Dependencies update (#29)

* Separate file for pointer utils removed

* dependencies updated

* arguments changed

* lesser fixes and dependency updates

* async library update

* single socket

* bake enabled

---------

Co-authored-by: pseusys <aleksandr.sergeev.ad@gmail.com>

Author: pseusys

caerulean/whirlpool/Dockerfile

@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:1
 
 # Docker image for building whirlpool executable and testing
-FROM golang:1.23-alpine AS builder
+FROM golang:1.24-alpine3.22 AS builder
 
 WORKDIR /seaside/caerulean
 
@@ -28,7 +28,7 @@ RUN go build -o whirlpool.run ./sources
 
 
 # Docker image for whirlpool executable production running
-FROM alpine:3.17 AS default
+FROM alpine:3.22 AS default
 
 WORKDIR /seaside/caerulean
 
@@ -74,9 +74,9 @@ ENV SEASIDE_CERTIFICATE_PATH=/seaside/caerulean/certificates/caerulean
 
 RUN apk add --no-cache openssl
 RUN mkdir -p /tmp/certificates/caerulean && mkdir -p /tmp/certificates/viridian && cd /tmp/certificates \
-    && openssl req -digest -newkey rsa:2048 -sha256 -nodes -keyout viridian/cert.key -out viridian/cert.csr -subj "/C=TS/ST=TestState/L=PC/O=SeasideVPN/OU=seaside/CN=SeasideVPNViridian" -addext "subjectAltName = IP:${SEASIDE_ADDRESS}" -addext "keyUsage=critical,digitalSignature" -addext "extendedKeyUsage=clientAuth" \
-    && openssl req -digest -newkey rsa:2048 -sha256 -nodes -keyout caerulean/cert.key -out caerulean/cert.csr -subj "/C=TS/ST=TestState/L=PC/O=SeasideVPN/OU=seaside/CN=SeasideVPNCaerulean" -addext "subjectAltName = IP:${SEASIDE_ADDRESS}" -addext "keyUsage=critical,digitalSignature,keyEncipherment" -addext "extendedKeyUsage=serverAuth" \
-    && openssl req -digest -newkey rsa:2048 -sha256 -nodes -new -x509  -keyout caerulean/rootCA.key -out caerulean/rootCA.crt -days 365250 -subj "/C=TS/ST=TestState/L=PC/O=SeasideVPN/OU=seaside/CN=SeasideVPNRootCA" -addext "basicConstraints=critical,CA:true" -addext "keyUsage=critical,keyCertSign,cRLSign" \
+    && openssl req -newkey rsa:2048 -nodes -keyout viridian/cert.key -out viridian/cert.csr -subj "/C=TS/ST=TestState/L=PC/O=SeasideVPN/OU=seaside/CN=SeasideVPNViridian" -addext "subjectAltName = IP:${SEASIDE_ADDRESS}" -addext "keyUsage=critical,digitalSignature" -addext "extendedKeyUsage=clientAuth" \
+    && openssl req -newkey rsa:2048 -nodes -keyout caerulean/cert.key -out caerulean/cert.csr -subj "/C=TS/ST=TestState/L=PC/O=SeasideVPN/OU=seaside/CN=SeasideVPNCaerulean" -addext "subjectAltName = IP:${SEASIDE_ADDRESS}" -addext "keyUsage=critical,digitalSignature,keyEncipherment" -addext "extendedKeyUsage=serverAuth" \
+    && openssl req -newkey rsa:2048 -nodes -new -x509  -keyout caerulean/rootCA.key -out caerulean/rootCA.crt -days 365250 -subj "/C=TS/ST=TestState/L=PC/O=SeasideVPN/OU=seaside/CN=SeasideVPNRootCA" -addext "basicConstraints=critical,CA:true" -addext "keyUsage=critical,keyCertSign,cRLSign" \
     && openssl x509 -req -CA caerulean/rootCA.crt -CAkey caerulean/rootCA.key -in caerulean/cert.csr -out caerulean/cert.crt -days 365250 -copy_extensions=copyall \
     && openssl x509 -req -CA caerulean/rootCA.crt -CAkey caerulean/rootCA.key -in viridian/cert.csr -out viridian/cert.crt -days 365250 -copy_extensions=copyall \
     && chmod 644 */*.key && cp caerulean/rootCA.* viridian/

caerulean/whirlpool/go.mod

@@ -1,27 +1,29 @@
 module main
 
-go 1.23.0
+go 1.24.0
+
+toolchain go1.24.4
 
 require (
 	github.com/google/nftables v0.3.0
 	github.com/pseusys/betterbuf v0.0.3
 	github.com/rifflock/lfshook v0.0.0-20180920164130-b9218ef580f5
 	github.com/sirupsen/logrus v1.9.3
 	github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8
-	github.com/vishvananda/netlink v1.3.0
-	golang.org/x/crypto v0.37.0
-	google.golang.org/grpc v1.72.0
-	google.golang.org/protobuf v1.36.6
+	github.com/vishvananda/netlink v1.3.1
+	golang.org/x/crypto v0.41.0
+	google.golang.org/grpc v1.75.0
+	google.golang.org/protobuf v1.36.8
 )
 
 require (
-	github.com/google/go-cmp v0.6.0 // indirect
-	github.com/mdlayher/netlink v1.7.3-0.20250113171957-fbb4dce95f42 // indirect
-	github.com/mdlayher/socket v0.5.0 // indirect
+	github.com/google/go-cmp v0.7.0 // indirect
+	github.com/mdlayher/netlink v1.8.0 // indirect
+	github.com/mdlayher/socket v0.5.1 // indirect
 	github.com/vishvananda/netns v0.0.5 // indirect
-	golang.org/x/net v0.39.0 // indirect
-	golang.org/x/sync v0.13.0 // indirect
-	golang.org/x/sys v0.34.0 // indirect
-	golang.org/x/text v0.24.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20250218202821-56aae31c358a // indirect
+	golang.org/x/net v0.43.0 // indirect
+	golang.org/x/sync v0.16.0 // indirect
+	golang.org/x/sys v0.35.0 // indirect
+	golang.org/x/text v0.28.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250826171959-ef028d996bc1 // indirect
 )

caerulean/whirlpool/sources/api.go

@@ -170,7 +170,7 @@ func (server *WhirlpoolServer) Authenticate(ctx context.Context, request *genera
 		return nil, status.Error(codes.PermissionDenied, "wrong payload value")
 	}
 
-	// Create and marshall user token (will be valid for 10 years for non-privileged users)
+	// Create and marshall user token
 	token := &generated.UserToken{
 		Name:         request.Name,
 		Identifier:   request.Identifier,

caerulean/whirlpool/users/dictionary.go

@@ -88,7 +88,7 @@ func (dict *ViridianDict) Add(getViridianID func() (any, uint16, error), viridia
 
 	// If found, resolve deletion timeout
 	var deletionTimeout time.Duration
-	if !token.IsAdmin {
+	if !token.IsAdmin && token.Subscription != nil {
 		now := time.Now()
 		timeout := token.Subscription.AsTime()
 		if timeout.Before(now) {
@@ -107,7 +107,7 @@ func (dict *ViridianDict) Add(getViridianID func() (any, uint16, error), viridia
 
 	// Finally set up deletion timer
 	var deletionTimer *time.Timer
-	if !token.IsAdmin {
+	if deletionTimeout.Nanoseconds() != 0 {
 		deletionTimer = time.AfterFunc(deletionTimeout, func() { dict.Delete(viridianID, true) })
 	} else {
 		deletionTimer = nil

viridian/algae/docker/Dockerfile.echo

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-FROM python:3.11-alpine AS default
+FROM python:3.11-alpine3.22 AS default
 
 WORKDIR /seaside/echo
 

viridian/algae/docker/Dockerfile.router

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-FROM alpine:3.18 AS default
+FROM alpine:3.22 AS default
 
 ARG RESTRICTED_ADDRESS=0.0.0.0
 ENV ARG_RESTRICTED_ADDRESS=$RESTRICTED_ADDRESS

viridian/algae/pyproject.toml

@@ -53,49 +53,49 @@ repository = "https://github.com/pseusys/SeasideVPN"
 client = [
     "ansibleguy-nftables~=1.0.2.post1",
     "colorama~=0.4.6",
-    "pyroute2~=0.7.9",
+    "pyroute2~=0.9.4",
     "betterproto~=2.0.0b6",
     "pymonocypher~=4.0.2.5",
     "semver~=3.0.4"
 ]
 
 devel = [
-    "pytest~=8.3.2",
+    "pytest~=8.4.2",
     "pythonping~=1.1.4",
     "dnspython~=2.7.0",
-    "pytest-asyncio~=0.26.0",
-    "pytest-timeout~=2.3.1",
+    "pytest-asyncio~=1.1.0",
+    "pytest-timeout~=2.4.0",
     "pytest-dependency~=0.6.0"
 ]
 
 codestyle = [
-    "mypy~=1.3.0",
-    "flake8~=7.1.0",
-    "black~=24.8.0",
-    "isort~=5.11.0",
+    "mypy~=1.17.0",
+    "flake8~=7.3.0",
+    "black~=25.1.0",
+    "isort~=5.13.2",
     "types-PyYAML~=6.0.2"
 ]
 
 bundle = [
     "tomli~=2.2.1",
-    "zipapps~=2024.8.7"
+    "zipapps~=2025.9.4"
 ]
 
 setup = [
     "colorama~=0.4.6",
-    "cryptography~=44.0.0",
+    "cryptography~=45.0.7",
     "semver~=3.0.2"
 ]
 
 test = [
     "colorama~=0.4.6",
-    "python-on-whales~=0.76.1"
+    "python-on-whales~=0.78.0"
 ]
 
 protocol = [
     "jupyter~=1.1.1",
     "ipywidgets~=8.1.6",
-    "matplotlib~=3.10.1",
+    "matplotlib~=3.10.6",
     "scapy~=2.6.1",
     "nbstripout~=0.8.1"
 ]

viridian/algae/sources/automation/simple_client.py

@@ -70,22 +70,31 @@
 
 
 class AlgaeClient:
-    def __init__(self, address: str, port: int, dns: IPv4Address = _DEFAULT_CURRENT_DNS, protocol: Optional[Union[Literal["typhoon"], Literal["port"]]] = None, capture_iface: Optional[List[str]] = None, capture_ranges: Optional[List[str]] = None, capture_addresses: Optional[List[str]] = None, capture_ports: Optional[str] = None, exempt_ranges: Optional[List[str]] = None, exempt_addresses: Optional[List[str]] = None, exempt_ports: Optional[str] = None, local_address: Optional[IPv4Address] = None):
-        self._address = address
-        self._port = port
+    def __init__(self) -> None:
+        self._address: str
+        self._port: int
+        self._proto_type: SeasideClient
+        self._tunnel: Tunnel
+
+    @classmethod
+    async def new(cls, address: str, port: int, dns: IPv4Address = _DEFAULT_CURRENT_DNS, protocol: Optional[Union[Literal["typhoon"], Literal["port"]]] = None, capture_iface: Optional[List[str]] = None, capture_ranges: Optional[List[str]] = None, capture_addresses: Optional[List[str]] = None, capture_ports: Optional[str] = None, exempt_ranges: Optional[List[str]] = None, exempt_addresses: Optional[List[str]] = None, exempt_ports: Optional[str] = None, local_address: Optional[IPv4Address] = None) -> "AlgaeClient":
+        client = cls()
+        client._address = address
+        client._port = port
 
         if protocol is None or protocol == "port":
-            self._proto_type = PortClient
+            client._proto_type = PortClient
         elif protocol == "typhoon":
-            self._proto_type = TyphoonClient
+            client._proto_type = TyphoonClient
         else:
             raise ValueError(f"Unknown protocol type: {protocol}")
 
         tunnel_name = getenv("SEASIDE_TUNNEL_NAME", _DEFAULT_TUNNEL_NAME)
         tunnel_address = IPv4Address(getenv("SEASIDE_TUNNEL_ADDRESS", _DEFAULT_TUNNEL_ADDRESS))
         tunnel_netmask = IPv4Address(getenv("SEASIDE_TUNNEL_NETMASK", _DEFAULT_TUNNEL_NETMASK))
         tunnel_sva = int(getenv("SEASIDE_TUNNEL_SVA", _DEFAULT_TUNNEL_SVA))
-        self._tunnel = Tunnel(tunnel_name, tunnel_address, tunnel_netmask, tunnel_sva, IPv4Address(self._address), dns, capture_iface, capture_ranges, capture_addresses, capture_ports, exempt_ranges, exempt_addresses, exempt_ports, local_address)
+        client._tunnel = await Tunnel.new(tunnel_name, tunnel_address, tunnel_netmask, tunnel_sva, IPv4Address(client._address), dns, capture_iface, capture_ranges, capture_addresses, capture_ports, exempt_ranges, exempt_addresses, exempt_ports, local_address)
+        return client
 
     async def _send_to_caerulean(self, connection: SeasideClient, tunnel: int) -> None:
         loop = get_running_loop()
@@ -163,7 +172,7 @@ async def start(self, command: str, port: Optional[str] = None, token: Optional[
 
     async def interrupt(self, terminate: bool = False) -> None:
         logger.debug("Deleting tunnel...")
-        self._tunnel.delete()
+        await self._tunnel.delete()
         logger.warning("Client connection terminated!")
         if terminate:
             exit(1)
@@ -216,7 +225,7 @@ async def main(args: Sequence[str] = argv[1:]) -> None:
         logger.debug(f"Proceeding with user token: {token!r}")
         listener_port = arguments["port"]
 
-    client = AlgaeClient(**arguments)
+    client = await AlgaeClient.new(**arguments)
     logger.debug("Setting up interruption handlers for client...")
     loop.add_signal_handler(SIGTERM, lambda: create_task(client.interrupt(True)))
     loop.add_signal_handler(SIGINT, lambda: create_task(client.interrupt(True)))