add service option for plugin

This commit is contained in:
ginuerzh
2025-08-29 23:34:23 +08:00
parent a12ed27dfa
commit c7d16962ec
71 changed files with 227 additions and 88 deletions
+8 -2
View File
@@ -14,6 +14,7 @@ const (
)
type Relay struct {
service string
pc1 net.PacketConn
pc2 net.PacketConn
bufferSize int
@@ -28,6 +29,11 @@ func NewRelay(pc1, pc2 net.PacketConn) *Relay {
}
}
func (r *Relay) WithService(service string) *Relay {
r.service = service
return r
}
func (r *Relay) WithBypass(bp bypass.Bypass) *Relay {
r.bypass = bp
return r
@@ -62,7 +68,7 @@ func (r *Relay) Run(ctx context.Context) (err error) {
return err
}
if r.bypass != nil && r.bypass.Contains(ctx, "udp", raddr.String()) {
if r.bypass != nil && r.bypass.Contains(ctx, "udp", raddr.String(), bypass.WithService(r.service)) {
if r.logger != nil {
r.logger.Warn("bypass: ", raddr)
}
@@ -99,7 +105,7 @@ func (r *Relay) Run(ctx context.Context) (err error) {
return err
}
if r.bypass != nil && r.bypass.Contains(ctx, "udp", raddr.String()) {
if r.bypass != nil && r.bypass.Contains(ctx, "udp", raddr.String(), bypass.WithService(r.service)) {
if r.logger != nil {
r.logger.Warn("bypass: ", raddr)
}
+13 -3
View File
@@ -18,6 +18,7 @@ import (
"strings"
"time"
"github.com/go-gost/core/auth"
"github.com/go-gost/core/bypass"
"github.com/go-gost/core/chain"
"github.com/go-gost/core/hop"
@@ -51,6 +52,7 @@ var (
)
type HandleOptions struct {
service string
dial func(ctx context.Context, network, address string) (net.Conn, error)
httpKeepalive bool
node *chain.Node
@@ -62,6 +64,12 @@ type HandleOptions struct {
type HandleOption func(opts *HandleOptions)
func WithService(service string) HandleOption {
return func(opts *HandleOptions) {
opts.service = service
}
}
func WithDial(dial func(ctx context.Context, network, address string) (net.Conn, error)) HandleOption {
return func(opts *HandleOptions) {
opts.dial = dial
@@ -241,7 +249,9 @@ func (h *Sniffer) dial(ctx context.Context, conn net.Conn, req *http.Request, ho
})
if ho.bypass != nil &&
ho.bypass.Contains(ctx, "tcp", host, bypass.WithPathOption(req.RequestURI)) {
ho.bypass.Contains(ctx, "tcp", host,
bypass.WithService(ho.service),
bypass.WithPathOption(req.RequestURI)) {
ho.log.Debugf("bypass: %s %s", host, req.RequestURI)
res.StatusCode = http.StatusForbidden
ro.HTTP.StatusCode = res.StatusCode
@@ -426,7 +436,7 @@ func (h *Sniffer) httpRoundTrip(ctx context.Context, rw, cc io.ReadWriteCloser,
if httpSettings := node.Options().HTTP; httpSettings != nil {
if auther := httpSettings.Auther; auther != nil {
username, password, _ := req.BasicAuth()
id, ok := auther.Authenticate(ctx, username, password)
id, ok := auther.Authenticate(ctx, username, password, auth.WithService(ho.service))
if !ok {
res.StatusCode = http.StatusUnauthorized
ro.HTTP.StatusCode = res.StatusCode
@@ -807,7 +817,7 @@ func (h *Sniffer) HandleTLS(ctx context.Context, conn net.Conn, opts ...HandleOp
}
ro.Host = host
if ho.bypass != nil && ho.bypass.Contains(ctx, "tcp", host) {
if ho.bypass != nil && ho.bypass.Contains(ctx, "tcp", host, bypass.WithService(ho.service)) {
return xbypass.ErrBypass
}
}
+10 -3
View File
@@ -54,6 +54,7 @@ var (
)
type HandleOptions struct {
service string
dial func(ctx context.Context, network, address string) (net.Conn, error)
dialTLS func(ctx context.Context, network, address string, cfg *tls.Config) (net.Conn, error)
@@ -64,6 +65,12 @@ type HandleOptions struct {
type HandleOption func(opts *HandleOptions)
func WithService(service string) HandleOption {
return func(opts *HandleOptions) {
opts.service = service
}
}
func WithDial(dial func(ctx context.Context, network, address string) (net.Conn, error)) HandleOption {
return func(opts *HandleOptions) {
opts.dial = dial
@@ -170,7 +177,7 @@ func (h *Sniffer) HandleHTTP(ctx context.Context, network string, conn net.Conn,
"host": host,
})
if ho.bypass != nil && ho.bypass.Contains(ctx, network, host) {
if ho.bypass != nil && ho.bypass.Contains(ctx, network, host, bypass.WithService(ho.service)) {
return xbypass.ErrBypass
}
}
@@ -600,7 +607,7 @@ func (h *Sniffer) HandleTLS(ctx context.Context, network string, conn net.Conn,
}
ro.Host = host
if ho.bypass != nil && ho.bypass.Contains(ctx, network, host) {
if ho.bypass != nil && ho.bypass.Contains(ctx, network, host, bypass.WithService(ho.service)) {
return xbypass.ErrBypass
}
}
@@ -624,7 +631,7 @@ func (h *Sniffer) HandleTLS(ctx context.Context, network string, conn net.Conn,
if host == "" {
host = ro.Host
}
if h.MitmBypass == nil || !h.MitmBypass.Contains(ctx, network, host) {
if h.MitmBypass == nil || !h.MitmBypass.Contains(ctx, network, host, bypass.WithService(ho.service)) {
return h.terminateTLS(ctx, network, xnet.NewReadWriteConn(io.MultiReader(buf, conn), conn, conn), cc, clientHello, &ho)
}
}
+2 -2
View File
@@ -22,12 +22,12 @@ var (
// It authenticates user using a password.
type PasswordCallbackFunc func(conn ssh.ConnMetadata, password []byte) (*ssh.Permissions, error)
func PasswordCallback(au auth.Authenticator) PasswordCallbackFunc {
func PasswordCallback(service string, au auth.Authenticator) PasswordCallbackFunc {
if au == nil {
return nil
}
return func(conn ssh.ConnMetadata, password []byte) (*ssh.Permissions, error) {
if _, ok := au.Authenticate(context.Background(), conn.User(), string(password)); ok {
if _, ok := au.Authenticate(context.Background(), conn.User(), string(password), auth.WithService(service)); ok {
return nil, nil
}
return nil, fmt.Errorf("password rejected for %s", conn.User())