token configs and secure grpc working

compose/docker-compose.localserver.yml

@@ -21,6 +21,6 @@ services:
     ports:
       - "80:80"
     environment:
-      BACKEND_URL: "http://HOST_IP:8081"
+      BACKEND_URL: "http://localhost:8081"
 volumes:
   mongovol: {}

controllers/networkHttpController.go

@@ -9,7 +9,6 @@ import (
 	"net/http"
 	"strings"
 	"time"
-	"github.com/jinzhu/copier"
 	"github.com/go-playground/validator/v10"
 	"github.com/gorilla/mux"
 	"github.com/gravitl/netmaker/functions"
@@ -679,15 +678,27 @@ func CreateAccessKey(accesskey models.AccessKey, network models.Network) (models
 	netID := network.NetID
 
         var accessToken models.AccessToken
-        var tokensrvcfg models.ServerConfig
-        var tokenwgcfg models.WG
-        srvcfg := servercfg.GetServerConfig()
-        wgcfg := servercfg.GetWGConfig()
-        copier.Copy(tokensrvcfg, srvcfg)
-        copier.Copy(tokenwgcfg, wgcfg)
-
-        accessToken.ServerConfig = tokensrvcfg
-        accessToken.WG = tokenwgcfg
+        s := servercfg.GetServerConfig()
+        w := servercfg.GetWGConfig()
+	servervals := models.ServerConfig{
+			APIConnString: s.APIConnString,
+			APIHost: s.APIHost,
+			APIPort: s.APIPort,
+			GRPCConnString: s.GRPCConnString,
+			GRPCHost: s.GRPCHost,
+			GRPCPort: s.GRPCPort,
+			GRPCSSL: s.GRPCSSL,
+			}
+	wgvals := models.WG{
+			GRPCWireGuard: w.GRPCWireGuard,
+			GRPCWGAddress: w.GRPCWGAddress,
+			GRPCWGPort: w.GRPCWGPort,
+			GRPCWGPubKey: w.GRPCWGPubKey,
+			GRPCWGEndpoint: s.APIHost,
+		}
+
+        accessToken.ServerConfig = servervals
+        accessToken.WG = wgvals
 	accessToken.ClientConfig.Network = netID
 	accessToken.ClientConfig.Key = accesskey.Value
 	accessToken.ClientConfig.LocalRange = privAddr
@@ -733,15 +744,27 @@ func GetSignupToken(netID string) (models.AccessKey, error) {
 
 	var accesskey models.AccessKey
 	var accessToken models.AccessToken
-	var tokensrvcfg models.ServerConfig
-	var tokenwgcfg models.WG
-        srvcfg := servercfg.GetServerConfig()
-        wgcfg := servercfg.GetWGConfig()
-	copier.Copy(tokensrvcfg, srvcfg)
-	copier.Copy(tokenwgcfg, wgcfg)
-
-	accessToken.ServerConfig = tokensrvcfg
-	accessToken.WG = tokenwgcfg
+        s := servercfg.GetServerConfig()
+        w := servercfg.GetWGConfig()
+        servervals := models.ServerConfig{
+                        APIConnString: s.APIConnString,
+                        APIHost: s.APIHost,
+                        APIPort: s.APIPort,
+                        GRPCConnString: s.GRPCConnString,
+                        GRPCHost: s.GRPCHost,
+                        GRPCPort: s.GRPCPort,
+                        GRPCSSL: s.GRPCSSL,
+                        }
+        wgvals := models.WG{
+                        GRPCWireGuard: w.GRPCWireGuard,
+                        GRPCWGAddress: w.GRPCWGAddress,
+                        GRPCWGPort: w.GRPCWGPort,
+                        GRPCWGPubKey: w.GRPCWGPubKey,
+                        GRPCWGEndpoint: s.APIHost,
+                }
+
+        accessToken.ServerConfig = servervals
+        accessToken.WG = wgvals
 
 	tokenjson, err := json.Marshal(accessToken)
         if err != nil {

models/accessToken.go

@@ -24,8 +24,8 @@ type ServerConfig struct {
 
 type WG struct {
   GRPCWireGuard  string  `json:"grpcwg"`
-  GRPCWGAddress  string `json:"grpcaddr"`
-  GRPCWGPort  string  `json:"grpcport"`
-  GRPCWGPubKey  string  `json:"pubkey"`
-  GRPCWGEndpoint  string  `json:"endpoint"`
+  GRPCWGAddress  string `json:"grpcwgaddr"`
+  GRPCWGPort  string  `json:"grpcwgport"`
+  GRPCWGPubKey  string  `json:"grpcwgpubkey"`
+  GRPCWGEndpoint  string  `json:"grpcwgendpoint"`
 }

netclient/config/config.go

@@ -14,6 +14,7 @@ import (
 	"github.com/gravitl/netmaker/models"
 )
 type GlobalConfig struct {
+	GRPCWireGuard string `yaml:"grpcwg"`
 	Client models.IntClient
 }
 
@@ -478,6 +479,7 @@ func GetCLIConfigRegister(c *cli.Context) (GlobalConfig, error){
                         log.Println("error converting token json to object", tokenbytes )
                         return cfg, err
                 }
+		cfg.GRPCWireGuard = accesstoken.WG.GRPCWireGuard
 		cfg.Client.ServerPrivateAddress = accesstoken.WG.GRPCWGAddress
 		cfg.Client.ServerGRPCPort = accesstoken.WG.GRPCWGPort
 		if err != nil {

netclient/functions/checkin.go

@@ -1,6 +1,8 @@
 package functions
 
 import (
+        "google.golang.org/grpc/credentials"
+        "crypto/tls"
 	"fmt"
 	"context"
 	"strings"
@@ -120,10 +122,13 @@ func CheckIn(network string) error {
 		nodecfg = cfg.Node
 	}
 
-
         var wcclient nodepb.NodeServiceClient
         var requestOpts grpc.DialOption
         requestOpts = grpc.WithInsecure()
+        if cfg.Server.GRPCSSL == "on" {
+                h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}})
+                requestOpts = grpc.WithTransportCredentials(h2creds)
+        }
         conn, err := grpc.Dial(servercfg.GRPCAddress, requestOpts)
         if err != nil {
 		fmt.Printf("Cant dial GRPC server: %v", err)
@@ -296,6 +301,10 @@ func Pull (network string) error{
 	var wcclient nodepb.NodeServiceClient
         var requestOpts grpc.DialOption
         requestOpts = grpc.WithInsecure()
+        if cfg.Server.GRPCSSL == "on" {
+                h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}})
+                requestOpts = grpc.WithTransportCredentials(h2creds)
+        }
         conn, err := grpc.Dial(servercfg.GRPCAddress, requestOpts)
         if err != nil {
                 fmt.Printf("Cant dial GRPC server: %v", err)
@@ -342,6 +351,10 @@ func Push (network string) error{
         var wcclient nodepb.NodeServiceClient
         var requestOpts grpc.DialOption
         requestOpts = grpc.WithInsecure()
+        if cfg.Server.GRPCSSL == "on" {
+                h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}})
+                requestOpts = grpc.WithTransportCredentials(h2creds)
+        }
         conn, err := grpc.Dial(servercfg.GRPCAddress, requestOpts)
         if err != nil {
                 fmt.Printf("Cant dial GRPC server: %v", err)

netclient/functions/common.go

@@ -1,6 +1,8 @@
 package functions
 
 import (
+        "google.golang.org/grpc/credentials"
+        "crypto/tls"
 	"fmt"
 	"encoding/json"
 	"errors"
@@ -287,6 +289,10 @@ func LeaveNetwork(network string) error {
         var wcclient nodepb.NodeServiceClient
         var requestOpts grpc.DialOption
         requestOpts = grpc.WithInsecure()
+        if cfg.Server.GRPCSSL == "on" {
+                h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}})
+                requestOpts = grpc.WithTransportCredentials(h2creds)
+        }
         conn, err := grpc.Dial(servercfg.GRPCAddress, requestOpts)
 	if err != nil {
                 log.Printf("Unable to establish client connection to " + servercfg.GRPCAddress + ": %v", err)

netclient/functions/join.go

@@ -28,7 +28,7 @@ func JoinNetwork(cfg config.ClientConfig) error {
 		   err := errors.New("ALREADY_INSTALLED. Netclient appears to already be installed for " + cfg.Network + ". To re-install, please remove by executing 'sudo netclient leave -n " + cfg.Network + "'. Then re-run the install command.")
 		return err
 	}
-	log.Println("attempting to joining " + cfg.Network + " at " + cfg.Server.GRPCAddress)
+	log.Println("attempting to join " + cfg.Network + " at " + cfg.Server.GRPCAddress)
 	err := config.Write(&cfg, cfg.Network)
 	if err != nil {
 		return err
@@ -141,17 +141,16 @@ func JoinNetwork(cfg config.ClientConfig) error {
 	}
 	var wcclient nodepb.NodeServiceClient
 	var requestOpts grpc.DialOption
-	log.Println("cant believe we made it")
-	//requestOpts = grpc.WithInsecure()
-	h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}})
-	requestOpts = grpc.WithTransportCredentials(h2creds)
-
+	requestOpts = grpc.WithInsecure()
+	if cfg.Server.GRPCSSL == "on" {
+		h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}})
+		requestOpts = grpc.WithTransportCredentials(h2creds)
+	}
 	conn, err := grpc.Dial(cfg.Server.GRPCAddress, requestOpts)
 
         if err != nil {
-                log.Fatalf("Unable to establish client connection to localhost:50051: %v", err)
+                log.Fatalf("Unable to establish client connection to " + cfg.Server.GRPCAddress + ": %v", err)
         }
-        log.Println("cant believe we made it 2")
 
         wcclient = nodepb.NewNodeServiceClient(conn)
 
@@ -174,7 +173,6 @@ func JoinNetwork(cfg config.ClientConfig) error {
         if err != nil {
 		return err
         }
-        log.Println("cant believe we made it 3")
 
         res, err := wcclient.CreateNode(
                 context.TODO(),
@@ -182,8 +180,6 @@ func JoinNetwork(cfg config.ClientConfig) error {
                         Node: postnode,
                 },
         )
-	log.Println(res)
-        log.Println("cant believe we made it 3.5")
         if err != nil {
                 return err
         }
@@ -192,7 +188,6 @@ func JoinNetwork(cfg config.ClientConfig) error {
                 return err
         }
 
-        log.Println("cant believe we made it 3.75")
        if node.Dnsoff==true  {
 		cfg.Node.DNS = "yes"
 	}
@@ -203,8 +198,6 @@ func JoinNetwork(cfg config.ClientConfig) error {
 		}
 		node.Endpoint = node.Localaddress
 	}
-        log.Println("cant believe we made it 4")
-
         err = config.ModConfig(node)
         if err != nil {
                 return err

netclient/main.go

@@ -200,7 +200,11 @@ func main() {
             Flags: cliFlags,
             Action: func(c *cli.Context) error {
                 cfg, err := config.GetCLIConfigRegister(c)
-                if err != nil {
+		if err != nil {
+                        return err
+                }
+                if cfg.GRPCWireGuard == "off" {
+                        log.Println("Server is not using WireGuard to secure GRPC. Skipping.")
                         return err
                 }
                 if cfg.Client.ServerPrivateAddress == "" {

netclient/server/grpc.go

@@ -1,6 +1,8 @@
 package server
 
 import (
+        "google.golang.org/grpc/credentials"
+        "crypto/tls"
 	"fmt"
 	"context"
 	"log"
@@ -73,10 +75,13 @@ func RemoveNetwork(network string) error {
         node := cfg.Node
 	fmt.Println("Deleting remote node with MAC: " + node.MacAddress)
 
-
         var wcclient nodepb.NodeServiceClient
         var requestOpts grpc.DialOption
         requestOpts = grpc.WithInsecure()
+        if cfg.Server.GRPCSSL == "on" {
+                h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}})
+                requestOpts = grpc.WithTransportCredentials(h2creds)
+        }
         conn, err := grpc.Dial(servercfg.GRPCAddress, requestOpts)
 	if err != nil {
                 log.Printf("Unable to establish client connection to " + servercfg.GRPCAddress + ": %v", err)

netclient/wireguard/kernel.go

@@ -2,6 +2,8 @@ package wireguard
 
 import (
 	//"github.com/davecgh/go-spew/spew"
+        "google.golang.org/grpc/credentials"
+        "crypto/tls"
 	"fmt"
 	"strconv"
 	"errors"
@@ -328,10 +330,20 @@ func SetWGKeyConfig(network string, serveraddr string) error {
         ctx := context.Background()
         var header metadata.MD
 
+        cfg, err := config.ReadConfig(network)
+        if err != nil {
+                return err
+        }
+
         var wcclient nodepb.NodeServiceClient
         var requestOpts grpc.DialOption
         requestOpts = grpc.WithInsecure()
-        conn, err := grpc.Dial(serveraddr, requestOpts)
+        if cfg.Server.GRPCSSL == "on" {
+                h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}})
+                requestOpts = grpc.WithTransportCredentials(h2creds)
+        }
+
+	conn, err := grpc.Dial(serveraddr, requestOpts)
         if err != nil {
                 fmt.Printf("Cant dial GRPC server: %v", err)
                 return err