WIP stunnel.js support
This commit is contained in:
parent
fb5407c29e
commit
59721582c5
|
@ -198,7 +198,7 @@
|
|||
type="button"
|
||||
class="btn btn-success"
|
||||
ng-if="'oauth3-tunnel' !== vm.admin.network.iface"
|
||||
ng-click="vm.admin.network.iface = 'oauth3-tunnel'"
|
||||
ng-click="vm.enableTunnel()"
|
||||
>Enable</button>
|
||||
<div ng-if="'oauth3-tunnel' === vm.admin.network.iface">
|
||||
<button
|
||||
|
@ -212,7 +212,7 @@
|
|||
type="button"
|
||||
class="btn btn-link"
|
||||
ng-click="vm.admin.tunnel.advanced = false"
|
||||
>Show Advanced Options</button>
|
||||
>Hide Advanced Options</button>
|
||||
</div>
|
||||
</td>
|
||||
</tr>
|
||||
|
|
|
@ -239,6 +239,21 @@ angular.module('com.daplie.cloud', [ 'org.oauth3' ])
|
|||
});
|
||||
};
|
||||
|
||||
vm.enableTunnel = function (/*opts*/) {
|
||||
vm.admin.network.iface = 'oauth3-tunnel';
|
||||
|
||||
return oauth3.request({
|
||||
method: 'POST'
|
||||
, url: 'https://' + vm.clientUri + '/api/com.daplie.caddy/tunnel'
|
||||
/*
|
||||
, data: {
|
||||
method: 'GET'
|
||||
, url: 'https://api.ipify.org?format=json'
|
||||
}
|
||||
*/
|
||||
});
|
||||
};
|
||||
|
||||
oauth3.checkSession().then(function (session) {
|
||||
console.log('hasSession?', session);
|
||||
});
|
||||
|
|
|
@ -136,6 +136,16 @@ function createServer(port, _delete_me_, content, opts) {
|
|||
, addresses: addresses
|
||||
, devices: devices.devices
|
||||
, device: devices.device
|
||||
, net: {
|
||||
createConnection: function (opts, cb) {
|
||||
// opts = { host, port, data
|
||||
// , /*proprietary to tunneler*/ servername, remoteAddress, remoteFamily, remotePort
|
||||
// , secure (tls already terminated by a proxy) }
|
||||
// // http://stackoverflow.com/questions/10348906/how-to-know-if-a-request-is-http-or-https-in-node-js
|
||||
// var packerStream = require('tunnel-packer').Stream;
|
||||
// TODO here we will have the tls termination (or re-forward)
|
||||
}
|
||||
}
|
||||
};
|
||||
var server;
|
||||
var insecureServer;
|
||||
|
|
84
lib/app.js
84
lib/app.js
|
@ -39,11 +39,20 @@ module.exports = function (opts) {
|
|||
|
||||
function createServeInit() {
|
||||
var PromiseA = require('bluebird');
|
||||
var stunnel = require('stunnel');
|
||||
var OAUTH3 = require('../packages/assets/org.oauth3');
|
||||
require('../packages/assets/org.oauth3/oauth3.domains.js');
|
||||
require('../packages/assets/org.oauth3/oauth3.dns.js');
|
||||
require('../packages/assets/org.oauth3/oauth3.tunnel.js');
|
||||
OAUTH3._hooks = require('../packages/assets/org.oauth3/oauth3.node.storage.js');
|
||||
var fs = PromiseA.promisifyAll(require('fs'));
|
||||
var ownersPath = path.join(__dirname, '..', 'var', 'owners.json');
|
||||
|
||||
var scmp = require('scmp');
|
||||
|
||||
return require('../packages/apis/com.daplie.caddy').create({
|
||||
PromiseA: PromiseA
|
||||
, OAUTH3: OAUTH3
|
||||
, storage: {
|
||||
owners: {
|
||||
all: function () {
|
||||
|
@ -60,6 +69,22 @@ module.exports = function (opts) {
|
|||
return owner;
|
||||
}));
|
||||
}
|
||||
, get: function (id) {
|
||||
var me = this;
|
||||
|
||||
return me.all().then(function (owners) {
|
||||
return owners.filter(function (owner) {
|
||||
return scmp(id, owner.id);
|
||||
})[0];
|
||||
});
|
||||
}
|
||||
, exists: function (id) {
|
||||
var me = this;
|
||||
|
||||
return me.get(id).then(function (owner) {
|
||||
return !!owner;
|
||||
});
|
||||
}
|
||||
, set: function (id, obj) {
|
||||
var owners;
|
||||
try {
|
||||
|
@ -77,6 +102,61 @@ module.exports = function (opts) {
|
|||
, recase: require('recase').create({})
|
||||
, request: PromiseA.promisify(require('request'))
|
||||
, options: opts
|
||||
, api: {
|
||||
tunnel: function (deps, session) {
|
||||
var OAUTH3 = deps.OAUTH3;
|
||||
var url = require('url');
|
||||
var providerUri = session.token.aud;
|
||||
var urlObj = url.parse(OAUTH3.url.normalize(session.token.azp));
|
||||
var oauth3 = OAUTH3.create(urlObj, {
|
||||
providerUri: providerUri
|
||||
, session: session
|
||||
});
|
||||
//var crypto = require('crypto');
|
||||
//var id = crypto.createHash('sha256').update(session.token.sub).digest('hex');
|
||||
return oauth3.setProvider(providerUri).then(function () {
|
||||
return oauth3.api('domains.list').then(function (domains) {
|
||||
var domainsMap = {};
|
||||
domains.forEach(function (d) {
|
||||
if (!d.device) {
|
||||
return;
|
||||
}
|
||||
if (d.device !== deps.options.device.hostname) {
|
||||
return;
|
||||
}
|
||||
domainsMap[d.name] = true;
|
||||
});
|
||||
|
||||
//console.log('domains matching hostname', Object.keys(domainsMap));
|
||||
//console.log('device', deps.options.device);
|
||||
return oauth3.api('tunnel.token', {
|
||||
data: {
|
||||
// filter to all domains that are on this device
|
||||
domains: Object.keys(domainsMap)
|
||||
, device: {
|
||||
hostname: deps.options.device.hostname
|
||||
, id: deps.options.device.uid || deps.options.device.id
|
||||
}
|
||||
}
|
||||
}).then(function (result) {
|
||||
console.log('got a token from the tunnel server?');
|
||||
console.log(result);
|
||||
if (!result.tunnelUrl) {
|
||||
result.tunnelUrl = ('wss://' + (new Buffer(results.jwt.split('.')[1], 'base64').toString('ascii')).aud + '/');
|
||||
}
|
||||
var opts = {
|
||||
token: results.jwt
|
||||
, stunneld: results.tunnelUrl
|
||||
// we'll provide faux networking and pipe as we please
|
||||
, services: { https: { '*': 443 }, http: { '*': 80 }, smtp: { '*': 25}, smtps: { '*': 587 /*also 465/starttls*/ } /*, ssh: { '*': 22 }*/ }
|
||||
, net: opts.net
|
||||
};
|
||||
});
|
||||
});
|
||||
});
|
||||
//, { token: token, refresh: refresh });
|
||||
}
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
|
@ -160,6 +240,10 @@ module.exports = function (opts) {
|
|||
serveInit.init(req, res);
|
||||
return;
|
||||
}
|
||||
if ('/api/com.daplie.caddy/tunnel' === req.url) {
|
||||
serveInit.tunnel(req, res);
|
||||
return;
|
||||
}
|
||||
if ('/api/com.daplie.caddy/config' === req.url) {
|
||||
serveInit.config(req, res);
|
||||
return;
|
||||
|
|
|
@ -62,6 +62,6 @@
|
|||
"scmp": "git+https://github.com/freewil/scmp.git#1.x",
|
||||
"serve-index": "^1.7.0",
|
||||
"serve-static": "^1.10.0",
|
||||
"stunnel": "git+https://git.daplie.com/Daplie/node-tunnel-client.git#master"
|
||||
"stunnel": "git+https://git.daplie.com/Daplie/node-tunnel-client.git#v1"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,50 +1,6 @@
|
|||
'use strict';
|
||||
|
||||
module.exports.dependencies = [ 'OAUTH3', 'storage.owners', 'options.device' ];
|
||||
module.exports.api = {
|
||||
tunnel: function (deps, session) {
|
||||
var OAUTH3 = deps.OAUTH3;
|
||||
var url = require('url');
|
||||
var providerUri = session.token.aud;
|
||||
var urlObj = url.parse(OAUTH3.url.normalize(session.token.azp));
|
||||
var oauth3 = OAUTH3.create(urlObj, {
|
||||
providerUri: providerUri
|
||||
, session: session
|
||||
});
|
||||
//var crypto = require('crypto');
|
||||
//var id = crypto.createHash('sha256').update(session.token.sub).digest('hex');
|
||||
return oauth3.setProvider(providerUri).then(function () {
|
||||
return oauth3.api('domains.list').then(function (domains) {
|
||||
var domainsMap = {};
|
||||
domains.forEach(function (d) {
|
||||
if (!d.device) {
|
||||
return;
|
||||
}
|
||||
if (d.device !== deps.options.device.hostname) {
|
||||
return;
|
||||
}
|
||||
domainsMap[d.name] = true;
|
||||
});
|
||||
|
||||
console.log('domains matching hostname', Object.keys(domainsMap));
|
||||
console.log('device', deps.options.device);
|
||||
return oauth3.api('tunnel.token', {
|
||||
data: {
|
||||
// filter to all domains that are on this device
|
||||
domains: Object.keys(domainsMap)
|
||||
, device: {
|
||||
hostname: deps.options.device.hostname
|
||||
, id: deps.options.device.uid || deps.options.device.id
|
||||
}
|
||||
}
|
||||
}).then(function (result) {
|
||||
console.log(result);
|
||||
});
|
||||
});
|
||||
});
|
||||
//, { token: token, refresh: refresh });
|
||||
}
|
||||
};
|
||||
module.exports.create = function (deps) {
|
||||
var scmp = require('scmp');
|
||||
var crypto = require('crypto');
|
||||
|
@ -54,7 +10,7 @@ module.exports.create = function (deps) {
|
|||
inflate: true, limit: '100kb', reviver: null, strict: true /* type, verify */
|
||||
});
|
||||
|
||||
var api = module.exports.api;
|
||||
var api = deps.api;
|
||||
|
||||
/*
|
||||
var owners;
|
||||
|
@ -62,13 +18,6 @@ module.exports.create = function (deps) {
|
|||
owners = _owners;
|
||||
});
|
||||
*/
|
||||
deps.storage.owners.exists = function (id) {
|
||||
return deps.storage.owners.all().then(function (owners) {
|
||||
return owners.some(function (owner) {
|
||||
return scmp(id, owner.id);
|
||||
});
|
||||
});
|
||||
};
|
||||
|
||||
function isAuthorized(req, res, fn) {
|
||||
var auth = jwt.decode((req.headers.authorization||'').replace(/^bearer\s+/i, ''));
|
||||
|
|
|
@ -1 +1 @@
|
|||
Subproject commit 8f773c9de4ee9fdb893026c1045740635308922b
|
||||
Subproject commit 3a805d071a4a84371b9bc674839d2511dd9aa4d3
|
Loading…
Reference in New Issue