HTTP-over-Onionv3 Reseeder
This commit is contained in:
idk
@@ -6,8 +6,10 @@ import (
|
|||||||
"net"
|
"net"
|
||||||
"runtime"
|
"runtime"
|
||||||
"time"
|
"time"
|
||||||
|
"strconv"
|
||||||
|
|
||||||
"github.com/MDrollette/i2p-tools/reseed"
|
"github.com/MDrollette/i2p-tools/reseed"
|
||||||
|
"github.com/cretz/bine/tor"
|
||||||
"github.com/codegangsta/cli"
|
"github.com/codegangsta/cli"
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -25,6 +27,10 @@ func NewReseedCommand() cli.Command {
|
|||||||
Name: "tlsHost",
|
Name: "tlsHost",
|
||||||
Usage: "The public hostname used on your TLS certificate",
|
Usage: "The public hostname used on your TLS certificate",
|
||||||
},
|
},
|
||||||
|
cli.BoolFlag{
|
||||||
|
Name: "onion",
|
||||||
|
Usage: "Present an onionv3 address",
|
||||||
|
},
|
||||||
cli.StringFlag{
|
cli.StringFlag{
|
||||||
Name: "key",
|
Name: "key",
|
||||||
Usage: "Path to your su3 signing private key",
|
Usage: "Path to your su3 signing private key",
|
||||||
@@ -105,6 +111,7 @@ func reseedAction(c *cli.Context) {
|
|||||||
|
|
||||||
var tlsCert, tlsKey string
|
var tlsCert, tlsKey string
|
||||||
tlsHost := c.String("tlsHost")
|
tlsHost := c.String("tlsHost")
|
||||||
|
|
||||||
if tlsHost != "" {
|
if tlsHost != "" {
|
||||||
tlsKey = c.String("tlsKey")
|
tlsKey = c.String("tlsKey")
|
||||||
// if no key is specified, default to the host.pem in the current dir
|
// if no key is specified, default to the host.pem in the current dir
|
||||||
@@ -179,7 +186,13 @@ func reseedAction(c *cli.Context) {
|
|||||||
}()
|
}()
|
||||||
}
|
}
|
||||||
|
|
||||||
if tlsHost != "" && tlsCert != "" && tlsKey != "" {
|
if c.Bool("onion") {
|
||||||
|
port, err := strconv.Atoi(c.String("port"))
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalln(err.Error())
|
||||||
|
}
|
||||||
|
log.Fatalln(server.ListenAndServeOnion(nil, &tor.ListenConf{LocalPort: port, RemotePorts: []int{80}}))
|
||||||
|
}else if tlsHost != "" && tlsCert != "" && tlsKey != "" {
|
||||||
log.Printf("HTTPS server started on %s\n", server.Addr)
|
log.Printf("HTTPS server started on %s\n", server.Addr)
|
||||||
log.Fatalln(server.ListenAndServeTLS(tlsCert, tlsKey))
|
log.Fatalln(server.ListenAndServeTLS(tlsCert, tlsKey))
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
@@ -2,6 +2,7 @@ package reseed
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
|
"context"
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"io"
|
"io"
|
||||||
"log"
|
"log"
|
||||||
@@ -9,7 +10,9 @@ import (
|
|||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/cretz/bine/tor"
|
||||||
"github.com/gorilla/handlers"
|
"github.com/gorilla/handlers"
|
||||||
"github.com/justinas/alice"
|
"github.com/justinas/alice"
|
||||||
"gopkg.in/throttled/throttled.v2"
|
"gopkg.in/throttled/throttled.v2"
|
||||||
@@ -22,8 +25,9 @@ const (
|
|||||||
|
|
||||||
type Server struct {
|
type Server struct {
|
||||||
*http.Server
|
*http.Server
|
||||||
Reseeder Reseeder
|
Reseeder Reseeder
|
||||||
Blacklist *Blacklist
|
Blacklist *Blacklist
|
||||||
|
OnionListener *tor.OnionService
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewServer(prefix string, trustProxy bool) *Server {
|
func NewServer(prefix string, trustProxy bool) *Server {
|
||||||
@@ -110,6 +114,24 @@ func (srv *Server) ListenAndServeTLS(certFile, keyFile string) error {
|
|||||||
return srv.Serve(tlsListener)
|
return srv.Serve(tlsListener)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (srv *Server) ListenAndServeOnion(startConf *tor.StartConf, listenConf *tor.ListenConf) error {
|
||||||
|
log.Println("Starting and registering onion service, please wait a couple of minutes...")
|
||||||
|
tor, err := tor.Start(nil, startConf)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
defer tor.Close()
|
||||||
|
|
||||||
|
listenCtx, listenCancel := context.WithTimeout(context.Background(), 3*time.Minute)
|
||||||
|
defer listenCancel()
|
||||||
|
srv.OnionListener, err = tor.Listen(listenCtx, listenConf)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
log.Printf("Onionv3 server started on http://%v.onion\n", srv.OnionListener.ID)
|
||||||
|
return srv.Serve(srv.OnionListener)
|
||||||
|
}
|
||||||
|
|
||||||
func (srv *Server) reseedHandler(w http.ResponseWriter, r *http.Request) {
|
func (srv *Server) reseedHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
var peer Peer
|
var peer Peer
|
||||||
if ip, _, err := net.SplitHostPort(r.RemoteAddr); err == nil {
|
if ip, _, err := net.SplitHostPort(r.RemoteAddr); err == nil {
|
||||||
|
|||||||
@@ -60,7 +60,7 @@ func NewTLSCertificate(host string, priv *ecdsa.PrivateKey) ([]byte, error) {
|
|||||||
KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
|
KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
|
||||||
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
|
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
|
||||||
BasicConstraintsValid: true,
|
BasicConstraintsValid: true,
|
||||||
IsCA: true,
|
IsCA: true,
|
||||||
}
|
}
|
||||||
|
|
||||||
hosts := strings.Split(host, ",")
|
hosts := strings.Split(host, ",")
|
||||||
|
|||||||
@@ -85,9 +85,9 @@ func NewSigningCertificate(signerID string, privateKey *rsa.PrivateKey) ([]byte,
|
|||||||
|
|
||||||
template := &x509.Certificate{
|
template := &x509.Certificate{
|
||||||
BasicConstraintsValid: true,
|
BasicConstraintsValid: true,
|
||||||
IsCA: true,
|
IsCA: true,
|
||||||
SubjectKeyId: []byte(signerID),
|
SubjectKeyId: []byte(signerID),
|
||||||
SerialNumber: serialNumber,
|
SerialNumber: serialNumber,
|
||||||
Subject: pkix.Name{
|
Subject: pkix.Name{
|
||||||
Organization: []string{"I2P Anonymous Network"},
|
Organization: []string{"I2P Anonymous Network"},
|
||||||
OrganizationalUnit: []string{"I2P"},
|
OrganizationalUnit: []string{"I2P"},
|
||||||
|
|||||||
Reference in New Issue
Block a user