// Copyright 2012 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
//go:build !cmd_go_bootstrap
// This code is compiled into the real 'go' binary, but it is not
// compiled into the binary that is built during all.bash, so as
// to avoid needing to build net (and thus use cgo) during the
// bootstrap process.
package web
import (
"crypto/tls"
"errors"
"fmt"
"io"
"mime"
"net"
"net/http"
urlpkg "net/url"
"os"
"strings"
"time"
"cmd/go/internal/auth"
"cmd/go/internal/base"
"cmd/go/internal/cfg"
"cmd/go/internal/web/intercept"
"cmd/internal/browser"
)
// impatientInsecureHTTPClient is used with GOINSECURE,
// when we're connecting to https servers that might not be there
// or might be using self-signed certificates.
var impatientInsecureHTTPClient = &http.Client{
CheckRedirect: checkRedirect,
Timeout: 5 * time.Second,
Transport: &http.Transport{
Proxy: http.ProxyFromEnvironment,
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
},
},
}
var securityPreservingDefaultClient = securityPreservingHTTPClient(http.DefaultClient)
// securityPreservingHTTPClient returns a client that is like the original
// but rejects redirects to plain-HTTP URLs if the original URL was secure.
func securityPreservingHTTPClient(original *http.Client) *http.Client {
c := new(http.Client)
*c = *original
c.CheckRedirect = func(req *http.Request, via []*http.Request) error {
if len(via) > 0 && via[0].URL.Scheme == "https" && req.URL.Scheme != "https" {
lastHop := via[len(via)-1].URL
return fmt.Errorf("redirected from secure URL %s to insecure URL %s", lastHop, req.URL)
}
return checkRedirect(req, via)
}
return c
}
func checkRedirect(req *http.Request, via []*http.Request) error {
// Go's http.DefaultClient allows 10 redirects before returning an error.
// Mimic that behavior here.
if len(via) >= 10 {
return errors.New("stopped after 10 redirects")
}
intercept.Request(req)
return nil
}
func get(security SecurityMode, url *urlpkg.URL) (*Response, error) {
start := time.Now()
if url.Scheme == "file" {
return getFile(url)
}
if intercept.TestHooksEnabled {
switch url.Host {
case "proxy.golang.org":
if os.Getenv("TESTGOPROXY404") == "1" {
res := &Response{
URL: url.Redacted(),
Status: "404 testing",
StatusCode: 404,
Header: make(map[string][]string),
Body: http.NoBody,
}
if cfg.BuildX {
fmt.Fprintf(os.Stderr, "# get %s: %v (%.3fs)\n", url.Redacted(), res.Status, time.Since(start).Seconds())
}
return res, nil
}
case "localhost.localdev":
return nil, fmt.Errorf("no such host localhost.localdev")
default:
if os.Getenv("TESTGONETWORK") == "panic" {
if _, ok := intercept.URL(url); !ok {
host := url.Host
if h, _, err := net.SplitHostPort(url.Host); err == nil && h != "" {
host = h
}
addr := net.ParseIP(host)
if addr == nil || (!addr.IsLoopback() && !addr.IsUnspecified()) {
panic("use of network: " + url.String())
}
}
}
}
}
fetch := func(url *urlpkg.URL) (*http.Response, error) {
// Note: The -v build flag does not mean "print logging information",
// despite its historical misuse for this in GOPATH-based go get.
// We print extra logging in -x mode instead, which traces what
// commands are executed.
if cfg.BuildX {
fmt.Fprintf(os.Stderr, "# get %s\n", url.Redacted())
}
req, err := http.NewRequest("GET", url.String(), nil)
if err != nil {
return nil, err
}
t, intercepted := intercept.URL(req.URL)
var client *http.Client
if security == Insecure && url.Scheme == "https" {
client = impatientInsecureHTTPClient
} else if intercepted && t.Client != nil {
client = securityPreservingHTTPClient(t.Client)
} else {
client = securityPreservingDefaultClient
}
if url.Scheme == "https" {
// Use initial GOAUTH credentials.
auth.AddCredentials(client, req, nil, "")
}
if intercepted {
req.Host = req.URL.Host
req.URL.Host = t.ToHost
}
release, err := base.AcquireNet()
if err != nil {
return nil, err
}
defer func() {
if err != nil && release != nil {
release()
}
}()
res, err := client.Do(req)
// If the initial request fails with a 4xx client error and the
// response body didn't satisfy the request
// (e.g. a valid <meta name="go-import"> tag),
// retry the request with credentials obtained by invoking GOAUTH
// with the request URL.
if url.Scheme == "https" && err == nil && res.StatusCode >= 400 && res.StatusCode < 500 {
// Close the body of the previous response since we
// are discarding it and creating a new one.
res.Body.Close()
req, err = http.NewRequest("GET", url.String(), nil)
if err != nil {
return nil, err
}
auth.AddCredentials(client, req, res, url.String())
intercept.Request(req)
res, err = client.Do(req)
}
if err != nil {
// Per the docs for [net/http.Client.Do], “On error, any Response can be
// ignored. A non-nil Response with a non-nil error only occurs when
// CheckRedirect fails, and even then the returned Response.Body is
// already closed.”
return nil, err
}
// “If the returned error is nil, the Response will contain a non-nil Body
// which the user is expected to close.”
body := res.Body
res.Body = hookCloser{
ReadCloser: body,
afterClose: release,
}
return res, nil
}
var (
fetched *urlpkg.URL
res *http.Response
err error
)
if url.Scheme == "" || url.Scheme == "https" {
secure := new(urlpkg.URL)
*secure = *url
secure.Scheme = "https"
res, err = fetch(secure)
if err == nil {
fetched = secure
} else {
if cfg.BuildX {
fmt.Fprintf(os.Stderr, "# get %s: %v\n", secure.Redacted(), err)
}
if security != Insecure || url.Scheme == "https" {
// HTTPS failed, and we can't fall back to plain HTTP.
// Report the error from the HTTPS attempt.
return nil, err
}
}
}
if res == nil {
switch url.Scheme {
case "http":
if security == SecureOnly {
if cfg.BuildX {
fmt.Fprintf(os.Stderr, "# get %s: insecure\n", url.Redacted())
}
return nil, fmt.Errorf("insecure URL: %s", url.Redacted())
}
case "":
if security != Insecure {
panic("should have returned after HTTPS failure")
}
default:
if cfg.BuildX {
fmt.Fprintf(os.Stderr, "# get %s: unsupported\n", url.Redacted())
}
return nil, fmt.Errorf("unsupported scheme: %s", url.Redacted())
}
insecure := new(urlpkg.URL)
*insecure = *url
insecure.Scheme = "http"
if insecure.User != nil && security != Insecure {
if cfg.BuildX {
fmt.Fprintf(os.Stderr, "# get %s: insecure credentials\n", insecure.Redacted())
}
return nil, fmt.Errorf("refusing to pass credentials to insecure URL: %s", insecure.Redacted())
}
res, err = fetch(insecure)
if err == nil {
fetched = insecure
} else {
if cfg.BuildX {
fmt.Fprintf(os.Stderr, "# get %s: %v\n", insecure.Redacted(), err)
}
// HTTP failed, and we already tried HTTPS if applicable.
// Report the error from the HTTP attempt.
return nil, err
}
}
// Note: accepting a non-200 OK here, so people can serve a
// meta import in their http 404 page.
if cfg.BuildX {
fmt.Fprintf(os.Stderr, "# get %s: %v (%.3fs)\n", fetched.Redacted(), res.Status, time.Since(start).Seconds())
}
r := &Response{
URL: fetched.Redacted(),
Status: res.Status,
StatusCode: res.StatusCode,
Header: map[string][]string(res.Header),
Body: res.Body,
}
if res.StatusCode != http.StatusOK {
contentType := res.Header.Get("Content-Type")
if mediaType, params, _ := mime.ParseMediaType(contentType); mediaType == "text/plain" {
switch charset := strings.ToLower(params["charset"]); charset {
case "us-ascii", "utf-8", "":
// Body claims to be plain text in UTF-8 or a subset thereof.
// Try to extract a useful error message from it.
r.errorDetail.r = res.Body
r.Body = &r.errorDetail
}
}
}
return r, nil
}
func getFile(u *urlpkg.URL) (*Response, error) {
path, err := urlToFilePath(u)
if err != nil {
return nil, err
}
f, err := os.Open(path)
if os.IsNotExist(err) {
return &Response{
URL: u.Redacted(),
Status: http.StatusText(http.StatusNotFound),
StatusCode: http.StatusNotFound,
Body: http.NoBody,
fileErr: err,
}, nil
}
if os.IsPermission(err) {
return &Response{
URL: u.Redacted(),
Status: http.StatusText(http.StatusForbidden),
StatusCode: http.StatusForbidden,
Body: http.NoBody,
fileErr: err,
}, nil
}
if err != nil {
return nil, err
}
return &Response{
URL: u.Redacted(),
Status: http.StatusText(http.StatusOK),
StatusCode: http.StatusOK,
Body: f,
}, nil
}
func openBrowser(url string) bool { return browser.Open(url) }
func isLocalHost(u *urlpkg.URL) bool {
// VCSTestRepoURL itself is secure, and it may redirect requests to other
// ports (such as a port serving the "svn" protocol) which should also be
// considered secure.
host, _, err := net.SplitHostPort(u.Host)
if err != nil {
host = u.Host
}
if host == "localhost" {
return true
}
if ip := net.ParseIP(host); ip != nil && ip.IsLoopback() {
return true
}
return false
}
type hookCloser struct {
io.ReadCloser
afterClose func()
}
func (c hookCloser) Close() error {
err := c.ReadCloser.Close()
c.afterClose()
return err
}