ooni-probe-cli/internal/cmd/jafar/httpproxy/httpproxy.go

// Package httpproxy contains a censoring HTTP proxy. This proxy will
// vet all the traffic and reply with 451 responses for a configurable
// set of offending Host headers in incoming requests.
package httpproxy

import (
	"net"
	"net/http"
	"net/http/httputil"
	"net/url"
	"strings"
)

const product = "jafar/0.1.0"

// CensoringProxy is a censoring HTTP proxy
type CensoringProxy struct {
	keywords  []string
	transport http.RoundTripper
}

// NewCensoringProxy creates a new CensoringProxy instance using
// the specified list of keywords to censor. keywords is the list
// of keywords that trigger censorship if any of them appears in
// the Host header of a request. dnsNetwork and dnsAddress are
// settings to configure the upstream, non censored DNS.
func NewCensoringProxy(
	keywords []string, uncensored http.RoundTripper,
) *CensoringProxy {
	return &CensoringProxy{keywords: keywords, transport: uncensored}
}

var blockpage = []byte(`<html><head>
  <title>451 Unavailable For Legal Reasons</title>
</head><body>
  <center><h1>451 Unavailable For Legal Reasons</h1></center>
  <p>This content is not available in your jurisdiction.</p>
</body></html>
`)

// ServeHTTP serves HTTP requests
func (p *CensoringProxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	// Implementation note: use Via header to detect in a loose way
	// requests originated by us and directed to us
	if r.Header.Get("Via") != "" || r.Host == "" {
		w.WriteHeader(http.StatusBadRequest)
		return
	}
	for _, pattern := range p.keywords {
		if strings.Contains(r.Host, pattern) {
			w.WriteHeader(http.StatusUnavailableForLegalReasons)
			w.Write(blockpage)
			return
		}
	}
	r.Header.Add("Via", product) // see above
	proxy := httputil.NewSingleHostReverseProxy(&url.URL{
		Host:   r.Host,
		Scheme: "http",
	})
	proxy.ModifyResponse = func(resp *http.Response) error {
		resp.Header.Add("Via", product) // see above
		return nil
	}
	proxy.Transport = p.transport
	proxy.ServeHTTP(w, r)
}

// Start starts the censoring proxy.
func (p *CensoringProxy) Start(address string) (*http.Server, net.Addr, error) {
	server := &http.Server{Handler: p}
	listener, err := net.Listen("tcp", address)
	if err != nil {
		return nil, nil, err
	}
	go server.Serve(listener)
	return server, listener.Addr(), nil
}
chore: merge probe-engine into probe-cli (#201) This is how I did it: 1. `git clone https://github.com/ooni/probe-engine internal/engine` 2. ``` (cd internal/engine && git describe --tags) v0.23.0 ``` 3. `nvim go.mod` (merging `go.mod` with `internal/engine/go.mod` 4. `rm -rf internal/.git internal/engine/go.{mod,sum}` 5. `git add internal/engine` 6. `find . -type f -name \*.go -exec sed -i 's@/ooni/probe-engine@/ooni/probe-cli/v3/internal/engine@g' {} \;` 7. `go build ./...` (passes) 8. `go test -race ./...` (temporary failure on RiseupVPN) 9. `go mod tidy` 10. this commit message Once this piece of work is done, we can build a new version of `ooniprobe` that is using `internal/engine` directly. We need to do more work to ensure all the other functionality in `probe-engine` (e.g. making mobile packages) are still WAI. Part of https://github.com/ooni/probe/issues/1335 2021-02-02 12:05:47 +01:00			`// Package httpproxy contains a censoring HTTP proxy. This proxy will`
			`// vet all the traffic and reply with 451 responses for a configurable`
			`// set of offending Host headers in incoming requests.`
			`package httpproxy`

			`import (`
			`"net"`
			`"net/http"`
			`"net/http/httputil"`
			`"net/url"`
			`"strings"`
			`)`

			`const product = "jafar/0.1.0"`

			`// CensoringProxy is a censoring HTTP proxy`
			`type CensoringProxy struct {`
			`keywords []string`
			`transport http.RoundTripper`
			`}`

			`// NewCensoringProxy creates a new CensoringProxy instance using`
			`// the specified list of keywords to censor. keywords is the list`
			`// of keywords that trigger censorship if any of them appears in`
			`// the Host header of a request. dnsNetwork and dnsAddress are`
			`// settings to configure the upstream, non censored DNS.`
			`func NewCensoringProxy(`
refactor(jafar): remove unnecessary dep on netx (#497) 2021-09-09 18:01:20 +02:00			`keywords []string, uncensored http.RoundTripper,`
chore: merge probe-engine into probe-cli (#201) This is how I did it: 1. `git clone https://github.com/ooni/probe-engine internal/engine` 2. ``` (cd internal/engine && git describe --tags) v0.23.0 ``` 3. `nvim go.mod` (merging `go.mod` with `internal/engine/go.mod` 4. `rm -rf internal/.git internal/engine/go.{mod,sum}` 5. `git add internal/engine` 6. `find . -type f -name \*.go -exec sed -i 's@/ooni/probe-engine@/ooni/probe-cli/v3/internal/engine@g' {} \;` 7. `go build ./...` (passes) 8. `go test -race ./...` (temporary failure on RiseupVPN) 9. `go mod tidy` 10. this commit message Once this piece of work is done, we can build a new version of `ooniprobe` that is using `internal/engine` directly. We need to do more work to ensure all the other functionality in `probe-engine` (e.g. making mobile packages) are still WAI. Part of https://github.com/ooni/probe/issues/1335 2021-02-02 12:05:47 +01:00			`) *CensoringProxy {`
			`return &CensoringProxy{keywords: keywords, transport: uncensored}`
			`}`

			var blockpage = []byte(`<html><head>
			`<title>451 Unavailable For Legal Reasons</title>`
			`</head><body>`
			`<center><h1>451 Unavailable For Legal Reasons</h1></center>`
			`<p>This content is not available in your jurisdiction.</p>`
			`</body></html>`
			`)

			`// ServeHTTP serves HTTP requests`
			`func (p CensoringProxy) ServeHTTP(w http.ResponseWriter, r http.Request) {`
			`// Implementation note: use Via header to detect in a loose way`
			`// requests originated by us and directed to us`
			`if r.Header.Get("Via") != "" \|\| r.Host == "" {`
			`w.WriteHeader(http.StatusBadRequest)`
			`return`
			`}`
			`for _, pattern := range p.keywords {`
			`if strings.Contains(r.Host, pattern) {`
			`w.WriteHeader(http.StatusUnavailableForLegalReasons)`
			`w.Write(blockpage)`
			`return`
			`}`
			`}`
			`r.Header.Add("Via", product) // see above`
			`proxy := httputil.NewSingleHostReverseProxy(&url.URL{`
			`Host: r.Host,`
			`Scheme: "http",`
			`})`
			`proxy.ModifyResponse = func(resp *http.Response) error {`
			`resp.Header.Add("Via", product) // see above`
			`return nil`
			`}`
			`proxy.Transport = p.transport`
			`proxy.ServeHTTP(w, r)`
			`}`

			`// Start starts the censoring proxy.`
			`func (p CensoringProxy) Start(address string) (http.Server, net.Addr, error) {`
			`server := &http.Server{Handler: p}`
			`listener, err := net.Listen("tcp", address)`
			`if err != nil {`
			`return nil, nil, err`
			`}`
			`go server.Serve(listener)`
			`return server, listener.Addr(), nil`
			`}`