lywsvip/CLIProxyAPI
1
0
Fork 0
mirror of https://github.com/router-for-me/CLIProxyAPI.git synced 2026-05-23 21:01:01 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
bac006e72bf7b53d6cdbbb47b7f2c54013f97461
CLIProxyAPI/sdk/proxyutil/proxy.go
sususu98 ec79951e7f fix(proxy): support HTTP CONNECT dialer
2026-05-18 12:20:41 +08:00

267 lines
7.3 KiB
Go
Raw Blame History

package proxyutil
import (
"bufio"
"context"
"crypto/tls"
"encoding/base64"
"fmt"
"net"
"net/http"
"net/url"
"strings"
"golang.org/x/net/proxy"
)
// Mode describes how a proxy setting should be interpreted.
type Mode int
const (
// ModeInherit means no explicit proxy behavior was configured.
ModeInherit Mode = iota
// ModeDirect means outbound requests must bypass proxies explicitly.
ModeDirect
// ModeProxy means a concrete proxy URL was configured.
ModeProxy
// ModeInvalid means the proxy setting is present but malformed or unsupported.
ModeInvalid
)
// Setting is the normalized interpretation of a proxy configuration value.
type Setting struct {
Raw string
Mode Mode
URL *url.URL
}
// Parse normalizes a proxy configuration value into inherit, direct, or proxy modes.
func Parse(raw string) (Setting, error) {
trimmed := strings.TrimSpace(raw)
setting := Setting{Raw: trimmed}
if trimmed == "" {
setting.Mode = ModeInherit
return setting, nil
}
if strings.EqualFold(trimmed, "direct") || strings.EqualFold(trimmed, "none") {
setting.Mode = ModeDirect
return setting, nil
}
parsedURL, errParse := url.Parse(trimmed)
if errParse != nil {
setting.Mode = ModeInvalid
return setting, fmt.Errorf("parse proxy URL failed")
}
if parsedURL.Scheme == "" || parsedURL.Host == "" {
setting.Mode = ModeInvalid
return setting, fmt.Errorf("proxy URL missing scheme/host")
}
switch parsedURL.Scheme {
case "socks5", "socks5h", "http", "https":
setting.Mode = ModeProxy
setting.URL = parsedURL
return setting, nil
default:
setting.Mode = ModeInvalid
return setting, fmt.Errorf("unsupported proxy scheme: %s", parsedURL.Scheme)
}
}
func cloneDefaultTransport() *http.Transport {
if transport, ok := http.DefaultTransport.(*http.Transport); ok && transport != nil {
return transport.Clone()
}
return &http.Transport{}
}
// NewDirectTransport returns a transport that bypasses environment proxies.
func NewDirectTransport() *http.Transport {
clone := cloneDefaultTransport()
clone.Proxy = nil
return clone
}
// BuildHTTPTransport constructs an HTTP transport for the provided proxy setting.
func BuildHTTPTransport(raw string) (*http.Transport, Mode, error) {
setting, errParse := Parse(raw)
if errParse != nil {
return nil, setting.Mode, errParse
}
switch setting.Mode {
case ModeInherit:
return nil, setting.Mode, nil
case ModeDirect:
return NewDirectTransport(), setting.Mode, nil
case ModeProxy:
if setting.URL.Scheme == "socks5" || setting.URL.Scheme == "socks5h" {
var proxyAuth *proxy.Auth
if setting.URL.User != nil {
username := setting.URL.User.Username()
password, _ := setting.URL.User.Password()
proxyAuth = &proxy.Auth{User: username, Password: password}
}
dialer, errSOCKS5 := proxy.SOCKS5("tcp", setting.URL.Host, proxyAuth, proxy.Direct)
if errSOCKS5 != nil {
return nil, setting.Mode, fmt.Errorf("create SOCKS5 dialer failed: %w", errSOCKS5)
}
transport := cloneDefaultTransport()
transport.Proxy = nil
transport.DialContext = func(_ context.Context, network, addr string) (net.Conn, error) {
return dialer.Dial(network, addr)
}
return transport, setting.Mode, nil
}
transport := cloneDefaultTransport()
transport.Proxy = http.ProxyURL(setting.URL)
return transport, setting.Mode, nil
default:
return nil, setting.Mode, nil
}
}
// BuildDialer constructs a proxy dialer for settings that operate at the connection layer.
func BuildDialer(raw string) (proxy.Dialer, Mode, error) {
setting, errParse := Parse(raw)
if errParse != nil {
return nil, setting.Mode, errParse
}
switch setting.Mode {
case ModeInherit:
return nil, setting.Mode, nil
case ModeDirect:
return proxy.Direct, setting.Mode, nil
case ModeProxy:
if setting.URL.Scheme == "http" || setting.URL.Scheme == "https" {
return &httpConnectDialer{proxyURL: setting.URL, dialer: proxy.Direct}, setting.Mode, nil
}
dialer, errDialer := proxy.FromURL(setting.URL, proxy.Direct)
if errDialer != nil {
return nil, setting.Mode, fmt.Errorf("create proxy dialer failed: %w", errDialer)
}
return dialer, setting.Mode, nil
default:
return nil, setting.Mode, nil
}
}
type httpConnectDialer struct {
proxyURL *url.URL
dialer proxy.Dialer
}
func (d *httpConnectDialer) Dial(network, addr string) (net.Conn, error) {
proxyConn, errDial := d.dialer.Dial(network, proxyDialAddr(d.proxyURL))
if errDial != nil {
return nil, fmt.Errorf("dial HTTP proxy failed: %w", errDial)
}
conn := proxyConn
if d.proxyURL.Scheme == "https" {
tlsConn := tls.Client(conn, &tls.Config{ServerName: d.proxyURL.Hostname()})
if errHandshake := tlsConn.Handshake(); errHandshake != nil {
if errClose := conn.Close(); errClose != nil {
return nil, fmt.Errorf("HTTPS proxy TLS handshake failed: %w; close failed: %v", errHandshake, errClose)
}
return nil, fmt.Errorf("HTTPS proxy TLS handshake failed: %w", errHandshake)
}
conn = tlsConn
}
req := &http.Request{
Method: http.MethodConnect,
URL: &url.URL{Host: addr},
Host: addr,
Header: make(http.Header),
}
if d.proxyURL.User != nil {
req.Header.Set("Proxy-Authorization", proxyAuthorization(d.proxyURL.User))
}
if errWrite := req.Write(conn); errWrite != nil {
if errClose := conn.Close(); errClose != nil {
return nil, fmt.Errorf("write CONNECT request failed: %w; close failed: %v", errWrite, errClose)
}
return nil, fmt.Errorf("write CONNECT request failed: %w", errWrite)
}
reader := bufio.NewReader(conn)
resp, errRead := http.ReadResponse(reader, req)
if errRead != nil {
if errClose := conn.Close(); errClose != nil {
return nil, fmt.Errorf("read CONNECT response failed: %w; close failed: %v", errRead, errClose)
}
return nil, fmt.Errorf("read CONNECT response failed: %w", errRead)
}
if resp.StatusCode != http.StatusOK {
if resp.Body != nil {
_ = resp.Body.Close()
}
if errClose := conn.Close(); errClose != nil {
return nil, fmt.Errorf("proxy CONNECT returned status %s; close failed: %v", resp.Status, errClose)
}
return nil, fmt.Errorf("proxy CONNECT returned status %s", resp.Status)
}
if reader.Buffered() > 0 {
return &bufferedConn{Conn: conn, reader: reader}, nil
}
return conn, nil
}
func proxyDialAddr(proxyURL *url.URL) string {
port := proxyURL.Port()
if port == "" {
port = "80"
if proxyURL.Scheme == "https" {
port = "443"
}
}
return net.JoinHostPort(proxyURL.Hostname(), port)
}
func proxyAuthorization(user *url.Userinfo) string {
username := user.Username()
password, _ := user.Password()
encoded := base64.StdEncoding.EncodeToString([]byte(username + ":" + password))
return "Basic " + encoded
}
// Redact returns a log-safe proxy URL with credentials and path-like data removed.
func Redact(raw string) string {
trimmed := strings.TrimSpace(raw)
if trimmed == "" {
return ""
}
parsedURL, errParse := url.Parse(trimmed)
if errParse != nil || parsedURL.Scheme == "" || parsedURL.Host == "" {
return "<invalid proxy URL>"
}
redacted := &url.URL{
Scheme: parsedURL.Scheme,
Host: parsedURL.Host,
}
if parsedURL.User != nil {
redacted.User = url.User("redacted")
}
return redacted.String()
}
type bufferedConn struct {
net.Conn
reader *bufio.Reader
}
func (c *bufferedConn) Read(p []byte) (int, error) {
if c.reader.Buffered() > 0 {
return c.reader.Read(p)
}
return c.Conn.Read(p)
}
Reference in New Issue View Git Blame Copy Permalink