updated to support wss://localhost:8000/ w/jwt validation

- checks validity of the token, and aborts connection if invalid
- displays domains processed contained in token.

.gitignore

@@ -1,2 +1,3 @@
 /go-rvpn-server
+/m
 

README.md

@@ -13,35 +13,31 @@ Run the VPN
 go build && ./go-rvpn-server
 ```
 
-Activate a webbrowser:  https://127.0.0.1:8000/
-
-Open Dev Console
-
-Hit the Start WebSocket --> should turn "Green"
-
-Put some test in the send, and hit the send button.
-
-* observe java console, every 'this is a test' coming from the vpn to client...
-* observe terminal console when pressing "send".
-
+In another terminal execute the client
+``` bash
+bin/stunnel.js --locals http:hfc.daplie.me:3000,http://test.hfc.daplie.me:3001 --stunneld wss://localhost.daplie.me:8000 --secret abc123
 ```
-INFO: 2017/02/01 21:22:49 connection_table.go:23: register fired
-INFO: 2017/02/01 21:22:49 connection_table.go:27: &{0xc420120040 0xc420163cc0 0xc4201254a0 [::1]:61392 false 0 0}
-INFO: 2017/02/01 21:22:49 connection.go:71: activate timer &{0xc42027ec00 {2 1486005774583377390 5000000000 0xcf900 0xc42027ec00 0}}
-INFO: 2017/02/01 21:22:49 connection.go:96: activate timer &{0xc420125500 {0 1486005774583361223 5000000000 0xcf900 0xc420125500 0}}
-INFO: 2017/02/01 21:22:53 connection.go:62: [97 115 100 102 97 115 100 102 97 115 100 102 97 115 100 102]
-INFO: 2017/02/01 21:22:53 connection.go:65: &{0xc420120040 0xc420163cc0 0xc4201254a0 [::1]:61392 false 16 0}
-INFO: 2017/02/01 21:22:54 connection.go:103: Dwell Activated
-INFO: 2017/02/01 21:22:56 connection.go:62: [97 115 100 102 97 115 100 102 97 115 100 102 97 115 100 102]
-INFO: 2017/02/01 21:22:56 connection.go:65: &{0xc420120040 0xc420163cc0 0xc4201254a0 [::1]:61392 false 32 14}
-INFO: 2017/02/01 21:22:58 connection.go:62: [97 115 100 102 97 115 100 102 97 115 100 102 97 115 100 102]
-INFO: 2017/02/01 21:22:58 connection.go:65: &{0xc420120040 0xc420163cc0 0xc4201254a0 [::1]:61392 false 48 14}
-INFO: 2017/02/01 21:22:59 connection.go:103: Dwell Activated
+
+A good authentication
+```
+INFO: 2017/02/02 21:22:22 vpn-server.go:88: startup
+INFO: 2017/02/02 21:22:22 vpn-server.go:90: :8000
+INFO: 2017/02/02 21:22:22 vpn-server.go:73: starting Listener
+INFO: 2017/02/02 21:22:22 connection_table.go:19: ConnectionTable starting
+INFO: 2017/02/02 21:22:24 connection.go:113: websocket opening  127.0.0.1:55469
+INFO: 2017/02/02 21:22:24 connection.go:127: access_token valid
+INFO: 2017/02/02 21:22:24 connection.go:130: processing domains [hfc.daplie.me test.hfc.daplie.me]
 ```
-The last two numbers after false are bytes read, bytes written.
-
-
 
+Change the key on the command client to test a valid secret
+``` bash
+INFO: 2017/02/02 21:24:13 vpn-server.go:88: startup
+INFO: 2017/02/02 21:24:13 vpn-server.go:90: :8000
+INFO: 2017/02/02 21:24:13 vpn-server.go:73: starting Listener
+INFO: 2017/02/02 21:24:13 connection_table.go:19: ConnectionTable starting
+INFO: 2017/02/02 21:24:15 connection.go:113: websocket opening  127.0.0.1:55487
+INFO: 2017/02/02 21:24:15 connection.go:123: access_token invalid...closing connection
+```
 
 A Poor Man's Reverse VPN written in Go
 

connection.go

@@ -1,11 +1,13 @@
 package main
 
 import (
+	"encoding/hex"
 	"log"
 	"net/http"
 
 	"time"
 
+	"github.com/dgrijalva/jwt-go"
 	"github.com/gorilla/websocket"
 )
 
@@ -59,7 +61,7 @@ func (c *Connection) reader() {
 			}
 			break
 		}
-		loginfo.Println(message)
+		loginfo.Println(hex.Dump(message))
 		c.addIn(int64(len(message)))
 
 		loginfo.Println(c)
@@ -110,6 +112,23 @@ func (c *Connection) sender() {
 func handleConnectionWebSocket(connectionTable *ConnectionTable, w http.ResponseWriter, r *http.Request, admin bool) {
 	loginfo.Println("websocket opening ", r.RemoteAddr)
 
+	tokenString := r.URL.Query().Get("access_token")
+	result, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
+		return []byte(secretKey), nil
+	})
+
+	if err != nil || !result.Valid {
+		w.WriteHeader(http.StatusForbidden)
+		w.Write([]byte("Not Authorized"))
+		loginfo.Println("access_token invalid...closing connection")
+		return
+	}
+
+	loginfo.Println("access_token valid")
+
+	claims := result.Claims.(jwt.MapClaims)
+	loginfo.Println("processing domains", claims["domains"])
+
 	if admin == true {
 		loginfo.Println("Recognized Admin connection, waiting authentication")
 	} else {
@@ -124,6 +143,6 @@ func handleConnectionWebSocket(connectionTable *ConnectionTable, w http.Response
 	connection := &Connection{connectionTable: connectionTable, conn: conn, send: make(chan []byte, 256), source: r.RemoteAddr, admin: admin}
 	connection.connectionTable.register <- connection
 	go connection.writer()
-	go connection.sender()
+	//go connection.sender()
 	connection.reader()
 }

vpn-server.go

@@ -31,6 +31,7 @@ var (
 	logFlags        = log.Ldate | log.Ltime | log.Lshortfile
 	argServerPort   = flag.String("server-port", ":8000", "serverPort listener")
 	connectionTable *ConnectionTable
+	secretKey       = "abc123"
 )
 
 func logInit(infoHandle io.Writer) {
@@ -47,8 +48,9 @@ handlerServeContent -- Handles generic URI paths /
 func handlerServeContent(w http.ResponseWriter, r *http.Request) {
 	switch url := r.URL.Path; url {
 	case "/":
-		w.Header().Set("Content-Type", "text/html; charset=utf-8")
-		template.Must(template.ParseFiles("html/client.html")).Execute(w, r.Host)
+		handleConnectionWebSocket(connectionTable, w, r, false)
+		//w.Header().Set("Content-Type", "text/html; charset=utf-8")
+		//template.Must(template.ParseFiles("html/client.html")).Execute(w, r.Host)
 
 	case "/admin":
 		w.Header().Set("Content-Type", "text/html; charset=utf-8")