oauth2_proxy/websocket_reverse_proxy.go at master · vkorn/oauth2_proxy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
package main

import (
	"bufio"
	"io"
	"log"
	"net"
	"net/http"
	"net/http/httputil"
	"net/url"
	"strings"
	"sync"
)

type WebsocketReverseProxy struct {
	*httputil.ReverseProxy
	Upstream string
}

func NewWebsocketReverseProxy(target *url.URL) *WebsocketReverseProxy {
	proxy := httputil.NewSingleHostReverseProxy(target)
	return &WebsocketReverseProxy{ReverseProxy: proxy, Upstream: target.Host}
}

func (p *WebsocketReverseProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
	if websocketUpgradeRequest(req) {
		p.hijackWebsocket(rw, req)
	} else {
		p.ReverseProxy.ServeHTTP(rw, req)
	}
}

func (p *WebsocketReverseProxy) hijackWebsocket(rw http.ResponseWriter, req *http.Request) {
	highjacker, ok := rw.(http.Hijacker)

	if !ok {
		http.Error(rw, "webserver doesn't support hijacking", http.StatusInternalServerError)
		return
	}

	conn, bufrw, err := highjacker.Hijack()
	defer conn.Close()

	conn2, err := net.Dial("tcp", p.Upstream)
	if err != nil {
		log.Printf("couldn't connect to backend websocket server: %v", err)
		http.Error(rw, "couldn't connect to backend server", http.StatusServiceUnavailable)
		return
	}
	defer conn2.Close()

	err = req.Write(conn2)
	if err != nil {
		log.Printf("writing WebSocket request to backend server failed: %v", err)
		return
	}

	bufferedBidirCopy(conn, bufrw, conn2, bufio.NewReadWriter(bufio.NewReader(conn2), bufio.NewWriter(conn2)))
}

func websocketUpgradeRequest(req *http.Request) bool {
	connection_headers, ok := req.Header["Connection"]
	if !ok || len(connection_headers) <= 0 {
		return false
	}

	connection_header := connection_headers[0]
	if strings.ToLower(connection_header) != "upgrade" {
		return false
	}

	upgrade_headers, ok := req.Header["Upgrade"]
	if !ok || len(upgrade_headers) <= 0 {
		return false
	}

	return strings.ToLower(upgrade_headers[0]) == "websocket"
}

func bufferedCopy(dest *bufio.ReadWriter, src *bufio.ReadWriter) {
	buf := make([]byte, 40*1024)
	for {
		n, err := src.Read(buf)
		if err != nil && err != io.EOF {
			log.Printf("Upstream read failed: %v", err)
			return
		}
		if n == 0 {
			return
		}
		n, err = dest.Write(buf[0:n])
		if err != nil && err != io.EOF {
			log.Printf("Downstream write failed: %v", err)
			return
		}

		err = dest.Flush()
		if err != nil {
			log.Printf("Downstream write flush failed: %v", err)
			return
		}
	}
}

func bufferedBidirCopy(conn1 io.ReadWriteCloser, rw1 *bufio.ReadWriter, conn2 io.ReadWriteCloser, rw2 *bufio.ReadWriter) {
	wg := sync.WaitGroup{}

	copier := func(wg *sync.WaitGroup, rw1 *bufio.ReadWriter, rw2 *bufio.ReadWriter) {
		defer wg.Done()
		bufferedCopy(rw2, rw1)
	}

	wg.Add(2)
	go copier(&wg, rw1, rw2)
	go copier(&wg, rw2, rw1)
	wg.Wait()
}