From 251f0e04834e14f6f778efabb1a30416732e9352 Mon Sep 17 00:00:00 2001
From: Hatter Jiang <jht5945@gmail.com>
Date: Sat, 30 Mar 2024 16:32:59 +0800
Subject: [PATCH] feat: v0.2.0-rc

---
 README.md         | 27 +++++++++++++++++++++++++--
 proxy_config.json |  2 +-
 src/app.rs        | 32 +++++++++++++++++++++++++-------
 src/main.rs       |  8 ++++----
 4 files changed, 55 insertions(+), 14 deletions(-)

diff --git a/README.md b/README.md
index a9e1b04..e0e3b7b 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,30 @@
 # proxy-inspector
 
-TODOs
+`proxy_config.json` sample config:
 
-* Dynamic issue certificate
+```json
+{
+  "groups": [
+    {
+      "port": 443,
+      "lookup_dns": true,
+      "tls": {
+        "intermediate_cert": "intermediate_cert.pem",
+        "intermediate_key": "intermediate_pri_key.pem"
+      },
+      "proxy_map": {
+        "hatter.ink": {
+          "address": "101.132.122.240:443",
+          "tls": true
+        }
+      }
+    }
+  ]
+}
+```
 
+Important
 
+* intermediate certificate only tested ECDSA(P384) with SHA384
+* P384 with SHA256 is NOT supported
+* P256 with SHA256 should be supported, but not tested 
diff --git a/proxy_config.json b/proxy_config.json
index f9dd51f..486ed01 100644
--- a/proxy_config.json
+++ b/proxy_config.json
@@ -1,7 +1,7 @@
 {
   "groups": [
     {
-      "port": 4430,
+      "port": 443,
       "lookup_dns": true,
       "tls": {
         "intermediate_cert": "__ignore_intermediate_cert.pem",
diff --git a/src/app.rs b/src/app.rs
index d09a69e..e48bfd5 100644
--- a/src/app.rs
+++ b/src/app.rs
@@ -1,3 +1,5 @@
+use std::collections::HashMap;
+
 use async_trait::async_trait;
 use base64::Engine;
 use base64::engine::general_purpose::STANDARD;
@@ -6,6 +8,7 @@ use http::{HeaderMap, HeaderName, HeaderValue};
 use pingora::{Error, ErrorType};
 use pingora::http::ResponseHeader;
 use pingora::prelude::{HttpPeer, ProxyHttp, Result, Session};
+use tokio::sync::RwLock;
 use trust_dns_resolver::config::{ResolverConfig, ResolverOpts};
 use trust_dns_resolver::proto::rr::RData;
 use trust_dns_resolver::TokioAsyncResolver;
@@ -17,6 +20,7 @@ pub struct ProxyApp {
     lookup_dns: bool,
     host_configs: Vec<HostConfig>,
     tokio_async_resolver: TokioAsyncResolver,
+    dns_resolver_cache_map: RwLock<HashMap<String, String>>,
 }
 
 impl ProxyApp {
@@ -30,29 +34,43 @@ impl ProxyApp {
             lookup_dns,
             host_configs,
             tokio_async_resolver,
+            dns_resolver_cache_map: Default::default(),
         }
     }
 
     // just only support IPv4
     async fn lookup_ipv4(&self, hostname: &str) -> Option<String> {
+        {
+            if let Some(ipv4_address) = self.dns_resolver_cache_map.read().await.get(hostname) {
+                log::info!("DNS cached {} --> {}", hostname, ipv4_address);
+                return Some(ipv4_address.to_string());
+            }
+        }
         let ips = self.tokio_async_resolver.ipv4_lookup(hostname).await;
-        log::debug!("lookup {} --> {:#?}", hostname, ips);
+        log::debug!("DNS lookup {} --> {:#?}", hostname, ips);
         match ips {
             Ok(ips) => {
                 let records = ips.as_lookup().records();
-                if records.len() > 0 {
-                    let record = &records[0];
+                for record in records {
                     if let Some(rdata) = record.data() {
                         match rdata {
                             RData::A(a) => {
-                                return Some(a.0.to_string());
+                                let ipv4_address = a.0.to_string();
+                                {
+                                    self.dns_resolver_cache_map.write().await
+                                        .insert(hostname.to_string(), ipv4_address.clone());
+                                }
+                                log::info!("DNS found {} --> {}", hostname, ipv4_address);
+                                return Some(ipv4_address);
                             }
                             _ => {}
                         }
                     }
                 }
             }
-            Err(_) => {}
+            Err(e) => {
+                log::error!("DNS lookup: {} failed: {}", hostname, e);
+            }
         }
         None
     }
@@ -103,7 +121,7 @@ impl ProxyHttp for ProxyApp {
                 host_config.proxy_tls,
                 host_config.proxy_hostname.clone(),
             );
-            log::info!("Find peer: {} --> {:?}", hostname, host_config.proxy_addr);
+            log::info!("Find peer: {} --> {}", hostname, host_config.proxy_addr);
             return Ok(Box::new(peer));
         }
 
@@ -115,7 +133,7 @@ impl ProxyHttp for ProxyApp {
                     self.tls,
                     hostname.to_string(),
                 );
-                log::info!("Find peer: {} --> {:?}", hostname, peer_addr);
+                log::info!("Generate peer: {} --> {}", hostname, peer_addr);
                 return Ok(Box::new(peer));
             }
         }
diff --git a/src/main.rs b/src/main.rs
index bee1e77..5fdd246 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -48,15 +48,15 @@ fn build_services(server: &Server, proxy_config: &ProxyConfig) -> Vec<Box<dyn Se
     for group in &proxy_config.groups {
         let listen_address = format!("0.0.0.0:{}", group.port);
         let host_configs = build_host_configs(group);
-        let lookup_tls = group.lookup_dns.unwrap_or(false);
-        log::info!("Listen at: {}, tls: {}, lookup_tls: {}", listen_address, group.tls.is_some(), lookup_tls);
+        let lookup_dns = group.lookup_dns.unwrap_or(false);
+        log::info!("Listen at: {}, tls: {}, lookup_dns: {}", listen_address, group.tls.is_some(), lookup_dns);
 
         match &group.tls {
             None => {
                 services.push(Box::new(service::proxy_service_tcp(
                     &server.configuration,
                     &listen_address,
-                    lookup_tls,
+                    lookup_dns,
                     host_configs,
                 )));
             }
@@ -64,7 +64,7 @@ fn build_services(server: &Server, proxy_config: &ProxyConfig) -> Vec<Box<dyn Se
                 services.push(Box::new(service::proxy_service_tls(
                     &server.configuration,
                     &listen_address,
-                    lookup_tls,
+                    lookup_dns,
                     &proxy_tls,
                     host_configs,
                 )));