Home Esplora Aiuto
Accedi
oid
/
snowflake
mirror da https://git.torproject.org/pluggable-transports/snowflake.git/
Segui 1
Vota 0
Forka 0
File Problemi 0 Wiki
Ramo (Branch): main
Rami (Branch) Tag
snowflake
/
broker
/
http.go

http.go 6.4 KB
Permalink Cronologia Originale

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260 
  1. package main
    2. 

  2. 

  3. import (
    4. 

  4. 	"bytes"
    5. 

  5. 	"context"
    6. 

  6. 	"errors"
    7. 

  7. 	"fmt"
    8. 

  8. 	"io"
    9. 

  9. 	"log"
    10. 

  10. 	"net/http"
    11. 

  11. 	"os"
    12. 

  12. 	"time"
    13. 

  13. 

  14. 	"gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/messages"
    15. 

  15. 	"gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/util"
    16. 

  16. )
    17. 

  17. 

  18. const (
    19. 

  19. 	readLimit = 100000 // Maximum number of bytes to be read from an HTTP request
    20. 

  20. )
    21. 

  21. 

  22. // Implements the http.Handler interface
    23. 

  23. type SnowflakeHandler struct {
    24. 

  24. 	*IPC
    25. 

  25. 	handle func(*IPC, http.ResponseWriter, *http.Request)
    26. 

  26. }
    27. 

  27. 

  28. func (sh SnowflakeHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
    29. 

  29. 	w.Header().Set("Access-Control-Allow-Origin", "*")
    30. 

  30. 	w.Header().Set("Access-Control-Allow-Headers", "Origin, X-Session-ID")
    31. 

  31. 	// Return early if it's CORS preflight.
    32. 

  32. 	if "OPTIONS" == r.Method {
    33. 

  33. 		return
    34. 

  34. 	}
    35. 

  35. 	sh.handle(sh.IPC, w, r)
    36. 

  36. }
    37. 

  37. 

  38. // Implements the http.Handler interface
    39. 

  39. type MetricsHandler struct {
    40. 

  40. 	logFilename string
    41. 

  41. 	handle      func(string, http.ResponseWriter, *http.Request)
    42. 

  42. }
    43. 

  43. 

  44. func (mh MetricsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
    45. 

  45. 	w.Header().Set("Access-Control-Allow-Origin", "*")
    46. 

  46. 	w.Header().Set("Access-Control-Allow-Headers", "Origin, X-Session-ID")
    47. 

  47. 	// Return early if it's CORS preflight.
    48. 

  48. 	if "OPTIONS" == r.Method {
    49. 

  49. 		return
    50. 

  50. 	}
    51. 

  51. 	mh.handle(mh.logFilename, w, r)
    52. 

  52. }
    53. 

  53. 

  54. func robotsTxtHandler(w http.ResponseWriter, r *http.Request) {
    55. 

  55. 	w.Header().Set("Content-Type", "text/plain; charset=utf-8")
    56. 

  56. 	if _, err := w.Write([]byte("User-agent: *\nDisallow: /\n")); err != nil {
    57. 

  57. 		log.Printf("robotsTxtHandler unable to write, with this error: %v", err)
    58. 

  58. 	}
    59. 

  59. }
    60. 

  60. 

  61. func metricsHandler(metricsFilename string, w http.ResponseWriter, r *http.Request) {
    62. 

  62. 	w.Header().Set("Content-Type", "text/plain; charset=utf-8")
    63. 

  63. 

  64. 	if metricsFilename == "" {
    65. 

  65. 		http.NotFound(w, r)
    66. 

  66. 		return
    67. 

  67. 	}
    68. 

  68. 	metricsFile, err := os.OpenFile(metricsFilename, os.O_RDONLY, 0644)
    69. 

  69. 	if err != nil {
    70. 

  70. 		log.Println("Error opening metrics file for reading")
    71. 

  71. 		http.NotFound(w, r)
    72. 

  72. 		return
    73. 

  73. 	}
    74. 

  74. 

  75. 	if _, err := io.Copy(w, metricsFile); err != nil {
    76. 

  76. 		log.Printf("copying metricsFile returned error: %v", err)
    77. 

  77. 	}
    78. 

  78. }
    79. 

  79. 

  80. func debugHandler(i *IPC, w http.ResponseWriter, r *http.Request) {
    81. 

  81. 	var response string
    82. 

  82. 

  83. 	err := i.Debug(new(interface{}), &response)
    84. 

  84. 	if err != nil {
    85. 

  85. 		log.Println(err)
    86. 

  86. 		w.WriteHeader(http.StatusInternalServerError)
    87. 

  87. 		return
    88. 

  88. 	}
    89. 

  89. 

  90. 	if _, err := w.Write([]byte(response)); err != nil {
    91. 

  91. 		log.Printf("writing proxy information returned error: %v ", err)
    92. 

  92. 	}
    93. 

  93. }
    94. 

  94. 

  95. /*
    96. 

  96. For snowflake proxies to request a client from the Broker.
    97. 

  97. */
    98. 

  98. func proxyPolls(i *IPC, w http.ResponseWriter, r *http.Request) {
    99. 

  99. 	body, err := io.ReadAll(http.MaxBytesReader(w, r.Body, readLimit))
    100. 

  100. 	if err != nil {
    101. 

  101. 		log.Println("Invalid data.", err.Error())
    102. 

  102. 		w.WriteHeader(http.StatusBadRequest)
    103. 

  103. 		return
    104. 

  104. 	}
    105. 

  105. 

  106. 	arg := messages.Arg{
    107. 

  107. 		Body:       body,
    108. 

  108. 		RemoteAddr: util.GetClientIp(r),
    109. 

  109. 	}
    110. 

  110. 

  111. 	var response []byte
    112. 

  112. 	err = i.ProxyPolls(arg, &response)
    113. 

  113. 	switch {
    114. 

  114. 	case err == nil:
    115. 

  115. 	case errors.Is(err, messages.ErrBadRequest):
    116. 

  116. 		w.WriteHeader(http.StatusBadRequest)
    117. 

  117. 		return
    118. 

  118. 	case errors.Is(err, messages.ErrInternal):
    119. 

  119. 		fallthrough
    120. 

  120. 	default:
    121. 

  121. 		log.Println(err)
    122. 

  122. 		w.WriteHeader(http.StatusInternalServerError)
    123. 

  123. 		return
    124. 

  124. 	}
    125. 

  125. 

  126. 	if _, err := w.Write(response); err != nil {
    127. 

  127. 		log.Printf("proxyPolls unable to write offer with error: %v", err)
    128. 

  128. 	}
    129. 

  129. }
    130. 

  130. 

  131. /*
    132. 

  132. Expects a WebRTC SDP offer in the Request to give to an assigned
    133. 

  133. snowflake proxy, which responds with the SDP answer to be sent in
    134. 

  134. the HTTP response back to the client.
    135. 

  135. */
    136. 

  136. func clientOffers(i *IPC, w http.ResponseWriter, r *http.Request) {
    137. 

  137. 	ctx, cancel := context.WithTimeout(r.Context(), ClientTimeout*time.Second)
    138. 

  138. 	defer cancel()
    139. 

  139. 

  140. 	body, err := io.ReadAll(http.MaxBytesReader(w, r.Body, readLimit))
    141. 

  141. 	if err != nil {
    142. 

  142. 		log.Printf("Error reading client request: %s", err.Error())
    143. 

  143. 		w.WriteHeader(http.StatusBadRequest)
    144. 

  144. 		return
    145. 

  145. 	}
    146. 

  146. 

  147. 	// Handle the legacy version
    148. 

  148. 	//
    149. 

  149. 	// We support two client message formats. The legacy format is for backwards
    150. 

  150. 	// compatability and relies heavily on HTTP headers and status codes to convey
    151. 

  151. 	// information.
    152. 

  152. 	isLegacy := false
    153. 

  153. 	if len(body) > 0 && body[0] == '{' {
    154. 

  154. 		isLegacy = true
    155. 

  155. 		req := messages.ClientPollRequest{
    156. 

  156. 			Offer: string(body),
    157. 

  157. 			NAT:   r.Header.Get("Snowflake-NAT-Type"),
    158. 

  158. 		}
    159. 

  159. 		body, err = req.EncodeClientPollRequest()
    160. 

  160. 		if err != nil {
    161. 

  161. 			log.Printf("Error shimming the legacy request: %s", err.Error())
    162. 

  162. 			w.WriteHeader(http.StatusInternalServerError)
    163. 

  163. 			return
    164. 

  164. 		}
    165. 

  165. 	}
    166. 

  166. 

  167. 	arg := messages.Arg{
    168. 

  168. 		Body:             body,
    169. 

  169. 		RemoteAddr:       util.GetClientIp(r),
    170. 

  170. 		RendezvousMethod: messages.RendezvousHttp,
    171. 

  171. 		Context:          ctx,
    172. 

  172. 	}
    173. 

  173. 

  174. 	var response []byte
    175. 

  175. 	err = i.ClientOffers(arg, &response)
    176. 

  176. 	if err != nil {
    177. 

  177. 		log.Println(err)
    178. 

  178. 		w.WriteHeader(http.StatusInternalServerError)
    179. 

  179. 		return
    180. 

  180. 	}
    181. 

  181. 

  182. 	if isLegacy {
    183. 

  183. 		resp, err := messages.DecodeClientPollResponse(response)
    184. 

  184. 		if err != nil {
    185. 

  185. 			log.Println(err)
    186. 

  186. 			w.WriteHeader(http.StatusInternalServerError)
    187. 

  187. 			return
    188. 

  188. 		}
    189. 

  189. 		switch resp.Error {
    190. 

  190. 		case "":
    191. 

  191. 			response = []byte(resp.Answer)
    192. 

  192. 		case messages.StrNoProxies:
    193. 

  193. 			w.WriteHeader(http.StatusServiceUnavailable)
    194. 

  194. 			return
    195. 

  195. 		case messages.StrTimedOut:
    196. 

  196. 			w.WriteHeader(http.StatusGatewayTimeout)
    197. 

  197. 			return
    198. 

  198. 		default:
    199. 

  199. 			panic("unknown error")
    200. 

  200. 		}
    201. 

  201. 	}
    202. 

  202. 

  203. 	if _, err := w.Write(response); err != nil {
    204. 

  204. 		log.Printf("clientOffers unable to write answer with error: %v", err)
    205. 

  205. 	}
    206. 

  206. }
    207. 

  207. 

  208. /*
    209. 

  209. Expects snowflake proxies which have previously successfully received
    210. 

  210. an offer from proxyHandler to respond with an answer in an HTTP POST,
    211. 

  211. which the broker will pass back to the original client.
    212. 

  212. */
    213. 

  213. func proxyAnswers(i *IPC, w http.ResponseWriter, r *http.Request) {
    214. 

  214. 	body, err := io.ReadAll(http.MaxBytesReader(w, r.Body, readLimit))
    215. 

  215. 	if err != nil {
    216. 

  216. 		log.Println("Invalid data.", err.Error())
    217. 

  217. 		w.WriteHeader(http.StatusBadRequest)
    218. 

  218. 		return
    219. 

  219. 	}
    220. 

  220. 

  221. 	err = validateSDP(body)
    222. 

  222. 	if err != nil {
    223. 

  223. 		w.WriteHeader(http.StatusBadRequest)
    224. 

  224. 		return
    225. 

  225. 	}
    226. 

  226. 

  227. 	arg := messages.Arg{
    228. 

  228. 		Body:       body,
    229. 

  229. 		RemoteAddr: util.GetClientIp(r),
    230. 

  230. 	}
    231. 

  231. 

  232. 	var response []byte
    233. 

  233. 	err = i.ProxyAnswers(arg, &response)
    234. 

  234. 	switch {
    235. 

  235. 	case err == nil:
    236. 

  236. 	case errors.Is(err, messages.ErrBadRequest):
    237. 

  237. 		w.WriteHeader(http.StatusBadRequest)
    238. 

  238. 		return
    239. 

  239. 	case errors.Is(err, messages.ErrInternal):
    240. 

  240. 		fallthrough
    241. 

  241. 	default:
    242. 

  242. 		log.Println(err)
    243. 

  243. 		w.WriteHeader(http.StatusInternalServerError)
    244. 

  244. 		return
    245. 

  245. 	}
    246. 

  246. 

  247. 	if _, err := w.Write(response); err != nil {
    248. 

  248. 		log.Printf("proxyAnswers unable to write answer response with error: %v", err)
    249. 

  249. 	}
    250. 

  250. }
    251. 

  251. 

  252. func validateSDP(SDP []byte) error {
    253. 

  253. 	// TODO: more validation likely needed
    254. 

  254. 	if !bytes.Contains(SDP, []byte("a=candidate")) {
    255. 

  255. 		return fmt.Errorf("SDP contains no candidate")
    256. 

  256. 	}
    257. 

  257. 

  258. 	return nil
    259. 

  259. }
    260. 

  260.