HTTPProxy/proxy.go at master · Kaycell/HTTPProxy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
package main

import (
	"bufio"
	"log"
	"net/http"
	"net/http/httputil"
	"net/url"
	"os"
	"regexp"
	"sync"
	"time"
)

type proxy struct {
	requestLogger     *log.Logger
	endpointWhiteList []*regexp.Regexp
	endpointBlackList []*regexp.Regexp
	mutex             sync.Mutex
}

// newProxy creates a new instance of proxy.
// It sets request logger using rLogPath as output file or os.Stdout by default.
// If whitePath of blackPath is not empty they are parsed to set endpoint lists.
func newProxy(rLogPath string, whitePath string, blackPath string) *proxy {
	var p proxy
	var l *log.Logger

	if rLogPath != "" {
		f, err := os.OpenFile(rLogPath, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0666)
		if err != nil {
			log.Fatalln(err)
		}
		defer f.Close()
		l = log.New(f, "REQUEST: ", log.Ldate|log.Ltime)
	} else {
		l = log.New(os.Stdout, "REQUEST: ", log.Ldate|log.Ltime)
	}
	p.requestLogger = l

	if whitePath != "" {
		err := p.addEndpointListFromFile(whitePath, true)
		if err != nil {
			log.Fatalln(err)
		}
	}
	if blackPath != "" {
		err := p.addEndpointListFromFile(blackPath, false)
		if err != nil {
			log.Fatalln(err)
		}
	}

	return &p
}

// addToEndpointListFromFile reads file line by line and calls
// addToEndpointList for each
// use t to choose list type: true for whitelist false for blacklist
func (p *proxy) addEndpointListFromFile(path string, t bool) error {
	f, err := os.Open(path)
	if err == nil {
		defer f.Close()
		s := bufio.NewScanner(f)
		for s.Scan() {
			err = p.addToEndpointList(s.Text(), t)
			if err != nil {
				return err
			}
		}
	}
	return err
}

// addToEndpointList compiles regex and adds it to an endpointList
// if regex is valid
// use t to choose list type: true for whitelist false for blacklist
func (p *proxy) addToEndpointList(r string, t bool) error {
	rgx, err := regexp.Compile(r)
	if err == nil {
		p.mutex.Lock()
		if t {
			p.endpointWhiteList = append(p.endpointWhiteList, rgx)
		} else {
			p.endpointBlackList = append(p.endpointBlackList, rgx)
		}
		p.mutex.Unlock()
	}
	return err
}

// checkEndpointList looks if r is in whitelist or blackllist
// returns true if endpoint is allowed
func (p *proxy) checkEndpointList(e string) bool {
	if p.endpointBlackList == nil && p.endpointWhiteList == nil {
		return true
	}

	for _, rgx := range p.endpointBlackList {
		if rgx.MatchString(e) {
			return false
		}
	}

	if p.endpointWhiteList == nil {
		return true
	}
	for _, rgx := range p.endpointWhiteList {
		if rgx.MatchString(e) {
			return true
		}
	}
	return false
}

// ServeHTTP satisfy HandlerFunc interface and
// log, authorize and forward requests
func (p *proxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	host := r.Host
	if host == "" {
		w.WriteHeader(http.StatusBadGateway)
		return
	}
	if !p.checkEndpointList(host) {
		p.requestLogger.Println(host, "FORBIDDEN")
		w.WriteHeader(http.StatusForbidden)
		return
	}

	rp := httputil.NewSingleHostReverseProxy(&url.URL{
		Scheme: "http",
		Host:   host,
	})
	t := time.Now()
	rp.ServeHTTP(w, r)
	p.requestLogger.Println(host, time.Since(t))
}

// run add localhost to blacklist and launch proxy
func (p *proxy) run(port string) {
	p.addToEndpointList("localhost", false)
	p.addToEndpointList("127.0.0.1", false)
	log.Fatal(http.ListenAndServe(":"+port, p))
}