telebit/cmd/telebitd/telebitd.go

191 lines
4.8 KiB
Go
Raw Normal View History

package main
import (
2017-03-22 21:43:36 +00:00
"context"
"crypto/tls"
"flag"
"fmt"
"io"
"io/ioutil"
2020-05-01 06:12:16 +00:00
golog "log"
2020-04-30 10:43:36 +00:00
"net/http"
"os"
2020-05-01 05:47:46 +00:00
"strings"
2020-05-01 06:12:16 +00:00
"git.coolaj86.com/coolaj86/go-telebitd/log"
2020-04-30 10:43:36 +00:00
"git.coolaj86.com/coolaj86/go-telebitd/relay"
2020-05-01 05:47:46 +00:00
"git.coolaj86.com/coolaj86/go-telebitd/relay/api"
2020-05-01 06:12:16 +00:00
"git.coolaj86.com/coolaj86/go-telebitd/relay/mplexy"
2020-04-30 10:43:36 +00:00
jwt "github.com/dgrijalva/jwt-go"
"github.com/spf13/viper"
lumberjack "gopkg.in/natefinch/lumberjack.v2"
2020-04-30 10:43:36 +00:00
_ "github.com/joho/godotenv/autoload"
)
2020-05-01 06:12:16 +00:00
var Loginfo = log.Loginfo
var Logdebug = log.Logdebug
func init() {
log.LogFlags = golog.Ldate | golog.Lmicroseconds | golog.Lshortfile
}
var (
logfile = "stdout"
configPath = "./"
2020-04-30 10:43:36 +00:00
configFile = "telebit-relay"
argWssClientListener string
2020-04-30 10:43:36 +00:00
tcpPort int
argServerBinding string
argServerAdminBinding string
argServerExternalBinding string
argDeadTime int
2020-05-01 05:47:46 +00:00
connectionTable *api.Table
2020-04-30 10:43:36 +00:00
secretKey string
2020-04-28 06:26:00 +00:00
wssHostName = "localhost.rootprojects.org"
2020-05-01 07:06:14 +00:00
adminHostName string
idle int
dwell int
cancelcheck int
lbDefaultMethod string
2020-04-30 10:43:36 +00:00
nickname string
)
func init() {
flag.StringVar(&logfile, "log", logfile, "Log file (or stdout/stderr; empty for none)")
flag.StringVar(&configPath, "config-path", configPath, "Configuration File Path")
2020-04-30 10:43:36 +00:00
flag.StringVar(&secretKey, "secret", "", "a >= 16-character random string for JWT key signing")
}
var logoutput io.Writer
//Main -- main entry point
func main() {
flag.Parse()
2020-04-30 10:43:36 +00:00
if "" == secretKey {
secretKey = os.Getenv("TELEBIT_SECRET")
}
if len(secretKey) < 16 {
fmt.Fprintf(os.Stderr, "Invalid secret: %q. See --help for details.\n", secretKey)
os.Exit(1)
}
switch logfile {
case "stdout":
logoutput = os.Stdout
case "stderr":
logoutput = os.Stderr
case "":
logoutput = ioutil.Discard
default:
logoutput = &lumberjack.Logger{
Filename: logfile,
MaxSize: 100,
MaxAge: 120,
MaxBackups: 10,
}
}
// send the output io.Writing to the other packages
2020-05-01 06:12:16 +00:00
log.InitLogging(logoutput)
viper.SetConfigName(configFile)
viper.AddConfigPath(configPath)
viper.AddConfigPath("./")
err := viper.ReadInConfig()
if err != nil {
panic(fmt.Errorf("fatal error config file: %s", err))
}
flag.IntVar(&argDeadTime, "dead-time-counter", 5, "deadtime counter in seconds")
wssHostName = viper.Get("rvpn.wssdomain").(string)
adminHostName = viper.Get("rvpn.admindomain").(string)
2020-04-30 10:43:36 +00:00
tcpPort = viper.GetInt("rvpn.port")
deadtime := viper.Get("rvpn.deadtime").(map[string]interface{})
idle = deadtime["idle"].(int)
dwell = deadtime["dwell"].(int)
cancelcheck = deadtime["cancelcheck"].(int)
lbDefaultMethod = viper.Get("rvpn.loadbalancing.defaultmethod").(string)
2020-04-30 10:43:36 +00:00
nickname = viper.Get("rvpn.serverName").(string)
2020-05-01 06:12:16 +00:00
Loginfo.Println("startup")
ctx, cancelContext := context.WithCancel(context.Background())
defer cancelContext()
2020-05-01 05:47:46 +00:00
serverStatus := api.NewStatus(ctx)
serverStatus.AdminDomain = adminHostName
serverStatus.WssDomain = wssHostName
2020-04-30 10:43:36 +00:00
serverStatus.Name = nickname
2020-05-01 05:47:46 +00:00
serverStatus.DeadTime = api.NewStatusDeadTime(dwell, idle, cancelcheck)
serverStatus.LoadbalanceDefaultMethod = lbDefaultMethod
2020-05-01 05:47:46 +00:00
connectionTable := api.NewTable(dwell, idle, lbDefaultMethod)
2020-04-30 10:43:36 +00:00
tlsConfig := &tls.Config{
GetCertificate: func(*tls.ClientHelloInfo) (*tls.Certificate, error) {
// TODO
// 1. call out to greenlock for validation
// 2. push challenges through http channel
// 3. receive certificates (or don't)
certbundle, err := tls.LoadX509KeyPair("certs/fullchain.pem", "certs/privkey.pem")
if err != nil {
return nil, err
}
return &certbundle, nil
},
}
2020-05-01 06:12:16 +00:00
authorizer := func(r *http.Request) (*mplexy.Authz, error) {
2020-04-30 10:43:36 +00:00
// do we have a valid wss_client?
2020-05-01 05:47:46 +00:00
var tokenString string
if auth := strings.Split(r.Header.Get("Authorization"), " "); len(auth) > 1 {
// TODO handle Basic auth tokens as well
tokenString = auth[1]
}
if "" == tokenString {
tokenString = r.URL.Query().Get("access_token")
}
2020-04-30 10:43:36 +00:00
_, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
return []byte(secretKey), nil
})
2020-05-01 05:47:46 +00:00
if nil != err {
return nil, err
}
2020-05-01 06:12:16 +00:00
authz := &mplexy.Authz{
2020-05-01 05:47:46 +00:00
Domains: []string{
"target.rootprojects.org",
},
}
return authz, err
/*
tokenString := r.URL.Query().Get("access_token")
result, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
return []byte(secretKey), nil
})
if err != nil || !result.Valid {
w.WriteHeader(http.StatusForbidden)
w.Write([]byte("Not Authorized"))
2020-05-01 06:12:16 +00:00
Loginfo.Println("access_token invalid...closing connection")
return
}
// TODO
claims := result.Claims.(jwt.MapClaims)
domains, ok := claims["domains"].([]interface{})
*/
2020-04-30 10:43:36 +00:00
}
2020-04-30 10:43:36 +00:00
r := relay.New(ctx, tlsConfig, authorizer, serverStatus, connectionTable)
r.ListenAndServe(tcpPort)
}