refactor: use openconnect delegation mechanism (#3)

* feat: Add tasks for OpenConnect CLI delegation refactor

- Introduced a comprehensive task list for refactoring OpenConnect CLI, organized by phases and user stories.
- Established foundational tasks for setup and core entity definitions.
- Defined user stories focusing on VPN connection, state tracking, disconnection, status querying, and error handling.
- Emphasized TDD approach with tasks for writing failing tests before implementation.
- Included checkpoints for each phase to ensure progress and functionality.

* feat: MVP -> Implement unit tests for VPN connection management and refactor CLI integration

- Added unit tests for `CliConnector`, `ConnectionEvent`, and `OutputParser` to ensure proper functionality and state transitions.
- Removed FFI-related files and infrastructure, transitioning to a pure Rust implementation.
- Refactored `run_vpn_on`, `run_vpn_off`, and `run_vpn_status` functions to utilize the new `CliConnector` for managing VPN connections.
- Implemented state management for VPN connections, including error handling and event logging.
- Updated main function to support asynchronous execution with Tokio.

* feat(cli): enhance setup command with colored output and lazy mode option

- Updated setup command to use colored output for better visibility.
- Added lazy mode configuration option to automatically connect to VPN when running 'akon' without arguments.
- Improved user prompts and messages for clarity.

feat(vpn): improve VPN connection handling and error suggestions

- Enhanced VPN connection logic to check for existing connections and handle reconnections gracefully.
- Added actionable suggestions for various VPN errors to assist users in troubleshooting.
- Improved output formatting for connection status and error messages.

test(vpn): add integration tests for VPN disconnect functionality

- Implemented comprehensive integration tests for VPN disconnect logic, state management, and error handling.
- Verified state file format, missing fields, and invalid JSON scenarios.
- Ensured proper cleanup of state files after disconnecting.

fix(tests): update VPN status tests for accurate exit codes

- Adjusted VPN status tests to check for correct exit codes when not connected.
- Improved assertions to validate output messages for disconnected status.

* feat(cli): prevent duplicate authenticating events

- Added a flag to track if the authenticating event has been sent
- Modified event handling to ensure only the first authenticating event is sent

* feat: update version numbers and improve installation process

- Bump version to 1.0.0 in Cargo.toml for both akon and akon-core
- Simplify installation instructions in README.md to use 'make install'
- Remove redundant setup-sudo.sh script, integrating its functionality into the Makefile
- Add version information to CLI command output

Author: vcwild

Cargo.toml

@@ -4,7 +4,7 @@ resolver = "2"
 
 [package]
 name = "akon"
-version = "0.1.0"
+version = "1.0.0"
 edition = "2021"
 
 [lints.rust]
@@ -24,6 +24,11 @@ nix.workspace = true
 serde_json.workspace = true
 libc.workspace = true
 serde.workspace = true
+tokio.workspace = true
+# Additional dependencies
+which = "6.0"
+chrono = "0.4"
+colored = "2.1"
 # Local crate
 akon-core = { path = "akon-core" }
 
@@ -40,7 +45,7 @@ clap = { version = "4.0", features = ["derive"] }
 tracing = "0.1"
 tracing-journald = "0.3"
 tracing-subscriber = "0.3"
-tokio = { version = "1.0", features = ["full"] }
+tokio = { version = "1.35", features = ["process", "io-util", "time", "macros", "rt-multi-thread", "full"] }
 
 # Security and crypto
 totp-lite = "2.0"

Makefile

@@ -1,126 +1,46 @@
-.PHONY: install-deps build install install-dev run-vpn-on run-vpn-off run-vpn-status test clean logs help uninstall
+.PHONY: all install install-dev
 
-# Default target
-all: build
-
-# Install system dependencies required for the project
-install-deps:
-	sudo dnf install -y openconnect-devel dbus-devel pkgconf-pkg-config libcap
-
-# Build the project in release mode
-build:
+# Default target - build release binary
+all:
 	cargo build --release
 
-# Build in debug mode
-build-debug:
-	cargo build
-
-# Build in dev mode
-build-dev:
-	cargo build
-	@echo "✓ Built successfully"
-
-# Install release version with network capabilities (one-time setup)
-# After this, you can run 'akon vpn on' without sudo
-install: build
-	@echo "Installing akon with network capabilities..."
+# Install release version with passwordless sudo setup
+# This configures everything needed to run akon without password prompts
+install: all
+	@echo "Installing akon..."
 	sudo install -m 755 target/release/akon /usr/local/bin/akon
-	sudo setcap cap_net_admin,cap_net_raw,cap_setuid,cap_setgid+eip /usr/local/bin/akon
 	@echo "✓ Installed to /usr/local/bin/akon"
-	@echo "✓ Network capabilities set (CAP_NET_ADMIN, CAP_NET_RAW, CAP_SETUID, CAP_SETGID)"
 	@echo ""
-	@echo "You can now run without sudo:"
-	@echo "  akon vpn on"
+	@echo "Configuring passwordless sudo for openconnect..."
+	@if ! command -v openconnect &> /dev/null; then \
+		echo "ERROR: openconnect is not installed"; \
+		echo "Please install it first:"; \
+		echo "  Ubuntu/Debian: sudo apt install openconnect"; \
+		echo "  RHEL/Fedora:   sudo dnf install openconnect"; \
+		exit 1; \
+	fi
+	@OPENCONNECT_PATH=$$(which openconnect); \
+	SUDOERS_FILE="/etc/sudoers.d/akon"; \
+	echo "# Allow $$USER to run openconnect without password for akon VPN" | sudo tee $$SUDOERS_FILE > /dev/null; \
+	echo "$$USER ALL=(root) NOPASSWD: $$OPENCONNECT_PATH" | sudo tee -a $$SUDOERS_FILE > /dev/null; \
+	sudo chmod 0440 $$SUDOERS_FILE; \
+	if sudo visudo -c -f $$SUDOERS_FILE 2>&1 | grep -q "parsed OK"; then \
+		echo "✓ Passwordless sudo configured for openconnect"; \
+	else \
+		echo "ERROR: Invalid sudoers configuration"; \
+		sudo rm -f $$SUDOERS_FILE; \
+		exit 1; \
+	fi
+	@echo ""
+	@echo "Installation complete! You can now run:"
+	@echo "  akon setup"
 
-# Install development version with network capabilities
-install-dev: build-debug
-	@echo "Installing debug akon with network capabilities..."
+# Install development version for debugging
+install-dev:
+	cargo build
+	@echo "Installing debug akon..."
 	sudo install -m 755 target/debug/akon /usr/local/bin/akon-dev
-	sudo setcap cap_net_admin,cap_net_raw,cap_setuid,cap_setgid+eip /usr/local/bin/akon-dev
 	@echo "✓ Installed to /usr/local/bin/akon-dev"
-	@echo "✓ Network capabilities set (CAP_NET_ADMIN, CAP_NET_RAW, CAP_SETUID, CAP_SETGID)"
 	@echo ""
-	@echo "You can now run without sudo:"
-	@echo "  akon-dev vpn on"
-
-# Uninstall akon binaries
-uninstall:
-	sudo rm -f /usr/local/bin/akon /usr/local/bin/akon-dev
-	@echo "✓ Uninstalled akon"
-
-# Kill any existing akon processes
-kill-akon:
-	-pkill -f akon || true
-
-# Run VPN connection - RELEASE MODE (after 'make install')
-# This assumes you've run 'make install' and the binary has capabilities
-run-vpn-on: install
-	@echo "Connecting to VPN..."
-	RUST_LOG=info akon vpn on
-
-# Run VPN connection - DEBUG MODE (for development)
-# This uses the locally built binary with capabilities set temporarily
-run-vpn-on-debug: build-dev
-	@echo "Setting temporary capabilities on debug binary..."
-	@sudo setcap cap_net_admin+eip target/debug/akon || true
-	@echo "Connecting to VPN (debug mode)..."
-	RUST_LOG=debug ./target/debug/akon vpn on
-
-# Disconnect VPN (debug)
-run-vpn-off-debug:
-	cargo run -- vpn off
-
-# Disconnect VPN
-run-vpn-off:
-	cargo run --release -- vpn off
-
-# Check VPN status (debug)
-run-vpn-status-debug:
-	cargo run -- vpn status
-
-# Check VPN status
-run-vpn-status:
-	cargo run --release -- vpn status
-
-# Run tests
-test:
-	cargo test
-
-# Clean build artifacts
-clean:
-	cargo clean
-
-# Show recent logs from journalctl
-logs:
-	sudo journalctl --since "5 minutes ago" | grep -E "akon|openconnect"
-
-# Show segfault/crash logs
-crash-logs:
-	sudo journalctl --since "10 minutes ago" | grep -E "segfault|SEGV|core dump"
-
-# Analyze core dump (if available)
-coredump:
-	@echo "Recent core dumps:"
-	@coredumpctl list | grep akon | head -5
-	@echo ""
-	@echo "To debug the latest crash, run:"
-	@echo "  coredumpctl debug"
-
-# Show help
-help:
-	@echo "Available targets:"
-	@echo "  make install-deps        - Install system dependencies"
-	@echo "  make build               - Build in release mode"
-	@echo "  make build-debug         - Build in debug mode"
-	@echo "  make build-dev          - Build in dev mode"
-	@echo "  make run-vpn-on          - Connect VPN (release, with logs)"
-	@echo "  make run-vpn-on-debug    - Connect VPN (debug, with logs)"
-	@echo "  make run-vpn-off         - Disconnect VPN (release)"
-	@echo "  make run-vpn-off-debug   - Disconnect VPN (debug)"
-	@echo "  make run-vpn-status      - Check VPN status (release)"
-	@echo "  make run-vpn-status-debug - Check VPN status (debug)"
-	@echo "  make test                - Run tests"
-	@echo "  make logs                - Show recent logs"
-	@echo "  make crash-logs          - Show crash/segfault logs"
-	@echo "  make coredump            - Analyze core dumps"
-	@echo "  make clean               - Clean build artifacts"
+	@echo "You can now run:"
+	@echo "  akon-dev setup"