MCPcopy Index your code
hub / github.com/koding/kite / handleProxy

Method handleProxy

tunnelproxy/proxy.go:172–225  ·  view source on GitHub ↗

handleProxy is the client side of the Tunnel (on public network).

(session sockjs.Session, req *http.Request)

Source from the content-addressed store, hash-verified

170
171// handleProxy is the client side of the Tunnel (on public network).
172func (p *Proxy) handleProxy(session sockjs.Session, req *http.Request) {
173 const ttl = time.Duration(1 * time.Hour)
174 const leeway = time.Duration(1 * time.Minute)
175
176 kiteID := req.URL.Query().Get("kiteID")
177
178 client, ok := p.kites[kiteID]
179 if !ok {
180 p.Kite.Log.Error("Remote kite is not found: %s", req.URL.String())
181 return
182 }
183
184 // TODO(rjeczalik): keep *rsa.PrivateKey in Proxy struct
185 rsaPrivate, err := jwt.ParseRSAPrivateKeyFromPEM([]byte(p.privKey))
186 if err != nil {
187 p.Kite.Log.Error("key pair encrypt error: %s", err)
188 return
189 }
190
191 tunnel := client.newTunnel(session)
192 defer tunnel.Close()
193
194 claims := jwt.MapClaims{
195 "sub": client.ID, // kite ID
196 "seq": tunnel.id, // tunnel number
197 "iat": time.Now().UTC().Unix(), // Issued At
198 "exp": time.Now().UTC().Add(ttl).Add(leeway).Unix(), // Expiration Time
199 "nbf": time.Now().UTC().Add(-leeway).Unix(), // Not Before
200 }
201
202 signed, err := jwt.NewWithClaims(jwt.GetSigningMethod("RS256"), claims).SignedString(rsaPrivate)
203 if err != nil {
204 p.Kite.Log.Error("Cannot sign token: %s", err.Error())
205 return
206 }
207
208 tunnelURL := *p.url
209 tunnelURL.Path = "/tunnel" + strings.TrimPrefix(req.URL.Path, "/proxy")
210 tunnelURL.RawQuery = "token=" + signed
211
212 _, err = client.TellWithTimeout("kite.tunnel",
213 4*time.Second, map[string]string{"url": tunnelURL.String()})
214 if err != nil {
215 p.Kite.Log.Error("Cannot open tunnel to the kite: %s err: %s", client.Kite, err.Error())
216 return
217 }
218
219 select {
220 case <-tunnel.StartNotify():
221 <-tunnel.CloseNotify()
222 case <-time.After(1 * time.Minute):
223 p.Kite.Log.Error("timeout")
224 }
225}
226
227// handleTunnel is the PrivateKite side of the Tunnel (on private network).
228func (p *Proxy) handleTunnel(session sockjs.Session, req *http.Request) {

Callers

nothing calls this directly

Calls 10

QueryMethod · 0.80
newTunnelMethod · 0.80
TellWithTimeoutMethod · 0.80
StartNotifyMethod · 0.80
GetMethod · 0.65
ErrorMethod · 0.65
AddMethod · 0.65
StringMethod · 0.45
CloseMethod · 0.45
CloseNotifyMethod · 0.45

Tested by

no test coverage detected