add plugin system
This commit is contained in:
ginuerzh
@ -194,7 +194,7 @@ func (h *dnsHandler) request(ctx context.Context, msg []byte, log logger.Logger)
|
||||
}
|
||||
|
||||
if h.options.Bypass != nil && mq.Question[0].Qclass == dns.ClassINET {
|
||||
if h.options.Bypass.Contains(strings.Trim(mq.Question[0].Name, ".")) {
|
||||
if h.options.Bypass.Contains(context.Background(), strings.Trim(mq.Question[0].Name, ".")) {
|
||||
log.Debug("bypass: ", mq.Question[0].Name)
|
||||
mr = (&dns.Msg{}).SetReply(&mq)
|
||||
b := bufpool.Get(h.md.bufferSize)
|
||||
@ -202,7 +202,7 @@ func (h *dnsHandler) request(ctx context.Context, msg []byte, log logger.Logger)
|
||||
}
|
||||
}
|
||||
|
||||
mr = h.lookupHosts(&mq, log)
|
||||
mr = h.lookupHosts(ctx, &mq, log)
|
||||
if mr != nil {
|
||||
b := bufpool.Get(h.md.bufferSize)
|
||||
return mr.PackBuffer(*b)
|
||||
@ -272,7 +272,7 @@ func (h *dnsHandler) exchange(ctx context.Context, mq *dns.Msg) ([]byte, error)
|
||||
}
|
||||
|
||||
// lookup host mapper
|
||||
func (h *dnsHandler) lookupHosts(r *dns.Msg, log logger.Logger) (m *dns.Msg) {
|
||||
func (h *dnsHandler) lookupHosts(ctx context.Context, r *dns.Msg, log logger.Logger) (m *dns.Msg) {
|
||||
if h.hostMapper == nil ||
|
||||
r.Question[0].Qclass != dns.ClassINET ||
|
||||
(r.Question[0].Qtype != dns.TypeA && r.Question[0].Qtype != dns.TypeAAAA) {
|
||||
@ -286,7 +286,7 @@ func (h *dnsHandler) lookupHosts(r *dns.Msg, log logger.Logger) (m *dns.Msg) {
|
||||
|
||||
switch r.Question[0].Qtype {
|
||||
case dns.TypeA:
|
||||
ips, _ := h.hostMapper.Lookup("ip4", host)
|
||||
ips, _ := h.hostMapper.Lookup(ctx, "ip4", host)
|
||||
if len(ips) == 0 {
|
||||
return nil
|
||||
}
|
||||
@ -302,7 +302,7 @@ func (h *dnsHandler) lookupHosts(r *dns.Msg, log logger.Logger) (m *dns.Msg) {
|
||||
}
|
||||
|
||||
case dns.TypeAAAA:
|
||||
ips, _ := h.hostMapper.Lookup("ip6", host)
|
||||
ips, _ := h.hostMapper.Lookup(ctx, "ip6", host)
|
||||
if len(ips) == 0 {
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -202,7 +202,7 @@ func (h *forwardHandler) handleHTTP(ctx context.Context, rw io.ReadWriter, log l
|
||||
|
||||
if auther := target.Options().Auther; auther != nil {
|
||||
username, password, _ := req.BasicAuth()
|
||||
if !auther.Authenticate(username, password) {
|
||||
if !auther.Authenticate(ctx, username, password) {
|
||||
resp.StatusCode = http.StatusUnauthorized
|
||||
resp.Header.Set("WWW-Authenticate", "Basic")
|
||||
log.Warnf("node %s(%s) 401 unauthorized", target.Name, target.Addr)
|
||||
|
||||
@ -199,7 +199,7 @@ func (h *forwardHandler) handleHTTP(ctx context.Context, rw io.ReadWriter, log l
|
||||
|
||||
if auther := target.Options().Auther; auther != nil {
|
||||
username, password, _ := req.BasicAuth()
|
||||
if !auther.Authenticate(username, password) {
|
||||
if !auther.Authenticate(ctx, username, password) {
|
||||
resp.StatusCode = http.StatusUnauthorized
|
||||
resp.Header.Set("WWW-Authenticate", "Basic")
|
||||
log.Warnf("node %s(%s) 401 unauthorized", target.Name, target.Addr)
|
||||
|
||||
@ -145,7 +145,7 @@ func (h *httpHandler) handleRequest(ctx context.Context, conn net.Conn, req *htt
|
||||
resp.Header = http.Header{}
|
||||
}
|
||||
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(addr) {
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, addr) {
|
||||
resp.StatusCode = http.StatusForbidden
|
||||
|
||||
if log.IsLevelEnabled(logger.TraceLevel) {
|
||||
@ -157,7 +157,7 @@ func (h *httpHandler) handleRequest(ctx context.Context, conn net.Conn, req *htt
|
||||
return resp.Write(conn)
|
||||
}
|
||||
|
||||
if !h.authenticate(conn, req, resp, log) {
|
||||
if !h.authenticate(ctx, conn, req, resp, log) {
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -266,9 +266,9 @@ func (h *httpHandler) basicProxyAuth(proxyAuth string, log logger.Logger) (usern
|
||||
return cs[:s], cs[s+1:], true
|
||||
}
|
||||
|
||||
func (h *httpHandler) authenticate(conn net.Conn, req *http.Request, resp *http.Response, log logger.Logger) (ok bool) {
|
||||
func (h *httpHandler) authenticate(ctx context.Context, conn net.Conn, req *http.Request, resp *http.Response, log logger.Logger) (ok bool) {
|
||||
u, p, _ := h.basicProxyAuth(req.Header.Get("Proxy-Authorization"), log)
|
||||
if h.options.Auther == nil || h.options.Auther.Authenticate(u, p) {
|
||||
if h.options.Auther == nil || h.options.Auther.Authenticate(ctx, u, p) {
|
||||
return true
|
||||
}
|
||||
|
||||
|
||||
@ -139,7 +139,7 @@ func (h *http2Handler) roundTrip(ctx context.Context, w http.ResponseWriter, req
|
||||
w.Header().Set(k, h.md.header.Get(k))
|
||||
}
|
||||
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(addr) {
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, addr) {
|
||||
w.WriteHeader(http.StatusForbidden)
|
||||
log.Debug("bypass: ", addr)
|
||||
return nil
|
||||
@ -152,7 +152,7 @@ func (h *http2Handler) roundTrip(ctx context.Context, w http.ResponseWriter, req
|
||||
Body: ioutil.NopCloser(bytes.NewReader([]byte{})),
|
||||
}
|
||||
|
||||
if !h.authenticate(w, req, resp, log) {
|
||||
if !h.authenticate(ctx, w, req, resp, log) {
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -252,9 +252,9 @@ func (h *http2Handler) basicProxyAuth(proxyAuth string) (username, password stri
|
||||
return cs[:s], cs[s+1:], true
|
||||
}
|
||||
|
||||
func (h *http2Handler) authenticate(w http.ResponseWriter, r *http.Request, resp *http.Response, log logger.Logger) (ok bool) {
|
||||
func (h *http2Handler) authenticate(ctx context.Context, w http.ResponseWriter, r *http.Request, resp *http.Response, log logger.Logger) (ok bool) {
|
||||
u, p, _ := h.basicProxyAuth(r.Header.Get("Proxy-Authorization"))
|
||||
if h.options.Auther == nil || h.options.Auther.Authenticate(u, p) {
|
||||
if h.options.Auther == nil || h.options.Auther.Authenticate(ctx, u, p) {
|
||||
return true
|
||||
}
|
||||
|
||||
|
||||
@ -105,7 +105,7 @@ func (h *http3Handler) roundTrip(ctx context.Context, w http.ResponseWriter, req
|
||||
w.Header().Set(k, h.md.header.Get(k))
|
||||
}
|
||||
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(addr) {
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, addr) {
|
||||
w.WriteHeader(http.StatusForbidden)
|
||||
log.Debug("bypass: ", addr)
|
||||
return nil
|
||||
|
||||
@ -116,7 +116,7 @@ func (h *redirectHandler) Handle(ctx context.Context, conn net.Conn, opts ...han
|
||||
|
||||
log.Debugf("%s >> %s", conn.RemoteAddr(), dstAddr)
|
||||
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(dstAddr.String()) {
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, dstAddr.String()) {
|
||||
log.Debug("bypass: ", dstAddr)
|
||||
return nil
|
||||
}
|
||||
@ -157,7 +157,7 @@ func (h *redirectHandler) handleHTTP(ctx context.Context, rw io.ReadWriter, radd
|
||||
"host": host,
|
||||
})
|
||||
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(host) {
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, host) {
|
||||
log.Debug("bypass: ", host)
|
||||
return nil
|
||||
}
|
||||
@ -226,7 +226,7 @@ func (h *redirectHandler) handleHTTPS(ctx context.Context, rw io.ReadWriter, rad
|
||||
"host": host,
|
||||
})
|
||||
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(host) {
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, host) {
|
||||
log.Debug("bypass: ", host)
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -75,7 +75,7 @@ func (h *redirectHandler) Handle(ctx context.Context, conn net.Conn, opts ...han
|
||||
|
||||
log.Debugf("%s >> %s", conn.RemoteAddr(), dstAddr)
|
||||
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(dstAddr.String()) {
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, dstAddr.String()) {
|
||||
log.Debug("bypass: ", dstAddr)
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -35,7 +35,7 @@ func (h *relayHandler) handleConnect(ctx context.Context, conn net.Conn, network
|
||||
return err
|
||||
}
|
||||
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(address) {
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, address) {
|
||||
log.Debug("bypass: ", address)
|
||||
resp.Status = relay.StatusForbidden
|
||||
_, err := resp.WriteTo(conn)
|
||||
@ -112,7 +112,7 @@ func (h *relayHandler) handleConnectTunnel(ctx context.Context, conn net.Conn, n
|
||||
|
||||
host, sp, _ := net.SplitHostPort(address)
|
||||
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(address) {
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, address) {
|
||||
log.Debug("bypass: ", address)
|
||||
resp.Status = relay.StatusForbidden
|
||||
_, err := resp.WriteTo(conn)
|
||||
@ -121,7 +121,7 @@ func (h *relayHandler) handleConnectTunnel(ctx context.Context, conn net.Conn, n
|
||||
|
||||
var tid relay.TunnelID
|
||||
if ingress := h.md.ingress; ingress != nil {
|
||||
tid = parseTunnelID(ingress.Get(host))
|
||||
tid = parseTunnelID(ingress.Get(ctx, host))
|
||||
}
|
||||
if !tid.Equal(tunnelID) && !h.md.directTunnel {
|
||||
resp.Status = relay.StatusBadRequest
|
||||
|
||||
@ -185,7 +185,7 @@ func (h *tunnelHandler) Handle(ctx context.Context, conn net.Conn, opts ...handl
|
||||
|
||||
var tunnelID relay.TunnelID
|
||||
if h.ingress != nil {
|
||||
tunnelID = parseTunnelID(h.ingress.Get(host))
|
||||
tunnelID = parseTunnelID(h.ingress.Get(ctx, host))
|
||||
}
|
||||
if tunnelID.IsZero() {
|
||||
err := fmt.Errorf("no route to host %s", host)
|
||||
@ -248,7 +248,7 @@ func (h *tunnelHandler) handleHTTP(ctx context.Context, raddr net.Addr, rw io.Re
|
||||
|
||||
var tunnelID relay.TunnelID
|
||||
if h.ingress != nil {
|
||||
tunnelID = parseTunnelID(h.ingress.Get(req.Host))
|
||||
tunnelID = parseTunnelID(h.ingress.Get(ctx, req.Host))
|
||||
}
|
||||
if tunnelID.IsZero() {
|
||||
err := fmt.Errorf("no route to host %s", req.Host)
|
||||
|
||||
@ -196,7 +196,7 @@ func (h *relayHandler) Handle(ctx context.Context, conn net.Conn, opts ...handle
|
||||
}
|
||||
|
||||
if h.options.Auther != nil &&
|
||||
!h.options.Auther.Authenticate(user, pass) {
|
||||
!h.options.Auther.Authenticate(ctx, user, pass) {
|
||||
resp.Status = relay.StatusUnauthorized
|
||||
resp.WriteTo(conn)
|
||||
return ErrUnauthorized
|
||||
|
||||
@ -115,7 +115,7 @@ func (h *sniHandler) handleHTTP(ctx context.Context, rw io.ReadWriter, raddr net
|
||||
"host": host,
|
||||
})
|
||||
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(host) {
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, host) {
|
||||
log.Debug("bypass: ", host)
|
||||
return nil
|
||||
}
|
||||
@ -183,7 +183,7 @@ func (h *sniHandler) handleHTTPS(ctx context.Context, rw io.ReadWriter, raddr ne
|
||||
})
|
||||
log.Debugf("%s >> %s", raddr, host)
|
||||
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(host) {
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, host) {
|
||||
log.Debug("bypass: ", host)
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -91,7 +91,7 @@ func (h *socks4Handler) Handle(ctx context.Context, conn net.Conn, opts ...handl
|
||||
conn.SetReadDeadline(time.Time{})
|
||||
|
||||
if h.options.Auther != nil &&
|
||||
!h.options.Auther.Authenticate(string(req.Userid), "") {
|
||||
!h.options.Auther.Authenticate(ctx, string(req.Userid), "") {
|
||||
resp := gosocks4.NewReply(gosocks4.RejectedUserid, nil)
|
||||
log.Trace(resp)
|
||||
return resp.Write(conn)
|
||||
@ -117,7 +117,7 @@ func (h *socks4Handler) handleConnect(ctx context.Context, conn net.Conn, req *g
|
||||
})
|
||||
log.Debugf("%s >> %s", conn.RemoteAddr(), addr)
|
||||
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(addr) {
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, addr) {
|
||||
resp := gosocks4.NewReply(gosocks4.Rejected, nil)
|
||||
log.Trace(resp)
|
||||
log.Debug("bypass: ", addr)
|
||||
|
||||
@ -19,7 +19,7 @@ func (h *socks5Handler) handleConnect(ctx context.Context, conn net.Conn, networ
|
||||
})
|
||||
log.Debugf("%s >> %s", conn.RemoteAddr(), address)
|
||||
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(address) {
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, address) {
|
||||
resp := gosocks5.NewReply(gosocks5.NotAllowed, nil)
|
||||
log.Trace(resp)
|
||||
log.Debug("bypass: ", address)
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
package v5
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"net"
|
||||
|
||||
@ -64,7 +65,7 @@ func (s *serverSelector) OnSelected(method uint8, conn net.Conn) (net.Conn, erro
|
||||
s.logger.Trace(req)
|
||||
|
||||
if s.Authenticator != nil &&
|
||||
!s.Authenticator.Authenticate(req.Username, req.Password) {
|
||||
!s.Authenticator.Authenticate(context.Background(), req.Username, req.Password) {
|
||||
resp := gosocks5.NewUserPassResponse(gosocks5.UserPassVer, gosocks5.Failure)
|
||||
if err := resp.Write(conn); err != nil {
|
||||
s.logger.Error(err)
|
||||
|
||||
@ -102,7 +102,7 @@ func (h *ssHandler) Handle(ctx context.Context, conn net.Conn, opts ...handler.H
|
||||
|
||||
log.Debugf("%s >> %s", conn.RemoteAddr(), addr)
|
||||
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(addr.String()) {
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, addr.String()) {
|
||||
log.Debug("bypass: ", addr.String())
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -135,7 +135,7 @@ func (h *ssuHandler) relayPacket(pc1, pc2 net.PacketConn, log logger.Logger) (er
|
||||
return err
|
||||
}
|
||||
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(addr.String()) {
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(context.Background(), addr.String()) {
|
||||
log.Warn("bypass: ", addr)
|
||||
return nil
|
||||
}
|
||||
@ -167,7 +167,7 @@ func (h *ssuHandler) relayPacket(pc1, pc2 net.PacketConn, log logger.Logger) (er
|
||||
return err
|
||||
}
|
||||
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(raddr.String()) {
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(context.Background(), raddr.String()) {
|
||||
log.Warn("bypass: ", raddr)
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -92,7 +92,7 @@ func (h *forwardHandler) handleDirectForward(ctx context.Context, conn *sshd_uti
|
||||
|
||||
log.Debugf("%s >> %s", conn.RemoteAddr(), targetAddr)
|
||||
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(targetAddr) {
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, targetAddr) {
|
||||
log.Debugf("bypass %s", targetAddr)
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -25,7 +25,7 @@ func (h *tunHandler) handleServer(ctx context.Context, conn net.Conn, config *tu
|
||||
}
|
||||
defer pc.Close()
|
||||
|
||||
return h.transportServer(conn, pc, config, log)
|
||||
return h.transportServer(ctx, conn, pc, config, log)
|
||||
}()
|
||||
if err == ErrTun {
|
||||
return err
|
||||
@ -36,7 +36,7 @@ func (h *tunHandler) handleServer(ctx context.Context, conn net.Conn, config *tu
|
||||
}
|
||||
}
|
||||
|
||||
func (h *tunHandler) transportServer(tun io.ReadWriter, conn net.PacketConn, config *tun_util.Config, log logger.Logger) error {
|
||||
func (h *tunHandler) transportServer(ctx context.Context, tun io.ReadWriter, conn net.PacketConn, config *tun_util.Config, log logger.Logger) error {
|
||||
errc := make(chan error, 1)
|
||||
|
||||
go func() {
|
||||
@ -135,7 +135,7 @@ func (h *tunHandler) transportServer(tun io.ReadWriter, conn net.PacketConn, con
|
||||
ok := true
|
||||
key := bytes.TrimRight((*b)[4:20], "\x00")
|
||||
for _, ip := range peerIPs {
|
||||
if ok = auther.Authenticate(ip.String(), string(key)); !ok {
|
||||
if ok = auther.Authenticate(ctx, ip.String(), string(key)); !ok {
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user