mirror
/
socks-to-http-proxy
mirror of https://github.com/KaranGauswami/socks-to-http-proxy
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

remove no_httpauth flag from cli and some cleanup (#23) 

Signed-off-by: KaranGauswami <[email protected]>
pull/26/head
Karan Gauswami 10 months ago
committed by GitHub
parent
e4973cfffa
commit
c7d0c8f5ed
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
2 changed files with 43 additions and 41 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      README.md
  2. 83
      src/main.rs

1
README.md
View File

@ -40,7 +40,6 @@ Options:
-u, --username <USERNAME> Socks5 username -u, --username <USERNAME> Socks5 username
-P, --password <PASSWORD> Socks5 password -P, --password <PASSWORD> Socks5 password
--http-basic <USER:PASSWD> HTTP Basic Auth --http-basic <USER:PASSWD> HTTP Basic Auth
--no-httpauth <1/0> Ignore HTTP Basic Auth, [default: 1]
-s, --socks-address <SOCKS_ADDRESS> Socks5 proxy address [default: 127.0.0.1:1080] -s, --socks-address <SOCKS_ADDRESS> Socks5 proxy address [default: 127.0.0.1:1080]
--allowed-domains <ALLOWED_DOMAINS> Comma-separated list of allowed domains --allowed-domains <ALLOWED_DOMAINS> Comma-separated list of allowed domains
-h, --help Print help information -h, --help Print help information

83
src/main.rs
View File

@ -1,7 +1,7 @@
mod auth; mod auth;
use crate::auth::Auth; use crate::auth::Auth;
use clap::{Args, Parser, value_parser}; use clap::{Args, Parser};
use color_eyre::eyre::Result; use color_eyre::eyre::Result;
use tokio_socks::tcp::Socks5Stream; use tokio_socks::tcp::Socks5Stream;
@ -10,16 +10,16 @@ use tracing_subscriber::EnvFilter;
use std::net::{Ipv4Addr, SocketAddr}; use std::net::{Ipv4Addr, SocketAddr};
use base64::engine::general_purpose;
use base64::Engine;
use bytes::Bytes; use bytes::Bytes;
use http_body_util::{combinators::BoxBody, BodyExt, Empty, Full}; use http_body_util::{combinators::BoxBody, BodyExt, Empty, Full};
use hyper::client::conn::http1::Builder; use hyper::client::conn::http1::Builder;
use hyper::header::{HeaderValue, PROXY_AUTHENTICATE};
use hyper::server::conn::http1; use hyper::server::conn::http1;
use hyper::service::service_fn; use hyper::service::service_fn;
use hyper::upgrade::Upgraded; use hyper::upgrade::Upgraded;
use hyper::{Method, Request, Response}; use hyper::{Method, Request, Response};
use hyper::header::{HeaderValue, PROXY_AUTHENTICATE};
use base64::engine::general_purpose;
use base64::Engine;
use hyper_util::rt::TokioIo; use hyper_util::rt::TokioIo;
use tokio::net::TcpListener; use tokio::net::TcpListener;
@ -60,10 +60,6 @@ struct Cli {
/// HTTP Basic Auth credentials in the format "user:passwd" /// HTTP Basic Auth credentials in the format "user:passwd"
#[arg(long)] #[arg(long)]
http_basic: Option<String>, http_basic: Option<String>,
/// Disable HTTP authentication [default: 1]
#[arg(long, value_parser = value_parser ! (u8).range(0..=1), default_value_t = 1)]
no_httpauth: u8,
} }
#[tokio::main] #[tokio::main]
@ -83,18 +79,30 @@ async fn main() -> Result<()> {
let addr = SocketAddr::from((args.listen_ip, port)); let addr = SocketAddr::from((args.listen_ip, port));
let allowed_domains = args.allowed_domains; let allowed_domains = args.allowed_domains;
let allowed_domains = &*Box::leak(Box::new(allowed_domains)); let allowed_domains = &*Box::leak(Box::new(allowed_domains));
let http_basic = args.http_basic.map(|hb| format!("Basic {}", general_purpose::STANDARD.encode(hb))); let http_basic = args
.http_basic
.map(|hb| format!("Basic {}", general_purpose::STANDARD.encode(hb)))
.map(|hb| HeaderValue::from_str(&hb))
.transpose()?;
let http_basic = &*Box::leak(Box::new(http_basic)); let http_basic = &*Box::leak(Box::new(http_basic));
let no_httpauth = args.no_httpauth == 1;
let listener = TcpListener::bind(addr).await?; let listener = TcpListener::bind(addr).await?;
info!("Listening on http://{}", addr); info!("Listening on http://{}", addr);
loop { loop {
let (stream, _) = listener.accept().await?; let (stream, client_addr) = listener.accept().await?;
let io = TokioIo::new(stream); let io = TokioIo::new(stream);
let serve_connection = service_fn(move |req| proxy(req, socks_addr, auth, &http_basic, allowed_domains, no_httpauth)); let serve_connection = service_fn(move |req| {
proxy(
req,
client_addr,
socks_addr,
auth,
http_basic,
allowed_domains,
)
});
tokio::task::spawn(async move { tokio::task::spawn(async move {
if let Err(err) = http1::Builder::new() if let Err(err) = http1::Builder::new()
@ -112,44 +120,39 @@ async fn main() -> Result<()> {
async fn proxy( async fn proxy(
req: Request<hyper::body::Incoming>, req: Request<hyper::body::Incoming>,
client_addr: SocketAddr,
socks_addr: SocketAddr, socks_addr: SocketAddr,
auth: &'static Option<Auth>, auth: &'static Option<Auth>,
http_basic: &Option<String>, basic_http_header: &Option<HeaderValue>,
allowed_domains: &Option<Vec<String>>, allowed_domains: &Option<Vec<String>>,
no_httpauth: bool,
) -> Result<Response<BoxBody<Bytes, hyper::Error>>, hyper::Error> { ) -> Result<Response<BoxBody<Bytes, hyper::Error>>, hyper::Error> {
let mut http_authed = false; let mut authenticated = false;
let hm = req.headers(); let hm = req.headers();
if no_httpauth { if let Some(basic_http_header) = basic_http_header {
http_authed = true; let Some(http_auth) = hm.get("proxy-authorization") else {
} else if hm.contains_key("proxy-authorization") { // When the request does not contain a Proxy-Authorization header,
let config_auth = match http_basic { // send a 407 response code and a Proxy-Authenticate header
Some(value) => value.clone(), let mut response = Response::new(full("Proxy Authentication Required"));
None => String::new(), *response.status_mut() = http::StatusCode::PROXY_AUTHENTICATION_REQUIRED;
response.headers_mut().insert(
PROXY_AUTHENTICATE,
HeaderValue::from_static("Basic realm=\"proxy\""),
);
return Ok(response);
}; };
let http_auth = hm.get("proxy-authorization").unwrap(); if http_auth == basic_http_header {
if http_auth == &HeaderValue::from_str(&config_auth).unwrap() { authenticated = true;
http_authed = true;
} }
} else { } else {
// When the request does not contain a Proxy-Authorization header, authenticated = true;
// send a 407 response code and a Proxy-Authenticate header
let mut response = Response::new(full("Proxy authentication required"));
*response.status_mut() = http::StatusCode::PROXY_AUTHENTICATION_REQUIRED;
response.headers_mut().insert(
PROXY_AUTHENTICATE,
HeaderValue::from_static("Basic realm=\"proxy\""),
);
return Ok(response);
} }
if !http_authed { if !authenticated {
warn!("Failed to authenticate: {:?}", hm); warn!("Failed auth attempt from: {}", client_addr);
let mut resp = Response::new(full( // http response code reference taken from tinyproxy
"Authorization failed, you are not allowed through the proxy.", let mut resp = Response::new(full("Unauthorized"));
)); *resp.status_mut() = http::StatusCode::UNAUTHORIZED;
*resp.status_mut() = http::StatusCode::FORBIDDEN;
return Ok(resp); return Ok(resp);
} }
@ -194,7 +197,7 @@ async fn proxy(
} else { } else {
let host = req.uri().host().expect("uri has no host"); let host = req.uri().host().expect("uri has no host");
let port = req.uri().port_u16().unwrap_or(80); let port = req.uri().port_u16().unwrap_or(80);
let addr = format!("{}:{}", host, port); let addr = (host, port);
let stream = match auth { let stream = match auth {
Some(auth) => Socks5Stream::connect_with_password( Some(auth) => Socks5Stream::connect_with_password(

Write Preview
Loading…
Cancel
Save