HTTP client refactor (#7884)

* http client refactor * simplification
author: Chris <ccbrown112@gmail.com> 2017-11-22 09:15:03 -0600
committer: Harrison Healey <harrisonmhealey@gmail.com> 2017-11-22 10:15:03 -0500
commit: 77a1dc1f2f12198881c00356a04dddef126b985d (patch)
tree: 09b5510bb744d0d9e5056783dc7522c5641ec788 /app
parent: cf9cd6a4b6bea717884269879ee8a3ced475ee8a (diff)
download: chat-77a1dc1f2f12198881c00356a04dddef126b985d.tar.gz
chat-77a1dc1f2f12198881c00356a04dddef126b985d.tar.bz2
chat-77a1dc1f2f12198881c00356a04dddef126b985d.zip
7 files changed, 49 insertions, 10 deletions
diff --git a/app/app.go b/app/app.go
index ea79d8e81..7bd4c561b 100644
--- a/app/app.go
+++ b/app/app.go
@@ -5,8 +5,10 @@ package app
 
 import (
 	"html/template"
+	"net"
 	"net/http"
 	"runtime/debug"
+	"strings"
 	"sync/atomic"
 
 	l4g "github.com/alecthomas/log4go"
@@ -351,6 +353,43 @@ func (a *App) HTMLTemplates() *template.Template {
 	return a.htmlTemplateWatcher.Templates()
 }
 
+func (a *App) HTTPClient(trustURLs bool) *http.Client {
+	insecure := a.Config().ServiceSettings.EnableInsecureOutgoingConnections != nil && *a.Config().ServiceSettings.EnableInsecureOutgoingConnections
+
+	if trustURLs {
+		return utils.NewHTTPClient(insecure, nil, nil)
+	}
+
+	allowHost := func(host string) bool {
+		if a.Config().ServiceSettings.AllowedUntrustedInternalConnections == nil {
+			return false
+		}
+		for _, allowed := range strings.Fields(*a.Config().ServiceSettings.AllowedUntrustedInternalConnections) {
+			if host == allowed {
+				return true
+			}
+		}
+		return false
+	}
+
+	allowIP := func(ip net.IP) bool {
+		if !utils.IsReservedIP(ip) {
+			return true
+		}
+		if a.Config().ServiceSettings.AllowedUntrustedInternalConnections == nil {
+			return false
+		}
+		for _, allowed := range strings.Fields(*a.Config().ServiceSettings.AllowedUntrustedInternalConnections) {
+			if _, ipRange, err := net.ParseCIDR(allowed); err == nil && ipRange.Contains(ip) {
+				return true
+			}
+		}
+		return false
+	}
+
+	return utils.NewHTTPClient(insecure, allowHost, allowIP)
+}
+
 func (a *App) Handle404(w http.ResponseWriter, r *http.Request) {
 	err := model.NewAppError("Handle404", "api.context.404.app_error", nil, "", http.StatusNotFound)
 	err.Translate(utils.T)
diff --git a/app/command.go b/app/command.go
index 8bd025c8e..aefdf6a73 100644
--- a/app/command.go
+++ b/app/command.go
@@ -221,7 +221,7 @@ func (a *App) ExecuteCommand(args *model.CommandArgs) (*model.CommandResponse, *
 					req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 				}
 
-				if resp, err := utils.HttpClient(false).Do(req); err != nil {
+				if resp, err := a.HTTPClient(false).Do(req); err != nil {
 					return nil, model.NewAppError("command", "api.command.execute_command.failed.app_error", map[string]interface{}{"Trigger": trigger}, err.Error(), http.StatusInternalServerError)
 				} else {
 					if resp.StatusCode == http.StatusOK {
diff --git a/app/notification.go b/app/notification.go
index 7708270a4..36934dc9d 100644
--- a/app/notification.go
+++ b/app/notification.go
@@ -695,7 +695,7 @@ func (a *App) sendToPushProxy(msg model.PushNotification, session *model.Session
 
 	request, _ := http.NewRequest("POST", *a.Config().EmailSettings.PushNotificationServer+model.API_URL_SUFFIX_V1+"/send_push", strings.NewReader(msg.ToJson()))
 
-	if resp, err := utils.HttpClient(true).Do(request); err != nil {
+	if resp, err := a.HTTPClient(true).Do(request); err != nil {
 		l4g.Error("Device push reported as error for UserId=%v SessionId=%v message=%v", session.UserId, session.Id, err.Error())
 	} else {
 		pushResponse := model.PushResponseFromJson(resp.Body)
diff --git a/app/oauth.go b/app/oauth.go
index 0aba154fa..f27facbec 100644
--- a/app/oauth.go
+++ b/app/oauth.go
@@ -681,7 +681,7 @@ func (a *App) AuthorizeOAuthUser(w http.ResponseWriter, r *http.Request, service
 
 	var ar *model.AccessResponse
 	var bodyBytes []byte
-	if resp, err := utils.HttpClient(true).Do(req); err != nil {
+	if resp, err := a.HTTPClient(true).Do(req); err != nil {
 		return nil, "", stateProps, model.NewAppError("AuthorizeOAuthUser", "api.user.authorize_oauth_user.token_failed.app_error", nil, err.Error(), http.StatusInternalServerError)
 	} else {
 		ar = model.AccessResponseFromJson(resp.Body)
@@ -708,7 +708,7 @@ func (a *App) AuthorizeOAuthUser(w http.ResponseWriter, r *http.Request, service
 	req.Header.Set("Accept", "application/json")
 	req.Header.Set("Authorization", "Bearer "+ar.AccessToken)
 
-	if resp, err := utils.HttpClient(true).Do(req); err != nil {
+	if resp, err := a.HTTPClient(true).Do(req); err != nil {
 		return nil, "", stateProps, model.NewAppError("AuthorizeOAuthUser", "api.user.authorize_oauth_user.service.app_error", map[string]interface{}{"Service": service}, err.Error(), http.StatusInternalServerError)
 	} else {
 		return resp.Body, teamId, stateProps, nil
diff --git a/app/post.go b/app/post.go
index 1bada0095..00944ee3b 100644
--- a/app/post.go
+++ b/app/post.go
@@ -681,10 +681,10 @@ func (a *App) GetFileInfosForPost(postId string, readFromMaster bool) ([]*model.
 	return infos, nil
 }
 
-func GetOpenGraphMetadata(url string) *opengraph.OpenGraph {
+func (a *App) GetOpenGraphMetadata(url string) *opengraph.OpenGraph {
 	og := opengraph.NewOpenGraph()
 
-	res, err := utils.HttpClient(false).Get(url)
+	res, err := a.HTTPClient(false).Get(url)
 	if err != nil {
 		l4g.Error("GetOpenGraphMetadata request failed for url=%v with err=%v", url, err.Error())
 		return og
@@ -721,7 +721,7 @@ func (a *App) DoPostAction(postId string, actionId string, userId string) *model
 	req, _ := http.NewRequest("POST", action.Integration.URL, strings.NewReader(request.ToJson()))
 	req.Header.Set("Content-Type", "application/json")
 	req.Header.Set("Accept", "application/json")
-	resp, err := utils.HttpClient(false).Do(req)
+	resp, err := a.HTTPClient(false).Do(req)
 	if err != nil {
 		return model.NewAppError("DoPostAction", "api.post.do_action.action_integration.app_error", nil, "err="+err.Error(), http.StatusBadRequest)
 	}
diff --git a/app/webhook.go b/app/webhook.go
index 41a789ead..3f8f035f7 100644
--- a/app/webhook.go
+++ b/app/webhook.go
@@ -106,7 +106,7 @@ func (a *App) TriggerWebhook(payload *model.OutgoingWebhookPayload, hook *model.
 				req, _ := http.NewRequest("POST", url, body)
 				req.Header.Set("Content-Type", contentType)
 				req.Header.Set("Accept", "application/json")
-				if resp, err := utils.HttpClient(false).Do(req); err != nil {
+				if resp, err := a.HTTPClient(false).Do(req); err != nil {
 					l4g.Error(utils.T("api.post.handle_webhook_events_and_forget.event_post.error"), err.Error())
 				} else {
 					defer consumeAndClose(resp)
diff --git a/app/webrtc.go b/app/webrtc.go
index b8b0a2827..b10450cab 100644
--- a/app/webrtc.go
+++ b/app/webrtc.go
@@ -59,7 +59,7 @@ func (a *App) GetWebrtcToken(sessionId string) (string, *model.AppError) {
 	rq, _ := http.NewRequest("POST", *a.Config().WebrtcSettings.GatewayAdminUrl, strings.NewReader(model.MapToJson(data)))
 	rq.Header.Set("Content-Type", "application/json")
 
-	if rp, err := utils.HttpClient(true).Do(rq); err != nil {
+	if rp, err := a.HTTPClient(true).Do(rq); err != nil {
 		return "", model.NewAppError("WebRTC.Token", "model.client.connecting.app_error", nil, err.Error(), http.StatusInternalServerError)
 	} else if rp.StatusCode >= 300 {
 		defer consumeAndClose(rp)
@@ -93,5 +93,5 @@ func (a *App) RevokeWebrtcToken(sessionId string) {
 	rq.Header.Set("Content-Type", "application/json")
 
 	// we do not care about the response
-	utils.HttpClient(true).Do(rq)
+	a.HTTPClient(true).Do(rq)
 }
author	Chris <ccbrown112@gmail.com>	2017-11-22 09:15:03 -0600
committer	Harrison Healey <harrisonmhealey@gmail.com>	2017-11-22 10:15:03 -0500
commit	77a1dc1f2f12198881c00356a04dddef126b985d (patch)
tree	09b5510bb744d0d9e5056783dc7522c5641ec788 /app
parent	cf9cd6a4b6bea717884269879ee8a3ced475ee8a (diff)
download	chat-77a1dc1f2f12198881c00356a04dddef126b985d.tar.gz chat-77a1dc1f2f12198881c00356a04dddef126b985d.tar.bz2 chat-77a1dc1f2f12198881c00356a04dddef126b985d.zip