From 98895b299538922541be8b4172dee101471f429e Mon Sep 17 00:00:00 2001 From: Mark Randall Havens Date: Fri, 13 Jun 2025 01:07:12 -0500 Subject: [PATCH] test --- bin/gitfield-netmon | 192 +++++++++++++++++++++++++++++++------------- test | 0 2 files changed, 136 insertions(+), 56 deletions(-) create mode 100644 test diff --git a/bin/gitfield-netmon b/bin/gitfield-netmon index b65d4b6..aca9c51 100755 --- a/bin/gitfield-netmon +++ b/bin/gitfield-netmon @@ -1,5 +1,5 @@ #!/bin/bash -set -euo pipefail +set -eo pipefail IFS=$'\n\t' # Configuration @@ -15,60 +15,148 @@ MARKDOWN_FILE="$REPO_ROOT/.gitfield/gogs.sigil.md" DEFAULT_NAME="Mark Randall Havens" DEFAULT_EMAIL="mark.r.havens@gmail.com" TOKEN_FILE="$HOME/.gitfield_token_gogs" +CLOUDFLARED_TOKEN_FILE="$HOME/.cloudflared/gogs_tunnel_token" SSH_KEY="$HOME/.ssh/id_ed25519" -SCRIPT_VERSION="1.2" +SSH_CONFIG_FILE="$HOME/.ssh/config" +SCRIPT_VERSION="1.5" # Logging functions -info() { echo -e "\e[1;34m[INFO]\e[0m $*"; } -warn() { echo -e "\e[1;33m[WARN]\e[0m $*"; } -error() { echo -e "\e[1;31m[ERROR]\e[0m $*" >&2; exit 1; } +info() { echo -e "\e[1;34m[INFO]\e[0m ${*:-}"; } +warn() { echo -e "\e[1;33m[WARN]\e[0m ${*:-}"; } +error() { echo -e "\e[1;31m[ERROR]\e[0m ${*:-}" >&2; exit 1; } # Check for required tools info "Checking for required tools..." -for cmd in git curl jq ssh; do +for cmd in git curl jq ssh timeout; do command -v "$cmd" >/dev/null || { sudo apt update -qq || warn "Failed to update package lists, continuing..." - sudo apt install -y git curl jq openssh-client || error "Failed to install $cmd" + sudo apt install -y git curl jq openssh-client timeout || error "Failed to install $cmd" } done -# Handle authentication +# Install cloudflared if not present +if ! command -v cloudflared >/dev/null; then + info "Installing cloudflared..." + sudo apt update -qq || warn "Failed to update package lists, continuing..." + sudo apt install -y wget || error "Failed to install wget" + ARCH=$(uname -m) + case "$ARCH" in + x86_64) CLOUDFLARED_URL="https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64" ;; + arm*) CLOUDFLARED_URL="https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm" ;; + *) error "Unsupported architecture: $ARCH" ;; + esac + wget -q "$CLOUDFLARED_URL" -O /tmp/cloudflared || error "Failed to download cloudflared" + sudo mv /tmp/cloudflared /usr/local/bin/cloudflared || error "Failed to install cloudflared" + sudo chmod +x /usr/local/bin/cloudflared || error "Failed to set cloudflared permissions" + info "cloudflared installed successfully." +fi + +# Handle GOGS token RESET_AUTH=false if [[ "${1:-}" == "--reset-auth" ]]; then RESET_AUTH=true - rm -f "$TOKEN_FILE" 2>/dev/null || warn "Failed to remove token file" + rm -f "$TOKEN_FILE" "$CLOUDFLARED_TOKEN_FILE" 2>/dev/null || warn "Failed to remove auth files" info "Authentication reset requested." fi -# Token-based authentication if [[ -f "$TOKEN_FILE" && "$RESET_AUTH" == false ]]; then TOKEN=$(cat "$TOKEN_FILE" 2>/dev/null) || error "Failed to read token from $TOKEN_FILE" - info "Using cached token from $TOKEN_FILE" + info "Using cached GOGS token from $TOKEN_FILE" else info "GOGS token required." echo "🔐 Generate a token at https://$GOGS_DOMAIN/user/settings/applications (scopes: write:repository, write:ssh_key)" echo "🔐 Paste your GOGS Personal Access Token (will not be echoed):" read -rsp "Token: " TOKEN echo - [[ -z "$TOKEN" ]] && error "Token cannot be empty" + [[ -z "$TOKEN" ]] && error "GOGS token cannot be empty" echo "$TOKEN" > "$TOKEN_FILE" || error "Failed to write token to $TOKEN_FILE" chmod 600 "$TOKEN_FILE" || error "Failed to set permissions on $TOKEN_FILE" - info "Token saved at $TOKEN_FILE" + info "GOGS token saved at $TOKEN_FILE" fi -# Verify token -info "Verifying token..." +# Verify GOGS token +info "Verifying GOGS token..." TOKEN_TEST=$(curl -k -s -H "Authorization: token $TOKEN" "$GOGS_API/user" | jq -r .login 2>/dev/null || echo "") if [[ "$TOKEN_TEST" != "$USERNAME" ]]; then - warn "Token verification failed. Please generate a new token at https://$GOGS_DOMAIN/user/settings/applications" + warn "GOGS token verification failed. Please generate a new token at https://$GOGS_DOMAIN/user/settings/applications" rm -f "$TOKEN_FILE" echo "🔐 Paste your GOGS Personal Access Token (will not be echoed):" read -rsp "Token: " TOKEN echo - [[ -z "$TOKEN" ]] && error "Token cannot be empty" + [[ -z "$TOKEN" ]] && error "GOGS token cannot be empty" echo "$TOKEN" > "$TOKEN_FILE" || error "Failed to write token to $TOKEN_FILE" chmod 600 "$TOKEN_FILE" || error "Failed to set permissions on $TOKEN_FILE" - info "Token saved at $TOKEN_FILE" + info "GOGS token saved at $TOKEN_FILE" +fi + +# Handle Cloudflare Tunnel token +if [[ -f "$CLOUDFLARED_TOKEN_FILE" && "$RESET_AUTH" == false ]]; then + CLOUDFLARED_TOKEN=$(cat "$CLOUDFLARED_TOKEN_FILE" 2>/dev/null) || error "Failed to read Cloudflare Tunnel token from $CLOUDFLARED_TOKEN_FILE" + info "Using cached Cloudflare Tunnel token from $CLOUDFLARED_TOKEN_FILE" +else + info "Cloudflare Tunnel token required." + echo "🔐 Follow these steps to generate a Cloudflare Tunnel token:" + echo " 1. Log into Cloudflare Zero Trust: https://dash.teams.cloudflare.com" + echo " 2. Navigate to Access > Tunnels." + echo " 3. Click 'Create a tunnel', select 'Cloudflared' connector, and name it (e.g., 'gogs-ssh-tunnel')." + echo " 4. Copy the token (starts with 'eyJ') from the 'Connect an application' step." + echo " 5. In Public Hostnames, add 'netmon.thefoldwithin.earth' (or a subdomain), set Service to 'SSH', and URL to 'localhost:22'." + echo " 6. Ensure the tunnel is running on your Raspberry Pi (see: https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/install-and-setup/tunnel-guide/)" + echo "🔐 Paste your Cloudflare Tunnel token (will not be echoed):" + read -rsp "Token: " CLOUDFLARED_TOKEN + echo + [[ -z "$CLOUDFLARED_TOKEN" ]] && error "Cloudflare Tunnel token cannot be empty" + [[ ! "$CLOUDFLARED_TOKEN" =~ ^eyJ ]] && warn "Cloudflare Tunnel token does not start with 'eyJ'. It may be invalid." + mkdir -p "$(dirname "$CLOUDFLARED_TOKEN_FILE")" || error "Failed to create .cloudflared directory" + echo "$CLOUDFLARED_TOKEN" > "$CLOUDFLARED_TOKEN_FILE" || error "Failed to write token to $CLOUDFLARED_TOKEN_FILE" + chmod 600 "$CLOUDFLARED_TOKEN_FILE" || error "Failed to set permissions on $CLOUDFLARED_TOKEN_FILE" + info "Cloudflare Tunnel token saved at $CLOUDFLARED_TOKEN_FILE" +fi + +# Validate Cloudflare Tunnel token +info "Validating Cloudflare Tunnel token..." +CLOUDFLARED_TEST=$(timeout 10s cloudflared tunnel --no-autoupdate info --token "$CLOUDFLARED_TOKEN" 2>&1 || echo "Timeout or error") +if echo "$CLOUDFLARED_TEST" | grep -qi "error"; then + warn "Cloudflare Tunnel token validation failed: $CLOUDFLARED_TEST" + rm -f "$CLOUDFLARED_TOKEN_FILE" + echo "🔐 Follow the steps above or visit https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/install-and-setup/tunnel-guide/" + echo "🔐 Paste your Cloudflare Tunnel token (will not be echoed):" + read -rsp "Token: " CLOUDFLARED_TOKEN + echo + [[ -z "$CLOUDFLARED_TOKEN" ]] && error "Cloudflare Tunnel token cannot be empty" + [[ ! "$CLOUDFLARED_TOKEN" =~ ^eyJ ]] && warn "Cloudflare Tunnel token does not start with 'eyJ'. It may be invalid." + echo "$CLOUDFLARED_TOKEN" > "$CLOUDFLARED_TOKEN_FILE" || error "Failed to write token to $CLOUDFLARED_TOKEN_FILE" + chmod 600 "$CLOUDFLARED_TOKEN_FILE" || error "Failed to set permissions on $CLOUDFLARED_TOKEN_FILE" + info "Cloudflare Tunnel token saved at $CLOUDFLARED_TOKEN_FILE" +fi + +# Configure Cloudflare Tunnel +info "Configuring Cloudflare Tunnel for SSH..." +killall cloudflared 2>/dev/null || true +timeout 10s cloudflared tunnel --no-autoupdate run --token "$CLOUDFLARED_TOKEN" --loglevel error >/dev/null 2>&1 & sleep 2 +if ! pgrep -f "cloudflared.*$CLOUDFLARED_TOKEN" >/dev/null; then + warn "Failed to start Cloudflare Tunnel. Falling back to HTTPS..." + USE_HTTPS=true +else + info "Cloudflare Tunnel running." +fi + +# Configure SSH with Cloudflare Tunnel +if ! grep -q "Host $GOGS_DOMAIN" "$SSH_CONFIG_FILE" 2>/dev/null; then + info "Configuring SSH with Cloudflare Tunnel..." + mkdir -p "$(dirname "$SSH_CONFIG_FILE")" && chmod 700 "$(dirname "$SSH_CONFIG_FILE")" + cat >> "$SSH_CONFIG_FILE" </dev/null 2>&1 || error "Failed to start ssh-agent" ssh-add "$SSH_KEY" >/dev/null 2>&1 || warn "SSH key already added or could not be added" -# Configure SSH -SSH_CONFIG_FILE="$HOME/.ssh/config" -if ! grep -q "Host $GOGS_DOMAIN" "$SSH_CONFIG_FILE" 2>/dev/null; then - mkdir -p "$HOME/.ssh" && chmod 700 "$HOME/.ssh" - cat >> "$SSH_CONFIG_FILE" <&1) -if ! echo "$SSH_TEST_OUTPUT" | grep -q "success"; then - warn "SSH test failed, uploading SSH key..." - PUBKEY=$(cat "${SSH_KEY}.pub" 2>/dev/null) || error "Failed to read SSH public key" - TITLE="AutoKey-$(hostname)-$(date +%s)" - CURL_OUTPUT=$(curl -k -s --fail -X POST "$GOGS_API/user/keys" \ - -H "Authorization: token $TOKEN" \ - -H "Content-Type: application/json" \ - -d "{\"title\": \"$TITLE\", \"key\": \"$PUBKEY\"}" 2>&1) - if [[ $? -ne 0 ]]; then - warn "SSH key upload failed: $CURL_OUTPUT" +if [[ "$USE_HTTPS" != true ]]; then + info "Testing SSH connection..." + SSH_TEST_OUTPUT=$(timeout 10s ssh -T -p "$GOGS_SSH_PORT" "$GOGS_SSH" 2>&1 || echo "Timeout or error") + if ! echo "$SSH_TEST_OUTPUT" | grep -q "success"; then + warn "SSH test failed: $SSH_TEST_OUTPUT" + info "Uploading SSH key to GOGS..." + PUBKEY=$(cat "${SSH_KEY}.pub" 2>/dev/null) || error "Failed to read SSH public key" + TITLE="AutoKey-$(hostname)-$(date +%s)" + CURL_OUTPUT=$(curl -k -s --fail -X POST "$GOGS_API/user/keys" \ + -H "Authorization: token $TOKEN" \ + -H "Content-Type: application/json" \ + -d "{\"title\": \"$TITLE\", \"key\": \"$PUBKEY\"}" 2>&1) + if [[ $? -ne 0 ]]; then + warn "SSH key upload failed: $CURL_OUTPUT" + USE_HTTPS=true + else + info "SSH key uploaded successfully." + sleep 2 + SSH_TEST_OUTPUT=$(timeout 10s ssh -T -p "$GOGS_SSH_PORT" "$GOGS_SSH" 2>&1 || echo "Timeout or error") + if ! echo "$SSH_TEST_OUTPUT" | grep -q "success"; then + warn "SSH test still failing: $SSH_TEST_OUTPUT" + USE_HTTPS=true + else + info "SSH test passed: $SSH_TEST_OUTPUT" + fi + fi else - info "SSH key uploaded successfully." - sleep 2 - SSH_TEST_OUTPUT=$(ssh -T -p "$GOGS_SSH_PORT" "$GOGS_SSH" 2>&1) - [[ ! "$SSH_TEST_OUTPUT" =~ "success" ]] && warn "SSH test still failing: $SSH_TEST_OUTPUT" + info "SSH test passed: $SSH_TEST_OUTPUT" fi else - info "SSH test passed: $SSH_TEST_OUTPUT" + warn "Skipping SSH test due to HTTPS fallback." fi # Fallback to HTTPS if SSH fails -USE_HTTPS=false -if ! ssh -T -p "$GOGS_SSH_PORT" "$GOGS_SSH" 2>&1 | grep -q "success"; then - warn "SSH authentication failed, falling back to HTTPS..." - USE_HTTPS=true +if [[ "$USE_HTTPS" == true ]]; then + warn "Using HTTPS due to SSH failure." git config --global credential.helper store echo "https://$USERNAME:$TOKEN@$GOGS_DOMAIN" > "$HOME/.git-credentials" || error "Failed to write git credentials" chmod 600 "$HOME/.git-credentials" || error "Failed to set permissions on git credentials" diff --git a/test b/test new file mode 100644 index 0000000..e69de29