fix: don't log/leak session ids

jsiebens · Jan 22, 2023 · 09bf225 · 09bf225
1 parent ac8d101
commit 09bf225
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 20 deletions.
diff --git a/internal/client/client.go b/internal/client/client.go
@@ -334,11 +334,6 @@ func (c *Client) openOrShowAuthUrl(sn *api.SessionTokenResponse) {
 	}
 }
 
-func (c *Client) declineAll(network, address string) bool {
-	logrus.WithField("network", network).WithField("addr", address).Info("Connection declined")
-	return false
-}
-
 type serverError struct {
 	code    int
 	message string

diff --git a/internal/proxy/server.go b/internal/proxy/server.go
@@ -191,25 +191,25 @@ func (s *Server) checkSessionToken(c echo.Context) error {
 func (s *Server) connect(c echo.Context) error {
 	req := c.Request()
 	ctx := req.Context()
-	clientId := req.Header.Get(api.IdHeader)
-	clientAuth := req.Header.Get(api.AuthHeader)
+	sessionId := req.Header.Get(api.IdHeader)
+	sessionAuth := req.Header.Get(api.AuthHeader)
 
-	if clientId == "" || clientAuth == "" {
+	if sessionId == "" || sessionAuth == "" {
 		return echo.NewHTTPError(http.StatusBadRequest, "missing id and/or auth header")
 	}
 
 	var se = session{}
 
-	defer s.sessions.Delete(clientId)
-	if ok, err := s.sessions.Get(clientId, &se); err != nil || !ok {
+	defer s.sessions.Delete(sessionId)
+	if ok, err := s.sessions.Get(sessionId, &se); err != nil || !ok {
 		return echo.NewHTTPError(http.StatusBadRequest, "invalid id")
 	}
 
 	privateKey := se.PrivateKey
 	publicKey := s.sessionRegistry.GetPublicKey()
 
 	var u = &api.SessionToken{}
-	if err := privateKey.OpenBase58(publicKey, clientAuth, u); err != nil {
+	if err := privateKey.OpenBase58(publicKey, sessionAuth, u); err != nil {
 		return echo.NewHTTPError(http.StatusUnauthorized, "invalid token")
 	}
 
@@ -228,8 +228,10 @@ func (s *Server) connect(c echo.Context) error {
 		return err
 	}
 
+	sid := util.GenerateSessionId()
+
 	logrus.
-		WithField("_cid", clientId).
+		WithField("_sid", sid).
 		WithField("id", u.UserID).
 		WithField("name", u.Username).
 		WithField("email", u.Email).
@@ -253,30 +255,30 @@ func (s *Server) connect(c echo.Context) error {
 			}
 
 			go func(src net.Conn) {
-				id := util.GenerateSessionId()
+				cid := util.GenerateSessionId()
 
 				defer src.Close()
 				dst, err := net.Dial("tcp", u.Target)
 				if err != nil {
 					logrus.
-						WithField("_cid", clientId).
-						WithField("_sid", id).
+						WithField("_sid", sid).
+						WithField("_cid", cid).
 						Errorf("error dialing %s %s", u.Target, err.Error())
 					return
 				}
 				defer dst.Close()
 
 				start := time.Now()
 				logrus.
-					WithField("_cid", clientId).
-					WithField("_sid", id).
+					WithField("_sid", sid).
+					WithField("_cid", cid).
 					Info("connection accepted")
 
 				util.Pipe(src, dst)
 
 				logrus.
-					WithField("_cid", clientId).
-					WithField("_sid", id).
+					WithField("_sid", sid).
+					WithField("_cid", cid).
 					WithField("duration", time.Since(start)).
 					Info("connection closed")
 			}(src)
@@ -289,7 +291,7 @@ func (s *Server) connect(c echo.Context) error {
 	}
 
 	logrus.
-		WithField("_cid", clientId).
+		WithField("_sid", sid).
 		Info("client disconnected")
 
 	return nil