nullnet-wallguard-server 0.1.0

A centralized management system for network firewalls
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

use crate::proto::wallguard::wall_guard_client::WallGuardClient;
pub use crate::proto::wallguard::{
    Authentication, ConfigSnapshot, FileSnapshot, Packet, Packets, SetupRequest,
};
use proto::wallguard::{CommonResponse, HeartbeatRequest, LoginRequest};
use tonic::transport::{Certificate, Channel, ClientTlsConfig};
use tonic::Request;

mod proto;

#[derive(Clone)]
pub struct WallGuardGrpcInterface {
    client: WallGuardClient<Channel>,
}

static CA_CERT: once_cell::sync::Lazy<Certificate> = once_cell::sync::Lazy::new(|| {
    Certificate::from_pem(
        std::fs::read_to_string("tls/ca.pem").expect("Failed to read CA certificate"),
    )
});

impl WallGuardGrpcInterface {
    #[allow(clippy::missing_panics_doc)]
    pub async fn new(addr: &str, port: u16) -> Self {
        let tls = ClientTlsConfig::new().ca_certificate(CA_CERT.to_owned());

        let Ok(channel) = Channel::from_shared(format!("https://{addr}:{port}"))
            .expect("Failed to parse address")
            .tls_config(tls)
            .expect("Failed to configure up TLS")
            .connect()
            .await
        else {
            println!("Failed to connect to the server. Retrying in 10 seconds...");
            tokio::time::sleep(std::time::Duration::from_secs(10)).await;
            return Box::pin(WallGuardGrpcInterface::new(addr, port)).await;
        };

        println!("Connected to the server");

        Self {
            client: WallGuardClient::new(channel),
        }
    }

    #[allow(clippy::missing_errors_doc)]
    pub async fn login(&mut self, app_id: String, app_secret: String) -> Result<String, String> {
        let response = self
            .client
            .login(Request::new(LoginRequest { app_id, app_secret }))
            .await
            .map_err(|e| e.to_string())?;

        Ok(response.into_inner().token)
    }

    #[allow(clippy::missing_errors_doc)]
    pub async fn heartbeat(&mut self, token: String) -> Result<CommonResponse, String> {
        self.client
            .heartbeat(Request::new(HeartbeatRequest {
                auth: Some(Authentication { token }),
            }))
            .await
            .map(|r| r.into_inner())
            .map_err(|e| e.to_string())
    }

    #[allow(clippy::missing_errors_doc)]
    pub async fn handle_packets(&mut self, message: Packets) -> Result<(), String> {
        self.client
            .handle_packets(Request::new(message))
            .await
            .map(|_| ())
            .map_err(|e| e.to_string())
    }

    #[allow(clippy::missing_errors_doc)]
    pub async fn handle_config(&mut self, message: ConfigSnapshot) -> Result<(), String> {
        self.client
            .handle_config(Request::new(message))
            .await
            .map(|_| ())
            .map_err(|e| e.to_string())
    }

    #[allow(clippy::missing_errors_doc)]
    pub async fn setup_client(&mut self, request: SetupRequest) -> Result<CommonResponse, String> {
        self.client
            .setup(Request::new(request))
            .await
            .map(|response| response.into_inner())
            .map_err(|e| e.to_string())
    }
}