internal/httpproxy/handler.go

package httpproxy

import (
	"context"
	"fmt"
	"net/http"
	"sync"
	"time"
)

func newHandler(ctx context.Context, wg *sync.WaitGroup, logger Logger,
	stealth, verbose bool, username, password string) http.Handler {
	const httpTimeout = 24 * time.Hour
	return &handler{
		ctx: ctx,
		wg:  wg,
		client: &http.Client{
			Timeout:       httpTimeout,
			CheckRedirect: returnRedirect},
		logger:   logger,
		verbose:  verbose,
		stealth:  stealth,
		username: username,
		password: password,
	}
}

type handler struct {
	ctx                context.Context //nolint:containedctx
	wg                 *sync.WaitGroup
	client             *http.Client
	logger             Logger
	verbose, stealth   bool
	username, password string
}

func (h *handler) ServeHTTP(responseWriter http.ResponseWriter, request *http.Request) {
	if !h.isAccepted(responseWriter, request) {
		return
	}
	if !h.isAuthorized(responseWriter, request) {
		return
	}
	request.Header.Del("Proxy-Connection")
	request.Header.Del("Proxy-Authenticate")
	request.Header.Del("Proxy-Authorization")
	switch request.Method {
	case http.MethodConnect:
		h.handleHTTPS(responseWriter, request)
	default:
		h.handleHTTP(responseWriter, request)
	}
}

// http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html
var hopHeaders = [...]string{ //nolint:gochecknoglobals
	"Connection",
	"Keep-Alive",
	"Proxy-Authenticate",
	"Proxy-Authorization",
	"Te", // canonicalized version of "TE"
	"Trailers",
	"Transfer-Encoding",
	"Upgrade",
}

// Do not follow redirect, but directly return the redirect response.
func returnRedirect(*http.Request, []*http.Request) error {
	return fmt.Errorf("%w", http.ErrUseLastResponse)
}
HTTP proxy written in Go to replace Tinyproxy (#269) 2020-10-31 21:50:31 -04:00			`package httpproxy`

			`import (`
			`"context"`
chore(all): wrap all sentinel errors - Force to use `errors.Is` instead of `==` to compare errors 2023-04-12 10:18:16 +00:00			`"fmt"`
HTTP proxy written in Go to replace Tinyproxy (#269) 2020-10-31 21:50:31 -04:00			`"net/http"`
			`"sync"`
			`"time"`
			`)`

Maint: package local narrow Logger interfaces 2021-09-23 16:58:21 +00:00			`func newHandler(ctx context.Context, wg *sync.WaitGroup, logger Logger,`
HTTP proxy written in Go to replace Tinyproxy (#269) 2020-10-31 21:50:31 -04:00			`stealth, verbose bool, username, password string) http.Handler {`
HTTP proxy 24 hours timeout, fix #303 2020-11-21 01:26:02 +00:00			`const httpTimeout = 24 * time.Hour`
HTTP proxy written in Go to replace Tinyproxy (#269) 2020-10-31 21:50:31 -04:00			`return &handler{`
Fix: HTTP proxy: return the response of a redirect, do not follow (#384) Authored-by: Fernand Geertsema <fernand@web-iq.eu> 2021-02-15 14:40:51 +01:00			`ctx: ctx,`
			`wg: wg,`
			`client: &http.Client{`
			`Timeout: httpTimeout,`
			`CheckRedirect: returnRedirect},`
HTTP proxy 24 hours timeout, fix #303 2020-11-21 01:26:02 +00:00			`logger: logger,`
			`verbose: verbose,`
			`stealth: stealth,`
			`username: username,`
			`password: password,`
HTTP proxy written in Go to replace Tinyproxy (#269) 2020-10-31 21:50:31 -04:00			`}`
			`}`

			`type handler struct {`
chore(lint): add `containedctx`, `decorder` and `errchkjson` 2022-02-26 13:49:53 +00:00			`ctx context.Context //nolint:containedctx`
HTTP proxy written in Go to replace Tinyproxy (#269) 2020-10-31 21:50:31 -04:00			`wg *sync.WaitGroup`
			`client *http.Client`
Maint: package local narrow Logger interfaces 2021-09-23 16:58:21 +00:00			`logger Logger`
HTTP proxy written in Go to replace Tinyproxy (#269) 2020-10-31 21:50:31 -04:00			`verbose, stealth bool`
			`username, password string`
			`}`

			`func (h handler) ServeHTTP(responseWriter http.ResponseWriter, request http.Request) {`
HTTP proxy authentication fixes (#300) - Only accepts HTTP 1.x protocols - Only checks the credentials when the method is `CONNECT` or the request URL is absolute - More logging on authorization failures - Removes the authorization headers before forwarding the HTTP(s) requests - Refers to #298 2020-12-01 22:29:31 -05:00			`if !h.isAccepted(responseWriter, request) {`
HTTP proxy written in Go to replace Tinyproxy (#269) 2020-10-31 21:50:31 -04:00			`return`
			`}`
HTTP proxy authentication fixes (#300) - Only accepts HTTP 1.x protocols - Only checks the credentials when the method is `CONNECT` or the request URL is absolute - More logging on authorization failures - Removes the authorization headers before forwarding the HTTP(s) requests - Refers to #298 2020-12-01 22:29:31 -05:00			`if !h.isAuthorized(responseWriter, request) {`
			`return`
			`}`
			`request.Header.Del("Proxy-Connection")`
			`request.Header.Del("Proxy-Authenticate")`
			`request.Header.Del("Proxy-Authorization")`
HTTP proxy written in Go to replace Tinyproxy (#269) 2020-10-31 21:50:31 -04:00			`switch request.Method {`
			`case http.MethodConnect:`
			`h.handleHTTPS(responseWriter, request)`
			`default:`
			`h.handleHTTP(responseWriter, request)`
			`}`
			`}`

			`// http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html`
			`var hopHeaders = [...]string{ //nolint:gochecknoglobals`
			`"Connection",`
			`"Keep-Alive",`
			`"Proxy-Authenticate",`
			`"Proxy-Authorization",`
			`"Te", // canonicalized version of "TE"`
			`"Trailers",`
			`"Transfer-Encoding",`
			`"Upgrade",`
			`}`
Fix: HTTP proxy: return the response of a redirect, do not follow (#384) Authored-by: Fernand Geertsema <fernand@web-iq.eu> 2021-02-15 14:40:51 +01:00
			`// Do not follow redirect, but directly return the redirect response.`
chore(lint): upgrade from v1.51.2 to v1.52.2 2023-04-12 08:36:58 +00:00			`func returnRedirect(http.Request, []http.Request) error {`
chore(all): wrap all sentinel errors - Force to use `errors.Is` instead of `==` to compare errors 2023-04-12 10:18:16 +00:00			`return fmt.Errorf("%w", http.ErrUseLastResponse)`
Fix: HTTP proxy: return the response of a redirect, do not follow (#384) Authored-by: Fernand Geertsema <fernand@web-iq.eu> 2021-02-15 14:40:51 +01:00			`}`