updated to support wss://localhost:8000/ w/jwt validation

- checks validity of the token, and aborts connection if invalid - displays domains processed contained in token.
2025-10-31 13:22:46 +00:00 · 2017-02-02 21:28:25 -06:00 · 2017-02-02 21:28:25 -06:00 · c781b64cb7
commit c781b64cb7
parent d3747c809a
4 changed files with 48 additions and 30 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,3 @@
 /go-rvpn-server
 /m
--- a/README.md
+++ b/README.md
@ -13,35 +13,31 @@ Run the VPN
 go build && ./go-rvpn-server
 ```
-Activate a webbrowser:  https://127.0.0.1:8000/
+In another terminal execute the client
-
+``` bash
-Open Dev Console
+bin/stunnel.js --locals http:hfc.daplie.me:3000,http://test.hfc.daplie.me:3001 --stunneld wss://localhost.daplie.me:8000 --secret abc123
 Hit the Start WebSocket --> should turn "Green"
 Put some test in the send, and hit the send button.
 * observe java console, every 'this is a test' coming from the vpn to client...
 * observe terminal console when pressing "send".
 ```
-INFO: 2017/02/01 21:22:49 connection_table.go:23: register fired
+
-INFO: 2017/02/01 21:22:49 connection_table.go:27: &{0xc420120040 0xc420163cc0 0xc4201254a0 [::1]:61392 false 0 0}
+A good authentication
-INFO: 2017/02/01 21:22:49 connection.go:71: activate timer &{0xc42027ec00 {2 1486005774583377390 5000000000 0xcf900 0xc42027ec00 0}}
+```
-INFO: 2017/02/01 21:22:49 connection.go:96: activate timer &{0xc420125500 {0 1486005774583361223 5000000000 0xcf900 0xc420125500 0}}
+INFO: 2017/02/02 21:22:22 vpn-server.go:88: startup
-INFO: 2017/02/01 21:22:53 connection.go:62: [97 115 100 102 97 115 100 102 97 115 100 102 97 115 100 102]
+INFO: 2017/02/02 21:22:22 vpn-server.go:90: :8000
-INFO: 2017/02/01 21:22:53 connection.go:65: &{0xc420120040 0xc420163cc0 0xc4201254a0 [::1]:61392 false 16 0}
+INFO: 2017/02/02 21:22:22 vpn-server.go:73: starting Listener
-INFO: 2017/02/01 21:22:54 connection.go:103: Dwell Activated
+INFO: 2017/02/02 21:22:22 connection_table.go:19: ConnectionTable starting
-INFO: 2017/02/01 21:22:56 connection.go:62: [97 115 100 102 97 115 100 102 97 115 100 102 97 115 100 102]
+INFO: 2017/02/02 21:22:24 connection.go:113: websocket opening  127.0.0.1:55469
-INFO: 2017/02/01 21:22:56 connection.go:65: &{0xc420120040 0xc420163cc0 0xc4201254a0 [::1]:61392 false 32 14}
+INFO: 2017/02/02 21:22:24 connection.go:127: access_token valid
-INFO: 2017/02/01 21:22:58 connection.go:62: [97 115 100 102 97 115 100 102 97 115 100 102 97 115 100 102]
+INFO: 2017/02/02 21:22:24 connection.go:130: processing domains [hfc.daplie.me test.hfc.daplie.me]
 INFO: 2017/02/01 21:22:58 connection.go:65: &{0xc420120040 0xc420163cc0 0xc4201254a0 [::1]:61392 false 48 14}
 INFO: 2017/02/01 21:22:59 connection.go:103: Dwell Activated
 ```
 The last two numbers after false are bytes read, bytes written.
 Change the key on the command client to test a valid secret
 ``` bash
 INFO: 2017/02/02 21:24:13 vpn-server.go:88: startup
 INFO: 2017/02/02 21:24:13 vpn-server.go:90: :8000
 INFO: 2017/02/02 21:24:13 vpn-server.go:73: starting Listener
 INFO: 2017/02/02 21:24:13 connection_table.go:19: ConnectionTable starting
 INFO: 2017/02/02 21:24:15 connection.go:113: websocket opening  127.0.0.1:55487
 INFO: 2017/02/02 21:24:15 connection.go:123: access_token invalid...closing connection
 ```
 A Poor Man's Reverse VPN written in Go
--- a/connection.go
+++ b/connection.go
@ -1,11 +1,13 @@
 package main
 import (
 	"encoding/hex"
 	"log"
 	"net/http"
 	"time"
 	"github.com/dgrijalva/jwt-go"
 	"github.com/gorilla/websocket"
 )
@ -59,7 +61,7 @@ func (c *Connection) reader() {
 			}
 			break
 		}
-		loginfo.Println(message)
+		loginfo.Println(hex.Dump(message))
 		c.addIn(int64(len(message)))
 		loginfo.Println(c)
@ -110,6 +112,23 @@ func (c *Connection) sender() {
 func handleConnectionWebSocket(connectionTable *ConnectionTable, w http.ResponseWriter, r *http.Request, admin bool) {
 	loginfo.Println("websocket opening ", r.RemoteAddr)
 	tokenString := r.URL.Query().Get("access_token")
 	result, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
 		return []byte(secretKey), nil
 	})
 	if err != nil || !result.Valid {
 		w.WriteHeader(http.StatusForbidden)
 		w.Write([]byte("Not Authorized"))
 		loginfo.Println("access_token invalid...closing connection")
 		return
 	}
 	loginfo.Println("access_token valid")
 	claims := result.Claims.(jwt.MapClaims)
 	loginfo.Println("processing domains", claims["domains"])
 	if admin == true {
 		loginfo.Println("Recognized Admin connection, waiting authentication")
 	} else {
@ -124,6 +143,6 @@ func handleConnectionWebSocket(connectionTable *ConnectionTable, w http.Response
 	connection := &Connection{connectionTable: connectionTable, conn: conn, send: make(chan []byte, 256), source: r.RemoteAddr, admin: admin}
 	connection.connectionTable.register <- connection
 	go connection.writer()
-	go connection.sender()
+	//go connection.sender()
 	connection.reader()
 }
--- a/vpn-server.go
+++ b/vpn-server.go
@ -31,6 +31,7 @@ var (
 	logFlags        = log.Ldate | log.Ltime | log.Lshortfile
 	argServerPort   = flag.String("server-port", ":8000", "serverPort listener")
 	connectionTable *ConnectionTable
 	secretKey       = "abc123"
 )
 func logInit(infoHandle io.Writer) {
@ -47,8 +48,9 @@ handlerServeContent -- Handles generic URI paths /
 func handlerServeContent(w http.ResponseWriter, r *http.Request) {
 	switch url := r.URL.Path; url {
 	case "/":
-		w.Header().Set("Content-Type", "text/html; charset=utf-8")
+		handleConnectionWebSocket(connectionTable, w, r, false)
-		template.Must(template.ParseFiles("html/client.html")).Execute(w, r.Host)
+		//w.Header().Set("Content-Type", "text/html; charset=utf-8")
 		//template.Must(template.ParseFiles("html/client.html")).Execute(w, r.Host)
 	case "/admin":
 		w.Header().Set("Content-Type", "text/html; charset=utf-8")