bitinflow/expose
1
0
Fork 0
mirror of https://github.com/bitinflow/expose.git synced 2026-03-15 22:45:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow users to specify custom hostnames

Browse Source
This commit is contained in:
Marcel Pociot
2020-11-01 22:40:17 +01:00
parent 5b7a80bb0c
commit cec52c4229
28 changed files with 913 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
app/Server/Connections/ConnectionConfiguration.php Normal file
View File

@@ -0,0 +1,35 @@
<?php
namespace App\Server\Connections;
class ConnectionConfiguration
{
protected $hostname;
protected $subdomain;
private function __construct($subdomain, $hostname)
{
$this->subdomain = $subdomain;
$this->hostname = $hostname;
}
public static function withSubdomain($subdomain)
{
return new static($subdomain, null);
}
public static function withHostname($hostname)
{
return new static(null, $hostname);
}
public function getSubdomain()
{
return $this->subdomain;
}
public function getHostname()
{
return $this->hostname;
}
}

18
app/Server/Connections/ConnectionManager.php
View File

@@ -43,16 +43,23 @@ class ConnectionManager implements ConnectionManagerContract
});
}
public function storeConnection(string $host, ?string $subdomain, ConnectionInterface $connection): ControlConnection
public function storeConnection(string $host, ?string $subdomain, ?string $hostname, ConnectionInterface $connection): ControlConnection
{
$clientId = (string) uniqid();
$connection->client_id = $clientId;
if (! is_null($hostname) && $hostname !== '') {
$subdomain = '';
} else {
$subdomain = $subdomain ?? $this->subdomainGenerator->generateSubdomain();
}
$storedConnection = new ControlConnection(
$connection,
$host,
$subdomain ?? $this->subdomainGenerator->generateSubdomain(),
$subdomain,
$hostname,
$clientId,
$this->getAuthTokenFromConnection($connection)
);
@@ -150,6 +157,13 @@ class ConnectionManager implements ConnectionManagerContract
});
}
public function findControlConnectionForHostname($hostname): ?ControlConnection
{
return collect($this->connections)->last(function ($connection) use ($hostname) {
return $connection->hostname == $hostname;
});
}
public function findControlConnectionForClientId(string $clientId): ?ControlConnection
{
return collect($this->connections)->last(function ($connection) use ($clientId) {

5
app/Server/Connections/ControlConnection.php
View File

@@ -14,15 +14,17 @@ class ControlConnection
public $host;
public $authToken;
public $subdomain;
public $hostname;
public $client_id;
public $proxies = [];
protected $shared_at;
public function __construct(ConnectionInterface $socket, string $host, string $subdomain, string $clientId, string $authToken = '')
public function __construct(ConnectionInterface $socket, string $host, string $subdomain, ?string $hostname, string $clientId, string $authToken = '')
{
$this->socket = $socket;
$this->host = $host;
$this->subdomain = $subdomain;
$this->hostname = $hostname;
$this->client_id = $clientId;
$this->authToken = $authToken;
$this->shared_at = now()->toDateTimeString();
@@ -64,6 +66,7 @@ class ControlConnection
'client_id' => $this->client_id,
'auth_token' => $this->authToken,
'subdomain' => $this->subdomain,
'hostname' => $this->hostname,
'shared_at' => $this->shared_at,
];
}

16
app/Server/Factory.php
View File

@@ -3,12 +3,14 @@
namespace App\Server;
use App\Contracts\ConnectionManager as ConnectionManagerContract;
use App\Contracts\HostnameRepository;
use App\Contracts\SubdomainGenerator;
use App\Contracts\SubdomainRepository;
use App\Contracts\UserRepository;
use App\Http\RouteGenerator;
use App\Http\Server as HttpServer;
use App\Server\Connections\ConnectionManager;
use App\Server\Http\Controllers\Admin\DeleteHostnameController;
use App\Server\Http\Controllers\Admin\DeleteSubdomainController;
use App\Server\Http\Controllers\Admin\DeleteUsersController;
use App\Server\Http\Controllers\Admin\DisconnectSiteController;
@@ -23,6 +25,7 @@ use App\Server\Http\Controllers\Admin\ListTcpConnectionsController;
use App\Server\Http\Controllers\Admin\ListUsersController;
use App\Server\Http\Controllers\Admin\RedirectToUsersController;
use App\Server\Http\Controllers\Admin\ShowSettingsController;
use App\Server\Http\Controllers\Admin\StoreHostnameController;
use App\Server\Http\Controllers\Admin\StoreSettingsController;
use App\Server\Http\Controllers\Admin\StoreSubdomainController;
use App\Server\Http\Controllers\Admin\StoreUsersController;
@@ -135,6 +138,8 @@ class Factory
$this->router->get('/api/users/{id}', GetUserDetailsController::class, $adminCondition);
$this->router->post('/api/subdomains', StoreSubdomainController::class, $adminCondition);
$this->router->delete('/api/subdomains/{subdomain}', DeleteSubdomainController::class, $adminCondition);
$this->router->post('/api/hostnames', StoreHostnameController::class, $adminCondition);
$this->router->delete('/api/hostnames/{hostname}', DeleteHostnameController::class, $adminCondition);
$this->router->delete('/api/users/{id}', DeleteUsersController::class, $adminCondition);
$this->router->get('/api/sites', GetSitesController::class, $adminCondition);
$this->router->delete('/api/sites/{id}', DisconnectSiteController::class, $adminCondition);
@@ -177,6 +182,7 @@ class Factory
->bindSubdomainGenerator()
->bindUserRepository()
->bindSubdomainRepository()
->bindHostnameRepository()
->bindDatabase()
->ensureDatabaseIsInitialized()
->bindConnectionManager()
@@ -222,6 +228,15 @@ class Factory
return $this;
}
protected function bindHostnameRepository()
{
app()->singleton(HostnameRepository::class, function () {
return app(config('expose.admin.hostname_repository'));
});
return $this;
}
protected function bindDatabase()
{
app()->singleton(DatabaseInterface::class, function () {
@@ -248,6 +263,7 @@ class Factory
->files()
->ignoreDotFiles(true)
->in(database_path('migrations'))
->sortByName()
->name('*.sql');
/** @var SplFileInfo $migration */

132
app/Server/HostnameRepository/DatabaseHostnameRepository.php Normal file
View File

@@ -0,0 +1,132 @@
<?php
namespace App\Server\HostnameRepository;
use App\Contracts\HostnameRepository;
use Clue\React\SQLite\DatabaseInterface;
use Clue\React\SQLite\Result;
use React\Promise\Deferred;
use React\Promise\PromiseInterface;
class DatabaseHostnameRepository implements HostnameRepository
{
/** @var DatabaseInterface */
protected $database;
public function __construct(DatabaseInterface $database)
{
$this->database = $database;
}
public function getHostnames(): PromiseInterface
{
$deferred = new Deferred();
$this->database
->query('SELECT * FROM hostnames ORDER by created_at DESC')
->then(function (Result $result) use ($deferred) {
$deferred->resolve($result->rows);
});
return $deferred->promise();
}
public function getHostnameById($id): PromiseInterface
{
$deferred = new Deferred();
$this->database
->query('SELECT * FROM hostnames WHERE id = :id', ['id' => $id])
->then(function (Result $result) use ($deferred) {
$deferred->resolve($result->rows[0] ?? null);
});
return $deferred->promise();
}
public function getHostnameByName(string $name): PromiseInterface
{
$deferred = new Deferred();
$this->database
->query('SELECT * FROM hostnames WHERE hostname = :name', ['name' => $name])
->then(function (Result $result) use ($deferred) {
$deferred->resolve($result->rows[0] ?? null);
});
return $deferred->promise();
}
public function getHostnamesByUserId($id): PromiseInterface
{
$deferred = new Deferred();
$this->database
->query('SELECT * FROM hostnames WHERE user_id = :user_id ORDER by created_at DESC', [
'user_id' => $id,
])
->then(function (Result $result) use ($deferred) {
$deferred->resolve($result->rows);
});
return $deferred->promise();
}
public function storeHostname(array $data): PromiseInterface
{
$deferred = new Deferred();
$this->getHostnameByName($data['hostname'])
->then(function ($registeredHostname) use ($data, $deferred) {
if (! is_null($registeredHostname)) {
$deferred->resolve(null);
return;
}
$this->database->query("
INSERT INTO hostnames (user_id, hostname, created_at)
VALUES (:user_id, :hostname, DATETIME('now'))
", $data)
->then(function (Result $result) use ($deferred) {
$this->database->query('SELECT * FROM hostnames WHERE id = :id', ['id' => $result->insertId])
->then(function (Result $result) use ($deferred) {
$deferred->resolve($result->rows[0]);
});
});
});
return $deferred->promise();
}
public function getHostnamesByUserIdAndName($id, $name): PromiseInterface
{
$deferred = new Deferred();
$this->database
->query('SELECT * FROM hostnames WHERE user_id = :user_id AND hostname = :name ORDER by created_at DESC', [
'user_id' => $id,
'name' => $name,
])
->then(function (Result $result) use ($deferred) {
$deferred->resolve($result->rows);
});
return $deferred->promise();
}
public function deleteHostnameForUserId($userId, $hostnameId): PromiseInterface
{
$deferred = new Deferred();
$this->database->query('DELETE FROM hostnames WHERE id = :id AND user_id = :user_id', [
'id' => $hostnameId,
'user_id' => $userId,
])
->then(function (Result $result) use ($deferred) {
$deferred->resolve($result);
});
return $deferred->promise();
}
}

45
app/Server/Http/Controllers/Admin/DeleteHostnameController.php Normal file
View File

@@ -0,0 +1,45 @@
<?php
namespace App\Server\Http\Controllers\Admin;
use App\Contracts\HostnameRepository;
use App\Contracts\SubdomainRepository;
use App\Contracts\UserRepository;
use Illuminate\Http\Request;
use Ratchet\ConnectionInterface;
class DeleteHostnameController extends AdminController
{
protected $keepConnectionOpen = true;
/** @var HostnameRepository */
protected $hostnameRepository;
/** @var UserRepository */
protected $userRepository;
public function __construct(UserRepository $userRepository, HostnameRepository $hostnameRepository)
{
$this->userRepository = $userRepository;
$this->hostnameRepository = $hostnameRepository;
}
public function handle(Request $request, ConnectionInterface $httpConnection)
{
$this->userRepository->getUserByToken($request->get('auth_token', ''))
->then(function ($user) use ($request, $httpConnection) {
if (is_null($user)) {
$httpConnection->send(respond_json(['error' => 'The user does not exist'], 404));
$httpConnection->close();
return;
}
$this->hostnameRepository->deleteHostnameForUserId($user['id'], $request->get('hostname'))
->then(function ($deleted) use ($httpConnection) {
$httpConnection->send(respond_json(['deleted' => $deleted], 200));
$httpConnection->close();
});
});
}
}

27
app/Server/Http/Controllers/Admin/GetUserDetailsController.php
View File

@@ -2,6 +2,7 @@
namespace App\Server\Http\Controllers\Admin;
use App\Contracts\HostnameRepository;
use App\Contracts\SubdomainRepository;
use App\Contracts\UserRepository;
use Illuminate\Http\Request;
@@ -17,10 +18,14 @@ class GetUserDetailsController extends AdminController
/** @var SubdomainRepository */
protected $subdomainRepository;
public function __construct(UserRepository $userRepository, SubdomainRepository $subdomainRepository)
/** @var HostnameRepository */
protected $hostnameRepository;
public function __construct(UserRepository $userRepository, SubdomainRepository $subdomainRepository, HostnameRepository $hostnameRepository)
{
$this->userRepository = $userRepository;
$this->subdomainRepository = $subdomainRepository;
$this->hostnameRepository = $hostnameRepository;
}
public function handle(Request $request, ConnectionInterface $httpConnection)
@@ -29,15 +34,19 @@ class GetUserDetailsController extends AdminController
->getUserById($request->get('id'))
->then(function ($user) use ($httpConnection, $request) {
$this->subdomainRepository->getSubdomainsByUserId($request->get('id'))
->then(function ($subdomains) use ($httpConnection, $user) {
$httpConnection->send(
respond_json([
'user' => $user,
'subdomains' => $subdomains,
])
);
->then(function ($subdomains) use ($httpConnection, $user, $request) {
$this->hostnameRepository->getHostnamesByUserId($request->get('id'))
->then(function ($hostnames) use ($httpConnection, $user, $subdomains) {
$httpConnection->send(
respond_json([
'user' => $user,
'subdomains' => $subdomains,
'hostnames' => $hostnames,
])
);
$httpConnection->close();
$httpConnection->close();
});
});
});
}

78
app/Server/Http/Controllers/Admin/StoreHostnameController.php Normal file
View File

@@ -0,0 +1,78 @@
<?php
namespace App\Server\Http\Controllers\Admin;
use App\Contracts\HostnameRepository;
use App\Contracts\SubdomainRepository;
use App\Contracts\UserRepository;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Validator;
use Ratchet\ConnectionInterface;
class StoreHostnameController extends AdminController
{
protected $keepConnectionOpen = true;
/** @var HostnameRepository */
protected $hostnameRepository;
/** @var UserRepository */
protected $userRepository;
public function __construct(UserRepository $userRepository, HostnameRepository $hostnameRepository)
{
$this->userRepository = $userRepository;
$this->hostnameRepository = $hostnameRepository;
}
public function handle(Request $request, ConnectionInterface $httpConnection)
{
$validator = Validator::make($request->all(), [
'hostname' => 'required',
], [
'required' => 'The :attribute field is required.',
]);
if ($validator->fails()) {
$httpConnection->send(respond_json(['errors' => $validator->getMessageBag()], 401));
$httpConnection->close();
return;
}
$this->userRepository->getUserByToken($request->get('auth_token', ''))
->then(function ($user) use ($httpConnection, $request) {
if (is_null($user)) {
$httpConnection->send(respond_json(['error' => 'The user does not exist'], 404));
$httpConnection->close();
return;
}
if ($user['can_specify_hostnames'] === 0) {
$httpConnection->send(respond_json(['error' => 'The user is not allowed to reserve hostnames.'], 401));
$httpConnection->close();
return;
}
$insertData = [
'user_id' => $user['id'],
'hostname' => $request->get('hostname'),
];
$this->hostnameRepository
->storeHostname($insertData)
->then(function ($hostname) use ($httpConnection) {
if (is_null($hostname)) {
$httpConnection->send(respond_json(['error' => 'The hostname is already taken.'], 422));
$httpConnection->close();
return;
}
$httpConnection->send(respond_json(['hostname' => $hostname], 200));
$httpConnection->close();
});
});
}
}

1
app/Server/Http/Controllers/Admin/StoreUsersController.php
View File

@@ -39,6 +39,7 @@ class StoreUsersController extends AdminController
$insertData = [
'name' => $request->get('name'),
'auth_token' => (string) Str::uuid(),
'can_specify_hostnames' => (int) $request->get('can_specify_hostnames'),
'can_specify_subdomains' => (int) $request->get('can_specify_subdomains'),
'can_share_tcp_ports' => (int) $request->get('can_share_tcp_ports'),
];

106
app/Server/Http/Controllers/ControlMessageController.php
View File

@@ -4,14 +4,19 @@ namespace App\Server\Http\Controllers;
use App\Contracts\ConnectionManager;
use App\Contracts\SubdomainRepository;
use App\Contracts\HostnameRepository;
use App\Contracts\UserRepository;
use App\Http\QueryParameters;
use App\Server\Connections\ConnectionConfiguration;
use App\Server\Exceptions\NoFreePortAvailable;
use Illuminate\Support\Str;
use Ratchet\ConnectionInterface;
use Ratchet\WebSocket\MessageComponentInterface;
use React\Promise\Deferred;
use React\Promise\PromiseInterface;
use stdClass;
use function React\Promise\reject;
use function React\Promise\resolve as resolvePromise;
class ControlMessageController implements MessageComponentInterface
{
@@ -24,11 +29,15 @@ class ControlMessageController implements MessageComponentInterface
/** @var SubdomainRepository */
protected $subdomainRepository;
public function __construct(ConnectionManager $connectionManager, UserRepository $userRepository, SubdomainRepository $subdomainRepository)
/** @var HostnameRepository */
protected $hostnameRepository;
public function __construct(ConnectionManager $connectionManager, UserRepository $userRepository, SubdomainRepository $subdomainRepository, HostnameRepository $hostnameRepository)
{
$this->connectionManager = $connectionManager;
$this->userRepository = $userRepository;
$this->subdomainRepository = $subdomainRepository;
$this->hostnameRepository = $hostnameRepository;
}
/**
@@ -105,14 +114,12 @@ class ControlMessageController implements MessageComponentInterface
protected function handleHttpConnection(ConnectionInterface $connection, $data, $user = null)
{
$this->hasValidSubdomain($connection, $data->subdomain, $user)->then(function ($subdomain) use ($data, $connection) {
if ($subdomain === false) {
return;
}
$this->hasValidConfiguration($connection, $data, $user)
->then(function (ConnectionConfiguration $configuration) use ($data, $connection) {
$data->subdomain = $configuration->getSubdomain();
$data->hostname = $configuration->getHostname();
$data->subdomain = $subdomain;
$connectionInfo = $this->connectionManager->storeConnection($data->host, $data->subdomain, $connection);
$connectionInfo = $this->connectionManager->storeConnection($data->host, $data->subdomain, $data->hostname, $connection);
$this->connectionManager->limitConnectionLength($connectionInfo, config('expose.admin.maximum_connection_length'));
@@ -121,6 +128,7 @@ class ControlMessageController implements MessageComponentInterface
'data' => [
'message' => config('expose.admin.messages.message_of_the_day'),
'subdomain' => $connectionInfo->subdomain,
'hostname' => $connectionInfo->hostname,
'client_id' => $connectionInfo->client_id,
],
]));
@@ -192,7 +200,7 @@ class ControlMessageController implements MessageComponentInterface
protected function verifyAuthToken(ConnectionInterface $connection): PromiseInterface
{
if (config('expose.admin.validate_auth_tokens') !== true) {
return \React\Promise\resolve(null);
return resolvePromise(null);
}
$deferred = new Deferred();
@@ -225,7 +233,7 @@ class ControlMessageController implements MessageComponentInterface
],
]));
return \React\Promise\resolve(null);
return resolvePromise(ConnectionConfiguration::withSubdomain(null));
}
/**
@@ -246,7 +254,7 @@ class ControlMessageController implements MessageComponentInterface
]));
$connection->close();
return \React\Promise\resolve(false);
return reject(false);
}
$controlConnection = $this->connectionManager->findControlConnectionForSubdomain($subdomain);
@@ -263,14 +271,75 @@ class ControlMessageController implements MessageComponentInterface
]));
$connection->close();
return \React\Promise\resolve(false);
return reject(false);
}
return \React\Promise\resolve($subdomain);
return resolvePromise(ConnectionConfiguration::withSubdomain($subdomain));
});
}
return \React\Promise\resolve($subdomain);
return resolvePromise(ConnectionConfiguration::withSubdomain($subdomain));
}
protected function hasValidHostname(ConnectionInterface $connection, string $hostname, ?array $user): PromiseInterface
{
/**
* Check if the user can specify a custom hostname in the first place.
*/
if (! is_null($user) && $user['can_specify_hostnames'] === 0) {
$connection->send(json_encode([
'event' => 'info',
'data' => [
'message' => config('expose.admin.messages.custom_hostname_unauthorized').PHP_EOL,
],
]));
return reject();
}
/**
* Check if the given hostname is reserved for a different user.
*/
return $this->hostnameRepository->getHostnamesByUserId($user['id'])
->then(function ($foundHostnames) use ($connection, $hostname, $user) {
$foundHostname = collect($foundHostnames)->first(function ($foundHostname) use ($hostname) {
return Str::is($foundHostname['hostname'], $hostname);
});
if (is_null($foundHostname)) {
$message = config('expose.admin.messages.hostname_invalid');
$message = str_replace(':hostname', $hostname, $message);
$connection->send(json_encode([
'event' => 'hostnameTaken',
'data' => [
'message' => $message,
],
]));
$connection->close();
return reject(false);
}
$controlConnection = $this->connectionManager->findControlConnectionForHostname($hostname);
if (! is_null($controlConnection)) {
$message = config('expose.admin.messages.hostname_taken');
$message = str_replace(':hostname', $hostname, $message);
$connection->send(json_encode([
'event' => 'hostnameTaken',
'data' => [
'message' => $message,
],
]));
$connection->close();
return reject(false);
}
return resolvePromise(ConnectionConfiguration::withHostname($hostname));
});
}
protected function canShareTcpPorts(ConnectionInterface $connection, $data, $user)
@@ -289,4 +358,13 @@ class ControlMessageController implements MessageComponentInterface
return true;
}
protected function hasValidConfiguration(ConnectionInterface $connection, $data, $user)
{
if (isset($data->hostname) && ! is_null($data->hostname)) {
return $this->hasValidHostname($connection, $data->hostname, $user);
}
return $this->hasValidSubdomain($connection, $data->subdomain, $user);
}
}

19
app/Server/Http/Controllers/TunnelMessageController.php
View File

@@ -36,8 +36,9 @@ class TunnelMessageController extends Controller
public function handle(Request $request, ConnectionInterface $httpConnection)
{
$subdomain = $this->detectSubdomain($request);
$hostname = $request->getHost();
if (is_null($subdomain)) {
if (is_null($subdomain) && $hostname === $this->configuration->hostname()) {
$httpConnection->send(
respond_html($this->getView($httpConnection, 'server.homepage'), 200)
);
@@ -46,7 +47,11 @@ class TunnelMessageController extends Controller
return;
}
$controlConnection = $this->connectionManager->findControlConnectionForSubdomain($subdomain);
if (! is_null($subdomain)) {
$controlConnection = $this->connectionManager->findControlConnectionForSubdomain($subdomain);
} else {
$controlConnection = $this->connectionManager->findControlConnectionForHostname($hostname);
}
if (is_null($controlConnection)) {
$httpConnection->send(
@@ -113,13 +118,19 @@ class TunnelMessageController extends Controller
$host .= ":{$this->configuration->port()}";
}
if (empty($controlConnection->subdomain)) {
$originalHost = $controlConnection->hostname;
} else {
$originalHost = "{$controlConnection->subdomain}.{$host}";
}
$request->headers->set('Host', $controlConnection->host);
$request->headers->set('X-Forwarded-Proto', $request->isSecure() ? 'https' : 'http');
$request->headers->set('X-Expose-Request-ID', uniqid());
$request->headers->set('Upgrade-Insecure-Requests', 1);
$request->headers->set('X-Exposed-By', config('app.name').' '.config('app.version'));
$request->headers->set('X-Original-Host', "{$controlConnection->subdomain}.{$host}");
$request->headers->set('X-Forwarded-Host', "{$controlConnection->subdomain}.{$host}");
$request->headers->set('X-Original-Host', $originalHost);
$request->headers->set('X-Forwarded-Host', $originalHost);
return $request;
}

4
app/Server/UserRepository/DatabaseUserRepository.php
View File

@@ -114,8 +114,8 @@ class DatabaseUserRepository implements UserRepository
$deferred = new Deferred();
$this->database->query("
INSERT INTO users (name, auth_token, can_specify_subdomains, can_share_tcp_ports, created_at)
VALUES (:name, :auth_token, :can_specify_subdomains, :can_share_tcp_ports, DATETIME('now'))
INSERT INTO users (name, auth_token, can_specify_subdomains, can_specify_hostnames, can_share_tcp_ports, created_at)
VALUES (:name, :auth_token, :can_specify_subdomains, :can_specify_hostnames, :can_share_tcp_ports, DATETIME('now'))
", $data)
->then(function (Result $result) use ($deferred) {
$this->database->query('SELECT * FROM users WHERE id = :id', ['id' => $result->insertId])