Merge branch 'file-transport'

Author: moriyoshi

README.md

@@ -18,7 +18,7 @@ It has the following features:
 
   This can be done since the name resolution is done in devproxy, which is configured to map any request for http://example.com to http://127.0.0.1:3000.
 
-* Transparent TLS wrapping (simulation of an SSL/TLS-enabled environment)
+* Transparent TLS termination / wrapping (simulation of an SSL/TLS-enabled environment)
 
   You can also make it possible to direct the request to `https://example.com/` to the upstream by adding the configuration like the following:
 
@@ -70,6 +70,42 @@ It has the following features:
           X-Cgi-Path-Info: $3
   ```
 
+* Serving files on the filesystem
+  
+  You can also serve the local files by specifying `file:` scheme as an upstream:
+
+  ```
+  hosts:
+    http://example.com:
+      - ^(/.*)$: file:///some-document-root$1
+  ```
+
+  **WARNING**: this feature does such naive path translation that is easily exploitable for path traversals beyond the document root.  Never expose the server to public when it is used.
+
+  ```
+  file_tx:
+    root: /var/empty
+    mime_type_file: /usr/share/mime/globs
+    mime_type_file_format: xdg-globs
+  ```
+
+  Toplevel `file_tx` section configures the file transport.
+
+  * `root` (string, optional)
+
+    Specifies the base directory for resolving a absolute path when a relative form of file URI yields from the match.
+
+  * `mime_type_file` (string, optional)
+
+    Specifies the path to the MIME-type-to-extension mapping file used to deduce a MIME type from the file's extension.
+    
+    devproxy will use Go's standard `mime.TypeForExtension()` function when unspecified.
+
+  * `mime_type_file_format` (string, optional)
+
+    Specifies the format for the MIME type file.  Accepted values are `apache` and `xdg-globs`.
+   
+
 * Proxy chaining
 
   You can direct outgoing requests to another proxy server.  This is useful in a restricted network environment.

config.go

@@ -53,6 +53,7 @@ import (
 	"time"
 
 	"github.com/cloudfoundry-incubator/candiedyaml"
+	"github.com/moriyoshi/mimetypes"
 	"github.com/pkg/errors"
 )
 
@@ -88,11 +89,17 @@ type ProxyConfig struct {
 	TLSConfig     *tls.Config
 }
 
+type FileTransportConfig struct {
+	RootDirectory string
+	MimeTypes     mimetypes.MediaTypeRegistry
+}
+
 type Config struct {
 	Hosts           map[string]*PerHostConfig
 	Proxy           ProxyConfig
 	MITM            MITMConfig
 	ResponseFilters []ResponseFilter
+	FileTransport   FileTransportConfig
 	NowGetter       func() (time.Time, error)
 }
 
@@ -955,6 +962,69 @@ func (ctx *ConfigReaderContext) extractResponseFilters(configMap map[string]inte
 	return
 }
 
+func (ctx *ConfigReaderContext) extractFileTransportConfig(configMap map[string]interface{}) (retval FileTransportConfig, err error) {
+	__fileTx, ok := configMap["file_tx"]
+	if !ok {
+		return
+	}
+
+	_fileTx, ok := __fileTx.(map[interface{}]interface{})
+	if !ok {
+		err = errors.Errorf("%s: invalid structure under file_tx", ctx.Filename)
+		return
+	}
+
+	{
+		root := "."
+		_root, ok := _fileTx["root"]
+		if ok {
+			root, ok = _root.(string)
+			if !ok {
+				err = errors.Errorf("%s: invalid value for file_tx/root", ctx.Filename)
+				return
+			}
+		}
+
+		if !filepath.IsAbs(root) {
+			var wd string
+			wd, err = os.Getwd()
+			if err != nil {
+				return
+			}
+			root = filepath.Clean(filepath.Join(wd, root))
+		}
+
+		retval.RootDirectory = root
+	}
+
+	{
+		_mimeTypeFile, ok := _fileTx["mime_type_file"]
+		if ok {
+			mimeTypeFile, ok := _mimeTypeFile.(string)
+			if !ok {
+				err = errors.Errorf("%s: invalid value for file_tx/mime_type_file", ctx.Filename)
+				return
+			}
+			mimeTypeFileFormat := "apache"
+			_mimeTypeFileFormat, ok := _fileTx["mime_type_file_format"]
+			if ok {
+				mimeTypeFileFormat, ok = _mimeTypeFileFormat.(string)
+				if !ok {
+					err = errors.Errorf("%s: invalid value for file_tx/mime_type_file_format", ctx.Filename)
+					return
+				}
+			}
+			retval.MimeTypes, err = mimetypes.Load(mimeTypeFile, mimeTypeFileFormat)
+			if err != nil {
+				err = errors.Wrapf(err, "failed to load %s", mimeTypeFile)
+				return
+			}
+		}
+	}
+
+	return
+}
+
 func defaultNow() (time.Time, error) {
 	return time.Now(), nil
 }
@@ -991,11 +1061,18 @@ func loadConfig(yamlFile string, progname string) (*Config, error) {
 	if err != nil {
 		return nil, err
 	}
+
+	fileTransport, err := ctx.extractFileTransportConfig(configMap)
+	if err != nil {
+		return nil, err
+	}
+
 	return &Config{
 		Hosts:           perHostConfigs,
 		Proxy:           proxy,
 		MITM:            mitm,
 		ResponseFilters: responseFilters,
+		FileTransport:   fileTransport,
 		NowGetter:       defaultNow,
 	}, nil
 }

filetx.go

@@ -0,0 +1,109 @@
+/*
+ * Copyright (c) 2016 Moriyoshi Koizumi
+ * Copyright (c) 2012 Elazar Leibovich.
+ * Copyright (c) 2012 The Go Authors.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ *    * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *    * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ *    * Neither the name of Elazar Leibovich. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+package main
+
+import (
+	"fmt"
+	"mime"
+	"net/http"
+	"os"
+	"path/filepath"
+
+	"github.com/moriyoshi/mimetypes"
+	_ "github.com/moriyoshi/mimetypes/loaders"
+	"github.com/moriyoshi/simplefiletx"
+)
+
+var httpMetaKeys = []string{"Content-Type"}
+
+const defaultMimeType = "application/octet-stream"
+
+type MyOpener struct {
+	MimeTypes mimetypes.MediaTypeRegistry
+}
+
+type MyReaderWithStat struct {
+	inner  simplefiletx.ReaderWithStat
+	name   string
+	opener *MyOpener
+}
+
+func (opener *MyOpener) Open(name string) (simplefiletx.ReaderWithStat, error) {
+	f, err := os.Open(name)
+	if err != nil {
+		return nil, err
+	}
+
+	return &MyReaderWithStat{f, name, opener}, nil
+}
+
+func (rws *MyReaderWithStat) Read(b []byte) (int, error) {
+	return rws.inner.Read(b)
+}
+
+func (rws *MyReaderWithStat) Close() error {
+	return rws.inner.Close()
+}
+
+func (rws *MyReaderWithStat) Stat() (os.FileInfo, error) {
+	return rws.inner.Stat()
+}
+
+func (rws *MyReaderWithStat) GetHTTPMetadataKeys() ([]string, error) {
+	return httpMetaKeys, nil
+}
+
+func (rws *MyReaderWithStat) GetHTTPMetadata(k string) ([]string, error) {
+	if k == "Content-Type" {
+		ext := filepath.Ext(rws.name)
+		var mimeType string
+		if rws.opener.MimeTypes != nil {
+			mimeType = rws.opener.MimeTypes.TypeByExtension(ext)
+		} else {
+			mimeType = mime.TypeByExtension(ext)
+		}
+		if mimeType == "" {
+			mimeType = defaultMimeType
+		}
+		return []string{mimeType}, nil
+	}
+	return nil, fmt.Errorf("no such key: %s", k)
+}
+
+func NewFileTransport(config FileTransportConfig) http.RoundTripper {
+	return &simplefiletx.SimpleFileTransport{
+		BaseDir: config.RootDirectory,
+		Opener:  &MyOpener{config.MimeTypes},
+	}
+}

main.go

@@ -188,6 +188,7 @@ func (ctx *DevProxy) newHttpTransport() *httpx.Transport {
 		Proxy2:          ctx.newProxyURLBuilder(),
 	}
 	transport.RegisterProtocol("fastcgi", &fastCGIRoundTripper{Logger: ctx.Logger})
+	transport.RegisterProtocol("file", NewFileTransport(ctx.Config.FileTransport))
 	return transport
 }
 
@@ -242,10 +243,10 @@ func (ctx *DevProxy) prepareMITMCertificate(hosts []string) (*tls.Certificate, e
 		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDataEncipherment | x509.KeyUsageDigitalSignature,
 		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
 		BasicConstraintsValid: true,
-		IsCA:           false,
-		MaxPathLen:     0,
-		MaxPathLenZero: true,
-		DNSNames:       hosts,
+		IsCA:                  false,
+		MaxPathLen:            0,
+		MaxPathLenZero:        true,
+		DNSNames:              hosts,
 	}
 	derBytes, err := x509.CreateCertificate(ctx.CryptoRandReader, &template, ca.Certificate, ca.Certificate.PublicKey, ca.PrivateKey)
 	if err != nil {