fix: refactor plugin import

.github/workflows/balena.yml

@@ -245,7 +245,7 @@ jobs:
 
           arch_version='${{ needs.publish.outputs[format('{0}_version', matrix.arch)] }}'
 
-          sed -i "s#FROM bh.cr/${{ matrix.fleet }}-%%BALENA_ARCH%%#FROM bh.cr/${{ matrix.fleet }}-%%BALENA_ARCH%%/${arch_version}#g" Dockerfile.template
+          sed -i "s#FROM bh.cr/${{ env.BLOCK_PREFIX }}-%%BALENA_ARCH%%#FROM bh.cr/${{ env.BLOCK_PREFIX }}-%%BALENA_ARCH%%/${arch_version}#g" Dockerfile.template
 
       - name: push draft or finalise release
         id: build

.gitignore

@@ -1,30 +1,23 @@
 __pycache__/
-!*.secret
-._*
 .DS_Store
-.gitsecret/keys/random_seed
 *.build
 *.dist
 *.enc
 *.exe
 *.gz
-*.pluginc
 *.pyc
 *.tgz
 *.tmp
-src/plugin.py**
 src/tests/data
 src/tests/temp
-unzoner/.balena/secrets/env
-unzoner/.env-blackbox-plugin
-unzoner/id_rsa.blackbox
-unzoner/mgmt.blackbox.ovpn
-unzoner/openvpn/client.blackbox.key
-unzoner/openvpn/client.blackbox.key
-unzoner/openvpn/dh2048.blackbox.pem
-unzoner/openvpn/dh2048.blackbox.pem
-unzoner/openvpn/server.blackbox.key
-unzoner/openvpn/server.blackbox.key
-unzoner/openvpn/ta.blackbox.key
-unzoner/openvpn/ta.blackbox.key
 venv**
+
+!*.secret
+.gitsecret/keys/random_seed
+unzoner/mgmt.ovpn
+unzoner/openvpn/client.key
+unzoner/openvpn/server.key
+unzoner/openvpn/ta.key
+unzoner/openvpn/dh2048.pem
+unzoner/id_rsa
+unzoner/.balena/secrets/env

.gitsecret/paths/mapping.cfg

@@ -1,8 +1,7 @@
-unzoner/id_rsa.blackbox:7efaea18eedb4a1b9f9298e0f3d92ceb3f2adc4c29a5e818009a7d88f847296f
-unzoner/mgmt.blackbox.ovpn:b81b41c4cf71cdd490feecadf4bb35c31ed8396ed0fdd61808d4efd73c3031de
-unzoner/openvpn/dh2048.blackbox.pem:7afe4bea0e57bc35bcd7cdd9e393692c43a88facc64c309a176dc69a66d5a029
-unzoner/openvpn/client.blackbox.key:1f2e908d2eac66568e4d4cc2c37967684c0da9cb32a24c970ee829f9113694fb
-unzoner/openvpn/server.blackbox.key:0817ed6b2ae19fdf1ddab8b507d70e7cbea29fa00674687eb845514539ad2c64
-unzoner/openvpn/ta.blackbox.key:61a616ec66587848c1a43cc92aa21ad0305e804581f9c2a437929713c4f4edb6
-unzoner/.balena/secrets/env:b581220016ab9a0e9bb870baa31c1407caac3ba674ad785d3bffc9cb407f756a
-unzoner/.env-blackbox-plugin:9d9f2cc91d124e1c4a995d0c99dfa67fda7fa98b6b9ab972c18e6c36dd3de7d2
+unzoner/openvpn/client.key:1f2e908d2eac66568e4d4cc2c37967684c0da9cb32a24c970ee829f9113694fb
+unzoner/openvpn/server.key:0817ed6b2ae19fdf1ddab8b507d70e7cbea29fa00674687eb845514539ad2c64
+unzoner/openvpn/ta.key:61a616ec66587848c1a43cc92aa21ad0305e804581f9c2a437929713c4f4edb6
+unzoner/id_rsa:7efaea18eedb4a1b9f9298e0f3d92ceb3f2adc4c29a5e818009a7d88f847296f
+unzoner/.balena/secrets/env:2edcc9ee694a7b2b6981c554629dd06f1313825b53c1ecc583ad072f37cba20a
+unzoner/mgmt.ovpn:b81b41c4cf71cdd490feecadf4bb35c31ed8396ed0fdd61808d4efd73c3031de
+unzoner/openvpn/dh2048.pem:7afe4bea0e57bc35bcd7cdd9e393692c43a88facc64c309a176dc69a66d5a029

unzoner/.dockerignore

@@ -1,18 +1,15 @@
 __pycache__/
-._*
 .DS_Store
 .git
 *.build
 *.dist
 *.enc
 *.exe
 *.gz
-*.pluginc
 *.pyc
 *.secret
 *.tgz
 *.tmp
-src/plugin.py**
 src/tests/data
 src/tests/temp
 venv**

unzoner/Dockerfile.template

@@ -39,8 +39,7 @@ RUN install_packages \
     libtool \
     libudns-dev \
     openssl \
-    python3-venv \
-    python3-mysqldb
+    python3-venv
 
 WORKDIR /data
 
@@ -126,6 +125,9 @@ RUN chown root:root -hR ./
 
 WORKDIR /root/build
 
+# https://www.balena.io/docs/learn/more/masterclasses/cli-masterclass/#81-build-time-secrets
+RUN set -a && . /run/secrets/env && src/tests/run
+
 RUN if [ "$COMPILE_CODE" = '1' ]; then \
     install_packages ccache \
     && pip3 install --upgrade \
@@ -141,7 +143,6 @@ RUN if [ "$COMPILE_CODE" = '1' ]; then \
     --standalone application.py \
     && cd "$(uname -m)/application.dist" && ln -s ../../templates/ && cd ../.. \
     && cd .. && mkdir -p src && cd src \
-    && cat < $DNS_SUB_DOMAIN.plugin > plugin.py \
     && for src in log gen_hash as_prefixes main auth client; do \
     nuitka3 \
     --remove-output \
@@ -150,10 +151,8 @@ RUN if [ "$COMPILE_CODE" = '1' ]; then \
     --plugin-enable=pylint-warnings \
     --standalone $src.py; done; fi
 
-# https://www.balena.io/docs/learn/more/masterclasses/cli-masterclass/#81-build-time-secrets
-RUN set -a \
-    && . /run/secrets/env \
-    && utils/encrypt.sh
+# creates encrypted app.tgz.enc bundle
+RUN set -a && . /run/secrets/env && utils/encrypt.sh
 
 WORKDIR /opt
 
@@ -243,15 +242,13 @@ RUN install_packages \
     libevent-2.1 \
     liblz4-1 \
     liblzo2-2 \
-    libmysqlclient-dev \
     libpcre3 \
     libtool \
     libudns0 \
     linux-firmware \
     lsof \
     miniupnpc \
     mtr \
-    mysql-client \
     net-tools \
     netcat-openbsd \
     nmap \

unzoner/README.md

@@ -24,8 +24,27 @@
 > see, [repository](https://github.com/belodetek/unzoner-dns)
 
 ### miscellaneous
-* [ifconfig](https://github.com/mpolden/echoip) service
+* [geoip](https://www.maxmind.com/en/accounts/238005/geoip/downloads)
+* [echoip](https://github.com/mpolden/echoip) service
 * [generate](https://hub.docker.com/r/kylemanna/openvpn/) PKI assets for OpenVPN
+* [create](https://github.com/hadiasghari/pyasn) IPASN database
+
+```
+pip install --upgrade pyasn
+
+s3_bucket=$(uuid)
+
+ts=$(date +%Y%m%d.%H%M)
+
+pyasn_util_download.py --latestv46
+
+pyasn_util_convert.py --single rib.*.bz2 ipasn_${ts}.dat
+
+gzip ipasn_${ts}.dat
+
+aws s3 cp --acl=public-read \
+  ipasn_${ts}.dat.gz s3://${s3_bucket}/
+```
 
 
 ## Balena
@@ -84,6 +103,8 @@
 
     IEEE80211N=1
 
+    IPASN_DB=https://s3.amazonaws.com/${s3_bucket}/ipasn_{{ ts }}.dat.gz
+
     OPENVPN_COMPRESS=1
 
     WMM_ENABLED=1
@@ -139,7 +160,7 @@ name | description | example
 AF | IP address family | 0 = detect; 4 = IPv4; 6 = IPv6
 ALPHA_2 | ISO Alpha-2 country code | gb
 API_HOST | API host | https://api.belodedenko.me
-API_SECRET | API pre-shared secret | `base64.b64encode(hashlib.sha256(...))`
+API_SECRET | API pre-shared secret | `openssl rand -hex 16`
 API_VERSION | API version | 1.0
 AS_NUMS | space separated list of one or more AS numbers to policy route | AS1234 AS5678
 AUTH | OpenVPN network packet authentication | None

unzoner/functions

@@ -243,11 +243,10 @@ function generate_vpn_profile() {
 
 # downloads IPASN_DB from S3
 function download_ipasn_db() {
-   mkdir -p ${DATADIR}
-   with_backoff curl ${CURL_OPTS}\
-     -o ${DATADIR}/${IPASN_DB}\
-     --connect-timeout ${CONN_TIMEOUT} --max-time $((${CONN_TIMEOUT}*60))\
-     "https://s3.eu-central-1.amazonaws.com/belodetech/${IPASN_DB}"
+    mkdir -p ${DATADIR}
+    pushd ${DATADIR}
+    with_backoff wget --no-clobber "${IPASN_DB}"
+    popd
 }
 
 

unzoner/requirements.txt

@@ -5,4 +5,3 @@ requests[security]
 pingparsing
 dnspython
 passlib
-mysqlclient

unzoner/src/auth.py

@@ -9,7 +9,7 @@
 from traceback import print_exc
 
 import vpn
-import plugin_loader
+import plugin
 
 from common import retry
 from config import (
@@ -66,8 +66,8 @@ def authenticate(username=None, password=None):
 		return False
 
 	result = False
-	if plugin_loader.plugin and 'auth_user' in dir(plugin_loader.plugin):
-		result = plugin_loader.plugin.auth_user(
+	if 'auth_user' in dir(plugin):
+		result = plugin.auth_user(
 			urllib.parse.quote(username),
 			urllib.parse.quote(password)
 		)

unzoner/src/client.py

@@ -6,25 +6,23 @@
 
 from config import DNS_SUB_DOMAIN
 from common import retry
-import plugin_loader
+import plugin
 
 
 @retry(Exception, cdata='method=%s()' % stack()[0][3])
 def connect_disconnect(cmd=None, username=None):
     if not cmd in ['connect', 'disconnect']: return False
     if cmd == 'connect':
-        if plugin_loader.plugin \
-           and 'client_connect' in dir(plugin_loader.plugin):
-            result = plugin_loader.plugin.client_connect(username=username)
+        if 'client_connect' in dir(plugin):
+            result = plugin.client_connect(username=username)
             if result: print('plugin={} name={} connected'.format(
                 DNS_SUB_DOMAIN,
                 username
             ))
 
     if cmd == 'disconnect':
-        if plugin_loader.plugin \
-           and 'client_disconnect' in dir(plugin_loader.plugin):
-            result = plugin_loader.plugin.client_disconnect(username=username)
+        if 'client_disconnect' in dir(plugin):
+            result = plugin.client_disconnect(username=username)
             if result: print('plugin={} name={} disconnected'.format(
                 DNS_SUB_DOMAIN,
                 username

unzoner/src/tests/auth_tests.py

@@ -7,31 +7,31 @@
 
 @patch('auth.vpn.get_server_conns', return_value=10)
 @patch('auth.vpn.get_client_conns', return_value=1)
-@patch('auth.plugin_loader.plugin.auth_user', return_value=True)
+@patch('auth.plugin.auth_user', return_value=True)
 def test_authenticate_user_success(*args):
     result = authenticate(username=uuid4().hex, password='secret')
     assert_is_not_none(result)
     eq_(result, True)
 
 
 @patch('auth.vpn.get_server_conns', return_value=10)
-@patch('auth.plugin_loader.plugin.auth_user', return_value=False)
+@patch('auth.plugin.auth_user', return_value=False)
 def test_authenticate_user_password_wrong(*args):
     result = authenticate(username=uuid4().hex, password='wrong')
     assert_is_not_none(result)
     eq_(result, False)
 
 
 @patch('auth.vpn.get_server_conns', return_value=1000)
-@patch('auth.plugin_loader.plugin.auth_user', return_value=True)
+@patch('auth.plugin.auth_user', return_value=True)
 def test_authenticate_user_max_server_conns_reached(*args):
     result = authenticate(username=uuid4().hex, password='secret')
     assert_is_not_none(result)
     eq_(result, False)
 
 
 @patch('auth.vpn.get_client_conns', return_value=10)
-@patch('auth.plugin_loader.plugin.auth_user', return_value=False)
+@patch('auth.plugin.auth_user', return_value=False)
 def test_authenticate_user_max_client_conns_reached(*args):
     result = authenticate(username=uuid4().hex, password='secret')
     assert_is_not_none(result)

unzoner/src/tests/client_tests.py

@@ -6,14 +6,14 @@
 from client import connect_disconnect
 
 
-@patch('client.plugin_loader.plugin.client_connect', return_value=True)
+@patch('client.plugin.client_connect', return_value=True)
 def test_client_connect(mock):
     result = connect_disconnect(cmd='connect', username=uuid4().hex)
     assert_is_not_none(result)
     eq_(result, True)
 
 
-@patch('client.plugin_loader.plugin.client_disconnect', return_value=True)
+@patch('client.plugin.client_disconnect', return_value=True)
 def test_client_disconnect(mock):
     result = connect_disconnect(cmd='disconnect', username=uuid4().hex)
     assert_is_not_none(result)

unzoner/src/tests/requirements.txt

@@ -5,7 +5,6 @@ requests[security]
 pingparsing
 dnspython
 passlib
-mysqlclient
 
 # tests
 mock

unzoner/src/vpn.py

@@ -16,7 +16,7 @@
 from queue import Queue
 
 import auth
-import plugin_loader
+import plugin
 
 from paypal import get_jwt_payload
 from common import retry, log
@@ -751,9 +751,8 @@ def log_client_stats(status=False, country=TARGET_COUNTRY):
 
     # client logging plug-in(s)
     log('{}: plugin={}'.format(stack()[0][3], DNS_SUB_DOMAIN))
-    if plugin_loader.plugin and \
-       'log_plugin_client' in dir(plugin_loader.plugin):
-        result = plugin_loader.plugin.log_plugin_client(status=status)
+    if 'log_plugin_client' in dir(plugin):
+        result = plugin.log_plugin_client(status=status)
 
 
 def log_server_stats(status=[False, False]):
@@ -790,9 +789,8 @@ def log_server_stats(status=[False, False]):
 
     # additional server logging plug-in(s)
     log('{}: plugin={}'.format(stack()[0][3], DNS_SUB_DOMAIN))
-    if plugin_loader.plugin\
-       and 'log_plugin_server' in dir(plugin_loader.plugin):
-        result = plugin_loader.plugin.log_plugin_server(status=status)
+    if 'log_plugin_server' in dir(plugin):
+        result = plugin.log_plugin_server(status=status)
 
 
 def openvpn_remote_override(conf='/mnt/{}/client.ovpn'.format(DNS_SUB_DOMAIN)):
@@ -957,13 +955,13 @@ def disconnect_clients():
     disconnected = list()
     while True:
         if os.path.exists('{}/disconnect_clients'.format(DATADIR)):
-            if not 'client_disconnect' in dir(plugin_loader.plugin): break
+            if not 'client_disconnect' in dir(plugin): break
             clients = get_clients()
             print('{}: clients={}'.format(stack()[0][3], len(clients)))
             for client in clients:
                 if client not in ['UNDEF']:
                     try:
-                        result = plugin_loader.plugin.client_disconnect(client)
+                        result = plugin.client_disconnect(client)
                         disconnected.append(client)
                         print(
                             'client_disconnect: client={} result={}'.format(