update config

pkg/handler/forward/ssh/handler.go

@@ -8,6 +8,7 @@ import (
 	"strconv"
 	"time"
 
+	"github.com/go-gost/gost/pkg/auth"
 	"github.com/go-gost/gost/pkg/bypass"
 	"github.com/go-gost/gost/pkg/chain"
 	"github.com/go-gost/gost/pkg/handler"
@@ -31,11 +32,12 @@ func init() {
 }
 
 type forwardHandler struct {
-	bypass bypass.Bypass
-	config *ssh.ServerConfig
-	router *chain.Router
-	logger logger.Logger
-	md     metadata
+	bypass        bypass.Bypass
+	config        *ssh.ServerConfig
+	router        *chain.Router
+	authenticator auth.Authenticator
+	logger        logger.Logger
+	md            metadata
 }
 
 func NewHandler(opts ...handler.Option) handler.Handler {
@@ -57,13 +59,13 @@ func (h *forwardHandler) Init(md md.Metadata) (err error) {
 	}
 
 	config := &ssh.ServerConfig{
-		PasswordCallback:  ssh_util.PasswordCallback(h.md.authenticator),
+		PasswordCallback:  ssh_util.PasswordCallback(h.authenticator),
 		PublicKeyCallback: ssh_util.PublicKeyCallback(h.md.authorizedKeys),
 	}
 
 	config.AddHostKey(h.md.signer)
 
-	if h.md.authenticator == nil && len(h.md.authorizedKeys) == 0 {
+	if h.authenticator == nil && len(h.md.authorizedKeys) == 0 {
 		config.NoClientAuth = true
 	}
 

pkg/handler/forward/ssh/metadata.go

@@ -2,9 +2,7 @@ package ssh
 
 import (
 	"io/ioutil"
-	"strings"
 
-	"github.com/go-gost/gost/pkg/auth"
 	tls_util "github.com/go-gost/gost/pkg/common/util/tls"
 	ssh_util "github.com/go-gost/gost/pkg/internal/util/ssh"
 	mdata "github.com/go-gost/gost/pkg/metadata"
@@ -12,32 +10,17 @@ import (
 )
 
 type metadata struct {
-	authenticator  auth.Authenticator
 	signer         ssh.Signer
 	authorizedKeys map[string]bool
 }
 
 func (h *forwardHandler) parseMetadata(md mdata.Metadata) (err error) {
 	const (
-		users          = "users"
 		authorizedKeys = "authorizedKeys"
 		privateKeyFile = "privateKeyFile"
 		passphrase     = "passphrase"
 	)
 
-	if auths := mdata.GetStrings(md, users); len(auths) > 0 {
-		authenticator := auth.NewLocalAuthenticator(nil)
-		for _, auth := range auths {
-			ss := strings.SplitN(auth, ":", 2)
-			if len(ss) == 1 {
-				authenticator.Add(ss[0], "")
-			} else {
-				authenticator.Add(ss[0], ss[1])
-			}
-		}
-		h.md.authenticator = authenticator
-	}
-
 	if key := mdata.GetString(md, privateKeyFile); key != "" {
 		data, err := ioutil.ReadFile(key)
 		if err != nil {

pkg/handler/http/handler.go

@@ -16,6 +16,7 @@ import (
 	"time"
 
 	"github.com/asaskevich/govalidator"
+	"github.com/go-gost/gost/pkg/auth"
 	"github.com/go-gost/gost/pkg/bypass"
 	"github.com/go-gost/gost/pkg/chain"
 	"github.com/go-gost/gost/pkg/handler"
@@ -29,10 +30,11 @@ func init() {
 }
 
 type httpHandler struct {
-	bypass bypass.Bypass
-	router *chain.Router
-	logger logger.Logger
-	md     metadata
+	bypass        bypass.Bypass
+	router        *chain.Router
+	authenticator auth.Authenticator
+	logger        logger.Logger
+	md            metadata
 }
 
 func NewHandler(opts ...handler.Option) handler.Handler {
@@ -260,7 +262,7 @@ func (h *httpHandler) basicProxyAuth(proxyAuth string) (username, password strin
 
 func (h *httpHandler) authenticate(conn net.Conn, req *http.Request, resp *http.Response) (ok bool) {
 	u, p, _ := h.basicProxyAuth(req.Header.Get("Proxy-Authorization"))
-	if h.md.authenticator == nil || h.md.authenticator.Authenticate(u, p) {
+	if h.authenticator == nil || h.authenticator.Authenticate(u, p) {
 		return true
 	}
 

pkg/handler/http/metadata.go

@@ -4,41 +4,25 @@ import (
 	"net/http"
 	"strings"
 
-	"github.com/go-gost/gost/pkg/auth"
 	mdata "github.com/go-gost/gost/pkg/metadata"
 )
 
 type metadata struct {
-	authenticator auth.Authenticator
-	probeResist   *probeResist
-	sni           bool
-	enableUDP     bool
-	header        http.Header
+	probeResist *probeResist
+	sni         bool
+	enableUDP   bool
+	header      http.Header
 }
 
 func (h *httpHandler) parseMetadata(md mdata.Metadata) error {
 	const (
 		header         = "header"
-		users          = "users"
 		probeResistKey = "probeResist"
 		knock          = "knock"
 		sni            = "sni"
 		enableUDP      = "udp"
 	)
 
-	if auths := mdata.GetStrings(md, users); len(auths) > 0 {
-		authenticator := auth.NewLocalAuthenticator(nil)
-		for _, auth := range auths {
-			ss := strings.SplitN(auth, ":", 2)
-			if len(ss) == 1 {
-				authenticator.Add(ss[0], "")
-			} else {
-				authenticator.Add(ss[0], ss[1])
-			}
-		}
-		h.md.authenticator = authenticator
-	}
-
 	if m := mdata.GetStringMapString(md, header); len(m) > 0 {
 		hd := http.Header{}
 		for k, v := range m {

pkg/handler/http2/handler.go

@@ -15,6 +15,7 @@ import (
 	"time"
 
 	"github.com/asaskevich/govalidator"
+	"github.com/go-gost/gost/pkg/auth"
 	"github.com/go-gost/gost/pkg/bypass"
 	"github.com/go-gost/gost/pkg/chain"
 	"github.com/go-gost/gost/pkg/handler"
@@ -29,10 +30,11 @@ func init() {
 }
 
 type http2Handler struct {
-	bypass bypass.Bypass
-	router *chain.Router
-	logger logger.Logger
-	md     metadata
+	bypass        bypass.Bypass
+	router        *chain.Router
+	authenticator auth.Authenticator
+	logger        logger.Logger
+	md            metadata
 }
 
 func NewHandler(opts ...handler.Option) handler.Handler {
@@ -392,7 +394,7 @@ func (h *http2Handler) basicProxyAuth(proxyAuth string) (username, password stri
 
 func (h *http2Handler) authenticate(conn net.Conn, req *http.Request, resp *http.Response) (ok bool) {
 	u, p, _ := h.basicProxyAuth(req.Header.Get("Proxy-Authorization"))
-	if h.md.authenticator == nil || h.md.authenticator.Authenticate(u, p) {
+	if h.authenticator == nil || h.authenticator.Authenticate(u, p) {
 		return true
 	}
 

pkg/handler/http2/metadata.go

@@ -3,22 +3,19 @@ package http2
 import (
 	"strings"
 
-	"github.com/go-gost/gost/pkg/auth"
 	mdata "github.com/go-gost/gost/pkg/metadata"
 )
 
 type metadata struct {
-	authenticator auth.Authenticator
-	proxyAgent    string
-	probeResist   *probeResist
-	sni           bool
-	enableUDP     bool
+	proxyAgent  string
+	probeResist *probeResist
+	sni         bool
+	enableUDP   bool
 }
 
 func (h *http2Handler) parseMetadata(md mdata.Metadata) error {
 	const (
 		proxyAgent     = "proxyAgent"
-		users          = "users"
 		probeResistKey = "probeResist"
 		knock          = "knock"
 		sni            = "sni"
@@ -27,19 +24,6 @@ func (h *http2Handler) parseMetadata(md mdata.Metadata) error {
 
 	h.md.proxyAgent = mdata.GetString(md, proxyAgent)
 
-	if auths := mdata.GetStrings(md, users); len(auths) > 0 {
-		authenticator := auth.NewLocalAuthenticator(nil)
-		for _, auth := range auths {
-			ss := strings.SplitN(auth, ":", 2)
-			if len(ss) == 1 {
-				authenticator.Add(ss[0], "")
-			} else {
-				authenticator.Add(ss[0], ss[1])
-			}
-		}
-		h.md.authenticator = authenticator
-	}
-
 	if v := mdata.GetString(md, probeResistKey); v != "" {
 		if ss := strings.SplitN(v, ":", 2); len(ss) == 2 {
 			h.md.probeResist = &probeResist{

pkg/handler/option.go

@@ -1,6 +1,7 @@
 package handler
 
 import (
+	"github.com/go-gost/gost/pkg/auth"
 	"github.com/go-gost/gost/pkg/bypass"
 	"github.com/go-gost/gost/pkg/chain"
 	"github.com/go-gost/gost/pkg/logger"
@@ -8,10 +9,11 @@ import (
 )
 
 type Options struct {
-	Router   *chain.Router
-	Bypass   bypass.Bypass
-	Resolver resolver.Resolver
-	Logger   logger.Logger
+	Router        *chain.Router
+	Bypass        bypass.Bypass
+	Resolver      resolver.Resolver
+	Authenticator auth.Authenticator
+	Logger        logger.Logger
 }
 
 type Option func(opts *Options)
@@ -28,6 +30,12 @@ func BypassOption(bypass bypass.Bypass) Option {
 	}
 }
 
+func AuthenticatorOption(auth auth.Authenticator) Option {
+	return func(opts *Options) {
+		opts.Authenticator = auth
+	}
+}
+
 func LoggerOption(logger logger.Logger) Option {
 	return func(opts *Options) {
 		opts.Logger = logger

pkg/handler/relay/handler.go

@@ -6,6 +6,7 @@ import (
 	"strconv"
 	"time"
 
+	"github.com/go-gost/gost/pkg/auth"
 	"github.com/go-gost/gost/pkg/bypass"
 	"github.com/go-gost/gost/pkg/chain"
 	"github.com/go-gost/gost/pkg/handler"
@@ -20,11 +21,12 @@ func init() {
 }
 
 type relayHandler struct {
-	group  *chain.NodeGroup
-	bypass bypass.Bypass
-	router *chain.Router
-	logger logger.Logger
-	md     metadata
+	group         *chain.NodeGroup
+	bypass        bypass.Bypass
+	router        *chain.Router
+	authenticator auth.Authenticator
+	logger        logger.Logger
+	md            metadata
 }
 
 func NewHandler(opts ...handler.Option) handler.Handler {
@@ -107,7 +109,7 @@ func (h *relayHandler) Handle(ctx context.Context, conn net.Conn) {
 		Version: relay.Version1,
 		Status:  relay.StatusOK,
 	}
-	if h.md.authenticator != nil && !h.md.authenticator.Authenticate(user, pass) {
+	if h.authenticator != nil && !h.authenticator.Authenticate(user, pass) {
 		resp.Status = relay.StatusUnauthorized
 		resp.WriteTo(conn)
 		h.logger.Error("unauthorized")

pkg/handler/relay/metadata.go

@@ -2,15 +2,12 @@ package relay
 
 import (
 	"math"
-	"strings"
 	"time"
 
-	"github.com/go-gost/gost/pkg/auth"
 	mdata "github.com/go-gost/gost/pkg/metadata"
 )
 
 type metadata struct {
-	authenticator auth.Authenticator
 	readTimeout   time.Duration
 	enableBind    bool
 	udpBufferSize int
@@ -19,26 +16,12 @@ type metadata struct {
 
 func (h *relayHandler) parseMetadata(md mdata.Metadata) (err error) {
 	const (
-		users         = "users"
 		readTimeout   = "readTimeout"
 		enableBind    = "bind"
 		udpBufferSize = "udpBufferSize"
 		noDelay       = "nodelay"
 	)
 
-	if auths := mdata.GetStrings(md, users); len(auths) > 0 {
-		authenticator := auth.NewLocalAuthenticator(nil)
-		for _, auth := range auths {
-			ss := strings.SplitN(auth, ":", 2)
-			if len(ss) == 1 {
-				authenticator.Add(ss[0], "")
-			} else {
-				authenticator.Add(ss[0], ss[1])
-			}
-		}
-		h.md.authenticator = authenticator
-	}
-
 	h.md.readTimeout = mdata.GetDuration(md, readTimeout)
 	h.md.enableBind = mdata.GetBool(md, enableBind)
 	h.md.noDelay = mdata.GetBool(md, noDelay)

pkg/handler/socks/v4/handler.go

@@ -6,6 +6,7 @@ import (
 	"time"
 
 	"github.com/go-gost/gosocks4"
+	"github.com/go-gost/gost/pkg/auth"
 	"github.com/go-gost/gost/pkg/bypass"
 	"github.com/go-gost/gost/pkg/chain"
 	"github.com/go-gost/gost/pkg/handler"
@@ -20,10 +21,11 @@ func init() {
 }
 
 type socks4Handler struct {
-	bypass bypass.Bypass
-	router *chain.Router
-	logger logger.Logger
-	md     metadata
+	bypass        bypass.Bypass
+	router        *chain.Router
+	authenticator auth.Authenticator
+	logger        logger.Logger
+	md            metadata
 }
 
 func NewHandler(opts ...handler.Option) handler.Handler {
@@ -77,8 +79,8 @@ func (h *socks4Handler) Handle(ctx context.Context, conn net.Conn) {
 
 	conn.SetReadDeadline(time.Time{})
 
-	if h.md.authenticator != nil &&
-		!h.md.authenticator.Authenticate(string(req.Userid), "") {
+	if h.authenticator != nil &&
+		!h.authenticator.Authenticate(string(req.Userid), "") {
 		resp := gosocks4.NewReply(gosocks4.RejectedUserid, nil)
 		resp.Write(conn)
 		h.logger.Debug(resp)

pkg/handler/socks/v4/metadata.go

@@ -3,31 +3,18 @@ package v4
 import (
 	"time"
 
-	"github.com/go-gost/gost/pkg/auth"
 	mdata "github.com/go-gost/gost/pkg/metadata"
 )
 
 type metadata struct {
-	authenticator auth.Authenticator
-	readTimeout   time.Duration
+	readTimeout time.Duration
 }
 
 func (h *socks4Handler) parseMetadata(md mdata.Metadata) (err error) {
 	const (
-		users       = "users"
 		readTimeout = "readTimeout"
 	)
 
-	if auths := mdata.GetStrings(md, users); len(auths) > 0 {
-		authenticator := auth.NewLocalAuthenticator(nil)
-		for _, auth := range auths {
-			if auth != "" {
-				authenticator.Add(auth, "")
-			}
-		}
-		h.md.authenticator = authenticator
-	}
-
 	h.md.readTimeout = mdata.GetDuration(md, readTimeout)
 	return
 }

pkg/handler/socks/v5/handler.go

@@ -6,6 +6,7 @@ import (
 	"time"
 
 	"github.com/go-gost/gosocks5"
+	"github.com/go-gost/gost/pkg/auth"
 	"github.com/go-gost/gost/pkg/bypass"
 	"github.com/go-gost/gost/pkg/chain"
 	"github.com/go-gost/gost/pkg/common/util/socks"
@@ -21,11 +22,12 @@ func init() {
 }
 
 type socks5Handler struct {
-	selector gosocks5.Selector
-	bypass   bypass.Bypass
-	router   *chain.Router
-	logger   logger.Logger
-	md       metadata
+	selector      gosocks5.Selector
+	bypass        bypass.Bypass
+	router        *chain.Router
+	authenticator auth.Authenticator
+	logger        logger.Logger
+	md            metadata
 }
 
 func NewHandler(opts ...handler.Option) handler.Handler {
@@ -47,7 +49,7 @@ func (h *socks5Handler) Init(md md.Metadata) (err error) {
 	}
 
 	h.selector = &serverSelector{
-		Authenticator: h.md.authenticator,
+		Authenticator: h.authenticator,
 		TLSConfig:     h.md.tlsConfig,
 		logger:        h.logger,
 		noTLS:         h.md.noTLS,

pkg/handler/socks/v5/metadata.go

@@ -3,17 +3,14 @@ package v5
 import (
 	"crypto/tls"
 	"math"
-	"strings"
 	"time"
 
-	"github.com/go-gost/gost/pkg/auth"
 	tls_util "github.com/go-gost/gost/pkg/common/util/tls"
 	mdata "github.com/go-gost/gost/pkg/metadata"
 )
 
 type metadata struct {
 	tlsConfig         *tls.Config
-	authenticator     auth.Authenticator
 	timeout           time.Duration
 	readTimeout       time.Duration
 	noTLS             bool
@@ -28,7 +25,6 @@ func (h *socks5Handler) parseMetadata(md mdata.Metadata) (err error) {
 		certFile          = "certFile"
 		keyFile           = "keyFile"
 		caFile            = "caFile"
-		users             = "users"
 		readTimeout       = "readTimeout"
 		timeout           = "timeout"
 		noTLS             = "notls"
@@ -47,19 +43,6 @@ func (h *socks5Handler) parseMetadata(md mdata.Metadata) (err error) {
 		return
 	}
 
-	if auths := mdata.GetStrings(md, users); len(auths) > 0 {
-		authenticator := auth.NewLocalAuthenticator(nil)
-		for _, auth := range auths {
-			ss := strings.SplitN(auth, ":", 2)
-			if len(ss) == 1 {
-				authenticator.Add(ss[0], "")
-			} else {
-				authenticator.Add(ss[0], ss[1])
-			}
-		}
-		h.md.authenticator = authenticator
-	}
-
 	h.md.readTimeout = mdata.GetDuration(md, readTimeout)
 	h.md.timeout = mdata.GetDuration(md, timeout)
 	h.md.noTLS = mdata.GetBool(md, noTLS)