diff --git a/.gitignore b/.gitignore index 4f39452..5969a51 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ /go-rvpn-server +/m diff --git a/README.md b/README.md index b82a017..4aed08e 100644 --- a/README.md +++ b/README.md @@ -13,35 +13,31 @@ Run the VPN go build && ./go-rvpn-server ``` -Activate a webbrowser: https://127.0.0.1:8000/ - -Open Dev Console - -Hit the Start WebSocket --> should turn "Green" - -Put some test in the send, and hit the send button. - -* observe java console, every 'this is a test' coming from the vpn to client... -* observe terminal console when pressing "send". - +In another terminal execute the client +``` bash +bin/stunnel.js --locals http:hfc.daplie.me:3000,http://test.hfc.daplie.me:3001 --stunneld wss://localhost.daplie.me:8000 --secret abc123 ``` -INFO: 2017/02/01 21:22:49 connection_table.go:23: register fired -INFO: 2017/02/01 21:22:49 connection_table.go:27: &{0xc420120040 0xc420163cc0 0xc4201254a0 [::1]:61392 false 0 0} -INFO: 2017/02/01 21:22:49 connection.go:71: activate timer &{0xc42027ec00 {2 1486005774583377390 5000000000 0xcf900 0xc42027ec00 0}} -INFO: 2017/02/01 21:22:49 connection.go:96: activate timer &{0xc420125500 {0 1486005774583361223 5000000000 0xcf900 0xc420125500 0}} -INFO: 2017/02/01 21:22:53 connection.go:62: [97 115 100 102 97 115 100 102 97 115 100 102 97 115 100 102] -INFO: 2017/02/01 21:22:53 connection.go:65: &{0xc420120040 0xc420163cc0 0xc4201254a0 [::1]:61392 false 16 0} -INFO: 2017/02/01 21:22:54 connection.go:103: Dwell Activated -INFO: 2017/02/01 21:22:56 connection.go:62: [97 115 100 102 97 115 100 102 97 115 100 102 97 115 100 102] -INFO: 2017/02/01 21:22:56 connection.go:65: &{0xc420120040 0xc420163cc0 0xc4201254a0 [::1]:61392 false 32 14} -INFO: 2017/02/01 21:22:58 connection.go:62: [97 115 100 102 97 115 100 102 97 115 100 102 97 115 100 102] -INFO: 2017/02/01 21:22:58 connection.go:65: &{0xc420120040 0xc420163cc0 0xc4201254a0 [::1]:61392 false 48 14} -INFO: 2017/02/01 21:22:59 connection.go:103: Dwell Activated + +A good authentication +``` +INFO: 2017/02/02 21:22:22 vpn-server.go:88: startup +INFO: 2017/02/02 21:22:22 vpn-server.go:90: :8000 +INFO: 2017/02/02 21:22:22 vpn-server.go:73: starting Listener +INFO: 2017/02/02 21:22:22 connection_table.go:19: ConnectionTable starting +INFO: 2017/02/02 21:22:24 connection.go:113: websocket opening 127.0.0.1:55469 +INFO: 2017/02/02 21:22:24 connection.go:127: access_token valid +INFO: 2017/02/02 21:22:24 connection.go:130: processing domains [hfc.daplie.me test.hfc.daplie.me] ``` -The last two numbers after false are bytes read, bytes written. - - +Change the key on the command client to test a valid secret +``` bash +INFO: 2017/02/02 21:24:13 vpn-server.go:88: startup +INFO: 2017/02/02 21:24:13 vpn-server.go:90: :8000 +INFO: 2017/02/02 21:24:13 vpn-server.go:73: starting Listener +INFO: 2017/02/02 21:24:13 connection_table.go:19: ConnectionTable starting +INFO: 2017/02/02 21:24:15 connection.go:113: websocket opening 127.0.0.1:55487 +INFO: 2017/02/02 21:24:15 connection.go:123: access_token invalid...closing connection +``` A Poor Man's Reverse VPN written in Go diff --git a/connection.go b/connection.go index bbd02a9..d39db8f 100755 --- a/connection.go +++ b/connection.go @@ -1,11 +1,13 @@ package main import ( + "encoding/hex" "log" "net/http" "time" + "github.com/dgrijalva/jwt-go" "github.com/gorilla/websocket" ) @@ -59,7 +61,7 @@ func (c *Connection) reader() { } break } - loginfo.Println(message) + loginfo.Println(hex.Dump(message)) c.addIn(int64(len(message))) loginfo.Println(c) @@ -110,6 +112,23 @@ func (c *Connection) sender() { func handleConnectionWebSocket(connectionTable *ConnectionTable, w http.ResponseWriter, r *http.Request, admin bool) { loginfo.Println("websocket opening ", r.RemoteAddr) + tokenString := r.URL.Query().Get("access_token") + result, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) { + return []byte(secretKey), nil + }) + + if err != nil || !result.Valid { + w.WriteHeader(http.StatusForbidden) + w.Write([]byte("Not Authorized")) + loginfo.Println("access_token invalid...closing connection") + return + } + + loginfo.Println("access_token valid") + + claims := result.Claims.(jwt.MapClaims) + loginfo.Println("processing domains", claims["domains"]) + if admin == true { loginfo.Println("Recognized Admin connection, waiting authentication") } else { @@ -124,6 +143,6 @@ func handleConnectionWebSocket(connectionTable *ConnectionTable, w http.Response connection := &Connection{connectionTable: connectionTable, conn: conn, send: make(chan []byte, 256), source: r.RemoteAddr, admin: admin} connection.connectionTable.register <- connection go connection.writer() - go connection.sender() + //go connection.sender() connection.reader() } diff --git a/vpn-server.go b/vpn-server.go index 789f16d..3dd874b 100644 --- a/vpn-server.go +++ b/vpn-server.go @@ -31,6 +31,7 @@ var ( logFlags = log.Ldate | log.Ltime | log.Lshortfile argServerPort = flag.String("server-port", ":8000", "serverPort listener") connectionTable *ConnectionTable + secretKey = "abc123" ) func logInit(infoHandle io.Writer) { @@ -47,8 +48,9 @@ handlerServeContent -- Handles generic URI paths / func handlerServeContent(w http.ResponseWriter, r *http.Request) { switch url := r.URL.Path; url { case "/": - w.Header().Set("Content-Type", "text/html; charset=utf-8") - template.Must(template.ParseFiles("html/client.html")).Execute(w, r.Host) + handleConnectionWebSocket(connectionTable, w, r, false) + //w.Header().Set("Content-Type", "text/html; charset=utf-8") + //template.Must(template.ParseFiles("html/client.html")).Execute(w, r.Host) case "/admin": w.Header().Set("Content-Type", "text/html; charset=utf-8")