Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for TLS servers #1210

Open
wants to merge 30 commits into
base: master
Choose a base branch
from
Open

Add support for TLS servers #1210

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
62a3bd8
Add support for TLS servers
Feb 5, 2023
97cc7c4
Fixed an issue with the install script failing on mac on the checksum…
richwrightnyc Jan 17, 2023
4d6a635
Fixed no newline at end of file
richwrightnyc Jan 17, 2023
827e2c1
refactor installer script to make it more robust and flexible. Adds o…
richwrightnyc Feb 1, 2023
0e7ddd8
fixed some typos
richwrightnyc Feb 1, 2023
6f66cb4
squashed some bugs, further testing needed
richwrightnyc Feb 20, 2023
2f64f4f
fixed a few typos, should be ready for review
richwrightnyc Feb 20, 2023
5cd121d
removed one additional debug item. ready for review
richwrightnyc Feb 20, 2023
303055b
fix shellcheck SC2076 (warning): Remove quotes from right-hand side o…
richwrightnyc Mar 1, 2023
4f3b888
fixed 2 shellcheck issues:
richwrightnyc Mar 1, 2023
a047b58
fix(deps): bump actions/setup-go from 3.2.0 to 3.5.0
dependabot[bot] Feb 6, 2023
3f47084
fix(deps): bump goreleaser/goreleaser-action from 4.1.1 to 4.2.0
dependabot[bot] Feb 6, 2023
353e98f
fix(deps): bump docker/login-action from 1.14.1 to 2.1.0
dependabot[bot] Feb 13, 2023
5a2f44f
fix(deps): bump actions/setup-python from 4.3.1 to 4.5.0
dependabot[bot] Feb 13, 2023
6a69f5b
fix(deps): bump actions/checkout from 3.0.0 to 3.3.0
dependabot[bot] Feb 20, 2023
1d35c51
docs: install instructions
sundowndev Mar 1, 2023
719bc31
docs: readme
sundowndev Mar 8, 2023
f6fcd89
ci: create homebrew workflow
sundowndev Feb 14, 2023
ae667a8
chore: update makefile
sundowndev Feb 14, 2023
7e303f6
docs: add homebrew installation
sundowndev Mar 10, 2023
bc1e54a
docs: contribute
sundowndev Mar 3, 2023
6d55658
docs: contribute
sundowndev Mar 19, 2023
2820266
fix(deps): bump actions/checkout from 3.3.0 to 3.4.0
dependabot[bot] Mar 20, 2023
d32c5e0
ci: homebrew workflow
sundowndev Mar 23, 2023
7e968e4
fix(deps): bump actions/checkout from 3.4.0 to 3.5.0
dependabot[bot] Mar 27, 2023
0c3842e
fix(deps): bump actions/setup-go from 3.5.0 to 4.0.0
dependabot[bot] Apr 3, 2023
700eb43
fix(deps): bump actions/checkout from 3.5.0 to 3.5.2
dependabot[bot] Apr 17, 2023
892134e
fix(deps): bump actions/setup-python from 4.5.0 to 4.6.0
dependabot[bot] Apr 24, 2023
8969e7b
fix: colored text on windows
Apr 18, 2023
a672534
fix: server logs output
Apr 19, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,14 @@ GIT_COMMIT=$(shell git rev-parse --short HEAD)
.PHONY: all
all: fmt lint test build go.mod

# Build static assets
# This will create dist directory containing client's static files
.PHONY: static
static:
cd web/client
yarn
yarn build

.PHONY: build
build:
go generate ./...
Expand Down
27 changes: 24 additions & 3 deletions cmd/serve.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@ package cmd

import (
"fmt"
"log"
"net/http"
"os"

"github.com/gin-gonic/gin"
"github.com/joho/godotenv"
"github.com/sirupsen/logrus"
Expand All @@ -11,14 +15,14 @@ import (
"github.com/sundowndev/phoneinfoga/v2/lib/remote"
"github.com/sundowndev/phoneinfoga/v2/web"
"github.com/sundowndev/phoneinfoga/v2/web/v2/api/handlers"
"log"
"net/http"
"os"
)

type ServeCmdOptions struct {
HttpPort int
DisableClient bool
Domain string
KeyfilePath string
CertfilePath string
DisabledScanners []string
PluginPaths []string
EnvFiles []string
Expand All @@ -33,11 +37,19 @@ func init() {
// Register flags
cmd.PersistentFlags().IntVarP(&opts.HttpPort, "port", "p", 5000, "HTTP port")
cmd.PersistentFlags().BoolVar(&opts.DisableClient, "no-client", false, "Disable web client (REST API only)")
cmd.PersistentFlags().StringVar(&opts.Domain, "domain", "", "Use a specific domain to host (with tls).")
cmd.PersistentFlags().StringVar(&opts.CertfilePath, "cert", "", "Path to certfile (will use default letsencrypt path for domain if none provided).")
cmd.PersistentFlags().StringVar(&opts.KeyfilePath, "key", "", "Path to keyfile (will use default letsencrypt path for domain if none provided).")
cmd.PersistentFlags().StringArrayVarP(&opts.DisabledScanners, "disable", "D", []string{}, "Scanner to skip for the scans")
cmd.PersistentFlags().StringArrayVar(&opts.PluginPaths, "plugin", []string{}, "Extra scanner plugin to use for the scans")
cmd.PersistentFlags().StringSliceVar(&opts.EnvFiles, "env-file", []string{}, "Env files to parse environment variables from (looks for .env by default)")
}

func fmtLetsEncrypt(sitename string) (string, string) {
return fmt.Sprintf("/etc/letsencrypt/live/%s/fullchain.pem", sitename),
fmt.Sprintf("/etc/letsencrypt/live/%s/privkey.pem", sitename)
}

Comment on lines +48 to +52
Copy link
Owner

@sundowndev sundowndev Feb 5, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This function is not windows-compatible. Anyway I think it's not worth to guess the cert and key paths, if the user doesn't specify it, just don't use TLS.

func NewServeCmd(opts *ServeCmdOptions) *cobra.Command {
return &cobra.Command{
Use: "serve",
Expand Down Expand Up @@ -70,6 +82,15 @@ func NewServeCmd(opts *ServeCmdOptions) *cobra.Command {
log.Fatal(err)
}

if len(opts.Domain) != 0 {
if len(opts.CertfilePath) == 0 || len(opts.KeyfilePath) == 0 {
opts.CertfilePath, opts.KeyfilePath = fmtLetsEncrypt(opts.Domain)
}
if err := srv.ListenAndServeTLS(opts.Domain+":443", opts.CertfilePath, opts.KeyfilePath); err != nil && err != http.ErrServerClosed {
log.Fatalf("listen: %s\n", err)
}
}

Comment on lines +85 to +93
Copy link
Owner

@sundowndev sundowndev Feb 5, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just noticed we don't have a addr flag to listen to a different address. I think it's worth adding a new --addr flag and use it for both TLS and non-TLS.

  • --addr should be empty by default and we should use TLS when --cert or --key is not empty
  • We can use Port option to listen to port 443, instead of hard-coding it

In the Gin's server implementation, it's the same option for both methods.

addr := fmt.Sprintf(":%d", opts.HttpPort)
fmt.Printf("Listening on %s\n", addr)
if err := srv.ListenAndServe(addr); err != nil && err != http.ErrServerClosed {
Expand Down
8 changes: 7 additions & 1 deletion web/server.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,13 @@
// Package web includes code for the web server of PhoneInfoga
//
//go:generate swag init -g ./server.go --parseDependency
package web

import (
"net/http"

"github.com/gin-gonic/gin"
v2 "github.com/sundowndev/phoneinfoga/v2/web/v2/api/server"
"net/http"
)

// @title PhoneInfoga REST API
Expand Down Expand Up @@ -69,6 +71,10 @@ func (s *Server) ListenAndServe(addr string) error {
return s.router.Run(addr)
}

func (s *Server) ListenAndServeTLS(addr string, certfile, keyfile string) error {
return s.router.RunTLS(addr, certfile, keyfile)
}

func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
s.router.ServeHTTP(w, r)
}