fix

Author: f0ssel

proxy/proxy.go

@@ -77,7 +77,7 @@ func (p *Server) Start(ctx context.Context) error {
 			p.logger.Error("Failed to create HTTP listener", "error", err)
 			return
 		}
-		
+
 		for {
 			conn, err := listener.Accept()
 			if err != nil {
@@ -90,7 +90,7 @@ func (p *Server) Start(ctx context.Context) error {
 					continue
 				}
 			}
-			
+
 			// Handle connection with TLS detection
 			go p.handleConnectionWithTLSDetection(conn)
 		}
@@ -132,7 +132,7 @@ func (p *Server) Stop() error {
 // handleHTTP handles regular HTTP requests and CONNECT tunneling
 func (p *Server) handleHTTP(w http.ResponseWriter, r *http.Request) {
 	p.logger.Debug("handleHTTP called", "method", r.Method, "url", r.URL.String(), "host", r.Host)
-	
+
 	// Handle CONNECT method for HTTPS tunneling
 	if r.Method == "CONNECT" {
 		p.handleConnect(w, r)
@@ -184,20 +184,19 @@ func (p *Server) handleHTTPS(w http.ResponseWriter, r *http.Request) {
 // forwardHTTPRequest forwards a regular HTTP request
 func (p *Server) forwardHTTPRequest(w http.ResponseWriter, r *http.Request) {
 	p.logger.Debug("forwardHTTPRequest called", "method", r.Method, "url", r.URL.String(), "host", r.Host)
-	
+
 	// Create a new request to the target server
 	targetURL := &url.URL{
-		Scheme: "http",
-		Host:   r.Host,
-		Path:   r.URL.Path,
+		Scheme:   "http",
+		Host:     r.Host,
+		Path:     r.URL.Path,
 		RawQuery: r.URL.RawQuery,
 	}
 
 	p.logger.Debug("Target URL constructed", "target", targetURL.String())
 
 	// Create HTTP client with very short timeout for debugging
 	client := &http.Client{
-		Timeout: 2 * time.Second,
 		CheckRedirect: func(req *http.Request, via []*http.Request) error {
 			return http.ErrUseLastResponse // Don't follow redirects
 		},
@@ -223,14 +222,7 @@ func (p *Server) forwardHTTPRequest(w http.ResponseWriter, r *http.Request) {
 	}
 
 	p.logger.Debug("About to make HTTP request", "target", targetURL.String())
-
-	// Make the request synchronously - this is the key fix
-	p.logger.Debug("Calling client.Do() now...")
-	start := time.Now()
 	resp, err := client.Do(req)
-	duration := time.Since(start)
-	p.logger.Debug("client.Do() completed", "duration", duration, "error", err)
-	
 	if err != nil {
 		p.logger.Error("Failed to make forward request", "error", err, "target", targetURL.String(), "error_type", fmt.Sprintf("%T", err))
 		http.Error(w, fmt.Sprintf("Failed to make request: %v", err), http.StatusBadGateway)
@@ -281,7 +273,6 @@ func (p *Server) forwardHTTPSRequest(w http.ResponseWriter, r *http.Request) {
 
 	// Create HTTPS client
 	client := &http.Client{
-		Timeout: 30 * time.Second,
 		Transport: &http.Transport{
 			TLSClientConfig: &tls.Config{
 				InsecureSkipVerify: false,
@@ -339,24 +330,7 @@ func (p *Server) writeBlockedResponse(w http.ResponseWriter, r *http.Request) {
 		host = r.Host
 	}
 
-	// Handle CONNECT requests differently (HTTPS tunneling)
-	if r.Method == "CONNECT" {
-		fmt.Fprintf(w, `🚫 HTTPS Request Blocked by Coder Jail
-
-Connection: %s (HTTPS)
-Host: %s
-
-This HTTPS request was blocked by jail's security policy.
-
-To allow this request, restart jail with:
-  --allow "%s"                    # Allow all methods to this host
-  --allow "CONNECT %s"       # Allow only HTTPS connections to this host
-
-For more help: https://github.com/coder/jail
-`,
-			r.URL.Host, host, host, host)
-	} else {
-		fmt.Fprintf(w, `🚫 Request Blocked by Coder Jail
+	fmt.Fprintf(w, `🚫 Request Blocked by Coder Jail
 
 Request: %s %s
 Host: %s
@@ -367,8 +341,7 @@ To allow this request, restart jail with:
 
 For more help: https://github.com/coder/jail
 `,
-			r.Method, r.URL.Path, host, host, r.Method, host, r.Method)
-	}
+		r.Method, r.URL.Path, host, host, r.Method, host, r.Method)
 }
 
 // handleConnect handles CONNECT requests for HTTPS tunneling with TLS termination
@@ -420,11 +393,11 @@ func (p *Server) handleConnect(w http.ResponseWriter, r *http.Request) {
 
 	// Perform TLS handshake with the client using our certificates
 	p.logger.Debug("Starting TLS handshake", "hostname", hostname)
-	
+
 	// Create TLS config that forces HTTP/1.1 (disable HTTP/2 ALPN)
 	tlsConfig := p.tlsConfig.Clone()
 	tlsConfig.NextProtos = []string{"http/1.1"}
-	
+
 	tlsConn := tls.Server(conn, tlsConfig)
 	err = tlsConn.Handshake()
 	if err != nil {
@@ -442,7 +415,7 @@ func (p *Server) handleConnect(w http.ResponseWriter, r *http.Request) {
 // handleTLSConnection processes decrypted HTTPS requests over the TLS connection
 func (p *Server) handleTLSConnection(tlsConn *tls.Conn, hostname string) {
 	p.logger.Debug("Creating HTTP server for TLS connection", "hostname", hostname)
-	
+
 	// Use ReadRequest to manually read HTTP requests from the TLS connection
 	bufReader := bufio.NewReader(tlsConn)
 	for {
@@ -456,9 +429,9 @@ func (p *Server) handleTLSConnection(tlsConn *tls.Conn, hostname string) {
 			}
 			break
 		}
-		
+
 		p.logger.Debug("Processing decrypted HTTPS request", "hostname", hostname, "method", req.Method, "path", req.URL.Path)
-		
+
 		// Set the hostname and scheme if not already set
 		if req.URL.Host == "" {
 			req.URL.Host = hostname
@@ -469,22 +442,22 @@ func (p *Server) handleTLSConnection(tlsConn *tls.Conn, hostname string) {
 
 		// Create a response recorder to capture the response
 		recorder := httptest.NewRecorder()
-		
+
 		// Process the HTTPS request
 		p.handleDecryptedHTTPS(recorder, req)
-		
+
 		// Write the response back to the TLS connection
 		resp := recorder.Result()
 		err = resp.Write(tlsConn)
 		if err != nil {
 			p.logger.Debug("Failed to write response", "hostname", hostname, "error", err)
 			break
 		}
-		
+
 		// Close connection after single request (HTTP/1.0 style)
 		break
 	}
-	
+
 	p.logger.Debug("TLS connection handling completed", "hostname", hostname)
 }
 
@@ -556,50 +529,50 @@ func (p *Server) handleConnectionWithTLSDetection(conn net.Conn) {
 func (p *Server) handleTLSTermination(conn net.Conn, firstByte []byte) {
 	// Create a connection that prepends the first byte we already read
 	connWithFirstByte := &connectionWithPrefix{
-		Conn: conn,
+		Conn:   conn,
 		prefix: firstByte,
 	}
 
 	// We need to extract the SNI (Server Name Indication) from the TLS handshake
 	// to generate the appropriate certificate. For now, use a default hostname.
 	hostname := "unknown-host"
-	
+
 	// TODO: Extract hostname from TLS ClientHello SNI extension
 	// For now, we'll perform TLS termination with a generic certificate
-	
+
 	// Perform TLS handshake with our certificate
 	tlsConn := tls.Server(connWithFirstByte, p.tlsConfig)
 	err := tlsConn.Handshake()
 	if err != nil {
 		p.logger.Debug("TLS handshake failed", "error", err)
 		return
 	}
-	
+
 	p.logger.Debug("TLS handshake successful, processing decrypted HTTPS traffic")
-	
+
 	// Now handle the decrypted HTTPS requests using our existing logic
 	p.handleTLSConnection(tlsConn, hostname)
 }
 
 // handleHTTPConnection handles regular HTTP connections
 func (p *Server) handleHTTPConnection(conn net.Conn, firstByte []byte) {
 	p.logger.Debug("Starting HTTP connection handling")
-	
+
 	// Create a connection that prepends the first byte we already read
 	connWithFirstByte := &connectionWithPrefix{
-		Conn: conn,
+		Conn:   conn,
 		prefix: firstByte,
 	}
 
 	p.logger.Debug("Created connection wrapper, starting HTTP server")
-	
+
 	// Create HTTP server to handle this connection
 	server := &http.Server{
 		Handler: http.HandlerFunc(p.handleHTTP),
 	}
 
 	p.logger.Debug("About to serve HTTP connection")
-	
+
 	// Serve the HTTP request
 	err := server.Serve(&singleConnListener{conn: connWithFirstByte})
 	if err != nil && err != io.EOF && !isConnectionClosed(err) {
@@ -619,15 +592,15 @@ func (p *Server) handleHTTPWithTLSTermination(w http.ResponseWriter, r *http.Req
 // connectionWithPrefix wraps a connection and prepends some data
 type connectionWithPrefix struct {
 	net.Conn
-	prefix []byte
+	prefix     []byte
 	prefixRead bool
-	mu sync.Mutex
+	mu         sync.Mutex
 }
 
 func (c *connectionWithPrefix) Read(b []byte) (n int, err error) {
 	c.mu.Lock()
 	defer c.mu.Unlock()
-	
+
 	if !c.prefixRead && len(c.prefix) > 0 {
 		// Return the prefix data first
 		n = copy(b, c.prefix)
@@ -659,7 +632,7 @@ type singleConnListener struct {
 func (l *singleConnListener) Accept() (net.Conn, error) {
 	l.mu.Lock()
 	defer l.mu.Unlock()
-	
+
 	if l.used {
 		return nil, io.EOF
 	}
@@ -678,7 +651,7 @@ func (l *singleConnListener) Addr() net.Addr {
 // handleHTTPConnectionDirect handles HTTP connections directly without HTTP server framework
 func (p *Server) handleHTTPConnectionDirect(bufReader *bufio.Reader, conn net.Conn) {
 	p.logger.Debug("Starting direct HTTP connection handling")
-	
+
 	// Parse the HTTP request manually
 	req, err := http.ReadRequest(bufReader)
 	if err != nil {
@@ -717,12 +690,12 @@ func (p *Server) handleHTTPConnectionDirect(bufReader *bufio.Reader, conn net.Co
 // forwardHTTPRequestDirect forwards HTTP request and writes response directly to connection
 func (p *Server) forwardHTTPRequestDirect(req *http.Request, conn net.Conn) {
 	p.logger.Debug("forwardHTTPRequestDirect called", "method", req.Method, "url", req.URL.String(), "host", req.Host)
-	
+
 	// Create target URL
 	targetURL := &url.URL{
-		Scheme: "http",
-		Host:   req.Host,
-		Path:   req.URL.Path,
+		Scheme:   "http",
+		Host:     req.Host,
+		Path:     req.URL.Path,
 		RawQuery: req.URL.RawQuery,
 	}
 
@@ -786,7 +759,7 @@ func (p *Server) forwardHTTPRequestDirect(req *http.Request, conn net.Conn) {
 			conn.Write([]byte(headerLine))
 		}
 	}
-	
+
 	// End headers
 	conn.Write([]byte("\r\n"))
 
@@ -805,31 +778,31 @@ func (p *Server) forwardHTTPRequestDirect(req *http.Request, conn net.Conn) {
 func (p *Server) handleTLSTerminationDirect(bufReader *bufio.Reader, conn net.Conn) {
 	// Create a connection that uses the buffered reader
 	bufferedConn := &bufferedConnection{
-		Conn: conn,
+		Conn:   conn,
 		reader: bufReader,
 	}
 
 	// Extract hostname from TLS SNI (TODO: implement SNI parsing)
 	hostname := "unknown-host"
-	
+
 	// Perform TLS handshake with our certificate
 	tlsConn := tls.Server(bufferedConn, p.tlsConfig)
 	err := tlsConn.Handshake()
 	if err != nil {
 		p.logger.Debug("TLS handshake failed", "error", err)
 		return
 	}
-	
+
 	p.logger.Debug("TLS handshake successful, processing decrypted HTTPS traffic")
-	
+
 	// Handle the decrypted HTTPS requests
 	p.handleTLSConnection(tlsConn, hostname)
 }
 
 // connectionWrapper lets us "unread" the peeked byte
 type connectionWrapper struct {
 	net.Conn
-	buf []byte
+	buf     []byte
 	bufUsed bool
 }
 
@@ -862,7 +835,7 @@ func newSingleConnectionListener(conn net.Conn) *singleConnectionListener {
 func (sl *singleConnectionListener) Accept() (net.Conn, error) {
 	sl.mu.Lock()
 	defer sl.mu.Unlock()
-	
+
 	if sl.used || sl.conn == nil {
 		// Wait for close signal
 		<-sl.closed
@@ -875,14 +848,14 @@ func (sl *singleConnectionListener) Accept() (net.Conn, error) {
 func (sl *singleConnectionListener) Close() error {
 	sl.mu.Lock()
 	defer sl.mu.Unlock()
-	
+
 	select {
 	case <-sl.closed:
 		// Already closed
 	default:
 		close(sl.closed)
 	}
-	
+
 	if sl.conn != nil {
 		sl.conn.Close()
 		sl.conn = nil
@@ -905,4 +878,4 @@ type bufferedConnection struct {
 
 func (bc *bufferedConnection) Read(b []byte) (n int, err error) {
 	return bc.reader.Read(b)
-}
+}