| [98] | 1 | package soju
|
|---|
| [1] | 2 |
|
|---|
| 3 | import (
|
|---|
| 4 | "fmt"
|
|---|
| [37] | 5 | "log"
|
|---|
| [472] | 6 | "mime"
|
|---|
| [1] | 7 | "net"
|
|---|
| [323] | 8 | "net/http"
|
|---|
| [449] | 9 | "strings"
|
|---|
| [24] | 10 | "sync"
|
|---|
| [323] | 11 | "sync/atomic"
|
|---|
| [67] | 12 | "time"
|
|---|
| [1] | 13 |
|
|---|
| 14 | "gopkg.in/irc.v3"
|
|---|
| [323] | 15 | "nhooyr.io/websocket"
|
|---|
| [370] | 16 |
|
|---|
| 17 | "git.sr.ht/~emersion/soju/config"
|
|---|
| [1] | 18 | )
|
|---|
| 19 |
|
|---|
| [67] | 20 | // TODO: make configurable
|
|---|
| [398] | 21 | var retryConnectDelay = time.Minute
|
|---|
| [206] | 22 | var connectTimeout = 15 * time.Second
|
|---|
| [205] | 23 | var writeTimeout = 10 * time.Second
|
|---|
| [398] | 24 | var upstreamMessageDelay = 2 * time.Second
|
|---|
| 25 | var upstreamMessageBurst = 10
|
|---|
| [67] | 26 |
|
|---|
| [9] | 27 | type Logger interface {
|
|---|
| 28 | Print(v ...interface{})
|
|---|
| 29 | Printf(format string, v ...interface{})
|
|---|
| 30 | }
|
|---|
| 31 |
|
|---|
| [21] | 32 | type prefixLogger struct {
|
|---|
| 33 | logger Logger
|
|---|
| 34 | prefix string
|
|---|
| 35 | }
|
|---|
| 36 |
|
|---|
| 37 | var _ Logger = (*prefixLogger)(nil)
|
|---|
| 38 |
|
|---|
| 39 | func (l *prefixLogger) Print(v ...interface{}) {
|
|---|
| 40 | v = append([]interface{}{l.prefix}, v...)
|
|---|
| 41 | l.logger.Print(v...)
|
|---|
| 42 | }
|
|---|
| 43 |
|
|---|
| 44 | func (l *prefixLogger) Printf(format string, v ...interface{}) {
|
|---|
| 45 | v = append([]interface{}{l.prefix}, v...)
|
|---|
| 46 | l.logger.Printf("%v"+format, v...)
|
|---|
| 47 | }
|
|---|
| 48 |
|
|---|
| [10] | 49 | type Server struct {
|
|---|
| [370] | 50 | Hostname string
|
|---|
| 51 | Logger Logger
|
|---|
| 52 | HistoryLimit int
|
|---|
| 53 | LogPath string
|
|---|
| 54 | Debug bool
|
|---|
| 55 | HTTPOrigins []string
|
|---|
| 56 | AcceptProxyIPs config.IPSet
|
|---|
| [385] | 57 | Identd *Identd // can be nil
|
|---|
| [22] | 58 |
|
|---|
| [531] | 59 | db Database
|
|---|
| [449] | 60 | stopWG sync.WaitGroup
|
|---|
| [77] | 61 |
|
|---|
| [449] | 62 | lock sync.Mutex
|
|---|
| 63 | listeners map[net.Listener]struct{}
|
|---|
| 64 | users map[string]*user
|
|---|
| [10] | 65 | }
|
|---|
| 66 |
|
|---|
| [531] | 67 | func NewServer(db Database) *Server {
|
|---|
| [37] | 68 | return &Server{
|
|---|
| [319] | 69 | Logger: log.New(log.Writer(), "", log.LstdFlags),
|
|---|
| 70 | HistoryLimit: 1000,
|
|---|
| [449] | 71 | db: db,
|
|---|
| 72 | listeners: make(map[net.Listener]struct{}),
|
|---|
| [319] | 73 | users: make(map[string]*user),
|
|---|
| [37] | 74 | }
|
|---|
| 75 | }
|
|---|
| 76 |
|
|---|
| [5] | 77 | func (s *Server) prefix() *irc.Prefix {
|
|---|
| 78 | return &irc.Prefix{Name: s.Hostname}
|
|---|
| 79 | }
|
|---|
| 80 |
|
|---|
| [449] | 81 | func (s *Server) Start() error {
|
|---|
| [77] | 82 | users, err := s.db.ListUsers()
|
|---|
| 83 | if err != nil {
|
|---|
| 84 | return err
|
|---|
| 85 | }
|
|---|
| [71] | 86 |
|
|---|
| [77] | 87 | s.lock.Lock()
|
|---|
| [378] | 88 | for i := range users {
|
|---|
| 89 | s.addUserLocked(&users[i])
|
|---|
| [71] | 90 | }
|
|---|
| [37] | 91 | s.lock.Unlock()
|
|---|
| 92 |
|
|---|
| [449] | 93 | return nil
|
|---|
| [10] | 94 | }
|
|---|
| 95 |
|
|---|
| [449] | 96 | func (s *Server) Shutdown() {
|
|---|
| 97 | s.lock.Lock()
|
|---|
| 98 | for ln := range s.listeners {
|
|---|
| 99 | if err := ln.Close(); err != nil {
|
|---|
| 100 | s.Logger.Printf("failed to stop listener: %v", err)
|
|---|
| 101 | }
|
|---|
| 102 | }
|
|---|
| 103 | for _, u := range s.users {
|
|---|
| 104 | u.events <- eventStop{}
|
|---|
| 105 | }
|
|---|
| 106 | s.lock.Unlock()
|
|---|
| 107 |
|
|---|
| 108 | s.stopWG.Wait()
|
|---|
| 109 | }
|
|---|
| 110 |
|
|---|
| [329] | 111 | func (s *Server) createUser(user *User) (*user, error) {
|
|---|
| 112 | s.lock.Lock()
|
|---|
| 113 | defer s.lock.Unlock()
|
|---|
| 114 |
|
|---|
| 115 | if _, ok := s.users[user.Username]; ok {
|
|---|
| 116 | return nil, fmt.Errorf("user %q already exists", user.Username)
|
|---|
| 117 | }
|
|---|
| 118 |
|
|---|
| 119 | err := s.db.StoreUser(user)
|
|---|
| 120 | if err != nil {
|
|---|
| 121 | return nil, fmt.Errorf("could not create user in db: %v", err)
|
|---|
| 122 | }
|
|---|
| 123 |
|
|---|
| [378] | 124 | return s.addUserLocked(user), nil
|
|---|
| [329] | 125 | }
|
|---|
| 126 |
|
|---|
| [38] | 127 | func (s *Server) getUser(name string) *user {
|
|---|
| 128 | s.lock.Lock()
|
|---|
| 129 | u := s.users[name]
|
|---|
| 130 | s.lock.Unlock()
|
|---|
| 131 | return u
|
|---|
| 132 | }
|
|---|
| 133 |
|
|---|
| [378] | 134 | func (s *Server) addUserLocked(user *User) *user {
|
|---|
| 135 | s.Logger.Printf("starting bouncer for user %q", user.Username)
|
|---|
| 136 | u := newUser(s, user)
|
|---|
| 137 | s.users[u.Username] = u
|
|---|
| 138 |
|
|---|
| [449] | 139 | s.stopWG.Add(1)
|
|---|
| 140 |
|
|---|
| [378] | 141 | go func() {
|
|---|
| 142 | u.run()
|
|---|
| 143 |
|
|---|
| 144 | s.lock.Lock()
|
|---|
| 145 | delete(s.users, u.Username)
|
|---|
| 146 | s.lock.Unlock()
|
|---|
| [449] | 147 |
|
|---|
| 148 | s.stopWG.Done()
|
|---|
| [378] | 149 | }()
|
|---|
| 150 |
|
|---|
| 151 | return u
|
|---|
| 152 | }
|
|---|
| 153 |
|
|---|
| [323] | 154 | var lastDownstreamID uint64 = 0
|
|---|
| 155 |
|
|---|
| [347] | 156 | func (s *Server) handle(ic ircConn) {
|
|---|
| [323] | 157 | id := atomic.AddUint64(&lastDownstreamID, 1)
|
|---|
| [347] | 158 | dc := newDownstreamConn(s, ic, id)
|
|---|
| [323] | 159 | if err := dc.runUntilRegistered(); err != nil {
|
|---|
| 160 | dc.logger.Print(err)
|
|---|
| 161 | } else {
|
|---|
| 162 | dc.user.events <- eventDownstreamConnected{dc}
|
|---|
| 163 | if err := dc.readMessages(dc.user.events); err != nil {
|
|---|
| 164 | dc.logger.Print(err)
|
|---|
| 165 | }
|
|---|
| 166 | dc.user.events <- eventDownstreamDisconnected{dc}
|
|---|
| 167 | }
|
|---|
| 168 | dc.Close()
|
|---|
| 169 | }
|
|---|
| 170 |
|
|---|
| [3] | 171 | func (s *Server) Serve(ln net.Listener) error {
|
|---|
| [449] | 172 | s.lock.Lock()
|
|---|
| 173 | s.listeners[ln] = struct{}{}
|
|---|
| 174 | s.lock.Unlock()
|
|---|
| 175 |
|
|---|
| 176 | s.stopWG.Add(1)
|
|---|
| 177 |
|
|---|
| 178 | defer func() {
|
|---|
| 179 | s.lock.Lock()
|
|---|
| 180 | delete(s.listeners, ln)
|
|---|
| 181 | s.lock.Unlock()
|
|---|
| 182 |
|
|---|
| 183 | s.stopWG.Done()
|
|---|
| 184 | }()
|
|---|
| 185 |
|
|---|
| [1] | 186 | for {
|
|---|
| [323] | 187 | conn, err := ln.Accept()
|
|---|
| [449] | 188 | // TODO: use net.ErrClosed when available
|
|---|
| 189 | if err != nil && strings.Contains(err.Error(), "use of closed network connection") {
|
|---|
| 190 | return nil
|
|---|
| 191 | } else if err != nil {
|
|---|
| [1] | 192 | return fmt.Errorf("failed to accept connection: %v", err)
|
|---|
| 193 | }
|
|---|
| 194 |
|
|---|
| [347] | 195 | go s.handle(newNetIRCConn(conn))
|
|---|
| [1] | 196 | }
|
|---|
| 197 | }
|
|---|
| [323] | 198 |
|
|---|
| 199 | func (s *Server) ServeHTTP(w http.ResponseWriter, req *http.Request) {
|
|---|
| 200 | conn, err := websocket.Accept(w, req, &websocket.AcceptOptions{
|
|---|
| 201 | OriginPatterns: s.HTTPOrigins,
|
|---|
| 202 | })
|
|---|
| 203 | if err != nil {
|
|---|
| 204 | s.Logger.Printf("failed to serve HTTP connection: %v", err)
|
|---|
| 205 | return
|
|---|
| 206 | }
|
|---|
| [345] | 207 |
|
|---|
| [370] | 208 | isProxy := false
|
|---|
| [345] | 209 | if host, _, err := net.SplitHostPort(req.RemoteAddr); err == nil {
|
|---|
| 210 | if ip := net.ParseIP(host); ip != nil {
|
|---|
| [370] | 211 | isProxy = s.AcceptProxyIPs.Contains(ip)
|
|---|
| [345] | 212 | }
|
|---|
| 213 | }
|
|---|
| 214 |
|
|---|
| [474] | 215 | // Only trust the Forwarded header field if this is a trusted proxy IP
|
|---|
| [345] | 216 | // to prevent users from spoofing the remote address
|
|---|
| [344] | 217 | remoteAddr := req.RemoteAddr
|
|---|
| [472] | 218 | if isProxy {
|
|---|
| 219 | forwarded := parseForwarded(req.Header)
|
|---|
| [473] | 220 | if forwarded["for"] != "" {
|
|---|
| 221 | remoteAddr = forwarded["for"]
|
|---|
| [472] | 222 | }
|
|---|
| [344] | 223 | }
|
|---|
| [345] | 224 |
|
|---|
| [347] | 225 | s.handle(newWebsocketIRCConn(conn, remoteAddr))
|
|---|
| [323] | 226 | }
|
|---|
| [472] | 227 |
|
|---|
| 228 | func parseForwarded(h http.Header) map[string]string {
|
|---|
| 229 | forwarded := h.Get("Forwarded")
|
|---|
| 230 | if forwarded == "" {
|
|---|
| [474] | 231 | return map[string]string{
|
|---|
| 232 | "for": h.Get("X-Forwarded-For"),
|
|---|
| 233 | "proto": h.Get("X-Forwarded-Proto"),
|
|---|
| 234 | "host": h.Get("X-Forwarded-Host"),
|
|---|
| 235 | }
|
|---|
| [472] | 236 | }
|
|---|
| 237 | // Hack to easily parse header parameters
|
|---|
| 238 | _, params, _ := mime.ParseMediaType("hack; " + forwarded)
|
|---|
| 239 | return params
|
|---|
| 240 | }
|
|---|
