fionera
/
transfer.sh
atdalīts no kiska/transfer.sh
1
0
Atdalīts 0
Kods Problēmas 0 Izmaiņu pieprasījumi 0 Laidieni 0 Vikivietne Aktivitāte
Nevar pievienot vairāk kā 25 tēmas Tēmai ir jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un var būt līdz 35 simboliem gara.
239 Revīzijas
9 Atzari
34 MiB
 
 
 
Koks: 032dffb3ae
Atzari Tagi
${ item.name }
Izveidot atzaru ${ searchTerm }
no '032dffb3ae'
${ noResults }
transfer.sh/vendor/cloud.google.com/go/httpreplay/internal/proxy/record.go

230 rindas
6.6 KiB
Neapstrādāts Vainot Vēsture 

  1. // Copyright 2018 Google LLC

  2. //

  3. // Licensed under the Apache License, Version 2.0 (the "License");

  4. // you may not use this file except in compliance with the License.

  5. // You may obtain a copy of the License at

  6. //

  7. //      http://www.apache.org/licenses/LICENSE-2.0

  8. //

  9. // Unless required by applicable law or agreed to in writing, software

  10. // distributed under the License is distributed on an "AS IS" BASIS,

  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  12. // See the License for the specific language governing permissions and

  13. // limitations under the License.

  14. 

  15. // +build go1.8

  16. 

  17. // The proxy package provides a record/replay HTTP proxy. It is designed to support

  18. // both an in-memory API (cloud.google.com/go/httpreplay) and a standalone server

  19. // (cloud.google.com/go/httpreplay/cmd/httpr).

  20. package proxy

  21. 

  22. // See github.com/google/martian/cmd/proxy/main.go for the origin of much of this.

  23. 

  24. import (

  25. 	"crypto/tls"

  26. 	"crypto/x509"

  27. 	"encoding/json"

  28. 	"fmt"

  29. 	"io/ioutil"

  30. 	"net"

  31. 	"net/http"

  32. 	"net/url"

  33. 	"strings"

  34. 	"time"

  35. 

  36. 	"github.com/google/martian"

  37. 	"github.com/google/martian/fifo"

  38. 	"github.com/google/martian/har"

  39. 	"github.com/google/martian/httpspec"

  40. 	"github.com/google/martian/martianlog"

  41. 	"github.com/google/martian/mitm"

  42. )

  43. 

  44. // A Proxy is an HTTP proxy that supports recording or replaying requests.

  45. type Proxy struct {

  46. 	// The certificate that the proxy uses to participate in TLS.

  47. 	CACert *x509.Certificate

  48. 

  49. 	// The URL of the proxy.

  50. 	URL *url.URL

  51. 

  52. 	// Initial state of the client.

  53. 	Initial []byte

  54. 

  55. 	mproxy   *martian.Proxy

  56. 	filename string      // for log

  57. 	logger   *har.Logger // for recording only

  58. }

  59. 

  60. // ForRecording returns a Proxy configured to record.

  61. func ForRecording(filename string, port int) (*Proxy, error) {

  62. 	p, err := newProxy(filename)

  63. 	if err != nil {

  64. 		return nil, err

  65. 	}

  66. 	// Configure the transport for the proxy's outgoing traffic. We MUST use

  67. 	// DialContext and not Dial. In Go 1.10, Setting Dial (but not DialContext)

  68. 	// disables HTTP2, and that gives different behavior than http.DefaultTransport.

  69. 	// (For example, GET

  70. 	// https://storage.googleapis.com/storage-library-test-bucket/gzipped-text.txt

  71. 	// with an "Accept-Encoding: gzip" header returns a Content-Length header with

  72. 	// HTTP2, but not HTTP1.)

  73. 	// We must also hide the type http.Transport from martian, because it looks for

  74. 	// http.Transport and sets the Dial field!

  75. 	p.mproxy.SetRoundTripper((*hideTransport)(&http.Transport{

  76. 		DialContext: (&net.Dialer{

  77. 			Timeout:   30 * time.Second,

  78. 			KeepAlive: 30 * time.Second,

  79. 		}).DialContext,

  80. 		TLSHandshakeTimeout:   10 * time.Second,

  81. 		ExpectContinueTimeout: time.Second,

  82. 	}))

  83. 

  84. 	// Construct a group that performs the standard proxy stack of request/response

  85. 	// modifications.

  86. 	stack, _ := httpspec.NewStack("httpr") // second arg is an internal group that we don't need

  87. 	p.mproxy.SetRequestModifier(stack)

  88. 	p.mproxy.SetResponseModifier(stack)

  89. 

  90. 	// Make a group for logging requests and responses.

  91. 	logGroup := fifo.NewGroup()

  92. 	skipAuth := skipLoggingByHost("accounts.google.com")

  93. 	logGroup.AddRequestModifier(skipAuth)

  94. 	logGroup.AddResponseModifier(skipAuth)

  95. 	p.logger = har.NewLogger()

  96. 	logGroup.AddRequestModifier(martian.RequestModifierFunc(

  97. 		func(req *http.Request) error { return withRedactedHeaders(req, p.logger) }))

  98. 	logGroup.AddResponseModifier(p.logger)

  99. 

  100. 	stack.AddRequestModifier(logGroup)

  101. 	stack.AddResponseModifier(logGroup)

  102. 

  103. 	// Ordinary debug logging.

  104. 	logger := martianlog.NewLogger()

  105. 	logger.SetDecode(true)

  106. 	stack.AddRequestModifier(logger)

  107. 	stack.AddResponseModifier(logger)

  108. 

  109. 	if err := p.start(port); err != nil {

  110. 		return nil, err

  111. 	}

  112. 	return p, nil

  113. }

  114. 

  115. type hideTransport http.Transport

  116. 

  117. func (t *hideTransport) RoundTrip(req *http.Request) (*http.Response, error) {

  118. 	return (*http.Transport)(t).RoundTrip(req)

  119. }

  120. 

  121. func newProxy(filename string) (*Proxy, error) {

  122. 	mproxy := martian.NewProxy()

  123. 	// Set up a man-in-the-middle configuration with a CA certificate so the proxy can

  124. 	// participate in TLS.

  125. 	x509c, priv, err := mitm.NewAuthority("cloud.google.com/go/httpreplay", "HTTPReplay Authority", time.Hour)

  126. 	if err != nil {

  127. 		return nil, err

  128. 	}

  129. 	mc, err := mitm.NewConfig(x509c, priv)

  130. 	if err != nil {

  131. 		return nil, err

  132. 	}

  133. 	mc.SetValidity(time.Hour)

  134. 	mc.SetOrganization("cloud.google.com/go/httpreplay")

  135. 	mc.SkipTLSVerify(false)

  136. 	if err != nil {

  137. 		return nil, err

  138. 	}

  139. 	mproxy.SetMITM(mc)

  140. 	return &Proxy{

  141. 		mproxy:   mproxy,

  142. 		CACert:   x509c,

  143. 		filename: filename,

  144. 	}, nil

  145. }

  146. 

  147. func (p *Proxy) start(port int) error {

  148. 	l, err := net.Listen("tcp", fmt.Sprintf(":%d", port))

  149. 	if err != nil {

  150. 		return err

  151. 	}

  152. 	p.URL = &url.URL{Scheme: "http", Host: l.Addr().String()}

  153. 	go p.mproxy.Serve(l)

  154. 	return nil

  155. }

  156. 

  157. // Transport returns an http.Transport for clients who want to talk to the proxy.

  158. func (p *Proxy) Transport() *http.Transport {

  159. 	caCertPool := x509.NewCertPool()

  160. 	caCertPool.AddCert(p.CACert)

  161. 	return &http.Transport{

  162. 		TLSClientConfig: &tls.Config{RootCAs: caCertPool},

  163. 		Proxy:           func(*http.Request) (*url.URL, error) { return p.URL, nil },

  164. 	}

  165. }

  166. 

  167. // Close closes the proxy. If the proxy is recording, it also writes the log.

  168. func (p *Proxy) Close() error {

  169. 	p.mproxy.Close()

  170. 	if p.logger != nil {

  171. 		return p.writeLog()

  172. 	}

  173. 	return nil

  174. }

  175. 

  176. type httprFile struct {

  177. 	Initial []byte

  178. 	HAR     *har.HAR

  179. }

  180. 

  181. func (p *Proxy) writeLog() error {

  182. 	f := httprFile{

  183. 		Initial: p.Initial,

  184. 		HAR:     p.logger.ExportAndReset(),

  185. 	}

  186. 	bytes, err := json.MarshalIndent(f, "", "  ")

  187. 	if err != nil {

  188. 		return err

  189. 	}

  190. 	return ioutil.WriteFile(p.filename, bytes, 0600) // only accessible by owner

  191. }

  192. 

  193. // Headers that may contain sensitive data (auth tokens, keys).

  194. var sensitiveHeaders = []string{

  195. 	"Authorization",

  196. 	"X-Goog-Encryption-Key",             // used by Cloud Storage for customer-supplied encryption

  197. 	"X-Goog-Copy-Source-Encryption-Key", // ditto

  198. }

  199. 

  200. // withRedactedHeaders removes sensitive header contents before calling mod.

  201. func withRedactedHeaders(req *http.Request, mod martian.RequestModifier) error {

  202. 	// We have to change the headers, then log, then restore them.

  203. 	replaced := map[string]string{}

  204. 	for _, h := range sensitiveHeaders {

  205. 		if v := req.Header.Get(h); v != "" {

  206. 			replaced[h] = v

  207. 			req.Header.Set(h, "REDACTED")

  208. 		}

  209. 	}

  210. 	err := mod.ModifyRequest(req)

  211. 	for h, v := range replaced {

  212. 		req.Header.Set(h, v)

  213. 	}

  214. 	return err

  215. }

  216. 

  217. // skipLoggingByHost disables logging for traffic to a particular host.

  218. type skipLoggingByHost string

  219. 

  220. func (s skipLoggingByHost) ModifyRequest(req *http.Request) error {

  221. 	if strings.HasPrefix(req.Host, string(s)) {

  222. 		martian.NewContext(req).SkipLogging()

  223. 	}

  224. 	return nil

  225. }

  226. 

  227. func (s skipLoggingByHost) ModifyResponse(res *http.Response) error {

  228. 	return s.ModifyRequest(res.Request)

  229. }