restructure project

.gitignore

@@ -1,4 +1,5 @@
 config.json
 nftables.conf
 go.work
-bin/*
+nfsense
+nfsense.exe

cmd/api.go

@@ -1,11 +0,0 @@
-package main
-
-import (
-	"nfsense.net/nfsense/api/firewall"
-	"nfsense.net/nfsense/pkg/definitions"
-	"nfsense.net/nfsense/pkg/jsonrpc"
-)
-
-func RegisterAPIMethods(apiHandler *jsonrpc.Handler, conf *definitions.Config) {
-	apiHandler.Register("Firewall", &firewall.Firewall{Conf: conf})
-}

cmd/apply.go

@@ -1,23 +0,0 @@
-package main
-
-import (
-	"fmt"
-
-	"golang.org/x/exp/slog"
-	"nfsense.net/nfsense/pkg/definitions"
-	"nfsense.net/nfsense/pkg/nftables"
-)
-
-func apply(conf *definitions.Config) error {
-	fileContent, err := nftables.GenerateNfTablesFile(*conf)
-	if err != nil {
-		return fmt.Errorf("Generating nftables file %w", err)
-	}
-
-	err = nftables.ApplyNfTablesFile(fileContent)
-	if err != nil {
-		return fmt.Errorf("Applying nftables %w", err)
-	}
-	slog.Info("Wrote nftables File!")
-	return nil
-}

cmd/config.go

@@ -1,26 +0,0 @@
-package main
-
-import (
-	"encoding/json"
-	"fmt"
-	"os"
-
-	"nfsense.net/nfsense/pkg/definitions"
-)
-
-func LoadConfiguration(file string) (*definitions.Config, error) {
-	var config definitions.Config
-	configFile, err := os.Open(file)
-	if err != nil {
-		return nil, fmt.Errorf("opening Config File %w", err)
-	}
-	defer configFile.Close()
-
-	jsonParser := json.NewDecoder(configFile)
-	jsonParser.DisallowUnknownFields()
-	err = jsonParser.Decode(&config)
-	if err != nil {
-		return nil, fmt.Errorf("decoding Config File %w", err)
-	}
-	return &config, nil
-}

internal/api/firewall/addresses.go

@@ -3,7 +3,7 @@ package firewall
 import (
 	"context"
 
-	"nfsense.net/nfsense/pkg/definitions"
+	"nfsense.net/nfsense/internal/definitions"
 )
 
 type GetAddressesParameters struct {

internal/api/firewall/destination_nat_rules.go

@@ -3,7 +3,7 @@ package firewall
 import (
 	"context"
 
-	"nfsense.net/nfsense/pkg/definitions"
+	"nfsense.net/nfsense/internal/definitions"
 )
 
 type GetDestinationNATRulesParameters struct {

internal/api/firewall/firewall.go

@@ -1,7 +1,7 @@
 package firewall
 
 import (
-	"nfsense.net/nfsense/pkg/definitions"
+	"nfsense.net/nfsense/internal/definitions"
 )
 
 type Firewall struct {

internal/api/firewall/forward_rules.go

@@ -3,7 +3,7 @@ package firewall
 import (
 	"context"
 
-	"nfsense.net/nfsense/pkg/definitions"
+	"nfsense.net/nfsense/internal/definitions"
 )
 
 type GetForwardRulesParameters struct {

internal/api/firewall/services.go

@@ -3,7 +3,7 @@ package firewall
 import (
 	"context"
 
-	"nfsense.net/nfsense/pkg/definitions"
+	"nfsense.net/nfsense/internal/definitions"
 )
 
 type GetServicesParameters struct {

internal/api/firewall/source_nat_rules.go

@@ -3,7 +3,7 @@ package firewall
 import (
 	"context"
 
-	"nfsense.net/nfsense/pkg/definitions"
+	"nfsense.net/nfsense/internal/definitions"
 )
 
 type GetSourceNATRulesParameters struct {

internal/jsonrpc/handler.go

@@ -10,7 +10,7 @@ import (
 	"runtime/debug"
 
 	"golang.org/x/exp/slog"
-	"nfsense.net/nfsense/pkg/session"
+	"nfsense.net/nfsense/internal/session"
 )
 
 type Handler struct {

internal/nftables/config.go

@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"os"
 
-	"nfsense.net/nfsense/pkg/definitions"
+	"nfsense.net/nfsense/internal/definitions"
 )
 
 func GenerateNfTablesFile(conf definitions.Config) (string, error) {

internal/nftables/match.go

@@ -3,8 +3,8 @@ package nftables
 import (
 	"fmt"
 
-	"nfsense.net/nfsense/pkg/definitions"
+	"nfsense.net/nfsense/internal/definitions"
-	"nfsense.net/nfsense/pkg/util"
+	"nfsense.net/nfsense/internal/util"
 )
 
 func GenerateMatcher(services map[string]definitions.Service, addresses map[string]definitions.Address, match definitions.Match) (string, error) {

internal/server/api.go

@@ -8,7 +8,7 @@ import (
 	"time"
 
 	"golang.org/x/exp/slog"
-	"nfsense.net/nfsense/pkg/session"
+	"nfsense.net/nfsense/internal/session"
 )
 
 func HandleAPI(w http.ResponseWriter, r *http.Request) {

internal/server/server.go

@@ -8,9 +8,9 @@ import (
 
 	"golang.org/x/exp/slog"
 
-	"nfsense.net/nfsense/pkg/definitions"
+	"nfsense.net/nfsense/internal/definitions"
-	"nfsense.net/nfsense/pkg/jsonrpc"
+	"nfsense.net/nfsense/internal/jsonrpc"
-	"nfsense.net/nfsense/pkg/session"
+	"nfsense.net/nfsense/internal/session"
 )
 
 var server http.Server

internal/server/session.go

@@ -7,7 +7,7 @@ import (
 	"time"
 
 	"golang.org/x/exp/slog"
-	"nfsense.net/nfsense/pkg/session"
+	"nfsense.net/nfsense/internal/session"
 )
 
 type LoginRequest struct {

internal/server/websocket.go

@@ -9,7 +9,7 @@ import (
 	"time"
 
 	"golang.org/x/exp/slog"
-	"nfsense.net/nfsense/pkg/session"
+	"nfsense.net/nfsense/internal/session"
 	"nhooyr.io/websocket"
 )
 

internal/session/session.go

@@ -0,0 +1,93 @@
+package session
+
+import (
+	"net/http"
+	"runtime/debug"
+	"sync"
+	"time"
+
+	"github.com/google/uuid"
+)
+
+type SessionKeyType string
+
+const SessionKey SessionKeyType = "session"
+const SessionCookieName string = "session"
+
+type Session struct {
+	Username string
+	Expires  time.Time
+	// TODO Add []websocket.Conn pointer to close all active websockets, alternativly do this via context cancelation
+}
+
+type SessionResponse struct {
+	CommitHash string `json:"commit_hash"`
+}
+
+var sessionsSync sync.Mutex
+var sessions map[string]*Session = map[string]*Session{}
+
+var CommitHash = func() string {
+	if info, ok := debug.ReadBuildInfo(); ok {
+		for _, setting := range info.Settings {
+			if setting.Key == "vcs.revision" {
+				return setting.Value
+			}
+		}
+	}
+	return "asd"
+}()
+
+func ExtendSession(s *Session) {
+	sessionsSync.Lock()
+	defer sessionsSync.Unlock()
+	if s != nil {
+		s.Expires = time.Now().Add(time.Minute * 5)
+	}
+}
+
+func GetSession(r *http.Request) (string, *Session) {
+	c, err := r.Cookie("session")
+	if err != nil {
+		return "", nil
+	}
+	s, ok := sessions[c.Value]
+	if ok {
+		return c.Value, s
+	}
+	return "", nil
+}
+
+func GenerateSession(w http.ResponseWriter, username string) {
+	id := uuid.New().String()
+	expires := time.Now().Add(time.Minute * 5)
+	sessionsSync.Lock()
+	defer sessionsSync.Unlock()
+	sessions[id] = &Session{
+		Username: username,
+		Expires:  expires,
+	}
+	http.SetCookie(w, &http.Cookie{Name: SessionCookieName, HttpOnly: true, SameSite: http.SameSiteStrictMode, Value: id, Expires: expires})
+}
+
+func CleanupSessions(stop chan struct{}) {
+	tick := time.NewTicker(time.Minute)
+	for {
+		select {
+		case <-tick.C:
+			ids := []string{}
+			sessionsSync.Lock()
+			for id, s := range sessions {
+				if time.Now().After(s.Expires) {
+					ids = append(ids, id)
+				}
+			}
+			for _, id := range ids {
+				delete(sessions, id)
+			}
+			sessionsSync.Unlock()
+		case <-stop:
+			return
+		}
+	}
+}

internal/util/address.go

@@ -1,6 +1,6 @@
 package util
 
-import "nfsense.net/nfsense/pkg/definitions"
+import "nfsense.net/nfsense/internal/definitions"
 
 // ResolveBaseAddresses Resolves all groups to their base Addresses
 func ResolveBaseAddresses(allAddresses map[string]definitions.Address, addressNames []string) []definitions.Address {

internal/util/service.go

@@ -1,6 +1,6 @@
 package util
 
-import "nfsense.net/nfsense/pkg/definitions"
+import "nfsense.net/nfsense/internal/definitions"
 
 // ResolveBaseServices Resolves all groups to their base Services
 func ResolveBaseServices(allServices map[string]definitions.Service, serviceNames []string) []definitions.Service {

main.go

@@ -2,16 +2,20 @@ package main
 
 import (
 	"context"
+	"encoding/json"
 	"flag"
+	"fmt"
 	"os"
 	"os/signal"
 	"syscall"
 	"time"
 
 	"golang.org/x/exp/slog"
-	"nfsense.net/nfsense/pkg/definitions"
+	"nfsense.net/nfsense/internal/api/firewall"
-	"nfsense.net/nfsense/pkg/jsonrpc"
+	"nfsense.net/nfsense/internal/definitions"
-	"nfsense.net/nfsense/pkg/server"
+	"nfsense.net/nfsense/internal/jsonrpc"
+	"nfsense.net/nfsense/internal/nftables"
+	"nfsense.net/nfsense/internal/server"
 )
 
 func main() {
@@ -69,3 +73,38 @@ func main() {
 
 	slog.Info("Done")
 }
+
+func LoadConfiguration(file string) (*definitions.Config, error) {
+	var config definitions.Config
+	configFile, err := os.Open(file)
+	if err != nil {
+		return nil, fmt.Errorf("opening Config File %w", err)
+	}
+	defer configFile.Close()
+
+	jsonParser := json.NewDecoder(configFile)
+	jsonParser.DisallowUnknownFields()
+	err = jsonParser.Decode(&config)
+	if err != nil {
+		return nil, fmt.Errorf("decoding Config File %w", err)
+	}
+	return &config, nil
+}
+
+func RegisterAPIMethods(apiHandler *jsonrpc.Handler, conf *definitions.Config) {
+	apiHandler.Register("Firewall", &firewall.Firewall{Conf: conf})
+}
+
+func apply(conf *definitions.Config) error {
+	fileContent, err := nftables.GenerateNfTablesFile(*conf)
+	if err != nil {
+		return fmt.Errorf("Generating nftables file %w", err)
+	}
+
+	err = nftables.ApplyNfTablesFile(fileContent)
+	if err != nil {
+		return fmt.Errorf("Applying nftables %w", err)
+	}
+	slog.Info("Wrote nftables File!")
+	return nil
+}

pkg/session/session.go

@@ -13,6 +13,7 @@ type SessionKeyType string
 
 const SessionKey SessionKeyType = "session"
 const SessionCookieName string = "session"
+const SessionLiveTime = 15
 
 type Session struct {
 	Username string
@@ -42,7 +43,7 @@ func ExtendSession(s *Session) {
 	sessionsSync.Lock()
 	defer sessionsSync.Unlock()
 	if s != nil {
-		s.Expires = time.Now().Add(time.Minute * 5)
+		s.Expires = time.Now().Add(time.Minute * SessionLiveTime)
 	}
 }
 
@@ -60,7 +61,7 @@ func GetSession(r *http.Request) (string, *Session) {
 
 func GenerateSession(w http.ResponseWriter, username string) {
 	id := uuid.New().String()
-	expires := time.Now().Add(time.Minute * 5)
+	expires := time.Now().Add(time.Minute * SessionLiveTime)
 	sessionsSync.Lock()
 	defer sessionsSync.Unlock()
 	sessions[id] = &Session{