From 3c24e24d71cc96ab3e738006104809004a44a3db Mon Sep 17 00:00:00 2001
From: Alejandro Mery <amery@jpi.io>
Date: Wed, 30 Aug 2023 00:38:54 +0000
Subject: [PATCH] wireguard: switch from gcfg to asciigoat.org/ini/basic

Signed-off-by: Alejandro Mery <amery@jpi.io>
---
 go.mod                         |   2 -
 go.sum                         |   4 -
 pkg/wireguard/config.go        | 119 ++---------------------
 pkg/wireguard/config_parser.go | 169 +++++++++++++++++++++++++++++++++
 4 files changed, 177 insertions(+), 117 deletions(-)
 create mode 100644 pkg/wireguard/config_parser.go

diff --git a/go.mod b/go.mod
index 2f01039..26ba593 100644
--- a/go.mod
+++ b/go.mod
@@ -17,7 +17,6 @@ require (
 	github.com/spf13/cobra v1.8.0
 	golang.org/x/crypto v0.20.0
 	golang.org/x/net v0.21.0
-	gopkg.in/gcfg.v1 v1.2.3
 	gopkg.in/yaml.v3 v3.0.1
 )
 
@@ -50,5 +49,4 @@ require (
 	golang.org/x/sys v0.17.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/tools v0.18.0 // indirect
-	gopkg.in/warnings.v0 v0.1.2 // indirect
 )
diff --git a/go.sum b/go.sum
index 3523550..ed0ce2f 100644
--- a/go.sum
+++ b/go.sum
@@ -115,10 +115,6 @@ golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ=
 golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
-gopkg.in/gcfg.v1 v1.2.3 h1:m8OOJ4ccYHnx2f4gQwpno8nAX5OGOh7RLaaz0pj3Ogs=
-gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o=
-gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
-gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/pkg/wireguard/config.go b/pkg/wireguard/config.go
index c8ad1dd..8643db4 100644
--- a/pkg/wireguard/config.go
+++ b/pkg/wireguard/config.go
@@ -2,7 +2,6 @@ package wireguard
 
 import (
 	"bytes"
-	"errors"
 	"fmt"
 	"io"
 	"net/netip"
@@ -10,8 +9,8 @@ import (
 	"strings"
 	"text/template"
 
+	"asciigoat.org/ini/basic"
 	"darvaza.org/core"
-	"gopkg.in/gcfg.v1"
 )
 
 var configTemplate = template.Must(template.New("config").Funcs(template.FuncMap{
@@ -132,100 +131,6 @@ func (ep *EndpointAddress) FromString(s string) error {
 	return nil
 }
 
-type intermediateConfig struct {
-	Interface interfaceConfig
-	Peer      peersConfig
-}
-
-func (v *intermediateConfig) Export() (*Config, error) {
-	var out Config
-	var err error
-
-	// Interface
-	out.Interface, err = v.Interface.Export()
-	if err != nil {
-		return nil, err
-	}
-
-	// Peers
-	peers, ok := v.PeersCount()
-	if !ok {
-		return nil, errors.New("inconsistent Peer data")
-	}
-
-	for i := 0; i < peers; i++ {
-		p, err := v.ExportPeer(i)
-		if err != nil {
-			err = core.Wrap(err, "Peer[%v]:", i)
-			return nil, err
-		}
-
-		out.Peer = append(out.Peer, p)
-	}
-
-	return &out, nil
-}
-
-type interfaceConfig struct {
-	Address    netip.Addr
-	PrivateKey string
-	ListenPort uint16
-}
-
-func (p interfaceConfig) Export() (InterfaceConfig, error) {
-	var err error
-
-	out := InterfaceConfig{
-		Address:    p.Address,
-		ListenPort: p.ListenPort,
-	}
-
-	if p.PrivateKey != "" {
-		out.PrivateKey, err = PrivateKeyFromBase64(p.PrivateKey)
-		if err != nil {
-			err = core.Wrap(err, "PrivateKey")
-			return InterfaceConfig{}, err
-		}
-	}
-
-	return out, nil
-}
-
-type peersConfig struct {
-	PublicKey  []string
-	Endpoint   []string
-	AllowedIPs []string
-}
-
-func (v *intermediateConfig) ExportPeer(i int) (PeerConfig, error) {
-	var out PeerConfig
-
-	// Endpoint
-	s := v.Peer.Endpoint[i]
-	err := out.Endpoint.FromString(s)
-	if err != nil {
-		err = core.Wrap(err, "Endpoint")
-		return out, err
-	}
-
-	// PublicKey
-	out.PublicKey, err = PublicKeyFromBase64(v.Peer.PublicKey[i])
-	if err != nil {
-		err = core.Wrap(err, "PublicKey")
-		return out, err
-	}
-
-	// AllowedIPs
-	s = v.Peer.AllowedIPs[i]
-	out.AllowedIPs, err = parseAllowedIPs(s)
-	if err != nil {
-		err = core.Wrap(err, "AllowedIPs")
-		return out, err
-	}
-
-	return out, nil
-}
-
 func parseAllowedIPs(data string) ([]netip.Prefix, error) {
 	var out []netip.Prefix
 
@@ -242,25 +147,17 @@ func parseAllowedIPs(data string) ([]netip.Prefix, error) {
 	return out, nil
 }
 
-func (v *intermediateConfig) PeersCount() (int, bool) {
-	c0 := len(v.Peer.Endpoint)
-	c1 := len(v.Peer.PublicKey)
-	c2 := len(v.Peer.AllowedIPs)
-
-	if c0 != c1 || c1 != c2 {
-		return 0, false
-	}
-
-	return c0, true
-}
-
 // NewConfigFromReader parses a wgN.conf file
 func NewConfigFromReader(r io.Reader) (*Config, error) {
-	temp := &intermediateConfig{}
+	doc, err := basic.Decode(r)
+	if err != nil {
+		return nil, err
+	}
 
-	if err := gcfg.ReadInto(temp, r); err != nil {
+	cfg, err := newConfigFromDocument(doc)
+	if err != nil {
 		return nil, err
 	}
 
-	return temp.Export()
+	return cfg, nil
 }
diff --git a/pkg/wireguard/config_parser.go b/pkg/wireguard/config_parser.go
new file mode 100644
index 0000000..e07a78e
--- /dev/null
+++ b/pkg/wireguard/config_parser.go
@@ -0,0 +1,169 @@
+package wireguard
+
+import (
+	"io/fs"
+	"strconv"
+
+	"asciigoat.org/ini/basic"
+	"darvaza.org/core"
+)
+
+type sectionHandler func(*Config, *basic.Section) error
+
+var sectionMap = map[string]func(*Config, *basic.Section) error{
+	"Interface": loadInterfaceConfSection,
+	"Peer":      loadPeerConfSection,
+}
+
+func loadConfSection(out *Config, src *basic.Section) error {
+	h, ok := sectionMap[src.Key]
+	if !ok {
+		return core.Wrap(fs.ErrInvalid, "unknown section %q", src.Key)
+	}
+
+	return h(out, src)
+}
+
+func loadInterfaceConfSection(out *Config, src *basic.Section) error {
+	var cfg InterfaceConfig
+
+	for _, field := range src.Fields {
+		if err := loadInterfaceConfField(&cfg, field); err != nil {
+			return core.Wrap(err, "Interface")
+		}
+	}
+
+	out.Interface = cfg
+	return nil
+}
+
+func loadPeerConfSection(out *Config, src *basic.Section) error {
+	var cfg PeerConfig
+
+	for _, field := range src.Fields {
+		if err := loadPeerConfField(&cfg, field); err != nil {
+			return core.Wrap(err, "Peer[%v]", len(out.Peer))
+		}
+	}
+
+	out.Peer = append(out.Peer, cfg)
+	return nil
+}
+
+// revive:disable:cyclomatic
+// revive:disable:cognitive-complexity
+
+func loadInterfaceConfField(cfg *InterfaceConfig, field basic.Field) error {
+	// revive:enable:cyclomatic
+	// revive:enable:cognitive-complexity
+
+	// TODO: refactor when asciigoat's ini parser learns to do reflection
+	switch field.Key {
+	case "Address":
+		if !core.IsZero(cfg.Address) {
+			return core.Wrap(fs.ErrInvalid, "duplicate field %q", field.Key)
+		}
+
+		err := cfg.Address.UnmarshalText([]byte(field.Value))
+		switch {
+		case err != nil:
+			return core.Wrap(err, field.Key)
+		default:
+			return nil
+		}
+	case "PrivateKey":
+		if !core.IsZero(cfg.PrivateKey) {
+			return core.Wrap(fs.ErrInvalid, "duplicate field %q", field.Key)
+		}
+
+		err := cfg.PrivateKey.UnmarshalText([]byte(field.Value))
+		switch {
+		case err != nil:
+			return core.Wrap(err, field.Key)
+		default:
+			return nil
+		}
+	case "ListenPort":
+		if cfg.ListenPort > 0 {
+			return core.Wrap(fs.ErrInvalid, "duplicate field %q", field.Key)
+		}
+
+		u64, err := strconv.ParseUint(field.Value, 10, 16)
+		switch {
+		case err != nil:
+			return core.Wrap(err, field.Key)
+		case u64 == 0:
+			return core.Wrap(fs.ErrInvalid, "invalid %q value", field.Key)
+		default:
+			cfg.ListenPort = uint16(u64)
+			return nil
+		}
+	default:
+		return core.Wrap(fs.ErrInvalid, "unknown field %q", field.Key)
+	}
+}
+
+// revive:disable:cyclomatic
+// revive:disable:cognitive-complexity
+
+func loadPeerConfField(cfg *PeerConfig, field basic.Field) error {
+	// revive:enable:cyclomatic
+	// revive:enable:cognitive-complexity
+
+	switch field.Key {
+	case "PublicKey":
+		if !core.IsZero(cfg.PublicKey) {
+			return core.Wrap(fs.ErrInvalid, "duplicate field %q", field.Key)
+		}
+
+		err := cfg.PublicKey.UnmarshalText([]byte(field.Value))
+		switch {
+		case err != nil:
+			return core.Wrap(err, field.Key)
+		default:
+			return nil
+		}
+	case "Endpoint":
+		if cfg.Endpoint.String() != "" {
+			return core.Wrap(fs.ErrInvalid, "duplicate field %q", field.Key)
+		}
+
+		err := cfg.Endpoint.UnmarshalText([]byte(field.Value))
+		switch {
+		case err != nil:
+			return core.Wrap(err, field.Key)
+		default:
+			return nil
+		}
+	case "AllowedIPs":
+		s, err := parseAllowedIPs(field.Value)
+		switch {
+		case err != nil:
+			return core.Wrap(err, field.Key)
+		case len(s) > 0:
+			cfg.AllowedIPs = append(cfg.AllowedIPs, s...)
+			return nil
+		}
+	default:
+		return core.Wrap(fs.ErrInvalid, "unknown field %q", field.Key)
+	}
+	return nil
+}
+
+func newConfigFromDocument(doc *basic.Document) (*Config, error) {
+	var out Config
+
+	if len(doc.Global) > 0 {
+		err := core.Wrap(fs.ErrInvalid, "fields before the first section")
+		return nil, err
+	}
+
+	for i := range doc.Sections {
+		src := &doc.Sections[i]
+		if err := loadConfSection(&out, src); err != nil {
+			return nil, err
+		}
+	}
+
+	return &out, nil
+}