github.com/xtls/xray-core@v1.8.12-0.20240518155711-3168d27b0bdb/proxy/http/server.go (about) 1 package http 2 3 import ( 4 "bufio" 5 "context" 6 "encoding/base64" 7 "io" 8 "net/http" 9 "strings" 10 "time" 11 12 "github.com/xtls/xray-core/common" 13 "github.com/xtls/xray-core/common/buf" 14 "github.com/xtls/xray-core/common/errors" 15 "github.com/xtls/xray-core/common/log" 16 "github.com/xtls/xray-core/common/net" 17 "github.com/xtls/xray-core/common/protocol" 18 http_proto "github.com/xtls/xray-core/common/protocol/http" 19 "github.com/xtls/xray-core/common/session" 20 "github.com/xtls/xray-core/common/signal" 21 "github.com/xtls/xray-core/common/task" 22 "github.com/xtls/xray-core/core" 23 "github.com/xtls/xray-core/features/policy" 24 "github.com/xtls/xray-core/features/routing" 25 "github.com/xtls/xray-core/transport/internet/stat" 26 ) 27 28 // Server is an HTTP proxy server. 29 type Server struct { 30 config *ServerConfig 31 policyManager policy.Manager 32 } 33 34 // NewServer creates a new HTTP inbound handler. 35 func NewServer(ctx context.Context, config *ServerConfig) (*Server, error) { 36 v := core.MustFromContext(ctx) 37 s := &Server{ 38 config: config, 39 policyManager: v.GetFeature(policy.ManagerType()).(policy.Manager), 40 } 41 42 return s, nil 43 } 44 45 func (s *Server) policy() policy.Session { 46 config := s.config 47 p := s.policyManager.ForLevel(config.UserLevel) 48 if config.Timeout > 0 && config.UserLevel == 0 { 49 p.Timeouts.ConnectionIdle = time.Duration(config.Timeout) * time.Second 50 } 51 return p 52 } 53 54 // Network implements proxy.Inbound. 55 func (*Server) Network() []net.Network { 56 return []net.Network{net.Network_TCP, net.Network_UNIX} 57 } 58 59 func isTimeout(err error) bool { 60 nerr, ok := errors.Cause(err).(net.Error) 61 return ok && nerr.Timeout() 62 } 63 64 func parseBasicAuth(auth string) (username, password string, ok bool) { 65 const prefix = "Basic " 66 if !strings.HasPrefix(auth, prefix) { 67 return 68 } 69 c, err := base64.StdEncoding.DecodeString(auth[len(prefix):]) 70 if err != nil { 71 return 72 } 73 cs := string(c) 74 s := strings.IndexByte(cs, ':') 75 if s < 0 { 76 return 77 } 78 return cs[:s], cs[s+1:], true 79 } 80 81 type readerOnly struct { 82 io.Reader 83 } 84 85 func (s *Server) Process(ctx context.Context, network net.Network, conn stat.Connection, dispatcher routing.Dispatcher) error { 86 inbound := session.InboundFromContext(ctx) 87 inbound.Name = "http" 88 inbound.CanSpliceCopy = 2 89 inbound.User = &protocol.MemoryUser{ 90 Level: s.config.UserLevel, 91 } 92 93 reader := bufio.NewReaderSize(readerOnly{conn}, buf.Size) 94 95 Start: 96 if err := conn.SetReadDeadline(time.Now().Add(s.policy().Timeouts.Handshake)); err != nil { 97 newError("failed to set read deadline").Base(err).WriteToLog(session.ExportIDToError(ctx)) 98 } 99 100 request, err := http.ReadRequest(reader) 101 if err != nil { 102 trace := newError("failed to read http request").Base(err) 103 if errors.Cause(err) != io.EOF && !isTimeout(errors.Cause(err)) { 104 trace.AtWarning() 105 } 106 return trace 107 } 108 109 if len(s.config.Accounts) > 0 { 110 user, pass, ok := parseBasicAuth(request.Header.Get("Proxy-Authorization")) 111 if !ok || !s.config.HasAccount(user, pass) { 112 return common.Error2(conn.Write([]byte("HTTP/1.1 407 Proxy Authentication Required\r\nProxy-Authenticate: Basic realm=\"proxy\"\r\n\r\n"))) 113 } 114 if inbound != nil { 115 inbound.User.Email = user 116 } 117 } 118 119 newError("request to Method [", request.Method, "] Host [", request.Host, "] with URL [", request.URL, "]").WriteToLog(session.ExportIDToError(ctx)) 120 if err := conn.SetReadDeadline(time.Time{}); err != nil { 121 newError("failed to clear read deadline").Base(err).WriteToLog(session.ExportIDToError(ctx)) 122 } 123 124 defaultPort := net.Port(80) 125 if strings.EqualFold(request.URL.Scheme, "https") { 126 defaultPort = net.Port(443) 127 } 128 host := request.Host 129 if host == "" { 130 host = request.URL.Host 131 } 132 dest, err := http_proto.ParseHost(host, defaultPort) 133 if err != nil { 134 return newError("malformed proxy host: ", host).AtWarning().Base(err) 135 } 136 ctx = log.ContextWithAccessMessage(ctx, &log.AccessMessage{ 137 From: conn.RemoteAddr(), 138 To: request.URL, 139 Status: log.AccessAccepted, 140 Reason: "", 141 }) 142 143 if strings.EqualFold(request.Method, "CONNECT") { 144 return s.handleConnect(ctx, request, reader, conn, dest, dispatcher, inbound) 145 } 146 147 keepAlive := (strings.TrimSpace(strings.ToLower(request.Header.Get("Proxy-Connection"))) == "keep-alive") 148 149 err = s.handlePlainHTTP(ctx, request, conn, dest, dispatcher) 150 if err == errWaitAnother { 151 if keepAlive { 152 goto Start 153 } 154 err = nil 155 } 156 157 return err 158 } 159 160 func (s *Server) handleConnect(ctx context.Context, _ *http.Request, reader *bufio.Reader, conn stat.Connection, dest net.Destination, dispatcher routing.Dispatcher, inbound *session.Inbound) error { 161 _, err := conn.Write([]byte("HTTP/1.1 200 Connection established\r\n\r\n")) 162 if err != nil { 163 return newError("failed to write back OK response").Base(err) 164 } 165 166 plcy := s.policy() 167 ctx, cancel := context.WithCancel(ctx) 168 timer := signal.CancelAfterInactivity(ctx, cancel, plcy.Timeouts.ConnectionIdle) 169 170 if inbound != nil { 171 inbound.Timer = timer 172 } 173 174 ctx = policy.ContextWithBufferPolicy(ctx, plcy.Buffer) 175 link, err := dispatcher.Dispatch(ctx, dest) 176 if err != nil { 177 return err 178 } 179 180 if reader.Buffered() > 0 { 181 payload, err := buf.ReadFrom(io.LimitReader(reader, int64(reader.Buffered()))) 182 if err != nil { 183 return err 184 } 185 if err := link.Writer.WriteMultiBuffer(payload); err != nil { 186 return err 187 } 188 reader = nil 189 } 190 191 requestDone := func() error { 192 defer timer.SetTimeout(plcy.Timeouts.DownlinkOnly) 193 194 return buf.Copy(buf.NewReader(conn), link.Writer, buf.UpdateActivity(timer)) 195 } 196 197 responseDone := func() error { 198 defer timer.SetTimeout(plcy.Timeouts.UplinkOnly) 199 200 v2writer := buf.NewWriter(conn) 201 if err := buf.Copy(link.Reader, v2writer, buf.UpdateActivity(timer)); err != nil { 202 return err 203 } 204 205 return nil 206 } 207 208 closeWriter := task.OnSuccess(requestDone, task.Close(link.Writer)) 209 if err := task.Run(ctx, closeWriter, responseDone); err != nil { 210 common.Interrupt(link.Reader) 211 common.Interrupt(link.Writer) 212 return newError("connection ends").Base(err) 213 } 214 215 return nil 216 } 217 218 var errWaitAnother = newError("keep alive") 219 220 func (s *Server) handlePlainHTTP(ctx context.Context, request *http.Request, writer io.Writer, dest net.Destination, dispatcher routing.Dispatcher) error { 221 if !s.config.AllowTransparent && request.URL.Host == "" { 222 // RFC 2068 (HTTP/1.1) requires URL to be absolute URL in HTTP proxy. 223 response := &http.Response{ 224 Status: "Bad Request", 225 StatusCode: 400, 226 Proto: "HTTP/1.1", 227 ProtoMajor: 1, 228 ProtoMinor: 1, 229 Header: http.Header(make(map[string][]string)), 230 Body: nil, 231 ContentLength: 0, 232 Close: true, 233 } 234 response.Header.Set("Proxy-Connection", "close") 235 response.Header.Set("Connection", "close") 236 return response.Write(writer) 237 } 238 239 if len(request.URL.Host) > 0 { 240 request.Host = request.URL.Host 241 } 242 http_proto.RemoveHopByHopHeaders(request.Header) 243 244 // Prevent UA from being set to golang's default ones 245 if request.Header.Get("User-Agent") == "" { 246 request.Header.Set("User-Agent", "") 247 } 248 249 content := &session.Content{ 250 Protocol: "http/1.1", 251 } 252 253 content.SetAttribute(":method", strings.ToUpper(request.Method)) 254 content.SetAttribute(":path", request.URL.Path) 255 for key := range request.Header { 256 value := request.Header.Get(key) 257 content.SetAttribute(strings.ToLower(key), value) 258 } 259 260 ctx = session.ContextWithContent(ctx, content) 261 262 link, err := dispatcher.Dispatch(ctx, dest) 263 if err != nil { 264 return err 265 } 266 267 // Plain HTTP request is not a stream. The request always finishes before response. Hense request has to be closed later. 268 defer common.Close(link.Writer) 269 var result error = errWaitAnother 270 271 requestDone := func() error { 272 request.Header.Set("Connection", "close") 273 274 requestWriter := buf.NewBufferedWriter(link.Writer) 275 common.Must(requestWriter.SetBuffered(false)) 276 if err := request.Write(requestWriter); err != nil { 277 return newError("failed to write whole request").Base(err).AtWarning() 278 } 279 return nil 280 } 281 282 responseDone := func() error { 283 responseReader := bufio.NewReaderSize(&buf.BufferedReader{Reader: link.Reader}, buf.Size) 284 response, err := http.ReadResponse(responseReader, request) 285 if err == nil { 286 http_proto.RemoveHopByHopHeaders(response.Header) 287 if response.ContentLength >= 0 { 288 response.Header.Set("Proxy-Connection", "keep-alive") 289 response.Header.Set("Connection", "keep-alive") 290 response.Header.Set("Keep-Alive", "timeout=4") 291 response.Close = false 292 } else { 293 response.Close = true 294 result = nil 295 } 296 defer response.Body.Close() 297 } else { 298 newError("failed to read response from ", request.Host).Base(err).AtWarning().WriteToLog(session.ExportIDToError(ctx)) 299 response = &http.Response{ 300 Status: "Service Unavailable", 301 StatusCode: 503, 302 Proto: "HTTP/1.1", 303 ProtoMajor: 1, 304 ProtoMinor: 1, 305 Header: http.Header(make(map[string][]string)), 306 Body: nil, 307 ContentLength: 0, 308 Close: true, 309 } 310 response.Header.Set("Connection", "close") 311 response.Header.Set("Proxy-Connection", "close") 312 } 313 if err := response.Write(writer); err != nil { 314 return newError("failed to write response").Base(err).AtWarning() 315 } 316 return nil 317 } 318 319 if err := task.Run(ctx, requestDone, responseDone); err != nil { 320 common.Interrupt(link.Reader) 321 common.Interrupt(link.Writer) 322 return newError("connection ends").Base(err) 323 } 324 325 return result 326 } 327 328 func init() { 329 common.Must(common.RegisterConfig((*ServerConfig)(nil), func(ctx context.Context, config interface{}) (interface{}, error) { 330 return NewServer(ctx, config.(*ServerConfig)) 331 })) 332 }