Merge pull request #26 from Amnesic-Systems/various-improvements

Make various improvements.

cmd/veil/main.go

@@ -22,8 +22,8 @@ import (
 )
 
 const (
-	defaultExtPort = "8443"
-	defaultIntPort = "8080"
+	defaultExtPort = 8443
+	defaultIntPort = 8080
 )
 
 func parseFlags(out io.Writer, args []string) (*config.Config, error) {
@@ -32,15 +32,20 @@ func parseFlags(out io.Writer, args []string) (*config.Config, error) {
 
 	appWebSrv := fs.String(
 		"app-web-srv",
-		"localhost:8082",
+		"localhost:8081",
 		"application web server",
 	)
 	debug := fs.Bool(
 		"debug",
 		false,
 		"enable debug logging",
 	)
-	extPort := fs.String(
+	enclaveCodeURI := fs.String(
+		"enclave-code-uri",
+		"",
+		"the enclave application's source code",
+	)
+	extPort := fs.Int(
 		"ext-pub-port",
 		defaultExtPort,
 		"external public port",
@@ -50,30 +55,25 @@ func parseFlags(out io.Writer, args []string) (*config.Config, error) {
 		"",
 		"the enclave's fully qualified domain name",
 	)
-	intPort := fs.String(
+	intPort := fs.Int(
 		"int-port",
 		defaultIntPort,
 		"internal port",
 	)
-	enclaveCodeURI := fs.String(
-		"enclave-code-uri",
-		"",
-		"the enclave application's source code",
-	)
-	waitForApp := fs.Bool(
-		"wait-for-app",
-		false,
-		"wait for the application to signal readiness",
+	resolver := fs.String(
+		"resolver",
+		"1.1.1.1",
+		"the DNS resolver used by veil",
 	)
-	enableTesting := fs.Bool(
+	testing := fs.Bool(
 		"insecure",
 		false,
 		"enable testing by disabling attestation",
 	)
-	resolver := fs.String(
-		"resolver",
-		"1.1.1.1",
-		"the DNS resolver used by veil",
+	waitForApp := fs.Bool(
+		"wait-for-app",
+		false,
+		"wait for the application to signal readiness",
 	)
 
 	if err := fs.Parse(args); err != nil {
@@ -85,12 +85,12 @@ func parseFlags(out io.Writer, args []string) (*config.Config, error) {
 	return &config.Config{
 		AppWebSrv:      util.Must(url.Parse(*appWebSrv)),
 		Debug:          *debug,
+		EnclaveCodeURI: *enclaveCodeURI,
 		ExtPort:        *extPort,
 		FQDN:           *fqdn,
 		IntPort:        *intPort,
-		EnclaveCodeURI: *enclaveCodeURI,
 		Resolver:       *resolver,
-		Testing:        *enableTesting,
+		Testing:        *testing,
 		WaitForApp:     *waitForApp,
 	}, nil
 }
@@ -132,8 +132,7 @@ func run(ctx context.Context, out io.Writer, args []string) (err error) {
 }
 
 func main() {
-	ctx := context.Background()
-	if err := run(ctx, os.Stdout, os.Args[1:]); err != nil {
+	if err := run(context.Background(), os.Stdout, os.Args[1:]); err != nil {
 		log.Fatalf("Failed to run veil: %v", err)
 	}
 }

cmd/veil/main_test.go

@@ -98,11 +98,11 @@ func stopSvc(stop func()) {
 }
 
 func intSrv(path string) string {
-	return fmt.Sprintf("http://127.0.0.1:%s%s", defaultIntPort, path)
+	return fmt.Sprintf("http://127.0.0.1:%d%s", defaultIntPort, path)
 }
 
 func extSrv(path string) string {
-	return fmt.Sprintf("https://127.0.0.1:%s%s", defaultExtPort, path)
+	return fmt.Sprintf("https://127.0.0.1:%d%s", defaultExtPort, path)
 }
 
 func errFromBody(t *testing.T, resp *http.Response) string {

internal/config/config.go

@@ -3,7 +3,6 @@ package config
 import (
 	"context"
 	"net/url"
-	"strconv"
 
 	"github.com/Amnesic-Systems/veil/internal/util"
 )
@@ -31,11 +30,17 @@ type Config struct {
 	// nitro-cli's "--debug-mode" flag.
 	Debug bool
 
+	// EnclaveCodeURI contains the URI of the software repository that's running
+	// inside the enclave, e.g., "https://github.com/foo/bar".  The URL is shown
+	// on the enclave's index page, as part of instructions on how to do remote
+	// attestation.
+	EnclaveCodeURI string
+
 	// ExtPort contains the TCP port that the public Web server should
 	// listen on, e.g. 443.  This port is not *directly* reachable by the
 	// Internet but the EC2 host's proxy *does* forward Internet traffic to
 	// this port.  This field is required.
-	ExtPort string
+	ExtPort int
 
 	// FQDN contains the fully qualified domain name that's set in the HTTPS
 	// certificate of the enclave's Web server, e.g. "example.com".  This field
@@ -45,13 +50,7 @@ type Config struct {
 	// IntPort contains the TCP port that the internal Web server should listen
 	// on, e.g., 8080.  This port is only reachable from within the enclave and
 	// is only used by the enclave application.  This field is required.
-	IntPort string
-
-	// EnclaveCodeURI contains the URI of the software repository that's running
-	// inside the enclave, e.g., "https://github.com/foo/bar".  The URL is shown
-	// on the enclave's index page, as part of instructions on how to do remote
-	// attestation.
-	EnclaveCodeURI string
+	IntPort int
 
 	// Resolver contains the IP address of the DNS resolver that the enclave
 	// should use, e.g., 1.1.1.1.
@@ -72,15 +71,8 @@ type Config struct {
 	WaitForApp bool
 }
 
-func isValidPort(port string) bool {
-	num, err := strconv.Atoi(port)
-	if err != nil {
-		return false
-	}
-	if num < 1 || num > 65535 {
-		return false
-	}
-	return true
+func isValidPort(port int) bool {
+	return port > 0 && port < 65536
 }
 
 func (c *Config) Validate(_ context.Context) map[string]string {

internal/config/config_test.go

@@ -16,15 +16,15 @@ func TestConfig(t *testing.T) {
 	}{
 		{
 			name: "valid config",
-			cfg:  &Config{ExtPort: "8443", IntPort: "8080"},
+			cfg:  &Config{ExtPort: 8443, IntPort: 8080},
 		},
 		{
 			name: "still valid config",
-			cfg:  &Config{ExtPort: "1", IntPort: "65535"},
+			cfg:  &Config{ExtPort: 1, IntPort: 65535},
 		},
 		{
 			name:     "invalid ports",
-			cfg:      &Config{ExtPort: "0", IntPort: "foo"},
+			cfg:      &Config{ExtPort: 0, IntPort: 65536},
 			wantErrs: 2,
 		},
 	}

internal/service/service.go

@@ -5,6 +5,7 @@ import (
 	"crypto/sha256"
 	"crypto/tls"
 	"errors"
+	"fmt"
 	"io/fs"
 	"log"
 	"net"
@@ -152,7 +153,7 @@ func newIntSrv(
 	addInternalRoutes(r, config, hashes, appReady)
 
 	return &http.Server{
-		Addr:    net.JoinHostPort("127.0.0.1", config.IntPort),
+		Addr:    net.JoinHostPort("127.0.0.1", fmt.Sprintf("%d", config.IntPort)),
 		Handler: http.Handler(r),
 	}
 }
@@ -165,7 +166,7 @@ func newExtSrv(
 	addExternalPublicRoutes(r, config, builder)
 
 	return &http.Server{
-		Addr:    net.JoinHostPort("0.0.0.0", config.ExtPort),
+		Addr:    net.JoinHostPort("0.0.0.0", fmt.Sprintf("%d", config.ExtPort)),
 		Handler: http.Handler(r),
 	}
 }