initial import

Author: jsiebens

.github/workflows/dev-release.yaml

@@ -0,0 +1,81 @@
+name: "Latest Development Build"
+
+on:
+  push:
+    branches: [ 'main' ]
+
+jobs:
+  binaries:
+    name: "Binaries"
+    runs-on: "ubuntu-latest"
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 1
+
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: ^1.17
+
+      - name: Build
+        run: make dist
+
+      - name: Publish binaries
+        uses: marvinpinto/action-automatic-releases@latest
+        with:
+          repo_token: "${{ secrets.GITHUB_TOKEN }}"
+          automatic_release_tag: "latest"
+          prerelease: true
+          title: "Development Build"
+          files: |
+            dist/*
+
+  docker:
+    name: "Docker"
+    runs-on: "ubuntu-latest"
+
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 1
+
+      - name: Set Username/Repo and ImagePrefix as ENV vars
+        run: |
+          echo "USER_REPO"=$(echo "$GITHUB_REPOSITORY" | awk '{print tolower($1)}' | sed -e "s/:refs//") >> $GITHUB_ENV && \
+          echo "IMAGE_PREFIX"=$(echo "ghcr.io/$GITHUB_REPOSITORY" | awk '{print tolower($1)}' | sed -e "s/:refs//") >> $GITHUB_ENV
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Login to Github Container Registry
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and Push container images
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64,linux/arm/v7,linux/arm64
+          build-args: |
+            VERSION=latest
+            GIT_COMMIT=${{ github.sha }}
+            REPO_URL=https://github.com/${{ env.USER_REPO }}
+          push: true
+          tags: |
+            ${{ env.IMAGE_PREFIX }}:${{ github.sha }}
+            ${{ env.IMAGE_PREFIX }}:latest

.gitignore

@@ -0,0 +1,4 @@
+.idea
+.vagrant
+*.log
+dist

Dockerfile

@@ -0,0 +1,30 @@
+FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.17.2-alpine3.14 as build
+
+ARG TARGETPLATFORM
+ARG BUILDPLATFORM
+ARG TARGETOS
+ARG TARGETARCH
+
+ENV CGO_ENABLED=0
+
+WORKDIR /src
+COPY . .
+
+RUN apk add git
+RUN VERSION=$(git describe --all --exact-match `git rev-parse HEAD` | grep tags | sed 's/tags\///') \
+    && GIT_COMMIT=$(git rev-list -1 HEAD) \
+    && GOOS=${TARGETOS} GOARCH=${TARGETARCH} CGO_ENABLED=${CGO_ENABLED} go build \
+        --ldflags "-s -w \
+        -X github.com/jsiebens/proxiro/internal/version.GitCommit=${GIT_COMMIT}\
+        -X github.com/jsiebens/proxiro/internal/version.Version=${VERSION}" \
+        -a -installsuffix cgo -o proxiro cmd/proxiro/main.go
+
+FROM --platform=${TARGETPLATFORM:-linux/amd64} alpine:3.14.2 as ship
+
+RUN apk --no-cache add ca-certificates
+RUN addgroup -S proxiro && adduser -S -g proxiro proxiro
+
+COPY --from=build /src/proxiro /usr/local/bin
+
+USER proxiro
+ENTRYPOINT ["proxiro"]

Makefile

@@ -0,0 +1,23 @@
+SHELL := bash
+Version := $(shell git describe --tags --dirty)
+# Version := "dev"
+GitCommit := $(shell git rev-parse HEAD)
+LDFLAGS := "-s -w -X github.com/jsiebens/proxiro/internal/version.Version=$(Version) -X github.com/jsiebens/proxiro/internal/version.GitCommit=$(GitCommit)"
+.PHONY: all
+
+.PHONY: build
+build:
+	go build -ldflags $(LDFLAGS) -a -installsuffix cgo cmd/proxiro/main.go
+
+.PHONY: dist
+dist:
+	mkdir -p dist
+	GOOS=linux go build -ldflags $(LDFLAGS) -a -installsuffix cgo -o dist/proxiro cmd/proxiro/main.go
+	GOOS=darwin go build -ldflags $(LDFLAGS) -a -installsuffix cgo -o dist/proxiro-darwin cmd/proxiro/main.go
+	GOOS=linux GOARCH=arm64 go build -ldflags $(LDFLAGS) -a -installsuffix cgo -o dist/proxiro-arm64 cmd/proxiro/main.go
+	GOOS=linux GOARCH=arm GOARM=6 go build -ldflags $(LDFLAGS) -a -installsuffix cgo -o dist/proxiro-armhf cmd/proxiro/main.go
+	GOOS=windows go build -ldflags $(LDFLAGS) -a -installsuffix cgo -o dist/proxiro.exe cmd/proxiro/main.go
+
+.PHONY: hash
+hash:
+	for f in dist/proxiro*; do shasum -a 256 $$f > $$f.sha256; done

README.md

@@ -0,0 +1,3 @@
+# proxiro
+
+a lightweight identity-aware proxy

cmd/proxiro/main.go

@@ -0,0 +1,114 @@
+package main
+
+import (
+	"fmt"
+	"github.com/jsiebens/proxiro/internal/auth"
+	"github.com/jsiebens/proxiro/internal/client"
+	"github.com/jsiebens/proxiro/internal/proxy"
+	"github.com/jsiebens/proxiro/internal/version"
+	"github.com/spf13/cobra"
+	"os"
+)
+
+func main() {
+	cmd := rootCommand()
+	cmd.AddCommand(serverCommand())
+	cmd.AddCommand(proxyCommand())
+	cmd.AddCommand(connectCommand())
+	cmd.AddCommand(versionCommand())
+
+	if err := cmd.Execute(); err != nil {
+		os.Exit(1)
+	}
+}
+
+func rootCommand() *cobra.Command {
+	return &cobra.Command{
+		Use: "proxiro",
+	}
+}
+
+func serverCommand() *cobra.Command {
+	command := &cobra.Command{
+		Use:          "server",
+		SilenceUsage: true,
+	}
+
+	var configFile string
+
+	command.Flags().StringVarP(&configFile, "config", "c", "", "Path to the configuration file.")
+
+	command.RunE = func(command *cobra.Command, args []string) error {
+		c, err := auth.LoadConfig(configFile)
+		if err != nil {
+			return err
+		}
+
+		return auth.StartServer(c)
+	}
+
+	return command
+}
+
+func proxyCommand() *cobra.Command {
+	command := &cobra.Command{
+		Use:          "proxy",
+		SilenceUsage: true,
+	}
+
+	var configFile string
+
+	command.Flags().StringVarP(&configFile, "config", "c", "", "Path to the configuration file.")
+
+	command.RunE = func(command *cobra.Command, args []string) error {
+		c, err := proxy.LoadConfig(configFile)
+		if err != nil {
+			return err
+		}
+
+		return proxy.StartServer(c)
+	}
+
+	return command
+}
+
+func connectCommand() *cobra.Command {
+	command := &cobra.Command{
+		Use:          "connect",
+		SilenceUsage: true,
+		Args:         cobra.MinimumNArgs(1),
+		ArgAliases:   []string{"target"},
+	}
+
+	var listeners []string
+	var tlsSkipVerify bool
+	var caFile string
+
+	command.Flags().StringSliceVarP(&listeners, "listen-addr", "l", []string{}, "")
+	command.Flags().BoolVar(&tlsSkipVerify, "tls-skip-verify", false, "")
+	command.Flags().StringVar(&caFile, "ca-file", "", "")
+
+	command.RunE = func(cmd *cobra.Command, args []string) error {
+		return client.StartClient(cmd.Context(), args[0], listeners, caFile, tlsSkipVerify)
+	}
+
+	return command
+}
+
+func versionCommand() *cobra.Command {
+	var command = &cobra.Command{
+		Use:          "version",
+		Short:        "Display version information",
+		SilenceUsage: true,
+	}
+
+	command.Run = func(cmd *cobra.Command, args []string) {
+		clientVersion, clientRevision := version.GetReleaseInfo()
+		fmt.Printf(`
+ Version:       %s 
+ Git Revision:  %s
+`, clientVersion, clientRevision)
+	}
+
+	return command
+}

go.mod

@@ -0,0 +1,61 @@
+module github.com/jsiebens/proxiro
+
+go 1.17
+
+require (
+	github.com/coreos/go-oidc/v3 v3.1.0
+	github.com/go-resty/resty/v2 v2.7.0
+	github.com/gorilla/websocket v1.4.2
+	github.com/hashicorp/go-multierror v1.0.0
+	github.com/iamolegga/enviper v1.3.0
+	github.com/klauspost/compress v1.13.6
+	github.com/labstack/echo/v4 v4.6.1
+	github.com/mitchellh/go-homedir v1.1.0
+	github.com/mr-tron/base58 v1.2.0
+	github.com/patrickmn/go-cache v2.1.0+incompatible
+	github.com/rancher/remotedialer v0.2.6-0.20210802164054-73730a94f4a1
+	github.com/sirupsen/logrus v1.4.2
+	github.com/spf13/cobra v1.2.1
+	github.com/spf13/viper v1.10.0
+	golang.org/x/crypto v0.0.0-20210817164053-32db794688a5
+	golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8
+)
+
+require (
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/cespare/xxhash/v2 v2.1.2 // indirect
+	github.com/fsnotify/fsnotify v1.5.1 // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/hashicorp/errwrap v1.0.0 // indirect
+	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/konsorten/go-windows-terminal-sequences v1.0.1 // indirect
+	github.com/kr/pretty v0.2.0 // indirect
+	github.com/labstack/gommon v0.3.0 // indirect
+	github.com/magiconair/properties v1.8.5 // indirect
+	github.com/mattn/go-colorable v0.1.12 // indirect
+	github.com/mattn/go-isatty v0.0.14 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
+	github.com/mitchellh/mapstructure v1.4.3 // indirect
+	github.com/pelletier/go-toml v1.9.4 // indirect
+	github.com/pkg/errors v0.8.1 // indirect
+	github.com/prometheus/client_golang v1.4.0 // indirect
+	github.com/prometheus/client_model v0.2.0 // indirect
+	github.com/prometheus/common v0.9.1 // indirect
+	github.com/prometheus/procfs v0.0.8 // indirect
+	github.com/spf13/afero v1.6.0 // indirect
+	github.com/spf13/cast v1.4.1 // indirect
+	github.com/spf13/jwalterweatherman v1.1.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/subosito/gotenv v1.2.0 // indirect
+	github.com/valyala/bytebufferpool v1.0.0 // indirect
+	github.com/valyala/fasttemplate v1.2.1 // indirect
+	golang.org/x/net v0.0.0-20211029224645-99673261e6eb // indirect
+	golang.org/x/sys v0.0.0-20211205182925-97ca703d548d // indirect
+	golang.org/x/text v0.3.7 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/protobuf v1.27.1 // indirect
+	gopkg.in/ini.v1 v1.66.2 // indirect
+	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+)