Beispiel #1
0
// postUsersJSON creates a user from a JSON body, returning a client string/server error pair
func postUsersJSON(body []byte) (string, error) {
	// Unmarshal JSON from body
	var jsonUser data.UserRecord
	if err := json.Unmarshal(body, &jsonUser); err != nil {
		return "Malformed request JSON", nil
	}

	// Check for valid input
	if jsonUser.Username == "" || jsonUser.Password == "" || jsonUser.TorrentLimit == 0 {
		return "Missing required parameters: username, password, torrentLimit", nil
	}

	// Create user from input
	user := new(data.UserRecord)
	if err := user.Create(jsonUser.Username, jsonUser.Password, jsonUser.TorrentLimit); err != nil {
		return "", err
	}

	// Save user to database
	if err := user.Save(); err != nil {
		return "", err
	}

	return "", nil
}
Beispiel #2
0
// getUsersJSON returns a JSON representation of one or more data.UserRecords
func getUsersJSON(ID int) ([]byte, error) {
	// Check for a valid integer ID
	if ID > 0 {
		// Load user
		user, err := new(data.UserRecord).Load(ID, "id")
		if err != nil {
			return nil, err
		}

		// Create JSON represenation
		jsonUser, err := user.ToJSON()
		if err != nil {
			return nil, err
		}

		// Marshal into JSON
		res, err := json.Marshal(jsonUser)
		if err != nil {
			return nil, err
		}

		return res, nil
	}

	// Load all users
	users, err := new(data.UserRecordRepository).All()
	if err != nil {
		return nil, err
	}

	// Convert all users to JSON representation
	jsonUsers := make([]data.JSONUserRecord, 0)
	for _, u := range users {
		j, err := u.ToJSON()
		if err != nil {
			return nil, err
		}

		jsonUsers = append(jsonUsers[:], j)
	}

	// Marshal into JSON
	res, err := json.Marshal(jsonUsers)
	if err != nil {
		return nil, err
	}

	return res, err
}
Beispiel #3
0
// TestPostLogin verifies that /api/login returns proper JSON output
func TestPostLogin(t *testing.T) {
	log.Println("TestPostLogin()")

	// Load config
	config, err := common.LoadConfig()
	if err != nil {
		t.Fatalf("Could not load configuration: %s", err.Error())
	}
	common.Static.Config = config

	// Generate mock data.UserRecord
	mockUser := new(data.UserRecord)
	if err := mockUser.Create("test", "test", 100); err != nil {
		t.Fatalf("Failed to create mock user: %s", err.Error())
	}

	// Save mock user
	if err := mockUser.Save(); err != nil {
		t.Fatalf("Failed to save mock user: %s", err.Error())
	}

	// Load mock user to fetch ID
	user, err := mockUser.Load(mockUser.Username, "username")
	if user == (data.UserRecord{}) || err != nil {
		t.Fatalf("Failed to load mock user: %s", err.Error())
	}

	// Perform login request for this user
	res, err := postLogin(user)
	if err != nil {
		t.Fatalf("Failed to retrieve login JSON: %s", err.Error())
	}
	log.Println(string(res))

	// Unmarshal output JSON
	var key data.JSONAPIKey
	err = json.Unmarshal(res, &key)
	if err != nil {
		t.Fatalf("Failed to unmarshal login JSON: %s", err.Error())
	}

	// Verify same user ID from API
	if user.ID != key.UserID {
		t.Fatalf("Mismatched user IDs, got %d, expected %d", key.UserID, user.ID)
	}

	// Delete mock user
	if err := user.Delete(); err != nil {
		t.Fatalf("Failed to delete mock user: %s", err.Error())
	}
}
Beispiel #4
0
// TestBasicAuthenticator verifies that BasicAuthenticator.Auth works properly
func TestBasicAuthenticator(t *testing.T) {
	log.Println("TestBasicAuthenticator()")

	// Load config
	config := common.LoadConfig()
	common.Static.Config = config

	// Generate mock user
	user := data.UserRecord{
		Username:     "******",
		Passkey:      "abcdef0123456789",
		TorrentLimit: 10,
	}

	// Save mock user
	if !user.Save() {
		t.Fatalf("Failed to save mock user")
	}

	// Load mock user to fetch ID
	user = user.Load(user.Username, "username")
	if user == (data.UserRecord{}) {
		t.Fatalf("Failed to load mock user")
	}

	// Generate an API key and salt
	pass := "******"
	salt := "test"

	sha := sha1.New()
	sha.Write([]byte(pass + salt))
	hash := fmt.Sprintf("%x", sha.Sum(nil))

	// Generate mock API key
	key := data.APIKey{
		UserID: user.ID,
		Key:    hash,
		Salt:   salt,
	}

	// Save mock API key
	if !key.Save() {
		t.Fatalf("Failed to save mock data.APIKey")
	}

	// Load mock data.APIKey to fetch ID
	key = key.Load(key.Key, "key")
	if key == (data.APIKey{}) {
		t.Fatalf("Failed to load mock data.APIKey")
	}

	// Generate mock HTTP request
	r := http.Request{}
	headers := map[string][]string{
		"Authorization": {"Basic " + base64.URLEncoding.EncodeToString([]byte(user.Username+":"+pass))},
	}
	r.Header = headers

	// Perform authentication request
	auth := new(BasicAuthenticator).Auth(&r)
	if !auth {
		t.Fatalf("Failed to authenticate using BasicAuthenticator")
	}

	// Delete mock user
	if !user.Delete() {
		t.Fatalf("Failed to delete mock user")
	}

	// Delete mock API key
	if !key.Delete() {
		t.Fatalf("Failed to delete mock data.APIKey")
	}
}
Beispiel #5
0
// TestGetUsersJSON verifies that /api/users returns proper JSON output
func TestGetUsersJSON(t *testing.T) {
	log.Println("TestGetUsersJSON()")

	// Load config
	config, err := common.LoadConfig()
	if err != nil {
		t.Fatalf("Could not load configuration: %s", err.Error())
	}
	common.Static.Config = config

	// Generate mock data.UserRecord
	mockUser := new(data.UserRecord)
	if err := mockUser.Create("test", "test", 100); err != nil {
		t.Fatalf("Failed to create mock user: %s", err.Error())
	}

	// Save mock user
	if err := mockUser.Save(); err != nil {
		t.Fatalf("Failed to save mock user: %s", err.Error())
	}

	// Load mock user to fetch ID
	user, err := mockUser.Load(mockUser.Username, "username")
	if user == (data.UserRecord{}) || err != nil {
		t.Fatalf("Failed to load mock user: %s", err.Error())
	}

	// Request output JSON from API for this user
	res, err := getUsersJSON(user.ID)
	if err != nil {
		t.Fatalf("Failed to retrieve users JSON: %s", err.Error())
	}

	// Unmarshal output JSON
	var user2 data.UserRecord
	err = json.Unmarshal(res, &user2)
	if err != nil {
		t.Fatalf("Failed to unmarshal result JSON for single user: %s", err.Error())
	}

	// Verify objects are the same
	if user.ID != user2.ID {
		t.Fatalf("ID, expected %d, got %d", user.ID, user2.ID)
	}

	// Request output JSON from API for all users
	res, err = getUsersJSON(-1)
	if err != nil {
		t.Fatalf("Failed to retrieve all users JSON: %s", err.Error())
	}

	// Unmarshal all output JSON
	var allUsers []data.JSONUserRecord
	err = json.Unmarshal(res, &allUsers)
	if err != nil {
		t.Fatalf("Failed to unmarshal result JSON for all users: %s", err.Error())
	}

	// Verify known user is in result set
	found := false
	for _, f := range allUsers {
		if f.ID == user.ID {
			found = true
		}
	}

	if !found {
		t.Fatalf("Expected user not found in all users result set")
	}

	// Delete mock user
	if err := user.Delete(); err != nil {
		t.Fatalf("Failed to delete mock user: %s", err.Error())
	}
}
Beispiel #6
0
// Parse incoming HTTP connections before making tracker calls
func parseHTTP(w http.ResponseWriter, r *http.Request) {
	// Create a tracker to handle this client
	httpTracker := tracker.HTTPTracker{}

	// Count incoming connections
	atomic.AddInt64(&common.Static.HTTP.Current, 1)
	atomic.AddInt64(&common.Static.HTTP.Total, 1)

	// Add header to identify goat
	w.Header().Add("Server", fmt.Sprintf("%s/%s", App, Version))

	// Store current URL path
	url := r.URL.Path

	// Split URL into segments
	urlArr := strings.Split(url, "/")

	// If configured, Detect if client is making an API call
	url = urlArr[1]
	if url == "api" {
		// Output JSON
		w.Header().Add("Content-Type", "application/json")

		// API enabled
		if common.Static.Config.API {
			// API authentication
			auth := new(api.BasicAuthenticator).Auth(r)
			if !auth {
				http.Error(w, api.ErrorResponse("Authentication failed"), 401)
				return
			}

			// Handle API calls, output JSON
			api.Router(w, r)
			return
		}

		http.Error(w, api.ErrorResponse("API is currently disabled"), 503)
		return
	}

	// Check for maintenance mode
	if common.Static.Maintenance {
		// Return tracker error with maintenance message
		if _, err := w.Write(httpTracker.Error("Maintenance: " + common.Static.StatusMessage)); err != nil {
			log.Println(err.Error())
		}

		return
	}

	// Detect if passkey present in URL
	var passkey string
	if len(urlArr) == 3 {
		passkey = urlArr[1]
		url = urlArr[2]
	}

	// Make sure URL is valid torrent function
	if url != "announce" && url != "scrape" {
		if _, err := w.Write(httpTracker.Error("Malformed announce")); err != nil {
			log.Println(err.Error())
		}

		return
	}

	// Verify that torrent client is advertising its User-Agent, so we can use a whitelist
	if r.Header.Get("User-Agent") == "" {
		if _, err := w.Write(httpTracker.Error("Your client is not identifying itself")); err != nil {
			log.Println(err.Error())
		}

		return
	}

	client := r.Header.Get("User-Agent")

	// If configured, verify that torrent client is on whitelist
	if common.Static.Config.Whitelist {
		whitelist := new(data.WhitelistRecord).Load(client, "client")
		if whitelist == (data.WhitelistRecord{}) || !whitelist.Approved {
			if _, err := w.Write(httpTracker.Error("Your client is not whitelisted")); err != nil {
				log.Println(err.Error())
			}

			// Block things like browsers and web crawlers, because they will just clutter up the table
			if strings.Contains(client, "Mozilla") || strings.Contains(client, "Opera") {
				return
			}

			// Insert unknown clients into list for later approval
			if whitelist == (data.WhitelistRecord{}) {
				whitelist.Client = client
				whitelist.Approved = false

				log.Printf("whitelist: detected new client '%s', awaiting manual approval", client)

				go whitelist.Save()
			}

			return
		}
	}

	// Parse querystring into a Values map
	query := r.URL.Query()

	// Check if IP was previously set
	if query.Get("ip") == "" {
		// If no IP set, detect and store it in query map
		query.Set("ip", strings.Split(r.RemoteAddr, ":")[0])
	}

	// Put client in query map
	query.Set("client", client)

	// Check if server is configured for passkey announce
	if common.Static.Config.Passkey && passkey == "" {
		if _, err := w.Write(httpTracker.Error("No passkey found in announce URL")); err != nil {
			log.Println(err.Error())
		}

		return
	}

	// Validate passkey if needed
	user := new(data.UserRecord).Load(passkey, "passkey")
	if common.Static.Config.Passkey && user == (data.UserRecord{}) {
		if _, err := w.Write(httpTracker.Error("Invalid passkey")); err != nil {
			log.Println(err.Error())
		}

		return
	}

	// Put passkey in query map
	query.Set("passkey", user.Passkey)

	// Mark client as HTTP
	query.Set("udp", "0")

	// Get user's total number of active torrents
	seeding := user.Seeding()
	leeching := user.Leeching()
	if seeding == -1 || leeching == -1 {
		if _, err := w.Write(httpTracker.Error("Failed to calculate active torrents")); err != nil {
			log.Println(err.Error())
		}

		return
	}

	// Verify that client has not exceeded this user's torrent limit
	activeSum := seeding + leeching
	if user.TorrentLimit < activeSum {
		msg := fmt.Sprintf("Exceeded active torrent limit: %d > %d", activeSum, user.TorrentLimit)
		if _, err := w.Write(httpTracker.Error(msg)); err != nil {
			log.Println(err.Error())
		}

		return
	}

	// Tracker announce
	if url == "announce" {
		// Validate required parameter input
		required := []string{"info_hash", "ip", "port", "uploaded", "downloaded", "left"}
		// Validate required integer input
		reqInt := []string{"port", "uploaded", "downloaded", "left"}

		// Check for required parameters
		for _, r := range required {
			if query.Get(r) == "" {
				if _, err := w.Write(httpTracker.Error("Missing required parameter: " + r)); err != nil {
					log.Println(err.Error())
				}

				return
			}
		}

		// Check for all valid integers
		for _, r := range reqInt {
			if query.Get(r) != "" {
				_, err := strconv.Atoi(query.Get(r))
				if err != nil {
					if _, err := w.Write(httpTracker.Error("Invalid integer parameter: " + r)); err != nil {
						log.Println(err.Error())
					}

					return
				}
			}
		}

		// Only allow compact announce
		if query.Get("compact") == "" || query.Get("compact") != "1" {
			if _, err := w.Write(httpTracker.Error("Your client does not support compact announce")); err != nil {
				log.Println(err.Error())
			}

			return
		}

		// NOTE: currently, we do not bother using gzip to compress the tracker announce response
		// This is done for two reasons:
		// 1) Clients may or may not support gzip in the first place
		// 2) gzip may actually make announce response larger, as per testing in What.CD's ocelot

		// Perform tracker announce
		if _, err := w.Write(tracker.Announce(httpTracker, user, query)); err != nil {
			log.Println(err.Error())
		}

		return
	}

	// Tracker scrape
	if url == "scrape" {
		// Check for required parameter info_hash
		if query.Get("info_hash") == "" {
			if _, err := w.Write(httpTracker.Error("Missing required parameter: info_hash")); err != nil {
				log.Println(err.Error())
			}

			return
		}

		if _, err := w.Write(tracker.Scrape(httpTracker, query)); err != nil {
			log.Println(err.Error())
		}

		return
	}

	return
}
Beispiel #7
0
// TestAuthenticator verifies that the Basic and HMAC authenticators work properly
func TestAuthenticator(t *testing.T) {
	log.Println("TestBasicAuthenticator()")

	// Load config
	config, err := common.LoadConfig()
	if err != nil {
		t.Fatalf("Could not load configuration: %s", err.Error())
	}
	common.Static.Config = config

	// Generate mock user
	user := new(data.UserRecord)
	if err := user.Create("test", "test", 10); err != nil {
		t.Fatalf("Failed to create mock user: %s", err.Error())
	}

	// Save mock user
	if err := user.Save(); err != nil {
		t.Fatalf("Failed to save mock user: %s", err.Error())
	}

	// Load user to get ID
	user2, err := user.Load("test", "username")
	if err != nil || (user2 == data.UserRecord{}) {
		t.Fatalf("Failed to load mock user: %s", err.Error())
	}

	// Generate mock HTTP request
	r, err := http.NewRequest("POST", "http://localhost:8080/api/login", nil)
	if err != nil {
		t.Fatalf("Failed to generate HTTP request: %s", err.Error())
	}

	headers := map[string][]string{
		"Authorization": {"Basic " + base64.URLEncoding.EncodeToString([]byte("test:test"))},
	}
	r.Header = headers

	// Capture HTTP response with recorder
	w := httptest.NewRecorder()

	// Perform HTTP Basic authentication
	var apiAuth APIAuthenticator
	apiAuth = new(BasicAuthenticator)

	// Attempt Basic authentication
	clientErr, serverErr := apiAuth.Auth(r)
	if clientErr != nil {
		t.Fatalf("Failed to authenticate: client: %s", clientErr.Error())
	}
	if serverErr != nil {
		t.Fatalf("Failed to authenticate: server: %s", serverErr.Error())
	}

	// Invoke API router
	Router(w, r, user2)

	// Read HTTP response body
	body, err := ioutil.ReadAll(w.Body)
	if err != nil {
		t.Fatalf("Failed to read HTTP response body: %s", err.Error())
	}

	// Unmarshal result JSON
	var login data.JSONAPIKey
	if err := json.Unmarshal(body, &login); err != nil {
		t.Fatalf("Failed to unmarshal login JSON: %s", err.Error())
	}

	// Generate API signature
	nonce := "abcdef"
	method := "GET"
	resource := "/api/status"

	signature, err := apiSignature(login.UserID, nonce, method, resource, login.Secret)
	if err != nil {
		t.Fatalf("Failed to generate API signature: %s", err.Error())
	}
	log.Println("signature:", signature)

	// Generate mock HTTP request
	r, err = http.NewRequest(method, "http://localhost:8080"+resource, nil)
	if err != nil {
		t.Fatalf("Failed to generate HTTP request: %s", err.Error())
	}

	headers = map[string][]string{
		"Authorization": {"Basic " + base64.URLEncoding.EncodeToString([]byte(login.Pubkey+":"+nonce+"/"+signature))},
	}
	r.Header = headers

	// Capture HTTP response with recorder
	w = httptest.NewRecorder()

	// Attempt HMAC authentication
	apiAuth = new(HMACAuthenticator)
	clientErr, serverErr = apiAuth.Auth(r)
	if clientErr != nil {
		t.Fatalf("Failed to authenticate: client: %s", clientErr.Error())
	}
	if serverErr != nil {
		t.Fatalf("Failed to authenticate: server: %s", serverErr.Error())
	}

	// Invoke API router
	Router(w, r, user2)

	// Read HTTP response body
	body, err = ioutil.ReadAll(w.Body)
	if err != nil {
		t.Fatalf("Failed to read HTTP response body: %s", err.Error())
	}
	log.Println(string(body))

	// Delete mock user
	if err := user2.Delete(); err != nil {
		t.Fatalf("Failed to delete mock user: %s", err.Error())
	}
}