Cloak/internal/server/state.go

package server

import (
	"crypto"
	"encoding/base64"
	"encoding/json"
	"errors"
	"fmt"
	"github.com/cbeuw/Cloak/internal/server/usermanager"
	"io/ioutil"
	"net"
	"strings"
	"sync"
	"time"

	gmux "github.com/gorilla/mux"
)

type rawConfig struct {
	ProxyBook     map[string][]string
	BypassUID     [][]byte
	RedirAddr     string
	PrivateKey    string
	AdminUID      string
	DatabasePath  string
	StreamTimeout int
	CncMode       bool
}

// State type stores the global state of the program
type State struct {
	ProxyBook map[string]net.Addr

	BindHost string
	BindPort string

	Now      func() time.Time
	AdminUID []byte
	Timeout  time.Duration

	BypassUID map[[16]byte]struct{}
	staticPv  crypto.PrivateKey

	RedirAddr string

	usedRandomM sync.RWMutex
	usedRandom  map[[32]byte]int64

	Panel          *userPanel
	LocalAPIRouter *gmux.Router
}

func InitState(bindHost, bindPort string, nowFunc func() time.Time) (*State, error) {
	ret := &State{
		BindHost:   bindHost,
		BindPort:   bindPort,
		Now:        nowFunc,
		BypassUID:  make(map[[16]byte]struct{}),
		ProxyBook:  map[string]net.Addr{},
		usedRandom: map[[32]byte]int64{},
	}
	go ret.UsedRandomCleaner()
	return ret, nil
}

// ParseConfig parses the config (either a path to json or the json itself as argument) into a State variable
func (sta *State) ParseConfig(conf string) (err error) {
	var content []byte
	var preParse rawConfig

	content, errPath := ioutil.ReadFile(conf)
	if errPath != nil {
		errJson := json.Unmarshal(content, &preParse)
		if errJson != nil {
			return errors.New("Failed to read/unmarshal configuration, path is invalid or " + errJson.Error())
		}
	} else {
		errJson := json.Unmarshal(content, &preParse)
		if errJson != nil {
			return errors.New("Failed to read configuration file: " + errJson.Error())
		}
	}

	if preParse.CncMode {
		//TODO: implement command & control mode
	} else {
		manager, err := usermanager.MakeLocalManager(preParse.DatabasePath)
		if err != nil {
			return err
		}
		sta.Panel = MakeUserPanel(manager)
		sta.LocalAPIRouter = manager.Router
	}

	sta.RedirAddr = preParse.RedirAddr
	sta.Timeout = time.Duration(preParse.StreamTimeout) * time.Second

	for name, pair := range preParse.ProxyBook {
		if len(pair) != 2 {
			return fmt.Errorf("invalid protocol and address pair for %v: %v", name, pair)
		}
		network := strings.ToLower(pair[0])
		switch network {
		case "tcp":
			addr, err := net.ResolveTCPAddr("tcp", pair[1])
			if err != nil {
				return err
			}
			sta.ProxyBook[name] = addr
			continue
		case "udp":
			addr, err := net.ResolveUDPAddr("udp", pair[1])
			if err != nil {
				return err
			}
			sta.ProxyBook[name] = addr
			continue
		}
	}

	pvBytes, err := base64.StdEncoding.DecodeString(preParse.PrivateKey)
	if err != nil {
		return errors.New("Failed to decode private key: " + err.Error())
	}
	var pv [32]byte
	copy(pv[:], pvBytes)
	sta.staticPv = &pv

	adminUID, err := base64.StdEncoding.DecodeString(preParse.AdminUID)
	if err != nil {
		return errors.New("Failed to decode AdminUID: " + err.Error())
	}
	sta.AdminUID = adminUID

	var arrUID [16]byte
	for _, UID := range preParse.BypassUID {
		copy(arrUID[:], UID)
		sta.BypassUID[arrUID] = struct{}{}
	}
	copy(arrUID[:], adminUID)
	sta.BypassUID[arrUID] = struct{}{}
	return nil
}

// IsBypass checks if a UID is a bypass user
func (sta *State) IsBypass(UID []byte) bool {
	var arrUID [16]byte
	copy(arrUID[:], UID)
	_, exist := sta.BypassUID[arrUID]
	return exist
}

const TIMESTAMP_TOLERANCE = 180 * time.Second

const CACHE_CLEAN_INTERVAL = 12 * time.Hour

// UsedRandomCleaner clears the cache of used random fields every CACHE_CLEAN_INTERVAL
func (sta *State) UsedRandomCleaner() {
	for {
		time.Sleep(CACHE_CLEAN_INTERVAL)
		now := sta.Now()
		sta.usedRandomM.Lock()
		for key, t := range sta.usedRandom {
			if time.Unix(t, 0).Before(now.Add(TIMESTAMP_TOLERANCE)) {
				delete(sta.usedRandom, key)
			}
		}
		sta.usedRandomM.Unlock()
	}
}

func (sta *State) registerRandom(r []byte) bool {
	var random [32]byte
	copy(random[:], r)
	sta.usedRandomM.Lock()
	_, used := sta.usedRandom[random]
	sta.usedRandom[random] = sta.Now().Unix()
	sta.usedRandomM.Unlock()
	return used
}
Untested server 2018-10-09 15:07:54 +00:00			`package server`

			`import (`
Use ECDH instead of ECIES 2018-10-14 19:32:54 +00:00			`"crypto"`
Untested server 2018-10-09 15:07:54 +00:00			`"encoding/base64"`
			`"encoding/json"`
Done some TODOs 2018-12-22 23:58:03 +00:00			`"errors"`
Server side UDP to proxy server 2019-08-12 22:13:13 +00:00			`"fmt"`
Refactor usermanager 2019-08-03 10:17:09 +00:00			`"github.com/cbeuw/Cloak/internal/server/usermanager"`
Untested server 2018-10-09 15:07:54 +00:00			`"io/ioutil"`
Server side UDP to proxy server 2019-08-12 22:13:13 +00:00			`"net"`
			`"strings"`
Untested server 2018-10-09 15:07:54 +00:00			`"sync"`
			`"time"`
Implement admin control through a tunneled RESTful API 2019-07-25 11:17:29 +00:00
			`gmux "github.com/gorilla/mux"`
Untested server 2018-10-09 15:07:54 +00:00			`)`

			`type rawConfig struct {`
Add Stream Timeout 2019-08-19 22:23:41 +00:00			`ProxyBook map[string][]string`
			`BypassUID [][]byte`
			`RedirAddr string`
			`PrivateKey string`
			`AdminUID string`
			`DatabasePath string`
			`StreamTimeout int`
			`CncMode bool`
Untested server 2018-10-09 15:07:54 +00:00			`}`

			`// State type stores the global state of the program`
			`type State struct {`
Server side UDP to proxy server 2019-08-12 22:13:13 +00:00			`ProxyBook map[string]net.Addr`
Cloak 2: generalising cloak as a universal pluggable transport for arbitary proxies 2019-06-09 06:10:22 +00:00
			`BindHost string`
			`BindPort string`
Untested server 2018-10-09 15:07:54 +00:00
Rewrite user authentication, credit bookkeeping and db interaction 2019-07-22 12:42:39 +00:00			`Now func() time.Time`
			`AdminUID []byte`
Add Stream Timeout 2019-08-19 22:23:41 +00:00			`Timeout time.Duration`
Add user bypass feature 2019-08-04 20:10:59 +00:00
			`BypassUID map[[16]byte]struct{}`
			`staticPv crypto.PrivateKey`
Rewrite user authentication, credit bookkeeping and db interaction 2019-07-22 12:42:39 +00:00
			`RedirAddr string`

Use ECDH instead of ECIES 2018-10-14 19:32:54 +00:00			`usedRandomM sync.RWMutex`
Refactor usedrandom 2019-08-03 10:49:05 +00:00			`usedRandom map[[32]byte]int64`
Use ECDH instead of ECIES 2018-10-14 19:32:54 +00:00
Implement admin control through a tunneled RESTful API 2019-07-25 11:17:29 +00:00			`Panel *userPanel`
			`LocalAPIRouter *gmux.Router`
Use ECDH instead of ECIES 2018-10-14 19:32:54 +00:00			`}`

Cloak 2: generalising cloak as a universal pluggable transport for arbitary proxies 2019-06-09 06:10:22 +00:00			`func InitState(bindHost, bindPort string, nowFunc func() time.Time) (*State, error) {`
Use ECDH instead of ECIES 2018-10-14 19:32:54 +00:00			`ret := &State{`
Server side UDP to proxy server 2019-08-12 22:13:13 +00:00			`BindHost: bindHost,`
			`BindPort: bindPort,`
			`Now: nowFunc,`
			`BypassUID: make(map[[16]byte]struct{}),`
			`ProxyBook: map[string]net.Addr{},`
			`usedRandom: map[[32]byte]int64{},`
Use ECDH instead of ECIES 2018-10-14 19:32:54 +00:00			`}`
Rewrite user authentication, credit bookkeeping and db interaction 2019-07-22 12:42:39 +00:00			`go ret.UsedRandomCleaner()`
QOS and user managing, bug fixes 2018-11-07 21:16:13 +00:00			`return ret, nil`
Untested server 2018-10-09 15:07:54 +00:00			`}`

More comments 2019-08-20 21:43:04 +00:00			`// ParseConfig parses the config (either a path to json or the json itself as argument) into a State variable`
Untested server 2018-10-09 15:07:54 +00:00			`func (sta *State) ParseConfig(conf string) (err error) {`
			`var content []byte`
Cloak 2: generalising cloak as a universal pluggable transport for arbitary proxies 2019-06-09 06:10:22 +00:00			`var preParse rawConfig`

			`content, errPath := ioutil.ReadFile(conf)`
			`if errPath != nil {`
			`errJson := json.Unmarshal(content, &preParse)`
			`if errJson != nil {`
			`return errors.New("Failed to read/unmarshal configuration, path is invalid or " + errJson.Error())`
			`}`
Untested server 2018-10-09 15:07:54 +00:00			`} else {`
Cloak 2: generalising cloak as a universal pluggable transport for arbitary proxies 2019-06-09 06:10:22 +00:00			`errJson := json.Unmarshal(content, &preParse)`
			`if errJson != nil {`
			`return errors.New("Failed to read configuration file: " + errJson.Error())`
Untested server 2018-10-09 15:07:54 +00:00			`}`
			`}`

Rewrite user authentication, credit bookkeeping and db interaction 2019-07-22 12:42:39 +00:00			`if preParse.CncMode {`
Remove redundant config field 2019-07-31 13:44:34 +00:00			`//TODO: implement command & control mode`
Rewrite user authentication, credit bookkeeping and db interaction 2019-07-22 12:42:39 +00:00			`} else {`
Refactor usermanager 2019-08-03 10:17:09 +00:00			`manager, err := usermanager.MakeLocalManager(preParse.DatabasePath)`
Rewrite user authentication, credit bookkeeping and db interaction 2019-07-22 12:42:39 +00:00			`if err != nil {`
			`return err`
			`}`
			`sta.Panel = MakeUserPanel(manager)`
Implement admin control through a tunneled RESTful API 2019-07-25 11:17:29 +00:00			`sta.LocalAPIRouter = manager.Router`
User can now specify the path of db file and backups 2018-12-30 00:18:50 +00:00			`}`

Cloak 2: generalising cloak as a universal pluggable transport for arbitary proxies 2019-06-09 06:10:22 +00:00			`sta.RedirAddr = preParse.RedirAddr`
Add Stream Timeout 2019-08-19 22:23:41 +00:00			`sta.Timeout = time.Duration(preParse.StreamTimeout) * time.Second`
Server side UDP to proxy server 2019-08-12 22:13:13 +00:00
			`for name, pair := range preParse.ProxyBook {`
			`if len(pair) != 2 {`
			`return fmt.Errorf("invalid protocol and address pair for %v: %v", name, pair)`
			`}`
			`network := strings.ToLower(pair[0])`
			`switch network {`
			`case "tcp":`
			`addr, err := net.ResolveTCPAddr("tcp", pair[1])`
			`if err != nil {`
			`return err`
			`}`
			`sta.ProxyBook[name] = addr`
			`continue`
			`case "udp":`
			`addr, err := net.ResolveUDPAddr("udp", pair[1])`
			`if err != nil {`
			`return err`
			`}`
			`sta.ProxyBook[name] = addr`
			`continue`
			`}`
			`}`
Redo config format 2018-12-03 20:30:06 +00:00
			`pvBytes, err := base64.StdEncoding.DecodeString(preParse.PrivateKey)`
Use ECDH instead of ECIES 2018-10-14 19:32:54 +00:00			`if err != nil {`
Done some TODOs 2018-12-22 23:58:03 +00:00			`return errors.New("Failed to decode private key: " + err.Error())`
Use ECDH instead of ECIES 2018-10-14 19:32:54 +00:00			`}`
Redo config format 2018-12-03 20:30:06 +00:00			`var pv [32]byte`
			`copy(pv[:], pvBytes)`
			`sta.staticPv = &pv`
Basic remote control 2018-11-22 21:55:23 +00:00
Done some TODOs 2018-12-22 23:58:03 +00:00			`adminUID, err := base64.StdEncoding.DecodeString(preParse.AdminUID)`
Basic remote control 2018-11-22 21:55:23 +00:00			`if err != nil {`
Done some TODOs 2018-12-22 23:58:03 +00:00			`return errors.New("Failed to decode AdminUID: " + err.Error())`
Basic remote control 2018-11-22 21:55:23 +00:00			`}`
			`sta.AdminUID = adminUID`
Add user bypass feature 2019-08-04 20:10:59 +00:00
			`var arrUID [16]byte`
			`for _, UID := range preParse.BypassUID {`
			`copy(arrUID[:], UID)`
			`sta.BypassUID[arrUID] = struct{}{}`
			`}`
			`copy(arrUID[:], adminUID)`
			`sta.BypassUID[arrUID] = struct{}{}`
Untested server 2018-10-09 15:07:54 +00:00			`return nil`
			`}`

More comments 2019-08-20 21:43:04 +00:00			`// IsBypass checks if a UID is a bypass user`
Add user bypass feature 2019-08-04 20:10:59 +00:00			`func (sta *State) IsBypass(UID []byte) bool {`
			`var arrUID [16]byte`
			`copy(arrUID[:], UID)`
			`_, exist := sta.BypassUID[arrUID]`
			`return exist`
			`}`

Change how timestamp's validity is checked 2019-08-08 14:05:36 +00:00			`const TIMESTAMP_TOLERANCE = 180 * time.Second`

			`const CACHE_CLEAN_INTERVAL = 12 * time.Hour`
TLS1.3 2019-08-02 00:01:19 +00:00
More comments 2019-08-20 21:43:04 +00:00			`// UsedRandomCleaner clears the cache of used random fields every CACHE_CLEAN_INTERVAL`
Untested server 2018-10-09 15:07:54 +00:00			`func (sta *State) UsedRandomCleaner() {`
			`for {`
Change how timestamp's validity is checked 2019-08-08 14:05:36 +00:00			`time.Sleep(CACHE_CLEAN_INTERVAL)`
			`now := sta.Now()`
Use ECDH instead of ECIES 2018-10-14 19:32:54 +00:00			`sta.usedRandomM.Lock()`
			`for key, t := range sta.usedRandom {`
Change how timestamp's validity is checked 2019-08-08 14:05:36 +00:00			`if time.Unix(t, 0).Before(now.Add(TIMESTAMP_TOLERANCE)) {`
Use ECDH instead of ECIES 2018-10-14 19:32:54 +00:00			`delete(sta.usedRandom, key)`
Untested server 2018-10-09 15:07:54 +00:00			`}`
			`}`
Use ECDH instead of ECIES 2018-10-14 19:32:54 +00:00			`sta.usedRandomM.Unlock()`
Untested server 2018-10-09 15:07:54 +00:00			`}`
			`}`
Refactor usedrandom 2019-08-03 10:49:05 +00:00
			`func (sta *State) registerRandom(r []byte) bool {`
			`var random [32]byte`
			`copy(random[:], r)`
			`sta.usedRandomM.Lock()`
			`_, used := sta.usedRandom[random]`
			`sta.usedRandom[random] = sta.Now().Unix()`
			`sta.usedRandomM.Unlock()`
			`return used`
			`}`