set up skeleton for JS clients

Author: GyulyVGC

client_common/proto/appguard.proto

@@ -2,13 +2,15 @@ syntax = "proto3";
 
 package appguard;
 
+import "google/protobuf/empty.proto";
+import "commands.proto";
+
 service AppGuard {
-  // Authentication
-  rpc Heartbeat (HeartbeatRequest) returns (stream HeartbeatResponse);
-  // Firewall
-  rpc UpdateFirewall (AppGuardFirewall) returns (Empty);
+  // Control channel
+  rpc ControlChannel(stream appguard_commands.ClientMessage)
+      returns (stream appguard_commands.ServerMessage);
   // Logs
-  rpc HandleLogs (Logs) returns (Empty);
+  rpc HandleLogs (Logs) returns (google.protobuf.Empty);
   // TCP
   rpc HandleTcpConnection (AppGuardTcpConnection) returns (AppGuardTcpResponse);
   // HTTP
@@ -17,33 +19,8 @@ service AppGuard {
   // SMTP
   rpc HandleSmtpRequest (AppGuardSmtpRequest) returns (AppGuardResponse);
   rpc HandleSmtpResponse (AppGuardSmtpResponse) returns (AppGuardResponse);
-}
-
-// Authentication ------------------------------------------------------------------------------------------------------
-
-message HeartbeatRequest {
-  string app_id = 1;
-  string app_secret = 2;
-}
-
-enum DeviceStatus {
-  DRAFT = 0;
-  ACTIVE = 1;
-  ARCHIVED = 2;
-  DELETED = 3;
-  DS_UNKNOWN = 4;
-}
-
-message HeartbeatResponse {
-  string token = 1;
-  DeviceStatus status = 2;
-}
-
-// Firewall ------------------------------------------------------------------------------------------------------------
-
-message AppGuardFirewall {
-  string token = 1;
-  string firewall = 2;
+  // Other
+  rpc FirewallDefaultsRequest (Token) returns (appguard_commands.FirewallDefaults);
 }
 
 // Logs ----------------------------------------------------------------------------------------------------------------
@@ -124,18 +101,16 @@ message AppGuardSmtpResponse {
 
 // Response ------------------------------------------------------------------------------------------------------------
 
-message Empty {}
-
 message AppGuardResponse {
-  FirewallPolicy policy = 2;
+  appguard_commands.FirewallPolicy policy = 2;
 }
 
 message AppGuardTcpResponse {
   AppGuardTcpInfo tcp_info = 1;
 }
 
-enum FirewallPolicy {
-  UNKNOWN = 0;
-  ALLOW = 1;
-  DENY = 2;
-}
+// Other --------------------------------------------------------------------------------------
+
+message Token {
+  string token = 1;
+}

client_common/proto/commands.proto

@@ -0,0 +1,55 @@
+syntax = "proto3";
+
+package appguard_commands;
+
+import "google/protobuf/empty.proto";
+
+message AuthorizationRequest {
+    string uuid = 1;
+    string code = 2;
+    string category = 3;
+    string type = 4;
+    string target_os = 5;
+}
+
+message Authentication {
+    string app_id = 1;
+    string app_secret = 2;
+}
+
+message ClientMessage {
+    oneof message {
+        AuthorizationRequest authorization_request = 1;
+        Authentication authentication = 2;
+    }
+}
+
+message AuthenticationData {
+    optional string app_id = 1;
+    optional string app_secret = 2;
+}
+
+message ServerMessage {
+    oneof message {
+        string update_token_command = 1;
+        
+        FirewallDefaults set_firewall_defaults = 2;
+
+        google.protobuf.Empty heartbeat = 3;
+
+        AuthenticationData device_authorized = 4;
+        google.protobuf.Empty device_deauthorized = 5;
+        google.protobuf.Empty authorization_rejected = 6;
+    }
+}
+
+message FirewallDefaults {
+    uint32 timeout = 1;
+    FirewallPolicy policy = 2;
+}
+
+enum FirewallPolicy {
+    UNKNOWN = 0;
+    ALLOW = 1;
+    DENY = 2;
+}

client_common/src/appguard.ts

@@ -7,12 +7,12 @@ import {AppGuardResponse__Output} from './proto/appguard/AppGuardResponse'
 import {AppGuardTcpConnection} from './proto/appguard/AppGuardTcpConnection'
 import {AppGuardHttpResponse} from './proto/appguard/AppGuardHttpResponse'
 import {AppGuardTcpResponse__Output} from "./proto/appguard/AppGuardTcpResponse";
-import {HeartbeatRequest} from "./proto/appguard/HeartbeatRequest";
-import {HeartbeatResponse__Output} from "./proto/appguard/HeartbeatResponse";
-import {DeviceStatus} from "./proto/appguard/DeviceStatus";
 import {TOKEN_FILE} from "./auth";
 import {AppGuardFirewall, AppGuardFirewall__Output} from "./proto/appguard/AppGuardFirewall";
 import {FirewallPolicy} from "./proto/appguard/FirewallPolicy";
+import {AuthorizationRequest} from "./proto/appguard_commands/AuthorizationRequest";
+import {ClientMessage} from "./proto/appguard_commands/ClientMessage";
+import {ServerMessage__Output} from "./proto/appguard_commands/ServerMessage";
 
 const opts = {includeDirs: [
     'node_modules/@nullnet/appguard-express/node_modules/appguard-client-common/proto/',
@@ -131,9 +131,20 @@ export class AppGuardService {
         }
     }
 
-    heartbeat(req: HeartbeatRequest) {
-        let call = this.client.heartbeat(req);
-        call.on('data', function(heartbeat: HeartbeatResponse__Output) {
+    control_stream(req: AuthorizationRequest) {
+        let call = this.client.controlChannel();
+
+        let authz_req: ClientMessage = {authorizationRequest: req};
+        call.write(authz_req);
+
+        call.on('data', function(server_msg: ServerMessage__Output) {
+            if (server_msg.deviceAuthorized) {
+
+            } else if (server_msg.updateTokenCommand) {
+
+            } else if (server_msg.setFirewallDefaults) {
+
+            }
             // handle the heartbeat response
             console.log("Received heartbeat from server");
             // write token to file
@@ -149,9 +160,9 @@ export class AppGuardService {
         call.on('error', (_e) => {
             // An error has occurred and the stream has been closed.
             // sleep for 10 seconds and try again
-            console.log("Error in heartbeat, retrying in 10 seconds");
+            console.log("Error in control stream");
             setTimeout(() => {
-                this.heartbeat(req);
+                this.control_stream(req);
             }, 10000);
         });
     }

client_common/src/auth.ts

@@ -35,7 +35,7 @@ export class AuthHandler {
             appSecret: this.app_secret,
         };
 
-        this.client.heartbeat(hb_req);
+        this.client.control_stream(hb_req);
 
         console.log("Waiting for the first server heartbeat...");
         while (this.token() === '') {

client_common/src/index.ts

@@ -1,4 +1,4 @@
-export {FirewallPolicy} from "./proto/appguard/FirewallPolicy";
+export {FirewallPolicy} from "./proto/appguard_commands/FirewallPolicy";
 export {AppGuardService, AppGuardConfig} from './appguard';
 export {AuthHandler} from './auth';
 export {AppGuardTcpInfo} from './proto/appguard/AppGuardTcpInfo';

client_common/src/proto/appguard.ts

@@ -10,7 +10,6 @@ type SubtypeConstructor<Constructor extends new (...args: any) => any, Subtype>
 export interface ProtoGrpcType {
   appguard: {
     AppGuard: SubtypeConstructor<typeof grpc.Client, _appguard_AppGuardClient> & { service: _appguard_AppGuardDefinition }
-    AppGuardFirewall: MessageTypeDefinition
     AppGuardHttpRequest: MessageTypeDefinition
     AppGuardHttpResponse: MessageTypeDefinition
     AppGuardIpInfo: MessageTypeDefinition
@@ -20,13 +19,23 @@ export interface ProtoGrpcType {
     AppGuardTcpConnection: MessageTypeDefinition
     AppGuardTcpInfo: MessageTypeDefinition
     AppGuardTcpResponse: MessageTypeDefinition
-    DeviceStatus: EnumTypeDefinition
-    Empty: MessageTypeDefinition
-    FirewallPolicy: EnumTypeDefinition
-    HeartbeatRequest: MessageTypeDefinition
-    HeartbeatResponse: MessageTypeDefinition
     Log: MessageTypeDefinition
     Logs: MessageTypeDefinition
+    Token: MessageTypeDefinition
+  }
+  appguard_commands: {
+    Authentication: MessageTypeDefinition
+    AuthenticationData: MessageTypeDefinition
+    AuthorizationRequest: MessageTypeDefinition
+    ClientMessage: MessageTypeDefinition
+    FirewallDefaults: MessageTypeDefinition
+    FirewallPolicy: EnumTypeDefinition
+    ServerMessage: MessageTypeDefinition
+  }
+  google: {
+    protobuf: {
+      Empty: MessageTypeDefinition
+    }
   }
 }