mirror of
https://github.com/boringproxy/boringproxy.git
synced 2025-02-25 18:55:29 -06:00
Use random server ports for tunnels
This commit is contained in:
@@ -11,7 +11,9 @@ import (
|
||||
"golang.org/x/crypto/ssh"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
"net"
|
||||
"os/user"
|
||||
"strconv"
|
||||
"strings"
|
||||
"sync"
|
||||
)
|
||||
@@ -19,7 +21,6 @@ import (
|
||||
type TunnelManager struct {
|
||||
config *BoringProxyConfig
|
||||
db *Database
|
||||
nextPort int
|
||||
mutex *sync.Mutex
|
||||
certConfig *certmagic.Config
|
||||
user *user.User
|
||||
@@ -40,10 +41,8 @@ func NewTunnelManager(config *BoringProxyConfig, db *Database, certConfig *certm
|
||||
}
|
||||
}
|
||||
|
||||
nextPort := 9001
|
||||
|
||||
mutex := &sync.Mutex{}
|
||||
return &TunnelManager{config, db, nextPort, mutex, certConfig, user}
|
||||
return &TunnelManager{config, db, mutex, certConfig, user}
|
||||
}
|
||||
|
||||
func (m *TunnelManager) GetTunnels() map[string]Tunnel {
|
||||
@@ -81,8 +80,10 @@ func (m *TunnelManager) CreateTunnel(domain, owner string) (Tunnel, error) {
|
||||
return Tunnel{}, errors.New("Tunnel exists for domain " + domain)
|
||||
}
|
||||
|
||||
port := m.nextPort
|
||||
m.nextPort += 1
|
||||
port, err := randomPort()
|
||||
if err != nil {
|
||||
return Tunnel{}, err
|
||||
}
|
||||
|
||||
privKey, err := m.addToAuthorizedKeys(domain, port)
|
||||
if err != nil {
|
||||
@@ -218,3 +219,20 @@ func MakeSSHKeyPair() (string, string, error) {
|
||||
|
||||
return pubKey, privKeyBuf.String(), nil
|
||||
}
|
||||
|
||||
func randomPort() (int, error) {
|
||||
listener, err := net.Listen("tcp", "127.0.0.1:0")
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
|
||||
addrParts := strings.Split(listener.Addr().String(), ":")
|
||||
port, err := strconv.Atoi(addrParts[len(addrParts)-1])
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
|
||||
listener.Close()
|
||||
|
||||
return port, nil
|
||||
}
|
||||
|
||||
@@ -85,12 +85,12 @@ func (h *WebUiHandler) handleWebUiRequest(w http.ResponseWriter, r *http.Request
|
||||
return
|
||||
}
|
||||
|
||||
if !h.auth.Authorized(token) {
|
||||
tokenData, exists := h.db.GetTokenData(token)
|
||||
if !exists {
|
||||
h.sendLoginPage(w, r, 403)
|
||||
return
|
||||
}
|
||||
|
||||
tokenData, _ := h.db.GetTokenData(token)
|
||||
user, _ := h.db.GetUser(tokenData.Owner)
|
||||
|
||||
box, err := rice.FindBox("webui")
|
||||
|
||||
Reference in New Issue
Block a user