From 57d686ac843fdb8fc42a6156b9703f079a25d4e6 Mon Sep 17 00:00:00 2001
From: Utsav Anand <utsavanand2@gmail.com>
Date: Mon, 3 Feb 2020 20:53:18 +0530
Subject: [PATCH] Add --rm flag to "inletsctl create" Fix issue with the
 opening of TCP ports for inlets-pro on GCE

The --rm flag will enable to point to
an upstream or a remote-tcp and will delete the exit-node
on a SIGINT (control + c)
Updates the firewall rule when switching between inlets OSS
and inlets-pro and opens up ports from 1024 to 65535 when using
inlets-pro.

Fixes #41
Fixes #44

Signed-off-by: Utsav Anand <utsavanand2@gmail.com>
---
 cmd/create.go        | 189 ++++++++++++++++++++++++++++++++++---------
 pkg/provision/gce.go |  43 ++++++----
 2 files changed, 178 insertions(+), 54 deletions(-)

diff --git a/cmd/create.go b/cmd/create.go
index 43629cbc..26f3da0b 100644
--- a/cmd/create.go
+++ b/cmd/create.go
@@ -7,8 +7,12 @@ import (
 	"encoding/base64"
 	"fmt"
 	"io/ioutil"
+	"os"
+	"os/exec"
+	"os/signal"
 	"strconv"
 	"strings"
+	"syscall"
 	"time"
 
 	names "github.com/inlets/inletsctl/pkg/names"
@@ -20,6 +24,8 @@ import (
 	"github.com/spf13/pflag"
 )
 
+var delTunnel bool
+
 func init() {
 	inletsCmd.AddCommand(createCmd)
 	createCmd.Flags().StringP("provider", "p", "digitalocean", "The cloud provider - digitalocean, gce, ec2, packet, scaleway, or civo")
@@ -38,6 +44,10 @@ func init() {
 	createCmd.Flags().StringP("remote-tcp", "c", "", `Remote host for inlets-pro to use for forwarding TCP connections`)
 
 	createCmd.Flags().DurationP("poll", "n", time.Second*2, "poll every N seconds, use a higher value if you encounter rate-limiting")
+
+	createCmd.Flags().BoolVar(&delTunnel, "rm", false, "Delete the exit node on pressing control + c")
+	createCmd.Flags().StringP("upstream", "u", "http://127.0.0.1:3000", "The upstream server running locally")
+	createCmd.Flags().StringP("license", "l", "", "The license key for inlets-pro")
 }
 
 // clientCmd represents the client sub command.
@@ -60,7 +70,6 @@ along with what OS version and spec will be used is explained in the README.
 }
 
 func runCreate(cmd *cobra.Command, _ []string) error {
-
 	provider, err := cmd.Flags().GetString("provider")
 	if err != nil {
 		return errors.Wrap(err, "failed to get 'provider' value.")
@@ -139,15 +148,22 @@ func runCreate(cmd *cobra.Command, _ []string) error {
 	}
 
 	remoteTCP, _ := cmd.Flags().GetString("remote-tcp")
+	upstream, _ := cmd.Flags().GetString("upstream")
+
 	var pro bool
+	var inletsProLicenseKey string
 	if len(remoteTCP) > 0 {
 		pro = true
+		inletsProLicenseKey, _ = cmd.Flags().GetString("license")
 	}
 
-
 	name := strings.Replace(names.GetRandomName(10), "_", "-", -1)
 
 	inletsControlPort := 8080
+	proPort := 8123
+	if pro {
+		inletsControlPort = proPort
+	}
 
 	userData := makeUserdata(inletsToken, inletsControlPort, remoteTCP)
 
@@ -180,46 +196,87 @@ func runCreate(cmd *cobra.Command, _ []string) error {
 			return err
 		}
 
-		fmt.Printf("[%d/%d] Host: %s, status: %s\n",
-			i+1, max, hostStatus.ID, hostStatus.Status)
-
 		if hostStatus.Status == "active" {
-			if !pro {
-				fmt.Printf(`Inlets OSS exit-node summary:
-  IP: %s
-  Auth-token: %s
-
-Command:
-  export UPSTREAM=http://127.0.0.1:8000
-  inlets client --remote "ws://%s:%d" \
-	--token "%s" \
-	--upstream $UPSTREAM
-
-To Delete:
-	inletsctl delete --provider %s --id "%s"
-`,
-					hostStatus.IP, inletsToken, hostStatus.IP, inletsControlPort, inletsToken, provider, hostStatus.ID)
-				return nil
+			if delTunnel == true {
+				sig := make(chan os.Signal, 1)
+				done := make(chan bool, 1)
+
+				signal.Notify(sig, syscall.SIGINT, syscall.SIGTERM)
+
+				go func() {
+					sigval := <-sig
+					fmt.Printf("\n%v\n", sigval)
+					done <- true
+				}()
+
+				fmt.Printf("Your IP is: %s\n", hostStatus.IP)
+
+				port := inletsControlPort
+				if pro {
+					port = proPort
+				}
+
+				var err error = nil
+				if pro {
+					err = runInletsClient(pro, hostStatus.IP, remoteTCP, port, inletsToken, inletsProLicenseKey)
+				} else {
+					err = runInletsClient(pro, hostStatus.IP, upstream, port, inletsToken, "")
+				}
+				if err != nil {
+					return fmt.Errorf("Error running inlets: %v", err)
+				}
+
+				<-done
+				hostDelReq := provision.HostDeleteRequest{
+					ID:        hostStatus.ID,
+					IP:        hostStatus.IP,
+					ProjectID: projectID,
+					Zone:      zone,
+				}
+				fmt.Println("Deleting tunnel")
+				err = provisioner.Delete(hostDelReq)
+				if err != nil {
+					return fmt.Errorf("error deleting the exitnode: %v", err)
+				}
+				fmt.Println("exiting")
+
+			} else {
+				if !pro {
+					fmt.Printf(`Inlets OSS exit-node summary:
+	  IP: %s
+	  Auth-token: %s
+	
+	Command:
+	  export UPSTREAM=http://127.0.0.1:8000
+	  inlets client --remote "ws://%s:%d" \
+		--token "%s" \
+		--upstream $UPSTREAM
+	
+	To Delete:
+		inletsctl delete --provider %s --id "%s"
+	`,
+						hostStatus.IP, inletsToken, hostStatus.IP, inletsControlPort, inletsToken, provider, hostStatus.ID)
+					return nil
+				}
+
+				fmt.Printf(`inlets-pro exit-node summary:
+	  IP: %s
+	  Auth-token: %s
+	
+	Command:
+	  export TCP_PORTS="8000"
+	  export LICENSE=""
+	  inlets-pro client --connect "wss://%s:%d/connect" \
+		--token "%s" \
+		--license "$LICENSE" \
+		--tcp-ports $TCP_PORTS
+	
+	To Delete:
+		  inletsctl delete --provider %s --id "%s"
+	`,
+					hostStatus.IP, inletsToken, hostStatus.IP, proPort, inletsToken, provider, hostStatus.ID)
 			}
 
-			proPort := 8123
-			fmt.Printf(`inlets-pro exit-node summary:
-  IP: %s
-  Auth-token: %s
-
-Command:
-  export TCP_PORTS="8000"
-  export LICENSE=""
-  inlets-pro client --connect "wss://%s:%d/connect" \
-	--token "%s" \
-	--license "$LICENSE" \
-	--tcp-ports $TCP_PORTS
-
-To Delete:
-	  inletsctl delete --provider %s --id "%s"
-`,
-				hostStatus.IP, inletsToken, hostStatus.IP, proPort, inletsToken, provider, hostStatus.ID)
-
 			return nil
 		}
 	}
@@ -300,6 +357,7 @@ func createHost(provider, name, region, zone, projectID, userData, inletsPort st
 				"zone":          zone,
 				"firewall-name": "inlets",
 				"firewall-port": inletsPort,
+				"pro":           fmt.Sprint(pro),
 			},
 		}, nil
 	} else if provider == "ec2" {
@@ -313,7 +371,7 @@ func createHost(provider, name, region, zone, projectID, userData, inletsPort st
 			UserData: base64.StdEncoding.EncodeToString([]byte(userData)),
 			Additional: map[string]string{
 				"inlets-port": inletsPort,
-				"pro": fmt.Sprint(pro),
+				"pro":         fmt.Sprint(pro),
 			},
 		}, nil
 	}
@@ -381,3 +439,54 @@ func getFileOrString(flags *pflag.FlagSet, file, value string, required bool) (s
 
 	return val, nil
 }
+
+func checkIfInletsIsInstalled(usingPro bool) (bool, error) {
+	basePath := "/usr/local/bin/%s"
+	if usingPro {
+		basePath = fmt.Sprintf(basePath, "inlets-pro")
+	} else {
+		basePath = fmt.Sprintf(basePath, "inlets")
+	}
+
+	fileInfo, err := os.Stat(basePath)
+	if err != nil {
+		return false, fmt.Errorf("Error finding file: %v", err)
+	}
+
+	if strings.SplitAfter(basePath, "/usr/local/bin/")[1] == fileInfo.Name() {
+		return true, nil
+	} else {
+		return false, nil
+	}
+
+}
+
+func runInletsClient(pro bool, exitNodeIP string, upstream string, inletsControlPort int, authToken string, license string) error {
+	installed, err := checkIfInletsIsInstalled(pro)
+	if err != nil {
+		return fmt.Errorf("could not check if inlets is installed: %v", err)
+	}
+
+	if !installed {
+		return fmt.Errorf("inlets/inlets-pro not installed")
+	}
+
+	if !pro {
+		fmt.Printf("Starting 'inlets client' now, hit control+c to delete the tunnel\n")
+		cmd := exec.Command("inlets", "client", "--remote", fmt.Sprintf("ws://%s:%d", exitNodeIP, inletsControlPort),
+			"--token", authToken, "--upstream", upstream)
+		err = cmd.Run()
+
+	} else {
+		fmt.Printf("Starting 'inlets-pro client' now, hit control+c to delete the tunnel\n")
+		cmd := exec.Command("inlets-pro", "client", "--connect", fmt.Sprintf("wss://%s:%d", exitNodeIP, inletsControlPort),
+			"--token", authToken, "--license", license, "--remote-tcp", upstream)
+		err = cmd.Run()
+	}
+
+	if err != nil && fmt.Sprintf("%s", err) != "signal: interrupt" {
+		return fmt.Errorf("%v", err)
+	}
+
+	return nil
+}
diff --git a/pkg/provision/gce.go b/pkg/provision/gce.go
index b3ddc05c..dc35e272 100644
--- a/pkg/provision/gce.go
+++ b/pkg/provision/gce.go
@@ -90,17 +90,25 @@ func (p *GCEProvisioner) Provision(host BasicHost) (*ProvisionedHost, error) {
 		},
 	}
 
-	exists, _ := p.checkInletsFirewallRuleExists(host.Additional["projectid"], host.Additional["firewall-name"], host.Additional["firewall-port"])
+	exists, _ := p.checkInletsFirewallRuleExists(host.Additional["projectid"], host.Additional["firewall-name"])
 
 	if !exists {
-		err := p.createInletsFirewallRule(host.Additional["projectid"], host.Additional["firewall-name"], host.Additional["firewall-port"])
 		log.Println("inlets firewallRule does not exist")
+		log.Printf("Creating inlets firewallRule opening port: %s\n", host.Additional["firewall-port"])
+		err := p.createInletsFirewallRule(host.Additional["projectid"], host.Additional["firewall-name"], host.Additional["firewall-port"], host.Additional["pro"])
 		if err != nil {
 			return nil, fmt.Errorf("could not create inlets firewall rule: %v", err)
 		}
-		log.Printf("Creating inlets firewallRule opening port: %s\n", host.Additional["firewall-port"])
 	} else {
-		log.Println("inlets firewallRule exists")
+		log.Println("inlets firewallRule exists, updating firewall-rules")
+		err := p.deleteInletsFirewallRule(host.Additional["projectid"], host.Additional["firewall-name"])
+		if err != nil {
+			return nil, fmt.Errorf("could not delete inlets firewall rule: %v", err)
+		}
+		err = p.createInletsFirewallRule(host.Additional["projectid"], host.Additional["firewall-name"], host.Additional["firewall-port"], host.Additional["pro"])
+		if err != nil {
+			return nil, fmt.Errorf("could not create inlets firewall rule: %v", err)
+		}
 	}
 
 	op, err := p.gceProvisioner.Instances.Insert(host.Additional["projectid"], host.Additional["zone"], instance).Do()
@@ -121,25 +129,32 @@ func (p *GCEProvisioner) Provision(host BasicHost) (*ProvisionedHost, error) {
 }
 
 // checkInletsFirewallRuleExists checks if the inlets firewall rule exists or not
-func (p *GCEProvisioner) checkInletsFirewallRuleExists(projectID string, firewallRuleName string, inletsPort string) (bool, error) {
+func (p *GCEProvisioner) checkInletsFirewallRuleExists(projectID string, firewallRuleName string) (bool, error) {
 	op, err := p.gceProvisioner.Firewalls.Get(projectID, firewallRuleName).Do()
 	if err != nil {
 		return false, fmt.Errorf("could not get inlets firewall rule: %v", err)
 	}
 	if op.Name == firewallRuleName {
-		for _, firewallRule := range op.Allowed {
-			for _, port := range firewallRule.Ports {
-				if port == inletsPort {
-					return true, nil
-				}
-			}
-		}
+		return true, nil
 	}
 	return false, nil
 }
 
+// deleteInletsFirewallRule deletes the existing firewallRule (Used to update the firewallRule ports)
+func (p *GCEProvisioner) deleteInletsFirewallRule(projectID string, firewallRuleName string) error {
+	_, err := p.gceProvisioner.Firewalls.Delete(projectID, firewallRuleName).Do()
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
 // createInletsFirewallRule creates a firewall rule opening up the control port for inlets
-func (p *GCEProvisioner) createInletsFirewallRule(projectID string, firewallRuleName string, inletsPort string) error {
+func (p *GCEProvisioner) createInletsFirewallRule(projectID string, firewallRuleName string, inletsPort string, pro string) error {
+	if pro == "true" {
+		inletsPort = "1024-65535"
+	}
+
 	firewallRule := &compute.Firewall{
 		Name:        firewallRuleName,
 		Description: "Firewall rule created by inlets-operator",
@@ -157,7 +172,7 @@ func (p *GCEProvisioner) createInletsFirewallRule(projectID string, firewallRule
 
 	_, err := p.gceProvisioner.Firewalls.Insert(projectID, firewallRule).Do()
 	if err != nil {
-		return fmt.Errorf("could not create firewall rule: %v", err)
+		return err
 	}
 	return nil
 }