proxy2ch/main.cpp

#include <string>
#include <vector>
#include <map>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdarg.h>
#ifdef _WIN32
#include <winsock2.h>
#include <ws2tcpip.h>
#include <mswsock.h>
#else
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#endif
#include <pthread.h>
#include <signal.h>
#include <getopt.h>
#include <curl/curl.h>
#ifdef USE_LUA
#include <lua.hpp>
#endif
#include "BBS2chProxyConnection.h"
#include "BBS2chProxyThreadInfo.h"
#include "BBS2chProxyAuth.h"
#ifdef USE_MITM
#include "BBS2chProxySecureSocket.h"
#endif

#define PORT 9080
#define VERSION "20220401"
#define BACKLOG 32
#define NUM_LOCKS 7

char *proxy_server;
long proxy_port;
long proxy_type;
long timeout = 30;
char *user_agent;
char *appKey;
char *hmacKey;
char *api_ua_auth;
char *api_ua_dat;
char *x_2ch_ua_auth;
char *x_2ch_ua_dat;
int allow_chunked;
int verbosity;
int curl_features;
unsigned int curl_version_number;
bool accept_https;
int force_5chnet = 1;
int force_5chnet_https;
int force_ipv4;
char *bbsmenu_url;
char *api_server;
std::map<std::string, std::string> bbscgi_headers;
int gikofix;
CURLSH *curl_share;
char *lua_script;
unsigned int api_mode = 3;
unsigned int mitm_mode = 0;
std::vector<std::string> bbscgi_postorder;
static pthread_mutex_t lockarray[NUM_LOCKS];

void log_printf(int level, const char *format ...)
{
	if(level > verbosity) return;
	va_list argp;
	va_start(argp, format);
	vfprintf(stderr, format, argp);
	va_end(argp);
	fflush(stderr);
}

struct listener {
	int port;
	int sock_listener;
	struct sockaddr_in addr_listener;
};

static void usage(void)
{
	fprintf(stderr,"usage: proxy2ch [OPTIONS]\n");
	fprintf(stderr,"available options:\n");
	fprintf(stderr,"    -p <port> : Listen on port <port> (default: %d)\n",PORT);
	fprintf(stderr,"    -t <timeout> : Set connection timeout to <timeout> seconds (default: %ld)\n",timeout);
	fprintf(stderr,"    -a <user-agent> : Overwrite user-agent for connection\n");
	fprintf(stderr,"    -g : Accept all incoming connections (default: localhost only)\n");
	fprintf(stderr,"    -c : Accept HTTP CONNECT method (act as an HTTPS proxy)\n");
	fprintf(stderr,"    -4 : Force IPv4 DNS resolution\n");
	fprintf(stderr,"    -b <backlog> : Set backlog value to <backlog> for listen() (default: %d)\n",BACKLOG);
	fprintf(stderr,"    -s : Force https connection for 5ch.net/bbspink.com URLs\n");
	fprintf(stderr,"    --proxy <server:port> : Use proxy <server:port> for connection\n");
	fprintf(stderr,"    --api <AppKey:HmacKey> : Use API for reading/posting\n");
	fprintf(stderr,"    --api-usage <read|post|all> : Specify operations where API is used (default: all)\n");
	fprintf(stderr,"    --api-auth-ua <user-agent> : Specify user-agent for API authentication\n");
	fprintf(stderr,"    --api-dat-ua <user-agent> : Specify user-agent for dat retrieving via API\n");
	fprintf(stderr,"    --api-auth-xua <X-2ch-UA> : Specify X-2ch-UA for API authentication\n");
	fprintf(stderr,"    --api-dat-xua <X-2ch-UA> : Specify X-2ch-UA for dat retrieving via API\n");
	fprintf(stderr,"    --api-server <server> : Specify gateway server for API\n");
	fprintf(stderr,"    --bbsmenu <URL> : Replace \"5ch.net\" occurrences in links for URL\n");
	fprintf(stderr,"    --chunked : Preserve \"chunked\" transfer encoding\n");
	fprintf(stderr,"    --bbscgi-header <header: value> : Force replace header when sending request to bbs.cgi\n");
	fprintf(stderr,"    --bbscgi-postorder <field1,field2,...> : Specify a field order in request body sent to bbs.cgi\n");
#ifdef USE_LUA
	fprintf(stderr,"    --bbscgi-lua <path> : Process request header/body sent to bbs.cgi with a Lua script at <path>\n");
#endif
	fprintf(stderr,"    --verbose : Print logs in detail\n");
	fprintf(stderr,"    --gikofix : Fix invalid HTTP POST body (for gikoNavi)\n");
#ifdef USE_MITM
	fprintf(stderr,"    --mitm <minimal|all> : Act as MITM proxy when -c option is given (experimental)\n");
	fprintf(stderr,"    --mitm-ca-cert <certpath> : Specify CA certificate in PEM format for MITM proxy\n");
	fprintf(stderr,"    --mitm-ca-key <keypath> : Specify CA private key in PEM format for MITM proxy\n");
	fprintf(stderr,"    --mitm-certgen : Generate self-signed CA certificate and private key, print them in PEM format, and exit\n");
#endif
}

static void *listen(void *param)
{
	struct listener *listener = (struct listener *)param;
	log_printf(0,"Listening on port %d...\n",listener->port);
	if(listener->addr_listener.sin_addr.s_addr == INADDR_ANY) {
		log_printf(0,"WARNING: proxy accepts all incoming connections!\n");
	}
	fflush(stderr);
	int sock_c;
	pthread_mutex_t mutex, mutex2;
	BBS2chProxyThreadCache *cache = new BBS2chProxyThreadCache();
	socklen_t addrlen = sizeof(listener->addr_listener);
	
	pthread_mutex_init(&mutex, NULL);
	pthread_mutex_init(&mutex2, NULL);
	BBS2chProxyAuth *auth = new BBS2chProxyAuth(&mutex2);
	
	while(1) {
		if (-1 == (sock_c = accept(listener->sock_listener, (struct sockaddr *)&listener->addr_listener, &addrlen))) {
			perror("accept");
			continue;
		}
		//fprintf(stderr,"accepted\n");
		BBS2chProxyConnection *connection = new BBS2chProxyConnection(sock_c, cache, auth, &mutex);
		connection->run();
	}
	
	pthread_mutex_destroy(&mutex);
	pthread_mutex_destroy(&mutex2);
	delete cache;
}

static void lock_cb(CURL *handle, curl_lock_data data, curl_lock_access access, void *userptr)
{
	pthread_mutex_lock(&lockarray[data]);
}

static void unlock_cb(CURL *handle, curl_lock_data data, void *userptr)
{
	pthread_mutex_unlock(&lockarray[data]);
}

static void init_locks(void)
{
	int i;
	for(i = 0; i< NUM_LOCKS; i++)
		pthread_mutex_init(&lockarray[i], NULL);
}

int main(int argc, char *argv[])
{
	struct listener listener;
	int	ch;
	extern char	*optarg;
	extern int optind, opterr;
	int option_index;
	bool global = false;
	int backlog = BACKLOG;
	const char *certpath = NULL, *keypath = NULL;
	struct option options[] = {
		{"proxy", 1, NULL, 0},
		{"api", 1, NULL, 0},
		{"api-auth-ua", 1, NULL, 0},
		{"api-dat-ua", 1, NULL, 0},
		{"api-auth-xua", 1, NULL, 0},
		{"api-dat-xua", 1, NULL, 0},
		{"api-server", 1, NULL, 0},
		{"api-usage", 1, NULL, 0},
		{"bbsmenu", 1, NULL, 0},
		{"chunked", 0, NULL, 0},
		{"verbose", 0, NULL, 0},
		{"debug", 0, NULL, 0},
		{"bbscgi-header", 1, NULL, 0},
		{"bbscgi-postorder", 1, NULL, 0},
#ifdef USE_LUA
		{"bbscgi-lua", 1, NULL, 0},
#endif
		{"gikofix", 0, NULL, 0},
#ifdef USE_MITM
		{"mitm", 1, NULL, 0},
		{"mitm-ca-cert", 1, NULL, 0},
		{"mitm-ca-key", 1, NULL, 0},
		{"mitm-certgen", 0, NULL, 0},
#endif
		{0, 0, 0, 0}
	};
	
	curl_global_init(CURL_GLOBAL_DEFAULT);
	curl_version_info_data *data = curl_version_info(CURLVERSION_NOW);
	curl_features = data->features;
	curl_version_number = data->version_num;
	if(data->version_num >= 0x074400) { /* version 7.68.0 or later */
		init_locks();
		curl_share = curl_share_init();
		curl_share_setopt(curl_share, CURLSHOPT_LOCKFUNC, lock_cb);
		curl_share_setopt(curl_share, CURLSHOPT_UNLOCKFUNC, unlock_cb);
		curl_share_setopt(curl_share, CURLSHOPT_SHARE, CURL_LOCK_DATA_DNS);
#if LIBCURL_VERSION_NUM >= 0x070a03
		curl_share_setopt(curl_share, CURLSHOPT_SHARE, CURL_LOCK_DATA_SSL_SESSION);
#endif
/* Shared connection cache is still buggy at the moment!
   See https://github.com/curl/curl/issues/4915 */
#if 0 && LIBCURL_VERSION_NUM >= 0x073900
		curl_share_setopt(curl_share, CURLSHOPT_SHARE, CURL_LOCK_DATA_CONNECT);
#endif
	}
	log_printf(0,"proxy2ch version %s with curl %s (TLS/SSL backend: %s)\n",VERSION,data->version,data->ssl_version);
#ifdef USE_LUA
	log_printf(0,"Scripting enabled with " LUA_RELEASE "\n");
#endif
	
	memset(&listener, 0, sizeof(listener));
	listener.port = PORT;
	api_server = strdup("api.5ch.net");
	
	while ((ch = getopt_long(argc, argv, "p:t:ha:gc4b:s", options, &option_index)) != -1) {
		switch (ch) {
			case 0:
				if(!strcmp(options[option_index].name, "proxy")) {
					char *ptr = strchr(optarg, '@');
					if(!ptr) {
						ptr = strstr(optarg, "://");
						if(ptr) ptr = strchr(ptr+3,':');
						else ptr = strchr(optarg,':');
					}
					else ptr = strchr(ptr+1,':');
					if(!ptr) {
						fprintf(stderr,"Proxy port is not specified, as --proxy=server:port\n");
						return -1;
					}
					proxy_server = (char *)malloc(ptr-optarg+1);
					proxy_port = atoi(ptr+1);
					memcpy(proxy_server,optarg,ptr-optarg);
					proxy_server[ptr-optarg] = 0;
					if(!strncasecmp(optarg,"socks4://",9)) proxy_type = CURLPROXY_SOCKS4;
					else if(!strncasecmp(optarg,"socks5://",9)) proxy_type = CURLPROXY_SOCKS5;
#if LIBCURL_VERSION_NUM >= 0x071200
					else if(!strncasecmp(optarg,"socks4a://",10)) proxy_type = CURLPROXY_SOCKS4A;
					else if(!strncasecmp(optarg,"socks5h://",10)) proxy_type = CURLPROXY_SOCKS5_HOSTNAME;
#endif
				}
				else if(!strcmp(options[option_index].name, "api")) {
					if((curl_features & CURL_VERSION_SSL) == 0) {
						fprintf(stderr,"Your libcurl doesn't support HTTPS; API mode cannot be enabled.\n");
						return -1;
					}
					char *ptr = strchr(optarg, ':');
					if(!ptr) {
						fprintf(stderr,"API keys should be provided as AppKey:HmacKey\n");
						return -1;
					}
					appKey = (char *)malloc(ptr-optarg+1);
					memcpy(appKey,optarg,ptr-optarg);
					appKey[ptr-optarg] = 0;
					char *start = ptr+1;
					ptr = strchr(start, ':');
					if(!ptr) ptr = strchr(optarg, 0);
					hmacKey = (char *)malloc(ptr-start+1);
					memcpy(hmacKey,start,ptr-start);
					hmacKey[ptr-start] = 0;
					/*if(*ptr) {
						x_2ch_ua = (char *)malloc(strlen(ptr+1)+11);
						sprintf(x_2ch_ua,"X-2ch-UA: %s",ptr+1);
					}*/
					//fprintf(stderr,"%s,%s,%s\n",appKey,hmacKey,x_2ch_ua);
					//return 0;
				}
				else if(!strcmp(options[option_index].name, "api-auth-ua")) {
					api_ua_auth = (char *)malloc(strlen(optarg)+1);
					strcpy(api_ua_auth,optarg);
				}
				else if(!strcmp(options[option_index].name, "api-dat-ua")) {
					api_ua_dat = (char *)malloc(strlen(optarg)+1);
					strcpy(api_ua_dat,optarg);
				}
				else if(!strcmp(options[option_index].name, "api-auth-xua")) {
					x_2ch_ua_auth = (char *)malloc(strlen(optarg)+11);
					sprintf(x_2ch_ua_auth,"X-2ch-UA: %s",optarg);
				}
				else if(!strcmp(options[option_index].name, "api-dat-xua")) {
					x_2ch_ua_dat = (char *)malloc(strlen(optarg)+11);
					sprintf(x_2ch_ua_dat,"X-2ch-UA: %s",optarg);
				}
				else if(!strcmp(options[option_index].name, "chunked")) {
					allow_chunked = 1;
				}
				else if(!strcmp(options[option_index].name, "verbose")) {
					verbosity = 1;
				}
				else if(!strcmp(options[option_index].name, "debug")) {
					verbosity = 5;
				}
				else if(!strcmp(options[option_index].name, "bbsmenu")) {
					bbsmenu_url = (char *)malloc(strlen(optarg)+1);
					strcpy(bbsmenu_url, optarg);
				}
				else if(!strcmp(options[option_index].name, "api-server")) {
					if(api_server) free(api_server);
					api_server = (char *)malloc(strlen(optarg)+1);
					strcpy(api_server, optarg);
				}
				else if(!strcmp(options[option_index].name, "bbscgi-header")) {
					char *ptr = strchr(optarg, ':');
					if(!ptr) break;
					char *header = (char *)malloc(ptr-optarg+1);
					memcpy(header,optarg,ptr-optarg);
					header[ptr-optarg] = 0;
					char *value = ptr+1;
					ptr = header+(ptr-optarg-1);
					while(*ptr == ' ') *ptr-- = 0;
					while(*value == ' ') value++;
					bbscgi_headers[header] = value;
					free(header);
				}
				else if(!strcmp(options[option_index].name, "bbscgi-postorder")) {
					const char *ptr = optarg;
					while(*ptr == ' ') ptr++;
					while(*ptr) {
						const char *end = strchr(ptr, ',');
						if(end) {
							const char *next = end + 1;
							if(end > ptr) {
								end--;
								while(*end == ' ' && end > ptr) end--;
								bbscgi_postorder.push_back(std::string(ptr, end-ptr+1));
							}
							ptr = next;
							while(*ptr == ' ') ptr++;
							continue;
						}
						end = strchr(ptr, 0);
						while(*end == ' ' && end > ptr) end--;
						if(end > ptr) bbscgi_postorder.push_back(std::string(ptr, end-ptr));
						break;
					}
				}
#ifdef USE_LUA
				else if(!strcmp(options[option_index].name, "bbscgi-lua")) {
					lua_script = (char *)malloc(strlen(optarg)+1);
					strcpy(lua_script, optarg);
				}
#endif
				else if(!strcmp(options[option_index].name, "gikofix")) {
					gikofix = 1;
				}
				else if(!strcmp(options[option_index].name, "api-usage")) {
					if(!strcmp(optarg, "read")) api_mode = 1;
					else if(!strcmp(optarg, "post")) api_mode = 2;
					else if(!strcmp(optarg, "postinclpink")) api_mode = 4;
					else if(!strcmp(optarg, "all")) api_mode = 3;
					else if(!strcmp(optarg, "allinclpink")) api_mode = 5;
					else {
						fprintf(stderr, "A value for --api-usage must be one of [read, post, postinclpink, all, allinclpink]\n");
						return -1;
					}
				}
#ifdef USE_MITM
				else if(!strcmp(options[option_index].name, "mitm")) {
					if(!strcmp(optarg, "minimal")) mitm_mode = 1;
					else if(!strcmp(optarg, "all")) mitm_mode = 2;
					else {
						fprintf(stderr, "A value for --mitm must be one of [minimal, all]\n");
						return -1;
					}
				}
				else if(!strcmp(options[option_index].name, "mitm-ca-cert")) {
					certpath = optarg;
				}
				else if(!strcmp(options[option_index].name, "mitm-ca-key")) {
					keypath = optarg;
				}
				else if(!strcmp(options[option_index].name, "mitm-certgen")) {
					BBS2chProxySecureSocket::generateAndPrintSelfSignedCertificate();
					return 0;
				}
#endif
				break;
			case 'p':
				listener.port = atoi(optarg);
				break;
			case 't':
				timeout = atoi(optarg);
				break;
			case 'a':
				user_agent = (char *)malloc(strlen(optarg)+1);
				strcpy(user_agent, optarg);
				break;
			case 'g':
				global = true;
				break;
			case 'c':
				accept_https = true;
				break;
			case '4':
				force_ipv4 = 1;
				break;
			case 'b':
				backlog = atoi(optarg);
				break;
			case 's':
				if((curl_features & CURL_VERSION_SSL) == 0) {
					fprintf(stderr,"Your libcurl doesn't support HTTPS; it does not work with -s option.\n");
					return -1;
				}
				if(strstr(data->ssl_version, "OpenSSL/0") || strstr(data->ssl_version, "OpenSSL/1.0") ||
				   (strstr(data->ssl_version, "LibreSSL/2") && !strstr(data->ssl_version, "LibreSSL/2.9"))) {
					fprintf(stderr,
						"WARNING: OpenSSL < 1.1.0 and LibreSSL < 2.9.0 aren't thread-safe without setting callbacks for mutex. "
						"It may cause unintended crashes when many requests are incoming at the same time.\n");
				}
				force_5chnet_https = 1;
				break;
			default:
				usage();
				return 0;
		}
	}
#ifdef USE_MITM
	if (mitm_mode) {
		if (!certpath || !keypath) {
			fprintf(stderr, "MITM is enabled but certificate and/or key is not given.\n");
			return -1;
		}
		if (BBS2chProxySecureSocket::initializeCerts(certpath, keypath) != 0) {
			fprintf(stderr, "MITM is enabled but given certificate and/or key is invalid.\n");
			return -1;
		}
		if (!accept_https) {
			fprintf(stderr, "WARNING: --mitm option is given but -c is not given. MITM mode is disabled.\n");
		}
	}
#endif
	log_printf(0, "Global User-Agent: %s\n",user_agent?user_agent:"n/a");
	if(appKey) {
		log_printf(0, "Use API for:");
		if (api_mode & 1) log_printf(0, " reading");
		if (api_mode & 2) log_printf(0, " posting");
		if (api_mode & 4) log_printf(0, " posting (including bbspink)");
		log_printf(0, "\n");
		if (api_mode & 1) {
			log_printf(0, "API gateway server: %s\n",api_server);
			log_printf(0, "User-Agent (for API authentication): %s\n",api_ua_auth?api_ua_auth:"");
			log_printf(0, "User-Agent (for API dat retrieving): %s\n",api_ua_dat?api_ua_dat:"");
			log_printf(0, "X-2ch-UA (for API authentication): %s\n",x_2ch_ua_auth?x_2ch_ua_auth+10:"");
			log_printf(0, "X-2ch-UA (for API dat retrieving): %s\n",x_2ch_ua_dat?x_2ch_ua_dat+10:"");
		}
	}
	if(!bbscgi_headers.empty()) {
		log_printf(0, "Custom headers for bbs.cgi:\n");
		for(std::map<std::string, std::string>::iterator it = bbscgi_headers.begin(); it!=bbscgi_headers.end(); it++) {
			log_printf(0, "  %s: %s\n", it->first.c_str(), it->second.c_str());
		}
	}
	if(lua_script) {
		log_printf(0, "Use Lua script %s for bbs.cgi request modification\n", lua_script);
	}
	if(proxy_server) {
		log_printf(0,"Use proxy %s:%ld for connection\n",proxy_server,proxy_port);
	}
	
#ifdef _WIN32
	WSADATA wsaData;
	if (WSAStartup(MAKEWORD(2, 0), &wsaData) == SOCKET_ERROR) {
		fprintf(stderr, "WSAStartup: error initializing WSA.\n");
		return -1;
	}
#endif
	
	listener.addr_listener.sin_family = AF_INET;
	if(global) listener.addr_listener.sin_addr.s_addr = INADDR_ANY;
	else listener.addr_listener.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
	listener.addr_listener.sin_port = htons(listener.port);
	
#ifdef _WIN32
	if ((listener.sock_listener = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, 0, 0)) == INVALID_SOCKET) {
		fprintf(stderr,"WSASocket: socket initialize error\n");
		return -1;
	}
#else
	if (-1 == (listener.sock_listener = socket(AF_INET, SOCK_STREAM, 0))) {
		perror("socket");
		return -1;
	}
#endif
	
	int optval=1;
	setsockopt(listener.sock_listener, SOL_SOCKET, SO_REUSEADDR, (char *)&optval, sizeof(optval));
#ifdef _WIN32
	optval = SO_SYNCHRONOUS_NONALERT;
	setsockopt(INVALID_SOCKET, SOL_SOCKET, SO_OPENTYPE, (char *)&optval, sizeof(optval));
#endif
	
	socklen_t addrlen = sizeof(listener.addr_listener);
	if (-1 == bind(listener.sock_listener, (struct sockaddr *)&listener.addr_listener, addrlen)) {
		perror("bind");
		return -1;
	}
	
	if (-1 == listen(listener.sock_listener, backlog)) {
		perror("listen");
		return -1;
	}
	
	if (-1 == getsockname(listener.sock_listener, (struct sockaddr *)&listener.addr_listener, &addrlen)) {
		perror("getsockname");
		return -1;
	}
	
#ifndef _WIN32
	signal( SIGPIPE , SIG_IGN );
#endif
	
	pthread_t thread_listener;
	if(0 != pthread_create(&thread_listener , NULL , listen , &listener))
		perror("pthread_create");
	pthread_join(thread_listener, NULL);
	return 0;
}