7 files changed, 646 insertions, 0 deletions

diff --git a/plugins/headers/config.go b/plugins/headers/config.go
new file mode 100644
index 00000000..8d4e29c2
--- /dev/null
+++ b/plugins/headers/config.go
@@ -0,0 +1,36 @@
+package headers
+
+// Config declares headers service configuration.
+type Config struct {
+	Headers struct {
+		// CORS settings.
+		CORS *CORSConfig
+
+		// Request headers to add to every payload send to PHP.
+		Request map[string]string
+
+		// Response headers to add to every payload generated by PHP.
+		Response map[string]string
+	}
+}
+
+// CORSConfig headers configuration.
+type CORSConfig struct {
+	// AllowedOrigin: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
+	AllowedOrigin string
+
+	// AllowedHeaders: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
+	AllowedHeaders string
+
+	// AllowedMethods: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods
+	AllowedMethods string
+
+	// AllowCredentials https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
+	AllowCredentials *bool
+
+	// ExposeHeaders:  https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers
+	ExposedHeaders string
+
+	// MaxAge of CORS headers in seconds/
+	MaxAge int
+}
diff --git a/plugins/headers/plugin.go b/plugins/headers/plugin.go
new file mode 100644
index 00000000..f1c6e6f3
--- /dev/null
+++ b/plugins/headers/plugin.go
@@ -0,0 +1,117 @@
+package headers
+
+import (
+	"net/http"
+	"strconv"
+
+	"github.com/spiral/errors"
+	"github.com/spiral/roadrunner/v2/plugins/config"
+)
+
+// ID contains default service name.
+const PluginName = "headers"
+const RootPluginName = "http"
+
+// Service serves headers files. Potentially convert into middleware?
+type Plugin struct {
+	// server configuration (location, forbidden files and etc)
+	cfg *Config
+}
+
+// Init must return configure service and return true if service hasStatus enabled. Must return error in case of
+// misconfiguration. Services must not be used without proper configuration pushed first.
+func (s *Plugin) Init(cfg config.Configurer) error {
+	const op = errors.Op("headers plugin init")
+	err := cfg.UnmarshalKey(RootPluginName, &s.cfg)
+	if err != nil {
+		return errors.E(op, errors.Disabled, err)
+	}
+
+	return nil
+}
+
+// middleware must return true if request/response pair is handled within the middleware.
+func (s *Plugin) Middleware(next http.Handler) http.HandlerFunc {
+	// Define the http.HandlerFunc
+	return func(w http.ResponseWriter, r *http.Request) {
+		if s.cfg.Headers.Request != nil {
+			for k, v := range s.cfg.Headers.Request {
+				r.Header.Add(k, v)
+			}
+		}
+
+		if s.cfg.Headers.Response != nil {
+			for k, v := range s.cfg.Headers.Response {
+				w.Header().Set(k, v)
+			}
+		}
+
+		if s.cfg.Headers.CORS != nil {
+			if r.Method == http.MethodOptions {
+				s.preflightRequest(w)
+				return
+			}
+			s.corsHeaders(w)
+		}
+
+		next.ServeHTTP(w, r)
+	}
+}
+
+func (s *Plugin) Name() string {
+	return PluginName
+}
+
+// configure OPTIONS response
+func (s *Plugin) preflightRequest(w http.ResponseWriter) {
+	headers := w.Header()
+
+	headers.Add("Vary", "Origin")
+	headers.Add("Vary", "Access-Control-Request-Method")
+	headers.Add("Vary", "Access-Control-Request-Headers")
+
+	if s.cfg.Headers.CORS.AllowedOrigin != "" {
+		headers.Set("Access-Control-Allow-Origin", s.cfg.Headers.CORS.AllowedOrigin)
+	}
+
+	if s.cfg.Headers.CORS.AllowedHeaders != "" {
+		headers.Set("Access-Control-Allow-Headers", s.cfg.Headers.CORS.AllowedHeaders)
+	}
+
+	if s.cfg.Headers.CORS.AllowedMethods != "" {
+		headers.Set("Access-Control-Allow-Methods", s.cfg.Headers.CORS.AllowedMethods)
+	}
+
+	if s.cfg.Headers.CORS.AllowCredentials != nil {
+		headers.Set("Access-Control-Allow-Credentials", strconv.FormatBool(*s.cfg.Headers.CORS.AllowCredentials))
+	}
+
+	if s.cfg.Headers.CORS.MaxAge > 0 {
+		headers.Set("Access-Control-Max-Age", strconv.Itoa(s.cfg.Headers.CORS.MaxAge))
+	}
+
+	w.WriteHeader(http.StatusOK)
+}
+
+// configure CORS headers
+func (s *Plugin) corsHeaders(w http.ResponseWriter) {
+	headers := w.Header()
+
+	headers.Add("Vary", "Origin")
+
+	if s.cfg.Headers.CORS.AllowedOrigin != "" {
+		headers.Set("Access-Control-Allow-Origin", s.cfg.Headers.CORS.AllowedOrigin)
+	}
+
+	if s.cfg.Headers.CORS.AllowedHeaders != "" {
+		headers.Set("Access-Control-Allow-Headers", s.cfg.Headers.CORS.AllowedHeaders)
+	}
+
+	if s.cfg.Headers.CORS.ExposedHeaders != "" {
+		headers.Set("Access-Control-Expose-Headers", s.cfg.Headers.CORS.ExposedHeaders)
+	}
+
+	if s.cfg.Headers.CORS.AllowCredentials != nil {
+		headers.Set("Access-Control-Allow-Credentials", strconv.FormatBool(*s.cfg.Headers.CORS.AllowCredentials))
+	}
+}
diff --git a/plugins/headers/tests/configs/.rr-cors-headers.yaml b/plugins/headers/tests/configs/.rr-cors-headers.yaml
new file mode 100644
index 00000000..5c1a200b
--- /dev/null
+++ b/plugins/headers/tests/configs/.rr-cors-headers.yaml
@@ -0,0 +1,37 @@
+server:
+  command: "php ../../../tests/http/client.php headers pipes"
+  user: ""
+  group: ""
+  env:
+    "RR_HTTP": "true"
+  relay: "pipes"
+  relayTimeout: "20s"
+
+http:
+  debug: true
+  address: 127.0.0.1:22855
+  maxRequestSize: 1024
+  middleware: [ "headers" ]
+  uploads:
+    forbid: [ ".php", ".exe", ".bat" ]
+  trustedSubnets: [ "10.0.0.0/8", "127.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16", "::1/128", "fc00::/7", "fe80::/10" ]
+  # Additional HTTP headers and CORS control.
+  headers:
+    cors:
+      allowedOrigin: "*"
+      allowedHeaders: "*"
+      allowedMethods: "GET,POST,PUT,DELETE"
+      allowCredentials: true
+      exposedHeaders: "Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma"
+      maxAge: 600
+    request:
+      "input": "custom-header"
+    response:
+      "output": "output-header"
+  pool:
+    numWorkers: 2
+    maxJobs: 0
+    allocateTimeout: 60s
+    destroyTimeout: 60s
+
+
diff --git a/plugins/headers/tests/configs/.rr-headers-init.yaml b/plugins/headers/tests/configs/.rr-headers-init.yaml
new file mode 100644
index 00000000..252fe8f3
--- /dev/null
+++ b/plugins/headers/tests/configs/.rr-headers-init.yaml
@@ -0,0 +1,37 @@
+server:
+  command: "php ../../../tests/http/client.php echo pipes"
+  user: ""
+  group: ""
+  env:
+    "RR_HTTP": "true"
+  relay: "pipes"
+  relayTimeout: "20s"
+
+http:
+  debug: true
+  address: 127.0.0.1:33453
+  maxRequestSize: 1024
+  middleware: [ "headers" ]
+  uploads:
+    forbid: [ ".php", ".exe", ".bat" ]
+  trustedSubnets: [ "10.0.0.0/8", "127.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16", "::1/128", "fc00::/7", "fe80::/10" ]
+  # Additional HTTP headers and CORS control.
+  headers:
+    cors:
+      allowedOrigin: "*"
+      allowedHeaders: "*"
+      allowedMethods: "GET,POST,PUT,DELETE"
+      allowCredentials: true
+      exposedHeaders: "Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma"
+      maxAge: 600
+    request:
+      "Example-Request-Header": "Value"
+    response:
+      "X-Powered-By": "RoadRunner"
+  pool:
+    numWorkers: 2
+    maxJobs: 0
+    allocateTimeout: 60s
+    destroyTimeout: 60s
+
+
diff --git a/plugins/headers/tests/configs/.rr-req-headers.yaml b/plugins/headers/tests/configs/.rr-req-headers.yaml
new file mode 100644
index 00000000..9256e98d
--- /dev/null
+++ b/plugins/headers/tests/configs/.rr-req-headers.yaml
@@ -0,0 +1,30 @@
+server:
+  command: "php ../../../tests/http/client.php header pipes"
+  user: ""
+  group: ""
+  env:
+    "RR_HTTP": "true"
+  relay: "pipes"
+  relayTimeout: "20s"
+
+http:
+  debug: true
+  address: 127.0.0.1:22655
+  maxRequestSize: 1024
+  middleware: [ "headers" ]
+  uploads:
+    forbid: [ ".php", ".exe", ".bat" ]
+  trustedSubnets: [ "10.0.0.0/8", "127.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16", "::1/128", "fc00::/7", "fe80::/10" ]
+  # Additional HTTP headers and CORS control.
+  headers:
+    request:
+      "input": "custom-header"
+    response:
+      "output": "output-header"
+  pool:
+    numWorkers: 2
+    maxJobs: 0
+    allocateTimeout: 60s
+    destroyTimeout: 60s
+
+
diff --git a/plugins/headers/tests/configs/.rr-res-headers.yaml b/plugins/headers/tests/configs/.rr-res-headers.yaml
new file mode 100644
index 00000000..1bca2c3d
--- /dev/null
+++ b/plugins/headers/tests/configs/.rr-res-headers.yaml
@@ -0,0 +1,30 @@
+server:
+  command: "php ../../../tests/http/client.php header pipes"
+  user: ""
+  group: ""
+  env:
+    "RR_HTTP": "true"
+  relay: "pipes"
+  relayTimeout: "20s"
+
+http:
+  debug: true
+  address: 127.0.0.1:22455
+  maxRequestSize: 1024
+  middleware: [ "headers" ]
+  uploads:
+    forbid: [ ".php", ".exe", ".bat" ]
+  trustedSubnets: [ "10.0.0.0/8", "127.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16", "::1/128", "fc00::/7", "fe80::/10" ]
+  # Additional HTTP headers and CORS control.
+  headers:
+    request:
+      "input": "custom-header"
+    response:
+      "output": "output-header"
+  pool:
+    numWorkers: 2
+    maxJobs: 0
+    allocateTimeout: 60s
+    destroyTimeout: 60s
+
+
diff --git a/plugins/headers/tests/headers_plugin_test.go b/plugins/headers/tests/headers_plugin_test.go
new file mode 100644
index 00000000..f1de8cb9
--- /dev/null
+++ b/plugins/headers/tests/headers_plugin_test.go
@@ -0,0 +1,359 @@
+package tests
+
+import (
+	"io/ioutil"
+	"net/http"
+	"os"
+	"os/signal"
+	"sync"
+	"syscall"
+	"testing"
+	"time"
+
+	"github.com/spiral/endure"
+	"github.com/spiral/roadrunner/v2/plugins/config"
+	"github.com/spiral/roadrunner/v2/plugins/headers"
+	httpPlugin "github.com/spiral/roadrunner/v2/plugins/http"
+	"github.com/spiral/roadrunner/v2/plugins/logger"
+	"github.com/spiral/roadrunner/v2/plugins/server"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestHeadersInit(t *testing.T) {
+	cont, err := endure.NewContainer(nil, endure.SetLogLevel(endure.DebugLevel))
+	assert.NoError(t, err)
+
+	cfg := &config.Viper{
+		Path:   "configs/.rr-headers-init.yaml",
+		Prefix: "rr",
+	}
+
+	err = cont.RegisterAll(
+		cfg,
+		&logger.ZapLogger{},
+		&server.Plugin{},
+		&httpPlugin.Plugin{},
+		&headers.Plugin{},
+	)
+	assert.NoError(t, err)
+
+	err = cont.Init()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	ch, err := cont.Serve()
+	assert.NoError(t, err)
+
+	sig := make(chan os.Signal, 1)
+	signal.Notify(sig, os.Interrupt, syscall.SIGINT, syscall.SIGTERM)
+
+	wg := &sync.WaitGroup{}
+	wg.Add(1)
+
+	tt := time.NewTimer(time.Second * 5)
+
+	go func() {
+		defer wg.Done()
+		for {
+			select {
+			case e := <-ch:
+				assert.Fail(t, "error", e.Error.Error())
+				err = cont.Stop()
+				if err != nil {
+					assert.FailNow(t, "error", err.Error())
+				}
+			case <-sig:
+				err = cont.Stop()
+				if err != nil {
+					assert.FailNow(t, "error", err.Error())
+				}
+				return
+			case <-tt.C:
+				// timeout
+				err = cont.Stop()
+				if err != nil {
+					assert.FailNow(t, "error", err.Error())
+				}
+				return
+			}
+		}
+	}()
+	wg.Wait()
+}
+
+func TestRequestHeaders(t *testing.T) {
+	cont, err := endure.NewContainer(nil, endure.SetLogLevel(endure.DebugLevel))
+	assert.NoError(t, err)
+
+	cfg := &config.Viper{
+		Path:   "configs/.rr-req-headers.yaml",
+		Prefix: "rr",
+	}
+
+	err = cont.RegisterAll(
+		cfg,
+		&logger.ZapLogger{},
+		&server.Plugin{},
+		&httpPlugin.Plugin{},
+		&headers.Plugin{},
+	)
+	assert.NoError(t, err)
+
+	err = cont.Init()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	ch, err := cont.Serve()
+	assert.NoError(t, err)
+
+	sig := make(chan os.Signal, 1)
+	signal.Notify(sig, os.Interrupt, syscall.SIGINT, syscall.SIGTERM)
+
+	wg := &sync.WaitGroup{}
+	wg.Add(1)
+
+	tt := time.NewTimer(time.Second * 10)
+
+	go func() {
+		defer wg.Done()
+		for {
+			select {
+			case e := <-ch:
+				assert.Fail(t, "error", e.Error.Error())
+				err = cont.Stop()
+				if err != nil {
+					assert.FailNow(t, "error", err.Error())
+				}
+			case <-sig:
+				err = cont.Stop()
+				if err != nil {
+					assert.FailNow(t, "error", err.Error())
+				}
+				return
+			case <-tt.C:
+				// timeout
+				err = cont.Stop()
+				if err != nil {
+					assert.FailNow(t, "error", err.Error())
+				}
+				return
+			}
+		}
+	}()
+
+	time.Sleep(time.Second)
+	t.Run("RequestHeaders", reqHeaders)
+	wg.Wait()
+}
+
+func reqHeaders(t *testing.T) {
+	req, err := http.NewRequest("GET", "http://localhost:22655?hello=value", nil)
+	assert.NoError(t, err)
+
+	r, err := http.DefaultClient.Do(req)
+	assert.NoError(t, err)
+
+	b, err := ioutil.ReadAll(r.Body)
+	assert.NoError(t, err)
+
+	assert.Equal(t, 200, r.StatusCode)
+	assert.Equal(t, "CUSTOM-HEADER", string(b))
+
+	err = r.Body.Close()
+	assert.NoError(t, err)
+}
+
+func TestResponseHeaders(t *testing.T) {
+	cont, err := endure.NewContainer(nil, endure.SetLogLevel(endure.DebugLevel))
+	assert.NoError(t, err)
+
+	cfg := &config.Viper{
+		Path:   "configs/.rr-res-headers.yaml",
+		Prefix: "rr",
+	}
+
+	err = cont.RegisterAll(
+		cfg,
+		&logger.ZapLogger{},
+		&server.Plugin{},
+		&httpPlugin.Plugin{},
+		&headers.Plugin{},
+	)
+	assert.NoError(t, err)
+
+	err = cont.Init()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	ch, err := cont.Serve()
+	assert.NoError(t, err)
+
+	sig := make(chan os.Signal, 1)
+	signal.Notify(sig, os.Interrupt, syscall.SIGINT, syscall.SIGTERM)
+
+	wg := &sync.WaitGroup{}
+	wg.Add(1)
+
+	tt := time.NewTimer(time.Second * 10)
+
+	go func() {
+		defer wg.Done()
+		for {
+			select {
+			case e := <-ch:
+				assert.Fail(t, "error", e.Error.Error())
+				err = cont.Stop()
+				if err != nil {
+					assert.FailNow(t, "error", err.Error())
+				}
+			case <-sig:
+				err = cont.Stop()
+				if err != nil {
+					assert.FailNow(t, "error", err.Error())
+				}
+				return
+			case <-tt.C:
+				// timeout
+				err = cont.Stop()
+				if err != nil {
+					assert.FailNow(t, "error", err.Error())
+				}
+				return
+			}
+		}
+	}()
+
+	time.Sleep(time.Second)
+	t.Run("ResponseHeaders", resHeaders)
+	wg.Wait()
+}
+
+func resHeaders(t *testing.T) {
+	req, err := http.NewRequest("GET", "http://localhost:22455?hello=value", nil)
+	assert.NoError(t, err)
+
+	r, err := http.DefaultClient.Do(req)
+	assert.NoError(t, err)
+
+	assert.Equal(t, "output-header", r.Header.Get("output"))
+
+	b, err := ioutil.ReadAll(r.Body)
+	assert.NoError(t, err)
+	assert.Equal(t, 200, r.StatusCode)
+	assert.Equal(t, "CUSTOM-HEADER", string(b))
+
+	err = r.Body.Close()
+	assert.NoError(t, err)
+}
+
+func TestCORSHeaders(t *testing.T) {
+	cont, err := endure.NewContainer(nil, endure.SetLogLevel(endure.DebugLevel))
+	assert.NoError(t, err)
+
+	cfg := &config.Viper{
+		Path:   "configs/.rr-cors-headers.yaml",
+		Prefix: "rr",
+	}
+
+	err = cont.RegisterAll(
+		cfg,
+		&logger.ZapLogger{},
+		&server.Plugin{},
+		&httpPlugin.Plugin{},
+		&headers.Plugin{},
+	)
+	assert.NoError(t, err)
+
+	err = cont.Init()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	ch, err := cont.Serve()
+	assert.NoError(t, err)
+
+	sig := make(chan os.Signal, 1)
+	signal.Notify(sig, os.Interrupt, syscall.SIGINT, syscall.SIGTERM)
+
+	wg := &sync.WaitGroup{}
+	wg.Add(1)
+
+	tt := time.NewTimer(time.Second * 10)
+
+	go func() {
+		defer wg.Done()
+		for {
+			select {
+			case e := <-ch:
+				assert.Fail(t, "error", e.Error.Error())
+				err = cont.Stop()
+				if err != nil {
+					assert.FailNow(t, "error", err.Error())
+				}
+			case <-sig:
+				err = cont.Stop()
+				if err != nil {
+					assert.FailNow(t, "error", err.Error())
+				}
+				return
+			case <-tt.C:
+				// timeout
+				err = cont.Stop()
+				if err != nil {
+					assert.FailNow(t, "error", err.Error())
+				}
+				return
+			}
+		}
+	}()
+
+	time.Sleep(time.Second)
+	t.Run("CORSHeaders", corsHeaders)
+	t.Run("CORSHeadersPass", corsHeadersPass)
+	wg.Wait()
+}
+
+func corsHeadersPass(t *testing.T) {
+	req, err := http.NewRequest("GET", "http://localhost:22855", nil)
+	assert.NoError(t, err)
+
+	r, err := http.DefaultClient.Do(req)
+	assert.NoError(t, err)
+
+	assert.Equal(t, "true", r.Header.Get("Access-Control-Allow-Credentials"))
+	assert.Equal(t, "*", r.Header.Get("Access-Control-Allow-Headers"))
+	assert.Equal(t, "*", r.Header.Get("Access-Control-Allow-Origin"))
+	assert.Equal(t, "true", r.Header.Get("Access-Control-Allow-Credentials"))
+
+	_, err = ioutil.ReadAll(r.Body)
+	assert.NoError(t, err)
+	assert.Equal(t, 200, r.StatusCode)
+
+	err = r.Body.Close()
+	assert.NoError(t, err)
+}
+
+func corsHeaders(t *testing.T) {
+	req, err := http.NewRequest("OPTIONS", "http://localhost:22855", nil)
+	assert.NoError(t, err)
+
+	r, err := http.DefaultClient.Do(req)
+	assert.NoError(t, err)
+
+	assert.Equal(t, "true", r.Header.Get("Access-Control-Allow-Credentials"))
+	assert.Equal(t, "*", r.Header.Get("Access-Control-Allow-Headers"))
+	assert.Equal(t, "GET,POST,PUT,DELETE", r.Header.Get("Access-Control-Allow-Methods"))
+	assert.Equal(t, "*", r.Header.Get("Access-Control-Allow-Origin"))
+	assert.Equal(t, "600", r.Header.Get("Access-Control-Max-Age"))
+	assert.Equal(t, "true", r.Header.Get("Access-Control-Allow-Credentials"))
+
+	_, err = ioutil.ReadAll(r.Body)
+	assert.NoError(t, err)
+	assert.Equal(t, 200, r.StatusCode)
+
+	err = r.Body.Close()
+	assert.NoError(t, err)
+}