frp/pkg/util/vhost/http.go

// Copyright 2017 fatedier, fatedier@gmail.com
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package vhost

import (
	"bytes"
	"context"
	"encoding/base64"
	"errors"
	"fmt"
	"log"
	"net"
	"net/http"
	"strings"
	"time"

	frpLog "github.com/fatedier/frp/pkg/util/log"
	"github.com/fatedier/frp/pkg/util/util"

	"github.com/fatedier/golib/pool"
)

var (
	ErrNoDomain = errors.New("no such domain")
)

type HTTPReverseProxyOptions struct {
	ResponseHeaderTimeoutS int64
}

type HTTPReverseProxy struct {
	proxy       *ReverseProxy
	vhostRouter *Routers

	responseHeaderTimeout time.Duration
}

func NewHTTPReverseProxy(option HTTPReverseProxyOptions, vhostRouter *Routers) *HTTPReverseProxy {
	if option.ResponseHeaderTimeoutS <= 0 {
		option.ResponseHeaderTimeoutS = 60
	}
	rp := &HTTPReverseProxy{
		responseHeaderTimeout: time.Duration(option.ResponseHeaderTimeoutS) * time.Second,
		vhostRouter:           vhostRouter,
	}
	proxy := &ReverseProxy{
		Director: func(req *http.Request) {
			req.URL.Scheme = "http"
			url := req.Context().Value(RouteInfoURL).(string)
			oldHost, _ := util.CanonicalHost(req.Context().Value(RouteInfoHost).(string))
			rc := rp.GetRouteConfig(oldHost, url)
			if rc != nil {
				if rc.RewriteHost != "" {
					req.Host = rc.RewriteHost
				}
				// Set {domain}.{location} as URL host here to let http transport reuse connections.
				req.URL.Host = rc.Domain + "." + base64.StdEncoding.EncodeToString([]byte(rc.Location))

				for k, v := range rc.Headers {
					req.Header.Set(k, v)
				}
			} else {
				req.URL.Host = req.Host
			}

		},
		Transport: &http.Transport{
			ResponseHeaderTimeout: rp.responseHeaderTimeout,
			IdleConnTimeout:       60 * time.Second,
			DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
				url := ctx.Value(RouteInfoURL).(string)
				host, _ := util.CanonicalHost(ctx.Value(RouteInfoHost).(string))
				remote := ctx.Value(RouteInfoRemote).(string)
				return rp.CreateConnection(host, url, remote)
			},
		},
		BufferPool: newWrapPool(),
		ErrorLog:   log.New(newWrapLogger(), "", 0),
		ErrorHandler: func(rw http.ResponseWriter, req *http.Request, err error) {
			frpLog.Warn("do http proxy request [host: %s] error: %v", req.Host, err)
			rw.WriteHeader(http.StatusNotFound)
			rw.Write(getNotFoundPageContent())
		},
	}
	rp.proxy = proxy
	return rp
}

// Register register the route config to reverse proxy
// reverse proxy will use CreateConnFn from routeCfg to create a connection to the remote service
func (rp *HTTPReverseProxy) Register(routeCfg RouteConfig) error {
	err := rp.vhostRouter.Add(routeCfg.Domain, routeCfg.Location, &routeCfg)
	if err != nil {
		return err
	}
	return nil
}

// UnRegister unregister route config by domain and location
func (rp *HTTPReverseProxy) UnRegister(domain string, location string) {
	rp.vhostRouter.Del(domain, location)
}

func (rp *HTTPReverseProxy) GetRouteConfig(domain string, location string) *RouteConfig {
	vr, ok := rp.getVhost(domain, location)
	if ok {
		return vr.payload.(*RouteConfig)
	}
	return nil
}

func (rp *HTTPReverseProxy) GetRealHost(domain string, location string) (host string) {
	vr, ok := rp.getVhost(domain, location)
	if ok {
		host = vr.payload.(*RouteConfig).RewriteHost
	}
	return
}

func (rp *HTTPReverseProxy) GetHeaders(domain string, location string) (headers map[string]string) {
	vr, ok := rp.getVhost(domain, location)
	if ok {
		headers = vr.payload.(*RouteConfig).Headers
	}
	return
}

// CreateConnection create a new connection by route config
func (rp *HTTPReverseProxy) CreateConnection(domain string, location string, remoteAddr string) (net.Conn, error) {
	vr, ok := rp.getVhost(domain, location)
	if ok {
		fn := vr.payload.(*RouteConfig).CreateConnFn
		if fn != nil {
			return fn(remoteAddr)
		}
	}
	return nil, fmt.Errorf("%v: %s %s", ErrNoDomain, domain, location)
}

func (rp *HTTPReverseProxy) CheckAuth(domain, location, user, passwd string) bool {
	vr, ok := rp.getVhost(domain, location)
	if ok {
		checkUser := vr.payload.(*RouteConfig).Username
		checkPasswd := vr.payload.(*RouteConfig).Password
		if (checkUser != "" || checkPasswd != "") && (checkUser != user || checkPasswd != passwd) {
			return false
		}
	}
	return true
}

// getVhost get vhost router by domain and location
func (rp *HTTPReverseProxy) getVhost(domain string, location string) (vr *Router, ok bool) {
	// first we check the full hostname
	// if not exist, then check the wildcard_domain such as *.example.com
	vr, ok = rp.vhostRouter.Get(domain, location)
	if ok {
		return
	}

	domainSplit := strings.Split(domain, ".")
	if len(domainSplit) < 3 {
		return nil, false
	}

	for {
		if len(domainSplit) < 3 {
			return nil, false
		}

		domainSplit[0] = "*"
		domain = strings.Join(domainSplit, ".")
		vr, ok = rp.vhostRouter.Get(domain, location)
		if ok {
			return vr, true
		}
		domainSplit = domainSplit[1:]
	}
}

func (rp *HTTPReverseProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
	domain, _ := util.CanonicalHost(req.Host)
	location := req.URL.Path
	user, passwd, _ := req.BasicAuth()
	if !rp.CheckAuth(domain, location, user, passwd) {
		rw.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
		http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
		return
	}
	rp.proxy.ServeHTTP(rw, req)
}

type wrapPool struct{}

func newWrapPool() *wrapPool { return &wrapPool{} }

func (p *wrapPool) Get() []byte { return pool.GetBuf(32 * 1024) }

func (p *wrapPool) Put(buf []byte) { pool.PutBuf(buf) }

type wrapLogger struct{}

func newWrapLogger() *wrapLogger { return &wrapLogger{} }

func (l *wrapLogger) Write(p []byte) (n int, err error) {
	frpLog.Warn("%s", string(bytes.TrimRight(p, "\n")))
	return len(p), nil
}
improve http vhost package 2017-12-13 03:27:43 +08:00			`// Copyright 2017 fatedier, fatedier@gmail.com`
			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

			`package vhost`

			`import (`
support encryption and compression in new http reverser proxy 2017-12-13 04:28:58 +08:00			`"bytes"`
improve http vhost package 2017-12-13 03:27:43 +08:00			`"context"`
vhost: set DisableKeepAlives = false and fix websocket not work 2021-01-18 21:49:44 +08:00			`"encoding/base64"`
improve http vhost package 2017-12-13 03:27:43 +08:00			`"errors"`
support multilevel subdomain, fix #1132 2019-03-15 16:22:41 +08:00			`"fmt"`
improve http vhost package 2017-12-13 03:27:43 +08:00			`"log"`
			`"net"`
			`"net/http"`
			`"strings"`
			`"time"`

rename models to pkg (#2005) 2020-09-23 13:49:14 +08:00			`frpLog "github.com/fatedier/frp/pkg/util/log"`
			`"github.com/fatedier/frp/pkg/util/util"`
vendor: udpate 2018-05-08 02:13:30 +08:00
			`"github.com/fatedier/golib/pool"`
improve http vhost package 2017-12-13 03:27:43 +08:00			`)`

			`var (`
support http load balancing 2019-07-31 00:41:58 +08:00			`ErrNoDomain = errors.New("no such domain")`
improve http vhost package 2017-12-13 03:27:43 +08:00			`)`

fix by golint (#1822) 2020-05-24 17:48:37 +08:00			`type HTTPReverseProxyOptions struct {`
optimize 2018-08-08 11:18:38 +08:00			`ResponseHeaderTimeoutS int64`
			`}`

fix by golint (#1822) 2020-05-24 17:48:37 +08:00			`type HTTPReverseProxy struct {`
support http load balancing 2019-07-31 00:41:58 +08:00			`proxy *ReverseProxy`
fix by golint (#1822) 2020-05-24 17:48:37 +08:00			`vhostRouter *Routers`
improve http vhost package 2017-12-13 03:27:43 +08:00
optimize 2018-08-08 11:18:38 +08:00			`responseHeaderTimeout time.Duration`
improve http vhost package 2017-12-13 03:27:43 +08:00			`}`

fix by golint (#1822) 2020-05-24 17:48:37 +08:00			`func NewHTTPReverseProxy(option HTTPReverseProxyOptions, vhostRouter Routers) HTTPReverseProxy {`
optimize 2018-08-08 11:18:38 +08:00			`if option.ResponseHeaderTimeoutS <= 0 {`
			`option.ResponseHeaderTimeoutS = 60`
			`}`
fix by golint (#1822) 2020-05-24 17:48:37 +08:00			`rp := &HTTPReverseProxy{`
optimize 2018-08-08 11:18:38 +08:00			`responseHeaderTimeout: time.Duration(option.ResponseHeaderTimeoutS) * time.Second,`
support http load balancing 2019-07-31 00:41:58 +08:00			`vhostRouter: vhostRouter,`
improve http vhost package 2017-12-13 03:27:43 +08:00			`}`
			`proxy := &ReverseProxy{`
			`Director: func(req *http.Request) {`
			`req.URL.Scheme = "http"`
fix by golint (#1822) 2020-05-24 17:48:37 +08:00			`url := req.Context().Value(RouteInfoURL).(string)`
use net.JoinHostPort instead of fmt.Sprintf (#2791) 2022-02-09 15:19:35 +08:00			`oldHost, _ := util.CanonicalHost(req.Context().Value(RouteInfoHost).(string))`
vhost: set DisableKeepAlives = false and fix websocket not work 2021-01-18 21:49:44 +08:00			`rc := rp.GetRouteConfig(oldHost, url)`
			`if rc != nil {`
			`if rc.RewriteHost != "" {`
			`req.Host = rc.RewriteHost`
			`}`
			`// Set {domain}.{location} as URL host here to let http transport reuse connections.`
			`req.URL.Host = rc.Domain + "." + base64.StdEncoding.EncodeToString([]byte(rc.Location))`
http: support setting headers 2018-05-20 23:22:07 +08:00
vhost: set DisableKeepAlives = false and fix websocket not work 2021-01-18 21:49:44 +08:00			`for k, v := range rc.Headers {`
			`req.Header.Set(k, v)`
			`}`
			`} else {`
			`req.URL.Host = req.Host`
http: support setting headers 2018-05-20 23:22:07 +08:00			`}`
vhost: set DisableKeepAlives = false and fix websocket not work 2021-01-18 21:49:44 +08:00
improve http vhost package 2017-12-13 03:27:43 +08:00			`},`
			`Transport: &http.Transport{`
optimize 2018-08-08 11:18:38 +08:00			`ResponseHeaderTimeout: rp.responseHeaderTimeout,`
vhost: set DisableKeepAlives = false and fix websocket not work 2021-01-18 21:49:44 +08:00			`IdleConnTimeout: 60 * time.Second,`
improve http vhost package 2017-12-13 03:27:43 +08:00			`DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {`
fix by golint (#1822) 2020-05-24 17:48:37 +08:00			`url := ctx.Value(RouteInfoURL).(string)`
use net.JoinHostPort instead of fmt.Sprintf (#2791) 2022-02-09 15:19:35 +08:00			`host, _ := util.CanonicalHost(ctx.Value(RouteInfoHost).(string))`
fix by golint (#1822) 2020-05-24 17:48:37 +08:00			`remote := ctx.Value(RouteInfoRemote).(string)`
support proxy protocol for type http 2019-04-10 10:51:01 +08:00			`return rp.CreateConnection(host, url, remote)`
improve http vhost package 2017-12-13 03:27:43 +08:00			`},`
			`},`
			`BufferPool: newWrapPool(),`
			`ErrorLog: log.New(newWrapLogger(), "", 0),`
update reverseproxy from std libraries 2019-08-06 16:49:22 +08:00			`ErrorHandler: func(rw http.ResponseWriter, req *http.Request, err error) {`
some improvements 2022-04-14 11:24:36 +08:00			`frpLog.Warn("do http proxy request [host: %s] error: %v", req.Host, err)`
update reverseproxy from std libraries 2019-08-06 16:49:22 +08:00			`rw.WriteHeader(http.StatusNotFound)`
			`rw.Write(getNotFoundPageContent())`
			`},`
improve http vhost package 2017-12-13 03:27:43 +08:00			`}`
			`rp.proxy = proxy`
			`return rp`
			`}`

support http load balancing 2019-07-31 00:41:58 +08:00			`// Register register the route config to reverse proxy`
			`// reverse proxy will use CreateConnFn from routeCfg to create a connection to the remote service`
fix by golint (#1822) 2020-05-24 17:48:37 +08:00			`func (rp *HTTPReverseProxy) Register(routeCfg RouteConfig) error {`
support http load balancing 2019-07-31 00:41:58 +08:00			`err := rp.vhostRouter.Add(routeCfg.Domain, routeCfg.Location, &routeCfg)`
			`if err != nil {`
			`return err`
improve http vhost package 2017-12-13 03:27:43 +08:00			`}`
			`return nil`
			`}`

support http load balancing 2019-07-31 00:41:58 +08:00			`// UnRegister unregister route config by domain and location`
fix by golint (#1822) 2020-05-24 17:48:37 +08:00			`func (rp *HTTPReverseProxy) UnRegister(domain string, location string) {`
improve http vhost package 2017-12-13 03:27:43 +08:00			`rp.vhostRouter.Del(domain, location)`
			`}`

vhost: set DisableKeepAlives = false and fix websocket not work 2021-01-18 21:49:44 +08:00			`func (rp HTTPReverseProxy) GetRouteConfig(domain string, location string) RouteConfig {`
			`vr, ok := rp.getVhost(domain, location)`
			`if ok {`
			`return vr.payload.(*RouteConfig)`
			`}`
			`return nil`
			`}`

fix by golint (#1822) 2020-05-24 17:48:37 +08:00			`func (rp *HTTPReverseProxy) GetRealHost(domain string, location string) (host string) {`
improve http vhost package 2017-12-13 03:27:43 +08:00			`vr, ok := rp.getVhost(domain, location)`
			`if ok {`
fix by golint (#1822) 2020-05-24 17:48:37 +08:00			`host = vr.payload.(*RouteConfig).RewriteHost`
improve http vhost package 2017-12-13 03:27:43 +08:00			`}`
			`return`
			`}`

fix by golint (#1822) 2020-05-24 17:48:37 +08:00			`func (rp *HTTPReverseProxy) GetHeaders(domain string, location string) (headers map[string]string) {`
http: support setting headers 2018-05-20 23:22:07 +08:00			`vr, ok := rp.getVhost(domain, location)`
			`if ok {`
fix by golint (#1822) 2020-05-24 17:48:37 +08:00			`headers = vr.payload.(*RouteConfig).Headers`
http: support setting headers 2018-05-20 23:22:07 +08:00			`}`
			`return`
			`}`

support http load balancing 2019-07-31 00:41:58 +08:00			`// CreateConnection create a new connection by route config`
fix by golint (#1822) 2020-05-24 17:48:37 +08:00			`func (rp *HTTPReverseProxy) CreateConnection(domain string, location string, remoteAddr string) (net.Conn, error) {`
improve http vhost package 2017-12-13 03:27:43 +08:00			`vr, ok := rp.getVhost(domain, location)`
			`if ok {`
fix by golint (#1822) 2020-05-24 17:48:37 +08:00			`fn := vr.payload.(*RouteConfig).CreateConnFn`
improve http vhost package 2017-12-13 03:27:43 +08:00			`if fn != nil {`
support proxy protocol for type http 2019-04-10 10:51:01 +08:00			`return fn(remoteAddr)`
improve http vhost package 2017-12-13 03:27:43 +08:00			`}`
			`}`
support multilevel subdomain, fix #1132 2019-03-15 16:22:41 +08:00			`return nil, fmt.Errorf("%v: %s %s", ErrNoDomain, domain, location)`
improve http vhost package 2017-12-13 03:27:43 +08:00			`}`

fix by golint (#1822) 2020-05-24 17:48:37 +08:00			`func (rp *HTTPReverseProxy) CheckAuth(domain, location, user, passwd string) bool {`
newhttp support BasicAuth 2017-12-13 23:44:27 +08:00			`vr, ok := rp.getVhost(domain, location)`
			`if ok {`
fix by golint (#1822) 2020-05-24 17:48:37 +08:00			`checkUser := vr.payload.(*RouteConfig).Username`
			`checkPasswd := vr.payload.(*RouteConfig).Password`
newhttp support BasicAuth 2017-12-13 23:44:27 +08:00			`if (checkUser != "" \|\| checkPasswd != "") && (checkUser != user \|\| checkPasswd != passwd) {`
			`return false`
			`}`
			`}`
			`return true`
			`}`

support http load balancing 2019-07-31 00:41:58 +08:00			`// getVhost get vhost router by domain and location`
fix by golint (#1822) 2020-05-24 17:48:37 +08:00			`func (rp HTTPReverseProxy) getVhost(domain string, location string) (vr Router, ok bool) {`
improve http vhost package 2017-12-13 03:27:43 +08:00			`// first we check the full hostname`
			`// if not exist, then check the wildcard_domain such as *.example.com`
			`vr, ok = rp.vhostRouter.Get(domain, location)`
			`if ok {`
			`return`
			`}`

			`domainSplit := strings.Split(domain, ".")`
			`if len(domainSplit) < 3 {`
support multilevel subdomain, fix #1132 2019-03-15 16:22:41 +08:00			`return nil, false`
			`}`

			`for {`
			`if len(domainSplit) < 3 {`
			`return nil, false`
			`}`

			`domainSplit[0] = "*"`
			`domain = strings.Join(domainSplit, ".")`
			`vr, ok = rp.vhostRouter.Get(domain, location)`
			`if ok {`
			`return vr, true`
			`}`
			`domainSplit = domainSplit[1:]`
improve http vhost package 2017-12-13 03:27:43 +08:00			`}`
			`}`

fix by golint (#1822) 2020-05-24 17:48:37 +08:00			`func (rp HTTPReverseProxy) ServeHTTP(rw http.ResponseWriter, req http.Request) {`
use net.JoinHostPort instead of fmt.Sprintf (#2791) 2022-02-09 15:19:35 +08:00			`domain, _ := util.CanonicalHost(req.Host)`
newhttp support BasicAuth 2017-12-13 23:44:27 +08:00			`location := req.URL.Path`
			`user, passwd, _ := req.BasicAuth()`
			`if !rp.CheckAuth(domain, location, user, passwd) {`
			rw.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
			`http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)`
			`return`
			`}`
improve http vhost package 2017-12-13 03:27:43 +08:00			`rp.proxy.ServeHTTP(rw, req)`
			`}`

			`type wrapPool struct{}`

			`func newWrapPool() *wrapPool { return &wrapPool{} }`

			`func (p wrapPool) Get() []byte { return pool.GetBuf(32 1024) }`

			`func (p *wrapPool) Put(buf []byte) { pool.PutBuf(buf) }`

			`type wrapLogger struct{}`

			`func newWrapLogger() *wrapLogger { return &wrapLogger{} }`

			`func (l *wrapLogger) Write(p []byte) (n int, err error) {`
support encryption and compression in new http reverser proxy 2017-12-13 04:28:58 +08:00			`frpLog.Warn("%s", string(bytes.TrimRight(p, "\n")))`
improve http vhost package 2017-12-13 03:27:43 +08:00			`return len(p), nil`
			`}`