Files
x/handler/http/util.go
T
ginuerzh 3246b39c93 refactor(handler/http): split handler monolith into 7 focused files with 96 unit tests
Extract the 1024-line handler.go into concern-focused files:
  util.go       — 5 pure functions (decodeServerName, basicProxyAuth, upgradeType,
                  normalizeHostPort, buildConnectResponse) — 100% coverage
  auth.go       — authenticate (5 probe-resistance strategies + knock) + checkRateLimit
  connect.go    — handleConnect, sniffAndHandle, dial, setupTrafficLimiter
  proxy.go      — handleProxy keep-alive loop, proxyRoundTrip, handleUpgradeResponse
  websocket.go  — WebSocket frame sniffing/recording with rate-limited sampling
  udp.go        — UDP-over-HTTP relay with SOCKS5 tunnel
  metadata.go   — metadata struct, parseMetadata, probeResistance type

Key improvements:
- Transport injection (http.RoundTripper field) enables testing without real network
- Nil Router guards in dial, handleUDP, and nil Addr guard in checkRateLimit
- Pure functions converted from methods to package-level (no state dependency)
- setupTrafficLimiter returns cleanup closure to preserve defer lifetime
- handleConnect accepts caller's resp for correct recorder status capture
- Comprehensive package doc with full request-flow documentation

96 tests: 100% on pure functions, 86% on metadata parsing, 55% overall (integration
paths verified by e2e tests).
2026-05-28 23:06:37 +08:00

87 lines
2.5 KiB
Go

package http
import (
"encoding/base64"
"encoding/binary"
"errors"
"hash/crc32"
"net"
"net/http"
"strings"
"golang.org/x/net/http/httpguts"
)
// decodeServerName decodes a GOST v2 Gost-Target / X-Gost-Target header
// value. The encoding is: base64(CRC32(hostname) + base64(hostname)).
// It verifies the CRC32 checksum before returning the decoded hostname.
func decodeServerName(s string) (string, error) {
b, err := base64.RawURLEncoding.DecodeString(s)
if err != nil {
return "", err
}
if len(b) < 4 {
return "", errors.New("invalid name")
}
v, err := base64.RawURLEncoding.DecodeString(string(b[4:]))
if err != nil {
return "", err
}
if crc32.ChecksumIEEE(v) != binary.BigEndian.Uint32(b[:4]) {
return "", errors.New("invalid name")
}
return string(v), nil
}
// basicProxyAuth extracts the username and password from an HTTP Basic
// authentication Proxy-Authorization header value. It returns ok=false
// if the value is empty, not a Basic scheme, or not valid base64.
func basicProxyAuth(proxyAuth string) (username, password string, ok bool) {
if proxyAuth == "" {
return
}
if !strings.HasPrefix(proxyAuth, "Basic ") {
return
}
c, err := base64.StdEncoding.DecodeString(strings.TrimPrefix(proxyAuth, "Basic "))
if err != nil {
return
}
cs := string(c)
username, password, ok = strings.Cut(cs, ":")
if !ok {
return
}
return username, password, true
}
// upgradeType returns the upgrade protocol token from an HTTP header.
// It returns "" if the Connection header does not include an "Upgrade"
// token or if the Upgrade header is absent.
func upgradeType(h http.Header) string {
if !httpguts.HeaderValuesContainsToken(h["Connection"], "Upgrade") {
return ""
}
return h.Get("Upgrade")
}
// normalizeHostPort ensures a host string includes a port. If the host
// already contains a port, it is returned unchanged. Otherwise the
// defaultPort is appended. IPv6 addresses are correctly handled: bare
// addresses get bracketed by net.JoinHostPort, and bracketed addresses
// are stripped of brackets before re-joining.
func normalizeHostPort(host, defaultPort string) string {
if _, port, _ := net.SplitHostPort(host); port == "" {
return net.JoinHostPort(strings.Trim(host, "[]"), defaultPort)
}
return host
}
// buildConnectResponse returns the raw bytes of an HTTP 200 Connection
// established response with the given Proxy-Agent header.
func buildConnectResponse(proxyAgent string) []byte {
return []byte("HTTP/1.1 200 Connection established\r\n" +
"Proxy-Agent: " + proxyAgent + "\r\n\r\n")
}