From b8a7c9e481d4629ceaefd355efc99932ff89aa0b Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Tue, 28 Apr 2020 01:16:16 -0600 Subject: [PATCH] make admin domain more configurable --- cmd/telebitd/telebitd.go | 3 ++- rvpn/server/api_interface.go | 3 ++- rvpn/server/listener_generic.go | 7 ++++--- telebit.go | 5 +++++ tools/tools.go | 4 ++++ 5 files changed, 17 insertions(+), 5 deletions(-) create mode 100644 telebit.go create mode 100644 tools/tools.go diff --git a/cmd/telebitd/telebitd.go b/cmd/telebitd/telebitd.go index 9f87051..4a920b5 100644 --- a/cmd/telebitd/telebitd.go +++ b/cmd/telebitd/telebitd.go @@ -14,6 +14,7 @@ import ( "github.com/spf13/viper" lumberjack "gopkg.in/natefinch/lumberjack.v2" + telebit "git.coolaj86.com/coolaj86/go-telebitd" "git.coolaj86.com/coolaj86/go-telebitd/rvpn/server" ) @@ -34,7 +35,7 @@ var ( connectionTable *server.Table secretKey = "abc123" wssHostName = "localhost.rootprojects.org" - adminHostName = "rvpn.rootprojects.invalid" + adminHostName = telebit.InvalidAdminDomain idle int dwell int cancelcheck int diff --git a/rvpn/server/api_interface.go b/rvpn/server/api_interface.go index fdab4e8..5b69f0a 100644 --- a/rvpn/server/api_interface.go +++ b/rvpn/server/api_interface.go @@ -9,6 +9,7 @@ import ( "github.com/gorilla/mux" + telebit "git.coolaj86.com/coolaj86/go-telebitd" "git.coolaj86.com/coolaj86/go-telebitd/rvpn/envelope" ) @@ -40,7 +41,7 @@ func handleAdminClient(ctx context.Context, oneConn *oneConnListener) { switch url := r.URL.Path; url { case "/": // check to see if we are using the administrative Host - if strings.Contains(r.Host, "rvpn.rootprojects.invalid") { + if strings.Contains(r.Host, telebit.InvalidAdminDomain) { http.Redirect(w, r, "/admin", 301) serverStatus.AdminStats.IncResponses() diff --git a/rvpn/server/listener_generic.go b/rvpn/server/listener_generic.go index ea44cca..a680061 100644 --- a/rvpn/server/listener_generic.go +++ b/rvpn/server/listener_generic.go @@ -17,6 +17,7 @@ import ( "github.com/gorilla/mux" "github.com/gorilla/websocket" + telebit "git.coolaj86.com/coolaj86/go-telebitd" "git.coolaj86.com/coolaj86/go-telebitd/rvpn/packer" "git.coolaj86.com/coolaj86/go-telebitd/rvpn/sni" ) @@ -233,11 +234,11 @@ func handleStream(ctx context.Context, wConn *WedgeConn) { if bytes.Contains(peek[:], []byte{0x0d, 0x0a}) { //string protocol if bytes.ContainsAny(peek[:], "HTTP/") { - loginfo.Println("identifed HTTP") + loginfo.Println("identified HTTP") r, err := http.ReadRequest(bufio.NewReader(bytes.NewReader(peek))) if err != nil { - loginfo.Println("identifed as HTTP, failed request parsing", err) + loginfo.Println("identified as HTTP, failed request parsing", err) return } @@ -255,7 +256,7 @@ func handleStream(ctx context.Context, wConn *WedgeConn) { //do we have a invalid domain indicating Admin? //if yes, prep the oneConn and send it to the handler - } else if strings.Contains(r.Host, "rvpn.rootprojects.invalid") { + } else if strings.Contains(r.Host, telebit.InvalidAdminDomain) { loginfo.Println("admin") oneConn := &oneConnListener{wConn} handleAdminClient(ctx, oneConn) diff --git a/telebit.go b/telebit.go new file mode 100644 index 0000000..26ced0b --- /dev/null +++ b/telebit.go @@ -0,0 +1,5 @@ +package telebit + +// InvalidAdminDomain is a domain that can only be accessed by Domain Fronting +// (i.e. trixy clients sending fake headers), not browsers +var InvalidAdminDomain = "rvpn.rootprojects.invalid" diff --git a/tools/tools.go b/tools/tools.go new file mode 100644 index 0000000..c4508fa --- /dev/null +++ b/tools/tools.go @@ -0,0 +1,4 @@ +//+build tools + +// tools is a faux package for tracking dependencies that don't make it into the code +package tools