v3.0.5 init commit

+ Added external domain name detection for PR #168 + Updated uptime error message in 5xx range + Modernized reverse proxy error page template + Added wip permission policy module
2025-08-12 08:05:19 +02:00 · 2024-05-24 22:24:14 +08:00
parent 6feb2d105d
commit d596d6b843
8 changed files with 350 additions and 33 deletions
--- a/src/mod/dynamicproxy/dpcore/dpcore.go
+++ b/src/mod/dynamicproxy/dpcore/dpcore.go
@@ -10,6 +10,8 @@ import (
 	"net/url"
 	"strings"
 	"time"
+
+	"imuslab.com/zoraxy/mod/dynamicproxy/permissionpolicy"
 )

 // ReverseProxy is an HTTP Handler that takes an incoming request and
@@ -346,8 +348,11 @@ func (p *ReverseProxy) ProxyHTTP(rw http.ResponseWriter, req *http.Request, rrr
 	p.Director(outreq)
 	outreq.Close = false

-	// Always use the original host, see issue #164
-	outreq.Host = rrr.OriginalHost
+	//Only skip origin rewrite iff proxy target require TLS and it is external domain name like github.com
+	if !(rrr.UseTLS && isExternalDomainName(rrr.ProxyDomain)) {
+		// Always use the original host, see issue #164
+		outreq.Host = rrr.OriginalHost
+	}

 	// We may modify the header (shallow copied above), so we only copy it.
 	outreq.Header = make(http.Header)
@@ -424,6 +429,10 @@ func (p *ReverseProxy) ProxyHTTP(rw http.ResponseWriter, req *http.Request, rrr
 	// Copy header from response to client.
 	copyHeader(rw.Header(), res.Header)

+	// inject permission policy headers
+	//TODO: Load permission policy from rrr
+	permissionpolicy.InjectPermissionPolicyHeader(rw, nil)
+
 	// The "Trailer" header isn't included in the Transport's response, Build it up from Trailer.
 	if len(res.Trailer) > 0 {
 		trailerKeys := make([]string, 0, len(res.Trailer))
--- a/src/mod/dynamicproxy/dpcore/utils.go
+++ b/src/mod/dynamicproxy/dpcore/utils.go
@@ -1,6 +1,7 @@
 package dpcore

 import (
+	"net"
 	"net/url"
 	"strings"
 )
@@ -60,3 +61,34 @@ func replaceLocationHost(urlString string, rrr *ResponseRewriteRuleSet, useTLS b
 func ReplaceLocationHost(urlString string, rrr *ResponseRewriteRuleSet, useTLS bool) (string, error) {
 	return replaceLocationHost(urlString, rrr, useTLS)
 }
+
+// isExternalDomainName check and return if the hostname is external domain name (e.g. github.com)
+// instead of internal (like 192.168.1.202:8443 (ip address) or domains end with .local or .internal)
+func isExternalDomainName(hostname string) bool {
+	host, _, err := net.SplitHostPort(hostname)
+	if err != nil {
+		//hostname doesnt contain port
+		ip := net.ParseIP(hostname)
+		if ip != nil {
+			//IP address, not a domain name
+			return false
+		}
+	} else {
+		//Hostname contain port, use hostname without port to check if it is ip
+		ip := net.ParseIP(host)
+		if ip != nil {
+			//IP address, not a domain name
+			return false
+		}
+	}
+
+	//Check if it is internal DNS assigned domains
+	internalDNSTLD := []string{".local", ".internal", ".localhost", ".home.arpa"}
+	for _, tld := range internalDNSTLD {
+		if strings.HasSuffix(strings.ToLower(hostname), tld) {
+			return false
+		}
+	}
+
+	return true
+}