updated to support wss://localhost:8000/ w/jwt validation
- checks validity of the token, and aborts connection if invalid - displays domains processed contained in token.
This commit is contained in:
parent
d3747c809a
commit
c781b64cb7
|
@ -1,2 +1,3 @@
|
|||
/go-rvpn-server
|
||||
/m
|
||||
|
||||
|
|
48
README.md
48
README.md
|
@ -13,35 +13,31 @@ Run the VPN
|
|||
go build && ./go-rvpn-server
|
||||
```
|
||||
|
||||
Activate a webbrowser: https://127.0.0.1:8000/
|
||||
|
||||
Open Dev Console
|
||||
|
||||
Hit the Start WebSocket --> should turn "Green"
|
||||
|
||||
Put some test in the send, and hit the send button.
|
||||
|
||||
* observe java console, every 'this is a test' coming from the vpn to client...
|
||||
* observe terminal console when pressing "send".
|
||||
|
||||
In another terminal execute the client
|
||||
``` bash
|
||||
bin/stunnel.js --locals http:hfc.daplie.me:3000,http://test.hfc.daplie.me:3001 --stunneld wss://localhost.daplie.me:8000 --secret abc123
|
||||
```
|
||||
INFO: 2017/02/01 21:22:49 connection_table.go:23: register fired
|
||||
INFO: 2017/02/01 21:22:49 connection_table.go:27: &{0xc420120040 0xc420163cc0 0xc4201254a0 [::1]:61392 false 0 0}
|
||||
INFO: 2017/02/01 21:22:49 connection.go:71: activate timer &{0xc42027ec00 {2 1486005774583377390 5000000000 0xcf900 0xc42027ec00 0}}
|
||||
INFO: 2017/02/01 21:22:49 connection.go:96: activate timer &{0xc420125500 {0 1486005774583361223 5000000000 0xcf900 0xc420125500 0}}
|
||||
INFO: 2017/02/01 21:22:53 connection.go:62: [97 115 100 102 97 115 100 102 97 115 100 102 97 115 100 102]
|
||||
INFO: 2017/02/01 21:22:53 connection.go:65: &{0xc420120040 0xc420163cc0 0xc4201254a0 [::1]:61392 false 16 0}
|
||||
INFO: 2017/02/01 21:22:54 connection.go:103: Dwell Activated
|
||||
INFO: 2017/02/01 21:22:56 connection.go:62: [97 115 100 102 97 115 100 102 97 115 100 102 97 115 100 102]
|
||||
INFO: 2017/02/01 21:22:56 connection.go:65: &{0xc420120040 0xc420163cc0 0xc4201254a0 [::1]:61392 false 32 14}
|
||||
INFO: 2017/02/01 21:22:58 connection.go:62: [97 115 100 102 97 115 100 102 97 115 100 102 97 115 100 102]
|
||||
INFO: 2017/02/01 21:22:58 connection.go:65: &{0xc420120040 0xc420163cc0 0xc4201254a0 [::1]:61392 false 48 14}
|
||||
INFO: 2017/02/01 21:22:59 connection.go:103: Dwell Activated
|
||||
|
||||
A good authentication
|
||||
```
|
||||
INFO: 2017/02/02 21:22:22 vpn-server.go:88: startup
|
||||
INFO: 2017/02/02 21:22:22 vpn-server.go:90: :8000
|
||||
INFO: 2017/02/02 21:22:22 vpn-server.go:73: starting Listener
|
||||
INFO: 2017/02/02 21:22:22 connection_table.go:19: ConnectionTable starting
|
||||
INFO: 2017/02/02 21:22:24 connection.go:113: websocket opening 127.0.0.1:55469
|
||||
INFO: 2017/02/02 21:22:24 connection.go:127: access_token valid
|
||||
INFO: 2017/02/02 21:22:24 connection.go:130: processing domains [hfc.daplie.me test.hfc.daplie.me]
|
||||
```
|
||||
The last two numbers after false are bytes read, bytes written.
|
||||
|
||||
|
||||
|
||||
Change the key on the command client to test a valid secret
|
||||
``` bash
|
||||
INFO: 2017/02/02 21:24:13 vpn-server.go:88: startup
|
||||
INFO: 2017/02/02 21:24:13 vpn-server.go:90: :8000
|
||||
INFO: 2017/02/02 21:24:13 vpn-server.go:73: starting Listener
|
||||
INFO: 2017/02/02 21:24:13 connection_table.go:19: ConnectionTable starting
|
||||
INFO: 2017/02/02 21:24:15 connection.go:113: websocket opening 127.0.0.1:55487
|
||||
INFO: 2017/02/02 21:24:15 connection.go:123: access_token invalid...closing connection
|
||||
```
|
||||
|
||||
A Poor Man's Reverse VPN written in Go
|
||||
|
||||
|
|
|
@ -1,11 +1,13 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"encoding/hex"
|
||||
"log"
|
||||
"net/http"
|
||||
|
||||
"time"
|
||||
|
||||
"github.com/dgrijalva/jwt-go"
|
||||
"github.com/gorilla/websocket"
|
||||
)
|
||||
|
||||
|
@ -59,7 +61,7 @@ func (c *Connection) reader() {
|
|||
}
|
||||
break
|
||||
}
|
||||
loginfo.Println(message)
|
||||
loginfo.Println(hex.Dump(message))
|
||||
c.addIn(int64(len(message)))
|
||||
|
||||
loginfo.Println(c)
|
||||
|
@ -110,6 +112,23 @@ func (c *Connection) sender() {
|
|||
func handleConnectionWebSocket(connectionTable *ConnectionTable, w http.ResponseWriter, r *http.Request, admin bool) {
|
||||
loginfo.Println("websocket opening ", r.RemoteAddr)
|
||||
|
||||
tokenString := r.URL.Query().Get("access_token")
|
||||
result, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
|
||||
return []byte(secretKey), nil
|
||||
})
|
||||
|
||||
if err != nil || !result.Valid {
|
||||
w.WriteHeader(http.StatusForbidden)
|
||||
w.Write([]byte("Not Authorized"))
|
||||
loginfo.Println("access_token invalid...closing connection")
|
||||
return
|
||||
}
|
||||
|
||||
loginfo.Println("access_token valid")
|
||||
|
||||
claims := result.Claims.(jwt.MapClaims)
|
||||
loginfo.Println("processing domains", claims["domains"])
|
||||
|
||||
if admin == true {
|
||||
loginfo.Println("Recognized Admin connection, waiting authentication")
|
||||
} else {
|
||||
|
@ -124,6 +143,6 @@ func handleConnectionWebSocket(connectionTable *ConnectionTable, w http.Response
|
|||
connection := &Connection{connectionTable: connectionTable, conn: conn, send: make(chan []byte, 256), source: r.RemoteAddr, admin: admin}
|
||||
connection.connectionTable.register <- connection
|
||||
go connection.writer()
|
||||
go connection.sender()
|
||||
//go connection.sender()
|
||||
connection.reader()
|
||||
}
|
||||
|
|
|
@ -31,6 +31,7 @@ var (
|
|||
logFlags = log.Ldate | log.Ltime | log.Lshortfile
|
||||
argServerPort = flag.String("server-port", ":8000", "serverPort listener")
|
||||
connectionTable *ConnectionTable
|
||||
secretKey = "abc123"
|
||||
)
|
||||
|
||||
func logInit(infoHandle io.Writer) {
|
||||
|
@ -47,8 +48,9 @@ handlerServeContent -- Handles generic URI paths /
|
|||
func handlerServeContent(w http.ResponseWriter, r *http.Request) {
|
||||
switch url := r.URL.Path; url {
|
||||
case "/":
|
||||
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
||||
template.Must(template.ParseFiles("html/client.html")).Execute(w, r.Host)
|
||||
handleConnectionWebSocket(connectionTable, w, r, false)
|
||||
//w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
||||
//template.Must(template.ParseFiles("html/client.html")).Execute(w, r.Host)
|
||||
|
||||
case "/admin":
|
||||
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
||||
|
|
Loading…
Reference in New Issue