refactor: squash commits

backend/utils/constants.js

@@ -0,0 +1,56 @@
+exports.defaultRulesSource = `
+# This is a default rule set that allows IPv4 and IPv6 traffic but otherwise
+# behaves like a standard Ethernet switch.
+
+#
+# Allow only IPv4, IPv4 ARP, and IPv6 Ethernet frames.
+#
+drop
+  not ethertype ipv4
+  and not ethertype arp
+  and not ethertype ipv6
+;
+
+#
+# Uncomment to drop non-ZeroTier issued and managed IP addresses.
+#
+# This prevents IP spoofing but also blocks manual IP management at the OS level and
+# bridging unless special rules to exempt certain hosts or traffic are added before
+# this rule.
+#
+#drop
+#  not chr ipauth
+#;
+
+# Accept anything else. This is required since default is 'drop'.
+accept;
+`;
+
+exports.defaultRules = `
+[
+  {
+   "type": "MATCH_ETHERTYPE",
+   "not": true,
+   "or": false,
+   "etherType": 2048
+  },
+  {
+   "type": "MATCH_ETHERTYPE",
+   "not": true,
+   "or": false,
+   "etherType": 2054
+  },
+  {
+   "type": "MATCH_ETHERTYPE",
+   "not": true,
+   "or": false,
+   "etherType": 34525
+  },
+  {
+   "type": "ACTION_DROP"
+  },
+  {
+   "type": "ACTION_ACCEPT"
+  }
+ ]
+`;

backend/utils/controller-api.js

@@ -0,0 +1,19 @@
+const axios = require("axios");
+const fs = require("fs");
+
+const baseURL = process.env.ZU_CONTROLLER_ENDPOINT || "http://localhost:9993/";
+
+var token;
+if (process.env.ZU_CONTROLLER_TOKEN) {
+  token = process.env.ZU_CONTROLLER_TOKEN;
+} else {
+  token = fs.readFileSync("/var/lib/zerotier-one/authtoken.secret", "utf8");
+}
+
+module.exports = axios.create({
+  baseURL: baseURL,
+  responseType: "json",
+  headers: {
+    "X-ZT1-Auth": token,
+  },
+});

backend/utils/db.js

@@ -0,0 +1,8 @@
+const low = require("lowdb");
+const FileSync = require("lowdb/adapters/FileSync");
+
+const adapter = new FileSync(process.env.ZU_DATAPATH || "data/db.json");
+
+const db = low(adapter);
+
+module.exports = db;

backend/utils/init-admin.js

@@ -0,0 +1,16 @@
+const crypto = require("crypto");
+const hashPassword = require("pbkdf2-wrapper/hashText");
+
+module.exports = async function () {
+  if (!process.env.ZU_DEFAULT_PASSWORD || !process.env.ZU_DEFAULT_USERNAME) {
+    console.error("ZU_DEFAULT_PASSWORD or ZU_DEFAULT_USERNAME not found!");
+    process.exit(1);
+  }
+  const username = process.env.ZU_DEFAULT_USERNAME;
+  const hash = await hashPassword(process.env.ZU_DEFAULT_PASSWORD);
+  return {
+    username: username,
+    password_hash: hash,
+    token: crypto.randomBytes(16).toString("hex"),
+  };
+};

backend/utils/zt-address.js

@@ -0,0 +1,6 @@
+const api = require("../utils/controller-api");
+
+module.exports = async function () {
+  const res = await api.get("status");
+  return res.data.address;
+};