bitinflow/expose
1
0
Fork 0
mirror of https://github.com/bitinflow/expose.git synced 2026-03-13 13:35:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

wip

Browse Source
This commit is contained in:
Marcel Pociot
2020-09-08 10:10:46 +02:00
parent 790d33d548
commit 1fc277fd5e
10 changed files with 183 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app/Client/Client.php
View File

@@ -172,6 +172,7 @@ class Client
$this->logger->info($data->message); $this->logger->info($data->message);
$this->logger->info("Local-Port:\t\t{$port}"); $this->logger->info("Local-Port:\t\t{$port}");
$this->logger->info("Shared-Port:\t\t{$data->shared_port}");
$this->logger->info("Expose-URL:\t\ttcp://{$host}:{$data->shared_port}."); $this->logger->info("Expose-URL:\t\ttcp://{$host}:{$data->shared_port}.");
$this->logger->line(''); $this->logger->line('');

2
app/Contracts/ConnectionManager.php
View File

@@ -27,4 +27,6 @@ interface ConnectionManager
public function getConnections(): array; public function getConnections(): array;
public function getConnectionsForAuthToken(string $authToken): array; public function getConnectionsForAuthToken(string $authToken): array;
public function getTcpConnectionsForAuthToken(string $authToken): array;
} }

20
app/Server/Connections/ConnectionManager.php
View File

@@ -173,9 +173,29 @@ class ConnectionManager implements ConnectionManagerContract
->filter(function ($connection) use ($authToken) { ->filter(function ($connection) use ($authToken) {
return $connection->authToken === $authToken; return $connection->authToken === $authToken;
}) })
->filter(function ($connection) use ($authToken) {
return get_class($connection) === ControlConnection::class;
})
->map(function ($connection) { ->map(function ($connection) {
return $connection->toArray(); return $connection->toArray();
}) })
->values()
->toArray();
}
public function getTcpConnectionsForAuthToken(string $authToken): array
{
return collect($this->connections)
->filter(function ($connection) use ($authToken) {
return $connection->authToken === $authToken;
})
->filter(function ($connection) use ($authToken) {
return get_class($connection) === TcpControlConnection::class;
})
->map(function ($connection) {
return $connection->toArray();
})
->values()
->toArray(); ->toArray();
} }
} }

1
app/Server/Http/Controllers/Admin/StoreUsersController.php
View File

@@ -40,6 +40,7 @@ class StoreUsersController extends AdminController
'name' => $request->get('name'), 'name' => $request->get('name'),
'auth_token' => (string) Str::uuid(), 'auth_token' => (string) Str::uuid(),
'can_specify_subdomains' => (int) $request->get('can_specify_subdomains'), 'can_specify_subdomains' => (int) $request->get('can_specify_subdomains'),
'can_share_tcp_ports' => (int) $request->get('can_share_tcp_ports'),
]; ];
$this->userRepository $this->userRepository

21
app/Server/Http/Controllers/ControlMessageController.php
View File

@@ -120,6 +120,10 @@ class ControlMessageController implements MessageComponentInterface
protected function handleTcpConnection(ConnectionInterface $connection, $data, $user = null) protected function handleTcpConnection(ConnectionInterface $connection, $data, $user = null)
{ {
if (! $this->canShareTcpPorts($connection, $data, $user)) {
return;
}
try { try {
$connectionInfo = $this->connectionManager->storeTcpConnection($data->port, $connection); $connectionInfo = $this->connectionManager->storeTcpConnection($data->port, $connection);
} catch (NoFreePortAvailable $exception) { } catch (NoFreePortAvailable $exception) {
@@ -233,4 +237,21 @@ class ControlMessageController implements MessageComponentInterface
return true; return true;
} }
protected function canShareTcpPorts(ConnectionInterface $connection, $data, $user)
{
if (! is_null($user) && $user['can_share_tcp_ports'] === 0) {
$connection->send(json_encode([
'event' => 'authenticationFailed',
'data' => [
'message' => config('expose.admin.messages.custom_subdomain_unauthorized'),
],
]));
$connection->close();
return false;
}
return true;
}
} }

5
app/Server/UserRepository/DatabaseUserRepository.php
View File

@@ -72,6 +72,7 @@ class DatabaseUserRepository implements UserRepository
protected function getUserDetails(array $user) protected function getUserDetails(array $user)
{ {
$user['sites'] = $user['auth_token'] !== '' ? $this->connectionManager->getConnectionsForAuthToken($user['auth_token']) : []; $user['sites'] = $user['auth_token'] !== '' ? $this->connectionManager->getConnectionsForAuthToken($user['auth_token']) : [];
$user['tcp_connections'] = $user['auth_token'] !== '' ? $this->connectionManager->getTcpConnectionsForAuthToken($user['auth_token']) : [];
return $user; return $user;
} }
@@ -113,8 +114,8 @@ class DatabaseUserRepository implements UserRepository
$deferred = new Deferred(); $deferred = new Deferred();
$this->database->query(" $this->database->query("
INSERT INTO users (name, auth_token, can_specify_subdomains, created_at) INSERT INTO users (name, auth_token, can_specify_subdomains, can_share_tcp_ports, created_at)
VALUES (:name, :auth_token, :can_specify_subdomains, DATETIME('now')) VALUES (:name, :auth_token, :can_specify_subdomains, :can_share_tcp_ports, DATETIME('now'))
", $data) ", $data)
->then(function (Result $result) use ($deferred) { ->then(function (Result $result) use ($deferred) {
$this->database->query('SELECT * FROM users WHERE id = :id', ['id' => $result->insertId]) $this->database->query('SELECT * FROM users WHERE id = :id', ['id' => $result->insertId])

1
database/migrations/03_add_tcp_sharing_flag_to_users_table.sql Normal file
View File

@@ -0,0 +1 @@
ALTER TABLE users ADD can_share_tcp_ports BOOLEAN DEFAULT 1;

23
resources/views/server/users/index.twig
View File

@@ -43,6 +43,25 @@
</div> </div>
</div> </div>
</div> </div>
<div class="sm:grid sm:grid-cols-3 sm:gap-4 sm:items-start sm:pt-5">
<label for="can_share_tcp_ports"
class="block text-sm font-medium leading-5 text-gray-700 sm:mt-px sm:pt-2">
Can share TCP ports
</label>
<div class="mt-1 sm:mt-0 sm:col-span-2">
<div class="mt-2 flex items-center justify-between">
<div class="flex items-center">
<input id="can_share_tcp_ports"
v-model="userForm.can_share_tcp_ports"
name="can_share_tcp_ports"
value="1" type="checkbox" class="form-checkbox h-4 w-4 text-indigo-600 transition duration-150 ease-in-out" />
<label for="can_share_tcp_ports" class="ml-2 block text-sm leading-5 text-gray-900">
Yes
</label>
</div>
</div>
</div>
</div>
</div> </div>
<div class="mt-8 border-t border-gray-200 pt-5"> <div class="mt-8 border-t border-gray-200 pt-5">
<div class="flex justify-end"> <div class="flex justify-end">
@@ -144,6 +163,7 @@
userForm: { userForm: {
name: '', name: '',
can_specify_subdomains: true, can_specify_subdomains: true,
can_share_tcp_ports: true,
errors: {}, errors: {},
}, },
paginated: {{ paginated|json_encode|raw }} paginated: {{ paginated|json_encode|raw }}
@@ -186,7 +206,8 @@
}).then((data) => { }).then((data) => {
if (data.user) { if (data.user) {
this.userForm.name = ''; this.userForm.name = '';
this.userForm.can_specify_subdomains = 0; this.userForm.can_specify_subdomains = true;
this.userForm.can_share_tcp_ports = true;
this.userForm.errors = {}; this.userForm.errors = {};
this.users.unshift(data.user); this.users.unshift(data.user);
} }

6
tests/Feature/Server/ApiTest.php
View File

@@ -88,6 +88,7 @@ class ApiTest extends TestCase
$this->assertSame('Marcel', $user->name); $this->assertSame('Marcel', $user->name);
$this->assertSame([], $user->sites); $this->assertSame([], $user->sites);
$this->assertSame([], $user->tcp_connections);
} }
/** @test */ /** @test */
@@ -115,6 +116,10 @@ class ApiTest extends TestCase
$connection->httpRequest = new Request('GET', '/?authToken=some-other-token'); $connection->httpRequest = new Request('GET', '/?authToken=some-other-token');
$connectionManager->storeConnection('some-different-host.test', 'different-subdomain', $connection); $connectionManager->storeConnection('some-different-host.test', 'different-subdomain', $connection);
$connection = \Mockery::mock(IoConnection::class);
$connection->httpRequest = new Request('GET', '/?authToken='.$createdUser->auth_token);
$connectionManager->storeTcpConnection(2525, $connection);
/** @var Response $response */ /** @var Response $response */
$response = $this->await($this->browser->get('http://127.0.0.1:8080/api/users', [ $response = $this->await($this->browser->get('http://127.0.0.1:8080/api/users', [
'Host' => 'expose.localhost', 'Host' => 'expose.localhost',
@@ -126,6 +131,7 @@ class ApiTest extends TestCase
$users = $body->paginated->users; $users = $body->paginated->users;
$this->assertCount(1, $users[0]->sites); $this->assertCount(1, $users[0]->sites);
$this->assertCount(1, $users[0]->tcp_connections);
$this->assertSame('some-host.test', $users[0]->sites[0]->host); $this->assertSame('some-host.test', $users[0]->sites[0]->host);
$this->assertSame('fixed-subdomain', $users[0]->sites[0]->subdomain); $this->assertSame('fixed-subdomain', $users[0]->sites[0]->subdomain);
} }

106
tests/Feature/Server/TunnelTest.php
View File

@@ -9,6 +9,7 @@ use Clue\React\Buzz\Message\ResponseException;
use GuzzleHttp\Psr7\Response; use GuzzleHttp\Psr7\Response;
use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Message\ServerRequestInterface;
use React\Http\Server; use React\Http\Server;
use React\Socket\Connection;
use Tests\Feature\TestCase; use Tests\Feature\TestCase;
class TunnelTest extends TestCase class TunnelTest extends TestCase
@@ -22,6 +23,9 @@ class TunnelTest extends TestCase
/** @var \React\Socket\Server */ /** @var \React\Socket\Server */
protected $testHttpServer; protected $testHttpServer;
/** @var \React\Socket\Server */
protected $testTcpServer;
public function setUp(): void public function setUp(): void
{ {
parent::setUp(); parent::setUp();
@@ -42,6 +46,10 @@ class TunnelTest extends TestCase
$this->testHttpServer->close(); $this->testHttpServer->close();
} }
if (isset($this->testTcpServer)) {
$this->testTcpServer->close();
}
parent::tearDown(); parent::tearDown();
} }
@@ -81,6 +89,93 @@ class TunnelTest extends TestCase
$this->assertSame('Hello World!', $response->getBody()->getContents()); $this->assertSame('Hello World!', $response->getBody()->getContents());
} }
/** @test */
public function it_sends_incoming_requests_to_the_connected_client_via_tcp()
{
$this->createTestTcpServer();
$this->app['config']['expose.admin.validate_auth_tokens'] = false;
/**
* We create an expose client that connects to our server and shares
* the created test HTTP server.
*/
$client = $this->createClient();
$response = $this->await($client->connectToServerAndShareTcp(8085));
/**
* Once the client is connected, we connect to the
* created tunnel.
*/
$connector = new \React\Socket\Connector($this->loop);
$connection = $this->await($connector->connect('127.0.0.1:'.$response->shared_port));
$this->assertInstanceOf(Connection::class, $connection);
}
/** @test */
public function it_rejects_tcp_sharing_if_forbidden()
{
$this->createTestTcpServer();
$this->app['config']['expose.admin.validate_auth_tokens'] = true;
$response = $this->await($this->browser->post('http://127.0.0.1:8080/api/users', [
'Host' => 'expose.localhost',
'Authorization' => base64_encode('username:secret'),
'Content-Type' => 'application/json',
], json_encode([
'name' => 'Marcel',
'can_share_tcp_ports' => 0,
])));
$user = json_decode($response->getBody()->getContents())->user;
$this->expectException(\UnexpectedValueException::class);
/**
* We create an expose client that connects to our server and shares
* the created test HTTP server.
*/
$client = $this->createClient();
$this->await($client->connectToServerAndShareTcp(8085, $user->auth_token));
}
/** @test */
public function it_allows_tcp_sharing_if_enabled_for_user()
{
$this->createTestTcpServer();
$this->app['config']['expose.admin.validate_auth_tokens'] = true;
$response = $this->await($this->browser->post('http://127.0.0.1:8080/api/users', [
'Host' => 'expose.localhost',
'Authorization' => base64_encode('username:secret'),
'Content-Type' => 'application/json',
], json_encode([
'name' => 'Marcel',
'can_share_tcp_ports' => 1,
])));
$user = json_decode($response->getBody()->getContents())->user;
/**
* We create an expose client that connects to our server and shares
* the created test HTTP server.
*/
$client = $this->createClient();
$response = $this->await($client->connectToServerAndShareTcp(8085, $user->auth_token));
/**
* Once the client is connected, we connect to the
* created tunnel.
*/
$connector = new \React\Socket\Connector($this->loop);
$connection = $this->await($connector->connect('127.0.0.1:'.$response->shared_port));
$this->assertInstanceOf(Connection::class, $connection);
}
/** @test */ /** @test */
public function it_rejects_clients_with_invalid_auth_tokens() public function it_rejects_clients_with_invalid_auth_tokens()
{ {
@@ -221,4 +316,15 @@ class TunnelTest extends TestCase
$this->testHttpServer = new \React\Socket\Server(8085, $this->loop); $this->testHttpServer = new \React\Socket\Server(8085, $this->loop);
$server->listen($this->testHttpServer); $server->listen($this->testHttpServer);
} }
protected function createTestTcpServer()
{
$this->testTcpServer = new \React\Socket\Server(8085, $this->loop);
$this->testTcpServer->on('connection', function (\React\Socket\ConnectionInterface $connection) {
$connection->write("Hello " . $connection->getRemoteAddress() . "!\n");
$connection->pipe($connection);
});
}
} }