balena-supervisor/src/supervisor-api.coffee

Promise = require 'bluebird'
express = require 'express'
bufferEq = require 'buffer-equal-constant-time'
blink = require './lib/blink'
iptables = require './lib/iptables'
{ checkTruthy } = require './lib/validation'

authenticate = (config) ->
	return (req, res, next) ->
		queryKey = req.query.apikey
		header = req.get('Authorization') ? ''
		match = header.match(/^ApiKey (\w+)$/)
		headerKey = match?[1]
		config.getMany([ 'apiSecret', 'localMode', 'unmanaged', 'osVariant' ])
		.then (conf) ->
			needsAuth = if conf.unmanaged
				conf.osVariant is 'prod'
			else
				not conf.localMode

			if needsAuth
				key = queryKey ? headerKey
				if bufferEq(Buffer.from(key), Buffer.from(conf.apiSecret))
					next()
				else
					res.sendStatus(401)
			else
				next()
		.catch (err) ->
			res.status(503).send("Unexpected error: #{err}")

module.exports = class SupervisorAPI
	constructor: ({ @config, @eventTracker, @routers, @healthchecks }) ->
		@server = null
		@_api = express()
		@_api.disable('x-powered-by')

		@_api.get '/v1/healthy', (req, res) =>
			Promise.map @healthchecks, (fn) ->
				fn()
				.then (healthy) ->
					if !healthy
						throw new Error('Unhealthy')
			.then ->
				res.sendStatus(200)
			.catch ->
				res.sendStatus(500)

		@_api.use(authenticate(@config))

		@_api.get '/ping', (req, res) ->
			res.send('OK')

		@_api.post '/v1/blink', (req, res) =>
			@eventTracker.track('Device blink')
			blink.pattern.start()
			setTimeout(blink.pattern.stop, 15000)
			res.sendStatus(200)

		# Expires the supervisor's API key and generates a new one.
		# It also communicates the new key to the balena API.
		@_api.post '/v1/regenerate-api-key', (req, res) =>
			@config.newUniqueKey()
			.then (secret) =>
				@config.set(apiSecret: secret)
				.then ->
					res.status(200).send(secret)
			.catch (err) ->
				res.status(503).send(err?.message or err or 'Unknown error')


		for router in @routers
			@_api.use(router)

	listen: (allowedInterfaces, port, apiTimeout) =>
		@config.get('localMode').then (localMode) =>
			@applyListeningRules(checkTruthy(localMode), port, allowedInterfaces)
		.then =>
			# Monitor the switching of local mode, and change which interfaces will
			# be listented to based on that
			@config.on 'change', (changedConfig) =>
				if changedConfig.localMode?
					@applyListeningRules(changedConfig.localMode, port, allowedInterfaces)
		.then =>
			@server = @_api.listen(port)
			@server.timeout = apiTimeout

	applyListeningRules: (allInterfaces, port, allowedInterfaces) =>
		Promise.try ->
			if checkTruthy(allInterfaces)
				iptables.removeRejections(port).then ->
					console.log('Supervisor API listening on all interfaces')
			else
				iptables.rejectOnAllInterfacesExcept(allowedInterfaces, port).then ->
					console.log('Supervisor API listening on allowed interfaces only')
		.catch (e) =>
			# If there's an error, stop the supervisor api from answering any endpoints,
			# and this will eventually be restarted by the healthcheck
			console.log('Error on switching supervisor API listening rules - stopping API.')
			console.log('  ', e)
			if @server?
				@stop()

	stop: ->
		@server.close()
Use a supervisor0 network interface for the supervisor network API. Remove RESIN_APP_COMMIT and RESIN_APP_RELEASE env vars. Also add support for several networks per container (but with no configuration yet). Also some bugfixes and implement healthcheck and not disabling VPN on startup. Change-Type: major Signed-off-by: Pablo Carranza Velez <pablo@resin.io> 2017-12-08 01:18:21 +00:00			`Promise = require 'bluebird'`
Supervisor: Implement a Supervisor class with a SupervisorAPI This will be the top level object in the multicontainer supervisor, using the following objects to perform its duties: * A DB object to manage the sqlite database models * A Config object to manage configuration in sqlite and config.json * An EventTracker to track events and send them to mixpanel * A DeviceState object to manage the device state, including containers, device configuration and dependent devices * An APIBinder object to manage all interactions with the Resin API * The SupervisorAPI, implemented here, which exposes functionality from the other objects over an HTTP API with apikey authentication. We also include an iptables module that the SupervisorAPI will use to only allow traffic from certain interfaces. Signed-off-by: Pablo Carranza Velez <pablo@resin.io> 2017-10-30 21:54:02 +00:00			`express = require 'express'`
			`bufferEq = require 'buffer-equal-constant-time'`
			`blink = require './lib/blink'`
			`iptables = require './lib/iptables'`
			`{ checkTruthy } = require './lib/validation'`

			`authenticate = (config) ->`
			`return (req, res, next) ->`
			`queryKey = req.query.apikey`
			`header = req.get('Authorization') ? ''`
			`match = header.match(/^ApiKey (\w+)$/)`
			`headerKey = match?[1]`
Require an apikey for supervisor api in production unmanaged Change-type: minor Signed-off-by: Cameron Diver <cameron@balena.io> 2018-12-12 12:42:53 +00:00			`config.getMany([ 'apiSecret', 'localMode', 'unmanaged', 'osVariant' ])`
Supervisor: Implement a Supervisor class with a SupervisorAPI This will be the top level object in the multicontainer supervisor, using the following objects to perform its duties: * A DB object to manage the sqlite database models * A Config object to manage configuration in sqlite and config.json * An EventTracker to track events and send them to mixpanel * A DeviceState object to manage the device state, including containers, device configuration and dependent devices * An APIBinder object to manage all interactions with the Resin API * The SupervisorAPI, implemented here, which exposes functionality from the other objects over an HTTP API with apikey authentication. We also include an iptables module that the SupervisorAPI will use to only allow traffic from certain interfaces. Signed-off-by: Pablo Carranza Velez <pablo@resin.io> 2017-10-30 21:54:02 +00:00			`.then (conf) ->`
Require an apikey for supervisor api in production unmanaged Change-type: minor Signed-off-by: Cameron Diver <cameron@balena.io> 2018-12-12 12:42:53 +00:00			`needsAuth = if conf.unmanaged`
			`conf.osVariant is 'prod'`
Supervisor: Implement a Supervisor class with a SupervisorAPI This will be the top level object in the multicontainer supervisor, using the following objects to perform its duties: * A DB object to manage the sqlite database models * A Config object to manage configuration in sqlite and config.json * An EventTracker to track events and send them to mixpanel * A DeviceState object to manage the device state, including containers, device configuration and dependent devices * An APIBinder object to manage all interactions with the Resin API * The SupervisorAPI, implemented here, which exposes functionality from the other objects over an HTTP API with apikey authentication. We also include an iptables module that the SupervisorAPI will use to only allow traffic from certain interfaces. Signed-off-by: Pablo Carranza Velez <pablo@resin.io> 2017-10-30 21:54:02 +00:00			`else`
Require an apikey for supervisor api in production unmanaged Change-type: minor Signed-off-by: Cameron Diver <cameron@balena.io> 2018-12-12 12:42:53 +00:00			`not conf.localMode`

			`if needsAuth`
			`key = queryKey ? headerKey`
			`if bufferEq(Buffer.from(key), Buffer.from(conf.apiSecret))`
			`next()`
			`else`
			`res.sendStatus(401)`
			`else`
			`next()`
Supervisor: Implement a Supervisor class with a SupervisorAPI This will be the top level object in the multicontainer supervisor, using the following objects to perform its duties: * A DB object to manage the sqlite database models * A Config object to manage configuration in sqlite and config.json * An EventTracker to track events and send them to mixpanel * A DeviceState object to manage the device state, including containers, device configuration and dependent devices * An APIBinder object to manage all interactions with the Resin API * The SupervisorAPI, implemented here, which exposes functionality from the other objects over an HTTP API with apikey authentication. We also include an iptables module that the SupervisorAPI will use to only allow traffic from certain interfaces. Signed-off-by: Pablo Carranza Velez <pablo@resin.io> 2017-10-30 21:54:02 +00:00			`.catch (err) ->`
Require an apikey for supervisor api in production unmanaged Change-type: minor Signed-off-by: Cameron Diver <cameron@balena.io> 2018-12-12 12:42:53 +00:00			`res.status(503).send("Unexpected error: #{err}")`
Supervisor: Implement a Supervisor class with a SupervisorAPI This will be the top level object in the multicontainer supervisor, using the following objects to perform its duties: * A DB object to manage the sqlite database models * A Config object to manage configuration in sqlite and config.json * An EventTracker to track events and send them to mixpanel * A DeviceState object to manage the device state, including containers, device configuration and dependent devices * An APIBinder object to manage all interactions with the Resin API * The SupervisorAPI, implemented here, which exposes functionality from the other objects over an HTTP API with apikey authentication. We also include an iptables module that the SupervisorAPI will use to only allow traffic from certain interfaces. Signed-off-by: Pablo Carranza Velez <pablo@resin.io> 2017-10-30 21:54:02 +00:00
			`module.exports = class SupervisorAPI`
Use a supervisor0 network interface for the supervisor network API. Remove RESIN_APP_COMMIT and RESIN_APP_RELEASE env vars. Also add support for several networks per container (but with no configuration yet). Also some bugfixes and implement healthcheck and not disabling VPN on startup. Change-Type: major Signed-off-by: Pablo Carranza Velez <pablo@resin.io> 2017-12-08 01:18:21 +00:00			`constructor: ({ @config, @eventTracker, @routers, @healthchecks }) ->`
Supervisor: Implement a Supervisor class with a SupervisorAPI This will be the top level object in the multicontainer supervisor, using the following objects to perform its duties: * A DB object to manage the sqlite database models * A Config object to manage configuration in sqlite and config.json * An EventTracker to track events and send them to mixpanel * A DeviceState object to manage the device state, including containers, device configuration and dependent devices * An APIBinder object to manage all interactions with the Resin API * The SupervisorAPI, implemented here, which exposes functionality from the other objects over an HTTP API with apikey authentication. We also include an iptables module that the SupervisorAPI will use to only allow traffic from certain interfaces. Signed-off-by: Pablo Carranza Velez <pablo@resin.io> 2017-10-30 21:54:02 +00:00			`@server = null`
			`@_api = express()`
Disable express' x-powered-by header Change-type: patch Signed-off-by: Pagan Gazzard <page@resin.io> 2018-10-16 11:26:21 +00:00			`@_api.disable('x-powered-by')`
Supervisor: Implement a Supervisor class with a SupervisorAPI This will be the top level object in the multicontainer supervisor, using the following objects to perform its duties: * A DB object to manage the sqlite database models * A Config object to manage configuration in sqlite and config.json * An EventTracker to track events and send them to mixpanel * A DeviceState object to manage the device state, including containers, device configuration and dependent devices * An APIBinder object to manage all interactions with the Resin API * The SupervisorAPI, implemented here, which exposes functionality from the other objects over an HTTP API with apikey authentication. We also include an iptables module that the SupervisorAPI will use to only allow traffic from certain interfaces. Signed-off-by: Pablo Carranza Velez <pablo@resin.io> 2017-10-30 21:54:02 +00:00
Use a supervisor0 network interface for the supervisor network API. Remove RESIN_APP_COMMIT and RESIN_APP_RELEASE env vars. Also add support for several networks per container (but with no configuration yet). Also some bugfixes and implement healthcheck and not disabling VPN on startup. Change-Type: major Signed-off-by: Pablo Carranza Velez <pablo@resin.io> 2017-12-08 01:18:21 +00:00			`@_api.get '/v1/healthy', (req, res) =>`
			`Promise.map @healthchecks, (fn) ->`
			`fn()`
			`.then (healthy) ->`
			`if !healthy`
			`throw new Error('Unhealthy')`
			`.then ->`
			`res.sendStatus(200)`
			`.catch ->`
			`res.sendStatus(500)`

Supervisor: Implement a Supervisor class with a SupervisorAPI This will be the top level object in the multicontainer supervisor, using the following objects to perform its duties: * A DB object to manage the sqlite database models * A Config object to manage configuration in sqlite and config.json * An EventTracker to track events and send them to mixpanel * A DeviceState object to manage the device state, including containers, device configuration and dependent devices * An APIBinder object to manage all interactions with the Resin API * The SupervisorAPI, implemented here, which exposes functionality from the other objects over an HTTP API with apikey authentication. We also include an iptables module that the SupervisorAPI will use to only allow traffic from certain interfaces. Signed-off-by: Pablo Carranza Velez <pablo@resin.io> 2017-10-30 21:54:02 +00:00			`@_api.use(authenticate(@config))`

			`@_api.get '/ping', (req, res) ->`
			`res.send('OK')`

			`@_api.post '/v1/blink', (req, res) =>`
			`@eventTracker.track('Device blink')`
			`blink.pattern.start()`
			`setTimeout(blink.pattern.stop, 15000)`
			`res.sendStatus(200)`

			`# Expires the supervisor's API key and generates a new one.`
Rename most of the documentation and variable names from resin to balena Change-type: minor Signed-off-by: Pablo Carranza Velez <pablo@balena.io> 2018-10-18 18:52:35 +00:00			`# It also communicates the new key to the balena API.`
Supervisor: Implement a Supervisor class with a SupervisorAPI This will be the top level object in the multicontainer supervisor, using the following objects to perform its duties: * A DB object to manage the sqlite database models * A Config object to manage configuration in sqlite and config.json * An EventTracker to track events and send them to mixpanel * A DeviceState object to manage the device state, including containers, device configuration and dependent devices * An APIBinder object to manage all interactions with the Resin API * The SupervisorAPI, implemented here, which exposes functionality from the other objects over an HTTP API with apikey authentication. We also include an iptables module that the SupervisorAPI will use to only allow traffic from certain interfaces. Signed-off-by: Pablo Carranza Velez <pablo@resin.io> 2017-10-30 21:54:02 +00:00			`@_api.post '/v1/regenerate-api-key', (req, res) =>`
			`@config.newUniqueKey()`
			`.then (secret) =>`
			`@config.set(apiSecret: secret)`
			`.then ->`
			`res.status(200).send(secret)`
			`.catch (err) ->`
			`res.status(503).send(err?.message or err or 'Unknown error')`

Use a supervisor0 network interface for the supervisor network API. Remove RESIN_APP_COMMIT and RESIN_APP_RELEASE env vars. Also add support for several networks per container (but with no configuration yet). Also some bugfixes and implement healthcheck and not disabling VPN on startup. Change-Type: major Signed-off-by: Pablo Carranza Velez <pablo@resin.io> 2017-12-08 01:18:21 +00:00
Switch to using knex migrations to set up the database, and change the database format to use integers for ids instead of strings. Also includes various improvements and bugfixes to services and the migration from legacy /data to volumes. The switch ti migrations involves a dirty hack for webpack to properly resolve the paths to the migrations js files - it uses an expression that webpack can't resolve, so we hardcode it to a value and use the ContextReplacementPlugin to make that value resolve to the migrations folder. The downsides to this approach are: - a change in knex code would break this - the migration code is added twice to the supervisor image: once in the migrations folder (because knex needs to loop through the directory to find the files), and once inside app.js (because I can't make webpack treat them as external) Signed-off-by: Pablo Carranza Velez <pablo@resin.io> 2017-11-29 21:32:57 +00:00			`for router in @routers`
Supervisor: Implement a Supervisor class with a SupervisorAPI This will be the top level object in the multicontainer supervisor, using the following objects to perform its duties: * A DB object to manage the sqlite database models * A Config object to manage configuration in sqlite and config.json * An EventTracker to track events and send them to mixpanel * A DeviceState object to manage the device state, including containers, device configuration and dependent devices * An APIBinder object to manage all interactions with the Resin API * The SupervisorAPI, implemented here, which exposes functionality from the other objects over an HTTP API with apikey authentication. We also include an iptables module that the SupervisorAPI will use to only allow traffic from certain interfaces. Signed-off-by: Pablo Carranza Velez <pablo@resin.io> 2017-10-30 21:54:02 +00:00			`@_api.use(router)`

			`listen: (allowedInterfaces, port, apiTimeout) =>`
Support setting target state in local mode from supervisor API Change-type: minor Closes: #689 Signed-off-by: Cameron Diver <cameron@resin.io> 2018-09-28 13:32:38 +00:00			`@config.get('localMode').then (localMode) =>`
			`@applyListeningRules(checkTruthy(localMode), port, allowedInterfaces)`
			`.then =>`
			`# Monitor the switching of local mode, and change which interfaces will`
			`# be listented to based on that`
			`@config.on 'change', (changedConfig) =>`
			`if changedConfig.localMode?`
			`@applyListeningRules(changedConfig.localMode, port, allowedInterfaces)`
Supervisor: Implement a Supervisor class with a SupervisorAPI This will be the top level object in the multicontainer supervisor, using the following objects to perform its duties: * A DB object to manage the sqlite database models * A Config object to manage configuration in sqlite and config.json * An EventTracker to track events and send them to mixpanel * A DeviceState object to manage the device state, including containers, device configuration and dependent devices * An APIBinder object to manage all interactions with the Resin API * The SupervisorAPI, implemented here, which exposes functionality from the other objects over an HTTP API with apikey authentication. We also include an iptables module that the SupervisorAPI will use to only allow traffic from certain interfaces. Signed-off-by: Pablo Carranza Velez <pablo@resin.io> 2017-10-30 21:54:02 +00:00			`.then =>`
			`@server = @_api.listen(port)`
			`@server.timeout = apiTimeout`

Support setting target state in local mode from supervisor API Change-type: minor Closes: #689 Signed-off-by: Cameron Diver <cameron@resin.io> 2018-09-28 13:32:38 +00:00			`applyListeningRules: (allInterfaces, port, allowedInterfaces) =>`
			`Promise.try ->`
			`if checkTruthy(allInterfaces)`
			`iptables.removeRejections(port).then ->`
			`console.log('Supervisor API listening on all interfaces')`
			`else`
			`iptables.rejectOnAllInterfacesExcept(allowedInterfaces, port).then ->`
			`console.log('Supervisor API listening on allowed interfaces only')`
			`.catch (e) =>`
			`# If there's an error, stop the supervisor api from answering any endpoints,`
			`# and this will eventually be restarted by the healthcheck`
			`console.log('Error on switching supervisor API listening rules - stopping API.')`
			`console.log(' ', e)`
			`if @server?`
			`@stop()`

Supervisor: Implement a Supervisor class with a SupervisorAPI This will be the top level object in the multicontainer supervisor, using the following objects to perform its duties: * A DB object to manage the sqlite database models * A Config object to manage configuration in sqlite and config.json * An EventTracker to track events and send them to mixpanel * A DeviceState object to manage the device state, including containers, device configuration and dependent devices * An APIBinder object to manage all interactions with the Resin API * The SupervisorAPI, implemented here, which exposes functionality from the other objects over an HTTP API with apikey authentication. We also include an iptables module that the SupervisorAPI will use to only allow traffic from certain interfaces. Signed-off-by: Pablo Carranza Velez <pablo@resin.io> 2017-10-30 21:54:02 +00:00			`stop: ->`
			`@server.close()`