riseup_vpn 0.1.0 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 061471e29bcb71a8ad7d20c0757f445ed026913613deb3a289bde237aa40022e
-  data.tar.gz: 7a780713819d589fdf07e4abd684c6b341e61e5d0ffdf6ccc331693f35cc5301
+  metadata.gz: 5749722468abc5f22914e79b50843c565be88d489d8fba1ef5cb9d26f30bdb52
+  data.tar.gz: 76f3542e75019a9dea6d319664a1bb1b5fe0f8c28b2e75939cc02e44418aeadd
 SHA512:
-  metadata.gz: ae6548f93e8f3734c6578a0f593b979384735e34d07e84d6ffc6bf71ec741440086e0a480b2e19c7939072ee0876a33bf53b33224c3283e15ca7d913c98bd8d1
-  data.tar.gz: 6e5c748da5d135578357540b95d0ea97fb8e92287408443dac4acd655da6a8cd8ecd7dcb8bec4cc0944ad419a9eb4770c76447590da7d2927fb8efcab1a62652
+  metadata.gz: f70b3352d7e5be2ba70e765dc346b8948e1819fe5b60195963651fe9ff8627f5171eee642dfd0a28ca83cc0c620b9451f4bf72c6d020da47c8a4eabf02e1254d
+  data.tar.gz: a2adafe678f656818a760dd453b2e599d7ecfc47c086b424fc88a57fa1bcfb47443398d29cc718af2bde226688e47b3afd9f4b8eb2b6bd686a43c478b2a7ed0f

data/CHANGELOG.md

@@ -1,5 +1,17 @@
 ## [Unreleased]
 
+## [1.0.0] - 2025-04-21
+
+### New features
+
+- upgrade TLS to 1.3, if supported by client
+
+### Breaking changes
+
+- Namespace changes: `RiseupVpn` -> `RiseupVPN`, `RiseupVpn::Api` -> `RiseupVPN::API` and `Generator` -> `Manager`
+- `#write_files` no longer takes an dir path arg
+- All errors subclass `RiseupVPN::Error`
+
 ## [0.1.0] - 2025-04-19
 
 - Initial release

data/README.md

@@ -3,12 +3,12 @@
 
 # RiseupVPN
 
-A tool to create .ovpn ([OpenVPN](https://openvpn.net)) client config files for use with [RiseupVPN](https://riseup.net/vpn). Such files can be imported using, for example, the Debian [openvpn NetworkManager plugin](https://packages.debian.org/search?keywords=network-manager-openvpn). You will then be able to route your network connection through any of Riseup's 20+ VPN gateways! Screenshot below shows Linux Mint's Network Manager panel applet with an active VPN connection to RiseupVPN's Seattle gateway.
-
-This project was inspired by [this](https://sizeof.cat/project/riseupvpn-to-openvpn) very excellent web tool.
+A tool to create .ovpn ([OpenVPN](https://openvpn.net)) client config files for use with [RiseupVPN](https://riseup.net/vpn). Such files can be imported using, for example, the Debian [openvpn NetworkManager plugin](https://packages.debian.org/search?keywords=network-manager-openvpn). You will then be able to route your network connection through any of Riseup's 20+ VPN gateways! The screenshot below shows Linux Mint's Network Manager panel applet with an active VPN connection to RiseupVPN's Seattle gateway.
 
 ![image info](assets/vpns.png)
 
+This project was inspired by [this](https://sizeof.cat/project/riseupvpn-to-openvpn) very excellent web tool.
+
 ## Installation
 
 Install the gem and add to the application's Gemfile by executing:
@@ -28,27 +28,29 @@ gem install riseup_vpn
 ```ruby
 require 'riseup_vpn'
 
-generator = RiseupVpn::Generator.new
-# => instance_of RiseupVpn::Generator
+manager = RiseupVPN::Manager.new # takes an optional positional arg for the dir path. Default is '~/.config/riseup_vpn'
+# => instance_of RiseupVPN::Manager
 
-generator.ovpns
+manager.ovpns
 # => {"vpn01-sea.riseup.net" => "client\ntls-client\ndev tun\nproto udp\nremote 204.13.164.252 1194 ...
 
-generator.ovpns.size
+manager.ovpns.size
 # => 21
 
-RiseupVpn::Generator::OPTS # returns a list of valid options which maybe passed at initialization.
-# => {proto: ["udp", "tcp"]} # e.g. RiseupVpn::Generator.new(proto: 'tcp') default is 'udp'
+RiseupVPN::Manager::OPTS # returns a list of valid options which maybe passed as an optional hash at initialization.
+# => {proto: ["udp", "tcp"]} defaults are the first values e.g. 'udp' for :proto
+# For example; RiseupVPN::Manager.new('/some/path', proto: 'tcp')
 
-generator.write_files '~/.config/riseup_vpn' # dir must exist
+manager.write_files # (over)writes the VPN client config files to the dir path
 ```
-The last command creates the following files in the chosen directory:
+The last command creates (or overwrites) the following files:
 - an .ovpn file for each VPN gateway
 - the Certificate Authority cert file (ca.crt)
 - the client private key file (client.key)
 - the client cert file (client.crt)
 
-Note: OpenVPN requires that cert & key files shared across .ovpn client config files are present in the same directory.
+Note: The last 2 expire after 30 days and therefore need to be updated regularly
+Also note: OpenVPN requires that cert & key files shared across .ovpn client config files are present in the same directory.
 
 ## \_why?
 

data/lib/riseup_vpn/api.rb

@@ -2,11 +2,9 @@
 
 require 'openssl'
 
-module RiseupVpn
+module RiseupVPN
   # parses ca.cert, client cert/key & gateways data from riseup.net API
-  module Api
-    class ApiError < StandardError; end
-
+  module API
     PROVIDER = 'https://riseup.net/provider.json' # entry point for API
     API_URI = 'https://api.black.riseup.net' # 443
     API_VERSION = '3'
@@ -35,15 +33,15 @@ module RiseupVpn
       def get(url)
         URI(url).read
       rescue NoMethodError, URI::Error
-        raise ApiError, "Bad URI: '#{url}'"
+        raise APIError, "Bad URI: '#{url}'"
       rescue OpenURI::HTTPError
-        raise ApiError, "Failed to get url: '#{url}'"
+        raise APIError, "Failed to get url: '#{url}'"
       end
 
       def get_json(url)
         JSON.parse get(url)
       rescue JSON::ParserError
-        raise ApiError, "Failed to parse JSON at: '#{url}'"
+        raise APIError, "Failed to parse JSON at: '#{url}'"
       end
     end
   end

data/lib/riseup_vpn/errors.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module RiseupVPN
+  class Error < StandardError; end
+
+  class APIError < Error; end
+end

data/lib/riseup_vpn/generator.rb

@@ -1,57 +1,38 @@
 # frozen_string_literal: true
 
-require 'openssl'
 require 'yaml'
 
 require_relative 'api'
+require_relative 'utils'
 
-module RiseupVpn
-  # create a .ovpn config file for a gateway
+module RiseupVPN
+  # queries API and builds ovpn config files, CA cert and client key & cert
   class Generator
+    include Utils
+
     TEMPLATE = YAML.load_file File.join(__dir__, 'template_ovpn.yml')
     OPTS = { proto: %w[udp tcp] }.freeze # default is 1st value
-    LINE_METHODS = %i[remote verify-x509-name].freeze
+    LINE_METHODS = %i[remote tls-version-min verify-x509-name].freeze
 
-    attr_reader :ovpns
+    attr_reader :ovpns, :ca_crt, :client_key, :client_crt
 
     def initialize(opts = {})
       @opts = validate_options opts.transform_keys!(&:to_sym)
-      @server_config = server_config
       @template = template
+      @server_config = server_config
       @ovpns = generate_ovpns # hash { gateway_name => string }
-    end
-
-    def write_files(dir)
-      dir = File.expand_path dir.to_s
-      write_ovpn_files dir
-      write_ca_file dir
-      write_client_key_and_crt_files dir
-    rescue Errno::ENOENT, Errno::EACCES
-      raise ArgumentError, "Dir #{dir} doesn't exist or isn't writable"
+      @ca_crt = API.ca_crt
+      @client_key, @client_crt = API.client_key_and_crt
     end
 
     private
 
-    def write_ovpn_files(dir)
-      ovpns.each { |k, v| File.write(File.join(dir, "#{k}.ovpn"), v) }
-    end
-
-    def write_ca_file(dir)
-      File.write File.join(dir, 'ca.crt'), Api.ca_crt.to_s.chomp
-    end
-
-    def write_client_key_and_crt_files(dir)
-      client_key, client_crt = Api.client_key_and_crt
-      File.write File.join(dir, 'client.key'), client_key.to_s.chomp
-      File.write File.join(dir, 'client.crt'), client_crt.to_s.chomp
-    end
-
     def gateways
-      Api.eip['gateways']
+      API.eip['gateways']
     end
 
     def server_config
-      Api.eip['openvpn_configuration'].transform_keys(&:to_sym)
+      API.eip['openvpn_configuration'].transform_keys(&:to_sym)
     end
 
     def validate_options(opts)
@@ -69,17 +50,16 @@ module RiseupVpn
     end
 
     def template
-      return TEMPLATE.except(*%i[up down]) if RiseupVpn.os == 'darwin'
-      return TEMPLATE if RiseupVpn.os == 'linux'
+      return TEMPLATE.except(*%i[up down]) if Utils.os == 'darwin'
 
-      raise RiseupVpnError, "Unsupported OS: '#{RiseupVpn.os}'"
+      TEMPLATE # assumed Linux, see Utils::SUPPORTED_PLATFORMS
     end
 
     def generate_line(key, val, gateway)
       return "#{key} #{val}" if val # hard coded key/value in template file
       return "#{key} #{@opts[key]}" if @opts[key]
-      return server_config_line(key) if @server_config[key]
       return send(regularize_method_name(key), gateway) if LINE_METHODS.include? key
+      return server_config_line(key) if @server_config[key]
 
       key # hard coded key only in template file
     end
@@ -98,6 +78,10 @@ module RiseupVpn
       "remote #{gateway['ip_address']} #{@opts[:proto] == 'udp' ? 1194 : 80}" # TODO: check port 80 in json
     end
 
+    def tls_version_min(_gateway)
+      "tls-version-min #{Utils.tls_version}"
+    end
+
     def verify_x509_name(gateway)
       "verify-x509-name #{name(gateway)} name"
     end

data/lib/riseup_vpn/manager.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+require_relative 'generator'
+
+module RiseupVPN
+  # manages config files
+  class Manager
+    DEFAULT_DIR = '~/.config/riseup_vpn'
+    OPTS = Generator::OPTS
+
+    def initialize(dir = DEFAULT_DIR, opts = {})
+      @dir = File.expand_path dir.to_s
+      @generator = Generator.new(opts)
+    end
+
+    def ovpns
+      @generator.ovpns
+    end
+
+    def write_files
+      write_ovpn_files
+      write_ca_crt
+      write_client_key
+      write_client_crt
+    rescue Errno::ENOENT, Errno::EACCES
+      raise ArgumentError, "Dir #{@dir} doesn't exist or isn't writable"
+    end
+
+    private
+
+    def write_ovpn_files
+      @generator.ovpns.each { |k, v| File.write(File.join(@dir, "#{k}.ovpn"), v) }
+    end
+
+    def write_ca_crt
+      File.write File.join(@dir, 'ca.crt'), @generator.ca_crt.to_s.chomp
+    end
+
+    def write_client_key
+      File.write File.join(@dir, 'client.key'), @generator.client_key.to_s.chomp
+    end
+
+    def write_client_crt
+      File.write File.join(@dir, 'client.crt'), @generator.client_crt.to_s.chomp
+    end
+  end
+end

data/lib/riseup_vpn/utils.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require 'openssl'
+
+module RiseupVPN
+  # utilties for internal use
+  module Utils
+    SUPPORTED_PLATFORMS = %w[darwin linux].freeze
+
+    def self.os
+      os = Gem::Platform.local.os
+      return os if SUPPORTED_PLATFORMS.include? os
+
+      raise Error, "Unsupported OS: '#{os}'"
+    end
+
+    def self.tls_version
+      "1.#{OpenSSL::VERSION.to_i}".to_f
+    end
+  end
+end

data/lib/riseup_vpn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
-module RiseupVpn
-  VERSION = '0.1.0'
+module RiseupVPN
+  VERSION = '1.0.0'
 end

data/lib/riseup_vpn.rb

@@ -3,11 +3,12 @@
 require 'json'
 require 'open-uri'
 
-# namespace
-module RiseupVpn
-  class RiseupVpnError < StandardError; end
+require_relative 'riseup_vpn/api'
+require_relative 'riseup_vpn/errors'
+require_relative 'riseup_vpn/generator'
+require_relative 'riseup_vpn/manager'
+require_relative 'riseup_vpn/version'
 
-  def self.os
-    @os ||= Gem::Platform.local.os
-  end
+# namespace
+module RiseupVPN
 end

data/sig/riseup_vpn.rbs

@@ -1,4 +1,4 @@
-module RiseupVpn
+module RiseupVPN
   VERSION: String
   # See the writing guide of rbs: https://github.com/ruby/rbs#guides
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: riseup_vpn
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 1.0.0
 platform: ruby
 authors:
 - MatzFan
@@ -23,8 +23,11 @@ files:
 - assets/vpns.png
 - lib/riseup_vpn.rb
 - lib/riseup_vpn/api.rb
+- lib/riseup_vpn/errors.rb
 - lib/riseup_vpn/generator.rb
+- lib/riseup_vpn/manager.rb
 - lib/riseup_vpn/template_ovpn.yml
+- lib/riseup_vpn/utils.rb
 - lib/riseup_vpn/version.rb
 - sig/riseup_vpn.rbs
 - tmp/.placeholder
@@ -50,7 +53,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.7
+rubygems_version: 3.7.0.dev
 specification_version: 4
 summary: RiseupVPN configuration
 test_files: []