Merge branch 'dev' into 'main'

Datastore authentication

See merge request nullnet/appguard-express!1

Author: Giuliano Bellini

.gitignore

@@ -3,3 +3,5 @@
 node_modules
 dist
 .idea
+token.txt
+.env

.gitlab-ci.yml

@@ -3,10 +3,6 @@ workflow:
     on_new_commit: conservative
     on_job_failure: all
 
-variables:
-  GIT_SUBMODULE_STRATEGY: recursive
-  GIT_SUBMODULE_FORCE_HTTPS: "true"
-
 default:
   tags:
     - docker-52-1-21

.gitmodules

@@ -6,7 +6,7 @@
   "files": [
     "dist",
     "src",
-    "appguard-protobuf"
+    "proto"
   ],
   "engines": {
     "node": ">=9"
@@ -24,6 +24,7 @@
     "@grpc/grpc-js": "^1.3.2",
     "@grpc/proto-loader": "^0.6.2",
     "body-parser": "^1.20.2",
+    "dotenv": "^16.5.0",
     "express": "^4.19.2",
     "nodemon": "^3.1.2"
   },
@@ -63,4 +64,4 @@
   "publishConfig": {
     "registry": "https://npm.nullnet.ai"
   }
-}
+}

appguard-protobuf

@@ -1,3 +1,3 @@
 #!/bin/bash
 rm -rf src/proto
-./node_modules/.bin/proto-loader-gen-types --grpcLib=@grpc/grpc-js --outDir=src/proto/ ./appguard-protobuf/appguard.proto
+./node_modules/.bin/proto-loader-gen-types --grpcLib=@grpc/grpc-js --outDir=src/proto/ ./proto/appguard.proto

package-lock.json

@@ -0,0 +1,121 @@
+syntax = "proto3";
+
+package appguard;
+
+service AppGuard {
+  // Authentication
+  rpc Heartbeat (HeartbeatRequest) returns (stream HeartbeatResponse);
+  // TCP
+  rpc HandleTcpConnection (AppGuardTcpConnection) returns (AppGuardTcpResponse);
+  // HTTP
+  rpc HandleHttpRequest (AppGuardHttpRequest) returns (AppGuardResponse);
+  rpc HandleHttpResponse (AppGuardHttpResponse) returns (AppGuardResponse);
+  // SMTP
+  rpc HandleSmtpRequest (AppGuardSmtpRequest) returns (AppGuardResponse);
+  rpc HandleSmtpResponse (AppGuardSmtpResponse) returns (AppGuardResponse);
+}
+
+// Authentication ------------------------------------------------------------------------------------------------------
+
+message HeartbeatRequest {
+  string app_id = 1;
+  string app_secret = 2;
+  string device_version = 3;
+  string device_uuid = 4;
+}
+
+enum DeviceStatus {
+  DS_DRAFT = 0;
+  DS_ACTIVE = 1;
+  DS_ARCHIVED = 2;
+  DS_DELETED = 3;
+  DS_UNKNOWN = 4;
+}
+
+message HeartbeatResponse {
+  string token = 1;
+  DeviceStatus status = 2;
+  bool remote_shell_enabled = 3;
+  bool remote_ui_enabled = 4;
+  bool is_monitoring_enabled = 5;
+}
+
+// TCP -----------------------------------------------------------------------------------------------------------------
+
+message AppGuardTcpConnection {
+  string token = 1;
+  optional string source_ip = 2;
+  optional uint32 source_port = 3;
+  optional string destination_ip = 4;
+  optional uint32 destination_port = 5;
+  string protocol = 6;
+}
+
+message AppGuardIpInfo {
+  string ip = 1;
+  optional string country = 2;
+  optional string asn = 3;
+  optional string org = 4;
+  optional string continent_code = 5;
+  optional string city = 6;
+  optional string region = 7;
+  optional string postal = 8;
+  optional string timezone = 9;
+  bool blacklist = 100;
+}
+
+message AppGuardTcpInfo {
+  AppGuardTcpConnection connection = 1;
+  AppGuardIpInfo ip_info = 2;
+  uint64 tcp_id = 3;
+}
+
+// HTTP ----------------------------------------------------------------------------------------------------------------
+
+message AppGuardHttpRequest {
+  string token = 1;
+  string original_url = 2;
+  map<string, string> headers = 3;
+  string method = 4;
+  optional string body = 5;
+  map<string, string> query = 6;
+  AppGuardTcpInfo tcp_info = 100;
+}
+
+message AppGuardHttpResponse {
+  string token = 1;
+  uint32 code = 2;
+  map<string, string> headers = 3;
+  AppGuardTcpInfo tcp_info = 100;
+}
+
+// SMTP ----------------------------------------------------------------------------------------------------------------
+
+message AppGuardSmtpRequest {
+  string token = 1;
+  map<string, string> headers = 2;
+  optional string body = 3;
+  AppGuardTcpInfo tcp_info = 100;
+}
+
+message AppGuardSmtpResponse {
+  string token = 1;
+  optional uint32 code = 2;
+  AppGuardTcpInfo tcp_info = 100;
+}
+
+// Response ------------------------------------------------------------------------------------------------------------
+
+message AppGuardResponse {
+  FirewallPolicy policy = 2;
+}
+
+message AppGuardTcpResponse {
+  AppGuardTcpInfo tcp_info = 1;
+}
+
+enum FirewallPolicy {
+  UNKNOWN = 0;
+  ALLOW = 1;
+  DENY = 2;
+}

package.json

@@ -1,15 +1,19 @@
 import path from 'path'
 import * as grpc from '@grpc/grpc-js'
 import * as protoLoader from '@grpc/proto-loader'
-import type  {ProtoGrpcType} from './proto/appguard'
-import { AppGuardClient } from './proto/appguard/AppGuard'
-import { AppGuardHttpRequest } from './proto/appguard/AppGuardHttpRequest'
-import { AppGuardResponse__Output } from './proto/appguard/AppGuardResponse'
-import { AppGuardTcpConnection } from './proto/appguard/AppGuardTcpConnection'
-import { AppGuardHttpResponse } from './proto/appguard/AppGuardHttpResponse'
+import type {ProtoGrpcType} from './proto/appguard'
+import {AppGuardClient} from './proto/appguard/AppGuard'
+import {AppGuardHttpRequest} from './proto/appguard/AppGuardHttpRequest'
+import {AppGuardResponse__Output} from './proto/appguard/AppGuardResponse'
+import {AppGuardTcpConnection} from './proto/appguard/AppGuardTcpConnection'
+import {AppGuardHttpResponse} from './proto/appguard/AppGuardHttpResponse'
 import {AppGuardTcpResponse__Output} from "./proto/appguard/AppGuardTcpResponse";
+import {HeartbeatRequest} from "./proto/appguard/HeartbeatRequest";
+import {HeartbeatResponse__Output} from "./proto/appguard/HeartbeatResponse";
+import {DeviceStatus} from "./proto/appguard/DeviceStatus";
+import {TOKEN_FILE} from "./auth";
 
-const PROTO_FILE = __dirname + '/../appguard-protobuf/appguard.proto'
+const PROTO_FILE = __dirname + '/../proto/appguard.proto'
 const packageDef = protoLoader.loadSync(path.resolve(__dirname, PROTO_FILE))
 const grpcObj = (grpc.loadPackageDefinition(packageDef) as unknown) as ProtoGrpcType
 
@@ -79,4 +83,28 @@ export class AppGuardService {
             })
         })
     }
+    heartbeat(req: HeartbeatRequest) {
+        let call = this.client.heartbeat(req);
+        call.on('data', function(heartbeat: HeartbeatResponse__Output) {
+            // handle the heartbeat response
+            console.log("Received heartbeat from server");
+            // write token to file
+            const fs = require('fs');
+            fs.writeFileSync(TOKEN_FILE, heartbeat.token, {flag: 'w'});
+            let status = heartbeat.status;
+            if (status == DeviceStatus.DS_ARCHIVED || status == DeviceStatus.DS_DELETED) {
+                // terminate current process
+                console.log("Device is archived or deleted, terminating process");
+                process.exit(0);
+            }
+        });
+        call.on('error', (_e) => {
+            // An error has occurred and the stream has been closed.
+            // sleep for 10 seconds and try again
+            console.log("Error in heartbeat, retrying in 10 seconds");
+            setTimeout(() => {
+                this.heartbeat(req);
+            }, 10000);
+        });
+    }
 }