github.com/Uhtred009/v2ray-core-1@v4.31.2+incompatible/proxy/http/server.go (about) 1 // +build !confonly 2 3 package http 4 5 import ( 6 "bufio" 7 "context" 8 "encoding/base64" 9 "io" 10 "net/http" 11 "strings" 12 "time" 13 14 "v2ray.com/core" 15 "v2ray.com/core/common" 16 "v2ray.com/core/common/buf" 17 "v2ray.com/core/common/errors" 18 "v2ray.com/core/common/log" 19 "v2ray.com/core/common/net" 20 "v2ray.com/core/common/protocol" 21 http_proto "v2ray.com/core/common/protocol/http" 22 "v2ray.com/core/common/session" 23 "v2ray.com/core/common/signal" 24 "v2ray.com/core/common/task" 25 "v2ray.com/core/features/policy" 26 "v2ray.com/core/features/routing" 27 "v2ray.com/core/transport/internet" 28 ) 29 30 // Server is an HTTP proxy server. 31 type Server struct { 32 config *ServerConfig 33 policyManager policy.Manager 34 } 35 36 // NewServer creates a new HTTP inbound handler. 37 func NewServer(ctx context.Context, config *ServerConfig) (*Server, error) { 38 v := core.MustFromContext(ctx) 39 s := &Server{ 40 config: config, 41 policyManager: v.GetFeature(policy.ManagerType()).(policy.Manager), 42 } 43 44 return s, nil 45 } 46 47 func (s *Server) policy() policy.Session { 48 config := s.config 49 p := s.policyManager.ForLevel(config.UserLevel) 50 if config.Timeout > 0 && config.UserLevel == 0 { 51 p.Timeouts.ConnectionIdle = time.Duration(config.Timeout) * time.Second 52 } 53 return p 54 } 55 56 // Network implements proxy.Inbound. 57 func (*Server) Network() []net.Network { 58 return []net.Network{net.Network_TCP} 59 } 60 61 func isTimeout(err error) bool { 62 nerr, ok := errors.Cause(err).(net.Error) 63 return ok && nerr.Timeout() 64 } 65 66 func parseBasicAuth(auth string) (username, password string, ok bool) { 67 const prefix = "Basic " 68 if !strings.HasPrefix(auth, prefix) { 69 return 70 } 71 c, err := base64.StdEncoding.DecodeString(auth[len(prefix):]) 72 if err != nil { 73 return 74 } 75 cs := string(c) 76 s := strings.IndexByte(cs, ':') 77 if s < 0 { 78 return 79 } 80 return cs[:s], cs[s+1:], true 81 } 82 83 type readerOnly struct { 84 io.Reader 85 } 86 87 func (s *Server) Process(ctx context.Context, network net.Network, conn internet.Connection, dispatcher routing.Dispatcher) error { 88 inbound := session.InboundFromContext(ctx) 89 if inbound != nil { 90 inbound.User = &protocol.MemoryUser{ 91 Level: s.config.UserLevel, 92 } 93 } 94 95 reader := bufio.NewReaderSize(readerOnly{conn}, buf.Size) 96 97 Start: 98 if err := conn.SetReadDeadline(time.Now().Add(s.policy().Timeouts.Handshake)); err != nil { 99 newError("failed to set read deadline").Base(err).WriteToLog(session.ExportIDToError(ctx)) 100 } 101 102 request, err := http.ReadRequest(reader) 103 if err != nil { 104 trace := newError("failed to read http request").Base(err) 105 if errors.Cause(err) != io.EOF && !isTimeout(errors.Cause(err)) { 106 trace.AtWarning() // nolint: errcheck 107 } 108 return trace 109 } 110 111 if len(s.config.Accounts) > 0 { 112 user, pass, ok := parseBasicAuth(request.Header.Get("Proxy-Authorization")) 113 if !ok || !s.config.HasAccount(user, pass) { 114 return common.Error2(conn.Write([]byte("HTTP/1.1 407 Proxy Authentication Required\r\nProxy-Authenticate: Basic realm=\"proxy\"\r\n\r\n"))) 115 } 116 if inbound != nil { 117 inbound.User.Email = user 118 } 119 } 120 121 newError("request to Method [", request.Method, "] Host [", request.Host, "] with URL [", request.URL, "]").WriteToLog(session.ExportIDToError(ctx)) 122 if err := conn.SetReadDeadline(time.Time{}); err != nil { 123 newError("failed to clear read deadline").Base(err).WriteToLog(session.ExportIDToError(ctx)) 124 } 125 126 defaultPort := net.Port(80) 127 if strings.EqualFold(request.URL.Scheme, "https") { 128 defaultPort = net.Port(443) 129 } 130 host := request.Host 131 if host == "" { 132 host = request.URL.Host 133 } 134 dest, err := http_proto.ParseHost(host, defaultPort) 135 if err != nil { 136 return newError("malformed proxy host: ", host).AtWarning().Base(err) 137 } 138 ctx = log.ContextWithAccessMessage(ctx, &log.AccessMessage{ 139 From: conn.RemoteAddr(), 140 To: request.URL, 141 Status: log.AccessAccepted, 142 Reason: "", 143 }) 144 145 if strings.EqualFold(request.Method, "CONNECT") { 146 return s.handleConnect(ctx, request, reader, conn, dest, dispatcher) 147 } 148 149 keepAlive := (strings.TrimSpace(strings.ToLower(request.Header.Get("Proxy-Connection"))) == "keep-alive") 150 151 err = s.handlePlainHTTP(ctx, request, conn, dest, dispatcher) 152 if err == errWaitAnother { 153 if keepAlive { 154 goto Start 155 } 156 err = nil 157 } 158 159 return err 160 } 161 162 func (s *Server) handleConnect(ctx context.Context, request *http.Request, reader *bufio.Reader, conn internet.Connection, dest net.Destination, dispatcher routing.Dispatcher) error { 163 _, err := conn.Write([]byte("HTTP/1.1 200 Connection established\r\n\r\n")) 164 if err != nil { 165 return newError("failed to write back OK response").Base(err) 166 } 167 168 plcy := s.policy() 169 ctx, cancel := context.WithCancel(ctx) 170 timer := signal.CancelAfterInactivity(ctx, cancel, plcy.Timeouts.ConnectionIdle) 171 172 ctx = policy.ContextWithBufferPolicy(ctx, plcy.Buffer) 173 link, err := dispatcher.Dispatch(ctx, dest) 174 if err != nil { 175 return err 176 } 177 178 if reader.Buffered() > 0 { 179 payload, err := buf.ReadFrom(io.LimitReader(reader, int64(reader.Buffered()))) 180 if err != nil { 181 return err 182 } 183 if err := link.Writer.WriteMultiBuffer(payload); err != nil { 184 return err 185 } 186 reader = nil 187 } 188 189 requestDone := func() error { 190 defer timer.SetTimeout(plcy.Timeouts.DownlinkOnly) 191 192 return buf.Copy(buf.NewReader(conn), link.Writer, buf.UpdateActivity(timer)) 193 } 194 195 responseDone := func() error { 196 defer timer.SetTimeout(plcy.Timeouts.UplinkOnly) 197 198 v2writer := buf.NewWriter(conn) 199 if err := buf.Copy(link.Reader, v2writer, buf.UpdateActivity(timer)); err != nil { 200 return err 201 } 202 203 return nil 204 } 205 206 var closeWriter = task.OnSuccess(requestDone, task.Close(link.Writer)) 207 if err := task.Run(ctx, closeWriter, responseDone); err != nil { 208 common.Interrupt(link.Reader) 209 common.Interrupt(link.Writer) 210 return newError("connection ends").Base(err) 211 } 212 213 return nil 214 } 215 216 var errWaitAnother = newError("keep alive") 217 218 func (s *Server) handlePlainHTTP(ctx context.Context, request *http.Request, writer io.Writer, dest net.Destination, dispatcher routing.Dispatcher) error { 219 if !s.config.AllowTransparent && request.URL.Host == "" { 220 // RFC 2068 (HTTP/1.1) requires URL to be absolute URL in HTTP proxy. 221 response := &http.Response{ 222 Status: "Bad Request", 223 StatusCode: 400, 224 Proto: "HTTP/1.1", 225 ProtoMajor: 1, 226 ProtoMinor: 1, 227 Header: http.Header(make(map[string][]string)), 228 Body: nil, 229 ContentLength: 0, 230 Close: true, 231 } 232 response.Header.Set("Proxy-Connection", "close") 233 response.Header.Set("Connection", "close") 234 return response.Write(writer) 235 } 236 237 if len(request.URL.Host) > 0 { 238 request.Host = request.URL.Host 239 } 240 http_proto.RemoveHopByHopHeaders(request.Header) 241 242 // Prevent UA from being set to golang's default ones 243 if request.Header.Get("User-Agent") == "" { 244 request.Header.Set("User-Agent", "") 245 } 246 247 content := &session.Content{ 248 Protocol: "http/1.1", 249 } 250 251 content.SetAttribute(":method", strings.ToUpper(request.Method)) 252 content.SetAttribute(":path", request.URL.Path) 253 for key := range request.Header { 254 value := request.Header.Get(key) 255 content.SetAttribute(strings.ToLower(key), value) 256 } 257 258 ctx = session.ContextWithContent(ctx, content) 259 260 link, err := dispatcher.Dispatch(ctx, dest) 261 if err != nil { 262 return err 263 } 264 265 // Plain HTTP request is not a stream. The request always finishes before response. Hense request has to be closed later. 266 defer common.Close(link.Writer) // nolint: errcheck 267 var result error = errWaitAnother 268 269 requestDone := func() error { 270 request.Header.Set("Connection", "close") 271 272 requestWriter := buf.NewBufferedWriter(link.Writer) 273 common.Must(requestWriter.SetBuffered(false)) 274 if err := request.Write(requestWriter); err != nil { 275 return newError("failed to write whole request").Base(err).AtWarning() 276 } 277 return nil 278 } 279 280 responseDone := func() error { 281 responseReader := bufio.NewReaderSize(&buf.BufferedReader{Reader: link.Reader}, buf.Size) 282 response, err := http.ReadResponse(responseReader, request) 283 if err == nil { 284 http_proto.RemoveHopByHopHeaders(response.Header) 285 if response.ContentLength >= 0 { 286 response.Header.Set("Proxy-Connection", "keep-alive") 287 response.Header.Set("Connection", "keep-alive") 288 response.Header.Set("Keep-Alive", "timeout=4") 289 response.Close = false 290 } else { 291 response.Close = true 292 result = nil 293 } 294 } else { 295 newError("failed to read response from ", request.Host).Base(err).AtWarning().WriteToLog(session.ExportIDToError(ctx)) 296 response = &http.Response{ 297 Status: "Service Unavailable", 298 StatusCode: 503, 299 Proto: "HTTP/1.1", 300 ProtoMajor: 1, 301 ProtoMinor: 1, 302 Header: http.Header(make(map[string][]string)), 303 Body: nil, 304 ContentLength: 0, 305 Close: true, 306 } 307 response.Header.Set("Connection", "close") 308 response.Header.Set("Proxy-Connection", "close") 309 } 310 if err := response.Write(writer); err != nil { 311 return newError("failed to write response").Base(err).AtWarning() 312 } 313 return nil 314 } 315 316 if err := task.Run(ctx, requestDone, responseDone); err != nil { 317 common.Interrupt(link.Reader) 318 common.Interrupt(link.Writer) 319 return newError("connection ends").Base(err) 320 } 321 322 return result 323 } 324 325 func init() { 326 common.Must(common.RegisterConfig((*ServerConfig)(nil), func(ctx context.Context, config interface{}) (interface{}, error) { 327 return NewServer(ctx, config.(*ServerConfig)) 328 })) 329 }