refactor cli vpn config (#46)

* refactor cli vpn config Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2025-08-03 20:44:14 -04:00 · 2022-04-12 14:20:46 +02:00 · 2022-04-12 14:20:46 +02:00 · 1c0f52e04e
commit 1c0f52e04e
parent 4c73c5076e
10 changed files with 265 additions and 349 deletions
--- a/cli/vpn/vpn.go
+++ b/cli/vpn/vpn.go
@ -6,8 +6,6 @@ import (
 	"time"

 	wgquick "github.com/nmiculinic/wg-quick-go"
-	"github.com/vishvananda/netlink"
-	"golang.zx2c4.com/wireguard/wgctrl"
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 )

@ -16,98 +14,34 @@ const (
 	wireguardPort = 51820
 )

-type vpn interface {
-	ConfigureDevice(name string, cfg wgtypes.Config) error
+type ConfigHandler struct {
+	up func(cfg *wgquick.Config, iface string) error
 }

-type networkLink interface {
-	LinkAdd(link netlink.Link) error
-	LinkByName(name string) (netlink.Link, error)
-	ParseAddr(s string) (*netlink.Addr, error)
-	AddrAdd(link netlink.Link, addr *netlink.Addr) error
-	LinkSetUp(link netlink.Link) error
+func NewConfigHandler() *ConfigHandler {
+	return &ConfigHandler{up: wgquick.Up}
 }

-type netLink struct{}
-
-func newNetLink() *netLink {
-	return &netLink{}
+func (h *ConfigHandler) Create(coordinatorPubKey, coordinatorPubIP, clientPrivKey, clientVPNIP string, mtu int) (*wgquick.Config, error) {
+	return NewWGQuickConfig(coordinatorPubKey, coordinatorPubIP, clientPrivKey, clientVPNIP, mtu)
 }

-func (n *netLink) LinkAdd(link netlink.Link) error {
-	return netlink.LinkAdd(link)
+// Apply applies the generated WireGuard quick config.
+func (h *ConfigHandler) Apply(conf *wgquick.Config) error {
+	return h.up(conf, interfaceName)
 }

-func (n *netLink) LinkByName(name string) (netlink.Link, error) {
-	return netlink.LinkByName(name)
-}
-
-func (n *netLink) ParseAddr(s string) (*netlink.Addr, error) {
-	return netlink.ParseAddr(s)
-}
-
-func (n *netLink) AddrAdd(link netlink.Link, addr *netlink.Addr) error {
-	return netlink.AddrAdd(link, addr)
-}
-
-func (n *netLink) LinkSetUp(link netlink.Link) error {
-	return netlink.LinkSetUp(link)
-}
-
-type Configurer struct {
-	netLink networkLink
-	vpn     vpn
-}
-
-// NewConfigurerWithDefaults creates a new vpn client.
-func NewConfigurerWithDefaults() (*Configurer, error) {
-	vpn, err := wgctrl.New()
+// GetBytes returns the the bytes of the config.
+func (h *ConfigHandler) Marshal(conf *wgquick.Config) ([]byte, error) {
+	data, err := conf.MarshalText()
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("marshal wg-quick config: %w", err)
 	}
-	return &Configurer{netLink: newNetLink(), vpn: vpn}, nil
+	return data, nil
 }

-// NewConfigurer creates a new vpn client with the provided
-// network link and vpn interface.
-func NewConfigurer(netLink networkLink, vpn vpn) (*Configurer, error) {
-	return &Configurer{netLink: netLink, vpn: vpn}, nil
-}
-
-// Configure configures a WireGuard interface
-// WireGuard will listen on its default port.
-// The peer must have the IP 10.118.0.1 in the vpn.
-func (c *Configurer) Configure(clientVpnIp, coordinatorPubKey, coordinatorPubIP, clientPrivKey string) error {
-	wgLink := &netlink.Wireguard{LinkAttrs: netlink.LinkAttrs{Name: interfaceName}}
-	if err := c.netLink.LinkAdd(wgLink); err != nil {
-		return err
-	}
-
-	link, err := c.netLink.LinkByName(interfaceName)
-	if err != nil {
-		return err
-	}
-	addr, err := c.netLink.ParseAddr(clientVpnIp + "/16")
-	if err != nil {
-		return err
-	}
-	if err := c.netLink.AddrAdd(link, addr); err != nil {
-		return err
-	}
-	if err := c.netLink.LinkSetUp(link); err != nil {
-		return err
-	}
-
-	config, err := NewConfig(coordinatorPubKey, coordinatorPubIP, clientPrivKey)
-	if err != nil {
-		return err
-	}
-
-	return c.vpn.ConfigureDevice(interfaceName, config)
-}
-
-// NewConfig creates a new WireGuard configuration.
-func NewConfig(coordinatorPubKey, coordinatorPubIP, clientPrivKey string) (wgtypes.Config, error) {
+// newConfig creates a new WireGuard configuration.
+func newConfig(coordinatorPubKey, coordinatorPubIP, clientPrivKey string) (wgtypes.Config, error) {
 	_, allowedIPs, err := net.ParseCIDR("10.118.0.1/32")
 	if err != nil {
 		return wgtypes.Config{}, fmt.Errorf("parsing CIDR: %w", err)
@ -148,7 +82,12 @@ func NewConfig(coordinatorPubKey, coordinatorPubIP, clientPrivKey string) (wgtyp
 }

 // NewWGQuickConfig create a new WireGuard wg-quick configuration file and mashals it to bytes.
-func NewWGQuickConfig(config wgtypes.Config, clientVPNIP string, mtu int) ([]byte, error) {
+func NewWGQuickConfig(coordinatorPubKey, coordinatorPubIP, clientPrivKey, clientVPNIP string, mtu int) (*wgquick.Config, error) {
+	config, err := newConfig(coordinatorPubKey, coordinatorPubIP, clientPrivKey)
+	if err != nil {
+		return nil, err
+	}
+
 	clientIP := net.ParseIP(clientVPNIP)
 	if clientIP == nil {
 		return nil, fmt.Errorf("invalid client vpn ip '%s'", clientVPNIP)
@ -158,9 +97,5 @@ func NewWGQuickConfig(config wgtypes.Config, clientVPNIP string, mtu int) ([]byt
 		Address: []net.IPNet{{IP: clientIP, Mask: []byte{255, 255, 0, 0}}},
 		MTU:     mtu,
 	}
-	data, err := quickfile.MarshalText()
-	if err != nil {
-		return nil, fmt.Errorf("marshal wg-quick config: %w", err)
-	}
-	return data, nil
+	return &quickfile, nil
 }
--- a/cli/vpn/vpn_test.go
+++ b/cli/vpn/vpn_test.go
@ -1,136 +1,55 @@
 package vpn

 import (
-	"fmt"
-	"net"
+	"errors"
 	"testing"

 	wgquick "github.com/nmiculinic/wg-quick-go"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"github.com/vishvananda/netlink"
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 )

-type stubNetworkLink struct {
-	link netlink.Link
-	addr string
-	up   bool
-}
-
-func newStubNetworkLink() *stubNetworkLink {
-	return &stubNetworkLink{}
-}
-
-func (s *stubNetworkLink) LinkAdd(link netlink.Link) error {
-	s.link = link
-	return nil
-}
-
-func (s *stubNetworkLink) LinkByName(name string) (netlink.Link, error) {
-	if name != s.link.Attrs().Name {
-		return nil, fmt.Errorf("could not find interface with name %v", name)
-	}
-	return s.link, nil
-}
-
-func (s *stubNetworkLink) ParseAddr(addr string) (*netlink.Addr, error) {
-	return netlink.ParseAddr(addr)
-}
-
-func (s *stubNetworkLink) AddrAdd(link netlink.Link, addr *netlink.Addr) error {
-	if link.Attrs().Name != s.link.Attrs().Name {
-		return fmt.Errorf("could not find interface with name %v", link.Attrs().Name)
-	}
-	s.addr = addr.IP.String()
-	return nil
-}
-
-func (s *stubNetworkLink) LinkSetUp(link netlink.Link) error {
-	if link.Attrs().Name != s.link.Attrs().Name {
-		return fmt.Errorf("could not find interface with name %v", link.Attrs().Name)
-	}
-	s.up = true
-	return nil
-}
-
-type stubVPN struct {
-	name   string
-	config wgtypes.Config
-}
-
-func newStubVPN() *stubVPN {
-	return &stubVPN{}
-}
-
-func (s *stubVPN) ConfigureDevice(name string, cfg wgtypes.Config) error {
-	s.name = name
-	s.config = cfg
-	return nil
-}
-
-func TestConfigurer(t *testing.T) {
-	assert := assert.New(t)
-	require := require.New(t)
-
-	link := newStubNetworkLink()
-	vpn := newStubVPN()
-	client, err := NewConfigurer(link, vpn)
-	require.NoError(err)
-	coordinatorPubKey, err := wgtypes.GenerateKey()
-	require.NoError(err)
-	clientPrivKey, err := wgtypes.GenerateKey()
-	require.NoError(err)
-	clientVpnIp := "192.0.2.1"
-	coordinatorPubIp := "192.0.2.2"
-	assert.NoError(client.Configure(clientVpnIp, coordinatorPubKey.String(), coordinatorPubIp, clientPrivKey.String()))
-
-	// assert expected interface
-	assert.Equal(interfaceName, link.link.Attrs().Name)
-	assert.NotNil(link.addr)
-	assert.True(link.up)
-
-	// assert vpn config
-	config := client.vpn.(*stubVPN).config
-	assert.Equal(wireguardPort, *config.ListenPort)
-	assert.Equal(clientPrivKey, *config.PrivateKey)
-	assert.Less(0, len(config.Peers))
-	assert.Equal(coordinatorPubKey, config.Peers[0].PublicKey)
-	assert.Equal(net.JoinHostPort(coordinatorPubIp, "51820"), config.Peers[0].Endpoint.String())
-	assert.Equal("10.118.0.1/32", config.Peers[0].AllowedIPs[0].String())
-}
-
-func TestNewConfig(t *testing.T) {
+func TestCreate(t *testing.T) {
 	require := require.New(t)

 	testKey, err := wgtypes.GeneratePrivateKey()
 	require.NoError(err)

 	testCases := map[string]struct {
-		coordinatorPubKey wgtypes.Key
+		coordinatorPubKey string
 		coordinatorPubIP  string
-		clientPrivKey     wgtypes.Key
+		clientPrivKey     string
+		clientVPNIP       string
 		wantErr           bool
 	}{
-		"valid": {
-			coordinatorPubKey: testKey.PublicKey(),
+		"valid config": {
+			clientPrivKey:     testKey.String(),
+			clientVPNIP:       "192.0.2.1",
+			coordinatorPubKey: testKey.PublicKey().String(),
 			coordinatorPubIP:  "192.0.2.1",
-			clientPrivKey:     testKey,
 		},
-		"empty coordinator pub ip": {
-			coordinatorPubKey: testKey.PublicKey(),
-			clientPrivKey:     testKey,
+		"valid missing endpoint": {
+			clientPrivKey:     testKey.String(),
+			clientVPNIP:       "192.0.2.1",
+			coordinatorPubKey: testKey.PublicKey().String(),
 		},
-		"empty coordinator public key": {
-			coordinatorPubKey: wgtypes.Key{},
+		"invalid coordinator pub key": {
+			clientPrivKey:    testKey.String(),
+			clientVPNIP:      "192.0.2.1",
+			coordinatorPubIP: "192.0.2.1",
+			wantErr:          true,
+		},
+		"invalid client priv key": {
+			clientVPNIP:       "192.0.2.1",
+			coordinatorPubKey: testKey.PublicKey().String(),
 			coordinatorPubIP:  "192.0.2.1",
-			clientPrivKey:     testKey,
 			wantErr:           true,
 		},
-		"empty client private key": {
-			coordinatorPubKey: testKey.PublicKey(),
+		"invalid client ip": {
+			clientPrivKey:     testKey.String(),
+			coordinatorPubKey: testKey.PublicKey().String(),
 			coordinatorPubIP:  "192.0.2.1",
-			clientPrivKey:     wgtypes.Key{},
 			wantErr:           true,
 		},
 	}
@ -139,51 +58,42 @@ func TestNewConfig(t *testing.T) {
 		t.Run(name, func(t *testing.T) {
 			assert := assert.New(t)

-			var coordinatorPubKeyStr, clientPrivKeyStr string
-			if tc.coordinatorPubKey != (wgtypes.Key{}) {
-				coordinatorPubKeyStr = tc.coordinatorPubKey.String()
-			}
-			if tc.clientPrivKey != (wgtypes.Key{}) {
-				clientPrivKeyStr = tc.clientPrivKey.String()
-			}
-			config, err := NewConfig(coordinatorPubKeyStr, tc.coordinatorPubIP, clientPrivKeyStr)
+			handler := &ConfigHandler{}
+			const mtu = 2
+
+			quickConfig, err := handler.Create(tc.coordinatorPubKey, tc.coordinatorPubIP, tc.clientPrivKey, tc.clientVPNIP, mtu)

 			if tc.wantErr {
 				assert.Error(err)
 			} else {
 				assert.NoError(err)
-				assert.Equal(tc.coordinatorPubKey, config.Peers[0].PublicKey)
-				assert.Equal(tc.clientPrivKey, *config.PrivateKey)
+				assert.Equal(tc.clientPrivKey, quickConfig.PrivateKey.String())
+				assert.Equal(tc.clientVPNIP, quickConfig.Address[0].IP.String())
+
+				if tc.coordinatorPubIP != "" {
+					assert.Equal(tc.coordinatorPubIP, quickConfig.Peers[0].Endpoint.IP.String())
+				}
+				assert.Equal(mtu, quickConfig.MTU)
 			}
 		})
 	}
 }

-func TestNewWGQuickConfig(t *testing.T) {
-	require := require.New(t)
-
+func TestApply(t *testing.T) {
 	testKey, err := wgtypes.GeneratePrivateKey()
-	require.NoError(err)
-	testConfig := wgtypes.Config{
-		PrivateKey: &testKey,
-	}
+	require.NoError(t, err)

 	testCases := map[string]struct {
-		config      wgtypes.Config
-		clientVPNIP string
+		quickConfig *wgquick.Config
+		upErr       error
 		wantErr     bool
 	}{
-		"valid config": {
-			clientVPNIP: "192.0.2.1",
-			config:      testConfig,
+		"valid": {
+			quickConfig: &wgquick.Config{Config: wgtypes.Config{PrivateKey: &testKey}},
 		},
-		"empty client vpn ip": {
-			config:  testConfig,
-			wantErr: true,
-		},
-		"config without private key": {
-			clientVPNIP: "192.0.2.1",
-			config:      wgtypes.Config{},
+		"invalid apply": {
+			quickConfig: &wgquick.Config{Config: wgtypes.Config{PrivateKey: &testKey}},
+			upErr:       errors.New("some err"),
 			wantErr:     true,
 		},
 	}
@ -192,18 +102,58 @@ func TestNewWGQuickConfig(t *testing.T) {
 		t.Run(name, func(t *testing.T) {
 			assert := assert.New(t)

-			const mtu = 2
-			quickFile, err := NewWGQuickConfig(tc.config, tc.clientVPNIP, mtu)
+			var ifaceSpy string
+			var cfgSpy *wgquick.Config
+			upSpy := func(cfg *wgquick.Config, iface string) error {
+				ifaceSpy = iface
+				cfgSpy = cfg
+				return tc.upErr
+			}
+
+			handler := &ConfigHandler{up: upSpy}
+
+			err := handler.Apply(tc.quickConfig)

 			if tc.wantErr {
 				assert.Error(err)
 			} else {
 				assert.NoError(err)
-				var quickConfig wgquick.Config
-				assert.NoError(quickConfig.UnmarshalText(quickFile))
-				assert.Equal(tc.config.PrivateKey, quickConfig.PrivateKey)
-				assert.Equal(tc.clientVPNIP, quickConfig.Address[0].IP.String())
-				assert.Equal(mtu, quickConfig.MTU)
+				assert.Equal(interfaceName, ifaceSpy)
+				assert.Equal(tc.quickConfig, cfgSpy)
+			}
+		})
+	}
+}
+
+func TestMarshal(t *testing.T) {
+	require := require.New(t)
+
+	testKey, err := wgtypes.GeneratePrivateKey()
+	require.NoError(err)
+
+	testCases := map[string]struct {
+		quickConfig *wgquick.Config
+		wantErr     bool
+	}{
+		"valid": {
+			quickConfig: &wgquick.Config{Config: wgtypes.Config{PrivateKey: &testKey}},
+		},
+		"invalid config": {
+			quickConfig: &wgquick.Config{Config: wgtypes.Config{}},
+			wantErr:     true,
+		},
+	}
+	for name, tc := range testCases {
+		t.Run(name, func(t *testing.T) {
+			assert := assert.New(t)
+			handler := &ConfigHandler{}
+
+			data, err := handler.Marshal(tc.quickConfig)
+			if tc.wantErr {
+				assert.Error(err)
+			} else {
+				assert.NoError(err)
+				assert.Greater(len(data), 0)
 			}
 		})
 	}