evan/conduit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
conduit/server/server.go
Evan Reichard 20c1388cf4
All checks were successful
continuous-integration/drone/push Build is passing
Details
chore: better source tracking
2025-09-23 09:24:09 -04:00

235 lines
5.6 KiB
Go
Raw Blame History

package server
import (
"bufio"
"bytes"
"encoding/json"
"errors"
"fmt"
"io"
"net"
"net/http"
"net/url"
"strings"
"time"
"github.com/gorilla/websocket"
log "github.com/sirupsen/logrus"
"reichard.io/conduit/config"
"reichard.io/conduit/pkg/maps"
"reichard.io/conduit/tunnel"
)
type InfoResponse struct {
Tunnels []TunnelInfo `json:"tunnels"`
Version string `json:"version"`
}
type TunnelInfo struct {
Name string `json:"name"`
Target string `json:"target"`
}
type Server struct {
host string
cfg *config.ServerConfig
upgrader websocket.Upgrader
tunnels *maps.Map[string, *tunnel.Tunnel]
}
func NewServer(cfg *config.ServerConfig) (*Server, error) {
serverURL, err := url.Parse(cfg.ServerAddress)
if err != nil {
return nil, fmt.Errorf("failed to parse server address: %v", err)
} else if serverURL.Host == "" {
return nil, errors.New("invalid server address")
}
return &Server{
cfg: cfg,
host: serverURL.Host,
tunnels: maps.New[string, *tunnel.Tunnel](),
upgrader: websocket.Upgrader{
CheckOrigin: func(r *http.Request) bool {
return true
},
},
}, nil
}
func (s *Server) Start() error {
// Raw TCP Listener - This is necessary so we can conditionally either relay
// the raw TCP connection, or handle conduit control server API requests.
listener, err := net.Listen("tcp", s.cfg.BindAddress)
if err != nil {
return err
}
defer listener.Close()
// Start Listening
log.Infof("conduit server listening on %s", s.cfg.BindAddress)
for {
conn, err := listener.Accept()
if err != nil {
log.WithError(err).Error("error accepting connection")
continue
}
go s.handleRawConnection(conn)
}
}
func (s *Server) getInfo(w http.ResponseWriter, _ *http.Request) {
// Get Tunnels
var allTunnels []TunnelInfo
for t, c := range s.tunnels.Entries() {
allTunnels = append(allTunnels, TunnelInfo{
Name: t,
Target: c.Source(),
})
}
// Create Response
d, err := json.MarshalIndent(InfoResponse{
Tunnels: allTunnels,
Version: config.GetVersion(),
}, "", " ")
if err != nil {
log.WithError(err).Error("failed to marshal info")
w.WriteHeader(http.StatusInternalServerError)
return
}
// Send Response
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusOK)
_, _ = w.Write(d)
}
func (s *Server) handleRawConnection(conn net.Conn) {
defer conn.Close()
// Capture Consumed Data - When determining where to route the request, we
// have to read the host headers. This requires reading from the buffer, so
// if we later decide to tunnel the TCP connection we need to reconstruct the
// data from the buffer.
var capturedData bytes.Buffer
teeReader := io.TeeReader(conn, &capturedData)
bufReader := bufio.NewReader(teeReader)
// Create HTTP Request & Writer
w := &rawHTTPResponseWriter{conn: conn}
r, err := http.ReadRequest(bufReader)
if err != nil {
w.WriteHeader(http.StatusBadRequest)
return
}
defer r.Body.Close()
// Validate Host
if !strings.Contains(r.Host, s.host) {
w.WriteHeader(http.StatusBadRequest)
_, _ = fmt.Fprintf(w, "unknown host: %s", r.Host)
return
}
// Extract Subdomain
tunnelName := strings.TrimSuffix(strings.Replace(r.Host, s.host, "", 1), ".")
if strings.Count(tunnelName, ".") != 0 {
w.WriteHeader(http.StatusBadRequest)
_, _ = fmt.Fprintf(w, "cannot tunnel nested subdomains: %s", r.Host)
return
}
// Get True Host
remoteHost := conn.RemoteAddr().String()
if xff := r.Header.Get("X-Forwarded-For"); xff != "" {
remoteHost = xff
}
r.RemoteAddr = remoteHost
// Handle Control Endpoints
if tunnelName == "" {
s.handleAsHTTP(w, r)
return
}
// Handle Tunnels
conduitTunnel, exists := s.tunnels.Get(tunnelName)
if !exists {
w.WriteHeader(http.StatusNotFound)
_, _ = fmt.Fprintf(w, "unknown tunnel: %s", tunnelName)
return
}
// Add & Start Stream
reconstructedConn := newReconstructedConn(conn, &capturedData)
streamID := fmt.Sprintf("stream_%d", time.Now().UnixNano())
if err := conduitTunnel.AddStream(streamID, reconstructedConn); err != nil {
w.WriteHeader(http.StatusInternalServerError)
_, _ = fmt.Fprintf(w, "failed to add stream: %v", err)
return
}
log.Infof("tunnel %q connection from %s", tunnelName, r.RemoteAddr)
_ = conduitTunnel.StartStream(streamID, r.RemoteAddr)
}
func (s *Server) handleAsHTTP(w http.ResponseWriter, r *http.Request) {
// Authorize Control Endpoints
apiKey := r.URL.Query().Get("apiKey")
if apiKey != s.cfg.APIKey {
log.Error("unauthorized client")
w.WriteHeader(http.StatusUnauthorized)
return
}
// Handle Control Endpoints
switch r.URL.Path {
case "/_conduit/tunnel":
s.createTunnel(w, r)
case "/_conduit/info":
s.getInfo(w, r)
default:
w.WriteHeader(http.StatusNotFound)
}
}
func (s *Server) createTunnel(w http.ResponseWriter, r *http.Request) {
// Get Tunnel Name
tunnelName := r.URL.Query().Get("tunnelName")
if tunnelName == "" {
w.WriteHeader(http.StatusBadRequest)
_, _ = w.Write([]byte("Missing tunnelName parameter"))
return
}
// Validate Unique
if _, exists := s.tunnels.Get(tunnelName); exists {
w.WriteHeader(http.StatusConflict)
_, _ = w.Write([]byte("Tunnel already registered"))
return
}
// Upgrade Connection
wsConn, err := s.upgrader.Upgrade(w, r, nil)
if err != nil {
log.Errorf("websocket upgrade failed: %v", err)
return
}
// Create Tunnel
conduitTunnel := tunnel.NewServerTunnel(tunnelName, wsConn)
s.tunnels.Set(tunnelName, conduitTunnel)
log.Infof("tunnel %q created from %s", tunnelName, r.RemoteAddr)
// Start Tunnel - This is blocking
conduitTunnel.Start()
// Cleanup Tunnel
s.tunnels.Delete(tunnelName)
_ = wsConn.Close()
log.Infof("tunnel %q closed from %s", tunnelName, r.RemoteAddr)
}
Reference in New Issue View Git Blame Copy Permalink