shaytan/drip
1
0
Fork 0
mirror of https://github.com/Gouryella/drip.git synced 2026-02-23 21:00:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(proxy): Removes support for the HTTP CONNECT method.

Browse Source 
In the ServeHTTP processing logic, CONNECT requests are no longer processed, and a 405 status code is returned when such a request is received.
The method was flagged as not allowed. The original handleConnect implementation code was also removed.
This commit is contained in:
Gouryella
2025-12-19 10:26:38 +08:00
parent 1c733de303
commit e5aaf150e3
1 changed files with 5 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
internal/server/proxy/handler.go
View File

@@ -39,11 +39,6 @@ func NewHandler(manager *tunnel.Manager, logger *zap.Logger, domain string, auth
}
func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if r.Method == http.MethodConnect {
h.handleConnect(w, r)
return
}
if r.URL.Path == "/health" {
h.serveHealth(w, r)
return
@@ -75,6 +70,11 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
return
}
if r.Method == http.MethodConnect {
http.Error(w, "CONNECT not supported for HTTP tunnels", http.StatusMethodNotAllowed)
return
}
if httputil.IsWebSocketUpgrade(r) {
h.handleWebSocket(w, r, tconn)
return
@@ -386,66 +386,3 @@ func (h *Handler) serveStats(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Length", fmt.Sprintf("%d", len(data)))
w.Write(data)
}
func (h *Handler) handleConnect(w http.ResponseWriter, r *http.Request) {
targetAddr := r.Host
if targetAddr == "" {
targetAddr = r.URL.Host
}
if targetAddr == "" {
http.Error(w, "Bad Request: missing target host", http.StatusBadRequest)
return
}
if !strings.Contains(targetAddr, ":") {
targetAddr = targetAddr + ":443"
}
h.logger.Info("CONNECT proxy request",
zap.String("target", targetAddr),
zap.String("remote", r.RemoteAddr),
)
targetConn, err := net.DialTimeout("tcp", targetAddr, 10*time.Second)
if err != nil {
h.logger.Warn("Failed to connect to target",
zap.String("target", targetAddr),
zap.Error(err),
)
http.Error(w, "Bad Gateway: failed to connect to target", http.StatusBadGateway)
return
}
hj, ok := w.(http.Hijacker)
if !ok {
targetConn.Close()
http.Error(w, "Hijacking not supported", http.StatusInternalServerError)
return
}
clientConn, _, err := hj.Hijack()
if err != nil {
targetConn.Close()
http.Error(w, "Failed to hijack connection", http.StatusInternalServerError)
return
}
_, err = clientConn.Write([]byte("HTTP/1.1 200 Connection Established\r\n\r\n"))
if err != nil {
clientConn.Close()
targetConn.Close()
return
}
go func() {
defer targetConn.Close()
defer clientConn.Close()
_, _ = io.Copy(targetConn, clientConn)
}()
go func() {
defer targetConn.Close()
defer clientConn.Close()
_, _ = io.Copy(clientConn, targetConn)
}()
}