Docker bug fix #patch (#311)

* [ui] fix mobile for hostname * [api] return json if config * [ui] ClientSelect Policy support, use globe icon for Group * [build] docker has introduced a bug with relative paths and files, address with PWD * [api] Remove wpa2 workaround for apple devices * [api] [dhcp] Do not DHCP from WANIF * [ui] cleanup flex/mobile. fix #308 * [ui] listItem as component * [ui] swipeList for ios * [ui] use swipelist for ios, see #306 --------- Co-authored-by: lts-po <po@longterm.io>
spr-networks · Apr 18, 2024 · 4b1cb12 · 4b1cb12
1 parent 9293fdb
commit 4b1cb12
Show file tree

Hide file tree

Showing 18 changed files with 446 additions and 287 deletions.
diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
@@ -1,5 +1,11 @@
 # Secure Programmable Router (SPR) Release Notes
 
+## v0.3.8
+* Improve e2e testing 
+* Add fixes for 'disabled' policy handling 
+* Fix policy handling for multiple container interface rules
+* Alerting improvements
+
 ## v0.3.7
 * Rename builtin groups as Policies, to clarify Group vs Tag vs Policy
 * Merged dns rebinding and block plugin, added UI to turn off rebinding protection

diff --git a/api/code/api.go b/api/code/api.go
@@ -342,6 +342,7 @@ func getInfo(w http.ResponseWriter, r *http.Request) {
 		data, err = ioutil.ReadFile(HostnameConfigPath)
 		if err == nil && len(data) > 0 {
 			//accept from hostname config path instead
+			data = []byte(fmt.Sprintf("%q", data))
 		} else {
 			hostname, err2 := os.Hostname()
 			if err2 != nil {

diff --git a/api/code/dhcp.go b/api/code/dhcp.go
@@ -315,6 +315,12 @@ func dhcpRequest(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	wanif := getWanif()
+	if dhcp.Iface == wanif {
+		http.Error(w, "Refuse dhcp from wanif", 400)
+		return
+	}
+
 	Groupsmtx.Lock()
 	defer Groupsmtx.Unlock()
 

diff --git a/api/code/firewall.go b/api/code/firewall.go
@@ -1274,13 +1274,34 @@ func applyPingRules() {
 
 }
 
+func getWanif() string {
+	//tbd, use interfaces.json ?
+	return os.Getenv("WANIF")
+}
+
+func getWanifs() []string {
+	Interfacesmtx.Lock()
+	interfaces := loadInterfacesConfigLocked()
+	Interfacesmtx.Unlock()
+
+	wanifs := []string{}
+
+	for _, iface := range interfaces {
+		if iface.Type == "Uplink" && iface.Enabled == true {
+			wanifs = append(wanifs, iface.Name)
+		}
+	}
+
+	return wanifs
+}
+
 func populateSets() {
-	//dhcp config loading already handles supernetworks mana
+	//dhcp config loading already handles supernetworks
 	Interfacesmtx.Lock()
 	interfaces := loadInterfacesConfigLocked()
 	Interfacesmtx.Unlock()
 
-	wanif := os.Getenv("WANIF")
+	wanif := getWanif()
 	found_wanif := false
 	for _, iface := range interfaces {
 		if iface.Name == wanif {

diff --git a/api/code/radios.go b/api/code/radios.go
@@ -54,6 +54,9 @@ func doReloadPSKFiles() {
 	wpa2 := ""
 	sae := ""
 
+	//apple downgrade workaround https://feedbackassistant.apple.com/feedback/9991042
+	downgradeWorkaround := false
+
 	for keyval, entry := range devices {
 		if entry.DeviceDisabled == true {
 			continue
@@ -67,16 +70,18 @@ func doReloadPSKFiles() {
 			//set wildcard password at front. hostapd uses a FILO for the sae keys
 			if entry.PSKEntry.Type == "sae" {
 				sae = entry.PSKEntry.Psk + "|mac=ff:ff:ff:ff:ff:ff" + "\n" + sae
-				//apple downgrade workaround https://feedbackassistant.apple.com/feedback/9991042
-				wpa2 = "00:00:00:00:00:00 " + entry.PSKEntry.Psk + "\n" + wpa2
+				if downgradeWorkaround {
+					wpa2 = "00:00:00:00:00:00 " + entry.PSKEntry.Psk + "\n" + wpa2
+				}
 			} else if entry.PSKEntry.Type == "wpa2" {
 				wpa2 = "00:00:00:00:00:00 " + entry.PSKEntry.Psk + "\n" + wpa2
 			}
 		} else {
 			if entry.PSKEntry.Type == "sae" {
 				sae += entry.PSKEntry.Psk + "|mac=" + entry.MAC + "\n"
-				//apple downgrade workaround https://feedbackassistant.apple.com/feedback/9991042
-				wpa2 += entry.MAC + " " + entry.PSKEntry.Psk + "\n"
+				if downgradeWorkaround {
+					wpa2 += entry.MAC + " " + entry.PSKEntry.Psk + "\n"
+				}
 			} else if entry.PSKEntry.Type == "wpa2" {
 				wpa2 += entry.MAC + " " + entry.PSKEntry.Psk + "\n"
 			}

diff --git a/docker-compose-test.yml b/docker-compose-test.yml
@@ -28,10 +28,10 @@ services:
     privileged: true
     logging: *default-logging
     volumes:
-      - ./configs/base/:/configs/base/
-      - ./state/base/:/state/base/
-      - ./state/plugins/:/state/plugins/
-      - ./plugins/:/plugins/
+      - ${PWD}/configs/base/:/configs/base/
+      - ${PWD}/state/base/:/state/base/
+      - ${PWD}/state/plugins/:/state/plugins/
+      - ${PWD}/plugins/:/plugins/
   superd:
     container_name: superd
     image: ghcr.io/spr-networks/super_superd:${RELEASE_VERSION:-latest}${RELEASE_CHANNEL:-}
@@ -47,9 +47,9 @@ services:
     logging: *default-logging
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
-      - ./configs/base/:/configs/base/
-      - ./state/api/eventbus.sock:/state/api/eventbus.sock
-      - ./:/super/
+      - ${PWD}/configs/base/:/configs/base/
+      - ${PWD}/state/api/eventbus.sock:/state/api/eventbus.sock
+      - ${PWD}/:/super/
   dhcp:
     container_name: superdhcp
     image: ghcr.io/spr-networks/super_dhcp:${RELEASE_VERSION:-latest}${RELEASE_CHANNEL:-}
@@ -66,10 +66,10 @@ services:
       - "base"
     logging: *default-logging
     volumes:
-      - ./configs/base/:/configs/base/:ro
-      - ./configs/dhcp/:/configs/dhcp/
-      - ./state/dhcp/:/state/dhcp/
-      - ./state/plugins/mesh/:/state/plugins/mesh/:ro
+      - ${PWD}/configs/base/:/configs/base/:ro
+      - ${PWD}/configs/dhcp/:/configs/dhcp/
+      - ${PWD}/state/dhcp/:/state/dhcp/
+      - ${PWD}/state/plugins/mesh/:/state/plugins/mesh/:ro
       - /sys/fs/bpf:/sys/fs/bpf
   dhcp_client:
     container_name: superdhcp_client
@@ -88,8 +88,8 @@ services:
     logging: *default-logging
     entrypoint: /scripts/client.sh
     volumes:
-      - ./configs/base/:/configs/base/:ro
-      - ./state/dhcp-client/:/state/dhcp-client/
+      - ${PWD}/configs/base/:/configs/base/:ro
+      - ${PWD}/state/dhcp-client/:/state/dhcp-client/
   dns:
     container_name: superdns
     image: ghcr.io/spr-networks/super_dns:${RELEASE_VERSION:-latest}${RELEASE_CHANNEL:-}
@@ -106,11 +106,11 @@ services:
     depends_on:
       - "base"
     volumes:
-      - ./configs/dns/:/configs/dns/
-      - ./state/api/:/state/api/
-      - ./state/dns/:/state/dns/
-      - ./state/plugins/mesh/:/state/plugins/mesh/:ro
-      - ./state/public/:/state/public/:ro
+      - ${PWD}/configs/dns/:/configs/dns/
+      - ${PWD}/state/api/:/state/api/
+      - ${PWD}/state/dns/:/state/dns/
+      - ${PWD}/state/plugins/mesh/:/state/plugins/mesh/:ro
+      - ${PWD}/state/public/:/state/public/:ro
   wifid:
     container_name: superwifid
     image: ghcr.io/spr-networks/super_wifid:${RELEASE_VERSION:-latest}${RELEASE_CHANNEL:-}
@@ -129,9 +129,9 @@ services:
       - "dhcp"
       - "multicast_udp_proxy"
     volumes:
-      - ./configs/base/:/configs/base/:ro
-      - ./configs/wifi/:/configs/wifi/
-      - ./state/wifi/:/state/wifi/
+      - ${PWD}/configs/base/:/configs/base/:ro
+      - ${PWD}/configs/wifi/:/configs/wifi/
+      - ${PWD}/state/wifi/:/state/wifi/
   multicast_udp_proxy:
     container_name: super_multicast_udp_proxy
     image: ghcr.io/spr-networks/super_multicast_udp_proxy:${RELEASE_VERSION:-latest}${RELEASE_CHANNEL:-}
@@ -149,9 +149,9 @@ services:
       - "api"
     logging: *default-logging
     volumes:
-      - ./configs/base/:/configs/base/:ro
-      - ./state/public/:/state/public/:ro
-      - ./state/plugins/mesh/:/state/plugins/mesh/:ro
+      - ${PWD}/configs/base/:/configs/base/:ro
+      - ${PWD}/state/public/:/state/public/:ro
+      - ${PWD}/state/plugins/mesh/:/state/plugins/mesh/:ro
   wireguard:
     container_name: superwireguard
     image: ghcr.io/spr-networks/super_wireguard:${RELEASE_VERSION:-latest}${RELEASE_CHANNEL:-}
@@ -170,11 +170,11 @@ services:
       - "api"
     logging: *default-logging
     volumes:
-      - ./configs/base/:/configs/base/:ro
-      - ./configs/wireguard/:/configs/wireguard/
-      - ./state/plugins/wireguard/:/state/plugins/wireguard/
-      - ./state/plugins/mesh/:/state/plugins/mesh/:ro
-      - ./state/dhcp/:/state/dhcp/
+      - ${PWD}/configs/base/:/configs/base/:ro
+      - ${PWD}/configs/wireguard/:/configs/wireguard/
+      - ${PWD}/state/plugins/wireguard/:/state/plugins/wireguard/
+      - ${PWD}/state/plugins/mesh/:/state/plugins/mesh/:ro
+      - ${PWD}/state/dhcp/:/state/dhcp/
   frontend:
     container_name: superfrontend
     image: ghcr.io/spr-networks/super_frontend:${RELEASE_VERSION:-latest}${RELEASE_CHANNEL:-}
@@ -188,7 +188,7 @@ services:
         - ghcr.io/spr-networks/super_frontend:${RELEASE_VERSION:-latest}${RELEASE_CHANNEL:-}
     network_mode: none
     volumes:
-      - ./frontend/:/frontend
+      - ${PWD}/frontend/:/frontend
   api:
     container_name: superapi
     image: ghcr.io/spr-networks/super_api:${RELEASE_VERSION:-latest}${RELEASE_CHANNEL:-}
@@ -208,27 +208,27 @@ services:
       - "superd"
     logging: *default-logging
     volumes:
-      - ./configs/auth/:/configs/auth/
-      - ./configs/base/:/configs/base/
-      - ./configs/devices/:/configs/devices/
-      - ./configs/dns:/configs/dns/
-      - ./configs/plugins/:/configs/plugins/
-      - ./configs/ppp:/configs/ppp/
-      - ./configs/wifi/:/configs/wifi/
-      - ./configs/wifi_uplink/:/configs/wifi_uplink/
-      - ./configs/wireguard/:/configs/wireguard/
-      - ./configs/scripts/:/configs/scripts/
-      - ./configs/pfw/:/configs/pfw/
-      - ./state/wifi/:/state/wifi/
-      - ./state/dhcp/:/state/dhcp/
-      - ./state/dns/:/state/dns/
-      - ./state/api/:/state/api/
-      - ./state/backups/:/state/backups/
-      - ./state/base/:/state/base/
-      - ./state/dhcp-client/:/state/dhcp-client/
-      - ./state/plugins/:/state/plugins/
-      - ./state/public/:/state/public/
-      - ./frontend/build:/ui/
+      - ${PWD}/configs/auth/:/configs/auth/
+      - ${PWD}/configs/base/:/configs/base/
+      - ${PWD}/configs/devices/:/configs/devices/
+      - ${PWD}/configs/dns:/configs/dns/
+      - ${PWD}/configs/plugins/:/configs/plugins/
+      - ${PWD}/configs/ppp:/configs/ppp/
+      - ${PWD}/configs/wifi/:/configs/wifi/
+      - ${PWD}/configs/wifi_uplink/:/configs/wifi_uplink/
+      - ${PWD}/configs/wireguard/:/configs/wireguard/
+      - ${PWD}/configs/scripts/:/configs/scripts/
+      - ${PWD}/configs/pfw/:/configs/pfw/
+      - ${PWD}/state/wifi/:/state/wifi/
+      - ${PWD}/state/dhcp/:/state/dhcp/
+      - ${PWD}/state/dns/:/state/dns/
+      - ${PWD}/state/api/:/state/api/
+      - ${PWD}/state/backups/:/state/backups/
+      - ${PWD}/state/base/:/state/base/
+      - ${PWD}/state/dhcp-client/:/state/dhcp-client/
+      - ${PWD}/state/plugins/:/state/plugins/
+      - ${PWD}/state/public/:/state/public/
+      - ${PWD}/frontend/build:/ui/
       - /var/log/journal:/var/log/journal:ro
       - /var/run/docker.sock:/var/run/docker.sock:ro
   plugin-lookup:
@@ -247,7 +247,7 @@ services:
       - "base"
       - "dns"
     volumes:
-      - ./state/plugins/plugin-lookup/:/state/plugins/plugin-lookup/
+      - ${PWD}/state/plugins/plugin-lookup/:/state/plugins/plugin-lookup/
   packet_logs:
     container_name: superpacket_logs
     image: ghcr.io/spr-networks/super_packet_logs:${RELEASE_VERSION:-latest}${RELEASE_CHANNEL:-}
@@ -263,9 +263,9 @@ services:
     restart: always
     logging: *default-logging
     volumes:
-      - ./state/api/:/state/api/
-      - ./state/plugins/packet_logs/:/state/plugins/packet_logs
-      - ./configs/base/:/configs/base/:ro
+      - ${PWD}/state/api/:/state/api/
+      - ${PWD}/state/plugins/packet_logs/:/state/plugins/packet_logs
+      - ${PWD}/configs/base/:/configs/base/:ro
       - /dev/log:/dev/log
   db:
     container_name: superdb
@@ -282,7 +282,7 @@ services:
       - "api"
     logging: *default-logging
     volumes:
-      - ./configs/base/:/configs/base/:ro
-      - ./configs/db/:/configs/db/
-      - ./state/api/:/state/api/
-      - ./state/plugins/db/:/state/plugins/db/
+      - ${PWD}/configs/base/:/configs/base/:ro
+      - ${PWD}/configs/db/:/configs/db/
+      - ${PWD}/state/api/:/state/api/
+      - ${PWD}/state/plugins/db/:/state/plugins/db/