support .env, improve authorization hooks, other updates

2020-04-30 05:11:03 -06:00 · 2020-04-30 05:11:03 -06:00 · 787b83b84a
parent e740d2ca0f
commit 787b83b84a
8 changed files with 37 additions and 31 deletions
--- a/cmd/telebitd/telebitd.go
+++ b/cmd/telebitd/telebitd.go
@ -144,6 +144,24 @@ func main() {
 			return []byte(secretKey), nil
 		})
 		return nil, err
+
+		/*
+			tokenString := r.URL.Query().Get("access_token")
+			result, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
+				return []byte(secretKey), nil
+			})
+
+			if err != nil || !result.Valid {
+				w.WriteHeader(http.StatusForbidden)
+				w.Write([]byte("Not Authorized"))
+				loginfo.Println("access_token invalid...closing connection")
+				return
+			}
+
+			// TODO
+			claims := result.Claims.(jwt.MapClaims)
+			domains, ok := claims["domains"].([]interface{})
+		*/
 	}

 	r := relay.New(ctx, tlsConfig, authorizer, serverStatus, connectionTable)
--- a/go.mod
+++ b/go.mod
@ -9,5 +9,6 @@ require (
 	github.com/joho/godotenv v1.3.0
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.6.3
+	golang.org/x/sys v0.0.0-20190412213103-97732733099d // indirect
 	gopkg.in/natefinch/lumberjack.v2 v2.0.0
 )
--- a/go.sum
+++ b/go.sum
@ -130,6 +130,7 @@ golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73r
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190522155817-f3200d17e092 h1:4QSRKanuywn15aTZvI/mIDEgPQpswuFndXpOj3rKEco=
 golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@ -141,12 +142,15 @@ golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a h1:1BGLXjeY4akVXGgbC9HugT3Jv3hCI0z56oJR5vAMgBU=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190328211700-ab21143f2384 h1:TFlARGu6Czu1z7q93HTxcP1P+/ZFC/IKythI5RzrnRg=
 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
--- a/server/connection.go
+++ b/server/connection.go
@ -56,7 +56,7 @@ type Connection struct {
 	lastUpdate time.Time

 	//initialDomains - a list of domains from the JWT
-	initialDomains []interface{}
+	initialDomains []string

 	connectionTrack *Tracking

@ -69,7 +69,7 @@ type Connection struct {

 //NewConnection -- Constructor
 func NewConnection(connectionTable *Table, conn *websocket.Conn, remoteAddress string,
-	initialDomains []interface{}, connectionTrack *Tracking, serverName string) (p *Connection) {
+	initialDomains []string, connectionTrack *Tracking, serverName string) (p *Connection) {
 	connectionID = connectionID + 1

 	p = new(Connection)
@ -89,7 +89,7 @@ func NewConnection(connectionTable *Table, conn *websocket.Conn, remoteAddress s
 	p.lastUpdate = time.Now()

 	for _, domain := range initialDomains {
-		p.AddTrackedDomain(string(domain.(string)))
+		p.AddTrackedDomain(domain)
 	}

 	p.SetState(true)
@ -115,7 +115,7 @@ func (c *Connection) SetServerName(serverName string) {
 }

 //InitialDomains -- Property
-func (c *Connection) InitialDomains() []interface{} {
+func (c *Connection) InitialDomains() []string {
 	return c.initialDomains
 }

--- a/server/connection_registration.go
+++ b/server/connection_registration.go
@ -21,13 +21,13 @@ type Registration struct {
 	commCh chan bool

 	//initialDomains - a list of domains from the JWT
-	initialDomains []interface{}
+	initialDomains []string

 	connectionTrack *Tracking
 }

 //NewRegistration -- Constructor
-func NewRegistration(conn *websocket.Conn, remoteAddress string, initialDomains []interface{}, connectionTrack *Tracking, serverName string) (p *Registration) {
+func NewRegistration(conn *websocket.Conn, remoteAddress string, initialDomains []string, connectionTrack *Tracking, serverName string) (p *Registration) {
 	p = new(Registration)
 	p.conn = conn
 	p.source = remoteAddress
--- a/server/connection_table.go
+++ b/server/connection_table.go
@ -114,7 +114,7 @@ func (c *Table) Run(ctx context.Context) {
 			for _, domain := range connection.initialDomains {
 				// add to the domains regirstation

-				newDomain := string(domain.(string))
+				newDomain := domain
 				loginfo.Println("adding domain ", newDomain, " to connection ", connection.conn.RemoteAddr().String())

 				//check to see if domain is already present.
--- a/server/listener_generic.go
+++ b/server/listener_generic.go
@ -14,7 +14,6 @@ import (
 	"strings"
 	"time"

-	"github.com/dgrijalva/jwt-go"
 	"github.com/gorilla/mux"
 	"github.com/gorilla/websocket"

@ -27,7 +26,6 @@ type contextKey string

 //CtxConnectionTrack
 const (
-	ctxSecretKey    contextKey = "secretKey"
 	ctxServerStatus contextKey = "serverstatus"

 	//ctxConnectionTable          contextKey = "connectionTable"
@ -280,7 +278,7 @@ func (mx *MPlexy) handleStream(ctx context.Context, wConn *WedgeConn) {
 	if err == nil {
 		loginfo.Println("Valid WSS dected...sending to handler")
 		oneConn := &oneConnListener{wConn}
-		handleWssClient(ctx, oneConn)
+		mx.handleWssClient(ctx, oneConn)

 		//do we have a invalid domain indicating Admin?
 		//if yes, prep the oneConn and send it to the handler
@ -369,8 +367,7 @@ func handleExternalHTTPRequest(ctx context.Context, extConn *WedgeConn, hostname
 //handleWssClient -
 // - expecting an existing oneConnListener with a qualified wss client connected.
 // - auth will happen again since we were just peeking at the token.
-func handleWssClient(ctx context.Context, oneConn *oneConnListener) {
-	secretKey := ctx.Value(ctxSecretKey).(string)
+func (mx *MPlexy) handleWssClient(ctx context.Context, oneConn *oneConnListener) {
 	serverStatus := ctx.Value(ctxServerStatus).(*Status)

 	//connectionTable := ctx.Value(ctxConnectionTable).(*Table)
@ -382,21 +379,7 @@ func handleWssClient(ctx context.Context, oneConn *oneConnListener) {
 		case "/":
 			loginfo.Println("websocket opening ", r.RemoteAddr, " ", r.Host)

-			tokenString := r.URL.Query().Get("access_token")
-			result, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
-				return []byte(secretKey), nil
-			})
-
-			if err != nil || !result.Valid {
-				w.WriteHeader(http.StatusForbidden)
-				w.Write([]byte("Not Authorized"))
-				loginfo.Println("access_token invalid...closing connection")
-				return
-			}
-
-			claims := result.Claims.(jwt.MapClaims)
-			domains, ok := claims["domains"].([]interface{})
-
+			authz, err := mx.authorize(r)
 			var upgrader = websocket.Upgrader{
 				ReadBufferSize:  65535,
 				WriteBufferSize: 65535,
@ -410,13 +393,12 @@ func handleWssClient(ctx context.Context, oneConn *oneConnListener) {

 			loginfo.Println("before connection table")

-			serverName := domains[0].(string)
+			serverName := authz.Domains[0]

-			newRegistration := NewRegistration(conn, r.RemoteAddr, domains, serverStatus.ConnectionTracking, serverName)
+			newRegistration := NewRegistration(conn, r.RemoteAddr, authz.Domains, serverStatus.ConnectionTracking, serverName)
 			serverStatus.WSSConnectionRegister(newRegistration)

-			ok = <-newRegistration.CommCh()
-			if !ok {
+			if ok := <-newRegistration.CommCh(); !ok {
 				loginfo.Println("connection registration failed ", newRegistration)
 				return
 			}
--- a/server/manager.go
+++ b/server/manager.go
@ -21,6 +21,7 @@ type ListenerRegistrationStatus int
 // # bandwith cap per time period (i.e. 100 MB / hour)
 // # throttled rate (i.e. 0 (kill), or 1 mbps)
 type Authz struct {
+	Domains []string
 }

 // Authorizer is called when a new client connects and we need to know something about it