this is yes

goproxy/sample.go

@@ -1,71 +0,0 @@
-package main
-
-import (
-	"crypto/tls"
-	"crypto/x509"
-	"fmt"
-	"io/ioutil"
-	"local1/logger"
-	"log"
-	"net/http"
-	"net/http/httputil"
-	"net/url"
-	"strings"
-)
-
-func handle(w http.ResponseWriter, r *http.Request) {
-	if r.URL.Scheme == "" {
-		r.URL.Scheme = "http"
-		if strings.Contains(r.URL.Host, "443") {
-			r.URL.Scheme = "https"
-		}
-		logger.Log("changed scheme to", r.URL.Scheme)
-	}
-	// if not from localhost
-	if !strings.Contains(r.RemoteAddr, "[::1]") && r.RemoteAddr != "127.0.0.1" ! r.RemoteAddr != "::1" {
-		w.WriteHeader(http.StatusUnauthorized)
-		fmt.Fprintln(w, "Rejection")
-		return
-	}
-	// if not good auth
-	// else proxy
-	u, err := url.Parse(r.URL.String())
-	if err != nil {
-		w.WriteHeader(http.StatusInternalServerError)
-		fmt.Fprintln(w, "proxy failed to parse request")
-		logger.Log(err)
-		return
-	}
-	u.Path = ""
-	proxy := httputil.NewSingleHostReverseProxy(u)
-	caCert, err := ioutil.ReadFile("../../stuncaddsies/mnt/stunserver.crt")
-	if err != nil {
-		panic(err)
-	}
-	rootCAs := x509.NewCertPool()
-	rootCAs.AppendCertsFromPEM(caCert)
-	clientCert, err := tls.LoadX509KeyPair("../../stuncaddsies/mnt/stunclient.crt", "../../stuncaddsies/mnt/stunclient.key")
-	if err != nil {
-		panic(err)
-	}
-	proxy.Transport = &http.Transport{
-		Proxy: func(r *http.Request) (*url.URL, error) {
-			return url.Parse("https://localhost:20018")
-			return url.Parse("https://bel.house:20018")
-		},
-		TLSClientConfig: &tls.Config{
-			RootCAs:      rootCAs,
-			Certificates: []tls.Certificate{clientCert},
-		},
-	}
-	proxy.ServeHTTP(w, r)
-	return
-}
-
-func main() {
-	server := &http.Server{
-		Addr:    ":8888",
-		Handler: http.HandlerFunc(handle),
-	}
-	log.Fatal(server.ListenAndServe())
-}

main.go

@@ -0,0 +1,127 @@
+package main
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"flag"
+	"fmt"
+	"io/ioutil"
+	"local1/logger"
+	"net/http"
+	"net/http/httputil"
+	"net/url"
+	"os"
+	"strings"
+)
+
+type Server struct {
+	addr      string
+	transport *http.Transport
+}
+
+func NewServer(addr, clientcrt, clientkey, servercrt string) (*Server, error) {
+	caCert, err := ioutil.ReadFile(servercrt)
+	if err != nil {
+		return nil, err
+	}
+	rootCAs := x509.NewCertPool()
+	rootCAs.AppendCertsFromPEM(caCert)
+	clientCert, err := tls.LoadX509KeyPair(clientcrt, clientkey)
+	if err != nil {
+		return nil, err
+	}
+	return &Server{
+		addr: addr,
+		transport: &http.Transport{
+			Proxy: func(*http.Request) (*url.URL, error) {
+				return url.Parse(addr)
+			},
+			TLSClientConfig: &tls.Config{
+				RootCAs:      rootCAs,
+				Certificates: []tls.Certificate{clientCert},
+			},
+		},
+	}, nil
+}
+
+func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	// fix scheme if necessary
+	fixScheme(r.URL)
+	// if not from localhost
+	if !fromLocalhost(r.RemoteAddr) {
+		denyAccess(w)
+		return
+	}
+	// proxy via stuncaddsies
+	proxy := httputil.NewSingleHostReverseProxy(pathlessURL(r.URL))
+	proxy.Transport = s.transport
+	proxy.ServeHTTP(w, r)
+	return
+}
+
+func fixScheme(u *url.URL) {
+	if u.Scheme == "" {
+		u.Scheme = "http"
+		if strings.Contains(u.Host, "443") {
+			u.Scheme = "https"
+		}
+	}
+}
+
+func fromLocalhost(addr string) bool {
+	return strings.Contains(addr, "[::1]") || addr == "127.0.0.1" || addr == "::1"
+}
+
+func denyAccess(w http.ResponseWriter) {
+	w.WriteHeader(http.StatusUnauthorized)
+	fmt.Fprintln(w, "You shouldn't be here")
+}
+
+func pathlessURL(u *url.URL) *url.URL {
+	return &url.URL{
+		Scheme:     u.Scheme,
+		Opaque:     u.Opaque,
+		User:       u.User,
+		Host:       u.Host,
+		Path:       "",
+		RawPath:    "",
+		ForceQuery: u.ForceQuery,
+		RawQuery:   u.RawQuery,
+		Fragment:   u.Fragment,
+	}
+}
+
+func flagEnvFallback(keyFallback map[string]string) map[string]string {
+	results := map[string]*string{}
+	for k, v := range keyFallback {
+		results[k] = flag.String(k, v, "")
+	}
+	flag.Parse()
+	final := map[string]string{}
+	for k := range results {
+		if *results[k] == keyFallback[k] && os.Getenv(strings.ToUpper(k)) != "" {
+			*results[k] = os.Getenv(strings.ToUpper(k))
+		}
+		final[k] = *results[k]
+	}
+	return final
+}
+
+func main() {
+	conf := flagEnvFallback(map[string]string{
+		"stunaddr":  "https://localhost:20018",
+		"clientcrt": "../../stuncaddsies/mnt/stunclient.crt",
+		"clientkey": "../../stuncaddsies/mnt/stunclient.key",
+		"servercrt": "../../stuncaddsies/mnt/stunserver.crt",
+		"port":      "8888",
+	})
+	if !strings.HasPrefix(conf["port"], ":") {
+		conf["port"] = ":" + conf["port"]
+	}
+	logger.Log(conf)
+	server, err := NewServer(conf["stunaddr"], conf["clientcrt"], conf["clientkey"], conf["servercrt"])
+	if err != nil {
+		logger.Fatal(err)
+	}
+	logger.Fatal(http.ListenAndServe(conf["port"], server))
+}

medium/sample.go

@@ -1,89 +0,0 @@
-package main
-
-import (
-	"flag"
-	"io"
-	"log"
-	"net"
-	"net/http"
-	"time"
-)
-
-func handleTunneling(w http.ResponseWriter, r *http.Request) {
-	dest_conn, err := net.DialTimeout("tcp", r.Host, 10*time.Second)
-	if err != nil {
-		http.Error(w, err.Error(), http.StatusServiceUnavailable)
-		return
-	}
-	w.WriteHeader(http.StatusOK)
-	hijacker, ok := w.(http.Hijacker)
-	if !ok {
-		http.Error(w, "Hijacking not supported", http.StatusInternalServerError)
-		return
-	}
-	client_conn, _, err := hijacker.Hijack()
-	if err != nil {
-		http.Error(w, err.Error(), http.StatusServiceUnavailable)
-	}
-	go transfer(dest_conn, client_conn)
-	go transfer(client_conn, dest_conn)
-}
-
-func transfer(destination io.WriteCloser, source io.ReadCloser) {
-	defer destination.Close()
-	defer source.Close()
-	io.Copy(destination, source)
-}
-
-func handleHTTP(w http.ResponseWriter, req *http.Request) {
-	resp, err := http.DefaultTransport.RoundTrip(req)
-	if err != nil {
-		http.Error(w, err.Error(), http.StatusServiceUnavailable)
-		return
-	}
-	defer resp.Body.Close()
-	copyHeader(w.Header(), resp.Header)
-	w.WriteHeader(resp.StatusCode)
-	io.Copy(w, resp.Body)
-}
-
-func copyHeader(dst, src http.Header) {
-	for k, vv := range src {
-		for _, v := range vv {
-			dst.Add(k, v)
-		}
-	}
-}
-
-func main() {
-	var pemPath string
-	flag.StringVar(&pemPath, "pem", "server.crt", "path to pem file")
-	var keyPath string
-	flag.StringVar(&keyPath, "key", "server.key", "path to key file")
-	var proto string
-	flag.StringVar(&proto, "proto", "https", "Proxy protocol (http or https)")
-	flag.Parse()
-
-	if proto != "http" && proto != "https" {
-		log.Fatal("Protocol must be either http or https")
-	}
-
-	server := &http.Server{
-		Addr: ":8888",
-		Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			if r.Method == http.MethodConnect {
-				handleTunneling(w, r)
-			} else {
-				handleHTTP(w, r)
-			}
-		}),
-		// Disable HTTP/2.
-		//TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler)),
-	}
-
-	if proto == "http" {
-		log.Fatal(server.ListenAndServe())
-	} else {
-		log.Fatal(server.ListenAndServeTLS(pemPath, keyPath))
-	}
-}