ospab
/
ostp
mirror of https://github.com/ospab/ostp.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: use POST and Content-Length in UoT to prevent nginx chunked encoding

This commit is contained in:
ospab 2026-05-21 13:06:06 +03:00
parent 3eb547db9d
commit 92fc73756f
2 changed files with 16 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
ostp-client/src/transport/xhttp.rs
View File

@ -71,17 +71,27 @@ pub async fn connect_xhttp(
// 1. Generate auth token // 1. Generate auth token
let timestamp = std::time::SystemTime::now().duration_since(std::time::UNIX_EPOCH)?.as_secs(); let timestamp = std::time::SystemTime::now().duration_since(std::time::UNIX_EPOCH)?.as_secs();
let ts_bytes = timestamp.to_be_bytes();
let mut mac = HmacSha256::new_from_slice(access_key).unwrap_or_else(|_| HmacSha256::new_from_slice(b"").unwrap()); let mut mac = HmacSha256::new_from_slice(access_key).unwrap_or_else(|_| HmacSha256::new_from_slice(b"").unwrap());
mac.update(&timestamp.to_be_bytes()); mac.update(&ts_bytes);
let sig = base64::prelude::BASE64_STANDARD.encode(mac.finalize().into_bytes()); let mac_bytes = mac.finalize().into_bytes();
let auth_token = format!("{}:{}", timestamp, sig);
let mut sig_bytes = Vec::with_capacity(8 + mac_bytes.len());
sig_bytes.extend_from_slice(&ts_bytes);
sig_bytes.extend_from_slice(&mac_bytes);
let auth_token = base64::Engine::encode(
&base64::engine::general_purpose::STANDARD_NO_PAD,
&sig_bytes
);
let http_host = if sni.is_empty() { target_ip.to_string() } else { sni.to_string() }; let http_host = if sni.is_empty() { target_ip.to_string() } else { sni.to_string() };
let req = format!( let req = format!(
"GET /stream HTTP/1.1\r\n\ "POST /stream HTTP/1.1\r\n\
Host: {}\r\n\ Host: {}\r\n\
Authorization: Bearer {}\r\n\ Authorization: Bearer {}\r\n\
Content-Length: 99999999999\r\n\
Connection: keep-alive\r\n\ Connection: keep-alive\r\n\
\r\n", \r\n",
http_host, auth_token http_host, auth_token

4
ostp-server/src/transport/uot.rs
View File

@ -38,7 +38,7 @@ pub async fn handle_tcp_connection(
let headers_str = String::from_utf8_lossy(&buf[..header_len]); let headers_str = String::from_utf8_lossy(&buf[..header_len]);
// Fast-fail scanner bots // Fast-fail scanner bots
if !headers_str.starts_with("GET /stream HTTP/1.1\r\n") { if !headers_str.starts_with("POST /stream HTTP/1.1\r\n") {
send_404(&mut stream).await?; send_404(&mut stream).await?;
anyhow::bail!("invalid request line"); anyhow::bail!("invalid request line");
} }
@ -108,7 +108,7 @@ pub async fn handle_tcp_connection(
} }
// Reply 200 OK // Reply 200 OK
let response = "HTTP/1.1 200 OK\r\nConnection: keep-alive\r\n\r\n"; let response = "HTTP/1.1 200 OK\r\nContent-Length: 99999999999\r\nConnection: keep-alive\r\n\r\n";
stream.write_all(response.as_bytes()).await?; stream.write_all(response.as_bytes()).await?;
info!("UoT client authenticated from {}", peer_addr); info!("UoT client authenticated from {}", peer_addr);