Surfshark (#167)

internal/surfshark/conf.go

@@ -0,0 +1,115 @@
+package surfshark
+
+import (
+	"fmt"
+	"net"
+	"strings"
+
+	"github.com/qdm12/golibs/files"
+	"github.com/qdm12/private-internet-access-docker/internal/constants"
+	"github.com/qdm12/private-internet-access-docker/internal/models"
+)
+
+func (c *configurator) GetOpenVPNConnections(region models.SurfsharkRegion, protocol models.NetworkProtocol, targetIP net.IP) (connections []models.OpenVPNConnection, err error) {
+	var IPs []net.IP
+	for _, server := range constants.SurfsharkServers() {
+		if strings.EqualFold(string(server.Region), string(region)) {
+			IPs = server.IPs
+		}
+	}
+	if len(IPs) == 0 {
+		return nil, fmt.Errorf("no IP found for region %q", region)
+	}
+	if targetIP != nil {
+		found := false
+		for i := range IPs {
+			if IPs[i].Equal(targetIP) {
+				found = true
+				break
+			}
+		}
+		if !found {
+			return nil, fmt.Errorf("target IP address %q not found in IP addresses", targetIP)
+		}
+		IPs = []net.IP{targetIP}
+	}
+	var port uint16
+	switch {
+	case protocol == constants.TCP:
+		port = 1443
+	case protocol == constants.UDP:
+		port = 1194
+	default:
+		return nil, fmt.Errorf("protocol %q is unknown", protocol)
+	}
+	for _, IP := range IPs {
+		connections = append(connections, models.OpenVPNConnection{IP: IP, Port: port, Protocol: protocol})
+	}
+	return connections, nil
+}
+
+func (c *configurator) BuildConf(connections []models.OpenVPNConnection, verbosity, uid, gid int, root bool, cipher, auth string) (err error) {
+	if len(cipher) == 0 {
+		cipher = "AES-256-CBC"
+	}
+	if len(auth) == 0 {
+		auth = "SHA512"
+	}
+	lines := []string{
+		"client",
+		"dev tun",
+		"nobind",
+		"persist-key",
+		"persist-tun",
+		"remote-cert-tls server",
+
+		// Surfshark specific
+		"resolv-retry infinite",
+		"tun-mtu 1500",
+		"tun-mtu-extra 32",
+		"mssfix 1450",
+		"ping 15",
+		"ping-restart 0",
+		"ping-timer-rem",
+		"reneg-sec 0",
+		"fast-io",
+		"key-direction 1",
+
+		// Added constant values
+		"auth-nocache",
+		"mute-replay-warnings",
+		"pull-filter ignore \"auth-token\"", // prevent auth failed loops
+		"auth-retry nointeract",
+		"remote-random",
+		"suppress-timestamps",
+
+		// Modified variables
+		fmt.Sprintf("verb %d", verbosity),
+		fmt.Sprintf("auth-user-pass %s", constants.OpenVPNAuthConf),
+		fmt.Sprintf("proto %s", string(connections[0].Protocol)),
+		fmt.Sprintf("cipher %s", cipher),
+		fmt.Sprintf("auth %s", auth),
+	}
+	if !root {
+		lines = append(lines, "user nonrootuser")
+	}
+	for _, connection := range connections {
+		lines = append(lines, fmt.Sprintf("remote %s %d", connection.IP.String(), connection.Port))
+	}
+	lines = append(lines, []string{
+		"<ca>",
+		"-----BEGIN CERTIFICATE-----",
+		constants.SurfsharkCertificate,
+		"-----END CERTIFICATE-----",
+		"</ca>",
+	}...)
+	lines = append(lines, []string{
+		"<tls-auth>",
+		"-----BEGIN OpenVPN Static key V1-----",
+		constants.SurfsharkOpenvpnStaticKeyV1,
+		"-----END OpenVPN Static key V1-----",
+		"</tls-auth>",
+		"",
+	}...)
+	return c.fileManager.WriteLinesToFile(string(constants.OpenVPNConf), lines, files.Ownership(uid, gid), files.Permissions(0400))
+}

internal/surfshark/surfshark.go

@@ -0,0 +1,24 @@
+package surfshark
+
+import (
+	"net"
+
+	"github.com/qdm12/golibs/files"
+	"github.com/qdm12/private-internet-access-docker/internal/models"
+)
+
+// Configurator contains methods to read and modify the openvpn configuration to connect as a client
+type Configurator interface {
+	GetOpenVPNConnections(region models.SurfsharkRegion, protocol models.NetworkProtocol, targetIP net.IP) (connections []models.OpenVPNConnection, err error)
+	BuildConf(connections []models.OpenVPNConnection, verbosity, uid, gid int, root bool, cipher, auth string) (err error)
+}
+
+type configurator struct {
+	fileManager files.FileManager
+	lookupIP    func(host string) ([]net.IP, error)
+}
+
+// NewConfigurator returns a new Configurator object
+func NewConfigurator(fileManager files.FileManager) Configurator {
+	return &configurator{fileManager, net.LookupIP}
+}