132 lines
2.9 KiB
Go
132 lines
2.9 KiB
Go
package http
|
|
|
|
import (
|
|
"net"
|
|
"net/http"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/Dreamacro/clash/adapter/inbound"
|
|
"github.com/Dreamacro/clash/common/cache"
|
|
N "github.com/Dreamacro/clash/common/net"
|
|
C "github.com/Dreamacro/clash/constant"
|
|
authStore "github.com/Dreamacro/clash/listener/auth"
|
|
"github.com/Dreamacro/clash/log"
|
|
)
|
|
|
|
func HandleConn(c net.Conn, in chan<- C.ConnContext, cache *cache.Cache) {
|
|
client := newClient(c.RemoteAddr(), in)
|
|
defer client.CloseIdleConnections()
|
|
|
|
conn := N.NewBufferedConn(c)
|
|
|
|
keepAlive := true
|
|
trusted := cache == nil // disable authenticate if cache is nil
|
|
|
|
for keepAlive {
|
|
request, err := ReadRequest(conn.Reader(), false)
|
|
if err != nil {
|
|
break
|
|
}
|
|
|
|
request.RemoteAddr = conn.RemoteAddr().String()
|
|
|
|
keepAlive = strings.TrimSpace(strings.ToLower(request.Header.Get("Proxy-Connection"))) == "keep-alive"
|
|
|
|
var resp *http.Response
|
|
|
|
if !trusted {
|
|
resp = authenticate(request, cache)
|
|
|
|
trusted = resp == nil
|
|
}
|
|
|
|
if trusted {
|
|
if request.Method == http.MethodConnect {
|
|
resp = responseWith(200)
|
|
resp.Status = "Connection established"
|
|
|
|
if resp.Write(conn) != nil {
|
|
break // close connection
|
|
}
|
|
|
|
in <- inbound.NewHTTPS(request, conn)
|
|
|
|
return // hijack connection
|
|
}
|
|
|
|
host := request.Header.Get("Host")
|
|
if host != "" {
|
|
request.Host = host
|
|
}
|
|
|
|
request.RequestURI = ""
|
|
|
|
RemoveHopByHopHeaders(request.Header)
|
|
RemoveExtraHTTPHostPort(request)
|
|
|
|
if request.URL.Scheme == "" || request.URL.Host == "" {
|
|
resp = responseWith(http.StatusBadRequest)
|
|
} else {
|
|
resp, err = client.Do(request)
|
|
if err != nil {
|
|
resp = responseWith(http.StatusBadGateway)
|
|
}
|
|
}
|
|
}
|
|
|
|
RemoveHopByHopHeaders(resp.Header)
|
|
|
|
if keepAlive {
|
|
resp.Header.Set("Proxy-Connection", "keep-alive")
|
|
resp.Header.Set("Connection", "keep-alive")
|
|
resp.Header.Set("Keep-Alive", "timeout=4")
|
|
}
|
|
|
|
resp.Close = !keepAlive
|
|
|
|
err = resp.Write(conn)
|
|
if err != nil {
|
|
break // close connection
|
|
}
|
|
}
|
|
|
|
conn.Close()
|
|
}
|
|
|
|
func authenticate(request *http.Request, cache *cache.Cache) *http.Response {
|
|
authenticator := authStore.Authenticator()
|
|
if authenticator != nil {
|
|
credential := ParseBasicProxyAuthorization(request)
|
|
if credential == "" {
|
|
resp := responseWith(http.StatusProxyAuthRequired)
|
|
resp.Header.Set("Proxy-Authenticate", "Basic")
|
|
return resp
|
|
}
|
|
|
|
var authed interface{}
|
|
if authed = cache.Get(credential); authed == nil {
|
|
user, pass, err := DecodeBasicProxyAuthorization(credential)
|
|
authed = err == nil && authenticator.Verify(user, pass)
|
|
cache.Put(credential, authed, time.Minute)
|
|
}
|
|
if !authed.(bool) {
|
|
log.Infoln("Auth failed from %s", request.RemoteAddr)
|
|
|
|
return responseWith(http.StatusForbidden)
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func responseWith(statusCode int) *http.Response {
|
|
return &http.Response{
|
|
StatusCode: statusCode,
|
|
Status: http.StatusText(statusCode),
|
|
Proto: "HTTP/1.1",
|
|
ProtoMajor: 1,
|
|
ProtoMinor: 1,
|
|
Header: http.Header{},
|
|
}
|
|
}
|