fix(auth): Vector does not put the Proxy-Authorization header on the wire (#17353) (#17363)

syedriko · web-flow · commit 6705bdde058b · 2023-06-20T19:30:41.000Z
fix(auth): Vector does not put the Proxy-Authorization header on the wire (#17353) closes: #17353
diff --git a/lib/vector-core/src/config/proxy.rs b/lib/vector-core/src/config/proxy.rs
@@ -201,7 +201,12 @@ impl ProxyConfig {
 mod tests {
     use base64::prelude::{Engine as _, BASE64_STANDARD};
     use env_test_util::TempEnvVar;
-    use http::{HeaderValue, Uri};
+    use http::{
+        header::{AUTHORIZATION, PROXY_AUTHORIZATION},
+        HeaderName, HeaderValue, Uri,
+    };
+
+    const PROXY_HEADERS: [HeaderName; 2] = [AUTHORIZATION, PROXY_AUTHORIZATION];
 
     use super::*;
 
@@ -341,20 +346,18 @@ mod tests {
             Some(first.uri()),
             Uri::try_from("http://user:pass@1.2.3.4:5678").as_ref().ok()
         );
-        assert_eq!(
-            first.headers().get("authorization"),
-            expected_header_value.as_ref().ok()
-        );
+        for h in &PROXY_HEADERS {
+            assert_eq!(first.headers().get(h), expected_header_value.as_ref().ok());
+        }
         assert_eq!(
             Some(second.uri()),
             Uri::try_from("https://user:pass@2.3.4.5:9876")
                 .as_ref()
                 .ok()
         );
-        assert_eq!(
-            second.headers().get("authorization"),
-            expected_header_value.as_ref().ok()
-        );
+        for h in &PROXY_HEADERS {
+            assert_eq!(second.headers().get(h), expected_header_value.as_ref().ok());
+        }
     }
 
     #[ignore]
@@ -371,10 +374,8 @@ mod tests {
             .expect("should not be None");
         let encoded_header = format!("Basic {}", BASE64_STANDARD.encode("user:P@ssw0rd"));
         let expected_header_value = HeaderValue::from_str(encoded_header.as_str());
-
-        assert_eq!(
-            first.headers().get("authorization"),
-            expected_header_value.as_ref().ok()
-        );
+        for h in &PROXY_HEADERS {
+            assert_eq!(first.headers().get(h), expected_header_value.as_ref().ok());
+        }
     }
 }
diff --git a/src/http.rs b/src/http.rs
@@ -53,10 +53,12 @@ impl HttpError {
 }
 
 pub type HttpClientFuture = <HttpClient as Service<http::Request<Body>>>::Future;
+type HttpProxyConnector = ProxyConnector<HttpsConnector<HttpConnector>>;
 
 pub struct HttpClient<B = Body> {
-    client: Client<ProxyConnector<HttpsConnector<HttpConnector>>, B>,
+    client: Client<HttpProxyConnector, B>,
     user_agent: HeaderValue,
+    proxy_connector: HttpProxyConnector,
 }
 
 impl<B> HttpClient<B>
@@ -77,14 +79,18 @@ where
         proxy_config: &ProxyConfig,
         client_builder: &mut client::Builder,
     ) -> Result<HttpClient<B>, HttpError> {
-        let proxy = build_proxy_connector(tls_settings.into(), proxy_config)?;
-        let client = client_builder.build(proxy);
+        let proxy_connector = build_proxy_connector(tls_settings.into(), proxy_config)?;
+        let client = client_builder.build(proxy_connector.clone());
 
         let version = crate::get_version();
         let user_agent = HeaderValue::from_str(&format!("Vector/{}", version))
             .expect("Invalid header value for version!");
 
-        Ok(HttpClient { client, user_agent })
+        Ok(HttpClient {
+            client,
+            user_agent,
+            proxy_connector,
+        })
     }
 
     pub fn send(
@@ -95,6 +101,7 @@ where
         let _enter = span.enter();
 
         default_request_headers(&mut request, &self.user_agent);
+        self.maybe_add_proxy_headers(&mut request);
 
         emit!(http_client::AboutToSendHttpRequest { request: &request });
 
@@ -135,6 +142,17 @@ where
 
         Box::pin(fut)
     }
+
+    fn maybe_add_proxy_headers(&self, request: &mut Request<B>) {
+        if let Some(proxy_headers) = self.proxy_connector.http_headers(request.uri()) {
+            for (k, v) in proxy_headers {
+                let request_headers = request.headers_mut();
+                if !request_headers.contains_key(k) {
+                    request_headers.insert(k, v.into());
+                }
+            }
+        }
+    }
 }
 
 pub fn build_proxy_connector(
@@ -216,6 +234,7 @@ impl<B> Clone for HttpClient<B> {
         Self {
             client: self.client.clone(),
             user_agent: self.user_agent.clone(),
+            proxy_connector: self.proxy_connector.clone(),
         }
     }
 }
