Files
x/handler/http/util.go
T
ginuerzh 23b58ddd23 refactor(handler/http): extract Authenticator, SnifferBuilder, and normalizeRequest as testable units
Extract three pure-logic components from httpHandler to eliminate I/O
coupling from auth and sniffing construction, enabling synchronous unit
tests and reducing per-request allocation in sniffAndHandle:

- Authenticator struct with AuthResult return type — auth decisions no
  longer write to the connection; callers handle response I/O. Auth
  tests drop net.Pipe/goroutines for direct return-value assertions.
- SnifferBuilder pre-built in Init and reused per-connection via Build(),
  replacing inline sniffing.Sniffer{} construction in sniffAndHandle.
- normalizeRequest extracted to util.go with NormalizedRequest type,
  collapsing 20 lines of inline URL/normalisation into a single call.
- knockMatch extracted as standalone pure function.
- clampBodySize exported as ClampBodySize for cross-package use.
- util_test.go with 22 tests covering utility functions.
- helpers_test.go consolidates shared test fakes (logger, observer, conn).
2026-05-29 00:14:44 +08:00

135 lines
4.0 KiB
Go

package http
import (
"encoding/base64"
"encoding/binary"
"errors"
"hash/crc32"
"net"
"net/http"
"strings"
"github.com/asaskevich/govalidator"
"golang.org/x/net/http/httpguts"
)
// decodeServerName decodes a GOST v2 Gost-Target / X-Gost-Target header
// value. The encoding is: base64(CRC32(hostname) + base64(hostname)).
// It verifies the CRC32 checksum before returning the decoded hostname.
func decodeServerName(s string) (string, error) {
b, err := base64.RawURLEncoding.DecodeString(s)
if err != nil {
return "", err
}
if len(b) < 4 {
return "", errors.New("invalid name")
}
v, err := base64.RawURLEncoding.DecodeString(string(b[4:]))
if err != nil {
return "", err
}
if crc32.ChecksumIEEE(v) != binary.BigEndian.Uint32(b[:4]) {
return "", errors.New("invalid name")
}
return string(v), nil
}
// basicProxyAuth extracts the username and password from an HTTP Basic
// authentication Proxy-Authorization header value. It returns ok=false
// if the value is empty, not a Basic scheme, or not valid base64.
func basicProxyAuth(proxyAuth string) (username, password string, ok bool) {
if proxyAuth == "" {
return
}
if !strings.HasPrefix(proxyAuth, "Basic ") {
return
}
c, err := base64.StdEncoding.DecodeString(strings.TrimPrefix(proxyAuth, "Basic "))
if err != nil {
return
}
cs := string(c)
username, password, ok = strings.Cut(cs, ":")
if !ok {
return
}
return username, password, true
}
// upgradeType returns the upgrade protocol token from an HTTP header.
// It returns "" if the Connection header does not include an "Upgrade"
// token or if the Upgrade header is absent.
func upgradeType(h http.Header) string {
if !httpguts.HeaderValuesContainsToken(h["Connection"], "Upgrade") {
return ""
}
return h.Get("Upgrade")
}
// normalizeHostPort ensures a host string includes a port. If the host
// already contains a port, it is returned unchanged. Otherwise the
// defaultPort is appended. IPv6 addresses are correctly handled: bare
// addresses get bracketed by net.JoinHostPort, and bracketed addresses
// are stripped of brackets before re-joining.
func normalizeHostPort(host, defaultPort string) string {
if _, port, _ := net.SplitHostPort(host); port == "" {
return net.JoinHostPort(strings.Trim(host, "[]"), defaultPort)
}
return host
}
// buildConnectResponse returns the raw bytes of an HTTP 200 Connection
// established response with the given Proxy-Agent header.
func buildConnectResponse(proxyAgent string) []byte {
return []byte("HTTP/1.1 200 Connection established\r\n" +
"Proxy-Agent: " + proxyAgent + "\r\n\r\n")
}
// NormalizedRequest holds the parsed target address and network from an
// HTTP proxy request after URL inference, GOST v2 compatibility decoding,
// and host normalisation.
type NormalizedRequest struct {
Network string // "tcp" or "udp"
Addr string // host:port (default port appended when absent)
}
// normalizeRequest extracts the target address and network from an HTTP
// request. It infers the URL scheme when absent, decodes GOST v2
// compatibility headers (Gost-Target, X-Gost-Target), detects the
// transport protocol from X-Gost-Protocol, and normalises the host to
// include a port.
//
// The function mutates req.URL.Scheme and req.Host as side effects so
// that the caller's request reflects the inferred target.
func normalizeRequest(req *http.Request) *NormalizedRequest {
if !req.URL.IsAbs() {
host := req.Host
if h, _, err := net.SplitHostPort(host); err == nil {
host = h
}
if govalidator.IsDNSName(host) || net.ParseIP(host) != nil {
req.URL.Scheme = "http"
}
}
network := req.Header.Get("X-Gost-Protocol")
if network != "udp" {
network = "tcp"
}
if v := req.Header.Get("Gost-Target"); v != "" {
if h, err := decodeServerName(v); err == nil {
req.Host = h
}
}
if v := req.Header.Get("X-Gost-Target"); v != "" {
if h, err := decodeServerName(v); err == nil {
req.Host = h
}
}
addr := normalizeHostPort(req.Host, "80")
return &NormalizedRequest{Network: network, Addr: addr}
}