diff --git a/cmd/telebitd/telebitd.go b/cmd/telebitd/telebitd.go index 059ff87..ff3f1a4 100644 --- a/cmd/telebitd/telebitd.go +++ b/cmd/telebitd/telebitd.go @@ -144,6 +144,24 @@ func main() { return []byte(secretKey), nil }) return nil, err + + /* + tokenString := r.URL.Query().Get("access_token") + result, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) { + return []byte(secretKey), nil + }) + + if err != nil || !result.Valid { + w.WriteHeader(http.StatusForbidden) + w.Write([]byte("Not Authorized")) + loginfo.Println("access_token invalid...closing connection") + return + } + + // TODO + claims := result.Claims.(jwt.MapClaims) + domains, ok := claims["domains"].([]interface{}) + */ } r := relay.New(ctx, tlsConfig, authorizer, serverStatus, connectionTable) diff --git a/go.mod b/go.mod index d0dcbe5..d3e07e6 100644 --- a/go.mod +++ b/go.mod @@ -9,5 +9,6 @@ require ( github.com/joho/godotenv v1.3.0 github.com/spf13/pflag v1.0.5 github.com/spf13/viper v1.6.3 + golang.org/x/sys v0.0.0-20190412213103-97732733099d // indirect gopkg.in/natefinch/lumberjack.v2 v2.0.0 ) diff --git a/go.sum b/go.sum index 104c871..a9239eb 100644 --- a/go.sum +++ b/go.sum @@ -130,6 +130,7 @@ golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190522155817-f3200d17e092 h1:4QSRKanuywn15aTZvI/mIDEgPQpswuFndXpOj3rKEco= golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -141,12 +142,15 @@ golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a h1:1BGLXjeY4akVXGgbC9HugT3Jv3hCI0z56oJR5vAMgBU= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190328211700-ab21143f2384 h1:TFlARGu6Czu1z7q93HTxcP1P+/ZFC/IKythI5RzrnRg= golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= diff --git a/server/connection.go b/server/connection.go index 612ca4a..3ad0937 100755 --- a/server/connection.go +++ b/server/connection.go @@ -56,7 +56,7 @@ type Connection struct { lastUpdate time.Time //initialDomains - a list of domains from the JWT - initialDomains []interface{} + initialDomains []string connectionTrack *Tracking @@ -69,7 +69,7 @@ type Connection struct { //NewConnection -- Constructor func NewConnection(connectionTable *Table, conn *websocket.Conn, remoteAddress string, - initialDomains []interface{}, connectionTrack *Tracking, serverName string) (p *Connection) { + initialDomains []string, connectionTrack *Tracking, serverName string) (p *Connection) { connectionID = connectionID + 1 p = new(Connection) @@ -89,7 +89,7 @@ func NewConnection(connectionTable *Table, conn *websocket.Conn, remoteAddress s p.lastUpdate = time.Now() for _, domain := range initialDomains { - p.AddTrackedDomain(string(domain.(string))) + p.AddTrackedDomain(domain) } p.SetState(true) @@ -115,7 +115,7 @@ func (c *Connection) SetServerName(serverName string) { } //InitialDomains -- Property -func (c *Connection) InitialDomains() []interface{} { +func (c *Connection) InitialDomains() []string { return c.initialDomains } diff --git a/server/connection_registration.go b/server/connection_registration.go index 1d5f373..bd51dc0 100644 --- a/server/connection_registration.go +++ b/server/connection_registration.go @@ -21,13 +21,13 @@ type Registration struct { commCh chan bool //initialDomains - a list of domains from the JWT - initialDomains []interface{} + initialDomains []string connectionTrack *Tracking } //NewRegistration -- Constructor -func NewRegistration(conn *websocket.Conn, remoteAddress string, initialDomains []interface{}, connectionTrack *Tracking, serverName string) (p *Registration) { +func NewRegistration(conn *websocket.Conn, remoteAddress string, initialDomains []string, connectionTrack *Tracking, serverName string) (p *Registration) { p = new(Registration) p.conn = conn p.source = remoteAddress diff --git a/server/connection_table.go b/server/connection_table.go index c8d552e..9777711 100755 --- a/server/connection_table.go +++ b/server/connection_table.go @@ -114,7 +114,7 @@ func (c *Table) Run(ctx context.Context) { for _, domain := range connection.initialDomains { // add to the domains regirstation - newDomain := string(domain.(string)) + newDomain := domain loginfo.Println("adding domain ", newDomain, " to connection ", connection.conn.RemoteAddr().String()) //check to see if domain is already present. diff --git a/server/listener_generic.go b/server/listener_generic.go index 7aadb37..a478005 100644 --- a/server/listener_generic.go +++ b/server/listener_generic.go @@ -14,7 +14,6 @@ import ( "strings" "time" - "github.com/dgrijalva/jwt-go" "github.com/gorilla/mux" "github.com/gorilla/websocket" @@ -27,7 +26,6 @@ type contextKey string //CtxConnectionTrack const ( - ctxSecretKey contextKey = "secretKey" ctxServerStatus contextKey = "serverstatus" //ctxConnectionTable contextKey = "connectionTable" @@ -280,7 +278,7 @@ func (mx *MPlexy) handleStream(ctx context.Context, wConn *WedgeConn) { if err == nil { loginfo.Println("Valid WSS dected...sending to handler") oneConn := &oneConnListener{wConn} - handleWssClient(ctx, oneConn) + mx.handleWssClient(ctx, oneConn) //do we have a invalid domain indicating Admin? //if yes, prep the oneConn and send it to the handler @@ -369,8 +367,7 @@ func handleExternalHTTPRequest(ctx context.Context, extConn *WedgeConn, hostname //handleWssClient - // - expecting an existing oneConnListener with a qualified wss client connected. // - auth will happen again since we were just peeking at the token. -func handleWssClient(ctx context.Context, oneConn *oneConnListener) { - secretKey := ctx.Value(ctxSecretKey).(string) +func (mx *MPlexy) handleWssClient(ctx context.Context, oneConn *oneConnListener) { serverStatus := ctx.Value(ctxServerStatus).(*Status) //connectionTable := ctx.Value(ctxConnectionTable).(*Table) @@ -382,21 +379,7 @@ func handleWssClient(ctx context.Context, oneConn *oneConnListener) { case "/": loginfo.Println("websocket opening ", r.RemoteAddr, " ", r.Host) - tokenString := r.URL.Query().Get("access_token") - result, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) { - return []byte(secretKey), nil - }) - - if err != nil || !result.Valid { - w.WriteHeader(http.StatusForbidden) - w.Write([]byte("Not Authorized")) - loginfo.Println("access_token invalid...closing connection") - return - } - - claims := result.Claims.(jwt.MapClaims) - domains, ok := claims["domains"].([]interface{}) - + authz, err := mx.authorize(r) var upgrader = websocket.Upgrader{ ReadBufferSize: 65535, WriteBufferSize: 65535, @@ -410,13 +393,12 @@ func handleWssClient(ctx context.Context, oneConn *oneConnListener) { loginfo.Println("before connection table") - serverName := domains[0].(string) + serverName := authz.Domains[0] - newRegistration := NewRegistration(conn, r.RemoteAddr, domains, serverStatus.ConnectionTracking, serverName) + newRegistration := NewRegistration(conn, r.RemoteAddr, authz.Domains, serverStatus.ConnectionTracking, serverName) serverStatus.WSSConnectionRegister(newRegistration) - ok = <-newRegistration.CommCh() - if !ok { + if ok := <-newRegistration.CommCh(); !ok { loginfo.Println("connection registration failed ", newRegistration) return } diff --git a/server/manager.go b/server/manager.go index 7fbf9e8..61e6d9a 100644 --- a/server/manager.go +++ b/server/manager.go @@ -21,6 +21,7 @@ type ListenerRegistrationStatus int // # bandwith cap per time period (i.e. 100 MB / hour) // # throttled rate (i.e. 0 (kill), or 1 mbps) type Authz struct { + Domains []string } // Authorizer is called when a new client connects and we need to know something about it