mirrors/wireproxy
1
0
Fork 0
mirror of https://github.com/whyvl/wireproxy.git synced 2025-04-29 19:01:42 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add support for HTTPS

Browse source
This commit is contained in:
Dmitry Pankov 2024-08-21 23:39:12 +03:00
parent cb1f39b3e5
commit a21bd62350
No known key found for this signature in database
GPG key ID: D958C2967535BA49
4 changed files with 32 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -131,6 +131,10 @@ BindAddress = 127.0.0.1:25345
#Username = ... #Username = ...
# Avoid using spaces in the password field # Avoid using spaces in the password field
#Password = ... #Password = ...
# Specifying certificate and key enables HTTPS
#CertFile = ...
#KeyFile = ...
``` ```
Alternatively, if you already have a wireguard config, you can import it in the Alternatively, if you already have a wireguard config, you can import it in the

8
config.go
View file

@ -57,6 +57,8 @@ type HTTPConfig struct {
BindAddress string BindAddress string
Username string Username string
Password string Password string
CertFile string
KeyFile string
} }
type Configuration struct { type Configuration struct {
@ -431,6 +433,12 @@ func parseHTTPConfig(section *ini.Section) (RoutineSpawner, error) {
password, _ := parseString(section, "Password") password, _ := parseString(section, "Password")
config.Password = password config.Password = password
certFile, _ := parseString(section, "CertFile")
config.CertFile = certFile
keyFile, _ := parseString(section, "KeyFile")
config.KeyFile = keyFile
return config, nil return config, nil
} }

17
http.go
View file

@ -3,6 +3,7 @@ package wireproxy
import ( import (
"bufio" "bufio"
"bytes" "bytes"
"crypto/tls"
"encoding/base64" "encoding/base64"
"fmt" "fmt"
"io" "io"
@ -23,6 +24,7 @@ type HTTPServer struct {
dial func(network, address string) (net.Conn, error) dial func(network, address string) (net.Conn, error)
authRequired bool authRequired bool
tlsRequired bool
} }
func (s *HTTPServer) authenticate(req *http.Request) (int, error) { func (s *HTTPServer) authenticate(req *http.Request) (int, error) {
@ -141,9 +143,22 @@ func (s *HTTPServer) serve(conn net.Conn) {
}() }()
} }
func (s *HTTPServer) listen(network, addr string) (net.Listener, error) {
if s.tlsRequired {
cert, err := tls.LoadX509KeyPair(s.config.CertFile, s.config.KeyFile)
if err != nil {
return nil, err
}
return tls.Listen(network, addr, &tls.Config{Certificates: []tls.Certificate{cert}})
}
return net.Listen(network, addr)
}
// ListenAndServe is used to create a listener and serve on it // ListenAndServe is used to create a listener and serve on it
func (s *HTTPServer) ListenAndServe(network, addr string) error { func (s *HTTPServer) ListenAndServe(network, addr string) error {
server, err := net.Listen(network, addr) server, err := s.listen(network, addr)
if err != nil { if err != nil {
return fmt.Errorf("listen tcp failed: %w", err) return fmt.Errorf("listen tcp failed: %w", err)
} }

4
routine.go
View file

@ -173,6 +173,10 @@ func (config *HTTPConfig) SpawnRoutine(vt *VirtualTun) {
server.authRequired = true server.authRequired = true
} }
if config.CertFile != "" && config.KeyFile != "" {
server.tlsRequired = true
}
if err := server.ListenAndServe("tcp", config.BindAddress); err != nil { if err := server.ListenAndServe("tcp", config.BindAddress); err != nil {
log.Fatal(err) log.Fatal(err)
} }