mitmproxy/mitmproxy/addons/upstream_auth.py

import re
import base64

from mitmproxy import exceptions
from mitmproxy import ctx
from mitmproxy.utils import strutils


def parse_upstream_auth(auth):
    pattern = re.compile(".+:")
    if pattern.search(auth) is None:
        raise exceptions.OptionsError(
            "Invalid upstream auth specification: %s" % auth
        )
    return b"Basic" + b" " + base64.b64encode(strutils.always_bytes(auth))


class UpstreamAuth():
    """
        This addon handles authentication to systems upstream from us for the
        upstream proxy and reverse proxy mode. There are 3 cases:

        - Upstream proxy CONNECT requests should have authentication added, and
          subsequent already connected requests should not.
        - Upstream proxy regular requests
        - Reverse proxy regular requests (CONNECT is invalid in this mode)
    """
    def __init__(self):
        self.auth = None

    def configure(self, updated):
        # FIXME: We're doing this because our proxy core is terminally confused
        # at the moment. Ideally, we should be able to check if we're in
        # reverse proxy mode at the HTTP layer, so that scripts can put the
        # proxy in reverse proxy mode for specific reuests.
        if "upstream_auth" in updated:
            if ctx.options.upstream_auth is None:
                self.auth = None
            else:
                self.auth = parse_upstream_auth(ctx.options.upstream_auth)

    def http_connect(self, f):
        if self.auth and f.mode == "upstream":
            f.request.headers["Proxy-Authorization"] = self.auth

    def requestheaders(self, f):
        if self.auth:
            if f.mode == "upstream" and not f.server_conn.via:
                f.request.headers["Proxy-Authorization"] = self.auth
            elif ctx.options.mode == "reverse":
                f.request.headers["Proxy-Authorization"] = self.auth
Upstream proxy auth to addon 2016-11-11 22:39:16 +00:00			`import re`
			`import base64`

			`from mitmproxy import exceptions`
Move options into ctx Many addons currently save options on configure(), either as individual options or sometimes by saving the entire options object. The current options should simply be available on the ctx object, simplifying state management for addons considerably. 2017-04-25 22:25:56 +00:00			`from mitmproxy import ctx`
Upstream proxy auth to addon 2016-11-11 22:39:16 +00:00			`from mitmproxy.utils import strutils`


			`def parse_upstream_auth(auth):`
			`pattern = re.compile(".+:")`
			`if pattern.search(auth) is None:`
			`raise exceptions.OptionsError(`
			`"Invalid upstream auth specification: %s" % auth`
			`)`
			`return b"Basic" + b" " + base64.b64encode(strutils.always_bytes(auth))`


upstream_proxy_auth -> upstream_auth Also clarify what this does in commandline help. 2016-11-12 22:50:28 +00:00			`class UpstreamAuth():`
Complete upstream authentication module - Handles upstream CONNECT and regular requests, plus HTTP Basic for reverse proxy - Add some tests to make sure we can rely on the .via attribute on server connections. 2016-11-12 22:43:27 +00:00			`"""`
			`This addon handles authentication to systems upstream from us for the`
			`upstream proxy and reverse proxy mode. There are 3 cases:`

			`- Upstream proxy CONNECT requests should have authentication added, and`
			`subsequent already connected requests should not.`
			`- Upstream proxy regular requests`
			`- Reverse proxy regular requests (CONNECT is invalid in this mode)`
			`"""`
Upstream proxy auth to addon 2016-11-11 22:39:16 +00:00			`def __init__(self):`
			`self.auth = None`

configure(options, updated) -> configure(updated) Options are now available globally on ctx, so the first argument of configure is redundant. 2017-04-25 23:01:27 +00:00			`def configure(self, updated):`
Complete upstream authentication module - Handles upstream CONNECT and regular requests, plus HTTP Basic for reverse proxy - Add some tests to make sure we can rely on the .via attribute on server connections. 2016-11-12 22:43:27 +00:00			`# FIXME: We're doing this because our proxy core is terminally confused`
			`# at the moment. Ideally, we should be able to check if we're in`
			`# reverse proxy mode at the HTTP layer, so that scripts can put the`
			`# proxy in reverse proxy mode for specific reuests.`
Upstream proxy auth to addon 2016-11-11 22:39:16 +00:00			`if "upstream_auth" in updated:`
configure(options, updated) -> configure(updated) Options are now available globally on ctx, so the first argument of configure is redundant. 2017-04-25 23:01:27 +00:00			`if ctx.options.upstream_auth is None:`
Upstream proxy auth to addon 2016-11-11 22:39:16 +00:00			`self.auth = None`
			`else:`
configure(options, updated) -> configure(updated) Options are now available globally on ctx, so the first argument of configure is redundant. 2017-04-25 23:01:27 +00:00			`self.auth = parse_upstream_auth(ctx.options.upstream_auth)`
Upstream proxy auth to addon 2016-11-11 22:39:16 +00:00
Complete upstream authentication module - Handles upstream CONNECT and regular requests, plus HTTP Basic for reverse proxy - Add some tests to make sure we can rely on the .via attribute on server connections. 2016-11-12 22:43:27 +00:00			`def http_connect(self, f):`
Upstream proxy auth to addon 2016-11-11 22:39:16 +00:00			`if self.auth and f.mode == "upstream":`
			`f.request.headers["Proxy-Authorization"] = self.auth`
Complete upstream authentication module - Handles upstream CONNECT and regular requests, plus HTTP Basic for reverse proxy - Add some tests to make sure we can rely on the .via attribute on server connections. 2016-11-12 22:43:27 +00:00
			`def requestheaders(self, f):`
			`if self.auth:`
			`if f.mode == "upstream" and not f.server_conn.via:`
			`f.request.headers["Proxy-Authorization"] = self.auth`
Move options into ctx Many addons currently save options on configure(), either as individual options or sometimes by saving the entire options object. The current options should simply be available on the ctx object, simplifying state management for addons considerably. 2017-04-25 22:25:56 +00:00			`elif ctx.options.mode == "reverse":`
Complete upstream authentication module - Handles upstream CONNECT and regular requests, plus HTTP Basic for reverse proxy - Add some tests to make sure we can rely on the .via attribute on server connections. 2016-11-12 22:43:27 +00:00			`f.request.headers["Proxy-Authorization"] = self.auth`