Cleanups and tweaks
This commit is contained in:
Jakob Borg
@@ -56,7 +56,6 @@ func init() {
|
||||
}
|
||||
|
||||
func startGUI(cfg config.GUIConfiguration, assetDir string, m *model.Model) error {
|
||||
var listener net.Listener
|
||||
var err error
|
||||
|
||||
cert, err := loadCert(confDir, "https-")
|
||||
@@ -74,10 +73,11 @@ func startGUI(cfg config.GUIConfiguration, assetDir string, m *model.Model) erro
|
||||
ServerName: "syncthing",
|
||||
}
|
||||
|
||||
listener, err = NewDowngradingListener(cfg.Address, tlsCfg)
|
||||
rawListener, err := net.Listen("tcp", cfg.Address)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
listener := &DowngradingListener{rawListener, tlsCfg}
|
||||
|
||||
// The GET handlers
|
||||
getRestMux := http.NewServeMux()
|
||||
@@ -139,8 +139,10 @@ func startGUI(cfg config.GUIConfiguration, assetDir string, m *model.Model) erro
|
||||
handler = basicAuthAndSessionMiddleware(cfg, handler)
|
||||
}
|
||||
|
||||
// Add our redirection middleware
|
||||
handler = redirectionMiddleware(handler, cfg.Address, cfg.UseTLS)
|
||||
// Redirect to HTTPS if we are supposed to
|
||||
if cfg.UseTLS {
|
||||
handler = redirectToHTTPSMiddleware(handler)
|
||||
}
|
||||
|
||||
go http.Serve(listener, handler)
|
||||
return nil
|
||||
@@ -159,16 +161,17 @@ func getPostHandler(get, post http.Handler) http.Handler {
|
||||
})
|
||||
}
|
||||
|
||||
func redirectionMiddleware(h http.Handler, host string, usingTLS bool) http.Handler {
|
||||
func redirectToHTTPSMiddleware(h http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if r.TLS == nil && usingTLS {
|
||||
r.URL.Host = host
|
||||
// Add a generous access-control-allow-origin header since we may be
|
||||
// redirecting REST requests over protocols
|
||||
w.Header().Add("Access-Control-Allow-Origin", "*")
|
||||
|
||||
if r.TLS == nil {
|
||||
// Redirect HTTP requests to HTTPS
|
||||
r.URL.Host = r.Host
|
||||
r.URL.Scheme = "https"
|
||||
http.Redirect(w, r, r.URL.String(), http.StatusFound)
|
||||
} else if r.TLS != nil && !usingTLS {
|
||||
r.URL.Host = host
|
||||
r.URL.Scheme = "http"
|
||||
http.Redirect(w, r, r.URL.String(), http.StatusFound)
|
||||
} else {
|
||||
h.ServeHTTP(w, r)
|
||||
}
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"bufio"
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"crypto/sha256"
|
||||
@@ -87,34 +87,26 @@ type WrappedConnection struct {
|
||||
net.Conn
|
||||
}
|
||||
|
||||
func NewDowngradingListener(address string, config *tls.Config) (net.Listener, error) {
|
||||
listener, err := net.Listen("tcp", address)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &DowngradingListener{listener, config}, nil
|
||||
}
|
||||
|
||||
func (listener *DowngradingListener) Accept() (net.Conn, error) {
|
||||
connection, err := listener.Listener.Accept()
|
||||
|
||||
func (l *DowngradingListener) Accept() (net.Conn, error) {
|
||||
conn, err := l.Listener.Accept()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var peek [1]byte
|
||||
_, err = io.ReadFull(connection, peek[:])
|
||||
br := bufio.NewReader(conn)
|
||||
bs, err := br.Peek(1)
|
||||
if err != nil {
|
||||
conn.Close()
|
||||
return nil, err
|
||||
}
|
||||
|
||||
jointReader := io.MultiReader(bytes.NewReader(peek[:]), connection)
|
||||
wrapper := &WrappedConnection{jointReader, connection}
|
||||
wrapper := &WrappedConnection{br, conn}
|
||||
|
||||
// TLS handshake starts with ASCII SYN
|
||||
if peek[0] == 22 {
|
||||
return tls.Server(wrapper, listener.TLSConfig), nil
|
||||
// 0x16 is the first byte of a TLS handshake
|
||||
if bs[0] == 0x16 {
|
||||
return tls.Server(wrapper, l.TLSConfig), nil
|
||||
}
|
||||
|
||||
return wrapper, nil
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user