1 | use std::fmt; |
2 | #[cfg (feature = "socks" )] |
3 | use std::net::SocketAddr; |
4 | use std::sync::Arc; |
5 | |
6 | use crate::into_url::{IntoUrl, IntoUrlSealed}; |
7 | use crate::Url; |
8 | use http::{header::HeaderValue, Uri}; |
9 | use ipnet::IpNet; |
10 | use percent_encoding::percent_decode; |
11 | use std::collections::HashMap; |
12 | use std::env; |
13 | use std::error::Error; |
14 | use std::net::IpAddr; |
15 | #[cfg (all(target_os = "macos" , feature = "macos-system-configuration" ))] |
16 | use system_configuration::{ |
17 | core_foundation::{ |
18 | base::CFType, |
19 | dictionary::CFDictionary, |
20 | number::CFNumber, |
21 | string::{CFString, CFStringRef}, |
22 | }, |
23 | dynamic_store::SCDynamicStoreBuilder, |
24 | sys::schema_definitions::kSCPropNetProxiesHTTPEnable, |
25 | sys::schema_definitions::kSCPropNetProxiesHTTPPort, |
26 | sys::schema_definitions::kSCPropNetProxiesHTTPProxy, |
27 | sys::schema_definitions::kSCPropNetProxiesHTTPSEnable, |
28 | sys::schema_definitions::kSCPropNetProxiesHTTPSPort, |
29 | sys::schema_definitions::kSCPropNetProxiesHTTPSProxy, |
30 | }; |
31 | |
32 | #[cfg (target_os = "windows" )] |
33 | use windows_registry::CURRENT_USER; |
34 | |
35 | /// Configuration of a proxy that a `Client` should pass requests to. |
36 | /// |
37 | /// A `Proxy` has a couple pieces to it: |
38 | /// |
39 | /// - a URL of how to talk to the proxy |
40 | /// - rules on what `Client` requests should be directed to the proxy |
41 | /// |
42 | /// For instance, let's look at `Proxy::http`: |
43 | /// |
44 | /// ```rust |
45 | /// # fn run() -> Result<(), Box<dyn std::error::Error>> { |
46 | /// let proxy = reqwest::Proxy::http("https://secure.example" )?; |
47 | /// # Ok(()) |
48 | /// # } |
49 | /// ``` |
50 | /// |
51 | /// This proxy will intercept all HTTP requests, and make use of the proxy |
52 | /// at `https://secure.example`. A request to `http://hyper.rs` will talk |
53 | /// to your proxy. A request to `https://hyper.rs` will not. |
54 | /// |
55 | /// Multiple `Proxy` rules can be configured for a `Client`. The `Client` will |
56 | /// check each `Proxy` in the order it was added. This could mean that a |
57 | /// `Proxy` added first with eager intercept rules, such as `Proxy::all`, |
58 | /// would prevent a `Proxy` later in the list from ever working, so take care. |
59 | /// |
60 | /// By enabling the `"socks"` feature it is possible to use a socks proxy: |
61 | /// ```rust |
62 | /// # fn run() -> Result<(), Box<dyn std::error::Error>> { |
63 | /// let proxy = reqwest::Proxy::http("socks5://192.168.1.1:9000" )?; |
64 | /// # Ok(()) |
65 | /// # } |
66 | /// ``` |
67 | #[derive (Clone)] |
68 | pub struct Proxy { |
69 | intercept: Intercept, |
70 | no_proxy: Option<NoProxy>, |
71 | } |
72 | |
73 | /// Represents a possible matching entry for an IP address |
74 | #[derive (Clone, Debug)] |
75 | enum Ip { |
76 | Address(IpAddr), |
77 | Network(IpNet), |
78 | } |
79 | |
80 | /// A wrapper around a list of IP cidr blocks or addresses with a [IpMatcher::contains] method for |
81 | /// checking if an IP address is contained within the matcher |
82 | #[derive (Clone, Debug, Default)] |
83 | struct IpMatcher(Vec<Ip>); |
84 | |
85 | /// A wrapper around a list of domains with a [DomainMatcher::contains] method for checking if a |
86 | /// domain is contained within the matcher |
87 | #[derive (Clone, Debug, Default)] |
88 | struct DomainMatcher(Vec<String>); |
89 | |
90 | /// A configuration for filtering out requests that shouldn't be proxied |
91 | #[derive (Clone, Debug, Default)] |
92 | pub struct NoProxy { |
93 | ips: IpMatcher, |
94 | domains: DomainMatcher, |
95 | } |
96 | |
97 | /// A particular scheme used for proxying requests. |
98 | /// |
99 | /// For example, HTTP vs SOCKS5 |
100 | #[derive (Clone)] |
101 | pub enum ProxyScheme { |
102 | Http { |
103 | auth: Option<HeaderValue>, |
104 | host: http::uri::Authority, |
105 | }, |
106 | Https { |
107 | auth: Option<HeaderValue>, |
108 | host: http::uri::Authority, |
109 | }, |
110 | #[cfg (feature = "socks" )] |
111 | Socks4 { addr: SocketAddr, remote_dns: bool }, |
112 | #[cfg (feature = "socks" )] |
113 | Socks5 { |
114 | addr: SocketAddr, |
115 | auth: Option<(String, String)>, |
116 | remote_dns: bool, |
117 | }, |
118 | } |
119 | |
120 | impl ProxyScheme { |
121 | fn maybe_http_auth(&self) -> Option<&HeaderValue> { |
122 | match self { |
123 | ProxyScheme::Http { auth: &Option, .. } | ProxyScheme::Https { auth: &Option, .. } => auth.as_ref(), |
124 | #[cfg (feature = "socks" )] |
125 | _ => None, |
126 | } |
127 | } |
128 | } |
129 | |
130 | /// Trait used for converting into a proxy scheme. This trait supports |
131 | /// parsing from a URL-like type, whilst also supporting proxy schemes |
132 | /// built directly using the factory methods. |
133 | pub trait IntoProxyScheme { |
134 | fn into_proxy_scheme(self) -> crate::Result<ProxyScheme>; |
135 | } |
136 | |
137 | impl<S: IntoUrl> IntoProxyScheme for S { |
138 | fn into_proxy_scheme(self) -> crate::Result<ProxyScheme> { |
139 | // validate the URL |
140 | let url = match self.as_str().into_url() { |
141 | Ok(ok) => ok, |
142 | Err(e) => { |
143 | let mut presumed_to_have_scheme = true; |
144 | let mut source = e.source(); |
145 | while let Some(err) = source { |
146 | if let Some(parse_error) = err.downcast_ref::<url::ParseError>() { |
147 | if *parse_error == url::ParseError::RelativeUrlWithoutBase { |
148 | presumed_to_have_scheme = false; |
149 | break; |
150 | } |
151 | } else if err.downcast_ref::<crate::error::BadScheme>().is_some() { |
152 | presumed_to_have_scheme = false; |
153 | break; |
154 | } |
155 | source = err.source(); |
156 | } |
157 | if presumed_to_have_scheme { |
158 | return Err(crate::error::builder(e)); |
159 | } |
160 | // the issue could have been caused by a missing scheme, so we try adding http:// |
161 | let try_this = format!("http:// {}" , self.as_str()); |
162 | try_this.into_url().map_err(|_| { |
163 | // return the original error |
164 | crate::error::builder(e) |
165 | })? |
166 | } |
167 | }; |
168 | ProxyScheme::parse(url) |
169 | } |
170 | } |
171 | |
172 | // These bounds are accidentally leaked by the blanket impl of IntoProxyScheme |
173 | // for all types that implement IntoUrl. So, this function exists to detect |
174 | // if we were to break those bounds for a user. |
175 | fn _implied_bounds() { |
176 | fn prox<T: IntoProxyScheme>(_t: T) {} |
177 | |
178 | fn url<T: IntoUrl>(t: T) { |
179 | prox(t); |
180 | } |
181 | } |
182 | |
183 | impl IntoProxyScheme for ProxyScheme { |
184 | fn into_proxy_scheme(self) -> crate::Result<ProxyScheme> { |
185 | Ok(self) |
186 | } |
187 | } |
188 | |
189 | impl Proxy { |
190 | /// Proxy all HTTP traffic to the passed URL. |
191 | /// |
192 | /// # Example |
193 | /// |
194 | /// ``` |
195 | /// # extern crate reqwest; |
196 | /// # fn run() -> Result<(), Box<dyn std::error::Error>> { |
197 | /// let client = reqwest::Client::builder() |
198 | /// .proxy(reqwest::Proxy::http("https://my.prox" )?) |
199 | /// .build()?; |
200 | /// # Ok(()) |
201 | /// # } |
202 | /// # fn main() {} |
203 | /// ``` |
204 | pub fn http<U: IntoProxyScheme>(proxy_scheme: U) -> crate::Result<Proxy> { |
205 | Ok(Proxy::new(Intercept::Http( |
206 | proxy_scheme.into_proxy_scheme()?, |
207 | ))) |
208 | } |
209 | |
210 | /// Proxy all HTTPS traffic to the passed URL. |
211 | /// |
212 | /// # Example |
213 | /// |
214 | /// ``` |
215 | /// # extern crate reqwest; |
216 | /// # fn run() -> Result<(), Box<dyn std::error::Error>> { |
217 | /// let client = reqwest::Client::builder() |
218 | /// .proxy(reqwest::Proxy::https("https://example.prox:4545" )?) |
219 | /// .build()?; |
220 | /// # Ok(()) |
221 | /// # } |
222 | /// # fn main() {} |
223 | /// ``` |
224 | pub fn https<U: IntoProxyScheme>(proxy_scheme: U) -> crate::Result<Proxy> { |
225 | Ok(Proxy::new(Intercept::Https( |
226 | proxy_scheme.into_proxy_scheme()?, |
227 | ))) |
228 | } |
229 | |
230 | /// Proxy **all** traffic to the passed URL. |
231 | /// |
232 | /// # Example |
233 | /// |
234 | /// ``` |
235 | /// # extern crate reqwest; |
236 | /// # fn run() -> Result<(), Box<dyn std::error::Error>> { |
237 | /// let client = reqwest::Client::builder() |
238 | /// .proxy(reqwest::Proxy::all("http://pro.xy" )?) |
239 | /// .build()?; |
240 | /// # Ok(()) |
241 | /// # } |
242 | /// # fn main() {} |
243 | /// ``` |
244 | pub fn all<U: IntoProxyScheme>(proxy_scheme: U) -> crate::Result<Proxy> { |
245 | Ok(Proxy::new(Intercept::All( |
246 | proxy_scheme.into_proxy_scheme()?, |
247 | ))) |
248 | } |
249 | |
250 | /// Provide a custom function to determine what traffic to proxy to where. |
251 | /// |
252 | /// # Example |
253 | /// |
254 | /// ``` |
255 | /// # extern crate reqwest; |
256 | /// # fn run() -> Result<(), Box<dyn std::error::Error>> { |
257 | /// let target = reqwest::Url::parse("https://my.prox" )?; |
258 | /// let client = reqwest::Client::builder() |
259 | /// .proxy(reqwest::Proxy::custom(move |url| { |
260 | /// if url.host_str() == Some("hyper.rs" ) { |
261 | /// Some(target.clone()) |
262 | /// } else { |
263 | /// None |
264 | /// } |
265 | /// })) |
266 | /// .build()?; |
267 | /// # Ok(()) |
268 | /// # } |
269 | /// # fn main() {} |
270 | /// ``` |
271 | pub fn custom<F, U: IntoProxyScheme>(fun: F) -> Proxy |
272 | where |
273 | F: Fn(&Url) -> Option<U> + Send + Sync + 'static, |
274 | { |
275 | Proxy::new(Intercept::Custom(Custom { |
276 | auth: None, |
277 | func: Arc::new(move |url| fun(url).map(IntoProxyScheme::into_proxy_scheme)), |
278 | })) |
279 | } |
280 | |
281 | pub(crate) fn system() -> Proxy { |
282 | let mut proxy = Proxy::new(Intercept::System(Arc::new(get_sys_proxies( |
283 | get_from_platform(), |
284 | )))); |
285 | proxy.no_proxy = NoProxy::from_env(); |
286 | |
287 | #[cfg (target_os = "windows" )] |
288 | { |
289 | // Only read from windows registry proxy settings if not available from an enviroment |
290 | // variable. This is in line with the stated behavior of both dotnot and nuget on |
291 | // windows. <https://github.com/seanmonstar/reqwest/issues/2599> |
292 | if proxy.no_proxy.is_none() { |
293 | let win_exceptions: String = get_windows_proxy_exceptions(); |
294 | proxy.no_proxy = NoProxy::from_string(&win_exceptions); |
295 | } |
296 | } |
297 | |
298 | proxy |
299 | } |
300 | |
301 | fn new(intercept: Intercept) -> Proxy { |
302 | Proxy { |
303 | intercept, |
304 | no_proxy: None, |
305 | } |
306 | } |
307 | |
308 | /// Set the `Proxy-Authorization` header using Basic auth. |
309 | /// |
310 | /// # Example |
311 | /// |
312 | /// ``` |
313 | /// # extern crate reqwest; |
314 | /// # fn run() -> Result<(), Box<dyn std::error::Error>> { |
315 | /// let proxy = reqwest::Proxy::https("http://localhost:1234" )? |
316 | /// .basic_auth("Aladdin" , "open sesame" ); |
317 | /// # Ok(()) |
318 | /// # } |
319 | /// # fn main() {} |
320 | /// ``` |
321 | pub fn basic_auth(mut self, username: &str, password: &str) -> Proxy { |
322 | self.intercept.set_basic_auth(username, password); |
323 | self |
324 | } |
325 | |
326 | /// Set the `Proxy-Authorization` header to a specified value. |
327 | /// |
328 | /// # Example |
329 | /// |
330 | /// ``` |
331 | /// # extern crate reqwest; |
332 | /// # use reqwest::header::*; |
333 | /// # fn run() -> Result<(), Box<dyn std::error::Error>> { |
334 | /// let proxy = reqwest::Proxy::https("http://localhost:1234" )? |
335 | /// .custom_http_auth(HeaderValue::from_static("justletmeinalreadyplease" )); |
336 | /// # Ok(()) |
337 | /// # } |
338 | /// # fn main() {} |
339 | /// ``` |
340 | pub fn custom_http_auth(mut self, header_value: HeaderValue) -> Proxy { |
341 | self.intercept.set_custom_http_auth(header_value); |
342 | self |
343 | } |
344 | |
345 | /// Adds a `No Proxy` exclusion list to this Proxy |
346 | /// |
347 | /// # Example |
348 | /// |
349 | /// ``` |
350 | /// # extern crate reqwest; |
351 | /// # fn run() -> Result<(), Box<dyn std::error::Error>> { |
352 | /// let proxy = reqwest::Proxy::https("http://localhost:1234" )? |
353 | /// .no_proxy(reqwest::NoProxy::from_string("direct.tld, sub.direct2.tld" )); |
354 | /// # Ok(()) |
355 | /// # } |
356 | /// # fn main() {} |
357 | /// ``` |
358 | pub fn no_proxy(mut self, no_proxy: Option<NoProxy>) -> Proxy { |
359 | self.no_proxy = no_proxy; |
360 | self |
361 | } |
362 | |
363 | pub(crate) fn maybe_has_http_auth(&self) -> bool { |
364 | match &self.intercept { |
365 | Intercept::All(p) | Intercept::Http(p) => p.maybe_http_auth().is_some(), |
366 | // Custom *may* match 'http', so assume so. |
367 | Intercept::Custom(_) => true, |
368 | Intercept::System(system) => system |
369 | .get("http" ) |
370 | .and_then(|s| s.maybe_http_auth()) |
371 | .is_some(), |
372 | Intercept::Https(_) => false, |
373 | } |
374 | } |
375 | |
376 | pub(crate) fn http_basic_auth<D: Dst>(&self, uri: &D) -> Option<HeaderValue> { |
377 | match &self.intercept { |
378 | Intercept::All(p) | Intercept::Http(p) => p.maybe_http_auth().cloned(), |
379 | Intercept::System(system) => system |
380 | .get("http" ) |
381 | .and_then(|s| s.maybe_http_auth().cloned()), |
382 | Intercept::Custom(custom) => { |
383 | custom.call(uri).and_then(|s| s.maybe_http_auth().cloned()) |
384 | } |
385 | Intercept::Https(_) => None, |
386 | } |
387 | } |
388 | |
389 | pub(crate) fn intercept<D: Dst>(&self, uri: &D) -> Option<ProxyScheme> { |
390 | let in_no_proxy = self |
391 | .no_proxy |
392 | .as_ref() |
393 | .map_or(false, |np| np.contains(uri.host())); |
394 | match self.intercept { |
395 | Intercept::All(ref u) => { |
396 | if !in_no_proxy { |
397 | Some(u.clone()) |
398 | } else { |
399 | None |
400 | } |
401 | } |
402 | Intercept::Http(ref u) => { |
403 | if !in_no_proxy && uri.scheme() == "http" { |
404 | Some(u.clone()) |
405 | } else { |
406 | None |
407 | } |
408 | } |
409 | Intercept::Https(ref u) => { |
410 | if !in_no_proxy && uri.scheme() == "https" { |
411 | Some(u.clone()) |
412 | } else { |
413 | None |
414 | } |
415 | } |
416 | Intercept::System(ref map) => { |
417 | if in_no_proxy { |
418 | None |
419 | } else { |
420 | map.get(uri.scheme()).cloned() |
421 | } |
422 | } |
423 | Intercept::Custom(ref custom) => { |
424 | if !in_no_proxy { |
425 | custom.call(uri) |
426 | } else { |
427 | None |
428 | } |
429 | } |
430 | } |
431 | } |
432 | |
433 | pub(crate) fn is_match<D: Dst>(&self, uri: &D) -> bool { |
434 | match self.intercept { |
435 | Intercept::All(_) => true, |
436 | Intercept::Http(_) => uri.scheme() == "http" , |
437 | Intercept::Https(_) => uri.scheme() == "https" , |
438 | Intercept::System(ref map) => map.contains_key(uri.scheme()), |
439 | Intercept::Custom(ref custom) => custom.call(uri).is_some(), |
440 | } |
441 | } |
442 | } |
443 | |
444 | impl fmt::Debug for Proxy { |
445 | fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { |
446 | f&mut DebugTuple<'_, '_>.debug_tuple(name:"Proxy" ) |
447 | .field(&self.intercept) |
448 | .field(&self.no_proxy) |
449 | .finish() |
450 | } |
451 | } |
452 | |
453 | impl NoProxy { |
454 | /// Returns a new no-proxy configuration based on environment variables (or `None` if no variables are set) |
455 | /// see [self::NoProxy::from_string()] for the string format |
456 | pub fn from_env() -> Option<NoProxy> { |
457 | let raw = env::var("NO_PROXY" ) |
458 | .or_else(|_| env::var("no_proxy" )) |
459 | .ok()?; |
460 | |
461 | // Per the docs, this returns `None` if no environment variable is set. We can only reach |
462 | // here if an env var is set, so we return `Some(NoProxy::default)` if `from_string` |
463 | // returns None, which occurs with an empty string. |
464 | Some(Self::from_string(&raw).unwrap_or_default()) |
465 | } |
466 | |
467 | /// Returns a new no-proxy configuration based on a `no_proxy` string (or `None` if no variables |
468 | /// are set) |
469 | /// The rules are as follows: |
470 | /// * The environment variable `NO_PROXY` is checked, if it is not set, `no_proxy` is checked |
471 | /// * If neither environment variable is set, `None` is returned |
472 | /// * Entries are expected to be comma-separated (whitespace between entries is ignored) |
473 | /// * IP addresses (both IPv4 and IPv6) are allowed, as are optional subnet masks (by adding /size, |
474 | /// for example "`192.168.1.0/24`"). |
475 | /// * An entry "`*`" matches all hostnames (this is the only wildcard allowed) |
476 | /// * Any other entry is considered a domain name (and may contain a leading dot, for example `google.com` |
477 | /// and `.google.com` are equivalent) and would match both that domain AND all subdomains. |
478 | /// |
479 | /// For example, if `"NO_PROXY=google.com, 192.168.1.0/24"` was set, all the following would match |
480 | /// (and therefore would bypass the proxy): |
481 | /// * `http://google.com/` |
482 | /// * `http://www.google.com/` |
483 | /// * `http://192.168.1.42/` |
484 | /// |
485 | /// The URL `http://notgoogle.com/` would not match. |
486 | pub fn from_string(no_proxy_list: &str) -> Option<Self> { |
487 | if no_proxy_list.is_empty() { |
488 | return None; |
489 | } |
490 | let mut ips = Vec::new(); |
491 | let mut domains = Vec::new(); |
492 | let parts = no_proxy_list.split(',' ).map(str::trim); |
493 | for part in parts { |
494 | match part.parse::<IpNet>() { |
495 | // If we can parse an IP net or address, then use it, otherwise, assume it is a domain |
496 | Ok(ip) => ips.push(Ip::Network(ip)), |
497 | Err(_) => match part.parse::<IpAddr>() { |
498 | Ok(addr) => ips.push(Ip::Address(addr)), |
499 | Err(_) => domains.push(part.to_owned()), |
500 | }, |
501 | } |
502 | } |
503 | Some(NoProxy { |
504 | ips: IpMatcher(ips), |
505 | domains: DomainMatcher(domains), |
506 | }) |
507 | } |
508 | |
509 | fn contains(&self, host: &str) -> bool { |
510 | // According to RFC3986, raw IPv6 hosts will be wrapped in []. So we need to strip those off |
511 | // the end in order to parse correctly |
512 | let host = if host.starts_with('[' ) { |
513 | let x: &[_] = &['[' , ']' ]; |
514 | host.trim_matches(x) |
515 | } else { |
516 | host |
517 | }; |
518 | match host.parse::<IpAddr>() { |
519 | // If we can parse an IP addr, then use it, otherwise, assume it is a domain |
520 | Ok(ip) => self.ips.contains(ip), |
521 | Err(_) => self.domains.contains(host), |
522 | } |
523 | } |
524 | } |
525 | |
526 | impl IpMatcher { |
527 | fn contains(&self, addr: IpAddr) -> bool { |
528 | for ip: &Ip in &self.0 { |
529 | match ip { |
530 | Ip::Address(address: &IpAddr) => { |
531 | if &addr == address { |
532 | return true; |
533 | } |
534 | } |
535 | Ip::Network(net: &IpNet) => { |
536 | if net.contains(&addr) { |
537 | return true; |
538 | } |
539 | } |
540 | } |
541 | } |
542 | false |
543 | } |
544 | } |
545 | |
546 | impl DomainMatcher { |
547 | // The following links may be useful to understand the origin of these rules: |
548 | // * https://curl.se/libcurl/c/CURLOPT_NOPROXY.html |
549 | // * https://github.com/curl/curl/issues/1208 |
550 | fn contains(&self, domain: &str) -> bool { |
551 | let domain_len = domain.len(); |
552 | for d in &self.0 { |
553 | if d == domain || d.strip_prefix('.' ) == Some(domain) { |
554 | return true; |
555 | } else if domain.ends_with(d) { |
556 | if d.starts_with('.' ) { |
557 | // If the first character of d is a dot, that means the first character of domain |
558 | // must also be a dot, so we are looking at a subdomain of d and that matches |
559 | return true; |
560 | } else if domain.as_bytes().get(domain_len - d.len() - 1) == Some(&b'.' ) { |
561 | // Given that d is a prefix of domain, if the prior character in domain is a dot |
562 | // then that means we must be matching a subdomain of d, and that matches |
563 | return true; |
564 | } |
565 | } else if d == "*" { |
566 | return true; |
567 | } |
568 | } |
569 | false |
570 | } |
571 | } |
572 | |
573 | impl ProxyScheme { |
574 | // To start conservative, keep builders private for now. |
575 | |
576 | /// Proxy traffic via the specified URL over HTTP |
577 | fn http(host: &str) -> crate::Result<Self> { |
578 | Ok(ProxyScheme::Http { |
579 | auth: None, |
580 | host: host.parse().map_err(crate::error::builder)?, |
581 | }) |
582 | } |
583 | |
584 | /// Proxy traffic via the specified URL over HTTPS |
585 | fn https(host: &str) -> crate::Result<Self> { |
586 | Ok(ProxyScheme::Https { |
587 | auth: None, |
588 | host: host.parse().map_err(crate::error::builder)?, |
589 | }) |
590 | } |
591 | |
592 | /// Proxy traffic via the specified socket address over SOCKS4 |
593 | /// |
594 | /// # Note |
595 | /// |
596 | /// Current SOCKS4 support is provided via blocking IO. |
597 | #[cfg (feature = "socks" )] |
598 | fn socks4(addr: SocketAddr) -> crate::Result<Self> { |
599 | Ok(ProxyScheme::Socks4 { |
600 | addr, |
601 | remote_dns: false, |
602 | }) |
603 | } |
604 | |
605 | /// Proxy traffic via the specified socket address over SOCKS4A |
606 | /// |
607 | /// This differs from SOCKS4 in that DNS resolution is also performed via the proxy. |
608 | /// |
609 | /// # Note |
610 | /// |
611 | /// Current SOCKS4 support is provided via blocking IO. |
612 | #[cfg (feature = "socks" )] |
613 | fn socks4a(addr: SocketAddr) -> crate::Result<Self> { |
614 | Ok(ProxyScheme::Socks4 { |
615 | addr, |
616 | remote_dns: true, |
617 | }) |
618 | } |
619 | |
620 | /// Proxy traffic via the specified socket address over SOCKS5 |
621 | /// |
622 | /// # Note |
623 | /// |
624 | /// Current SOCKS5 support is provided via blocking IO. |
625 | #[cfg (feature = "socks" )] |
626 | fn socks5(addr: SocketAddr) -> crate::Result<Self> { |
627 | Ok(ProxyScheme::Socks5 { |
628 | addr, |
629 | auth: None, |
630 | remote_dns: false, |
631 | }) |
632 | } |
633 | |
634 | /// Proxy traffic via the specified socket address over SOCKS5H |
635 | /// |
636 | /// This differs from SOCKS5 in that DNS resolution is also performed via the proxy. |
637 | /// |
638 | /// # Note |
639 | /// |
640 | /// Current SOCKS5 support is provided via blocking IO. |
641 | #[cfg (feature = "socks" )] |
642 | fn socks5h(addr: SocketAddr) -> crate::Result<Self> { |
643 | Ok(ProxyScheme::Socks5 { |
644 | addr, |
645 | auth: None, |
646 | remote_dns: true, |
647 | }) |
648 | } |
649 | |
650 | /// Use a username and password when connecting to the proxy server |
651 | fn with_basic_auth<T: Into<String>, U: Into<String>>( |
652 | mut self, |
653 | username: T, |
654 | password: U, |
655 | ) -> Self { |
656 | self.set_basic_auth(username, password); |
657 | self |
658 | } |
659 | |
660 | fn set_basic_auth<T: Into<String>, U: Into<String>>(&mut self, username: T, password: U) { |
661 | match *self { |
662 | ProxyScheme::Http { ref mut auth, .. } => { |
663 | let header = encode_basic_auth(&username.into(), &password.into()); |
664 | *auth = Some(header); |
665 | } |
666 | ProxyScheme::Https { ref mut auth, .. } => { |
667 | let header = encode_basic_auth(&username.into(), &password.into()); |
668 | *auth = Some(header); |
669 | } |
670 | #[cfg (feature = "socks" )] |
671 | ProxyScheme::Socks4 { .. } => { |
672 | panic!("Socks4 is not supported for this method" ) |
673 | } |
674 | #[cfg (feature = "socks" )] |
675 | ProxyScheme::Socks5 { ref mut auth, .. } => { |
676 | *auth = Some((username.into(), password.into())); |
677 | } |
678 | } |
679 | } |
680 | |
681 | fn set_custom_http_auth(&mut self, header_value: HeaderValue) { |
682 | match *self { |
683 | ProxyScheme::Http { ref mut auth, .. } => { |
684 | *auth = Some(header_value); |
685 | } |
686 | ProxyScheme::Https { ref mut auth, .. } => { |
687 | *auth = Some(header_value); |
688 | } |
689 | #[cfg (feature = "socks" )] |
690 | ProxyScheme::Socks4 { .. } => { |
691 | panic!("Socks4 is not supported for this method" ) |
692 | } |
693 | #[cfg (feature = "socks" )] |
694 | ProxyScheme::Socks5 { .. } => { |
695 | panic!("Socks5 is not supported for this method" ) |
696 | } |
697 | } |
698 | } |
699 | |
700 | fn if_no_auth(mut self, update: &Option<HeaderValue>) -> Self { |
701 | match self { |
702 | ProxyScheme::Http { ref mut auth, .. } => { |
703 | if auth.is_none() { |
704 | *auth = update.clone(); |
705 | } |
706 | } |
707 | ProxyScheme::Https { ref mut auth, .. } => { |
708 | if auth.is_none() { |
709 | *auth = update.clone(); |
710 | } |
711 | } |
712 | #[cfg (feature = "socks" )] |
713 | ProxyScheme::Socks4 { .. } => {} |
714 | #[cfg (feature = "socks" )] |
715 | ProxyScheme::Socks5 { .. } => {} |
716 | } |
717 | |
718 | self |
719 | } |
720 | |
721 | /// Convert a URL into a proxy scheme |
722 | /// |
723 | /// Supported schemes: HTTP, HTTPS, (SOCKS4, SOCKS5, SOCKS5H if `socks` feature is enabled). |
724 | // Private for now... |
725 | fn parse(url: Url) -> crate::Result<Self> { |
726 | use url::Position; |
727 | |
728 | // Resolve URL to a host and port |
729 | #[cfg (feature = "socks" )] |
730 | let to_addr = || { |
731 | let addrs = url |
732 | .socket_addrs(|| match url.scheme() { |
733 | "socks4" | "socks4a" | "socks5" | "socks5h" => Some(1080), |
734 | _ => None, |
735 | }) |
736 | .map_err(crate::error::builder)?; |
737 | addrs |
738 | .into_iter() |
739 | .next() |
740 | .ok_or_else(|| crate::error::builder("unknown proxy scheme" )) |
741 | }; |
742 | |
743 | let mut scheme = match url.scheme() { |
744 | "http" => Self::http(&url[Position::BeforeHost..Position::AfterPort])?, |
745 | "https" => Self::https(&url[Position::BeforeHost..Position::AfterPort])?, |
746 | #[cfg (feature = "socks" )] |
747 | "socks4" => Self::socks4(to_addr()?)?, |
748 | #[cfg (feature = "socks" )] |
749 | "socks4a" => Self::socks4a(to_addr()?)?, |
750 | #[cfg (feature = "socks" )] |
751 | "socks5" => Self::socks5(to_addr()?)?, |
752 | #[cfg (feature = "socks" )] |
753 | "socks5h" => Self::socks5h(to_addr()?)?, |
754 | _ => return Err(crate::error::builder("unknown proxy scheme" )), |
755 | }; |
756 | |
757 | if let Some(pwd) = url.password() { |
758 | let decoded_username = percent_decode(url.username().as_bytes()).decode_utf8_lossy(); |
759 | let decoded_password = percent_decode(pwd.as_bytes()).decode_utf8_lossy(); |
760 | scheme = scheme.with_basic_auth(decoded_username, decoded_password); |
761 | } |
762 | |
763 | Ok(scheme) |
764 | } |
765 | |
766 | #[cfg (test)] |
767 | fn scheme(&self) -> &str { |
768 | match self { |
769 | ProxyScheme::Http { .. } => "http" , |
770 | ProxyScheme::Https { .. } => "https" , |
771 | #[cfg (feature = "socks" )] |
772 | ProxyScheme::Socks4 { .. } => "socks4" , |
773 | #[cfg (feature = "socks" )] |
774 | ProxyScheme::Socks5 { .. } => "socks5" , |
775 | } |
776 | } |
777 | |
778 | #[cfg (test)] |
779 | fn host(&self) -> &str { |
780 | match self { |
781 | ProxyScheme::Http { host, .. } => host.as_str(), |
782 | ProxyScheme::Https { host, .. } => host.as_str(), |
783 | #[cfg (feature = "socks" )] |
784 | ProxyScheme::Socks4 { .. } => panic!("socks4" ), |
785 | #[cfg (feature = "socks" )] |
786 | ProxyScheme::Socks5 { .. } => panic!("socks5" ), |
787 | } |
788 | } |
789 | } |
790 | |
791 | impl fmt::Debug for ProxyScheme { |
792 | fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { |
793 | match self { |
794 | ProxyScheme::Http { auth: _auth: &Option, host: &Authority } => write!(f, "http:// {host}" ), |
795 | ProxyScheme::Https { auth: _auth: &Option, host: &Authority } => write!(f, "https:// {host}" ), |
796 | #[cfg (feature = "socks" )] |
797 | ProxyScheme::Socks4 { addr, remote_dns } => { |
798 | let h = if *remote_dns { "a" } else { "" }; |
799 | write!(f, "socks4{}://{}" , h, addr) |
800 | } |
801 | #[cfg (feature = "socks" )] |
802 | ProxyScheme::Socks5 { |
803 | addr, |
804 | auth: _auth, |
805 | remote_dns, |
806 | } => { |
807 | let h = if *remote_dns { "h" } else { "" }; |
808 | write!(f, "socks5{h}://{addr}" ) |
809 | } |
810 | } |
811 | } |
812 | } |
813 | |
814 | type SystemProxyMap = HashMap<String, ProxyScheme>; |
815 | |
816 | #[derive (Clone, Debug)] |
817 | enum Intercept { |
818 | All(ProxyScheme), |
819 | Http(ProxyScheme), |
820 | Https(ProxyScheme), |
821 | System(Arc<SystemProxyMap>), |
822 | Custom(Custom), |
823 | } |
824 | |
825 | impl Intercept { |
826 | fn set_basic_auth(&mut self, username: &str, password: &str) { |
827 | match self { |
828 | Intercept::All(ref mut s) |
829 | | Intercept::Http(ref mut s) |
830 | | Intercept::Https(ref mut s) => s.set_basic_auth(username, password), |
831 | Intercept::System(_) => unimplemented!(), |
832 | Intercept::Custom(ref mut custom) => { |
833 | let header = encode_basic_auth(username, password); |
834 | custom.auth = Some(header); |
835 | } |
836 | } |
837 | } |
838 | |
839 | fn set_custom_http_auth(&mut self, header_value: HeaderValue) { |
840 | match self { |
841 | Intercept::All(ref mut s) |
842 | | Intercept::Http(ref mut s) |
843 | | Intercept::Https(ref mut s) => s.set_custom_http_auth(header_value), |
844 | Intercept::System(_) => unimplemented!(), |
845 | Intercept::Custom(ref mut custom) => { |
846 | custom.auth = Some(header_value); |
847 | } |
848 | } |
849 | } |
850 | } |
851 | |
852 | #[derive (Clone)] |
853 | struct Custom { |
854 | // This auth only applies if the returned ProxyScheme doesn't have an auth... |
855 | auth: Option<HeaderValue>, |
856 | func: Arc<dyn Fn(&Url) -> Option<crate::Result<ProxyScheme>> + Send + Sync + 'static>, |
857 | } |
858 | |
859 | impl Custom { |
860 | fn call<D: Dst>(&self, uri: &D) -> Option<ProxyScheme> { |
861 | let url: Url = format!( |
862 | " {}:// {}{}{}" , |
863 | uri.scheme(), |
864 | uri.host(), |
865 | uri.port().map_or("" , |_| ":" ), |
866 | uri.port().map_or(String::new(), |p| p.to_string()) |
867 | ) |
868 | .parse() |
869 | .expect(msg:"should be valid Url" ); |
870 | |
871 | (self.func)(&url) |
872 | .and_then(|result: Result| result.ok()) |
873 | .map(|scheme: ProxyScheme| scheme.if_no_auth(&self.auth)) |
874 | } |
875 | } |
876 | |
877 | impl fmt::Debug for Custom { |
878 | fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { |
879 | f.write_str(data:"_" ) |
880 | } |
881 | } |
882 | |
883 | pub(crate) fn encode_basic_auth(username: &str, password: &str) -> HeaderValue { |
884 | crate::util::basic_auth(username, password:Some(password)) |
885 | } |
886 | |
887 | /// A helper trait to allow testing `Proxy::intercept` without having to |
888 | /// construct `hyper::client::connect::Destination`s. |
889 | pub(crate) trait Dst { |
890 | fn scheme(&self) -> &str; |
891 | fn host(&self) -> &str; |
892 | fn port(&self) -> Option<u16>; |
893 | } |
894 | |
895 | #[doc (hidden)] |
896 | impl Dst for Uri { |
897 | fn scheme(&self) -> &str { |
898 | self.scheme().expect(msg:"Uri should have a scheme" ).as_str() |
899 | } |
900 | |
901 | fn host(&self) -> &str { |
902 | Uri::host(self).expect(msg:"<Uri as Dst>::host should have a str" ) |
903 | } |
904 | |
905 | fn port(&self) -> Option<u16> { |
906 | self.port().map(|p: Port<&str>| p.as_u16()) |
907 | } |
908 | } |
909 | |
910 | /// Get system proxies information. |
911 | /// |
912 | /// All platforms will check for proxy settings via environment variables. |
913 | /// If those aren't set, platform-wide proxy settings will be looked up on |
914 | /// Windows and macOS platforms instead. Errors encountered while discovering |
915 | /// these settings are ignored. |
916 | /// |
917 | /// Returns: |
918 | /// System proxies information as a hashmap like |
919 | /// {"http": Url::parse("http://127.0.0.1:80"), "https": Url::parse("https://127.0.0.1:80")} |
920 | fn get_sys_proxies( |
921 | #[cfg_attr ( |
922 | not(any(target_os = "windows" , target_os = "macos" )), |
923 | allow(unused_variables) |
924 | )] |
925 | platform_proxies: Option<String>, |
926 | ) -> SystemProxyMap { |
927 | let proxies: HashMap = get_from_environment(); |
928 | |
929 | #[cfg (any(target_os = "windows" , target_os = "macos" ))] |
930 | if proxies.is_empty() { |
931 | // if there are errors in acquiring the platform proxies, |
932 | // we'll just return an empty HashMap |
933 | if let Some(platform_proxies) = platform_proxies { |
934 | return parse_platform_values(platform_proxies); |
935 | } |
936 | } |
937 | |
938 | proxies |
939 | } |
940 | |
941 | fn insert_proxy(proxies: &mut SystemProxyMap, scheme: impl Into<String>, addr: String) -> bool { |
942 | if addr.trim().is_empty() { |
943 | // do not accept empty or whitespace proxy address |
944 | false |
945 | } else if let Ok(valid_addr: ProxyScheme) = addr.into_proxy_scheme() { |
946 | proxies.insert(k:scheme.into(), v:valid_addr); |
947 | true |
948 | } else { |
949 | false |
950 | } |
951 | } |
952 | |
953 | fn get_from_environment() -> SystemProxyMap { |
954 | let mut proxies: HashMap = HashMap::new(); |
955 | |
956 | if !(insert_from_env(&mut proxies, scheme:"http" , var:"ALL_PROXY" ) |
957 | && insert_from_env(&mut proxies, scheme:"https" , var:"ALL_PROXY" )) |
958 | { |
959 | insert_from_env(&mut proxies, scheme:"http" , var:"all_proxy" ); |
960 | insert_from_env(&mut proxies, scheme:"https" , var:"all_proxy" ); |
961 | } |
962 | |
963 | if is_cgi() { |
964 | if log::log_enabled!(log::Level::Warn) && env::var_os(key:"HTTP_PROXY" ).is_some() { |
965 | log::warn!("HTTP_PROXY environment variable ignored in CGI" ); |
966 | } |
967 | } else if !insert_from_env(&mut proxies, scheme:"http" , var:"HTTP_PROXY" ) { |
968 | insert_from_env(&mut proxies, scheme:"http" , var:"http_proxy" ); |
969 | } |
970 | |
971 | if !insert_from_env(&mut proxies, scheme:"https" , var:"HTTPS_PROXY" ) { |
972 | insert_from_env(&mut proxies, scheme:"https" , var:"https_proxy" ); |
973 | } |
974 | |
975 | proxies |
976 | } |
977 | |
978 | fn insert_from_env(proxies: &mut SystemProxyMap, scheme: &str, var: &str) -> bool { |
979 | if let Ok(val: String) = env::var(key:var) { |
980 | insert_proxy(proxies, scheme, addr:val) |
981 | } else { |
982 | false |
983 | } |
984 | } |
985 | |
986 | /// Check if we are being executed in a CGI context. |
987 | /// |
988 | /// If so, a malicious client can send the `Proxy:` header, and it will |
989 | /// be in the `HTTP_PROXY` env var. So we don't use it :) |
990 | fn is_cgi() -> bool { |
991 | env::var_os(key:"REQUEST_METHOD" ).is_some() |
992 | } |
993 | |
994 | #[cfg (target_os = "windows" )] |
995 | fn get_from_platform_impl() -> Result<Option<String>, Box<dyn Error>> { |
996 | let internet_setting = windows_registry::CURRENT_USER |
997 | .open("Software \\Microsoft \\Windows \\CurrentVersion \\Internet Settings" )?; |
998 | // ensure the proxy is enabled, if the value doesn't exist, an error will be returned. |
999 | let proxy_enable = internet_setting.get_u32("ProxyEnable" )?; |
1000 | let proxy_server = internet_setting.get_string("ProxyServer" )?; |
1001 | |
1002 | Ok((proxy_enable == 1).then_some(proxy_server)) |
1003 | } |
1004 | |
1005 | #[cfg (all(target_os = "macos" , feature = "macos-system-configuration" ))] |
1006 | fn parse_setting_from_dynamic_store( |
1007 | proxies_map: &CFDictionary<CFString, CFType>, |
1008 | enabled_key: CFStringRef, |
1009 | host_key: CFStringRef, |
1010 | port_key: CFStringRef, |
1011 | scheme: &str, |
1012 | ) -> Option<String> { |
1013 | let proxy_enabled = proxies_map |
1014 | .find(enabled_key) |
1015 | .and_then(|flag| flag.downcast::<CFNumber>()) |
1016 | .and_then(|flag| flag.to_i32()) |
1017 | .unwrap_or(0) |
1018 | == 1; |
1019 | |
1020 | if proxy_enabled { |
1021 | let proxy_host = proxies_map |
1022 | .find(host_key) |
1023 | .and_then(|host| host.downcast::<CFString>()) |
1024 | .map(|host| host.to_string()); |
1025 | let proxy_port = proxies_map |
1026 | .find(port_key) |
1027 | .and_then(|port| port.downcast::<CFNumber>()) |
1028 | .and_then(|port| port.to_i32()); |
1029 | |
1030 | return match (proxy_host, proxy_port) { |
1031 | (Some(proxy_host), Some(proxy_port)) => { |
1032 | Some(format!("{scheme}={proxy_host}:{proxy_port}" )) |
1033 | } |
1034 | (Some(proxy_host), None) => Some(format!("{scheme}={proxy_host}" )), |
1035 | (None, Some(_)) => None, |
1036 | (None, None) => None, |
1037 | }; |
1038 | } |
1039 | |
1040 | None |
1041 | } |
1042 | |
1043 | #[cfg (all(target_os = "macos" , feature = "macos-system-configuration" ))] |
1044 | fn get_from_platform_impl() -> Result<Option<String>, Box<dyn Error>> { |
1045 | let store = SCDynamicStoreBuilder::new("reqwest" ).build(); |
1046 | |
1047 | let proxies_map = if let Some(proxies_map) = store.get_proxies() { |
1048 | proxies_map |
1049 | } else { |
1050 | return Ok(None); |
1051 | }; |
1052 | |
1053 | let http_proxy_config = parse_setting_from_dynamic_store( |
1054 | &proxies_map, |
1055 | unsafe { kSCPropNetProxiesHTTPEnable }, |
1056 | unsafe { kSCPropNetProxiesHTTPProxy }, |
1057 | unsafe { kSCPropNetProxiesHTTPPort }, |
1058 | "http" , |
1059 | ); |
1060 | let https_proxy_config = parse_setting_from_dynamic_store( |
1061 | &proxies_map, |
1062 | unsafe { kSCPropNetProxiesHTTPSEnable }, |
1063 | unsafe { kSCPropNetProxiesHTTPSProxy }, |
1064 | unsafe { kSCPropNetProxiesHTTPSPort }, |
1065 | "https" , |
1066 | ); |
1067 | |
1068 | match http_proxy_config.as_ref().zip(https_proxy_config.as_ref()) { |
1069 | Some((http_config, https_config)) => Ok(Some(format!("{http_config};{https_config}" ))), |
1070 | None => Ok(http_proxy_config.or(https_proxy_config)), |
1071 | } |
1072 | } |
1073 | |
1074 | #[cfg (any( |
1075 | target_os = "windows" , |
1076 | all(target_os = "macos" , feature = "macos-system-configuration" ) |
1077 | ))] |
1078 | fn get_from_platform() -> Option<String> { |
1079 | get_from_platform_impl().ok().flatten() |
1080 | } |
1081 | |
1082 | #[cfg (not(any( |
1083 | target_os = "windows" , |
1084 | all(target_os = "macos" , feature = "macos-system-configuration" ) |
1085 | )))] |
1086 | fn get_from_platform() -> Option<String> { |
1087 | None |
1088 | } |
1089 | |
1090 | #[cfg (any(target_os = "windows" , target_os = "macos" ))] |
1091 | fn parse_platform_values_impl(platform_values: String) -> SystemProxyMap { |
1092 | let mut proxies = HashMap::new(); |
1093 | if platform_values.contains("=" ) { |
1094 | // per-protocol settings. |
1095 | for p in platform_values.split(";" ) { |
1096 | let protocol_parts: Vec<&str> = p.split("=" ).collect(); |
1097 | match protocol_parts.as_slice() { |
1098 | [protocol, address] => { |
1099 | // If address doesn't specify an explicit protocol as protocol://address |
1100 | // then default to HTTP |
1101 | let address = if extract_type_prefix(*address).is_some() { |
1102 | String::from(*address) |
1103 | } else { |
1104 | format!("http://{address}" ) |
1105 | }; |
1106 | |
1107 | insert_proxy(&mut proxies, *protocol, address); |
1108 | } |
1109 | _ => { |
1110 | // Contains invalid protocol setting, just break the loop |
1111 | // And make proxies to be empty. |
1112 | proxies.clear(); |
1113 | break; |
1114 | } |
1115 | } |
1116 | } |
1117 | } else { |
1118 | if let Some(scheme) = extract_type_prefix(&platform_values) { |
1119 | // Explicit protocol has been specified |
1120 | insert_proxy(&mut proxies, scheme, platform_values.to_owned()); |
1121 | } else { |
1122 | // No explicit protocol has been specified, default to HTTP |
1123 | insert_proxy(&mut proxies, "http" , format!("http://{platform_values}" )); |
1124 | insert_proxy(&mut proxies, "https" , format!("http://{platform_values}" )); |
1125 | } |
1126 | } |
1127 | proxies |
1128 | } |
1129 | |
1130 | /// Extract the protocol from the given address, if present |
1131 | /// For example, "https://example.com" will return Some("https") |
1132 | #[cfg (any(target_os = "windows" , target_os = "macos" ))] |
1133 | fn extract_type_prefix(address: &str) -> Option<&str> { |
1134 | if let Some(indice) = address.find("://" ) { |
1135 | if indice == 0 { |
1136 | None |
1137 | } else { |
1138 | let prefix = &address[..indice]; |
1139 | let contains_banned = prefix.contains(|c| c == ':' || c == '/' ); |
1140 | |
1141 | if !contains_banned { |
1142 | Some(prefix) |
1143 | } else { |
1144 | None |
1145 | } |
1146 | } |
1147 | } else { |
1148 | None |
1149 | } |
1150 | } |
1151 | |
1152 | #[cfg (any(target_os = "windows" , target_os = "macos" ))] |
1153 | fn parse_platform_values(platform_values: String) -> SystemProxyMap { |
1154 | parse_platform_values_impl(platform_values) |
1155 | } |
1156 | |
1157 | #[cfg (target_os = "windows" )] |
1158 | fn get_windows_proxy_exceptions() -> String { |
1159 | let mut exceptions = String::new(); |
1160 | if let Ok(key) = |
1161 | CURRENT_USER.create(r"Software\Microsoft\Windows\CurrentVersion\Internet Settings" ) |
1162 | { |
1163 | if let Ok(value) = key.get_string("ProxyOverride" ) { |
1164 | exceptions = value |
1165 | .split(';' ) |
1166 | .map(|s| s.trim()) |
1167 | .collect::<Vec<&str>>() |
1168 | .join("," ) |
1169 | .replace("*." , "" ); |
1170 | } |
1171 | } |
1172 | exceptions |
1173 | } |
1174 | |
1175 | #[cfg (test)] |
1176 | mod tests { |
1177 | use super::*; |
1178 | use once_cell::sync::Lazy; |
1179 | use std::sync::Mutex; |
1180 | |
1181 | impl Dst for Url { |
1182 | fn scheme(&self) -> &str { |
1183 | Url::scheme(self) |
1184 | } |
1185 | |
1186 | fn host(&self) -> &str { |
1187 | Url::host_str(self).expect("<Url as Dst>::host should have a str" ) |
1188 | } |
1189 | |
1190 | fn port(&self) -> Option<u16> { |
1191 | Url::port(self) |
1192 | } |
1193 | } |
1194 | |
1195 | fn url(s: &str) -> Url { |
1196 | s.parse().unwrap() |
1197 | } |
1198 | |
1199 | fn intercepted_uri(p: &Proxy, s: &str) -> Uri { |
1200 | let (scheme, host) = match p.intercept(&url(s)).unwrap() { |
1201 | ProxyScheme::Http { host, .. } => ("http" , host), |
1202 | ProxyScheme::Https { host, .. } => ("https" , host), |
1203 | #[cfg (feature = "socks" )] |
1204 | _ => panic!("intercepted as socks" ), |
1205 | }; |
1206 | http::Uri::builder() |
1207 | .scheme(scheme) |
1208 | .authority(host) |
1209 | .path_and_query("/" ) |
1210 | .build() |
1211 | .expect("intercepted_uri" ) |
1212 | } |
1213 | |
1214 | #[test ] |
1215 | fn test_http() { |
1216 | let target = "http://example.domain/" ; |
1217 | let p = Proxy::http(target).unwrap(); |
1218 | |
1219 | let http = "http://hyper.rs" ; |
1220 | let other = "https://hyper.rs" ; |
1221 | |
1222 | assert_eq!(intercepted_uri(&p, http), target); |
1223 | assert!(p.intercept(&url(other)).is_none()); |
1224 | } |
1225 | |
1226 | #[test ] |
1227 | fn test_https() { |
1228 | let target = "http://example.domain/" ; |
1229 | let p = Proxy::https(target).unwrap(); |
1230 | |
1231 | let http = "http://hyper.rs" ; |
1232 | let other = "https://hyper.rs" ; |
1233 | |
1234 | assert!(p.intercept(&url(http)).is_none()); |
1235 | assert_eq!(intercepted_uri(&p, other), target); |
1236 | } |
1237 | |
1238 | #[test ] |
1239 | fn test_all() { |
1240 | let target = "http://example.domain/" ; |
1241 | let p = Proxy::all(target).unwrap(); |
1242 | |
1243 | let http = "http://hyper.rs" ; |
1244 | let https = "https://hyper.rs" ; |
1245 | let other = "x-youve-never-heard-of-me-mr-proxy://hyper.rs" ; |
1246 | |
1247 | assert_eq!(intercepted_uri(&p, http), target); |
1248 | assert_eq!(intercepted_uri(&p, https), target); |
1249 | assert_eq!(intercepted_uri(&p, other), target); |
1250 | } |
1251 | |
1252 | #[test ] |
1253 | fn test_custom() { |
1254 | let target1 = "http://example.domain/" ; |
1255 | let target2 = "https://example.domain/" ; |
1256 | let p = Proxy::custom(move |url| { |
1257 | if url.host_str() == Some("hyper.rs" ) { |
1258 | target1.parse().ok() |
1259 | } else if url.scheme() == "http" { |
1260 | target2.parse().ok() |
1261 | } else { |
1262 | None::<Url> |
1263 | } |
1264 | }); |
1265 | |
1266 | let http = "http://seanmonstar.com" ; |
1267 | let https = "https://hyper.rs" ; |
1268 | let other = "x-youve-never-heard-of-me-mr-proxy://seanmonstar.com" ; |
1269 | |
1270 | assert_eq!(intercepted_uri(&p, http), target2); |
1271 | assert_eq!(intercepted_uri(&p, https), target1); |
1272 | assert!(p.intercept(&url(other)).is_none()); |
1273 | } |
1274 | |
1275 | #[test ] |
1276 | fn test_proxy_scheme_parse() { |
1277 | let ps = "http://foo:bar@localhost:1239" .into_proxy_scheme().unwrap(); |
1278 | |
1279 | match ps { |
1280 | ProxyScheme::Http { auth, host } => { |
1281 | assert_eq!(auth.unwrap(), encode_basic_auth("foo" , "bar" )); |
1282 | assert_eq!(host, "localhost:1239" ); |
1283 | } |
1284 | other => panic!("unexpected: {other:?}" ), |
1285 | } |
1286 | } |
1287 | |
1288 | #[test ] |
1289 | fn test_proxy_scheme_ip_address_default_http() { |
1290 | let ps = "192.168.1.1:8888" .into_proxy_scheme().unwrap(); |
1291 | |
1292 | match ps { |
1293 | ProxyScheme::Http { auth, host } => { |
1294 | assert!(auth.is_none()); |
1295 | assert_eq!(host, "192.168.1.1:8888" ); |
1296 | } |
1297 | other => panic!("unexpected: {other:?}" ), |
1298 | } |
1299 | } |
1300 | |
1301 | #[test ] |
1302 | fn test_proxy_scheme_parse_default_http_with_auth() { |
1303 | // this should fail because `foo` is interpreted as the scheme and no host can be found |
1304 | let ps = "foo:bar@localhost:1239" .into_proxy_scheme().unwrap(); |
1305 | |
1306 | match ps { |
1307 | ProxyScheme::Http { auth, host } => { |
1308 | assert_eq!(auth.unwrap(), encode_basic_auth("foo" , "bar" )); |
1309 | assert_eq!(host, "localhost:1239" ); |
1310 | } |
1311 | other => panic!("unexpected: {other:?}" ), |
1312 | } |
1313 | } |
1314 | |
1315 | #[test ] |
1316 | fn test_domain_matcher() { |
1317 | let domains = vec![".foo.bar" .into(), "bar.foo" .into()]; |
1318 | let matcher = DomainMatcher(domains); |
1319 | |
1320 | // domains match with leading `.` |
1321 | assert!(matcher.contains("foo.bar" )); |
1322 | // subdomains match with leading `.` |
1323 | assert!(matcher.contains("www.foo.bar" )); |
1324 | |
1325 | // domains match with no leading `.` |
1326 | assert!(matcher.contains("bar.foo" )); |
1327 | // subdomains match with no leading `.` |
1328 | assert!(matcher.contains("www.bar.foo" )); |
1329 | |
1330 | // non-subdomain string prefixes don't match |
1331 | assert!(!matcher.contains("notfoo.bar" )); |
1332 | assert!(!matcher.contains("notbar.foo" )); |
1333 | } |
1334 | |
1335 | // Smallest possible content for a mutex |
1336 | struct MutexInner; |
1337 | |
1338 | static ENVLOCK: Lazy<Mutex<MutexInner>> = Lazy::new(|| Mutex::new(MutexInner)); |
1339 | |
1340 | #[test ] |
1341 | fn test_get_sys_proxies_parsing() { |
1342 | // Stop other threads from modifying process-global ENV while we are. |
1343 | let _lock = ENVLOCK.lock(); |
1344 | // save system setting first. |
1345 | let _g1 = env_guard("HTTP_PROXY" ); |
1346 | let _g2 = env_guard("http_proxy" ); |
1347 | let _g3 = env_guard("ALL_PROXY" ); |
1348 | |
1349 | // Mock ENV, get the results, before doing assertions |
1350 | // to avoid assert! -> panic! -> Mutex Poisoned. |
1351 | let baseline_proxies = get_sys_proxies(None); |
1352 | // the system proxy setting url is invalid. |
1353 | env::set_var("http_proxy" , "file://123465" ); |
1354 | let invalid_proxies = get_sys_proxies(None); |
1355 | // set valid proxy |
1356 | env::set_var("http_proxy" , "127.0.0.1/" ); |
1357 | let valid_proxies = get_sys_proxies(None); |
1358 | // set valid ALL_PROXY |
1359 | env::set_var("ALL_PROXY" , "127.0.0.2/" ); |
1360 | let all_proxies = get_sys_proxies(None); |
1361 | |
1362 | // reset user setting when guards drop |
1363 | drop(_g1); |
1364 | drop(_g2); |
1365 | // Let other threads run now |
1366 | drop(_lock); |
1367 | |
1368 | assert!(!baseline_proxies.contains_key("http" )); |
1369 | assert!(!invalid_proxies.contains_key("http" )); |
1370 | |
1371 | let p = &valid_proxies["http" ]; |
1372 | assert_eq!(p.scheme(), "http" ); |
1373 | assert_eq!(p.host(), "127.0.0.1" ); |
1374 | |
1375 | assert_eq!(all_proxies.len(), 2); |
1376 | // Set by ALL_PROXY |
1377 | assert_eq!(all_proxies["https" ].host(), "127.0.0.2" ); |
1378 | // Overwritten by the more specific HTTP_PROXY |
1379 | assert_eq!(all_proxies["http" ].host(), "127.0.0.1" ); |
1380 | } |
1381 | |
1382 | #[cfg (any(target_os = "windows" , target_os = "macos" ))] |
1383 | #[test ] |
1384 | fn test_get_sys_proxies_registry_parsing() { |
1385 | // Stop other threads from modifying process-global ENV while we are. |
1386 | let _lock = ENVLOCK.lock(); |
1387 | // save system setting first. |
1388 | let _g1 = env_guard("HTTP_PROXY" ); |
1389 | let _g2 = env_guard("http_proxy" ); |
1390 | |
1391 | // Mock ENV, get the results, before doing assertions |
1392 | // to avoid assert! -> panic! -> Mutex Poisoned. |
1393 | let baseline_proxies = get_sys_proxies(None); |
1394 | // set valid proxy |
1395 | let valid_proxies = get_sys_proxies(Some(String::from("http://127.0.0.1/" ))); |
1396 | let valid_proxies_no_scheme = get_sys_proxies(Some(String::from("127.0.0.1" ))); |
1397 | let valid_proxies_explicit_https = |
1398 | get_sys_proxies(Some(String::from("https://127.0.0.1/" ))); |
1399 | let multiple_proxies = get_sys_proxies(Some(String::from( |
1400 | "http=127.0.0.1:8888;https=127.0.0.2:8888" , |
1401 | ))); |
1402 | let multiple_proxies_explicit_scheme = get_sys_proxies(Some(String::from( |
1403 | "http=http://127.0.0.1:8888;https=https://127.0.0.2:8888" , |
1404 | ))); |
1405 | |
1406 | // reset user setting when guards drop |
1407 | drop(_g1); |
1408 | drop(_g2); |
1409 | // Let other threads run now |
1410 | drop(_lock); |
1411 | |
1412 | assert_eq!(baseline_proxies.contains_key("http" ), false); |
1413 | |
1414 | let p = &valid_proxies["http" ]; |
1415 | assert_eq!(p.scheme(), "http" ); |
1416 | assert_eq!(p.host(), "127.0.0.1" ); |
1417 | |
1418 | let p = &valid_proxies_no_scheme["http" ]; |
1419 | assert_eq!(p.scheme(), "http" ); |
1420 | assert_eq!(p.host(), "127.0.0.1" ); |
1421 | |
1422 | let p = &valid_proxies_no_scheme["https" ]; |
1423 | assert_eq!(p.scheme(), "http" ); |
1424 | assert_eq!(p.host(), "127.0.0.1" ); |
1425 | |
1426 | let p = &valid_proxies_explicit_https["https" ]; |
1427 | assert_eq!(p.scheme(), "https" ); |
1428 | assert_eq!(p.host(), "127.0.0.1" ); |
1429 | |
1430 | let p = &multiple_proxies["http" ]; |
1431 | assert_eq!(p.scheme(), "http" ); |
1432 | assert_eq!(p.host(), "127.0.0.1:8888" ); |
1433 | |
1434 | let p = &multiple_proxies["https" ]; |
1435 | assert_eq!(p.scheme(), "http" ); |
1436 | assert_eq!(p.host(), "127.0.0.2:8888" ); |
1437 | |
1438 | let p = &multiple_proxies_explicit_scheme["http" ]; |
1439 | assert_eq!(p.scheme(), "http" ); |
1440 | assert_eq!(p.host(), "127.0.0.1:8888" ); |
1441 | |
1442 | let p = &multiple_proxies_explicit_scheme["https" ]; |
1443 | assert_eq!(p.scheme(), "https" ); |
1444 | assert_eq!(p.host(), "127.0.0.2:8888" ); |
1445 | } |
1446 | |
1447 | #[test ] |
1448 | fn test_get_sys_proxies_in_cgi() { |
1449 | // Stop other threads from modifying process-global ENV while we are. |
1450 | let _lock = ENVLOCK.lock(); |
1451 | // save system setting first. |
1452 | let _g1 = env_guard("REQUEST_METHOD" ); |
1453 | let _g2 = env_guard("HTTP_PROXY" ); |
1454 | |
1455 | // Mock ENV, get the results, before doing assertions |
1456 | // to avoid assert! -> panic! -> Mutex Poisoned. |
1457 | env::set_var("HTTP_PROXY" , "http://evil/" ); |
1458 | |
1459 | let baseline_proxies = get_sys_proxies(None); |
1460 | // set like we're in CGI |
1461 | env::set_var("REQUEST_METHOD" , "GET" ); |
1462 | |
1463 | let cgi_proxies = get_sys_proxies(None); |
1464 | |
1465 | // reset user setting when guards drop |
1466 | drop(_g1); |
1467 | drop(_g2); |
1468 | // Let other threads run now |
1469 | drop(_lock); |
1470 | |
1471 | // not in CGI yet |
1472 | assert_eq!(baseline_proxies["http" ].host(), "evil" ); |
1473 | // In CGI |
1474 | assert!(!cgi_proxies.contains_key("http" )); |
1475 | } |
1476 | |
1477 | #[test ] |
1478 | fn test_sys_no_proxy() { |
1479 | // Stop other threads from modifying process-global ENV while we are. |
1480 | let _lock = ENVLOCK.lock(); |
1481 | // save system setting first. |
1482 | let _g1 = env_guard("HTTP_PROXY" ); |
1483 | let _g2 = env_guard("NO_PROXY" ); |
1484 | |
1485 | let target = "http://example.domain/" ; |
1486 | env::set_var("HTTP_PROXY" , target); |
1487 | |
1488 | env::set_var( |
1489 | "NO_PROXY" , |
1490 | ".foo.bar, bar.baz,10.42.1.1/24,::1,10.124.7.8,2001::/17" , |
1491 | ); |
1492 | |
1493 | // Manually construct this so we aren't use the cache |
1494 | let mut p = Proxy::new(Intercept::System(Arc::new(get_sys_proxies(None)))); |
1495 | p.no_proxy = NoProxy::from_env(); |
1496 | |
1497 | // random url, not in no_proxy |
1498 | assert_eq!(intercepted_uri(&p, "http://hyper.rs" ), target); |
1499 | // make sure that random non-subdomain string prefixes don't match |
1500 | assert_eq!(intercepted_uri(&p, "http://notfoo.bar" ), target); |
1501 | // make sure that random non-subdomain string prefixes don't match |
1502 | assert_eq!(intercepted_uri(&p, "http://notbar.baz" ), target); |
1503 | // ipv4 address out of range |
1504 | assert_eq!(intercepted_uri(&p, "http://10.43.1.1" ), target); |
1505 | // ipv4 address out of range |
1506 | assert_eq!(intercepted_uri(&p, "http://10.124.7.7" ), target); |
1507 | // ipv6 address out of range |
1508 | assert_eq!(intercepted_uri(&p, "http://[ffff:db8:a0b:12f0::1]" ), target); |
1509 | // ipv6 address out of range |
1510 | assert_eq!(intercepted_uri(&p, "http://[2005:db8:a0b:12f0::1]" ), target); |
1511 | |
1512 | // make sure subdomains (with leading .) match |
1513 | assert!(p.intercept(&url("http://hello.foo.bar" )).is_none()); |
1514 | // make sure exact matches (without leading .) match (also makes sure spaces between entries work) |
1515 | assert!(p.intercept(&url("http://bar.baz" )).is_none()); |
1516 | // check case sensitivity |
1517 | assert!(p.intercept(&url("http://BAR.baz" )).is_none()); |
1518 | // make sure subdomains (without leading . in no_proxy) match |
1519 | assert!(p.intercept(&url("http://foo.bar.baz" )).is_none()); |
1520 | // make sure subdomains (without leading . in no_proxy) match - this differs from cURL |
1521 | assert!(p.intercept(&url("http://foo.bar" )).is_none()); |
1522 | // ipv4 address match within range |
1523 | assert!(p.intercept(&url("http://10.42.1.100" )).is_none()); |
1524 | // ipv6 address exact match |
1525 | assert!(p.intercept(&url("http://[::1]" )).is_none()); |
1526 | // ipv6 address match within range |
1527 | assert!(p.intercept(&url("http://[2001:db8:a0b:12f0::1]" )).is_none()); |
1528 | // ipv4 address exact match |
1529 | assert!(p.intercept(&url("http://10.124.7.8" )).is_none()); |
1530 | |
1531 | // reset user setting when guards drop |
1532 | drop(_g1); |
1533 | drop(_g2); |
1534 | // Let other threads run now |
1535 | drop(_lock); |
1536 | } |
1537 | |
1538 | #[test ] |
1539 | fn test_proxy_no_proxy_interception_for_proxy_types() { |
1540 | let proxy_url = "http://example.domain/" ; |
1541 | let no_proxy = ".no.proxy.tld" ; |
1542 | |
1543 | // test all proxy interception |
1544 | let p = Proxy::all(proxy_url) |
1545 | .unwrap() |
1546 | .no_proxy(NoProxy::from_string(no_proxy)); |
1547 | |
1548 | // random url, not in no_proxy |
1549 | assert_eq!(intercepted_uri(&p, "http://hyper.rs" ), proxy_url); |
1550 | |
1551 | // positive match for no proxy |
1552 | assert!(p.intercept(&url("https://hello.no.proxy.tld" )).is_none()); |
1553 | |
1554 | // test http proxy interception |
1555 | let p = Proxy::http(proxy_url) |
1556 | .unwrap() |
1557 | .no_proxy(NoProxy::from_string(no_proxy)); |
1558 | |
1559 | // random url, not in no_proxy |
1560 | assert_eq!(intercepted_uri(&p, "http://hyper.rs" ), proxy_url); |
1561 | |
1562 | // positive match for no proxy |
1563 | assert!(p.intercept(&url("http://hello.no.proxy.tld" )).is_none()); |
1564 | |
1565 | // should not be intercepted due to scheme |
1566 | assert!(p.intercept(&url("https://hyper.rs" )).is_none()); |
1567 | |
1568 | // test https proxy interception |
1569 | let p = Proxy::https(proxy_url) |
1570 | .unwrap() |
1571 | .no_proxy(NoProxy::from_string(no_proxy)); |
1572 | |
1573 | // random url, not in no_proxy |
1574 | assert_eq!(intercepted_uri(&p, "https://hyper.rs" ), proxy_url); |
1575 | |
1576 | // positive match for no proxy |
1577 | assert!(p.intercept(&url("https://hello.no.proxy.tld" )).is_none()); |
1578 | |
1579 | // should not be intercepted due to scheme |
1580 | assert!(p.intercept(&url("http://hyper.rs" )).is_none()); |
1581 | |
1582 | // test custom proxy interception |
1583 | let p = Proxy::custom(move |_url| Some(proxy_url)).no_proxy(NoProxy::from_string(no_proxy)); |
1584 | |
1585 | // random url, not in no_proxy |
1586 | assert_eq!(intercepted_uri(&p, "https://hyper.rs" ), proxy_url); |
1587 | |
1588 | // positive match for no proxy |
1589 | assert!(p.intercept(&url("https://hello.no.proxy.tld" )).is_none()); |
1590 | assert!(p.intercept(&url("http://hello.no.proxy.tld" )).is_none()); |
1591 | } |
1592 | |
1593 | #[test ] |
1594 | fn test_wildcard_sys_no_proxy() { |
1595 | // Stop other threads from modifying process-global ENV while we are. |
1596 | let _lock = ENVLOCK.lock(); |
1597 | // save system setting first. |
1598 | let _g1 = env_guard("HTTP_PROXY" ); |
1599 | let _g2 = env_guard("NO_PROXY" ); |
1600 | |
1601 | let target = "http://example.domain/" ; |
1602 | env::set_var("HTTP_PROXY" , target); |
1603 | |
1604 | env::set_var("NO_PROXY" , "*" ); |
1605 | |
1606 | // Manually construct this so we aren't use the cache |
1607 | let mut p = Proxy::new(Intercept::System(Arc::new(get_sys_proxies(None)))); |
1608 | p.no_proxy = NoProxy::from_env(); |
1609 | |
1610 | assert!(p.intercept(&url("http://foo.bar" )).is_none()); |
1611 | |
1612 | // reset user setting when guards drop |
1613 | drop(_g1); |
1614 | drop(_g2); |
1615 | // Let other threads run now |
1616 | drop(_lock); |
1617 | } |
1618 | |
1619 | #[test ] |
1620 | fn test_empty_sys_no_proxy() { |
1621 | // Stop other threads from modifying process-global ENV while we are. |
1622 | let _lock = ENVLOCK.lock(); |
1623 | // save system setting first. |
1624 | let _g1 = env_guard("HTTP_PROXY" ); |
1625 | let _g2 = env_guard("NO_PROXY" ); |
1626 | |
1627 | let target = "http://example.domain/" ; |
1628 | env::set_var("HTTP_PROXY" , target); |
1629 | |
1630 | env::set_var("NO_PROXY" , "," ); |
1631 | |
1632 | // Manually construct this so we aren't use the cache |
1633 | let mut p = Proxy::new(Intercept::System(Arc::new(get_sys_proxies(None)))); |
1634 | p.no_proxy = NoProxy::from_env(); |
1635 | |
1636 | // everything should go through proxy, "effectively" nothing is in no_proxy |
1637 | assert_eq!(intercepted_uri(&p, "http://hyper.rs" ), target); |
1638 | |
1639 | // Also test the behavior of `NO_PROXY` being an empty string. |
1640 | env::set_var("NO_PROXY" , "" ); |
1641 | |
1642 | // Manually construct this so we aren't use the cache |
1643 | let mut p = Proxy::new(Intercept::System(Arc::new(get_sys_proxies(None)))); |
1644 | p.no_proxy = NoProxy::from_env(); |
1645 | // In the case of an empty string `NoProxy::from_env()` should return `Some(..)` |
1646 | assert!(p.no_proxy.is_some()); |
1647 | |
1648 | // everything should go through proxy, "effectively" nothing is in no_proxy |
1649 | assert_eq!(intercepted_uri(&p, "http://hyper.rs" ), target); |
1650 | |
1651 | // reset user setting when guards drop |
1652 | drop(_g1); |
1653 | drop(_g2); |
1654 | // Let other threads run now |
1655 | drop(_lock); |
1656 | } |
1657 | |
1658 | #[test ] |
1659 | fn test_no_proxy_load() { |
1660 | // Stop other threads from modifying process-global ENV while we are. |
1661 | let _lock = ENVLOCK.lock(); |
1662 | |
1663 | let _g1 = env_guard("no_proxy" ); |
1664 | let domain = "lower.case" ; |
1665 | env::set_var("no_proxy" , domain); |
1666 | // Manually construct this so we aren't use the cache |
1667 | let mut p = Proxy::new(Intercept::System(Arc::new(get_sys_proxies(None)))); |
1668 | p.no_proxy = NoProxy::from_env(); |
1669 | assert_eq!( |
1670 | p.no_proxy.expect("should have a no proxy set" ).domains.0[0], |
1671 | domain |
1672 | ); |
1673 | |
1674 | env::remove_var("no_proxy" ); |
1675 | let _g2 = env_guard("NO_PROXY" ); |
1676 | let domain = "upper.case" ; |
1677 | env::set_var("NO_PROXY" , domain); |
1678 | // Manually construct this so we aren't use the cache |
1679 | let mut p = Proxy::new(Intercept::System(Arc::new(get_sys_proxies(None)))); |
1680 | p.no_proxy = NoProxy::from_env(); |
1681 | assert_eq!( |
1682 | p.no_proxy.expect("should have a no proxy set" ).domains.0[0], |
1683 | domain |
1684 | ); |
1685 | |
1686 | let _g3 = env_guard("HTTP_PROXY" ); |
1687 | env::remove_var("NO_PROXY" ); |
1688 | env::remove_var("no_proxy" ); |
1689 | let target = "http://example.domain/" ; |
1690 | env::set_var("HTTP_PROXY" , target); |
1691 | |
1692 | // Manually construct this so we aren't use the cache |
1693 | let mut p = Proxy::new(Intercept::System(Arc::new(get_sys_proxies(None)))); |
1694 | p.no_proxy = NoProxy::from_env(); |
1695 | assert!(p.no_proxy.is_none(), "NoProxy shouldn't have been created" ); |
1696 | |
1697 | assert_eq!(intercepted_uri(&p, "http://hyper.rs" ), target); |
1698 | |
1699 | // reset user setting when guards drop |
1700 | drop(_g1); |
1701 | drop(_g2); |
1702 | drop(_g3); |
1703 | // Let other threads run now |
1704 | drop(_lock); |
1705 | } |
1706 | |
1707 | #[cfg (any(target_os = "windows" , target_os = "macos" ))] |
1708 | #[test ] |
1709 | fn test_type_prefix_extraction() { |
1710 | assert!(extract_type_prefix("test" ).is_none()); |
1711 | assert!(extract_type_prefix("://test" ).is_none()); |
1712 | assert!(extract_type_prefix("some:prefix://test" ).is_none()); |
1713 | assert!(extract_type_prefix("some/prefix://test" ).is_none()); |
1714 | |
1715 | assert_eq!(extract_type_prefix("http://test" ).unwrap(), "http" ); |
1716 | assert_eq!(extract_type_prefix("a://test" ).unwrap(), "a" ); |
1717 | } |
1718 | |
1719 | /// Guard an environment variable, resetting it to the original value |
1720 | /// when dropped. |
1721 | fn env_guard(name: impl Into<String>) -> EnvGuard { |
1722 | let name = name.into(); |
1723 | let orig_val = env::var(&name).ok(); |
1724 | env::remove_var(&name); |
1725 | EnvGuard { name, orig_val } |
1726 | } |
1727 | |
1728 | struct EnvGuard { |
1729 | name: String, |
1730 | orig_val: Option<String>, |
1731 | } |
1732 | |
1733 | impl Drop for EnvGuard { |
1734 | fn drop(&mut self) { |
1735 | if let Some(val) = self.orig_val.take() { |
1736 | env::set_var(&self.name, val); |
1737 | } else { |
1738 | env::remove_var(&self.name); |
1739 | } |
1740 | } |
1741 | } |
1742 | |
1743 | #[test ] |
1744 | fn test_has_http_auth() { |
1745 | let http_proxy_with_auth = Proxy { |
1746 | intercept: Intercept::Http(ProxyScheme::Http { |
1747 | auth: Some(HeaderValue::from_static("auth1" )), |
1748 | host: http::uri::Authority::from_static("authority" ), |
1749 | }), |
1750 | no_proxy: None, |
1751 | }; |
1752 | assert!(http_proxy_with_auth.maybe_has_http_auth()); |
1753 | assert_eq!( |
1754 | http_proxy_with_auth.http_basic_auth(&Uri::from_static("http://example.com" )), |
1755 | Some(HeaderValue::from_static("auth1" )) |
1756 | ); |
1757 | |
1758 | let http_proxy_without_auth = Proxy { |
1759 | intercept: Intercept::Http(ProxyScheme::Http { |
1760 | auth: None, |
1761 | host: http::uri::Authority::from_static("authority" ), |
1762 | }), |
1763 | no_proxy: None, |
1764 | }; |
1765 | assert!(!http_proxy_without_auth.maybe_has_http_auth()); |
1766 | assert_eq!( |
1767 | http_proxy_without_auth.http_basic_auth(&Uri::from_static("http://example.com" )), |
1768 | None |
1769 | ); |
1770 | |
1771 | let https_proxy_with_auth = Proxy { |
1772 | intercept: Intercept::Http(ProxyScheme::Https { |
1773 | auth: Some(HeaderValue::from_static("auth2" )), |
1774 | host: http::uri::Authority::from_static("authority" ), |
1775 | }), |
1776 | no_proxy: None, |
1777 | }; |
1778 | assert!(https_proxy_with_auth.maybe_has_http_auth()); |
1779 | assert_eq!( |
1780 | https_proxy_with_auth.http_basic_auth(&Uri::from_static("http://example.com" )), |
1781 | Some(HeaderValue::from_static("auth2" )) |
1782 | ); |
1783 | |
1784 | let all_http_proxy_with_auth = Proxy { |
1785 | intercept: Intercept::All(ProxyScheme::Http { |
1786 | auth: Some(HeaderValue::from_static("auth3" )), |
1787 | host: http::uri::Authority::from_static("authority" ), |
1788 | }), |
1789 | no_proxy: None, |
1790 | }; |
1791 | assert!(all_http_proxy_with_auth.maybe_has_http_auth()); |
1792 | assert_eq!( |
1793 | all_http_proxy_with_auth.http_basic_auth(&Uri::from_static("http://example.com" )), |
1794 | Some(HeaderValue::from_static("auth3" )) |
1795 | ); |
1796 | |
1797 | let all_https_proxy_with_auth = Proxy { |
1798 | intercept: Intercept::All(ProxyScheme::Https { |
1799 | auth: Some(HeaderValue::from_static("auth4" )), |
1800 | host: http::uri::Authority::from_static("authority" ), |
1801 | }), |
1802 | no_proxy: None, |
1803 | }; |
1804 | assert!(all_https_proxy_with_auth.maybe_has_http_auth()); |
1805 | assert_eq!( |
1806 | all_https_proxy_with_auth.http_basic_auth(&Uri::from_static("http://example.com" )), |
1807 | Some(HeaderValue::from_static("auth4" )) |
1808 | ); |
1809 | |
1810 | let all_https_proxy_without_auth = Proxy { |
1811 | intercept: Intercept::All(ProxyScheme::Https { |
1812 | auth: None, |
1813 | host: http::uri::Authority::from_static("authority" ), |
1814 | }), |
1815 | no_proxy: None, |
1816 | }; |
1817 | assert!(!all_https_proxy_without_auth.maybe_has_http_auth()); |
1818 | assert_eq!( |
1819 | all_https_proxy_without_auth.http_basic_auth(&Uri::from_static("http://example.com" )), |
1820 | None |
1821 | ); |
1822 | |
1823 | let system_http_proxy_with_auth = Proxy { |
1824 | intercept: Intercept::System(Arc::new({ |
1825 | let mut m = HashMap::new(); |
1826 | m.insert( |
1827 | "http" .into(), |
1828 | ProxyScheme::Http { |
1829 | auth: Some(HeaderValue::from_static("auth5" )), |
1830 | host: http::uri::Authority::from_static("authority" ), |
1831 | }, |
1832 | ); |
1833 | m |
1834 | })), |
1835 | no_proxy: None, |
1836 | }; |
1837 | assert!(system_http_proxy_with_auth.maybe_has_http_auth()); |
1838 | assert_eq!( |
1839 | system_http_proxy_with_auth.http_basic_auth(&Uri::from_static("http://example.com" )), |
1840 | Some(HeaderValue::from_static("auth5" )) |
1841 | ); |
1842 | |
1843 | let system_https_proxy_with_auth = Proxy { |
1844 | intercept: Intercept::System(Arc::new({ |
1845 | let mut m = HashMap::new(); |
1846 | m.insert( |
1847 | "https" .into(), |
1848 | ProxyScheme::Https { |
1849 | auth: Some(HeaderValue::from_static("auth6" )), |
1850 | host: http::uri::Authority::from_static("authority" ), |
1851 | }, |
1852 | ); |
1853 | m |
1854 | })), |
1855 | no_proxy: None, |
1856 | }; |
1857 | assert!(!system_https_proxy_with_auth.maybe_has_http_auth()); |
1858 | assert_eq!( |
1859 | system_https_proxy_with_auth.http_basic_auth(&Uri::from_static("http://example.com" )), |
1860 | None |
1861 | ); |
1862 | } |
1863 | } |
1864 | |
1865 | #[cfg (test)] |
1866 | mod test { |
1867 | mod into_proxy_scheme { |
1868 | use crate::Proxy; |
1869 | use std::error::Error; |
1870 | use std::mem::discriminant; |
1871 | |
1872 | fn includes(haystack: &crate::error::Error, needle: url::ParseError) -> bool { |
1873 | let mut source = haystack.source(); |
1874 | while let Some(error) = source { |
1875 | if let Some(parse_error) = error.downcast_ref::<url::ParseError>() { |
1876 | if discriminant(parse_error) == discriminant(&needle) { |
1877 | return true; |
1878 | } |
1879 | } |
1880 | source = error.source(); |
1881 | } |
1882 | false |
1883 | } |
1884 | |
1885 | fn check_parse_error(url: &str, needle: url::ParseError) { |
1886 | let error = Proxy::http(url).unwrap_err(); |
1887 | if !includes(&error, needle) { |
1888 | panic!("{needle:?} expected; {error:?}, {error} found" ); |
1889 | } |
1890 | } |
1891 | |
1892 | mod when_scheme_missing { |
1893 | mod and_url_is_valid { |
1894 | use crate::Proxy; |
1895 | |
1896 | #[test ] |
1897 | fn lookback_works() { |
1898 | let _ = Proxy::http("127.0.0.1" ).unwrap(); |
1899 | } |
1900 | |
1901 | #[test ] |
1902 | fn loopback_port_works() { |
1903 | let _ = Proxy::http("127.0.0.1:8080" ).unwrap(); |
1904 | } |
1905 | |
1906 | #[test ] |
1907 | fn loopback_username_works() { |
1908 | let _ = Proxy::http("username@127.0.0.1" ).unwrap(); |
1909 | } |
1910 | |
1911 | #[test ] |
1912 | fn loopback_username_password_works() { |
1913 | let _ = Proxy::http("username:password@127.0.0.1" ).unwrap(); |
1914 | } |
1915 | |
1916 | #[test ] |
1917 | fn loopback_username_password_port_works() { |
1918 | let _ = Proxy::http("ldap%5Cgremlin:pass%3Bword@127.0.0.1:8080" ).unwrap(); |
1919 | } |
1920 | |
1921 | #[test ] |
1922 | fn domain_works() { |
1923 | let _ = Proxy::http("proxy.example.com" ).unwrap(); |
1924 | } |
1925 | |
1926 | #[test ] |
1927 | fn domain_port_works() { |
1928 | let _ = Proxy::http("proxy.example.com:8080" ).unwrap(); |
1929 | } |
1930 | |
1931 | #[test ] |
1932 | fn domain_username_works() { |
1933 | let _ = Proxy::http("username@proxy.example.com" ).unwrap(); |
1934 | } |
1935 | |
1936 | #[test ] |
1937 | fn domain_username_password_works() { |
1938 | let _ = Proxy::http("username:password@proxy.example.com" ).unwrap(); |
1939 | } |
1940 | |
1941 | #[test ] |
1942 | fn domain_username_password_port_works() { |
1943 | let _ = |
1944 | Proxy::http("ldap%5Cgremlin:pass%3Bword@proxy.example.com:8080" ).unwrap(); |
1945 | } |
1946 | } |
1947 | mod and_url_has_bad { |
1948 | use super::super::check_parse_error; |
1949 | |
1950 | #[test ] |
1951 | fn host() { |
1952 | check_parse_error("username@" , url::ParseError::RelativeUrlWithoutBase); |
1953 | } |
1954 | |
1955 | #[test ] |
1956 | fn idna_encoding() { |
1957 | check_parse_error("xn---" , url::ParseError::RelativeUrlWithoutBase); |
1958 | } |
1959 | |
1960 | #[test ] |
1961 | fn port() { |
1962 | check_parse_error("127.0.0.1:808080" , url::ParseError::RelativeUrlWithoutBase); |
1963 | } |
1964 | |
1965 | #[test ] |
1966 | fn ip_v4_address() { |
1967 | check_parse_error("421.627.718.469" , url::ParseError::RelativeUrlWithoutBase); |
1968 | } |
1969 | |
1970 | #[test ] |
1971 | fn ip_v6_address() { |
1972 | check_parse_error( |
1973 | "[56FE::2159:5BBC::6594]" , |
1974 | url::ParseError::RelativeUrlWithoutBase, |
1975 | ); |
1976 | } |
1977 | |
1978 | #[test ] |
1979 | fn invalid_domain_character() { |
1980 | check_parse_error("abc 123" , url::ParseError::RelativeUrlWithoutBase); |
1981 | } |
1982 | } |
1983 | } |
1984 | |
1985 | mod when_scheme_present { |
1986 | mod and_url_is_valid { |
1987 | use crate::Proxy; |
1988 | |
1989 | #[test ] |
1990 | fn loopback_works() { |
1991 | let _ = Proxy::http("http://127.0.0.1" ).unwrap(); |
1992 | } |
1993 | |
1994 | #[test ] |
1995 | fn loopback_port_works() { |
1996 | let _ = Proxy::http("https://127.0.0.1:8080" ).unwrap(); |
1997 | } |
1998 | |
1999 | #[test ] |
2000 | fn loopback_username_works() { |
2001 | let _ = Proxy::http("http://username@127.0.0.1" ).unwrap(); |
2002 | } |
2003 | |
2004 | #[test ] |
2005 | fn loopback_username_password_works() { |
2006 | let _ = Proxy::http("https://username:password@127.0.0.1" ).unwrap(); |
2007 | } |
2008 | |
2009 | #[test ] |
2010 | fn loopback_username_password_port_works() { |
2011 | let _ = |
2012 | Proxy::http("http://ldap%5Cgremlin:pass%3Bword@127.0.0.1:8080" ).unwrap(); |
2013 | } |
2014 | |
2015 | #[test ] |
2016 | fn domain_works() { |
2017 | let _ = Proxy::http("https://proxy.example.com" ).unwrap(); |
2018 | } |
2019 | |
2020 | #[test ] |
2021 | fn domain_port_works() { |
2022 | let _ = Proxy::http("http://proxy.example.com:8080" ).unwrap(); |
2023 | } |
2024 | |
2025 | #[test ] |
2026 | fn domain_username_works() { |
2027 | let _ = Proxy::http("https://username@proxy.example.com" ).unwrap(); |
2028 | } |
2029 | |
2030 | #[test ] |
2031 | fn domain_username_password_works() { |
2032 | let _ = Proxy::http("http://username:password@proxy.example.com" ).unwrap(); |
2033 | } |
2034 | |
2035 | #[test ] |
2036 | fn domain_username_password_port_works() { |
2037 | let _ = |
2038 | Proxy::http("https://ldap%5Cgremlin:pass%3Bword@proxy.example.com:8080" ) |
2039 | .unwrap(); |
2040 | } |
2041 | } |
2042 | mod and_url_has_bad { |
2043 | use super::super::check_parse_error; |
2044 | |
2045 | #[test ] |
2046 | fn host() { |
2047 | check_parse_error("http://username@" , url::ParseError::EmptyHost); |
2048 | } |
2049 | |
2050 | #[test ] |
2051 | fn idna_encoding() { |
2052 | check_parse_error("http://xn---" , url::ParseError::IdnaError); |
2053 | } |
2054 | |
2055 | #[test ] |
2056 | fn port() { |
2057 | check_parse_error("http://127.0.0.1:808080" , url::ParseError::InvalidPort); |
2058 | } |
2059 | |
2060 | #[test ] |
2061 | fn ip_v4_address() { |
2062 | check_parse_error( |
2063 | "http://421.627.718.469" , |
2064 | url::ParseError::InvalidIpv4Address, |
2065 | ); |
2066 | } |
2067 | |
2068 | #[test ] |
2069 | fn ip_v6_address() { |
2070 | check_parse_error( |
2071 | "http://[56FE::2159:5BBC::6594]" , |
2072 | url::ParseError::InvalidIpv6Address, |
2073 | ); |
2074 | } |
2075 | } |
2076 | } |
2077 | } |
2078 | } |
2079 | |