local/rproxy3
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: local:v0.3
Branches Tags
local:master
local:v0.10.2 local:v0.10.1 local:v0.10.0 local:v0.9.1 local:v0.9.0 local:v0.8.5 local:v0.8.4 local:v0.8.3 local:v0.8.1 local:v0.8 local:v0.7 local:v0.6 local:v0.5 local:v0.4 local:v0.3 local:v0.2.1 local:v0.2 local:v0.1
...
compare: local:v0.8
Branches Tags
local:master
local:v0.10.2 local:v0.10.1 local:v0.10.0 local:v0.9.1 local:v0.9.0 local:v0.8.5 local:v0.8.4 local:v0.8.3 local:v0.8.1 local:v0.8 local:v0.7 local:v0.6 local:v0.5 local:v0.4 local:v0.3 local:v0.2.1 local:v0.2 local:v0.1

17 Commits
v0.3 ... v0.8

Author SHA1 Message Date
Bel LaPointe
c623792c2f NOW authelia supported 2021-03-21 13:03:04 -05:00
Bel LaPointe
cebb518e05 impl authelia I think 2021-03-21 12:44:21 -05:00
Bel LaPointe
177e0d88da dont rewrite 2020-07-31 23:15:58 -06:00
Bel LaPointe
9b0bccd9ca CORS for DELETE 2020-07-25 19:32:59 -06:00
Bel LaPointe
1af274dc1d Add redirect things for dumb js apps 2020-07-25 02:28:57 -06:00
Bel LaPointe
ec1e0cdf2e Add nopath for vue things 2020-07-25 02:23:04 -06:00
Bel LaPointe
61811e8e61 Listen on second port and redirect to main 2020-02-14 14:57:26 -07:00
bel
c4c37068f3 New oauth2client 2019-12-31 11:21:15 -07:00
bel
d71b00e067 Fix 2019-11-06 19:00:56 -07:00
Bel LaPointe
d98703610d remove unused and rename 2019-11-03 07:56:43 -07:00
Bel LaPointe
01b7b06971 Optional oauth via + flag 2019-11-03 07:55:38 -07:00
Bel LaPointe
7d3d6d88f6 Re-enable config files 2019-11-03 07:45:23 -07:00
Bel LaPointe
8c415f2a39 Update to scoped oauth 2019-11-02 08:03:35 -06:00
Bel LaPointe
df0232e24c Create dockerfile from dockerize.do and test WS 2019-11-02 07:26:58 -06:00
bel
bc11dd7f82 change conf to argsset and flag for oauth 2019-10-22 05:03:53 +00:00
bel
e20ba5361d about to replace config and storage with shared package 2019-10-22 02:36:59 +00:00
Bel LaPointe
8a90a3adda Implement tcp proxy with single forward 2019-10-02 09:07:59 -06:00
34 changed files with 782 additions and 254 deletions
Expand all files Collapse all files

115
.config/config.go Executable file
View File

@@ -0,0 +1,115 @@
package config
import (
"local/rproxy3/storage/packable"
"log"
"strconv"
"strings"
)
func GetPort() string {
v := packable.NewString()
conf.Get(nsConf, flagPort, v)
return ":" + strings.TrimPrefix(v.String(), ":")
}
func GetRoutes() map[string]string {
v := packable.NewString()
conf.Get(nsConf, flagRoutes, v)
m := make(map[string]string)
for _, v := range strings.Split(v.String(), ",") {
if len(v) == 0 {
return m
}
from := v[:strings.Index(v, ":")]
to := v[strings.Index(v, ":")+1:]
m[from] = to
}
return m
}
func GetTCP() (string, bool) {
v := packable.NewString()
conf.Get(nsConf, flagTCP, v)
tcpAddr := v.String()
return tcpAddr, notEmpty(tcpAddr)
}
func GetSSL() (string, string, bool) {
v := packable.NewString()
conf.Get(nsConf, flagCert, v)
certPath := v.String()
conf.Get(nsConf, flagKey, v)
keyPath := v.String()
return certPath, keyPath, notEmpty(certPath, keyPath)
}
func GetAuth() (string, string, bool) {
v := packable.NewString()
conf.Get(nsConf, flagUser, v)
user := v.String()
conf.Get(nsConf, flagPass, v)
pass := v.String()
return user, pass, notEmpty(user, pass)
}
func notEmpty(s ...string) bool {
for i := range s {
if s[i] == "" || s[i] == "/dev/null" {
return false
}
}
return true
}
func GetRate() (int, int) {
r := packable.NewString()
conf.Get(nsConf, flagRate, r)
b := packable.NewString()
conf.Get(nsConf, flagBurst, b)
rate, err := strconv.Atoi(r.String())
if err != nil {
log.Printf("illegal rate: %v", err)
rate = 5
}
burst, _ := strconv.Atoi(b.String())
if err != nil {
log.Printf("illegal burst: %v", err)
burst = 5
}
return rate, burst
}
func GetTimeout() int {
t := packable.NewString()
conf.Get(nsConf, flagTimeout, t)
timeout, err := strconv.Atoi(t.String())
if err != nil || timeout == 5 {
return 5
}
return timeout
}
func GetRewrites(hostMatch string) map[string]string {
v := packable.NewString()
conf.Get(nsConf, flagRewrites, v)
m := make(map[string]string)
for _, v := range strings.Split(v.String(), ",") {
vs := strings.Split(v, ":")
if len(v) < 3 {
continue
}
host := vs[0]
if host != hostMatch {
continue
}
from := vs[1]
to := strings.Join(vs[2:], ":")
m[from] = to
}
return m
}

161
.config/new.go Executable file
View File

@@ -0,0 +1,161 @@
package config
import (
"flag"
"io/ioutil"
"local/rproxy3/storage"
"local/rproxy3/storage/packable"
"log"
"os"
"strings"
yaml "gopkg.in/yaml.v2"
)
const nsConf = "configuration"
const flagPort = "p"
const flagRoutes = "r"
const flagConf = "c"
const flagCert = "crt"
const flagTCP = "tcp"
const flagKey = "key"
const flagUser = "user"
const flagPass = "pass"
const flagRate = "rate"
const flagBurst = "burst"
const flagTimeout = "timeout"
const flagRewrites = "rw"
var conf = storage.NewMap()
type toBind struct {
flag string
value *string
}
type fileConf struct {
Port string `yaml:"p"`
Routes []string `yaml:"r"`
CertPath string `yaml:"crt"`
TCPPath string `yaml:"tcp"`
KeyPath string `yaml:"key"`
Username string `yaml:"user"`
Password string `yaml:"pass"`
Rate string `yaml:"rate"`
Burst string `yaml:"burst"`
Timeout string `yaml:"timeout"`
Rewrites []string `yaml:"rw"`
}
func Init() error {
log.SetFlags(log.Ldate | log.Ltime | log.Llongfile)
log.SetFlags(log.Ltime | log.Lshortfile)
if err := fromFile(); err != nil {
return err
}
if err := fromFlags(); err != nil {
return err
}
return nil
}
func fromFile() error {
flag.CommandLine = flag.NewFlagSet(os.Args[0], flag.ContinueOnError)
defer func() {
flag.CommandLine = flag.NewFlagSet(os.Args[0], flag.ExitOnError)
}()
flag.String(flagConf, "/dev/null", "yaml config file path")
flag.Parse()
confFlag := flag.Lookup(flagConf)
if confFlag == nil || confFlag.Value.String() == "" {
return nil
}
confBytes, err := ioutil.ReadFile(confFlag.Value.String())
if err != nil {
return err
}
var c fileConf
if err := yaml.Unmarshal(confBytes, &c); err != nil {
return err
}
if err := conf.Set(nsConf, flagPort, packable.NewString(c.Port)); err != nil {
return err
}
if err := conf.Set(nsConf, flagRoutes, packable.NewString(strings.Join(c.Routes, ","))); err != nil {
return err
}
if err := conf.Set(nsConf, flagCert, packable.NewString(c.CertPath)); err != nil {
return err
}
if err := conf.Set(nsConf, flagTCP, packable.NewString(c.TCPPath)); err != nil {
return err
}
if err := conf.Set(nsConf, flagKey, packable.NewString(c.KeyPath)); err != nil {
return err
}
if err := conf.Set(nsConf, flagUser, packable.NewString(c.Username)); err != nil {
return err
}
if err := conf.Set(nsConf, flagPass, packable.NewString(c.Password)); err != nil {
return err
}
if err := conf.Set(nsConf, flagRate, packable.NewString(c.Rate)); err != nil {
return err
}
if err := conf.Set(nsConf, flagBurst, packable.NewString(c.Burst)); err != nil {
return err
}
if err := conf.Set(nsConf, flagTimeout, packable.NewString(c.Timeout)); err != nil {
return err
}
if err := conf.Set(nsConf, flagRewrites, packable.NewString(strings.Join(c.Rewrites, ","))); err != nil {
return err
}
return nil
}
func fromFlags() error {
binds := make([]toBind, 0)
binds = append(binds, addFlag(flagPort, "51555", "port to bind to"))
binds = append(binds, addFlag(flagConf, "", "configuration file path"))
binds = append(binds, addFlag(flagRoutes, "", "comma-separated routes to map, each as from:scheme://to.tld:port"))
binds = append(binds, addFlag(flagCert, "", "path to .crt"))
binds = append(binds, addFlag(flagTCP, "", "tcp addr"))
binds = append(binds, addFlag(flagKey, "", "path to .key"))
binds = append(binds, addFlag(flagUser, "", "basic auth username"))
binds = append(binds, addFlag(flagPass, "", "basic auth password"))
binds = append(binds, addFlag(flagRate, "100", "rate limit per second"))
binds = append(binds, addFlag(flagBurst, "100", "rate limit burst"))
binds = append(binds, addFlag(flagTimeout, "30", "seconds to wait for limiter"))
binds = append(binds, addFlag(flagRewrites, "", "comma-separated from:replace:replacement:oauth to rewrite in response bodies"))
flag.Parse()
for _, bind := range binds {
confFlag := flag.Lookup(bind.flag)
if confFlag == nil || confFlag.Value.String() == "" {
continue
}
if err := conf.Set(nsConf, bind.flag, packable.NewString(*bind.value)); err != nil {
return err
}
}
return nil
}
func addFlag(key, def, help string) toBind {
def = getFlagOrDefault(key, def)
v := flag.String(key, def, help)
return toBind{
flag: key,
value: v,
}
}
func getFlagOrDefault(key, def string) string {
v := packable.NewString()
if err := conf.Get(nsConf, key, v); err != nil {
return def
}
return v.String()
}

0
config/new_test.go → .config/new_test.go Normal file → Executable file
View File

4
.gitignore vendored Normal file → Executable file
View File

@@ -1,6 +1,10 @@
lz4 lz4
rclone rclone
rcloner rcloner
exec
exec-*
**/exec
**/exec-*
Go Go
cloudly cloudly
dockfile dockfile

16
Dockerfile Executable file
View File

@@ -0,0 +1,16 @@
FROM golang:1.13-alpine as certs
RUN apk update && apk add --no-cache ca-certificates
FROM busybox:glibc
RUN mkdir -p /var/log
WORKDIR /main
COPY --from=certs /etc/ssl/certs /etc/ssl/certs
COPY . .
ENV GOPATH=""
ENV MNT="/mnt/"
ENTRYPOINT ["/main/exec-rproxy3"]
CMD []

11
conf.yaml
View File

@@ -1,11 +0,0 @@
p: 54243
r:
- echo:http://localhost:49982
- echo2:http://192.168.0.86:38090
#crt: ./testdata/rproxy3server.crt
#key: ./testdata/rproxy3server.key
#user: bel
#pass: bel
rate: 1
burst: 2
timeout: 10

BIN
config/.config.go.un~ Normal file
View File

Binary file not shown.

BIN
config/.new.go.un~ Normal file
View File

Binary file not shown.

156
config/config.go Normal file → Executable file
View File

@@ -1,108 +1,110 @@
package config package config
import ( import (
"local/rproxy3/storage/packable" "encoding/json"
"fmt"
"log" "log"
"strconv"
"strings" "strings"
"time"
) )
func GetPort() string { type Proxy struct {
v := packable.NewString() To string
conf.Get(nsConf, flagPort, v)
return ":" + strings.TrimPrefix(v.String(), ":")
} }
func GetRoutes() map[string]string { func parseProxy(s string) (string, Proxy) {
v := packable.NewString() p := Proxy{}
conf.Get(nsConf, flagRoutes, v) key := ""
m := make(map[string]string) l := strings.Split(s, ",")
for _, v := range strings.Split(v.String(), ",") { if len(l) > 0 {
if len(v) == 0 { key = l[0]
return m
} }
from := v[:strings.Index(v, ":")] if len(l) > 1 {
to := v[strings.Index(v, ":")+1:] p.To = l[1]
m[from] = to
} }
return m return key, p
} }
func GetSSL() (string, string, bool) { func GetAuthelia() (string, bool) {
v := packable.NewString() authelia := conf.Get("authelia").GetString()
conf.Get(nsConf, flagCert, v) return authelia, authelia != ""
certPath := v.String() }
conf.Get(nsConf, flagKey, v)
keyPath := v.String() func GetBOAuthZ() (string, bool) {
return certPath, keyPath, notEmpty(certPath, keyPath) boauthz := conf.Get("oauth").GetString()
return boauthz, boauthz != ""
} }
func GetAuth() (string, string, bool) { func GetAuth() (string, string, bool) {
v := packable.NewString() user := conf.Get("user").GetString()
conf.Get(nsConf, flagUser, v) pass := conf.Get("pass").GetString()
user := v.String() return user, pass, user != "" && pass != ""
conf.Get(nsConf, flagPass, v)
pass := v.String()
return user, pass, notEmpty(user, pass)
} }
func notEmpty(s ...string) bool { func GetPort() string {
for i := range s { port := conf.Get("p").GetInt()
if s[i] == "" || s[i] == "/dev/null" { return ":" + fmt.Sprint(port)
return false }
}
} func GetAltPort() string {
return true port := conf.Get("ap").GetInt()
return ":" + fmt.Sprint(port)
} }
func GetRate() (int, int) { func GetRate() (int, int) {
r := packable.NewString() rate := conf.Get("r").GetInt()
conf.Get(nsConf, flagRate, r) burst := conf.Get("b").GetInt()
b := packable.NewString() log.Println("rate/burst:", rate, burst)
conf.Get(nsConf, flagBurst, b)
rate, err := strconv.Atoi(r.String())
if err != nil {
log.Printf("illegal rate: %v", err)
rate = 5
}
burst, _ := strconv.Atoi(b.String())
if err != nil {
log.Printf("illegal burst: %v", err)
burst = 5
}
return rate, burst return rate, burst
} }
func GetTimeout() int { func GetRoutes() map[string]Proxy {
t := packable.NewString() list := conf.Get("proxy").GetString()
conf.Get(nsConf, flagTimeout, t) definitions := strings.Split(list, ",,")
routes := make(map[string]Proxy)
timeout, err := strconv.Atoi(t.String()) for _, definition := range definitions {
if err != nil || timeout == 5 { k, v := parseProxy(definition)
return 5 routes[k] = v
} }
return routes
}
func GetSSL() (string, string, bool) {
crt := conf.Get("crt").GetString()
key := conf.Get("key").GetString()
return crt, key, crt != "" && key != ""
}
func GetTCP() (string, bool) {
tcp := conf.Get("tcp").GetString()
return tcp, tcp != ""
}
func GetTimeout() time.Duration {
timeout := conf.Get("timeout").GetDuration()
return timeout return timeout
} }
func GetRewrites(hostMatch string) map[string]string { func GetCORS(key string) bool {
v := packable.NewString() cors := conf.GetString("cors")
conf.Get(nsConf, flagRewrites, v) var m map[string]bool
m := make(map[string]string) if err := json.Unmarshal([]byte(cors), &m); err != nil {
for _, v := range strings.Split(v.String(), ",") { return false
vs := strings.Split(v, ":")
if len(v) < 3 {
continue
} }
host := vs[0] _, ok := m[key]
if host != hostMatch { return ok
continue }
}
from := vs[1] func GetNoPath(key string) bool {
to := strings.Join(vs[2:], ":") nopath := conf.GetString("nopath")
m[from] = to var m map[string]bool
} if err := json.Unmarshal([]byte(nopath), &m); err != nil {
return m return false
}
_, ok := m[key]
return ok
}
func GetCompression() bool {
return conf.GetBool("compression")
} }

176
config/new.go Normal file → Executable file
View File

@@ -1,155 +1,61 @@
package config package config
import ( import (
"flag" "fmt"
"io/ioutil" "local/args"
"local/rproxy3/storage" "local/logb"
"local/rproxy3/storage/packable"
"log" "log"
"os" "os"
"strings" "strings"
"time"
yaml "gopkg.in/yaml.v2"
) )
const nsConf = "configuration" var conf *args.ArgSet
const flagPort = "p"
const flagRoutes = "r"
const flagConf = "c"
const flagCert = "crt"
const flagKey = "key"
const flagUser = "user"
const flagPass = "pass"
const flagRate = "rate"
const flagBurst = "burst"
const flagTimeout = "timeout"
const flagRewrites = "rw"
var conf = storage.NewMap() func init() {
if err := Refresh(); err != nil {
type toBind struct { panic(err)
flag string }
value *string
} }
type fileConf struct { func Refresh() error {
Port string `yaml:"p"`
Routes []string `yaml:"r"`
CertPath string `yaml:"crt"`
KeyPath string `yaml:"key"`
Username string `yaml:"user"`
Password string `yaml:"pass"`
Rate string `yaml:"rate"`
Burst string `yaml:"burst"`
Timeout string `yaml:"timeout"`
Rewrites []string `yaml:"rw"`
}
func Init() error {
log.SetFlags(log.Ldate | log.Ltime | log.Llongfile) log.SetFlags(log.Ldate | log.Ltime | log.Llongfile)
log.SetFlags(log.Ltime | log.Lshortfile) log.SetFlags(log.Ltime | log.Lshortfile)
if err := fromFile(); err != nil {
return err as, err := parseArgs()
} if err != nil && !strings.Contains(fmt.Sprint(os.Args), "-test") {
if err := fromFlags(); err != nil {
return err return err
} }
conf = as
logb.Set(logb.LevelFromString(as.GetString("level")))
return nil return nil
} }
func fromFile() error { func parseArgs() (*args.ArgSet, error) {
flag.CommandLine = flag.NewFlagSet(os.Args[0], flag.ContinueOnError) configFiles := []string{}
defer func() { if v, ok := os.LookupEnv("CONFIG"); ok {
flag.CommandLine = flag.NewFlagSet(os.Args[0], flag.ExitOnError) configFiles = strings.Split(v, ",")
}()
flag.String(flagConf, "/dev/null", "yaml config file path")
flag.Parse()
confFlag := flag.Lookup(flagConf)
if confFlag == nil || confFlag.Value.String() == "" {
return nil
} }
confBytes, err := ioutil.ReadFile(confFlag.Value.String()) as := args.NewArgSet(configFiles...)
if err != nil {
return err as.Append(args.STRING, "user", "username for basic auth", "")
} as.Append(args.STRING, "pass", "password for basic auth", "")
var c fileConf as.Append(args.INT, "p", "port for service", 51555)
if err := yaml.Unmarshal(confBytes, &c); err != nil { as.Append(args.INT, "ap", "alt port for always http service", 51556)
return err as.Append(args.INT, "r", "rate per second for requests", 100)
} as.Append(args.INT, "b", "burst requests", 100)
if err := conf.Set(nsConf, flagPort, packable.NewString(c.Port)); err != nil { as.Append(args.BOOL, "compress", "enable compression", true)
return err as.Append(args.STRING, "crt", "path to crt for ssl", "")
} as.Append(args.STRING, "key", "path to key for ssl", "")
if err := conf.Set(nsConf, flagRoutes, packable.NewString(strings.Join(c.Routes, ","))); err != nil { as.Append(args.STRING, "tcp", "address for tcp only tunnel", "")
return err as.Append(args.DURATION, "timeout", "timeout for tunnel", time.Minute)
} as.Append(args.STRING, "proxy", "double-comma separated (+ if auth)from,scheme://to.tld:port,,", "")
if err := conf.Set(nsConf, flagCert, packable.NewString(c.CertPath)); err != nil { as.Append(args.STRING, "oauth", "url for boauthz", "")
return err as.Append(args.STRING, "authelia", "url for authelia", "")
} as.Append(args.STRING, "cors", "json dict key:true for keys to set CORS permissive headers, like {\"from\":true}", "{}")
if err := conf.Set(nsConf, flagKey, packable.NewString(c.KeyPath)); err != nil { as.Append(args.STRING, "nopath", "json dict key:true for keys to remove all path info from forwarded request, like -cors", "{}")
return err as.Append(args.STRING, "level", "log level", "info")
}
if err := conf.Set(nsConf, flagUser, packable.NewString(c.Username)); err != nil { err := as.Parse()
return err return as, err
}
if err := conf.Set(nsConf, flagPass, packable.NewString(c.Password)); err != nil {
return err
}
if err := conf.Set(nsConf, flagRate, packable.NewString(c.Rate)); err != nil {
return err
}
if err := conf.Set(nsConf, flagBurst, packable.NewString(c.Burst)); err != nil {
return err
}
if err := conf.Set(nsConf, flagTimeout, packable.NewString(c.Timeout)); err != nil {
return err
}
if err := conf.Set(nsConf, flagRewrites, packable.NewString(strings.Join(c.Rewrites, ","))); err != nil {
return err
}
return nil
}
func fromFlags() error {
binds := make([]toBind, 0)
binds = append(binds, addFlag(flagPort, "51555", "port to bind to"))
binds = append(binds, addFlag(flagConf, "", "configuration file path"))
binds = append(binds, addFlag(flagRoutes, "", "comma-separated routes to map, each as from:scheme://to.tld:port"))
binds = append(binds, addFlag(flagCert, "", "path to .crt"))
binds = append(binds, addFlag(flagKey, "", "path to .key"))
binds = append(binds, addFlag(flagUser, "", "basic auth username"))
binds = append(binds, addFlag(flagPass, "", "basic auth password"))
binds = append(binds, addFlag(flagRate, "100", "rate limit per second"))
binds = append(binds, addFlag(flagBurst, "100", "rate limit burst"))
binds = append(binds, addFlag(flagTimeout, "30", "seconds to wait for limiter"))
binds = append(binds, addFlag(flagRewrites, "", "comma-separated from:replace:replacement to rewrite in response bodies"))
flag.Parse()
for _, bind := range binds {
confFlag := flag.Lookup(bind.flag)
if confFlag == nil || confFlag.Value.String() == "" {
continue
}
if err := conf.Set(nsConf, bind.flag, packable.NewString(*bind.value)); err != nil {
return err
}
}
return nil
}
func addFlag(key, def, help string) toBind {
def = getFlagOrDefault(key, def)
v := flag.String(key, def, help)
return toBind{
flag: key,
value: v,
}
}
func getFlagOrDefault(key, def string) string {
v := packable.NewString()
if err := conf.Get(nsConf, key, v); err != nil {
return def
}
return v.String()
} }

11
example_config.yaml Executable file
View File

@@ -0,0 +1,11 @@
user: ""
pass: ""
port: 51555
r: 100
b: 100
crt: ""
key: ""
tcp: ""
timeout: 1m
proxy: a,http://localhost:41912,,+b,http://localhost:41912
oauth: http://localhost:23456

2
main.go Normal file → Executable file
View File

@@ -6,7 +6,7 @@ import (
) )
func main() { func main() {
if err := config.Init(); err != nil { if err := config.Refresh(); err != nil {
panic(err) panic(err)
} }

14
main_test.go Normal file → Executable file
View File

@@ -34,8 +34,8 @@ func TestHTTPSMain(t *testing.T) {
"username", "username",
"-pass", "-pass",
"password", "password",
"-r", "-proxy",
"hello:" + addr, "hello," + addr,
"-crt", "-crt",
"./testdata/rproxy3server.crt", "./testdata/rproxy3server.crt",
"-key", "-key",
@@ -51,7 +51,7 @@ func TestHTTPSMain(t *testing.T) {
TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}, },
} }
r, _ := http.NewRequest("GET", "https://hello.localhost"+port, nil) r, _ := http.NewRequest("GET", "https://hello.localhost:"+port, nil)
if resp, err := client.Do(r); err != nil { if resp, err := client.Do(r); err != nil {
t.Fatalf("client failed: %v", err) t.Fatalf("client failed: %v", err)
@@ -89,8 +89,8 @@ func TestHTTPMain(t *testing.T) {
"username", "username",
"-pass", "-pass",
"password", "password",
"-r", "-proxy",
"hello:" + addr, "hello," + addr,
} }
main() main()
}() }()
@@ -98,7 +98,7 @@ func TestHTTPMain(t *testing.T) {
time.Sleep(time.Millisecond * 100) time.Sleep(time.Millisecond * 100)
client := &http.Client{} client := &http.Client{}
r, _ := http.NewRequest("GET", "http://hello.localhost"+port, nil) r, _ := http.NewRequest("GET", "http://hello.localhost:"+port, nil)
if resp, err := client.Do(r); err != nil { if resp, err := client.Do(r); err != nil {
t.Fatalf("client failed: %v", err) t.Fatalf("client failed: %v", err)
@@ -127,5 +127,5 @@ func echoServer() (string, func()) {
func getPort() string { func getPort() string {
s := httptest.NewServer(nil) s := httptest.NewServer(nil)
s.Close() s.Close()
return s.URL[strings.LastIndex(s.URL, ":"):] return s.URL[strings.LastIndex(s.URL, ":")+1:]
} }

7
server/new.go Normal file → Executable file
View File

@@ -9,10 +9,15 @@ import (
func New() *Server { func New() *Server {
port := config.GetPort() port := config.GetPort()
altport := config.GetAltPort()
r, b := config.GetRate() r, b := config.GetRate()
return &Server{ server := &Server{
db: storage.NewMap(), db: storage.NewMap(),
addr: port, addr: port,
altaddr: altport,
limiter: rate.NewLimiter(rate.Limit(r), b), limiter: rate.NewLimiter(rate.Limit(r), b),
} }
_, server.auth.BOAuthZ = config.GetBOAuthZ()
_, server.auth.Authelia = config.GetAuthelia()
return server
} }

0
server/new_test.go Normal file → Executable file
View File

13
server/proxy.go Normal file → Executable file
View File

@@ -4,7 +4,6 @@ import (
"bytes" "bytes"
"crypto/tls" "crypto/tls"
"io" "io"
"local/rproxy3/config"
"local/rproxy3/storage/packable" "local/rproxy3/storage/packable"
"log" "log"
"net/http" "net/http"
@@ -33,16 +32,12 @@ func (s *Server) Proxy(w http.ResponseWriter, r *http.Request) {
targetHost: newURL.Host, targetHost: newURL.Host,
baseTransport: http.DefaultTransport, baseTransport: http.DefaultTransport,
} }
transport = &rewrite{
rewrites: config.GetRewrites(mapKey(r.Host)),
baseTransport: transport,
}
if err != nil { if err != nil {
http.NotFound(w, r) http.NotFound(w, r)
log.Printf("unknown host lookup %q", r.Host) log.Printf("unknown host lookup %q", r.Host)
return return
} }
r.Host = newURL.Host //r.Host = newURL.Host
proxy := httputil.NewSingleHostReverseProxy(newURL) proxy := httputil.NewSingleHostReverseProxy(newURL)
proxy.Transport = transport proxy.Transport = transport
proxy.ServeHTTP(w, r) proxy.ServeHTTP(w, r)
@@ -54,6 +49,12 @@ func (s *Server) lookup(host string) (*url.URL, error) {
return v.URL(), err return v.URL(), err
} }
func (s *Server) lookupAuth(host string) (bool, error) {
v := packable.NewString()
err := s.db.Get(nsBOAuthZ, host, v)
return v.String() == "true", err
}
func mapKey(host string) string { func mapKey(host string) string {
host = strings.Split(host, ".")[0] host = strings.Split(host, ".")[0]
host = strings.Split(host, ":")[0] host = strings.Split(host, ":")[0]

0
server/proxy_test.go Normal file → Executable file
View File

0
server/routes.go Normal file → Executable file
View File

0
server/routes_test.go Normal file → Executable file
View File

225
server/server.go Normal file → Executable file
View File

@@ -5,12 +5,18 @@ import (
"crypto/tls" "crypto/tls"
"encoding/base64" "encoding/base64"
"errors" "errors"
"fmt"
"io"
"local/logb"
"local/oauth2/oauth2client"
"local/rproxy3/config" "local/rproxy3/config"
"local/rproxy3/storage" "local/rproxy3/storage"
"local/rproxy3/storage/packable" "local/rproxy3/storage/packable"
"log" "log"
"net"
"net/http" "net/http"
"net/url" "net/url"
"path"
"strings" "strings"
"time" "time"
@@ -18,12 +24,14 @@ import (
) )
const nsRouting = "routing" const nsRouting = "routing"
const nsBOAuthZ = "oauth"
type listenerScheme int type listenerScheme int
const ( const (
schemeHTTP listenerScheme = iota schemeHTTP listenerScheme = iota
schemeHTTPS listenerScheme = iota schemeHTTPS listenerScheme = iota
schemeTCP listenerScheme = iota
) )
func (ls listenerScheme) String() string { func (ls listenerScheme) String() string {
@@ -32,6 +40,8 @@ func (ls listenerScheme) String() string {
return "http" return "http"
case schemeHTTPS: case schemeHTTPS:
return "https" return "https"
case schemeTCP:
return "tcp"
} }
return "" return ""
} }
@@ -39,32 +49,36 @@ func (ls listenerScheme) String() string {
type Server struct { type Server struct {
db storage.DB db storage.DB
addr string addr string
altaddr string
username string username string
password string password string
limiter *rate.Limiter limiter *rate.Limiter
auth struct {
BOAuthZ bool
Authelia bool
}
} }
func (s *Server) Route(src, dst string) error { func (s *Server) Route(src string, dst config.Proxy) error {
log.Printf("Adding route %q -> %q...\n", src, dst) hasOAuth := strings.HasPrefix(src, "+")
u, err := url.Parse(dst) src = strings.TrimPrefix(src, "+")
log.Printf("Adding route %q -> %v...\n", src, dst)
u, err := url.Parse(dst.To)
if err != nil { if err != nil {
return err return err
} }
s.db.Set(nsBOAuthZ, src, packable.NewString(fmt.Sprint(hasOAuth)))
return s.db.Set(nsRouting, src, packable.NewURL(u)) return s.db.Set(nsRouting, src, packable.NewURL(u))
} }
func (s *Server) Run() error { func (s *Server) Run() error {
scheme := schemeHTTP go s.alt()
if _, _, ok := config.GetSSL(); ok { scheme := getScheme()
scheme = schemeHTTPS
}
log.Printf("Listening for %v on %v...\n", scheme, s.addr) log.Printf("Listening for %v on %v...\n", scheme, s.addr)
switch scheme { switch scheme {
case schemeHTTP: case schemeHTTP:
log.Printf("Serve http")
return http.ListenAndServe(s.addr, s) return http.ListenAndServe(s.addr, s)
case schemeHTTPS: case schemeHTTPS:
log.Printf("Serve https")
c, k, _ := config.GetSSL() c, k, _ := config.GetSSL()
httpsServer := &http.Server{ httpsServer := &http.Server{
Addr: s.addr, Addr: s.addr,
@@ -83,15 +97,95 @@ func (s *Server) Run() error {
TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler), 0), TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler), 0),
} }
return httpsServer.ListenAndServeTLS(c, k) return httpsServer.ListenAndServeTLS(c, k)
case schemeTCP:
addr, _ := config.GetTCP()
return s.ServeTCP(addr)
} }
return errors.New("did not load server") return errors.New("did not load server")
} }
func (s *Server) doAuth(foo http.HandlerFunc) http.HandlerFunc { func (s *Server) doAuthelia(foo http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) {
authelia, ok := config.GetAuthelia()
if !ok {
panic("howd i get here")
}
url, err := url.Parse(authelia)
if err != nil {
panic(fmt.Sprintf("bad config for authelia url: %v", err))
}
url.Path = "/api/verify"
req, err := http.NewRequest(http.MethodGet, url.String(), nil)
if err != nil {
panic(err.Error())
}
r2 := r.Clone(r.Context())
if r2.URL.Host == "" {
r2.URL.Host = r2.Host
}
if r2.URL.Scheme == "" {
r2.URL.Scheme = "https"
}
for _, httpreq := range []*http.Request{r, req} {
for k, v := range map[string]string{
"X-Original-Url": r2.URL.String(),
"X-Forwarded-Proto": r2.URL.Scheme,
"X-Forwarded-Host": r2.URL.Host,
"X-Forwarded-Uri": r2.URL.String(),
} {
if _, ok := httpreq.Header[k]; !ok {
httpreq.Header.Set(k, v)
}
}
}
if cookie, err := r.Cookie("authelia_session"); err == nil {
req.AddCookie(cookie)
}
c := &http.Client{
Timeout: time.Minute,
Transport: &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
},
}
autheliaKey := mapKey(req.Host)
if strings.HasPrefix(r.Host, autheliaKey) {
logb.Debugf("no authelia for %s because it has prefix %s", r.Host, autheliaKey)
foo(w, r)
return
}
resp, err := c.Do(req)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
logb.Debugf(
"authelia: %+v, %+v \n\t-> \n\t(%d) %+v, %+v",
req,
req.Cookies(),
resp.StatusCode,
resp.Header,
resp.Cookies(),
)
defer resp.Body.Close()
if resp.StatusCode == http.StatusOK {
foo(w, r)
return
}
url.Path = ""
q := url.Query()
q.Set("rd", r2.URL.String())
url.RawQuery = q.Encode()
http.Redirect(w, r, url.String(), http.StatusFound)
}
}
func (s *Server) doBOAuthZ(foo http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
key := mapKey(r.Host)
rusr, rpwd, ok := config.GetAuth() rusr, rpwd, ok := config.GetAuth()
if ok { if ok {
//usr, pwd := getProxyAuth(r)
usr, pwd, ok := r.BasicAuth() usr, pwd, ok := r.BasicAuth()
if !ok || rusr != usr || rpwd != pwd { if !ok || rusr != usr || rpwd != pwd {
w.WriteHeader(http.StatusUnauthorized) w.WriteHeader(http.StatusUnauthorized)
@@ -99,19 +193,72 @@ func (s *Server) doAuth(foo http.HandlerFunc) http.HandlerFunc {
return return
} }
} }
ok, err := s.lookupAuth(key)
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
return
}
if url, exists := config.GetBOAuthZ(); ok && exists {
err := oauth2client.Authenticate(url, key, w, r)
if err != nil {
return
}
}
if config.GetNoPath(key) && path.Ext(r.URL.Path) == "" {
r.URL.Path = "/"
}
foo(w, r) foo(w, r)
} }
} }
func (s *Server) ServeTCP(addr string) error {
listen, err := net.Listen("tcp", s.addr)
if err != nil {
return err
}
for {
c, err := listen.Accept()
if err != nil {
return err
}
go func(c net.Conn) {
d, err := net.Dial("tcp", addr)
if err != nil {
log.Println(err)
return
}
go pipe(c, d)
go pipe(d, c)
}(c)
}
}
func pipe(a, b net.Conn) {
log.Println("open pipe")
defer log.Println("close pipe")
defer a.Close()
defer b.Close()
io.Copy(a, b)
}
func (s *Server) Pre(foo http.HandlerFunc) http.HandlerFunc { func (s *Server) Pre(foo http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) {
ctx, can := context.WithTimeout(r.Context(), time.Second*time.Duration(config.GetTimeout())) ctx, can := context.WithTimeout(r.Context(), time.Duration(config.GetTimeout()))
defer can() defer can()
if err := s.limiter.Wait(ctx); err != nil { if err := s.limiter.Wait(ctx); err != nil {
w.WriteHeader(http.StatusTooManyRequests) w.WriteHeader(http.StatusTooManyRequests)
return return
} }
s.doAuth(foo)(w, r) if did := s.doCORS(w, r); did {
return
}
if s.auth.BOAuthZ {
s.doBOAuthZ(foo)(w, r)
} else if s.auth.Authelia {
s.doAuthelia(foo)(w, r)
} else {
foo(w, r)
}
} }
} }
@@ -119,6 +266,22 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
s.Pre(s.Proxy)(w, r) s.Pre(s.Proxy)(w, r)
} }
func (s *Server) doCORS(w http.ResponseWriter, r *http.Request) bool {
key := mapKey(r.Host)
if !config.GetCORS(key) {
return false
}
w.Header().Set("Access-Control-Allow-Origin", "*")
w.Header().Set("Access-Control-Allow-Headers", "X-Auth-Token, content-type, Content-Type")
if r.Method != "OPTIONS" {
return false
}
w.Header().Set("Content-Length", "0")
w.Header().Set("Content-Type", "text/plain")
w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, OPTIONS, TRACE, PATCH, HEAD, DELETE")
return true
}
func getProxyAuth(r *http.Request) (string, string) { func getProxyAuth(r *http.Request) (string, string) {
proxyAuthHeader := r.Header.Get("Proxy-Authorization") proxyAuthHeader := r.Header.Get("Proxy-Authorization")
proxyAuthB64 := strings.TrimPrefix(proxyAuthHeader, "Basic ") proxyAuthB64 := strings.TrimPrefix(proxyAuthHeader, "Basic ")
@@ -130,3 +293,39 @@ func getProxyAuth(r *http.Request) (string, string) {
proxyAuthSplit := strings.Split(proxyAuth, ":") proxyAuthSplit := strings.Split(proxyAuth, ":")
return proxyAuthSplit[0], proxyAuthSplit[1] return proxyAuthSplit[0], proxyAuthSplit[1]
} }
func (s *Server) alt() {
switch getScheme() {
case schemeHTTP:
case schemeHTTPS:
default:
return
}
foo := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
r.URL.Scheme = getScheme().String()
if hostname := r.URL.Hostname(); hostname != "" {
r.URL.Host = r.URL.Hostname() + s.addr
} else if hostname := r.URL.Host; hostname != "" {
r.URL.Host = r.URL.Host + s.addr
} else {
u := url.URL{Host: r.Host}
r.URL.Host = u.Hostname() + s.addr
}
http.Redirect(w, r, r.URL.String(), http.StatusSeeOther)
})
log.Println("redirecting from", s.altaddr)
if err := http.ListenAndServe(s.altaddr, foo); err != nil {
panic(err)
}
}
func getScheme() listenerScheme {
scheme := schemeHTTP
if _, _, ok := config.GetSSL(); ok {
scheme = schemeHTTPS
}
if _, ok := config.GetTCP(); ok {
scheme = schemeTCP
}
return scheme
}

11
server/server_test.go Normal file → Executable file
View File

@@ -3,6 +3,7 @@ package server
import ( import (
"context" "context"
"fmt" "fmt"
"local/rproxy3/config"
"local/rproxy3/storage" "local/rproxy3/storage"
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
@@ -15,7 +16,10 @@ import (
func TestServerStart(t *testing.T) { func TestServerStart(t *testing.T) {
server := mockServer() server := mockServer()
if err := server.Route("world", "http://hello.localhost"+server.addr); err != nil { p := config.Proxy{
To: "http://hello.localhost" + server.addr,
}
if err := server.Route("world", p); err != nil {
t.Fatalf("cannot add route: %v", err) t.Fatalf("cannot add route: %v", err)
} }
@@ -48,7 +52,10 @@ func mockServer() *Server {
func TestServerRoute(t *testing.T) { func TestServerRoute(t *testing.T) {
server := mockServer() server := mockServer()
if err := server.Route("world", "http://hello.localhost"+server.addr); err != nil { p := config.Proxy{
To: "http://hello.localhost" + server.addr,
}
if err := server.Route("world", p); err != nil {
t.Fatalf("cannot add route: %v", err) t.Fatalf("cannot add route: %v", err)
} }
w := httptest.NewRecorder() w := httptest.NewRecorder()

0
storage/db.go Normal file → Executable file
View File

0
storage/db_test.go Normal file → Executable file
View File

0
storage/map.go Normal file → Executable file
View File

0
storage/packable/packable.go Normal file → Executable file
View File

0
storage/packable/packable_test.go Normal file → Executable file
View File

0
testdata/Bserver.crt vendored Normal file → Executable file
View File

0
testdata/Bserver.key vendored Normal file → Executable file
View File

0
testdata/Bserver.pkcs12 vendored Normal file → Executable file
View File

36
testdata/index.html vendored Executable file
View File

@@ -0,0 +1,36 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta http-equiv="X-UA-Compatible" content="ie=edge" />
<title>Go WebSocket Tutorial</title>
</head>
<body>
<h2>Hello World</h2>
<script>
let socket = new WebSocket("ws://a.bel.test:51555/ws");
document.getElementsByTagName("body")[0].innerHTML += "<br>connecting";
socket.onopen = () => {
document.getElementsByTagName("body")[0].innerHTML += "<br>connected";
socket.send("Hi From the Client!")
};
socket.onclose = event => {
document.getElementsByTagName("body")[0].innerHTML += "<br>disconnected";
socket.send("Client Closed!")
};
socket.onerror = error => {
document.getElementsByTagName("body")[0].innerHTML += "<br>error:" + error;
console.log("Socket Error: ", error);
};
socket.onmessage = function(msgevent) {
document.getElementsByTagName("body")[0].innerHTML += "<br>got:" + msgevent.data;
};
</script>
</body>
</html>

0
testdata/rproxy3server.crt vendored Normal file → Executable file
View File

0
testdata/rproxy3server.key vendored Normal file → Executable file
View File

0
testdata/rproxy3server.pkcs12 vendored Normal file → Executable file
View File

76
testdata/ws.go vendored Executable file
View File

@@ -0,0 +1,76 @@
package main
import (
"fmt"
"io/ioutil"
"log"
"net/http"
"time"
"github.com/gorilla/websocket"
)
func homePage(w http.ResponseWriter, r *http.Request) {
b, _ := ioutil.ReadFile("./index.html")
fmt.Fprintf(w, "%s", b)
}
func setupRoutes() {
http.HandleFunc("/", homePage)
http.HandleFunc("/ws", wsEndpoint)
}
func main() {
fmt.Println("Hello World")
setupRoutes()
log.Fatal(http.ListenAndServe(":8080", nil))
}
var upgrader = websocket.Upgrader{
ReadBufferSize: 1024,
WriteBufferSize: 1024,
}
func reader(conn *websocket.Conn) {
for {
// read in a message
messageType, p, err := conn.ReadMessage()
if err != nil {
log.Println(err)
return
}
// print out that message for clarity
fmt.Println(string(p))
if err := conn.WriteMessage(messageType, p); err != nil {
log.Println(err)
return
}
}
}
func wsEndpoint(w http.ResponseWriter, r *http.Request) {
upgrader.CheckOrigin = func(r *http.Request) bool { return true }
// upgrade this connection to a WebSocket
// connection
ws, err := upgrader.Upgrade(w, r, nil)
if err != nil {
log.Println(err)
}
log.Println("Client Connected")
// listen indefinitely for new messages coming
// through on our WebSocket connection
go reader(ws)
for {
log.Println("writing...")
err = ws.WriteMessage(1, []byte("Hi Client!"))
log.Println("written")
if err != nil {
log.Println(err)
return
}
time.Sleep(time.Second)
}
}