Skip to content

Commit 518e9bd

Browse files
wwqgtxxwwqgtxx
committed
feat: socks5, http and mixed listeners support independence users 
1 parent 27bcb26 commit 518e9bd

File tree

10 files changed

+94
-34
lines changed

10 files changed

+94
-34
lines changed

docs/config.yaml

+9
Original file line numberDiff line numberDiff line change
@@ -1005,13 +1005,19 @@ listeners:
10051005
# rule: sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules
10061006
# proxy: proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理
10071007
# udp: false # 默认 true
1008+
# users: # 如果不填写users项,则遵从全局authentication设置,如果填写会忽略全局设置, 如想跳过该入站的验证可填写 users: []
1009+
# - username: aaa
1010+
# password: aaa
10081011

10091012
- name: http-in-1
10101013
type: http
10111014
port: 10809
10121015
listen: 0.0.0.0
10131016
# rule: sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules
10141017
# proxy: proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理 (当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错)
1018+
# users: # 如果不填写users项,则遵从全局authentication设置,如果填写会忽略全局设置, 如想跳过该入站的验证可填写 users: []
1019+
# - username: aaa
1020+
# password: aaa
10151021

10161022
- name: mixed-in-1
10171023
type: mixed # HTTP(S) 和 SOCKS 代理混合
@@ -1020,6 +1026,9 @@ listeners:
10201026
# rule: sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules
10211027
# proxy: proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理 (当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错)
10221028
# udp: false # 默认 true
1029+
# users: # 如果不填写users项,则遵从全局authentication设置,如果填写会忽略全局设置, 如想跳过该入站的验证可填写 users: []
1030+
# - username: aaa
1031+
# password: aaa
10231032

10241033
- name: reidr-in-1
10251034
type: redir

listener/auth/auth.go

+2
Original file line numberDiff line numberDiff line change
@@ -13,3 +13,5 @@ func Authenticator() auth.Authenticator {
1313
func SetAuthenticator(au auth.Authenticator) {
1414
authenticator = au
1515
}
16+
17+
func Nil() auth.Authenticator { return nil }

listener/http/proxy.go

+2-4
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ func (b *bodyWrapper) Read(p []byte) (n int, err error) {
3030
return n, err
3131
}
3232

33-
func HandleConn(c net.Conn, tunnel C.Tunnel, authenticator auth.Authenticator, additions ...inbound.Addition) {
33+
func HandleConn(c net.Conn, tunnel C.Tunnel, getAuth func() auth.Authenticator, additions ...inbound.Addition) {
3434
additions = append(additions, inbound.Placeholder) // Add a placeholder for InUser
3535
inUserIdx := len(additions) - 1
3636
client := newClient(c, tunnel, additions)
@@ -41,6 +41,7 @@ func HandleConn(c net.Conn, tunnel C.Tunnel, authenticator auth.Authenticator, a
4141

4242
conn := N.NewBufferedConn(c)
4343

44+
authenticator := getAuth()
4445
keepAlive := true
4546
trusted := authenticator == nil // disable authenticate if lru is nil
4647
lastUser := ""
@@ -146,9 +147,6 @@ func HandleConn(c net.Conn, tunnel C.Tunnel, authenticator auth.Authenticator, a
146147
}
147148

148149
func authenticate(request *http.Request, authenticator auth.Authenticator) (resp *http.Response, user string) {
149-
if inbound.SkipAuthRemoteAddress(request.RemoteAddr) {
150-
authenticator = nil
151-
}
152150
credential := parseBasicProxyAuthorization(request)
153151
if credential == "" && authenticator != nil {
154152
resp = responseWith(request, http.StatusProxyAuthRequired)

listener/http/server.go

+11-6
Original file line numberDiff line numberDiff line change
@@ -33,20 +33,20 @@ func (l *Listener) Close() error {
3333
}
3434

3535
func New(addr string, tunnel C.Tunnel, additions ...inbound.Addition) (*Listener, error) {
36-
return NewWithAuthenticator(addr, tunnel, authStore.Authenticator(), additions...)
36+
return NewWithAuthenticator(addr, tunnel, authStore.Authenticator, additions...)
3737
}
3838

3939
// NewWithAuthenticate
4040
// never change type traits because it's used in CFMA
4141
func NewWithAuthenticate(addr string, tunnel C.Tunnel, authenticate bool, additions ...inbound.Addition) (*Listener, error) {
42-
authenticator := authStore.Authenticator()
42+
getAuth := authStore.Authenticator
4343
if !authenticate {
44-
authenticator = nil
44+
getAuth = authStore.Nil
4545
}
46-
return NewWithAuthenticator(addr, tunnel, authenticator, additions...)
46+
return NewWithAuthenticator(addr, tunnel, getAuth, additions...)
4747
}
4848

49-
func NewWithAuthenticator(addr string, tunnel C.Tunnel, authenticator auth.Authenticator, additions ...inbound.Addition) (*Listener, error) {
49+
func NewWithAuthenticator(addr string, tunnel C.Tunnel, getAuth func() auth.Authenticator, additions ...inbound.Addition) (*Listener, error) {
5050
isDefault := false
5151
if len(additions) == 0 {
5252
isDefault = true
@@ -75,13 +75,18 @@ func NewWithAuthenticator(addr string, tunnel C.Tunnel, authenticator auth.Authe
7575
continue
7676
}
7777
N.TCPKeepAlive(conn)
78+
79+
getAuth := getAuth
7880
if isDefault { // only apply on default listener
7981
if !inbound.IsRemoteAddrDisAllowed(conn.RemoteAddr()) {
8082
_ = conn.Close()
8183
continue
8284
}
85+
if inbound.SkipAuthRemoteAddr(conn.RemoteAddr()) {
86+
getAuth = authStore.Nil
87+
}
8388
}
84-
go HandleConn(conn, tunnel, authenticator, additions...)
89+
go HandleConn(conn, tunnel, getAuth, additions...)
8590
}
8691
}()
8792

listener/inbound/auth.go

+31
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
package inbound
2+
3+
import (
4+
"github.com/metacubex/mihomo/component/auth"
5+
authStore "github.com/metacubex/mihomo/listener/auth"
6+
)
7+
8+
type AuthUser struct {
9+
Username string `inbound:"username"`
10+
Password string `inbound:"password"`
11+
}
12+
13+
type AuthUsers []AuthUser
14+
15+
func (a AuthUsers) GetAuth() func() auth.Authenticator {
16+
if a != nil { // structure's Decode will ensure value not nil when input has value even it was set an empty array
17+
if len(a) == 0 {
18+
return authStore.Nil
19+
}
20+
users := make([]auth.AuthUser, len(a))
21+
for i, user := range a {
22+
users[i] = auth.AuthUser{
23+
User: user.Username,
24+
Pass: user.Password,
25+
}
26+
}
27+
authenticator := auth.NewAuthenticator(users)
28+
return func() auth.Authenticator { return authenticator }
29+
}
30+
return authStore.Authenticator
31+
}

listener/inbound/http.go

+2-1
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ import (
88

99
type HTTPOption struct {
1010
BaseOption
11+
Users AuthUsers `inbound:"users,omitempty"`
1112
}
1213

1314
func (o HTTPOption) Equal(config C.InboundConfig) bool {
@@ -44,7 +45,7 @@ func (h *HTTP) Address() string {
4445
// Listen implements constant.InboundListener
4546
func (h *HTTP) Listen(tunnel C.Tunnel) error {
4647
var err error
47-
h.l, err = http.New(h.RawAddress(), tunnel, h.Additions()...)
48+
h.l, err = http.NewWithAuthenticator(h.RawAddress(), tunnel, h.config.Users.GetAuth(), h.Additions()...)
4849
if err != nil {
4950
return err
5051
}

listener/inbound/mixed.go

+3-2
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,8 @@ import (
1212

1313
type MixedOption struct {
1414
BaseOption
15-
UDP bool `inbound:"udp,omitempty"`
15+
Users AuthUsers `inbound:"users,omitempty"`
16+
UDP bool `inbound:"udp,omitempty"`
1617
}
1718

1819
func (o MixedOption) Equal(config C.InboundConfig) bool {
@@ -52,7 +53,7 @@ func (m *Mixed) Address() string {
5253
// Listen implements constant.InboundListener
5354
func (m *Mixed) Listen(tunnel C.Tunnel) error {
5455
var err error
55-
m.l, err = mixed.New(m.RawAddress(), tunnel, m.Additions()...)
56+
m.l, err = mixed.NewWithAuthenticator(m.RawAddress(), tunnel, m.config.Users.GetAuth(), m.Additions()...)
5657
if err != nil {
5758
return err
5859
}

listener/inbound/socks.go

+3-2
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,8 @@ import (
99

1010
type SocksOption struct {
1111
BaseOption
12-
UDP bool `inbound:"udp,omitempty"`
12+
Users AuthUsers `inbound:"users,omitempty"`
13+
UDP bool `inbound:"udp,omitempty"`
1314
}
1415

1516
func (o SocksOption) Equal(config C.InboundConfig) bool {
@@ -70,7 +71,7 @@ func (s *Socks) Address() string {
7071
// Listen implements constant.InboundListener
7172
func (s *Socks) Listen(tunnel C.Tunnel) error {
7273
var err error
73-
if s.stl, err = socks.New(s.RawAddress(), tunnel, s.Additions()...); err != nil {
74+
if s.stl, err = socks.NewWithAuthenticator(s.RawAddress(), tunnel, s.config.Users.GetAuth(), s.Additions()...); err != nil {
7475
return err
7576
}
7677
if s.udp {

listener/mixed/mixed.go

+14-5
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ import (
55

66
"github.com/metacubex/mihomo/adapter/inbound"
77
N "github.com/metacubex/mihomo/common/net"
8+
"github.com/metacubex/mihomo/component/auth"
89
C "github.com/metacubex/mihomo/constant"
910
authStore "github.com/metacubex/mihomo/listener/auth"
1011
"github.com/metacubex/mihomo/listener/http"
@@ -36,6 +37,10 @@ func (l *Listener) Close() error {
3637
}
3738

3839
func New(addr string, tunnel C.Tunnel, additions ...inbound.Addition) (*Listener, error) {
40+
return NewWithAuthenticator(addr, tunnel, authStore.Authenticator, additions...)
41+
}
42+
43+
func NewWithAuthenticator(addr string, tunnel C.Tunnel, getAuth func() auth.Authenticator, additions ...inbound.Addition) (*Listener, error) {
3944
isDefault := false
4045
if len(additions) == 0 {
4146
isDefault = true
@@ -62,20 +67,24 @@ func New(addr string, tunnel C.Tunnel, additions ...inbound.Addition) (*Listener
6267
}
6368
continue
6469
}
70+
getAuth := getAuth
6571
if isDefault { // only apply on default listener
6672
if !inbound.IsRemoteAddrDisAllowed(c.RemoteAddr()) {
6773
_ = c.Close()
6874
continue
6975
}
76+
if inbound.SkipAuthRemoteAddr(c.RemoteAddr()) {
77+
getAuth = authStore.Nil
78+
}
7079
}
71-
go handleConn(c, tunnel, additions...)
80+
go handleConn(c, tunnel, getAuth, additions...)
7281
}
7382
}()
7483

7584
return ml, nil
7685
}
7786

78-
func handleConn(conn net.Conn, tunnel C.Tunnel, additions ...inbound.Addition) {
87+
func handleConn(conn net.Conn, tunnel C.Tunnel, getAuth func() auth.Authenticator, additions ...inbound.Addition) {
7988
N.TCPKeepAlive(conn)
8089

8190
bufConn := N.NewBufferedConn(conn)
@@ -86,10 +95,10 @@ func handleConn(conn net.Conn, tunnel C.Tunnel, additions ...inbound.Addition) {
8695

8796
switch head[0] {
8897
case socks4.Version:
89-
socks.HandleSocks4(bufConn, tunnel, additions...)
98+
socks.HandleSocks4(bufConn, tunnel, getAuth, additions...)
9099
case socks5.Version:
91-
socks.HandleSocks5(bufConn, tunnel, additions...)
100+
socks.HandleSocks5(bufConn, tunnel, getAuth, additions...)
92101
default:
93-
http.HandleConn(bufConn, tunnel, authStore.Authenticator(), additions...)
102+
http.HandleConn(bufConn, tunnel, getAuth, additions...)
94103
}
95104
}

listener/socks/tcp.go

+17-14
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ import (
66

77
"github.com/metacubex/mihomo/adapter/inbound"
88
N "github.com/metacubex/mihomo/common/net"
9+
"github.com/metacubex/mihomo/component/auth"
910
C "github.com/metacubex/mihomo/constant"
1011
authStore "github.com/metacubex/mihomo/listener/auth"
1112
"github.com/metacubex/mihomo/transport/socks4"
@@ -35,6 +36,10 @@ func (l *Listener) Close() error {
3536
}
3637

3738
func New(addr string, tunnel C.Tunnel, additions ...inbound.Addition) (*Listener, error) {
39+
return NewWithAuthenticator(addr, tunnel, authStore.Authenticator, additions...)
40+
}
41+
42+
func NewWithAuthenticator(addr string, tunnel C.Tunnel, getAuth func() auth.Authenticator, additions ...inbound.Addition) (*Listener, error) {
3843
isDefault := false
3944
if len(additions) == 0 {
4045
isDefault = true
@@ -61,20 +66,24 @@ func New(addr string, tunnel C.Tunnel, additions ...inbound.Addition) (*Listener
6166
}
6267
continue
6368
}
69+
getAuth := getAuth
6470
if isDefault { // only apply on default listener
6571
if !inbound.IsRemoteAddrDisAllowed(c.RemoteAddr()) {
6672
_ = c.Close()
6773
continue
6874
}
75+
if inbound.SkipAuthRemoteAddr(c.RemoteAddr()) {
76+
getAuth = authStore.Nil
77+
}
6978
}
70-
go handleSocks(c, tunnel, additions...)
79+
go handleSocks(c, tunnel, getAuth, additions...)
7180
}
7281
}()
7382

7483
return sl, nil
7584
}
7685

77-
func handleSocks(conn net.Conn, tunnel C.Tunnel, additions ...inbound.Addition) {
86+
func handleSocks(conn net.Conn, tunnel C.Tunnel, getAuth func() auth.Authenticator, additions ...inbound.Addition) {
7887
N.TCPKeepAlive(conn)
7988
bufConn := N.NewBufferedConn(conn)
8089
head, err := bufConn.Peek(1)
@@ -85,19 +94,16 @@ func handleSocks(conn net.Conn, tunnel C.Tunnel, additions ...inbound.Addition)
8594

8695
switch head[0] {
8796
case socks4.Version:
88-
HandleSocks4(bufConn, tunnel, additions...)
97+
HandleSocks4(bufConn, tunnel, getAuth, additions...)
8998
case socks5.Version:
90-
HandleSocks5(bufConn, tunnel, additions...)
99+
HandleSocks5(bufConn, tunnel, getAuth, additions...)
91100
default:
92101
conn.Close()
93102
}
94103
}
95104

96-
func HandleSocks4(conn net.Conn, tunnel C.Tunnel, additions ...inbound.Addition) {
97-
authenticator := authStore.Authenticator()
98-
if inbound.SkipAuthRemoteAddr(conn.RemoteAddr()) {
99-
authenticator = nil
100-
}
105+
func HandleSocks4(conn net.Conn, tunnel C.Tunnel, getAuth func() auth.Authenticator, additions ...inbound.Addition) {
106+
authenticator := getAuth()
101107
addr, _, user, err := socks4.ServerHandshake(conn, authenticator)
102108
if err != nil {
103109
conn.Close()
@@ -107,11 +113,8 @@ func HandleSocks4(conn net.Conn, tunnel C.Tunnel, additions ...inbound.Addition)
107113
tunnel.HandleTCPConn(inbound.NewSocket(socks5.ParseAddr(addr), conn, C.SOCKS4, additions...))
108114
}
109115

110-
func HandleSocks5(conn net.Conn, tunnel C.Tunnel, additions ...inbound.Addition) {
111-
authenticator := authStore.Authenticator()
112-
if inbound.SkipAuthRemoteAddr(conn.RemoteAddr()) {
113-
authenticator = nil
114-
}
116+
func HandleSocks5(conn net.Conn, tunnel C.Tunnel, getAuth func() auth.Authenticator, additions ...inbound.Addition) {
117+
authenticator := getAuth()
115118
target, command, user, err := socks5.ServerHandshake(conn, authenticator)
116119
if err != nil {
117120
conn.Close()

0 commit comments

Comments
 (0)