Implemented tunnels for FlexConnect
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Jonttu 2024-10-07 00:42:55 +03:00
parent 2027806e0c
commit 53a88b6d99
7 changed files with 199 additions and 20 deletions

22
pom.xml
View File

@ -33,6 +33,19 @@
<target>16</target>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
<version>3.2.4</version>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>shade</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
@ -50,6 +63,15 @@
<version>1.16.4-R0.1-SNAPSHOT</version>
<scope>provided</scope>
</dependency>
<dependency>
<!--<groupId>com.sshtools</groupId>
<artifactId>maverick-synergy-client</artifactId>
<version>3.1.1</version> -->
<groupId>org.apache.sshd</groupId>
<artifactId>sshd-core</artifactId>
<version>2.14.0</version>
<scope>compile</scope>
</dependency>
</dependencies>
</project>

View File

@ -3,6 +3,7 @@ package fi.flexplex.connect;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.net.MalformedURLException;
import java.util.HashSet;
import java.util.Properties;
import java.util.Set;
@ -11,9 +12,12 @@ import org.bukkit.configuration.file.YamlConfiguration;
import org.bukkit.plugin.java.JavaPlugin;
import fi.flexplex.connect.util.FileChangeListener;
import fi.flexplex.connect.util.Tunnel;
import fi.flexplex.connect.util.TunnelConnector;
public final class FlexConnect extends JavaPlugin {
private final Set<TunnelConnector> tunnelConnectors = new HashSet<>();
private final Set<String> proxyAddresses = new HashSet<>();
private String token = "";
@ -42,7 +46,11 @@ public final class FlexConnect extends JavaPlugin {
}
// GraphQL Api
this.flexPlexGraphQLApi = new FlexPlexGraphQLApi(this, "https://api.flexplex.fi/graphql");
try {
this.flexPlexGraphQLApi = new FlexPlexGraphQLApi(this, "https://api.flexplex.fi/graphql");
} catch (final MalformedURLException e) {
e.printStackTrace();
}
boolean configsModified = false;
@ -95,12 +103,25 @@ public final class FlexConnect extends JavaPlugin {
// Update whitelists for flexplex api
this.flexPlexGraphQLApi.updateWhitelist();
// Load real FlexPlex proxy addresses from FlexPlex API
this.proxyAddresses.addAll(this.flexPlexGraphQLApi.getProxyAddresses());
// Load allowed proxy addresses from config
this.proxyAddresses.addAll(this.getConfig().getStringList("allowedProxies"));
// Load tunnels and proxy addresses from FlexPlex API and start tunnels
final Set<Tunnel> tunnels = new HashSet<>();
tunnels.addAll(this.flexPlexGraphQLApi.getTunnels());
for (final Tunnel tunnel : tunnels) {
this.proxyAddresses.add(tunnel.host);
final TunnelConnector connector = new TunnelConnector(this, tunnel);
this.tunnelConnectors.add(connector);
connector.start();
}
}
@Override
public void onDisable() {
for (final TunnelConnector connector : this.tunnelConnectors) {
connector.stop();
}
}
}

View File

@ -20,13 +20,15 @@ public final class FlexConnectListener implements Listener {
@EventHandler
public void onPlayerLogin(final PlayerLoginEvent event) {
if (flexConnect.getProxyAddresses().contains(event.getRealAddress().getHostAddress())) {
final String ip = event.getRealAddress().getHostAddress();
if (flexConnect.getProxyAddresses().contains(ip)) {
// Connection is coming from allowed proxy
return;
}
// Do not allow connections from other proxies
event.disallow(PlayerLoginEvent.Result.KICK_OTHER, "Access denied");
flexConnect.getLogger().warning("Connecting blocked from " + ip);
}
@EventHandler(ignoreCancelled = true, priority = EventPriority.MONITOR)

View File

@ -4,6 +4,8 @@ import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.HashSet;
@ -14,23 +16,24 @@ import com.google.gson.JsonArray;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import fi.flexplex.connect.util.Tunnel;
import org.bukkit.OfflinePlayer;
public final class FlexPlexGraphQLApi {
private final String graphqlEndpoint;
private final URL graphqlEndpoint;
private final FlexConnect flexConnect;
public FlexPlexGraphQLApi(final FlexConnect flexConnect, final String graphQLEndpoint) {
public FlexPlexGraphQLApi(final FlexConnect flexConnect, final String graphQLEndpoint) throws MalformedURLException {
this.flexConnect = flexConnect;
this.graphqlEndpoint = graphQLEndpoint;
this.graphqlEndpoint = URI.create(graphQLEndpoint).toURL();
}
public Set<String> getProxyAddresses() {
final Set<String> output = new HashSet<>();
public Set<Tunnel> getTunnels() {
final Set<Tunnel> output = new HashSet<>();
try {
final URL url = new URL(graphqlEndpoint);
final HttpURLConnection conn = (HttpURLConnection) url.openConnection();
final HttpURLConnection conn = (HttpURLConnection) graphqlEndpoint.openConnection();
conn.setDoOutput(true);
conn.setDoInput(true);
conn.setConnectTimeout(10000);
@ -39,23 +42,28 @@ public final class FlexPlexGraphQLApi {
conn.setRequestProperty("Content-Type", "application/json");
final DataOutputStream wr = new DataOutputStream(conn.getOutputStream());
wr.writeBytes("{\"query\":\"query { proxyAddresses }\"}");
wr.writeBytes("{\"query\":\"query{tunnels(token:\\\"" + this.flexConnect.getToken() + "\\\"){host,port,forwardingPort}}\"}");
wr.flush();
wr.close();
final JsonObject response = (JsonObject) new JsonParser().parse(new InputStreamReader(conn.getInputStream(), StandardCharsets.UTF_8));
if (response.get("data").getAsJsonObject().has("proxyAddresses")) {
final JsonArray array = response.get("data").getAsJsonObject().get("proxyAddresses").getAsJsonArray();
if (response.get("data").getAsJsonObject().has("tunnels")) {
final JsonArray array = response.get("data").getAsJsonObject().get("tunnels").getAsJsonArray();
for (int i = 0; i < array.size(); i++) {
output.add(array.get(i).getAsString());
final JsonObject tunnel = array.get(i).getAsJsonObject();
output.add(new Tunnel(
tunnel.get("host").getAsString(),
tunnel.get("port").getAsInt(),
tunnel.get("forwardingPort").getAsInt()
));
}
}
conn.disconnect();
} catch (final IOException e) {
this.flexConnect.getLogger().warning("Updating whitelist data failed, propably connection to FlexPlex API server is down.");
this.flexConnect.getLogger().warning("Getting tunnels failed, propably connection to FlexPlex API server is down.");
}
return output;
}
@ -82,8 +90,7 @@ public final class FlexPlexGraphQLApi {
}
try {
final URL url = new URL(graphqlEndpoint);
final HttpURLConnection conn = (HttpURLConnection) url.openConnection();
final HttpURLConnection conn = (HttpURLConnection) graphqlEndpoint.openConnection();
conn.setDoOutput(true);
conn.setDoInput(true);
conn.setConnectTimeout(10000);

View File

@ -0,0 +1,15 @@
package fi.flexplex.connect.util;
public final class Tunnel {
public final String host;
public final int port;
public final int forwardingPort;
public Tunnel(final String host, final int port, final int forwardingPort) {
this.host = host;
this.port = port;
this.forwardingPort = forwardingPort;
}
}

View File

@ -0,0 +1,83 @@
package fi.flexplex.connect.util;
import java.io.IOException;
import java.util.concurrent.TimeUnit;
import org.apache.sshd.client.SshClient;
import org.apache.sshd.client.future.ConnectFuture;
import org.apache.sshd.client.session.ClientSession;
import org.apache.sshd.client.session.forward.PortForwardingTracker;
import org.apache.sshd.common.util.net.SshdSocketAddress;
import org.bukkit.Bukkit;
import fi.flexplex.connect.FlexConnect;
public final class TunnelConnector {
private final FlexConnect flexConnect;
private final Tunnel tunnel;
private final Thread thread;
private final SshClient client = SshClient.setUpDefaultClient();
private boolean isRunning = false;
public TunnelConnector(final FlexConnect flexConnect, final Tunnel tunnel) {
this.flexConnect = flexConnect;
this.tunnel = tunnel;
this.client.setForwardingFilter(new TunnelForwardingFilter());
this.thread = new Thread() {
@Override
public void run() {
while (isRunning) {
session();
flexConnect.getLogger().warning("Tunnel session ended. Trying to reconnect in 10 seconds");
try {
Thread.sleep(10_000);
} catch (final InterruptedException e) {
Thread.currentThread().interrupt();
}
}
}
};
}
public void start() {
this.isRunning = true;
this.thread.start();
}
public void stop() {
this.isRunning = false;
this.client.stop();
}
private void session() {
this.flexConnect.getLogger().info("Tunnel connecting to " + this.tunnel.host + ":" + this.tunnel.port);
try {
client.start();
final ConnectFuture cf = client.connect("FlexConnect", this.tunnel.host, this.tunnel.port);
final ClientSession session = cf.verify().getSession();
session.addPasswordIdentity(flexConnect.getToken());
session.auth().verify(TimeUnit.SECONDS.toMillis(5));
final SshdSocketAddress remote = new SshdSocketAddress("127.0.0.1", this.tunnel.forwardingPort);
final SshdSocketAddress local = new SshdSocketAddress(Bukkit.getPort());
try (PortForwardingTracker tracker = session.createRemotePortForwardingTracker(remote, local)) {
this.flexConnect.getLogger().info("Tunnel successfully connected " + this.tunnel.host + ":" + this.tunnel.port);
while (isRunning) {
Thread.sleep(5000);
if (session.isClosed()) {
break;
}
}
} catch (final InterruptedException e) {
Thread.currentThread().interrupt();
}
} catch (final IOException e) {
this.flexConnect.getLogger().warning(e.getMessage());
}
}
}

View File

@ -0,0 +1,29 @@
package fi.flexplex.connect.util;
import org.apache.sshd.common.session.Session;
import org.apache.sshd.common.util.net.SshdSocketAddress;
import org.apache.sshd.server.forward.ForwardingFilter;
public final class TunnelForwardingFilter implements ForwardingFilter {
@Override
public boolean canForwardAgent(final Session session, final String requestType) {
return false;
}
@Override
public boolean canForwardX11(final Session session, final String requestType) {
return false;
}
@Override
public boolean canListen(final SshdSocketAddress address, final Session session) {
return false;
}
@Override
public boolean canConnect(final Type type, final SshdSocketAddress address, final Session session) {
return true;
}
}