server/app/Http/Controllers/ValidateTunnelController.php at d24fd61f706b296a79fbac81ae6c37c6ed7407fe · exposedev/server · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
<?php

namespace Expose\Server\Http\Controllers;

use Expose\Server\Contracts\ConnectionManager;
use Expose\Common\Http\Controllers\Controller;
use Expose\Server\Configuration;
use Expose\Server\Connections\ControlConnection;
use Illuminate\Http\Request;
use Ratchet\ConnectionInterface;

class ValidateTunnelController extends Controller
{
    private ConnectionManager $connectionManager;
    private Configuration $configuration;

    public function __construct(
        Configuration $configuration,
        ConnectionManager $connectionManager,
    ) {
        $this->connectionManager = $connectionManager;
        $this->configuration = $configuration;
    }

    public function handle(Request $request, ConnectionInterface $httpConnection)
    {
        $key = $request->get('key');

        // Only allow requests with the correct key
        if ($key !== $this->getAuthorizedKey()) {
            $httpConnection->send(
                respond_json(['exists' => false], 401),
            );
            $httpConnection->close();

            return;
        }

        $domain = $request->get('domain');
        if ($domain === null) {
            $httpConnection->send(
                respond_json(['exists' => false, 'error' => 'invalid_domain'], 404),
            );
            $httpConnection->close();

            return;
        }

        // If the domain is the same as the hostname, then it requested the main domain
        $hostname = $this->configuration->hostname();
        if ($hostname === $domain) {
            $this->isSuccessful($httpConnection);

            return;
        }

        // Also allow the admin dashboard
        $adminSubdomain = config('expose-server.admin.subdomain');
        if ($domain === $adminSubdomain.'.'.$hostname) {
            $this->isSuccessful($httpConnection);

            return;
        }

        // Check if the domain is a tunnel
        $sites = collect($this->connectionManager->getConnections())
            ->filter(function ($site) use ($domain) {
                $isControlConnection = get_class($site) === ControlConnection::class;
                if (! $isControlConnection) {
                    return false;
                }

                $fqdn = sprintf(
                    '%s.%s',
                    $site->subdomain,
                    $site->serverHost,
                );

                return $fqdn === $domain;
            })
            ->map(function (ControlConnection $site) {
                return sprintf(
                    '%s.%s',
                    $site->host,
                    $site->subdomain,
                );
            });

        if ($sites->count() > 0) {
            $this->isSuccessful($httpConnection);

            return;
        }

        $httpConnection->send(respond_json(['exists' => false, 'error' => 'no_tunnel_found'], 404));
        $httpConnection->close();
    }

    private function isSuccessful(ConnectionInterface $connection): void
    {
        $connection->send(respond_json(['exists' => true]));
        $connection->close();
    }

    private function getAuthorizedKey(): string
    {
        return config('expose-server.validate_tunnel.authorized_key');
    }
}