/*
-tofuproxy -- HTTP proxy with TLS certificates management
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+ manager, WARC/geminispace browser
Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
This program is free software: you can redistribute it and/or modify
"go.stargrave.org/tofuproxy/caches"
"go.stargrave.org/tofuproxy/fifos"
"go.stargrave.org/tofuproxy/rounds"
+ ttls "go.stargrave.org/tofuproxy/tls"
)
var (
MaxIdleConns: http.DefaultTransport.(*http.Transport).MaxIdleConns,
IdleConnTimeout: http.DefaultTransport.(*http.Transport).IdleConnTimeout * 2,
TLSHandshakeTimeout: time.Minute,
- DialTLSContext: dialTLS,
+ DialTLSContext: ttls.DialTLS,
ForceAttemptHTTP2: true,
}
proxyHeaders = map[string]struct{}{
) (bool, error)
func roundTrip(w http.ResponseWriter, req *http.Request) {
+ defer req.Body.Close()
fifos.LogReq <- fmt.Sprintf("%s %s", req.Method, req.URL)
host := strings.TrimSuffix(req.URL.Host, ":443")
for _, round := range []Round{
rounds.RoundNoHead,
+ rounds.RoundGemini,
+ rounds.RoundWARC,
rounds.RoundDenySpy,
rounds.RoundRedditOld,
rounds.RoundHabrImage,
caches.HTTPAuthCacheM.RLock()
if creds, ok := caches.HTTPAuthCache[req.URL.Host]; ok {
req.SetBasicAuth(creds[0], creds[1])
- fifos.LogHTTPAuth <- fmt.Sprintf("%s %s\t%s", req.Method, req.URL, creds[0])
unauthorized = true
}
caches.HTTPAuthCacheM.RUnlock()