATIC_IP /usr/src/dappnode/ip.value
 ENV KEYPAIR_PATH /usr/src/app/secrets/keypair
 ENV CREDENTIALS_PATH /usr/src/app/secrets/chap-secrets
 ENV PUBLIC_IP_PATH /usr/src/app/secrets/server-ip

build/src/init.sh

@@ -41,7 +41,7 @@ check_ip "$PUBLIC_IP" || exiterr "Cannot detect this server's public IP. Define
 echo "Generating VPN credentials: PSK and password..."
 export L2TP_NET=${VPN_L2TP_NET:-'172.33.0.0/16'}
 export L2TP_LOCAL=${VPN_L2TP_LOCAL:-'172.33.11.1'}
-export L2TP_POOL=${VPN_L2TP_POOL:-'172.33.100.1-172.33.255.254'}
+export L2TP_POOL=${VPN_L2TP_POOL:-'172.33.200.1-172.33.255.254'}
 export DNS_SRV1=${VPN_DNS_SRV1:-'8.8.8.8'}
 export DNS_SRV2=${VPN_DNS_SRV2:-'8.8.4.4'}
 export PUBLIC_IP

build/src/package.json

@@ -20,6 +20,7 @@
     "eth-crypto": "^1.2.4",
     "file-system": "^2.2.2",
     "generate-password": "^1.4.0",
+    "ip-regex": "^3.0.0",
     "lowdb": "^1.0.0",
     "node-fetch": "^2.1.2",
     "qrcode-terminal": "^0.12.0",

build/src/src/calls/addDevice.js

@@ -8,8 +8,12 @@ async function addDevice({id}) {
     throw Error('The new device name cannot be empty');
   }
   if (id === '#') {
-    throw Error('The new device name cannot be #');
+    throw Error(`The new device name cannot be "#"`);
   }
+  if ((id || '').toLowerCase() === 'guests' || (id || '').toLowerCase() === 'guest') {
+    throw Error(`Please use the enable guests function to create a "Guest(s)" user`);
+  }
+
 
   // Fetch devices data from the chap_secrets file
   let credentialsArray = await credentialsFile.fetch();

build/src/src/calls/index.js

@@ -12,4 +12,6 @@ module.exports = {
     setStaticIp: require('./setStaticIp'),
     statusExternalIp: require('./statusExternalIp'),
     statusUPnP: require('./statusUPnP'),
+    toggleGuestUsers: require('./toggleGuestUsers'),
+    resetGuestUsersPassword: require('./resetGuestUsersPassword'),
 };

build/src/src/calls/resetGuestUsersPassword.js

@@ -0,0 +1,29 @@
+const credentialsFile = require('../utils/credentialsFile');
+const generate = require('../utils/generate');
+const db = require('../db');
+
+const vpnPasswordLength = 20;
+const guestsName = 'Guests';
+
+async function resetGuestUsersPassword() {
+    // Fetch devices data from the chap_secrets file
+    let credentialsArray = await credentialsFile.fetch();
+
+    const guestsPassword = generate.password(vpnPasswordLength);
+    db.set('guestsPassword', guestsPassword).write();
+
+    const guestUsers = credentialsArray.find((u) => u.name === guestsName);
+    if (guestUsers) {
+        guestUsers.password = guestsPassword;
+        await credentialsFile.write(credentialsArray);
+    }
+
+    return {
+        message: `Reseted guests password`,
+        logMessage: true,
+        userAction: true,
+    };
+}
+
+
+module.exports = resetGuestUsersPassword;

build/src/src/calls/toggleGuestUsers.js

@@ -0,0 +1,40 @@
+const credentialsFile = require('../utils/credentialsFile');
+const generate = require('../utils/generate');
+const db = require('../db');
+
+const vpnPasswordLength = 20;
+const guestsName = 'Guests';
+
+async function toggleGuestUsers() {
+    // Fetch devices data from the chap_secrets file
+    let credentialsArray = await credentialsFile.fetch();
+    const guestUsers = credentialsArray.find((u) => u.name === guestsName);
+    if (guestUsers) {
+        // Remove guest users credentials
+        credentialsArray = credentialsArray.filter((u) => u.name !== guestsName);
+    } else {
+        // Use the previous password or create a new one
+        let guestsPassword = db.get('guestsPassword').value();
+        if (!guestsPassword) {
+            guestsPassword = generate.password(vpnPasswordLength);
+            db.set('guestsPassword', guestsPassword).write();
+        }
+        // Add guest users credentials
+        credentialsArray.unshift({
+            name: guestsName,
+            password: guestsPassword,
+            ip: '*',
+        });
+    }
+
+    await credentialsFile.write(credentialsArray);
+
+    return {
+        message: `${guestUsers ? 'disabled' : 'enabled'} guests users`,
+        logMessage: true,
+        userAction: true,
+    };
+}
+
+
+module.exports = toggleGuestUsers;

build/src/src/client.js

@@ -6,11 +6,13 @@ const dyndnsClient = require('./dyndnsClient');
 const calls = require('./calls');
 const logAdminCredentials = require('./logAdminCredentials');
 const fetchVpnParameters = require('./fetchVpnParameters');
+const getInstallationStaticIp = require('./utils/getInstallationStaticIp');
 
 const URL = 'ws://my.wamp.dnp.dappnode.eth:8080/ws';
 const REALM = 'dappnode_admin';
 const publicIpCheckInterval = 30 * 60 * 1000;
 
+
 // /////////////////////////////
 // Setup crossbar connection //
 // /////////////////////////////
@@ -53,6 +55,15 @@ async function start() {
   logs.info('Loading VPN parameters... It may take a while');
   await fetchVpnParameters();
 
+  // Load the static IP defined in the installation
+  if (!db.get('staticIp').value()) {
+    const installationStaticIp = await getInstallationStaticIp();
+    if (installationStaticIp) {
+      logs.info(`Static IP was set during installation: ${installationStaticIp}`);
+      db.set('staticIp', installationStaticIp).value();
+    }
+  }
+
   // If the user has not defined a static IP use dynamic DNS
   if (!db.get('staticIp').value()) {
     logs.info('Registering to the dynamic DNS...');

build/src/src/utils/credentialsFile.js

@@ -14,16 +14,23 @@ async function write(credentialsArray) {
 
 
 function chapSecretsFileFormat(credentialsArray) {
-  const chapSecretsLineFormat = (credentials) => {
-    return '"'+credentials.name+'" l2tpd "'+credentials.password+'" '+credentials.ip;
-  };
-
   return credentialsArray
-    .map(chapSecretsLineFormat)
+    .map((credentials) =>
+      `"${credentials.name}" l2tpd "${credentials.password}" ${credentials.ip}`)
     .join('\n');
 }
 
-
+/**
+ * @return {Array} Array of objects:
+ * [
+ *   {
+ *     name: 'guests',
+ *     password: '7xg78agd87g3dkasd31',
+ *     ip: '*'
+ *   },
+ *   ...
+ * ]
+ */
 async function fetch() {
   const fileContent = await fs.readFileSync(credentialsPath, 'utf-8');
 

build/src/src/utils/getInstallationStaticIp.js

@@ -0,0 +1,23 @@
+const fs = require('file-system');
+const {promisify} = require('util');
+const readFileAsync = promisify(fs.readFile);
+const logs = require('../logs.js')(module);
+const ipRegex = require('ip-regex');
+
+const {INSTALLATION_STATIC_IP} = process.env;
+
+/* eslint-disable max-len */
+
+function getInstallationStaticIp() {
+    return readFileAsync(INSTALLATION_STATIC_IP, 'utf-8')
+    .then((data) => String(data).trim())
+    // If the file is empty return null
+    .then((data) => data.length ? data : null)
+    .then((ip) => ipRegex({exact: true}).test(ip))
+    .catch((err) => {
+        logs.error(`Error reading INSTALLATION_STATIC_IP ${INSTALLATION_STATIC_IP}: ${err.stack || err.message}`);
+        return null;
+    });
+}
+
+module.exports = getInstallationStaticIp;

dappnode_package.json

@@ -1,6 +1,6 @@
 {
   "name": "vpn.dnp.dappnode.eth",
-  "version": "0.1.13",
+  "version": "0.1.14",
   "description": "Dappnode package responsible for providing the VPN (L2TP/IPSec) connection",
   "avatar": "/ipfs/QmWwMb3XhuCH6JnCF6m6EQzA4mW9pHHtg7rqAfhDr2ofi8",
   "type": "dncore",

docker-compose-vpn.yml

@@ -13,7 +13,7 @@ volumes:
 services:
   vpn.dnp.dappnode.eth:
     build: ./build
-    image: vpn.dnp.dappnode.eth:0.1.13
+    image: vpn.dnp.dappnode.eth:0.1.14
     container_name: DAppNodeCore-vpn.dnp.dappnode.eth
     privileged: true
     restart: always