-
Notifications
You must be signed in to change notification settings - Fork 0
/
proxy.go
122 lines (103 loc) · 2.73 KB
/
proxy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
package proxy
import (
"bufio"
"io"
"log"
"net"
"net/http"
"net/url"
"github.com/njublockchain/clickhouse-connect-proxy/auth"
)
func copyHeader(dst, src http.Header) {
log.Printf("Copying header: %v", src)
for k, vv := range src {
for _, v := range vv {
dst.Add(k, v)
}
}
}
type ProxyMiddleware struct {
clickhouseURI *url.URL
authPlugin auth.AuthPlugin
}
func NewProxyMiddleware(clickhouseURI string, authPlugin auth.AuthPlugin) *ProxyMiddleware {
u, err := url.Parse(clickhouseURI)
if err != nil {
log.Fatal()
}
log.Printf("Proxying to %s", u.Host)
return &ProxyMiddleware{
clickhouseURI: u,
authPlugin: authPlugin,
}
}
// proxy the http request to the real host
func (pm *ProxyMiddleware) ProxyRequest(w http.ResponseWriter, r *http.Request) {
err := r.ParseForm()
if err != nil {
log.Println(err)
return
}
log.Println(r.Header)
// get the api token from basic auth
user, pass, ok := r.BasicAuth()
var apiToken string
if !ok {
log.Printf("failed to get user & pass")
apiToken = r.Header.Get("X-Clickhouse-User")
} else {
log.Printf("%s: %s", user, pass)
apiToken = user
}
// check auth
if pm.authPlugin != nil {
if !pm.authPlugin.Auth(apiToken) {
log.Printf("Unauthorized apiToken: %s", apiToken)
http.Error(w, "Unauthorized.", http.StatusUnauthorized)
return
}
}
// override the url query
urlQuery := r.URL.Query()
urlQuery.Set("user", pm.clickhouseURI.User.Username())
password, isSet := pm.clickhouseURI.User.Password()
if isSet {
urlQuery.Set("password", password)
}
urlQuery.Set("quota_key", apiToken)
r.URL.RawQuery = urlQuery.Encode()
// clear basic auth
r.Header.Del("Authorization")
r.Header.Del("X-Clickhouse-User")
r.Header.Del("X-Clickhouse-Key")
// connect to the remote server
remote, err := net.Dial("tcp", pm.clickhouseURI.Host)
if err != nil {
log.Printf("Error dialing remote: %v", err)
http.Error(w, "Error connecting to remote server.", http.StatusInternalServerError)
return
}
defer remote.Close()
// set the request host to the real host
r.Host = pm.clickhouseURI.Host
// write the request to the remote
r.Write(remote)
// read the response from the remote
resp, err := http.ReadResponse(bufio.NewReader(remote), r)
if err != nil {
log.Printf("Error reading response: %v", err)
http.Error(w, "Error reading response.", http.StatusInternalServerError)
return
}
defer resp.Body.Close()
// copy the response to the client
copyHeader(w.Header(), resp.Header)
w.WriteHeader(resp.StatusCode)
// copy the response body to the client
_, err = io.Copy(w, resp.Body)
if err != nil {
log.Printf("Error copying response to client: %v", err)
http.Error(w, "Error copying response to client.", http.StatusInternalServerError)
return
}
}