trip.go

   1 /*
   2 tofuproxy -- HTTP proxy with TLS certificates management
   3 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
   4
   5 This program is free software: you can redistribute it and/or modify
   6 it under the terms of the GNU General Public License as published by
   7 the Free Software Foundation, version 3 of the License.
   8
   9 This program is distributed in the hope that it will be useful,
  10 but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 GNU General Public License for more details.
  13
  14 You should have received a copy of the GNU General Public License
  15 along with this program.  If not, see <http://www.gnu.org/licenses/>.
  16 */
  17
  18 package tofuproxy
  19
  20 import (
  21         "fmt"
  22         "io"
  23         "log"
  24         "net"
  25         "net/http"
  26         "strings"
  27         "time"
  28
  29         "github.com/dustin/go-humanize"
  30         "go.stargrave.org/tofuproxy/fifos"
  31         "go.stargrave.org/tofuproxy/rounds"
  32 )
  33
  34 var (
  35         transport = http.Transport{
  36                 DialContext: (&net.Dialer{
  37                         Timeout:   time.Minute,
  38                         KeepAlive: time.Minute,
  39                 }).DialContext,
  40                 MaxIdleConns:        http.DefaultTransport.(*http.Transport).MaxIdleConns,
  41                 IdleConnTimeout:     http.DefaultTransport.(*http.Transport).IdleConnTimeout * 2,
  42                 TLSHandshakeTimeout: time.Minute,
  43                 DialTLSContext:      dialTLS,
  44                 ForceAttemptHTTP2:   true,
  45         }
  46         proxyHeaders = map[string]struct{}{
  47                 "Location":       {},
  48                 "Content-Type":   {},
  49                 "Content-Length": {},
  50         }
  51 )
  52
  53 type Round func(
  54         host string,
  55         resp *http.Response,
  56         w http.ResponseWriter,
  57         req *http.Request,
  58 ) (bool, error)
  59
  60 func roundTrip(w http.ResponseWriter, req *http.Request) {
  61         fifos.SinkReq <- fmt.Sprintf("%s %s", req.Method, req.URL.String())
  62         host := strings.TrimSuffix(req.URL.Host, ":443")
  63         for _, round := range []Round{
  64                 rounds.RoundNoHead,
  65                 rounds.RoundDenySpy,
  66                 rounds.RoundRedditOld,
  67                 rounds.RoundHabrImage,
  68         } {
  69                 if cont, _ := round(host, nil, w, req); !cont {
  70                         return
  71                 }
  72         }
  73
  74         reqFlags := []string{}
  75         unauthorized := false
  76 Retry:
  77         resp, err := transport.RoundTrip(req)
  78         if err != nil {
  79                 fifos.SinkErr <- fmt.Sprintf("%s\t%s", req.URL.Host, err.Error())
  80                 http.Error(w, err.Error(), http.StatusBadGateway)
  81                 return
  82         }
  83
  84         if resp.StatusCode == http.StatusUnauthorized {
  85                 resp.Body.Close()
  86                 authCacheM.Lock()
  87                 if unauthorized {
  88                         delete(authCache, req.URL.Host)
  89                 } else {
  90                         unauthorized = true
  91                         if creds, ok := authCache[req.URL.Host]; ok {
  92                                 authCacheM.Unlock()
  93                                 req.SetBasicAuth(creds[0], creds[1])
  94                                 goto Retry
  95                         }
  96                 }
  97                 fifos.SinkOther <- fmt.Sprintf("%s\tauthorization required", req.URL.Host)
  98                 user, pass, err := authDialog(host, resp.Header.Get("WWW-Authenticate"))
  99                 if err != nil {
 100                         authCacheM.Unlock()
 101                         fifos.SinkErr <- fmt.Sprintf("%s\t%s", req.URL.Host, err.Error())
 102                         http.Error(w, err.Error(), http.StatusInternalServerError)
 103                         return
 104                 }
 105                 authCache[req.URL.Host] = [2]string{user, pass}
 106                 authCacheM.Unlock()
 107                 req.SetBasicAuth(user, pass)
 108                 goto Retry
 109         }
 110         if unauthorized {
 111                 reqFlags = append(reqFlags, "auth")
 112         }
 113         if resp.TLS != nil && resp.TLS.NegotiatedProtocol != "" {
 114                 reqFlags = append(reqFlags, resp.TLS.NegotiatedProtocol)
 115         }
 116
 117         for k, vs := range resp.Header {
 118                 if _, ok := proxyHeaders[k]; ok {
 119                         continue
 120                 }
 121                 for _, v := range vs {
 122                         w.Header().Add(k, v)
 123                 }
 124         }
 125
 126         for _, round := range []Round{
 127                 rounds.RoundDenyFonts,
 128                 rounds.RoundTranscodeWebP,
 129                 rounds.RoundTranscodeJXL,
 130                 rounds.RoundTranscodeAVIF,
 131                 rounds.RoundRedirectHTML,
 132         } {
 133                 cont, err := round(host, resp, w, req)
 134                 if err != nil {
 135                         http.Error(w, err.Error(), http.StatusBadGateway)
 136                         return
 137                 }
 138                 if !cont {
 139                         return
 140                 }
 141         }
 142
 143         for h := range proxyHeaders {
 144                 if v := resp.Header.Get(h); v != "" {
 145                         w.Header().Add(h, v)
 146                 }
 147         }
 148         w.WriteHeader(resp.StatusCode)
 149         n, err := io.Copy(w, resp.Body)
 150         if err != nil {
 151                 log.Printf("Error during %s: %+v\n", req.URL, err)
 152         }
 153         resp.Body.Close()
 154         msg := fmt.Sprintf(
 155                 "%s %s\t%s\t%s\t%s\t%s",
 156                 req.Method,
 157                 req.URL.String(),
 158                 resp.Status,
 159                 resp.Header.Get("Content-Type"),
 160                 humanize.IBytes(uint64(n)),
 161                 strings.Join(reqFlags, ","),
 162         )
 163         if resp.StatusCode == http.StatusOK {
 164                 fifos.SinkOK <- msg
 165         } else {
 166                 fifos.SinkOther <- msg
 167         }
 168 }