aboutsummaryrefslogtreecommitdiff
path: root/route.go
blob: a69535542f02f5daa0c2fedbd9589383a099c2a2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
package main

import (
	"crypto/tls"
	"errors"
	"net/http"
	"net/http/httputil"
	"net/url"
	"strings"
)

// Route defines a set of routes including correspondent TLS certificates
type Route map[string]Entry

// Entry holds routing settings
type Entry struct {
	ServerName string
	Upstream   string
	Cert       []byte
	Key        []byte
	cert       *tls.Certificate
}

// GetCertificate returns certificate for SNI negotiation
func (r Route) GetCertificate(h *tls.ClientHelloInfo) (*tls.Certificate, error) {
	if e, ok := r[h.ServerName]; ok && e.cert != nil {
		return e.cert, nil
	}
	return nil, errors.New("no cert for " + h.ServerName)
}

func NewReverseProxy(target *url.URL) *httputil.ReverseProxy {
	director := func(req *http.Request) {
		//log.Println("director", req)
		req.URL.Scheme = target.Scheme
		req.URL.Host = target.Host
	}
	return &httputil.ReverseProxy{Director: director}
}

// Restore and update routes from in-memory state
func (r Route) Restore() error {
	mux := http.NewServeMux()
	for k, v := range route {
		if v.Cert != nil && v.Key != nil {
			cert, err := tls.X509KeyPair(v.Cert, v.Key)
			if err != nil {
				return err
			}
			v.cert = &cert
			r[k] = v
		}
		up, err := url.Parse(v.Upstream)
		if err != nil {
			return err
		}
		if !strings.Contains(v.ServerName, "/") {
			v.ServerName += "/"
		}
		//mux.Handle(v.ServerName, httputil.NewSingleHostReverseProxy(up))
		switch up.Scheme {
		case "ws":
			mux.Handle(v.ServerName, NewWebSocketProxy(up))
		default:
			mux.Handle(v.ServerName, NewReverseProxy(up))
		}
	}
	server.Handler = mux
	return nil
}

func (e Entry) String() string {
	ret := e.ServerName + " → " + e.Upstream
	if e.cert != nil {
		ret += " with TLS"
	}
	return ret
}