137 lines
3.2 KiB
Go
137 lines
3.2 KiB
Go
package cli
|
|
|
|
import (
|
|
"fmt"
|
|
"io"
|
|
"log"
|
|
"os"
|
|
"runtime"
|
|
"strconv"
|
|
|
|
"termtap.dev/internal/app"
|
|
"termtap.dev/internal/model"
|
|
"termtap.dev/internal/proxy"
|
|
"termtap.dev/internal/tui"
|
|
)
|
|
|
|
// This should be configurable at some point, just in case they build on 8080
|
|
const proxy_addr = "127.0.0.1:8080"
|
|
|
|
var fatalExit = log.Fatalln
|
|
var stdoutWriter io.Writer = stdioRef{isErr: false}
|
|
var stderrWriter io.Writer = stdioRef{isErr: true}
|
|
var startSessionFn = app.StartSession
|
|
var runTUIFn = tui.Run
|
|
|
|
type stdioRef struct {
|
|
isErr bool
|
|
}
|
|
|
|
func (w stdioRef) Write(p []byte) (int, error) {
|
|
if w.isErr {
|
|
return os.Stderr.Write(p)
|
|
}
|
|
return os.Stdout.Write(p)
|
|
}
|
|
|
|
func Run(args []string) {
|
|
if len(args) >= 2 && args[1] == "cert" {
|
|
runCert()
|
|
return
|
|
}
|
|
|
|
cmd, ok := parseCommand(args)
|
|
if !ok {
|
|
displayHelp()
|
|
return
|
|
}
|
|
|
|
session, err := startSessionFn(cmd, proxy_addr)
|
|
if err != nil {
|
|
fatalExit(err)
|
|
return
|
|
}
|
|
defer session.Stop()
|
|
|
|
controls := tui.Controls{
|
|
Restart: session.RestartProcess,
|
|
}
|
|
|
|
if err := runTUIFn(session.Events, controls); err != nil {
|
|
fatalExit(err)
|
|
return
|
|
}
|
|
}
|
|
|
|
func parseCommand(args []string) (model.Command, bool) {
|
|
if len(args) < 4 {
|
|
return model.Command{}, false
|
|
}
|
|
|
|
if args[1] != "run" || args[2] != "--" {
|
|
return model.Command{}, false
|
|
}
|
|
|
|
args = args[3:]
|
|
if len(args) == 1 {
|
|
return model.Command{Name: args[0], Args: []string{}}, true
|
|
}
|
|
|
|
return model.Command{Name: args[0], Args: args[1:]}, true
|
|
}
|
|
|
|
func displayHelp() {
|
|
helpText := `
|
|
usage:
|
|
tap cert
|
|
tap run -- <command> [args...]
|
|
`
|
|
|
|
fmt.Fprintln(stderrWriter, helpText)
|
|
}
|
|
|
|
func runCert() {
|
|
ca, err := proxy.EnsureCertificateAuthority()
|
|
if err != nil {
|
|
fatalExit(err)
|
|
return
|
|
}
|
|
|
|
certPath := ca.CertPath()
|
|
quotedCertPath := strconv.Quote(certPath)
|
|
fmt.Fprintf(stdoutWriter, "Certificate path: %s\n", certPath)
|
|
if ca.WasCreated() {
|
|
fmt.Fprintln(stdoutWriter, "Created a new local HTTPS interception CA.")
|
|
} else {
|
|
fmt.Fprintln(stdoutWriter, "Using existing local HTTPS interception CA.")
|
|
}
|
|
|
|
trusted, err := ca.IsTrustedBySystem()
|
|
if err != nil {
|
|
fmt.Fprintf(stdoutWriter, "System trust check failed: %v\n", err)
|
|
} else if trusted {
|
|
fmt.Fprintln(stdoutWriter, "System trust store: trusted")
|
|
} else {
|
|
fmt.Fprintln(stdoutWriter, "System trust store: not trusted")
|
|
}
|
|
|
|
if runtime.GOOS != "linux" {
|
|
fmt.Fprintln(stdoutWriter, "Install this certificate into your OS or client trust store to inspect HTTPS traffic.")
|
|
return
|
|
}
|
|
|
|
fmt.Fprintln(stdoutWriter)
|
|
fmt.Fprintln(stdoutWriter, "Trust instructions (Linux):")
|
|
fmt.Fprintln(stdoutWriter, "Debian/Ubuntu:")
|
|
fmt.Fprintf(stdoutWriter, " sudo cp %s /usr/local/share/ca-certificates/termtap.crt\n", quotedCertPath)
|
|
fmt.Fprintln(stdoutWriter, " sudo update-ca-certificates")
|
|
fmt.Fprintln(stdoutWriter, "Fedora/RHEL/CentOS:")
|
|
fmt.Fprintf(stdoutWriter, " sudo cp %s /etc/pki/ca-trust/source/anchors/termtap.crt\n", quotedCertPath)
|
|
fmt.Fprintln(stdoutWriter, " sudo update-ca-trust")
|
|
fmt.Fprintln(stdoutWriter, "Arch:")
|
|
fmt.Fprintf(stdoutWriter, " sudo trust anchor %s\n", quotedCertPath)
|
|
fmt.Fprintln(stdoutWriter)
|
|
fmt.Fprintln(stdoutWriter, "Quick curl test:")
|
|
fmt.Fprintf(stdoutWriter, " curl --proxy http://%s --cacert %s https://example.com\n", proxy_addr, quotedCertPath)
|
|
}
|