fix(proxy): support HTTP CONNECT dialer

This commit is contained in:
sususu98
2026-05-18 12:18:21 +08:00
parent 24602055a8
commit ec79951e7f
5 changed files with 286 additions and 4 deletions
+122 -1
View File
@@ -1,7 +1,10 @@
package proxyutil
import (
"bufio"
"context"
"crypto/tls"
"encoding/base64"
"fmt"
"net"
"net/http"
@@ -50,7 +53,7 @@ func Parse(raw string) (Setting, error) {
parsedURL, errParse := url.Parse(trimmed)
if errParse != nil {
setting.Mode = ModeInvalid
return setting, fmt.Errorf("parse proxy URL failed: %w", errParse)
return setting, fmt.Errorf("parse proxy URL failed")
}
if parsedURL.Scheme == "" || parsedURL.Host == "" {
setting.Mode = ModeInvalid
@@ -134,6 +137,9 @@ func BuildDialer(raw string) (proxy.Dialer, Mode, error) {
case ModeDirect:
return proxy.Direct, setting.Mode, nil
case ModeProxy:
if setting.URL.Scheme == "http" || setting.URL.Scheme == "https" {
return &httpConnectDialer{proxyURL: setting.URL, dialer: proxy.Direct}, setting.Mode, nil
}
dialer, errDialer := proxy.FromURL(setting.URL, proxy.Direct)
if errDialer != nil {
return nil, setting.Mode, fmt.Errorf("create proxy dialer failed: %w", errDialer)
@@ -143,3 +149,118 @@ func BuildDialer(raw string) (proxy.Dialer, Mode, error) {
return nil, setting.Mode, nil
}
}
type httpConnectDialer struct {
proxyURL *url.URL
dialer proxy.Dialer
}
func (d *httpConnectDialer) Dial(network, addr string) (net.Conn, error) {
proxyConn, errDial := d.dialer.Dial(network, proxyDialAddr(d.proxyURL))
if errDial != nil {
return nil, fmt.Errorf("dial HTTP proxy failed: %w", errDial)
}
conn := proxyConn
if d.proxyURL.Scheme == "https" {
tlsConn := tls.Client(conn, &tls.Config{ServerName: d.proxyURL.Hostname()})
if errHandshake := tlsConn.Handshake(); errHandshake != nil {
if errClose := conn.Close(); errClose != nil {
return nil, fmt.Errorf("HTTPS proxy TLS handshake failed: %w; close failed: %v", errHandshake, errClose)
}
return nil, fmt.Errorf("HTTPS proxy TLS handshake failed: %w", errHandshake)
}
conn = tlsConn
}
req := &http.Request{
Method: http.MethodConnect,
URL: &url.URL{Host: addr},
Host: addr,
Header: make(http.Header),
}
if d.proxyURL.User != nil {
req.Header.Set("Proxy-Authorization", proxyAuthorization(d.proxyURL.User))
}
if errWrite := req.Write(conn); errWrite != nil {
if errClose := conn.Close(); errClose != nil {
return nil, fmt.Errorf("write CONNECT request failed: %w; close failed: %v", errWrite, errClose)
}
return nil, fmt.Errorf("write CONNECT request failed: %w", errWrite)
}
reader := bufio.NewReader(conn)
resp, errRead := http.ReadResponse(reader, req)
if errRead != nil {
if errClose := conn.Close(); errClose != nil {
return nil, fmt.Errorf("read CONNECT response failed: %w; close failed: %v", errRead, errClose)
}
return nil, fmt.Errorf("read CONNECT response failed: %w", errRead)
}
if resp.StatusCode != http.StatusOK {
if resp.Body != nil {
_ = resp.Body.Close()
}
if errClose := conn.Close(); errClose != nil {
return nil, fmt.Errorf("proxy CONNECT returned status %s; close failed: %v", resp.Status, errClose)
}
return nil, fmt.Errorf("proxy CONNECT returned status %s", resp.Status)
}
if reader.Buffered() > 0 {
return &bufferedConn{Conn: conn, reader: reader}, nil
}
return conn, nil
}
func proxyDialAddr(proxyURL *url.URL) string {
port := proxyURL.Port()
if port == "" {
port = "80"
if proxyURL.Scheme == "https" {
port = "443"
}
}
return net.JoinHostPort(proxyURL.Hostname(), port)
}
func proxyAuthorization(user *url.Userinfo) string {
username := user.Username()
password, _ := user.Password()
encoded := base64.StdEncoding.EncodeToString([]byte(username + ":" + password))
return "Basic " + encoded
}
// Redact returns a log-safe proxy URL with credentials and path-like data removed.
func Redact(raw string) string {
trimmed := strings.TrimSpace(raw)
if trimmed == "" {
return ""
}
parsedURL, errParse := url.Parse(trimmed)
if errParse != nil || parsedURL.Scheme == "" || parsedURL.Host == "" {
return "<invalid proxy URL>"
}
redacted := &url.URL{
Scheme: parsedURL.Scheme,
Host: parsedURL.Host,
}
if parsedURL.User != nil {
redacted.User = url.User("redacted")
}
return redacted.String()
}
type bufferedConn struct {
net.Conn
reader *bufio.Reader
}
func (c *bufferedConn) Read(p []byte) (int, error) {
if c.reader.Buffered() > 0 {
return c.reader.Read(p)
}
return c.Conn.Read(p)
}