From 0ce33fd7cc452999fa5219f25d26722a90dca66b Mon Sep 17 00:00:00 2001 From: Maciej Szlosarczyk Date: Thu, 18 Jul 2019 21:21:38 +0300 Subject: [PATCH 1/7] Replace apply(Fun, Args) with a direct module:function(Args) call --- apps/epp_proxy/src/epp_http_client.erl | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/apps/epp_proxy/src/epp_http_client.erl b/apps/epp_proxy/src/epp_http_client.erl index c52bc70..f3ae3bc 100644 --- a/apps/epp_proxy/src/epp_http_client.erl +++ b/apps/epp_proxy/src/epp_http_client.erl @@ -12,8 +12,11 @@ %% Callback API request(#epp_request{} = Request) -> - HackneyArgs = handle_args(Request), - case apply(hackney, request, HackneyArgs) of + [Method, URL, Headers, Payload, Options] = + handle_args(Request), + case hackney:request(Method, URL, Headers, Payload, + Options) + of {error, Error} -> log_and_return_canned(Error, Request); {Status, _StatusCode, _Headers, ClientRef} -> {ok, Body} = hackney:body(ClientRef), {Status, Body} From 085b2f8d4a9a4f790eccf63e2a6fe00bf2c78eda Mon Sep 17 00:00:00 2001 From: Maciej Szlosarczyk Date: Fri, 19 Jul 2019 14:56:42 +0300 Subject: [PATCH 2/7] Add insecure option to allow TLS connection without verification --- apps/epp_proxy/src/epp_http_client.erl | 13 ++++++++++--- config/sys.config | 3 +++ config/test.config | 1 + 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/apps/epp_proxy/src/epp_http_client.erl b/apps/epp_proxy/src/epp_http_client.erl index f3ae3bc..0c4f6c8 100644 --- a/apps/epp_proxy/src/epp_http_client.erl +++ b/apps/epp_proxy/src/epp_http_client.erl @@ -31,7 +31,7 @@ request_builder(Map) -> request_from_map(Map). handle_args(#epp_request{method = get, url = URL, headers = Headers, cookies = Cookies, epp_verb = ?helloCommand}) -> - [get, URL, Headers, "", [{cookie, Cookies}, insecure]]; + [get, URL, Headers, "", hackney_options(Cookies)]; %% For error command, we convert the message and code into query parameters, %% and append them to the original URL. handle_args(#epp_request{method = get, url = URL, @@ -40,13 +40,13 @@ handle_args(#epp_request{method = get, url = URL, QueryString = hackney_url:qs(Payload), CompleteURL = [URL, <<"?">>, QueryString], [get, CompleteURL, Headers, "", - [{cookie, Cookies}, insecure]]; + hackney_options(Cookies)]; %% For valid commands, we set the multipart body earlier, now we just pass it on. handle_args(#epp_request{method = post, url = URL, payload = Payload, headers = Headers, cookies = Cookies}) -> [post, URL, Headers, Payload, - [{cookie, Cookies}, insecure]]. + hackney_options(Cookies)]. %% Map request and return values. request_from_map(#{command := ?errorCommand, @@ -82,6 +82,13 @@ request_from_map(#{command := Command, lager:info("Request from map: [~p]~n", [Request]), Request. +%% Get hackney options +hackney_options(Cookies) -> + case application:get_env(epp_proxy, insecure) of + false -> [{cookies, Cookies}, insecure]; + _ -> [{cookies, Cookies}] + end. + %% Return form data or an empty list. request_body(?helloCommand, _, _) -> ""; request_body(_Command, RawFrame, nomatch) -> diff --git a/config/sys.config b/config/sys.config index 0d95440..e106b77 100644 --- a/config/sys.config +++ b/config/sys.config @@ -7,6 +7,9 @@ %% TLS port, specified in RFC to 700, but can be set to anything else %% in case that is needed. {tls_port, 700}, + %% When set to true, you can connect to EPP over endpoints without verifying their + %% TLS certificates. + {insecure, false} %% URL of EPP endpoints. Can be pointed at a web server (Apache/NGINX) %% Can contain port (https://some-host:3000/epp/session) %% Honors the prepended protocol (http / https). diff --git a/config/test.config b/config/test.config index 921619e..61c6588 100644 --- a/config/test.config +++ b/config/test.config @@ -2,6 +2,7 @@ {epp_proxy, [{dev_mode, true}, {tcp_port, 1180}, {tls_port, 1443}, + {insecure, false}, {epp_session_url, "http://localhost:9292/session/"}, {epp_command_url, "http://localhost:9292/command/"}, From 943b2ee6f6454ec09d539fa4c48fa7cf0fad1931 Mon Sep 17 00:00:00 2001 From: Maciej Szlosarczyk Date: Fri, 19 Jul 2019 14:59:09 +0300 Subject: [PATCH 3/7] Fix code style --- apps/epp_proxy/src/epp_http_client.erl | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/apps/epp_proxy/src/epp_http_client.erl b/apps/epp_proxy/src/epp_http_client.erl index 0c4f6c8..effb476 100644 --- a/apps/epp_proxy/src/epp_http_client.erl +++ b/apps/epp_proxy/src/epp_http_client.erl @@ -45,8 +45,7 @@ handle_args(#epp_request{method = get, url = URL, handle_args(#epp_request{method = post, url = URL, payload = Payload, headers = Headers, cookies = Cookies}) -> - [post, URL, Headers, Payload, - hackney_options(Cookies)]. + [post, URL, Headers, Payload, hackney_options(Cookies)]. %% Map request and return values. request_from_map(#{command := ?errorCommand, @@ -85,9 +84,9 @@ request_from_map(#{command := Command, %% Get hackney options hackney_options(Cookies) -> case application:get_env(epp_proxy, insecure) of - false -> [{cookies, Cookies}, insecure]; - _ -> [{cookies, Cookies}] - end. + false -> [{cookies, Cookies}, insecure]; + _ -> [{cookies, Cookies}] + end. %% Return form data or an empty list. request_body(?helloCommand, _, _) -> ""; From 3a1f83cfddf379928952e37ae897ac5c65c6947c Mon Sep 17 00:00:00 2001 From: Maciej Szlosarczyk Date: Mon, 29 Jul 2019 11:37:38 +0300 Subject: [PATCH 4/7] Update docker configuration as well --- config/docker.config | 1 + 1 file changed, 1 insertion(+) diff --git a/config/docker.config b/config/docker.config index e3073a5..d25e978 100644 --- a/config/docker.config +++ b/config/docker.config @@ -3,6 +3,7 @@ {dev_mode, true}, {tcp_port, 3333}, {tls_port, 700}, + {insecure, false}, {epp_session_url, "http://epp:3000/epp/session/"}, {epp_command_url, "http://epp:3000/epp/command/"}, {epp_error_url, "http://epp:3000/epp/error/"}, From 0e46f526308747034c4770bc083a959a28d65257 Mon Sep 17 00:00:00 2001 From: Maciej Szlosarczyk Date: Tue, 30 Jul 2019 13:41:20 +0300 Subject: [PATCH 5/7] Ensure that session cookie is always passed in hello route --- apps/epp_proxy/priv/test_backend_app/epp_server.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/apps/epp_proxy/priv/test_backend_app/epp_server.rb b/apps/epp_proxy/priv/test_backend_app/epp_server.rb index 269b74f..fc346ec 100644 --- a/apps/epp_proxy/priv/test_backend_app/epp_server.rb +++ b/apps/epp_proxy/priv/test_backend_app/epp_server.rb @@ -8,7 +8,9 @@ class EppServer < Roda r.on "session" do r.get "hello" do - render("session/hello") + if r.cookies['session'] + render("session/hello") + end end r.post "login" do From a73f7428fc11d32759976eed7db39aed7969a84d Mon Sep 17 00:00:00 2001 From: Maciej Szlosarczyk Date: Tue, 30 Jul 2019 13:46:55 +0300 Subject: [PATCH 6/7] Remove some code cuplication --- apps/epp_proxy/include/epp_proxy.hrl | 7 ++++++- apps/epp_proxy/src/epp_http_client.erl | 4 ++-- apps/epp_proxy/src/epp_tcp_worker.erl | 6 ------ apps/epp_proxy/src/epp_tls_worker.erl | 9 ++------- 4 files changed, 10 insertions(+), 16 deletions(-) diff --git a/apps/epp_proxy/include/epp_proxy.hrl b/apps/epp_proxy/include/epp_proxy.hrl index f1b0b0b..c2d3912 100644 --- a/apps/epp_proxy/include/epp_proxy.hrl +++ b/apps/epp_proxy/include/epp_proxy.hrl @@ -8,8 +8,13 @@ epp_verb % Epp verb that is targeted, plus 'error' }). --type epp_request() :: #epp_request{}. +-record(valid_frame, {command, cl_trid, raw_frame}). + +-record(invalid_frame, {code, cl_trid, message}). +-record(state, {socket, session_id, headers}). + +-type epp_request() :: #epp_request{}. -define(XMLErrorCode, <<"2001">>). diff --git a/apps/epp_proxy/src/epp_http_client.erl b/apps/epp_proxy/src/epp_http_client.erl index effb476..91c5ff0 100644 --- a/apps/epp_proxy/src/epp_http_client.erl +++ b/apps/epp_proxy/src/epp_http_client.erl @@ -84,8 +84,8 @@ request_from_map(#{command := Command, %% Get hackney options hackney_options(Cookies) -> case application:get_env(epp_proxy, insecure) of - false -> [{cookies, Cookies}, insecure]; - _ -> [{cookies, Cookies}] + false -> [{cookie, Cookies}, insecure]; + _ -> [{cookie, Cookies}] end. %% Return form data or an empty list. diff --git a/apps/epp_proxy/src/epp_tcp_worker.erl b/apps/epp_proxy/src/epp_tcp_worker.erl index 5fb2579..8bd561e 100644 --- a/apps/epp_proxy/src/epp_tcp_worker.erl +++ b/apps/epp_proxy/src/epp_tcp_worker.erl @@ -12,12 +12,6 @@ -export([code_change/3]). --record(valid_frame, {command, cl_trid, raw_frame}). - --record(invalid_frame, {code, cl_trid, message}). - --record(state, {socket, session_id, headers}). - %% Initialize process %% Assign an unique session id that will be passed on to http server as a cookie init(Socket) -> diff --git a/apps/epp_proxy/src/epp_tls_worker.erl b/apps/epp_proxy/src/epp_tls_worker.erl index 0f7bba0..1941251 100644 --- a/apps/epp_proxy/src/epp_tls_worker.erl +++ b/apps/epp_proxy/src/epp_tls_worker.erl @@ -12,12 +12,6 @@ -export([code_change/3]). --record(valid_frame, {command, cl_trid, raw_frame}). - --record(invalid_frame, {code, cl_trid, message}). - --record(state, {socket, session_id, headers}). - %% Initialize process %% Assign an unique session id that will be passed on to http server as a cookie init(Socket) -> @@ -171,7 +165,8 @@ log_on_invalid_handshake(Ip, Error) -> log_opened_connection(Ip) -> ReadableIp = epp_util:readable_ip(Ip), - lager:info("New client connection. IP: ~s, Process: ~p.~n", + lager:info("New client connection. IP: ~s, Process: " + "~p.~n", [ReadableIp, self()]). %% Extract state info from socket. Fail if you must. From a23e2ab311a1f23c351ae210be88889475b7d98c Mon Sep 17 00:00:00 2001 From: Maciej Szlosarczyk Date: Tue, 30 Jul 2019 13:50:30 +0300 Subject: [PATCH 7/7] Update documentation --- config/sys.config | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/sys.config b/config/sys.config index e106b77..30bd143 100644 --- a/config/sys.config +++ b/config/sys.config @@ -7,8 +7,8 @@ %% TLS port, specified in RFC to 700, but can be set to anything else %% in case that is needed. {tls_port, 700}, - %% When set to true, you can connect to EPP over endpoints without verifying their - %% TLS certificates. + %% When set to true, you can connect to EPP over HTTPS endpoints without + %% verifying their TLS certificates. {insecure, false} %% URL of EPP endpoints. Can be pointed at a web server (Apache/NGINX) %% Can contain port (https://some-host:3000/epp/session)