diff options
| author | radhitya <alif@radhitya.org> | 2026-06-24 06:15:18 +0700 |
|---|---|---|
| committer | radhitya <alif@radhitya.org> | 2026-06-24 06:15:18 +0700 |
| commit | a6823756f0024814a74e255f7584193c0cd77b43 (patch) | |
| tree | b2eb3c1eb1d9db5e463d8e797cdbb7fff00c89d3 | |
| parent | 2c61900dd5efd81a5351513a20fa65580c8a6616 (diff) | |
| -rw-r--r-- | internal/server/doh.go | 9 | ||||
| -rw-r--r-- | internal/server/server.go | 25 |
2 files changed, 25 insertions, 9 deletions
diff --git a/internal/server/doh.go b/internal/server/doh.go index 0feb094..9c04d2c 100644 --- a/internal/server/doh.go +++ b/internal/server/doh.go @@ -10,6 +10,13 @@ import ( "linum/internal/cache" ) +func decodeDNSParam(s string) ([]byte, error) { + if b, err := base64.RawURLEncoding.DecodeString(s); err == nil { + return b, nil + } + return base64.URLEncoding.DecodeString(s) +} + func (s *Server) dohHandler(w http.ResponseWriter, r *http.Request) { clientIP := parseHTTPClientIP(r.RemoteAddr) if !s.isAllowed(clientIP) { @@ -44,7 +51,7 @@ func (s *Server) dohHandler(w http.ResponseWriter, r *http.Request) { http.Error(w, "missing dns param", http.StatusBadRequest) return } - decoded, err := base64.RawURLEncoding.DecodeString(param) + decoded, err := decodeDNSParam(param) if err != nil { http.Error(w, "invalid base64url", http.StatusBadRequest) return diff --git a/internal/server/server.go b/internal/server/server.go index 7bdc917..6661722 100644 --- a/internal/server/server.go +++ b/internal/server/server.go @@ -33,12 +33,12 @@ type Server struct { rateLimiter *rateLimiter dot *dns.Server - mu sync.RWMutex - upUDP bool - upTCP bool - upDoH bool - upDoT bool - cancel context.CancelFunc + mu sync.RWMutex + upUDP bool + upTCP bool + upDoH bool + upDoT bool + cancel context.CancelFunc closeOnce sync.Once } @@ -117,6 +117,10 @@ func New(udpAddr, tcpAddr, dohAddr, dotAddr string, tlsCfg *tls.Config, logger * Handler: dohMux, ReadTimeout: 5 * time.Second, WriteTimeout: 5 * time.Second, + TLSConfig: tlsCfg, + } + if tlsCfg == nil { + slog.Warn("doh listener configured without tls") } } @@ -163,8 +167,13 @@ func (s *Server) Run(ctx context.Context) error { if s.doh != nil { go func() { - s.logger.Info("doh listener active", "addr", s.doh.Addr) - errCh <- s.doh.ListenAndServe() + s.logger.Info("doh listener active", "addr", s.doh.Addr, "tls", s.doh.TLSConfig != nil) + if s.doh.TLSConfig != nil { + errCh <- s.doh.ListenAndServeTLS("", "") + } else { + s.logger.Warn("doh listener serving plain http") + errCh <- s.doh.ListenAndServe() + } }() } if s.dot != nil { |