add client ID for plugin service

handler/http2/handler.go

@@ -24,6 +24,7 @@ import (
 	md "github.com/go-gost/core/metadata"
 	xio "github.com/go-gost/x/internal/io"
 	netpkg "github.com/go-gost/x/internal/net"
+	auth_util "github.com/go-gost/x/internal/util/auth"
 	sx "github.com/go-gost/x/internal/util/selector"
 	"github.com/go-gost/x/registry"
 )
@@ -138,12 +139,6 @@ func (h *http2Handler) roundTrip(ctx context.Context, w http.ResponseWriter, req
 		w.Header().Set(k, h.md.header.Get(k))
 	}
 
-	if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, addr) {
-		w.WriteHeader(http.StatusForbidden)
-		log.Debug("bypass: ", addr)
-		return nil
-	}
-
 	resp := &http.Response{
 		ProtoMajor: 2,
 		ProtoMinor: 0,
@@ -151,7 +146,15 @@ func (h *http2Handler) roundTrip(ctx context.Context, w http.ResponseWriter, req
 		Body:       io.NopCloser(bytes.NewReader([]byte{})),
 	}
 
-	if !h.authenticate(ctx, w, req, resp, log) {
+	ok, id := h.authenticate(ctx, w, req, resp, log)
+	if !ok {
+		return nil
+	}
+	ctx = auth_util.ContextWithID(ctx, auth_util.ID(id))
+
+	if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, addr) {
+		w.WriteHeader(http.StatusForbidden)
+		log.Debug("bypass: ", addr)
 		return nil
 	}
 
@@ -251,10 +254,13 @@ func (h *http2Handler) basicProxyAuth(proxyAuth string) (username, password stri
 	return cs[:s], cs[s+1:], true
 }
 
-func (h *http2Handler) authenticate(ctx context.Context, w http.ResponseWriter, r *http.Request, resp *http.Response, log logger.Logger) (ok bool) {
+func (h *http2Handler) authenticate(ctx context.Context, w http.ResponseWriter, r *http.Request, resp *http.Response, log logger.Logger) (ok bool, token string) {
 	u, p, _ := h.basicProxyAuth(r.Header.Get("Proxy-Authorization"))
-	if h.options.Auther == nil || h.options.Auther.Authenticate(ctx, u, p) {
-		return true
+	if h.options.Auther == nil {
+		return true, ""
+	}
+	if ok, token = h.options.Auther.Authenticate(ctx, u, p); ok {
+		return
 	}
 
 	pr := h.md.probeResistance