-
-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for TLS servers #1210
Open
ok-john
wants to merge
30
commits into
sundowndev:master
Choose a base branch
from
ok-john:master
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
30 commits
Select commit
Hold shift + click to select a range
62a3bd8
Add support for TLS servers
97cc7c4
Fixed an issue with the install script failing on mac on the checksum…
richwrightnyc 4d6a635
Fixed no newline at end of file
richwrightnyc 827e2c1
refactor installer script to make it more robust and flexible. Adds o…
richwrightnyc 0e7ddd8
fixed some typos
richwrightnyc 6f66cb4
squashed some bugs, further testing needed
richwrightnyc 2f64f4f
fixed a few typos, should be ready for review
richwrightnyc 5cd121d
removed one additional debug item. ready for review
richwrightnyc 303055b
fix shellcheck SC2076 (warning): Remove quotes from right-hand side o…
richwrightnyc 4f3b888
fixed 2 shellcheck issues:
richwrightnyc a047b58
fix(deps): bump actions/setup-go from 3.2.0 to 3.5.0
dependabot[bot] 3f47084
fix(deps): bump goreleaser/goreleaser-action from 4.1.1 to 4.2.0
dependabot[bot] 353e98f
fix(deps): bump docker/login-action from 1.14.1 to 2.1.0
dependabot[bot] 5a2f44f
fix(deps): bump actions/setup-python from 4.3.1 to 4.5.0
dependabot[bot] 6a69f5b
fix(deps): bump actions/checkout from 3.0.0 to 3.3.0
dependabot[bot] 1d35c51
docs: install instructions
sundowndev 719bc31
docs: readme
sundowndev f6fcd89
ci: create homebrew workflow
sundowndev ae667a8
chore: update makefile
sundowndev 7e303f6
docs: add homebrew installation
sundowndev bc1e54a
docs: contribute
sundowndev 6d55658
docs: contribute
sundowndev 2820266
fix(deps): bump actions/checkout from 3.3.0 to 3.4.0
dependabot[bot] d32c5e0
ci: homebrew workflow
sundowndev 7e968e4
fix(deps): bump actions/checkout from 3.4.0 to 3.5.0
dependabot[bot] 0c3842e
fix(deps): bump actions/setup-go from 3.5.0 to 4.0.0
dependabot[bot] 700eb43
fix(deps): bump actions/checkout from 3.5.0 to 3.5.2
dependabot[bot] 892134e
fix(deps): bump actions/setup-python from 4.5.0 to 4.6.0
dependabot[bot] 8969e7b
fix: colored text on windows
a672534
fix: server logs output
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -15,7 +15,7 @@ jobs: | |
matrix: | ||
node-version: [15.11.x] | ||
steps: | ||
- uses: actions/checkout@v3.0.0 | ||
- uses: actions/checkout@v3.5.2 | ||
- name: Use Node.js ${{ matrix.node-version }} | ||
uses: actions/[email protected] | ||
with: | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
name: Homebrew Bump Formula | ||
on: | ||
release: | ||
types: [published] | ||
workflow_dispatch: | ||
jobs: | ||
homebrew: | ||
runs-on: macos-latest | ||
steps: | ||
- uses: dawidd6/action-homebrew-bump-formula@v3 | ||
with: | ||
token: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }} | ||
formula: phoneinfoga |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -19,6 +19,14 @@ GIT_COMMIT=$(shell git rev-parse --short HEAD) | |
.PHONY: all | ||
all: fmt lint test build go.mod | ||
|
||
# Build static assets | ||
# This will create dist directory containing client's static files | ||
.PHONY: static | ||
static: | ||
cd web/client | ||
yarn | ||
yarn build | ||
|
||
.PHONY: build | ||
build: | ||
go generate ./... | ||
|
@@ -48,14 +56,14 @@ clean: | |
|
||
.PHONY: lint | ||
lint: | ||
@which golangci-lint > /dev/null 2>&1 || (curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- -b $(GOBINPATH) v1.46.2) | ||
golangci-lint run -v --timeout=10m | ||
golangci-lint run -v --timeout=2m | ||
|
||
.PHONY: install-tools | ||
install-tools: | ||
$(GOINSTALL) gotest.tools/[email protected] | ||
$(GOINSTALL) github.com/vektra/mockery/[email protected] | ||
$(GOINSTALL) github.com/swaggo/swag/cmd/[email protected] | ||
@which golangci-lint > /dev/null 2>&1 || (curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- -b $(GOBINPATH) v1.46.2) | ||
|
||
go.mod: FORCE | ||
$(GOMOD) tidy | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,6 +2,10 @@ package cmd | |
|
||
import ( | ||
"fmt" | ||
"log" | ||
"net/http" | ||
"os" | ||
|
||
"github.com/gin-gonic/gin" | ||
"github.com/joho/godotenv" | ||
"github.com/sirupsen/logrus" | ||
|
@@ -11,14 +15,14 @@ import ( | |
"github.com/sundowndev/phoneinfoga/v2/lib/remote" | ||
"github.com/sundowndev/phoneinfoga/v2/web" | ||
"github.com/sundowndev/phoneinfoga/v2/web/v2/api/handlers" | ||
"log" | ||
"net/http" | ||
"os" | ||
) | ||
|
||
type ServeCmdOptions struct { | ||
HttpPort int | ||
DisableClient bool | ||
Domain string | ||
KeyfilePath string | ||
CertfilePath string | ||
DisabledScanners []string | ||
PluginPaths []string | ||
EnvFiles []string | ||
|
@@ -33,11 +37,19 @@ func init() { | |
// Register flags | ||
cmd.PersistentFlags().IntVarP(&opts.HttpPort, "port", "p", 5000, "HTTP port") | ||
cmd.PersistentFlags().BoolVar(&opts.DisableClient, "no-client", false, "Disable web client (REST API only)") | ||
cmd.PersistentFlags().StringVar(&opts.Domain, "domain", "", "Use a specific domain to host (with tls).") | ||
cmd.PersistentFlags().StringVar(&opts.CertfilePath, "cert", "", "Path to certfile (will use default letsencrypt path for domain if none provided).") | ||
cmd.PersistentFlags().StringVar(&opts.KeyfilePath, "key", "", "Path to keyfile (will use default letsencrypt path for domain if none provided).") | ||
cmd.PersistentFlags().StringArrayVarP(&opts.DisabledScanners, "disable", "D", []string{}, "Scanner to skip for the scans") | ||
cmd.PersistentFlags().StringArrayVar(&opts.PluginPaths, "plugin", []string{}, "Extra scanner plugin to use for the scans") | ||
cmd.PersistentFlags().StringSliceVar(&opts.EnvFiles, "env-file", []string{}, "Env files to parse environment variables from (looks for .env by default)") | ||
} | ||
|
||
func fmtLetsEncrypt(sitename string) (string, string) { | ||
return fmt.Sprintf("/etc/letsencrypt/live/%s/fullchain.pem", sitename), | ||
fmt.Sprintf("/etc/letsencrypt/live/%s/privkey.pem", sitename) | ||
} | ||
|
||
func NewServeCmd(opts *ServeCmdOptions) *cobra.Command { | ||
return &cobra.Command{ | ||
Use: "serve", | ||
|
@@ -70,6 +82,15 @@ func NewServeCmd(opts *ServeCmdOptions) *cobra.Command { | |
log.Fatal(err) | ||
} | ||
|
||
if len(opts.Domain) != 0 { | ||
if len(opts.CertfilePath) == 0 || len(opts.KeyfilePath) == 0 { | ||
opts.CertfilePath, opts.KeyfilePath = fmtLetsEncrypt(opts.Domain) | ||
} | ||
if err := srv.ListenAndServeTLS(opts.Domain+":443", opts.CertfilePath, opts.KeyfilePath); err != nil && err != http.ErrServerClosed { | ||
log.Fatalf("listen: %s\n", err) | ||
} | ||
} | ||
|
||
Comment on lines
+85
to
+93
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I just noticed we don't have a addr flag to listen to a different address. I think it's worth adding a new
In the Gin's server implementation, it's the same option for both methods. |
||
addr := fmt.Sprintf(":%d", opts.HttpPort) | ||
fmt.Printf("Listening on %s\n", addr) | ||
if err := srv.ListenAndServe(addr); err != nil && err != http.ErrServerClosed { | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This function is not windows-compatible. Anyway I think it's not worth to guess the cert and key paths, if the user doesn't specify it, just don't use TLS.