fix(handler/http2): apply traffic limiter + stats to forward proxy path, decouple auth I/O, add idle timeout
- Wrap non-CONNECT upstream with traffic_wrapper and stats_wrapper (was only on CONNECT path) - Write 503 error response on forwardRequest failure instead of silent connection close - Decouple resp.Header from w.Header() to prevent metadata header leakage/doubling in 407 responses - Return pipeTo signal from authenticate instead of dialing inline (matches http handler pattern) - Add idleTimeout metadata field and pass to xnet.Pipe for CONNECT tunnels - Add 4 tests for probe resistance host forwarding and knock bypass
This commit is contained in:
@@ -17,9 +17,10 @@
|
||||
// ├─ decodeServerName (GOST 2.x compatibility headers)
|
||||
// ├─ authenticate (basic proxy auth + probe resistance)
|
||||
// ├─ bypass check
|
||||
// ├─ set metadata response headers
|
||||
// ├─ Router.Dial (connect to upstream)
|
||||
// ├─ forwardRequest (non-CONNECT: proxy a single request)
|
||||
// └─ CONNECT tunnel (bi-directional pipe)
|
||||
// ├─ forwardRequest (non-CONNECT: wrap with traffic limiter + stats, proxy request + error response on failure)
|
||||
// └─ CONNECT tunnel (bi-directional pipe with idle timeout)
|
||||
package http2
|
||||
|
||||
import (
|
||||
|
||||
Reference in New Issue
Block a user