marcel/zoraxy
1
0
Fork 0
mirror of https://github.com/tobychui/zoraxy.git synced 2025-06-29 02:41:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: marcel:2.6
Branches Tags
marcel:main marcel:plugin_doc marcel:v2
marcel:v3.2.4 marcel:v3.2.3 marcel:v3.2.2 marcel:v3.2.1 marcel:v3.2.0 marcel:v3.1.9 marcel:v3.1.8 marcel:v3.1.7 marcel:v3.1.6 marcel:v3.1.5 marcel:v3.1.4 marcel:v3.1.3 marcel:v3.1.2 marcel:v3.1.1r3 marcel:3.1.1r2 marcel:3.1.1 marcel:3.1.0 marcel:3.0.9 marcel:3.0.8 marcel:3.0.7 marcel:3.0.6 marcel:3.0.5 marcel:3.0.4 marcel:3.0.3 marcel:3.0.2 marcel:3.0.1 marcel:3.0.0 marcel:2.6.8 marcel:2.6.7 marcel:2.6.6 marcel:2.6.5 marcel:2.6.4 marcel:2.6.3 marcel:2.6.2 marcel:2.6 marcel:2.5 marcel:2.2 marcel:2.3 marcel:2.4 marcel:2.1
...
compare: marcel:2.6.4
Branches Tags
marcel:main marcel:plugin_doc marcel:v2
marcel:v3.2.4 marcel:v3.2.3 marcel:v3.2.2 marcel:v3.2.1 marcel:v3.2.0 marcel:v3.1.9 marcel:v3.1.8 marcel:v3.1.7 marcel:v3.1.6 marcel:v3.1.5 marcel:v3.1.4 marcel:v3.1.3 marcel:v3.1.2 marcel:v3.1.1r3 marcel:3.1.1r2 marcel:3.1.1 marcel:3.1.0 marcel:3.0.9 marcel:3.0.8 marcel:3.0.7 marcel:3.0.6 marcel:3.0.5 marcel:3.0.4 marcel:3.0.3 marcel:3.0.2 marcel:3.0.1 marcel:3.0.0 marcel:2.6.8 marcel:2.6.7 marcel:2.6.6 marcel:2.6.5 marcel:2.6.4 marcel:2.6.3 marcel:2.6.2 marcel:2.6 marcel:2.5 marcel:2.2 marcel:2.3 marcel:2.4 marcel:2.1

13 Commits
2.6 ... 2.6.4

Author SHA1 Message Date
Toby Chui
a8bf07dbba Update start.go 
Patched the rule folder name
 2023-06-16 00:54:55 +08:00
Toby Chui
48dc85ea3e Updates 2.6.4 
+ Added force TLS v1.2 above toggle
+ Added trace route
+ Added ICMP ping
+ Added special routing rules module for up-coming acme integration
+ Fixed IPv6 check bug in black/whitelist
+ Optimized UI for TCP Proxy
+
 2023-06-16 00:48:39 +08:00
Toby Chui
a73a7944ec Merge pull request #19 from Morethanevil/patch-2 
Update CHANGELOG.md
 2023-06-09 00:22:33 +08:00
Toby Chui
d187124db6 Quick fix on the edit not working bug 2023-06-09 00:01:11 +08:00
Marcel
0dd9e5d73c Update CHANGELOG.md 2023-06-08 17:05:41 +02:00
Toby Chui
5e7599756f Updates 2.6.3 
+ Added X-Forwarded-Proto for automatic proxy detector
+ Split blacklist and whitelist from geodb script file
+ Optimized compile binary size
+ Added access control to TCP proxy
+ Added "invalid config detect" in up time monitor for isse #7
+ Fixed minor bugs in advance stats panel
+ Reduced file size of embedded materials
 2023-06-08 21:42:03 +08:00
Toby Chui
5db50c1ca2 Merge pull request #16 from Morethanevil/main-1 
Create CHANGELOG.md
 2023-06-06 14:38:03 +08:00
Marcel
884507b45a Create CHANGELOG.md 
Create Changelog.md for users to see progress of development
 2023-06-05 19:18:28 +02:00
Toby Chui
2574d0504e Updates v2.6.2 
+ Added advance stats operation tab
+ Added statistic reset #13
+ Added statistic export to csv and json (please use json)
+ Make subdomain clickable (not vdir) #12
+ Added TCP Proxy
+ Updates SMTP setup UI to make it more straight forward to setup
 2023-06-04 23:59:56 +08:00
Toby Chui
9535abe314 Update README.md 2023-06-03 18:08:36 +08:00
Toby Chui
8e6a60f684 Added two screenshots for attractiveness 2023-06-03 18:08:03 +08:00
Toby Chui
ead26ea16d Merge pull request #15 from Morethanevil/patch-1 
Update README.md
 2023-06-03 17:53:23 +08:00
Marcel
3d66c01d7b Update README.md 2023-06-03 11:13:10 +02:00
63 changed files with 2371 additions and 496 deletions
Expand all files Collapse all files

36
CHANGELOG.md Normal file
View File

@ -0,0 +1,36 @@
# v2.6.3 Jun 8 2023
+ Added X-Forwarded-Proto for automatic proxy detector
+ Split blacklist and whitelist from geodb script file
+ Optimized compile binary size
+ Added access control to TCP proxy
+ Added "invalid config detect" in up time monitor for isse #7
+ Fixed minor bugs in advance stats panel
+ Reduced file size of embedded materials
# v2.6.2 Jun 4 2023
+ Added advance stats operation tab
+ Added statistic reset #13
+ Added statistic export to csv and json (please use json)
+ Make subdomain clickable (not vdir) #12
+ Added TCP Proxy
+ Updates SMTP setup UI to make it more straight forward to setup
# v2.6.1 May 31 2023
+ Added reverse proxy TLS skip verification
+ Added basic auth
+ Edit proxy settings
+ Whitelist
+ TCP Proxy (experimental)
+ Info (Utilities page)
# v2.6 May 27 2023
+ Basic auth
+ Support TLS verification skip (for self signed certs)
+ Added trend analysis
+ Added referer and file type analysis
+ Added cert expire day display
+ Moved subdomain proxy logic to dpcore

26
README.md
View File

@ -27,7 +27,7 @@ General purpose request (reverse) proxy and forwarding tool for low power device
- Basic single-admin management mode
- External permission management system for easy system integration
- SMTP config for password reset
## Build from Source
Require Go 1.20 or above
@ -120,27 +120,13 @@ To start the module, go to System Settings > Modules > Subservice and enable it
![](img/screenshots/0_1.png)
![](img/screenshots/0_2.png)
![](img/screenshots/1.png)
![](img/screenshots/2.png)
More screenshots on the wikipage [Screenshots](https://github.com/tobychui/zoraxy/wiki/Screenshots)!
![](img/screenshots/3.png)
## FAQ
![](img/screenshots/4.png)
![](img/screenshots/5.png)
![](img/screenshots/7.png)
![](img/screenshots/8.png)
![](img/screenshots/9.png)
![](img/screenshots/10_1.png)
![](img/screenshots/10_2.png)
There is a wikipage with [Frequently-Asked-Questions](https://github.com/tobychui/zoraxy/wiki/FAQ---Frequently-Asked-Questions)!
## Global Area Network Controller
@ -175,10 +161,6 @@ Loopback web ssh connection, by default, is disabled. This means that if you are
./zoraxy -sshlb=true
```
## FAQ
- [How to run Zoraxy as system daemon?](https://github.com/tobychui/zoraxy/issues/8#issuecomment-1561539919)
-
## License
This project is open source under AGPL. I open source this project so everyone can check for security issues and benefit all users. **If your plans to use this project in commercial environment which violate the AGPL terms, please contact toby@imuslab.com for an alternative commercial license.**

BIN
img/screenshots/1.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 66 KiB

After

Width:  |  Height:  |  Size: 90 KiB

BIN
img/screenshots/2.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 71 KiB

After

Width:  |  Height:  |  Size: 100 KiB

BIN
img/screenshots/6.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 77 KiB

35
src/acme.go Normal file
View File

@ -0,0 +1,35 @@
package main
import (
"log"
"net/http"
"imuslab.com/zoraxy/mod/dynamicproxy"
)
/*
acme.go
This script handle special routing required for acme auto cert renew functions
*/
func acmeRegisterSpecialRoutingRule() {
err := dynamicProxyRouter.AddRoutingRules(&dynamicproxy.RoutingRule{
ID: "acme-autorenew",
MatchRule: func(r *http.Request) bool {
if r.RequestURI == "/.well-known/" {
return true
}
return false
},
RoutingHandler: func(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("HELLO WORLD, THIS IS ACME REQUEST HANDLER"))
},
Enabled: true,
})
if err != nil {
log.Println("[Err] " + err.Error())
}
}

11
src/api.go
View File

@ -6,6 +6,7 @@ import (
"imuslab.com/zoraxy/mod/auth"
"imuslab.com/zoraxy/mod/netstat"
"imuslab.com/zoraxy/mod/netutils"
"imuslab.com/zoraxy/mod/utils"
)
@ -55,6 +56,7 @@ func initAPIs() {
//TLS / SSL config
authRouter.HandleFunc("/api/cert/tls", handleToggleTLSProxy)
authRouter.HandleFunc("/api/cert/tlsRequireLatest", handleSetTlsRequireLatest)
authRouter.HandleFunc("/api/cert/upload", handleCertUpload)
authRouter.HandleFunc("/api/cert/list", handleListCertificate)
authRouter.HandleFunc("/api/cert/checkDefault", handleDefaultCertCheck)
@ -81,6 +83,11 @@ func initAPIs() {
authRouter.HandleFunc("/api/whitelist/ip/remove", handleIpWhitelistRemove)
authRouter.HandleFunc("/api/whitelist/enable", handleWhitelistEnable)
//Path Blocker APIs
authRouter.HandleFunc("/api/pathrule/add", pathRuleHandler.HandleAddBlockingPath)
authRouter.HandleFunc("/api/pathrule/list", pathRuleHandler.HandleListBlockingPath)
authRouter.HandleFunc("/api/pathrule/remove", pathRuleHandler.HandleRemoveBlockingPath)
//Statistic & uptime monitoring API
authRouter.HandleFunc("/api/stats/summary", statisticCollector.HandleTodayStatLoad)
authRouter.HandleFunc("/api/stats/countries", HandleCountryDistrSummary)
@ -121,9 +128,13 @@ func initAPIs() {
authRouter.HandleFunc("/api/analytic/list", AnalyticLoader.HandleSummaryList)
authRouter.HandleFunc("/api/analytic/load", AnalyticLoader.HandleLoadTargetDaySummary)
authRouter.HandleFunc("/api/analytic/loadRange", AnalyticLoader.HandleLoadTargetRangeSummary)
authRouter.HandleFunc("/api/analytic/exportRange", AnalyticLoader.HandleRangeExport)
authRouter.HandleFunc("/api/analytic/resetRange", AnalyticLoader.HandleRangeReset)
//Network utilities
authRouter.HandleFunc("/api/tools/ipscan", HandleIpScan)
authRouter.HandleFunc("/api/tools/traceroute", netutils.HandleTraceRoute)
authRouter.HandleFunc("/api/tools/ping", netutils.HandlePing)
authRouter.HandleFunc("/api/tools/webssh", HandleCreateProxySession)
authRouter.HandleFunc("/api/tools/websshSupported", HandleWebSshSupportCheck)
authRouter.HandleFunc("/api/tools/wol", HandleWakeOnLan)

27
src/cert.go
View File

@ -130,6 +130,33 @@ func handleToggleTLSProxy(w http.ResponseWriter, r *http.Request) {
}
}
// Handle the GET and SET of reverse proxy TLS versions
func handleSetTlsRequireLatest(w http.ResponseWriter, r *http.Request) {
newState, err := utils.PostPara(r, "set")
if err != nil {
//GET
var reqLatestTLS bool = false
if sysdb.KeyExists("settings", "forceLatestTLS") {
sysdb.Read("settings", "forceLatestTLS", &reqLatestTLS)
}
js, _ := json.Marshal(reqLatestTLS)
utils.SendJSONResponse(w, string(js))
} else {
if newState == "true" {
sysdb.Write("settings", "forceLatestTLS", true)
log.Println("Updating minimum TLS version to v1.2 or above")
dynamicProxyRouter.UpdateTLSVersion(true)
} else if newState == "false" {
sysdb.Write("settings", "forceLatestTLS", false)
log.Println("Updating minimum TLS version to v1.0 or above")
dynamicProxyRouter.UpdateTLSVersion(false)
} else {
utils.SendErrorResponse(w, "invalid state given")
}
}
}
// Handle upload of the certificate
func handleCertUpload(w http.ResponseWriter, r *http.Request) {
// check if request method is POST

5
src/go.mod
View File

@ -9,8 +9,9 @@ require (
github.com/gorilla/sessions v1.2.1
github.com/gorilla/websocket v1.4.2
github.com/grandcat/zeroconf v1.0.0
github.com/microcosm-cc/bluemonday v1.0.24
github.com/oschwald/geoip2-golang v1.8.0
github.com/satori/go.uuid v1.2.0
golang.org/x/net v0.9.0 // indirect
golang.org/x/sys v0.7.0
golang.org/x/net v0.10.0
golang.org/x/sys v0.8.0
)

16
src/go.sum
View File

@ -1,3 +1,5 @@
github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk=
github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
github.com/boltdb/bolt v1.3.1 h1:JQmyP4ZBrce+ZQu0dY660FMfatumYDLun9hBCUVIkF4=
github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps=
github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=
@ -10,6 +12,8 @@ github.com/go-ping/ping v1.1.0/go.mod h1:xIFjORFzTxqIV/tDVGO4eDy/bLuSyawEeojSm3G
github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/gorilla/css v1.0.0 h1:BQqNyPTi50JCFMTw/b67hByjMVXZRwGha6wxVGkeihY=
github.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl60c=
github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
github.com/gorilla/sessions v1.2.1 h1:DHd3rPN5lE3Ts3D8rKkQ8x/0kqfeNmBAaiSi+o7FsgI=
@ -18,6 +22,8 @@ github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0U
github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
github.com/grandcat/zeroconf v1.0.0 h1:uHhahLBKqwWBV6WZUDAT71044vwOTL+McW0mBJvo6kE=
github.com/grandcat/zeroconf v1.0.0/go.mod h1:lTKmG1zh86XyCoUeIHSA4FJMBwCJiQmGfcP2PdzytEs=
github.com/microcosm-cc/bluemonday v1.0.24 h1:NGQoPtwGVcbGkKfvyYk1yRqknzBuoMiUrO6R7uFTPlw=
github.com/microcosm-cc/bluemonday v1.0.24/go.mod h1:ArQySAMps0790cHSkdPEJ7bGkF2VePWH773hsJNSHf8=
github.com/miekg/dns v1.1.27 h1:aEH/kqUzUxGJ/UHcEKdJY+ugH6WEzsEBBSPa8zuy1aM=
github.com/miekg/dns v1.1.27/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
github.com/oschwald/geoip2-golang v1.8.0 h1:KfjYB8ojCEn/QLqsDU0AzrJ3R5Qa9vFlx3z6SLNcKTs=
@ -52,8 +58,8 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v
golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM=
golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@ -69,12 +75,12 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220804214406-8e32c043e418/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU=
golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=

9
src/main.go
View File

@ -21,6 +21,7 @@ import (
"imuslab.com/zoraxy/mod/geodb"
"imuslab.com/zoraxy/mod/mdns"
"imuslab.com/zoraxy/mod/netstat"
"imuslab.com/zoraxy/mod/pathrule"
"imuslab.com/zoraxy/mod/sshprox"
"imuslab.com/zoraxy/mod/statistic"
"imuslab.com/zoraxy/mod/statistic/analytic"
@ -38,9 +39,9 @@ var ztAuthToken = flag.String("ztauth", "", "ZeroTier authtoken for the local no
var ztAPIPort = flag.Int("ztport", 9993, "ZeroTier controller API port")
var (
name = "Zoraxy"
version = "2.6.1"
version = "2.6.4"
nodeUUID = "generic"
development = true //Set this to false to use embedded web fs
development = false //Set this to false to use embedded web fs
bootTime = time.Now().Unix()
/*
@ -57,6 +58,7 @@ var (
authAgent *auth.AuthAgent //Authentication agent
tlsCertManager *tlscert.Manager //TLS / SSL management
redirectTable *redirection.RuleTable //Handle special redirection rule sets
pathRuleHandler *pathrule.Handler //Handle specific path blocking or custom headers
geodbStore *geodb.Store //GeoIP database, also handle black list and whitelist features
netstatBuffers *netstat.NetStatBuffers //Realtime graph buffers
statisticCollector *statistic.Collector //Collecting statistic from visitors
@ -149,6 +151,9 @@ func main() {
time.Sleep(500 * time.Millisecond)
//Start the finalize sequences
finalSequence()
log.Println("Zoraxy started. Visit control panel at http://localhost" + handler.Port)
err = http.ListenAndServe(handler.Port, nil)

1
src/mod/dynamicproxy/Server.go
View File

@ -115,7 +115,6 @@ func (h *ProxyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
h.proxyRequest(w, r, targetProxyEndpoint)
} else if !strings.HasSuffix(proxyingPath, "/") {
potentialProxtEndpoint := h.Parent.getTargetProxyEndpointFromRequestURI(proxyingPath + "/")
if potentialProxtEndpoint != nil {
//Missing tailing slash. Redirect to target proxy endpoint
http.Redirect(w, r, r.RequestURI+"/", http.StatusTemporaryRedirect)

6
src/mod/dynamicproxy/dpcore/dpcore.go
View File

@ -278,6 +278,12 @@ func addXForwardedForHeader(req *http.Request) {
clientIP = strings.Join(prior, ", ") + ", " + clientIP
}
req.Header.Set("X-Forwarded-For", clientIP)
if req.TLS != nil {
req.Header.Set("X-Forwarded-Proto", "https")
} else {
req.Header.Set("X-Forwarded-Proto", "http")
}
}
}

22
src/mod/dynamicproxy/dynamicproxy.go
View File

@ -45,6 +45,13 @@ func (router *Router) UpdateTLSSetting(tlsEnabled bool) {
router.Restart()
}
// Update TLS Version in runtime. Will restart proxy server if running.
// Set this to true to force TLS 1.2 or above
func (router *Router) UpdateTLSVersion(requireLatest bool) {
router.Option.ForceTLSLatest = requireLatest
router.Restart()
}
// Update https redirect, which will require updates
func (router *Router) UpdateHttpToHttpsRedirectSetting(useRedirect bool) {
router.Option.ForceHttpsRedirect = useRedirect
@ -62,8 +69,13 @@ func (router *Router) StartProxyService() error {
return errors.New("Reverse proxy router root not set")
}
minVersion := tls.VersionTLS10
if router.Option.ForceTLSLatest {
minVersion = tls.VersionTLS12
}
config := &tls.Config{
GetCertificate: router.Option.TlsManager.GetCert,
MinVersion: uint16(minVersion),
}
if router.Option.UseTls {
@ -171,18 +183,22 @@ func (router *Router) StopProxyService() error {
}
// Restart the current router if it is running.
// Startup the server if it is not running initially
func (router *Router) Restart() error {
//Stop the router if it is already running
var err error = nil
if router.Running {
err := router.StopProxyService()
if err != nil {
return err
}
// Start the server
err = router.StartProxyService()
if err != nil {
return err
}
}
//Start the server
err := router.StartProxyService()
return err
}

2
src/mod/dynamicproxy/proxyRequestHandler.go
View File

@ -57,6 +57,7 @@ func (router *Router) rewriteURL(rooturl string, requestURL string) string {
// Handle subdomain request
func (h *ProxyHandler) subdomainRequest(w http.ResponseWriter, r *http.Request, target *ProxyEndpoint) {
r.Header.Set("X-Forwarded-Host", r.Host)
r.Header.Set("X-Forwarded-Server", "zoraxy-"+h.Parent.Option.HostUUID)
requestURL := r.URL.String()
if r.Header["Upgrade"] != nil && strings.ToLower(r.Header["Upgrade"][0]) == "websocket" {
//Handle WebSocket request. Forward the custom Upgrade header and rewrite origin
@ -116,6 +117,7 @@ func (h *ProxyHandler) proxyRequest(w http.ResponseWriter, r *http.Request, targ
r.URL, _ = url.Parse(rewriteURL)
r.Header.Set("X-Forwarded-Host", r.Host)
r.Header.Set("X-Forwarded-Server", "zoraxy-"+h.Parent.Option.HostUUID)
if r.Header["Upgrade"] != nil && strings.ToLower(r.Header["Upgrade"][0]) == "websocket" {
//Handle WebSocket request. Forward the custom Upgrade header and rewrite origin
r.Header.Set("A-Upgrade", "websocket")

26
src/mod/dynamicproxy/special.go
View File

@ -15,12 +15,12 @@ import (
type RoutingRule struct {
ID string
MatchRule func(r *http.Request) bool
RoutingHandler http.Handler
RoutingHandler func(http.ResponseWriter, *http.Request)
Enabled bool
}
//Router functions
//Check if a routing rule exists given its id
// Router functions
// Check if a routing rule exists given its id
func (router *Router) GetRoutingRuleById(rrid string) (*RoutingRule, error) {
for _, rr := range router.routingRules {
if rr.ID == rrid {
@ -31,19 +31,19 @@ func (router *Router) GetRoutingRuleById(rrid string) (*RoutingRule, error) {
return nil, errors.New("routing rule with given id not found")
}
//Add a routing rule to the router
// Add a routing rule to the router
func (router *Router) AddRoutingRules(rr *RoutingRule) error {
_, err := router.GetRoutingRuleById(rr.ID)
if err != nil {
if err == nil {
//routing rule with given id already exists
return err
return errors.New("routing rule with same id already exists")
}
router.routingRules = append(router.routingRules, rr)
return nil
}
//Remove a routing rule from the router
// Remove a routing rule from the router
func (router *Router) RemoveRoutingRule(rrid string) {
newRoutingRules := []*RoutingRule{}
for _, rr := range router.routingRules {
@ -55,13 +55,13 @@ func (router *Router) RemoveRoutingRule(rrid string) {
router.routingRules = newRoutingRules
}
//Get all routing rules
// Get all routing rules
func (router *Router) GetAllRoutingRules() []*RoutingRule {
return router.routingRules
}
//Get the matching routing rule that describe this request.
//Return nil if no routing rule is match
// Get the matching routing rule that describe this request.
// Return nil if no routing rule is match
func (router *Router) GetMatchingRoutingRule(r *http.Request) *RoutingRule {
for _, thisRr := range router.routingRules {
if thisRr.IsMatch(r) {
@ -71,8 +71,8 @@ func (router *Router) GetMatchingRoutingRule(r *http.Request) *RoutingRule {
return nil
}
//Routing Rule functions
//Check if a request object match the
// Routing Rule functions
// Check if a request object match the
func (e *RoutingRule) IsMatch(r *http.Request) bool {
if !e.Enabled {
return false
@ -81,5 +81,5 @@ func (e *RoutingRule) IsMatch(r *http.Request) bool {
}
func (e *RoutingRule) Route(w http.ResponseWriter, r *http.Request) {
e.RoutingHandler.ServeHTTP(w, r)
e.RoutingHandler(w, r)
}

10
src/mod/dynamicproxy/typedef.go
View File

@ -22,12 +22,14 @@ type ProxyHandler struct {
}
type RouterOption struct {
Port int
UseTls bool
ForceHttpsRedirect bool
HostUUID string //The UUID of Zoraxy, use for heading mod
Port int //Incoming port
UseTls bool //Use TLS to serve incoming requsts
ForceTLSLatest bool //Force TLS1.2 or above
ForceHttpsRedirect bool //Force redirection of http to https endpoint
TlsManager *tlscert.Manager
RedirectRuleTable *redirection.RuleTable
GeodbStore *geodb.Store
GeodbStore *geodb.Store //GeoIP blacklist and whitelist
StatisticCollector *statistic.Collector
}

16
src/mod/expose/expose.go Normal file
View File

@ -0,0 +1,16 @@
package expose
/*
Service Expose Proxy
A tunnel for getting your local server online in one line
(No, this is not ngrok)
*/
type Router struct {
}
//Create a new service expose router
func NewServiceExposeRouter() {
}

111
src/mod/expose/security.go Normal file
View File

@ -0,0 +1,111 @@
package expose
import (
"crypto/rand"
"crypto/rsa"
"crypto/sha512"
"crypto/x509"
"encoding/pem"
"errors"
"log"
)
// GenerateKeyPair generates a new key pair
func GenerateKeyPair(bits int) (*rsa.PrivateKey, *rsa.PublicKey, error) {
privkey, err := rsa.GenerateKey(rand.Reader, bits)
if err != nil {
return nil, nil, err
}
return privkey, &privkey.PublicKey, nil
}
// PrivateKeyToBytes private key to bytes
func PrivateKeyToBytes(priv *rsa.PrivateKey) []byte {
privBytes := pem.EncodeToMemory(
&pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(priv),
},
)
return privBytes
}
// PublicKeyToBytes public key to bytes
func PublicKeyToBytes(pub *rsa.PublicKey) ([]byte, error) {
pubASN1, err := x509.MarshalPKIXPublicKey(pub)
if err != nil {
return []byte(""), err
}
pubBytes := pem.EncodeToMemory(&pem.Block{
Type: "RSA PUBLIC KEY",
Bytes: pubASN1,
})
return pubBytes, nil
}
// BytesToPrivateKey bytes to private key
func BytesToPrivateKey(priv []byte) (*rsa.PrivateKey, error) {
block, _ := pem.Decode(priv)
enc := x509.IsEncryptedPEMBlock(block)
b := block.Bytes
var err error
if enc {
log.Println("is encrypted pem block")
b, err = x509.DecryptPEMBlock(block, nil)
if err != nil {
return nil, err
}
}
key, err := x509.ParsePKCS1PrivateKey(b)
if err != nil {
return nil, err
}
return key, nil
}
// BytesToPublicKey bytes to public key
func BytesToPublicKey(pub []byte) (*rsa.PublicKey, error) {
block, _ := pem.Decode(pub)
enc := x509.IsEncryptedPEMBlock(block)
b := block.Bytes
var err error
if enc {
log.Println("is encrypted pem block")
b, err = x509.DecryptPEMBlock(block, nil)
if err != nil {
return nil, err
}
}
ifc, err := x509.ParsePKIXPublicKey(b)
if err != nil {
return nil, err
}
key, ok := ifc.(*rsa.PublicKey)
if !ok {
return nil, errors.New("key not valid")
}
return key, nil
}
// EncryptWithPublicKey encrypts data with public key
func EncryptWithPublicKey(msg []byte, pub *rsa.PublicKey) ([]byte, error) {
hash := sha512.New()
ciphertext, err := rsa.EncryptOAEP(hash, rand.Reader, pub, msg, nil)
if err != nil {
return []byte(""), err
}
return ciphertext, nil
}
// DecryptWithPrivateKey decrypts data with private key
func DecryptWithPrivateKey(ciphertext []byte, priv *rsa.PrivateKey) ([]byte, error) {
hash := sha512.New()
plaintext, err := rsa.DecryptOAEP(hash, rand.Reader, priv, ciphertext, nil)
if err != nil {
return []byte(""), err
}
return plaintext, nil
}

91
src/mod/geodb/blacklist.go Normal file
View File

@ -0,0 +1,91 @@
package geodb
import "strings"
/*
Blacklist.go
This script store the blacklist related functions
*/
//Geo Blacklist
func (s *Store) AddCountryCodeToBlackList(countryCode string) {
countryCode = strings.ToLower(countryCode)
s.sysdb.Write("blacklist-cn", countryCode, true)
}
func (s *Store) RemoveCountryCodeFromBlackList(countryCode string) {
countryCode = strings.ToLower(countryCode)
s.sysdb.Delete("blacklist-cn", countryCode)
}
func (s *Store) IsCountryCodeBlacklisted(countryCode string) bool {
countryCode = strings.ToLower(countryCode)
var isBlacklisted bool = false
s.sysdb.Read("blacklist-cn", countryCode, &isBlacklisted)
return isBlacklisted
}
func (s *Store) GetAllBlacklistedCountryCode() []string {
bannedCountryCodes := []string{}
entries, err := s.sysdb.ListTable("blacklist-cn")
if err != nil {
return bannedCountryCodes
}
for _, keypairs := range entries {
ip := string(keypairs[0])
bannedCountryCodes = append(bannedCountryCodes, ip)
}
return bannedCountryCodes
}
//IP Blacklsits
func (s *Store) AddIPToBlackList(ipAddr string) {
s.sysdb.Write("blacklist-ip", ipAddr, true)
}
func (s *Store) RemoveIPFromBlackList(ipAddr string) {
s.sysdb.Delete("blacklist-ip", ipAddr)
}
func (s *Store) GetAllBlacklistedIp() []string {
bannedIps := []string{}
entries, err := s.sysdb.ListTable("blacklist-ip")
if err != nil {
return bannedIps
}
for _, keypairs := range entries {
ip := string(keypairs[0])
bannedIps = append(bannedIps, ip)
}
return bannedIps
}
func (s *Store) IsIPBlacklisted(ipAddr string) bool {
var isBlacklisted bool = false
s.sysdb.Read("blacklist-ip", ipAddr, &isBlacklisted)
if isBlacklisted {
return true
}
//Check for IP wildcard and CIRD rules
AllBlacklistedIps := s.GetAllBlacklistedIp()
for _, blacklistRule := range AllBlacklistedIps {
wildcardMatch := MatchIpWildcard(ipAddr, blacklistRule)
if wildcardMatch {
return true
}
cidrMatch := MatchIpCIDR(ipAddr, blacklistRule)
if cidrMatch {
return true
}
}
return false
}

183
src/mod/geodb/geodb.go
View File

@ -3,8 +3,8 @@ package geodb
import (
_ "embed"
"log"
"net"
"net/http"
"strings"
"imuslab.com/zoraxy/mod/database"
)
@ -112,170 +112,6 @@ func (s *Store) Close() {
}
/*
Country code based black / white list
*/
func (s *Store) AddCountryCodeToBlackList(countryCode string) {
countryCode = strings.ToLower(countryCode)
s.sysdb.Write("blacklist-cn", countryCode, true)
}
func (s *Store) RemoveCountryCodeFromBlackList(countryCode string) {
countryCode = strings.ToLower(countryCode)
s.sysdb.Delete("blacklist-cn", countryCode)
}
func (s *Store) AddCountryCodeToWhitelist(countryCode string) {
countryCode = strings.ToLower(countryCode)
s.sysdb.Write("whitelist-cn", countryCode, true)
}
func (s *Store) RemoveCountryCodeFromWhitelist(countryCode string) {
countryCode = strings.ToLower(countryCode)
s.sysdb.Delete("whitelist-cn", countryCode)
}
func (s *Store) IsCountryCodeBlacklisted(countryCode string) bool {
countryCode = strings.ToLower(countryCode)
var isBlacklisted bool = false
s.sysdb.Read("blacklist-cn", countryCode, &isBlacklisted)
return isBlacklisted
}
func (s *Store) IsCountryCodeWhitelisted(countryCode string) bool {
countryCode = strings.ToLower(countryCode)
var isWhitelisted bool = false
s.sysdb.Read("whitelist-cn", countryCode, &isWhitelisted)
return isWhitelisted
}
func (s *Store) GetAllBlacklistedCountryCode() []string {
bannedCountryCodes := []string{}
entries, err := s.sysdb.ListTable("blacklist-cn")
if err != nil {
return bannedCountryCodes
}
for _, keypairs := range entries {
ip := string(keypairs[0])
bannedCountryCodes = append(bannedCountryCodes, ip)
}
return bannedCountryCodes
}
func (s *Store) GetAllWhitelistedCountryCode() []string {
whitelistedCountryCode := []string{}
entries, err := s.sysdb.ListTable("whitelist-cn")
if err != nil {
return whitelistedCountryCode
}
for _, keypairs := range entries {
ip := string(keypairs[0])
whitelistedCountryCode = append(whitelistedCountryCode, ip)
}
return whitelistedCountryCode
}
/*
IP based black / whitelist
*/
func (s *Store) AddIPToBlackList(ipAddr string) {
s.sysdb.Write("blacklist-ip", ipAddr, true)
}
func (s *Store) RemoveIPFromBlackList(ipAddr string) {
s.sysdb.Delete("blacklist-ip", ipAddr)
}
func (s *Store) AddIPToWhiteList(ipAddr string) {
s.sysdb.Write("whitelist-ip", ipAddr, true)
}
func (s *Store) RemoveIPFromWhiteList(ipAddr string) {
s.sysdb.Delete("whitelist-ip", ipAddr)
}
func (s *Store) IsIPBlacklisted(ipAddr string) bool {
var isBlacklisted bool = false
s.sysdb.Read("blacklist-ip", ipAddr, &isBlacklisted)
if isBlacklisted {
return true
}
//Check for IP wildcard and CIRD rules
AllBlacklistedIps := s.GetAllBlacklistedIp()
for _, blacklistRule := range AllBlacklistedIps {
wildcardMatch := MatchIpWildcard(ipAddr, blacklistRule)
if wildcardMatch {
return true
}
cidrMatch := MatchIpCIDR(ipAddr, blacklistRule)
if cidrMatch {
return true
}
}
return false
}
func (s *Store) IsIPWhitelisted(ipAddr string) bool {
var isBlacklisted bool = false
s.sysdb.Read("whitelist-ip", ipAddr, &isBlacklisted)
if isBlacklisted {
return true
}
//Check for IP wildcard and CIRD rules
AllBlacklistedIps := s.GetAllBlacklistedIp()
for _, blacklistRule := range AllBlacklistedIps {
wildcardMatch := MatchIpWildcard(ipAddr, blacklistRule)
if wildcardMatch {
return true
}
cidrMatch := MatchIpCIDR(ipAddr, blacklistRule)
if cidrMatch {
return true
}
}
return false
}
func (s *Store) GetAllBlacklistedIp() []string {
bannedIps := []string{}
entries, err := s.sysdb.ListTable("blacklist-ip")
if err != nil {
return bannedIps
}
for _, keypairs := range entries {
ip := string(keypairs[0])
bannedIps = append(bannedIps, ip)
}
return bannedIps
}
func (s *Store) GetAllWhitelistedIp() []string {
whitelistedIp := []string{}
entries, err := s.sysdb.ListTable("whitelist-ip")
if err != nil {
return whitelistedIp
}
for _, keypairs := range entries {
ip := string(keypairs[0])
whitelistedIp = append(whitelistedIp, ip)
}
return whitelistedIp
}
/*
Check if a IP address is blacklisted, in either country or IP blacklist
IsBlacklisted default return is false (allow access)
@ -341,6 +177,23 @@ func (s *Store) IsWhitelisted(ipAddr string) bool {
return false
}
// A helper function that check both blacklist and whitelist for access
// for both geoIP and ip / CIDR ranges
func (s *Store) AllowIpAccess(ipaddr string) bool {
if s.IsBlacklisted(ipaddr) {
return false
}
return s.IsWhitelisted(ipaddr)
}
func (s *Store) AllowConnectionAccess(conn net.Conn) bool {
if addr, ok := conn.RemoteAddr().(*net.TCPAddr); ok {
return s.AllowIpAccess(addr.IP.String())
}
return true
}
func (s *Store) GetRequesterCountryISOCode(r *http.Request) string {
ipAddr := GetRequesterIP(r)
if ipAddr == "" {

91
src/mod/geodb/whitelist.go Normal file
View File

@ -0,0 +1,91 @@
package geodb
import "strings"
/*
Whitelist.go
This script handles whitelist related functions
*/
//Geo Whitelist
func (s *Store) AddCountryCodeToWhitelist(countryCode string) {
countryCode = strings.ToLower(countryCode)
s.sysdb.Write("whitelist-cn", countryCode, true)
}
func (s *Store) RemoveCountryCodeFromWhitelist(countryCode string) {
countryCode = strings.ToLower(countryCode)
s.sysdb.Delete("whitelist-cn", countryCode)
}
func (s *Store) IsCountryCodeWhitelisted(countryCode string) bool {
countryCode = strings.ToLower(countryCode)
var isWhitelisted bool = false
s.sysdb.Read("whitelist-cn", countryCode, &isWhitelisted)
return isWhitelisted
}
func (s *Store) GetAllWhitelistedCountryCode() []string {
whitelistedCountryCode := []string{}
entries, err := s.sysdb.ListTable("whitelist-cn")
if err != nil {
return whitelistedCountryCode
}
for _, keypairs := range entries {
ip := string(keypairs[0])
whitelistedCountryCode = append(whitelistedCountryCode, ip)
}
return whitelistedCountryCode
}
//IP Whitelist
func (s *Store) AddIPToWhiteList(ipAddr string) {
s.sysdb.Write("whitelist-ip", ipAddr, true)
}
func (s *Store) RemoveIPFromWhiteList(ipAddr string) {
s.sysdb.Delete("whitelist-ip", ipAddr)
}
func (s *Store) IsIPWhitelisted(ipAddr string) bool {
var isWhitelisted bool = false
s.sysdb.Read("whitelist-ip", ipAddr, &isWhitelisted)
if isWhitelisted {
return true
}
//Check for IP wildcard and CIRD rules
AllWhitelistedIps := s.GetAllWhitelistedIp()
for _, whitelistRules := range AllWhitelistedIps {
wildcardMatch := MatchIpWildcard(ipAddr, whitelistRules)
if wildcardMatch {
return true
}
cidrMatch := MatchIpCIDR(ipAddr, whitelistRules)
if cidrMatch {
return true
}
}
return false
}
func (s *Store) GetAllWhitelistedIp() []string {
whitelistedIp := []string{}
entries, err := s.sysdb.ListTable("whitelist-ip")
if err != nil {
return whitelistedIp
}
for _, keypairs := range entries {
ip := string(keypairs[0])
whitelistedIp = append(whitelistedIp, ip)
}
return whitelistedIp
}

69
src/mod/netutils/netutils.go Normal file
View File

@ -0,0 +1,69 @@
package netutils
import (
"encoding/json"
"fmt"
"net/http"
"strconv"
"imuslab.com/zoraxy/mod/utils"
)
/*
This script handles basic network utilities like
- traceroute
- ping
*/
func HandleTraceRoute(w http.ResponseWriter, r *http.Request) {
targetIpOrDomain, err := utils.GetPara(r, "target")
if err != nil {
utils.SendErrorResponse(w, "invalid target (domain or ip) address given")
return
}
maxhopsString, err := utils.GetPara(r, "maxhops")
if err != nil {
maxhopsString = "64"
}
maxHops, err := strconv.Atoi(maxhopsString)
if err != nil {
maxHops = 64
}
results, err := TraceRoute(targetIpOrDomain, maxHops)
if err != nil {
utils.SendErrorResponse(w, err.Error())
return
}
js, _ := json.Marshal(results)
utils.SendJSONResponse(w, string(js))
}
func TraceRoute(targetIpOrDomain string, maxHops int) ([]string, error) {
return traceroute(targetIpOrDomain, maxHops)
}
func HandlePing(w http.ResponseWriter, r *http.Request) {
targetIpOrDomain, err := utils.GetPara(r, "target")
if err != nil {
utils.SendErrorResponse(w, "invalid target (domain or ip) address given")
return
}
results := []string{}
for i := 0; i < 4; i++ {
realIP, pingTime, ttl, err := PingIP(targetIpOrDomain)
if err != nil {
results = append(results, "Reply from "+realIP+": "+err.Error())
} else {
results = append(results, fmt.Sprintf("Reply from %s: Time=%dms TTL=%d", realIP, pingTime.Milliseconds(), ttl))
}
}
js, _ := json.Marshal(results)
utils.SendJSONResponse(w, string(js))
}

28
src/mod/netutils/netutils_test.go Normal file
View File

@ -0,0 +1,28 @@
package netutils_test
import (
"testing"
"imuslab.com/zoraxy/mod/netutils"
)
func TestHandleTraceRoute(t *testing.T) {
results, err := netutils.TraceRoute("imuslab.com", 64)
if err != nil {
t.Fatal(err)
}
t.Log(results)
}
func TestHandlePing(t *testing.T) {
ipOrDomain := "example.com"
realIP, pingTime, ttl, err := netutils.PingIP(ipOrDomain)
if err != nil {
t.Fatal("Error:", err)
return
}
t.Log(realIP, pingTime, ttl)
}

48
src/mod/netutils/pingip.go Normal file
View File

@ -0,0 +1,48 @@
package netutils
import (
"fmt"
"net"
"time"
)
func PingIP(ipOrDomain string) (string, time.Duration, int, error) {
ipAddr, err := net.ResolveIPAddr("ip", ipOrDomain)
if err != nil {
return "", 0, 0, fmt.Errorf("failed to resolve IP address: %v", err)
}
ip := ipAddr.IP.String()
start := time.Now()
conn, err := net.Dial("ip:icmp", ip)
if err != nil {
return ip, 0, 0, fmt.Errorf("failed to establish ICMP connection: %v", err)
}
defer conn.Close()
icmpMsg := []byte{8, 0, 0, 0, 0, 1, 0, 0}
_, err = conn.Write(icmpMsg)
if err != nil {
return ip, 0, 0, fmt.Errorf("failed to send ICMP message: %v", err)
}
reply := make([]byte, 1500)
err = conn.SetReadDeadline(time.Now().Add(3 * time.Second))
if err != nil {
return ip, 0, 0, fmt.Errorf("failed to set read deadline: %v", err)
}
_, err = conn.Read(reply)
if err != nil {
return ip, 0, 0, fmt.Errorf("failed to read ICMP reply: %v", err)
}
elapsed := time.Since(start)
pingTime := elapsed.Round(time.Millisecond)
ttl := int(reply[8])
return ip, pingTime, ttl, nil
}

212
src/mod/netutils/traceroute.go Normal file
View File

@ -0,0 +1,212 @@
package netutils
import (
"fmt"
"net"
"os"
"time"
"golang.org/x/net/icmp"
"golang.org/x/net/ipv4"
)
const (
protocolICMP = 1
)
// liveTraceRoute return realtime tracing information to live response handler
func liveTraceRoute(dst string, maxHops int, liveRespHandler func(string)) error {
timeout := time.Second * 3
// resolve the host name to an IP address
ipAddr, err := net.ResolveIPAddr("ip4", dst)
if err != nil {
return fmt.Errorf("failed to resolve IP address for %s: %v", dst, err)
}
// create a socket to listen for incoming ICMP packets
conn, err := icmp.ListenPacket("ip4:icmp", "0.0.0.0")
if err != nil {
return fmt.Errorf("failed to create ICMP listener: %v", err)
}
defer conn.Close()
id := os.Getpid() & 0xffff
seq := 0
loop_ttl:
for ttl := 1; ttl <= maxHops; ttl++ {
// set the TTL on the socket
if err := conn.IPv4PacketConn().SetTTL(ttl); err != nil {
return fmt.Errorf("failed to set TTL: %v", err)
}
seq++
// create an ICMP message
msg := icmp.Message{
Type: ipv4.ICMPTypeEcho,
Code: 0,
Body: &icmp.Echo{
ID: id,
Seq: seq,
Data: []byte("zoraxy_trace"),
},
}
// serialize the ICMP message
msgBytes, err := msg.Marshal(nil)
if err != nil {
return fmt.Errorf("failed to serialize ICMP message: %v", err)
}
// send the ICMP message
start := time.Now()
if _, err := conn.WriteTo(msgBytes, ipAddr); err != nil {
//log.Printf("%d: %v", ttl, err)
liveRespHandler(fmt.Sprintf("%d: %v", ttl, err))
continue loop_ttl
}
// listen for the reply
replyBytes := make([]byte, 1500)
if err := conn.SetReadDeadline(time.Now().Add(timeout)); err != nil {
return fmt.Errorf("failed to set read deadline: %v", err)
}
for i := 0; i < 3; i++ {
n, peer, err := conn.ReadFrom(replyBytes)
if err != nil {
if opErr, ok := err.(*net.OpError); ok && opErr.Timeout() {
//fmt.Printf("%d: *\n", ttl)
liveRespHandler(fmt.Sprintf("%d: *\n", ttl))
continue loop_ttl
} else {
liveRespHandler(fmt.Sprintf("%d: Failed to parse ICMP message: %v", ttl, err))
}
continue
}
// parse the ICMP message
replyMsg, err := icmp.ParseMessage(protocolICMP, replyBytes[:n])
if err != nil {
liveRespHandler(fmt.Sprintf("%d: Failed to parse ICMP message: %v", ttl, err))
continue
}
// check if the reply is an echo reply
if replyMsg.Type == ipv4.ICMPTypeEchoReply {
echoReply, ok := msg.Body.(*icmp.Echo)
if !ok || echoReply.ID != id || echoReply.Seq != seq {
continue
}
liveRespHandler(fmt.Sprintf("%d: %v %v\n", ttl, peer, time.Since(start)))
break loop_ttl
}
if replyMsg.Type == ipv4.ICMPTypeTimeExceeded {
echoReply, ok := msg.Body.(*icmp.Echo)
if !ok || echoReply.ID != id || echoReply.Seq != seq {
continue
}
var raddr = peer.String()
names, _ := net.LookupAddr(raddr)
if len(names) > 0 {
raddr = names[0] + " (" + raddr + ")"
} else {
raddr = raddr + " (" + raddr + ")"
}
liveRespHandler(fmt.Sprintf("%d: %v %v\n", ttl, raddr, time.Since(start)))
continue loop_ttl
}
}
}
return nil
}
// Standard traceroute, return results after complete
func traceroute(dst string, maxHops int) ([]string, error) {
results := []string{}
timeout := time.Second * 3
// resolve the host name to an IP address
ipAddr, err := net.ResolveIPAddr("ip4", dst)
if err != nil {
return results, fmt.Errorf("failed to resolve IP address for %s: %v", dst, err)
}
// create a socket to listen for incoming ICMP packets
conn, err := icmp.ListenPacket("ip4:icmp", "0.0.0.0")
if err != nil {
return results, fmt.Errorf("failed to create ICMP listener: %v", err)
}
defer conn.Close()
id := os.Getpid() & 0xffff
seq := 0
loop_ttl:
for ttl := 1; ttl <= maxHops; ttl++ {
// set the TTL on the socket
if err := conn.IPv4PacketConn().SetTTL(ttl); err != nil {
return results, fmt.Errorf("failed to set TTL: %v", err)
}
seq++
// create an ICMP message
msg := icmp.Message{
Type: ipv4.ICMPTypeEcho,
Code: 0,
Body: &icmp.Echo{
ID: id,
Seq: seq,
Data: []byte("zoraxy_trace"),
},
}
// serialize the ICMP message
msgBytes, err := msg.Marshal(nil)
if err != nil {
return results, fmt.Errorf("failed to serialize ICMP message: %v", err)
}
// send the ICMP message
start := time.Now()
if _, err := conn.WriteTo(msgBytes, ipAddr); err != nil {
//log.Printf("%d: %v", ttl, err)
results = append(results, fmt.Sprintf("%d: %v", ttl, err))
continue loop_ttl
}
// listen for the reply
replyBytes := make([]byte, 1500)
if err := conn.SetReadDeadline(time.Now().Add(timeout)); err != nil {
return results, fmt.Errorf("failed to set read deadline: %v", err)
}
for i := 0; i < 3; i++ {
n, peer, err := conn.ReadFrom(replyBytes)
if err != nil {
if opErr, ok := err.(*net.OpError); ok && opErr.Timeout() {
//fmt.Printf("%d: *\n", ttl)
results = append(results, fmt.Sprintf("%d: *", ttl))
continue loop_ttl
} else {
results = append(results, fmt.Sprintf("%d: Failed to parse ICMP message: %v", ttl, err))
}
continue
}
// parse the ICMP message
replyMsg, err := icmp.ParseMessage(protocolICMP, replyBytes[:n])
if err != nil {
results = append(results, fmt.Sprintf("%d: Failed to parse ICMP message: %v", ttl, err))
continue
}
// check if the reply is an echo reply
if replyMsg.Type == ipv4.ICMPTypeEchoReply {
echoReply, ok := msg.Body.(*icmp.Echo)
if !ok || echoReply.ID != id || echoReply.Seq != seq {
continue
}
results = append(results, fmt.Sprintf("%d: %v %v", ttl, peer, time.Since(start)))
break loop_ttl
}
if replyMsg.Type == ipv4.ICMPTypeTimeExceeded {
echoReply, ok := msg.Body.(*icmp.Echo)
if !ok || echoReply.ID != id || echoReply.Seq != seq {
continue
}
var raddr = peer.String()
names, _ := net.LookupAddr(raddr)
if len(names) > 0 {
raddr = names[0] + " (" + raddr + ")"
} else {
raddr = raddr + " (" + raddr + ")"
}
results = append(results, fmt.Sprintf("%d: %v %v", ttl, raddr, time.Since(start)))
continue loop_ttl
}
}
}
return results, nil
}

100
src/mod/pathrule/handler.go Normal file
View File

@ -0,0 +1,100 @@
package pathrule
import (
"encoding/json"
"net/http"
"strconv"
uuid "github.com/satori/go.uuid"
"imuslab.com/zoraxy/mod/utils"
)
/*
handler.go
This script handles pathblock api
*/
func (h *Handler) HandleListBlockingPath(w http.ResponseWriter, r *http.Request) {
js, _ := json.Marshal(h.BlockingPaths)
utils.SendJSONResponse(w, string(js))
}
func (h *Handler) HandleAddBlockingPath(w http.ResponseWriter, r *http.Request) {
matchingPath, err := utils.PostPara(r, "matchingPath")
if err != nil {
utils.SendErrorResponse(w, "invalid matching path given")
return
}
exactMatch, err := utils.PostPara(r, "exactMatch")
if err != nil {
utils.SendErrorResponse(w, "invalid exact match value given")
return
}
statusCodeString, err := utils.PostPara(r, "statusCode")
if err != nil {
utils.SendErrorResponse(w, "invalid status code given")
return
}
statusCode, err := strconv.Atoi(statusCodeString)
if err != nil {
utils.SendErrorResponse(w, "invalid status code given")
return
}
enabled, err := utils.PostPara(r, "enabled")
if err != nil {
utils.SendErrorResponse(w, "invalid enabled value given")
return
}
caseSensitive, err := utils.PostPara(r, "caseSensitive")
if err != nil {
utils.SendErrorResponse(w, "invalid case sensitive value given")
return
}
targetBlockingPath := BlockingPath{
UUID: uuid.NewV4().String(),
MatchingPath: matchingPath,
ExactMatch: exactMatch == "true",
StatusCode: statusCode,
CustomHeaders: http.Header{},
CustomHTML: []byte(""),
Enabled: enabled == "true",
CaseSenitive: caseSensitive == "true",
}
err = h.AddBlockingPath(&targetBlockingPath)
if err != nil {
utils.SendErrorResponse(w, err.Error())
return
}
utils.SendOK(w)
}
func (h *Handler) HandleRemoveBlockingPath(w http.ResponseWriter, r *http.Request) {
blockerUUID, err := utils.PostPara(r, "uuid")
if err != nil {
utils.SendErrorResponse(w, "invalid uuid given")
return
}
targetRule := h.GetPathBlockerFromUUID(blockerUUID)
if targetRule == nil {
//Not found
utils.SendErrorResponse(w, "target path blocker not found")
return
}
err = h.RemoveBlockingPathByUUID(blockerUUID)
if err != nil {
utils.SendErrorResponse(w, err.Error())
return
}
utils.SendOK(w)
}

175
src/mod/pathrule/pathrule.go Normal file
View File

@ -0,0 +1,175 @@
package pathrule
import (
"encoding/json"
"errors"
"net/http"
"os"
"path/filepath"
"strings"
"imuslab.com/zoraxy/mod/utils"
)
/*
Pathblock.go
This script block off some of the specific pathname in access
For example, this module can help you block request for a particular
apache directory or functional endpoints like /.well-known/ when you
are not using it
*/
type Options struct {
ConfigFolder string //The folder to store the path blocking config files
}
type BlockingPath struct {
UUID string
MatchingPath string
ExactMatch bool
StatusCode int
CustomHeaders http.Header
CustomHTML []byte
Enabled bool
CaseSenitive bool
}
type Handler struct {
Options *Options
BlockingPaths []*BlockingPath
}
// Create a new path blocker handler
func NewPathBlocker(options *Options) *Handler {
//Create folder if not exists
if !utils.FileExists(options.ConfigFolder) {
os.Mkdir(options.ConfigFolder, 0775)
}
//Load the configs from file
//TODO
return &Handler{
Options: options,
BlockingPaths: []*BlockingPath{},
}
}
func (h *Handler) ListBlockingPath() []*BlockingPath {
return h.BlockingPaths
}
// Get the blocker from matching path (path match, ignore tailing slash)
func (h *Handler) GetPathBlockerFromMatchingPath(matchingPath string) *BlockingPath {
for _, blocker := range h.BlockingPaths {
if blocker.MatchingPath == matchingPath {
return blocker
} else if strings.TrimSuffix(blocker.MatchingPath, "/") == strings.TrimSuffix(matchingPath, "/") {
return blocker
}
}
return nil
}
func (h *Handler) GetPathBlockerFromUUID(UUID string) *BlockingPath {
for _, blocker := range h.BlockingPaths {
if blocker.UUID == UUID {
return blocker
}
}
return nil
}
func (h *Handler) AddBlockingPath(pathBlocker *BlockingPath) error {
//Check if the blocker exists
blockerPath := pathBlocker.MatchingPath
targetBlocker := h.GetPathBlockerFromMatchingPath(blockerPath)
if targetBlocker != nil {
//Blocker with the same matching path already exists
return errors.New("path blocker with the same path already exists")
}
h.BlockingPaths = append(h.BlockingPaths, pathBlocker)
//Write the new config to file
return h.SaveBlockerToFile(pathBlocker)
}
func (h *Handler) RemoveBlockingPathByUUID(uuid string) error {
newBlockingList := []*BlockingPath{}
for _, thisBlocker := range h.BlockingPaths {
if thisBlocker.UUID != uuid {
newBlockingList = append(newBlockingList, thisBlocker)
}
}
if len(h.BlockingPaths) == len(newBlockingList) {
//Nothing is removed
return errors.New("given matching path blocker not exists")
}
h.BlockingPaths = newBlockingList
return h.RemoveBlockerFromFile(uuid)
}
func (h *Handler) SaveBlockerToFile(pathBlocker *BlockingPath) error {
saveFilename := filepath.Join(h.Options.ConfigFolder, pathBlocker.UUID)
js, _ := json.MarshalIndent(pathBlocker, "", " ")
return os.WriteFile(saveFilename, js, 0775)
}
func (h *Handler) RemoveBlockerFromFile(uuid string) error {
expectedConfigFile := filepath.Join(h.Options.ConfigFolder, uuid)
if !utils.FileExists(expectedConfigFile) {
return errors.New("config file not found on disk")
}
return os.Remove(expectedConfigFile)
}
// Get all the matching blockers for the given URL path
// return all the path blockers and the max length matching rule
func (h *Handler) GetMatchingBlockers(urlPath string) ([]*BlockingPath, *BlockingPath) {
urlPath = strings.TrimSuffix(urlPath, "/")
matchingBlockers := []*BlockingPath{}
var longestMatchingPrefix *BlockingPath = nil
for _, thisBlocker := range h.BlockingPaths {
if thisBlocker.Enabled == false {
//This blocker is not enabled. Ignore this
continue
}
incomingURLPath := urlPath
matchingPath := strings.TrimSuffix(thisBlocker.MatchingPath, "/")
if !thisBlocker.CaseSenitive {
//This is not case sensitive
incomingURLPath = strings.ToLower(incomingURLPath)
matchingPath = strings.ToLower(matchingPath)
}
if matchingPath == incomingURLPath {
//This blocker have exact url path match
matchingBlockers = append(matchingBlockers, thisBlocker)
if longestMatchingPrefix == nil || len(thisBlocker.MatchingPath) > len(longestMatchingPrefix.MatchingPath) {
longestMatchingPrefix = thisBlocker
}
continue
}
if !thisBlocker.ExactMatch && strings.HasPrefix(incomingURLPath, matchingPath) {
//This blocker have prefix url match
matchingBlockers = append(matchingBlockers, thisBlocker)
if longestMatchingPrefix == nil || len(thisBlocker.MatchingPath) > len(longestMatchingPrefix.MatchingPath) {
longestMatchingPrefix = thisBlocker
}
continue
}
}
return matchingBlockers, longestMatchingPrefix
}

16
src/mod/sshprox/embed.go Normal file
View File

@ -0,0 +1,16 @@
//go:build (windows && amd64) || (linux && mipsle) || (linux && riscv64)
// +build windows,amd64 linux,mipsle linux,riscv64
package sshprox
import "embed"
/*
Bianry embedding
Make sure when compile, gotty binary exists in static.gotty
*/
var (
//go:embed gotty/LICENSE
gotty embed.FS
)

18
src/mod/sshprox/embed_linux_386.go Normal file
View File

@ -0,0 +1,18 @@
//go:build linux && 386
// +build linux,386
package sshprox
import "embed"
/*
Bianry embedding for i386 builds
Make sure when compile, gotty binary exists in static.gotty
*/
var (
//go:embed gotty/gotty_linux_386
//go:embed gotty/.gotty
//go:embed gotty/LICENSE
gotty embed.FS
)

18
src/mod/sshprox/embed_linux_amd64.go Normal file
View File

@ -0,0 +1,18 @@
//go:build linux && amd64
// +build linux,amd64
package sshprox
import "embed"
/*
Bianry embedding for AMD64 builds
Make sure when compile, gotty binary exists in static.gotty
*/
var (
//go:embed gotty/gotty_linux_amd64
//go:embed gotty/.gotty
//go:embed gotty/LICENSE
gotty embed.FS
)

18
src/mod/sshprox/embed_linux_arm.go Normal file
View File

@ -0,0 +1,18 @@
//go:build linux && arm
// +build linux,arm
package sshprox
import "embed"
/*
Bianry embedding for ARM(v6/7) builds
Make sure when compile, gotty binary exists in static.gotty
*/
var (
//go:embed gotty/gotty_linux_arm
//go:embed gotty/.gotty
//go:embed gotty/LICENSE
gotty embed.FS
)

18
src/mod/sshprox/embed_linux_arm64.go Normal file
View File

@ -0,0 +1,18 @@
//go:build linux && arm64
// +build linux,arm64
package sshprox
import "embed"
/*
Bianry embedding for ARM64 builds
Make sure when compile, gotty binary exists in static.gotty
*/
var (
//go:embed gotty/gotty_linux_arm64
//go:embed gotty/.gotty
//go:embed gotty/LICENSE
gotty embed.FS
)

11
src/mod/sshprox/sshprox.go
View File

@ -1,7 +1,6 @@
package sshprox
import (
"embed"
"errors"
"fmt"
"log"
@ -28,16 +27,6 @@ import (
online ssh terminal
*/
/*
Bianry embedding
Make sure when compile, gotty binary exists in static.gotty
*/
var (
//go:embed gotty/*
gotty embed.FS
)
type Manager struct {
StartingPort int
Instances []*Instance

103
src/mod/statistic/analytic/analytic.go
View File

@ -1,10 +1,9 @@
package analytic
import (
"encoding/json"
"errors"
"net/http"
"strings"
"time"
"imuslab.com/zoraxy/mod/database"
"imuslab.com/zoraxy/mod/statistic"
@ -24,105 +23,49 @@ func NewDataLoader(db *database.Database, sc *statistic.Collector) *DataLoader {
}
}
func (d *DataLoader) HandleSummaryList(w http.ResponseWriter, r *http.Request) {
entries, err := d.Database.ListTable("stats")
// GetAllStatisticSummaryInRange return all the statisics within the time frame. The second array is the key (dates) of the statistic
func (d *DataLoader) GetAllStatisticSummaryInRange(start, end string) ([]*statistic.DailySummaryExport, []string, error) {
dailySummaries := []*statistic.DailySummaryExport{}
collectedDates := []string{}
//Generate all the dates in between the range
keys, err := generateDateRange(start, end)
if err != nil {
utils.SendErrorResponse(w, "unable to load data from database")
return
return dailySummaries, collectedDates, err
}
entryDates := []string{}
for _, keypairs := range entries {
entryDates = append(entryDates, string(keypairs[0]))
}
js, _ := json.MarshalIndent(entryDates, "", " ")
utils.SendJSONResponse(w, string(js))
}
func (d *DataLoader) HandleLoadTargetDaySummary(w http.ResponseWriter, r *http.Request) {
day, err := utils.GetPara(r, "id")
if err != nil {
utils.SendErrorResponse(w, "id cannot be empty")
return
}
if strings.Contains(day, "-") {
//Must be underscore
day = strings.ReplaceAll(day, "-", "_")
}
if !statistic.IsBeforeToday(day) {
utils.SendErrorResponse(w, "given date is in the future")
return
}
var targetDailySummary statistic.DailySummaryExport
if day == time.Now().Format("2006_01_02") {
targetDailySummary = *d.StatisticCollector.GetExportSummary()
} else {
//Not today data
err = d.Database.Read("stats", day, &targetDailySummary)
if err != nil {
utils.SendErrorResponse(w, "target day data not found")
return
//Load all the data from database
for _, key := range keys {
thisStat := statistic.DailySummaryExport{}
err = d.Database.Read("stats", key, &thisStat)
if err == nil {
dailySummaries = append(dailySummaries, &thisStat)
collectedDates = append(collectedDates, key)
}
}
js, _ := json.Marshal(targetDailySummary)
utils.SendJSONResponse(w, string(js))
return dailySummaries, collectedDates, nil
}
func (d *DataLoader) HandleLoadTargetRangeSummary(w http.ResponseWriter, r *http.Request) {
//Get the start date from POST para
func (d *DataLoader) GetStartAndEndDatesFromRequest(r *http.Request) (string, string, error) {
// Get the start date from POST para
start, err := utils.GetPara(r, "start")
if err != nil {
utils.SendErrorResponse(w, "start date cannot be empty")
return
return "", "", errors.New("start date cannot be empty")
}
if strings.Contains(start, "-") {
//Must be underscore
start = strings.ReplaceAll(start, "-", "_")
}
//Get end date from POST para
// Get end date from POST para
end, err := utils.GetPara(r, "end")
if err != nil {
utils.SendErrorResponse(w, "emd date cannot be empty")
return
return "", "", errors.New("end date cannot be empty")
}
if strings.Contains(end, "-") {
//Must be underscore
end = strings.ReplaceAll(end, "-", "_")
}
//Generate all the dates in between the range
keys, err := generateDateRange(start, end)
if err != nil {
utils.SendErrorResponse(w, err.Error())
return
}
//Load all the data from database
dailySummaries := []*statistic.DailySummaryExport{}
for _, key := range keys {
thisStat := statistic.DailySummaryExport{}
err = d.Database.Read("stats", key, &thisStat)
if err == nil {
dailySummaries = append(dailySummaries, &thisStat)
}
}
//Merge the summaries into one
mergedSummary := mergeDailySummaryExports(dailySummaries)
js, _ := json.Marshal(struct {
Summary *statistic.DailySummaryExport
Records []*statistic.DailySummaryExport
}{
Summary: mergedSummary,
Records: dailySummaries,
})
utils.SendJSONResponse(w, string(js))
return start, end, nil
}

218
src/mod/statistic/analytic/handlers.go Normal file
View File

@ -0,0 +1,218 @@
package analytic
import (
"encoding/csv"
"encoding/json"
"log"
"net/http"
"strconv"
"strings"
"time"
"imuslab.com/zoraxy/mod/statistic"
"imuslab.com/zoraxy/mod/utils"
)
func (d *DataLoader) HandleSummaryList(w http.ResponseWriter, r *http.Request) {
entries, err := d.Database.ListTable("stats")
if err != nil {
utils.SendErrorResponse(w, "unable to load data from database")
return
}
entryDates := []string{}
for _, keypairs := range entries {
entryDates = append(entryDates, string(keypairs[0]))
}
js, _ := json.MarshalIndent(entryDates, "", " ")
utils.SendJSONResponse(w, string(js))
}
func (d *DataLoader) HandleLoadTargetDaySummary(w http.ResponseWriter, r *http.Request) {
day, err := utils.GetPara(r, "id")
if err != nil {
utils.SendErrorResponse(w, "id cannot be empty")
return
}
if strings.Contains(day, "-") {
//Must be underscore
day = strings.ReplaceAll(day, "-", "_")
}
if !statistic.IsBeforeToday(day) {
utils.SendErrorResponse(w, "given date is in the future")
return
}
var targetDailySummary statistic.DailySummaryExport
if day == time.Now().Format("2006_01_02") {
targetDailySummary = *d.StatisticCollector.GetExportSummary()
} else {
//Not today data
err = d.Database.Read("stats", day, &targetDailySummary)
if err != nil {
utils.SendErrorResponse(w, "target day data not found")
return
}
}
js, _ := json.Marshal(targetDailySummary)
utils.SendJSONResponse(w, string(js))
}
func (d *DataLoader) HandleLoadTargetRangeSummary(w http.ResponseWriter, r *http.Request) {
start, end, err := d.GetStartAndEndDatesFromRequest(r)
if err != nil {
utils.SendErrorResponse(w, err.Error())
return
}
dailySummaries, _, err := d.GetAllStatisticSummaryInRange(start, end)
if err != nil {
utils.SendErrorResponse(w, err.Error())
return
}
//Merge the summaries into one
mergedSummary := mergeDailySummaryExports(dailySummaries)
js, _ := json.Marshal(struct {
Summary *statistic.DailySummaryExport
Records []*statistic.DailySummaryExport
}{
Summary: mergedSummary,
Records: dailySummaries,
})
utils.SendJSONResponse(w, string(js))
}
// Handle exporting of a given range statistics
func (d *DataLoader) HandleRangeExport(w http.ResponseWriter, r *http.Request) {
start, end, err := d.GetStartAndEndDatesFromRequest(r)
if err != nil {
utils.SendErrorResponse(w, err.Error())
return
}
dailySummaries, dates, err := d.GetAllStatisticSummaryInRange(start, end)
if err != nil {
utils.SendErrorResponse(w, err.Error())
return
}
format, err := utils.GetPara(r, "format")
if err != nil {
format = "json"
}
if format == "csv" {
// Create a buffer to store CSV content
var csvContent strings.Builder
// Create a CSV writer
writer := csv.NewWriter(&csvContent)
// Write the header row
header := []string{"Date", "TotalRequest", "ErrorRequest", "ValidRequest", "ForwardTypes", "RequestOrigin", "RequestClientIp", "Referer", "UserAgent", "RequestURL"}
err := writer.Write(header)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
// Write each data row
for i, item := range dailySummaries {
row := []string{
dates[i],
strconv.FormatInt(item.TotalRequest, 10),
strconv.FormatInt(item.ErrorRequest, 10),
strconv.FormatInt(item.ValidRequest, 10),
// Convert map values to a comma-separated string
strings.Join(mapToStringSlice(item.ForwardTypes), ","),
strings.Join(mapToStringSlice(item.RequestOrigin), ","),
strings.Join(mapToStringSlice(item.RequestClientIp), ","),
strings.Join(mapToStringSlice(item.Referer), ","),
strings.Join(mapToStringSlice(item.UserAgent), ","),
strings.Join(mapToStringSlice(item.RequestURL), ","),
}
err = writer.Write(row)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
}
// Flush the CSV writer
writer.Flush()
// Check for any errors during writing
if err := writer.Error(); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
// Set the response headers
w.Header().Set("Content-Type", "text/csv")
w.Header().Set("Content-Disposition", "attachment; filename=analytics_"+start+"_to_"+end+".csv")
// Write the CSV content to the response writer
_, err = w.Write([]byte(csvContent.String()))
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
} else if format == "json" {
type exportData struct {
Stats []*statistic.DailySummaryExport
Dates []string
}
results := exportData{
Stats: dailySummaries,
Dates: dates,
}
js, _ := json.MarshalIndent(results, "", " ")
w.Header().Set("Content-Disposition", "attachment; filename=analytics_"+start+"_to_"+end+".json")
utils.SendJSONResponse(w, string(js))
} else {
utils.SendErrorResponse(w, "Unsupported export format")
}
}
// Reset all the keys within the given time period
func (d *DataLoader) HandleRangeReset(w http.ResponseWriter, r *http.Request) {
start, end, err := d.GetStartAndEndDatesFromRequest(r)
if err != nil {
utils.SendErrorResponse(w, err.Error())
return
}
if r.Method != http.MethodDelete {
http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
return
}
keys, err := generateDateRange(start, end)
if err != nil {
utils.SendErrorResponse(w, err.Error())
return
}
for _, key := range keys {
log.Println("DELETING statistics " + key)
d.Database.Delete("stats", key)
if isTodayDate(key) {
//It is today's date. Also reset statistic collector value
log.Println("RESETING today's in-memory statistics")
d.StatisticCollector.ResetSummaryOfDay()
}
}
utils.SendOK(w)
}

22
src/mod/statistic/analytic/utils.go
View File

@ -70,3 +70,25 @@ func mergeDailySummaryExports(exports []*statistic.DailySummaryExport) *statisti
return mergedExport
}
func mapToStringSlice(m map[string]int) []string {
slice := make([]string, 0, len(m))
for k := range m {
slice = append(slice, k)
}
return slice
}
func isTodayDate(dateStr string) bool {
today := time.Now().Local().Format("2006-01-02")
inputDate, err := time.Parse("2006-01-02", dateStr)
if err != nil {
inputDate, err = time.Parse("2006_01_02", dateStr)
if err != nil {
fmt.Println("Invalid date format")
return false
}
}
return inputDate.Format("2006-01-02") == today
}

16
src/mod/statistic/statistic.go
View File

@ -6,6 +6,7 @@ import (
"sync"
"time"
"github.com/microcosm-cc/bluemonday"
"imuslab.com/zoraxy/mod/database"
)
@ -96,6 +97,11 @@ func (c *Collector) LoadSummaryOfDay(year int, month time.Month, day int) *Daily
return &targetSummary
}
// Reset today summary, for debug or restoring injections
func (c *Collector) ResetSummaryOfDay() {
c.DailySummary = newDailySummary()
}
// This function gives the current slot in the 288- 5 minutes interval of the day
func (c *Collector) GetCurrentRealtimeStatIntervalId() int {
now := time.Now()
@ -160,11 +166,15 @@ func (c *Collector) RecordRequest(ri RequestInfo) {
}
//Record the referer
rf, ok := c.DailySummary.Referer.Load(ri.Referer)
p := bluemonday.StripTagsPolicy()
filteredReferer := p.Sanitize(
ri.Referer,
)
rf, ok := c.DailySummary.Referer.Load(filteredReferer)
if !ok {
c.DailySummary.Referer.Store(ri.Referer, 1)
c.DailySummary.Referer.Store(filteredReferer, 1)
} else {
c.DailySummary.Referer.Store(ri.Referer, rf.(int)+1)
c.DailySummary.Referer.Store(filteredReferer, rf.(int)+1)
}
//Record the UserAgent

24
src/mod/tcpprox/conn.go
View File

@ -58,11 +58,23 @@ func forward(conn1 net.Conn, conn2 net.Conn, aTob *int64, bToa *int64) {
wg.Wait()
}
func accept(listener net.Listener) (net.Conn, error) {
func (c *ProxyRelayConfig) accept(listener net.Listener) (net.Conn, error) {
conn, err := listener.Accept()
if err != nil {
return nil, err
}
//Check if connection in blacklist or whitelist
if addr, ok := conn.RemoteAddr().(*net.TCPAddr); ok {
if !c.parent.Options.AccessControlHandler(conn) {
time.Sleep(300 * time.Millisecond)
conn.Close()
log.Println("[x]", "Connection from "+addr.IP.String()+" rejected by access control policy")
return nil, errors.New("Connection from " + addr.IP.String() + " rejected by access control policy")
}
}
log.Println("[√]", "accept a new client. remote address:["+conn.RemoteAddr().String()+"], local address:["+conn.LocalAddr().String()+"]")
return conn, err
}
@ -203,7 +215,7 @@ func (c *ProxyRelayConfig) Port2port(port1 string, port2 string, stopChan chan b
}()
for {
conn1, err := accept(listen1)
conn1, err := c.accept(listen1)
if err != nil {
if !c.Running {
return nil
@ -211,7 +223,7 @@ func (c *ProxyRelayConfig) Port2port(port1 string, port2 string, stopChan chan b
continue
}
conn2, err := accept(listen2)
conn2, err := c.accept(listen2)
if err != nil {
if !c.Running {
return nil
@ -224,7 +236,7 @@ func (c *ProxyRelayConfig) Port2port(port1 string, port2 string, stopChan chan b
time.Sleep(time.Duration(c.Timeout) * time.Second)
continue
}
forward(conn1, conn2, &c.aTobAccumulatedByteTransfer, &c.bToaAccumulatedByteTransfer)
go forward(conn1, conn2, &c.aTobAccumulatedByteTransfer, &c.bToaAccumulatedByteTransfer)
}
}
@ -248,7 +260,7 @@ func (c *ProxyRelayConfig) Port2host(allowPort string, targetAddress string, sto
//Start blocking loop for accepting connections
for {
conn, err := accept(server)
conn, err := c.accept(server)
if conn == nil || err != nil {
if !c.Running {
//Terminate by stop chan. Exit listener loop
@ -322,7 +334,7 @@ func (c *ProxyRelayConfig) Host2host(address1, address2 string, stopChan chan bo
return nil
}
}
forward(host1, host2, &c.aTobAccumulatedByteTransfer, &c.bToaAccumulatedByteTransfer)
go forward(host1, host2, &c.aTobAccumulatedByteTransfer, &c.bToaAccumulatedByteTransfer)
}
return nil

32
src/mod/tcpprox/tcpprox.go
View File

@ -2,6 +2,7 @@ package tcpprox
import (
"errors"
"net"
uuid "github.com/satori/go.uuid"
"imuslab.com/zoraxy/mod/database"
@ -40,11 +41,14 @@ type ProxyRelayConfig struct {
stopChan chan bool //Stop channel to stop the listener
aTobAccumulatedByteTransfer int64 //Accumulated byte transfer from A to B
bToaAccumulatedByteTransfer int64 //Accumulated byte transfer from B to A
parent *Manager `json:"-"`
}
type Options struct {
Database *database.Database
DefaultTimeout int
Database *database.Database
DefaultTimeout int
AccessControlHandler func(net.Conn) bool
}
type Manager struct {
@ -59,16 +63,34 @@ type Manager struct {
func NewTCProxy(options *Options) *Manager {
options.Database.NewTable("tcprox")
//Load relay configs from db
previousRules := []*ProxyRelayConfig{}
if options.Database.KeyExists("tcprox", "rules") {
options.Database.Read("tcprox", "rules", &previousRules)
}
return &Manager{
//Check if the AccessControlHandler is empty. If yes, set it to always allow access
if options.AccessControlHandler == nil {
options.AccessControlHandler = func(conn net.Conn) bool {
//Always allow access
return true
}
}
//Create a new proxy manager for TCP
thisManager := Manager{
Options: options,
Configs: previousRules,
Connections: 0,
}
//Inject manager into the rules
for _, rule := range previousRules {
rule.parent = &thisManager
}
thisManager.Configs = previousRules
return &thisManager
}
func (m *Manager) NewConfig(config *ProxyRelayOptions) string {
@ -85,6 +107,8 @@ func (m *Manager) NewConfig(config *ProxyRelayOptions) string {
stopChan: nil,
aTobAccumulatedByteTransfer: 0,
bToaAccumulatedByteTransfer: 0,
parent: m,
}
m.Configs = append(m.Configs, &thisConfig)
m.SaveConfigToDatabase()

20
src/mod/uptime/uptime.go
View File

@ -4,6 +4,7 @@ import (
"encoding/json"
"log"
"net/http"
"strings"
"time"
"imuslab.com/zoraxy/mod/utils"
@ -220,7 +221,24 @@ func getWebsiteStatusWithLatency(url string) (bool, int64, int) {
func getWebsiteStatus(url string) (int, error) {
resp, err := http.Get(url)
if err != nil {
return 0, err
//Try replace the http with https and vise versa
rewriteURL := ""
if strings.Contains(url, "https://") {
rewriteURL = strings.ReplaceAll(url, "https://", "http://")
} else if strings.Contains(url, "http://") {
rewriteURL = strings.ReplaceAll(url, "http://", "https://")
}
resp, err = http.Get(rewriteURL)
if err != nil {
if strings.Contains(err.Error(), "http: server gave HTTP response to HTTPS client") {
//Invalid downstream reverse proxy settings, but it is online
//return SSL handshake failed
return 525, nil
}
return 0, err
}
}
status_code := resp.StatusCode
resp.Body.Close()

24
src/reverseproxy.go
View File

@ -38,6 +38,14 @@ func ReverseProxtInit() {
log.Println("TLS mode disabled. Serving proxy request with plain http")
}
forceLatestTLSVersion := false
sysdb.Read("settings", "forceLatestTLS", &forceLatestTLSVersion)
if forceLatestTLSVersion {
log.Println("Force latest TLS mode enabled. Minimum TLS LS version is set to v1.2")
} else {
log.Println("Force latest TLS mode disabled. Minimum TLS version is set to v1.0")
}
forceHttpsRedirect := false
sysdb.Read("settings", "redirect", &forceHttpsRedirect)
if forceHttpsRedirect {
@ -47,8 +55,10 @@ func ReverseProxtInit() {
}
dprouter, err := dynamicproxy.NewDynamicProxy(dynamicproxy.RouterOption{
HostUUID: nodeUUID,
Port: inboundPort,
UseTls: useTls,
ForceTLSLatest: forceLatestTLSVersion,
ForceHttpsRedirect: forceHttpsRedirect,
TlsManager: tlsCertManager,
RedirectRuleTable: redirectTable,
@ -345,6 +355,7 @@ func ReverseProxyHandleEditEndpoint(w http.ResponseWriter, r *http.Request) {
RequireBasicAuth: requireBasicAuth,
BasicAuthCredentials: targetProxyEntry.BasicAuthCredentials,
}
dynamicProxyRouter.RemoveProxy("vdir", thisOption.RootName)
dynamicProxyRouter.AddVirtualDirectoryProxyService(&thisOption)
} else if eptype == "subd" {
@ -356,6 +367,7 @@ func ReverseProxyHandleEditEndpoint(w http.ResponseWriter, r *http.Request) {
RequireBasicAuth: requireBasicAuth,
BasicAuthCredentials: targetProxyEntry.BasicAuthCredentials,
}
dynamicProxyRouter.RemoveProxy("subd", thisOption.MatchingDomain)
dynamicProxyRouter.AddSubdomainRoutingService(&thisOption)
}
@ -370,14 +382,6 @@ func ReverseProxyHandleEditEndpoint(w http.ResponseWriter, r *http.Request) {
BasicAuthCredentials: targetProxyEntry.BasicAuthCredentials,
}
SaveReverseProxyConfig(&thisProxyConfigRecord)
//Update the current running config
targetProxyEntry.Domain = endpoint
targetProxyEntry.RequireTLS = useTLS
targetProxyEntry.SkipCertValidations = skipTlsValidation
targetProxyEntry.RequireBasicAuth = requireBasicAuth
dynamicProxyRouter.SaveProxy(eptype, targetProxyEntry.RootOrMatchingDomain, targetProxyEntry)
utils.SendOK(w)
}
@ -604,6 +608,10 @@ func HandleUpdateHttpsRedirect(w http.ResponseWriter, r *http.Request) {
js, _ := json.Marshal(currentRedirectToHttps)
utils.SendJSONResponse(w, string(js))
} else {
if dynamicProxyRouter.Option.Port == 80 {
utils.SendErrorResponse(w, "This option is not available when listening on port 80")
return
}
if useRedirect == "true" {
sysdb.Write("settings", "redirect", true)
log.Println("Updating force HTTPS redirection to true")

23
src/start.go
View File

@ -15,6 +15,7 @@ import (
"imuslab.com/zoraxy/mod/geodb"
"imuslab.com/zoraxy/mod/mdns"
"imuslab.com/zoraxy/mod/netstat"
"imuslab.com/zoraxy/mod/pathrule"
"imuslab.com/zoraxy/mod/sshprox"
"imuslab.com/zoraxy/mod/statistic"
"imuslab.com/zoraxy/mod/statistic/analytic"
@ -67,7 +68,7 @@ func startupSequence() {
}
//Create a redirection rule table
redirectTable, err = redirection.NewRuleTable("./rules")
redirectTable, err = redirection.NewRuleTable("./rules/redirect")
if err != nil {
panic(err)
}
@ -93,6 +94,17 @@ func startupSequence() {
panic(err)
}
/*
Path Blocker
This section of starutp script start the pathblocker
from file.
*/
pathRuleHandler = pathrule.NewPathBlocker(&pathrule.Options{
ConfigFolder: "./rules/pathrules",
})
/*
MDNS Discovery Service
@ -163,7 +175,8 @@ func startupSequence() {
//Create TCP Proxy Manager
tcpProxyManager = tcpprox.NewTCProxy(&tcpprox.Options{
Database: sysdb,
Database: sysdb,
AccessControlHandler: geodbStore.AllowConnectionAccess,
})
//Create WoL MAC storage table
@ -176,3 +189,9 @@ func startupSequence() {
//Create an analytic loader
AnalyticLoader = analytic.NewDataLoader(sysdb, statisticCollector)
}
// This sequence start after everything is initialized
func finalSequence() {
//Start ACME renew agent
acmeRegisterSpecialRoutingRule()
}

45
src/web/components/access.html
View File

@ -1082,24 +1082,51 @@
//Check if a input is a valid IP address, wildcard of a IP address or a CIDR string
function isValidIpFilter(input) {
// Check if input is a valid IP address
const isValidIp = /^([01]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.([01]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.([01]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.([01]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])$/.test(input);
// Check if input is a valid IPv4 address
const isValidIPv4 = /^([01]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.([01]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.([01]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.([01]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])$/.test(input);
if (isValidIp) {
if (isValidIPv4) {
return true;
}
// Check if input is a wildcard IP address
const isValidWildcardIp = /^([01]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.([01]?[0-9]?[0-9]|\*|\*\/[0-9]|[01]?[0-9]?[0-9]-[01]?[0-9]?[0-9]|\[\d+,\d+\])\.([01]?[0-9]?[0-9]|\*|\*\/[0-9]|[01]?[0-9]?[0-9]-[01]?[0-9]?[0-9]|\[\d+,\d+\])\.([01]?[0-9]?[0-9]|\*|\*\/[0-9]|[01]?[0-9]?[0-9]-[01]?[0-9]?[0-9]|\[\d+,\d+\])$/.test(input);
// Check if input is a valid IPv4 wildcard address
const isValidIPv4Wildcard = /^([01]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.([01]?[0-9]?[0-9]|\*|\*\/[0-9]|[01]?[0-9]?[0-9]-[01]?[0-9]?[0-9]|\[\d+,\d+\])\.([01]?[0-9]?[0-9]|\*|\*\/[0-9]|[01]?[0-9]?[0-9]-[01]?[0-9]?[0-9]|\[\d+,\d+\])\.([01]?[0-9]?[0-9]|\*|\*\/[0-9]|[01]?[0-9]?[0-9]-[01]?[0-9]?[0-9]|\[\d+,\d+\])$/.test(input);
if (isValidWildcardIp) {
if (isValidIPv4Wildcard) {
return true;
}
// Check if input is a valid CIDR address string
const isValidCidr = /^([01]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.([01]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.([01]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.([01]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\/([0-9]|[1-2][0-9]|3[0-2])$/.test(input);
// Check if input is a valid IPv4 CIDR address
const isValidIPv4CIDR = /^([01]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.([01]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.([01]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.([01]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\/([0-9]|[1-2][0-9]|3[0-2])$/.test(input);
if (isValidCidr) {
if (isValidIPv4CIDR) {
return true;
}
// Check if input is loopback ipv6
if (input == "::1"){
return true;
}
// Check if input is a valid IPv6 address
const isValidIPv6 = /^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$/.test(input);
if (isValidIPv6) {
return true;
}
//Pure magic, I have no idea how this works
//src: https://stackoverflow.com/questions/70348674/alternate-solution-validate-ipv4-and-ipv6-with-wildcard-characters-using-r
function evalIp6(t){var e=t.split(":"),n=t.split("::").length-1;if(8<e.length&&(9!=t.split(":").length||""!=e[e.length-1]||1!=n))return!1;if(1<n)return!1;if(-1!=t.indexOf("::*")||-1!=t.indexOf("*::"))return!1;var r=!1;for(let t=0;t<e.length;t++){if(!isIPV6Group(e[t]))return!1;"*"==e[t]&&(r=!0)}return!(!r&&0==n&&8!=e.length)}function isIPV6Group(t){var e="^(([0-9A-Fa-f]{1,4})|\\*|)$";return(e=new RegExp(e)).test(t)}
if (evalIp6(input)){
return true;
}
// Check if input is a valid IPv6 CIDR address
const isValidIPv6CIDR = /^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$/.test(input);
if (isValidIPv6CIDR) {
return true;
}

53
src/web/components/networktools.html
View File

@ -12,13 +12,41 @@
</div>
<div class="ui bottom attached tab segment nettoolstab active" data-tab="tab1">
<!-- MDNS Scanner-->
<h2>Multicast DNS (mDNS) Scanner</h2>
<p>Discover mDNS enabled service in this gateway forwarded network</p>
<button class="ui basic larger circular button" onclick="launchToolWithSize('./tools/mdns.html',1000, 640);">View Discovery</button>
<div class="ui divider"></div>
<!-- IP Scanner-->
<h2>IP Scanner</h2>
<p>Discover local area network devices by pinging them one by one</p>
<button class="ui basic larger circular button" onclick="launchToolWithSize('./tools/ipscan.html',1000, 640);">Start Scanner</button>
<div class="ui divider"></div>
<!-- Traceroute-->
<h2>Traceroute / Ping</h2>
<p>Trace the network nodes that your packets hops through</p>
<div class="ui form">
<div class="two fields">
<div class="field">
<label>Target domain or IP</label>
<input type="text" id="traceroute_domain" placeholder="1.1.1.1">
</div>
<div class="field">
<label>Max Hops</label>
<input type="number" min="1" step="1" id="traceroute_maxhops" placeholder="64" value="64">
</div>
</div>
<button class="ui basic button" onclick="traceroute();"><i class="ui blue location arrow icon"></i> Start Tracing</button>
<button class="ui basic button" onclick="ping();"><i class="ui teal circle outline icon"></i> Ping</button>
<br><br>
<div class="field">
<label>Results</label>
<textarea id="traceroute_results" rows="10" style=""></textarea>
</div>
</div>
<div class=""></div>
</div>
<div class="ui bottom attached tab segment nettoolstab" data-tab="tab2">
@ -435,7 +463,32 @@ function updateMDNSListForWoL(){
}
updateMDNSListForWoL();
function traceroute(){
let domain = $("#traceroute_domain").val().trim();
let maxhops = $("#traceroute_maxhops").val().trim();
$("#traceroute_results").val("Loading...");
$.get("/api/tools/traceroute?target=" + domain + "&maxhops=" + maxhops, function(data){
if (data.error != undefined){
$("#traceroute_results").val("");
msgbox(data.error, false, 6000);
}else{
$("#traceroute_results").val(data.join("\n"));
}
});
}
function ping(){
let domain = $("#traceroute_domain").val().trim();
$("#traceroute_results").val("Loading...");
$.get("/api/tools/ping?target=" + domain, function(data){
if (data.error != undefined){
$("#traceroute_results").val("");
msgbox(data.error, false, 6000);
}else{
$("#traceroute_results").val(data.join("\n"));
}
});
}
</script>

160
src/web/components/redirection.html
View File

@ -1,78 +1,100 @@
<div class="standardContainer">
<div class="ui basic segment">
<h2>Redirection Rules</h2>
<p>Add exception case for redirecting any matching URLs</p>
</div>
<div style="width: 100%; overflow-x: auto;">
<table class="ui sortable unstackable celled table" >
<thead>
<tr>
<th>Redirection URL</th>
<th>Destination URL</th>
<th class="no-sort">Copy Pathname</th>
<th class="no-sort">Status Code</th>
<th class="no-sort">Remove</th>
</tr>
</thead>
<tbody id="redirectionRuleList">
<tr>
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
</tbody>
</table>
</div>
<div class="ui green message" id="delRuleSucc" style="display:none;">
<i class="ui green checkmark icon"></i> Redirection Rule Deleted
</div>
<div class="ui divider"></div>
<h4>Add Redirection Rule</h4>
<div class="ui form">
<div class="field">
<label>Redirection URL (From)</label>
<input type="text" id="rurl" name="redirection-url" placeholder="Redirection URL">
<small><i class="ui circle info icon"></i> Any matching prefix of the request URL will be redirected to the destination URL, e.g. redirect.example.com</small>
</div>
<div class="field">
<label>Destination URL (To)</label>
<input type="text" name="destination-url" placeholder="Destination URL">
<small><i class="ui circle info icon"></i> The target URL request being redirected to, e.g. dest.example.com/mysite</small>
</div>
<div class="field">
<div class="ui checkbox">
<input type="checkbox" name="forward-childpath" tabindex="0" class="hidden" checked>
<label>Forward Pathname</label>
<div class="ui basic segment">
<h2>Redirection Rules</h2>
<p>Add exception case for redirecting any matching URLs</p>
</div>
<div style="width: 100%; overflow-x: auto;">
<table class="ui sortable unstackable celled table" >
<thead>
<tr>
<th>Redirection URL</th>
<th>Destination URL</th>
<th class="no-sort">Copy Pathname</th>
<th class="no-sort">Status Code</th>
<th class="no-sort">Remove</th>
</tr>
</thead>
<tbody id="redirectionRuleList">
<tr>
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
</tbody>
</table>
</div>
<div class="ui green message" id="delRuleSucc" style="display:none;">
<i class="ui green checkmark icon"></i> Redirection Rule Deleted
</div>
<div class="ui divider"></div>
<h4>Add Redirection Rule</h4>
<div class="ui form">
<div class="field">
<label>Redirection URL (From)</label>
<input type="text" id="rurl" name="redirection-url" placeholder="Redirection URL">
<small><i class="ui circle info icon"></i> Any matching prefix of the request URL will be redirected to the destination URL, e.g. redirect.example.com</small>
</div>
<div class="ui message">
<p>Append the current pathname after the redirect destination</p>
<i class="check square outline icon"></i> old.example.com<b>/blog?post=13</b> <i class="long arrow alternate right icon" style="margin-left: 1em;"></i> new.example.com<b>/blog?post=13</b> <br>
<i class="square outline icon"></i> old.example.com<b>/blog?post=13</b> <i class="long arrow alternate right icon" style="margin-left: 1em;"></i> new.example.com
<div class="field">
<label>Destination URL (To)</label>
<input type="text" name="destination-url" placeholder="Destination URL">
<small><i class="ui circle info icon"></i> The target URL request being redirected to, e.g. dest.example.com/mysite</small>
</div>
</div>
<div class="grouped fields">
<label>Redirection Status Code</label>
<div class="field">
<div class="ui radio checkbox">
<input type="radio" name="redirect-type" value="307" checked>
<label>Temporary Redirect <br><small>Status Code: 307</small></label>
<div class="field">
<div class="ui checkbox">
<input type="checkbox" name="forward-childpath" tabindex="0" class="hidden" checked>
<label>Forward Pathname</label>
</div>
<div class="ui message">
<p>Append the current pathname after the redirect destination</p>
<i class="check square outline icon"></i> old.example.com<b>/blog?post=13</b> <i class="long arrow alternate right icon" style="margin-left: 1em;"></i> new.example.com<b>/blog?post=13</b> <br>
<i class="square outline icon"></i> old.example.com<b>/blog?post=13</b> <i class="long arrow alternate right icon" style="margin-left: 1em;"></i> new.example.com
</div>
</div>
<div class="grouped fields">
<label>Redirection Status Code</label>
<div class="field">
<div class="ui radio checkbox">
<input type="radio" name="redirect-type" value="307" checked>
<label>Temporary Redirect <br><small>Status Code: 307</small></label>
</div>
</div>
<div class="field">
<div class="ui radio checkbox">
<input type="radio" name="redirect-type" value="301">
<label>Moved Permanently <br><small>Status Code: 301</small></label>
</div>
</div>
</div>
<button class="ui basic button" onclick="addRules();"><i class="ui teal plus icon"></i> Add Redirection Rule</button>
<div class="ui green message" id="ruleAddSucc" style="display:none;">
<i class="ui green checkmark icon"></i> Redirection Rules Added
</div>
<br><br>
<!--
<div class="advancezone ui basic segment">
<div class="ui accordion advanceSettings">
<div class="title">
<i class="dropdown icon"></i>
Advance Options
</div>
<div class="content">
<p>If you need custom header, content or status code other than basic redirects, you can use the advance path rules editor.</p>
<button class="ui black basic button" onclick="createAdvanceRules();"><i class="ui black external icon"></i> Open Advance Rules Editor</button>
</div>
</div>
<div class="field">
<div class="ui radio checkbox">
<input type="radio" name="redirect-type" value="301">
<label>Moved Permanently <br><small>Status Code: 301</small></label>
</div>
</div>
</div>
<button class="ui basic button" onclick="addRules();"><i class="ui teal plus icon"></i> Add Redirection Rule</button>
<div class="ui green message" id="ruleAddSucc" style="display:none;">
<i class="ui green checkmark icon"></i> Redirection Rules Added
</div>
</div>
-->
</div>
</div>
</div>
<script>
$(".advanceSettings").accordion();
/*
Redirection functions
*/
$(".checkbox").checkbox();
function resetForm() {
@ -129,6 +151,10 @@
}
}
function createAdvanceRules(){
showSideWrapper("snippet/advancePathRules.html?t=" + Date.now(), true);
}
function initRedirectionRuleList(){
$("#redirectionRuleList").html("");
$.get("/api/redirect/list", function(data){

28
src/web/components/stats.html
View File

@ -15,8 +15,8 @@
<input type="text" id="statsRangeEnd" placeholder="End date">
</div>
</div>
<button onclick="handleLoadStatisticButtonPress();" class="ui basic button"><i class="blue search icon"></i> Search</button>
<button onclick="clearStatisticDateRange();" class="ui yellow basic button"><i class="eraser icon"></i> Clear Range</button>
<button onclick="handleLoadStatisticButtonPress();" class="ui basic button"><i class="blue search icon"></i> Load</button>
<button onclick="clearStatisticDateRange();" class="ui basic button"><i class="eraser icon"></i> Clear Search</button>
<br>
<small>Leave end range as empty for showing starting day only statistic</small>
</div>
@ -193,7 +193,9 @@
<canvas id="requestTrends"></canvas>
</div>
</div>
<button onclick="showSideWrapper('snippet/advanceStatsOprs.html?t=' + Date.now() + '#' + encodeURIComponent(JSON.stringify(getStatisticDateRange())));" class="ui basic right floated black button"><i class="external square alternate icon"></i> Advance Operations</button>
</div>
<!-- <button class="ui icon right floated basic button" onclick="initStatisticSummery();"><i class="green refresh icon"></i> Refresh</button> -->
<br><br>
</div>
@ -360,6 +362,28 @@
initStatisticSummery(sd, ed);
}
function getStatisticDateRange(){
var sd = $("#statsRangeStart").val();
var ed = $("#statsRangeEnd").val();
if (ed == ""){
ed = sd;
}
if (sd == "" && ed == ""){
var sk = getTodayStatisticKey();
sd = sk;
ed = sk;
}
//Swap them if sd is later than ed
if (sd != "" && ed != "" && sd > ed) {
ed = [sd, sd = ed][0];
}
return [sd, ed];
}
function clearStatisticDateRange(){
$("#statsRangeStart").val("");

91
src/web/components/status.html
View File

@ -72,11 +72,30 @@
<label>Use TLS to serve proxy request</label>
</div>
<br>
<div id="redirect" class="ui toggle notloopbackOnly checkbox" style="margin-top: 0.6em;">
<div id="redirect" class="ui toggle notloopbackOnly tlsEnabledOnly checkbox" style="margin-top: 0.6em;">
<input type="checkbox">
<label>Force redirect HTTP request to HTTPS<br>
<small>(Only apply when listening port is not 80)</small></label>
</div>
<div class="ui basic segment" style="background-color: #f7f7f7; border-radius: 1em;">
<div class="ui accordion advanceSettings">
<div class="title">
<i class="dropdown icon"></i>
Advance Settings
</div>
<div class="content">
<p>If you have no idea what are these, you can leave them as default :)</p>
<div id="tlsMinVer" class="ui toggle notloopbackOnly tlsEnabledOnly checkbox" style="margin-top: 0.6em;">
<input type="checkbox">
<label>Force TLS v1.2 or above<br>
<small>(Enhance security, but not compatible with legacy browsers)</small></label>
</div>
<br>
</div>
</div>
</div>
<br><br>
<button id="startbtn" class="ui teal button" onclick="startService();">Start Service</button>
<button id="stopbtn" class="ui red notloopbackOnly disabled button" onclick="stopService();">Stop Service</button>
@ -128,6 +147,8 @@
</div>
<script>
let loopbackProxiedInterface = false;
$(".advanceSettings").accordion();
//Initial the start stop button if this is reverse proxied
$.get("/api/proxy/requestIsProxied", function(data){
if (data == true){
@ -316,7 +337,16 @@
data: {set: thisValue},
success: function(data){
if (data.error != undefined){
alert(data.error);
msgbox(data.error, false, 8000);
//Restore backend value to make sure the UI is always in sync
$.get("/api/proxy/useHttpsRedirect", function(data){
if (data == true){
$("#redirect").checkbox("set checked");
}else{
$("#redirect").checkbox("set unchecked");
}
});
}else{
//Updated
msgbox("Setting Updated");
@ -331,21 +361,50 @@
}
initHTTPtoHTTPSRedirectSetting();
function initTlsVersionSetting(){
$.get("/api/cert/tlsRequireLatest", function(data){
if (data == true){
$("#tlsMinVer").checkbox("set checked");
}else{
$("#tlsMinVer").checkbox("set unchecked");
}
//Bind events to the checkbox
$("#tlsMinVer").find("input").on("change", function(){
let thisValue = $("#tlsMinVer").checkbox("is checked");
$.ajax({
url: "/api/cert/tlsRequireLatest",
data: {"set": thisValue},
success: function(data){
if (data.error != undefined){
msgbox(data.error, false, 5000);
}else{
msgbox("TLS Version Setting Updated");
}
}
})
});
});
}
initTlsVersionSetting();
function initTlsSetting(){
$.get("/api/cert/tls", function(data){
if (data == true){
$("#tls").checkbox("set checked");
}else{
$("#redirect").addClass('disabled');
$(".tlsEnabledOnly").addClass('disabled');
$(".tlsEnabledOnly").addClass('disabled');
}
//Initiate the input listener on the checkbox
$("#tls").find("input").on("change", function(){
let thisValue = $("#tls").checkbox("is checked");
if (thisValue){
$("#redirect").removeClass('disabled');
$(".tlsEnabledOnly").removeClass('disabled');
}else{
$("#redirect").addClass('disabled');
$(".tlsEnabledOnly").addClass('disabled');
}
$.ajax({
url: "/api/cert/tls",
@ -355,7 +414,27 @@
alert(data.error);
}else{
//Updated
msgbox("Setting Updated");
//Check for case if the port is invalid default ports
if ($("#incomingPort").val() == "80" && thisValue == true){
confirmBox("Change listen port to :443?", function(choice){
if (choice == true){
$("#incomingPort").val("443");
handlePortChange();
}
});
}else if ($("#incomingPort").val() == "443" && thisValue == false){
confirmBox("Change listen port to :80?", function(choice){
if (choice == true){
$("#incomingPort").val("80");
handlePortChange();
}
});
}else{
msgbox("Setting Updated");
}
initRPStaste();
}
}

3
src/web/components/subd.html
View File

@ -42,8 +42,9 @@
if (subd.RequireTLS){
tlsIcon = `<i class="green lock icon" title="TLS Mode"></i>`;
}
$("#subdList").append(`<tr eptuuid="${subd.RootOrMatchingDomain}" payload="${subdData}" class="subdEntry">
<td data-label="" editable="false">${subd.RootOrMatchingDomain}</td>
<td data-label="" editable="false"><a href="//${subd.RootOrMatchingDomain}" target="_blank">${subd.RootOrMatchingDomain}</a></td>
<td data-label="" editable="true" datatype="domain">${subd.Domain} ${tlsIcon}</td>
<td data-label="" editable="true" datatype="skipver">${!subd.SkipCertValidations?`<i class="ui green check icon"></i>`:`<i class="ui yellow exclamation circle icon" title="TLS/SSL Verification will be skipped on this host"></i>`}</td>
<td data-label="" editable="true" datatype="basicauth">${subd.RequireBasicAuth?`<i class="ui green check icon"></i>`:`<i class="ui grey remove icon"></i>`}</td>

149
src/web/components/tcpprox.html
View File

@ -4,7 +4,7 @@
<p>Proxy traffic flow on layer 3 via TCP/IP</p>
</div>
<button class="ui basic orange button" id="addProxyConfigButton"><i class="ui add icon"></i> Add Proxy Config</button>
<button class="ui basic circular right floated icon button" title="Refresh List"><i class="ui green refresh icon"></i></button>
<button class="ui basic circular right floated icon button" onclick="initProxyConfigList();" title="Refresh List"><i class="ui green refresh icon"></i></button>
<div class="ui divider"></div>
<div class="ui basic segment" id="addproxyConfig" style="display:none;">
<h3>TCP Proxy Config</h3>
@ -42,11 +42,75 @@
<button id="addTcpProxyButton" class="ui basic button" type="submit"><i class="ui blue add icon"></i> Create</button>
<button id="editTcpProxyButton" class="ui basic button" onclick="confirmEditTCPProxyConfig(event);"><i class="ui blue save icon"></i> Update</button>
<button class="ui basic red button" onclick="event.preventDefault(); cancelTCPProxyEdit(event);"><i class="ui red remove icon"></i> Cancel</button>
<div class="ui basic inverted segment" style="background-color: #414141; border-radius: 0.6em;">
<h3>Proxy Mode Instructions</h3>
<p>TCP Proxy support the following TCP sockets proxy modes</p>
<table class="ui celled padded inverted basic table">
<thead>
<tr><th class="single line">Mode</th>
<th>Public-IP</th>
<th>Concurrent Access</th>
<th>Flow Diagram</th>
</tr></thead>
<tbody>
<tr>
<td>
<h4 class="ui center aligned inverted header">Transport</h4>
</td>
<td class="single line">
Server: <i class="ui green check icon"></i><br>
A: <i class="ui remove icon"></i><br>
B: <i class="ui green check icon"></i> (or same LAN)<br>
</td>
<td>
<i class="ui green check icon"></i>
</td>
<td>Port A (e.g. 25565) <i class="arrow right icon"></i> Server<br>
Server <i class="arrow right icon"></i> Port B (e.g. 192.168.0.2:25565)<br>
<small>Traffic from Port A will be forward to Port B's (IP if provided and) Port</small>
</td>
</tr>
<tr>
<td>
<h4 class="ui center aligned inverted header">Listen</h4>
</td>
<td class="single line">
Server: <i class="ui green check icon"></i><br>
A: <i class="ui remove icon"></i><br>
B: <i class="ui remove icon"></i><br>
</td>
<td>
<i class="ui red times icon"></i>
</td>
<td>Port A (e.g. 8080) <i class="arrow right icon"></i> Server<br>
Port B (e.g. 8081) <i class="arrow right icon"></i> Server<br>
<small>Server will act as a bridge to proxy traffic between Port A and B</small>
</td>
</tr>
<tr>
<td>
<h4 class="ui center aligned inverted header">Starter</h4>
</td>
<td class="single line">
Server: <i class="ui times icon"></i><br>
A: <i class="ui green check icon"></i><br>
B: <i class="ui green check icon"></i><br>
</td>
<td>
<i class="ui red times icon"></i>
</td>
<td>Server <i class="arrow right icon"></i> Port A (e.g. remote.local.:8080) <br>
Server <i class="arrow right icon"></i> Port B (e.g. recv.local.:8081) <br>
<small>Port A and B will be actively bridged</small>
</td>
</tr>
</tbody>
</table>
</div>
</form>
<div class="ui divider"></div>
</div>
<div class="ui basic segment">
<div class="ui basic segment" style="margin-top: 0;">
<h3>TCP Proxy Configs</h3>
<p>A list of TCP proxy configs created on this host. To enable them, use the toggle button on the right.</p>
<div style="overflow-x: auto; min-height: 400px;">
@ -67,72 +131,7 @@
</table>
</div>
</div>
<div class="ui basic inverted segment" style="background-color: #414141; border-radius: 0.6em;">
<h3>Proxy Mode</h3>
<p>TCP Proxy support the following TCP sockets proxy modes</p>
<table class="ui celled padded inverted basic table">
<thead>
<tr><th class="single line">Mode</th>
<th>Public-IP</th>
<th>Concurrent Access</th>
<th>Flow Diagram</th>
</tr></thead>
<tbody>
<tr>
<td>
<h4 class="ui center aligned inverted header">Transport</h4>
</td>
<td class="single line">
Server: <i class="ui green check icon"></i><br>
A: <i class="ui remove icon"></i><br>
B: <i class="ui green check icon"></i> (or same LAN)<br>
</td>
<td>
<i class="ui green check icon"></i>
</td>
<td>Port A (e.g. 25565) <i class="arrow right icon"></i> Server<br>
Server <i class="arrow right icon"></i> Port B (e.g. 192.168.0.2:25565)<br>
<small>Traffic from Port A will be forward to Port B's (IP if provided and) Port</small>
</td>
</tr>
<tr>
<td>
<h4 class="ui center aligned inverted header">Listen</h4>
</td>
<td class="single line">
Server: <i class="ui green check icon"></i><br>
A: <i class="ui remove icon"></i><br>
B: <i class="ui remove icon"></i><br>
</td>
<td>
<i class="ui red times icon"></i>
</td>
<td>Port A (e.g. 8080) <i class="arrow right icon"></i> Server<br>
Port B (e.g. 8081) <i class="arrow right icon"></i> Server<br>
<small>Server will act as a bridge to proxy traffic between Port A and B</small>
</td>
</tr>
<tr>
<td>
<h4 class="ui center aligned inverted header">Starter</h4>
</td>
<td class="single line">
Server: <i class="ui times icon"></i><br>
A: <i class="ui green check icon"></i><br>
B: <i class="ui green check icon"></i><br>
</td>
<td>
<i class="ui red times icon"></i>
</td>
<td>Server <i class="arrow right icon"></i> Port A (e.g. remote.local.:8080) <br>
Server <i class="arrow right icon"></i> Port B (e.g. recv.local.:8081) <br>
<small>Port A and B will be actively bridged</small>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<script>
let editingTCPProxyConfigUUID = ""; //The current editing TCP Proxy config UUID
@ -230,11 +229,13 @@
} else {
proxyConfigs.forEach(function(config) {
var runningLogo = '<i class="red circle icon"></i>';
var runningLogo = 'Stopped';
var runningClass = "stopped";
var startButton = `<button onclick="startTcpProx('${config.UUID}');" class="ui button" title="Start Proxy"><i class="play icon"></i> Start Proxy</button>`;
if (config.Running){
runningLogo = '<i class="green circle icon"></i>';
runningLogo = 'Running';
startButton = `<button onclick="stopTcpProx('${config.UUID}');" class="ui button" title="Start Proxy"><i class="red stop icon"></i> Stop Proxy</button>`;
runningClass = "running"
}
var modeText = "Unknown";
@ -248,8 +249,10 @@
var thisConfig = encodeURIComponent(JSON.stringify(config));
var row = $(`<tr class="tcproxConfig" uuid="${config.UUID}" config="${thisConfig}">`);
row.append($('<td>').html(runningLogo + config.Name));
var row = $(`<tr class="tcproxConfig ${runningClass}" uuid="${config.UUID}" config="${thisConfig}">`);
row.append($('<td>').html(`
${config.Name}
<div class="statusText">${runningLogo}</div>`));
row.append($('<td>').text(config.PortA));
row.append($('<td>').text(config.PortB));
row.append($('<td>').text(modeText));

21
src/web/components/uptime.html
View File

@ -109,7 +109,13 @@
}
ontimeRate++;
}else{
dotType = "offline";
if (thisStatus.StatusCode >= 500 && thisStatus.StatusCode < 600){
//Special type of error, cause by downstream reverse proxy
dotType = "error";
}else{
dotType = "offline";
}
}
let datetime = format_time(thisStatus.Timestamp);
@ -126,12 +132,20 @@
//Check of online status now
let currentOnlineStatus = "Unknown";
let onlineStatusCss = ``;
let reminderEle = ``;
if (value[value.length - 1].Online){
currentOnlineStatus = `<i class="circle icon"></i> Online`;
onlineStatusCss = `color: #3bd671;`;
}else{
currentOnlineStatus = `<i class="circle icon"></i> Offline`;
onlineStatusCss = `color: #df484a;`;
if (value[value.length - 1].StatusCode >= 500 && value[value.length - 1].StatusCode < 600){
currentOnlineStatus = `<i class="exclamation circle icon"></i> Misconfigured`;
onlineStatusCss = `color: #f38020;`;
reminderEle = `<small style="${onlineStatusCss}">Downstream proxy server is online with misconfigured settings</small>`;
}else{
currentOnlineStatus = `<i class="circle icon"></i> Offline`;
onlineStatusCss = `color: #df484a;`;
}
}
//Generate the html
@ -151,6 +165,7 @@
<div class="status" style="marign-top: 1em;">
${statusDotList}
</div>
${reminderEle}
<div class="ui divider"></div>
</div>`);
}

1
src/web/components/utils.html
View File

@ -117,6 +117,7 @@
<p>Results: <div id="ipRangeOutput">N/A</div></p>
</div>
<!-- System Information -->
<div class="ui divider"></div>
<div id="zoraxyinfo">
<h3 class="ui header">

BIN
src/web/img/public/bg.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 818 KiB

BIN
src/web/img/public/bg.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 4.5 MiB

BIN
src/web/img/public/bg2.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.1 MiB

BIN
src/web/img/public/bg2.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 9.4 MiB

69
src/web/index.html
View File

@ -148,6 +148,17 @@
<p><i class="green check circle icon"></i> There are no message</p>
</div>
<div id="confirmBox" style="display:none;">
<div class="ui top attached progress">
<div class="bar" style="width: 100%; min-width: 0px;"></div>
</div>
<div class="confirmBoxBody">
<button class="ui red basic mini circular icon right floated button" style="margin-left: 0.4em;"><i class="ui times icon"></i></button>
<button class="ui green basic mini circular icon right floated button"><i class="ui check icon"></i></button>
<div class="questionToConfirm">Confirm Exit?</div>
</div>
</div>
<br><br>
<script>
$(".year").text(new Date().getFullYear());
@ -280,6 +291,64 @@
$("#messageBox").stop().finish().fadeIn("fast").delay(delayDuration).fadeOut("fast");
}
function confirmBox(question_to_confirm, callback, delaytime=15) {
var progressBar = $("#confirmBox .bar");
var questionElement = $("#confirmBox .questionToConfirm");
//Just to make sure there are no animation runnings
progressBar.stop();
// Update the question to confirm
questionElement.text(question_to_confirm);
// Start the progress bar animation
progressBar.css("width", "100%");
progressBar.animate({ width: "0%", easing: "linear" }, delaytime * 1000, function() {
// Animation complete, invoke the callback with undefined
callback(undefined);
//Unset the event listener
$("#confirmBox .ui.green.button").off("click");
// Hide the confirm box
$("#confirmBox").hide();
});
// Bind click event to "Yes" button
$("#confirmBox .ui.green.button").on("click", function() {
// Stop the progress bar animation
progressBar.stop();
// Invoke the callback with true
callback(true);
// Hide the confirm box
$("#confirmBox").hide();
//Unset the event listener
$("#confirmBox .ui.green.button").off("click");
});
// Bind click event to "No" button
$("#confirmBox .ui.red.button").on("click", function() {
// Stop the progress bar animation
progressBar.stop();
// Invoke the callback with false
callback(false);
// Hide the confirm box
$("#confirmBox").hide();
//Unset the event listener
$("#confirmBox .ui.red.button").off("click");
});
// Show the confirm box
$("#confirmBox").show().transition('jiggle');
}
/*
Toggles for side wrapper
*/

2
src/web/login.html
View File

@ -23,7 +23,7 @@
width: 100%;
opacity: 0.8;
z-index: -99;
background-image: url("img/public/bg.png");
background-image: url("img/public/bg.jpg");
background-size: auto 100%;
background-position: right top;
background-repeat: no-repeat;

81
src/web/main.css
View File

@ -6,6 +6,7 @@
--theme_lgrey: #f6f6f6;
--theme_green: #3c9c63;
--theme_fcolor: #979797;
--theme_advance: #f8f8f9;
}
body{
background-color:#f6f6f6;
@ -16,6 +17,15 @@ body{
display:none;
}
.advance{
background: var(--theme_advance) !important;
}
.advancezone{
background: var(--theme_advance) !important;
border-radius: 1em !important;
}
.menubar{
width: 100%;
padding: 0.4em;
@ -89,6 +99,34 @@ body{
z-index: 999;
}
/* Confirm Box */
#confirmBox{
position: fixed;
z-index: 999;
bottom: 1em;
right: 1em;
min-width: 300px;
background-color: #ffffff;
color: rgb(65, 65, 65);
box-shadow: 10px 10px 5px -2px rgba(0,0,0,0.13);
}
#confirmBox .confirmBoxBody{
padding: 1em;
}
#confirmBox .ui.progress .bar{
background: #ffe32b !important;
}
#confirmBox .confirmBoxBody .button{
margin-top: -0.4em;
}
#confirmBox .questionToConfirm{
margin-top: -0.2em;
}
/* Standard containers */
.standardContainer{
position: relative;
@ -459,6 +497,33 @@ body{
user-select: none;
}
/*
TCP Proxy
*/
.tcproxConfig td:first-child{
position: relative;
}
.tcproxConfig.running td:first-child{
border-left: 0.6em solid #21ba45 !important;
}
.tcproxConfig.stopped td:first-child{
border-left: 0.6em solid #414141 !important;
}
.tcproxConfig td:first-child .statusText{
position: absolute;
bottom: 0.3em;
left: 0.2em;
font-size: 2em;
color:rgb(224, 224, 224);
opacity: 0.7;
pointer-events: none;
user-select: none;
}
/*
Uptime Monitor
*/
@ -525,4 +590,18 @@ body{
.GANetMember.unauthorized{
border-left: 6px solid #9c3c3c !important;
}
}
/*
Network Utilities
*/
#traceroute_results{
resize: none;
background-color: #202020;
color: white;
}
#traceroute_results::selection {
background: #a9d1f3;
}

2
src/web/reset.html
View File

@ -23,7 +23,7 @@
width: 100%;
opacity: 0.8;
z-index: -99;
background-image: url("img/public/bg2.png");
background-image: url("img/public/bg2.jpg");
background-size: auto 100%;
background-position: right top;
background-repeat: no-repeat;

76
src/web/snippet/advancePathRules.html Normal file
View File

@ -0,0 +1,76 @@
<!DOCTYPE html>
<html>
<head>
<!-- Notes: This should be open in its original path-->
<link rel="stylesheet" href="../script/semantic/semantic.min.css">
<script src="../script/jquery-3.6.0.min.js"></script>
<script src="../script/semantic/semantic.min.js"></script>
</head>
<body>
<br>
<div class="ui container">
<!-- Path Rules -->
<div class="ui header">
<div class="content">
Special Path Rules
<div class="sub header">Advanced customization for response on particular matching path or URL</div>
</div>
</div>
<h4>Current list of special path rules.</h4>
<div style="width: 100%; overflow-x: auto;">
<table class="ui sortable unstackable celled table" >
<thead>
<tr>
<th>Matching Path</th>
<th>Status Code</th>
<th class="no-sort">Exact Match</th>
<th class="no-sort">Case Sensitive</th>
<th class="no-sort">Enabled</th>
<th class="no-sort">Actions</th>
</tr>
</thead>
<tbody id="specialPathRules">
<tr>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
</tbody>
</table>
</div>
<div class="ui divider"></div>
<h4>Add Special Path Rule</h4>
<div class="ui form">
<div class="field">
<label>Matching URI</label>
<input type="text" name="matchingPath" placeholder="Matching URL">
<small><i class="ui circle info icon"></i> Any matching prefix of the request URL will be handled by this rule, e.g. example.com/secret</small>
</div>
<div class="field">
<div class="ui checkbox">
<input type="checkbox" name="exactMatch" tabindex="0" class="hidden">
<label>Require Exact Match</label>
</div>
<div class="ui message">
<p>Require exactly match but not prefix match (default). Enable this if you only want to block access to a directory but not the resources inside the directory. Assume you have entered a matching URI of <b>example.com/secret/</b> and set it to return 401</p>
<i class="check square outline icon"></i> example.com/secret<b>/image.png</b> <i class="long arrow alternate right icon" style="margin-left: 1em;"></i> (content of image.png)<br>
<i class="square outline icon"></i> example.com/secret<b>/image.png</b> <i class="long arrow alternate right icon" style="margin-left: 1em;"></i> HTTP 401
</div>
</div>
<div class="field">
<label>Response Status Code</label>
<input type="text"name="statusCode" placeholder="500">
<small><i class="ui circle info icon"></i> HTTP Status Code to be served by this rule</small>
</div>
</div>
<br><br>
<button class="ui basic button iframeOnly" style="float: right;" onclick="parent.hideSideWrapper();"><i class="remove icon"></i> Cancel</button>
</div>
<script>
</script>
</body>
</html>

148
src/web/snippet/advanceStatsOprs.html Normal file
View File

@ -0,0 +1,148 @@
<!DOCTYPE html>
<html>
<head>
<!-- Notes: This should be open in its original path-->
<link rel="stylesheet" href="../script/semantic/semantic.min.css">
<script src="../script/jquery-3.6.0.min.js"></script>
<script src="../script/semantic/semantic.min.js"></script>
</head>
<body>
<br>
<div class="ui container">
<div class="ui header">
<div class="content">
Advance Statistics Operations
<div class="sub header">Selected Range: <span id="daterange"></span></div>
</div>
</div>
<div class="ui divider"></div>
<h3>Export Data</h3>
<p>You can export the statistics collected by Zoraxy in the selected range for further analysis</p>
<button class="ui basic teal button" onclick="handleExportAsCSV();"><i class="download icon"></i> Export CSV</button>
<button class="ui basic pink button" onclick="handleExportAsJSON();"><i class="download icon"></i> Export JSON</button>
<div class="ui divider"></div>
<h3>Reset Statistics</h3>
<p>You can reset the statistics within the selected time range for debug purpose. Note that this operation is irreversible.</p>
<button class="ui basic red button" onclick="handleResetStats();"><i class="trash icon"></i> RESET STATISTICS</button>
<br><br>
<button class="ui basic button iframeOnly" style="float: right;" onclick="parent.hideSideWrapper();"><i class="remove icon"></i> Cancel</button>
</div>
<script>
let startDate = "";
let endDate = "";
/*
Actions Handler
*/
function handleExportAsJSON(){
window.open(`/api/analytic/exportRange?start=${startDate}&end=${endDate}&format=json`, 'download');
}
function handleExportAsCSV(){
window.open(`/api/analytic/exportRange?start=${startDate}&end=${endDate}&format=csv`, 'download');
}
function handleResetStats(){
if (confirm("Confirm remove statistics from " + startDate + " to " + endDate +"?")){
$.ajax({
url: "/api/analytic/resetRange?start=" + startDate + "&end=" + endDate,
method: "DELETE",
success: function(data){
if (data.error != undefined){
parent.msgbox(data.error, false, 5000);
}else{
parent.msgbox("Statistic Cleared");
parent.hideSideWrapper();
}
}
})
}
}
/*
Data Loading
*/
function loadDateRange(){
if (window.location.hash.length > 1){
try{
var dateRange = JSON.parse(decodeURIComponent(window.location.hash.substr(1)));
startDate = dateRange[0].trim();
endDate = dateRange[1].trim();
//Check if they are valid dates
if (!isValidDateFormat(startDate)){
alert("Start date is not a valid date: " + startDate);
return
}
if (!isValidDateFormat(endDate)){
alert("End date is not a valid date: " + endDate);
return
}
//Sort the two dates if they are placed in invalid orders
var [s, e] = sortDates(startDate, endDate);
startDate = s;
endDate = e;
$("#daterange").html(startDate + ` <i class="arrow right icon" style="margin-right: 0;"></i> ` + endDate);
}catch(ex){
alert("Invalid usage: Invalid date range given");
}
}
}
loadDateRange();
function isValidDateFormat(dateString) {
if (dateString.indexOf("_") >= 0){
//Replace all the _ to -
dateString = dateString.split("_").join("-");
}
// Create a regular expression pattern for the yyyy-mm-dd format
const pattern = /^\d{4}-\d{2}-\d{2}$/;
// Check if the input string matches the pattern
if (!pattern.test(dateString)) {
return false; // Invalid format
}
// Parse the date components
const year = parseInt(dateString.substring(0, 4), 10);
const month = parseInt(dateString.substring(5, 7), 10);
const day = parseInt(dateString.substring(8, 10), 10);
// Check if the parsed components represent a valid date
const date = new Date(year, month - 1, day);
if (
date.getFullYear() !== year ||
date.getMonth() + 1 !== month ||
date.getDate() !== day
) {
return false; // Invalid date
}
return true; // Valid date in yyyy-mm-dd format
}
function sortDates(date1, date2) {
// Parse the date strings
const parsedDate1 = new Date(date1);
const parsedDate2 = new Date(date2);
// Compare the parsed dates
if (parsedDate1 > parsedDate2) {
// Swap the dates
const temp = date1;
date1 = date2;
date2 = temp;
}
// Return the swapped dates
return [date1, date2];
}
</script>
</body>
</html>

1
src/wrappers.go
View File

@ -117,6 +117,7 @@ func GetUptimeTargetsFromReverseProxyRules(dp *dynamicproxy.Router) []*uptime.Ta
url = "https://" + target.Domain
protocol = "https"
}
UptimeTargets = append(UptimeTargets, &uptime.Target{
ID: subd,
Name: subd,