Context Navigation

source: code/trunk/morty.go@ 118

Last change on this file since 118 was 118, checked in by asciimoo, 5 years ago
[enh] handle get form parameters
File size: 28.0 KB

Rev	Line
[1]	1	package main
	2
	3	import (
	4	"bytes"
	5	"crypto/hmac"
	6	"crypto/sha256"
[67]	7	"encoding/base64"
[1]	8	"encoding/hex"
	9	"errors"
	10	"flag"
	11	"fmt"
	12	"io"
	13	"log"
[68]	14	"mime"
[1]	15	"net/url"
[78]	16	"os"
[68]	17	"path/filepath"
[1]	18	"regexp"
	19	"strings"
[4]	20	"time"
[60]	21	"unicode/utf8"
[1]	22
	23	"github.com/valyala/fasthttp"
[109]	24	"github.com/valyala/fasthttp/fasthttpproxy"
[1]	25	"golang.org/x/net/html"
[45]	26	"golang.org/x/net/html/charset"
	27	"golang.org/x/text/encoding"
[68]	28
	29	"github.com/asciimoo/morty/contenttype"
[1]	30	)
	31
	32	const (
	33	STATE_DEFAULT int = 0
	34	STATE_IN_STYLE int = 1
	35	STATE_IN_NOSCRIPT int = 2
	36	)
	37
[77]	38	const VERSION = "v0.2.0"
[74]	39
[100]	40	var DEBUG = os.Getenv("DEBUG") != "false"
[96]	41
[1]	42	var CLIENT *fasthttp.Client = &fasthttp.Client{
	43	MaxResponseBodySize: 10 * 1024 * 1024, // 10M
[113]	44	ReadBufferSize: 16 * 1024, // 16K
[1]	45	}
	46
[27]	47	var CSS_URL_REGEXP regexp.Regexp = regexp.MustCompile("url\\((['\"]?)[ \\t\\f]([\u0009\u0021\u0023-\u0026\u0028\u002a-\u007E]+)(['\"]?)\\)?")
[1]	48
[68]	49	var ALLOWED_CONTENTTYPE_FILTER contenttype.Filter = contenttype.NewFilterOr([]contenttype.Filter{
	50	// html
	51	contenttype.NewFilterEquals("text", "html", ""),
	52	contenttype.NewFilterEquals("application", "xhtml", "xml"),
	53	// css
	54	contenttype.NewFilterEquals("text", "css", ""),
	55	// images
	56	contenttype.NewFilterEquals("image", "gif", ""),
	57	contenttype.NewFilterEquals("image", "png", ""),
	58	contenttype.NewFilterEquals("image", "jpeg", ""),
	59	contenttype.NewFilterEquals("image", "pjpeg", ""),
	60	contenttype.NewFilterEquals("image", "webp", ""),
	61	contenttype.NewFilterEquals("image", "tiff", ""),
	62	contenttype.NewFilterEquals("image", "vnd.microsoft.icon", ""),
	63	contenttype.NewFilterEquals("image", "bmp", ""),
	64	contenttype.NewFilterEquals("image", "x-ms-bmp", ""),
[88]	65	contenttype.NewFilterEquals("image", "x-icon", ""),
[68]	66	// fonts
	67	contenttype.NewFilterEquals("application", "font-otf", ""),
	68	contenttype.NewFilterEquals("application", "font-ttf", ""),
	69	contenttype.NewFilterEquals("application", "font-woff", ""),
	70	contenttype.NewFilterEquals("application", "vnd.ms-fontobject", ""),
	71	})
	72
	73	var ALLOWED_CONTENTTYPE_ATTACHMENT_FILTER contenttype.Filter = contenttype.NewFilterOr([]contenttype.Filter{
	74	// texts
	75	contenttype.NewFilterEquals("text", "csv", ""),
[103]	76	contenttype.NewFilterEquals("text", "tab-separated-values", ""),
[68]	77	contenttype.NewFilterEquals("text", "plain", ""),
	78	// API
	79	contenttype.NewFilterEquals("application", "json", ""),
	80	// Documents
	81	contenttype.NewFilterEquals("application", "x-latex", ""),
	82	contenttype.NewFilterEquals("application", "pdf", ""),
	83	contenttype.NewFilterEquals("application", "vnd.oasis.opendocument.text", ""),
	84	contenttype.NewFilterEquals("application", "vnd.oasis.opendocument.spreadsheet", ""),
	85	contenttype.NewFilterEquals("application", "vnd.oasis.opendocument.presentation", ""),
	86	contenttype.NewFilterEquals("application", "vnd.oasis.opendocument.graphics", ""),
	87	// Compressed archives
	88	contenttype.NewFilterEquals("application", "zip", ""),
	89	contenttype.NewFilterEquals("application", "gzip", ""),
	90	contenttype.NewFilterEquals("application", "x-compressed", ""),
	91	contenttype.NewFilterEquals("application", "x-gtar", ""),
	92	contenttype.NewFilterEquals("application", "x-compress", ""),
	93	// Generic binary
	94	contenttype.NewFilterEquals("application", "octet-stream", ""),
	95	})
	96
	97	var ALLOWED_CONTENTTYPE_PARAMETERS map[string]bool = map[string]bool{
	98	"charset": true,
	99	}
	100
[1]	101	var UNSAFE_ELEMENTS [][]byte = [][]byte{
	102	[]byte("applet"),
	103	[]byte("canvas"),
	104	[]byte("embed"),
	105	//[]byte("iframe"),
[46]	106	[]byte("math"),
[1]	107	[]byte("script"),
[46]	108	[]byte("svg"),
[1]	109	}
	110
	111	var SAFE_ATTRIBUTES [][]byte = [][]byte{
	112	[]byte("abbr"),
	113	[]byte("accesskey"),
	114	[]byte("align"),
	115	[]byte("alt"),
[13]	116	[]byte("as"),
[1]	117	[]byte("autocomplete"),
	118	[]byte("charset"),
	119	[]byte("checked"),
	120	[]byte("class"),
	121	[]byte("content"),
	122	[]byte("contenteditable"),
	123	[]byte("contextmenu"),
	124	[]byte("dir"),
	125	[]byte("for"),
	126	[]byte("height"),
	127	[]byte("hidden"),
[46]	128	[]byte("hreflang"),
[1]	129	[]byte("id"),
	130	[]byte("lang"),
	131	[]byte("media"),
	132	[]byte("method"),
	133	[]byte("name"),
	134	[]byte("nowrap"),
	135	[]byte("placeholder"),
	136	[]byte("property"),
	137	[]byte("rel"),
	138	[]byte("spellcheck"),
	139	[]byte("tabindex"),
	140	[]byte("target"),
	141	[]byte("title"),
	142	[]byte("translate"),
	143	[]byte("type"),
	144	[]byte("value"),
	145	[]byte("width"),
	146	}
	147
[46]	148	var LINK_REL_SAFE_VALUES [][]byte = [][]byte{
	149	[]byte("alternate"),
	150	[]byte("archives"),
	151	[]byte("author"),
	152	[]byte("copyright"),
	153	[]byte("first"),
	154	[]byte("help"),
	155	[]byte("icon"),
	156	[]byte("index"),
	157	[]byte("last"),
	158	[]byte("license"),
	159	[]byte("manifest"),
	160	[]byte("next"),
	161	[]byte("pingback"),
	162	[]byte("prev"),
	163	[]byte("publisher"),
	164	[]byte("search"),
	165	[]byte("shortcut icon"),
	166	[]byte("stylesheet"),
	167	[]byte("up"),
	168	}
	169
	170	var LINK_HTTP_EQUIV_SAFE_VALUES [][]byte = [][]byte{
	171	// X-UA-Compatible will be added automaticaly, so it can be skipped
	172	[]byte("date"),
	173	[]byte("last-modified"),
[50]	174	[]byte("refresh"), // URL rewrite
[46]	175	// []byte("location"), TODO URL rewrite
	176	[]byte("content-language"),
	177	}
	178
[1]	179	type Proxy struct {
[4]	180	Key []byte
	181	RequestTimeout time.Duration
[1]	182	}
	183
	184	type RequestConfig struct {
	185	Key []byte
[23]	186	BaseURL *url.URL
[1]	187	}
	188
[2]	189	var HTML_FORM_EXTENSION string = `<input type="hidden" name="mortyurl" value="%s" /><input type="hidden" name="mortyhash" value="%s" />`
[1]	190
	191	var HTML_BODY_EXTENSION string = `
[72]	192	<input type="checkbox" id="mortytoggle" autocomplete="off" />
[1]	193	<div id="mortyheader">
[72]	194	<p>This is a <a href="https://github.com/asciimoo/morty">proxified and sanitized</a> view of the page,<br />visit <a href="%s" rel="noreferrer">original site</a>.</p><p><label for="mortytoggle">hide</label></p>
[1]	195	</div>
	196	<style>
[67]	197	#mortyheader { position: fixed; margin: 0; box-sizing: border-box; -webkit-box-sizing: border-box; top: 15%%; left: 0; max-width: 140px; overflow: hidden; z-index: 2147483647 !important; font-size: 12px; line-height: normal; border-width: 4px 4px 4px 0; border-style: solid; border-color: #1abc9c; background: #FFF; padding: 12px 12px 8px 8px; color: #444; }
	198	#mortyheader * { box-sizing: content-box; margin: 0; border: none; padding: 0; overflow: hidden; z-index: 2147483647 !important; line-height: 1em; font-size: 12px !important; font-family: sans !important; font-weight: normal; text-align: left; text-decoration: none; }
	199	#mortyheader p { padding: 0 0 0.7em 0; display: block; }
	200	#mortyheader a { color: #3498db; font-weight: bold; display: inline; }
	201	#mortyheader label { text-align: right; cursor: pointer; display: block; color: #444; }
[1]	202	input[type=checkbox]#mortytoggle { display: none; }
[72]	203	input[type=checkbox]#mortytoggle:checked ~ div { display: none; visibility: hidden; }
[1]	204	</style>
	205	`
	206
[46]	207	var HTML_HEAD_CONTENT_TYPE string = `<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
	208	<meta http-equiv="X-UA-Compatible" content="IE=edge">
[67]	209	<meta name="referrer" content="no-referrer">
[46]	210	`
[45]	211
[69]	212	var MORTY_HTML_PAGE_START string = `<!doctype html>
	213	<html>
	214	<head>
	215	<title>MortyProxy</title>
	216	<meta name="viewport" content="width=device-width, initial-scale=1 , maximum-scale=1.0, user-scalable=1" />
	217	<style>
	218	html { height: 100%; }
	219	body { min-height : 100%; display: flex; flex-direction:column; font-family: 'Garamond', 'Georgia', serif; text-align: center; color: #444; background: #FAFAFA; margin: 0; padding: 0; font-size: 1.1em; }
	220	input { border: 1px solid #888; padding: 0.3em; color: #444; background: #FFF; font-size: 1.1em; }
	221	input[placeholder] { width:80%; }
	222	a { text-decoration: none; #2980b9; }
	223	h1, h2 { font-weight: 200; margin-bottom: 2rem; }
	224	h1 { font-size: 3em; }
	225	.container { flex:1; min-height: 100%; margin-bottom: 1em; }
	226	.footer { margin: 1em; }
	227	.footer p { font-size: 0.8em; }
	228	</style>
	229	</head>
	230	<body>
	231	<div class="container">
	232	<h1>MortyProxy</h1>
	233	`
	234
	235	var MORTY_HTML_PAGE_END string = `
	236	</div>
	237	<div class="footer">
	238	<p>Morty rewrites web pages to exclude malicious HTML tags and CSS/HTML attributes. It also replaces external resource references to prevent third-party information leaks.<br />
	239	<a href="https://github.com/asciimoo/morty">view on github</a>
	240	</p>
	241	</div>
	242	</body>
	243	</html>`
	244
[67]	245	var FAVICON_BYTES []byte
	246
	247	func init() {
	248	FaviconBase64 := "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQEAYAAABPYyMiAAAABmJLR0T///////8JWPfcAAAACXBIWXMAAABIAAAASABGyWs+AAAAF0lEQVRIx2NgGAWjYBSMglEwCkbBSAcACBAAAeaR9cIAAAAASUVORK5CYII"
	249
	250	FAVICON_BYTES, _ = base64.StdEncoding.DecodeString(FaviconBase64)
	251	}
	252
[1]	253	func (p Proxy) RequestHandler(ctx fasthttp.RequestCtx) {
[10]	254
	255	if appRequestHandler(ctx) {
	256	return
	257	}
	258
[1]	259	requestHash := popRequestParam(ctx, []byte("mortyhash"))
	260
	261	requestURI := popRequestParam(ctx, []byte("mortyurl"))
	262
	263	if requestURI == nil {
[35]	264	p.serveMainPage(ctx, 200, nil)
[1]	265	return
	266	}
	267
	268	if p.Key != nil {
	269	if !verifyRequestURI(requestURI, requestHash, p.Key) {
[35]	270	// HTTP status code 403 : Forbidden
	271	p.serveMainPage(ctx, 403, errors.New(`invalid "mortyhash" parameter`))
[1]	272	return
	273	}
	274	}
	275
[118]	276	requestURIQuery := ctx.QueryArgs().QueryString()
	277	if len(requestURIQuery) > 0 {
	278	requestURI = append(requestURI, '?')
	279	requestURI = append(requestURI, requestURIQuery...)
	280	}
	281
[97]	282	parsedURI, err := url.Parse(string(requestURI))
[1]	283
[11]	284	if err != nil {
[35]	285	// HTTP status code 500 : Internal Server Error
	286	p.serveMainPage(ctx, 500, err)
[1]	287	return
	288	}
	289
[69]	290	// Serve an intermediate page for protocols other than HTTP(S)
	291	if (parsedURI.Scheme != "http" && parsedURI.Scheme != "https") \|\| strings.HasSuffix(parsedURI.Host, ".onion") {
	292	p.serveExitMortyPage(ctx, parsedURI)
	293	return
	294	}
	295
[1]	296	req := fasthttp.AcquireRequest()
	297	defer fasthttp.ReleaseRequest(req)
[12]	298	req.SetConnectionClose()
[1]	299
[47]	300	requestURIStr := string(requestURI)
[1]	301
[97]	302	if DEBUG {
	303	log.Println("getting", requestURIStr)
	304	}
[1]	305
[47]	306	req.SetRequestURI(requestURIStr)
[111]	307	req.Header.SetUserAgentBytes([]byte("Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"))
[1]	308
	309	resp := fasthttp.AcquireResponse()
	310	defer fasthttp.ReleaseResponse(resp)
	311
	312	req.Header.SetMethodBytes(ctx.Method())
	313	if ctx.IsPost() \|\| ctx.IsPut() {
	314	req.SetBody(ctx.PostBody())
	315	}
	316
[11]	317	err = CLIENT.DoTimeout(req, resp, p.RequestTimeout)
	318
	319	if err != nil {
[35]	320	if err == fasthttp.ErrTimeout {
	321	// HTTP status code 504 : Gateway Time-Out
	322	p.serveMainPage(ctx, 504, err)
	323	} else {
	324	// HTTP status code 500 : Internal Server Error
	325	p.serveMainPage(ctx, 500, err)
	326	}
[1]	327	return
	328	}
	329
	330	if resp.StatusCode() != 200 {
	331	switch resp.StatusCode() {
[7]	332	case 301, 302, 303, 307, 308:
[1]	333	loc := resp.Header.Peek("Location")
	334	if loc != nil {
[97]	335	rc := &RequestConfig{Key: p.Key, BaseURL: parsedURI}
	336	url, err := rc.ProxifyURI(loc)
	337	if err == nil {
	338	ctx.SetStatusCode(resp.StatusCode())
	339	ctx.Response.Header.Add("Location", url)
	340	if DEBUG {
	341	log.Println("redirect to", string(loc))
[96]	342	}
[1]	343	return
	344	}
	345	}
	346	}
[47]	347	error_message := fmt.Sprintf("invalid response: %d (%s)", resp.StatusCode(), requestURIStr)
[37]	348	p.serveMainPage(ctx, resp.StatusCode(), errors.New(error_message))
[1]	349	return
	350	}
	351
[68]	352	contentTypeBytes := resp.Header.Peek("Content-Type")
[1]	353
[68]	354	if contentTypeBytes == nil {
[35]	355	// HTTP status code 503 : Service Unavailable
	356	p.serveMainPage(ctx, 503, errors.New("invalid content type"))
[1]	357	return
	358	}
	359
[68]	360	contentTypeString := string(contentTypeBytes)
	361
	362	// decode Content-Type header
	363	contentType, error := contenttype.ParseContentType(contentTypeString)
	364	if error != nil {
	365	// HTTP status code 503 : Service Unavailable
	366	p.serveMainPage(ctx, 503, errors.New("invalid content type"))
[63]	367	return
	368	}
	369
[68]	370	// content-disposition
	371	contentDispositionBytes := ctx.Request.Header.Peek("Content-Disposition")
[64]	372
[68]	373	// check content type
	374	if !ALLOWED_CONTENTTYPE_FILTER(contentType) {
	375	// it is not a usual content type
	376	if ALLOWED_CONTENTTYPE_ATTACHMENT_FILTER(contentType) {
	377	// force attachment for allowed content type
	378	contentDispositionBytes = contentDispositionForceAttachment(contentDispositionBytes, parsedURI)
	379	} else {
	380	// deny access to forbidden content type
	381	// HTTP status code 403 : Forbidden
	382	p.serveMainPage(ctx, 403, errors.New("forbidden content type"))
	383	return
	384	}
	385	}
	386
	387	// HACK : replace */xhtml by text/html
	388	if contentType.SubType == "xhtml" {
	389	contentType.TopLevelType = "text"
	390	contentType.SubType = "html"
	391	contentType.Suffix = ""
	392	}
	393
	394	// conversion to UTF-8
[1]	395	var responseBody []byte
	396
[68]	397	if contentType.TopLevelType == "text" {
	398	e, ename, _ := charset.DetermineEncoding(resp.Body(), contentTypeString)
[45]	399	if (e != encoding.Nop) && (!strings.EqualFold("utf-8", ename)) {
	400	responseBody, err = e.NewDecoder().Bytes(resp.Body())
	401	if err != nil {
	402	// HTTP status code 503 : Service Unavailable
	403	p.serveMainPage(ctx, 503, err)
	404	return
	405	}
	406	} else {
	407	responseBody = resp.Body()
[1]	408	}
[68]	409	// update the charset or specify it
	410	contentType.Parameters["charset"] = "UTF-8"
[1]	411	} else {
	412	responseBody = resp.Body()
	413	}
	414
[68]	415	//
	416	contentType.FilterParameters(ALLOWED_CONTENTTYPE_PARAMETERS)
[1]	417
[68]	418	// set the content type
	419	ctx.SetContentType(contentType.String())
	420
	421	// output according to MIME type
[1]	422	switch {
[68]	423	case contentType.SubType == "css" && contentType.Suffix == "":
[23]	424	sanitizeCSS(&RequestConfig{Key: p.Key, BaseURL: parsedURI}, ctx, responseBody)
[68]	425	case contentType.SubType == "html" && contentType.Suffix == "":
[23]	426	sanitizeHTML(&RequestConfig{Key: p.Key, BaseURL: parsedURI}, ctx, responseBody)
[1]	427	default:
[68]	428	if contentDispositionBytes != nil {
	429	ctx.Response.Header.AddBytesV("Content-Disposition", contentDispositionBytes)
[39]	430	}
[1]	431	ctx.Write(responseBody)
	432	}
	433	}
	434
[68]	435	// force content-disposition to attachment
	436	func contentDispositionForceAttachment(contentDispositionBytes []byte, url *url.URL) []byte {
	437	var contentDispositionParams map[string]string
	438
	439	if contentDispositionBytes != nil {
	440	var err error
	441	_, contentDispositionParams, err = mime.ParseMediaType(string(contentDispositionBytes))
	442	if err != nil {
	443	contentDispositionParams = make(map[string]string)
	444	}
	445	} else {
	446	contentDispositionParams = make(map[string]string)
	447	}
	448
	449	_, fileNameDefined := contentDispositionParams["filename"]
	450	if !fileNameDefined {
	451	// TODO : sanitize filename
	452	contentDispositionParams["fileName"] = filepath.Base(url.Path)
	453	}
	454
	455	return []byte(mime.FormatMediaType("attachment", contentDispositionParams))
	456	}
	457
[10]	458	func appRequestHandler(ctx *fasthttp.RequestCtx) bool {
[11]	459	// serve robots.txt
[10]	460	if bytes.Equal(ctx.Path(), []byte("/robots.txt")) {
	461	ctx.SetContentType("text/plain")
	462	ctx.Write([]byte("User-Agent: *\nDisallow: /\n"))
	463	return true
	464	}
[11]	465
[67]	466	// server favicon.ico
	467	if bytes.Equal(ctx.Path(), []byte("/favicon.ico")) {
	468	ctx.SetContentType("image/png")
	469	ctx.Write(FAVICON_BYTES)
	470	return true
	471	}
	472
[10]	473	return false
	474	}
	475
[1]	476	func popRequestParam(ctx *fasthttp.RequestCtx, paramName []byte) []byte {
	477	param := ctx.QueryArgs().PeekBytes(paramName)
	478
	479	if param == nil {
	480	param = ctx.PostArgs().PeekBytes(paramName)
	481	if param != nil {
	482	ctx.PostArgs().DelBytes(paramName)
	483	}
	484	} else {
	485	ctx.QueryArgs().DelBytes(paramName)
	486	}
	487
	488	return param
	489	}
	490
[9]	491	func sanitizeCSS(rc *RequestConfig, out io.Writer, css []byte) {
[1]	492	// TODO
	493
	494	urlSlices := CSS_URL_REGEXP.FindAllSubmatchIndex(css, -1)
	495
	496	if urlSlices == nil {
[9]	497	out.Write(css)
[1]	498	return
	499	}
	500
	501	startIndex := 0
	502
	503	for _, s := range urlSlices {
[15]	504	urlStart := s[4]
	505	urlEnd := s[5]
[1]	506
[60]	507	if uri, err := rc.ProxifyURI(css[urlStart:urlEnd]); err == nil {
[9]	508	out.Write(css[startIndex:urlStart])
	509	out.Write([]byte(uri))
[1]	510	startIndex = urlEnd
[97]	511	} else if DEBUG {
[36]	512	log.Println("cannot proxify css uri:", string(css[urlStart:urlEnd]))
[1]	513	}
	514	}
	515	if startIndex < len(css) {
[9]	516	out.Write(css[startIndex:len(css)])
[1]	517	}
	518	}
	519
[9]	520	func sanitizeHTML(rc *RequestConfig, out io.Writer, htmlDoc []byte) {
[1]	521	r := bytes.NewReader(htmlDoc)
	522	decoder := html.NewTokenizer(r)
	523	decoder.AllowCDATA(true)
	524
	525	unsafeElements := make([][]byte, 0, 8)
	526	state := STATE_DEFAULT
	527	for {
	528	token := decoder.Next()
	529	if token == html.ErrorToken {
	530	err := decoder.Err()
	531	if err != io.EOF {
[97]	532	log.Println("failed to parse HTML")
[1]	533	}
	534	break
	535	}
	536
	537	if len(unsafeElements) == 0 {
	538
	539	switch token {
	540	case html.StartTagToken, html.SelfClosingTagToken:
	541	tag, hasAttrs := decoder.TagName()
	542	safe := !inArray(tag, UNSAFE_ELEMENTS)
	543	if !safe {
[116]	544	if token != html.SelfClosingTagToken {
[1]	545	var unsafeTag []byte = make([]byte, len(tag))
	546	copy(unsafeTag, tag)
	547	unsafeElements = append(unsafeElements, unsafeTag)
	548	}
	549	break
	550	}
[38]	551	if bytes.Equal(tag, []byte("base")) {
	552	for {
	553	attrName, attrValue, moreAttr := decoder.TagAttr()
[45]	554	if bytes.Equal(attrName, []byte("href")) {
	555	parsedURI, err := url.Parse(string(attrValue))
	556	if err == nil {
	557	rc.BaseURL = parsedURI
	558	}
[38]	559	}
	560	if !moreAttr {
	561	break
	562	}
	563	}
	564	break
	565	}
[1]	566	if bytes.Equal(tag, []byte("noscript")) {
	567	state = STATE_IN_NOSCRIPT
	568	break
	569	}
	570	var attrs [][][]byte
	571	if hasAttrs {
	572	for {
	573	attrName, attrValue, moreAttr := decoder.TagAttr()
[21]	574	attrs = append(attrs, [][]byte{
	575	attrName,
	576	attrValue,
	577	[]byte(html.EscapeString(string(attrValue))),
	578	})
[1]	579	if !moreAttr {
	580	break
	581	}
	582	}
[13]	583	}
	584	if bytes.Equal(tag, []byte("link")) {
	585	sanitizeLinkTag(rc, out, attrs)
	586	break
	587	}
	588
[45]	589	if bytes.Equal(tag, []byte("meta")) {
	590	sanitizeMetaTag(rc, out, attrs)
	591	break
	592	}
	593
[13]	594	fmt.Fprintf(out, "<%s", tag)
	595
	596	if hasAttrs {
[45]	597	sanitizeAttrs(rc, out, attrs)
[1]	598	}
[13]	599
[1]	600	if token == html.SelfClosingTagToken {
[9]	601	fmt.Fprintf(out, " />")
[1]	602	} else {
[9]	603	fmt.Fprintf(out, ">")
[1]	604	if bytes.Equal(tag, []byte("style")) {
	605	state = STATE_IN_STYLE
	606	}
	607	}
[13]	608
[45]	609	if bytes.Equal(tag, []byte("head")) {
[46]	610	fmt.Fprintf(out, HTML_HEAD_CONTENT_TYPE)
[45]	611	}
	612
[1]	613	if bytes.Equal(tag, []byte("form")) {
	614	var formURL *url.URL
	615	for _, attr := range attrs {
	616	if bytes.Equal(attr[0], []byte("action")) {
	617	formURL, _ = url.Parse(string(attr[1]))
[28]	618	formURL = mergeURIs(rc.BaseURL, formURL)
[1]	619	break
	620	}
	621	}
	622	if formURL == nil {
[23]	623	formURL = rc.BaseURL
[1]	624	}
[2]	625	urlStr := formURL.String()
	626	var key string
	627	if rc.Key != nil {
	628	key = hash(urlStr, rc.Key)
	629	}
[9]	630	fmt.Fprintf(out, HTML_FORM_EXTENSION, urlStr, key)
[1]	631
	632	}
	633
	634	case html.EndTagToken:
	635	tag, _ := decoder.TagName()
	636	writeEndTag := true
	637	switch string(tag) {
	638	case "body":
[23]	639	fmt.Fprintf(out, HTML_BODY_EXTENSION, rc.BaseURL.String())
[1]	640	case "style":
	641	state = STATE_DEFAULT
	642	case "noscript":
	643	state = STATE_DEFAULT
	644	writeEndTag = false
	645	}
	646	// skip noscript tags - only the tag, not the content, because javascript is sanitized
	647	if writeEndTag {
[9]	648	fmt.Fprintf(out, "</%s>", tag)
[1]	649	}
	650
	651	case html.TextToken:
	652	switch state {
	653	case STATE_DEFAULT:
[9]	654	fmt.Fprintf(out, "%s", decoder.Raw())
[1]	655	case STATE_IN_STYLE:
[9]	656	sanitizeCSS(rc, out, decoder.Raw())
[1]	657	case STATE_IN_NOSCRIPT:
[9]	658	sanitizeHTML(rc, out, decoder.Raw())
[1]	659	}
	660
[62]	661	case html.CommentToken:
	662	// ignore comment. TODO : parse IE conditional comment
	663
	664	case html.DoctypeToken:
[9]	665	out.Write(decoder.Raw())
[1]	666	}
	667	} else {
	668	switch token {
[116]	669	case html.StartTagToken, html.SelfClosingTagToken:
[1]	670	tag, _ := decoder.TagName()
	671	if inArray(tag, UNSAFE_ELEMENTS) {
	672	unsafeElements = append(unsafeElements, tag)
	673	}
	674
	675	case html.EndTagToken:
	676	tag, _ := decoder.TagName()
	677	if bytes.Equal(unsafeElements[len(unsafeElements)-1], tag) {
	678	unsafeElements = unsafeElements[:len(unsafeElements)-1]
	679	}
	680	}
	681	}
	682	}
	683	}
	684
[13]	685	func sanitizeLinkTag(rc *RequestConfig, out io.Writer, attrs [][][]byte) {
	686	exclude := false
	687	for _, attr := range attrs {
	688	attrName := attr[0]
	689	attrValue := attr[1]
	690	if bytes.Equal(attrName, []byte("rel")) {
[46]	691	if !inArray(attrValue, LINK_REL_SAFE_VALUES) {
[13]	692	exclude = true
	693	break
	694	}
	695	}
	696	if bytes.Equal(attrName, []byte("as")) {
	697	if bytes.Equal(attrValue, []byte("script")) {
	698	exclude = true
	699	break
	700	}
	701	}
	702	}
	703
	704	if !exclude {
	705	out.Write([]byte("<link"))
	706	for _, attr := range attrs {
[21]	707	sanitizeAttr(rc, out, attr[0], attr[1], attr[2])
[13]	708	}
	709	out.Write([]byte(">"))
	710	}
	711	}
	712
[45]	713	func sanitizeMetaTag(rc *RequestConfig, out io.Writer, attrs [][][]byte) {
[1]	714	var http_equiv []byte
	715	var content []byte
	716
	717	for _, attr := range attrs {
	718	attrName := attr[0]
	719	attrValue := attr[1]
	720	if bytes.Equal(attrName, []byte("http-equiv")) {
	721	http_equiv = bytes.ToLower(attrValue)
[46]	722	// exclude some <meta http-equiv="..." ..>
	723	if !inArray(http_equiv, LINK_HTTP_EQUIV_SAFE_VALUES) {
	724	return
	725	}
[1]	726	}
	727	if bytes.Equal(attrName, []byte("content")) {
	728	content = attrValue
	729	}
[45]	730	if bytes.Equal(attrName, []byte("charset")) {
	731	// exclude <meta charset="...">
	732	return
	733	}
[1]	734	}
	735
[45]	736	out.Write([]byte("<meta"))
[14]	737	urlIndex := bytes.Index(bytes.ToLower(content), []byte("url="))
	738	if bytes.Equal(http_equiv, []byte("refresh")) && urlIndex != -1 {
	739	contentUrl := content[urlIndex+4:]
[36]	740	// special case of <meta http-equiv="refresh" content="0; url='example.com/url.with.quote.outside'">
[37]	741	if len(contentUrl) >= 2 && (contentUrl[0] == byte('\'') \|\| contentUrl[0] == byte('"')) {
[36]	742	if contentUrl[0] == contentUrl[len(contentUrl)-1] {
[37]	743	contentUrl = contentUrl[1 : len(contentUrl)-1]
[36]	744	}
	745	}
	746	// output proxify result
[60]	747	if uri, err := rc.ProxifyURI(contentUrl); err == nil {
[14]	748	fmt.Fprintf(out, ` http-equiv="refresh" content="%surl=%s"`, content[:urlIndex], uri)
[1]	749	}
	750	} else {
[46]	751	if len(http_equiv) > 0 {
	752	fmt.Fprintf(out, ` http-equiv="%s"`, http_equiv)
	753	}
[9]	754	sanitizeAttrs(rc, out, attrs)
[1]	755	}
[45]	756	out.Write([]byte(">"))
[1]	757	}
	758
[9]	759	func sanitizeAttrs(rc *RequestConfig, out io.Writer, attrs [][][]byte) {
[1]	760	for _, attr := range attrs {
[21]	761	sanitizeAttr(rc, out, attr[0], attr[1], attr[2])
[1]	762	}
	763	}
	764
[21]	765	func sanitizeAttr(rc *RequestConfig, out io.Writer, attrName, attrValue, escapedAttrValue []byte) {
[1]	766	if inArray(attrName, SAFE_ATTRIBUTES) {
[21]	767	fmt.Fprintf(out, " %s=\"%s\"", attrName, escapedAttrValue)
[1]	768	return
	769	}
	770	switch string(attrName) {
	771	case "src", "href", "action":
[60]	772	if uri, err := rc.ProxifyURI(attrValue); err == nil {
[9]	773	fmt.Fprintf(out, " %s=\"%s\"", attrName, uri)
[97]	774	} else if DEBUG {
[36]	775	log.Println("cannot proxify uri:", string(attrValue))
[1]	776	}
	777	case "style":
[21]	778	cssAttr := bytes.NewBuffer(nil)
	779	sanitizeCSS(rc, cssAttr, attrValue)
	780	fmt.Fprintf(out, " %s=\"%s\"", attrName, html.EscapeString(string(cssAttr.Bytes())))
[1]	781	}
	782	}
	783
[36]	784	func mergeURIs(u1, u2 url.URL) url.URL {
[71]	785	if u2 == nil {
	786	return u1
	787	}
[28]	788	return u1.ResolveReference(u2)
[1]	789	}
	790
[60]	791	// Sanitized URI : removes all runes bellow 32 (included) as the begining and end of URI, and lower case the scheme.
	792	// avoid memory allocation (except for the scheme)
	793	func sanitizeURI(uri []byte) ([]byte, string) {
	794	first_rune_index := 0
	795	first_rune_seen := false
	796	scheme_last_index := -1
	797	buffer := bytes.NewBuffer(make([]byte, 0, 10))
	798
	799	// remove trailing space and special characters
	800	uri = bytes.TrimRight(uri, "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F\x20")
	801
	802	// loop over byte by byte
	803	for i, c := range uri {
	804	// ignore special characters and space (c <= 32)
	805	if c > 32 {
	806	// append to the lower case of the rune to buffer
	807	if c < utf8.RuneSelf && 'A' <= c && c <= 'Z' {
	808	c = c + 'a' - 'A'
	809	}
	810
	811	buffer.WriteByte(c)
	812
	813	// update the first rune index that is not a special rune
	814	if !first_rune_seen {
	815	first_rune_index = i
	816	first_rune_seen = true
	817	}
	818
	819	if c == ':' {
	820	// colon rune found, we have found the scheme
	821	scheme_last_index = i
	822	break
	823	} else if c == '/' \|\| c == '?' \|\| c == '\\' \|\| c == '#' {
	824	// special case : most probably a relative URI
	825	break
	826	}
	827	}
	828	}
	829
	830	if scheme_last_index != -1 {
	831	// scheme found
	832	// copy the "lower case without special runes scheme" before the ":" rune
	833	scheme_start_index := scheme_last_index - buffer.Len() + 1
	834	copy(uri[scheme_start_index:], buffer.Bytes())
	835	// and return the result
	836	return uri[scheme_start_index:], buffer.String()
	837	} else {
	838	// scheme NOT found
	839	return uri[first_rune_index:], ""
	840	}
	841	}
	842
	843	func (rc *RequestConfig) ProxifyURI(uri []byte) (string, error) {
	844	// sanitize URI
	845	uri, scheme := sanitizeURI(uri)
	846
[28]	847	// remove javascript protocol
[60]	848	if scheme == "javascript:" {
[28]	849	return "", nil
	850	}
[57]	851
[1]	852	// TODO check malicious data: - e.g. data:script
[60]	853	if scheme == "data:" {
[61]	854	if bytes.HasPrefix(uri, []byte("data:image/png")) \|\|
	855	bytes.HasPrefix(uri, []byte("data:image/jpeg")) \|\|
	856	bytes.HasPrefix(uri, []byte("data:image/pjpeg")) \|\|
	857	bytes.HasPrefix(uri, []byte("data:image/gif")) \|\|
	858	bytes.HasPrefix(uri, []byte("data:image/webp")) {
	859	// should be safe
	860	return string(uri), nil
	861	} else {
	862	// unsafe data
	863	return "", nil
	864	}
[1]	865	}
	866
[57]	867	// parse the uri
[60]	868	u, err := url.Parse(string(uri))
[1]	869	if err != nil {
	870	return "", err
	871	}
[57]	872
	873	// get the fragment (with the prefix "#")
	874	fragment := ""
	875	if len(u.Fragment) > 0 {
	876	fragment = "#" + u.Fragment
	877	}
	878
	879	// reset the fragment: it is not included in the mortyurl
	880	u.Fragment = ""
	881
	882	// merge the URI with the document URI
[28]	883	u = mergeURIs(rc.BaseURL, u)
[1]	884
[57]	885	// simple internal link ?
	886	// some web pages describe the whole link https://same:auth@same.host/same.path?same.query#new.fragment
	887	if u.Scheme == rc.BaseURL.Scheme &&
	888	(rc.BaseURL.User == nil \|\| (u.User != nil && u.User.String() == rc.BaseURL.User.String())) &&
	889	u.Host == rc.BaseURL.Host &&
	890	u.Path == rc.BaseURL.Path &&
	891	u.RawQuery == rc.BaseURL.RawQuery {
	892	// the fragment is the only difference between the document URI and the uri parameter
	893	return fragment, nil
	894	}
	895
	896	// return full URI and fragment (if not empty)
[60]	897	morty_uri := u.String()
[1]	898
	899	if rc.Key == nil {
[60]	900	return fmt.Sprintf("./?mortyurl=%s%s", url.QueryEscape(morty_uri), fragment), nil
[1]	901	}
[60]	902	return fmt.Sprintf("./?mortyhash=%s&mortyurl=%s%s", hash(morty_uri, rc.Key), url.QueryEscape(morty_uri), fragment), nil
[1]	903	}
	904
	905	func inArray(b []byte, a [][]byte) bool {
	906	for _, b2 := range a {
	907	if bytes.Equal(b, b2) {
	908	return true
	909	}
	910	}
	911	return false
	912	}
	913
	914	func hash(msg string, key []byte) string {
	915	mac := hmac.New(sha256.New, key)
	916	mac.Write([]byte(msg))
	917	return hex.EncodeToString(mac.Sum(nil))
	918	}
	919
	920	func verifyRequestURI(uri, hashMsg, key []byte) bool {
	921	h := make([]byte, hex.DecodedLen(len(hashMsg)))
	922	_, err := hex.Decode(h, hashMsg)
	923	if err != nil {
[97]	924	if DEBUG {
	925	log.Println("hmac error:", err)
	926	}
[1]	927	return false
	928	}
	929	mac := hmac.New(sha256.New, key)
	930	mac.Write(uri)
	931	return hmac.Equal(h, mac.Sum(nil))
	932	}
	933
[69]	934	func (p Proxy) serveExitMortyPage(ctx fasthttp.RequestCtx, uri *url.URL) {
	935	ctx.SetContentType("text/html")
	936	ctx.SetStatusCode(403)
	937	ctx.Write([]byte(MORTY_HTML_PAGE_START))
	938	ctx.Write([]byte("<h2>You are about to exit MortyProxy</h2>"))
	939	ctx.Write([]byte("<p>Following</p><p><a href=\""))
	940	ctx.Write([]byte(html.EscapeString(uri.String())))
	941	ctx.Write([]byte("\" rel=\"noreferrer\">"))
	942	ctx.Write([]byte(html.EscapeString(uri.String())))
	943	ctx.Write([]byte("</a></p><p>the content of this URL will be <b>NOT</b> sanitized.</p>"))
	944	ctx.Write([]byte(MORTY_HTML_PAGE_END))
	945	}
	946
[35]	947	func (p Proxy) serveMainPage(ctx fasthttp.RequestCtx, statusCode int, err error) {
[67]	948	ctx.SetContentType("text/html; charset=UTF-8")
[35]	949	ctx.SetStatusCode(statusCode)
[69]	950	ctx.Write([]byte(MORTY_HTML_PAGE_START))
[11]	951	if err != nil {
[97]	952	if DEBUG {
	953	log.Println("error:", err)
	954	}
[11]	955	ctx.Write([]byte("<h2>Error: "))
	956	ctx.Write([]byte(html.EscapeString(err.Error())))
	957	ctx.Write([]byte("</h2>"))
	958	}
[1]	959	if p.Key == nil {
	960	ctx.Write([]byte(`
[36]	961	<form action="post">
	962	Visit url: <input placeholder="https://url.." name="mortyurl" autofocus />
	963	<input type="submit" value="go" />
	964	</form>`))
[11]	965	} else {
	966	ctx.Write([]byte(`<h3>Warning! This instance does not support direct URL opening.</h3>`))
[1]	967	}
[69]	968	ctx.Write([]byte(MORTY_HTML_PAGE_END))
[1]	969	}
	970
	971	func main() {
[78]	972	default_listen_addr := os.Getenv("MORTY_ADDRESS")
	973	if default_listen_addr == "" {
	974	default_listen_addr = "127.0.0.1:3000"
	975	}
	976	default_key := os.Getenv("MORTY_KEY")
	977	listen := flag.String("listen", default_listen_addr, "Listen address")
[92]	978	key := flag.String("key", default_key, "HMAC url validation key (base64 encoded) - leave blank to disable validation")
[24]	979	ipv6 := flag.Bool("ipv6", false, "Allow IPv6 HTTP requests")
[74]	980	version := flag.Bool("version", false, "Show version")
[4]	981	requestTimeout := flag.Uint("timeout", 2, "Request timeout")
[109]	982	socks5 := flag.String("socks5", "", "SOCKS5 proxy")
[1]	983	flag.Parse()
	984
[74]	985	if *version {
	986	fmt.Println(VERSION)
	987	return
	988	}
	989
[24]	990	if *ipv6 {
[109]	991	CLIENT.DialDualStack = true
[24]	992	}
	993
[109]	994	if *socks5 != "" {
	995	// this disables CLIENT.DialDualStack
	996	CLIENT.Dial = fasthttpproxy.FasthttpSocksDialer(*socks5)
	997	}
	998
[4]	999	p := &Proxy{RequestTimeout: time.Duration(requestTimeout) time.Second}
[1]	1000
	1001	if *key != "" {
[92]	1002	var err error
	1003	p.Key, err = base64.StdEncoding.DecodeString(*key)
[94]	1004	if err != nil {
	1005	log.Fatal("Error parsing -key", err.Error())
	1006	os.Exit(1)
[92]	1007	}
[1]	1008	}
	1009
	1010	log.Println("listening on", *listen)
	1011
	1012	if err := fasthttp.ListenAndServe(*listen, p.RequestHandler); err != nil {
	1013	log.Fatal("Error in ListenAndServe:", err)
	1014	}
	1015	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: