evan/conduit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: evan:0.0.1
Branches Tags
evan:main
evan:0.0.1
...
compare: evan:9edea27148670b208c935c070ff3f58a416241b1
Branches Tags
evan:main
evan:0.0.1

19 Commits
0.0.1 ... 9edea27148

Author SHA1 Message Date
Evan Reichard
9edea27148 feat(tunnel): log public tunnel url
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-05-03 23:55:17 -04:00
Evan Reichard
c9304ea1cf feat(web): rewrite tunnel monitor preview 2026-05-03 23:53:32 -04:00
Evan Reichard
9efc2b0494 fix(tunnel): stabilize concurrent stream handling
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-05-03 23:13:22 -04:00
Evan Reichard
1a4bc76a2c feat(config): load client settings from config file 2026-05-03 23:03:55 -04:00
Evan Reichard
2aee0765aa docs: update README and AGENTS.md to reflect http.Server refactor
Some checks failed
continuous-integration/drone/push Build is failing
Details 
- Replace "Raw TCP listener" references with http.Server/hijack model
- Update architecture diagram and description
- Add testing section to AGENTS.md with test summary
- Update key patterns to match current code
- Fix file locations table (add e2e_test.go, reconstructed_conn.go)
 2026-05-03 22:43:06 -04:00
Evan Reichard
7df8521478 refactor(server): replace rawHTTPResponseWriter with stdlib http.Server 
- Rewrite server to use net/http.Server with ServeHTTP handler instead
  of raw TCP listener with hand-written HTTP responses. Control plane
  errors now get proper Content-Type, Content-Length, and chunked
  encoding via http.Error(). Tunnel traffic hijacks the connection and
  re-serializes the request for forwarding.
- Simplify reconstructedConn to accept variative io.Readers
- Delete raw_http_response_writer.go (no longer needed)
- Fix TCP forwarder: bare host:port (e.g. "127.0.0.1:5432") now works
  correctly instead of failing on url.Parse. Only HTTP/HTTPS schemes
  go through URL parsing; everything else is treated as raw TCP.
- Add 8 new e2e tests: HTTP response quality, 1MB response body, 512KB
  request body, TCP echo, TCP large payload, concurrent single-tunnel,
  concurrent multi-tunnel (16 tests total, all passing)
 2026-05-03 22:41:57 -04:00
Evan Reichard
801f0f588f feat: add e2e tests, fix server shutdown and map race, update docs 
- Add end-to-end test suite covering HTTP tunnel round-trip, POST
  forwarding, unknown tunnel 404, duplicate name rejection, unauthorized
  access, info endpoint, multi-tunnel routing, and graceful shutdown
- Fix server graceful shutdown by closing TCP listener on context cancel
- Fix data race in pkg/maps Entries() iterator by holding RLock
- Rewrite README with architecture, configuration, and usage docs
- Add AGENTS.md with project conventions and architecture guide
- Update flake.nix (add gopls) and flake.lock
 2026-05-03 22:29:36 -04:00
Evan Reichard
fa8f4312df fix: drone build
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-10-12 15:11:11 -04:00
Evan Reichard
7c1c22d214 feat: add tunnel monitor web ui
Some checks failed
continuous-integration/drone/push Build is failing
Details
2025-10-12 14:55:27 -04:00
Evan Reichard
9afea58ec2 add: readme example
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-10-05 17:50:37 -04:00
Evan Reichard
0722e5f032 chore: tunnel recorder & slight refactor
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-09-27 17:49:59 -04:00
Evan Reichard
20c1388cf4 chore: better source tracking
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-09-23 09:24:09 -04:00
Evan Reichard
0333680a2b chore: move to sync map 2025-09-23 09:04:06 -04:00
Evan Reichard
de23b3e815 log error
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-09-22 23:26:58 -04:00
Evan Reichard
2e73689762 http vs tcp tunnel
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-09-22 23:04:15 -04:00
Evan Reichard
d5de31eda7 fix infinite close
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-09-22 15:30:54 -04:00
Evan Reichard
b8714e52de wip 2
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-09-21 18:41:47 -04:00
Evan Reichard
f5741ef60b wip 1 2025-09-21 13:14:45 -04:00
Evan Reichard
31add1984b fix env vars
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-09-20 21:29:40 -04:00
35 changed files with 3148 additions and 459 deletions
Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -1 +1,3 @@
cover.html cover.html
.DS_Store
build

86
AGENTS.md Normal file
View File

@@ -0,0 +1,86 @@
# Conduit — Agent Guidelines
## Project Overview
Conduit is a self-hosted tunneling service (Go, single binary). A **server** (`conduit serve`) runs on a public host and routes incoming HTTP requests by subdomain to registered **tunnels**. A **client** (`conduit tunnel`) connects via WebSocket, receives forwarded traffic, and relays it to a local target using either an HTTP reverse-proxy or raw TCP dial.
## Build & Test
```bash
# Build all platforms
make build_local
# Run tests
make tests # includes race detection + coverage
# Lint
golangci-lint run
```
Go 1.25+ is required (`go.mod`). Nix devshell provides Go, gopls, golangci-lint.
## Architecture at a Glance
```
server/server.go — net/http.Server, ServeHTTP routes by Host subdomain to tunnel or control API
tunnel/tunnel.go — Core Tunnel struct, WebSocket message loop, stream management
tunnel/forwarder.go — Forwarder interface; HTTP/HTTPS → HTTP forwarder, everything else → TCP
tunnel/http_forwarder.go — httputil.ReverseProxy served over net.Pipe via multiConnListener
tunnel/tcp_forwarder.go — Direct net.Dial TCP forwarding
tunnel/stream.go — Stream interface (io.ReadWriteCloser + Source/Target)
server/reconstructed_conn.go — Replays re-serialized headers + buffered body + raw conn after hijack
store/store.go — In-memory request/response recorder with pub/sub (SSE)
web/web.go — Local tunnel monitor (port 8181), embedded static UI assets, SSE endpoint
config/config.go — Reflection-based config from struct tags → flags + env vars + client config file
pkg/maps/map.go — Generic sync.RWMutex-guarded map
```
## Code Conventions
- **Go style**: standard `gofmt`, golangci-lint with `.golangci.toml`
- **Comment style**: Title Case heading above logical blocks (see root `AGENTS.md`)
- **Config**: add struct tags (`json`, `default`, `description`) to `ServerConfig` or `ClientConfig` — flags and env vars are auto-derived. Client config may also come from `./conduit.json` or `~/.config/conduit/config.json` for `server`, `api_key`, `log_level`, and `log_format` only.
- **Logging**: use `logrus` (`log` alias); structured fields preferred
- **Concurrency**: use `pkg/maps.Map` for shared maps; protect other shared state with `sync.Mutex`
- **Error handling**: return errors up; log at command/entry-point level. Use `fmt.Errorf` with `%w` for wrapping
## Key Patterns
1. **ServeHTTP + Hijack for tunnel routing**: The server uses `net/http.Server` with a `ServeHTTP` handler. It inspects the `Host` header to determine routing. Control API requests are handled normally via `http.ResponseWriter`. Tunnel requests hijack the TCP connection, re-serialize the HTTP request, and forward it through the tunnel via `reconstructedConn`.
2. **Reconstructed connection**: After hijack, `reconstructedConn` combines re-serialized request headers, buffered body data from the hijacked `bufio.ReadWriter`, and the raw connection into a single `io.Reader` so the tunnel client receives the complete request.
3. **Forwarder abstraction**: `Forwarder` interface decouples tunnel transport from protocol handling. `NewForwarder` only uses `url.Parse` for `http://`/`https://` schemes; everything else (including parse failures like bare `host:port`) is treated as raw TCP. HTTP forwarder uses `net.Pipe` + `multiConnListener` to feed connections into a standard `http.Server`.
4. **Context-threaded records**: Request records are attached to context in `RecordRequest` and retrieved in `RecordResponse` via the `ModifyResponse` hook.
## Adding a New Forwarder
1. Implement `tunnel.Forwarder` interface (`Type()`, `Initialize()`, `Start()`)
2. Add a case in `tunnel.NewForwarder()` factory
3. Add corresponding `ForwarderType` const
## Testing
E2E tests live in `e2e_test.go` at the project root. They spin up real servers, tunnels, and targets on random ports. `make tests` runs with `-race` and coverage enabled.
```bash
# Run all tests
make tests
# Run specific test
go test -v -run TestHTTPTunnelRoundTrip -count=1 ./...
```
16 tests covering: HTTP round-trip (GET/POST), TCP echo, large bodies (1MB resp / 512KB req), response quality (headers, content-type, content-length), error paths (404, 401, duplicate name), multi-tunnel routing, concurrency, and graceful shutdown.
## File Locations
| Concern | Files |
|---------|-------|
| CLI entry | `main.go`, `cmd/` |
| Server | `server/` |
| Tunneling | `tunnel/` |
| Config | `config/` |
| Storage | `store/` |
| Web UI | `web/`, `web/pages/` |
| Shared types | `types/` |
| Utilities | `pkg/maps/` |
| E2E tests | `e2e_test.go` |

2
Dockerfile
View File

@@ -3,7 +3,7 @@ FROM alpine AS alpine
RUN apk update && apk add --no-cache ca-certificates tzdata RUN apk update && apk add --no-cache ca-certificates tzdata
# Build Image # Build Image
FROM golang:1.24 AS build FROM golang:1.25 AS build
# Create Package Directory # Create Package Directory
RUN mkdir -p /opt/conduit RUN mkdir -p /opt/conduit

2
Makefile
View File

@@ -30,6 +30,6 @@ clean:
rm -rf ./build rm -rf ./build
tests: tests:
SET_TEST=set_val go test -coverpkg=./... ./... -coverprofile=./cover.out SET_TEST=set_val go test -race -coverpkg=./... ./... -coverprofile=./cover.out
go tool cover -html=./cover.out -o ./cover.html go tool cover -html=./cover.out -o ./cover.html
rm ./cover.out rm ./cover.out

145
README.md
View File

@@ -1,14 +1,143 @@
# Conduit # Conduit
A lightweight tunneling service that enables secure connection forwarding through a remote server. A lightweight tunneling service that exposes local services to the internet through a public server — similar to ngrok, but self-hosted.
**How:** Deploy Conduit on a public server (e.g., `https://conduit.example.com`) to create tunnels from local services to the internet. Simply point a tunnel to your local endpoint (such as `localhost:8000`) and assign it a custom subdomain identifier like `black-fox-123`. Your local service becomes instantly accessible at `https://black-fox-123.conduit.example.com`. Deploy Conduit on a public server (e.g., `https://conduit.example.com`), then create tunnels from your local machine. Point a tunnel at a local endpoint (e.g., `localhost:8000`) and it becomes accessible at a subdomain like `https://black-fox-123.conduit.example.com`.
**Key Benefits:** ![Example](https://gitea.va.reichard.io/evan/conduit/raw/branch/main/assets/example.gif)
- Expose local development servers to the internet ## Features
- Share work-in-progress applications with clients or teammates
- Test webhooks and external integrations
- Bypass firewall restrictions for remote access
Perfect for developers who need quick, temporary public access to local services without complex networking setup. - **HTTP & TCP tunneling** — automatically detected based on the target scheme
- **Subdomain routing** — each tunnel gets a unique subdomain on the server
- **Auto-generated tunnel names** — random `color-animal-number` names when none is provided
- **Local tunnel monitor** — web UI on `:8181` with SSE-based live request/response inspection
- **API key authentication** — simple shared-key auth between client and server
- **Minimal footprint** — single binary, no external dependencies
## Architecture
```
┌──────────────┐ WebSocket ┌──────────────────┐
│ conduit │◄──────────────────────────► │ conduit │
│ tunnel │ (control + streams) │ serve │
│ (client) │ │ (public server) │
├──────────────┤ ├──────────────────┤
│ HTTP Fwd or │ │ http.Server │
│ TCP Fwd │ │ Subdomain router │
├──────────────┤ │ WS upgrade │
│ Tunnel │ └──────────────────┘
│ Monitor :8181│
└──────────────┘
```
The server uses `net/http.Server` to accept connections and inspects the HTTP `Host` header for routing. Requests to the base domain hit the control API; requests to subdomains are hijacked and forwarded over WebSocket to the matching tunnel client. The client then forwards traffic to the local target via either a reverse-proxy (HTTP) or direct TCP dial.
## Quick Start
### Prerequisites
- Go 1.25+ (or Docker)
### Build
```bash
# Local build (all platforms)
make build_local
# Docker
make docker_build_local
```
### Server
Run the server on a publicly accessible host:
```bash
conduit serve \
--server https://conduit.example.com \
--bind 0.0.0.0:8080 \
--api_key your-secret-key
```
Or with Docker:
```bash
docker run -p 8080:8080 \
-e CONDUIT_SERVER=https://conduit.example.com \
-e CONDUIT_API_KEY=your-secret-key \
conduit:latest
```
### Client
Create a tunnel to expose a local service:
```bash
# HTTP tunnel (auto-generates name)
conduit tunnel \
--server https://conduit.example.com \
--api_key your-secret-key \
--target http://localhost:8000
# Named TCP tunnel
conduit tunnel \
--server https://conduit.example.com \
--api_key your-secret-key \
--name my-service \
--target localhost:5432
```
The local tunnel monitor is available at `http://localhost:8181` for HTTP tunnels.
## Configuration
All options can be set via CLI flags or environment variables (`CONDUIT_` prefix):
### Server (`conduit serve`)
| Flag | Env Var | Default | Description |
|------|---------|---------|-------------|
| `--server` | `CONDUIT_SERVER` | `http://localhost:8080` | Public server address |
| `--api_key` | `CONDUIT_API_KEY` | — | API key (required) |
| `--bind` | `CONDUIT_BIND` | `0.0.0.0:8080` | Listen address |
| `--log_level` | `CONDUIT_LOG_LEVEL` | `info` | Log level |
| `--log_format` | `CONDUIT_LOG_FORMAT` | `text` | Log format (`text` or `json`) |
### Client (`conduit tunnel`)
| Flag | Env Var | Default | Description |
|------|---------|---------|-------------|
| `--server` | `CONDUIT_SERVER` | `http://localhost:8080` | Conduit server address |
| `--api_key` | `CONDUIT_API_KEY` | — | API key (required) |
| `--name` | `CONDUIT_NAME` | (auto-generated) | Tunnel subdomain name |
| `--target` | `CONDUIT_TARGET` | — | Local target address (required) |
| `--log_level` | `CONDUIT_LOG_LEVEL` | `info` | Log level |
| `--log_format` | `CONDUIT_LOG_FORMAT` | `text` | Log format (`text` or `json`) |
## Server API
| Endpoint | Description |
|----------|-------------|
| `/_conduit/tunnel?tunnelName=<name>&apiKey=<key>` | WebSocket tunnel registration |
| `/_conduit/info?apiKey=<key>` | JSON list of active tunnels |
## Project Structure
```
├── cmd/ # Cobra CLI commands (root, serve, tunnel)
├── config/ # Configuration parsing & logging setup
├── server/ # HTTP server, subdomain routing, hijack + WebSocket upgrade
├── tunnel/ # Tunnel, Stream, and Forwarder abstractions
├── store/ # In-memory request/response recording for the monitor
├── web/ # Local tunnel monitor HTTP server & SSE streaming
├── types/ # Shared message types
├── pkg/maps/ # Generic concurrent map
├── build/ # Compiled binaries (gitignored in practice)
├── Dockerfile # Single-stage Docker build
└── Makefile # Build & release targets
```
## License
See repository for license details.

BIN
assets/example.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.5 MiB

159
client/client.go
View File

@@ -1,159 +0,0 @@
package client
import (
"fmt"
"net"
"net/url"
"sync"
"github.com/gorilla/websocket"
log "github.com/sirupsen/logrus"
"reichard.io/conduit/config"
"reichard.io/conduit/types"
)
func NewTunnel(cfg *config.ClientConfig) (*Tunnel, error) {
// Parse Server URL
serverURL, err := url.Parse(cfg.ServerAddress)
if err != nil {
return nil, err
}
// Parse Scheme
var wsScheme string
switch serverURL.Scheme {
case "https":
wsScheme = "wss"
case "http":
wsScheme = "ws"
default:
return nil, fmt.Errorf("unsupported scheme: %s", serverURL.Scheme)
}
// Create Tunnel Name
if cfg.TunnelName == "" {
cfg.TunnelName = generateTunnelName()
log.Infof("tunnel name not provided; generated: %s", cfg.TunnelName)
}
// Connect Server WS
wsURL := fmt.Sprintf("%s://%s/_conduit/tunnel?tunnelName=%s&apiKey=%s", wsScheme, serverURL.Host, cfg.TunnelName, cfg.APIKey)
serverConn, _, err := websocket.DefaultDialer.Dial(wsURL, nil)
if err != nil {
return nil, fmt.Errorf("failed to connect: %v", err)
}
return &Tunnel{
name: cfg.TunnelName,
target: cfg.TunnelTarget,
serverURL: serverURL,
serverConn: serverConn,
localConns: make(map[string]net.Conn),
}, nil
}
type Tunnel struct {
name string
target string
serverURL *url.URL
serverConn *websocket.Conn
localConns map[string]net.Conn
mu sync.RWMutex
}
func (t *Tunnel) Start() error {
log.Infof("starting tunnel: %s.%s -> %s\n", t.name, t.serverURL.Hostname(), t.target)
defer t.serverConn.Close()
// Handle Messages
for {
// Read Message
var msg types.Message
err := t.serverConn.ReadJSON(&msg)
if err != nil {
log.Errorf("error reading from tunnel: %v", err)
break
}
switch msg.Type {
case types.MessageTypeData:
localConn, err := t.getLocalConn(msg.StreamID)
if err != nil {
log.Errorf("failed to get local connection: %v", err)
continue
}
// Write data to local connection
if _, err := localConn.Write(msg.Data); err != nil {
log.Errorf("error writing to local connection: %v", err)
localConn.Close()
t.mu.Lock()
delete(t.localConns, msg.StreamID)
t.mu.Unlock()
}
case types.MessageTypeClose:
t.mu.Lock()
if localConn, exists := t.localConns[msg.StreamID]; exists {
localConn.Close()
delete(t.localConns, msg.StreamID)
}
t.mu.Unlock()
}
}
return nil
}
func (t *Tunnel) getLocalConn(streamID string) (net.Conn, error) {
// Get Cached Connection
t.mu.RLock()
localConn, exists := t.localConns[streamID]
t.mu.RUnlock()
if exists {
return localConn, nil
}
// Initiate Connection & Cache
localConn, err := net.Dial("tcp", t.target)
if err != nil {
log.Errorf("failed to connect to %s: %v", t.target, err)
return nil, err
}
t.mu.Lock()
t.localConns[streamID] = localConn
t.mu.Unlock()
// Start Response Relay & Return Connection
go t.startResponseRelay(streamID, localConn)
return localConn, nil
}
func (t *Tunnel) startResponseRelay(streamID string, localConn net.Conn) {
defer func() {
t.mu.Lock()
delete(t.localConns, streamID)
t.mu.Unlock()
localConn.Close()
}()
buffer := make([]byte, 4096)
for {
n, err := localConn.Read(buffer)
if err != nil {
break
}
response := types.Message{
Type: types.MessageTypeData,
StreamID: streamID,
Data: buffer[:n],
}
if err := t.serverConn.WriteJSON(response); err != nil {
break
}
}
}

7
cmd/serve.go
View File

@@ -1,6 +1,8 @@
package cmd package cmd
import ( import (
"context"
"reichard.io/conduit/config" "reichard.io/conduit/config"
"reichard.io/conduit/server" "reichard.io/conduit/server"
@@ -19,8 +21,11 @@ var serveCmd = &cobra.Command{
log.Fatal("failed to get server config:", err) log.Fatal("failed to get server config:", err)
} }
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
// Create Server // Create Server
srv, err := server.NewServer(cfg) srv, err := server.NewServer(ctx, cfg)
if err != nil { if err != nil {
log.Fatal("failed to create server:", err) log.Fatal("failed to create server:", err)
} }

44
cmd/tunnel.go
View File

@@ -1,10 +1,18 @@
package cmd package cmd
import ( import (
"context"
"os"
"os/signal"
"sync"
"syscall"
log "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus"
"github.com/spf13/cobra" "github.com/spf13/cobra"
"reichard.io/conduit/client"
"reichard.io/conduit/config" "reichard.io/conduit/config"
"reichard.io/conduit/store"
"reichard.io/conduit/tunnel"
"reichard.io/conduit/web"
) )
var tunnelCmd = &cobra.Command{ var tunnelCmd = &cobra.Command{
@@ -17,17 +25,39 @@ var tunnelCmd = &cobra.Command{
log.Fatal("failed to get client config:", err) log.Fatal("failed to get client config:", err)
} }
var wg sync.WaitGroup
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
// Create Tunnel Store
tunnelStore := store.NewTunnelStore(100)
// Create Forwarder
tunnelForwarder, err := tunnel.NewForwarder(cfg.TunnelTarget, tunnelStore)
if err != nil {
log.Fatal("failed to create tunnel forwarder:", err)
}
wg.Go(func() { tunnelForwarder.Start(ctx) })
// Create Tunnel // Create Tunnel
tunnel, err := client.NewTunnel(cfg) tunnel, err := tunnel.NewClientTunnel(cfg, tunnelForwarder)
if err != nil { if err != nil {
log.Fatal("failed to create tunnel:", err) log.Fatal("failed to create tunnel:", err)
} }
wg.Go(func() { tunnel.Start(ctx) })
// Start Tunnel // Create Server
log.Infof("creating TCP tunnel: %s -> %s", cfg.TunnelName, cfg.TunnelTarget) webServer := web.NewWebServer(tunnelStore)
if err := tunnel.Start(); err != nil { wg.Go(func() { webServer.Start(ctx) })
log.Fatal("failed to start tunnel:", err)
} // Wait Interrupt
sigChan := make(chan os.Signal, 1)
signal.Notify(sigChan, os.Interrupt, syscall.SIGTERM)
<-sigChan
log.Println("Shutting Down...")
cancel()
wg.Wait()
}, },
} }

129
config/config.go
View File

@@ -1,10 +1,12 @@
package config package config
import ( import (
"encoding/json"
"errors" "errors"
"fmt" "fmt"
"net/url" "net/url"
"os" "os"
"path/filepath"
"reflect" "reflect"
"strings" "strings"
@@ -23,6 +25,8 @@ type ConfigDef struct {
type BaseConfig struct { type BaseConfig struct {
ServerAddress string `json:"server" description:"Conduit server address" default:"http://localhost:8080"` ServerAddress string `json:"server" description:"Conduit server address" default:"http://localhost:8080"`
APIKey string `json:"api_key" description:"API Key for the conduit API"` APIKey string `json:"api_key" description:"API Key for the conduit API"`
LogLevel string `json:"log_level" default:"info" description:"Log level"`
LogFormat string `json:"log_format" default:"text" description:"Log format - text or json"`
} }
func (c *BaseConfig) Validate() error { func (c *BaseConfig) Validate() error {
@@ -35,6 +39,9 @@ func (c *BaseConfig) Validate() error {
if _, err := url.Parse(c.ServerAddress); err != nil { if _, err := url.Parse(c.ServerAddress); err != nil {
return fmt.Errorf("server is invalid: %w", err) return fmt.Errorf("server is invalid: %w", err)
} }
if c.LogFormat != "text" && c.LogFormat != "json" {
return fmt.Errorf("log format must be 'text' or 'json'")
}
return nil return nil
} }
@@ -64,37 +71,43 @@ func GetServerConfig(cmdFlags *pflag.FlagSet) (*ServerConfig, error) {
cfgValues := make(map[string]string) cfgValues := make(map[string]string)
for _, def := range defs { for _, def := range defs {
cfgValues[def.Key] = getConfigValue(cmdFlags, def) cfgValues[def.Key] = getConfigValue(cmdFlags, nil, def)
} }
cfg := &ServerConfig{ cfg := &ServerConfig{
BaseConfig: BaseConfig{ BaseConfig: getBaseConfig(cfgValues),
ServerAddress: cfgValues["server"],
APIKey: cfgValues["api_key"],
},
BindAddress: cfgValues["bind"], BindAddress: cfgValues["bind"],
} }
// Initialize Logger
initLogger(cfg.BaseConfig)
return cfg, cfg.Validate() return cfg, cfg.Validate()
} }
func GetClientConfig(cmdFlags *pflag.FlagSet) (*ClientConfig, error) { func GetClientConfig(cmdFlags *pflag.FlagSet) (*ClientConfig, error) {
defs := GetConfigDefs[ClientConfig]() defs := GetConfigDefs[ClientConfig]()
// Load Client Config File
fileValues, err := getClientConfigFileValues()
if err != nil {
return nil, err
}
cfgValues := make(map[string]string) cfgValues := make(map[string]string)
for _, def := range defs { for _, def := range defs {
cfgValues[def.Key] = getConfigValue(cmdFlags, def) cfgValues[def.Key] = getConfigValue(cmdFlags, fileValues, def)
} }
cfg := &ClientConfig{ cfg := &ClientConfig{
BaseConfig: BaseConfig{ BaseConfig: getBaseConfig(cfgValues),
ServerAddress: cfgValues["server"],
APIKey: cfgValues["api_key"],
},
TunnelName: cfgValues["name"], TunnelName: cfgValues["name"],
TunnelTarget: cfgValues["target"], TunnelTarget: cfgValues["target"],
} }
// Initialize Logger
initLogger(cfg.BaseConfig)
return cfg, cfg.Validate() return cfg, cfg.Validate()
} }
@@ -108,10 +121,45 @@ func GetVersion() string {
return version return version
} }
func getConfigValue(cmdFlags *pflag.FlagSet, def ConfigDef) string { func getBaseConfig(cfgValues map[string]string) BaseConfig {
return BaseConfig{
ServerAddress: cfgValues["server"],
APIKey: cfgValues["api_key"],
LogLevel: cfgValues["log_level"],
LogFormat: cfgValues["log_format"],
}
}
func getClientConfigFileValues() (map[string]string, error) {
path, err := findConfigFile()
if err != nil {
return nil, err
}
if path == "" {
return nil, nil
}
// Load Config File
values, err := loadConfigFile(path)
if err != nil {
return nil, err
}
// Keep Client File Settings Explicit - Tunnel name and target are intentionally
// not read from the config file because they should be provided per invocation.
clientValues := make(map[string]string)
for key, value := range values {
if isClientFileConfigKey(key) {
clientValues[key] = value
}
}
return clientValues, nil
}
func getConfigValue(cmdFlags *pflag.FlagSet, fileValues map[string]string, def ConfigDef) string {
// 1. Get Flags First // 1. Get Flags First
if cmdFlags != nil { if cmdFlags != nil {
if val, err := cmdFlags.GetString(def.Key); err == nil && val != "" { if val, err := cmdFlags.GetString(def.Key); err == nil && val != "" && val != def.Default {
return val return val
} }
} }
@@ -121,10 +169,65 @@ func getConfigValue(cmdFlags *pflag.FlagSet, def ConfigDef) string {
return envVal return envVal
} }
// 3. Defaults Last // 3. Config File Next
if fileValues != nil {
if val := fileValues[def.Key]; val != "" {
return val
}
}
// 4. Defaults Last
return def.Default return def.Default
} }
func findConfigFile() (string, error) {
// Check Project Config
localPath := "conduit.json"
if _, err := os.Stat(localPath); err == nil {
return localPath, nil
} else if !errors.Is(err, os.ErrNotExist) {
return "", err
}
// Check User Config
configDir, err := os.UserConfigDir()
if err != nil {
return "", nil
}
userPath := filepath.Join(configDir, "conduit", "config.json")
if _, err := os.Stat(userPath); err == nil {
return userPath, nil
} else if !errors.Is(err, os.ErrNotExist) {
return "", err
}
return "", nil
}
func loadConfigFile(path string) (map[string]string, error) {
// Read Config File
data, err := os.ReadFile(path)
if err != nil {
return nil, err
}
// Decode Config File
values := make(map[string]string)
if err := json.Unmarshal(data, &values); err != nil {
return nil, fmt.Errorf("failed to parse config file %s: %w", path, err)
}
return values, nil
}
func isClientFileConfigKey(key string) bool {
switch key {
case "server", "api_key", "log_level", "log_format":
return true
default:
return false
}
}
func processFields(t reflect.Type, defs *[]ConfigDef) { func processFields(t reflect.Type, defs *[]ConfigDef) {
for i := 0; i < t.NumField(); i++ { for i := 0; i < t.NumField(); i++ {
field := t.Field(i) field := t.Field(i)

144
config/config_test.go Normal file
View File

@@ -0,0 +1,144 @@
package config
import (
"os"
"path/filepath"
"testing"
"github.com/spf13/pflag"
)
func TestLoadConfigFile(t *testing.T) {
path := filepath.Join(t.TempDir(), "config.json")
if err := os.WriteFile(path, []byte(`{"server":"https://example.com","api_key":"secret"}`), 0o600); err != nil {
t.Fatal(err)
}
// Load Config File
values, err := loadConfigFile(path)
if err != nil {
t.Fatal(err)
}
// Verify Values
if values["server"] != "https://example.com" {
t.Fatalf("expected server from config file, got %q", values["server"])
}
if values["api_key"] != "secret" {
t.Fatalf("expected api_key from config file, got %q", values["api_key"])
}
}
func TestFindConfigFile(t *testing.T) {
workDir := t.TempDir()
configDir := t.TempDir()
oldDir, err := os.Getwd()
if err != nil {
t.Fatal(err)
}
defer func() {
if err := os.Chdir(oldDir); err != nil {
t.Fatal(err)
}
}()
if err := os.Chdir(workDir); err != nil {
t.Fatal(err)
}
t.Setenv("XDG_CONFIG_HOME", configDir)
// Missing Config File
path, err := findConfigFile()
if err != nil {
t.Fatal(err)
}
if path != "" {
t.Fatalf("expected no config file, got %q", path)
}
// User Config File
userPath := filepath.Join(configDir, "conduit", "config.json")
if err := os.MkdirAll(filepath.Dir(userPath), 0o700); err != nil {
t.Fatal(err)
}
if err := os.WriteFile(userPath, []byte(`{}`), 0o600); err != nil {
t.Fatal(err)
}
path, err = findConfigFile()
if err != nil {
t.Fatal(err)
}
if path != userPath {
t.Fatalf("expected user config file %q, got %q", userPath, path)
}
// Local Config File Precedence
localPath := "conduit.json"
if err := os.WriteFile(localPath, []byte(`{}`), 0o600); err != nil {
t.Fatal(err)
}
path, err = findConfigFile()
if err != nil {
t.Fatal(err)
}
if path != localPath {
t.Fatalf("expected local config file %q, got %q", localPath, path)
}
}
func TestGetConfigValuePriority(t *testing.T) {
def := ConfigDef{Key: "server", Env: "CONDUIT_SERVER", Default: "default"}
fileValues := map[string]string{"server": "file"}
// Config File Beats Default
if value := getConfigValue(nil, fileValues, def); value != "file" {
t.Fatalf("expected file value, got %q", value)
}
// Environment Beats Config File
t.Setenv("CONDUIT_SERVER", "env")
if value := getConfigValue(nil, fileValues, def); value != "env" {
t.Fatalf("expected env value, got %q", value)
}
// Flags Beat Environment
flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
flags.String("server", "default", "server")
if err := flags.Set("server", "flag"); err != nil {
t.Fatal(err)
}
if value := getConfigValue(flags, fileValues, def); value != "flag" {
t.Fatalf("expected flag value, got %q", value)
}
}
func TestGetClientConfigFileValuesIgnoresTunnelSettings(t *testing.T) {
workDir := t.TempDir()
oldDir, err := os.Getwd()
if err != nil {
t.Fatal(err)
}
defer func() {
if err := os.Chdir(oldDir); err != nil {
t.Fatal(err)
}
}()
if err := os.Chdir(workDir); err != nil {
t.Fatal(err)
}
// Write Local Config File
if err := os.WriteFile("conduit.json", []byte(`{"server":"https://example.com","api_key":"secret","name":"saved","target":"localhost:3000"}`), 0o600); err != nil {
t.Fatal(err)
}
values, err := getClientConfigFileValues()
if err != nil {
t.Fatal(err)
}
if values["server"] != "https://example.com" {
t.Fatalf("expected server from config file, got %q", values["server"])
}
if values["name"] != "" || values["target"] != "" {
t.Fatalf("expected tunnel settings to be ignored, got name=%q target=%q", values["name"], values["target"])
}
}

61
config/logging.go Normal file
View File

@@ -0,0 +1,61 @@
package config
import (
"fmt"
"runtime"
"strings"
"time"
log "github.com/sirupsen/logrus"
)
func initLogger(cfg BaseConfig) {
// Parse Log Level
logLevel, err := log.ParseLevel(cfg.LogLevel)
if err != nil {
logLevel = log.InfoLevel
}
log.SetLevel(logLevel)
// Create Log Formatter
var logFormatter log.Formatter
switch cfg.LogFormat {
case "json":
log.SetReportCaller(true)
logFormatter = &log.JSONFormatter{
TimestampFormat: time.RFC3339,
CallerPrettyfier: prettyCaller,
}
case "text":
logFormatter = &log.TextFormatter{
TimestampFormat: time.RFC3339,
FullTimestamp: true,
}
}
log.SetFormatter(&utcFormatter{logFormatter})
}
func prettyCaller(f *runtime.Frame) (function string, file string) {
purgePrefix := "reichard.io/conduit/"
pathName := strings.Replace(f.Func.Name(), purgePrefix, "", 1)
parts := strings.Split(pathName, ".")
filepath, line := f.Func.FileLine(f.PC)
splitFilePath := strings.Split(filepath, "/")
fileName := fmt.Sprintf("%s/%s@%d", parts[0], splitFilePath[len(splitFilePath)-1], line)
functionName := strings.Replace(pathName, parts[0]+".", "", 1)
return functionName, fileName
}
type utcFormatter struct {
log.Formatter
}
func (cf utcFormatter) Format(e *log.Entry) ([]byte, error) {
e.Time = e.Time.UTC()
return cf.Formatter.Format(e)
}

864
e2e_test.go Normal file
View File

@@ -0,0 +1,864 @@
package main
import (
"context"
"fmt"
"io"
"net"
"net/http"
"strings"
"sync"
"testing"
"time"
"reichard.io/conduit/config"
"reichard.io/conduit/server"
"reichard.io/conduit/store"
"reichard.io/conduit/tunnel"
"reichard.io/conduit/web"
)
// ---------- Helpers ----------
// startConduitServer creates and starts a conduit server on a random port.
// Returns the server address (host:port) and a cancel func for teardown.
func startConduitServer(t *testing.T, apiKey string) (string, context.CancelFunc) {
t.Helper()
// Find Free Port
port := getFreePort(t)
bindAddr := fmt.Sprintf("127.0.0.1:%d", port)
serverAddr := fmt.Sprintf("http://%s", bindAddr)
cfg := &config.ServerConfig{
BaseConfig: config.BaseConfig{
ServerAddress: serverAddr,
APIKey: apiKey,
LogLevel: "error",
LogFormat: "text",
},
BindAddress: bindAddr,
}
ctx, cancel := context.WithCancel(context.Background())
srv, err := server.NewServer(ctx, cfg)
if err != nil {
cancel()
t.Fatalf("failed to create server: %v", err)
}
// Start Server in Background
errCh := make(chan error, 1)
go func() { errCh <- srv.Start() }()
// Wait for Server to Accept
waitForPort(t, bindAddr, 3*time.Second)
// Check Early Errors
select {
case err := <-errCh:
cancel()
t.Fatalf("server exited early: %v", err)
default:
}
return bindAddr, cancel
}
// startHTTPTarget creates a simple HTTP server that echoes request info.
func startHTTPTarget(t *testing.T) (string, context.CancelFunc) {
t.Helper()
port := getFreePort(t)
addr := fmt.Sprintf("127.0.0.1:%d", port)
mux := http.NewServeMux()
mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("X-Test-Header", "present")
w.WriteHeader(http.StatusOK)
fmt.Fprintf(w, "echo: %s %s", r.Method, r.URL.Path)
})
mux.HandleFunc("/health", func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
w.Write([]byte("ok"))
})
mux.HandleFunc("/post", func(w http.ResponseWriter, r *http.Request) {
body, _ := io.ReadAll(r.Body)
w.WriteHeader(http.StatusOK)
fmt.Fprintf(w, "received: %s", string(body))
})
srv := &http.Server{Addr: addr, Handler: mux}
ctx, cancel := context.WithCancel(context.Background())
go func() { srv.ListenAndServe() }()
go func() { <-ctx.Done(); srv.Close() }()
waitForPort(t, addr, 3*time.Second)
return addr, cancel
}
// startTCPEchoTarget creates a TCP server that echoes back whatever it receives.
func startTCPEchoTarget(t *testing.T) (string, context.CancelFunc) {
t.Helper()
listener, err := net.Listen("tcp", "127.0.0.1:0")
if err != nil {
t.Fatalf("failed to start tcp echo: %v", err)
}
addr := listener.Addr().String()
ctx, cancel := context.WithCancel(context.Background())
go func() {
<-ctx.Done()
listener.Close()
}()
go func() {
for {
conn, err := listener.Accept()
if err != nil {
return
}
go func(c net.Conn) {
defer c.Close()
io.Copy(c, c)
}(conn)
}
}()
return addr, cancel
}
// connectTunnel creates a conduit tunnel client and starts it.
func connectTunnel(t *testing.T, serverAddr, targetAddr, tunnelName, apiKey string) context.CancelFunc {
t.Helper()
cfg := &config.ClientConfig{
BaseConfig: config.BaseConfig{
ServerAddress: fmt.Sprintf("http://%s", serverAddr),
APIKey: apiKey,
LogLevel: "error",
LogFormat: "text",
},
TunnelName: tunnelName,
TunnelTarget: targetAddr,
}
// Create Tunnel Store
tunnelStore := store.NewTunnelStore(100)
// Create Forwarder
forwarder, err := tunnel.NewForwarder(cfg.TunnelTarget, tunnelStore)
if err != nil {
t.Fatalf("failed to create forwarder: %v", err)
}
var wg sync.WaitGroup
ctx, cancel := context.WithCancel(context.Background())
// Start Forwarder
wg.Add(1)
go func() {
defer wg.Done()
forwarder.Start(ctx)
}()
// Create & Start Tunnel
tun, err := tunnel.NewClientTunnel(cfg, forwarder)
if err != nil {
cancel()
t.Fatalf("failed to create tunnel: %v", err)
}
wg.Add(1)
go func() {
defer wg.Done()
tun.Start(ctx)
}()
// Start Web Server
webServer := web.NewWebServer(tunnelStore)
wg.Add(1)
go func() {
defer wg.Done()
webServer.Start(ctx)
}()
// Brief Settle Time
time.Sleep(100 * time.Millisecond)
cleanup := func() {
cancel()
wg.Wait()
}
return cleanup
}
// sendHTTPViaTunnel sends an HTTP request through the conduit server to a tunnel.
func sendHTTPViaTunnel(t *testing.T, serverAddr, tunnelName, method, path, body string) *http.Response {
t.Helper()
url := fmt.Sprintf("http://%s%s", serverAddr, path)
var bodyReader io.Reader
if body != "" {
bodyReader = strings.NewReader(body)
}
req, err := http.NewRequest(method, url, bodyReader)
if err != nil {
t.Fatalf("failed to create request: %v", err)
}
// Route via Subdomain
req.Host = fmt.Sprintf("%s.%s", tunnelName, serverAddr)
client := &http.Client{
Timeout: 10 * time.Second,
Transport: &http.Transport{DisableKeepAlives: true},
}
resp, err := client.Do(req)
if err != nil {
t.Fatalf("request failed: %v", err)
}
return resp
}
func readBody(t *testing.T, resp *http.Response) string {
t.Helper()
defer resp.Body.Close()
b, err := io.ReadAll(resp.Body)
if err != nil {
t.Fatalf("failed to read body: %v", err)
}
return string(b)
}
func getFreePort(t *testing.T) int {
t.Helper()
l, err := net.Listen("tcp", "127.0.0.1:0")
if err != nil {
t.Fatalf("failed to get free port: %v", err)
}
port := l.Addr().(*net.TCPAddr).Port
l.Close()
return port
}
func waitForPort(t *testing.T, addr string, timeout time.Duration) {
t.Helper()
deadline := time.Now().Add(timeout)
for time.Now().Before(deadline) {
conn, err := net.DialTimeout("tcp", addr, 100*time.Millisecond)
if err == nil {
conn.Close()
return
}
time.Sleep(25 * time.Millisecond)
}
t.Fatalf("port %s not ready after %s", addr, timeout)
}
// ---------- Tests ----------
func TestHTTPTunnelRoundTrip(t *testing.T) {
apiKey := "test-key-http"
// Start Target HTTP Server
targetAddr, stopTarget := startHTTPTarget(t)
defer stopTarget()
// Start Conduit Server
serverAddr, stopServer := startConduitServer(t, apiKey)
defer stopServer()
// Connect Tunnel
stopTunnel := connectTunnel(t, serverAddr, fmt.Sprintf("http://%s", targetAddr), "http-test", apiKey)
defer stopTunnel()
// GET /
resp := sendHTTPViaTunnel(t, serverAddr, "http-test", "GET", "/", "")
body := readBody(t, resp)
if resp.StatusCode != http.StatusOK {
t.Errorf("expected 200, got %d", resp.StatusCode)
}
if !strings.Contains(body, "echo: GET /") {
t.Errorf("unexpected body: %s", body)
}
// GET /health
resp = sendHTTPViaTunnel(t, serverAddr, "http-test", "GET", "/health", "")
body = readBody(t, resp)
if resp.StatusCode != http.StatusOK {
t.Errorf("expected 200, got %d", resp.StatusCode)
}
if body != "ok" {
t.Errorf("expected 'ok', got %q", body)
}
}
func TestHTTPTunnelPOST(t *testing.T) {
apiKey := "test-key-post"
// Start Target HTTP Server
targetAddr, stopTarget := startHTTPTarget(t)
defer stopTarget()
// Start Conduit Server
serverAddr, stopServer := startConduitServer(t, apiKey)
defer stopServer()
// Connect Tunnel
stopTunnel := connectTunnel(t, serverAddr, fmt.Sprintf("http://%s", targetAddr), "post-test", apiKey)
defer stopTunnel()
// POST /post
resp := sendHTTPViaTunnel(t, serverAddr, "post-test", "POST", "/post", "hello world")
body := readBody(t, resp)
if resp.StatusCode != http.StatusOK {
t.Errorf("expected 200, got %d", resp.StatusCode)
}
if !strings.Contains(body, "received: hello world") {
t.Errorf("unexpected body: %s", body)
}
}
func TestUnknownTunnelReturns404(t *testing.T) {
apiKey := "test-key-404"
// Start Conduit Server
serverAddr, stopServer := startConduitServer(t, apiKey)
defer stopServer()
// Request to Non-Existent Tunnel
resp := sendHTTPViaTunnel(t, serverAddr, "no-such-tunnel", "GET", "/", "")
body := readBody(t, resp)
if resp.StatusCode != http.StatusNotFound {
t.Errorf("expected 404, got %d", resp.StatusCode)
}
if !strings.Contains(body, "unknown tunnel") {
t.Errorf("expected 'unknown tunnel' error, got: %s", body)
}
}
func TestDuplicateTunnelNameRejected(t *testing.T) {
apiKey := "test-key-dup"
// Start Target HTTP Server
targetAddr, stopTarget := startHTTPTarget(t)
defer stopTarget()
// Start Conduit Server
serverAddr, stopServer := startConduitServer(t, apiKey)
defer stopServer()
// Connect First Tunnel
stopTunnel1 := connectTunnel(t, serverAddr, fmt.Sprintf("http://%s", targetAddr), "dup-test", apiKey)
defer stopTunnel1()
// Attempt Duplicate — this should fail at WebSocket dial
cfg := &config.ClientConfig{
BaseConfig: config.BaseConfig{
ServerAddress: fmt.Sprintf("http://%s", serverAddr),
APIKey: apiKey,
LogLevel: "error",
LogFormat: "text",
},
TunnelName: "dup-test",
TunnelTarget: fmt.Sprintf("http://%s", targetAddr),
}
tunnelStore := store.NewTunnelStore(100)
forwarder, err := tunnel.NewForwarder(cfg.TunnelTarget, tunnelStore)
if err != nil {
t.Fatalf("failed to create forwarder: %v", err)
}
_, err = tunnel.NewClientTunnel(cfg, forwarder)
if err == nil {
t.Error("expected error for duplicate tunnel name, got nil")
}
}
func TestUnauthorizedControlAccess(t *testing.T) {
apiKey := "test-key-auth"
// Start Conduit Server
serverAddr, stopServer := startConduitServer(t, apiKey)
defer stopServer()
// Request Info with Wrong API Key
url := fmt.Sprintf("http://%s/_conduit/info?apiKey=wrong-key", serverAddr)
req, _ := http.NewRequest("GET", url, nil)
req.Host = serverAddr
resp, err := http.DefaultClient.Do(req)
if err != nil {
t.Fatalf("request failed: %v", err)
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusUnauthorized {
t.Errorf("expected 401, got %d", resp.StatusCode)
}
}
func TestInfoEndpointListsTunnels(t *testing.T) {
apiKey := "test-key-info"
// Start Target HTTP Server
targetAddr, stopTarget := startHTTPTarget(t)
defer stopTarget()
// Start Conduit Server
serverAddr, stopServer := startConduitServer(t, apiKey)
defer stopServer()
// Connect Tunnel
stopTunnel := connectTunnel(t, serverAddr, fmt.Sprintf("http://%s", targetAddr), "info-test", apiKey)
defer stopTunnel()
// Query Info Endpoint
url := fmt.Sprintf("http://%s/_conduit/info?apiKey=%s", serverAddr, apiKey)
req, _ := http.NewRequest("GET", url, nil)
req.Host = serverAddr
resp, err := http.DefaultClient.Do(req)
if err != nil {
t.Fatalf("request failed: %v", err)
}
body := readBody(t, resp)
if resp.StatusCode != http.StatusOK {
t.Errorf("expected 200, got %d", resp.StatusCode)
}
if !strings.Contains(body, "info-test") {
t.Errorf("expected tunnel 'info-test' in response: %s", body)
}
}
func TestMultipleTunnelsRouteCorrectly(t *testing.T) {
apiKey := "test-key-multi"
// Start Two Separate Target Servers
target1Addr, stopTarget1 := startHTTPTarget(t)
defer stopTarget1()
port2 := getFreePort(t)
addr2 := fmt.Sprintf("127.0.0.1:%d", port2)
mux2 := http.NewServeMux()
mux2.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
fmt.Fprint(w, "target-two")
})
srv2 := &http.Server{Addr: addr2, Handler: mux2}
go srv2.ListenAndServe()
defer srv2.Close()
waitForPort(t, addr2, 3*time.Second)
// Start Conduit Server
serverAddr, stopServer := startConduitServer(t, apiKey)
defer stopServer()
// Connect Two Tunnels
stopTunnel1 := connectTunnel(t, serverAddr, fmt.Sprintf("http://%s", target1Addr), "multi-one", apiKey)
defer stopTunnel1()
stopTunnel2 := connectTunnel(t, serverAddr, fmt.Sprintf("http://%s", addr2), "multi-two", apiKey)
defer stopTunnel2()
// Request to First Tunnel
resp1 := sendHTTPViaTunnel(t, serverAddr, "multi-one", "GET", "/", "")
body1 := readBody(t, resp1)
if !strings.Contains(body1, "echo: GET /") {
t.Errorf("tunnel one unexpected body: %s", body1)
}
// Request to Second Tunnel
resp2 := sendHTTPViaTunnel(t, serverAddr, "multi-two", "GET", "/", "")
body2 := readBody(t, resp2)
if body2 != "target-two" {
t.Errorf("tunnel two expected 'target-two', got: %s", body2)
}
}
func TestServerGracefulShutdown(t *testing.T) {
apiKey := "test-key-shutdown"
// Start Conduit Server
serverAddr, stopServer := startConduitServer(t, apiKey)
// Cancel Server
stopServer()
// Verify Port Is Closed
time.Sleep(200 * time.Millisecond)
conn, err := net.DialTimeout("tcp", serverAddr, 500*time.Millisecond)
if err == nil {
conn.Close()
t.Error("expected server port to be closed after shutdown")
}
}
// ---------- HTTP Response Quality Tests ----------
func TestHTTPResponseHasProperHeaders(t *testing.T) {
apiKey := "test-key-headers"
// Start Target HTTP Server
targetAddr, stopTarget := startHTTPTarget(t)
defer stopTarget()
// Start Conduit Server
serverAddr, stopServer := startConduitServer(t, apiKey)
defer stopServer()
// Connect Tunnel
stopTunnel := connectTunnel(t, serverAddr, fmt.Sprintf("http://%s", targetAddr), "hdr-test", apiKey)
defer stopTunnel()
// Send Request Through Tunnel
resp := sendHTTPViaTunnel(t, serverAddr, "hdr-test", "GET", "/", "")
defer resp.Body.Close()
// Verify Proper HTTP Semantics
if resp.Proto != "HTTP/1.1" {
t.Errorf("expected HTTP/1.1, got %s", resp.Proto)
}
if resp.Header.Get("X-Test-Header") != "present" {
t.Errorf("expected X-Test-Header: present, got %q", resp.Header.Get("X-Test-Header"))
}
if resp.ContentLength <= 0 && resp.TransferEncoding == nil {
t.Errorf("expected Content-Length or Transfer-Encoding, got neither")
}
}
func TestHTTPControlEndpointResponseQuality(t *testing.T) {
apiKey := "test-key-ctrl-quality"
// Start Conduit Server
serverAddr, stopServer := startConduitServer(t, apiKey)
defer stopServer()
// 404 on Unknown Tunnel — Verify stdlib response format
resp := sendHTTPViaTunnel(t, serverAddr, "nope", "GET", "/", "")
defer resp.Body.Close()
if resp.StatusCode != http.StatusNotFound {
t.Errorf("expected 404, got %d", resp.StatusCode)
}
// Content-Type Should Be Set by http.Error
ct := resp.Header.Get("Content-Type")
if !strings.Contains(ct, "text/plain") {
t.Errorf("expected text/plain Content-Type, got %q", ct)
}
// Content-Length Should Be Present
if resp.ContentLength <= 0 {
t.Errorf("expected positive Content-Length, got %d", resp.ContentLength)
}
// Info Endpoint — JSON response quality
url := fmt.Sprintf("http://%s/_conduit/info?apiKey=%s", serverAddr, apiKey)
req, _ := http.NewRequest("GET", url, nil)
req.Host = serverAddr
resp2, err := (&http.Client{Timeout: 5 * time.Second}).Do(req)
if err != nil {
t.Fatalf("info request failed: %v", err)
}
defer resp2.Body.Close()
if resp2.Header.Get("Content-Type") != "application/json" {
t.Errorf("expected application/json, got %q", resp2.Header.Get("Content-Type"))
}
}
// ---------- Large Body Tests ----------
func TestHTTPLargeResponseBody(t *testing.T) {
apiKey := "test-key-large-resp"
// Start Target That Returns a Large Body
largeBody := strings.Repeat("A", 1024*1024) // 1 MB
port := getFreePort(t)
addr := fmt.Sprintf("127.0.0.1:%d", port)
mux := http.NewServeMux()
mux.HandleFunc("/large", func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
w.Write([]byte(largeBody))
})
srv := &http.Server{Addr: addr, Handler: mux}
go srv.ListenAndServe()
defer srv.Close()
waitForPort(t, addr, 3*time.Second)
// Start Conduit Server
serverAddr, stopServer := startConduitServer(t, apiKey)
defer stopServer()
// Connect Tunnel
stopTunnel := connectTunnel(t, serverAddr, fmt.Sprintf("http://%s", addr), "large-resp", apiKey)
defer stopTunnel()
// Request Large Response
resp := sendHTTPViaTunnel(t, serverAddr, "large-resp", "GET", "/large", "")
body := readBody(t, resp)
if len(body) != len(largeBody) {
t.Errorf("expected %d bytes, got %d", len(largeBody), len(body))
}
}
func TestHTTPLargeRequestBody(t *testing.T) {
apiKey := "test-key-large-req"
// Start Target That Echoes Body Size
port := getFreePort(t)
addr := fmt.Sprintf("127.0.0.1:%d", port)
mux := http.NewServeMux()
mux.HandleFunc("/upload", func(w http.ResponseWriter, r *http.Request) {
data, _ := io.ReadAll(r.Body)
w.WriteHeader(http.StatusOK)
fmt.Fprintf(w, "size:%d", len(data))
})
srv := &http.Server{Addr: addr, Handler: mux}
go srv.ListenAndServe()
defer srv.Close()
waitForPort(t, addr, 3*time.Second)
// Start Conduit Server
serverAddr, stopServer := startConduitServer(t, apiKey)
defer stopServer()
// Connect Tunnel
stopTunnel := connectTunnel(t, serverAddr, fmt.Sprintf("http://%s", addr), "large-req", apiKey)
defer stopTunnel()
// Send Large Request Body (512 KB)
largePayload := strings.Repeat("B", 512*1024)
resp := sendHTTPViaTunnel(t, serverAddr, "large-req", "POST", "/upload", largePayload)
body := readBody(t, resp)
expected := fmt.Sprintf("size:%d", len(largePayload))
if body != expected {
t.Errorf("expected %q, got %q", expected, body)
}
}
// ---------- TCP Tunnel Tests ----------
func TestTCPTunnelEcho(t *testing.T) {
apiKey := "test-key-tcp"
// Start TCP Echo Server
tcpAddr, stopTCP := startTCPEchoTarget(t)
defer stopTCP()
// Start Conduit Server
serverAddr, stopServer := startConduitServer(t, apiKey)
defer stopServer()
// Connect TCP Tunnel (bare host:port — the realistic way users would specify it)
stopTunnel := connectTunnel(t, serverAddr, tcpAddr, "tcp-test", apiKey)
defer stopTunnel()
// Send Raw HTTP Request Through Tunnel to TCP Echo
conn, err := net.DialTimeout("tcp", serverAddr, 5*time.Second)
if err != nil {
t.Fatalf("failed to connect: %v", err)
}
defer conn.Close()
// Write a Raw HTTP Request (the TCP echo will bounce it back)
reqLine := fmt.Sprintf("GET / HTTP/1.1\r\nHost: tcp-test.%s\r\n\r\n", serverAddr)
_, err = conn.Write([]byte(reqLine))
if err != nil {
t.Fatalf("failed to write: %v", err)
}
// Read Echoed Data
conn.SetReadDeadline(time.Now().Add(5 * time.Second))
buf := make([]byte, 4096)
n, err := conn.Read(buf)
if err != nil {
t.Fatalf("failed to read echo: %v", err)
}
response := string(buf[:n])
if !strings.Contains(response, "GET / HTTP/1.1") {
t.Errorf("expected echoed request, got: %q", response)
}
}
func TestTCPTunnelLargePayload(t *testing.T) {
apiKey := "test-key-tcp-large"
// Start TCP Echo Server
tcpAddr, stopTCP := startTCPEchoTarget(t)
defer stopTCP()
// Start Conduit Server
serverAddr, stopServer := startConduitServer(t, apiKey)
defer stopServer()
// Connect TCP Tunnel (bare host:port)
stopTunnel := connectTunnel(t, serverAddr, tcpAddr, "tcp-large", apiKey)
defer stopTunnel()
// Connect and Send Large Payload
conn, err := net.DialTimeout("tcp", serverAddr, 5*time.Second)
if err != nil {
t.Fatalf("failed to connect: %v", err)
}
defer conn.Close()
// Route via Host Header Then Send 64 KB Payload
header := fmt.Sprintf("POST /data HTTP/1.1\r\nHost: tcp-large.%s\r\nContent-Length: 65536\r\n\r\n", serverAddr)
payload := header + strings.Repeat("X", 64*1024)
_, err = conn.Write([]byte(payload))
if err != nil {
t.Fatalf("failed to write: %v", err)
}
// Read All Echoed Data
conn.SetReadDeadline(time.Now().Add(5 * time.Second))
var received []byte
buf := make([]byte, 8192)
for len(received) < len(payload) {
n, err := conn.Read(buf)
if err != nil {
break
}
received = append(received, buf[:n]...)
}
if len(received) != len(payload) {
t.Errorf("expected %d bytes echoed, got %d", len(payload), len(received))
}
}
// ---------- Concurrency Tests ----------
func TestConcurrentHTTPRequests(t *testing.T) {
apiKey := "test-key-concurrent"
// Start Target HTTP Server
targetAddr, stopTarget := startHTTPTarget(t)
defer stopTarget()
// Start Conduit Server
serverAddr, stopServer := startConduitServer(t, apiKey)
defer stopServer()
// Connect Tunnel
stopTunnel := connectTunnel(t, serverAddr, fmt.Sprintf("http://%s", targetAddr), "conc-test", apiKey)
defer stopTunnel()
// Fire 20 Concurrent Requests
const numRequests = 20
var wg sync.WaitGroup
errors := make(chan string, numRequests)
for i := range numRequests {
wg.Add(1)
go func(idx int) {
defer wg.Done()
path := fmt.Sprintf("/item/%d", idx)
resp := sendHTTPViaTunnel(t, serverAddr, "conc-test", "GET", path, "")
body := readBody(t, resp)
expected := fmt.Sprintf("echo: GET %s", path)
if !strings.Contains(body, expected) {
errors <- fmt.Sprintf("request %d: expected %q, got %q", idx, expected, body)
}
if resp.StatusCode != http.StatusOK {
errors <- fmt.Sprintf("request %d: expected 200, got %d", idx, resp.StatusCode)
}
}(i)
}
wg.Wait()
close(errors)
for errMsg := range errors {
t.Error(errMsg)
}
}
func TestConcurrentMultiTunnelRequests(t *testing.T) {
apiKey := "test-key-conc-multi"
// Start Two Target Servers
target1Addr, stopTarget1 := startHTTPTarget(t)
defer stopTarget1()
port2 := getFreePort(t)
addr2 := fmt.Sprintf("127.0.0.1:%d", port2)
mux2 := http.NewServeMux()
mux2.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
fmt.Fprintf(w, "server-two: %s", r.URL.Path)
})
srv2 := &http.Server{Addr: addr2, Handler: mux2}
go srv2.ListenAndServe()
defer srv2.Close()
waitForPort(t, addr2, 3*time.Second)
// Start Conduit Server
serverAddr, stopServer := startConduitServer(t, apiKey)
defer stopServer()
// Connect Two Tunnels
stopTunnel1 := connectTunnel(t, serverAddr, fmt.Sprintf("http://%s", target1Addr), "cm-one", apiKey)
defer stopTunnel1()
stopTunnel2 := connectTunnel(t, serverAddr, fmt.Sprintf("http://%s", addr2), "cm-two", apiKey)
defer stopTunnel2()
// Fire Concurrent Requests to Both Tunnels
const perTunnel = 10
var wg sync.WaitGroup
errors := make(chan string, perTunnel*2)
for i := range perTunnel {
wg.Add(2)
// Requests to Tunnel One
go func(idx int) {
defer wg.Done()
path := fmt.Sprintf("/a/%d", idx)
resp := sendHTTPViaTunnel(t, serverAddr, "cm-one", "GET", path, "")
body := readBody(t, resp)
if !strings.Contains(body, fmt.Sprintf("echo: GET %s", path)) {
errors <- fmt.Sprintf("tunnel-one req %d: got %q", idx, body)
}
}(i)
// Requests to Tunnel Two
go func(idx int) {
defer wg.Done()
path := fmt.Sprintf("/b/%d", idx)
resp := sendHTTPViaTunnel(t, serverAddr, "cm-two", "GET", path, "")
body := readBody(t, resp)
if !strings.Contains(body, fmt.Sprintf("server-two: %s", path)) {
errors <- fmt.Sprintf("tunnel-two req %d: got %q", idx, body)
}
}(i)
}
wg.Wait()
close(errors)
for errMsg := range errors {
t.Error(errMsg)
}
}

8
flake.lock generated
View File

@@ -20,16 +20,16 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1758216857, "lastModified": 1777578337,
"narHash": "sha256-h1BW2y7CY4LI9w61R02wPaOYfmYo82FyRqHIwukQ6SY=", "narHash": "sha256-Ad49moKWeXtKBJNy2ebiTQUEgdLyvGmTeykAQ9xM+Z4=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d2ed99647a4b195f0bcc440f76edfa10aeb3b743", "rev": "15f4ee454b1dce334612fa6843b3e05cf546efab",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-25.05", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }

13
flake.nix
View File

@@ -2,12 +2,18 @@
description = "Development Environment"; description = "Development Environment";
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
}; };
outputs = { self, nixpkgs, flake-utils }: outputs =
flake-utils.lib.eachDefaultSystem (system: { self
, nixpkgs
, flake-utils
,
}:
flake-utils.lib.eachDefaultSystem (
system:
let let
pkgs = nixpkgs.legacyPackages.${system}; pkgs = nixpkgs.legacyPackages.${system};
in in
@@ -15,6 +21,7 @@
devShells.default = pkgs.mkShell { devShells.default = pkgs.mkShell {
packages = with pkgs; [ packages = with pkgs; [
go go
gopls
golangci-lint golangci-lint
]; ];
shellHook = '' shellHook = ''

14
go.mod
View File

@@ -1,12 +1,16 @@
module reichard.io/conduit module reichard.io/conduit
go 1.24.4 go 1.25.1
require (
github.com/google/uuid v1.6.0
github.com/gorilla/websocket v1.5.3
github.com/sirupsen/logrus v1.9.3
github.com/spf13/cobra v1.10.1
github.com/spf13/pflag v1.0.9
)
require ( require (
github.com/gorilla/websocket v1.5.3 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/sirupsen/logrus v1.9.3 // indirect
github.com/spf13/cobra v1.10.1 // indirect
github.com/spf13/pflag v1.0.9 // indirect
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 // indirect golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 // indirect
) )

6
go.sum
View File

@@ -1,10 +1,14 @@
github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg= github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
@@ -14,9 +18,11 @@ github.com/spf13/cobra v1.10.1/go.mod h1:7SmJGaTHFVBY0jW4NXGluQoLvhqFQM+6XSKD+P4
github.com/spf13/pflag v1.0.9 h1:9exaQaMOCwffKiiiYk6/BndUBv+iRViNW+4lEMi0PvY= github.com/spf13/pflag v1.0.9 h1:9exaQaMOCwffKiiiYk6/BndUBv+iRViNW+4lEMi0PvY=
github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 h1:0A+M6Uqn+Eje4kHMK80dtF3JCXC4ykBgQG4Fe06QRhQ= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 h1:0A+M6Uqn+Eje4kHMK80dtF3JCXC4ykBgQG4Fe06QRhQ=
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

53
pkg/maps/map.go Normal file
View File

@@ -0,0 +1,53 @@
package maps
import (
"iter"
"sync"
)
type Map[K comparable, V any] struct {
items map[K]V
mu sync.RWMutex
}
func New[K comparable, V any]() *Map[K, V] {
return &Map[K, V]{items: make(map[K]V)}
}
func (m *Map[K, V]) Get(key K) (V, bool) {
m.mu.RLock()
defer m.mu.RUnlock()
v, ok := m.items[key]
return v, ok
}
func (m *Map[K, V]) Set(key K, value V) {
m.mu.Lock()
defer m.mu.Unlock()
m.items[key] = value
}
func (m *Map[K, V]) Delete(key K) {
m.mu.Lock()
defer m.mu.Unlock()
delete(m.items, key)
}
func (m *Map[K, V]) HasKey(key K) bool {
m.mu.RLock()
defer m.mu.RUnlock()
_, ok := m.items[key]
return ok
}
func (m *Map[K, V]) Entries() iter.Seq2[K, V] {
return func(yield func(K, V) bool) {
m.mu.RLock()
defer m.mu.RUnlock()
for k, v := range m.items {
if !yield(k, v) {
return
}
}
}
}

29
server/reconstructed_conn.go Normal file
View File

@@ -0,0 +1,29 @@
package server
import (
"io"
"net"
)
var _ io.ReadWriteCloser = (*reconstructedConn)(nil)
// reconstructedConn wraps a net.Conn and overrides Read to handle captured data.
type reconstructedConn struct {
net.Conn
reader io.Reader
}
// Read reads from the reconstructed reader (prepended data + original conn).
func (rc *reconstructedConn) Read(p []byte) (n int, err error) {
return rc.reader.Read(p)
}
// newReconstructedConn creates a reconstructed connection that replays the provided
// readers in order before reading from the underlying connection.
func newReconstructedConn(conn net.Conn, readers ...io.Reader) net.Conn {
allReaders := append(readers, conn)
return &reconstructedConn{
Conn: conn,
reader: io.MultiReader(allReaders...),
}
}

318
server/server.go
View File

@@ -1,23 +1,21 @@
package server package server
import ( import (
"bufio"
"bytes" "bytes"
"context"
"encoding/json" "encoding/json"
"errors" "errors"
"fmt" "fmt"
"io"
"net"
"net/http" "net/http"
"net/url" "net/url"
"strings" "strings"
"sync" "sync/atomic"
"time"
"github.com/gorilla/websocket" "github.com/gorilla/websocket"
log "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus"
"reichard.io/conduit/config" "reichard.io/conduit/config"
"reichard.io/conduit/types" "reichard.io/conduit/pkg/maps"
"reichard.io/conduit/tunnel"
) )
type InfoResponse struct { type InfoResponse struct {
@@ -30,22 +28,17 @@ type TunnelInfo struct {
Target string `json:"target"` Target string `json:"target"`
} }
type TunnelConnection struct {
*websocket.Conn
name string
streams map[string]chan []byte
}
type Server struct { type Server struct {
ctx context.Context
host string host string
cfg *config.ServerConfig cfg *config.ServerConfig
mu sync.RWMutex
upgrader websocket.Upgrader upgrader websocket.Upgrader
tunnels map[string]*TunnelConnection tunnels *maps.Map[string, *tunnel.Tunnel]
streamID atomic.Uint64
} }
func NewServer(cfg *config.ServerConfig) (*Server, error) { func NewServer(ctx context.Context, cfg *config.ServerConfig) (*Server, error) {
serverURL, err := url.Parse(cfg.ServerAddress) serverURL, err := url.Parse(cfg.ServerAddress)
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to parse server address: %v", err) return nil, fmt.Errorf("failed to parse server address: %v", err)
@@ -54,9 +47,10 @@ func NewServer(cfg *config.ServerConfig) (*Server, error) {
} }
return &Server{ return &Server{
ctx: ctx,
cfg: cfg, cfg: cfg,
host: serverURL.Host, host: serverURL.Host,
tunnels: make(map[string]*TunnelConnection), tunnels: maps.New[string, *tunnel.Tunnel](),
upgrader: websocket.Upgrader{ upgrader: websocket.Upgrader{
CheckOrigin: func(r *http.Request) bool { CheckOrigin: func(r *http.Request) bool {
return true return true
@@ -66,38 +60,115 @@ func NewServer(cfg *config.ServerConfig) (*Server, error) {
} }
func (s *Server) Start() error { func (s *Server) Start() error {
// Raw TCP Listener - This is necessary so we can conditionally either relay // HTTP Server - Uses stdlib http.Server for proper HTTP response handling
// the raw TCP connection, or handle conduit control server API requests. // including Content-Length, chunked encoding, and keep-alive semantics.
listener, err := net.Listen("tcp", s.cfg.BindAddress) httpServer := &http.Server{
if err != nil { Addr: s.cfg.BindAddress,
Handler: s,
}
// Context Cancellation - Gracefully shut down when the context is cancelled.
go func() {
<-s.ctx.Done()
log.Info("conduit server shutting down")
httpServer.Close()
}()
// Start Server
log.Infof("conduit server listening on %s", s.cfg.BindAddress)
if err := httpServer.ListenAndServe(); err != nil && err != http.ErrServerClosed {
return err return err
} }
defer listener.Close() return nil
}
// Start Listening func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
log.Infof("conduit server listening on %s", s.cfg.BindAddress) // Get True Host
for { if xff := r.Header.Get("X-Forwarded-For"); xff != "" {
conn, err := listener.Accept() r.RemoteAddr = xff
}
// Validate Host
if !strings.Contains(r.Host, s.host) {
http.Error(w, fmt.Sprintf("unknown host: %s", r.Host), http.StatusBadRequest)
return
}
// Extract Subdomain
tunnelName := strings.TrimSuffix(strings.Replace(r.Host, s.host, "", 1), ".")
if strings.Count(tunnelName, ".") != 0 {
http.Error(w, fmt.Sprintf("cannot tunnel nested subdomains: %s", r.Host), http.StatusBadRequest)
return
}
// Handle Control Endpoints
if tunnelName == "" {
s.handleAsHTTP(w, r)
return
}
// Handle Tunnel Requests
s.handleTunnelRequest(w, r, tunnelName)
}
func (s *Server) handleTunnelRequest(w http.ResponseWriter, r *http.Request, tunnelName string) {
// Get Tunnel
conduitTunnel, exists := s.tunnels.Get(tunnelName)
if !exists {
http.Error(w, fmt.Sprintf("unknown tunnel: %s", tunnelName), http.StatusNotFound)
return
}
// Hijack Connection - Take over the raw TCP connection from the HTTP server
// so we can forward the full request (including body) through the tunnel.
hj, ok := w.(http.Hijacker)
if !ok {
http.Error(w, "hijack not supported", http.StatusInternalServerError)
return
}
conn, bufrw, err := hj.Hijack()
if err != nil { if err != nil {
log.Printf("error accepting connection: %v", err) http.Error(w, fmt.Sprintf("hijack failed: %v", err), http.StatusInternalServerError)
continue return
} }
go s.handleRawConnection(conn) // Re-Serialize Request Headers - The HTTP server already consumed the request
// from the connection. We re-serialize it so the tunnel client receives a
// complete HTTP request to forward to the local target.
var reqBuf bytes.Buffer
fmt.Fprintf(&reqBuf, "%s %s %s\r\n", r.Method, r.RequestURI, r.Proto)
fmt.Fprintf(&reqBuf, "Host: %s\r\n", r.Host)
_ = r.Header.Write(&reqBuf)
reqBuf.WriteString("\r\n")
// Reconstruct Connection - Combine re-serialized headers with any buffered
// body data (from the hijacked reader) and the raw connection.
reconstructedConn := newReconstructedConn(conn, &reqBuf, bufrw)
// Create Stream
streamID := fmt.Sprintf("stream_%d", s.streamID.Add(1))
tunnelStream := tunnel.NewStream(reconstructedConn, r.RemoteAddr, conduitTunnel.Source())
// Add Stream
if err := conduitTunnel.AddStream(tunnelStream, streamID); err != nil {
log.WithError(err).Error("failed to add stream")
conn.Close()
return
} }
// Start Stream
conduitTunnel.StartStream(s.ctx, tunnelStream, streamID)
} }
func (s *Server) getInfo(w http.ResponseWriter, _ *http.Request) { func (s *Server) getInfo(w http.ResponseWriter, _ *http.Request) {
// Get Tunnels // Get Tunnels
var allTunnels []TunnelInfo var allTunnels []TunnelInfo
s.mu.RLock() for t, c := range s.tunnels.Entries() {
for t, c := range s.tunnels {
allTunnels = append(allTunnels, TunnelInfo{ allTunnels = append(allTunnels, TunnelInfo{
Name: t, Name: t,
Target: c.RemoteAddr().String(), Target: c.Source(),
}) })
} }
s.mu.RUnlock()
// Create Response // Create Response
d, err := json.MarshalIndent(InfoResponse{ d, err := json.MarshalIndent(InfoResponse{
@@ -105,126 +176,17 @@ func (s *Server) getInfo(w http.ResponseWriter, _ *http.Request) {
Version: config.GetVersion(), Version: config.GetVersion(),
}, "", " ") }, "", " ")
if err != nil { if err != nil {
log.WithError(err).Error("failed to marshal info")
w.WriteHeader(http.StatusInternalServerError) w.WriteHeader(http.StatusInternalServerError)
return return
} }
// Send Response // Send Response
w.Header().Set("Content-Type", "application/json") w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusOK)
_, _ = w.Write(d) _, _ = w.Write(d)
} }
func (s *Server) proxyRawConnection(clientConn net.Conn, tunnelConn *TunnelConnection, dataReader io.Reader) {
defer clientConn.Close()
// Create Identifiers
streamID := fmt.Sprintf("stream_%d", time.Now().UnixNano())
responseChan := make(chan []byte, 100)
// Register Stream
s.mu.Lock()
if tunnelConn.streams == nil {
tunnelConn.streams = make(map[string]chan []byte)
}
tunnelConn.streams[streamID] = responseChan
s.mu.Unlock()
// Clean Up
defer func() {
s.mu.Lock()
delete(tunnelConn.streams, streamID)
close(responseChan)
s.mu.Unlock()
// Send Close
closeMsg := types.Message{
Type: types.MessageTypeClose,
StreamID: streamID,
}
_ = tunnelConn.WriteJSON(closeMsg)
}()
// Read & Send Chunks
go func() {
buffer := make([]byte, 4096)
for {
n, err := dataReader.Read(buffer)
if err != nil {
return
}
if err := tunnelConn.WriteJSON(types.Message{
Type: types.MessageTypeData,
StreamID: streamID,
Data: buffer[:n],
}); err != nil {
return
}
}
}()
// Return Response Data
for data := range responseChan {
if _, err := clientConn.Write(data); err != nil {
break
}
}
}
func (s *Server) handleRawConnection(conn net.Conn) {
defer conn.Close()
// Capture Consumed Data - When determining where to route the request, we
// have to read the host headers. This requires reading from the buffer, so
// if we later decide to tunnel the TCP connection we need to reconstruct the
// data from the buffer.
var capturedData bytes.Buffer
teeReader := io.TeeReader(conn, &capturedData)
bufReader := bufio.NewReader(teeReader)
// Create HTTP Request & Writer
w := &connResponseWriter{conn: conn}
r, err := http.ReadRequest(bufReader)
if err != nil {
w.WriteHeader(http.StatusBadRequest)
return
}
defer r.Body.Close()
// Validate Host
if !strings.Contains(r.Host, s.host) {
w.WriteHeader(http.StatusBadRequest)
_, _ = fmt.Fprintf(w, "unknown host: %s", r.Host)
return
}
// Extract Subdomain
subdomain := strings.TrimSuffix(strings.Replace(r.Host, s.host, "", 1), ".")
if strings.Count(subdomain, ".") != 0 {
w.WriteHeader(http.StatusBadRequest)
_, _ = fmt.Fprintf(w, "cannot tunnel nested subdomains: %s", r.Host)
return
}
// Handle Control Endpoints
if subdomain == "" {
s.handleAsHTTP(w, r)
return
}
// Handle Tunnels
s.mu.RLock()
tunnelConn, exists := s.tunnels[subdomain]
s.mu.RUnlock()
if exists {
log.Infof("relaying %s to tunnel", subdomain)
// Reconstruct Data & Proxy Connection
allReader := io.MultiReader(&capturedData, r.Body)
s.proxyRawConnection(conn, tunnelConn, allReader)
}
}
func (s *Server) handleAsHTTP(w http.ResponseWriter, r *http.Request) { func (s *Server) handleAsHTTP(w http.ResponseWriter, r *http.Request) {
// Authorize Control Endpoints // Authorize Control Endpoints
apiKey := r.URL.Query().Get("apiKey") apiKey := r.URL.Query().Get("apiKey")
@@ -245,53 +207,17 @@ func (s *Server) handleAsHTTP(w http.ResponseWriter, r *http.Request) {
} }
} }
func (s *Server) handleTunnelMessages(tunnel *TunnelConnection) {
for {
var msg types.Message
err := tunnel.ReadJSON(&msg)
if err != nil {
return
}
if msg.StreamID == "" {
log.Infof("tunnel %s missing streamID", tunnel.name)
continue
}
switch msg.Type {
case types.MessageTypeClose:
return
case types.MessageTypeData:
s.mu.RLock()
streamChan, exists := tunnel.streams[msg.StreamID]
if !exists {
log.Infof("stream %s does not exist", msg.StreamID)
s.mu.RUnlock()
continue
}
select {
case streamChan <- msg.Data:
case <-time.After(time.Second):
log.Warnf("stream %s channel full, dropping data", msg.StreamID)
}
s.mu.RUnlock()
}
}
}
func (s *Server) createTunnel(w http.ResponseWriter, r *http.Request) { func (s *Server) createTunnel(w http.ResponseWriter, r *http.Request) {
// Get Tunnel Name // Get Tunnel Name
tunnelName := r.URL.Query().Get("tunnelName") tunnelName := r.URL.Query().Get("tunnelName")
if tunnelName == "" { if tunnelName == "" {
w.WriteHeader(http.StatusBadRequest) http.Error(w, "Missing tunnelName parameter", http.StatusBadRequest)
_, _ = w.Write([]byte("Missing tunnelName parameter"))
return return
} }
// Validate Unique // Validate Unique
if _, exists := s.tunnels[tunnelName]; exists { if _, exists := s.tunnels.Get(tunnelName); exists {
w.WriteHeader(http.StatusConflict) http.Error(w, "Tunnel already registered", http.StatusConflict)
_, _ = w.Write([]byte("Tunnel already registered"))
return return
} }
@@ -302,26 +228,14 @@ func (s *Server) createTunnel(w http.ResponseWriter, r *http.Request) {
return return
} }
// Create & Cache TunnelConnection // Create Tunnel
tunnel := &TunnelConnection{ conduitTunnel := tunnel.NewServerTunnel(tunnelName, wsConn)
Conn: wsConn, s.tunnels.Set(tunnelName, conduitTunnel)
name: tunnelName,
streams: make(map[string]chan []byte),
}
s.mu.Lock()
s.tunnels[tunnelName] = tunnel
s.mu.Unlock()
log.Infof("tunnel established: %s", tunnelName)
// Keep connection alive and handle cleanup // Start Tunnel - This is blocking
defer func() { conduitTunnel.Start(s.ctx)
s.mu.Lock()
delete(s.tunnels, tunnelName) // Cleanup Tunnel
s.mu.Unlock() s.tunnels.Delete(tunnelName)
_ = wsConn.Close() _ = wsConn.Close()
log.Infof("tunnel closed: %s", tunnelName)
}()
// Handle tunnel messages
s.handleTunnelMessages(tunnel)
} }

48
server/writer.go
View File

@@ -1,48 +0,0 @@
package server
import (
"bufio"
"fmt"
"net"
"net/http"
)
var _ http.ResponseWriter = (*connResponseWriter)(nil)
type connResponseWriter struct {
conn net.Conn
header http.Header
}
func (f *connResponseWriter) Header() http.Header {
if f.header == nil {
f.header = make(http.Header)
}
return f.header
}
func (f *connResponseWriter) Write(data []byte) (int, error) {
return f.conn.Write(data)
}
func (f *connResponseWriter) WriteHeader(statusCode int) {
// Write Status
status := fmt.Sprintf("HTTP/1.1 %d %s\r\n", statusCode, http.StatusText(statusCode))
_, _ = f.conn.Write([]byte(status))
// Write Headers
for key, values := range f.header {
for _, value := range values {
_, _ = fmt.Fprintf(f.conn, "%s: %s\r\n", key, value)
}
}
// End Headers
_, _ = f.conn.Write([]byte("\r\n"))
}
func (f *connResponseWriter) Hijack() (net.Conn, *bufio.ReadWriter, error) {
// Return Raw Connection & ReadWriter
rw := bufio.NewReadWriter(bufio.NewReader(f.conn), bufio.NewWriter(f.conn))
return f.conn, rw, nil
}

18
store/context.go Normal file
View File

@@ -0,0 +1,18 @@
package store
import (
"context"
)
type contextKey struct{}
var recordIDKey = contextKey{}
func withRecord(ctx context.Context, rec *TunnelRecord) context.Context {
return context.WithValue(ctx, recordIDKey, rec)
}
func getRecord(ctx context.Context) (*TunnelRecord, bool) {
id, ok := ctx.Value(recordIDKey).(*TunnelRecord)
return id, ok
}

77
store/record.go Normal file
View File

@@ -0,0 +1,77 @@
package store
import (
"encoding/json"
"net/http"
"net/url"
"time"
"github.com/google/uuid"
)
type TunnelRecord struct {
ID uuid.UUID
Time time.Time
URL *url.URL
Method string
Status int
SourceAddr string
RequestHeaders http.Header
RequestBodyType string
RequestBody []byte
RequestBodySize int64
RequestBodyCaptured bool
RequestBodyTruncated bool
RequestBodySkipped string
ResponseHeaders http.Header
ResponseBodyType string
ResponseBody []byte
ResponseBodySize int64
ResponseBodyCaptured bool
ResponseBodyTruncated bool
ResponseBodySkipped string
}
func (tr *TunnelRecord) MarshalJSON() ([]byte, error) {
type Alias TunnelRecord
return json.Marshal(&struct {
*Alias
URL string `json:"URL"`
Time string `json:"Time"`
}{
Alias: (*Alias)(tr),
URL: tr.URL.String(),
Time: tr.Time.Format(time.RFC3339),
})
}
func (tr *TunnelRecord) UnmarshalJSON(data []byte) error {
type Alias TunnelRecord
aux := &struct {
*Alias
URL string `json:"URL"`
Time string `json:"Time"`
}{
Alias: (*Alias)(tr),
}
if err := json.Unmarshal(data, &aux); err != nil {
return err
}
parsedURL, err := url.Parse(aux.URL)
if err != nil {
return err
}
tr.URL = parsedURL
parsedTime, err := time.Parse(time.RFC3339, aux.Time)
if err != nil {
return err
}
tr.Time = parsedTime
return nil
}

285
store/store.go Normal file
View File

@@ -0,0 +1,285 @@
package store
import (
"bytes"
"errors"
"io"
"mime"
"net/http"
"strings"
"sync"
"time"
"github.com/google/uuid"
)
const (
defaultQueueSize = 100
maxQueueSize = 100
maxBodyCapture = 1024 * 1024
)
var ErrRecordNotFound = errors.New("record not found")
type OnEntryHandler func(record *TunnelRecord)
type TunnelStore interface {
Get(before time.Time, count int) (results []*TunnelRecord, more bool)
Subscribe() <-chan *TunnelRecord
RecordTCP()
RecordRequest(req *http.Request, sourceAddress string)
RecordResponse(resp *http.Response) error
}
func NewTunnelStore(queueSize int) TunnelStore {
if queueSize <= 0 {
queueSize = defaultQueueSize
} else if queueSize > maxQueueSize {
queueSize = maxQueueSize
}
return &tunnelStoreImpl{queueSize: queueSize}
}
type tunnelStoreImpl struct {
orderedRecords []*TunnelRecord
queueSize int
subs []chan *TunnelRecord
mu sync.Mutex
}
func (s *tunnelStoreImpl) Subscribe() <-chan *TunnelRecord {
s.mu.Lock()
defer s.mu.Unlock()
ch := make(chan *TunnelRecord, 100)
// Flush Existing & Subscribe
for _, r := range s.orderedRecords {
ch <- r
}
s.subs = append(s.subs, ch)
return ch
}
func (s *tunnelStoreImpl) Get(before time.Time, count int) ([]*TunnelRecord, bool) {
// Find First
start := -1
for i, r := range s.orderedRecords {
if r.Time.Before(before) {
start = i
break
}
}
// Not Found
if start == -1 {
return nil, false
}
// Subslice Records
end := min(start+count, len(s.orderedRecords))
results := s.orderedRecords[start:end]
more := end < len(s.orderedRecords)
return results, more
}
func (s *tunnelStoreImpl) RecordRequest(req *http.Request, sourceAddress string) {
s.mu.Lock()
defer s.mu.Unlock()
url := *req.URL
rec := &TunnelRecord{
ID: uuid.New(),
Time: time.Now(),
URL: &url,
Method: req.Method,
SourceAddr: sourceAddress,
RequestHeaders: req.Header,
RequestBodyType: req.Header.Get("Content-Type"),
RequestBodySize: req.ContentLength,
}
bodyData, meta := captureBody(&req.Body, req.Header.Get("Content-Type"), req.ContentLength, false)
rec.RequestBody = bodyData
rec.RequestBodySize = meta.size
rec.RequestBodyCaptured = meta.captured
rec.RequestBodyTruncated = meta.truncated
rec.RequestBodySkipped = meta.skipped
// Add Record & Truncate
s.orderedRecords = append(s.orderedRecords, rec)
if len(s.orderedRecords) > s.queueSize {
s.orderedRecords = s.orderedRecords[len(s.orderedRecords)-s.queueSize:]
}
*req = *req.WithContext(withRecord(req.Context(), rec))
}
func (s *tunnelStoreImpl) RecordResponse(resp *http.Response) error {
rec, found := getRecord(resp.Request.Context())
if !found {
return ErrRecordNotFound
}
rec.Status = resp.StatusCode
rec.ResponseHeaders = resp.Header
rec.ResponseBodyType = resp.Header.Get("Content-Type")
rec.ResponseBodySize = resp.ContentLength
bodyData, meta := captureBody(&resp.Body, resp.Header.Get("Content-Type"), resp.ContentLength, true)
rec.ResponseBody = bodyData
rec.ResponseBodySize = meta.size
rec.ResponseBodyCaptured = meta.captured
rec.ResponseBodyTruncated = meta.truncated
rec.ResponseBodySkipped = meta.skipped
s.broadcast(rec)
return nil
}
func (s *tunnelStoreImpl) RecordTCP() {
s.mu.Lock()
defer s.mu.Unlock()
// TODO
}
func (s *tunnelStoreImpl) broadcast(record *TunnelRecord) {
s.mu.Lock()
defer s.mu.Unlock()
// Send to Subscribers
active := s.subs[:0]
for _, ch := range s.subs {
select {
case ch <- record:
active = append(active, ch)
default:
close(ch)
}
}
s.subs = active
}
type bodyCaptureMeta struct {
size int64
captured bool
truncated bool
skipped string
}
func captureBody(body *io.ReadCloser, contentType string, contentLength int64, allowImages bool) ([]byte, bodyCaptureMeta) {
meta := bodyCaptureMeta{size: contentLength}
if contentLength == 0 || *body == nil || *body == http.NoBody {
return nil, meta
}
previewable := isTextContentType(contentType) || (allowImages && isImageContentType(contentType))
if !previewable {
meta.skipped = "body content type is not previewable"
return nil, meta
}
if isImageContentType(contentType) && contentLength > maxBodyCapture {
meta.skipped = "image body is too large to preview"
return nil, meta
}
// Capture Bounded Prefix
originalBody := *body
limit := int64(maxBodyCapture + 1)
captured, err := io.ReadAll(io.LimitReader(originalBody, limit))
if err != nil {
meta.skipped = "failed to read body"
*body = originalBody
return nil, meta
}
if meta.size < 0 && len(captured) <= maxBodyCapture {
meta.size = int64(len(captured))
}
// Restore Body
*body = &replayReadCloser{
Reader: io.MultiReader(bytes.NewReader(captured), originalBody),
closer: originalBody,
}
if len(captured) > maxBodyCapture {
meta.truncated = true
captured = captured[:maxBodyCapture]
}
if isImageContentType(contentType) && meta.truncated {
meta.skipped = "image body is too large to preview"
return nil, meta
}
meta.captured = len(captured) > 0
return captured, meta
}
type replayReadCloser struct {
io.Reader
closer io.Closer
}
func (r *replayReadCloser) Close() error {
return r.closer.Close()
}
func isTextContentType(contentType string) bool {
mediaType, _, err := mime.ParseMediaType(contentType)
if err != nil {
return false
}
if strings.HasPrefix(mediaType, "text/") {
return true
}
if strings.HasSuffix(mediaType, "+json") || strings.HasSuffix(mediaType, "+xml") {
return true
}
switch mediaType {
case "application/json":
return true
case "application/xml":
return true
case "application/javascript":
return true
case "application/x-javascript":
return true
case "application/x-www-form-urlencoded":
return true
default:
return false
}
}
func isImageContentType(contentType string) bool {
mediaType, _, err := mime.ParseMediaType(contentType)
if err != nil {
return false
}
switch mediaType {
case "image/png":
return true
case "image/jpeg":
return true
case "image/gif":
return true
case "image/webp":
return true
case "image/svg+xml":
return true
default:
return false
}
}

35
tunnel/forwarder.go Normal file
View File

@@ -0,0 +1,35 @@
package tunnel
import (
"context"
"net/url"
"reichard.io/conduit/store"
)
type ForwarderType int
const (
ForwarderTCP ForwarderType = iota
ForwarderHTTP
)
type Forwarder interface {
Type() ForwarderType
Initialize(sourceAddress string) (Stream, error)
Start(context.Context) error
}
func NewForwarder(target string, tunnelStore store.TunnelStore) (Forwarder, error) {
// Only parse as URL for HTTP targets. Bare host:port (e.g., "127.0.0.1:5432")
// is not a valid URL and should be treated as a raw TCP target.
targetURL, err := url.Parse(target)
if err == nil {
switch targetURL.Scheme {
case "http", "https":
return newHTTPForwarder(targetURL, tunnelStore)
}
}
return newTCPForwarder(target, tunnelStore), nil
}

156
tunnel/http_forwarder.go Normal file
View File

@@ -0,0 +1,156 @@
package tunnel
import (
"context"
"fmt"
"net"
"net/http"
"net/http/httputil"
"net/url"
"sync"
"reichard.io/conduit/store"
)
func newHTTPForwarder(targetURL *url.URL, tunnelStore store.TunnelStore) (Forwarder, error) {
return &httpConnBuilder{
multiConnListener: newMultiConnListener(),
tunnelStore: tunnelStore,
targetURL: targetURL,
}, nil
}
type httpConnBuilder struct {
multiConnListener *multiConnListener
tunnelStore store.TunnelStore
targetURL *url.URL
}
func (c *httpConnBuilder) Type() ForwarderType {
return ForwarderHTTP
}
func (c *httpConnBuilder) Start(ctx context.Context) error {
// Create Reverse Proxy Server
server := &http.Server{
ConnContext: func(ctx context.Context, c net.Conn) context.Context {
if wsConn, ok := c.(*wsConn); ok {
return context.WithValue(ctx, "sourceAddr", wsConn.sourceAddress)
}
return ctx
},
Handler: &httputil.ReverseProxy{
Director: func(req *http.Request) {
// Rewrite Request URL
req.Host = c.targetURL.Host
req.URL.Host = c.targetURL.Host
req.URL.Scheme = c.targetURL.Scheme
// Rewrite Referer
if referer := req.Header.Get("Referer"); referer != "" {
if refURL, err := url.Parse(referer); err == nil {
refURL.Host = c.targetURL.Host
refURL.Scheme = c.targetURL.Scheme
req.Header.Set("Referer", refURL.String())
}
}
// Extract Source Address & Record Request
sourceAddress, _ := req.Context().Value("sourceAddr").(string)
c.tunnelStore.RecordRequest(req, sourceAddress)
},
ModifyResponse: c.tunnelStore.RecordResponse,
ErrorHandler: func(w http.ResponseWriter, r *http.Request, err error) {
http.Error(w, fmt.Sprintf("Proxy error: %v", err), http.StatusBadGateway)
},
},
}
// Context & Cleanup
go func() {
<-ctx.Done()
server.Shutdown(ctx)
c.multiConnListener.Close()
}()
// Start HTTP Proxy
if err := server.Serve(c.multiConnListener); err != nil && err != http.ErrServerClosed {
return err
}
return nil
}
func (c *httpConnBuilder) Initialize(sourceAddress string) (Stream, error) {
clientConn, serverConn := net.Pipe()
if err := c.multiConnListener.addConn(&wsConn{serverConn, sourceAddress}); err != nil {
_ = clientConn.Close()
_ = serverConn.Close()
return nil, err
}
return &streamImpl{clientConn, sourceAddress, c.targetURL.String()}, nil
}
type multiConnListener struct {
connCh chan net.Conn
closed chan struct{}
once sync.Once
}
func newMultiConnListener() *multiConnListener {
return &multiConnListener{
connCh: make(chan net.Conn, 100),
closed: make(chan struct{}),
}
}
func (l *multiConnListener) Accept() (net.Conn, error) {
select {
case conn := <-l.connCh:
if conn == nil {
return nil, fmt.Errorf("listener closed")
}
return conn, nil
case <-l.closed:
return nil, fmt.Errorf("listener closed")
}
}
func (l *multiConnListener) Close() error {
l.once.Do(func() {
close(l.closed)
// Drain any remaining connections
go func() {
for conn := range l.connCh {
if conn != nil {
conn.Close()
}
}
}()
close(l.connCh)
})
return nil
}
func (l *multiConnListener) Addr() net.Addr {
return &net.TCPAddr{IP: net.IPv4(127, 0, 0, 1), Port: 0}
}
func (l *multiConnListener) addConn(conn net.Conn) error {
select {
case l.connCh <- conn:
return nil
case <-l.closed:
conn.Close()
return fmt.Errorf("listener is closed")
default:
conn.Close()
return fmt.Errorf("connection queue full")
}
}
type wsConn struct {
net.Conn
sourceAddress string
}

2
client/name.go → tunnel/name.go
View File

@@ -1,4 +1,4 @@
package client package tunnel
import ( import (
"fmt" "fmt"

32
tunnel/stream.go Normal file
View File

@@ -0,0 +1,32 @@
package tunnel
import (
"io"
"net"
)
var _ Stream = (*streamImpl)(nil)
type Stream interface {
io.ReadWriteCloser
Source() string
Target() string
}
func NewStream(conn net.Conn, source, target string) Stream {
return &streamImpl{conn, source, target}
}
type streamImpl struct {
net.Conn
source string
target string
}
func (s *streamImpl) Source() string {
return s.source
}
func (s *streamImpl) Target() string {
return s.target
}

37
tunnel/tcp_forwarder.go Normal file
View File

@@ -0,0 +1,37 @@
package tunnel
import (
"context"
"net"
"reichard.io/conduit/store"
)
func newTCPForwarder(target string, tunnelStore store.TunnelStore) Forwarder {
return &tcpConnBuilder{
target: target,
tunnelStore: tunnelStore,
}
}
type tcpConnBuilder struct {
target string
tunnelStore store.TunnelStore
}
func (l *tcpConnBuilder) Type() ForwarderType {
return ForwarderTCP
}
func (l *tcpConnBuilder) Initialize(sourceAddress string) (Stream, error) {
conn, err := net.Dial("tcp", l.target)
if err != nil {
return nil, err
}
return &streamImpl{conn, sourceAddress, l.target}, nil
}
func (l *tcpConnBuilder) Start(ctx context.Context) error {
return nil
}

248
tunnel/tunnel.go Normal file
View File

@@ -0,0 +1,248 @@
package tunnel
import (
"context"
"fmt"
"net"
"net/url"
"sync"
"github.com/gorilla/websocket"
log "github.com/sirupsen/logrus"
"reichard.io/conduit/config"
"reichard.io/conduit/pkg/maps"
"reichard.io/conduit/types"
)
// NewServerTunnel creates a new tunnel with name and websocket connection. The tunnel is
// generally instantiated after an upgrade request from the server.
func NewServerTunnel(name string, wsConn *websocket.Conn) *Tunnel {
return &Tunnel{
name: name,
streams: maps.New[string, Stream](),
wsConn: wsConn,
}
}
// NewClientTunnel creates a new tunnel with the provided configuration and forwarder. A
// forwarder is effectively the protocol being forwarded. For example HTTP (Proxy), and TCP.
func NewClientTunnel(cfg *config.ClientConfig, forwarder Forwarder) (*Tunnel, error) {
// Parse Server URL
serverURL, err := url.Parse(cfg.ServerAddress)
if err != nil {
return nil, err
}
// Parse Scheme
var wsScheme string
switch serverURL.Scheme {
case "https":
wsScheme = "wss"
case "http":
wsScheme = "ws"
default:
return nil, fmt.Errorf("unsupported scheme: %s", serverURL.Scheme)
}
// Create Tunnel Name
if cfg.TunnelName == "" {
cfg.TunnelName = generateTunnelName()
log.Infof("tunnel name not provided; generated: %s", cfg.TunnelName)
}
// Connect Server WS
wsURL := fmt.Sprintf("%s://%s/_conduit/tunnel?tunnelName=%s&apiKey=%s", wsScheme, serverURL.Host, cfg.TunnelName, cfg.APIKey)
serverConn, _, err := websocket.DefaultDialer.Dial(wsURL, nil)
if err != nil {
return nil, fmt.Errorf("failed to connect: %v", err)
}
return &Tunnel{
name: cfg.TunnelName,
publicURL: publicTunnelURL(serverURL, cfg.TunnelName),
wsConn: serverConn,
streams: maps.New[string, Stream](),
forwarder: forwarder,
}, nil
}
func publicTunnelURL(serverURL *url.URL, tunnelName string) string {
// Build Public Tunnel URL
host := serverURL.Hostname()
if host == "" {
host = serverURL.Host
}
publicHost := tunnelName + "." + host
if port := serverURL.Port(); port != "" {
publicHost = net.JoinHostPort(publicHost, port)
}
return (&url.URL{Scheme: serverURL.Scheme, Host: publicHost}).String()
}
type Tunnel struct {
name string
publicURL string
wsConn *websocket.Conn
streams *maps.Map[string, Stream]
forwarder Forwarder
mu sync.Mutex
}
func (t *Tunnel) Start(ctx context.Context) {
log.Infof("initiated tunnel %q with %s", t.name, t.wsConn.RemoteAddr().String())
if t.publicURL != "" {
log.Infof("tunnel available at %s", t.publicURL)
}
defer log.Infof("closed tunnel %q with %s", t.name, t.wsConn.RemoteAddr().String())
// Start Message Receiver
for {
msg, err := t.readWSWithContext(ctx)
if err != nil {
return
}
// Validate Stream
if msg.StreamID == "" {
log.Warnf("tunnel %s missing streamID", t.name)
continue
}
// Get Stream
stream, err := t.getStream(ctx, msg.StreamID, msg.SourceAddr)
if err != nil {
if msg.Type != types.MessageTypeClose {
log.WithError(err).Errorf("failed to get stream %s", msg.StreamID)
}
continue
}
// Handle Messages
switch msg.Type {
case types.MessageTypeClose:
_ = t.closeStream(stream, msg.StreamID)
case types.MessageTypeData:
_, err = stream.Write(msg.Data)
}
// Log Error
if err != nil {
log.WithError(err).Errorf("failed to handle message %s", msg.StreamID)
}
}
}
func (t *Tunnel) readWSWithContext(ctx context.Context) (*types.Message, error) {
type result struct {
msg *types.Message
err error
}
resultChan := make(chan result, 1)
go func() {
var msg types.Message
err := t.wsConn.ReadJSON(&msg)
resultChan <- result{&msg, err}
}()
select {
case <-ctx.Done():
return nil, ctx.Err()
case result := <-resultChan:
return result.msg, result.err
}
}
func (t *Tunnel) AddStream(stream Stream, streamID string) error {
if t.streams.HasKey(streamID) {
return fmt.Errorf("stream %s already exists", streamID)
}
log.Infof("tunnel %q initiated stream with %s", t.name, stream.Source())
t.streams.Set(streamID, stream)
return nil
}
func (t *Tunnel) Source() string {
return t.wsConn.RemoteAddr().String()
}
func (t *Tunnel) StartStream(ctx context.Context, stream Stream, streamID string) error {
// Close Stream
defer t.closeStream(stream, streamID)
// Start Stream
for {
data, err := t.readStreamWithContext(ctx, stream)
if err != nil {
return err
}
if err := t.sendWS(&types.Message{
Type: types.MessageTypeData,
StreamID: streamID,
Data: data,
SourceAddr: stream.Source(),
}); err != nil {
return err
}
}
}
func (t *Tunnel) closeStream(stream Stream, streamID string) error {
log.Infof("tunnel %q closed stream with %s", t.name, stream.Source())
t.streams.Delete(streamID)
return stream.Close()
}
func (t *Tunnel) getStream(ctx context.Context, streamID, sourceAddress string) (Stream, error) {
// Check Existing Stream
if stream, found := t.streams.Get(streamID); found {
return stream, nil
}
// Check Forwarder
if t.forwarder == nil {
return nil, fmt.Errorf("stream %s does not exist", streamID)
}
// Initialize Forwarder & Add Stream
stream, err := t.forwarder.Initialize(sourceAddress)
if err != nil {
return nil, err
}
if err := t.AddStream(stream, streamID); err != nil {
return nil, err
}
go t.StartStream(ctx, stream, streamID)
return stream, nil
}
func (t *Tunnel) readStreamWithContext(ctx context.Context, stream Stream) ([]byte, error) {
type result struct {
data []byte
err error
}
resultChan := make(chan result, 1)
go func() {
buffer := make([]byte, 4096)
n, err := stream.Read(buffer)
resultChan <- result{buffer[:n], err}
}()
select {
case <-ctx.Done():
return nil, ctx.Err()
case result := <-resultChan:
return result.data, result.err
}
}
func (t *Tunnel) sendWS(msg *types.Message) error {
t.mu.Lock()
defer t.mu.Unlock()
return t.wsConn.WriteJSON(msg)
}

1
types/message.go
View File

@@ -10,5 +10,6 @@ const (
type Message struct { type Message struct {
Type MessageType `json:"type"` Type MessageType `json:"type"`
StreamID string `json:"stream_id"` StreamID string `json:"stream_id"`
SourceAddr string `json:"source_addr"`
Data []byte `json:"data,omitempty"` Data []byte `json:"data,omitempty"`
} }

17
web/pages/network.go Normal file
View File

@@ -0,0 +1,17 @@
package pages
import _ "embed"
//go:embed network.html
var networkHTML string
//go:embed networkScript.js
var networkScript string
func NetworkHTML() string {
return networkHTML
}
func NetworkScript() string {
return networkScript
}

13
web/pages/network.html Normal file
View File

@@ -0,0 +1,13 @@
<!doctype html>
<html lang="en" class="h-full bg-slate-950">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Conduit Monitor</title>
<script src="//cdn.tailwindcss.com"></script>
</head>
<body class="h-full bg-slate-950 text-slate-100">
<main id="app" class="min-h-full"></main>
<script src="/assets/network.js"></script>
</body>
</html>

444
web/pages/networkScript.js Normal file
View File

@@ -0,0 +1,444 @@
const state = {
requests: [],
selectedID: null,
activeTab: "preview",
query: "",
streamStatus: "connecting",
};
const app = document.getElementById("app");
function init() {
render();
connectStream();
}
function connectStream() {
const es = new EventSource("/stream");
es.onopen = () => {
state.streamStatus = "connected";
render();
};
es.onerror = () => {
state.streamStatus = "disconnected";
render();
};
es.onmessage = (event) => {
const record = JSON.parse(event.data);
const foundIdx = state.requests.findIndex((req) => req.ID === record.ID);
if (foundIdx >= 0) {
state.requests[foundIdx] = record;
} else {
state.requests.unshift(record);
}
render();
};
}
function render() {
const selected = getSelected();
app.innerHTML = `
<section class="flex min-h-dvh flex-col bg-slate-950">
${renderHeader()}
<div class="grid min-h-0 flex-1 grid-cols-1 overflow-hidden lg:grid-cols-[28rem_minmax(0,1fr)]">
${renderRequestList()}
${renderInspector(selected, false)}
</div>
${selected ? renderMobileSheet(selected) : ""}
</section>
`;
bindEvents();
renderPreview(selected);
}
function renderHeader() {
return `
<header class="border-b border-slate-800 bg-slate-900/80 px-4 py-3 backdrop-blur">
<div class="flex flex-wrap items-center gap-3">
<div>
<h1 class="text-lg font-semibold tracking-tight">Conduit Monitor</h1>
<p class="text-xs text-slate-400">Live tunnel traffic inspector</p>
</div>
<span class="ml-auto rounded-full px-3 py-1 text-xs font-medium ${streamStatusClass()}">${state.streamStatus}</span>
<button data-action="clear" class="rounded-lg border border-slate-700 px-3 py-1.5 text-sm text-slate-200 hover:bg-slate-800">Clear</button>
</div>
</header>
`;
}
function renderRequestList() {
const filtered = filteredRequests();
return `
<aside class="min-h-0 border-r border-slate-800 bg-slate-950 lg:flex lg:flex-col">
<div class="border-b border-slate-800 p-3">
<label class="sr-only" for="search">Search requests</label>
<input id="search" data-input="query" value="${escapeAttr(state.query)}" placeholder="Search path, method, status, type..." class="w-full rounded-xl border border-slate-800 bg-slate-900 px-3 py-2 text-sm outline-none ring-blue-500 placeholder:text-slate-500 focus:ring-2" />
<div class="mt-2 text-xs text-slate-500">${filtered.length} of ${state.requests.length} requests</div>
</div>
<div class="max-h-[calc(100dvh-9rem)] overflow-auto lg:max-h-none lg:flex-1">
${filtered.length === 0 ? renderEmptyList() : filtered.map(renderRequestRow).join("")}
</div>
</aside>
`;
}
function renderRequestRow(req) {
const selected = req.ID === state.selectedID;
const url = parseURL(req.URL);
return `
<button data-select="${req.ID}" class="block w-full border-b border-slate-900 px-4 py-3 text-left transition ${selected ? "bg-blue-950/70" : "hover:bg-slate-900"}">
<div class="flex items-center gap-2">
<span class="rounded-md px-2 py-0.5 text-xs font-bold ${methodClass(req.Method)}">${escapeHTML(req.Method || "-")}</span>
<span class="rounded-md px-2 py-0.5 text-xs font-semibold ${statusClass(req.Status)}">${req.Status || "pending"}</span>
<span class="ml-auto text-xs text-slate-500">${formatTime(req.Time)}</span>
</div>
<div class="mt-2 truncate font-mono text-sm text-slate-100">${escapeHTML(url.path)}</div>
<div class="mt-1 flex items-center gap-2 truncate text-xs text-slate-500">
<span class="truncate">${escapeHTML(url.host || req.SourceAddr || "unknown")}</span>
<span>•</span>
<span class="truncate">${escapeHTML(req.ResponseBodyType || req.RequestBodyType || "no content type")}</span>
</div>
</button>
`;
}
function renderInspector(selected, mobile) {
if (!selected) {
return `
<section class="hidden min-h-0 items-center justify-center bg-slate-950 p-8 lg:flex">
<div class="max-w-md text-center">
<div class="mx-auto mb-4 flex h-12 w-12 items-center justify-center rounded-2xl bg-slate-900 text-2xl">↯</div>
<h2 class="text-lg font-semibold">No request selected</h2>
<p class="mt-2 text-sm text-slate-400">Send traffic through a tunnel, then select a request to inspect headers, bodies, and previews.</p>
</div>
</section>
`;
}
const wrapperClass = mobile ? "flex h-full flex-col bg-slate-950" : "hidden min-h-0 flex-col bg-slate-950 lg:flex";
return `
<section class="${wrapperClass}">
${renderInspectorHeader(selected, mobile)}
${renderTabs()}
<div class="min-h-0 flex-1 overflow-auto p-4">
${renderActiveTab(selected)}
</div>
</section>
`;
}
function renderMobileSheet(selected) {
return `
<div class="fixed inset-0 z-50 bg-slate-950 lg:hidden">
${renderInspector(selected, true)}
</div>
`;
}
function renderInspectorHeader(req, mobile) {
const url = parseURL(req.URL);
return `
<div class="border-b border-slate-800 p-4">
<div class="flex items-start gap-3">
${mobile ? `<button data-action="close" class="rounded-lg border border-slate-700 px-3 py-1.5 text-sm">Back</button>` : ""}
<div class="min-w-0 flex-1">
<div class="flex flex-wrap items-center gap-2">
<span class="rounded-md px-2 py-0.5 text-xs font-bold ${methodClass(req.Method)}">${escapeHTML(req.Method || "-")}</span>
<span class="rounded-md px-2 py-0.5 text-xs font-semibold ${statusClass(req.Status)}">${req.Status || "pending"}</span>
<span class="text-xs text-slate-500">${formatTime(req.Time)}</span>
</div>
<h2 class="mt-2 truncate font-mono text-base font-semibold">${escapeHTML(url.path)}</h2>
<p class="mt-1 truncate text-xs text-slate-500">${escapeHTML(req.URL || "")}</p>
</div>
<button data-copy="${escapeAttr(req.URL || "")}" class="rounded-lg border border-slate-700 px-3 py-1.5 text-sm hover:bg-slate-800">Copy URL</button>
</div>
</div>
`;
}
function renderTabs() {
return `
<nav class="flex gap-1 overflow-x-auto border-b border-slate-800 px-3 py-2">
${["preview", "overview", "request", "response"].map((tab) => `
<button data-tab="${tab}" class="rounded-lg px-3 py-1.5 text-sm font-medium capitalize ${state.activeTab === tab ? "bg-blue-600 text-white" : "text-slate-400 hover:bg-slate-900 hover:text-slate-100"}">${tab}</button>
`).join("")}
</nav>
`;
}
function renderActiveTab(req) {
if (state.activeTab === "overview") return renderOverview(req);
if (state.activeTab === "request") return renderMessage(req, "Request");
if (state.activeTab === "response") return renderMessage(req, "Response");
return `<div data-preview-root></div>`;
}
function renderOverview(req) {
return `
<div class="grid gap-3 sm:grid-cols-2 xl:grid-cols-3">
${summaryCard("Method", req.Method || "-")}
${summaryCard("Status", req.Status || "pending")}
${summaryCard("Source", req.SourceAddr || "-")}
${summaryCard("Request Body", bodySummary(req, "Request"))}
${summaryCard("Response Body", bodySummary(req, "Response"))}
${summaryCard("Content Type", req.ResponseBodyType || req.RequestBodyType || "-")}
</div>
`;
}
function renderMessage(req, prefix) {
const headers = req[`${prefix}Headers`] || {};
const body = decodeBody(req[`${prefix}Body`]);
return `
<div class="space-y-4">
<section>
<div class="mb-2 flex items-center justify-between gap-2">
<h3 class="font-semibold">Headers</h3>
<button data-copy="${escapeAttr(formatHeaders(headers))}" class="rounded-lg border border-slate-700 px-3 py-1 text-xs hover:bg-slate-800">Copy</button>
</div>
<pre class="overflow-auto rounded-xl border border-slate-800 bg-slate-900 p-3 text-xs text-slate-300">${escapeHTML(formatHeaders(headers) || "No headers")}</pre>
</section>
<section>
<div class="mb-2 flex items-center justify-between gap-2">
<h3 class="font-semibold">Body</h3>
<button data-copy="${escapeAttr(body)}" class="rounded-lg border border-slate-700 px-3 py-1 text-xs hover:bg-slate-800">Copy</button>
</div>
<p class="mb-2 text-xs text-slate-500">${escapeHTML(bodySummary(req, prefix))}</p>
<pre class="max-h-[32rem] overflow-auto rounded-xl border border-slate-800 bg-slate-900 p-3 text-xs text-slate-300">${escapeHTML(formatBody(body, req[`${prefix}BodyType`]))}</pre>
</section>
</div>
`;
}
function renderPreview(selected) {
const roots = document.querySelectorAll("[data-preview-root]");
if (roots.length === 0 || !selected) return;
roots.forEach((root) => renderPreviewInto(root, selected));
}
function renderPreviewInto(root, selected) {
const contentType = selected.ResponseBodyType || "";
const body = selected.ResponseBody;
if (!selected.ResponseBodyCaptured || !body) {
root.innerHTML = renderPreviewEmpty(selected);
return;
}
if (isImage(contentType)) {
root.innerHTML = `<div class="rounded-xl border border-slate-800 bg-slate-900 p-4"><img class="mx-auto max-h-[70dvh] max-w-full rounded-lg" alt="Response preview" src="data:${escapeAttr(contentType)};base64,${body}" /></div>`;
return;
}
const decoded = decodeBody(body);
if (isHTML(contentType)) {
root.innerHTML = `<iframe title="Response HTML preview" sandbox class="h-[70dvh] w-full rounded-xl border border-slate-800 bg-white"></iframe>`;
root.querySelector("iframe").srcdoc = decoded;
return;
}
root.innerHTML = `<pre class="max-h-[70dvh] overflow-auto rounded-xl border border-slate-800 bg-slate-900 p-4 text-sm text-slate-300">${escapeHTML(formatBody(decoded, contentType))}</pre>`;
}
function renderPreviewEmpty(req) {
const reason = req.ResponseBodySkipped || "No captured response body is available.";
return `
<div class="rounded-xl border border-dashed border-slate-700 p-8 text-center">
<h3 class="font-semibold">Nothing to preview</h3>
<p class="mt-2 text-sm text-slate-400">${escapeHTML(reason)}</p>
<p class="mt-1 text-xs text-slate-500">${escapeHTML(bodySummary(req, "Response"))}</p>
</div>
`;
}
function bindEvents() {
document.querySelectorAll("[data-select]").forEach((el) => {
el.addEventListener("click", () => {
state.selectedID = el.dataset.select;
state.activeTab = "preview";
render();
});
});
document.querySelectorAll("[data-tab]").forEach((el) => {
el.addEventListener("click", () => {
state.activeTab = el.dataset.tab;
render();
});
});
document.querySelectorAll("[data-action='clear']").forEach((el) => {
el.addEventListener("click", () => {
state.requests = [];
state.selectedID = null;
render();
});
});
document.querySelectorAll("[data-action='close']").forEach((el) => {
el.addEventListener("click", () => {
state.selectedID = null;
render();
});
});
document.querySelectorAll("[data-copy]").forEach((el) => {
el.addEventListener("click", () => navigator.clipboard?.writeText(el.dataset.copy || ""));
});
const search = document.querySelector("[data-input='query']");
if (search) {
search.addEventListener("input", (event) => {
state.query = event.target.value;
render();
document.querySelector("[data-input='query']")?.focus();
});
}
}
function filteredRequests() {
const query = state.query.trim().toLowerCase();
if (!query) return state.requests;
return state.requests.filter((req) => [
req.URL,
req.Method,
String(req.Status || "pending"),
req.SourceAddr,
req.RequestBodyType,
req.ResponseBodyType,
].some((value) => String(value || "").toLowerCase().includes(query)));
}
function getSelected() {
return state.requests.find((req) => req.ID === state.selectedID) || null;
}
function parseURL(raw) {
try {
const parsed = new URL(raw, window.location.origin);
return { host: parsed.host, path: `${parsed.pathname}${parsed.search}` || raw };
} catch {
return { host: "", path: raw || "-" };
}
}
function decodeBody(base64Data) {
if (!base64Data) return "";
const binary = atob(base64Data);
const bytes = Uint8Array.from(binary, (char) => char.charCodeAt(0));
return new TextDecoder().decode(bytes);
}
function formatBody(body, contentType = "") {
if (isJSON(contentType)) {
try {
return JSON.stringify(JSON.parse(body), null, 2);
} catch {
return body;
}
}
return body || "No body";
}
function formatHeaders(headers) {
return Object.entries(headers || {})
.map(([key, values]) => `${key}: ${Array.isArray(values) ? values.join(", ") : values}`)
.join("\n");
}
function bodySummary(req, prefix) {
const size = req[`${prefix}BodySize`];
const captured = req[`${prefix}BodyCaptured`];
const truncated = req[`${prefix}BodyTruncated`];
const skipped = req[`${prefix}BodySkipped`];
if (captured) return `${formatBytes(size)} captured${truncated ? " (truncated)" : ""}`;
if (skipped) return skipped;
if (size > 0) return `${formatBytes(size)} not captured`;
return "No body";
}
function summaryCard(label, value) {
return `<div class="rounded-xl border border-slate-800 bg-slate-900 p-4"><div class="text-xs uppercase tracking-wide text-slate-500">${escapeHTML(label)}</div><div class="mt-1 break-words text-sm font-medium text-slate-100">${escapeHTML(String(value))}</div></div>`;
}
function renderEmptyList() {
return `<div class="p-8 text-center text-sm text-slate-500">No requests yet. Start sending traffic through your tunnel.</div>`;
}
function isJSON(contentType) {
return /(^|\/)json($|;)|\+json($|;)/i.test(contentType || "");
}
function isHTML(contentType) {
return /text\/html/i.test(contentType || "");
}
function isImage(contentType) {
return /^image\/(png|jpe?g|gif|webp|svg\+xml)/i.test(contentType || "");
}
function methodClass(method) {
return {
GET: "bg-emerald-500/15 text-emerald-300",
POST: "bg-blue-500/15 text-blue-300",
PUT: "bg-amber-500/15 text-amber-300",
PATCH: "bg-purple-500/15 text-purple-300",
DELETE: "bg-red-500/15 text-red-300",
}[method] || "bg-slate-700 text-slate-200";
}
function statusClass(status) {
if (!status) return "bg-slate-700 text-slate-300";
if (status < 300) return "bg-emerald-500/15 text-emerald-300";
if (status < 400) return "bg-blue-500/15 text-blue-300";
if (status < 500) return "bg-amber-500/15 text-amber-300";
return "bg-red-500/15 text-red-300";
}
function streamStatusClass() {
if (state.streamStatus === "connected") return "bg-emerald-500/15 text-emerald-300";
if (state.streamStatus === "connecting") return "bg-amber-500/15 text-amber-300";
return "bg-red-500/15 text-red-300";
}
function formatTime(time) {
if (!time) return "-";
return new Date(time).toLocaleTimeString();
}
function formatBytes(bytes) {
if (!bytes || bytes < 0) return "unknown size";
if (bytes < 1024) return `${bytes} B`;
if (bytes < 1024 * 1024) return `${(bytes / 1024).toFixed(1)} KiB`;
return `${(bytes / 1024 / 1024).toFixed(1)} MiB`;
}
function escapeHTML(value) {
return String(value ?? "").replace(/[&<>'"]/g, (char) => ({
"&": "&amp;",
"<": "&lt;",
">": "&gt;",
"'": "&#39;",
'"': "&quot;",
})[char]);
}
function escapeAttr(value) {
return escapeHTML(value).replace(/`/g, "&#96;");
}
init();

96
web/web.go Normal file
View File

@@ -0,0 +1,96 @@
package web
import (
"context"
"encoding/json"
"fmt"
"net/http"
log "github.com/sirupsen/logrus"
"reichard.io/conduit/store"
"reichard.io/conduit/web/pages"
)
type WebServer struct {
store store.TunnelStore
server *http.Server
}
func NewWebServer(store store.TunnelStore) *WebServer {
return &WebServer{store: store}
}
func (s *WebServer) Start(ctx context.Context) error {
log.Info("started tunnel monitor at :8181")
defer log.Info("stopped tunnel monitor")
rootMux := http.NewServeMux()
rootMux.HandleFunc("/", s.handleRoot)
rootMux.HandleFunc("/assets/network.js", s.handleNetworkScript)
rootMux.HandleFunc("/stream", s.handleStream)
s.server = &http.Server{
Addr: ":8181",
Handler: rootMux,
}
// Context & Cleanup
go func() {
<-ctx.Done()
s.server.Shutdown(ctx)
}()
// Start Tunnel Monitor
if err := s.server.ListenAndServe(); err != nil && err != http.ErrServerClosed {
return err
}
return nil
}
func (s *WebServer) Stop(ctx context.Context) error {
if s.server == nil {
return nil
}
return s.server.Shutdown(ctx)
}
func (s *WebServer) handleStream(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/event-stream")
w.Header().Set("Cache-Control", "no-cache")
w.Header().Set("Connection", "keep-alive")
// Flusher Interface Upgrade
flusher, ok := w.(http.Flusher)
if !ok {
http.Error(w, "Streaming unsupported", http.StatusInternalServerError)
return
}
// Stream Data
ch := s.store.Subscribe()
done := r.Context().Done()
for {
select {
case record, ok := <-ch:
if !ok {
return
}
data, _ := json.Marshal(record)
_, _ = fmt.Fprintf(w, "data: %s\n\n", data)
flusher.Flush()
case <-done:
return
}
}
}
func (s *WebServer) handleRoot(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/html; charset=utf-8")
_, _ = w.Write([]byte(pages.NetworkHTML()))
}
func (s *WebServer) handleNetworkScript(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/javascript; charset=utf-8")
_, _ = w.Write([]byte(pages.NetworkScript()))
}