Integration of installation codes and control channel

.github/workflows/ci.yml

@@ -37,6 +37,9 @@ jobs:
           libssl-dev \
           libgrpc++-dev \
           libprotobuf-dev \
+          libabsl-dev \
+          libre2-dev \
+          libupb-dev \
           protobuf-compiler-grpc
 
     - name: Download NGINX source

.gitignore

@@ -0,0 +1,197 @@
+# Compiled Object files
+*.slo
+*.lo
+*.o
+*.obj
+
+# Precompiled Headers
+*.gch
+*.pch
+
+# Compiled Dynamic libraries
+*.so
+*.dylib
+*.dll
+
+# Fortran module files
+*.mod
+*.smod
+
+# Compiled Static libraries
+*.lai
+*.la
+*.a
+*.lib
+
+# Executables
+*.exe
+*.out
+*.app
+
+# Debug files
+*.dSYM/
+*.su
+*.idb
+*.pdb
+
+# CMake
+CMakeCache.txt
+CMakeFiles/
+CMakeScripts/
+Testing/
+Makefile
+cmake_install.cmake
+install_manifest.txt
+compile_commands.json
+CTestTestfile.cmake
+
+# Build directories
+build/
+Build/
+BUILD/
+debug/
+Debug/
+release/
+Release/
+bin/
+obj/
+out/
+
+# Qt
+*.pro.user
+*.pro.user.*
+*.qbs.user
+*.qbs.user.*
+*.moc
+moc_*.cpp
+moc_*.h
+qrc_*.cpp
+ui_*.h
+*.qmlc
+*.jsc
+Makefile*
+*build-*
+
+# Visual Studio
+.vs/
+*.vcxproj.user
+*.vcxproj.filters
+*.sln.docstates
+*.opensdf
+*.sdf
+*.cachefile
+*.VC.db
+*.VC.VC.opendb
+ipch/
+
+# Visual Studio Code
+.vscode/
+*.code-workspace
+
+# CLion
+.idea/
+cmake-build-*/
+
+# Xcode
+*.pbxuser
+!default.pbxuser
+*.mode1v3
+!default.mode1v3
+*.mode2v3
+!default.mode2v3
+*.perspectivev3
+!default.perspectivev3
+xcuserdata/
+*.moved-aside
+*.xccheckout
+*.xcscmblueprint
+
+# Code::Blocks
+*.depend
+*.layout
+*.cbp
+
+# Dev-C++
+Makefile.win
+
+# Conan
+conanfile.txt
+conanfile.py
+conandata.yml
+conanbuildinfo.*
+conaninfo.txt
+
+# vcpkg
+vcpkg_installed/
+
+# Package managers
+node_modules/
+
+# Temporary files
+*.tmp
+*.temp
+*.swp
+*.swo
+*~
+
+# Log files
+*.log
+
+# Core dumps
+core
+core.*
+
+# Profiling data
+gmon.out
+*.prof
+
+# Coverage files
+*.gcov
+*.gcno
+*.gcda
+coverage/
+*.coverage
+
+# Valgrind
+*.memcheck
+*.helgrind
+*.drd
+
+# Doxygen
+html/
+latex/
+Doxyfile.bak
+
+# OS generated files
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
+
+# Linux
+*~
+.fuse_hidden*
+.directory
+.Trash-*
+.nfs*
+
+# Windows
+*.stackdump
+
+# Archives
+*.7z
+*.dmg
+*.gz
+*.iso
+*.jar
+*.rar
+*.tar
+*.zip
+
+# Backup files
+*.bak
+*.backup
+*.old

README.md

@@ -41,8 +41,12 @@ These packages provide the required headers and tools to compile gRPC-based modu
 
 ```bash
 sudo apt install -y \
-  libgrpc++-dev \
-  libprotobuf-dev \
+    libgrpc++-dev \
+    libgrpc-dev \
+    libprotobuf-dev \
+    libabsl-dev \
+    libre2-dev \
+    libupb-dev
   protobuf-compiler-grpc
 ```
 
@@ -96,8 +100,7 @@ The `appguard-nginx-module` introduces custom directives that can be used in the
 | `appguard_enabled`        | `appguard_enabled on \| off`                  | `off`               | Enables or disables AppGuard processing for requests. When enabled, HTTP requests will be evaluated by the AppGuard service. |
 | `appguard_tls`           | `appguard_tls on \| off`                     | `off`               | Enables or disables TLS (Transport Layer Security) for gRPC communication with the backend server. When enabled, all communication with the backend will be encrypted. |
 | `appguard_server_addr`   | `appguard_server_addr <host>:<port>`        | `""`                | Specifies the address of the gRPC backend server that handles policy decisions. Default is empty, meaning no server is defined until configured. |
-| `appguard_app_id`        | `appguard_app_id <id>`                      | `""`                | A unique identifier for your application used for authentication or tracking purposes with the backend server. |
-| `appguard_app_secret`    | `appguard_app_secret <secret>`              | `""`                | A secret key associated with the `appguard_app_id` used for authentication with the backend server. |
+| `appguard_installation_code`    | `appguard_installation_code <code>`              | `""`                | Installation code obtained from the NullNet portal. Used for authenticating and authorizing the agent with the backend server. |
 | `appguard_default_policy`| `appguard_default_policy <allow\|deny>`      | `deny`              | Defines the default policy when no explicit rule matches the request. If set to `allow`, requests that don't match any rules will be allowed; otherwise, they are denied. |
 | `appguard_server_cert_path` | `appguard_server_cert_path <path>`        | `""`                | Specifies the file path to the server's certificate (e.g., CA certificate) used for TLS verification when `appguard_tls` is enabled. If left empty, the system's default root CAs will be used for verification. |
 
@@ -111,8 +114,7 @@ http {
 
         appguard_enabled on;
         appguard_server_addr localhost:50051;
-        appguard_app_id qwerty;
-        appguard_app_secret ytrewq;
+        appguard_installation_code CODE;
         appguard_tls on;
         appguard_default_policy allow;
         appguard_server_cert_path /path/to/ca.pem;

config

@@ -1,25 +1,31 @@
 ngx_addon_name=appguard_nginx_module
 
 NGX_APPGUARD_SRCS="                                    \
-    $ngx_addon_dir/src/appguard.pb.cc                  \
-    $ngx_addon_dir/src/appguard.grpc.pb.cc             \
+    $ngx_addon_dir/src/generated/appguard.pb.cc        \
+    $ngx_addon_dir/src/generated/appguard.grpc.pb.cc   \
+    $ngx_addon_dir/src/generated/commands.pb.cc        \
+    $ngx_addon_dir/src/generated/commands.grpc.pb.cc   \
     $ngx_addon_dir/src/appguard.inner.utils.cpp        \
     $ngx_addon_dir/src/appguard.wrapper.cpp            \
     $ngx_addon_dir/src/appguard.stream.cpp             \
     $ngx_addon_dir/src/appguard.tcp.ucache.cpp         \
     $ngx_addon_dir/src/appguard.uclient.info.cpp       \
     $ngx_addon_dir/src/appguard.uclient.exception.cpp  \
+    $ngx_addon_dir/src/appguard.storage.cpp            \
     $ngx_addon_dir/src/appguard.nginx.module.cpp       \
     "
 NGX_APPGUARD_DEPS="                                    \
+    $ngx_addon_dir/src/generated/appguard.pb.h         \
+    $ngx_addon_dir/src/generated/appguard.grpc.pb.h    \
+    $ngx_addon_dir/src/generated/commands.pb.h         \
+    $ngx_addon_dir/src/generated/commands.grpc.pb.h    \
     $ngx_addon_dir/src/appguard.nginx.module.hpp       \
     $ngx_addon_dir/src/appguard.wrapper.hpp            \
     $ngx_addon_dir/src/appguard.inner.utils.hpp        \
-    $ngx_addon_dir/src/appguard.grpc.pb.h              \
-    $ngx_addon_dir/src/appguard.pb.h                   \
     $ngx_addon_dir/src/appguard.stream.hpp             \
     $ngx_addon_dir/src/appguard.tcp.ucache.hpp         \
     $ngx_addon_dir/src/appguard.uclient.info.hpp       \
+    $ngx_addon_dir/src/appguard.storage.hpp            \
     $ngx_addon_dir/src/appguard.uclient.exception.hpp  \
     "
 

proto/appguard.proto

@@ -2,9 +2,15 @@ syntax = "proto3";
 
 package appguard;
 
+import "google/protobuf/empty.proto";
+import "commands.proto";
+
 service AppGuard {
-  // Authentication
-  rpc Heartbeat (HeartbeatRequest) returns (stream HeartbeatResponse);
+  // Control channel
+  rpc ControlChannel(stream appguard_commands.ClientMessage)
+      returns (stream appguard_commands.ServerMessage);
+  // Logs
+  rpc HandleLogs (Logs) returns (google.protobuf.Empty);
   // TCP
   rpc HandleTcpConnection (AppGuardTcpConnection) returns (AppGuardTcpResponse);
   // HTTP
@@ -13,26 +19,20 @@ service AppGuard {
   // SMTP
   rpc HandleSmtpRequest (AppGuardSmtpRequest) returns (AppGuardResponse);
   rpc HandleSmtpResponse (AppGuardSmtpResponse) returns (AppGuardResponse);
+  // Other
+  rpc FirewallDefaultsRequest (Token) returns (appguard_commands.FirewallDefaults);
 }
 
-// Authentication ------------------------------------------------------------------------------------------------------
-
-message HeartbeatRequest {
-  string app_id = 1;
-  string app_secret = 2;
+// Logs ----------------------------------------------------------------------------------------------------------------
+message Logs {
+  string token = 1;
+  repeated Log logs = 3;
 }
 
-enum DeviceStatus {
-  DRAFT = 0;
-  ACTIVE = 1;
-  ARCHIVED = 2;
-  DELETED = 3;
-  DS_UNKNOWN = 4;
-}
-
-message HeartbeatResponse {
-  string token = 1;
-  DeviceStatus status = 2;
+message Log {
+  string timestamp = 1;
+  string level = 2;
+  string message = 3;
 }
 
 // TCP -----------------------------------------------------------------------------------------------------------------
@@ -102,15 +102,15 @@ message AppGuardSmtpResponse {
 // Response ------------------------------------------------------------------------------------------------------------
 
 message AppGuardResponse {
-  FirewallPolicy policy = 2;
+  appguard_commands.FirewallPolicy policy = 2;
 }
 
 message AppGuardTcpResponse {
   AppGuardTcpInfo tcp_info = 1;
 }
 
-enum FirewallPolicy {
-  UNKNOWN = 0;
-  ALLOW = 1;
-  DENY = 2;
-}
+// Other --------------------------------------------------------------------------------------
+
+message Token {
+  string token = 1;
+}