added audience to the tokens we generate
This commit is contained in:
parent
635523b155
commit
6ea903a3f1
|
@ -120,8 +120,8 @@ program
|
|||
})
|
||||
.option('-k --insecure', 'Allow TLS connections to stunneld without valid certs (rejectUnauthorized: false)')
|
||||
.option('--locals <LIST>', 'comma separated list of <proto>:<port> to which matching incoming http and https should forward (reverse proxy). Ex: https:8443,smtps:8465', collectProxies, [ ]) // --reverse-proxies
|
||||
.option('--domains <LIST>', 'comma separated list of domain names to set to the tunnel (to caputer a specific protocol to a specific local port use the format https:example.com:1337 instead). Ex: example.com,example.net', collectDomains, [ ])
|
||||
.option('--device [HOSTNAME]', 'Tunnel all domains associated with this device instead of specific domainnames. Use with --locals <proto>:*:<port>. Ex: macbook-pro.local (the output of `hostname`)')
|
||||
.option('--domains <LIST>', 'comma separated list of domain names to set to the tunnel (to capture a specific protocol to a specific local port use the format https:example.com:1337 instead). Ex: example.com,example.net', collectDomains, [ ])
|
||||
.option('--device [HOSTNAME]', 'Tunnel all domains associated with this device instead of specific domainnames. Use with --locals <proto>:<port>. Ex: macbook-pro.local (the output of `hostname`)')
|
||||
.option('--stunneld <URL>', 'the domain (or ip address) at which you are running stunneld.js (the proxy)') // --proxy
|
||||
.option('--secret <STRING>', 'the same secret used by stunneld (used for JWT authentication)')
|
||||
.option('--token <STRING>', 'a pre-generated token for use with stunneld (instead of generating one with --secret)')
|
||||
|
@ -181,21 +181,23 @@ function rawTunnel() {
|
|||
return;
|
||||
}
|
||||
|
||||
if (!program.token) {
|
||||
var jwt = require('jsonwebtoken');
|
||||
var tokenData = {
|
||||
domains: Object.keys(domainsMap).filter(Boolean)
|
||||
};
|
||||
|
||||
program.token = jwt.sign(tokenData, program.secret);
|
||||
}
|
||||
|
||||
var location = url.parse(program.stunneld);
|
||||
if (!location.protocol || /\./.test(location.protocol)) {
|
||||
program.stunneld = 'wss://' + program.stunneld;
|
||||
location = url.parse(program.stunneld);
|
||||
}
|
||||
program.stunneld = location.protocol + '//' + location.hostname + (location.port ? ':' + location.port : '');
|
||||
var aud = location.hostname + (location.port ? ':' + location.port : '');
|
||||
program.stunneld = location.protocol + '//' + aud;
|
||||
|
||||
if (!program.token) {
|
||||
var jwt = require('jsonwebtoken');
|
||||
var tokenData = {
|
||||
domains: Object.keys(domainsMap).filter(Boolean)
|
||||
, aud: aud
|
||||
};
|
||||
|
||||
program.token = jwt.sign(tokenData, program.secret);
|
||||
}
|
||||
|
||||
connectTunnel();
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue