Added the ability to scope tokens to a specific client. If
enabled, this has the affect of limiting the token to being used
to list tunnels for that specific client. It can't be used for
the web UI or for any state-changing actions such as creating
new tunnels.
Removed unused CssId and moved members that should eventually be
removed from the API surface (ie internal values) to be together
so they're easier to identify later.
TakingNames.io now provides bootstrap domains, which simply
creates an A record based off the ip address of the requesting
server, without requiring any authorization. This allows
boringproxy to always use HTTPS, even when getting the admin
domain.
The requests themselves now must be retrieve from the boringproxy
server by TakingNames.io, over HTTPS. This provides several
security benefits:
* You can tell the user the request is coming from a specific
domain.
* Requests are tied to an ephemeral request-id, to prevent
prebuilt phishing links.
There is currently a single hard-coded exception for setting a
single A record for an IP address. This is needed for
bootstrapping a service that doesn't have any certs yet (ie the
boringproxy admin domain), and will need to display a big scary
message to users.
Basically working, but still needs:
* UI for selecting TLS passthrough
* Client Let's Encrypt integration for automatically getting certs.
* More testing. The changes were pretty invasive.
Just needed to add an option to allow external connections to the
ports from the server, then set the proper values in the
authorized_keys file and on the client.
Allows tunnels to specify what address the client with connect to
for upstream connections.
Also changed the tunnel-adder UI.
Also fixed a bug where invalid domains would crash. Needed to
properly return an error dialog.
Also changed order that extractToken looks for tokens. Used to
be cookies then headers then query. Now in reverse, to make it
easier to override, ie for replacing cookies during login.