diff --git a/goproxy/sample.go b/goproxy/sample.go deleted file mode 100644 index 6be57ec..0000000 --- a/goproxy/sample.go +++ /dev/null @@ -1,71 +0,0 @@ -package main - -import ( - "crypto/tls" - "crypto/x509" - "fmt" - "io/ioutil" - "local1/logger" - "log" - "net/http" - "net/http/httputil" - "net/url" - "strings" -) - -func handle(w http.ResponseWriter, r *http.Request) { - if r.URL.Scheme == "" { - r.URL.Scheme = "http" - if strings.Contains(r.URL.Host, "443") { - r.URL.Scheme = "https" - } - logger.Log("changed scheme to", r.URL.Scheme) - } - // if not from localhost - if !strings.Contains(r.RemoteAddr, "[::1]") && r.RemoteAddr != "127.0.0.1" ! r.RemoteAddr != "::1" { - w.WriteHeader(http.StatusUnauthorized) - fmt.Fprintln(w, "Rejection") - return - } - // if not good auth - // else proxy - u, err := url.Parse(r.URL.String()) - if err != nil { - w.WriteHeader(http.StatusInternalServerError) - fmt.Fprintln(w, "proxy failed to parse request") - logger.Log(err) - return - } - u.Path = "" - proxy := httputil.NewSingleHostReverseProxy(u) - caCert, err := ioutil.ReadFile("../../stuncaddsies/mnt/stunserver.crt") - if err != nil { - panic(err) - } - rootCAs := x509.NewCertPool() - rootCAs.AppendCertsFromPEM(caCert) - clientCert, err := tls.LoadX509KeyPair("../../stuncaddsies/mnt/stunclient.crt", "../../stuncaddsies/mnt/stunclient.key") - if err != nil { - panic(err) - } - proxy.Transport = &http.Transport{ - Proxy: func(r *http.Request) (*url.URL, error) { - return url.Parse("https://localhost:20018") - return url.Parse("https://bel.house:20018") - }, - TLSClientConfig: &tls.Config{ - RootCAs: rootCAs, - Certificates: []tls.Certificate{clientCert}, - }, - } - proxy.ServeHTTP(w, r) - return -} - -func main() { - server := &http.Server{ - Addr: ":8888", - Handler: http.HandlerFunc(handle), - } - log.Fatal(server.ListenAndServe()) -} diff --git a/main.go b/main.go new file mode 100644 index 0000000..807c106 --- /dev/null +++ b/main.go @@ -0,0 +1,127 @@ +package main + +import ( + "crypto/tls" + "crypto/x509" + "flag" + "fmt" + "io/ioutil" + "local1/logger" + "net/http" + "net/http/httputil" + "net/url" + "os" + "strings" +) + +type Server struct { + addr string + transport *http.Transport +} + +func NewServer(addr, clientcrt, clientkey, servercrt string) (*Server, error) { + caCert, err := ioutil.ReadFile(servercrt) + if err != nil { + return nil, err + } + rootCAs := x509.NewCertPool() + rootCAs.AppendCertsFromPEM(caCert) + clientCert, err := tls.LoadX509KeyPair(clientcrt, clientkey) + if err != nil { + return nil, err + } + return &Server{ + addr: addr, + transport: &http.Transport{ + Proxy: func(*http.Request) (*url.URL, error) { + return url.Parse(addr) + }, + TLSClientConfig: &tls.Config{ + RootCAs: rootCAs, + Certificates: []tls.Certificate{clientCert}, + }, + }, + }, nil +} + +func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { + // fix scheme if necessary + fixScheme(r.URL) + // if not from localhost + if !fromLocalhost(r.RemoteAddr) { + denyAccess(w) + return + } + // proxy via stuncaddsies + proxy := httputil.NewSingleHostReverseProxy(pathlessURL(r.URL)) + proxy.Transport = s.transport + proxy.ServeHTTP(w, r) + return +} + +func fixScheme(u *url.URL) { + if u.Scheme == "" { + u.Scheme = "http" + if strings.Contains(u.Host, "443") { + u.Scheme = "https" + } + } +} + +func fromLocalhost(addr string) bool { + return strings.Contains(addr, "[::1]") || addr == "127.0.0.1" || addr == "::1" +} + +func denyAccess(w http.ResponseWriter) { + w.WriteHeader(http.StatusUnauthorized) + fmt.Fprintln(w, "You shouldn't be here") +} + +func pathlessURL(u *url.URL) *url.URL { + return &url.URL{ + Scheme: u.Scheme, + Opaque: u.Opaque, + User: u.User, + Host: u.Host, + Path: "", + RawPath: "", + ForceQuery: u.ForceQuery, + RawQuery: u.RawQuery, + Fragment: u.Fragment, + } +} + +func flagEnvFallback(keyFallback map[string]string) map[string]string { + results := map[string]*string{} + for k, v := range keyFallback { + results[k] = flag.String(k, v, "") + } + flag.Parse() + final := map[string]string{} + for k := range results { + if *results[k] == keyFallback[k] && os.Getenv(strings.ToUpper(k)) != "" { + *results[k] = os.Getenv(strings.ToUpper(k)) + } + final[k] = *results[k] + } + return final +} + +func main() { + conf := flagEnvFallback(map[string]string{ + "stunaddr": "https://localhost:20018", + "clientcrt": "../../stuncaddsies/mnt/stunclient.crt", + "clientkey": "../../stuncaddsies/mnt/stunclient.key", + "servercrt": "../../stuncaddsies/mnt/stunserver.crt", + "port": "8888", + }) + if !strings.HasPrefix(conf["port"], ":") { + conf["port"] = ":" + conf["port"] + } + logger.Log(conf) + server, err := NewServer(conf["stunaddr"], conf["clientcrt"], conf["clientkey"], conf["servercrt"]) + if err != nil { + logger.Fatal(err) + } + logger.Fatal(http.ListenAndServe(conf["port"], server)) +} diff --git a/medium/sample.go b/medium/sample.go deleted file mode 100644 index c832424..0000000 --- a/medium/sample.go +++ /dev/null @@ -1,89 +0,0 @@ -package main - -import ( - "flag" - "io" - "log" - "net" - "net/http" - "time" -) - -func handleTunneling(w http.ResponseWriter, r *http.Request) { - dest_conn, err := net.DialTimeout("tcp", r.Host, 10*time.Second) - if err != nil { - http.Error(w, err.Error(), http.StatusServiceUnavailable) - return - } - w.WriteHeader(http.StatusOK) - hijacker, ok := w.(http.Hijacker) - if !ok { - http.Error(w, "Hijacking not supported", http.StatusInternalServerError) - return - } - client_conn, _, err := hijacker.Hijack() - if err != nil { - http.Error(w, err.Error(), http.StatusServiceUnavailable) - } - go transfer(dest_conn, client_conn) - go transfer(client_conn, dest_conn) -} - -func transfer(destination io.WriteCloser, source io.ReadCloser) { - defer destination.Close() - defer source.Close() - io.Copy(destination, source) -} - -func handleHTTP(w http.ResponseWriter, req *http.Request) { - resp, err := http.DefaultTransport.RoundTrip(req) - if err != nil { - http.Error(w, err.Error(), http.StatusServiceUnavailable) - return - } - defer resp.Body.Close() - copyHeader(w.Header(), resp.Header) - w.WriteHeader(resp.StatusCode) - io.Copy(w, resp.Body) -} - -func copyHeader(dst, src http.Header) { - for k, vv := range src { - for _, v := range vv { - dst.Add(k, v) - } - } -} - -func main() { - var pemPath string - flag.StringVar(&pemPath, "pem", "server.crt", "path to pem file") - var keyPath string - flag.StringVar(&keyPath, "key", "server.key", "path to key file") - var proto string - flag.StringVar(&proto, "proto", "https", "Proxy protocol (http or https)") - flag.Parse() - - if proto != "http" && proto != "https" { - log.Fatal("Protocol must be either http or https") - } - - server := &http.Server{ - Addr: ":8888", - Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if r.Method == http.MethodConnect { - handleTunneling(w, r) - } else { - handleHTTP(w, r) - } - }), - // Disable HTTP/2. - //TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler)), - } - - if proto == "http" { - log.Fatal(server.ListenAndServe()) - } else { - log.Fatal(server.ListenAndServeTLS(pemPath, keyPath)) - } -} diff --git a/goproxy/vendor/github.com/elazarl/goproxy/LICENSE b/vendor/github.com/elazarl/goproxy/LICENSE similarity index 100% rename from goproxy/vendor/github.com/elazarl/goproxy/LICENSE rename to vendor/github.com/elazarl/goproxy/LICENSE diff --git a/goproxy/vendor/github.com/elazarl/goproxy/README.md b/vendor/github.com/elazarl/goproxy/README.md similarity index 100% rename from goproxy/vendor/github.com/elazarl/goproxy/README.md rename to vendor/github.com/elazarl/goproxy/README.md diff --git a/goproxy/vendor/github.com/elazarl/goproxy/actions.go b/vendor/github.com/elazarl/goproxy/actions.go similarity index 100% rename from goproxy/vendor/github.com/elazarl/goproxy/actions.go rename to vendor/github.com/elazarl/goproxy/actions.go diff --git a/goproxy/vendor/github.com/elazarl/goproxy/all.bash b/vendor/github.com/elazarl/goproxy/all.bash similarity index 100% rename from goproxy/vendor/github.com/elazarl/goproxy/all.bash rename to vendor/github.com/elazarl/goproxy/all.bash diff --git a/goproxy/vendor/github.com/elazarl/goproxy/certs.go b/vendor/github.com/elazarl/goproxy/certs.go similarity index 100% rename from goproxy/vendor/github.com/elazarl/goproxy/certs.go rename to vendor/github.com/elazarl/goproxy/certs.go diff --git a/goproxy/vendor/github.com/elazarl/goproxy/chunked.go b/vendor/github.com/elazarl/goproxy/chunked.go similarity index 100% rename from goproxy/vendor/github.com/elazarl/goproxy/chunked.go rename to vendor/github.com/elazarl/goproxy/chunked.go diff --git a/goproxy/vendor/github.com/elazarl/goproxy/counterecryptor.go b/vendor/github.com/elazarl/goproxy/counterecryptor.go similarity index 100% rename from goproxy/vendor/github.com/elazarl/goproxy/counterecryptor.go rename to vendor/github.com/elazarl/goproxy/counterecryptor.go diff --git a/goproxy/vendor/github.com/elazarl/goproxy/ctx.go b/vendor/github.com/elazarl/goproxy/ctx.go similarity index 100% rename from goproxy/vendor/github.com/elazarl/goproxy/ctx.go rename to vendor/github.com/elazarl/goproxy/ctx.go diff --git a/goproxy/vendor/github.com/elazarl/goproxy/dispatcher.go b/vendor/github.com/elazarl/goproxy/dispatcher.go similarity index 100% rename from goproxy/vendor/github.com/elazarl/goproxy/dispatcher.go rename to vendor/github.com/elazarl/goproxy/dispatcher.go diff --git a/goproxy/vendor/github.com/elazarl/goproxy/doc.go b/vendor/github.com/elazarl/goproxy/doc.go similarity index 100% rename from goproxy/vendor/github.com/elazarl/goproxy/doc.go rename to vendor/github.com/elazarl/goproxy/doc.go diff --git a/goproxy/vendor/github.com/elazarl/goproxy/ext/auth/basic.go b/vendor/github.com/elazarl/goproxy/ext/auth/basic.go similarity index 100% rename from goproxy/vendor/github.com/elazarl/goproxy/ext/auth/basic.go rename to vendor/github.com/elazarl/goproxy/ext/auth/basic.go diff --git a/goproxy/vendor/github.com/elazarl/goproxy/https.go b/vendor/github.com/elazarl/goproxy/https.go similarity index 100% rename from goproxy/vendor/github.com/elazarl/goproxy/https.go rename to vendor/github.com/elazarl/goproxy/https.go diff --git a/goproxy/vendor/github.com/elazarl/goproxy/proxy.go b/vendor/github.com/elazarl/goproxy/proxy.go similarity index 100% rename from goproxy/vendor/github.com/elazarl/goproxy/proxy.go rename to vendor/github.com/elazarl/goproxy/proxy.go diff --git a/goproxy/vendor/github.com/elazarl/goproxy/responses.go b/vendor/github.com/elazarl/goproxy/responses.go similarity index 100% rename from goproxy/vendor/github.com/elazarl/goproxy/responses.go rename to vendor/github.com/elazarl/goproxy/responses.go diff --git a/goproxy/vendor/github.com/elazarl/goproxy/signer.go b/vendor/github.com/elazarl/goproxy/signer.go similarity index 100% rename from goproxy/vendor/github.com/elazarl/goproxy/signer.go rename to vendor/github.com/elazarl/goproxy/signer.go