goldilocks.js/lib/tunnel-server-manager.js

'use strict';

function httpsTunnel(servername, conn) {
  console.error('tunnel server received encrypted connection to', servername);
  conn.end();
}
function handleHttp(servername, conn) {
  console.error('tunnel server received un-encrypted connection to', servername);
  conn.end([
    'HTTP/1.1 404 Not Found'
  , 'Date: ' + (new Date()).toUTCString()
  , 'Connection: close'
  , 'Content-Type: text/html'
  , 'Content-Length: 9'
  , ''
  , 'Not Found'
  ].join('\r\n'));
}
function rejectNonWebsocket(req, res) {
  // status code 426 = Upgrade Required
  res.statusCode = 426;
  res.setHeader('Content-Type', 'application/json');
  res.send({error: { message: 'Only websockets accepted for tunnel server' }});
}

var defaultConfig = {
  servernames: []
, secret: null
};
var tunnelFuncs = {
  // These functions should not be called because connections to the admin domains
  // should already be decrypted, and connections to non-client domains should never
  // be given to us in the first place.
  httpsTunnel:  httpsTunnel
, httpsInvalid: httpsTunnel
  // These function should not be called because ACME challenges should be handled
  // before admin domain connections are given to us, and the only non-encrypted
  // client connections that should be given to us are ACME challenges.
, handleHttp:         handleHttp
, handleInsecureHttp: handleHttp
};

module.exports.create = function (deps, config) {
  var equal = require('deep-equal');
  var enableDestroy = require('server-destroy');
  var currentOpts = Object.assign({}, defaultConfig);

  var httpServer, wsServer, stunneld;
  function start() {
    if (httpServer || wsServer || stunneld) {
      throw new Error('trying to start already started tunnel server');
    }
    httpServer = require('http').createServer(rejectNonWebsocket);
    enableDestroy(httpServer);

    wsServer = new (require('ws').Server)({ server: httpServer });

    var tunnelOpts = Object.assign({}, tunnelFuncs, currentOpts);
    stunneld = require('stunneld').create(tunnelOpts);
    wsServer.on('connection', stunneld.ws);
  }

  function stop() {
    if (!httpServer || !wsServer || !stunneld) {
      throw new Error('trying to stop unstarted tunnel server (or it got into semi-initialized state');
    }
    wsServer.close();
    wsServer = null;
    httpServer.destroy();
    httpServer = null;
    // Nothing to close here, just need to set it to null to allow it to be garbage-collected.
    stunneld = null;
  }

  function updateConf() {
    var newOpts = Object.assign({}, defaultConfig, config.tunnelServer);
    if (!Array.isArray(newOpts.servernames)) {
      newOpts.servernames = [];
    }
    var trimmedOpts = {
      servernames: newOpts.servernames.slice().sort()
    , secret:      newOpts.secret
    };

    if (equal(trimmedOpts, currentOpts)) {
      return;
    }
    currentOpts = trimmedOpts;

    // Stop what's currently running, then if we are still supposed to be running then we
    // can start it again with the updated options. It might be possible to make use of
    // the existing http and ws servers when the config changes, but I'm not sure what
    // state the actions needed to close all existing connections would put them in.
    if (httpServer || wsServer || stunneld) {
      stop();
    }
    if (currentOpts.servernames.length && currentOpts.secret) {
      start();
    }
  }
  process.nextTick(updateConf);

  return {
    isAdminDomain: function (domain) {
      return currentOpts.servernames.indexOf(domain) !== -1;
    }
  , handleAdminConn: function (conn) {
      if (!httpServer) {
        console.error(new Error('handleAdminConn called with no active tunnel server'));
        conn.end();
      } else {
        return httpServer.emit('connection', conn);
      }
    }

  , isClientDomain: function (domain) {
      if (!stunneld) { return false; }
      return stunneld.isClientDomain(domain);
    }
  , handleClientConn: function (conn) {
      if (!stunneld) {
        console.error(new Error('handleClientConn called with no active tunnel server'));
        conn.end();
      } else {
        return stunneld.tcp(conn);
      }
    }

  , updateConf
  };
};
added tunnel server 2017-06-14 16:58:56 +00:00			`'use strict';`

made tunnel server respond to config changes 2017-10-31 21:39:24 +00:00			`function httpsTunnel(servername, conn) {`
			`console.error('tunnel server received encrypted connection to', servername);`
			`conn.end();`
			`}`
			`function handleHttp(servername, conn) {`
			`console.error('tunnel server received un-encrypted connection to', servername);`
			`conn.end([`
			`'HTTP/1.1 404 Not Found'`
			`, 'Date: ' + (new Date()).toUTCString()`
			`, 'Connection: close'`
			`, 'Content-Type: text/html'`
			`, 'Content-Length: 9'`
			`, ''`
			`, 'Not Found'`
			`].join('\r\n'));`
			`}`
			`function rejectNonWebsocket(req, res) {`
			`// status code 426 = Upgrade Required`
			`res.statusCode = 426;`
			`res.setHeader('Content-Type', 'application/json');`
			`res.send({error: { message: 'Only websockets accepted for tunnel server' }});`
			`}`
added tunnel server 2017-06-14 16:58:56 +00:00
made tunnel server respond to config changes 2017-10-31 21:39:24 +00:00			`var defaultConfig = {`
			`servernames: []`
			`, secret: null`
			`};`
			`var tunnelFuncs = {`
			`// These functions should not be called because connections to the admin domains`
added tunnel server 2017-06-14 16:58:56 +00:00			`// should already be decrypted, and connections to non-client domains should never`
			`// be given to us in the first place.`
made tunnel server respond to config changes 2017-10-31 21:39:24 +00:00			`httpsTunnel: httpsTunnel`
			`, httpsInvalid: httpsTunnel`
			`// These function should not be called because ACME challenges should be handled`
added tunnel server 2017-06-14 16:58:56 +00:00			`// before admin domain connections are given to us, and the only non-encrypted`
			`// client connections that should be given to us are ACME challenges.`
made tunnel server respond to config changes 2017-10-31 21:39:24 +00:00			`, handleHttp: handleHttp`
			`, handleInsecureHttp: handleHttp`
			`};`
added tunnel server 2017-06-14 16:58:56 +00:00
made tunnel server respond to config changes 2017-10-31 21:39:24 +00:00			`module.exports.create = function (deps, config) {`
			`var equal = require('deep-equal');`
			`var enableDestroy = require('server-destroy');`
			`var currentOpts = Object.assign({}, defaultConfig);`

			`var httpServer, wsServer, stunneld;`
			`function start() {`
			`if (httpServer \|\| wsServer \|\| stunneld) {`
			`throw new Error('trying to start already started tunnel server');`
			`}`
			`httpServer = require('http').createServer(rejectNonWebsocket);`
			`enableDestroy(httpServer);`
added tunnel server 2017-06-14 16:58:56 +00:00
made tunnel server respond to config changes 2017-10-31 21:39:24 +00:00			`wsServer = new (require('ws').Server)({ server: httpServer });`

			`var tunnelOpts = Object.assign({}, tunnelFuncs, currentOpts);`
			`stunneld = require('stunneld').create(tunnelOpts);`
			`wsServer.on('connection', stunneld.ws);`
			`}`

			`function stop() {`
			`if (!httpServer \|\| !wsServer \|\| !stunneld) {`
			`throw new Error('trying to stop unstarted tunnel server (or it got into semi-initialized state');`
			`}`
			`wsServer.close();`
			`wsServer = null;`
			`httpServer.destroy();`
			`httpServer = null;`
			`// Nothing to close here, just need to set it to null to allow it to be garbage-collected.`
			`stunneld = null;`
			`}`

			`function updateConf() {`
			`var newOpts = Object.assign({}, defaultConfig, config.tunnelServer);`
			`if (!Array.isArray(newOpts.servernames)) {`
			`newOpts.servernames = [];`
			`}`
			`var trimmedOpts = {`
			`servernames: newOpts.servernames.slice().sort()`
			`, secret: newOpts.secret`
			`};`

			`if (equal(trimmedOpts, currentOpts)) {`
			`return;`
			`}`
			`currentOpts = trimmedOpts;`

			`// Stop what's currently running, then if we are still supposed to be running then we`
			`// can start it again with the updated options. It might be possible to make use of`
			`// the existing http and ws servers when the config changes, but I'm not sure what`
			`// state the actions needed to close all existing connections would put them in.`
			`if (httpServer \|\| wsServer \|\| stunneld) {`
			`stop();`
			`}`
			`if (currentOpts.servernames.length && currentOpts.secret) {`
			`start();`
			`}`
			`}`
			`process.nextTick(updateConf);`
added tunnel server 2017-06-14 16:58:56 +00:00
			`return {`
			`isAdminDomain: function (domain) {`
made tunnel server respond to config changes 2017-10-31 21:39:24 +00:00			`return currentOpts.servernames.indexOf(domain) !== -1;`
fixed bug not being able to discover azp 2017-06-23 23:22:45 +00:00			`}`
			`, handleAdminConn: function (conn) {`
made tunnel server respond to config changes 2017-10-31 21:39:24 +00:00			`if (!httpServer) {`
			`console.error(new Error('handleAdminConn called with no active tunnel server'));`
			`conn.end();`
			`} else {`
			`return httpServer.emit('connection', conn);`
			`}`
			`}`

			`, isClientDomain: function (domain) {`
			`if (!stunneld) { return false; }`
			`return stunneld.isClientDomain(domain);`
			`}`
			`, handleClientConn: function (conn) {`
			`if (!stunneld) {`
			`console.error(new Error('handleClientConn called with no active tunnel server'));`
			`conn.end();`
			`} else {`
			`return stunneld.tcp(conn);`
			`}`
fixed bug not being able to discover azp 2017-06-23 23:22:45 +00:00			`}`
added tunnel server 2017-06-14 16:58:56 +00:00
made tunnel server respond to config changes 2017-10-31 21:39:24 +00:00			`, updateConf`
added tunnel server 2017-06-14 16:58:56 +00:00			`};`
			`};`