d57c78bc71
This is how I did it: 1. `git clone https://github.com/ooni/probe-engine internal/engine` 2. ``` (cd internal/engine && git describe --tags) v0.23.0 ``` 3. `nvim go.mod` (merging `go.mod` with `internal/engine/go.mod` 4. `rm -rf internal/.git internal/engine/go.{mod,sum}` 5. `git add internal/engine` 6. `find . -type f -name \*.go -exec sed -i 's@/ooni/probe-engine@/ooni/probe-cli/v3/internal/engine@g' {} \;` 7. `go build ./...` (passes) 8. `go test -race ./...` (temporary failure on RiseupVPN) 9. `go mod tidy` 10. this commit message Once this piece of work is done, we can build a new version of `ooniprobe` that is using `internal/engine` directly. We need to do more work to ensure all the other functionality in `probe-engine` (e.g. making mobile packages) are still WAI. Part of https://github.com/ooni/probe/issues/1335
81 lines
2.3 KiB
Go
81 lines
2.3 KiB
Go
// Package httpproxy contains a censoring HTTP proxy. This proxy will
|
|
// vet all the traffic and reply with 451 responses for a configurable
|
|
// set of offending Host headers in incoming requests.
|
|
package httpproxy
|
|
|
|
import (
|
|
"net"
|
|
"net/http"
|
|
"net/http/httputil"
|
|
"net/url"
|
|
"strings"
|
|
|
|
"github.com/ooni/probe-cli/v3/internal/engine/netx"
|
|
)
|
|
|
|
const product = "jafar/0.1.0"
|
|
|
|
// CensoringProxy is a censoring HTTP proxy
|
|
type CensoringProxy struct {
|
|
keywords []string
|
|
transport http.RoundTripper
|
|
}
|
|
|
|
// NewCensoringProxy creates a new CensoringProxy instance using
|
|
// the specified list of keywords to censor. keywords is the list
|
|
// of keywords that trigger censorship if any of them appears in
|
|
// the Host header of a request. dnsNetwork and dnsAddress are
|
|
// settings to configure the upstream, non censored DNS.
|
|
func NewCensoringProxy(
|
|
keywords []string, uncensored netx.HTTPRoundTripper,
|
|
) *CensoringProxy {
|
|
return &CensoringProxy{keywords: keywords, transport: uncensored}
|
|
}
|
|
|
|
var blockpage = []byte(`<html><head>
|
|
<title>451 Unavailable For Legal Reasons</title>
|
|
</head><body>
|
|
<center><h1>451 Unavailable For Legal Reasons</h1></center>
|
|
<p>This content is not available in your jurisdiction.</p>
|
|
</body></html>
|
|
`)
|
|
|
|
// ServeHTTP serves HTTP requests
|
|
func (p *CensoringProxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|
// Implementation note: use Via header to detect in a loose way
|
|
// requests originated by us and directed to us
|
|
if r.Header.Get("Via") != "" || r.Host == "" {
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
return
|
|
}
|
|
for _, pattern := range p.keywords {
|
|
if strings.Contains(r.Host, pattern) {
|
|
w.WriteHeader(http.StatusUnavailableForLegalReasons)
|
|
w.Write(blockpage)
|
|
return
|
|
}
|
|
}
|
|
r.Header.Add("Via", product) // see above
|
|
proxy := httputil.NewSingleHostReverseProxy(&url.URL{
|
|
Host: r.Host,
|
|
Scheme: "http",
|
|
})
|
|
proxy.ModifyResponse = func(resp *http.Response) error {
|
|
resp.Header.Add("Via", product) // see above
|
|
return nil
|
|
}
|
|
proxy.Transport = p.transport
|
|
proxy.ServeHTTP(w, r)
|
|
}
|
|
|
|
// Start starts the censoring proxy.
|
|
func (p *CensoringProxy) Start(address string) (*http.Server, net.Addr, error) {
|
|
server := &http.Server{Handler: p}
|
|
listener, err := net.Listen("tcp", address)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
go server.Serve(listener)
|
|
return server, listener.Addr(), nil
|
|
}
|