diff --git a/rust/relay/src/main.rs b/rust/relay/src/main.rs index 5d506dab3..ed467f431 100644 --- a/rust/relay/src/main.rs +++ b/rust/relay/src/main.rs @@ -15,7 +15,7 @@ use futures::{future, FutureExt}; use phoenix_channel::{Event, LoginUrl, NoParams, PhoenixChannel}; use rand::rngs::StdRng; use rand::{Rng, SeedableRng}; -use secrecy::{Secret, SecretString}; +use secrecy::{ExposeSecret, Secret, SecretString}; use std::borrow::Cow; use std::net::{Ipv4Addr, Ipv6Addr}; use std::pin::Pin; @@ -51,18 +51,11 @@ struct Args { /// The highest port used for TURN allocations. #[arg(long, env, hide = true, default_value = "65535")] highest_port: u16, - #[arg( - long, - env = "FIREZONE_API_URL", - hide = true, - default_value = "wss://api.firezone.dev" - )] + #[arg(long, env = "FIREZONE_API_URL")] api_url: Url, /// Token generated by the portal to authorize websocket connection. - /// - /// If omitted, we won't connect to the portal on startup. #[arg(env = "FIREZONE_TOKEN")] - token: Option, + token: SecretString, /// Used as the human name for this Relay to display in the portal. If not provided, /// the system hostname is used by default. #[arg(env = "FIREZONE_NAME")] @@ -161,40 +154,30 @@ async fn try_main(args: Args) -> Result<()> { make_is_healthy(last_heartbeat_sent.clone()), )); - let channel = if let Some(token) = args.token.as_ref() { - use secrecy::ExposeSecret; + let login = LoginUrl::relay( + args.api_url.clone(), + &args.token, + args.name.clone(), + args.listen_port, + args.public_ip4_addr, + args.public_ip6_addr, + )?; - let login = LoginUrl::relay( - args.api_url.clone(), - token, - args.name.clone(), - args.listen_port, - args.public_ip4_addr, - args.public_ip6_addr, - )?; - - let mut channel = PhoenixChannel::disconnected( - Secret::new(login), - format!("relay/{}", env!("CARGO_PKG_VERSION")), - "relay", - JoinMessage { - stamp_secret: server.auth_secret().expose_secret().to_string(), - }, - || { - ExponentialBackoffBuilder::default() - .with_max_elapsed_time(Some(MAX_PARTITION_TIME)) - .build() - }, - Arc::new(socket_factory::tcp), - )?; - channel.connect(NoParams); - - Some(channel) - } else { - tracing::info!(target: "relay", "No portal token supplied, starting standalone mode"); - - None - }; + let mut channel = PhoenixChannel::disconnected( + Secret::new(login), + format!("relay/{}", env!("CARGO_PKG_VERSION")), + "relay", + JoinMessage { + stamp_secret: server.auth_secret().expose_secret().to_string(), + }, + || { + ExponentialBackoffBuilder::default() + .with_max_elapsed_time(Some(MAX_PARTITION_TIME)) + .build() + }, + Arc::new(socket_factory::tcp), + )?; + channel.connect(NoParams); let mut eventloop = Eventloop::new(server, channel, public_addr, last_heartbeat_sent)?; @@ -366,7 +349,7 @@ where { fn new( server: Server, - channel: Option>, + channel: PhoenixChannel, public_address: IpStack, last_heartbeat_sent: Arc>>, ) -> Result { @@ -395,7 +378,7 @@ where Ok(Self { server, - channel, + channel: Some(channel), sleep: Sleep::default(), stats_log_interval: tokio::time::interval(STATS_LOG_INTERVAL), last_num_bytes_relayed: 0, @@ -726,16 +709,30 @@ mod tests { // Regression tests to ensure we can parse sockets as well as domains for the otlp-grpc endpoint. #[test] fn args_can_parse_otlp_endpoint_from_socket() { - let args = - Args::try_parse_from(["relay", "--otlp-grpc-endpoint", "127.0.0.1:4317"]).unwrap(); + let args = Args::try_parse_from([ + "relay", + "--otlp-grpc-endpoint", + "127.0.0.1:4317", + "--api-url", + "localhost:1234", + "TOKEN", + ]) + .unwrap(); assert_eq!(args.otlp_grpc_endpoint.unwrap(), "127.0.0.1:4317"); } #[test] fn args_can_parse_otlp_endpoint_from_domain() { - let args = - Args::try_parse_from(["relay", "--otlp-grpc-endpoint", "localhost:4317"]).unwrap(); + let args = Args::try_parse_from([ + "relay", + "--otlp-grpc-endpoint", + "localhost:4317", + "--api-url", + "localhost:1234", + "TOKEN", + ]) + .unwrap(); assert_eq!(args.otlp_grpc_endpoint.unwrap(), "localhost:4317"); }