mirror of https://github.com/XTLS/Xray-core
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
321 lines
7.1 KiB
321 lines
7.1 KiB
package http
|
|
|
|
import (
|
|
"bufio"
|
|
"bytes"
|
|
"context"
|
|
"io"
|
|
"net"
|
|
"net/http"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/xtls/xray-core/common"
|
|
"github.com/xtls/xray-core/common/buf"
|
|
"github.com/xtls/xray-core/common/errors"
|
|
)
|
|
|
|
const (
|
|
// CRLF is the line ending in HTTP header
|
|
CRLF = "\r\n"
|
|
|
|
// ENDING is the double line ending between HTTP header and body.
|
|
ENDING = CRLF + CRLF
|
|
|
|
// max length of HTTP header. Safety precaution for DDoS attack.
|
|
maxHeaderLength = 8192
|
|
)
|
|
|
|
var (
|
|
ErrHeaderToLong = errors.New("Header too long.")
|
|
|
|
ErrHeaderMisMatch = errors.New("Header Mismatch.")
|
|
)
|
|
|
|
type Reader interface {
|
|
Read(io.Reader) (*buf.Buffer, error)
|
|
}
|
|
|
|
type Writer interface {
|
|
Write(io.Writer) error
|
|
}
|
|
|
|
type NoOpReader struct{}
|
|
|
|
func (NoOpReader) Read(io.Reader) (*buf.Buffer, error) {
|
|
return nil, nil
|
|
}
|
|
|
|
type NoOpWriter struct{}
|
|
|
|
func (NoOpWriter) Write(io.Writer) error {
|
|
return nil
|
|
}
|
|
|
|
type HeaderReader struct {
|
|
req *http.Request
|
|
expectedHeader *RequestConfig
|
|
}
|
|
|
|
func (h *HeaderReader) ExpectThisRequest(expectedHeader *RequestConfig) *HeaderReader {
|
|
h.expectedHeader = expectedHeader
|
|
return h
|
|
}
|
|
|
|
func (h *HeaderReader) Read(reader io.Reader) (*buf.Buffer, error) {
|
|
buffer := buf.New()
|
|
totalBytes := int32(0)
|
|
endingDetected := false
|
|
|
|
var headerBuf bytes.Buffer
|
|
|
|
for totalBytes < maxHeaderLength {
|
|
_, err := buffer.ReadFrom(reader)
|
|
if err != nil {
|
|
buffer.Release()
|
|
return nil, err
|
|
}
|
|
if n := bytes.Index(buffer.Bytes(), []byte(ENDING)); n != -1 {
|
|
headerBuf.Write(buffer.BytesRange(0, int32(n+len(ENDING))))
|
|
buffer.Advance(int32(n + len(ENDING)))
|
|
endingDetected = true
|
|
break
|
|
}
|
|
lenEnding := int32(len(ENDING))
|
|
if buffer.Len() >= lenEnding {
|
|
totalBytes += buffer.Len() - lenEnding
|
|
headerBuf.Write(buffer.BytesRange(0, buffer.Len()-lenEnding))
|
|
leftover := buffer.BytesFrom(-lenEnding)
|
|
buffer.Clear()
|
|
copy(buffer.Extend(lenEnding), leftover)
|
|
|
|
if _, err := readRequest(bufio.NewReader(bytes.NewReader(headerBuf.Bytes()))); err != io.ErrUnexpectedEOF {
|
|
return nil, err
|
|
}
|
|
}
|
|
}
|
|
|
|
if !endingDetected {
|
|
buffer.Release()
|
|
return nil, ErrHeaderToLong
|
|
}
|
|
|
|
if h.expectedHeader == nil {
|
|
if buffer.IsEmpty() {
|
|
buffer.Release()
|
|
return nil, nil
|
|
}
|
|
return buffer, nil
|
|
}
|
|
|
|
// Parse the request
|
|
if req, err := readRequest(bufio.NewReader(bytes.NewReader(headerBuf.Bytes()))); err != nil {
|
|
return nil, err
|
|
} else {
|
|
h.req = req
|
|
}
|
|
|
|
// Check req
|
|
path := h.req.URL.Path
|
|
hasThisURI := false
|
|
for _, u := range h.expectedHeader.Uri {
|
|
if u == path {
|
|
hasThisURI = true
|
|
}
|
|
}
|
|
|
|
if !hasThisURI {
|
|
return nil, ErrHeaderMisMatch
|
|
}
|
|
|
|
if buffer.IsEmpty() {
|
|
buffer.Release()
|
|
return nil, nil
|
|
}
|
|
|
|
return buffer, nil
|
|
}
|
|
|
|
type HeaderWriter struct {
|
|
header *buf.Buffer
|
|
}
|
|
|
|
func NewHeaderWriter(header *buf.Buffer) *HeaderWriter {
|
|
return &HeaderWriter{
|
|
header: header,
|
|
}
|
|
}
|
|
|
|
func (w *HeaderWriter) Write(writer io.Writer) error {
|
|
if w.header == nil {
|
|
return nil
|
|
}
|
|
err := buf.WriteAllBytes(writer, w.header.Bytes(), nil)
|
|
w.header.Release()
|
|
w.header = nil
|
|
return err
|
|
}
|
|
|
|
type Conn struct {
|
|
net.Conn
|
|
|
|
readBuffer *buf.Buffer
|
|
oneTimeReader Reader
|
|
oneTimeWriter Writer
|
|
errorWriter Writer
|
|
errorMismatchWriter Writer
|
|
errorTooLongWriter Writer
|
|
errReason error
|
|
}
|
|
|
|
func NewConn(conn net.Conn, reader Reader, writer Writer, errorWriter Writer, errorMismatchWriter Writer, errorTooLongWriter Writer) *Conn {
|
|
return &Conn{
|
|
Conn: conn,
|
|
oneTimeReader: reader,
|
|
oneTimeWriter: writer,
|
|
errorWriter: errorWriter,
|
|
errorMismatchWriter: errorMismatchWriter,
|
|
errorTooLongWriter: errorTooLongWriter,
|
|
}
|
|
}
|
|
|
|
func (c *Conn) Read(b []byte) (int, error) {
|
|
if c.oneTimeReader != nil {
|
|
buffer, err := c.oneTimeReader.Read(c.Conn)
|
|
if err != nil {
|
|
c.errReason = err
|
|
return 0, err
|
|
}
|
|
c.readBuffer = buffer
|
|
c.oneTimeReader = nil
|
|
}
|
|
|
|
if !c.readBuffer.IsEmpty() {
|
|
nBytes, _ := c.readBuffer.Read(b)
|
|
if c.readBuffer.IsEmpty() {
|
|
c.readBuffer.Release()
|
|
c.readBuffer = nil
|
|
}
|
|
return nBytes, nil
|
|
}
|
|
|
|
return c.Conn.Read(b)
|
|
}
|
|
|
|
// Write implements io.Writer.
|
|
func (c *Conn) Write(b []byte) (int, error) {
|
|
if c.oneTimeWriter != nil {
|
|
err := c.oneTimeWriter.Write(c.Conn)
|
|
c.oneTimeWriter = nil
|
|
if err != nil {
|
|
return 0, err
|
|
}
|
|
}
|
|
|
|
return c.Conn.Write(b)
|
|
}
|
|
|
|
// Close implements net.Conn.Close().
|
|
func (c *Conn) Close() error {
|
|
if c.oneTimeWriter != nil && c.errorWriter != nil {
|
|
// Connection is being closed but header wasn't sent. This means the client request
|
|
// is probably not valid. Sending back a server error header in this case.
|
|
|
|
// Write response based on error reason
|
|
switch c.errReason {
|
|
case ErrHeaderMisMatch:
|
|
c.errorMismatchWriter.Write(c.Conn)
|
|
case ErrHeaderToLong:
|
|
c.errorTooLongWriter.Write(c.Conn)
|
|
default:
|
|
c.errorWriter.Write(c.Conn)
|
|
}
|
|
}
|
|
|
|
return c.Conn.Close()
|
|
}
|
|
|
|
func formResponseHeader(config *ResponseConfig) *HeaderWriter {
|
|
header := buf.New()
|
|
common.Must2(header.WriteString(strings.Join([]string{config.GetFullVersion(), config.GetStatusValue().Code, config.GetStatusValue().Reason}, " ")))
|
|
common.Must2(header.WriteString(CRLF))
|
|
|
|
headers := config.PickHeaders()
|
|
for _, h := range headers {
|
|
common.Must2(header.WriteString(h))
|
|
common.Must2(header.WriteString(CRLF))
|
|
}
|
|
if !config.HasHeader("Date") {
|
|
common.Must2(header.WriteString("Date: "))
|
|
common.Must2(header.WriteString(time.Now().Format(http.TimeFormat)))
|
|
common.Must2(header.WriteString(CRLF))
|
|
}
|
|
common.Must2(header.WriteString(CRLF))
|
|
return &HeaderWriter{
|
|
header: header,
|
|
}
|
|
}
|
|
|
|
type Authenticator struct {
|
|
config *Config
|
|
}
|
|
|
|
func (a Authenticator) GetClientWriter() *HeaderWriter {
|
|
header := buf.New()
|
|
config := a.config.Request
|
|
common.Must2(header.WriteString(strings.Join([]string{config.GetMethodValue(), config.PickURI(), config.GetFullVersion()}, " ")))
|
|
common.Must2(header.WriteString(CRLF))
|
|
|
|
headers := config.PickHeaders()
|
|
for _, h := range headers {
|
|
common.Must2(header.WriteString(h))
|
|
common.Must2(header.WriteString(CRLF))
|
|
}
|
|
common.Must2(header.WriteString(CRLF))
|
|
return &HeaderWriter{
|
|
header: header,
|
|
}
|
|
}
|
|
|
|
func (a Authenticator) GetServerWriter() *HeaderWriter {
|
|
return formResponseHeader(a.config.Response)
|
|
}
|
|
|
|
func (a Authenticator) Client(conn net.Conn) net.Conn {
|
|
if a.config.Request == nil && a.config.Response == nil {
|
|
return conn
|
|
}
|
|
var reader Reader = NoOpReader{}
|
|
if a.config.Request != nil {
|
|
reader = new(HeaderReader)
|
|
}
|
|
|
|
var writer Writer = NoOpWriter{}
|
|
if a.config.Response != nil {
|
|
writer = a.GetClientWriter()
|
|
}
|
|
return NewConn(conn, reader, writer, NoOpWriter{}, NoOpWriter{}, NoOpWriter{})
|
|
}
|
|
|
|
func (a Authenticator) Server(conn net.Conn) net.Conn {
|
|
if a.config.Request == nil && a.config.Response == nil {
|
|
return conn
|
|
}
|
|
return NewConn(conn, new(HeaderReader).ExpectThisRequest(a.config.Request), a.GetServerWriter(),
|
|
formResponseHeader(resp400),
|
|
formResponseHeader(resp404),
|
|
formResponseHeader(resp400))
|
|
}
|
|
|
|
func NewAuthenticator(ctx context.Context, config *Config) (Authenticator, error) {
|
|
return Authenticator{
|
|
config: config,
|
|
}, nil
|
|
}
|
|
|
|
func init() {
|
|
common.Must(common.RegisterConfig((*Config)(nil), func(ctx context.Context, config interface{}) (interface{}, error) {
|
|
return NewAuthenticator(ctx, config.(*Config))
|
|
}))
|
|
}
|