frp/pkg/util/vhost/http.go

342 lines
10 KiB
Go
Raw Normal View History

2017-12-12 20:27:43 +01:00
// Copyright 2017 fatedier, fatedier@gmail.com
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package vhost
import (
"bytes"
2017-12-12 20:27:43 +01:00
"context"
"encoding/base64"
2017-12-12 20:27:43 +01:00
"errors"
"fmt"
2024-03-12 06:58:53 +01:00
stdlog "log"
2017-12-12 20:27:43 +01:00
"net"
"net/http"
2022-08-28 19:02:53 +02:00
"net/http/httputil"
"net/url"
2017-12-12 20:27:43 +01:00
"strings"
"time"
2023-05-29 08:10:34 +02:00
libio "github.com/fatedier/golib/io"
2018-05-07 20:13:30 +02:00
"github.com/fatedier/golib/pool"
2017-12-12 20:27:43 +01:00
2023-11-27 08:47:49 +01:00
httppkg "github.com/fatedier/frp/pkg/util/http"
2024-03-12 06:58:53 +01:00
"github.com/fatedier/frp/pkg/util/log"
2017-12-12 20:27:43 +01:00
)
2022-08-28 19:02:53 +02:00
var ErrNoRouteFound = errors.New("no route found")
2020-05-24 11:48:37 +02:00
type HTTPReverseProxyOptions struct {
2018-08-08 05:18:38 +02:00
ResponseHeaderTimeoutS int64
}
2020-05-24 11:48:37 +02:00
type HTTPReverseProxy struct {
2022-08-28 19:02:53 +02:00
proxy *httputil.ReverseProxy
2020-05-24 11:48:37 +02:00
vhostRouter *Routers
2017-12-12 20:27:43 +01:00
2018-08-08 05:18:38 +02:00
responseHeaderTimeout time.Duration
2017-12-12 20:27:43 +01:00
}
2020-05-24 11:48:37 +02:00
func NewHTTPReverseProxy(option HTTPReverseProxyOptions, vhostRouter *Routers) *HTTPReverseProxy {
2018-08-08 05:18:38 +02:00
if option.ResponseHeaderTimeoutS <= 0 {
option.ResponseHeaderTimeoutS = 60
}
2020-05-24 11:48:37 +02:00
rp := &HTTPReverseProxy{
2018-08-08 05:18:38 +02:00
responseHeaderTimeout: time.Duration(option.ResponseHeaderTimeoutS) * time.Second,
2019-07-30 18:41:58 +02:00
vhostRouter: vhostRouter,
2017-12-12 20:27:43 +01:00
}
2022-08-28 19:02:53 +02:00
proxy := &httputil.ReverseProxy{
// Modify incoming requests by route policies.
Rewrite: func(r *httputil.ProxyRequest) {
2024-03-28 09:47:27 +01:00
r.Out.Header["X-Forwarded-For"] = r.In.Header["X-Forwarded-For"]
r.SetXForwarded()
req := r.Out
2017-12-12 20:27:43 +01:00
req.URL.Scheme = "http"
reqRouteInfo := req.Context().Value(RouteInfoKey).(*RequestRouteInfo)
2023-11-27 08:47:49 +01:00
oldHost, _ := httppkg.CanonicalHost(reqRouteInfo.Host)
rc := rp.GetRouteConfig(oldHost, reqRouteInfo.URL, reqRouteInfo.HTTPUser)
if rc != nil {
if rc.RewriteHost != "" {
req.Host = rc.RewriteHost
}
var endpoint string
if rc.ChooseEndpointFn != nil {
// ignore error here, it will use CreateConnFn instead later
endpoint, _ = rc.ChooseEndpointFn()
reqRouteInfo.Endpoint = endpoint
2024-03-12 06:58:53 +01:00
log.Tracef("choose endpoint name [%s] for http request host [%s] path [%s] httpuser [%s]",
endpoint, oldHost, reqRouteInfo.URL, reqRouteInfo.HTTPUser)
}
// Set {domain}.{location}.{routeByHTTPUser}.{endpoint} as URL host here to let http transport reuse connections.
req.URL.Host = rc.Domain + "." +
base64.StdEncoding.EncodeToString([]byte(rc.Location)) + "." +
base64.StdEncoding.EncodeToString([]byte(rc.RouteByHTTPUser)) + "." +
base64.StdEncoding.EncodeToString([]byte(endpoint))
2018-05-20 17:22:07 +02:00
for k, v := range rc.Headers {
req.Header.Set(k, v)
}
} else {
req.URL.Host = req.Host
2018-05-20 17:22:07 +02:00
}
2017-12-12 20:27:43 +01:00
},
// Create a connection to one proxy routed by route policy.
2017-12-12 20:27:43 +01:00
Transport: &http.Transport{
2018-08-08 05:18:38 +02:00
ResponseHeaderTimeout: rp.responseHeaderTimeout,
IdleConnTimeout: 60 * time.Second,
MaxIdleConnsPerHost: 5,
2017-12-12 20:27:43 +01:00
DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
return rp.CreateConnection(ctx.Value(RouteInfoKey).(*RequestRouteInfo), true)
},
Proxy: func(req *http.Request) (*url.URL, error) {
// Use proxy mode if there is host in HTTP first request line.
// GET http://example.com/ HTTP/1.1
// Host: example.com
//
// Normal:
// GET / HTTP/1.1
// Host: example.com
urlHost := req.Context().Value(RouteInfoKey).(*RequestRouteInfo).URLHost
if urlHost != "" {
return req.URL, nil
}
return nil, nil
2017-12-12 20:27:43 +01:00
},
},
BufferPool: newWrapPool(),
2024-03-12 06:58:53 +01:00
ErrorLog: stdlog.New(newWrapLogger(), "", 0),
2019-08-06 10:49:22 +02:00
ErrorHandler: func(rw http.ResponseWriter, req *http.Request, err error) {
2024-03-12 06:58:53 +01:00
log.Warnf("do http proxy request [host: %s] error: %v", req.Host, err)
2019-08-06 10:49:22 +02:00
rw.WriteHeader(http.StatusNotFound)
2022-08-28 19:02:53 +02:00
_, _ = rw.Write(getNotFoundPageContent())
2019-08-06 10:49:22 +02:00
},
2017-12-12 20:27:43 +01:00
}
rp.proxy = proxy
return rp
}
2019-07-30 18:41:58 +02:00
// Register register the route config to reverse proxy
// reverse proxy will use CreateConnFn from routeCfg to create a connection to the remote service
2020-05-24 11:48:37 +02:00
func (rp *HTTPReverseProxy) Register(routeCfg RouteConfig) error {
err := rp.vhostRouter.Add(routeCfg.Domain, routeCfg.Location, routeCfg.RouteByHTTPUser, &routeCfg)
2019-07-30 18:41:58 +02:00
if err != nil {
return err
2017-12-12 20:27:43 +01:00
}
return nil
}
2019-07-30 18:41:58 +02:00
// UnRegister unregister route config by domain and location
func (rp *HTTPReverseProxy) UnRegister(routeCfg RouteConfig) {
rp.vhostRouter.Del(routeCfg.Domain, routeCfg.Location, routeCfg.RouteByHTTPUser)
2017-12-12 20:27:43 +01:00
}
func (rp *HTTPReverseProxy) GetRouteConfig(domain, location, routeByHTTPUser string) *RouteConfig {
vr, ok := rp.getVhost(domain, location, routeByHTTPUser)
if ok {
2024-03-12 06:58:53 +01:00
log.Debugf("get new HTTP request host [%s] path [%s] httpuser [%s]", domain, location, routeByHTTPUser)
return vr.payload.(*RouteConfig)
}
return nil
}
func (rp *HTTPReverseProxy) GetHeaders(domain, location, routeByHTTPUser string) (headers map[string]string) {
vr, ok := rp.getVhost(domain, location, routeByHTTPUser)
2018-05-20 17:22:07 +02:00
if ok {
2020-05-24 11:48:37 +02:00
headers = vr.payload.(*RouteConfig).Headers
2018-05-20 17:22:07 +02:00
}
return
}
2019-07-30 18:41:58 +02:00
// CreateConnection create a new connection by route config
func (rp *HTTPReverseProxy) CreateConnection(reqRouteInfo *RequestRouteInfo, byEndpoint bool) (net.Conn, error) {
2023-11-27 08:47:49 +01:00
host, _ := httppkg.CanonicalHost(reqRouteInfo.Host)
vr, ok := rp.getVhost(host, reqRouteInfo.URL, reqRouteInfo.HTTPUser)
2017-12-12 20:27:43 +01:00
if ok {
if byEndpoint {
fn := vr.payload.(*RouteConfig).CreateConnByEndpointFn
if fn != nil {
return fn(reqRouteInfo.Endpoint, reqRouteInfo.RemoteAddr)
}
}
2020-05-24 11:48:37 +02:00
fn := vr.payload.(*RouteConfig).CreateConnFn
2017-12-12 20:27:43 +01:00
if fn != nil {
return fn(reqRouteInfo.RemoteAddr)
2017-12-12 20:27:43 +01:00
}
}
return nil, fmt.Errorf("%v: %s %s %s", ErrNoRouteFound, host, reqRouteInfo.URL, reqRouteInfo.HTTPUser)
2017-12-12 20:27:43 +01:00
}
func (rp *HTTPReverseProxy) CheckAuth(domain, location, routeByHTTPUser, user, passwd string) bool {
vr, ok := rp.getVhost(domain, location, routeByHTTPUser)
2017-12-13 16:44:27 +01:00
if ok {
2020-05-24 11:48:37 +02:00
checkUser := vr.payload.(*RouteConfig).Username
checkPasswd := vr.payload.(*RouteConfig).Password
2017-12-13 16:44:27 +01:00
if (checkUser != "" || checkPasswd != "") && (checkUser != user || checkPasswd != passwd) {
return false
}
}
return true
}
2023-11-22 07:30:22 +01:00
// getVhost tries to get vhost router by route policy.
func (rp *HTTPReverseProxy) getVhost(domain, location, routeByHTTPUser string) (*Router, bool) {
findRouter := func(inDomain, inLocation, inRouteByHTTPUser string) (*Router, bool) {
vr, ok := rp.vhostRouter.Get(inDomain, inLocation, inRouteByHTTPUser)
if ok {
return vr, ok
}
// Try to check if there is one proxy that doesn't specify routerByHTTPUser, it means match all.
vr, ok = rp.vhostRouter.Get(inDomain, inLocation, "")
if ok {
return vr, ok
}
return nil, false
}
// First we check the full hostname
2017-12-12 20:27:43 +01:00
// if not exist, then check the wildcard_domain such as *.example.com
vr, ok := findRouter(domain, location, routeByHTTPUser)
2017-12-12 20:27:43 +01:00
if ok {
return vr, ok
2017-12-12 20:27:43 +01:00
}
// e.g. domain = test.example.com, try to match wildcard domains.
// *.example.com
// *.com
2017-12-12 20:27:43 +01:00
domainSplit := strings.Split(domain, ".")
for {
if len(domainSplit) < 3 {
break
}
domainSplit[0] = "*"
domain = strings.Join(domainSplit, ".")
vr, ok = findRouter(domain, location, routeByHTTPUser)
if ok {
return vr, true
}
domainSplit = domainSplit[1:]
2017-12-12 20:27:43 +01:00
}
// Finally, try to check if there is one proxy that domain is "*" means match all domains.
vr, ok = findRouter("*", location, routeByHTTPUser)
if ok {
return vr, true
}
return nil, false
}
func (rp *HTTPReverseProxy) connectHandler(rw http.ResponseWriter, req *http.Request) {
hj, ok := rw.(http.Hijacker)
if !ok {
rw.WriteHeader(http.StatusInternalServerError)
return
}
client, _, err := hj.Hijack()
if err != nil {
rw.WriteHeader(http.StatusInternalServerError)
return
}
remote, err := rp.CreateConnection(req.Context().Value(RouteInfoKey).(*RequestRouteInfo), false)
if err != nil {
_ = NotFoundResponse().Write(client)
client.Close()
return
}
2022-08-28 19:02:53 +02:00
_ = req.Write(remote)
2023-05-29 08:10:34 +02:00
go libio.Join(remote, client)
}
2022-08-28 19:02:53 +02:00
func parseBasicAuth(auth string) (username, password string, ok bool) {
const prefix = "Basic "
// Case insensitive prefix match. See Issue 22736.
if len(auth) < len(prefix) || !strings.EqualFold(auth[:len(prefix)], prefix) {
return
}
c, err := base64.StdEncoding.DecodeString(auth[len(prefix):])
if err != nil {
return
}
cs := string(c)
s := strings.IndexByte(cs, ':')
if s < 0 {
return
}
return cs[:s], cs[s+1:], true
}
func (rp *HTTPReverseProxy) injectRequestInfoToCtx(req *http.Request) *http.Request {
user := ""
// If url host isn't empty, it's a proxy request. Get http user from Proxy-Authorization header.
if req.URL.Host != "" {
proxyAuth := req.Header.Get("Proxy-Authorization")
if proxyAuth != "" {
user, _, _ = parseBasicAuth(proxyAuth)
}
}
if user == "" {
user, _, _ = req.BasicAuth()
}
reqRouteInfo := &RequestRouteInfo{
URL: req.URL.Path,
Host: req.Host,
HTTPUser: user,
RemoteAddr: req.RemoteAddr,
URLHost: req.URL.Host,
}
newctx := req.Context()
newctx = context.WithValue(newctx, RouteInfoKey, reqRouteInfo)
return req.Clone(newctx)
2017-12-12 20:27:43 +01:00
}
2020-05-24 11:48:37 +02:00
func (rp *HTTPReverseProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
2023-11-27 08:47:49 +01:00
domain, _ := httppkg.CanonicalHost(req.Host)
2017-12-13 16:44:27 +01:00
location := req.URL.Path
user, passwd, _ := req.BasicAuth()
if !rp.CheckAuth(domain, location, user, user, passwd) {
2017-12-13 16:44:27 +01:00
rw.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
return
}
newreq := rp.injectRequestInfoToCtx(req)
if req.Method == http.MethodConnect {
rp.connectHandler(rw, newreq)
} else {
rp.proxy.ServeHTTP(rw, newreq)
}
2017-12-12 20:27:43 +01:00
}
type wrapPool struct{}
func newWrapPool() *wrapPool { return &wrapPool{} }
func (p *wrapPool) Get() []byte { return pool.GetBuf(32 * 1024) }
func (p *wrapPool) Put(buf []byte) { pool.PutBuf(buf) }
type wrapLogger struct{}
func newWrapLogger() *wrapLogger { return &wrapLogger{} }
func (l *wrapLogger) Write(p []byte) (n int, err error) {
2024-03-12 06:58:53 +01:00
log.Warnf("%s", string(bytes.TrimRight(p, "\n")))
2017-12-12 20:27:43 +01:00
return len(p), nil
}