telebit-relay.js/lib/relay.js

'use strict';

var Packer = require('proxy-packer');
var Packer = require('proxy-packer');
var PromiseA;
try {
  PromiseA = require('bluebird');
} catch(e) {
  PromiseA = global.Promise;
}

var Devices = require('./device-tracker');
var Server = require('./server.js');

module.exports.store = { Devices: Devices };
module.exports.create = function (state) {
  state.deviceLists = { _domains: {}, _devices: {} };
  state.deviceCallbacks = {};
  state.srvs = {};

  if (!parseInt(state.activityTimeout, 10)) {
    state.activityTimeout = 2 * 60 * 1000;
  }
  if (!parseInt(state.pongTimeout, 10)) {
    state.pongTimeout = 10 * 1000;
  }
  state.Devices = Devices;

  // TODO Use a Single TCP Handler
  // Issues:
  //   * dynamic ports are dedicated to a device or cluster
  //   * servernames could come in on ports that belong to a different device
  //   * servernames could come in that belong to no device
  //   * this could lead to an attack / security vulnerability with ACME certificates
  // Solutions
  //   * Restrict dynamic ports to a particular device
  //   * Restrict the use of servernames

  function onWsConnection(_ws, _upgradeReq) {
    var srv = {};
    var initToken;
    srv.ws = _ws;
    srv.upgradeReq = _upgradeReq;
    // TODO use device's ECDSA thumbprint as device id
    srv.id  = null;
    srv.socketId = Packer.socketToId(srv.upgradeReq.socket);
    srv.grants = {};
    srv.clients = {};
    srv.domainsMap = {};
    srv.portsMap = {};
    srv.pausedConns = [];
    srv.domains = [];
    srv.ports = [];

    if (state.debug) { console.log('[ws] connection', srv.socketId); }

    initToken = Server.parseAuth(state, srv);

    srv.ws._socket.on('drain', function () {
      // the websocket library has it's own buffer apart from node's socket buffer, but that one
      // is much more difficult to watch, so we watch for the lower level buffer to drain and
      // then check to see if the upper level buffer is still too full to write to. Note that
      // the websocket library buffer has something to do with compression, so I'm not requiring
      // that to be 0 before we start up again.
      if (srv.ws.bufferedAmount > 128*1024) {
        return;
      }

      srv.pausedConns.forEach(function (conn) {
        if (!conn.manualPause) {
          // console.log('resuming', conn.tunnelCid, 'now that the web socket has caught up');
          conn.resume();
        }
      });
      srv.pausedConns.length = 0;
    });

    if (initToken) {
      return Server.addToken(state, srv, initToken).then(function () {
        Server.init(state, srv);
      }).catch(function (err) {
        Server.sendTunnelMsg(srv, null, [0, err], 'control');
        srv.ws.close();
      });
    } else {
      return Server.init(state, srv);
    }
  }

  return {
    tcp: require('./unwrap-tls').createTcpConnectionHandler(state)
  , ws: onWsConnection
  , isClientDomain: Devices.exist.bind(null, state.deviceLists)
  };
};
make auth async and extensible 2018-06-06 06:59:03 +00:00			`'use strict';`

			`var Packer = require('proxy-packer');`
merge new features 2018-08-21 02:58:04 +00:00			`var Packer = require('proxy-packer');`
			`var PromiseA;`
			`try {`
			`PromiseA = require('bluebird');`
			`} catch(e) {`
			`PromiseA = global.Promise;`
make auth async and extensible 2018-06-06 06:59:03 +00:00			`}`

			`var Devices = require('./device-tracker');`
merge new features 2018-08-21 02:58:04 +00:00			`var Server = require('./server.js');`
bugfix moving a few functions to the wrong place 2018-06-07 01:39:16 +00:00
major refactor (only briefly tested) 2018-06-19 23:43:28 +00:00			`module.exports.store = { Devices: Devices };`
			`module.exports.create = function (state) {`
treat devices more like devices and less like domains 2018-08-20 19:45:13 +00:00			`state.deviceLists = { _domains: {}, _devices: {} };`
major refactor (only briefly tested) 2018-06-19 23:43:28 +00:00			`state.deviceCallbacks = {};`
			`state.srvs = {};`
make auth async and extensible 2018-06-06 06:59:03 +00:00
major refactor (only briefly tested) 2018-06-19 23:43:28 +00:00			`if (!parseInt(state.activityTimeout, 10)) {`
			`state.activityTimeout = 2 * 60 * 1000;`
			`}`
			`if (!parseInt(state.pongTimeout, 10)) {`
			`state.pongTimeout = 10 * 1000;`
			`}`
			`state.Devices = Devices;`
make auth async and extensible 2018-06-06 06:59:03 +00:00
major refactor (only briefly tested) 2018-06-19 23:43:28 +00:00			`// TODO Use a Single TCP Handler`
			`// Issues:`
			`// * dynamic ports are dedicated to a device or cluster`
			`// * servernames could come in on ports that belong to a different device`
			`// * servernames could come in that belong to no device`
			`// * this could lead to an attack / security vulnerability with ACME certificates`
			`// Solutions`
			`// * Restrict dynamic ports to a particular device`
			`// * Restrict the use of servernames`
make auth async and extensible 2018-06-06 06:59:03 +00:00
major refactor (only briefly tested) 2018-06-19 23:43:28 +00:00			`function onWsConnection(_ws, _upgradeReq) {`
			`var srv = {};`
			`var initToken;`
			`srv.ws = _ws;`
			`srv.upgradeReq = _upgradeReq;`
treat devices more like devices and less like domains 2018-08-20 19:45:13 +00:00			`// TODO use device's ECDSA thumbprint as device id`
			`srv.id = null;`
major refactor (only briefly tested) 2018-06-19 23:43:28 +00:00			`srv.socketId = Packer.socketToId(srv.upgradeReq.socket);`
			`srv.grants = {};`
			`srv.clients = {};`
			`srv.domainsMap = {};`
			`srv.portsMap = {};`
			`srv.pausedConns = [];`
merge new features 2018-08-21 02:58:04 +00:00			`srv.domains = [];`
			`srv.ports = [];`
major refactor (only briefly tested) 2018-06-19 23:43:28 +00:00
			`if (state.debug) { console.log('[ws] connection', srv.socketId); }`

			`initToken = Server.parseAuth(state, srv);`

			`srv.ws._socket.on('drain', function () {`
			`// the websocket library has it's own buffer apart from node's socket buffer, but that one`
			`// is much more difficult to watch, so we watch for the lower level buffer to drain and`
			`// then check to see if the upper level buffer is still too full to write to. Note that`
			`// the websocket library buffer has something to do with compression, so I'm not requiring`
			`// that to be 0 before we start up again.`
			`if (srv.ws.bufferedAmount > 128*1024) {`
			`return;`
make auth async and extensible 2018-06-06 06:59:03 +00:00			`}`

major refactor (only briefly tested) 2018-06-19 23:43:28 +00:00			`srv.pausedConns.forEach(function (conn) {`
			`if (!conn.manualPause) {`
			`// console.log('resuming', conn.tunnelCid, 'now that the web socket has caught up');`
			`conn.resume();`
make auth async and extensible 2018-06-06 06:59:03 +00:00			`}`
major refactor (only briefly tested) 2018-06-19 23:43:28 +00:00			`});`
			`srv.pausedConns.length = 0;`
			`});`
make auth async and extensible 2018-06-06 06:59:03 +00:00
major refactor (only briefly tested) 2018-06-19 23:43:28 +00:00			`if (initToken) {`
			`return Server.addToken(state, srv, initToken).then(function () {`
			`Server.init(state, srv);`
			`}).catch(function (err) {`
			`Server.sendTunnelMsg(srv, null, [0, err], 'control');`
			`srv.ws.close();`
			`});`
			`} else {`
			`return Server.init(state, srv);`
make auth async and extensible 2018-06-06 06:59:03 +00:00			`}`
			`}`

			`return {`
major refactor (only briefly tested) 2018-06-19 23:43:28 +00:00			`tcp: require('./unwrap-tls').createTcpConnectionHandler(state)`
make auth async and extensible 2018-06-06 06:59:03 +00:00			`, ws: onWsConnection`
			`, isClientDomain: Devices.exist.bind(null, state.deviceLists)`
			`};`
			`};`