Startseite Erkunden Hilfe
Anmelden
oid
/
snowflake
Mirror von https://git.torproject.org/pluggable-transports/snowflake.git/
Beobachten 1
Favorit hinzufügen 0
Fork 0
Dateien Issues 0 Wiki
Struktur: ffdda1358a
Branches Tags
snowflake
/
broker
/
http.go

http.go 6.5 KB
Verlauf Originalformat

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262 
  1. package main
    2. 

  2. 

  3. import (
    4. 

  4. 	"bytes"
    5. 

  5. 	"errors"
    6. 

  6. 	"fmt"
    7. 

  7. 	"io"
    8. 

  8. 	"log"
    9. 

  9. 	"net/http"
    10. 

  10. 	"os"
    11. 

  11. 

  12. 	"gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/messages"
    13. 

  13. 	"gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/util"
    14. 

  14. )
    15. 

  15. 

  16. const (
    17. 

  17. 	readLimit = 100000 // Maximum number of bytes to be read from an HTTP request
    18. 

  18. )
    19. 

  19. 

  20. // Implements the http.Handler interface
    21. 

  21. type SnowflakeHandler struct {
    22. 

  22. 	*IPC
    23. 

  23. 	handle func(*IPC, http.ResponseWriter, *http.Request)
    24. 

  24. }
    25. 

  25. 

  26. func (sh SnowflakeHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
    27. 

  27. 	w.Header().Set("Access-Control-Allow-Origin", "*")
    28. 

  28. 	w.Header().Set("Access-Control-Allow-Headers", "Origin, X-Session-ID")
    29. 

  29. 	// Return early if it's CORS preflight.
    30. 

  30. 	if "OPTIONS" == r.Method {
    31. 

  31. 		return
    32. 

  32. 	}
    33. 

  33. 	sh.handle(sh.IPC, w, r)
    34. 

  34. }
    35. 

  35. 

  36. // Implements the http.Handler interface
    37. 

  37. type MetricsHandler struct {
    38. 

  38. 	logFilename string
    39. 

  39. 	handle      func(string, http.ResponseWriter, *http.Request)
    40. 

  40. }
    41. 

  41. 

  42. func (mh MetricsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
    43. 

  43. 	w.Header().Set("Access-Control-Allow-Origin", "*")
    44. 

  44. 	w.Header().Set("Access-Control-Allow-Headers", "Origin, X-Session-ID")
    45. 

  45. 	// Return early if it's CORS preflight.
    46. 

  46. 	if "OPTIONS" == r.Method {
    47. 

  47. 		return
    48. 

  48. 	}
    49. 

  49. 	mh.handle(mh.logFilename, w, r)
    50. 

  50. }
    51. 

  51. 

  52. func robotsTxtHandler(w http.ResponseWriter, r *http.Request) {
    53. 

  53. 	w.Header().Set("Content-Type", "text/plain; charset=utf-8")
    54. 

  54. 	if _, err := w.Write([]byte("User-agent: *\nDisallow: /\n")); err != nil {
    55. 

  55. 		log.Printf("robotsTxtHandler unable to write, with this error: %v", err)
    56. 

  56. 	}
    57. 

  57. }
    58. 

  58. 

  59. func metricsHandler(metricsFilename string, w http.ResponseWriter, r *http.Request) {
    60. 

  60. 	w.Header().Set("Content-Type", "text/plain; charset=utf-8")
    61. 

  61. 

  62. 	if metricsFilename == "" {
    63. 

  63. 		http.NotFound(w, r)
    64. 

  64. 		return
    65. 

  65. 	}
    66. 

  66. 	metricsFile, err := os.OpenFile(metricsFilename, os.O_RDONLY, 0644)
    67. 

  67. 	if err != nil {
    68. 

  68. 		log.Println("Error opening metrics file for reading")
    69. 

  69. 		http.NotFound(w, r)
    70. 

  70. 		return
    71. 

  71. 	}
    72. 

  72. 

  73. 	if _, err := io.Copy(w, metricsFile); err != nil {
    74. 

  74. 		log.Printf("copying metricsFile returned error: %v", err)
    75. 

  75. 	}
    76. 

  76. }
    77. 

  77. 

  78. func debugHandler(i *IPC, w http.ResponseWriter, r *http.Request) {
    79. 

  79. 	var response string
    80. 

  80. 

  81. 	err := i.Debug(new(interface{}), &response)
    82. 

  82. 	if err != nil {
    83. 

  83. 		log.Println(err)
    84. 

  84. 		w.WriteHeader(http.StatusInternalServerError)
    85. 

  85. 		return
    86. 

  86. 	}
    87. 

  87. 

  88. 	if _, err := w.Write([]byte(response)); err != nil {
    89. 

  89. 		log.Printf("writing proxy information returned error: %v ", err)
    90. 

  90. 	}
    91. 

  91. }
    92. 

  92. 

  93. /*
    94. 

  94. For snowflake proxies to request a client from the Broker.
    95. 

  95. */
    96. 

  96. func proxyPolls(i *IPC, w http.ResponseWriter, r *http.Request) {
    97. 

  97. 	body, err := io.ReadAll(http.MaxBytesReader(w, r.Body, readLimit))
    98. 

  98. 	if err != nil {
    99. 

  99. 		log.Println("Invalid data.", err.Error())
    100. 

  100. 		w.WriteHeader(http.StatusBadRequest)
    101. 

  101. 		return
    102. 

  102. 	}
    103. 

  103. 

  104. 	arg := messages.Arg{
    105. 

  105. 		Body:       body,
    106. 

  106. 		RemoteAddr: util.GetClientIp(r),
    107. 

  107. 	}
    108. 

  108. 

  109. 	var response []byte
    110. 

  110. 	err = i.ProxyPolls(arg, &response)
    111. 

  111. 	switch {
    112. 

  112. 	case err == nil:
    113. 

  113. 	case errors.Is(err, messages.ErrBadRequest):
    114. 

  114. 		w.WriteHeader(http.StatusBadRequest)
    115. 

  115. 		return
    116. 

  116. 	case errors.Is(err, messages.ErrInternal):
    117. 

  117. 		fallthrough
    118. 

  118. 	default:
    119. 

  119. 		log.Println(err)
    120. 

  120. 		w.WriteHeader(http.StatusInternalServerError)
    121. 

  121. 		return
    122. 

  122. 	}
    123. 

  123. 

  124. 	if _, err := w.Write(response); err != nil {
    125. 

  125. 		log.Printf("proxyPolls unable to write offer with error: %v", err)
    126. 

  126. 	}
    127. 

  127. }
    128. 

  128. 

  129. /*
    130. 

  130. Expects a WebRTC SDP offer in the Request to give to an assigned
    131. 

  131. snowflake proxy, which responds with the SDP answer to be sent in
    132. 

  132. the HTTP response back to the client.
    133. 

  133. */
    134. 

  134. func clientOffers(i *IPC, w http.ResponseWriter, r *http.Request) {
    135. 

  135. 	body, err := io.ReadAll(http.MaxBytesReader(w, r.Body, readLimit))
    136. 

  136. 	if err != nil {
    137. 

  137. 		log.Printf("Error reading client request: %s", err.Error())
    138. 

  138. 		w.WriteHeader(http.StatusBadRequest)
    139. 

  139. 		return
    140. 

  140. 	}
    141. 

  141. 

  142. 	err = validateSDP(body)
    143. 

  143. 	if err != nil {
    144. 

  144. 		log.Println("Error client SDP: ", err.Error())
    145. 

  145. 		w.WriteHeader(http.StatusBadRequest)
    146. 

  146. 		return
    147. 

  147. 	}
    148. 

  148. 

  149. 	// Handle the legacy version
    150. 

  150. 	//
    151. 

  151. 	// We support two client message formats. The legacy format is for backwards
    152. 

  152. 	// compatability and relies heavily on HTTP headers and status codes to convey
    153. 

  153. 	// information.
    154. 

  154. 	isLegacy := false
    155. 

  155. 	if len(body) > 0 && body[0] == '{' {
    156. 

  156. 		isLegacy = true
    157. 

  157. 		req := messages.ClientPollRequest{
    158. 

  158. 			Offer: string(body),
    159. 

  159. 			NAT:   r.Header.Get("Snowflake-NAT-Type"),
    160. 

  160. 		}
    161. 

  161. 		body, err = req.EncodeClientPollRequest()
    162. 

  162. 		if err != nil {
    163. 

  163. 			log.Printf("Error shimming the legacy request: %s", err.Error())
    164. 

  164. 			w.WriteHeader(http.StatusInternalServerError)
    165. 

  165. 			return
    166. 

  166. 		}
    167. 

  167. 	}
    168. 

  168. 

  169. 	arg := messages.Arg{
    170. 

  170. 		Body:             body,
    171. 

  171. 		RemoteAddr:       util.GetClientIp(r),
    172. 

  172. 		RendezvousMethod: messages.RendezvousHttp,
    173. 

  173. 	}
    174. 

  174. 

  175. 	var response []byte
    176. 

  176. 	err = i.ClientOffers(arg, &response)
    177. 

  177. 	if err != nil {
    178. 

  178. 		log.Println(err)
    179. 

  179. 		w.WriteHeader(http.StatusInternalServerError)
    180. 

  180. 		return
    181. 

  181. 	}
    182. 

  182. 

  183. 	if isLegacy {
    184. 

  184. 		resp, err := messages.DecodeClientPollResponse(response)
    185. 

  185. 		if err != nil {
    186. 

  186. 			log.Println(err)
    187. 

  187. 			w.WriteHeader(http.StatusInternalServerError)
    188. 

  188. 			return
    189. 

  189. 		}
    190. 

  190. 		switch resp.Error {
    191. 

  191. 		case "":
    192. 

  192. 			response = []byte(resp.Answer)
    193. 

  193. 		case messages.StrNoProxies:
    194. 

  194. 			w.WriteHeader(http.StatusServiceUnavailable)
    195. 

  195. 			return
    196. 

  196. 		case messages.StrTimedOut:
    197. 

  197. 			w.WriteHeader(http.StatusGatewayTimeout)
    198. 

  198. 			return
    199. 

  199. 		default:
    200. 

  200. 			panic("unknown error")
    201. 

  201. 		}
    202. 

  202. 	}
    203. 

  203. 

  204. 	if _, err := w.Write(response); err != nil {
    205. 

  205. 		log.Printf("clientOffers unable to write answer with error: %v", err)
    206. 

  206. 	}
    207. 

  207. }
    208. 

  208. 

  209. /*
    210. 

  210. Expects snowflake proxies which have previously successfully received
    211. 

  211. an offer from proxyHandler to respond with an answer in an HTTP POST,
    212. 

  212. which the broker will pass back to the original client.
    213. 

  213. */
    214. 

  214. func proxyAnswers(i *IPC, w http.ResponseWriter, r *http.Request) {
    215. 

  215. 	body, err := io.ReadAll(http.MaxBytesReader(w, r.Body, readLimit))
    216. 

  216. 	if err != nil {
    217. 

  217. 		log.Println("Invalid data.", err.Error())
    218. 

  218. 		w.WriteHeader(http.StatusBadRequest)
    219. 

  219. 		return
    220. 

  220. 	}
    221. 

  221. 

  222. 	err = validateSDP(body)
    223. 

  223. 	if err != nil {
    224. 

  224. 		log.Println("Error proxy SDP: ", err.Error())
    225. 

  225. 		w.WriteHeader(http.StatusBadRequest)
    226. 

  226. 		return
    227. 

  227. 	}
    228. 

  228. 

  229. 	arg := messages.Arg{
    230. 

  230. 		Body:       body,
    231. 

  231. 		RemoteAddr: util.GetClientIp(r),
    232. 

  232. 	}
    233. 

  233. 

  234. 	var response []byte
    235. 

  235. 	err = i.ProxyAnswers(arg, &response)
    236. 

  236. 	switch {
    237. 

  237. 	case err == nil:
    238. 

  238. 	case errors.Is(err, messages.ErrBadRequest):
    239. 

  239. 		w.WriteHeader(http.StatusBadRequest)
    240. 

  240. 		return
    241. 

  241. 	case errors.Is(err, messages.ErrInternal):
    242. 

  242. 		fallthrough
    243. 

  243. 	default:
    244. 

  244. 		log.Println(err)
    245. 

  245. 		w.WriteHeader(http.StatusInternalServerError)
    246. 

  246. 		return
    247. 

  247. 	}
    248. 

  248. 

  249. 	if _, err := w.Write(response); err != nil {
    250. 

  250. 		log.Printf("proxyAnswers unable to write answer response with error: %v", err)
    251. 

  251. 	}
    252. 

  252. }
    253. 

  253. 

  254. func validateSDP(SDP []byte) error {
    255. 

  255. 	// TODO: more validation likely needed
    256. 

  256. 	if !bytes.Contains(SDP, []byte("a=candidate")) {
    257. 

  257. 		return fmt.Errorf("SDP contains no candidate")
    258. 

  258. 	}
    259. 

  259. 

  260. 	return nil
    261. 

  261. }
    262. 

  262.