diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..a738486 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,70 @@ +name: CI + +on: + push: + branches: + - 'main' + tags: + - '*' + pull_request: + branches: + - 'main' + +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 https://github.com/actions/checkout/releases/tag/v4.1.1 + - name: Use Node.js + uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2 https://github.com/actions/setup-node/releases/tag/v3.8.2 + with: + node-version: 20 + - run: npm install + - run: npm test + + docker: + if: startsWith(github.ref, 'refs/tags/') + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 https://github.com/actions/checkout/releases/tag/v4.1.1 + - + name: install node + uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2 https://github.com/actions/setup-node/releases/tag/v3.8.2 + - run: npm install --omit=dev + - + name: 'Extract tag name' + shell: bash + run: echo "tag=${GITHUB_REF##*/}" >> $GITHUB_OUTPUT + id: extract_tag + - + name: Set up QEMU + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 https://github.com/docker/setup-qemu-action/releases/tag/v3.0.0 + - # See note on build-push-action github repo on why this needed + name: Set up Docker Buildx + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 https://github.com/docker/setup-buildx-action/releases/tag/v3.0.0 + - + name: Login to Docker Hub + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 https://github.com/docker/login-action/releases/tag/v3.0.0 + with: + username: ${{ vars.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - + name: Build and push server Docker image + uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 https://github.com/docker/build-push-action/releases/tag/v5.1.0 + with: + context: . + file: Dockerfile-server + platforms: linux/amd64,linux/arm64 + push: true + tags: ${{ vars.DOCKERHUB_USERNAME }}/p2proxy-server:${{ steps.extract_tag.outputs.tag }}, ${{ vars.DOCKERHUB_USERNAME }}/p2proxy-server:latest + - + name: Build and push client Docker image + uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 https://github.com/docker/build-push-action/releases/tag/v5.1.0 + with: + context: . + file: Dockerfile-client + platforms: linux/amd64,linux/arm64 + push: true + tags: ${{ vars.DOCKERHUB_USERNAME }}/p2proxy-client:${{ steps.extract_tag.outputs.tag }}, ${{ vars.DOCKERHUB_USERNAME }}/p2proxy-client:latest diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..15813be --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +package-lock.json +node_modules/ diff --git a/Dockerfile-client b/Dockerfile-client new file mode 100644 index 0000000..d6cba4c --- /dev/null +++ b/Dockerfile-client @@ -0,0 +1,14 @@ +FROM node:20-slim + +RUN useradd p2proxy +USER p2proxy + +ENV WORKDIR=/home/p2proxy/ + +COPY node_modules ${WORKDIR}/node_modules +COPY package-lock.json ${WORKDIR} +COPY package.json ${WORKDIR} +COPY index.js ${WORKDIR} +COPY client.js ${WORKDIR} + +ENTRYPOINT ["/home/p2proxy/client.js"] diff --git a/Dockerfile-server b/Dockerfile-server new file mode 100644 index 0000000..33bd554 --- /dev/null +++ b/Dockerfile-server @@ -0,0 +1,14 @@ +FROM node:20-slim + +RUN useradd p2proxy +USER p2proxy + +ENV WORKDIR=/home/p2proxy/ + +COPY node_modules ${WORKDIR}/node_modules +COPY package-lock.json ${WORKDIR} +COPY package.json ${WORKDIR} +COPY index.js ${WORKDIR} +COPY server.js ${WORKDIR} + +ENTRYPOINT ["/home/p2proxy/server.js"] diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..261eeb9 --- /dev/null +++ b/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/NOTICE b/NOTICE new file mode 100644 index 0000000..5b83848 --- /dev/null +++ b/NOTICE @@ -0,0 +1,13 @@ +Copyright 2024 Hans Degroote + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/README.md b/README.md new file mode 100644 index 0000000..8f0ad3d --- /dev/null +++ b/README.md @@ -0,0 +1,70 @@ +# P2Proxy + +A peer-to-peer proxy which can connect firewalled services. + +A typical usecase involves: +- Remote machine runs a server on localhost +- Remote machine runs a P2Proxy to that localhost server +- Client machine runs a P2Proxy client to the remote proxy + +=> You can now talk to the remote server, through the client machine's proxy. + +Discovery and holepunching through firewalls is handled by [Hyperdht](https://github.com/holepunchto/hyperdht). + +Communication is end-to-end encrypted between the client and server proxies (thanks to Hyperdht). + +The client and server are authenticated through a shared secret. + +Disclaimer: this is still fairly experimental software. + +## Install + +`npm i p2proxy` + +## Usage + +Arguments and options are read from environment variables. + +Seeds are strings of 64 hex characters which should be kept secret. The `hyper-cmd-util-keygen` CLI tool from [hyper-cmd-utils](https://github.com/holepunchto/hyper-cmd-utils) can be used to generate them: + +``` +hyper-cmd-util-keygen --gen_seed +``` + +Logs can be piped to pino-pretty for clean display on a CLI (`... | pino-pretty`). + +### CLI + +Server: + +``` +P2PROXY_PORT=8080 P2PROXY_SEED=<64-hex-seed> p2proxy-server +``` + +Client: + +``` +P2PROXY_PORT=18080 P2PROXY_SEED=<64-hex-seed> p2proxy-client +``` + +Note: both client and server need to use the same seed. The seed is how they find and authenticate each other. + +You can now reach the service running at port 8080 on the remote, by running on the client: +``` +curl 127.0.0.1:18080 +``` + +### Docker + +See https://hub.docker.com/r/hdegroote/p2proxy-server and https://hub.docker.com/r/hdegroote/p2proxy-client + +## Relation With Hypertele + +This module is based on [hypertele](https://github.com/bitfinexcom/hypertele). + +The main differences are: +- Less options +- Options are passed in as environment variables +- No pub-sub functionality +- Always runs in `--private` mode +- The server and client can be imported, for use in other programs diff --git a/client.js b/client.js new file mode 100755 index 0000000..115a374 --- /dev/null +++ b/client.js @@ -0,0 +1,76 @@ +#!/usr/bin/env node + +const b4a = require('b4a') +const goodbye = require('graceful-goodbye') +const idEncoding = require('hypercore-id-encoding') +const pino = require('pino') + +const { ProxyClient } = require('./index') + +function loadConfig () { + const rawBootstrap = process.env.P2PROXY_BOOTSTRAP + const bootstrap = rawBootstrap + ? [{ + host: rawBootstrap.split(':')[0], + port: parseInt(rawBootstrap.split(':')[1]) + }] + : null + + const port = parseInt(process.env.P2PROXY_PORT || 0) + + const rawSeed = process.env.P2PROXY_SEED + if (!rawSeed || !idEncoding.isValid(rawSeed)) { + console.error('P2PROXY_SEED must be set to a valid seed') + process.exit(1) + } + const seed = idEncoding.decode(rawSeed) + + const config = { + port, + seed, + bootstrap, + keepAlive: 5000, + host: '127.0.0.1', + logLevel: 'info' + } + + return config +} + +async function main () { + const config = loadConfig() + const logger = pino({ level: config.logLevel }) + + const { port, seed, bootstrap, keepAlive, host } = config + + if (bootstrap) { + logger.warn(`Using non-default bootstrap: ${bootstrap[0].host}:${bootstrap[0].port}`) + } + + const proxy = new ProxyClient( + seed, port, host, { bootstrap, keepAlive } + ) + + proxy.on('connection', ({ id, remoteAddress, remotePort }) => { + logger.info(`Opened connection ${id} with ${remoteAddress}:${remotePort}`) + }) + proxy.on('connection-close', ({ id, remoteAddress, remotePort }) => { + logger.info(`Closed connection ${id} with ${remoteAddress}:${remotePort}`) + }) + + goodbye(async () => { + logger.info('Shutting down') + if (proxy.opened) await proxy.close() + logger.info('Shut down') + }) + + logger.info('Starting proxy') + await proxy.ready() + + const address = `${proxy.address.address}:${proxy.address.port}` + logger.info(`The proxy client is listening at ${address}`) + + logger.info(`Public key: ${b4a.toString(proxy.publicKey, 'hex')}`) +} + +main() diff --git a/index.js b/index.js new file mode 100644 index 0000000..889fa8c --- /dev/null +++ b/index.js @@ -0,0 +1,129 @@ +const { once } = require('events') +const net = require('net') +const ReadyResource = require('ready-resource') +const HyperDHT = require('hyperdht') +const { connPiper } = require('hyper-cmd-lib-net') +const b4a = require('b4a') + +class ProxyServer extends ReadyResource { + constructor (seed, port, host, { keepAlive = 5000, bootstrap = null }) { + super() + + this.dht = new HyperDHT( + { bootstrap, connectionKeepAlive: keepAlive, seed } + ) + + const firewall = (remotePublicKey) => { + return !b4a.equals( + remotePublicKey, + this.dht.defaultKeyPair.publicKey + ) + } + + this.connectionCounter = 0 + const connHandler = (socket) => { + connPiper( + socket, + () => { + const id = this.connectionCounter++ + const remotePublicKey = socket.remotePublicKey + + this.emit('connection', { id, remotePublicKey }) + + socket.once('close', () => { + this.emit('connection-close', { id, remotePublicKey }) + }) + + return net.connect({ port, host, allowHalfOpen: true }) + }, + { isServer: true } + ) + } + + this.server = this.dht.createServer( + { firewall, reusableSocket: true }, connHandler + ) + } + + async _open () { + await this.server.listen() + } + + get address () { + return this.server.address() + } +} + +class ProxyClient extends ReadyResource { + constructor (seed, port, host, { bootstrap = null, keepAlive = 5000 } = {}) { + super() + + this.port = port + this.host = host + + this.dht = new HyperDHT( + { bootstrap, connectionKeepAlive: keepAlive, seed } + ) + + this.connectionCounter = 0 + + const connHandler = (socket) => { + const id = this.connectionCounter++ + const remoteAddress = socket.remoteAddress + const remotePort = socket.remotePort + + this.emit('connection', { + remoteAddress, + remotePort, + id + }) + + socket.on('close', () => { + this.emit('connection-close', { + remoteAddress, + remotePort, + id + }) + }) + + return connPiper( + socket, + () => { + const stream = this.dht.connect( + b4a.from(this.dht.defaultKeyPair.publicKey, 'hex'), + { reusableSocket: true } + ) + return stream + } + ) + } + + this.proxy = net.createServer( + { allowHalfOpen: true }, + connHandler + ) + } + + async _open () { + const listenProm = once(this.proxy, 'listening') + this.proxy.listen(this.port, this.host) + await listenProm + } + + async _close () { + this.proxy.close() + await once(this.proxy, 'close') + + await this.dht.destroy() + } + + get publicKey () { + return this.dht.defaultKeyPair.publicKey + } + + get address () { + return this.proxy.address() + } +} + +module.exports = { ProxyServer, ProxyClient } diff --git a/package.json b/package.json new file mode 100644 index 0000000..d19b439 --- /dev/null +++ b/package.json @@ -0,0 +1,41 @@ +{ + "name": "p2proxy", + "version": "0.0.0", + "description": "A peer-to-peer proxy which can connect firewalled services", + "main": "index.js", + "scripts": { + "test": "standard && brittle test.js" + }, + "bin": { + "p2proxy-client": "./client.js", + "p2proxy-server": "./server.js" + }, + "repository": { + "type": "git", + "url": "git+https://github.com/HDegroote/p2proxy.git" + }, + "keywords": [ + "proxy", + "hyperdht", + "peer-to-peer" + ], + "author": "H. Degroote", + "license": "Apache-2.0", + "bugs": { + "url": "https://github.com/HDegroote/p2proxy/issues" + }, + "homepage": "https://github.com/HDegroote/p2proxy#readme", + "dependencies": { + "graceful-goodbye": "^1.3.0", + "hyper-cmd-lib-net": "^0.1.0", + "hypercore-id-encoding": "^1.3.0", + "hyperdht": "^6.14.0", + "pino": "^8.20.0", + "ready-resource": "^1.0.3" + }, + "devDependencies": { + "b4a": "^1.6.6", + "brittle": "^3.5.0", + "standard": "^17.1.0" + } +} diff --git a/server.js b/server.js new file mode 100755 index 0000000..a7786b3 --- /dev/null +++ b/server.js @@ -0,0 +1,80 @@ +#!/usr/bin/env node + +const b4a = require('b4a') +const goodbye = require('graceful-goodbye') +const idEncoding = require('hypercore-id-encoding') +const pino = require('pino') + +const { ProxyServer } = require('./index') + +function loadConfig () { + const rawBootstrap = process.env.P2PROXY_BOOTSTRAP + const bootstrap = rawBootstrap + ? [{ + host: rawBootstrap.split(':')[0], + port: parseInt(rawBootstrap.split(':')[1]) + }] + : null + + if (!process.env.P2PROXY_PORT) { + console.error('P2PROXY_PORT must be set to the port you wish to proxy') + process.exit(1) + } + const port = parseInt(process.env.P2PROXY_PORT) + + const rawSeed = process.env.P2PROXY_SEED + if (!rawSeed || !idEncoding.isValid(rawSeed)) { + console.error('P2PROXY_SEED must be set to a valid seed') + process.exit(1) + } + const seed = idEncoding.decode(rawSeed) + + const config = { + port, + seed, + bootstrap, + keepAlive: 5000, + host: '127.0.0.1', + logLevel: 'info' + + } + + return config +} + +async function main () { + const config = loadConfig() + const logger = pino({ level: config.logLevel }) + + const { port, seed, bootstrap, keepAlive, host } = config + + if (bootstrap) { + logger.warn(`Using non-default bootstrap: ${bootstrap[0].host}:${bootstrap[0].port}`) + } + + const proxy = new ProxyServer( + seed, port, host, { logger, keepAlive, bootstrap } + ) + proxy.on('connection', ({ id, remotePublicKey }) => { + logger.info(`Opened connection ${id} with ${b4a.toString(remotePublicKey, 'hex')}`) + }) + proxy.on('connection-close', ({ id, remotePublicKey }) => { + logger.info(`Closed connection ${id} with ${b4a.toString(remotePublicKey, 'hex')}`) + }) + + goodbye(async () => { + logger.info('Shutting down') + if (proxy.opened) await proxy.close() + logger.info('Shut down') + }) + + logger.info('Starting proxy') + await proxy.ready() + logger.info('The proxy server is listening. Connect by running a client with the same seed.') + + const address = proxy.address + logger.info(`Public key: ${b4a.toString(address.publicKey, 'hex')}`) + logger.info(`Address: ${address.host}:${address.port}`) +} + +main() diff --git a/test.js b/test.js new file mode 100644 index 0000000..7c4754b --- /dev/null +++ b/test.js @@ -0,0 +1,156 @@ +const { spawn } = require('child_process') +const { once } = require('events') +const path = require('path') +const http = require('http') +const createTestnet = require('hyperdht/testnet') +const test = require('brittle') +const HyperDHT = require('hyperdht') +const b4a = require('b4a') + +const SERVER_EXECUTABLE = path.join(__dirname, 'server.js') +const CLIENT_EXECUTABLE = path.join(__dirname, 'client.js') + +const DEBUG = false + +test('Can proxy ', async t => { + const { bootstrap } = await createTestnet(3, t.teardown) + const portToProxy = await setupDummyServer(t.teardown) + const seed = 'a'.repeat(64) + + await setupProxyServer(portToProxy, seed, bootstrap, t) + const clientAddress = await setupProxyClient(seed, bootstrap, t, { isPrivate: true }) + + const res = await request(`http://${clientAddress}`) + t.is(res.data, 'You got served', 'Proxy works') +}) + +test('Cannot access server with public key', async t => { + t.plan(2) + const { bootstrap } = await createTestnet(3, t.teardown) + const portToProxy = await setupDummyServer(t.teardown) + const seed = 'a'.repeat(64) + await setupProxyServer(portToProxy, seed, bootstrap, t) + + const keypair = HyperDHT.keyPair(b4a.from(seed, 'hex')) + + { + const dht = new HyperDHT({ bootstrap }) + const socket = dht.connect(keypair.publicKey) + socket.on('open', () => t.fail('Should not be able to connect due to firewall')) + socket.on('error', async (e) => { + if (DEBUG) console.log(e) + t.pass('could not connect') + await dht.destroy() + }) + } + + { + const dht = new HyperDHT({ bootstrap, seed: b4a.from(seed, 'hex') }) + const socket = dht.connect(keypair.publicKey) + socket.on('open', async () => { + t.pass('Sanity check: opened socket when using same seed') + await dht.destroy() + }) + socket.on('error', e => t.fail('unexpected error')) + } +}) + +async function setupDummyServer (teardown) { + const server = http.createServer(async (req, res) => { + res.setHeader('Content-Type', 'text/html; charset=utf-8') + res.end('You got served') + }) + teardown(() => server.close()) + + server.listen({ port: 0, host: '127.0.0.1' }) + await once(server, 'listening') + return server.address().port +} + +async function setupProxyServer (portToProxy, seed, bootstrap, t) { + const setupServer = spawn('node', [SERVER_EXECUTABLE], { + env: { + ...process.env, + P2PROXY_PORT: portToProxy, + P2PROXY_SEED: seed, + P2PROXY_BOOTSTRAP: `${bootstrap[0].host}:${bootstrap[0].port}` + } + }) + t.teardown(() => setupServer.kill('SIGKILL')) + + setupServer.stderr.on('data', (data) => { + console.error(data.toString()) + t.fail('Failed to setup proxy server') + }) + + await new Promise(resolve => { + setupServer.stdout.on('data', (data) => { + if (DEBUG) console.log(data.toString()) + if (data.includes('The proxy server is listening')) { + resolve() + } + }) + }) +} + +async function setupProxyClient (seed, bootstrap, t, { isPrivate = false } = {}) { + const setupClient = spawn('node', [CLIENT_EXECUTABLE], { + env: { + ...process.env, + P2PROXY_SEED: seed, + P2PROXY_BOOTSTRAP: `${bootstrap[0].host}:${bootstrap[0].port}` + } + }) + t.teardown(() => setupClient.kill('SIGKILL')) + + setupClient.stderr.on('data', (data) => { + console.error(data.toString()) + t.fail('Failed to setup proxy client') + }) + + const clientAddress = await new Promise(resolve => { + setupClient.stdout.on('data', (data) => { + const msg = data.toString() + + if (DEBUG) console.log(msg) + if (msg.includes('The proxy client is listening')) { + const address = msg.match('127.0.0.1:[0-9]+')[0] + resolve(address) + } + }) + }) + + return clientAddress +} + +async function request (link, { msTimeout = 5000 } = {}) { + return new Promise((resolve, reject) => { + const req = http.get(link, { + headers: { + Connection: 'close' + } + }) + + req.setTimeout(msTimeout, + () => { + reject(new Error('Request timeout')) + req.destroy() + } + ) + + req.on('error', reject) + req.on('response', function (res) { + let buf = '' + + res.setEncoding('utf-8') + + res.on('data', function (data) { + buf += data + }) + + res.on('end', function () { + resolve({ status: res.statusCode, data: buf }) + }) + }) + }) +}