forked/reqwest-impersonate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add support for SOCKS5 proxies, and parsing proxy authorizations from URLs

Browse Source
This commit is contained in:
Diggory Blake
2019-04-05 15:59:18 -07:00
committed by Sean McArthur
parent 871ec6f989
commit c45ff29bfb
8 changed files with 486 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

343
src/proxy.rs
View File

@@ -1,9 +1,12 @@
use std::fmt;
use std::sync::Arc;
#[cfg(feature = "socks")]
use std::net::{SocketAddr, ToSocketAddrs};
use http::{header::HeaderValue, Uri};
use hyper::client::connect::Destination;
use {into_url, IntoUrl, Url};
use url::percent_encoding::percent_decode;
use {IntoUrl, Url};
/// Configuration of a proxy that a `Client` should pass requests to.
///
@@ -31,13 +34,43 @@ use {into_url, IntoUrl, Url};
/// would prevent a `Proxy` later in the list from ever working, so take care.
#[derive(Clone, Debug)]
pub struct Proxy {
auth: Option<Auth>,
intercept: Intercept,
}
/// A particular scheme used for proxying requests.
///
/// For example, HTTP vs SOCKS5
#[derive(Clone, Debug)]
pub(crate) enum Auth {
Basic(HeaderValue),
pub enum ProxyScheme {
Http {
auth: Option<HeaderValue>,
uri: ::hyper::Uri,
},
#[cfg(feature = "socks")]
Socks5 {
addr: SocketAddr,
auth: Option<(String, String)>,
remote_dns: bool,
},
}
/// Trait used for converting into a proxy scheme. This trait supports
/// parsing from a URL-like type, whilst also supporting proxy schemes
/// built directly using the factory methods.
pub trait IntoProxyScheme {
fn into_proxy_scheme(self) -> ::Result<ProxyScheme>;
}
impl<T: IntoUrl> IntoProxyScheme for T {
fn into_proxy_scheme(self) -> ::Result<ProxyScheme> {
ProxyScheme::parse(self.into_url()?)
}
}
impl IntoProxyScheme for ProxyScheme {
fn into_proxy_scheme(self) -> ::Result<ProxyScheme> {
Ok(self)
}
}
impl Proxy {
@@ -55,9 +88,10 @@ impl Proxy {
/// # }
/// # fn main() {}
/// ```
pub fn http<U: IntoUrl>(url: U) -> ::Result<Proxy> {
let uri = ::into_url::expect_uri(&url.into_url()?);
Ok(Proxy::new(Intercept::Http(uri)))
pub fn http<U: IntoProxyScheme>(proxy_scheme: U) -> ::Result<Proxy> {
Ok(Proxy::new(Intercept::Http(
proxy_scheme.into_proxy_scheme()?
)))
}
/// Proxy all HTTPS traffic to the passed URL.
@@ -74,9 +108,10 @@ impl Proxy {
/// # }
/// # fn main() {}
/// ```
pub fn https<U: IntoUrl>(url: U) -> ::Result<Proxy> {
let uri = ::into_url::expect_uri(&url.into_url()?);
Ok(Proxy::new(Intercept::Https(uri)))
pub fn https<U: IntoProxyScheme>(proxy_scheme: U) -> ::Result<Proxy> {
Ok(Proxy::new(Intercept::Https(
proxy_scheme.into_proxy_scheme()?
)))
}
/// Proxy **all** traffic to the passed URL.
@@ -93,9 +128,10 @@ impl Proxy {
/// # }
/// # fn main() {}
/// ```
pub fn all<U: IntoUrl>(url: U) -> ::Result<Proxy> {
let uri = ::into_url::expect_uri(&url.into_url()?);
Ok(Proxy::new(Intercept::All(uri)))
pub fn all<U: IntoProxyScheme>(proxy_scheme: U) -> ::Result<Proxy> {
Ok(Proxy::new(Intercept::All(
proxy_scheme.into_proxy_scheme()?
)))
}
/// Provide a custom function to determine what traffix to proxy to where.
@@ -118,9 +154,14 @@ impl Proxy {
/// # Ok(())
/// # }
/// # fn main() {}
pub fn custom<F>(fun: F) -> Proxy
where F: Fn(&Url) -> Option<Url> + Send + Sync + 'static {
Proxy::new(Intercept::Custom(Custom(Arc::new(fun))))
pub fn custom<F, U: IntoProxyScheme>(fun: F) -> Proxy
where F: Fn(&Url) -> Option<U> + Send + Sync + 'static {
Proxy::new(Intercept::Custom(Custom {
auth: None,
func: Arc::new(move |url| {
fun(url).map(IntoProxyScheme::into_proxy_scheme)
}),
}))
}
/*
@@ -131,7 +172,6 @@ impl Proxy {
fn new(intercept: Intercept) -> Proxy {
Proxy {
auth: None,
intercept,
}
}
@@ -150,28 +190,36 @@ impl Proxy {
/// # fn main() {}
/// ```
pub fn basic_auth(mut self, username: &str, password: &str) -> Proxy {
self.auth = Some(Auth::basic(username, password));
self.intercept.set_basic_auth(username, password);
self
}
pub(crate) fn auth(&self) -> Option<&Auth> {
self.auth.as_ref()
}
pub(crate) fn maybe_has_http_auth(&self) -> bool {
match self.auth {
Some(Auth::Basic(_)) => match self.intercept {
Intercept::All(_) |
Intercept::Http(_) |
// Custom *may* match 'http', so assume so.
Intercept::Custom(_) => true,
Intercept::Https(_) => false,
},
None => false,
match self.intercept {
Intercept::All(ProxyScheme::Http { auth: Some(..), .. }) |
Intercept::Http(ProxyScheme::Http { auth: Some(..), .. }) |
// Custom *may* match 'http', so assume so.
Intercept::Custom(_) => true,
_ => false,
}
}
pub(crate) fn intercept<D: Dst>(&self, uri: &D) -> Option<::hyper::Uri> {
pub(crate) fn http_basic_auth<D: Dst>(&self, uri: &D) -> Option<HeaderValue> {
match self.intercept {
Intercept::All(ProxyScheme::Http { ref auth, .. }) |
Intercept::Http(ProxyScheme::Http { ref auth, .. }) => auth.clone(),
Intercept::Custom(ref custom) => {
custom.call(uri).and_then(|scheme| match scheme {
ProxyScheme::Http { auth, .. } => auth,
#[cfg(feature = "socks")]
_ => None,
})
}
_ => None,
}
}
pub(crate) fn intercept<D: Dst>(&self, uri: &D) -> Option<ProxyScheme> {
match self.intercept {
Intercept::All(ref u) => Some(u.clone()),
Intercept::Http(ref u) => {
@@ -188,20 +236,7 @@ impl Proxy {
None
}
},
Intercept::Custom(ref fun) => {
(fun.0)(
&format!(
"{}://{}{}{}",
uri.scheme(),
uri.host(),
uri.port().map(|_| ":").unwrap_or(""),
uri.port().map(|p| p.to_string()).unwrap_or(String::new())
)
.parse()
.expect("should be valid Url")
)
.map(|u| into_url::expect_uri(&u) )
},
Intercept::Custom(ref custom) => custom.call(uri),
}
}
@@ -214,33 +249,169 @@ impl Proxy {
Intercept::Https(_) => {
uri.scheme() == "https"
},
Intercept::Custom(ref fun) => {
(fun.0)(
&format!(
"{}://{}{}{}",
uri.scheme(),
uri.host(),
uri.port().map(|_| ":").unwrap_or(""),
uri.port().map(|p| p.to_string()).unwrap_or(String::new())
)
.parse()
.expect("should be valid Url")
).is_some()
},
Intercept::Custom(ref custom) => custom.call(uri).is_some(),
}
}
}
impl ProxyScheme {
// To start conservative, keep builders private for now.
/// Proxy traffic via the specified URL over HTTP
fn http<T: IntoUrl>(url: T) -> ::Result<Self> {
Ok(ProxyScheme::Http {
auth: None,
uri: ::into_url::expect_uri(&url.into_url()?),
})
}
/// Proxy traffic via the specified socket address over SOCKS5
///
/// # Note
///
/// Current SOCKS5 support is provided via blocking IO.
#[cfg(feature = "socks")]
fn socks5(addr: SocketAddr) -> ::Result<Self> {
Ok(ProxyScheme::Socks5 {
addr,
auth: None,
remote_dns: false,
})
}
/// Proxy traffic via the specified socket address over SOCKS5H
///
/// This differs from SOCKS5 in that DNS resolution is also performed via the proxy.
///
/// # Note
///
/// Current SOCKS5 support is provided via blocking IO.
#[cfg(feature = "socks")]
fn socks5h(addr: SocketAddr) -> ::Result<Self> {
Ok(ProxyScheme::Socks5 {
addr,
auth: None,
remote_dns: true,
})
}
/// Use a username and password when connecting to the proxy server
fn with_basic_auth<T: Into<String>, U: Into<String>>(mut self, username: T, password: U) -> Self {
self.set_basic_auth(username, password);
self
}
fn set_basic_auth<T: Into<String>, U: Into<String>>(&mut self, username: T, password: U) {
match *self {
ProxyScheme::Http { ref mut auth, .. } => {
let header = encode_basic_auth(&username.into(), &password.into());
*auth = Some(header);
},
#[cfg(feature = "socks")]
ProxyScheme::Socks5 { ref mut auth, .. } => {
*auth = Some((username.into(), password.into()));
}
}
}
/// Convert a URL into a proxy scheme
///
/// Supported schemes: HTTP, HTTPS, (SOCKS5, SOCKS5H if `socks` feature is enabled).
// Private for now...
fn parse(url: Url) -> ::Result<Self> {
// Resolve URL to a host and port
#[cfg(feature = "socks")]
let to_addr = || {
let host_and_port = try_!(url.with_default_port(|url| match url.scheme() {
"socks5" | "socks5h" => Ok(1080),
_ => Err(())
}));
let mut addr = try_!(host_and_port.to_socket_addrs());
addr
.next()
.ok_or_else(::error::unknown_proxy_scheme)
};
let mut scheme = match url.scheme() {
"http" | "https" => Self::http(url.clone())?,
#[cfg(feature = "socks")]
"socks5" => Self::socks5(to_addr()?)?,
#[cfg(feature = "socks")]
"socks5h" => Self::socks5h(to_addr()?)?,
_ => return Err(::error::unknown_proxy_scheme())
};
if let Some(pwd) = url.password() {
let decoded_username = percent_decode(url.username().as_bytes()).decode_utf8_lossy();
let decoded_password = percent_decode(pwd.as_bytes()).decode_utf8_lossy();
scheme = scheme.with_basic_auth(decoded_username, decoded_password);
}
Ok(scheme)
}
}
#[derive(Clone, Debug)]
enum Intercept {
All(::hyper::Uri),
Http(::hyper::Uri),
Https(::hyper::Uri),
All(ProxyScheme),
Http(ProxyScheme),
Https(ProxyScheme),
Custom(Custom),
}
impl Intercept {
fn set_basic_auth(&mut self, username: &str, password: &str) {
match self {
Intercept::All(ref mut s) |
Intercept::Http(ref mut s) |
Intercept::Https(ref mut s) => s.set_basic_auth(username, password),
Intercept::Custom(ref mut custom) => {
let header = encode_basic_auth(username, password);
custom.auth = Some(header);
}
}
}
}
#[derive(Clone)]
struct Custom(Arc<Fn(&Url) -> Option<Url> + Send + Sync + 'static>);
struct Custom {
// This auth only applies if the returned ProxyScheme doesn't have an auth...
auth: Option<HeaderValue>,
func: Arc<Fn(&Url) -> Option<::Result<ProxyScheme>> + Send + Sync + 'static>,
}
impl Custom {
fn call<D: Dst>(&self, uri: &D) -> Option<ProxyScheme> {
let url = format!(
"{}://{}{}{}",
uri.scheme(),
uri.host(),
uri.port().map(|_| ":").unwrap_or(""),
uri.port().map(|p| p.to_string()).unwrap_or(String::new())
)
.parse()
.expect("should be valid Url");
(self.func)(&url)
.and_then(|result| result.ok())
.map(|scheme| match scheme {
ProxyScheme::Http { auth, uri } => {
if auth.is_some() {
ProxyScheme::Http { auth, uri }
} else {
ProxyScheme::Http {
auth: self.auth.clone(),
uri,
}
}
},
#[cfg(feature = "socks")]
socks => socks,
})
}
}
impl fmt::Debug for Custom {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
@@ -248,6 +419,15 @@ impl fmt::Debug for Custom {
}
}
pub(crate) fn encode_basic_auth(username: &str, password: &str) -> HeaderValue {
let val = format!("{}:{}", username, password);
let mut header = format!("Basic {}", base64::encode(&val))
.parse::<HeaderValue>()
.expect("base64 is always valid HeaderValue");
header.set_sensitive(true);
header
}
/// A helper trait to allow testing `Proxy::intercept` without having to
/// construct `hyper::client::connect::Destination`s.
pub(crate) trait Dst {
@@ -289,17 +469,6 @@ impl Dst for Uri {
}
}
impl Auth {
pub(crate) fn basic(username: &str, password: &str) -> Auth {
let val = format!("{}:{}", username, password);
let mut header = format!("Basic {}", base64::encode(&val))
.parse::<HeaderValue>()
.expect("base64 is always valid HeaderValue");
header.set_sensitive(true);
Auth::Basic(header)
}
}
#[cfg(test)]
mod tests {
use super::*;
@@ -323,6 +492,15 @@ mod tests {
s.parse().unwrap()
}
fn intercepted_uri(p: &Proxy, s: &str) -> Uri {
match p.intercept(&url(s)).unwrap() {
ProxyScheme::Http { uri, .. } => uri,
#[cfg(feature = "socks")]
_ => panic!("intercepted as socks"),
}
}
#[test]
fn test_http() {
let target = "http://example.domain/";
@@ -331,7 +509,7 @@ mod tests {
let http = "http://hyper.rs";
let other = "https://hyper.rs";
assert_eq!(p.intercept(&url(http)).unwrap(), target);
assert_eq!(intercepted_uri(&p, http), target);
assert!(p.intercept(&url(other)).is_none());
}
@@ -344,7 +522,7 @@ mod tests {
let other = "https://hyper.rs";
assert!(p.intercept(&url(http)).is_none());
assert_eq!(p.intercept(&url(other)).unwrap(), target);
assert_eq!(intercepted_uri(&p, other), target);
}
#[test]
@@ -356,9 +534,9 @@ mod tests {
let https = "https://hyper.rs";
let other = "x-youve-never-heard-of-me-mr-proxy://hyper.rs";
assert_eq!(p.intercept(&url(http)).unwrap(), target);
assert_eq!(p.intercept(&url(https)).unwrap(), target);
assert_eq!(p.intercept(&url(other)).unwrap(), target);
assert_eq!(intercepted_uri(&p, http), target);
assert_eq!(intercepted_uri(&p, https), target);
assert_eq!(intercepted_uri(&p, other), target);
}
@@ -372,7 +550,7 @@ mod tests {
} else if url.scheme() == "http" {
target2.parse().ok()
} else {
None
None::<Url>
}
});
@@ -380,9 +558,8 @@ mod tests {
let https = "https://hyper.rs";
let other = "x-youve-never-heard-of-me-mr-proxy://seanmonstar.com";
assert_eq!(p.intercept(&url(http)).unwrap(), target2);
assert_eq!(p.intercept(&url(https)).unwrap(), target1);
assert_eq!(intercepted_uri(&p, http), target2);
assert_eq!(intercepted_uri(&p, https), target1);
assert!(p.intercept(&url(other)).is_none());
}
}