diff options
| author | Mistivia <i@mistivia.com> | 2025-11-02 15:29:28 +0800 |
|---|---|---|
| committer | Mistivia <i@mistivia.com> | 2025-11-02 15:29:28 +0800 |
| commit | 9f42c2d5f911cb4e215d7873221e642ce7df4d61 (patch) | |
| tree | 6dac90a889a7402a9556d3d1bcc5cb53cdb9f123 /webircgateway | |
| parent | fb2d9de539b660a261af19b1cbcceb7ee7980cb1 (diff) | |
deprecate webircdateway and ngircd
Diffstat (limited to 'webircgateway')
42 files changed, 0 insertions, 4895 deletions
diff --git a/webircgateway/.gitignore b/webircgateway/.gitignore deleted file mode 100644 index 1504c66..0000000 --- a/webircgateway/.gitignore +++ /dev/null @@ -1,9 +0,0 @@ -/plugins/*.so -/vendor/ -.vscode -.idea -extensions -config.conf -*.a -*.crt -*.key
\ No newline at end of file diff --git a/webircgateway/Dockerfile b/webircgateway/Dockerfile deleted file mode 100644 index ad2a424..0000000 --- a/webircgateway/Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM scratch -COPY rootfs / -ENTRYPOINT ["/webircgateway", "--config=/conf/config.conf"] diff --git a/webircgateway/LICENSE b/webircgateway/LICENSE deleted file mode 100644 index 8dada3e..0000000 --- a/webircgateway/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/webircgateway/Makefile b/webircgateway/Makefile deleted file mode 100644 index e57124a..0000000 --- a/webircgateway/Makefile +++ /dev/null @@ -1,44 +0,0 @@ -GOCMD=go -PLUGINS=plugins/ -OUTFILE=webircgateway - -GO_VERSION=$(word 3, $(shell go version)) -GIT_COMMIT=$(shell git rev-list -1 HEAD) - -LDFLAGS=-ldflags "-X main.GITCOMMIT=$(GIT_COMMIT) -X main.BUILTWITHGO=$(GO_VERSION)" - -build-all: build-plugins build - -build: - $(GOCMD) build $(LDFLAGS) -o $(OUTFILE) -v main.go - -build-crosscompile: - GOOS=linux GOARCH=amd64 $(GOCMD) build $(LDFLAGS) -o $(OUTFILE)_linux_amd64 -v main.go - GOOS=linux GOARCH=arm64 $(GOCMD) build $(LDFLAGS) -o $(OUTFILE)_linux_arm64 -v main.go - GOOS=darwin GOARCH=amd64 $(GOCMD) build $(LDFLAGS) -o $(OUTFILE)_darwin_amd64 -v main.go - GOOS=windows GOARCH=amd64 $(GOCMD) build $(LDFLAGS) -o $(OUTFILE)_window_amd64 -v main.go - GOOS=freebsd GOARCH=amd64 $(GOCMD) build $(LDFLAGS) -o $(OUTFILE)_bsd_amd64 -v main.go - GOOS=freebsd GOARCH=arm $(GOCMD) build $(LDFLAGS) -o $(OUTFILE)_bsd_arm -v main.go - -build-plugins: - @for plugin in $(sort $(dir $(wildcard plugins/*/*.go))); do \ - plugin_name=$$plugin; \ - export plugin_name; \ - plugin_name=$$(echo $$plugin_name | cut -d'/' -f2); \ - echo Building $$plugin; \ - $(GOCMD) build -buildmode=plugin -v -o "plugins/$$plugin_name.so" plugins/$$plugin_name/*; \ - done - -run: - $(GOCMD) run main.go - -run-proxy: - $(GOCMD) run main.go -run=proxy - -build-docker: - docker run --rm -v "$$PWD":/myapp -w /myapp golang:1.13.4 make - rm -rf ./dockerbuild - mkdir -p ./dockerbuild/plugins - mv webircgateway ./dockerbuild/kiwiserver - mv plugins/*.so ./dockerbuild/plugins/ - diff --git a/webircgateway/README.md b/webircgateway/README.md deleted file mode 100644 index 4b3d345..0000000 --- a/webircgateway/README.md +++ /dev/null @@ -1,134 +0,0 @@ -# webircgateway -**A simple http/websocket gateway to IRC networks for any web client** - -<p align="center"> - <img src="/webircgateway.svg"> -</p> - -*Pre-built binaries can be downloaded from https://kiwiirc.com/downloads/index.html* - -### Features -**IRC** -* WEBIRC support -* Hexed IP / static value overrides for IRC username, realname and hostname fields -* Automatic encoding/decoding to UTF-8 from the IRCd -* Single or multiple IRC server upstreams -* Client message-tags for IRC servers that do not have message-tags support - -**WEB** -* Automatic Let's Encrypt TLS certificates -* Optional HTTP static file serving (handy to serve your web client) -* Multiple websocket / transport engine support - * Websockets (/webirc/websocket/) - * SockJS (/webirc/sockjs/) - * Kiwi IRC multi-servers (/webirc/kiwiirc/) -* Designed for wide web browser support -* HTTP Origin header whitelisting -* reCaptcha support - - -### Overview -webircgateway enables web browsers to connect to an IRC network. It does this by acting like a proxy. 1) A web browser connects to it, 2) It then connects to an IRC network, 3) The data between the two connections are then passed back and forth with any required encoding. - -Most IRC networks currently do not support websocket connections or will only support native websockets. This causes problems: -* Not all browsers support websockets -* Many antivirus and firewall software interferes with websocket connections -* Many transparent proxies block websocket connections (corporate proxies, hotel wifi access points, etc) -* Almost half the internet access is now over mobile connections. These are not as stable as landline connections and will cause a increase in ping timeouts on networks (travelling under a tunnel?) - -Further, existing IRC servers that do support native websockets complicate IRC encodings and requires the web client to handle decoding simple text streams, causing bloat and increased CPU usage in the users web browsers while ignoring older browser support. - -webircgateway aims to solve these problems by supporting different transport engines to increase browser support and improve connectivity. Web IRC clients still talk the native IRC protocol to webircgateway no matter which transport engine they use. - -The `kiwiirc` transport has been designed to work with kiwiirc to further increase the user facing experience and support multiple IRC connections over the same web connection if applicable. However, other clients may also make use of this transport engine in future. - - -### Introduced commands -Two IRC commands are available to connecting clients. These commands will be processed by webircgateway and not be sent upstream to the IRC server. - -`ENCODING CP1252` will instruct webircgateway to convert all text to the `CP1252` encoding before sending to the IRC server. See below for more information on this. - - -`HOST irc.network.org:6667` signals webircgateway to connect to `irc.network.org` on port `6667` (`+` before the port signifies TLS). This will only succeed if `gateway = true` in the webircgateway config, otherwise it will be ignored and a connection will be made to the configured IRC server instead. - - -`CAPTCHA captcha-response-code` will attempt to verify the client with recaptcha. If 'captcha-response-code' passes recaptcha verification then the clients IRC connection will be started. Otherwise, no IRC connection will be possible. - - -### Encoding / multilingual support -Websockets are required to use UTF-8 encoded messages otherwise the browser will close the connection. To support this, webircgateway will ensure that any messages sent from the IRCd are encoded into UTF-8 before sending them to the browser. - -If the IRC network uses an encoding other than UTF-8, the browser may send `ENCODING <encoding>` which will instruct webircgateway to automatically encode all messages to `<encoding>` before sending them to the IRC network, and decode messages back to UTF-8 before sending them to the browser. - -However, it is highly recommended to use UTF-8 for your network to simplify things! - - -### Security considerations -Allowing anybody to connect to your IRC network via the web can open you up to abuse. It is extremely easy for somebody to place code on a popular website that floods your network and with fake users to spam or harass users. - -Take special note of the `[allowed_origins]` section of the configuration file. If a client from example.com connects to your webircgateway server but example.com is not listed here, the client will be refused and will not be a threat to your network. - -If you are running an IRC network irc.network.org and you host your own webchat, you may want to list `*.network.org` here to only allow clients from your website to connect. - - -### Building and development -webircgateway is built using golang - v1.11 or later is required for Go modules support to automatically acquire dependencies! - -https://golang.org/dl/ - -To download the source: - -```console -git clone https://github.com/kiwiirc/webircgateway.git && cd webircgateway -``` - -To update your existing source: - -```console -git pull -``` - -Building from source: - -```console -go build -``` - -### Running -Once compiled and you have a config file set, run `./webircgateway --config=config.conf` to start the gateway server. You may reload the configuration file without restarting the server (no downtime!) by sending SIGHUP to the process, `kill -1 <pid of webircgateway>`. Note that this does not restart any listening servers, a restart is needed for this. - -### Configuration location -By default the configuration file is looked for in the current directly, ./config.conf. Use the --config parameter to specify a different location. - -You may also use a shell command to load your config by prefixing the config option with `$` like so: `--config="$ curl http://example.com/config.conf"`. Great if you want to remotely include a config file or load it from a service like etcd. - -Note: All filenames within the configuration file are relative to the configuration file itself unless the filename starts with "/" which makes it an absolute path. - - -### Recommendations -To ensure web clients can connect to your network and to try keep some consistency between networks: - -1. Run the webircgateway server over HTTPS. Without it, clients running on HTTPS pages may be blocked from connecting by their browser. You can use https://letsencrypt.org/ for a free signed certificate. -2. Stick to the default engine paths (eg. /webirc/websocket/) and standard web ports (80, 443 for HTTPS) so that clients will know where to connect to. -3. Configure WEBIRC for your IRC servers. This will show the users correct hostname on your network so that bans work. -4. Treat IRC connections made from webircgateway the same as any other IRC connection. Ban evasion and other difficulties arise when networks change web users hostnames / idents. If you must, try setting the users realname field instead. -5. If your network uses `irc.network.org`, use `ws.network.org` to point to your webircgateway. -6. Disable identd lookups for webircgateway clients. There are no benefits and will only slow the connection down. - - -### License -~~~ - Copyright 2017 Kiwi IRC - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -~~~ diff --git a/webircgateway/config.conf.example b/webircgateway/config.conf.example deleted file mode 100644 index ec0f65f..0000000 --- a/webircgateway/config.conf.example +++ /dev/null @@ -1,135 +0,0 @@ -# 1 = Debug; 2 = Info; 3 = Warn; -logLevel = 3 - -# Enable the built in identd server (listens on port 113) -identd = false - -# The name of this gateway as reported in WEBIRC to IRC servers -gateway_name = "webircgateway" - -# A secret string used for generating client JWT tokens. Do not share this! -secret = "" - -# Send the server a quit message when the client is closed -# Comment out to disable -send_quit_on_client_close = "Client closed" - -[verify] -recaptcha_url = "https://www.google.com/recaptcha/api/siteverify" -#recaptcha_url = "https://hcaptcha.com/siteverify" -recaptcha_secret = "" -recaptcha_key = "" - -# If required, a client must always pass a captcha challenge before making an IRC connection -required = false - -[clients] -# Default username / realname for IRC connections. If disabled it will use -# the values provided from the IRC client itself. -# %a will be replaced with the users ip address -# %h will be replaced with the users hostname -# %i will be replaced with a hexed value of the users IP -# %n will be replaced with the client provided nick -#username = "%i" -#realname = "I am a webchat user" - -# This hostname value will only be used when using a WEBIRC password -#hostname = "%h" - -# The websocket / http server -[server.1] -bind = "0.0.0.0" -port = 80 - -# Example TLS server -#[server.2] -#bind = "0.0.0.0" -#port = 443 -#tls = true -#cert = server.crt -#key = server.key -# If you don't have a certificate, uncomment the below line to automatically generate a -# free certificate using letsencrypt.com (overrides the above cert/key options). This requires -# a server running on port 80 to initially generate the certificate. -#letsencrypt_cache = ./certs - -# Example unix socket server -#[server.3] -#bind = unix:/tmp/webircgateway.sock -#bind_mode = 0777 - -# Serve static files from a web root folder. -# Optional, but handy for serving the Kiwi IRC client if no other webserver is available -[fileserving] -enabled = false -webroot = www/ - -[transports] -websocket -sockjs -kiwiirc - -# Websites (hostnames) that are allowed to connect here -# No entries here will allow any website to connect. -# Origins do not include a trailing / after the host (and optional port) -[allowed_origins] -#"*://example.com" - -# If using a reverse proxy, it must be whitelisted for the client -# hostnames to be read correctly. In CIDR format. -# The user IPs are read from the standard X-Forwarded-For HTTP header -[reverse_proxies] -127.0.0.0/8 -10.0.0.0/8 -172.16.0.0/12 -192.168.0.0/16 -"::1/128" -"fd00::/8" - -# Connections will be sent to a random upstream -[upstream.1] -hostname = "irc.example.net" -port = 6667 -tls = false -# Connection timeout in seconds -timeout = 5 -# Throttle the lines being written by X per second -throttle = 2 -webirc = "" -serverpassword = "" -# Outgoing protocol, valid options: tcp, tcp4, tcp6, unix -# this can be used to force ipv4, ipv6 etc -protocol = tcp -# IP address of the local network interface to bind for outgoing connections -localaddr = "" - - -# A public gateway to any IRC network -# If enabled, Kiwi IRC clients may connect to any IRC network (or a whitelisted -# network below) through the kiwiirc engine -[gateway] -enabled = false -timeout = 5 -throttle = 2 -# Outgoing protocol, valid options: tcp, tcp4, tcp6 -protocol = tcp -# IP address of the local network interface to bind for outgoing connections -localaddr = "" - -# Whitelisted IRC networks while in public gateway mode -# If any networks are in this list then connections can only be made to these -[gateway.whitelist] -#irc.example.com -#*.example2.com - -[gateway.webirc] -irc.network.org = webirc_password -irc.network2.org = webirc_password - -[dnsbl] -# "verify" - if the client supports it, tell it to show a captcha -# "deny" - deny the connection entirely -action = verify - -[dnsbl.servers] -dnsbl.dronebl.org diff --git a/webircgateway/dockerstart.sh b/webircgateway/dockerstart.sh deleted file mode 100644 index 0d3d6dd..0000000 --- a/webircgateway/dockerstart.sh +++ /dev/null @@ -1,9 +0,0 @@ -sudo podman kill webircgw-c -sudo podman rm webircgw-c -sudo podman run -d \ - --name webircgw-c \ - -p 8180:8180 \ - -v ./conf:/conf \ - --restart=always \ - webircgw - diff --git a/webircgateway/go.mod b/webircgateway/go.mod deleted file mode 100644 index d8ed2c8..0000000 --- a/webircgateway/go.mod +++ /dev/null @@ -1,16 +0,0 @@ -module github.com/kiwiirc/webircgateway - -require ( - github.com/OneOfOne/xxhash v1.2.8 - github.com/gobwas/glob v0.2.3 - github.com/golang-jwt/jwt/v4 v4.5.0 - github.com/gorilla/websocket v1.5.0 - github.com/igm/sockjs-go/v3 v3.0.2 - github.com/orcaman/concurrent-map v1.0.0 - golang.org/x/crypto v0.11.0 - golang.org/x/net v0.12.0 - golang.org/x/time v0.3.0 - gopkg.in/ini.v1 v1.67.0 -) - -go 1.13 diff --git a/webircgateway/go.sum b/webircgateway/go.sum deleted file mode 100644 index a1a9957..0000000 --- a/webircgateway/go.sum +++ /dev/null @@ -1,89 +0,0 @@ -github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8= -github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q= -github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= -github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= -github.com/golang-jwt/jwt/v4 v4.4.3 h1:Hxl6lhQFj4AnOX6MLrsCb/+7tCj7DxP7VA+2rDIq5AU= -github.com/golang-jwt/jwt/v4 v4.4.3/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= -github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= -github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= -github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= -github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= -github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= -github.com/igm/sockjs-go/v3 v3.0.2 h1:2m0k53w0DBiGozeQUIEPR6snZFmpFpYvVsGnfLPNXbE= -github.com/igm/sockjs-go/v3 v3.0.2/go.mod h1:UqchsOjeagIBFHvd+RZpLaVRbCwGilEC08EDHsD1jYE= -github.com/orcaman/concurrent-map v1.0.0 h1:I/2A2XPCb4IuQWcQhBhSwGfiuybl/J0ev9HDbW65HOY= -github.com/orcaman/concurrent-map v1.0.0/go.mod h1:Lu3tH6HLW3feq74c2GC+jIMS/K2CFcDWnWD9XkenwhI= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4= -github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.4.0 h1:UVQgzMY87xqpKNgb+kDsll2Igd33HszWHFLmpaRMq/8= -golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80= -golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM= -golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= -golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA= -golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= -golang.org/x/net v0.4.0 h1:Q5QPcMlvfxFTAPV0+07Xz/MpK9NTXu2VDUuy0FeMfaU= -golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= -golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU= -golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= -golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50= -golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= -golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= -golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= -golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM= -golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58= -golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4= -golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= -golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= -gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/webircgateway/main.go b/webircgateway/main.go deleted file mode 100644 index efd812b..0000000 --- a/webircgateway/main.go +++ /dev/null @@ -1,118 +0,0 @@ -package main - -import ( - "flag" - "fmt" - "log" - "os" - "os/signal" - "plugin" - "sync" - "syscall" - - "github.com/kiwiirc/webircgateway/pkg/webircgateway" -) - -var VERSION = "1.1.0" -var GITCOMMIT = "-" -var BUILTWITHGO = "-" - -func init() { - webircgateway.Version = VERSION -} - -func main() { - printVersion := flag.Bool("version", false, "Print the version") - configFile := flag.String("config", "config.conf", "Config file location") - startSection := flag.String("run", "gateway", "What type of server to run") - flag.Parse() - - if *printVersion { - fmt.Printf("Version: %s\n", webircgateway.Version) - fmt.Printf("Git commit: %s\n", GITCOMMIT) - fmt.Printf("Built with Go version: %s\n", BUILTWITHGO) - os.Exit(0) - } - - if *startSection != "gateway" && *startSection != "proxy" { - fmt.Println("-run can either be 'gateway' or 'proxy'") - os.Exit(1) - } - - runGateway(*configFile, *startSection) -} - -func runGateway(configFile string, function string) { - gateway := webircgateway.NewGateway(function) - - log.SetFlags(log.Flags() | log.Lmicroseconds) - - // Print any webircgateway logout to STDOUT - go printLogOutput(gateway) - - // Listen for process signals - go watchForSignals(gateway) - - gateway.Config.SetConfigFile(configFile) - log.Printf("Using config %s", gateway.Config.CurrentConfigFile()) - - configErr := gateway.Config.Load() - if configErr != nil { - log.Printf("Config file error: %s", configErr.Error()) - os.Exit(1) - } - - pluginsQuit := &sync.WaitGroup{} - loadPlugins(gateway, pluginsQuit) - - gateway.Start() - - pluginsQuit.Wait() - gateway.WaitClose() -} - -func watchForSignals(gateway *webircgateway.Gateway) { - c := make(chan os.Signal, 1) - signal.Notify(c, syscall.SIGHUP, syscall.SIGINT) - - for { - switch sig := <-c; sig { - case syscall.SIGINT: - fmt.Println("Received SIGINT, shutting down webircgateway") - gateway.Close() - case syscall.SIGHUP: - fmt.Println("Recieved SIGHUP, reloading config file") - gateway.Config.Load() - } - } -} - -func printLogOutput(gateway *webircgateway.Gateway) { - for { - line, _ := <-gateway.LogOutput - log.Println(line) - } -} - -func loadPlugins(gateway *webircgateway.Gateway, pluginsQuit *sync.WaitGroup) { - for _, pluginPath := range gateway.Config.Plugins { - pluginFullPath := gateway.Config.ResolvePath(pluginPath) - - gateway.Log(2, "Loading plugin "+pluginFullPath) - p, err := plugin.Open(pluginFullPath) - if err != nil { - gateway.Log(3, "Error loading plugin: "+err.Error()) - continue - } - - startSymbol, err := p.Lookup("Start") - if err != nil { - gateway.Log(3, "Plugin does not export a Start function! (%s)", pluginFullPath) - continue - } - - startFunc := startSymbol.(func(*webircgateway.Gateway, *sync.WaitGroup)) - pluginsQuit.Add(1) - startFunc(gateway, pluginsQuit) - } -} diff --git a/webircgateway/pkg/dnsbl/dnsbl.go b/webircgateway/pkg/dnsbl/dnsbl.go deleted file mode 100644 index 318102e..0000000 --- a/webircgateway/pkg/dnsbl/dnsbl.go +++ /dev/null @@ -1,121 +0,0 @@ -package dnsbl - -import ( - "encoding/hex" - "fmt" - "net" - "strings" -) - -type ResultList struct { - Listed bool - Results []Result -} - -/* -Result holds the individual IP lookup results for each RBL search -*/ -type Result struct { - // Blacklist is the DNSBL server that gave this result - Blacklist string - // Address is the IP address that was searched - Address string - // Listed indicates whether or not the IP was on the RBL - Listed bool - // RBL lists sometimes add extra information as a TXT record - // if any info is present, it will be stored here. - Text string - // Error represents any error that was encountered (DNS timeout, host not - // found, etc.) if any - Error bool - // ErrorType is the type of error encountered if any - ErrorType error -} - -/* -Convert an IP to a hostname ready for a dnsbl lookup -127.0.0.1 becomes 1.0.0.127 -1234:1234:1234:1234:1234:1234:1234:1234 becomes 4.3.2.1.4.3.2.1.4.3.2.1.4.3.2.1.4.3.2.1.4.3.2.1.4.3.2.1.4.3.2.1 -*/ -func toDnsBlHostname(ip net.IP) string { - if ip.To4() != nil { - // IPv4 - // Reverse the complete octects - splitAddress := strings.Split(ip.String(), ".") - for i, j := 0, len(splitAddress)-1; i < len(splitAddress)/2; i, j = i+1, j-1 { - splitAddress[i], splitAddress[j] = splitAddress[j], splitAddress[i] - } - - return strings.Join(splitAddress, ".") - } - - // IPv6 - // Remove all : from a full expanded address, then reverse all the hex characters - ipv6Str := expandIPv6(ip) - addrHexStr := strings.ReplaceAll(ipv6Str, ":", "") - chars := []rune(addrHexStr) - for i, j := 0, len(chars)-1; i < j; i, j = i+1, j-1 { - chars[i], chars[j] = chars[j], chars[i] - } - - return strings.Join(strings.Split(string(chars), ""), ".") -} - -func expandIPv6(ip net.IP) string { - dst := make([]byte, hex.EncodedLen(len(ip))) - _ = hex.Encode(dst, ip) - return string(dst[0:4]) + ":" + - string(dst[4:8]) + ":" + - string(dst[8:12]) + ":" + - string(dst[12:16]) + ":" + - string(dst[16:20]) + ":" + - string(dst[20:24]) + ":" + - string(dst[24:28]) + ":" + - string(dst[28:]) -} - -func query(rbl string, host string, r *Result) { - r.Listed = false - - lookup := fmt.Sprintf("%s.%s", host, rbl) - res, err := net.LookupHost(lookup) - - if len(res) > 0 { - r.Listed = true - txt, _ := net.LookupTXT(lookup) - if len(txt) > 0 { - r.Text = txt[0] - } - } - if err != nil { - r.Error = true - r.ErrorType = err - } - - return -} - -func Lookup(dnsblList []string, targetHost string) (r ResultList) { - ip, err := net.LookupIP(targetHost) - if err != nil { - return - } - - for _, dnsbl := range dnsblList { - for _, addr := range ip { - res := Result{} - res.Blacklist = dnsbl - res.Address = addr.String() - - addr := toDnsBlHostname(addr) - query(dnsbl, addr, &res) - r.Results = append(r.Results, res) - - if res.Listed { - r.Listed = true - } - } - } - - return -} diff --git a/webircgateway/pkg/identd/identd.go b/webircgateway/pkg/identd/identd.go deleted file mode 100644 index 9a84d76..0000000 --- a/webircgateway/pkg/identd/identd.go +++ /dev/null @@ -1,86 +0,0 @@ -package identd - -import ( - "fmt" - "net" - "net/textproto" - "strings" - "sync" -) - -// Server - An IdentD server -type Server struct { - Entries map[string]string - EntriesLock sync.Mutex -} - -// NewIdentdServer - Create a new IdentdServer instance -func NewIdentdServer() Server { - return Server{ - Entries: make(map[string]string), - } -} - -// AddIdent - Add an ident to be looked up -func (i *Server) AddIdent(localPort, remotePort int, ident string, iface string) { - i.EntriesLock.Lock() - i.Entries[fmt.Sprintf("%d-%d", localPort, remotePort)] = ident - i.EntriesLock.Unlock() -} - -// RemoveIdent - Remove an ident from being looked up -func (i *Server) RemoveIdent(localPort, remotePort int, iface string) { - i.EntriesLock.Lock() - delete(i.Entries, fmt.Sprintf("%d-%d", localPort, remotePort)) - i.EntriesLock.Unlock() -} - -// Run - Start listening for ident lookups -func (i *Server) Run() error { - serv, err := net.Listen("tcp", ":113") - if err != nil { - return err - } - - go i.ListenForRequests(&serv) - return nil -} - -// ListenForRequests - Listen on a net.Listener for ident lookups -func (i *Server) ListenForRequests(serverSocket *net.Listener) { - for { - serv := *serverSocket - client, err := serv.Accept() - if err != nil { - break - } - - go func(conn net.Conn) { - tc := textproto.NewConn(conn) - - line, err := tc.ReadLine() - if err != nil { - conn.Close() - return - } - - // Remove all spaces, some servers like to send "%d , %d" but the spec examples use "%d, %d" - line = strings.ReplaceAll(line, " ", "") - - var localPort, remotePort int - fmt.Sscanf(line, "%d,%d", &localPort, &remotePort) - if localPort > 0 && remotePort > 0 { - i.EntriesLock.Lock() - ident, ok := i.Entries[fmt.Sprintf("%d-%d", localPort, remotePort)] - i.EntriesLock.Unlock() - if !ok { - fmt.Fprintf(conn, "%d, %d : ERROR : NO-USER\r\n", localPort, remotePort) - } else { - fmt.Fprintf(conn, "%d, %d : USERID : UNIX : %s\r\n", localPort, remotePort, ident) - } - } - - conn.Close() - }(client) - } -} diff --git a/webircgateway/pkg/identd/rpcclient.go b/webircgateway/pkg/identd/rpcclient.go deleted file mode 100644 index 37aec3e..0000000 --- a/webircgateway/pkg/identd/rpcclient.go +++ /dev/null @@ -1,59 +0,0 @@ -package identd - -import "net" -import "fmt" -import "time" - -func MakeRpcClient(appName string) *RpcClient { - return &RpcClient{AppName: appName} -} - -type RpcClient struct { - AppName string - Conn *net.Conn -} - -func (rpc *RpcClient) ConnectAndReconnect(serverAddress string) { - for { - if rpc.Conn == nil { - println("Connecting to identd RPC...") - rpc.Connect(serverAddress) - } - - time.Sleep(time.Second * 3) - } -} - -func (rpc *RpcClient) Connect(serverAddress string) error { - conn, err := net.Dial("tcp", serverAddress) - if err != nil { - return err - } - - rpc.Conn = &conn - rpc.Write("id " + rpc.AppName) - - return nil -} - -func (rpc *RpcClient) Write(line string) error { - if rpc.Conn == nil { - return fmt.Errorf("not connected") - } - - conn := *rpc.Conn - _, err := conn.Write([]byte(line + "\n")) - if err != nil { - rpc.Conn = nil - conn.Close() - } - return err -} - -func (rpc *RpcClient) AddIdent(lport int, rport int, username string, iface string) { - rpc.Write(fmt.Sprintf("add %s %d %d %s", username, lport, rport, iface)) -} - -func (rpc *RpcClient) RemoveIdent(lport int, rport int, username string, iface string) { - rpc.Write(fmt.Sprintf("del %d %d %s", lport, rport, iface)) -} diff --git a/webircgateway/pkg/irc/isupport.go b/webircgateway/pkg/irc/isupport.go deleted file mode 100644 index fdb7bee..0000000 --- a/webircgateway/pkg/irc/isupport.go +++ /dev/null @@ -1,56 +0,0 @@ -package irc - -import ( - "strings" - "sync" -) - -type ISupport struct { - Received bool - Injected bool - Tags map[string]string - tokens map[string]string - tokensMutex sync.RWMutex -} - -func (m *ISupport) ClearTokens() { - m.tokensMutex.Lock() - m.tokens = make(map[string]string) - m.tokensMutex.Unlock() -} - -func (m *ISupport) AddToken(tokenPair string) { - m.tokensMutex.Lock() - m.addToken(tokenPair) - m.tokensMutex.Unlock() -} - -func (m *ISupport) AddTokens(tokenPairs []string) { - m.tokensMutex.Lock() - for _, tp := range tokenPairs { - m.addToken(tp) - } - m.tokensMutex.Unlock() -} - -func (m *ISupport) HasToken(key string) (ok bool) { - m.tokensMutex.RLock() - _, ok = m.tokens[strings.ToUpper(key)] - m.tokensMutex.RUnlock() - return -} - -func (m *ISupport) GetToken(key string) (val string) { - m.tokensMutex.RLock() - val = m.tokens[strings.ToUpper(key)] - m.tokensMutex.RUnlock() - return -} - -func (m *ISupport) addToken(tokenPair string) { - kv := strings.Split(tokenPair, "=") - if len(kv) == 1 { - kv = append(kv, "") - } - m.tokens[strings.ToUpper(kv[0])] = kv[1] -} diff --git a/webircgateway/pkg/irc/message.go b/webircgateway/pkg/irc/message.go deleted file mode 100644 index 18477d6..0000000 --- a/webircgateway/pkg/irc/message.go +++ /dev/null @@ -1,217 +0,0 @@ -package irc - -import ( - "errors" - "strings" -) - -type Mask struct { - Nick string - Username string - Hostname string - Mask string -} -type Message struct { - Raw string - Tags map[string]string - Prefix *Mask - Command string - Params []string -} - -func NewMessage() *Message { - return &Message{ - Tags: make(map[string]string), - Prefix: &Mask{}, - } -} - -// GetParam - Get a param value, returning a default value if it doesn't exist -func (m *Message) GetParam(idx int, def string) string { - if idx < 0 || idx > len(m.Params)-1 { - return def - } - - return m.Params[idx] -} - -// GetParamU - Get a param value in uppercase, returning a default value if it doesn't exist -func (m *Message) GetParamU(idx int, def string) string { - return strings.ToUpper(m.GetParam(idx, def)) -} - -// ToLine - Convert the Message struct to its raw IRC line -func (m *Message) ToLine() string { - line := "" - - if len(m.Tags) > 0 { - line += "@" - tagCount := 0 - for tagName, tagVal := range m.Tags { - tagCount++ - line += tagName - if tagVal != "" { - line += "=" + tagVal - } - if tagCount < len(m.Tags) { - line += ";" - } - } - } - - if m.Prefix != nil && (m.Prefix.Nick != "" || m.Prefix.Username != "" || m.Prefix.Hostname != "") { - prefix := "" - - if m.Prefix.Nick != "" { - prefix += m.Prefix.Nick - } - - if m.Prefix.Username != "" && m.Prefix.Nick != "" { - prefix += "!" + m.Prefix.Username - } else if m.Prefix.Username != "" { - prefix += m.Prefix.Username - } - - if m.Prefix.Hostname != "" && prefix != "" { - prefix += "@" + m.Prefix.Username - } else if m.Prefix.Hostname != "" { - prefix += m.Prefix.Hostname - } - - if line != "" { - line += " :" + prefix - } else { - line += ":" + prefix - } - } - - if line != "" { - line += " " + m.Command - } else { - line += m.Command - } - - paramLen := len(m.Params) - for idx, param := range m.Params { - if idx == paramLen-1 && (strings.Contains(param, " ") || strings.HasPrefix(param, ":")) { - line += " :" + param - } else { - line += " " + param - } - } - - return line -} - -func createMask(maskStr string) *Mask { - mask := &Mask{ - Mask: maskStr, - } - - usernameStart := strings.Index(maskStr, "!") - hostStart := strings.Index(maskStr, "@") - - if usernameStart == -1 && hostStart == -1 { - mask.Nick = maskStr - } else if usernameStart > -1 && hostStart > -1 { - mask.Nick = maskStr[0:usernameStart] - mask.Username = maskStr[usernameStart+1 : hostStart] - mask.Hostname = maskStr[hostStart+1:] - } else if usernameStart > -1 && hostStart == -1 { - mask.Nick = maskStr[0:usernameStart] - mask.Username = maskStr[usernameStart+1:] - } else if usernameStart == -1 && hostStart > -1 { - mask.Username = maskStr[0:hostStart] - mask.Hostname = maskStr[hostStart+1:] - } - - return mask -} - -// ParseLine - Turn a raw IRC line into a message -func ParseLine(input string) (*Message, error) { - line := strings.Trim(input, "\r\n") - - message := NewMessage() - message.Raw = line - - token := "" - rest := "" - - token, rest = nextToken(line, false) - if token == "" { - return message, errors.New("Empty line") - } - - // Tags. Starts with "@" - if token[0] == 64 { - tagsRaw := token[1:] - tags := strings.Split(tagsRaw, ";") - for _, tag := range tags { - parts := strings.Split(tag, "=") - if len(parts) > 0 && parts[0] == "" { - continue - } - - if len(parts) == 1 { - message.Tags[parts[0]] = "" - } else { - message.Tags[parts[0]] = parts[1] - } - } - - token, rest = nextToken(rest, false) - } - - // Prefix. Starts with ":" - if token != "" && token[0] == 58 { - message.Prefix = createMask(token[1:]) - token, rest = nextToken(rest, false) - } else { - message.Prefix = createMask("") - } - - // Command - if token == "" { - return message, errors.New("Missing command") - } - - message.Command = token - - // Params - for { - token, rest = nextToken(rest, true) - if token == "" { - break - } - - message.Params = append(message.Params, token) - } - - return message, nil -} - -func nextToken(s string, allowTrailing bool) (string, string) { - s = strings.TrimLeft(s, " ") - - if len(s) == 0 { - return "", "" - } - - // The last token (trailing) start with : - if allowTrailing && s[0] == 58 { - return s[1:], "" - } - - token := "" - spaceIdx := strings.Index(s, " ") - if spaceIdx > -1 { - token = s[:spaceIdx] - s = s[spaceIdx+1:] - } else { - token = s - s = "" - } - - return token, s -} diff --git a/webircgateway/pkg/irc/state.go b/webircgateway/pkg/irc/state.go deleted file mode 100644 index 69480fc..0000000 --- a/webircgateway/pkg/irc/state.go +++ /dev/null @@ -1,79 +0,0 @@ -package irc - -import ( - "strings" - "sync" - "time" -) - -type State struct { - LocalPort int - RemotePort int - Username string - Nick string - RealName string - Password string - Account string - Modes map[string]string - - channelsMutex sync.Mutex - Channels map[string]*StateChannel - ISupport *ISupport -} - -type StateChannel struct { - Name string - Modes map[string]string - Joined time.Time -} - -func NewState() *State { - return &State{ - Channels: make(map[string]*StateChannel), - ISupport: &ISupport{ - tokens: make(map[string]string), - }, - } -} - -func NewStateChannel(name string) *StateChannel { - return &StateChannel{ - Name: name, - Modes: make(map[string]string), - Joined: time.Now(), - } -} - -func (m *State) HasChannel(name string) (ok bool) { - m.channelsMutex.Lock() - _, ok = m.Channels[strings.ToLower(name)] - m.channelsMutex.Unlock() - return -} - -func (m *State) GetChannel(name string) (channel *StateChannel) { - m.channelsMutex.Lock() - channel = m.Channels[strings.ToLower(name)] - m.channelsMutex.Unlock() - return -} - -func (m *State) SetChannel(channel *StateChannel) { - m.channelsMutex.Lock() - m.Channels[strings.ToLower(channel.Name)] = channel - m.channelsMutex.Unlock() -} - -func (m *State) RemoveChannel(name string) { - m.channelsMutex.Lock() - delete(m.Channels, strings.ToLower(name)) - m.channelsMutex.Unlock() -} - -func (m *State) ClearChannels() { - m.channelsMutex.Lock() - for i := range m.Channels { - delete(m.Channels, i) - } - m.channelsMutex.Unlock() -} diff --git a/webircgateway/pkg/proxy/proxy.go b/webircgateway/pkg/proxy/proxy.go deleted file mode 100644 index c332f40..0000000 --- a/webircgateway/pkg/proxy/proxy.go +++ /dev/null @@ -1,129 +0,0 @@ -package proxy - -import ( - "encoding/json" - "errors" - "io" - "net" -) - -type KiwiProxyState int - -const KiwiProxyStateClosed KiwiProxyState = 0 -const KiwiProxyStateConnecting KiwiProxyState = 1 -const KiwiProxyStateHandshaking KiwiProxyState = 2 -const KiwiProxyStateConnected KiwiProxyState = 3 - -type ConnError struct { - Msg string - Type string -} - -func (err *ConnError) Error() string { - return err.Msg -} - -type KiwiProxyConnection struct { - Username string - ProxyInterface string - DestHost string - DestPort int - DestTLS bool - State KiwiProxyState - Conn *net.Conn -} - -func MakeKiwiProxyConnection() *KiwiProxyConnection { - return &KiwiProxyConnection{ - State: KiwiProxyStateClosed, - } -} - -func (c *KiwiProxyConnection) Close() error { - if c.State == KiwiProxyStateClosed { - return errors.New("Connection already closed") - } - - return (*c.Conn).Close() -} - -func (c *KiwiProxyConnection) Dial(proxyServerAddr string) error { - if c.State != KiwiProxyStateClosed { - return errors.New("Connection in closed state") - } - - c.State = KiwiProxyStateConnecting - - conn, err := net.Dial("tcp", proxyServerAddr) - if err != nil { - return err - } - - c.Conn = &conn - c.State = KiwiProxyStateHandshaking - - meta, _ := json.Marshal(map[string]interface{}{ - "username": c.Username, - "interface": c.ProxyInterface, - "host": c.DestHost, - "port": c.DestPort, - "ssl": c.DestTLS, - }) - - (*c.Conn).Write(append(meta, byte('\n'))) - - buf := make([]byte, 1024) - bufLen, readErr := (*c.Conn).Read(buf) - if readErr != nil { - (*c.Conn).Close() - c.State = KiwiProxyStateClosed - return readErr - } - - response := string(buf) - if bufLen > 0 && response[0] == '1' { - c.State = KiwiProxyStateConnected - } else { - (*c.Conn).Close() - c.State = KiwiProxyStateClosed - - if bufLen == 0 { - return errors.New("The proxy could not connect to the destination") - } - - switch response[0] { - case '0': - return errors.New("The proxy could not connect to the destination") - case '2': - return &ConnError{Msg: "Connection reset", Type: "conn_reset"} - case '3': - return &ConnError{Msg: "Connection refused", Type: "conn_refused"} - case '4': - return &ConnError{Msg: "Host not found", Type: "not_found"} - case '5': - return &ConnError{Msg: "Connection timed out", Type: "conn_timeout"} - } - } - - return nil -} - -func (c *KiwiProxyConnection) Read(b []byte) (n int, err error) { - if c.State == KiwiProxyStateConnecting || c.State == KiwiProxyStateHandshaking { - return 0, nil - } else if c.State == KiwiProxyStateClosed { - return 0, io.EOF - } else { - return (*c.Conn).Read(b) - } -} - -func (c *KiwiProxyConnection) Write(b []byte) (n int, err error) { - if c.State == KiwiProxyStateConnecting || c.State == KiwiProxyStateHandshaking { - return 0, nil - } else if c.State == KiwiProxyStateClosed { - return 0, io.EOF - } else { - return (*c.Conn).Write(b) - } -} diff --git a/webircgateway/pkg/proxy/server.go b/webircgateway/pkg/proxy/server.go deleted file mode 100644 index 7e3f62f..0000000 --- a/webircgateway/pkg/proxy/server.go +++ /dev/null @@ -1,237 +0,0 @@ -package proxy - -import ( - "bufio" - "crypto/tls" - "encoding/json" - "fmt" - "io" - "log" - "net" - "strconv" - "sync" - "syscall" - "time" - - "github.com/kiwiirc/webircgateway/pkg/identd" -) - -const ( - ResponseError = "0" - ResponseOK = "1" - ResponseReset = "2" - ResponseRefused = "3" - ResponseUnknownHost = "4" - ResponseTimeout = "5" -) - -var identdRpc *identd.RpcClient -var Server net.Listener - -type HandshakeMeta struct { - Host string `json:"host"` - Port int `json:"port"` - TLS bool `json:"ssl"` - Username string `json:"username"` - Interface string `json:"interface"` -} - -func MakeClient(conn net.Conn) *Client { - return &Client{ - Client: conn, - } -} - -type Client struct { - Client net.Conn - Upstream net.Conn - UpstreamAddr *net.TCPAddr - Username string - BindAddr *net.TCPAddr - TLS bool -} - -func (c *Client) Run() { - var err error - - err = c.Handshake() - if err != nil { - log.Println(err.Error()) - return - } - - err = c.ConnectUpstream() - if err != nil { - log.Println(err.Error()) - return - } - - c.Pipe() -} - -func (c *Client) Handshake() error { - // Read the first line - it should be JSON - reader := bufio.NewReader(c.Client) - line, readErr := reader.ReadBytes('\n') - if readErr != nil { - return readErr - } - - var meta = HandshakeMeta{ - Username: "user", - Port: 6667, - Interface: "0.0.0.0", - } - unmarshalErr := json.Unmarshal(line, &meta) - if unmarshalErr != nil { - c.Client.Write([]byte(ResponseError)) - return unmarshalErr - } - - if meta.Host == "" || meta.Port == 0 || meta.Username == "" || meta.Interface == "" { - c.Client.Write([]byte(ResponseError)) - return fmt.Errorf("missing args") - } - - c.Username = meta.Username - c.TLS = meta.TLS - - bindAddr, bindAddrErr := net.ResolveTCPAddr("tcp", meta.Interface+":") - if bindAddrErr != nil { - c.Client.Write([]byte(ResponseError)) - return fmt.Errorf("interface: " + bindAddrErr.Error()) - } - c.BindAddr = bindAddr - - hostStr := net.JoinHostPort(meta.Host, strconv.Itoa(meta.Port)) - addr, addrErr := net.ResolveTCPAddr("tcp", hostStr) - if addrErr != nil { - c.Client.Write([]byte(ResponseUnknownHost)) - return fmt.Errorf("remote host: " + addrErr.Error()) - } - c.UpstreamAddr = addr - - return nil -} - -func (c *Client) ConnectUpstream() error { - dialer := &net.Dialer{} - dialer.LocalAddr = c.BindAddr - dialer.Timeout = time.Second * 10 - - conn, err := dialer.Dial("tcp", c.UpstreamAddr.String()) - if err != nil { - response := "" - errType := typeOfErr(err) - switch errType { - case "timeout": - response = ResponseTimeout - case "unknown_host": - response = ResponseUnknownHost - case "refused": - response = ResponseRefused - } - - c.Client.Write([]byte(response)) - return err - } - - if identdRpc != nil { - lAddr, lPortStr, _ := net.SplitHostPort(conn.LocalAddr().String()) - lPort, _ := strconv.Atoi(lPortStr) - identdRpc.AddIdent(lPort, c.UpstreamAddr.Port, c.Username, lAddr) - } - - if c.TLS { - tlsConfig := &tls.Config{InsecureSkipVerify: true} - tlsConn := tls.Client(conn, tlsConfig) - err := tlsConn.Handshake() - if err != nil { - conn.Close() - c.Client.Write([]byte(ResponseReset)) - return err - } - - conn = net.Conn(tlsConn) - } - - c.Upstream = conn - c.Client.Write([]byte(ResponseOK)) - return nil -} - -func (c *Client) Pipe() { - wg := sync.WaitGroup{} - wg.Add(2) - - go func() { - io.Copy(c.Client, c.Upstream) - c.Client.Close() - wg.Done() - }() - - go func() { - io.Copy(c.Upstream, c.Client) - c.Upstream.Close() - wg.Done() - }() - - wg.Wait() - - if identdRpc != nil { - lAddr, lPortStr, _ := net.SplitHostPort(c.Upstream.LocalAddr().String()) - lPort, _ := strconv.Atoi(lPortStr) - identdRpc.RemoveIdent(lPort, c.UpstreamAddr.Port, c.Username, lAddr) - } -} - -func Start(laddr string) { - srv, err := net.Listen("tcp", laddr) - if err != nil { - log.Fatal(err.Error()) - } - - // Expose the server - Server = srv - log.Printf("Kiwi proxy listening on %s", srv.Addr().String()) - - identdRpc = identd.MakeRpcClient("kiwiproxy" + laddr) - go identdRpc.ConnectAndReconnect("127.0.0.1:1133") - - for { - conn, err := srv.Accept() - if err != nil { - log.Print(err.Error()) - break - } - - c := MakeClient(conn) - go c.Run() - } -} - -func typeOfErr(err error) string { - if err == nil { - return "" - } - - if netError, ok := err.(net.Error); ok && netError.Timeout() { - return "timeout" - } - - switch t := err.(type) { - case *net.OpError: - if t.Op == "dial" { - return "unknown_host" - } else if t.Op == "read" { - return "refused" - } - - case syscall.Errno: - if t == syscall.ECONNREFUSED { - return "refused" - } - } - - return "" -} diff --git a/webircgateway/pkg/recaptcha/recaptcha.go b/webircgateway/pkg/recaptcha/recaptcha.go deleted file mode 100644 index 2d602fc..0000000 --- a/webircgateway/pkg/recaptcha/recaptcha.go +++ /dev/null @@ -1,59 +0,0 @@ -// Google re-captcha package tweaked from http://github.com/haisum/recaptcha - -package recaptcha - -import ( - "encoding/json" - "io/ioutil" - "net/http" - "net/url" - "time" -) - -// R type represents an object of Recaptcha and has public property Secret, -// which is secret obtained from google recaptcha tool admin interface -type R struct { - URL string - Secret string - lastError []string -} - -// Struct for parsing json in google's response -type googleResponse struct { - Success bool - ErrorCodes []string `json:"error-codes"` -} - -// VerifyResponse is a method similar to `Verify`; but doesn't parse the form for you. Useful if -// you're receiving the data as a JSON object from a javascript app or similar. -func (r *R) VerifyResponse(response string) bool { - r.lastError = make([]string, 1) - client := &http.Client{Timeout: 20 * time.Second} - resp, err := client.PostForm(r.URL, - url.Values{"secret": {r.Secret}, "response": {response}}) - if err != nil { - r.lastError = append(r.lastError, err.Error()) - return false - } - defer resp.Body.Close() - body, err := ioutil.ReadAll(resp.Body) - if err != nil { - r.lastError = append(r.lastError, err.Error()) - return false - } - gr := new(googleResponse) - err = json.Unmarshal(body, gr) - if err != nil { - r.lastError = append(r.lastError, err.Error()) - return false - } - if !gr.Success { - r.lastError = append(r.lastError, gr.ErrorCodes...) - } - return gr.Success -} - -// LastError returns errors occurred in last re-captcha validation attempt -func (r R) LastError() []string { - return r.lastError -} diff --git a/webircgateway/pkg/webircgateway/client.go b/webircgateway/pkg/webircgateway/client.go deleted file mode 100644 index 43d3fe7..0000000 --- a/webircgateway/pkg/webircgateway/client.go +++ /dev/null @@ -1,741 +0,0 @@ -package webircgateway - -import ( - "bufio" - "crypto/tls" - "errors" - "fmt" - "io" - "net" - "runtime/debug" - "strconv" - "strings" - "sync" - "sync/atomic" - "syscall" - "time" - - "golang.org/x/time/rate" - - "github.com/kiwiirc/webircgateway/pkg/dnsbl" - "github.com/kiwiirc/webircgateway/pkg/irc" - "github.com/kiwiirc/webircgateway/pkg/proxy" -) - -const ( - // ClientStateIdle - Client connected and just sat there - ClientStateIdle = "idle" - // ClientStateConnecting - Connecting upstream - ClientStateConnecting = "connecting" - // ClientStateRegistering - Registering to the IRC network - ClientStateRegistering = "registering" - // ClientStateConnected - Connected upstream - ClientStateConnected = "connected" - // ClientStateEnding - Client is ending its connection - ClientStateEnding = "ending" -) - -type ClientSignal [3]string - -// Client - Connecting client struct -type Client struct { - Gateway *Gateway - Id uint64 - State string - EndWG sync.WaitGroup - shuttingDownLock sync.Mutex - shuttingDown bool - SeenQuit bool - Recv chan string - ThrottledRecv *ThrottledStringChannel - upstream io.ReadWriteCloser - UpstreamRecv chan string - UpstreamSend chan string - UpstreamStarted bool - UpstreamConfig *ConfigUpstream - RemoteAddr string - RemoteHostname string - RemotePort int - DestHost string - DestPort int - DestTLS bool - IrcState *irc.State - Encoding string - // Tags get passed upstream via the WEBIRC command - Tags map[string]string - // Captchas may be needed to verify a client - RequiresVerification bool - Verified bool - SentPass bool - // Signals for the transport to make use of (data, connection state, etc) - Signals chan ClientSignal - Features struct { - Messagetags bool - Metadata bool - ExtJwt bool - } - // The specific message-tags CAP that the client has requested if we are wrapping it - RequestedMessageTagsCap string - // Prefix used by the server when sending its own messages - ServerMessagePrefix irc.Mask -} - -var nextClientID uint64 = 1 - -// NewClient - Makes a new client -func NewClient(gateway *Gateway) *Client { - thisID := atomic.AddUint64(&nextClientID, 1) - - recv := make(chan string, 50) - c := &Client{ - Gateway: gateway, - Id: thisID, - State: ClientStateIdle, - Recv: recv, - ThrottledRecv: NewThrottledStringChannel(recv, rate.NewLimiter(rate.Inf, 1)), - UpstreamSend: make(chan string, 50), - UpstreamRecv: make(chan string, 50), - Encoding: "UTF-8", - Signals: make(chan ClientSignal, 50), - Tags: make(map[string]string), - IrcState: irc.NewState(), - UpstreamConfig: &ConfigUpstream{}, - } - - // Auto enable some features by default. They may be disabled later on - c.Features.ExtJwt = true - - c.RequiresVerification = gateway.Config.RequiresVerification - - // Handles data to/from the client and upstreams - go c.clientLineWorker() - - // This Add(1) will be ended once the client starts shutting down in StartShutdown() - c.EndWG.Add(1) - - // Add to the clients maps and wait until everything has been marked - // as completed (several routines add themselves to EndWG so that we can catch - // when they are all completed) - gateway.Clients.Set(strconv.FormatUint(c.Id, 10), c) - go func() { - c.EndWG.Wait() - gateway.Clients.Remove(strconv.FormatUint(c.Id, 10)) - - hook := &HookClientState{ - Client: c, - Connected: false, - } - hook.Dispatch("client.state") - }() - - hook := &HookClientState{ - Client: c, - Connected: true, - } - hook.Dispatch("client.state") - - return c -} - -// Log - Log a line of text with context of this client -func (c *Client) Log(level int, format string, args ...interface{}) { - prefix := fmt.Sprintf("client:%d ", c.Id) - c.Gateway.Log(level, prefix+format, args...) -} - -// TrafficLog - Log out raw IRC traffic -func (c *Client) TrafficLog(isUpstream bool, toGateway bool, traffic string) { - label := "" - if isUpstream && toGateway { - label = "Upstream->" - } else if isUpstream && !toGateway { - label = "->Upstream" - } else if !isUpstream && toGateway { - label = "Client->" - } else if !isUpstream && !toGateway { - label = "->Client" - } - c.Log(1, "Traffic (%s) %s", label, traffic) -} - -func (c *Client) Ready() { - dnsblAction := c.Gateway.Config.DnsblAction - validAction := dnsblAction == "verify" || dnsblAction == "deny" - dnsblTookAction := "" - - if len(c.Gateway.Config.DnsblServers) > 0 && c.RemoteAddr != "" && !c.Verified && validAction { - dnsblTookAction = c.checkDnsBl() - } - - if dnsblTookAction == "" && c.Gateway.Config.RequiresVerification && !c.Verified { - c.SendClientSignal("data", "CAPTCHA NEEDED") - } -} - -func (c *Client) checkDnsBl() (tookAction string) { - dnsResult := dnsbl.Lookup(c.Gateway.Config.DnsblServers, c.RemoteAddr) - if dnsResult.Listed && c.Gateway.Config.DnsblAction == "deny" { - c.SendIrcError("Blocked by DNSBL") - c.SendClientSignal("state", "closed", "dnsbl_listed") - c.StartShutdown("dnsbl") - tookAction = "deny" - } else if dnsResult.Listed && c.Gateway.Config.DnsblAction == "verify" { - c.RequiresVerification = true - c.SendClientSignal("data", "CAPTCHA NEEDED") - tookAction = "verify" - } - - return -} - -func (c *Client) IsShuttingDown() bool { - c.shuttingDownLock.Lock() - defer c.shuttingDownLock.Unlock() - return c.shuttingDown -} - -func (c *Client) StartShutdown(reason string) { - c.shuttingDownLock.Lock() - defer c.shuttingDownLock.Unlock() - - c.Log(1, "StartShutdown(%s) ShuttingDown=%t", reason, c.shuttingDown) - if !c.shuttingDown { - c.shuttingDown = true - c.State = ClientStateEnding - - switch reason { - case "upstream_closed": - c.Log(2, "Upstream closed the connection") - case "err_connecting_upstream": - case "err_no_upstream": - // Error has been logged already - case "client_closed": - c.Log(2, "Client disconnected") - default: - c.Log(2, "Closed: %s", reason) - } - - close(c.Signals) - c.EndWG.Done() - } -} - -func (c *Client) SendClientSignal(signal string, args ...string) { - c.shuttingDownLock.Lock() - defer c.shuttingDownLock.Unlock() - - if !c.shuttingDown { - switch len(args) { - case 0: - c.Signals <- ClientSignal{signal} - case 1: - c.Signals <- ClientSignal{signal, args[0]} - case 2: - c.Signals <- ClientSignal{signal, args[0], args[1]} - } - } -} - -func (c *Client) SendIrcError(message string) { - c.SendClientSignal("data", "ERROR :"+message) -} - -func (c *Client) SendIrcFail(params ...string) { - failMessage := irc.Message{ - Command: "FAIL", - Params: params, - } - c.SendClientSignal("data", failMessage.ToLine()) -} - -func (c *Client) connectUpstream() { - client := c - - c.UpstreamStarted = true - - var upstreamConfig ConfigUpstream - - if client.DestHost == "" { - client.Log(2, "Using configured upstream") - var err error - upstreamConfig, err = c.Gateway.findUpstream() - if err != nil { - client.Log(3, "No upstreams available") - client.SendIrcError("The server has not been configured") - client.StartShutdown("err_no_upstream") - return - } - } else { - if !c.Gateway.isIrcAddressAllowed(client.DestHost) { - client.Log(2, "Server %s is not allowed. Closing connection", client.DestHost) - client.SendIrcError("Not allowed to connect to " + client.DestHost) - client.SendClientSignal("state", "closed", "err_forbidden") - client.StartShutdown("err_no_upstream") - return - } - - client.Log(2, "Using client given upstream") - upstreamConfig = c.configureUpstream() - } - - c.UpstreamConfig = &upstreamConfig - - hook := &HookIrcConnectionPre{ - Client: client, - UpstreamConfig: &upstreamConfig, - } - hook.Dispatch("irc.connection.pre") - if hook.Halt { - client.SendClientSignal("state", "closed", "err_forbidden") - client.StartShutdown("err_connecting_upstream") - return - } - - client.State = ClientStateConnecting - - upstream, upstreamErr := client.makeUpstreamConnection() - if upstreamErr != nil { - // Error handling was already managed in makeUpstreamConnection() - return - } - - client.State = ClientStateRegistering - - client.upstream = upstream - client.readUpstream() - client.writeWebircLines(upstream) - client.maybeSendPass(upstream) - client.SendClientSignal("state", "connected") -} - -func (c *Client) makeUpstreamConnection() (io.ReadWriteCloser, error) { - client := c - upstreamConfig := c.UpstreamConfig - - var connection io.ReadWriteCloser - - if upstreamConfig.Proxy == nil { - // Connect directly to the IRCd - dialer := net.Dialer{} - dialer.Timeout = time.Second * time.Duration(upstreamConfig.Timeout) - - if upstreamConfig.LocalAddr != "" { - parsedIP := net.ParseIP(upstreamConfig.LocalAddr) - if parsedIP != nil { - dialer.LocalAddr = &net.TCPAddr{ - IP: parsedIP, - Port: 0, - } - } else { - client.Log(3, "Failed to parse localaddr for upstream connection \"%s\"", upstreamConfig.LocalAddr) - } - } - - var conn net.Conn - var connErr error - if upstreamConfig.Protocol == "unix" { - conn, connErr = dialer.Dial("unix", upstreamConfig.Hostname) - } else { - upstreamStr := fmt.Sprintf("%s:%d", upstreamConfig.Hostname, upstreamConfig.Port) - conn, connErr = dialer.Dial(upstreamConfig.Protocol, upstreamStr) - } - - if connErr != nil { - client.Log(3, "Error connecting to the upstream IRCd. %s", connErr.Error()) - errString := "" - if errString = typeOfErr(connErr); errString != "" { - errString = "err_" + errString - } - client.SendClientSignal("state", "closed", errString) - client.StartShutdown("err_connecting_upstream") - return nil, errors.New("error connecting upstream") - } - - // Add the ports into the identd before possible TLS handshaking. If we do it after then - // there's a good chance the identd lookup will occur before the handshake has finished - if c.Gateway.Config.Identd { - // Keep track of the upstreams local and remote port numbers - _, lPortStr, _ := net.SplitHostPort(conn.LocalAddr().String()) - client.IrcState.LocalPort, _ = strconv.Atoi(lPortStr) - _, rPortStr, _ := net.SplitHostPort(conn.RemoteAddr().String()) - client.IrcState.RemotePort, _ = strconv.Atoi(rPortStr) - - c.Gateway.identdServ.AddIdent(client.IrcState.LocalPort, client.IrcState.RemotePort, client.IrcState.Username, "") - } - - if upstreamConfig.TLS { - tlsConfig := &tls.Config{InsecureSkipVerify: true} - tlsConn := tls.Client(conn, tlsConfig) - err := tlsConn.Handshake() - if err != nil { - client.Log(3, "Error connecting to the upstream IRCd. %s", err.Error()) - client.SendClientSignal("state", "closed", "err_tls") - client.StartShutdown("err_connecting_upstream") - return nil, errors.New("error connecting upstream") - } - - conn = net.Conn(tlsConn) - } - - connection = conn - } - - if upstreamConfig.Proxy != nil { - // Connect to the IRCd via a proxy - conn := proxy.MakeKiwiProxyConnection() - conn.DestHost = upstreamConfig.Hostname - conn.DestPort = upstreamConfig.Port - conn.DestTLS = upstreamConfig.TLS - conn.Username = upstreamConfig.Proxy.Username - conn.ProxyInterface = upstreamConfig.Proxy.Interface - - dialErr := conn.Dial(fmt.Sprintf( - "%s:%d", - upstreamConfig.Proxy.Hostname, - upstreamConfig.Proxy.Port, - )) - - if dialErr != nil { - errString := "" - if errString = typeOfErr(dialErr); errString != "" { - errString = "err_" + errString - } else { - errString = "err_proxy" - } - client.Log(3, - "Error connecting to the kiwi proxy, %s:%d. %s", - upstreamConfig.Proxy.Hostname, - upstreamConfig.Proxy.Port, - dialErr.Error(), - ) - - client.SendClientSignal("state", "closed", errString) - client.StartShutdown("err_connecting_upstream") - return nil, errors.New("error connecting upstream") - } - - connection = conn - } - - return connection, nil -} - -func (c *Client) writeWebircLines(upstream io.ReadWriteCloser) { - // Send any WEBIRC lines - if c.UpstreamConfig.WebircPassword == "" { - c.Log(1, "No webirc to send") - return - } - - gatewayName := "webircgateway" - if c.Gateway.Config.GatewayName != "" { - gatewayName = c.Gateway.Config.GatewayName - } - if c.UpstreamConfig.GatewayName != "" { - gatewayName = c.UpstreamConfig.GatewayName - } - - webircTags := c.buildWebircTags() - if strings.Contains(webircTags, " ") { - webircTags = ":" + webircTags - } - - clientHostname := c.RemoteHostname - if c.Gateway.Config.ClientHostname != "" { - clientHostname = makeClientReplacements(c.Gateway.Config.ClientHostname, c) - } - - remoteAddr := c.RemoteAddr - // Prefix IPv6 addresses that start with a : so they can be sent as an individual IRC - // parameter. eg. ::1 would not parse correctly as a parameter, while 0::1 will - if strings.HasPrefix(remoteAddr, ":") { - remoteAddr = "0" + remoteAddr - } - - webircLine := fmt.Sprintf( - "WEBIRC %s %s %s %s %s\n", - c.UpstreamConfig.WebircPassword, - gatewayName, - clientHostname, - remoteAddr, - webircTags, - ) - c.Log(1, "->upstream: %s", webircLine) - upstream.Write([]byte(webircLine)) -} - -func (c *Client) maybeSendPass(upstream io.ReadWriteCloser) { - if c.UpstreamConfig.ServerPassword == "" { - return - } - c.SentPass = true - passLine := fmt.Sprintf( - "PASS %s\n", - c.UpstreamConfig.ServerPassword, - ) - c.Log(1, "->upstream: %s", passLine) - upstream.Write([]byte(passLine)) -} - -func (c *Client) processLineToUpstream(data string) { - client := c - upstreamConfig := c.UpstreamConfig - - if strings.HasPrefix(data, "PASS ") && c.SentPass { - // Hijack the PASS command if we already sent a pass command - return - } else if strings.HasPrefix(data, "USER ") { - // Hijack the USER command as we may have some overrides - data = fmt.Sprintf( - "USER %s 0 * :%s", - client.IrcState.Username, - client.IrcState.RealName, - ) - } else if strings.HasPrefix(strings.ToUpper(data), "QUIT ") { - client.SeenQuit = true - } - - message, _ := irc.ParseLine(data) - - hook := &HookIrcLine{ - Client: client, - UpstreamConfig: upstreamConfig, - Line: data, - Message: message, - ToServer: true, - } - hook.Dispatch("irc.line") - if hook.Halt { - return - } - - // Plugins may have modified the data - data = hook.Line - - c.TrafficLog(true, false, data) - data = utf8ToOther(data, client.Encoding) - if data == "" { - client.Log(1, "Failed to encode into '%s'. Dropping data", c.Encoding) - return - } - - if client.upstream != nil { - client.upstream.Write([]byte(data + "\r\n")) - } else { - client.Log(2, "Tried sending data upstream before connected") - } -} - -func (c *Client) handleLineFromUpstream(data string) { - client := c - upstreamConfig := c.UpstreamConfig - - message, _ := irc.ParseLine(data) - - hook := &HookIrcLine{ - Client: client, - UpstreamConfig: upstreamConfig, - Line: data, - Message: message, - ToServer: false, - } - hook.Dispatch("irc.line") - if hook.Halt { - return - } - - // Plugins may have modified the data - data = hook.Line - - if data == "" { - return - } - - data = ensureUtf8(data, client.Encoding) - if data == "" { - client.Log(1, "Failed to decode as 'UTF-8'. Dropping data") - return - } - - data = client.ProcessLineFromUpstream(data) - if data == "" { - return - } - - client.SendClientSignal("data", data) -} - -func typeOfErr(err error) string { - if err == nil { - return "" - } - - if netError, ok := err.(net.Error); ok && netError.Timeout() { - return "timeout" - } - - switch t := err.(type) { - case *proxy.ConnError: - switch t.Type { - case "conn_reset": - return "" - case "conn_refused": - return "refused" - case "not_found": - return "unknown_host" - case "conn_timeout": - return "timeout" - default: - return "" - } - - case *net.OpError: - if t.Op == "dial" { - return "unknown_host" - } else if t.Op == "read" { - return "refused" - } - - case syscall.Errno: - if t == syscall.ECONNREFUSED { - return "refused" - } - } - - return "" -} - -func (c *Client) readUpstream() { - client := c - - // Data from upstream to client - go func() { - reader := bufio.NewReader(client.upstream) - for { - data, err := reader.ReadString('\n') - if err != nil { - break - } - - data = strings.Trim(data, "\n\r") - client.UpstreamRecv <- data - } - - close(client.UpstreamRecv) - client.upstream.Close() - client.upstream = nil - - if client.IrcState.RemotePort > 0 { - c.Gateway.identdServ.RemoveIdent(client.IrcState.LocalPort, client.IrcState.RemotePort, "") - } - }() -} - -// Handle lines sent from the client -func (c *Client) clientLineWorker() { - for { - shouldQuit, _ := c.handleDataLine() - if shouldQuit { - break - } - - } - - c.Log(1, "leaving clientLineWorker") -} - -func (c *Client) handleDataLine() (shouldQuit bool, hadErr bool) { - defer func() { - if err := recover(); err != nil { - c.Log(3, fmt.Sprint("Error handling data ", err)) - fmt.Println("Error handling data", err) - debug.PrintStack() - shouldQuit = false - hadErr = true - } - }() - - // We only want to send data upstream if we have an upstream connection - upstreamSend := c.UpstreamSend - if c.upstream == nil { - upstreamSend = nil - } - - select { - case clientData, ok := <-c.ThrottledRecv.Output: - if !ok { - c.Log(1, "client.Recv closed") - if !c.SeenQuit && c.Gateway.Config.SendQuitOnClientClose != "" && c.State == ClientStateEnding { - c.processLineToUpstream("QUIT :" + c.Gateway.Config.SendQuitOnClientClose) - } - - c.StartShutdown("client_closed") - - if c.upstream != nil { - c.upstream.Close() - } - return true, false - } - c.Log(1, "in c.ThrottledRecv.Output") - c.TrafficLog(false, true, clientData) - - clientLine, err := c.ProcessLineFromClient(clientData) - if err == nil && clientLine != "" { - c.UpstreamSend <- clientLine - } - - case line, ok := <-upstreamSend: - if !ok { - c.Log(1, "client.UpstreamSend closed") - return true, false - } - c.Log(1, "in .UpstreamSend") - c.processLineToUpstream(line) - - case upstreamData, ok := <-c.UpstreamRecv: - if !ok { - c.Log(1, "client.UpstreamRecv closed") - c.SendClientSignal("state", "closed") - c.StartShutdown("upstream_closed") - return true, false - } - c.Log(1, "in .UpstreamRecv") - c.TrafficLog(true, true, upstreamData) - - c.handleLineFromUpstream(upstreamData) - } - - return false, false -} - -// configureUpstream - Generate an upstream configuration from the information set on the client instance -func (c *Client) configureUpstream() ConfigUpstream { - upstreamConfig := ConfigUpstream{} - upstreamConfig.Hostname = c.DestHost - upstreamConfig.Port = c.DestPort - upstreamConfig.TLS = c.DestTLS - upstreamConfig.Timeout = c.Gateway.Config.GatewayTimeout - upstreamConfig.Throttle = c.Gateway.Config.GatewayThrottle - upstreamConfig.WebircPassword = c.Gateway.findWebircPassword(c.DestHost) - upstreamConfig.Protocol = c.Gateway.Config.GatewayProtocol - upstreamConfig.LocalAddr = c.Gateway.Config.GatewayLocalAddr - - return upstreamConfig -} - -func (c *Client) buildWebircTags() string { - str := "" - for key, val := range c.Tags { - if str != "" { - str += " " - } - - if val == "" { - str += key - } else { - str += key + "=" + val - } - } - - return str -} diff --git a/webircgateway/pkg/webircgateway/client_command_handlers.go b/webircgateway/pkg/webircgateway/client_command_handlers.go deleted file mode 100644 index d5d1fcc..0000000 --- a/webircgateway/pkg/webircgateway/client_command_handlers.go +++ /dev/null @@ -1,495 +0,0 @@ -package webircgateway - -import ( - "errors" - "strconv" - "strings" - "time" - - "github.com/golang-jwt/jwt/v4" - "github.com/kiwiirc/webircgateway/pkg/irc" - "github.com/kiwiirc/webircgateway/pkg/recaptcha" - "golang.org/x/net/html/charset" - "golang.org/x/time/rate" -) - -var MAX_EXTJWT_SIZE = 200 - -/* - * ProcessLineFromUpstream - * Processes and makes any changes to a line of data sent from an upstream - */ -func (c *Client) ProcessLineFromUpstream(data string) string { - client := c - - m, parseErr := irc.ParseLine(data) - if parseErr != nil { - return data - } - - pLen := len(m.Params) - - if pLen > 0 && m.Command == "NICK" && m.Prefix.Nick == c.IrcState.Nick { - client.IrcState.Nick = m.Params[0] - } - if pLen > 0 && m.Command == "001" { - client.IrcState.Nick = m.Params[0] - client.State = ClientStateConnected - client.ServerMessagePrefix = *m.Prefix - - // Throttle writes if configured, but only after registration is complete. Typical IRCd - // behavior is to not throttle registration commands. - client.ThrottledRecv.Limiter = rate.NewLimiter(rate.Limit(client.UpstreamConfig.Throttle), 1) - } - if pLen > 0 && m.Command == "005" { - tokenPairs := m.Params[1 : pLen-1] - iSupport := c.IrcState.ISupport - iSupport.Received = true - iSupport.Tags = m.Tags - iSupport.AddTokens(tokenPairs) - } - if c.IrcState.ISupport.Received && !c.IrcState.ISupport.Injected && m.Command != "005" { - iSupport := c.IrcState.ISupport - iSupport.Injected = true - - msg := irc.NewMessage() - msg.Command = "005" - msg.Prefix = &c.ServerMessagePrefix - msg.Params = append(msg.Params, c.IrcState.Nick) - - if iSupport.HasToken("EXTJWT") { - c.Log(1, "Upstream already supports EXTJWT, disabling feature") - c.Features.ExtJwt = false - } else { - // Add EXTJWT ISupport token - msg.Params = append(msg.Params, "EXTJWT=1") - iSupport.AddToken("EXTJWT=1") - } - - msg.Params = append(msg.Params, "are supported by this server") - if timeTag, ok := c.IrcState.ISupport.Tags["time"]; ok { - msg.Tags["time"] = timeTag - } - if len(msg.Params) > 2 { - // Extra tokens were added, send the line - c.SendClientSignal("data", msg.ToLine()) - } - } - if pLen > 0 && m.Command == "JOIN" && m.Prefix.Nick == c.IrcState.Nick { - channel := irc.NewStateChannel(m.GetParam(0, "")) - c.IrcState.SetChannel(channel) - } - if pLen > 0 && m.Command == "PART" && m.Prefix.Nick == c.IrcState.Nick { - c.IrcState.RemoveChannel(m.GetParam(0, "")) - } - if pLen > 0 && m.Command == "QUIT" && m.Prefix.Nick == c.IrcState.Nick { - c.IrcState.ClearChannels() - } - // :server.com 900 m m!m@irc-3jg.1ab.j4ep8h.IP prawnsalad :You are now logged in as prawnsalad - if pLen > 0 && m.Command == "900" { - c.IrcState.Account = m.GetParam(2, "") - } - // :server.com 901 itsonlybinary itsonlybinary!itsonlybina@user/itsonlybinary :You are now logged out - if m.Command == "901" { - c.IrcState.Account = "" - } - // :prawnsalad!prawn@kiwiirc/prawnsalad MODE #kiwiirc-dev +oo notprawn kiwi-n75 - if pLen > 0 && m.Command == "MODE" { - if strings.HasPrefix(m.GetParam(0, ""), "#") { - channelName := m.GetParam(0, "") - modes := m.GetParam(1, "") - - channel := c.IrcState.GetChannel(channelName) - if channel != nil { - channel = irc.NewStateChannel(channelName) - c.IrcState.SetChannel(channel) - } - - adding := false - paramIdx := 1 - for i := 0; i < len(modes); i++ { - mode := string(modes[i]) - - if mode == "+" { - adding = true - } else if mode == "-" { - adding = false - } else { - paramIdx++ - param := m.GetParam(paramIdx, "") - if strings.EqualFold(param, c.IrcState.Nick) { - if adding { - channel.Modes[mode] = "" - } else { - delete(channel.Modes, mode) - } - } - } - } - } - } - - // If upstream reports that it supports message-tags natively, disable the wrapping of this feature for - // this client - if pLen >= 3 && - strings.ToUpper(m.Command) == "CAP" && - m.GetParamU(1, "") == "LS" { - // The CAPs could be param 2 or 3 depending on if were using multiple lines to list them all. - caps := "" - if pLen >= 4 && m.Params[2] == "*" { - caps = m.GetParamU(3, "") - } else { - caps = m.GetParamU(2, "") - } - - if containsOneOf(caps, []string{"DRAFT/MESSAGE-TAGS-0.2", "MESSAGE-TAGS"}) { - c.Log(1, "Upstream already supports Messagetags, disabling feature") - c.Features.Messagetags = false - } - - // Inject message-tags cap into the last line of IRCd capabilities - if c.Features.Messagetags && m.Params[2] != "*" { - m.Params[2] += " message-tags" - data = m.ToLine() - } - } - - // If we requested message-tags, make sure to include it in the ACK when - // the IRCd sends the ACK through - if m != nil && - client.RequestedMessageTagsCap != "" && - strings.ToUpper(m.Command) == "CAP" && - m.GetParamU(1, "") == "ACK" && - !strings.Contains(m.GetParamU(2, ""), "MESSAGE-TAGS") { - - m.Params[2] += " " + client.RequestedMessageTagsCap - data = m.ToLine() - - client.RequestedMessageTagsCap = "" - } - - if m != nil && client.Features.Messagetags && c.Gateway.messageTags.CanMessageContainClientTags(m) { - // If we have any message tags stored for this message from a previous PRIVMSG sent - // by a client, add them back in - mTags, mTagsExists := c.Gateway.messageTags.GetTagsFromMessage(client, m.Prefix.Nick, m) - if mTagsExists { - for k, v := range mTags.Tags { - m.Tags[k] = v - } - - data = m.ToLine() - } - } - - return data -} - -/* - * ProcessLineFromClient - * Processes and makes any changes to a line of data sent from a client - */ -func (c *Client) ProcessLineFromClient(line string) (string, error) { - message, err := irc.ParseLine(line) - // Just pass any random data upstream - if err != nil { - return line, nil - } - - maybeConnectUpstream := func() { - verified := false - if c.RequiresVerification && !c.Verified { - verified = false - } else { - verified = true - } - - if !c.UpstreamStarted && c.IrcState.Username != "" && c.IrcState.Nick != "" && verified { - c.connectUpstream() - } - } - - if !c.Verified && strings.ToUpper(message.Command) == "CAPTCHA" { - verified := false - if len(message.Params) >= 1 { - captcha := recaptcha.R{ - URL: c.Gateway.Config.ReCaptchaURL, - Secret: c.Gateway.Config.ReCaptchaSecret, - } - - verified = captcha.VerifyResponse(message.Params[0]) - } - - if !verified { - c.SendIrcError("Invalid captcha") - c.SendClientSignal("state", "closed", "bad_captcha") - c.StartShutdown("unverifed") - } else { - c.Verified = true - maybeConnectUpstream() - } - - return "", nil - } - - // NICK <nickname> - if strings.ToUpper(message.Command) == "NICK" && !c.UpstreamStarted { - if len(message.Params) > 0 { - c.IrcState.Nick = message.Params[0] - } - - if !c.UpstreamStarted { - maybeConnectUpstream() - } - } - - // USER <username> <hostname> <servername> <realname> - if strings.ToUpper(message.Command) == "USER" && !c.UpstreamStarted { - if len(message.Params) < 4 { - return line, errors.New("Invalid USER line") - } - - if c.Gateway.Config.ClientUsername != "" { - message.Params[0] = makeClientReplacements(c.Gateway.Config.ClientUsername, c) - } - if c.Gateway.Config.ClientRealname != "" { - message.Params[3] = makeClientReplacements(c.Gateway.Config.ClientRealname, c) - } - - line = message.ToLine() - - c.IrcState.Username = message.Params[0] - c.IrcState.RealName = message.Params[3] - - maybeConnectUpstream() - } - - if strings.ToUpper(message.Command) == "ENCODING" { - if len(message.Params) > 0 { - encoding, _ := charset.Lookup(message.Params[0]) - if encoding == nil { - c.Log(1, "Requested unknown encoding, %s", message.Params[0]) - } else { - c.Encoding = message.Params[0] - c.Log(1, "Set encoding to %s", message.Params[0]) - } - } - - // Don't send the ENCODING command upstream - return "", nil - } - - if strings.ToUpper(message.Command) == "HOST" && !c.UpstreamStarted { - // HOST irc.network.net:6667 - // HOST irc.network.net:+6667 - - if !c.Gateway.Config.Gateway { - return "", nil - } - - if len(message.Params) == 0 { - return "", nil - } - - addr := message.Params[0] - if addr == "" { - c.SendIrcError("Missing host") - c.StartShutdown("missing_host") - return "", nil - } - - // Parse host:+port into the c.dest* vars - portSep := strings.LastIndex(addr, ":") - if portSep == -1 { - c.DestHost = addr - c.DestPort = 6667 - c.DestTLS = false - } else { - c.DestHost = addr[0:portSep] - portParam := addr[portSep+1:] - if len(portParam) > 0 && portParam[0:1] == "+" { - c.DestTLS = true - c.DestPort, err = strconv.Atoi(portParam[1:]) - if err != nil { - c.DestPort = 6697 - } - } else { - c.DestPort, err = strconv.Atoi(portParam[0:]) - if err != nil { - c.DestPort = 6667 - } - } - } - - // Don't send the HOST command upstream - return "", nil - } - - // If the client supports CAP, assume the client also supports parsing MessageTags - // When upstream replies with its CAP listing, we check if message-tags is supported by the IRCd already and if so, - // we disable this feature flag again to use the IRCds native support. - if strings.ToUpper(message.Command) == "CAP" && len(message.Params) > 0 && strings.ToUpper(message.Params[0]) == "LS" { - c.Log(1, "Enabling client Messagetags feature") - c.Features.Messagetags = true - } - - // If we are wrapping the Messagetags feature, make sure the clients REQ message-tags doesn't - // get sent upstream - if c.Features.Messagetags && strings.ToUpper(message.Command) == "CAP" && message.GetParamU(0, "") == "REQ" { - reqCaps := strings.ToLower(message.GetParam(1, "")) - capsThatEnableMessageTags := []string{"message-tags", "account-tag", "server-time", "batch"} - - if strings.Contains(reqCaps, "message-tags") { - // Rebuild the list of requested caps, without message-tags - caps := strings.Split(reqCaps, " ") - newCaps := []string{} - for _, cap := range caps { - if !strings.Contains(strings.ToLower(cap), "message-tags") { - newCaps = append(newCaps, cap) - } else { - c.RequestedMessageTagsCap = cap - } - } - - if len(newCaps) == 0 { - // The only requested CAP was our emulated message-tags - // the server will not be sending an ACK so we need to send our own - c.SendClientSignal("data", "CAP * ACK :"+c.RequestedMessageTagsCap) - return "", nil - } - message.Params[1] = strings.Join(newCaps, " ") - line = message.ToLine() - } else if !containsOneOf(reqCaps, capsThatEnableMessageTags) { - // Didn't request anything that needs message-tags cap so disable it - c.Features.Messagetags = false - } - } - - if c.Features.Messagetags && message.Command == "TAGMSG" { - if len(message.Params) == 0 { - return "", nil - } - - // We can't be 100% sure what this users correct mask is, so just send the nick - message.Prefix.Nick = c.IrcState.Nick - message.Prefix.Hostname = "" - message.Prefix.Username = "" - - thisHost := strings.ToLower(c.UpstreamConfig.Hostname) - target := message.Params[0] - for val := range c.Gateway.Clients.IterBuffered() { - curClient := val.Val.(*Client) - sameHost := strings.ToLower(curClient.UpstreamConfig.Hostname) == thisHost - if !sameHost { - continue - } - - // Only send the message on to either the target nick, or the clients in a set channel - if !strings.EqualFold(target, curClient.IrcState.Nick) && !curClient.IrcState.HasChannel(target) { - continue - } - - curClient.SendClientSignal("data", message.ToLine()) - } - - return "", nil - } - - // Check for any client message tags so that we can store them for replaying to other clients - if c.Features.Messagetags && c.Gateway.messageTags.CanMessageContainClientTags(message) { - c.Gateway.messageTags.AddTagsFromMessage(c, c.IrcState.Nick, message) - // Prevent any client tags heading upstream - for k := range message.Tags { - if len(k) > 0 && k[0] == '+' { - delete(message.Tags, k) - } - } - - line = message.ToLine() - } - - if c.Features.ExtJwt && strings.ToUpper(message.Command) == "EXTJWT" { - tokenTarget := message.GetParam(0, "") - tokenService := message.GetParam(1, "") - - tokenM := irc.Message{} - tokenM.Command = "EXTJWT" - tokenM.Prefix = &c.ServerMessagePrefix - tokenData := jwt.MapClaims{ - "exp": time.Now().UTC().Add(1 * time.Minute).Unix(), - "iss": c.UpstreamConfig.Hostname, - "sub": c.IrcState.Nick, - "account": c.IrcState.Account, - "umodes": []string{}, - - // Channel specific claims - "channel": "", - "joined": 0, - "cmodes": []string{}, - } - - // Use the NetworkCommonAddress if a plugin as assigned one. - // This allows plugins to associate different upstream hosts to the same network - if c.UpstreamConfig.NetworkCommonAddress != "" { - tokenData["iss"] = c.UpstreamConfig.NetworkCommonAddress - } - - if tokenTarget == "" || tokenTarget == "*" { - tokenM.Params = append(tokenM.Params, "*") - } else { - targetChan := c.IrcState.GetChannel(tokenTarget) - if targetChan == nil { - // Channel does not exist in IRC State, send so such channel message - failMessage := irc.Message{ - Command: "403", // ERR_NOSUCHCHANNEL - Prefix: &c.ServerMessagePrefix, - Params: []string{c.IrcState.Nick, tokenTarget, "No such channel"}, - } - c.SendClientSignal("data", failMessage.ToLine()) - return "", nil - } - - tokenM.Params = append(tokenM.Params, tokenTarget) - - tokenData["channel"] = targetChan.Name - tokenData["joined"] = targetChan.Joined.Unix() - - modes := []string{} - for mode := range targetChan.Modes { - modes = append(modes, mode) - } - tokenData["cmodes"] = modes - } - - if tokenService == "" || tokenService == "*" { - tokenM.Params = append(tokenM.Params, "*") - } else { - c.SendIrcFail("EXTJWT", "NO_SUCH_SERVICE", "No such service") - return "", nil - } - - token := jwt.NewWithClaims(jwt.SigningMethodHS256, tokenData) - tokenSigned, tokenSignedErr := token.SignedString([]byte(c.Gateway.Config.Secret)) - if tokenSignedErr != nil { - c.Log(3, "Error creating JWT token. %s", tokenSignedErr.Error()) - c.SendIrcFail("EXTJWT", "UNKNOWN_ERROR", "Failed to generate token") - return "", nil - } - - // Spit token if it exceeds max length - for len(tokenSigned) > MAX_EXTJWT_SIZE { - tokenSignedPart := tokenSigned[:MAX_EXTJWT_SIZE] - tokenSigned = tokenSigned[MAX_EXTJWT_SIZE:] - - tokenPartM := tokenM - tokenPartM.Params = append(tokenPartM.Params, "*", tokenSignedPart) - c.SendClientSignal("data", tokenPartM.ToLine()) - } - - tokenM.Params = append(tokenM.Params, tokenSigned) - c.SendClientSignal("data", tokenM.ToLine()) - - return "", nil - } - - return line, nil -} diff --git a/webircgateway/pkg/webircgateway/config.go b/webircgateway/pkg/webircgateway/config.go deleted file mode 100644 index 019d955..0000000 --- a/webircgateway/pkg/webircgateway/config.go +++ /dev/null @@ -1,385 +0,0 @@ -package webircgateway - -import ( - "errors" - "net" - "os" - "os/exec" - "path/filepath" - "strconv" - "strings" - - "github.com/gobwas/glob" - "gopkg.in/ini.v1" -) - -// ConfigUpstream - An upstream config -type ConfigUpstream struct { - // Plugins may assign an arbitary address to an upstream network - NetworkCommonAddress string - Hostname string - Port int - TLS bool - Timeout int - Throttle int - WebircPassword string - ServerPassword string - GatewayName string - Proxy *ConfigProxy - Protocol string - LocalAddr string -} - -// ConfigServer - A web server config -type ConfigServer struct { - LocalAddr string - BindMode os.FileMode - Port int - TLS bool - CertFile string - KeyFile string - LetsEncryptCacheDir string -} - -type ConfigProxy struct { - Type string - Hostname string - Port int - TLS bool - Username string - Interface string -} - -// Config - Config options for the running app -type Config struct { - gateway *Gateway - ConfigFile string - LogLevel int - Gateway bool - GatewayName string - GatewayWhitelist []glob.Glob - GatewayThrottle int - GatewayTimeout int - GatewayWebircPassword map[string]string - GatewayProtocol string - GatewayLocalAddr string - Proxy ConfigServer - Upstreams []ConfigUpstream - Servers []ConfigServer - ServerTransports []string - RemoteOrigins []glob.Glob - ReverseProxies []net.IPNet - Webroot string - ClientRealname string - ClientUsername string - ClientHostname string - Identd bool - RequiresVerification bool - SendQuitOnClientClose string - ReCaptchaURL string - ReCaptchaSecret string - ReCaptchaKey string - Secret string - Plugins []string - DnsblServers []string - // DnsblAction - "deny" = deny the connection. "verify" = require verification - DnsblAction string -} - -func NewConfig(gateway *Gateway) *Config { - return &Config{gateway: gateway} -} - -// ConfigResolvePath - If relative, resolve a path to it's full absolute path relative to the config file -func (c *Config) ResolvePath(path string) string { - // Absolute paths should stay as they are - if path[0:1] == "/" { - return path - } - - resolved := filepath.Dir(c.ConfigFile) - resolved = filepath.Clean(resolved + "/" + path) - return resolved -} - -func (c *Config) SetConfigFile(configFile string) { - // Config paths starting with $ is executed rather than treated as a path - if strings.HasPrefix(configFile, "$ ") { - c.ConfigFile = configFile - } else { - c.ConfigFile, _ = filepath.Abs(configFile) - } -} - -// CurrentConfigFile - Return the full path or command for the config file in use -func (c *Config) CurrentConfigFile() string { - return c.ConfigFile -} - -func (c *Config) Load() error { - var configSrc interface{} - - if strings.HasPrefix(c.ConfigFile, "$ ") { - cmdRawOut, err := exec.Command("sh", "-c", c.ConfigFile[2:]).Output() - if err != nil { - return err - } - - configSrc = cmdRawOut - } else { - configSrc = c.ConfigFile - } - - cfg, err := ini.LoadSources(ini.LoadOptions{AllowBooleanKeys: true, SpaceBeforeInlineComment: true}, configSrc) - if err != nil { - return err - } - - // Clear the existing config - c.Gateway = false - c.GatewayWebircPassword = make(map[string]string) - c.Proxy = ConfigServer{} - c.Upstreams = []ConfigUpstream{} - c.Servers = []ConfigServer{} - c.ServerTransports = []string{} - c.RemoteOrigins = []glob.Glob{} - c.GatewayWhitelist = []glob.Glob{} - c.ReverseProxies = []net.IPNet{} - c.Webroot = "" - c.ReCaptchaURL = "" - c.ReCaptchaSecret = "" - c.ReCaptchaKey = "" - c.RequiresVerification = false - c.Secret = "" - c.SendQuitOnClientClose = "" - c.ClientRealname = "" - c.ClientUsername = "" - c.ClientHostname = "" - c.DnsblServers = []string{} - c.DnsblAction = "" - - for _, section := range cfg.Sections() { - if strings.Index(section.Name(), "DEFAULT") == 0 { - c.LogLevel = section.Key("logLevel").MustInt(3) - if c.LogLevel < 1 || c.LogLevel > 3 { - c.gateway.Log(3, "Config option logLevel must be between 1-3. Setting default value of 3.") - c.LogLevel = 3 - } - - c.Identd = section.Key("identd").MustBool(false) - - c.GatewayName = section.Key("gateway_name").MustString("") - if strings.Contains(c.GatewayName, " ") { - c.gateway.Log(3, "Config option gateway_name must not contain spaces") - c.GatewayName = "" - } - - c.Secret = section.Key("secret").MustString("") - c.SendQuitOnClientClose = section.Key("send_quit_on_client_close").MustString("Connection closed") - } - - if section.Name() == "verify" { - captchaSecret := section.Key("recaptcha_secret").MustString("") - captchaKey := section.Key("recaptcha_key").MustString("") - if captchaSecret != "" && captchaKey != "" { - c.RequiresVerification = section.Key("required").MustBool(false) - c.ReCaptchaSecret = captchaSecret - } - c.ReCaptchaURL = section.Key("recaptcha_url").MustString("https://www.google.com/recaptcha/api/siteverify") - } - - if section.Name() == "dnsbl" { - c.DnsblAction = section.Key("action").MustString("") - } - - if section.Name() == "dnsbl.servers" { - c.DnsblServers = append(c.DnsblServers, section.KeyStrings()...) - } - - if section.Name() == "gateway" { - c.Gateway = section.Key("enabled").MustBool(false) - c.GatewayTimeout = section.Key("timeout").MustInt(10) - c.GatewayThrottle = section.Key("throttle").MustInt(2) - - validProtocols := []string{"tcp", "tcp4", "tcp6"} - c.GatewayProtocol = stringInSliceOrDefault(section.Key("protocol").MustString(""), "tcp", validProtocols) - c.GatewayLocalAddr = section.Key("localaddr").MustString("") - } - - if section.Name() == "gateway.webirc" { - for _, serverAddr := range section.KeyStrings() { - c.GatewayWebircPassword[serverAddr] = section.Key(serverAddr).MustString("") - } - } - - if strings.Index(section.Name(), "clients") == 0 { - c.ClientUsername = section.Key("username").MustString("") - c.ClientRealname = section.Key("realname").MustString("") - c.ClientHostname = section.Key("hostname").MustString("") - } - - if strings.Index(section.Name(), "fileserving") == 0 { - if section.Key("enabled").MustBool(false) { - c.Webroot = section.Key("webroot").MustString("") - } - } - - if strings.Index(section.Name(), "server.") == 0 { - server := ConfigServer{} - server.LocalAddr = confKeyAsString(section.Key("bind"), "127.0.0.1") - rawMode := confKeyAsString(section.Key("bind_mode"), "") - mode, err := strconv.ParseInt(rawMode, 8, 32) - if err != nil { - mode = 0755 - } - server.BindMode = os.FileMode(mode) - server.Port = confKeyAsInt(section.Key("port"), 80) - server.TLS = confKeyAsBool(section.Key("tls"), false) - server.CertFile = confKeyAsString(section.Key("cert"), "") - server.KeyFile = confKeyAsString(section.Key("key"), "") - server.LetsEncryptCacheDir = confKeyAsString(section.Key("letsencrypt_cache"), "") - - if strings.HasSuffix(server.LetsEncryptCacheDir, ".cache") { - return errors.New("Syntax has changed. Please update letsencrypt_cache to a directory path (eg ./cache)") - } - - c.Servers = append(c.Servers, server) - } - - if section.Name() == "proxy" { - server := ConfigServer{} - server.LocalAddr = confKeyAsString(section.Key("bind"), "0.0.0.0") - server.Port = confKeyAsInt(section.Key("port"), 7999) - c.Proxy = server - } - - if strings.Index(section.Name(), "upstream.") == 0 { - upstream := ConfigUpstream{} - - validProtocols := []string{"tcp", "tcp4", "tcp6", "unix"} - upstream.Protocol = stringInSliceOrDefault(section.Key("protocol").MustString(""), "tcp", validProtocols) - - hostname := section.Key("hostname").MustString("127.0.0.1") - if strings.HasPrefix(strings.ToLower(hostname), "unix:") { - upstream.Protocol = "unix" - upstream.Hostname = hostname[5:] - } else { - upstream.Hostname = hostname - upstream.Port = section.Key("port").MustInt(6667) - upstream.TLS = section.Key("tls").MustBool(false) - } - - upstream.Timeout = section.Key("timeout").MustInt(10) - upstream.Throttle = section.Key("throttle").MustInt(2) - upstream.WebircPassword = section.Key("webirc").MustString("") - upstream.ServerPassword = section.Key("serverpassword").MustString("") - upstream.LocalAddr = section.Key("localaddr").MustString("") - - upstream.GatewayName = section.Key("gateway_name").MustString("") - if strings.Contains(upstream.GatewayName, " ") { - c.gateway.Log(3, "Config option gateway_name must not contain spaces") - upstream.GatewayName = "" - } - - upstream.NetworkCommonAddress = section.Key("network_common_address").MustString("") - - c.Upstreams = append(c.Upstreams, upstream) - } - - // "engines" is now legacy naming - if section.Name() == "engines" || section.Name() == "transports" { - for _, transport := range section.KeyStrings() { - c.ServerTransports = append(c.ServerTransports, strings.Trim(transport, "\n")) - } - } - - if strings.Index(section.Name(), "plugins") == 0 { - for _, plugin := range section.KeyStrings() { - c.Plugins = append(c.Plugins, strings.Trim(plugin, "\n")) - } - } - - if strings.Index(section.Name(), "allowed_origins") == 0 { - for _, origin := range section.KeyStrings() { - match, err := glob.Compile(origin) - if err != nil { - c.gateway.Log(3, "Config section allowed_origins has invalid match, "+origin) - continue - } - c.RemoteOrigins = append(c.RemoteOrigins, match) - } - } - - if strings.Index(section.Name(), "gateway.whitelist") == 0 { - for _, origin := range section.KeyStrings() { - match, err := glob.Compile(origin) - if err != nil { - c.gateway.Log(3, "Config section gateway.whitelist has invalid match, "+origin) - continue - } - c.GatewayWhitelist = append(c.GatewayWhitelist, match) - } - } - - if strings.Index(section.Name(), "reverse_proxies") == 0 { - for _, cidrRange := range section.KeyStrings() { - _, validRange, cidrErr := net.ParseCIDR(cidrRange) - if cidrErr != nil { - c.gateway.Log(3, "Config section reverse_proxies has invalid entry, "+cidrRange) - continue - } - c.ReverseProxies = append(c.ReverseProxies, *validRange) - } - } - } - - return nil -} - -func confKeyAsString(key *ini.Key, def string) string { - val := def - - str := key.String() - if len(str) > 1 && str[:1] == "$" { - val = os.Getenv(str[1:]) - } else { - val = key.MustString(def) - } - - return val -} - -func confKeyAsInt(key *ini.Key, def int) int { - val := def - - str := key.String() - if len(str) > 1 && str[:1] == "$" { - envVal := os.Getenv(str[1:]) - envValInt, err := strconv.Atoi(envVal) - if err == nil { - val = envValInt - } - } else { - val = key.MustInt(def) - } - - return val -} - -func confKeyAsBool(key *ini.Key, def bool) bool { - val := def - - str := key.String() - if len(str) > 1 && str[:1] == "$" { - envVal := os.Getenv(str[1:]) - if envVal == "0" || envVal == "false" || envVal == "no" { - val = false - } else { - val = true - } - } else { - val = key.MustBool(def) - } - - return val -} diff --git a/webircgateway/pkg/webircgateway/gateway.go b/webircgateway/pkg/webircgateway/gateway.go deleted file mode 100644 index 47169ef..0000000 --- a/webircgateway/pkg/webircgateway/gateway.go +++ /dev/null @@ -1,278 +0,0 @@ -package webircgateway - -import ( - "crypto/tls" - "encoding/json" - "fmt" - "net" - "net/http" - "os" - "strconv" - "strings" - "sync" - - "errors" - - "github.com/kiwiirc/webircgateway/pkg/identd" - "github.com/kiwiirc/webircgateway/pkg/proxy" - cmap "github.com/orcaman/concurrent-map" -) - -var ( - Version = "-" -) - -type Gateway struct { - Config *Config - HttpRouter *http.ServeMux - LogOutput chan string - messageTags *MessageTagManager - identdServ identd.Server - Clients cmap.ConcurrentMap - Acme *LEManager - Function string - httpSrvs []*http.Server - httpSrvsMu sync.Mutex - closeWg sync.WaitGroup -} - -func NewGateway(function string) *Gateway { - s := &Gateway{} - s.Function = function - s.Config = NewConfig(s) - s.HttpRouter = http.NewServeMux() - s.LogOutput = make(chan string, 5) - s.identdServ = identd.NewIdentdServer() - s.messageTags = NewMessageTagManager() - // Clients hold a map lookup for all the connected clients - s.Clients = cmap.New() - s.Acme = NewLetsEncryptManager(s) - - return s -} - -func (s *Gateway) Log(level int, format string, args ...interface{}) { - if level < s.Config.LogLevel { - return - } - - levels := [...]string{"L_DEBUG", "L_INFO", "L_WARN"} - line := fmt.Sprintf(levels[level-1]+" "+format, args...) - s.LogOutput <- line -} - -func (s *Gateway) Start() { - s.closeWg.Add(1) - - if s.Function == "gateway" { - s.maybeStartStaticFileServer() - s.initHttpRoutes() - s.maybeStartIdentd() - - for _, serverConfig := range s.Config.Servers { - go s.startServer(serverConfig) - } - } - - if s.Function == "proxy" { - proxy.Start(fmt.Sprintf("%s:%d", s.Config.Proxy.LocalAddr, s.Config.Proxy.Port)) - } -} - -func (s *Gateway) Close() { - hook := HookGatewayClosing{} - hook.Dispatch("gateway.closing") - - defer s.closeWg.Done() - - s.httpSrvsMu.Lock() - defer s.httpSrvsMu.Unlock() - - for _, httpSrv := range s.httpSrvs { - httpSrv.Close() - } -} - -func (s *Gateway) WaitClose() { - s.closeWg.Wait() -} - -func (s *Gateway) maybeStartStaticFileServer() { - if s.Config.Webroot != "" { - webroot := s.Config.ResolvePath(s.Config.Webroot) - s.Log(2, "Serving files from %s", webroot) - s.HttpRouter.Handle("/", http.FileServer(http.Dir(webroot))) - } -} - -func (s *Gateway) initHttpRoutes() error { - // Add all the transport routes - engineConfigured := false - for _, transport := range s.Config.ServerTransports { - switch transport { - case "kiwiirc": - t := &TransportKiwiirc{} - t.Init(s) - engineConfigured = true - case "websocket": - t := &TransportWebsocket{} - t.Init(s) - engineConfigured = true - case "sockjs": - t := &TransportSockjs{} - t.Init(s) - engineConfigured = true - default: - s.Log(3, "Invalid server engine: '%s'", transport) - } - } - - if !engineConfigured { - s.Log(3, "No server engines configured") - return errors.New("No server engines configured") - } - - // Add some general server info about this webircgateway instance - s.HttpRouter.HandleFunc("/webirc/info", func(w http.ResponseWriter, r *http.Request) { - out, _ := json.Marshal(map[string]interface{}{ - "name": "webircgateway", - "version": Version, - }) - - w.Write(out) - }) - - s.HttpRouter.HandleFunc("/webirc/_status", func(w http.ResponseWriter, r *http.Request) { - if !isPrivateIP(s.GetRemoteAddressFromRequest(r)) { - w.WriteHeader(403) - return - } - - out := "" - for item := range s.Clients.IterBuffered() { - c := item.Val.(*Client) - line := fmt.Sprintf( - "%s:%d %s %s!%s %s %s", - c.UpstreamConfig.Hostname, - c.UpstreamConfig.Port, - c.State, - c.IrcState.Nick, - c.IrcState.Username, - c.RemoteAddr, - c.RemoteHostname, - ) - - // Allow plugins to add their own status data - hook := HookStatus{} - hook.Client = c - hook.Line = line - hook.Dispatch("status.client") - if !hook.Halt { - out += hook.Line + "\n" - } - - } - - w.Write([]byte(out)) - }) - - return nil -} - -func (s *Gateway) maybeStartIdentd() { - if s.Config.Identd { - err := s.identdServ.Run() - if err != nil { - s.Log(3, "Error starting identd server: %s", err.Error()) - } else { - s.Log(2, "Identd server started") - } - } -} - -func (s *Gateway) startServer(conf ConfigServer) { - addr := fmt.Sprintf("%s:%d", conf.LocalAddr, conf.Port) - - if strings.HasPrefix(strings.ToLower(conf.LocalAddr), "tcp:") { - t := &TransportTcp{} - t.Init(s) - t.Start(conf.LocalAddr[4:] + ":" + strconv.Itoa(conf.Port)) - } else if conf.TLS && conf.LetsEncryptCacheDir == "" { - if conf.CertFile == "" || conf.KeyFile == "" { - s.Log(3, "'cert' and 'key' options must be set for TLS servers") - return - } - - tlsCert := s.Config.ResolvePath(conf.CertFile) - tlsKey := s.Config.ResolvePath(conf.KeyFile) - - s.Log(2, "Listening with TLS on %s", addr) - keyPair, keyPairErr := tls.LoadX509KeyPair(tlsCert, tlsKey) - if keyPairErr != nil { - s.Log(3, "Failed to listen with TLS, certificate error: %s", keyPairErr.Error()) - return - } - srv := &http.Server{ - Addr: addr, - TLSConfig: &tls.Config{ - Certificates: []tls.Certificate{keyPair}, - }, - Handler: s.HttpRouter, - } - s.httpSrvsMu.Lock() - s.httpSrvs = append(s.httpSrvs, srv) - s.httpSrvsMu.Unlock() - - // Don't use HTTP2 since it doesn't support websockets - srv.TLSNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler)) - - err := srv.ListenAndServeTLS("", "") - if err != nil && err != http.ErrServerClosed { - s.Log(3, "Failed to listen with TLS: %s", err.Error()) - } - } else if conf.TLS && conf.LetsEncryptCacheDir != "" { - s.Log(2, "Listening with letsencrypt TLS on %s", addr) - leManager := s.Acme.Get(conf.LetsEncryptCacheDir) - srv := &http.Server{ - Addr: addr, - TLSConfig: &tls.Config{ - GetCertificate: leManager.GetCertificate, - }, - Handler: s.HttpRouter, - } - s.httpSrvsMu.Lock() - s.httpSrvs = append(s.httpSrvs, srv) - s.httpSrvsMu.Unlock() - - // Don't use HTTP2 since it doesn't support websockets - srv.TLSNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler)) - - err := srv.ListenAndServeTLS("", "") - if err != nil && err != http.ErrServerClosed { - s.Log(3, "Listening with letsencrypt failed: %s", err.Error()) - } - } else if strings.HasPrefix(strings.ToLower(conf.LocalAddr), "unix:") { - socketFile := conf.LocalAddr[5:] - s.Log(2, "Listening on %s", socketFile) - os.Remove(socketFile) - server, serverErr := net.Listen("unix", socketFile) - if serverErr != nil { - s.Log(3, serverErr.Error()) - return - } - os.Chmod(socketFile, conf.BindMode) - http.Serve(server, s.HttpRouter) - } else { - s.Log(2, "Listening on %s", addr) - srv := &http.Server{Addr: addr, Handler: s.HttpRouter} - - s.httpSrvsMu.Lock() - s.httpSrvs = append(s.httpSrvs, srv) - s.httpSrvsMu.Unlock() - - err := srv.ListenAndServe() - if err != nil && err != http.ErrServerClosed { - s.Log(3, err.Error()) - } - } -} diff --git a/webircgateway/pkg/webircgateway/gateway_utils.go b/webircgateway/pkg/webircgateway/gateway_utils.go deleted file mode 100644 index 4b2a38d..0000000 --- a/webircgateway/pkg/webircgateway/gateway_utils.go +++ /dev/null @@ -1,133 +0,0 @@ -package webircgateway - -import ( - "errors" - "math/rand" - "net" - "net/http" - "strings" -) - -var v4LoopbackAddr = net.ParseIP("127.0.0.1") - -func (s *Gateway) NewClient() *Client { - return NewClient(s) -} - -func (s *Gateway) IsClientOriginAllowed(originHeader string) bool { - // Empty list of origins = all origins allowed - if len(s.Config.RemoteOrigins) == 0 { - return true - } - - // No origin header = running on the same page - if originHeader == "" { - return true - } - - foundMatch := false - - for _, originMatch := range s.Config.RemoteOrigins { - if originMatch.Match(originHeader) { - foundMatch = true - break - } - } - - return foundMatch -} - -func (s *Gateway) isIrcAddressAllowed(addr string) bool { - // Empty whitelist = all destinations allowed - if len(s.Config.GatewayWhitelist) == 0 { - return true - } - - foundMatch := false - - for _, addrMatch := range s.Config.GatewayWhitelist { - if addrMatch.Match(addr) { - foundMatch = true - break - } - } - - return foundMatch -} - -func (s *Gateway) findUpstream() (ConfigUpstream, error) { - var ret ConfigUpstream - - if len(s.Config.Upstreams) == 0 { - return ret, errors.New("No upstreams available") - } - - randIdx := rand.Intn(len(s.Config.Upstreams)) - ret = s.Config.Upstreams[randIdx] - - return ret, nil -} - -func (s *Gateway) findWebircPassword(ircHost string) string { - pass, exists := s.Config.GatewayWebircPassword[strings.ToLower(ircHost)] - if !exists { - pass = "" - } - - return pass -} - -func (s *Gateway) GetRemoteAddressFromRequest(req *http.Request) net.IP { - remoteIP := remoteIPFromRequest(req) - - // If the remoteIP is not in a whitelisted reverse proxy range, don't trust - // the headers and use the remoteIP as the users IP - if !s.isTrustedProxy(remoteIP) { - return remoteIP - } - - headerVal := req.Header.Get("x-forwarded-for") - ips := strings.Split(headerVal, ",") - ipStr := strings.Trim(ips[0], " ") - if ipStr != "" { - ip := net.ParseIP(ipStr) - if ip != nil { - remoteIP = ip - } - } - - return remoteIP - -} - -func (s *Gateway) isRequestSecure(req *http.Request) bool { - remoteIP := remoteIPFromRequest(req) - - // If the remoteIP is not in a whitelisted reverse proxy range, don't trust - // the headers and check the request directly - if !s.isTrustedProxy(remoteIP) { - return req.TLS != nil - } - - fwdProto := req.Header.Get("x-forwarded-proto") - return strings.EqualFold(fwdProto, "https") -} - -func (s *Gateway) isTrustedProxy(remoteIP net.IP) bool { - for _, cidrRange := range s.Config.ReverseProxies { - if cidrRange.Contains(remoteIP) { - return true - } - } - return false -} - -func remoteIPFromRequest(req *http.Request) net.IP { - if req.RemoteAddr == "@" { - // remote address is unix socket, treat it as loopback interface - return v4LoopbackAddr - } - - remoteAddr, _, _ := net.SplitHostPort(req.RemoteAddr) - return net.ParseIP(remoteAddr) -} diff --git a/webircgateway/pkg/webircgateway/hooks.go b/webircgateway/pkg/webircgateway/hooks.go deleted file mode 100644 index 1bfd564..0000000 --- a/webircgateway/pkg/webircgateway/hooks.go +++ /dev/null @@ -1,152 +0,0 @@ -package webircgateway - -import "github.com/kiwiirc/webircgateway/pkg/irc" - -var hooksRegistered map[string][]interface{} - -func init() { - hooksRegistered = make(map[string][]interface{}) -} - -func HookRegister(hookName string, p interface{}) { - _, exists := hooksRegistered[hookName] - if !exists { - hooksRegistered[hookName] = make([]interface{}, 0) - } - - hooksRegistered[hookName] = append(hooksRegistered[hookName], p) -} - -type Hook struct { - ID string - Halt bool -} - -func (h *Hook) getCallbacks(eventType string) []interface{} { - var f []interface{} - f = make([]interface{}, 0) - - callbacks, exists := hooksRegistered[eventType] - if exists { - f = callbacks - } - - return f -} - -/** - * HookIrcConnectionPre - * Dispatched just before an IRC connection is attempted - * Types: irc.connection.pre - */ -type HookIrcConnectionPre struct { - Hook - Client *Client - UpstreamConfig *ConfigUpstream -} - -func (h *HookIrcConnectionPre) Dispatch(eventType string) { - for _, p := range h.getCallbacks(eventType) { - if f, ok := p.(func(*HookIrcConnectionPre)); ok { - f(h) - } - } -} - -/** - * HookIrcLine - * Dispatched when either: - * * A line arrives from the IRCd, before sending to the client - * * A line arrives from the client, before sending to the IRCd - * Types: irc.line - */ -type HookIrcLine struct { - Hook - Client *Client - UpstreamConfig *ConfigUpstream - Line string - Message *irc.Message - ToServer bool -} - -func (h *HookIrcLine) Dispatch(eventType string) { - for _, p := range h.getCallbacks(eventType) { - if f, ok := p.(func(*HookIrcLine)); ok { - f(h) - } - } -} - -/** - * HookClientState - * Dispatched after a client connects or disconnects - * Types: client.state - */ -type HookClientState struct { - Hook - Client *Client - Connected bool -} - -func (h *HookClientState) Dispatch(eventType string) { - for _, p := range h.getCallbacks(eventType) { - if f, ok := p.(func(*HookClientState)); ok { - f(h) - } - } -} - -/** - * HookClientInit - * Dispatched directly after a new Client instance has been created - * Types: client.init - */ -type HookClientInit struct { - Hook - Client *Client - Connected bool -} - -func (h *HookClientInit) Dispatch(eventType string) { - for _, p := range h.getCallbacks(eventType) { - if f, ok := p.(func(*HookClientInit)); ok { - f(h) - } - } -} - -/** - * HookStatus - * Dispatched for each line output of the _status HTTP request - * Types: status.client - */ -type HookStatus struct { - Hook - Client *Client - Line string -} - -func (h *HookStatus) Dispatch(eventType string) { - for _, p := range h.getCallbacks(eventType) { - if f, ok := p.(func(*HookStatus)); ok { - f(h) - } - } -} - -/** - * HookGatewayClosing - * Dispatched when the gateway has been told to shutdown - * Types: gateway.closing - */ -type HookGatewayClosing struct { - Hook -} - -func (h *HookGatewayClosing) Dispatch(eventType string) { - for _, p := range h.getCallbacks(eventType) { - if f, ok := p.(func(*HookGatewayClosing)); ok { - f(h) - } - } -} diff --git a/webircgateway/pkg/webircgateway/letsencrypt.go b/webircgateway/pkg/webircgateway/letsencrypt.go deleted file mode 100644 index ffa6afe..0000000 --- a/webircgateway/pkg/webircgateway/letsencrypt.go +++ /dev/null @@ -1,41 +0,0 @@ -package webircgateway - -import ( - "context" - "strings" - "sync" - - "golang.org/x/crypto/acme/autocert" -) - -type LEManager struct { - // ensure only one instance of the manager and handler is running - // while allowing multiple listeners to use it - Mutex sync.Mutex - Manager *autocert.Manager - gateway *Gateway -} - -func NewLetsEncryptManager(gateway *Gateway) *LEManager { - return &LEManager{gateway: gateway} -} - -func (le *LEManager) Get(certCacheDir string) *autocert.Manager { - le.Mutex.Lock() - defer le.Mutex.Unlock() - - // Create it if it doesn't already exist - if le.Manager == nil { - le.Manager = &autocert.Manager{ - Prompt: autocert.AcceptTOS, - Cache: autocert.DirCache(strings.TrimRight(certCacheDir, "/")), - HostPolicy: func(ctx context.Context, host string) error { - le.gateway.Log(2, "Automatically requesting a HTTPS certificate for %s", host) - return nil - }, - } - le.gateway.HttpRouter.Handle("/.well-known/", le.Manager.HTTPHandler(nil)) - } - - return le.Manager -} diff --git a/webircgateway/pkg/webircgateway/messagetags.go b/webircgateway/pkg/webircgateway/messagetags.go deleted file mode 100644 index 9715ad6..0000000 --- a/webircgateway/pkg/webircgateway/messagetags.go +++ /dev/null @@ -1,103 +0,0 @@ -package webircgateway - -import ( - "strings" - "sync" - "time" - - "github.com/OneOfOne/xxhash" - "github.com/kiwiirc/webircgateway/pkg/irc" -) - -type MessageTagManager struct { - Mutex sync.Mutex - knownTags map[uint64]MessageTags - gcTimes map[uint64]time.Time -} -type MessageTags struct { - Tags map[string]string -} - -func NewMessageTagManager() *MessageTagManager { - tm := &MessageTagManager{ - knownTags: make(map[uint64]MessageTags), - gcTimes: make(map[uint64]time.Time), - } - - go tm.RunGarbageCollectionLoop() - return tm -} - -func (tags *MessageTagManager) CanMessageContainClientTags(msg *irc.Message) bool { - return stringInSlice(msg.Command, []string{ - "PRIVMSG", - "NOTICE", - "TAGMSG", - }) -} - -func (tags *MessageTagManager) RunGarbageCollectionLoop() { - for { - tags.Mutex.Lock() - for messageHash, timeCreated := range tags.gcTimes { - if timeCreated.Add(time.Second * 30).After(time.Now()) { - delete(tags.knownTags, messageHash) - } - - } - tags.Mutex.Unlock() - - time.Sleep(time.Second * 30) - } -} - -func (tags *MessageTagManager) AddTagsFromMessage(client *Client, fromNick string, msg *irc.Message) { - if !tags.CanMessageContainClientTags(msg) { - return - } - - clientTags := MessageTags{ - Tags: make(map[string]string), - } - for tagName, tagVal := range msg.Tags { - if len(tagName) > 0 && tagName[0] == '+' { - clientTags.Tags[tagName] = tagVal - } - } - - if len(clientTags.Tags) > 0 { - tags.Mutex.Lock() - msgHash := tags.messageHash(client, fromNick, msg) - tags.knownTags[msgHash] = clientTags - tags.gcTimes[msgHash] = time.Now() - tags.Mutex.Unlock() - } -} - -func (tags *MessageTagManager) GetTagsFromMessage(client *Client, fromNick string, msg *irc.Message) (MessageTags, bool) { - if !tags.CanMessageContainClientTags(msg) { - return MessageTags{}, false - } - - msgHash := tags.messageHash(client, fromNick, msg) - - tags.Mutex.Lock() - defer tags.Mutex.Unlock() - - clientTags, tagsExist := tags.knownTags[msgHash] - if !tagsExist { - return clientTags, false - } - - return clientTags, true -} - -func (tags *MessageTagManager) messageHash(client *Client, fromNick string, msg *irc.Message) uint64 { - h := xxhash.New64() - h.WriteString(strings.ToLower(client.UpstreamConfig.Hostname)) - h.WriteString(strings.ToLower(fromNick)) - // make target case insensitive - h.WriteString(strings.ToLower(msg.GetParam(0, ""))) - h.WriteString(msg.GetParam(1, "")) - return h.Sum64() -} diff --git a/webircgateway/pkg/webircgateway/transport_kiwiirc.go b/webircgateway/pkg/webircgateway/transport_kiwiirc.go deleted file mode 100644 index e5247e8..0000000 --- a/webircgateway/pkg/webircgateway/transport_kiwiirc.go +++ /dev/null @@ -1,206 +0,0 @@ -package webircgateway - -import ( - "fmt" - "log" - "net" - "net/http" - "runtime/debug" - "strings" - "sync" - - "github.com/gorilla/websocket" - "github.com/igm/sockjs-go/v3/sockjs" - cmap "github.com/orcaman/concurrent-map" -) - -type TransportKiwiirc struct { - gateway *Gateway -} - -func (t *TransportKiwiirc) Init(g *Gateway) { - t.gateway = g - sockjsOptions := sockjs.DefaultOptions - sockjsOptions.WebsocketUpgrader = &websocket.Upgrader{ - // Origin is checked within the session handler - CheckOrigin: func(_ *http.Request) bool { return true }, - } - handler := sockjs.NewHandler("/webirc/kiwiirc", sockjsOptions, t.sessionHandler) - t.gateway.HttpRouter.Handle("/webirc/kiwiirc/", handler) -} - -func (t *TransportKiwiirc) makeChannel(chanID string, ws sockjs.Session) *TransportKiwiircChannel { - client := t.gateway.NewClient() - - originHeader := strings.ToLower(ws.Request().Header.Get("Origin")) - if !t.gateway.IsClientOriginAllowed(originHeader) { - client.Log(2, "Origin %s not allowed. Closing connection", originHeader) - ws.Close(0, "Origin not allowed") - return nil - } - - client.RemoteAddr = t.gateway.GetRemoteAddressFromRequest(ws.Request()).String() - - clientHostnames, err := net.LookupAddr(client.RemoteAddr) - if err != nil || len(clientHostnames) == 0 { - client.RemoteHostname = client.RemoteAddr - } else { - // FQDNs include a . at the end. Strip it out - potentialHostname := strings.Trim(clientHostnames[0], ".") - - // Must check that the resolved hostname also resolves back to the users IP - addr, err := net.LookupIP(potentialHostname) - if err == nil && len(addr) == 1 && addr[0].String() == client.RemoteAddr { - client.RemoteHostname = potentialHostname - } else { - client.RemoteHostname = client.RemoteAddr - } - } - - if t.gateway.isRequestSecure(ws.Request()) { - client.Tags["secure"] = "" - } - - // This doesn't make sense to have since the remote port may change between requests. Only - // here for testing purposes for now. - _, remoteAddrPort, _ := net.SplitHostPort(ws.Request().RemoteAddr) - client.Tags["remote-port"] = remoteAddrPort - - client.Log(2, "New kiwiirc channel on %s from %s %s", ws.Request().Host, client.RemoteAddr, client.RemoteHostname) - client.Ready() - - channel := &TransportKiwiircChannel{ - Id: chanID, - Client: client, - Conn: ws, - waitForClose: make(chan bool), - Closed: false, - } - - go channel.listenForSignals() - - return channel -} - -func (t *TransportKiwiirc) sessionHandler(session sockjs.Session) { - // Don't let a single users error kill the entire service for everyone - defer func() { - if r := recover(); r != nil { - log.Printf("[ERROR] Recovered from %s\n%s", r, debug.Stack()) - } - }() - - channels := cmap.New() - - // Read from sockjs - go func() { - for { - msg, err := session.Recv() - if err == nil && len(msg) > 0 { - idEnd := strings.Index(msg, " ") - if idEnd == -1 { - // msg is in the form of ":chanId" - chanID := msg[1:] - - c, channelExists := channels.Get(chanID) - if channelExists { - channel := c.(*TransportKiwiircChannel) - channel.close() - } - - if !channelExists { - channel := t.makeChannel(chanID, session) - if channel == nil { - continue - } - channels.Set(chanID, channel) - - // When the channel closes, remove it from the map again - go func() { - <-channel.waitForClose - channel.Client.Log(2, "Removing channel from connection") - channels.Remove(chanID) - }() - } - - session.Send(":" + chanID) - - } else { - // msg is in the form of ":chanId data" - chanID := msg[1:idEnd] - data := msg[idEnd+1:] - - channel, channelExists := channels.Get(chanID) - if channelExists { - c := channel.(*TransportKiwiircChannel) - c.handleIncomingLine(data) - } - } - } else if err != nil { - t.gateway.Log(1, "kiwi connection closed (%s)", err.Error()) - break - } - } - - for channel := range channels.IterBuffered() { - c := channel.Val.(*TransportKiwiircChannel) - c.Closed = true - c.Client.StartShutdown("client_closed") - } - }() -} - -type TransportKiwiircChannel struct { - Conn sockjs.Session - Client *Client - Id string - waitForClose chan bool - ClosedLock sync.Mutex - Closed bool -} - -func (c *TransportKiwiircChannel) listenForSignals() { - for { - signal, ok := <-c.Client.Signals - if !ok { - break - } - c.Client.Log(1, "signal:%s %s", signal[0], signal[1]) - if signal[0] == "state" { - if signal[1] == "connected" { - c.Conn.Send(fmt.Sprintf(":%s control connected", c.Id)) - } else if signal[1] == "closed" { - c.Conn.Send(fmt.Sprintf(":%s control closed %s", c.Id, signal[2])) - } - } - - if signal[0] == "data" { - toSend := strings.Trim(signal[1], "\r\n") - c.Conn.Send(fmt.Sprintf(":%s %s", c.Id, toSend)) - } - } - - c.ClosedLock.Lock() - - c.Closed = true - close(c.Client.Recv) - close(c.waitForClose) - - c.ClosedLock.Unlock() -} - -func (c *TransportKiwiircChannel) handleIncomingLine(line string) { - c.ClosedLock.Lock() - - if !c.Closed { - c.Client.Recv <- line - } - - c.ClosedLock.Unlock() -} - -func (c *TransportKiwiircChannel) close() { - if c.Client.upstream != nil { - c.Client.upstream.Close() - } -} diff --git a/webircgateway/pkg/webircgateway/transport_sockjs.go b/webircgateway/pkg/webircgateway/transport_sockjs.go deleted file mode 100644 index da4891f..0000000 --- a/webircgateway/pkg/webircgateway/transport_sockjs.go +++ /dev/null @@ -1,107 +0,0 @@ -package webircgateway - -import ( - "net" - "net/http" - "strings" - - "github.com/gorilla/websocket" - "github.com/igm/sockjs-go/v3/sockjs" -) - -type TransportSockjs struct { - gateway *Gateway -} - -func (t *TransportSockjs) Init(g *Gateway) { - t.gateway = g - sockjsOptions := sockjs.DefaultOptions - sockjsOptions.WebsocketUpgrader = &websocket.Upgrader{ - // Origin is checked within the session handler - CheckOrigin: func(_ *http.Request) bool { return true }, - } - sockjsHandler := sockjs.NewHandler("/webirc/sockjs", sockjsOptions, t.sessionHandler) - t.gateway.HttpRouter.Handle("/webirc/sockjs/", sockjsHandler) -} - -func (t *TransportSockjs) sessionHandler(session sockjs.Session) { - client := t.gateway.NewClient() - - originHeader := strings.ToLower(session.Request().Header.Get("Origin")) - if !t.gateway.IsClientOriginAllowed(originHeader) { - client.Log(2, "Origin %s not allowed. Closing connection", originHeader) - session.Close(0, "Origin not allowed") - return - } - - client.RemoteAddr = t.gateway.GetRemoteAddressFromRequest(session.Request()).String() - - clientHostnames, err := net.LookupAddr(client.RemoteAddr) - if err != nil { - client.RemoteHostname = client.RemoteAddr - } else { - // FQDNs include a . at the end. Strip it out - potentialHostname := strings.Trim(clientHostnames[0], ".") - - // Must check that the resolved hostname also resolves back to the users IP - addr, err := net.LookupIP(potentialHostname) - if err == nil && len(addr) == 1 && addr[0].String() == client.RemoteAddr { - client.RemoteHostname = potentialHostname - } else { - client.RemoteHostname = client.RemoteAddr - } - } - - if t.gateway.isRequestSecure(session.Request()) { - client.Tags["secure"] = "" - } - - // This doesn't make sense to have since the remote port may change between requests. Only - // here for testing purposes for now. - _, remoteAddrPort, _ := net.SplitHostPort(session.Request().RemoteAddr) - client.Tags["remote-port"] = remoteAddrPort - - client.Log(2, "New sockjs client on %s from %s %s", session.Request().Host, client.RemoteAddr, client.RemoteHostname) - client.Ready() - - // Read from sockjs - go func() { - for { - msg, err := session.Recv() - if err == nil && len(msg) > 0 { - client.Log(1, "client->: %s", msg) - select { - case client.Recv <- msg: - default: - client.Log(3, "Recv queue full. Dropping data") - // TODO: Should this really just drop the data or close the connection? - } - } else if err != nil { - client.Log(1, "sockjs connection closed (%s)", err.Error()) - break - } else if len(msg) == 0 { - client.Log(1, "Got 0 bytes from websocket") - } - } - - close(client.Recv) - }() - - // Process signals for the client - for { - signal, ok := <-client.Signals - if !ok { - break - } - - if signal[0] == "data" { - line := strings.Trim(signal[1], "\r\n") - client.Log(1, "->ws: %s", line) - session.Send(line) - } - - if signal[0] == "state" && signal[1] == "closed" { - session.Close(0, "Closed") - } - } -} diff --git a/webircgateway/pkg/webircgateway/transport_tcp.go b/webircgateway/pkg/webircgateway/transport_tcp.go deleted file mode 100644 index b4af7b3..0000000 --- a/webircgateway/pkg/webircgateway/transport_tcp.go +++ /dev/null @@ -1,113 +0,0 @@ -package webircgateway - -import ( - "bufio" - "net" - "strings" - "sync" -) - -type TransportTcp struct { - gateway *Gateway -} - -func (t *TransportTcp) Init(g *Gateway) { - t.gateway = g -} - -func (t *TransportTcp) Start(lAddr string) { - l, err := net.Listen("tcp", lAddr) - if err != nil { - t.gateway.Log(3, "TCP error listening: "+err.Error()) - return - } - // Close the listener when the application closes. - defer l.Close() - t.gateway.Log(2, "TCP listening on "+lAddr) - for { - // Listen for an incoming connection. - conn, err := l.Accept() - if err != nil { - t.gateway.Log(3, "TCP error accepting: "+err.Error()) - break - } - // Handle connections in a new goroutine. - go t.handleConn(conn) - } -} - -func (t *TransportTcp) handleConn(conn net.Conn) { - client := t.gateway.NewClient() - - client.RemoteAddr = conn.RemoteAddr().String() - - clientHostnames, err := net.LookupAddr(client.RemoteAddr) - if err != nil { - client.RemoteHostname = client.RemoteAddr - } else { - // FQDNs include a . at the end. Strip it out - potentialHostname := strings.Trim(clientHostnames[0], ".") - - // Must check that the resolved hostname also resolves back to the users IP - addr, err := net.LookupIP(potentialHostname) - if err == nil && len(addr) == 1 && addr[0].String() == client.RemoteAddr { - client.RemoteHostname = potentialHostname - } else { - client.RemoteHostname = client.RemoteAddr - } - } - - _, remoteAddrPort, _ := net.SplitHostPort(conn.RemoteAddr().String()) - client.Tags["remote-port"] = remoteAddrPort - - client.Log(2, "New tcp client on %s from %s %s", conn.LocalAddr().String(), client.RemoteAddr, client.RemoteHostname) - client.Ready() - - // We wait until the client send queue has been drained - var sendDrained sync.WaitGroup - sendDrained.Add(1) - - // Read from TCP - go func() { - reader := bufio.NewReader(conn) - for { - data, err := reader.ReadString('\n') - if err == nil { - message := strings.TrimRight(data, "\r\n") - client.Log(1, "client->: %s", message) - select { - case client.Recv <- message: - default: - client.Log(3, "Recv queue full. Dropping data") - // TODO: Should this really just drop the data or close the connection? - } - - } else { - client.Log(1, "TCP connection closed (%s)", err.Error()) - break - - } - } - - close(client.Recv) - }() - - // Process signals for the client - for { - signal, ok := <-client.Signals - if !ok { - sendDrained.Done() - break - } - - if signal[0] == "data" { - //line := strings.Trim(signal[1], "\r\n") - line := signal[1] + "\n" - client.Log(1, "->tcp: %s", signal[1]) - conn.Write([]byte(line)) - } - } - - sendDrained.Wait() - conn.Close() -} diff --git a/webircgateway/pkg/webircgateway/transport_websocket.go b/webircgateway/pkg/webircgateway/transport_websocket.go deleted file mode 100644 index 960718b..0000000 --- a/webircgateway/pkg/webircgateway/transport_websocket.go +++ /dev/null @@ -1,126 +0,0 @@ -package webircgateway - -import ( - "fmt" - "net" - "net/http" - "strings" - "sync" - - "golang.org/x/net/websocket" -) - -type TransportWebsocket struct { - gateway *Gateway - wsServer *websocket.Server -} - -func (t *TransportWebsocket) Init(g *Gateway) { - t.gateway = g - t.wsServer = &websocket.Server{Handler: t.websocketHandler, Handshake: t.checkOrigin} - t.gateway.HttpRouter.Handle("/webirc/websocket/", t.wsServer) -} - -func (t *TransportWebsocket) checkOrigin(config *websocket.Config, req *http.Request) (err error) { - config.Origin, err = websocket.Origin(config, req) - - var origin string - if config.Origin != nil { - origin = config.Origin.String() - } else { - origin = "" - } - - if !t.gateway.IsClientOriginAllowed(origin) { - err = fmt.Errorf("Origin %#v not allowed", origin) - t.gateway.Log(2, "%s. Closing connection", err) - return err - } - - return err -} - -func (t *TransportWebsocket) websocketHandler(ws *websocket.Conn) { - client := t.gateway.NewClient() - - client.RemoteAddr = t.gateway.GetRemoteAddressFromRequest(ws.Request()).String() - - clientHostnames, err := net.LookupAddr(client.RemoteAddr) - if err != nil { - client.RemoteHostname = client.RemoteAddr - } else { - // FQDNs include a . at the end. Strip it out - potentialHostname := strings.Trim(clientHostnames[0], ".") - - // Must check that the resolved hostname also resolves back to the users IP - addr, err := net.LookupIP(potentialHostname) - if err == nil && len(addr) == 1 && addr[0].String() == client.RemoteAddr { - client.RemoteHostname = potentialHostname - } else { - client.RemoteHostname = client.RemoteAddr - } - } - - if t.gateway.isRequestSecure(ws.Request()) { - client.Tags["secure"] = "" - } - - _, remoteAddrPort, _ := net.SplitHostPort(ws.Request().RemoteAddr) - client.Tags["remote-port"] = remoteAddrPort - - client.Log(2, "New websocket client on %s from %s %s", ws.Request().Host, client.RemoteAddr, client.RemoteHostname) - client.Ready() - - // We wait until the client send queue has been drained - var sendDrained sync.WaitGroup - sendDrained.Add(1) - - // Read from websocket - go func() { - for { - r := make([]byte, 1024) - len, err := ws.Read(r) - if err == nil && len > 0 { - message := string(r[:len]) - client.Log(1, "client->: %s", message) - select { - case client.Recv <- message: - default: - client.Log(3, "Recv queue full. Dropping data") - // TODO: Should this really just drop the data or close the connection? - } - - } else if err != nil { - client.Log(1, "Websocket connection closed (%s)", err.Error()) - break - - } else if len == 0 { - client.Log(1, "Got 0 bytes from websocket") - } - } - - close(client.Recv) - }() - - // Process signals for the client - for { - signal, ok := <-client.Signals - if !ok { - sendDrained.Done() - break - } - - if signal[0] == "data" { - line := strings.Trim(signal[1], "\r\n") - client.Log(1, "->ws: %s", line) - ws.Write([]byte(line)) - } - - if signal[0] == "state" && signal[1] == "closed" { - ws.Close() - } - } - - sendDrained.Wait() - ws.Close() -} diff --git a/webircgateway/pkg/webircgateway/utils.go b/webircgateway/pkg/webircgateway/utils.go deleted file mode 100644 index 1fc687a..0000000 --- a/webircgateway/pkg/webircgateway/utils.go +++ /dev/null @@ -1,147 +0,0 @@ -package webircgateway - -import ( - "context" - "fmt" - "net" - "strings" - "unicode/utf8" - - "golang.org/x/net/html/charset" - "golang.org/x/time/rate" -) - -var privateIPBlocks []*net.IPNet - -func init() { - for _, cidr := range []string{ - "127.0.0.0/8", // IPv4 loopback - "10.0.0.0/8", // RFC1918 - "172.16.0.0/12", // RFC1918 - "192.168.0.0/16", // RFC1918 - "::1/128", // IPv6 loopback - "fe80::/10", // IPv6 link-local - } { - _, block, _ := net.ParseCIDR(cidr) - privateIPBlocks = append(privateIPBlocks, block) - } -} - -func isPrivateIP(ip net.IP) bool { - for _, block := range privateIPBlocks { - if block.Contains(ip) { - return true - } - } - return false -} - -// Username / realname / webirc hostname can all have configurable replacements -func makeClientReplacements(format string, client *Client) string { - ret := format - ret = strings.Replace(ret, "%a", client.RemoteAddr, -1) - ret = strings.Replace(ret, "%i", Ipv4ToHex(client.RemoteAddr), -1) - ret = strings.Replace(ret, "%h", client.RemoteHostname, -1) - ret = strings.Replace(ret, "%n", client.IrcState.Nick, -1) - return ret -} - -func Ipv4ToHex(ip string) string { - var ipParts [4]int - fmt.Sscanf(ip, "%d.%d.%d.%d", &ipParts[0], &ipParts[1], &ipParts[2], &ipParts[3]) - ipHex := fmt.Sprintf("%02x%02x%02x%02x", ipParts[0], ipParts[1], ipParts[2], ipParts[3]) - return ipHex -} - -func ensureUtf8(s string, fromEncoding string) string { - if utf8.ValidString(s) { - return s - } - - encoding, encErr := charset.Lookup(fromEncoding) - if encoding == nil { - println("encErr:", encErr) - return "" - } - - d := encoding.NewDecoder() - s2, _ := d.String(s) - return s2 -} - -func utf8ToOther(s string, toEncoding string) string { - if toEncoding == "UTF-8" && utf8.ValidString(s) { - return s - } - - encoding, _ := charset.Lookup(toEncoding) - if encoding == nil { - return "" - } - - e := encoding.NewEncoder() - s2, _ := e.String(s) - return s2 -} - -func containsOneOf(s string, substrs []string) bool { - for _, substr := range substrs { - if strings.Contains(s, substr) { - return true - } - } - - return false -} - -func stringInSlice(s string, slice []string) bool { - for _, v := range slice { - if v == s { - return true - } - } - return false -} - -func stringInSliceOrDefault(s, def string, validStrings []string) string { - if stringInSlice(s, validStrings) { - return s - } - return def -} - -type ThrottledStringChannel struct { - in chan string - Input chan<- string - out chan string - Output <-chan string - *rate.Limiter -} - -func NewThrottledStringChannel(wrappedChan chan string, limiter *rate.Limiter) *ThrottledStringChannel { - out := make(chan string, 50) - - c := &ThrottledStringChannel{ - in: wrappedChan, - Input: wrappedChan, - out: out, - Output: out, - Limiter: limiter, - } - - go c.run() - - return c -} - -func (c *ThrottledStringChannel) run() { - for msg := range c.in { - // start := time.Now() - c.Wait(context.Background()) - c.out <- msg - // elapsed := time.Since(start) - // fmt.Printf("waited %v to send %v\n", elapsed, msg) - } - - close(c.out) -} diff --git a/webircgateway/plugins/example/plugin.go b/webircgateway/plugins/example/plugin.go deleted file mode 100644 index 085d9e3..0000000 --- a/webircgateway/plugins/example/plugin.go +++ /dev/null @@ -1,11 +0,0 @@ -package main - -import ( - "sync" - - "github.com/kiwiirc/webircgateway/pkg/webircgateway" -) - -func Start(gateway *webircgateway.Gateway, pluginsQuit *sync.WaitGroup) { - gateway.Log(1, "Example gateway plugin %s", webircgateway.Version) -}
\ No newline at end of file diff --git a/webircgateway/plugins/stats/plugin.go b/webircgateway/plugins/stats/plugin.go deleted file mode 100644 index bdafc41..0000000 --- a/webircgateway/plugins/stats/plugin.go +++ /dev/null @@ -1,52 +0,0 @@ -package main - -import ( - "fmt" - "math" - "os" - "runtime" - "sync" - "time" - - "github.com/kiwiirc/webircgateway/pkg/webircgateway" -) - -func Start(gateway *webircgateway.Gateway, pluginsQuit *sync.WaitGroup) { - gateway.Log(2, "Stats reporting plugin loading") - go reportUsage(gateway) - - pluginsQuit.Done() -} - -func reportUsage(gateway *webircgateway.Gateway) { - started := time.Now() - - out := func(line string) { - file, _ := os.OpenFile("stats_"+fmt.Sprintf("%v", started.Unix())+".csv", - os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644) - file.WriteString(line) - file.Close() - } - - out("time,rss,heapinuse,heapalloc,numroutines,numclients\n") - - for { - time.Sleep(time.Second * 5) - - numClients := gateway.Clients.Count() - mem := &runtime.MemStats{} - runtime.ReadMemStats(mem) - - line := fmt.Sprintf( - "%v,%v,%v,%v,%v,%v\n", - math.Round(time.Now().Sub(started).Seconds()), - mem.Sys/1024, - mem.HeapInuse/1024, - mem.HeapAlloc/1024, - runtime.NumGoroutine(), - numClients, - ) - - out(line) - } -} diff --git a/webircgateway/rootfs/lib64/ld-linux-x86-64.so.2 b/webircgateway/rootfs/lib64/ld-linux-x86-64.so.2 Binary files differdeleted file mode 100755 index a3c1d9a..0000000 --- a/webircgateway/rootfs/lib64/ld-linux-x86-64.so.2 +++ /dev/null diff --git a/webircgateway/rootfs/usr/lib/libc.so.6 b/webircgateway/rootfs/usr/lib/libc.so.6 Binary files differdeleted file mode 100755 index 08a9f82..0000000 --- a/webircgateway/rootfs/usr/lib/libc.so.6 +++ /dev/null diff --git a/webircgateway/rootfs/usr/lib/libresolv.so.2 b/webircgateway/rootfs/usr/lib/libresolv.so.2 Binary files differdeleted file mode 100755 index af57633..0000000 --- a/webircgateway/rootfs/usr/lib/libresolv.so.2 +++ /dev/null diff --git a/webircgateway/rootfs/usr/lib64/ld-linux-x86-64.so.2 b/webircgateway/rootfs/usr/lib64/ld-linux-x86-64.so.2 Binary files differdeleted file mode 100755 index a3c1d9a..0000000 --- a/webircgateway/rootfs/usr/lib64/ld-linux-x86-64.so.2 +++ /dev/null diff --git a/webircgateway/rootfs/webircgateway b/webircgateway/rootfs/webircgateway Binary files differdeleted file mode 100755 index f8e6927..0000000 --- a/webircgateway/rootfs/webircgateway +++ /dev/null diff --git a/webircgateway/staticcheck.conf b/webircgateway/staticcheck.conf deleted file mode 100644 index 606faa6..0000000 --- a/webircgateway/staticcheck.conf +++ /dev/null @@ -1 +0,0 @@ -checks = ["all", "-ST1005"] diff --git a/webircgateway/webircgateway b/webircgateway/webircgateway Binary files differdeleted file mode 100755 index f8e6927..0000000 --- a/webircgateway/webircgateway +++ /dev/null diff --git a/webircgateway/webircgateway.svg b/webircgateway/webircgateway.svg deleted file mode 100644 index a92d350..0000000 --- a/webircgateway/webircgateway.svg +++ /dev/null @@ -1,3 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"> -<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="583px" height="161px" viewBox="-0.5 -0.5 583 161" style="background-color: rgb(255, 255, 255);"><defs/><g><path d="M 372 80 L 417 80 L 417 40 L 455.63 40" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 460.88 40 L 453.88 43.5 L 455.63 40 L 453.88 36.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><path d="M 372 80 L 455.63 80" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 460.88 80 L 453.88 83.5 L 455.63 80 L 453.88 76.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><path d="M 372 80 L 417 80 L 417 120 L 455.63 120" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 460.88 120 L 453.88 123.5 L 455.63 120 L 453.88 116.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><path d="M 173.43 -0.66 L 372.31 -0.66 L 373.45 160.81 L 170.66 161.76" fill="#ffffff" stroke="none" pointer-events="all"/><path d="M 173.37 -1.8 C 241.48 0.42 311.12 -0.95 370.41 0.06 M 172.82 -0.12 C 219.08 -0.19 266 -0.93 371.48 0.44 M 370.02 -0.51 C 372.54 41.23 371.58 83.32 370.7 161.2 M 371.85 0.91 C 373.44 40.44 372.66 83.06 371.45 160.63 M 372.72 158.75 C 297.02 161.45 222.98 160.05 170.89 158.36 M 372.47 160.27 C 297.32 159.9 223.07 159.91 172.81 160.39 M 171.63 160.81 C 169.73 118.56 171.97 74.1 171.7 -1.35 M 172.26 159.53 C 172.22 100.75 171.74 39.86 172.59 0.3" fill="none" stroke="#696969" stroke-linejoin="round" stroke-linecap="round" stroke-miterlimit="10" pointer-events="all"/><path d="M 80 40 L 165.63 40" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 170.88 40 L 163.88 43.5 L 165.63 40 L 163.88 36.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><rect x="0" y="30" width="80" height="20" fill="none" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe flex-start; width: 78px; height: 1px; padding-top: 40px; margin-left: 2px;"><div style="box-sizing: border-box; font-size: 0; text-align: left; "><div style="display: inline-block; font-size: 14px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: normal; word-wrap: normal; ">TCP socket</div></div></div></foreignObject><text x="2" y="44" fill="#000000" font-family="Helvetica" font-size="14px">TCP socket</text></switch></g><path d="M 80 80 L 165.63 80" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 170.88 80 L 163.88 83.5 L 165.63 80 L 163.88 76.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><rect x="0" y="70" width="80" height="20" fill="none" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe flex-start; width: 78px; height: 1px; padding-top: 80px; margin-left: 2px;"><div style="box-sizing: border-box; font-size: 0; text-align: left; "><div style="display: inline-block; font-size: 14px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: normal; word-wrap: normal; ">Websocket</div></div></div></foreignObject><text x="2" y="84" fill="#000000" font-family="Helvetica" font-size="14px">Websocket</text></switch></g><path d="M 80 120 L 165.63 120" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 170.88 120 L 163.88 123.5 L 165.63 120 L 163.88 116.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><rect x="0" y="110" width="80" height="20" fill="none" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe flex-start; width: 78px; height: 1px; padding-top: 120px; margin-left: 2px;"><div style="box-sizing: border-box; font-size: 0; text-align: left; "><div style="display: inline-block; font-size: 14px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: normal; word-wrap: normal; ">Sockjs</div></div></div></foreignObject><text x="2" y="124" fill="#000000" font-family="Helvetica" font-size="14px">Sockjs</text></switch></g><rect x="172" y="10" width="200" height="20" fill="none" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 198px; height: 1px; padding-top: 20px; margin-left: 173px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 16px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; font-weight: bold; white-space: normal; word-wrap: normal; ">webircgateway</div></div></div></foreignObject><text x="272" y="25" fill="#000000" font-family="Helvetica" font-size="16px" text-anchor="middle" font-weight="bold">webircgateway</text></switch></g><rect x="172" y="42" width="200" height="90" fill="none" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe center; width: 202px; height: 1px; padding-top: 47px; margin-left: 171px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 14px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: normal; word-wrap: normal; ">Captcha<br style="font-size: 14px" />DNSBL<br style="font-size: 14px" />UTF8 <> re-encoding<br style="font-size: 14px" />WEBIRC<br style="font-size: 14px" />ident/host/nick rewriting<br />Lets Encrypt certificates</div></div></div></foreignObject><text x="272" y="61" fill="#000000" font-family="Helvetica" font-size="14px" text-anchor="middle">Captcha...</text></switch></g><rect x="462" y="30" width="120" height="20" fill="none" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe flex-start; width: 118px; height: 1px; padding-top: 40px; margin-left: 464px;"><div style="box-sizing: border-box; font-size: 0; text-align: left; "><div style="display: inline-block; font-size: 14px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: normal; word-wrap: normal; ">irc1.example.com</div></div></div></foreignObject><text x="464" y="44" fill="#000000" font-family="Helvetica" font-size="14px">irc1.example.com</text></switch></g><rect x="462" y="70" width="120" height="20" fill="none" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe flex-start; width: 118px; height: 1px; padding-top: 80px; margin-left: 464px;"><div style="box-sizing: border-box; font-size: 0; text-align: left; "><div style="display: inline-block; font-size: 14px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: normal; word-wrap: normal; ">irc2.example.com</div></div></div></foreignObject><text x="464" y="84" fill="#000000" font-family="Helvetica" font-size="14px">irc2.example.com</text></switch></g><rect x="462" y="110" width="120" height="20" fill="none" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe flex-start; width: 118px; height: 1px; padding-top: 120px; margin-left: 464px;"><div style="box-sizing: border-box; font-size: 0; text-align: left; "><div style="display: inline-block; font-size: 14px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: normal; word-wrap: normal; ">irc3.example.com</div></div></div></foreignObject><text x="464" y="124" fill="#000000" font-family="Helvetica" font-size="14px">irc3.example.com</text></switch></g></g><switch><g requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"/><a transform="translate(0,-5)" xlink:href="https://www.diagrams.net/doc/faq/svg-export-text-problems" target="_blank"><text text-anchor="middle" font-size="10px" x="50%" y="100%">Viewer does not support full SVG 1.1</text></a></switch></svg>
\ No newline at end of file |
