Fix js not responding to challenge, remove logging

internal/router/init.go

@@ -94,11 +94,6 @@ func Setup(errorChan chan<- error, iptables bool) (err error) {
 					if ourPeerAddresses[device.Address] != p.Endpoint.String() && p.Endpoint != nil {
 						ourPeerAddresses[device.Address] = p.Endpoint.String()
 
-						if device.Endpoint.String() != p.Endpoint.String() {
-							// This condition will trigger a challenge on the cluster
-							log.Printf("%s:%s endpoint changed %s -> %s", device.Address, device.Username, device.Endpoint.String(), p.Endpoint.String())
-						}
-
 						// Otherwise, just update the node association
 						err = data.UpdateDeviceConnectionDetails(p.AllowedIPs[0].IP.String(), p.Endpoint)
 						if err != nil {

internal/router/session_manager.go

@@ -76,12 +76,14 @@ func (c *Challenger) Challenge(address string) error {
 	c.RLock()
 	defer c.RUnlock()
 
+	var err error
+
 	conn, ok := c.connections[address]
 	if !ok {
 		return fmt.Errorf("no connection found for device: %s", address)
 	}
 
-	err := conn.SetWriteDeadline(time.Now().Add(2 * time.Second))
+	err = conn.SetWriteDeadline(time.Now().Add(2 * time.Second))
 	if err != nil {
 		conn.Close()
 		return err
@@ -159,11 +161,10 @@ func (c *Challenger) WS(w http.ResponseWriter, r *http.Request) {
 	conn := &wsConnWrapper{Conn: _c, wait: make(chan interface{})}
 
 	defer func() {
+		c.Lock()
 		if conn != nil {
 			conn.Close()
 		}
-
-		c.Lock()
 		delete(c.connections, remoteAddress.String())
 		c.Unlock()
 
@@ -180,10 +181,12 @@ func (c *Challenger) WS(w http.ResponseWriter, r *http.Request) {
 	err = c.Challenge(remoteAddress.String())
 	if err != nil {
 		c.Reset(remoteAddress.String())
-		log.Printf("client did not complete inital ws challenge: %s", err)
+		log.Printf("%s:%s client did not complete inital ws challenge: %s", user.Username, remoteAddress, err)
 		return
 	}
 
+	log.Println(user.Username, remoteAddress, conn, "established new challenge connection!")
+
 	for {
 		select {
 		case <-cancel:

internal/router/statemachine.go

@@ -100,13 +100,13 @@ func deviceChanges(_ string, current, previous data.Device, et data.EventType) e
 			return fmt.Errorf("cannot get lockout: %s", err)
 		}
 
-		if current.Endpoint.String() != previous.Endpoint.String() {
+		if current.Endpoint.String() != previous.Endpoint.String() && IsAuthed(current.Address) {
 
 			log.Printf("challenging %s:%s device, as endpoint changed: %s -> %s", current.Username, current.Address, current.Endpoint.String(), previous.Endpoint.String())
-			// Will take at most 4 seconds
+			// Will take at most 6 seconds
 
-			attempts := 0
-			for ; attempts < 3; attempts++ {
+			var err error
+			for attempts := 0; attempts < 3; attempts++ {
 				err = Verifier.Challenge(current.Address)
 				if err != nil {
 					time.Sleep(2 * time.Second)
@@ -115,7 +115,7 @@ func deviceChanges(_ string, current, previous data.Device, et data.EventType) e
 				}
 			}
 
-			if attempts >= 3 {
+			if err != nil {
 				log.Printf("%s:%s failed to pass websockets challenge: %s", current.Username, current.Address, err)
 				err := Deauthenticate(current.Address)
 				if err != nil {
@@ -126,7 +126,7 @@ func deviceChanges(_ string, current, previous data.Device, et data.EventType) e
 			}
 		}
 
-		if current.Attempts > lockout || // If the number of authentication attempts on a device has exceeded the max
+		if IsAuthed(current.Address) && current.Attempts > lockout || // If the number of authentication attempts on a device has exceeded the max
 			current.Authorised.IsZero() { // If we've explicitly deauthorised a device
 
 			var reasons []string

internal/webserver/resources/static/js/challenge.js

@@ -22,8 +22,11 @@ function connect() {
     };
 
     ws.onmessage = function (e) {
+        backoff = 200
         console.log('Message:', e.data);
-        switch(e.data) {
+
+        let msg = JSON.parse(e.data)
+        switch(msg) {
             case "challenge":
                 ws.send(
                     JSON.stringify({challenge: challenge