idk/reseed-tools
1
0
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: idk:v0.0.9
Branches Tags
idk:master idk:yggdrasil-direct idk:acme idk:make-a-plugin-su3 idk:one-time-links idk:docker idk:RTradeLtd-libp2p
idk:v0.3.4 idk:v0.3.3-5 idk:v0.3.3-4 idk:v0.3.3-3 idk:v0.3.3-2 idk:v0.3.3-1 idk:v0.3.3 idk:v0.3.2 idk:v0.3.1 idk:v0.3.0 idk:v0.2.34 idk:v0.2.33 idk:v0.2.32 idk:v0.2.30 idk:v0.2.13 idk:v0.2.11 idk:v0.2.10 idk:v0.2.9 idk:v0.2.8 idk:v0.2.7 idk:v0.2.6 idk:v0.2.5 idk:v0.2.4 idk:v0.2.3 idk:v0.2.2 idk:v0.2.1 idk:v0.2.0 idk:v0.1.9 idk:v0.0.9 idk:v0.0.8 idk:v0.0.7 idk:v0.0.6 idk:v0.0.5 idk:v0.0.4 idk:v0.0.3 idk:v0.0.2 idk:v0.0.1
..
compare: idk:docker
Branches Tags
idk:master idk:yggdrasil-direct idk:acme idk:make-a-plugin-su3 idk:one-time-links idk:docker idk:RTradeLtd-libp2p
idk:v0.3.4 idk:v0.3.3-5 idk:v0.3.3-4 idk:v0.3.3-3 idk:v0.3.3-2 idk:v0.3.3-1 idk:v0.3.3 idk:v0.3.2 idk:v0.3.1 idk:v0.3.0 idk:v0.2.34 idk:v0.2.33 idk:v0.2.32 idk:v0.2.30 idk:v0.2.13 idk:v0.2.11 idk:v0.2.10 idk:v0.2.9 idk:v0.2.8 idk:v0.2.7 idk:v0.2.6 idk:v0.2.5 idk:v0.2.4 idk:v0.2.3 idk:v0.2.2 idk:v0.2.1 idk:v0.2.0 idk:v0.1.9 idk:v0.0.9 idk:v0.0.8 idk:v0.0.7 idk:v0.0.6 idk:v0.0.5 idk:v0.0.4 idk:v0.0.3 idk:v0.0.2 idk:v0.0.1

2 Commits
v0.0.9 ... docker

Author SHA1 Message Date
idk
c1ee187137 Merge branch 'master' of github.com:eyedeekay/i2p-tools-1 into docker 2020-05-06 20:30:44 -04:00
idk
da30f0cb31 Trigger build 2020-05-06 20:29:46 -04:00
25 changed files with 387 additions and 1605 deletions
Expand all files Collapse all files

8
.dockerignore
View File

@@ -1,8 +0,0 @@
.idea
.git
.gitlab-ci.yml
.vscode
# CI cache folder storing docker images
ci-exports

6
.gitignore vendored
View File

@@ -5,9 +5,3 @@
i2pseeds.su3
*.pem
onion.key
tmp/
i2p-tools-*
*.crl
*.crt
*.pem
plugin

106
.gitlab-ci.yml
View File

@@ -1,106 +0,0 @@
image: docker:19.03.12
stages:
- docker_test
- docker_push
variables:
# When using dind service, we need to instruct docker to talk with
# the daemon started inside of the service. The daemon is available
# with a network connection instead of the default
# /var/run/docker.sock socket. Docker 19.03 does this automatically
# by setting the DOCKER_HOST in
# https://github.com/docker-library/docker/blob/d45051476babc297257df490d22cbd806f1b11e4/19.03/docker-entrypoint.sh#L23-L29
#
# The 'docker' hostname is the alias of the service container as described at
# https://docs.gitlab.com/ee/ci/docker/using_docker_images.html#accessing-the-services.
#
# Specify to Docker where to create the certificates, Docker will
# create them automatically on boot, and will create
# `/certs/client` that will be shared between the service and job
# container, thanks to volume mount from config.toml
DOCKER_TLS_CERTDIR: "/certs"
# Use TLS https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#tls-enabled
DOCKER_HOST: tcp://docker:2376
services:
- docker:19.03.12-dind
.docker_cache:
cache:
# The same key should be used across branches
key: "$CI_COMMIT_REF_SLUG"
paths:
- ci-exports/*.tar
# Make sure we can build a docker image
# It's cached for later jobs
build_docker:
extends:
- .docker_cache
stage: docker_test
script:
# Try to load latest branch image from local tar or from registry
- docker load ci-exports/$CI_COMMIT_REF_SLUG.tar || docker pull $CI_REGISTRY_IMAGE:latest || true
- docker build --cache-from $CI_REGISTRY_IMAGE:latest --tag $CI_REGISTRY_IMAGE:latest .
- mkdir -p ci-exports/
- docker save $CI_REGISTRY_IMAGE:latest > ci-exports/$CI_COMMIT_REF_SLUG.tar
# Publishes the configured CI registry (by default that's gitlab's registry)
push_ci_registry:
extends:
- .docker_cache
stage: docker_push
cache:
policy: pull
before_script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
script:
- cat ci-exports/$CI_COMMIT_REF_SLUG.tar | docker load
- docker tag $CI_REGISTRY_IMAGE:latest $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
- docker push $CI_REGISTRY_IMAGE:latest
only:
refs:
# Make sure to protect these tags!
- /^v(\d+\.){2,3}\d+$/
- /.+-release$/
variables:
- $CI_REGISTRY
- $CI_REGISTRY_USER
- $CI_REGISTRY_PASSWORD
- $CI_REGISTRY_IMAGE
# Publishes the cached image to docker
push_dockerhub_registry:
extends:
- .docker_cache
stage: docker_push
cache:
policy: pull
before_script:
- docker login -u $DOCKERHUB_REGISTRY_USER -p $DOCKERHUB_REGISTRY_PASSWORD $DOCKERHUB_REGISTRY
script:
- cat ci-exports/$CI_COMMIT_REF_SLUG.tar | docker load
- docker tag $CI_REGISTRY_IMAGE:latest $DOCKERHUB_REGISTRY_IMAGE:$CI_COMMIT_TAG
- docker tag $CI_REGISTRY_IMAGE:latest $DOCKERHUB_REGISTRY_IMAGE:latest
- docker push $DOCKERHUB_REGISTRY_IMAGE:$CI_COMMIT_TAG
- docker push $DOCKERHUB_REGISTRY_IMAGE:latest
# Push the readme to dockerhub
- >-
docker run -v $PWD:/workspace
-e DOCKERHUB_USERNAME="$DOCKERHUB_REGISTRY_USER"
-e DOCKERHUB_PASSWORD="$DOCKERHUB_REGISTRY_PASSWORD"
-e DOCKERHUB_REPOSITORY="$DOCKERHUB_REGISTRY_IMAGE"
-e README_FILEPATH='/workspace/README.md'
peterevans/dockerhub-description:2
only:
refs:
# Make sure to protect these tags!
- /^v(\d+\.){2,3}\d+$/
- /.+-release$/
variables:
- $DOCKERHUB_REGISTRY
- $DOCKERHUB_REGISTRY_USER
- $DOCKERHUB_REGISTRY_PASSWORD
- $DOCKERHUB_REGISTRY_IMAGE

2
CHANGELOG.md
View File

@@ -31,4 +31,4 @@
* numRi per su3 file: 75 --> 77
2016-01
* fork from https://i2pgit.org/idk/reseed-tools
* fork from https://github.com/MDrollette/i2p-tools

6
Dockerfile
View File

@@ -1,8 +1,8 @@
FROM debian:stable-backports
ARG I2P_GID=1000
ARG I2P_UID=1000
COPY . /var/lib/i2p/go/src/i2pgit.org/idk/reseed-tools
WORKDIR /var/lib/i2p/go/src/i2pgit.org/idk/reseed-tools
COPY . /var/lib/i2p/go/src/github.com/eyedeekay/i2p-tools-1
WORKDIR /var/lib/i2p/go/src/github.com/eyedeekay/i2p-tools-1
RUN apt-get update && \
apt-get dist-upgrade -y && \
apt-get install -y git golang-1.13-go make && \
@@ -11,4 +11,4 @@ RUN apt-get update && \
RUN /usr/lib/go-1.13/bin/go build -v -tags netgo -ldflags '-w -extldflags "-static"'
USER $I2P_UID
WORKDIR /var/lib/i2p/i2p-config/reseed
ENTRYPOINT [ "/var/lib/i2p/go/src/i2pgit.org/idk/reseed-tools/entrypoint.sh" ]
ENTRYPOINT [ "/var/lib/i2p/go/src/github.com/eyedeekay/i2p-tools-1/i2p-tools-1", "reseed", "--yes=true", "--netdb=/var/lib/i2p/i2p-config/netDb" ]

93
Makefile
View File

@@ -1,6 +1,6 @@
VERSION=0.0.9
APP=reseed-tools
VERSION=0.0.3
APP=i2p-tools-1
USER_GH=eyedeekay
GOOS?=$(shell uname -s | tr A-Z a-z)
@@ -8,14 +8,12 @@ GOARCH?="amd64"
ARG=-v -tags netgo -ldflags '-w -extldflags "-static"'
#MIN_GO_VERSION=`ls /usr/lib/go-1.14 2>/dev/null >/dev/null && echo 1.14`
MIN_GO_VERSION?=1.15
MIN_GO_VERSION=`ls /usr/lib/go-1.14 2>/dev/null >/dev/null && echo 1.14`
MIN_GO_VERSION?=1.13
I2P_UID=$(shell id -u i2psvc)
I2P_GID=$(shell id -g i2psvc)
WHOAMI=$(shell whoami)
echo:
@echo "type make version to do release $(APP) $(VERSION) $(GOOS) $(GOARCH) $(MIN_GO_VERSION) $(I2P_UID) $(I2P_GID)"
@@ -26,13 +24,13 @@ edit:
cat README.md | gothub edit -s $(GITHUB_TOKEN) -u $(USER_GH) -r $(APP) -t v$(VERSION) -d -
upload: binary tar
gothub upload -s $(GITHUB_TOKEN) -u $(USER_GH) -r $(APP) -t v$(VERSION) -f ../reseed-tools.tar.xz -n "reseed-tools.tar.xz"
gothub upload -s $(GITHUB_TOKEN) -u $(USER_GH) -r $(APP) -t v$(VERSION) -f ../i2p-tools.tar.xz -n "i2p-tools.tar.xz"
build: gofmt
/usr/lib/go-$(MIN_GO_VERSION)/bin/go build $(ARG) -o reseed-tools-$(GOOS)-$(GOARCH)
/usr/lib/go-$(MIN_GO_VERSION)/bin/go build $(ARG) -o i2p-tools-$(GOOS)-$(GOARCH)
clean:
rm reseed-tools-* *.key *.i2pKeys *.crt *.crl *.pem tmp -rfv
rm i2p-tools-* *.key *.i2pKeys *.crt *.crl *.pem tmp -rf
binary:
GOOS=darwin GOARCH=amd64 make build
@@ -43,13 +41,12 @@ binary:
GOOS=openbsd GOARCH=amd64 make build
GOOS=freebsd GOARCH=386 make build
GOOS=freebsd GOARCH=amd64 make build
GOOS=windows GOARCH=amd64 make build
tar:
tar --exclude="./.git" --exclude="./tmp" -cvf ../reseed-tools.tar.xz .
tar --exclude="./.git" --exclude="./tmp" -cvf ../i2p-tools.tar.xz .
install:
install -m755 reseed-tools-$(GOOS)-$(GOARCH) /usr/local/bin/reseed-tools
install -m755 i2p-tools-$(GOOS)-$(GOARCH) /usr/local/bin/i2p-tools
install -m755 etc/init.d/reseed /etc/init.d/reseed
### You shouldn't need to use these now that the go mod require rule is fixed,
@@ -57,18 +54,18 @@ install:
## versions behaved the same way. -idk
build-fork:
/usr/lib/go-$(MIN_GO_VERSION)/bin/go build -o reseed-tools-idk
/usr/lib/go-$(MIN_GO_VERSION)/bin/go build -o i2p-tools-idk
build-unfork:
/usr/lib/go-$(MIN_GO_VERSION)/bin/go build -o reseed-tools-md
/usr/lib/go-$(MIN_GO_VERSION)/bin/go build -o i2p-tools-md
fork:
sed -i 's|idk/reseed-tools|idk/reseed-tools|g' main.go cmd/*.go reseed/*.go su3/*.go
sed -i 's|MDrollette/i2p-tools|eyedeekay/i2p-tools-1|g' main.go cmd/*.go reseed/*.go su3/*.go
make gofmt build-fork
unfork:
sed -i 's|idk/reseed-tools|idk/reseed-tools|g' main.go cmd/*.go reseed/*.go su3/*.go
sed -i 's|RTradeLtd/reseed-tools|idk/reseed-tools|g' main.go cmd/*.go reseed/*.go su3/*.go
sed -i 's|eyedeekay/i2p-tools-1|MDrollette/i2p-tools|g' main.go cmd/*.go reseed/*.go su3/*.go
sed -i 's|RTradeLtd/i2p-tools-1|MDrollette/i2p-tools|g' main.go cmd/*.go reseed/*.go su3/*.go
make gofmt build-unfork
gofmt:
@@ -77,12 +74,12 @@ gofmt:
try:
mkdir -p tmp && \
cd tmp && \
../reseed-tools-$(GOOS)-$(GOARCH) reseed --signer=you@mail.i2p --netdb=/home/idk/.i2p/netDb --tlsHost=your-domain.tld --onion --p2p --i2p --littleboss=start
../i2p-tools-$(GOOS)-$(GOARCH) reseed --signer=you@mail.i2p --netdb=/home/idk/.i2p/netDb --tlsHost=your-domain.tld --onion --p2p --i2p --littleboss=start
stop:
mkdir -p tmp && \
cd tmp && \
../reseed-tools-$(GOOS)-$(GOARCH) reseed --signer=you@mail.i2p --netdb=/home/idk/.i2p/netDb --tlsHost=your-domain.tld --onion --p2p --i2p --littleboss=stop
../i2p-tools-$(GOOS)-$(GOARCH) reseed --signer=you@mail.i2p --netdb=/home/idk/.i2p/netDb --tlsHost=your-domain.tld --onion --p2p --i2p --littleboss=stop
docker:
docker build -t eyedeekay/reseed .
@@ -110,70 +107,18 @@ docker-server:
--publish 8443:8443 \
--restart=always \
--volume /var/lib/i2p/i2p-config/netDb:/var/lib/i2p/i2p-config/netDb:z \
--volume reseed-keys:/var/lib/i2p/i2p-config/reseed \
--volume /var/lib/i2p/i2p-config/reseed-keys:/var/lib/i2p/i2p-config/reseed \
eyedeekay/reseed \
--signer=hankhill19580@gmail.com
docker logs -f reseed
docker-run:
docker run -itd \
docker run --rm -itd \
--name reseed \
--user $(I2P_UID) \
--group-add $(I2P_GID) \
--publish 8443:8443 \
--volume /var/lib/i2p/i2p-config/netDb:/var/lib/i2p/i2p-config/netDb:z \
--volume reseed-keys:/var/lib/i2p/i2p-config/reseed \
--volume /var/lib/i2p/i2p-config/reseed-keys:/var/lib/i2p/i2p-config/reseed \
eyedeekay/reseed \
--signer=hankhill19580@gmail.com
docker-homerun:
docker run -itd \
--name reseed \
--user 1000 \
--group-add 1000 \
--publish 8443:8443 \
--volume $(HOME)/i2p/netDb:/var/lib/i2p/i2p-config/netDb:z \
--volume reseed-keys:/var/lib/i2p/i2p-config/reseed:z \
eyedeekay/reseed \
--signer=hankhill19580@gmail.com
export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64/jre/
export CGO_CFLAGS=-I/usr/lib/jvm/java-8-openjdk-amd64/include/ -I/usr/lib/jvm/java-8-openjdk-amd64/include/linux/
gojava:
go get -u -v github.com/sridharv/gojava
cp -v ~/go/bin/gojava ./gojava
jar: gojava
echo $(JAVA_HOME)
./gojava -v -o reseed.jar -s . build ./reseed
plugins: binary
GOOS=darwin GOARCH=amd64 make su3s
GOOS=linux GOARCH=386 make su3s
GOOS=linux GOARCH=amd64 make su3s
GOOS=linux GOARCH=arm make su3s
GOOS=linux GOARCH=arm64 make su3s
GOOS=openbsd GOARCH=amd64 make su3s
GOOS=freebsd GOARCH=386 make su3s
GOOS=freebsd GOARCH=amd64 make su3s
GOOS=windows GOARCH=amd64 make su3s
su3s:
i2p.plugin.native -name=reseed-tools-$(GOOS)-$(GOARCH) \
-signer=hankhill19580@gmail.com \
-version "$(VERSION)" \
-author=hankhill19580@gmail.com \
-autostart=true \
-clientname=reseed-tools-$(GOOS)-$(GOARCH) \
-command="\$$PLUGIN/lib/reseed-tools-$(GOOS)-$(GOARCH)s -dir=\$$PLUGIN/lib reseed --signer=you@mail.i2p --netdb=\$$CONFIG/netDb --onion --i2p" \
-consolename="Reseed Tools" \
-delaystart="200" \
-desc="Reseed Tools Plugin" \
-exename=reseed-tools-$(GOOS)-$(GOARCH) \
-targetos="$(GOOS)" \
-license=MIT
unzip -o reseed-tools-$(GOOS)-$(GOARCH).zip -d reseed-tools-$(GOOS)-$(GOARCH)-zip
#export sumbblinux=`sha256sum "../reseed-tools-linux.su3"`
#export sumbbwindows=`sha256sum "../reseed-tools-windows.su3"`

49
README.md
View File

@@ -1,16 +1,15 @@
I2P Reseed Tools
==================
This tool provides a secure and efficient reseed server for the I2P network. There are several utility commands to
create, sign, and validate SU3 files. Please note that this requires at least Go version 1.13, and uses Go Modules.
This tool provides a secure and efficient reseed server for the I2P network. There are several utility commands to create, sign, and validate SU3 files.
## Installation
If you have go installed you can download, build, and install this tool with `go get`
```
go get i2pgit.org/idk/reseed-tools
reseed-tools -h
go get github.com/MDrollette/i2p-tools
i2p-tools -h
```
## Usage
@@ -25,8 +24,8 @@ and group inside the container as I2P.
When you run a reseed under Docker in this fashion, it will automatically
generate a self-signed certificate for your reseed server in a Docker volume
mamed reseed-keys. *Back up this directory*, if it is lost it is impossible
to reproduce.
under your I2P directory. *Back up this directory*, if it is lost it is
impossible to reproduce.
Please note that Docker is not currently compatible with .onion reseeds unless
you pass the --network=host tag.
@@ -38,7 +37,7 @@ you pass the --network=host tag.
--publish 443:8443 \
--restart always \
--volume $HOME/.i2p/netDb:$HOME/.i2p/netDb:z \
--volume reseed-keys:/var/lib/i2p/i2p-config/reseed \
--volume $HOME/i2p/reseed-keys:/var/lib/i2p/i2p-config/reseed \
eyedeekay/reseed \
--signer $YOUR_EMAIL_HERE
@@ -51,7 +50,7 @@ you pass the --network=host tag.
--publish 443:8443 \
--restart always \
--volume /PATH/TO/USER/I2P/HERE/netDb:/var/lib/i2p/i2p-config/netDb:z \
--volume reseed-keys:/var/lib/i2p/i2p-config/reseed \
--volume /PATH/TO/USER/I2P/HERE/reseed-keys:/var/lib/i2p/i2p-config/reseed \
eyedeekay/reseed \
--signer $YOUR_EMAIL_HERE
@@ -69,20 +68,20 @@ work for you. In that case, just copy-and-paste:
--publish 443:8443 \
--restart always \
--volume /var/lib/i2p/i2p-config/netDb:/var/lib/i2p/i2p-config/netDb:z \
--volume reseed-keys:/var/lib/i2p/i2p-config/reseed \
--volume /var/lib/i2p/i2p-config/reseed-keys:/var/lib/i2p/i2p-config/reseed \
eyedeekay/reseed \
--signer $YOUR_EMAIL_HERE
### Locally behind a webserver (reverse proxy setup), preferred:
```
reseed-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --port=8443 --ip=127.0.0.1 --trustProxy
i2p-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --port=8443 --ip=127.0.0.1 --trustProxy
```
### Without a webserver, standalone with TLS support
```
reseed-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --tlsHost=your-domain.tld
i2p-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --tlsHost=your-domain.tld
```
If this is your first time running a reseed server (ie. you don't have any existing keys),
@@ -97,61 +96,61 @@ http://j7xszhsjy7orrnbdys7yykrssv5imkn4eid7n5ikcnxuhpaaw6cq.b32.i2p/
also a short guide and complete tech info.
## Experimental, currently only available from idk/reseed-tools fork
## Experimental, currently only available from eyedeekay/i2p-tools-1 fork
Requires ```go mod``` and at least go 1.13. To build the idk/reseed-tools
Requires ```go mod``` and at least go 1.13. To build the eyedeekay/i2p-tools-1
fork, from anywhere:
git clone https://i2pgit.org/idk/reseed-tools
cd reseed-tools
git clone https://github.com/eyedeekay/i2p-tools-1
cd i2p-tools-1
make build
### Without a webserver, standalone, self-supervising(Automatic restarts)
```
./reseed-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --littleboss=start
./i2p-tools-1 reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --restart=start
```
### Without a webserver, standalone, automatic OnionV3 with TLS support
```
./reseed-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --onion --i2p --p2p
./i2p-tools-1 reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --onion --i2p --p2p
```
### Without a webserver, standalone, serve P2P with LibP2P
```
./reseed-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --p2p
./i2p-tools-1 reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --p2p
```
### Without a webserver, standalone, upload a single signed .su3 to github
* This one isn't working yet, I'll get to it eventually, I've got a cooler idea now.
* This one isn't working yet, look for it by ~Monday.
```
./reseed-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --github --ghrepo=reseed-tools --ghuser=eyedeekay
./i2p-tools-1 reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --github --ghrepo=i2p-tools-1 --ghuser=eyedeekay
```
### Without a webserver, standalone, in-network reseed
```
./reseed-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --i2p
./i2p-tools-1 reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --i2p
```
### Without a webserver, standalone, Regular TLS, OnionV3 with TLS
```
./reseed-tools reseed --tlsHost=your-domain.tld --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --onion
./i2p-tools-1 reseed --tlsHost=your-domain.tld --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --onion
```
### Without a webserver, standalone, Regular TLS, OnionV3 with TLS, and LibP2P
```
./reseed-tools reseed --tlsHost=your-domain.tld --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --onion --p2p
./i2p-tools-1 reseed --tlsHost=your-domain.tld --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --onion --p2p
```
### Without a webserver, standalone, Regular TLS, OnionV3 with TLS, I2P In-Network reseed, and LibP2P, self-supervising
```
./reseed-tools reseed --tlsHost=your-domain.tld --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --onion --p2p --littleboss=start
```
./i2p-tools-1 reseed --tlsHost=your-domain.tld --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --onion --p2p --restart=start
```

2
cmd/keygen.go
View File

@@ -3,7 +3,7 @@ package cmd
import (
"fmt"
"github.com/urfave/cli"
"github.com/codegangsta/cli"
)
func NewKeygenCommand() cli.Command {

96
cmd/reseed.go
View File

@@ -13,6 +13,8 @@ import (
"time"
//"crawshaw.io/littleboss"
"github.com/MDrollette/i2p-tools/reseed"
"github.com/codegangsta/cli"
"github.com/cretz/bine/tor"
"github.com/cretz/bine/torutil"
"github.com/cretz/bine/torutil/ed25519"
@@ -20,8 +22,6 @@ import (
"github.com/eyedeekay/sam3/i2pkeys"
"github.com/libp2p/go-libp2p"
"github.com/libp2p/go-libp2p-core/host"
"github.com/urfave/cli"
"i2pgit.org/idk/reseed-tools/reseed"
)
func NewReseedCommand() cli.Command {
@@ -133,15 +133,6 @@ func NewReseedCommand() cli.Command {
Value: "start",
Usage: "Self-Supervise this application",
},
cli.BoolFlag{
Name: "acme",
Usage: "Automatically generate a TLS certificate with the ACME protocol, defaults to Let's Encrypt",
},
cli.StringFlag{
Name: "acmeserver",
Value: "https://acme-staging-v02.api.letsencrypt.org/directory",
Usage: "Use this server to issue a certificate with the ACME protocol",
},
},
}
}
@@ -217,53 +208,13 @@ func reseedAction(c *cli.Context) {
var i2pTlsCert, i2pTlsKey string
var i2pkey i2pkeys.I2PKeys
if tlsHost != "" {
onionTlsHost = tlsHost
i2pTlsHost = tlsHost
tlsKey = c.String("tlsKey")
// if no key is specified, default to the host.pem in the current dir
if tlsKey == "" {
tlsKey = tlsHost + ".pem"
onionTlsKey = tlsHost + ".pem"
i2pTlsKey = tlsHost + ".pem"
}
tlsCert = c.String("tlsCert")
// if no certificate is specified, default to the host.crt in the current dir
if tlsCert == "" {
tlsCert = tlsHost + ".crt"
onionTlsCert = tlsHost + ".crt"
i2pTlsCert = tlsHost + ".crt"
}
// prompt to create tls keys if they don't exist?
auto := c.Bool("yes")
// use ACME?
acme := c.Bool("acme")
if acme {
acmeserver := c.String("acmeserver")
err := checkUseAcmeCert(tlsHost, signerID, acmeserver, &tlsCert, &tlsKey, auto)
if nil != err {
log.Fatalln(err)
}
} else {
err := checkOrNewTLSCert(tlsHost, &tlsCert, &tlsKey, auto)
if nil != err {
log.Fatalln(err)
}
}
}
if c.Bool("i2p") {
var err error
i2pkey, err = LoadKeys("reseed.i2pkeys", c)
if err != nil {
log.Fatalln(err)
}
if i2pTlsHost == "" {
i2pTlsHost = i2pkey.Addr().Base32()
}
i2pTlsHost = i2pkey.Addr().Base32()
if i2pTlsHost != "" {
// if no key is specified, default to the host.pem in the current dir
if i2pTlsKey == "" {
@@ -276,7 +227,7 @@ func reseedAction(c *cli.Context) {
}
// prompt to create tls keys if they don't exist?
auto := c.Bool("yes")
auto := c.Bool("yes")
err := checkOrNewTLSCert(i2pTlsHost, &i2pTlsCert, &i2pTlsKey, auto)
if nil != err {
log.Fatalln(err)
@@ -299,9 +250,7 @@ func reseedAction(c *cli.Context) {
}
ok = []byte(key.PrivateKey())
}
if onionTlsHost == "" {
onionTlsHost = torutil.OnionServiceIDFromPrivateKey(ed25519.PrivateKey(ok)) + ".onion"
}
onionTlsHost = torutil.OnionServiceIDFromPrivateKey(ed25519.PrivateKey(ok)) + ".onion"
err = ioutil.WriteFile(c.String("onionKey"), ok, 0644)
if err != nil {
log.Fatalln(err.Error())
@@ -318,7 +267,7 @@ func reseedAction(c *cli.Context) {
}
// prompt to create tls keys if they don't exist?
auto := c.Bool("yes")
auto := c.Bool("yes")
err := checkOrNewTLSCert(onionTlsHost, &onionTlsCert, &onionTlsKey, auto)
if nil != err {
log.Fatalln(err)
@@ -326,6 +275,27 @@ func reseedAction(c *cli.Context) {
}
}
if tlsHost != "" {
tlsKey = c.String("tlsKey")
// if no key is specified, default to the host.pem in the current dir
if tlsKey == "" {
tlsKey = tlsHost + ".pem"
}
tlsCert = c.String("tlsCert")
// if no certificate is specified, default to the host.crt in the current dir
if tlsCert == "" {
tlsCert = tlsHost + ".crt"
}
// prompt to create tls keys if they don't exist?
auto := c.Bool("yes")
err := checkOrNewTLSCert(tlsHost, &tlsCert, &tlsKey, auto)
if nil != err {
log.Fatalln(err)
}
}
reloadIntvl, err := time.ParseDuration(c.String("interval"))
if nil != err {
fmt.Printf("'%s' is not a valid time interval.\n", reloadIntvl)
@@ -339,7 +309,7 @@ func reseedAction(c *cli.Context) {
}
// load our signing privKey
auto := c.Bool("yes")
auto := c.Bool("yes")
privKey, err := getOrNewSigningCert(&signerKey, signerID, auto)
if nil != err {
log.Fatalln(err)
@@ -392,7 +362,7 @@ func reseedAction(c *cli.Context) {
}
}
func reseedHTTPS(c *cli.Context, tlsCert, tlsKey string, reseeder *reseed.ReseederImpl) {
func reseedHTTPS(c *cli.Context, tlsCert, tlsKey string, reseeder reseed.Reseeder) {
server := reseed.NewServer(c.String("prefix"), c.Bool("trustProxy"))
server.Reseeder = reseeder
server.Addr = net.JoinHostPort(c.String("ip"), c.String("port"))
@@ -421,7 +391,7 @@ func reseedHTTPS(c *cli.Context, tlsCert, tlsKey string, reseeder *reseed.Reseed
}
}
func reseedHTTP(c *cli.Context, reseeder *reseed.ReseederImpl) {
func reseedHTTP(c *cli.Context, reseeder reseed.Reseeder) {
server := reseed.NewServer(c.String("prefix"), c.Bool("trustProxy"))
server.Reseeder = reseeder
server.Addr = net.JoinHostPort(c.String("ip"), c.String("port"))
@@ -458,7 +428,7 @@ func makeRandomHost(port int) (host.Host, error) {
return host, nil
}
func reseedP2P(c *cli.Context, reseeder *reseed.ReseederImpl) {
func reseedP2P(c *cli.Context, reseeder reseed.Reseeder) {
server := reseed.NewServer(c.String("prefix"), c.Bool("trustProxy"))
server.Reseeder = reseeder
server.Addr = net.JoinHostPort(c.String("ip"), c.String("port"))
@@ -496,7 +466,7 @@ func reseedP2P(c *cli.Context, reseeder *reseed.ReseederImpl) {
}
}
func reseedOnion(c *cli.Context, onionTlsCert, onionTlsKey string, reseeder *reseed.ReseederImpl) {
func reseedOnion(c *cli.Context, onionTlsCert, onionTlsKey string, reseeder reseed.Reseeder) {
server := reseed.NewServer(c.String("prefix"), c.Bool("trustProxy"))
server.Reseeder = reseeder
server.Addr = net.JoinHostPort(c.String("ip"), c.String("port"))
@@ -571,7 +541,7 @@ func reseedOnion(c *cli.Context, onionTlsCert, onionTlsKey string, reseeder *res
log.Printf("Onion server started on %s\n", server.Addr)
}
func reseedI2P(c *cli.Context, i2pTlsCert, i2pTlsKey string, i2pIdentKey i2pkeys.I2PKeys, reseeder *reseed.ReseederImpl) {
func reseedI2P(c *cli.Context, i2pTlsCert, i2pTlsKey string, i2pIdentKey i2pkeys.I2PKeys, reseeder reseed.Reseeder) {
server := reseed.NewServer(c.String("prefix"), c.Bool("trustProxy"))
server.Reseeder = reseeder
server.Addr = net.JoinHostPort(c.String("ip"), c.String("port"))

206
cmd/utils.go
View File

@@ -2,12 +2,10 @@ package cmd
import (
"bufio"
"crypto"
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/rsa"
"crypto/tls"
"crypto/x509"
"crypto/x509/pkix"
"encoding/asn1"
@@ -18,15 +16,8 @@ import (
"strings"
"time"
"i2pgit.org/idk/reseed-tools/reseed"
"i2pgit.org/idk/reseed-tools/su3"
"github.com/go-acme/lego/v4/certcrypto"
"github.com/go-acme/lego/v4/certificate"
"github.com/go-acme/lego/v4/challenge/http01"
"github.com/go-acme/lego/v4/challenge/tlsalpn01"
"github.com/go-acme/lego/v4/lego"
"github.com/go-acme/lego/v4/registration"
"github.com/MDrollette/i2p-tools/reseed"
"github.com/MDrollette/i2p-tools/su3"
)
func loadPrivateKey(path string) (*rsa.PrivateKey, error) {
@@ -44,24 +35,6 @@ func loadPrivateKey(path string) (*rsa.PrivateKey, error) {
return privKey, nil
}
// Taken directly from the lego example, since we need very minimal support
// https://go-acme.github.io/lego/usage/library/
type MyUser struct {
Email string
Registration *registration.Resource
key crypto.PrivateKey
}
func (u *MyUser) GetEmail() string {
return u.Email
}
func (u MyUser) GetRegistration() *registration.Resource {
return u.Registration
}
func (u *MyUser) GetPrivateKey() crypto.PrivateKey {
return u.key
}
func signerFile(signerID string) string {
return strings.Replace(signerID, "@", "_at_", 1)
}
@@ -69,14 +42,14 @@ func signerFile(signerID string) string {
func getOrNewSigningCert(signerKey *string, signerID string, auto bool) (*rsa.PrivateKey, error) {
if _, err := os.Stat(*signerKey); nil != err {
fmt.Printf("Unable to read signing key '%s'\n", *signerKey)
if !auto {
fmt.Printf("Would you like to generate a new signing key for %s? (y or n): ", signerID)
reader := bufio.NewReader(os.Stdin)
input, _ := reader.ReadString('\n')
if []byte(input)[0] != 'y' {
return nil, fmt.Errorf("A signing key is required")
}
if !auto {
fmt.Printf("Would you like to generate a new signing key for %s? (y or n): ", signerID)
reader := bufio.NewReader(os.Stdin)
input, _ := reader.ReadString('\n')
if []byte(input)[0] != 'y' {
return nil, fmt.Errorf("A signing key is required")
}
}
if err := createSigningCertificate(signerID); nil != err {
return nil, err
}
@@ -87,165 +60,6 @@ func getOrNewSigningCert(signerKey *string, signerID string, auto bool) (*rsa.Pr
return loadPrivateKey(*signerKey)
}
func checkUseAcmeCert(tlsHost, signer, cadirurl string, tlsCert, tlsKey *string, auto bool) error {
_, certErr := os.Stat(*tlsCert)
_, keyErr := os.Stat(*tlsKey)
if certErr != nil || keyErr != nil {
if certErr != nil {
fmt.Printf("Unable to read TLS certificate '%s'\n", *tlsCert)
}
if keyErr != nil {
fmt.Printf("Unable to read TLS key '%s'\n", *tlsKey)
}
if !auto {
fmt.Printf("Would you like to generate a new certificate with Let's Encrypt or a custom ACME server? '%s'? (y or n): ", tlsHost)
reader := bufio.NewReader(os.Stdin)
input, _ := reader.ReadString('\n')
if []byte(input)[0] != 'y' {
fmt.Println("Continuing without TLS")
return nil
}
}
} else {
TLSConfig := &tls.Config{}
TLSConfig.NextProtos = []string{"http/1.1"}
TLSConfig.Certificates = make([]tls.Certificate, 1)
var err error
TLSConfig.Certificates[0], err = tls.LoadX509KeyPair(*tlsCert, *tlsKey)
if err != nil {
return err
}
if time.Now().Sub(TLSConfig.Certificates[0].Leaf.NotAfter) < (time.Hour * 48) {
ecder, err := ioutil.ReadFile(tlsHost + signer + ".acme.key")
if err != nil {
return err
}
privateKey, err := x509.ParseECPrivateKey(ecder)
if err != nil {
return err
}
user := MyUser{
Email: signer,
key: privateKey,
}
config := lego.NewConfig(&user)
config.CADirURL = cadirurl
config.Certificate.KeyType = certcrypto.RSA2048
client, err := lego.NewClient(config)
if err != nil {
return err
}
renewAcmeIssuedCert(client, user, tlsHost, tlsCert, tlsKey)
} else {
return nil
}
}
privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
return err
}
ecder, err := x509.MarshalECPrivateKey(privateKey)
if err != nil {
return err
}
filename := tlsHost + signer + ".acme.key"
keypem, err := os.OpenFile(filename, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
if err != nil {
return err
}
defer keypem.Close()
err = pem.Encode(keypem, &pem.Block{Type: "EC PRIVATE KEY", Bytes: ecder})
if err != nil {
return err
}
user := MyUser{
Email: signer,
key: privateKey,
}
config := lego.NewConfig(&user)
config.CADirURL = cadirurl
config.Certificate.KeyType = certcrypto.RSA2048
client, err := lego.NewClient(config)
if err != nil {
return err
}
return newAcmeIssuedCert(client, user, tlsHost, tlsCert, tlsKey)
}
func renewAcmeIssuedCert(client *lego.Client, user MyUser, tlsHost string, tlsCert, tlsKey *string) error {
var err error
err = client.Challenge.SetHTTP01Provider(http01.NewProviderServer("", "8000"))
if err != nil {
return err
}
err = client.Challenge.SetTLSALPN01Provider(tlsalpn01.NewProviderServer("", "8443"))
if err != nil {
return err
}
// New users will need to register
if user.Registration, err = client.Registration.QueryRegistration(); err != nil {
reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
if err != nil {
return err
}
user.Registration = reg
}
resource, err := client.Certificate.Get(tlsHost, true)
if err != nil {
return err
}
certificates, err := client.Certificate.Renew(*resource, true, false, "")
if err != nil {
return err
}
ioutil.WriteFile(tlsHost+".pem", certificates.PrivateKey, 0600)
ioutil.WriteFile(tlsHost+".crt", certificates.Certificate, 0600)
// ioutil.WriteFile(tlsHost+".crl", certificates.PrivateKey, 0600)
*tlsCert = tlsHost + ".crt"
*tlsKey = tlsHost + ".pem"
return nil
}
func newAcmeIssuedCert(client *lego.Client, user MyUser, tlsHost string, tlsCert, tlsKey *string) error {
var err error
err = client.Challenge.SetHTTP01Provider(http01.NewProviderServer("", "8000"))
if err != nil {
return err
}
err = client.Challenge.SetTLSALPN01Provider(tlsalpn01.NewProviderServer("", "8443"))
if err != nil {
return err
}
// New users will need to register
if user.Registration, err = client.Registration.QueryRegistration(); err != nil {
reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
if err != nil {
return err
}
user.Registration = reg
}
request := certificate.ObtainRequest{
Domains: []string{tlsHost},
Bundle: true,
}
certificates, err := client.Certificate.Obtain(request)
if err != nil {
return err
}
ioutil.WriteFile(tlsHost+".pem", certificates.PrivateKey, 0600)
ioutil.WriteFile(tlsHost+".crt", certificates.Certificate, 0600)
// ioutil.WriteFile(tlsHost+".crl", certificates.PrivateKey, 0600)
*tlsCert = tlsHost + ".crt"
*tlsKey = tlsHost + ".pem"
return nil
}
func checkOrNewTLSCert(tlsHost string, tlsCert, tlsKey *string, auto bool) error {
_, certErr := os.Stat(*tlsCert)
_, keyErr := os.Stat(*tlsKey)
@@ -257,7 +71,7 @@ func checkOrNewTLSCert(tlsHost string, tlsCert, tlsKey *string, auto bool) error
fmt.Printf("Unable to read TLS key '%s'\n", *tlsKey)
}
if !auto {
if auto {
fmt.Printf("Would you like to generate a new self-signed certificate for '%s'? (y or n): ", tlsHost)
reader := bufio.NewReader(os.Stdin)
input, _ := reader.ReadString('\n')

6
cmd/verify.go
View File

@@ -4,9 +4,9 @@ import (
"fmt"
"io/ioutil"
"github.com/urfave/cli"
"i2pgit.org/idk/reseed-tools/reseed"
"i2pgit.org/idk/reseed-tools/su3"
"github.com/MDrollette/i2p-tools/reseed"
"github.com/MDrollette/i2p-tools/su3"
"github.com/codegangsta/cli"
)
func NewSu3VerifyCommand() cli.Command {

BIN
content/images/reseed.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 198 KiB

10
content/index.html
View File

@@ -1,10 +0,0 @@
<h1 id="you-have-found-an-i2p-reseed">You have found an I2P Reseed</h1>
<p>Maybe it was by accident, or maybe you visited the URL because you saw it in the software somewhere. While weve got your attention, were going to take this opportunity to tell you a little about what we do here. I2P is a peer-to-peer network which uses “Garlic Routing” to maintain privacy. Reseed nodes help you get connected to I2P for the first time, and even though you should only have to use them once in a great while, they are very important services.</p>
<h2 id="to-learn-more-about-i2p-visit"><a href="https://geti2p.net">To learn more about I2P, visit</a></h2>
<p><a href="https://geti2p.net"><img src="images/reseed.png" alt="Help reseed" /></a></p>
<ul>
<li><a href="https://geti2p.net/en/docs/reseed">Learn more about reseeds here:</a></li>
<li><a href="https://geti2p.net/en/get-involved/guides/reseed">Learn how to run a reseed here:</a></li>
<li><a href="https://i2pgit.org/idk/reseed-tools">Read the reseed server code and learn about more reseed options here:</a></li>
</ul>
<p>Here on purpose? Heres a one-time link to a reseed bundle for you.</p>

18
content/lang/en/homepage.md
View File

@@ -1,18 +0,0 @@
You have found an I2P Reseed
============================
Maybe it was by accident, or maybe you visited the URL because you saw it in the software somewhere. While we've got
your attention, we're going to take this opportunity to tell you a little about what we do here. I2P is a peer-to-peer
network which uses "Garlic Routing" to maintain privacy. Reseed nodes help you get connected to I2P for the first time,
and even though you should only have to use them once in a great while, they are very important services.
[To learn more about I2P, visit the project website](https://geti2p.net)
------------------------------------------------------------------------
[![Help reseed](images/reseed.png)](https://geti2p.net)
- [Learn more about reseeds here:](https://geti2p.net/en/docs/reseed)
- [Learn how to run a reseed here:](https://geti2p.net/en/get-involved/guides/reseed)
- [Read the reseed server code and learn about more reseed options here:](https://i2pgit.org/idk/reseed-tools)
### Here on purpose? Here's a one-time link to a reseed bundle for you.

0
content/script.js
View File

37
content/style.css
View File

@@ -1,37 +0,0 @@
body {
font-family: monospace;
text-align: justify;
}
h1 {
text-align: center;
}
img {
display: block;
margin-left: auto;
margin-right: auto;
width: 50%;
}
.inline {
display: inline;
}
.link-button {
background: none;
border: none;
color: blue;
text-decoration: underline;
cursor: pointer;
font-size: 1em;
font-family: serif;
}
.link-button:focus {
outline: none;
}
.link-button:active {
color:red;
}

5
entrypoint.sh
View File

@@ -1,5 +0,0 @@
#! /usr/bin/env sh
cp -r /var/lib/i2p/go/src/i2pgit.org/idk/reseed-tools/content ./content
/var/lib/i2p/go/src/i2pgit.org/idk/reseed-tools/reseed-tools reseed --yes=true --netdb=/var/lib/i2p/i2p-config/netDb $@

32
go.mod
View File

@@ -1,19 +1,25 @@
module i2pgit.org/idk/reseed-tools
module github.com/eyedeekay/i2p-tools-1
go 1.13
require (
crawshaw.io/littleboss v0.0.0-20190317185602-8957d0aedcce // indirect
github.com/MDrollette/i2p-tools v0.0.0
github.com/codegangsta/cli v1.22.1
github.com/cretz/bine v0.1.0
github.com/eyedeekay/sam3 v0.32.32
github.com/go-acme/lego/v4 v4.3.1
github.com/gorilla/handlers v1.5.1
github.com/justinas/alice v1.2.0
github.com/libp2p/go-libp2p v0.13.0
github.com/libp2p/go-libp2p-core v0.8.0
github.com/libp2p/go-libp2p-gostream v0.3.1
github.com/libp2p/go-libp2p-http v0.2.0
github.com/throttled/throttled/v2 v2.7.1
github.com/urfave/cli v1.22.5
gitlab.com/golang-commonmark/markdown v0.0.0-20191127184510-91b5b3c99c19
golang.org/x/text v0.3.5
github.com/eyedeekay/sam3 v0.32.2
github.com/gomodule/redigo v1.8.0 // indirect
github.com/gorilla/handlers v1.4.2
github.com/justinas/alice v0.0.0-20171023064455-03f45bd4b7da
github.com/libp2p/go-libp2p v0.6.0
github.com/libp2p/go-libp2p-core v0.5.0
github.com/libp2p/go-libp2p-gostream v0.2.1
github.com/libp2p/go-libp2p-http v0.1.5
github.com/shurcooL/go v0.0.0-20190704215121-7189cc372560 // indirect
github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041 // indirect
github.com/throttled/throttled v2.2.4+incompatible
)
replace github.com/MDrollette/i2p-tools v0.0.0 => ./
replace github.com/codegangsta/cli v1.22.1 => github.com/urfave/cli v1.22.1

1043
go.sum
View File

File diff suppressed because it is too large Load Diff

2
history.txt
View File

@@ -41,4 +41,4 @@
* numRi per su3 file: 75 --> 77
2016-01
* fork from https://i2pgit.org/idk/reseed-tools
* fork from https://github.com/MDrollette/i2p-tools

6
main.go
View File

@@ -4,8 +4,8 @@ import (
"os"
"runtime"
"github.com/urfave/cli"
"i2pgit.org/idk/reseed-tools/cmd"
"github.com/MDrollette/i2p-tools/cmd"
"github.com/codegangsta/cli"
)
func main() {
@@ -18,7 +18,7 @@ func main() {
runtime.GOMAXPROCS(runtime.NumCPU() / 2)
app := cli.NewApp()
app.Name = "reseed-tools"
app.Name = "i2p-tools-1"
app.Version = "0.1.7"
app.Usage = "I2P tools and reseed server"
app.Author = "eyedeekay"

132
reseed/homepage.go
View File

@@ -1,132 +0,0 @@
package reseed
import (
"io/ioutil"
"net/http"
"os"
"path/filepath"
"strings"
"gitlab.com/golang-commonmark/markdown"
"golang.org/x/text/language"
)
var SupportedLanguages = []language.Tag{
language.English,
}
var CachedLanguagePages = map[string]string{}
var CachedDataPages = map[string][]byte{}
var BaseContentPath, ContentPathError = ContentPath()
var matcher = language.NewMatcher(SupportedLanguages)
var header = []byte(`<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>This is an I2P Reseed Server</title>
<link rel="stylesheet" href="style.css">
<script src="script.js"></script>
</head>
<body>`)
var footer = []byte(` </body>
</html>`)
var md = markdown.New(markdown.XHTMLOutput(true), markdown.HTML(true))
func ContentPath() (string, error) {
exPath, err := os.Getwd()
if err != nil {
return "", err
}
//exPath := filepath.Dir(ex)
if _, err := os.Stat(filepath.Join(exPath, "content")); err != nil {
return "", err
}
return filepath.Join(exPath, "content"), nil
}
func (srv *Server) HandleARealBrowser(w http.ResponseWriter, r *http.Request) {
if ContentPathError != nil {
http.Error(w, "403 Forbidden", http.StatusForbidden)
return
}
lang, _ := r.Cookie("lang")
accept := r.Header.Get("Accept-Language")
tag, _ := language.MatchStrings(matcher, lang.String(), accept)
base, _ := tag.Base()
switch r.URL.Path {
case "/style.css":
w.Header().Set("Content-Type", "text/css")
HandleAFile(w, "", "style.css")
case "/script.js":
w.Header().Set("Content-Type", "text/javascript")
HandleAFile(w, "", "script.js")
default:
image := strings.Replace(r.URL.Path, "/", "", -1)
if strings.HasPrefix(image, "images") {
w.Header().Set("Content-Type", "image/png")
HandleAFile(w, "images", strings.TrimPrefix(strings.TrimPrefix(r.URL.Path, "/"), "images"))
} else {
w.Header().Set("Content-Type", "text/html")
w.Write([]byte(header))
HandleALocalizedFile(w, base.String())
w.Write([]byte(`<ul><li><form method="post" action="/i2pseeds" class="inline">
<input type="hidden" name="onetime" value="` + srv.Acceptable() + `">
<button type="submit" name="submit_param" value="submit_value" class="link-button">
Bundle
</button>
</form></li></ul>`))
w.Write([]byte(footer))
}
}
}
func HandleAFile(w http.ResponseWriter, dirPath, file string) {
file = filepath.Join(dirPath, file)
if _, prs := CachedDataPages[file]; prs == false {
path := filepath.Join(BaseContentPath, file)
f, err := ioutil.ReadFile(path)
if err != nil {
w.Write([]byte("Oops! Something went wrong handling your language. Please file a bug at https://i2pgit.org/idk/reseed-tools\n\t" + err.Error()))
return
}
CachedDataPages[file] = f
w.Write([]byte(CachedDataPages[file]))
} else {
w.Write(CachedDataPages[file])
}
}
func HandleALocalizedFile(w http.ResponseWriter, dirPath string) {
if _, prs := CachedLanguagePages[dirPath]; prs == false {
dir := filepath.Join(BaseContentPath, "lang", dirPath)
files, err := ioutil.ReadDir(dir)
if err != nil {
w.Write([]byte("Oops! Something went wrong handling your language. Please file a bug at https://i2pgit.org/idk/reseed-tools\n\t" + err.Error()))
}
var f []byte
for _, file := range files {
if !strings.HasSuffix(file.Name(), ".md") {
return
}
trimmedName := strings.TrimSuffix(file.Name(), ".md")
path := filepath.Join(dir, file.Name())
b, err := ioutil.ReadFile(path)
if err != nil {
w.Write([]byte("Oops! Something went wrong handling your language. Please file a bug at https://i2pgit.org/idk/reseed-tools\n\t" + err.Error()))
return
}
f = append(f, []byte(`<div id="`+trimmedName+`">`)...)
f = append(f, []byte(md.RenderToString(b))...)
f = append(f, []byte(`</div>`)...)
}
CachedLanguagePages[dirPath] = string(f)
w.Write([]byte(CachedLanguagePages[dirPath]))
} else {
w.Write([]byte(CachedLanguagePages[dirPath]))
}
}

99
reseed/server.go
View File

@@ -3,7 +3,6 @@ package reseed
import (
"bytes"
"context"
"crypto/rand"
"crypto/tls"
"io"
"log"
@@ -21,8 +20,8 @@ import (
"github.com/libp2p/go-libp2p-core/host"
gostream "github.com/libp2p/go-libp2p-gostream"
p2phttp "github.com/libp2p/go-libp2p-http"
throttled "github.com/throttled/throttled/v2"
"github.com/throttled/throttled/v2/store"
"github.com/throttled/throttled"
"github.com/throttled/throttled/store"
)
const (
@@ -35,10 +34,9 @@ type Server struct {
I2PSession *sam3.StreamSession
I2PListener *sam3.StreamListener
I2PKeys i2pkeys.I2PKeys
Reseeder *ReseederImpl
Reseeder Reseeder
Blacklist *Blacklist
OnionListener *tor.OnionService
acceptables map[string]time.Time
}
func NewServer(prefix string, trustProxy bool) *Server {
@@ -67,7 +65,6 @@ func NewServer(prefix string, trustProxy bool) *Server {
server := Server{Server: h, Reseeder: nil}
th := throttled.RateLimit(throttled.PerHour(4), &throttled.VaryBy{RemoteAddr: true}, store.NewMemStore(200000))
thw := throttled.RateLimit(throttled.PerHour(30), &throttled.VaryBy{RemoteAddr: true}, store.NewMemStore(200000))
middlewareChain := alice.New()
if trustProxy {
@@ -82,85 +79,13 @@ func NewServer(prefix string, trustProxy bool) *Server {
})
mux := http.NewServeMux()
mux.Handle("/", middlewareChain.Append(disableKeepAliveMiddleware, loggingMiddleware, thw.Throttle, server.browsingMiddleware).Then(errorHandler))
mux.Handle("/", middlewareChain.Append(disableKeepAliveMiddleware, loggingMiddleware).Then(errorHandler))
mux.Handle(prefix+"/i2pseeds.su3", middlewareChain.Append(disableKeepAliveMiddleware, loggingMiddleware, verifyMiddleware, th.Throttle).Then(http.HandlerFunc(server.reseedHandler)))
server.Handler = mux
return &server
}
// See use of crypto/rand on:
// https://stackoverflow.com/questions/22892120/how-to-generate-a-random-string-of-a-fixed-length-in-go
const (
letterBytes = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ" // 52 possibilities
letterIdxBits = 6 // 6 bits to represent 64 possibilities / indexes
letterIdxMask = 1<<letterIdxBits - 1 // All 1-bits, as many as letterIdxBits
)
func SecureRandomAlphaString() string {
length := 16
result := make([]byte, length)
bufferSize := int(float64(length) * 1.3)
for i, j, randomBytes := 0, 0, []byte{}; i < length; j++ {
if j%bufferSize == 0 {
randomBytes = SecureRandomBytes(bufferSize)
}
if idx := int(randomBytes[j%length] & letterIdxMask); idx < len(letterBytes) {
result[i] = letterBytes[idx]
i++
}
}
return string(result)
}
// SecureRandomBytes returns the requested number of bytes using crypto/rand
func SecureRandomBytes(length int) []byte {
var randomBytes = make([]byte, length)
_, err := rand.Read(randomBytes)
if err != nil {
log.Fatal("Unable to generate random bytes")
}
return randomBytes
}
//
func (srv *Server) Acceptable() string {
if srv.acceptables == nil {
srv.acceptables = make(map[string]time.Time)
}
if len(srv.acceptables) > 50 {
for val := range srv.acceptables {
srv.CheckAcceptable(val)
}
for val := range srv.acceptables {
if len(srv.acceptables) < 50 {
break
}
delete(srv.acceptables, val)
}
}
acceptme := SecureRandomAlphaString()
srv.acceptables[acceptme] = time.Now()
return acceptme
}
func (srv *Server) CheckAcceptable(val string) bool {
if srv.acceptables == nil {
srv.acceptables = make(map[string]time.Time)
}
if timeout, ok := srv.acceptables[val]; ok {
checktime := time.Now().Sub(timeout)
if checktime > (4 * time.Minute) {
delete(srv.acceptables, val)
return false
}
delete(srv.acceptables, val)
return true
}
return false
}
func (srv *Server) ListenAndServe() error {
addr := srv.Addr
if addr == "" {
@@ -320,7 +245,7 @@ func (srv *Server) ListenAndServeI2P(samaddr string, I2PKeys i2pkeys.I2PKeys) er
if err != nil {
return err
}
log.Printf("I2P server started on http://%v.b32.i2p\n", srv.I2PListener.Addr().(i2pkeys.I2PAddr).Base32())
log.Printf("I2P server started on http://%v.onion\n", srv.OnionListener.ID)
return srv.Serve(srv.I2PListener)
}
@@ -366,20 +291,6 @@ func loggingMiddleware(next http.Handler) http.Handler {
return handlers.CombinedLoggingHandler(os.Stdout, next)
}
func (srv *Server) browsingMiddleware(next http.Handler) http.Handler {
fn := func(w http.ResponseWriter, r *http.Request) {
if srv.CheckAcceptable(r.FormValue("onetime")) {
srv.reseedHandler(w, r)
}
if i2pUserAgent != r.UserAgent() {
srv.HandleARealBrowser(w, r)
return
}
next.ServeHTTP(w, r)
}
return http.HandlerFunc(fn)
}
func verifyMiddleware(next http.Handler) http.Handler {
fn := func(w http.ResponseWriter, r *http.Request) {
if i2pUserAgent != r.UserAgent() {

14
reseed/service.go
View File

@@ -15,7 +15,7 @@ import (
"sync"
"time"
"i2pgit.org/idk/reseed-tools/su3"
"github.com/MDrollette/i2p-tools/su3"
)
type routerInfo struct {
@@ -33,13 +33,13 @@ func (p Peer) Hash() int {
return int(crc32.ChecksumIEEE(c))
}
/*type Reseeder interface {
type Reseeder interface {
// get an su3 file (bytes) for a peer
PeerSu3Bytes(peer Peer) ([]byte, error)
}*/
}
type ReseederImpl struct {
netdb *LocalNetDbImpl
netdb NetDbProvider
su3s chan [][]byte
SigningKey *rsa.PrivateKey
@@ -49,7 +49,7 @@ type ReseederImpl struct {
NumSu3 int
}
func NewReseeder(netdb *LocalNetDbImpl) *ReseederImpl {
func NewReseeder(netdb NetDbProvider) *ReseederImpl {
return &ReseederImpl{
netdb: netdb,
su3s: make(chan [][]byte),
@@ -224,10 +224,10 @@ func (rs *ReseederImpl) createSu3(seeds []routerInfo) (*su3.File, error) {
return su3File, nil
}
/*type NetDbProvider interface {
type NetDbProvider interface {
// Get all router infos
RouterInfos() ([]routerInfo, error)
}*/
}
type LocalNetDbImpl struct {
Path string

14
su3/su3.go
View File

@@ -23,20 +23,16 @@ const (
SigTypeRSAWithSHA384 = uint16(5)
SigTypeRSAWithSHA512 = uint16(6)
ContentTypeUnknown = uint8(0)
ContentTypeRouter = uint8(1)
ContentTypePlugin = uint8(2)
ContentTypeReseed = uint8(3)
ContentTypeNews = uint8(4)
ContentTypeBlocklist = uint8(5)
ContentTypeUnknown = uint8(0)
ContentTypeRouter = uint8(1)
ContentTypePlugin = uint8(2)
ContentTypeReseed = uint8(3)
ContentTypeNews = uint8(4)
FileTypeZIP = uint8(0)
FileTypeXML = uint8(1)
FileTypeHTML = uint8(2)
FileTypeXMLGZ = uint8(3)
FileTypeTXTGZ = uint8(4)
FileTypeDMG = uint8(5)
FileTypeEXE = uint8(6)
magicBytes = "I2Psu3"
)