From 503c6819b2cb56206712a72cb248b326bc1f2359 Mon Sep 17 00:00:00 2001 From: Michael Stapelberg Date: Sun, 15 Jan 2023 17:06:07 +0100 Subject: [PATCH] breakglass: use httpclient.For() for host-specific fallback --- cmd/breakglass/breakglass.go | 70 +++++------------------------------- go.mod | 2 +- go.sum | 4 +-- 3 files changed, 11 insertions(+), 65 deletions(-) diff --git a/cmd/breakglass/breakglass.go b/cmd/breakglass/breakglass.go index c3676c0..c9a9509 100644 --- a/cmd/breakglass/breakglass.go +++ b/cmd/breakglass/breakglass.go @@ -46,46 +46,19 @@ func (bg *bg) startBreakglass() error { return err } - schema := "http" - certPath, _, err := tlsflag.CertificatePathsFor(bg.cfg.Hostname) + updateHttpClient, foundMatchingCertificate, updateBaseURL, err := httpclient.For(bg.cfg) if err != nil { return err } - if certPath != "" { - schema = "https" - } - - if bg.cfg.Update.HTTPPort == "" { - bg.cfg.Update.HTTPPort = "80" - } - - if bg.cfg.Update.HTTPSPort == "" { - bg.cfg.Update.HTTPSPort = "443" - } - - update, err := bg.cfg.Update.WithFallbackToHostSpecific(bg.cfg.Update.Hostname) - if err != nil { - return err - } - - updateBaseUrl, err := updateflag.BaseURL(update.HTTPPort, schema, update.Hostname, update.HTTPPassword) - if err != nil { - return err - } - - updateHttpClient, foundMatchingCertificate, err := tlsflag.GetTLSHttpClient(updateBaseUrl) - if err != nil { - return fmt.Errorf("getting http client by tls flag: %v", err) - } updateHttpClient.Jar = jar - remoteScheme, err := httpclient.GetRemoteScheme(updateBaseUrl) + remoteScheme, err := httpclient.GetRemoteScheme(updateBaseURL) if remoteScheme == "https" && !tlsflag.Insecure() { - updateBaseUrl.Scheme = "https" - updateflag.SetUpdate(updateBaseUrl.String()) + updateBaseURL.Scheme = "https" + updateflag.SetUpdate(updateBaseURL.String()) } - if updateBaseUrl.Scheme != "https" && foundMatchingCertificate { + if updateBaseURL.Scheme != "https" && foundMatchingCertificate { fmt.Printf("\n") fmt.Printf("!!!WARNING!!! Possible SSL-Stripping detected!\n") fmt.Printf("Found certificate for hostname in your client configuration but the host does not offer https!\n") @@ -100,7 +73,7 @@ func (bg *bg) startBreakglass() error { return err } - form, err := updateHttpClient.Get(updateBaseUrl.String() + "status?path=/user/breakglass") + form, err := updateHttpClient.Get(updateBaseURL.String() + "status?path=/user/breakglass") if err != nil { return err } @@ -133,7 +106,7 @@ func (bg *bg) startBreakglass() error { } log.Printf("restarting breakglass") - resp, err := updateHttpClient.Post(updateBaseUrl.String()+"restart?path=/user/breakglass&xsrftoken="+xsrfToken, "", nil) + resp, err := updateHttpClient.Post(updateBaseURL.String()+"restart?path=/user/breakglass&xsrftoken="+xsrfToken, "", nil) if err != nil { return err } @@ -268,28 +241,8 @@ func breakglass() error { if err != nil { if os.IsNotExist(err) { // best-effort compatibility for old setups - hostname := instance - port, err := config.HostnameSpecific(hostname).ReadFile("http-port.txt") - if err != nil && !os.IsNotExist(err) { - return err - } - if port == "" { - port = "80" - } - - _, updateHostname := updateflag.GetUpdateTarget(hostname) - pw, err := config.HostnameSpecific(updateHostname).ReadFile("http-password.txt") - if err != nil { - return err - } - cfg = &config.Struct{ - Hostname: updateHostname, - Update: &config.UpdateStruct{ - Hostname: updateHostname, - HTTPPort: port, - HTTPPassword: pw, - }, + Hostname: instance, } } else { return err @@ -305,13 +258,6 @@ func breakglass() error { cfg.Update.Hostname = cfg.Hostname } hostname := cfg.Update.Hostname - if cfg.Update.HTTPPassword == "" { - pwb, err := config.HostnameSpecific(hostname).ReadFile("http-password.txt") - if err != nil { - return err - } - cfg.Update.HTTPPassword = pwb - } log.Printf("checking breakglass status on gokrazy instance %q", bg.cfg.Hostname) if err := bg.startBreakglass(); err != nil { diff --git a/go.mod b/go.mod index dfea23f..50572df 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.19 require ( github.com/gokrazy/gokrazy v0.0.0-20211024151958-b718dd90ae71 - github.com/gokrazy/internal v0.0.0-20230115123531-063b533a8f8a + github.com/gokrazy/internal v0.0.0-20230115154105-e09e239138b9 github.com/google/renameio/v2 v2.0.0 github.com/google/shlex v0.0.0-20181106134648-c34317bd91bf github.com/kr/pty v1.1.8 diff --git a/go.sum b/go.sum index a4694a1..d4ddafb 100644 --- a/go.sum +++ b/go.sum @@ -7,8 +7,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/gokrazy/gokrazy v0.0.0-20211024151958-b718dd90ae71 h1:NHLkr4NYMY9gZGTI+jzIo38ZffMHkPbBzMcUDkyHs0g= github.com/gokrazy/gokrazy v0.0.0-20211024151958-b718dd90ae71/go.mod h1:eq2ROPhZJtxxEi21P8cbNqP8pwRBSpW/4LGKwNiQg2Y= github.com/gokrazy/internal v0.0.0-20210621162516-1b3b5687a06d/go.mod h1:Gqv1x1DNrObmBvVvblpZbvZizZ0dU5PwiwYHipmtY9Y= -github.com/gokrazy/internal v0.0.0-20230115123531-063b533a8f8a h1:f8nC+tW9jR3dG4Bl593d8G8076YDF/sV0ZNMoC4xE9E= -github.com/gokrazy/internal v0.0.0-20230115123531-063b533a8f8a/go.mod h1:ddHcxXZ/VVQOSAWcRBbkYY58+QOw4L145ye6phyDmRA= +github.com/gokrazy/internal v0.0.0-20230115154105-e09e239138b9 h1:yt8pWahXJHTxYEoLla8pjE4HJyFJcoq2rV6IpluqMzg= +github.com/gokrazy/internal v0.0.0-20230115154105-e09e239138b9/go.mod h1:ddHcxXZ/VVQOSAWcRBbkYY58+QOw4L145ye6phyDmRA= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/gopacket v1.1.16/go.mod h1:UCLx9mCmAwsVbn6qQl1WIEt2SO7Nd2fD0th1TBAsqBw=