code refactoring

cert/cert.go

@@ -277,7 +277,7 @@ func (ca *CA) GetCert(commonName string) (*tls.Certificate, error) {
 	ca.cacheMu.Lock()
 	if val, ok := ca.cache.Get(commonName); ok {
 		ca.cacheMu.Unlock()
-		log.WithField("commonName", commonName).Debug("GetCert")
+		log.Debugf("ca GetCert: %v", commonName)
 		return val.(*tls.Certificate), nil
 	}
 	ca.cacheMu.Unlock()
@@ -301,7 +301,7 @@ func (ca *CA) GetCert(commonName string) (*tls.Certificate, error) {
 
 // TODO: 是否应该支持多个 SubjectAltName
 func (ca *CA) DummyCert(commonName string) (*tls.Certificate, error) {
-	log.WithField("commonName", commonName).Debug("DummyCert")
+	log.Debugf("ca DummyCert: %v", commonName)
 	template := &x509.Certificate{
 		SerialNumber: big.NewInt(time.Now().UnixNano() / 100000),
 		Subject: pkix.Name{

proxy/helper.go

@@ -104,7 +104,7 @@ func getTlsKeyLogWriter() io.Writer {
 
 		writer, err := os.OpenFile(logfile, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0666)
 		if err != nil {
-			log.WithField("in", "getTlsKeyLogWriter").Debug(err)
+			log.Debugf("getTlsKeyLogWriter OpenFile error: %v", err)
 			return
 		}
 

proxy/interceptor.go

@@ -1,8 +1,15 @@
 package proxy
 
 import (
+	"bufio"
+	"context"
+	"crypto/tls"
 	"net"
 	"net/http"
+	"strings"
+
+	"github.com/lqqyt2423/go-mitmproxy/cert"
+	log "github.com/sirupsen/logrus"
 )
 
 // 拦截 https 流量通用接口
@@ -23,3 +30,148 @@ func (i *forward) Start() error {
 func (i *forward) Dial(req *http.Request) (net.Conn, error) {
 	return net.Dial("tcp", req.Host)
 }
+
+// 模拟了标准库中 server 运行，目的是仅通过当前进程内存转发 socket 数据，不需要经过 tcp 或 unix socket
+
+type pipeAddr struct {
+	remoteAddr string
+}
+
+func (pipeAddr) Network() string   { return "pipe" }
+func (a *pipeAddr) String() string { return a.remoteAddr }
+
+// add Peek method for conn
+type pipeConn struct {
+	net.Conn
+	r           *bufio.Reader
+	host        string
+	remoteAddr  string
+	connContext *ConnContext
+}
+
+func newPipeConn(c net.Conn, req *http.Request) *pipeConn {
+	return &pipeConn{
+		Conn:        c,
+		r:           bufio.NewReader(c),
+		host:        req.Host,
+		remoteAddr:  req.RemoteAddr,
+		connContext: req.Context().Value(connContextKey).(*ConnContext),
+	}
+}
+
+func (c *pipeConn) Peek(n int) ([]byte, error) {
+	return c.r.Peek(n)
+}
+
+func (c *pipeConn) Read(data []byte) (int, error) {
+	return c.r.Read(data)
+}
+
+func (c *pipeConn) RemoteAddr() net.Addr {
+	return &pipeAddr{remoteAddr: c.remoteAddr}
+}
+
+// 建立客户端和服务端通信的通道
+func newPipes(req *http.Request) (net.Conn, *pipeConn) {
+	client, srv := net.Pipe()
+	server := newPipeConn(srv, req)
+	return client, server
+}
+
+// mock net.Listener
+type middleListener struct {
+	connChan chan net.Conn
+}
+
+func (l *middleListener) Accept() (net.Conn, error) { return <-l.connChan, nil }
+func (l *middleListener) Close() error              { return nil }
+func (l *middleListener) Addr() net.Addr            { return nil }
+
+// middle: man-in-the-middle server
+type middle struct {
+	proxy    *Proxy
+	ca       *cert.CA
+	listener *middleListener
+	server   *http.Server
+}
+
+func newMiddle(proxy *Proxy) (interceptor, error) {
+	ca, err := cert.NewCA(proxy.Opts.CaRootPath)
+	if err != nil {
+		return nil, err
+	}
+
+	m := &middle{
+		proxy: proxy,
+		ca:    ca,
+		listener: &middleListener{
+			connChan: make(chan net.Conn),
+		},
+	}
+
+	server := &http.Server{
+		Handler: m,
+		ConnContext: func(ctx context.Context, c net.Conn) context.Context {
+			return context.WithValue(ctx, connContextKey, c.(*tls.Conn).NetConn().(*pipeConn).connContext)
+		},
+		TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler)), // disable http2
+		TLSConfig: &tls.Config{
+			GetCertificate: func(chi *tls.ClientHelloInfo) (*tls.Certificate, error) {
+				log.Debugf("middle GetCertificate ServerName: %v\n", chi.ServerName)
+				return ca.GetCert(chi.ServerName)
+			},
+		},
+	}
+	m.server = server
+	return m, nil
+}
+
+func (m *middle) Start() error {
+	return m.server.ServeTLS(m.listener, "", "")
+}
+
+// todo: should block until ServerConnected
+func (m *middle) Dial(req *http.Request) (net.Conn, error) {
+	pipeClientConn, pipeServerConn := newPipes(req)
+	go m.intercept(pipeServerConn)
+	return pipeClientConn, nil
+}
+
+func (m *middle) ServeHTTP(res http.ResponseWriter, req *http.Request) {
+	if strings.EqualFold(req.Header.Get("Connection"), "Upgrade") && strings.EqualFold(req.Header.Get("Upgrade"), "websocket") {
+		// wss
+		defaultWebSocket.wss(res, req)
+		return
+	}
+
+	if req.URL.Scheme == "" {
+		req.URL.Scheme = "https"
+	}
+	if req.URL.Host == "" {
+		req.URL.Host = req.Host
+	}
+	m.proxy.ServeHTTP(res, req)
+}
+
+// 解析 connect 流量
+// 如果是 tls 流量，则进入 listener.Accept => Middle.ServeHTTP
+// 否则很可能是 ws 流量
+func (m *middle) intercept(pipeServerConn *pipeConn) {
+	buf, err := pipeServerConn.Peek(3)
+	if err != nil {
+		log.Errorf("Peek error: %v\n", err)
+		pipeServerConn.Close()
+		return
+	}
+
+	// https://github.com/mitmproxy/mitmproxy/blob/main/mitmproxy/net/tls.py is_tls_record_magic
+	if buf[0] == 0x16 && buf[1] == 0x03 && buf[2] <= 0x03 {
+		// tls
+		pipeServerConn.connContext.ClientConn.Tls = true
+		pipeServerConn.connContext.initHttpsServerConn()
+		m.listener.connChan <- pipeServerConn
+	} else {
+		// ws
+		defaultWebSocket.ws(pipeServerConn, pipeServerConn.host)
+	}
+}

proxy/middle.go

@@ -1,160 +0,0 @@
-package proxy
-
-import (
-	"bufio"
-	"context"
-	"crypto/tls"
-	"net"
-	"net/http"
-	"strings"
-
-	"github.com/lqqyt2423/go-mitmproxy/cert"
-	log "github.com/sirupsen/logrus"
-)
-
-// 模拟了标准库中 server 运行，目的是仅通过当前进程内存转发 socket 数据，不需要经过 tcp 或 unix socket
-
-type pipeAddr struct {
-	remoteAddr string
-}
-
-func (pipeAddr) Network() string   { return "pipe" }
-func (a *pipeAddr) String() string { return a.remoteAddr }
-
-// add Peek method for conn
-type pipeConn struct {
-	net.Conn
-	r           *bufio.Reader
-	host        string
-	remoteAddr  string
-	connContext *ConnContext
-}
-
-func newPipeConn(c net.Conn, req *http.Request) *pipeConn {
-	return &pipeConn{
-		Conn:        c,
-		r:           bufio.NewReader(c),
-		host:        req.Host,
-		remoteAddr:  req.RemoteAddr,
-		connContext: req.Context().Value(connContextKey).(*ConnContext),
-	}
-}
-
-func (c *pipeConn) Peek(n int) ([]byte, error) {
-	return c.r.Peek(n)
-}
-
-func (c *pipeConn) Read(data []byte) (int, error) {
-	return c.r.Read(data)
-}
-
-func (c *pipeConn) RemoteAddr() net.Addr {
-	return &pipeAddr{remoteAddr: c.remoteAddr}
-}
-
-// 建立客户端和服务端通信的通道
-func newPipes(req *http.Request) (net.Conn, *pipeConn) {
-	client, srv := net.Pipe()
-	server := newPipeConn(srv, req)
-	return client, server
-}
-
-// mock net.Listener
-type middleListener struct {
-	connChan chan net.Conn
-}
-
-func (l *middleListener) Accept() (net.Conn, error) { return <-l.connChan, nil }
-func (l *middleListener) Close() error              { return nil }
-func (l *middleListener) Addr() net.Addr            { return nil }
-
-// middle: man-in-the-middle server
-type middle struct {
-	proxy    *Proxy
-	ca       *cert.CA
-	listener *middleListener
-	server   *http.Server
-}
-
-func newMiddle(proxy *Proxy) (interceptor, error) {
-	ca, err := cert.NewCA(proxy.Opts.CaRootPath)
-	if err != nil {
-		return nil, err
-	}
-
-	m := &middle{
-		proxy: proxy,
-		ca:    ca,
-		listener: &middleListener{
-			connChan: make(chan net.Conn),
-		},
-	}
-
-	server := &http.Server{
-		Handler: m,
-		ConnContext: func(ctx context.Context, c net.Conn) context.Context {
-			return context.WithValue(ctx, connContextKey, c.(*tls.Conn).NetConn().(*pipeConn).connContext)
-		},
-		TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler)), // disable http2
-		TLSConfig: &tls.Config{
-			GetCertificate: func(chi *tls.ClientHelloInfo) (*tls.Certificate, error) {
-				log.Debugf("Middle GetCertificate ServerName: %v\n", chi.ServerName)
-				return ca.GetCert(chi.ServerName)
-			},
-		},
-	}
-	m.server = server
-	return m, nil
-}
-
-func (m *middle) Start() error {
-	return m.server.ServeTLS(m.listener, "", "")
-}
-
-// todo: should block until ServerConnected
-func (m *middle) Dial(req *http.Request) (net.Conn, error) {
-	pipeClientConn, pipeServerConn := newPipes(req)
-	go m.intercept(pipeServerConn)
-	return pipeClientConn, nil
-}
-
-func (m *middle) ServeHTTP(res http.ResponseWriter, req *http.Request) {
-	if strings.EqualFold(req.Header.Get("Connection"), "Upgrade") && strings.EqualFold(req.Header.Get("Upgrade"), "websocket") {
-		// wss
-		defaultWebSocket.wss(res, req)
-		return
-	}
-
-	if req.URL.Scheme == "" {
-		req.URL.Scheme = "https"
-	}
-	if req.URL.Host == "" {
-		req.URL.Host = req.Host
-	}
-	m.proxy.ServeHTTP(res, req)
-}
-
-// 解析 connect 流量
-// 如果是 tls 流量，则进入 listener.Accept => Middle.ServeHTTP
-// 否则很可能是 ws 流量
-func (m *middle) intercept(pipeServerConn *pipeConn) {
-	log := log.WithField("in", "middle.intercept").WithField("host", pipeServerConn.host)
-
-	buf, err := pipeServerConn.Peek(3)
-	if err != nil {
-		log.Errorf("Peek error: %v\n", err)
-		pipeServerConn.Close()
-		return
-	}
-
-	// https://github.com/mitmproxy/mitmproxy/blob/main/mitmproxy/net/tls.py is_tls_record_magic
-	if buf[0] == 0x16 && buf[1] == 0x03 && buf[2] <= 0x03 {
-		// tls
-		pipeServerConn.connContext.ClientConn.Tls = true
-		pipeServerConn.connContext.initHttpsServerConn()
-		m.listener.connChan <- pipeServerConn
-	} else {
-		// ws
-		defaultWebSocket.ws(pipeServerConn, pipeServerConn.host)
-	}
-}

proxy/proxy.go

@@ -107,8 +107,6 @@ func (proxy *Proxy) ServeHTTP(res http.ResponseWriter, req *http.Request) {
 		"method": req.Method,
 	})
 
-	log.Debug("receive request")
-
 	if !req.URL.IsAbs() || req.URL.Host == "" {
 		res.WriteHeader(400)
 		_, err := io.WriteString(res, "此为代理服务器，不能直接发起请求")
@@ -259,8 +257,6 @@ func (proxy *Proxy) handleConnect(res http.ResponseWriter, req *http.Request) {
 		"host": req.Host,
 	})
 
-	log.Debug("receive connect")
-
 	conn, err := proxy.interceptor.Dial(req)
 	if err != nil {
 		log.Error(err)