switched to using new config format when connecting to tunnel

README.md

@@ -436,10 +436,10 @@ ddns:
     domain: oauth3.org
   tunnel:
     type: 'tunnel@oauth3.org'
-    token: user_token_id
+    token_id: user_token_id
   modules:
     - type: 'dns@oauth3.org'
-      token: user_token_id
+      token_id: user_token_id
       domains:
         - www.example.com
         - api.example.com

lib/admin/config.js

@@ -53,9 +53,9 @@ var moduleSchemas = {
 , dns_oauth3_org: {
     name: 'dns@oauth3.org'
   , type: 'object'
-  , required: [ 'token' ]
+  , required: [ 'token_id' ]
   , properties: {
-      token: { type: 'string' }
+      token_id: { type: 'string' }
     }
   }
 };
@@ -184,10 +184,10 @@ var ddnsSchema = {
     }
   , tunnel: {
       type: 'object'
-    , required: [ 'type', 'token' ]
+    , required: [ 'type', 'token_id' ]
     , properties: {
         type:  { type: 'string', const: 'tunnel@oauth3.org' }
-      , token: { type: 'string'}
+      , token_id: { type: 'string'}
       }
     }
   , modules: { type: 'array', items: { oneOf: moduleRefs.ddns }}

lib/ddns/index.js

@@ -18,8 +18,54 @@ module.exports.create = function (deps, conf) {
   }
   updateConf();
 
-  var localAddr, gateway;
   var tunnelActive = false;
+  async function connectTunnel() {
+    var sessionCache = {};
+    var sessionOverride;
+    if (conf.ddns.tunnel) {
+      sessionOverride = await deps.storage.tokens.get(conf.ddns.tunnel.tokenId);
+    }
+    async function getSession(id) {
+      if (sessionOverride) {
+        return sessionOverride;
+      }
+      if (!sessionCache.hasOwnProperty(id)) {
+        sessionCache[id] = await deps.storage.tokens.get(conf.ddns.tunnel.tokenId);
+      }
+      if (!sessionCache[id]) {
+        throw new Error('no user token with ID "'+id+'"');
+      }
+      return sessionCache[id];
+    }
+
+    conf.domains.forEach(function(dom) {
+      if (dom.modules && Array.isArray(dom.modules.ddns) && dom.modules.ddns.length) {
+        var mod = dom.modules.ddns[0];
+        getSession(mod.token_id).then(function (session) {
+          return deps.tunnelClients.start(session, dom.names);
+        }).catch(function (err) {
+          console.log('error starting tunnel for', dom.names.join(', '));
+          console.log(err);
+        });
+      }
+    });
+
+    conf.ddns.modules.forEach(function (mod) {
+      getSession(mod.token_id).then(function (session) {
+        return deps.tunnelClients.start(session, mod.domains);
+      }).catch(function (err) {
+        console.log('error starting tunnel for', mod.domains.join(', '));
+        console.log(err);
+      });
+    });
+    tunnelActive = true;
+  }
+  function disconnectTunnel() {
+    deps.tunnelClients.disconnect();
+    tunnelActive = false;
+  }
+
+  var localAddr, gateway;
   async function checkNetworkEnv() {
     // Since we can't detect the OS level events when a user plugs in an ethernet cable to recheck
     // what network environment we are in we check our local network address and the gateway to
@@ -46,14 +92,11 @@ module.exports.create = function (deps, conf) {
     // address. Otherwise we need to use the tunnel to accept traffic.
     if (!notLooped.length) {
       if (tunnelActive) {
-        deps.tunnelClients.disconnect();
+        disconnectTunnel();
-        tunnelActive = false;
       }
     } else {
       if (!tunnelActive) {
-        var session = await getSession();
+        connectTunnel();
-        await deps.tunnelClients.start(session, conf.dns.domains);
-        tunnelActive = true;
       }
     }
   }

lib/storage.js

@@ -104,6 +104,9 @@ module.exports.create = function (deps, conf) {
       // We also use the token as the `access_token` instead of `refresh_token` because the
       // refresh functionality is closely tied to the storage.
       var decoded = jwt.decode(token);
+      if (!decoded) {
+        return null;
+      }
       return {
         id:           id
       , access_token: token