261 lines
7.2 KiB
Lua
Executable File
261 lines
7.2 KiB
Lua
Executable File
#!/usr/bin/lua
|
|
|
|
local uci = require('simple-uci').cursor()
|
|
local ip = require 'luci.ip' -- luci-lib-ip
|
|
local fetch = require 'luci.httpclient'
|
|
local json = require 'luci.jsonc'
|
|
local ecdsa = require 'gluon.ecdsa'
|
|
local site = require 'gluon.site'
|
|
|
|
local pretty_hostname = require 'pretty_hostname'
|
|
local hostname = pretty_hostname.get(uci)
|
|
|
|
local manapi = site.manman.api()
|
|
local mankey = site.manman.key()
|
|
-- TODO: use manman ecdsa key to verify response
|
|
|
|
-- NOTE: these will have mesh_ appended for static-ip
|
|
local mappings = {
|
|
wifi = 'radio0',
|
|
tunnel = 'vpn',
|
|
eth = 'other',
|
|
lan = 'other',
|
|
wan = 'uplink',
|
|
single = 'uplink',
|
|
}
|
|
|
|
-- https://stackoverflow.com/a/1647577/3990041
|
|
function string:split(pat)
|
|
pat = pat or '%s+'
|
|
local st, g = 1, self:gmatch("()("..pat..")")
|
|
local function getter(segs, seps, sep, cap1, ...)
|
|
st = sep and seps + #sep
|
|
return self:sub(segs, (seps or 0) - 1), cap1 or sep, ...
|
|
end
|
|
return function() if st then return getter(st, g()) end end
|
|
end
|
|
|
|
-- https://gist.github.com/Uradamus/10323382
|
|
local function shuffle(tbl)
|
|
for i = #tbl, 2, -1 do
|
|
local j = math.random(i)
|
|
tbl[i], tbl[j] = tbl[j], tbl[i]
|
|
end
|
|
return tbl
|
|
end
|
|
|
|
local function fetch_signed_json(remote, url)
|
|
local code, res, result = fetch.request_raw(remote .. url)
|
|
|
|
if code < 1 then
|
|
print('E: failed to fetch')
|
|
return 1
|
|
end
|
|
|
|
if code == 404 then
|
|
print('E: location does not exist')
|
|
return 2
|
|
end
|
|
|
|
if code ~= 200 then
|
|
print('E: got status code ' .. code)
|
|
return 1
|
|
end
|
|
|
|
-- cloudflare's reverse proxies send http chunked responses with chunk sizes
|
|
-- for whatever reasons the chunk size gets smashed into the result
|
|
-- this is a hack to fish it out, it is irrelevant on unaffected reverse proxies
|
|
local j_start = result:find('{')
|
|
local j_end = (result:reverse()):find("}")
|
|
result = string.sub(result, j_start, 1 - j_end)
|
|
|
|
local sig = res.headers['x-ecdsa']
|
|
local ts = res.headers['x-ecdsa-ts']
|
|
|
|
if not sig or not ts then
|
|
print('E: provided response is not signed')
|
|
return 1
|
|
end
|
|
|
|
local data = ts .. '@' .. result
|
|
if not ecdsa.verify(data, sig, mankey) then
|
|
print('E: signature invalid or not signed with expected key')
|
|
|
|
print('C: manman-sync is currently not properly signed')
|
|
print('C: this error will be actually considered once manapi has been fixed')
|
|
|
|
-- return 1
|
|
end
|
|
|
|
local obj = json.parse(result)
|
|
|
|
if obj == nil then
|
|
print('E: failed to parse json data')
|
|
return 1
|
|
end
|
|
|
|
return false, obj
|
|
end
|
|
|
|
if uci:get_bool('gluon-manman-sync', 'sync', 'enabled') then
|
|
local location_id = uci:get('gluon-manman-sync', 'sync', 'location_id')
|
|
|
|
if not location_id then
|
|
print('E: manman location_id missing')
|
|
return 2
|
|
end
|
|
|
|
-- check manman reachability, abort if not reachable
|
|
|
|
local working_remote
|
|
|
|
for _, remote in ipairs(shuffle(manapi)) do
|
|
if not working_remote then -- don't try other remotes if we got one that works
|
|
print('Trying remote ' .. remote)
|
|
|
|
local success, a, b, c = pcall(function() return fetch.request_raw(remote .. '/') end)
|
|
if not success then
|
|
print('E: couldnt reach manman: ' .. a)
|
|
else
|
|
if a ~= 200 then
|
|
print('E: couldnt reach manman - unexpected fetch result', a, b, c)
|
|
else
|
|
working_remote = remote
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
if not working_remote then
|
|
print('E: couldnt reach any manapi server, giving up')
|
|
return 1
|
|
end
|
|
|
|
-- try to fetch data
|
|
print('Fetching manman data...')
|
|
local err, location = fetch_signed_json(working_remote, '/location/show/' .. location_id)
|
|
if err then
|
|
return err
|
|
end
|
|
|
|
print('Syncing with location ' .. location.location.name)
|
|
|
|
if uci:get('gluon-manman-sync', 'sync', 'last_data') and json.stringify(location) == uci:get('gluon-manman-sync', 'sync', 'last_data') then
|
|
print('Nothing changed, skipping sync')
|
|
return 0
|
|
end
|
|
|
|
local local_router_id
|
|
for id, _ in string.split(hostname, '-') do
|
|
if id then
|
|
local_router_id = id
|
|
end
|
|
end
|
|
|
|
local local_node_name = uci:get('gluon-manman-sync', 'sync', 'node') or local_router_id
|
|
local local_node = uci:get('gluon-manman-sync', 'sync', 'node_id') or local_router_id
|
|
local node
|
|
local should_hostname
|
|
|
|
if #location.nodes > 1 then
|
|
for _, potential_node in ipairs(location.nodes) do
|
|
if (local_node ~= nil and tostring(potential_node.id) == local_node) or (local_node_name ~= nil and potential_node.name == local_node_name) then
|
|
node = potential_node
|
|
should_hostname = location.location.name .. '-' .. node.name
|
|
end
|
|
end
|
|
else
|
|
node = location.nodes[1]
|
|
should_hostname = location.location.name
|
|
end
|
|
|
|
-- save node data to update name and persist ID
|
|
uci:set('gluon-manman-sync', 'sync', 'node_id', node.id)
|
|
uci:set('gluon-manman-sync', 'sync', 'node', node.name)
|
|
|
|
if node == nil then
|
|
print('E: unable to find matching node (selector "' .. node .. '")')
|
|
return 2
|
|
end
|
|
|
|
print('Syncing data for node ' .. node.name)
|
|
|
|
if hostname ~= should_hostname then
|
|
print('Renaming node to ' .. should_hostname)
|
|
pretty_hostname.set(uci, should_hostname)
|
|
end
|
|
|
|
local owner = uci:get_first('gluon-node-info', 'owner')
|
|
uci:set('gluon-node-info', owner, 'contact', location.administrator.email)
|
|
local _location = uci:get_first('gluon-node-info', 'location')
|
|
uci:set('gluon-node-info', _location, 'share_location', '1')
|
|
uci:set('gluon-node-info', _location, 'latitude', location.location.lat)
|
|
uci:set('gluon-node-info', _location, 'longitude', location.location.long)
|
|
|
|
-- TODO: compare device
|
|
|
|
-- check if anything changed since last time
|
|
-- if yes, apply changes and do gluon-reload
|
|
|
|
local has_changes = false
|
|
|
|
-- Use this when changing something that needs a reload and/or rollback (not the hostname)
|
|
local function set(a, b, c, d, isbool)
|
|
local curval
|
|
|
|
if isbool then
|
|
curval = uci:get_bool(a, b, c)
|
|
else
|
|
curval = uci:get(a, b, c)
|
|
end
|
|
|
|
if curval ~= d then
|
|
uci:set(a, b, c, d)
|
|
print(' Value', a, b, c, 'changed to', d, 'was', curval)
|
|
has_changes = true
|
|
else
|
|
print(' Value', a, b, c, 'unchanged', d)
|
|
end
|
|
end
|
|
|
|
local has_tunnel = false
|
|
|
|
for _, net in ipairs(node.interfaces) do
|
|
local net_name = net.name
|
|
if net_name == 'tunnel' or net_name == 'vpn' or net_name == 'mesh_vpn' then
|
|
has_tunnel = true
|
|
end
|
|
local net_mapped = mappings[net_name] or net_name
|
|
if not string.find(net_mapped, '_') then
|
|
net_mapped = 'mesh_' .. net_mapped
|
|
end
|
|
|
|
local cidr = ip.new(net.ip, net.netmask):string()
|
|
|
|
print('Syncing ' .. net_name .. ' as ' .. net_mapped .. ' to ' .. cidr)
|
|
set('gluon-static-ip', net_mapped, 'ip4', cidr)
|
|
end
|
|
|
|
print('Syncing mesh vpn: ' .. (has_tunnel and 'on' or 'off'))
|
|
set('gluon', 'mesh_vpn', 'enabled', has_tunnel, true)
|
|
|
|
uci:set('gluon-manman-sync', 'sync', 'last_data', json.stringify(location))
|
|
|
|
uci:save('system')
|
|
uci:save('gluon')
|
|
uci:save('gluon-manman-sync')
|
|
uci:save('gluon-static-ip')
|
|
uci:save('gluon-node-info')
|
|
os.execute('exec uci commit')
|
|
|
|
if has_changes then
|
|
print('Applying changes...')
|
|
os.execute('exec gluon-reconfigure')
|
|
os.execute('exec gluon-reload')
|
|
else
|
|
print('No settings changes, no reason to reload')
|
|
end
|
|
else
|
|
print('manman-sync not enabled, skipping')
|
|
end
|