diff options
| author | Christine Dodrill <xe@tailscale.com> | 2021-02-17 13:21:43 -0500 |
|---|---|---|
| committer | Christine Dodrill <xe@tailscale.com> | 2021-02-17 14:23:15 -0500 |
| commit | f08d616c3e3d3957375f083abacd73a86e4dcf87 (patch) | |
| tree | 8f26f435fd54e960e633a5dd48d6c961e9418806 | |
| parent | 7038c09bc91c7f65ff33afb777187ef9acca214c (diff) | |
| download | tailscale-Xe/derphttp-panic-fix.tar.xz tailscale-Xe/derphttp-panic-fix.zip | |
net/tshttpproxy: support basic auth when availableXe/derphttp-panic-fix
This allows proxy URLs such as:
http://azurediamond:hunter2@192.168.122.154:38274
to be used in order to dial out to control, logs or derp servers.
Signed-off-by: Christine Dodrill <xe@tailscale.com>
| -rw-r--r-- | net/tshttpproxy/tshttpproxy.go | 12 | ||||
| -rw-r--r-- | net/tshttpproxy/tshttpproxy_test.go | 49 |
2 files changed, 61 insertions, 0 deletions
diff --git a/net/tshttpproxy/tshttpproxy.go b/net/tshttpproxy/tshttpproxy.go index 56d4d57de..98f67a31a 100644 --- a/net/tshttpproxy/tshttpproxy.go +++ b/net/tshttpproxy/tshttpproxy.go @@ -74,6 +74,18 @@ func GetAuthHeader(u *url.URL) (string, error) { if sysAuthHeader != nil { return sysAuthHeader(u) } + + if user := u.User.Username(); user != "" { + pass, ok := u.User.Password() + if !ok { + return "", nil + } + + req := &http.Request{Header: make(http.Header)} + req.SetBasicAuth(user, pass) + return req.Header.Get("Authorization"), nil + } + return "", nil } diff --git a/net/tshttpproxy/tshttpproxy_test.go b/net/tshttpproxy/tshttpproxy_test.go new file mode 100644 index 000000000..2b3d40beb --- /dev/null +++ b/net/tshttpproxy/tshttpproxy_test.go @@ -0,0 +1,49 @@ +// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build !windows + +package tshttpproxy + +import ( + "net/url" + "testing" +) + +func TestGetAuthHeaderNoResult(t *testing.T) { + const proxyURL = `http://127.0.0.1:38274` + + u, err := url.Parse(proxyURL) + if err != nil { + t.Fatalf("can't parse %q: %v", proxyURL, err) + } + + ahval, err := GetAuthHeader(u) + if err != nil { + t.Fatalf("can't get auth header value: %v", err) + } + + if ahval != "" { + t.Fatalf("wanted auth header value to be empty, got: %q", ahval) + } +} + +func TestGetAuthHeaderBasicAuth(t *testing.T) { + const proxyURL = `http://user:password@127.0.0.1:38274` + const expect = `Basic dXNlcjpwYXNzd29yZA==` + + u, err := url.Parse(proxyURL) + if err != nil { + t.Fatalf("can't parse %q: %v", proxyURL, err) + } + + ahval, err := GetAuthHeader(u) + if err != nil { + t.Fatalf("can't get auth header value: %v", err) + } + + if ahval != expect { + t.Fatalf("wrong auth header value: want: %q, got: %q", expect, ahval) + } +} |