jupyter notebook based tutorial (#1059)

* `jupyter` notebook based tutorial

* Move within `tutorial` directory

* Fix spell

* Add `as_non_blocking` option during wrap

* `as_non_blocking=False` by defaut

Author: abhinavsingh

Makefile

@@ -94,7 +94,7 @@ lib-clean:
 	rm -rf .hypothesis
 	# Doc RST files are cached and can cause issues
 	# See https://github.com/abhinavsingh/proxy.py/issues/642#issuecomment-1003444578
-	rm docs/pkg/*.rst
+	rm -f docs/pkg/*.rst
 
 lib-dep:
 	pip install --upgrade pip && \
@@ -134,7 +134,7 @@ lib-doc:
 	python -m tox -e build-docs && \
 	$(OPEN) .tox/build-docs/docs_out/index.html || true
 
-lib-coverage:
+lib-coverage: lib-clean
 	pytest --cov=proxy --cov=tests --cov-report=html tests/ && \
 	$(OPEN) htmlcov/index.html || true
 

proxy/core/connection/server.py

@@ -43,7 +43,12 @@ def connect(
         )
         self.closed = False
 
-    def wrap(self, hostname: str, ca_file: Optional[str] = None) -> None:
+    def wrap(
+            self,
+            hostname: str,
+            ca_file: Optional[str] = None,
+            as_non_blocking: bool = False,
+    ) -> None:
         ctx = ssl.create_default_context(
             ssl.Purpose.SERVER_AUTH, cafile=ca_file,
         )
@@ -54,4 +59,5 @@ def wrap(self, hostname: str, ca_file: Optional[str] = None) -> None:
             self.connection,
             server_hostname=hostname,
         )
-        self.connection.setblocking(False)
+        if as_non_blocking:
+            self.connection.setblocking(False)

proxy/http/proxy/server.py

@@ -762,7 +762,11 @@ def wrap_server(self) -> bool:
         assert isinstance(self.upstream.connection, socket.socket)
         do_close = False
         try:
-            self.upstream.wrap(text_(self.request.host), self.flags.ca_file)
+            self.upstream.wrap(
+                text_(self.request.host),
+                self.flags.ca_file,
+                as_non_blocking=True,
+            )
         except ssl.SSLCertVerificationError:    # Server raised certificate verification error
             # When --disable-interception-on-ssl-cert-verification-error flag is on,
             # we will cache such upstream hosts and avoid intercepting them for future

proxy/http/server/reverse.py

@@ -83,6 +83,7 @@ def handle_request(self, request: HttpParser) -> None:
                     text_(
                         self.choice.hostname,
                     ),
+                    as_non_blocking=True,
                 )
             # Update Host header
             # if request.has_header(b'Host'):

tests/http/proxy/test_http_proxy_tls_interception.py

@@ -72,8 +72,8 @@ def mock_connection() -> Any:
 
         # Do not mock the original wrap method
         self.mock_server_conn.return_value.wrap.side_effect = \
-            lambda x, y: TcpServerConnection.wrap(
-                self.mock_server_conn.return_value, x, y,
+            lambda x, y, as_non_blocking: TcpServerConnection.wrap(
+                self.mock_server_conn.return_value, x, y, as_non_blocking=as_non_blocking,
             )
 
         type(self.mock_server_conn.return_value).connection = \

tests/plugin/test_http_proxy_plugins_with_tls_interception.py

@@ -95,7 +95,9 @@ def mock_connection() -> Any:
 
         # Do not mock the original wrap method
         self.server.wrap.side_effect = \
-            lambda x, y: TcpServerConnection.wrap(self.server, x, y)
+            lambda x, y, as_non_blocking: TcpServerConnection.wrap(
+                self.server, x, y, as_non_blocking=as_non_blocking,
+            )
 
         self.server.has_buffer.side_effect = has_buffer
         type(self.server).closed = mocker.PropertyMock(side_effect=closed)

tutorial/connections.ipynb

@@ -0,0 +1,130 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Connections\n",
+    "\n",
+    "## Buffered Socket Connections\n",
+    "\n",
+    "`proxy.py` core provides buffered socket implementations.  In most of the cases, a buffered connection will be desired.  With buffered connections, we can queue data from our application code while leaving the responsibility of flushing the buffer on the core.\n",
+    "\n",
+    "One of the buffered connection class is `TcpServerConnection`, which manages connection to an upstream server.  Optionally, we can also enable encryption _(TLS)_ before communicating with the server.\n",
+    "\n",
+    "Import the following:"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from proxy.core.connection import TcpServerConnection\n",
+    "from proxy.common.utils import build_http_request\n",
+    "from proxy.http.methods import httpMethods\n",
+    "from proxy.http.parser import HttpParser, httpParserTypes\n",
+    "\n",
+    "request = build_http_request(\n",
+    "    method=httpMethods.GET,\n",
+    "    url=b'/',\n",
+    "    headers={\n",
+    "        b'Host': b'jaxl.com',\n",
+    "    }\n",
+    ")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Let's use `TcpServerConnection` to make a HTTP web server request."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "http_client = TcpServerConnection('jaxl.com', 80)\n",
+    "http_client.connect()\n",
+    "http_client.queue(memoryview(request))\n",
+    "http_client.flush()\n",
+    "\n",
+    "http_response = HttpParser(httpParserTypes.RESPONSE_PARSER)\n",
+    "while not http_response.is_complete:\n",
+    "    http_response.parse(http_client.recv().tobytes())\n",
+    "http_client.close()\n",
+    "\n",
+    "print(http_response.build_response())\n",
+    "\n",
+    "assert http_response.is_complete\n",
+    "assert http_response.code == b'301'\n",
+    "assert http_response.reason == b'Moved Permanently'\n",
+    "assert http_response.has_header(b'location')\n",
+    "assert http_response.header(b'location') == b'https://jaxl.com/'"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Let's use `TcpServerConnection` to make a HTTPS web server request."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "https_client = TcpServerConnection('jaxl.com', 443)\n",
+    "https_client.connect()\n",
+    "https_client.wrap(hostname='jaxl.com')\n",
+    "\n",
+    "https_client.queue(memoryview(request))\n",
+    "https_client.flush()\n",
+    "\n",
+    "https_response = HttpParser(httpParserTypes.RESPONSE_PARSER)\n",
+    "while not https_response.is_complete:\n",
+    "    https_response.parse(https_client.recv().tobytes())\n",
+    "https_client.close()\n",
+    "\n",
+    "print(https_response.build_response())\n",
+    "\n",
+    "assert https_response.is_complete\n",
+    "assert https_response.code == b'200'\n",
+    "assert https_response.reason == b'OK'\n",
+    "assert https_response.has_header(b'content-type')\n",
+    "assert https_response.header(b'content-type') == b'text/html'"
+   ]
+  }
+ ],
+ "metadata": {
+  "interpreter": {
+   "hash": "da9d6927d62b2b95bde149eedfbd5367cb7f465aad65a736f49c99ee3db39df7"
+  },
+  "kernelspec": {
+   "display_name": "Python 3.10.0 64-bit ('venv310': venv)",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.10.0"
+  },
+  "orig_nbformat": 4
+ },
+ "nbformat": 4,
+ "nbformat_minor": 2
+}

tutorial/http_parser.ipynb

@@ -0,0 +1,182 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# HttpParser\n",
+    "\n",
+    "`HttpParser` class is at the heart of everything related to HTTP.  It is used by Web server and Proxy server core and their plugin eco-system.  As the name suggests, it is capable of parsing both HTTP request and response packets.  It can also parse HTTP look-a-like protocols like ICAP, SIP etc.  Most importantly, remember that `HttpParser` was originally written to handle HTTP packets arriving in the context of a proxy server and till date its default behavior favors the same flavor.\n",
+    "\n",
+    "Let's start by parsing a HTTP web request using `HttpParser`"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 1,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "b'GET / HTTP/1.1\\r\\nHost: jaxl.com\\r\\n\\r\\n'\n"
+     ]
+    }
+   ],
+   "source": [
+    "from proxy.http.methods import httpMethods\n",
+    "from proxy.http.parser import HttpParser, httpParserTypes, httpParserStates\n",
+    "from proxy.common.constants import HTTP_1_1\n",
+    "\n",
+    "get_request = HttpParser(httpParserTypes.REQUEST_PARSER)\n",
+    "get_request.parse(b'GET / HTTP/1.1\\r\\nHost: jaxl.com\\r\\n\\r\\n')\n",
+    "\n",
+    "print(get_request.build())\n",
+    "\n",
+    "assert get_request.is_complete\n",
+    "assert get_request.method == httpMethods.GET\n",
+    "assert get_request.version == HTTP_1_1\n",
+    "assert get_request.host == None\n",
+    "assert get_request.port == 80\n",
+    "assert get_request._url != None\n",
+    "assert get_request._url.remainder == b'/'\n",
+    "assert get_request.has_header(b'host')\n",
+    "assert get_request.header(b'host') == b'jaxl.com'\n",
+    "assert len(get_request.headers) == 1"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Next, let's parse a HTTP proxy request using `HttpParser`"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 2,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "b'GET / HTTP/1.1\\r\\nHost: jaxl.com\\r\\n\\r\\n'\n",
+      "b'GET http://jaxl.com:80/ HTTP/1.1\\r\\nHost: jaxl.com\\r\\n\\r\\n'\n"
+     ]
+    }
+   ],
+   "source": [
+    "proxy_request = HttpParser(httpParserTypes.REQUEST_PARSER)\n",
+    "proxy_request.parse(b'GET http://jaxl.com/ HTTP/1.1\\r\\nHost: jaxl.com\\r\\n\\r\\n')\n",
+    "\n",
+    "print(proxy_request.build())\n",
+    "print(proxy_request.build(for_proxy=True))\n",
+    "\n",
+    "assert proxy_request.is_complete\n",
+    "assert proxy_request.method == httpMethods.GET\n",
+    "assert proxy_request.version == HTTP_1_1\n",
+    "assert proxy_request.host == b'jaxl.com'\n",
+    "assert proxy_request.port == 80\n",
+    "assert proxy_request._url != None\n",
+    "assert proxy_request._url.remainder == b'/'\n",
+    "assert proxy_request.has_header(b'host')\n",
+    "assert proxy_request.header(b'host') == b'jaxl.com'\n",
+    "assert len(proxy_request.headers) == 1"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Notice how `proxy_request.build()` and `proxy_request.build(for_proxy=True)` behave.  Also, notice how `proxy_request.host` field is populated for a HTTP proxy packet but not for the prior HTTP web request packet example.\n",
+    "\n",
+    "To conclude, let's parse a HTTPS proxy request"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 4,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "b'CONNECT / HTTP/1.1\\r\\nHost: jaxl.com:443\\r\\n\\r\\n'\n",
+      "b'CONNECT jaxl.com:443 HTTP/1.1\\r\\nHost: jaxl.com:443\\r\\n\\r\\n'\n"
+     ]
+    }
+   ],
+   "source": [
+    "connect_request = HttpParser(httpParserTypes.REQUEST_PARSER)\n",
+    "connect_request.parse(b'CONNECT jaxl.com:443 HTTP/1.1\\r\\nHost: jaxl.com:443\\r\\n\\r\\n')\n",
+    "\n",
+    "print(connect_request.build())\n",
+    "print(connect_request.build(for_proxy=True))\n",
+    "\n",
+    "assert connect_request.is_complete\n",
+    "assert connect_request.is_https_tunnel\n",
+    "assert connect_request.version == HTTP_1_1\n",
+    "assert connect_request.host == b'jaxl.com'\n",
+    "assert connect_request.port == 443\n",
+    "assert connect_request._url != None\n",
+    "assert connect_request._url.remainder == None\n",
+    "assert connect_request.has_header(b'host')\n",
+    "assert connect_request.header(b'host') == b'jaxl.com:443'\n",
+    "assert len(connect_request.headers) == 1"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Take Away\n",
+    "\n",
+    "- `host` and `port` attributes represent the `host:port` present in the HTTP packet request line.  For comparison purposes, below are all the three request lines again.  Notice how there is no `host:port` available only for the web server get request\n",
+    "  | Request Type      | Request Line     |\n",
+    "  | ------------------| ---------------- |\n",
+    "  | `get_request`     | `GET / HTTP/1.1` |\n",
+    "  | `proxy_request`   | `GET http://jaxl.com HTTP/1.1` |\n",
+    "  | `connect_request` | `CONNECT jaxl.com:443 HTTP/1.1` |\n",
+    "- `_url` attribute is an instance of `Url` parser and contains parsed information about the URL found in the request line\n",
+    "\n",
+    "Few of the other handy properties within `HttpParser` are:\n",
+    "\n",
+    "- `is_complete`\n",
+    "- `is_http_1_1_keep_alive`\n",
+    "- `is_connection_upgrade`\n",
+    "- `is_https_tunnel`\n",
+    "- `is_chunked_encoded`\n",
+    "- `content_expected`\n",
+    "- `body_expected`"
+   ]
+  }
+ ],
+ "metadata": {
+  "interpreter": {
+   "hash": "da9d6927d62b2b95bde149eedfbd5367cb7f465aad65a736f49c99ee3db39df7"
+  },
+  "kernelspec": {
+   "display_name": "Python 3.10.0 64-bit ('venv310': venv)",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.10.0"
+  },
+  "orig_nbformat": 4
+ },
+ "nbformat": 4,
+ "nbformat_minor": 2
+}