Merge pull request 'Move Server Token Key into Server Config with the Rest' (#351) from servers into master

Reviewed-on: #351
2021-05-05 13:03:08 -07:00 · 2021-05-05 13:03:08 -07:00 · c199a4fc98
parent deea608da6 c25e682fa4
commit c199a4fc98
5 changed files with 51 additions and 13 deletions
--- a/go.mod
+++ b/go.mod
@ -3,7 +3,7 @@ module cwtch.im/cwtch
 go 1.14

 require (
-	git.openprivacy.ca/cwtch.im/tapir v0.3.5
+	git.openprivacy.ca/cwtch.im/tapir v0.4.0
 	git.openprivacy.ca/openprivacy/connectivity v1.4.3
 	git.openprivacy.ca/openprivacy/log v1.0.2
 	github.com/gtank/ristretto255 v0.1.2
--- a/go.sum
+++ b/go.sum
@ -8,6 +8,8 @@ git.openprivacy.ca/cwtch.im/tapir v0.3.4 h1:g7yZkfz/vWr/t2tFXa/t0Ebr/w665uIKpxpC
 git.openprivacy.ca/cwtch.im/tapir v0.3.4/go.mod h1:+Niy2AHhQC351ZTtfhC0uLjViCICyOxCJZsIlGKKNAU=
 git.openprivacy.ca/cwtch.im/tapir v0.3.5 h1:AlqAhluY4ivznGoHh37Khyxy0u9IbtYskP93wgtmYx8=
 git.openprivacy.ca/cwtch.im/tapir v0.3.5/go.mod h1:eH6dZxXrhW0C4KZX18ksUa6XJCrEvtg8cJJ/Fy6gv+E=
+git.openprivacy.ca/cwtch.im/tapir v0.4.0 h1:clG8uORt0NKEhT4P+Dpw1pzyUuYzYBMevGqn2pciKk8=
+git.openprivacy.ca/cwtch.im/tapir v0.4.0/go.mod h1:eH6dZxXrhW0C4KZX18ksUa6XJCrEvtg8cJJ/Fy6gv+E=
 git.openprivacy.ca/openprivacy/bine v0.0.4 h1:CO7EkGyz+jegZ4ap8g5NWRuDHA/56KKvGySR6OBPW+c=
 git.openprivacy.ca/openprivacy/bine v0.0.4/go.mod h1:13ZqhKyqakDsN/ZkQkIGNULsmLyqtXc46XBcnuXm/mU=
 git.openprivacy.ca/openprivacy/connectivity v1.4.0 h1:c7AANUCrlA4hIqXxIGDOWMtSe8CpDleD1877PShScbM=
--- a/server/app/main.go
+++ b/server/app/main.go
@ -5,12 +5,13 @@ import (
 	"cwtch.im/cwtch/model"
 	cwtchserver "cwtch.im/cwtch/server"
 	"encoding/base64"
-	"fmt"
 	"git.openprivacy.ca/cwtch.im/tapir/primitives"
 	"git.openprivacy.ca/openprivacy/connectivity/tor"
 	"git.openprivacy.ca/openprivacy/log"
 	mrand "math/rand"
 	"os"
+	"os/signal"
+	"syscall"
 	"time"
 )

@ -68,7 +69,6 @@ func main() {
 	server := new(cwtchserver.Server)
 	log.Infoln("starting cwtch server...")

-	// TODO: respond to HUP so t.Close is gracefully called
 	server.Setup(serverConfig)

 	// TODO create a random group for testing
@ -78,13 +78,22 @@ func main() {
 	if err != nil {
 		panic(err)
 	}
-	fmt.Printf("Invite: %v", invite)

 	bundle := server.KeyBundle().Serialize()
 	log.Infof("Server Config: server:%s", base64.StdEncoding.EncodeToString(bundle))

 	log.Infof("Server Tofu Bundle: tofubundle:server:%s||%s", base64.StdEncoding.EncodeToString(bundle), invite)

+	// Graceful Shutdown
+	c := make(chan os.Signal, 1)
+	signal.Notify(c, os.Interrupt, syscall.SIGTERM)
+	go func() {
+		<-c
+		acn.Close()
+		server.Close()
+		os.Exit(1)
+	}()
+
 	server.Run(acn)
 	for {
 		time.Sleep(time.Second)
--- a/server/server.go
+++ b/server/server.go
@ -39,8 +39,9 @@ type Server struct {
 func (s *Server) Setup(serverConfig Config) {
 	s.config = serverConfig
 	bs := new(persistence.BoltPersistence)
-	bs.Open(path.Join(serverConfig.ConfigDir, "tokens1.db"))
-	s.tokenServer = privacypass.NewTokenServerFromStore(bs)
+	bs.Open(path.Join(serverConfig.ConfigDir, "tokens.db"))
+	s.tokenServer = privacypass.NewTokenServerFromStore(&serverConfig.TokenServiceK, bs)
+	log.Infof("Y: %v", s.tokenServer.Y)
 	s.tokenService = s.config.TokenServiceIdentity()
 	s.tokenServicePrivKey = s.config.TokenServerPrivateKey
 }
@ -149,3 +150,12 @@ func (s *Server) ConfigureAutostart(autostart bool) {
 	s.config.AutoStart = autostart
 	s.config.Save(s.config.ConfigDir, s.config.FilePath)
 }
+
+// Close shuts down the cwtch server in a safe way.
+func (s *Server) Close() {
+	log.Infof("Shutting down server")
+	s.lock.Lock()
+	defer s.lock.Unlock()
+	log.Infof("Closing Token Server Database...")
+	s.tokenServer.Close()
+}
--- a/server/serverConfig.go
+++ b/server/serverConfig.go
@ -1,9 +1,11 @@
 package server

 import (
+	"crypto/rand"
 	"encoding/json"
 	"git.openprivacy.ca/cwtch.im/tapir/primitives"
 	"git.openprivacy.ca/openprivacy/log"
+	"github.com/gtank/ristretto255"
 	"golang.org/x/crypto/ed25519"
 	"io/ioutil"
 	"path"
@ -18,15 +20,20 @@ type Reporting struct {

 // Config is a struct for storing basic server configuration
 type Config struct {
-	ConfigDir             string             `json:"-"`
-	FilePath              string             `json:"-"`
-	MaxBufferLines        int                `json:"maxBufferLines"`
-	PublicKey             ed25519.PublicKey  `json:"publicKey"`
-	PrivateKey            ed25519.PrivateKey `json:"privateKey"`
+	ConfigDir      string `json:"-"`
+	FilePath       string `json:"-"`
+	MaxBufferLines int    `json:"maxBufferLines"`
+
+	PublicKey  ed25519.PublicKey  `json:"publicKey"`
+	PrivateKey ed25519.PrivateKey `json:"privateKey"`
+
 	TokenServerPublicKey  ed25519.PublicKey  `json:"tokenServerPublicKey"`
 	TokenServerPrivateKey ed25519.PrivateKey `json:"tokenServerPrivateKey"`
-	ServerReporting       Reporting          `json:"serverReporting"`
-	AutoStart             bool               `json:"autostart"`
+
+	TokenServiceK ristretto255.Scalar `json:"tokenServiceK"`
+
+	ServerReporting Reporting `json:"serverReporting"`
+	AutoStart       bool      `json:"autostart"`
 }

 // Identity returns an encapsulation of the servers keys
@ -67,6 +74,16 @@ func LoadConfig(configDir, filename string) Config {
 	config.ConfigDir = configDir
 	config.FilePath = filename

+	k := new(ristretto255.Scalar)
+	b := make([]byte, 64)
+	_, err := rand.Read(b)
+	if err != nil {
+		// unable to generate secure random numbers
+		panic("unable to generate secure random numbers")
+	}
+	k.FromUniformBytes(b)
+	config.TokenServiceK = *k
+
 	raw, err := ioutil.ReadFile(path.Join(configDir, filename))
 	if err == nil {
 		err = json.Unmarshal(raw, &config)