Updates 2.6.4

+ Added force TLS v1.2 above toggle + Added trace route + Added ICMP ping + Added special routing rules module for up-coming acme integration + Fixed IPv6 check bug in black/whitelist + Optimized UI for TCP Proxy +
tobychui · Jun 15, 2023 · 48dc85e · 48dc85e
1 parent a73a794
commit 48dc85e
Show file tree

Hide file tree

Showing 27 changed files with 1,424 additions and 173 deletions.
diff --git a/src/acme.go b/src/acme.go
@@ -0,0 +1,35 @@
+package main
+
+import (
+	"log"
+	"net/http"
+
+	"imuslab.com/zoraxy/mod/dynamicproxy"
+)
+
+/*
+	acme.go
+
+	This script handle special routing required for acme auto cert renew functions
+*/
+
+func acmeRegisterSpecialRoutingRule() {
+	err := dynamicProxyRouter.AddRoutingRules(&dynamicproxy.RoutingRule{
+		ID: "acme-autorenew",
+		MatchRule: func(r *http.Request) bool {
+			if r.RequestURI == "/.well-known/" {
+				return true
+			}
+
+			return false
+		},
+		RoutingHandler: func(w http.ResponseWriter, r *http.Request) {
+			w.Write([]byte("HELLO WORLD, THIS IS ACME REQUEST HANDLER"))
+		},
+		Enabled: true,
+	})
+
+	if err != nil {
+		log.Println("[Err] " + err.Error())
+	}
+}
diff --git a/src/api.go b/src/api.go
@@ -6,6 +6,7 @@ import (
 
 	"imuslab.com/zoraxy/mod/auth"
 	"imuslab.com/zoraxy/mod/netstat"
+	"imuslab.com/zoraxy/mod/netutils"
 	"imuslab.com/zoraxy/mod/utils"
 )
 
@@ -55,6 +56,7 @@ func initAPIs() {
 
 	//TLS / SSL config
 	authRouter.HandleFunc("/api/cert/tls", handleToggleTLSProxy)
+	authRouter.HandleFunc("/api/cert/tlsRequireLatest", handleSetTlsRequireLatest)
 	authRouter.HandleFunc("/api/cert/upload", handleCertUpload)
 	authRouter.HandleFunc("/api/cert/list", handleListCertificate)
 	authRouter.HandleFunc("/api/cert/checkDefault", handleDefaultCertCheck)
@@ -81,6 +83,11 @@ func initAPIs() {
 	authRouter.HandleFunc("/api/whitelist/ip/remove", handleIpWhitelistRemove)
 	authRouter.HandleFunc("/api/whitelist/enable", handleWhitelistEnable)
 
+	//Path Blocker APIs
+	authRouter.HandleFunc("/api/pathrule/add", pathRuleHandler.HandleAddBlockingPath)
+	authRouter.HandleFunc("/api/pathrule/list", pathRuleHandler.HandleListBlockingPath)
+	authRouter.HandleFunc("/api/pathrule/remove", pathRuleHandler.HandleRemoveBlockingPath)
+
 	//Statistic & uptime monitoring API
 	authRouter.HandleFunc("/api/stats/summary", statisticCollector.HandleTodayStatLoad)
 	authRouter.HandleFunc("/api/stats/countries", HandleCountryDistrSummary)
@@ -126,6 +133,8 @@ func initAPIs() {
 
 	//Network utilities
 	authRouter.HandleFunc("/api/tools/ipscan", HandleIpScan)
+	authRouter.HandleFunc("/api/tools/traceroute", netutils.HandleTraceRoute)
+	authRouter.HandleFunc("/api/tools/ping", netutils.HandlePing)
 	authRouter.HandleFunc("/api/tools/webssh", HandleCreateProxySession)
 	authRouter.HandleFunc("/api/tools/websshSupported", HandleWebSshSupportCheck)
 	authRouter.HandleFunc("/api/tools/wol", HandleWakeOnLan)

diff --git a/src/cert.go b/src/cert.go
@@ -130,6 +130,33 @@ func handleToggleTLSProxy(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
+// Handle the GET and SET of reverse proxy TLS versions
+func handleSetTlsRequireLatest(w http.ResponseWriter, r *http.Request) {
+	newState, err := utils.PostPara(r, "set")
+	if err != nil {
+		//GET
+		var reqLatestTLS bool = false
+		if sysdb.KeyExists("settings", "forceLatestTLS") {
+			sysdb.Read("settings", "forceLatestTLS", &reqLatestTLS)
+		}
+
+		js, _ := json.Marshal(reqLatestTLS)
+		utils.SendJSONResponse(w, string(js))
+	} else {
+		if newState == "true" {
+			sysdb.Write("settings", "forceLatestTLS", true)
+			log.Println("Updating minimum TLS version to v1.2 or above")
+			dynamicProxyRouter.UpdateTLSVersion(true)
+		} else if newState == "false" {
+			sysdb.Write("settings", "forceLatestTLS", false)
+			log.Println("Updating minimum TLS version to v1.0 or above")
+			dynamicProxyRouter.UpdateTLSVersion(false)
+		} else {
+			utils.SendErrorResponse(w, "invalid state given")
+		}
+	}
+}
+
 // Handle upload of the certificate
 func handleCertUpload(w http.ResponseWriter, r *http.Request) {
 	// check if request method is POST

diff --git a/src/go.mod b/src/go.mod
@@ -12,5 +12,6 @@ require (
 	github.com/microcosm-cc/bluemonday v1.0.24
 	github.com/oschwald/geoip2-golang v1.8.0
 	github.com/satori/go.uuid v1.2.0
+	golang.org/x/net v0.10.0
 	golang.org/x/sys v0.8.0
 )
diff --git a/src/main.go b/src/main.go
@@ -21,6 +21,7 @@ import (
 	"imuslab.com/zoraxy/mod/geodb"
 	"imuslab.com/zoraxy/mod/mdns"
 	"imuslab.com/zoraxy/mod/netstat"
+	"imuslab.com/zoraxy/mod/pathrule"
 	"imuslab.com/zoraxy/mod/sshprox"
 	"imuslab.com/zoraxy/mod/statistic"
 	"imuslab.com/zoraxy/mod/statistic/analytic"
@@ -38,7 +39,7 @@ var ztAuthToken = flag.String("ztauth", "", "ZeroTier authtoken for the local no
 var ztAPIPort = flag.Int("ztport", 9993, "ZeroTier controller API port")
 var (
 	name        = "Zoraxy"
-	version     = "2.6.3"
+	version     = "2.6.4"
 	nodeUUID    = "generic"
 	development = false //Set this to false to use embedded web fs
 	bootTime    = time.Now().Unix()
@@ -57,6 +58,7 @@ var (
 	authAgent          *auth.AuthAgent         //Authentication agent
 	tlsCertManager     *tlscert.Manager        //TLS / SSL management
 	redirectTable      *redirection.RuleTable  //Handle special redirection rule sets
+	pathRuleHandler    *pathrule.Handler       //Handle specific path blocking or custom headers
 	geodbStore         *geodb.Store            //GeoIP database, also handle black list and whitelist features
 	netstatBuffers     *netstat.NetStatBuffers //Realtime graph buffers
 	statisticCollector *statistic.Collector    //Collecting statistic from visitors
@@ -149,6 +151,9 @@ func main() {
 
 	time.Sleep(500 * time.Millisecond)
 
+	//Start the finalize sequences
+	finalSequence()
+
 	log.Println("Zoraxy started. Visit control panel at http://localhost" + handler.Port)
 	err = http.ListenAndServe(handler.Port, nil)
 

diff --git a/src/mod/dynamicproxy/Server.go b/src/mod/dynamicproxy/Server.go
@@ -115,7 +115,6 @@ func (h *ProxyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		h.proxyRequest(w, r, targetProxyEndpoint)
 	} else if !strings.HasSuffix(proxyingPath, "/") {
 		potentialProxtEndpoint := h.Parent.getTargetProxyEndpointFromRequestURI(proxyingPath + "/")
-
 		if potentialProxtEndpoint != nil {
 			//Missing tailing slash. Redirect to target proxy endpoint
 			http.Redirect(w, r, r.RequestURI+"/", http.StatusTemporaryRedirect)

diff --git a/src/mod/dynamicproxy/dynamicproxy.go b/src/mod/dynamicproxy/dynamicproxy.go
@@ -45,6 +45,13 @@ func (router *Router) UpdateTLSSetting(tlsEnabled bool) {
 	router.Restart()
 }
 
+// Update TLS Version in runtime. Will restart proxy server if running.
+// Set this to true to force TLS 1.2 or above
+func (router *Router) UpdateTLSVersion(requireLatest bool) {
+	router.Option.ForceTLSLatest = requireLatest
+	router.Restart()
+}
+
 // Update https redirect, which will require updates
 func (router *Router) UpdateHttpToHttpsRedirectSetting(useRedirect bool) {
 	router.Option.ForceHttpsRedirect = useRedirect
@@ -62,8 +69,13 @@ func (router *Router) StartProxyService() error {
 		return errors.New("Reverse proxy router root not set")
 	}
 
+	minVersion := tls.VersionTLS10
+	if router.Option.ForceTLSLatest {
+		minVersion = tls.VersionTLS12
+	}
 	config := &tls.Config{
 		GetCertificate: router.Option.TlsManager.GetCert,
+		MinVersion:     uint16(minVersion),
 	}
 
 	if router.Option.UseTls {
@@ -171,18 +183,22 @@ func (router *Router) StopProxyService() error {
 }
 
 // Restart the current router if it is running.
-// Startup the server if it is not running initially
 func (router *Router) Restart() error {
 	//Stop the router if it is already running
+	var err error = nil
 	if router.Running {
 		err := router.StopProxyService()
 		if err != nil {
 			return err
 		}
+
+		// Start the server
+		err = router.StartProxyService()
+		if err != nil {
+			return err
+		}
 	}
 
-	//Start the server
-	err := router.StartProxyService()
 	return err
 }
 

diff --git a/src/mod/dynamicproxy/special.go b/src/mod/dynamicproxy/special.go
@@ -15,12 +15,12 @@ import (
 type RoutingRule struct {
 	ID             string
 	MatchRule      func(r *http.Request) bool
-	RoutingHandler http.Handler
+	RoutingHandler func(http.ResponseWriter, *http.Request)
 	Enabled        bool
 }
 
-//Router functions
-//Check if a routing rule exists given its id
+// Router functions
+// Check if a routing rule exists given its id
 func (router *Router) GetRoutingRuleById(rrid string) (*RoutingRule, error) {
 	for _, rr := range router.routingRules {
 		if rr.ID == rrid {
@@ -31,19 +31,19 @@ func (router *Router) GetRoutingRuleById(rrid string) (*RoutingRule, error) {
 	return nil, errors.New("routing rule with given id not found")
 }
 
-//Add a routing rule to the router
+// Add a routing rule to the router
 func (router *Router) AddRoutingRules(rr *RoutingRule) error {
 	_, err := router.GetRoutingRuleById(rr.ID)
-	if err != nil {
+	if err == nil {
 		//routing rule with given id already exists
-		return err
+		return errors.New("routing rule with same id already exists")
 	}
 
 	router.routingRules = append(router.routingRules, rr)
 	return nil
 }
 
-//Remove a routing rule from the router
+// Remove a routing rule from the router
 func (router *Router) RemoveRoutingRule(rrid string) {
 	newRoutingRules := []*RoutingRule{}
 	for _, rr := range router.routingRules {
@@ -55,13 +55,13 @@ func (router *Router) RemoveRoutingRule(rrid string) {
 	router.routingRules = newRoutingRules
 }
 
-//Get all routing rules
+// Get all routing rules
 func (router *Router) GetAllRoutingRules() []*RoutingRule {
 	return router.routingRules
 }
 
-//Get the matching routing rule that describe this request.
-//Return nil if no routing rule is match
+// Get the matching routing rule that describe this request.
+// Return nil if no routing rule is match
 func (router *Router) GetMatchingRoutingRule(r *http.Request) *RoutingRule {
 	for _, thisRr := range router.routingRules {
 		if thisRr.IsMatch(r) {
@@ -71,8 +71,8 @@ func (router *Router) GetMatchingRoutingRule(r *http.Request) *RoutingRule {
 	return nil
 }
 
-//Routing Rule functions
-//Check if a request object match the
+// Routing Rule functions
+// Check if a request object match the
 func (e *RoutingRule) IsMatch(r *http.Request) bool {
 	if !e.Enabled {
 		return false
@@ -81,5 +81,5 @@ func (e *RoutingRule) IsMatch(r *http.Request) bool {
 }
 
 func (e *RoutingRule) Route(w http.ResponseWriter, r *http.Request) {
-	e.RoutingHandler.ServeHTTP(w, r)
+	e.RoutingHandler(w, r)
 }
diff --git a/src/mod/dynamicproxy/typedef.go b/src/mod/dynamicproxy/typedef.go
@@ -22,13 +22,14 @@ type ProxyHandler struct {
 }
 
 type RouterOption struct {
-	HostUUID           string
-	Port               int
-	UseTls             bool
-	ForceHttpsRedirect bool
+	HostUUID           string //The UUID of Zoraxy, use for heading mod
+	Port               int    //Incoming port
+	UseTls             bool   //Use TLS to serve incoming requsts
+	ForceTLSLatest     bool   //Force TLS1.2 or above
+	ForceHttpsRedirect bool   //Force redirection of http to https endpoint
 	TlsManager         *tlscert.Manager
 	RedirectRuleTable  *redirection.RuleTable
-	GeodbStore         *geodb.Store
+	GeodbStore         *geodb.Store //GeoIP blacklist and whitelist
 	StatisticCollector *statistic.Collector
 }
 

diff --git a/src/mod/expose/expose.go b/src/mod/expose/expose.go
@@ -0,0 +1,16 @@
+package expose
+
+/*
+	Service Expose Proxy
+
+	A tunnel for getting your local server online in one line
+	(No, this is not ngrok)
+*/
+
+type Router struct {
+}
+
+//Create a new service expose router
+func NewServiceExposeRouter() {
+
+}