...
 
Commits (2)
......@@ -3,13 +3,15 @@ CLIENT_VER=0.0.1
DOCKER=docker
VAGRANT=vagrant
#XXX Add real deps/targets.
.PHONY: linux
linux: DOCKER_EXTRA=$(shell [ -L build ] && P=$$(readlink build) && echo -v $$P/:$$P )
linux:
rm -rf linux
$(DOCKER) build --build-arg UID=$$(id -u) --build-arg GID=$$(id -g) \
-t boundery-client-linux -f ./docker/Dockerfile.linux ./docker
$(DOCKER) run -it --rm --user $$(id -u):$$(id -g) \
$(DOCKER) run --rm --user $$(id -u):$$(id -g) \
-v `pwd`/:/home/build/src $(DOCKER_EXTRA) boundery-client-linux \
python3 setup.py linux --build
sed -i 's/$$(readlink -f "$$0")/"$$(readlink -f "$$0")"/1' linux/Boundery\ Client #XXX Bug workaround.
......@@ -21,7 +23,7 @@ linux:
# rm -rf android
# $(DOCKER) build --build-arg UID=$$(id -u) --build-arg GID=$$(id -g) \
# -t boundery-client-android -f ./docker/Dockerfile.android ./docker
# $(DOCKER) run -it --rm --user $$(id -u):$$(id -g) \
# $(DOCKER) run --rm --user $$(id -u):$$(id -g) \
# -v `pwd`/:/home/build/src $(DOCKER_EXTRA) boundery-client-android \
# /bin/sh -c "python3 setup.py android && python3 setup.py android --build"
......
XXX Merge into ../notes/signup_flow.org
1) Client writes SSID/pairingkey/seed_entropy to SDcard
2) Client is directed to "centralui/accounts/client_enroll/"
3) Client is redirected to "centralui/accounts/signup/"
4) Client creates account, solves captcha
5) Client clicks confirmation email, ends up back at "/client_enroll/"
6) Client is redirected back to client http, passing client.apikey/username
7) Client pops up elevate dialog, joins temporary public ZT network
8) Server registers with Central, posting it's temp ipv6 addr, subkey("pairing_id")
9) Client asks centralui for server bootstrap ipv6 addr using subkey("pairing_id")
10) Client encrypts ZT nodeid with secret key and sends via ZT temp network
11) Server decrypts nodeid and preauths it on the private ZT network
12) Server encrypts private ZT networkid and sends to client
13) Client decrypts networkid and joins it
14) Client contacts server over ZT private network.
XXX How to re-enroll w/ centralui/os if only client gets wiped?
XXX Namespace subkeys.
XXX Better names for various subkeys (and pairing_key->rootkey)
XXX Better names for various APIKEYs...
XXX Change from recaptcha+email to recaptcha or email? Or just use an invite tree?
CHANGES FOR WIREGUARD:
- Change temp ZT ipv6 addr to server public IP address, maybe reuse dyndns?
- Preshare wireguard peer info by generating it all from root key.
CLIENT writes SSID/wifipw/pairingkey/seed_entropy to SDcard
CLIENT redirected to centralui
CLIENT creates account -- either email+captcha, or invite code
CLIENT redirects back to local, carrying client.apikey/username
CLIENT polls central for server info
CLIENT gets server info, decrypts, creates wireguard tunnel (using private IP or dyndns IP?)
CLIENT contacts server over wireguard tunnel.
SERVER boots up, generates rootkey
SERVER creates wireguard server
SERVER generates bootstrap client wireguard config
SERVER registers with centralui, writes encrypted privateIP/routerIP/routerMAC/client_wg0.conf
V2:
CLIENT writes SSID/wifipw/pairingkey/seed_entropy to SDcard
CLIENT sends uesrname/invite_id to central, gets CAPIKEY
CLIENT polls central for server info
CLIENT gets server info, decrypts, creates wireguard tunnel w/ dyndns IP.
CLIENT contacts server over wireguard tunnel.
SERVER boots up, adds seed_entropy, generates rootkey
SERVER creates wireguard server
SERVER generates bootstrap client wireguard config
SERVER registers with centralui, writes encrypted privateIP/routerIP/routerMAC/client_wg0.conf
SERVER waits for contact from client via wireguard.
......@@ -93,16 +93,16 @@ def test_elevate():
@get('/')
@get('/step1')
def step1():
return template("step1", { "mountlist": step1_api1(), "ssidlist": step1_api2() })
return template("step1", { "mountlist": mounts(), "ssidlist": ssids() })
@get('/step1_api1')
def step1_api1():
@get('/mounts')
def mounts():
#XXX Emit a useful message if there are no mounts!
return template("step1_api1", { "mounts": osal.get_mounts() })
return template("mounts", { "mounts": osal.get_mounts() })
ssid_dict = {}
@get('/step1_api2')
def step1_api2():
@get('/ssids')
def ssids():
global ssid_dict
for ssid in osal.get_ssids(): #(is_connected, signal, name)
if len(ssid[2].strip()) == 0:
......@@ -117,7 +117,7 @@ def step1_api2():
ssids.sort(key=lambda i: (i[0], i[1]), reverse=True)
ssids = [ ("%s (signal %s)" % (ssid[2], ssid[1]), ssid[2], ssid[0]) for ssid in ssids ]
return template("step1_api2", { "ssids": ssids })
return template("ssids", { "ssids": ssids })
step1_thread = None
@post('/step1')
......@@ -199,8 +199,8 @@ def step1_handler(ssid, wifi_pw, mount):
f.write(standard_b64decode(get_from_datadir("pairingkey")))
step1_thread.cur += 1
@get('/step1_post_api1')
def step1_post_api2():
@get('/step1_post_poll')
def step1_post_poll():
global step1_thread
if step1_thread.cur == step1_thread.max:
step1_thread.join()
......
......@@ -103,7 +103,7 @@
setTimeout(poll1, 1000);
}
};
xhr.open("GET", "/step1_api1", true);
xhr.open("GET", "/mounts", true);
xhr.send();
}
function poll2() {
......@@ -119,7 +119,7 @@
setTimeout(poll2, 5000);
}
};
xhr.open("GET", "/step1_api2", true);
xhr.open("GET", "/ssids", true);
xhr.send();
}
function poll_all() {
......
......@@ -40,7 +40,7 @@
setTimeout(poll1, 1000);
}
};
xhr.open("GET", "/step1_post_api1", true);
xhr.open("GET", "/step1_post_poll", true);
xhr.send();
}
window.onload = poll1();
......