diff --git a/go.mod b/go.mod index 3ab2cb4..dd97d76 100644 --- a/go.mod +++ b/go.mod @@ -26,6 +26,8 @@ require ( github.com/templexxx/xor v0.0.0-20170926022130-0af8e873c554 // indirect github.com/tjfoc/gmsm v0.0.0-20171124023159-98aa888b79d8 // indirect github.com/vaughan0/go-ini v0.0.0-20130923145212-a98ad7ee00ec + github.com/xtaci/lossyconn v0.0.0-20190602105132-8df528c0c9ae // indirect golang.org/x/crypto v0.0.0-20180505025534-4ec37c66abab // indirect golang.org/x/net v0.0.0-20180524181706-dfa909b99c79 + golang.org/x/text v0.3.2 // indirect ) diff --git a/go.sum b/go.sum index c7a2367..3c1acf0 100644 --- a/go.sum +++ b/go.sum @@ -46,7 +46,12 @@ github.com/tjfoc/gmsm v0.0.0-20171124023159-98aa888b79d8 h1:6CNSDqI1wiE+JqyOy5Qt github.com/tjfoc/gmsm v0.0.0-20171124023159-98aa888b79d8/go.mod h1:XxO4hdhhrzAd+G4CjDqaOkd0hUzmtPR/d3EiBBMn/wc= github.com/vaughan0/go-ini v0.0.0-20130923145212-a98ad7ee00ec h1:DGmKwyZwEB8dI7tbLt/I/gQuP559o/0FrAkHKlQM/Ks= github.com/vaughan0/go-ini v0.0.0-20130923145212-a98ad7ee00ec/go.mod h1:owBmyHYMLkxyrugmfwE/DLJyW8Ro9mkphwuVErQ0iUw= +github.com/xtaci/lossyconn v0.0.0-20190602105132-8df528c0c9ae h1:J0GxkO96kL4WF+AIT3M4mfUVinOCPgf2uUWYFUzN0sM= +github.com/xtaci/lossyconn v0.0.0-20190602105132-8df528c0c9ae/go.mod h1:gXtu8J62kEgmN++bm9BVICuT/e8yiLI2KFobd/TRFsE= golang.org/x/crypto v0.0.0-20180505025534-4ec37c66abab h1:w4c/LoOA2vE8SYwh8wEEQVRUwpph7TtcjH7AtZvOjy0= golang.org/x/crypto v0.0.0-20180505025534-4ec37c66abab/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/net v0.0.0-20180524181706-dfa909b99c79 h1:1FDlG4HI84rVePw1/0E/crL5tt2N+1blLJpY6UZ6krs= golang.org/x/net v0.0.0-20180524181706-dfa909b99c79/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= diff --git a/utils/vhost/http.go b/utils/vhost/http.go index 1b3a5bd..04eba2b 100644 --- a/utils/vhost/http.go +++ b/utils/vhost/http.go @@ -89,14 +89,18 @@ func NewHttpReverseProxy(option HttpReverseProxyOptions, vhostRouter *VhostRoute return rp.CreateConnection(host, url, remote) }, }, - WebSocketDialContext: func(ctx context.Context, network, addr string) (net.Conn, error) { - url := ctx.Value("url").(string) - host := getHostFromAddr(ctx.Value("host").(string)) - remote := ctx.Value("remote").(string) - return rp.CreateConnection(host, url, remote) - }, + //WebSocketDialContext: func(ctx context.Context, network, addr string) (net.Conn, error) { + //url := ctx.Value("url").(string) + //host := getHostFromAddr(ctx.Value("host").(string)) + //remote := ctx.Value("remote").(string) + //return rp.CreateConnection(host, url, remote) + //}, BufferPool: newWrapPool(), ErrorLog: log.New(newWrapLogger(), "", 0), + ErrorHandler: func(rw http.ResponseWriter, req *http.Request, err error) { + rw.WriteHeader(http.StatusNotFound) + rw.Write(getNotFoundPageContent()) + }, } rp.proxy = proxy return rp diff --git a/utils/vhost/reverseproxy.go b/utils/vhost/reverseproxy.go index 45f25be..39e4405 100644 --- a/utils/vhost/reverseproxy.go +++ b/utils/vhost/reverseproxy.go @@ -8,6 +8,7 @@ package vhost import ( "context" + "fmt" "io" "log" "net" @@ -17,13 +18,9 @@ import ( "sync" "time" - frpIo "github.com/fatedier/golib/io" + "golang.org/x/net/http/httpguts" ) -// onExitFlushLoop is a callback set by tests to detect the state of the -// flushLoop() goroutine. -var onExitFlushLoop func() - // ReverseProxy is an HTTP Handler that takes an incoming request and // sends it to another server, proxying the response back to the // client. @@ -44,12 +41,17 @@ type ReverseProxy struct { // to flush to the client while copying the // response body. // If zero, no periodic flushing is done. + // A negative value means to flush immediately + // after each write to the client. + // The FlushInterval is ignored when ReverseProxy + // recognizes a response as a streaming response; + // for such responses, writes are flushed to the client + // immediately. FlushInterval time.Duration // ErrorLog specifies an optional logger for errors // that occur when attempting to proxy the request. - // If nil, logging goes to os.Stderr via the log package's - // standard logger. + // If nil, logging is done via the log package's standard logger. ErrorLog *log.Logger // BufferPool optionally specifies a buffer pool to @@ -57,12 +59,23 @@ type ReverseProxy struct { // copying HTTP response bodies. BufferPool BufferPool - // ModifyResponse is an optional function that - // modifies the Response from the backend. - // If it returns an error, the proxy returns a StatusBadGateway error. + // ModifyResponse is an optional function that modifies the + // Response from the backend. It is called if the backend + // returns a response at all, with any HTTP status code. + // If the backend is unreachable, the optional ErrorHandler is + // called without any call to ModifyResponse. + // + // If ModifyResponse returns an error, ErrorHandler is called + // with its error value. If ErrorHandler is nil, its default + // implementation is used. ModifyResponse func(*http.Response) error - WebSocketDialContext func(ctx context.Context, network, addr string) (net.Conn, error) + // ErrorHandler is an optional function that handles errors + // reaching the backend or errors from ModifyResponse. + // + // If nil, the default is to log the provided error and return + // a 502 Status Bad Gateway response. + ErrorHandler func(http.ResponseWriter, *http.Request, error) } // A BufferPool is an interface for getting and returning temporary @@ -118,18 +131,11 @@ func copyHeader(dst, src http.Header) { } } -func cloneHeader(h http.Header) http.Header { - h2 := make(http.Header, len(h)) - for k, vv := range h { - vv2 := make([]string, len(vv)) - copy(vv2, vv) - h2[k] = vv2 - } - return h2 -} - // Hop-by-hop headers. These are removed when sent to the backend. -// http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html +// As of RFC 7230, hop-by-hop headers are required to appear in the +// Connection header field. These are the headers defined by the +// obsoleted RFC 2616 (section 13.5.1) and are used for backward +// compatibility. var hopHeaders = []string{ "Connection", "Proxy-Connection", // non-standard but still sent by libcurl and rejected by e.g. google @@ -137,55 +143,38 @@ var hopHeaders = []string{ "Proxy-Authenticate", "Proxy-Authorization", "Te", // canonicalized version of "TE" - "Trailer", // not Trailers per URL above; http://www.rfc-editor.org/errata_search.php?eid=4522 + "Trailer", // not Trailers per URL above; https://www.rfc-editor.org/errata_search.php?eid=4522 "Transfer-Encoding", "Upgrade", } +func (p *ReverseProxy) defaultErrorHandler(rw http.ResponseWriter, req *http.Request, err error) { + p.logf("http: proxy error: %v", err) + rw.WriteHeader(http.StatusBadGateway) +} + +func (p *ReverseProxy) getErrorHandler() func(http.ResponseWriter, *http.Request, error) { + if p.ErrorHandler != nil { + return p.ErrorHandler + } + return p.defaultErrorHandler +} + +// modifyResponse conditionally runs the optional ModifyResponse hook +// and reports whether the request should proceed. +func (p *ReverseProxy) modifyResponse(rw http.ResponseWriter, res *http.Response, req *http.Request) bool { + if p.ModifyResponse == nil { + return true + } + if err := p.ModifyResponse(res); err != nil { + res.Body.Close() + p.getErrorHandler()(rw, req, err) + return false + } + return true +} + func (p *ReverseProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) { - if IsWebsocketRequest(req) { - p.serveWebSocket(rw, req) - } else { - p.serveHTTP(rw, req) - } -} - -func (p *ReverseProxy) serveWebSocket(rw http.ResponseWriter, req *http.Request) { - if p.WebSocketDialContext == nil { - rw.WriteHeader(500) - return - } - - req = req.WithContext(context.WithValue(req.Context(), "url", req.URL.Path)) - req = req.WithContext(context.WithValue(req.Context(), "host", req.Host)) - req = req.WithContext(context.WithValue(req.Context(), "remote", req.RemoteAddr)) - - targetConn, err := p.WebSocketDialContext(req.Context(), "tcp", "") - if err != nil { - rw.WriteHeader(501) - return - } - defer targetConn.Close() - - p.Director(req) - - hijacker, ok := rw.(http.Hijacker) - if !ok { - rw.WriteHeader(500) - return - } - conn, _, errHijack := hijacker.Hijack() - if errHijack != nil { - rw.WriteHeader(500) - return - } - defer conn.Close() - - req.Write(targetConn) - frpIo.Join(conn, targetConn) -} - -func (p *ReverseProxy) serveHTTP(rw http.ResponseWriter, req *http.Request) { transport := p.Transport if transport == nil { transport = http.DefaultTransport @@ -206,38 +195,49 @@ func (p *ReverseProxy) serveHTTP(rw http.ResponseWriter, req *http.Request) { }() } - outreq := req.WithContext(ctx) // includes shallow copies of maps, but okay + outreq := req.Clone(ctx) if req.ContentLength == 0 { outreq.Body = nil // Issue 16036: nil Body for http.Transport retries } - outreq.Header = cloneHeader(req.Header) - - // Modify for frp + // ============================= + // Modified for frp outreq = outreq.WithContext(context.WithValue(outreq.Context(), "url", req.URL.Path)) outreq = outreq.WithContext(context.WithValue(outreq.Context(), "host", req.Host)) outreq = outreq.WithContext(context.WithValue(outreq.Context(), "remote", req.RemoteAddr)) + // ============================= p.Director(outreq) outreq.Close = false - // Remove hop-by-hop headers listed in the "Connection" header. - // See RFC 2616, section 14.10. - if c := outreq.Header.Get("Connection"); c != "" { - for _, f := range strings.Split(c, ",") { - if f = strings.TrimSpace(f); f != "" { - outreq.Header.Del(f) - } - } - } + reqUpType := upgradeType(outreq.Header) + removeConnectionHeaders(outreq.Header) // Remove hop-by-hop headers to the backend. Especially // important is "Connection" because we want a persistent // connection, regardless of what the client sent to us. for _, h := range hopHeaders { - if outreq.Header.Get(h) != "" { - outreq.Header.Del(h) + hv := outreq.Header.Get(h) + if hv == "" { + continue } + if h == "Te" && hv == "trailers" { + // Issue 21096: tell backend applications that + // care about trailer support that we support + // trailers. (We do, but we don't go out of + // our way to advertise that unless the + // incoming client request thought it was + // worth mentioning) + continue + } + outreq.Header.Del(h) + } + + // After stripping all the hop-by-hop connection headers above, add back any + // necessary for protocol upgrades, such as for websockets. + if reqUpType != "" { + outreq.Header.Set("Connection", "Upgrade") + outreq.Header.Set("Upgrade", reqUpType) } if clientIP, _, err := net.SplitHostPort(req.RemoteAddr); err == nil { @@ -252,33 +252,27 @@ func (p *ReverseProxy) serveHTTP(rw http.ResponseWriter, req *http.Request) { res, err := transport.RoundTrip(outreq) if err != nil { - p.logf("http: proxy error: %v", err) - rw.WriteHeader(http.StatusNotFound) - - rw.Write(getNotFoundPageContent()) + p.getErrorHandler()(rw, outreq, err) return } - // Remove hop-by-hop headers listed in the - // "Connection" header of the response. - if c := res.Header.Get("Connection"); c != "" { - for _, f := range strings.Split(c, ",") { - if f = strings.TrimSpace(f); f != "" { - res.Header.Del(f) - } + // Deal with 101 Switching Protocols responses: (WebSocket, h2c, etc) + if res.StatusCode == http.StatusSwitchingProtocols { + if !p.modifyResponse(rw, res, outreq) { + return } + p.handleUpgradeResponse(rw, outreq, res) + return } + removeConnectionHeaders(res.Header) + for _, h := range hopHeaders { res.Header.Del(h) } - if p.ModifyResponse != nil { - if err := p.ModifyResponse(res); err != nil { - p.logf("http: proxy error: %v", err) - rw.WriteHeader(http.StatusBadGateway) - return - } + if !p.modifyResponse(rw, res, outreq) { + return } copyHeader(rw.Header(), res.Header) @@ -295,6 +289,21 @@ func (p *ReverseProxy) serveHTTP(rw http.ResponseWriter, req *http.Request) { } rw.WriteHeader(res.StatusCode) + + err = p.copyResponse(rw, res.Body, p.flushInterval(req, res)) + if err != nil { + defer res.Body.Close() + // Since we're streaming the response, if we run into an error all we can do + // is abort the request. Issue 23643: ReverseProxy should use ErrAbortHandler + // on read error while copying body. + if !shouldPanicOnCopyError(req) { + p.logf("suppressing panic for copyResponse error in test; copy error: %v", err) + return + } + panic(http.ErrAbortHandler) + } + res.Body.Close() // close now, instead of defer, to populate res.Trailer + if len(res.Trailer) > 0 { // Force chunking if we saw a response trailer. // This prevents net/http from calculating the length for short @@ -303,8 +312,6 @@ func (p *ReverseProxy) serveHTTP(rw http.ResponseWriter, req *http.Request) { fl.Flush() } } - p.copyResponse(rw, res.Body) - res.Body.Close() // close now, instead of defer, to populate res.Trailer if len(res.Trailer) == announcedTrailers { copyHeader(rw.Header(), res.Trailer) @@ -319,16 +326,68 @@ func (p *ReverseProxy) serveHTTP(rw http.ResponseWriter, req *http.Request) { } } -func (p *ReverseProxy) copyResponse(dst io.Writer, src io.Reader) { - if p.FlushInterval != 0 { +var inOurTests bool // whether we're in our own tests + +// shouldPanicOnCopyError reports whether the reverse proxy should +// panic with http.ErrAbortHandler. This is the right thing to do by +// default, but Go 1.10 and earlier did not, so existing unit tests +// weren't expecting panics. Only panic in our own tests, or when +// running under the HTTP server. +func shouldPanicOnCopyError(req *http.Request) bool { + if inOurTests { + // Our tests know to handle this panic. + return true + } + if req.Context().Value(http.ServerContextKey) != nil { + // We seem to be running under an HTTP server, so + // it'll recover the panic. + return true + } + // Otherwise act like Go 1.10 and earlier to not break + // existing tests. + return false +} + +// removeConnectionHeaders removes hop-by-hop headers listed in the "Connection" header of h. +// See RFC 7230, section 6.1 +func removeConnectionHeaders(h http.Header) { + for _, f := range h["Connection"] { + for _, sf := range strings.Split(f, ",") { + if sf = strings.TrimSpace(sf); sf != "" { + h.Del(sf) + } + } + } +} + +// flushInterval returns the p.FlushInterval value, conditionally +// overriding its value for a specific request/response. +func (p *ReverseProxy) flushInterval(req *http.Request, res *http.Response) time.Duration { + resCT := res.Header.Get("Content-Type") + + // For Server-Sent Events responses, flush immediately. + // The MIME type is defined in https://www.w3.org/TR/eventsource/#text-event-stream + if resCT == "text/event-stream" { + return -1 // negative means immediately + } + + // TODO: more specific cases? e.g. res.ContentLength == -1? + return p.FlushInterval +} + +func (p *ReverseProxy) copyResponse(dst io.Writer, src io.Reader, flushInterval time.Duration) error { + if flushInterval != 0 { if wf, ok := dst.(writeFlusher); ok { mlw := &maxLatencyWriter{ dst: wf, - latency: p.FlushInterval, - done: make(chan bool), + latency: flushInterval, } - go mlw.flushLoop() defer mlw.stop() + + // set up initial timer so headers get flushed even if body writes are delayed + mlw.flushPending = true + mlw.t = time.AfterFunc(flushInterval, mlw.delayedFlush) + dst = mlw } } @@ -336,13 +395,14 @@ func (p *ReverseProxy) copyResponse(dst io.Writer, src io.Reader) { var buf []byte if p.BufferPool != nil { buf = p.BufferPool.Get() + defer p.BufferPool.Put(buf) } - p.copyBuffer(dst, src, buf) - if p.BufferPool != nil { - p.BufferPool.Put(buf) - } + _, err := p.copyBuffer(dst, src, buf) + return err } +// copyBuffer returns any write errors or non-EOF read errors, and the amount +// of bytes written. func (p *ReverseProxy) copyBuffer(dst io.Writer, src io.Reader, buf []byte) (int64, error) { if len(buf) == 0 { buf = make([]byte, 32*1024) @@ -366,6 +426,9 @@ func (p *ReverseProxy) copyBuffer(dst io.Writer, src io.Reader, buf []byte) (int } } if rerr != nil { + if rerr == io.EOF { + rerr = nil + } return written, rerr } } @@ -386,47 +449,115 @@ type writeFlusher interface { type maxLatencyWriter struct { dst writeFlusher - latency time.Duration + latency time.Duration // non-zero; negative means to flush immediately - mu sync.Mutex // protects Write + Flush - done chan bool + mu sync.Mutex // protects t, flushPending, and dst.Flush + t *time.Timer + flushPending bool } -func (m *maxLatencyWriter) Write(p []byte) (int, error) { +func (m *maxLatencyWriter) Write(p []byte) (n int, err error) { m.mu.Lock() defer m.mu.Unlock() - return m.dst.Write(p) + n, err = m.dst.Write(p) + if m.latency < 0 { + m.dst.Flush() + return + } + if m.flushPending { + return + } + if m.t == nil { + m.t = time.AfterFunc(m.latency, m.delayedFlush) + } else { + m.t.Reset(m.latency) + } + m.flushPending = true + return } -func (m *maxLatencyWriter) flushLoop() { - t := time.NewTicker(m.latency) - defer t.Stop() - for { - select { - case <-m.done: - if onExitFlushLoop != nil { - onExitFlushLoop() - } - return - case <-t.C: - m.mu.Lock() - m.dst.Flush() - m.mu.Unlock() - } +func (m *maxLatencyWriter) delayedFlush() { + m.mu.Lock() + defer m.mu.Unlock() + if !m.flushPending { // if stop was called but AfterFunc already started this goroutine + return + } + m.dst.Flush() + m.flushPending = false +} + +func (m *maxLatencyWriter) stop() { + m.mu.Lock() + defer m.mu.Unlock() + m.flushPending = false + if m.t != nil { + m.t.Stop() } } -func (m *maxLatencyWriter) stop() { m.done <- true } - -func IsWebsocketRequest(req *http.Request) bool { - containsHeader := func(name, value string) bool { - items := strings.Split(req.Header.Get(name), ",") - for _, item := range items { - if value == strings.ToLower(strings.TrimSpace(item)) { - return true - } - } - return false +func upgradeType(h http.Header) string { + if !httpguts.HeaderValuesContainsToken(h["Connection"], "Upgrade") { + return "" } - return containsHeader("Connection", "upgrade") && containsHeader("Upgrade", "websocket") + return strings.ToLower(h.Get("Upgrade")) +} + +func (p *ReverseProxy) handleUpgradeResponse(rw http.ResponseWriter, req *http.Request, res *http.Response) { + reqUpType := upgradeType(req.Header) + resUpType := upgradeType(res.Header) + if reqUpType != resUpType { + p.getErrorHandler()(rw, req, fmt.Errorf("backend tried to switch protocol %q when %q was requested", resUpType, reqUpType)) + return + } + + copyHeader(res.Header, rw.Header()) + + hj, ok := rw.(http.Hijacker) + if !ok { + p.getErrorHandler()(rw, req, fmt.Errorf("can't switch protocols using non-Hijacker ResponseWriter type %T", rw)) + return + } + backConn, ok := res.Body.(io.ReadWriteCloser) + if !ok { + p.getErrorHandler()(rw, req, fmt.Errorf("internal error: 101 switching protocols response with non-writable body")) + return + } + defer backConn.Close() + conn, brw, err := hj.Hijack() + if err != nil { + p.getErrorHandler()(rw, req, fmt.Errorf("Hijack failed on protocol switch: %v", err)) + return + } + defer conn.Close() + res.Body = nil // so res.Write only writes the headers; we have res.Body in backConn above + if err := res.Write(brw); err != nil { + p.getErrorHandler()(rw, req, fmt.Errorf("response write: %v", err)) + return + } + if err := brw.Flush(); err != nil { + p.getErrorHandler()(rw, req, fmt.Errorf("response flush: %v", err)) + return + } + errc := make(chan error, 1) + spc := switchProtocolCopier{user: conn, backend: backConn} + go spc.copyToBackend(errc) + go spc.copyFromBackend(errc) + <-errc + return +} + +// switchProtocolCopier exists so goroutines proxying data back and +// forth have nice names in stacks. +type switchProtocolCopier struct { + user, backend io.ReadWriter +} + +func (c switchProtocolCopier) copyFromBackend(errc chan<- error) { + _, err := io.Copy(c.user, c.backend) + errc <- err +} + +func (c switchProtocolCopier) copyToBackend(errc chan<- error) { + _, err := io.Copy(c.backend, c.user) + errc <- err }