blek
/
astraproxy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

polish

This commit is contained in:
Vladislav Yarmak 2020-05-25 00:24:46 +03:00
parent 46d02aa184
commit 5bfd878a4f
3 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -11,6 +11,7 @@ Dumbiest HTTP proxy ever.
* Supports CONNECT method and forwarding of HTTPS connections * Supports CONNECT method and forwarding of HTTPS connections
* Supports `Basic` proxy authentication * Supports `Basic` proxy authentication
* Supports TLS operation mode (HTTP(S) proxy over TLS) * Supports TLS operation mode (HTTP(S) proxy over TLS)
* Supports client authentication with client TLS certificates
* Supports HTTP/2 * Supports HTTP/2
* Resilient to DPI (including active probing, see `hidden_domain` option for authentication providers) * Resilient to DPI (including active probing, see `hidden_domain` option for authentication providers)

5
auth.go
View File

@ -14,6 +14,7 @@ import (
) )
const AUTH_REQUIRED_MSG = "Proxy authentication required.\n" const AUTH_REQUIRED_MSG = "Proxy authentication required.\n"
const BAD_REQ_MSG = "Bad Request\n"
type Auth interface { type Auth interface {
Validate(wr http.ResponseWriter, req *http.Request) bool Validate(wr http.ResponseWriter, req *http.Request) bool
@ -68,7 +69,7 @@ func requireBasicAuth(wr http.ResponseWriter, req *http.Request, hidden_domain s
if hidden_domain != "" && if hidden_domain != "" &&
(subtle.ConstantTimeCompare([]byte(req.URL.Host), []byte(hidden_domain)) != 1 && (subtle.ConstantTimeCompare([]byte(req.URL.Host), []byte(hidden_domain)) != 1 &&
subtle.ConstantTimeCompare([]byte(req.Host), []byte(hidden_domain)) != 1) { subtle.ConstantTimeCompare([]byte(req.Host), []byte(hidden_domain)) != 1) {
http.Error(wr, "Bad Request", http.StatusBadRequest) http.Error(wr, BAD_REQ_MSG, http.StatusBadRequest)
} else { } else {
wr.Header().Set("Proxy-Authenticate", `Basic realm="dumbproxy"`) wr.Header().Set("Proxy-Authenticate", `Basic realm="dumbproxy"`)
wr.Header().Set("Content-Length", strconv.Itoa(len([]byte(AUTH_REQUIRED_MSG)))) wr.Header().Set("Content-Length", strconv.Itoa(len([]byte(AUTH_REQUIRED_MSG))))
@ -184,7 +185,7 @@ type CertAuth struct {}
func (_ CertAuth) Validate(wr http.ResponseWriter, req *http.Request) bool { func (_ CertAuth) Validate(wr http.ResponseWriter, req *http.Request) bool {
if req.TLS == nil || len(req.TLS.VerifiedChains) < 1 { if req.TLS == nil || len(req.TLS.VerifiedChains) < 1 {
http.Error(wr, "Forbidden", http.StatusForbidden) http.Error(wr, BAD_REQ_MSG, http.StatusBadRequest)
return false return false
} else { } else {
return true return true

2
handler.go
View File

@ -89,7 +89,7 @@ func (s *ProxyHandler) ServeHTTP(wr http.ResponseWriter, req *http.Request) {
isConnect := strings.ToUpper(req.Method) == "CONNECT" isConnect := strings.ToUpper(req.Method) == "CONNECT"
if (req.URL.Host == "" || req.URL.Scheme == "" && !isConnect) && req.ProtoMajor < 2 || if (req.URL.Host == "" || req.URL.Scheme == "" && !isConnect) && req.ProtoMajor < 2 ||
req.Host == "" && req.ProtoMajor == 2 { req.Host == "" && req.ProtoMajor == 2 {
http.Error(wr, "Bad Request", http.StatusBadRequest) http.Error(wr, BAD_REQ_MSG, http.StatusBadRequest)
return return
} }
if !s.auth.Validate(wr, req) { if !s.auth.Validate(wr, req) {