2017-04-05 02:31:58 +00:00
'use strict' ;
var http = require ( 'http' ) ;
var tls = require ( 'tls' ) ;
2017-05-26 23:26:44 +00:00
var wrapSocket = require ( 'tunnel-packer' ) . wrapSocket ;
2017-04-05 07:01:43 +00:00
var redirectHttps = require ( 'redirect-https' ) ( ) ;
2017-04-05 02:31:58 +00:00
2018-05-24 19:19:50 +00:00
function noSniCallback ( tag ) {
return function _noSniCallback ( servername , cb ) {
var err = new Error ( "[noSniCallback] no handler set for '" + tag + "':'" + servername + "'" ) ;
console . error ( err . message ) ;
cb ( new Error ( err ) ) ;
}
}
2018-05-23 11:12:39 +00:00
module . exports . create = function ( state ) {
2017-04-05 08:13:03 +00:00
var tunnelAdminTlsOpts = { } ;
2018-05-23 11:12:39 +00:00
var setupSniCallback ;
var setupTlsOpts = {
SNICallback : function ( servername , cb ) {
if ( ! setupSniCallback ) {
console . error ( "No way to get https certificates..." ) ;
cb ( new Error ( "telebitd sni setup fail" ) ) ;
return ;
}
setupSniCallback ( servername , cb ) ;
}
} ;
2017-04-05 08:13:03 +00:00
2017-04-05 08:18:35 +00:00
// Probably a reverse proxy on an internal network (or ACME challenge)
function notFound ( req , res ) {
2017-04-05 02:31:58 +00:00
console . log ( 'req.socket.encrypted' , req . socket . encrypted ) ;
2017-04-05 08:13:03 +00:00
res . statusCode = 404 ;
res . end ( "File not found.\n" ) ;
2017-04-05 08:18:35 +00:00
}
2018-05-23 11:12:39 +00:00
state . httpServer = http . createServer (
state . greenlock && state . greenlock . middleware ( notFound )
2017-04-05 08:18:35 +00:00
|| notFound
) ;
2018-05-23 11:12:39 +00:00
state . handleHttp = function ( servername , socket ) {
2017-04-05 08:13:03 +00:00
console . log ( "handleHttp('" + servername + "', socket)" ) ;
socket . _ _my _servername = servername ;
2018-05-23 11:12:39 +00:00
state . httpServer . emit ( 'connection' , socket ) ;
2017-04-05 08:13:03 +00:00
} ;
2017-04-05 07:01:43 +00:00
2017-04-05 08:13:03 +00:00
// Probably something that needs to be redirected to https
2017-04-05 08:18:35 +00:00
function redirectHttpsAndClose ( req , res ) {
2017-04-05 07:01:43 +00:00
res . setHeader ( 'Connection' , 'close' ) ;
redirectHttps ( req , res ) ;
2017-04-05 08:18:35 +00:00
}
2018-05-23 11:12:39 +00:00
state . httpInsecureServer = http . createServer (
state . greenlock && state . greenlock . middleware ( redirectHttpsAndClose )
2017-04-05 08:18:35 +00:00
|| redirectHttpsAndClose
) ;
2018-05-23 11:12:39 +00:00
state . handleInsecureHttp = function ( servername , socket ) {
2017-04-05 08:13:03 +00:00
console . log ( "handleInsecureHttp('" + servername + "', socket)" ) ;
socket . _ _my _servername = servername ;
2018-05-23 11:12:39 +00:00
state . httpInsecureServer . emit ( 'connection' , socket ) ;
2017-04-05 08:13:03 +00:00
} ;
//
// SNI is not recogonized / cannot be handled
//
2018-05-23 11:12:39 +00:00
state . httpInvalidSniServer = http . createServer ( function ( req , res ) {
2017-10-04 23:28:38 +00:00
res . end ( "This is an old error message that shouldn't be actually be acessible anymore. If you get this please tell AJ so that he finds where it was still referenced and removes it" ) ;
2017-04-05 02:31:58 +00:00
} ) ;
2018-05-23 11:12:39 +00:00
state . tlsInvalidSniServer = tls . createServer ( state . tlsOptions , function ( tlsSocket ) {
2017-04-05 02:31:58 +00:00
console . log ( 'tls connection' ) ;
// things get a little messed up here
2018-05-23 11:12:39 +00:00
state . httpInvalidSniServer . emit ( 'connection' , tlsSocket ) ;
2017-04-05 02:31:58 +00:00
} ) ;
2018-05-24 19:19:50 +00:00
state . tlsInvalidSniServer . on ( 'tlsClientError' , function ( ) {
console . error ( 'tlsClientError InvalidSniServer' ) ;
} ) ;
2018-05-23 11:12:39 +00:00
state . httpsInvalid = function ( servername , socket ) {
2017-04-05 02:31:58 +00:00
// none of these methods work:
// httpsServer.emit('connection', socket); // this didn't work
// tlsServer.emit('connection', socket); // this didn't work either
//console.log('chunkLen', firstChunk.byteLength);
console . log ( 'httpsInvalid servername' , servername ) ;
2018-05-23 11:12:39 +00:00
//state.tlsInvalidSniServer.emit('connection', wrapSocket(socket));
var tlsInvalidSniServer = tls . createServer ( state . tlsOptions , function ( tlsSocket ) {
2017-10-04 23:28:38 +00:00
console . log ( 'tls connection' ) ;
// things get a little messed up here
var httpInvalidSniServer = http . createServer ( function ( req , res ) {
if ( ! servername ) {
res . statusCode = 422 ;
res . end (
"3. An inexplicable temporal shift of the quantum realm... that makes me feel uncomfortable.\n\n"
+ "[ERROR] No SNI header was sent. I can only think of two possible explanations for this:\n"
+ "\t1. You really love Windows XP and you just won't let go of Internet Explorer 6\n"
+ "\t2. You're writing a bot and you forgot to set the servername parameter\n"
) ;
return ;
}
res . end (
"You came in hot looking for '" + servername + "' and, granted, the IP address for that domain"
+ " must be pointing here (or else how could you be here?), nevertheless either it's not registered"
+ " in the internal system at all (which Seth says isn't even a thing) or there is no device"
+ " connected on the south side of the network which has informed me that it's ready to have traffic"
+ " for that domain forwarded to it (sorry I didn't check that deeply to determine which).\n\n"
+ "Either way, you're doing strange things that make me feel uncomfortable... Please don't touch me there any more." ) ;
} ) ;
httpInvalidSniServer . emit ( 'connection' , tlsSocket ) ;
} ) ;
2018-05-24 19:19:50 +00:00
tlsInvalidSniServer . on ( 'tlsClientError' , function ( ) {
console . error ( 'tlsClientError InvalidSniServer httpsInvalid' ) ;
} ) ;
2017-10-04 23:28:38 +00:00
tlsInvalidSniServer . emit ( 'connection' , wrapSocket ( socket ) ) ;
2017-04-05 02:31:58 +00:00
} ;
2017-04-05 08:13:03 +00:00
//
// To ADMIN / CONTROL PANEL of the Tunnel Server Itself
//
2018-05-23 11:12:39 +00:00
var serveAdmin = require ( 'serve-static' ) ( _ _dirname + '/admin' , { redirect : true } ) ;
var finalhandler = require ( 'finalhandler' ) ;
state . httpTunnelServer = http . createServer ( function ( req , res ) {
2017-04-05 08:13:03 +00:00
console . log ( 'req.socket.encrypted' , req . socket . encrypted ) ;
2018-05-23 11:12:39 +00:00
serveAdmin ( req , res , finalhandler ( req , res ) ) ;
2017-04-05 08:13:03 +00:00
} ) ;
2018-05-23 11:12:39 +00:00
Object . keys ( state . tlsOptions ) . forEach ( function ( key ) {
tunnelAdminTlsOpts [ key ] = state . tlsOptions [ key ] ;
2017-04-05 08:13:03 +00:00
} ) ;
2018-05-24 19:19:50 +00:00
if ( state . greenlock && state . greenlock . tlsOptions ) {
console . log ( 'greenlock tlsOptions for SNICallback' ) ;
tunnelAdminTlsOpts . SNICallback = function ( servername , cb ) {
console . log ( "time to handle '" + servername + "'" ) ;
state . greenlock . tlsOptions . SNICallback ( servername , cb ) ;
} ;
} else {
console . log ( 'custom or null tlsOptions for SNICallback' ) ;
tunnelAdminTlsOpts . SNICallback = tunnelAdminTlsOpts . SNICallback || noSniCallback ( 'admin' ) ;
}
2018-05-23 11:12:39 +00:00
state . tlsTunnelServer = tls . createServer ( tunnelAdminTlsOpts , function ( tlsSocket ) {
2018-05-24 19:19:50 +00:00
console . log ( '(Admin) tls connection' ) ;
2017-04-05 08:13:03 +00:00
// things get a little messed up here
2018-05-23 11:12:39 +00:00
( state . httpTunnelServer || state . httpServer ) . emit ( 'connection' , tlsSocket ) ;
2017-04-05 08:13:03 +00:00
} ) ;
2018-05-24 19:19:50 +00:00
state . tlsTunnelServer . on ( 'tlsClientError' , function ( ) {
console . error ( 'tlsClientError TunnelServer client error' ) ;
} ) ;
2018-05-23 11:12:39 +00:00
state . httpsTunnel = function ( servername , socket ) {
2017-04-05 02:31:58 +00:00
// none of these methods work:
// httpsServer.emit('connection', socket); // this didn't work
// tlsServer.emit('connection', socket); // this didn't work either
//console.log('chunkLen', firstChunk.byteLength);
2017-04-05 08:13:03 +00:00
console . log ( 'httpsTunnel (Admin) servername' , servername ) ;
2018-05-23 11:12:39 +00:00
state . tlsTunnelServer . emit ( 'connection' , wrapSocket ( socket ) ) ;
} ;
//
// First time setup
//
var serveSetup = require ( 'serve-static' ) ( _ _dirname + '/admin/setup' , { redirect : true } ) ;
var finalhandler = require ( 'finalhandler' ) ;
state . httpSetupServer = http . createServer ( function ( req , res ) {
console . log ( 'req.socket.encrypted' , req . socket . encrypted ) ;
if ( req . socket . encrypted ) {
serveSetup ( req , res , finalhandler ( req , res ) ) ;
return ;
}
console . log ( 'try greenlock middleware' ) ;
( state . greenlock && state . greenlock . middleware ( redirectHttpsAndClose )
|| redirectHttpsAndClose ) ( req , res , function ( ) {
console . log ( 'fallthrough to setup ui' ) ;
serveSetup ( req , res , finalhandler ( req , res ) ) ;
} ) ;
} ) ;
state . tlsSetupServer = tls . createServer ( setupTlsOpts , function ( tlsSocket ) {
console . log ( 'tls connection' ) ;
// things get a little messed up here
state . httpSetupServer . emit ( 'connection' , tlsSocket ) ;
} ) ;
2018-05-24 19:19:50 +00:00
state . tlsSetupServer . on ( 'tlsClientError' , function ( ) {
console . error ( 'tlsClientError SetupServer' ) ;
} ) ;
2018-05-23 11:12:39 +00:00
state . httpsSetupServer = function ( servername , socket ) {
2018-05-24 19:19:50 +00:00
console . log ( 'httpsTunnel (Setup) servername' , servername ) ;
2018-05-23 11:12:39 +00:00
state . _servernames = [ servername ] ;
state . config . agreeTos = true ; // TODO: BUG XXX BAD, make user accept
2018-05-24 19:19:50 +00:00
setupSniCallback = state . greenlock . tlsOptions . SNICallback || noSniCallback ( 'setup' ) ;
2018-05-23 11:12:39 +00:00
state . tlsSetupServer . emit ( 'connection' , wrapSocket ( socket ) ) ;
2017-04-05 02:31:58 +00:00
} ;
2018-05-24 19:19:50 +00:00
//
// vhost
//
state . httpVhost = http . createServer ( function ( req , res ) {
console . log ( 'httpVhost (local)' ) ;
console . log ( 'req.socket.encrypted' , req . socket . encrypted ) ;
var finalhandler = require ( 'finalhandler' ) ;
// TODO compare SNI to hostname?
var host = ( req . headers . host || '' ) . toLowerCase ( ) . trim ( ) ;
var serveSetup = require ( 'serve-static' ) ( state . config . vhost . replace ( /:hostname/g , host ) , { redirect : true } ) ;
if ( req . socket . encrypted ) { serveSetup ( req , res , finalhandler ( req , res ) ) ; return ; }
console . log ( 'try greenlock middleware for vhost' ) ;
( state . greenlock && state . greenlock . middleware ( redirectHttpsAndClose )
|| redirectHttpsAndClose ) ( req , res , function ( ) {
console . log ( 'fallthrough to vhost serving???' ) ;
serveSetup ( req , res , finalhandler ( req , res ) ) ;
} ) ;
} ) ;
state . tlsVhost = tls . createServer (
{ SNICallback : function ( servername , cb ) {
console . log ( 'tlsVhost debug SNICallback' , servername ) ;
tunnelAdminTlsOpts . SNICallback ( servername , cb ) ;
}
}
, function ( tlsSocket ) {
console . log ( 'tlsVhost (local)' ) ;
state . httpVhost . emit ( 'connection' , tlsSocket ) ;
}
) ;
state . tlsVhost . on ( 'tlsClientError' , function ( ) {
console . error ( 'tlsClientError Vhost' ) ;
} ) ;
state . httpsVhost = function ( servername , socket ) {
console . log ( 'httpsVhost (local)' , servername ) ;
state . tlsVhost . emit ( 'connection' , wrapSocket ( socket ) ) ;
} ;
2017-04-05 02:31:58 +00:00
} ;