Updated go deps and general package work (antoniomika#279)

* Updated go deps and general package work

* Update used go version to 1.21

* feat: wildcard support

* Fixed lint

* feat: auto redirect to https

* Use proper hostname in redirect

* Add wildcards to sni proxy

* Ensure wildcard isn't too greedy and fix sni on https port

* Code cleanup

---------

Co-authored-by: Son Nguyen <[email protected]>

Author: antoniomika

.github/workflows/build.yml

@@ -30,7 +30,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@v3
       with:
-        go-version: 1.19
+        go-version: 1.21
     - name: Checkout repo
       uses: actions/checkout@v3
     - name: Lint the codebase

.github/workflows/release.yml

@@ -14,7 +14,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v2
         with:
-          go-version: 1.19
+          go-version: 1.21
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v2
         with:

.vscode/launch.json

@@ -38,7 +38,9 @@
         "--http-load-balancer=true",
         "--tcp-load-balancer=true",
         "--alias-load-balancer=true",
-        "--sni-load-balancer=true"
+        "--sni-load-balancer=true",
+        "--force-https",
+        "--bind-wildcards"
       ]
     }
   ]

Dockerfile

@@ -1,4 +1,4 @@
-FROM --platform=$BUILDPLATFORM golang:1.19-alpine as builder
+FROM --platform=$BUILDPLATFORM golang:1.21-alpine as builder
 LABEL maintainer="Antonio Mika <[email protected]>"
 
 ENV CGO_ENABLED 0

README.md

@@ -342,6 +342,7 @@ Flags:
       --bind-random-subdomains                                  Force bound HTTP tunnels to use random subdomains instead of user provided ones (default true)
       --bind-random-subdomains-length int                       The length of the random subdomain to generate if a subdomain is unavailable or if random subdomains are enforced (default 3)
       --bind-root-domain                                        Allow binding the root domain when accepting an HTTP listener
+      --bind-wildcards                                          Allow binding wildcards when accepting an HTTP listener
       --cleanup-unauthed                                        Cleanup unauthed SSH connections after a set timeout (default true)
       --cleanup-unauthed-timeout duration                       Duration to wait before cleaning up an unauthed connection (default 5s)
       --cleanup-unbound                                         Cleanup unbound (unforwarded) SSH connections after a set timeout
@@ -350,6 +351,8 @@ Flags:
       --debug                                                   Enable debugging information
       --debug-interval duration                                 Duration to wait between each debug loop output if debug is true (default 2s)
   -d, --domain string                                           The root domain for HTTP(S) multiplexing that will be appended to subdomains (default "ssi.sh")
+      --force-all-https                                         Redirect all requests to the https server
+      --force-https                                             Allow indiviual binds to request for https to be enforced
       --force-requested-aliases                                 Force the aliases used to be the one that is requested. Will fail the bind if it exists already
       --force-requested-ports                                   Force the ports used to be the one that is requested. Will fail the bind if it exists already
       --force-requested-subdomains                              Force the subdomains used to be the one that is requested. Will fail the bind if it exists already

cmd/sish.go

@@ -98,6 +98,8 @@ func init() {
 	rootCmd.PersistentFlags().BoolP("proxy-protocol-use-timeout", "", false, "Use a timeout for the proxy-protocol read")
 	rootCmd.PersistentFlags().BoolP("proxy-protocol-listener", "", false, "Use the proxy-protocol to resolve ip addresses from user connections")
 	rootCmd.PersistentFlags().BoolP("https", "", false, "Listen for HTTPS connections. Requires a correct --https-certificate-directory")
+	rootCmd.PersistentFlags().BoolP("force-all-https", "", false, "Redirect all requests to the https server")
+	rootCmd.PersistentFlags().BoolP("force-https", "", false, "Allow indiviual binds to request for https to be enforced")
 	rootCmd.PersistentFlags().BoolP("redirect-root", "", true, "Redirect the root domain to the location defined in --redirect-root-location")
 	rootCmd.PersistentFlags().BoolP("admin-console", "", false, "Enable the admin console accessible at http(s)://domain/_sish/console?x-authorization=admin-console-token")
 	rootCmd.PersistentFlags().BoolP("service-console", "", false, "Enable the service console for each service and send the info to connected clients")
@@ -121,6 +123,7 @@ func init() {
 	rootCmd.PersistentFlags().BoolP("strip-http-path", "", true, "Strip the http path from the forward")
 	rootCmd.PersistentFlags().BoolP("bind-any-host", "", false, "Allow binding any host when accepting an HTTP listener")
 	rootCmd.PersistentFlags().BoolP("bind-root-domain", "", false, "Allow binding the root domain when accepting an HTTP listener")
+	rootCmd.PersistentFlags().BoolP("bind-wildcards", "", false, "Allow binding wildcards when accepting an HTTP listener")
 	rootCmd.PersistentFlags().BoolP("load-templates", "", true, "Load HTML templates. This is required for admin/service consoles")
 	rootCmd.PersistentFlags().BoolP("rewrite-host-header", "", true, "Force rewrite the host header if the user provides host-header=host.com")
 

config.example.yml

@@ -23,6 +23,7 @@ bind-random-ports: true
 bind-random-subdomains: true
 bind-random-subdomains-length: 3
 bind-root-domain: false
+bind-wildcards: false
 cleanup-unauthed: true
 cleanup-unauthed-timeout: 5s
 cleanup-unbound: false
@@ -31,6 +32,8 @@ config: config.yml
 debug: false
 debug-interval: 2s
 domain: ssi.sh
+force-all-https: false
+force-https: false
 force-requested-aliases: false
 force-requested-ports: false
 force-requested-subdomains: false

go.mod

@@ -1,69 +1,80 @@
 module github.com/antoniomika/sish
 
-go 1.19
+go 1.21
 
 require (
 	github.com/ScaleFT/sshkeys v1.2.0
 	github.com/antoniomika/syncmap v1.0.0
-	github.com/caddyserver/certmagic v0.17.2
+	github.com/caddyserver/certmagic v0.19.2
 	github.com/fsnotify/fsnotify v1.6.0
-	github.com/gin-gonic/gin v1.8.1
+	github.com/gin-gonic/gin v1.9.1
 	github.com/gorilla/websocket v1.5.0
-	github.com/jpillora/ipfilter v1.2.8
+	github.com/jpillora/ipfilter v1.2.9
 	github.com/logrusorgru/aurora v2.0.3+incompatible
 	github.com/mikesmitty/edkey v0.0.0-20170222072505-3356ea4e686a
-	github.com/pires/go-proxyproto v0.6.2
+	github.com/pires/go-proxyproto v0.7.0
 	github.com/radovskyb/watcher v1.0.7
-	github.com/sirupsen/logrus v1.9.0
-	github.com/spf13/cobra v1.6.1
-	github.com/spf13/viper v1.14.0
+	github.com/sirupsen/logrus v1.9.3
+	github.com/spf13/cobra v1.7.0
+	github.com/spf13/viper v1.17.0
 	github.com/vulcand/oxy v1.4.2
-	golang.org/x/crypto v0.4.0
-	gopkg.in/natefinch/lumberjack.v2 v2.0.0
+	golang.org/x/crypto v0.14.0
+	gopkg.in/natefinch/lumberjack.v2 v2.2.1
 )
 
 require (
 	github.com/HdrHistogram/hdrhistogram-go v1.1.2 // indirect
+	github.com/bytedance/sonic v1.10.1 // indirect
+	github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d // indirect
+	github.com/chenzhuoyu/iasm v0.9.0 // indirect
 	github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a // indirect
+	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
-	github.com/go-playground/locales v0.14.0 // indirect
-	github.com/go-playground/universal-translator v0.18.0 // indirect
-	github.com/go-playground/validator/v10 v10.11.1 // indirect
-	github.com/goccy/go-json v0.10.0 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/go-playground/validator/v10 v10.15.5 // indirect
+	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.2 // indirect
-	github.com/leodido/go-urn v1.2.1 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.5 // indirect
+	github.com/leodido/go-urn v1.2.4 // indirect
 	github.com/libdns/libdns v0.2.1 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailgun/timetools v0.0.0-20170619190023-f3a7b8ffff47 // indirect
-	github.com/mattn/go-isatty v0.0.16 // indirect
-	github.com/mholt/acmez v1.0.4 // indirect
-	github.com/miekg/dns v1.1.50 // indirect
+	github.com/mattn/go-isatty v0.0.19 // indirect
+	github.com/mholt/acmez v1.2.0 // indirect
+	github.com/miekg/dns v1.1.56 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
-	github.com/phuslu/iploc v1.0.20221130 // indirect
+	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
+	github.com/phuslu/iploc v1.0.20230929 // indirect
+	github.com/sagikazarmark/locafero v0.3.0 // indirect
+	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
 	github.com/segmentio/fasthash v1.0.3 // indirect
-	github.com/spf13/afero v1.9.3 // indirect
-	github.com/spf13/cast v1.5.0 // indirect
+	github.com/sourcegraph/conc v0.3.0 // indirect
+	github.com/spf13/afero v1.10.0 // indirect
+	github.com/spf13/cast v1.5.1 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/subosito/gotenv v1.4.1 // indirect
+	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce // indirect
-	github.com/ugorji/go/codec v1.2.7 // indirect
-	go.uber.org/atomic v1.10.0 // indirect
-	go.uber.org/multierr v1.8.0 // indirect
-	go.uber.org/zap v1.24.0 // indirect
-	golang.org/x/mod v0.7.0 // indirect
-	golang.org/x/net v0.4.0 // indirect
-	golang.org/x/sys v0.3.0 // indirect
-	golang.org/x/text v0.5.0 // indirect
-	golang.org/x/tools v0.4.0 // indirect
-	google.golang.org/protobuf v1.28.1 // indirect
+	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
+	github.com/ugorji/go/codec v1.2.11 // indirect
+	github.com/zeebo/blake3 v0.2.3 // indirect
+	go.uber.org/atomic v1.11.0 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	go.uber.org/zap v1.26.0 // indirect
+	golang.org/x/arch v0.5.0 // indirect
+	golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
+	golang.org/x/mod v0.13.0 // indirect
+	golang.org/x/net v0.16.0 // indirect
+	golang.org/x/sys v0.13.0 // indirect
+	golang.org/x/text v0.13.0 // indirect
+	golang.org/x/tools v0.14.0 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect