mirror of
https://github.com/octoleo/syncthing.git
synced 2024-11-17 10:35:11 +00:00
854499382e
### Purpose Treat X-Forwarded-For as a comma-separated string to prevent nil IP being returned by the Discovery Server ### Testing Unit Tests implemented Testing with a Discovery Client can be done as follows: ``` A simple example to replicate this entails running Discovery with HTTP, use Nginx as a reverse proxy and hardcode (as an example) a list of IPs in the X-Forwarded-For header. 1. Send an Announcement with tcp://0.0.0.0:<some-port> 2. Query the DeviceID 3. Observe the returned IP Address is no longer nil; i.e. `tcp://<nil>:<some-port>` ```
507 lines
13 KiB
Go
507 lines
13 KiB
Go
// Copyright (C) 2018 The Syncthing Authors.
|
|
//
|
|
// This Source Code Form is subject to the terms of the Mozilla Public
|
|
// License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
|
// You can obtain one at https://mozilla.org/MPL/2.0/.
|
|
|
|
package main
|
|
|
|
import (
|
|
"bytes"
|
|
"compress/gzip"
|
|
"context"
|
|
"crypto/tls"
|
|
"encoding/base64"
|
|
"encoding/json"
|
|
"encoding/pem"
|
|
"errors"
|
|
"fmt"
|
|
io "io"
|
|
"log"
|
|
"math/rand"
|
|
"net"
|
|
"net/http"
|
|
"net/url"
|
|
"sort"
|
|
"strconv"
|
|
"strings"
|
|
"sync"
|
|
"time"
|
|
|
|
"github.com/syncthing/syncthing/lib/protocol"
|
|
"github.com/syncthing/syncthing/lib/stringutil"
|
|
)
|
|
|
|
// announcement is the format received from and sent to clients
|
|
type announcement struct {
|
|
Seen time.Time `json:"seen"`
|
|
Addresses []string `json:"addresses"`
|
|
}
|
|
|
|
type apiSrv struct {
|
|
addr string
|
|
cert tls.Certificate
|
|
db database
|
|
listener net.Listener
|
|
repl replicator // optional
|
|
useHTTP bool
|
|
|
|
mapsMut sync.Mutex
|
|
misses map[string]int32
|
|
}
|
|
|
|
type requestID int64
|
|
|
|
func (i requestID) String() string {
|
|
return fmt.Sprintf("%016x", int64(i))
|
|
}
|
|
|
|
type contextKey int
|
|
|
|
const idKey contextKey = iota
|
|
|
|
func newAPISrv(addr string, cert tls.Certificate, db database, repl replicator, useHTTP bool) *apiSrv {
|
|
return &apiSrv{
|
|
addr: addr,
|
|
cert: cert,
|
|
db: db,
|
|
repl: repl,
|
|
useHTTP: useHTTP,
|
|
misses: make(map[string]int32),
|
|
}
|
|
}
|
|
|
|
func (s *apiSrv) Serve(_ context.Context) error {
|
|
if s.useHTTP {
|
|
listener, err := net.Listen("tcp", s.addr)
|
|
if err != nil {
|
|
log.Println("Listen:", err)
|
|
return err
|
|
}
|
|
s.listener = listener
|
|
} else {
|
|
tlsCfg := &tls.Config{
|
|
Certificates: []tls.Certificate{s.cert},
|
|
ClientAuth: tls.RequestClientCert,
|
|
MinVersion: tls.VersionTLS12,
|
|
NextProtos: []string{"h2", "http/1.1"},
|
|
}
|
|
|
|
tlsListener, err := tls.Listen("tcp", s.addr, tlsCfg)
|
|
if err != nil {
|
|
log.Println("Listen:", err)
|
|
return err
|
|
}
|
|
s.listener = tlsListener
|
|
}
|
|
|
|
http.HandleFunc("/", s.handler)
|
|
http.HandleFunc("/ping", handlePing)
|
|
|
|
srv := &http.Server{
|
|
ReadTimeout: httpReadTimeout,
|
|
WriteTimeout: httpWriteTimeout,
|
|
MaxHeaderBytes: httpMaxHeaderBytes,
|
|
ErrorLog: log.New(io.Discard, "", 0),
|
|
}
|
|
|
|
err := srv.Serve(s.listener)
|
|
if err != nil {
|
|
log.Println("Serve:", err)
|
|
}
|
|
return err
|
|
}
|
|
|
|
func (s *apiSrv) handler(w http.ResponseWriter, req *http.Request) {
|
|
t0 := time.Now()
|
|
|
|
lw := NewLoggingResponseWriter(w)
|
|
|
|
defer func() {
|
|
diff := time.Since(t0)
|
|
apiRequestsSeconds.WithLabelValues(req.Method).Observe(diff.Seconds())
|
|
apiRequestsTotal.WithLabelValues(req.Method, strconv.Itoa(lw.statusCode)).Inc()
|
|
}()
|
|
|
|
reqID := requestID(rand.Int63())
|
|
req = req.WithContext(context.WithValue(req.Context(), idKey, reqID))
|
|
|
|
if debug {
|
|
log.Println(reqID, req.Method, req.URL, req.Proto)
|
|
}
|
|
|
|
remoteAddr := &net.TCPAddr{
|
|
IP: nil,
|
|
Port: -1,
|
|
}
|
|
|
|
if s.useHTTP {
|
|
// X-Forwarded-For can have multiple client IPs; split using the comma separator
|
|
forwardIP, _, _ := strings.Cut(req.Header.Get("X-Forwarded-For"), ",")
|
|
|
|
// net.ParseIP will return nil if leading/trailing whitespace exists; use strings.TrimSpace()
|
|
remoteAddr.IP = net.ParseIP(strings.TrimSpace(forwardIP))
|
|
|
|
if parsedPort, err := strconv.ParseInt(req.Header.Get("X-Client-Port"), 10, 0); err == nil {
|
|
remoteAddr.Port = int(parsedPort)
|
|
}
|
|
} else {
|
|
var err error
|
|
remoteAddr, err = net.ResolveTCPAddr("tcp", req.RemoteAddr)
|
|
if err != nil {
|
|
log.Println("remoteAddr:", err)
|
|
lw.Header().Set("Retry-After", errorRetryAfterString())
|
|
http.Error(lw, "Internal Server Error", http.StatusInternalServerError)
|
|
apiRequestsTotal.WithLabelValues("no_remote_addr").Inc()
|
|
return
|
|
}
|
|
}
|
|
|
|
switch req.Method {
|
|
case http.MethodGet:
|
|
s.handleGET(lw, req)
|
|
case http.MethodPost:
|
|
s.handlePOST(remoteAddr, lw, req)
|
|
default:
|
|
http.Error(lw, "Method Not Allowed", http.StatusMethodNotAllowed)
|
|
}
|
|
}
|
|
|
|
func (s *apiSrv) handleGET(w http.ResponseWriter, req *http.Request) {
|
|
reqID := req.Context().Value(idKey).(requestID)
|
|
|
|
deviceID, err := protocol.DeviceIDFromString(req.URL.Query().Get("device"))
|
|
if err != nil {
|
|
if debug {
|
|
log.Println(reqID, "bad device param")
|
|
}
|
|
lookupRequestsTotal.WithLabelValues("bad_request").Inc()
|
|
w.Header().Set("Retry-After", errorRetryAfterString())
|
|
http.Error(w, "Bad Request", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
key := deviceID.String()
|
|
rec, err := s.db.get(key)
|
|
if err != nil {
|
|
// some sort of internal error
|
|
lookupRequestsTotal.WithLabelValues("internal_error").Inc()
|
|
w.Header().Set("Retry-After", errorRetryAfterString())
|
|
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
if len(rec.Addresses) == 0 {
|
|
lookupRequestsTotal.WithLabelValues("not_found").Inc()
|
|
|
|
s.mapsMut.Lock()
|
|
misses := s.misses[key]
|
|
if misses < rec.Misses {
|
|
misses = rec.Misses + 1
|
|
} else {
|
|
misses++
|
|
}
|
|
s.misses[key] = misses
|
|
s.mapsMut.Unlock()
|
|
|
|
if misses%notFoundMissesWriteInterval == 0 {
|
|
rec.Misses = misses
|
|
rec.Missed = time.Now().UnixNano()
|
|
rec.Addresses = nil
|
|
// rec.Seen retained from get
|
|
s.db.put(key, rec)
|
|
}
|
|
|
|
w.Header().Set("Retry-After", notFoundRetryAfterString(int(misses)))
|
|
http.Error(w, "Not Found", http.StatusNotFound)
|
|
return
|
|
}
|
|
|
|
lookupRequestsTotal.WithLabelValues("success").Inc()
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
var bw io.Writer = w
|
|
|
|
// Use compression if the client asks for it
|
|
if strings.Contains(req.Header.Get("Accept-Encoding"), "gzip") {
|
|
w.Header().Set("Content-Encoding", "gzip")
|
|
gw := gzip.NewWriter(bw)
|
|
defer gw.Close()
|
|
bw = gw
|
|
}
|
|
|
|
json.NewEncoder(bw).Encode(announcement{
|
|
Seen: time.Unix(0, rec.Seen).Truncate(time.Second),
|
|
Addresses: addressStrs(rec.Addresses),
|
|
})
|
|
}
|
|
|
|
func (s *apiSrv) handlePOST(remoteAddr *net.TCPAddr, w http.ResponseWriter, req *http.Request) {
|
|
reqID := req.Context().Value(idKey).(requestID)
|
|
|
|
rawCert, err := certificateBytes(req)
|
|
if err != nil {
|
|
if debug {
|
|
log.Println(reqID, "no certificates:", err)
|
|
}
|
|
announceRequestsTotal.WithLabelValues("no_certificate").Inc()
|
|
w.Header().Set("Retry-After", errorRetryAfterString())
|
|
http.Error(w, "Forbidden", http.StatusForbidden)
|
|
return
|
|
}
|
|
|
|
var ann announcement
|
|
if err := json.NewDecoder(req.Body).Decode(&ann); err != nil {
|
|
if debug {
|
|
log.Println(reqID, "decode:", err)
|
|
}
|
|
announceRequestsTotal.WithLabelValues("bad_request").Inc()
|
|
w.Header().Set("Retry-After", errorRetryAfterString())
|
|
http.Error(w, "Bad Request", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
deviceID := protocol.NewDeviceID(rawCert)
|
|
|
|
addresses := fixupAddresses(remoteAddr, ann.Addresses)
|
|
if len(addresses) == 0 {
|
|
announceRequestsTotal.WithLabelValues("bad_request").Inc()
|
|
w.Header().Set("Retry-After", errorRetryAfterString())
|
|
http.Error(w, "Bad Request", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
if err := s.handleAnnounce(deviceID, addresses); err != nil {
|
|
announceRequestsTotal.WithLabelValues("internal_error").Inc()
|
|
w.Header().Set("Retry-After", errorRetryAfterString())
|
|
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
announceRequestsTotal.WithLabelValues("success").Inc()
|
|
|
|
w.Header().Set("Reannounce-After", reannounceAfterString())
|
|
w.WriteHeader(http.StatusNoContent)
|
|
}
|
|
|
|
func (s *apiSrv) Stop() {
|
|
s.listener.Close()
|
|
}
|
|
|
|
func (s *apiSrv) handleAnnounce(deviceID protocol.DeviceID, addresses []string) error {
|
|
key := deviceID.String()
|
|
now := time.Now()
|
|
expire := now.Add(addressExpiryTime).UnixNano()
|
|
|
|
dbAddrs := make([]DatabaseAddress, len(addresses))
|
|
for i := range addresses {
|
|
dbAddrs[i].Address = addresses[i]
|
|
dbAddrs[i].Expires = expire
|
|
}
|
|
|
|
// The address slice must always be sorted for database merges to work
|
|
// properly.
|
|
sort.Sort(databaseAddressOrder(dbAddrs))
|
|
|
|
seen := now.UnixNano()
|
|
if s.repl != nil {
|
|
s.repl.send(key, dbAddrs, seen)
|
|
}
|
|
return s.db.merge(key, dbAddrs, seen)
|
|
}
|
|
|
|
func handlePing(w http.ResponseWriter, _ *http.Request) {
|
|
w.WriteHeader(204)
|
|
}
|
|
|
|
func certificateBytes(req *http.Request) ([]byte, error) {
|
|
if req.TLS != nil && len(req.TLS.PeerCertificates) > 0 {
|
|
return req.TLS.PeerCertificates[0].Raw, nil
|
|
}
|
|
|
|
var bs []byte
|
|
|
|
if hdr := req.Header.Get("X-SSL-Cert"); hdr != "" {
|
|
if strings.Contains(hdr, "%") {
|
|
// Nginx using $ssl_client_escaped_cert
|
|
// The certificate is in PEM format with url encoding.
|
|
// We need to decode for the PEM decoder
|
|
hdr, err := url.QueryUnescape(hdr)
|
|
if err != nil {
|
|
// Decoding failed
|
|
return nil, err
|
|
}
|
|
|
|
bs = []byte(hdr)
|
|
} else {
|
|
// Nginx using $ssl_client_cert
|
|
// The certificate is in PEM format but with spaces for newlines. We
|
|
// need to reinstate the newlines for the PEM decoder. But we need to
|
|
// leave the spaces in the BEGIN and END lines - the first and last
|
|
// space - alone.
|
|
bs = []byte(hdr)
|
|
firstSpace := bytes.Index(bs, []byte(" "))
|
|
lastSpace := bytes.LastIndex(bs, []byte(" "))
|
|
for i := firstSpace + 1; i < lastSpace; i++ {
|
|
if bs[i] == ' ' {
|
|
bs[i] = '\n'
|
|
}
|
|
}
|
|
}
|
|
} else if hdr := req.Header.Get("X-Tls-Client-Cert-Der-Base64"); hdr != "" {
|
|
// Caddy {tls_client_certificate_der_base64}
|
|
hdr, err := base64.StdEncoding.DecodeString(hdr)
|
|
if err != nil {
|
|
// Decoding failed
|
|
return nil, err
|
|
}
|
|
|
|
bs = pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: hdr})
|
|
} else if hdr := req.Header.Get("X-Forwarded-Tls-Client-Cert"); hdr != "" {
|
|
// Traefik 2 passtlsclientcert
|
|
//
|
|
// The certificate is in PEM format, maybe with URL encoding
|
|
// (depends on Traefik version) but without newlines and start/end
|
|
// statements. We need to decode, reinstate the newlines every 64
|
|
// character and add statements for the PEM decoder
|
|
|
|
if strings.Contains(hdr, "%") {
|
|
if unesc, err := url.QueryUnescape(hdr); err == nil {
|
|
hdr = unesc
|
|
}
|
|
}
|
|
|
|
for i := 64; i < len(hdr); i += 65 {
|
|
hdr = hdr[:i] + "\n" + hdr[i:]
|
|
}
|
|
|
|
hdr = "-----BEGIN CERTIFICATE-----\n" + hdr
|
|
hdr += "\n-----END CERTIFICATE-----\n"
|
|
bs = []byte(hdr)
|
|
}
|
|
|
|
if bs == nil {
|
|
return nil, errors.New("empty certificate header")
|
|
}
|
|
|
|
block, _ := pem.Decode(bs)
|
|
if block == nil {
|
|
// Decoding failed
|
|
return nil, errors.New("certificate decode result is empty")
|
|
}
|
|
|
|
return block.Bytes, nil
|
|
}
|
|
|
|
// fixupAddresses checks the list of addresses, removing invalid ones and
|
|
// replacing unspecified IPs with the given remote IP.
|
|
func fixupAddresses(remote *net.TCPAddr, addresses []string) []string {
|
|
fixed := make([]string, 0, len(addresses))
|
|
for _, annAddr := range addresses {
|
|
uri, err := url.Parse(annAddr)
|
|
if err != nil {
|
|
continue
|
|
}
|
|
|
|
host, port, err := net.SplitHostPort(uri.Host)
|
|
if err != nil {
|
|
continue
|
|
}
|
|
|
|
ip := net.ParseIP(host)
|
|
|
|
// Some classes of IP are no-go.
|
|
if ip.IsLoopback() || ip.IsMulticast() {
|
|
continue
|
|
}
|
|
|
|
if host == "" || ip.IsUnspecified() {
|
|
if remote != nil {
|
|
// Replace the unspecified IP with the request source.
|
|
|
|
// ... unless the request source is the loopback address or
|
|
// multicast/unspecified (can't happen, really).
|
|
if remote.IP == nil || remote.IP.IsLoopback() || remote.IP.IsMulticast() || remote.IP.IsUnspecified() {
|
|
continue
|
|
}
|
|
|
|
// Do not use IPv6 remote address if requested scheme is ...4
|
|
// (i.e., tcp4, etc.)
|
|
if strings.HasSuffix(uri.Scheme, "4") && remote.IP.To4() == nil {
|
|
continue
|
|
}
|
|
|
|
// Do not use IPv4 remote address if requested scheme is ...6
|
|
if strings.HasSuffix(uri.Scheme, "6") && remote.IP.To4() != nil {
|
|
continue
|
|
}
|
|
|
|
host = remote.IP.String()
|
|
|
|
} else {
|
|
// remote is nil, unable to determine host IP
|
|
continue
|
|
}
|
|
|
|
}
|
|
|
|
// If zero port was specified, use remote port.
|
|
if port == "0" {
|
|
if remote != nil && remote.Port > 0 {
|
|
// use remote port
|
|
port = strconv.Itoa(remote.Port)
|
|
} else {
|
|
// unable to determine remote port
|
|
continue
|
|
}
|
|
}
|
|
|
|
uri.Host = net.JoinHostPort(host, port)
|
|
fixed = append(fixed, uri.String())
|
|
}
|
|
|
|
// Remove duplicate addresses
|
|
fixed = stringutil.UniqueTrimmedStrings(fixed)
|
|
|
|
return fixed
|
|
}
|
|
|
|
type loggingResponseWriter struct {
|
|
http.ResponseWriter
|
|
statusCode int
|
|
}
|
|
|
|
func NewLoggingResponseWriter(w http.ResponseWriter) *loggingResponseWriter {
|
|
return &loggingResponseWriter{w, http.StatusOK}
|
|
}
|
|
|
|
func (lrw *loggingResponseWriter) WriteHeader(code int) {
|
|
lrw.statusCode = code
|
|
lrw.ResponseWriter.WriteHeader(code)
|
|
}
|
|
|
|
func addressStrs(dbAddrs []DatabaseAddress) []string {
|
|
res := make([]string, len(dbAddrs))
|
|
for i, a := range dbAddrs {
|
|
res[i] = a.Address
|
|
}
|
|
return res
|
|
}
|
|
|
|
func errorRetryAfterString() string {
|
|
return strconv.Itoa(errorRetryAfterSeconds + rand.Intn(errorRetryFuzzSeconds))
|
|
}
|
|
|
|
func notFoundRetryAfterString(misses int) string {
|
|
retryAfterS := notFoundRetryMinSeconds + notFoundRetryIncSeconds*misses
|
|
if retryAfterS > notFoundRetryMaxSeconds {
|
|
retryAfterS = notFoundRetryMaxSeconds
|
|
}
|
|
retryAfterS += rand.Intn(notFoundRetryFuzzSeconds)
|
|
return strconv.Itoa(retryAfterS)
|
|
}
|
|
|
|
func reannounceAfterString() string {
|
|
return strconv.Itoa(reannounceAfterSeconds + rand.Intn(reannounzeFuzzSeconds))
|
|
}
|