merge direct_call_net_stats branch

Merge crypto library update for peach-lib.

.gitignore

@@ -1,2 +1,5 @@
 .idea
 target
+*peachdeploy.sh
+*vpsdeploy.sh
+*bindeploy.sh

Cargo.toml

@@ -11,6 +11,5 @@ members = [
     "peach-monitor",
     "peach-stats",
     "peach-jsonrpc-server",
-    "peach-probe",
     "peach-dyndns-updater"
 ]

peach-config/.cargo/config

@@ -1,4 +0,0 @@
-[target.aarch64-unknown-linux-gnu]
-linker = "aarch64-linux-gnu-gcc"
-objcopy = { path ="aarch64-linux-gnu-objcopy" }
-strip = { path ="aarch64-linux-gnu-strip" }

peach-config/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "peach-config"
-version = "0.1.10"
+version = "0.1.15"
 authors = ["Andrew Reid <gnomad@cryptolab.net>", "Max Fowler <max@mfowler.info>"]
 edition = "2018"
 description = "Command line tool for installing, updating and configuring PeachCloud"
@@ -35,3 +35,5 @@ structopt = "0.3.13"
 clap = "2.33.3"
 log = "0.4"
 lazy_static = "1.4.0"
+peach-lib = { path = "../peach-lib" }
+rpassword = "5.0"

peach-config/conf/config.txt_i2c

@@ -8,7 +8,7 @@ dtparam=i2c_arm=on
 # Apply device tree overlay to enable pull-up resistors for buttons
 device_tree_overlay=overlays/mygpio.dtbo
 
-kernel=vmlinuz-4.19.0-17-arm64
+kernel=vmlinuz-4.19.0-18-arm64
 # For details on the initramfs directive, see
 # https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=10532
-initramfs initrd.img-4.19.0-17-arm64
+initramfs initrd.img-4.19.0-18-arm64

peach-config/src/change_password.rs

@@ -0,0 +1,35 @@
+use crate::error::PeachConfigError;
+use crate::ChangePasswordOpts;
+use peach_lib::password_utils::set_new_password;
+
+///  Utility function to set the admin password for peach-web from the command-line.
+pub fn set_peach_web_password(opts: ChangePasswordOpts) -> Result<(), PeachConfigError> {
+    match opts.password {
+        // read password from CLI arg
+        Some(password) => {
+            set_new_password(&password)
+                .map_err(|err| PeachConfigError::ChangePasswordError { source: err })?;
+            println!(
+                "Your new password has been set for peach-web. You can login through the \
+           web interface with username admin."
+            );
+            Ok(())
+        }
+        // read password from tty
+        None => {
+            let pass1 = rpassword::read_password_from_tty(Some("New password: "))?;
+            let pass2 = rpassword::read_password_from_tty(Some("Confirm password: "))?;
+            if pass1 != pass2 {
+                Err(PeachConfigError::InvalidPassword)
+            } else {
+                set_new_password(&pass1)
+                    .map_err(|err| PeachConfigError::ChangePasswordError { source: err })?;
+                println!(
+                    "Your new password has been set for peach-web. You can login through the \
+                web interface with username admin."
+                );
+                Ok(())
+            }
+        }
+    }
+}

peach-config/src/error.rs

@@ -1,4 +1,5 @@
 #![allow(clippy::nonstandard_macro_braces)]
+use peach_lib::error::PeachError;
 pub use snafu::ResultExt;
 use snafu::Snafu;
 
@@ -30,6 +31,10 @@ pub enum PeachConfigError {
     },
     #[snafu(display("Error serializing json: {}", source))]
     SerdeError { source: serde_json::Error },
+    #[snafu(display("Error changing password: {}", source))]
+    ChangePasswordError { source: PeachError },
+    #[snafu(display("Entered passwords did not match. Please try again."))]
+    InvalidPassword,
 }
 
 impl From<std::io::Error> for PeachConfigError {

peach-config/src/main.rs

@@ -1,6 +1,8 @@
+mod change_password;
 mod constants;
 mod error;
 mod generate_manifest;
+mod set_permissions;
 mod setup_networking;
 mod setup_peach;
 mod setup_peach_deb;
@@ -12,10 +14,6 @@ use log::error;
 use serde::{Deserialize, Serialize};
 use structopt::StructOpt;
 
-use crate::generate_manifest::generate_manifest;
-use crate::setup_peach::setup_peach;
-use crate::update::update;
-
 #[derive(StructOpt, Debug)]
 #[structopt(
     name = "peach-config",
@@ -44,6 +42,14 @@ enum PeachConfig {
     /// Updates all PeachCloud microservices
     #[structopt(name = "update")]
     Update(UpdateOpts),
+
+    /// Changes the password for the peach-web interface
+    #[structopt(name = "changepassword")]
+    ChangePassword(ChangePasswordOpts),
+
+    /// Updates file permissions on PeachCloud device
+    #[structopt(name = "permissions")]
+    SetPermissions,
 }
 
 #[derive(StructOpt, Debug)]
@@ -76,6 +82,14 @@ pub struct UpdateOpts {
     list: bool,
 }
 
+#[derive(StructOpt, Debug)]
+pub struct ChangePasswordOpts {
+    /// Optional argument to specify password as CLI argument
+    /// if not specified, this command asks for user input for the passwords
+    #[structopt(short, long)]
+    password: Option<String>,
+}
+
 arg_enum! {
     /// enum options for real-time clock choices
     #[derive(Debug)]
@@ -99,28 +113,48 @@ fn main() {
     if let Some(subcommand) = opt.commands {
         match subcommand {
             PeachConfig::Setup(cfg) => {
-                match setup_peach(cfg.no_input, cfg.default_locale, cfg.i2c, cfg.rtc) {
+                match setup_peach::setup_peach(cfg.no_input, cfg.default_locale, cfg.i2c, cfg.rtc) {
                     Ok(_) => {}
                     Err(err) => {
                         error!("peach-config encountered an error: {}", err)
                     }
                 }
             }
-            PeachConfig::Manifest => match generate_manifest() {
+            PeachConfig::Manifest => match generate_manifest::generate_manifest() {
                 Ok(_) => {}
                 Err(err) => {
                     error!(
-                        "peach-config countered an error generating manifest: {}",
+                        "peach-config encountered an error generating manifest: {}",
                         err
                     )
                 }
             },
-            PeachConfig::Update(opts) => match update(opts) {
+            PeachConfig::Update(opts) => match update::update(opts) {
                 Ok(_) => {}
                 Err(err) => {
                     error!("peach-config encountered an error during update: {}", err)
                 }
             },
+            PeachConfig::ChangePassword(opts) => {
+                match change_password::set_peach_web_password(opts) {
+                    Ok(_) => {}
+                    Err(err) => {
+                        error!(
+                            "peach-config encountered an error during password update: {}",
+                            err
+                        )
+                    }
+                }
+            }
+            PeachConfig::SetPermissions => match set_permissions::set_permissions() {
+                Ok(_) => {}
+                Err(err) => {
+                    error!(
+                        "peach-config ecountered an error updating file permissions: {}",
+                        err
+                    )
+                }
+            },
         }
     }
 }

peach-config/src/set_permissions.rs

@@ -0,0 +1,21 @@
+use crate::error::PeachConfigError;
+use crate::utils::cmd;
+
+/// All configs are stored in this folder, and should be read/writeable by peach group
+/// so they can be read and written by all PeachCloud services.
+pub const CONFIGS_DIR: &str = "/var/lib/peachcloud";
+pub const PEACH_WEB_DIR: &str = "/usr/share/peach-web";
+
+/// Utility function to set correct file permissions on the PeachCloud device.
+/// Accidentally changing file permissions is a fairly common thing to happen,
+/// so this is a useful CLI function for quickly correcting anything that may be out of order.
+pub fn set_permissions() -> Result<(), PeachConfigError> {
+    println!("[ UPDATING FILE PERMISSIONS ON PEACHCLOUD DEVICE ]");
+    cmd(&["chmod", "-R", "u+rwX,g+rwX", CONFIGS_DIR])?;
+    cmd(&["chown", "-R", "peach", CONFIGS_DIR])?;
+    cmd(&["chgrp", "-R", "peach", CONFIGS_DIR])?;
+    cmd(&["chmod", "-R", "u+rwX,g+rwX", PEACH_WEB_DIR])?;
+    cmd(&["chown", "-R", "peach-web:peach", PEACH_WEB_DIR])?;
+    println!("[ PERMISSIONS SUCCESSFULLY UPDATED ]");
+    Ok(())
+}

peach-config/src/setup_peach.rs

@@ -68,6 +68,7 @@ pub fn setup_peach(
         "libssl-dev",
         "nginx",
         "wget",
+        "dnsutils",
         "-y",
     ])?;
 

peach-dyndns-updater/.cargo/config

@@ -1,4 +0,0 @@
-[target.aarch64-unknown-linux-gnu]
-linker = "aarch64-linux-gnu-gcc"
-objcopy = { path ="aarch64-linux-gnu-objcopy" }
-strip = { path ="aarch64-linux-gnu-strip" }

peach-dyndns-updater/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "peach-dyndns-updater"
-version = "0.1.6"
+version = "0.1.8"
 authors = ["Max Fowler <mfowler@commoninternet.net>"]
 edition = "2018"
 description = "Sytemd timer which keeps a dynamic dns subdomain up to date with the latest device IP using nsupdate."

peach-dyndns-updater/bindeploy.sh

@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+# exit when any command fails
+set -e
+
+KEYFILE=/Users/notplants/.ssh/id_rsa
+SERVICE=peach-dyndns-updater
+
+# deploy
+rsync -avzh --exclude target --exclude .idea --exclude .git -e "ssh -i $KEYFILE" . rust@167.99.136.83:/srv/peachcloud/automation/peach-workspace/$SERVICE/
+rsync -avzh --exclude target --exclude .idea --exclude .git -e "ssh -i $KEYFILE" ~/computer/projects/peachcloud/peach-workspace/peach-lib/ rust@167.99.136.83:/srv/peachcloud/automation/peach-workspace/peach-lib/
+
+echo "++ cross compiling on vps"
+BIN_PATH=$(ssh -i $KEYFILE rust@167.99.136.83 'cd /srv/peachcloud/automation/peach-workspace/peach-dyndns-updater; /home/rust/.cargo/bin/cargo clean -p peach-lib; /home/rust/.cargo/bin/cargo build --release --target=aarch64-unknown-linux-gnu')
+
+echo "++ copying ${BIN_PATH} to local"
+rm -f target/$SERVICE
+scp -i $KEYFILE rust@167.99.136.83:/srv/peachcloud/automation/peach-workspace/target/aarch64-unknown-linux-gnu/release/peach-dyndns-updater ../target/vps-bin-$SERVICE
+
+#echo "++ cross compiling"
+BINFILE="../target/vps-bin-$SERVICE"
+echo $BINFILE
+
+
+echo "++ build successful"
+
+echo "++ copying to pi"
+ssh -t -i $KEYFILE peach@peach.link 'mkdir -p /srv/dev/bins'
+scp -i $KEYFILE $BINFILE peach@peach.link:/srv/dev/bins/$SERVICE
+

peach-dyndns-updater/src/main.rs

@@ -1,6 +1,5 @@
+use log::info;
 use peach_lib::dyndns_client::dyndns_update_ip;
-use log::{info};
-
 
 fn main() {
     // initalize the logger

peach-lib/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "peach-lib"
-version = "1.3.1"
+version = "1.3.2"
 authors = ["Andrew Reid <glyph@mycelial.technology>"]
 edition = "2018"
 
@@ -13,7 +13,7 @@ jsonrpc-core = "8.0.1"
 log = "0.4"
 nanorand = "0.6.1"
 regex = "1"
-rust-crypto = "0.2.36"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 serde_yaml = "0.8"
+sha3 = "0.10.0"

peach-lib/src/config_manager.rs

@@ -17,6 +17,10 @@ pub const YAML_PATH: &str = "/var/lib/peachcloud/config.yml";
 // lock file (used to avoid race conditions during config reading & writing)
 pub const LOCK_FILE_PATH: &str = "/var/lib/peachcloud/config.lock";
 
+// default values
+pub const DEFAULT_DYN_SERVER_ADDRESS: &str = "http://dynserver.dyn.peachcloud.org";
+pub const DEFAULT_DYN_NAMESERVER: &str = "ns.peachcloud.org";
+
 // we make use of Serde default values in order to make PeachCloud
 // robust and keep running even with a not fully complete config.yml
 // main type which represents all peachcloud configurations
@@ -29,6 +33,10 @@ pub struct PeachConfig {
     #[serde(default)]
     pub dyn_dns_server_address: String,
     #[serde(default)]
+    pub dyn_use_custom_server: bool,
+    #[serde(default)]
+    pub dyn_nameserver: String,
+    #[serde(default)]
     pub dyn_tsig_key_path: String,
     #[serde(default)] // default is false
     pub dyn_enabled: bool,
@@ -63,20 +71,19 @@ fn save_peach_config(peach_config: PeachConfig) -> Result<PeachConfig, PeachErro
 pub fn load_peach_config() -> Result<PeachConfig, PeachError> {
     let peach_config_exists = std::path::Path::new(YAML_PATH).exists();
 
-    let peach_config: PeachConfig;
+    let peach_config: PeachConfig = if !peach_config_exists {
-
+        PeachConfig {
-    // if this is the first time loading peach_config, we can create a default here
-    if !peach_config_exists {
-        peach_config = PeachConfig {
             external_domain: "".to_string(),
             dyn_domain: "".to_string(),
-            dyn_dns_server_address: "".to_string(),
+            dyn_dns_server_address: DEFAULT_DYN_SERVER_ADDRESS.to_string(),
+            dyn_use_custom_server: false,
+            dyn_nameserver: DEFAULT_DYN_NAMESERVER.to_string(),
             dyn_tsig_key_path: "".to_string(),
             dyn_enabled: false,
             ssb_admin_ids: Vec::new(),
             admin_password_hash: "".to_string(),
             temporary_password_hash: "".to_string(),
-        };
+        }
     }
     // otherwise we load peach config from disk
     else {
@@ -84,8 +91,8 @@ pub fn load_peach_config() -> Result<PeachConfig, PeachError> {
             source,
             path: YAML_PATH.to_string(),
         })?;
-        peach_config = serde_yaml::from_str(&contents)?;
+        serde_yaml::from_str(&contents)?
-    }
+    };
 
     Ok(peach_config)
 }
@@ -122,6 +129,18 @@ pub fn get_peachcloud_domain() -> Result<Option<String>, PeachError> {
     }
 }
 
+pub fn get_dyndns_server_address() -> Result<String, PeachError> {
+    let peach_config = load_peach_config()?;
+    // if the user is using a custom dyn server then load the address from the config
+    if peach_config.dyn_use_custom_server {
+        Ok(peach_config.dyn_dns_server_address)
+    }
+    // otherwise hardcode the address
+    else {
+        Ok(DEFAULT_DYN_SERVER_ADDRESS.to_string())
+    }
+}
+
 pub fn set_dyndns_enabled_value(enabled_value: bool) -> Result<PeachConfig, PeachError> {
     let mut peach_config = load_peach_config()?;
     peach_config.dyn_enabled = enabled_value;

peach-lib/src/dyndns_client.rs

@@ -9,13 +9,8 @@
 //!
 //! The domain for dyndns updates is stored in /var/lib/peachcloud/config.yml
 //! The tsig key for authenticating the updates is stored in /var/lib/peachcloud/peach-dyndns/tsig.key
-use std::{
+use std::ffi::OsStr;
-    fs,
+use std::{fs, fs::OpenOptions, io::Write, process::Command, str::FromStr};
-    fs::OpenOptions,
-    io::Write,
-    process::{Command, Stdio},
-    str::FromStr,
-};
 
 use chrono::prelude::*;
 use jsonrpc_client_core::{expand_params, jsonrpc_client};
@@ -23,13 +18,10 @@ use jsonrpc_client_http::HttpTransport;
 use log::{debug, info};
 use regex::Regex;
 
-use crate::{
+use crate::config_manager::get_dyndns_server_address;
-    config_manager::{load_peach_config, set_peach_dyndns_config},
+use crate::{config_manager, error::PeachError};
-    error::PeachError,
-};
 
 /// constants for dyndns configuration
-pub const PEACH_DYNDNS_URL: &str = "http://dynserver.dyn.peachcloud.org";
 pub const TSIG_KEY_PATH: &str = "/var/lib/peachcloud/peach-dyndns/tsig.key";
 pub const PEACH_DYNDNS_CONFIG_PATH: &str = "/var/lib/peachcloud/peach-dyndns";
 pub const DYNDNS_LOG_PATH: &str = "/var/lib/peachcloud/peach-dyndns/latest_result.log";
@@ -62,9 +54,10 @@ pub fn save_dyndns_key(key: &str) -> Result<(), PeachError> {
 pub fn register_domain(domain: &str) -> std::result::Result<String, PeachError> {
     debug!("Creating HTTP transport for dyndns client.");
     let transport = HttpTransport::new().standalone()?;
-    let http_server = PEACH_DYNDNS_URL;
+    let http_server = get_dyndns_server_address()?;
-    debug!("Creating HTTP transport handle on {}.", http_server);
+    info!("Using dyndns http server address: {:?}", http_server);
-    let transport_handle = transport.handle(http_server)?;
+    debug!("Creating HTTP transport handle on {}.", &http_server);
+    let transport_handle = transport.handle(&http_server)?;
     info!("Creating client for peach-dyndns service.");
     let mut client = PeachDynDnsClient::new(transport_handle);
 
@@ -73,7 +66,8 @@ pub fn register_domain(domain: &str) -> std::result::Result<String, PeachError>
     // save new TSIG key
     save_dyndns_key(&key)?;
     // save new configuration values
-    let set_config_result = set_peach_dyndns_config(domain, PEACH_DYNDNS_URL, TSIG_KEY_PATH, true);
+    let set_config_result =
+        config_manager::set_peach_dyndns_config(domain, &http_server, TSIG_KEY_PATH, true);
     match set_config_result {
         Ok(_) => {
             let response = "success".to_string();
@@ -87,9 +81,9 @@ pub fn register_domain(domain: &str) -> std::result::Result<String, PeachError>
 pub fn is_domain_available(domain: &str) -> std::result::Result<bool, PeachError> {
     debug!("Creating HTTP transport for dyndns client.");
     let transport = HttpTransport::new().standalone()?;
-    let http_server = PEACH_DYNDNS_URL;
+    let http_server = get_dyndns_server_address()?;
-    debug!("Creating HTTP transport handle on {}.", http_server);
+    debug!("Creating HTTP transport handle on {}.", &http_server);
-    let transport_handle = transport.handle(http_server)?;
+    let transport_handle = transport.handle(&http_server)?;
     info!("Creating client for peach_network service.");
     let mut client = PeachDynDnsClient::new(transport_handle);
 
@@ -113,31 +107,31 @@ fn get_public_ip_address() -> Result<String, PeachError> {
 /// Reads dyndns configurations from config.yml
 /// and then uses nsupdate to update the IP address for the configured domain
 pub fn dyndns_update_ip() -> Result<bool, PeachError> {
-    info!("Running dyndns_update_ip");
+    let peach_config = config_manager::load_peach_config()?;
-    let peach_config = load_peach_config()?;
     info!(
         "Using config:
     dyn_tsig_key_path: {:?}
     dyn_domain: {:?}
     dyn_dns_server_address: {:?}
     dyn_enabled: {:?}
+    dyn_nameserver: {:?}
     ",
         peach_config.dyn_tsig_key_path,
         peach_config.dyn_domain,
         peach_config.dyn_dns_server_address,
         peach_config.dyn_enabled,
+        peach_config.dyn_nameserver,
     );
     if !peach_config.dyn_enabled {
         info!("dyndns is not enabled, not updating");
         Ok(false)
     } else {
         // call nsupdate passing appropriate configs
-        let mut nsupdate_command = Command::new("/usr/bin/nsupdate")
+        let mut nsupdate_command = Command::new("/usr/bin/nsupdate");
+        nsupdate_command
             .arg("-k")
             .arg(&peach_config.dyn_tsig_key_path)
-            .arg("-v")
+            .arg("-v");
-            .stdin(Stdio::piped())
-            .spawn()?;
         // pass nsupdate commands via stdin
         let public_ip_address = get_public_ip_address()?;
         info!("found public ip address: {}", public_ip_address);
@@ -148,20 +142,20 @@ pub fn dyndns_update_ip() -> Result<bool, PeachError> {
         update delete {DOMAIN} A
         update add {DOMAIN} 30 A {PUBLIC_IP_ADDRESS}
         send",
-            NAMESERVER = "ns.peachcloud.org",
+            NAMESERVER = peach_config.dyn_nameserver,
             ZONE = peach_config.dyn_domain,
             DOMAIN = peach_config.dyn_domain,
             PUBLIC_IP_ADDRESS = public_ip_address,
         );
-        let mut nsupdate_stdin = nsupdate_command.stdin.take().ok_or(PeachError::NsUpdate {
+        info!("ns_commands: {:?}", ns_commands);
-            msg: "unable to capture stdin handle for `nsupdate` command".to_string(),
+        info!("creating nsupdate temp file");
-        })?;
+        let temp_file_path = "/var/lib/peachcloud/nsupdate.sh";
-        write!(nsupdate_stdin, "{}", ns_commands).map_err(|source| PeachError::Write {
+        // write ns_commands to temp_file
-            source,
+        fs::write(temp_file_path, ns_commands)?;
-            path: peach_config.dyn_tsig_key_path.to_string(),
+        nsupdate_command.arg(temp_file_path);
-        })?;
+        let nsupdate_output = nsupdate_command.output()?;
-        let nsupdate_output = nsupdate_command.wait_with_output()?;
+        let args: Vec<&OsStr> = nsupdate_command.get_args().collect();
-        info!("nsupdate output: {:?}", nsupdate_output);
+        info!("nsupdate command: {:?}", args);
         // We only return a successful result if nsupdate was successful
         if nsupdate_output.status.success() {
             info!("nsupdate succeeded, returning ok");
@@ -204,7 +198,7 @@ pub fn get_num_seconds_since_successful_dns_update() -> Result<Option<i64>, Peac
         })?;
         // replace newline if found
         // TODO: maybe we can use `.trim()` instead
-        let contents = contents.replace("\n", "");
+        let contents = contents.replace('\n', "");
         // TODO: consider adding additional context?
         let time_ran_dt = DateTime::parse_from_rfc3339(&contents).map_err(|source| {
             PeachError::ParseDateTime {
@@ -223,20 +217,15 @@ pub fn get_num_seconds_since_successful_dns_update() -> Result<Option<i64>, Peac
 /// and has successfully run recently (in the last six minutes)
 pub fn is_dns_updater_online() -> Result<bool, PeachError> {
     // first check if it is enabled in peach-config
-    let peach_config = load_peach_config()?;
+    let peach_config = config_manager::load_peach_config()?;
     let is_enabled = peach_config.dyn_enabled;
     // then check if it has successfully run within the last 6 minutes (60*6 seconds)
     let num_seconds_since_successful_update = get_num_seconds_since_successful_dns_update()?;
-    let ran_recently: bool;
+    let ran_recently: bool = match num_seconds_since_successful_update {
-    match num_seconds_since_successful_update {
+        Some(seconds) => seconds < (60 * 6),
-        Some(seconds) => {
-            ran_recently = seconds < (60 * 6);
-        }
         // if the value is None, then the last time it ran successfully is unknown
-        None => {
+        None => false,
-            ran_recently = false;
+    };
-        }
-    }
     // debug log
     info!("is_dyndns_enabled: {:?}", is_enabled);
     info!("dyndns_ran_recently: {:?}", ran_recently);
@@ -258,11 +247,10 @@ pub fn get_dyndns_subdomain(dyndns_full_domain: &str) -> Option<String> {
 }
 
 // helper function which checks if a dyndns domain is new
-pub fn check_is_new_dyndns_domain(dyndns_full_domain: &str) -> bool {
+pub fn check_is_new_dyndns_domain(dyndns_full_domain: &str) -> Result<bool, PeachError> {
-    // TODO: return `Result<bool, PeachError>` and replace `unwrap` with `?` operator
+    let peach_config = config_manager::load_peach_config()?;
-    let peach_config = load_peach_config().unwrap();
     let previous_dyndns_domain = peach_config.dyn_domain;
-    dyndns_full_domain != previous_dyndns_domain
+    Ok(dyndns_full_domain != previous_dyndns_domain)
 }
 
 jsonrpc_client!(pub struct PeachDynDnsClient {

peach-lib/src/password_utils.rs

@@ -1,5 +1,5 @@
-use crypto::{digest::Digest, sha3::Sha3};
 use nanorand::{Rng, WyRand};
+use sha3::{Digest, Sha3_256};
 
 use crate::{config_manager, error::PeachError, sbot_client};
 
@@ -37,9 +37,13 @@ pub fn set_new_password(new_password: &str) -> Result<(), PeachError> {
 
 /// Creates a hash from a password string
 pub fn hash_password(password: &str) -> String {
-    let mut hasher = Sha3::sha3_256();
+    let mut hasher = Sha3_256::new();
-    hasher.input_str(password);
+    // write input message
-    hasher.result_str()
+    hasher.update(password);
+    // read hash digest
+    let result = hasher.finalize();
+    // convert `u8` to `String`
+    result[0].to_string()
 }
 
 /// Sets a new temporary password for the admin user

peach-menu/.cargo/config

@@ -1,4 +0,0 @@
-[target.aarch64-unknown-linux-gnu]
-linker = "aarch64-linux-gnu-gcc"
-objcopy = { path ="aarch64-linux-gnu-objcopy" }
-strip = { path ="aarch64-linux-gnu-strip" }

peach-monitor/.cargo/config

@@ -1,4 +0,0 @@
-[target.aarch64-unknown-linux-gnu]
-linker = "aarch64-linux-gnu-gcc"
-objcopy = { path ="aarch64-linux-gnu-objcopy" }
-strip = { path ="aarch64-linux-gnu-strip" }

peach-network/.cargo/config

@@ -1,4 +0,0 @@
-[target.aarch64-unknown-linux-gnu]
-linker = "aarch64-linux-gnu-gcc"
-objcopy = { path ="aarch64-linux-gnu-objcopy" }
-strip = { path ="aarch64-linux-gnu-strip" }

peach-oled/.cargo/config

@@ -1,4 +0,0 @@
-[target.aarch64-unknown-linux-gnu]
-linker = "aarch64-linux-gnu-gcc"
-objcopy = { path ="aarch64-linux-gnu-objcopy" }
-strip = { path ="aarch64-linux-gnu-strip" }

peach-probe/.cargo/config

@@ -1,4 +0,0 @@
-[target.aarch64-unknown-linux-gnu]
-linker = "aarch64-linux-gnu-gcc"
-objcopy = { path ="aarch64-linux-gnu-objcopy" }
-strip = { path ="aarch64-linux-gnu-strip" }

peach-stats/.cargo/config

@@ -1,4 +0,0 @@
-[target.aarch64-unknown-linux-gnu]
-linker = "aarch64-linux-gnu-gcc"
-objcopy = { path ="aarch64-linux-gnu-objcopy" }
-strip = { path ="aarch64-linux-gnu-strip" }

peach-web/.cargo/config

@@ -1,4 +0,0 @@
-[target.aarch64-unknown-linux-gnu]
-linker = "aarch64-linux-gnu-gcc"
-objcopy = { path ="aarch64-linux-gnu-objcopy" }
-strip = { path ="aarch64-linux-gnu-strip" }

peach-web/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "peach-web"
-version = "0.4.12"
+version = "0.4.17"
 authors = ["Andrew Reid <gnomad@cryptolab.net>"]
 edition = "2018"
 description = "peach-web is a web application which provides a web interface for monitoring and interacting with the PeachCloud device. This allows administration of the single-board computer (ie. Raspberry Pi) running PeachCloud, as well as the ssb-server and related plugins."
@@ -21,6 +21,7 @@ maintainer-scripts="debian"
 systemd-units = { unit-name = "peach-web" }
 assets = [
     ["target/release/peach-web", "/usr/bin/", "755"],
+    ["Rocket.toml", "/usr/share/peach-web/Rocket.toml", "644"],
     ["templates/**/*", "/usr/share/peach-web/templates/", "644"],
     ["static/*", "/usr/share/peach-web/static/", "644"],
     ["static/css/*", "/usr/share/peach-web/static/css/", "644"],
@@ -40,6 +41,8 @@ log = "0.4"
 nest = "1.0.0"
 openssl = { version = "0.10", features = ["vendored"] }
 peach-lib = { path = "../peach-lib" }
+peach-network = { path = "../peach-network", features = ["serde_support"] }
+peach-stats = { path = "../peach-stats", features = ["serde_support"] }
 percent-encoding = "2.1.0"
 regex = "1"
 rocket = { version = "0.5.0-rc.1", features = ["json", "secrets"] }

peach-web/README.md

@@ -97,6 +97,20 @@ Remove configuration files (not removed with `apt-get remove`):
 
 `peach-web` is built on the Rocket webserver and Tera templating engine. It presents a web interface for interacting with the device. HTML is rendered server-side. Request handlers call JSON-RPC microservices and serve HTML and assets. A JSON API is exposed for remote calls and dynamic client-side content updates (via plain JavaScript following unobstructive design principles). Each Tera template is passed a context object. In the case of Rust, this object is a `struct` and must implement `Serialize`. The fields of the context object are available in the context of the template to be rendered.
 
+### Configuration 
+
+Configuration variables are stored in /var/lib/peachcloud/config.yml. 
+Peach-web also updates this file when changes are made to configurations via
+the web interface. peach-web has no database, so all configurations are stored in this file. 
+
+#### Dynamic DNS Configuration 
+
+Most users will want to use the default PeachCloud dynamic dns server. 
+If the config dyn_use_custom_server=false, then default values will be used. 
+If the config dyn_use_custom_server=true, then a value must also be set for dyn_dns_server_address (e.g.  "http://peachdynserver.commoninternet.net").
+This value is the URL of the instance of peach-dyndns-server that requests will be sent to for domain registration. 
+Using a custom value can here can be useful for testing. 
+
 ### Licensing
 
 AGPL-3.0

peach-web/Rocket.toml

@@ -1,3 +1,6 @@
+[default]
+secret_key = "VYVUDivXvu8g6llxeJd9F92pMfocml5xl/Jjv5Sk4yw="
+
 [development]
 template_dir = "templates/"
 disable_auth = true

peach-web/debian/postinst

@@ -5,54 +5,18 @@ set -e
 adduser --quiet --system peach-web
 usermod -g peach peach-web
 
-# create secret passwords folder if it doesn't already exist
-mkdir -p /var/lib/peachcloud/passwords
-chown -R peach-web:peach /var/lib/peachcloud/passwords
-chmod -R u+rwX,go+rX,go-w /var/lib/peachcloud/passwords
-
 # create nginx config
 cat <<EOF > /etc/nginx/sites-enabled/default
 server {
 	listen 80 default_server;
 	server_name peach.local www.peach.local;
 
-    # nginx authentication
-    auth_basic           "If you have forgotten your password visit: http://peach.local/send_password_reset/";
-    auth_basic_user_file /var/lib/peachcloud/passwords/htpasswd;
-
     # remove trailing slash if found
     rewrite ^/(.*)/$ /$1 permanent;
 
     location / {
 		proxy_pass http://127.0.0.1:3000;
 	}
-
-   # public routes
-   location /send_password_reset {
-        auth_basic off;
-        proxy_pass http://127.0.0.1:3000;
-   }
-   location /reset_password {
-        auth_basic off;
-        proxy_pass http://127.0.0.1:3000;
-   }
-   location /public/ {
-        auth_basic off;
-        proxy_pass http://127.0.0.1:3000;
-   }
-   location /js/ {
-	    auth_basic off;
-        proxy_pass http://127.0.0.1:3000;
-   }
-   location /css/ {
-	    auth_basic off;
-        proxy_pass http://127.0.0.1:3000;
-   }
-   location /icons/ {
-	    auth_basic off;
-        proxy_pass http://127.0.0.1:3000;
-   }
-
 }
 EOF
 

peach-web/src/routes/settings/dns.rs

@@ -40,7 +40,7 @@ pub fn save_dns_configuration(dns_form: DnsForm) -> Result<(), PeachWebError> {
     if dns_form.enable_dyndns {
         let full_dynamic_domain = get_full_dynamic_domain(&dns_form.dynamic_domain);
         // check if this is a new domain or if its already registered
-        let is_new_domain = check_is_new_dyndns_domain(&full_dynamic_domain);
+        let is_new_domain = check_is_new_dyndns_domain(&full_dynamic_domain)?;
         if is_new_domain {
             match dyndns_client::register_domain(&full_dynamic_domain) {
                 Ok(_) => {

peach-web/src/routes/status/device.rs

@@ -3,8 +3,8 @@ use rocket::{
     get, post,
     request::FlashMessage,
     response::{Flash, Redirect},
+    serde::json::Value,
 };
-
 use rocket_dyn_templates::Template;
 use serde::Serialize;
 use std::{
@@ -12,13 +12,16 @@ use std::{
     process::{Command, Output},
 };
 
-use peach_lib::config_manager::load_peach_config;
+use peach_lib::{
-use peach_lib::stats_client::{CpuStatPercentages, DiskUsage, LoadAverage, MemStat};
+    config_manager::load_peach_config, dyndns_client, network_client, oled_client, sbot_client,
-use peach_lib::{dyndns_client, network_client, oled_client, sbot_client, stats_client};
+};
+use peach_stats::{
+    stats,
+    stats::{CpuStatPercentages, DiskUsage, LoadAverage, MemStat},
+};
 
 use crate::routes::authentication::Authenticated;
 use crate::utils::build_json_response;
-use rocket::serde::json::Value;
 
 // HELPERS AND ROUTES FOR /status
 
@@ -34,7 +37,6 @@ pub struct StatusContext {
     pub mem_stats: Option<MemStat>,
     pub network_ping: String,
     pub oled_ping: String,
-    pub stats_ping: String,
     pub dyndns_enabled: bool,
     pub dyndns_is_online: bool,
     pub config_is_valid: bool,
@@ -46,9 +48,12 @@ pub struct StatusContext {
 impl StatusContext {
     pub fn build() -> StatusContext {
         // convert result to Option<CpuStatPercentages>, discard any error
-        let cpu_stat_percent = stats_client::cpu_stats_percent().ok();
+        let cpu_stat_percent = stats::cpu_stats_percent().ok();
-        let load_average = stats_client::load_average().ok();
+        let load_average = stats::load_average().ok();
-        let mem_stats = stats_client::mem_stats().ok();
+        let mem_stats = stats::mem_stats().ok();
+        // TODO: add `wpa_supplicant_status` to peach_network to replace this ping call
+        // instead of: "is the network json-rpc server running?", we want to ask:
+        // "is the wpa_supplicant systemd service functioning correctly?"
         let network_ping = match network_client::ping() {
             Ok(_) => "ONLINE".to_string(),
             Err(_) => "OFFLINE".to_string(),
@@ -57,22 +62,21 @@ impl StatusContext {
             Ok(_) => "ONLINE".to_string(),
             Err(_) => "OFFLINE".to_string(),
         };
-        let stats_ping = match stats_client::ping() {
+
-            Ok(_) => "ONLINE".to_string(),
+        let uptime = match stats::uptime() {
-            Err(_) => "OFFLINE".to_string(),
+            Ok(secs) => {
-        };
+                let uptime_mins = secs / 60;
-        let uptime = match stats_client::uptime() {
+                uptime_mins.to_string()
-            Ok(mins) => mins,
+            }
             Err(_) => "Unavailable".to_string(),
         };
 
+        // parse the uptime string to a signed integer (for math)
+        let uptime_parsed = uptime.parse::<i32>().ok();
+
         // serialize disk usage data into Vec<DiskUsage>
-        let disk_usage_stats = match stats_client::disk_usage() {
+        let disk_usage_stats = match stats::disk_usage() {
-            Ok(disks) => {
+            Ok(disks) => disks,
-                let partitions: Vec<DiskUsage> = serde_json::from_str(disks.as_str())
-                    .expect("Failed to deserialize disk_usage response");
-                partitions
-            }
             Err(_) => Vec::new(),
         };
 
@@ -84,9 +88,6 @@ impl StatusContext {
             }
         }
 
-        // parse the uptime string to a signed integer (for math)
-        let uptime_parsed = uptime.parse::<i32>().ok();
-
         // dyndns_is_online & config_is_valid
         let dyndns_enabled: bool;
         let dyndns_is_online: bool;
@@ -139,7 +140,6 @@ impl StatusContext {
             mem_stats,
             network_ping,
             oled_ping,
-            stats_ping,
             dyndns_enabled,
             dyndns_is_online,
             config_is_valid,

peach-web/src/routes/status/network.rs

@@ -2,25 +2,77 @@ use rocket::{get, request::FlashMessage};
 use rocket_dyn_templates::Template;
 use serde::Serialize;
 
-use peach_lib::network_client;
+use peach_network::{
-use peach_lib::stats_client::Traffic;
+    network,
+    network::{Status, Traffic},
+};
 
 use crate::routes::authentication::Authenticated;
 
 // HELPERS AND ROUTES FOR /status/network
 
+#[derive(Debug, Serialize)]
+pub struct IfaceTraffic {
+    pub rx: u64,
+    pub rx_unit: Option<String>,
+    pub tx: u64,
+    pub tx_unit: Option<String>,
+}
+
+impl IfaceTraffic {
+    fn default() -> Self {
+        IfaceTraffic {
+            rx: 0,
+            rx_unit: None,
+            tx: 0,
+            tx_unit: None,
+        }
+    }
+}
+
+fn convert_traffic(traffic: Traffic) -> Option<IfaceTraffic> {
+    let mut t = IfaceTraffic::default();
+    // modify traffic values & assign measurement units
+    // based on received and transmitted values.
+    // if received > 999 MB, convert it to GB
+    if traffic.received > 1_047_527_424 {
+        t.rx = traffic.received / 1_073_741_824;
+        t.rx_unit = Some("GB".to_string());
+    } else if traffic.received > 0 {
+        // otherwise, convert it to MB
+        t.rx = (traffic.received / 1024) / 1024;
+        t.rx_unit = Some("MB".to_string());
+    } else {
+        t.rx = 0;
+        t.rx_unit = Some("MB".to_string());
+    }
+
+    if traffic.transmitted > 1_047_527_424 {
+        t.tx = traffic.transmitted / 1_073_741_824;
+        t.tx_unit = Some("GB".to_string());
+    } else if traffic.transmitted > 0 {
+        t.tx = (traffic.transmitted / 1024) / 1024;
+        t.tx_unit = Some("MB".to_string());
+    } else {
+        t.tx = 0;
+        t.tx_unit = Some("MB".to_string());
+    }
+
+    Some(t)
+}
+
 #[derive(Debug, Serialize)]
 pub struct NetworkContext {
     pub ap_ip: String,
     pub ap_ssid: String,
     pub ap_state: String,
-    pub ap_traffic: Option<Traffic>,
+    pub ap_traffic: Option<IfaceTraffic>,
     pub wlan_ip: String,
     pub wlan_rssi: Option<String>,
     pub wlan_ssid: String,
     pub wlan_state: String,
-    pub wlan_status: String,
+    pub wlan_status: Option<Status>,
-    pub wlan_traffic: Option<Traffic>,
+    pub wlan_traffic: Option<IfaceTraffic>,
     pub flash_name: Option<String>,
     pub flash_msg: Option<String>,
     // page title for header in navbar
@@ -31,101 +83,47 @@ pub struct NetworkContext {
 
 impl NetworkContext {
     pub fn build() -> NetworkContext {
-        let ap_ip = match network_client::ip("ap0") {
+        let ap_ip = match network::ip("ap0") {
-            Ok(ip) => ip,
+            Ok(Some(ip)) => ip,
-            Err(_) => "x.x.x.x".to_string(),
+            _ => "x.x.x.x".to_string(),
         };
-        let ap_ssid = match network_client::ssid("ap0") {
+        let ap_ssid = match network::ssid("ap0") {
-            Ok(ssid) => ssid,
+            Ok(Some(ssid)) => ssid,
-            Err(_) => "Not currently activated".to_string(),
+            _ => "Not currently activated".to_string(),
         };
-        let ap_state = match network_client::state("ap0") {
+        let ap_state = match network::state("ap0") {
-            Ok(state) => state,
+            Ok(Some(state)) => state,
-            Err(_) => "Interface unavailable".to_string(),
+            _ => "Interface unavailable".to_string(),
         };
-        let ap_traffic = match network_client::traffic("ap0") {
+        let ap_traffic = match network::traffic("ap0") {
-            Ok(traffic) => {
+            // convert bytes to mb or gb and add appropriate units
-                let mut t = traffic;
+            Ok(Some(traffic)) => convert_traffic(traffic),
-                // modify traffic values & assign measurement unit
+            _ => None,
-                // based on received and transmitted values
-                // if received > 999 MB, convert it to GB
-                if t.received > 1_047_527_424 {
-                    t.received /= 1_073_741_824;
-                    t.rx_unit = Some("GB".to_string());
-                } else if t.received > 0 {
-                    // otherwise, convert it to MB
-                    t.received = (t.received / 1024) / 1024;
-                    t.rx_unit = Some("MB".to_string());
-                } else {
-                    t.received = 0;
-                    t.rx_unit = Some("MB".to_string());
-                }
-
-                if t.transmitted > 1_047_527_424 {
-                    t.transmitted /= 1_073_741_824;
-                    t.tx_unit = Some("GB".to_string());
-                } else if t.transmitted > 0 {
-                    t.transmitted = (t.transmitted / 1024) / 1024;
-                    t.tx_unit = Some("MB".to_string());
-                } else {
-                    t.transmitted = 0;
-                    t.tx_unit = Some("MB".to_string());
-                }
-                Some(t)
-            }
-            Err(_) => None,
         };
-        let wlan_ip = match network_client::ip("wlan0") {
+        let wlan_ip = match network::ip("wlan0") {
-            Ok(ip) => ip,
+            Ok(Some(ip)) => ip,
-            Err(_) => "x.x.x.x".to_string(),
+            _ => "x.x.x.x".to_string(),
         };
-        let wlan_rssi = match network_client::rssi_percent("wlan0") {
+        let wlan_rssi = match network::rssi_percent("wlan0") {
-            Ok(rssi) => Some(rssi),
+            Ok(rssi) => rssi,
-            Err(_) => None,
+            _ => None,
         };
-        let wlan_ssid = match network_client::ssid("wlan0") {
+        let wlan_ssid = match network::ssid("wlan0") {
-            Ok(ssid) => ssid,
+            Ok(Some(ssid)) => ssid,
-            Err(_) => "Not connected".to_string(),
+            _ => "Not connected".to_string(),
         };
-        let wlan_state = match network_client::state("wlan0") {
+        let wlan_state = match network::state("wlan0") {
-            Ok(state) => state,
+            Ok(Some(state)) => state,
-            Err(_) => "Interface unavailable".to_string(),
+            _ => "Interface unavailable".to_string(),
         };
-        let wlan_status = match network_client::status("wlan0") {
+        let wlan_status = match network::status("wlan0") {
             Ok(status) => status,
-            Err(_) => "Interface unavailable".to_string(),
+            _ => None,
         };
-        let wlan_traffic = match network_client::traffic("wlan0") {
+        let wlan_traffic = match network::traffic("wlan0") {
-            Ok(traffic) => {
+            // convert bytes to mb or gb and add appropriate units
-                let mut t = traffic;
+            Ok(Some(traffic)) => convert_traffic(traffic),
-                // modify traffic values & assign measurement unit
+            _ => None,
-                // based on received and transmitted values
-                // if received > 999 MB, convert it to GB
-                if t.received > 1_047_527_424 {
-                    t.received /= 1_073_741_824;
-                    t.rx_unit = Some("GB".to_string());
-                } else if t.received > 0 {
-                    // otherwise, convert it to MB
-                    t.received = (t.received / 1024) / 1024;
-                    t.rx_unit = Some("MB".to_string());
-                } else {
-                    t.received = 0;
-                    t.rx_unit = Some("MB".to_string());
-                }
-
-                if t.transmitted > 1_047_527_424 {
-                    t.transmitted /= 1_073_741_824;
-                    t.tx_unit = Some("GB".to_string());
-                } else if t.transmitted > 0 {
-                    t.transmitted = (t.transmitted / 1024) / 1024;
-                    t.tx_unit = Some("MB".to_string());
-                } else {
-                    t.transmitted = 0;
-                    t.tx_unit = Some("MB".to_string());
-                }
-                Some(t)
-            }
-            Err(_) => None,
         };
 
         NetworkContext {

peach-web/templates/status/device.html.tera

@@ -42,11 +42,11 @@
               </div>
             </div>
             <!-- PEACH-STATS STATUS STACK -->
-            <div class="stack capsule{% if stats_ping == "ONLINE" %} success-border{% else %} warning-border{% endif %}">
+            <div class="stack capsule success-border">
-              <img id="statsIcon" class="icon{% if stats_ping == "OFFLINE" %} icon-inactive{% endif %} icon-medium" alt="Stats" title="System statistics microservice status" src="/icons/chart.svg">
+              <img id="statsIcon" class="icon icon-medium" alt="Stats" title="System statistics microservice status" src="/icons/chart.svg">
               <div class="stack" style="padding-top: 0.5rem;">
                 <label class="label-small font-near-black">Statistics</label>
-                <label class="label-small font-near-black">{{ stats_ping }}</label>
+                <label class="label-small font-near-black">AVAILABLE</label>
               </div>
             </div>
             {# Display status for dynsdns, config & sbot #}