Context Navigation

source: code/trunk/morty.go@ 130

Last change on this file since 130 was 130, checked in by asciimoo, 5 years ago
[fix] cleanup rebase
File size: 29.7 KB

Rev	Line
[1]	1	package main
	2
	3	import (
	4	"bytes"
	5	"crypto/hmac"
	6	"crypto/sha256"
[67]	7	"encoding/base64"
[1]	8	"encoding/hex"
	9	"errors"
	10	"flag"
	11	"fmt"
[121]	12	"html/template"
[1]	13	"io"
	14	"log"
[68]	15	"mime"
[1]	16	"net/url"
[78]	17	"os"
[68]	18	"path/filepath"
[1]	19	"regexp"
	20	"strings"
[4]	21	"time"
[60]	22	"unicode/utf8"
[1]	23
	24	"github.com/valyala/fasthttp"
[109]	25	"github.com/valyala/fasthttp/fasthttpproxy"
[1]	26	"golang.org/x/net/html"
[45]	27	"golang.org/x/net/html/charset"
	28	"golang.org/x/text/encoding"
[68]	29
[127]	30	"github.com/asciimoo/morty/config"
[68]	31	"github.com/asciimoo/morty/contenttype"
[1]	32	)
	33
	34	const (
	35	STATE_DEFAULT int = 0
	36	STATE_IN_STYLE int = 1
	37	STATE_IN_NOSCRIPT int = 2
	38	)
	39
[77]	40	const VERSION = "v0.2.0"
[74]	41
[1]	42	var CLIENT *fasthttp.Client = &fasthttp.Client{
	43	MaxResponseBodySize: 10 * 1024 * 1024, // 10M
[113]	44	ReadBufferSize: 16 * 1024, // 16K
[1]	45	}
	46
[127]	47	var cfg *config.Config = config.DefaultConfig
[1]	48
[68]	49	var ALLOWED_CONTENTTYPE_FILTER contenttype.Filter = contenttype.NewFilterOr([]contenttype.Filter{
	50	// html
	51	contenttype.NewFilterEquals("text", "html", ""),
	52	contenttype.NewFilterEquals("application", "xhtml", "xml"),
	53	// css
	54	contenttype.NewFilterEquals("text", "css", ""),
	55	// images
	56	contenttype.NewFilterEquals("image", "gif", ""),
	57	contenttype.NewFilterEquals("image", "png", ""),
	58	contenttype.NewFilterEquals("image", "jpeg", ""),
	59	contenttype.NewFilterEquals("image", "pjpeg", ""),
	60	contenttype.NewFilterEquals("image", "webp", ""),
	61	contenttype.NewFilterEquals("image", "tiff", ""),
	62	contenttype.NewFilterEquals("image", "vnd.microsoft.icon", ""),
	63	contenttype.NewFilterEquals("image", "bmp", ""),
	64	contenttype.NewFilterEquals("image", "x-ms-bmp", ""),
[88]	65	contenttype.NewFilterEquals("image", "x-icon", ""),
[68]	66	// fonts
	67	contenttype.NewFilterEquals("application", "font-otf", ""),
	68	contenttype.NewFilterEquals("application", "font-ttf", ""),
	69	contenttype.NewFilterEquals("application", "font-woff", ""),
	70	contenttype.NewFilterEquals("application", "vnd.ms-fontobject", ""),
	71	})
	72
	73	var ALLOWED_CONTENTTYPE_ATTACHMENT_FILTER contenttype.Filter = contenttype.NewFilterOr([]contenttype.Filter{
	74	// texts
	75	contenttype.NewFilterEquals("text", "csv", ""),
[103]	76	contenttype.NewFilterEquals("text", "tab-separated-values", ""),
[68]	77	contenttype.NewFilterEquals("text", "plain", ""),
	78	// API
	79	contenttype.NewFilterEquals("application", "json", ""),
	80	// Documents
	81	contenttype.NewFilterEquals("application", "x-latex", ""),
	82	contenttype.NewFilterEquals("application", "pdf", ""),
	83	contenttype.NewFilterEquals("application", "vnd.oasis.opendocument.text", ""),
	84	contenttype.NewFilterEquals("application", "vnd.oasis.opendocument.spreadsheet", ""),
	85	contenttype.NewFilterEquals("application", "vnd.oasis.opendocument.presentation", ""),
	86	contenttype.NewFilterEquals("application", "vnd.oasis.opendocument.graphics", ""),
	87	// Compressed archives
	88	contenttype.NewFilterEquals("application", "zip", ""),
	89	contenttype.NewFilterEquals("application", "gzip", ""),
	90	contenttype.NewFilterEquals("application", "x-compressed", ""),
	91	contenttype.NewFilterEquals("application", "x-gtar", ""),
	92	contenttype.NewFilterEquals("application", "x-compress", ""),
	93	// Generic binary
	94	contenttype.NewFilterEquals("application", "octet-stream", ""),
	95	})
	96
	97	var ALLOWED_CONTENTTYPE_PARAMETERS map[string]bool = map[string]bool{
	98	"charset": true,
	99	}
	100
[1]	101	var UNSAFE_ELEMENTS [][]byte = [][]byte{
	102	[]byte("applet"),
	103	[]byte("canvas"),
	104	[]byte("embed"),
	105	//[]byte("iframe"),
[46]	106	[]byte("math"),
[1]	107	[]byte("script"),
[46]	108	[]byte("svg"),
[1]	109	}
	110
	111	var SAFE_ATTRIBUTES [][]byte = [][]byte{
	112	[]byte("abbr"),
	113	[]byte("accesskey"),
	114	[]byte("align"),
	115	[]byte("alt"),
[13]	116	[]byte("as"),
[1]	117	[]byte("autocomplete"),
	118	[]byte("charset"),
	119	[]byte("checked"),
	120	[]byte("class"),
	121	[]byte("content"),
	122	[]byte("contenteditable"),
	123	[]byte("contextmenu"),
	124	[]byte("dir"),
	125	[]byte("for"),
	126	[]byte("height"),
	127	[]byte("hidden"),
[46]	128	[]byte("hreflang"),
[1]	129	[]byte("id"),
	130	[]byte("lang"),
	131	[]byte("media"),
	132	[]byte("method"),
	133	[]byte("name"),
	134	[]byte("nowrap"),
	135	[]byte("placeholder"),
	136	[]byte("property"),
	137	[]byte("rel"),
	138	[]byte("spellcheck"),
	139	[]byte("tabindex"),
	140	[]byte("target"),
	141	[]byte("title"),
	142	[]byte("translate"),
	143	[]byte("type"),
	144	[]byte("value"),
	145	[]byte("width"),
	146	}
	147
[46]	148	var LINK_REL_SAFE_VALUES [][]byte = [][]byte{
	149	[]byte("alternate"),
	150	[]byte("archives"),
	151	[]byte("author"),
	152	[]byte("copyright"),
	153	[]byte("first"),
	154	[]byte("help"),
	155	[]byte("icon"),
	156	[]byte("index"),
	157	[]byte("last"),
	158	[]byte("license"),
	159	[]byte("manifest"),
	160	[]byte("next"),
	161	[]byte("pingback"),
	162	[]byte("prev"),
	163	[]byte("publisher"),
	164	[]byte("search"),
	165	[]byte("shortcut icon"),
	166	[]byte("stylesheet"),
	167	[]byte("up"),
	168	}
	169
	170	var LINK_HTTP_EQUIV_SAFE_VALUES [][]byte = [][]byte{
	171	// X-UA-Compatible will be added automaticaly, so it can be skipped
	172	[]byte("date"),
	173	[]byte("last-modified"),
[50]	174	[]byte("refresh"), // URL rewrite
[46]	175	// []byte("location"), TODO URL rewrite
	176	[]byte("content-language"),
	177	}
	178
[127]	179	var CSS_URL_REGEXP regexp.Regexp = regexp.MustCompile("url\\((['\"]?)[ \\t\\f]([\u0009\u0021\u0023-\u0026\u0028\u002a-\u007E]+)(['\"]?)\\)?")
	180
[1]	181	type Proxy struct {
[4]	182	Key []byte
	183	RequestTimeout time.Duration
[1]	184	}
	185
	186	type RequestConfig struct {
[124]	187	Key []byte
	188	BaseURL *url.URL
	189	BodyInjected bool
[1]	190	}
	191
[121]	192	type HTMLBodyExtParam struct {
	193	BaseURL string
	194	HasMortyKey bool
	195	}
[1]	196
[121]	197	type HTMLFormExtParam struct {
[122]	198	BaseURL string
	199	MortyHash string
[121]	200	}
[1]	201
[121]	202	var HTML_FORM_EXTENSION *template.Template
	203	var HTML_BODY_EXTENSION *template.Template
[46]	204	var HTML_HEAD_CONTENT_TYPE string = `<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
	205	<meta http-equiv="X-UA-Compatible" content="IE=edge">
[67]	206	<meta name="referrer" content="no-referrer">
[46]	207	`
[45]	208
[69]	209	var MORTY_HTML_PAGE_START string = `<!doctype html>
	210	<html>
	211	<head>
	212	<title>MortyProxy</title>
	213	<meta name="viewport" content="width=device-width, initial-scale=1 , maximum-scale=1.0, user-scalable=1" />
	214	<style>
	215	html { height: 100%; }
	216	body { min-height : 100%; display: flex; flex-direction:column; font-family: 'Garamond', 'Georgia', serif; text-align: center; color: #444; background: #FAFAFA; margin: 0; padding: 0; font-size: 1.1em; }
	217	input { border: 1px solid #888; padding: 0.3em; color: #444; background: #FFF; font-size: 1.1em; }
	218	input[placeholder] { width:80%; }
	219	a { text-decoration: none; #2980b9; }
	220	h1, h2 { font-weight: 200; margin-bottom: 2rem; }
	221	h1 { font-size: 3em; }
	222	.container { flex:1; min-height: 100%; margin-bottom: 1em; }
	223	.footer { margin: 1em; }
	224	.footer p { font-size: 0.8em; }
	225	</style>
	226	</head>
	227	<body>
	228	<div class="container">
	229	<h1>MortyProxy</h1>
	230	`
	231
	232	var MORTY_HTML_PAGE_END string = `
	233	</div>
	234	<div class="footer">
	235	<p>Morty rewrites web pages to exclude malicious HTML tags and CSS/HTML attributes. It also replaces external resource references to prevent third-party information leaks.<br />
	236	<a href="https://github.com/asciimoo/morty">view on github</a>
	237	</p>
	238	</div>
	239	</body>
	240	</html>`
	241
[67]	242	var FAVICON_BYTES []byte
	243
	244	func init() {
	245	FaviconBase64 := "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQEAYAAABPYyMiAAAABmJLR0T///////8JWPfcAAAACXBIWXMAAABIAAAASABGyWs+AAAAF0lEQVRIx2NgGAWjYBSMglEwCkbBSAcACBAAAeaR9cIAAAAASUVORK5CYII"
	246
	247	FAVICON_BYTES, _ = base64.StdEncoding.DecodeString(FaviconBase64)
[121]	248	var err error
	249	HTML_FORM_EXTENSION, err = template.New("html_form_extension").Parse(
[123]	250	`<input type="hidden" name="mortyurl" value="{{.BaseURL}}" />{{if .MortyHash}}<input type="hidden" name="mortyhash" value="{{.MortyHash}}" />{{end}}`)
[121]	251	if err != nil {
	252	panic(err)
	253	}
	254	HTML_BODY_EXTENSION, err = template.New("html_body_extension").Parse(`
	255	<input type="checkbox" id="mortytoggle" autocomplete="off" />
	256	<div id="mortyheader">
	257	<form method="get">
	258	<label for="mortytoggle">hide</label>
	259	<span><a href="/">Morty Proxy</a></span>
	260	<input type="url" value="{{.BaseURL}}" name="mortyurl" {{if .HasMortyKey }}readonly="true"{{end}} />
	261	This is a <a href="https://github.com/asciimoo/morty">proxified and sanitized</a> view of the page, visit <a href="{{.BaseURL}}" rel="noreferrer">original site</a>.
	262	</form>
	263	</div>
	264	<style>
	265	body{ position: absolute !important; top: 42px !important; left: 0 !important; right: 0 !important; bottom: 0 !important; }
	266	#mortyheader { position: fixed; margin: 0; box-sizing: border-box; -webkit-box-sizing: border-box; top: 0; left: 0; right: 0; z-index: 2147483647 !important; font-size: 12px; line-height: normal; border-width: 0px 0px 2px 0; border-style: solid; border-color: #AAAAAA; background: #FFF; padding: 4px; color: #444; height: 42px; }
[126]	267	#mortyheader * { padding: 0; margin: 0; }
[121]	268	#mortyheader p { padding: 0 0 0.7em 0; display: block; }
	269	#mortyheader a { color: #3498db; font-weight: bold; display: inline; }
	270	#mortyheader label { text-align: right; cursor: pointer; position: fixed; right: 4px; top: 4px; display: block; color: #444; }
	271	#mortyheader > form > span { font-size: 24px; font-weight: bold; margin-right: 20px; margin-left: 20px; }
	272	input[type=checkbox]#mortytoggle { display: none; }
	273	input[type=checkbox]#mortytoggle:checked ~ div { display: none; visibility: hidden; }
	274	#mortyheader input[type=url] { width: 50%; padding: 4px; font-size: 16px; }
	275	</style>
	276	`)
	277	if err != nil {
	278	panic(err)
	279	}
[67]	280	}
	281
[1]	282	func (p Proxy) RequestHandler(ctx fasthttp.RequestCtx) {
[10]	283
	284	if appRequestHandler(ctx) {
	285	return
	286	}
	287
[1]	288	requestHash := popRequestParam(ctx, []byte("mortyhash"))
	289
	290	requestURI := popRequestParam(ctx, []byte("mortyurl"))
	291
	292	if requestURI == nil {
[35]	293	p.serveMainPage(ctx, 200, nil)
[1]	294	return
	295	}
	296
	297	if p.Key != nil {
	298	if !verifyRequestURI(requestURI, requestHash, p.Key) {
[35]	299	// HTTP status code 403 : Forbidden
	300	p.serveMainPage(ctx, 403, errors.New(`invalid "mortyhash" parameter`))
[1]	301	return
	302	}
	303	}
	304
[118]	305	requestURIQuery := ctx.QueryArgs().QueryString()
	306	if len(requestURIQuery) > 0 {
[125]	307	if bytes.ContainsRune(requestURI, '?') {
	308	requestURI = append(requestURI, '&')
	309	} else {
	310	requestURI = append(requestURI, '?')
	311	}
[118]	312	requestURI = append(requestURI, requestURIQuery...)
	313	}
	314
[97]	315	parsedURI, err := url.Parse(string(requestURI))
[1]	316
[11]	317	if err != nil {
[35]	318	// HTTP status code 500 : Internal Server Error
	319	p.serveMainPage(ctx, 500, err)
[1]	320	return
	321	}
	322
[120]	323	if parsedURI.Scheme == "" {
	324	requestURI = append([]byte("https://"), requestURI...)
[128]	325	parsedURI, err = url.Parse(string(requestURI))
	326	if err != nil {
	327	p.serveMainPage(ctx, 500, err)
	328	return
	329	}
[120]	330	}
	331
[69]	332	// Serve an intermediate page for protocols other than HTTP(S)
	333	if (parsedURI.Scheme != "http" && parsedURI.Scheme != "https") \|\| strings.HasSuffix(parsedURI.Host, ".onion") {
	334	p.serveExitMortyPage(ctx, parsedURI)
	335	return
	336	}
	337
[1]	338	req := fasthttp.AcquireRequest()
	339	defer fasthttp.ReleaseRequest(req)
[12]	340	req.SetConnectionClose()
[1]	341
[47]	342	requestURIStr := string(requestURI)
[1]	343
[127]	344	if cfg.Debug {
[129]	345	log.Println(string(ctx.Method()), requestURIStr)
[97]	346	}
[1]	347
[47]	348	req.SetRequestURI(requestURIStr)
[111]	349	req.Header.SetUserAgentBytes([]byte("Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"))
[1]	350
	351	resp := fasthttp.AcquireResponse()
	352	defer fasthttp.ReleaseResponse(resp)
	353
	354	req.Header.SetMethodBytes(ctx.Method())
	355	if ctx.IsPost() \|\| ctx.IsPut() {
	356	req.SetBody(ctx.PostBody())
	357	}
	358
[11]	359	err = CLIENT.DoTimeout(req, resp, p.RequestTimeout)
	360
	361	if err != nil {
[35]	362	if err == fasthttp.ErrTimeout {
	363	// HTTP status code 504 : Gateway Time-Out
	364	p.serveMainPage(ctx, 504, err)
	365	} else {
	366	// HTTP status code 500 : Internal Server Error
	367	p.serveMainPage(ctx, 500, err)
	368	}
[1]	369	return
	370	}
	371
	372	if resp.StatusCode() != 200 {
	373	switch resp.StatusCode() {
[7]	374	case 301, 302, 303, 307, 308:
[1]	375	loc := resp.Header.Peek("Location")
	376	if loc != nil {
[97]	377	rc := &RequestConfig{Key: p.Key, BaseURL: parsedURI}
	378	url, err := rc.ProxifyURI(loc)
	379	if err == nil {
	380	ctx.SetStatusCode(resp.StatusCode())
	381	ctx.Response.Header.Add("Location", url)
[127]	382	if cfg.Debug {
[97]	383	log.Println("redirect to", string(loc))
[96]	384	}
[1]	385	return
	386	}
	387	}
	388	}
[47]	389	error_message := fmt.Sprintf("invalid response: %d (%s)", resp.StatusCode(), requestURIStr)
[37]	390	p.serveMainPage(ctx, resp.StatusCode(), errors.New(error_message))
[1]	391	return
	392	}
	393
[68]	394	contentTypeBytes := resp.Header.Peek("Content-Type")
[1]	395
[68]	396	if contentTypeBytes == nil {
[35]	397	// HTTP status code 503 : Service Unavailable
	398	p.serveMainPage(ctx, 503, errors.New("invalid content type"))
[1]	399	return
	400	}
	401
[68]	402	contentTypeString := string(contentTypeBytes)
	403
	404	// decode Content-Type header
	405	contentType, error := contenttype.ParseContentType(contentTypeString)
	406	if error != nil {
	407	// HTTP status code 503 : Service Unavailable
	408	p.serveMainPage(ctx, 503, errors.New("invalid content type"))
[63]	409	return
	410	}
	411
[68]	412	// content-disposition
	413	contentDispositionBytes := ctx.Request.Header.Peek("Content-Disposition")
[64]	414
[68]	415	// check content type
	416	if !ALLOWED_CONTENTTYPE_FILTER(contentType) {
	417	// it is not a usual content type
	418	if ALLOWED_CONTENTTYPE_ATTACHMENT_FILTER(contentType) {
	419	// force attachment for allowed content type
	420	contentDispositionBytes = contentDispositionForceAttachment(contentDispositionBytes, parsedURI)
	421	} else {
	422	// deny access to forbidden content type
	423	// HTTP status code 403 : Forbidden
[129]	424	p.serveMainPage(ctx, 403, errors.New("forbidden content type "+parsedURI.String()))
[68]	425	return
	426	}
	427	}
	428
	429	// HACK : replace */xhtml by text/html
	430	if contentType.SubType == "xhtml" {
	431	contentType.TopLevelType = "text"
	432	contentType.SubType = "html"
	433	contentType.Suffix = ""
	434	}
	435
	436	// conversion to UTF-8
[1]	437	var responseBody []byte
	438
[68]	439	if contentType.TopLevelType == "text" {
	440	e, ename, _ := charset.DetermineEncoding(resp.Body(), contentTypeString)
[45]	441	if (e != encoding.Nop) && (!strings.EqualFold("utf-8", ename)) {
	442	responseBody, err = e.NewDecoder().Bytes(resp.Body())
	443	if err != nil {
	444	// HTTP status code 503 : Service Unavailable
	445	p.serveMainPage(ctx, 503, err)
	446	return
	447	}
	448	} else {
	449	responseBody = resp.Body()
[1]	450	}
[68]	451	// update the charset or specify it
	452	contentType.Parameters["charset"] = "UTF-8"
[1]	453	} else {
	454	responseBody = resp.Body()
	455	}
	456
[68]	457	//
	458	contentType.FilterParameters(ALLOWED_CONTENTTYPE_PARAMETERS)
[1]	459
[68]	460	// set the content type
	461	ctx.SetContentType(contentType.String())
	462
	463	// output according to MIME type
[1]	464	switch {
[68]	465	case contentType.SubType == "css" && contentType.Suffix == "":
[23]	466	sanitizeCSS(&RequestConfig{Key: p.Key, BaseURL: parsedURI}, ctx, responseBody)
[68]	467	case contentType.SubType == "html" && contentType.Suffix == "":
[124]	468	rc := &RequestConfig{Key: p.Key, BaseURL: parsedURI}
	469	sanitizeHTML(rc, ctx, responseBody)
	470	if !rc.BodyInjected {
	471	p := HTMLBodyExtParam{rc.BaseURL.String(), false}
	472	if len(rc.Key) > 0 {
	473	p.HasMortyKey = true
	474	}
	475	err := HTML_BODY_EXTENSION.Execute(ctx, p)
	476	if err != nil {
[127]	477	if cfg.Debug {
[124]	478	fmt.Println("failed to inject body extension", err)
	479	}
	480	}
	481	}
[1]	482	default:
[68]	483	if contentDispositionBytes != nil {
	484	ctx.Response.Header.AddBytesV("Content-Disposition", contentDispositionBytes)
[39]	485	}
[1]	486	ctx.Write(responseBody)
	487	}
	488	}
	489
[68]	490	// force content-disposition to attachment
	491	func contentDispositionForceAttachment(contentDispositionBytes []byte, url *url.URL) []byte {
	492	var contentDispositionParams map[string]string
	493
	494	if contentDispositionBytes != nil {
	495	var err error
	496	_, contentDispositionParams, err = mime.ParseMediaType(string(contentDispositionBytes))
	497	if err != nil {
	498	contentDispositionParams = make(map[string]string)
	499	}
	500	} else {
	501	contentDispositionParams = make(map[string]string)
	502	}
	503
	504	_, fileNameDefined := contentDispositionParams["filename"]
	505	if !fileNameDefined {
	506	// TODO : sanitize filename
	507	contentDispositionParams["fileName"] = filepath.Base(url.Path)
	508	}
	509
	510	return []byte(mime.FormatMediaType("attachment", contentDispositionParams))
	511	}
	512
[10]	513	func appRequestHandler(ctx *fasthttp.RequestCtx) bool {
[11]	514	// serve robots.txt
[10]	515	if bytes.Equal(ctx.Path(), []byte("/robots.txt")) {
	516	ctx.SetContentType("text/plain")
	517	ctx.Write([]byte("User-Agent: *\nDisallow: /\n"))
	518	return true
	519	}
[11]	520
[67]	521	// server favicon.ico
	522	if bytes.Equal(ctx.Path(), []byte("/favicon.ico")) {
	523	ctx.SetContentType("image/png")
	524	ctx.Write(FAVICON_BYTES)
	525	return true
	526	}
	527
[10]	528	return false
	529	}
	530
[1]	531	func popRequestParam(ctx *fasthttp.RequestCtx, paramName []byte) []byte {
	532	param := ctx.QueryArgs().PeekBytes(paramName)
	533
	534	if param == nil {
	535	param = ctx.PostArgs().PeekBytes(paramName)
[121]	536	ctx.PostArgs().DelBytes(paramName)
[1]	537	}
[121]	538	ctx.QueryArgs().DelBytes(paramName)
[1]	539
	540	return param
	541	}
	542
[9]	543	func sanitizeCSS(rc *RequestConfig, out io.Writer, css []byte) {
[1]	544	// TODO
	545
	546	urlSlices := CSS_URL_REGEXP.FindAllSubmatchIndex(css, -1)
	547
	548	if urlSlices == nil {
[9]	549	out.Write(css)
[1]	550	return
	551	}
	552
	553	startIndex := 0
	554
	555	for _, s := range urlSlices {
[15]	556	urlStart := s[4]
	557	urlEnd := s[5]
[1]	558
[60]	559	if uri, err := rc.ProxifyURI(css[urlStart:urlEnd]); err == nil {
[9]	560	out.Write(css[startIndex:urlStart])
	561	out.Write([]byte(uri))
[1]	562	startIndex = urlEnd
[127]	563	} else if cfg.Debug {
[36]	564	log.Println("cannot proxify css uri:", string(css[urlStart:urlEnd]))
[1]	565	}
	566	}
	567	if startIndex < len(css) {
[9]	568	out.Write(css[startIndex:len(css)])
[1]	569	}
	570	}
	571
[9]	572	func sanitizeHTML(rc *RequestConfig, out io.Writer, htmlDoc []byte) {
[1]	573	r := bytes.NewReader(htmlDoc)
	574	decoder := html.NewTokenizer(r)
	575	decoder.AllowCDATA(true)
	576
	577	unsafeElements := make([][]byte, 0, 8)
	578	state := STATE_DEFAULT
	579	for {
	580	token := decoder.Next()
	581	if token == html.ErrorToken {
	582	err := decoder.Err()
	583	if err != io.EOF {
[97]	584	log.Println("failed to parse HTML")
[1]	585	}
	586	break
	587	}
	588
	589	if len(unsafeElements) == 0 {
	590
	591	switch token {
	592	case html.StartTagToken, html.SelfClosingTagToken:
	593	tag, hasAttrs := decoder.TagName()
	594	safe := !inArray(tag, UNSAFE_ELEMENTS)
	595	if !safe {
[116]	596	if token != html.SelfClosingTagToken {
[1]	597	var unsafeTag []byte = make([]byte, len(tag))
	598	copy(unsafeTag, tag)
	599	unsafeElements = append(unsafeElements, unsafeTag)
	600	}
	601	break
	602	}
[38]	603	if bytes.Equal(tag, []byte("base")) {
	604	for {
	605	attrName, attrValue, moreAttr := decoder.TagAttr()
[45]	606	if bytes.Equal(attrName, []byte("href")) {
	607	parsedURI, err := url.Parse(string(attrValue))
	608	if err == nil {
	609	rc.BaseURL = parsedURI
	610	}
[38]	611	}
	612	if !moreAttr {
	613	break
	614	}
	615	}
	616	break
	617	}
[1]	618	if bytes.Equal(tag, []byte("noscript")) {
	619	state = STATE_IN_NOSCRIPT
	620	break
	621	}
	622	var attrs [][][]byte
	623	if hasAttrs {
	624	for {
	625	attrName, attrValue, moreAttr := decoder.TagAttr()
[21]	626	attrs = append(attrs, [][]byte{
	627	attrName,
	628	attrValue,
	629	[]byte(html.EscapeString(string(attrValue))),
	630	})
[1]	631	if !moreAttr {
	632	break
	633	}
	634	}
[13]	635	}
	636	if bytes.Equal(tag, []byte("link")) {
	637	sanitizeLinkTag(rc, out, attrs)
	638	break
	639	}
	640
[45]	641	if bytes.Equal(tag, []byte("meta")) {
	642	sanitizeMetaTag(rc, out, attrs)
	643	break
	644	}
	645
[13]	646	fmt.Fprintf(out, "<%s", tag)
	647
	648	if hasAttrs {
[45]	649	sanitizeAttrs(rc, out, attrs)
[1]	650	}
[13]	651
[1]	652	if token == html.SelfClosingTagToken {
[9]	653	fmt.Fprintf(out, " />")
[1]	654	} else {
[9]	655	fmt.Fprintf(out, ">")
[1]	656	if bytes.Equal(tag, []byte("style")) {
	657	state = STATE_IN_STYLE
	658	}
	659	}
[13]	660
[45]	661	if bytes.Equal(tag, []byte("head")) {
[46]	662	fmt.Fprintf(out, HTML_HEAD_CONTENT_TYPE)
[45]	663	}
	664
[1]	665	if bytes.Equal(tag, []byte("form")) {
	666	var formURL *url.URL
	667	for _, attr := range attrs {
	668	if bytes.Equal(attr[0], []byte("action")) {
	669	formURL, _ = url.Parse(string(attr[1]))
[28]	670	formURL = mergeURIs(rc.BaseURL, formURL)
[1]	671	break
	672	}
	673	}
	674	if formURL == nil {
[23]	675	formURL = rc.BaseURL
[1]	676	}
[2]	677	urlStr := formURL.String()
	678	var key string
	679	if rc.Key != nil {
	680	key = hash(urlStr, rc.Key)
	681	}
[121]	682	err := HTML_FORM_EXTENSION.Execute(out, HTMLFormExtParam{urlStr, key})
	683	if err != nil {
[127]	684	if cfg.Debug {
[121]	685	fmt.Println("failed to inject body extension", err)
	686	}
	687	}
[1]	688	}
	689
	690	case html.EndTagToken:
	691	tag, _ := decoder.TagName()
	692	writeEndTag := true
	693	switch string(tag) {
	694	case "body":
[121]	695	p := HTMLBodyExtParam{rc.BaseURL.String(), false}
	696	if len(rc.Key) > 0 {
	697	p.HasMortyKey = true
	698	}
	699	err := HTML_BODY_EXTENSION.Execute(out, p)
	700	if err != nil {
[127]	701	if cfg.Debug {
[121]	702	fmt.Println("failed to inject body extension", err)
	703	}
	704	}
[124]	705	rc.BodyInjected = true
[1]	706	case "style":
	707	state = STATE_DEFAULT
	708	case "noscript":
	709	state = STATE_DEFAULT
	710	writeEndTag = false
	711	}
	712	// skip noscript tags - only the tag, not the content, because javascript is sanitized
	713	if writeEndTag {
[9]	714	fmt.Fprintf(out, "</%s>", tag)
[1]	715	}
	716
	717	case html.TextToken:
	718	switch state {
	719	case STATE_DEFAULT:
[9]	720	fmt.Fprintf(out, "%s", decoder.Raw())
[1]	721	case STATE_IN_STYLE:
[9]	722	sanitizeCSS(rc, out, decoder.Raw())
[1]	723	case STATE_IN_NOSCRIPT:
[9]	724	sanitizeHTML(rc, out, decoder.Raw())
[1]	725	}
	726
[62]	727	case html.CommentToken:
	728	// ignore comment. TODO : parse IE conditional comment
	729
	730	case html.DoctypeToken:
[9]	731	out.Write(decoder.Raw())
[1]	732	}
	733	} else {
	734	switch token {
[116]	735	case html.StartTagToken, html.SelfClosingTagToken:
[1]	736	tag, _ := decoder.TagName()
	737	if inArray(tag, UNSAFE_ELEMENTS) {
	738	unsafeElements = append(unsafeElements, tag)
	739	}
	740
	741	case html.EndTagToken:
	742	tag, _ := decoder.TagName()
	743	if bytes.Equal(unsafeElements[len(unsafeElements)-1], tag) {
	744	unsafeElements = unsafeElements[:len(unsafeElements)-1]
	745	}
	746	}
	747	}
	748	}
	749	}
	750
[13]	751	func sanitizeLinkTag(rc *RequestConfig, out io.Writer, attrs [][][]byte) {
	752	exclude := false
	753	for _, attr := range attrs {
	754	attrName := attr[0]
	755	attrValue := attr[1]
	756	if bytes.Equal(attrName, []byte("rel")) {
[46]	757	if !inArray(attrValue, LINK_REL_SAFE_VALUES) {
[13]	758	exclude = true
	759	break
	760	}
	761	}
	762	if bytes.Equal(attrName, []byte("as")) {
	763	if bytes.Equal(attrValue, []byte("script")) {
	764	exclude = true
	765	break
	766	}
	767	}
	768	}
	769
	770	if !exclude {
	771	out.Write([]byte("<link"))
	772	for _, attr := range attrs {
[21]	773	sanitizeAttr(rc, out, attr[0], attr[1], attr[2])
[13]	774	}
	775	out.Write([]byte(">"))
	776	}
	777	}
	778
[45]	779	func sanitizeMetaTag(rc *RequestConfig, out io.Writer, attrs [][][]byte) {
[1]	780	var http_equiv []byte
	781	var content []byte
	782
	783	for _, attr := range attrs {
	784	attrName := attr[0]
	785	attrValue := attr[1]
	786	if bytes.Equal(attrName, []byte("http-equiv")) {
	787	http_equiv = bytes.ToLower(attrValue)
[46]	788	// exclude some <meta http-equiv="..." ..>
	789	if !inArray(http_equiv, LINK_HTTP_EQUIV_SAFE_VALUES) {
	790	return
	791	}
[1]	792	}
	793	if bytes.Equal(attrName, []byte("content")) {
	794	content = attrValue
	795	}
[45]	796	if bytes.Equal(attrName, []byte("charset")) {
	797	// exclude <meta charset="...">
	798	return
	799	}
[1]	800	}
	801
[45]	802	out.Write([]byte("<meta"))
[14]	803	urlIndex := bytes.Index(bytes.ToLower(content), []byte("url="))
	804	if bytes.Equal(http_equiv, []byte("refresh")) && urlIndex != -1 {
	805	contentUrl := content[urlIndex+4:]
[36]	806	// special case of <meta http-equiv="refresh" content="0; url='example.com/url.with.quote.outside'">
[37]	807	if len(contentUrl) >= 2 && (contentUrl[0] == byte('\'') \|\| contentUrl[0] == byte('"')) {
[36]	808	if contentUrl[0] == contentUrl[len(contentUrl)-1] {
[37]	809	contentUrl = contentUrl[1 : len(contentUrl)-1]
[36]	810	}
	811	}
	812	// output proxify result
[60]	813	if uri, err := rc.ProxifyURI(contentUrl); err == nil {
[14]	814	fmt.Fprintf(out, ` http-equiv="refresh" content="%surl=%s"`, content[:urlIndex], uri)
[1]	815	}
	816	} else {
[46]	817	if len(http_equiv) > 0 {
	818	fmt.Fprintf(out, ` http-equiv="%s"`, http_equiv)
	819	}
[9]	820	sanitizeAttrs(rc, out, attrs)
[1]	821	}
[45]	822	out.Write([]byte(">"))
[1]	823	}
	824
[9]	825	func sanitizeAttrs(rc *RequestConfig, out io.Writer, attrs [][][]byte) {
[1]	826	for _, attr := range attrs {
[21]	827	sanitizeAttr(rc, out, attr[0], attr[1], attr[2])
[1]	828	}
	829	}
	830
[21]	831	func sanitizeAttr(rc *RequestConfig, out io.Writer, attrName, attrValue, escapedAttrValue []byte) {
[1]	832	if inArray(attrName, SAFE_ATTRIBUTES) {
[21]	833	fmt.Fprintf(out, " %s=\"%s\"", attrName, escapedAttrValue)
[1]	834	return
	835	}
	836	switch string(attrName) {
	837	case "src", "href", "action":
[60]	838	if uri, err := rc.ProxifyURI(attrValue); err == nil {
[9]	839	fmt.Fprintf(out, " %s=\"%s\"", attrName, uri)
[127]	840	} else if cfg.Debug {
[36]	841	log.Println("cannot proxify uri:", string(attrValue))
[1]	842	}
	843	case "style":
[21]	844	cssAttr := bytes.NewBuffer(nil)
	845	sanitizeCSS(rc, cssAttr, attrValue)
	846	fmt.Fprintf(out, " %s=\"%s\"", attrName, html.EscapeString(string(cssAttr.Bytes())))
[1]	847	}
	848	}
	849
[36]	850	func mergeURIs(u1, u2 url.URL) url.URL {
[71]	851	if u2 == nil {
	852	return u1
	853	}
[28]	854	return u1.ResolveReference(u2)
[1]	855	}
	856
[60]	857	// Sanitized URI : removes all runes bellow 32 (included) as the begining and end of URI, and lower case the scheme.
	858	// avoid memory allocation (except for the scheme)
	859	func sanitizeURI(uri []byte) ([]byte, string) {
	860	first_rune_index := 0
	861	first_rune_seen := false
	862	scheme_last_index := -1
	863	buffer := bytes.NewBuffer(make([]byte, 0, 10))
	864
	865	// remove trailing space and special characters
	866	uri = bytes.TrimRight(uri, "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F\x20")
	867
	868	// loop over byte by byte
	869	for i, c := range uri {
	870	// ignore special characters and space (c <= 32)
	871	if c > 32 {
	872	// append to the lower case of the rune to buffer
	873	if c < utf8.RuneSelf && 'A' <= c && c <= 'Z' {
	874	c = c + 'a' - 'A'
	875	}
	876
	877	buffer.WriteByte(c)
	878
	879	// update the first rune index that is not a special rune
	880	if !first_rune_seen {
	881	first_rune_index = i
	882	first_rune_seen = true
	883	}
	884
	885	if c == ':' {
	886	// colon rune found, we have found the scheme
	887	scheme_last_index = i
	888	break
	889	} else if c == '/' \|\| c == '?' \|\| c == '\\' \|\| c == '#' {
	890	// special case : most probably a relative URI
	891	break
	892	}
	893	}
	894	}
	895
	896	if scheme_last_index != -1 {
	897	// scheme found
	898	// copy the "lower case without special runes scheme" before the ":" rune
	899	scheme_start_index := scheme_last_index - buffer.Len() + 1
	900	copy(uri[scheme_start_index:], buffer.Bytes())
	901	// and return the result
	902	return uri[scheme_start_index:], buffer.String()
	903	} else {
	904	// scheme NOT found
	905	return uri[first_rune_index:], ""
	906	}
	907	}
	908
	909	func (rc *RequestConfig) ProxifyURI(uri []byte) (string, error) {
	910	// sanitize URI
	911	uri, scheme := sanitizeURI(uri)
	912
[28]	913	// remove javascript protocol
[60]	914	if scheme == "javascript:" {
[28]	915	return "", nil
	916	}
[57]	917
[1]	918	// TODO check malicious data: - e.g. data:script
[60]	919	if scheme == "data:" {
[61]	920	if bytes.HasPrefix(uri, []byte("data:image/png")) \|\|
	921	bytes.HasPrefix(uri, []byte("data:image/jpeg")) \|\|
	922	bytes.HasPrefix(uri, []byte("data:image/pjpeg")) \|\|
	923	bytes.HasPrefix(uri, []byte("data:image/gif")) \|\|
	924	bytes.HasPrefix(uri, []byte("data:image/webp")) {
	925	// should be safe
	926	return string(uri), nil
	927	} else {
	928	// unsafe data
	929	return "", nil
	930	}
[1]	931	}
	932
[57]	933	// parse the uri
[60]	934	u, err := url.Parse(string(uri))
[1]	935	if err != nil {
	936	return "", err
	937	}
[57]	938
	939	// get the fragment (with the prefix "#")
	940	fragment := ""
	941	if len(u.Fragment) > 0 {
	942	fragment = "#" + u.Fragment
	943	}
	944
	945	// reset the fragment: it is not included in the mortyurl
	946	u.Fragment = ""
	947
	948	// merge the URI with the document URI
[28]	949	u = mergeURIs(rc.BaseURL, u)
[1]	950
[57]	951	// simple internal link ?
	952	// some web pages describe the whole link https://same:auth@same.host/same.path?same.query#new.fragment
	953	if u.Scheme == rc.BaseURL.Scheme &&
	954	(rc.BaseURL.User == nil \|\| (u.User != nil && u.User.String() == rc.BaseURL.User.String())) &&
	955	u.Host == rc.BaseURL.Host &&
	956	u.Path == rc.BaseURL.Path &&
	957	u.RawQuery == rc.BaseURL.RawQuery {
	958	// the fragment is the only difference between the document URI and the uri parameter
	959	return fragment, nil
	960	}
	961
	962	// return full URI and fragment (if not empty)
[60]	963	morty_uri := u.String()
[1]	964
	965	if rc.Key == nil {
[60]	966	return fmt.Sprintf("./?mortyurl=%s%s", url.QueryEscape(morty_uri), fragment), nil
[1]	967	}
[60]	968	return fmt.Sprintf("./?mortyhash=%s&mortyurl=%s%s", hash(morty_uri, rc.Key), url.QueryEscape(morty_uri), fragment), nil
[1]	969	}
	970
	971	func inArray(b []byte, a [][]byte) bool {
	972	for _, b2 := range a {
	973	if bytes.Equal(b, b2) {
	974	return true
	975	}
	976	}
	977	return false
	978	}
	979
	980	func hash(msg string, key []byte) string {
	981	mac := hmac.New(sha256.New, key)
	982	mac.Write([]byte(msg))
	983	return hex.EncodeToString(mac.Sum(nil))
	984	}
	985
	986	func verifyRequestURI(uri, hashMsg, key []byte) bool {
	987	h := make([]byte, hex.DecodedLen(len(hashMsg)))
	988	_, err := hex.Decode(h, hashMsg)
	989	if err != nil {
[127]	990	if cfg.Debug {
[97]	991	log.Println("hmac error:", err)
	992	}
[1]	993	return false
	994	}
	995	mac := hmac.New(sha256.New, key)
	996	mac.Write(uri)
	997	return hmac.Equal(h, mac.Sum(nil))
	998	}
	999
[69]	1000	func (p Proxy) serveExitMortyPage(ctx fasthttp.RequestCtx, uri *url.URL) {
	1001	ctx.SetContentType("text/html")
	1002	ctx.SetStatusCode(403)
	1003	ctx.Write([]byte(MORTY_HTML_PAGE_START))
	1004	ctx.Write([]byte("<h2>You are about to exit MortyProxy</h2>"))
	1005	ctx.Write([]byte("<p>Following</p><p><a href=\""))
	1006	ctx.Write([]byte(html.EscapeString(uri.String())))
	1007	ctx.Write([]byte("\" rel=\"noreferrer\">"))
	1008	ctx.Write([]byte(html.EscapeString(uri.String())))
	1009	ctx.Write([]byte("</a></p><p>the content of this URL will be <b>NOT</b> sanitized.</p>"))
	1010	ctx.Write([]byte(MORTY_HTML_PAGE_END))
	1011	}
	1012
[35]	1013	func (p Proxy) serveMainPage(ctx fasthttp.RequestCtx, statusCode int, err error) {
[67]	1014	ctx.SetContentType("text/html; charset=UTF-8")
[35]	1015	ctx.SetStatusCode(statusCode)
[69]	1016	ctx.Write([]byte(MORTY_HTML_PAGE_START))
[11]	1017	if err != nil {
[127]	1018	if cfg.Debug {
[97]	1019	log.Println("error:", err)
	1020	}
[11]	1021	ctx.Write([]byte("<h2>Error: "))
	1022	ctx.Write([]byte(html.EscapeString(err.Error())))
	1023	ctx.Write([]byte("</h2>"))
	1024	}
[1]	1025	if p.Key == nil {
	1026	ctx.Write([]byte(`
[36]	1027	<form action="post">
	1028	Visit url: <input placeholder="https://url.." name="mortyurl" autofocus />
	1029	<input type="submit" value="go" />
	1030	</form>`))
[11]	1031	} else {
	1032	ctx.Write([]byte(`<h3>Warning! This instance does not support direct URL opening.</h3>`))
[1]	1033	}
[69]	1034	ctx.Write([]byte(MORTY_HTML_PAGE_END))
[1]	1035	}
	1036
	1037	func main() {
[127]	1038	cfg.ListenAddress = *flag.String("listen", cfg.ListenAddress, "Listen address")
	1039	cfg.Key = *flag.String("key", cfg.Key, "HMAC url validation key (base64 encoded) - leave blank to disable validation")
	1040	cfg.IPV6 = *flag.Bool("ipv6", cfg.IPV6, "Allow IPv6 HTTP requests")
	1041	cfg.Debug = *flag.Bool("debug", cfg.Debug, "Debug mode")
	1042	cfg.RequestTimeout = *flag.Uint("timeout", cfg.RequestTimeout, "Request timeout")
[74]	1043	version := flag.Bool("version", false, "Show version")
[109]	1044	socks5 := flag.String("socks5", "", "SOCKS5 proxy")
[1]	1045	flag.Parse()
	1046
[74]	1047	if *version {
	1048	fmt.Println(VERSION)
	1049	return
	1050	}
	1051
[109]	1052	if *socks5 != "" {
	1053	// this disables CLIENT.DialDualStack
	1054	CLIENT.Dial = fasthttpproxy.FasthttpSocksDialer(*socks5)
	1055	}
[127]	1056	if cfg.IPV6 {
	1057	CLIENT.Dial = fasthttp.DialDualStack
	1058	}
[109]	1059
[127]	1060	p := &Proxy{RequestTimeout: time.Duration(cfg.RequestTimeout) * time.Second}
[1]	1061
[127]	1062	if cfg.Key != "" {
[92]	1063	var err error
[127]	1064	p.Key, err = base64.StdEncoding.DecodeString(cfg.Key)
[94]	1065	if err != nil {
	1066	log.Fatal("Error parsing -key", err.Error())
	1067	os.Exit(1)
[92]	1068	}
[1]	1069	}
	1070
[127]	1071	log.Println("listening on", cfg.ListenAddress)
[1]	1072
[127]	1073	if err := fasthttp.ListenAndServe(cfg.ListenAddress, p.RequestHandler); err != nil {
[1]	1074	log.Fatal("Error in ListenAndServe:", err)
	1075	}
	1076	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: