bin/telebit-remote.js

@@ -524,16 +524,28 @@ function parseConfig(err, text) {
       } else {
         if ('http' === body.module) {
           // TODO we'll support slingshot-ing in the future
+          if (body.local) {
             if (String(body.local) === String(parseInt(body.local, 10))) {
               console.info('> Forwarding https://' + body.remote + ' => localhost:' + body.local);
             } else {
               console.info('> Serving ' + body.local + ' as https://' + body.remote);
             }
+          } else {
+            console.info('> Rejecting End-to-End Encrypted HTTPS for now');
+          }
         } else if ('tcp' === body.module) {
+          if (body.local) {
             console.info('> Forwarding ' + state.config.relay + ':' + body.remote + ' => localhost:' + body.local);
+          } else {
+            console.info('> Rejecting Legacy TCP');
+          }
         } else if ('ssh' === body.module) {
           //console.info('> Forwarding ' + state.config.relay + ' -p ' + JSON.stringify(body) + ' => localhost:' + body.local);
+          if (body.local) {
             console.info('> Forwarding ssh+https (openssl proxy) => localhost:' + body.local);
+          } else {
+            console.info('> Rejecting SSH-over-HTTPS for now');
+          }
         } else {
           console.info(JSON.stringify(body, null, 2));
         }

bin/telebitd.js

@@ -245,11 +245,11 @@ controllers.tcp = function (req, res, opts) {
   if (remotePort) {
     if (!state.ports[remotePort]) {
       active = false;
-      return;
+    } else {
-    }
       // forward-to port-or-module
-    // TODO we can't send files over tcp until we fix the connect event bug
+      // TODO with the connect event bug fixed, we should now be able to send files over tcp
       state.ports[remotePort].handler = portOrPath;
+    }
   } else {
     if (!Object.keys(state.ports).some(function (key) {
       if (!state.ports[key].handler) {
@@ -329,7 +329,7 @@ controllers.ssh = function (req, res, opts) {
 function serveControlsHelper() {
   controlServer = http.createServer(function (req, res) {
     var opts = url.parse(req.url, true);
-    if (opts.query._body) {
+    if (false && opts.query._body) {
       try {
         opts.body = JSON.parse(decodeURIComponent(opts.query._body, true));
       } catch(e) {
@@ -591,6 +591,7 @@ function serveControlsHelper() {
       ));
     }
 
+    function route() {
       if (/\b(config)\b/.test(opts.pathname) && /get/i.test(req.method)) {
         getConfigOnly();
         return;
@@ -648,6 +649,32 @@ function serveControlsHelper() {
 
       res.setHeader('Content-Type', 'application/json');
       res.end(JSON.stringify({"error":{"message":"unrecognized rpc"}}));
+    }
+
+    if (!req.headers['content-length'] && !req.headers['content-type']) {
+      route();
+      return;
+    }
+
+    var body = '';
+    req.on('readable', function () {
+      var data;
+      while (true) {
+        data = req.read();
+        if (!data) { break; }
+        body += data.toString();
+      }
+    });
+    req.on('end', function () {
+      try {
+        opts.body = JSON.parse(body);
+      } catch(e) {
+        res.statusCode = 400;
+        res.end('{"error":{"message":"POST body is not valid json"}}');
+        return;
+      }
+      route();
+    });
   });
 
   if (fs.existsSync(state._ipc.path)) {

lib/rc/index.js

@@ -108,6 +108,7 @@ module.exports.create = function (state) {
       fn(err);
     });
     if ('POST' === method && opts.data) {
+      req.setHeader("content-type", 'application/json');
       req.write(json || opts.data);
     }
     req.end();