Context Navigation

source: code/trunk/morty.go@ 17

Last change on this file since 17 was 17, checked in by asciimoo, 9 years ago
[enh] do not serve javascript files
File size: 15.4 KB

Rev	Line
[1]	1	package main
	2
	3	import (
	4	"bytes"
	5	"crypto/hmac"
	6	"crypto/sha256"
	7	"encoding/hex"
	8	"errors"
	9	"flag"
	10	"fmt"
	11	"io"
	12	"log"
	13	"net/url"
	14	"path"
	15	"regexp"
	16	"strings"
[4]	17	"time"
[1]	18
	19	"github.com/valyala/fasthttp"
	20	"golang.org/x/net/html"
	21	"golang.org/x/text/encoding/charmap"
	22	)
	23
	24	const (
	25	STATE_DEFAULT int = 0
	26	STATE_IN_STYLE int = 1
	27	STATE_IN_NOSCRIPT int = 2
	28	)
	29
	30	var CLIENT *fasthttp.Client = &fasthttp.Client{
	31	MaxResponseBodySize: 10 * 1024 * 1024, // 10M
	32	}
	33
[15]	34	var CSS_URL_REGEXP *regexp.Regexp = regexp.MustCompile("url\\((['\"]?)([\u0009\u0021\u0023-\u0026\u0028\u002a-\u007E]+)(['\"]?)\\)?")
[1]	35
	36	var UNSAFE_ELEMENTS [][]byte = [][]byte{
	37	[]byte("applet"),
	38	[]byte("canvas"),
	39	[]byte("embed"),
	40	//[]byte("iframe"),
	41	[]byte("script"),
	42	}
	43
	44	var SAFE_ATTRIBUTES [][]byte = [][]byte{
	45	[]byte("abbr"),
	46	[]byte("accesskey"),
	47	[]byte("align"),
	48	[]byte("alt"),
[13]	49	[]byte("as"),
[1]	50	[]byte("autocomplete"),
	51	[]byte("charset"),
	52	[]byte("checked"),
	53	[]byte("class"),
	54	[]byte("content"),
	55	[]byte("contenteditable"),
	56	[]byte("contextmenu"),
	57	[]byte("dir"),
	58	[]byte("for"),
	59	[]byte("height"),
	60	[]byte("hidden"),
	61	[]byte("id"),
	62	[]byte("lang"),
	63	[]byte("media"),
	64	[]byte("method"),
	65	[]byte("name"),
	66	[]byte("nowrap"),
	67	[]byte("placeholder"),
	68	[]byte("property"),
	69	[]byte("rel"),
	70	[]byte("spellcheck"),
	71	[]byte("tabindex"),
	72	[]byte("target"),
	73	[]byte("title"),
	74	[]byte("translate"),
	75	[]byte("type"),
	76	[]byte("value"),
	77	[]byte("width"),
	78	}
	79
	80	var SELF_CLOSING_ELEMENTS [][]byte = [][]byte{
	81	[]byte("area"),
	82	[]byte("base"),
	83	[]byte("br"),
	84	[]byte("col"),
	85	[]byte("embed"),
	86	[]byte("hr"),
	87	[]byte("img"),
	88	[]byte("input"),
	89	[]byte("keygen"),
	90	[]byte("link"),
	91	[]byte("meta"),
	92	[]byte("param"),
	93	[]byte("source"),
	94	[]byte("track"),
	95	[]byte("wbr"),
	96	}
	97
	98	type Proxy struct {
[4]	99	Key []byte
	100	RequestTimeout time.Duration
[1]	101	}
	102
	103	type RequestConfig struct {
	104	Key []byte
	105	baseURL *url.URL
	106	}
	107
[2]	108	var HTML_FORM_EXTENSION string = `<input type="hidden" name="mortyurl" value="%s" /><input type="hidden" name="mortyhash" value="%s" />`
[1]	109
	110	var HTML_BODY_EXTENSION string = `
	111	<div id="mortyheader">
	112	<input type="checkbox" id="mortytoggle" autocomplete="off" />
[5]	113	<div><p>This is a proxified and sanitized view of the page,<br />visit <a href="%s">original site</a>.</p><div><p><label for="mortytoggle">hide</label></p></div></div>
[1]	114	</div>
	115	<style>
[5]	116	#mortyheader { position: fixed; top: 15%%; left: 0; max-width: 10em; color: #444; overflow: hidden; z-index: 110000; font-size: 0.9em; padding: 1em 1em 1em 0; margin: 0; }
[1]	117	#mortyheader a { color: #3498db; }
[5]	118	#mortyheader p { padding: 0; margin: 0; }
	119	#mortyheader > div { padding: 8px; font-size: 0.9em; border-width: 4px 4px 4px 0; border-style: solid; border-color: #1abc9c; background: #FFF; line-height: 1em; }
	120	#mortyheader label { text-align: right; cursor: pointer; display: block; color: #444; padding: 0; margin: 0; }
[1]	121	input[type=checkbox]#mortytoggle { display: none; }
	122	input[type=checkbox]#mortytoggle:checked ~ div { display: none; }
	123	</style>
	124	`
	125
	126	func (p Proxy) RequestHandler(ctx fasthttp.RequestCtx) {
[10]	127
	128	if appRequestHandler(ctx) {
	129	return
	130	}
	131
[1]	132	requestHash := popRequestParam(ctx, []byte("mortyhash"))
	133
	134	requestURI := popRequestParam(ctx, []byte("mortyurl"))
	135
	136	if requestURI == nil {
[11]	137	p.serveMainPage(ctx, nil)
[1]	138	return
	139	}
	140
	141	if p.Key != nil {
	142	if !verifyRequestURI(requestURI, requestHash, p.Key) {
[11]	143	p.serveMainPage(ctx, errors.New(`invalid "mortyhash" parameter`))
[1]	144	return
	145	}
	146	}
	147
	148	parsedURI, err := url.Parse(string(requestURI))
	149
[11]	150	if err != nil {
	151	p.serveMainPage(ctx, err)
[1]	152	return
	153	}
	154
	155	req := fasthttp.AcquireRequest()
	156	defer fasthttp.ReleaseRequest(req)
[12]	157	req.SetConnectionClose()
[1]	158
	159	reqQuery := parsedURI.Query()
	160	ctx.QueryArgs().VisitAll(func(key, value []byte) {
	161	reqQuery.Add(string(key), string(value))
	162	})
	163
	164	parsedURI.RawQuery = reqQuery.Encode()
	165
	166	uriStr := parsedURI.String()
	167
	168	log.Println("getting", uriStr)
	169
	170	req.SetRequestURI(uriStr)
	171	req.Header.SetUserAgentBytes([]byte("Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36"))
	172
	173	resp := fasthttp.AcquireResponse()
	174	defer fasthttp.ReleaseResponse(resp)
	175
	176	req.Header.SetMethodBytes(ctx.Method())
	177	if ctx.IsPost() \|\| ctx.IsPut() {
	178	req.SetBody(ctx.PostBody())
	179	}
	180
[11]	181	err = CLIENT.DoTimeout(req, resp, p.RequestTimeout)
	182
	183	if err != nil {
	184	p.serveMainPage(ctx, err)
[1]	185	return
	186	}
	187
	188	if resp.StatusCode() != 200 {
	189	switch resp.StatusCode() {
[7]	190	case 301, 302, 303, 307, 308:
[1]	191	loc := resp.Header.Peek("Location")
	192	if loc != nil {
	193	url, err := proxifyURI(&RequestConfig{p.Key, parsedURI}, string(loc))
	194	if err == nil {
	195	ctx.SetStatusCode(resp.StatusCode())
	196	ctx.Response.Header.Add("Location", url)
	197	log.Println("redirect to", string(loc))
	198	return
	199	}
	200	}
	201	}
	202	log.Println("invalid request:", resp.StatusCode())
	203	return
	204	}
	205
	206	contentType := resp.Header.Peek("Content-Type")
	207
	208	if contentType == nil {
[11]	209	p.serveMainPage(ctx, errors.New("invalid content type"))
[1]	210	return
	211	}
	212
[17]	213	if bytes.Contains(bytes.ToLower(contentType), []byte("javascript")) {
	214	p.serveMainPage(ctx, errors.New("forbidden content type"))
	215	return
	216	}
	217
[1]	218	contentInfo := bytes.SplitN(contentType, []byte(";"), 2)
	219
	220	var responseBody []byte
	221
	222	if len(contentInfo) == 2 && bytes.Contains(contentInfo[1], []byte("ISO-8859-2")) && bytes.Contains(contentInfo[0], []byte("text")) {
	223	var err error
	224	responseBody, err = charmap.ISO8859_2.NewDecoder().Bytes(resp.Body())
[11]	225	if err != nil {
	226	p.serveMainPage(ctx, err)
[1]	227	return
	228	}
	229	} else {
	230	responseBody = resp.Body()
	231	}
	232
	233	ctx.SetContentType(fmt.Sprintf("%s; charset=UTF-8", contentInfo[0]))
	234
	235	switch {
	236	case bytes.Contains(contentType, []byte("css")):
	237	sanitizeCSS(&RequestConfig{p.Key, parsedURI}, ctx, responseBody)
	238	case bytes.Contains(contentType, []byte("html")):
	239	sanitizeHTML(&RequestConfig{p.Key, parsedURI}, ctx, responseBody)
	240	default:
	241	ctx.Write(responseBody)
	242	}
	243	}
	244
[10]	245	func appRequestHandler(ctx *fasthttp.RequestCtx) bool {
[11]	246	// serve robots.txt
[10]	247	if bytes.Equal(ctx.Path(), []byte("/robots.txt")) {
	248	ctx.SetContentType("text/plain")
	249	ctx.Write([]byte("User-Agent: *\nDisallow: /\n"))
	250	return true
	251	}
[11]	252
[10]	253	return false
	254	}
	255
[1]	256	func popRequestParam(ctx *fasthttp.RequestCtx, paramName []byte) []byte {
	257	param := ctx.QueryArgs().PeekBytes(paramName)
	258
	259	if param == nil {
	260	param = ctx.PostArgs().PeekBytes(paramName)
	261	if param != nil {
	262	ctx.PostArgs().DelBytes(paramName)
	263	}
	264	} else {
	265	ctx.QueryArgs().DelBytes(paramName)
	266	}
	267
	268	return param
	269	}
	270
[9]	271	func sanitizeCSS(rc *RequestConfig, out io.Writer, css []byte) {
[1]	272	// TODO
	273
	274	urlSlices := CSS_URL_REGEXP.FindAllSubmatchIndex(css, -1)
	275
	276	if urlSlices == nil {
[9]	277	out.Write(css)
[1]	278	return
	279	}
	280
	281	startIndex := 0
	282
	283	for _, s := range urlSlices {
[15]	284	urlStart := s[4]
	285	urlEnd := s[5]
[1]	286
	287	if uri, err := proxifyURI(rc, string(css[urlStart:urlEnd])); err == nil {
[9]	288	out.Write(css[startIndex:urlStart])
	289	out.Write([]byte(uri))
[1]	290	startIndex = urlEnd
	291	} else {
	292	log.Println("cannot proxify css uri:", css[urlStart:urlEnd])
	293	}
	294	}
	295	if startIndex < len(css) {
[9]	296	out.Write(css[startIndex:len(css)])
[1]	297	}
	298	}
	299
[9]	300	func sanitizeHTML(rc *RequestConfig, out io.Writer, htmlDoc []byte) {
[1]	301	r := bytes.NewReader(htmlDoc)
	302	decoder := html.NewTokenizer(r)
	303	decoder.AllowCDATA(true)
	304
	305	unsafeElements := make([][]byte, 0, 8)
	306	state := STATE_DEFAULT
	307
	308	for {
	309	token := decoder.Next()
	310	if token == html.ErrorToken {
	311	err := decoder.Err()
	312	if err != io.EOF {
	313	log.Println("failed to parse HTML:")
	314	}
	315	break
	316	}
	317
	318	if len(unsafeElements) == 0 {
	319
	320	switch token {
	321	case html.StartTagToken, html.SelfClosingTagToken:
	322	tag, hasAttrs := decoder.TagName()
	323	safe := !inArray(tag, UNSAFE_ELEMENTS)
	324	if !safe {
	325	if !inArray(tag, SELF_CLOSING_ELEMENTS) {
	326	var unsafeTag []byte = make([]byte, len(tag))
	327	copy(unsafeTag, tag)
	328	unsafeElements = append(unsafeElements, unsafeTag)
	329	}
	330	break
	331	}
	332	if bytes.Equal(tag, []byte("noscript")) {
	333	state = STATE_IN_NOSCRIPT
	334	break
	335	}
	336	var attrs [][][]byte
	337	if hasAttrs {
	338	for {
	339	attrName, attrValue, moreAttr := decoder.TagAttr()
	340	attrs = append(attrs, [][]byte{attrName, attrValue})
	341	if !moreAttr {
	342	break
	343	}
	344	}
[13]	345	}
	346	if bytes.Equal(tag, []byte("link")) {
	347	sanitizeLinkTag(rc, out, attrs)
	348	break
	349	}
	350
	351	fmt.Fprintf(out, "<%s", tag)
	352
	353	if hasAttrs {
[1]	354	if bytes.Equal(tag, []byte("meta")) {
[9]	355	sanitizeMetaAttrs(rc, out, attrs)
[1]	356	} else {
[9]	357	sanitizeAttrs(rc, out, attrs)
[1]	358	}
	359	}
[13]	360
[1]	361	if token == html.SelfClosingTagToken {
[9]	362	fmt.Fprintf(out, " />")
[1]	363	} else {
[9]	364	fmt.Fprintf(out, ">")
[1]	365	if bytes.Equal(tag, []byte("style")) {
	366	state = STATE_IN_STYLE
	367	}
	368	}
[13]	369
[1]	370	if bytes.Equal(tag, []byte("form")) {
	371	var formURL *url.URL
	372	for _, attr := range attrs {
	373	if bytes.Equal(attr[0], []byte("action")) {
	374	formURL, _ = url.Parse(string(attr[1]))
	375	mergeURIs(rc.baseURL, formURL)
	376	break
	377	}
	378	}
	379	if formURL == nil {
	380	formURL = rc.baseURL
	381	}
[2]	382	urlStr := formURL.String()
	383	var key string
	384	if rc.Key != nil {
	385	key = hash(urlStr, rc.Key)
	386	}
[9]	387	fmt.Fprintf(out, HTML_FORM_EXTENSION, urlStr, key)
[1]	388
	389	}
	390
	391	case html.EndTagToken:
	392	tag, _ := decoder.TagName()
	393	writeEndTag := true
	394	switch string(tag) {
	395	case "body":
[9]	396	fmt.Fprintf(out, HTML_BODY_EXTENSION, rc.baseURL.String())
[1]	397	case "style":
	398	state = STATE_DEFAULT
	399	case "noscript":
	400	state = STATE_DEFAULT
	401	writeEndTag = false
	402	}
	403	// skip noscript tags - only the tag, not the content, because javascript is sanitized
	404	if writeEndTag {
[9]	405	fmt.Fprintf(out, "</%s>", tag)
[1]	406	}
	407
	408	case html.TextToken:
	409	switch state {
	410	case STATE_DEFAULT:
[9]	411	fmt.Fprintf(out, "%s", decoder.Raw())
[1]	412	case STATE_IN_STYLE:
[9]	413	sanitizeCSS(rc, out, decoder.Raw())
[1]	414	case STATE_IN_NOSCRIPT:
[9]	415	sanitizeHTML(rc, out, decoder.Raw())
[1]	416	}
	417
	418	case html.DoctypeToken, html.CommentToken:
[9]	419	out.Write(decoder.Raw())
[1]	420	}
	421	} else {
	422	switch token {
	423	case html.StartTagToken:
	424	tag, _ := decoder.TagName()
	425	if inArray(tag, UNSAFE_ELEMENTS) {
	426	unsafeElements = append(unsafeElements, tag)
	427	}
	428
	429	case html.EndTagToken:
	430	tag, _ := decoder.TagName()
	431	if bytes.Equal(unsafeElements[len(unsafeElements)-1], tag) {
	432	unsafeElements = unsafeElements[:len(unsafeElements)-1]
	433	}
	434	}
	435	}
	436	}
	437	}
	438
[13]	439	func sanitizeLinkTag(rc *RequestConfig, out io.Writer, attrs [][][]byte) {
	440	exclude := false
	441	for _, attr := range attrs {
	442	attrName := attr[0]
	443	attrValue := attr[1]
	444	if bytes.Equal(attrName, []byte("rel")) {
	445	if bytes.Equal(attrValue, []byte("dns-prefetch")) {
	446	exclude = true
	447	break
	448	}
	449	}
	450	if bytes.Equal(attrName, []byte("as")) {
	451	if bytes.Equal(attrValue, []byte("script")) {
	452	exclude = true
	453	break
	454	}
	455	}
	456	}
	457
	458	if !exclude {
	459	out.Write([]byte("<link"))
	460	for _, attr := range attrs {
	461	sanitizeAttr(rc, out, attr[0], attr[1])
	462	}
	463	out.Write([]byte(">"))
	464	}
	465	}
	466
[9]	467	func sanitizeMetaAttrs(rc *RequestConfig, out io.Writer, attrs [][][]byte) {
[1]	468	var http_equiv []byte
	469	var content []byte
	470
	471	for _, attr := range attrs {
	472	attrName := attr[0]
	473	attrValue := attr[1]
	474	if bytes.Equal(attrName, []byte("http-equiv")) {
	475	http_equiv = bytes.ToLower(attrValue)
	476	}
	477	if bytes.Equal(attrName, []byte("content")) {
	478	content = attrValue
	479	}
	480	}
	481
[14]	482	urlIndex := bytes.Index(bytes.ToLower(content), []byte("url="))
	483	if bytes.Equal(http_equiv, []byte("refresh")) && urlIndex != -1 {
	484	contentUrl := content[urlIndex+4:]
	485	if uri, err := proxifyURI(rc, string(contentUrl)); err == nil {
	486	fmt.Fprintf(out, ` http-equiv="refresh" content="%surl=%s"`, content[:urlIndex], uri)
[1]	487	}
	488	} else {
[9]	489	sanitizeAttrs(rc, out, attrs)
[1]	490	}
	491
	492	}
	493
[9]	494	func sanitizeAttrs(rc *RequestConfig, out io.Writer, attrs [][][]byte) {
[1]	495	for _, attr := range attrs {
[9]	496	sanitizeAttr(rc, out, attr[0], attr[1])
[1]	497	}
	498	}
	499
[9]	500	func sanitizeAttr(rc *RequestConfig, out io.Writer, attrName, attrValue []byte) {
[1]	501	if inArray(attrName, SAFE_ATTRIBUTES) {
[9]	502	fmt.Fprintf(out, " %s=\"%s\"", attrName, attrValue)
[1]	503	return
	504	}
	505	switch string(attrName) {
	506	case "src", "href", "action":
	507	if uri, err := proxifyURI(rc, string(attrValue)); err == nil {
[9]	508	fmt.Fprintf(out, " %s=\"%s\"", attrName, uri)
[1]	509	} else {
	510	log.Println("cannot proxify uri:", attrValue)
	511	}
	512	case "style":
[9]	513	fmt.Fprintf(out, " %s=\"", attrName)
	514	sanitizeCSS(rc, out, attrValue)
	515	out.Write([]byte("\""))
[1]	516	}
	517	}
	518
	519	func mergeURIs(u1, u2 *url.URL) {
	520	if u2.Scheme == "" \|\| u2.Scheme == "//" {
	521	u2.Scheme = u1.Scheme
	522	}
[3]	523	if u2.Host == "" && u1.Path != "" {
[1]	524	u2.Host = u1.Host
	525	if len(u2.Path) == 0 \|\| u2.Path[0] != '/' {
	526	u2.Path = path.Join(u1.Path[:strings.LastIndexByte(u1.Path, byte('/'))], u2.Path)
	527	}
	528	}
	529	}
	530
	531	func proxifyURI(rc *RequestConfig, uri string) (string, error) {
	532	// TODO check malicious data: - e.g. data:script
	533	if strings.HasPrefix(uri, "data:") {
	534	return uri, nil
	535	}
	536
	537	if len(uri) > 0 && uri[0] == '#' {
	538	return uri, nil
	539	}
	540
	541	u, err := url.Parse(uri)
	542	if err != nil {
	543	return "", err
	544	}
	545	mergeURIs(rc.baseURL, u)
	546
	547	uri = u.String()
	548
	549	if rc.Key == nil {
	550	return fmt.Sprintf("./?mortyurl=%s", url.QueryEscape(uri)), nil
	551	}
	552	return fmt.Sprintf("./?mortyhash=%s&mortyurl=%s", hash(uri, rc.Key), url.QueryEscape(uri)), nil
	553	}
	554
	555	func inArray(b []byte, a [][]byte) bool {
	556	for _, b2 := range a {
	557	if bytes.Equal(b, b2) {
	558	return true
	559	}
	560	}
	561	return false
	562	}
	563
	564	func hash(msg string, key []byte) string {
	565	mac := hmac.New(sha256.New, key)
	566	mac.Write([]byte(msg))
	567	return hex.EncodeToString(mac.Sum(nil))
	568	}
	569
	570	func verifyRequestURI(uri, hashMsg, key []byte) bool {
	571	h := make([]byte, hex.DecodedLen(len(hashMsg)))
	572	_, err := hex.Decode(h, hashMsg)
	573	if err != nil {
	574	log.Println("hmac error:", err)
	575	return false
	576	}
	577	mac := hmac.New(sha256.New, key)
	578	mac.Write(uri)
	579	return hmac.Equal(h, mac.Sum(nil))
	580	}
	581
[11]	582	func (p Proxy) serveMainPage(ctx fasthttp.RequestCtx, err error) {
[1]	583	ctx.SetContentType("text/html")
	584	ctx.Write([]byte(`<!doctype html>
	585	<head>
[11]	586	<title>MortyProxy</title>
	587	<style>
	588	body { font-family: 'Garamond', 'Georgia', serif; text-align: center; color: #444; background: #FAFAFA; margin: 0; padding: 0; font-size: 1.1em; }
	589	input { border: 1px solid #888; padding: 0.3em; color: #444; background: #FFF; font-size: 1.1em; }
	590	a { text-decoration: none; #2980b9; }
	591	h1, h2 { font-weight: 200; margin-bottom: 2rem; }
	592	h1 { font-size: 3em; }
	593	.footer { position: absolute; bottom: 2em; width: 100%; }
	594	.footer p { font-size: 0.8em; }
	595
	596	</style>
[1]	597	</head>
[11]	598	<body>
	599	<h1>MortyProxy</h1>`))
	600	if err != nil {
	601	ctx.SetStatusCode(404)
	602	log.Println("error:", err)
	603	ctx.Write([]byte("<h2>Error: "))
	604	ctx.Write([]byte(html.EscapeString(err.Error())))
	605	ctx.Write([]byte("</h2>"))
	606	} else {
	607	ctx.SetStatusCode(200)
	608	}
[1]	609	if p.Key == nil {
	610	ctx.Write([]byte(`
	611	<form action="post">
	612	Visit url: <input placeholder="https://url.." name="mortyurl" />
	613	<input type="submit" value="go" />
	614	</form>`))
[11]	615	} else {
	616	ctx.Write([]byte(`<h3>Warning! This instance does not support direct URL opening.</h3>`))
[1]	617	}
	618	ctx.Write([]byte(`
[11]	619	<div class="footer">
	620	<p>Morty rewrites web pages to exclude malicious HTML tags and CSS/HTML attributes. It also replaces external resource references to prevent third-party information leaks.<br />
	621	<a href="https://github.com/asciimoo/morty">view on github</a>
	622	</p>
	623	</div>
[1]	624	</body>
	625	</html>`))
	626	}
	627
	628	func main() {
	629
[2]	630	listen := flag.String("listen", "127.0.0.1:3000", "Listen address")
[1]	631	key := flag.String("key", "", "HMAC url validation key (hexadecimal encoded) - leave blank to disable")
[4]	632	requestTimeout := flag.Uint("timeout", 2, "Request timeout")
[1]	633	flag.Parse()
	634
[4]	635	p := &Proxy{RequestTimeout: time.Duration(requestTimeout) time.Second}
[1]	636
	637	if *key != "" {
	638	p.Key = []byte(*key)
	639	}
	640
	641	log.Println("listening on", *listen)
	642
	643	if err := fasthttp.ListenAndServe(*listen, p.RequestHandler); err != nil {
	644	log.Fatal("Error in ListenAndServe:", err)
	645	}
	646	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: