make admin domain more configurable

2020-04-28 01:16:16 -06:00 · 2020-04-28 01:16:16 -06:00 · b8a7c9e481
parent 880da4d685
commit b8a7c9e481
5 changed files with 17 additions and 5 deletions
--- a/cmd/telebitd/telebitd.go
+++ b/cmd/telebitd/telebitd.go
@ -14,6 +14,7 @@ import (
 	"github.com/spf13/viper"
 	lumberjack "gopkg.in/natefinch/lumberjack.v2"

+	telebit "git.coolaj86.com/coolaj86/go-telebitd"
 	"git.coolaj86.com/coolaj86/go-telebitd/rvpn/server"
 )

@ -34,7 +35,7 @@ var (
 	connectionTable          *server.Table
 	secretKey                = "abc123"
 	wssHostName              = "localhost.rootprojects.org"
-	adminHostName            = "rvpn.rootprojects.invalid"
+	adminHostName            = telebit.InvalidAdminDomain
 	idle                     int
 	dwell                    int
 	cancelcheck              int
--- a/rvpn/server/api_interface.go
+++ b/rvpn/server/api_interface.go
@ -9,6 +9,7 @@ import (

 	"github.com/gorilla/mux"

+	telebit "git.coolaj86.com/coolaj86/go-telebitd"
 	"git.coolaj86.com/coolaj86/go-telebitd/rvpn/envelope"
 )

@ -40,7 +41,7 @@ func handleAdminClient(ctx context.Context, oneConn *oneConnListener) {
 		switch url := r.URL.Path; url {
 		case "/":
 			// check to see if we are using the administrative Host
-			if strings.Contains(r.Host, "rvpn.rootprojects.invalid") {
+			if strings.Contains(r.Host, telebit.InvalidAdminDomain) {
 				http.Redirect(w, r, "/admin", 301)
 				serverStatus.AdminStats.IncResponses()

--- a/rvpn/server/listener_generic.go
+++ b/rvpn/server/listener_generic.go
@ -17,6 +17,7 @@ import (
 	"github.com/gorilla/mux"
 	"github.com/gorilla/websocket"

+	telebit "git.coolaj86.com/coolaj86/go-telebitd"
 	"git.coolaj86.com/coolaj86/go-telebitd/rvpn/packer"
 	"git.coolaj86.com/coolaj86/go-telebitd/rvpn/sni"
 )
@ -233,11 +234,11 @@ func handleStream(ctx context.Context, wConn *WedgeConn) {
 	if bytes.Contains(peek[:], []byte{0x0d, 0x0a}) {
 		//string protocol
 		if bytes.ContainsAny(peek[:], "HTTP/") {
-			loginfo.Println("identifed HTTP")
+			loginfo.Println("identified HTTP")

 			r, err := http.ReadRequest(bufio.NewReader(bytes.NewReader(peek)))
 			if err != nil {
-				loginfo.Println("identifed as HTTP, failed request parsing", err)
+				loginfo.Println("identified as HTTP, failed request parsing", err)
 				return
 			}

@ -255,7 +256,7 @@ func handleStream(ctx context.Context, wConn *WedgeConn) {

 				//do we have a invalid domain indicating Admin?
 				//if yes, prep the oneConn and send it to the handler
-			} else if strings.Contains(r.Host, "rvpn.rootprojects.invalid") {
+			} else if strings.Contains(r.Host, telebit.InvalidAdminDomain) {
 				loginfo.Println("admin")
 				oneConn := &oneConnListener{wConn}
 				handleAdminClient(ctx, oneConn)
--- a/telebit.go
+++ b/telebit.go
@ -0,0 +1,5 @@
+package telebit
+
+// InvalidAdminDomain is a domain that can only be accessed by Domain Fronting
+// (i.e. trixy clients sending fake headers), not browsers
+var InvalidAdminDomain = "rvpn.rootprojects.invalid"
--- a/tools/tools.go
+++ b/tools/tools.go
@ -0,0 +1,4 @@
+//+build tools
+
+// tools is a faux package for tracking dependencies that don't make it into the code
+package tools