diff options
author | Vivien Kraus <vivien@planete-kraus.eu> | 2021-10-13 17:08:30 +0200 |
---|---|---|
committer | Vivien Kraus <vivien@planete-kraus.eu> | 2021-10-19 11:33:00 +0200 |
commit | c2f4994c20072c11d407d506e7416e2c609d0ca3 (patch) | |
tree | 86d20c1f2cf608c60c23d808c0a22346a81a84a7 /src | |
parent | a219bf64933d3313aebe0e5576b291e32e93d93f (diff) |
server: add a reverse proxy endpoint
Diffstat (limited to 'src')
-rw-r--r-- | src/scm/webid-oidc/reverse-proxy.scm | 56 | ||||
-rw-r--r-- | src/scm/webid-oidc/server/endpoint/Makefile.am | 6 | ||||
-rw-r--r-- | src/scm/webid-oidc/server/endpoint/reverse-proxy.scm | 144 |
3 files changed, 164 insertions, 42 deletions
diff --git a/src/scm/webid-oidc/reverse-proxy.scm b/src/scm/webid-oidc/reverse-proxy.scm index ee4878e..4221fa5 100644 --- a/src/scm/webid-oidc/reverse-proxy.scm +++ b/src/scm/webid-oidc/reverse-proxy.scm @@ -34,6 +34,8 @@ #:use-module (webid-oidc cache) #:use-module (webid-oidc web-i18n) #:use-module (web server) + #:use-module (webid-oidc server endpoint) + #:use-module (webid-oidc server endpoint reverse-proxy) #:declarative? #t #:export ( @@ -56,6 +58,10 @@ #:server-uri server-uri)) (unless (and endpoint (uri? endpoint)) (fail (G_ "#:endpoint argument is not present or not an URI."))) + (define backend + (make <reverse-proxy> + #:backend-uri endpoint + #:authentication-header auth-header)) (lambda (request request-body) (let ((agent (catch #t @@ -72,43 +78,13 @@ (request-time ((p:current-date)))) (parameterize ((p:current-date request-time) (web-locale request)) - ;; The time is now set for the duration of the request - (let ((raw-headers (request-headers request))) - (let ((modified-headers - (append - (if agent - (list (cons auth-header (uri->string agent))) - '()) - (filter - (lambda (h) - (not (eq? (car h) auth-header))) - raw-headers)))) - (let ((modified-request - (build-request - (request-uri request) - #:method (request-method request) - #:headers modified-headers))) - (let ((port (open-socket-for-uri endpoint))) - (let ((request-with-port - (write-request modified-request port))) - (when request-body - (unless (bytevector? request-body) - (set! request-body (string->utf8 request-body))) - (write-request-body request-with-port request-body)) - (force-output (request-port request-with-port)) - (let ((response (read-response port))) - (let ((response-body - (or (response-must-not-include-body? response) - (read-response-body response)))) - (let ((adapted-response - (build-response - #:code (response-code response) - #:reason-phrase (response-reason-phrase response) - #:headers - (append - (if (eqv? (response-code response) 401) - (list (cons 'www-authenticate '((DPoP)))) - '()) - (response-headers response))))) - (close-port port) - (values adapted-response response-body))))))))))))) + (set! request + (build-request (request-uri request) + #:method (request-method request) + #:version (request-version request) + #:headers (request-headers request) + #:port (request-port request) + #:meta `((user . ,agent) ,@(request-meta request)))) + (receive (response response-body response-meta) + (handle backend request request-body) + (values response response-body)))))) diff --git a/src/scm/webid-oidc/server/endpoint/Makefile.am b/src/scm/webid-oidc/server/endpoint/Makefile.am index e32794d..ba4799a 100644 --- a/src/scm/webid-oidc/server/endpoint/Makefile.am +++ b/src/scm/webid-oidc/server/endpoint/Makefile.am @@ -14,6 +14,8 @@ # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see <https://www.gnu.org/licenses/>. -dist_endpointserverwebidoidcmod_DATA += +dist_endpointserverwebidoidcmod_DATA += \ + %reldir%/reverse-proxy.scm -endpointserverwebidoidcgo_DATA += +endpointserverwebidoidcgo_DATA += \ + %reldir%/reverse-proxy.go diff --git a/src/scm/webid-oidc/server/endpoint/reverse-proxy.scm b/src/scm/webid-oidc/server/endpoint/reverse-proxy.scm new file mode 100644 index 0000000..a082882 --- /dev/null +++ b/src/scm/webid-oidc/server/endpoint/reverse-proxy.scm @@ -0,0 +1,144 @@ +;; disfluid, implementation of the Solid specification +;; Copyright (C) 2021 Vivien Kraus + +;; This program is free software: you can redistribute it and/or modify +;; it under the terms of the GNU Affero General Public License as +;; published by the Free Software Foundation, either version 3 of the +;; License, or (at your option) any later version. + +;; This program is distributed in the hope that it will be useful, +;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;; GNU Affero General Public License for more details. + +;; You should have received a copy of the GNU Affero General Public License +;; along with this program. If not, see <https://www.gnu.org/licenses/>. + +(define-module (webid-oidc server endpoint reverse-proxy) + #:use-module (webid-oidc errors) + #:use-module (webid-oidc provider-confirmation) + #:use-module (webid-oidc server endpoint) + #:use-module ((webid-oidc parameters) #:prefix p:) + #:use-module ((webid-oidc config) #:prefix cfg:) + #:use-module (web request) + #:use-module (web response) + #:use-module (web uri) + #:use-module (web server) + #:use-module (web client) + #:use-module (ice-9 optargs) + #:use-module (ice-9 receive) + #:use-module (webid-oidc web-i18n) + #:use-module (webid-oidc offloading) + #:use-module (ice-9 getopt-long) + #:use-module (ice-9 suspendable-ports) + #:use-module (ice-9 control) + #:use-module (ice-9 match) + #:use-module (ice-9 exceptions) + #:use-module (sxml simple) + #:use-module (srfi srfi-19) + #:use-module (srfi srfi-26) + #:use-module (rnrs bytevectors) + #:use-module (oop goops) + #:duplicates (merge-generics) + #:declarative? #t + #:export + ( + <reverse-proxy> + backend-uri + authentication-header + + open-socket-for-uri + )) + +(define open-socket-for-uri + (make-parameter + (@ (web client) open-socket-for-uri))) + +(define-class <reverse-proxy> (<endpoint>) + (backend-uri #:init-keyword #:backend-uri #:getter backend-uri) + (authentication-header + #:init-keyword #:authentication-header + #:getter authentication-header + #:init-value 'XXX-Agent)) + +(define-method (initialize (endpoint <reverse-proxy>) initargs) + (next-method) + (let-keywords + initargs #t + ((backend-uri #f) + (authentication-header 'XXX-Agent)) + (match backend-uri + ((? string? (= string->uri (? uri? the-backend-uri))) + (set! backend-uri the-backend-uri) + (slot-set! endpoint 'backend-uri the-backend-uri)) + (else #t)) + (unless (and backend-uri (uri? backend-uri)) + (scm-error 'wrong-type-arg "make <reverse-proxy>" + (G_ "#:backend-uri should be an URI") + '() + (list backend-uri))) + (unless (symbol? authentication-header) + (scm-error 'wrong-type-arg "make <reverse-proxy>" + (G_ "#:authentication-header should be a symbol") + '() + (list authentication-header))))) + +(define-method (handle (endpoint <reverse-proxy>) request request-body) + (let ((modified-request + (build-request + (request-uri request) + #:method (request-method request) + #:headers + `(,@(let ((user (assq-ref (request-meta request) 'user))) + (if user + `((,(authentication-header endpoint) . ,(uri->string user))) + '())) + ,@(filter + (match-lambda + ((header . _) + (not (string-ci=? + (symbol->string header) + (symbol->string (authentication-header endpoint)))))) + (request-headers request)))))) + (in-another-thread + (let/ec return + (with-exception-handler + (lambda (exn) + (if (exception-with-message? exn) + (format (current-error-port) + (G_ "~a: reverse proxy failure: ~a\n") + (date->string ((p:current-date))) + (exception-message exn)) + (format (current-error-port) + (G_ "~a: reverse proxy failure\n") + (date->string ((p:current-date))))) + (return + (build-response + #:code 502 + #:reason-phrase (W_ "reason-phrase|Bad Gateway") + #:headers '((content-type application/xhtml+xml))) + (call-with-output-string + (cute sxml->xml + `(*TOP* + (*PI* xml "version=\"1.0\" encoding=\"utf-8\"") + (html (@ (xmlns "http://www.w3.org/1999/xhtml") + (xml:lang ,(W_ "xml-lang|en"))) + (head + (title ,(W_ "page-title|Bad Gateway"))) + (body + (p ,(W_ "The backend server could not be contacted."))))) + <>)) + '())) + (lambda () + (let ((port ((open-socket-for-uri) (backend-uri endpoint)))) + (let ((request-with-port + (write-request modified-request port))) + (when request-body + (unless (bytevector? request-body) + (set! request-body (string->utf8 request-body))) + (write-request-body request-with-port request-body)) + (force-output (request-port request-with-port)) + (let ((response (read-response port))) + (let ((body (and (not (response-must-not-include-body? response)) + port))) + (values response body '()))))))))))) |