Context Navigation

source: code/trunk/server.go@ 375

Last change on this file since 375 was 370, checked in by contact, 5 years ago

Add accept-proxy-ip config directive

This allows to set the list of IPs allowed to act as a proxy. This is
only used for WebSockets right now, but will be expanded to TCP as well
once the PROXY protocol is supported.

File size: 3.7 KB

Rev	Line
[98]	1	package soju
[1]	2
	3	import (
	4	"fmt"
[37]	5	"log"
[1]	6	"net"
[323]	7	"net/http"
[24]	8	"sync"
[323]	9	"sync/atomic"
[67]	10	"time"
[1]	11
	12	"gopkg.in/irc.v3"
[323]	13	"nhooyr.io/websocket"
[370]	14
	15	"git.sr.ht/~emersion/soju/config"
[1]	16	)
	17
[67]	18	// TODO: make configurable
[71]	19	var retryConnectMinDelay = time.Minute
[206]	20	var connectTimeout = 15 * time.Second
[205]	21	var writeTimeout = 10 * time.Second
[67]	22
[9]	23	type Logger interface {
	24	Print(v ...interface{})
	25	Printf(format string, v ...interface{})
	26	}
	27
[21]	28	type prefixLogger struct {
	29	logger Logger
	30	prefix string
	31	}
	32
	33	var _ Logger = (*prefixLogger)(nil)
	34
	35	func (l *prefixLogger) Print(v ...interface{}) {
	36	v = append([]interface{}{l.prefix}, v...)
	37	l.logger.Print(v...)
	38	}
	39
	40	func (l *prefixLogger) Printf(format string, v ...interface{}) {
	41	v = append([]interface{}{l.prefix}, v...)
	42	l.logger.Printf("%v"+format, v...)
	43	}
	44
[10]	45	type Server struct {
[370]	46	Hostname string
	47	Logger Logger
	48	RingCap int
	49	HistoryLimit int
	50	LogPath string
	51	Debug bool
	52	HTTPOrigins []string
	53	AcceptProxyIPs config.IPSet
[22]	54
[77]	55	db *DB
	56
[172]	57	lock sync.Mutex
	58	users map[string]*user
[10]	59	}
	60
[77]	61	func NewServer(db DB) Server {
[37]	62	return &Server{
[319]	63	Logger: log.New(log.Writer(), "", log.LstdFlags),
	64	RingCap: 4096,
	65	HistoryLimit: 1000,
	66	users: make(map[string]*user),
	67	db: db,
[37]	68	}
	69	}
	70
[5]	71	func (s Server) prefix() irc.Prefix {
	72	return &irc.Prefix{Name: s.Hostname}
	73	}
	74
[77]	75	func (s *Server) Run() error {
	76	users, err := s.db.ListUsers()
	77	if err != nil {
	78	return err
	79	}
[71]	80
[77]	81	s.lock.Lock()
	82	for _, record := range users {
	83	s.Logger.Printf("starting bouncer for user %q", record.Username)
	84	u := newUser(s, &record)
	85	s.users[u.Username] = u
[71]	86
[77]	87	go u.run()
[71]	88	}
[37]	89	s.lock.Unlock()
	90
[77]	91	select {}
[10]	92	}
	93
[329]	94	func (s Server) createUser(user User) (*user, error) {
	95	s.lock.Lock()
	96	defer s.lock.Unlock()
	97
	98	if _, ok := s.users[user.Username]; ok {
	99	return nil, fmt.Errorf("user %q already exists", user.Username)
	100	}
	101
	102	err := s.db.StoreUser(user)
	103	if err != nil {
	104	return nil, fmt.Errorf("could not create user in db: %v", err)
	105	}
	106
	107	s.Logger.Printf("starting bouncer for new user %q", user.Username)
	108	u := newUser(s, user)
	109	s.users[u.Username] = u
	110	go u.run()
	111	return u, nil
	112	}
	113
[38]	114	func (s Server) getUser(name string) user {
	115	s.lock.Lock()
	116	u := s.users[name]
	117	s.lock.Unlock()
	118	return u
	119	}
	120
[323]	121	var lastDownstreamID uint64 = 0
	122
[347]	123	func (s *Server) handle(ic ircConn) {
[323]	124	id := atomic.AddUint64(&lastDownstreamID, 1)
[347]	125	dc := newDownstreamConn(s, ic, id)
[323]	126	if err := dc.runUntilRegistered(); err != nil {
	127	dc.logger.Print(err)
	128	} else {
	129	dc.user.events <- eventDownstreamConnected{dc}
	130	if err := dc.readMessages(dc.user.events); err != nil {
	131	dc.logger.Print(err)
	132	}
	133	dc.user.events <- eventDownstreamDisconnected{dc}
	134	}
	135	dc.Close()
	136	}
	137
[3]	138	func (s *Server) Serve(ln net.Listener) error {
[1]	139	for {
[323]	140	conn, err := ln.Accept()
[1]	141	if err != nil {
	142	return fmt.Errorf("failed to accept connection: %v", err)
	143	}
	144
[347]	145	go s.handle(newNetIRCConn(conn))
[1]	146	}
	147	}
[323]	148
	149	func (s Server) ServeHTTP(w http.ResponseWriter, req http.Request) {
	150	conn, err := websocket.Accept(w, req, &websocket.AcceptOptions{
	151	OriginPatterns: s.HTTPOrigins,
[348]	152	Subprotocols: []string{"irc"},
[323]	153	})
	154	if err != nil {
	155	s.Logger.Printf("failed to serve HTTP connection: %v", err)
	156	return
	157	}
[345]	158
[370]	159	isProxy := false
[345]	160	if host, _, err := net.SplitHostPort(req.RemoteAddr); err == nil {
	161	if ip := net.ParseIP(host); ip != nil {
[370]	162	isProxy = s.AcceptProxyIPs.Contains(ip)
[345]	163	}
	164	}
	165
[370]	166	// Only trust X-Forwarded-* header fields if this is a trusted proxy IP
[345]	167	// to prevent users from spoofing the remote address
[344]	168	remoteAddr := req.RemoteAddr
	169	forwardedHost := req.Header.Get("X-Forwarded-For")
	170	forwardedPort := req.Header.Get("X-Forwarded-Port")
[370]	171	if isProxy && forwardedHost != "" && forwardedPort != "" {
[344]	172	remoteAddr = net.JoinHostPort(forwardedHost, forwardedPort)
	173	}
[345]	174
[347]	175	s.handle(newWebsocketIRCConn(conn, remoteAddr))
[323]	176	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: