Replace bonafide struct by interface in bitmask struct

dc8385f5 · Pea Nut · jkito · 0730637f · dc8385f5 · dc8385f5
Commit dc8385f5 authored 9 months ago by Pea Nut Committed by jkito 9 months ago
--- a/pkg/vpn/bitmask.go
+++ b/pkg/vpn/bitmask.go
@@ -33,44 +33,59 @@ import (
 )

 type Bitmask struct {
-	tempdir          string
-	onGateway        bonafide.Gateway
-	ptGateway        bonafide.Gateway
-	statusCh         chan string
-	managementClient *management.MgmtClient
-	bonafide         *bonafide.Bonafide
-	launch           *launcher.Launcher
-	transport        string
-	obfsvpnProxy     *obfsvpn.Client
-	certPemPath      string
-	openvpnArgs      []string
-	useUDP           bool
-	useSnowflake     bool
-	canUpgrade       bool
-	motd             []motd.Message
-	provider         string
+	api              apiInterface           // handles backend API communication, implemented in bonafide (v3) or menshen (v5)
+	onGateway        bonafide.Gateway       // gateway we are connected
+	ptGateway        bonafide.Gateway       // public transport gateway we are connected with
+	launch           *launcher.Launcher     // launcher manages the firewall and starts/stops openvpn
+	canUpgrade       bool                   // is there an update available?
+	motd             []motd.Message         // cached message of the day (ony fetched once during startup)
+	statusCh         chan string            // channel used to get current OpenVPN state (remote ip, connection state, ...)
+	managementClient *management.MgmtClient // used to speak with our own management backend (OpenVPN process connects to it)
+	transport        string                 // used transport, e.g. OpenVPN (plain) or obfuscated protocols (obfs4)
+	openvpnArgs      []string               // arguments used for invoking the OpenVPN process
+	useUDP           bool                   // should we use UDP?
+	obfsvpnProxy     *obfsvpn.Client        // handles OpenVPN obfuscation, e.g. starts/stops obfs4 bridge
+	useSnowflake     bool                   // should we use Snowflake?
+	provider         string                 // currently not used, get fixed if we get to the provider agnostic client
+	tempdir          string                 // random base temp dir. Used for OpenVPN CA (cacert.pem),
+	// client certificate (openvpn.pem, holds key and certificate) and management communication
+	// authentication (key file prefixed with leap-vpn-...). Directory gets deleted during teardown
+	certPemPath string // path of OpenVPN client certificate. Normally this is $tempdir/openvpn.pem,
+	// but it also can be $config/$provider.pem (if snowflake is used or supplied out-of-band in a censored network)
 }

 // Init the connection to bitmask
 func Init() (*Bitmask, error) {
-	statusCh := make(chan string, 10)
 	tempdir, err := ioutil.TempDir("", "leap-")
 	if err != nil {
 		return nil, err
 	}
-	bf := bonafide.New()
+
+	api := bonafide.New()
 	launch, err := launcher.NewLauncher()
 	if err != nil {
 		return nil, err
 	}

 	b := Bitmask{
-		tempdir,
-		bonafide.Gateway{},
-		bonafide.Gateway{}, statusCh, nil, bf, launch,
-		"", nil, "", []string{},
-		false, false, isUpgradeAvailable(),
-		[]motd.Message{}, ""}
+		tempdir:          tempdir,
+		onGateway:        bonafide.Gateway{},
+		ptGateway:        bonafide.Gateway{},
+		statusCh:         make(chan string, 10),
+		managementClient: nil,
+		api:              api,
+		launch:           launch,
+		transport:        "",
+		obfsvpnProxy:     nil,
+		certPemPath:      "",
+		openvpnArgs:      []string{},
+		useUDP:           false,
+		useSnowflake:     false,
+		canUpgrade:       isUpgradeAvailable(),
+		motd:             motd.FetchLatest(),
+		provider:         "",
+	}
+
 	// FIXME multiprovider: need to pass provider name early on
 	// XXX we want to block on these, but they can timeout if we're blocked.
 	b.checkForMOTD()
@@ -111,7 +126,7 @@ func (b *Bitmask) GetStatusCh() <-chan string {
 }

 func (b *Bitmask) GetSnowflakeCh() <-chan *snowflake.StatusEvent {
-	return b.bonafide.GetSnowflakeCh()
+	return b.api.GetSnowflakeCh()
 }

 // Close the connection to bitmask, and does cleanup of temporal files
@@ -145,11 +160,11 @@ func (b *Bitmask) Version() (string, error) {
 }

 func (b *Bitmask) NeedsCredentials() bool {
-	return b.bonafide.NeedsCredentials()
+	return b.api.NeedsCredentials()
 }

 func (b *Bitmask) DoLogin(username, password string) (bool, error) {
-	return b.bonafide.DoLogin(username, password)
+	return b.api.DoLogin(username, password)
 }

 func (b *Bitmask) UseUDP(udp bool) {
@@ -162,7 +177,7 @@ func (b *Bitmask) UseSnowflake(s bool) error {
 }

 func (b *Bitmask) OffersUDP() bool {
-	return b.bonafide.IsUDPAvailable()
+	return b.api.IsUDPAvailable()
 }

 func (b *Bitmask) GetMotd() string {

--- a/pkg/vpn/interface.go
+++ b/pkg/vpn/interface.go
+package vpn
+
+import (
+	"0xacab.org/leap/bitmask-vpn/pkg/snowflake"
+	"0xacab.org/leap/bitmask-vpn/pkg/vpn/bonafide"
+)
+
+type apiInterface interface {
+	NeedsCredentials() bool
+	DoLogin(username, password string) (bool, error)
+	GetLocationQualityMap(transport string) map[string]float64
+	GetLocationLabels(transport string) map[string][]string
+	SetManualGateway(label string)
+	SetAutomaticGateway()
+	IsManualLocation() bool
+	IsUDPAvailable() bool
+	GetBestLocation(transport string) (string, error)
+	GetPemCertificate() ([]byte, error)
+	GetOpenvpnArgs() ([]string, error)
+	GetGatewayByIP(ip string) (bonafide.Gateway, error)
+	GetBestGateways(transport string) ([]bonafide.Gateway, error)
+	GetAllGateways(transport string) ([]bonafide.Gateway, error)
+	GetSnowflakeCh() chan *snowflake.StatusEvent
+}
--- a/pkg/vpn/openvpn.go
+++ b/pkg/vpn/openvpn.go
@@ -49,7 +49,7 @@ func (b *Bitmask) StartVPN(provider string) error {
 	if err != nil {
 		return err
 	}
-	b.openvpnArgs, err = b.bonafide.GetOpenvpnArgs()
+	b.openvpnArgs, err = b.api.GetOpenvpnArgs()
 	if err != nil {
 		return err
 	}
@@ -62,7 +62,7 @@ func (b *Bitmask) CanStartVPN() bool {
 	/* FIXME this is not enough. We should check, if provider needs
 	* credentials, if we have a valid token, otherwise remove it and
 	make sure that we're asking for the credentials input */
-	return !b.bonafide.NeedsCredentials()
+	return !b.api.NeedsCredentials()
 }

 func (b *Bitmask) startTransportForPrivateBridge(ctx context.Context, gw bonafide.Gateway) (proxy string, err error) {
@@ -98,7 +98,7 @@ func (b *Bitmask) startTransport(ctx context.Context, host string) (proxy string
 		return proxyAddr, nil
 	}

-	gateways, err := b.bonafide.GetBestGateways(b.transport)
+	gateways, err := b.api.GetBestGateways(b.transport)
 	if err != nil {
 		return "", err
 	}
@@ -226,7 +226,7 @@ func (b *Bitmask) startOpenVPN(ctx context.Context) error {

 			log.Debug().Msg("Getting a gateway with obfs4 transport...")

-			gateways, err := b.bonafide.GetBestGateways("obfs4")
+			gateways, err := b.api.GetBestGateways("obfs4")
 			if err != nil {
 				return err
 			}
@@ -261,7 +261,7 @@ func (b *Bitmask) startOpenVPN(ctx context.Context) error {
 		log.Info().
 			Str("args", strings.Join(arg, " ")).
 			Msg("args passed to bitmask-root")
-		gateways, err := b.bonafide.GetBestGateways("openvpn")
+		gateways, err := b.api.GetBestGateways("openvpn")
 		if err != nil {
 			return err
 		}
@@ -349,7 +349,7 @@ func (b *Bitmask) getCert() (certPath string, err error) {
 			log.Info().
 				Str("certPath", certPath).
 				Msg("Fetching certificate")
-			cert, err := b.bonafide.GetPemCertificate()
+			cert, err := b.api.GetPemCertificate()
 			if err != nil {
 				log.Warn().
 					Err(err).
@@ -373,7 +373,7 @@ func (b *Bitmask) getCert() (certPath string, err error) {
 // Explicit call to GetGateways, to be able to fetch them all before starting the vpn
 func (b *Bitmask) fetchGateways() {
 	log.Info().Msg("Fetching gateways...")
-	_, err := b.bonafide.GetAllGateways(b.transport)
+	_, err := b.api.GetAllGateways(b.transport)
 	if err != nil {
 		log.Warn().
 			Err(err).
@@ -447,7 +447,7 @@ func (b *Bitmask) ReloadFirewall() error {
 	}

 	if status != Off {
-		gateways, err := b.bonafide.GetAllGateways("any")
+		gateways, err := b.api.GetAllGateways("any")
 		if err != nil {
 			return err
 		}
@@ -479,22 +479,22 @@ func (b *Bitmask) VPNCheck() (helpers bool, privilege bool, err error) {
 }

 func (b *Bitmask) GetLocationQualityMap(transport string) map[string]float64 {
-	return b.bonafide.GetLocationQualityMap(transport)
+	return b.api.GetLocationQualityMap(transport)
 }

 func (b *Bitmask) GetLocationLabels(transport string) map[string][]string {
-	return b.bonafide.GetLocationLabels(transport)
+	return b.api.GetLocationLabels(transport)
 }

 // UseGateway selects a gateway, by label, as the default gateway
 func (b *Bitmask) UseGateway(label string) {
-	b.bonafide.SetManualGateway(label)
+	b.api.SetManualGateway(label)
 }

 // UseAutomaticGateway sets the gateway to be selected automatically
 // best gateway will be used
 func (b *Bitmask) UseAutomaticGateway() {
-	b.bonafide.SetAutomaticGateway()
+	b.api.SetAutomaticGateway()
 }

 // SetTransport selects an obfuscation transport to use

--- a/pkg/vpn/status.go
+++ b/pkg/vpn/status.go
@@ -88,7 +88,7 @@ func (b *Bitmask) eventHandler(eventCh <-chan management.Event) {
 				// we're using pluggable transports
 				b.onGateway = b.ptGateway
 			} else {
-				gw, err := b.bonafide.GetGatewayByIP(ip)
+				gw, err := b.api.GetGatewayByIP(ip)
 				if err == nil {
 					b.onGateway = gw
 					log.Info().
@@ -118,7 +118,7 @@ func (b *Bitmask) GetCurrentCountry() string {
 }

 func (b *Bitmask) GetBestLocation(transport string) string {
-	location, err := b.bonafide.GetBestLocation(transport)
+	location, err := b.api.GetBestLocation(transport)
 	if err != nil {
 		log.Warn().
 			Err(err).
@@ -129,7 +129,7 @@ func (b *Bitmask) GetBestLocation(transport string) string {
 }

 func (b *Bitmask) IsManualLocation() bool {
-	return b.bonafide.IsManualLocation()
+	return b.api.IsManualLocation()
 }

 func (b *Bitmask) getOpenvpnState() (string, error) {