[relay] Feature/relay integration (#2244)

This update adds new relay integration for NetBird clients. The new relay is based on web sockets and listens on a single port. - Adds new relay implementation with websocket with single port relaying mechanism - refactor peer connection logic, allowing upgrade and downgrade from/to P2P connection - peer connections are faster since it connects first to relay and then upgrades to P2P - maintains compatibility with old clients by not using the new relay - updates infrastructure scripts with new relay service
2025-08-16 18:11:58 +02:00 · 2024-09-08 12:06:14 +02:00
parent fcac02a92f
commit 0c039274a4
120 changed files with 9879 additions and 1940 deletions
--- a/relay/auth/hmac/token_test.go
+++ b/relay/auth/hmac/token_test.go
@ -0,0 +1,105 @@
+package hmac
+
+import (
+	"crypto/sha1"
+	"crypto/sha256"
+	"encoding/base64"
+	"strconv"
+	"testing"
+	"time"
+)
+
+func TestGenerateCredentials(t *testing.T) {
+	secret := "secret"
+	timeToLive := 1 * time.Hour
+	v := NewTimedHMAC(secret, timeToLive)
+
+	creds, err := v.GenerateToken(sha1.New)
+	if err != nil {
+		t.Fatalf("expected no error, got %v", err)
+	}
+
+	if creds.Payload == "" {
+		t.Fatalf("expected non-empty payload")
+	}
+
+	_, err = strconv.ParseInt(creds.Payload, 10, 64)
+	if err != nil {
+		t.Fatalf("expected payload to be a valid unix timestamp, got %v", err)
+	}
+
+	_, err = base64.StdEncoding.DecodeString(creds.Signature)
+	if err != nil {
+		t.Fatalf("expected signature to be base64 encoded, got %v", err)
+	}
+}
+
+func TestValidateCredentials(t *testing.T) {
+	secret := "supersecret"
+	timeToLive := 1 * time.Hour
+	manager := NewTimedHMAC(secret, timeToLive)
+
+	// Test valid token
+	creds, err := manager.GenerateToken(sha1.New)
+	if err != nil {
+		t.Fatalf("expected no error, got %v", err)
+	}
+
+	if err := manager.Validate(sha1.New, *creds); err != nil {
+		t.Fatalf("expected valid token: %s", err)
+	}
+}
+
+func TestInvalidSignature(t *testing.T) {
+	secret := "supersecret"
+	timeToLive := 1 * time.Hour
+	manager := NewTimedHMAC(secret, timeToLive)
+
+	creds, err := manager.GenerateToken(sha256.New)
+	if err != nil {
+		t.Fatalf("expected no error, got %v", err)
+	}
+
+	invalidCreds := &Token{
+		Payload:   creds.Payload,
+		Signature: "invalidsignature",
+	}
+
+	if err = manager.Validate(sha1.New, *invalidCreds); err == nil {
+		t.Fatalf("expected invalid token due to signature mismatch")
+	}
+}
+
+func TestExpired(t *testing.T) {
+	secret := "supersecret"
+	v := NewTimedHMAC(secret, -1*time.Hour)
+	expiredCreds, err := v.GenerateToken(sha256.New)
+	if err != nil {
+		t.Fatalf("expected no error, got %v", err)
+	}
+
+	if err = v.Validate(sha1.New, *expiredCreds); err == nil {
+		t.Fatalf("expected invalid token due to expiration")
+	}
+}
+
+func TestInvalidPayload(t *testing.T) {
+	secret := "supersecret"
+	timeToLive := 1 * time.Hour
+	v := NewTimedHMAC(secret, timeToLive)
+
+	creds, err := v.GenerateToken(sha256.New)
+	if err != nil {
+		t.Fatalf("expected no error, got %v", err)
+	}
+
+	// Test invalid payload
+	invalidPayloadCreds := &Token{
+		Payload:   "invalidtimestamp",
+		Signature: creds.Signature,
+	}
+
+	if err = v.Validate(sha1.New, *invalidPayloadCreds); err == nil {
+		t.Fatalf("expected invalid token due to invalid payload")
+	}
+}