mirror of
https://github.com/yusing/godoxy.git
synced 2025-05-21 13:02:34 +02:00
01179adfa8
- warn instead of error when version mismatch - check for major version only - better version parsing
191 lines
4.4 KiB
Go
191 lines
4.4 KiB
Go
package agent
|
|
|
|
import (
|
|
"context"
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
"encoding/json"
|
|
"net"
|
|
"net/http"
|
|
"net/url"
|
|
"os"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/rs/zerolog"
|
|
"github.com/yusing/go-proxy/agent/pkg/certs"
|
|
"github.com/yusing/go-proxy/internal/gperr"
|
|
"github.com/yusing/go-proxy/internal/logging"
|
|
gphttp "github.com/yusing/go-proxy/internal/net/gphttp"
|
|
"github.com/yusing/go-proxy/internal/task"
|
|
"github.com/yusing/go-proxy/pkg"
|
|
)
|
|
|
|
type AgentConfig struct {
|
|
Addr string
|
|
|
|
httpClient *http.Client
|
|
tlsConfig *tls.Config
|
|
name string
|
|
l zerolog.Logger
|
|
}
|
|
|
|
const (
|
|
EndpointVersion = "/version"
|
|
EndpointName = "/name"
|
|
EndpointProxyHTTP = "/proxy/http"
|
|
EndpointHealth = "/health"
|
|
EndpointLogs = "/logs"
|
|
EndpointSystemInfo = "/system_info"
|
|
|
|
AgentHost = CertsDNSName
|
|
|
|
APIEndpointBase = "/godoxy/agent"
|
|
APIBaseURL = "https://" + AgentHost + APIEndpointBase
|
|
|
|
DockerHost = "https://" + AgentHost
|
|
|
|
FakeDockerHostPrefix = "agent://"
|
|
FakeDockerHostPrefixLen = len(FakeDockerHostPrefix)
|
|
)
|
|
|
|
func mustParseURL(urlStr string) *url.URL {
|
|
u, err := url.Parse(urlStr)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
return u
|
|
}
|
|
|
|
var (
|
|
AgentURL = mustParseURL(APIBaseURL)
|
|
HTTPProxyURL = mustParseURL(APIBaseURL + EndpointProxyHTTP)
|
|
HTTPProxyURLPrefixLen = len(APIEndpointBase + EndpointProxyHTTP)
|
|
)
|
|
|
|
func IsDockerHostAgent(dockerHost string) bool {
|
|
return strings.HasPrefix(dockerHost, FakeDockerHostPrefix)
|
|
}
|
|
|
|
func GetAgentAddrFromDockerHost(dockerHost string) string {
|
|
return dockerHost[FakeDockerHostPrefixLen:]
|
|
}
|
|
|
|
func (cfg *AgentConfig) FakeDockerHost() string {
|
|
return FakeDockerHostPrefix + cfg.Addr
|
|
}
|
|
|
|
func (cfg *AgentConfig) Parse(addr string) error {
|
|
cfg.Addr = addr
|
|
return nil
|
|
}
|
|
|
|
func (cfg *AgentConfig) StartWithCerts(parent task.Parent, ca, crt, key []byte) error {
|
|
clientCert, err := tls.X509KeyPair(crt, key)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// create tls config
|
|
caCertPool := x509.NewCertPool()
|
|
ok := caCertPool.AppendCertsFromPEM(ca)
|
|
if !ok {
|
|
return gperr.New("invalid ca certificate")
|
|
}
|
|
|
|
cfg.tlsConfig = &tls.Config{
|
|
Certificates: []tls.Certificate{clientCert},
|
|
RootCAs: caCertPool,
|
|
ServerName: CertsDNSName,
|
|
}
|
|
|
|
// create transport and http client
|
|
cfg.httpClient = cfg.NewHTTPClient()
|
|
|
|
ctx, cancel := context.WithTimeout(parent.Context(), 5*time.Second)
|
|
defer cancel()
|
|
|
|
// get agent name
|
|
name, _, err := cfg.Fetch(ctx, EndpointName)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
cfg.name = string(name)
|
|
|
|
cfg.l = logging.With().Str("agent", cfg.name).Logger()
|
|
|
|
// check agent version
|
|
agentVersionBytes, _, err := cfg.Fetch(ctx, EndpointVersion)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
agentVersion := string(agentVersionBytes)
|
|
|
|
if pkg.GetVersion().IsNewerMajorThan(pkg.ParseVersion(agentVersion)) {
|
|
logging.Warn().Msgf("agent %s major version mismatch: server: %s, agent: %s", cfg.name, pkg.GetVersion(), agentVersion)
|
|
}
|
|
|
|
logging.Info().Msgf("agent %q initialized", cfg.name)
|
|
return nil
|
|
}
|
|
|
|
func (cfg *AgentConfig) Start(parent task.Parent) gperr.Error {
|
|
filepath, ok := certs.AgentCertsFilepath(cfg.Addr)
|
|
if !ok {
|
|
return gperr.New("invalid agent host").Subject(cfg.Addr)
|
|
}
|
|
|
|
certData, err := os.ReadFile(filepath)
|
|
if err != nil {
|
|
return gperr.Wrap(err, "failed to read agent certs")
|
|
}
|
|
|
|
ca, crt, key, err := certs.ExtractCert(certData)
|
|
if err != nil {
|
|
return gperr.Wrap(err, "failed to extract agent certs")
|
|
}
|
|
|
|
return gperr.Wrap(cfg.StartWithCerts(parent, ca, crt, key))
|
|
}
|
|
|
|
func (cfg *AgentConfig) NewHTTPClient() *http.Client {
|
|
return &http.Client{
|
|
Transport: cfg.Transport(),
|
|
}
|
|
}
|
|
|
|
func (cfg *AgentConfig) Transport() *http.Transport {
|
|
return &http.Transport{
|
|
DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
|
|
if addr != AgentHost+":443" {
|
|
return nil, &net.AddrError{Err: "invalid address", Addr: addr}
|
|
}
|
|
if network != "tcp" {
|
|
return nil, &net.OpError{Op: "dial", Net: network, Source: nil, Addr: nil}
|
|
}
|
|
return cfg.DialContext(ctx)
|
|
},
|
|
TLSClientConfig: cfg.tlsConfig,
|
|
}
|
|
}
|
|
|
|
func (cfg *AgentConfig) DialContext(ctx context.Context) (net.Conn, error) {
|
|
return gphttp.DefaultDialer.DialContext(ctx, "tcp", cfg.Addr)
|
|
}
|
|
|
|
func (cfg *AgentConfig) Name() string {
|
|
return cfg.name
|
|
}
|
|
|
|
func (cfg *AgentConfig) String() string {
|
|
return cfg.name + "@" + cfg.Addr
|
|
}
|
|
|
|
func (cfg *AgentConfig) MarshalJSON() ([]byte, error) {
|
|
return json.Marshal(map[string]string{
|
|
"name": cfg.Name(),
|
|
"addr": cfg.Addr,
|
|
})
|
|
}
|