use std::{ convert::Infallible, net::SocketAddr, sync::{Arc, Mutex}, }; use hyper::{ body, body::Bytes, header::HeaderValue, server::conn::AddrStream, service::{make_service_fn, service_fn}, Body, Method, Request, Response, Server, StatusCode, }; use lox::bridge_table::BridgeLine; use lox::proto; use lox::{BridgeAuth, BridgeDb, OPENINV_LENGTH}; use rand::RngCore; use serde::{Deserialize, Serialize}; use serde_json; use serde_with::serde_as; #[serde_as] #[derive(Serialize, Deserialize)] pub struct Invite { #[serde_as(as = "[_; OPENINV_LENGTH]")] invite: [u8; OPENINV_LENGTH], } /// Create a random BridgeLine for testing ONLY. Do not use in production! /// This was copied directly from lox/src/bridge_table.rs in order /// to easily initialize a bridgedb/lox_auth with structurally /// correct buckets to be used for Lox requests/verifications/responses. /// In production, existing bridges should be translated into this format /// in a private function and sorted into buckets (3 bridges/bucket is suggested /// but experience may suggest something else) in some intelligent way. pub fn random() -> BridgeLine { let mut rng = rand::thread_rng(); let mut res: BridgeLine = BridgeLine::default(); // Pick a random 4-byte address let mut addr: [u8; 4] = [0; 4]; rng.fill_bytes(&mut addr); // If the leading byte is 224 or more, that's not a valid IPv4 // address. Choose an IPv6 address instead (but don't worry too // much about it being well formed). if addr[0] >= 224 { rng.fill_bytes(&mut res.addr); } else { // Store an IPv4 address as a v4-mapped IPv6 address res.addr[10] = 255; res.addr[11] = 255; res.addr[12..16].copy_from_slice(&addr); }; let ports: [u16; 4] = [443, 4433, 8080, 43079]; let portidx = (rng.next_u32() % 4) as usize; res.port = ports[portidx]; let mut fingerprint: [u8; 20] = [0; 20]; let mut cert: [u8; 52] = [0; 52]; rng.fill_bytes(&mut fingerprint); rng.fill_bytes(&mut cert); let infostr: String = format!( "obfs4 {} cert={} iat-mode=0", hex_fmt::HexFmt(fingerprint), base64::encode_config(cert, base64::STANDARD_NO_PAD) ); res.info[..infostr.len()].copy_from_slice(infostr.as_bytes()); res } #[derive(Clone)] struct LoxServerContext { db: Arc>, ba: Arc>, } async fn handle( context: LoxServerContext, // addr: SocketAddr, req: Request, ) -> Result, Infallible> { println!("Request: {:?}", req); match req.method() { &Method::OPTIONS => Ok(Response::builder() .header("Access-Control-Allow-Origin", HeaderValue::from_static("*")) .header("Access-Control-Allow-Headers", "accept, content-type") .header("Access-Control-Allow-Methods", "POST") .status(200) .body(Body::from("Allow POST")) .unwrap()), _ => match (req.method(), req.uri().path()) { (&Method::GET, "/invite") => Ok::<_, Infallible>(generate_invite(context.db)), (&Method::GET, "/reachability") => Ok::<_, Infallible>(send_reachability_cred(context.ba)), (&Method::GET, "/pubkeys") => Ok::<_, Infallible>(send_keys(context.ba)), (&Method::POST, "/openreq") => Ok::<_, Infallible>({ let bytes = body::to_bytes(req.into_body()).await.unwrap(); verify_and_send_open_cred(bytes, context.ba) }), (&Method::POST, "/trustpromo") => Ok::<_, Infallible>({ let bytes = body::to_bytes(req.into_body()).await.unwrap(); verify_and_send_trust_promo(bytes, context.ba) }), (&Method::POST, "/trustmig") => Ok::<_, Infallible>({ let bytes = body::to_bytes(req.into_body()).await.unwrap(); verify_and_send_trust_migration(bytes, context.ba) }), _ => { // Return 404 not found response. Ok(Response::builder() .status(StatusCode::NOT_FOUND) .body(Body::from("Not found")) .unwrap()) } }, } } fn generate_invite(db: Arc>) -> Response { let obj = db.lock().unwrap(); let invite = Invite { invite: obj.invite(), }; let token = serde_json::to_string(&invite).unwrap(); let mut resp = Response::new(Body::from(token)); resp.headers_mut() .insert("Access-Control-Allow-Origin", HeaderValue::from_static("*")); resp } fn send_reachability_cred(ba: Arc>) -> Response { let ba_obj = ba.lock().unwrap(); let mut resp = Response::new(Body::from(serde_json::to_string(&ba_obj.reachability_pub).unwrap())); resp.headers_mut().insert("Access-Control-Allow-Origin", HeaderValue::from_static("*")); resp } fn send_keys(ba: Arc>) -> Response { let ba_obj = ba.lock().unwrap(); // vector of public keys (to serialize) let ba_obj_pubkeys = vec![ &ba_obj.lox_pub, &ba_obj.migration_pub, &ba_obj.migrationkey_pub, &ba_obj.reachability_pub, &ba_obj.invitation_pub, ]; println!("Today's date according to server: {}", ba_obj.today()); let mut resp = Response::new(Body::from(serde_json::to_string(&ba_obj_pubkeys).unwrap())); resp.headers_mut() .insert("Access-Control-Allow-Origin", HeaderValue::from_static("*")); resp } fn verify_and_send_open_cred(request: Bytes, ba: Arc>) -> Response { let req: proto::open_invite::Request = serde_json::from_slice(&request).unwrap(); let mut ba_obj = ba.lock().unwrap(); let response = ba_obj.handle_open_invite(req).unwrap(); let open_invite_resp_str = serde_json::to_string(&response).unwrap(); let mut resp = Response::new(Body::from(open_invite_resp_str)); resp.headers_mut() .insert("Access-Control-Allow-Origin", HeaderValue::from_static("*")); resp } fn verify_and_send_trust_promo(request: Bytes, ba: Arc>) -> Response { let req: proto::trust_promotion::Request = serde_json::from_slice(&request).unwrap(); let mut ba_obj = ba.lock().unwrap(); ba_obj.advance_days(31); println!("Today's date according to server: {}", ba_obj.today()); let response = ba_obj.handle_trust_promotion(req).unwrap(); let trust_promo_resp_str = serde_json::to_string(&response).unwrap(); let mut resp = Response::new(Body::from(trust_promo_resp_str)); resp.headers_mut() .insert("Access-Control-Allow-Origin", HeaderValue::from_static("*")); resp } fn verify_and_send_trust_migration(request: Bytes, ba: Arc>) -> Response { let req: proto::migration::Request = serde_json::from_slice(&request).unwrap(); let mut ba_obj = ba.lock().unwrap(); let response = ba_obj.handle_migration(req).unwrap(); let trust_migration_resp_str = serde_json::to_string(&response).unwrap(); let mut resp = Response::new(Body::from(trust_migration_resp_str)); resp.headers_mut() .insert("Access-Control-Allow-Origin", HeaderValue::from_static("*")); resp } async fn shutdown_signal() { tokio::signal::ctrl_c() .await .expect("failed to listen for ctrl+c signal"); } #[tokio::main] async fn main() { let num_buckets = 5; // Create and initialize a new db and lox_auth let mut bridgedb = BridgeDb::new(); let mut lox_auth = BridgeAuth::new(bridgedb.pubkey); // Make 3 x num_buckets open invitation bridges, in sets of 3 for _ in 0..num_buckets { let bucket = [random(), random(), random()]; lox_auth.add_openinv_bridges(bucket, &mut bridgedb); } // Create the encrypted bridge table lox_auth.enc_bridge_table(); let context = LoxServerContext { db: Arc::new(Mutex::new(bridgedb)), ba: Arc::new(Mutex::new(lox_auth)), }; let new_service = make_service_fn(move |_conn: &AddrStream| { let context = context.clone(); let service = service_fn(move |req| { // let addr = conn.remote_addr(); handle(context.clone(), req) }); async move { Ok::<_, Infallible>(service) } }); let addr = SocketAddr::from(([127, 0, 0, 1], 8001)); let server = Server::bind(&addr).serve(new_service); let graceful = server.with_graceful_shutdown(shutdown_signal()); println!("Listening on {}", addr); if let Err(e) = graceful.await { eprintln!("server error: {}", e); } }