Skip to content

Commit

Permalink
Move the custom request handler call after the main acl check
Browse files Browse the repository at this point in the history
  • Loading branch information
@sergeyrud-stripe
sergeyrud-stripe committed May 24, 2023
1 parent 65b5bdb commit a33f085
Showing 1 changed file with 16 additions and 18 deletions.
34 changes: 16 additions & 18 deletions pkg/smokescreen/smokescreen.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -477,16 +477,6 @@ func BuildProxy(config *Config) *goproxy.ProxyHttpServer {
}

sctx.logger.WithField("url", req.RequestURI).Debug("received HTTP proxy request")

// Call the custom request handler if it exists
if config.CustomRequestHandler != nil {
err = config.CustomRequestHandler(req)
if err != nil {
pctx.Error = denyError{err}
return req, rejectResponse(pctx, pctx.Error)
}
}

sctx.decision, sctx.lookupTime, pctx.Error = checkIfRequestShouldBeProxied(config, req, destination)

// Returning any kind of response in this handler is goproxy's way of short circuiting
Expand All @@ -499,6 +489,15 @@ func BuildProxy(config *Config) *goproxy.ProxyHttpServer {
return req, rejectResponse(pctx, denyError{errors.New(sctx.decision.reason)})
}

// Call the custom request handler if it exists
if config.CustomRequestHandler != nil {
err = config.CustomRequestHandler(req)
if err != nil {
pctx.Error = denyError{err}
return req, rejectResponse(pctx, pctx.Error)
}
}

// Proceed with proxying the request
return req, nil
})
Expand Down Expand Up @@ -621,6 +620,13 @@ func handleConnect(config *Config, pctx *goproxy.ProxyCtx) (string, error) {
pctx.Error = denyError{err}
return "", pctx.Error
}
sctx.decision, sctx.lookupTime, pctx.Error = checkIfRequestShouldBeProxied(config, pctx.Req, destination)
if pctx.Error != nil {
return "", denyError{pctx.Error}
}
if !sctx.decision.allow {
return "", denyError{errors.New(sctx.decision.reason)}
}

// Call the custom request handler if it exists
if config.CustomRequestHandler != nil {
Expand All @@ -631,14 +637,6 @@ func handleConnect(config *Config, pctx *goproxy.ProxyCtx) (string, error) {
}
}

sctx.decision, sctx.lookupTime, pctx.Error = checkIfRequestShouldBeProxied(config, pctx.Req, destination)
if pctx.Error != nil {
return "", denyError{pctx.Error}
}
if !sctx.decision.allow {
return "", denyError{errors.New(sctx.decision.reason)}
}

return destination.String(), nil
}

Expand Down

0 comments on commit a33f085

Please sign in to comment.