getlantern · myleshorton · Jan 17, 2025 · Jan 17, 2025 · Jan 22, 2025 · Jan 22, 2025
diff --git a/chained/broflake_impl.go b/chained/broflake_impl.go
@@ -5,14 +5,13 @@ import (
 	"crypto/x509"
 	"math/rand"
 	"net"
-	"net/http"
 	"time"
 
 	"github.com/getlantern/broflake/clientcore"
 	broflake_common "github.com/getlantern/broflake/common"
 	"github.com/getlantern/common/config"
+	"github.com/getlantern/flashlight/v7/common"
 	"github.com/getlantern/flashlight/v7/ops"
-	"github.com/getlantern/flashlight/v7/proxied"
 )
 
 func init() {
@@ -138,10 +137,7 @@ func makeBroflakeOptions(pc *config.ProxyConfig) (
 
 	// Broflake's HTTP client isn't currently configurable via PluggableTransportSettings, and so
 	// we just give it this domain fronted client in all cases
-	wo.HttpClient = &http.Client{
-		Transport: proxied.Fronted("broflake_fronted_roundtrip"),
-		Timeout:   60 * time.Second,
-	}
+	wo.HttpClient = common.GetHTTPClient()
 
 	// Override QUICLayerOptions defaults as applicable
 	qo := &clientcore.QUICLayerOptions{}

diff --git a/chained/broflake_impl_test.go b/chained/broflake_impl_test.go
@@ -4,23 +4,17 @@ import (
 	"crypto/x509"
 	"fmt"
 	"math/rand"
-	"os"
 	"strconv"
 	"testing"
 	"time"
 
 	"github.com/stretchr/testify/assert"
-	"gopkg.in/yaml.v2"
 
 	"github.com/getlantern/broflake/clientcore"
 	"github.com/getlantern/common/config"
-
-	flconfig "github.com/getlantern/flashlight/v7/config"
-	"github.com/getlantern/flashlight/v7/proxied"
 )
 
 func TestMakeBroflakeOptions(t *testing.T) {
-	updateFronted()
 	pc := &config.ProxyConfig{
 		PluggableTransportSettings: map[string]string{
 			"broflake_ctablesize":                  "69",
@@ -199,7 +193,6 @@ func TestMakeBroflakeOptions(t *testing.T) {
 }
 
 func TestGetRandomSubset(t *testing.T) {
-	updateFronted()
 	listSize := 100
 	uniqueStrings := make([]string, 0, listSize)
 	for i := 0; i < listSize; i++ {
@@ -228,31 +221,3 @@ func TestGetRandomSubset(t *testing.T) {
 	subset = getRandomSubset(uint32(100), rng, nullSet)
 	assert.Equal(t, len(subset), 0)
 }
-
-func updateFronted() {
-	// Init domain-fronting
-	global, err := os.ReadFile("../embeddedconfig/global.yaml")
-	if err != nil {
-		log.Errorf("Unable to load embedded global config: %v", err)
-		os.Exit(1)
-	}
-	cfg := flconfig.NewGlobal()
-	err = yaml.Unmarshal(global, cfg)
-	if err != nil {
-		log.Errorf("Unable to unmarshal embedded global config: %v", err)
-		os.Exit(1)
-	}
-
-	certs, err := cfg.TrustedCACerts()
-	if err != nil {
-		log.Errorf("Unable to read trusted certs: %v", err)
-	}
-
-	tempConfigDir, err := os.MkdirTemp("", "issue_test")
-	if err != nil {
-		log.Errorf("Unable to create temp config dir: %v", err)
-		os.Exit(1)
-	}
-	defer os.RemoveAll(tempConfigDir)
-	proxied.OnNewFronts(certs, cfg.Client.FrontedProviders())
-}
diff --git a/chained/water_impl.go b/chained/water_impl.go
@@ -9,11 +9,10 @@ import (
 	"net/http"
 	"strings"
 	"sync"
-	"time"
 
 	"github.com/getlantern/common/config"
+	"github.com/getlantern/flashlight/v7/common"
 	"github.com/getlantern/flashlight/v7/ops"
-	"github.com/getlantern/flashlight/v7/proxied"
 	"github.com/refraction-networking/water"
 	_ "github.com/refraction-networking/water/transport/v1"
 
@@ -175,7 +174,7 @@ func (d *waterImpl) loadWASM(ctx context.Context, transport string, dir string,
 	vc := waterVC.NewWaterVersionControl(dir, log)
 	cli := waterHTTPClient
 	if cli == nil {
-		cli = proxied.ChainedThenDirectThenFrontedClient(1*time.Minute, "")
+		cli = common.GetHTTPClient()
 	}
 	downloader, err := waterDownloader.NewWASMDownloader(strings.Split(wasmAvailableAt, ","), cli)
 	if err != nil {

diff --git a/client/handler.go b/client/handler.go
@@ -126,7 +126,7 @@ func (client *Client) interceptProRequest(cs *filters.ConnectionState, r *http.R
 	r.URL.Path = r.URL.Path[4:]
 	pro.PrepareProRequest(r, client.user)
 	r.Header.Del("Origin")
-	resp, err := pro.HTTPClient.Do(r)
+	resp, err := common.GetHTTPClient().Do(r)
 	if err != nil {
 		log.Errorf("Error intercepting request to pro server: %v", err)
 		resp = &http.Response{

diff --git a/common/const.go b/common/const.go
@@ -8,7 +8,7 @@ import (
 
 const (
 	// UserConfigURL is the URL for fetching the per user proxy config.
-	UserConfigURL = "http://df.iantem.io/api/v1/config"
+	UserConfigURL = "https://df.iantem.io/api/v1/config"
 
 	// Sentry Configurations
 	SentryTimeout         = time.Second * 30

diff --git a/common/httpclient.go b/common/httpclient.go
@@ -0,0 +1,44 @@
+package common
+
+import (
+	"net/http"
+	"sync"
+
+	"github.com/getlantern/kindling"
+)
+
+var httpClient *http.Client
+var mutex = &sync.Mutex{}
+
+// These are the domains we will access via kindling.
+var domains = []string{
+	"api.iantem.io",
+	"api.getiantem.org",    // Still used on iOS
+	"geo.getiantem.org",    // Still used on iOS
+	"config.getiantem.org", // Still used on iOS
+	"df.iantem.io",
+	"raw.githubusercontent.com",
+	"media.githubusercontent.com",
+	"objects.githubusercontent.com",
+	"replica-r2.lantern.io",
+	"replica-search.lantern.io",
+	"update.getlantern.org",
+	"globalconfig.flashlightproxy.com",
+}
+
+func GetHTTPClient() *http.Client {
+	mutex.Lock()
+	defer mutex.Unlock()
+	if httpClient != nil {
+		return httpClient
+	}
+
+	// Set the client to the kindling client.
+	k := kindling.NewKindling(
+		kindling.WithLogWriter(log.AsStdLogger().Writer()),
+		kindling.WithDomainFronting("https://media.githubusercontent.com/media/getlantern/fronted/refs/heads/main/fronted.yaml.gz", ""),
+		kindling.WithProxyless(domains...),
+	)
+	httpClient = k.NewHTTPClient()
+	return httpClient
+}
diff --git a/config/client_config.go b/config/client_config.go
@@ -1,10 +1,6 @@
 package config
 
 import (
-	"errors"
-	"strings"
-
-	"github.com/getlantern/flashlight/v7/geolookup"
 	"github.com/getlantern/fronted"
 )
 
@@ -48,10 +44,6 @@ func (p *ProviderConfig) GetResponseValidator(providerID string) fronted.Respons
 	if p.Validator == nil {
 		return nil
 	}
-
-	if len(p.Validator.RejectStatus) > 0 {
-		return fronted.NewStatusCodeValidator(p.Validator.RejectStatus)
-	}
 	// ...
 
 	// unknown or empty
@@ -75,52 +67,3 @@ func NewClientConfig() *ClientConfig {
 		Fronted: newFrontedConfig(),
 	}
 }
-
-// Builds a list of fronted.Providers to use based on the configuration
-func (c *ClientConfig) FrontedProviders() map[string]*fronted.Provider {
-	region := strings.ToLower(geolookup.GetCountry(0))
-	providers := make(map[string]*fronted.Provider)
-	for pid, p := range c.Fronted.Providers {
-		var sniConfig *fronted.SNIConfig
-		if p.FrontingSNIs != nil {
-			var ok bool
-			sniConfig, ok = p.FrontingSNIs[region]
-			if !ok {
-				sniConfig = p.FrontingSNIs["default"]
-			}
-
-			// If the region is unknown, use the default SNI config and enable it
-			if region == "" {
-				sniConfig.UseArbitrarySNIs = true
-			}
-
-			if sniConfig != nil && sniConfig.UseArbitrarySNIs && len(sniConfig.ArbitrarySNIs) == 0 {
-				sniConfig.ArbitrarySNIs = p.FrontingSNIs["default"].ArbitrarySNIs
-			}
-		}
-
-		providers[pid] = fronted.NewProvider(
-			p.HostAliases,
-			p.TestURL,
-			p.Masquerades,
-			p.GetResponseValidator(pid),
-			p.PassthroughPatterns,
-			sniConfig,
-			p.VerifyHostname,
-		)
-	}
-	return providers
-}
-
-// Check that this ClientConfig is valid
-func (c *ClientConfig) Validate() error {
-	sz := 0
-	for _, p := range c.Fronted.Providers {
-		sz += len(p.Masquerades)
-	}
-	if sz == 0 {
-		return errors.New("no masquerades")
-	}
-
-	return nil
-}
diff --git a/config/client_config_test.go b/config/client_config_test.go