dev to main

.github/workflows/build.yml

@@ -22,10 +22,10 @@ jobs:
       uses: Swatinem/rust-cache@v2
       continue-on-error: false
       with:
-        key: ${{ runner.os }}-cargo-${{ hashFiles('zeroidc//Cargo.lock') }}
+        key: ${{ runner.os }}-cargo-${{ hashFiles('rustybits//Cargo.lock') }}
         shared-key: ${{ runner.os }}-cargo-
         workspaces: |
-          zeroidc/
+          rustybits/
 
     - name: make
       run: make
@@ -54,10 +54,10 @@ jobs:
       uses: Swatinem/rust-cache@v2
       continue-on-error: false
       with:
-        key: ${{ runner.os }}-cargo-${{ hashFiles('zeroidc//Cargo.lock') }}
+        key: ${{ runner.os }}-cargo-${{ hashFiles('rustybits//Cargo.lock') }}
         shared-key: ${{ runner.os }}-cargo-
         workspaces: |
-          zeroidc/
+          rustybits/
 
     - name: make
       run: make
@@ -86,10 +86,10 @@ jobs:
       uses: Swatinem/rust-cache@v2
       continue-on-error: false
       with:
-        key: ${{ runner.os }}-cargo-${{ hashFiles('zeroidc//Cargo.lock') }}
+        key: ${{ runner.os }}-cargo-${{ hashFiles('rustybits//Cargo.lock') }}
         shared-key: ${{ runner.os }}-cargo-
         workspaces: |
-          zeroidc/
+          rustybits/
 
     - name: setup msbuild
       uses: microsoft/setup-msbuild@v1.1.3

.gitignore

@@ -138,3 +138,4 @@ __pycache__
 *_source.tar.bz2
 snap/.snapcraft
 tcp-proxy/tcp-proxy
+rustybits/target

README.md

@@ -44,6 +44,12 @@ The base path contains the ZeroTier One service main entry point (`one.cpp`), se
  - `windows/`: Visual Studio solution files, Windows service code, and the Windows task bar app UI.
  - `zeroidc/`: OIDC implementation used by ZeroTier service to log into SSO-enabled networks. (This part is written in Rust, and more Rust will be appearing in this repository in the future.)
 
+### Contributing
+
+Please do pull requests off of the `dev` branch.
+
+Releases are done by merging `dev` into `main` and then tagging and doing builds. 
+
 ### Build and Platform Notes
 
 To build on Mac and Linux just type `make`. On FreeBSD and OpenBSD `gmake` (GNU make) is required and can be installed from packages or ports. For Windows there is a Visual Studio solution in `windows/`.
@@ -169,3 +175,23 @@ Metrics are also available on disk in ZeroTier's working directory:
 | zt_peer_packet_errors | node_id | Counter | number of incoming packet errors from a peer |
 
 If there are other metrics you'd like to see tracked, ask us in an Issue or send us a Pull Request!
+
+### HTTP / App server
+
+There is a static http file server suitable for hosting Single Page Apps at http://localhost:9993/app/<app-path>
+
+Use `zerotier-cli info -j` to find your zerotier-one service's homeDir
+
+``` sh
+cd $ZT_HOME
+sudo mkdir -p app/app1
+sudo mkdir -p app/appB
+echo '<html><meta charset=utf-8><title>appA</title><body><h1>hello world A' | sudo tee app/appA/index.html 
+echo '<html><meta charset=utf-8><title>app2</title><body><h1>hello world 2' | sudo tee app/app2/index.html 
+curl -sL http://localhost:9993/app/appA http://localhost:9993/app/app2 
+```
+
+Then visit [http://localhost:9993/app/app1/](http://localhost:9993/app/app1/) and [http://localhost:9993/app/appB/](http://localhost:9993/app/appB/)
+
+Requests to paths don't exist return the app root index.html, as is customary for SPAs. 
+If you want, you can write some javascript that talks to the service or controller [api](https://docs.zerotier.com/service/v1).

SECURITY.md

@@ -9,9 +9,9 @@ The following versions of ZeroTier One receive security updates
 
 | Version | Supported          |
 | ------- | ------------------ |
-| 1.10.x   | :white_check_mark: |
-| 1.8.x   | :white_check_mark:  |
-| < 1.8.0 | :x: |
+| 1.12.x   | :white_check_mark: |
+| 1.10.x   | :white_check_mark:  |
+| < 1.10.0 | :x: |
 
 ## Reporting a Vulnerability
 

controller/EmbeddedNetworkController.cpp

@@ -876,6 +876,7 @@ void EmbeddedNetworkController::configureHTTPControlPlane(
 	std::string memberListPath2 = "/unstable/controller/network/([0-9a-fA-F]{16})/member";
 	std::string memberPath = "/controller/network/([0-9a-fA-F]{16})/member/([0-9a-fA-F]{10})";
 
+
 	auto controllerGet = [&, setContent](const httplib::Request &req, httplib::Response &res) {
 		char tmp[4096];
 		const bool dbOk = _db.isReady();
@@ -887,11 +888,11 @@ void EmbeddedNetworkController::configureHTTPControlPlane(
 			(unsigned long long)OSUtils::now(),
 			dbOk ? "true" : "false");
 
-			if (!dbOk) {
-				res.status = 503;
-			}
+		if (!dbOk) {
+			res.status = 503;
+		}
 
-			setContent(req, res, tmp);
+		setContent(req, res, tmp);
 	};
 	s.Get(controllerPath, controllerGet);
 	sv6.Get(controllerPath, controllerGet);
@@ -918,6 +919,7 @@ void EmbeddedNetworkController::configureHTTPControlPlane(
 
 		auto meta = json::object();
 		auto data = json::array();
+		uint64_t networkCount = 0;
 
 		for(std::set<uint64_t>::const_iterator nwid(networkIds.begin()); nwid != networkIds.end(); ++nwid) {
 			json network;
@@ -927,23 +929,26 @@ void EmbeddedNetworkController::configureHTTPControlPlane(
 
 			std::vector<json> memTmp;
 			if (_db.get(*nwid, network, memTmp)) {
-				uint64_t authorizedCount = 0;
-				uint64_t totalCount = memTmp.size();
+				if (!network.is_null()) {
+					uint64_t authorizedCount = 0;
+					uint64_t totalCount = memTmp.size();
+					networkCount++;
+
+					for (auto m = memTmp.begin(); m != memTmp.end(); ++m) {
+						bool a = OSUtils::jsonBool((*m)["authorized"], 0);
+						if (a) { authorizedCount++; }
+					}
 
-				for (auto m = memTmp.begin(); m != memTmp.end(); ++m) {
-					bool a = OSUtils::jsonBool((*m)["authorized"], 0);
-					if (a) { authorizedCount++; }
-				}
+					auto nwMeta = json::object();
+					nwMeta["totalMemberCount"] = totalCount;
+					nwMeta["authorizedMemberCount"] = authorizedCount;
+					network["meta"] = nwMeta;
 
-				auto nwMeta = json::object();
-				nwMeta["totalMemberCount"] = totalCount;
-				nwMeta["authorizedMemberCount"] = authorizedCount;
-				network["meta"] = nwMeta;
+					data.push_back(network);
+				}
 			}
-
-			data.push_back(network);
 		}
-		meta["networkCount"] = networkIds.size();
+		meta["networkCount"] = networkCount;
 
 		auto out = json::object();
 		out["data"] = data;
@@ -1090,26 +1095,26 @@ void EmbeddedNetworkController::configureHTTPControlPlane(
 
 		auto out = nlohmann::json::object();
 		auto meta = nlohmann::json::object();
-		auto members = nlohmann::json::array();
 		std::vector<json> memTmp;
 		if (_db.get(nwid, network, memTmp)) {
-			members.push_back(memTmp);
-		}
-
-		uint64_t authorizedCount = 0;
-		uint64_t totalCount = memTmp.size();
-		for (auto m = memTmp.begin(); m != memTmp.end(); ++m) {
-			bool a = OSUtils::jsonBool((*m)["authorized"], 0);
-			if (a) { authorizedCount++; }
-		}
+			uint64_t authorizedCount = 0;
+			uint64_t totalCount = memTmp.size();
+			for (auto m = memTmp.begin(); m != memTmp.end(); ++m) {
+				bool a = OSUtils::jsonBool((*m)["authorized"], 0);
+				if (a) { authorizedCount++; }
+			}
 
-		meta["totalCount"] = totalCount;
-		meta["authorizedCount"] = authorizedCount;
+			meta["totalCount"] = totalCount;
+			meta["authorizedCount"] = authorizedCount;
 
-		out["data"] = members;
-		out["meta"] = meta;
+			out["data"] = memTmp;
+			out["meta"] = meta;
 
-		setContent(req, res, out.dump());
+			setContent(req, res, out.dump());
+		} else {
+			res.status = 404;
+			return;
+		}
 	};
 	s.Get(memberListPath2, memberListGet2);
 	sv6.Get(memberListPath2, memberListGet2);