webconf service for the initial configuration of a device

build.sh

@@ -7,13 +7,36 @@
 #               amd64, arm64, armhf and i386.
 #
 #   [--ups]:    Build the ubuntu-personal-store snap as well.
+#
+#   [--with-webconf]: Adds the new webconf service to the snapweb snap.
+#
 
 set -e
 
-if [ "$#" -eq 0 ] || ([ "$#" -eq 1 ] && [ "$1" = "--ups" ]); then
+BUILD_UPS_SNAP=
+WITH_WEBCONF=
+
+while [ "$1" != "" ]; do
+    case $1 in
+        --ups)
+            BUILD_UPS_SNAP=1
+            ;;
+        --with-webconf)
+            WITH_WEBCONF=1
+            ;;
+        amd64|i386|arm64|armhf)
+            architectures+=("$1")
+            ;;
+        *)
+            # print usage
+            head -13 $0 | tail -12
+            exit
+    esac
+    shift
+done
+
+if [ "$architectures" = "" ]; then
     architectures=( amd64 arm64 armhf i386 )
-else
-    architectures=( "$@" )
 fi
 
 AVAHI_VERSION="0.6.31-4ubuntu4snap2"
@@ -59,7 +82,10 @@ gobuild() {
 
     mkdir -p $output_dir
     cd $output_dir
-    GOARCH=$arch GOARM=7 CGO_ENABLED=1 CC=${plat_abi}-gcc go build -ldflags "-extld=${plat_abi}-gcc -X main.httpAddr=${httpAddr} -X main.httpsAddr=${httpsAddr}" github.com/snapcore/snapweb/cmd/snapweb
+    GOARCH=$arch GOARM=7 CGO_ENABLED=1 CC=${plat_abi}-gcc go build -ldflags "-extld=${plat_abi}-gcc" github.com/snapcore/snapweb/cmd/snapweb
+    if [ $WITH_WEBCONF ]; then
+        GOARCH=$arch GOARM=7 CGO_ENABLED=1 CC=${plat_abi}-gcc go build -ldflags "-extld=${plat_abi}-gcc" github.com/snapcore/snapweb/cmd/webconf
+    fi
     GOARCH=$arch GOARM=7 CGO_ENABLED=1 CC=${plat_abi}-gcc go build -o generate-token -ldflags "-extld=${plat_abi}-gcc" $srcdir/cmd/generate-token/main.go
     cp generate-token ../../
     cd - > /dev/null
@@ -112,7 +138,7 @@ for ARCH in "${architectures[@]}"; do
     snapcraft snap $builddir
 
     # TODO: We only support amd64 ups builds for now -Need a cross-compile fix for "after: [desktop-qt5]"
-    if [[ $* == *--ups* ]] && [ $ARCH = amd64 ]; then
+    if [ $BUILD_UPS_SNAP ] && [ $ARCH = amd64 ]; then
         HTTP_ADDR="127.0.0.1:5200"
         HTTPS_ADDR="127.0.0.1:5201"
 

cmd/snapweb/cert.go

@@ -32,8 +32,8 @@ import (
 	"time"
 )
 
-// DumpCertificate create the certificate & key files
-func DumpCertificate() {
+// CreateCertificateIfNeeded creates the certificate & key files, if they don't exist yet
+func CreateCertificateIfNeeded() {
 	certFilename := filepath.Join(os.Getenv("SNAP_DATA"), "cert.pem")
 	keyFilename := filepath.Join(os.Getenv("SNAP_DATA"), "key.pem")
 

cmd/snapweb/cert_test.go

@@ -45,17 +45,17 @@ func (s *CertSuite) TearDownTest(c *C) {
 	os.RemoveAll(s.snapdata)
 }
 
-func (s *CertSuite) TestDumpCertificate(c *C) {
+func (s *CertSuite) TestCreateCertificateIfNeeded(c *C) {
 	c.Assert(ioutil.WriteFile(s.certFilename, nil, 0600), IsNil)
 	c.Assert(ioutil.WriteFile(s.keyFilename, nil, 0600), IsNil)
 
-	DumpCertificate()
+	CreateCertificateIfNeeded()
 	certData, err := ioutil.ReadFile(s.certFilename)
 	c.Assert(err, IsNil)
 	keyData, err := ioutil.ReadFile(s.keyFilename)
 	c.Assert(err, IsNil)
 
-	DumpCertificate()
+	CreateCertificateIfNeeded()
 	certData2, err := ioutil.ReadFile(s.certFilename)
 	c.Assert(err, IsNil)
 	keyData2, err := ioutil.ReadFile(s.keyFilename)

cmd/snapweb/handlers.go

@@ -250,7 +250,7 @@ func initURLHandlers(log *log.Logger, config snappy.Config) http.Handler {
 
 	handler.HandleFunc("/", makeMainPageHandler())
 
-	return NewFilterHandlerFromConfig(handler, config)
+	return snappy.NewFilterHandlerFromConfig(handler, config)
 }
 
 // Name of the cookie transporting the access token
@@ -341,31 +341,5 @@ func redirHandler(config snappy.Config) http.Handler {
 			http.StatusSeeOther)
 	})
 
-	return NewFilterHandlerFromConfig(redir, config)
-}
-
-// NewFilterHandlerFromConfig creates a new http.Handler with an integrated NetFilter
-func NewFilterHandlerFromConfig(handler http.Handler, config snappy.Config) http.Handler {
-	if config.DisableIPFilter {
-		return handler
-	}
-
-	f := snappy.NewFilter()
-
-	for _, net := range config.AllowNetworks {
-		f.AllowNetwork(net)
-	}
-
-	for _, ifname := range config.AllowInterfaces {
-		f.AddLocalNetworkForInterface(ifname)
-	}
-
-	// if nothing was specified, default to allowing all local networks
-	if (len(config.AllowNetworks) == 0) &&
-		(len(config.AllowInterfaces) == 0) {
-		logger.Println("Allowing local network access by default")
-		f.AddLocalNetworks()
-	}
-
-	return f.FilterHandler(handler)
+	return snappy.NewFilterHandlerFromConfig(redir, config)
 }

cmd/snapweb/main.go

@@ -22,6 +22,8 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
+	"strings"
+	"time"
 
 	"github.com/snapcore/snapweb/avahi"
 	"github.com/snapcore/snapweb/snappy/app"
@@ -43,7 +45,26 @@ func init() {
 	}
 }
 
+func redir(w http.ResponseWriter, req *http.Request) {
+	http.Redirect(w, req,
+		"https://"+strings.Replace(req.Host, httpAddr, httpsAddr, -1),
+		http.StatusSeeOther)
+}
+
+type blockerFn func() bool
+
+func blockOn(managedCondition blockerFn) {
+	snappy.WritePidFile()
+	for managedCondition() == false {
+		snappy.WaitForSigHup()
+		// wait futher more, to let webconf release the 4200 port
+		time.Sleep(1000)
+	}
+}
+
 func main() {
+	blockOn(snappy.IsDeviceManaged)
+
 	// TODO set warning for too hazardous config?
 	config, err := snappy.ReadConfig()
 	if err != nil {
@@ -58,7 +79,7 @@ func main() {
 	logger.Println("Snapweb starting...")
 
 	if !config.DisableHTTPS {
-		DumpCertificate()
+		CreateCertificateIfNeeded()
 
 		go func() {
 			certFile := filepath.Join(os.Getenv("SNAP_DATA"), "cert.pem")

cmd/snapweb/main_test.go

@@ -0,0 +1,68 @@
+/*
+ * Copyright (C) 2017 Canonical Ltd
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 3 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+package main
+
+import (
+	"os"
+	"time"
+
+	"github.com/snapcore/snapweb/snappy/app"
+
+	. "gopkg.in/check.v1"
+)
+
+type MainSuite struct{}
+
+var _ = Suite(&MainSuite{})
+
+var mockManagedState = false
+
+func mockIsDeviceManaged() bool {
+	return mockManagedState
+}
+
+func (s *MainSuite) TestBlockUntilManaged(c *C) {
+	os.Setenv("SNAP_DATA", c.MkDir())
+
+	ready := make(chan bool)
+	done := make(chan bool)
+
+	go func() {
+		ready <- true
+		blockOn(mockIsDeviceManaged)
+		done <- true
+	}()
+
+	// a signal cannot unblock snapweb until the system is managed
+	mockManagedState = false
+	<-ready
+	time.Sleep(1000) // give time to install the signal handler
+	snappy.SendSignalToSnapweb()
+	select {
+	case <-done:
+		c.Fail()
+	default:
+	}
+
+	// try to unblock once the system has changed
+	mockManagedState = true
+	snappy.SendSignalToSnapweb()
+	result := <-done
+
+	c.Assert(result, Equals, true)
+}

cmd/webconf/main.go

@@ -0,0 +1,146 @@
+/*
+ * Copyright (C) 2017 Canonical Ltd
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 3 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+package main
+
+import (
+	"log"
+	"net"
+	"net/http"
+	"os"
+	"path/filepath"
+	"text/template"
+	"time"
+
+	"github.com/snapcore/snapd/dirs"
+
+	"github.com/snapcore/snapweb/avahi"
+	"github.com/snapcore/snapweb/snappy/app"
+)
+
+var logger *log.Logger
+var timer *time.Timer
+
+const (
+	httpAddr string = ":4200"
+)
+
+func init() {
+	logger = log.New(os.Stderr, "webconf: ", log.Ldate|log.Ltime|log.Lshortfile)
+}
+
+type branding struct {
+	Name    string
+	Subname string
+}
+
+type templateData struct {
+	Branding     branding
+	SnapdVersion string
+}
+
+func makeMainPageHandler() http.HandlerFunc {
+
+	layoutPath := filepath.Join(os.Getenv("SNAP"), "www", "templates", "webconf.html")
+	t, err := template.ParseFiles(layoutPath)
+	if err != nil {
+		logger.Fatalf("%v", err)
+	}
+
+	data := templateData{
+		Branding: branding{
+			Name:    "Ubuntu",
+			Subname: "",
+		},
+		SnapdVersion: "snapd",
+	}
+
+	return func(w http.ResponseWriter, r *http.Request) {
+
+		// reset the timer, and give 3 minutes to complete the setup process
+		timer.Reset(time.Second * 180)
+
+		err = t.Execute(w, &data)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			log.Println(err)
+			return
+		}
+
+	}
+}
+
+func doneHandler(server net.Listener) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		snappy.SendSignalToSnapweb()
+		if server != nil {
+			server.Close()
+		}
+	}
+}
+
+func initURLHandlers(log *log.Logger, server net.Listener, config snappy.Config) http.Handler {
+	handler := http.NewServeMux()
+
+	// API
+	handler.Handle("/api/v2/create-user",
+		snappy.MakePassthroughHandler(dirs.SnapdSocket, "/api/v2/create-user"))
+	handler.HandleFunc("/done", doneHandler(server))
+
+	// Resources
+	handler.Handle("/public/", snappy.LoggingHandler(http.FileServer(http.Dir(filepath.Join(os.Getenv("SNAP"), "www")))))
+
+	handler.HandleFunc("/", makeMainPageHandler())
+
+	return snappy.NewFilterHandlerFromConfig(handler, config)
+}
+
+func main() {
+	if snappy.IsDeviceManaged() {
+		log.Println("webconf does not run on managed devices")
+		// this tells systemd to not restart this service
+		os.Exit(0)
+	}
+
+	config, err := snappy.ReadConfig()
+	if err != nil {
+		logger.Fatal("Configuration error", err)
+	}
+
+	go avahi.InitMDNS(logger)
+
+	// open a plain HTTP end-point on the "usual" 4200 port
+	server, err := net.Listen("tcp", httpAddr)
+	if err != nil {
+		logger.Fatalf("%v", err)
+	}
+
+	handler := initURLHandlers(logger, server, config)
+
+	timer = time.NewTimer(time.Second * 120)
+	go func() {
+		<-timer.C
+		logger.Println("disabling webconf automatically after 2 minutes")
+		server.Close()
+		os.Exit(0)
+	}()
+
+	http.Serve(server, handler)
+
+	// prepare to exit, but let snapweb start before that
+	time.Sleep(2 * time.Second)
+}