/
server.go
144 lines (118 loc) · 3.51 KB
/
server.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
// Package proxy provides an http server to act as a signing proxy for SDKs calling AWS X-Ray APIs
package proxy
import (
"bytes"
"errors"
"fmt"
"io"
"io/ioutil"
"net"
"net/http"
"net/http/httputil"
"net/url"
"os"
"time"
"github.com/aws/aws-sdk-go/aws/endpoints"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/aws/signer/v4"
"github.com/aws/aws-xray-daemon/daemon/cfg"
"github.com/aws/aws-xray-daemon/daemon/conn"
log "github.com/cihub/seelog"
)
const service = "xray"
const connHeader = "Connection"
// Server represents HTTP server.
type Server struct {
*http.Server
}
// NewServer returns a proxy server listening on the given address.
// Requests are forwarded to the endpoint in the given config.
// Requests are signed using credentials from the given config.
func NewServer(cfg *cfg.Config, awsCfg *aws.Config, sess *session.Session) (*Server, error) {
_, err := net.ResolveTCPAddr("tcp", cfg.Socket.TCPAddress)
if err != nil {
log.Errorf("%v", err)
os.Exit(1)
}
endPoint, er := getServiceEndpoint(awsCfg)
if er != nil {
return nil, fmt.Errorf("%v", er)
}
// Parse url from endpoint
url, err := url.Parse(endPoint)
if err != nil {
return nil, fmt.Errorf("unable to parse xray endpoint: %v", err)
}
signer := &v4.Signer{
Credentials: sess.Config.Credentials,
}
transport := conn.ProxyServerTransport(cfg)
// Reverse proxy handler
handler := &httputil.ReverseProxy{
Transport: transport,
// Handler for modifying and forwarding requests
Director: func(req *http.Request) {
// Remove connection header before signing request, otherwise the
// reverse-proxy will remove the header before forwarding to X-Ray
// resulting in a signed header being missing from the request.
req.Header.Del(connHeader)
// Set req url to xray endpoint
req.URL.Scheme = url.Scheme
req.URL.Host = url.Host
req.Host = url.Host
// Consume body and convert to io.ReadSeeker for signer to consume
body, err := consume(req.Body)
if err != nil {
log.Errorf("Unable to consume request body: %v", err)
// Forward unsigned request
return
}
// Sign request. signer.Sign() also repopulates the request body.
_, err = signer.Sign(req, body, service, *awsCfg.Region, time.Now())
if err != nil {
log.Errorf("Unable to sign request: %v", err)
}
},
}
server := &http.Server{
Addr: cfg.Socket.TCPAddress,
Handler: handler,
}
p := &Server{server}
return p, nil
}
// consume readsAll() the body and creates a new io.ReadSeeker from the content. v4.Signer
// requires an io.ReadSeeker to be able to sign requests. May return a nil io.ReadSeeker.
func consume(body io.ReadCloser) (io.ReadSeeker, error) {
var buf []byte
// Return nil ReadSeeker if body is nil
if body == nil {
return nil, nil
}
// Consume body
buf, err := ioutil.ReadAll(body)
if err != nil {
return nil, err
}
return bytes.NewReader(buf), nil
}
// Serve starts server.
func (s *Server) Serve() {
log.Infof("Starting proxy http server on %s", s.Addr)
s.ListenAndServe()
}
// Close stops server.
func (s *Server) Close() {
s.Server.Close()
}
func getServiceEndpoint(awsCfg *aws.Config) (string, error) {
if awsCfg.Endpoint == nil || *awsCfg.Endpoint == "" {
if awsCfg.Region == nil || *awsCfg.Region == "" {
return "", errors.New("unable to generate endpoint from region with nil value")
}
resolved, err := endpoints.DefaultResolver().EndpointFor(service, *awsCfg.Region)
return resolved.URL, err
}
return *awsCfg.Endpoint, nil
}