package main

import (
	"context"
	"crypto/tls"
	"crypto/x509"
	"fmt"
	"github.com/gin-gonic/gin"
	"io/ioutil"
	"net"
	"net/http"
	"net/http/httputil"
	"net/url"
	"time"
	"log"
)

var DialTimeout = 3
var ResponseHeaderTimeout  = 3

func main() {
	router := gin.Default()         //创建一个router
	router.Use(MiddleWare())        //中间件，起拦截器的作用
	router.Any("/*action", Forward) //所有请求都会经过Forward函数转发
	log.Fatal(router.Run(":8000"))
}

func Forward(c *gin.Context) {
	targetHost := &TargetHost{
		Host:    "192.168.1.101:8081",
		IsHttps: false,
		CAPath:  "****/*****.crt",
	}
	HostReverseProxy(c.Writer, c.Request, targetHost)
}
func HostReverseProxy(w http.ResponseWriter, req *http.Request, targetHost *TargetHost) {
	host := ""
	if targetHost.IsHttps {
		host = host + "https://"
	} else {
		host = host + "http://"
	}
	remote, err := url.Parse(host + targetHost.Host)
	if err != nil {
		fmt.Println(fmt.Errorf("err:%s", err))
		w.WriteHeader(http.StatusInternalServerError)
		return
	}
	proxy := httputil.NewSingleHostReverseProxy(remote)
	if targetHost.IsHttps {
		tlsConfig, err := GetVerTLSConfig(targetHost.CAPath)
		if err != nil {
			fmt.Println(fmt.Errorf("https crt error: %s", err))
			w.WriteHeader(http.StatusInternalServerError)
			return
		}
		var pTransport http.RoundTripper = &http.Transport{
			DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
				c, err := net.DialTimeout(network, addr, time.Second*time.Duration(DialTimeout))
				if err != nil {
					return nil, err
				}
				return c, nil
			},
			ResponseHeaderTimeout: time.Second * time.Duration(ResponseHeaderTimeout),
			TLSClientConfig:       tlsConfig,
		}
		proxy.Transport = pTransport
	}
	proxy.ServeHTTP(w, req)
}

type TargetHost struct {
	Host    string
	IsHttps bool
	CAPath  string
}

type Response struct {
	Code int
	Message string
}

var TlsConfig *tls.Config

func GetVerTLSConfig(CAPath string) (*tls.Config, error) {
	caData, err := ioutil.ReadFile(CAPath)
	if err != nil {
		fmt.Println("read wechat ca fail", err)
		return nil, err
	}
	pool := x509.NewCertPool()
	pool.AppendCertsFromPEM(caData)

	TlsConfig = &tls.Config{
		RootCAs: pool,
	}
	return TlsConfig, nil
}
func MiddleWare() gin.HandlerFunc {
	return func(c *gin.Context) {
		account := c.Request.Header.Get("ename") //从请求头中获取ename字段
		if account == "" {
			c.JSON(http.StatusOK, Response {
				Code:    400002,
				Message: "用户未登录",
			})
			c.Abort()
			return
		}
		fmt.Println("before middleware")
		c.Set("request", "clinet_request")
		c.Next()
		fmt.Println("before middleware")
	}
}

package main

import (
	"context"
	"crypto/tls"
	"crypto/x509"
	"fmt"
	"io/ioutil"
	"net"
	"net/http"
	"net/http/httputil"
	"net/url"
	"time"
	"log"
)

type TargetHost struct {
	Host    string
	IsHttps bool
	CAPath  string
}
var TlsConfig *tls.Config
var DialTimeout = 3
var ResponseHeaderTimeout  = 3

func main() {

	http.HandleFunc("/", Forward) // 处理所有链接
	log.Fatal(http.ListenAndServe(":8000", nil))
}

func Forward(w http.ResponseWriter, req *http.Request) {
	targetHost := &TargetHost{
		Host:    "192.168.1.101:8081",
		IsHttps: false,
		CAPath:  "****/*****.crt",
	}
	HostReverseProxy(w, req, targetHost)
}

func HostReverseProxy(w http.ResponseWriter, req *http.Request, targetHost *TargetHost) {
	host := ""
	if targetHost.IsHttps {
		host = host + "https://"
	} else {
		host = host + "http://"
	}
	remote, err := url.Parse(host + targetHost.Host)
	if err != nil {
		fmt.Println(fmt.Errorf("err:%s", err))
		w.WriteHeader(http.StatusInternalServerError)
		return
	}
	proxy := httputil.NewSingleHostReverseProxy(remote)
	if targetHost.IsHttps {
		tlsConfig, err := GetVerTLSConfig(targetHost.CAPath)
		if err != nil {
			fmt.Println(fmt.Errorf("https crt error: %s", err))
			w.WriteHeader(http.StatusInternalServerError)
			return
		}
		var pTransport http.RoundTripper = &http.Transport{
			DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
				c, err := net.DialTimeout(network, addr, time.Second*time.Duration(DialTimeout))
				if err != nil {
					return nil, err
				}
				return c, nil
			},
			ResponseHeaderTimeout: time.Second * time.Duration(ResponseHeaderTimeout),
			TLSClientConfig:       tlsConfig,
		}
		proxy.Transport = pTransport
	}
	proxy.ServeHTTP(w, req)
}

func GetVerTLSConfig(CAPath string) (*tls.Config, error) {
	caData, err := ioutil.ReadFile(CAPath)
	if err != nil {
		fmt.Println("read wechat ca fail", err)
		return nil, err
	}
	pool := x509.NewCertPool()
	pool.AppendCertsFromPEM(caData)

	TlsConfig = &tls.Config{
		RootCAs: pool,
	}
	return TlsConfig, nil
}

package main
import (
	"crypto/tls"
	"flag"
	"io"
	"log"
	"net"
	"net/http"
	"time"
)

//隧道
func handleTunneling(w http.ResponseWriter, r *http.Request) {
	host := "192.168.1.101:8888"
	dest_conn, err := net.DialTimeout("tcp", host, 10*time.Second)
	if err != nil {
		http.Error(w, err.Error(), http.StatusServiceUnavailable)
		return
	}
	w.WriteHeader(http.StatusOK)

	// 允许接管连接。之后由发起者负责管理该连接（HTTP 不再处理）
	hijacker, ok := w.(http.Hijacker)
	if !ok {
		http.Error(w, "Hijacking not supported", http.StatusInternalServerError)
		return
	}
	client_conn, _, err := hijacker.Hijack()
	if err != nil {
		http.Error(w, err.Error(), http.StatusServiceUnavailable)
	}

	// 启动隧道
	go transfer(dest_conn, client_conn)
	go transfer(client_conn, dest_conn)
}

func transfer(destination io.WriteCloser, source io.ReadCloser) {
	defer destination.Close()
	defer source.Close()
	io.Copy(destination, source)
}

func handleHTTP(w http.ResponseWriter, req *http.Request,scheme string) {
	req.URL.Scheme = scheme
	req.URL.Host = "192.168.1.101:8081"  // 目标服务器的地址

	resp, err := http.DefaultTransport.RoundTrip(req)
	if err != nil {
		http.Error(w, err.Error(), http.StatusServiceUnavailable)
		return
	}
	defer resp.Body.Close()
	copyHeader(w.Header(), resp.Header)
	w.WriteHeader(resp.StatusCode)
	io.Copy(w, resp.Body)
}

func copyHeader(dst, src http.Header) {
	for k, vv := range src {
		for _, v := range vv {
			dst.Add(k, v)
		}
	}
}

func main() {
	var pemPath string
	flag.StringVar(&pemPath, "pem", "server.pem", "path to pem file")
	var keyPath string
	flag.StringVar(&keyPath, "key", "server.key", "path to key file")
	var proto string
	flag.StringVar(&proto, "proto", "https", "Proxy protocol (http or https)")
	flag.Parse()
	if proto != "http" && proto != "https" {
		log.Fatal("Protocol must be either http or https")
	}
	server := &http.Server{
		Addr: ":8000",
		//ReadTimeout: 5 * time.Second,
		//WriteTimeout: 10 * time.Second,
		//ReadHeaderTimeout:10 * time.Second,
		Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			log.Println(r.Method)

			if r.Method == http.MethodConnect {
				handleTunneling(w, r)
			} else {
				handleHTTP(w, r, proto)
			}
		}),
		// Disable HTTP/2.
		TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler)),
	}
	if proto == "http" {
		log.Fatal(server.ListenAndServe())
	} else {
		log.Fatal(server.ListenAndServeTLS(pemPath, keyPath))
	}
}

package main

import (
	"log"
	"net/http"
	"net/http/httputil"
	"net/url"
)

//将request转发给 http://127.0.0.1:2003
func tranferHandler(w http.ResponseWriter, r *http.Request) {
	trueServer := "http://192.168.1.101:8081"
	url, err := url.Parse(trueServer)
	if err != nil {
		log.Println(err)
		return
	}
	proxy := httputil.NewSingleHostReverseProxy(url)
	proxy.ServeHTTP(w, r)
}

func main() {
	http.HandleFunc("/", tranferHandler)
	log.Fatal(http.ListenAndServe(":8000", nil))
}