move proxy req sanitizing past auth to give rejector chance for reverse proxying

Snawoot · Snawoot · commit 52849afc2650 · 2025-11-14T18:48:22.000+02:00
diff --git a/handler/handler.go b/handler/handler.go
@@ -11,7 +11,6 @@ import (
 	"net"
 	"net/http"
 	"strconv"
-	"strings"
 	"sync"
 
 	"github.com/SenseUnit/dumbproxy/auth"
@@ -209,13 +208,6 @@ func (s *ProxyHandler) ServeHTTP(wr http.ResponseWriter, req *http.Request) {
 		return
 	}
 
-	method := strings.ToUpper(req.Method)
-	if (req.URL.Host == "" || req.URL.Scheme == "" && method != "CONNECT") && req.ProtoMajor < 2 ||
-		req.Host == "" && req.ProtoMajor == 2 {
-		http.Error(wr, auth.BAD_REQ_MSG, http.StatusBadRequest)
-		return
-	}
-
 	ctx := req.Context()
 	username, ok := s.auth.Validate(ctx, wr, req)
 	localAddr := getLocalAddr(req.Context())
@@ -225,6 +217,12 @@ func (s *ProxyHandler) ServeHTTP(wr http.ResponseWriter, req *http.Request) {
 		return
 	}
 
+	if (req.URL.Host == "" || req.URL.Scheme == "" && req.Method != "CONNECT") && req.ProtoMajor < 2 ||
+		req.Host == "" && req.ProtoMajor == 2 {
+		http.Error(wr, auth.BAD_REQ_MSG, http.StatusBadRequest)
+		return
+	}
+
 	var ipHints *string
 	if s.userIPHints {
 		hintValues := req.Header.Values(HintsHeaderName)
@@ -237,7 +235,7 @@ func (s *ProxyHandler) ServeHTTP(wr http.ResponseWriter, req *http.Request) {
 	ctx = ddto.FilterParamsToContext(ctx, req, username)
 	req = req.WithContext(ctx)
 	delHopHeaders(req.Header)
-	switch method {
+	switch req.Method {
 	case "CONNECT":
 		s.HandleTunnel(wr, req, username)
 	case "GETRANDOM":
