From 2bdaf7b46ad9fc5e7a24196400c7acf1796a1aa5 Mon Sep 17 00:00:00 2001
From: Haruue <i@haruue.moe>
Date: Sun, 29 Dec 2024 13:58:12 +0900
Subject: [PATCH] feat: allow skip cert verify in masquerade.proxy

close: #1278

masquerade.proxy.insecureSkipVerify
---
 app/cmd/server.go        | 25 +++++++++++++++++++++++--
 app/cmd/server_test.go   |  5 +++--
 app/cmd/server_test.yaml |  1 +
 3 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/app/cmd/server.go b/app/cmd/server.go
index 1384dd8..2368c38 100644
--- a/app/cmd/server.go
+++ b/app/cmd/server.go
@@ -236,8 +236,9 @@ type serverConfigMasqueradeFile struct {
 }
 
 type serverConfigMasqueradeProxy struct {
-	URL         string `mapstructure:"url"`
-	RewriteHost bool   `mapstructure:"rewriteHost"`
+	URL                string `mapstructure:"url"`
+	RewriteHost        bool   `mapstructure:"rewriteHost"`
+	InsecureSkipVerify bool   `mapstructure:"insecureSkipVerify"`
 }
 
 type serverConfigMasqueradeString struct {
@@ -810,6 +811,25 @@ func (c *serverConfig) fillMasqHandler(hyConfig *server.Config) error {
 		if u.Scheme != "http" && u.Scheme != "https" {
 			return configError{Field: "masquerade.proxy.url", Err: fmt.Errorf("unsupported protocol scheme \"%s\"", u.Scheme)}
 		}
+		transport := http.DefaultTransport
+		if c.Masquerade.Proxy.InsecureSkipVerify {
+			transport = &http.Transport{
+				TLSClientConfig: &tls.Config{
+					InsecureSkipVerify: true,
+				},
+				// use default configs from http.DefaultTransport
+				Proxy: http.ProxyFromEnvironment,
+				DialContext: (&net.Dialer{
+					Timeout:   30 * time.Second,
+					KeepAlive: 30 * time.Second,
+				}).DialContext,
+				ForceAttemptHTTP2:     true,
+				MaxIdleConns:          100,
+				IdleConnTimeout:       90 * time.Second,
+				TLSHandshakeTimeout:   10 * time.Second,
+				ExpectContinueTimeout: 1 * time.Second,
+			}
+		}
 		handler = &httputil.ReverseProxy{
 			Rewrite: func(r *httputil.ProxyRequest) {
 				r.SetURL(u)
@@ -819,6 +839,7 @@ func (c *serverConfig) fillMasqHandler(hyConfig *server.Config) error {
 					r.Out.Host = r.In.Host
 				}
 			},
+			Transport: transport,
 			ErrorHandler: func(w http.ResponseWriter, r *http.Request, err error) {
 				logger.Error("HTTP reverse proxy error", zap.Error(err))
 				w.WriteHeader(http.StatusBadGateway)
diff --git a/app/cmd/server_test.go b/app/cmd/server_test.go
index bcf61c3..dd2c909 100644
--- a/app/cmd/server_test.go
+++ b/app/cmd/server_test.go
@@ -169,8 +169,9 @@ func TestServerConfig(t *testing.T) {
 				Dir: "/www/masq",
 			},
 			Proxy: serverConfigMasqueradeProxy{
-				URL:         "https://some.site.net",
-				RewriteHost: true,
+				URL:                "https://some.site.net",
+				RewriteHost:        true,
+				InsecureSkipVerify: true,
 			},
 			String: serverConfigMasqueradeString{
 				Content: "aint nothin here",
diff --git a/app/cmd/server_test.yaml b/app/cmd/server_test.yaml
index dda6d98..3d9a308 100644
--- a/app/cmd/server_test.yaml
+++ b/app/cmd/server_test.yaml
@@ -132,6 +132,7 @@ masquerade:
   proxy:
     url: https://some.site.net
     rewriteHost: true
+    insecureSkipVerify: true
   string:
     content: aint nothin here
     headers: