Merge pull request chobits#59 from chobits/for_pull_request

simplify patch: move CONNECT request checking logic to module source

Author: chobits

ngx_http_proxy_connect_module.c

@@ -80,6 +80,7 @@ typedef struct {
 } ngx_http_proxy_connect_ctx_t;
 
 
+static ngx_int_t ngx_http_proxy_connect_init(ngx_conf_t *cf);
 static ngx_int_t ngx_http_proxy_connect_add_variables(ngx_conf_t *cf);
 static ngx_int_t ngx_http_proxy_connect_connect_addr_variable(
     ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data);
@@ -170,7 +171,7 @@ static ngx_command_t  ngx_http_proxy_connect_commands[] = {
 
 static ngx_http_module_t  ngx_http_proxy_connect_module_ctx = {
     ngx_http_proxy_connect_add_variables,   /* preconfiguration */
-    NULL,                                   /* postconfiguration */
+    ngx_http_proxy_connect_init,            /* postconfiguration */
 
     NULL,                                   /* create main configuration */
     NULL,                                   /* init main configuration */
@@ -1568,11 +1569,14 @@ ngx_http_proxy_connect_allow(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
 static char *
 ngx_http_proxy_connect(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
 {
-    ngx_http_core_loc_conf_t   *clcf;
+    ngx_http_core_loc_conf_t            *clcf;
+    ngx_http_proxy_connect_loc_conf_t   *pclcf;
 
     clcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_core_module);
     clcf->handler = ngx_http_proxy_connect_handler;
-    clcf->accept_connect = 1;
+
+    pclcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_proxy_connect_module);
+    pclcf->accept_connect = 1;
 
     return NGX_CONF_OK;
 }
@@ -1970,3 +1974,39 @@ ngx_http_proxy_connect_add_variables(ngx_conf_t *cf)
 
     return NGX_OK;
 }
+
+
+static ngx_int_t
+ngx_http_proxy_connect_post_read_handler(ngx_http_request_t *r)
+{
+    ngx_http_proxy_connect_loc_conf_t *pclcf;
+
+    pclcf = ngx_http_get_module_loc_conf(r, ngx_http_proxy_connect_module);
+
+    if (r->method == NGX_HTTP_CONNECT && !pclcf->accept_connect) {
+        ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+                      "client sent connect method");
+        return NGX_HTTP_BAD_REQUEST;
+    }
+
+    return NGX_DECLINED;
+}
+
+
+static ngx_int_t
+ngx_http_proxy_connect_init(ngx_conf_t *cf)
+{
+    ngx_http_core_main_conf_t  *cmcf;
+    ngx_http_handler_pt        *h;
+
+    cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module);
+
+    h = ngx_array_push(&cmcf->phases[NGX_HTTP_POST_READ_PHASE].handlers);
+    if (h == NULL) {
+        return NGX_ERROR;
+    }
+
+    *h = ngx_http_proxy_connect_post_read_handler;
+
+    return NGX_OK;
+}

patch/proxy_connect.patch

@@ -44,20 +44,6 @@ diff -r c5f81dcf97a7 src/http/ngx_http_core_module.c
      clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
 
      if (clcf->try_files == NULL) {
-diff -r c5f81dcf97a7 src/http/ngx_http_core_module.h
---- a/src/http/ngx_http_core_module.h	Thu Mar 03 21:14:19 2016 +0300
-+++ b/src/http/ngx_http_core_module.h	Thu Mar 10 15:41:41 2016 +0800
-@@ -343,6 +343,10 @@
- #endif
- #endif
- 
-+#if (NGX_HTTP_PROXY_CONNECT)
-+    unsigned      accept_connect:1;
-+#endif
-+
-     ngx_http_location_tree_node_t   *static_locations;
- #if (NGX_PCRE)
-     ngx_http_core_loc_conf_t       **regex_locations;
 diff -r c5f81dcf97a7 src/http/ngx_http_parse.c
 --- a/src/http/ngx_http_parse.c	Thu Mar 03 21:14:19 2016 +0300
 +++ b/src/http/ngx_http_parse.c	Thu Mar 10 15:41:41 2016 +0800
@@ -293,28 +279,6 @@ diff -r c5f81dcf97a7 src/http/ngx_http_request.c
          if (r->host_start) {
              r->host_start = new + (r->host_start - old);
              if (r->host_end) {
-@@ -1838,6 +1898,21 @@
- 
-     c = r->connection;
- 
-+#if (NGX_HTTP_PROXY_CONNECT)
-+
-+    ngx_http_core_loc_conf_t    *clcf;
-+
-+    clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
-+
-+    if (r->method == NGX_HTTP_CONNECT && !clcf->accept_connect) {
-+        ngx_log_error(NGX_LOG_INFO, c->log, 0,
-+                      "client sent connect method");
-+        ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);
-+        return;
-+    }
-+
-+#endif
-+
- #if (NGX_HTTP_SSL)
- 
-     if (r->http_connection->ssl) {
 diff -r c5f81dcf97a7 src/http/ngx_http_request.h
 --- a/src/http/ngx_http_request.h	Thu Mar 03 21:14:19 2016 +0300
 +++ b/src/http/ngx_http_request.h	Thu Mar 10 15:41:41 2016 +0800

patch/proxy_connect_1014.patch

@@ -31,21 +31,6 @@ index 5951571..09f3188 100644
      rc = ngx_http_core_find_location(r);
 
      if (rc == NGX_ERROR) {
-diff --git a/src/http/ngx_http_core_module.h b/src/http/ngx_http_core_module.h
-index a6128b5..c21230b 100644
---- a/src/http/ngx_http_core_module.h
-+++ b/src/http/ngx_http_core_module.h
-@@ -315,6 +315,10 @@ struct ngx_http_core_loc_conf_s {
-     unsigned      gzip_disable_degradation:2;
- #endif
- 
-+#if (NGX_HTTP_PROXY_CONNECT)
-+    unsigned      accept_connect:1;
-+#endif
-+
-     ngx_http_location_tree_node_t   *static_locations;
- #if (NGX_PCRE)
-     ngx_http_core_loc_conf_t       **regex_locations;
 diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c
 index 844054c..1b5adf9 100644
 --- a/src/http/ngx_http_parse.c
@@ -283,28 +268,6 @@ index 5668bf4..430a67f 100644
          if (r->host_start) {
              r->host_start = new + (r->host_start - old);
              if (r->host_end) {
-@@ -1876,6 +1936,21 @@ ngx_http_process_request(ngx_http_request_t *r)
- 
-     c = r->connection;
- 
-+#if (NGX_HTTP_PROXY_CONNECT)
-+
-+    ngx_http_core_loc_conf_t    *clcf;
-+
-+    clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
-+
-+    if (r->method == NGX_HTTP_CONNECT && !clcf->accept_connect) {
-+        ngx_log_error(NGX_LOG_INFO, c->log, 0,
-+                      "client sent connect method");
-+        ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);
-+        return;
-+    }
-+
-+#endif
-+
- #if (NGX_HTTP_SSL)
- 
-     if (r->http_connection->ssl) {
 diff --git a/src/http/ngx_http_request.h b/src/http/ngx_http_request.h
 index 421004a..f07d4e7 100644
 --- a/src/http/ngx_http_request.h

patch/proxy_connect_rewrite.patch

@@ -30,20 +30,6 @@ diff -r c5f81dcf97a7 src/http/ngx_http_core_module.c
      clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
 
      if (clcf->try_files == NULL) {
-diff -r c5f81dcf97a7 src/http/ngx_http_core_module.h
---- a/src/http/ngx_http_core_module.h	Thu Mar 03 21:14:19 2016 +0300
-+++ b/src/http/ngx_http_core_module.h	Thu Mar 10 15:41:41 2016 +0800
-@@ -343,6 +343,10 @@
- #endif
- #endif
- 
-+#if (NGX_HTTP_PROXY_CONNECT)
-+    unsigned      accept_connect:1;
-+#endif
-+
-     ngx_http_location_tree_node_t   *static_locations;
- #if (NGX_PCRE)
-     ngx_http_core_loc_conf_t       **regex_locations;
 diff -r c5f81dcf97a7 src/http/ngx_http_parse.c
 --- a/src/http/ngx_http_parse.c	Thu Mar 03 21:14:19 2016 +0300
 +++ b/src/http/ngx_http_parse.c	Thu Mar 10 15:41:41 2016 +0800
@@ -279,28 +265,6 @@ diff -r c5f81dcf97a7 src/http/ngx_http_request.c
          if (r->host_start) {
              r->host_start = new + (r->host_start - old);
              if (r->host_end) {
-@@ -1838,6 +1898,21 @@
- 
-     c = r->connection;
- 
-+#if (NGX_HTTP_PROXY_CONNECT)
-+
-+    ngx_http_core_loc_conf_t    *clcf;
-+
-+    clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
-+
-+    if (r->method == NGX_HTTP_CONNECT && !clcf->accept_connect) {
-+        ngx_log_error(NGX_LOG_INFO, c->log, 0,
-+                      "client sent connect method");
-+        ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);
-+        return;
-+    }
-+
-+#endif
-+
- #if (NGX_HTTP_SSL)
- 
-     if (r->http_connection->ssl) {
 diff -r c5f81dcf97a7 src/http/ngx_http_request.h
 --- a/src/http/ngx_http_request.h	Thu Mar 03 21:14:19 2016 +0300
 +++ b/src/http/ngx_http_request.h	Thu Mar 10 15:41:41 2016 +0800

patch/proxy_connect_rewrite_1014.patch

@@ -17,21 +17,6 @@ index 5951571..e950f50 100644
      rc = ngx_http_core_find_location(r);
 
      if (rc == NGX_ERROR) {
-diff --git a/src/http/ngx_http_core_module.h b/src/http/ngx_http_core_module.h
-index a6128b5..c21230b 100644
---- a/src/http/ngx_http_core_module.h
-+++ b/src/http/ngx_http_core_module.h
-@@ -315,6 +315,10 @@ struct ngx_http_core_loc_conf_s {
-     unsigned      gzip_disable_degradation:2;
- #endif
- 
-+#if (NGX_HTTP_PROXY_CONNECT)
-+    unsigned      accept_connect:1;
-+#endif
-+
-     ngx_http_location_tree_node_t   *static_locations;
- #if (NGX_PCRE)
-     ngx_http_core_loc_conf_t       **regex_locations;
 diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c
 index 844054c..1b5adf9 100644
 --- a/src/http/ngx_http_parse.c
@@ -269,28 +254,6 @@ index 5668bf4..430a67f 100644
          if (r->host_start) {
              r->host_start = new + (r->host_start - old);
              if (r->host_end) {
-@@ -1876,6 +1936,21 @@ ngx_http_process_request(ngx_http_request_t *r)
- 
-     c = r->connection;
- 
-+#if (NGX_HTTP_PROXY_CONNECT)
-+
-+    ngx_http_core_loc_conf_t    *clcf;
-+
-+    clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
-+
-+    if (r->method == NGX_HTTP_CONNECT && !clcf->accept_connect) {
-+        ngx_log_error(NGX_LOG_INFO, c->log, 0,
-+                      "client sent connect method");
-+        ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);
-+        return;
-+    }
-+
-+#endif
-+
- #if (NGX_HTTP_SSL)
- 
-     if (r->http_connection->ssl) {
 diff --git a/src/http/ngx_http_request.h b/src/http/ngx_http_request.h
 index 421004a..f07d4e7 100644
 --- a/src/http/ngx_http_request.h