Skip to content
Permalink
Browse files

Added the ability to disable origin verification

  • Loading branch information...
antoniomika committed Jun 18, 2019
1 parent 1817d56 commit 75de6debd0d8d94a05272d8df0a082c4bc7f1b64
Showing with 26 additions and 8 deletions.
  1. +3 −0 .vscode/settings.json
  2. +2 −0 README.md
  3. +20 −8 http.go
  4. +1 −0 main.go
@@ -0,0 +1,3 @@
{
"go.formatTool": "goimports"
}
@@ -133,6 +133,8 @@ Usage of ./sish:
The length of the random subdomain to generate (default 3)
-sish.usegeodb
Whether or not to use the maxmind geodb
-sish.verifyorigin
Whether or not to verify origin on websocket connection (default true)
-sish.verifyssl
Whether or not to verify SSL on proxy connection (default true)
-sish.whitelistedcountries string
28 http.go
@@ -73,30 +73,42 @@ func startHTTPHandler(state *State) {
return net.Dial("unix", proxyHolder.ProxyTo)
}

tlsConfig := &tls.Config{
InsecureSkipVerify: !*verifySSL,
}

if c.IsWebsocket() {
scheme := "ws"
if url.Scheme == "https" {
scheme = "wss"
}

var checkOrigin func(r *http.Request) bool
if !*verifyOrigin {
checkOrigin = func(r *http.Request) bool {
return true
}
}

url.Scheme = scheme
wsProxy := websocketproxy.NewProxy(&url)
wsProxy.Upgrader = &websocket.Upgrader{
ReadBufferSize: 1024,
WriteBufferSize: 1024,
CheckOrigin: checkOrigin,
}
wsProxy.Dialer = &websocket.Dialer{
NetDial: dialer,
TLSClientConfig: &tls.Config{
InsecureSkipVerify: !*verifySSL,
},
NetDial: dialer,
TLSClientConfig: tlsConfig,
}
gin.WrapH(wsProxy)(c)
return
}

proxy := httputil.NewSingleHostReverseProxy(&url)
proxy.Transport = &http.Transport{
Dial: dialer,
TLSClientConfig: &tls.Config{
InsecureSkipVerify: !*verifySSL,
},
Dial: dialer,
TLSClientConfig: tlsConfig,
}
gin.WrapH(proxy)(c)
return
@@ -38,6 +38,7 @@ var (
httpPort = flag.Int("sish.httpport", 80, "The port for HTTP connections. This is only for output messages")
httpsAddr = flag.String("sish.https", "localhost:443", "The address to listen for HTTPS connections")
httpsPort = flag.Int("sish.httpsport", 443, "The port for HTTPS connections. This is only for output messages")
verifyOrigin = flag.Bool("sish.verifyorigin", true, "Whether or not to verify origin on websocket connection")
verifySSL = flag.Bool("sish.verifyssl", true, "Whether or not to verify SSL on proxy connection")
httpsEnabled = flag.Bool("sish.httpsenabled", false, "Whether or not to listen for HTTPS connections")
redirectRoot = flag.Bool("sish.redirectroot", true, "Whether or not to redirect the root domain")

0 comments on commit 75de6de

Please sign in to comment.
You can’t perform that action at this time.