Merge pull request #10 from wiretrustee/lint-warns

fix doc and lint warns

.github/workflows/golangci-lint.yml

@@ -0,0 +1,14 @@
+name: golangci-lint
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+jobs:
+  golangci:
+    name: lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v2

cmd/addpeer.go

@@ -40,6 +40,6 @@ var (
 func init() {
 	addPeerCmd.PersistentFlags().StringVar(&key, "key", "", "Wireguard public key of the remote peer")
 	addPeerCmd.PersistentFlags().StringVar(&allowedIPs, "allowedIPs", "", "Wireguard Allowed IPs for the remote peer, e.g 10.30.30.2/32")
-	addPeerCmd.MarkPersistentFlagRequired("key")
-	addPeerCmd.MarkPersistentFlagRequired("allowedIPs")
+	addPeerCmd.MarkPersistentFlagRequired("key")        //nolint
+	addPeerCmd.MarkPersistentFlagRequired("allowedIPs") //nolint
 }

cmd/config.go

@@ -2,12 +2,13 @@ package cmd
 
 import (
 	"encoding/json"
-	"github.com/pion/ice/v2"
+	ice "github.com/pion/ice/v2"
 	"github.com/wiretrustee/wiretrustee/connection"
 	"io/ioutil"
 	"os"
 )
 
+// Config Configuration type
 type Config struct {
 	// Wireguard private key of local peer
 	PrivateKey   string

cmd/init.go

@@ -1,7 +1,7 @@
 package cmd
 
 import (
-	"github.com/pion/ice/v2"
+	ice "github.com/pion/ice/v2"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
@@ -109,10 +109,10 @@ func init() {
 	//todo user:password@protocol:host:port not the best way to pass TURN credentials, do it according to https://tools.ietf.org/html/rfc7065 E.g. use oauth
 	initCmd.PersistentFlags().StringVar(&turnURLs, "turnURLs", "", "Comma separated TURN server URLs: user:password@protocol:host:port, e.g. user:password@turn:stun.wiretrustee.com:3468")
 	//initCmd.MarkPersistentFlagRequired("configPath")
-	initCmd.MarkPersistentFlagRequired("wgLocalAddr")
-	initCmd.MarkPersistentFlagRequired("signalAddr")
-	initCmd.MarkPersistentFlagRequired("stunURLs")
-	initCmd.MarkPersistentFlagRequired("turnURLs")
+	initCmd.MarkPersistentFlagRequired("wgLocalAddr") //nolint
+	initCmd.MarkPersistentFlagRequired("signalAddr")  //nolint
+	initCmd.MarkPersistentFlagRequired("stunURLs")    //nolint
+	initCmd.MarkPersistentFlagRequired("turnURLs")    //nolint
 }
 
 // generateKey generates a new Wireguard private key

cmd/root.go

@@ -6,10 +6,10 @@ import (
 	"github.com/spf13/cobra"
 	"os"
 	"os/signal"
-	"syscall"
 )
 
 const (
+	// ExitSetupFailed defines exit code
 	ExitSetupFailed = 1
 )
 
@@ -38,18 +38,23 @@ func init() {
 	rootCmd.AddCommand(signalCmd)
 }
 
+// SetupCloseHandler handles SIGTERM signal and exits with success
 func SetupCloseHandler() {
-	c := make(chan os.Signal)
-	signal.Notify(c, os.Interrupt, syscall.SIGTERM)
-	<-c
-	fmt.Println("\r- Ctrl+C pressed in Terminal")
-	os.Exit(0)
+	c := make(chan os.Signal, 1)
+	signal.Notify(c, os.Interrupt)
+	go func() {
+		for range c {
+			fmt.Println("\r- Ctrl+C pressed in Terminal")
+			os.Exit(0)
+		}
+	}()
 }
 
+// InitLog parses and sets log-level input
 func InitLog(logLevel string) {
 	level, err := log.ParseLevel(logLevel)
 	if err != nil {
-		log.Errorf("efailed parsing log-level %s: %s", logLevel, err)
+		log.Errorf("Failed parsing log-level %s: %s", logLevel, err)
 		os.Exit(ExitSetupFailed)
 	}
 	log.SetLevel(level)

cmd/signal.go

@@ -37,6 +37,7 @@ var (
 			}
 
 			SetupCloseHandler()
+			select {}
 		},
 	}
 )

cmd/up.go

@@ -10,10 +10,6 @@ import (
 	"os"
 )
 
-func toByte32(key wgtypes.Key) *[32]byte {
-	return (*[32]byte)(&key)
-}
-
 var (
 	upCmd = &cobra.Command{
 		Use:   "up",
@@ -30,7 +26,7 @@ var (
 			}
 
 			ctx := context.Background()
-			signalClient, err := sig.NewClient(config.SignalAddr, myKey, ctx)
+			signalClient, err := sig.NewClient(ctx, config.SignalAddr, myKey)
 			if err != nil {
 				log.Errorf("error while connecting to the Signal Exchange Service %s: %s", config.SignalAddr, err)
 				os.Exit(ExitSetupFailed)
@@ -45,10 +41,14 @@ var (
 			engine := connection.NewEngine(signalClient, config.StunTurnURLs, config.WgIface, config.WgAddr, iFaceBlackList)
 
 			err = engine.Start(myKey, config.Peers)
-
+			if err != nil {
+				log.Errorf("error while starting the engine: %s", err)
+				os.Exit(ExitSetupFailed)
+			}
 			//signalClient.WaitConnected()
 
 			SetupCloseHandler()
+			select {}
 		},
 	}
 )

connection/connection.go

@@ -3,22 +3,24 @@ package connection
 import (
 	"context"
 	"fmt"
-	"github.com/pion/ice/v2"
+	ice "github.com/pion/ice/v2"
 	log "github.com/sirupsen/logrus"
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 	"sync"
 	"time"
 )
 
 var (
+	// DefaultWgKeepAlive default Wireguard keep alive constant
 	DefaultWgKeepAlive = 20 * time.Second
 )
 
+// ConnConfig Connection configuration struct
 type ConnConfig struct {
 	// Local Wireguard listening address  e.g. 127.0.0.1:51820
 	WgListenAddr string
 	// A Local Wireguard Peer IP address in CIDR notation e.g. 10.30.30.1/24
-	WgPeerIp string
+	WgPeerIP string
 	// Local Wireguard Interface name (e.g. wg0)
 	WgIface string
 	// Wireguard allowed IPs (e.g. 10.30.30.2/32)
@@ -33,11 +35,13 @@ type ConnConfig struct {
 	iFaceBlackList map[string]struct{}
 }
 
+// IceCredentials ICE protocol credentials struct
 type IceCredentials struct {
 	uFrag string
 	pwd   string
 }
 
+// Connection Holds information about a connection and handles signal protocol
 type Connection struct {
 	Config ConnConfig
 	// signalCandidate is a handler function to signal remote peer about local connection candidate
@@ -63,6 +67,7 @@ type Connection struct {
 	remoteAuthCond sync.Once
 }
 
+// NewConnection Creates a new connection and sets handling functions for signal protocol
 func NewConnection(config ConnConfig,
 	signalCandidate func(candidate ice.Candidate) error,
 	signalOffer func(uFrag string, pwd string) error,
@@ -154,12 +159,11 @@ func (conn *Connection) Open(timeout time.Duration) error {
 	}
 
 	// wait until connection has been closed
-	select {
-	case <-conn.closeCond.C:
-		return fmt.Errorf("connection to peer %s has been closed", conn.Config.RemoteWgKey.String())
-	}
+	<-conn.closeCond.C
+	return fmt.Errorf("connection to peer %s has been closed", conn.Config.RemoteWgKey.String())
 }
 
+// Close Closes a peer connection
 func (conn *Connection) Close() error {
 	var err error
 	conn.closeCond.Do(func() {
@@ -185,6 +189,7 @@ func (conn *Connection) Close() error {
 	return err
 }
 
+// OnAnswer Handles the answer from the other peer
 func (conn *Connection) OnAnswer(remoteAuth IceCredentials) error {
 
 	conn.remoteAuthCond.Do(func() {
@@ -194,23 +199,25 @@ func (conn *Connection) OnAnswer(remoteAuth IceCredentials) error {
 	return nil
 }
 
+// OnOffer Handles the offer from the other peer
 func (conn *Connection) OnOffer(remoteAuth IceCredentials) error {
 
 	conn.remoteAuthCond.Do(func() {
 		log.Debugf("OnOffer from peer %s", conn.Config.RemoteWgKey.String())
 		conn.remoteAuthChannel <- remoteAuth
 		uFrag, pwd, err := conn.agent.GetLocalUserCredentials()
-		if err != nil {
+		if err != nil { //nolint
 		}
 
 		err = conn.signalAnswer(uFrag, pwd)
-		if err != nil {
+		if err != nil { //nolint
 		}
 	})
 
 	return nil
 }
 
+// OnRemoteCandidate Handles remote candidate provided by the peer.
 func (conn *Connection) OnRemoteCandidate(candidate ice.Candidate) error {
 
 	log.Debugf("onRemoteCandidate from peer %s -> %s", conn.Config.RemoteWgKey.String(), candidate.String())

connection/engine.go

@@ -3,7 +3,7 @@ package connection
 import (
 	"fmt"
 	"github.com/cenkalti/backoff/v4"
-	"github.com/pion/ice/v2"
+	ice "github.com/pion/ice/v2"
 	log "github.com/sirupsen/logrus"
 	"github.com/wiretrustee/wiretrustee/iface"
 	"github.com/wiretrustee/wiretrustee/signal"
@@ -12,6 +12,7 @@ import (
 	"time"
 )
 
+// Engine is an instance of the Connection Engine
 type Engine struct {
 	// a list of STUN and TURN servers
 	stunsTurns []*ice.URL
@@ -22,31 +23,35 @@ type Engine struct {
 	// Wireguard interface
 	wgIface string
 	// Wireguard local address
-	wgIp string
-
+	wgIP string
+	// Network Interfaces to ignore
 	iFaceBlackList map[string]struct{}
 }
 
+// Peer is an instance of the Connection Peer
 type Peer struct {
 	WgPubKey     string
 	WgAllowedIps string
 }
 
+// NewEngine creates a new Connection Engine
 func NewEngine(signal *signal.Client, stunsTurns []*ice.URL, wgIface string, wgAddr string,
 	iFaceBlackList map[string]struct{}) *Engine {
 	return &Engine{
 		stunsTurns:     stunsTurns,
 		signal:         signal,
 		wgIface:        wgIface,
-		wgIp:           wgAddr,
+		wgIP:           wgAddr,
 		conns:          map[string]*Connection{},
 		iFaceBlackList: iFaceBlackList,
 	}
 }
 
+// Start creates a new tunnel interface and listens to signals from the Signal service.
+// It also creates an Go routine to handle each peer communication from the config file
 func (e *Engine) Start(myKey wgtypes.Key, peers []Peer) error {
 
-	err := iface.Create(e.wgIface, e.wgIp)
+	err := iface.Create(e.wgIface, e.wgIP)
 	if err != nil {
 		log.Errorf("error while creating interface %s: [%s]", e.wgIface, err.Error())
 		return err
@@ -106,7 +111,7 @@ func (e *Engine) openPeerConnection(wgPort int, myKey wgtypes.Key, peer Peer) (*
 	remoteKey, _ := wgtypes.ParseKey(peer.WgPubKey)
 	connConfig := &ConnConfig{
 		WgListenAddr:   fmt.Sprintf("127.0.0.1:%d", wgPort),
-		WgPeerIp:       e.wgIp,
+		WgPeerIP:       e.wgIP,
 		WgIface:        e.wgIface,
 		WgAllowedIPs:   peer.WgAllowedIps,
 		WgKey:          myKey,
@@ -166,7 +171,9 @@ func signalAuth(uFrag string, pwd string, myKey wgtypes.Key, remoteKey wgtypes.K
 	msg, err := signal.MarshalCredential(myKey, remoteKey, &signal.Credential{
 		UFrag: uFrag,
 		Pwd:   pwd}, t)
-
+	if err != nil {
+		return err
+	}
 	err = s.Send(msg)
 	if err != nil {
 		return err

connection/wgproxy.go

@@ -1,12 +1,13 @@
 package connection
 
 import (
-	"github.com/pion/ice/v2"
+	ice "github.com/pion/ice/v2"
 	log "github.com/sirupsen/logrus"
 	"github.com/wiretrustee/wiretrustee/iface"
 	"net"
 )
 
+// WgProxy an instance of an instance of the Connection Wireguard Proxy
 type WgProxy struct {
 	iface      string
 	remoteKey  string
@@ -16,6 +17,7 @@ type WgProxy struct {
 	wgConn     net.Conn
 }
 
+// NewWgProxy creates a new Connection Wireguard Proxy
 func NewWgProxy(iface string, remoteKey string, allowedIps string, wgAddr string) *WgProxy {
 	return &WgProxy{
 		iface:      iface,
@@ -26,6 +28,7 @@ func NewWgProxy(iface string, remoteKey string, allowedIps string, wgAddr string
 	}
 }
 
+// Close closes the proxy
 func (p *WgProxy) Close() error {
 
 	close(p.close)
@@ -39,6 +42,7 @@ func (p *WgProxy) Close() error {
 	return nil
 }
 
+// Start starts a new proxy using the ICE connection
 func (p *WgProxy) Start(remoteConn *ice.Conn) error {
 
 	wgConn, err := net.Dial("udp", p.wgAddr)
@@ -78,9 +82,10 @@ func (p *WgProxy) proxyToRemotePeer(remoteConn *ice.Conn) {
 				continue
 			}
 
-			n, err = remoteConn.Write(buf[:n])
+			_, err = remoteConn.Write(buf[:n])
 			if err != nil {
 				//log.Warnln("failed writing to remote peer: ", err.Error())
+				continue
 			}
 		}
 	}
@@ -100,11 +105,13 @@ func (p *WgProxy) proxyToLocalWireguard(remoteConn *ice.Conn) {
 			n, err := remoteConn.Read(buf)
 			if err != nil {
 				//log.Errorf("failed reading from remote connection %s", err)
+				continue
 			}
 
-			n, err = p.wgConn.Write(buf[:n])
+			_, err = p.wgConn.Write(buf[:n])
 			if err != nil {
 				//log.Errorf("failed writing to local Wireguard instance %s", err)
+				continue
 			}
 		}
 	}