cloudflared-mirror/websocket/websocket.go

package websocket

import (
	"crypto/sha1"
	"encoding/base64"
	"net/http"

	"github.com/gorilla/websocket"
)

// IsWebSocketUpgrade checks to see if the request is a WebSocket connection.
func IsWebSocketUpgrade(req *http.Request) bool {
	return websocket.IsWebSocketUpgrade(req)
}

// NewResponseHeader returns headers needed to return to origin for completing handshake
func NewResponseHeader(req *http.Request) http.Header {
	header := http.Header{}
	header.Add("Connection", "Upgrade")
	header.Add("Sec-Websocket-Accept", generateAcceptKey(req.Header.Get("Sec-WebSocket-Key")))
	header.Add("Upgrade", "websocket")
	return header
}

// from RFC-6455
var keyGUID = []byte("258EAFA5-E914-47DA-95CA-C5AB0DC85B11")

func generateAcceptKey(challengeKey string) string {
	h := sha1.New()
	h.Write([]byte(challengeKey))
	h.Write(keyGUID)
	return base64.StdEncoding.EncodeToString(h.Sum(nil))
}
TUN-528: Move cloudflared into a separate repo 2018-05-01 23:45:06 +00:00			`package websocket`

			`import (`
			`"crypto/sha1"`
			`"encoding/base64"`
			`"net/http"`

			`"github.com/gorilla/websocket"`
			`)`

			`// IsWebSocketUpgrade checks to see if the request is a WebSocket connection.`
			`func IsWebSocketUpgrade(req *http.Request) bool {`
			`return websocket.IsWebSocketUpgrade(req)`
			`}`

TUN-3617: Separate service from client, and implement different client for http vs. tcp origins - extracted ResponseWriter from proxyConnection - added bastion tests over websocket - removed HTTPResp() - added some docstrings - Renamed some ingress clients as proxies - renamed instances of client to proxy in connection and origin - Stream no longer takes a context and logger.Service 2020-12-09 21:46:53 +00:00			`// NewResponseHeader returns headers needed to return to origin for completing handshake`
			`func NewResponseHeader(req *http.Request) http.Header {`
			`header := http.Header{}`
			`header.Add("Connection", "Upgrade")`
TUN-4168: Transparently proxy websocket connections using stdlib HTTP client instead of gorilla/websocket; move websocket client code into carrier package since it's only used by access subcommands now (#345). 2021-04-02 06:10:43 +00:00			`header.Add("Sec-Websocket-Accept", generateAcceptKey(req.Header.Get("Sec-WebSocket-Key")))`
TUN-3617: Separate service from client, and implement different client for http vs. tcp origins - extracted ResponseWriter from proxyConnection - added bastion tests over websocket - removed HTTPResp() - added some docstrings - Renamed some ingress clients as proxies - renamed instances of client to proxy in connection and origin - Stream no longer takes a context and logger.Service 2020-12-09 21:46:53 +00:00			`header.Add("Upgrade", "websocket")`
			`return header`
AUTH-1070: added SSH/protocol forwarding 2018-09-21 15:18:23 +00:00			`}`

TUN-4168: Transparently proxy websocket connections using stdlib HTTP client instead of gorilla/websocket; move websocket client code into carrier package since it's only used by access subcommands now (#345). 2021-04-02 06:10:43 +00:00			`// from RFC-6455`
			`var keyGUID = []byte("258EAFA5-E914-47DA-95CA-C5AB0DC85B11")`

			`func generateAcceptKey(challengeKey string) string {`
			`h := sha1.New()`
			`h.Write([]byte(challengeKey))`
			`h.Write(keyGUID)`
			`return base64.StdEncoding.EncodeToString(h.Sum(nil))`
			`}`