diff options
author | Chris <ccbrown112@gmail.com> | 2017-11-22 09:15:03 -0600 |
---|---|---|
committer | Harrison Healey <harrisonmhealey@gmail.com> | 2017-11-22 10:15:03 -0500 |
commit | 77a1dc1f2f12198881c00356a04dddef126b985d (patch) | |
tree | 09b5510bb744d0d9e5056783dc7522c5641ec788 /utils | |
parent | cf9cd6a4b6bea717884269879ee8a3ced475ee8a (diff) | |
download | chat-77a1dc1f2f12198881c00356a04dddef126b985d.tar.gz chat-77a1dc1f2f12198881c00356a04dddef126b985d.tar.bz2 chat-77a1dc1f2f12198881c00356a04dddef126b985d.zip |
HTTP client refactor (#7884)
* http client refactor
* simplification
Diffstat (limited to 'utils')
-rw-r--r-- | utils/httpclient.go | 73 | ||||
-rw-r--r-- | utils/httpclient_test.go | 10 |
2 files changed, 14 insertions, 69 deletions
diff --git a/utils/httpclient.go b/utils/httpclient.go index afa717637..a21be7aa8 100644 --- a/utils/httpclient.go +++ b/utils/httpclient.go @@ -9,7 +9,6 @@ import ( "errors" "net" "net/http" - "strings" "time" ) @@ -18,37 +17,9 @@ const ( requestTimeout = 30 * time.Second ) -var secureHttpClient *http.Client -var secureUntrustedHttpClient *http.Client -var insecureHttpClient *http.Client -var insecureUntrustedHttpClient *http.Client - -// HttpClient returns a variation the default implementation of Client. -// It uses a Transport with the same settings as the default Transport -// but with the following modifications: -// - shorter timeout for dial and TLS handshake (defined as constant -// "connectTimeout") -// - timeout for the end-to-end request (defined as constant -// "requestTimeout") -// - skipping server certificate check if specified in "config.json" -// via "ServiceSettings.EnableInsecureOutgoingConnections" -func HttpClient(trustURLs bool) *http.Client { - insecure := Cfg.ServiceSettings.EnableInsecureOutgoingConnections != nil && *Cfg.ServiceSettings.EnableInsecureOutgoingConnections - switch { - case insecure && trustURLs: - return insecureHttpClient - case insecure: - return insecureUntrustedHttpClient - case trustURLs: - return secureHttpClient - default: - return secureUntrustedHttpClient - } -} - var reservedIPRanges []*net.IPNet -func isReserved(ip net.IP) bool { +func IsReservedIP(ip net.IP) bool { for _, ipRange := range reservedIPRanges { if ipRange.Contains(ip) { return true @@ -77,39 +48,6 @@ func init() { } reservedIPRanges = append(reservedIPRanges, parsed) } - - allowHost := func(host string) bool { - if Cfg.ServiceSettings.AllowedUntrustedInternalConnections == nil { - return false - } - for _, allowed := range strings.Fields(*Cfg.ServiceSettings.AllowedUntrustedInternalConnections) { - if host == allowed { - return true - } - } - return false - } - - allowIP := func(ip net.IP) bool { - if !isReserved(ip) { - return true - } - if Cfg.ServiceSettings.AllowedUntrustedInternalConnections == nil { - return false - } - for _, allowed := range strings.Fields(*Cfg.ServiceSettings.AllowedUntrustedInternalConnections) { - if _, ipRange, err := net.ParseCIDR(allowed); err == nil && ipRange.Contains(ip) { - return true - } - } - return false - } - - secureHttpClient = createHttpClient(false, nil, nil) - insecureHttpClient = createHttpClient(true, nil, nil) - - secureUntrustedHttpClient = createHttpClient(false, allowHost, allowIP) - insecureUntrustedHttpClient = createHttpClient(true, allowHost, allowIP) } type DialContextFunction func(ctx context.Context, network, addr string) (net.Conn, error) @@ -159,7 +97,14 @@ func dialContextFilter(dial DialContextFunction, allowHost func(host string) boo } } -func createHttpClient(enableInsecureConnections bool, allowHost func(host string) bool, allowIP func(ip net.IP) bool) *http.Client { +// NewHTTPClient returns a variation the default implementation of Client. +// It uses a Transport with the same settings as the default Transport +// but with the following modifications: +// - shorter timeout for dial and TLS handshake (defined as constant +// "connectTimeout") +// - timeout for the end-to-end request (defined as constant +// "requestTimeout") +func NewHTTPClient(enableInsecureConnections bool, allowHost func(host string) bool, allowIP func(ip net.IP) bool) *http.Client { dialContext := (&net.Dialer{ Timeout: connectTimeout, KeepAlive: 30 * time.Second, diff --git a/utils/httpclient_test.go b/utils/httpclient_test.go index 1878b58b4..e07c54d08 100644 --- a/utils/httpclient_test.go +++ b/utils/httpclient_test.go @@ -14,9 +14,9 @@ import ( "testing" ) -func TestHttpClient(t *testing.T) { +func TestHTTPClient(t *testing.T) { for _, allowInternal := range []bool{true, false} { - c := HttpClient(allowInternal) + c := NewHTTPClient(false, func(_ string) bool { return false }, func(ip net.IP) bool { return allowInternal || !IsReservedIP(ip) }) for _, tc := range []struct { URL string IsInternal bool @@ -52,11 +52,11 @@ func TestHttpClient(t *testing.T) { } } -func TestHttpClientWithProxy(t *testing.T) { +func TestHTTPClientWithProxy(t *testing.T) { proxy := createProxyServer() defer proxy.Close() - c := createHttpClient(true, nil, nil) + c := NewHTTPClient(true, nil, nil) purl, _ := url.Parse(proxy.URL) c.Transport.(*http.Transport).Proxy = http.ProxyURL(purl) @@ -108,7 +108,7 @@ func TestDialContextFilter(t *testing.T) { filter := dialContextFilter(func(ctx context.Context, network, addr string) (net.Conn, error) { didDial = true return nil, nil - }, func(host string) bool { return host == "10.0.0.1" }, func(ip net.IP) bool { return !isReserved(ip) }) + }, func(host string) bool { return host == "10.0.0.1" }, func(ip net.IP) bool { return !IsReservedIP(ip) }) _, err := filter(context.Background(), "", tc.Addr) switch { case tc.IsValid == (err == AddressForbidden) || (err != nil && err != AddressForbidden): |