tunneling tunnels
This commit is contained in:
AJ ONeal
parent
c4e3cb3c07
commit
20c7bc977c
70
lib/app.js
70
lib/app.js
|
|
@ -15,9 +15,12 @@ module.exports = function (opts) {
|
||||||
//var server;
|
//var server;
|
||||||
var serveInit;
|
var serveInit;
|
||||||
var app;
|
var app;
|
||||||
|
var tun;
|
||||||
|
var request;
|
||||||
|
|
||||||
|
/*
|
||||||
function _reloadWrite(data, enc, cb) {
|
function _reloadWrite(data, enc, cb) {
|
||||||
/*jshint validthis: true */
|
// /*jshint validthis: true */ /*
|
||||||
if (this.headersSent) {
|
if (this.headersSent) {
|
||||||
this.__write(data, enc, cb);
|
this.__write(data, enc, cb);
|
||||||
return;
|
return;
|
||||||
|
|
@ -35,6 +38,7 @@ module.exports = function (opts) {
|
||||||
this.__write(this.__my_livereload);
|
this.__write(this.__my_livereload);
|
||||||
this.__write(data, enc, cb);
|
this.__write(data, enc, cb);
|
||||||
}
|
}
|
||||||
|
*/
|
||||||
|
|
||||||
|
|
||||||
function createServeInit() {
|
function createServeInit() {
|
||||||
|
|
@ -49,6 +53,7 @@ module.exports = function (opts) {
|
||||||
var ownersPath = path.join(__dirname, '..', 'var', 'owners.json');
|
var ownersPath = path.join(__dirname, '..', 'var', 'owners.json');
|
||||||
|
|
||||||
var scmp = require('scmp');
|
var scmp = require('scmp');
|
||||||
|
request = request || PromiseA.promisify(require('request'));
|
||||||
|
|
||||||
return require('../packages/apis/com.daplie.caddy').create({
|
return require('../packages/apis/com.daplie.caddy').create({
|
||||||
PromiseA: PromiseA
|
PromiseA: PromiseA
|
||||||
|
|
@ -100,10 +105,38 @@ module.exports = function (opts) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
, recase: require('recase').create({})
|
, recase: require('recase').create({})
|
||||||
, request: PromiseA.promisify(require('request'))
|
, request: request
|
||||||
, options: opts
|
, options: opts
|
||||||
, api: {
|
, api: {
|
||||||
tunnel: function (deps, session) {
|
// TODO move loopback to oauth3.api('tunnel:loopback')
|
||||||
|
loopback: function (deps, session, opts2) {
|
||||||
|
var crypto = require('crypto');
|
||||||
|
var token = crypto.randomBytes(16).toString('hex');
|
||||||
|
var keyAuthorization = crypto.randomBytes(16).toString('hex');
|
||||||
|
var nonce = crypto.randomBytes(16).toString('hex');
|
||||||
|
|
||||||
|
// TODO set token and keyAuthorization to /.well-known/cloud-challenge/:token
|
||||||
|
return request({
|
||||||
|
method: 'POST'
|
||||||
|
, url: 'https://oauth3.org/api/org.oauth3.tunnel/loopback'
|
||||||
|
, json: {
|
||||||
|
address: opts2.address
|
||||||
|
, port: opts2.port
|
||||||
|
, token: token
|
||||||
|
, keyAuthorization: keyAuthorization
|
||||||
|
, servername: opts2.servername
|
||||||
|
, nonce: nonce
|
||||||
|
, scheme: 'https'
|
||||||
|
, iat: Date.now()
|
||||||
|
}
|
||||||
|
}).then(function (result) {
|
||||||
|
// TODO this will always fail at the moment
|
||||||
|
console.log('loopback result:');
|
||||||
|
return result;
|
||||||
|
});
|
||||||
|
}
|
||||||
|
, tunnel: function (deps, session) {
|
||||||
|
// TODO save session to config and turn tunnel on
|
||||||
var OAUTH3 = deps.OAUTH3;
|
var OAUTH3 = deps.OAUTH3;
|
||||||
var url = require('url');
|
var url = require('url');
|
||||||
var providerUri = session.token.aud;
|
var providerUri = session.token.aud;
|
||||||
|
|
@ -115,6 +148,7 @@ module.exports = function (opts) {
|
||||||
//var crypto = require('crypto');
|
//var crypto = require('crypto');
|
||||||
//var id = crypto.createHash('sha256').update(session.token.sub).digest('hex');
|
//var id = crypto.createHash('sha256').update(session.token.sub).digest('hex');
|
||||||
return oauth3.setProvider(providerUri).then(function () {
|
return oauth3.setProvider(providerUri).then(function () {
|
||||||
|
/*
|
||||||
return oauth3.api('domains.list').then(function (domains) {
|
return oauth3.api('domains.list').then(function (domains) {
|
||||||
var domainsMap = {};
|
var domainsMap = {};
|
||||||
domains.forEach(function (d) {
|
domains.forEach(function (d) {
|
||||||
|
|
@ -126,14 +160,15 @@ module.exports = function (opts) {
|
||||||
}
|
}
|
||||||
domainsMap[d.name] = true;
|
domainsMap[d.name] = true;
|
||||||
});
|
});
|
||||||
|
*/
|
||||||
|
|
||||||
//console.log('domains matching hostname', Object.keys(domainsMap));
|
//console.log('domains matching hostname', Object.keys(domainsMap));
|
||||||
//console.log('device', deps.options.device);
|
//console.log('device', deps.options.device);
|
||||||
return oauth3.api('tunnel.token', {
|
return oauth3.api('tunnel.token', {
|
||||||
data: {
|
data: {
|
||||||
// filter to all domains that are on this device
|
// filter to all domains that are on this device
|
||||||
domains: Object.keys(domainsMap)
|
//domains: Object.keys(domainsMap)
|
||||||
, device: {
|
device: {
|
||||||
hostname: deps.options.device.hostname
|
hostname: deps.options.device.hostname
|
||||||
, id: deps.options.device.uid || deps.options.device.id
|
, id: deps.options.device.uid || deps.options.device.id
|
||||||
}
|
}
|
||||||
|
|
@ -142,17 +177,34 @@ module.exports = function (opts) {
|
||||||
console.log('got a token from the tunnel server?');
|
console.log('got a token from the tunnel server?');
|
||||||
console.log(result);
|
console.log(result);
|
||||||
if (!result.tunnelUrl) {
|
if (!result.tunnelUrl) {
|
||||||
result.tunnelUrl = ('wss://' + (new Buffer(results.jwt.split('.')[1], 'base64').toString('ascii')).aud + '/');
|
result.tunnelUrl = ('wss://' + (new Buffer(result.jwt.split('.')[1], 'base64').toString('ascii')).aud + '/');
|
||||||
}
|
}
|
||||||
var opts = {
|
var opts3 = {
|
||||||
token: results.jwt
|
token: result.jwt
|
||||||
, stunneld: results.tunnelUrl
|
, stunneld: result.tunnelUrl
|
||||||
// we'll provide faux networking and pipe as we please
|
// we'll provide faux networking and pipe as we please
|
||||||
, services: { https: { '*': 443 }, http: { '*': 80 }, smtp: { '*': 25}, smtps: { '*': 587 /*also 465/starttls*/ } /*, ssh: { '*': 22 }*/ }
|
, services: { https: { '*': 443 }, http: { '*': 80 }, smtp: { '*': 25}, smtps: { '*': 587 /*also 465/starttls*/ } /*, ssh: { '*': 22 }*/ }
|
||||||
, net: opts.net
|
, net: opts.net
|
||||||
};
|
};
|
||||||
|
|
||||||
|
if (tun) {
|
||||||
|
if (tun.append) {
|
||||||
|
tun.append(result.jwt);
|
||||||
|
}
|
||||||
|
else if (tun.end) {
|
||||||
|
tun.end();
|
||||||
|
tun = null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!tun) {
|
||||||
|
tun = stunnel.connect(opts3);
|
||||||
|
opts.tun = true;
|
||||||
|
}
|
||||||
});
|
});
|
||||||
|
/*
|
||||||
});
|
});
|
||||||
|
*/
|
||||||
});
|
});
|
||||||
//, { token: token, refresh: refresh });
|
//, { token: token, refresh: refresh });
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -124,7 +124,13 @@ module.exports.create = function (deps) {
|
||||||
|
|
||||||
return deps.storage.owners.get(req.userId).then(function (session) {
|
return deps.storage.owners.get(req.userId).then(function (session) {
|
||||||
session.token.id = req.userId;
|
session.token.id = req.userId;
|
||||||
return api.tunnel(deps, session);
|
return api.tunnel(deps, session).then(function () {
|
||||||
|
res.setHeader('Content-Type', 'application/json;');
|
||||||
|
res.end(JSON.stringify({ success: true }));
|
||||||
|
}, function (err) {
|
||||||
|
res.setHeader('Content-Type', 'application/json;');
|
||||||
|
res.end(JSON.stringify({ error: { message: err.message, code: err.code, uri: err.uri } }));
|
||||||
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue