diff --git a/server/server.go b/server/server.go index 88fed09..d1becfd 100644 --- a/server/server.go +++ b/server/server.go @@ -2,6 +2,7 @@ package server import ( "crypto/rsa" + "crypto/tls" "crypto/x509" "encoding/pem" "errors" @@ -9,6 +10,7 @@ import ( "log" "net" "net/http" + "net/http/httputil" "net/rpc" "os" "path/filepath" @@ -17,12 +19,14 @@ import ( "git.xeserv.us/xena/route/database" "git.xeserv.us/xena/route/lib/elfs" - "git.xeserv.us/xena/route/lib/tunnel" + "git.xeserv.us/xena/route/lib/tun2" "git.xeserv.us/xena/route/routerpc" "git.xeserv.us/xena/route/utils" "github.com/Xe/uuid" "github.com/Yawning/bulb" "github.com/brandur/simplebox" + "github.com/mtneug/pkg/ulid" + "golang.org/x/crypto/acme/autocert" ) // RPC constants @@ -40,7 +44,7 @@ type Server struct { rpcS *rpc.Server rpcAddr string - ts *tunnel.Server + ts *tun2.Server CertCache *database.CertCache } @@ -51,6 +55,7 @@ type Config struct { RethinkDBHost, RethinkDBDatabase string TorDataDir, TorHashedPassword, TorPassword string WebPort, DomainSuffix, SSLPort, GRPCClientPort string + BackendPort, KCPPort string CertKey *[32]byte } @@ -99,11 +104,6 @@ func New(cfg Config) (*Server, error) { rpcs := rpc.NewServer() - ts, err := tunnel.NewServer(&tunnel.ServerConfig{}) - if err != nil { - return nil, err - } - s := &Server{ cfg: &cfg, @@ -113,33 +113,46 @@ func New(cfg Config) (*Server, error) { rpcS: rpcs, rpcAddr: l.Addr().String(), - ts: ts, - CertCache: &database.CertCache{ DB: db, }, } + m := autocert.Manager{ + Prompt: autocert.AcceptTOS, + Cache: s.CertCache, + HostPolicy: nil, + Email: "xena@yolo-swag.com", + } + if cfg.CertKey != nil { s.CertCache.SimpleBox = simplebox.NewFromSecretKey(cfg.CertKey) } + tcfg := &tun2.ServerConfig{ + TCPAddr: cfg.BackendPort, + KCPAddr: cfg.KCPPort, + TLSConfig: &tls.Config{ + GetCertificate: m.GetCertificate, + }, + Storage: s.db, + } + + ts, err := tun2.NewServer(tcfg) + if err != nil { + return nil, err + } + s.ts = ts + rpcs.RegisterName("Urls", &RPCServer{Server: s}) go rpcs.Accept(l) + log.Println("rpc at tcp://" + l.Addr().String()) err = s.restore() if err != nil { return nil, err } - grpcl, err := net.Listen("tcp", ":"+cfg.GRPCClientPort) - if err != nil { - return nil, err - } - - // XXX HACK - s.ts.AddAddr(grpcl, nil, "f3724661-af05-41bc-ad99-753b9d631f43") - return s, nil } @@ -164,12 +177,12 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { r.Header.Set("X-Remote-IP", host) r.Header.Set("X-Request-Ingress", time.Now().String()) - rid := uuid.New() + rid := ulid.New().String() r.Header.Set("X-Request-Id", rid) w.Header().Set("X-Request-Id", rid) // http://www.gnuterrypratchett.com/ - w.Header().Set("X-Clacks-Overhead", "GNU Terry Pratchett") + w.Header().Set("X-Clacks-Overhead", "GNU Ashlynn") if strings.HasSuffix(r.Host, ".onion") { w.Header().Add("DNT", "1") @@ -179,7 +192,13 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { s.rpcS.ServeHTTP(w, r) return } - s.ts.ServeHTTP(w, r) + + rp := &httputil.ReverseProxy{ + Transport: s.ts, + FlushInterval: 1 * time.Second, + } + + rp.ServeHTTP(w, r) } func (s *Server) restore() error { @@ -202,9 +221,6 @@ func (s *Server) restore() error { return err } - s.ts.AddHost(rt.Hostname, rt.Token) - s.ts.AddHost(rt.OnionHostname, rt.Token) - log.Printf("added: %s (%s)", rt.Hostname, rt.OnionHostname) } @@ -248,13 +264,10 @@ func (rs *RPCServer) AddHost(req routerpc.AddHostRequest, resp *routerpc.AddHost resp.PrivKey = pKey if req.Hostname != "" { - rs.Server.ts.AddHost(req.Hostname, token) resp.Hostname = req.Hostname } else { resp.Hostname = elfs.MakeName() + rs.cfg.DomainSuffix - rs.ts.AddHost(resp.Hostname, token) } - rs.Server.ts.AddHost(resp.OnionHostname, token) err = rs.db.SaveRoute(resp) if err != nil {