prepare to handle tunnel

This commit is contained in:
AJ ONeal 2017-04-27 19:23:52 -06:00
parent 350d87c38d
commit 0fdd2773b5
2 changed files with 90 additions and 21 deletions

View File

@ -184,7 +184,7 @@ module.exports = function (deps, conf, overrideHttp) {
, stunneld: result.tunnelUrl
// we'll provide faux networking and pipe as we please
, services: { https: { '*': 443 }, http: { '*': 80 }, smtp: { '*': 25}, smtps: { '*': 587 /*also 465/starttls*/ } /*, ssh: { '*': 22 }*/ }
, net: conf.net
, net: deps.tunnel.net || deps.net
};
if (tun) {

View File

@ -81,6 +81,7 @@ module.exports.create = function (deps, config) {
firstChunk = firstChunk.toString('utf8');
// JSON.stringify("Host: example.com\r\nNext: Header".replace(/(Host: [^\r\n]*)/i, "$1" + "\r\n" + "X: XYZ"))
firstChunk = firstChunk.replace(/(Host: [^\r\n]*)/i, "$1" + "\r\n" + newHeads.join("\r\n"));
process.nextTick(function () {
conn.unshift(Buffer.from(firstChunk, 'utf8'));
});
@ -104,6 +105,7 @@ module.exports.create = function (deps, config) {
}
opts.hostname = hostname;
conn.__opts = opts;
modules.http.emit('connection', conn);
};
}
@ -123,6 +125,15 @@ module.exports.create = function (deps, config) {
, _create: function (address, port/*, nextServer*/) {
// port provides hinting for https, smtps, etc
return function (socket, firstChunk, opts) {
if (opts.hyperPeek) {
// See "PEEK COMMENT" for more info
// This was peeked at properly, so we don't have to re-wrap it
// in order to get the connection to not hang.
// The real first 'data' and 'readable' events will occur as they should
program.tlsTunnelServer.emit('connection', socket);
return;
}
var servername = opts.servername;
var packerStream = require('tunnel-packer').Stream;
var myDuplex = packerStream.create(socket);
@ -176,26 +187,49 @@ module.exports.create = function (deps, config) {
};
// opts = { servername, encrypted, remoteAddress, remotePort }
function handler(conn, opts) {
opts = opts || {};
console.log('[handler]', conn.localAddres, conn.localPort, opts.encrypted);
conn.once('data', function (firstChunk) {
var servername;
// TODO port-based routing can do here
// opts = { servername, encrypted, peek, data, remoteAddress, remotePort }
function peek(conn, firstChunk, opts) {
// TODO port/service-based routing can do here
// TLS
if (22 === firstChunk[0]) {
servername = (parseSni(firstChunk)||'').toLowerCase() || 'localhost.invalid';
console.log('tryTls');
tlsRouter.get(conn.localAddress, conn.localPort)(conn, firstChunk, opts);
opts.servername = (parseSni(firstChunk)||'').toLowerCase() || 'localhost.invalid';
tlsRouter.get(opts.localAddress || conn.localAddress, conn.localPort)(conn, firstChunk, opts);
return;
}
else {
console.log('tryTcp');
tcpRouter.get(conn.localAddress, conn.localPort)(conn, firstChunk, opts);
if (opts.hyperPeek) {
// even though we've already peeked, this logic is just as well to let be
// since it works properly either way, unlike the tls socket
conn.once('data', function (chunk) {
tcpRouter.get(opts.localAddress || conn.localAddress, conn.localPort)(conn, chunk, opts);
});
return;
}
tcpRouter.get(opts.localAddress || conn.localAddress, conn.localPort)(conn, firstChunk, opts);
}
function netHandler(conn, opts) {
opts = opts || {};
console.log('[netHandler]', conn.localAddres, conn.localPort, opts.encrypted);
// XXX PEEK COMMENT XXX
// TODO we can have our cake and eat it too
// we can skip the need to wrap the TLS connection twice
// because we've already peeked at the data,
// but this needs to be handled better before we enable that
// (because it creates new edge cases)
if (opts.hyperPeek) {
console.log('hyperpeek');
peek(conn, opts.firstChunk, opts);
return;
}
conn.once('data', function (chunk) {
peek(conn, chunk, opts);
});
}
@ -238,7 +272,7 @@ module.exports.create = function (deps, config) {
// TODO ask http module about the default path (/srv/www/:hostname)
// (if it exists, we can allow and add to config)
if (!modules.http) {
modules.http = require('./modules/http.js').create(config);
modules.http = require('./modules/http.js').create(deps, config);
}
modules.http.checkServername(opts.domain).then(function (stuff) {
if (!stuff.domains) {
@ -284,6 +318,41 @@ module.exports.create = function (deps, config) {
});
}
deps.tunnel = deps.tunnel || {};
deps.tunnel.net = {
createConnection: function (opts, cb) {
var Duplex = require('stream').Duplex;
var myDuplex = new Duplex();
var wrapOpts = {};
// this has the normal net/tcp stuff plus our custom stuff
// opts = { address, port,
// hostname, servername, encrypted, data, localAddress, localPort, remoteAddress, remotePort, remoteFamily }
Object.keys(opts).forEach(function (key) {
wrapOpts[key] = opts[key];
myDuplex[key] = opts[key];
});
// A few more extra specialty options
wrapOpts.firstChunk = opts.data;
wrapOpts.hyperPeek = !!opts.data;
wrapOpts.localAddress = wrapOpts.localAddress || '127.0.0.2'; // TODO use the tunnel's external address
wrapOpts.localPort = wrapOpts.localPort || 'tunnel-0';
netHandler(myDuplex, wrapOpts);
process.nextTick(function () {
//opts.data = wrapOpts.data;
// this cb will cause the stream to emit its (actually) first data event
// (even though it already gave a peek into that first data chunk)
cb();
});
return myDuplex;
}
};
Object.keys(program.tlsOptions).forEach(function (key) {
tunnelAdminTlsOpts[key] = program.tlsOptions[key];
});
@ -322,7 +391,7 @@ module.exports.create = function (deps, config) {
//});
//(program.httpTunnelServer || program.httpServer).emit('connection', tlsSocket);
//tcpRouter.get(conn.localAddress, conn.localPort)(conn, firstChunk, { encrypted: false });
handler(tlsSocket, {
netHandler(tlsSocket, {
servername: tlsSocket.servername
, encrypted: true
// remoteAddress... ugh... https://github.com/nodejs/node/issues/8854
@ -332,6 +401,6 @@ module.exports.create = function (deps, config) {
});
PromiseA.all(config.tcp.ports.map(function (port) {
return listeners.tcp.add(port, handler);
return listeners.tcp.add(port, netHandler);
}));
};