From 0999196ee9e81902282b0ccb36fd43e27ac0946e Mon Sep 17 00:00:00 2001 From: bagas Date: Mon, 8 Sep 2025 09:59:41 +0700 Subject: [PATCH 1/5] update: redirect user to not found tunnel page --- server/http.go | 6 +++++- server/https.go | 7 ++++++- utils/utils.go | 3 ++- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/server/http.go b/server/http.go index f51889b..4360347 100644 --- a/server/http.go +++ b/server/http.go @@ -155,7 +155,11 @@ func Handler(conn net.Conn) { sshSession, ok := session.Clients[slug] if !ok { - conn.Write([]byte("HTTP/1.1 400 Bad Request\r\n\r\n")) + conn.Write([]byte("HTTP/1.1 301 Moved Permanently\r\n" + + fmt.Sprintf("Location: https://%s/tunnel-not-found?slug=%s\r\n", utils.Getenv("domain"), slug) + + "Content-Length: 0\r\n" + + "Connection: close\r\n" + + "\r\n")) conn.Close() return } diff --git a/server/https.go b/server/https.go index 043e74a..b3cd334 100644 --- a/server/https.go +++ b/server/https.go @@ -4,6 +4,7 @@ import ( "bufio" "crypto/tls" "errors" + "fmt" "log" "net" "net/http" @@ -101,7 +102,11 @@ func HandlerTLS(conn net.Conn) { sshSession, ok := session.Clients[slug] if !ok { - conn.Write([]byte("HTTP/1.1 400 Bad Request\r\n\r\n")) + conn.Write([]byte("HTTP/1.1 301 Moved Permanently\r\n" + + fmt.Sprintf("Location: https://%s/tunnel-not-found?slug=%s\r\n", utils.Getenv("domain"), slug) + + "Content-Length: 0\r\n" + + "Connection: close\r\n" + + "\r\n")) conn.Close() return } diff --git a/utils/utils.go b/utils/utils.go index a8c3d37..d5d05da 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -1,13 +1,14 @@ package utils import ( - "github.com/joho/godotenv" "log" "math/rand" "os" "strings" "sync" "time" + + "github.com/joho/godotenv" ) type Env struct { -- 2.49.0 From 9e794bf53fcc3aec4d36bae9433e1bd34fac6b62 Mon Sep 17 00:00:00 2001 From: bagas Date: Mon, 8 Sep 2025 10:18:47 +0700 Subject: [PATCH 2/5] update: redirect user to not found tunnel page --- server/http.go | 2 +- server/https.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/server/http.go b/server/http.go index 4360347..4886f87 100644 --- a/server/http.go +++ b/server/http.go @@ -156,7 +156,7 @@ func Handler(conn net.Conn) { sshSession, ok := session.Clients[slug] if !ok { conn.Write([]byte("HTTP/1.1 301 Moved Permanently\r\n" + - fmt.Sprintf("Location: https://%s/tunnel-not-found?slug=%s\r\n", utils.Getenv("domain"), slug) + + fmt.Sprintf("Location: https://tunnl.live/tunnel-not-found?slug=%s\r\n", slug) + "Content-Length: 0\r\n" + "Connection: close\r\n" + "\r\n")) diff --git a/server/https.go b/server/https.go index b3cd334..f7d9827 100644 --- a/server/https.go +++ b/server/https.go @@ -103,7 +103,7 @@ func HandlerTLS(conn net.Conn) { sshSession, ok := session.Clients[slug] if !ok { conn.Write([]byte("HTTP/1.1 301 Moved Permanently\r\n" + - fmt.Sprintf("Location: https://%s/tunnel-not-found?slug=%s\r\n", utils.Getenv("domain"), slug) + + fmt.Sprintf("Location: https://tunnl.live/tunnel-not-found?slug=%s\r\n", slug) + "Content-Length: 0\r\n" + "Connection: close\r\n" + "\r\n")) -- 2.49.0 From 41f983536519a6ab8ef7e08ecf6de442167aecdc Mon Sep 17 00:00:00 2001 From: bagas Date: Thu, 11 Sep 2025 13:02:16 +0700 Subject: [PATCH 3/5] update: add new env variable for setting cors list --- server/http.go | 33 ++++++++++++++++++++++++++------- server/https.go | 5 ----- 2 files changed, 26 insertions(+), 12 deletions(-) diff --git a/server/http.go b/server/http.go index 4886f87..945cfc7 100644 --- a/server/http.go +++ b/server/http.go @@ -59,9 +59,34 @@ func (w *connResponseWriter) Hijack() (net.Conn, *bufio.ReadWriter, error) { } var redirectTLS = false +var allowedCors = make(map[string]bool) +var isAllowedAllCors = false + +func init() { + corsList := utils.Getenv("cors_list") + if corsList == "*" { + isAllowedAllCors = true + } else { + for _, allowedOrigin := range strings.Split(corsList, ",") { + allowedCors[allowedOrigin] = true + } + } + fmt.Println(allowedCors) +} func NewHTTPServer() error { - upgrader.CheckOrigin = func(r *http.Request) bool { return true } + upgrader.CheckOrigin = func(r *http.Request) bool { + if isAllowedAllCors { + return true + } else { + isAllowed, ok := allowedCors[r.Host] + if !ok || !isAllowed { + return false + } + return true + } + } + listener, err := net.Listen("tcp", ":80") if err != nil { return errors.New("Error listening: " + err.Error()) @@ -97,16 +122,10 @@ func Handler(conn net.Conn) { host := strings.Split(parseHostFromHeader(headers), ".") if len(host) < 1 { conn.Write([]byte("HTTP/1.1 400 Bad Request\r\n\r\n")) - log.Println("Bad Request") conn.Close() return } - if len(host) < 1 { - conn.Write([]byte("HTTP/1.1 400 Bad Request\r\n\r\n")) - conn.Close() - return - } slug := host[0] if redirectTLS { diff --git a/server/https.go b/server/https.go index f7d9827..fbaf3f9 100644 --- a/server/https.go +++ b/server/https.go @@ -59,11 +59,6 @@ func HandlerTLS(conn net.Conn) { return } - if len(host) < 1 { - conn.Write([]byte("HTTP/1.1 400 Bad Request\r\n\r\n")) - conn.Close() - return - } slug := host[0] if slug == "ping" { -- 2.49.0 From f5a995e20f107fb0eca4f0471b586cfa89b4c9e7 Mon Sep 17 00:00:00 2001 From: bagas Date: Thu, 11 Sep 2025 13:10:09 +0700 Subject: [PATCH 4/5] update: remove unuse debug message --- server/http.go | 1 - 1 file changed, 1 deletion(-) diff --git a/server/http.go b/server/http.go index 945cfc7..456c21b 100644 --- a/server/http.go +++ b/server/http.go @@ -71,7 +71,6 @@ func init() { allowedCors[allowedOrigin] = true } } - fmt.Println(allowedCors) } func NewHTTPServer() error { -- 2.49.0 From 659b2b82ecbc7bca464d1b71a1c74cee55b0e634 Mon Sep 17 00:00:00 2001 From: bagas Date: Thu, 11 Sep 2025 13:18:28 +0700 Subject: [PATCH 5/5] update: improve cors checking logic --- server/http.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/http.go b/server/http.go index 456c21b..f416b67 100644 --- a/server/http.go +++ b/server/http.go @@ -78,7 +78,7 @@ func NewHTTPServer() error { if isAllowedAllCors { return true } else { - isAllowed, ok := allowedCors[r.Host] + isAllowed, ok := allowedCors[r.Header.Get("Origin")] if !ok || !isAllowed { return false } -- 2.49.0