bitinflow/expose
1
0
Fork 0
mirror of https://github.com/bitinflow/expose.git synced 2026-03-14 22:15:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow users to specify custom hostnames

Browse Source
This commit is contained in:
Marcel Pociot
2020-11-01 22:40:17 +01:00
parent 5b7a80bb0c
commit cec52c4229
28 changed files with 913 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
app/Server/Http/Controllers/Admin/DeleteHostnameController.php Normal file
View File

@@ -0,0 +1,45 @@
<?php
namespace App\Server\Http\Controllers\Admin;
use App\Contracts\HostnameRepository;
use App\Contracts\SubdomainRepository;
use App\Contracts\UserRepository;
use Illuminate\Http\Request;
use Ratchet\ConnectionInterface;
class DeleteHostnameController extends AdminController
{
protected $keepConnectionOpen = true;
/** @var HostnameRepository */
protected $hostnameRepository;
/** @var UserRepository */
protected $userRepository;
public function __construct(UserRepository $userRepository, HostnameRepository $hostnameRepository)
{
$this->userRepository = $userRepository;
$this->hostnameRepository = $hostnameRepository;
}
public function handle(Request $request, ConnectionInterface $httpConnection)
{
$this->userRepository->getUserByToken($request->get('auth_token', ''))
->then(function ($user) use ($request, $httpConnection) {
if (is_null($user)) {
$httpConnection->send(respond_json(['error' => 'The user does not exist'], 404));
$httpConnection->close();
return;
}
$this->hostnameRepository->deleteHostnameForUserId($user['id'], $request->get('hostname'))
->then(function ($deleted) use ($httpConnection) {
$httpConnection->send(respond_json(['deleted' => $deleted], 200));
$httpConnection->close();
});
});
}
}

27
app/Server/Http/Controllers/Admin/GetUserDetailsController.php
View File

@@ -2,6 +2,7 @@
namespace App\Server\Http\Controllers\Admin;
use App\Contracts\HostnameRepository;
use App\Contracts\SubdomainRepository;
use App\Contracts\UserRepository;
use Illuminate\Http\Request;
@@ -17,10 +18,14 @@ class GetUserDetailsController extends AdminController
/** @var SubdomainRepository */
protected $subdomainRepository;
public function __construct(UserRepository $userRepository, SubdomainRepository $subdomainRepository)
/** @var HostnameRepository */
protected $hostnameRepository;
public function __construct(UserRepository $userRepository, SubdomainRepository $subdomainRepository, HostnameRepository $hostnameRepository)
{
$this->userRepository = $userRepository;
$this->subdomainRepository = $subdomainRepository;
$this->hostnameRepository = $hostnameRepository;
}
public function handle(Request $request, ConnectionInterface $httpConnection)
@@ -29,15 +34,19 @@ class GetUserDetailsController extends AdminController
->getUserById($request->get('id'))
->then(function ($user) use ($httpConnection, $request) {
$this->subdomainRepository->getSubdomainsByUserId($request->get('id'))
->then(function ($subdomains) use ($httpConnection, $user) {
$httpConnection->send(
respond_json([
'user' => $user,
'subdomains' => $subdomains,
])
);
->then(function ($subdomains) use ($httpConnection, $user, $request) {
$this->hostnameRepository->getHostnamesByUserId($request->get('id'))
->then(function ($hostnames) use ($httpConnection, $user, $subdomains) {
$httpConnection->send(
respond_json([
'user' => $user,
'subdomains' => $subdomains,
'hostnames' => $hostnames,
])
);
$httpConnection->close();
$httpConnection->close();
});
});
});
}

78
app/Server/Http/Controllers/Admin/StoreHostnameController.php Normal file
View File

@@ -0,0 +1,78 @@
<?php
namespace App\Server\Http\Controllers\Admin;
use App\Contracts\HostnameRepository;
use App\Contracts\SubdomainRepository;
use App\Contracts\UserRepository;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Validator;
use Ratchet\ConnectionInterface;
class StoreHostnameController extends AdminController
{
protected $keepConnectionOpen = true;
/** @var HostnameRepository */
protected $hostnameRepository;
/** @var UserRepository */
protected $userRepository;
public function __construct(UserRepository $userRepository, HostnameRepository $hostnameRepository)
{
$this->userRepository = $userRepository;
$this->hostnameRepository = $hostnameRepository;
}
public function handle(Request $request, ConnectionInterface $httpConnection)
{
$validator = Validator::make($request->all(), [
'hostname' => 'required',
], [
'required' => 'The :attribute field is required.',
]);
if ($validator->fails()) {
$httpConnection->send(respond_json(['errors' => $validator->getMessageBag()], 401));
$httpConnection->close();
return;
}
$this->userRepository->getUserByToken($request->get('auth_token', ''))
->then(function ($user) use ($httpConnection, $request) {
if (is_null($user)) {
$httpConnection->send(respond_json(['error' => 'The user does not exist'], 404));
$httpConnection->close();
return;
}
if ($user['can_specify_hostnames'] === 0) {
$httpConnection->send(respond_json(['error' => 'The user is not allowed to reserve hostnames.'], 401));
$httpConnection->close();
return;
}
$insertData = [
'user_id' => $user['id'],
'hostname' => $request->get('hostname'),
];
$this->hostnameRepository
->storeHostname($insertData)
->then(function ($hostname) use ($httpConnection) {
if (is_null($hostname)) {
$httpConnection->send(respond_json(['error' => 'The hostname is already taken.'], 422));
$httpConnection->close();
return;
}
$httpConnection->send(respond_json(['hostname' => $hostname], 200));
$httpConnection->close();
});
});
}
}

1
app/Server/Http/Controllers/Admin/StoreUsersController.php
View File

@@ -39,6 +39,7 @@ class StoreUsersController extends AdminController
$insertData = [
'name' => $request->get('name'),
'auth_token' => (string) Str::uuid(),
'can_specify_hostnames' => (int) $request->get('can_specify_hostnames'),
'can_specify_subdomains' => (int) $request->get('can_specify_subdomains'),
'can_share_tcp_ports' => (int) $request->get('can_share_tcp_ports'),
];

106
app/Server/Http/Controllers/ControlMessageController.php
View File

@@ -4,14 +4,19 @@ namespace App\Server\Http\Controllers;
use App\Contracts\ConnectionManager;
use App\Contracts\SubdomainRepository;
use App\Contracts\HostnameRepository;
use App\Contracts\UserRepository;
use App\Http\QueryParameters;
use App\Server\Connections\ConnectionConfiguration;
use App\Server\Exceptions\NoFreePortAvailable;
use Illuminate\Support\Str;
use Ratchet\ConnectionInterface;
use Ratchet\WebSocket\MessageComponentInterface;
use React\Promise\Deferred;
use React\Promise\PromiseInterface;
use stdClass;
use function React\Promise\reject;
use function React\Promise\resolve as resolvePromise;
class ControlMessageController implements MessageComponentInterface
{
@@ -24,11 +29,15 @@ class ControlMessageController implements MessageComponentInterface
/** @var SubdomainRepository */
protected $subdomainRepository;
public function __construct(ConnectionManager $connectionManager, UserRepository $userRepository, SubdomainRepository $subdomainRepository)
/** @var HostnameRepository */
protected $hostnameRepository;
public function __construct(ConnectionManager $connectionManager, UserRepository $userRepository, SubdomainRepository $subdomainRepository, HostnameRepository $hostnameRepository)
{
$this->connectionManager = $connectionManager;
$this->userRepository = $userRepository;
$this->subdomainRepository = $subdomainRepository;
$this->hostnameRepository = $hostnameRepository;
}
/**
@@ -105,14 +114,12 @@ class ControlMessageController implements MessageComponentInterface
protected function handleHttpConnection(ConnectionInterface $connection, $data, $user = null)
{
$this->hasValidSubdomain($connection, $data->subdomain, $user)->then(function ($subdomain) use ($data, $connection) {
if ($subdomain === false) {
return;
}
$this->hasValidConfiguration($connection, $data, $user)
->then(function (ConnectionConfiguration $configuration) use ($data, $connection) {
$data->subdomain = $configuration->getSubdomain();
$data->hostname = $configuration->getHostname();
$data->subdomain = $subdomain;
$connectionInfo = $this->connectionManager->storeConnection($data->host, $data->subdomain, $connection);
$connectionInfo = $this->connectionManager->storeConnection($data->host, $data->subdomain, $data->hostname, $connection);
$this->connectionManager->limitConnectionLength($connectionInfo, config('expose.admin.maximum_connection_length'));
@@ -121,6 +128,7 @@ class ControlMessageController implements MessageComponentInterface
'data' => [
'message' => config('expose.admin.messages.message_of_the_day'),
'subdomain' => $connectionInfo->subdomain,
'hostname' => $connectionInfo->hostname,
'client_id' => $connectionInfo->client_id,
],
]));
@@ -192,7 +200,7 @@ class ControlMessageController implements MessageComponentInterface
protected function verifyAuthToken(ConnectionInterface $connection): PromiseInterface
{
if (config('expose.admin.validate_auth_tokens') !== true) {
return \React\Promise\resolve(null);
return resolvePromise(null);
}
$deferred = new Deferred();
@@ -225,7 +233,7 @@ class ControlMessageController implements MessageComponentInterface
],
]));
return \React\Promise\resolve(null);
return resolvePromise(ConnectionConfiguration::withSubdomain(null));
}
/**
@@ -246,7 +254,7 @@ class ControlMessageController implements MessageComponentInterface
]));
$connection->close();
return \React\Promise\resolve(false);
return reject(false);
}
$controlConnection = $this->connectionManager->findControlConnectionForSubdomain($subdomain);
@@ -263,14 +271,75 @@ class ControlMessageController implements MessageComponentInterface
]));
$connection->close();
return \React\Promise\resolve(false);
return reject(false);
}
return \React\Promise\resolve($subdomain);
return resolvePromise(ConnectionConfiguration::withSubdomain($subdomain));
});
}
return \React\Promise\resolve($subdomain);
return resolvePromise(ConnectionConfiguration::withSubdomain($subdomain));
}
protected function hasValidHostname(ConnectionInterface $connection, string $hostname, ?array $user): PromiseInterface
{
/**
* Check if the user can specify a custom hostname in the first place.
*/
if (! is_null($user) && $user['can_specify_hostnames'] === 0) {
$connection->send(json_encode([
'event' => 'info',
'data' => [
'message' => config('expose.admin.messages.custom_hostname_unauthorized').PHP_EOL,
],
]));
return reject();
}
/**
* Check if the given hostname is reserved for a different user.
*/
return $this->hostnameRepository->getHostnamesByUserId($user['id'])
->then(function ($foundHostnames) use ($connection, $hostname, $user) {
$foundHostname = collect($foundHostnames)->first(function ($foundHostname) use ($hostname) {
return Str::is($foundHostname['hostname'], $hostname);
});
if (is_null($foundHostname)) {
$message = config('expose.admin.messages.hostname_invalid');
$message = str_replace(':hostname', $hostname, $message);
$connection->send(json_encode([
'event' => 'hostnameTaken',
'data' => [
'message' => $message,
],
]));
$connection->close();
return reject(false);
}
$controlConnection = $this->connectionManager->findControlConnectionForHostname($hostname);
if (! is_null($controlConnection)) {
$message = config('expose.admin.messages.hostname_taken');
$message = str_replace(':hostname', $hostname, $message);
$connection->send(json_encode([
'event' => 'hostnameTaken',
'data' => [
'message' => $message,
],
]));
$connection->close();
return reject(false);
}
return resolvePromise(ConnectionConfiguration::withHostname($hostname));
});
}
protected function canShareTcpPorts(ConnectionInterface $connection, $data, $user)
@@ -289,4 +358,13 @@ class ControlMessageController implements MessageComponentInterface
return true;
}
protected function hasValidConfiguration(ConnectionInterface $connection, $data, $user)
{
if (isset($data->hostname) && ! is_null($data->hostname)) {
return $this->hasValidHostname($connection, $data->hostname, $user);
}
return $this->hasValidSubdomain($connection, $data->subdomain, $user);
}
}

19
app/Server/Http/Controllers/TunnelMessageController.php
View File

@@ -36,8 +36,9 @@ class TunnelMessageController extends Controller
public function handle(Request $request, ConnectionInterface $httpConnection)
{
$subdomain = $this->detectSubdomain($request);
$hostname = $request->getHost();
if (is_null($subdomain)) {
if (is_null($subdomain) && $hostname === $this->configuration->hostname()) {
$httpConnection->send(
respond_html($this->getView($httpConnection, 'server.homepage'), 200)
);
@@ -46,7 +47,11 @@ class TunnelMessageController extends Controller
return;
}
$controlConnection = $this->connectionManager->findControlConnectionForSubdomain($subdomain);
if (! is_null($subdomain)) {
$controlConnection = $this->connectionManager->findControlConnectionForSubdomain($subdomain);
} else {
$controlConnection = $this->connectionManager->findControlConnectionForHostname($hostname);
}
if (is_null($controlConnection)) {
$httpConnection->send(
@@ -113,13 +118,19 @@ class TunnelMessageController extends Controller
$host .= ":{$this->configuration->port()}";
}
if (empty($controlConnection->subdomain)) {
$originalHost = $controlConnection->hostname;
} else {
$originalHost = "{$controlConnection->subdomain}.{$host}";
}
$request->headers->set('Host', $controlConnection->host);
$request->headers->set('X-Forwarded-Proto', $request->isSecure() ? 'https' : 'http');
$request->headers->set('X-Expose-Request-ID', uniqid());
$request->headers->set('Upgrade-Insecure-Requests', 1);
$request->headers->set('X-Exposed-By', config('app.name').' '.config('app.version'));
$request->headers->set('X-Original-Host', "{$controlConnection->subdomain}.{$host}");
$request->headers->set('X-Forwarded-Host', "{$controlConnection->subdomain}.{$host}");
$request->headers->set('X-Original-Host', $originalHost);
$request->headers->set('X-Forwarded-Host', $originalHost);
return $request;
}