Fix/docker compose up (#1705)

This PR fixes `docker compose up` but it doesn't have the test client -> resource flow working but it prevent anything from erroring at startup. This fixes: * tokens (use the correct token for the client user agent we are using) * randomize `name_suffix` at start up for connlib (we will eventually allow options to set it manually) * remove port ranges for relay (see firezone/product#613)
2026-01-27 10:18:54 +00:00 · 2023-06-28 15:48:33 -03:00
parent a4810986c7
commit 720b2f8cd9
7 changed files with 58 additions and 14 deletions
--- a/rust/Cargo.lock
+++ b/rust/Cargo.lock
@@ -1549,6 +1549,7 @@ dependencies = [
 "futures-util",
 "ip_network",
 "os_info",
+ "rand",
 "rand_core 0.6.4",
 "rtnetlink",
 "serde",
--- a/rust/Dockerfile
+++ b/rust/Dockerfile
@@ -18,4 +18,13 @@ COPY --from=BUILDER /usr/local/bin/$PACKAGE .
 ENV RUST_BACKTRACE=1
 ENV PATH "/app:$PATH"
 ENV PACKAGE_NAME ${PACKAGE}
-CMD ${PACKAGE_NAME}
+# Some black magics here:
+# we need to use `/bin/sh -c` so that the env variable is correctly replaced
+# but then everything in `CMD` is placed after the executed string, so we need
+# to move it inside, these are passed as the variables `$0`, `$1`, `$2`, etc...
+# this means that this will ignore after the first arguments
+# if we ever combine this with `CMD` in exec form  so always use shell form
+# (Note we could use shell-form here, but this is the same made explicit)
+ENTRYPOINT ["/bin/sh", "-c", "$PACKAGE_NAME $0"]
+# *sigh* if we don't add this $0 becomes /bin/sh in the command above
+CMD [""]
--- a/rust/Dockerfile.dev
+++ b/rust/Dockerfile.dev
@@ -17,4 +17,13 @@ COPY --from=BUILDER /usr/local/bin/$PACKAGE .
 ENV RUST_BACKTRACE=1
 ENV PATH "/app:$PATH"
 ENV PACKAGE_NAME ${PACKAGE}
-CMD ${PACKAGE_NAME}
+# Some black magics here:
+# we need to use `/bin/sh -c` so that the env variable is correctly replaced
+# but then everything in `CMD` is placed after the executed string, so we need
+# to move it inside, these are passed as the variables `$0`, `$1`, `$2`, etc...
+# this means that this will ignore after the first arguments
+# if we ever combine this with `CMD` in exec form  so always use shell form
+# (Note we could use shell-form here, but this is the same made explicit)
+ENTRYPOINT ["/bin/sh", "-c", "$PACKAGE_NAME $0"]
+# *sigh* if we don't add this $0 becomes /bin/sh in the command above
+CMD [""]
--- a/rust/connlib/libs/common/Cargo.toml
+++ b/rust/connlib/libs/common/Cargo.toml
@@ -26,6 +26,7 @@ backoff = { version = "0.4", default-features = false }
 ip_network = { version = "0.4", default-features = false, features = ["serde"] }
 boringtun = { workspace = true }
 os_info = { version = "3", default-features = false }
+rand = { version = "0.8", default-features = false, features = ["std"] }

 [target.'cfg(any(target_os = "macos", target_os = "ios"))'.dependencies]
 swift-bridge = { workspace = true }
--- a/rust/connlib/libs/common/src/session.rs
+++ b/rust/connlib/libs/common/src/session.rs
@@ -1,6 +1,7 @@
 use async_trait::async_trait;
 use backoff::{backoff::Backoff, ExponentialBackoffBuilder};
 use boringtun::x25519::{PublicKey, StaticSecret};
+use rand::{distributions::Alphanumeric, thread_rng, Rng};
 use rand_core::OsRng;
 use std::{
    marker::PhantomData,
@@ -126,8 +127,9 @@ where
        runtime.spawn(async move {
                let private_key = StaticSecret::random_from_rng(OsRng);
                let self_id = uuid::Uuid::new_v4();
+                let name_suffix: String = thread_rng().sample_iter(&Alphanumeric).take(8).map(char::from).collect();

-                let connect_url = fatal_error!(get_websocket_path(portal_url, token, T::socket_path(), &Key(PublicKey::from(&private_key).to_bytes()), &self_id.to_string()), callbacks);
+                let connect_url = fatal_error!(get_websocket_path(portal_url, token, T::socket_path(), &Key(PublicKey::from(&private_key).to_bytes()), &self_id.to_string(), &name_suffix), callbacks);

                let (sender, mut receiver) = fatal_error!(T::start(private_key, callbacks.clone()).await, callbacks);

@@ -223,6 +225,7 @@ fn get_websocket_path(
    mode: &str,
    public_key: &Key,
    external_id: &str,
+    name_suffix: &str,
 ) -> Result<Url> {
    {
        let mut paths = url.path_segments_mut().map_err(|_| Error::UriError)?;
@@ -237,7 +240,7 @@ fn get_websocket_path(
        query_pairs.append_pair("token", &secret);
        query_pairs.append_pair("public_key", &public_key.to_string());
        query_pairs.append_pair("external_id", external_id);
-        query_pairs.append_pair("name_suffix", "todo");
+        query_pairs.append_pair("name_suffix", name_suffix);
    }

    Ok(url)