diff --git a/README.md b/README.md
index dec1ec49866a7d82d0661b09d7f9183d0a91b075..9f1461a22fb68fcc3b258609746ea3f358f8530a 100644
--- a/README.md
+++ b/README.md
@@ -146,8 +146,6 @@ To visit the public url, you can point your browser to:
http://localhost:8443/api/swagger/index.html
```
-If you want to make the general gateway and bridges endpoints public enable it by using flags `--allow-gateway-list --allow-bridge-list`
-
```
go run ./cmd/menshen/main.go --verbose \
@@ -155,7 +153,6 @@ go run ./cmd/menshen/main.go --verbose \
--from-eip-url https://api.demo.bitmask.net:4430/3/config/eip-service.json \
--ca-file test/demo.crt \
--client-cert-url https://api.demo.bitmask.net:4430/3/cert \
---allow-gateway-list --allow-bridge-list
```
If you're not running `menshen` as part of an orchestration platform that can set up TLS certificates for you,
@@ -171,8 +168,6 @@ For help on the optional flags, run with `-h`:
❯ ./menshen -h
Usage of ./menshen:
--algo string Select the preferred algorithm for certificate generation currently supported ecdsa, ed25519 (default "ed25519")
- --allow-bridge-list allow public bridge listing
- --allow-gateway-list allow public gateway listing
--auto-tls configure auto TLS using Lets Encrypt
--ca-file string filename with CA certificate used for validating certificates
--client-cert-url string url that returns a valid OpenVPN certificate and private key in plain text
diff --git a/cmd/menshen/main.go b/cmd/menshen/main.go
index 2ded484a409d23bd7081c00418a9cd12ed9a0eb2..2f00a0120c759ed953a4e364aa495aa878ab54e4 100644
--- a/cmd/menshen/main.go
+++ b/cmd/menshen/main.go
@@ -21,8 +21,6 @@ var (
// to manually add the parameters to the environment bindings for viper in the main function.
addrLoadBalancer = "lb-addr"
enableCertv3 = "enable-cert-v3"
- allowBridgeList = "allow-bridge-list"
- allowGatewayList = "allow-gateway-list"
autoTLS = "auto-tls"
fromEIPFile = "from-eip-file"
fromEIPURL = "from-eip-url"
@@ -69,8 +67,6 @@ func main() {
flag.String(addrLoadBalancer, ":9003", "Address for load balancer to listen on")
flag.Bool(enableCertv3, false, "enable /3/cert endpoint for rsa cert generation")
- flag.Bool(allowGatewayList, false, "allow public gateway listing")
- flag.Bool(allowBridgeList, false, "allow public bridge listing")
flag.Bool(autoTLS, false, "configure auto TLS using Lets Encrypt")
flag.String(localBridges, "", "comma-separated list of addresses for the control port of bridges")
flag.String(fromEIPFile, "", "start from eip-service file (legacy)")
@@ -123,8 +119,6 @@ func main() {
err = viper.BindEnv(portMetrics, "MENSHEN_METRICS_PORT")
err = viper.BindEnv(addrLoadBalancer, "MENSHEN_LB_ADDR")
err = viper.BindEnv(enableCertv3, "ENABLE_CERT_V3")
- err = viper.BindEnv(allowGatewayList, "MENSHEN_ALLOW_GATEWAY_LIST")
- err = viper.BindEnv(allowBridgeList, "MENSHEN_ALLOW_BRIDGE_LIST")
err = viper.BindEnv(autoTLS, "MENSHEN_AUTO_TLS")
err = viper.BindEnv(localBridges, "MENSHEN_LOCALBRIDGES")
err = viper.BindEnv(fromEIPFile, "MENSHEN_FROM_EIP_FILE")
@@ -164,8 +158,6 @@ func main() {
cfg := &api.Config{
EnableCertv3: viper.GetBool(enableCertv3),
- AllowGatewayListing: viper.GetBool(allowGatewayList),
- AllowBridgeListing: viper.GetBool(allowBridgeList),
AutoTLS: viper.GetBool(autoTLS),
ServerName: viper.GetString(serverName),
EIP: viper.GetString(fromEIPFile),
diff --git a/docker-compose.yml b/docker-compose.yml
index 01a8c063bcc3907f08d5f9471efeb7a617ff5cb6..d24f18bf0d57201463d2dd1ffbb90445261d11ee 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -15,8 +15,6 @@ services:
- MENSHEN_OVPN_CA_CRT=/etc/leap/test/ovpn_client_ca.crt
- MENSHEN_OVPN_CA_KEY=/etc/leap/test/ovpn_client_ca.key
- MENSHEN_PORT=8443
- - MENSHEN_ALLOW_GATEWAY_LIST=true
- - MENSHEN_ALLOW_BRIDGE_LIST=true
- MENSHEN_AUTO_TLS=false
- MENSHEN_VERBOSE=true
ports:
diff --git a/pkg/api/api.go b/pkg/api/api.go
index b203a0ed47e2b3c92a3345456a9ace19023b9dbe..d18ec0ec495430aa973fabe1b8535af61ffee18b 100644
--- a/pkg/api/api.go
+++ b/pkg/api/api.go
@@ -87,16 +87,10 @@ func InitServer(cfg *Config) *echo.Echo {
if cfg.EnableCertv3 {
e.GET("/3/cert", CertGenHelper(r, cfg.OvpnCaCrt, cfg.OvpnCaKey, "rsa", cfg.OvpnClientCrtExpiry, false))
}
- // TODO this is a simple API to serve a single randomized gateway per location
- e.GET("/api/5/gateway", r.GatewayPicker)
- e.GET("/api/5/bridge/:location", r.BridgePicker)
-
- if cfg.AllowGatewayListing {
- e.GET("/api/5/gateways", r.ListAllGateways)
- }
- if cfg.AllowBridgeListing {
- e.GET("/api/5/bridges", r.ListAllBridges)
- }
+ // Deprecated: remove /api/5/gateway after 2 Android stable releases (current version 1.5.1)
+ e.GET("/api/5/gateway", r.ListAllGateways)
+ e.GET("/api/5/gateways", r.ListAllGateways)
+ e.GET("/api/5/bridges", r.ListAllBridges)
e.GET("/api/5/service", r.ServiceInfo)
diff --git a/pkg/api/config.go b/pkg/api/config.go
index d413e49d583031a273b7ddbad4e47085b7f0dcd7..ce1116ce619f36d1569cc54d7a41b81bd0ed51e1 100644
--- a/pkg/api/config.go
+++ b/pkg/api/config.go
@@ -1,10 +1,8 @@
package api
type Config struct {
- EnableCertv3 bool
- AllowGatewayListing bool
- AllowBridgeListing bool
- AutoTLS bool
+ EnableCertv3 bool
+ AutoTLS bool
// EIP is an existing EIPv3 file in the local filesystem (legacy)
EIP string
// EIPULR is a remote endpoint where to fetch an existing EIPv3 file from (legacy)
diff --git a/pkg/api/gateway.go b/pkg/api/gateway.go
index 7027777e3ba9bca3da5193e5a88c4ff6f2fa30ce..990a22ef46d6980c3937db20a08d9e26e4db17d9 100644
--- a/pkg/api/gateway.go
+++ b/pkg/api/gateway.go
@@ -22,109 +22,6 @@ var (
paramCountryCode = "cc"
)
-// GatewayPicker godoc
-// @Summary Get gateways by location, countrycode or random
-// @Description Get Gateways with param countrycode for nearest, or with param location to get a gateway in specific location, or a random one without params
-// @Tags Provisioning
-// @Accept json
-// @Produce json
-// @Success 200 {object} []models.Gateway
-// @Failure 400 {object} error
-// @Failure 404 {object} error
-// @Failure 500 {object} error
-// @Router /api/5/gateway [get]
-// @Param cc query string optional "Country code (ISO-2)"
-// @Param loc query string optional "location"
-// @Security BucketTokenAuth
-func (r *registry) GatewayPicker(c echo.Context) error {
- // TODO implement limits
- // TODO implement rate-limiting
- // TODO disable this listing optionally
-
- countryCode := c.QueryParam("cc")
- location := c.QueryParam("loc")
-
- var selectedLocation string
- if location != "" {
- // check if requested location is supported
- keys := make([]string, 0, len(r.locations))
- for k := range r.locations {
- keys = append(keys, k)
- }
- if !slices.Contains(keys, location) {
- log.Debug().
- Str("location", location).
- Msg("specified location not in r.locations")
- return c.JSON(http.StatusBadRequest, "Location not supported")
- }
- selectedLocation = location
- log.Debug().Msgf("returning gateway for requested location %s", selectedLocation)
- } else if countryCode != "" {
- // find nearest location for the given countryCode
- log.Debug().Msgf("finding best gateway for Countrycode = %s", countryCode)
- clientCentroid, err := geolocate.GetCentroidForCountry(countryCode)
- if err != nil {
- return c.JSON(http.StatusBadRequest, "CountryCode not supported")
- }
- minDistance := math.MaxFloat64
- // Iterate through gateway locations and calculate distance to each
- for _, loc := range r.locations {
- gatewayLat, err1 := strconv.ParseFloat(loc.Lat, 64)
- gatewayLon, err2 := strconv.ParseFloat(loc.Lon, 64)
- if err1 != nil || err2 != nil {
- log.Debug().Msgf("invalid latitude or longitude for location: %s", loc.DisplayName)
- }
- log.Debug().Msgf(">> %s %f %f", loc.CountryCode, gatewayLat, gatewayLon)
- distance := euclideanDistance(clientCentroid.Lat, clientCentroid.Lon, gatewayLat, gatewayLon)
- log.Debug().Msgf("distance to %s :: %f", loc.Label, distance)
-
- if distance < minDistance {
- minDistance = distance
- selectedLocation = loc.Label
- }
- }
- } else {
- // choose random location
- log.Debug().Msg("request without countrycode")
- keys := make([]string, 0, len(r.locations))
- for k := range r.locations {
- keys = append(keys, k)
- }
-
- log.Debug().Msg("returning gateway for random location")
- selectedLocation = keys[rand.Intn(len(keys))]
- log.Debug().Msgf("returning gateway for randomly chosen location %s", selectedLocation)
- }
-
- gateways := r.gateways[selectedLocation]
-
- filters := make([]func(*m.Gateway) bool, 0)
- filters = maybeAddGatewayBucketFilter(c, filters)
- filters = maybeAddLastSeenGatewayCutoffFilter(r, filters)
- filtered := filter[*m.Gateway](alltrue(filters), gateways)
-
- randIndex := 0
- if len(filtered) == 0 {
- return c.JSON(http.StatusOK, filtered)
- } else if len(filtered) > 1 {
- randIndex = rand.Intn(len(filtered))
- }
-
- var selectedGateway []*m.Gateway
- for _, gPointer := range filtered {
- g := *gPointer
- if g.Host == filtered[randIndex].Host {
- selectedGateway = append(selectedGateway, gPointer)
- }
- }
- return c.JSON(http.StatusOK, selectedGateway)
-}
-
-// Function to calculate the Euclidean distance between two points (lat, lon)
-func euclideanDistance(lat1, lon1, lat2, lon2 float64) float64 {
- return math.Sqrt(math.Pow(lat2-lat1, 2) + math.Pow(lon2-lon1, 2))
-}
-
var (
maxGateways = 4
paramsGetAllGateways = []string{"tr", "port", "loc"}
diff --git a/test/compose-files/docker-compose-remote-client-cert-selfsigned.yml b/test/compose-files/docker-compose-remote-client-cert-selfsigned.yml
index f050259e74a37ffd059176bc15a41c1dd8b07c80..cf8843cc4566068c5c4393f3dbf4c26a4332c47f 100644
--- a/test/compose-files/docker-compose-remote-client-cert-selfsigned.yml
+++ b/test/compose-files/docker-compose-remote-client-cert-selfsigned.yml
@@ -9,8 +9,6 @@ services:
- MENSHEN_CA_FILE=/etc/leap/test/provider.crt
- MENSHEN_DB_FILE=/tmp/sqlite.db
- MENSHEN_PORT=8443
- - MENSHEN_ALLOW_GATEWAY_LIST=true
- - MENSHEN_ALLOW_BRIDGE_LIST=true
- MENSHEN_AUTO_TLS=false
- MENSHEN_VERBOSE=false
network_mode: host
diff --git a/test/compose-files/docker-compose.yml b/test/compose-files/docker-compose.yml
index d3a66d9d3ab2507afe7d88c1908b2f7982840a34..850099b414fe96702e481d791a454fa94a569bda 100644
--- a/test/compose-files/docker-compose.yml
+++ b/test/compose-files/docker-compose.yml
@@ -12,8 +12,6 @@ services:
- MENSHEN_OVPN_CA_CRT=/etc/leap/test/ovpn_client_ca.crt
- MENSHEN_OVPN_CA_KEY=/etc/leap/test/ovpn_client_ca.key
- MENSHEN_PORT=8443
- - MENSHEN_ALLOW_GATEWAY_LIST=true
- - MENSHEN_ALLOW_BRIDGE_LIST=true
- MENSHEN_AUTO_TLS=false
- MENSHEN_VERBOSE=true
- ENABLE_CERT_V3=true