From 122faedc25f1926a3b238fe47a75a781411065e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Hoguin?= Date: Tue, 30 Oct 2018 23:30:05 +0100 Subject: Initial support for the PROXY protocol header Depend on Ranch master for now since it isn't in any release yet. --- Makefile | 2 +- rebar.config | 2 +- src/cowboy_clear.erl | 25 +++-- src/cowboy_http.erl | 32 +++--- src/cowboy_http2.erl | 43 +++++--- src/cowboy_req.erl | 1 + src/cowboy_tls.erl | 17 ++- test/proxy_header_SUITE.erl | 244 ++++++++++++++++++++++++++++++++++++++++++++ 8 files changed, 321 insertions(+), 45 deletions(-) create mode 100644 test/proxy_header_SUITE.erl diff --git a/Makefile b/Makefile index 7947665..1b7486f 100644 --- a/Makefile +++ b/Makefile @@ -16,7 +16,7 @@ LOCAL_DEPS = crypto DEPS = cowlib ranch dep_cowlib = git https://github.com/ninenines/cowlib master -dep_ranch = git https://github.com/ninenines/ranch 1.6.2 +dep_ranch = git https://github.com/ninenines/ranch master DOC_DEPS = asciideck diff --git a/rebar.config b/rebar.config index 324db50..2a89c1d 100644 --- a/rebar.config +++ b/rebar.config @@ -1,4 +1,4 @@ {deps, [ -{cowlib,".*",{git,"https://github.com/ninenines/cowlib","master"}},{ranch,".*",{git,"https://github.com/ninenines/ranch","1.6.2"}} +{cowlib,".*",{git,"https://github.com/ninenines/cowlib","master"}},{ranch,".*",{git,"https://github.com/ninenines/ranch","master"}} ]}. {erl_opts, [debug_info,warn_export_vars,warn_shadow_vars,warn_obsolete_guard,warn_missing_spec,warn_untyped_record]}. diff --git a/src/cowboy_clear.erl b/src/cowboy_clear.erl index 522ede3..7bb1a35 100644 --- a/src/cowboy_clear.erl +++ b/src/cowboy_clear.erl @@ -16,22 +16,29 @@ -behavior(ranch_protocol). -export([start_link/4]). --export([connection_process/5]). +-export([connection_process/4]). -spec start_link(ranch:ref(), inet:socket(), module(), cowboy:opts()) -> {ok, pid()}. -start_link(Ref, Socket, Transport, Opts) -> +start_link(Ref, _Socket, Transport, Opts) -> Pid = proc_lib:spawn_link(?MODULE, connection_process, - [self(), Ref, Socket, Transport, Opts]), + [self(), Ref, Transport, Opts]), {ok, Pid}. --spec connection_process(pid(), ranch:ref(), inet:socket(), module(), cowboy:opts()) -> ok. -connection_process(Parent, Ref, Socket, Transport, Opts) -> - ok = ranch:accept_ack(Ref), - init(Parent, Ref, Socket, Transport, Opts, cowboy_http). +-spec connection_process(pid(), ranch:ref(), module(), cowboy:opts()) -> ok. +connection_process(Parent, Ref, Transport, Opts) -> + ProxyInfo = case maps:get(proxy_header, Opts, false) of + true -> + {ok, ProxyInfo0} = ranch:recv_proxy_header(Ref, 1000), + ProxyInfo0; + false -> + undefined + end, + {ok, Socket} = ranch:handshake(Ref), + init(Parent, Ref, Socket, Transport, ProxyInfo, Opts, cowboy_http). -init(Parent, Ref, Socket, Transport, Opts, Protocol) -> +init(Parent, Ref, Socket, Transport, ProxyInfo, Opts, Protocol) -> _ = case maps:get(connection_type, Opts, supervisor) of worker -> ok; supervisor -> process_flag(trap_exit, true) end, - Protocol:init(Parent, Ref, Socket, Transport, Opts). + Protocol:init(Parent, Ref, Socket, Transport, ProxyInfo, Opts). diff --git a/src/cowboy_http.erl b/src/cowboy_http.erl index b1c8dbe..a6da5c6 100644 --- a/src/cowboy_http.erl +++ b/src/cowboy_http.erl @@ -18,7 +18,7 @@ -compile({nowarn_deprecated_function, [{erlang, get_stacktrace, 0}]}). -endif. --export([init/5]). +-export([init/6]). -export([system_continue/3]). -export([system_terminate/4]). @@ -98,6 +98,7 @@ ref :: ranch:ref(), socket :: inet:socket(), transport :: module(), + proxy_header :: undefined | ranch_proxy_header:proxy_info(), opts = #{} :: map(), %% Remote address and port for the connection. @@ -137,8 +138,9 @@ -include_lib("cowlib/include/cow_inline.hrl"). -include_lib("cowlib/include/cow_parse.hrl"). --spec init(pid(), ranch:ref(), inet:socket(), module(), cowboy:opts()) -> ok. -init(Parent, Ref, Socket, Transport, Opts) -> +-spec init(pid(), ranch:ref(), inet:socket(), module(), + ranch_proxy_header:proxy_info(), cowboy:opts()) -> ok. +init(Parent, Ref, Socket, Transport, ProxyHeader, Opts) -> Peer0 = Transport:peername(Socket), Sock0 = Transport:sockname(Socket), Cert1 = case Transport:name() of @@ -157,7 +159,7 @@ init(Parent, Ref, Socket, Transport, Opts) -> LastStreamID = maps:get(max_keepalive, Opts, 100), before_loop(set_timeout(#state{ parent=Parent, ref=Ref, socket=Socket, - transport=Transport, opts=Opts, + transport=Transport, proxy_header=ProxyHeader, opts=Opts, peer=Peer, sock=Sock, cert=Cert, last_streamid=LastStreamID}), <<>>); {{error, Reason}, _, _} -> @@ -655,7 +657,7 @@ default_port(_) -> 80. %% End of request parsing. request(Buffer, State0=#state{ref=Ref, transport=Transport, peer=Peer, sock=Sock, cert=Cert, - in_streamid=StreamID, in_state= + proxy_header=ProxyHeader, in_streamid=StreamID, in_state= PS=#ps_header{method=Method, path=Path, qs=Qs, version=Version}}, Headers0, Host, Port) -> Scheme = case Transport:secure() of @@ -691,7 +693,7 @@ request(Buffer, State0=#state{ref=Ref, transport=Transport, peer=Peer, sock=Sock _ -> {Headers0, false, 0, undefined, undefined} end, - Req = #{ + Req0 = #{ ref => Ref, pid => self(), streamid => StreamID, @@ -711,6 +713,11 @@ request(Buffer, State0=#state{ref=Ref, transport=Transport, peer=Peer, sock=Sock has_body => HasBody, body_length => BodyLength }, + %% We add the PROXY header information if any. + Req = case ProxyHeader of + undefined -> Req0; + _ -> Req0#{proxy_header => ProxyHeader} + end, case is_http2_upgrade(Headers, Version) of false -> State = case HasBody of @@ -754,12 +761,12 @@ is_http2_upgrade(_, _) -> %% Prior knowledge upgrade, without an HTTP/1.1 request. http2_upgrade(State=#state{parent=Parent, ref=Ref, socket=Socket, transport=Transport, - opts=Opts, peer=Peer, sock=Sock, cert=Cert}, Buffer) -> + proxy_header=ProxyHeader, opts=Opts, peer=Peer, sock=Sock, cert=Cert}, Buffer) -> case Transport:secure() of false -> _ = cancel_timeout(State), - cowboy_http2:init(Parent, Ref, Socket, Transport, Opts, - Peer, Sock, Cert, Buffer); + cowboy_http2:init(Parent, Ref, Socket, Transport, + ProxyHeader, Opts, Peer, Sock, Cert, Buffer); true -> error_terminate(400, State, {connection_error, protocol_error, 'Clients that support HTTP/2 over TLS MUST use ALPN. (RFC7540 3.4)'}) @@ -767,7 +774,8 @@ http2_upgrade(State=#state{parent=Parent, ref=Ref, socket=Socket, transport=Tran %% Upgrade via an HTTP/1.1 request. http2_upgrade(State=#state{parent=Parent, ref=Ref, socket=Socket, transport=Transport, - opts=Opts, peer=Peer, sock=Sock, cert=Cert}, Buffer, HTTP2Settings, Req) -> + proxy_header=ProxyHeader, opts=Opts, peer=Peer, sock=Sock, cert=Cert}, + Buffer, HTTP2Settings, Req) -> %% @todo %% However if the client sent a body, we need to read the body in full %% and if we can't do that, return a 413 response. Some options are in order. @@ -775,8 +783,8 @@ http2_upgrade(State=#state{parent=Parent, ref=Ref, socket=Socket, transport=Tran try cow_http_hd:parse_http2_settings(HTTP2Settings) of Settings -> _ = cancel_timeout(State), - cowboy_http2:init(Parent, Ref, Socket, Transport, Opts, - Peer, Sock, Cert, Buffer, Settings, Req) + cowboy_http2:init(Parent, Ref, Socket, Transport, + ProxyHeader, Opts, Peer, Sock, Cert, Buffer, Settings, Req) catch _:_ -> error_terminate(400, State, {connection_error, protocol_error, 'The HTTP2-Settings header must contain a base64 SETTINGS payload. (RFC7540 3.2, RFC7540 3.2.1)'}) diff --git a/src/cowboy_http2.erl b/src/cowboy_http2.erl index f64592c..6ec7583 100644 --- a/src/cowboy_http2.erl +++ b/src/cowboy_http2.erl @@ -18,9 +18,9 @@ -compile({nowarn_deprecated_function, [{erlang, get_stacktrace, 0}]}). -endif. --export([init/5]). --export([init/9]). --export([init/11]). +-export([init/6]). +-export([init/10]). +-export([init/12]). -export([system_continue/3]). -export([system_terminate/4]). @@ -52,6 +52,7 @@ ref :: ranch:ref(), socket = undefined :: inet:socket(), transport :: module(), + proxy_header :: undefined | ranch_proxy_header:proxy_info(), opts = #{} :: opts(), %% Remote address and port for the connection. @@ -76,8 +77,9 @@ children = cowboy_children:init() :: cowboy_children:children() }). --spec init(pid(), ranch:ref(), inet:socket(), module(), cowboy:opts()) -> ok. -init(Parent, Ref, Socket, Transport, Opts) -> +-spec init(pid(), ranch:ref(), inet:socket(), module(), + ranch_proxy_header:proxy_info(), cowboy:opts()) -> ok. +init(Parent, Ref, Socket, Transport, ProxyHeader, Opts) -> Peer0 = Transport:peername(Socket), Sock0 = Transport:sockname(Socket), Cert1 = case Transport:name() of @@ -93,7 +95,7 @@ init(Parent, Ref, Socket, Transport, Opts) -> end, case {Peer0, Sock0, Cert1} of {{ok, Peer}, {ok, Sock}, {ok, Cert}} -> - init(Parent, Ref, Socket, Transport, Opts, Peer, Sock, Cert, <<>>); + init(Parent, Ref, Socket, Transport, ProxyHeader, Opts, Peer, Sock, Cert, <<>>); {{error, Reason}, _, _} -> terminate(undefined, {socket_error, Reason, 'A socket error occurred when retrieving the peer name.'}); @@ -105,13 +107,15 @@ init(Parent, Ref, Socket, Transport, Opts) -> 'A socket error occurred when retrieving the client TLS certificate.'}) end. --spec init(pid(), ranch:ref(), inet:socket(), module(), cowboy:opts(), +-spec init(pid(), ranch:ref(), inet:socket(), module(), + ranch_proxy_header:proxy_info(), cowboy:opts(), {inet:ip_address(), inet:port_number()}, {inet:ip_address(), inet:port_number()}, binary() | undefined, binary()) -> ok. -init(Parent, Ref, Socket, Transport, Opts, Peer, Sock, Cert, Buffer) -> +init(Parent, Ref, Socket, Transport, ProxyHeader, Opts, Peer, Sock, Cert, Buffer) -> {ok, Preface, HTTP2Machine} = cow_http2_machine:init(server, Opts), State = #state{parent=Parent, ref=Ref, socket=Socket, - transport=Transport, opts=Opts, peer=Peer, sock=Sock, cert=Cert, + transport=Transport, proxy_header=ProxyHeader, + opts=Opts, peer=Peer, sock=Sock, cert=Cert, http2_init=sequence, http2_machine=HTTP2Machine}, Transport:send(Socket, Preface), case Buffer of @@ -120,16 +124,18 @@ init(Parent, Ref, Socket, Transport, Opts, Peer, Sock, Cert, Buffer) -> end. %% @todo Add an argument for the request body. --spec init(pid(), ranch:ref(), inet:socket(), module(), cowboy:opts(), +-spec init(pid(), ranch:ref(), inet:socket(), module(), + ranch_proxy_header:proxy_info(), cowboy:opts(), {inet:ip_address(), inet:port_number()}, {inet:ip_address(), inet:port_number()}, binary() | undefined, binary(), map() | undefined, cowboy_req:req()) -> ok. -init(Parent, Ref, Socket, Transport, Opts, Peer, Sock, Cert, Buffer, +init(Parent, Ref, Socket, Transport, ProxyHeader, Opts, Peer, Sock, Cert, Buffer, _Settings, Req=#{method := Method}) -> {ok, Preface, HTTP2Machine0} = cow_http2_machine:init(server, Opts), {ok, StreamID, HTTP2Machine} = cow_http2_machine:init_upgrade_stream(Method, HTTP2Machine0), State0 = #state{parent=Parent, ref=Ref, socket=Socket, - transport=Transport, opts=Opts, peer=Peer, sock=Sock, cert=Cert, + transport=Transport, proxy_header=ProxyHeader, + opts=Opts, peer=Peer, sock=Sock, cert=Cert, http2_init=upgrade, http2_machine=HTTP2Machine}, State1 = headers_frame(State0#state{ http2_machine=HTTP2Machine}, StreamID, Req), @@ -285,7 +291,7 @@ headers_frame(State, StreamID, IsFin, Headers, PseudoHeaders=#{method := <<"TRACE">>}, _) -> early_error(State, StreamID, IsFin, Headers, PseudoHeaders, 501, 'The TRACE method is currently not implemented. (RFC7231 4.3.8)'); -headers_frame(State=#state{ref=Ref, peer=Peer, sock=Sock, cert=Cert}, +headers_frame(State=#state{ref=Ref, peer=Peer, sock=Sock, cert=Cert, proxy_header=ProxyHeader}, StreamID, IsFin, Headers, PseudoHeaders=#{method := Method, scheme := Scheme, authority := Authority, path := PathWithQs}, BodyLen) -> try cow_http_hd:parse_host(Authority) of @@ -314,12 +320,15 @@ headers_frame(State=#state{ref=Ref, peer=Peer, sock=Sock, cert=Cert}, has_body => IsFin =:= nofin, body_length => BodyLen }, + %% We add the PROXY header information if any. + Req1 = case ProxyHeader of + undefined -> Req0; + _ -> Req0#{proxy_header => ProxyHeader} + end, %% We add the protocol information for extended CONNECTs. Req = case PseudoHeaders of - #{protocol := Protocol} -> - Req0#{protocol => Protocol}; - _ -> - Req0 + #{protocol := Protocol} -> Req1#{protocol => Protocol}; + _ -> Req1 end, headers_frame(State, StreamID, Req) catch _:_ -> diff --git a/src/cowboy_req.erl b/src/cowboy_req.erl index ee40304..2857c75 100644 --- a/src/cowboy_req.erl +++ b/src/cowboy_req.erl @@ -126,6 +126,7 @@ % pid := pid(), % streamid := cowboy_stream:streamid(), % peer := {inet:ip_address(), inet:port_number()}, +% proxy_header => ... % % method := binary(), %% case sensitive % version := cowboy:http_version() | atom(), diff --git a/src/cowboy_tls.erl b/src/cowboy_tls.erl index 316fc32..864a613 100644 --- a/src/cowboy_tls.erl +++ b/src/cowboy_tls.erl @@ -26,17 +26,24 @@ start_link(Ref, Socket, Transport, Opts) -> -spec connection_process(pid(), ranch:ref(), ssl:sslsocket(), module(), cowboy:opts()) -> ok. connection_process(Parent, Ref, Socket, Transport, Opts) -> - ok = ranch:accept_ack(Ref), + ProxyInfo = case maps:get(proxy_header, Opts, false) of + true -> + {ok, ProxyInfo0} = ranch:recv_proxy_header(Ref, 1000), + ProxyInfo0; + false -> + undefined + end, + {ok, Socket} = ranch:handshake(Ref), case ssl:negotiated_protocol(Socket) of {ok, <<"h2">>} -> - init(Parent, Ref, Socket, Transport, Opts, cowboy_http2); + init(Parent, Ref, Socket, Transport, ProxyInfo, Opts, cowboy_http2); _ -> %% http/1.1 or no protocol negotiated. - init(Parent, Ref, Socket, Transport, Opts, cowboy_http) + init(Parent, Ref, Socket, Transport, ProxyInfo, Opts, cowboy_http) end. -init(Parent, Ref, Socket, Transport, Opts, Protocol) -> +init(Parent, Ref, Socket, Transport, ProxyInfo, Opts, Protocol) -> _ = case maps:get(connection_type, Opts, supervisor) of worker -> ok; supervisor -> process_flag(trap_exit, true) end, - Protocol:init(Parent, Ref, Socket, Transport, Opts). + Protocol:init(Parent, Ref, Socket, Transport, ProxyInfo, Opts). diff --git a/test/proxy_header_SUITE.erl b/test/proxy_header_SUITE.erl new file mode 100644 index 0000000..7ab2078 --- /dev/null +++ b/test/proxy_header_SUITE.erl @@ -0,0 +1,244 @@ +%% Copyright (c) 2018, Loïc Hoguin +%% +%% Permission to use, copy, modify, and/or distribute this software for any +%% purpose with or without fee is hereby granted, provided that the above +%% copyright notice and this permission notice appear in all copies. +%% +%% THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +%% WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +%% MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +%% ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +%% WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +%% ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +%% OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +-module(proxy_header_SUITE). +-compile(export_all). +-compile(nowarn_export_all). + +-import(ct_helper, [config/2]). +-import(ct_helper, [doc/1]). +-import(cowboy_test, [raw_send/2]). +-import(cowboy_test, [raw_recv_head/1]). +-import(cowboy_test, [raw_recv/3]). + +%% ct. + +all() -> + [ + {group, http}, + {group, https}, + {group, h2}, + {group, h2c}, + {group, h2c_upgrade} + ]. + +groups() -> + Tests = ct_helper:all(?MODULE), + [{h2c_upgrade, [parallel], Tests}|cowboy_test:common_groups(Tests)]. + +init_per_group(Name=http, Config) -> + cowboy_test:init_http(Name, #{ + env => #{dispatch => init_dispatch()}, + proxy_header => true + }, Config); +init_per_group(Name=https, Config) -> + cowboy_test:init_https(Name, #{ + env => #{dispatch => init_dispatch()}, + proxy_header => true + }, Config); +init_per_group(Name=h2, Config) -> + cowboy_test:init_http2(Name, #{ + env => #{dispatch => init_dispatch()}, + proxy_header => true + }, Config); +init_per_group(Name=h2c, Config) -> + Config1 = cowboy_test:init_http(Name, #{ + env => #{dispatch => init_dispatch()}, + proxy_header => true + }, Config), + lists:keyreplace(protocol, 1, Config1, {protocol, http2}); +init_per_group(Name=h2c_upgrade, Config) -> + Config1 = cowboy_test:init_http(h2c, #{ + env => #{dispatch => init_dispatch()}, + proxy_header => true + }, Config), + Config2 = lists:keyreplace(protocol, 1, Config1, {protocol, http2}), + lists:keyreplace(ref, 1, Config2, {ref, Name}). + +end_per_group(Name, _) -> + cowboy:stop_listener(Name). + +%% Routes. + +init_dispatch() -> + cowboy_router:compile([{"[...]", [ + {"/direct/:key/[...]", echo_h, []} + ]}]). + +%% Tests. + +v1_proxy_header(Config) -> + doc("Confirm we can read the proxy header at the start of the connection."), + ProxyInfo = #{ + version => 1, + command => proxy, + transport_family => ipv4, + transport_protocol => stream, + src_address => {127, 0, 0, 1}, + src_port => 444, + dest_address => {192, 168, 0, 1}, + dest_port => 443 + }, + do_proxy_header(Config, ProxyInfo). + +v2_proxy_header(Config) -> + doc("Confirm we can read the proxy header at the start of the connection."), + ProxyInfo = #{ + version => 2, + command => proxy, + transport_family => ipv4, + transport_protocol => stream, + src_address => {127, 0, 0, 1}, + src_port => 444, + dest_address => {192, 168, 0, 1}, + dest_port => 443 + }, + do_proxy_header(Config, ProxyInfo). + +v2_local_header(Config) -> + doc("Confirm we can read the proxy header at the start of the connection."), + ProxyInfo = #{ + version => 2, + command => local + }, + do_proxy_header(Config, ProxyInfo). + +do_proxy_header(Config, ProxyInfo) -> + case config(ref, Config) of + http -> do_proxy_header_http(Config, ProxyInfo); + https -> do_proxy_header_https(Config, ProxyInfo); + h2 -> do_proxy_header_h2(Config, ProxyInfo); + h2c -> do_proxy_header_h2c(Config, ProxyInfo); + h2c_upgrade -> do_proxy_header_h2c_upgrade(Config, ProxyInfo) + end. + +do_proxy_header_http(Config, ProxyInfo) -> + {ok, Socket} = gen_tcp:connect("localhost", config(port, Config), + [binary, {active, false}, {packet, raw}]), + ok = gen_tcp:send(Socket, ranch_proxy_header:header(ProxyInfo)), + do_proxy_header_http_common({raw_client, Socket, gen_tcp}, ProxyInfo). + +do_proxy_header_https(Config, ProxyInfo) -> + {ok, Socket0} = gen_tcp:connect("localhost", config(port, Config), + [binary, {active, false}, {packet, raw}]), + ok = gen_tcp:send(Socket0, ranch_proxy_header:header(ProxyInfo)), + {ok, Socket} = ssl:connect(Socket0, [], 1000), + do_proxy_header_http_common({raw_client, Socket, ssl}, ProxyInfo). + +do_proxy_header_http_common(Client, ProxyInfo) -> + ok = raw_send(Client, + "GET /direct/proxy_header HTTP/1.1\r\n" + "Host: localhost\r\n" + "\r\n"), + {_, 200, _, Rest0} = cow_http:parse_status_line(raw_recv_head(Client)), + {Headers, Body0} = cow_http:parse_headers(Rest0), + {_, LenBin} = lists:keyfind(<<"content-length">>, 1, Headers), + Len = binary_to_integer(LenBin), + Body = if + byte_size(Body0) =:= Len -> Body0; + true -> + {ok, Body1} = raw_recv(Client, Len - byte_size(Body0), 5000), + <> + end, + ProxyInfo = do_parse_term(Body), + ok. + +do_proxy_header_h2(Config, ProxyInfo) -> + {ok, Socket0} = gen_tcp:connect("localhost", config(port, Config), + [binary, {active, false}, {packet, raw}]), + ok = gen_tcp:send(Socket0, ranch_proxy_header:header(ProxyInfo)), + {ok, Socket} = ssl:connect(Socket0, [{alpn_advertised_protocols, [<<"h2">>]}], 1000), + do_proxy_header_h2_common({raw_client, Socket, ssl}, ProxyInfo). + +do_proxy_header_h2c(Config, ProxyInfo) -> + {ok, Socket} = gen_tcp:connect("localhost", config(port, Config), + [binary, {active, false}, {packet, raw}]), + ok = gen_tcp:send(Socket, ranch_proxy_header:header(ProxyInfo)), + do_proxy_header_h2_common({raw_client, Socket, gen_tcp}, ProxyInfo). + +do_proxy_header_h2c_upgrade(Config, ProxyInfo) -> + {ok, Socket} = gen_tcp:connect("localhost", config(port, Config), + [binary, {active, false}, {packet, raw}]), + ok = gen_tcp:send(Socket, ranch_proxy_header:header(ProxyInfo)), + Client = {raw_client, Socket, gen_tcp}, + ok = raw_send(Client, [ + "GET /direct/proxy_header HTTP/1.1\r\n" + "Host: localhost\r\n" + "Connection: Upgrade, HTTP2-Settings\r\n" + "Upgrade: h2c\r\n" + "HTTP2-Settings: ", base64:encode(iolist_to_binary(cow_http2:settings_payload(#{}))), "\r\n" + "\r\n"]), + ok = do_recv_101(Client), + %% Receive the server preface. + {ok, <>} = raw_recv(Client, 3, 1000), + {ok, <<4:8, 0:40, _:PrefaceLen/binary>>} = raw_recv(Client, 6 + PrefaceLen, 1000), + do_proxy_header_h2_response_common(Client, ProxyInfo), + ok. + +do_proxy_header_h2_common(Client, ProxyInfo) -> + %% Send a valid preface. + ok = raw_send(Client, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:settings(#{})]), + %% Receive the server preface. + {ok, <>} = raw_recv(Client, 3, 1000), + {ok, <<4:8, 0:40, _:PrefaceLen/binary>>} = raw_recv(Client, 6 + PrefaceLen, 1000), + %% Send the SETTINGS ack. + ok = raw_send(Client, cow_http2:settings_ack()), + %% Receive the SETTINGS ack. + {ok, <<0:24, 4:8, 1:8, 0:32>>} = raw_recv(Client, 9, 1000), + %% Send a GET request. + {HeadersBlock, _} = cow_hpack:encode([ + {<<":method">>, <<"GET">>}, + {<<":scheme">>, <<"http">>}, + {<<":authority">>, <<"localhost">>}, %% @todo Correct port number. + {<<":path">>, <<"/direct/proxy_header">>} + ]), + Len = iolist_size(HeadersBlock), + ok = raw_send(Client, [ + <>, + HeadersBlock + ]), + do_proxy_header_h2_response_common(Client, ProxyInfo). + +do_proxy_header_h2_response_common(Client, ProxyInfo) -> + %% Receive a response with the proxy header data. + {ok, <>} = raw_recv(Client, 9, 1000), + {ok, _} = raw_recv(Client, SkipLen, 1000), + {ok, <>} = raw_recv(Client, 9, 1000), + {ok, Body} = raw_recv(Client, BodyLen, 1000), + ProxyInfo = do_parse_term(Body), + ok. + +do_parse_term(Body) -> + {ok, Tokens, _} = erl_scan:string(binary_to_list(Body) ++ "."), + {ok, Exprs} = erl_parse:parse_exprs(Tokens), + {value, Term, _} = erl_eval:exprs(Exprs, erl_eval:new_bindings()), + Term. + +%% Match directly for now. +do_recv_101(Client) -> + {ok, << + "HTTP/1.1 101 Switching Protocols\r\n" + "connection: Upgrade\r\n" + "upgrade: h2c\r\n" + "\r\n" + >>} = raw_recv(Client, 71, 1000), + ok. -- cgit v1.2.3