kopia lustrzana https://github.com/bugout-dev/moonstream
Short version of TLS bypass, also removed access id leak
kompotkot
rodzic
1b2f60d97c
commit
fcb3671fde
|
|
@ -32,8 +32,7 @@ type Node struct {
|
|||
|
||||
mux sync.RWMutex
|
||||
|
||||
StatusReverseProxy *httputil.ReverseProxy
|
||||
GethReverseProxy *httputil.ReverseProxy
|
||||
GethReverseProxy *httputil.ReverseProxy
|
||||
}
|
||||
|
||||
type NodePool struct {
|
||||
|
|
|
|||
|
|
@ -58,8 +58,6 @@ func CheckEnvVarSet() {
|
|||
type NodeConfig struct {
|
||||
Blockchain string `json:"blockchain"`
|
||||
Endpoint string `json:"endpoint"`
|
||||
|
||||
Internal bool `json:"internal"`
|
||||
}
|
||||
|
||||
func LoadConfig(configPath string) (*[]NodeConfig, error) {
|
||||
|
|
@ -142,7 +140,7 @@ func GenerateDefaultConfig(config *ConfigPlacement) error {
|
|||
|
||||
if !config.ConfigExists {
|
||||
tempConfig := []NodeConfig{
|
||||
{Blockchain: "ethereum", Endpoint: "http://127.0.0.1:8545", Internal: true},
|
||||
{Blockchain: "ethereum", Endpoint: "http://127.0.0.1:8545"},
|
||||
}
|
||||
tempConfigJson, err := json.Marshal(tempConfig)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -80,10 +80,6 @@ func lbHandler(w http.ResponseWriter, r *http.Request) {
|
|||
r.Header.Add("X-Origin-Path", r.URL.Path)
|
||||
|
||||
switch {
|
||||
case strings.HasPrefix(r.URL.Path, fmt.Sprintf("/nb/%s/ping", blockchain)):
|
||||
r.URL.Path = "/ping"
|
||||
node.StatusReverseProxy.ServeHTTP(w, r)
|
||||
return
|
||||
case strings.HasPrefix(r.URL.Path, fmt.Sprintf("/nb/%s/jsonrpc", blockchain)):
|
||||
lbJSONRPCHandler(w, r, blockchain, node, currentClientAccess)
|
||||
return
|
||||
|
|
@ -122,9 +118,8 @@ func lbJSONRPCHandler(w http.ResponseWriter, r *http.Request, blockchain string,
|
|||
}
|
||||
}
|
||||
|
||||
// Overwrite Path so response will be returned to correct place
|
||||
r.URL.Path = "/"
|
||||
// If required detailed timeout configuration, define node.GethReverseProxy.Transport = &http.Transport{}
|
||||
// as modified structure of DefaultTransport net/http/transport/DefaultTransport
|
||||
node.GethReverseProxy.ServeHTTP(w, r)
|
||||
return
|
||||
case currentClientAccess.dataSource == "database":
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ import (
|
|||
"net/http/httputil"
|
||||
"net/url"
|
||||
"os"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
humbug "github.com/bugout-dev/humbug/go/pkg"
|
||||
|
|
@ -170,7 +171,6 @@ func Server() {
|
|||
|
||||
// Parse nodes and set list of proxies
|
||||
for i, nodeConfig := range *nodeConfig {
|
||||
|
||||
endpoint, err := url.Parse(nodeConfig.Endpoint)
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
|
|
@ -178,6 +178,18 @@ func Server() {
|
|||
}
|
||||
|
||||
proxyToEndpoint := httputil.NewSingleHostReverseProxy(endpoint)
|
||||
// If required detailed timeout configuration, define node.GethReverseProxy.Transport = &http.Transport{}
|
||||
// as modified structure of DefaultTransport net/http/transport/DefaultTransport
|
||||
director := proxyToEndpoint.Director
|
||||
proxyToEndpoint.Director = func(r *http.Request) {
|
||||
director(r)
|
||||
// Overwrite Query and Headers to not bypass nodebalancer Query and Headers
|
||||
r.URL.RawQuery = ""
|
||||
r.Header.Del(strings.Title(NB_ACCESS_ID_HEADER))
|
||||
r.Header.Del(strings.Title(NB_DATA_SOURCE_HEADER))
|
||||
// Change r.Host from nodebalancer's to end host so TLS check will be passed
|
||||
r.Host = r.URL.Host
|
||||
}
|
||||
proxyErrorHandler(proxyToEndpoint, endpoint)
|
||||
|
||||
blockchainPool.AddNode(&Node{
|
||||
|
|
|
|||
Ładowanie…
Reference in New Issue