2020-05-31 12:38:15 +08:00
|
|
|
// This is honestly terrible
|
2020-05-31 03:13:22 +08:00
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"io"
|
|
|
|
"log"
|
|
|
|
"net/http"
|
2020-05-31 12:38:15 +08:00
|
|
|
"net/url"
|
2020-05-31 03:13:22 +08:00
|
|
|
"os"
|
2020-05-31 12:38:15 +08:00
|
|
|
"strings"
|
2020-05-31 03:13:22 +08:00
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/miekg/dns"
|
|
|
|
)
|
|
|
|
|
|
|
|
var endpoint string
|
|
|
|
var endpointSecure bool
|
2020-05-31 12:38:15 +08:00
|
|
|
var behindProxy bool
|
2020-05-31 03:13:22 +08:00
|
|
|
var client *http.Client
|
|
|
|
|
|
|
|
func main() {
|
|
|
|
// Read configuration
|
|
|
|
endpoint = os.Getenv("MINIO_ENDPOINT")
|
|
|
|
endpointSecure = os.Getenv("MINIO_ENDPOINT_SECURE") == "true"
|
2020-05-31 12:38:15 +08:00
|
|
|
behindProxy = os.Getenv("BEHIND_PROXY") == "true"
|
2020-05-31 03:13:22 +08:00
|
|
|
|
|
|
|
// Setup HTTP client
|
|
|
|
transport := &http.Transport{
|
|
|
|
MaxIdleConns: 4,
|
|
|
|
MaxIdleConnsPerHost: 4,
|
|
|
|
IdleConnTimeout: 30 * time.Second,
|
|
|
|
DisableCompression: true,
|
|
|
|
}
|
|
|
|
client = &http.Client{
|
|
|
|
Transport: transport,
|
|
|
|
Timeout: 5 * time.Second,
|
|
|
|
}
|
|
|
|
|
|
|
|
server := &http.Server{
|
|
|
|
Addr: ":80",
|
|
|
|
ReadTimeout: 5 * time.Second,
|
|
|
|
WriteTimeout: 10 * time.Second,
|
|
|
|
Handler: http.HandlerFunc(handle),
|
|
|
|
}
|
|
|
|
err := server.ListenAndServe()
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func handle(w http.ResponseWriter, r *http.Request) {
|
2020-05-31 12:38:15 +08:00
|
|
|
// Validate host
|
2020-05-31 03:13:22 +08:00
|
|
|
if _, ok := dns.IsDomainName(r.Host); !ok {
|
|
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2020-05-31 12:38:15 +08:00
|
|
|
// Rewrite URL
|
|
|
|
path := mapPath(r.URL.Path, r.Host)
|
|
|
|
url := &url.URL{
|
|
|
|
Scheme: "http",
|
|
|
|
Host: endpoint,
|
|
|
|
Path: path,
|
|
|
|
}
|
2020-05-31 03:13:22 +08:00
|
|
|
if endpointSecure {
|
2020-05-31 12:38:15 +08:00
|
|
|
url.Scheme = "https"
|
2020-05-31 03:13:22 +08:00
|
|
|
}
|
|
|
|
|
2020-05-31 12:38:15 +08:00
|
|
|
// Update Forwarded headers
|
|
|
|
header := safeCloneHeader(r.Header)
|
2020-05-31 03:13:22 +08:00
|
|
|
|
2020-05-31 12:38:15 +08:00
|
|
|
// Create forwarded request
|
|
|
|
out := &http.Request{
|
|
|
|
URL: url,
|
|
|
|
Header: header,
|
2020-05-31 03:13:22 +08:00
|
|
|
}
|
|
|
|
|
2020-05-31 12:38:15 +08:00
|
|
|
log.Println(out.URL)
|
|
|
|
resp, err := client.Do(out)
|
2020-05-31 03:13:22 +08:00
|
|
|
if err != nil {
|
|
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
|
|
log.Println(err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
defer resp.Body.Close()
|
|
|
|
|
2020-05-31 12:38:15 +08:00
|
|
|
w.WriteHeader(resp.StatusCode)
|
|
|
|
io.Copy(w, resp.Body)
|
|
|
|
}
|
|
|
|
|
|
|
|
func mapPath(path, host string) string {
|
|
|
|
if strings.HasSuffix(path, "/") {
|
|
|
|
path += "index.html"
|
|
|
|
}
|
|
|
|
return "/" + host + path
|
|
|
|
}
|
|
|
|
|
|
|
|
// Further validation is required for this function
|
|
|
|
func safeCloneHeader(h http.Header) http.Header {
|
|
|
|
clone := make(http.Header, 0)
|
|
|
|
for key, value := range h {
|
|
|
|
if !safeHeaderName(key) {
|
|
|
|
continue
|
|
|
|
}
|
2020-05-31 03:13:22 +08:00
|
|
|
for _, v := range value {
|
2020-05-31 12:38:15 +08:00
|
|
|
clone.Add(key, v)
|
2020-05-31 03:13:22 +08:00
|
|
|
}
|
|
|
|
}
|
2020-05-31 12:38:15 +08:00
|
|
|
return clone
|
|
|
|
}
|
|
|
|
|
|
|
|
// Comparisons in this function MUST be in canonical form
|
|
|
|
func safeHeaderName(name string) bool {
|
|
|
|
if behindProxy {
|
|
|
|
if name == "X-Forwarded-For" {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
if name == "X-Forwarded-Host" {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
if name == "X-Forwarded-Proto" {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
if name == "Forwarded" {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false
|
2020-05-31 03:13:22 +08:00
|
|
|
}
|