refactor: avoid code-duplication in CONNECT impl

proxy/connect.go

@@ -6,15 +6,10 @@ import (
 	"io"
 	"net"
 	"net/http"
-
-	"github.com/coder/boundary/audit"
 )
 
 // handleCONNECT handles HTTP CONNECT requests for tunneling
 func (p *Server) handleCONNECT(conn net.Conn, req *http.Request) {
-	// Extract target from CONNECT request
-	// CONNECT requests have the target in req.Host (format: hostname:port)
-
 	p.logger.Debug("🔌 CONNECT request", "target", req.Host)
 
 	// Send 200 Connection established response
@@ -69,33 +64,6 @@ func (p *Server) handleCONNECTTunnel(conn net.Conn) {
 		p.logger.Debug("🔒 HTTP Request in CONNECT tunnel", "method", req.Method, "url", req.URL.String(), "target", req.Host)
 
 		// Process this request - check if allowed and forward to target
-		p.processTunnelRequest(tlsConn, req)
+		p.processHTTPRequest(tlsConn, req, true)
 	}
 }
-
-// processTunnelRequest processes a single HTTP request from the CONNECT tunnel
-func (p *Server) processTunnelRequest(conn net.Conn, req *http.Request) {
-	// Check if request should be allowed
-	// Use the original request URL but evaluate against rules
-	urlStr := req.Host + req.URL.String()
-	result := p.ruleEngine.Evaluate(req.Method, urlStr)
-
-	// Audit the request
-	p.auditor.AuditRequest(audit.Request{
-		Method:  req.Method,
-		URL:     req.URL.String(),
-		Host:    req.Host,
-		Allowed: result.Allowed,
-		Rule:    result.Rule,
-	})
-
-	if !result.Allowed {
-		p.logger.Debug("Request in CONNECT tunnel blocked", "method", req.Method, "url", urlStr)
-		p.writeBlockedResponse(conn, req)
-		return
-	}
-
-	// Forward request to target
-	// The target is the original CONNECT target, but we use the request's host/path
-	p.forwardRequest(conn, req, true)
-}