From 439e8d591f6ee6eb42e880ae75859d913ef1329b Mon Sep 17 00:00:00 2001 From: YEVHENII SHCHERBINA Date: Mon, 22 Dec 2025 18:34:09 +0000 Subject: [PATCH] refactor: avoid code-duplication in CONNECT impl --- proxy/connect.go | 34 +--------------------------------- 1 file changed, 1 insertion(+), 33 deletions(-) diff --git a/proxy/connect.go b/proxy/connect.go index 7cf5742..e5664bd 100644 --- a/proxy/connect.go +++ b/proxy/connect.go @@ -6,15 +6,10 @@ import ( "io" "net" "net/http" - - "github.com/coder/boundary/audit" ) // handleCONNECT handles HTTP CONNECT requests for tunneling func (p *Server) handleCONNECT(conn net.Conn, req *http.Request) { - // Extract target from CONNECT request - // CONNECT requests have the target in req.Host (format: hostname:port) - p.logger.Debug("🔌 CONNECT request", "target", req.Host) // Send 200 Connection established response @@ -69,33 +64,6 @@ func (p *Server) handleCONNECTTunnel(conn net.Conn) { p.logger.Debug("🔒 HTTP Request in CONNECT tunnel", "method", req.Method, "url", req.URL.String(), "target", req.Host) // Process this request - check if allowed and forward to target - p.processTunnelRequest(tlsConn, req) + p.processHTTPRequest(tlsConn, req, true) } } - -// processTunnelRequest processes a single HTTP request from the CONNECT tunnel -func (p *Server) processTunnelRequest(conn net.Conn, req *http.Request) { - // Check if request should be allowed - // Use the original request URL but evaluate against rules - urlStr := req.Host + req.URL.String() - result := p.ruleEngine.Evaluate(req.Method, urlStr) - - // Audit the request - p.auditor.AuditRequest(audit.Request{ - Method: req.Method, - URL: req.URL.String(), - Host: req.Host, - Allowed: result.Allowed, - Rule: result.Rule, - }) - - if !result.Allowed { - p.logger.Debug("Request in CONNECT tunnel blocked", "method", req.Method, "url", urlStr) - p.writeBlockedResponse(conn, req) - return - } - - // Forward request to target - // The target is the original CONNECT target, but we use the request's host/path - p.forwardRequest(conn, req, true) -}