From 5dd999f0adb6402139d58dfd9db8d36af818d696 Mon Sep 17 00:00:00 2001 From: Jaime Pillora Date: Tue, 17 Mar 2015 08:53:33 +1100 Subject: [PATCH] renamed auth to key, fixed docs --- README.md | 75 +++++++++++++++++++++++++++++---------------- client/client.go | 22 ++++++------- main.go | 20 ++++++------ server/server.go | 12 ++++---- test/chisel_test.go | 6 ++-- 5 files changed, 80 insertions(+), 55 deletions(-) diff --git a/README.md b/README.md index 1868cc8f..ee7cd9f8 100644 --- a/README.md +++ b/README.md @@ -20,67 +20,87 @@ $ go get -v github.com/jpillora/chisel * Easy to use * [Performant](#performance)* -* [Encrypted connections](https://github.com/jpillora/conncrypt) with `auth` derived (PBKDF2) symmetric key +* [Encrypted connections](https://github.com/jpillora/conncrypt) with `key` derived (PBKDF2) symmetric key * Client auto-reconnects with [exponential backoff](https://github.com/jpillora/backoff) * Client can create multiple tunnel endpoints over one TCP connection * Server optionally doubles as a [reverse proxy](http://golang.org/pkg/net/http/httputil/#NewSingleHostReverseProxy) ### Demo -A [demo app](https://chisel-demo.herokuapp.com) on Heroku is running this `chiseld` server: +A [demo app](https://chisel-demo.herokuapp.com) on Heroku is running this `chisel server`: ``` sh -$ chiseld --auth foobar --port $PORT --proxy http://example.com +$ chisel server --key foobar --port $PORT --proxy http://example.com # listens on $PORT, requires password 'foobar', proxy web requests to 'http://example.com' ``` This demo app is also running a [simple file server](https://www.npmjs.com/package/serve) on `:3000`, which is normally inaccessible due to Heroku's firewall. However, if we tunnel in with: ``` sh -$ chisel-forward --auth foobar https://chisel-demo.herokuapp.com 3000 +$ chisel client --key foobar https://chisel-demo.herokuapp.com 3000 # connects to 'https://chisel-demo.herokuapp.com', using password 'foobar', # tunnels your localhost:3000 to the server's localhost:3000 ``` and then visit [localhost:3000](http://localhost:3000/), we should see a directory listing of the demo app's root. Also, if we visit -[the demo app](https://chisel-demo.herokuapp.com) itself in the browser we should hit the server's +the [demo app](https://chisel-demo.herokuapp.com) in the browser we should hit the server's default proxy and see a copy of [example.com](http://example.com). ### Usage + ``` -$ chiseld --help - Usage: chiseld [options] + Usage: chisel [command] [--help] + + Version: X.X.X + + Commands: + server - runs chisel in server mode + client - runs chisel in client mode + + Read more: + https://github.com/jpillora/chisel + +``` + + + +``` + + Usage: chisel server [options] Options: - --host, Defines the HTTP listening host – the network interface - (defaults to 0.0.0.0). You may also set the HOST environment - variable. + --host, Defines the HTTP listening host – the network interface + (defaults to 0.0.0.0). - --port, Defines the HTTP listening port (defaults to 8080). You - may also set the PORT environment variable. + --port, Defines the HTTP listening port (defaults to 8080). + --proxy, Specifies the default proxy target to use when chisel + receives a normal HTTP request. - --proxy, Specifies the default proxy target to use when chiseld - receives a normal HTTP request. + --key, Enables AES256 encryption and specify the string to + use to derive the key (derivation is performed using PBKDF2 + with 2048 iterations of SHA256). - -v, Enable verbose logging + -v, Enable verbose logging - --version, Display version + --help, This help text Read more: - https://github.com/jpillora/chisel + https://github.com/jpillora/chisel + ``` + + ``` -$ chisel-forward --help - Usage: chisel-forward [options] server remote [remote] [remote] ... + Usage: chisel client [options] [remote] [remote] ... - server is the URL to the chiseld server. + server is the URL to the chisel server. remotes are remote connections tunneled through the server, each of which come in the form: @@ -101,16 +121,19 @@ $ chisel-forward --help Options: - --auth AUTH, Specifies the optional authentication string used by - the server. + --key, Enables AES256 encryption and specify the string to + use to derive the key (derivation is performed using PBKDF2 + with 2048 iterations of SHA256). - -v, Enable verbose logging + -v, Enable verbose logging - --version, Display version + --help, This help text Read more: - https://github.com/jpillora/chisel + https://github.com/jpillora/chisel + ``` + See also: [programmatic API](https://github.com/jpillora/chisel/wiki/Programmatic-Usage). @@ -186,7 +209,7 @@ See more [test/](test/) ### Known Issues -* **WebSockets support is required** +* WebSockets support is required * IaaS providers all will support WebSockets * Unless an unsupporting HTTP proxy has been forced in front of you, in which case I'd argue that you've been downgraded to PaaS. * PaaS providers vary in their support for WebSockets diff --git a/client/client.go b/client/client.go index bd1c11cd..3a937464 100644 --- a/client/client.go +++ b/client/client.go @@ -18,16 +18,16 @@ import ( type Client struct { *chshare.Logger - config *chshare.Config - encconfig []byte - auth, server string - proxies []*Proxy - session *yamux.Session - running bool - runningc chan error + config *chshare.Config + encconfig []byte + key, server string + proxies []*Proxy + session *yamux.Session + running bool + runningc chan error } -func NewClient(auth, server string, remotes ...string) (*Client, error) { +func NewClient(key, server string, remotes ...string) (*Client, error) { //apply default scheme if !strings.HasPrefix(server, "http") { @@ -69,7 +69,7 @@ func NewClient(auth, server string, remotes ...string) (*Client, error) { Logger: chshare.NewLogger("client"), config: config, encconfig: encconfig, - auth: auth, + key: key, server: u.String(), running: true, runningc: make(chan error, 1), @@ -133,8 +133,8 @@ func (c *Client) start() { conn := net.Conn(ws) - if c.auth != "" { - conn = conncrypt.New(conn, &conncrypt.Config{Password: c.auth}) + if c.key != "" { + conn = conncrypt.New(conn, &conncrypt.Config{Password: c.key}) } //write config, read result diff --git a/main.go b/main.go index 602d7fcb..226eb83f 100644 --- a/main.go +++ b/main.go @@ -78,7 +78,7 @@ var serverHelp = ` --port, Defines the HTTP listening port (defaults to 8080). - --proxy, Specifies the default proxy target to use when chiseld + --proxy, Specifies the default proxy target to use when chisel receives a normal HTTP request. ` + commonHelp + ` Read more: @@ -92,9 +92,10 @@ func server(args []string) { hostf := flags.String("host", "", "") portf := flags.String("port", "", "") - authf := flags.String("auth", "", "") + authf := flags.String("key", "", "") proxyf := flags.String("proxy", "", "") verbose := flags.Bool("v", false, "") + flags.Usage = func() { fmt.Fprintf(os.Stderr, serverHelp) os.Exit(1) @@ -117,12 +118,12 @@ func server(args []string) { port = "8080" } - auth := *authf - if auth == "" { - auth = os.Getenv("AUTH") + key := *authf + if key == "" { + key = os.Getenv("key") } - s, err := chserver.NewServer(auth, *proxyf) + s, err := chserver.NewServer(key, *proxyf) if err != nil { log.Fatal(err) } @@ -138,7 +139,7 @@ func server(args []string) { var clientHelp = ` Usage: chisel client [options] [remote] [remote] ... - server is the URL to the chiseld server. + server is the URL to the chisel server. remotes are remote connections tunneled through the server, each of which come in the form: @@ -168,10 +169,11 @@ func client(args []string) { flags := flag.NewFlagSet("client", flag.ContinueOnError) - auth := flags.String("auth", "", "") + key := flags.String("key", "", "") verbose := flags.Bool("v", false, "") flags.Usage = func() { fmt.Fprintf(os.Stderr, clientHelp) + os.Exit(1) } flags.Parse(args) @@ -183,7 +185,7 @@ func client(args []string) { server := args[0] remotes := args[1:] - c, err := chclient.NewClient(*auth, server, remotes...) + c, err := chclient.NewClient(*key, server, remotes...) if err != nil { log.Fatal(err) } diff --git a/server/server.go b/server/server.go index 5a2baf08..6438fd75 100644 --- a/server/server.go +++ b/server/server.go @@ -13,17 +13,17 @@ import ( type Server struct { *chshare.Logger - auth string + key string wsCount int wsServer websocket.Server httpServer *chshare.HTTPServer proxy *httputil.ReverseProxy } -func NewServer(auth, proxy string) (*Server, error) { +func NewServer(key, proxy string) (*Server, error) { s := &Server{ Logger: chshare.NewLogger("server"), - auth: auth, + key: key, wsServer: websocket.Server{}, httpServer: chshare.NewHTTPServer(), } @@ -57,7 +57,7 @@ func (s *Server) Run(host, port string) error { } func (s *Server) Start(host, port string) error { - if s.auth != "" { + if s.key != "" { s.Infof("Authenication enabled") } if s.proxy != nil { @@ -97,8 +97,8 @@ func (s *Server) handleWS(ws *websocket.Conn) { conn := net.Conn(ws) - if s.auth != "" { - conn = conncrypt.New(conn, &conncrypt.Config{Password: s.auth}) + if s.key != "" { + conn = conncrypt.New(conn, &conncrypt.Config{Password: s.key}) } configb := chshare.SizeRead(conn) diff --git a/test/chisel_test.go b/test/chisel_test.go index a8a2f95e..f9d9001f 100644 --- a/test/chisel_test.go +++ b/test/chisel_test.go @@ -56,7 +56,7 @@ func TestBenchChisel(t *testing.T) { benchSizes("2001", t) } func TestBenchrowbar(t *testing.T) { - // benchSizes("4001", t) + benchSizes("4001", t) } func benchSizes(port string, t *testing.T) { @@ -147,12 +147,12 @@ func TestMain(m *testing.M) { time.Sleep(100 * time.Millisecond) - hd := exec.Command("chisel", "server", "--port", "2002" /*"--auth", "foobar",*/) + hd := exec.Command("chisel", "server", "--port", "2002" /*"--key", "foobar",*/) // hd.Stdout = os.Stdout if err := hd.Start(); err != nil { log.Fatal(err) } - hf := exec.Command("chisel", "client", /*"--auth", "foobar",*/ + hf := exec.Command("chisel", "client", /*"--key", "foobar",*/ "127.0.0.1:2002", "2001:3000") // hf.Stdout = os.Stdout