sparoid 1.2.0 → 2.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c24825e92fdb072067eb45465af26badb031dae413445c2acb4ec979bfe4afaf
-  data.tar.gz: e77fe5c9f7ad1c014534a51420bd9d1144f8f5fadbbcc1f28fcc8d4c0d52cf2c
+  metadata.gz: df9de779b1b4fcfd29f3f0ad3ad986001ecc39b61fbe3aeff36c9b3cb5409327
+  data.tar.gz: 56789005516d3c0c2e3b4799f1cf3d6c9873465ff3516b27edee0649b2f5d373
 SHA512:
-  metadata.gz: 8ded4f653d9e8526b3dc4cfe6391deb2df878dd004f7e5c7c694514f251efc865e992f6a0779fa50be7cfeeb88d92b82a982f3de98a89e020e8062b7fcd8b77a
-  data.tar.gz: eb545dc80266d74df92a228b09266f33edf0a9612715196d82282a6bb506ece3bf62cb361a0523516a5e7d1af9e989c1ee606e3212d7471c0b8f9daea318571e
+  metadata.gz: ce6cca5c5219a9f7f99fb6fa34b16efee1d60acae4e5f6bf639524e8ebfd5d4cc805953e9df48656aae11211b25aa824b28751478691a8a293ad3704bd464416
+  data.tar.gz: bc288e38f49a5c54f10f338d943169dd662932f516fbdccc6c7d5dc75857da7e0c73dbf2dcb3e5082ee7e769f70552deb12f23a11f8f5cca7f993cc4d6104ad0

data/.github/workflows/main.yml

@@ -11,7 +11,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        ruby: [ 2.7, 3.1, 3.2, 3.3, ruby-head ]
+        ruby: [ 3.2, 3.3, 3.4, 4.0, ruby-head ]
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4

data/.rubocop.yml

@@ -1,5 +1,5 @@
 AllCops:
-  TargetRubyVersion: 2.5
+  TargetRubyVersion: 3.2
   NewCops: enable
   SuggestExtensions: false
 
@@ -13,3 +13,6 @@ Style/StringLiteralsInInterpolation:
 
 Layout/LineLength:
   Max: 120
+
+Metrics/MethodLength:
+  Enabled: false

data/CHANGELOG.md

@@ -1,3 +1,14 @@
+## [2.1.0] - 2026-03-10
+
+- Aligning CLI with Crystal client interface (`send`/`connect` subcommands with flags)
+- Detect public IPv6 via UDP socket probe instead of interface enumeration
+- Remove v2 message format, only send v1 (with IPv4 or IPv6 address)
+
+## [2.0.0] - 2026-02-19
+
+- Add IPv6 support
+- Add Timeout.timeout safety net around Socket.tcp for Ruby 3.3+ Happy Eyeballs v2 compatibility
+
 ## [1.2.0] - 2024-07-24
 
 - Lookup public IP using http://checkip.amazonaws.com, as it's more reliable for IPv6 connections than the DNS method

data/exe/sparoid

@@ -1,9 +1,5 @@
 #!/usr/bin/env ruby
 # frozen_string_literal: true
 
-begin
-  require_relative "../lib/sparoid/cli"
-  Sparoid::CLI.start
-rescue Interrupt
-  exit 1
-end
+require_relative "../lib/sparoid/cli"
+Sparoid::CLI.run

data/lib/sparoid/cli.rb

@@ -1,55 +1,66 @@
 # frozen_string_literal: true
 
-require "thor"
+require "optparse"
 require_relative "../sparoid"
 
 module Sparoid
   # CLI
-  class CLI < Thor
-    map "-v" => :version
+  module CLI
+    def self.run(args = ARGV) # rubocop:disable Metrics/AbcSize
+      subcommand = args.shift
+      host = "0.0.0.0"
+      port = 8484
+      tcp_port = 22
+      config_path = "~/.sparoid.ini"
 
-    desc "auth HOST [PORT]", "Send a authorization packet"
-    method_option :config, desc: "Path to a config file, INI format, with key and hmac-key", default: "~/.sparoid.ini"
-    def auth(host, port = 8484)
-      send_auth(host, port, options[:config])
-    rescue Errno::ENOENT
-      abort "Sparoid: Config not found"
-    rescue StandardError => e
-      abort "Sparoid: #{e.message} (#{host})"
-    end
-
-    desc "connect HOST PORT [SPA-PORT]", "Send a SPA, TCP connect, and then pass the FD back to the parent"
-    method_option :config, desc: "Path to a config file, INI format, with key and hmac-key", default: "~/.sparoid.ini"
-    def connect(host, port, spa_port = 8484)
-      ips = send_auth(host, spa_port, options[:config])
-      Sparoid.fdpass(ips, port)
+      case subcommand
+      when "keygen"
+        Sparoid.keygen
+      when "send"
+        parse_send_options!(args, binding)
+        key, hmac_key = read_keys(config_path)
+        Sparoid.auth(key, hmac_key, host, port)
+      when "connect"
+        parse_connect_options!(args, binding)
+        key, hmac_key = read_keys(config_path)
+        ips = Sparoid.auth(key, hmac_key, host, port)
+        Sparoid.fdpass(ips, tcp_port)
+      when "--version"
+        puts Sparoid::VERSION
+      else
+        puts "Usage: sparoid [subcommand] [options]"
+        puts ""
+        puts "Subcommands: keygen, send, connect"
+        puts "Use --version to show version"
+        exit 1
+      end
     rescue StandardError => e
-      abort "Sparoid: #{e.message} (#{host})"
+      warn "Sparoid error: #{e.message}"
+      exit 1
     end
 
-    desc "keygen", "Generate an encryption key and a HMAC key"
-    def keygen
-      Sparoid.keygen
+    def self.parse_send_options!(args, ctx, banner: "send")
+      OptionParser.new do |p|
+        p.banner = "Usage: sparoid #{banner} [options]"
+        p.on("-h HOST", "--host=HOST", "Host to send to") { |v| ctx.local_variable_set(:host, v) }
+        p.on("-p PORT", "--port=PORT", "UDP port (default: 8484)") { |v| ctx.local_variable_set(:port, v.to_i) }
+        p.on("-c PATH", "--config=PATH", "Path to config file") { |v| ctx.local_variable_set(:config_path, v) }
+        yield p if block_given?
+      end.parse!(args)
     end
 
-    desc "version", "Show version and exit"
-    def version
-      puts "#{Sparoid::VERSION} (ruby)"
+    def self.parse_connect_options!(args, ctx)
+      parse_send_options!(args, ctx, banner: "connect") do |p|
+        p.on("-P PORT", "--tcp-port=PORT", "TCP port (default: 22)") { |v| ctx.local_variable_set(:tcp_port, v.to_i) }
+      end
     end
 
-    def self.exit_on_failure?
-      true
+    def self.read_keys(config_path)
+      parse_ini(config_path).values_at("key", "hmac-key")
     end
 
-    private
-
-    def send_auth(host, port, config)
-      key, hmac_key = get_keys(parse_ini(config))
-      Sparoid.auth(key, hmac_key, host, port.to_i)
-    end
-
-    def parse_ini(path)
-      File.readlines(File.expand_path(path)).map! { |line| line.split("=", 2).map!(&:strip) }.to_h
+    def self.parse_ini(path)
+      File.readlines(File.expand_path(path)).to_h { |line| line.split("=", 2).map(&:strip) }
     rescue Errno::ENOENT
       {
         "key" => ENV.fetch("SPAROID_KEY", nil),
@@ -57,8 +68,6 @@ module Sparoid
       }
     end
 
-    def get_keys(config)
-      config.values_at("key", "hmac-key")
-    end
+    private_class_method :parse_send_options!, :parse_connect_options!, :read_keys, :parse_ini
   end
 end

data/lib/sparoid/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Sparoid
-  VERSION = "1.2.0"
+  VERSION = "2.1.0"
 end

data/lib/sparoid.rb

@@ -4,6 +4,7 @@ require_relative "sparoid/version"
 require "socket"
 require "openssl"
 require "resolv"
+require "timeout"
 
 # Single Packet Authorisation client
 module Sparoid # rubocop:disable Metrics/ModuleLength
@@ -11,20 +12,30 @@ module Sparoid # rubocop:disable Metrics/ModuleLength
 
   SPAROID_CACHE_PATH = ENV.fetch("SPAROID_CACHE_PATH", "/tmp/.sparoid_public_ip")
 
+  URLS = [
+    "ipv6.icanhazip.com",
+    "ipv4.icanhazip.com"
+  ].freeze
+
+  GOOGLE_DNS_V6 = ["2001:4860:4860::8888", 53].freeze
+
   # Send an authorization packet
-  def auth(key, hmac_key, host, port, open_for_ip: cached_public_ip)
+  def auth(key, hmac_key, host, port, open_for_ip: nil)
     addrs = resolve_ip_addresses(host, port)
-    ip = Resolv::IPv4.create(open_for_ip)
-    msg = message(ip)
-    data = prefix_hmac(hmac_key, encrypt(key, msg))
-    sendmsg(addrs, data)
+    addrs.each do |addr|
+      messages = generate_messages(open_for_ip)
+      data = messages.map do |message|
+        prefix_hmac(hmac_key, encrypt(key, message))
+      end
+      sendmsg(addr, data)
+    end
 
     # wait some time for the server to actually open the port
     # if we don't wait the next SYN package will be dropped
     # and it have to be redelivered, adding 1 second delay
     sleep 0.02
 
-    addrs.map(&:ip_address) # return resolved IP(s)
+    addrs
   end
 
   # Generate new aes and hmac keys, print to stdout
@@ -37,11 +48,11 @@ module Sparoid # rubocop:disable Metrics/ModuleLength
   end
 
   # Connect to a TCP server and pass the FD to the parent
-  def fdpass(ips, port, connect_timeout: 10) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+  def fdpass(addrs, port, connect_timeout: 10) # rubocop:disable Metrics/AbcSize
     # try connect to all IPs
-    sockets = ips.map do |ip|
-      Socket.new(Socket::AF_INET, Socket::SOCK_STREAM).tap do |s|
-        s.connect_nonblock(Socket.sockaddr_in(port, ip), exception: false)
+    sockets = addrs.map do |addr|
+      Socket.new(addr.afamily, Socket::SOCK_STREAM).tap do |s|
+        s.connect_nonblock(Socket.sockaddr_in(port, addr.ip_address), exception: false)
       end
     end
     # wait for any socket to be connected
@@ -51,9 +62,9 @@ module Sparoid # rubocop:disable Metrics/ModuleLength
       writeable.each do |s|
         idx = sockets.index(s)
         sockets.delete_at(idx) # don't retry this socket again
-        ip = ips.delete_at(idx) # find the IP for the socket
+        addr = addrs.delete_at(idx) # find the IP for the socket
         begin
-          s.connect_nonblock(Socket.sockaddr_in(port, ip)) # check for errors
+          s.connect_nonblock(Socket.sockaddr_in(port, addr.ip_address)) # check for errors
         rescue Errno::EISCONN
           # already connected, continue
         rescue SystemCallError
@@ -69,11 +80,25 @@ module Sparoid # rubocop:disable Metrics/ModuleLength
 
   private
 
-  def sendmsg(addrs, data)
-    socket = UDPSocket.new
+  def generate_messages(ip)
+    if ip
+      [message(string_to_ip(ip))]
+    else
+      ips = cached_public_ips
+      native_ipv6 = public_ipv6_by_udp
+      if native_ipv6
+        ips = ips.grep_v(Resolv::IPv6)
+        ips << Resolv::IPv6.create(native_ipv6)
+      end
+      ips.map { |i| message(i) }
+    end
+  end
+
+  def sendmsg(addr, data)
+    socket = UDPSocket.new(addr.afamily)
     socket.nonblock = false
-    addrs.each do |addr|
-      socket.sendmsg data, 0, addr
+    data.each do |packet|
+      socket.sendmsg packet, 0, addr
     rescue StandardError => e
       warn "Sparoid error: #{e.message}"
     end
@@ -103,14 +128,16 @@ module Sparoid # rubocop:disable Metrics/ModuleLength
     hmac + data
   end
 
+  # Message format: version(4) + timestamp(8) + nonce(16) + ip(4 or 16)
+  # https://github.com/84codes/sparoid/blob/main/src/message.cr
   def message(ip)
     version = 1
     ts = (Time.now.utc.to_f * 1000).floor
     nounce = OpenSSL::Random.random_bytes(16)
-    [version, ts, nounce, ip.address].pack("N q> a16 a4")
+    [version, ts, nounce, ip.address].pack("N q> a16 a*")
   end
 
-  def cached_public_ip
+  def cached_public_ips
     if up_to_date_cache?
       read_cache
     else
@@ -118,7 +145,7 @@ module Sparoid # rubocop:disable Metrics/ModuleLength
     end
   rescue StandardError => e
     warn "Sparoid: #{e.inspect}"
-    public_ip
+    public_ips
   end
 
   def up_to_date_cache?
@@ -131,7 +158,9 @@ module Sparoid # rubocop:disable Metrics/ModuleLength
   def read_cache
     File.open(SPAROID_CACHE_PATH, "r") do |f|
       f.flock(File::LOCK_SH)
-      Resolv::IPv4.create f.read
+      f.readlines(chomp: true).map do |line|
+        string_to_ip(line)
+      end
     end
   rescue ArgumentError => e
     return write_cache if /cannot interpret as IPv4 address/.match?(e.message)
@@ -142,54 +171,97 @@ module Sparoid # rubocop:disable Metrics/ModuleLength
   def write_cache
     File.open(SPAROID_CACHE_PATH, File::WRONLY | File::CREAT, 0o0644) do |f|
       f.flock(File::LOCK_EX)
-      ip = public_ip
+      ips = public_ips
+      warn "Sparoid: Failed to retrieve public IPs" if ips.empty?
       f.truncate(0)
-      f.write ip.to_s
-      ip
+      f.rewind
+      ips.each do |ip|
+        f.puts ip.to_s
+      end
+      ips
     end
   end
 
-  def public_ip(host = "checkip.amazonaws.com", port = 80) # rubocop:disable Metrics/MethodLength
-    Socket.tcp(host, port, connect_timeout: 3) do |sock|
-      sock.sync = true
-      sock.print "GET / HTTP/1.1\r\nHost: #{host}\r\nConnection: close\r\n\r\n"
-      status = sock.readline(chomp: true)
-      raise(ResolvError, "#{host}:#{port} response: #{status}") unless status.start_with? "HTTP/1.1 200 "
+  def public_ips(port = 80) # rubocop:disable Metrics/AbcSize
+    URLS.map do |host|
+      Timeout.timeout(5) do
+        Socket.tcp(host, port, connect_timeout: 3, resolv_timeout: 3) do |sock|
+          sock.sync = true
+          sock.print "GET / HTTP/1.1\r\nHost: #{host}\r\nConnection: close\r\n\r\n"
+          status = sock.readline(chomp: true)
+          raise(ResolvError, "#{host}:#{port} response: #{status}") unless status.start_with? "HTTP/1.1 200 "
 
-      content_length = 0
-      until (header = sock.readline(chomp: true)).empty?
-        if (m = header.match(/^Content-Length: (\d+)/))
-          content_length = m[1].to_i
+          content_length = 0
+          until (header = sock.readline(chomp: true)).empty?
+            if (m = header.match(/^Content-Length: (\d+)/))
+              content_length = m[1].to_i
+            end
+          end
+          ip = sock.read(content_length).chomp
+          string_to_ip(ip)
         end
       end
-      ip = sock.read(content_length).chomp
-      Resolv::IPv4.create ip
+    rescue StandardError
+      nil
+    end.compact
+  end
+
+  def string_to_ip(ip)
+    case ip
+    when Resolv::IPv4::Regex
+      Resolv::IPv4.create(ip)
+    when Resolv::IPv6::Regex
+      Resolv::IPv6.create(ip)
+    else
+      raise ArgumentError, "Unsupported IP format #{ip}"
     end
   end
 
   def resolve_ip_addresses(host, port)
-    addresses = Addrinfo.getaddrinfo(host, port, :INET, :DGRAM)
+    addresses = Addrinfo.getaddrinfo(host, port)
     raise(ResolvError, "Sparoid failed to resolv #{host}") if addresses.empty?
 
-    addresses
+    addresses.select { |addr| addr.socktype == Socket::SOCK_DGRAM }
   rescue SocketError
     raise(ResolvError, "Sparoid failed to resolv #{host}")
   end
 
+  # Get the public IPv6 address by asking the OS which source address
+  # it would use to reach a well-known IPv6 destination.
+  # Returns nil if no global IPv6 address is available.
+  def public_ipv6_by_udp
+    socket = UDPSocket.new(Socket::AF_INET6)
+    socket.connect(*GOOGLE_DNS_V6)
+    addr = socket.local_address
+    return addr.ip_address if global_ipv6?(addr)
+
+    nil
+  rescue StandardError
+    nil
+  ensure
+    socket&.close
+  end
+
+  def global_ipv6?(addr)
+    !(addr.ipv6_loopback? || addr.ipv6_linklocal? || addr.ipv6_unspecified? ||
+      addr.ipv6_sitelocal? || addr.ipv6_multicast? || addr.ipv6_v4mapped? ||
+      addr.ip_address.start_with?("fd", "fc"))
+  end
+
   class Error < StandardError; end
 
   class ResolvError < Error; end
 
-  # Instance of SPAroid that only resolved public_ip once
+  # Instance of SPAroid that only resolved public_ips once
   class Instance
     include Sparoid
 
-    def public_ip(*args)
-      @public_ip ||= super
+    def public_ips(*args)
+      @public_ips ||= super
     end
 
-    def cached_public_ip
-      public_ip
+    def cached_public_ips
+      public_ips
     end
   end
 end

data/sparoid.gemspec

@@ -11,7 +11,7 @@ Gem::Specification.new do |spec|
   spec.summary       = "Single Packet Authorisation client"
   spec.homepage      = "https://github.com/84codes/sparoid.rb"
   spec.license       = "MIT"
-  spec.required_ruby_version = Gem::Requirement.new(">= 2.5.0")
+  spec.required_ruby_version = Gem::Requirement.new(">= 3.2.0")
 
   spec.metadata["homepage_uri"] = spec.homepage
   spec.metadata["source_code_uri"] = spec.homepage
@@ -26,6 +26,5 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_dependency "thor"
   spec.metadata["rubygems_mfa_required"] = "true"
 end

metadata

@@ -1,30 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sparoid
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 2.1.0
 platform: ruby
 authors:
 - Carl Hörberg
-autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-07-24 00:00:00.000000000 Z
-dependencies:
-- !ruby/object:Gem::Dependency
-  name: thor
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-description:
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies: []
 email:
 - carl@84codes.com
 executables:
@@ -56,7 +40,6 @@ metadata:
   source_code_uri: https://github.com/84codes/sparoid.rb
   changelog_uri: https://raw.githubusercontent.com/84codes/sparoid.rb/main/CHANGELOG.md
   rubygems_mfa_required: 'true'
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -64,15 +47,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.5.0
+      version: 3.2.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.11
-signing_key:
+rubygems_version: 3.6.9
 specification_version: 4
 summary: Single Packet Authorisation client
 test_files: []