Revert "feat: fix config"

This reverts commit c69c5b5cd7.

.github/workflows/release-tag-version.yml

@@ -0,0 +1,49 @@
+name: release-tag-version
+
+on:
+  push:
+    tags:
+      - "v*"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write # to publish to ghcr.io
+    steps:
+      - uses: actions/checkout@v4
+      - run: git fetch --unshallow --quiet --tags --force
+      - uses: docker/setup-qemu-action@v3
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/metadata-action@v5
+        id: meta
+        with:
+          images: |-
+            ghcr.io/rayzggz/server_torii
+          # this will generate tags in the following format:
+          # latest
+          # 1
+          # 1.2
+          # 1.2.3
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}
+            type=semver,pattern={{major}}.{{minor}}
+      - name: Login to GHCR using PAT
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: build rootful docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

Dockerfile

@@ -0,0 +1,32 @@
+ARG ALPINE_VERSION=3.21
+ARG GO_VERSION=1.23.5
+ARG AUTHOR=Rayzggz
+ARG SERVER_NAME=server_torii
+
+FROM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS builder
+
+ARG ALPINE_VERSION
+ARG GO_VERSION
+ARG SERVER_NAME
+ARG TARGETOS
+ARG TARGETARCH
+
+WORKDIR /app
+
+COPY . .
+
+RUN set -eux; \
+    TARGETOS=${TARGETOS:-linux}; \
+    TARGETARCH=${TARGETARCH:-amd64}; \
+    echo "Building for TARGETOS=${TARGETOS} TARGETARCH=${TARGETARCH}"; \
+    go mod tidy; \
+    CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -ldflags="-s -w" -o /app/${SERVER_NAME}
+
+FROM alpine:${ALPINE_VERSION} AS final
+
+ARG SERVER_NAME
+
+COPY --from=builder /app/${SERVER_NAME} /app/${SERVER_NAME}
+
+EXPOSE 25555
+ENTRYPOINT ["/app/server_torii"]

config_example/rules/CAPTCHA.yml

@@ -0,0 +1,4 @@
+secret_key: "0378b0f84c4310279918d71a5647ba5d"
+captcha_validate_time: 600
+captcha_challenge_session_timeout: 120
+hcaptcha_secret: ""

config_example/rules/HTTPFlood.yml

@@ -0,0 +1,4 @@
+HTTPFloodSpeedLimit:
+  - "150/10s"
+HTTPFloodSameURILimit:
+  - "50/10s"

config_example/rules/Server.yml

@@ -1,22 +0,0 @@
-CAPTCHA:
-  secret_key: "0378b0f84c4310279918d71a5647ba5d"
-  captcha_validate_time: 600
-  captcha_challenge_session_timeout: 120
-  hcaptcha_secret: ""
-HTTPFlood:
-  HTTPFloodSpeedLimit:
-    - "150/10s"
-  HTTPFloodSameURILimit:
-    - "50/10s"
-VerifyBot:
-  verify_google_bot: true
-  verify_bing_bot: true
-  verify_baidu_bot: true
-  verify_yandex_bot: true
-  verify_sogou_bot: true
-  verify_apple_bot: true
-ExternalMigration:
-  enabled: false
-  redirect_url: "https://example.com/migration"
-  secret_key: "0378b0f84c4310279918d71a5647ba5d"
-  session_timeout: 1800

config_example/rules/VerifyBot.yml

@@ -0,0 +1,6 @@
+verify_google_bot: true
+verify_bing_bot: true
+verify_baidu_bot: true
+verify_yandex_bot: true
+verify_sogou_bot: true
+verify_apple_bot: true

internal/check/ExternalMigration.go

@@ -1,103 +0,0 @@
-package check
-
-import (
-	"crypto/hmac"
-	"crypto/sha512"
-	"fmt"
-	"server_torii/internal/action"
-	"server_torii/internal/config"
-	"server_torii/internal/dataType"
-	"server_torii/internal/utils"
-	"strconv"
-	"strings"
-	"time"
-)
-
-func ExternalMigration(reqData dataType.UserRequest, ruleSet *config.RuleSet, decision *action.Decision, sharedMem *dataType.SharedMemory) {
-	if !ruleSet.ExternalMigrationRule.Enabled {
-		decision.Set(action.Continue)
-		return
-	}
-
-	if !verifyExternalMigrationClearanceCookie(reqData, *ruleSet) {
-		decision.SetResponse(action.Done, []byte("EXTERNAL"), genExternalMigrationSessionID(reqData, *ruleSet))
-		return
-	}
-
-	decision.Set(action.Continue)
-}
-
-func GenExternalMigrationClearance(reqData dataType.UserRequest, ruleSet config.RuleSet) []byte {
-	timeNow := time.Now().Unix()
-	mac := hmac.New(sha512.New, []byte(ruleSet.ExternalMigrationRule.SecretKey))
-	mac.Write([]byte(fmt.Sprintf("%d%s%sEXTERNAL-CLEARANCE", timeNow, reqData.Host, utils.GetClearanceUserAgent(reqData.UserAgent))))
-	return []byte(fmt.Sprintf("%s:%s", fmt.Sprintf("%d", time.Now().Unix()), fmt.Sprintf("%x", mac.Sum(nil))))
-}
-
-func verifyExternalMigrationClearanceCookie(reqData dataType.UserRequest, ruleSet config.RuleSet) bool {
-	if reqData.ToriiClearance == "" {
-		return false
-	}
-	parts := strings.Split(reqData.ToriiClearance, ":")
-	if len(parts) != 2 {
-		return false
-	}
-	timestamp := parts[0]
-	expectedHash := parts[1]
-
-	timeNow := time.Now().Unix()
-	parsedTimestamp, err := strconv.ParseInt(timestamp, 10, 64)
-	if err != nil {
-		utils.LogError(reqData, "", fmt.Sprintf("Error parsing timestamp: %v", err))
-		return false
-	}
-
-	if timeNow-parsedTimestamp > ruleSet.ExternalMigrationRule.SessionTimeout {
-		return false
-	}
-
-	mac := hmac.New(sha512.New, []byte(ruleSet.ExternalMigrationRule.SecretKey))
-	mac.Write([]byte(fmt.Sprintf("%d%s%sEXTERNAL-CLEARANCE", parsedTimestamp, reqData.Host, utils.GetClearanceUserAgent(reqData.UserAgent))))
-	computedHash := fmt.Sprintf("%x", mac.Sum(nil))
-
-	return hmac.Equal([]byte(computedHash), []byte(expectedHash))
-
-}
-
-func genExternalMigrationSessionID(reqData dataType.UserRequest, ruleSet config.RuleSet) []byte {
-	timeNow := time.Now().Unix()
-	mac := hmac.New(sha512.New, []byte(ruleSet.ExternalMigrationRule.SecretKey))
-	mac.Write([]byte(fmt.Sprintf("%d%s%sEXTERNAL-SESSION", timeNow, reqData.Host, utils.GetClearanceUserAgent(reqData.UserAgent))))
-	return []byte(fmt.Sprintf("%s:%s", fmt.Sprintf("%d", time.Now().Unix()), fmt.Sprintf("%x", mac.Sum(nil))))
-}
-
-func VerifyExternalMigrationSessionIDCookie(reqData dataType.UserRequest, ruleSet config.RuleSet) bool {
-	if reqData.ToriiSessionID == "" {
-		return false
-	}
-	parts := strings.Split(reqData.ToriiSessionID, ":")
-	if len(parts) != 2 {
-		return false
-	}
-	timestamp := parts[0]
-	expectedHash := parts[1]
-
-	parsedTimestamp, err := strconv.ParseInt(timestamp, 10, 64)
-	if err != nil {
-		utils.LogError(reqData, "", fmt.Sprintf("Error parsing timestamp: %v", err))
-		return false
-	}
-
-	mac := hmac.New(sha512.New, []byte(ruleSet.ExternalMigrationRule.SecretKey))
-	mac.Write([]byte(fmt.Sprintf("%d%s%sEXTERNAL-SESSION", parsedTimestamp, reqData.Host, utils.GetClearanceUserAgent(reqData.UserAgent))))
-	computedHash := fmt.Sprintf("%x", mac.Sum(nil))
-
-	return hmac.Equal([]byte(computedHash), []byte(expectedHash))
-
-}
-
-func CalculateExternalMigrationHMAC(sessionID, timestampStr, secretKey string) string {
-	mac := hmac.New(sha512.New, []byte(secretKey))
-	mac.Write([]byte(fmt.Sprintf("%s%s", sessionID, timestampStr)))
-	return fmt.Sprintf("%x", mac.Sum(nil))
-}

internal/config/config.go

@@ -2,7 +2,6 @@ package config
 
 import (
 	"bufio"
-	"fmt"
 	"gopkg.in/yaml.v3"
 	"net"
 	"os"
@@ -28,20 +27,6 @@ type MainConfig struct {
 
 // LoadMainConfig Read the configuration file and return the configuration object
 func LoadMainConfig(basePath string) (*MainConfig, error) {
-
-	defaultCfg := MainConfig{
-		Port:                           "25555",
-		WebPath:                        "/torii",
-		RulePath:                       "/www/server_torii/config/rules",
-		ErrorPage:                      "/www/server_torii/config/error_page",
-		LogPath:                        "/www/server_torii/log/",
-		NodeName:                       "Server Torii",
-		ConnectingHostHeaders:          []string{"Torii-Real-Host"},
-		ConnectingIPHeaders:            []string{"Torii-Real-IP"},
-		ConnectingURIHeaders:           []string{"Torii-Original-URI"},
-		ConnectingCaptchaStatusHeaders: []string{"Torii-Captcha-Status"},
-	}
-
 	exePath, err := os.Executable()
 	if err != nil {
 		return nil, err
@@ -53,12 +38,12 @@ func LoadMainConfig(basePath string) (*MainConfig, error) {
 
 	data, err := os.ReadFile(configPath)
 	if err != nil {
-		return &defaultCfg, err
+		return nil, err
 	}
 
 	var cfg MainConfig
 	if err := yaml.Unmarshal(data, &cfg); err != nil {
-		return &defaultCfg, err
+		return nil, err
 	}
 
 	return &cfg, nil
@@ -73,20 +58,6 @@ type RuleSet struct {
 	CAPTCHARule   *dataType.CaptchaRule
 	VerifyBotRule *dataType.VerifyBotRule
 	HTTPFloodRule *dataType.HTTPFloodRule
-	ExternalMigrationRule *dataType.ExternalMigrationRule
-}
-
-// ruleSetWrapper
-type ruleSetWrapper struct {
-	CAPTCHARule           *dataType.CaptchaRule           `yaml:"CAPTCHA"`
-	VerifyBotRule         *dataType.VerifyBotRule         `yaml:"VerifyBot"`
-	HTTPFloodRule         httpFloodRuleWrapper            `yaml:"HTTPFlood"`
-	ExternalMigrationRule *dataType.ExternalMigrationRule `yaml:"ExternalMigration"`
-}
-
-type httpFloodRuleWrapper struct {
-	HTTPFloodSpeedLimit   []string `yaml:"HTTPFloodSpeedLimit"`
-	HTTPFloodSameURILimit []string `yaml:"HTTPFloodSameURILimit"`
 }
 
 // LoadRules Load all rules from the specified path
@@ -99,82 +70,76 @@ func LoadRules(rulePath string) (*RuleSet, error) {
 		CAPTCHARule:   &dataType.CaptchaRule{},
 		VerifyBotRule: &dataType.VerifyBotRule{},
 		HTTPFloodRule: &dataType.HTTPFloodRule{},
-		ExternalMigrationRule: &dataType.ExternalMigrationRule{},
 	}
 
 	// Load IP Allow List
-	ipAllowFile := filepath.Join(rulePath, "/IP_AllowList.conf")
+	ipAllowFile := rulePath + "/IP_AllowList.conf"
 	if err := loadIPRules(ipAllowFile, rs.IPAllowTrie); err != nil {
 		return nil, err
 	}
 
 	// Load IP Block List
-	ipBlockFile := filepath.Join(rulePath, "/IP_BlockList.conf")
+	ipBlockFile := rulePath + "/IP_BlockList.conf"
 	if err := loadIPRules(ipBlockFile, rs.IPBlockTrie); err != nil {
 		return nil, err
 	}
 
 	// Load URL Allow List
-	urlAllowFile := filepath.Join(rulePath, "/URL_AllowList.conf")
+	urlAllowFile := rulePath + "/URL_AllowList.conf"
 	if err := loadURLRules(urlAllowFile, rs.URLAllowList); err != nil {
 		return nil, err
 	}
 
 	// Load URL Block List
-	urlBlockFile := filepath.Join(rulePath, "/URL_BlockList.conf")
+	urlBlockFile := rulePath + "/URL_BlockList.conf"
 	if err := loadURLRules(urlBlockFile, rs.URLBlockList); err != nil {
 		return nil, err
 	}
 
-	YAMLFile := filepath.Join(rulePath, "Server.yml")
-	set, err := loadServerRules(YAMLFile, rs)
-	if err != nil {
-		return set, err
+	// Load CAPTCHA Rule
+	captchaFile := rulePath + "/CAPTCHA.yml"
+	if err := loadCAPTCHARule(captchaFile, rs.CAPTCHARule); err != nil {
+		return nil, err
+	}
+
+	// Load Verify Bot Rule
+	verifyBotFile := rulePath + "/VerifyBot.yml"
+	if err := loadVerifyBotRule(verifyBotFile, rs.VerifyBotRule); err != nil {
+		return nil, err
+	}
+
+	// Load HTTP Flood Rule
+	httpFloodFile := rulePath + "/HTTPFlood.yml"
+	if err := loadHTTPFloodRule(httpFloodFile, rs.HTTPFloodRule); err != nil {
+		return nil, err
 	}
 
 	return &rs, nil
 }
 
-func loadServerRules(YAMLFile string, rs RuleSet) (*RuleSet, error) {
-	yamlData, err := os.ReadFile(YAMLFile)
+func loadCAPTCHARule(file string, rule *dataType.CaptchaRule) error {
+	data, err := os.ReadFile(file)
 	if err != nil {
-		if os.IsNotExist(err) {
-			return nil, fmt.Errorf("[ERROR] rules file %s does not exist: %w", YAMLFile, err)
-		} else {
-			return nil, fmt.Errorf("[ERROR] failed to read rules file %s: %w", YAMLFile, err)
-		}
+		return err
 	}
 
-	var wrapper ruleSetWrapper
-	if err := yaml.Unmarshal(yamlData, &wrapper); err != nil {
-		return nil, fmt.Errorf("[ERROR] failed to parse rules file %s: %w", YAMLFile, err)
+	if err := yaml.Unmarshal(data, &rule); err != nil {
+		return err
 	}
 
-	*rs.CAPTCHARule = *wrapper.CAPTCHARule
-	*rs.VerifyBotRule = *wrapper.VerifyBotRule
-	if wrapper.ExternalMigrationRule != nil {
-		*rs.ExternalMigrationRule = *wrapper.ExternalMigrationRule
+	return nil
+
 }
 
-	rs.HTTPFloodRule.HTTPFloodSpeedLimit = make(map[int64]int64)
-	rs.HTTPFloodRule.HTTPFloodSameURILimit = make(map[int64]int64)
-
-	for _, s := range wrapper.HTTPFloodRule.HTTPFloodSpeedLimit {
-		limit, seconds, err := utils.ParseRate(s)
+func loadVerifyBotRule(file string, rule *dataType.VerifyBotRule) error {
+	data, err := os.ReadFile(file)
 	if err != nil {
-			return nil, err
+		return err
 	}
-		rs.HTTPFloodRule.HTTPFloodSpeedLimit[seconds] = limit
+	if err := yaml.Unmarshal(data, &rule); err != nil {
+		return err
 	}
-
-	for _, s := range wrapper.HTTPFloodRule.HTTPFloodSameURILimit {
-		limit, seconds, err := utils.ParseRate(s)
-		if err != nil {
-			return nil, err
-		}
-		rs.HTTPFloodRule.HTTPFloodSameURILimit[seconds] = limit
-	}
-	return nil, nil
+	return nil
 }
 
 // loadIPRules read the IP rule file and insert the rules into the trie
@@ -252,3 +217,43 @@ func loadURLRules(filePath string, list *dataType.URLRuleList) error {
 
 	return scanner.Err()
 }
+
+func loadHTTPFloodRule(file string, rule *dataType.HTTPFloodRule) error {
+	data, err := os.ReadFile(file)
+	if err != nil {
+		return err
+	}
+
+	type httpFloodRuleYAML struct {
+		HTTPFloodSpeedLimit   []string `yaml:"HTTPFloodSpeedLimit"`
+		HTTPFloodSameURILimit []string `yaml:"HTTPFloodSameURILimit"`
+	}
+
+	var ymlRule httpFloodRuleYAML
+	err = yaml.Unmarshal(data, &ymlRule)
+	if err != nil {
+		return err
+	}
+
+	rule.HTTPFloodSpeedLimit = make(map[int64]int64)
+	rule.HTTPFloodSameURILimit = make(map[int64]int64)
+
+	for _, s := range ymlRule.HTTPFloodSpeedLimit {
+		limit, seconds, err := utils.ParseRate(s)
+		if err != nil {
+			return err
+		}
+		rule.HTTPFloodSpeedLimit[seconds] = limit
+	}
+
+	for _, s := range ymlRule.HTTPFloodSameURILimit {
+		limit, seconds, err := utils.ParseRate(s)
+		if err != nil {
+			return err
+		}
+		rule.HTTPFloodSameURILimit[seconds] = limit
+	}
+
+	return nil
+
+}

internal/dataType/type.go

@@ -31,13 +31,6 @@ type HTTPFloodRule struct {
 	HTTPFloodSameURILimit map[int64]int64
 }
 
-type ExternalMigrationRule struct {
-	Enabled        bool   `yaml:"enabled"`
-	RedirectUrl    string `yaml:"redirect_url"`
-	SecretKey      string `yaml:"secret_key"`
-	SessionTimeout int64  `yaml:"session_timeout"`
-}
-
 type SharedMemory struct {
 	HTTPFloodSpeedLimitCounter   *Counter
 	HTTPFloodSameURILimitCounter *Counter

internal/server/checker.go

@@ -25,7 +25,6 @@ func CheckMain(w http.ResponseWriter, userRequestData dataType.UserRequest, rule
 	checkFuncs = append(checkFuncs, check.URLBlockList)
 	checkFuncs = append(checkFuncs, check.VerifyBot)
 	checkFuncs = append(checkFuncs, check.HTTPFlood)
-	checkFuncs = append(checkFuncs, check.ExternalMigration)
 	checkFuncs = append(checkFuncs, check.Captcha)
 
 	for _, checkFunc := range checkFuncs {
@@ -107,11 +106,6 @@ func CheckMain(w http.ResponseWriter, userRequestData dataType.UserRequest, rule
 			return
 		}
 
-	} else if bytes.Compare(decision.HTTPCode, []byte("EXTERNAL")) == 0 {
-		w.Header().Set("Set-Cookie", "__torii_sessionid="+string(decision.ResponseData)+"; Path=/;  Max-Age=86400; Priority=High; HttpOnly; SameSite=Lax")
-		w.Header().Set("Location", ruleSet.ExternalMigrationRule.RedirectUrl+"?domain="+userRequestData.Host+"&session_id="+string(decision.ResponseData)+"&original_uri="+userRequestData.Uri)
-		w.WriteHeader(http.StatusFound)
-		return
 	} else {
 		//should never happen
 		utils.LogError(userRequestData, fmt.Sprintf("Error access in wrong state: %v", decision), "CheckMain")

internal/server/torii.go

@@ -2,7 +2,6 @@ package server
 
 import (
 	"bytes"
-	"crypto/hmac"
 	"html/template"
 	"net/http"
 	"server_torii/internal/action"
@@ -10,7 +9,6 @@ import (
 	"server_torii/internal/config"
 	"server_torii/internal/dataType"
 	"server_torii/internal/utils"
-	"strconv"
 	"time"
 )
 
@@ -22,8 +20,6 @@ func CheckTorii(w http.ResponseWriter, r *http.Request, reqData dataType.UserReq
 		check.CheckCaptcha(r, reqData, ruleSet, decision)
 	} else if reqData.Uri == cfg.WebPath+"/health_check" {
 		decision.SetResponse(action.Done, []byte("200"), []byte("ok"))
-	} else if reqData.Uri == cfg.WebPath+"/external_migration" {
-		handleExternalMigration(w, r, reqData, ruleSet, decision)
 	}
 	if bytes.Compare(decision.HTTPCode, []byte("200")) == 0 {
 		if bytes.Compare(decision.ResponseData, []byte("ok")) == 0 {
@@ -92,44 +88,3 @@ func CheckTorii(w http.ResponseWriter, r *http.Request, reqData dataType.UserReq
 		}
 	}
 }
-
-func handleExternalMigration(w http.ResponseWriter, r *http.Request, data dataType.UserRequest, set *config.RuleSet, decision *action.Decision) {
-	if !set.ExternalMigrationRule.Enabled {
-		decision.SetResponse(action.Done, []byte("200"), []byte("bad"))
-		return
-	}
-
-	originalURI := r.URL.Query().Get("original_uri")
-	timestampStr := r.URL.Query().Get("timestamp")
-	hmacParam := r.URL.Query().Get("hmac")
-
-	if timestampStr == "" || hmacParam == "" {
-		decision.SetResponse(action.Done, []byte("200"), []byte("bad"))
-		return
-	}
-
-	timestamp, err := strconv.ParseInt(timestampStr, 10, 64)
-	if err != nil {
-		decision.SetResponse(action.Done, []byte("200"), []byte("bad"))
-		return
-	}
-
-	currentTime := time.Now().Unix()
-	if currentTime-timestamp > set.ExternalMigrationRule.SessionTimeout {
-		decision.SetResponse(action.Done, []byte("200"), []byte("bad"))
-		return
-	}
-
-	if !check.VerifyExternalMigrationSessionIDCookie(data, *set) {
-		decision.SetResponse(action.Done, []byte("200"), []byte("badSession"))
-		return
-	}
-
-	expectedHMAC := check.CalculateExternalMigrationHMAC(data.ToriiSessionID, timestampStr, set.ExternalMigrationRule.SecretKey)
-	if !hmac.Equal([]byte(expectedHMAC), []byte(hmacParam)) {
-		decision.SetResponse(action.Done, []byte("200"), []byte("bad"))
-		return
-	}
-
-	decision.SetResponse(action.Continue, []byte("302"), []byte(originalURI))
-}

main.go

@@ -27,7 +27,7 @@ func main() {
 	// Load MainConfig
 	cfg, err := config.LoadMainConfig(basePath)
 	if err != nil {
-		log.Printf("[ERROR] Load config failed: %v. Using default config.", err)
+		log.Fatalf("Load config failed: %v", err)
 	}
 
 	// Load rules