Permalink
Browse files

add basic proxy-auth

  • Loading branch information...
1 parent 67fbcb6 commit 46315029512513e97b1bb6d91df3f7fbfe7a4b18 @igrigorik committed Jun 21, 2012
Showing with 50 additions and 28 deletions.
  1. +50 −28 server.js
View
78 server.js
@@ -14,9 +14,22 @@ function logRequest(req) {
console.log(' * ' + i + ': ' + req.headers[i]);
}
-function handlePlain(req, res) {
- logRequest(req);
+function synReply(socket, code, reason, headers, cb) {
+ socket.lock(function() {
+ var socket = this;
+
+ this.framer.replyFrame(
+ this.id, code, reason, headers,
+ function (err, frame) {
+ socket.connection.write(frame);
+ socket.unlock();
+ cb.call();
+ }
+ );
+ });
+}
+function handlePlain(req, res) {
var requestOptions = {
host: req.headers.host,
port: req.headers.host.split(':')[1] || 80,
@@ -44,43 +57,52 @@ function handlePlain(req, res) {
}
function handleSecure(req, socket) {
- logRequest(req);
-
var dest = req.headers.host.split(':');
var tunnel = net.createConnection(dest[1] || 443, dest[0], function() {
- socket.lock(function() {
- var socket = this;
-
- this.framer.replyFrame(
- this.id, 200, "Connection established", {"Connection": "keep-alive"},
- function (err, frame) {
- socket.connection.write(frame);
- socket.unlock();
-
- tunnel.pipe(socket);
- socket.pipe(tunnel);
- }
- );
+ synReply(socket, 200, 'Connection established', {'Connection': 'keep-alive'}, function() {
+ tunnel.pipe(socket);
+ socket.pipe(tunnel);
});
});
tunnel.setNoDelay(true);
tunnel.on('error', function(e) {
console.log("Tunnel error: " + e);
- socket.lock(function() {
- this.framer.replyFrame(
- this.id, 502, "Tunnel Error", {},
- function (err, frame) {
- socket.connection.write(frame);
- socket.unlock();
- socket.end();
- }
- );
+ synReply(socket, 502, "Tunnel Error", {}, function() {
+ socket.end();
});
});
}
+function handleRequest(req, res) {
+ logRequest(req);
+
+ // perform basic proxy auth (over SSL tunnel)
+ // - http://www.chromium.org/spdy/spdy-authentication
+ var header = req.headers['proxy-authorization'] || '',
+ token = header.split(/\s+/).pop() || '',
+ auth = new Buffer(token, 'base64').toString(),
+ parts = auth.split(/:/),
+ username = parts[0],
+ password = parts[1];
+
+ // don't pass proxy-auth headers upstream
+ delete req.headers['proxy-authorization'];
+
+ // TODO add config
+ if(username != 'test') {
+ var socket = (req.method == 'CONNECT') ? res : res.socket;
+ synReply(socket, 407, 'Proxy Authentication Required',
+ {'Proxy-Authenticate': 'Basic realm="SPDY Proxy"'},
+ function() { socket.end(); }
+ );
+
+ } else {
+ (req.method == 'CONNECT') ? handleSecure(req, res) : handlePlain(req, res);
+ }
+}
+
var serverOptions = {
key: fs.readFileSync(__dirname + '/keys/mykey.pem'),
cert: fs.readFileSync(__dirname + '/keys/mycert.pem'),
@@ -89,7 +111,7 @@ var serverOptions = {
var server = spdy.createServer(serverOptions);
-server.on("request", handlePlain);
-server.on("connect", handleSecure);
+server.on("request", handleRequest);
+server.on("connect", handleRequest);
server.listen(44300);

0 comments on commit 4631502

Please sign in to comment.