123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253 |
- package plugin
- import (
- "bufio"
- "context"
- "encoding/base64"
- "io"
- "net"
- "net/http"
- "strings"
- "time"
- libio "github.com/fatedier/golib/io"
- libnet "github.com/fatedier/golib/net"
- v1 "github.com/fatedier/frp/pkg/config/v1"
- netpkg "github.com/fatedier/frp/pkg/util/net"
- "github.com/fatedier/frp/pkg/util/util"
- )
- func init() {
- Register(v1.PluginHTTPProxy, NewHTTPProxyPlugin)
- }
- type HTTPProxy struct {
- opts *v1.HTTPProxyPluginOptions
- l *Listener
- s *http.Server
- }
- func NewHTTPProxyPlugin(options v1.ClientPluginOptions) (Plugin, error) {
- opts := options.(*v1.HTTPProxyPluginOptions)
- listener := NewProxyListener()
- hp := &HTTPProxy{
- l: listener,
- opts: opts,
- }
- hp.s = &http.Server{
- Handler: hp,
- ReadHeaderTimeout: 60 * time.Second,
- }
- go func() {
- _ = hp.s.Serve(listener)
- }()
- return hp, nil
- }
- func (hp *HTTPProxy) Name() string {
- return v1.PluginHTTPProxy
- }
- func (hp *HTTPProxy) Handle(_ context.Context, conn io.ReadWriteCloser, realConn net.Conn, _ *ExtraInfo) {
- wrapConn := netpkg.WrapReadWriteCloserToConn(conn, realConn)
- sc, rd := libnet.NewSharedConn(wrapConn)
- firstBytes := make([]byte, 7)
- _, err := rd.Read(firstBytes)
- if err != nil {
- wrapConn.Close()
- return
- }
- if strings.ToUpper(string(firstBytes)) == "CONNECT" {
- bufRd := bufio.NewReader(sc)
- request, err := http.ReadRequest(bufRd)
- if err != nil {
- wrapConn.Close()
- return
- }
- hp.handleConnectReq(request, libio.WrapReadWriteCloser(bufRd, wrapConn, wrapConn.Close))
- return
- }
- _ = hp.l.PutConn(sc)
- }
- func (hp *HTTPProxy) Close() error {
- hp.s.Close()
- hp.l.Close()
- return nil
- }
- func (hp *HTTPProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
- if ok := hp.Auth(req); !ok {
- rw.Header().Set("Proxy-Authenticate", "Basic")
- rw.WriteHeader(http.StatusProxyAuthRequired)
- return
- }
- if req.Method == http.MethodConnect {
-
-
- hp.ConnectHandler(rw, req)
- } else {
- hp.HTTPHandler(rw, req)
- }
- }
- func (hp *HTTPProxy) HTTPHandler(rw http.ResponseWriter, req *http.Request) {
- removeProxyHeaders(req)
- resp, err := http.DefaultTransport.RoundTrip(req)
- if err != nil {
- http.Error(rw, err.Error(), http.StatusInternalServerError)
- return
- }
- defer resp.Body.Close()
- copyHeaders(rw.Header(), resp.Header)
- rw.WriteHeader(resp.StatusCode)
- _, err = io.Copy(rw, resp.Body)
- if err != nil && err != io.EOF {
- return
- }
- }
- func (hp *HTTPProxy) ConnectHandler(rw http.ResponseWriter, req *http.Request) {
- hj, ok := rw.(http.Hijacker)
- if !ok {
- rw.WriteHeader(http.StatusInternalServerError)
- return
- }
- client, _, err := hj.Hijack()
- if err != nil {
- rw.WriteHeader(http.StatusInternalServerError)
- return
- }
- remote, err := net.Dial("tcp", req.URL.Host)
- if err != nil {
- http.Error(rw, "Failed", http.StatusBadRequest)
- client.Close()
- return
- }
- _, _ = client.Write([]byte("HTTP/1.1 200 OK\r\n\r\n"))
- go libio.Join(remote, client)
- }
- func (hp *HTTPProxy) Auth(req *http.Request) bool {
- if hp.opts.HTTPUser == "" && hp.opts.HTTPPassword == "" {
- return true
- }
- s := strings.SplitN(req.Header.Get("Proxy-Authorization"), " ", 2)
- if len(s) != 2 {
- return false
- }
- b, err := base64.StdEncoding.DecodeString(s[1])
- if err != nil {
- return false
- }
- pair := strings.SplitN(string(b), ":", 2)
- if len(pair) != 2 {
- return false
- }
- if !util.ConstantTimeEqString(pair[0], hp.opts.HTTPUser) ||
- !util.ConstantTimeEqString(pair[1], hp.opts.HTTPPassword) {
- time.Sleep(200 * time.Millisecond)
- return false
- }
- return true
- }
- func (hp *HTTPProxy) handleConnectReq(req *http.Request, rwc io.ReadWriteCloser) {
- defer rwc.Close()
- if ok := hp.Auth(req); !ok {
- res := getBadResponse()
- _ = res.Write(rwc)
- if res.Body != nil {
- res.Body.Close()
- }
- return
- }
- remote, err := net.Dial("tcp", req.URL.Host)
- if err != nil {
- res := &http.Response{
- StatusCode: 400,
- Proto: "HTTP/1.1",
- ProtoMajor: 1,
- ProtoMinor: 1,
- }
- _ = res.Write(rwc)
- return
- }
- _, _ = rwc.Write([]byte("HTTP/1.1 200 OK\r\n\r\n"))
- libio.Join(remote, rwc)
- }
- func copyHeaders(dst, src http.Header) {
- for key, values := range src {
- for _, value := range values {
- dst.Add(key, value)
- }
- }
- }
- func removeProxyHeaders(req *http.Request) {
- req.RequestURI = ""
- req.Header.Del("Proxy-Connection")
- req.Header.Del("Connection")
- req.Header.Del("Proxy-Authenticate")
- req.Header.Del("Proxy-Authorization")
- req.Header.Del("TE")
- req.Header.Del("Trailers")
- req.Header.Del("Transfer-Encoding")
- req.Header.Del("Upgrade")
- }
- func getBadResponse() *http.Response {
- header := make(map[string][]string)
- header["Proxy-Authenticate"] = []string{"Basic"}
- header["Connection"] = []string{"close"}
- res := &http.Response{
- Status: "407 Not authorized",
- StatusCode: 407,
- Proto: "HTTP/1.1",
- ProtoMajor: 1,
- ProtoMinor: 1,
- Header: header,
- }
- return res
- }
|