snowstorm/control/

mod.rs

use crate::{
    config::serializable::GeoIp,
    config::serializable::Profile,
    config::serializable::SerializableRouteDescriptor,
    control::odoh::do_odoh_request,
    net::{get_default_interface, get_tun_interface, swarm},
};
use hyper::Method;
use libp2p::Multiaddr;
use once_cell::sync::Lazy;
use parking_lot::RwLock;
use reqwest;
use serde::{Deserialize, Serialize};
use std::{net::IpAddr, sync::Arc, time::Duration};

#[cfg(target_os = "android")]
pub mod android;
pub mod odoh;

static DEFAULT_BACKEND_URL: &str = "https://snowstorm.love/api";

static BACKEND_URL: Lazy<Arc<RwLock<String>>> =
    Lazy::new(|| Arc::new(RwLock::new(DEFAULT_BACKEND_URL.to_string())));

pub fn get_backend_url() -> String {
    BACKEND_URL.read().clone()
}

pub fn set_backend_url(url: String) {
    let mut guard = BACKEND_URL.write();
    *guard = url;
}

static CONTROL_PEER_OVERRIDE: Lazy<Arc<RwLock<Option<Multiaddr>>>> =
    Lazy::new(|| Arc::new(RwLock::new(None)));

pub fn get_control_peer_override() -> Option<Multiaddr> {
    CONTROL_PEER_OVERRIDE.read().clone()
}

pub fn set_control_peer_override(mad: Option<Multiaddr>) {
    let mut guard = CONTROL_PEER_OVERRIDE.write();
    *guard = mad;
}

type SocketProtectFn = Box<dyn Fn(&i32) -> () + Send + Sync>;

static SOCKET_PROTECT_FN: Lazy<Arc<RwLock<Option<SocketProtectFn>>>> =
    Lazy::new(|| Arc::new(RwLock::new(None)));

pub fn set_socket_protect_fn(f: SocketProtectFn) {
    let mut guard = SOCKET_PROTECT_FN.write();
    *guard = Some(f);
}

pub fn protect_socket(fd: &i32) {
    match SOCKET_PROTECT_FN.read().as_ref() {
        Some(protect_fn) => {
            protect_fn(fd);
        }
        None => {}
    }
}

#[derive(Debug, Clone, thiserror::Error)]
pub enum ReqwestClientError {
    #[error("Failed to get network interface")]
    IfaceNotFound,
}

static DEFAULT_CLIENT: Lazy<reqwest::Client> = Lazy::new(|| {
    default_builder()
        .build()
        .expect("Failed to create default reqwest client")
});

pub fn default_client() -> reqwest::Client {
    DEFAULT_CLIENT.clone()
}

pub fn default_builder() -> reqwest::ClientBuilder {
    reqwest::ClientBuilder::new()
}

fn tun_client_builder() -> Result<reqwest::ClientBuilder, ReqwestClientError> {
    let iface = get_tun_interface().ok_or(ReqwestClientError::IfaceNotFound)?;

    #[cfg(not(any(target_os = "windows", target_os = "android")))]
    return Ok(reqwest::Client::builder().interface(&iface.name));

    #[cfg(target_os = "windows")]
    {
        let addr = iface.ipv4_addrs().first().cloned().map(|ip| ip.into());
        return Ok(reqwest::Client::builder().local_address(addr));
    }

    #[cfg(target_os = "android")]
    return Ok(default_builder());
}

fn bypass_client_builder() -> Result<reqwest::ClientBuilder, ReqwestClientError> {
    #[cfg(target_os = "android")]
    if get_tun_interface().is_none() {
        // On Android no need to try to bind if tunnel is off.
        // Caveat: better don't store the client/builder
        return Ok(default_builder());
    }

    let iface = get_default_interface().ok_or(ReqwestClientError::IfaceNotFound)?;

    #[cfg(not(target_os = "windows"))]
    return Ok(reqwest::Client::builder().interface(&iface.name));

    #[cfg(target_os = "windows")]
    {
        let addr = iface.ipv4_addrs().first().cloned().map(|ip| ip.into());
        return Ok(reqwest::Client::builder().local_address(addr));
    }
}

#[derive(Debug, Serialize, Deserialize)]
struct UpdateRequest {
    token: String,
    peer_id: String,
    device_id: Option<String>,
    multiaddrs: Vec<String>,
}

pub async fn update_multiaddrs(
    token: String,
    peer_id: String,
    device_id: Option<String>,
    multiaddrs: Vec<&Multiaddr>,
    public_only: bool,
) -> Result<(), Box<dyn std::error::Error>> {
    if multiaddrs.is_empty() {
        return Err("No multiaddrs provided".into());
    }

    let mas = multiaddrs
        .iter()
        .filter(|ma| {
            !swarm::multiaddr_is_loopback(ma) && (!public_only || swarm::multiaddr_is_public(ma))
        })
        .map(|ma| ma.to_string())
        .collect::<Vec<String>>();

    let params = UpdateRequest {
        token,
        peer_id,
        device_id,
        multiaddrs: mas,
    };

    let url = "auth?method=update".to_string();
    let value = do_rpc(Method::POST, &url, Some(&params)).await?;
    let resp: String = serde_json::from_value(value)?;

    match resp.as_str() {
        "ok" => Ok(()),
        _ => Err("Failed to update multiaddrs".into()),
    }
}

#[derive(Debug, Serialize, Deserialize)]
pub struct RegisterDeviceResponse {
    token: String,
    id: String,
}

pub async fn register_device(
    token: &str,
    peer_id: &str,
    dev_type: &str,
    dev_id: &str,
    dev_name: &str,
) -> Result<RegisterDeviceResponse, Box<dyn std::error::Error>> {
    let query = serde_urlencoded::to_string(&[
        ("method", "device"),
        ("Token", token),
        ("PeerID", peer_id),
        ("Type", dev_type),
        ("ID", dev_id),
        ("Name", dev_name),
    ])?;
    let url = format!("auth?{}", query);
    let value = do_rpc_get(&url).await?;
    let dev_response: RegisterDeviceResponse = serde_json::from_value(value)?;

    Ok(dev_response)
}

pub async fn unregister(token: &str, peer_id: Option<&str>, device_id: Option<&str>) -> Result<(), Box<dyn std::error::Error>> {
    match (peer_id, device_id) {
        (Some(_), Some(_)) => {
            Err("Provide either peer_id or device_id, not both".into())
        }
        (Some(pid), None) => {
            let params = UpdateRequest {
                token: token.to_string(),
                peer_id: pid.to_string(),
                device_id: None,
                multiaddrs: Vec::new(),
            };

            let url = "auth?method=unregister";
            let value = do_rpc(Method::POST, &url, Some(&params)).await?;
            let resp: String = serde_json::from_value(value)?;

            match resp.as_str() {
                "ok" => Ok(()),
                _ => Err("Failed to unregister".into()),
            }
        }
        (None, Some(did)) => {
            let params = UpdateRequest {
                token: token.to_string(),
                peer_id: "".to_string(),
                device_id: Some(did.to_string()),
                multiaddrs: Vec::new(),
            };

            let url = "auth?method=unregister";
            let value = do_rpc(Method::POST, &url, Some(&params)).await?;
            let resp: String = serde_json::from_value(value)?;

            match resp.as_str() {
                "ok" => Ok(()),
                _ => Err("Failed to unregister".into()),
            }
        }
        (None, None) => {
            Err("Provide either peer_id or device_id".into())
        }
    }
}

pub async fn auth_with_license(license: String) -> Result<String, Box<dyn std::error::Error>> {
    let url = format!("auth?method=license&License={}", license);
    let value = do_rpc_get(&url).await?;
    let resp: String = serde_json::from_value(value)?;

    Ok(resp)
}

#[derive(Debug, Serialize, Deserialize)]
pub struct RefreshResponse {
    #[serde(rename = "Token")]
    token: String,

    #[serde(rename = "SubscriptionData", default)]
    pub subscription_data: serde_json::Value,

    #[serde(rename = "Email", default)]
    pub email: String,

    #[serde(rename = "Kind", default)]
    pub kind: String,
}

pub async fn refresh_token(token: String) -> Result<RefreshResponse, Box<dyn std::error::Error>> {
    let url = format!("auth?method=refresh&Token={}", token);
    let value = do_rpc_get(&url).await?;
    let resp: RefreshResponse = serde_json::from_value(value)?;

    Ok(resp)
}

pub async fn get_control_peer() -> Result<Multiaddr, Box<dyn std::error::Error>> {
    #[derive(Debug, Deserialize)]
    struct YukigoInfo {
        #[allow(dead_code)]
        key: String,

        #[allow(dead_code)]
        peer: String,
    }

    let resp = do_rpc_get("auth?method=info").await?;
    let kp: YukigoInfo = serde_json::from_value(resp)?;
    let ma = Multiaddr::try_from(kp.peer).unwrap();

    Ok(ma)
}

pub async fn do_rpc_get(path: &str) -> Result<serde_json::Value, Box<dyn std::error::Error>> {
    do_rpc::<()>(Method::GET, path, None).await
}

pub async fn do_rpc<T: Serialize>(
    method: Method,
    path: &str,
    body: Option<&T>,
) -> Result<serde_json::Value, Box<dyn std::error::Error>> {
    let url = format!("{}/{}", get_backend_url(), path);
    let client = default_client();
    let mut req = client.request(method, url);
    if let Some(body) = body {
        req = req.json(body);
    }
    req = req.timeout(Duration::from_secs(10));

    // Should be safe to clone, since we're not streaming
    let resp = req.try_clone().unwrap().send().await;
    match resp {
        Ok(resp) => {
            let resp = resp.error_for_status()?.json().await?;
            return Ok(resp);
        }
        Err(err) => {
            log::error!("direct request failed: {}", err);
            let req = req.build()?;
            let raw_resp = do_odoh_request(&req).await?;
            let resp = serde_json::from_slice(&raw_resp)?;
            return Ok(resp);
        }
    }
}

pub async fn post_measurement<T: Serialize + ?Sized>(
    query: &T,
    payload: &serde_json::Value,
) -> Result<(), Box<dyn std::error::Error>> {
    let url = format!("{}/tp", get_backend_url());
    default_builder()
        .timeout(Duration::from_secs(5))
        .build()
        .map_err(|err: reqwest::Error| {
            log::error!("Failed to create HTTP client: {}", err);
            "measurement failed"
        })?
        .post(url)
        .query(query)
        .header("Content-Type", "application/json")
        .json(payload)
        .send()
        .await
        .map_err(|err| {
            // Mainly timeouts and IO errors
            log::error!("Failed to send analytics event: {}", err);
            err
        })?
        .error_for_status()
        .map_err(|err| {
            // HTTP status code errors
            log::error!("Failed to send analytics event: {}", err);
            "measurement failed"
        })?;

    Ok(())
}

pub async fn get_profile(token: &str) -> Result<Profile, Box<dyn std::error::Error>> {
    match token.len() {
        0 => {
            return Err("Cannot get profile without access token".into());
        }
        _ => {}
    }
    let url = format!("auth?method=profile&Token={}", token);
    let value = do_rpc_get(&url).await?;
    let mut resp: Profile = serde_json::from_value(value)?;

    if resp.peers.is_none() {
        resp.peers = Some(Vec::new());
    }

    Ok(resp)
}

pub async fn validate_route(
    token: &str,
    route_id: &str,
) -> Result<bool, Box<dyn std::error::Error>> {
    let url = format!("route?method=validate&Token={}&Route={}", token, route_id);
    do_rpc_get(&url).await?;

    Ok(true)
}

pub async fn update_profile(
    token: &str,
    state_header: &str,
    local_state: &str,
) -> Result<(), Box<dyn std::error::Error>> {
    #[derive(Serialize)]
    struct UpdateProfileParams<'a> {
        token: &'a str,
        state_header: &'a str,
        local_state: &'a str,
    }

    let params = UpdateProfileParams {
        token,
        state_header,
        local_state,
    };
    let url = "auth?method=update".to_string();
    do_rpc(Method::POST, &url, Some(&params)).await?;

    Ok(())
}
#[derive(Serialize)]
struct RouteParams<'a> {
    #[serde(rename = "Token")]
    token: &'a str,

    #[serde(rename = "Share")]
    secrets: Vec<&'a str>,
}

pub async fn get_routes(
    token: &str,
    secrets: Vec<&str>,
) -> Result<Vec<SerializableRouteDescriptor>, Box<dyn std::error::Error>> {
    let params = RouteParams { token, secrets };
    let url = "route".to_string();
    let value = do_rpc(Method::POST, &url, Some(&params)).await?;
    let resp: Vec<SerializableRouteDescriptor> = serde_json::from_value(value)?;

    Ok(resp)
}

pub async fn get_routes_bypass(
    token: &str,
) -> Result<Vec<SerializableRouteDescriptor>, Box<dyn std::error::Error>> {
    let params = RouteParams {
        token,
        secrets: vec![],
    };
    let url = format!("{}/route", get_backend_url());

    #[cfg(target_os = "android")]
    {
        let request = android::AndroidBypassTunRequest {
            url: url.clone(),
            method: "POST".into(),
            body: Some(serde_json::to_vec(&params)?),
        };
        match android::get_bypass_tun_request(request) {
            Some(res) => return Ok(res),
            None => {}
        }
    }

    // We're not using do_rpc to make sure no proxy is involved
    let client = bypass_client_builder()?
        .timeout(Duration::from_secs(5))
        .build()?;

    let res = client
        .post(url)
        .body(serde_json::to_vec(&params)?)
        .send()
        .await?
        .json()
        .await?;
    Ok(res)
}

pub async fn get_origin_ip() -> Result<GeoIp, Box<dyn std::error::Error + Send + Sync>> {
    let url = format!("{}/meta", get_backend_url());

    #[cfg(target_os = "android")]
    {
        let request = android::AndroidBypassTunRequest {
            url: url.clone(),
            method: "GET".into(),
            body: None,
        };
        match android::get_bypass_tun_request(request) {
            Some(ip) => return Ok(ip),
            None => {}
        }
    }

    // We're not using do_rpc to make sure no proxy is involved
    let client = bypass_client_builder()?
        .timeout(Duration::from_secs(7))
        .build()?;
    let ip: GeoIp = client
        .get(url)
        .send()
        .await?
        .json()
        .await?;
    Ok(ip)
}

/**
 * Try various endpoints to figure our our current public IP.
 * Begins with Snowstorm's official backend, then fallls back to other options.
 */
pub async fn get_public_ip(addr: Option<IpAddr>) -> Result<GeoIp, Box<dyn std::error::Error + Send + Sync>> {
    match get_public_ip_direct(addr).await {
        Ok(ip) => Ok(ip),
        Err(err) => {
            get_public_ip_cloudflare().await.map_err(|_| err)
        }
    }
}

/**
 * Underlying RPC to Snowstorm backend (yukigo) for our official meta endpoint.
 * TODO: Set the timeout duration via a configuration option.
 */
async fn get_public_ip_direct(addr: Option<IpAddr>) -> Result<GeoIp, Box<dyn std::error::Error + Send + Sync>> {
    let client = tun_client_builder()
        .unwrap_or_else(|_| default_builder())
        .timeout(Duration::from_secs(2))
        .local_address(addr)
        .build()?;

    let url = format!("{}/meta", get_backend_url());
    let ip: GeoIp = client.get(url).send().await?.json().await?;

    Ok(ip)
}

pub async fn get_exit_ip() -> Result<GeoIp, Box<dyn std::error::Error + Send + Sync>> {
    // We're not using do_rpc to make sure no proxy is involved
    let client = tun_client_builder()?
        .timeout(Duration::from_secs(3))
        .build()?;
    let url = format!("{}/meta", get_backend_url());
    let ip: GeoIp = client
        .get(url)
        .send()
        .await?
        .json()
        .await?;

    Ok(ip)
}

/**
 * Falback STUN server checks
 */
pub async fn get_public_ip_cloudflare() -> Result<GeoIp, Box<dyn std::error::Error + Send + Sync>> {
    let client = tun_client_builder()
        .unwrap_or_else(|_| default_builder())
        .timeout(Duration::from_secs(3))
        .build()?;
    let url = "https://cloudflare.com/cdn-cgi/trace".to_string();
    let ip = client.get(url).send().await?.text().await?;
    let mut geoip = GeoIp{
        ip: "".to_string(),
        geo_ip: None,
        active: false,
    };

    for line in ip.lines() {
        let mut parts = line.splitn(2, '=');
        let key = parts.next().unwrap_or("");
        let value = parts.next().unwrap_or("");
        match key {
            "ip" => geoip.ip = value.to_string(),
            _ => {}
        }
    }
    Ok(geoip)
}

#[cfg(test)]
mod tests {
    use super::*;

    #[tokio::test]
    async fn test_cloudflare_ip() {
        let ip = get_public_ip_cloudflare().await.unwrap();
        println!("Cloudflare IP: {:?}", ip);
        assert!(!ip.ip.is_empty());
    }
}