added audience to the tokens we generate
This commit is contained in:
parent
635523b155
commit
6ea903a3f1
|
@ -120,8 +120,8 @@ program
|
||||||
})
|
})
|
||||||
.option('-k --insecure', 'Allow TLS connections to stunneld without valid certs (rejectUnauthorized: false)')
|
.option('-k --insecure', 'Allow TLS connections to stunneld without valid certs (rejectUnauthorized: false)')
|
||||||
.option('--locals <LIST>', 'comma separated list of <proto>:<port> to which matching incoming http and https should forward (reverse proxy). Ex: https:8443,smtps:8465', collectProxies, [ ]) // --reverse-proxies
|
.option('--locals <LIST>', 'comma separated list of <proto>:<port> to which matching incoming http and https should forward (reverse proxy). Ex: https:8443,smtps:8465', collectProxies, [ ]) // --reverse-proxies
|
||||||
.option('--domains <LIST>', 'comma separated list of domain names to set to the tunnel (to caputer a specific protocol to a specific local port use the format https:example.com:1337 instead). Ex: example.com,example.net', collectDomains, [ ])
|
.option('--domains <LIST>', 'comma separated list of domain names to set to the tunnel (to capture a specific protocol to a specific local port use the format https:example.com:1337 instead). Ex: example.com,example.net', collectDomains, [ ])
|
||||||
.option('--device [HOSTNAME]', 'Tunnel all domains associated with this device instead of specific domainnames. Use with --locals <proto>:*:<port>. Ex: macbook-pro.local (the output of `hostname`)')
|
.option('--device [HOSTNAME]', 'Tunnel all domains associated with this device instead of specific domainnames. Use with --locals <proto>:<port>. Ex: macbook-pro.local (the output of `hostname`)')
|
||||||
.option('--stunneld <URL>', 'the domain (or ip address) at which you are running stunneld.js (the proxy)') // --proxy
|
.option('--stunneld <URL>', 'the domain (or ip address) at which you are running stunneld.js (the proxy)') // --proxy
|
||||||
.option('--secret <STRING>', 'the same secret used by stunneld (used for JWT authentication)')
|
.option('--secret <STRING>', 'the same secret used by stunneld (used for JWT authentication)')
|
||||||
.option('--token <STRING>', 'a pre-generated token for use with stunneld (instead of generating one with --secret)')
|
.option('--token <STRING>', 'a pre-generated token for use with stunneld (instead of generating one with --secret)')
|
||||||
|
@ -181,21 +181,23 @@ function rawTunnel() {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!program.token) {
|
|
||||||
var jwt = require('jsonwebtoken');
|
|
||||||
var tokenData = {
|
|
||||||
domains: Object.keys(domainsMap).filter(Boolean)
|
|
||||||
};
|
|
||||||
|
|
||||||
program.token = jwt.sign(tokenData, program.secret);
|
|
||||||
}
|
|
||||||
|
|
||||||
var location = url.parse(program.stunneld);
|
var location = url.parse(program.stunneld);
|
||||||
if (!location.protocol || /\./.test(location.protocol)) {
|
if (!location.protocol || /\./.test(location.protocol)) {
|
||||||
program.stunneld = 'wss://' + program.stunneld;
|
program.stunneld = 'wss://' + program.stunneld;
|
||||||
location = url.parse(program.stunneld);
|
location = url.parse(program.stunneld);
|
||||||
}
|
}
|
||||||
program.stunneld = location.protocol + '//' + location.hostname + (location.port ? ':' + location.port : '');
|
var aud = location.hostname + (location.port ? ':' + location.port : '');
|
||||||
|
program.stunneld = location.protocol + '//' + aud;
|
||||||
|
|
||||||
|
if (!program.token) {
|
||||||
|
var jwt = require('jsonwebtoken');
|
||||||
|
var tokenData = {
|
||||||
|
domains: Object.keys(domainsMap).filter(Boolean)
|
||||||
|
, aud: aud
|
||||||
|
};
|
||||||
|
|
||||||
|
program.token = jwt.sign(tokenData, program.secret);
|
||||||
|
}
|
||||||
|
|
||||||
connectTunnel();
|
connectTunnel();
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue