Compare commits
2 Commits
071d597f3f
...
2306a08844
Author | SHA1 | Date |
---|---|---|
wpetit | 2306a08844 | |
wpetit | fa1ed6ea42 |
|
@ -1,30 +1,26 @@
|
||||||
//go:build android
|
|
||||||
// +build android
|
|
||||||
|
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"crypto/tls"
|
||||||
"os"
|
"os"
|
||||||
"sync"
|
"path/filepath"
|
||||||
|
|
||||||
"forge.cadoles.com/arcad/arcast"
|
"forge.cadoles.com/arcad/arcast"
|
||||||
"forge.cadoles.com/arcad/arcast/pkg/browser/gioui"
|
"forge.cadoles.com/arcad/arcast/pkg/browser/gioui"
|
||||||
"forge.cadoles.com/arcad/arcast/pkg/selfsigned"
|
"forge.cadoles.com/arcad/arcast/pkg/config"
|
||||||
"forge.cadoles.com/arcad/arcast/pkg/server"
|
"forge.cadoles.com/arcad/arcast/pkg/server"
|
||||||
"gioui.org/app"
|
"gioui.org/app"
|
||||||
"gioui.org/io/system"
|
"gioui.org/io/system"
|
||||||
"gioui.org/layout"
|
"gioui.org/layout"
|
||||||
"gioui.org/op"
|
"gioui.org/op"
|
||||||
"github.com/gioui-plugins/gio-plugins/plugin"
|
"github.com/gioui-plugins/gio-plugins/plugin"
|
||||||
"github.com/gioui-plugins/gio-plugins/safedata"
|
|
||||||
"github.com/gioui-plugins/gio-plugins/safedata/giosafedata"
|
|
||||||
"github.com/gioui-plugins/gio-plugins/webviewer/webview"
|
"github.com/gioui-plugins/gio-plugins/webviewer/webview"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
"gitlab.com/wpetit/goweb/logger"
|
"gitlab.com/wpetit/goweb/logger"
|
||||||
)
|
)
|
||||||
|
|
||||||
const instanceIDSecretIdentifier = "instance_id"
|
const packageName = "com.cadoles.arcast_player"
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
|
@ -36,12 +32,6 @@ func main() {
|
||||||
|
|
||||||
browser := gioui.NewBrowser(window)
|
browser := gioui.NewBrowser(window)
|
||||||
|
|
||||||
var safeDataConfig safedata.Config
|
|
||||||
var safeDataConfigWaigGroup sync.WaitGroup
|
|
||||||
var initSafeDataConfig sync.Once
|
|
||||||
|
|
||||||
safeDataConfigWaigGroup.Add(1)
|
|
||||||
|
|
||||||
go func() {
|
go func() {
|
||||||
ops := new(op.Ops)
|
ops := new(op.Ops)
|
||||||
for {
|
for {
|
||||||
|
@ -56,11 +46,6 @@ func main() {
|
||||||
gtx := layout.NewContext(ops, evt)
|
gtx := layout.NewContext(ops, evt)
|
||||||
browser.Layout(gtx)
|
browser.Layout(gtx)
|
||||||
evt.Frame(gtx.Ops)
|
evt.Frame(gtx.Ops)
|
||||||
case app.ViewEvent:
|
|
||||||
initSafeDataConfig.Do(func() {
|
|
||||||
defer safeDataConfigWaigGroup.Done()
|
|
||||||
safeDataConfig = giosafedata.NewConfigFromViewEvent(window, evt, "com.cadoles.arcast_player")
|
|
||||||
})
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}()
|
}()
|
||||||
|
@ -71,26 +56,32 @@ func main() {
|
||||||
ctx, cancel := context.WithCancel(ctx)
|
ctx, cancel := context.WithCancel(ctx)
|
||||||
defer cancel()
|
defer cancel()
|
||||||
|
|
||||||
safeDataConfigWaigGroup.Wait()
|
conf := config.DefaultConfig()
|
||||||
safe := safedata.NewSafeData(safeDataConfig)
|
configFiles := getConfigFiles(ctx)
|
||||||
|
for _, f := range configFiles {
|
||||||
|
logger.Info(ctx, "loading or creating configuration file", logger.F("filename", f))
|
||||||
|
if err := config.LoadOrCreate(ctx, f, conf, config.DefaultTransforms...); err != nil {
|
||||||
|
logger.Error(ctx, "could not load configuration file", logger.CapturedE(errors.WithStack(err)))
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
instanceID, err := getInstanceIDFromSafeData(ctx, safe)
|
break
|
||||||
if err != nil {
|
|
||||||
logger.Fatal(ctx, "could not retrieve instance id", logger.CapturedE(errors.WithStack(err)))
|
|
||||||
}
|
}
|
||||||
|
|
||||||
cert, err := selfsigned.NewLANCert()
|
cert, err := tls.X509KeyPair(conf.HTTPS.Cert, conf.HTTPS.Key)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Fatal(ctx, "could not generate self signed certificate", logger.CapturedE(errors.WithStack(err)))
|
logger.Fatal(ctx, "could not parse x509 certificate", logger.CapturedE(errors.WithStack(err)))
|
||||||
}
|
}
|
||||||
|
|
||||||
server := server.New(
|
server := server.New(
|
||||||
browser,
|
browser,
|
||||||
server.WithInstanceID(instanceID),
|
server.WithInstanceID(conf.InstanceID),
|
||||||
server.WithAppsEnabled(true),
|
server.WithAppsEnabled(conf.Apps.Enabled),
|
||||||
server.WithDefaultApp("home"),
|
server.WithDefaultApp(conf.Apps.DefaultApp),
|
||||||
server.WithApps(arcast.DefaultApps...),
|
server.WithApps(arcast.DefaultApps...),
|
||||||
server.WithTLSCertificate(cert),
|
server.WithTLSCertificate(&cert),
|
||||||
|
server.WithAddress(conf.HTTP.Address),
|
||||||
|
server.WithTLSAddress(conf.HTTPS.Address),
|
||||||
)
|
)
|
||||||
|
|
||||||
if err := server.Start(); err != nil {
|
if err := server.Start(); err != nil {
|
||||||
|
@ -112,26 +103,19 @@ func main() {
|
||||||
app.Main()
|
app.Main()
|
||||||
}
|
}
|
||||||
|
|
||||||
func getInstanceIDFromSafeData(ctx context.Context, safe *safedata.SafeData) (string, error) {
|
func getConfigFiles(ctx context.Context) []string {
|
||||||
instanceIDSecret, err := safe.Get(instanceIDSecretIdentifier)
|
configFiles := make([]string, 0)
|
||||||
if err != nil && err.Error() != "not found" {
|
|
||||||
logger.Error(ctx, "could not retrieve instance id secret", logger.CapturedE(errors.WithStack(err)))
|
|
||||||
}
|
|
||||||
|
|
||||||
var instanceID string
|
sharedStorageConfigFile := filepath.Join("/storage/emulated/0/Android/data", packageName, "files/config.json")
|
||||||
if len(instanceIDSecret.Data) > 0 {
|
configFiles = append(configFiles, sharedStorageConfigFile)
|
||||||
instanceID = string(instanceIDSecret.Data)
|
|
||||||
|
dataDir, err := app.DataDir()
|
||||||
|
if err != nil {
|
||||||
|
logger.Error(ctx, "could not retrieve app data dir", logger.CapturedE(errors.WithStack(err)))
|
||||||
} else {
|
} else {
|
||||||
instanceID = server.NewRandomInstanceID()
|
appDataConfigFile := filepath.Join(dataDir, "config.json")
|
||||||
|
configFiles = append(configFiles, appDataConfigFile)
|
||||||
instanceIDSecret.Identifier = instanceIDSecretIdentifier
|
|
||||||
instanceIDSecret.Data = []byte(instanceID)
|
|
||||||
instanceIDSecret.Description = "Arcast player instance identifier"
|
|
||||||
|
|
||||||
if err := safe.Set(instanceIDSecret); err != nil {
|
|
||||||
return "", errors.Wrapf(err, "could not save instance id secret")
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return instanceID, nil
|
return configFiles
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,12 +1,14 @@
|
||||||
package player
|
package player
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
|
"crypto/tls"
|
||||||
"fmt"
|
"fmt"
|
||||||
"os"
|
"os"
|
||||||
|
|
||||||
"forge.cadoles.com/arcad/arcast"
|
"forge.cadoles.com/arcad/arcast"
|
||||||
"forge.cadoles.com/arcad/arcast/pkg/browser/lorca"
|
"forge.cadoles.com/arcad/arcast/pkg/browser/lorca"
|
||||||
"forge.cadoles.com/arcad/arcast/pkg/selfsigned"
|
"forge.cadoles.com/arcad/arcast/pkg/config"
|
||||||
"forge.cadoles.com/arcad/arcast/pkg/server"
|
"forge.cadoles.com/arcad/arcast/pkg/server"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
"github.com/urfave/cli/v2"
|
"github.com/urfave/cli/v2"
|
||||||
|
@ -15,9 +17,15 @@ import (
|
||||||
|
|
||||||
func Run() *cli.Command {
|
func Run() *cli.Command {
|
||||||
defaults := lorca.NewOptions()
|
defaults := lorca.NewOptions()
|
||||||
|
|
||||||
return &cli.Command{
|
return &cli.Command{
|
||||||
Name: "run",
|
Name: "run",
|
||||||
Flags: []cli.Flag{
|
Flags: []cli.Flag{
|
||||||
|
&cli.StringFlag{
|
||||||
|
Name: "config",
|
||||||
|
EnvVars: []string{"ARCAST_DESKTOP_CONFIG"},
|
||||||
|
Value: config.DefaultConfigFile(context.Background()),
|
||||||
|
},
|
||||||
&cli.StringSliceFlag{
|
&cli.StringSliceFlag{
|
||||||
Name: "additional-chrome-arg",
|
Name: "additional-chrome-arg",
|
||||||
EnvVars: []string{"ARCAST_DESKTOP_ADDITIONAL_CHROME_ARGS"},
|
EnvVars: []string{"ARCAST_DESKTOP_ADDITIONAL_CHROME_ARGS"},
|
||||||
|
@ -34,8 +42,8 @@ func Run() *cli.Command {
|
||||||
Value: ":",
|
Value: ":",
|
||||||
},
|
},
|
||||||
&cli.StringFlag{
|
&cli.StringFlag{
|
||||||
Name: "tls-address",
|
Name: "https-address",
|
||||||
EnvVars: []string{"ARCAST_DESKTOP_TLS_ADDRESS"},
|
EnvVars: []string{"ARCAST_DESKTOP_HTTPS_ADDRESS"},
|
||||||
Value: ":",
|
Value: ":",
|
||||||
},
|
},
|
||||||
&cli.IntFlag{
|
&cli.IntFlag{
|
||||||
|
@ -55,12 +63,10 @@ func Run() *cli.Command {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Action: func(ctx *cli.Context) error {
|
Action: func(ctx *cli.Context) error {
|
||||||
|
configFile := ctx.String("config")
|
||||||
windowHeight := ctx.Int("window-height")
|
windowHeight := ctx.Int("window-height")
|
||||||
windowWidth := ctx.Int("window-width")
|
windowWidth := ctx.Int("window-width")
|
||||||
chromeArgs := addFlagsPrefix(ctx.StringSlice("additional-chrome-arg")...)
|
chromeArgs := addFlagsPrefix(ctx.StringSlice("additional-chrome-arg")...)
|
||||||
enableApps := ctx.Bool("apps")
|
|
||||||
serverAddress := ctx.String("address")
|
|
||||||
serverTLSAddress := ctx.String("tls-address")
|
|
||||||
|
|
||||||
browser := lorca.NewBrowser(
|
browser := lorca.NewBrowser(
|
||||||
lorca.WithAdditionalChromeArgs(chromeArgs...),
|
lorca.WithAdditionalChromeArgs(chromeArgs...),
|
||||||
|
@ -84,24 +90,43 @@ func Run() *cli.Command {
|
||||||
}
|
}
|
||||||
}()
|
}()
|
||||||
|
|
||||||
instanceID := ctx.String("instance-id")
|
conf := config.DefaultConfig()
|
||||||
if instanceID == "" {
|
|
||||||
instanceID = server.NewRandomInstanceID()
|
logger.Info(ctx.Context, "loading or creating configuration file", logger.F("filename", configFile))
|
||||||
|
if err := config.LoadOrCreate(ctx.Context, configFile, conf, config.DefaultTransforms...); err != nil {
|
||||||
|
logger.Error(ctx.Context, "could not load configuration file", logger.CapturedE(errors.WithStack(err)))
|
||||||
}
|
}
|
||||||
|
|
||||||
cert, err := selfsigned.NewLANCert()
|
instanceID := ctx.String("instance-id")
|
||||||
|
if instanceID != "" {
|
||||||
|
conf.InstanceID = instanceID
|
||||||
|
}
|
||||||
|
|
||||||
|
cert, err := tls.X509KeyPair(conf.HTTPS.Cert, conf.HTTPS.Key)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.Wrap(err, "could not generate self signed certificate")
|
return errors.Wrap(err, "could not parse tls cert/key pair")
|
||||||
|
}
|
||||||
|
|
||||||
|
if ctx.IsSet("apps") {
|
||||||
|
conf.Apps.Enabled = ctx.Bool("apps")
|
||||||
|
}
|
||||||
|
|
||||||
|
if ctx.IsSet("address") {
|
||||||
|
conf.HTTP.Address = ctx.String("address")
|
||||||
|
}
|
||||||
|
|
||||||
|
if ctx.IsSet("https-address") {
|
||||||
|
conf.HTTPS.Address = ctx.String("tls-address")
|
||||||
}
|
}
|
||||||
|
|
||||||
server := server.New(browser,
|
server := server.New(browser,
|
||||||
server.WithInstanceID(instanceID),
|
server.WithInstanceID(conf.InstanceID),
|
||||||
server.WithAppsEnabled(enableApps),
|
server.WithAppsEnabled(conf.Apps.Enabled),
|
||||||
server.WithDefaultApp("home"),
|
server.WithDefaultApp(conf.Apps.DefaultApp),
|
||||||
server.WithApps(arcast.DefaultApps...),
|
server.WithApps(arcast.DefaultApps...),
|
||||||
server.WithAddress(serverAddress),
|
server.WithAddress(conf.HTTP.Address),
|
||||||
server.WithTLSAddress(serverTLSAddress),
|
server.WithTLSAddress(conf.HTTPS.Address),
|
||||||
server.WithTLSCertificate(cert),
|
server.WithTLSCertificate(&cert),
|
||||||
)
|
)
|
||||||
|
|
||||||
if err := server.Start(); err != nil {
|
if err := server.Start(); err != nil {
|
||||||
|
|
|
@ -0,0 +1,82 @@
|
||||||
|
### Source https://github.com/DesktopECHO/T95-H616-Malware
|
||||||
|
###
|
||||||
|
### Clobber Malware/Junk - Run in PowerShell or Bash
|
||||||
|
### Requires ADB Connection (ie: adb connect 10.13.12.11:5555)
|
||||||
|
###
|
||||||
|
### Install ADB (If not already installed)
|
||||||
|
###
|
||||||
|
### - Assuming you're on Windows, to install ADB simply
|
||||||
|
### install Chocolatey and install ADB using Choco:
|
||||||
|
### choco install adb
|
||||||
|
###
|
||||||
|
### - macOS users have Homebrew to accomplish the same thing:
|
||||||
|
### brew install android-platform-tools
|
||||||
|
###
|
||||||
|
|
||||||
|
wget https://github.com/bromite/bromite/releases/latest/download/arm_ChromePublic.apk -O chromium.apk
|
||||||
|
wget https://github.com/TeamAmaze/AmazeFileManager/releases/latest/download/app-fdroid-release.apk -O filemanager.apk
|
||||||
|
wget https://raw.githubusercontent.com/make-github-pseudonymous-again/pixels/main/1x1%23000000.jpg -O BlackBackground.jpg
|
||||||
|
wget https://f-droid.org/repo/com.termux_118.apk -O termux.apk
|
||||||
|
wget https://github.com/DesktopECHO/Pi-hole-for-Android/releases/latest/download/pideploy.apk -O pideploy.apk
|
||||||
|
adb push BlackBackground.jpg /sdcard/Download/BlackBackground.jpg
|
||||||
|
|
||||||
|
adb root
|
||||||
|
sleep 10
|
||||||
|
adb shell "cmd uimode night yes"
|
||||||
|
adb install filemanager.apk
|
||||||
|
adb install termux.apk
|
||||||
|
adb install pideploy.apk
|
||||||
|
adb install chromium.apk
|
||||||
|
adb shell pm uninstall --user 0 com.adups.fota
|
||||||
|
adb shell pm uninstall --user 0 com.ftest
|
||||||
|
adb shell pm uninstall --user 0 com.ionitech.airscreen
|
||||||
|
adb shell pm uninstall --user 0 com.charon.rocketfly
|
||||||
|
adb shell pm uninstall --user 0 com.netflix.mediaclient
|
||||||
|
adb shell pm uninstall --user 0 com.android.music
|
||||||
|
adb shell pm uninstall --user 0 com.android.dynsystem
|
||||||
|
adb shell pm uninstall --user 0 com.android.egg
|
||||||
|
adb shell pm uninstall --user 0 com.www.intallapp
|
||||||
|
adb shell pm uninstall --user 0 com.www.productdeclare
|
||||||
|
adb shell pm uninstall --user 0 org.xbmc.kodi
|
||||||
|
adb shell pm uninstall --user 0 com.softwinner.TvdFileManager
|
||||||
|
adb shell pm uninstall --user 0 com.apkpure.aegon
|
||||||
|
adb shell pm uninstall --user 0 com.amazon.avod.thirdpartyclient
|
||||||
|
adb shell pm uninstall --user 0 com.adups.market
|
||||||
|
adb shell pm uninstall --user 0 com.android.camera2
|
||||||
|
adb shell pm uninstall --user 0 com.android.deskclock
|
||||||
|
adb shell pm uninstall --user 0 com.android.chrome
|
||||||
|
adb shell pm uninstall --user 0 com.google.android.feedback
|
||||||
|
adb shell pm uninstall --user 0 com.google.android.katniss
|
||||||
|
adb shell pm uninstall --user 0 net.lightflash.wallpapersn
|
||||||
|
adb shell pm uninstall --user 0 com.google.android.youtube.tv
|
||||||
|
adb shell pm uninstall --user 0 com.android.gallery3d
|
||||||
|
adb shell pm uninstall --user 0 com.android.wallpaper.livepicker
|
||||||
|
adb shell pm uninstall --user 0 com.android.wallpaperbackup
|
||||||
|
adb shell pm uninstall --user 0 com.android.dreams.basic
|
||||||
|
adb shell pm uninstall --user 0 com.android.dreams.web
|
||||||
|
adb shell pm uninstall --user 0 com.android.dreams.phototable
|
||||||
|
adb shell pm uninstall --user 0 cm.aptoidetv.pt
|
||||||
|
|
||||||
|
adb shell rm -rf /data/data/org.xbmc.kodi
|
||||||
|
adb shell rm -rf /data/data/com.www.intallapp
|
||||||
|
adb shell rm -rf /data/data/com.www.productdeclare
|
||||||
|
adb shell rm -rf /data/media/0/Android/data/com.adups.fota
|
||||||
|
adb shell rm -rf /data/misc/profiles/ref/com.adups.fota
|
||||||
|
adb shell rm -rf /data/misc/profiles/cur/0/com.adups.fota
|
||||||
|
|
||||||
|
adb shell rm -rf /data/system/shared_prefs
|
||||||
|
adb shell mkdir -p /data/system/shared_prefs/open_preference.xml
|
||||||
|
adb shell chmod 0000 /data/system/shared_prefs/open_preference.xml
|
||||||
|
adb shell /vendor/bin/busybox chattr +i /data/system/shared_prefs/open_preference.xml
|
||||||
|
|
||||||
|
adb shell rm -rf /data/system/Corejava
|
||||||
|
adb shell touch /data/system/Corejava
|
||||||
|
adb shell chmod 0000 /data/system/Corejava
|
||||||
|
adb shell /vendor/bin/busybox chattr +i /data/system/Corejava
|
||||||
|
|
||||||
|
adb shell rm -rf /data/data/com.adups.fota
|
||||||
|
adb shell touch /data/data/com.adups.fota
|
||||||
|
adb shell chmod 0000 /data/data/com.adups.fota
|
||||||
|
adb shell /vendor/bin/busybox chattr +i /data/data/com.adups.fota
|
||||||
|
|
||||||
|
echo Cleanup finished, reboot your device.
|
|
@ -0,0 +1,114 @@
|
||||||
|
package config
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"encoding/json"
|
||||||
|
"os"
|
||||||
|
"path/filepath"
|
||||||
|
|
||||||
|
"forge.cadoles.com/arcad/arcast/pkg/server"
|
||||||
|
"github.com/pkg/errors"
|
||||||
|
"gitlab.com/wpetit/goweb/logger"
|
||||||
|
)
|
||||||
|
|
||||||
|
type Config struct {
|
||||||
|
InstanceID string `json:"instanceId"`
|
||||||
|
HTTP HTTPConfig `json:"http"`
|
||||||
|
HTTPS HTTPSConfig `json:"https"`
|
||||||
|
Apps AppsConfig `json:"apps"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type HTTPConfig struct {
|
||||||
|
Address string `json:"address"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type HTTPSConfig struct {
|
||||||
|
Address string `json:"address"`
|
||||||
|
Cert []byte `json:"cert"`
|
||||||
|
Key []byte `json:"key"`
|
||||||
|
SelfSigned SelfSignedCertConfig `json:"selfSigned"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type SelfSignedCertConfig struct {
|
||||||
|
Enabled bool `json:"enabled"`
|
||||||
|
NetworkFingerprint string `json:"networkFingerprint"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type AppsConfig struct {
|
||||||
|
Enabled bool `json:"enabled"`
|
||||||
|
DefaultApp string `json:"defaultApp"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type TransformFunc func(ctx context.Context, conf *Config) error
|
||||||
|
|
||||||
|
func DefaultConfigFile(ctx context.Context) string {
|
||||||
|
configDir, err := os.UserConfigDir()
|
||||||
|
if err != nil {
|
||||||
|
logger.Error(ctx, "could not get user config dir", logger.CapturedE(errors.WithStack(err)))
|
||||||
|
configDir = ""
|
||||||
|
}
|
||||||
|
|
||||||
|
if configDir != "" {
|
||||||
|
configDir = filepath.Join(configDir, "arcast-player")
|
||||||
|
}
|
||||||
|
|
||||||
|
return filepath.Join(configDir, "config.json")
|
||||||
|
}
|
||||||
|
|
||||||
|
func LoadOrCreate(ctx context.Context, filename string, conf *Config, funcs ...TransformFunc) error {
|
||||||
|
data, err := os.ReadFile(filename)
|
||||||
|
if err != nil && !os.IsNotExist(err) {
|
||||||
|
return errors.WithStack(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if data != nil {
|
||||||
|
if err := json.Unmarshal(data, conf); err != nil {
|
||||||
|
return errors.WithStack(err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, fn := range funcs {
|
||||||
|
if err := fn(ctx, conf); err != nil {
|
||||||
|
return errors.WithStack(err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
data, err = json.MarshalIndent(conf, "", " ")
|
||||||
|
if err != nil {
|
||||||
|
return errors.WithStack(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
dirname := filepath.Dir(filename)
|
||||||
|
|
||||||
|
if _, err := os.Stat(dirname); os.IsNotExist(err) {
|
||||||
|
if err := os.MkdirAll(dirname, 0777); err != nil {
|
||||||
|
return errors.WithStack(err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := os.WriteFile(filename, data, 0640); err != nil {
|
||||||
|
return errors.WithStack(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func DefaultConfig() *Config {
|
||||||
|
return &Config{
|
||||||
|
InstanceID: server.NewRandomInstanceID(),
|
||||||
|
HTTP: HTTPConfig{
|
||||||
|
Address: ":45555",
|
||||||
|
},
|
||||||
|
HTTPS: HTTPSConfig{
|
||||||
|
Address: ":45556",
|
||||||
|
SelfSigned: SelfSignedCertConfig{
|
||||||
|
Enabled: true,
|
||||||
|
NetworkFingerprint: "",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Apps: AppsConfig{
|
||||||
|
Enabled: true,
|
||||||
|
DefaultApp: "home",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,6 @@
|
||||||
|
package config
|
||||||
|
|
||||||
|
var DefaultTransforms = []TransformFunc{
|
||||||
|
GenerateSelfSignedCert,
|
||||||
|
RenewExpiredSelfSignedCert,
|
||||||
|
}
|
|
@ -0,0 +1,100 @@
|
||||||
|
package config
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"crypto/sha256"
|
||||||
|
"crypto/tls"
|
||||||
|
"crypto/x509"
|
||||||
|
"fmt"
|
||||||
|
"slices"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"forge.cadoles.com/arcad/arcast/pkg/network"
|
||||||
|
"forge.cadoles.com/arcad/arcast/pkg/selfsigned"
|
||||||
|
"github.com/pkg/errors"
|
||||||
|
"gitlab.com/wpetit/goweb/logger"
|
||||||
|
)
|
||||||
|
|
||||||
|
func GenerateSelfSignedCert(ctx context.Context, conf *Config) error {
|
||||||
|
if !conf.HTTPS.SelfSigned.Enabled {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
if conf.HTTPS.Cert != nil && conf.HTTPS.Key != nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
rawCert, rawKey, err := selfsigned.NewLANKeyPair()
|
||||||
|
if err != nil {
|
||||||
|
return errors.Wrap(err, "could not generate self signed x509 key pair")
|
||||||
|
}
|
||||||
|
|
||||||
|
conf.HTTPS.Cert = rawCert
|
||||||
|
conf.HTTPS.Key = rawKey
|
||||||
|
|
||||||
|
networkFingerprint, err := getNetworkFingerprint()
|
||||||
|
if err != nil {
|
||||||
|
return errors.Wrap(err, "could not retrieve network fingerprint")
|
||||||
|
}
|
||||||
|
|
||||||
|
conf.HTTPS.SelfSigned.NetworkFingerprint = networkFingerprint
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func RenewExpiredSelfSignedCert(ctx context.Context, conf *Config) error {
|
||||||
|
if !conf.HTTPS.SelfSigned.Enabled {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
if conf.HTTPS.Cert == nil || conf.HTTPS.Key == nil {
|
||||||
|
if err := GenerateSelfSignedCert(ctx, conf); err != nil {
|
||||||
|
return errors.WithStack(err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
cert, err := tls.X509KeyPair(conf.HTTPS.Cert, conf.HTTPS.Key)
|
||||||
|
if err != nil {
|
||||||
|
return errors.Wrap(err, "could not parse x509 cert/key pair")
|
||||||
|
}
|
||||||
|
|
||||||
|
leaf, err := x509.ParseCertificate(cert.Certificate[0])
|
||||||
|
if err != nil {
|
||||||
|
logger.Error(ctx, "could not parse x509 certificate, regenerating one", logger.CapturedE(errors.WithStack(err)))
|
||||||
|
|
||||||
|
if err := GenerateSelfSignedCert(ctx, conf); err != nil {
|
||||||
|
return errors.WithStack(err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Check that self-signed certificate is still valid
|
||||||
|
if time.Now().Before(leaf.NotAfter) {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
logger.Warn(ctx, "self-signed certificate has expired, regenerating one", logger.CapturedE(errors.WithStack(err)))
|
||||||
|
|
||||||
|
if err := GenerateSelfSignedCert(ctx, conf); err != nil {
|
||||||
|
return errors.WithStack(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func getNetworkFingerprint() (string, error) {
|
||||||
|
ips, err := network.GetLANIPv4Addrs()
|
||||||
|
if err != nil {
|
||||||
|
return "", errors.WithStack(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
slices.Sort(ips)
|
||||||
|
|
||||||
|
hash := sha256.New()
|
||||||
|
for _, ip := range ips {
|
||||||
|
if _, err := hash.Write([]byte(ip)); err != nil {
|
||||||
|
return "", errors.WithStack(err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return fmt.Sprintf("%x", hash.Sum(nil)), nil
|
||||||
|
}
|
|
@ -19,15 +19,24 @@ import (
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
)
|
)
|
||||||
|
|
||||||
func NewLANCert() (*tls.Certificate, error) {
|
func NewLANKeyPair() ([]byte, []byte, error) {
|
||||||
hosts, err := network.GetLANIPv4Addrs()
|
hosts, err := network.GetLANIPv4Addrs()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errors.WithStack(err)
|
return nil, nil, errors.WithStack(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
hosts = append(hosts, "127.0.0.1")
|
hosts = append(hosts, "127.0.0.1")
|
||||||
|
|
||||||
rawCert, rawKey, err := NewCertKeyPair(hosts...)
|
rawCert, rawKey, err := NewCertKeyPair(hosts...)
|
||||||
|
if err != nil {
|
||||||
|
return nil, nil, errors.WithStack(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return rawCert, rawKey, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewLANCert() (*tls.Certificate, error) {
|
||||||
|
rawCert, rawKey, err := NewLANKeyPair()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errors.WithStack(err)
|
return nil, errors.WithStack(err)
|
||||||
}
|
}
|
||||||
|
|
|
@ -41,7 +41,7 @@ func (s *Server) handleBroadcast(w http.ResponseWriter, r *http.Request) {
|
||||||
|
|
||||||
for {
|
for {
|
||||||
messageType, message, err := c.ReadMessage()
|
messageType, message, err := c.ReadMessage()
|
||||||
if err != nil {
|
if err != nil && !websocket.IsCloseError(err, 1001) {
|
||||||
logger.Error(ctx, "could not read message", logger.E(errors.WithStack(err)))
|
logger.Error(ctx, "could not read message", logger.E(errors.WithStack(err)))
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
<head>
|
<head>
|
||||||
<meta charset="utf-8" />
|
<meta charset="utf-8" />
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||||
<title>Arcast - Idle</title>
|
<title>Arcast - Ready to cast !</title>
|
||||||
<style>
|
<style>
|
||||||
html {
|
html {
|
||||||
box-sizing: border-box;
|
box-sizing: border-box;
|
||||||
|
|
Loading…
Reference in New Issue