Fix HTTP proxy authentication to support both preemptive and challenge-response auth (#134)

http.go

@@ -31,7 +31,10 @@ func (s *HTTPServer) authenticate(req *http.Request) (int, error) {
 	}
 
 	auth := req.Header.Get(proxyAuthHeaderKey)
-	if auth != "" {
+	if auth == "" {
+		return http.StatusProxyAuthRequired, fmt.Errorf(http.StatusText(http.StatusProxyAuthRequired))
+	}
+
 	enc := strings.TrimPrefix(auth, "Basic ")
 	str, err := base64.StdEncoding.DecodeString(enc)
 	if err != nil {
@@ -47,9 +50,6 @@ func (s *HTTPServer) authenticate(req *http.Request) (int, error) {
 	return http.StatusUnauthorized, fmt.Errorf("username and password not matching")
 }
 
-	return http.StatusProxyAuthRequired, fmt.Errorf(http.StatusText(http.StatusProxyAuthRequired))
-}
-
 func (s *HTTPServer) handleConn(req *http.Request, conn net.Conn) (peer net.Conn, err error) {
 	addr := req.Host
 	if !strings.Contains(addr, ":") {
@@ -103,7 +103,11 @@ func (s *HTTPServer) serve(conn net.Conn) {
 
 	code, err := s.authenticate(req)
 	if err != nil {
-		_ = responseWith(req, code).Write(conn)
+		resp := responseWith(req, code)
+		if code == http.StatusProxyAuthRequired {
+			resp.Header.Set("Proxy-Authenticate", "Basic realm=\"Proxy\"")
+		}
+		_ = resp.Write(conn)
 		log.Println(err)
 		return
 	}