sparoid 1.1.0 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 71f77a00597cb908e5b898603a34ed4e9111fd7fdcd255def5ea1633089c6041
-  data.tar.gz: d4ba950c8fa66e6083e7bf43431618023aa8b163c1d12f6170835532c719ee03
+  metadata.gz: 7838b331849e520e484b7c061e7f0b176b5e21127f4e56cb5b82226fea8724ee
+  data.tar.gz: 530254c56b3311043f4264243d358c736e7c3253e29c0d8c1a89dd1d5473bb43
 SHA512:
-  metadata.gz: 3f50ca4d5ebf7c68badec3afe5f49ea3c7d23eaa932448f2f3534fd6dc594b8bcecc8ad7c9e5f4e0b4453538fdbf45884ba6c3a5ab3c645eb6feb4ed5eabbff2
-  data.tar.gz: 77c377f37dfa0dc257af730d25fb7600cb4cc6fe45e1e809e455c55c3fce5bce429abbbc82080cafa1a1f7fbb6dfcfe4fb5dede8d0eea2e904ee023403197d1b
+  metadata.gz: '085c9e8b9fc3684f79501c146320dc332e4d0303e68a7e359ff38d30bfd32e87dd8826cf7e9c82259df50214738be52fc5862b4e5adc6bade33aee3ed0f9d224'
+  data.tar.gz: b931da160e4bf5603b147b695ac1e4858a059652d93732ba629f6ee334275e51e77208d72dbf165ad397f15da3f590571cdd383fc56c96daec67b0f6e7e84d28

data/.github/workflows/main.yml

@@ -1,18 +1,22 @@
 name: Ruby
 
-on: [push,pull_request]
+on:
+  push:
+    branches:
+      - main
+  pull_request:
 
 jobs:
   build:
     strategy:
       fail-fast: false
       matrix:
-        ruby: [ 2.7, '3.0', 3.1, ruby-head ]
+        ruby: [ 3.2, 3.3, 3.4, 4.0, ruby-head ]
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - uses: ruby/setup-ruby@v1
       with:
         ruby-version: ${{ matrix.ruby }}
-    - run: bundle install
+        bundler-cache: true
     - run: bundle exec rake

data/.rubocop.yml

@@ -1,5 +1,5 @@
 AllCops:
-  TargetRubyVersion: 2.5
+  TargetRubyVersion: 3.2
   NewCops: enable
   SuggestExtensions: false
 
@@ -13,3 +13,6 @@ Style/StringLiteralsInInterpolation:
 
 Layout/LineLength:
   Max: 120
+
+Metrics/MethodLength:
+  Enabled: false

data/CHANGELOG.md

@@ -1,3 +1,12 @@
+## [2.0.0] - 2026-02-19
+
+- Add IPv6 support
+- Add Timeout.timeout safety net around Socket.tcp for Ruby 3.3+ Happy Eyeballs v2 compatibility
+
+## [1.2.0] - 2024-07-24
+
+- Lookup public IP using http://checkip.amazonaws.com, as it's more reliable for IPv6 connections than the DNS method
+
 ## [1.1.0] - 2023-03-03
 
 - Allow override of public ip, open for someone else by passing `:open_for_ip` to `Sparoid.auth(..., open_for_ip:)` (#11)

data/CODEOWNERS

@@ -0,0 +1 @@
+* @84codes/server

data/lib/sparoid/cli.rb

@@ -15,6 +15,7 @@ module Sparoid
     rescue Errno::ENOENT
       abort "Sparoid: Config not found"
     rescue StandardError => e
+      pp e.backtrace
       abort "Sparoid: #{e.message} (#{host})"
     end
 

data/lib/sparoid/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Sparoid
-  VERSION = "1.1.0"
+  VERSION = "2.0.0"
 end

data/lib/sparoid.rb

@@ -4,6 +4,7 @@ require_relative "sparoid/version"
 require "socket"
 require "openssl"
 require "resolv"
+require "timeout"
 
 # Single Packet Authorisation client
 module Sparoid # rubocop:disable Metrics/ModuleLength
@@ -11,20 +12,28 @@ module Sparoid # rubocop:disable Metrics/ModuleLength
 
   SPAROID_CACHE_PATH = ENV.fetch("SPAROID_CACHE_PATH", "/tmp/.sparoid_public_ip")
 
+  URLS = [
+    "ipv6.icanhazip.com",
+    "ipv4.icanhazip.com"
+  ].freeze
+
   # Send an authorization packet
-  def auth(key, hmac_key, host, port, open_for_ip: cached_public_ip)
+  def auth(key, hmac_key, host, port, open_for_ip: nil)
     addrs = resolve_ip_addresses(host, port)
-    ip = Resolv::IPv4.create(open_for_ip)
-    msg = message(ip)
-    data = prefix_hmac(hmac_key, encrypt(key, msg))
-    sendmsg(addrs, data)
+    addrs.each do |addr|
+      messages = generate_messages(open_for_ip)
+      data = messages.map do |message|
+        prefix_hmac(hmac_key, encrypt(key, message))
+      end
+      sendmsg(addr, data)
+    end
 
     # wait some time for the server to actually open the port
     # if we don't wait the next SYN package will be dropped
     # and it have to be redelivered, adding 1 second delay
     sleep 0.02
 
-    addrs.map(&:ip_address) # return resolved IP(s)
+    addrs
   end
 
   # Generate new aes and hmac keys, print to stdout
@@ -37,11 +46,11 @@ module Sparoid # rubocop:disable Metrics/ModuleLength
   end
 
   # Connect to a TCP server and pass the FD to the parent
-  def fdpass(ips, port, connect_timeout: 10) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+  def fdpass(addrs, port, connect_timeout: 10) # rubocop:disable Metrics/AbcSize
     # try connect to all IPs
-    sockets = ips.map do |ip|
-      Socket.new(Socket::AF_INET, Socket::SOCK_STREAM).tap do |s|
-        s.connect_nonblock(Socket.sockaddr_in(port, ip), exception: false)
+    sockets = addrs.map do |addr|
+      Socket.new(addr.afamily, Socket::SOCK_STREAM).tap do |s|
+        s.connect_nonblock(Socket.sockaddr_in(port, addr.ip_address), exception: false)
       end
     end
     # wait for any socket to be connected
@@ -51,9 +60,9 @@ module Sparoid # rubocop:disable Metrics/ModuleLength
       writeable.each do |s|
         idx = sockets.index(s)
         sockets.delete_at(idx) # don't retry this socket again
-        ip = ips.delete_at(idx) # find the IP for the socket
+        addr = addrs.delete_at(idx) # find the IP for the socket
         begin
-          s.connect_nonblock(Socket.sockaddr_in(port, ip)) # check for errors
+          s.connect_nonblock(Socket.sockaddr_in(port, addr.ip_address)) # check for errors
         rescue Errno::EISCONN
           # already connected, continue
         rescue SystemCallError
@@ -69,11 +78,49 @@ module Sparoid # rubocop:disable Metrics/ModuleLength
 
   private
 
-  def sendmsg(addrs, data)
-    socket = UDPSocket.new
+  def generate_messages(ip)
+    messages = if ip
+                 create_messages(string_to_ip(ip))
+               else
+                 generate_public_ip_messages
+               end
+
+    messages.flatten.sort_by!(&:bytesize)
+  end
+
+  def generate_public_ip_messages
+    messages = []
+    ipv6_native = false
+    public_ipv6_with_range.each do |addr, prefixlen|
+      ipv6 = Resolv::IPv6.create(addr)
+      messages << message_v2(ipv6, prefixlen)
+      ipv6_native = true
+    end
+
+    cached_public_ips.each do |ip|
+      next if ip.is_a?(Resolv::IPv6) && ipv6_native
+
+      messages << create_messages(ip)
+    end
+    messages
+  end
+
+  def create_messages(ip)
+    case ip
+    when Resolv::IPv4
+      [message(ip), message_v2(ip, 32)]
+    when Resolv::IPv6
+      [message_v2(ip, 128)]
+    else
+      raise ArgumentError, "Unsupported IP type #{ip.class}"
+    end
+  end
+
+  def sendmsg(addr, data)
+    socket = UDPSocket.new(addr.afamily)
     socket.nonblock = false
-    addrs.each do |addr|
-      socket.sendmsg data, 0, addr
+    data.each do |packet|
+      socket.sendmsg packet, 0, addr
     rescue StandardError => e
       warn "Sparoid error: #{e.message}"
     end
@@ -110,7 +157,22 @@ module Sparoid # rubocop:disable Metrics/ModuleLength
     [version, ts, nounce, ip.address].pack("N q> a16 a4")
   end
 
-  def cached_public_ip
+  # Message format can be found the server repository:
+  # https://github.com/84codes/sparoid/blob/main/src/message.cr
+  def message_v2(ip, range = nil)
+    version = 2
+    ts = (Time.now.utc.to_f * 1000).floor
+    nounce = OpenSSL::Random.random_bytes(16)
+    family = case ip
+             when Resolv::IPv4 then 4
+             when Resolv::IPv6 then 6
+             else raise ArgumentError, "Unsupported IP type #{ip.class}"
+             end
+    range ||= (family == 4 ? 32 : 128)
+    [version, ts, nounce, family, ip.address, range].pack("N q> a16 C a* C")
+  end
+
+  def cached_public_ips
     if up_to_date_cache?
       read_cache
     else
@@ -118,7 +180,7 @@ module Sparoid # rubocop:disable Metrics/ModuleLength
     end
   rescue StandardError => e
     warn "Sparoid: #{e.inspect}"
-    public_ip
+    public_ips
   end
 
   def up_to_date_cache?
@@ -131,7 +193,9 @@ module Sparoid # rubocop:disable Metrics/ModuleLength
   def read_cache
     File.open(SPAROID_CACHE_PATH, "r") do |f|
       f.flock(File::LOCK_SH)
-      Resolv::IPv4.create f.read
+      f.readlines(chomp: true).map do |line|
+        string_to_ip(line)
+      end
     end
   rescue ArgumentError => e
     return write_cache if /cannot interpret as IPv4 address/.match?(e.message)
@@ -142,44 +206,95 @@ module Sparoid # rubocop:disable Metrics/ModuleLength
   def write_cache
     File.open(SPAROID_CACHE_PATH, File::WRONLY | File::CREAT, 0o0644) do |f|
       f.flock(File::LOCK_EX)
-      ip = public_ip
+      ips = public_ips
+      warn "Sparoid: Failed to retrieve public IPs" if ips.empty?
       f.truncate(0)
-      f.write ip.to_s
-      ip
+      f.rewind
+      ips.each do |ip|
+        f.puts ip.to_s
+      end
+      ips
     end
   end
 
-  def public_ip
-    Resolv::DNS.open(nameserver: ["208.67.222.222", "208.67.220.220"]) do |dns|
-      dns.getresource("myip.opendns.com", Resolv::DNS::Resource::IN::A).address
+  def public_ips(port = 80) # rubocop:disable Metrics/AbcSize
+    URLS.map do |host|
+      Timeout.timeout(5) do
+        Socket.tcp(host, port, connect_timeout: 3, resolv_timeout: 3) do |sock|
+          sock.sync = true
+          sock.print "GET / HTTP/1.1\r\nHost: #{host}\r\nConnection: close\r\n\r\n"
+          status = sock.readline(chomp: true)
+          raise(ResolvError, "#{host}:#{port} response: #{status}") unless status.start_with? "HTTP/1.1 200 "
+
+          content_length = 0
+          until (header = sock.readline(chomp: true)).empty?
+            if (m = header.match(/^Content-Length: (\d+)/))
+              content_length = m[1].to_i
+            end
+          end
+          ip = sock.read(content_length).chomp
+          string_to_ip(ip)
+        end
+      end
+    rescue StandardError
+      nil
+    end.compact
+  end
+
+  def string_to_ip(ip)
+    case ip
+    when Resolv::IPv4::Regex
+      Resolv::IPv4.create(ip)
+    when Resolv::IPv6::Regex
+      Resolv::IPv6.create(ip)
+    else
+      raise ArgumentError, "Unsupported IP format #{ip}"
     end
   end
 
   def resolve_ip_addresses(host, port)
-    addresses = Addrinfo.getaddrinfo(host, port, :INET, :DGRAM)
+    addresses = Addrinfo.getaddrinfo(host, port)
     raise(ResolvError, "Sparoid failed to resolv #{host}") if addresses.empty?
 
-    addresses
+    addresses.select { |addr| addr.socktype == Socket::SOCK_DGRAM }
   rescue SocketError
     raise(ResolvError, "Sparoid failed to resolv #{host}")
   end
 
+  def public_ipv6_with_range
+    global_ipv6_ifs = Socket.getifaddrs.select do |addr|
+      addrinfo = addr.addr
+      addrinfo&.ipv6? && global_ipv6?(addrinfo)
+    end
+
+    global_ipv6_ifs.map do |iface|
+      addrinfo = iface.addr
+      netmask_addr = IPAddr.new(iface.netmask.ip_address)
+      prefixlen = netmask_addr.to_i.to_s(2).count("1")
+      next addrinfo.ip_address, prefixlen
+    end
+  end
+
+  def global_ipv6?(addrinfo)
+    !(addrinfo.ipv6_mc_global? || addrinfo.ipv6_loopback? || addrinfo.ipv6_v4mapped? ||
+      addrinfo.ipv6_linklocal? || addrinfo.ipv6_multicast? || addrinfo.ipv6_sitelocal? ||
+      addrinfo.ip_address.start_with?("fd00"))
+  end
+
   class Error < StandardError; end
 
   class ResolvError < Error; end
 
-  # Instance of SPAroid that only resolved public_ip once
+  # Instance of SPAroid that only resolved public_ips once
   class Instance
     include Sparoid
 
-    private
-
-    def public_ip
-      @public_ip ||= super
+    def public_ips(*args)
+      @public_ips ||= super
     end
 
-    def cached_public_ip
-      public_ip
+    def cached_public_ips
+      public_ips
     end
   end
 end

data/sparoid.gemspec

@@ -11,7 +11,7 @@ Gem::Specification.new do |spec|
   spec.summary       = "Single Packet Authorisation client"
   spec.homepage      = "https://github.com/84codes/sparoid.rb"
   spec.license       = "MIT"
-  spec.required_ruby_version = Gem::Requirement.new(">= 2.5.0")
+  spec.required_ruby_version = Gem::Requirement.new(">= 3.2.0")
 
   spec.metadata["homepage_uri"] = spec.homepage
   spec.metadata["source_code_uri"] = spec.homepage

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: sparoid
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 2.0.0
 platform: ruby
 authors:
 - Carl Hörberg
-autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-03-03 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -24,7 +23,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description:
 email:
 - carl@84codes.com
 executables:
@@ -36,6 +34,7 @@ files:
 - ".gitignore"
 - ".rubocop.yml"
 - CHANGELOG.md
+- CODEOWNERS
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -55,7 +54,6 @@ metadata:
   source_code_uri: https://github.com/84codes/sparoid.rb
   changelog_uri: https://raw.githubusercontent.com/84codes/sparoid.rb/main/CHANGELOG.md
   rubygems_mfa_required: 'true'
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -63,15 +61,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.5.0
+      version: 3.2.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.5
-signing_key:
+rubygems_version: 3.6.9
 specification_version: 4
 summary: Single Packet Authorisation client
 test_files: []