archives/snowflake
2
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git synced 2025-10-13 11:11:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor(proxy): tidy up isRelayURLAcceptable

Browse source 
Add clearer error messages
This commit is contained in:
WofWca 2024-08-31 18:02:53 +04:00 committed by Shelikhoo
parent 0f2bdffba0
commit 399bda5257
No known key found for this signature in database
GPG key ID: 4C9764E9FE80A3DC
1 changed files with 7 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

12
proxy/lib/snowflake.go
View file

@ -651,17 +651,19 @@ func checkIsRelayURLAcceptable(
if err != nil {
return fmt.Errorf("bad Relay URL %w", err)
}
if !allowNonTLSRelay && parsedRelayURL.Scheme != "wss" {
return fmt.Errorf("rejected Relay URL protocol: non-TLS not allowed")
}
// FYI our websocket library also rejects other protocols
// https://github.com/gorilla/websocket/blob/5e002381133d322c5f1305d171f3bdd07decf229/client.go#L174-L181
if parsedRelayURL.Scheme != "wss" && parsedRelayURL.Scheme != "ws" {
return fmt.Errorf("rejected Relay URL protocol")
return fmt.Errorf("rejected Relay URL protocol: only WebSocket is allowed")
}
matcher := namematcher.NewNameMatcher(allowedHostNamePattern)
if !matcher.IsMember(parsedRelayURL.Hostname()) || (!allowNonTLSRelay && parsedRelayURL.Scheme != "wss") {
return fmt.Errorf("rejected Relay URL")
} else {
return nil
if !matcher.IsMember(parsedRelayURL.Hostname()) {
return fmt.Errorf("rejected Relay URL: hostname does not match allowed pattern \"%v\"", allowedHostNamePattern)
}
return nil
}
// Start configures and starts a Snowflake, fully formed and special. Configuration