goldilocks.js/lib/tunnel-server-manager.js

'use strict';

module.exports.create = function (deps, config) {
  if (!config.tunnelServer || !Array.isArray(config.tunnelServer.servernames) || !config.tunnelServer.secret) {
    return {
      isAdminDomain:  function () { return false; }
    , isClientDomain: function () { return false; }
    };
  }

  var tunnelOpts = Object.assign({}, config.tunnelServer);
  // This function should not be called because connections to the admin domains
  // should already be decrypted, and connections to non-client domains should never
  // be given to us in the first place.
  tunnelOpts.httpsTunnel = function (servername, conn) {
    console.error('tunnel server received encrypted connection to', servername);
    conn.end();
  };
  tunnelOpts.httpsInvalid = tunnelOpts.httpsTunnel;
  // This function should not be called because ACME challenges should be handled
  // before admin domain connections are given to us, and the only non-encrypted
  // client connections that should be given to us are ACME challenges.
  tunnelOpts.handleHttp = function (servername, conn) {
    console.error('tunnel server received un-encrypted connection to', servername);
    conn.end([
      'HTTP/1.1 404 Not Found'
    , 'Date: ' + (new Date()).toUTCString()
    , 'Connection: close'
    , 'Content-Type: text/html'
    , 'Content-Length: 9'
    , ''
    , 'Not Found'
    ].join('\r\n'));
  };
  tunnelOpts.handleInsecureHttp = tunnelOpts.handleHttp;

  var tunnelServer = require('stunneld').create(tunnelOpts);

  var httpServer = require('http').createServer(function (req, res) {
    // status code 426 = Upgrade Required
    res.statusCode = 426;
    res.setHeader('Content-Type', 'application/json');
    res.end(JSON.stringify({error: {
      message: 'Only websockets accepted for tunnel server'
    }}));
  });
  var wsServer = new (require('ws').Server)({ server: httpServer });
  wsServer.on('connection', tunnelServer.ws);

  return {
    isAdminDomain: function (domain) {
      return config.tunnelServer.servernames.indexOf(domain) !== -1;
    }
  , handleAdminConn: function (conn) {
      httpServer.emit('connection', conn);
    }

  , isClientDomain: tunnelServer.isClientDomain
  , handleClientConn: tunnelServer.tcp
  };
};
added tunnel server 2017-06-14 10:58:56 -06:00			`'use strict';`

			`module.exports.create = function (deps, config) {`
			`if (!config.tunnelServer \|\| !Array.isArray(config.tunnelServer.servernames) \|\| !config.tunnelServer.secret) {`
			`return {`
fixed bug not being able to discover azp 2017-06-23 17:22:45 -06:00			`isAdminDomain: function () { return false; }`
			`, isClientDomain: function () { return false; }`
added tunnel server 2017-06-14 10:58:56 -06:00			`};`
			`}`

			`var tunnelOpts = Object.assign({}, config.tunnelServer);`
			`// This function should not be called because connections to the admin domains`
			`// should already be decrypted, and connections to non-client domains should never`
			`// be given to us in the first place.`
			`tunnelOpts.httpsTunnel = function (servername, conn) {`
			`console.error('tunnel server received encrypted connection to', servername);`
			`conn.end();`
			`};`
			`tunnelOpts.httpsInvalid = tunnelOpts.httpsTunnel;`
			`// This function should not be called because ACME challenges should be handled`
			`// before admin domain connections are given to us, and the only non-encrypted`
			`// client connections that should be given to us are ACME challenges.`
			`tunnelOpts.handleHttp = function (servername, conn) {`
			`console.error('tunnel server received un-encrypted connection to', servername);`
			`conn.end([`
			`'HTTP/1.1 404 Not Found'`
			`, 'Date: ' + (new Date()).toUTCString()`
			`, 'Connection: close'`
			`, 'Content-Type: text/html'`
			`, 'Content-Length: 9'`
			`, ''`
			`, 'Not Found'`
			`].join('\r\n'));`
			`};`
			`tunnelOpts.handleInsecureHttp = tunnelOpts.handleHttp;`

			`var tunnelServer = require('stunneld').create(tunnelOpts);`

			`var httpServer = require('http').createServer(function (req, res) {`
			`// status code 426 = Upgrade Required`
			`res.statusCode = 426;`
			`res.setHeader('Content-Type', 'application/json');`
			`res.end(JSON.stringify({error: {`
			`message: 'Only websockets accepted for tunnel server'`
			`}}));`
			`});`
			`var wsServer = new (require('ws').Server)({ server: httpServer });`
			`wsServer.on('connection', tunnelServer.ws);`

			`return {`
			`isAdminDomain: function (domain) {`
			`return config.tunnelServer.servernames.indexOf(domain) !== -1;`
fixed bug not being able to discover azp 2017-06-23 17:22:45 -06:00			`}`
			`, handleAdminConn: function (conn) {`
added tunnel server 2017-06-14 10:58:56 -06:00			`httpServer.emit('connection', conn);`
fixed bug not being able to discover azp 2017-06-23 17:22:45 -06:00			`}`
added tunnel server 2017-06-14 10:58:56 -06:00
fixed bug not being able to discover azp 2017-06-23 17:22:45 -06:00			`, isClientDomain: tunnelServer.isClientDomain`
			`, handleClientConn: tunnelServer.tcp`
added tunnel server 2017-06-14 10:58:56 -06:00			`};`
			`};`