Merge pull request #8 from syumai/basic-auth-proxy

add proxy feature to basic-auth-server and rename it to basic-auth-proxy
2025-03-10 17:29:11 +00:00 · 2022-06-09 01:24:52 +09:00 · 2022-06-09 01:24:52 +09:00 · 94513abc19
commit 94513abc19
parent ed0bf4781a c2b6f0cb4e
10 changed files with 369 additions and 35 deletions
--- a/examples/basic-auth-server/.gitignore
+++ b/examples/basic-auth-server/.gitignore
--- a/examples/basic-auth-server/Makefile
+++ b/examples/basic-auth-server/Makefile
--- a/examples/basic-auth-server/README.md
+++ b/examples/basic-auth-server/README.md
@ -1,10 +1,11 @@
-# basic-auth-server
+# basic-auth-proxy

-* This is an example of an HTTP server with Basic-Auth .
+* This is an example of an HTTP proxy server with Basic-Auth .
+* This proxy server adds Basic-Auth to `https://syum.ai` .

 ## Demo

-* https://basic-auth-server.syumai.workers.dev/
+* https://basic-auth-proxy.syumai.workers.dev/
 * Try:
  - userName: `user`
  - password: `password`
--- a/examples/basic-auth-server/go.mod
+++ b/examples/basic-auth-server/go.mod
--- a/examples/basic-auth-server/go.sum
+++ b/examples/basic-auth-server/go.sum
--- a/examples/basic-auth-proxy/main.go
+++ b/examples/basic-auth-proxy/main.go
@ -0,0 +1,53 @@
+package main
+
+import (
+	"io"
+	"log"
+	"net/http"
+
+	"github.com/syumai/workers"
+)
+
+const (
+	userName     = "user"
+	userPassword = "password"
+)
+
+func authenticate(req *http.Request) bool {
+	username, password, ok := req.BasicAuth()
+	return ok && username == userName && password == userPassword
+}
+
+func handleError(w http.ResponseWriter, status int, msg string) {
+	w.WriteHeader(status)
+	w.Write([]byte(msg + "\n"))
+}
+
+func handleRequest(w http.ResponseWriter, req *http.Request) {
+	if !authenticate(req) {
+		w.Header().Add("WWW-Authenticate", `Basic realm="login is required"`)
+		handleError(w, http.StatusUnauthorized, "Unauthorized")
+		return
+	}
+	u := *req.URL
+	u.Scheme = "https"
+	u.Host = "syum.ai"
+	proxyReq, err := http.NewRequest("GET", u.String(), nil)
+	if err != nil {
+		handleError(w, http.StatusInternalServerError, "Internal Error")
+		log.Printf("failed to create proxy request: %v\n", err)
+		return
+	}
+	resp, err := (*Transport).RoundTrip(nil, proxyReq)
+	if err != nil {
+		handleError(w, http.StatusInternalServerError, "Internal Error")
+		log.Printf("failed to execute proxy request: %v\n", err)
+		return
+	}
+	defer resp.Body.Close()
+	io.Copy(w, resp.Body)
+}
+
+func main() {
+	workers.Serve(http.HandlerFunc(handleRequest))
+}
--- a/examples/basic-auth-proxy/roundtrip.go
+++ b/examples/basic-auth-proxy/roundtrip.go
@ -0,0 +1,311 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Copied from: https://github.com/golang/go/blob/go1.18.3/src/net/http/roundtrip_js.go
+
+package main
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"strconv"
+	"syscall/js"
+)
+
+var uint8Array = js.Global().Get("Uint8Array")
+
+// jsFetchMode is a Request.Header map key that, if present,
+// signals that the map entry is actually an option to the Fetch API mode setting.
+// Valid values are: "cors", "no-cors", "same-origin", "navigate"
+// The default is "same-origin".
+//
+// Reference: https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/fetch#Parameters
+const jsFetchMode = "js.fetch:mode"
+
+// jsFetchRedirect is a Request.Header map key that, if present,
+// signals that the map entry is actually an option to the Fetch API redirect setting.
+// Valid values are: "follow", "error", "manual"
+// The default is "follow".
+//
+// Reference: https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/fetch#Parameters
+const jsFetchRedirect = "js.fetch:redirect"
+
+// jsFetchMissing will be true if the Fetch API is not present in
+// the browser globals.
+var jsFetchMissing = js.Global().Get("fetch").IsUndefined()
+
+type Transport struct{}
+
+// RoundTrip implements the RoundTripper interface using the WHATWG Fetch API.
+func (t *Transport) RoundTrip(req *http.Request) (*http.Response, error) {
+	ac := js.Global().Get("AbortController")
+	if !ac.IsUndefined() {
+		// Some browsers that support WASM don't necessarily support
+		// the AbortController. See
+		// https://developer.mozilla.org/en-US/docs/Web/API/AbortController#Browser_compatibility.
+		ac = ac.New()
+	}
+
+	opt := js.Global().Get("Object").New()
+	// See https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/fetch
+	// for options available.
+	opt.Set("method", req.Method)
+	if h := req.Header.Get(jsFetchMode); h != "" {
+		opt.Set("mode", h)
+		req.Header.Del(jsFetchMode)
+	}
+	if h := req.Header.Get(jsFetchRedirect); h != "" {
+		opt.Set("redirect", h)
+		req.Header.Del(jsFetchRedirect)
+	}
+	if !ac.IsUndefined() {
+		opt.Set("signal", ac.Get("signal"))
+	}
+	headers := js.Global().Get("Headers").New()
+	for key, values := range req.Header {
+		for _, value := range values {
+			headers.Call("append", key, value)
+		}
+	}
+	opt.Set("headers", headers)
+
+	if req.Body != nil {
+		// TODO(johanbrandhorst): Stream request body when possible.
+		// See https://bugs.chromium.org/p/chromium/issues/detail?id=688906 for Blink issue.
+		// See https://bugzilla.mozilla.org/show_bug.cgi?id=1387483 for Firefox issue.
+		// See https://github.com/web-platform-tests/wpt/issues/7693 for WHATWG tests issue.
+		// See https://developer.mozilla.org/en-US/docs/Web/API/Streams_API for more details on the Streams API
+		// and browser support.
+		body, err := io.ReadAll(req.Body)
+		if err != nil {
+			req.Body.Close() // RoundTrip must always close the body, including on errors.
+			return nil, err
+		}
+		req.Body.Close()
+		if len(body) != 0 {
+			buf := uint8Array.New(len(body))
+			js.CopyBytesToJS(buf, body)
+			opt.Set("body", buf)
+		}
+	}
+
+	fetchPromise := js.Global().Call("fetch", req.URL.String(), opt)
+	var (
+		respCh           = make(chan *http.Response, 1)
+		errCh            = make(chan error, 1)
+		success, failure js.Func
+	)
+	success = js.FuncOf(func(this js.Value, args []js.Value) any {
+		success.Release()
+		failure.Release()
+
+		result := args[0]
+		header := http.Header{}
+		// https://developer.mozilla.org/en-US/docs/Web/API/Headers/entries
+		headersIt := result.Get("headers").Call("entries")
+		for {
+			n := headersIt.Call("next")
+			if n.Get("done").Bool() {
+				break
+			}
+			pair := n.Get("value")
+			key, value := pair.Index(0).String(), pair.Index(1).String()
+			ck := http.CanonicalHeaderKey(key)
+			header[ck] = append(header[ck], value)
+		}
+
+		contentLength := int64(0)
+		clHeader := header.Get("Content-Length")
+		switch {
+		case clHeader != "":
+			cl, err := strconv.ParseInt(clHeader, 10, 64)
+			if err != nil {
+				errCh <- fmt.Errorf("net/http: ill-formed Content-Length header: %v", err)
+				return nil
+			}
+			if cl < 0 {
+				// Content-Length values less than 0 are invalid.
+				// See: https://datatracker.ietf.org/doc/html/rfc2616/#section-14.13
+				errCh <- fmt.Errorf("net/http: invalid Content-Length header: %q", clHeader)
+				return nil
+			}
+			contentLength = cl
+		default:
+			// If the response length is not declared, set it to -1.
+			contentLength = -1
+		}
+
+		b := result.Get("body")
+		var body io.ReadCloser
+		// The body is undefined when the browser does not support streaming response bodies (Firefox),
+		// and null in certain error cases, i.e. when the request is blocked because of CORS settings.
+		if !b.IsUndefined() && !b.IsNull() {
+			body = &streamReader{stream: b.Call("getReader")}
+		} else {
+			// Fall back to using ArrayBuffer
+			// https://developer.mozilla.org/en-US/docs/Web/API/Body/arrayBuffer
+			body = &arrayReader{arrayPromise: result.Call("arrayBuffer")}
+		}
+
+		code := result.Get("status").Int()
+		respCh <- &http.Response{
+			Status:        fmt.Sprintf("%d %s", code, http.StatusText(code)),
+			StatusCode:    code,
+			Header:        header,
+			ContentLength: contentLength,
+			Body:          body,
+			Request:       req,
+		}
+
+		return nil
+	})
+	failure = js.FuncOf(func(this js.Value, args []js.Value) any {
+		success.Release()
+		failure.Release()
+		errCh <- fmt.Errorf("net/http: fetch() failed: %s", args[0].Get("message").String())
+		return nil
+	})
+
+	fetchPromise.Call("then", success, failure)
+	select {
+	case <-req.Context().Done():
+		if !ac.IsUndefined() {
+			// Abort the Fetch request.
+			ac.Call("abort")
+		}
+		return nil, req.Context().Err()
+	case resp := <-respCh:
+		return resp, nil
+	case err := <-errCh:
+		return nil, err
+	}
+}
+
+var errClosed = errors.New("net/http: reader is closed")
+
+// streamReader implements an io.ReadCloser wrapper for ReadableStream.
+// See https://fetch.spec.whatwg.org/#readablestream for more information.
+type streamReader struct {
+	pending []byte
+	stream  js.Value
+	err     error // sticky read error
+}
+
+func (r *streamReader) Read(p []byte) (n int, err error) {
+	if r.err != nil {
+		return 0, r.err
+	}
+	if len(r.pending) == 0 {
+		var (
+			bCh   = make(chan []byte, 1)
+			errCh = make(chan error, 1)
+		)
+		success := js.FuncOf(func(this js.Value, args []js.Value) any {
+			result := args[0]
+			if result.Get("done").Bool() {
+				errCh <- io.EOF
+				return nil
+			}
+			value := make([]byte, result.Get("value").Get("byteLength").Int())
+			js.CopyBytesToGo(value, result.Get("value"))
+			bCh <- value
+			return nil
+		})
+		defer success.Release()
+		failure := js.FuncOf(func(this js.Value, args []js.Value) any {
+			// Assumes it's a TypeError. See
+			// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypeError
+			// for more information on this type. See
+			// https://streams.spec.whatwg.org/#byob-reader-read for the spec on
+			// the read method.
+			errCh <- errors.New(args[0].Get("message").String())
+			return nil
+		})
+		defer failure.Release()
+		r.stream.Call("read").Call("then", success, failure)
+		select {
+		case b := <-bCh:
+			r.pending = b
+		case err := <-errCh:
+			r.err = err
+			return 0, err
+		}
+	}
+	n = copy(p, r.pending)
+	r.pending = r.pending[n:]
+	return n, nil
+}
+
+func (r *streamReader) Close() error {
+	// This ignores any error returned from cancel method. So far, I did not encounter any concrete
+	// situation where reporting the error is meaningful. Most users ignore error from resp.Body.Close().
+	// If there's a need to report error here, it can be implemented and tested when that need comes up.
+	r.stream.Call("cancel")
+	if r.err == nil {
+		r.err = errClosed
+	}
+	return nil
+}
+
+// arrayReader implements an io.ReadCloser wrapper for ArrayBuffer.
+// https://developer.mozilla.org/en-US/docs/Web/API/Body/arrayBuffer.
+type arrayReader struct {
+	arrayPromise js.Value
+	pending      []byte
+	read         bool
+	err          error // sticky read error
+}
+
+func (r *arrayReader) Read(p []byte) (n int, err error) {
+	if r.err != nil {
+		return 0, r.err
+	}
+	if !r.read {
+		r.read = true
+		var (
+			bCh   = make(chan []byte, 1)
+			errCh = make(chan error, 1)
+		)
+		success := js.FuncOf(func(this js.Value, args []js.Value) any {
+			// Wrap the input ArrayBuffer with a Uint8Array
+			uint8arrayWrapper := uint8Array.New(args[0])
+			value := make([]byte, uint8arrayWrapper.Get("byteLength").Int())
+			js.CopyBytesToGo(value, uint8arrayWrapper)
+			bCh <- value
+			return nil
+		})
+		defer success.Release()
+		failure := js.FuncOf(func(this js.Value, args []js.Value) any {
+			// Assumes it's a TypeError. See
+			// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypeError
+			// for more information on this type.
+			// See https://fetch.spec.whatwg.org/#concept-body-consume-body for reasons this might error.
+			errCh <- errors.New(args[0].Get("message").String())
+			return nil
+		})
+		defer failure.Release()
+		r.arrayPromise.Call("then", success, failure)
+		select {
+		case b := <-bCh:
+			r.pending = b
+		case err := <-errCh:
+			return 0, err
+		}
+	}
+	if len(r.pending) == 0 {
+		return 0, io.EOF
+	}
+	n = copy(p, r.pending)
+	r.pending = r.pending[n:]
+	return n, nil
+}
+
+func (r *arrayReader) Close() error {
+	if r.err == nil {
+		r.err = errClosed
+	}
+	return nil
+}
--- a/examples/basic-auth-server/worker.mjs
+++ b/examples/basic-auth-server/worker.mjs
--- a/examples/basic-auth-server/wrangler.toml
+++ b/examples/basic-auth-server/wrangler.toml
@ -1,4 +1,4 @@
-name = "basic-auth-server"
+name = "basic-auth-proxy"
 main = "./worker.mjs"
 compatibility_date = "2022-05-13"
 compatibility_flags = [
--- a/examples/basic-auth-server/main.go
+++ b/examples/basic-auth-server/main.go
@ -1,31 +0,0 @@
-package main
-
-import (
-	"net/http"
-
-	"github.com/syumai/workers"
-)
-
-const (
-	userName     = "user"
-	userPassword = "password"
-)
-
-func authenticate(req *http.Request) bool {
-	username, password, ok := req.BasicAuth()
-	return ok && username == userName && password == userPassword
-}
-
-func handleRequest(w http.ResponseWriter, req *http.Request) {
-	if !authenticate(req) {
-		w.Header().Add("WWW-Authenticate", `Basic realm="login is required"`)
-		w.WriteHeader(http.StatusUnauthorized)
-		w.Write([]byte("Unauthorized\n"))
-		return
-	}
-	w.Write([]byte("Authorized!\n"))
-}
-
-func main() {
-	workers.Serve(http.HandlerFunc(handleRequest))
-}