Skip to content

Commit

Permalink
tproxy web auth
Browse files Browse the repository at this point in the history
  • Loading branch information
txthinking committed Feb 14, 2023
1 parent 6b71c0a commit 314d707
Show file tree
Hide file tree
Showing 4 changed files with 191 additions and 22 deletions.
71 changes: 68 additions & 3 deletions cli/brook/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -975,7 +975,7 @@ func main() {
if err != nil {
return err
}
s, err := brook.NewQUICServer(":"+p, c.String("password"), h, c.Int("tcpTimeout"), c.Int("udpTimeout"), c.String("blockDomainList"), c.String("blockCIDR4List"), c.String("blockCIDR6List"), c.Int64("updateListInterval"), c.StringSlice("blockGeoIP"), c.Bool("withoutBrookProtocol"))
s, err := brook.NewQUICServer(":"+p, c.String("password"), h, c.Int("tcpTimeout"), c.Int("udpTimeout"), c.Bool("withoutBrookProtocol"))
if err != nil {
return err
}
Expand Down Expand Up @@ -1437,7 +1437,7 @@ func main() {
},
&cli.BoolFlag{
Name: "enableIPv6",
Usage: "Your local and server must support IPv6 both",
Usage: "deprecated",
},
&cli.BoolFlag{
Name: "doNotRunScripts",
Expand Down Expand Up @@ -1514,7 +1514,55 @@ func main() {
lock := &sync.Mutex{}
m := http.NewServeMux()
m.Handle("/", http.FileServer(http.FS(web)))
m.HandleFunc("/hasp", func(w http.ResponseWriter, r *http.Request) {
lock.Lock()
defer lock.Unlock()
_, err := os.Stat("/tmp/.brook.web.password")
if os.IsNotExist(err) {
w.Write([]byte("no"))
return
}
w.Write([]byte("yes"))
})
m.HandleFunc("/setp", func(w http.ResponseWriter, r *http.Request) {
lock.Lock()
defer lock.Unlock()
_, err := os.Stat("/tmp/.brook.web.password")
if !os.IsNotExist(err) {
http.Error(w, "file exsits", 500)
return
}
err = ioutil.WriteFile("/tmp/.brook.web.password", []byte(r.FormValue("p")), 0600)
if err != nil {
http.Error(w, err.Error(), 500)
return
}
w.WriteHeader(200)
})
m.HandleFunc("/authp", func(w http.ResponseWriter, r *http.Request) {
lock.Lock()
defer lock.Unlock()
b, err := ioutil.ReadFile("/tmp/.brook.web.password")
if err != nil {
http.Error(w, err.Error(), 500)
return
}
if string(b) != r.FormValue("p") {
http.Error(w, "web ui password wrong", 500)
return
}
w.WriteHeader(200)
})
m.HandleFunc("/start", func(w http.ResponseWriter, r *http.Request) {
b, err := ioutil.ReadFile("/root/.brook.web.password")
if err != nil {
http.Error(w, err.Error(), 500)
return
}
if string(b) != r.FormValue("p") {
http.Error(w, "web ui password wrong", 500)
return
}
s, err := os.Executable()
if err != nil {
http.Error(w, err.Error(), 500)
Expand All @@ -1523,7 +1571,6 @@ func main() {
lock.Lock()
defer lock.Unlock()
cmd = exec.Command("/bin/sh", "-c", s+" tproxy "+r.FormValue("args"))
log.Println(s + " tproxy " + r.FormValue("args"))
done := make(chan byte)
defer close(done)
errch := make(chan error)
Expand Down Expand Up @@ -1552,6 +1599,15 @@ func main() {
}
})
m.HandleFunc("/stop", func(w http.ResponseWriter, r *http.Request) {
b, err := ioutil.ReadFile("/root/.brook.web.password")
if err != nil {
http.Error(w, err.Error(), 500)
return
}
if string(b) != r.FormValue("p") {
http.Error(w, "web ui password wrong", 500)
return
}
lock.Lock()
defer lock.Unlock()
if cmd == nil {
Expand All @@ -1565,6 +1621,15 @@ func main() {
w.Write([]byte("disconnected"))
})
m.HandleFunc("/status", func(w http.ResponseWriter, r *http.Request) {
b, err := ioutil.ReadFile("/tmp/.brook.web.password")
if err != nil {
http.Error(w, err.Error(), 500)
return
}
if string(b) != r.FormValue("p") {
http.Error(w, "web ui password wrong", 500)
return
}
lock.Lock()
defer lock.Unlock()
if cmd == nil {
Expand Down
130 changes: 117 additions & 13 deletions cli/brook/static/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -35,15 +35,36 @@
bypassDomainList: localStorage.getItem("bypassDomainList") ?? "",
bypassCIDR4List: localStorage.getItem("bypassCIDR4List") ?? "",
bypassCIDR6List: localStorage.getItem("bypassCIDR6List") ?? "",
bypassGeoIP: localStorage.getItem("bypassGeoIP") ?? "",
blockDomainList: localStorage.getItem("blockDomainList") ?? "",
enableIPv6: localStorage.getItem("enableIPv6") ? true : false,
disableA: localStorage.getItem("disableA") ? true : false,
disableAAAA: localStorage.getItem("disableAAAA") ? true : false,
hasp: false,
localhasp: false,
p: "",
status: "disconnected",
ing: false,
};
},
async created() {
try {
var r = await fetch("/status");
var r = await fetch("/hasp");
if (r.status != 200) {
throw await r.text();
}
if((await r.text()) == "yes"){
this.hasp = true;
}
if(!this.hasp){
return;
}
if(localStorage.getItem("p")){
this.localhasp = true;
}
if(!this.localhasp){
return;
}
var r = await fetch(`/status?p=${encodeURIComponent(localStorage.getItem('p'))}`);
if (r.status != 200) {
throw await r.text();
}
Expand All @@ -53,6 +74,41 @@
}
},
methods: {
async setp() {
try {
if (!this.p.trim()) {
return;
}
this.ing = true;
var r = await fetch(`/setp?p=${encodeURIComponent(this.p.trim())}`);
if (r.status != 200) {
throw await r.text();
}
location.reload();
this.ing = false;
} catch (e) {
alert(`${e}`);
this.ing = false;
}
},
async authp() {
try {
if (!this.p.trim()) {
return;
}
this.ing = true;
var r = await fetch(`/authp?p=${encodeURIComponent(this.p.trim())}`);
if (r.status != 200) {
throw await r.text();
}
localStorage.setItem("p", this.p.trim());
location.reload();
this.ing = false;
} catch (e) {
alert(`${e}`);
this.ing = false;
}
},
async start() {
try {
this.ing = true;
Expand Down Expand Up @@ -105,19 +161,43 @@
} else {
localStorage.setItem("bypassCIDR6List", "");
}
if (
this.bypassGeoIP &&
this.bypassGeoIP
.split(",")
.map((v) => v.trim())
.filter((v) => v).length
) {
this.bypassGeoIP
.split(",")
.map((v) => v.trim())
.filter((v) => v)
.forEach((v) => {
s += ` --bypassGeoIP '${v}'`;
});
localStorage.setItem("bypassGeoIP", this.bypassGeoIP);
} else {
localStorage.setItem("bypassGeoIP", "");
}
if (this.blockDomainList) {
s += ` --blockDomainList '${this.blockDomainList}'`;
localStorage.setItem("blockDomainList", this.blockDomainList);
} else {
localStorage.setItem("blockDomainList", "");
}
if (this.enableIPv6) {
s += ` --enableIPv6`;
localStorage.setItem("enableIPv6", "true");
if (this.disableA) {
s += ` --disableA`;
localStorage.setItem("disableA", "true");
} else {
localStorage.setItem("enableIPv6", "");
localStorage.setItem("disableA", "");
}
var r = await fetch(`/start?args=${encodeURIComponent(s)}`);
if (this.disableAAAA) {
s += ` --disableAAAA`;
localStorage.setItem("disableAAAA", "true");
} else {
localStorage.setItem("disableAAAA", "");
}
var r = await fetch(`/start?args=${encodeURIComponent(s)}&p=${encodeURIComponent(localStorage.getItem('p'))}`);
if (r.status != 200) {
throw await r.text();
}
Expand All @@ -131,7 +211,7 @@
async stop() {
try {
this.ing = true;
var r = await fetch(`/stop`);
var r = await fetch(`/stop?p=${encodeURIComponent(localStorage.getItem('p'))}`);
if (r.status != 200) {
throw await r.text();
}
Expand All @@ -153,7 +233,7 @@
<h1>Brook</h1>
<p>brook tproxy</p>
</header>
<main>
<main v-if="hasp && localhasp">
<p>
<label>--link brook link</label><br />
<input v-model="link" placeholder="brook://..." />
Expand All @@ -174,6 +254,14 @@ <h1>Brook</h1>
<label>--dnsForBypass DNS server for resolving domains in bypass list</label><br />
<input v-model="dnsForBypass" placeholder="223.5.5.5:53" />
</p>
<p>
<label>--disableA Disable A query</label><br />
<input type="checkbox" v-model="disableA" />
</p>
<p>
<label>--disableAAAA Disable AAAA query</label><br />
<input type="checkbox" v-model="disableAAAA" />
</p>
<p>
<label>--bypassDomainList Suffix match mode</label><br />
<input v-model="bypassDomainList" placeholder="/path/to/local/file/example_domain.txt" />
Expand All @@ -187,17 +275,33 @@ <h1>Brook</h1>
<input v-model="bypassCIDR6List" placeholder="/path/to/local/file/example_cidr6.txt" />
</p>
<p>
<label>--blockDomainList Suffix match mode</label><br />
<input v-model="blockDomainList" placeholder="/path/to/local/file/example_domain.txt" />
<label>--bypassGeoIP Bypass IP by Geo country code, such as CN</label><br />
<input v-model="bypassGeoIP" placeholder="ZZ,CN" />
</p>
<p>
<label>--enableIPv6 Your local and server must support IPv6</label><br />
<input type="checkbox" v-model="enableIPv6" />
<label>--blockDomainList Suffix match mode</label><br />
<input v-model="blockDomainList" placeholder="/path/to/local/file/example_domain.txt" />
</p>
<p v-if="ing"><button disabled>Waiting...</button></p>
<p v-if="!ing && status == 'disconnected'"><button v-on:click="start">Connect</button></p>
<p v-if="!ing && status =='connected'"><button v-on:click="stop">Disconnect</button></p>
</main>
<main v-if="!hasp">
<p>
<label>Set password for web UI</label><br />
<input v-model="p" />
</p>
<p v-if="ing"><button disabled>Waiting...</button></p>
<p v-if="!ing"><button v-on:click="setp">Save</button></p>
</main>
<main v-if="hasp && !localhasp">
<p>
<label>Auth web UI</label><br />
<input v-model="p" />
</p>
<p v-if="ing"><button disabled>Waiting...</button></p>
<p v-if="!ing"><button v-on:click="authp">Auth</button></p>
</main>
<footer>
<p><a href="https://txthinking.com">txthinking.com</a> | <a href="https://github.com/txthinking">github.com/txthinking</a> | <a href="https://talks.txthinking.com">blog</a> | <a href="https://youtube.com/txthinking">youtube</a> | <a href="https://t.me/brookgroup">telegram</a> | <a href="https://t.me/txthinking_news">news</a></p>
</footer>
Expand Down
2 changes: 1 addition & 1 deletion quicserver.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ type QUICServer struct {
UDPServerConnFactory UDPServerConnFactory
}

func NewQUICServer(addr, password, domain string, tcpTimeout, udpTimeout int, blockDomainList, blockCIDR4List, blockCIDR6List string, updateListInterval int64, blockGeoIP []string, withoutbrook bool) (*QUICServer, error) {
func NewQUICServer(addr, password, domain string, tcpTimeout, udpTimeout int, withoutbrook bool) (*QUICServer, error) {
if err := limits.Raise(); err != nil {
Log(&Error{"when": "try to raise system limits", "warning": err.Error()})
}
Expand Down
10 changes: 5 additions & 5 deletions streamclient.go
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ func NewStreamClient(network string, password []byte, src string, server net.Con
}
binary.BigEndian.PutUint32(c.WB[2+16:2+16+4], uint32(i))
copy(c.WB[2+16+4:2+16+4+len(dst)], dst)
if err := c.WriteL(4 + len(dst)); err != nil {
if err := c.Write(4 + len(dst)); err != nil {
x.BP12.Put(c.cn)
x.BP2048.Put(c.WB)
return nil, err
Expand Down Expand Up @@ -150,7 +150,7 @@ func (c *StreamClient) Exchange(local net.Conn) error {
return
}
}
l, err := c.ReadL()
l, err := c.Read()
if err != nil {
return
}
Expand All @@ -169,14 +169,14 @@ func (c *StreamClient) Exchange(local net.Conn) error {
if err != nil {
return nil
}
if err := c.WriteL(l); err != nil {
if err := c.Write(l); err != nil {
return nil
}
}
return nil
}

func (c *StreamClient) WriteL(l int) error {
func (c *StreamClient) Write(l int) error {
binary.BigEndian.PutUint16(c.WB[:2], uint16(l))
c.ca.Seal(c.WB[:0], c.cn, c.WB[:2], nil)
NextNonce(c.cn)
Expand All @@ -188,7 +188,7 @@ func (c *StreamClient) WriteL(l int) error {
return nil
}

func (c *StreamClient) ReadL() (int, error) {
func (c *StreamClient) Read() (int, error) {
if _, err := io.ReadFull(c.Server, c.RB[:2+16]); err != nil {
return 0, err
}
Expand Down

0 comments on commit 314d707

Please sign in to comment.