net/tshttpproxy: support basic auth when available (#1354)

This allows proxy URLs such as: http://azurediamond:hunter2@192.168.122.154:38274 to be used in order to dial out to control, logs or derp servers. Signed-off-by: Christine Dodrill <xe@tailscale.com>
2025-01-05 14:57:49 +00:00 · 2021-02-17 16:01:47 -05:00 · 2021-02-17 16:01:47 -05:00 · 3e5c3e932c
commit 3e5c3e932c
parent d98ef5699d
2 changed files with 61 additions and 0 deletions
--- a/net/tshttpproxy/tshttpproxy.go
+++ b/net/tshttpproxy/tshttpproxy.go
@ -74,6 +74,18 @@ func GetAuthHeader(u *url.URL) (string, error) {
 	if sysAuthHeader != nil {
 		return sysAuthHeader(u)
 	}
+
+	if user := u.User.Username(); user != "" {
+		pass, ok := u.User.Password()
+		if !ok {
+			return "", nil
+		}
+
+		req := &http.Request{Header: make(http.Header)}
+		req.SetBasicAuth(user, pass)
+		return req.Header.Get("Authorization"), nil
+	}
+
 	return "", nil
 }

--- a/net/tshttpproxy/tshttpproxy_test.go
+++ b/net/tshttpproxy/tshttpproxy_test.go
@ -0,0 +1,49 @@
+// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !windows
+
+package tshttpproxy
+
+import (
+	"net/url"
+	"testing"
+)
+
+func TestGetAuthHeaderNoResult(t *testing.T) {
+	const proxyURL = `http://127.0.0.1:38274`
+
+	u, err := url.Parse(proxyURL)
+	if err != nil {
+		t.Fatalf("can't parse %q: %v", proxyURL, err)
+	}
+
+	ahval, err := GetAuthHeader(u)
+	if err != nil {
+		t.Fatalf("can't get auth header value: %v", err)
+	}
+
+	if ahval != "" {
+		t.Fatalf("wanted auth header value to be empty, got: %q", ahval)
+	}
+}
+
+func TestGetAuthHeaderBasicAuth(t *testing.T) {
+	const proxyURL = `http://user:password@127.0.0.1:38274`
+	const expect = `Basic dXNlcjpwYXNzd29yZA==`
+
+	u, err := url.Parse(proxyURL)
+	if err != nil {
+		t.Fatalf("can't parse %q: %v", proxyURL, err)
+	}
+
+	ahval, err := GetAuthHeader(u)
+	if err != nil {
+		t.Fatalf("can't get auth header value: %v", err)
+	}
+
+	if ahval != expect {
+		t.Fatalf("wrong auth header value: want: %q, got: %q", expect, ahval)
+	}
+}