Feature/start tunnel (#3037)

* fix live-build resolv.conf

* improved debuggability

* wip: start-tunnel

* fixes for trixie and tor

* non-free-firmware on trixie

* wip

* web server WIP

* wip: tls refactor

* FE patchdb, mocks, and most endpoints

* fix editing records and patch mocks

* refactor complete

* finish api

* build and formatter update

* minor change toi viewing addresses and fix build

* fixes

* more providers

* endpoint for getting config

* fix tests

* api fixes

* wip: separate port forward controller into parts

* simplify iptables rules

* bump sdk

* misc fixes

* predict next subnet and ip, use wan ips, and form validation

* refactor: break big components apart and address todos (#3043)

* refactor: break big components apart and address todos

* starttunnel readme, fix pf mocks, fix adding tor domain in startos

---------

Co-authored-by: Matt Hill <mattnine@protonmail.com>

* better tui

* tui tweaks

* fix: address comments

* better regex for subnet

* fixes

* better validation

* handle rpc errors

* build fixes

* fix: address comments (#3044)

* fix: address comments

* fix unread notification mocks

* fix row click for notification

---------

Co-authored-by: Matt Hill <mattnine@protonmail.com>

* fix raspi build

* fix build

* fix build

* fix build

* fix build

* try to fix build

* fix tests

* fix tests

* fix rsync tests

* delete useless effectful test

---------

Co-authored-by: Matt Hill <mattnine@protonmail.com>
Co-authored-by: Alex Inkin <alexander@inkin.ru>

sdk/base/lib/osBindings/NetworkInterfaceType.ts

@@ -1,3 +1,8 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type NetworkInterfaceType = "ethernet" | "wireless" | "wireguard"
+export type NetworkInterfaceType =
+  | "ethernet"
+  | "wireless"
+  | "bridge"
+  | "wireguard"
+  | "loopback"

sdk/base/lib/osBindings/SignerInfo.ts

@@ -1,9 +1,3 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { AnyVerifyingKey } from "./AnyVerifyingKey"
-import type { ContactInfo } from "./ContactInfo"
 
-export type SignerInfo = {
-  name: string
-  contact: Array<ContactInfo>
-  keys: Array<AnyVerifyingKey>
-}
+export type SignerInfo = { name: string }

sdk/base/lib/osBindings/TestSmtpParams.ts

@@ -6,5 +6,5 @@ export type TestSmtpParams = {
   from: string
   to: string
   login: string
-  password: string | null
+  password: string
 }

sdk/base/lib/osBindings/tunnel/AnyVerifyingKey.ts

@@ -0,0 +1,3 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type AnyVerifyingKey = string

sdk/base/lib/osBindings/tunnel/Base64.ts

@@ -0,0 +1,3 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type Base64 = string

sdk/base/lib/osBindings/tunnel/Pem.ts

@@ -0,0 +1,3 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type Pem = string

sdk/base/lib/osBindings/tunnel/PortForwards.ts

@@ -0,0 +1,3 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type PortForwards = { [key: string]: string }

sdk/base/lib/osBindings/tunnel/Session.ts

@@ -0,0 +1,7 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type Session = {
+  loggedIn: string
+  lastActive: string
+  userAgent: string | null
+}

sdk/base/lib/osBindings/tunnel/Sessions.ts

@@ -0,0 +1,4 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { Session } from "./Session"
+
+export type Sessions = { [key: string]: Session }

sdk/base/lib/osBindings/tunnel/SignerInfo.ts

@@ -0,0 +1,3 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type SignerInfo = { name: string }

sdk/base/lib/osBindings/tunnel/TunnelCertData.ts

@@ -0,0 +1,4 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { Pem } from "./Pem"
+
+export type TunnelCertData = { key: Pem; cert: Pem }

sdk/base/lib/osBindings/tunnel/TunnelDatabase.ts

@@ -0,0 +1,17 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { AnyVerifyingKey } from "./AnyVerifyingKey"
+import type { PortForwards } from "./PortForwards"
+import type { Sessions } from "./Sessions"
+import type { SignerInfo } from "./SignerInfo"
+import type { WebserverInfo } from "./WebserverInfo"
+import type { WgServer } from "./WgServer"
+
+export type TunnelDatabase = {
+  webserver: WebserverInfo
+  sessions: Sessions
+  password: string | null
+  authPubkeys: { [key: AnyVerifyingKey]: SignerInfo }
+  gateways: { [key: AnyVerifyingKey]: SignerInfo }
+  wg: WgServer
+  portForwards: PortForwards
+}

sdk/base/lib/osBindings/tunnel/WebserverInfo.ts

@@ -0,0 +1,8 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { TunnelCertData } from "./TunnelCertData"
+
+export type WebserverInfo = {
+  enabled: boolean
+  listen: string | null
+  certificate: TunnelCertData | null
+}

sdk/base/lib/osBindings/tunnel/WgConfig.ts

@@ -0,0 +1,4 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { Base64 } from "./Base64"
+
+export type WgConfig = { name: string; key: Base64; psk: Base64 }

sdk/base/lib/osBindings/tunnel/WgServer.ts

@@ -0,0 +1,5 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { Base64 } from "./Base64"
+import type { WgSubnetMap } from "./WgSubnetMap"
+
+export type WgServer = { port: number; key: Base64; subnets: WgSubnetMap }

sdk/base/lib/osBindings/tunnel/WgSubnetClients.ts

@@ -0,0 +1,4 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { WgConfig } from "./WgConfig"
+
+export type WgSubnetClients = { [key: string]: WgConfig }

sdk/base/lib/osBindings/tunnel/WgSubnetConfig.ts

@@ -0,0 +1,4 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { WgSubnetClients } from "./WgSubnetClients"
+
+export type WgSubnetConfig = { name: string; clients: WgSubnetClients }

sdk/base/lib/osBindings/tunnel/WgSubnetMap.ts

@@ -0,0 +1,4 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { WgSubnetConfig } from "./WgSubnetConfig"
+
+export type WgSubnetMap = { [key: string]: WgSubnetConfig }

sdk/base/lib/util/getServiceInterface.ts

@@ -168,12 +168,12 @@ export const addressHostToUrl = (
     }${hostname}${excludePort ? "" : `:${port}`}${suffix}`
   }
   let url = null
-  if (hostname.hostname.sslPort !== null) {
-    url = fmt(sslScheme, hostname, hostname.hostname.sslPort)
+  if (hostname.hostname.port !== null) {
+    url = fmt(scheme, hostname, hostname.hostname.port)
   }
   let sslUrl = null
-  if (hostname.hostname.port !== null) {
-    sslUrl = fmt(scheme, hostname, hostname.hostname.port)
+  if (hostname.hostname.sslPort !== null) {
+    sslUrl = fmt(sslScheme, hostname, hostname.hostname.sslPort)
   }
 
   return { url, sslUrl }

sdk/base/lib/util/ip.ts

@@ -1,15 +1,19 @@
 export class IpAddress {
-  readonly octets: number[]
-  constructor(readonly address: string) {
+  protected constructor(
+    readonly octets: number[],
+    readonly address: string,
+  ) {}
+  static parse(address: string): IpAddress {
+    let octets
     if (address.includes(":")) {
-      this.octets = new Array(16).fill(0)
+      octets = new Array(16).fill(0)
       const segs = address.split(":")
       let idx = 0
       let octIdx = 0
       while (segs[idx]) {
         const num = parseInt(segs[idx], 16)
-        this.octets[octIdx++] = num >> 8
-        this.octets[octIdx++] = num & 255
+        octets[octIdx++] = num >> 8
+        octets[octIdx++] = num & 255
         idx += 1
       }
       const lastSegIdx = segs.length - 1
@@ -18,21 +22,46 @@ export class IpAddress {
         octIdx = 15
         while (segs[idx]) {
           const num = parseInt(segs[idx], 16)
-          this.octets[octIdx--] = num & 255
-          this.octets[octIdx--] = num >> 8
+          octets[octIdx--] = num & 255
+          octets[octIdx--] = num >> 8
           idx -= 1
         }
       }
     } else {
-      this.octets = address.split(".").map(Number)
-      if (this.octets.length !== 4) throw new Error("invalid ipv4 address")
+      octets = address.split(".").map(Number)
+      if (octets.length !== 4) throw new Error("invalid ipv4 address")
     }
-    if (this.octets.some((o) => o >= 256)) {
+    if (octets.some((o) => isNaN(o) || o > 255)) {
       throw new Error("invalid ip address")
     }
+    return new IpAddress(octets, address)
   }
-  static parse(address: string): IpAddress {
-    return new IpAddress(address)
+  static fromOctets(octets: number[]) {
+    if (octets.length == 4) {
+      if (octets.some((o) => o > 255)) {
+        throw new Error("invalid ip address")
+      }
+      return new IpAddress(octets, octets.join("."))
+    } else if (octets.length == 16) {
+      if (octets.some((o) => o > 255)) {
+        throw new Error("invalid ip address")
+      }
+      let pre = octets.slice(0, 8)
+      while (pre[pre.length - 1] == 0) {
+        pre.pop()
+      }
+      let post = octets.slice(8)
+      while (post[0] == 0) {
+        post.unshift()
+      }
+      if (pre.length + post.length == 16) {
+        return new IpAddress(octets, octets.join(":"))
+      } else {
+        return new IpAddress(octets, pre.join(":") + "::" + post.join(":"))
+      }
+    } else {
+      throw new Error("invalid ip address")
+    }
   }
   isIpv4(): boolean {
     return this.octets.length === 4
@@ -43,20 +72,79 @@ export class IpAddress {
   isPublic(): boolean {
     return this.isIpv4() && !PRIVATE_IPV4_RANGES.some((r) => r.contains(this))
   }
+  add(n: number): IpAddress {
+    let octets = [...this.octets]
+    n = Math.floor(n)
+    for (let i = octets.length - 1; i >= 0; i--) {
+      octets[i] += n
+      if (octets[i] > 255) {
+        n = octets[i] >> 8
+        octets[i] &= 255
+      } else {
+        break
+      }
+    }
+    if (octets[0] > 255) {
+      throw new Error("overflow incrementing ip")
+    }
+    return IpAddress.fromOctets(octets)
+  }
+  sub(n: number): IpAddress {
+    let octets = [...this.octets]
+    n = Math.floor(n)
+    for (let i = octets.length - 1; i >= 0; i--) {
+      octets[i] -= n
+      if (octets[i] < 0) {
+        n = Math.ceil(Math.abs(octets[i]) / 256)
+        octets[i] = ((octets[i] % 256) + 256) % 256
+      } else {
+        break
+      }
+    }
+    if (octets[0] < 0) {
+      throw new Error("underflow decrementing ip")
+    }
+    return IpAddress.fromOctets(octets)
+  }
+  cmp(other: string | IpAddress): -1 | 0 | 1 {
+    if (typeof other === "string") other = IpAddress.parse(other)
+    const len = Math.max(this.octets.length, other.octets.length)
+    for (let i = 0; i < len; i++) {
+      const left = this.octets[i] || 0
+      const right = other.octets[i] || 0
+      if (left > right) {
+        return 1
+      } else if (left < right) {
+        return -1
+      }
+    }
+    return 0
+  }
 }
 
 export class IpNet extends IpAddress {
-  readonly prefix
-  constructor(readonly ipnet: string) {
-    const [address, prefixStr] = ipnet.split("/", 2)
-    super(address)
-    this.prefix = Number(prefixStr)
+  private constructor(
+    octets: number[],
+    readonly prefix: number,
+    address: string,
+    readonly ipnet: string,
+  ) {
+    super(octets, address)
+  }
+  static fromIpPrefix(ip: IpAddress, prefix: number): IpNet {
+    if (prefix > ip.octets.length * 8) {
+      throw new Error("invalid prefix")
+    }
+    return new IpNet(ip.octets, prefix, ip.address, `${ip.address}/${prefix}`)
   }
   static parse(ipnet: string): IpNet {
-    return new IpNet(ipnet)
+    const [address, prefixStr] = ipnet.split("/", 2)
+    const ip = IpAddress.parse(address)
+    const prefix = Number(prefixStr)
+    return IpNet.fromIpPrefix(ip, prefix)
   }
   contains(address: string | IpAddress): boolean {
-    if (typeof address === "string") address = new IpAddress(address)
+    if (typeof address === "string") address = IpAddress.parse(address)
     if (this.octets.length !== address.octets.length) return false
     let prefix = this.prefix
     let idx = 0
@@ -68,18 +156,52 @@ export class IpNet extends IpAddress {
       prefix -= 8
     }
     if (prefix === 0 || idx >= this.octets.length) return true
-    const mask = 255 << prefix
+    const mask = 255 ^ (255 >> prefix)
     return (this.octets[idx] & mask) === (address.octets[idx] & mask)
   }
+  zero(): IpAddress {
+    let octets: number[] = []
+    let prefix = this.prefix
+    for (let idx = 0; idx < this.octets.length; idx++) {
+      if (prefix >= 8) {
+        octets[idx] = this.octets[idx]
+        prefix -= 8
+      } else {
+        const mask = 255 ^ (255 >> prefix)
+        octets[idx] = this.octets[idx] & mask
+        prefix = 0
+      }
+    }
+
+    return IpAddress.fromOctets(octets)
+  }
+  broadcast(): IpAddress {
+    let octets: number[] = []
+    let prefix = this.prefix
+    for (let idx = 0; idx < this.octets.length; idx++) {
+      if (prefix >= 8) {
+        octets[idx] = this.octets[idx]
+        prefix -= 8
+      } else {
+        const mask = 255 >> prefix
+        octets[idx] = this.octets[idx] | mask
+        prefix = 0
+      }
+    }
+
+    return IpAddress.fromOctets(octets)
+  }
 }
 
 export const PRIVATE_IPV4_RANGES = [
-  new IpNet("127.0.0.0/8"),
-  new IpNet("10.0.0.0/8"),
-  new IpNet("172.16.0.0/12"),
-  new IpNet("192.168.0.0/16"),
+  IpNet.parse("127.0.0.0/8"),
+  IpNet.parse("10.0.0.0/8"),
+  IpNet.parse("172.16.0.0/12"),
+  IpNet.parse("192.168.0.0/16"),
 ]
 
-export const IPV6_LINK_LOCAL = new IpNet("fe80::/10")
+export const IPV4_LOOPBACK = IpNet.parse("127.0.0.0/8")
+export const IPV6_LOOPBACK = IpNet.parse("::1/128")
+export const IPV6_LINK_LOCAL = IpNet.parse("fe80::/10")
 
-export const CGNAT = new IpNet("100.64.0.0/10")
+export const CGNAT = IpNet.parse("100.64.0.0/10")