made the --tunnel option (partially) work

2017-05-26 12:11:39 -06:00 · 2017-05-26 12:11:39 -06:00 · 509f2f4f4f
parent 5c7f2321cc
commit 509f2f4f4f
4 changed files with 63 additions and 48 deletions
--- a/bin/goldilocks.js
+++ b/bin/goldilocks.js
@ -137,6 +137,8 @@ function readConfigAndRun(args) {
  config.addresses = addresses;
  config.device = { hostname: 'daplien-pod' };

+  config.tunnel = args.tunnel || config.tunnel;
+
  var PromiseA = require('bluebird');
  var tcpProm, dnsProm;

--- a/lib/app.js
+++ b/lib/app.js
@ -15,7 +15,6 @@ module.exports = function (myDeps, conf, overrideHttp) {
  //var server;
  var serveInit;
  var app;
-  var tun;
  var request;

  /*
@ -43,7 +42,6 @@ module.exports = function (myDeps, conf, overrideHttp) {

  function createServeInit() {
    var PromiseA = require('bluebird');
-    var stunnel = require('stunnel');
    var OAUTH3 = require('../packages/assets/org.oauth3');
    require('../packages/assets/org.oauth3/oauth3.domains.js');
    require('../packages/assets/org.oauth3/oauth3.dns.js');
@ -143,8 +141,7 @@ module.exports = function (myDeps, conf, overrideHttp) {
          providerUri: providerUri
        , session: session
        });
-        //var crypto = require('crypto');
-        //var id = crypto.createHash('sha256').update(session.token.sub).digest('hex');
+
        return oauth3.setProvider(providerUri).then(function () {
          /*
          return oauth3.api('domains.list').then(function (domains) {
@ -173,55 +170,13 @@ module.exports = function (myDeps, conf, overrideHttp) {
              }
            }).then(function (result) {
              console.log('got a token from the tunnel server?');
-              console.log(result);
-              if (!result.tunnelUrl) {
-                result.tunnelUrl = ('wss://' + (new Buffer(result.jwt.split('.')[1], 'base64').toString('ascii')).aud + '/');
-              }
-              var services = { https: { '*': 443 }, http: { '*': 80 }, smtp: { '*': 25}, smtps: { '*': 587 /*also 465/starttls*/ } /*, ssh: { '*': 22 }*/ };
-              /*
-              console.log('blah');
-              console.log(result.jwt);
-              console.log(result.tunnelUrl);
-              console.log(services);
-              console.log('deps.tunnel');
-              console.log(deps.tunnel);
-              console.log('deps.tunnel.net');
-              console.log(deps.tunnel.net.toString());
-              console.log('deps.net');
-              console.log(deps.net);
-              */
-              var opts3 = {
-                token: result.jwt
-              , stunneld: result.tunnelUrl
-                // we'll provide faux networking and pipe as we please
-              , services: services
-              , net: myDeps.tunnel.net
-              };
-
-              console.log('blah 2');
-              if (tun) {
-                console.log('balh 3');
-                if (tun.append) {
-                  tun.append(result.jwt);
-                }
-                else if (tun.end) {
-                  tun.end();
-                  tun = null;
-                }
-              }
-
-              console.log('might have tunnel?');
-              if (!tun) {
-                console.log('connecting to the tunnel');
-                tun = stunnel.connect(opts3);
-                conf.tun = true;
-              }
+              result.owner = session.id;
+              deps.tunneler.add(result);
            });
          /*
          });
          */
        });
-        //, { token: token, refresh: refresh });
      }
    };

--- a/lib/goldilocks.js
+++ b/lib/goldilocks.js
@ -184,6 +184,7 @@ module.exports.create = function (deps, config) {
      return writer;
    }
  };
+  deps.tunneler = require('./tunnel-manager').create(deps, config);

  var listenPromises = [];
  var tcpPortMap = {};
--- a/lib/tunnel-manager.js
+++ b/lib/tunnel-manager.js
@ -0,0 +1,57 @@
+'use strict';
+
+module.exports.create = function (deps, config) {
+  var stunnel = require('stunnel');
+  var activeTunnels = {};
+
+  function addToken(data) {
+    if (!data.tunnelUrl) {
+      var decoded;
+      try {
+        decoded = JSON.parse(new Buffer(data.jwt.split('.')[1], 'base64').toString('ascii'));
+      } catch (err) {
+        console.warn('invalid web token given to tunnel manager', err);
+        return;
+      }
+      if (!decoded.aud) {
+        console.warn('tunnel manager given token with no tunnelUrl or audience');
+        return;
+      }
+      data.tunnelUrl = 'wss://' + decoded.aud + '/';
+    }
+
+    if (!activeTunnels[data.tunnelUrl]) {
+      console.log('creating new tunnel client for', data.tunnelUrl);
+      // We create the tunnel without an initial token so we can append the token and
+      // get the promise that should tell us more about if it worked or not.
+      activeTunnels[data.tunnelUrl] = stunnel.connect({
+        stunneld: data.tunnelUrl
+      , net: deps.tunnel.net
+        // NOTE: the ports here aren't that important since we are providing a custom
+        // `net.createConnection` that doesn't actually use the port. What is important
+        // is that any services we are interested in are listed in this object and have
+        // a '*' sub-property.
+      , services: {
+          https: { '*': 443 }
+        , http:  { '*': 80 }
+        , smtp:  { '*': 25 }
+        , smtps: { '*': 587 /*also 465/starttls*/ }
+        , ssh:   { '*': 22 }
+        }
+      });
+    }
+
+    console.log('appending token to tunnel at', data.tunnelUrl);
+    return activeTunnels[data.tunnelUrl].append(data.jwt);
+  }
+
+  if (typeof config.tunnel === 'string') {
+    config.tunnel.split(',').forEach(function (jwt) {
+      addToken({ jwt: jwt, owner: 'config' });
+    });
+  }
+
+  return {
+    add: addToken
+  };
+};