Migrating more middleware packages

2025-06-28 05:11:22 +08:00 · 2016-06-05 21:51:56 -06:00
parent 2f92443de7
commit 416af05a00
50 changed files with 5377 additions and 0 deletions
--- a/caddyhttp/proxy/reverseproxy.go
+++ b/caddyhttp/proxy/reverseproxy.go
@ -0,0 +1,269 @@
+// This file is adapted from code in the net/http/httputil
+// package of the Go standard library, which is by the
+// Go Authors, and bears this copyright and license info:
+//
+//   Copyright 2011 The Go Authors. All rights reserved.
+//   Use of this source code is governed by a BSD-style
+//   license that can be found in the LICENSE file.
+//
+// This file has been modified from the standard lib to
+// meet the needs of the application.
+
+package proxy
+
+import (
+	"crypto/tls"
+	"io"
+	"net"
+	"net/http"
+	"net/url"
+	"strings"
+	"sync"
+	"time"
+)
+
+// onExitFlushLoop is a callback set by tests to detect the state of the
+// flushLoop() goroutine.
+var onExitFlushLoop func()
+
+// ReverseProxy is an HTTP Handler that takes an incoming request and
+// sends it to another server, proxying the response back to the
+// client.
+type ReverseProxy struct {
+	// Director must be a function which modifies
+	// the request into a new request to be sent
+	// using Transport. Its response is then copied
+	// back to the original client unmodified.
+	Director func(*http.Request)
+
+	// The transport used to perform proxy requests.
+	// If nil, http.DefaultTransport is used.
+	Transport http.RoundTripper
+
+	// FlushInterval specifies the flush interval
+	// to flush to the client while copying the
+	// response body.
+	// If zero, no periodic flushing is done.
+	FlushInterval time.Duration
+}
+
+func singleJoiningSlash(a, b string) string {
+	aslash := strings.HasSuffix(a, "/")
+	bslash := strings.HasPrefix(b, "/")
+	switch {
+	case aslash && bslash:
+		return a + b[1:]
+	case !aslash && !bslash:
+		return a + "/" + b
+	}
+	return a + b
+}
+
+// Though the relevant directive prefix is just "unix:", url.Parse
+// will - assuming the regular URL scheme - add additional slashes
+// as if "unix" was a request protocol.
+// What we need is just the path, so if "unix:/var/run/www.socket"
+// was the proxy directive, the parsed hostName would be
+// "unix:///var/run/www.socket", hence the ambiguous trimming.
+func socketDial(hostName string) func(network, addr string) (conn net.Conn, err error) {
+	return func(network, addr string) (conn net.Conn, err error) {
+		return net.Dial("unix", hostName[len("unix://"):])
+	}
+}
+
+// NewSingleHostReverseProxy returns a new ReverseProxy that rewrites
+// URLs to the scheme, host, and base path provided in target. If the
+// target's path is "/base" and the incoming request was for "/dir",
+// the target request will be for /base/dir.
+// Without logic: target's path is "/", incoming is "/api/messages",
+// without is "/api", then the target request will be for /messages.
+func NewSingleHostReverseProxy(target *url.URL, without string) *ReverseProxy {
+	targetQuery := target.RawQuery
+	director := func(req *http.Request) {
+		if target.Scheme == "unix" {
+			// to make Dial work with unix URL,
+			// scheme and host have to be faked
+			req.URL.Scheme = "http"
+			req.URL.Host = "socket"
+		} else {
+			req.URL.Scheme = target.Scheme
+			req.URL.Host = target.Host
+		}
+		req.URL.Path = singleJoiningSlash(target.Path, req.URL.Path)
+		if targetQuery == "" || req.URL.RawQuery == "" {
+			req.URL.RawQuery = targetQuery + req.URL.RawQuery
+		} else {
+			req.URL.RawQuery = targetQuery + "&" + req.URL.RawQuery
+		}
+		// Trims the path of the socket from the URL path.
+		// This is done because req.URL passed to your proxied service
+		// will have the full path of the socket file prefixed to it.
+		// Calling /test on a server that proxies requests to
+		// unix:/var/run/www.socket will thus set the requested path
+		// to /var/run/www.socket/test, rendering paths useless.
+		if target.Scheme == "unix" {
+			// See comment on socketDial for the trim
+			socketPrefix := target.String()[len("unix://"):]
+			req.URL.Path = strings.TrimPrefix(req.URL.Path, socketPrefix)
+		}
+		// We are then safe to remove the `without` prefix.
+		if without != "" {
+			req.URL.Path = strings.TrimPrefix(req.URL.Path, without)
+		}
+	}
+	rp := &ReverseProxy{Director: director, FlushInterval: 250 * time.Millisecond} // flushing good for streaming & server-sent events
+	if target.Scheme == "unix" {
+		rp.Transport = &http.Transport{
+			Dial: socketDial(target.String()),
+		}
+	}
+	return rp
+}
+
+func copyHeader(dst, src http.Header) {
+	for k, vv := range src {
+		for _, v := range vv {
+			dst.Add(k, v)
+		}
+	}
+}
+
+// Hop-by-hop headers. These are removed when sent to the backend.
+// http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html
+var hopHeaders = []string{
+	"Connection",
+	"Keep-Alive",
+	"Proxy-Authenticate",
+	"Proxy-Authorization",
+	"Te", // canonicalized version of "TE"
+	"Trailers",
+	"Transfer-Encoding",
+	"Upgrade",
+}
+
+// InsecureTransport is used to facilitate HTTPS proxying
+// when it is OK for upstream to be using a bad certificate,
+// since this transport skips verification.
+var InsecureTransport http.RoundTripper = &http.Transport{
+	Proxy: http.ProxyFromEnvironment,
+	Dial: (&net.Dialer{
+		Timeout:   30 * time.Second,
+		KeepAlive: 30 * time.Second,
+	}).Dial,
+	TLSHandshakeTimeout: 10 * time.Second,
+	TLSClientConfig:     &tls.Config{InsecureSkipVerify: true},
+}
+
+type respUpdateFn func(resp *http.Response)
+
+func (p *ReverseProxy) ServeHTTP(rw http.ResponseWriter, outreq *http.Request, respUpdateFn respUpdateFn) error {
+	transport := p.Transport
+	if transport == nil {
+		transport = http.DefaultTransport
+	}
+
+	p.Director(outreq)
+	outreq.Proto = "HTTP/1.1"
+	outreq.ProtoMajor = 1
+	outreq.ProtoMinor = 1
+	outreq.Close = false
+
+	res, err := transport.RoundTrip(outreq)
+	if err != nil {
+		return err
+	} else if respUpdateFn != nil {
+		respUpdateFn(res)
+	}
+
+	if res.StatusCode == http.StatusSwitchingProtocols && strings.ToLower(res.Header.Get("Upgrade")) == "websocket" {
+		res.Body.Close()
+		hj, ok := rw.(http.Hijacker)
+		if !ok {
+			return nil
+		}
+
+		conn, _, err := hj.Hijack()
+		if err != nil {
+			return err
+		}
+		defer conn.Close()
+
+		backendConn, err := net.Dial("tcp", outreq.URL.Host)
+		if err != nil {
+			return err
+		}
+		defer backendConn.Close()
+
+		outreq.Write(backendConn)
+
+		go func() {
+			io.Copy(backendConn, conn) // write tcp stream to backend.
+		}()
+		io.Copy(conn, backendConn) // read tcp stream from backend.
+	} else {
+		defer res.Body.Close()
+		for _, h := range hopHeaders {
+			res.Header.Del(h)
+		}
+		copyHeader(rw.Header(), res.Header)
+		rw.WriteHeader(res.StatusCode)
+		p.copyResponse(rw, res.Body)
+	}
+
+	return nil
+}
+
+func (p *ReverseProxy) copyResponse(dst io.Writer, src io.Reader) {
+	if p.FlushInterval != 0 {
+		if wf, ok := dst.(writeFlusher); ok {
+			mlw := &maxLatencyWriter{
+				dst:     wf,
+				latency: p.FlushInterval,
+				done:    make(chan bool),
+			}
+			go mlw.flushLoop()
+			defer mlw.stop()
+			dst = mlw
+		}
+	}
+	io.Copy(dst, src)
+}
+
+type writeFlusher interface {
+	io.Writer
+	http.Flusher
+}
+
+type maxLatencyWriter struct {
+	dst     writeFlusher
+	latency time.Duration
+
+	lk   sync.Mutex // protects Write + Flush
+	done chan bool
+}
+
+func (m *maxLatencyWriter) Write(p []byte) (int, error) {
+	m.lk.Lock()
+	defer m.lk.Unlock()
+	return m.dst.Write(p)
+}
+
+func (m *maxLatencyWriter) flushLoop() {
+	t := time.NewTicker(m.latency)
+	defer t.Stop()
+	for {
+		select {
+		case <-m.done:
+			if onExitFlushLoop != nil {
+				onExitFlushLoop()
+			}
+			return
+		case <-t.C:
+			m.lk.Lock()
+			m.dst.Flush()
+			m.lk.Unlock()
+		}
+	}
+}
+
+func (m *maxLatencyWriter) stop() { m.done <- true }