const http = require('http'); const URL = require('url'); const { Server } = http; const Promise = require('bluebird'); const socks = require('socksv5'); /** * Value of the "Proxy-Agent" header that will be sent with each http-connect (https) request * @constant * @type {string} * @default */ const TOR_ROUTER_PROXY_AGENT = 'tor-router'; /** * What will show up when an unauthenticated user attempts to connect when an invalid username * @constant * @type {string} * @default */ const REALM = 'Name of instance to route to'; /** * A HTTP(S) proxy server that will route requests to instances in the TorPool provided. * @extends Server */ class HTTPServer extends Server { /** * Binds the server to a port and IP Address. * * @async * @param {number} port - The port to bind to * @param {string} [host="::"] - Address to bind to. Will default to :: or 0.0.0.0 if not specified. * @returns {Promise} * */ async listen() { return await new Promise((resolve, reject) => { let args = Array.from(arguments); let inner_func = super.listen; args.push(() => { let args = Array.from(arguments); resolve.apply(args); }); inner_func.apply(this, args); }); } /** * Handles username authentication for HTTP requests * @param {ClientRequest} req - Incoming HTTP request * @param {ClientResponse} res - Outgoing HTTP response * @private */ authenticate_user_http(req, res) { return this.authenticate_user(req, () => { res.writeHead(407, { 'Proxy-Authenticate': `Basic realm="${REALM}"` }); res.end(); return false; }) } /** * Handles username authentication for HTTP-Connect requests * @param {ClientRequest} req - Incoming HTTP request * @param {Socket} socket - Inbound HTTP-Connect socket * @private */ authenticate_user_connect(req, socket) { return this.authenticate_user(req, () => { socket.write(`HTTP/1.1 407 Proxy Authentication Required\r\n'+'Proxy-Authenticate: Basic realm="${REALM}"\r\n` +'\r\n'); socket.end(); return false; }) } /** * Checks the username provided against all groups (for "group" mode) or all instances (for "individual" mode). * @param {ClientRequest} req - Incoming HTTP request * @param {Function} deny - Function that when called will deny the connection to the proxy server and prompt the user for credentials (HTTP 407). * @private * @throws If the {@link HTTPServer#proxy_by_name} mode is invalid */ authenticate_user(req, deny) { if (!this.proxy_by_name) return true; let deny_un = this.proxy_by_name.deny_unidentified_users; let header = req.headers['authorization'] || req.headers['proxy-authorization']; if (!header && deny_un) return deny(); else if (!header) return true; let token = header.split(/\s+/).pop(); if (!token && deny_un) return deny(); else if (!token) return true; let buf = new Buffer.from(token, 'base64').toString(); if ( !buf && deny_un ) return deny(); else if (!buf) return true; let username = buf.split(/:/).shift(); if ( !username && deny_un ) return deny(); else if (!username) return true; let instance; if (this.proxy_by_name.mode === 'individual') instance = this.tor_pool.instance_by_name(username); else if (this.proxy_by_name.mode === 'group') { if (!this.tor_pool.group_names.has(username)) return deny(); instance = this.tor_pool.next_by_group(username); } else throw Error(`Unknown "proxy_by_name" mode ${this.proxy_by_name.mode}`); if (!instance) return deny(); req.instance = instance; return true; } /** * Creates an instance of `HTTPServer`. * @param {TorPool} tor_pool - The pool of instances that will be used for requests. * @param {Logger} [logger] - Winston logger that will be used for logging. If not specified will disable logging. * @param {ProxyByNameConfig} [proxy_by_name] - Enable routing to specific instances or groups of instances using the username field (http://instance-1:@my-server:9050) when connecting. */ constructor(tor_pool, logger, proxy_by_name) { /** * Handles incoming HTTP Connections. * @function handle_http_connections * @param {ClientRequest} - Incoming HTTP request. * @param {ClientResponse} - Outgoing HTTP response. * @private */ const handle_http_connections = (req, res) => { if (!this.authenticate_user_http(req, res)) return; let { instance } = req; let url = URL.parse(req.url); url.port = url.port || 80; let buffer = []; function onIncomingData(chunk) { buffer.push(chunk); } function preConnectClosed() { req.finished = true; } req.on('data', onIncomingData); req.on('end', preConnectClosed); req.on('error', function (err) { this.logger.error("[http-proxy]: an error occured: "+err.message); }); let connect = (tor_instance) => { let source = { hostname: req.connection.remoteAddress, port: req.connection.remotePort, proto: 'http', by_name: Boolean(instance) }; let socks_port = tor_instance.socks_port; let proxy_req = http.request({ method: req.method, hostname: url.hostname, port: url.port, path: url.path, headers: req.headers, agent: socks.HttpAgent({ proxyHost: '127.0.0.1', proxyPort: socks_port, auths: [ socks.auth.None() ], localDNS: false }) }, (proxy_res) => { /** * Fires when the proxy has made a connection through an instance using HTTP or HTTP-Connect. * * @event HTTPServer#instance-connection * @param {TorProcess} instance - Instance that has been connected to. * @param {InstanceConnectionSource} source - Details on the source of the connection. */ this.emit('instance_connection', tor_instance, source); this.logger.verbose(`[http-proxy]: ${source.hostname}:${source.port} → 127.0.0.1:${socks_port}${tor_instance.definition.Name ? ' ('+tor_instance.definition.Name+')' : '' } → ${url.hostname}:${url.port}`); proxy_res.on('data', (chunk) => { res.write(chunk); }); proxy_res.on('end', () => { res.end(); }); res.writeHead(proxy_res.statusCode, proxy_res.headers); }); req.removeListener('data', onIncomingData); req.on('data', (chunk) => { proxy_req.write(chunk); }) req.on('end', () => { proxy_req.end(); }) while (buffer.length) { proxy_req.write(buffer.shift()); } if (req.finished) proxy_req.end(); }; if (instance) { if (instance.ready) { connect(instance); } else { this.logger.debug(`[http-proxy]: a connection has been attempted to "${instance.instance_name}", but it is not live... waiting for the instance to come online`); instance.once('ready', (() => connect(instance))); } } else if (this.tor_pool.instances.length) { connect(tor_pool.next()); } else { this.logger.debug(`[http-proxy]: a connection has been attempted, but no tor instances are live... waiting for an instance to come online`); tor_pool.once('instance_created', connect); } } /** * Handles incoming HTTP-Connect connections. * @function handle_connect_connections * @param {ClientRequest} req - Incoming HTTP Request. * @param {Socket} inbound_socket - Incoming socket. * @param {Buffer|string} head - HTTP Request head. * @private */ const handle_connect_connections = (req, inbound_socket, head) => { if (!this.authenticate_user_connect(req, inbound_socket)) return; let { instance } = req; let hostname = req.url.split(':').shift(); let port = Number(req.url.split(':').pop()); let connect = (tor_instance) => { let source = { hostname: req.connection.remoteAddress, port: req.connection.remotePort, proto: 'http-connect', by_name: Boolean(instance) }; let socks_port = tor_instance.socks_port; var outbound_socket; let onClose = (error) => { inbound_socket && inbound_socket.end(); outbound_socket && outbound_socket.end(); inbound_socket = outbound_socket = void(0); if (error instanceof Error) this.logger.error(`[http-connect]: an error occured: ${error.message}`) }; inbound_socket.on('error', onClose); inbound_socket.on('close', onClose); socks.connect({ host: hostname, port: port, proxyHost: '127.0.0.1', proxyPort: socks_port, localDNS: false, auths: [ socks.auth.None() ] }, ($outbound_socket) => { this.emit('instance_connection', tor_instance, source); this.logger && this.logger.verbose(`[http-connect]: ${source.hostname}:${source.port} → 127.0.0.1:${socks_port}${tor_instance.definition.Name ? ' ('+tor_instance.definition.Name+')' : '' } → ${hostname}:${port}`) outbound_socket = $outbound_socket; outbound_socket.on('close', onClose); outbound_socket.on('error', onClose); inbound_socket.write(`HTTP/1.1 200 Connection Established\r\n'+'Proxy-agent: ${TOR_ROUTER_PROXY_AGENT}\r\n` +'\r\n'); outbound_socket.write(head); outbound_socket.pipe(inbound_socket); inbound_socket.pipe(outbound_socket); }); }; if (instance) { if (instance.ready) { connect(instance); } else { this.logger.debug(`[http-connect]: a connection has been attempted to "${instance.instance_name}", but it is not live... waiting for the instance to come online`); instance.once('ready', (() => connect(instance))); } } else if (this.tor_pool.instances.length) { connect(this.tor_pool.next()); } else { this.logger.debug(`[http-connect]: a connection has been attempted, but no tor instances are live... waiting for an instance to come online`); this.tor_pool.once('instance_created', connect); } } super(handle_http_connections); this.on('connect', handle_connect_connections); /** * Winston logger. * @type {Logger} * @public */ this.logger = logger || require('./winston_silent_logger'); /** * The pool of instances that will be used for requests. * @type {TorPool} * @public */ this.tor_pool = tor_pool; /** * Configuration for "proxy by name" feature. * @type {ProxyByNameConfig} * @public */ this.proxy_by_name = proxy_by_name; } }; /** * Module that contains the {@link HTTPServer} class. * @module tor-router/HTTPServer * @see HTTPServer */ module.exports = HTTPServer;