Refactor - now wireguard based. (#7)

2026-06-12 15:11:01 +00:00
parent 5ae075647d
commit 9a3cb2d1c2
105 changed files with 3776 additions and 4251 deletions
--- a/peer/hub_poller.go
+++ b/peer/hub_poller.go
@@ -0,0 +1,153 @@
+package peer
+
+import (
+	"encoding/json"
+	"io"
+	"log"
+	"net/http"
+	"net/netip"
+	"net/url"
+	"time"
+
+	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
+
+	"vppn/m"
+)
+
+const hubPollInterval = 64 * time.Second
+
+type HubPoller struct {
+	selfVPNIP netip.Addr
+	vpnNet    netip.Prefix
+	hubURL    string
+	apiKey    string
+	statePath string // where the network state cache is persisted
+	addCh     chan<- m.Peer
+	removeCh  chan<- wgtypes.Key
+	known     map[wgtypes.Key]struct{} // pubKeys currently configured
+}
+
+func NewHubPoller(
+	selfVPNIP netip.Addr,
+	vpnNet netip.Prefix,
+	hubURL, apiKey string,
+	statePath string,
+	addCh chan<- m.Peer,
+	removeCh chan<- wgtypes.Key,
+) (*HubPoller, error) {
+	u, err := url.Parse(hubURL)
+	if err != nil {
+		return nil, err
+	}
+	u.Path = "/peer/fetch-state/"
+
+	return &HubPoller{
+		selfVPNIP: selfVPNIP,
+		vpnNet:    vpnNet,
+		hubURL:    u.String(),
+		apiKey:    apiKey,
+		statePath: statePath,
+		addCh:     addCh,
+		removeCh:  removeCh,
+		known:     make(map[wgtypes.Key]struct{}),
+	}, nil
+}
+
+func (hp *HubPoller) Run() {
+	// Prime from the on-disk cache before reaching the hub, so the peer
+	// configures WireGuard from its last known state even if the hub is down.
+	// known starts empty, so this emits every cached peer as an add; the first
+	// real poll then emits only deltas (adds for new peers, removes for gone).
+	if state, err := loadNetworkState(hp.statePath); err == nil {
+		hp.apply(state)
+	}
+
+	hp.poll()
+	for range time.Tick(hubPollInterval) {
+		hp.poll()
+	}
+}
+
+func (hp *HubPoller) poll() {
+	req, err := http.NewRequest(http.MethodGet, hp.hubURL, nil)
+	if err != nil {
+		log.Printf("[HubPoller] build request: %v", err)
+		return
+	}
+	req.SetBasicAuth("", hp.apiKey)
+
+	client := &http.Client{Timeout: 32 * time.Second}
+	resp, err := client.Do(req)
+	if err != nil {
+		log.Printf("[HubPoller] fetch: %v", err)
+		return
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		log.Printf("[HubPoller] unexpected status %d", resp.StatusCode)
+		return
+	}
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		log.Printf("[HubPoller] read body: %v", err)
+		return
+	}
+
+	var state m.NetworkState
+	if err := json.Unmarshal(body, &state); err != nil {
+		log.Printf("[HubPoller] unmarshal: %v", err)
+		return
+	}
+
+	// Persist only when the state actually changed, to avoid needless writes
+	// on every poll.
+	if hp.apply(state) {
+		if err := saveNetworkState(hp.statePath, state); err != nil {
+			log.Printf("[HubPoller] save state: %v", err)
+		}
+	}
+}
+
+// apply diffs state against the set of known peers, emitting an add for each
+// newly-seen peer and a remove for each that disappeared. It returns true if
+// anything changed. A peer's config is immutable under a stable WG key (the hub
+// has no peer-edit path), so a key already in known needs no re-emit.
+func (hp *HubPoller) apply(state m.NetworkState) (changed bool) {
+	seen := make(map[wgtypes.Key]struct{}, len(hp.known))
+
+	netAddr := hp.vpnNet.Addr().As4()
+
+	for _, p := range state.Peers {
+		if p.WGPubKey == (wgtypes.Key{}) {
+			continue
+		}
+
+		octets := netAddr
+		octets[3] = p.PeerIP
+		vpnIP := netip.AddrFrom4(octets)
+		if vpnIP == hp.selfVPNIP {
+			continue
+		}
+
+		seen[p.WGPubKey] = struct{}{}
+
+		if _, ok := hp.known[p.WGPubKey]; ok {
+			continue
+		}
+		hp.known[p.WGPubKey] = struct{}{}
+		hp.addCh <- p
+		changed = true
+	}
+
+	for key := range hp.known {
+		if _, ok := seen[key]; !ok {
+			delete(hp.known, key)
+			hp.removeCh <- key
+			changed = true
+		}
+	}
+
+	return changed
+}