tunnelss 0.1.0

data/.gitignore

@@ -0,0 +1,2 @@
+/*.gem
+/Gemfile.lock

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in tunnels.gemspec
+gemspec

data/README.md

@@ -0,0 +1,77 @@
+# Tunnelss
+
+Tunnelss is a proxy from HTTPS to HTTP to help with web development over HTTPS.
+
+It's like the [tunnels gem](https://github.com/jugyo/tunnels) (sure, it's a fork), but it does more, since it makes your HTTPS recognized as valid by the browser!
+
+So now you can finally have a not-far-from-real SSL connection with Pow, with a minimum of efforts!
+
+## The Magic
+
+Tunnelss is a mix between the [tunnels gem](https://github.com/jugyo/tunnels) and the [powssl script](https://gist.github.com/paulnicholson/2050941).
+
+1. It builds a root-level certificate (a Certificate Authority) and registers it as a trusted root certificate (you will need to do it manually for Firefox).
+2. It generates a SSL certificate matching the Pow `.dev` domains.
+2. It runs an EventMachine server which acts as proxy from HTTPS to HTTP (just like tunnels), using the generated certificate so that your browser will not complain your SSL connection is not valid!
+
+## Why?
+
+Because:
+
+* setting up Nginx to do reverse-proxying for development is overkill,
+* you would have to add a Nginx config file each time you start a new project,
+* you like the `.dev` domains provided by Pow,
+* you want to run your app over SSL just like in production so that you can check the redirections,
+* working with external APIs over HTTPS, secured cookies and CORS seems really difficult if your SSL certificate is not valid (your browser may refuse to perform CORS requests),
+* your app server needs to know that the request was over HTTPS, even if it was proxied to HTTP (which the powssl script which uses Stud doesn't allow).
+
+## Disclaimer
+
+This gem is in early developments and has only been tested under MacOS X 10.8. It may not work in other environments, but feel free to submit pull requests if you make the necessary fixes.
+
+## Installation
+
+    $ gem install tunnelss
+
+If you're using rbenv:
+
+    $ rbenv rehash
+
+## Run
+
+    $ sudo tunnelss
+
+Don't worry, the first time you launch it it will generate a certificate and ask for your permission to add it to trusted authorities (see _The Magic_ above for more details).
+
+If you are using rvm:
+
+    $ rvmsudo tunnels
+
+By default, proxy to 80 port from 443 port.
+
+Specify HTTP port and HTTPS port with:
+
+    $ sudo tunnels 443 3000
+
+or
+
+    $ sudo tunnels 127.0.0.1:443 127.0.0.1:3000
+
+## History
+
+### 0.1.0
+
+Initial release based on tunnels 1.2.2.
+
+## Credits
+
+* [tunnels](https://github.com/jugyo/tunnels) from which most code comes
+* [powssl](https://gist.github.com/paulnicholson/2050941), a gist of Paul Nicholson which I translated to Ruby to perform Tunnelss certificate configuration based on Pow's.
+
+## Copyright
+
+[tunnelss](http://github.com/rchampourlier/tunnelss)
+Copyright (c) 2013 rchampourlier, released under the MIT license.
+
+[tunnels](https://github.com/jugyo/tunnels)
+Copyright (c) 2012 jugyo, released under the MIT license.

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/bin/tunnelss

@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+require 'tunnelss'
+unless ARGV.size == 0 || ARGV.size == 2
+  puts <<-D
+Usage:
+    tunnelss [from to]
+
+Examples:
+    tunnelss 443 3000
+    tunnelss localhost:443 localhost:3000
+
+  D
+  exit!
+end
+
+Tunnelss.run!(*ARGV)

data/generators/openssl.cnf

@@ -0,0 +1,37 @@
+[ ca ]
+default_ca      = CA_default
+
+[ CA_default ]
+dir              = --CA_DIR--
+certs            = $dir/certs
+crl_dir          = $dir/crl
+database         = $dir/index.txt
+unique_subject  = no
+new_certs_dir    = $dir/newcerts
+certificate      = $dir/cert.pem
+serial           = $dir/serial
+crlnumber        = $dir/crlnumber
+crl              = $dir/crl.pem
+private_key      = $dir/key.pem
+RANDFILE         = $dir/.rand
+default_days     = 365     # how long to certify for
+default_crl_days = 30      # how long before next CRL
+default_md       = sha1      # which md to use.
+x509_extensions  = usr_cert
+
+[ policy_anything ]
+countryName            = optional
+stateOrProvinceName    = optional
+localityName           = optional
+organizationName       = optional
+organizationalUnitName = optional
+commonName             = supplied
+emailAddress           = optional
+
+[ usr_cert ]
+basicConstraints       = CA:FALSE
+nsCertType             = server
+nsComment              = "OpenSSL Generated Certificate"
+subjectKeyIdentifier   = hash
+authorityKeyIdentifier = keyid,issuer
+subjectAltName         = --DOMAINS--

data/lib/tunnelss/configure_with_pow.rb

@@ -0,0 +1,118 @@
+require "pry"
+
+module Tunnelss::ConfigureWithPow
+
+  def configure_with_pow
+    build_or_update_certificate
+  end
+
+  def pow_present?
+    File.exists? pow_dir
+  end
+
+  private
+
+  def build_or_update_certificate
+    unless File.exists?(dir)
+      build_dir
+      build_ca
+      build_certificate
+    else
+      unless ca_exists?
+        build_ca
+        build_certificate
+      else
+        build_certificate if pow_domains_changed?
+      end
+    end
+  end
+
+  def build_dir
+    Dir.mkdir(dir)
+  end
+
+  def ca_exists?
+    File.exists?(ca_dir) and File.exists?("#{ca_dir}/key.pem") and File.exists?("#{ca_dir}/cert.pem")
+  end
+
+  def build_ca
+    FileUtils.rm_rf(ca_dir) if File.exists?(ca_dir)
+    Dir.mkdir(ca_dir)
+
+    puts "Creating SSL keypair for signing *.dev certificate"
+    system "openssl req -newkey rsa:2048 -batch -x509 -nodes -subj \"/C=US/O=Developer Certificate/CN=*.dev Domain CA\" -keyout #{ca_dir}/key.pem -out #{ca_dir}/cert.pem -days 9999 &> /dev/null"
+    puts "Adding certificate to login keychain as trusted."
+    system "security add-trusted-cert -d -r trustRoot -k #{ENV['HOME']}/Library/Keychains/login.keychain #{ca_dir}/cert.pem"
+    puts "================================================================================"
+    puts "To use the certificate without a warning in Firefox you must add the\n\"#{ca_dir}/cert.pem\" certificate to your Firefox root certificates."
+    puts "================================================================================"
+  end
+
+  def build_certificate
+    prepare_openssl_config
+
+    puts "Generating new *.dev certificate"
+    system "openssl req -newkey rsa:2048 -batch -nodes -subj \"/C=US/O=Developer Certificate/CN=*.dev\" -keyout #{dir}/key.pem -out #{dir}/csr.pem -days 9999 &> /dev/null"
+    puts "Signing *.dev certificate"
+    system "openssl ca -config #{ca_dir}/openssl.cnf -policy policy_anything -batch -days 9999 -out #{dir}/cert.pem -infiles #{dir}/csr.pem &> /dev/null"
+
+    # Build cert chain
+    system "cat #{dir}/cert.pem > #{dir}/server.crt"
+    system "cat #{ca_dir}/cert.pem >> #{dir}/server.crt"
+
+    write_pow_domains_to_cache
+
+    puts "Generated certificate for your Pow .dev domains."
+    true
+  end
+
+  def prepare_openssl_config
+    Dir.mkdir("#{ca_dir}/newcerts") unless File.exists?("#{ca_dir}/newcerts")
+    system "touch #{ca_dir}/index.txt"
+    File.open("#{ca_dir}/serial", 'w') {|f| f.puts '01'}
+    build_openssl_config_file
+  end
+
+  def build_openssl_config_file
+    openssl_conf = File.read(File.expand_path('../../../generators/openssl.cnf', __FILE__))
+    openssl_conf.gsub!('--CA_DIR--', ca_dir)
+    openssl_conf.gsub!('--DOMAINS--', pow_domains_str)
+    File.open("#{ca_dir}/openssl.cnf", "w") {|f| f.puts openssl_conf}
+  end
+
+  def dir
+    "#{ENV['HOME']}/.tunnelss"
+  end
+
+  def ca_dir
+    "#{dir}/ca"
+  end
+
+  def pow_domains_changed?
+    read_pow_domains_from_cache != pow_domains.join(',')
+  end
+
+  def read_pow_domains_from_cache
+    File.exists?(pow_domains_cache_file) ? File.read(pow_domains_cache_file).strip : ''
+  end
+
+  def write_pow_domains_to_cache
+    File.open(pow_domains_cache_file, 'w') {|f| f.puts pow_domains.join(',')}
+  end
+
+  def pow_domains_cache_file
+    "#{dir}/pow_domains"
+  end
+
+  def pow_domains
+    @pow_domains ||= Dir["#{pow_dir}/*"].collect {|f| File.basename(f)}
+  end
+
+  def pow_domains_str
+    pow_domains.map {|d| "DNS:#{d},DNS:*.#{d}.dev"}.join(',')
+  end
+
+  def pow_dir
+    "#{ENV['HOME']}/.pow"
+  end
+end

data/lib/tunnelss/version.rb

@@ -0,0 +1,3 @@
+module Tunnelss
+  VERSION = "0.1.0"
+end

data/lib/tunnelss.rb

@@ -0,0 +1,137 @@
+require "tunnelss/version"
+require "tunnelss/configure_with_pow"
+require "eventmachine"
+
+# [Tunnels](http://github.com/rchampourlier/tunnelss)
+#
+# LICENSE
+#
+# MIT License
+#
+# COPYRIGHTS / CREDITS
+#
+# Most of the code is from [tunnels](https://github.com/jugyo/tunnels) which was a simpler
+# version designed to tunnel HTTPS to HTTP, without performing automatic certificate
+# configuration.
+#
+# [tunnels](https://github.com/jugyo/tunnels)
+# Copyright (c) 2012 jugyo, released under the MIT license.
+#
+# TUNNELS COPYRIGHTS / CREDITS
+#
+# Most of code is from [thin-glazed](https://github.com/freelancing-god/thin-glazed).
+# Copyright © 2012, Thin::Glazed was a Rails Camp New Zealand project, and is developed
+# and maintained by Pat Allan. It is released under the open MIT Licence.
+
+module Tunnelss
+  extend ConfigureWithPow
+
+  def self.run!(from = '127.0.0.1:443', to = '127.0.0.1:80')
+    configure_with_pow if pow_present?
+
+    from_host, from_port = parse_host_str(from)
+    to_host, to_port = parse_host_str(to)
+    puts "#{from_host}:#{from_port} --(--)--> #{to_host}:#{to_port}"
+
+    EventMachine.run do
+      EventMachine.start_server(from_host, from_port, HttpsProxy, to_port)
+      puts "Ready :)"
+    end
+  rescue => e
+    puts e.message
+    puts "Maybe you should run on `sudo`"
+  end
+
+  def self.parse_host_str(str)
+    raise ArgumentError, 'arg must not be empty' if str.empty?
+    parts = str.split(':')
+    if parts.size == 1
+      ['127.0.0.1', parts[0].to_i]
+    else
+      [parts[0], parts[1].to_i]
+    end
+  end
+
+  class HttpClient < EventMachine::Connection
+    attr_reader :proxy
+
+    def initialize(proxy)
+      @proxy     = proxy
+      @connected = EventMachine::DefaultDeferrable.new
+    end
+
+    def connection_completed
+      @connected.succeed
+    end
+
+    def receive_data(data)
+      proxy.relay_from_client(data)
+    end
+
+    def send(data)
+      @connected.callback { send_data data }
+    end
+
+    def unbind
+      proxy.unbind_client
+    end
+  end
+
+  class HttpProxy < EventMachine::Connection
+    attr_reader :client_port
+
+    def initialize(client_port)
+      @client_port = client_port
+    end
+
+    def receive_data(data)
+      client.send_data data unless data.nil?
+    end
+
+    def relay_from_client(data)
+      send_data data unless data.nil?
+    end
+
+    def unbind
+      client.close_connection
+      @client = nil
+    end
+
+    def unbind_client
+      close_connection_after_writing
+      @client = nil
+    end
+
+    private
+
+    def client
+      @client ||= EventMachine.connect '127.0.0.1', client_port, HttpClient, self
+    end
+  end
+
+  class HttpsProxy < HttpProxy
+    include ConfigureWithPow
+
+    def post_init
+      if pow_present?
+        start_tls(:private_key_file => "#{dir}/key.pem", :cert_chain_file => "#{dir}/server.crt", :verify_peer => false)
+      else
+        start_tls
+      end
+    end
+
+    def relay_from_client(data)
+      super
+      @x_forwarded_proto_header_inserted = false
+    end
+
+    def receive_data(data)
+      if !@x_forwarded_proto_header_inserted && data =~ /\r\n\r\n/
+        super data.gsub(/\r\n\r\n/, "\r\nX_FORWARDED_PROTO: https\r\n\r\n")
+        @x_forwarded_proto_header_inserted = true
+      else
+        super
+      end
+    end
+  end
+end

data/script/console

@@ -0,0 +1,22 @@
+#!/usr/bin/env ruby
+
+project_dir = File.expand_path(File.join(File.dirname(__FILE__), '..'))
+$LOAD_PATH.unshift File.join(project_dir, 'lib')
+
+require 'tunnelss'
+
+# prevent STDOUT & STDERR to be reopened (apps do this to be able to log under Passenger)
+def STDOUT.reopen(*args); end
+def STDERR.reopen(*args); end
+
+begin
+  require "pry"
+  Interpreter = Pry
+rescue LoadError
+  require "irb"
+  require "irb/completion"
+  Interpreter = IRB
+end
+
+# START
+Interpreter.start

data/spec/spec_helper.rb

@@ -0,0 +1,6 @@
+require 'rspec'
+require 'tunnelss'
+
+RSpec.configure do |config|
+  config.mock_with :rr
+end

data/spec/tunnelss_spec.rb

@@ -0,0 +1,24 @@
+require 'spec_helper'
+
+# to stub
+def EventMachine.run(&block)
+  block.call
+end
+
+describe Tunnelss do
+  describe '.run!' do
+    context 'with no args' do
+      it 'works' do
+        mock(EventMachine).start_server('127.0.0.1', 443, Tunnelss::HttpsProxy, 80)
+        Tunnelss.run!
+      end
+    end
+
+    context 'with args' do
+      it 'works' do
+        mock(EventMachine).start_server('127.0.0.1', 443, Tunnelss::HttpsProxy, 80)
+        Tunnelss.run!('127.0.0.1:443', '127.0.0.1:80')
+      end
+    end
+  end
+end

data/tunnelss.gemspec

@@ -0,0 +1,26 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "tunnelss/version"
+
+Gem::Specification.new do |s|
+  s.name        = "tunnelss"
+  s.version     = Tunnelss::VERSION
+  s.authors     = ["rchampourlier"]
+  s.email       = ["romain@softr.li"]
+  s.homepage    = "https://github.com/rchampourlier/tunnelss"
+  s.summary     = %q{Pow + SSL, automated}
+  s.description = %q{This tunnels HTTPS to HTTP and configures itself using Pow's config.}
+
+  s.rubyforge_project = "tunnelss"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  s.add_development_dependency "rspec"
+  s.add_development_dependency "rr"
+  s.add_development_dependency "pry"
+  s.add_development_dependency "pry-debugger"
+  s.add_runtime_dependency "eventmachine"
+end

metadata

@@ -0,0 +1,141 @@
+--- !ruby/object:Gem::Specification
+name: tunnelss
+version: !ruby/object:Gem::Version
+  prerelease: 
+  version: 0.1.0
+platform: ruby
+authors:
+- rchampourlier
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-08-12 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+    none: false
+  name: rspec
+  type: :development
+  prerelease: false
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+    none: false
+- !ruby/object:Gem::Dependency
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+    none: false
+  name: rr
+  type: :development
+  prerelease: false
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+    none: false
+- !ruby/object:Gem::Dependency
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+    none: false
+  name: pry
+  type: :development
+  prerelease: false
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+    none: false
+- !ruby/object:Gem::Dependency
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+    none: false
+  name: pry-debugger
+  type: :development
+  prerelease: false
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+    none: false
+- !ruby/object:Gem::Dependency
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+    none: false
+  name: eventmachine
+  type: :runtime
+  prerelease: false
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+    none: false
+description: This tunnels HTTPS to HTTP and configures itself using Pow's config.
+email:
+- romain@softr.li
+executables:
+- tunnelss
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- README.md
+- Rakefile
+- bin/tunnelss
+- generators/openssl.cnf
+- lib/tunnelss.rb
+- lib/tunnelss/configure_with_pow.rb
+- lib/tunnelss/version.rb
+- script/console
+- spec/spec_helper.rb
+- spec/tunnelss_spec.rb
+- tunnelss.gemspec
+homepage: https://github.com/rchampourlier/tunnelss
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+  none: false
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+  none: false
+requirements: []
+rubyforge_project: tunnelss
+rubygems_version: 1.8.23
+signing_key: 
+specification_version: 3
+summary: Pow + SSL, automated
+test_files:
+- spec/spec_helper.rb
+- spec/tunnelss_spec.rb