Commit Graph

42 Commits

Author SHA1 Message Date
Shayon Mukherjee df3ef06169 Support ingress rule matching for bastion mode 2024-05-10 16:07:03 -04:00
Devin Carr 887e486a63 TUN-7057: Remove dependency github.com/gorilla/mux 2022-12-24 21:05:51 -07:00
Devin Carr 515ad7cbee TUN-6917: Bump go to 1.19.3 2022-11-07 09:19:19 -08:00
Lars Lehtonen 636ec75010
carrier: fix dropped errors 2022-03-30 07:09:09 -07:00
Dimitris Apostolou 197a70c9c4
Fix typos 2021-11-12 17:38:06 +02:00
Igor Postelnik 3ad99b241c TUN-4168: Transparently proxy websocket connections using stdlib HTTP client instead of gorilla/websocket; move websocket client code into carrier package since it's only used by access subcommands now (#345). 2021-04-07 16:25:46 +00:00
Igor Postelnik 8ca0d86c85 TUN-3863: Consolidate header handling logic in the connection package; move headers definitions from h2mux to packages that manage them; cleanup header conversions
All header transformation code from h2mux has been consolidated in the connection package since it's used by both h2mux and http2 logic.
Exported headers used by proxying between edge and cloudflared so then can be shared by tunnel service on the edge.
Moved access-related headers to corresponding packages that have the code that sets/uses these headers.
Removed tunnel hostname tracking from h2mux since it wasn't used by anything. We will continue to set the tunnel hostname header from the edge for backward compatibilty, but it's no longer used by cloudflared.
Move bastion-related logic into carrier package, untangled dependencies between carrier, origin, and websocket packages.
2021-03-29 21:57:56 +00:00
Igor Postelnik da4d0b2bae TUN-4067: Reformat code for consistent import order, grouping, and fix formatting. Added goimports target to the Makefile to make this easier in the future. 2021-03-24 10:53:29 -05:00
Nuno Diegues 8432735867 TUN-4060: Fix Go Vet warnings (new with go 1.16) where t.Fatalf is called from a test goroutine 2021-03-16 16:12:11 +00:00
Michael Borkenstein 841344f1e7 AUTH-3394: Creates a token per app instead of per path - with fix for
free tunnels
2021-03-12 15:49:47 +00:00
Adam Chalmers b0e69c4b8a Revert "AUTH-3394: Creates a token per app instead of per path"
This reverts commit 8e340d9598.
2021-03-10 13:54:38 -06:00
Michael Borkenstein 8e340d9598 AUTH-3394: Creates a token per app instead of per path 2021-03-10 17:15:16 +00:00
Nuno Diegues 4296b23087 TUN-4069: Fix regression on support for websocket over proxy 2021-03-09 19:43:10 +00:00
Igor Postelnik 39065377b5 TUN-4063: Cleanup dependencies between packages.
- Move packages the provide generic functionality (such as config) from `cmd` subtree to top level.
- Remove all dependencies on `cmd` subtree from top level packages.
- Consolidate all code dealing with token generation and transfer to a single cohesive package.
2021-03-09 14:02:59 +00:00
cthuang 63a29f421a TUN-3895: Tests for socks stream handler 2021-02-23 14:19:47 +00:00
Igor Postelnik 9c298e4851 TUN-3855: Add ability to override target of 'access ssh' command to a different host for testing 2021-02-23 14:19:47 +00:00
Sudarsan Reddy 8b794390e5 TUN-3799: extended the Stream interface to take a logger and added debug logs for io.Copy errors 2021-02-23 14:19:47 +00:00
Sudarsan Reddy 368066a966 TUN-3615: added support to proxy tcp streams
added ingress.DefaultStreamHandler and a basic test for tcp stream proxy
moved websocket.Stream to ingress
cloudflared no longer picks tcpstream host from header
2021-02-23 14:19:47 +00:00
cthuang e2262085e5 TUN-3617: Separate service from client, and implement different client for http vs. tcp origins
- extracted ResponseWriter from proxyConnection
 - added bastion tests over websocket
 - removed HTTPResp()
 - added some docstrings
 - Renamed some ingress clients as proxies
 - renamed instances of client to proxy in connection and origin
 - Stream no longer takes a context and logger.Service
2021-02-23 14:19:44 +00:00
Areg Harutyunyan 55bf904689 TUN-3471: Add structured log context to logs 2021-01-05 20:21:16 +00:00
Areg Harutyunyan 870f5fa907 TUN-3470: Replace in-house logger calls with zerolog 2020-12-23 14:15:17 -06:00
Dalton 2463d6b92c TUN-3352 extra debug logging for websockets 2020-08-31 17:14:02 -05:00
Dalton ae8d784e36 AUTH-2763 don't redirect from curl command 2020-06-11 15:38:11 -05:00
Dalton 0d87279b2f AUTH-2785 service token flag fix and logger fix 2020-06-09 11:00:56 -05:00
Dalton 2f70b05c64 AUTH-2169 make access login page more generic 2020-06-08 11:20:30 -05:00
Dalton 046be63253 AUTH-2596 added new logger package and replaced logrus 2020-05-27 17:07:19 -05:00
Michael Borkenstein b89cc22896 AUTH-2369: RDP Bastion prototype 2020-05-19 21:10:50 -05:00
Igor Postelnik fbe2989f61 TUN-2955: Fix connection and goroutine leaks when tunnel conection is terminated on error. Only unregister tunnels that had connected successfully. Close edge connection used to unregister the tunnel. Use buffered channels for error channels where receiver may quit early on context cancellation. 2020-05-06 03:13:24 +00:00
Dalton 41c358147c AUTH-2587 add config watcher and reload logic for access client forwarder 2020-04-29 11:07:35 -05:00
Dalton a37da2b165 AUTH-2394 added socks5 proxy 2020-04-07 13:30:28 -05:00
Michael Borkenstein 1d5cc45ac7 AUTH-2055: Verifies token at edge on access login 2019-09-24 18:22:33 +00:00
Austin Cherry 8f25704a90 AUTH-1736: Better handling of token revocation
We removed all token validation from cloudflared and now rely on
the edge to do the validation. This is better because the edge is
the only thing that fully knows about token revocation. So if a user
logs out or the application revokes all it's tokens cloudflared will
now handle that process instead of barfing on it.

When we go to fetch a token we will check for the existence of a
lock file. If the lock file exists, we stop and poll every half
second to see if the lock is still there. Once the lock file is
removed, it will restart the function to (hopefully) go pick up
the valid token that was just created.
2019-07-10 21:35:46 +00:00
Austin Cherry 25cfffd0d1 AUTH-1781: fixed race condition for short lived certs, doc required config 2019-05-23 10:17:43 -05:00
Austin Cherry fa17b0200f AUTH-1557: Short Lived Certs 2019-05-07 11:21:11 -05:00
Nick Vollmar 9a43a92b1c TUN-1577: decompose carrier.StartServer to make TestStartServer less flappy 2019-04-09 15:09:58 -05:00
Austin Cherry 850f804c47 AUTH-1519: Added logging 2019-02-19 12:53:33 -06:00
Austin Cherry 92defa26d4 AUTH-1511: Add custom headers for ssh command 2019-02-07 16:38:52 -06:00
Austin Cherry f94699e07b AUTH-1459: improved ssh streaming error message 2019-01-25 10:45:50 -06:00
Austin Cherry f49d9dcb67 AUTH-1320: Fixed request issue and unhide the ssh command 2018-11-15 13:08:56 -06:00
Nick Vollmar 9a48fe959d TUN-1158: Windows: use process arguments rather than trivial service arguments
TUN-1158: Fix segfault when carrier test case fails
2018-10-29 14:14:53 -05:00
Austin Cherry 80a75e91d2 AUTH-1188: UX Review and Changes for CLI SSH Access 2018-10-25 15:50:27 -05:00
Austin Cherry fa92441415 AUTH-1070: added SSH/protocol forwarding 2018-10-11 11:34:37 -05:00