diff --git a/config/config.go b/config/config.go index 6bb586f..d5f2d63 100644 --- a/config/config.go +++ b/config/config.go @@ -376,6 +376,13 @@ type HTTPURLRewriteConfig struct { Replacement string } +type HTTPBodyRewriteConfig struct { + // filter by MIME types + Type string + Match string + Replacement string +} + type NodeFilterConfig struct { Host string `yaml:",omitempty" json:"host,omitempty"` Protocol string `yaml:",omitempty" json:"protocol,omitempty"` @@ -383,10 +390,16 @@ type NodeFilterConfig struct { } type HTTPNodeConfig struct { - Host string `yaml:",omitempty" json:"host,omitempty"` - Header map[string]string `yaml:",omitempty" json:"header,omitempty"` + // rewrite host header + Host string `yaml:",omitempty" json:"host,omitempty"` + // additional request header + Header map[string]string `yaml:",omitempty" json:"header,omitempty"` + // rewrite URL Rewrite []HTTPURLRewriteConfig `yaml:",omitempty" json:"rewrite,omitempty"` - Auth *AuthConfig `yaml:",omitempty" json:"auth,omitempty"` + // rewrite response body + RewriteBody []HTTPBodyRewriteConfig `yaml:"rewriteBody,omitempty" json:"rewriteBody,omitempty"` + // HTTP basic auth + Auth *AuthConfig `yaml:",omitempty" json:"auth,omitempty"` } type TLSNodeConfig struct { diff --git a/config/parsing/node/parse.go b/config/parsing/node/parse.go index 41fd58a..f99a305 100644 --- a/config/parsing/node/parse.go +++ b/config/parsing/node/parse.go @@ -193,12 +193,21 @@ func ParseNode(hop string, cfg *config.NodeConfig, log logger.Logger) (*chain.No } for _, v := range cfg.HTTP.Rewrite { if pattern, _ := regexp.Compile(v.Match); pattern != nil { - settings.Rewrite = append(settings.Rewrite, chain.HTTPURLRewriteSetting{ + settings.RewriteURL = append(settings.RewriteURL, chain.HTTPURLRewriteSetting{ Pattern: pattern, Replacement: v.Replacement, }) } } + for _, v := range cfg.HTTP.RewriteBody { + if pattern, _ := regexp.Compile(v.Match); pattern != nil { + settings.RewriteBody = append(settings.RewriteBody, chain.HTTPBodyRewriteSettings{ + Type: v.Type, + Pattern: pattern, + Replacement: []byte(v.Replacement), + }) + } + } opts = append(opts, chain.HTTPNodeOption(settings)) } diff --git a/go.mod b/go.mod index d65431a..cdb6f13 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d github.com/gin-contrib/cors v1.6.0 github.com/gin-gonic/gin v1.9.1 - github.com/go-gost/core v0.1.0 + github.com/go-gost/core v0.1.1 github.com/go-gost/gosocks4 v0.0.1 github.com/go-gost/gosocks5 v0.4.2 github.com/go-gost/plugin v0.0.0-20240103125338-9c84e29cb81a diff --git a/go.sum b/go.sum index c61997e..763f689 100644 --- a/go.sum +++ b/go.sum @@ -53,8 +53,8 @@ github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg= github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU= -github.com/go-gost/core v0.1.0 h1:LJJc8PIlRflE8ZIpxls+wYX1e8OGB0nUKJYh8HevM4U= -github.com/go-gost/core v0.1.0/go.mod h1:WGI43jOka7FAsSAwi/fSMaqxdR+E339ycb4NBGlFr6A= +github.com/go-gost/core v0.1.1 h1:8joR9KJYBvpurNu3i0zqN9orQthVzOjhtT4STumwNF0= +github.com/go-gost/core v0.1.1/go.mod h1:WGI43jOka7FAsSAwi/fSMaqxdR+E339ycb4NBGlFr6A= github.com/go-gost/gosocks4 v0.0.1 h1:+k1sec8HlELuQV7rWftIkmy8UijzUt2I6t+iMPlGB2s= github.com/go-gost/gosocks4 v0.0.1/go.mod h1:3B6L47HbU/qugDg4JnoFPHgJXE43Inz8Bah1QaN9qCc= github.com/go-gost/gosocks5 v0.4.2 h1:IianxHTkACPqCwiOAT3MHoMdSUl+SEPSRu1ikawC1Pc= diff --git a/handler/forward/local/handler.go b/handler/forward/local/handler.go index f076d2b..b27e352 100644 --- a/handler/forward/local/handler.go +++ b/handler/forward/local/handler.go @@ -2,6 +2,7 @@ package local import ( "bufio" + "bytes" "context" "crypto/tls" "errors" @@ -179,8 +180,9 @@ func (h *forwardHandler) Handle(ctx context.Context, conn net.Conn, opts ...hand func (h *forwardHandler) handleHTTP(ctx context.Context, rw io.ReadWriter, remoteAddr net.Addr, log logger.Logger) (err error) { br := bufio.NewReader(rw) - var cc net.Conn for { + var cc net.Conn + resp := &http.Response{ ProtoMajor: 1, ProtoMinor: 1, @@ -241,6 +243,7 @@ func (h *forwardHandler) handleHTTP(ctx context.Context, rw io.ReadWriter, remot }) log.Debugf("find node for host %s -> %s(%s)", req.Host, target.Name, target.Addr) + var bodyRewrites []chain.HTTPBodyRewriteSettings if httpSettings := target.Options().HTTP; httpSettings != nil { if auther := httpSettings.Auther; auther != nil { username, password, _ := req.BasicAuth() @@ -261,7 +264,7 @@ func (h *forwardHandler) handleHTTP(ctx context.Context, rw io.ReadWriter, remot req.Header.Set(k, v) } - for _, re := range httpSettings.Rewrite { + for _, re := range httpSettings.RewriteURL { if re.Pattern.MatchString(req.URL.Path) { if s := re.Pattern.ReplaceAllString(req.URL.Path, re.Replacement); s != "" { req.URL.Path = s @@ -269,6 +272,8 @@ func (h *forwardHandler) handleHTTP(ctx context.Context, rw io.ReadWriter, remot } } } + + bodyRewrites = httpSettings.RewriteBody } cc, err = h.options.Router.Dial(ctx, "tcp", target.Addr) @@ -329,6 +334,11 @@ func (h *forwardHandler) handleHTTP(ctx context.Context, rw io.ReadWriter, remot log.Trace(string(dump)) } + if err := h.rewriteBody(res, bodyRewrites...); err != nil { + log.Errorf("rewrite body: %v", err) + return + } + if err = res.Write(rw); err != nil { log.Errorf("write response from node %s(%s): %v", target.Name, target.Addr, err) } @@ -348,6 +358,54 @@ func (h *forwardHandler) handleHTTP(ctx context.Context, rw io.ReadWriter, remot return } +func (h *forwardHandler) rewriteBody(resp *http.Response, rewrites ...chain.HTTPBodyRewriteSettings) error { + if resp == nil || len(rewrites) == 0 || resp.ContentLength <= 0 { + return nil + } + + if encoding := resp.Header.Get("Content-Encoding"); encoding != "" { + return nil + } + + body, err := drainBody(resp.Body) + if err != nil || body == nil { + return err + } + + contentType, _, _ := strings.Cut(resp.Header.Get("Content-Type"), ";") + for _, rewrite := range rewrites { + rewriteType := rewrite.Type + if rewriteType == "" { + rewriteType = "text/html" + } + if rewriteType != "*" && !strings.Contains(rewriteType, contentType) { + continue + } + + body = rewrite.Pattern.ReplaceAll(body, rewrite.Replacement) + } + + resp.Body = io.NopCloser(bytes.NewReader(body)) + resp.ContentLength = int64(len(body)) + + return nil +} + +func drainBody(b io.ReadCloser) (body []byte, err error) { + if b == nil || b == http.NoBody { + // No copying needed. Preserve the magic sentinel meaning of NoBody. + return nil, nil + } + var buf bytes.Buffer + if _, err = buf.ReadFrom(b); err != nil { + return nil, err + } + if err = b.Close(); err != nil { + return nil, err + } + return buf.Bytes(), nil +} + func (h *forwardHandler) checkRateLimit(addr net.Addr) bool { if h.options.RateLimiter == nil { return true diff --git a/handler/forward/remote/handler.go b/handler/forward/remote/handler.go index 82fad11..23ec8e9 100644 --- a/handler/forward/remote/handler.go +++ b/handler/forward/remote/handler.go @@ -2,6 +2,7 @@ package remote import ( "bufio" + "bytes" "context" "crypto/tls" "errors" @@ -179,9 +180,9 @@ func (h *forwardHandler) Handle(ctx context.Context, conn net.Conn, opts ...hand func (h *forwardHandler) handleHTTP(ctx context.Context, rw io.ReadWriter, remoteAddr net.Addr, localAddr net.Addr, log logger.Logger) (err error) { br := bufio.NewReader(rw) - var cc net.Conn for { + var cc net.Conn resp := &http.Response{ ProtoMajor: 1, ProtoMinor: 1, @@ -242,6 +243,7 @@ func (h *forwardHandler) handleHTTP(ctx context.Context, rw io.ReadWriter, remot }) log.Debugf("find node for host %s -> %s(%s)", req.Host, target.Name, target.Addr) + var bodyRewrites []chain.HTTPBodyRewriteSettings if httpSettings := target.Options().HTTP; httpSettings != nil { if auther := httpSettings.Auther; auther != nil { username, password, _ := req.BasicAuth() @@ -261,7 +263,7 @@ func (h *forwardHandler) handleHTTP(ctx context.Context, rw io.ReadWriter, remot req.Header.Set(k, v) } - for _, re := range httpSettings.Rewrite { + for _, re := range httpSettings.RewriteURL { if re.Pattern.MatchString(req.URL.Path) { if s := re.Pattern.ReplaceAllString(req.URL.Path, re.Replacement); s != "" { req.URL.Path = s @@ -269,6 +271,8 @@ func (h *forwardHandler) handleHTTP(ctx context.Context, rw io.ReadWriter, remot } } } + + bodyRewrites = httpSettings.RewriteBody } cc, err = h.options.Router.Dial(ctx, "tcp", target.Addr) @@ -331,6 +335,11 @@ func (h *forwardHandler) handleHTTP(ctx context.Context, rw io.ReadWriter, remot log.Trace(string(dump)) } + if err := h.rewriteBody(res, bodyRewrites...); err != nil { + log.Errorf("rewrite body: %v", err) + return + } + if err = res.Write(rw); err != nil { log.Errorf("write response from node %s(%s): %v", target.Name, target.Addr, err) } @@ -350,6 +359,50 @@ func (h *forwardHandler) handleHTTP(ctx context.Context, rw io.ReadWriter, remot return } +func (h *forwardHandler) rewriteBody(resp *http.Response, rewrites ...chain.HTTPBodyRewriteSettings) error { + if resp == nil || len(rewrites) == 0 || resp.ContentLength <= 0 { + return nil + } + + body, err := drainBody(resp.Body) + if err != nil || body == nil { + return err + } + + contentType, _, _ := strings.Cut(resp.Header.Get("Content-Type"), ";") + for _, rewrite := range rewrites { + rewriteType := rewrite.Type + if rewriteType == "" { + rewriteType = "text/html" + } + if rewriteType != "*" && !strings.Contains(rewriteType, contentType) { + continue + } + + body = rewrite.Pattern.ReplaceAll(body, rewrite.Replacement) + } + + resp.Body = io.NopCloser(bytes.NewReader(body)) + resp.ContentLength = int64(len(body)) + + return nil +} + +func drainBody(b io.ReadCloser) (body []byte, err error) { + if b == nil || b == http.NoBody { + // No copying needed. Preserve the magic sentinel meaning of NoBody. + return nil, nil + } + var buf bytes.Buffer + if _, err = buf.ReadFrom(b); err != nil { + return nil, err + } + if err = b.Close(); err != nil { + return nil, err + } + return buf.Bytes(), nil +} + func (h *forwardHandler) checkRateLimit(addr net.Addr) bool { if h.options.RateLimiter == nil { return true