From 6c02e30bc92981eeead117a3fb19b4062190e43c Mon Sep 17 00:00:00 2001
From: Vasyl Gello <vasek.gello@gmail.com>
Date: Mon, 22 Jul 2024 05:54:14 +0300
Subject: [PATCH] Make WSS link dial-only as TLS certs are not exposed to user

Signed-off-by: Vasyl Gello <vasek.gello@gmail.com>
---
 src/core/link_wss.go | 96 +-------------------------------------------
 1 file changed, 2 insertions(+), 94 deletions(-)

diff --git a/src/core/link_wss.go b/src/core/link_wss.go
index 932aa61c..2007d1e3 100644
--- a/src/core/link_wss.go
+++ b/src/core/link_wss.go
@@ -2,11 +2,9 @@ package core
 
 import (
 	"context"
-	"crypto/tls"
+	"fmt"
 	"net"
-	"net/http"
 	"net/url"
-	"time"
 
 	"github.com/Arceliar/phony"
 	"nhooyr.io/websocket"
@@ -14,7 +12,6 @@ import (
 
 type linkWSS struct {
 	phony.Inbox
-	tlsconfig *tls.Config
 	*links
 }
 
@@ -22,72 +19,9 @@ type linkWSSConn struct {
 	net.Conn
 }
 
-type linkWSSListener struct {
-	ch          chan *linkWSSConn
-	ctx         context.Context
-	httpServer  *http.Server
-	listener    net.Listener
-	tlslistener net.Listener
-}
-
-type wssServer struct {
-	ch  chan *linkWSSConn
-	ctx context.Context
-}
-
-func (l *linkWSSListener) Accept() (net.Conn, error) {
-	qs := <-l.ch
-	if qs == nil {
-		return nil, context.Canceled
-	}
-	return qs, nil
-}
-
-func (l *linkWSSListener) Addr() net.Addr {
-	return l.listener.Addr()
-}
-
-func (l *linkWSSListener) Close() error {
-	if err := l.httpServer.Shutdown(l.ctx); err != nil {
-		return err
-	}
-	if err := l.tlslistener.Close(); err != nil {
-		return err
-	}
-	return l.listener.Close()
-}
-
-func (s *wssServer) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	if r.URL.Path == "/h" {
-		w.WriteHeader(http.StatusOK)
-		w.Write([]byte("OK"))
-		return
-	}
-	c, err := websocket.Accept(w, r, &websocket.AcceptOptions{
-		Subprotocols: []string{"ygg-ws"},
-	})
-
-	if err != nil {
-		return
-	}
-
-	if c.Subprotocol() != "ygg-ws" {
-		c.Close(websocket.StatusPolicyViolation, "client must speak the ygg-ws subprotocol")
-		return
-	}
-
-	netconn := websocket.NetConn(s.ctx, c, websocket.MessageBinary)
-
-	ch := s.ch
-	ch <- &linkWSSConn{
-		Conn: netconn,
-	}
-}
-
 func (l *links) newLinkWSS() *linkWSS {
 	lwss := &linkWSS{
 		links:     l,
-		tlsconfig: l.core.config.tls.Clone(),
 	}
 
 	return lwss
@@ -107,31 +41,5 @@ func (l *linkWSS) dial(ctx context.Context, url *url.URL, info linkInfo, options
 }
 
 func (l *linkWSS) listen(ctx context.Context, url *url.URL, _ string) (net.Listener, error) {
-	nl, err := net.Listen("tcp", url.Host)
-	if err != nil {
-		return nil, err
-	}
-
-	tl := tls.NewListener(nl, l.tlsconfig)
-
-	ch := make(chan *linkWSSConn)
-
-	httpServer := &http.Server{
-		Handler: &wssServer{
-			ch:  ch,
-			ctx: ctx,
-		},
-		ReadTimeout:  time.Second * 10,
-		WriteTimeout: time.Second * 10,
-	}
-
-	lwl := &linkWSSListener{
-		ch:          ch,
-		ctx:         ctx,
-		httpServer:  httpServer,
-		listener:    nl,
-		tlslistener: tl,
-	}
-	go lwl.httpServer.Serve(tl)
-	return lwl, nil
+	return nil, fmt.Errorf("WSS listener not supported, use WS listener behind reverse proxy instead")
 }