websocket/proxy.go

118 lines
3.5 KiB
Go
Raw Normal View History

// Copyright 2017 The Gorilla WebSocket Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package websocket
import (
"bufio"
"bytes"
"context"
2024-07-18 17:02:07 +03:00
"crypto/tls"
"encoding/base64"
"errors"
"net"
"net/http"
"net/url"
"strings"
)
2024-07-18 15:43:52 +03:00
func newNetDialerFunc(
scheme string,
netDial func(network, addr string) (net.Conn, error),
netDialContext func(ctx context.Context, network, addr string) (net.Conn, error),
netDialTLSContext func(ctx context.Context, network, addr string) (net.Conn, error),
) netDialerFunc {
switch {
case scheme == "https" && netDialTLSContext != nil:
return netDialTLSContext
case netDialContext != nil:
return netDialContext
case netDial != nil:
return func(ctx context.Context, net, addr string) (net.Conn, error) {
return netDial(net, addr)
}
default:
return (&net.Dialer{}).DialContext
}
}
type netDialerFunc func(ctx context.Context, network, addr string) (net.Conn, error)
func (fn netDialerFunc) Dial(network, addr string) (net.Conn, error) {
return fn(context.Background(), network, addr)
}
func (fn netDialerFunc) DialContext(ctx context.Context, network, addr string) (net.Conn, error) {
return fn(ctx, network, addr)
}
2024-07-18 17:02:07 +03:00
// newHTTPProxyDialerFunc returns a netDialerFunc that dials using the provided
// proxyURL. The forwardDial function is used to establish the connection to the
// proxy server. If tlsClientConfig is not nil, the connection to the proxy is
// upgraded to a TLS connection with tls.Client.
func newHTTPProxyDialerFunc(proxyURL *url.URL, forwardDial netDialerFunc, tlsClientConfig *tls.Config) netDialerFunc {
return func(ctx context.Context, network, addr string) (net.Conn, error) {
hostPort, _ := hostPortNoPort(proxyURL)
conn, err := forwardDial(ctx, network, hostPort)
if err != nil {
return nil, err
}
2024-07-18 17:02:07 +03:00
if tlsClientConfig != nil {
tlsConn := tls.Client(conn, tlsClientConfig)
if err = tlsConn.HandshakeContext(ctx); err != nil {
return nil, err
}
conn = tlsConn
}
connectHeader := make(http.Header)
if user := proxyURL.User; user != nil {
proxyUser := user.Username()
if proxyPassword, passwordSet := user.Password(); passwordSet {
credential := base64.StdEncoding.EncodeToString([]byte(proxyUser + ":" + proxyPassword))
connectHeader.Set("Proxy-Authorization", "Basic "+credential)
}
}
connectReq := &http.Request{
Method: http.MethodConnect,
URL: &url.URL{Opaque: addr},
Host: addr,
Header: connectHeader,
}
if err := connectReq.Write(conn); err != nil {
conn.Close()
return nil, err
}
// Read response. It's OK to use and discard buffered reader here because
// the remote server does not speak until spoken to.
br := bufio.NewReader(conn)
resp, err := http.ReadResponse(br, connectReq)
if err != nil {
conn.Close()
return nil, err
}
// Close the response body to silence false positives from linters. Reset
// the buffered reader first to ensure that Close() does not read from
// conn.
// Note: Applications must call resp.Body.Close() on a response returned
// http.ReadResponse to inspect trailers or read another response from the
// buffered reader. The call to resp.Body.Close() does not release
// resources.
br.Reset(bytes.NewReader(nil))
_ = resp.Body.Close()
if resp.StatusCode != http.StatusOK {
_ = conn.Close()
f := strings.SplitN(resp.Status, " ", 2)
return nil, errors.New(f[1])
}
return conn, nil
}
}