2021-06-15 17:13:40 +08:00
|
|
|
package http
|
|
|
|
|
|
|
|
import (
|
2024-01-02 13:45:40 +08:00
|
|
|
"context"
|
2021-09-30 16:30:07 +08:00
|
|
|
"fmt"
|
2024-01-02 13:45:40 +08:00
|
|
|
"io"
|
2021-06-15 17:13:40 +08:00
|
|
|
"net"
|
|
|
|
"net/http"
|
|
|
|
"strings"
|
2024-01-02 13:45:40 +08:00
|
|
|
"sync"
|
2021-06-15 17:13:40 +08:00
|
|
|
|
2023-11-03 21:01:45 +08:00
|
|
|
"github.com/metacubex/mihomo/adapter/inbound"
|
|
|
|
N "github.com/metacubex/mihomo/common/net"
|
2024-07-25 19:49:56 +08:00
|
|
|
"github.com/metacubex/mihomo/component/auth"
|
2023-11-03 21:01:45 +08:00
|
|
|
C "github.com/metacubex/mihomo/constant"
|
|
|
|
"github.com/metacubex/mihomo/log"
|
2021-06-15 17:13:40 +08:00
|
|
|
)
|
|
|
|
|
2024-05-18 20:16:53 +08:00
|
|
|
type bodyWrapper struct {
|
|
|
|
io.ReadCloser
|
|
|
|
once sync.Once
|
|
|
|
onHitEOF func()
|
|
|
|
}
|
2024-01-02 13:45:40 +08:00
|
|
|
|
2024-05-18 20:16:53 +08:00
|
|
|
func (b *bodyWrapper) Read(p []byte) (n int, err error) {
|
|
|
|
n, err = b.ReadCloser.Read(p)
|
|
|
|
if err == io.EOF && b.onHitEOF != nil {
|
|
|
|
b.once.Do(b.onHitEOF)
|
|
|
|
}
|
|
|
|
return n, err
|
|
|
|
}
|
2024-01-02 13:45:40 +08:00
|
|
|
|
2024-08-25 19:26:06 +08:00
|
|
|
func HandleConn(c net.Conn, tunnel C.Tunnel, getAuth func() auth.Authenticator, additions ...inbound.Addition) {
|
2024-07-25 19:49:56 +08:00
|
|
|
additions = append(additions, inbound.Placeholder) // Add a placeholder for InUser
|
|
|
|
inUserIdx := len(additions) - 1
|
|
|
|
client := newClient(c, tunnel, additions)
|
2021-06-15 17:13:40 +08:00
|
|
|
defer client.CloseIdleConnections()
|
2024-01-02 13:45:40 +08:00
|
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
|
|
defer cancel()
|
|
|
|
peekMutex := sync.Mutex{}
|
2021-06-15 17:13:40 +08:00
|
|
|
|
2022-04-25 19:50:20 +08:00
|
|
|
conn := N.NewBufferedConn(c)
|
2021-06-15 17:13:40 +08:00
|
|
|
|
2024-08-25 19:26:06 +08:00
|
|
|
authenticator := getAuth()
|
2021-06-15 17:13:40 +08:00
|
|
|
keepAlive := true
|
2024-07-25 19:49:56 +08:00
|
|
|
trusted := authenticator == nil // disable authenticate if lru is nil
|
|
|
|
lastUser := ""
|
2021-06-15 17:13:40 +08:00
|
|
|
|
|
|
|
for keepAlive {
|
2024-01-02 13:45:40 +08:00
|
|
|
peekMutex.Lock()
|
2021-08-20 23:38:47 +08:00
|
|
|
request, err := ReadRequest(conn.Reader())
|
2024-01-02 13:45:40 +08:00
|
|
|
peekMutex.Unlock()
|
2021-06-15 17:13:40 +08:00
|
|
|
if err != nil {
|
|
|
|
break
|
|
|
|
}
|
|
|
|
|
|
|
|
request.RemoteAddr = conn.RemoteAddr().String()
|
|
|
|
|
|
|
|
keepAlive = strings.TrimSpace(strings.ToLower(request.Header.Get("Proxy-Connection"))) == "keep-alive"
|
|
|
|
|
|
|
|
var resp *http.Response
|
|
|
|
|
2024-07-25 19:49:56 +08:00
|
|
|
var user string
|
|
|
|
resp, user = authenticate(request, authenticator) // always call authenticate function to get user
|
|
|
|
trusted = trusted || resp == nil
|
|
|
|
additions[inUserIdx] = inbound.WithInUser(user)
|
2021-06-15 17:13:40 +08:00
|
|
|
|
|
|
|
if trusted {
|
|
|
|
if request.Method == http.MethodConnect {
|
2021-09-30 16:30:07 +08:00
|
|
|
// Manual writing to support CONNECT for http 1.0 (workaround for uplay client)
|
|
|
|
if _, err = fmt.Fprintf(conn, "HTTP/%d.%d %03d %s\r\n\r\n", request.ProtoMajor, request.ProtoMinor, http.StatusOK, "Connection established"); err != nil {
|
2021-06-15 17:13:40 +08:00
|
|
|
break // close connection
|
|
|
|
}
|
|
|
|
|
2023-09-28 18:59:31 +08:00
|
|
|
tunnel.HandleTCPConn(inbound.NewHTTPS(request, conn, additions...))
|
2021-06-15 17:13:40 +08:00
|
|
|
|
|
|
|
return // hijack connection
|
|
|
|
}
|
|
|
|
|
|
|
|
host := request.Header.Get("Host")
|
|
|
|
if host != "" {
|
|
|
|
request.Host = host
|
|
|
|
}
|
|
|
|
|
|
|
|
request.RequestURI = ""
|
|
|
|
|
2022-04-25 19:50:20 +08:00
|
|
|
if isUpgradeRequest(request) {
|
2023-09-28 18:59:31 +08:00
|
|
|
handleUpgrade(conn, request, tunnel, additions...)
|
2022-04-25 19:50:20 +08:00
|
|
|
|
|
|
|
return // hijack connection
|
2022-04-25 19:50:20 +08:00
|
|
|
}
|
|
|
|
|
2024-07-25 19:49:56 +08:00
|
|
|
// ensure there is a client with correct additions
|
|
|
|
// when the authenticated user changed, outbound client should close idle connections
|
|
|
|
if user != lastUser {
|
|
|
|
client.CloseIdleConnections()
|
|
|
|
lastUser = user
|
|
|
|
}
|
|
|
|
|
2021-09-14 00:08:23 +08:00
|
|
|
removeHopByHopHeaders(request.Header)
|
|
|
|
removeExtraHTTPHostPort(request)
|
2021-06-15 17:13:40 +08:00
|
|
|
|
|
|
|
if request.URL.Scheme == "" || request.URL.Host == "" {
|
2021-09-30 16:30:07 +08:00
|
|
|
resp = responseWith(request, http.StatusBadRequest)
|
2021-06-15 17:13:40 +08:00
|
|
|
} else {
|
2024-01-02 13:45:40 +08:00
|
|
|
request = request.WithContext(ctx)
|
|
|
|
|
|
|
|
startBackgroundRead := func() {
|
|
|
|
go func() {
|
|
|
|
peekMutex.Lock()
|
|
|
|
defer peekMutex.Unlock()
|
|
|
|
_, err := conn.Peek(1)
|
|
|
|
if err != nil {
|
|
|
|
cancel()
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
}
|
2024-05-18 20:16:53 +08:00
|
|
|
if request.Body == nil || request.Body == http.NoBody {
|
2024-01-02 13:45:40 +08:00
|
|
|
startBackgroundRead()
|
2024-05-18 20:16:53 +08:00
|
|
|
} else {
|
|
|
|
request.Body = &bodyWrapper{ReadCloser: request.Body, onHitEOF: startBackgroundRead}
|
2024-01-02 13:45:40 +08:00
|
|
|
}
|
2021-06-15 17:13:40 +08:00
|
|
|
resp, err = client.Do(request)
|
|
|
|
if err != nil {
|
2021-09-30 16:30:07 +08:00
|
|
|
resp = responseWith(request, http.StatusBadGateway)
|
2021-06-15 17:13:40 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-09-14 00:08:23 +08:00
|
|
|
removeHopByHopHeaders(resp.Header)
|
|
|
|
}
|
2021-06-15 17:13:40 +08:00
|
|
|
|
|
|
|
if keepAlive {
|
|
|
|
resp.Header.Set("Proxy-Connection", "keep-alive")
|
|
|
|
resp.Header.Set("Connection", "keep-alive")
|
|
|
|
resp.Header.Set("Keep-Alive", "timeout=4")
|
|
|
|
}
|
|
|
|
|
|
|
|
resp.Close = !keepAlive
|
|
|
|
|
|
|
|
err = resp.Write(conn)
|
|
|
|
if err != nil {
|
|
|
|
break // close connection
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-04-27 05:14:03 +08:00
|
|
|
_ = conn.Close()
|
2021-06-15 17:13:40 +08:00
|
|
|
}
|
|
|
|
|
2024-07-25 19:49:56 +08:00
|
|
|
func authenticate(request *http.Request, authenticator auth.Authenticator) (resp *http.Response, user string) {
|
|
|
|
credential := parseBasicProxyAuthorization(request)
|
|
|
|
if credential == "" && authenticator != nil {
|
|
|
|
resp = responseWith(request, http.StatusProxyAuthRequired)
|
|
|
|
resp.Header.Set("Proxy-Authenticate", "Basic")
|
|
|
|
return
|
2021-06-15 17:13:40 +08:00
|
|
|
}
|
2024-07-25 19:49:56 +08:00
|
|
|
user, pass, err := decodeBasicProxyAuthorization(credential)
|
|
|
|
authed := authenticator == nil || (err == nil && authenticator.Verify(user, pass))
|
|
|
|
if !authed {
|
|
|
|
log.Infoln("Auth failed from %s", request.RemoteAddr)
|
|
|
|
return responseWith(request, http.StatusForbidden), user
|
|
|
|
}
|
|
|
|
log.Debugln("Auth success from %s -> %s", request.RemoteAddr, user)
|
|
|
|
return
|
2021-06-15 17:13:40 +08:00
|
|
|
}
|
|
|
|
|
2021-09-30 16:30:07 +08:00
|
|
|
func responseWith(request *http.Request, statusCode int) *http.Response {
|
2021-06-15 17:13:40 +08:00
|
|
|
return &http.Response{
|
|
|
|
StatusCode: statusCode,
|
|
|
|
Status: http.StatusText(statusCode),
|
2021-09-30 16:30:07 +08:00
|
|
|
Proto: request.Proto,
|
|
|
|
ProtoMajor: request.ProtoMajor,
|
|
|
|
ProtoMinor: request.ProtoMinor,
|
2021-06-15 17:13:40 +08:00
|
|
|
Header: http.Header{},
|
|
|
|
}
|
|
|
|
}
|