umgeher/cowboy
0
Fork 0
mirror of https://github.com/ninenines/cowboy.git synced 2025-07-14 12:20:24 +00:00
Code Issues Wiki Activity

Initial support for the PROXY protocol header

Browse source 
Depend on Ranch master for now since it isn't in any release yet.
This commit is contained in:
Loïc Hoguin 2018-10-30 23:30:05 +01:00
parent a002df4560
commit 122faedc25
No known key found for this signature in database
GPG key ID: 8A9DF795F6FED764
8 changed files with 321 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Makefile
View file

@ -16,7 +16,7 @@ LOCAL_DEPS = crypto
DEPS = cowlib ranch DEPS = cowlib ranch
dep_cowlib = git https://github.com/ninenines/cowlib master dep_cowlib = git https://github.com/ninenines/cowlib master
dep_ranch = git https://github.com/ninenines/ranch 1.6.2 dep_ranch = git https://github.com/ninenines/ranch master
DOC_DEPS = asciideck DOC_DEPS = asciideck

2
rebar.config
View file

@ -1,4 +1,4 @@
{deps, [ {deps, [
{cowlib,".*",{git,"https://github.com/ninenines/cowlib","master"}},{ranch,".*",{git,"https://github.com/ninenines/ranch","1.6.2"}} {cowlib,".*",{git,"https://github.com/ninenines/cowlib","master"}},{ranch,".*",{git,"https://github.com/ninenines/ranch","master"}}
]}. ]}.
{erl_opts, [debug_info,warn_export_vars,warn_shadow_vars,warn_obsolete_guard,warn_missing_spec,warn_untyped_record]}. {erl_opts, [debug_info,warn_export_vars,warn_shadow_vars,warn_obsolete_guard,warn_missing_spec,warn_untyped_record]}.

25
src/cowboy_clear.erl
View file

@ -16,22 +16,29 @@
-behavior(ranch_protocol). -behavior(ranch_protocol).
-export([start_link/4]). -export([start_link/4]).
-export([connection_process/5]). -export([connection_process/4]).
-spec start_link(ranch:ref(), inet:socket(), module(), cowboy:opts()) -> {ok, pid()}. -spec start_link(ranch:ref(), inet:socket(), module(), cowboy:opts()) -> {ok, pid()}.
start_link(Ref, Socket, Transport, Opts) -> start_link(Ref, _Socket, Transport, Opts) ->
Pid = proc_lib:spawn_link(?MODULE, connection_process, Pid = proc_lib:spawn_link(?MODULE, connection_process,
[self(), Ref, Socket, Transport, Opts]), [self(), Ref, Transport, Opts]),
{ok, Pid}. {ok, Pid}.
-spec connection_process(pid(), ranch:ref(), inet:socket(), module(), cowboy:opts()) -> ok. -spec connection_process(pid(), ranch:ref(), module(), cowboy:opts()) -> ok.
connection_process(Parent, Ref, Socket, Transport, Opts) -> connection_process(Parent, Ref, Transport, Opts) ->
ok = ranch:accept_ack(Ref), ProxyInfo = case maps:get(proxy_header, Opts, false) of
init(Parent, Ref, Socket, Transport, Opts, cowboy_http). true ->
{ok, ProxyInfo0} = ranch:recv_proxy_header(Ref, 1000),
ProxyInfo0;
false ->
undefined
end,
{ok, Socket} = ranch:handshake(Ref),
init(Parent, Ref, Socket, Transport, ProxyInfo, Opts, cowboy_http).
init(Parent, Ref, Socket, Transport, Opts, Protocol) -> init(Parent, Ref, Socket, Transport, ProxyInfo, Opts, Protocol) ->
_ = case maps:get(connection_type, Opts, supervisor) of _ = case maps:get(connection_type, Opts, supervisor) of
worker -> ok; worker -> ok;
supervisor -> process_flag(trap_exit, true) supervisor -> process_flag(trap_exit, true)
end, end,
Protocol:init(Parent, Ref, Socket, Transport, Opts). Protocol:init(Parent, Ref, Socket, Transport, ProxyInfo, Opts).

32
src/cowboy_http.erl
View file

@ -18,7 +18,7 @@
-compile({nowarn_deprecated_function, [{erlang, get_stacktrace, 0}]}). -compile({nowarn_deprecated_function, [{erlang, get_stacktrace, 0}]}).
-endif. -endif.
-export([init/5]). -export([init/6]).
-export([system_continue/3]). -export([system_continue/3]).
-export([system_terminate/4]). -export([system_terminate/4]).
@ -98,6 +98,7 @@
ref :: ranch:ref(), ref :: ranch:ref(),
socket :: inet:socket(), socket :: inet:socket(),
transport :: module(), transport :: module(),
proxy_header :: undefined | ranch_proxy_header:proxy_info(),
opts = #{} :: map(), opts = #{} :: map(),
%% Remote address and port for the connection. %% Remote address and port for the connection.
@ -137,8 +138,9 @@
-include_lib("cowlib/include/cow_inline.hrl"). -include_lib("cowlib/include/cow_inline.hrl").
-include_lib("cowlib/include/cow_parse.hrl"). -include_lib("cowlib/include/cow_parse.hrl").
-spec init(pid(), ranch:ref(), inet:socket(), module(), cowboy:opts()) -> ok. -spec init(pid(), ranch:ref(), inet:socket(), module(),
init(Parent, Ref, Socket, Transport, Opts) -> ranch_proxy_header:proxy_info(), cowboy:opts()) -> ok.
init(Parent, Ref, Socket, Transport, ProxyHeader, Opts) ->
Peer0 = Transport:peername(Socket), Peer0 = Transport:peername(Socket),
Sock0 = Transport:sockname(Socket), Sock0 = Transport:sockname(Socket),
Cert1 = case Transport:name() of Cert1 = case Transport:name() of
@ -157,7 +159,7 @@ init(Parent, Ref, Socket, Transport, Opts) ->
LastStreamID = maps:get(max_keepalive, Opts, 100), LastStreamID = maps:get(max_keepalive, Opts, 100),
before_loop(set_timeout(#state{ before_loop(set_timeout(#state{
parent=Parent, ref=Ref, socket=Socket, parent=Parent, ref=Ref, socket=Socket,
transport=Transport, opts=Opts, transport=Transport, proxy_header=ProxyHeader, opts=Opts,
peer=Peer, sock=Sock, cert=Cert, peer=Peer, sock=Sock, cert=Cert,
last_streamid=LastStreamID}), <<>>); last_streamid=LastStreamID}), <<>>);
{{error, Reason}, _, _} -> {{error, Reason}, _, _} ->
@ -655,7 +657,7 @@ default_port(_) -> 80.
%% End of request parsing. %% End of request parsing.
request(Buffer, State0=#state{ref=Ref, transport=Transport, peer=Peer, sock=Sock, cert=Cert, request(Buffer, State0=#state{ref=Ref, transport=Transport, peer=Peer, sock=Sock, cert=Cert,
in_streamid=StreamID, in_state= proxy_header=ProxyHeader, in_streamid=StreamID, in_state=
PS=#ps_header{method=Method, path=Path, qs=Qs, version=Version}}, PS=#ps_header{method=Method, path=Path, qs=Qs, version=Version}},
Headers0, Host, Port) -> Headers0, Host, Port) ->
Scheme = case Transport:secure() of Scheme = case Transport:secure() of
@ -691,7 +693,7 @@ request(Buffer, State0=#state{ref=Ref, transport=Transport, peer=Peer, sock=Sock
_ -> _ ->
{Headers0, false, 0, undefined, undefined} {Headers0, false, 0, undefined, undefined}
end, end,
Req = #{ Req0 = #{
ref => Ref, ref => Ref,
pid => self(), pid => self(),
streamid => StreamID, streamid => StreamID,
@ -711,6 +713,11 @@ request(Buffer, State0=#state{ref=Ref, transport=Transport, peer=Peer, sock=Sock
has_body => HasBody, has_body => HasBody,
body_length => BodyLength body_length => BodyLength
}, },
%% We add the PROXY header information if any.
Req = case ProxyHeader of
undefined -> Req0;
_ -> Req0#{proxy_header => ProxyHeader}
end,
case is_http2_upgrade(Headers, Version) of case is_http2_upgrade(Headers, Version) of
false -> false ->
State = case HasBody of State = case HasBody of
@ -754,12 +761,12 @@ is_http2_upgrade(_, _) ->
%% Prior knowledge upgrade, without an HTTP/1.1 request. %% Prior knowledge upgrade, without an HTTP/1.1 request.
http2_upgrade(State=#state{parent=Parent, ref=Ref, socket=Socket, transport=Transport, http2_upgrade(State=#state{parent=Parent, ref=Ref, socket=Socket, transport=Transport,
opts=Opts, peer=Peer, sock=Sock, cert=Cert}, Buffer) -> proxy_header=ProxyHeader, opts=Opts, peer=Peer, sock=Sock, cert=Cert}, Buffer) ->
case Transport:secure() of case Transport:secure() of
false -> false ->
_ = cancel_timeout(State), _ = cancel_timeout(State),
cowboy_http2:init(Parent, Ref, Socket, Transport, Opts, cowboy_http2:init(Parent, Ref, Socket, Transport,
Peer, Sock, Cert, Buffer); ProxyHeader, Opts, Peer, Sock, Cert, Buffer);
true -> true ->
error_terminate(400, State, {connection_error, protocol_error, error_terminate(400, State, {connection_error, protocol_error,
'Clients that support HTTP/2 over TLS MUST use ALPN. (RFC7540 3.4)'}) 'Clients that support HTTP/2 over TLS MUST use ALPN. (RFC7540 3.4)'})
@ -767,7 +774,8 @@ http2_upgrade(State=#state{parent=Parent, ref=Ref, socket=Socket, transport=Tran
%% Upgrade via an HTTP/1.1 request. %% Upgrade via an HTTP/1.1 request.
http2_upgrade(State=#state{parent=Parent, ref=Ref, socket=Socket, transport=Transport, http2_upgrade(State=#state{parent=Parent, ref=Ref, socket=Socket, transport=Transport,
opts=Opts, peer=Peer, sock=Sock, cert=Cert}, Buffer, HTTP2Settings, Req) -> proxy_header=ProxyHeader, opts=Opts, peer=Peer, sock=Sock, cert=Cert},
Buffer, HTTP2Settings, Req) ->
%% @todo %% @todo
%% However if the client sent a body, we need to read the body in full %% However if the client sent a body, we need to read the body in full
%% and if we can't do that, return a 413 response. Some options are in order. %% and if we can't do that, return a 413 response. Some options are in order.
@ -775,8 +783,8 @@ http2_upgrade(State=#state{parent=Parent, ref=Ref, socket=Socket, transport=Tran
try cow_http_hd:parse_http2_settings(HTTP2Settings) of try cow_http_hd:parse_http2_settings(HTTP2Settings) of
Settings -> Settings ->
_ = cancel_timeout(State), _ = cancel_timeout(State),
cowboy_http2:init(Parent, Ref, Socket, Transport, Opts, cowboy_http2:init(Parent, Ref, Socket, Transport,
Peer, Sock, Cert, Buffer, Settings, Req) ProxyHeader, Opts, Peer, Sock, Cert, Buffer, Settings, Req)
catch _:_ -> catch _:_ ->
error_terminate(400, State, {connection_error, protocol_error, error_terminate(400, State, {connection_error, protocol_error,
'The HTTP2-Settings header must contain a base64 SETTINGS payload. (RFC7540 3.2, RFC7540 3.2.1)'}) 'The HTTP2-Settings header must contain a base64 SETTINGS payload. (RFC7540 3.2, RFC7540 3.2.1)'})

43
src/cowboy_http2.erl
View file

@ -18,9 +18,9 @@
-compile({nowarn_deprecated_function, [{erlang, get_stacktrace, 0}]}). -compile({nowarn_deprecated_function, [{erlang, get_stacktrace, 0}]}).
-endif. -endif.
-export([init/5]). -export([init/6]).
-export([init/9]). -export([init/10]).
-export([init/11]). -export([init/12]).
-export([system_continue/3]). -export([system_continue/3]).
-export([system_terminate/4]). -export([system_terminate/4]).
@ -52,6 +52,7 @@
ref :: ranch:ref(), ref :: ranch:ref(),
socket = undefined :: inet:socket(), socket = undefined :: inet:socket(),
transport :: module(), transport :: module(),
proxy_header :: undefined | ranch_proxy_header:proxy_info(),
opts = #{} :: opts(), opts = #{} :: opts(),
%% Remote address and port for the connection. %% Remote address and port for the connection.
@ -76,8 +77,9 @@
children = cowboy_children:init() :: cowboy_children:children() children = cowboy_children:init() :: cowboy_children:children()
}). }).
-spec init(pid(), ranch:ref(), inet:socket(), module(), cowboy:opts()) -> ok. -spec init(pid(), ranch:ref(), inet:socket(), module(),
init(Parent, Ref, Socket, Transport, Opts) -> ranch_proxy_header:proxy_info(), cowboy:opts()) -> ok.
init(Parent, Ref, Socket, Transport, ProxyHeader, Opts) ->
Peer0 = Transport:peername(Socket), Peer0 = Transport:peername(Socket),
Sock0 = Transport:sockname(Socket), Sock0 = Transport:sockname(Socket),
Cert1 = case Transport:name() of Cert1 = case Transport:name() of
@ -93,7 +95,7 @@ init(Parent, Ref, Socket, Transport, Opts) ->
end, end,
case {Peer0, Sock0, Cert1} of case {Peer0, Sock0, Cert1} of
{{ok, Peer}, {ok, Sock}, {ok, Cert}} -> {{ok, Peer}, {ok, Sock}, {ok, Cert}} ->
init(Parent, Ref, Socket, Transport, Opts, Peer, Sock, Cert, <<>>); init(Parent, Ref, Socket, Transport, ProxyHeader, Opts, Peer, Sock, Cert, <<>>);
{{error, Reason}, _, _} -> {{error, Reason}, _, _} ->
terminate(undefined, {socket_error, Reason, terminate(undefined, {socket_error, Reason,
'A socket error occurred when retrieving the peer name.'}); 'A socket error occurred when retrieving the peer name.'});
@ -105,13 +107,15 @@ init(Parent, Ref, Socket, Transport, Opts) ->
'A socket error occurred when retrieving the client TLS certificate.'}) 'A socket error occurred when retrieving the client TLS certificate.'})
end. end.
-spec init(pid(), ranch:ref(), inet:socket(), module(), cowboy:opts(), -spec init(pid(), ranch:ref(), inet:socket(), module(),
ranch_proxy_header:proxy_info(), cowboy:opts(),
{inet:ip_address(), inet:port_number()}, {inet:ip_address(), inet:port_number()}, {inet:ip_address(), inet:port_number()}, {inet:ip_address(), inet:port_number()},
binary() | undefined, binary()) -> ok. binary() | undefined, binary()) -> ok.
init(Parent, Ref, Socket, Transport, Opts, Peer, Sock, Cert, Buffer) -> init(Parent, Ref, Socket, Transport, ProxyHeader, Opts, Peer, Sock, Cert, Buffer) ->
{ok, Preface, HTTP2Machine} = cow_http2_machine:init(server, Opts), {ok, Preface, HTTP2Machine} = cow_http2_machine:init(server, Opts),
State = #state{parent=Parent, ref=Ref, socket=Socket, State = #state{parent=Parent, ref=Ref, socket=Socket,
transport=Transport, opts=Opts, peer=Peer, sock=Sock, cert=Cert, transport=Transport, proxy_header=ProxyHeader,
opts=Opts, peer=Peer, sock=Sock, cert=Cert,
http2_init=sequence, http2_machine=HTTP2Machine}, http2_init=sequence, http2_machine=HTTP2Machine},
Transport:send(Socket, Preface), Transport:send(Socket, Preface),
case Buffer of case Buffer of
@ -120,16 +124,18 @@ init(Parent, Ref, Socket, Transport, Opts, Peer, Sock, Cert, Buffer) ->
end. end.
%% @todo Add an argument for the request body. %% @todo Add an argument for the request body.
-spec init(pid(), ranch:ref(), inet:socket(), module(), cowboy:opts(), -spec init(pid(), ranch:ref(), inet:socket(), module(),
ranch_proxy_header:proxy_info(), cowboy:opts(),
{inet:ip_address(), inet:port_number()}, {inet:ip_address(), inet:port_number()}, {inet:ip_address(), inet:port_number()}, {inet:ip_address(), inet:port_number()},
binary() | undefined, binary(), map() | undefined, cowboy_req:req()) -> ok. binary() | undefined, binary(), map() | undefined, cowboy_req:req()) -> ok.
init(Parent, Ref, Socket, Transport, Opts, Peer, Sock, Cert, Buffer, init(Parent, Ref, Socket, Transport, ProxyHeader, Opts, Peer, Sock, Cert, Buffer,
_Settings, Req=#{method := Method}) -> _Settings, Req=#{method := Method}) ->
{ok, Preface, HTTP2Machine0} = cow_http2_machine:init(server, Opts), {ok, Preface, HTTP2Machine0} = cow_http2_machine:init(server, Opts),
{ok, StreamID, HTTP2Machine} {ok, StreamID, HTTP2Machine}
= cow_http2_machine:init_upgrade_stream(Method, HTTP2Machine0), = cow_http2_machine:init_upgrade_stream(Method, HTTP2Machine0),
State0 = #state{parent=Parent, ref=Ref, socket=Socket, State0 = #state{parent=Parent, ref=Ref, socket=Socket,
transport=Transport, opts=Opts, peer=Peer, sock=Sock, cert=Cert, transport=Transport, proxy_header=ProxyHeader,
opts=Opts, peer=Peer, sock=Sock, cert=Cert,
http2_init=upgrade, http2_machine=HTTP2Machine}, http2_init=upgrade, http2_machine=HTTP2Machine},
State1 = headers_frame(State0#state{ State1 = headers_frame(State0#state{
http2_machine=HTTP2Machine}, StreamID, Req), http2_machine=HTTP2Machine}, StreamID, Req),
@ -285,7 +291,7 @@ headers_frame(State, StreamID, IsFin, Headers,
PseudoHeaders=#{method := <<"TRACE">>}, _) -> PseudoHeaders=#{method := <<"TRACE">>}, _) ->
early_error(State, StreamID, IsFin, Headers, PseudoHeaders, 501, early_error(State, StreamID, IsFin, Headers, PseudoHeaders, 501,
'The TRACE method is currently not implemented. (RFC7231 4.3.8)'); 'The TRACE method is currently not implemented. (RFC7231 4.3.8)');
headers_frame(State=#state{ref=Ref, peer=Peer, sock=Sock, cert=Cert}, headers_frame(State=#state{ref=Ref, peer=Peer, sock=Sock, cert=Cert, proxy_header=ProxyHeader},
StreamID, IsFin, Headers, PseudoHeaders=#{method := Method, scheme := Scheme, StreamID, IsFin, Headers, PseudoHeaders=#{method := Method, scheme := Scheme,
authority := Authority, path := PathWithQs}, BodyLen) -> authority := Authority, path := PathWithQs}, BodyLen) ->
try cow_http_hd:parse_host(Authority) of try cow_http_hd:parse_host(Authority) of
@ -314,12 +320,15 @@ headers_frame(State=#state{ref=Ref, peer=Peer, sock=Sock, cert=Cert},
has_body => IsFin =:= nofin, has_body => IsFin =:= nofin,
body_length => BodyLen body_length => BodyLen
}, },
%% We add the PROXY header information if any.
Req1 = case ProxyHeader of
undefined -> Req0;
_ -> Req0#{proxy_header => ProxyHeader}
end,
%% We add the protocol information for extended CONNECTs. %% We add the protocol information for extended CONNECTs.
Req = case PseudoHeaders of Req = case PseudoHeaders of
#{protocol := Protocol} -> #{protocol := Protocol} -> Req1#{protocol => Protocol};
Req0#{protocol => Protocol}; _ -> Req1
_ ->
Req0
end, end,
headers_frame(State, StreamID, Req) headers_frame(State, StreamID, Req)
catch _:_ -> catch _:_ ->

1
src/cowboy_req.erl
View file

@ -126,6 +126,7 @@
% pid := pid(), % pid := pid(),
% streamid := cowboy_stream:streamid(), % streamid := cowboy_stream:streamid(),
% peer := {inet:ip_address(), inet:port_number()}, % peer := {inet:ip_address(), inet:port_number()},
% proxy_header => ...
% %
% method := binary(), %% case sensitive % method := binary(), %% case sensitive
% version := cowboy:http_version() | atom(), % version := cowboy:http_version() | atom(),

17
src/cowboy_tls.erl
View file

@ -26,17 +26,24 @@ start_link(Ref, Socket, Transport, Opts) ->
-spec connection_process(pid(), ranch:ref(), ssl:sslsocket(), module(), cowboy:opts()) -> ok. -spec connection_process(pid(), ranch:ref(), ssl:sslsocket(), module(), cowboy:opts()) -> ok.
connection_process(Parent, Ref, Socket, Transport, Opts) -> connection_process(Parent, Ref, Socket, Transport, Opts) ->
ok = ranch:accept_ack(Ref), ProxyInfo = case maps:get(proxy_header, Opts, false) of
true ->
{ok, ProxyInfo0} = ranch:recv_proxy_header(Ref, 1000),
ProxyInfo0;
false ->
undefined
end,
{ok, Socket} = ranch:handshake(Ref),
case ssl:negotiated_protocol(Socket) of case ssl:negotiated_protocol(Socket) of
{ok, <<"h2">>} -> {ok, <<"h2">>} ->
init(Parent, Ref, Socket, Transport, Opts, cowboy_http2); init(Parent, Ref, Socket, Transport, ProxyInfo, Opts, cowboy_http2);
_ -> %% http/1.1 or no protocol negotiated. _ -> %% http/1.1 or no protocol negotiated.
init(Parent, Ref, Socket, Transport, Opts, cowboy_http) init(Parent, Ref, Socket, Transport, ProxyInfo, Opts, cowboy_http)
end. end.
init(Parent, Ref, Socket, Transport, Opts, Protocol) -> init(Parent, Ref, Socket, Transport, ProxyInfo, Opts, Protocol) ->
_ = case maps:get(connection_type, Opts, supervisor) of _ = case maps:get(connection_type, Opts, supervisor) of
worker -> ok; worker -> ok;
supervisor -> process_flag(trap_exit, true) supervisor -> process_flag(trap_exit, true)
end, end,
Protocol:init(Parent, Ref, Socket, Transport, Opts). Protocol:init(Parent, Ref, Socket, Transport, ProxyInfo, Opts).

244
test/proxy_header_SUITE.erl Normal file
View file

@ -0,0 +1,244 @@
%% Copyright (c) 2018, Loïc Hoguin <essen@ninenines.eu>
%%
%% Permission to use, copy, modify, and/or distribute this software for any
%% purpose with or without fee is hereby granted, provided that the above
%% copyright notice and this permission notice appear in all copies.
%%
%% THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
%% WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
%% MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
%% ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
%% WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
%% ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
%% OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-module(proxy_header_SUITE).
-compile(export_all).
-compile(nowarn_export_all).
-import(ct_helper, [config/2]).
-import(ct_helper, [doc/1]).
-import(cowboy_test, [raw_send/2]).
-import(cowboy_test, [raw_recv_head/1]).
-import(cowboy_test, [raw_recv/3]).
%% ct.
all() ->
[
{group, http},
{group, https},
{group, h2},
{group, h2c},
{group, h2c_upgrade}
].
groups() ->
Tests = ct_helper:all(?MODULE),
[{h2c_upgrade, [parallel], Tests}|cowboy_test:common_groups(Tests)].
init_per_group(Name=http, Config) ->
cowboy_test:init_http(Name, #{
env => #{dispatch => init_dispatch()},
proxy_header => true
}, Config);
init_per_group(Name=https, Config) ->
cowboy_test:init_https(Name, #{
env => #{dispatch => init_dispatch()},
proxy_header => true
}, Config);
init_per_group(Name=h2, Config) ->
cowboy_test:init_http2(Name, #{
env => #{dispatch => init_dispatch()},
proxy_header => true
}, Config);
init_per_group(Name=h2c, Config) ->
Config1 = cowboy_test:init_http(Name, #{
env => #{dispatch => init_dispatch()},
proxy_header => true
}, Config),
lists:keyreplace(protocol, 1, Config1, {protocol, http2});
init_per_group(Name=h2c_upgrade, Config) ->
Config1 = cowboy_test:init_http(h2c, #{
env => #{dispatch => init_dispatch()},
proxy_header => true
}, Config),
Config2 = lists:keyreplace(protocol, 1, Config1, {protocol, http2}),
lists:keyreplace(ref, 1, Config2, {ref, Name}).
end_per_group(Name, _) ->
cowboy:stop_listener(Name).
%% Routes.
init_dispatch() ->
cowboy_router:compile([{"[...]", [
{"/direct/:key/[...]", echo_h, []}
]}]).
%% Tests.
v1_proxy_header(Config) ->
doc("Confirm we can read the proxy header at the start of the connection."),
ProxyInfo = #{
version => 1,
command => proxy,
transport_family => ipv4,
transport_protocol => stream,
src_address => {127, 0, 0, 1},
src_port => 444,
dest_address => {192, 168, 0, 1},
dest_port => 443
},
do_proxy_header(Config, ProxyInfo).
v2_proxy_header(Config) ->
doc("Confirm we can read the proxy header at the start of the connection."),
ProxyInfo = #{
version => 2,
command => proxy,
transport_family => ipv4,
transport_protocol => stream,
src_address => {127, 0, 0, 1},
src_port => 444,
dest_address => {192, 168, 0, 1},
dest_port => 443
},
do_proxy_header(Config, ProxyInfo).
v2_local_header(Config) ->
doc("Confirm we can read the proxy header at the start of the connection."),
ProxyInfo = #{
version => 2,
command => local
},
do_proxy_header(Config, ProxyInfo).
do_proxy_header(Config, ProxyInfo) ->
case config(ref, Config) of
http -> do_proxy_header_http(Config, ProxyInfo);
https -> do_proxy_header_https(Config, ProxyInfo);
h2 -> do_proxy_header_h2(Config, ProxyInfo);
h2c -> do_proxy_header_h2c(Config, ProxyInfo);
h2c_upgrade -> do_proxy_header_h2c_upgrade(Config, ProxyInfo)
end.
do_proxy_header_http(Config, ProxyInfo) ->
{ok, Socket} = gen_tcp:connect("localhost", config(port, Config),
[binary, {active, false}, {packet, raw}]),
ok = gen_tcp:send(Socket, ranch_proxy_header:header(ProxyInfo)),
do_proxy_header_http_common({raw_client, Socket, gen_tcp}, ProxyInfo).
do_proxy_header_https(Config, ProxyInfo) ->
{ok, Socket0} = gen_tcp:connect("localhost", config(port, Config),
[binary, {active, false}, {packet, raw}]),
ok = gen_tcp:send(Socket0, ranch_proxy_header:header(ProxyInfo)),
{ok, Socket} = ssl:connect(Socket0, [], 1000),
do_proxy_header_http_common({raw_client, Socket, ssl}, ProxyInfo).
do_proxy_header_http_common(Client, ProxyInfo) ->
ok = raw_send(Client,
"GET /direct/proxy_header HTTP/1.1\r\n"
"Host: localhost\r\n"
"\r\n"),
{_, 200, _, Rest0} = cow_http:parse_status_line(raw_recv_head(Client)),
{Headers, Body0} = cow_http:parse_headers(Rest0),
{_, LenBin} = lists:keyfind(<<"content-length">>, 1, Headers),
Len = binary_to_integer(LenBin),
Body = if
byte_size(Body0) =:= Len -> Body0;
true ->
{ok, Body1} = raw_recv(Client, Len - byte_size(Body0), 5000),
<<Body0/bits, Body1/bits>>
end,
ProxyInfo = do_parse_term(Body),
ok.
do_proxy_header_h2(Config, ProxyInfo) ->
{ok, Socket0} = gen_tcp:connect("localhost", config(port, Config),
[binary, {active, false}, {packet, raw}]),
ok = gen_tcp:send(Socket0, ranch_proxy_header:header(ProxyInfo)),
{ok, Socket} = ssl:connect(Socket0, [{alpn_advertised_protocols, [<<"h2">>]}], 1000),
do_proxy_header_h2_common({raw_client, Socket, ssl}, ProxyInfo).
do_proxy_header_h2c(Config, ProxyInfo) ->
{ok, Socket} = gen_tcp:connect("localhost", config(port, Config),
[binary, {active, false}, {packet, raw}]),
ok = gen_tcp:send(Socket, ranch_proxy_header:header(ProxyInfo)),
do_proxy_header_h2_common({raw_client, Socket, gen_tcp}, ProxyInfo).
do_proxy_header_h2c_upgrade(Config, ProxyInfo) ->
{ok, Socket} = gen_tcp:connect("localhost", config(port, Config),
[binary, {active, false}, {packet, raw}]),
ok = gen_tcp:send(Socket, ranch_proxy_header:header(ProxyInfo)),
Client = {raw_client, Socket, gen_tcp},
ok = raw_send(Client, [
"GET /direct/proxy_header HTTP/1.1\r\n"
"Host: localhost\r\n"
"Connection: Upgrade, HTTP2-Settings\r\n"
"Upgrade: h2c\r\n"
"HTTP2-Settings: ", base64:encode(iolist_to_binary(cow_http2:settings_payload(#{}))), "\r\n"
"\r\n"]),
ok = do_recv_101(Client),
%% Receive the server preface.
{ok, <<PrefaceLen:24>>} = raw_recv(Client, 3, 1000),
{ok, <<4:8, 0:40, _:PrefaceLen/binary>>} = raw_recv(Client, 6 + PrefaceLen, 1000),
do_proxy_header_h2_response_common(Client, ProxyInfo),
ok.
do_proxy_header_h2_common(Client, ProxyInfo) ->
%% Send a valid preface.
ok = raw_send(Client, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:settings(#{})]),
%% Receive the server preface.
{ok, <<PrefaceLen:24>>} = raw_recv(Client, 3, 1000),
{ok, <<4:8, 0:40, _:PrefaceLen/binary>>} = raw_recv(Client, 6 + PrefaceLen, 1000),
%% Send the SETTINGS ack.
ok = raw_send(Client, cow_http2:settings_ack()),
%% Receive the SETTINGS ack.
{ok, <<0:24, 4:8, 1:8, 0:32>>} = raw_recv(Client, 9, 1000),
%% Send a GET request.
{HeadersBlock, _} = cow_hpack:encode([
{<<":method">>, <<"GET">>},
{<<":scheme">>, <<"http">>},
{<<":authority">>, <<"localhost">>}, %% @todo Correct port number.
{<<":path">>, <<"/direct/proxy_header">>}
]),
Len = iolist_size(HeadersBlock),
ok = raw_send(Client, [
<<Len:24, 1:8,
0:2, %% Undefined.
0:1, %% PRIORITY.
0:1, %% Undefined.
0:1, %% PADDED.
1:1, %% END_HEADERS.
0:1, %% Undefined.
1:1, %% END_STREAM.
0:1, 1:31>>,
HeadersBlock
]),
do_proxy_header_h2_response_common(Client, ProxyInfo).
do_proxy_header_h2_response_common(Client, ProxyInfo) ->
%% Receive a response with the proxy header data.
{ok, <<SkipLen:24, 1:8, _:8, 1:32>>} = raw_recv(Client, 9, 1000),
{ok, _} = raw_recv(Client, SkipLen, 1000),
{ok, <<BodyLen:24, 0:8, 1:8, 1:32>>} = raw_recv(Client, 9, 1000),
{ok, Body} = raw_recv(Client, BodyLen, 1000),
ProxyInfo = do_parse_term(Body),
ok.
do_parse_term(Body) ->
{ok, Tokens, _} = erl_scan:string(binary_to_list(Body) ++ "."),
{ok, Exprs} = erl_parse:parse_exprs(Tokens),
{value, Term, _} = erl_eval:exprs(Exprs, erl_eval:new_bindings()),
Term.
%% Match directly for now.
do_recv_101(Client) ->
{ok, <<
"HTTP/1.1 101 Switching Protocols\r\n"
"connection: Upgrade\r\n"
"upgrade: h2c\r\n"
"\r\n"
>>} = raw_recv(Client, 71, 1000),
ok.