change conf to argsset and flag for oauth

about to replace config and storage with shared package
Implement tcp proxy with single forward
2019-10-22 05:03:53 +00:00 · 2019-10-22 02:36:59 +00:00 · 2019-10-02 09:07:59 -06:00 · 2019-09-24 12:47:06 -06:00 · 2019-05-02 09:35:53 -06:00
29 changed files with 448 additions and 327 deletions
--- a/.config/config.go
+++ b/.config/config.go
@@ -0,0 +1,115 @@
+package config
+
+import (
+	"local/rproxy3/storage/packable"
+	"log"
+	"strconv"
+	"strings"
+)
+
+func GetPort() string {
+	v := packable.NewString()
+	conf.Get(nsConf, flagPort, v)
+	return ":" + strings.TrimPrefix(v.String(), ":")
+}
+
+func GetRoutes() map[string]string {
+	v := packable.NewString()
+	conf.Get(nsConf, flagRoutes, v)
+	m := make(map[string]string)
+	for _, v := range strings.Split(v.String(), ",") {
+		if len(v) == 0 {
+			return m
+		}
+		from := v[:strings.Index(v, ":")]
+		to := v[strings.Index(v, ":")+1:]
+		m[from] = to
+	}
+	return m
+}
+
+func GetTCP() (string, bool) {
+	v := packable.NewString()
+	conf.Get(nsConf, flagTCP, v)
+	tcpAddr := v.String()
+	return tcpAddr, notEmpty(tcpAddr)
+}
+
+func GetSSL() (string, string, bool) {
+	v := packable.NewString()
+	conf.Get(nsConf, flagCert, v)
+	certPath := v.String()
+	conf.Get(nsConf, flagKey, v)
+	keyPath := v.String()
+	return certPath, keyPath, notEmpty(certPath, keyPath)
+}
+
+func GetAuth() (string, string, bool) {
+	v := packable.NewString()
+	conf.Get(nsConf, flagUser, v)
+	user := v.String()
+	conf.Get(nsConf, flagPass, v)
+	pass := v.String()
+	return user, pass, notEmpty(user, pass)
+}
+
+func notEmpty(s ...string) bool {
+	for i := range s {
+		if s[i] == "" || s[i] == "/dev/null" {
+			return false
+		}
+	}
+	return true
+}
+
+func GetRate() (int, int) {
+	r := packable.NewString()
+	conf.Get(nsConf, flagRate, r)
+	b := packable.NewString()
+	conf.Get(nsConf, flagBurst, b)
+
+	rate, err := strconv.Atoi(r.String())
+	if err != nil {
+		log.Printf("illegal rate: %v", err)
+		rate = 5
+	}
+	burst, _ := strconv.Atoi(b.String())
+	if err != nil {
+		log.Printf("illegal burst: %v", err)
+		burst = 5
+	}
+
+	return rate, burst
+}
+
+func GetTimeout() int {
+	t := packable.NewString()
+	conf.Get(nsConf, flagTimeout, t)
+
+	timeout, err := strconv.Atoi(t.String())
+	if err != nil || timeout == 5 {
+		return 5
+	}
+
+	return timeout
+}
+
+func GetRewrites(hostMatch string) map[string]string {
+	v := packable.NewString()
+	conf.Get(nsConf, flagRewrites, v)
+	m := make(map[string]string)
+	for _, v := range strings.Split(v.String(), ",") {
+		vs := strings.Split(v, ":")
+		if len(v) < 3 {
+			continue
+		}
+		host := vs[0]
+		if host != hostMatch {
+			continue
+		}
+		from := vs[1]
+		to := strings.Join(vs[2:], ":")
+		m[from] = to
+	}
+	return m
+}
--- a/.config/new.go
+++ b/.config/new.go
@@ -0,0 +1,161 @@
+package config
+
+import (
+	"flag"
+	"io/ioutil"
+	"local/rproxy3/storage"
+	"local/rproxy3/storage/packable"
+	"log"
+	"os"
+	"strings"
+
+	yaml "gopkg.in/yaml.v2"
+)
+
+const nsConf = "configuration"
+const flagPort = "p"
+const flagRoutes = "r"
+const flagConf = "c"
+const flagCert = "crt"
+const flagTCP = "tcp"
+const flagKey = "key"
+const flagUser = "user"
+const flagPass = "pass"
+const flagRate = "rate"
+const flagBurst = "burst"
+const flagTimeout = "timeout"
+const flagRewrites = "rw"
+
+var conf = storage.NewMap()
+
+type toBind struct {
+	flag  string
+	value *string
+}
+
+type fileConf struct {
+	Port     string   `yaml:"p"`
+	Routes   []string `yaml:"r"`
+	CertPath string   `yaml:"crt"`
+	TCPPath  string   `yaml:"tcp"`
+	KeyPath  string   `yaml:"key"`
+	Username string   `yaml:"user"`
+	Password string   `yaml:"pass"`
+	Rate     string   `yaml:"rate"`
+	Burst    string   `yaml:"burst"`
+	Timeout  string   `yaml:"timeout"`
+	Rewrites []string `yaml:"rw"`
+}
+
+func Init() error {
+	log.SetFlags(log.Ldate | log.Ltime | log.Llongfile)
+	log.SetFlags(log.Ltime | log.Lshortfile)
+	if err := fromFile(); err != nil {
+		return err
+	}
+	if err := fromFlags(); err != nil {
+		return err
+	}
+	return nil
+}
+
+func fromFile() error {
+	flag.CommandLine = flag.NewFlagSet(os.Args[0], flag.ContinueOnError)
+	defer func() {
+		flag.CommandLine = flag.NewFlagSet(os.Args[0], flag.ExitOnError)
+	}()
+	flag.String(flagConf, "/dev/null", "yaml config file path")
+	flag.Parse()
+	confFlag := flag.Lookup(flagConf)
+	if confFlag == nil || confFlag.Value.String() == "" {
+		return nil
+	}
+	confBytes, err := ioutil.ReadFile(confFlag.Value.String())
+	if err != nil {
+		return err
+	}
+	var c fileConf
+	if err := yaml.Unmarshal(confBytes, &c); err != nil {
+		return err
+	}
+	if err := conf.Set(nsConf, flagPort, packable.NewString(c.Port)); err != nil {
+		return err
+	}
+	if err := conf.Set(nsConf, flagRoutes, packable.NewString(strings.Join(c.Routes, ","))); err != nil {
+		return err
+	}
+	if err := conf.Set(nsConf, flagCert, packable.NewString(c.CertPath)); err != nil {
+		return err
+	}
+	if err := conf.Set(nsConf, flagTCP, packable.NewString(c.TCPPath)); err != nil {
+		return err
+	}
+	if err := conf.Set(nsConf, flagKey, packable.NewString(c.KeyPath)); err != nil {
+		return err
+	}
+	if err := conf.Set(nsConf, flagUser, packable.NewString(c.Username)); err != nil {
+		return err
+	}
+	if err := conf.Set(nsConf, flagPass, packable.NewString(c.Password)); err != nil {
+		return err
+	}
+	if err := conf.Set(nsConf, flagRate, packable.NewString(c.Rate)); err != nil {
+		return err
+	}
+	if err := conf.Set(nsConf, flagBurst, packable.NewString(c.Burst)); err != nil {
+		return err
+	}
+	if err := conf.Set(nsConf, flagTimeout, packable.NewString(c.Timeout)); err != nil {
+		return err
+	}
+	if err := conf.Set(nsConf, flagRewrites, packable.NewString(strings.Join(c.Rewrites, ","))); err != nil {
+		return err
+	}
+	return nil
+}
+
+func fromFlags() error {
+	binds := make([]toBind, 0)
+	binds = append(binds, addFlag(flagPort, "51555", "port to bind to"))
+	binds = append(binds, addFlag(flagConf, "", "configuration file path"))
+	binds = append(binds, addFlag(flagRoutes, "", "comma-separated routes to map, each as from:scheme://to.tld:port"))
+	binds = append(binds, addFlag(flagCert, "", "path to .crt"))
+	binds = append(binds, addFlag(flagTCP, "", "tcp addr"))
+	binds = append(binds, addFlag(flagKey, "", "path to .key"))
+	binds = append(binds, addFlag(flagUser, "", "basic auth username"))
+	binds = append(binds, addFlag(flagPass, "", "basic auth password"))
+	binds = append(binds, addFlag(flagRate, "100", "rate limit per second"))
+	binds = append(binds, addFlag(flagBurst, "100", "rate limit burst"))
+	binds = append(binds, addFlag(flagTimeout, "30", "seconds to wait for limiter"))
+	binds = append(binds, addFlag(flagRewrites, "", "comma-separated from:replace:replacement:oauth to rewrite in response bodies"))
+	flag.Parse()
+
+	for _, bind := range binds {
+		confFlag := flag.Lookup(bind.flag)
+		if confFlag == nil || confFlag.Value.String() == "" {
+			continue
+		}
+		if err := conf.Set(nsConf, bind.flag, packable.NewString(*bind.value)); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func addFlag(key, def, help string) toBind {
+	def = getFlagOrDefault(key, def)
+	v := flag.String(key, def, help)
+	return toBind{
+		flag:  key,
+		value: v,
+	}
+}
+
+func getFlagOrDefault(key, def string) string {
+	v := packable.NewString()
+	if err := conf.Get(nsConf, key, v); err != nil {
+		return def
+	}
+	return v.String()
+}
--- a/.config/new_test.go
+++ b/.config/new_test.go
--- a/.gitignore
+++ b/.gitignore
--- a/conf.yaml
+++ b/conf.yaml
@@ -1,5 +1,5 @@
 p: 54243
-r: 
+r:
 - echo:http://localhost:49982
 - echo2:http://192.168.0.86:38090
 #crt: ./testdata/rproxy3server.crt
--- a/config/config.go
+++ b/config/config.go
@@ -1,118 +1,77 @@
 package config

 import (
-	"local/rproxy3/storage/packable"
-	"log"
-	"strconv"
+	"fmt"
 	"strings"
+	"time"
 )

-func GetPort() string {
-	v := packable.NewString()
-	conf.Get(nsConf, flagPort, v)
-	return ":" + strings.TrimPrefix(v.String(), ":")
+type Proxy struct {
+	To      string
+	BOAuthZ bool
 }

-func GetRoutes() map[string]string {
-	v := packable.NewString()
-	conf.Get(nsConf, flagRoutes, v)
-	m := make(map[string]string)
-	for _, v := range strings.Split(v.String(), ",") {
-		if len(v) == 0 {
-			return m
-		}
-		from := v[:strings.Index(v, ":")]
-		to := v[strings.Index(v, ":")+1:]
-		m[from] = to
+func parseProxy(s string) (string, Proxy) {
+	p := Proxy{}
+	key := ""
+	l := strings.Split(s, ",")
+	if len(l) > 0 {
+		key = l[0]
 	}
-	return m
+	if len(l) > 1 {
+		p.To = l[1]
+	}
+	if len(l) > 2 {
+		p.BOAuthZ = l[2] == "true"
+	}
+	return key, p
 }

-func GetSSL() (string, string, bool) {
-	v := packable.NewString()
-	conf.Get(nsConf, flagCert, v)
-	certPath := v.String()
-	conf.Get(nsConf, flagKey, v)
-	keyPath := v.String()
-	return certPath, keyPath, notEmpty(certPath, keyPath)
+func GetBOAuthZ() (string, bool) {
+	boauthz := conf.Get("oauth").GetString()
+	return boauthz, boauthz != ""
 }

 func GetAuth() (string, string, bool) {
-	v := packable.NewString()
-	conf.Get(nsConf, flagUser, v)
-	user := v.String()
-	conf.Get(nsConf, flagPass, v)
-	pass := v.String()
-	return user, pass, notEmpty(user, pass)
+	user := conf.Get("user").GetString()
+	pass := conf.Get("pass").GetString()
+	return user, pass, user != "" && pass != ""
 }

-func notEmpty(s ...string) bool {
-	for i := range s {
-		if s[i] == "" || s[i] == "/dev/null" {
-			return false
-		}
-	}
-	return true
+func GetPort() string {
+	port := conf.Get("p").GetInt()
+	return ":" + fmt.Sprint(port)
 }

 func GetRate() (int, int) {
-	r := packable.NewString()
-	conf.Get(nsConf, flagRate, r)
-	b := packable.NewString()
-	conf.Get(nsConf, flagBurst, b)
-
-	rate, err := strconv.Atoi(r.String())
-	if err != nil {
-		log.Printf("illegal rate: %v", err)
-		rate = 5
-	}
-	burst, _ := strconv.Atoi(b.String())
-	if err != nil {
-		log.Printf("illegal burst: %v", err)
-		burst = 5
-	}
-
+	rate := conf.Get("r").GetInt()
+	burst := conf.Get("b").GetInt()
 	return rate, burst
 }

-func GetTimeout() int {
-	t := packable.NewString()
-	conf.Get(nsConf, flagTimeout, t)
-
-	timeout, err := strconv.Atoi(t.String())
-	if err != nil || timeout == 5 {
-		return 5
+func GetRoutes() map[string]Proxy {
+	list := conf.Get("proxy").GetString()
+	definitions := strings.Split(list, ",,")
+	routes := make(map[string]Proxy)
+	for _, definition := range definitions {
+		k, v := parseProxy(definition)
+		routes[k] = v
 	}
+	return routes
+}

+func GetSSL() (string, string, bool) {
+	crt := conf.Get("crt").GetString()
+	key := conf.Get("key").GetString()
+	return crt, key, crt != "" && key != ""
+}
+
+func GetTCP() (string, bool) {
+	tcp := conf.Get("tcp").GetString()
+	return tcp, tcp != ""
+}
+
+func GetTimeout() time.Duration {
+	timeout := conf.Get("timeout").GetDuration()
 	return timeout
 }
-
-func GetRewrites(hostMatch string) map[string]string {
-	v := packable.NewString()
-	conf.Get(nsConf, flagRewrites, v)
-	m := make(map[string]string)
-	for _, v := range strings.Split(v.String(), ",") {
-		vs := strings.Split(v, ":")
-		if len(v) < 3 {
-			continue
-		}
-		host := vs[0]
-		if host != hostMatch {
-			continue
-		}
-		from := vs[1]
-		to := strings.Join(vs[2:], ":")
-		m[from] = to
-	}
-	return m
-}
-
-func GetProxyMode() string {
-	v := packable.NewString()
-	conf.Get(nsConf, flagMode, v)
-	s := v.String()
-	if s == "" {
-		return "domain"
-	}
-	return s
-}
--- a/config/new.go
+++ b/config/new.go
@@ -1,161 +1,49 @@
 package config

 import (
-	"flag"
-	"io/ioutil"
-	"local/rproxy3/storage"
-	"local/rproxy3/storage/packable"
+	"fmt"
+	"local/args"
 	"log"
 	"os"
 	"strings"
-
-	yaml "gopkg.in/yaml.v2"
+	"time"
 )

-const nsConf = "configuration"
-const flagPort = "p"
-const flagMode = "mode"
-const flagRoutes = "r"
-const flagConf = "c"
-const flagCert = "crt"
-const flagKey = "key"
-const flagUser = "user"
-const flagPass = "pass"
-const flagRate = "rate"
-const flagBurst = "burst"
-const flagTimeout = "timeout"
-const flagRewrites = "rw"
+var conf *args.ArgSet

-var conf = storage.NewMap()
-
-type toBind struct {
-	flag  string
-	value *string
+func init() {
+	if err := Refresh(); err != nil {
+		panic(err)
+	}
 }

-type fileConf struct {
-	Port     string   `yaml:"p"`
-	Mode     string   `yaml:"mode"`
-	Routes   []string `yaml:"r"`
-	CertPath string   `yaml:"crt"`
-	KeyPath  string   `yaml:"key"`
-	Username string   `yaml:"user"`
-	Password string   `yaml:"pass"`
-	Rate     string   `yaml:"rate"`
-	Burst    string   `yaml:"burst"`
-	Timeout  string   `yaml:"timeout"`
-	Rewrites []string `yaml:"rw"`
-}
-
-func Init() error {
+func Refresh() error {
 	log.SetFlags(log.Ldate | log.Ltime | log.Llongfile)
 	log.SetFlags(log.Ltime | log.Lshortfile)
-	if err := fromFile(); err != nil {
-		return err
-	}
-	if err := fromFlags(); err != nil {
+
+	as, err := parseArgs()
+	if err != nil && !strings.Contains(fmt.Sprint(os.Args), "-test") {
 		return err
 	}
+	conf = as
 	return nil
 }

-func fromFile() error {
-	flag.CommandLine = flag.NewFlagSet(os.Args[0], flag.ContinueOnError)
-	defer func() {
-		flag.CommandLine = flag.NewFlagSet(os.Args[0], flag.ExitOnError)
-	}()
-	flag.String(flagConf, "/dev/null", "yaml config file path")
-	flag.Parse()
-	confFlag := flag.Lookup(flagConf)
-	if confFlag == nil || confFlag.Value.String() == "" {
-		return nil
-	}
-	confBytes, err := ioutil.ReadFile(confFlag.Value.String())
-	if err != nil {
-		return err
-	}
-	var c fileConf
-	if err := yaml.Unmarshal(confBytes, &c); err != nil {
-		return err
-	}
-	if err := conf.Set(nsConf, flagPort, packable.NewString(c.Port)); err != nil {
-		return err
-	}
-	if err := conf.Set(nsConf, flagMode, packable.NewString(c.Mode)); err != nil {
-		return err
-	}
-	if err := conf.Set(nsConf, flagRoutes, packable.NewString(strings.Join(c.Routes, ","))); err != nil {
-		return err
-	}
-	if err := conf.Set(nsConf, flagCert, packable.NewString(c.CertPath)); err != nil {
-		return err
-	}
-	if err := conf.Set(nsConf, flagKey, packable.NewString(c.KeyPath)); err != nil {
-		return err
-	}
-	if err := conf.Set(nsConf, flagUser, packable.NewString(c.Username)); err != nil {
-		return err
-	}
-	if err := conf.Set(nsConf, flagPass, packable.NewString(c.Password)); err != nil {
-		return err
-	}
-	if err := conf.Set(nsConf, flagRate, packable.NewString(c.Rate)); err != nil {
-		return err
-	}
-	if err := conf.Set(nsConf, flagBurst, packable.NewString(c.Burst)); err != nil {
-		return err
-	}
-	if err := conf.Set(nsConf, flagTimeout, packable.NewString(c.Timeout)); err != nil {
-		return err
-	}
-	if err := conf.Set(nsConf, flagRewrites, packable.NewString(strings.Join(c.Rewrites, ","))); err != nil {
-		return err
-	}
-	return nil
-}
-
-func fromFlags() error {
-	binds := make([]toBind, 0)
-	binds = append(binds, addFlag(flagPort, "51555", "port to bind to"))
-	binds = append(binds, addFlag(flagMode, "domain", "[domain] or [path] to match"))
-	binds = append(binds, addFlag(flagConf, "", "configuration file path"))
-	binds = append(binds, addFlag(flagRoutes, "", "comma-separated routes to map, each as from:scheme://to.tld:port"))
-	binds = append(binds, addFlag(flagCert, "", "path to .crt"))
-	binds = append(binds, addFlag(flagKey, "", "path to .key"))
-	binds = append(binds, addFlag(flagUser, "", "basic auth username"))
-	binds = append(binds, addFlag(flagPass, "", "basic auth password"))
-	binds = append(binds, addFlag(flagRate, "100", "rate limit per second"))
-	binds = append(binds, addFlag(flagBurst, "100", "rate limit burst"))
-	binds = append(binds, addFlag(flagTimeout, "30", "seconds to wait for limiter"))
-	binds = append(binds, addFlag(flagRewrites, "", "comma-separated from:replace:replacement to rewrite in response bodies"))
-	flag.Parse()
-
-	for _, bind := range binds {
-		confFlag := flag.Lookup(bind.flag)
-		if confFlag == nil || confFlag.Value.String() == "" {
-			continue
-		}
-		if err := conf.Set(nsConf, bind.flag, packable.NewString(*bind.value)); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func addFlag(key, def, help string) toBind {
-	def = getFlagOrDefault(key, def)
-	v := flag.String(key, def, help)
-	return toBind{
-		flag:  key,
-		value: v,
-	}
-}
-
-func getFlagOrDefault(key, def string) string {
-	v := packable.NewString()
-	if err := conf.Get(nsConf, key, v); err != nil {
-		return def
-	}
-	return v.String()
+func parseArgs() (*args.ArgSet, error) {
+	as := args.NewArgSet()
+
+	as.Append(args.STRING, "user", "username for basic auth", "")
+	as.Append(args.STRING, "pass", "password for basic auth", "")
+	as.Append(args.INT, "p", "port for service", 51555)
+	as.Append(args.INT, "r", "rate per second for requests", 100)
+	as.Append(args.INT, "b", "burst requests", 100)
+	as.Append(args.STRING, "crt", "path to crt for ssl", "")
+	as.Append(args.STRING, "key", "path to key for ssl", "")
+	as.Append(args.STRING, "tcp", "address for tcp only tunnel", "")
+	as.Append(args.DURATION, "timeout", "timeout for tunnel", time.Minute)
+	as.Append(args.STRING, "proxy", "double-comma separated from,scheme://to.tld:port,oauth,,", "")
+	as.Append(args.STRING, "oauth", "url for boauthz", "")
+
+	err := as.Parse()
+	return as, err
 }
--- a/main.go
+++ b/main.go
@@ -6,7 +6,7 @@ import (
 )

 func main() {
-	if err := config.Init(); err != nil {
+	if err := config.Refresh(); err != nil {
 		panic(err)
 	}

--- a/main_test.go
+++ b/main_test.go
@@ -34,8 +34,8 @@ func TestHTTPSMain(t *testing.T) {
 			"username",
 			"-pass",
 			"password",
-			"-r",
-			"hello:" + addr,
+			"-proxy",
+			"hello," + addr,
 			"-crt",
 			"./testdata/rproxy3server.crt",
 			"-key",
@@ -51,7 +51,7 @@ func TestHTTPSMain(t *testing.T) {
 			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
 		},
 	}
-	r, _ := http.NewRequest("GET", "https://hello.localhost"+port, nil)
+	r, _ := http.NewRequest("GET", "https://hello.localhost:"+port, nil)

 	if resp, err := client.Do(r); err != nil {
 		t.Fatalf("client failed: %v", err)
@@ -89,8 +89,8 @@ func TestHTTPMain(t *testing.T) {
 			"username",
 			"-pass",
 			"password",
-			"-r",
-			"hello:" + addr,
+			"-proxy",
+			"hello," + addr,
 		}
 		main()
 	}()
@@ -98,7 +98,7 @@ func TestHTTPMain(t *testing.T) {
 	time.Sleep(time.Millisecond * 100)

 	client := &http.Client{}
-	r, _ := http.NewRequest("GET", "http://hello.localhost"+port, nil)
+	r, _ := http.NewRequest("GET", "http://hello.localhost:"+port, nil)

 	if resp, err := client.Do(r); err != nil {
 		t.Fatalf("client failed: %v", err)
@@ -127,5 +127,5 @@ func echoServer() (string, func()) {
 func getPort() string {
 	s := httptest.NewServer(nil)
 	s.Close()
-	return s.URL[strings.LastIndex(s.URL, ":"):]
+	return s.URL[strings.LastIndex(s.URL, ":")+1:]
 }
--- a/server/new.go
+++ b/server/new.go
--- a/server/new_test.go
+++ b/server/new_test.go
--- a/server/proxy.go
+++ b/server/proxy.go
@@ -2,8 +2,8 @@ package server

 import (
 	"bytes"
+	"crypto/tls"
 	"io"
-	"local/rproxy3/config"
 	"local/rproxy3/storage/packable"
 	"log"
 	"net/http"
@@ -24,17 +24,14 @@ type rewrite struct {
 }

 func (s *Server) Proxy(w http.ResponseWriter, r *http.Request) {
-	newURL, err := s.lookup(mapKey(r, config.GetProxyMode()))
+	newURL, err := s.lookup(mapKey(r.Host))
 	var transport http.RoundTripper
+	http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
 	transport = &redirPurge{
 		proxyHost:     r.Host,
 		targetHost:    newURL.Host,
 		baseTransport: http.DefaultTransport,
 	}
-	transport = &rewrite{
-		rewrites:      config.GetRewrites(mapKey(r, config.GetProxyMode())),
-		baseTransport: transport,
-	}
 	if err != nil {
 		http.NotFound(w, r)
 		log.Printf("unknown host lookup %q", r.Host)
@@ -52,20 +49,16 @@ func (s *Server) lookup(host string) (*url.URL, error) {
 	return v.URL(), err
 }

-func mapKey(r *http.Request, proxyMode string) string {
-	switch proxyMode {
-	case "domain":
-		host := strings.Split(r.Host, ".")[0]
-		host = strings.Split(host, ":")[0]
-		return host
-	case "path":
-		paths := strings.Split(r.URL.Path, "/")
-		if len(paths) < 2 {
-			return ""
-		}
-		return paths[1]
-	}
-	return ""
+func (s *Server) lookupBOAuthZ(host string) (bool, error) {
+	v := packable.NewString()
+	err := s.db.Get(nsBOAuthZ, host, v)
+	return v.String() != "", err
+}
+
+func mapKey(host string) string {
+	host = strings.Split(host, ".")[0]
+	host = strings.Split(host, ":")[0]
+	return host
 }

 func (rp *redirPurge) RoundTrip(r *http.Request) (*http.Response, error) {
--- a/server/proxy_test.go
+++ b/server/proxy_test.go
@@ -3,7 +3,6 @@ package server
 import (
 	"io/ioutil"
 	"net/http"
-	"net/url"
 	"strings"
 	"testing"
 )
@@ -41,35 +40,3 @@ func TestRewrite(t *testing.T) {
 		t.Errorf("failed to replace: got %q, want \"b\"", b)
 	}
 }
-
-func TestMapKey(t *testing.T) {
-	r := &http.Request{
-		Host: "a.b.c:123",
-		URL: &url.URL{
-			Path: "/c/d/e",
-		},
-	}
-
-	if v := mapKey(r, "domain"); v != "a" {
-		t.Errorf("failed to get domain: got %v", v)
-	}
-
-	if v := mapKey(r, "path"); v != "c" {
-		t.Errorf("failed to get domain: got %v", v)
-	}
-
-	r.Host = "a:123"
-	if v := mapKey(r, "domain"); v != "a" {
-		t.Errorf("failed to get domain: got %v", v)
-	}
-
-	r.URL.Path = ""
-	if v := mapKey(r, "path"); v != "" {
-		t.Errorf("failed to get domain: got %v", v)
-	}
-
-	r.URL.Path = "/"
-	if v := mapKey(r, "path"); v != "" {
-		t.Errorf("failed to get domain: got %v", v)
-	}
-}
--- a/server/routes.go
+++ b/server/routes.go
--- a/server/routes_test.go
+++ b/server/routes_test.go
--- a/server/server.go
+++ b/server/server.go
@@ -5,10 +5,14 @@ import (
 	"crypto/tls"
 	"encoding/base64"
 	"errors"
+	"fmt"
+	"io"
+	"local/oauth2/oauth2client"
 	"local/rproxy3/config"
 	"local/rproxy3/storage"
 	"local/rproxy3/storage/packable"
 	"log"
+	"net"
 	"net/http"
 	"net/url"
 	"strings"
@@ -18,12 +22,14 @@ import (
 )

 const nsRouting = "routing"
+const nsBOAuthZ = "oauth"

 type listenerScheme int

 const (
 	schemeHTTP  listenerScheme = iota
 	schemeHTTPS listenerScheme = iota
+	schemeTCP   listenerScheme = iota
 )

 func (ls listenerScheme) String() string {
@@ -32,6 +38,8 @@ func (ls listenerScheme) String() string {
 		return "http"
 	case schemeHTTPS:
 		return "https"
+	case schemeTCP:
+		return "tcp"
 	}
 	return ""
 }
@@ -44,12 +52,13 @@ type Server struct {
 	limiter  *rate.Limiter
 }

-func (s *Server) Route(src, dst string) error {
-	log.Printf("Adding route %q -> %q...\n", src, dst)
-	u, err := url.Parse(dst)
+func (s *Server) Route(src string, dst config.Proxy) error {
+	log.Printf("Adding route %q -> %v...\n", src, dst)
+	u, err := url.Parse(dst.To)
 	if err != nil {
 		return err
 	}
+	s.db.Set(nsBOAuthZ, src, packable.NewString(fmt.Sprint(dst.BOAuthZ)))
 	return s.db.Set(nsRouting, src, packable.NewURL(u))
 }

@@ -58,6 +67,9 @@ func (s *Server) Run() error {
 	if _, _, ok := config.GetSSL(); ok {
 		scheme = schemeHTTPS
 	}
+	if _, ok := config.GetTCP(); ok {
+		scheme = schemeTCP
+	}
 	log.Printf("Listening for %v on %v...\n", scheme, s.addr)
 	switch scheme {
 	case schemeHTTP:
@@ -83,6 +95,10 @@ func (s *Server) Run() error {
 			TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler), 0),
 		}
 		return httpsServer.ListenAndServeTLS(c, k)
+	case schemeTCP:
+		log.Printf("Serve tcp")
+		addr, _ := config.GetTCP()
+		return s.ServeTCP(addr)
 	}
 	return errors.New("did not load server")
 }
@@ -91,7 +107,6 @@ func (s *Server) doAuth(foo http.HandlerFunc) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		rusr, rpwd, ok := config.GetAuth()
 		if ok {
-			//usr, pwd := getProxyAuth(r)
 			usr, pwd, ok := r.BasicAuth()
 			if !ok || rusr != usr || rpwd != pwd {
 				w.WriteHeader(http.StatusUnauthorized)
@@ -99,10 +114,51 @@ func (s *Server) doAuth(foo http.HandlerFunc) http.HandlerFunc {
 				return
 			}
 		}
+		ok, err := s.lookupBOAuthZ(mapKey(r.Host))
+		if err != nil {
+			w.WriteHeader(http.StatusInternalServerError)
+			return
+		}
+		if boauthz, useoauth := config.GetBOAuthZ(); ok && useoauth {
+			err := oauth2client.Authenticate(boauthz, w, r)
+			if err != nil {
+				return
+			}
+		}
 		foo(w, r)
 	}
 }

+func (s *Server) ServeTCP(addr string) error {
+	listen, err := net.Listen("tcp", s.addr)
+	if err != nil {
+		return err
+	}
+	for {
+		c, err := listen.Accept()
+		if err != nil {
+			return err
+		}
+		go func(c net.Conn) {
+			d, err := net.Dial("tcp", addr)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			go pipe(c, d)
+			go pipe(d, c)
+		}(c)
+	}
+}
+
+func pipe(a, b net.Conn) {
+	log.Println("open pipe")
+	defer log.Println("close pipe")
+	defer a.Close()
+	defer b.Close()
+	io.Copy(a, b)
+}
+
 func (s *Server) Pre(foo http.HandlerFunc) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		ctx, can := context.WithTimeout(r.Context(), time.Second*time.Duration(config.GetTimeout()))
--- a/server/server_test.go
+++ b/server/server_test.go
@@ -3,6 +3,7 @@ package server
 import (
 	"context"
 	"fmt"
+	"local/rproxy3/config"
 	"local/rproxy3/storage"
 	"net/http"
 	"net/http/httptest"
@@ -15,7 +16,10 @@ import (
 func TestServerStart(t *testing.T) {
 	server := mockServer()

-	if err := server.Route("world", "http://hello.localhost"+server.addr); err != nil {
+	p := config.Proxy{
+		To: "http://hello.localhost" + server.addr,
+	}
+	if err := server.Route("world", p); err != nil {
 		t.Fatalf("cannot add route: %v", err)
 	}

@@ -48,7 +52,10 @@ func mockServer() *Server {

 func TestServerRoute(t *testing.T) {
 	server := mockServer()
-	if err := server.Route("world", "http://hello.localhost"+server.addr); err != nil {
+	p := config.Proxy{
+		To: "http://hello.localhost" + server.addr,
+	}
+	if err := server.Route("world", p); err != nil {
 		t.Fatalf("cannot add route: %v", err)
 	}
 	w := httptest.NewRecorder()
--- a/storage/db.go
+++ b/storage/db.go
--- a/storage/db_test.go
+++ b/storage/db_test.go
--- a/storage/map.go
+++ b/storage/map.go
--- a/storage/packable/packable.go
+++ b/storage/packable/packable.go
--- a/storage/packable/packable_test.go
+++ b/storage/packable/packable_test.go
--- a/testdata/Bserver.crt
+++ b/testdata/Bserver.crt
--- a/testdata/Bserver.key
+++ b/testdata/Bserver.key
--- a/testdata/Bserver.pkcs12
+++ b/testdata/Bserver.pkcs12
--- a/testdata/rproxy3server.crt
+++ b/testdata/rproxy3server.crt
--- a/testdata/rproxy3server.key
+++ b/testdata/rproxy3server.key
--- a/testdata/rproxy3server.pkcs12
+++ b/testdata/rproxy3server.pkcs12
--- a/vendor/vendor.json
+++ b/vendor/vendor.json
@@ -1,25 +0,0 @@
-{
-	"comment": "",
-	"ignore": "test",
-	"package": [
-		{
-			"checksumSHA1": "GtamqiJoL7PGHsN454AoffBFMa8=",
-			"path": "golang.org/x/net/context",
-			"revision": "65e2d4e15006aab9813ff8769e768bbf4bb667a0",
-			"revisionTime": "2019-02-01T23:59:58Z"
-		},
-		{
-			"checksumSHA1": "HoCvrd3hEhsFeBOdEw7cbcfyk50=",
-			"path": "golang.org/x/time/rate",
-			"revision": "fbb02b2291d28baffd63558aa44b4b56f178d650",
-			"revisionTime": "2018-04-12T16:56:04Z"
-		},
-		{
-			"checksumSHA1": "QqDq2x8XOU7IoOR98Cx1eiV5QY8=",
-			"path": "gopkg.in/yaml.v2",
-			"revision": "51d6538a90f86fe93ac480b35f37b2be17fef232",
-			"revisionTime": "2018-11-15T11:05:04Z"
-		}
-	],
-	"rootPath": "local/rproxy3"
-}
Author	SHA1	Message	Date
bel	bc11dd7f82	change conf to argsset and flag for oauth	2019-10-22 05:03:53 +00:00
bel	e20ba5361d	about to replace config and storage with shared package	2019-10-22 02:36:59 +00:00
Bel LaPointe	8a90a3adda	Implement tcp proxy with single forward	2019-10-02 09:07:59 -06:00
Bel LaPointe	698edf7e45	insecure skip verify	2019-09-24 12:47:06 -06:00
Bel LaPointe	48e0048216	no more logger	2019-05-02 09:35:53 -06:00