CLI

2025-04-06 16:20:05 +02:00 · 2025-04-06 16:20:05 +02:00 · f5e4a421bb
commit f5e4a421bb
parent 5dc6ca05ce
7 changed files with 166 additions and 47 deletions
--- a/src/challenge.rs
+++ b/src/challenge.rs
@ -1,9 +1,9 @@
+use crate::{MAC_LEN, SALT_LEN, SECRET_LEN};
+
 use base64::Engine;
 use sha3::Digest;
 use subtle::ConstantTimeEq;

-use crate::{CHALLENGE_TIMEOUT, MAC_LEN, SALT_LEN, SECRET_LEN};
-
 pub fn check_challenge(seed: &[u8], proof: &[u8], target_zeros: u32) -> bool {
 	let mut hasher = sha2::Sha256::default();
 	hasher.update(proof);
@ -47,6 +47,7 @@ pub fn verify_challenge_cookie(
 	secret: &[u8; SECRET_LEN],
 	user_agent: &[u8],
 	ip: &[u8],
+	challenge_timeout: u64,
 ) -> bool {
 	let Ok(cookie_bytes) = base64::engine::general_purpose::URL_SAFE_NO_PAD.decode(cookie) else {
 		dbg!("invalid base64");
@ -58,7 +59,7 @@ pub fn verify_challenge_cookie(
 	}
 	let timestamp: [u8; 8] = cookie_bytes[SALT_LEN..SALT_LEN + 8].try_into().unwrap();
 	let timestamp_time = u64::from_be_bytes(timestamp);
-	if timestamp_time.wrapping_add(CHALLENGE_TIMEOUT)
+	if timestamp_time.wrapping_add(challenge_timeout)
 		< std::time::SystemTime::UNIX_EPOCH
 			.elapsed()
 			.unwrap()
--- a/src/cli.rs
+++ b/src/cli.rs
@ -0,0 +1,10 @@
+/// PoW anti-crawler middle-proxy
+/// 
+/// https://git.txmn.tk/tuxmain/mesozoa/  
+/// Distributed under license GNU AGPL v3 without any warranty.
+#[derive(argp::FromArgs)]
+pub struct Cli {
+	/// Path to config file
+	#[argp(option, short = 'c')]
+	pub config: String,
+}
--- a/src/config.rs
+++ b/src/config.rs
@ -0,0 +1,73 @@
+use crate::policy::{Action, Policy};
+
+use std::{io::Read, net::SocketAddr, str::FromStr};
+
+pub struct Config {
+	pub listen_addr: SocketAddr,
+	pub pass_addr: SocketAddr,
+	pub default_action: Action,
+	pub challenge_timeout: u64,
+	pub policy_groups: Vec<Vec<Policy>>,
+}
+
+impl Config {
+	pub fn from_file(path: &str) -> Self {
+		let mut config_file = std::fs::File::open(path).expect("Cannot open config file");
+		let mut config_str = String::new();
+		config_file
+			.read_to_string(&mut config_str)
+			.expect("Cannot read config file");
+		let config_yaml = saphyr::Yaml::load_from_str(&config_str).expect("Error parsing config");
+		let config_doc = &config_yaml[0];
+
+		Config {
+			listen_addr: config_doc["listen"]
+				.as_str()
+				.expect("Missing listen address in config")
+				.parse()
+				.expect("Invalid listen address"),
+			pass_addr: config_doc["pass"]
+				.as_str()
+				.expect("Missing pass address in config")
+				.parse()
+				.expect("Invalid pass address"),
+			challenge_timeout: config_doc["challenge-timeout"]
+				.as_i64()
+				.expect("Missing challenge timeout in config") as u64,
+			default_action: Action::from_str(
+				config_doc["default-action"]
+					.as_str()
+					.expect("Missing default action in config"),
+			)
+			.expect("Invalid default action"),
+			policy_groups: config_doc["policy-groups"]
+				.as_vec()
+				.expect("Missing policies in config")
+				.iter()
+				.map(|policy_group| {
+					policy_group
+						.as_vec()
+						.expect("Missing policies in config")
+						.iter()
+						.map(|policy| Policy {
+							name: policy["name"]
+								.as_str()
+								.expect("Expected policy name string")
+								.to_string(),
+							first_line_regex: policy["first-line"]
+								.as_str()
+								.expect("Expected policy first line regex string")
+								.to_string(),
+							action: Action::from_str(
+								policy["action"]
+									.as_str()
+									.expect("Expected policy action string"),
+							)
+							.expect("Invalid policy action"),
+						})
+						.collect()
+				})
+				.collect(),
+		}
+	}
+}
--- a/src/main.rs
+++ b/src/main.rs
@ -1,19 +1,16 @@
 mod challenge;
+mod cli;
+mod config;
 mod http;
 mod policy;

 use http::HeaderLineIterator;
-use policy::{CompiledPolicies, Policy};
+use policy::CompiledPolicies;

 use rand::Rng;
 use realm_syscall::socket2::TcpKeepalive;
 use regex::bytes::Regex;
-use std::{
-	io::{Read, Write},
-	net::SocketAddr,
-	str::FromStr,
-	time::Duration,
-};
+use std::{io::Write, net::SocketAddr, time::Duration};
 use tokio::{
 	io::{AsyncWriteExt, ReadBuf},
 	net::{TcpSocket, TcpStream},
@ -23,7 +20,6 @@ use tokio::{
 const SALT_LEN: usize = 16;
 const SECRET_LEN: usize = 32;
 const MAC_LEN: usize = 32;
-const CHALLENGE_TIMEOUT: u64 = 3600;
 const TARGET_ZEROS: u32 = 15;

 static CHALLENGE_BODY: &str = include_str!("challenge.html");
@ -39,35 +35,9 @@ macro_rules! mk_static {

 #[tokio::main]
 async fn main() {
-	let mut config_file =
-		std::fs::File::open("example-config.yaml").expect("Cannot open config file");
-	let mut config_str = String::new();
-	config_file
-		.read_to_string(&mut config_str)
-		.expect("Cannot read config file");
-	let config_yaml = saphyr::Yaml::load_from_str(&config_str).expect("Error parsing config");
-	let config_doc = &config_yaml[0];
-	let listen_addr: SocketAddr = config_doc["listen"]
-		.as_str()
-		.expect("Missing listen address in config")
-		.parse()
-		.expect("Invalid listen address");
-	let pass_addr: SocketAddr = config_doc["pass"]
-		.as_str()
-		.expect("Missing pass address in config")
-		.parse()
-		.expect("Invalid pass address");
-	let default_action = policy::Action::from_str(
-		config_doc["default-action"]
-			.as_str()
-			.expect("Missing default action in config"),
-	)
-	.expect("Invalid default action");
-	let policy_groups: Vec<Vec<Policy>> = config_doc["policy-groups"].as_vec().expect("Missing policies in config").into_iter().map(|policy_group| policy_group.as_vec().expect("Missing policies in config").into_iter().map(|policy| Policy {
-		name: policy["name"].as_str().expect("Expected policy name string").to_string(),
-		first_line_regex: policy["first-line"].as_str().expect("Expected policy first line regex string").to_string(),
-		action: policy::Action::from_str(policy["action"].as_str().expect("Expected policy action string")).expect("Invalid policy action"),
-	}).collect()).collect();
+	let cli: cli::Cli = argp::parse_args_or_exit(argp::DEFAULT);
+
+	let config = config::Config::from_file(&cli.config);

 	let mut rng = rand::thread_rng();

@ -75,17 +45,18 @@ async fn main() {

 	let policy_groups = &*mk_static!(
 		Vec<CompiledPolicies>,
-		policy_groups
+		config
+			.policy_groups
 			.into_iter()
 			.map(CompiledPolicies::new)
 			.collect()
 	);

-	let socket = realm_syscall::new_tcp_socket(&listen_addr).unwrap();
+	let socket = realm_syscall::new_tcp_socket(&config.listen_addr).unwrap();

 	socket.set_reuse_address(true).ok();

-	socket.bind(&listen_addr.into()).unwrap();
+	socket.bind(&config.listen_addr.into()).unwrap();
 	socket.listen(1024).unwrap();

 	let listener = tokio::net::TcpListener::from_std(socket.into()).unwrap();
@ -144,7 +115,7 @@ async fn main() {
 				return;
 			};

-			let mut action = default_action;
+			let mut action = config.default_action;
 			for policy_group in policy_groups.iter() {
 				if let Some(policy) = policy_group.evaluate(first_line) {
 					println!("Applying policy {}", policy.name);
@ -156,7 +127,7 @@ async fn main() {
 			match action {
 				policy::Action::Drop => {}
 				policy::Action::Allow => {
-					do_proxy(pass_addr, client_stream).await;
+					do_proxy(config.pass_addr, client_stream).await;
 				}
 				policy::Action::Challenge => {
 					let mut req_challenge = None;
@ -187,6 +158,7 @@ async fn main() {
 							&secret,
 							req_user_agent,
 							req_ip,
+							config.challenge_timeout,
 						);
 						allow = dbg!(valid_challenge)
 							&& dbg!(challenge::check_challenge(
@ -197,7 +169,7 @@ async fn main() {
 					}

 					if allow {
-						do_proxy(pass_addr, client_stream).await;
+						do_proxy(config.pass_addr, client_stream).await;
 					} else {
 						let salt: [u8; SALT_LEN] = rand::thread_rng().r#gen();