From 1d7ef180f9c88a301ee446ac013ca49f79339150 Mon Sep 17 00:00:00 2001
From: Clayton Burlison <git@clburlison.com>
Date: Sat, 6 Mar 2021 09:38:09 -0600
Subject: [PATCH] fix: Basic auth fixed

1. BasicConnect handler was preventing other
handlers from running
2. Basic was trying to authenticate connection
that was already authenticated by BasicConnect
---
 ctx.go            | 2 ++
 ext/auth/basic.go | 8 +++++---
 https.go          | 2 +-
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/ctx.go b/ctx.go
index b372f7d4..5f606330 100644
--- a/ctx.go
+++ b/ctx.go
@@ -23,6 +23,8 @@ type ProxyCtx struct {
 	Session   int64
 	certStore CertStorage
 	Proxy     *ProxyHttpServer
+	// Will prevent second authentication on the already authenticated requests
+	Authenticated bool
 }
 
 type RoundTripper interface {
diff --git a/ext/auth/basic.go b/ext/auth/basic.go
index a433f2d0..7abb5e84 100644
--- a/ext/auth/basic.go
+++ b/ext/auth/basic.go
@@ -52,9 +52,10 @@ func auth(req *http.Request, f func(user, passwd string) bool) bool {
 // You probably want to use auth.ProxyBasic(proxy) to enable authentication for all proxy activities
 func Basic(realm string, f func(user, passwd string) bool) goproxy.ReqHandler {
 	return goproxy.FuncReqHandler(func(req *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response) {
-		if !auth(req, f) {
+		if !ctx.Authenticated && !auth(req, f) {
 			return nil, BasicUnauthorized(req, realm)
 		}
+		ctx.Authenticated = true
 		return req, nil
 	})
 }
@@ -64,11 +65,12 @@ func Basic(realm string, f func(user, passwd string) bool) goproxy.ReqHandler {
 // You probably want to use auth.ProxyBasic(proxy) to enable authentication for all proxy activities
 func BasicConnect(realm string, f func(user, passwd string) bool) goproxy.HttpsHandler {
 	return goproxy.FuncHttpsHandler(func(host string, ctx *goproxy.ProxyCtx) (*goproxy.ConnectAction, string) {
-		if !auth(ctx.Req, f) {
+		if !ctx.Authenticated && !auth(ctx.Req, f) {
 			ctx.Resp = BasicUnauthorized(ctx.Req, realm)
 			return goproxy.RejectConnect, host
 		}
-		return goproxy.OkConnect, host
+		ctx.Authenticated = true
+		return nil, host
 	})
 }
 
diff --git a/https.go b/https.go
index 6fcf17a9..42a8327a 100644
--- a/https.go
+++ b/https.go
@@ -198,7 +198,7 @@ func (proxy *ProxyHttpServer) handleHttps(w http.ResponseWriter, r *http.Request
 			clientTlsReader := bufio.NewReader(rawClientTls)
 			for !isEof(clientTlsReader) {
 				req, err := http.ReadRequest(clientTlsReader)
-				var ctx = &ProxyCtx{Req: req, Session: atomic.AddInt64(&proxy.sess, 1), Proxy: proxy, UserData: ctx.UserData}
+				var ctx = &ProxyCtx{Req: req, Session: atomic.AddInt64(&proxy.sess, 1), Proxy: proxy, UserData: ctx.UserData, Authenticated: ctx.Authenticated}
 				if err != nil && err != io.EOF {
 					return
 				}