--insecure for share '<public|private|reserved>' (#195)

This commit is contained in:
Michael Quigley 2023-01-30 17:38:58 -05:00
parent 6e55c33261
commit 3ec0c5ead4
No known key found for this signature in database
GPG Key ID: 9B60314A9DD20A62
4 changed files with 19 additions and 5 deletions

View File

@ -32,6 +32,7 @@ type sharePrivateCommand struct {
basicAuth []string basicAuth []string
backendMode string backendMode string
headless bool headless bool
insecure bool
cmd *cobra.Command cmd *cobra.Command
} }
@ -45,6 +46,7 @@ func newSharePrivateCommand() *sharePrivateCommand {
cmd.Flags().StringArrayVar(&command.basicAuth, "basic-auth", []string{}, "Basic authentication users (<username:password>,...") cmd.Flags().StringArrayVar(&command.basicAuth, "basic-auth", []string{}, "Basic authentication users (<username:password>,...")
cmd.Flags().StringVar(&command.backendMode, "backend-mode", "proxy", "The backend mode {proxy, web}") cmd.Flags().StringVar(&command.backendMode, "backend-mode", "proxy", "The backend mode {proxy, web}")
cmd.Flags().BoolVar(&command.headless, "headless", false, "Disable TUI and run headless") cmd.Flags().BoolVar(&command.headless, "headless", false, "Disable TUI and run headless")
cmd.Flags().BoolVar(&command.insecure, "insecure", false, "Enable insecure TLS certificate validation for <target>")
cmd.Run = command.run cmd.Run = command.run
return command return command
} }
@ -145,6 +147,7 @@ func (cmd *sharePrivateCommand) run(_ *cobra.Command, args []string) {
IdentityPath: zif, IdentityPath: zif,
EndpointAddress: target, EndpointAddress: target,
ShrToken: resp.Payload.ShrToken, ShrToken: resp.Payload.ShrToken,
Insecure: cmd.insecure,
RequestsChan: requestsChan, RequestsChan: requestsChan,
} }
_, err = cmd.proxyBackendMode(cfg) _, err = cmd.proxyBackendMode(cfg)

View File

@ -33,6 +33,7 @@ type sharePublicCommand struct {
frontendSelection []string frontendSelection []string
backendMode string backendMode string
headless bool headless bool
insecure bool
cmd *cobra.Command cmd *cobra.Command
} }
@ -47,6 +48,7 @@ func newSharePublicCommand() *sharePublicCommand {
cmd.Flags().StringArrayVar(&command.frontendSelection, "frontends", []string{"public"}, "Selected frontends to use for the share") cmd.Flags().StringArrayVar(&command.frontendSelection, "frontends", []string{"public"}, "Selected frontends to use for the share")
cmd.Flags().StringVar(&command.backendMode, "backend-mode", "proxy", "The backend mode {proxy, web}") cmd.Flags().StringVar(&command.backendMode, "backend-mode", "proxy", "The backend mode {proxy, web}")
cmd.Flags().BoolVar(&command.headless, "headless", false, "Disable TUI and run headless") cmd.Flags().BoolVar(&command.headless, "headless", false, "Disable TUI and run headless")
cmd.Flags().BoolVar(&command.insecure, "insecure", false, "Enable insecure TLS certificate validation for <target>")
cmd.Run = command.run cmd.Run = command.run
return command return command
} }
@ -148,6 +150,7 @@ func (cmd *sharePublicCommand) run(_ *cobra.Command, args []string) {
IdentityPath: zif, IdentityPath: zif,
EndpointAddress: target, EndpointAddress: target,
ShrToken: resp.Payload.ShrToken, ShrToken: resp.Payload.ShrToken,
Insecure: cmd.insecure,
RequestsChan: requestsChan, RequestsChan: requestsChan,
} }
_, err = cmd.proxyBackendMode(cfg) _, err = cmd.proxyBackendMode(cfg)

View File

@ -24,6 +24,7 @@ func init() {
type shareReservedCommand struct { type shareReservedCommand struct {
overrideEndpoint string overrideEndpoint string
headless bool headless bool
insecure bool
cmd *cobra.Command cmd *cobra.Command
} }
@ -35,6 +36,7 @@ func newShareReservedCommand() *shareReservedCommand {
command := &shareReservedCommand{cmd: cmd} command := &shareReservedCommand{cmd: cmd}
cmd.Flags().StringVar(&command.overrideEndpoint, "override-endpoint", "", "Override the stored target endpoint with a replacement") cmd.Flags().StringVar(&command.overrideEndpoint, "override-endpoint", "", "Override the stored target endpoint with a replacement")
cmd.Flags().BoolVar(&command.headless, "headless", false, "Disable TUI and run headless") cmd.Flags().BoolVar(&command.headless, "headless", false, "Disable TUI and run headless")
cmd.Flags().BoolVar(&command.insecure, "insecure", false, "Enable insecure TLS certificate validation")
cmd.Run = command.run cmd.Run = command.run
return command return command
} }
@ -110,6 +112,7 @@ func (cmd *shareReservedCommand) run(_ *cobra.Command, args []string) {
IdentityPath: zif, IdentityPath: zif,
EndpointAddress: target, EndpointAddress: target,
ShrToken: shrToken, ShrToken: shrToken,
Insecure: cmd.insecure,
RequestsChan: requestsChan, RequestsChan: requestsChan,
} }
_, err := cmd.proxyBackendMode(cfg) _, err := cmd.proxyBackendMode(cfg)

View File

@ -2,6 +2,7 @@ package proxyBackend
import ( import (
"context" "context"
"crypto/tls"
"fmt" "fmt"
"github.com/openziti/sdk-golang/ziti" "github.com/openziti/sdk-golang/ziti"
"github.com/openziti/sdk-golang/ziti/config" "github.com/openziti/sdk-golang/ziti/config"
@ -21,6 +22,7 @@ type Config struct {
IdentityPath string IdentityPath string
EndpointAddress string EndpointAddress string
ShrToken string ShrToken string
Insecure bool
RequestsChan chan *endpoints.Request RequestsChan chan *endpoints.Request
} }
@ -45,7 +47,7 @@ func NewBackend(cfg *Config) (*backend, error) {
return nil, errors.Wrap(err, "error listening") return nil, errors.Wrap(err, "error listening")
} }
proxy, err := newReverseProxy(cfg.EndpointAddress, cfg.RequestsChan) proxy, err := newReverseProxy(cfg)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -70,21 +72,24 @@ func (self *backend) Requests() func() int32 {
return self.requests return self.requests
} }
func newReverseProxy(target string, requests chan *endpoints.Request) (*httputil.ReverseProxy, error) { func newReverseProxy(cfg *Config) (*httputil.ReverseProxy, error) {
targetURL, err := url.Parse(target) targetURL, err := url.Parse(cfg.EndpointAddress)
if err != nil { if err != nil {
return nil, err return nil, err
} }
tpt := http.DefaultTransport.(*http.Transport).Clone() tpt := http.DefaultTransport.(*http.Transport).Clone()
tpt.DialContext = metricsDial tpt.DialContext = metricsDial
if cfg.Insecure {
tpt.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
}
proxy := httputil.NewSingleHostReverseProxy(targetURL) proxy := httputil.NewSingleHostReverseProxy(targetURL)
proxy.Transport = tpt proxy.Transport = tpt
director := proxy.Director director := proxy.Director
proxy.Director = func(req *http.Request) { proxy.Director = func(req *http.Request) {
if requests != nil { if cfg.RequestsChan != nil {
requests <- &endpoints.Request{ cfg.RequestsChan <- &endpoints.Request{
Stamp: time.Now(), Stamp: time.Now(),
RemoteAddr: fmt.Sprintf("%v", req.Header["X-Real-Ip"]), RemoteAddr: fmt.Sprintf("%v", req.Header["X-Real-Ip"]),
Method: req.Method, Method: req.Method,