this is yes

2018-10-06 21:54:46 -06:00
parent 098faf8dd4
commit 91d69f9105
18 changed files with 127 additions and 160 deletions
--- a/main.go
+++ b/main.go
@@ -0,0 +1,127 @@
+package main
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"flag"
+	"fmt"
+	"io/ioutil"
+	"local1/logger"
+	"net/http"
+	"net/http/httputil"
+	"net/url"
+	"os"
+	"strings"
+)
+
+type Server struct {
+	addr      string
+	transport *http.Transport
+}
+
+func NewServer(addr, clientcrt, clientkey, servercrt string) (*Server, error) {
+	caCert, err := ioutil.ReadFile(servercrt)
+	if err != nil {
+		return nil, err
+	}
+	rootCAs := x509.NewCertPool()
+	rootCAs.AppendCertsFromPEM(caCert)
+	clientCert, err := tls.LoadX509KeyPair(clientcrt, clientkey)
+	if err != nil {
+		return nil, err
+	}
+	return &Server{
+		addr: addr,
+		transport: &http.Transport{
+			Proxy: func(*http.Request) (*url.URL, error) {
+				return url.Parse(addr)
+			},
+			TLSClientConfig: &tls.Config{
+				RootCAs:      rootCAs,
+				Certificates: []tls.Certificate{clientCert},
+			},
+		},
+	}, nil
+}
+
+func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	// fix scheme if necessary
+	fixScheme(r.URL)
+	// if not from localhost
+	if !fromLocalhost(r.RemoteAddr) {
+		denyAccess(w)
+		return
+	}
+	// proxy via stuncaddsies
+	proxy := httputil.NewSingleHostReverseProxy(pathlessURL(r.URL))
+	proxy.Transport = s.transport
+	proxy.ServeHTTP(w, r)
+	return
+}
+
+func fixScheme(u *url.URL) {
+	if u.Scheme == "" {
+		u.Scheme = "http"
+		if strings.Contains(u.Host, "443") {
+			u.Scheme = "https"
+		}
+	}
+}
+
+func fromLocalhost(addr string) bool {
+	return strings.Contains(addr, "[::1]") || addr == "127.0.0.1" || addr == "::1"
+}
+
+func denyAccess(w http.ResponseWriter) {
+	w.WriteHeader(http.StatusUnauthorized)
+	fmt.Fprintln(w, "You shouldn't be here")
+}
+
+func pathlessURL(u *url.URL) *url.URL {
+	return &url.URL{
+		Scheme:     u.Scheme,
+		Opaque:     u.Opaque,
+		User:       u.User,
+		Host:       u.Host,
+		Path:       "",
+		RawPath:    "",
+		ForceQuery: u.ForceQuery,
+		RawQuery:   u.RawQuery,
+		Fragment:   u.Fragment,
+	}
+}
+
+func flagEnvFallback(keyFallback map[string]string) map[string]string {
+	results := map[string]*string{}
+	for k, v := range keyFallback {
+		results[k] = flag.String(k, v, "")
+	}
+	flag.Parse()
+	final := map[string]string{}
+	for k := range results {
+		if *results[k] == keyFallback[k] && os.Getenv(strings.ToUpper(k)) != "" {
+			*results[k] = os.Getenv(strings.ToUpper(k))
+		}
+		final[k] = *results[k]
+	}
+	return final
+}
+
+func main() {
+	conf := flagEnvFallback(map[string]string{
+		"stunaddr":  "https://localhost:20018",
+		"clientcrt": "../../stuncaddsies/mnt/stunclient.crt",
+		"clientkey": "../../stuncaddsies/mnt/stunclient.key",
+		"servercrt": "../../stuncaddsies/mnt/stunserver.crt",
+		"port":      "8888",
+	})
+	if !strings.HasPrefix(conf["port"], ":") {
+		conf["port"] = ":" + conf["port"]
+	}
+	logger.Log(conf)
+	server, err := NewServer(conf["stunaddr"], conf["clientcrt"], conf["clientkey"], conf["servercrt"])
+	if err != nil {
+		logger.Fatal(err)
+	}
+	logger.Fatal(http.ListenAndServe(conf["port"], server))
+}