handleProxy is the client side of the Tunnel (on public network).
(session sockjs.Session, req *http.Request)
| 170 | |
| 171 | // handleProxy is the client side of the Tunnel (on public network). |
| 172 | func (p *Proxy) handleProxy(session sockjs.Session, req *http.Request) { |
| 173 | const ttl = time.Duration(1 * time.Hour) |
| 174 | const leeway = time.Duration(1 * time.Minute) |
| 175 | |
| 176 | kiteID := req.URL.Query().Get("kiteID") |
| 177 | |
| 178 | client, ok := p.kites[kiteID] |
| 179 | if !ok { |
| 180 | p.Kite.Log.Error("Remote kite is not found: %s", req.URL.String()) |
| 181 | return |
| 182 | } |
| 183 | |
| 184 | // TODO(rjeczalik): keep *rsa.PrivateKey in Proxy struct |
| 185 | rsaPrivate, err := jwt.ParseRSAPrivateKeyFromPEM([]byte(p.privKey)) |
| 186 | if err != nil { |
| 187 | p.Kite.Log.Error("key pair encrypt error: %s", err) |
| 188 | return |
| 189 | } |
| 190 | |
| 191 | tunnel := client.newTunnel(session) |
| 192 | defer tunnel.Close() |
| 193 | |
| 194 | claims := jwt.MapClaims{ |
| 195 | "sub": client.ID, // kite ID |
| 196 | "seq": tunnel.id, // tunnel number |
| 197 | "iat": time.Now().UTC().Unix(), // Issued At |
| 198 | "exp": time.Now().UTC().Add(ttl).Add(leeway).Unix(), // Expiration Time |
| 199 | "nbf": time.Now().UTC().Add(-leeway).Unix(), // Not Before |
| 200 | } |
| 201 | |
| 202 | signed, err := jwt.NewWithClaims(jwt.GetSigningMethod("RS256"), claims).SignedString(rsaPrivate) |
| 203 | if err != nil { |
| 204 | p.Kite.Log.Error("Cannot sign token: %s", err.Error()) |
| 205 | return |
| 206 | } |
| 207 | |
| 208 | tunnelURL := *p.url |
| 209 | tunnelURL.Path = "/tunnel" + strings.TrimPrefix(req.URL.Path, "/proxy") |
| 210 | tunnelURL.RawQuery = "token=" + signed |
| 211 | |
| 212 | _, err = client.TellWithTimeout("kite.tunnel", |
| 213 | 4*time.Second, map[string]string{"url": tunnelURL.String()}) |
| 214 | if err != nil { |
| 215 | p.Kite.Log.Error("Cannot open tunnel to the kite: %s err: %s", client.Kite, err.Error()) |
| 216 | return |
| 217 | } |
| 218 | |
| 219 | select { |
| 220 | case <-tunnel.StartNotify(): |
| 221 | <-tunnel.CloseNotify() |
| 222 | case <-time.After(1 * time.Minute): |
| 223 | p.Kite.Log.Error("timeout") |
| 224 | } |
| 225 | } |
| 226 | |
| 227 | // handleTunnel is the PrivateKite side of the Tunnel (on private network). |
| 228 | func (p *Proxy) handleTunnel(session sockjs.Session, req *http.Request) { |
nothing calls this directly
no test coverage detected