618cc7fd9c
tokenTransport now delegates CloseIdleConnections to the underlying *http.Transport so http.Client.CloseIdleConnections() works through the wrapper. Three plugin Close() methods updated to unwrap via HTTPClientTransport before calling CloseIdleConnections. RoundTrip now short-circuits when caller already set Authorization, avoiding an unnecessary req.Clone allocation on the pass-through path.
130 lines
2.8 KiB
Go
130 lines
2.8 KiB
Go
package bypass
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"encoding/json"
|
|
"net/http"
|
|
|
|
"github.com/go-gost/core/bypass"
|
|
"github.com/go-gost/core/logger"
|
|
ctxvalue "github.com/go-gost/x/ctx"
|
|
"github.com/go-gost/x/internal/plugin"
|
|
)
|
|
|
|
// httpPluginRequest is the JSON payload sent to a remote HTTP bypass service.
|
|
type httpPluginRequest struct {
|
|
Service string `json:"service"`
|
|
Network string `json:"network"`
|
|
Addr string `json:"addr"`
|
|
Client string `json:"client"`
|
|
Host string `json:"host"`
|
|
Path string `json:"path"`
|
|
}
|
|
|
|
// httpPluginResponse is the JSON response from a remote HTTP bypass service.
|
|
type httpPluginResponse struct {
|
|
OK bool `json:"ok"`
|
|
}
|
|
|
|
// httpPlugin delegates bypass decisions to a remote HTTP service.
|
|
// All error paths return true (fail-open) so that a down plugin
|
|
// does not block traffic.
|
|
type httpPlugin struct {
|
|
url string
|
|
client *http.Client
|
|
header http.Header
|
|
log logger.Logger
|
|
}
|
|
|
|
// NewHTTPPlugin creates a Bypass that delegates decisions to an HTTP
|
|
// bypass service at url. The service should accept POST requests with
|
|
// a JSON body and return {"ok": true/false}.
|
|
func NewHTTPPlugin(name string, url string, opts ...plugin.Option) bypass.Bypass {
|
|
var options plugin.Options
|
|
for _, opt := range opts {
|
|
opt(&options)
|
|
}
|
|
|
|
return &httpPlugin{
|
|
url: url,
|
|
client: plugin.NewHTTPClient(&options),
|
|
header: options.Header,
|
|
log: logger.Default().WithFields(map[string]any{
|
|
"kind": "bypass",
|
|
"bypass": name,
|
|
}),
|
|
}
|
|
}
|
|
|
|
func (p *httpPlugin) Contains(ctx context.Context, network, addr string, opts ...bypass.Option) bool {
|
|
if p.client == nil {
|
|
return true
|
|
}
|
|
|
|
log := p.log
|
|
if log == nil {
|
|
log = logger.Default()
|
|
}
|
|
|
|
var options bypass.Options
|
|
for _, opt := range opts {
|
|
opt(&options)
|
|
}
|
|
|
|
rb := httpPluginRequest{
|
|
Service: options.Service,
|
|
Network: network,
|
|
Addr: addr,
|
|
Client: string(ctxvalue.ClientIDFromContext(ctx)),
|
|
Host: options.Host,
|
|
Path: options.Path,
|
|
}
|
|
v, err := json.Marshal(&rb)
|
|
if err != nil {
|
|
log.Error(err)
|
|
return true
|
|
}
|
|
|
|
req, err := http.NewRequestWithContext(ctx, http.MethodPost, p.url, bytes.NewReader(v))
|
|
if err != nil {
|
|
log.Error(err)
|
|
return true
|
|
}
|
|
|
|
if p.header != nil {
|
|
req.Header = p.header.Clone()
|
|
}
|
|
req.Header.Set("Content-Type", "application/json")
|
|
resp, err := p.client.Do(req)
|
|
if err != nil {
|
|
log.Error(err)
|
|
return true
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
if resp.StatusCode != http.StatusOK {
|
|
return true
|
|
}
|
|
|
|
res := httpPluginResponse{}
|
|
if err := json.NewDecoder(resp.Body).Decode(&res); err != nil {
|
|
log.Error(err)
|
|
return true
|
|
}
|
|
return res.OK
|
|
}
|
|
|
|
func (p *httpPlugin) Close() error {
|
|
if p.client != nil {
|
|
if tr := plugin.HTTPClientTransport(p.client); tr != nil {
|
|
tr.CloseIdleConnections()
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (p *httpPlugin) IsWhitelist() bool {
|
|
return false
|
|
}
|