TUN-3617: Separate service from client, and implement different client for http vs. tcp origins

- extracted ResponseWriter from proxyConnection - added bastion tests over websocket - removed HTTPResp() - added some docstrings - Renamed some ingress clients as proxies - renamed instances of client to proxy in connection and origin - Stream no longer takes a context and logger.Service
2025-07-27 20:09:58 +00:00 · 2020-12-09 21:46:53 +00:00
parent 5e2b43adb5
commit e2262085e5
23 changed files with 839 additions and 354 deletions
--- a/ingress/origin_proxy.go
+++ b/ingress/origin_proxy.go
@@ -0,0 +1,100 @@
+package ingress
+
+import (
+	"fmt"
+	"io"
+	"net"
+	"net/http"
+	"net/url"
+	"strings"
+
+	"github.com/cloudflare/cloudflared/h2mux"
+)
+
+// HTTPOriginProxy can be implemented by origin services that want to proxy http requests.
+type HTTPOriginProxy interface {
+	// RoundTrip is how cloudflared proxies eyeball requests to the actual origin services
+	http.RoundTripper
+}
+
+// StreamBasedOriginProxy can be implemented by origin services that want to proxy at the L4 level.
+type StreamBasedOriginProxy interface {
+	EstablishConnection(r *http.Request) (OriginConnection, error)
+}
+
+func (o *unixSocketPath) RoundTrip(req *http.Request) (*http.Response, error) {
+	return o.transport.RoundTrip(req)
+}
+
+// TODO: TUN-3636: establish connection to origins over UDS
+func (*unixSocketPath) EstablishConnection(r *http.Request) (OriginConnection, error) {
+	return nil, fmt.Errorf("Unix socket service currently doesn't support proxying connections")
+}
+
+func (o *httpService) RoundTrip(req *http.Request) (*http.Response, error) {
+	// Rewrite the request URL so that it goes to the origin service.
+	req.URL.Host = o.url.Host
+	req.URL.Scheme = o.url.Scheme
+	return o.transport.RoundTrip(req)
+}
+
+func (o *helloWorld) RoundTrip(req *http.Request) (*http.Response, error) {
+	// Rewrite the request URL so that it goes to the Hello World server.
+	req.URL.Host = o.server.Addr().String()
+	req.URL.Scheme = "https"
+	return o.transport.RoundTrip(req)
+}
+
+func (o *helloWorld) EstablishConnection(req *http.Request) (OriginConnection, error) {
+	req.URL.Host = o.server.Addr().String()
+	req.URL.Scheme = "wss"
+	return newWSConnection(o.transport, req)
+}
+
+func (o *statusCode) RoundTrip(_ *http.Request) (*http.Response, error) {
+	return o.resp, nil
+}
+
+func (o *bridgeService) EstablishConnection(r *http.Request) (OriginConnection, error) {
+	dest, err := o.destination(r)
+	if err != nil {
+		return nil, err
+	}
+	return o.client.connect(r, dest)
+}
+
+func (o *bridgeService) destination(r *http.Request) (string, error) {
+	jumpDestination := r.Header.Get(h2mux.CFJumpDestinationHeader)
+	if jumpDestination == "" {
+		return "", fmt.Errorf("Did not receive final destination from client. The --destination flag is likely not set on the client side")
+	}
+	// Strip scheme and path set by client. Without a scheme
+	// Parsing a hostname and path without scheme might not return an error due to parsing ambiguities
+	if jumpURL, err := url.Parse(jumpDestination); err == nil && jumpURL.Host != "" {
+		return removePath(jumpURL.Host), nil
+	}
+	return removePath(jumpDestination), nil
+}
+
+func removePath(dest string) string {
+	return strings.SplitN(dest, "/", 2)[0]
+}
+
+func (o *singleTCPService) EstablishConnection(r *http.Request) (OriginConnection, error) {
+	return o.client.connect(r, o.dest)
+}
+
+type tcpClient struct {
+	streamHandler func(originConn io.ReadWriter, remoteConn net.Conn)
+}
+
+func (c *tcpClient) connect(r *http.Request, addr string) (OriginConnection, error) {
+	conn, err := net.Dial("tcp", addr)
+	if err != nil {
+		return nil, err
+	}
+	return &tcpConnection{
+		conn:          conn,
+		streamHandler: c.streamHandler,
+	}, nil
+}