From f5e4a421bbad86ab3b149b73c788e23103b4c845 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pascal=20Eng=C3=A9libert?= Date: Sun, 6 Apr 2025 16:20:05 +0200 Subject: [PATCH] CLI --- Cargo.lock | 61 ++++++++++++++++++++++++++++++++++++++++ Cargo.toml | 1 + README.md | 3 +- src/challenge.rs | 7 +++-- src/cli.rs | 10 +++++++ src/config.rs | 73 ++++++++++++++++++++++++++++++++++++++++++++++++ src/main.rs | 58 ++++++++++---------------------------- 7 files changed, 166 insertions(+), 47 deletions(-) create mode 100644 src/cli.rs create mode 100644 src/config.rs diff --git a/Cargo.lock b/Cargo.lock index 0bde92c..5a68860 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -44,6 +44,27 @@ version = "0.2.21" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "683d7910e743518b0e34f1186f92494becacb047c7b6bf616c96772180fef923" +[[package]] +name = "argp" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7409aa6f1dd8464eac2e56cf538e1e5f7f79678caa32f198d214a3db8d5075c1" +dependencies = [ + "argp_derive", +] + +[[package]] +name = "argp_derive" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7d9b949411282939e3f7d8923127e3f18aa474b46da4e8bb0ddf2cb8c81f963a" +dependencies = [ + "proc-macro2", + "pulldown-cmark", + "quote", + "syn", +] + [[package]] name = "arraydeque" version = "0.5.1" @@ -71,6 +92,12 @@ version = "0.22.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" +[[package]] +name = "bitflags" +version = "2.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c8214115b7bf84099f1309324e63141d4c5d7cc26862f97a0a857dbefe165bd" + [[package]] name = "block-buffer" version = "0.11.0-rc.4" @@ -129,6 +156,15 @@ dependencies = [ "crypto-common", ] +[[package]] +name = "getopts" +version = "0.2.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "14dbbfd5c71d70241ecf9e6f13737f7b5ce823821063188d7e46c41d371eebd5" +dependencies = [ + "unicode-width", +] + [[package]] name = "getrandom" version = "0.2.15" @@ -199,6 +235,7 @@ checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" name = "mesozoa" version = "0.1.0" dependencies = [ + "argp", "base64", "rand", "realm_io", @@ -277,6 +314,18 @@ dependencies = [ "unicode-ident", ] +[[package]] +name = "pulldown-cmark" +version = "0.9.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "57206b407293d2bcd3af849ce869d52068623f19e1b5ff8e8778e3309439682b" +dependencies = [ + "bitflags", + "getopts", + "memchr", + "unicase", +] + [[package]] name = "quote" version = "1.0.40" @@ -484,12 +533,24 @@ version = "1.18.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1dccffe3ce07af9386bfd29e80c0ab1a8205a2fc34e4bcd40364df902cfa8f3f" +[[package]] +name = "unicase" +version = "2.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "75b844d17643ee918803943289730bec8aac480150456169e647ed0b576ba539" + [[package]] name = "unicode-ident" version = "1.0.18" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5a5f39404a5da50712a4c1eecf25e90dd62b613502b7e925fd4e4d19b5c96512" +[[package]] +name = "unicode-width" +version = "0.1.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7dd6e30e90baa6f72411720665d41d89b9a3d039dc45b8faea1ddd07f617f6af" + [[package]] name = "version_check" version = "0.9.5" diff --git a/Cargo.toml b/Cargo.toml index c119268..0b1b32b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -4,6 +4,7 @@ version = "0.1.0" edition = "2024" [dependencies] +argp = "0.4.0" base64 = "0.22.1" rand = "0.8.5" realm_io = { version = "0.5" } diff --git a/README.md b/README.md index 5740f5d..bdef678 100644 --- a/README.md +++ b/README.md @@ -14,11 +14,12 @@ And because it looked like a fun little project. [Install rustup](https://rustup.rs) and a nightly Rust toolchain. - # Build executable at ./target/release/mesozoa cargo build --release Must be used behind a reverse proxy providing `X-Forwarded-For`. + ./target/release/mesozoa -c example-config.yaml + ## Challenge protocol ### Challenge generation diff --git a/src/challenge.rs b/src/challenge.rs index d43d4e7..4317ecd 100644 --- a/src/challenge.rs +++ b/src/challenge.rs @@ -1,9 +1,9 @@ +use crate::{MAC_LEN, SALT_LEN, SECRET_LEN}; + use base64::Engine; use sha3::Digest; use subtle::ConstantTimeEq; -use crate::{CHALLENGE_TIMEOUT, MAC_LEN, SALT_LEN, SECRET_LEN}; - pub fn check_challenge(seed: &[u8], proof: &[u8], target_zeros: u32) -> bool { let mut hasher = sha2::Sha256::default(); hasher.update(proof); @@ -47,6 +47,7 @@ pub fn verify_challenge_cookie( secret: &[u8; SECRET_LEN], user_agent: &[u8], ip: &[u8], + challenge_timeout: u64, ) -> bool { let Ok(cookie_bytes) = base64::engine::general_purpose::URL_SAFE_NO_PAD.decode(cookie) else { dbg!("invalid base64"); @@ -58,7 +59,7 @@ pub fn verify_challenge_cookie( } let timestamp: [u8; 8] = cookie_bytes[SALT_LEN..SALT_LEN + 8].try_into().unwrap(); let timestamp_time = u64::from_be_bytes(timestamp); - if timestamp_time.wrapping_add(CHALLENGE_TIMEOUT) + if timestamp_time.wrapping_add(challenge_timeout) < std::time::SystemTime::UNIX_EPOCH .elapsed() .unwrap() diff --git a/src/cli.rs b/src/cli.rs new file mode 100644 index 0000000..eac5198 --- /dev/null +++ b/src/cli.rs @@ -0,0 +1,10 @@ +/// PoW anti-crawler middle-proxy +/// +/// https://git.txmn.tk/tuxmain/mesozoa/ +/// Distributed under license GNU AGPL v3 without any warranty. +#[derive(argp::FromArgs)] +pub struct Cli { + /// Path to config file + #[argp(option, short = 'c')] + pub config: String, +} diff --git a/src/config.rs b/src/config.rs new file mode 100644 index 0000000..4d04d49 --- /dev/null +++ b/src/config.rs @@ -0,0 +1,73 @@ +use crate::policy::{Action, Policy}; + +use std::{io::Read, net::SocketAddr, str::FromStr}; + +pub struct Config { + pub listen_addr: SocketAddr, + pub pass_addr: SocketAddr, + pub default_action: Action, + pub challenge_timeout: u64, + pub policy_groups: Vec>, +} + +impl Config { + pub fn from_file(path: &str) -> Self { + let mut config_file = std::fs::File::open(path).expect("Cannot open config file"); + let mut config_str = String::new(); + config_file + .read_to_string(&mut config_str) + .expect("Cannot read config file"); + let config_yaml = saphyr::Yaml::load_from_str(&config_str).expect("Error parsing config"); + let config_doc = &config_yaml[0]; + + Config { + listen_addr: config_doc["listen"] + .as_str() + .expect("Missing listen address in config") + .parse() + .expect("Invalid listen address"), + pass_addr: config_doc["pass"] + .as_str() + .expect("Missing pass address in config") + .parse() + .expect("Invalid pass address"), + challenge_timeout: config_doc["challenge-timeout"] + .as_i64() + .expect("Missing challenge timeout in config") as u64, + default_action: Action::from_str( + config_doc["default-action"] + .as_str() + .expect("Missing default action in config"), + ) + .expect("Invalid default action"), + policy_groups: config_doc["policy-groups"] + .as_vec() + .expect("Missing policies in config") + .iter() + .map(|policy_group| { + policy_group + .as_vec() + .expect("Missing policies in config") + .iter() + .map(|policy| Policy { + name: policy["name"] + .as_str() + .expect("Expected policy name string") + .to_string(), + first_line_regex: policy["first-line"] + .as_str() + .expect("Expected policy first line regex string") + .to_string(), + action: Action::from_str( + policy["action"] + .as_str() + .expect("Expected policy action string"), + ) + .expect("Invalid policy action"), + }) + .collect() + }) + .collect(), + } + } +} diff --git a/src/main.rs b/src/main.rs index 522a25b..968758e 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,19 +1,16 @@ mod challenge; +mod cli; +mod config; mod http; mod policy; use http::HeaderLineIterator; -use policy::{CompiledPolicies, Policy}; +use policy::CompiledPolicies; use rand::Rng; use realm_syscall::socket2::TcpKeepalive; use regex::bytes::Regex; -use std::{ - io::{Read, Write}, - net::SocketAddr, - str::FromStr, - time::Duration, -}; +use std::{io::Write, net::SocketAddr, time::Duration}; use tokio::{ io::{AsyncWriteExt, ReadBuf}, net::{TcpSocket, TcpStream}, @@ -23,7 +20,6 @@ use tokio::{ const SALT_LEN: usize = 16; const SECRET_LEN: usize = 32; const MAC_LEN: usize = 32; -const CHALLENGE_TIMEOUT: u64 = 3600; const TARGET_ZEROS: u32 = 15; static CHALLENGE_BODY: &str = include_str!("challenge.html"); @@ -39,35 +35,9 @@ macro_rules! mk_static { #[tokio::main] async fn main() { - let mut config_file = - std::fs::File::open("example-config.yaml").expect("Cannot open config file"); - let mut config_str = String::new(); - config_file - .read_to_string(&mut config_str) - .expect("Cannot read config file"); - let config_yaml = saphyr::Yaml::load_from_str(&config_str).expect("Error parsing config"); - let config_doc = &config_yaml[0]; - let listen_addr: SocketAddr = config_doc["listen"] - .as_str() - .expect("Missing listen address in config") - .parse() - .expect("Invalid listen address"); - let pass_addr: SocketAddr = config_doc["pass"] - .as_str() - .expect("Missing pass address in config") - .parse() - .expect("Invalid pass address"); - let default_action = policy::Action::from_str( - config_doc["default-action"] - .as_str() - .expect("Missing default action in config"), - ) - .expect("Invalid default action"); - let policy_groups: Vec> = config_doc["policy-groups"].as_vec().expect("Missing policies in config").into_iter().map(|policy_group| policy_group.as_vec().expect("Missing policies in config").into_iter().map(|policy| Policy { - name: policy["name"].as_str().expect("Expected policy name string").to_string(), - first_line_regex: policy["first-line"].as_str().expect("Expected policy first line regex string").to_string(), - action: policy::Action::from_str(policy["action"].as_str().expect("Expected policy action string")).expect("Invalid policy action"), - }).collect()).collect(); + let cli: cli::Cli = argp::parse_args_or_exit(argp::DEFAULT); + + let config = config::Config::from_file(&cli.config); let mut rng = rand::thread_rng(); @@ -75,17 +45,18 @@ async fn main() { let policy_groups = &*mk_static!( Vec, - policy_groups + config + .policy_groups .into_iter() .map(CompiledPolicies::new) .collect() ); - let socket = realm_syscall::new_tcp_socket(&listen_addr).unwrap(); + let socket = realm_syscall::new_tcp_socket(&config.listen_addr).unwrap(); socket.set_reuse_address(true).ok(); - socket.bind(&listen_addr.into()).unwrap(); + socket.bind(&config.listen_addr.into()).unwrap(); socket.listen(1024).unwrap(); let listener = tokio::net::TcpListener::from_std(socket.into()).unwrap(); @@ -144,7 +115,7 @@ async fn main() { return; }; - let mut action = default_action; + let mut action = config.default_action; for policy_group in policy_groups.iter() { if let Some(policy) = policy_group.evaluate(first_line) { println!("Applying policy {}", policy.name); @@ -156,7 +127,7 @@ async fn main() { match action { policy::Action::Drop => {} policy::Action::Allow => { - do_proxy(pass_addr, client_stream).await; + do_proxy(config.pass_addr, client_stream).await; } policy::Action::Challenge => { let mut req_challenge = None; @@ -187,6 +158,7 @@ async fn main() { &secret, req_user_agent, req_ip, + config.challenge_timeout, ); allow = dbg!(valid_challenge) && dbg!(challenge::check_challenge( @@ -197,7 +169,7 @@ async fn main() { } if allow { - do_proxy(pass_addr, client_stream).await; + do_proxy(config.pass_addr, client_stream).await; } else { let salt: [u8; SALT_LEN] = rand::thread_rng().r#gen();