diff --git a/socketserver/server/backend.go b/socketserver/server/backend.go index 62fccd16..a3826284 100644 --- a/socketserver/server/backend.go +++ b/socketserver/server/backend.go @@ -15,6 +15,7 @@ import ( "sync" "time" + "github.com/FrankerFaceZ/FrankerFaceZ/socketserver/server/naclform" cache "github.com/patrickmn/go-cache" "golang.org/x/crypto/nacl/box" ) @@ -33,8 +34,7 @@ type backendInfo struct { addTopicURL string announceStartupURL string - sharedKey [32]byte - serverID int + secureForm naclform.ServerInfo lastSuccess map[string]time.Time lastSuccessLock sync.Mutex @@ -45,7 +45,7 @@ var Backend *backendInfo func setupBackend(config *ConfigFile) *backendInfo { b := new(backendInfo) Backend = b - b.serverID = config.ServerID + b.secureForm.ServerID = config.ServerID b.HTTPClient.Timeout = 60 * time.Second b.baseURL = config.BackendURL @@ -68,7 +68,7 @@ func setupBackend(config *ConfigFile) *backendInfo { copy(theirPublic[:], config.BackendPublicKey) copy(ourPrivate[:], config.OurPrivateKey) - box.Precompute(&b.sharedKey, &theirPublic, &ourPrivate) + box.Precompute(&b.secureForm.SharedKey, &theirPublic, &ourPrivate) return b } @@ -119,7 +119,7 @@ func (backend *backendInfo) SendRemoteCommand(remoteCommand, data string, auth A formData.Set("authenticated", "0") } - sealedForm, err := backend.SealRequest(formData) + sealedForm, err := backend.secureForm.Seal(formData) if err != nil { return "", err } @@ -178,7 +178,7 @@ func (backend *backendInfo) SendRemoteCommand(remoteCommand, data string, auth A // SendAggregatedData sends aggregated emote usage and following data to the backend server. func (backend *backendInfo) SendAggregatedData(form url.Values) error { - sealedForm, err := backend.SealRequest(form) + sealedForm, err := backend.secureForm.Seal(form) if err != nil { return err } @@ -235,7 +235,7 @@ func (backend *backendInfo) sendTopicNotice(topic string, added bool) error { formData.Set("added", "f") } - sealedForm, err := backend.SealRequest(formData) + sealedForm, err := backend.secureForm.Seal(formData) if err != nil { return err } diff --git a/socketserver/server/backend_test.go b/socketserver/server/backend_test.go index d1c85adb..0e9d2d6f 100644 --- a/socketserver/server/backend_test.go +++ b/socketserver/server/backend_test.go @@ -18,14 +18,14 @@ func TestSealRequest(t *testing.T) { "QuickBrownFox": []string{"LazyDog"}, } - sealedValues, err := b.SealRequest(values) + sealedValues, err := b.secureForm.Seal(values) if err != nil { t.Fatal(err) } // sealedValues.Encode() // id=0&msg=KKtbng49dOLLyjeuX5AnXiEe6P0uZwgeP_7mMB5vhP-wMAAPZw%3D%3D&nonce=-wRbUnifscisWUvhm3gBEXHN5QzrfzgV - unsealedValues, err := b.UnsealRequest(sealedValues) + unsealedValues, err := b.secureForm.Unseal(sealedValues) if err != nil { t.Fatal(err) } diff --git a/socketserver/server/commands.go b/socketserver/server/commands.go index aef92cf7..01d621da 100644 --- a/socketserver/server/commands.go +++ b/socketserver/server/commands.go @@ -2,11 +2,9 @@ package server import ( "encoding/json" - "errors" "fmt" "log" "net/url" - "strconv" "sync" "time" @@ -96,7 +94,7 @@ func DispatchC2SCommand(conn *websocket.Conn, client *ClientInfo, msg ClientMess } } -func callHandler(handler CommandHandler, conn *websocket.Conn, client *ClientInfo, cmsg ClientMessage) (rmsg ClientMessage, err error) { +func callHandler(handler CommandHandler, conn *websocket.Conn, client *ClientInfo, cmsg ClientMessage) (_ ClientMessage, err error) { defer func() { if r := recover(); r != nil { var ok bool @@ -112,7 +110,7 @@ func callHandler(handler CommandHandler, conn *websocket.Conn, client *ClientInf // C2SHello implements the `hello` C2S Command. // It calls SubscribeGlobal() and SubscribeDefaults() with the client, and fills out ClientInfo.Version and ClientInfo.ClientID. -func C2SHello(conn *websocket.Conn, client *ClientInfo, msg ClientMessage) (rmsg ClientMessage, err error) { +func C2SHello(_ *websocket.Conn, client *ClientInfo, msg ClientMessage) (_ ClientMessage, err error) { ary, ok := msg.Arguments.([]interface{}) if !ok { err = ErrExpectedTwoStrings @@ -163,16 +161,16 @@ func C2SHello(conn *websocket.Conn, client *ClientInfo, msg ClientMessage) (rmsg }, nil } -func C2SPing(conn *websocket.Conn, client *ClientInfo, msg ClientMessage) (rmsg ClientMessage, err error) { +func C2SPing(*websocket.Conn, *ClientInfo, ClientMessage) (ClientMessage, error) { return ClientMessage{ Arguments: float64(time.Now().UnixNano()/1000) / 1000, }, nil } -func C2SSetUser(conn *websocket.Conn, client *ClientInfo, msg ClientMessage) (rmsg ClientMessage, err error) { +func C2SSetUser(_ *websocket.Conn, client *ClientInfo, msg ClientMessage) (ClientMessage, error) { username, err := msg.ArgumentsAsString() if err != nil { - return + return ClientMessage{}, err } username = copyString(username) @@ -192,29 +190,24 @@ func C2SSetUser(conn *websocket.Conn, client *ClientInfo, msg ClientMessage) (rm return ResponseSuccess, nil } -func C2SReady(conn *websocket.Conn, client *ClientInfo, msg ClientMessage) (rmsg ClientMessage, err error) { - // disconnectAt, err := msg.ArgumentsAsInt() - // if err != nil { - // return - // } - +func C2SReady(_ *websocket.Conn, client *ClientInfo, msg ClientMessage) (ClientMessage, error) { client.Mutex.Lock() client.ReadyComplete = true client.Mutex.Unlock() client.MsgChannelKeepalive.Add(1) go func() { - client.Send(ClientMessage{MessageID: msg.MessageID, Command: SuccessCommand}) + client.Send(msg.Reply(SuccessCommand, nil)) SendBacklogForNewClient(client) client.MsgChannelKeepalive.Done() }() return ClientMessage{Command: AsyncResponseCommand}, nil } -func C2SSubscribe(conn *websocket.Conn, client *ClientInfo, msg ClientMessage) (rmsg ClientMessage, err error) { +func C2SSubscribe(_ *websocket.Conn, client *ClientInfo, msg ClientMessage) (ClientMessage, error) { channel, err := msg.ArgumentsAsString() if err != nil { - return + return ClientMessage{}, err } channel = PubSubChannelPool.Intern(channel) @@ -238,10 +231,10 @@ func C2SSubscribe(conn *websocket.Conn, client *ClientInfo, msg ClientMessage) ( // C2SUnsubscribe implements the `unsub` C2S Command. // It removes the channel from ClientInfo.CurrentChannels and calls UnsubscribeSingleChat. -func C2SUnsubscribe(conn *websocket.Conn, client *ClientInfo, msg ClientMessage) (rmsg ClientMessage, err error) { +func C2SUnsubscribe(_ *websocket.Conn, client *ClientInfo, msg ClientMessage) (ClientMessage, error) { channel, err := msg.ArgumentsAsString() if err != nil { - return + return ClientMessage{}, err } channel = PubSubChannelPool.Intern(channel) @@ -256,9 +249,8 @@ func C2SUnsubscribe(conn *websocket.Conn, client *ClientInfo, msg ClientMessage) } // C2SSurvey implements the survey C2S Command. -// Surveys are discarded.s -func C2SSurvey(conn *websocket.Conn, client *ClientInfo, msg ClientMessage) (rmsg ClientMessage, err error) { - // Discard +func C2SSurvey(*websocket.Conn, *ClientInfo, ClientMessage) (ClientMessage, error) { + // Surveys are not collected. return ResponseSuccess, nil } @@ -276,7 +268,7 @@ var followEventsLock sync.Mutex // C2STrackFollow implements the `track_follow` C2S Command. // It adds the record to `followEvents`, which is submitted to the backend on a timer. -func C2STrackFollow(conn *websocket.Conn, client *ClientInfo, msg ClientMessage) (rmsg ClientMessage, err error) { +func C2STrackFollow(_ *websocket.Conn, client *ClientInfo, msg ClientMessage) (_ ClientMessage, err error) { channel, following, err := msg.ArgumentsAsStringAndBool() if err != nil { return @@ -293,68 +285,18 @@ func C2STrackFollow(conn *websocket.Conn, client *ClientInfo, msg ClientMessage) } // AggregateEmoteUsage is a map from emoteID to a map from chatroom name to usage count. -var aggregateEmoteUsage = make(map[int]map[string]int) +//var aggregateEmoteUsage = make(map[int]map[string]int) // AggregateEmoteUsageLock is the lock for AggregateEmoteUsage. -var aggregateEmoteUsageLock sync.Mutex +//var aggregateEmoteUsageLock sync.Mutex // ErrNegativeEmoteUsage is emitted when the submitted emote usage is negative. -var ErrNegativeEmoteUsage = errors.New("Emote usage count cannot be negative") +//var ErrNegativeEmoteUsage = errors.New("Emote usage count cannot be negative") // C2SEmoticonUses implements the `emoticon_uses` C2S Command. // msg.Arguments are in the JSON format of [1]map[emoteID]map[ChatroomName]float64. -func C2SEmoticonUses(conn *websocket.Conn, client *ClientInfo, msg ClientMessage) (rmsg ClientMessage, err error) { - // if this panics, will be caught by callHandler - mapRoot := msg.Arguments.([]interface{})[0].(map[string]interface{}) - - // Validate: male suire - for strEmote, val1 := range mapRoot { - _, err = strconv.Atoi(strEmote) - if err != nil { - return - } - mapInner := val1.(map[string]interface{}) - for _, val2 := range mapInner { - var count = int(val2.(float64)) - if count <= 0 { - err = ErrNegativeEmoteUsage - return - } - } - } - - aggregateEmoteUsageLock.Lock() - defer aggregateEmoteUsageLock.Unlock() - - var total int - - for strEmote, val1 := range mapRoot { - var emoteID int - emoteID, err = strconv.Atoi(strEmote) - if err != nil { - return - } - - destMapInner, ok := aggregateEmoteUsage[emoteID] - if !ok { - destMapInner = make(map[string]int) - aggregateEmoteUsage[emoteID] = destMapInner - } - - mapInner := val1.(map[string]interface{}) - for roomName, val2 := range mapInner { - var count = int(val2.(float64)) - if count > 200 { - count = 200 - } - roomName = TwitchChannelPool.Intern(roomName) - destMapInner[roomName] += count - total += count - } - } - - Statistics.EmotesReportedTotal += uint64(total) - +func C2SEmoticonUses(*websocket.Conn, *ClientInfo, ClientMessage) (ClientMessage, error) { + // We do not collect emote usage data return ResponseSuccess, nil } @@ -371,10 +313,10 @@ func aggregateDataSender_do() { follows := followEvents followEvents = nil followEventsLock.Unlock() - aggregateEmoteUsageLock.Lock() - emoteUsage := aggregateEmoteUsage - aggregateEmoteUsage = make(map[int]map[string]int) - aggregateEmoteUsageLock.Unlock() + //aggregateEmoteUsageLock.Lock() + //emoteUsage := aggregateEmoteUsage + //aggregateEmoteUsage = make(map[int]map[string]int) + //aggregateEmoteUsageLock.Unlock() reportForm := url.Values{} @@ -386,10 +328,10 @@ func aggregateDataSender_do() { } strEmoteUsage := make(map[string]map[string]int) - for emoteID, usageByChannel := range emoteUsage { - strEmoteID := strconv.Itoa(emoteID) - strEmoteUsage[strEmoteID] = usageByChannel - } + //for emoteID, usageByChannel := range emoteUsage { + // strEmoteID := strconv.Itoa(emoteID) + // strEmoteUsage[strEmoteID] = usageByChannel + //} emoteJSON, err := json.Marshal(strEmoteUsage) if err != nil { log.Println("error reporting aggregate data:", err) @@ -429,7 +371,7 @@ var bunchGroup singleflight.Group // C2SHandleBunchedCommand handles C2S Commands such as `get_link`. // It makes a request to the backend server for the data, but any other requests coming in while the first is pending also get the responses from the first one. -func C2SHandleBunchedCommand(conn *websocket.Conn, client *ClientInfo, msg ClientMessage) (ClientMessage, error) { +func C2SHandleBunchedCommand(_ *websocket.Conn, client *ClientInfo, msg ClientMessage) (ClientMessage, error) { key := fmt.Sprintf("%s:%s", msg.Command, msg.origArguments) resultCh := bunchGroup.DoChan(key, func() (interface{}, error) { @@ -439,29 +381,21 @@ func C2SHandleBunchedCommand(conn *websocket.Conn, client *ClientInfo, msg Clien client.MsgChannelKeepalive.Add(1) go func() { result := <-resultCh - var reply ClientMessage - reply.MessageID = msg.MessageID - if result.Err != nil { - reply.Command = ErrorCommand - if efb, ok := result.Err.(ErrForwardedFromBackend); ok { - reply.Arguments = efb.JSONError - } else { - reply.Arguments = result.Err.Error() - } + if efb, ok := result.Err.(ErrForwardedFromBackend); ok { + client.Send(msg.Reply(ErrorCommand, efb.JSONError)) + } else if result.Err != nil { + client.Send(msg.Reply(ErrorCommand, result.Err.Error())) } else { - reply.Command = SuccessCommand - reply.origArguments = result.Val.(string) - reply.parseOrigArguments() + client.Send(msg.ReplyJSON(SuccessCommand, result.Val.(string))) } - client.Send(reply) client.MsgChannelKeepalive.Done() }() return ClientMessage{Command: AsyncResponseCommand}, nil } -func C2SHandleRemoteCommand(conn *websocket.Conn, client *ClientInfo, msg ClientMessage) (rmsg ClientMessage, err error) { +func C2SHandleRemoteCommand(conn *websocket.Conn, client *ClientInfo, msg ClientMessage) (ClientMessage, error) { client.MsgChannelKeepalive.Add(1) go doRemoteCommand(conn, msg, client) @@ -477,7 +411,7 @@ func doRemoteCommand(conn *websocket.Conn, msg ClientMessage, client *ClientInfo if err == ErrAuthorizationNeeded { if client.TwitchUsername == "" { // Not logged in - client.Send(ClientMessage{MessageID: msg.MessageID, Command: ErrorCommand, Arguments: AuthorizationNeededError}) + client.Send(msg.Reply(ErrorCommand, AuthorizationNeededError)) client.MsgChannelKeepalive.Done() return } @@ -485,19 +419,17 @@ func doRemoteCommand(conn *websocket.Conn, msg ClientMessage, client *ClientInfo if success { doRemoteCommand(conn, msg, client) } else { - client.Send(ClientMessage{MessageID: msg.MessageID, Command: ErrorCommand, Arguments: AuthorizationFailedErrorString}) + client.Send(msg.Reply(ErrorCommand, AuthorizationFailedErrorString)) client.MsgChannelKeepalive.Done() } }) return // without keepalive.Done() } else if bfe, ok := err.(ErrForwardedFromBackend); ok { - client.Send(ClientMessage{MessageID: msg.MessageID, Command: ErrorCommand, Arguments: bfe.JSONError}) + client.Send(msg.Reply(ErrorCommand, bfe.JSONError)) } else if err != nil { - client.Send(ClientMessage{MessageID: msg.MessageID, Command: ErrorCommand, Arguments: err.Error()}) + client.Send(msg.Reply(ErrorCommand, err.Error())) } else { - msg := ClientMessage{MessageID: msg.MessageID, Command: SuccessCommand, origArguments: resp} - msg.parseOrigArguments() - client.Send(msg) + client.Send(msg.ReplyJSON(SuccessCommand, resp)) } client.MsgChannelKeepalive.Done() } diff --git a/socketserver/server/handlecore.go b/socketserver/server/handlecore.go index ea61ebce..ea4847ef 100644 --- a/socketserver/server/handlecore.go +++ b/socketserver/server/handlecore.go @@ -104,7 +104,7 @@ func SetupServerAndHandle(config *ConfigFile, serveMux *http.ServeMux) { serveMux.HandleFunc("/cached_pub", HTTPBackendCachedPublish) serveMux.HandleFunc("/get_sub_count", HTTPGetSubscriberCount) - announceForm, err := Backend.SealRequest(url.Values{ + announceForm, err := Backend.secureForm.Seal(url.Values{ "startup": []string{"1"}, }) if err != nil { @@ -249,11 +249,21 @@ func HTTPHandleRootURL(w http.ResponseWriter, r *http.Request) { } } +type fatalDecodeError string + +func (e fatalDecodeError) Error() string { + return string(e) +} + +func (e fatalDecodeError) IsFatal() bool { + return true +} + // ErrProtocolGeneric is sent in a ErrorCommand Reply. -var ErrProtocolGeneric error = errors.New("FFZ Socket protocol error.") +var ErrProtocolGeneric error = fatalDecodeError("FFZ Socket protocol error.") // ErrProtocolNegativeMsgID is sent in a ErrorCommand Reply when a negative MessageID is received. -var ErrProtocolNegativeMsgID error = errors.New("FFZ Socket protocol error: negative or zero message ID.") +var ErrProtocolNegativeMsgID error = fatalDecodeError("FFZ Socket protocol error: negative or zero message ID.") // ErrExpectedSingleString is sent in a ErrorCommand Reply when the Arguments are of the wrong type. var ErrExpectedSingleString = errors.New("Error: Expected single string as arguments.") @@ -344,7 +354,7 @@ func RunSocketConnection(conn *websocket.Conn) { }) // All set up, now enter the work loop - go runSocketReader(conn, _errorChan, _clientChan, stoppedChan) + go runSocketReader(conn, &client, _errorChan, _clientChan) closeReason := runSocketWriter(conn, &client, _errorChan, _clientChan, _serverMessageChan) // Exit @@ -376,12 +386,14 @@ func RunSocketConnection(conn *websocket.Conn) { } } -func runSocketReader(conn *websocket.Conn, errorChan chan<- error, clientChan chan<- ClientMessage, stoppedChan <-chan struct{}) { +func runSocketReader(conn *websocket.Conn, client *ClientInfo, errorChan chan<- error, clientChan chan<- ClientMessage) { var msg ClientMessage var messageType int var packet []byte var err error + stoppedChan := client.MsgChannelIsDone + defer close(errorChan) defer close(clientChan) @@ -395,8 +407,15 @@ func runSocketReader(conn *websocket.Conn, errorChan chan<- error, clientChan ch break } - UnmarshalClientMessage(packet, messageType, &msg) - if msg.MessageID == 0 { + msg = ClientMessage{} + msgErr := UnmarshalClientMessage(packet, messageType, &msg) + if _, ok := msgErr.(interface{IsFatal() bool}); ok { + errorChan <- msgErr + continue + } else if msgErr != nil { + client.Send(msg.Reply(ErrorCommand, msgErr.Error())) + continue + } else if msg.MessageID == 0 { continue } select { @@ -505,7 +524,7 @@ func SendMessage(conn *websocket.Conn, msg ClientMessage) { } // UnmarshalClientMessage unpacks websocket TextMessage into a ClientMessage provided in the `v` parameter. -func UnmarshalClientMessage(data []byte, payloadType int, v interface{}) (err error) { +func UnmarshalClientMessage(data []byte, _ int, v interface{}) (err error) { var spaceIdx int out := v.(*ClientMessage) @@ -514,11 +533,11 @@ func UnmarshalClientMessage(data []byte, payloadType int, v interface{}) (err er // Message ID spaceIdx = strings.IndexRune(dataStr, ' ') if spaceIdx == -1 { - return ErrProtocolGeneric + return ErrProtocolGeneric // fatal error } messageID, err := strconv.Atoi(dataStr[:spaceIdx]) if messageID < -1 || messageID == 0 { - return ErrProtocolNegativeMsgID + return ErrProtocolNegativeMsgID // fatal error } out.MessageID = messageID @@ -551,7 +570,8 @@ func (cm *ClientMessage) parseOrigArguments() error { return nil } -func MarshalClientMessage(clientMessage interface{}) (payloadType int, data []byte, err error) { +// returns payloadType, data, err +func MarshalClientMessage(clientMessage interface{}) (int, []byte, error) { var msg ClientMessage var ok bool msg, ok = clientMessage.(ClientMessage) diff --git a/socketserver/server/naclform/seal.go b/socketserver/server/naclform/seal.go new file mode 100644 index 00000000..ef21ae35 --- /dev/null +++ b/socketserver/server/naclform/seal.go @@ -0,0 +1,96 @@ +package naclform + +import ( + "bytes" + "crypto/rand" + "encoding/base64" + "errors" + "net/url" + "strconv" + "strings" + + "golang.org/x/crypto/nacl/box" +) + +var ErrorShortNonce = errors.New("Nonce too short.") +var ErrorInvalidSignature = errors.New("Invalid signature or contents") + +type ServerInfo struct { + SharedKey [32]byte + ServerID int +} + +func fillCryptoRandom(buf []byte) error { + remaining := len(buf) + for remaining > 0 { + count, err := rand.Read(buf) + if err != nil { + return err + } + remaining -= count + } + return nil +} + +func (i *ServerInfo) Seal(form url.Values) (url.Values, error) { + var nonce [24]byte + var err error + + err = fillCryptoRandom(nonce[:]) + if err != nil { + return nil, err + } + + cipherMsg := box.SealAfterPrecomputation(nil, []byte(form.Encode()), &nonce, &i.SharedKey) + + bufMessage := new(bytes.Buffer) + enc := base64.NewEncoder(base64.URLEncoding, bufMessage) + enc.Write(cipherMsg) + enc.Close() + cipherString := bufMessage.String() + + bufNonce := new(bytes.Buffer) + enc = base64.NewEncoder(base64.URLEncoding, bufNonce) + enc.Write(nonce[:]) + enc.Close() + nonceString := bufNonce.String() + + retval := url.Values{ + "nonce": []string{nonceString}, + "msg": []string{cipherString}, + "id": []string{strconv.Itoa(i.ServerID)}, + } + + return retval, nil +} + +func (i *ServerInfo) Unseal(form url.Values) (url.Values, error) { + var nonce [24]byte + + nonceString := form.Get("nonce") + dec := base64.NewDecoder(base64.URLEncoding, strings.NewReader(nonceString)) + count, err := dec.Read(nonce[:]) + if err != nil { + return nil, err + } + if count != 24 { + return nil, ErrorShortNonce + } + + cipherString := form.Get("msg") + dec = base64.NewDecoder(base64.URLEncoding, strings.NewReader(cipherString)) + cipherBuffer := new(bytes.Buffer) + cipherBuffer.ReadFrom(dec) + + message, ok := box.OpenAfterPrecomputation(nil, cipherBuffer.Bytes(), &nonce, &i.SharedKey) + if !ok { + return nil, ErrorInvalidSignature + } + + retValues, err := url.ParseQuery(string(message)) + if err != nil { + return nil, ErrorInvalidSignature + } + + return retValues, nil +} diff --git a/socketserver/server/publisher.go b/socketserver/server/publisher.go index a1815a63..669aa727 100644 --- a/socketserver/server/publisher.go +++ b/socketserver/server/publisher.go @@ -123,7 +123,7 @@ func saveLastMessage(cmd Command, channel string, expires time.Time, data string func HTTPBackendDropBacklog(w http.ResponseWriter, r *http.Request) { r.ParseForm() - formData, err := Backend.UnsealRequest(r.Form) + formData, err := Backend.secureForm.Unseal(r.Form) if err != nil { w.WriteHeader(403) fmt.Fprintf(w, "Error: %v", err) @@ -160,7 +160,7 @@ func rateLimitFromRequest(r *http.Request) (rate.Limiter, error) { // If the 'expires' parameter is not specified, the message will not expire (though it is only kept in-memory). func HTTPBackendCachedPublish(w http.ResponseWriter, r *http.Request) { r.ParseForm() - formData, err := Backend.UnsealRequest(r.Form) + formData, err := Backend.secureForm.Unseal(r.Form) if err != nil { w.WriteHeader(403) fmt.Fprintf(w, "Error: %v", err) @@ -227,7 +227,7 @@ func HTTPBackendCachedPublish(w http.ResponseWriter, r *http.Request) { // If "scope" is "global", then "channel" is not used. func HTTPBackendUncachedPublish(w http.ResponseWriter, r *http.Request) { r.ParseForm() - formData, err := Backend.UnsealRequest(r.Form) + formData, err := Backend.secureForm.Unseal(r.Form) if err != nil { w.WriteHeader(403) fmt.Fprintf(w, "Error: %v", err) @@ -292,7 +292,7 @@ func HTTPBackendUncachedPublish(w http.ResponseWriter, r *http.Request) { // A "global" option is not available, use fetch(/stats).CurrentClientCount instead. func HTTPGetSubscriberCount(w http.ResponseWriter, r *http.Request) { r.ParseForm() - formData, err := Backend.UnsealRequest(r.Form) + formData, err := Backend.secureForm.Unseal(r.Form) if err != nil { w.WriteHeader(403) fmt.Fprintf(w, "Error: %v", err) diff --git a/socketserver/server/stats.go b/socketserver/server/stats.go index 8455fa8f..6eec5e93 100644 --- a/socketserver/server/stats.go +++ b/socketserver/server/stats.go @@ -209,7 +209,7 @@ func updateSysMem() { } // HTTPShowStatistics handles the /stats endpoint. It writes out the Statistics object as indented JSON. -func HTTPShowStatistics(w http.ResponseWriter, r *http.Request) { +func HTTPShowStatistics(w http.ResponseWriter, _ *http.Request) { w.Header().Set("Content-Type", "application/json") updateStatsIfNeeded() diff --git a/socketserver/server/testinfra_test.go b/socketserver/server/testinfra_test.go index 5d8a4570..529214d9 100644 --- a/socketserver/server/testinfra_test.go +++ b/socketserver/server/testinfra_test.go @@ -97,7 +97,7 @@ func (er *TExpectedBackendRequest) String() string { if MethodIsPost == "" { return er.Path } - return fmt.Sprint("%s %s: %s", MethodIsPost, er.Path, er.PostForm.Encode()) + return fmt.Sprintf("%s %s: %s", MethodIsPost, er.Path, er.PostForm.Encode()) } type TBackendRequestChecker struct { @@ -123,7 +123,7 @@ func (backend *TBackendRequestChecker) ServeHTTP(w http.ResponseWriter, r *http. r.ParseForm() - unsealedForm, err := Backend.UnsealRequest(r.PostForm) + unsealedForm, err := Backend.secureForm.Unseal(r.PostForm) if err != nil { backend.tb.Errorf("Failed to unseal backend request: %v", err) } @@ -276,7 +276,7 @@ func TSealForSavePubMsg(tb testing.TB, cmd Command, channel string, arguments in } form.Set("time", strconv.FormatInt(time.Now().Unix(), 10)) - sealed, err := Backend.SealRequest(form) + sealed, err := Backend.secureForm.Seal(form) if err != nil { tb.Error(err) return nil, err @@ -300,7 +300,7 @@ func TSealForUncachedPubMsg(tb testing.TB, cmd Command, channel string, argument form.Set("time", time.Now().Format(time.UnixDate)) form.Set("scope", scope) - sealed, err := Backend.SealRequest(form) + sealed, err := Backend.secureForm.Seal(form) if err != nil { tb.Error(err) return nil, err diff --git a/socketserver/server/types.go b/socketserver/server/types.go index 1048434c..3de13127 100644 --- a/socketserver/server/types.go +++ b/socketserver/server/types.go @@ -64,6 +64,24 @@ type ClientMessage struct { origArguments string } +func (cm ClientMessage) Reply(cmd Command, args interface{}) ClientMessage { + return ClientMessage{ + MessageID: cm.MessageID, + Command: cmd, + Arguments: args, + } +} + +func (cm ClientMessage) ReplyJSON(cmd Command, argsJSON string) ClientMessage { + n := ClientMessage{ + MessageID: cm.MessageID, + Command: cmd, + origArguments: argsJSON, + } + n.parseOrigArguments() + return n +} + type AuthInfo struct { // The client's claimed username on Twitch. TwitchUsername string diff --git a/socketserver/server/usercount.go b/socketserver/server/usercount.go index 1b9cbcbb..25fae97a 100644 --- a/socketserver/server/usercount.go +++ b/socketserver/server/usercount.go @@ -46,11 +46,6 @@ var uniqueCtrWritingToken chan usageToken var CounterLocation *time.Location = time.FixedZone("UTC-5", int((time.Hour*-5)/time.Second)) -func TruncateToMidnight(at time.Time) time.Time { - year, month, day := at.Date() - return time.Date(year, month, day, 0, 0, 0, 0, CounterLocation) -} - // GetCounterPeriod calculates the start and end timestamps for the HLL measurement period that includes the 'at' timestamp. func GetCounterPeriod(at time.Time) (start time.Time, end time.Time) { year, month, day := at.Date() @@ -132,7 +127,7 @@ func HTTPShowHLL(w http.ResponseWriter, r *http.Request) { hllFileServer.ServeHTTP(w, r) } -func HTTPWriteHLL(w http.ResponseWriter, r *http.Request) { +func HTTPWriteHLL(w http.ResponseWriter, _ *http.Request) { writeHLL() w.WriteHeader(200) w.Write([]byte("ok")) @@ -150,9 +145,7 @@ func loadUniqueUsers() { now := time.Now().In(CounterLocation) uniqueCounter.Start, uniqueCounter.End = GetCounterPeriod(now) err = loadHLL(now, &uniqueCounter) - isIgnorableError := err != nil && (false || - (os.IsNotExist(err)) || - (err == io.EOF)) + isIgnorableError := err != nil && (os.IsNotExist(err) || err == io.EOF) if isIgnorableError { // file didn't finish writing @@ -227,10 +220,10 @@ func rolloverCounters_do() { // Attempt to rescue the data into the log var buf bytes.Buffer - bytes, err := uniqueCounter.Counter.GobEncode() + by, err := uniqueCounter.Counter.GobEncode() if err == nil { enc := base64.NewEncoder(base64.StdEncoding, &buf) - enc.Write(bytes) + enc.Write(by) enc.Close() log.Print("data for ", GetHLLFilename(uniqueCounter.Start), ":", buf.String()) } diff --git a/socketserver/server/utils.go b/socketserver/server/utils.go index 6657dd02..cbbd760f 100644 --- a/socketserver/server/utils.go +++ b/socketserver/server/utils.go @@ -1,103 +1,9 @@ package server -import ( - "bytes" - "crypto/rand" - "encoding/base64" - "errors" - "net/url" - "strconv" - "strings" - - "golang.org/x/crypto/nacl/box" -) - -func FillCryptoRandom(buf []byte) error { - remaining := len(buf) - for remaining > 0 { - count, err := rand.Read(buf) - if err != nil { - return err - } - remaining -= count - } - return nil -} - func copyString(s string) string { return string([]byte(s)) } -func (backend *backendInfo) SealRequest(form url.Values) (url.Values, error) { - var nonce [24]byte - var err error - - err = FillCryptoRandom(nonce[:]) - if err != nil { - return nil, err - } - - cipherMsg := box.SealAfterPrecomputation(nil, []byte(form.Encode()), &nonce, &backend.sharedKey) - - bufMessage := new(bytes.Buffer) - enc := base64.NewEncoder(base64.URLEncoding, bufMessage) - enc.Write(cipherMsg) - enc.Close() - cipherString := bufMessage.String() - - bufNonce := new(bytes.Buffer) - enc = base64.NewEncoder(base64.URLEncoding, bufNonce) - enc.Write(nonce[:]) - enc.Close() - nonceString := bufNonce.String() - - retval := url.Values{ - "nonce": []string{nonceString}, - "msg": []string{cipherString}, - "id": []string{strconv.Itoa(Backend.serverID)}, - } - - return retval, nil -} - -var ErrorShortNonce = errors.New("Nonce too short.") -var ErrorInvalidSignature = errors.New("Invalid signature or contents") - -func (backend *backendInfo) UnsealRequest(form url.Values) (url.Values, error) { - var nonce [24]byte - - nonceString := form.Get("nonce") - dec := base64.NewDecoder(base64.URLEncoding, strings.NewReader(nonceString)) - count, err := dec.Read(nonce[:]) - if err != nil { - Statistics.BackendVerifyFails++ - return nil, err - } - if count != 24 { - Statistics.BackendVerifyFails++ - return nil, ErrorShortNonce - } - - cipherString := form.Get("msg") - dec = base64.NewDecoder(base64.URLEncoding, strings.NewReader(cipherString)) - cipherBuffer := new(bytes.Buffer) - cipherBuffer.ReadFrom(dec) - - message, ok := box.OpenAfterPrecomputation(nil, cipherBuffer.Bytes(), &nonce, &backend.sharedKey) - if !ok { - Statistics.BackendVerifyFails++ - return nil, ErrorInvalidSignature - } - - retValues, err := url.ParseQuery(string(message)) - if err != nil { - Statistics.BackendVerifyFails++ - return nil, ErrorInvalidSignature - } - - return retValues, nil -} - func AddToSliceS(ary *[]string, val string) bool { slice := *ary for _, v := range slice { @@ -161,17 +67,3 @@ func RemoveFromSliceCl(ary *[]*ClientInfo, val *ClientInfo) bool { *ary = slice return true } - -func AddToSliceB(ary *[]bunchSubscriber, client *ClientInfo, mid int) bool { - newSub := bunchSubscriber{Client: client, MessageID: mid} - slice := *ary - for _, v := range slice { - if v == newSub { - return false - } - } - - slice = append(slice, newSub) - *ary = slice - return true -}