-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathmiddlewares.go
More file actions
67 lines (60 loc) · 2.28 KB
/
middlewares.go
File metadata and controls
67 lines (60 loc) · 2.28 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
package ja4plus
import (
"context"
"crypto/tls"
"net"
"net/http"
"sync"
)
// JA4Middleware is a helper to plug the JA4 fingerprinting into your HTTP server.
// It only exists because there is no direct way to pass information from the TLS handshake to the HTTP handler.
// Usage:
//
// ja4middleware := ja4plus.JA4Middleware{}
// srv := http.Server{
// Handler: ja4middleware.Wrap(...),
// TLSConfig: &tls.Config{
// GetConfigForClient: func(chi *tls.ClientHelloInfo) (*tls.Config, error) {
// ja4middleware.StoreFingerprintFromClientHello(chi)
// return nil, nil
// },
// },
// ConnState: ja4middleware.ConnStateCallback,
// }
// srv.ListenAndServeTLS("cert.pem", "key.pem")
//
// Afterwards the fingerprint can be accessed via [JA4FromContext]
type JA4Middleware struct {
connectionFingerprints sync.Map
}
// StoreFingerprintFromClientHello stores the JA4 fingerprint of the provided [tls.ClientHelloInfo] in the middleware.
func (m *JA4Middleware) StoreFingerprintFromClientHello(hello *tls.ClientHelloInfo) {
m.connectionFingerprints.Store(hello.Conn.RemoteAddr().String(), JA4(hello))
}
// ConnStateCallback is a callback that should be set as the [http.Server]'s ConnState to clean up the fingerprint cache.
func (m *JA4Middleware) ConnStateCallback(conn net.Conn, state http.ConnState) {
switch state {
case http.StateClosed, http.StateHijacked:
m.connectionFingerprints.Delete(conn.RemoteAddr().String())
}
}
type ja4FingerprintCtxKey struct{}
// Wrap wraps the provided [http.Handler] and injects the JA4 fingerprint into the [http.Request.Context].
// It requires a server set up with [JA4Middleware] to work.
func (m *JA4Middleware) Wrap(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
if cacheEntry, _ := m.connectionFingerprints.Load(r.RemoteAddr); cacheEntry != nil {
ctx = context.WithValue(ctx, ja4FingerprintCtxKey{}, cacheEntry.(string))
}
next.ServeHTTP(w, r.WithContext(ctx))
})
}
// JA4FromContext extracts the JA4 fingerprint from the provided [http.Request.Context].
// It requires a server set up with [JA4Middleware] to work.
func JA4FromContext(ctx context.Context) string {
if fingerprint, ok := ctx.Value(ja4FingerprintCtxKey{}).(string); ok {
return fingerprint
}
return ""
}