Version 2

.gitignore

@@ -1 +1,3 @@
 .DS_Store
+/builds/
+.idea

.travis.yml

@@ -0,0 +1,20 @@
+language: go
+
+go:
+  - stable
+
+script:
+  - go test
+  - GOOS=linux   GOARCH=amd64 go build -o builds/simple-http-proxy_linux-amd64
+  - GOOS=darwin  GOARCH=amd64 go build -o builds/simple-http-proxy_darwin-amd64
+  - GOOS=windows GOARCH=amd64 go build -o builds/simple-http-proxy_windows-amd64.exe
+  - GOOS=freebsd GOARCH=amd64 go build -o builds/simple-http-proxy_freebsd-amd64
+
+deploy:
+  provider: releases
+  api_key: "$GITHUB_TOKEN"
+  file_glob: true
+  file: builds/simple-http-proxy_*
+  skip_cleanup: true
+  on:
+    tags: true

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 Florian Kaiser
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -1,3 +1,13 @@
-# [SimpleHTTPProxy](https://github.com/fnkr/SimpleHTTPProxy)
+# [simple-http-proxy](https://github.com/fnkr/simple-http-proxy)
 
-A simple static file HTTP proxy written in Go. Uses [goproxy](https://github.com/elazarl/goproxy).
+Simple http proxy, written in Go.
+Connections are limited to specified users/domains.
+
+## Usage example
+
+```
+$ simple-http-proxy -bind '[::1]:8080' -user foo:bar -host api.github.com:443 -host-match '.*\.googleapis\.com:443'
+$ curl -x 'http://foo:bar@[::1]:8080' https://api.github.com/emojis
+```
+
+Run `simple-http-proxy -help` for help.

domains.go

@@ -0,0 +1,10 @@
+package main
+
+func checkHost(host string) bool {
+	for _, regex := range config.Hosts {
+		if regex.MatchString(host) {
+			return true
+		}
+	}
+	return false
+}

flag.go

@@ -1,25 +1,97 @@
 package main
 
 import (
-    "flag"
+	"flag"
+	"strings"
+	"regexp"
+	"log"
+	"encoding/json"
 )
 
-type Config struct {
-    Host string
-    Port uint16
-    Verbose bool
+type Options struct {
+	Verbose bool
+	Bind string
+	Users map[string]string
+	Hosts []*regexp.Regexp
 }
 
-func getConfig() Config {
-    host := flag.String("host", "", "")
-    port := flag.Int("port", int(1080), "")
-    verbose := flag.Bool("verbose", false, "")
+type userFlag map[string]string
 
-    flag.Parse()
+type hostFlag []*regexp.Regexp
 
-    return Config{
-        Host: *host,
-        Port: uint16(*port),
-        Verbose: *verbose,
-    }
+type hostRegexFlag []*regexp.Regexp
+
+func (u *userFlag) String() string {
+	return "userFlag.String()"
+}
+
+func (u *userFlag) Set(value string) error {
+	if *u == nil {
+		*u = userFlag{}
+	}
+	user_pass := strings.SplitN(value, ":", 2)
+	if len(user_pass) > 1 {
+		(*u)[user_pass[0]] = user_pass[1]
+	} else {
+		(*u)[user_pass[0]] = ""
+	}
+	return nil
+}
+
+func (d *hostFlag) String() string {
+	// Not actually in use, but needs to be implemented
+	return "hostFlag.String()"
+}
+
+func (d *hostFlag) Set(value string) error {
+	*d = append(*d, regexp.MustCompile("^" + regexp.QuoteMeta(value) + "$"))
+	return nil
+}
+
+func (d *hostRegexFlag) String() string {
+	// Not actually in use, but needs to be implemented
+	return "hostRegexFlag.String()"
+}
+
+func (d *hostRegexFlag) Set(value string) error {
+	regex, err := regexp.Compile(value)
+	if err != nil {
+		return err
+	}
+	*d = append(*d, regex)
+	return nil
+}
+
+func parseArgs() *Options {
+	verbose := flag.Bool("verbose", false, "")
+	bind := flag.String("bind", ":8080", "")
+
+	var users userFlag
+	flag.Var(&users, "user", "e.g. \"admin:password\", can be used multiple times")
+
+	var hosts hostFlag
+	flag.Var(&hosts, "host", "e.g. \"example.com\", can be used multiple times")
+
+	var hostregex hostRegexFlag
+	flag.Var(&hostregex, "host-match", "regular expression, e.g. \"^*\\.example\\.com$\", can be used multiple times")
+
+	flag.Parse()
+
+	for _, host := range hostregex {
+		hosts = append(hosts, host)
+	}
+
+	opts := Options{
+		Verbose: *verbose,
+		Bind: *bind,
+		Users: users,
+		Hosts: hosts,
+	}
+
+	if *verbose {
+		js, _ := json.Marshal(opts)
+		log.Println("Options: " + string(js))
+	}
+
+	return &opts
 }

main.go

@@ -1,16 +1,56 @@
 package main
 
 import (
-    "github.com/elazarl/goproxy"
-    "log"
-    "fmt"
-    "net/http"
+	"github.com/elazarl/goproxy"
+	"log"
+	"net/http"
+	"errors"
 )
 
+var config *Options
+
+func checkRequest(ctx *goproxy.ProxyCtx) error {
+	auth := parseProxyAuthorization(ctx.Req.Header.Get("Proxy-Authorization"))
+	if !checkUser(auth) {
+		if config.Verbose {
+			ctx.Logf("Request denied because authorization failed: \"%s\" => \"%s:%s\"", ctx.Req.Header.Get("Proxy-Authorization"), auth.Username, auth.Password)
+		}
+		return errors.New("invalid user")
+	}
+
+	if !checkHost(ctx.Req.Host) {
+		if config.Verbose {
+			ctx.Logf("Request denied because host is not allowed: %s", ctx.Req.Host)
+		}
+		return errors.New("invalid host")
+	}
+
+	return nil
+}
+
 func main() {
-    config := getConfig()
-    proxy := goproxy.NewProxyHttpServer()
-    proxy.Verbose = config.Verbose
-    log.Print(fmt.Sprintf("Listening on %s:%d...", config.Host, config.Port))
-    log.Fatal(http.ListenAndServe(fmt.Sprintf("%s:%d", config.Host, config.Port), proxy))
+	config = parseArgs()
+
+	proxy := goproxy.NewProxyHttpServer()
+	proxy.Verbose = config.Verbose
+
+	// http:// (GET, ...)
+	proxy.OnRequest().DoFunc(func (req *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response) {
+		if err := checkRequest(ctx); err != nil {
+			return req, goproxy.NewResponse(req, goproxy.ContentTypeText, http.StatusForbidden, "403 Forbidden\n")
+		}
+
+		return req, nil
+	})
+
+	// https:// (CONNECT)
+	proxy.OnRequest().HandleConnectFunc(func(host string, ctx *goproxy.ProxyCtx) (*goproxy.ConnectAction, string) {
+		if err := checkRequest(ctx); err != nil {
+			return goproxy.RejectConnect, host
+		}
+
+		return goproxy.OkConnect, host
+	})
+
+	log.Fatal(http.ListenAndServe(config.Bind, proxy))
 }

users.go

@@ -0,0 +1,46 @@
+package main
+
+import (
+	"encoding/base64"
+	"strings"
+)
+
+type ProxyAuthorization struct {
+	Username string
+	Password string
+}
+
+func parseProxyAuthorization(s string) ProxyAuthorization {
+	a := strings.SplitN(s, " ", 2)
+
+	switch m := strings.ToLower(a[0]); m {
+	case "basic":
+		if len(a) != 2 {
+			return ProxyAuthorization{}
+		}
+
+		db, err := base64.StdEncoding.DecodeString(a[1])
+		if err != nil {
+			return ProxyAuthorization{}
+		}
+
+		da := strings.SplitN(string(db), ":", 2)
+		if len(da) != 2 {
+			return ProxyAuthorization{}
+		}
+
+		return ProxyAuthorization{
+			Username: da[0],
+			Password: da[1],
+		}
+	}
+
+	return ProxyAuthorization{}
+}
+
+func checkUser(auth ProxyAuthorization) bool {
+	if x, ok := config.Users[auth.Username]; ok && x == auth.Password {
+		return true
+	}
+	return false
+}