Code dedup, add to readme

Author: coadler

README.md

@@ -2,9 +2,10 @@
 
 [![Go Reference](https://pkg.go.dev/badge/github.com/coder/wush.svg)](https://pkg.go.dev/github.com/coder/wush)
 
-`wush` is a command line tool that lets you easily transfer
-files and open shells over a peer-to-peer wireguard connection. It's similar to [magic-wormhole](https://github.com/magic-wormhole/magic-wormhole) but doesn't require you to
-set up or trust a relay server.
+`wush` is a command line tool that lets you easily transfer files and open
+shells over a peer-to-peer wireguard connection. It's similar to
+[magic-wormhole](https://github.com/magic-wormhole/magic-wormhole) but doesn't
+require you to set up or trust a relay server for authentication.
 
 ## Basic Usage
 
@@ -47,4 +48,29 @@ coder@colin:~$
 
 ## Technical Details
 
-...
+`wush` doesn't require you to trust any 3rd party authentication or relay
+servers, instead using x25519 keys to authenticate incoming connections. Auth
+keys generated by `wush receive` are separated into a couple parts:
+
+```text
++---------------------+------------------+---------------------------+----------------------------+
+| UDP Address (1-19B) | DERP Region (2B) |  Server Public Key (32B)  |  Sender Private Key (32B)  |
++---------------------+------------------+---------------------------+----------------------------+
+| 203.128.89.74:57321 |               21 | QPGoX1GY......488YNqsyWM= | o/FXVnOn.....llrKg5bqxlgY= |
++---------------------+------------------+---------------------------+----------------------------+
+```
+
+Senders and receivers communicate over what we call an "overlay". An overlay
+runs over one of two currently implemented mediums; UDP or DERP. Each message is
+encrypted with the sender's private key.
+
+**UDP**: The receiver creates a NAT holepunch to allow senders to connect
+directly. Wireguard nodes are exchanged peer-to-peer.
+
+**DERP**: The receiver connects to the closet DERP relay server. Wireguard nodes
+are exchanged through the relay.
+
+In both cases auth is handled the same way. The receiver will only accept
+messages encrypted from the sender's private key, to the server's public key.
+
+## Why create another file transfer tool?

cmd/wush/cp.go

@@ -18,72 +18,105 @@ import (
 	"github.com/coder/wush/tsserver"
 	"github.com/schollz/progressbar/v3"
 	"tailscale.com/net/netns"
+	"tailscale.com/types/ptr"
 )
 
-func cpCmd() *serpent.Command {
-	var (
-		authID             string
-		waitP2P            bool
-		stunAddrOverride   string
-		stunAddrOverrideIP netip.Addr
-	)
-	return &serpent.Command{
-		Use:   "cp <file>",
-		Short: "Transfer files.",
-		Long:  "Transfer files to a " + cliui.Code("wush") + " peer. ",
-		Middleware: serpent.Chain(
-			serpent.RequireNArgs(1),
-		),
-		Handler: func(inv *serpent.Invocation) error {
-			ctx := inv.Context()
-			logger := slog.New(slog.NewTextHandler(io.Discard, nil))
-			logF := func(str string, args ...any) {
-				fmt.Fprintf(inv.Stderr, str+"\n", args...)
+func initLogger(verbose, quiet *bool, slogger *slog.Logger, logf *func(str string, args ...any)) serpent.MiddlewareFunc {
+	return func(next serpent.HandlerFunc) serpent.HandlerFunc {
+		return func(i *serpent.Invocation) error {
+			if *verbose {
+				*slogger = *slog.New(slog.NewTextHandler(i.Stderr, nil))
+			} else {
+				*slogger = *slog.New(slog.NewTextHandler(io.Discard, nil))
 			}
 
-			if authID == "" {
+			*logf = func(str string, args ...any) {
+				if !*quiet {
+					fmt.Fprintf(i.Stderr, str+"\n", args...)
+				}
+			}
+
+			return next(i)
+		}
+	}
+}
+
+func initAuth(authFlag *string, ca *overlay.ClientAuth) serpent.MiddlewareFunc {
+	return func(next serpent.HandlerFunc) serpent.HandlerFunc {
+		return func(i *serpent.Invocation) error {
+			if *authFlag == "" {
 				err := huh.NewInput().
 					Title("Enter your Auth ID:").
-					Value(&authID).
+					Value(authFlag).
 					Run()
 				if err != nil {
 					return fmt.Errorf("get auth id: %w", err)
 				}
 			}
 
-			dm, err := tsserver.DERPMapTailscale(ctx)
+			err := ca.Parse(*authFlag)
+			if err != nil {
+				return fmt.Errorf("parse auth key: %w", err)
+			}
+
+			return next(i)
+		}
+	}
+}
+
+func sendOverlayMW(opts *sendOverlayOpts, send **overlay.Send, logger *slog.Logger, logf *func(str string, args ...any)) serpent.MiddlewareFunc {
+	return func(next serpent.HandlerFunc) serpent.HandlerFunc {
+		return func(i *serpent.Invocation) error {
+			dm, err := tsserver.DERPMapTailscale(i.Context())
 			if err != nil {
 				return err
 			}
 
-			if stunAddrOverride != "" {
-				stunAddrOverrideIP, err = netip.ParseAddr(stunAddrOverride)
+			newSend := overlay.NewSendOverlay(logger, dm)
+			newSend.Auth = opts.clientAuth
+			if opts.stunAddrOverride != "" {
+				newSend.STUNIPOverride, err = netip.ParseAddr(opts.stunAddrOverride)
 				if err != nil {
 					return fmt.Errorf("parse stun addr override: %w", err)
 				}
 			}
 
-			send := overlay.NewSendOverlay(logger, dm)
-			send.STUNIPOverride = stunAddrOverrideIP
+			newSend.Auth.PrintDebug(*logf, dm)
 
-			err = send.Auth.Parse(authID)
-			if err != nil {
-				return fmt.Errorf("parse auth key: %w", err)
-			}
+			*send = newSend
+			return next(i)
+		}
+	}
+}
 
-			logF("Auth information:")
-			stunStr := send.Auth.ReceiverStunAddr.String()
-			if !send.Auth.ReceiverStunAddr.IsValid() {
-				stunStr = "Disabled"
-			}
-			logF("\t> Server overlay STUN address: %s", cliui.Code(stunStr))
-			derpStr := "Disabled"
-			if send.Auth.ReceiverDERPRegionID > 0 {
-				derpStr = dm.Regions[int(send.Auth.ReceiverDERPRegionID)].RegionName
-			}
-			logF("\t> Server overlay DERP home:    %s", cliui.Code(derpStr))
-			logF("\t> Server overlay public key:   %s", cliui.Code(send.Auth.ReceiverPublicKey.ShortString()))
-			logF("\t> Server overlay auth key:     %s", cliui.Code(send.Auth.OverlayPrivateKey.Public().ShortString()))
+type sendOverlayOpts struct {
+	authKey          string
+	clientAuth       overlay.ClientAuth
+	waitP2P          bool
+	stunAddrOverride string
+}
+
+func cpCmd() *serpent.Command {
+	var (
+		verbose bool
+		logger  = new(slog.Logger)
+		logf    = func(str string, args ...any) {}
+
+		overlayOpts = new(sendOverlayOpts)
+		send        = new(overlay.Send)
+	)
+	return &serpent.Command{
+		Use:   "cp <file>",
+		Short: "Transfer files.",
+		Long:  "Transfer files to a " + cliui.Code("wush") + " peer. ",
+		Middleware: serpent.Chain(
+			serpent.RequireNArgs(1),
+			initLogger(&verbose, ptr.To(false), logger, &logf),
+			initAuth(&overlayOpts.authKey, &overlayOpts.clientAuth),
+			sendOverlayMW(overlayOpts, &send, logger, &logf),
+		),
+		Handler: func(inv *serpent.Invocation) error {
+			ctx := inv.Context()
 
 			s, err := tsserver.NewServer(ctx, logger, send)
 			if err != nil {
@@ -107,22 +140,22 @@ func cpCmd() *serpent.Command {
 			ts.Logf = func(string, ...any) {}
 			ts.UserLogf = func(string, ...any) {}
 
-			logF("Bringing Wireguard up..")
+			logf("Bringing Wireguard up..")
 			ts.Up(ctx)
-			logF("Wireguard is ready!")
+			logf("Wireguard is ready!")
 
 			lc, err := ts.LocalClient()
 			if err != nil {
 				return err
 			}
 
-			ip, err := waitUntilHasPeerHasIP(ctx, logF, lc)
+			ip, err := waitUntilHasPeerHasIP(ctx, logf, lc)
 			if err != nil {
 				return err
 			}
 
-			if waitP2P {
-				err := waitUntilHasP2P(ctx, logF, lc)
+			if overlayOpts.waitP2P {
+				err := waitUntilHasP2P(ctx, logf, lc)
 				if err != nil {
 					return err
 				}
@@ -172,22 +205,29 @@ func cpCmd() *serpent.Command {
 		},
 		Options: []serpent.Option{
 			{
-				Flag:        "auth-id",
-				Env:         "WUSH_AUTH_ID",
-				Description: "The auth id returned by " + cliui.Code("wush receive") + ". If not provided, it will be asked for on startup.",
+				Flag:        "auth-key",
+				Env:         "WUSH_AUTH_key",
+				Description: "The auth key returned by " + cliui.Code("wush receive") + ". If not provided, it will be asked for on startup.",
 				Default:     "",
-				Value:       serpent.StringOf(&authID),
+				Value:       serpent.StringOf(&overlayOpts.authKey),
 			},
 			{
 				Flag:    "stun-ip-override",
 				Default: "",
-				Value:   serpent.StringOf(&stunAddrOverride),
+				Value:   serpent.StringOf(&overlayOpts.stunAddrOverride),
 			},
 			{
 				Flag:        "wait-p2p",
 				Description: "Waits for the connection to be p2p.",
 				Default:     "false",
-				Value:       serpent.BoolOf(&waitP2P),
+				Value:       serpent.BoolOf(&overlayOpts.waitP2P),
+			},
+			{
+				Flag:          "verbose",
+				FlagShorthand: "v",
+				Description:   "Enable verbose logging.",
+				Default:       "false",
+				Value:         serpent.BoolOf(&verbose),
 			},
 		},
 	}

cmd/wush/rsync.go

@@ -2,14 +2,12 @@ package main
 
 import (
 	"fmt"
-	"io"
 	"log/slog"
-	"net/netip"
 	"os"
 	"os/exec"
 	"strings"
 
-	"github.com/charmbracelet/huh"
+	"tailscale.com/types/ptr"
 
 	"github.com/coder/serpent"
 	"github.com/coder/wush/cliui"
@@ -19,11 +17,12 @@ import (
 
 func rsyncCmd() *serpent.Command {
 	var (
-		authID             string
-		overlayTransport   string
-		stunAddrOverride   string
-		stunAddrOverrideIP netip.Addr
-		sshStdio           bool
+		verbose bool
+		logger  = new(slog.Logger)
+		logf    = func(str string, args ...any) {}
+
+		overlayOpts = new(sendOverlayOpts)
+		send        = new(overlay.Send)
 	)
 	return &serpent.Command{
 		Use:   "rsync [flags] -- [rsync args]",
@@ -32,62 +31,27 @@ func rsyncCmd() *serpent.Command {
 			"Use " + cliui.Code("wush receive") + " on the computer you would like to connect to." +
 			"\n\n" +
 			"Example: " + "wush rsync -- --progress --stats -avz --human-readable /local/path :/remote/path",
+		Middleware: serpent.Chain(
+			initLogger(&verbose, ptr.To(false), logger, &logf),
+			initAuth(&overlayOpts.authKey, &overlayOpts.clientAuth),
+		),
 		Handler: func(inv *serpent.Invocation) error {
 			ctx := inv.Context()
-			logger := slog.New(slog.NewTextHandler(io.Discard, nil))
-
-			if authID == "" {
-				err := huh.NewInput().
-					Title("Enter your Auth ID:").
-					Value(&authID).
-					Run()
-				if err != nil {
-					return fmt.Errorf("get auth id: %w", err)
-				}
-			}
 
-			dm, err := tsserver.DERPMapTailscale(ctx)
+			dm, err := tsserver.DERPMapTailscale(inv.Context())
 			if err != nil {
 				return err
 			}
-
-			if stunAddrOverride != "" {
-				stunAddrOverrideIP, err = netip.ParseAddr(stunAddrOverride)
-				if err != nil {
-					return fmt.Errorf("parse stun addr override: %w", err)
-				}
-			}
-
-			send := overlay.NewSendOverlay(logger, dm)
-			send.STUNIPOverride = stunAddrOverrideIP
-
-			err = send.Auth.Parse(authID)
-			if err != nil {
-				return fmt.Errorf("parse auth key: %w", err)
-			}
-
-			fmt.Println("Auth information:")
-			stunStr := send.Auth.ReceiverStunAddr.String()
-			if !send.Auth.ReceiverStunAddr.IsValid() {
-				stunStr = "Disabled"
-			}
-			fmt.Println("\t> Server overlay STUN address:", cliui.Code(stunStr))
-			derpStr := "Disabled"
-			if send.Auth.ReceiverDERPRegionID > 0 {
-				derpStr = dm.Regions[int(send.Auth.ReceiverDERPRegionID)].RegionName
-			}
-			fmt.Println("\t> Server overlay DERP home:   ", cliui.Code(derpStr))
-			fmt.Println("\t> Server overlay public key:  ", cliui.Code(send.Auth.ReceiverPublicKey.ShortString()))
-			fmt.Println("\t> Server overlay auth key:    ", cliui.Code(send.Auth.OverlayPrivateKey.Public().ShortString()))
+			overlayOpts.clientAuth.PrintDebug(logf, dm)
 
 			progPath := os.Args[0]
 			args := []string{
 				"-c",
-				fmt.Sprintf(`rsync -e "%s ssh --auth-key %s --stdio --" %s`,
+				fmt.Sprintf(`rsync -e "%s ssh --auth-key %s --quiet --" %s`,
 					progPath, send.Auth.AuthKey(), strings.Join(inv.Args, " "),
 				),
 			}
-			fmt.Println("Running: rsync", strings.Join(args, " "))
+			fmt.Println("Running: rsync", strings.Join(inv.Args, " "))
 			cmd := exec.CommandContext(ctx, "sh", args...)
 			cmd.Stdin = inv.Stdin
 			cmd.Stdout = inv.Stdout
@@ -101,24 +65,25 @@ func rsyncCmd() *serpent.Command {
 				Env:         "WUSH_AUTH_KEY",
 				Description: "The auth key returned by " + cliui.Code("wush receive") + ". If not provided, it will be asked for on startup.",
 				Default:     "",
-				Value:       serpent.StringOf(&authID),
-			},
-			{
-				Flag:        "overlay-transport",
-				Description: "The transport to use on the overlay. The overlay is used to exchange Wireguard nodes between peers. In DERP mode, nodes are exchanged over public Tailscale DERPs, while STUN mode sends nodes directly over UDP.",
-				Default:     "derp",
-				Value:       serpent.EnumOf(&overlayTransport, "derp", "stun"),
+				Value:       serpent.StringOf(&overlayOpts.authKey),
 			},
 			{
 				Flag:    "stun-ip-override",
 				Default: "",
-				Value:   serpent.StringOf(&stunAddrOverride),
+				Value:   serpent.StringOf(&overlayOpts.stunAddrOverride),
 			},
 			{
-				Flag:        "stdio",
-				Description: "Run SSH over stdin/stdout. This allows wush to be used as a transport for other programs, like rsync or regular ssh.",
+				Flag:        "wait-p2p",
+				Description: "Waits for the connection to be p2p.",
 				Default:     "false",
-				Value:       serpent.BoolOf(&sshStdio),
+				Value:       serpent.BoolOf(&overlayOpts.waitP2P),
+			},
+			{
+				Flag:          "verbose",
+				FlagShorthand: "v",
+				Description:   "Enable verbose logging.",
+				Default:       "false",
+				Value:         serpent.BoolOf(&verbose),
 			},
 		},
 	}