Check that incoming connections are actually expected.

Author: adewes

proxy/private_server.go

@@ -133,6 +133,12 @@ var IncomingConnectionForm = forms.Form{
 				forms.IsString{},
 			},
 		},
+		{
+			Name: "domain",
+			Validators: []forms.Validator{
+				forms.IsString{},
+			},
+		},
 		{
 			Name: "_client",
 			Validators: []forms.Validator{
@@ -162,19 +168,30 @@ func (c *PrivateServer) getAnnouncements(context *jsonrpc.Context, params *GetPr
 }
 
 type IncomingConnectionParams struct {
+	Domain   string          `json:"domain"`
 	Endpoint string          `json:"endpoint"`
 	Token    []byte          `json:"token"`
 	Client   *eps.ClientInfo `json:"_client"`
 }
 
 func (c *PrivateServer) incomingConnection(context *jsonrpc.Context, params *IncomingConnectionParams) *jsonrpc.Response {
 
-	data, err := json.Marshal(params.Client)
+	found := false
+	for _, announcement := range c.announcements {
+		if announcement.Proxy == params.Client.Name && announcement.Domain == params.Domain {
+			// we make sure the announcement is not expired
+			if announcement.ExpiresAt != nil && announcement.ExpiresAt.Before(time.Now()) {
+				continue
+			}
+			found = true
+			break
+		}
+	}
 
-	if err != nil {
-		return context.InternalError()
+	if !found {
+		return context.Error(404, "no matching connection found", nil)
 	}
-	eps.Log.Info(string(data))
+
 	connection := MakeProxyConnection(params.Endpoint, c.settings.InternalEndpoint, params.Token)
 
 	go func() {

proxy/public_server.go

@@ -443,7 +443,7 @@ func (s *PublicServer) handleTlsConnection(conn net.Conn) {
 
 		// we tell the internal proxy about an incoming connection
 		request := jsonrpc.MakeRequest(fmt.Sprintf("%s.incomingConnection", announcement.Operator), "", map[string]interface{}{
-			"hostname": hostName,
+			"domain":   hostName,
 			"token":    randomStr,
 			"endpoint": s.settings.InternalEndpoint,
 		})