web服务增加以https方式运行

Jrohy · Mar 22, 2020 · baca96b · baca96b
1 parent 5e9c538
commit baca96b
Show file tree

Hide file tree

Showing 4 changed files with 52 additions and 4 deletions.
diff --git a/cmd/web.go b/cmd/web.go
@@ -1,22 +1,32 @@
 package cmd
 
 import (
+	"fmt"
 	"github.com/spf13/cobra"
 	"trojan/web"
 )
 
-var port int
+var (
+	port int
+	ssl  bool
+)
 
 // webCmd represents the web command
 var webCmd = &cobra.Command{
 	Use:   "web",
 	Short: "以web方式启动",
 	Run: func(cmd *cobra.Command, args []string) {
-		web.Start(port)
+		if ssl && port == 80 {
+			fmt.Println("启动web服务失败!")
+			fmt.Println("以https方式运行必须传参-p来指定https的运行端口(不能为80)")
+			return
+		}
+		web.Start(port, ssl)
 	},
 }
 
 func init() {
 	webCmd.Flags().IntVarP(&port, "port", "p", 80, "web服务启动端口")
+	webCmd.Flags().BoolVarP(&ssl, "ssl", "", false, "web服务是否以https方式运行")
 	rootCmd.AddCommand(webCmd)
 }
diff --git a/go.mod b/go.mod
@@ -12,6 +12,7 @@ require (
 	github.com/spf13/cobra v0.0.6
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/syndtr/goleveldb v1.0.0
+	github.com/unrolled/secure v1.0.7
 	golang.org/x/net v0.0.0-20190930134127-c5a3c61f89f3 // indirect
 	golang.org/x/sys v0.0.0-20200219091948-cb0a6d8edb6c // indirect
 	golang.org/x/text v0.3.2 // indirect

diff --git a/go.sum b/go.sum
@@ -13,6 +13,8 @@ github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/codegangsta/negroni v1.0.0 h1:+aYywywx4bnKXWvoWtRfJ91vC59NbEhEY03sZjQhbVY=
+github.com/codegangsta/negroni v1.0.0/go.mod h1:v0y3T5G7Y1UlFfyxFn/QLRU4a2EuNau2iZY63YTKWo0=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
@@ -199,6 +201,8 @@ github.com/ugorji/go/codec v0.0.0-20181022190402-e5e69e061d4f/go.mod h1:VFNgLljT
 github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
 github.com/ugorji/go/codec v1.1.7 h1:2SvQaVZ1ouYrrKKwoSk2pzd4A9evlKJb9oTL+OaLUSs=
 github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
+github.com/unrolled/secure v1.0.7 h1:BcQHp3iKZyZCKj5gRqwQG+5urnGBF00wGgoPPwtheVQ=
+github.com/unrolled/secure v1.0.7/go.mod h1:uGc1OcRF8gCVBA+ANksKmvM85Hka6SZtQIbrKc3sHS4=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
 github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=

diff --git a/web/web.go b/web/web.go
@@ -5,8 +5,10 @@ import (
 	"github.com/gin-contrib/gzip"
 	"github.com/gin-gonic/gin"
 	"github.com/gobuffalo/packr/v2"
+	"github.com/unrolled/secure"
 	"net/http"
 	"strconv"
+	"trojan/core"
 	"trojan/util"
 	"trojan/web/controller"
 )
@@ -71,15 +73,46 @@ func staticRouter(router *gin.Engine) {
 	})
 }
 
+func sslRouter(router *gin.Engine, port int) {
+	domain, _ := core.GetValue("domain")
+	secureFunc := func() gin.HandlerFunc {
+		return func(c *gin.Context) {
+			secureMiddleware := secure.New(secure.Options{
+				SSLRedirect: true,
+				SSLHost:     fmt.Sprintf("%s:%d", domain, port),
+			})
+			err := secureMiddleware.Process(c.Writer, c.Request)
+			// If there was an error, do not continue.
+			if err != nil {
+				return
+			}
+
+			c.Next()
+		}
+	}()
+	router.Use(secureFunc)
+}
+
 // Start web启动入口
-func Start(port int) {
+func Start(port int, isSSL bool) {
 	router := gin.Default()
+	if isSSL {
+		sslRouter(router, port)
+	}
 	router.Use(gzip.Gzip(gzip.DefaultCompression))
 	staticRouter(router)
 	router.Use(Auth(router).MiddlewareFunc())
 	userRouter(router)
 	dataRouter(router)
 	commonRouter(router)
 	util.OpenPort(port)
-	_ = router.Run(fmt.Sprintf(":%d", port))
+	if isSSL {
+		config := core.Load("")
+		ssl := &config.SSl
+		util.OpenPort(80)
+		go router.Run(":80")
+		router.RunTLS(fmt.Sprintf(":%d", port), ssl.Cert, ssl.Key)
+	} else {
+		router.Run(fmt.Sprintf(":%d", port))
+	}
 }