Option to not log back requests to the client

Closes #7

Author: EpicEric

src/config.rs

@@ -38,6 +38,8 @@ pub struct ApplicationConfig {
     pub http_port: u16,
     pub https_port: u16,
     pub force_https: bool,
+    pub disable_http_logs: bool,
+    pub disable_tcp_logs: bool,
     pub acme_contact_email: Option<String>,
     pub acme_use_staging: bool,
     pub password_authentication_url: Option<String>,

src/http.rs

@@ -29,12 +29,14 @@ const X_FORWARDED_PROTO: &str = "X-Forwarded-Proto";
 const X_FORWARDED_PORT: &str = "X-Forwarded-Port";
 
 fn http_log(
+    ip: &str,
     status: u16,
     method: &str,
     host: &str,
     uri: &str,
     elapsed_time: Duration,
     tx: Option<mpsc::UnboundedSender<Vec<u8>>>,
+    disable_http_logs: bool,
 ) {
     let status_escape_color = match status {
         100..=199 => "37m",
@@ -57,18 +59,21 @@ fn http_log(
         _ => "44m",
     };
     let line = format!(
-        " \x1b[2m{:19}\x1b[22m \x1b[{}[{:3}] \x1b[0;1;{}{:^7}\x1b[0m {} => {} \x1b[2m{}\x1b[0m\r\n",
+        " \x1b[2m{:19}\x1b[22m \x1b[{}[{:3}] \x1b[0;1;{}{:^7}\x1b[0m {} => {} \x1b[2m({}) {}\x1b[0m\r\n",
         chrono::Local::now().format("%Y-%m-%dT%H:%M:%S"),
         status_escape_color,
         status,
         method_escape_color,
         method,
         host,
         uri,
+        ip,
         pretty_duration::pretty_duration(&elapsed_time, None)
     );
     print!("{}", line);
-    let _ = tx.map(|tx| tx.send(line.into_bytes()));
+    if !disable_http_logs {
+        let _ = tx.map(|tx| tx.send(line.into_bytes()));
+    }
 }
 
 pub(crate) enum Protocol {
@@ -98,6 +103,7 @@ pub(crate) async fn proxy_handler<B, H, T, R>(
     protocol: Protocol,
     http_request_timeout: Duration,
     websocket_timeout: Option<Duration>,
+    disable_http_logs: bool,
 ) -> anyhow::Result<Response<AxumBody>>
 where
     H: ConnectionHandler<T>,
@@ -117,16 +123,19 @@ where
         .next()
         .ok_or(ServerError::InvalidHostHeader)?
         .to_owned();
+    let ip = tcp_address.ip().to_canonical().to_string();
     let Some(handler) = conn_manager.get(&host) else {
         if domain_redirect.from == host {
             let elapsed = timer.elapsed();
             http_log(
+                &ip,
                 StatusCode::SEE_OTHER.as_u16(),
                 request.method().as_str(),
                 &host,
                 request.uri().path(),
                 elapsed,
                 None,
+                disable_http_logs,
             );
             return Ok(Redirect::to(&domain_redirect.to).into_response());
         }
@@ -153,12 +162,14 @@ where
         )
         .into_response();
         http_log(
+            &ip,
             response.status().as_u16(),
             request.method().as_str(),
             &host,
             request.uri().path(),
             elapsed,
             None,
+            disable_http_logs,
         );
         return Ok(response);
     }
@@ -167,7 +178,6 @@ where
         Protocol::Https { port } => ("https", port.to_string()),
         Protocol::TlsRedirect { .. } => unreachable!(),
     };
-    let ip = tcp_address.ip().to_string();
     request
         .headers_mut()
         .insert(X_FORWARDED_FOR, ip.parse().unwrap());
@@ -204,12 +214,14 @@ where
                 .map_err(|_| ServerError::RequestTimeout)??;
             let elapsed = timer.elapsed();
             http_log(
+                &ip,
                 response.status().as_u16(),
                 &method,
                 &host,
                 &uri,
                 elapsed,
                 Some(tx),
+                disable_http_logs,
             );
             Ok(response.into_response())
         }
@@ -227,12 +239,14 @@ where
                 .map_err(|_| ServerError::RequestTimeout)??;
             let elapsed = timer.elapsed();
             http_log(
+                &ip,
                 response.status().as_u16(),
                 &method,
                 &host,
                 &uri,
                 elapsed,
                 Some(tx),
+                disable_http_logs,
             );
             match response.status() {
                 StatusCode::SWITCHING_PROTOCOLS => {
@@ -321,6 +335,7 @@ mod proxy_handler_tests {
             Protocol::Http { port: 80 },
             Duration::from_secs(5),
             None,
+            false,
         )
         .await;
         assert!(response.is_err());
@@ -352,6 +367,7 @@ mod proxy_handler_tests {
             Protocol::Http { port: 80 },
             Duration::from_secs(5),
             None,
+            false,
         )
         .await;
         assert!(response.is_ok());
@@ -385,6 +401,7 @@ mod proxy_handler_tests {
             Protocol::Http { port: 80 },
             Duration::from_secs(5),
             None,
+            false,
         )
         .await;
         assert!(response.is_ok());
@@ -432,6 +449,7 @@ mod proxy_handler_tests {
             Protocol::TlsRedirect { from: 80, to: 443 },
             Duration::from_secs(5),
             None,
+            false,
         )
         .await;
         assert!(response.is_ok());
@@ -479,6 +497,7 @@ mod proxy_handler_tests {
             Protocol::TlsRedirect { from: 80, to: 8443 },
             Duration::from_secs(5),
             None,
+            false,
         )
         .await;
         assert!(response.is_ok());
@@ -555,6 +574,7 @@ mod proxy_handler_tests {
             Protocol::Https { port: 443 },
             Duration::from_secs(5),
             None,
+            false,
         )
         .await;
         assert!(!logging_rx.is_empty());
@@ -632,6 +652,7 @@ mod proxy_handler_tests {
             Protocol::Https { port: 443 },
             Duration::from_secs(5),
             None,
+            false,
         )
         .await;
         assert!(!logging_rx.is_empty());
@@ -703,6 +724,7 @@ mod proxy_handler_tests {
                 Protocol::Https { port: 443 },
                 Duration::from_secs(5),
                 None,
+                false,
             )
         });
         let jh2 = tokio::spawn(async move {

src/lib.rs

@@ -164,6 +164,7 @@ pub async fn entrypoint(config: ApplicationConfig) -> anyhow::Result<()> {
         config.listen_address.clone(),
         Arc::clone(&tcp_connections),
         config.tcp_connection_timeout,
+        config.disable_tcp_logs,
     ));
     tcp_connections.update_reactor(Some(Arc::clone(&tcp_handler)));
     let addressing = Arc::new(AddressDelegator::new(
@@ -208,6 +209,7 @@ pub async fn entrypoint(config: ApplicationConfig) -> anyhow::Result<()> {
                     },
                     config.http_request_timeout,
                     config.tcp_connection_timeout,
+                    config.disable_http_logs,
                 )
             });
             let io = TokioIo::new(stream);
@@ -248,6 +250,7 @@ pub async fn entrypoint(config: ApplicationConfig) -> anyhow::Result<()> {
                     },
                     config.http_request_timeout,
                     config.tcp_connection_timeout,
+                    config.disable_http_logs,
                 )
             });
             match LazyConfigAcceptor::new(Default::default(), stream).await {

src/main.rs

@@ -140,6 +140,14 @@ struct Args {
     #[arg(long, default_value_t = false)]
     force_https: bool,
 
+    /// Disable sending HTTP logs to clients.
+    #[arg(long, default_value_t = false)]
+    disable_http_logs: bool,
+
+    /// Disable sending TCP/proxy logs to clients.
+    #[arg(long, default_value_t = false)]
+    disable_tcp_logs: bool,
+
     /// Contact e-mail to use with Let's Encrypt. If set, enables ACME for HTTPS certificates.
     ///
     /// By providing your e-mail, you agree to Let's Encrypt Subscriber Agreement.
@@ -235,6 +243,8 @@ async fn main() -> anyhow::Result<()> {
         http_port: args.http_port,
         https_port: args.https_port,
         force_https: args.force_https,
+        disable_http_logs: args.disable_http_logs,
+        disable_tcp_logs: args.disable_tcp_logs,
         acme_contact_email: args.acme_contact_email,
         acme_use_staging: args.acme_use_staging,
         password_authentication_url: args.password_authentication_url,

src/ssh.rs

@@ -1,4 +1,5 @@
 use std::{
+    borrow::Borrow,
     collections::{HashMap, HashSet},
     fmt::Display,
     net::SocketAddr,
@@ -91,7 +92,7 @@ struct UserData {
     http_hosts: HashSet<String>,
     tcp_aliases: HashSet<TcpAlias>,
     host_addressing: HashMap<(String, u32), String>,
-    port_addressing: HashMap<(String, u32), u16>,
+    port_addressing: HashMap<(String, u32), TcpAlias>,
 }
 
 impl Default for UserData {
@@ -597,11 +598,16 @@ impl Handler for ServerHandler {
                 } else {
                     *port as u16
                 };
+                let tcp_alias = if is_alias(address) {
+                    address
+                } else {
+                    "localhost"
+                };
                 if self
                     .server
                     .tcp
                     .insert(
-                        TcpAlias(address.to_string(), assigned_port),
+                        TcpAlias(tcp_alias.to_string(), assigned_port),
                         self.peer,
                         Arc::new(SshTunnelHandler::new(
                             Arc::clone(&user_data.allow_fingerprint),
@@ -616,10 +622,11 @@ impl Handler for ServerHandler {
                 {
                     user_data
                         .tcp_aliases
-                        .insert(TcpAlias(address.to_string(), assigned_port));
-                    user_data
-                        .port_addressing
-                        .insert((address.to_string(), *port), assigned_port);
+                        .insert(TcpAlias(tcp_alias.to_string(), assigned_port));
+                    user_data.port_addressing.insert(
+                        (address.to_string(), *port),
+                        TcpAlias(tcp_alias.to_string(), assigned_port),
+                    );
                     if is_alias(address) {
                         info!(
                             "Tunneling TCP port {} for alias {} ({})",
@@ -718,11 +725,11 @@ impl Handler for ServerHandler {
                 }
             }
             _ => {
-                if let Some(assigned_port) = user_data
+                if let Some(assigned_alias) = user_data
                     .port_addressing
                     .remove(&(address.to_string(), port))
                 {
-                    let key: &dyn TcpAliasKey = &BorrowedTcpAlias(address, &assigned_port);
+                    let key: &dyn TcpAliasKey = assigned_alias.borrow();
                     self.server.tcp.remove(key, self.peer);
                     user_data.tcp_aliases.remove(key);
                     Ok(true)
@@ -757,6 +764,13 @@ impl Handler for ServerHandler {
                         self.auth_data = AuthenticatedData::Proxy;
                         *self.is_proxied.lock().await = true;
                     }
+                    let _ = handler.log_channel().send(
+                        format!(
+                            "New HTTP proxy from {}:{} => http://{}",
+                            originator_address, originator_port, host_to_connect
+                        )
+                        .into_bytes(),
+                    );
                     tokio::spawn(async move {
                         let mut stream = channel.into_stream();
                         let _ = copy_bidirectional(&mut stream, &mut io).await;
@@ -785,6 +799,13 @@ impl Handler for ServerHandler {
                         self.auth_data = AuthenticatedData::Proxy;
                         *self.is_proxied.lock().await = true;
                     }
+                    let _ = handler.log_channel().send(
+                        format!(
+                            "New SSH proxy from {}:{} => {}:{}",
+                            originator_address, originator_port, host_to_connect, port_to_connect
+                        )
+                        .into_bytes(),
+                    );
                     tokio::spawn(async move {
                         let mut stream = channel.into_stream();
                         let _ = copy_bidirectional(&mut stream, &mut io).await;
@@ -816,6 +837,13 @@ impl Handler for ServerHandler {
                     self.auth_data = AuthenticatedData::Proxy;
                     *self.is_proxied.lock().await = true;
                 }
+                let _ = handler.log_channel().send(
+                    format!(
+                        "New TCP proxy from {}:{} => {}:{}",
+                        originator_address, originator_port, host_to_connect, port_to_connect
+                    )
+                    .into_bytes(),
+                );
                 tokio::spawn(async move {
                     let mut stream = channel.into_stream();
                     let _ = copy_bidirectional(&mut stream, &mut io).await;