diff --git a/cmd/caddygat/main.go b/cmd/caddygat/main.go
index 73183077de8d32c5965f9fb4ed4af894754c444f..b4652df67cc53102e76d50d9ba733559bc2260ed 100644
--- a/cmd/caddygat/main.go
+++ b/cmd/caddygat/main.go
@@ -3,6 +3,8 @@ package main
import (
caddycmd "github.com/caddyserver/caddy/v2/cmd"
+ _ "gfx.cafe/gfx/pggat/lib/gat/gatcaddyfile"
+
_ "gfx.cafe/gfx/pggat/lib/gat/standard"
)
diff --git a/lib/gat/gatcaddyfile/gattype.go b/lib/gat/gatcaddyfile/gattype.go
new file mode 100644
index 0000000000000000000000000000000000000000..f3f07cdd3ca46f7183240c125bb636b378396fb8
--- /dev/null
+++ b/lib/gat/gatcaddyfile/gattype.go
@@ -0,0 +1,18 @@
+package gatcaddyfile
+
+import (
+ "github.com/caddyserver/caddy/v2"
+ "github.com/caddyserver/caddy/v2/caddyconfig"
+ "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"
+)
+
+func init() {
+ caddyconfig.RegisterAdapter("caddyfile", caddyfile.Adapter{ServerType: ServerType{}})
+}
+
+type ServerType struct{}
+
+func (ServerType) Setup(blocks []caddyfile.ServerBlock, m map[string]any) (*caddy.Config, []caddyconfig.Warning, error) {
+ // TODO implement me
+ panic("implement me")
+}
diff --git a/lib/gat/matchers/localaddress.go b/lib/gat/matchers/localaddress.go
index a936c454c663b21861b4fbfdbb32317b65c620fc..bd230eac89c5396847314e249aa4dae23ebf2ce4 100644
--- a/lib/gat/matchers/localaddress.go
+++ b/lib/gat/matchers/localaddress.go
@@ -1,6 +1,9 @@
package matchers
import (
+ "fmt"
+ "net"
+
"github.com/caddyserver/caddy/v2"
"gfx.cafe/gfx/pggat/lib/fed"
@@ -12,7 +15,10 @@ func init() {
}
type LocalAddress struct {
+ Network string `json:"network"`
Address string `json:"address"`
+
+ addr net.Addr
}
func (T *LocalAddress) CaddyModule() caddy.ModuleInfo {
@@ -24,10 +30,54 @@ func (T *LocalAddress) CaddyModule() caddy.ModuleInfo {
}
}
+func (T *LocalAddress) Provision(ctx caddy.Context) error {
+ var err error
+ switch T.Network {
+ case "tcp", "tcp4", "tcp6":
+ T.addr, err = net.ResolveTCPAddr(T.Network, T.Address)
+ case "udp", "udp4", "udp6":
+ T.addr, err = net.ResolveUDPAddr(T.Network, T.Address)
+ case "ip", "ip4", "ip6":
+ T.addr, err = net.ResolveIPAddr(T.Network, T.Address)
+ case "unix", "unixgram", "unixpacket":
+ T.addr, err = net.ResolveUnixAddr(T.Network, T.Address)
+ default:
+ err = fmt.Errorf("unknown network: %s", T.Network)
+ }
+ return err
+}
+
func (T *LocalAddress) Matches(conn fed.Conn) bool {
- // TODO(garet)
- return true
+ switch addr := conn.LocalAddr().(type) {
+ case *net.TCPAddr:
+ expected, ok := T.addr.(*net.TCPAddr)
+ if !ok {
+ return false
+ }
+ return addr.Port == expected.Port && addr.Zone == expected.Zone && (expected.IP == nil || addr.IP.Equal(expected.IP))
+ case *net.IPAddr:
+ expected, ok := T.addr.(*net.IPAddr)
+ if !ok {
+ return false
+ }
+ return addr.Zone == expected.Zone && (expected.IP == nil || addr.IP.Equal(expected.IP))
+ case *net.UDPAddr:
+ expected, ok := T.addr.(*net.UDPAddr)
+ if !ok {
+ return false
+ }
+ return addr.Port == expected.Port && addr.Zone == expected.Zone && (expected.IP == nil || addr.IP.Equal(expected.IP))
+ case *net.UnixAddr:
+ expected, ok := T.addr.(*net.UnixAddr)
+ if !ok {
+ return false
+ }
+ return addr.Name == expected.Name && addr.Net == expected.Net
+ default:
+ return false
+ }
}
var _ gat.Matcher = (*LocalAddress)(nil)
var _ caddy.Module = (*LocalAddress)(nil)
+var _ caddy.Provisioner = (*LocalAddress)(nil)
diff --git a/lib/gat/matchers/network.go b/lib/gat/matchers/network.go
deleted file mode 100644
index fa638e3dffc99d267b36671d67dde25aa7a1e414..0000000000000000000000000000000000000000
--- a/lib/gat/matchers/network.go
+++ /dev/null
@@ -1,32 +0,0 @@
-package matchers
-
-import (
- "github.com/caddyserver/caddy/v2"
-
- "gfx.cafe/gfx/pggat/lib/fed"
- "gfx.cafe/gfx/pggat/lib/gat"
-)
-
-func init() {
- caddy.RegisterModule((*Network)(nil))
-}
-
-type Network struct {
- Network string `json:"network"`
-}
-
-func (T *Network) CaddyModule() caddy.ModuleInfo {
- return caddy.ModuleInfo{
- ID: "pggat.matchers.network",
- New: func() caddy.Module {
- return new(Network)
- },
- }
-}
-
-func (T *Network) Matches(conn fed.Conn) bool {
- return conn.LocalAddr().Network() == T.Network
-}
-
-var _ gat.Matcher = (*Network)(nil)
-var _ caddy.Module = (*Network)(nil)
diff --git a/lib/gat/ssl/servers/self_signed/server.go b/lib/gat/ssl/servers/self_signed/server.go
index c855358c4354b088c3493db96862817c4b926083..7dec991c5ef194c66f40a16fe9459e03653c2dc2 100644
--- a/lib/gat/ssl/servers/self_signed/server.go
+++ b/lib/gat/ssl/servers/self_signed/server.go
@@ -1,12 +1,18 @@
package self_signed
import (
+ "crypto/rand"
+ "crypto/rsa"
"crypto/tls"
+ "crypto/x509"
+ "crypto/x509/pkix"
+ "math/big"
+ "net"
+ "time"
"github.com/caddyserver/caddy/v2"
"gfx.cafe/gfx/pggat/lib/gat"
- "gfx.cafe/gfx/pggat/lib/util/certs"
)
func init() {
@@ -26,8 +32,53 @@ func (T *Server) CaddyModule() caddy.ModuleInfo {
}
}
+func (T *Server) signCert() (tls.Certificate, error) {
+ // generate private key
+ priv, err := rsa.GenerateKey(rand.Reader, 2048)
+ if err != nil {
+ return tls.Certificate{}, err
+ }
+
+ keyUsage := x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment
+
+ notBefore := time.Now()
+ notAfter := notBefore.Add(3 * 30 * 24 * time.Hour)
+
+ serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
+ serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
+ if err != nil {
+ return tls.Certificate{}, err
+ }
+
+ template := x509.Certificate{
+ SerialNumber: serialNumber,
+ Subject: pkix.Name{
+ Organization: []string{"GFX Labs"},
+ },
+ NotBefore: notBefore,
+ NotAfter: notAfter,
+
+ KeyUsage: keyUsage,
+ ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+ BasicConstraintsValid: true,
+ }
+ // TODO(garet)
+ template.IPAddresses = append(template.IPAddresses, net.ParseIP("127.0.0.1"))
+
+ derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
+ if err != nil {
+ return tls.Certificate{}, err
+ }
+
+ var cert tls.Certificate
+ cert.PrivateKey = priv
+ cert.Certificate = append(cert.Certificate, derBytes)
+
+ return cert, nil
+}
+
func (T *Server) Provision(ctx caddy.Context) error {
- cert, err := certs.SelfSign()
+ cert, err := T.signCert()
if err != nil {
return err
}
diff --git a/lib/util/certs/self.go b/lib/util/certs/self.go
deleted file mode 100644
index e4bd2b8ff47905083a5fb36b757960251f9250d9..0000000000000000000000000000000000000000
--- a/lib/util/certs/self.go
+++ /dev/null
@@ -1,57 +0,0 @@
-package certs
-
-import (
- "crypto/rand"
- "crypto/rsa"
- "crypto/tls"
- "crypto/x509"
- "crypto/x509/pkix"
- "math/big"
- "net"
- "time"
-)
-
-func SelfSign() (tls.Certificate, error) {
- // generate private key
- priv, err := rsa.GenerateKey(rand.Reader, 2048)
- if err != nil {
- return tls.Certificate{}, err
- }
-
- keyUsage := x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment
-
- notBefore := time.Now()
- notAfter := notBefore.Add(3 * 30 * 24 * time.Hour)
-
- serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
- serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
- if err != nil {
- return tls.Certificate{}, err
- }
-
- template := x509.Certificate{
- SerialNumber: serialNumber,
- Subject: pkix.Name{
- Organization: []string{"GFX Labs"},
- },
- NotBefore: notBefore,
- NotAfter: notAfter,
-
- KeyUsage: keyUsage,
- ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
- BasicConstraintsValid: true,
- }
- // TODO(garet)
- template.IPAddresses = append(template.IPAddresses, net.ParseIP("127.0.0.1"))
-
- derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
- if err != nil {
- return tls.Certificate{}, err
- }
-
- var cert tls.Certificate
- cert.PrivateKey = priv
- cert.Certificate = append(cert.Certificate, derBytes)
-
- return cert, nil
-}