MCPcopy
hub / github.com/mudler/LocalAI / passthroughHandler

Function passthroughHandler

core/services/cloudproxy/mitm/proxy_test.go:23–72  ·  view source on GitHub ↗

passthroughHandler is the test fixture: forward the parsed request to the upstream and stream the response back. Mirrors what a production handler would do without any PII rewriting, so the proxy core's CONNECT/TLS/req-loop semantics are testable in isolation from the redaction logic.

(upstreamRoots *x509.CertPool, upstreamAddr string)

Source from the content-addressed store, hash-verified

21// so the proxy core's CONNECT/TLS/req-loop semantics are testable
22// in isolation from the redaction logic.
23func passthroughHandler(upstreamRoots *x509.CertPool, upstreamAddr string) InterceptHandler {
24 return func(w http.ResponseWriter, r *http.Request, host string) {
25 // Build the upstream URL — host is what the client thought
26 // it was talking to (api.anthropic.com); upstreamAddr is
27 // where the test fake actually lives. We use upstreamAddr
28 // directly because the test fake's cert is self-signed
29 // against an arbitrary CA we control.
30 u := *r.URL
31 u.Scheme = "https"
32 u.Host = upstreamAddr
33
34 body := r.Body
35 req, err := http.NewRequest(r.Method, u.String(), body)
36 if err != nil {
37 http.Error(w, "bad request: "+err.Error(), http.StatusBadRequest)
38 return
39 }
40 req.Header = r.Header.Clone()
41 req.Header.Set("Host", host)
42
43 client := &http.Client{
44 Transport: &http.Transport{
45 TLSClientConfig: &tls.Config{
46 RootCAs: upstreamRoots,
47 // httptest.NewTLSServer issues a cert for
48 // example.com / *.example.com regardless of the
49 // listener's actual hostname. Trust that name
50 // rather than the SNI the client used —
51 // production code would set ServerName=host.
52 ServerName: "example.com",
53 },
54 },
55 Timeout: 10 * time.Second,
56 }
57 resp, err := client.Do(req)
58 if err != nil {
59 http.Error(w, "upstream: "+err.Error(), http.StatusBadGateway)
60 return
61 }
62 defer func() { _ = resp.Body.Close() }()
63
64 for k, vs := range resp.Header {
65 for _, v := range vs {
66 w.Header().Add(k, v)
67 }
68 }
69 w.WriteHeader(resp.StatusCode)
70 _, _ = io.Copy(w, resp.Body)
71 }
72}
73
74// startMITMTestRig spins up:
75// - A fake "upstream" HTTPS server with a self-signed cert

Callers 3

startMITMTestRigFunction · 0.85
h2InterceptRigFunction · 0.85
http2_test.goFile · 0.85

Calls 7

AddMethod · 0.80
HeaderMethod · 0.80
StringMethod · 0.65
SetMethod · 0.65
CloseMethod · 0.65
ErrorMethod · 0.45
WriteHeaderMethod · 0.45

Tested by

no test coverage detected