diff options
| author | Runxi Yu <me@runxiyu.org> | 2025-03-23 12:04:27 +0800 |
|---|---|---|
| committer | Runxi Yu <me@runxiyu.org> | 2025-03-23 12:04:27 +0800 |
| commit | 137415cb5062ae3b5ce4ba8056754c1fc4febcaf (patch) | |
| tree | 95b7f7bfa04ab381e21e14a1dcd3bb1f8fc90663 | |
| parent | Separate privkey stuff (diff) | |
| download | powxy-137415cb5062ae3b5ce4ba8056754c1fc4febcaf.tar.gz powxy-137415cb5062ae3b5ce4ba8056754c1fc4febcaf.tar.zst powxy-137415cb5062ae3b5ce4ba8056754c1fc4febcaf.zip | |
Separate proxy stuff
| -rw-r--r-- | main.go | 49 | ||||
| -rw-r--r-- | proxy.go | 22 | ||||
| -rw-r--r-- | token.go | 39 |
3 files changed, 61 insertions, 49 deletions
@@ -1,30 +1,15 @@ package main import ( - "crypto/hmac" "crypto/sha256" "crypto/subtle" "encoding/base64" - "encoding/binary" "errors" "log" "net/http" - "net/http/httputil" - "net/url" "strings" - "time" ) -var reverseProxy *httputil.ReverseProxy - -func init() { - parsedURL, err := url.Parse(destHost) - if err != nil { - log.Fatal(err) - } - reverseProxy = httputil.NewSingleHostReverseProxy(parsedURL) -} - type tparams struct { UnsignedTokenBase64 string NeedBits uint @@ -127,37 +112,3 @@ func getRemoteIP(request *http.Request) (remoteIP string) { } return } - -func makeSignedToken(request *http.Request) []byte { - buf := make([]byte, 0, 2*sha256.Size) - - timeBuf := make([]byte, binary.MaxVarintLen64) - binary.PutVarint(timeBuf, time.Now().Unix()/604800) - - remoteIP := getRemoteIP(request) - - h := sha256.New() - h.Write(timeBuf) - h.Write(stringToBytes(remoteIP)) - h.Write(stringToBytes(request.Header.Get("User-Agent"))) - h.Write(stringToBytes(request.Header.Get("Accept-Encoding"))) - h.Write(stringToBytes(request.Header.Get("Accept-Language"))) - h.Write(privkeyHash) - buf = h.Sum(buf) - if len(buf) != sha256.Size { - panic("unexpected buffer length after hashing contents") - } - - mac := hmac.New(sha256.New, privkey) - mac.Write(buf) - buf = mac.Sum(buf) - if len(buf) != 2*sha256.Size { - panic("unexpected buffer length after hmac") - } - - return buf -} - -func proxyRequest(writer http.ResponseWriter, request *http.Request) { - reverseProxy.ServeHTTP(writer, request) -} diff --git a/proxy.go b/proxy.go new file mode 100644 index 0000000..30fe0b8 --- /dev/null +++ b/proxy.go @@ -0,0 +1,22 @@ +package main + +import ( + "log" + "net/http" + "net/http/httputil" + "net/url" +) + +var reverseProxy *httputil.ReverseProxy + +func init() { + parsedURL, err := url.Parse(destHost) + if err != nil { + log.Fatal(err) + } + reverseProxy = httputil.NewSingleHostReverseProxy(parsedURL) +} + +func proxyRequest(writer http.ResponseWriter, request *http.Request) { + reverseProxy.ServeHTTP(writer, request) +} diff --git a/token.go b/token.go new file mode 100644 index 0000000..74bf903 --- /dev/null +++ b/token.go @@ -0,0 +1,39 @@ +package main + +import ( + "crypto/hmac" + "crypto/sha256" + "encoding/binary" + "net/http" + "time" +) + +func makeSignedToken(request *http.Request) []byte { + buf := make([]byte, 0, 2*sha256.Size) + + timeBuf := make([]byte, binary.MaxVarintLen64) + binary.PutVarint(timeBuf, time.Now().Unix()/604800) + + remoteIP := getRemoteIP(request) + + h := sha256.New() + h.Write(timeBuf) + h.Write(stringToBytes(remoteIP)) + h.Write(stringToBytes(request.Header.Get("User-Agent"))) + h.Write(stringToBytes(request.Header.Get("Accept-Encoding"))) + h.Write(stringToBytes(request.Header.Get("Accept-Language"))) + h.Write(privkeyHash) + buf = h.Sum(buf) + if len(buf) != sha256.Size { + panic("unexpected buffer length after hashing contents") + } + + mac := hmac.New(sha256.New, privkey) + mac.Write(buf) + buf = mac.Sum(buf) + if len(buf) != 2*sha256.Size { + panic("unexpected buffer length after hmac") + } + + return buf +} |