11

I want to build a node js internet gateway/captive portal. So I can have a user 'authorize' his mac address or ip address if the mac address is not possible like used for wifi hotspots

So what I have in mind is node can have a dhcp server and it gives its ip address as the gateway. So if the user loads a page on the web browser it gives them an authentication screen and they can then log in and the gateway can then route its packets correctly.

How can I do the authorization step with node.js so if they're not logged in it presents a log in page & if they are to route the packets correctly?

animuson
  • 53,861
  • 28
  • 137
  • 147
Tarang
  • 75,157
  • 39
  • 215
  • 276
  • 2
    I would use your Node.js application for the management of clients and web interface, but use your system's routing capabilities. Cool project. I hope there is a good solution for this. – Brad Mar 21 '13 at 15:56
  • Thanks!. I was thinking of using iptables to route & changing rules using node but I'm not sure how to redirect traffic to a the captive portal when the user doesn't have a session – Tarang Mar 21 '13 at 16:06
  • One method is to respond to DNS queries with the IP of your captive portal. This is problematic though, as the client will usually have some DNS entries already cached. In addition, clients with malware often redirect some DNS queries to localhost or foreign DNS servers. Finally, the client may have their own DNS server manually configured. What you need to do is transparently redirect all TCP traffic on port 80 to your server. I don't know how to do that. – Brad Mar 21 '13 at 16:12
  • I'm trying to figure out your question: So you basically want to use node.js as part of your network operating system (installed on your router), effectively acting as a default gateway on your network? It is possible to write an app that receives connections on port 80 and then delay forwarding the connection (tunneling) after a request and response has been sent and back from the client... but configuring that node.js as the default gateway is something else. So please clarify, maybe I can help. – dot slash hack May 10 '14 at 20:52
  • I'm not sure if this would achieve the same end-goal - but it'd be far far quicker to make an HTTP/SOCKS proxy in node and add some authentication on top. Let me know if you want me to elaborate more and I can leave a proper answer.. – Giles Williams Jun 09 '14 at 14:11

1 Answers1

4

You need couple of pieces to put this together.

#1: http proxy - If you can run a DHCP server and assign IP addresses, then you can run and http-proxy to capture all internet traffic.

#2: You'll then need to add authentication logic to this proxy which can check for a cookie, magic packet, token or something that verifies access and lets them through or redirects to login page.

node-http-proxy is a very popular and flexible node http proxy server that you can easily add your own logic to.

node-http-auth-proxy is another such project with an example of how to handle authentication built in.

Having a proxy also allows you to whitelist/blacklist sites/IPs, something you may wanna do based on your target audience.

Mrchief
  • 75,126
  • 20
  • 142
  • 189