Expose URL-equivalent hostnames from passthrough-request-head events

pimterry · pimterry · commit f3a63f6b9017 · 2025-05-07T18:18:25.000+02:00
With the new destination logic, we now have multiple ways to think about
hostnames. This bring this event data in line with normal 'request'
event URL hostnames, for easy comparison and a generally nicer
experience.
diff --git a/src/rules/passthrough-handling.ts b/src/rules/passthrough-handling.ts
@@ -9,7 +9,7 @@ import * as semver from 'semver';
 import { CompletedBody, Headers, RawHeaders } from '../types';
 import { byteLength } from '../util/util';
 import { asBuffer } from '../util/buffer-utils';
-import { isLocalhostAddress, normalizeIP } from '../util/socket-util';
+import { isIP, isLocalhostAddress, normalizeIP } from '../util/ip-utils';
 import { CachedDns, dnsLookup, DnsLookupFunction } from '../util/dns';
 import { isMockttpBody, encodeBodyBuffer } from '../util/request-utils';
 import { areFFDHECurvesSupported } from '../util/openssl-compat';
@@ -177,6 +177,26 @@ export async function buildOverriddenBody(
     return await encodeBodyBuffer(rawBuffer, headers);
 }
 
+/**
+ * Effectively match the slightly-different-context logic in MockttpServer for showing a
+ * request's destination within the URL. We prioritise domain names over IPs, and
+ * derive the most appropriate name available. In this case, we drop the port, since that's
+ * always specified elsewhere.
+ */
+export function getUrlHostname(
+    destinationHostname: string | null,
+    rawHeaders: RawHeaders
+) {
+    return destinationHostname && !isIP(destinationHostname)
+        ? destinationHostname
+        : ( // Use header info rather than raw IPs, if we can:
+            getHeaderValue(rawHeaders, ':authority') ??
+            getHeaderValue(rawHeaders, 'host') ??
+            destinationHostname ?? // Use destination if it's a bare IP, if we have nothing else
+            'localhost'
+        ).replace(/:\d+$/, '');
+}
+
 /**
  * If you override some headers, they have implications for the effective URL we send the
  * request to. If you override that and the URL at the same time, it gets complicated.
diff --git a/src/rules/requests/request-handlers.ts b/src/rules/requests/request-handlers.ts
@@ -21,7 +21,8 @@ import {
 } from "../../types";
 
 import { MaybePromise, ErrorLike, isErrorLike } from '@httptoolkit/util';
-import { isAbsoluteUrl, getEffectivePort, getDestination } from '../../util/url';
+import { isAbsoluteUrl, getEffectivePort } from '../../util/url';
+import { isIP } from '../../util/ip-utils';
 import {
     waitForCompletedRequest,
     buildBodyReader,
@@ -81,7 +82,8 @@ import {
     getClientRelativeHostname,
     getDnsLookupFunction,
     getTrustedCAs,
-    buildUpstreamErrorTags
+    buildUpstreamErrorTags,
+    getUrlHostname
 } from '../passthrough-handling';
 
 import {
@@ -1157,10 +1159,12 @@ export class PassThroughHandler extends PassThroughHandlerDefinition {
             // Fire rule events, to allow in-depth debugging of upstream traffic & modifications,
             // so anybody interested can see _exactly_ what we're sending upstream here:
             if (options.emitEventCallback) {
+                const urlHost = getUrlHostname(hostname, rawHeaders);
+
                 options.emitEventCallback('passthrough-request-head', {
                     method,
                     protocol: protocol!.replace(/:$/, ''),
-                    hostname,
+                    hostname: urlHost,
                     port,
                     path,
                     rawHeaders
diff --git a/src/server/mockttp-server.ts b/src/server/mockttp-server.ts
@@ -54,8 +54,8 @@ import {
     getHostFromAbsoluteUrl,
     getDestination,
     normalizeHost,
-    getDefaultPort
 } from "../util/url";
+import { isIP } from "../util/ip-utils";
 import {
     buildRawSocketEventData,
     buildTlsSocketEventData,
@@ -614,35 +614,38 @@ export class MockttpServer extends AbstractMockttp implements Mockttp {
                 (req.socket[LastHopEncrypted] ? 'https' : 'http');
             req.path = req.url;
 
-            const tunnelUrlHost = (
-                req.socket[LastTunnelAddress] &&
-                !net.isIP(getDestination(req.protocol, req.socket[LastTunnelAddress]).hostname)
-            )
-                ? normalizeHost(req.protocol, req.socket[LastTunnelAddress])
+            const tunnelDestination = req.socket[LastTunnelAddress]
+                ? getDestination(req.protocol, req.socket[LastTunnelAddress])
                 : undefined;
 
-            // If you explicitly tunnel to a hostname, that's the URL's hostname:
-            const hostname = tunnelUrlHost
-                // Otherwise, we infer based on headers: HTTP/2 or HTTP/1
-                ?? getHeaderValue(rawHeaders, ':authority')
-                ?? getHeaderValue(rawHeaders, 'host')
-                ?? req.socket[LastTunnelAddress] // Iff we have no hostname available at all
-                ?? `localhost:${this.port}`; // If you specify literally nothing, it's a direct request
+            const isTunnelToIp = tunnelDestination && isIP(tunnelDestination.hostname);
 
-            // Destination may be either a hostname or an IP (unlike tunnel host)
-            req.destination = getDestination(
-                req.protocol,
-                req.socket[LastTunnelAddress] ?? hostname
+            const urlDestination = getDestination(req.protocol,
+                (!isTunnelToIp
+                ? (
+                    req.socket[LastTunnelAddress] ?? // Tunnel domain name is preferred if available
+                    getHeaderValue(rawHeaders, ':authority') ??
+                    getHeaderValue(rawHeaders, 'host')
+                )
+                : (
+                    getHeaderValue(rawHeaders, ':authority') ??
+                    getHeaderValue(rawHeaders, 'host') ??
+                    req.socket[LastTunnelAddress] // We use the IP iff we have no hostname available at all
+                ))
+                ?? `localhost:${this.port}` // If you specify literally nothing, it's a direct request
             );
 
-            // If we don't have a port in the hostname, but we know the final destination port needs
-            // specifying, then we do include it in the URL. Happens if you have an IP tunnel address
-            // with a port, and then a port-less 'Host' header - not common.
-            const host = !hostname.includes(':') && req.destination.port !== getDefaultPort(req.protocol)
-                ? `${hostname}:${req.destination.port}`
-                : hostname;
 
-            const absoluteUrl = `${req.protocol}://${host}${req.path}`;
+            // Actual destination always follows the tunnel - even if it's an IP
+            req.destination = tunnelDestination
+                ?? urlDestination;
+
+            // URL port should always match the real port - even if (e.g) the Host header is lying.
+            urlDestination.port = req.destination.port;
+
+            const absoluteUrl = `${req.protocol}://${
+                normalizeHost(req.protocol, `${urlDestination.hostname}:${urlDestination.port}`)
+            }${req.path}`;
 
             if (!getHeaderValue(rawHeaders, ':path')) {
                 (req as Mutable<ExtendedRawRequest>).url = new url.URL(absoluteUrl).toString();
diff --git a/src/util/ip-utils.ts b/src/util/ip-utils.ts
@@ -0,0 +1,29 @@
+// These are rough tests for IPs: they exclude valid domain names,
+// but they don't strictly check IP formatting (that's fine - invalid
+// IPs will fail elsewhere - this is for intended-format checks).
+const IPv4_REGEX = /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/;
+const IPv6_REGEX = /^(?=.*[0-9a-fA-F])(?=.*:)[0-9a-fA-F:]{2,39}$/;
+
+export const isIPv4Address = (ip: string) =>
+    IPv4_REGEX.test(ip);
+
+export const isIPv6Address = (ip: string) =>
+    IPv6_REGEX.test(ip);
+
+export const isIP = (ip: string) =>
+    isIPv4Address(ip) || isIPv6Address(ip);
+
+// We need to normalize ips some cases (especially comparisons), because the same ip may be reported
+// as ::ffff:127.0.0.1 and 127.0.0.1 on the two sides of the connection, for the same ip.
+export const normalizeIP = (ip: string | null | undefined) =>
+    (ip && ip.startsWith('::ffff:'))
+        ? ip.slice('::ffff:'.length)
+        : ip;
+
+export const isLocalhostAddress = (host: string | null | undefined) =>
+    !!host && ( // Null/undef are something else weird, but not localhost
+        host === 'localhost' || // Most common
+        host.endsWith('.localhost') ||
+        host === '::1' || // IPv6
+        normalizeIP(host)!.match(/^127\.\d{1,3}\.\d{1,3}\.\d{1,3}$/) // 127.0.0.0/8 range
+    );
diff --git a/src/util/socket-util.ts b/src/util/socket-util.ts
@@ -19,6 +19,7 @@ import {
     SocketMetadata
 } from './socket-extensions';
 import { getSocketMetadataTags } from './socket-metadata';
+import { normalizeIP } from './ip-utils';
 
 // Test if a local port for a given interface (IPv4/6) is currently in use
 export async function isLocalPortActive(interfaceIp: '::1' | '127.0.0.1', port: number) {
@@ -49,20 +50,7 @@ export const isLocalIPv6Available = isNode
     )
     : true;
 
-// We need to normalize ips some cases (especially comparisons), because the same ip may be reported
-// as ::ffff:127.0.0.1 and 127.0.0.1 on the two sides of the connection, for the same ip.
-export const normalizeIP = (ip: string | null | undefined) =>
-    (ip && ip.startsWith('::ffff:'))
-        ? ip.slice('::ffff:'.length)
-        : ip;
-
-export const isLocalhostAddress = (host: string | null | undefined) =>
-    !!host && ( // Null/undef are something else weird, but not localhost
-        host === 'localhost' || // Most common
-        host.endsWith('.localhost') ||
-        host === '::1' || // IPv6
-        normalizeIP(host)!.match(/^127\.\d{1,3}\.\d{1,3}\.\d{1,3}$/) // 127.0.0.0/8 range
-    );
+
 
 // Check whether an incoming socket is the other end of one of our outgoing sockets:
 export const isSocketLoop = (outgoingSockets: net.Socket[] | Set<net.Socket>, incomingSocket: net.Socket) =>
diff --git a/test/integration/proxying/socks-proxying.spec.ts b/test/integration/proxying/socks-proxying.spec.ts
@@ -110,14 +110,19 @@ nodeOnly(() => {
                 });
             });
 
-            it("should use the SOCKS destination IP over the Host header, but not in the URL", async () => {
+            it("should use the SOCKS destination IP over the Host header, but not in the URL or passthrough events", async () => {
                 const seenRequest = getDeferred<Request>();
                 await server.on('request', (req) => seenRequest.resolve(req));
 
+                const passthroughEvent = getDeferred<any>();
+                await server.on('rule-event', (event) => {
+                    if (event.eventType === 'passthrough-request-head') passthroughEvent.resolve(event.eventData);
+                });
+
                 const socksSocket = await openSocksSocket(server, '127.0.0.1', remoteServer.port, { type: 5 });
                 const response = await h1RequestOverSocket(socksSocket, remoteServer.url, {
                     headers: {
-                        Host: "invalid.example" // This should be ignored - tunnel sets destination
+                        Host: "invalid.example:1234" // This should be ignored - tunnel sets destination
                     }
                 });
                 expect(response.statusCode).to.equal(200);
@@ -131,6 +136,8 @@ nodeOnly(() => {
                     hostname: '127.0.0.1',
                     port: remoteServer.port
                 });
+                expect((await passthroughEvent).hostname).to.equal('invalid.example');
+                expect((await passthroughEvent).port).to.equal(remoteServer.port.toString());
             });
 
         });
