reading settings from file and working on per-path IP filter

Author: fquirin

pom.xml

@@ -2,7 +2,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>net.b07z.sepia.proxies</groupId>
 	<artifactId>sepia-reverse-proxy</artifactId>
-	<version>0.1.0</version>
+	<version>0.2.0</version>
 	<packaging>jar</packaging>
 
     <properties>
@@ -26,7 +26,7 @@
 						</goals>
 						<configuration>
 							<outputDirectory>
-								${project.build.directory}/libs
+								${project.build.directory}/build/libs
 							</outputDirectory>
 						</configuration>
 					</execution>
@@ -49,6 +49,46 @@
 					<finalName>sepia-reverse-proxy-v${project.version}</finalName>
 				</configuration>
 			</plugin>
+			<plugin>
+				<artifactId>maven-resources-plugin</artifactId>
+				<version>3.1.0</version>
+				<executions>
+					<execution>
+						<id>copy-resources-1</id>
+						<phase>validate</phase>
+						<goals>
+							<goal>copy-resources</goal>
+						</goals>
+						<configuration>
+							<outputDirectory>${project.build.directory}/build/settings</outputDirectory>
+							<resources>          
+								<resource>
+									<directory>settings</directory>
+									<!--<filtering>true</filtering>-->
+								</resource>
+							</resources>              
+						</configuration>            
+					</execution>
+					<execution>
+						<id>copy-resources-2</id>
+						<phase>validate</phase>
+						<goals>
+							<goal>copy-resources</goal>
+						</goals>
+						<configuration>
+							<outputDirectory>${project.build.directory}/build</outputDirectory>
+							<resources>          
+								<resource>
+									<directory>${project.build.directory}</directory>
+									<includes>
+										<include>*.jar</include>
+									</includes>
+								</resource>
+							</resources>              
+						</configuration>            
+					</execution>
+				</executions>
+			</plugin>
 		</plugins>
 	</build>
 

settings/proxy.properties

@@ -0,0 +1,18 @@
+# Entries have to be of format: action_type_name, e.g.: redirect_path_1
+# Redirects must have 3 types per name: path, target, public
+
+# SEPIA defaults for custom-bundle:
+host=localhost
+port=20726
+	
+redirect_path_1=/sepia/assist
+redirect_target_1=http://localhost:20721
+redirect_public_1=true
+
+redirect_path_2=/sepia/teach
+redirect_target_2=http://localhost:20722
+redirect_public_2=true
+
+redirect_path_3=/sepia/chat
+redirect_target_3=http://localhost:20723
+redirect_public_3=true

src/main/java/net/b07z/sepia/proxies/PathHandlerWithIpFilter.java

@@ -0,0 +1,50 @@
+package net.b07z.sepia.proxies;
+
+import java.net.Inet4Address;
+import java.net.Inet6Address;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+
+import io.undertow.server.HttpServerExchange;
+import io.undertow.server.handlers.PathHandler;
+import io.undertow.util.StatusCodes;
+
+public class PathHandlerWithIpFilter extends PathHandler {
+	
+	private final boolean DEFAULT_ALLOW = true;
+	
+    @Override
+    public void handleRequest(HttpServerExchange exchange) throws Exception {
+    	InetSocketAddress peer = exchange.getSourceAddress();
+    	String path = exchange.getRelativePath();
+    	System.out.println(peer.getAddress().toString() + " - " + path);
+        if (!isAllowed(peer.getAddress())) {
+            exchange.setStatusCode(StatusCodes.FORBIDDEN);
+            exchange.endExchange();
+            return;
+        }
+    	super.handleRequest(exchange);
+    }
+    
+    boolean isAllowed(InetAddress address) {
+        if(address instanceof Inet4Address) {
+        	/*
+            for (PeerMatch rule : ipv4acl) {
+                if (rule.matches(address)) {
+                    return !rule.isDeny();
+                }
+            }
+            */
+        } else if(address instanceof Inet6Address) {
+            /*
+        	for (PeerMatch rule : ipv6acl) {
+                if (rule.matches(address)) {
+                    return !rule.isDeny();
+                }
+            }
+            */
+        }
+        return DEFAULT_ALLOW;
+    }
+
+}

src/main/java/net/b07z/sepia/proxies/Start.java

@@ -1,5 +1,12 @@
 package net.b07z.sepia.proxies;
 
+import java.io.BufferedInputStream;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Properties;
+
 /**
  * Command-line interface to start a proxy.
  * 
@@ -8,6 +15,14 @@
  */
 public class Start {
 
+	//defaults
+	private static String host = "localhost";
+	private static int port = 20726;
+	
+	//Command-line parameters have priority
+	private static boolean ignoreSettingsHost = false;
+	private static boolean ignoreSettingsPort = false;
+	
 	/**
 	 * Run a proxy.
 	 * @param args
@@ -16,22 +31,27 @@ public class Start {
 	public static void main(String[] args) throws Exception {
 		String proxy = "";
 
+		//Check if arguments are given
+		if (args == null || args.length == 0){
+			System.out.println("Missing proxy-name to run, e.g. 'tiny'.");
+			help();
+			return;
+		}
+		
 		//Proxy to run:
 		if (args[0].equals("tiny")){
 			proxy = "tiny";
 
-			//default
-			int port = 20726;
-			String host = "localhost";
-			
 			for (String arg : args){
 				//Port
 				if (arg.startsWith("-port=")){
 					port = Integer.parseInt(arg.replaceFirst(".*?=", "").trim());
+					ignoreSettingsPort = true;
 
 				//Host
 				}else if (arg.startsWith("-host=")){
 					host = arg.replaceFirst(".*?=", "").trim();
+					ignoreSettingsHost = true;
 
 				//Paths
 				}else if (arg.startsWith("-defaultPaths=")){
@@ -44,19 +64,35 @@ public static void main(String[] args) throws Exception {
 				}
 			}
 
+			//Read settings
+			List<ProxyAction> actions = null;
+			try{
+				actions = loadSettings("settings/proxy.properties");
+			}catch(Exception e){
+				System.out.println("Could not read 'settings/proxy.properties' file! Error: " + e.getMessage());
+				return;
+			}
+			
 			//Create tiny reverse proxy
 			TinyReverseProxy reverseProxy = new TinyReverseProxy(host, port);
-			
-			//Add paths - SEPIA defaults for custom-bundle:
+
+			//Add actions
+			for (ProxyAction pa : actions){
+				if (pa.actionType.equals("redirect")){
+					reverseProxy.addPrefixPath(pa.redirectPath, pa.redirectTarget);
+				}
+			}
+			/*	
 			reverseProxy.addPrefixPath("/sepia/assist", "http://localhost:20721");
 			reverseProxy.addPrefixPath("/sepia/teach", "http://localhost:20722");
 			reverseProxy.addPrefixPath("/sepia/chat", "http://localhost:20723");
+			*/
 
 			//Start proxy
 			reverseProxy.start();
 
 			//Note
-			System.out.println("SEPIA '" + proxy + "' reverse proxy started at: " + host + ":" + port);
+			System.out.println("\nSEPIA '" + proxy + "' reverse proxy started as: " + host + ":" + port);
 
 			return;
 
@@ -77,5 +113,62 @@ private static void help(){
 		System.out.println("tiny - args: -defaultPaths=true, -port=20726, -host=localhost");
 		System.out.println("");
 	}
+	
+	/**
+	 * Class holding proxy actions loaded from settings.
+	 */
+	private static class ProxyAction {
+		String redirectPath;
+		String redirectTarget;
+		boolean targetIsPublic = false;
+		String actionType = "";
+		
+		public ProxyAction(){}
+		
+		public ProxyAction setRedirect(String path, String target, boolean isPublic){
+			this.redirectPath = path;
+			this.redirectTarget = target;
+			this.targetIsPublic = isPublic;
+			this.actionType = "redirect";
+			return this;
+		}
+	}
+	
+	/**
+	 * Load settings from properties file and return actions list.
+	 * @param configFile - path and file
+	 * @throws IOException 
+	 */
+	private static List<ProxyAction> loadSettings(String configFile) throws IOException {
+		BufferedInputStream stream=null;
+		Properties config = new Properties();
+		stream = new BufferedInputStream(new FileInputStream(configFile));
+		config.load(stream);
+		stream.close();
+		List<ProxyAction> actions = new ArrayList<>();
+		for (Object key : config.keySet()){
+			String entry = (String) key;
+			//has to be format: action_type_name, e.g. redirect_path_1
+			//has to have types: path, target, public
+			if (entry.startsWith("redirect")){
+				String[] info = entry.split("_");
+				if (info.length != 3){
+					throw new RuntimeException("Settings file has invalid format in entry: " + entry);
+				}else{
+					String name = info[2];
+					String path = config.getProperty("redirect_path_" + name);
+					String target = config.getProperty("redirect_target_" + name);
+					boolean isPublic = Boolean.getBoolean(config.getProperty("redirect_public_" + name));
+					actions.add(new ProxyAction().setRedirect(path, target, isPublic));
+				}
+			
+			}else if (entry.equals("host") && !ignoreSettingsHost){
+				host = config.getProperty(entry);
+			}else if (entry.equals("port") && !ignoreSettingsPort){
+				port = Integer.parseInt(config.getProperty(entry));
+			}
+		}
+		return actions;
+	}
 
 }

src/main/java/net/b07z/sepia/proxies/TinyReverseProxy.java

@@ -4,10 +4,8 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import io.undertow.Handlers;
 import io.undertow.Undertow;
 import io.undertow.Undertow.Builder;
-import io.undertow.server.handlers.PathHandler;
 import io.undertow.server.handlers.proxy.LoadBalancingProxyClient;
 import io.undertow.server.handlers.proxy.ProxyHandler;
 import io.undertow.util.Headers;
@@ -53,7 +51,8 @@ public void start(){
                 .addHttpListener(this.port, this.host)
                 .setIoThreads(IO_THREADS);
 
-		PathHandler pathHandler = Handlers.path();
+		//PathHandler pathHandler = Handlers.path();
+		PathHandlerWithIpFilter pathHandler = new PathHandlerWithIpFilter();
 		pathHandler.addExactPath("/", (exchange) -> {
         	exchange.getResponseHeaders().put(Headers.CONTENT_TYPE, "text/plain");
             exchange.getResponseSender().send("SEPIA reverse-proxy powered by Undertow");
@@ -65,7 +64,8 @@ public void start(){
 			pathHandler.addExactPath(path,	
 				ProxyHandler.builder()
 					.setProxyClient(prefixMappings.get(path))
-					.setMaxRequestTime(MAX_REQ_TIME).build()
+					.setMaxRequestTime(MAX_REQ_TIME)
+					.build()
 			);
 		}
 		//Prefix-paths
@@ -74,7 +74,8 @@ public void start(){
 			pathHandler.addPrefixPath(path,	
 				ProxyHandler.builder()
 					.setProxyClient(prefixMappings.get(path))
-					.setMaxRequestTime(MAX_REQ_TIME).build()
+					.setMaxRequestTime(MAX_REQ_TIME)
+					.build()
 			);
 		}
 		proxyBuilder.setHandler(pathHandler);