sig-auth/main.go

package main

import (
	"bytes"
	"crypto"
	"encoding/json"
	"flag"
	"fmt"
	"io"
	"log"
	"net/http"
	"os"

	"crispbyte.dev/sig-auth/client"
	"crispbyte.dev/sig-auth/server"
	"github.com/opencontainers/go-digest"
	"golang.org/x/crypto/ssh"
)

func main() {
	useClient := flag.Bool("c", false, "Run client")

	keyPath := flag.String("key", "", "Path to the private key (client mode) or public key (server mode) to use - Required")

	simulateCaddy := flag.Bool("caddy", false, "Simulate caddy reverse proxy")

	flag.Parse()

	if *keyPath == "" {
		flag.PrintDefaults()
		return
	}

	if *useClient {
		runClient(keyPath, *simulateCaddy)
	} else {
		runServer(keyPath, *simulateCaddy)
	}
}

func runClient(keyFile *string, simulateCaddy bool) {
	testData := map[string]string{"hello": "world"}
	json_data, _ := json.Marshal(testData)

	key, err := loadPrivateKey(*keyFile)

	if err != nil {
		log.Fatal(err)
	}

	client, err := client.GetSigningClient(key, "test-id")

	if err != nil {
		log.Fatal(err)
	}

	id := digest.FromBytes(json_data)

	var req *http.Request

	req, err = http.NewRequest("POST", "http://localhost:8080/post", bytes.NewBuffer(json_data))

	if err != nil {
		log.Fatal(err)
	}

	req.Header.Add("Content-Digest", string(id.Algorithm())+"="+id.Encoded())
	req.Header.Add("Content-Type", "application/json")

	if simulateCaddy {
		req.Header.Add("X-Forwarded-Method", req.Method)
		req.Header.Add("X-Forwarded-Uri", req.RequestURI)
	}

	resp, err := client.Do(req)

	if err != nil {
		log.Fatal(err)
	}

	defer resp.Body.Close()

	out, err := io.ReadAll(resp.Body)

	if err != nil {
		log.Fatal(err)
	}

	fmt.Println(resp.StatusCode)
	fmt.Println(resp.Header)
	fmt.Println(string(out[:]))
}

func runServer(keyFile *string, simulateCaddy bool) {
	key, err := loadPublicKey(*keyFile)

	if err != nil {
		log.Fatal(err)
	}

	server.Start(key, simulateCaddy)
}

func loadPrivateKey(keyFile string) (crypto.PrivateKey, error) {
	keyBytes, err := os.ReadFile(keyFile)

	if err != nil {
		return nil, err
	}

	return ssh.ParseRawPrivateKey(keyBytes)
}

func loadPublicKey(keyFile string) (crypto.PublicKey, error) {
	keyBytes, err := os.ReadFile(keyFile)

	if err != nil {
		return nil, err
	}

	pk, _, _, _, err := ssh.ParseAuthorizedKey(keyBytes)

	return pk.(ssh.CryptoPublicKey).CryptoPublicKey(), err
}
Initial commit - test client 2025-02-10 23:07:41 -05:00			`package main`

			`import (`
			`"bytes"`
			`"crypto"`
			`"encoding/json"`
Implement test server 2025-02-14 19:41:22 -05:00			`"flag"`
Initial commit - test client 2025-02-10 23:07:41 -05:00			`"fmt"`
Implement test server 2025-02-14 19:41:22 -05:00			`"io"`
Initial commit - test client 2025-02-10 23:07:41 -05:00			`"log"`
Implement test server 2025-02-14 19:41:22 -05:00			`"net/http"`
Initial commit - test client 2025-02-10 23:07:41 -05:00			`"os"`

			`"crispbyte.dev/sig-auth/client"`
Implement test server 2025-02-14 19:41:22 -05:00			`"crispbyte.dev/sig-auth/server"`
Add digest to request 2025-02-14 19:41:22 -05:00			`"github.com/opencontainers/go-digest"`
Initial commit - test client 2025-02-10 23:07:41 -05:00			`"golang.org/x/crypto/ssh"`
			`)`

			`func main() {`
Implement test server 2025-02-14 19:41:22 -05:00			`useClient := flag.Bool("c", false, "Run client")`

Handle required parameter 2025-02-16 13:57:24 -05:00			`keyPath := flag.String("key", "", "Path to the private key (client mode) or public key (server mode) to use - Required")`
Implement test server 2025-02-14 19:41:22 -05:00
Try simulating caddy forward_auth 2025-02-16 13:51:53 -05:00			`simulateCaddy := flag.Bool("caddy", false, "Simulate caddy reverse proxy")`

Implement test server 2025-02-14 19:41:22 -05:00			`flag.Parse()`

Handle required parameter 2025-02-16 13:57:24 -05:00			`if *keyPath == "" {`
			`flag.PrintDefaults()`
			`return`
			`}`

Implement test server 2025-02-14 19:41:22 -05:00			`if *useClient {`
Try simulating caddy forward_auth 2025-02-16 13:51:53 -05:00			`runClient(keyPath, *simulateCaddy)`
Implement test server 2025-02-14 19:41:22 -05:00			`} else {`
Try simulating caddy forward_auth 2025-02-16 13:51:53 -05:00			`runServer(keyPath, *simulateCaddy)`
Implement test server 2025-02-14 19:41:22 -05:00			`}`
			`}`

Try simulating caddy forward_auth 2025-02-16 13:51:53 -05:00			`func runClient(keyFile *string, simulateCaddy bool) {`
Initial commit - test client 2025-02-10 23:07:41 -05:00			`testData := map[string]string{"hello": "world"}`
			`json_data, _ := json.Marshal(testData)`

Implement test server 2025-02-14 19:41:22 -05:00			`key, err := loadPrivateKey(*keyFile)`
Initial commit - test client 2025-02-10 23:07:41 -05:00
			`if err != nil {`
			`log.Fatal(err)`
			`}`

			`client, err := client.GetSigningClient(key, "test-id")`

			`if err != nil {`
			`log.Fatal(err)`
			`}`

Add digest to request 2025-02-14 19:41:22 -05:00			`id := digest.FromBytes(json_data)`

Try simulating caddy forward_auth 2025-02-16 13:51:53 -05:00			`var req *http.Request`

			`req, err = http.NewRequest("POST", "http://localhost:8080/post", bytes.NewBuffer(json_data))`
Add digest to request 2025-02-14 19:41:22 -05:00
			`if err != nil {`
			`log.Fatal(err)`
			`}`

			`req.Header.Add("Content-Digest", string(id.Algorithm())+"="+id.Encoded())`
			`req.Header.Add("Content-Type", "application/json")`

Try simulating caddy forward_auth 2025-02-16 13:51:53 -05:00			`if simulateCaddy {`
			`req.Header.Add("X-Forwarded-Method", req.Method)`
			`req.Header.Add("X-Forwarded-Uri", req.RequestURI)`
			`}`

Add digest to request 2025-02-14 19:41:22 -05:00			`resp, err := client.Do(req)`
Initial commit - test client 2025-02-10 23:07:41 -05:00
			`if err != nil {`
			`log.Fatal(err)`
			`}`

			`defer resp.Body.Close()`

Implement test server 2025-02-14 19:41:22 -05:00			`out, err := io.ReadAll(resp.Body)`

			`if err != nil {`
			`log.Fatal(err)`
			`}`

			`fmt.Println(resp.StatusCode)`
Try simulating caddy forward_auth 2025-02-16 13:51:53 -05:00			`fmt.Println(resp.Header)`
Implement test server 2025-02-14 19:41:22 -05:00			`fmt.Println(string(out[:]))`
			`}`

Try simulating caddy forward_auth 2025-02-16 13:51:53 -05:00			`func runServer(keyFile *string, simulateCaddy bool) {`
Implement test server 2025-02-14 19:41:22 -05:00			`key, err := loadPublicKey(*keyFile)`
Initial commit - test client 2025-02-10 23:07:41 -05:00
Implement test server 2025-02-14 19:41:22 -05:00			`if err != nil {`
			`log.Fatal(err)`
			`}`
Initial commit - test client 2025-02-10 23:07:41 -05:00
Try simulating caddy forward_auth 2025-02-16 13:51:53 -05:00			`server.Start(key, simulateCaddy)`
Initial commit - test client 2025-02-10 23:07:41 -05:00			`}`

			`func loadPrivateKey(keyFile string) (crypto.PrivateKey, error) {`
			`keyBytes, err := os.ReadFile(keyFile)`

			`if err != nil {`
			`return nil, err`
			`}`

			`return ssh.ParseRawPrivateKey(keyBytes)`
			`}`
Implement test server 2025-02-14 19:41:22 -05:00
			`func loadPublicKey(keyFile string) (crypto.PublicKey, error) {`
			`keyBytes, err := os.ReadFile(keyFile)`

			`if err != nil {`
			`return nil, err`
			`}`

			`pk, _, _, _, err := ssh.ParseAuthorizedKey(keyBytes)`

			`return pk.(ssh.CryptoPublicKey).CryptoPublicKey(), err`
			`}`