aboutsummaryrefslogblamecommitdiffstats
path: root/test/proxy_header_SUITE.erl
blob: 9d1ca2f900cd5f9fd4593c1577322f35051e0ca0 (plain) (tree)





















































                                                                            
                               



                                                      
                                                                  












                                                  























                                                                                               






















































                                                                                    

                                                           























                                                                                     
                                                 
                                           
                                                                         


















































































                                                                                                            
%% Copyright (c) 2018, Loïc Hoguin <[email protected]>
%%
%% Permission to use, copy, modify, and/or distribute this software for any
%% purpose with or without fee is hereby granted, provided that the above
%% copyright notice and this permission notice appear in all copies.
%%
%% THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
%% WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
%% MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
%% ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
%% WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
%% ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
%% OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

-module(proxy_header_SUITE).
-compile(export_all).
-compile(nowarn_export_all).

-import(ct_helper, [config/2]).
-import(ct_helper, [doc/1]).
-import(cowboy_test, [raw_send/2]).
-import(cowboy_test, [raw_recv_head/1]).
-import(cowboy_test, [raw_recv/3]).

%% ct.

all() ->
	[
		{group, http},
		{group, https},
		{group, h2},
		{group, h2c},
		{group, h2c_upgrade}
	].

groups() ->
	Tests = ct_helper:all(?MODULE),
	[{h2c_upgrade, [parallel], Tests}|cowboy_test:common_groups(Tests)].

init_per_group(Name=http, Config) ->
	cowboy_test:init_http(Name, #{
		env => #{dispatch => init_dispatch()},
		proxy_header => true
	}, Config);
init_per_group(Name=https, Config) ->
	cowboy_test:init_https(Name, #{
		env => #{dispatch => init_dispatch()},
		proxy_header => true
	}, Config);
init_per_group(Name=h2, Config) ->
	cowboy_test:init_http2(Name, #{
		env => #{dispatch => init_dispatch()},
		proxy_header => true
	}, Config);
init_per_group(Name, Config) ->
	Config1 = cowboy_test:init_http(Name, #{
		env => #{dispatch => init_dispatch()},
		proxy_header => true
	}, Config),
	lists:keyreplace(protocol, 1, Config1, {protocol, http2}).

end_per_group(Name, _) ->
	cowboy:stop_listener(Name).

%% Routes.

init_dispatch() ->
	cowboy_router:compile([{"[...]", [
		{"/direct/:key/[...]", echo_h, []}
	]}]).

%% Tests.

fail_gracefully_on_disconnect(Config) ->
	doc("Probing a port must not generate a crash"),
	{ok, Socket} = gen_tcp:connect("localhost", config(port, Config),
		[binary, {active, false}, {packet, raw}]),
	timer:sleep(50),
	Pid = case config(type, Config) of
		tcp -> ct_helper:get_remote_pid_tcp(Socket);
		%% We connect to a TLS port using a TCP socket so we need
		%% to first obtain the remote pid of the TCP socket, which
		%% is a TLS socket on the server, and then get the real
		%% remote pid from its state.
		ssl -> ct_helper:get_remote_pid_tls_state(ct_helper:get_remote_pid_tcp(Socket))
	end,
	Ref = erlang:monitor(process, Pid),
	gen_tcp:close(Socket),
	receive
		{'DOWN', Ref, process, Pid, {shutdown, closed}} ->
			ok;
		{'DOWN', Ref, process, Pid, Reason} ->
			error(Reason)
	after 500 ->
		error(timeout)
	end.

v1_proxy_header(Config) ->
	doc("Confirm we can read the proxy header at the start of the connection."),
	ProxyInfo = #{
		version => 1,
		command => proxy,
		transport_family => ipv4,
		transport_protocol => stream,
		src_address => {127, 0, 0, 1},
		src_port => 444,
		dest_address => {192, 168, 0, 1},
		dest_port => 443
	},
	do_proxy_header(Config, ProxyInfo).

v2_proxy_header(Config) ->
	doc("Confirm we can read the proxy header at the start of the connection."),
	ProxyInfo = #{
		version => 2,
		command => proxy,
		transport_family => ipv4,
		transport_protocol => stream,
		src_address => {127, 0, 0, 1},
		src_port => 444,
		dest_address => {192, 168, 0, 1},
		dest_port => 443
	},
	do_proxy_header(Config, ProxyInfo).

v2_local_header(Config) ->
	doc("Confirm we can read the proxy header at the start of the connection."),
	ProxyInfo = #{
		version => 2,
		command => local
	},
	do_proxy_header(Config, ProxyInfo).

do_proxy_header(Config, ProxyInfo) ->
	case config(ref, Config) of
		http -> do_proxy_header_http(Config, ProxyInfo);
		https -> do_proxy_header_https(Config, ProxyInfo);
		h2 -> do_proxy_header_h2(Config, ProxyInfo);
		h2c -> do_proxy_header_h2c(Config, ProxyInfo);
		h2c_upgrade -> do_proxy_header_h2c_upgrade(Config, ProxyInfo)
	end.

do_proxy_header_http(Config, ProxyInfo) ->
	{ok, Socket} = gen_tcp:connect("localhost", config(port, Config),
		[binary, {active, false}, {packet, raw}]),
	ok = gen_tcp:send(Socket, ranch_proxy_header:header(ProxyInfo)),
	do_proxy_header_http_common({raw_client, Socket, gen_tcp}, ProxyInfo).

do_proxy_header_https(Config, ProxyInfo) ->
	{ok, Socket0} = gen_tcp:connect("localhost", config(port, Config),
		[binary, {active, false}, {packet, raw}]),
	ok = gen_tcp:send(Socket0, ranch_proxy_header:header(ProxyInfo)),
	TlsOpts = ct_helper:get_certs_from_ets(),
	{ok, Socket} = ssl:connect(Socket0, TlsOpts, 1000),
	do_proxy_header_http_common({raw_client, Socket, ssl}, ProxyInfo).

do_proxy_header_http_common(Client, ProxyInfo) ->
	ok = raw_send(Client,
		"GET /direct/proxy_header HTTP/1.1\r\n"
		"Host: localhost\r\n"
		"\r\n"),
	{_, 200, _, Rest0} = cow_http:parse_status_line(raw_recv_head(Client)),
	{Headers, Body0} = cow_http:parse_headers(Rest0),
	{_, LenBin} = lists:keyfind(<<"content-length">>, 1, Headers),
	Len = binary_to_integer(LenBin),
	Body = if
		byte_size(Body0) =:= Len -> Body0;
		true ->
			{ok, Body1} = raw_recv(Client, Len - byte_size(Body0), 5000),
			<<Body0/bits, Body1/bits>>
	end,
	ProxyInfo = do_parse_term(Body),
	ok.

do_proxy_header_h2(Config, ProxyInfo) ->
	{ok, Socket0} = gen_tcp:connect("localhost", config(port, Config),
		[binary, {active, false}, {packet, raw}]),
	ok = gen_tcp:send(Socket0, ranch_proxy_header:header(ProxyInfo)),
	TlsOpts = ct_helper:get_certs_from_ets(),
	{ok, Socket} = ssl:connect(Socket0,
		[{alpn_advertised_protocols, [<<"h2">>]}|TlsOpts], 1000),
	do_proxy_header_h2_common({raw_client, Socket, ssl}, ProxyInfo).

do_proxy_header_h2c(Config, ProxyInfo) ->
	{ok, Socket} = gen_tcp:connect("localhost", config(port, Config),
		[binary, {active, false}, {packet, raw}]),
	ok = gen_tcp:send(Socket, ranch_proxy_header:header(ProxyInfo)),
	do_proxy_header_h2_common({raw_client, Socket, gen_tcp}, ProxyInfo).

do_proxy_header_h2c_upgrade(Config, ProxyInfo) ->
	{ok, Socket} = gen_tcp:connect("localhost", config(port, Config),
		[binary, {active, false}, {packet, raw}]),
	ok = gen_tcp:send(Socket, ranch_proxy_header:header(ProxyInfo)),
	Client = {raw_client, Socket, gen_tcp},
	ok = raw_send(Client, [
		"GET /direct/proxy_header HTTP/1.1\r\n"
		"Host: localhost\r\n"
		"Connection: Upgrade, HTTP2-Settings\r\n"
		"Upgrade: h2c\r\n"
		"HTTP2-Settings: ", base64:encode(iolist_to_binary(cow_http2:settings_payload(#{}))), "\r\n"
		"\r\n"]),
	ok = do_recv_101(Client),
	%% Receive the server preface.
	{ok, <<PrefaceLen:24>>} = raw_recv(Client, 3, 1000),
	{ok, <<4:8, 0:40, _:PrefaceLen/binary>>} = raw_recv(Client, 6 + PrefaceLen, 1000),
	do_proxy_header_h2_response_common(Client, ProxyInfo),
	ok.

do_proxy_header_h2_common(Client, ProxyInfo) ->
	%% Send a valid preface.
	ok = raw_send(Client, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:settings(#{})]),
	%% Receive the server preface.
	{ok, <<PrefaceLen:24>>} = raw_recv(Client, 3, 1000),
	{ok, <<4:8, 0:40, _:PrefaceLen/binary>>} = raw_recv(Client, 6 + PrefaceLen, 1000),
	%% Send the SETTINGS ack.
	ok = raw_send(Client, cow_http2:settings_ack()),
	%% Receive the SETTINGS ack.
	{ok, <<0:24, 4:8, 1:8, 0:32>>} = raw_recv(Client, 9, 1000),
	%% Send a GET request.
	{HeadersBlock, _} = cow_hpack:encode([
		{<<":method">>, <<"GET">>},
		{<<":scheme">>, <<"http">>},
		{<<":authority">>, <<"localhost">>}, %% @todo Correct port number.
		{<<":path">>, <<"/direct/proxy_header">>}
	]),
	Len = iolist_size(HeadersBlock),
	ok = raw_send(Client, [
		<<Len:24, 1:8,
			0:2, %% Undefined.
			0:1, %% PRIORITY.
			0:1, %% Undefined.
			0:1, %% PADDED.
			1:1, %% END_HEADERS.
			0:1, %% Undefined.
			1:1, %% END_STREAM.
			0:1, 1:31>>,
		HeadersBlock
	]),
	do_proxy_header_h2_response_common(Client, ProxyInfo).

do_proxy_header_h2_response_common(Client, ProxyInfo) ->
	%% Receive a response with the proxy header data.
	{ok, <<SkipLen:24, 1:8, _:8, 1:32>>} = raw_recv(Client, 9, 1000),
	{ok, _} = raw_recv(Client, SkipLen, 1000),
	{ok, <<BodyLen:24, 0:8, 1:8, 1:32>>} = raw_recv(Client, 9, 1000),
	{ok, Body} = raw_recv(Client, BodyLen, 1000),
	ProxyInfo = do_parse_term(Body),
	ok.

do_parse_term(Body) ->
	{ok, Tokens, _} = erl_scan:string(binary_to_list(Body) ++ "."),
	{ok, Exprs} = erl_parse:parse_exprs(Tokens),
	{value, Term, _} = erl_eval:exprs(Exprs, erl_eval:new_bindings()),
	Term.

%% Match directly for now.
do_recv_101(Client) ->
	{ok, <<
		"HTTP/1.1 101 Switching Protocols\r\n"
		"connection: Upgrade\r\n"
		"upgrade: h2c\r\n"
		"\r\n"
	>>} = raw_recv(Client, 71, 1000),
	ok.