Fix POST requests by using standard HTTP tunneling instead of unconditional Hijack
This commit is contained in:
Jose Luis Montañes Ojados
@@ -1,6 +1,7 @@
|
|||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"bufio"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"log"
|
"log"
|
||||||
@@ -91,9 +92,13 @@ func startHttpProxy(port string) {
|
|||||||
}
|
}
|
||||||
slug := parts[0]
|
slug := parts[0]
|
||||||
|
|
||||||
|
log.Printf("Request Host: %s, Extracted Slug: %s", host, slug)
|
||||||
|
|
||||||
tunnel, ok := manager.Get(slug)
|
tunnel, ok := manager.Get(slug)
|
||||||
if !ok {
|
if !ok {
|
||||||
|
log.Printf("Tunnel not found for slug: %s", slug)
|
||||||
// Serve 404 page
|
// Serve 404 page
|
||||||
|
w.WriteHeader(http.StatusNotFound)
|
||||||
http.ServeFile(w, r, "./cmd/server/static/404.html")
|
http.ServeFile(w, r, "./cmd/server/static/404.html")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@@ -125,21 +130,15 @@ func startHttpProxy(port string) {
|
|||||||
// But typically `gliderlabs/ssh` is for allowing the server to be a jump host.
|
// But typically `gliderlabs/ssh` is for allowing the server to be a jump host.
|
||||||
// We want to be an HTTP Gateway.
|
// We want to be an HTTP Gateway.
|
||||||
|
|
||||||
// 1. Hijack the connection to handle bidirectional traffic (WebSockets)
|
// Panic recovery
|
||||||
hijacker, ok := w.(http.Hijacker)
|
defer func() {
|
||||||
if !ok {
|
if r := recover(); r != nil {
|
||||||
http.Error(w, "Hijacking not supported", http.StatusInternalServerError)
|
log.Printf("Recovered from panic in handler: %v", r)
|
||||||
return
|
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
||||||
}
|
}
|
||||||
clientConn, bufrw, err := hijacker.Hijack()
|
}()
|
||||||
if err != nil {
|
|
||||||
http.Error(w, err.Error(), http.StatusServiceUnavailable)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
defer clientConn.Close()
|
|
||||||
|
|
||||||
// 2. Open channel to client
|
// 2. Open channel to client
|
||||||
// "forwarded-tcpip" arguments:
|
|
||||||
destHost := "0.0.0.0"
|
destHost := "0.0.0.0"
|
||||||
destPort := tunnel.LocalPort
|
destPort := tunnel.LocalPort
|
||||||
srcHost := "127.0.0.1"
|
srcHost := "127.0.0.1"
|
||||||
@@ -161,36 +160,82 @@ func startHttpProxy(port string) {
|
|||||||
defer ch.Close()
|
defer ch.Close()
|
||||||
go gossh.DiscardRequests(reqs)
|
go gossh.DiscardRequests(reqs)
|
||||||
|
|
||||||
var wg sync.WaitGroup
|
// Check if it is a WebSocket Upgrade
|
||||||
wg.Add(2)
|
isWebSocket := false
|
||||||
|
if strings.ToLower(r.Header.Get("Upgrade")) == "websocket" {
|
||||||
|
isWebSocket = true
|
||||||
|
}
|
||||||
|
|
||||||
// 3. Browser -> Backend (Write request + Copy raw stream)
|
if isWebSocket {
|
||||||
go func() {
|
// WEBSOCKET STRATEGY: Hijack and bidirectional copy
|
||||||
defer wg.Done()
|
hijacker, ok := w.(http.Hijacker)
|
||||||
// Write the initial request (Method, Path, Headers)
|
if !ok {
|
||||||
// This sets up the handshake or request.
|
http.Error(w, "Hijacking not supported", http.StatusInternalServerError)
|
||||||
// Note: We use r.Write to reconstruct the request line and headers.
|
|
||||||
// For WebSockets, the Body is empty, so this writes headers and returns.
|
|
||||||
// For POSTs, it writes headers and tries to copy Body.
|
|
||||||
if err := r.Write(ch); err != nil {
|
|
||||||
log.Printf("Error writing request to backend: %v", err)
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
// Important: Continue copying any subsequent data (like WebSocket frames)
|
clientConn, bufrw, err := hijacker.Hijack()
|
||||||
// from the hijacked buffer/connection to the channel.
|
if err != nil {
|
||||||
io.Copy(ch, bufrw)
|
http.Error(w, err.Error(), http.StatusServiceUnavailable)
|
||||||
// e.g. when browser closes or stops sending, we are done here.
|
return
|
||||||
}()
|
}
|
||||||
|
defer clientConn.Close()
|
||||||
|
|
||||||
// 4. Backend -> Browser (Copy raw stream)
|
// Reconstruct request line and headers to send to backend
|
||||||
go func() {
|
// We can use r.Write but it writes to the channel
|
||||||
defer wg.Done()
|
if err := r.Write(ch); err != nil {
|
||||||
io.Copy(clientConn, ch)
|
log.Printf("Error writing websocket request to backend: %v", err)
|
||||||
// When backend closes connection, close browser connection
|
return
|
||||||
clientConn.Close()
|
}
|
||||||
}()
|
|
||||||
|
|
||||||
wg.Wait()
|
var wg sync.WaitGroup
|
||||||
|
wg.Add(2)
|
||||||
|
|
||||||
|
// Copy existing buffer from hijack + future reads -> backend
|
||||||
|
go func() {
|
||||||
|
defer wg.Done()
|
||||||
|
if bufrw.Reader.Buffered() > 0 {
|
||||||
|
io.CopyN(ch, bufrw, int64(bufrw.Reader.Buffered()))
|
||||||
|
}
|
||||||
|
io.Copy(ch, clientConn)
|
||||||
|
}()
|
||||||
|
|
||||||
|
// Backend -> Browser
|
||||||
|
go func() {
|
||||||
|
defer wg.Done()
|
||||||
|
io.Copy(clientConn, ch)
|
||||||
|
}()
|
||||||
|
|
||||||
|
wg.Wait()
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// STANDARD HTTP STRATEGY: Request/Response Tunneling
|
||||||
|
// 1. Write Request to Channel (simulating wire)
|
||||||
|
if err := r.Write(ch); err != nil {
|
||||||
|
log.Printf("Error writing request to backend: %v", err)
|
||||||
|
http.Error(w, "Gateway Error", http.StatusBadGateway)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// 2. Read Response from Channel (parsing wire)
|
||||||
|
resp, err := http.ReadResponse(bufio.NewReader(ch), r)
|
||||||
|
if err != nil {
|
||||||
|
log.Printf("Error reading response from backend: %v", err)
|
||||||
|
http.Error(w, "Bad Gateway", http.StatusBadGateway)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
defer resp.Body.Close()
|
||||||
|
|
||||||
|
// 3. Copy Headers to `w`
|
||||||
|
for k, vv := range resp.Header {
|
||||||
|
for _, v := range vv {
|
||||||
|
w.Header().Add(k, v)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
w.WriteHeader(resp.StatusCode)
|
||||||
|
|
||||||
|
// 4. Copy Body to `w`
|
||||||
|
io.Copy(w, resp.Body)
|
||||||
|
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user