added audience to the tokens we generate

This commit is contained in:
tigerbot 2017-06-05 11:20:15 -06:00
parent 61c7bd5ad6
commit e6da8277c4
1 changed files with 14 additions and 12 deletions

View File

@ -120,8 +120,8 @@ program
}) })
.option('-k --insecure', 'Allow TLS connections to stunneld without valid certs (rejectUnauthorized: false)') .option('-k --insecure', 'Allow TLS connections to stunneld without valid certs (rejectUnauthorized: false)')
.option('--locals <LIST>', 'comma separated list of <proto>:<port> to which matching incoming http and https should forward (reverse proxy). Ex: https:8443,smtps:8465', collectProxies, [ ]) // --reverse-proxies .option('--locals <LIST>', 'comma separated list of <proto>:<port> to which matching incoming http and https should forward (reverse proxy). Ex: https:8443,smtps:8465', collectProxies, [ ]) // --reverse-proxies
.option('--domains <LIST>', 'comma separated list of domain names to set to the tunnel (to caputer a specific protocol to a specific local port use the format https:example.com:1337 instead). Ex: example.com,example.net', collectDomains, [ ]) .option('--domains <LIST>', 'comma separated list of domain names to set to the tunnel (to capture a specific protocol to a specific local port use the format https:example.com:1337 instead). Ex: example.com,example.net', collectDomains, [ ])
.option('--device [HOSTNAME]', 'Tunnel all domains associated with this device instead of specific domainnames. Use with --locals <proto>:*:<port>. Ex: macbook-pro.local (the output of `hostname`)') .option('--device [HOSTNAME]', 'Tunnel all domains associated with this device instead of specific domainnames. Use with --locals <proto>:<port>. Ex: macbook-pro.local (the output of `hostname`)')
.option('--stunneld <URL>', 'the domain (or ip address) at which you are running stunneld.js (the proxy)') // --proxy .option('--stunneld <URL>', 'the domain (or ip address) at which you are running stunneld.js (the proxy)') // --proxy
.option('--secret <STRING>', 'the same secret used by stunneld (used for JWT authentication)') .option('--secret <STRING>', 'the same secret used by stunneld (used for JWT authentication)')
.option('--token <STRING>', 'a pre-generated token for use with stunneld (instead of generating one with --secret)') .option('--token <STRING>', 'a pre-generated token for use with stunneld (instead of generating one with --secret)')
@ -181,21 +181,23 @@ function rawTunnel() {
return; return;
} }
if (!program.token) {
var jwt = require('jsonwebtoken');
var tokenData = {
domains: Object.keys(domainsMap).filter(Boolean)
};
program.token = jwt.sign(tokenData, program.secret);
}
var location = url.parse(program.stunneld); var location = url.parse(program.stunneld);
if (!location.protocol || /\./.test(location.protocol)) { if (!location.protocol || /\./.test(location.protocol)) {
program.stunneld = 'wss://' + program.stunneld; program.stunneld = 'wss://' + program.stunneld;
location = url.parse(program.stunneld); location = url.parse(program.stunneld);
} }
program.stunneld = location.protocol + '//' + location.hostname + (location.port ? ':' + location.port : ''); var aud = location.hostname + (location.port ? ':' + location.port : '');
program.stunneld = location.protocol + '//' + aud;
if (!program.token) {
var jwt = require('jsonwebtoken');
var tokenData = {
domains: Object.keys(domainsMap).filter(Boolean)
, aud: aud
};
program.token = jwt.sign(tokenData, program.secret);
}
connectTunnel(); connectTunnel();
} }