Merge pull request #14 from saucelabs/alexh-sc-3812-add-basic-auth

SC-3812 Add basic auth

.github/workflows/go.yml

@@ -19,9 +19,9 @@ jobs:
           go-version: 1.17
 
       - name: Setup golangci-lint
-        uses: golangci/golangci-lint-action@v3.1.0
+        uses: golangci/golangci-lint-action@v3.2.0
         with:
-          version: v1.45.0
+          version: v1.46.2
           args: "--timeout 5m -v -c .golangci.yml"
 
       - name: Lint

.golangci.yml

@@ -15,6 +15,7 @@ linters:
     - testpackage
     - gochecknoglobals
     - exhaustivestruct
+    - exhaustruct
     - paralleltest
     - godox
     - cyclop
@@ -29,7 +30,7 @@ linters-settings:
     min-complexity: 40
 
   funlen:
-    lines: 200
+    lines: 220
     statements: 75
 
   nestif:

CHANGELOG.md

@@ -11,6 +11,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Load config from Config file, and from env vars. Use viper for that
 - Automatically alocates a random port, if the specified one is in-use
 
+## [0.3.0] - 2022-07-12
+## Changed
+- Added support for setting basic auth header via API, `--site-credentials` flag, or an env var
+
 ## [0.2.0] - 2022-05-30
 ## Changed
 - Upgraded goproxy library to the latest master

Makefile

@@ -32,6 +32,10 @@ endif
 test:
 	@go test -timeout 120s -short -v -race -cover -coverprofile=coverage.out ./...
 
+# If you hit too many open files: ulimit -Sn 10000
+bench:
+	@go test -bench=. -run=XXX ./pkg/proxy
+
 test-integration:
 	@FORWARDER_TEST_MODE=integration go test -timeout 120s -v -race -cover -coverprofile=coverage.out ./... && echo "Test OK"
 

README.md

@@ -1,7 +1,9 @@
 # forwarder
 
-`forwarder` provides a simple forward proxy. The proxy can be protected with basic auth. It can also forward connections to a parent proxy, and authorize connections against that.
-Both local, and parent credentials can be set via environment variables. For local proxy credential, set `PROXY_CREDENTIAL`. For remote proxy credential, set `PROXY_PARENT_CREDENTIAL`.
+`forwarder` provides a simple forward proxy. The proxy can be protected with basic auth.
+It can also forward connections to a parent proxy, and authorize connections against that.
+Both local, and parent credentials can be set via environment variables.
+For local proxy credential, set `FORWARDER_LOCALPROXY_AUTH`. For remote proxy credential, set `FORWARDER_UPSTREAMPROXY_AUTH`.
 
 ## Install
 

cmd/run.go

@@ -16,6 +16,8 @@ var (
 	localProxyURI    string
 	upstreamProxyURI string
 
+	siteCredentials []string
+
 	pacProxiesCredentials []string
 	pacURI                string
 
@@ -38,6 +40,7 @@ All credentials can be set via env vars:
 - Upstream proxy: FORWARDER_UPSTREAMPROXY_AUTH
 - PAC URI: PACMAN_AUTH
 - PAC proxies: PACMAN_PROXIES_AUTH
+- Target URLs: FORWARDER_SITE_CREDENTIALS
 
 Note: Can't setup upstream, and PAC at the same time.
 `,
@@ -46,10 +49,10 @@ Note: Can't setup upstream, and PAC at the same time.
 
   Start a proxy listening to http://0.0.0.0:8085:
   $ forwarder run -l "http://0.0.0.0:8085"
-  
+
   Start a protected proxy:
   $ forwarder run -l "http://user:pwd@localhost:8085"
-  
+
   Start a protected proxy, forwarding connection to an upstream proxy running at
   http://localhost:8089:
   $ forwarder run \
@@ -61,19 +64,19 @@ Note: Can't setup upstream, and PAC at the same time.
   $ forwarder run \
     -l "http://user:pwd@localhost:8085" \
     -u "http://user1:pwd1@localhost:8089"
-	
+
   Start a protected proxy, forwarding connection to an upstream proxy, setup via
   PAC - server running at http://localhost:8090:
   $ forwarder run \
     -l "http://user:pwd@localhost:8085" \
     -p "http://localhost:8090"
-	
+
   Start a protected proxy, forwarding connection to an upstream proxy, setup via
   PAC - protected server running at http://user2:pwd2@localhost:8090:
   $ forwarder run \
     -l "http://user:pwd@localhost:8085" \
     -p "http://user2:pwd2@localhost:8090"
-	
+
   Start a protected proxy, forwarding connection to an upstream proxy, setup via
   PAC - protected server running at http://user2:pwd2@localhost:8090, specifying
   credential for protected proxies specified in PAC:
@@ -91,6 +94,13 @@ Note: Can't setup upstream, and PAC at the same time.
     -l "http://user:pwd@localhost:8085" \
     -p "http://user2:pwd2@localhost:8090" \
 	  -d "http://user3:pwd4@localhost:8091,http://user4:pwd5@localhost:8092"
+
+  Start a protected proxy that adds basic auth header to requests to foo.bar:8090
+  and qux.baz:80.
+  $ forwarder run \
+    -t \
+    -l "http://user:pwd@localhost:8085" \
+	--site-credentials "user1:[email protected]:8090,user2:pwd2@qux:baz:80"
 	`,
 	Run: func(cmd *cobra.Command, args []string) {
 		p, err := proxy.New(localProxyURI, upstreamProxyURI, pacURI, pacProxiesCredentials, &proxy.Options{
@@ -103,6 +113,7 @@ Note: Can't setup upstream, and PAC at the same time.
 			AutomaticallyRetryPort: automaticallyRetryPort,
 			DNSURIs:                dnsURIs,
 			ProxyLocalhost:         proxyLocalhost,
+			SiteCredentials:        siteCredentials,
 		})
 		if err != nil {
 			cliLogger.Fatalln(customerror.NewFailedToError("run", customerror.WithError(err)))
@@ -115,11 +126,12 @@ Note: Can't setup upstream, and PAC at the same time.
 func init() {
 	rootCmd.AddCommand(runCmd)
 
-	runCmd.Flags().StringVarP(&localProxyURI, "local-proxy-uri", "l", "http://localhost:8080", "Sets local proxy URI")
+	runCmd.Flags().StringVarP(&localProxyURI, "local-proxy-uri", "l", "http://localhost:8080", "sets local proxy URI")
 	runCmd.Flags().StringVarP(&upstreamProxyURI, "upstream-proxy-uri", "u", "", "sets upstream proxy URI")
 	runCmd.Flags().StringSliceVarP(&dnsURIs, "dns-uri", "n", nil, "sets dns URI")
 	runCmd.Flags().StringVarP(&pacURI, "pac-uri", "p", "", "sets URI to PAC content, or directly, the PAC content")
 	runCmd.Flags().StringSliceVarP(&pacProxiesCredentials, "pac-proxies-credentials", "d", nil, "sets PAC proxies credentials using standard URI format")
+	runCmd.Flags().StringSliceVar(&siteCredentials, "site-credentials", nil, "sets site based credentials")
 	runCmd.Flags().BoolVarP(&proxyLocalhost, "proxy-localhost", "t", false, "if set, will proxy localhost requests to an upstream proxy - if any")
 	runCmd.Flags().BoolVarP(&automaticallyRetryPort, "find-port", "r", true, "if set, and the specified local proxy port is in-use, it will find, and use an available one")
 }

go.mod

@@ -7,15 +7,18 @@ require (
 	github.com/elazarl/goproxy v0.0.0-20220529153421-8ea89ba92021
 	github.com/elazarl/goproxy/ext v0.0.0-20220529153421-8ea89ba92021
 	github.com/go-playground/validator/v10 v10.11.0
+	github.com/google/go-cmp v0.5.6
 	github.com/saucelabs/customerror v1.0.3
 	github.com/saucelabs/pacman v0.1.1
 	github.com/saucelabs/randomness v0.0.5
 	github.com/saucelabs/sypl v1.5.12
 	github.com/spf13/cobra v1.3.0
+	github.com/stretchr/testify v1.8.0
 )
 
 require (
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dlclark/regexp2 v1.4.1-0.20201116162257-a2a8dda75c91 // indirect
 	github.com/dop251/goja v0.0.0-20220516123900-4418d4575a41 // indirect
 	github.com/emirpasic/gods v1.12.0 // indirect
@@ -28,10 +31,12 @@ require (
 	github.com/leodido/go-urn v1.2.1 // indirect
 	github.com/mattn/go-colorable v0.1.12 // indirect
 	github.com/mattn/go-isatty v0.0.14 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/saucelabs/lumberjack/v3 v3.0.2 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	golang.org/x/crypto v0.0.0-20220214200702-86341886e292 // indirect
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
 	golang.org/x/sys v0.0.0-20220209214540-3681064d5158 // indirect
 	golang.org/x/text v0.3.7 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 )