completing client_common library

Author: GyulyVGC

client_common/src/appguard.ts

@@ -7,12 +7,11 @@ import {AppGuardResponse__Output} from './proto/appguard/AppGuardResponse'
 import {AppGuardTcpConnection} from './proto/appguard/AppGuardTcpConnection'
 import {AppGuardHttpResponse} from './proto/appguard/AppGuardHttpResponse'
 import {AppGuardTcpResponse__Output} from "./proto/appguard/AppGuardTcpResponse";
-import {TOKEN_FILE} from "./auth";
-import {AppGuardFirewall, AppGuardFirewall__Output} from "./proto/appguard/AppGuardFirewall";
-import {FirewallPolicy} from "./proto/appguard/FirewallPolicy";
+import {APP_ID_FILE, APP_SECRET_FILE, FIREWALL_DEFAULTS_FILE, TOKEN_FILE} from "./auth";
 import {AuthorizationRequest} from "./proto/appguard_commands/AuthorizationRequest";
 import {ClientMessage} from "./proto/appguard_commands/ClientMessage";
 import {ServerMessage__Output} from "./proto/appguard_commands/ServerMessage";
+import {FirewallDefaults} from "./proto/appguard_commands/FirewallDefaults";
 
 const opts = {includeDirs: [
     'node_modules/@nullnet/appguard-express/node_modules/appguard-client-common/proto/',
@@ -21,6 +20,8 @@ const opts = {includeDirs: [
 const packageDef = protoLoader.loadSync('appguard.proto', opts);
 const grpcObj = (grpc.loadPackageDefinition(packageDef) as unknown) as ProtoGrpcType
 
+const fs = require('fs');
+
 // it doesn't work with .cer files, convert them to .pem with the following command:
 // openssl x509 -inform der -in ca.cer -out ca.pem
 
@@ -35,9 +36,6 @@ export type AppGuardConfig = {
     host: string;
     port: number;
     tls: boolean;
-    timeout?: number;
-    defaultPolicy: FirewallPolicy;
-    firewall: string;
 };
 
 export class AppGuardService {
@@ -103,10 +101,13 @@ export class AppGuardService {
     }
 
     firewallPromise = (promise: Promise<AppGuardResponse__Output>): Promise<AppGuardResponse__Output> => {
-        if (this.config.timeout !== undefined) {
+        let firewallDefaults: FirewallDefaults = getFirewallDefaults();
+        let timeout = firewallDefaults.timeout;
+        let defaultPolicy = firewallDefaults.policy;
+        if (timeout !== undefined) {
             let timeoutPromise: Promise<AppGuardResponse__Output> = new Promise((resolve, _reject) => {
-                setTimeout(resolve, this.config.timeout, {
-                    policy: this.config.defaultPolicy
+                setTimeout(resolve, timeout, {
+                    policy: defaultPolicy
                 })
             });
             return Promise.race([promise, timeoutPromise])
@@ -116,10 +117,12 @@ export class AppGuardService {
     }
 
     connectionPromise = (connection: AppGuardTcpConnection): Promise<AppGuardTcpResponse__Output> => {
+        let firewallDefaults: FirewallDefaults = getFirewallDefaults();
+        let timeout = firewallDefaults.timeout;
         let promise = this.handleTcpConnection(connection);
-        if (this.config.timeout !== undefined) {
+        if (timeout !== undefined) {
             let timeoutPromise: Promise<AppGuardTcpResponse__Output> = new Promise((resolve, _reject) => {
-                setTimeout(resolve, this.config.timeout, {
+                setTimeout(resolve, timeout, {
                     tcpInfo: {
                         connection: connection,
                     }
@@ -139,24 +142,47 @@ export class AppGuardService {
 
         call.on('data', function(server_msg: ServerMessage__Output) {
             if (server_msg.deviceAuthorized) {
+                // save app secret and app id (if defined)
+                let auth_data = server_msg.deviceAuthorized;
+                if (auth_data.appId) {
+                    fs.writeFileSync(APP_ID_FILE, auth_data.appId, {flag: 'w'});
+                }
+                if (auth_data.appSecret) {
+                    fs.writeFileSync(APP_SECRET_FILE, auth_data.appSecret, {flag: 'w'});
+                }
 
-            } else if (server_msg.updateTokenCommand) {
-
-            } else if (server_msg.setFirewallDefaults) {
+                // read app id and app secret from files
+                let appId = fs.readFileSync(APP_ID_FILE, 'utf8').trim();
+                let appSecret = fs.readFileSync(APP_SECRET_FILE, 'utf8').trim();
 
+                // send authenticate
+                let auth: ClientMessage = {authentication: {
+                    appId: appId,
+                    appSecret: appSecret,
+                }};
+                call.write(auth);
+            }
+            if (server_msg.updateTokenCommand) {
+                // save token
+                let token = server_msg.updateTokenCommand;
+                fs.writeFileSync(TOKEN_FILE, token, {flag: 'w'});
             }
-            // handle the heartbeat response
-            console.log("Received heartbeat from server");
-            // write token to file
-            const fs = require('fs');
-            fs.writeFileSync(TOKEN_FILE, heartbeat.token, {flag: 'w'});
-            let status = heartbeat.status;
-            if (status == DeviceStatus.ARCHIVED || status == DeviceStatus.DELETED) {
-                // terminate current process
-                console.log("Device is archived or deleted, terminating process");
-                process.exit(0);
+            if (server_msg.setFirewallDefaults) {
+                // save firewall defaults
+                let firewallDefaults: FirewallDefaults = server_msg.setFirewallDefaults;
+                console.log("Received firewall defaults from server:", firewallDefaults);
+                fs.writeFileSync(FIREWALL_DEFAULTS_FILE, JSON.stringify(firewallDefaults), {flag: 'w'});
+            }
+            if (server_msg.deviceDeauthorized) {
+                // delete saved app secret and app id
+                fs.writeFileSync(APP_ID_FILE, '', {flag: 'w'});
+                fs.writeFileSync(APP_SECRET_FILE, '', {flag: 'w'});
+            }
+            if (server_msg.heartbeat) {
+                console.log("Received heartbeat from server");
             }
         });
+
         call.on('error', (_e) => {
             // An error has occurred and the stream has been closed.
             // sleep for 10 seconds and try again
@@ -166,16 +192,9 @@ export class AppGuardService {
             }, 10000);
         });
     }
+}
 
-    async updateFirewall(req: AppGuardFirewall): Promise<AppGuardFirewall__Output>{
-        return new Promise((resolve, reject) => {
-            this.client.updateFirewall(req, (err, res) => {
-                if(err){
-                    reject(err)
-                } else {
-                    resolve(res as AppGuardFirewall__Output)
-                }
-            })
-        })
-    }
+function getFirewallDefaults(): FirewallDefaults {
+    let text = fs.readFileSync(FIREWALL_DEFAULTS_FILE, 'utf8');
+    return JSON.parse(text);
 }

client_common/src/auth.ts

@@ -1,41 +1,39 @@
 import {AppGuardService} from "./appguard";
-import {HeartbeatRequest} from "./proto/appguard/HeartbeatRequest";
+import {AuthorizationRequest} from "./proto/appguard_commands/AuthorizationRequest";
+import {FirewallDefaults} from "./proto/appguard_commands/FirewallDefaults";
 
 export const TOKEN_FILE = process.cwd() + '/../token.txt'
+export const APP_ID_FILE = process.cwd() + '/../app_id.txt'
+export const APP_SECRET_FILE = process.cwd() + '/../app_secret.txt'
+export const FIREWALL_DEFAULTS_FILE = process.cwd() + '/../firewall_defaults.json'
+
+const fs = require('fs');
 
 export class AuthHandler {
-    private app_id: string
-    private app_secret: string
+    private installation_code: string
     private client: AppGuardService
 
     constructor(client: AppGuardService) {
         require('dotenv').config()
 
-        this.app_id = process.env.APP_ID || ''
-        this.app_secret = process.env.APP_SECRET || ''
+        this.installation_code = process.env.INSTALLATION_CODE || ''
         this.client = client
 
-        if (this.app_id === '') {
-            console.log('APP_ID environment variable is not set')
-            process.exit(1)
-        }
-        if (this.app_secret === '') {
-            console.log('APP_SECRET environment variable is not set')
-            process.exit(1)
-        }
-
         // empty token file content
-        const fs = require('fs');
         fs.writeFileSync(TOKEN_FILE, '', {flag: 'w'});
     }
 
-    async init(){
-        let hb_req: HeartbeatRequest = {
-            appId: this.app_id,
-            appSecret: this.app_secret,
+    async init(type: string){
+
+        let req: AuthorizationRequest = {
+            uuid: "",
+            code: this.installation_code,
+            category: "AppGuard Client",
+            targetOs: undefined,
+            type: type,
         };
 
-        this.client.control_stream(hb_req);
+        this.client.control_stream(req);
 
         console.log("Waiting for the first server heartbeat...");
         while (this.token() === '') {
@@ -46,7 +44,6 @@ export class AuthHandler {
     }
 
     token(): string {
-        const fs = require('fs');
         return fs.readFileSync(TOKEN_FILE, 'utf8');
     }
 }