mirror of
https://github.com/sorenisanerd/gotty.git
synced 2024-11-09 23:34:26 +00:00
support for client certificate
run go fmt
This commit is contained in:
Johan Gall
parent
783254c3be
commit
7e11f664d9
107
app/app.go
107
app/app.go
@ -2,6 +2,8 @@ package app
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
|
"crypto/tls"
|
||||||
|
"crypto/x509"
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
"errors"
|
"errors"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
@ -34,41 +36,45 @@ type App struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
type Options struct {
|
type Options struct {
|
||||||
Address string `hcl:"address"`
|
Address string `hcl:"address"`
|
||||||
Port string `hcl:"port"`
|
Port string `hcl:"port"`
|
||||||
PermitWrite bool `hcl:"permit_write"`
|
PermitWrite bool `hcl:"permit_write"`
|
||||||
EnableBasicAuth bool `hcl:"enable_basic_auth"`
|
EnableBasicAuth bool `hcl:"enable_basic_auth"`
|
||||||
Credential string `hcl:"credential"`
|
Credential string `hcl:"credential"`
|
||||||
EnableRandomUrl bool `hcl:"enable_random_url"`
|
EnableRandomUrl bool `hcl:"enable_random_url"`
|
||||||
RandomUrlLength int `hcl:"random_url_length"`
|
RandomUrlLength int `hcl:"random_url_length"`
|
||||||
IndexFile string `hcl:"index_file"`
|
IndexFile string `hcl:"index_file"`
|
||||||
EnableTLS bool `hcl:"enable_tls"`
|
EnableTLS bool `hcl:"enable_tls"`
|
||||||
TLSCrtFile string `hcl:"tls_crt_file"`
|
TLSCrtFile string `hcl:"tls_crt_file"`
|
||||||
TLSKeyFile string `hcl:"tls_key_file"`
|
TLSKeyFile string `hcl:"tls_key_file"`
|
||||||
TitleFormat string `hcl:"title_format"`
|
VerifyClientCert bool `hcl:"verify_client_cert"`
|
||||||
EnableReconnect bool `hcl:"enable_reconnect"`
|
ClientCAs []string `hcl:"client_cas"`
|
||||||
ReconnectTime int `hcl:"reconnect_time"`
|
TitleFormat string `hcl:"title_format"`
|
||||||
Once bool `hcl:"once"`
|
EnableReconnect bool `hcl:"enable_reconnect"`
|
||||||
Preferences map[string]interface{} `hcl:"preferences"`
|
ReconnectTime int `hcl:"reconnect_time"`
|
||||||
|
Once bool `hcl:"once"`
|
||||||
|
Preferences map[string]interface{} `hcl:"preferences"`
|
||||||
}
|
}
|
||||||
|
|
||||||
var DefaultOptions = Options{
|
var DefaultOptions = Options{
|
||||||
Address: "",
|
Address: "",
|
||||||
Port: "8080",
|
Port: "8080",
|
||||||
PermitWrite: false,
|
PermitWrite: false,
|
||||||
EnableBasicAuth: false,
|
EnableBasicAuth: false,
|
||||||
Credential: "",
|
Credential: "",
|
||||||
EnableRandomUrl: false,
|
EnableRandomUrl: false,
|
||||||
RandomUrlLength: 8,
|
RandomUrlLength: 8,
|
||||||
IndexFile: "",
|
IndexFile: "",
|
||||||
EnableTLS: false,
|
EnableTLS: false,
|
||||||
TLSCrtFile: "~/.gotty.crt",
|
TLSCrtFile: "~/.gotty.crt",
|
||||||
TLSKeyFile: "~/.gotty.key",
|
TLSKeyFile: "~/.gotty.key",
|
||||||
TitleFormat: "GoTTY - {{ .Command }} ({{ .Hostname }})",
|
VerifyClientCert: false,
|
||||||
EnableReconnect: false,
|
ClientCAs: []string{},
|
||||||
ReconnectTime: 10,
|
TitleFormat: "GoTTY - {{ .Command }} ({{ .Hostname }})",
|
||||||
Once: false,
|
EnableReconnect: false,
|
||||||
Preferences: make(map[string]interface{}),
|
ReconnectTime: 10,
|
||||||
|
Once: false,
|
||||||
|
Preferences: make(map[string]interface{}),
|
||||||
}
|
}
|
||||||
|
|
||||||
func New(command []string, options *Options) (*App, error) {
|
func New(command []string, options *Options) (*App, error) {
|
||||||
@ -186,9 +192,44 @@ func (app *App) Run() error {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
serverMaker := func() *http.Server {
|
||||||
|
return &http.Server{
|
||||||
|
Addr: endpoint,
|
||||||
|
Handler: siteHandler}
|
||||||
|
}
|
||||||
|
if app.options.VerifyClientCert && app.options.EnableTLS {
|
||||||
|
serverMaker = func() *http.Server {
|
||||||
|
clientCaPool := x509.NewCertPool()
|
||||||
|
for _, path := range app.options.ClientCAs {
|
||||||
|
pem, err := ioutil.ReadFile(path)
|
||||||
|
if err != nil {
|
||||||
|
log.Printf("Could not read pem file at: " + path)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
if clientCaPool.AppendCertsFromPEM(pem) {
|
||||||
|
log.Printf("Could not parse pem file at: " + path)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return &http.Server{
|
||||||
|
Addr: endpoint,
|
||||||
|
Handler: siteHandler,
|
||||||
|
TLSConfig: &tls.Config{
|
||||||
|
ClientAuth: tls.RequireAndVerifyClientCert,
|
||||||
|
ClientCAs: clientCaPool,
|
||||||
|
PreferServerCipherSuites: true}}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
server := serverMaker()
|
||||||
|
if server == nil {
|
||||||
|
log.Printf("Failed to build server.")
|
||||||
|
return errors.New("Failed to build server.")
|
||||||
|
}
|
||||||
|
|
||||||
var err error
|
var err error
|
||||||
app.server = manners.NewWithServer(
|
app.server = manners.NewWithServer(
|
||||||
&http.Server{Addr: endpoint, Handler: siteHandler},
|
server,
|
||||||
)
|
)
|
||||||
if app.options.EnableTLS {
|
if app.options.EnableTLS {
|
||||||
crtFile := ExpandHomeDir(app.options.TLSCrtFile)
|
crtFile := ExpandHomeDir(app.options.TLSCrtFile)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user