telebit-relay.js/mux-ws.js

412 lines
12 KiB
JavaScript
Raw Normal View History

2016-09-27 21:56:06 +00:00
'use strict';
var net = require('net');
var tls = require('tls');
var http = require('http');
var sni = require('sni');
var url = require('url');
var jwt = require('jsonwebtoken');
//var packer = require('tunnel-packer');
//var Transform = require('stream').Transform;
var tlsOpts = require('localhost.daplie.com-certificates').merge({});
var Duplex = require('stream').Duplex;
var WebSocketServer = require('ws').Server;
2016-09-28 05:26:16 +00:00
/*
*
* Tunnel Packer
*
*/
var packer = require('tunnel-packer');
var Transform = require('stream').Transform;
var util = require('util');
function MyTransform(options) {
if (!(this instanceof MyTransform)) {
return new MyTransform(options);
}
this.__my_addr = options.address;
2016-09-30 02:20:38 +00:00
this.__my_service = options.service;
2016-09-28 05:26:16 +00:00
Transform.call(this, options);
}
util.inherits(MyTransform, Transform);
function transform(me, data, encoding, callback) {
var address = me.__my_addr;
2016-09-30 02:20:38 +00:00
address.service = address.service || me.__my_service;
2016-09-28 05:26:16 +00:00
me.push(packer.pack(address, data));
callback();
}
MyTransform.prototype._transform = function (data, encoding, callback) {
return transform(this, data, encoding, callback);
};
function socketToAddr(socket) {
2016-09-30 02:20:38 +00:00
return {
family: socket.remoteFamily || socket._remoteFamily
, address: socket.remoteAddress || socket._remoteAddress
, port: socket.remotePort || socket._remotePort
};
2016-09-28 05:26:16 +00:00
}
function addrToId(address) {
return address.family + ',' + address.address + ',' + address.port;
}
function socketToId(socket) {
return addrToId(socketToAddr(socket));
}
2016-09-27 21:56:06 +00:00
require('cluster-store').create().then(function (store) {
var remotes = {};
var selfname = 'pokemap.hellabit.com';
var secret = 'shhhhh';
var httpServer = http.createServer(function (req, res) {
2016-09-28 05:26:16 +00:00
console.log('req.socket.encrypted', req.socket.encrypted);
2016-09-27 21:56:06 +00:00
res.end('Hello, World!');
});
var wss = new WebSocketServer({ server: httpServer });
var tcp3000 = net.createServer();
2016-09-28 05:26:16 +00:00
wss.on('connection', function (ws) {
2016-09-27 21:56:06 +00:00
var location = url.parse(ws.upgradeReq.url, true);
//var token = jwt.decode(location.query.access_token);
2016-09-30 19:15:58 +00:00
var token;
2016-09-27 21:56:06 +00:00
2016-09-30 19:15:58 +00:00
try {
token = jwt.verify(location.query.access_token, secret);
} catch(e) {
token = null;
}
/*
2016-09-30 06:46:02 +00:00
if (!token || !token.name) {
console.log('location, token');
console.log(location.query.access_token);
console.log(token);
}
2016-09-30 19:15:58 +00:00
*/
2016-09-28 05:26:16 +00:00
2016-09-27 21:56:06 +00:00
if (!token) {
2016-09-30 19:15:58 +00:00
ws.send(JSON.stringify({ error: { message: "invalid access token", code: "E_INVALID_TOKEN" } }));
2016-09-27 21:56:06 +00:00
ws.close();
return;
}
if (!token.name) {
2016-09-30 19:15:58 +00:00
ws.send(JSON.stringify({ error: { message: "invalid server name", code: "E_INVALID_NAME" } }));
2016-09-27 21:56:06 +00:00
ws.close();
return;
}
2016-09-28 05:26:16 +00:00
var remote = remotes[token.name] = remotes[token.name] || {};
2016-09-30 06:46:02 +00:00
var handlers = {
onmessage: function (opts) {
// opts.data
var cid = addrToId(opts);
var cstream = remote.clients[cid];
console.log("remote '" + remote.servername + " : " + remote.id + "' has data for '" + cid + "'", opts.data.byteLength);
if (!cstream) {
remote.ws.send(packer.pack(opts, null, 'error'));
return;
}
cstream.browser.write(opts.data);
}
, onend: function (opts) {
var cid = addrToId(opts);
console.log('[TunnelEnd]', cid);
handlers._onend(cid);
}
, onerror: function (opts) {
var cid = addrToId(opts);
console.log('[TunnelError]', cid);
handlers._onend(cid);
}
, _onend: function (cid) {
var c = remote.clients[cid];
delete remote.clients[cid];
try {
c.browser.end();
} catch(e) {
// ignore
}
try {
c.wrapped.end();
} catch(e) {
// ignore
}
}
};
2016-09-27 21:56:06 +00:00
// TODO allow more than one remote per servername
2016-09-28 05:26:16 +00:00
remote.ws = ws;
2016-09-30 02:20:38 +00:00
remote.servername = token.name;
2016-09-28 05:26:16 +00:00
remote.id = socketToId(ws.upgradeReq.socket);
2016-09-30 02:20:38 +00:00
console.log("remote.id", remote.id);
2016-09-27 21:56:06 +00:00
// TODO allow tls to be decrypted by server if client is actually a browser
// and we haven't implemented tls in the browser yet
2016-09-28 05:26:16 +00:00
remote.decrypt = token.decrypt;
2016-09-27 21:56:06 +00:00
// TODO how to allow a child process to communicate with this one?
2016-09-28 05:26:16 +00:00
remote.clients = {};
remote.handle = { address: null, handle: null };
2016-09-30 06:46:02 +00:00
remote.unpacker = packer.create(handlers);
2016-09-30 02:20:38 +00:00
ws.on('message', function (chunk) {
console.log('message from home cloud to tunneler to browser', chunk.byteLength);
2016-09-30 07:11:24 +00:00
//console.log(chunk.toString());
2016-09-30 02:20:38 +00:00
remote.unpacker.fns.addChunk(chunk);
});
2016-09-30 06:46:02 +00:00
ws.on('close', function () {
// the remote will handle closing its local connections
Object.keys(remote.clients).forEach(function (cid) {
try {
remote.clients[cid].browser.end();
} catch(e) {
// ignore
}
});
});
ws.on('error', function () {
// ignore
// the remote will retry if it wants to
});
2016-09-28 05:26:16 +00:00
store.set(token.name, remote.handle);
2016-09-27 21:56:06 +00:00
});
tcp3000.listen(3000, function () {
console.log('listening on 3000');
});
var tls3000 = tls.createServer(tlsOpts, function (tlsSocket) {
2016-09-28 05:26:16 +00:00
console.log('tls connection');
2016-09-30 02:20:38 +00:00
tlsSocket._remoteFamily = tlsSocket._handle._parentWrap._handle.owner.stream.remoteFamily;
tlsSocket._remoteAddress = tlsSocket._handle._parentWrap._handle.owner.stream.remoteAddress;
tlsSocket._remotePort = tlsSocket._handle._parentWrap._handle.owner.stream.remotePort;
2016-09-30 06:46:02 +00:00
// TODO BUG XXX
2016-09-30 02:20:38 +00:00
// https://github.com/nodejs/node/issues/8854
2016-09-30 06:46:02 +00:00
// tlsSocket.remoteAddress = remoteAddress; // causes core dump
// console.log(tlsSocket.remoteAddress);
2016-09-30 02:20:38 +00:00
console.log('s', tlsSocket._remoteAddress);
2016-09-27 21:56:06 +00:00
httpServer.emit('connection', tlsSocket);
});
var Dup = {
write: function (chunk, encoding, cb) {
//console.log('_write', chunk.byteLength);
this.__my_socket.write(chunk, encoding);
cb();
}
, read: function (size) {
//console.log('_read');
var x = this.__my_socket.read(size);
if (x) {
console.log('_read', size);
this.push(x);
}
}
};
2016-09-28 05:26:16 +00:00
function connectHttp(servername, socket) {
console.log("connectHttp('" + servername + "', socket)");
socket.__my_servername = servername;
httpServer.emit('connection', socket);
}
function connectHttps(servername, socket) {
// none of these methods work:
// httpsServer.emit('connection', socket); // this didn't work
// tlsServer.emit('connection', socket); // this didn't work either
//console.log('chunkLen', firstChunk.byteLength);
var myDuplex = new Duplex();
myDuplex.__my_socket = socket;
myDuplex._write = Dup.write;
myDuplex._read = Dup.read;
2016-09-30 02:20:38 +00:00
console.log('plainSocket.*Address');
console.log('remote:', socket.remoteAddress);
console.log('local:', socket.localAddress);
console.log('address():', socket.address());
myDuplex.remoteFamily = socket.remoteFamily;
myDuplex.remoteAddress = socket.remoteAddress;
myDuplex.remotePort = socket.remotePort;
myDuplex.localFamily = socket.localFamily;
myDuplex.localAddress = socket.localAddress;
myDuplex.localPort = socket.localPort;
2016-09-28 05:26:16 +00:00
console.log('connectHttps servername', servername);
tls3000.emit('connection', myDuplex);
socket.on('data', function (chunk) {
console.log('[' + Date.now() + '] socket data', chunk.byteLength);
myDuplex.push(chunk);
});
2016-09-30 07:11:24 +00:00
socket.on('error', function (err) {
console.error('[error] connectHttps TODO close');
console.error(err);
});
2016-09-28 05:26:16 +00:00
}
2016-09-30 02:20:38 +00:00
function pipeWs(servername, service, browser, remote) {
console.log('pipeWs');
//var remote = remotes[servername];
var ws = remote.ws;
//var address = socketToAddr(ws.upgradeReq.socket);
var baddress = socketToAddr(browser);
var cid = addrToId(baddress);
console.log('servername:', servername);
console.log('service:', service);
baddress.service = service;
var wrapForRemote = new MyTransform({
id: cid
//, remoteId: remote.id
, address: baddress
, servername: servername
, service: service
});
console.log('home-cloud is', socketToId(remote));
console.log('browser is', cid);
var bstream = remote.clients[cid] = {
wrapped: browser.pipe(wrapForRemote)
, browser: browser
2016-09-30 06:46:02 +00:00
, address: baddress
2016-09-30 02:20:38 +00:00
};
//var bstream = remote.clients[cid] = wrapForRemote.pipe(browser);
bstream.wrapped.on('data', function (pchunk) {
// var chunk = socket.read();
console.log('[bstream] data from browser to tunneler', pchunk.byteLength);
2016-09-30 07:11:24 +00:00
//console.log(JSON.stringify(pchunk.toString()));
2016-09-30 02:20:38 +00:00
ws.send(pchunk, { binary: true });
});
2016-09-30 07:11:24 +00:00
bstream.wrapped.on('error', function (err) {
console.error('[error] bstream.wrapped.error');
console.error(err);
2016-09-30 06:46:02 +00:00
try {
ws.send(packer.pack(baddress, null, 'error'), { binary: true });
} catch(e) {
// ignore
}
try {
bstream.browser.end();
} catch(e) {
// ignore
}
2016-09-30 02:20:38 +00:00
delete remote.clients[cid];
});
bstream.wrapped.on('end', function () {
2016-09-30 06:46:02 +00:00
try {
ws.send(packer.pack(baddress, null, 'end'), { binary: true });
} catch(e) {
// ignore
}
try {
bstream.browser.end();
} catch(e) {
// ignore
}
2016-09-30 02:20:38 +00:00
delete remote.clients[cid];
});
}
tcp3000.on('connection', function (browser) {
2016-09-27 21:56:06 +00:00
// this works when I put it here, but I don't know if it's tls yet here
// httpsServer.emit('connection', socket);
//tls3000.emit('connection', socket);
//var tlsSocket = new tls.TLSSocket(socket, { secureContext: tls.createSecureContext(tlsOpts) });
//tlsSocket.on('data', function (chunk) {
// console.log('dummy', chunk.byteLength);
//});
//return;
2016-09-30 02:20:38 +00:00
browser.once('data', function (firstChunk) {
2016-09-27 21:56:06 +00:00
// BUG XXX: this assumes that the packet won't be chunked smaller
// than the 'hello' or the point of the 'Host' header.
// This is fairly reasonable, but there are edge cases where
// it does not hold (such as manual debugging with telnet)
// and so it should be fixed at some point in the future
// defer after return (instead of being in many places)
process.nextTick(function () {
2016-09-30 02:20:38 +00:00
browser.unshift(firstChunk);
2016-09-27 21:56:06 +00:00
});
var service = 'tcp';
var servername;
var str;
var m;
function tryTls() {
2016-09-30 05:28:17 +00:00
if (!servername || selfname === servername || !remotes[servername]) {
2016-09-28 05:26:16 +00:00
console.log('this is a server or an unknown');
2016-09-30 02:20:38 +00:00
connectHttps(servername, browser);
2016-09-27 21:56:06 +00:00
return;
}
2016-09-30 05:27:22 +00:00
console.log("pipeWs(servername, service, socket, remotes['" + servername + "'])");
pipeWs(servername, service, browser, remotes[servername]);
2016-09-27 21:56:06 +00:00
}
// https://github.com/mscdex/httpolyglot/issues/3#issuecomment-173680155
if (22 === firstChunk[0]) {
// TLS
service = 'https';
servername = (sni(firstChunk)||'').toLowerCase();
2016-09-30 02:20:38 +00:00
console.log("tls hello servername:", servername);
2016-09-27 21:56:06 +00:00
tryTls();
return;
}
if (firstChunk[0] > 32 && firstChunk[0] < 127) {
str = firstChunk.toString();
2016-09-30 02:20:38 +00:00
m = str.match(/(?:^|[\r\n])Host: ([^\r\n]+)[\r\n]*/im);
servername = (m && m[1].toLowerCase() || '').split(':')[0];
console.log('servername', servername);
2016-09-27 21:56:06 +00:00
if (/HTTP\//i.test(str)) {
service = 'http';
if (/\/\.well-known\//.test(str)) {
// HTTP
2016-09-28 05:26:16 +00:00
if (remotes[servername]) {
2016-09-30 02:20:38 +00:00
pipeWs(servername, service, browser, remotes[servername]);
2016-09-28 05:26:16 +00:00
return;
}
2016-09-30 02:20:38 +00:00
connectHttp(servername, browser);
2016-09-27 21:56:06 +00:00
}
else {
// redirect to https
2016-09-30 02:20:38 +00:00
connectHttp(servername, browser);
2016-09-27 21:56:06 +00:00
}
return;
}
}
console.error("Got unexpected connection", str);
2016-09-30 02:20:38 +00:00
browser.write(JSON.stringify({ error: {
2016-09-27 21:56:06 +00:00
message: "not sure what you were trying to do there..."
, code: 'E_INVALID_PROTOCOL' }
}));
2016-09-30 02:20:38 +00:00
browser.end();
2016-09-27 21:56:06 +00:00
});
2016-09-30 07:11:24 +00:00
browser.on('error', function (err) {
console.error('[error] tcp socket raw TODO forward and close');
console.error(err);
});
2016-09-27 21:56:06 +00:00
});
});