From f6011ade8367de6b9b890d22688794193ecd8b3b Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Sat, 26 May 2018 21:21:03 +0000 Subject: [PATCH] still playing peekaboo... --- lib/unwrap-tls.js | 39 ++++++++++++++++++++++++--------------- 1 file changed, 24 insertions(+), 15 deletions(-) diff --git a/lib/unwrap-tls.js b/lib/unwrap-tls.js index 02312eb..72b7a5a 100644 --- a/lib/unwrap-tls.js +++ b/lib/unwrap-tls.js @@ -63,6 +63,9 @@ module.exports.createTcpConnectionHandler = function (copts) { //return; conn.once('data', function (firstChunk) { + conn.pause(); + conn.unshift(firstChunk); + // BUG XXX: this assumes that the packet won't be chunked smaller // than the 'hello' or the point of the 'Host' header. // This is fairly reasonable, but there are edge cases where @@ -70,10 +73,14 @@ module.exports.createTcpConnectionHandler = function (copts) { // and so it should be fixed at some point in the future // defer after return (instead of being in many places) - process.nextTick(function () { - conn.unshift(firstChunk); - conn.resume(); - }); + function deferData(fn) { + if (fn) { + copts[fn](servername, conn) + } + process.nextTick(function () { + conn.resume(); + }); + } var service = 'tcp'; var servername; @@ -87,13 +94,13 @@ module.exports.createTcpConnectionHandler = function (copts) { if (!copts.servernames.length) { console.log("https => admin => setup => (needs bogus tls certs to start?)"); - copts.httpsSetupServer(servername, conn); + deferData('httpsSetupServer'); return; } if (-1 !== copts.servernames.indexOf(servername)) { console.log("Lock and load, admin interface time!"); - copts.httpsTunnel(servername, conn); + deferData('httpsTunnel'); return; } @@ -104,18 +111,19 @@ module.exports.createTcpConnectionHandler = function (copts) { function run() { if (!servername) { console.log("No SNI was given, so there's nothing we can do here"); - copts.httpsInvalid(servername, conn); + deferData('httpsInvalid'); return; } var nextDevice = Devices.next(copts.deviceLists, servername); if (!nextDevice) { console.log("No devices match the given servername"); - copts.httpsInvalid(servername, conn); + deferData('httpsInvalid'); return; } console.log("pipeWs(servername, service, socket, deviceLists['" + servername + "'])"); + deferData(); pipeWs(servername, service, conn, nextDevice); } @@ -123,13 +131,12 @@ module.exports.createTcpConnectionHandler = function (copts) { console.log("VHOST path", copts.config.vhost); vhost = copts.config.vhost.replace(/:hostname/, (servername||'')); console.log("VHOST name", vhost); - conn.pause(); //copts.httpsVhost(servername, conn); //return; require('fs').readdir(vhost, function (err, nodes) { console.log("VHOST error?", err); if (err) { run(); return; } - if (nodes) { copts.httpsVhost(servername, conn); } + if (nodes) { deferData('httpsVhost'); } }); return; } @@ -156,6 +163,7 @@ module.exports.createTcpConnectionHandler = function (copts) { if (/HTTP\//i.test(str)) { if (!copts.servernames.length) { console.log('copts.httpSetupServer', copts.httpSetupServer); + deferData(); copts.httpSetupServer.emit('connection', conn); return; } @@ -166,15 +174,16 @@ module.exports.createTcpConnectionHandler = function (copts) { if (/well-known/.test(str)) { // HTTP if (Devices.exist(copts.deviceLists, servername)) { + deferData(); pipeWs(servername, service, conn, Devices.next(copts.deviceLists, servername)); return; } - copts.handleHttp(servername, conn); - } - else { - // redirect to https - copts.handleInsecureHttp(servername, conn); + deferData('handleHttp'); + return; } + + // redirect to https + deferData('handleInsecureHttp'); return; } }