feat: remove unused plugin version comparison and types, refactor proxy server to support authentication
- Deleted version comparison logic from `pkg/plugin/sign/version.go`. - Removed unused types and constants from `pkg/plugin/types.go`. - Updated `pkg/protocol/message.go` to remove plugin-related message types. - Enhanced `pkg/proxy/http.go` and `pkg/proxy/socks5.go` to include username/password authentication for HTTP and SOCKS5 proxies. - Modified `pkg/proxy/server.go` to pass authentication parameters to server constructors. - Added new API endpoint to generate installation commands with a token for clients. - Created database functions to manage installation tokens in `internal/server/db/install_token.go`. - Implemented the installation command generation logic in `internal/server/router/handler/install.go`. - Updated web frontend to support installation command generation and display in `web/src/views/ClientsView.vue`.
This commit is contained in:
@@ -2,6 +2,8 @@ package proxy
|
||||
|
||||
import (
|
||||
"bufio"
|
||||
"encoding/base64"
|
||||
"errors"
|
||||
"io"
|
||||
"net"
|
||||
"net/http"
|
||||
@@ -12,13 +14,15 @@ import (
|
||||
|
||||
// HTTPServer HTTP 代理服务
|
||||
type HTTPServer struct {
|
||||
dialer Dialer
|
||||
onStats func(in, out int64) // 流量统计回调
|
||||
dialer Dialer
|
||||
onStats func(in, out int64) // 流量统计回调
|
||||
username string
|
||||
password string
|
||||
}
|
||||
|
||||
// NewHTTPServer 创建 HTTP 代理服务
|
||||
func NewHTTPServer(dialer Dialer, onStats func(in, out int64)) *HTTPServer {
|
||||
return &HTTPServer{dialer: dialer, onStats: onStats}
|
||||
func NewHTTPServer(dialer Dialer, onStats func(in, out int64), username, password string) *HTTPServer {
|
||||
return &HTTPServer{dialer: dialer, onStats: onStats, username: username, password: password}
|
||||
}
|
||||
|
||||
// HandleConn 处理 HTTP 代理连接
|
||||
@@ -31,12 +35,45 @@ func (h *HTTPServer) HandleConn(conn net.Conn) error {
|
||||
return err
|
||||
}
|
||||
|
||||
// 检查认证
|
||||
if h.username != "" && h.password != "" {
|
||||
if !h.checkAuth(req) {
|
||||
conn.Write([]byte("HTTP/1.1 407 Proxy Authentication Required\r\nProxy-Authenticate: Basic realm=\"proxy\"\r\n\r\n"))
|
||||
return errors.New("authentication required")
|
||||
}
|
||||
}
|
||||
|
||||
if req.Method == http.MethodConnect {
|
||||
return h.handleConnect(conn, req)
|
||||
}
|
||||
return h.handleHTTP(conn, req, reader)
|
||||
}
|
||||
|
||||
// checkAuth 检查 Proxy-Authorization 头
|
||||
func (h *HTTPServer) checkAuth(req *http.Request) bool {
|
||||
auth := req.Header.Get("Proxy-Authorization")
|
||||
if auth == "" {
|
||||
return false
|
||||
}
|
||||
|
||||
const prefix = "Basic "
|
||||
if !strings.HasPrefix(auth, prefix) {
|
||||
return false
|
||||
}
|
||||
|
||||
decoded, err := base64.StdEncoding.DecodeString(auth[len(prefix):])
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
|
||||
credentials := strings.SplitN(string(decoded), ":", 2)
|
||||
if len(credentials) != 2 {
|
||||
return false
|
||||
}
|
||||
|
||||
return credentials[0] == h.username && credentials[1] == h.password
|
||||
}
|
||||
|
||||
// handleConnect 处理 CONNECT 方法 (HTTPS)
|
||||
func (h *HTTPServer) handleConnect(conn net.Conn, req *http.Request) error {
|
||||
target := req.Host
|
||||
|
||||
Reference in New Issue
Block a user