MCPcopy
hub / github.com/AdguardTeam/dnsproxy / ServeHTTP

Method ServeHTTP

proxy/serverhttps.go:198–252  ·  view source on GitHub ↗

ServeHTTP is the http.Handler implementation that handles DoH queries. Here is what it returns: - http.StatusNotFound if the request is not encrypted and proxy is not configured to accept unencrypted requests, - http.StatusBadRequest if there is no DNS request data, - http.StatusUnsupportedMediaTy

(w http.ResponseWriter, r *http.Request)

Source from the content-addressed store, hash-verified

196// "application/dns-message",
197// - http.StatusMethodNotAllowed if request method is not GET or POST.
198func (p *Proxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {
199 ctx := r.Context()
200 ctx, cancel := p.reqCtx.New(ctx)
201 defer cancel()
202
203 p.logger.DebugContext(ctx, "incoming https request", "url", r.URL)
204
205 if !p.HTTPConfig.InsecureEnabled && r.TLS == nil {
206 statusCode := http.StatusNotFound
207 http.Error(w, http.StatusText(statusCode), statusCode)
208
209 return
210 }
211
212 raddr, prx, err := remoteAddr(r, p.logger)
213 if err != nil {
214 p.logger.DebugContext(ctx, "getting real ip", slogutil.KeyError, err)
215 }
216
217 if !p.checkBasicAuth(w, r, raddr) {
218 return
219 }
220
221 req, statusCode := newDoHReq(ctx, r, p.logger)
222 if req == nil {
223 http.Error(w, http.StatusText(statusCode), statusCode)
224
225 return
226 }
227
228 if prx.IsValid() {
229 l := p.logger.With("addr", prx)
230
231 l.DebugContext(ctx, "request came from proxy server")
232
233 if !p.TrustedProxies.Contains(prx.Addr()) {
234 l.DebugContext(ctx, "proxy is not trusted, using original remote addr")
235
236 // So the address of the proxy itself is used, as the remote address
237 // parsed from headers cannot be trusted.
238 //
239 // TODO(e.burkov): Do not parse headers in this case.
240 raddr = prx
241 }
242 }
243
244 d := p.newDNSContext(ProtoHTTPS, req, raddr)
245 d.HTTPRequest = r
246 d.HTTPResponseWriter = w
247
248 err = p.handleDNSRequest(ctx, d)
249 if err != nil {
250 p.logger.DebugContext(ctx, "handling dns request", "proto", d.Proto, slogutil.KeyError, err)
251 }
252}
253
254// checkBasicAuth checks the basic authorization data, if necessary, and if the
255// data isn't valid, it writes an error. shouldHandle is false if the request

Callers

nothing calls this directly

Calls 7

checkBasicAuthMethod · 0.95
newDNSContextMethod · 0.95
handleDNSRequestMethod · 0.95
remoteAddrFunction · 0.85
newDoHReqFunction · 0.85
AddrMethod · 0.80
ErrorMethod · 0.45

Tested by

no test coverage detected