idk/reseed-tools
1
0
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases Wiki Activity

flag for trusting proxy headers

Browse Source
This commit is contained in:
Matt Drollette
2014-12-11 15:02:18 -06:00
parent f4cb92b4fa
commit 76c594b83a
2 changed files with 23 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
cmd/reseeder.go
View File

@@ -38,12 +38,10 @@ func NewReseedCommand() cli.Command {
}, },
cli.StringFlag{ cli.StringFlag{
Name: "tlscert", Name: "tlscert",
Value: "cert.pem",
Usage: "Path to tls certificate", Usage: "Path to tls certificate",
}, },
cli.StringFlag{ cli.StringFlag{
Name: "tlskey", Name: "tlskey",
Value: "key.pem",
Usage: "Path to tls key", Usage: "Path to tls key",
}, },
cli.StringFlag{ cli.StringFlag{
@@ -61,6 +59,14 @@ func NewReseedCommand() cli.Command {
Value: "12h", Value: "12h",
Usage: "Duration between SU3 cache rebuilds (ex. 12h, 15m)", Usage: "Duration between SU3 cache rebuilds (ex. 12h, 15m)",
}, },
cli.StringFlag{
Name: "prefix",
Usage: "Prefix path for server. (ex. /netdb)",
},
cli.BoolFlag{
Name: "trustProxy",
Usage: "If provided, we will trust the 'X-Forwarded-For' header in requests (ex. behind cloudflare)",
},
}, },
} }
} }
@@ -103,17 +109,22 @@ func reseedAction(c *cli.Context) {
reseeder := reseed.NewReseeder(netdb) reseeder := reseed.NewReseeder(netdb)
reseeder.SigningKey = privKey reseeder.SigningKey = privKey
reseeder.SignerId = []byte(signerId) reseeder.SignerId = []byte(signerId)
reseeder.NumRi = c.Int("numRI") reseeder.NumRi = c.Int("numRi")
reseeder.RebuildInterval = reloadIntvl reseeder.RebuildInterval = reloadIntvl
reseeder.Start() reseeder.Start()
// create a server // create a server
server := reseed.NewServer() server := reseed.NewServer(c.String("prefix"), c.Bool("trustProxy"))
server.Reseeder = reseeder server.Reseeder = reseeder
server.Addr = net.JoinHostPort(c.String("ip"), c.String("port")) server.Addr = net.JoinHostPort(c.String("ip"), c.String("port"))
// @todo check if tls cert exists, prompt to generate a new one if not // @todo check if tls cert exists, prompt to generate a new one if not
log.Printf("Server listening on %s\n", server.Addr) log.Printf("Server listening on %s\n", server.Addr)
server.ListenAndServeTLS(c.String("tlscert"), c.String("tlskey"))
if c.String("tlscert") != "" && c.String("tlskey") != "" {
log.Fatalln(server.ListenAndServeTLS(c.String("tlscert"), c.String("tlskey")))
} else {
log.Fatalln(server.ListenAndServe())
}
} }

10
reseed/server.go
View File

@@ -23,17 +23,21 @@ type Server struct {
Reseeder Reseeder Reseeder Reseeder
} }
func NewServer() *Server { func NewServer(prefix string, trustProxy bool) *Server {
config := &tls.Config{MinVersion: tls.VersionTLS10} config := &tls.Config{MinVersion: tls.VersionTLS10}
h := &http.Server{TLSConfig: config} h := &http.Server{TLSConfig: config}
server := Server{h, nil} server := Server{h, nil}
th := throttled.RateLimit(throttled.PerHour(120), &throttled.VaryBy{RemoteAddr: true}, store.NewMemStore(10000)) th := throttled.RateLimit(throttled.PerHour(120), &throttled.VaryBy{RemoteAddr: true}, store.NewMemStore(10000))
middlewareChain := alice.New(proxiedMiddleware, loggingMiddleware, verifyMiddleware, th.Throttle) middlewareChain := alice.New()
if trustProxy {
middlewareChain.Append(proxiedMiddleware)
}
middlewareChain.Append(loggingMiddleware, verifyMiddleware, th.Throttle)
mux := http.NewServeMux() mux := http.NewServeMux()
mux.Handle("/i2pseeds.su3", middlewareChain.Then(http.HandlerFunc(server.reseedHandler))) mux.Handle(prefix+"/i2pseeds.su3", middlewareChain.Then(http.HandlerFunc(server.reseedHandler)))
server.Handler = mux server.Handler = mux
return &server return &server