X-Git-Url: http://www.git.stargrave.org/?p=tofuproxy.git;a=blobdiff_plain;f=trip.go;h=4f3e1d6de56ac6e86bf174abe481caf9227d5ae1;hp=d4ed57205bbd8d184320dc8412ed0f9be395dce4;hb=HEAD;hpb=df97583cd82601875eab45e250e08966f2529a7a diff --git a/trip.go b/trip.go index d4ed572..63c37d2 100644 --- a/trip.go +++ b/trip.go @@ -1,19 +1,18 @@ -/* -tofuproxy -- HTTP proxy with TLS certificates management -Copyright (C) 2021 Sergey Matveev - -This program is free software: you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation, version 3 of the License. - -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -GNU General Public License for more details. - -You should have received a copy of the GNU General Public License -along with this program. If not, see . -*/ +// tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU +// manager, WARC/geminispace browser +// Copyright (C) 2021-2025 Sergey Matveev +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, version 3 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . package tofuproxy @@ -30,6 +29,7 @@ import ( "go.stargrave.org/tofuproxy/caches" "go.stargrave.org/tofuproxy/fifos" "go.stargrave.org/tofuproxy/rounds" + ttls "go.stargrave.org/tofuproxy/tls" ) var ( @@ -41,7 +41,7 @@ var ( MaxIdleConns: http.DefaultTransport.(*http.Transport).MaxIdleConns, IdleConnTimeout: http.DefaultTransport.(*http.Transport).IdleConnTimeout * 2, TLSHandshakeTimeout: time.Minute, - DialTLSContext: dialTLS, + DialTLSContext: ttls.DialTLS, ForceAttemptHTTP2: true, } proxyHeaders = map[string]struct{}{ @@ -59,10 +59,12 @@ type Round func( ) (bool, error) func roundTrip(w http.ResponseWriter, req *http.Request) { + defer req.Body.Close() fifos.LogReq <- fmt.Sprintf("%s %s", req.Method, req.URL) host := strings.TrimSuffix(req.URL.Host, ":443") for _, round := range []Round{ - rounds.RoundNoHead, + rounds.RoundGemini, + rounds.RoundWARC, rounds.RoundDenySpy, rounds.RoundRedditOld, rounds.RoundHabrImage, @@ -101,7 +103,8 @@ Retry: fifos.LogVarious <- fmt.Sprintf( "%s %s\tHTTP authorization required", req.Method, req.URL.Host, ) - user, pass, err := authDialog(host, resp.Header.Get("WWW-Authenticate")) + var user, pass string + user, pass, err = authDialog(host, resp.Header.Get("WWW-Authenticate")) if err != nil { caches.HTTPAuthCacheM.Unlock() fifos.LogErr <- fmt.Sprintf("%s\t%s", req.URL.Host, err.Error()) @@ -130,20 +133,23 @@ Retry: } } - for _, round := range []Round{ - rounds.RoundDenyFonts, - rounds.RoundTranscodeWebP, - rounds.RoundTranscodeJXL, - rounds.RoundTranscodeAVIF, - rounds.RoundRedirectHTML, - } { - cont, err := round(host, resp, w, req) - if err != nil { - http.Error(w, err.Error(), http.StatusBadGateway) - return - } - if !cont { - return + { + var cont bool + for _, round := range []Round{ + rounds.RoundDenyFonts, + rounds.RoundTranscodeWebP, + rounds.RoundTranscodeJXL, + rounds.RoundTranscodeAVIF, + rounds.RoundRedirectHTML, + } { + cont, err = round(host, resp, w, req) + if err != nil { + http.Error(w, err.Error(), http.StatusBadGateway) + return + } + if !cont { + return + } } }