Basic auth fixed

[clburlison]

Issue: When using AlwaysMitm ext/auth/basic.go would attempt to authenticate requests twice resulting in the 407 unauthorized message.

This fixes two outstanding issues with the basic auth behavior of this library.

1. BasicConnect handler was preventing other handlers from running (AlwaysMitm)
2. Basic was trying to authenticate connection that was already authenticated by BasicConnect

Resolves: https://github.com/elazarl/goproxy/issues/309, https://github.com/elazarl/goproxy/issues/416

Below is a simple test case to validate the behavior before/after the patch:

package main

import (
    "flag"
    "log"
    "net"
    "net/http"
    "regexp"

    "github.com/elazarl/goproxy"
    "github.com/elazarl/goproxy/ext/auth"
)

func handleRequest(req *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response) {
    ip, _, err := net.SplitHostPort(req.RemoteAddr)
    if err != nil {
        log.Print(err)
    }

    log.Printf("[%d] %s --> %s %s", ctx.Session, ip, req.Method, req.URL)

    return req, nil
}

func main() {
    verbose := flag.Bool("v", false, "should every proxy request be logged to stdout")
    addr := flag.String("addr", ":8080", "proxy listen address")
    flag.Parse()
    username, password := "foo", "bar"
    hostmatch := "google.com|neverssl.com|apache.org"
    proxy := goproxy.NewProxyHttpServer()
    auth.ProxyBasic(proxy, "Auth", func(user, passwd string) bool {
        return user == username && password == passwd
    })
    proxy.OnRequest(goproxy.ReqHostMatches(regexp.MustCompile(hostmatch))).
        HandleConnect(goproxy.AlwaysMitm)
    proxy.OnRequest().DoFunc(handleRequest)
    proxy.Verbose = *verbose
    log.Fatal(http.ListenAndServe(*addr, proxy))
}

[batuzyn]

@elazarl Could you merge this PR?

[elazarl]

I'm very careful about adding yet another field to the context. Can we do it in some other way?

[batuzyn]

Actually I did't think another way :) But this PR working correctly for me.

[batuzyn]

Sorry, I had a problem after i implemented it. 'ctx.Authenticated' not returns 'true' for http connect methods.

I am getting 407 (proxy auth required) for this code. Is there something I did wrong?

`addr := flag.String("addr", ":8080", "proxy listen address") hostmatch := flag.String("hostmatch", "^.*$", "hosts to trace (regexp pattern)") verbose := flag.Bool("v", true, "verbose output") flag.Parse()

log.SetFlags(log.Lmicroseconds)

proxy := goproxy.NewProxyHttpServer()

auth.ProxyBasic(proxy, "Auth", func(user, passwd string) bool {
    return true
})

proxy.OnRequest(goproxy.ReqHostMatches(regexp.MustCompile(*hostmatch))).
    HandleConnect(goproxy.AlwaysMitm)

proxy.OnRequest().DoFunc(handleRequest)

proxy.Verbose = *verbose
log.Fatal(http.ListenAndServe(*addr, proxy))`

[thalesfsp]

Any update on this?

[elazarl]

@thalesfsp as I said, I'm reluctant to add another field to the Ctx without a really good reason.

I reviewed the code and asked isn't using the User pointer possible, but didn't receive response yet.

[thalesfsp]

@elazarl Given the importance of the MR, could you do the change you are suggesting? Best regards!

[faf-xff]

这个啥时候能修复呢

[thalesfsp]

@guanyufen123 just fork and merge the change. This is what happens when the community needs and demands things but authors are reluctant to listen.

[elazarl]

@thalesfsp can you please explain me again, why using the User pointer is not a good solution in this case?

I'm very open to listen, but was not able to spurr discussion.