169 lines
4.3 KiB
Lua
Executable File
169 lines
4.3 KiB
Lua
Executable File
#!/usr/bin/lua
|
|
|
|
local uci = require('simple-uci').cursor()
|
|
local ip = require 'luci.ip' -- luci-lib-ip
|
|
local fetch = require 'luci.httpclient'
|
|
local json = require 'luci.jsonc'
|
|
local ecdsa = require 'gluon.ecdsa'
|
|
local site = require 'gluon.site'
|
|
|
|
local pretty_hostname = require 'pretty_hostname'
|
|
local hostname = pretty_hostname.get(uci)
|
|
|
|
local manapi = site.manman.api()
|
|
local mankey = site.manman.key()
|
|
-- TODO: use manman ecdsa key to verify response
|
|
|
|
-- NOTE: these will have mesh_ appended for static-ip
|
|
local mappings = {
|
|
wifi = 'radio0',
|
|
tunnel = 'vpn'
|
|
}
|
|
|
|
function fetch_signed_json(url)
|
|
local code, res, result = fetch.request_raw(manapi .. url)
|
|
|
|
if code < 1 then
|
|
print('E: failed to fetch')
|
|
return 1
|
|
end
|
|
|
|
if code == 404 then
|
|
print('E: location does not exist')
|
|
return 2
|
|
end
|
|
|
|
if code ~= 200 then
|
|
print('E: got status code ' .. code)
|
|
return 1
|
|
end
|
|
|
|
-- cloudflare's reverse proxies send http chunked responses with chunk sizes
|
|
-- for whatever reasons the chunk size gets smashed into the result
|
|
-- this is a hack to fish it out, it is irrelevant on unaffected reverse proxies
|
|
local j_start = result:find('{')
|
|
local j_end = (result:reverse()):find("}")
|
|
result = string.sub(result, j_start, 1 - j_end)
|
|
|
|
local sig = res.headers['x-ecdsa']
|
|
local ts = res.headers['x-ecdsa-ts']
|
|
|
|
if not sig or not ts then
|
|
print('E: provided response is not signed')
|
|
return 1
|
|
end
|
|
|
|
local data = ts .. '@' .. result
|
|
if not ecdsa.verify(data, sig, mankey) then
|
|
print('E: signature invalid or not signed with expected key')
|
|
|
|
print('C: manman-sync is currently not properly signed')
|
|
print('C: this error will be actually considered once manapi has been fixed')
|
|
|
|
-- return 1
|
|
end
|
|
|
|
local obj = json.parse(result)
|
|
|
|
if obj == nil then
|
|
print('E: failed to parse json data')
|
|
return 1
|
|
end
|
|
|
|
return false, obj
|
|
end
|
|
|
|
if uci:get_bool('gluon-manman-sync', 'sync', 'enabled') then
|
|
local location_id = uci:get('gluon-manman-sync', 'sync', 'location_id')
|
|
|
|
if not location_id then
|
|
print('E: manman location_id missing')
|
|
return 2
|
|
end
|
|
|
|
-- check manman reachability, abort if not reachable
|
|
|
|
local success, a, b, c = pcall(function() return fetch.request_raw(manapi .. '/') end)
|
|
if not success then
|
|
print('E: couldnt reach manman: ' .. a)
|
|
return 1
|
|
else
|
|
if a ~= 200 then
|
|
print('E: couldnt reach manman - unexpected fetch result', a, b, c)
|
|
return 1
|
|
end
|
|
end
|
|
|
|
-- try to fetch data
|
|
print('Fetching manman data...')
|
|
local err, location = fetch_signed_json('/location/show/' .. location_id)
|
|
if err then
|
|
return err
|
|
end
|
|
|
|
print('Syncing with location ' .. location.location.name)
|
|
|
|
uci:set('gluon-node-info', 'owner', 'contact', location.administrator.email)
|
|
uci:set('gluon-node-info', 'location', 'share_location', '1')
|
|
uci:set('gluon-node-info', 'location', 'latitude', location.location.lat)
|
|
uci:set('gluon-node-info', 'location', 'longitutde', location.location.long)
|
|
|
|
local node
|
|
|
|
local should_hostname
|
|
|
|
if #location.nodes > 1 then
|
|
for i, potential_node in ipairs(location.nodes) do
|
|
if potential_node.name == hostname then
|
|
node = potential_node
|
|
should_hostname = location.location.name .. '-' .. node.name
|
|
end
|
|
end
|
|
else
|
|
node = location.nodes[1]
|
|
should_hostname = location.location.name
|
|
end
|
|
|
|
if node == nil then
|
|
print('E: unable to find matching node')
|
|
return 2
|
|
end
|
|
|
|
if hostname ~= should_hostname then
|
|
print('Renaming node to ' .. should_hostname)
|
|
pretty_hostname.set(uci, should_hostname)
|
|
end
|
|
|
|
print('Syncing data for node ' .. node.name)
|
|
|
|
-- TODO: compare device
|
|
|
|
-- check if anything changed since last time
|
|
-- if yes, apply changes and do gluon-reload
|
|
|
|
|
|
for i, net in ipairs(node.interfaces) do
|
|
net_name = net.name
|
|
net_mapped = mappings[net_name] or net_name
|
|
if not string.find(net_mapped, '_') then
|
|
net_mapped = 'mesh_' .. net_mapped
|
|
end
|
|
|
|
cidr = ip.new(net.ip, net.netmask):string()
|
|
|
|
print('Syncing ' .. net_name .. ' as ' .. net_mapped .. ' to ' .. cidr)
|
|
uci:set('gluon-static-ip', net_mapped, 'ip4', cidr)
|
|
end
|
|
|
|
uci:save('system')
|
|
uci:save('gluon-manman-sync')
|
|
uci:save('gluon-static-ip')
|
|
uci:save('gluon-node-info')
|
|
|
|
print('Applying changes...')
|
|
os.execute('exec gluon-reconfigure')
|
|
os.execute('exec gluon-reload')
|
|
else
|
|
print('manman-sync not enabled, skipping')
|
|
end
|