blek
/
astraproxy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add list-ciphers option

This commit is contained in:
Vladislav Yarmak 2021-02-26 09:09:55 +02:00
parent 6dd28baf6b
commit 0725d27faf
6 changed files with 510 additions and 498 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
auth.go
View File

@ -1,16 +1,16 @@
package main package main
import ( import (
"os" "bufio"
"crypto/subtle"
"encoding/base64"
"errors"
"golang.org/x/crypto/bcrypt"
"net/http" "net/http"
"net/url" "net/url"
"errors" "os"
"strings"
"strconv" "strconv"
"encoding/base64" "strings"
"crypto/subtle"
"golang.org/x/crypto/bcrypt"
"bufio"
) )
const AUTH_REQUIRED_MSG = "Proxy authentication required.\n" const AUTH_REQUIRED_MSG = "Proxy authentication required.\n"
@ -182,14 +182,13 @@ func (auth *BasicAuth) Validate(wr http.ResponseWriter, req *http.Request) bool
return false return false
} }
type NoAuth struct {} type NoAuth struct{}
func (_ NoAuth) Validate(wr http.ResponseWriter, req *http.Request) bool { func (_ NoAuth) Validate(wr http.ResponseWriter, req *http.Request) bool {
return true return true
} }
type CertAuth struct{}
type CertAuth struct {}
func (_ CertAuth) Validate(wr http.ResponseWriter, req *http.Request) bool { func (_ CertAuth) Validate(wr http.ResponseWriter, req *http.Request) bool {
if req.TLS == nil || len(req.TLS.VerifiedChains) < 1 { if req.TLS == nil || len(req.TLS.VerifiedChains) < 1 {

12
condlog.go
View File

@ -1,8 +1,8 @@
package main package main
import ( import (
"log"
"fmt" "fmt"
"log"
) )
const ( const (
@ -34,23 +34,23 @@ func (cl *CondLogger) log(verb int, format string, v ...interface{}) error {
} }
func (cl *CondLogger) Critical(s string, v ...interface{}) error { func (cl *CondLogger) Critical(s string, v ...interface{}) error {
return cl.log(CRITICAL, "CRITICAL " + s, v...) return cl.log(CRITICAL, "CRITICAL "+s, v...)
} }
func (cl *CondLogger) Error(s string, v ...interface{}) error { func (cl *CondLogger) Error(s string, v ...interface{}) error {
return cl.log(ERROR, "ERROR " + s, v...) return cl.log(ERROR, "ERROR "+s, v...)
} }
func (cl *CondLogger) Warning(s string, v ...interface{}) error { func (cl *CondLogger) Warning(s string, v ...interface{}) error {
return cl.log(WARNING, "WARNING " + s, v...) return cl.log(WARNING, "WARNING "+s, v...)
} }
func (cl *CondLogger) Info(s string, v ...interface{}) error { func (cl *CondLogger) Info(s string, v ...interface{}) error {
return cl.log(INFO, "INFO " + s, v...) return cl.log(INFO, "INFO "+s, v...)
} }
func (cl *CondLogger) Debug(s string, v ...interface{}) error { func (cl *CondLogger) Debug(s string, v ...interface{}) error {
return cl.log(DEBUG, "DEBUG " + s, v...) return cl.log(DEBUG, "DEBUG "+s, v...)
} }
func NewCondLogger(logger *log.Logger, verbosity int) *CondLogger { func NewCondLogger(logger *log.Logger, verbosity int) *CondLogger {

10
handler.go
View File

@ -1,13 +1,13 @@
package main package main
import ( import (
"net" "context"
"fmt" "fmt"
"time" "net"
"net/http" "net/http"
"strings" "strings"
"context"
"sync" "sync"
"time"
) )
type ProxyHandler struct { type ProxyHandler struct {
@ -108,8 +108,8 @@ func (s *ProxyHandler) isLoopback(req *http.Request) (string, bool) {
func (s *ProxyHandler) ServeHTTP(wr http.ResponseWriter, req *http.Request) { func (s *ProxyHandler) ServeHTTP(wr http.ResponseWriter, req *http.Request) {
s.logger.Info("Request: %v %v %v %v", req.RemoteAddr, req.Proto, req.Method, req.URL) s.logger.Info("Request: %v %v %v %v", req.RemoteAddr, req.Proto, req.Method, req.URL)
if originator, isLoopback := s.isLoopback(req) ; isLoopback { if originator, isLoopback := s.isLoopback(req); isLoopback {
s.logger.Critical("Loopback tunnel detected: %s is an outbound " + s.logger.Critical("Loopback tunnel detected: %s is an outbound "+
"address for another request from %s", req.RemoteAddr, originator) "address for another request from %s", req.RemoteAddr, originator)
http.Error(wr, BAD_REQ_MSG, http.StatusBadRequest) http.Error(wr, BAD_REQ_MSG, http.StatusBadRequest)
return return

2
logwriter.go
View File

@ -1,8 +1,8 @@
package main package main
import ( import (
"io"
"errors" "errors"
"io"
"time" "time"
) )

31
main.go
View File

@ -1,12 +1,13 @@
package main package main
import ( import (
"log" "crypto/tls"
"os"
"fmt"
"flag" "flag"
"time" "fmt"
"log"
"net/http" "net/http"
"os"
"time"
) )
func perror(msg string) { func perror(msg string) {
@ -27,19 +28,26 @@ type CLIArgs struct {
verbosity int verbosity int
timeout time.Duration timeout time.Duration
cert, key, cafile string cert, key, cafile string
list_suites bool
} }
func list_suites() {
for _, cipher := range tls.CipherSuites() {
fmt.Println(cipher.Name)
}
}
func parse_args() CLIArgs { func parse_args() CLIArgs {
var args CLIArgs var args CLIArgs
flag.StringVar(&args.bind_address, "bind-address", ":8080", "HTTP proxy listen address") flag.StringVar(&args.bind_address, "bind-address", ":8080", "HTTP proxy listen address")
flag.StringVar(&args.auth, "auth", "none://", "auth parameters") flag.StringVar(&args.auth, "auth", "none://", "auth parameters")
flag.IntVar(&args.verbosity, "verbosity", 20, "logging verbosity " + flag.IntVar(&args.verbosity, "verbosity", 20, "logging verbosity "+
"(10 - debug, 20 - info, 30 - warning, 40 - error, 50 - critical)") "(10 - debug, 20 - info, 30 - warning, 40 - error, 50 - critical)")
flag.DurationVar(&args.timeout, "timeout", 10 * time.Second, "timeout for network operations") flag.DurationVar(&args.timeout, "timeout", 10*time.Second, "timeout for network operations")
flag.StringVar(&args.cert, "cert", "", "enable TLS and use certificate") flag.StringVar(&args.cert, "cert", "", "enable TLS and use certificate")
flag.StringVar(&args.key, "key", "", "key for TLS certificate") flag.StringVar(&args.key, "key", "", "key for TLS certificate")
flag.StringVar(&args.cafile, "cafile", "", "CA file to authenticate clients with certificates") flag.StringVar(&args.cafile, "cafile", "", "CA file to authenticate clients with certificates")
flag.BoolVar(&args.list_suites, "list-ciphers", false, "list ciphersuites")
flag.Parse() flag.Parse()
return args return args
} }
@ -47,14 +55,19 @@ func parse_args() CLIArgs {
func run() int { func run() int {
args := parse_args() args := parse_args()
if args.list_suites {
list_suites()
return 0
}
logWriter := NewLogWriter(os.Stderr) logWriter := NewLogWriter(os.Stderr)
defer logWriter.Close() defer logWriter.Close()
mainLogger := NewCondLogger(log.New(logWriter, "MAIN : ", mainLogger := NewCondLogger(log.New(logWriter, "MAIN : ",
log.LstdFlags | log.Lshortfile), log.LstdFlags|log.Lshortfile),
args.verbosity) args.verbosity)
proxyLogger := NewCondLogger(log.New(logWriter, "PROXY : ", proxyLogger := NewCondLogger(log.New(logWriter, "PROXY : ",
log.LstdFlags | log.Lshortfile), log.LstdFlags|log.Lshortfile),
args.verbosity) args.verbosity)
auth, err := NewAuth(args.auth) auth, err := NewAuth(args.auth)
@ -66,7 +79,7 @@ func run() int {
server := http.Server{ server := http.Server{
Addr: args.bind_address, Addr: args.bind_address,
Handler: NewProxyHandler(args.timeout, auth, proxyLogger), Handler: NewProxyHandler(args.timeout, auth, proxyLogger),
ErrorLog: log.New(logWriter, "HTTPSRV : ", log.LstdFlags | log.Lshortfile), ErrorLog: log.New(logWriter, "HTTPSRV : ", log.LstdFlags|log.Lshortfile),
ReadTimeout: 0, ReadTimeout: 0,
ReadHeaderTimeout: 0, ReadHeaderTimeout: 0,
WriteTimeout: 0, WriteTimeout: 0,

24
utils.go
View File

@ -1,24 +1,24 @@
package main package main
import ( import (
"context"
"net"
"sync"
"io"
"time"
"errors"
"net/http"
"bufio" "bufio"
"context"
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
"errors"
"io"
"io/ioutil" "io/ioutil"
"net"
"net/http"
"sync"
"time"
) )
const COPY_BUF = 128 * 1024 const COPY_BUF = 128 * 1024
func proxy(ctx context.Context, left, right net.Conn) { func proxy(ctx context.Context, left, right net.Conn) {
wg := sync.WaitGroup{} wg := sync.WaitGroup{}
cpy := func (dst, src net.Conn) { cpy := func(dst, src net.Conn) {
defer wg.Done() defer wg.Done()
io.Copy(dst, src) io.Copy(dst, src)
dst.Close() dst.Close()
@ -29,7 +29,7 @@ func proxy(ctx context.Context, left, right net.Conn) {
groupdone := make(chan struct{}, 1) groupdone := make(chan struct{}, 1)
go func() { go func() {
wg.Wait() wg.Wait()
groupdone <-struct{}{} groupdone <- struct{}{}
}() }()
select { select {
case <-ctx.Done(): case <-ctx.Done():
@ -44,12 +44,12 @@ func proxy(ctx context.Context, left, right net.Conn) {
func proxyh2(ctx context.Context, leftreader io.ReadCloser, leftwriter io.Writer, right net.Conn) { func proxyh2(ctx context.Context, leftreader io.ReadCloser, leftwriter io.Writer, right net.Conn) {
wg := sync.WaitGroup{} wg := sync.WaitGroup{}
ltr := func (dst net.Conn, src io.Reader) { ltr := func(dst net.Conn, src io.Reader) {
defer wg.Done() defer wg.Done()
io.Copy(dst, src) io.Copy(dst, src)
dst.Close() dst.Close()
} }
rtl := func (dst io.Writer, src io.Reader) { rtl := func(dst io.Writer, src io.Reader) {
defer wg.Done() defer wg.Done()
copyBody(dst, src) copyBody(dst, src)
} }
@ -59,7 +59,7 @@ func proxyh2(ctx context.Context, leftreader io.ReadCloser, leftwriter io.Writer
groupdone := make(chan struct{}, 1) groupdone := make(chan struct{}, 1)
go func() { go func() {
wg.Wait() wg.Wait()
groupdone <-struct{}{} groupdone <- struct{}{}
}() }()
select { select {
case <-ctx.Done(): case <-ctx.Done():