coolaj86/telebit.js
1
2
Fork 1
Code Issues 46 Pull Requests 2 Releases Activity

Compare commits

base: coolaj86:stable
Branches Tags
coolaj86:stable
coolaj86:serviceman
coolaj86:master
coolaj86:params-parsing
coolaj86:next
coolaj86:wip
coolaj86:v0.19
coolaj86:readable
coolaj86:v0.10
coolaj86:v0.20.7
coolaj86:v0.20.6
coolaj86:v0.20.5
coolaj86:v0.19.28
coolaj86:v0.19.26
coolaj86:v0.19.25
coolaj86:v0.19.24
coolaj86:v0.19.23
coolaj86:v0.19.22
coolaj86:v0.19.21
coolaj86:v0.19.20
coolaj86:v0.19.18
coolaj86:v0.19.17
coolaj86:v0.19.16
coolaj86:v0.19.15
coolaj86:v0.19.14
coolaj86:v0.19.13
coolaj86:v0.19.12
coolaj86:v0.19.11
coolaj86:v0.19.10
coolaj86:v0.19.9
coolaj86:v0.19.8
coolaj86:v0.19.7
coolaj86:v0.19.6
coolaj86:v0.19.5
coolaj86:v0.19.4
coolaj86:v0.19.3
coolaj86:v0.19.2
coolaj86:v0.19.1
coolaj86:v0.19.0
coolaj86:v0.18.9
coolaj86:v0.18.8
coolaj86:v0.18.7
coolaj86:v0.18.6
coolaj86:v0.18.5
coolaj86:v0.18.4
coolaj86:v0.18.3
coolaj86:v0.18.2
coolaj86:v0.18.1
coolaj86:v0.17.0
coolaj86:v0.16.1
coolaj86:v0.16.0
coolaj86:v0.15.4
coolaj86:v0.15.3
coolaj86:v0.15.2
coolaj86:v0.15.1
coolaj86:v0.15.0
coolaj86:v0.13.3
coolaj86:v0.13.2
coolaj86:v0.13.1
coolaj86:v0.13.0
coolaj86:v0.12.0
coolaj86:v0.11.1
coolaj86:v0.11.0
coolaj86:v0.10.4
coolaj86:v0.10.3
coolaj86:v0.10.2
coolaj86:v0.10.1
coolaj86:v0.10.0
coolaj86:v0.9.9
coolaj86:v0.9.8
coolaj86:v0.9.7
coolaj86:v0.9.6
coolaj86:v0.9.5
coolaj86:v0.9.4
coolaj86:v0.9.3
coolaj86:v0.9.2
coolaj86:v0.9.1
coolaj86:v0.9.0
coolaj86:v0.8.1
coolaj86:v0.8.2
...
compare: coolaj86:v0.15.3
Branches Tags
coolaj86:serviceman
coolaj86:master
coolaj86:params-parsing
coolaj86:stable
coolaj86:next
coolaj86:wip
coolaj86:v0.19
coolaj86:readable
coolaj86:v0.10
coolaj86:v0.20.7
coolaj86:v0.20.6
coolaj86:v0.20.5
coolaj86:v0.19.28
coolaj86:v0.19.26
coolaj86:v0.19.25
coolaj86:v0.19.24
coolaj86:v0.19.23
coolaj86:v0.19.22
coolaj86:v0.19.21
coolaj86:v0.19.20
coolaj86:v0.19.18
coolaj86:v0.19.17
coolaj86:v0.19.16
coolaj86:v0.19.15
coolaj86:v0.19.14
coolaj86:v0.19.13
coolaj86:v0.19.12
coolaj86:v0.19.11
coolaj86:v0.19.10
coolaj86:v0.19.9
coolaj86:v0.19.8
coolaj86:v0.19.7
coolaj86:v0.19.6
coolaj86:v0.19.5
coolaj86:v0.19.4
coolaj86:v0.19.3
coolaj86:v0.19.2
coolaj86:v0.19.1
coolaj86:v0.19.0
coolaj86:v0.18.9
coolaj86:v0.18.8
coolaj86:v0.18.7
coolaj86:v0.18.6
coolaj86:v0.18.5
coolaj86:v0.18.4
coolaj86:v0.18.3
coolaj86:v0.18.2
coolaj86:v0.18.1
coolaj86:v0.17.0
coolaj86:v0.16.1
coolaj86:v0.16.0
coolaj86:v0.15.4
coolaj86:v0.15.3
coolaj86:v0.15.2
coolaj86:v0.15.1
coolaj86:v0.15.0
coolaj86:v0.13.3
coolaj86:v0.13.2
coolaj86:v0.13.1
coolaj86:v0.13.0
coolaj86:v0.12.0
coolaj86:v0.11.1
coolaj86:v0.11.0
coolaj86:v0.10.4
coolaj86:v0.10.3
coolaj86:v0.10.2
coolaj86:v0.10.1
coolaj86:v0.10.0
coolaj86:v0.9.9
coolaj86:v0.9.8
coolaj86:v0.9.7
coolaj86:v0.9.6
coolaj86:v0.9.5
coolaj86:v0.9.4
coolaj86:v0.9.3
coolaj86:v0.9.2
coolaj86:v0.9.1
coolaj86:v0.9.0
coolaj86:v0.8.1
coolaj86:v0.8.2

201 Commits
stable ... v0.15.3

Author SHA1 Message Date
AJ ONeal
9ab87be2d1 v0.15.3 2018-06-14 01:07:21 -06:00
AJ ONeal
236168b14c add telebitd as one of the bins 2018-06-14 01:04:03 -06:00
AJ ONeal
15aa2f0f0c v0.15.2 2018-06-13 14:48:42 -06:00
AJ ONeal
4f8a4fec8c add client-side otp 2018-06-13 14:48:29 -06:00
AJ ONeal
a9c7b62383 add client otp 2018-06-13 14:40:44 -06:00
AJ ONeal
fe566b6e3b v0.15.1 2018-06-13 14:12:40 -06:00
AJ ONeal
5120a4db91 add missing -servername to ssh over https docs 2018-06-13 14:12:23 -06:00
AJ ONeal
c77d6686ea telebit ssh 22 2018-06-13 13:58:02 -06:00
AJ ONeal
27d105d334 v0.15.0 2018-06-13 13:52:57 -06:00
AJ ONeal
42707f6137 print config 2018-06-13 13:52:02 -06:00
AJ ONeal
854002da30 use pathname not path, update token state 2018-06-13 13:38:59 -06:00
AJ ONeal
544831269f parse null/undefined correctly 2018-06-13 13:21:42 -06:00
AJ ONeal
f2e1ec1a7b parse true/false correctly 2018-06-13 13:20:08 -06:00
AJ ONeal
73a175a121 output and whitespace 2018-06-13 13:16:50 -06:00
AJ ONeal
6c1efd476d output and whitespace 2018-06-13 13:12:38 -06:00
AJ ONeal
81bdb44a7b typo bugfix 2018-06-13 13:04:11 -06:00
AJ ONeal
b825fe096c whitespace 2018-06-13 13:03:06 -06:00
AJ ONeal
2d7cc266a4 whitespace 2018-06-13 13:01:43 -06:00
AJ ONeal
1358a03aa3 whitespace 2018-06-13 12:59:44 -06:00
AJ ONeal
3ad76c0fe4 stop tar file output 2018-06-13 12:57:35 -06:00
AJ ONeal
1dcf66adb1 workaround for https://github.com/nodejs/node/issues/21319 2018-06-13 12:54:33 -06:00
AJ ONeal
55ee58290b bugfix 2018-06-13 12:39:42 -06:00
AJ ONeal
800644a59e bugfix 2018-06-13 12:34:45 -06:00
AJ ONeal
2569e9e0d2 bugfix 2018-06-13 12:16:09 -06:00
AJ ONeal
58f30f0a6c bugfix 2018-06-13 12:07:28 -06:00
AJ ONeal
591b452617 bugfix 2018-06-13 11:50:46 -06:00
AJ ONeal
2ebe80d4d1 remove output about symlink 2018-06-13 11:45:37 -06:00
AJ ONeal
e3c046374f bugfixes 2018-06-13 11:44:23 -06:00
AJ ONeal
c710288224 useTty when useTty is selected 2018-06-13 11:29:36 -06:00
AJ ONeal
16cdb25f92 useTty only when useTty is selected 2018-06-13 11:29:06 -06:00
AJ ONeal
d40e86cc56 update question asking, fix some config stuff 2018-06-13 11:18:54 -06:00
AJ ONeal
e57485f794 use /dev/tty for stdin when specified 2018-06-13 10:45:54 -06:00
AJ ONeal
7d8916f645 move most user config into node 2018-06-12 04:36:37 -06:00
AJ ONeal
a0f8b78cc2 fix bad if 2018-06-11 15:15:07 -06:00
AJ ONeal
32ec067c63 use correct config file 2018-06-11 15:09:20 -06:00
AJ ONeal
d8fee3d998 also symlink telebitd 2018-06-11 15:04:29 -06:00
AJ ONeal
ebc3d9aa33 update instructional output 2018-06-11 15:00:14 -06:00
AJ ONeal
fda4f14c79 use TELEBIT_VERSION 2018-06-11 14:55:02 -06:00
AJ ONeal
f8c8701edc separate remote from daemon 2018-06-11 14:52:01 -06:00
AJ ONeal
a0d7f8c816 telebitd for daemon, cleanup, TELEBIT_VERSION 2018-06-11 13:14:36 -06:00
AJ ONeal
ea8a017414 telebit remote, telebit daemon 2018-06-11 12:56:16 -06:00
AJ ONeal
1b0a4dc6b4 update windows instructions and error message 2018-06-09 15:52:15 -06:00
AJ ONeal
5c7e756dfe ssh and save now work 2018-06-09 14:00:47 -06:00
AJ ONeal
1c4280fe6f launch after setting config 2018-06-09 13:12:30 -06:00
AJ ONeal
fab26469a1 bug in v10.3, use v10.2 2018-06-09 12:57:00 -06:00
AJ ONeal
0ba9c7826e should restart on failure on mac 2018-06-09 11:26:30 -06:00
AJ ONeal
21d61c818e rearrange inputs 2018-06-09 08:23:54 -06:00
AJ ONeal
ade7e19085 ask questions last 2018-06-09 08:19:57 -06:00
AJ ONeal
3f743d8b46 use node v10.3 (10.4 has a bug) 2018-06-09 08:08:11 -06:00
AJ ONeal
4c5777c9de macOS doesn't have /opt 2018-06-09 08:05:45 -06:00
AJ ONeal
b404813d0f better output 2018-06-08 10:46:18 -06:00
AJ ONeal
30321ed4dd v0.13.3 2018-06-08 10:33:06 -06:00
AJ ONeal
2e3fb19e27 write certs to correct path 2018-06-08 10:32:18 -06:00
AJ ONeal
242e125307 v0.13.2 2018-06-08 10:26:38 -06:00
AJ ONeal
e0cae0a8fa restart on clean exit too 2018-06-08 10:25:48 -06:00
AJ ONeal
c8263881e0 fix bash bin by passing all args 2018-06-08 10:11:26 -06:00
AJ ONeal
a921f32867 how to activate an expired activation 2018-06-08 10:01:56 -06:00
AJ ONeal
1f2175b854 clarify 2018-06-08 09:58:44 -06:00
AJ ONeal
49b28f83b8 clarify some log output 2018-06-08 09:58:05 -06:00
AJ ONeal
c2e0593d46 v0.13.1 2018-06-08 03:02:20 -06:00
AJ ONeal
a2c69e6f2e document commands 2018-06-08 03:01:59 -06:00
AJ ONeal
a97e576ddb lucky v0.13.0 2018-06-08 02:52:08 -06:00
AJ ONeal
ef4be1c296 new stuff appears to work 2018-06-08 02:50:00 -06:00
AJ ONeal
2efbe331aa more command and control 2018-06-08 00:46:07 -06:00
AJ ONeal
8383b06ca0 allow 'remote' restart 2018-06-07 16:09:30 -06:00
AJ ONeal
c55bd982d6 Merge branch 'v1' 2018-06-07 10:50:42 -06:00
AJ ONeal
f39822875a update whitespace 2018-06-07 10:50:35 -06:00
AJ ONeal
d1aa1f2958 update installer 2018-06-07 10:43:05 -06:00
AJ ONeal
d715d5a9d9 v0.12.0 2018-06-07 01:43:21 -06:00
AJ ONeal
774e8a26da notify user to check email 2018-06-07 01:42:10 -06:00
AJ ONeal
388e2f7a58 update access token 2018-06-07 01:27:56 -06:00
AJ ONeal
536afb2ad5 show name of command which times out 2018-06-07 00:45:42 -06:00
AJ ONeal
274c527768 www.telebit.cloud => telebit.cloud 2018-06-07 00:11:06 -06:00
AJ ONeal
553c385e34 move intentional user messages and client data to CLI/UI 2018-06-07 00:08:26 -06:00
AJ ONeal
3a8f5fee4e add User Agent info 2018-06-06 03:24:14 -06:00
AJ ONeal
021a44d47a old auth works again 2018-06-06 01:01:56 -06:00
AJ ONeal
b9779715f8 send auth info 2018-06-05 02:21:12 -06:00
AJ ONeal
7ec69f8d05 a little cleanup 2018-06-05 02:04:32 -06:00
AJ ONeal
0c705061a2 note log checking 2018-06-05 01:27:36 -06:00
AJ ONeal
82fb0ee8ac read relay prompt variable correctly 2018-06-05 01:22:10 -06:00
AJ ONeal
ac36474b9b properly use mktemp 2018-06-05 01:13:38 -06:00
AJ ONeal
b9065540db update uninstaller 2018-06-05 01:07:32 -06:00
AJ ONeal
a0c32662a0 use nano as fallback editor 2018-06-05 01:02:43 -06:00
AJ ONeal
36f73c1051 use only editor basename, not full path 2018-06-05 01:01:31 -06:00
AJ ONeal
e831774c34 fix bad comment 2018-06-05 00:55:59 -06:00
AJ ONeal
6198223b46 add uninstall script 2018-06-05 00:53:20 -06:00
AJ ONeal
4ec1f3b30a fix sudo_cmd whitespace, editor detection, other things... 2018-06-05 00:46:06 -06:00
AJ ONeal
570c64f104 fix conditional 2018-06-05 00:09:24 -06:00
AJ ONeal
ffc045ab43 update uninstall instruction 2018-06-05 00:05:48 -06:00
AJ ONeal
99d1e7cb3d add uninstall instructions 2018-06-05 00:04:05 -06:00
AJ ONeal
a43934a405 update docs 2018-06-04 23:50:02 -06:00
AJ ONeal
e96a52212f read prompt from /dev/tty 2018-06-04 23:23:59 -06:00
AJ ONeal
9d920bc6f9 swap sudo with $sudo_cmd 2018-06-04 23:02:50 -06:00
AJ ONeal
0af3e60b63 used TELEBIT_PATH/usr/share, replace 'vim' with 'edit', change sudo_cmd 2018-06-04 23:00:28 -06:00
AJ ONeal
082866f300 Update 'README.md' 2018-06-05 04:50:39 +00:00
AJ ONeal
b0444ec575 v0.11.0 2018-06-04 18:33:47 -06:00
AJ ONeal
08348fae0c update cli options 2018-06-04 18:33:24 -06:00
AJ ONeal
6d85f12409 update docs a little bit 2018-06-04 18:32:18 -06:00
AJ ONeal
f2f772a645 fix example config 2018-06-04 18:29:36 -06:00
AJ ONeal
5e9a852375 change default branch 2018-06-04 18:25:35 -06:00
AJ ONeal
9736dfe92b update config examples 2018-06-04 18:23:33 -06:00
AJ ONeal
da78847d91 show /opt, not /etc 2018-06-05 00:16:15 +00:00
AJ ONeal
e361c48353 whitespace fix 2018-06-05 00:14:49 +00:00
AJ ONeal
582fde8691 update symlink to system config 2018-06-05 00:13:03 +00:00
AJ ONeal
e21e7265e7 fix agreeTos config typo 2018-06-04 23:53:26 +00:00
AJ ONeal
a5a78400bf agree_tos is dependent on email 2018-06-04 23:52:22 +00:00
AJ ONeal
d931896a73 add agree_tos 2018-06-04 23:50:34 +00:00
AJ ONeal
05d317e443 fix echo newline expansion 2018-06-04 23:48:17 +00:00
AJ ONeal
0708357b86 add missing 'relay' config 2018-06-04 23:43:11 +00:00
AJ ONeal
7e7f419eb8 use default relay 2018-06-02 04:05:12 -06:00
AJ ONeal
aca4342dd1 fix config bug 2018-06-02 04:00:08 -06:00
AJ ONeal
cbfbc71edf seems to work with launchd 2018-06-02 03:57:38 -06:00
AJ ONeal
682f35f5a0 got further 2018-06-02 03:31:31 -06:00
AJ ONeal
a8b8e34c60 fixes 2018-06-02 03:30:13 -06:00
AJ ONeal
09d6aa6df3 rename installer 2018-06-02 03:05:17 -06:00
AJ ONeal
6748e81d5c fix remote require path 2018-06-02 02:59:53 -06:00
AJ ONeal
c01fbe0b63 lots up cleanup 2018-06-02 02:58:42 -06:00
AJ ONeal
0097735152 a place for apps 2018-06-02 02:28:58 -06:00
AJ ONeal
b453281a6b explain installer, update system services 2018-06-02 02:25:41 -06:00
AJ ONeal
986dc1c17f update installer 2018-06-01 13:14:59 -06:00
AJ ONeal
a5d3576ab6 echo tcp 2018-06-01 03:50:27 -06:00
AJ ONeal
65b77f994a update grant message 2018-06-01 03:34:55 -06:00
AJ ONeal
182c4d8888 update grant message 2018-06-01 03:13:04 -06:00
AJ ONeal
33063d3efe put ssh detection on full auto 2018-06-01 02:45:38 -06:00
AJ ONeal
e85bd78905 ssh detection works 2018-06-01 02:10:27 -06:00
AJ ONeal
9239153681 ws 2018-06-01 01:36:49 -06:00
AJ ONeal
3a6df4db63 small refactor 2018-06-01 01:36:29 -06:00
AJ ONeal
7a08220838 cleanup 2018-05-31 14:48:12 -06:00
AJ ONeal
ef751e5b32 keep address, localPort (service), and encrypted 2018-05-31 05:24:58 -06:00
AJ ONeal
30d1ce89fe working cleanup 2018-05-31 04:10:47 -06:00
AJ ONeal
de1bea7b60 update systemd configs 2018-05-31 02:38:01 -06:00
AJ ONeal
3cd10fda0c refactor and upgrade to proxy-packer 2018-05-31 00:19:53 -06:00
AJ ONeal
37591d11c6 handle connection within telebit 2018-05-29 03:00:25 -06:00
AJ ONeal
6f343a875d accept given token or secret-generated token 2018-05-29 01:45:47 -06:00
AJ ONeal
a816e327e5 warn when no tokens given 2018-05-29 01:44:50 -06:00
AJ ONeal
945f77449d getting closer... 2018-05-27 05:02:19 -06:00
AJ ONeal
157983018b fix whitespace 2018-05-27 04:38:29 -06:00
AJ ONeal
f7685f8b6a rename lib file 2018-05-27 04:32:00 -06:00
AJ ONeal
e8c580d115 progress towards telebit 2018-05-27 04:26:34 -06:00
AJ ONeal
ca2e825fe7 merge 2018-05-27 01:59:43 -06:00
AJ ONeal
3b2e1771df moving to telebit 2018-05-27 01:58:37 -06:00
AJ ONeal
eeb6299268 Update 'README.md' 2018-05-15 07:50:37 +00:00
AJ ONeal
333b06c33f Update 'README.md' 2018-05-15 07:42:43 +00:00
AJ ONeal
26bfdd06a1 bump 2018-04-25 13:33:35 -06:00
AJ ONeal
b58cb25077 remove bad locked versions 2018-04-25 13:32:57 -06:00
AJ ONeal
f95ca1bdc0 update links 2018-04-24 01:54:39 +00:00
AJ ONeal
4b0172a456 update links 2018-04-24 01:54:21 +00:00
AJ ONeal
3f77cb16b3 update README.md 2018-02-14 23:27:15 -07:00
AJ ONeal
ef9fc9d46d update 2018-02-14 23:25:15 -07:00
AJ ONeal
dc11cbbd63 update urls 2017-11-10 16:43:06 -07:00
tigerbot
c433c6ccaf v0.10.3 2017-10-03 11:48:02 -06:00
tigerbot
2a7121f79f fixed issue with hanging promise on first appended token 2017-10-02 18:29:00 -06:00
tigerbot
dcdd4f8142 v0.10.2 2017-09-11 15:59:28 -06:00
tigerbot
f94df07219 improved throttle of connections based on websocket speed 2017-09-11 15:35:03 -06:00
tigerbot
ccaf1a517f improved some of the logs for pausing/resuming 2017-09-11 14:52:49 -06:00
tigerbot
e9c24efd5f implemented throttling when we buffer too much data 2017-09-08 10:54:47 -06:00
tigerbot
bbc3ffaf6d v0.10.1 2017-06-15 14:50:02 -06:00
tigerbot
7a00be681c fixed problem with burst appending tokens on start 2017-06-15 14:49:50 -06:00
tigerbot
6b57f6fae8 v0.10.0 2017-06-06 17:33:15 -06:00
tigerbot
2831d09a4d Merge branch 'side-channel' 2017-06-06 17:32:51 -06:00
tigerbot
a95f6ecead use .destroy if .end fails to close connection 2017-06-05 11:28:53 -06:00
tigerbot
e3fbd768a2 added support for wildcard domains 2017-06-05 11:20:58 -06:00
tigerbot
6ea903a3f1 added audience to the tokens we generate 2017-06-05 11:20:15 -06:00
tigerbot
635523b155 allow client to be created with no initial tokens 2017-05-25 13:46:09 -06:00
tigerbot
00fbd2c27f handled case where append is called with closed websocket 2017-04-28 15:28:21 -06:00
tigerbot
6901a4ef2d added handling for 'hello' from the server 2017-04-28 15:02:44 -06:00
tigerbot
425cf4bc24 changed adding tokens to work on reconnect 2017-04-28 10:57:48 -06:00
AJ ONeal
4f9ea342f5 use stream-pair, which actually does what we want 2017-04-28 03:03:07 +00:00
AJ ONeal
04f10090ea clarify myDuplex => reader, myDuplex2 => writer 2017-04-28 02:47:41 +00:00
tigerbot
dbf8832aa9 added ability to add/clear tokens on active websocket 2017-04-27 19:29:16 -06:00
tigerbot
160c591d7f v0.9.9 2017-04-27 18:39:18 -06:00
tigerbot
d8bf926123 gave more power to custom createConnection functions 2017-04-27 18:38:01 -06:00
tigerbot
5a3fe4468a suppressing log when trying to send on closing websocket 2017-04-26 17:37:52 -06:00
tigerbot
7a9d06e67b v0.9.8 2017-04-14 18:28:59 -06:00
tigerbot
43ea38523b exposed .end method on the wsclient 2017-04-14 16:27:25 -06:00
tigerbot
53185c1760 v0.9.7 2017-04-10 11:40:12 -06:00
tigerbot
913f36043a implemented timeout over websocket connection 2017-04-10 11:39:27 -06:00
tigerbot
76495e674d cleaned up the exit handling 2017-04-07 18:49:52 -06:00
tigerbot
35d5f0c568 changed expected behavior when closing connections 2017-04-07 18:01:47 -06:00
tigerbot
cbdff3e55b rearranged some of the handler functions 2017-04-07 17:38:55 -06:00
AJ ONeal
61a8d29c5e install via git 2017-04-05 16:36:01 -06:00
AJ ONeal
1784a13346 take out the trash 2017-04-05 16:33:00 -06:00
tigerbot
9eabc956dd v0.9.6 2017-04-03 15:15:30 -06:00
tigerbot
646cfedabe changed method for mapping services to local ports 2017-04-03 15:11:59 -06:00
AJ ONeal
ec245dff63 v0.9.5 2017-03-29 19:29:41 -06:00
AJ ONeal
1cbb594ef6 fix deps and commandline opts 2017-03-29 19:29:37 -06:00
AJ ONeal
a8d1448c08 v0.9.4 2017-03-29 17:58:41 -06:00
AJ ONeal
dcb150daa6 Merge branch 'v1' 2017-03-29 17:54:56 -06:00
AJ ONeal
c32c0bad05 v0.9.3 2017-03-29 17:54:52 -06:00
AJ ONeal
a09a3835ae Merge branch 'v1' 2017-03-29 13:36:38 -06:00
AJ ONeal
519911fa23 v0.9.2 2017-03-29 13:36:33 -06:00
AJ ONeal
993f04a824 fix deps typo 2017-03-29 13:36:29 -06:00
AJ ONeal
7f754688cc Merge branch 'v1' 2017-03-29 13:26:26 -06:00
AJ ONeal
c00e3085e3 v0.9.1 2017-03-29 13:26:20 -06:00
AJ ONeal
5719237a0c v0.9.1 2017-03-29 13:24:09 -06:00
AJ ONeal
97f731ebb8 allow undefined domains option 2017-03-29 13:19:52 -06:00
AJ ONeal
c9d83437e1 v0.9.0 2017-03-29 12:29:34 -06:00
AJ ONeal
65f090315b add domains option 2017-03-29 12:29:23 -06:00
AJ ONeal
5ee3a45cf8 v0.8.2 2017-03-28 15:37:40 -06:00
AJ ONeal
5ade07e224 get domains by device 2017-03-28 15:31:45 -06:00
AJ ONeal
4eb6a42bb8 add simple tunnel usage 2017-03-26 01:37:26 -06:00
28 changed files with 3471 additions and 781 deletions
Show Stats Expand all files Collapse all files

204
LICENSE
View File

@ -1,192 +1,32 @@
Apache License Copyright 2016 AJ ONeal
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION This is open source software; you can redistribute it and/or modify it under the
terms of either:
1. Definitions. a) the "MIT License"
b) the "Apache-2.0 License"
"License" shall mean the terms and conditions for use, reproduction, MIT License
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by Permission is hereby granted, free of charge, to any person obtaining a copy
the copyright owner that is granting the License. of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
"Legal Entity" shall mean the union of the acting entity and all The above copyright notice and this permission notice shall be included in all
other entities that control, are controlled by, or are under common copies or substantial portions of the Software.
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
exercising permissions granted by this License. IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
"Source" form shall mean the preferred form for making modifications, Apache-2.0 License Summary
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License. you may not use this file except in compliance with the License.

529
README.md
View File

@ -1,84 +1,371 @@
<!-- BANNER_TPL_BEGIN --> # Telebit&trade; Remote
About Daplie: We're taking back the Internet! Because friends don't let friends localhost&trade;
--------------
Down with Google, Apple, and Facebook! | Sponsored by [ppl](https://ppl.family)
| **Telebit Remote**
| [Telebit Relay](https://git.coolaj86.com/coolaj86/telebit-relay.js)
|
We're re-decentralizing the web and making it read-write again - one home cloud system at a time. Break out of localhost.
=======
Tired of serving the Empire? Come join the Rebel Alliance: If you need to get bits from here to there, Telebit gets the job done.
<a href="mailto:jobs@daplie.com">jobs@daplie.com</a> | [Invest in Daplie on Wefunder](https://daplie.com/invest/) | [Pre-order Cloud](https://daplie.com/preorder/), The World's First Home Server for Everyone Install Telebit Remote on any device - your laptop, raspberry pi, whatever -
and now you can access that device from anywhere, even securely in a web browser.
<!-- BANNER_TPL_END --> How does it work?
It's a net server that uses a relay to allow multiplexed incoming connections
on any external port.
# stunnel.js Features
--------
A client that works in combination with [stunneld.js](https://github.com/Daplie/node-tunnel-server) * [x] Show your mom the web app you're working on
to allow you to serve http and https from any computer, anywhere through a secure tunnel. * [x] Access your Raspberry Pi from behind a firewall
* [x] Watch Netflix without region restrictions while traveling
* [x] SSH over HTTPS on networks with restricted ports or protocols
* [x] Access your wife's laptop while she's on a flight
Examples
========
As a user service
```bash
telebitd --config ~/.config/telebit/telebitd.yml &
```
As a system service
```bash
sudo telebitd --config ~/.config/telebit/telebitd.yml
```
Example output:
```
Connect to your device by any of the following means:
SSH+HTTPS
ssh+https://lucky-duck-37.telebit.cloud:443
ex: ssh -o ProxyCommand='openssl s_client -connect %h:%p -servername %h -quiet' lucky-duck-37.telebit.cloud -p 443
SSH
ssh://ssh.telebit.cloud:32852
ex: ssh ssh.telebit.cloud -p 32852
TCP
tcp://tcp.telebit.cloud:32852
ex: netcat tcp.telebit.cloud 32852
HTTPS
https://lucky-duck-37.telebit.cloud
ex: curl https://lucky-duck-37.telebit.cloud
```
```bash
# Forward all https traffic to port 3000
telebit http 3000
# Forward all tcp traffic to port 5050
telebit tcp 5050
# List all rules
telebit list
```
Install
=======
Mac & Linux
-----------
Open Terminal and run this install script:
```
curl -fsSL https://get.telebit.cloud | bash
```
<!--
```
bash <( curl -fsSL https://get.telebit.cloud )
```
<small>
Note: **fish**, **zsh**, and other **non-bash** users should do this
```
curl -fsSL https://get.telebit.cloud/ > get.sh; bash get.sh
```
</small>
-->
What does the installer do?
* install Telebit Remote to `/opt/telebit`
* symlink the executables to `/usr/local/bin` for convenience
* `/usr/local/bin/telebitd => /opt/telebit/bin/telebitd`
* `/usr/local/bin/telebit => /opt/telebit/bin/telebit`
* create the appropriate system launcher file
* `/etc/systemd/system/telebit.service`
* `/Library/LaunchDaemons/cloud.telebit.remote.plist`
* create local user config
* `~/.config/telebit/telebit.yml`
* `~/.local/share/telebit`
Of course, feel free to inspect it before you run it: `curl -fsSL https://get.telebit.cloud`
**You can customize the installation**:
```bash
export NODEJS_VER=v10.2
export TELEBIT_PATH=/opt/telebit
export TELEBIT_VERSION=v1 # git tag or branch to install from
curl -fsSL https://get.telebit.cloud/
```
That will change the bundled version of node.js is bundled with Telebit Relay
and the path to which Telebit Relay installs.
You can get rid of the tos + email and server domain name prompts by providing them right away:
```bash
curl -fsSL https://get.telebit.cloud/ | bash -- jon@example.com example.com telebit.example.com xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
```
Windows & Node.js
-----------------
1. Install [node.js](https://nodejs.org)
2. Open _Node.js_
2. Run the command `npm install -g telebit`
2. Copy the example daemon conifg to your user folder `.config/telebit/telebitd.yml` (such as `/Users/John/.config/telebit/telebitd.yml`)
2. Copy the example remote conifg to your user folder `.config/telebit/telebit.yml` (such as `/Users/John/.config/telebit/telebit.yml`)
2. Change the email address
2. Run `telebitd`
2. Run `telebit list`
**Note**: Use node.js v8.x or v10.x
There is [a bug](https://github.com/nodejs/node/issues/20241) in node v9.x that causes telebit to crash.
Remote Usage
============
```
# commands
telebit <command>
# domain and port control
telebit <service> <handler> [servername] [options ...]
```
Examples:
```
telebit status # whether enabled or disabled
telebit enable # disallow incoming connections
telebit disable # allow incoming connections
telebit restart # kill daemon and allow system launcher to restart it
telebit list # list rules for servernames and ports
################
# HTTP #
################
telebit http <handler> [servername] [opts]
telebit http none # remove all https handlers
telebit http 3000 # forward all https traffic to port 3000
telebit http /module/path # load a node module to handle all https traffic
telebit http none example.com # remove https handler from example.com
telebit http 3001 example.com # forward https traffic for example.com to port 3001
telebit http /module/path example.com # forward https traffic for example.com to port 3001
################
# TCP #
################
telebit tcp <handler> [servername] [opts]
telebit tcp none # remove all tcp handlers
telebit tcp 5050 # forward all tcp to port 5050
telebit tcp /module/path # handle all tcp with a node module
telebit tcp none 6565 # remove tcp handler from external port 6565
telebit tcp 5050 6565 # forward external port 6565 to local 5050
telebit tcp /module/path 6565 # handle external port 6565 with a node module
telebit ssh disable # disable ssh access
telebit ssh 22 # port-forward all ssh connections to port 22
telebit save # save http and tcp configuration changes
```
### Using SSH
SSH over HTTPS
```
ssh -o ProxyCommand='openssl s_client -connect %h:443 -servername %h -quiet' lucky-duck-42.telebit.cloud
```
SSH over non-standard port
```
ssh lucky-duck-42.telebit.cloud -p 3031
```
Daemon Usage
============
```bash
telebitd --config /opt/telebit/etc/telebitd.yml
```
Options
`/opt/telebit/etc/telebitd.yml:`
```
email: 'jon@example.com' # must be valid (for certificate recovery and security alerts)
agree_tos: true # agree to the Telebit, Greenlock, and Let's Encrypt TOSes
relay: wss://telebit.cloud # a Telebit Relay instance
community_member: true # receive infrequent relevant but non-critical updates
telemetry: true # contribute to project telemetric data
secret: '' # Secret with which to sign Tokens for authorization
#token: '' # A signed Token for authorization
ssh_auto: 22 # forward ssh-looking packets, from any connection, to port 22
servernames: # servernames that will be forwarded here
example.com: {}
```
Choosing A Relay
================
You can create a free or paid account at https://telebit.cloud
or you can run [Telebit Relay](https://git.coolaj86.com/coolaj86/telebitd.js)
open source on a VPS (Vultr, Digital Ocean)
or your Raspberry Pi at home (with port-forwarding).
Only connect to Telebit Relays that you trust.
<!--
## Important Defaults
The default behaviors work great for newbies,
but can be confusing or annoying to experienced networking veterans.
See the **Advanced Configuration** section below for more details.
```
redirect:
example.com/foo: /bar
'*': whatever.com/
vhost: # securely serve local sites from this path (or false)
example.com: /srv/example.com # (uses template string, i.e. /var/www/:hostname/public)
'*': /srv/www/:hostname
reverse_proxy: /srv/
example.com: 3000
'*': 3000
terminate_tls:
'example.com': 3000
'*': 3000
tls:
'example.com': 8443
'*': 8443
port_forward:
2020: 2020
'*': 4040
greenlock:
store: le-store-certbot # certificate storage plugin
config_dir: /etc/acme # directory for ssl certificates
```
Using Telebit with node.js
--------------------------
Telebit has two parts:
* the local server
* the relay service
This repository is for the local server, which you run on the computer or device that you would like to access.
This is the portion that runs on your computer
You will need both Telebit (this, telebit.js) and a Telebit Relay
(such as [telebitd.js](https://git.coolaj86.com/coolaj86/telebitd.js)).
You can **integrate telebit.js into your existing codebase** or use the **standalone CLI**.
* CLI * CLI
* Library * Node.js Library
* Browser Library
CLI Telebit CLI
=== -----------
Installs as `stunnel.js` with the alias `jstunnel` Installs Telebit Remote as `telebit`
(for those that regularly use `stunnel` but still like commandline completion). (for those that regularly use `telebit` but still like commandline completion).
### Install ### Install
```bash ```bash
npm install -g stunnel npm install -g telebit
```
### Advanced Usage
How to use `stunnel.js` with your own instance of `stunneld.js`:
```bash
stunnel.js --locals john.example.com --stunneld wss://tunnel.example.com:443 --secret abc123
``` ```
```bash ```bash
stunnel.js \ npm install -g 'https://git.coolaj86.com/coolaj86/telebit.js.git#v1'
```
Or if you want to bow down to the kings of the centralized dictator-net:
How to use Telebit Remote with your own instance of Telebit Relay:
```bash
telebit \
--locals <<external domain name>> \
--relay wss://<<tunnel domain>>:<<tunnel port>> \
--secret <<128-bit hex key>>
```
```bash
telebit --locals john.example.com --relay wss://tunnel.example.com:443 --secret abc123
```
```bash
telebit \
--locals <<protocol>>:<<external domain name>>:<<local port>> \
--relay wss://<<tunnel domain>>:<<tunnel port>> \
--secret <<128-bit hex key>>
```
```bash
telebit \
--locals http:john.example.com:3000,https:john.example.com \ --locals http:john.example.com:3000,https:john.example.com \
--stunneld wss://tunnel.example.com:443 \ --relay wss://tunnel.example.com:443 \
--secret abc123 --secret abc123
``` ```
``` ```
--secret the same secret used by stunneld (used for authentication) --secret the same secret used by the Telebit Relay (for authentication)
--locals comma separated list of <proto>:<servername>:<port> to which --locals comma separated list of <proto>:<servername>:<port> to which
incoming http and https should be forwarded incoming http and https should be forwarded
--stunneld the domain or ip address at which you are running stunneld.js --relay the domain or ip address at which you are running Telebit Relay
-k, --insecure ignore invalid ssl certificates from stunneld -k, --insecure ignore invalid ssl certificates from relay
``` ```
### Usage Node.js Library
**NOT YET IMPLEMENTED**
Daplie's tunneling service is not yet publicly available.
**Terms of Service**: The Software and Services shall be used for Good, not Evil.
Examples of good: education, business, pleasure. Examples of evil: crime, abuse, extortion.
```bash
stunnel.js --agree-tos --email john@example.com --locals http:john.example.com:4080,https:john.example.com:8443
```
Library
======= =======
### Example ### Example
```javascript ```javascript
var stunnel = require('stunnel'); var Telebit = require('telebit');
stunnel.connect({ Telebit.connect({
stunneld: 'wss://tunnel.example.com' relay: 'wss://tunnel.example.com'
, token: '...' , token: '...'
, locals: [ , locals: [
// defaults to sending http to local port 80 and https to local port 443 // defaults to sending http to local port 80 and https to local port 443
@ -118,52 +405,140 @@ local handler and the tunnel handler.
You could do a little magic like this: You could do a little magic like this:
```js ```js
var Dup = { Telebit.connect({
write: function (chunk, encoding, cb) {
this.__my_socket.write(chunk, encoding);
cb();
}
, read: function (size) {
var x = this.__my_socket.read(size);
if (x) { this.push(x); }
}
};
stunnel.connect({
// ... // ...
, net: { , net: {
createConnection: function (info, cb) { createConnection: function (info, cb) {
// data is the hello packet / first chunk // data is the hello packet / first chunk
// info = { data, servername, port, host, remoteAddress: { family, address, port } } // info = { data, servername, port, host, remoteAddress: { family, address, port } }
var myDuplex = new (require('stream').Duplex)(); var streamPair = require('stream-pair');
var myDuplex2 = new (require('stream').Duplex)();
// here "reader" means the socket that looks like the connection being accepted
var writer = streamPair.create();
// here "writer" means the remote-looking part of the socket that driving the connection
var reader = writer.other;
// duplex = { write, push, end, events: [ 'readable', 'data', 'error', 'end' ] }; // duplex = { write, push, end, events: [ 'readable', 'data', 'error', 'end' ] };
myDuplex2.__my_socket = myDuplex; reader.remoteFamily = info.remoteFamily;
myDuplex2._write = Dup.write; reader.remoteAddress = info.remoteAddress;
myDuplex2._read = Dup.read; reader.remotePort = info.remotePort;
myDuplex.__my_socket = myDuplex2;
myDuplex._write = Dup.write;
myDuplex._read = Dup.read;
myDuplex.remoteFamily = info.remoteFamily;
myDuplex.remoteAddress = info.remoteAddress;
myDuplex.remotePort = info.remotePort;
// socket.local{Family,Address,Port} // socket.local{Family,Address,Port}
myDuplex.localFamily = 'IPv4'; reader.localFamily = 'IPv4';
myDuplex.localAddress = '127.0.01'; reader.localAddress = '127.0.01';
myDuplex.localPort = info.port; reader.localPort = info.port;
httpsServer.emit('connection', myDuplex); httpsServer.emit('connection', reader);
if (cb) { if (cb) {
process.nextTick(cb); process.nextTick(cb);
} }
return myDuplex2; return writer;
} }
}); });
``` ```
Advanced Configuration
======================
There is no configuration for these yet,
but we believe it is important to add them.
### http to https
By default http connections are redirected to https.
If for some reason you need raw access to unencrypted http
you'll need to set it manually.
Proposed configuration:
```
insecure_http:
proxy: true # add X-Forward-* headers
port: 3000 # connect to port 3000
hostnames: # only these hostnames will be left insecure
- example.com
```
**Note**: In the future unencrypted connections will only be allowed
on self-hosted and paid-hosted Telebit Relays. We don't want the
legal liability of transmitting your data in the clear, thanks. :p
### TLS Termination (Secure SSL decryption)
Telebit is designed for end-to-end security.
For convenience the Telebit Remote client uses Greenlock to handle all
HTTPS connections and then connect to a local webserver with the correct proxy headers.
However, if you want to handle the encrypted connection directly, you can:
Proposed Configuration:
```
tls:
example.com: 3000 # specific servername
'*': 3000 # all servernames
'!': 3000 # missing servername
```
TODO
====
Install for user
* https://wiki.archlinux.org/index.php/Systemd/User
* https://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html
* `sudo launchctl load -w ~/Library/LaunchAgents/cloud.telebit.remote`
* https://serverfault.com/questions/194832/how-to-start-stop-restart-launchd-services-from-the-command-line
-->
Check Logs
==========
**Linux**:
```
sudo journalctl -xefu telebit
```
**macOS**:
```
sudo tail -f /opt/telebit/var/log/info.log
```
```
sudo tail -f /opt/telebit/var/log/error.log
```
Uninstall
=======
**Linux**:
```
sudo systemctl disable telebit; sudo systemctl stop telebit
sudo rm -rf /etc/systemd/system/telebit.service /opt/telebit /usr/local/bin/telebit
rm -rf ~/.config/telebit ~/.local/share/telebit
```
**macOS**:
```
sudo launchctl unload -w /Library/LaunchDaemons/cloud.telebit.remote.plist
sudo rm -rf /Library/LaunchDaemons/cloud.telebit.remote.plist /opt/telebit /usr/local/bin/telebit
rm -rf ~/.config/telebit ~/.local/share/telebit
```
Browser Library
=======
This is implemented with websockets, so you should be able to
LICENSE
=======
Copyright 2016 AJ ONeal

6
TODO.md
View File

@ -1,6 +0,0 @@
TODO
* [*] Work with Secure WebSockets
* [ ] Hijack HTTPS connection directly (without WebSockets)
* [p] Raw TCP (for transporting https once, not twice) (partial)
* [ ] Let's Encrypt Support (for connecting to a plain http server locally)

118
bin/stunnel.js
View File

@ -1,118 +0,0 @@
#!/usr/bin/env node
(function () {
'use strict';
var pkg = require('../package.json');
var program = require('commander');
var url = require('url');
var stunnel = require('../wsclient.js');
function collectProxies(val, memo) {
var vals = val.split(/,/g);
function parseProxy(location) {
// http:john.example.com:3000
// http://john.example.com:3000
var parts = location.split(':');
var dual = false;
if (/\./.test(parts[0])) {
//dual = true;
parts[2] = parts[1];
parts[1] = parts[0];
parts[0] = 'https';
dual = true;
}
parts[0] = parts[0].toLowerCase();
parts[1] = parts[1].toLowerCase().replace(/(\/\/)?/, '') || '*';
parts[2] = parseInt(parts[2], 10) || 0;
if (!parts[2]) {
// TODO grab OS list of standard ports?
if ('http' === parts[0]) {
parts[2] = 80;
}
else if ('https' === parts[0]) {
parts[2] = 443;
}
else {
throw new Error("port must be specified - ex: tls:*:1337");
}
}
memo.push({
protocol: parts[0]
, hostname: parts[1]
, port: parts[2]
});
if (dual) {
memo.push({
protocol: 'http'
, hostname: parts[1]
, port: parts[2]
});
}
}
vals.map(function (val) {
return parseProxy(val);
});
return memo;
}
program
.version(pkg.version)
//.command('jsurl <url>')
.arguments('<url>')
.action(function (url) {
program.url = url;
})
.option('-k --insecure', 'Allow TLS connections to stunneld without valid certs (rejectUnauthorized: false)')
.option('--locals <LINE>', 'comma separated list of <proto>:<//><servername>:<port> to which matching incoming http and https should forward (reverse proxy). Ex: https://john.example.com,tls:*:1337', collectProxies, [ ]) // --reverse-proxies
.option('--stunneld <URL>', 'the domain (or ip address) at which you are running stunneld.js (the proxy)') // --proxy
.option('--secret <STRING>', 'the same secret used by stunneld (used for JWT authentication)')
.option('--token <STRING>', 'a pre-generated token for use with stunneld (instead of generating one with --secret)')
.parse(process.argv)
;
program.stunneld = program.stunneld || 'wss://tunnel.daplie.com';
var jwt = require('jsonwebtoken');
var domainsMap = {};
var tokenData = {
domains: null
};
var location = url.parse(program.stunneld);
if (!location.protocol || /\./.test(location.protocol)) {
program.stunneld = 'wss://' + program.stunneld;
location = url.parse(program.stunneld);
}
program.stunneld = location.protocol + '//' + location.hostname + (location.port ? ':' + location.port : '');
program.locals.forEach(function (proxy) {
domainsMap[proxy.hostname] = true;
});
tokenData.domains = Object.keys(domainsMap);
program.token = program.token || jwt.sign(tokenData, program.secret || 'shhhhh');
program.net = {
createConnection: function (info, cb) {
// data is the hello packet / first chunk
// info = { data, servername, port, host, remoteFamily, remoteAddress, remotePort }
var net = require('net');
// socket = { write, push, end, events: [ 'readable', 'data', 'error', 'end' ] };
var socket = net.createConnection({ port: info.port, host: info.host }, cb);
return socket;
}
};
program.locals.forEach(function (proxy) {
console.log('[local proxy]', proxy.protocol + '://' + proxy.hostname + ':' + proxy.port);
});
stunnel.connect(program);
}());

482
bin/telebit.js Normal file
View File

@ -0,0 +1,482 @@
#!/usr/bin/env node
(function () {
'use strict';
var pkg = require('../package.json');
//var url = require('url');
var path = require('path');
var http = require('http');
var YAML = require('js-yaml');
var recase = require('recase').create({});
var camelCopy = recase.camelCopy.bind(recase);
//var snakeCopy = recase.snakeCopy.bind(recase);
var common = require('../lib/cli-common.js');
var argv = process.argv.slice(2);
var argIndex = argv.indexOf('--config');
var confpath;
var useTty;
if (-1 === argIndex) {
argIndex = argv.indexOf('-c');
}
if (-1 !== argIndex) {
confpath = argv.splice(argIndex, 2)[1];
}
argIndex = argv.indexOf('--tty');
if (-1 !== argIndex) {
useTty = argv.splice(argIndex, 1);
}
function help() {
console.info('');
console.info('Telebit Remote v' + pkg.version);
console.info('');
console.info('Usage:');
console.info('');
console.info('\ttelebit [--config <path>] <module> <module-options>');
console.info('');
console.info('Examples:');
console.info('');
//console.info('\ttelebit init # bootstrap the config files');
//console.info('');
console.info('\ttelebit status # whether enabled or disabled');
console.info('\ttelebit enable # disallow incoming connections');
console.info('\ttelebit disable # allow incoming connections');
console.info('');
console.info('\ttelebit list # list rules for servernames and ports');
console.info('');
console.info('\ttelebit http none # remove all https handlers');
console.info('\ttelebit http 3000 # forward all https traffic to port 3000');
console.info('\ttelebit http /module/path # load a node module to handle all https traffic');
console.info('');
console.info('\ttelebit http none example.com # remove https handler from example.com');
console.info('\ttelebit http 3001 example.com # forward https traffic for example.com to port 3001');
console.info('\ttelebit http /module/path example.com # forward https traffic for example.com to port 3001');
console.info('');
console.info('\ttelebit tcp none # remove all tcp handlers');
console.info('\ttelebit tcp 5050 # forward all tcp to port 5050');
console.info('\ttelebit tcp /module/path # handle all tcp with a node module');
console.info('');
console.info('\ttelebit tcp none 6565 # remove tcp handler from external port 6565');
console.info('\ttelebit tcp 5050 6565 # forward external port 6565 to local 5050');
console.info('\ttelebit tcp /module/path 6565 # handle external port 6565 with a node module');
console.info('');
console.info('Config:');
console.info('');
console.info('\tSee https://git.coolaj86.com/coolaj86/telebit.js');
console.info('');
console.info('');
}
var verstr = '' + pkg.name + ' v' + pkg.version;
if (!confpath) {
confpath = path.join(require('os').homedir(), '.config/telebit/telebit.yml');
verstr += ' (--config "' + confpath + '")';
}
console.info(verstr + '\n');
if (-1 !== argv.indexOf('-h') || -1 !== argv.indexOf('--help')) {
help();
process.exit(0);
}
if (!confpath || /^--/.test(confpath)) {
help();
process.exit(1);
}
function askForConfig(answers, mainCb) {
answers = answers || {};
//console.log("Please create a config file at '" + confpath + "' or specify --config /path/to/config");
var fs = require('fs');
var stdin = useTty ? fs.createReadStream('/dev/tty') : process.stdin;
var readline = require('readline');
var rl = readline.createInterface({
input: stdin
, output: process.stdout
// https://github.com/nodejs/node/issues/21319
, terminal: !useTty
});
// NOTE: Use of setTimeout
// We're using setTimeout just to make the user experience a little
// nicer, as if we're doing something inbetween steps, so that it
// is a smooth rather than jerky experience.
// >= 300ms is long enough to become distracted and change focus (a full blink, time for an idea to form as a thought)
// <= 100ms is shorter than normal human reaction time (ability to place events chronologically, which happened first)
// ~ 150-250ms is the sweet spot for most humans (long enough to notice change and not be jarred, but stay on task)
var firstSet = [
function askEmail(cb) {
if (answers.email) { cb(); return; }
console.info("");
console.info("");
console.info("Telebit uses Greenlock for free automated ssl through Let's Encrypt.");
console.info("");
console.info("To accept the Terms of Service for Telebit, Greenlock and Let's Encrypt,");
console.info("please enter your email.");
console.info("");
// TODO attempt to read email from npmrc or the like?
rl.question('email: ', function (email) {
email = /@/.test(email) && email.trim();
if (!email) { askEmail(cb); return; }
answers.email = email.trim();
answers.agree_tos = true;
console.info("");
setTimeout(cb, 250);
});
}
, function askAgree(cb) {
if (answers.agree_tos) { cb(); return; }
console.info("");
console.info("");
console.info("Do you accept the terms of service for each and all of the following?");
console.info("");
console.info("\tTelebit - End-to-End Encrypted Relay");
console.info("\tGreenlock - Automated HTTPS");
console.info("\tLet's Encrypt - TLS Certificates");
console.info("");
console.info("Type 'y' or 'yes' to accept these Terms of Service.");
console.info("");
rl.question('agree to all? [y/N]: ', function (resp) {
resp = resp.trim();
if (!/^y(es)?$/i.test(resp) && 'true' !== resp) {
throw new Error("You didn't accept the Terms of Service... not sure what to do...");
}
answers.agree_tos = true;
console.info("");
setTimeout(cb, 250);
});
}
, function askRelay(cb) {
if (answers.relay) { cb(); return; }
console.info("");
console.info("");
console.info("What relay will you be using? (press enter for default)");
console.info("");
rl.question('relay [default: telebit.cloud]: ', function (relay) {
// TODO parse and check https://{{relay}}/.well-known/telebit.cloud/directives.json
if (!relay) {
relay = 'telebit.cloud';
}
answers.relay = relay.trim();
setTimeout(cb, 250);
});
}
, function checkRelay(cb) {
if (!/\btelebit\.cloud\b/i.test(answers.relay)) {
standardSet = standardSet.concat(advancedSet);
}
nextSet = standardSet;
cb();
}
];
var standardSet = [
function askUpdates(cb) {
var options = [ 'newsletter', 'important', 'required' ];
if (-1 !== options.indexOf(answers.updates)) { cb(); return; }
console.info("");
console.info("");
console.info("What updates would you like to receive? (" + options.join(',') + ")");
console.info("");
rl.question('email preference (default: important): ', function (updates) {
updates = (updates || '').trim().toLowerCase();
if (!updates) { updates = 'important'; }
if (-1 === options.indexOf(updates)) { askUpdates(cb); return; }
if ('newsletter' === updates) {
answers.newsletter = true;
answers.communityMember = true;
} else if ('important' === updates) {
answers.communityMember = true;
}
setTimeout(cb, 250);
});
}
/*
, function askNewsletter(cb) {
if (answers.newsletter) { cb(); return; }
console.info("");
console.info("");
console.info("Would you like to subscribe to our newsletter? (press enter for default [no])");
console.info("");
rl.question('newsletter [y/N] (default: no): ', function (newsletter) {
if (/^y(es)?$/.test(newsletter)) {
answers.newsletter = true;
}
setTimeout(cb, 250);
});
}
, function askCommunity(cb) {
if (answers.community_member) { cb(); return; }
console.info("");
console.info("");
console.info("Receive important and relevant updates? (press enter for default [yes])");
console.info("");
rl.question('community_member [Y/n]: ', function (community) {
if (!community || /^y(es)?$/i.test(community)) {
answers.community_member = true;
}
setTimeout(cb, 250);
});
}
*/
, function askTelemetry(cb) {
if (answers.telemetry) { cb(); return; }
console.info("");
console.info("");
console.info("Contribute project telemetry data? (press enter for default [yes])");
console.info("");
rl.question('telemetry [Y/n]: ', function (telemetry) {
if (!telemetry || /^y(es)?$/i.test(telemetry)) {
answers.telemetry = true;
}
setTimeout(cb, 250);
});
}
];
var advancedSet = [
function askTokenOrSecret(cb) {
if (answers.token || answers.secret) { cb(); return; }
console.info("");
console.info("");
console.info("What's your authorization for '" + answers.relay + "'?");
console.info("");
// TODO check .well-known to learn supported token types
console.info("Currently supported:");
console.info("");
console.info("\tToken (JWT format)");
console.info("\tShared Secret (HMAC hex)");
//console.info("\tPrivate key (hex)");
console.info("");
rl.question('auth: ', function (resp) {
var jwt = require('jsonwebtoken');
resp = (resp || '').trim();
try {
answers.token = jwt.decode(resp);
} catch(e) {
// delete answers.token;
}
if (!answers.token) {
resp = resp.toLowerCase();
if (resp === Buffer.from(resp, 'hex').toString('hex')) {
answers.secret = resp;
}
}
if (!answers.token && !answers.secret) {
askTokenOrSecret(cb);
return;
}
setTimeout(cb, 250);
});
}
, function askServernames(cb) {
if (!answers.secret || answers.servernames) { cb(); return; }
console.info("");
console.info("");
console.info("What servername(s) will you be relaying here?");
console.info("(use a comma-separated list such as example.com,example.net)");
console.info("");
rl.question('domain(s): ', function (resp) {
resp = (resp || '').trim().split(/,/g);
if (!resp.length) { askServernames(); return; }
// TODO validate the domains
answers.servernames = resp.join(',');
setTimeout(cb, 250);
});
}
, function askPorts(cb) {
if (!answers.secret || answers.ports) { cb(); return; }
console.info("");
console.info("");
console.info("What tcp port(s) will you be relaying here?");
console.info("(use a comma-separated list such as 2222,5050)");
console.info("");
rl.question('port(s) [default:none]: ', function (resp) {
resp = (resp || '').trim().split(/,/g);
if (!resp.length) { askPorts(); return; }
// TODO validate the domains
answers.ports = resp.join(',');
setTimeout(cb, 250);
});
}
];
var nextSet = firstSet;
function next() {
var q = nextSet.shift();
if (!q) {
// https://github.com/nodejs/node/issues/21319
rl.close();
if (useTty) { stdin.close(); }
mainCb(null, answers);
return;
}
q(next);
}
next();
}
function parseConfig(err, text) {
var config;
if (err) {
console.error("\nCouldn't load config:\n\n\t" + err.message + "\n");
if ('ENOENT' === err.code) {
text = 'relay: \'\'';
}
//askForConfig();
}
try {
config = JSON.parse(text);
} catch(e1) {
try {
config = YAML.safeLoad(text);
} catch(e2) {
console.error(e1.message);
console.error(e2.message);
process.exit(1);
return;
}
}
config = camelCopy(config);
function putConfig(service, args) {
// console.log('got it', service, args);
var req = http.get({
socketPath: common.pipename(config)
, method: 'POST'
, path: '/rpc/' + service + '?_body=' + JSON.stringify(args)
}, function (resp) {
function finish() {
console.info("");
if (200 !== resp.statusCode) {
console.warn("'" + service + "' may have failed."
+ " Consider peaking at the logs either with 'journalctl -xeu telebit' or /opt/telebit/var/log/error.log");
console.warn(resp.statusCode, body);
//cb(new Error("not okay"), body);
return;
}
if (!body) {
console.info("👌");
return;
}
try {
body = JSON.parse(body);
} catch(e) {
// ignore
}
if ("AWAIT_AUTH" === body.code) {
console.info(body.message);
} else if ("CONFIG" === body.code) {
delete body.code;
console.info(YAML.safeDump(body));
} else {
console.info(JSON.stringify(body, null, 2));
}
}
var body = '';
if (resp.headers['content-length']) {
resp.on('data', function (chunk) {
body += chunk.toString();
});
resp.on('end', function () {
finish();
});
} else {
finish();
}
});
req.on('error', function (err) {
console.error('Error');
console.error(err);
return;
});
}
// Two styles:
// http 3000
// http modulename
function makeRpc(key) {
if (key !== argv[0]) {
return false;
}
putConfig(argv[0], argv.slice(1));
return true;
}
if ([ 'ssh', 'http', 'tcp' ].some(function (key) {
if (key !== argv[0]) {
return false;
}
if (argv[1]) {
putConfig(argv[0], argv.slice(1));
return true;
}
help();
return true;
})) {
return true;
}
if (-1 !== argv.indexOf('init')) {
var answers = {};
if ('init' !== argv[0]) {
throw new Error("init must be the first argument");
}
argv.shift();
argv.forEach(function (arg) {
var parts = arg.split(/:/g);
if (2 !== parts.length) {
throw new Error("bad option to init: '" + arg + "'");
}
if (answers[parts[0]]) {
throw new Error("duplicate key to init '" + parts[0] + "'");
}
answers[parts[0]] = parts[1];
});
askForConfig(answers, function (err, answers) {
// TODO use php-style object querification
putConfig('config', Object.keys(answers).map(function (key) {
return key + ':' + answers[key];
}));
/* TODO
if [ "telebit.cloud" == $my_relay ]; then
echo ""
echo ""
echo "=============================================="
echo " Hey, Listen! "
echo "=============================================="
echo ""
echo "GO CHECK YOUR EMAIL"
echo ""
echo "You MUST verify your email address to activate this device."
echo "(if the activation link expires, just run 'telebit restart' and check your email again)"
echo ""
$read_cmd -p "hit [enter] once you've clicked the verification" my_ignore
fi
*/
});
return;
}
if ([ 'status', 'enable', 'disable', 'restart', 'list', 'save' ].some(makeRpc)) {
return;
}
help();
}
require('fs').readFile(confpath, 'utf8', parseConfig);
}());

661
bin/telebitd.js Executable file
View File

@ -0,0 +1,661 @@
#!/usr/bin/env node
(function () {
'use strict';
var pkg = require('../package.json');
var url = require('url');
var path = require('path');
var os = require('os');
var common = require('../lib/cli-common.js');
var http = require('http');
var YAML = require('js-yaml');
var recase = require('recase').create({});
var camelCopy = recase.camelCopy.bind(recase);
var snakeCopy = recase.snakeCopy.bind(recase);
var state = { homedir: os.homedir(), servernames: {}, ports: {} };
var argv = process.argv.slice(2);
var confIndex = argv.indexOf('--config');
var confpath;
var confargs;
if (-1 === confIndex) {
confIndex = argv.indexOf('-c');
}
if (-1 !== confIndex) {
confargs = argv.splice(confIndex, 2);
confpath = confargs[1];
}
function help() {
console.info('');
console.info('Telebit Daemon v' + pkg.version);
console.info('');
console.info('Usage:');
console.info('');
console.info('\ttelebitd --config <path>');
console.info('\tex: telebitd --config ~/.config/telebit/telebitd.yml');
console.info('');
console.info('');
console.info('Config:');
console.info('');
console.info('\tSee https://git.coolaj86.com/coolaj86/telebit.js');
console.info('');
console.info('');
}
var verstr = '' + pkg.name + ' v' + pkg.version;
if (-1 === confIndex) {
// We have two possible valid paths if no --config is given (i.e. run from an npm-only install)
// * {install}/etc/telebitd.yml
// * ~/.config/telebit/telebitd.yml
// We'll asume the later since the installers include --config in the system launcher script
confpath = path.join(state.homedir, '.config/telebit/telebitd.yml');
verstr += ' (--config "' + confpath + '")';
}
console.info(verstr + '\n');
if (-1 !== argv.indexOf('-h') || -1 !== argv.indexOf('--help')) {
help();
process.exit(0);
}
if (!confpath || /^--/.test(confpath)) {
help();
process.exit(1);
}
var tokenpath = path.join(path.dirname(confpath), 'access_token.txt');
var token;
try {
token = require('fs').readFileSync(tokenpath, 'ascii').trim();
} catch(e) {
// ignore
}
var controlServer;
var tun;
function serveControls() {
if (!state.config.disable) {
if (state.config.relay && (state.config.token || state.config.agreeTos)) {
tun = rawTunnel();
}
}
controlServer = http.createServer(function (req, res) {
var opts = url.parse(req.url, true);
if (opts.query._body) {
try {
opts.body = JSON.parse(opts.query._body, true);
} catch(e) {
res.statusCode = 500;
res.end('{"error":{"message":"?_body={{bad_format}}"}}');
return;
}
}
function listSuccess() {
var dumpy = {
servernames: state.servernames
, ports: state.ports
, ssh: state.config.sshAuto || 'disabled'
, code: 'CONFIG'
};
if (/\btelebit\.cloud\b/i.test(state.config.relay) && state.config.email && !state.token) {
dumpy.code = "AWAIT_AUTH";
dumpy.message = [
"Check your email."
, "You must verify your email address to activate this device."
, ""
, " Login Code (if needed): " + state.otp
].join('\n');
}
res.end(JSON.stringify(dumpy));
}
function sshSuccess() {
fs.writeFile(confpath, YAML.safeDump(snakeCopy(state.config)), function (err) {
if (err) {
res.statusCode = 500;
res.end('{"error":{"message":"Could not save config file. Perhaps you\'re not running as root?"}}');
return;
}
res.end('{"success":true}');
});
}
//
// without proper config
//
if (/\b(init|config)\b/.test(opts.pathname)) {
var conf = {};
var fresh;
if (!opts.body) {
res.statusCode = 422;
res.end('{"error":{"message":"needs more arguments"}}');
return;
}
// relay, email, agree_tos, servernames, ports
//
opts.body.forEach(function (opt) {
var parts = opt.split(/:/);
if ('true' === parts[1]) {
parts[1] = true;
} else if ('false' === parts[1]) {
parts[1] = false;
} else if ('null' === parts[1]) {
parts[1] = null;
} else if ('undefined' === parts[1]) {
parts[1] = undefined;
}
conf[parts[0]] = parts[1];
});
if (!state.config.relay || !state.config.email || !state.config.agreeTos) {
fresh = true;
}
// TODO camelCase query
state.config.email = conf.email || state.config.email || '';
if ('undefined' !== typeof conf.agree_tos) {
state.config.agreeTos = conf.agree_tos;
}
state.config.relay = conf.relay || state.config.relay || '';
state.config.token = conf.token || state.config.token || null;
state.config.secret = conf.secret || state.config.secret || null;
if ('undefined' !== typeof conf.newsletter) {
state.config.newsletter = conf.newsletter;
}
if ('undefined' !== typeof conf.community_member) {
state.config.communityMember = conf.community_member;
}
if ('undefined' !== typeof conf.telemetry) {
state.config.telemetry = conf.telemetry;
}
(conf.servernames||[]).forEach(function (key) {
if (!state.config.servernames[key]) {
state.config.servernames[key] = {};
}
});
(conf.ports||[]).forEach(function (key) {
if (!state.config.ports[key]) {
state.config.ports[key] = {};
}
});
if (!state.config.relay || !state.config.email || !state.config.agreeTos) {
res.statusCode = 400;
res.end(JSON.stringify({
error: {
code: "E_INIT"
, message: "Missing important config file params"
, _params: JSON.stringify(conf)
, _config: JSON.stringify(state.config)
, _body: JSON.stringify(opts.body)
}
}));
return;
}
if (tun) {
tun.end(function () {
tun = rawTunnel();
});
tun = null;
setTimeout(function () {
if (!tun) { tun = rawTunnel(); }
}, 3000);
} else {
tun = rawTunnel();
}
fs.writeFile(confpath, YAML.safeDump(snakeCopy(state.config)), function (err) {
if (err) {
res.statusCode = 500;
res.end('{"error":{"message":"Could not save config file after init: ' + err.message.replace(/"/g, "'")
+ '.\nPerhaps check that the file exists and your user has permissions to write it?"}}');
return;
}
listSuccess();
});
return;
}
if (/restart/.test(opts.pathname)) {
tun.end();
res.end('{"success":true}');
controlServer.close(function () {
// TODO closeAll other things
process.nextTick(function () {
// system daemon will restart the process
process.exit(22); // use non-success exit code
});
});
return;
}
//
// Check for proper config
//
if (!state.config.relay || !state.config.email || !state.config.agreeTos) {
res.statusCode = 400;
res.end('{"error":{"code":"E_CONFIG","message":"Invalid config file. Please run \'telebit init\'"}}');
return;
}
//
// With proper config
//
if (/http/.test(opts.pathname)) {
if (!opts.body) {
res.statusCode = 422;
res.end('{"error":{"message":"needs more arguments"}}');
return;
}
if (opts.body[1]) {
if (!state.servernames[opts.body[1]]) {
res.statusCode = 400;
res.end('{"error":{"message":"bad servername \'' + opts.body[1] + '\'"');
return;
}
state.servernames[opts.body[1]].handler = opts.body[0];
} else {
Object.keys(state.servernames).forEach(function (key) {
state.servernames[key].handler = opts.body[0];
});
}
res.end('{"success":true}');
return;
}
if (/tcp/.test(opts.pathname)) {
if (!opts.body) {
res.statusCode = 422;
res.end('{"error":{"message":"needs more arguments"}}');
return;
}
// portnum
if (opts.body[1]) {
if (!state.ports[opts.body[1]]) {
res.statusCode = 400;
res.end('{"error":{"message":"bad port \'' + opts.body[1] + '\'"');
return;
}
// forward-to port-or-module
state.ports[opts.body[1]].handler = opts.body[0];
} else {
Object.keys(state.ports).forEach(function (key) {
state.ports[key].handler = opts.body[0];
});
}
res.end('{"success":true}');
return;
}
if (/save|commit/.test(opts.pathname)) {
state.config.servernames = state.servernames;
state.config.ports = state.ports;
fs.writeFile(confpath, YAML.safeDump(snakeCopy(state.config)), function (err) {
if (err) {
res.statusCode = 500;
res.end('{"error":{"message":"Could not save config file. Perhaps you\'re not running as root?"}}');
return;
}
listSuccess();
});
return;
}
if (/ssh/.test(opts.pathname)) {
var sshAuto;
if (!opts.body) {
res.statusCode = 422;
res.end('{"error":{"message":"needs more arguments"}}');
return;
}
sshAuto = opts.body[0];
if (-1 !== [ 'false', 'none', 'off', 'disable' ].indexOf(sshAuto)) {
state.config.sshAuto = false;
sshSuccess();
return;
}
if (-1 !== [ 'true', 'auto', 'on', 'enable' ].indexOf(sshAuto)) {
state.config.sshAuto = 22;
sshSuccess();
return;
}
sshAuto = parseInt(sshAuto, 10);
if (!sshAuto || sshAuto <= 0 || sshAuto > 65535) {
res.statusCode = 400;
res.end('{"error":{"message":"bad ssh_auto option \'' + opts.body[0] + '\'"');
return;
}
state.config.sshAuto = sshAuto;
sshSuccess();
return;
}
if (/enable/.test(opts.pathname)) {
delete state.config.disable;// = undefined;
if (tun) {
listSuccess();
return;
}
tun = rawTunnel();
fs.writeFile(confpath, YAML.safeDump(snakeCopy(state.config)), function (err) {
if (err) {
res.statusCode = 500;
res.end('{"error":{"message":"Could not save config file. Perhaps you\'re user doesn\'t have permission?"}}');
return;
}
listSuccess();
});
return;
}
if (/disable/.test(opts.pathname)) {
state.config.disable = true;
if (tun) { tun.end(); tun = null; }
fs.writeFile(confpath, YAML.safeDump(snakeCopy(state.config)), function (err) {
if (err) {
res.statusCode = 500;
res.end('{"error":{"message":"Could not save config file. Perhaps you\'re not running as root?"}}');
return;
}
res.end('{"success":true}');
});
return;
}
if (/status/.test(opts.pathname)) {
res.end(JSON.stringify(
{ status: (state.config.disable ? 'disabled' : 'enabled')
, ready: ((state.config.relay && (state.config.token || state.config.agreeTos)) ? true : false)
}
));
return;
}
if (/list/.test(opts.pathname)) {
listSuccess();
return;
}
res.end('{"error":{"message":"unrecognized rpc"}}');
});
var pipename = common.pipename(state.config);
var fs = require('fs');
if (fs.existsSync(pipename)) {
fs.unlinkSync(pipename);
}
// mask is so that processes owned by other users
// can speak to this process, which is probably root-owned
var oldUmask = process.umask(0x0000);
controlServer.listen({
path: pipename
, writableAll: true
, readableAll: true
, exclusive: false
}, function () {
process.umask(oldUmask);
});
}
function parseConfig(err, text) {
var config;
function run() {
state._confpath = confpath;
if (!state.config.servernames) {
state.config.servernames = {};
}
if (!state.config.ports) {
state.config.ports = {};
}
state.servernames = JSON.parse(JSON.stringify(state.config.servernames));
state.ports = JSON.parse(JSON.stringify(state.config.ports));
serveControls();
}
if (err) {
console.warn("\nCouldn't load config:\n\n\t" + err.message + "\n");
state.config = {};
run();
return;
}
try {
config = JSON.parse(text);
} catch(e1) {
try {
config = YAML.safeLoad(text);
} catch(e2) {
console.error(e1.message);
console.error(e2.message);
process.exit(1);
return;
}
}
state.config = camelCopy(config);
if (state.config.token && token) {
console.warn();
console.warn("Found two tokens:");
console.warn();
console.warn("\t1. " + tokenpath);
console.warn("\n2. " + confpath);
console.warn();
console.warn("Choosing the first.");
console.warn();
}
state.token = token;
run();
}
function connectTunnel() {
function sigHandler() {
console.info('Received kill signal. Attempting to exit cleanly...');
// We want to handle cleanup properly unless something is broken in our cleanup process
// that prevents us from exitting, in which case we want the user to be able to send
// the signal again and exit the way it normally would.
process.removeListener('SIGINT', sigHandler);
tun.end();
controlServer.close();
}
// reverse 2FA otp
function leftpad(i, n, c) {
while (i.toString().length < (n || 4)) {
i = (c || '0') + i;
}
return i;
}
function getOtp() {
return leftpad(Math.round(Math.random() * 9999), 4, '0');
}
process.on('SIGINT', sigHandler);
state.net = state.net || {
createConnection: function (info, cb) {
// data is the hello packet / first chunk
// info = { data, servername, port, host, remoteFamily, remoteAddress, remotePort }
var net = require('net');
// socket = { write, push, end, events: [ 'readable', 'data', 'error', 'end' ] };
var socket = net.createConnection({ port: info.port, host: info.host }, cb);
return socket;
}
};
state.otp = getOtp();
state.greenlock = state.config.greenlock || {};
state.sortingHat = state.config.sortingHat || path.resolve(__dirname, '..', 'lib/sorting-hat.js');
// TODO sortingHat.print(); ?
if (state.config.email && !state.token) {
console.info();
console.info('====================================');
console.info('= HEY! LISTEN! =');
console.info('====================================');
console.info('= =');
console.info('= 1. Open your email =');
console.info('= =');
console.info('= 2. Click the magic login link =');
console.info('= Login Code (if needed): 0000 ='.replace('0000', state.otp));
console.info('= =');
console.info('= 3. Check back here for deets =');
console.info('= =');
console.info('= =');
console.info('====================================');
console.info();
}
// TODO Check undefined vs false for greenlock config
var remote = require('../');
state.handlers = {
grant: function (grants) {
console.info("");
console.info("Connect to your device by any of the following means:");
console.info("");
grants.forEach(function (arr) {
if ('https' === arr[0]) {
if (!state.servernames[arr[1]]) {
state.servernames[arr[1]] = {};
}
} else if ('tcp' === arr[0]) {
if (!state.ports[arr[2]]) {
state.ports[arr[2]] = {};
}
}
if ('ssh+https' === arr[0]) {
console.info("SSH+HTTPS");
} else if ('ssh' === arr[0]) {
console.info("SSH");
} else if ('tcp' === arr[0]) {
console.info("TCP");
} else if ('https' === arr[0]) {
console.info("HTTPS");
}
console.info('\t' + arr[0] + '://' + arr[1] + (arr[2] ? (':' + arr[2]) : ''));
if ('ssh+https' === arr[0]) {
console.info("\tex: ssh -o ProxyCommand='openssl s_client -connect %h:%p -servername %h -quiet' " + arr[1] + " -p 443\n");
} else if ('ssh' === arr[0]) {
console.info("\tex: ssh " + arr[1] + " -p " + arr[2] + "\n");
} else if ('tcp' === arr[0]) {
console.info("\tex: netcat " + arr[1] + " " + arr[2] + "\n");
} else if ('https' === arr[0]) {
console.info("\tex: curl https://" + arr[1] + "\n");
}
});
}
, access_token: function (opts) {
state.token = opts.jwt;
state.config.token = opts.jwt;
console.info("Updating '" + tokenpath + "' with new token:");
try {
require('fs').writeFileSync(tokenpath, opts.jwt);
} catch (e) {
console.error("Token not saved:");
console.error(e);
}
}
};
state.greenlockConfig = {
version: state.greenlock.version || 'draft-11'
, server: state.greenlock.server || 'https://acme-v02.api.letsencrypt.org/directory'
, communityMember: state.greenlock.communityMember || state.config.communityMember
, telemetry: state.greenlock.telemetry || state.config.telemetry
, configDir: state.greenlock.configDir || path.resolve(__dirname, '..', 'etc/acme/')
// TODO, store: require(state.greenlock.store.name || 'le-store-certbot').create(state.greenlock.store.options || {})
, approveDomains: function (opts, certs, cb) {
// Certs being renewed are listed in certs.altnames
if (certs) {
opts.domains = certs.altnames;
cb(null, { options: opts, certs: certs });
return;
}
// by virtue of the fact that it's being tunneled through a
// trusted source that is already checking, we're good
//if (-1 !== state.config.servernames.indexOf(opts.domains[0])) {
opts.email = state.greenlock.email || state.config.email;
opts.agreeTos = state.greenlock.agree || state.config.agreeTos;
cb(null, { options: opts, certs: certs });
return;
//}
//cb(new Error("servername not found in allowed list"));
}
};
state.insecure = state.config.relay_ignore_invalid_certificates;
// { relay, config, servernames, ports, sortingHat, net, insecure, token, handlers, greenlockConfig }
var tun = remote.connect({
relay: state.relay
, config: state.config
, otp: state.otp
, sortingHat: state.sortingHat
, net: state.net
, insecure: state.insecure
, token: state.token
, servernames: state.servernames
, ports: state.ports
, handlers: state.handlers
, greenlockConfig: state.greenlockConfig
});
return tun;
}
function rawTunnel() {
if (state.config.disable || !state.config.relay || !(state.config.token || state.config.agreeTos)) {
return;
}
state.relay = state.config.relay;
if (!state.relay) {
throw new Error("'" + state._confpath + "' is missing 'relay'");
}
/*
if (!(state.config.secret || state.config.token)) {
console.error("You must use --secret or --token with --relay");
process.exit(1);
return;
}
*/
var location = url.parse(state.relay);
if (!location.protocol || /\./.test(location.protocol)) {
state.relay = 'wss://' + state.relay;
location = url.parse(state.relay);
}
var aud = location.hostname + (location.port ? ':' + location.port : '');
state.relay = location.protocol + '//' + aud;
if (!state.config.token && state.config.secret) {
var jwt = require('jsonwebtoken');
var tokenData = {
domains: Object.keys(state.config.servernames || {}).filter(function (name) { return /\./.test(name); })
, aud: aud
, iss: Math.round(Date.now() / 1000)
};
state.token = jwt.sign(tokenData, state.config.secret);
}
state.token = state.token || state.config.token;
// TODO sign token with own private key, including public key and thumbprint
// (much like ACME JOSE account)
return connectTunnel();
}
require('fs').readFile(confpath, 'utf8', parseConfig);
}());

112
client.js
View File

@ -1,112 +0,0 @@
'use strict';
var net = require('net');
var jwt = require('jsonwebtoken');
var sni = require('sni');
// TODO ask oauth3.org where to connect
// TODO reconnect on disconnect
// Assumption: will not get next tcp packet unless previous packet succeeded
//var services = { 'ssh': 22, 'http': 80, 'https': 443 };
var services = { 'ssh': 22, 'http': 4080, 'https': 8443 };
var hostname = 'aj.daplie.me'; // 'test.hellabit.com'
function addrToId(address) {
return address.family + ',' + address.address + ',' + address.port;
}
/*
function socketToAddr(socket) {
return { family: socket.remoteFamily, address: socket.remoteAddress, port: socket.remotePort };
}
function socketToId(socket) {
return addrToId(socketToAddr(socket));
}
*/
var tunneler = net.connect({ port: 5443 , host: hostname }, function () {
var token = jwt.sign({ name: hostname }, 'shhhhh');
var localclients = {};
setInterval(function () {
console.log('');
console.log('localclients.length:', Object.keys(localclients).length);
console.log('');
}, 5000);
tunneler.write(token);
// BaaS / Backendless / noBackend / horizon.io
// user authentication
// a place to store data
// file management
// Synergy Teamwork Paradigm = Jabberwocky
var pack = require('tunnel-packer').pack;
function onMessage(opts) {
var id = addrToId(opts);
var service = 'https';
var port = services[service];
var lclient;
if (opts.data.byteLength < 20) {
if ('|__ERROR__|' === opts.data.toString('utf8')
|| '|__END__|' === opts.data.toString('utf8')) {
console.log("end '" + opts.address + "'");
if (localclients[id]) {
localclients[id].end();
delete localclients[id];
}
return;
}
}
if (localclients[id]) {
console.log("received data from '" + opts.address + "'", opts.data.byteLength);
localclients[id].write(opts.data);
return;
}
var servername = sni(opts.data);
if (!servername) {
console.warn("no servername found for '" + id + "'");
tunneler.write(pack(opts, Buffer.from('|__ERROR__|')));
return;
}
console.log("servername: '" + servername + "'");
lclient = localclients[id] = net.createConnection({ port: port, host: '127.0.0.1' }, function () {
lclient.on('data', function (chunk) {
console.log("client '" + opts.address + "' sent ", chunk.byteLength, "bytes");
tunneler.write(pack(opts, chunk));
});
lclient.on('error', function (err) {
console.error('client Error');
console.error(err);
delete localclients[id];
tunneler.write(pack(opts, Buffer.from('|__ERROR__|')));
});
lclient.on('end', function () {
console.log('client End');
delete localclients[id];
tunneler.write(pack(opts, Buffer.from('|__END__|')));
});
console.log('received data', opts.data.byteLength);
lclient.write(opts.data);
});
}
var machine = require('tunnel-packer').create({ onMessage: onMessage });
tunneler.on('data', machine.fns.addChunk);
tunneler.on('end', function () {
console.log('end');
});
});

0
etc/.gitkeep Normal file
View File

20
examples/telebit.full.yml Normal file
View File

@ -0,0 +1,20 @@
email: 'jon@example.com' # must be valid (for certificate recovery and security alerts)
agree_tos: true # agree to the Telebit, Greenlock, and Let's Encrypt TOSes
community_member: true # receive infrequent relevant updates
telemetry: true # contribute to project telemetric data
relay: telebit.cloud # Which Telebit Relay to use
#secret: '' # Shared Secret with Telebit Relay for authorization
#token: '' # Token created by Telebit Relay for authorization
ssh_auto: 22 # forward ssh-looking packets, from any connection, to port 22
servernames: # hostnames that direct to the Telebit Relay admin console
example.com:
handler: 3000
example.net:
handler: /path/to/module
ports:
5050:
handler: 54321
greenlock:
version: 'draft-11'
server: 'https://acme-staging-v02.api.letsencrypt.org/directory'
config_dir: '/opt/telebit/etc/acme.staging/'

7
examples/telebit.minimal.yml Normal file
View File

@ -0,0 +1,7 @@
email: 'jon@example.com' # must be valid (for certificate recovery and security alerts)
agree_tos: true # agree to the Telebit, Greenlock, and Let's Encrypt TOSes
community_member: true # receive infrequent relevant updates
telemetry: true # contribute to project telemetric data
relay: telebit.cloud # Which Telebit Relay to use
#secret: '' # Shared Secret with Telebit Relay for authorization
#token: '' # Token created by Telebit Relay for authorization

13
httpsclient.js
View File

@ -1,13 +0,0 @@
'use strict';
var request = require('request');
function run(copts) {
var tunnelUrl = 'https://tunnel.daplie.com/?access_token=' + copts.token;
request.get(tunnelUrl, { rejectUnauthorized: false }, function (err, resp) {
console.log('resp.body');
console.log(resp.body);
});
}
module.exports.connect = run;

37
lib/cli-common.js Normal file
View File

@ -0,0 +1,37 @@
'use strict';
var common = module.exports;
var path = require('path');
var mkdirp = require('mkdirp');
var os = require('os');
var homedir = os.homedir();
var localshare = '.local/share/telebit';
var localconf = '.config/telebit';
common.pipename = function (config) {
var pipename = (config.sock || common.DEFAULT_SOCK_NAME);
if (/^win/i.test(os.platform())) {
pipename = '\\\\?\\pipe' + pipename.replace(/\//, '\\');
}
return pipename;
};
common.DEFAULT_SOCK_NAME = path.join(homedir, localshare, 'var', 'telebit.sock');
try {
mkdirp.sync(path.join(__dirname, '..', 'var', 'log'));
mkdirp.sync(path.join(__dirname, '..', 'var', 'run'));
mkdirp.sync(path.join(__dirname, '..', 'etc'));
} catch(e) {
console.error(e);
}
try {
mkdirp.sync(path.join(homedir, localshare, 'var', 'log'));
mkdirp.sync(path.join(homedir, localshare, 'var', 'run'));
//mkdirp.sync(path.join(homedir, localshare, 'etc'));
mkdirp.sync(path.join(homedir, localconf));
} catch(e) {
console.error(e);
}

42
lib/html/index.html Normal file
View File

@ -0,0 +1,42 @@
<!DOCTYPE html>
<html>
<head>
<title>Telebit</title>
<meta charset="utf-8">
</head>
<body>
<script>document.body.hidden = true;</script>
<h1>Welcome Home <!-- as in 127.0.0.1, y'know ;) --></h1>
<p>Go ahead and bookmark this page. It's yours now.</p>
<div>
<h2>You've claimed <span class="js-servername">{{servername}}</span></h2>
<p>Here's some ways you can use it:</p>
<pre><code>
telebit http 3000 # forward all https traffic to localhost:3000
telebit http /path/to/module # handle incoming https traffic with a node module
telebit http none # remove all https handlers</code></pre>
</div>
<p>You can <em>always</em> use this port for <strong>SSH over HTTPS</strong>, even while you're using it for something else:</p>
<pre><code>
ssh -o ProxyCommand='openssl s_client -connect %h:443 -servername %h -quiet' <span class="js-servername">{{servername}}</span></code></pre>
<div class="js-port" hidden>
<h2>You've claimed port <span class="js-serviceport">{{serviceport}}</span></h2>
<p>Here's some ways you can use it:</p>
<pre><code>
telebit tcp 3000 # forward all tcp traffic to localhost:3000
telebit tcp /path/to/module # handle incoming tcp traffic with a node module
telebit tcp none # remove all tcp handlers</code></pre>
</div>
<p>You can <em>always</em> use this port for <strong>SSH</strong>, even while you're using it for something else:</p>
<pre><code>telebit ssh 22
ssh <span class="js-servername">{{servername}}</span> -p <span class="js-serviceport">{{serviceport}}</span></code></pre>
<script src="js/app.js"></script>
</body>
</html>

49
lib/html/js/app.js Normal file
View File

@ -0,0 +1,49 @@
(function () {
'use strict';
document.body.hidden = false;
var hash = window.location.hash.substr(1);
var query = window.location.search;
function parseQuery(search) {
var args = search.substring(1).split('&');
var argsParsed = {};
var i, arg, kvp, key, value;
for (i=0; i < args.length; i++) {
arg = args[i];
if (-1 === arg.indexOf('=')) {
argsParsed[decodeURIComponent(arg).trim()] = true;
} else {
kvp = arg.split('=');
key = decodeURIComponent(kvp[0]).trim();
value = decodeURIComponent(kvp[1]).trim();
argsParsed[key] = value;
}
}
return argsParsed;
}
document.querySelectorAll('.js-servername').forEach(function ($el) {
$el.innerText = window.location.host;
});
console.log(parseQuery(hash));
console.log(parseQuery(query));
var port = parseQuery(hash).serviceport || parseQuery(query).serviceport;
if (port) {
document.querySelector('.js-port').hidden = false;
document.querySelectorAll('.js-serviceport').forEach(function ($el) {
$el.innerText = port;
});
}
}());

617
lib/remote.js Normal file
View File

@ -0,0 +1,617 @@
(function () {
'use strict';
var WebSocket = require('ws');
var PromiseA = require('bluebird');
var sni = require('sni');
var Packer = require('proxy-packer');
var os = require('os');
function timeoutPromise(duration) {
return new PromiseA(function (resolve) {
setTimeout(resolve, duration);
});
}
function _connect(state) {
// jshint latedef:false
var defaultHttpTimeout = (2 * 60);
var activityTimeout = state.activityTimeout || (defaultHttpTimeout - 5) * 1000;
var pongTimeout = state.pongTimeout || 10*1000;
// Allow the tunnel client to be created with no token. This will prevent the connection from
// being established initialy and allows the caller to use `.append` for the first token so
// they can get a promise that will provide feedback about invalid tokens.
var tokens = [];
var auth;
if (state.token) {
tokens.push(state.token);
}
var wstunneler;
var authenticated = false;
var authsent = false;
var localclients = {};
var pausedClients = [];
var clientHandlers = {
add: function (conn, cid, tun) {
localclients[cid] = conn;
console.info("[connect] new client '" + cid + "' for '" + tun.name + ":" + tun.serviceport + "' "
+ "(" + clientHandlers.count() + " clients)");
conn.tunnelCid = cid;
conn.tunnelRead = tun.data.byteLength;
conn.tunnelWritten = 0;
conn.on('data', function onLocalData(chunk) {
if (conn.tunnelClosing) {
console.warn("[onLocalData] received data for '"+cid+"' over socket after connection was ended");
return;
}
// This value is bytes written to the tunnel (ie read from the local connection)
conn.tunnelWritten += chunk.byteLength;
// If we have a lot of buffered data waiting to be sent over the websocket we want to slow
// down the data we are getting to send over. We also want to pause all active connections
// if any connections are paused to make things more fair so one connection doesn't get
// stuff waiting for all other connections to finish because it tried writing near the border.
var bufSize = wsHandlers.sendMessage(Packer.pack(tun, chunk));
if (pausedClients.length || bufSize > 1024*1024) {
// console.log('[onLocalData] paused connection', cid, 'to allow websocket to catch up');
conn.pause();
pausedClients.push(conn);
}
});
var sentEnd = false;
conn.on('end', function onLocalEnd() {
console.info("[onLocalEnd] connection '" + cid + "' ended, will probably close soon");
conn.tunnelClosing = true;
if (!sentEnd) {
wsHandlers.sendMessage(Packer.pack(tun, null, 'end'));
sentEnd = true;
}
});
conn.on('error', function onLocalError(err) {
console.info("[onLocalError] connection '" + cid + "' errored:", err);
if (!sentEnd) {
wsHandlers.sendMessage(Packer.pack(tun, {message: err.message, code: err.code}, 'error'));
sentEnd = true;
}
});
conn.on('close', function onLocalClose(hadErr) {
delete localclients[cid];
console.log('[onLocalClose] closed "' + cid + '" read:'+conn.tunnelRead+', wrote:'+conn.tunnelWritten+' (' + clientHandlers.count() + ' clients)');
if (!sentEnd) {
wsHandlers.sendMessage(Packer.pack(tun, null, hadErr && 'error' || 'end'));
sentEnd = true;
}
});
}
, write: function (cid, opts) {
var conn = localclients[cid];
if (!conn) {
return false;
}
//console.log("[=>] received data from '" + cid + "' =>", opts.data.byteLength);
if (conn.tunnelClosing) {
console.warn("[onmessage] received data for '"+cid+"' over socket after connection was ended");
return true;
}
conn.write(opts.data);
// It might seem weird to increase the "read" value in a function named `write`, but this
// is bytes read from the tunnel and written to the local connection.
conn.tunnelRead += opts.data.byteLength;
if (!conn.remotePaused && conn.bufferSize > 1024*1024) {
wsHandlers.sendMessage(Packer.pack(opts, conn.tunnelRead, 'pause'));
conn.remotePaused = true;
conn.once('drain', function () {
wsHandlers.sendMessage(Packer.pack(opts, conn.tunnelRead, 'resume'));
conn.remotePaused = false;
});
}
return true;
}
, closeSingle: function (cid) {
if (!localclients[cid]) {
return;
}
console.log('[closeSingle]', cid);
PromiseA.resolve().then(function () {
var conn = localclients[cid];
conn.tunnelClosing = true;
conn.end();
// If no data is buffered for writing then we don't need to wait for it to drain.
if (!conn.bufferSize) {
return timeoutPromise(500);
}
// Otherwise we want the connection to be able to finish, but we also want to impose
// a time limit for it to drain, since it shouldn't have more than 1MB buffered.
return new PromiseA(function (resolve) {
var timeoutId = setTimeout(resolve, 60*1000);
conn.once('drain', function () {
clearTimeout(timeoutId);
setTimeout(resolve, 500);
});
});
}).then(function () {
if (localclients[cid]) {
console.warn('[closeSingle]', cid, 'connection still present after calling `end`');
localclients[cid].destroy();
return timeoutPromise(500);
}
}).then(function () {
if (localclients[cid]) {
console.error('[closeSingle]', cid, 'connection still present after calling `destroy`');
delete localclients[cid];
}
}).catch(function (err) {
console.error('[closeSingle] failed to close connection', cid, err.toString());
delete localclients[cid];
});
}
, closeAll: function () {
console.log('[closeAll]');
Object.keys(localclients).forEach(function (cid) {
clientHandlers.closeSingle(cid);
});
}
, count: function () {
return Object.keys(localclients).length;
}
};
var pendingCommands = {};
function sendCommand(name) {
var id = Math.ceil(1e9 * Math.random());
var cmd = [id, name].concat(Array.prototype.slice.call(arguments, 1));
if (state.debug) { console.log('[DEBUG] command sending', cmd); }
wsHandlers.sendMessage(Packer.pack(null, cmd, 'control'));
setTimeout(function () {
if (pendingCommands[id]) {
console.warn('command', name, id, 'timed out');
pendingCommands[id]({
message: 'response not received in time'
, code: 'E_TIMEOUT'
});
}
}, pongTimeout);
return new PromiseA(function (resolve, reject) {
pendingCommands[id] = function (err, result) {
delete pendingCommands[id];
if (err) {
reject(err);
} else {
resolve(result);
}
};
});
}
function sendAllTokens() {
if (auth) {
authsent = true;
sendCommand('auth', auth).catch(function (err) { console.error('1', err); });
}
tokens.forEach(function (jwtoken) {
if (state.debug) { console.log('[DEBUG] send token'); }
authsent = true;
sendCommand('add_token', jwtoken)
.catch(function (err) {
console.error('failed re-adding token', jwtoken, 'after reconnect', err);
// Not sure if we should do something like remove the token here. It worked
// once or it shouldn't have stayed in the list, so it's less certain why
// it would have failed here.
});
});
}
function noHandler(cmd) {
console.warn("[telebit] state.handlers['" + cmd[1] + "'] not set");
console.warn(cmd[2]);
}
var connCallback;
var packerHandlers = {
oncontrol: function (opts) {
var cmd, err;
try {
cmd = JSON.parse(opts.data.toString());
} catch (err) {}
if (!Array.isArray(cmd) || typeof cmd[0] !== 'number') {
console.warn('received bad command "' + opts.data.toString() + '"');
return;
}
if (cmd[0] < 0) {
var cb = pendingCommands[-cmd[0]];
if (!cb) {
console.warn('received response for unknown request:', cmd);
} else {
cb.apply(null, cmd.slice(1));
}
return;
}
if (cmd[0] === 0) {
console.warn('received dis-associated error from server', cmd[1]);
if (connCallback) {
connCallback(cmd[1]);
}
return;
}
if (cmd[1] === 'hello') {
if (state.debug) { console.log('[DEBUG] hello received'); }
sendAllTokens();
if (connCallback) {
connCallback();
}
// TODO: handle the versions and commands provided by 'hello' - isn't super important
// yet since there is only one version and set of commands.
err = null;
} else if (cmd[1] === 'grant') {
authenticated = true;
if (state.handlers[cmd[1]]) {
state.handlers[cmd[1]](cmd[2]);
} else {
noHandler(cmd);
}
return;
} else if (cmd[1] === 'access_token') {
authenticated = true;
if (state.handlers[cmd[1]]) {
state.handlers[cmd[1]](cmd[2]);
} else {
noHandler(cmd);
}
return;
} else {
err = { message: 'unknown command "'+cmd[1]+'"', code: 'E_UNKNOWN_COMMAND' };
}
wsHandlers.sendMessage(Packer.pack(null, [-cmd[0], err], 'control'));
}
, onmessage: function (tun) {
var cid = tun._id = Packer.addrToId(tun);
var str;
var m;
if ('http' === tun.service) {
str = tun.data.toString();
m = str.match(/(?:^|[\r\n])Host: ([^\r\n]+)[\r\n]*/im);
tun._name = tun._hostname = (m && m[1].toLowerCase() || '').split(':')[0];
}
else if ('https' === tun.service || 'tls' === tun.service) {
tun._name = tun._servername = sni(tun.data);
} else {
tun._name = '';
}
if (clientHandlers.write(cid, tun)) { return; }
wstunneler.pause();
require(state.sortingHat).assign(state, tun, function (err, conn) {
if (err) {
err.message = err.message.replace(/:tun_id/, tun._id);
packerHandlers._onConnectError(cid, tun, err);
return;
}
clientHandlers.add(conn, cid, tun);
if (tun.data) { conn.write(tun.data); }
wstunneler.resume();
});
}
, onpause: function (opts) {
var cid = Packer.addrToId(opts);
if (localclients[cid]) {
console.log("[TunnelPause] pausing '"+cid+"', remote received", opts.data.toString(), 'of', localclients[cid].tunnelWritten, 'sent');
localclients[cid].manualPause = true;
localclients[cid].pause();
} else {
console.log('[TunnelPause] remote tried pausing finished connection', cid);
// Often we have enough latency that we've finished sending before we're told to pause, so
// don't worry about sending back errors, since we won't be sending data over anyway.
// wsHandlers.sendMessage(Packer.pack(opts, {message: 'no matching connection', code: 'E_NO_CONN'}, 'error'));
}
}
, onresume: function (opts) {
var cid = Packer.addrToId(opts);
if (localclients[cid]) {
console.log("[TunnelResume] resuming '"+cid+"', remote received", opts.data.toString(), 'of', localclients[cid].tunnelWritten, 'sent');
localclients[cid].manualPause = false;
localclients[cid].resume();
} else {
console.log('[TunnelResume] remote tried resuming finished connection', cid);
// wsHandlers.sendMessage(Packer.pack(opts, {message: 'no matching connection', code: 'E_NO_CONN'}, 'error'));
}
}
, onend: function (opts) {
var cid = Packer.addrToId(opts);
//console.log("[end] '" + cid + "'");
clientHandlers.closeSingle(cid);
}
, onerror: function (opts) {
var cid = Packer.addrToId(opts);
//console.log("[error] '" + cid + "'", opts.code || '', opts.message);
clientHandlers.closeSingle(cid);
}
, _onConnectError: function (cid, opts, err) {
console.info("[_onConnectError] opening '" + cid + "' failed because " + err.message);
wsHandlers.sendMessage(Packer.pack(opts, null, 'error'));
}
};
var lastActivity;
var timeoutId;
var wsHandlers = {
refreshTimeout: function () {
lastActivity = Date.now();
}
, checkTimeout: function () {
if (!wstunneler) {
console.warn('checkTimeout called when websocket already closed');
return;
}
// Determine how long the connection has been "silent", ie no activity.
var silent = Date.now() - lastActivity;
// If we have had activity within the last activityTimeout then all we need to do is
// call this function again at the soonest time when the connection could be timed out.
if (silent < activityTimeout) {
timeoutId = setTimeout(wsHandlers.checkTimeout, activityTimeout-silent);
}
// Otherwise we check to see if the pong has also timed out, and if not we send a ping
// and call this function again when the pong will have timed out.
else if (silent < activityTimeout + pongTimeout) {
console.log('pinging tunnel server');
try {
wstunneler.ping();
} catch (err) {
console.warn('failed to ping tunnel server', err);
}
timeoutId = setTimeout(wsHandlers.checkTimeout, pongTimeout);
}
// Last case means the ping we sent before didn't get a response soon enough, so we
// need to close the websocket connection.
else {
console.log('connection timed out');
wstunneler.close(1000, 'connection timeout');
}
}
, onOpen: function () {
console.info("[open] connected to '" + state.relay + "'");
wsHandlers.refreshTimeout();
timeoutId = setTimeout(wsHandlers.checkTimeout, activityTimeout);
wstunneler._socket.on('drain', function () {
// the websocket library has it's own buffer apart from node's socket buffer, but that one
// is much more difficult to watch, so we watch for the lower level buffer to drain and
// then check to see if the upper level buffer is still too full to write to. Note that
// the websocket library buffer has something to do with compression, so I'm not requiring
// that to be 0 before we start up again.
if (wstunneler.bufferedAmount > 128*1024) {
return;
}
pausedClients.forEach(function (conn) {
if (!conn.manualPause) {
// console.log('resuming connection', conn.tunnelCid, 'now the websocket has caught up');
conn.resume();
}
});
pausedClients.length = 0;
});
}
, onClose: function () {
console.log('ON CLOSE');
clearTimeout(timeoutId);
wstunneler = null;
clientHandlers.closeAll();
var error = new Error('websocket connection closed before response');
error.code = 'E_CONN_CLOSED';
Object.keys(pendingCommands).forEach(function (id) {
pendingCommands[id](error);
});
if (connCallback) {
connCallback(error);
}
if (!authenticated) {
console.info('[close] failed on first attempt... check authentication.');
timeoutId = null;
}
else if (tokens.length) {
console.info('[retry] disconnected and waiting...');
timeoutId = setTimeout(connect, 5000);
}
}
, onError: function (err) {
console.error("[tunnel error] " + err.message);
console.error(err);
if (connCallback) {
connCallback(err);
}
}
, sendMessage: function (msg) {
if (wstunneler) {
try {
wstunneler.send(msg, {binary: true});
return wstunneler.bufferedAmount;
} catch (err) {
// There is a chance that this occurred after the websocket was told to close
// and before it finished, in which case we don't need to log the error.
if (wstunneler.readyState !== wstunneler.CLOSING) {
console.warn('[sendMessage] error sending websocket message', err);
}
}
}
}
};
function connect() {
if (wstunneler) {
console.warn('attempted to connect with connection already active');
return;
}
if (!tokens.length) {
if (state.config.email) {
auth = {
subject: state.config.email
, subject_scheme: 'mailto'
// TODO create domains list earlier
, scope: Object.keys(state.config.servernames || {}).join(',')
, otp: state.otp
, hostname: os.hostname()
// Used for User-Agent
, os_type: os.type()
, os_platform: os.platform()
, os_release: os.release()
, os_arch: os.arch()
};
}
}
timeoutId = null;
var machine = Packer.create(packerHandlers);
console.info("[connect] '" + state.relay + "'");
var tunnelUrl = state.relay.replace(/\/$/, '') + '/'; // + auth;
wstunneler = new WebSocket(tunnelUrl, { rejectUnauthorized: !state.insecure });
wstunneler.on('open', wsHandlers.onOpen);
wstunneler.on('close', wsHandlers.onClose);
wstunneler.on('error', wsHandlers.onError);
// Our library will automatically handle sending the pong respose to ping requests.
wstunneler.on('ping', wsHandlers.refreshTimeout);
wstunneler.on('pong', wsHandlers.refreshTimeout);
wstunneler.on('message', function (data, flags) {
wsHandlers.refreshTimeout();
if (data.error || '{' === data[0]) {
console.log(data);
return;
}
machine.fns.addChunk(data, flags);
});
}
connect();
var connPromise;
return {
end: function(cb) {
tokens.length = 0;
if (timeoutId) {
clearTimeout(timeoutId);
timeoutId = null;
}
if (wstunneler) {
try {
wstunneler.close(cb);
} catch(e) {
console.error("[error] wstunneler.close()");
console.error(e);
}
}
}
, append: function (token) {
if (tokens.indexOf(token) >= 0) {
return PromiseA.resolve();
}
tokens.push(token);
var prom;
if (tokens.length === 1 && !wstunneler) {
// We just added the only token in the list, and the websocket connection isn't up
// so we need to restart the connection.
if (timeoutId) {
// Handle the case were the last token was removed and this token added between
// reconnect attempts to make sure we don't try openning multiple connections.
clearTimeout(timeoutId);
timeoutId = null;
}
// We want this case to behave as much like the other case as we can, but we don't have
// the same kind of reponses when we open brand new connections, so we have to rely on
// the 'hello' and the 'un-associated' error commands to determine if the token is good.
prom = connPromise = new PromiseA(function (resolve, reject) {
connCallback = function (err) {
connCallback = null;
connPromise = null;
if (err) {
reject(err);
} else {
resolve();
}
};
});
connect();
}
else if (connPromise) {
prom = connPromise.then(function () {
return sendCommand('add_token', token);
});
}
else {
prom = sendCommand('add_token', token);
}
prom.catch(function (err) {
console.error('adding token', token, 'failed:', err);
// Most probably an invalid token of some kind, so we don't really want to keep it.
tokens.splice(tokens.indexOf(token), 1);
});
return prom;
}
, clear: function (token) {
if (typeof token === 'undefined') {
token = '*';
}
if (token === '*') {
tokens.length = 0;
} else {
var index = tokens.indexOf(token);
if (index < 0) {
return PromiseA.resolve();
}
tokens.splice(index);
}
var prom = sendCommand('delete_token', token);
prom.catch(function (err) {
console.error('clearing token', token, 'failed:', err);
});
return prom;
}
};
}
module.exports.connect = _connect;
module.exports.createConnection = _connect;
}());

455
lib/sorting-hat.js Normal file
View File

@ -0,0 +1,455 @@
'use strict';
var os = require('os');
var path = require('path');
module.exports.print = function (config) {
var services = { https: {}, http: {}, tcp: {} };
// Note: the remote needs to know:
// what servernames to forward
// what ports to forward
// what udp ports to forward
// redirect http to https automatically
// redirect www to nowww automatically
if (config.http) {
Object.keys(config.http).forEach(function (hostname) {
if ('*' === hostname) {
config.servernames.forEach(function (servername) {
services.https[servername] = config.http[hostname];
services.http[servername] = 'redirect-https';
});
return;
}
services.https[hostname] = config.http[hostname];
services.http[hostname] = 'redirect-https';
});
}
/*
Object.keys(config.localPorts).forEach(function (port) {
var proto = config.localPorts[port];
if (!proto) { return; }
if ('http' === proto) {
config.servernames.forEach(function (servername) {
services.http[servername] = port;
});
return;
}
if ('https' === proto) {
config.servernames.forEach(function (servername) {
services.https[servername] = port;
});
return;
}
if (true === proto) { proto = 'tcp'; }
if ('tcp' !== proto) { throw new Error("unsupported protocol '" + proto + "'"); }
//services[proxy.protocol]['*'] = proxy.port;
//services[proxy.protocol][proxy.hostname] = proxy.port;
services[proto]['*'] = port;
});
*/
Object.keys(services).forEach(function (protocol) {
var subServices = services[protocol];
Object.keys(subServices).forEach(function (hostname) {
console.info('[local proxy]', protocol + '://' + hostname + ' => ' + subServices[hostname]);
});
});
console.info('');
};
module.exports.assign = function (state, tun, cb) {
console.log('first message from', tun);
var net = state.net || require('net');
function trySsh(tun, cb) {
// https://security.stackexchange.com/questions/43231/plausibly-deniable-ssh-does-it-make-sense?rq=1
// https://tools.ietf.org/html/rfc4253#section-4.2
var sshPort;
if (-1 !== ['true', 'enable', 'auto', 'on'].indexOf(state.config.sshAuto)) {
sshPort = 22;
} else {
sshPort = parseInt(state.config.sshAuto, 10);
}
if (!sshPort || 'SSH-2.0-' !== tun.data.slice(0, 8).toString()) {
cb(null, false);
return;
}
cb(null, getNetConn(sshPort));
}
var handlers = {};
handlers.http = function (socket) {
if (!state.greenlock) {
state.greenlock = require('greenlock').create(state.greenlockConfig);
}
if (!state.httpRedirectServer) {
state.redirectHttps = require('redirect-https')();
state.httpRedirectServer = require('http').createServer(state.greenlock.middleware(state.redirectHttps));
}
state.httpRedirectServer.emit('connection', socket);
};
handlers.https = function (tlsSocket) {
console.log('Encrypted', tlsSocket.encrypted, tlsSocket.remoteAddress, tlsSocket.remotePort);
if (!state.defaultHttpServer) {
state._finalHandler = require('finalhandler');
state._serveStatic = require('serve-static');
state._defaultServe = state._serveStatic(path.join(__dirname, 'html'));
state.defaultHttpServer = require('http').createServer(function (req, res) {
state._defaultServe(req, res, state._finalHandler(req, res));
});
}
state.defaultHttpServer.emit('connection', tlsSocket);
};
function getNetConn(port) {
var netOpts = {
port: port
, host: '127.0.0.1'
, servername: tun.name
, name: tun.name
, serviceport: tun.serviceport
, data: tun.data
, remoteFamily: tun.family
, remoteAddress: tun.address
, remotePort: tun.port
};
var conn = net.createConnection(netOpts, function () {
// this will happen before 'data' or 'readable' is triggered
// We use the data from the netOpts object so that the createConnection function has
// the oppurtunity of removing/changing it if it wants/needs to handle it differently.
});
return conn;
}
function redirectHttp(cb) {
var socketPair = require('socket-pair');
var conn = socketPair.create(function (err, other) {
if (err) { cb(err); return; }
handlers.http(other);
cb(null, conn);
});
//if (tun.data) { conn.write(tun.data); }
return conn;
}
function echoTcp(cb) {
var socketPair = require('socket-pair');
var conn = socketPair.create(function (err, other) {
if (err) { cb(err); return; }
other.on('data', function (chunk) {
other.write(chunk);
});
other.on('end', function () {
other.end();
});
cb(null, conn);
other.write("\n" +
[ "[Telebit Echo Server] v1.0"
, "To configure tcp run the following:"
, "\ttelebit tcp <port number or module name>"
, "\tex: telebit tcp 5050"
, "\tex: telebit tcp /path/to/module"
, "\tex: telebit tcp none"
].join("\n") + "\n\n");
});
//if (tun.data) { conn.write(tun.data); }
return conn;
}
function defineProps(other, tun) {
Object.defineProperty(other, 'remoteFamily', {
enumerable: false,
configurable: true,
get: function() {
return tun.family;
}
});
Object.defineProperty(other, 'remoteAddress', {
enumerable: false,
configurable: true,
get: function() {
return tun.address;
}
});
Object.defineProperty(other, 'remotePort', {
enumerable: false,
configurable: true,
get: function() {
return parseInt(tun.port);
}
});
Object.defineProperty(other, 'localPort', {
enumerable: false,
configurable: true,
get: function() {
return parseInt(tun.serviceport);
}
});
}
function invokeTcpHandler(conf, socket, tun, id, cb) {
var conn;
if (parseInt(conf.handler, 10)) {
conn = getNetConn(conf.handler);
cb(null, conn);
return conn;
}
var handle = tun.port;
var handler;
var handlerpath = conf.handler;
var homedir = os.homedir();
var localshare = path.join(homedir, '.local/share/telebit/apps');
if (/^~/.test(handlerpath)) {
handlerpath = path.join(homedir, handlerpath.replace(/^~(\/?)/, ''));
}
try {
handler = require(handlerpath);
console.info("Handling '" + handle + ":" + id + "' with '" + handlerpath + "'");
} catch(e1) {
try {
handler = require(path.join(localshare, handlerpath));
console.info("Handling '" + handle + ":" + id + "' with '" + handlerpath + "'");
} catch(e2) {
console.error("Failed to require('" + handlerpath + "'):", e1.message);
console.error("Failed to require('" + path.join(localshare, handlerpath) + "'):", e2.message);
console.warn("Using default handler for '" + handle + ":" + id + "'");
echoTcp(cb);
}
}
var socketPair = require('socket-pair');
conn = socketPair.create(function (err, other) {
handler(other, tun, id);
cb(null, conn);
});
return conn;
}
var handlerservers = {};
function invokeHandler(conf, tlsSocket, tun, id) {
var conn;
if (parseInt(conf.handler, 10)) {
// TODO http-proxy with proper headers and ws support
conn = getNetConn(conf.handler);
console.info("Port-Forwarding '" + (tun.name || tun.serviceport) + "' to '" + conf.handler + "'");
conn.pipe(tlsSocket);
tlsSocket.pipe(conn);
return;
}
var handle = tun.name || tun.port;
var handler;
var handlerpath = conf.handler;
var homedir = os.homedir();
var localshare = path.join(homedir, '.local/share/telebit/apps');
var http = require('http');
// 1. No modification handlerpath may be an aboslute path
// 2. it may be relative to a user home directory
// 3. it may be relative to a user local/share
tlsSocket._tun = tun;
tlsSocket._id = id;
if (handlerservers[conf.handler]) {
handlerservers[conf.handler].emit('connection', tlsSocket);
return;
}
if (/^~/.test(handlerpath)) {
handlerpath = path.join(homedir, handlerpath.replace(/^~(\/?)/, ''));
}
try {
handler = require(handlerpath);
console.info("Handling '" + handle + ":" + id + "' with '" + handlerpath + "'");
} catch(e1) {
try {
handler = require(path.join(localshare, handlerpath));
console.info("Handling '" + handle + ":" + id + "' with '" + handlerpath + "'");
} catch(e2) {
console.error("Failed to require('" + handlerpath + "'):", e1.message);
console.error("Failed to require('" + path.join(localshare, handlerpath) + "'):", e2.message);
console.warn("Using default handler for '" + handle + ":" + id + "'");
handler = null;
// fallthru
}
}
if (handler) {
handlerservers[conf.handler] = http.createServer(handler);
handlerservers[conf.handler].emit('connection', tlsSocket);
return;
}
handlers.https(tlsSocket, tun, id);
}
function terminateTls(tun, cb) {
var socketPair = require('socket-pair');
var conn = socketPair.create(function (err, other) {
if (err) { cb(err); return; }
//console.log('[hit tcp connection]', other.remoteFamily, other.remoteAddress, other.remotePort, other.localPort);
defineProps(other, tun);
//console.log('[hit tcp connection]', other.remoteFamily, other.remoteAddress, other.remotePort, other.localPort);
if (!state.greenlock) {
state.greenlock = require('greenlock').create(state.greenlockConfig);
}
if (!state.terminatorServer) {
state.terminatorServer = require('tls').createServer(state.greenlock.tlsOptions, function (tlsSocket) {
var Packer = require('proxy-packer');
var addr = Packer.socketToAddr(tlsSocket);
var id = Packer.addrToId(addr);
defineProps(tlsSocket, addr);
//console.log('[hit tls server]', tlsSocket.remoteFamily, tlsSocket.remoteAddress, tlsSocket.remotePort, tlsSocket.localPort);
//console.log(addr);
var conf = state.servernames[tlsSocket.servername];
tlsSocket.once('data', function (firstChunk) {
tlsSocket.pause();
//tlsSocket.unshift(firstChunk);
tlsSocket._handle.onread(firstChunk.length, firstChunk);
trySsh({ data: firstChunk }, function (err, conn) {
process.nextTick(function () { tlsSocket.resume(); });
if (conn) {
conn.pipe(tlsSocket);
tlsSocket.pipe(conn);
return;
}
if (!conf || !conf.handler || 'none' === conf.handler) {
console.log('https default handler');
handlers.https(tlsSocket);
return;
}
console.log('https invokeHandler');
invokeHandler(conf, tlsSocket, tun, id);
});
});
});
}
//console.log('[hit tcp connection]', other.remoteFamily, other.remoteAddress, other.remotePort, other.localPort);
state.terminatorServer.emit('connection', other);
cb(null, conn);
});
//if (tun.data) { conn.write(tun.data); }
return conn;
}
var handled;
if (!tun.name && !tun.serviceport) {
console.log('tun:\n',tun);
//console.warn(tun.data.toString());
cb(new Error("No routing information for ':tun_id'. Missing both 'name' and 'serviceport'."));
return;
}
if ('http' === tun.service || 'https' === tun.service) {
if (!tun.name) {
cb(new Error("No routing information for ':tun_id'. Service '" + tun.service + "' is missing 'name'."));
return;
}
}
if ('http' === tun.service) {
// TODO match *.example.com
handled = Object.keys(state.servernames).some(function (sn) {
if (sn !== tun.name) { return; }
console.log('Found config match for PLAIN', tun.name);
if (!state.servernames[sn]) { return; }
if (false === state.servernames[sn].terminate) {
cb(new Error("insecure http not supported yet"));
return true;
}
console.log('Redirecting HTPTP for', tun.name);
redirectHttp(cb);
return true;
});
if (!handled) {
redirectHttp(cb);
}
return;
}
if ('https' === tun.service) {
// TODO match *.example.com
handled = Object.keys(state.servernames).some(function (sn) {
if (sn !== tun.name) { return; }
console.log('Found config match for TLS', tun.name);
if (!state.servernames[sn]) { return; }
if (false === state.servernames[sn].terminate) {
cb(new Error("insecure http not supported yet"));
return true;
}
console.log('Terminating TLS for', tun.name);
terminateTls(tun, cb);
return true;
});
if (!handled) {
terminateTls(tun, cb);
}
return;
}
if ('tcp' === tun.service) {
trySsh(tun, function (err, conn) {
if (conn) { cb(null, conn); return; }
// TODO add TCP handlers
var conf = state.ports[tun.serviceport];
if (!conf || !conf.handler || 'none' === conf.handler) {
console.log('Using echo server for tcp');
echoTcp(cb);
return;
}
var Packer = require('proxy-packer');
//var addr = Packer.socketToAddr(conn);
var id = Packer.addrToId(tun);
invokeTcpHandler(conf, conn, tun, id, cb);
});
return;
}
console.warn("Unknown service '" + tun.service + "'");
/*
var portList = state.services[service];
var port;
port = portList[tun.name];
if (!port) {
// Check for any wildcard domains, sorted longest to shortest so the one with the
// biggest natural match will be found first.
Object.keys(portList).filter(function (pattern) {
return pattern[0] === '*' && pattern.length > 1;
}).sort(function (a, b) {
return b.length - a.length;
}).some(function (pattern) {
var subPiece = pattern.slice(1);
if (subPiece === tun.name.slice(-subPiece.length)) {
port = portList[pattern];
return true;
}
});
}
if (!port) {
port = portList['*'];
}
*/
};

35
package.json
View File

@ -1,19 +1,18 @@
{ {
"name": "stunnel", "name": "telebit",
"version": "0.8.1", "version": "0.15.3",
"description": "A pure-JavaScript tunnel client for http and https similar to localtunnel.me, but uses TLS (SSL) with ServerName Indication (SNI) over https to work even in harsh network conditions such as in student dorms and behind HOAs, corporate firewalls, public libraries, airports, airplanes, etc. Can also tunnel tls and plain tcp.", "description": "Break out of localhost. Connect to any device from anywhere over any tcp port or securely in a browser. A secure tunnel. A poor man's reverse VPN.",
"main": "wsclient.js", "main": "lib/remote.js",
"bin": { "bin": {
"jstunnel": "bin/stunnel.js", "telebit": "bin/telebit.js"
"stunnel.js": "bin/stunnel.js", , "telebitd": "bin/telebitd.js"
"stunnel-js": "bin/stunnel.js"
}, },
"scripts": { "scripts": {
"test": "echo \"Error: no test specified\" && exit 1" "test": "echo \"Error: no test specified\" && exit 1"
}, },
"repository": { "repository": {
"type": "git", "type": "git",
"url": "git+ssh://git@github.com/Daplie/node-tunnel-client.git" "url": "https://git.coolaj86.com/coolaj86/telebit.js.git"
}, },
"keywords": [ "keywords": [
"cli", "cli",
@ -32,6 +31,9 @@
"tunnel", "tunnel",
"localtunnel", "localtunnel",
"localtunnel.me", "localtunnel.me",
"underpass",
"ngrok",
"ngrok.io",
"proxy", "proxy",
"reverse", "reverse",
"reverse-proxy", "reverse-proxy",
@ -42,14 +44,23 @@
"author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)", "author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)",
"license": "(MIT OR Apache-2.0)", "license": "(MIT OR Apache-2.0)",
"bugs": { "bugs": {
"url": "https://github.com/Daplie/node-tunnel-client/issues" "url": "https://git.coolaj86.com/coolaj86/telebit.js/issues"
}, },
"homepage": "https://github.com/Daplie/node-tunnel-client#readme", "homepage": "https://git.coolaj86.com/coolaj86/telebit.js#readme",
"dependencies": { "dependencies": {
"bluebird": "^3.5.1",
"commander": "^2.9.0", "commander": "^2.9.0",
"finalhandler": "^1.1.1",
"greenlock": "^2.2.19",
"js-yaml": "^3.11.0",
"jsonwebtoken": "^7.1.9", "jsonwebtoken": "^7.1.9",
"mkdirp": "^0.5.1",
"proxy-packer": "^1.4.3",
"recase": "^1.0.4",
"redirect-https": "^1.1.5",
"serve-static": "^1.13.2",
"sni": "^1.0.0", "sni": "^1.0.0",
"tunnel-packer": "^1.1.0", "socket-pair": "^1.0.3",
"ws": "^1.1.1" "ws": "^2.2.3"
} }
} }

19
snippets/ws.js
View File

@ -1,19 +0,0 @@
(function () {
'use strict';
var WebSocket = require('ws');
var jwt = require('jsonwebtoken');
var hostname = 'example.daplie.me';
var token = jwt.sign({ name: hostname }, 'shhhhh');
var url = 'wss://stunnel.hellabit.com:3000/?access_token=' + token;
var wstunneler = new WebSocket(url, { rejectUnauthorized: false });
wstunneler.on('open', function () {
console.log('open');
});
wstunneler.on('error', function (err) {
console.error(err.toString());
});
}());

0
usr/share/.gitkeep Normal file
View File

61
usr/share/dist/Library/LaunchDaemons/cloud.telebit.remote.plist vendored Normal file
View File

@ -0,0 +1,61 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Telebit Remote</string>
<key>ProgramArguments</key>
<array>
<string>/opt/telebit/bin/node</string>
<string>/opt/telebit/bin/telebitd.js</string>
<string>daemon</string>
<string>--config</string>
<string>/opt/telebit/etc/telebitd.yml</string>
</array>
<key>EnvironmentVariables</key>
<dict>
<key>TELEBIT_PATH</key>
<string>/opt/telebit</string>
<key>NODE_PATH</key>
<string>/opt/telebit/lib/node_modules</string>
<key>NPM_CONFIG_PREFIX</key>
<string>/opt/telebit</string>
</dict>
<key>UserName</key>
<string>root</string>
<key>GroupName</key>
<string>wheel</string>
<key>InitGroups</key>
<true/>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<true/>
<!--dict>
<key>Crashed</key>
<true/>
<key>NetworkState</key>
<true/>
<key>SuccessfulExit</key>
<false/>
</dict-->
<key>SoftResourceLimits</key>
<dict>
<key>NumberOfFiles</key>
<integer>8192</integer>
</dict>
<key>HardResourceLimits</key>
<dict/>
<key>WorkingDirectory</key>
<string>/opt/telebit</string>
<key>StandardErrorPath</key>
<string>/opt/telebit/var/log/error.log</string>
<key>StandardOutPath</key>
<string>/opt/telebit/var/log/info.log</string>
</dict>
</plist>

61
usr/share/dist/etc/skel/.config/systemd/user/telebit.service vendored Normal file
View File

@ -0,0 +1,61 @@
# Pre-req
# sudo adduser telebit --home /opt/telebit
# sudo mkdir -p /opt/telebit/
# sudo chown -R telebit:telebit /opt/telebit/
[Unit]
Description=Telebit Remote
Documentation=https://git.coolaj86.com/coolaj86/telebit.js/
[Service]
# Restart on crash (bad signal), but not on 'clean' failure (error exit code)
# Allow up to 3 restarts within 10 seconds
# (it's unlikely that a user or properly-running script will do this)
Restart=always
StartLimitInterval=10
StartLimitBurst=3
# https://wiki.archlinux.org/index.php/Systemd/User
# ~/.local/share/systemd/user/
WorkingDirectory=%h/.config/telebit
# custom directory cannot be set and will be the place where gitea exists, not the working directory
ExecStart=/opt/telebit/bin/node /opt/telebit/bin/telebit.js --config /etc/telebit/telebit.yml
ExecReload=/bin/kill -USR1 $MAINPID
# Limit the number of file descriptors and processes; see `man systemd.exec` for more limit settings.
# Unmodified gitea is not expected to use more than this.
LimitNOFILE=1048576
LimitNPROC=64
# Use private /tmp and /var/tmp, which are discarded after gitea stops.
PrivateTmp=true
# Use a minimal /dev
PrivateDevices=true
# Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
ProtectHome=true
# Make /usr, /boot, /etc and possibly some more folders read-only.
ProtectSystem=full
# ... except /opt/gitea because we want a place for the database
# and /var/log/gitea because we want a place where logs can go.
# This merely retains r/w access rights, it does not add any new.
# Must still be writable on the host!
ReadWriteDirectories=/opt/telebit /etc/telebit
# Note: in v231 and above ReadWritePaths has been renamed to ReadWriteDirectories
; ReadWritePaths=/opt/telebit /etc/telebit
# The following additional security directives only work with systemd v229 or later.
# They further retrict privileges that can be gained by gitea.
# Note that you may have to add capabilities required by any plugins in use.
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
# Caveat: Some features may need additional capabilities.
# For example an "upload" may need CAP_LEASE
; CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_LEASE
; AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_LEASE
; NoNewPrivileges=true
[Install]
WantedBy=multi-user.target

65
usr/share/dist/etc/systemd/system/telebit.service vendored Normal file
View File

@ -0,0 +1,65 @@
# Pre-req
# sudo adduser telebit --home /opt/telebit
# sudo mkdir -p /opt/telebit/
# sudo chown -R telebit:telebit /opt/telebit/
[Unit]
Description=Telebit Remote
Documentation=https://git.coolaj86.com/coolaj86/telebit.js/
After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service
[Service]
# Restart on crash (bad signal), but not on 'clean' failure (error exit code)
# Allow up to 3 restarts within 10 seconds
# (it's unlikely that a user or properly-running script will do this)
Restart=always
StartLimitInterval=10
StartLimitBurst=3
# User and group the process will run as
# (git is the de facto standard on most systems)
User=telebit
Group=telebit
WorkingDirectory=/opt/telebit
# custom directory cannot be set and will be the place where this exists, not the working directory
ExecStart=/opt/telebit/bin/node /opt/telebit/bin/telebitd.js daemon --config /opt/telebit/etc/telebitd.yml
ExecReload=/bin/kill -USR1 $MAINPID
# Limit the number of file descriptors and processes; see `man systemd.exec` for more limit settings.
# Unmodified, this is not expected to use more than this.
LimitNOFILE=1048576
LimitNPROC=64
# Use private /tmp and /var/tmp, which are discarded after this stops.
PrivateTmp=true
# Use a minimal /dev
PrivateDevices=true
# Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
ProtectHome=true
# Make /usr, /boot, /etc and possibly some more folders read-only.
ProtectSystem=full
# ... except /opt/telebit because we want a place for config, logs, etc
# This merely retains r/w access rights, it does not add any new.
# Must still be writable on the host!
ReadWriteDirectories=/opt/telebit
# Note: in v231 and above ReadWritePaths has been renamed to ReadWriteDirectories
; ReadWritePaths=/opt/telebit
# The following additional security directives only work with systemd v229 or later.
# They further retrict privileges that can be gained.
# Note that you may have to add capabilities required by any plugins in use.
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
# Caveat: Some features may need additional capabilities.
# For example an "upload" may need CAP_LEASE
; CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_LEASE
; AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_LEASE
; NoNewPrivileges=true
[Install]
WantedBy=multi-user.target

81
usr/share/install.sh Normal file
View File

@ -0,0 +1,81 @@
#!/bin/bash
#<pre><code>
# This script does exactly 3 things for 1 good reason:
#
# What this does:
#
# 1. Detects either curl or wget and wraps them in helpers
# 2. Exports the helpers for the real installer
# 3. Downloads and runs the real installer
#
# Why
#
# 1. 'curl <smth> | bash -- some args here` breaks interactive input
# See https://stackoverflow.com/questions/16854041/bash-read-is-being-skipped-when-run-from-curl-pipe
#
# 2. It also has practical risks of running a partially downloaded script, which could be dangeresque
# See https://news.ycombinator.com/item?id=12767636
set -e
set -u
###############################
# #
# http_get #
# boilerplate for curl / wget #
# #
###############################
# See https://git.coolaj86.com/coolaj86/snippets/blob/master/bash/http-get.sh
export _my_http_get=""
export _my_http_opts=""
export _my_http_out=""
detect_http_get()
{
set +e
if type -p curl >/dev/null 2>&1; then
_my_http_get="curl"
_my_http_opts="-fsSL"
_my_http_out="-o"
elif type -p wget >/dev/null 2>&1; then
_my_http_get="wget"
_my_http_opts="--quiet"
_my_http_out="-O"
else
echo "Aborted, could not find curl or wget"
return 7
fi
set -e
}
http_get()
{
$_my_http_get $_my_http_opts $_my_http_out "$2" "$1"
touch "$2"
}
http_bash()
{
_http_url=$1
my_args=${2:-}
my_tmp=$(mktemp)
$_my_http_get $_my_http_opts $_my_http_out "$my_tmp" "$_http_url"; bash "$my_tmp" $my_args; rm "$my_tmp"
}
detect_http_get
export -f http_get
export -f http_bash
###############################
## END HTTP_GET ##
###############################
TELEBIT_VERSION=${TELEBIT_VERSION:-master}
if [ -e "usr/share/install_helper.sh" ]; then
bash usr/share/install_helper.sh "$@"
else
http_bash https://git.coolaj86.com/coolaj86/telebit.js/raw/branch/$TELEBIT_VERSION/usr/share/install_helper.sh "$@"
fi

330
usr/share/install_helper.sh Normal file
View File

@ -0,0 +1,330 @@
#!/bin/bash
#<pre><code>
# What does this do.. and why?
# (and why is it so complicated?)
#
# What this does
#
# 1. Sets some vars and asks some questions
# 2. Installs everything into a single place
# (inculding deps like node.js, with the correct version)
# 3. Depending on OS, creates a user for the service
# 4. Depending on OS, register with system launcher
#
# Why
#
# So that you can get a fully configured, running product,
# with zero manual configuration in a matter of seconds -
# and have an uninstall that's just as easy.
#
# Why so complicated?
#
# To support nuance differences between various versions of
# Linux, macOS, and Android, including whether it's being
# installed with user privileges, as root, wit a system user
# system daemon launcher, etc. Also, this is designed to be
# reusable with many apps and services, so it's very variabled...
set -e
set -u
### http_bash exported by get.sh
TELEBIT_VERSION=${TELEBIT_VERSION:-master}
my_email=${1:-}
my_relay=${2:-}
my_servernames=${3:-}
my_secret=${4:-}
my_user="telebit"
my_app_pkg_name="cloud.telebit.remote"
my_app="telebit"
my_daemon="telebitd"
my_bin="telebit.js"
my_name="Telebit Remote"
my_repo="telebit.js"
my_root=${my_root:-} # todo better install script
sudo_cmd="sudo"
sudo_cmde="sudo "
exec 3<>/dev/tty
read_cmd="read -u 3"
# TODO detect if rsync is available and use rsync -a (more portable)
rsync_cmd="cp -pPR"
set +e
my_edit=$(basename "${EDITOR:-}")
if [ -z "$my_edit" ]; then
my_edit=$(basename "$(type -p edit)")
fi
if [ -z "$my_edit" ]; then
my_edit=$(basename "$(type -p nano)")
fi
if [ -z "$my_edit" ]; then
my_edit=$(basename "$(type -p vim)")
fi
if [ -z "$my_edit" ]; then
my_edit=$(basename "$(type -p vi)")
fi
if [ -z "$my_edit" ]; then
my_edit="nano"
fi
set -e
if [ "root" == $(whoami) ] || [ 0 == $(id -u) ]; then
sudo_cmd=" "
sudo_cmde=""
fi
echo ""
if [ -z "${TELEBIT_PATH:-}" ]; then
echo 'TELEBIT_PATH="'${TELEBIT_PATH:-}'"'
TELEBIT_PATH=/opt/$my_app
fi
echo "Installing $my_name to '$TELEBIT_PATH'"
# v10.2+ has much needed networking fixes, but breaks ursa. v9.x has severe networking bugs. v8.x has working ursa, but requires tls workarounds"
NODEJS_VER="${NODEJS_VER:-v10.2}"
export NODEJS_VER
export NODE_PATH="$TELEBIT_PATH/lib/node_modules"
export NPM_CONFIG_PREFIX="$TELEBIT_PATH"
export PATH="$TELEBIT_PATH/bin:$PATH"
sleep 0.25
echo "(your password may be required to complete installation)"
#echo "${sudo_cmde}mkdir -p '$TELEBIT_PATH'{etc,var/log}"
$sudo_cmd mkdir -p "$TELEBIT_PATH"
echo " - installing node.js runtime to '$TELEBIT_PATH'..."
http_bash https://git.coolaj86.com/coolaj86/node-installer.sh/raw/branch/master/install.sh --no-dev-deps >/dev/null 2>/dev/null
my_node="$TELEBIT_PATH/bin/node"
my_npm="$my_node $TELEBIT_PATH/bin/npm"
my_tmp="$(mktemp -d)"
mkdir -p $my_tmp
$sudo_cmd mkdir -p "$TELEBIT_PATH/etc"
$sudo_cmd mkdir -p "$TELEBIT_PATH/var/log"
$sudo_cmd chown -R $(id -u -n):$(id -g -n) "$TELEBIT_PATH"
#echo "${sudo_cmde}mkdir -p '/etc/$my_app/'"
#$sudo_cmd mkdir -p "/etc/$my_app/"
#$sudo_cmd chown $(id -u -n):$(id -g -n) "/etc/$my_app/"
#https://git.coolaj86.com/coolaj86/telebit.js.git
#https://git.coolaj86.com/coolaj86/telebit.js/archive/:tree:.tar.gz
#https://git.coolaj86.com/coolaj86/telebit.js/archive/:tree:.zip
set +e
my_unzip=$(type -p unzip)
my_tar=$(type -p tar)
# TODO extract to temporary directory, configure, copy etc, replace
if [ -n "$my_unzip" ]; then
rm -f $my_tmp/$my_app-$TELEBIT_VERSION.zip
echo " - installing telebit zip to '$TELEBIT_PATH'..."
http_get https://git.coolaj86.com/coolaj86/$my_repo/archive/$TELEBIT_VERSION.zip $my_tmp/$my_app-$TELEBIT_VERSION.zip
# -o means overwrite, and there is no option to strip
$my_unzip -o $my_tmp/$my_app-$TELEBIT_VERSION.zip -d $TELEBIT_PATH/ >/dev/null
$rsync_cmd $TELEBIT_PATH/$my_repo/* $TELEBIT_PATH/ > /dev/null
rm -rf $TELEBIT_PATH/$my_repo
elif [ -n "$my_tar" ]; then
rm -f $my_tmp/$my_app-$TELEBIT_VERSION.tar.gz
echo " - installing telebit tar.gz to '$TELEBIT_PATH'..."
http_get https://git.coolaj86.com/coolaj86/$my_repo/archive/$TELEBIT_VERSION.tar.gz $my_tmp/$my_app-$TELEBIT_VERSION.tar.gz
$my_tar -xzf $my_tmp/$my_app-$TELEBIT_VERSION.tar.gz --strip 1 -C $TELEBIT_PATH/ >/dev/null
else
echo "Neither tar nor unzip found. Abort."
exit 13
fi
set -e
pushd $TELEBIT_PATH >/dev/null
echo " - installing telebit npm dependencies to '$TELEBIT_PATH'..."
echo " (are you noticing a pattern of where things are installed?)"
$my_npm install >/dev/null 2>/dev/null
popd >/dev/null
echo " - configuring telebit..."
echo ""
# telebit remote
echo '#!/bin/bash' > "$TELEBIT_PATH/bin/$my_app"
echo "$my_node $TELEBIT_PATH/bin/$my_bin "'"$@"' >> "$TELEBIT_PATH/bin/$my_app"
chmod a+x "$TELEBIT_PATH/bin/$my_app"
# telebit daemon
echo '#!/bin/bash' > "$TELEBIT_PATH/bin/$my_daemon"
echo "$my_node $TELEBIT_PATH/bin/$my_daemon.js daemon "'"$@"' >> "$TELEBIT_PATH/bin/$my_daemon"
chmod a+x "$TELEBIT_PATH/bin/$my_daemon"
# Create uninstall script based on the install script variables
cat << EOF > $TELEBIT_PATH/bin/${my_app}_uninstall
#!/bin/bash
if [ "$(type -p launchctl)" ]; then
sudo launchctl unload -w /Library/LaunchDaemons/${my_app_pkg_name}.plist
sudo rm -rf /Library/LaunchDaemons/cloud.telebit.remote.plist
fi
if [ "$(type -p systemctl)" ]; then
sudo systemctl disable telebit >/dev/null; sudo systemctl stop telebit
sudo rm -rf /etc/systemd/system/$my_app.service
fi
sudo rm -rf $TELEBIT_PATH /usr/local/bin/$my_app
sudo rm -rf $TELEBIT_PATH /usr/local/bin/$my_daemon
rm -rf ~/.config/$my_app ~/.local/share/$my_app
EOF
chmod a+x $TELEBIT_PATH/bin/${my_app}_uninstall
echo " > ${sudo_cmde}ln -sf $TELEBIT_PATH/bin/$my_app /usr/local/bin/$my_app"
$sudo_cmd ln -sf $TELEBIT_PATH/bin/$my_app /usr/local/bin/$my_app
echo " > ${sudo_cmde}ln -sf $TELEBIT_PATH/bin/$my_daemon /usr/local/bin/$my_daemon"
$sudo_cmd ln -sf $TELEBIT_PATH/bin/$my_daemon /usr/local/bin/$my_daemon
set +e
if type -p setcap >/dev/null 2>&1; then
#echo "Setting permissions to allow $my_app to run on port 80 and port 443 without sudo or root"
echo " > ${sudo_cmde}setcap cap_net_bind_service=+ep $TELEBIT_PATH/bin/node"
$sudo_cmd setcap cap_net_bind_service=+ep $TELEBIT_PATH/bin/node
fi
set -e
set +e
# TODO for macOS https://apple.stackexchange.com/questions/286749/how-to-add-a-user-from-the-command-line-in-macos
if type -p adduser >/dev/null 2>/dev/null; then
if [ -z "$(cat $my_root/etc/passwd | grep $my_user)" ]; then
$sudo_cmd adduser --home $TELEBIT_PATH --gecos '' --disabled-password $my_user >/dev/null 2>&1
fi
#my_user=$my_app_name
my_group=$my_user
elif [ -n "$(cat /etc/passwd | grep www-data:)" ]; then
# Linux (Ubuntu)
my_user=www-data
my_group=www-data
elif [ -n "$(cat /etc/passwd | grep _www:)" ]; then
# Mac
my_user=_www
my_group=_www
else
# Unsure
my_user=$(id -u -n) # $(whoami)
my_group=$(id -g -n)
fi
set -e
# ~/.config/systemd/user/
# %h/.config/telebit/telebit.yml
echo " - adding $my_app as a system service"
# TODO detect with type -p
my_system_launcher=""
if [ -d "/Library/LaunchDaemons" ]; then
my_system_launcher="launchd"
my_app_launchd_service="Library/LaunchDaemons/${my_app_pkg_name}.plist"
echo " > ${sudo_cmde}$rsync_cmd $TELEBIT_PATH/usr/share/dist/$my_app_launchd_service /$my_app_launchd_service"
$sudo_cmd $rsync_cmd "$TELEBIT_PATH/usr/share/dist/$my_app_launchd_service" "/$my_app_launchd_service"
echo " > ${sudo_cmde}chown root:wheel $my_root/$my_app_launchd_service"
$sudo_cmd chown root:wheel "$my_root/$my_app_launchd_service"
echo " > ${sudo_cmde}launchctl unload -w $my_root/$my_app_launchd_service >/dev/null 2>/dev/null"
$sudo_cmd launchctl unload -w "$my_root/$my_app_launchd_service" >/dev/null 2>/dev/null
elif [ -d "$my_root/etc/systemd/system" ]; then
my_system_launcher="systemd"
echo " > ${sudo_cmde}$rsync_cmd $TELEBIT_PATH/usr/share/dist/etc/systemd/system/$my_app.service /etc/systemd/system/$my_app.service"
$sudo_cmd $rsync_cmd "$TELEBIT_PATH/usr/share/dist/etc/systemd/system/$my_app.service" "/etc/systemd/system/$my_app.service"
$sudo_cmd systemctl daemon-reload
echo " > ${sudo_cmde}systemctl enable $my_app"
$sudo_cmd systemctl enable $my_app >/dev/null
fi
sleep 1
echo ""
echo ""
echo "=============================================="
echo " Launcher Configuration "
echo "=============================================="
echo ""
my_stopper=""
if [ "systemd" == "$my_system_launcher" ]; then
my_stopper="${sudo_cmde}systemctl stop $my_app"
echo "Edit the config and restart, if desired:"
echo ""
echo " ${sudo_cmde}$my_edit $TELEBIT_PATH/etc/$my_app.yml"
echo " ${sudo_cmde}systemctl restart $my_app"
echo ""
echo "Or disabled the service and start manually:"
echo ""
echo " ${sudo_cmde}systemctl stop $my_app"
echo " ${sudo_cmde}systemctl disable $my_app"
echo " $my_daemon --config $TELEBIT_PATH/etc/$my_daemon.yml"
elif [ "launchd" == "$my_system_launcher" ]; then
my_stopper="${sudo_cmde}launchctl unload $my_root/$my_app_launchd_service"
echo "Edit the config and restart, if desired:"
echo ""
echo " ${sudo_cmde}$my_edit $TELEBIT_PATH/etc/$my_app.yml"
echo " ${sudo_cmde}launchctl unload $my_root/$my_app_launchd_service"
echo " ${sudo_cmde}launchctl load -w $my_root/$my_app_launchd_service"
echo ""
echo "Or disabled the service and start manually:"
echo ""
echo " ${sudo_cmde}launchctl unload -w $my_root/$my_app_launchd_service"
echo " $my_daemon --config $TELEBIT_PATH/etc/$my_daemon.yml"
else
my_stopper="not started"
echo "Edit the config, if desired:"
echo ""
echo " ${sudo_cmde}$my_edit $my_config"
echo ""
echo "Run the service manually (we couldn't detect your system service to do that automatically):"
echo ""
echo " $my_daemon --config $my_config"
fi
sleep 2
# TODO don't create this in TMP_PATH if it exists in TELEBIT_PATH
my_config="$TELEBIT_PATH/etc/$my_daemon.yml"
mkdir -p "$(dirname $my_config)"
if [ ! -e "$my_config" ]; then
echo "sock: $TELEBIT_PATH/var/run/telebit.sock" >> "$my_config"
cat $TELEBIT_PATH/usr/share/$my_daemon.tpl.yml >> "$my_config"
fi
my_config="$HOME/.config/$my_app/$my_app.yml"
mkdir -p "$(dirname $my_config)"
if [ ! -e "$my_config" ]; then
echo "sock: $TELEBIT_PATH/var/run/telebit.sock" >> "$my_config"
fi
#echo "${sudo_cmde}chown -R $my_user '$TELEBIT_PATH'
$sudo_cmd chown -R $my_user "$TELEBIT_PATH"
###############################
# Actually Launch the Service #
###############################
echo ""
if [ "launchd" == "$my_system_launcher" ]; then
echo " > ${sudo_cmde}launchctl load -w $my_root/$my_app_launchd_service"
$sudo_cmd launchctl load -w "$my_root/$my_app_launchd_service"
fi
if [ "systemd" == "$my_system_launcher" ]; then
echo " > ${sudo_cmde}systemctl start $my_app"
$sudo_cmd systemctl restart $my_app
fi
echo " > telebit init --tty"
echo ""
sleep 0.25
$TELEBIT_PATH/bin/node $TELEBIT_PATH/bin/telebit.js init --tty
$TELEBIT_PATH/bin/node $TELEBIT_PATH/bin/telebit.js enable

5
usr/share/telebitd.tpl.yml Normal file
View File

@ -0,0 +1,5 @@
#agree_tos: true # agree to the Telebit, Greenlock, and Let's Encrypt TOSes
community_member: true # receive infrequent relevant updates
telemetry: true # contribute to project telemetric data
newsletter: false # contribute to project telemetric data
ssh_auto: false # forward ssh-looking packets, from any connection, to port 22

0
var/log/.gitkeep Normal file
View File

0
var/run/.gitkeep Normal file
View File

241
wsclient.js
View File

@ -1,241 +0,0 @@
(function () {
'use strict';
var WebSocket = require('ws');
var sni = require('sni');
var Packer = require('tunnel-packer');
var authenticated = false;
function run(copts) {
// TODO pair with hostname / sni
copts.services = {};
copts.locals.forEach(function (proxy) {
//program.services = { 'ssh': 22, 'http': 80, 'https': 443 };
copts.services[proxy.protocol] = proxy.port;
});
var tunnelUrl = copts.stunneld.replace(/\/$/, '') + '/?access_token=' + copts.token;
var wstunneler;
var localclients = {};
// BaaS / Backendless / noBackend / horizon.io
// user authentication
// a place to store data
// file management
// Synergy Teamwork Paradigm = Jabberwocky
var handlers = {
onmessage: function (opts) {
var net = copts.net || require('net');
var cid = Packer.addrToId(opts);
var service = opts.service;
var port = copts.services[service];
var servername;
var str;
var m;
authenticated = true;
if (localclients[cid]) {
//console.log("[=>] received data from '" + cid + "' =>", opts.data.byteLength);
localclients[cid].write(opts.data);
return;
}
else if ('http' === service) {
str = opts.data.toString();
m = str.match(/(?:^|[\r\n])Host: ([^\r\n]+)[\r\n]*/im);
servername = (m && m[1].toLowerCase() || '').split(':')[0];
}
else if ('https' === service) {
servername = sni(opts.data);
}
else {
handlers._onLocalError(cid, opts, new Error("unsupported service '" + service + "'"));
return;
}
if (!servername) {
console.info("[error] missing servername for '" + cid + "'", opts.data.byteLength);
//console.warn(opts.data.toString());
wstunneler.send(Packer.pack(opts, null, 'error'), { binary: true });
return;
}
console.info("[connect] new client '" + cid + "' for '" + servername + "' (" + (handlers._numClients() + 1) + " clients)");
console.log('port', port, opts.port, service, copts.services);
localclients[cid] = net.createConnection({
port: port
, host: '127.0.0.1'
, servername: servername
, data: opts.data
, remoteFamily: opts.family
, remoteAddress: opts.address
, remotePort: opts.port
}, function () {
//console.log("[=>] first packet from tunneler to '" + cid + "' as '" + opts.service + "'", opts.data.byteLength);
// this will happen before 'data' is triggered
localclients[cid].write(opts.data);
});
// 'data'
/*
localclients[cid].on('data', function (chunk) {
//console.log("[<=] local '" + opts.service + "' sent to '" + cid + "' <= ", chunk.byteLength, "bytes");
//console.log(JSON.stringify(chunk.toString()));
wstunneler.send(Packer.pack(opts, chunk), { binary: true });
});
//*/
///*
localclients[cid].on('readable', function (size) {
var chunk;
if (!localclients[cid]) {
console.error("[error] localclients[cid]", cid);
return;
}
if (!localclients[cid].read) {
console.error("[error] localclients[cid].read", cid);
console.log(localclients[cid]);
return;
}
do {
chunk = localclients[cid].read(size);
//console.log("[<=] local '" + opts.service + "' sent to '" + cid + "' <= ", chunk.byteLength, "bytes");
//console.log(JSON.stringify(chunk.toString()));
if (chunk) {
wstunneler.send(Packer.pack(opts, chunk), { binary: true });
}
} while (chunk);
});
//*/
localclients[cid].on('error', function (err) {
handlers._onLocalError(cid, opts, err);
});
localclients[cid].on('end', function () {
console.info("[end] closing client '" + cid + "' for '" + servername + "' (" + (handlers._numClients() - 1) + " clients)");
handlers._onLocalClose(cid, opts);
});
}
, onend: function (opts) {
var cid = Packer.addrToId(opts);
//console.log("[end] '" + cid + "'");
handlers._onend(cid);
}
, onerror: function (opts) {
var cid = Packer.addrToId(opts);
//console.log("[error] '" + cid + "'", opts.code || '', opts.message);
handlers._onend(cid);
}
, _onend: function (cid) {
console.log('[_onend]');
if (localclients[cid]) {
try {
localclients[cid].end();
} catch(e) {
// ignore
}
}
delete localclients[cid];
}
, _onLocalClose: function (cid, opts, err) {
console.log('[_onLocalClose]');
try {
wstunneler.send(Packer.pack(opts, null, err && 'error' || 'end'), { binary: true });
} catch(e) {
// ignore
}
delete localclients[cid];
}
, _onLocalError: function (cid, opts, err) {
console.info("[error] closing '" + cid + "' because '" + err.message + "' (" + (handlers._numClients() - 1) + " clients)");
handlers._onLocalClose(cid, opts, err);
}
, _numClients: function () {
return Object.keys(localclients).length;
}
};
var wsHandlers = {
onOpen: function () {
console.info("[open] connected to '" + copts.stunneld + "'");
}
, retry: true
, closeClients: function () {
console.log('[close clients]');
Object.keys(localclients).forEach(function (cid) {
try {
localclients[cid].end();
} catch(e) {
// ignore
}
delete localclients[cid];
});
}
, onClose: function () {
console.log('ON CLOSE');
if (!authenticated) {
console.info('[close] failed on first attempt... check authentication.');
}
else if (wsHandlers.retry) {
console.info('[retry] disconnected and waiting...');
setTimeout(run, 5000, copts);
}
else {
console.info('[close] closing tunnel to exit...');
}
process.removeListener('exit', wsHandlers.onExit);
process.removeListener('SIGINT', wsHandlers.onExit);
wsHandlers.closeClients();
}
, onError: function (err) {
console.error("[tunnel error] " + err.message);
console.error(err);
}
, onExit: function () {
console.log('[wait] closing wstunneler...');
wsHandlers.retry = false;
wsHandlers.closeClients();
try {
wstunneler.close();
} catch(e) {
console.error("[error] wstunneler.close()");
console.error(e);
// ignore
}
}
};
var machine = require('tunnel-packer').create(handlers);
console.info("[connect] '" + copts.stunneld + "'");
wstunneler = new WebSocket(tunnelUrl, { rejectUnauthorized: !copts.insecure });
wstunneler.on('open', wsHandlers.onOpen);
wstunneler.on('message', function (data, flags) {
if (data.error || '{' === data[0]) {
console.log(data);
return;
}
machine.fns.addChunk(data, flags);
});
wstunneler.on('close', wsHandlers.onClose);
wstunneler.on('error', wsHandlers.onError);
process.on('beforeExit', function (x) {
console.log('[beforeExit] event loop closing?', x);
});
process.on('exit', function (x) {
console.log('[exit] loop closed', x);
//wsHandlers.onExit(x);
});
process.on('SIGINT', function (x) {
console.log('SIGINT');
wsHandlers.onExit(x);
});
}
module.exports.connect = run;
}());