Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

add basic proxy-auth

  • Loading branch information...
commit 46315029512513e97b1bb6d91df3f7fbfe7a4b18 1 parent 67fbcb6
Ilya Grigorik authored

Showing 1 changed file with 50 additions and 28 deletions. Show diff stats Hide diff stats

  1. +50 28 server.js
78 server.js
@@ -14,9 +14,22 @@ function logRequest(req) {
14 14 console.log(' * ' + i + ': ' + req.headers[i]);
15 15 }
16 16
17   -function handlePlain(req, res) {
18   - logRequest(req);
  17 +function synReply(socket, code, reason, headers, cb) {
  18 + socket.lock(function() {
  19 + var socket = this;
  20 +
  21 + this.framer.replyFrame(
  22 + this.id, code, reason, headers,
  23 + function (err, frame) {
  24 + socket.connection.write(frame);
  25 + socket.unlock();
  26 + cb.call();
  27 + }
  28 + );
  29 + });
  30 +}
19 31
  32 +function handlePlain(req, res) {
20 33 var requestOptions = {
21 34 host: req.headers.host,
22 35 port: req.headers.host.split(':')[1] || 80,
@@ -44,23 +57,11 @@ function handlePlain(req, res) {
44 57 }
45 58
46 59 function handleSecure(req, socket) {
47   - logRequest(req);
48   -
49 60 var dest = req.headers.host.split(':');
50 61 var tunnel = net.createConnection(dest[1] || 443, dest[0], function() {
51   - socket.lock(function() {
52   - var socket = this;
53   -
54   - this.framer.replyFrame(
55   - this.id, 200, "Connection established", {"Connection": "keep-alive"},
56   - function (err, frame) {
57   - socket.connection.write(frame);
58   - socket.unlock();
59   -
60   - tunnel.pipe(socket);
61   - socket.pipe(tunnel);
62   - }
63   - );
  62 + synReply(socket, 200, 'Connection established', {'Connection': 'keep-alive'}, function() {
  63 + tunnel.pipe(socket);
  64 + socket.pipe(tunnel);
64 65 });
65 66 });
66 67
@@ -68,19 +69,40 @@ function handleSecure(req, socket) {
68 69
69 70 tunnel.on('error', function(e) {
70 71 console.log("Tunnel error: " + e);
71   - socket.lock(function() {
72   - this.framer.replyFrame(
73   - this.id, 502, "Tunnel Error", {},
74   - function (err, frame) {
75   - socket.connection.write(frame);
76   - socket.unlock();
77   - socket.end();
78   - }
79   - );
  72 + synReply(socket, 502, "Tunnel Error", {}, function() {
  73 + socket.end();
80 74 });
81 75 });
82 76 }
83 77
  78 +function handleRequest(req, res) {
  79 + logRequest(req);
  80 +
  81 + // perform basic proxy auth (over SSL tunnel)
  82 + // - http://www.chromium.org/spdy/spdy-authentication
  83 + var header = req.headers['proxy-authorization'] || '',
  84 + token = header.split(/\s+/).pop() || '',
  85 + auth = new Buffer(token, 'base64').toString(),
  86 + parts = auth.split(/:/),
  87 + username = parts[0],
  88 + password = parts[1];
  89 +
  90 + // don't pass proxy-auth headers upstream
  91 + delete req.headers['proxy-authorization'];
  92 +
  93 + // TODO add config
  94 + if(username != 'test') {
  95 + var socket = (req.method == 'CONNECT') ? res : res.socket;
  96 + synReply(socket, 407, 'Proxy Authentication Required',
  97 + {'Proxy-Authenticate': 'Basic realm="SPDY Proxy"'},
  98 + function() { socket.end(); }
  99 + );
  100 +
  101 + } else {
  102 + (req.method == 'CONNECT') ? handleSecure(req, res) : handlePlain(req, res);
  103 + }
  104 +}
  105 +
84 106 var serverOptions = {
85 107 key: fs.readFileSync(__dirname + '/keys/mykey.pem'),
86 108 cert: fs.readFileSync(__dirname + '/keys/mycert.pem'),
@@ -89,7 +111,7 @@ var serverOptions = {
89 111
90 112 var server = spdy.createServer(serverOptions);
91 113
92   -server.on("request", handlePlain);
93   -server.on("connect", handleSecure);
  114 +server.on("request", handleRequest);
  115 +server.on("connect", handleRequest);
94 116
95 117 server.listen(44300);

0 comments on commit 4631502

Please sign in to comment.
Something went wrong with that request. Please try again.