kopia lustrzana https://github.com/bugout-dev/moonstream
Short version of TLS bypass, also removed access id leak
rodzic
1b2f60d97c
commit
fcb3671fde
|
@ -32,8 +32,7 @@ type Node struct {
|
||||||
|
|
||||||
mux sync.RWMutex
|
mux sync.RWMutex
|
||||||
|
|
||||||
StatusReverseProxy *httputil.ReverseProxy
|
GethReverseProxy *httputil.ReverseProxy
|
||||||
GethReverseProxy *httputil.ReverseProxy
|
|
||||||
}
|
}
|
||||||
|
|
||||||
type NodePool struct {
|
type NodePool struct {
|
||||||
|
|
|
@ -58,8 +58,6 @@ func CheckEnvVarSet() {
|
||||||
type NodeConfig struct {
|
type NodeConfig struct {
|
||||||
Blockchain string `json:"blockchain"`
|
Blockchain string `json:"blockchain"`
|
||||||
Endpoint string `json:"endpoint"`
|
Endpoint string `json:"endpoint"`
|
||||||
|
|
||||||
Internal bool `json:"internal"`
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func LoadConfig(configPath string) (*[]NodeConfig, error) {
|
func LoadConfig(configPath string) (*[]NodeConfig, error) {
|
||||||
|
@ -142,7 +140,7 @@ func GenerateDefaultConfig(config *ConfigPlacement) error {
|
||||||
|
|
||||||
if !config.ConfigExists {
|
if !config.ConfigExists {
|
||||||
tempConfig := []NodeConfig{
|
tempConfig := []NodeConfig{
|
||||||
{Blockchain: "ethereum", Endpoint: "http://127.0.0.1:8545", Internal: true},
|
{Blockchain: "ethereum", Endpoint: "http://127.0.0.1:8545"},
|
||||||
}
|
}
|
||||||
tempConfigJson, err := json.Marshal(tempConfig)
|
tempConfigJson, err := json.Marshal(tempConfig)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -80,10 +80,6 @@ func lbHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
r.Header.Add("X-Origin-Path", r.URL.Path)
|
r.Header.Add("X-Origin-Path", r.URL.Path)
|
||||||
|
|
||||||
switch {
|
switch {
|
||||||
case strings.HasPrefix(r.URL.Path, fmt.Sprintf("/nb/%s/ping", blockchain)):
|
|
||||||
r.URL.Path = "/ping"
|
|
||||||
node.StatusReverseProxy.ServeHTTP(w, r)
|
|
||||||
return
|
|
||||||
case strings.HasPrefix(r.URL.Path, fmt.Sprintf("/nb/%s/jsonrpc", blockchain)):
|
case strings.HasPrefix(r.URL.Path, fmt.Sprintf("/nb/%s/jsonrpc", blockchain)):
|
||||||
lbJSONRPCHandler(w, r, blockchain, node, currentClientAccess)
|
lbJSONRPCHandler(w, r, blockchain, node, currentClientAccess)
|
||||||
return
|
return
|
||||||
|
@ -122,9 +118,8 @@ func lbJSONRPCHandler(w http.ResponseWriter, r *http.Request, blockchain string,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Overwrite Path so response will be returned to correct place
|
||||||
r.URL.Path = "/"
|
r.URL.Path = "/"
|
||||||
// If required detailed timeout configuration, define node.GethReverseProxy.Transport = &http.Transport{}
|
|
||||||
// as modified structure of DefaultTransport net/http/transport/DefaultTransport
|
|
||||||
node.GethReverseProxy.ServeHTTP(w, r)
|
node.GethReverseProxy.ServeHTTP(w, r)
|
||||||
return
|
return
|
||||||
case currentClientAccess.dataSource == "database":
|
case currentClientAccess.dataSource == "database":
|
||||||
|
|
|
@ -12,6 +12,7 @@ import (
|
||||||
"net/http/httputil"
|
"net/http/httputil"
|
||||||
"net/url"
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
humbug "github.com/bugout-dev/humbug/go/pkg"
|
humbug "github.com/bugout-dev/humbug/go/pkg"
|
||||||
|
@ -170,7 +171,6 @@ func Server() {
|
||||||
|
|
||||||
// Parse nodes and set list of proxies
|
// Parse nodes and set list of proxies
|
||||||
for i, nodeConfig := range *nodeConfig {
|
for i, nodeConfig := range *nodeConfig {
|
||||||
|
|
||||||
endpoint, err := url.Parse(nodeConfig.Endpoint)
|
endpoint, err := url.Parse(nodeConfig.Endpoint)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Println(err)
|
fmt.Println(err)
|
||||||
|
@ -178,6 +178,18 @@ func Server() {
|
||||||
}
|
}
|
||||||
|
|
||||||
proxyToEndpoint := httputil.NewSingleHostReverseProxy(endpoint)
|
proxyToEndpoint := httputil.NewSingleHostReverseProxy(endpoint)
|
||||||
|
// If required detailed timeout configuration, define node.GethReverseProxy.Transport = &http.Transport{}
|
||||||
|
// as modified structure of DefaultTransport net/http/transport/DefaultTransport
|
||||||
|
director := proxyToEndpoint.Director
|
||||||
|
proxyToEndpoint.Director = func(r *http.Request) {
|
||||||
|
director(r)
|
||||||
|
// Overwrite Query and Headers to not bypass nodebalancer Query and Headers
|
||||||
|
r.URL.RawQuery = ""
|
||||||
|
r.Header.Del(strings.Title(NB_ACCESS_ID_HEADER))
|
||||||
|
r.Header.Del(strings.Title(NB_DATA_SOURCE_HEADER))
|
||||||
|
// Change r.Host from nodebalancer's to end host so TLS check will be passed
|
||||||
|
r.Host = r.URL.Host
|
||||||
|
}
|
||||||
proxyErrorHandler(proxyToEndpoint, endpoint)
|
proxyErrorHandler(proxyToEndpoint, endpoint)
|
||||||
|
|
||||||
blockchainPool.AddNode(&Node{
|
blockchainPool.AddNode(&Node{
|
||||||
|
|
Ładowanie…
Reference in New Issue