You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
352 lines
6.6 KiB
Go
352 lines
6.6 KiB
Go
package main
|
|
|
|
import (
|
|
"bufio"
|
|
"bytes"
|
|
"fmt"
|
|
"io"
|
|
"log"
|
|
"net"
|
|
"net/http"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/fangdingjun/gnutls"
|
|
auth "github.com/fangdingjun/go-http-auth"
|
|
nghttp2 "github.com/fangdingjun/nghttp2-go"
|
|
)
|
|
|
|
// handler process the proxy request first(if enabled)
|
|
// and route the request to the registered http.Handler
|
|
type handler struct {
|
|
handler http.Handler
|
|
enableProxy bool
|
|
enableAuth bool
|
|
authMethod *auth.DigestAuth
|
|
localDomains []string
|
|
}
|
|
|
|
var defaultTransport http.RoundTripper = &http.Transport{
|
|
//DialContext: dialContext,
|
|
MaxIdleConns: 50,
|
|
IdleConnTimeout: 30 * time.Second,
|
|
MaxIdleConnsPerHost: 3,
|
|
DisableKeepAlives: true,
|
|
ResponseHeaderTimeout: 10 * time.Second,
|
|
}
|
|
|
|
// ServeHTTP implements the http.Handler interface
|
|
func (h *handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|
// http/1.1 local request
|
|
if r.ProtoMajor == 1 && r.RequestURI[0] == '/' {
|
|
if h.handler != nil {
|
|
h.handler.ServeHTTP(w, r)
|
|
} else {
|
|
http.DefaultServeMux.ServeHTTP(w, r)
|
|
}
|
|
return
|
|
}
|
|
|
|
// http/2.0 local request
|
|
if r.ProtoMajor == 2 && h.isLocalRequest(r) {
|
|
if h.handler != nil {
|
|
h.handler.ServeHTTP(w, r)
|
|
} else {
|
|
http.DefaultServeMux.ServeHTTP(w, r)
|
|
}
|
|
return
|
|
}
|
|
|
|
// proxy request
|
|
|
|
if !h.enableProxy {
|
|
w.WriteHeader(http.StatusNotFound)
|
|
fmt.Fprintf(w, "<h1>404 Not Found</h1>")
|
|
return
|
|
}
|
|
|
|
if h.enableAuth {
|
|
u, _ := h.authMethod.CheckAuth(r)
|
|
if u == "" {
|
|
h.authMethod.RequireAuth(w, r)
|
|
return
|
|
}
|
|
}
|
|
|
|
if r.Method == http.MethodConnect {
|
|
// CONNECT request
|
|
h.handleCONNECT(w, r)
|
|
} else {
|
|
// GET, POST, PUT, ....
|
|
h.handleHTTP(w, r)
|
|
}
|
|
}
|
|
|
|
func (h *handler) handleHTTP(w http.ResponseWriter, r *http.Request) {
|
|
|
|
var resp *http.Response
|
|
var err error
|
|
|
|
r.Header.Del("proxy-connection")
|
|
r.Header.Del("proxy-authorization")
|
|
|
|
if r.ProtoMajor == 2 {
|
|
r.URL.Scheme = "http"
|
|
r.URL.Host = r.Host
|
|
r.RequestURI = r.URL.String()
|
|
if r.Method != http.MethodPost && r.Method != http.MethodPut {
|
|
r.ContentLength = 0
|
|
r.Body.Close()
|
|
r.Body = nil
|
|
}
|
|
}
|
|
if r.Method == http.MethodPost && r.ContentLength == 0 {
|
|
r.Body = http.NoBody
|
|
}
|
|
//log.Println("content-length", r.Header.Get("content-length"))
|
|
resp, err = defaultTransport.RoundTrip(r)
|
|
if err != nil {
|
|
log.Printf("RoundTrip: %s", err)
|
|
w.Header().Set("Content-Type", "text/plain")
|
|
w.WriteHeader(http.StatusServiceUnavailable)
|
|
fmt.Fprintf(w, "%s", err)
|
|
return
|
|
}
|
|
|
|
defer resp.Body.Close()
|
|
|
|
hdr := w.Header()
|
|
|
|
for k, v := range resp.Header {
|
|
_k := strings.ToLower(k)
|
|
if _k == "connection" || _k == "transfer-encoding" ||
|
|
_k == "keep-alive" || _k == "upgrade" || _k == "te" {
|
|
continue
|
|
}
|
|
if resp.StatusCode == 204 && _k == "content-length" {
|
|
continue
|
|
}
|
|
for _, v1 := range v {
|
|
hdr.Add(k, v1)
|
|
}
|
|
}
|
|
|
|
w.WriteHeader(resp.StatusCode)
|
|
io.Copy(w, resp.Body)
|
|
}
|
|
|
|
func (h *handler) handleCONNECT(w http.ResponseWriter, r *http.Request) {
|
|
host := r.RequestURI
|
|
|
|
if r.ProtoMajor == 2 {
|
|
host = r.Host
|
|
}
|
|
|
|
if !strings.Contains(host, ":") {
|
|
host = fmt.Sprintf("%s:443", host)
|
|
}
|
|
|
|
var conn net.Conn
|
|
var err error
|
|
|
|
conn, err = net.Dial("tcp", host)
|
|
if err != nil {
|
|
log.Printf("net.dial: %s", err)
|
|
w.Header().Set("Content-Type", "text/plain")
|
|
w.WriteHeader(http.StatusServiceUnavailable)
|
|
fmt.Fprintf(w, "dial to %s failed: %s", host, err)
|
|
return
|
|
}
|
|
|
|
if r.ProtoMajor == 1 {
|
|
// HTTP/1.1
|
|
hj, ok := w.(http.Hijacker)
|
|
if !ok {
|
|
w.WriteHeader(http.StatusNotFound)
|
|
return
|
|
}
|
|
|
|
conn1, _, _ := hj.Hijack()
|
|
|
|
fmt.Fprintf(conn1, "%s 200 connection established\r\n\r\n", r.Proto)
|
|
|
|
pipeAndClose(conn, conn1)
|
|
return
|
|
}
|
|
|
|
// HTTP/2.0
|
|
|
|
defer func() {
|
|
if err := recover(); err != nil {
|
|
log.Printf("recover %+v", err)
|
|
}
|
|
}()
|
|
|
|
defer conn.Close()
|
|
|
|
w.WriteHeader(http.StatusOK)
|
|
//w.(http.Flusher).Flush()
|
|
|
|
ch := make(chan int, 2)
|
|
go func() {
|
|
io.Copy(conn, r.Body)
|
|
ch <- 1
|
|
}()
|
|
|
|
go func() {
|
|
io.Copy(w, conn)
|
|
ch <- 1
|
|
}()
|
|
|
|
<-ch
|
|
}
|
|
|
|
// isLocalRequest determine the http2 request is local path request
|
|
// or the proxy request
|
|
func (h *handler) isLocalRequest(r *http.Request) bool {
|
|
if !h.enableProxy {
|
|
return true
|
|
}
|
|
|
|
if len(h.localDomains) == 0 {
|
|
return true
|
|
}
|
|
|
|
host := r.Host
|
|
if h1, _, err := net.SplitHostPort(r.Host); err == nil {
|
|
host = h1
|
|
}
|
|
|
|
for _, s := range h.localDomains {
|
|
if strings.HasSuffix(host, s) {
|
|
return true
|
|
}
|
|
}
|
|
|
|
return false
|
|
}
|
|
|
|
func pipeAndClose(r1, r2 io.ReadWriteCloser) {
|
|
defer func() {
|
|
if err := recover(); err != nil {
|
|
log.Printf("recover %+v", err)
|
|
}
|
|
}()
|
|
|
|
defer r1.Close()
|
|
defer r2.Close()
|
|
|
|
ch := make(chan int, 2)
|
|
go func() {
|
|
io.Copy(r1, r2)
|
|
ch <- 1
|
|
}()
|
|
|
|
go func() {
|
|
io.Copy(r2, r1)
|
|
ch <- 1
|
|
}()
|
|
|
|
<-ch
|
|
}
|
|
|
|
func handleHTTPClient(c net.Conn, handler http.Handler) {
|
|
tlsconn := c.(*gnutls.Conn)
|
|
if err := tlsconn.Handshake(); err != nil {
|
|
log.Println(err)
|
|
return
|
|
}
|
|
state := tlsconn.ConnectionState()
|
|
if state.NegotiatedProtocol == "h2" {
|
|
h2conn, err := nghttp2.Server(tlsconn, handler)
|
|
if err != nil {
|
|
log.Println(err)
|
|
}
|
|
h2conn.Run()
|
|
return
|
|
}
|
|
|
|
defer c.Close()
|
|
r := bufio.NewReader(tlsconn)
|
|
buf := new(bytes.Buffer)
|
|
for {
|
|
req, err := http.ReadRequest(r)
|
|
if err != nil {
|
|
return
|
|
}
|
|
addr := tlsconn.RemoteAddr().String()
|
|
req.RemoteAddr = addr
|
|
rh := &responseHandler{
|
|
c: tlsconn,
|
|
header: http.Header{},
|
|
buf: buf,
|
|
}
|
|
handler.ServeHTTP(rh, req)
|
|
rh.Write(nil)
|
|
rh.buf.WriteTo(rh.c)
|
|
}
|
|
}
|
|
|
|
type responseHandler struct {
|
|
c net.Conn
|
|
statusCode int
|
|
header http.Header
|
|
responseSend bool
|
|
w io.Writer
|
|
buf *bytes.Buffer
|
|
}
|
|
|
|
func (r *responseHandler) WriteHeader(statusCode int) {
|
|
if r.responseSend {
|
|
return
|
|
}
|
|
r.buf.Reset()
|
|
r.statusCode = statusCode
|
|
cl := r.header.Get("content-length")
|
|
te := r.header.Get("transfer-encoding")
|
|
if cl == "" || te != "" {
|
|
if te == "" {
|
|
r.header.Set("transfer-encoding", "chunked")
|
|
}
|
|
r.w = &chunkWriter{r.buf}
|
|
} else {
|
|
r.w = r.buf
|
|
}
|
|
fmt.Fprintf(r.buf, "HTTP/1.1 %d %s\r\n", statusCode,
|
|
http.StatusText(statusCode))
|
|
for k, v := range r.header {
|
|
fmt.Fprintf(r.buf, "%s: %s\r\n", strings.Title(k), strings.Join(v, ","))
|
|
}
|
|
fmt.Fprintf(r.buf, "\r\n")
|
|
r.responseSend = true
|
|
}
|
|
|
|
func (r *responseHandler) Header() http.Header {
|
|
return r.header
|
|
}
|
|
|
|
func (r *responseHandler) Write(buf []byte) (int, error) {
|
|
if !r.responseSend {
|
|
r.WriteHeader(http.StatusOK)
|
|
}
|
|
n, err := r.w.Write(buf)
|
|
if r.buf.Len() > 2048 {
|
|
r.buf.WriteTo(r.c)
|
|
}
|
|
return n, err
|
|
}
|
|
|
|
var _ http.ResponseWriter = &responseHandler{}
|
|
|
|
type chunkWriter struct {
|
|
w io.Writer
|
|
}
|
|
|
|
func (cw *chunkWriter) Write(buf []byte) (int, error) {
|
|
n := len(buf)
|
|
if n == 0 {
|
|
return fmt.Fprintf(cw.w, "0\r\n\r\n")
|
|
}
|
|
return fmt.Fprintf(cw.w, "%x\r\n%s\r\n", n, string(buf))
|
|
}
|