Adding connect auth feature. Proxy-Authorization header is being inserted when user creds are present in uri
diff --git a/src/core/ext/filters/client_channel/http_proxy.c b/src/core/ext/filters/client_channel/http_proxy.c
index cfb5ec6..faa4b3c 100644
--- a/src/core/ext/filters/client_channel/http_proxy.c
+++ b/src/core/ext/filters/client_channel/http_proxy.c
@@ -30,13 +30,17 @@
#include "src/core/ext/filters/client_channel/uri_parser.h"
#include "src/core/lib/channel/channel_args.h"
#include "src/core/lib/support/env.h"
+#include "src/core/lib/support/string.h"
+#include "src/core/lib/slice/b64.h"
-static char* grpc_get_http_proxy_server(grpc_exec_ctx* exec_ctx) {
+static void grpc_get_http_proxy_server(grpc_exec_ctx* exec_ctx,
+ char **name_to_resolve,
+ char **user_cred) {
+ *name_to_resolve = NULL;
char* uri_str = gpr_getenv("http_proxy");
- if (uri_str == NULL) return NULL;
+ if (uri_str == NULL) return;
grpc_uri* uri =
grpc_uri_parse(exec_ctx, uri_str, false /* suppress_errors */);
- char* proxy_name = NULL;
if (uri == NULL || uri->authority == NULL) {
gpr_log(GPR_ERROR, "cannot parse value of 'http_proxy' env var");
goto done;
@@ -45,15 +49,18 @@
gpr_log(GPR_ERROR, "'%s' scheme not supported in proxy URI", uri->scheme);
goto done;
}
- if (strchr(uri->authority, '@') != NULL) {
- gpr_log(GPR_ERROR, "userinfo not supported in proxy URI");
- goto done;
+ char *user_cred_end = strchr(uri->authority, '@');
+ if (user_cred_end != NULL) {
+ *name_to_resolve = gpr_strdup(user_cred_end + 1);
+ *user_cred_end = '\0';
+ *user_cred = gpr_strdup(uri->authority);
+ gpr_log(GPR_INFO, "userinfo found in proxy URI");
+ } else {
+ *name_to_resolve = gpr_strdup(uri->authority);
}
- proxy_name = gpr_strdup(uri->authority);
done:
gpr_free(uri_str);
grpc_uri_destroy(uri);
- return proxy_name;
}
static bool proxy_mapper_map_name(grpc_exec_ctx* exec_ctx,
@@ -62,7 +69,8 @@
const grpc_channel_args* args,
char** name_to_resolve,
grpc_channel_args** new_args) {
- *name_to_resolve = grpc_get_http_proxy_server(exec_ctx);
+ char *user_cred = NULL;
+ grpc_get_http_proxy_server(exec_ctx, name_to_resolve, &user_cred);
if (*name_to_resolve == NULL) return false;
grpc_uri* uri =
grpc_uri_parse(exec_ctx, server_uri, false /* suppress_errors */);
@@ -71,19 +79,40 @@
"'http_proxy' environment variable set, but cannot "
"parse server URI '%s' -- not using proxy",
server_uri);
- if (uri != NULL) grpc_uri_destroy(uri);
+ if (uri != NULL) {
+ gpr_free(user_cred);
+ grpc_uri_destroy(uri);
+ }
return false;
}
if (strcmp(uri->scheme, "unix") == 0) {
gpr_log(GPR_INFO, "not using proxy for Unix domain socket '%s'",
server_uri);
+ gpr_free(user_cred);
grpc_uri_destroy(uri);
return false;
}
- grpc_arg new_arg = grpc_channel_arg_string_create(
+
+ grpc_arg args_to_add[2];
+ args_to_add[0] = grpc_channel_arg_string_create(
GRPC_ARG_HTTP_CONNECT_SERVER,
uri->path[0] == '/' ? uri->path + 1 : uri->path);
- *new_args = grpc_channel_args_copy_and_add(args, &new_arg, 1);
+
+ if(user_cred != NULL) {
+ /* Use base64 encoding for user credentials */
+ char *encoded_user_cred =
+ grpc_base64_encode(user_auth, strlen(user_cred), 0, 0);
+ char *header;
+ gpr_asprintf(&header, "Proxy-Authorization:Basic %s", encoded_user_cred);
+ gpr_free(encoded_user_cred);
+ args_to_add[1] = grpc_channel_arg_string_create(
+ GRPC_ARG_HTTP_CONNECT_HEADERS, header);
+ *new_args = grpc_channel_args_copy_and_add(args, args_to_add, 2);
+ gpr_free(header);
+ } else {
+ *new_args = grpc_channel_args_copy_and_add(args, args_to_add, 1);
+ }
+ gpr_free(user_cred);
grpc_uri_destroy(uri);
return true;
}