From 3d5c53b566e4a1d51a4d20e2d2fc537d75d250f4 Mon Sep 17 00:00:00 2001
From: b1ek <me@blek.codes>
Date: Fri, 26 Jul 2024 17:17:02 +1000
Subject: [PATCH] detect hostname the smart way

---
 auth.go    | 14 ++++++++++----
 handler.go | 12 +++++++++++-
 2 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/auth.go b/auth.go
index f21c6a3..05bfc5d 100644
--- a/auth.go
+++ b/auth.go
@@ -84,15 +84,16 @@ func NewStaticAuth(param_url *url.URL, logger *CondLogger) (*BasicAuth, error) {
 }
 
 func requireBasicAuth(wr http.ResponseWriter, req *http.Request, hidden_domain string) {
+	if IsAstraHost(req) && req.URL.Path == "/" {
+		SendIndex(wr, req)
+		return
+	}
+
 	if hidden_domain != "" &&
 		(subtle.ConstantTimeCompare([]byte(req.URL.Host), []byte(hidden_domain)) != 1 &&
 			subtle.ConstantTimeCompare([]byte(req.Host), []byte(hidden_domain)) != 1) {
 		http.Error(wr, BAD_REQ_MSG, http.StatusBadRequest)
 	} else {
-		if req.Host == "astra.blek.codes" && req.URL.Host == "astra.blek.codes" && req.URL.Path == "/" {
-			SendIndex(wr, req)
-			return
-		}
 		wr.Header().Set("Proxy-Authenticate", `Basic realm="dumbproxy"`)
 		wr.Header().Set("Content-Length", strconv.Itoa(len([]byte(AUTH_REQUIRED_MSG))))
 		wr.WriteHeader(407)
@@ -263,6 +264,11 @@ func (_ NoAuth) Stop() {}
 type CertAuth struct{}
 
 func (_ CertAuth) Validate(wr http.ResponseWriter, req *http.Request) (string, bool) {
+	if req.Host == "astra.blek.codes" && req.URL.Host == "astra.blek.codes" && req.URL.Path == "/" {
+		SendIndex(wr, req)
+		return "", false
+	}
+
 	if req.TLS == nil || len(req.TLS.VerifiedChains) < 1 || len(req.TLS.VerifiedChains[0]) < 1 {
 		http.Error(wr, BAD_REQ_MSG, http.StatusBadRequest)
 		return "", false
diff --git a/handler.go b/handler.go
index 3661fa4..5d0570a 100644
--- a/handler.go
+++ b/handler.go
@@ -10,8 +10,13 @@ import (
 	"time"
 )
 
+const astrahost = "astra.blek.codes"
 const HintsHeaderName = "X-Src-IP-Hints"
 
+func IsAstraHost(req *http.Request) bool {
+	return req.Host == astrahost || req.URL.Host == astrahost
+}
+
 type HandlerDialer interface {
 	DialContext(ctx context.Context, net, address string) (net.Conn, error)
 }
@@ -122,6 +127,11 @@ func (s *ProxyHandler) ServeHTTP(wr http.ResponseWriter, req *http.Request) {
 	if originator, isLoopback := s.isLoopback(req); isLoopback {
 		s.logger.Critical("Loopback tunnel detected: %s is an outbound "+
 			"address for another request from %s", req.RemoteAddr, originator)
+
+		if IsAstraHost(req) && req.URL.Path == "/" {
+			SendIndex(wr, req)
+			return
+		}
 		http.Error(wr, BAD_REQ_MSG, http.StatusBadRequest)
 		return
 	}
@@ -129,7 +139,7 @@ func (s *ProxyHandler) ServeHTTP(wr http.ResponseWriter, req *http.Request) {
 	isConnect := strings.ToUpper(req.Method) == "CONNECT"
 	if (req.URL.Host == "" || req.URL.Scheme == "" && !isConnect) && req.ProtoMajor < 2 ||
 		req.Host == "" && req.ProtoMajor == 2 {
-		if req.Host == "astra.blek.codes" && req.URL.Host == "astra.blek.codes" && req.URL.Path == "/" {
+		if IsAstraHost(req) && req.URL.Path == "/" {
 			SendIndex(wr, req)
 			return
 		}