mirror of
https://github.com/AikidoSec/safe-chain.git
synced 2026-05-26 12:10:49 +00:00
Merge branch 'main' into feature/pypi
This commit is contained in:
Reinier Criel
commit
b1c09c6ff1
5 changed files with 67 additions and 10 deletions
|
|
@ -11,6 +11,21 @@ export async function main(args) {
|
|||
const proxy = createSafeChainProxy();
|
||||
await proxy.startServer();
|
||||
|
||||
// Global error handlers to log unhandled errors
|
||||
process.on("uncaughtException", (error) => {
|
||||
ui.writeError(`Safe-chain: Uncaught exception: ${error.message}`);
|
||||
ui.writeVerbose(`Stack trace: ${error.stack}`);
|
||||
process.exit(1);
|
||||
});
|
||||
|
||||
process.on("unhandledRejection", (reason) => {
|
||||
ui.writeError(`Safe-chain: Unhandled promise rejection: ${reason}`);
|
||||
if (reason instanceof Error) {
|
||||
ui.writeVerbose(`Stack trace: ${reason.stack}`);
|
||||
}
|
||||
process.exit(1);
|
||||
});
|
||||
|
||||
try {
|
||||
// This parses all the --safe-chain arguments and removes them from the args array
|
||||
args = initializeCliArguments(args);
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
import https from "https";
|
||||
import { generateCertForHost } from "./certUtils.js";
|
||||
import { HttpsProxyAgent } from "https-proxy-agent";
|
||||
import { ui } from "../environment/userInteraction.js";
|
||||
|
||||
export function mitmConnect(req, clientSocket, isAllowed) {
|
||||
const { hostname } = new URL(`http://${req.url}`);
|
||||
|
|
@ -13,6 +14,15 @@ export function mitmConnect(req, clientSocket, isAllowed) {
|
|||
|
||||
const server = createHttpsServer(hostname, isAllowed);
|
||||
|
||||
server.on("error", (err) => {
|
||||
ui.writeError(`Safe-chain: HTTPS server error: ${err.message}`);
|
||||
if (!clientSocket.headersSent) {
|
||||
clientSocket.end("HTTP/1.1 502 Bad Gateway\r\n\r\n");
|
||||
} else if (clientSocket.writable) {
|
||||
clientSocket.end();
|
||||
}
|
||||
});
|
||||
|
||||
// Establish the connection
|
||||
clientSocket.write("HTTP/1.1 200 Connection Established\r\n\r\n");
|
||||
|
||||
|
|
@ -37,13 +47,15 @@ function createHttpsServer(hostname, isAllowed) {
|
|||
forwardRequest(req, hostname, res);
|
||||
}
|
||||
|
||||
return https.createServer(
|
||||
const server = https.createServer(
|
||||
{
|
||||
key: cert.privateKey,
|
||||
cert: cert.certificate,
|
||||
},
|
||||
handleRequest
|
||||
);
|
||||
|
||||
return server;
|
||||
}
|
||||
|
||||
function getRequestPathAndQuery(url) {
|
||||
|
|
@ -62,6 +74,11 @@ function forwardRequest(req, hostname, res) {
|
|||
res.end("Bad Gateway");
|
||||
});
|
||||
|
||||
req.on("error", (err) => {
|
||||
ui.writeError(`Safe-chain: Error reading client request: ${err.message}`);
|
||||
proxyReq.destroy();
|
||||
});
|
||||
|
||||
req.on("data", (chunk) => {
|
||||
proxyReq.write(chunk);
|
||||
});
|
||||
|
|
@ -88,6 +105,16 @@ function createProxyRequest(hostname, req, res) {
|
|||
}
|
||||
|
||||
const proxyReq = https.request(options, (proxyRes) => {
|
||||
proxyRes.on("error", (err) => {
|
||||
ui.writeError(
|
||||
`Safe-chain: Error reading upstream response: ${err.message}`
|
||||
);
|
||||
if (!res.headersSent) {
|
||||
res.writeHead(502);
|
||||
res.end("Bad Gateway");
|
||||
}
|
||||
});
|
||||
|
||||
res.writeHead(proxyRes.statusCode, proxyRes.headers);
|
||||
proxyRes.pipe(res);
|
||||
});
|
||||
|
|
|
|||
|
|
@ -43,8 +43,13 @@ export function handleHttpProxyRequest(req, res) {
|
|||
}
|
||||
)
|
||||
.on("error", (err) => {
|
||||
res.writeHead(502);
|
||||
res.end(`Bad Gateway: ${err.message}`);
|
||||
if (!res.headersSent) {
|
||||
res.writeHead(502);
|
||||
res.end(`Bad Gateway: ${err.message}`);
|
||||
} else {
|
||||
// Headers already sent, just destroy the response
|
||||
res.destroy();
|
||||
}
|
||||
});
|
||||
|
||||
req.on("error", () => {
|
||||
|
|
|
|||
|
|
@ -24,12 +24,6 @@ export function tunnelRequest(req, clientSocket, head) {
|
|||
function tunnelRequestToDestination(req, clientSocket, head) {
|
||||
const { port, hostname } = new URL(`http://${req.url}`);
|
||||
|
||||
clientSocket.on("error", () => {
|
||||
// NO-OP
|
||||
// This can happen if the client TCP socket sends RST instead of FIN.
|
||||
// Not subscribing to 'close' event will cause node to throw and crash.
|
||||
});
|
||||
|
||||
const serverSocket = net.connect(port || 443, hostname, () => {
|
||||
clientSocket.write("HTTP/1.1 200 Connection Established\r\n\r\n");
|
||||
serverSocket.write(head);
|
||||
|
|
@ -37,6 +31,14 @@ function tunnelRequestToDestination(req, clientSocket, head) {
|
|||
clientSocket.pipe(serverSocket);
|
||||
});
|
||||
|
||||
clientSocket.on("error", () => {
|
||||
// This can happen if the client TCP socket sends RST instead of FIN.
|
||||
// Not subscribing to 'error' event will cause node to throw and crash.
|
||||
if (serverSocket.writable) {
|
||||
serverSocket.end();
|
||||
}
|
||||
});
|
||||
|
||||
serverSocket.on("error", (err) => {
|
||||
ui.writeError(
|
||||
`Safe-chain: error connecting to ${hostname}:${port} - ${err.message}`
|
||||
|
|
@ -103,6 +105,13 @@ function tunnelRequestViaProxy(req, clientSocket, head, proxyUrl) {
|
|||
if (clientSocket.writable) {
|
||||
clientSocket.end("HTTP/1.1 502 Bad Gateway\r\n\r\n");
|
||||
}
|
||||
} else {
|
||||
ui.writeError(
|
||||
`Safe-chain: proxy socket error after connection - ${err.message}`
|
||||
);
|
||||
if (clientSocket.writable) {
|
||||
clientSocket.end();
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue