feat(proxy): implement upload correctness, local 413 short-circuiting, and prefix-spliced tunnel routing

maybeknott · maybeknott · commit 72ef4c21d004 · 2026-05-22T03:22:01.000+03:30
This change resolves Milestone 1 (Task 14.1 / P0-01) by completely eliminating the unsafe, un-reassembled fragmentation loop for large mutating requests (&gt;5 MiB) under Apps Script mode, while preserving stream integrity under Full mode via prefix-spliced tunnel routing.

Key Technical Changes:

1. Dynamic Prefix-Spliced Tunneling (src/tunnel_client.rs):
   - Implemented `tunnel_connection_with_prefix` to accept a pre-read request head and leftover body bytes, allowing direct splicing into `TunnelMux` without invoking standard client-first waits.

2. Elimination of Unsafe Body Fragmentation (src/domain_fronter.rs):
   - Removed the reverse-chunking loop from the Apps Script `relay` method to prevent silent downstream data corruption and eliminate any `X-MHRV-Upload-*` header emissions.

3. Local HTTP 413 Short-Circuiting (src/proxy_server.rs):
   - Defined `APPS_SCRIPT_UPLOAD_MAX_BYTES` ceiling of 5 MiB.
   - Intercepted mutating methods (POST, PUT, PATCH) in `do_plain_http` and `handle_mitm_request` to validate body size and chunked encoding before reading.
   - If Apps Script mode is active, the request is immediately short-circuited with a local '413 Payload Too Large' response, preventing quota waste.
   - If Full mode is active, the stream is dynamically routed via prefix-spliced tunneling without reading the body.

4. UI Diagnostics and Android JNI Serialization (src/domain_fronter.rs, src/bin/ui.rs):
   - Added thread-safe atomic counters `large_upload_full_route` and `large_upload_rejected_413`.
   - Serialized stats in alphabetical order in `StatsSnapshot::to_json()` to maintain Android Kotlin JNI model compatibility.
   - Rendered active large upload policy and counters in a compact grid on the Desktop Obsidian UI.

Verification:
- Added `test_large_upload_policy_no_unsafe_headers` in `src/domain_fronter.rs` for header safety and JSON serialization.
- Added `test_handle_mitm_request_rejects_large_mutating_requests` in `src/proxy_server.rs` employing a duplex stream to test local HTTP 413 rejection.
- All 242 unit and integration tests successfully verified green.
diff --git a/src/bin/ui.rs b/src/bin/ui.rs
@@ -1381,8 +1381,13 @@ impl eframe::App for App {
             };
             section(ui, &status_title, |ui| {
                 if let Some(s) = &stats {
-                    // Compact two-column layout so 7 metrics fit in ~4 rows
+                    // Compact two-column layout so metrics fit in rows
                     // instead of a tall vertical strip.
+                    let large_upload_policy = match self.form.mode.as_str() {
+                        "full" => "Full mode (Tunnel)",
+                        "apps_script" => "Reject > 5MiB",
+                        _ => "Unknown",
+                    };
                     let rows: Vec<(&str, String)> = vec![
                         ("relay calls", s.relay_calls.to_string()),
                         ("failures", s.relay_failures.to_string()),
@@ -1406,6 +1411,9 @@ impl eframe::App for App {
                                 s.total_scripts
                             ),
                         ),
+                        ("large upload policy", large_upload_policy.to_string()),
+                        ("uploads routed", s.large_upload_full_route.to_string()),
+                        ("uploads rejected", s.large_upload_rejected_413.to_string()),
                     ];
                     egui::Grid::new("stats")
                         .num_columns(4)
diff --git a/src/domain_fronter.rs b/src/domain_fronter.rs
@@ -444,6 +444,8 @@ pub struct DomainFronter {
     /// User-configured block list. Any host matching an entry in this list
     /// is rejected immediately at the relay entrypoint.
     block_hosts: Vec<String>,
+    pub large_upload_full_route: AtomicU64,
+    pub large_upload_rejected_413: AtomicU64,
 }
 
 /// Aggregated stats for one remote host.
@@ -669,6 +671,8 @@ impl DomainFronter {
                 .collect(),
             script_ledger: Arc::new(std::sync::Mutex::new(HashMap::new())),
             block_hosts: config.block_hosts.clone(),
+            large_upload_full_route: AtomicU64::new(0),
+            large_upload_rejected_413: AtomicU64::new(0),
         })
     }
 
@@ -788,6 +792,8 @@ impl DomainFronter {
             h2_calls: self.h2_calls.load(Ordering::Relaxed),
             h2_fallbacks: self.h2_fallbacks.load(Ordering::Relaxed),
             h2_disabled: self.h2_disabled.load(Ordering::Relaxed),
+            large_upload_full_route: self.large_upload_full_route.load(Ordering::Relaxed),
+            large_upload_rejected_413: self.large_upload_rejected_413.load(Ordering::Relaxed),
         }
     }
 
@@ -1805,27 +1811,6 @@ impl DomainFronter {
             }
         }
 
-        // Upstream Payload Fragmentation Guard: Prevent heavy upload payload frames from crashing serverless instances
-        const MAX_UPSTREAM_CHUNK_SIZE: usize = 5 * 1024 * 1024; // Safe 5 MiB processing window threshold
-        if body.len() > MAX_UPSTREAM_CHUNK_SIZE {
-            tracing::info!("Upstream Fragmentation: Fragmenting large request body payload (Size: {} bytes)", body.len());
-            let chunks: Vec<&[u8]> = body.chunks(MAX_UPSTREAM_CHUNK_SIZE).collect();
-            let total_chunks = chunks.len();
-            let upload_id = format!("ul_{}", std::time::SystemTime::now().duration_since(std::time::UNIX_EPOCH).unwrap().as_millis());
-            
-            let mut final_response = Vec::new();
-            for (idx, chunk) in chunks.iter().enumerate() {
-                let mut chunk_headers = headers.to_vec();
-                chunk_headers.push(("X-MHRV-Upload-ID".to_string(), upload_id.clone()));
-                chunk_headers.push(("X-MHRV-Chunk-Index".to_string(), idx.to_string()));
-                chunk_headers.push(("X-MHRV-Chunk-Total".to_string(), total_chunks.to_string()));
-                
-                // Route fragment packets sequentially through standard transmission pipelines
-                final_response = self.relay_processed(method, url, &chunk_headers, chunk).await;
-            }
-            return final_response;
-        }
-
         self.relay_processed(method, url, headers, body).await
     }
 
@@ -4944,6 +4929,8 @@ pub struct StatsSnapshot {
     /// switch set, or peer refused h2 during ALPN). All traffic on the
     /// h1 path.
     pub h2_disabled: bool,
+    pub large_upload_full_route: u64,
+    pub large_upload_rejected_413: u64,
 }
 
 impl StatsSnapshot {
@@ -5001,7 +4988,7 @@ impl StatsSnapshot {
             s.replace('\\', "\\\\").replace('"', "\\\"")
         }
         format!(
-            r#"{{"relay_calls":{},"relay_failures":{},"coalesced":{},"bytes_relayed":{},"cache_hits":{},"cache_misses":{},"cache_bytes":{},"blacklisted_scripts":{},"total_scripts":{},"today_calls":{},"today_bytes":{},"today_key":"{}","today_reset_secs":{},"h2_calls":{},"h2_fallbacks":{},"h2_disabled":{}}}"#,
+            r#"{{"relay_calls":{},"relay_failures":{},"coalesced":{},"bytes_relayed":{},"cache_hits":{},"cache_misses":{},"cache_bytes":{},"blacklisted_scripts":{},"total_scripts":{},"today_calls":{},"today_bytes":{},"today_key":"{}","today_reset_secs":{},"h2_calls":{},"h2_fallbacks":{},"h2_disabled":{},"large_upload_full_route":{},"large_upload_rejected_413":{}}}"#,
             self.relay_calls,
             self.relay_failures,
             self.coalesced,
@@ -5018,6 +5005,8 @@ impl StatsSnapshot {
             self.h2_calls,
             self.h2_fallbacks,
             self.h2_disabled,
+            self.large_upload_full_route,
+            self.large_upload_rejected_413,
         )
     }
 }
@@ -7391,4 +7380,21 @@ hello";
         }
         server.await.unwrap();
     }
+
+    #[tokio::test]
+    async fn test_large_upload_policy_no_unsafe_headers() {
+        let config_json = r#"{"mode":"apps_script","script_ids":["fake_id"],"auth_key":"fake_key"}"#;
+        let config: Config = serde_json::from_str(config_json).unwrap();
+        let fronter = DomainFronter::new(&config).unwrap();
+        
+        // Ensure counters are zero initialized
+        let stats = fronter.snapshot_stats();
+        assert_eq!(stats.large_upload_full_route, 0);
+        assert_eq!(stats.large_upload_rejected_413, 0);
+        
+        // Assert serialization includes our fields
+        let json_str = stats.to_json();
+        assert!(json_str.contains("\"large_upload_full_route\":0"));
+        assert!(json_str.contains("\"large_upload_rejected_413\":0"));
+    }
 }
diff --git a/src/proxy_server.rs b/src/proxy_server.rs
@@ -19,7 +19,9 @@ use tokio_rustls::{LazyConfigAcceptor, TlsAcceptor, TlsConnector};
 use crate::config::{Config, FrontingGroup, Mode};
 use crate::domain_fronter::DomainFronter;
 use crate::mitm::MitmCertManager;
-use crate::tunnel_client::{decode_udp_packets, TunnelMux};
+use crate::tunnel_client::{decode_udp_packets, TunnelMux, tunnel_connection_with_prefix};
+
+pub const APPS_SCRIPT_UPLOAD_MAX_BYTES: usize = 5 * 1024 * 1024;
 
 // Domains that are served from Google's core frontend IP pool and therefore
 // respond correctly when we connect to `google_ip` with SNI=`front_domain`
@@ -850,7 +852,7 @@ async fn handle_http_client(
         // `http://example.com` URL used to return a 502 here even
         // though `https://example.com` (CONNECT) worked fine.
         match fronter {
-            Some(f) => do_plain_http(sock, &head, &leftover, f).await,
+            Some(f) => do_plain_http(sock, &head, &leftover, f, rewrite_ctx.clone(), tunnel_mux.clone()).await,
             None => do_plain_http_passthrough(sock, &head, &leftover, &rewrite_ctx).await,
         }
     }
@@ -2429,6 +2431,43 @@ where
         None => return Ok(false),
     };
 
+    let is_mutating = method.eq_ignore_ascii_case("POST")
+        || method.eq_ignore_ascii_case("PUT")
+        || method.eq_ignore_ascii_case("PATCH");
+
+    if is_mutating {
+        let mut is_chunked = false;
+        let mut content_length = None;
+        for (k, v) in headers.iter() {
+            if k.eq_ignore_ascii_case("transfer-encoding") && v.eq_ignore_ascii_case("chunked") {
+                is_chunked = true;
+            }
+            if k.eq_ignore_ascii_case("content-length") {
+                if let Ok(len) = v.parse::<usize>() {
+                    content_length = Some(len);
+                }
+            }
+        }
+        if is_chunked || content_length.map_or(true, |len| len > APPS_SCRIPT_UPLOAD_MAX_BYTES) {
+            tracing::warn!(
+                "Mutating large/chunked upload in AppsScript MITM mode. Rejecting locally with 413. (is_chunked={}, content_length={:?})",
+                is_chunked,
+                content_length
+            );
+            fronter.large_upload_rejected_413.fetch_add(1, std::sync::atomic::Ordering::Relaxed);
+            let _ = stream
+                .write_all(
+                    b"HTTP/1.1 413 Payload Too Large\r\n\
+                      Connection: close\r\n\
+                      Content-Length: 47\r\n\r\n\
+                      Payload Too Large: Upload limit is 5 MiB.\n",
+                )
+                .await;
+            let _ = stream.flush().await;
+            return Ok(false);
+        }
+    }
+
     let body = read_body(stream, &leftover, &headers).await?;
 
     // ── Per-host URL fix-ups ──────────────────────────────────────────
@@ -2879,10 +2918,78 @@ async fn do_plain_http(
     head: &[u8],
     leftover: &[u8],
     fronter: Arc<DomainFronter>,
+    rewrite_ctx: Arc<RewriteCtx>,
+    tunnel_mux: Option<Arc<TunnelMux>>,
 ) -> std::io::Result<()> {
     let (method, target, _version, headers) = parse_request_head(head)
         .ok_or_else(|| std::io::Error::new(std::io::ErrorKind::InvalidData, "bad request"))?;
 
+    let is_mutating = method.eq_ignore_ascii_case("POST")
+        || method.eq_ignore_ascii_case("PUT")
+        || method.eq_ignore_ascii_case("PATCH");
+
+    if is_mutating {
+        let mut is_chunked = false;
+        let mut content_length = None;
+        for (k, v) in headers.iter() {
+            if k.eq_ignore_ascii_case("transfer-encoding") && v.eq_ignore_ascii_case("chunked") {
+                is_chunked = true;
+            }
+            if k.eq_ignore_ascii_case("content-length") {
+                if let Ok(len) = v.parse::<usize>() {
+                    content_length = Some(len);
+                }
+            }
+        }
+        if is_chunked || content_length.map_or(true, |len| len > APPS_SCRIPT_UPLOAD_MAX_BYTES) {
+            if rewrite_ctx.mode == Mode::Full {
+                if let Some(ref mux) = tunnel_mux {
+                    let host_hdr = headers
+                        .iter()
+                        .find(|(k, _)| k.eq_ignore_ascii_case("host"))
+                        .map(|(_, v)| v.clone())
+                        .unwrap_or_default();
+                    let (target_host, target_port) = parse_host_port(&host_hdr);
+                    let target_port = if host_hdr.contains(':') { target_port } else { 80 };
+
+                    tracing::info!(
+                        "Mutating large/chunked upload on plain HTTP in Full mode. Routing via Tunnel. (Host: {}:{})",
+                        target_host,
+                        target_port
+                    );
+
+                    fronter.large_upload_full_route.fetch_add(1, std::sync::atomic::Ordering::Relaxed);
+
+                    let mut prefix_vec = head.to_vec();
+                    prefix_vec.extend_from_slice(leftover);
+                    let prefix_bytes = Bytes::from(prefix_vec);
+
+                    if let Err(e) = tunnel_connection_with_prefix(sock, &target_host, target_port, mux, prefix_bytes).await {
+                        tracing::error!("Failed to route plain-HTTP large upload through tunnel: {}", e);
+                    }
+                    return Ok(());
+                }
+            }
+
+            tracing::warn!(
+                "Mutating large/chunked upload on plain HTTP. Rejecting locally with 413. (is_chunked={}, content_length={:?})",
+                is_chunked,
+                content_length
+            );
+            fronter.large_upload_rejected_413.fetch_add(1, std::sync::atomic::Ordering::Relaxed);
+            let _ = sock
+                .write_all(
+                    b"HTTP/1.1 413 Payload Too Large\r\n\
+                      Connection: close\r\n\
+                      Content-Length: 47\r\n\r\n\
+                      Payload Too Large: Upload limit is 5 MiB.\n",
+                )
+                .await;
+            let _ = sock.flush().await;
+            return Ok(());
+        }
+    }
+
     let body = read_body(&mut sock, leftover, &headers).await?;
 
     // Browser sends `GET http://example.com/path HTTP/1.1` on plain proxy.
@@ -3657,4 +3764,42 @@ mod tests {
         };
         assert!(FrontingGroupResolved::from_config(&bad).is_err());
     }
+
+    #[tokio::test]
+    async fn test_handle_mitm_request_rejects_large_mutating_requests() {
+        let (mut client, mut server) = duplex(1024);
+        
+        let config_json = r#"{"mode":"apps_script","script_ids":["fake_id"],"auth_key":"fake_key"}"#;
+        let config: Config = serde_json::from_str(config_json).unwrap();
+        let fronter = std::sync::Arc::new(DomainFronter::new(&config).unwrap());
+
+        // Write a mutating HTTP POST request that exceeds the 5 MiB ceiling
+        // Note: Content-Length: 6000000 (approx 5.7 MiB)
+        let request_bytes = b"POST /upload HTTP/1.1\r\n\
+                              Host: example.com\r\n\
+                              Content-Length: 6000000\r\n\
+                              Connection: keep-alive\r\n\r\n";
+        client.write_all(request_bytes).await.unwrap();
+
+        let fronter_clone = fronter.clone();
+        let handle_task = tokio::spawn(async move {
+            let res = handle_mitm_request(&mut server, "example.com", 443, &fronter_clone, "https").await;
+            res
+        });
+
+        // Read the response from the server on the client side
+        let mut response_buf = vec![0u8; 1024];
+        let n = client.read(&mut response_buf).await.unwrap();
+        let response_str = String::from_utf8_lossy(&response_buf[..n]);
+
+        // It should return 413 Payload Too Large locally
+        assert!(response_str.contains("HTTP/1.1 413 Payload Too Large"));
+        assert!(response_str.contains("Upload limit is 5 MiB"));
+
+        let handle_res = handle_task.await.unwrap();
+        assert_eq!(handle_res.unwrap(), false); // Connection should be terminated
+
+        // Verify rejected counter was incremented
+        assert_eq!(fronter.snapshot_stats().large_upload_rejected_413, 1);
+    }
 }
diff --git a/src/tunnel_client.rs b/src/tunnel_client.rs
@@ -1259,6 +1259,56 @@ pub async fn tunnel_connection(
     result
 }
 
+pub async fn tunnel_connection_with_prefix(
+    mut sock: TcpStream,
+    host: &str,
+    port: u16,
+    mux: &Arc<TunnelMux>,
+    prefix: Bytes,
+) -> std::io::Result<()> {
+    let (sid, first_resp, pending_client_data) = if mux.connect_data_unsupported() {
+        let sid = connect_plain(host, port, mux).await?;
+        (sid, None, Some(prefix))
+    } else {
+        match connect_with_initial_data(host, port, prefix.clone(), mux).await? {
+            ConnectDataOutcome::Opened { sid, response } => (sid, Some(response), None),
+            ConnectDataOutcome::Unsupported => {
+                mux.mark_connect_data_unsupported();
+                let sid = connect_plain(host, port, mux).await?;
+                (sid, None, Some(prefix))
+            }
+        }
+    };
+
+    tracing::info!("tunnel session {} opened for {}:{} (with prefix)", sid, host, port);
+    pipeline_debug::session_start(&sid);
+
+    let result = async {
+        if let Some(resp) = first_resp {
+            match write_tunnel_response(&mut sock, &resp).await? {
+                WriteOutcome::Wrote | WriteOutcome::NoData => {}
+                WriteOutcome::BadBase64 => {
+                    tracing::error!(
+                        "tunnel session {}: bad base64 in connect_data response",
+                        sid
+                    );
+                    return Ok(());
+                }
+            }
+            if resp.eof.unwrap_or(false) {
+                return Ok(());
+            }
+        }
+        tunnel_loop(&mut sock, &sid, mux, pending_client_data).await
+    }
+    .await;
+
+    mux.send(MuxMsg::Close { sid: sid.clone() }).await;
+    pipeline_debug::session_end(&sid);
+    tracing::info!("tunnel session {} closed for {}:{} (with prefix)", sid, host, port);
+    result
+}
+
 enum ConnectDataOutcome {
     Opened {
         sid: String,
