lanhu/proxy
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

重命名包 client 为 edge;重命名包 server 为 gateway

Browse Source
This commit is contained in:
luorijun
2025-05-16 17:04:03 +08:00
parent 22f3c37478
commit 20ac7dbd91
37 changed files with 65 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
gateway/app/app.go Normal file
View File

@@ -0,0 +1,15 @@
package app
import (
"proxy-server/gateway/core"
)
var (
Id int32
Name string
PlatformSecret string // 平台密钥,验证接收的请求是否属于平台
Clients = core.SyncMap[int32, uint16]{} // 节点 ID -> 转发端口
Assigns = core.SyncMap[uint16, int32]{} // 转发端口 -> 节点 ID
Permits = core.SyncMap[uint16, *core.Permit]{} // 转发端口 -> 权限配置
)

10
gateway/core/auth.go Normal file
View File

@@ -0,0 +1,10 @@
package core
import "time"
type Permit struct {
Expire time.Time `json:"expire"`
Whitelists []string `json:"whitelists"`
Username string `json:"username"`
Password string `json:"password"`
}

73
gateway/core/conn.go Normal file
View File

@@ -0,0 +1,73 @@
package core
import (
"bufio"
"fmt"
"net"
"time"
)
type Conn struct {
Conn net.Conn
Reader *bufio.Reader
Tag [16]byte
Protocol string
Dest *FwdAddr
Auth *AuthContext
}
func (c Conn) Read(b []byte) (n int, err error) {
return c.Reader.Read(b)
}
func (c Conn) Write(b []byte) (n int, err error) {
return c.Conn.Write(b)
}
func (c Conn) Close() error {
return c.Conn.Close()
}
func (c Conn) LocalAddr() net.Addr {
return c.Conn.LocalAddr()
}
func (c Conn) RemoteAddr() net.Addr {
return c.Conn.RemoteAddr()
}
func (c Conn) SetDeadline(t time.Time) error {
return c.Conn.SetDeadline(t)
}
func (c Conn) SetReadDeadline(t time.Time) error {
return c.Conn.SetReadDeadline(t)
}
func (c Conn) SetWriteDeadline(t time.Time) error {
return c.Conn.SetWriteDeadline(t)
}
type FwdAddr struct {
IP net.IP
Port int
Domain string
}
func (a FwdAddr) Network() string {
return "tcp"
}
func (a FwdAddr) String() string {
return fmt.Sprintf("%s:%d", a.IP, a.Port)
}
type AuthContext struct {
Timeout float64
Payload Payload
Meta map[string]any
}
type Payload struct {
ID int32
}

6
gateway/core/consts.go Normal file
View File

@@ -0,0 +1,6 @@
package core
const (
Version = 1
RestoreMagic = 0x72
)

65
gateway/core/map.go Normal file
View File

@@ -0,0 +1,65 @@
package core
import "sync"
type SyncMap[K any, V any] struct {
_map sync.Map
}
func (m *SyncMap[K, V]) Store(key K, value V) {
m._map.Store(key, value)
}
func (m *SyncMap[K, V]) Load(key K) (value V, ok bool) {
v, ok := m._map.Load(key)
if ok {
value = v.(V)
}
return
}
func (m *SyncMap[K, V]) Swap(key K, value V) (previous V, loaded bool) {
v, loaded := m._map.Swap(key, value)
if loaded {
previous = v.(V)
}
return
}
func (m *SyncMap[K, V]) Delete(key K) {
m._map.Delete(key)
}
func (m *SyncMap[K, V]) Clear() {
m._map.Clear()
}
func (m *SyncMap[K, V]) Range(f func(key K, value V) bool) {
m._map.Range(func(k, v any) bool {
return f(k.(K), v.(V))
})
}
func (m *SyncMap[K, V]) LoadOrStore(key K, value V) (actual V, loaded bool) {
v, loaded := m._map.LoadOrStore(key, value)
if loaded {
actual = v.(V)
}
return
}
func (m *SyncMap[K, V]) LoadAndDelete(key K) (value V, ok bool) {
v, ok := m._map.LoadAndDelete(key)
if ok {
value = v.(V)
}
return
}
func (m *SyncMap[K, V]) CompareAndSwap(key K, old, new V) (swapped bool) {
return m._map.CompareAndSwap(key, old, new)
}
func (m *SyncMap[K, V]) CompareAndDelete(key K, old V) (deleted bool) {
return m._map.CompareAndDelete(key, old)
}

74
gateway/core/security.go Normal file
View File

@@ -0,0 +1,74 @@
package core
import (
"context"
"crypto/aes"
"crypto/cipher"
"encoding/base64"
"encoding/json"
"fmt"
g "proxy-server/gateway/globals"
"time"
)
type SecuredReq struct {
Content string `json:"content"`
Nonce string `json:"nonce"`
Timestamp int64 `json:"timestamp"`
}
func Decrypt[T any](req *SecuredReq, secret string) (resp *T, err error) {
// 解密请求
block, err := aes.NewCipher([]byte(secret))
if err != nil {
return nil, err
}
gcm, err := cipher.NewGCM(block)
if err != nil {
return nil, err
}
var nonce = []byte(req.Nonce)
content, err := base64.StdEncoding.DecodeString(req.Content)
if err != nil {
return nil, err
}
var aad = []byte(fmt.Sprintf("%s:%d", req.Nonce, req.Timestamp))
bytes, err := gcm.Open(nil, nonce, content, aad)
if err != nil {
return nil, err
}
// 检查时间与 nonce 是否匹配
var duration = time.Now().UnixMilli() - req.Timestamp
if duration > 1000*60*5 { // 5分钟
return nil, fmt.Errorf("请求超时,当前时间:%d接收时间%d", time.Now().UnixMilli(), req.Timestamp)
}
result, err := g.Redis.Exists(context.Background(), req.Nonce).Result()
if err != nil {
return nil, err
}
if result > 0 {
return nil, fmt.Errorf("请求已被使用nonce%s", req.Nonce)
}
// 将 nonce 存入 redis设置过期时间为 5 分钟
err = g.Redis.Set(context.Background(), req.Nonce, 1, time.Minute*5).Err()
if err != nil {
return nil, err
}
// 返回解密后的数据
err = json.Unmarshal(bytes, &resp)
if err != nil {
return nil, err
}
return resp, nil
}

51
gateway/debug/debug.go Normal file
View File

@@ -0,0 +1,51 @@
package debug
import (
"container/ring"
"context"
"time"
)
func Start(ctx context.Context) {
go startReceiveConsuming(ctx)
}
type Consuming struct {
Auth time.Duration
Data time.Duration
Proxy time.Duration
Total time.Duration
}
var ConsumingCh = make(chan Consuming, 1024)
var consumingList = ring.New(3000)
func startReceiveConsuming(ctx context.Context) {
InitConsumingList()
for {
select {
case <-ctx.Done():
return
case c := <-ConsumingCh:
consumingList.Value = c
consumingList = consumingList.Next()
}
}
}
func InitConsumingList() {
for i := 0; i < consumingList.Len(); i++ {
consumingList.Value = nil
consumingList = consumingList.Next()
}
}
func ConsumingList() []Consuming {
consuming := make([]Consuming, 0, consumingList.Len())
consumingList.Do(func(value interface{}) {
if value != nil {
consuming = append(consuming, value.(Consuming))
}
})
return consuming
}

148
gateway/env/env.go vendored Normal file
View File

@@ -0,0 +1,148 @@
package env
import (
"fmt"
"log/slog"
"os"
"strconv"
"github.com/joho/godotenv"
)
var (
AppCtrlPort uint16 = 18080
AppDataPort uint16 = 18081
AppWebPort uint16 = 8848
AppLogMode = "dev"
AppExitTimeout = 5 // 等待服务停止的超时时间
AppDataTimeout = 10 // 等待数据通道连接的超时时间
AppUserTimeout = 10 // 等待用户发送数据的超时时间(端口复用需要分析协议,如果用户长期不发送数据,将会阻塞分析协程)
ClientId string
ClientSecret string
RedisHost = "localhost"
RedisPort = "6379"
RedisDb = 0
RedisPass = ""
EndpointOnline string
EndpointOffline string
EndpointAssigned string
)
func Init() {
var err = godotenv.Load()
if err != nil {
slog.Debug("没有本地环境变量文件")
}
var value string
value = os.Getenv("APP_CTRL_PORT")
if value != "" {
appCtrlPort, err := strconv.Atoi(value)
if err != nil {
panic(fmt.Sprintf("环境变量 APP_CTRL_PORT 格式错误: %v", err))
}
AppCtrlPort = uint16(appCtrlPort)
}
value = os.Getenv("APP_DATA_PORT")
if value != "" {
appDataPort, err := strconv.Atoi(value)
if err != nil {
panic(fmt.Sprintf("环境变量 APP_DATA_PORT 格式错误: %v", err))
}
AppDataPort = uint16(appDataPort)
}
value = os.Getenv("APP_WEB_PORT")
if value != "" {
appWebPort, err := strconv.Atoi(value)
if err != nil {
panic(fmt.Sprintf("环境变量 APP_WEB_PORT 格式错误: %v", err))
}
AppWebPort = uint16(appWebPort)
}
value = os.Getenv("APP_LOG_MODE")
if value != "" {
AppLogMode = value
}
value = os.Getenv("APP_EXIT_TIMEOUT")
if value != "" {
appExitTimeout, err := strconv.Atoi(value)
if err != nil {
panic(fmt.Sprintf("环境变量 APP_EXIT_TIMEOUT 格式错误: %v", err))
}
AppExitTimeout = appExitTimeout
}
value = os.Getenv("APP_DATA_TIMEOUT")
if value != "" {
appDataTimeout, err := strconv.Atoi(value)
if err != nil {
panic(fmt.Sprintf("环境变量 APP_DATA_TIMEOUT 格式错误: %v", err))
}
AppDataTimeout = appDataTimeout
}
value = os.Getenv("CLIENT_ID")
if value != "" {
ClientId = value
} else {
panic("环境变量 CLIENT_ID 未设置")
}
value = os.Getenv("CLIENT_SECRET")
if value != "" {
ClientSecret = value
} else {
panic("环境变量 CLIENT_SECRET 未设置")
}
value = os.Getenv("REDIS_HOST")
if value != "" {
RedisHost = value
}
value = os.Getenv("REDIS_PORT")
if value != "" {
RedisPort = value
}
value = os.Getenv("REDIS_DB")
if value != "" {
redisDb, err := strconv.Atoi(value)
if err != nil {
panic(fmt.Sprintf("环境变量 REDIS_DB 格式错误: %v", err))
}
RedisDb = redisDb
}
value = os.Getenv("REDIS_PASS")
if value != "" {
RedisPass = value
}
value = os.Getenv("ENDPOINT_ONLINE")
if value != "" {
EndpointOnline = value
} else {
panic("环境变量 ENDPOINT_ONLINE 未设置")
}
value = os.Getenv("ENDPOINT_OFFLINE")
if value != "" {
EndpointOffline = value
} else {
panic("环境变量 ENDPOINT_OFFLINE 未设置")
}
value = os.Getenv("ENDPOINT_ASSIGNED")
if value != "" {
EndpointAssigned = value
} else {
panic("环境变量 ENDPOINT_ASSIGNED 未设置")
}
}

310
gateway/fwd/analysis.go Normal file
View File

@@ -0,0 +1,310 @@
package fwd
import (
"bufio"
"encoding/binary"
"fmt"
"io"
"log/slog"
"proxy-server/gateway/core"
"proxy-server/pkg/utils"
"strings"
"errors"
)
func analysisAndLog(conn *core.Conn, reader io.Reader) error {
buf := bufio.NewReader(reader)
domain, proto, err := sniffing(buf)
if err != nil {
err = fmt.Errorf("sniffing error: %w", err)
} else {
slog.Debug(
"用户访问记录",
slog.Int("uid", int(conn.Auth.Payload.ID)),
slog.String("user", conn.RemoteAddr().String()),
slog.String("proxy", conn.Protocol),
slog.String("node", conn.LocalAddr().String()),
slog.String("proto", proto),
slog.String("dest", conn.Dest.String()),
slog.String("domain", domain),
)
}
go func() {
discord(buf)
}()
return err
}
func sniffing(reader *bufio.Reader) (string, string, error) {
peek, err := reader.Peek(8)
if err != nil {
return "", "", fmt.Errorf("sniffing peek error: %w", err)
}
method, ok := isHttp(peek)
if ok {
domain, err := analysisHttp(reader)
return domain, "http(" + method + ")", err
}
tlsType, tlsVersion, ok := isTls(peek)
if ok {
var domain string
if tlsType == "handshake" {
domain, err = analysisTls(reader)
}
return domain, "tls(" + tlsType + "," + tlsVersion + ")", err
}
return "nil", "tcp", nil
}
func isHttp(bytes []byte) (string, bool) {
var blankIndex int
for i := range bytes {
if bytes[i] == ' ' {
blankIndex = i
break
}
}
method := string(bytes[:blankIndex])
switch method {
case "GET",
"POST",
"PUT",
"PATCH",
"DELETE",
"HEAD",
"OPTIONS",
"TRACE",
"CONNECT":
return method, true
}
return "", false
}
func isTls(bytes []byte) (string, string, bool) {
var tlsType string
switch bytes[0] {
case 0x14:
tlsType = "change-cipher-spec"
case 0x15:
tlsType = "alert"
case 0x16:
tlsType = "handshake"
case 0x17:
tlsType = "application-data"
}
var tlsVersion string
if bytes[1] == 0x03 {
switch bytes[2] {
case 0x00:
tlsVersion = "SSL3.0"
case 0x01:
tlsVersion = "TLS1.0"
case 0x02:
tlsVersion = "TLS1.1"
case 0x03:
tlsVersion = "TLS1.2"
}
}
if tlsType != "" && tlsVersion != "" {
return tlsType, tlsVersion, true
} else {
return "", "", false
}
}
func analysisHttp(reader *bufio.Reader) (string, error) {
// reade top
top, err := httpReadLine(reader)
if err != nil {
return "", fmt.Errorf("http read top error: %w", err)
}
// read header
host := strings.Split(top, " ")[1]
for {
line, err := httpReadLine(reader)
if err != nil {
return "", err
}
if line == "" {
break
}
if strings.HasPrefix(line, "Host: ") {
host = strings.TrimPrefix(line, "Host: ")
}
}
return host, nil
}
func httpReadLine(reader *bufio.Reader) (line string, err error) {
var lineStr strings.Builder
for {
line, prefix, err := reader.ReadLine()
if err != nil {
return "", fmt.Errorf("http read line error: %w", err)
}
lineStr.Write(line)
if !prefix {
break
}
}
return lineStr.String(), nil
}
func analysisTls(reader *bufio.Reader) (string, error) {
// tls record
_, err := utils.ReadBuffer(reader, 5)
if err != nil {
return "", fmt.Errorf("https read head error: %w", err)
}
// tls type
hsType, err := reader.ReadByte()
if err != nil {
return "", fmt.Errorf("https read hsType error: %w", err)
}
switch hsType {
case 0x01: // client hello
// length
_, err = utils.ReadBuffer(reader, 3)
if err != nil {
return "", fmt.Errorf("https read tls length error: %w", err)
}
// version
_, err = utils.ReadBuffer(reader, 2)
if err != nil {
return "", fmt.Errorf("https read version error: %w", err)
}
// random
_, err = utils.ReadBuffer(reader, 32)
if err != nil {
return "", fmt.Errorf("https read random error: %w", err)
}
// session id length
sessionIdLen, err := reader.ReadByte()
if err != nil {
return "", fmt.Errorf("https read sessionIdLen error: %w", err)
}
// session id
_, err = utils.ReadBuffer(reader, int(sessionIdLen))
if err != nil {
return "", fmt.Errorf("https read sessionId error: %w", err)
}
// cipher suites length
cLenBuf, err := utils.ReadBuffer(reader, 2)
if err != nil {
return "", fmt.Errorf("https read cLen error: %w", err)
}
cLen := binary.BigEndian.Uint16(cLenBuf)
// cipher suites
_, err = utils.ReadBuffer(reader, int(cLen))
if err != nil {
return "", fmt.Errorf("https read c error: %w", err)
}
// compression methods length
cmLen, err := reader.ReadByte()
if err != nil {
return "", fmt.Errorf("https read cmLen error: %w", err)
}
// compression methods
_, err = utils.ReadBuffer(reader, int(cmLen))
if err != nil {
return "", fmt.Errorf("https read cm error: %w", err)
}
// extensions length
eLenBuf, err := utils.ReadBuffer(reader, 2)
if err != nil {
return "", fmt.Errorf("https read eLen error: %w", err)
}
eLen := binary.BigEndian.Uint16(eLenBuf)
// extensions
host := ""
for i := 0; i < int(eLen); {
// extension type
eTypeBuf, err := utils.ReadBuffer(reader, 2)
if err != nil {
return "", fmt.Errorf("https read extension type error: %w", err)
}
eType := binary.BigEndian.Uint16(eTypeBuf)
// extension length
eLenBuf, err := utils.ReadBuffer(reader, 2)
if err != nil {
return "", fmt.Errorf("https read extension length error: %w", err)
}
eLen := binary.BigEndian.Uint16(eLenBuf)
// server name
if eType == 0x00 {
// server name list length
_, err = utils.ReadBuffer(reader, 2)
if err != nil {
return "", fmt.Errorf("https read server name list length error: %w", err)
}
// server name type
_, err = reader.ReadByte()
if err != nil {
return "", fmt.Errorf("https read server name type error: %w", err)
}
// server name length
sLenBuf, err := utils.ReadBuffer(reader, 2)
if err != nil {
return "", fmt.Errorf("https read server name length error: %w", err)
}
sLen := binary.BigEndian.Uint16(sLenBuf)
// server name
bytes, err := utils.ReadBuffer(reader, int(sLen))
if err != nil {
return "", fmt.Errorf("https read server name error: %w", err)
}
host = string(bytes)
return host, nil
} else {
// other extension
_, err = utils.ReadBuffer(reader, int(eLen))
if err != nil {
return "", fmt.Errorf("https read extension error: %w", err)
}
}
i += 4 + int(eLen)
}
default:
return "", nil
}
return "", errors.New("analysis https error")
}
func discord(reader *bufio.Reader) {
_, err := io.Copy(io.Discard, reader)
if err != nil {
slog.Error("analysis discord err", "err", err)
}
}

78
gateway/fwd/auth/auth.go Normal file
View File

@@ -0,0 +1,78 @@
package auth
import (
"fmt"
"net"
"proxy-server/gateway/app"
"proxy-server/gateway/core"
"strconv"
"time"
"errors"
)
type Protocol string
const (
Socks5 = Protocol("socks5")
Http = Protocol("http")
)
func Protect(conn net.Conn, proto Protocol, username, password *string) (*core.AuthContext, error) {
// 获取用户地址
remoteAddr := conn.RemoteAddr().String()
remoteHost, _, err := net.SplitHostPort(remoteAddr)
if err != nil {
return nil, fmt.Errorf("无法获取连接信息: %w", err)
}
// 获取服务端口
localAddr := conn.LocalAddr().String()
_, _localPort, err := net.SplitHostPort(localAddr)
localPort, err := strconv.ParseUint(_localPort, 10, 16)
if err != nil {
return nil, fmt.Errorf("noAuth 认证失败: %w", err)
}
// 查找权限配置
var permit, ok = app.Permits.Load(uint16(localPort))
if !ok {
return nil, errors.New("没有权限")
}
// 检查是否过期
if permit.Expire.Before(time.Now()) {
return nil, errors.New("权限已过期")
}
// 检查 IP 是否可用
if len(permit.Whitelists) > 0 {
var found = false
for _, allowedHost := range permit.Whitelists {
var allowed = net.ParseIP(allowedHost)
var remote = net.ParseIP(remoteHost)
if remote.Equal(allowed) {
found = true
break
}
}
if !found {
return nil, errors.New("不在白名单内")
}
}
if username != nil && password != nil {
if *username != permit.Username || *password != permit.Password {
return nil, errors.New("用户名或密码错误")
}
}
var id, _ = app.Assigns.Load(uint16(localPort))
return &core.AuthContext{
Timeout: time.Since(permit.Expire).Seconds(),
Payload: core.Payload{
ID: id,
},
}, nil
}

235
gateway/fwd/ctrl.go Normal file
View File

@@ -0,0 +1,235 @@
package fwd
import (
"bufio"
"context"
"encoding/binary"
"errors"
"fmt"
"io"
"log/slog"
"net"
"proxy-server/gateway/app"
"proxy-server/gateway/env"
"proxy-server/gateway/report"
"proxy-server/pkg/utils"
"strconv"
)
type CtrlCmdType int
const (
CtrlCmdPong CtrlCmdType = iota + 1
CtrlCmdPing
CtrlCmdOpen
CtrlCmdClose
CtrlCmdProxy
)
func (s *Service) listenCtrl() error {
ctrlPort := env.AppCtrlPort
slog.Debug("监听控制通道", slog.Uint64("port", uint64(ctrlPort)))
// 监听端口
ls, err := net.Listen("tcp", ":"+strconv.Itoa(int(ctrlPort)))
if err != nil {
return fmt.Errorf("监听控制通道失败: %w", err)
}
defer utils.Close(ls)
// 处理连接
// 异步等待连接
var connCh = make(chan net.Conn)
go func() {
for {
conn, err := ls.Accept()
if errors.Is(err, net.ErrClosed) {
slog.Debug("控制通道监听关闭")
return
}
if err != nil {
slog.Error("接受控制通道连接失败", "err", err)
return
}
select {
case connCh <- conn:
case <-s.ctx.Done():
utils.Close(conn)
return
}
}
}()
err = nil
for {
select {
case <-s.ctx.Done():
return nil
case conn := <-connCh:
s.ctrlConnWg.Add(1)
go func() {
defer s.ctrlConnWg.Done()
defer utils.Close(conn)
err := s.processCtrlConn(s.ctx, conn)
if err != nil {
slog.Error("处理控制通道连接失败", "err", err)
}
}()
}
}
}
func (s *Service) processCtrlConn(ctx context.Context, conn net.Conn) (err error) {
reader := bufio.NewReader(conn)
for {
// 循环等待直到服务关闭
select {
case <-ctx.Done():
return nil
default:
}
// 读取命令
cmdByte, err := reader.ReadByte()
if err != nil {
return fmt.Errorf("读取节点命令失败: %w", err)
}
var cmd = CtrlCmdType(cmdByte)
switch cmd {
// 连接建立命令
case CtrlCmdOpen:
var recv = make([]byte, 4)
_, err = io.ReadFull(reader, recv)
if err != nil {
return fmt.Errorf("读取节点 ID 失败: %w", err)
}
var client = int32(binary.BigEndian.Uint32(recv))
err = s.onOpen(conn, client)
if err != nil {
return fmt.Errorf("处理连接建立命令失败: %w", err)
}
// 心跳命令
case CtrlCmdPing:
err = s.onPing(conn)
if err != nil {
return fmt.Errorf("处理心跳命令失败: %w", err)
}
// 连接关闭命令
case CtrlCmdClose:
err = s.onClose(conn)
if err != nil {
return fmt.Errorf("处理关闭命令失败: %w", err)
}
return nil
// 忽略其他不应该由节点发起的命令
default:
return fmt.Errorf("无法处理控制命令: %d", cmd)
}
}
}
func (s *Service) onPing(conn net.Conn) (err error) {
return s.sendPong(conn)
}
func (s *Service) onOpen(conn net.Conn, client int32) (err error) {
// open 命令全局只执行一次
_, ok := app.Clients.Load(client)
if ok {
return fmt.Errorf("节点 ID %d 已经连接", client)
}
// 分配端口
var minim uint16 = 20000
var maxim uint16 = 60000
var port uint16
for i := minim; i < maxim; i++ {
var _, ok = app.Assigns.Load(i)
if !ok {
port = i
app.Assigns.Store(i, client)
app.Clients.Store(client, i)
break
}
}
if port == 0 {
return errors.New("没有可用的端口")
}
// 报告端口分配
if err = report.Assigned(client, port); err != nil {
return fmt.Errorf("报告端口分配失败: %w", err)
}
// 响应客户端
if err = s.sendPong(conn); err != nil {
return fmt.Errorf("响应客户端失败: %w", err)
}
// 启动转发服务
s.fwdLesWg.Add(1)
go func() {
defer s.fwdLesWg.Done()
slog.Info("监听转发端口", "port", port, "client", client)
err = s.listenUser(port, conn)
if err != nil {
slog.Error("监听转发端口失败", "port", port, "client", client, "err", err)
}
}()
return nil
}
func (s *Service) onClose(conn net.Conn) (err error) {
_, portStr, err := net.SplitHostPort(conn.LocalAddr().String())
if err != nil {
return err
}
port, err := strconv.ParseUint(portStr, 10, 16)
if err != nil {
return err
}
id, _ := app.Assigns.LoadAndDelete(uint16(port))
app.Clients.Delete(id)
app.Assigns.Delete(uint16(port))
app.Permits.Delete(uint16(port))
err = s.sendPong(conn)
if err != nil {
return err
}
return nil
}
func (s *Service) sendPong(conn net.Conn) (err error) {
_, err = conn.Write([]byte{byte(CtrlCmdPong)})
if err != nil {
return fmt.Errorf("响应客户端失败: %w", err)
}
return nil
}
func (s *Service) sendProxy(conn net.Conn, tag [16]byte, addr string) (err error) {
if len(addr) > 65535 {
return fmt.Errorf("代理地址过长: %s", addr)
}
buf := make([]byte, 1+16+2+len(addr))
buf[0] = byte(CtrlCmdProxy)
copy(buf[1:], tag[:])
binary.BigEndian.PutUint16(buf[17:], uint16(len(addr)))
copy(buf[19:], addr)
_, err = conn.Write(buf)
if err != nil {
return fmt.Errorf("发送代理命令失败: %w", err)
}
return nil
}

166
gateway/fwd/data.go Normal file
View File

@@ -0,0 +1,166 @@
package fwd
import (
"bufio"
"errors"
"fmt"
"github.com/google/uuid"
"io"
"log/slog"
"net"
"proxy-server/gateway/debug"
"proxy-server/gateway/env"
"proxy-server/gateway/fwd/metrics"
"proxy-server/pkg/utils"
"strconv"
"sync"
"time"
)
func (s *Service) listenData() error {
dataPort := env.AppDataPort
slog.Debug("监听数据通道", slog.Uint64("port", uint64(dataPort)))
// 监听端口
ls, err := net.Listen("tcp", ":"+strconv.Itoa(int(dataPort)))
if err != nil {
return fmt.Errorf("监听数据通道失败: %w", err)
}
defer utils.Close(ls)
// 异步等待连接
var connCh = make(chan net.Conn)
go func() {
for {
conn, err := ls.Accept()
if errors.Is(err, net.ErrClosed) {
slog.Debug("数据通道监听关闭")
return
}
if err != nil {
slog.Error("接受数据通道连接失败", "err", err)
return
}
select {
case connCh <- conn:
case <-s.ctx.Done():
utils.Close(conn)
return
}
}
}()
// 处理连接
for {
select {
case <-s.ctx.Done():
return nil
case conn := <-connCh:
s.dataConnWg.Add(1)
go func() {
defer s.dataConnWg.Done()
defer utils.Close(conn)
err := s.processDataConn(conn)
if err != nil {
slog.Error("处理数据通道连接失败", "err", err)
}
}()
}
}
}
func (s *Service) processDataConn(client net.Conn) error {
var reader = bufio.NewReader(client)
// 接收连接结果
var buf = make([]byte, 17)
_, err := io.ReadFull(reader, buf)
if err != nil {
return fmt.Errorf("从客户端获取连接结果失败: %w", err)
}
tag := buf[0:16]
status := buf[16]
// 加载用户连接
var tagStr = uuid.UUID(tag).String()
user, ok := s.userConnMap.LoadAndDelete(tagStr)
if !ok {
return fmt.Errorf("用户连接已关闭tag%s", tagStr)
}
defer utils.Close(user)
// 检查状态
if status != 1 {
return errors.New("目标地址建立连接失败")
}
// 转发数据
data := time.Now()
userPipeReader, userPipeWriter := io.Pipe()
defer utils.Close(userPipeWriter)
teeUser := io.TeeReader(user, userPipeWriter)
go func() {
err := analysisAndLog(user, userPipeReader)
if err != nil {
slog.Error("数据解析失败", "err", err)
}
}()
wg := sync.WaitGroup{}
wg.Add(2)
go func() {
defer wg.Done()
_, err := io.Copy(client, teeUser)
if err != nil {
slog.Error("数据转发失败 user->client", "err", err)
}
}()
go func() {
defer wg.Done()
_, err := io.Copy(user, reader)
if err != nil {
slog.Error("数据转发失败 client->user", "err", err)
}
}()
select {
case <-s.ctx.Done():
return nil
case <-utils.WgWait(&wg):
proxy := time.Now()
start, startOk := metrics.TimerStart.Load(user.Conn)
auth, authOk := metrics.TimerAuth.Load(user.Conn)
var authDuration time.Duration
if startOk && authOk {
authDuration = auth.(time.Time).Sub(start.(time.Time))
}
var dataDuration time.Duration
if authOk {
dataDuration = data.Sub(auth.(time.Time))
}
proxyDuration := proxy.Sub(data)
var totalDuration time.Duration
if startOk {
totalDuration = proxy.Sub(start.(time.Time))
}
debug.ConsumingCh <- debug.Consuming{
Auth: authDuration,
Data: dataDuration,
Proxy: proxyDuration,
Total: totalDuration,
}
return nil
}
}

170
gateway/fwd/dispatcher/dispatch.go Normal file
View File

@@ -0,0 +1,170 @@
package dispatcher
import (
"context"
"fmt"
"log/slog"
"net"
"proxy-server/gateway/core"
"proxy-server/gateway/fwd/http"
"proxy-server/gateway/fwd/metrics"
"proxy-server/gateway/fwd/socks"
"proxy-server/pkg/utils"
"strconv"
"strings"
"time"
"errors"
"github.com/soheilhy/cmux"
)
type Server struct {
ctx context.Context
cancel context.CancelFunc
readTimeout time.Duration
Port uint16
Conn chan *core.Conn
}
func New(port uint16, readTimeout time.Duration) (*Server, error) {
if port == 0 {
return nil, errors.New("port is required")
}
ctx, cancel := context.WithCancel(context.Background())
return &Server{
ctx,
cancel,
readTimeout,
port,
make(chan *core.Conn),
}, nil
}
func (s *Server) Close() {
s.cancel()
}
func (s *Server) Run() error {
port := strconv.Itoa(int(s.Port))
ls, err := net.Listen("tcp", ":"+port)
if err != nil {
return fmt.Errorf("dispatcher 监听失败: %w", err)
}
defer utils.Close(ls)
m := cmux.New(ls)
m.SetReadTimeout(s.readTimeout)
defer m.Close()
socksLs := m.Match(cmux.PrefixMatcher(string([]byte{0x05})))
go func() {
err = s.acceptSocks(socksLs)
if err != nil {
if strings.Contains(err.Error(), "mux: server closed") {
return
}
slog.Warn("dispatcher socks accept error", "err", err)
}
}()
httpLs := m.Match(cmux.HTTP1Fast("PATCH"))
go func() {
err = s.acceptHttp(httpLs)
if err != nil {
if strings.Contains(err.Error(), "mux: server closed") {
return
}
slog.Warn("dispatcher http accept error", "err", err)
}
}()
errCh := make(chan error, 1)
go func() {
defer close(errCh)
err = m.Serve()
if err != nil {
err = fmt.Errorf("dispatcher serve error: %w", err)
}
errCh <- err
}()
err = nil
select {
case <-s.ctx.Done():
case err = <-errCh:
}
close(s.Conn)
return err
}
func (s *Server) acceptHttp(ls net.Listener) error {
for {
conn, err := ls.Accept()
if err != nil {
if errors.Is(err, net.ErrClosed) {
return nil
}
var ne net.Error
if errors.As(err, &ne) && ne.Temporary() {
continue
}
return fmt.Errorf("dispatcher http accept error: %w", err)
}
metrics.TimerStart.Store(conn, time.Now())
go func() {
user, err := http.Process(s.ctx, conn)
if err != nil {
slog.Error("处理 http 连接失败", "err", err)
utils.Close(conn)
return
}
select {
case <-s.ctx.Done():
utils.Close(user)
case s.Conn <- user:
}
}()
}
}
func (s *Server) acceptSocks(ls net.Listener) error {
for {
conn, err := ls.Accept()
if err != nil {
if errors.Is(err, net.ErrClosed) {
return nil
}
var ne net.Error
if errors.As(err, &ne) && ne.Temporary() {
continue
}
return fmt.Errorf("dispatcher socks accept error: %w", err)
}
metrics.TimerStart.Store(conn, time.Now())
go func() {
user, err := socks.Process(s.ctx, conn)
if err != nil {
slog.Error("处理 socks 连接失败", "err", err)
utils.Close(conn)
return
}
select {
case <-s.ctx.Done():
utils.Close(user)
case s.Conn <- user:
}
}()
}
}
type Conn struct {
}

82
gateway/fwd/fwd.go Normal file
View File

@@ -0,0 +1,82 @@
package fwd
import (
"context"
"log/slog"
"proxy-server/gateway/core"
"proxy-server/pkg/utils"
"sync"
)
type Service struct {
ctx context.Context
cancel context.CancelFunc
userConnMap core.SyncMap[string, *core.Conn]
fwdLesWg utils.CountWaitGroup
ctrlConnWg utils.CountWaitGroup
dataConnWg utils.CountWaitGroup
userConnWg utils.CountWaitGroup
}
func New() *Service {
ctx, cancel := context.WithCancel(context.Background())
return &Service{
ctx: ctx,
cancel: cancel,
}
}
func (s *Service) Run() error {
slog.Debug("启动转发服务")
errQuit := make(chan struct{}, 2)
defer close(errQuit)
wg := sync.WaitGroup{}
// 控制通道
wg.Add(1)
go func() {
defer wg.Done()
err := s.listenCtrl()
if err != nil {
slog.Error("fwd 控制通道监听发生错误", "err", err)
errQuit <- struct{}{}
return
}
}()
// 数据通道
wg.Add(1)
go func() {
defer wg.Done()
err := s.listenData()
if err != nil {
slog.Error("fwd 数据通道监听发生错误", "err", err)
errQuit <- struct{}{}
return
}
}()
// 等待退出
select {
case <-s.ctx.Done():
case <-errQuit:
slog.Warn("fwd 服务异常退出")
s.Stop()
}
wg.Wait()
s.fwdLesWg.Wait()
s.ctrlConnWg.Wait()
s.userConnWg.Wait()
s.dataConnWg.Wait()
return nil
}
func (s *Service) Stop() {
s.cancel()
}

185
gateway/fwd/http/http.go Normal file
View File

@@ -0,0 +1,185 @@
package http
import (
"bufio"
"context"
"encoding/base64"
"fmt"
"github.com/google/uuid"
"io"
"net"
"net/textproto"
"net/url"
"proxy-server/gateway/core"
"proxy-server/gateway/fwd/auth"
"strings"
"errors"
)
type Request struct {
conn net.Conn
reader *bufio.Reader
method string
uri string
proto string
headers *textproto.MIMEHeader
auth *core.AuthContext
dest *core.FwdAddr
}
func Process(ctx context.Context, conn net.Conn) (*core.Conn, error) {
reader := bufio.NewReader(conn)
textReader := textproto.NewReader(reader)
// 首行
line, err := textReader.ReadLine()
if err != nil {
return nil, err
}
parts := strings.Fields(line)
if len(parts) != 3 {
return nil, errors.New("无效的 http 请求")
}
// 请求头
headers, err := textReader.ReadMIMEHeader()
if err != nil {
return nil, fmt.Errorf("解析请求头失败: %v", err)
}
// 验证账号
authInfo := headers.Get("Proxy-Authorization")
var username *string = nil
var password *string = nil
if authInfo != "" {
authParts := strings.Split(authInfo, " ")
if len(authParts) != 2 {
return nil, errors.New("无效的 Proxy-Authorization")
}
if authParts[0] != "Basic" {
return nil, errors.New("不支持的认证方式")
}
authBytes, err := base64.URLEncoding.DecodeString(authParts[1])
if err != nil {
return nil, fmt.Errorf("解码认证信息失败: %v", err)
}
authPair := strings.Split(string(authBytes), ":")
username = &authPair[0]
password = &authPair[1]
}
authCtx, err := auth.Protect(conn, auth.Http, username, password)
if err != nil {
_, err = conn.Write([]byte("HTTP/1.1 407 Proxy Authentication Required\r\n\r\n"))
if err != nil {
return nil, fmt.Errorf("响应 407 失败: %v", err)
}
return nil, fmt.Errorf("验证账号失败: %v", err)
}
// 获取 Host
host := headers.Get("Host")
if host == "" {
return nil, errors.New("无效的 Host")
}
if !strings.Contains(host, ":") {
host += ":80"
}
addr, err := net.ResolveTCPAddr("tcp", host)
if err != nil {
return nil, fmt.Errorf("解析 Host 失败: %v", err)
}
request := &Request{
conn: conn,
reader: reader,
method: parts[0],
uri: parts[1],
proto: parts[2],
headers: &headers,
dest: &core.FwdAddr{
IP: addr.IP,
Port: addr.Port,
Domain: host,
},
auth: authCtx,
}
var user *core.Conn
if parts[0] == "CONNECT" {
user, err = processHttps(ctx, request)
if err != nil {
return nil, err
}
} else {
user, err = processHttp(ctx, request)
if err != nil {
return nil, err
}
}
return user, nil
}
func processHttps(ctx context.Context, req *Request) (*core.Conn, error) {
// 响应 CONNECT
_, err := req.conn.Write([]byte("HTTP/1.1 200 Connection Established\r\n\r\n"))
if err != nil {
return nil, fmt.Errorf("响应 CONNECT 失败: %v", err)
}
return &core.Conn{
Conn: req.conn,
Reader: req.reader,
Tag: uuid.New(),
Protocol: "http",
Dest: req.dest,
Auth: req.auth,
}, nil
}
func processHttp(ctx context.Context, req *Request) (*core.Conn, error) {
// 修改请求头
rawUrl, err := url.Parse(req.uri)
if err != nil {
return nil, fmt.Errorf("解析请求地址失败: %v", err)
}
rawUrl.Scheme = ""
rawUrl.Host = ""
req.uri = rawUrl.String()
req.headers.Del("Proxy-Authorization")
// 构造请求
sb := strings.Builder{}
sb.WriteString(req.method)
sb.WriteString(" ")
sb.WriteString(req.uri)
sb.WriteString(" ")
sb.WriteString(req.proto)
sb.WriteString("\r\n")
for k, v := range *req.headers {
sb.WriteString(k)
sb.WriteString(": ")
sb.WriteString(strings.Join(v, ","))
sb.WriteString("\r\n")
}
sb.WriteString("\r\n")
mReader := io.MultiReader(strings.NewReader(sb.String()), req.conn)
newReader := bufio.NewReader(mReader)
return &core.Conn{
Conn: req.conn,
Reader: newReader,
Tag: uuid.New(),
Protocol: "http",
Dest: req.dest,
Auth: req.auth,
}, nil
}

6
gateway/fwd/metrics/debug.go Normal file
View File

@@ -0,0 +1,6 @@
package metrics
import "sync"
var TimerStart sync.Map
var TimerAuth sync.Map

374
gateway/fwd/socks/socks.go Normal file
View File

@@ -0,0 +1,374 @@
package socks
import (
"bufio"
"context"
"encoding/binary"
"errors"
"fmt"
"github.com/google/uuid"
"io"
"log/slog"
"net"
"proxy-server/gateway/core"
"proxy-server/gateway/fwd/auth"
"proxy-server/pkg/utils"
"slices"
)
const (
Version = byte(5)
AuthVersion = byte(1)
)
const (
NoAuth = byte(0)
UserPassAuth = byte(2)
NoAcceptable = byte(0xFF)
)
const (
AuthSuccess = byte(0)
AuthFailure = byte(1)
)
const (
ConnectCommand = byte(1)
BindCommand = byte(2)
AssociateCommand = byte(3)
)
const (
ipv4Address = byte(1)
fqdnAddress = byte(3)
ipv6Address = byte(4)
)
const (
successReply byte = iota
serverFailure
ruleFailure
networkUnreachable
hostUnreachable
connectionRefused
ttlExpired
commandNotSupported
addrTypeNotSupported
)
// Process 处理连接
func Process(ctx context.Context, conn net.Conn) (*core.Conn, error) {
reader := bufio.NewReader(conn)
// 认证
authCtx, err := authenticate(ctx, reader, conn)
if err != nil {
return nil, fmt.Errorf("认证失败: %w", err)
}
// 处理连接请求
request, err := request(ctx, reader, conn)
if err != nil {
return nil, fmt.Errorf("处理连接请求失败: %w", err)
}
// 代理连接
if request.Command != ConnectCommand {
return nil, fmt.Errorf("不支持的连接指令: %d", request.Command)
}
// 响应成功
err = sendReply(conn, successReply, request.DestAddr)
return &core.Conn{
Conn: conn,
Reader: reader,
Protocol: "socks5",
Tag: uuid.New(),
Dest: request.DestAddr,
Auth: authCtx,
}, nil
}
// checkVersion 检查客户端版本
func checkVersion(reader io.Reader) error {
version, err := utils.ReadByte(reader)
if err != nil {
return err
}
if version != Version {
return errors.New("客户端版本不兼容")
}
return nil
}
// authenticate 执行认证流程
func authenticate(ctx context.Context, reader *bufio.Reader, conn net.Conn) (authContext *core.AuthContext, err error) {
// 版本检查
err = checkVersion(reader)
if err != nil {
return nil, err
}
// 获取客户端认证方式
nAuth, err := utils.ReadByte(reader)
if err != nil {
return nil, err
}
methods, err := utils.ReadBuffer(reader, int(nAuth))
if err != nil {
return nil, err
}
if slices.Contains(methods, UserPassAuth) {
_, err := conn.Write([]byte{Version, byte(UserPassAuth)})
if err != nil {
return nil, fmt.Errorf("响应认证方式失败: %w", err)
}
// 检查认证版本
slog.Debug("验证认证版本")
v, err := utils.ReadByte(reader)
if err != nil {
return nil, fmt.Errorf("读取版本号失败: %w", err)
}
if v != AuthVersion {
_, err := conn.Write([]byte{Version, AuthFailure})
if err != nil {
return nil, fmt.Errorf("响应认证失败: %w", err)
}
return nil, fmt.Errorf("认证版本参数不正确: %w", err)
}
// 读取账号
slog.Debug("验证用户账号")
uLen, err := utils.ReadByte(reader)
if err != nil {
return nil, fmt.Errorf("读取用户名长度失败: %w", err)
}
usernameBuf, err := utils.ReadBuffer(reader, int(uLen))
if err != nil {
return nil, fmt.Errorf("读取用户名失败: %w", err)
}
username := string(usernameBuf)
// 读取密码
pLen, err := utils.ReadByte(reader)
if err != nil {
return nil, fmt.Errorf("读取密码长度失败: %w", err)
}
passwordBuf, err := utils.ReadBuffer(reader, int(pLen))
if err != nil {
return nil, fmt.Errorf("读取密码失败: %w", err)
}
password := string(passwordBuf)
// 检查权限
authContext, err = auth.Protect(conn, auth.Socks5, &username, &password)
if err != nil {
return nil, fmt.Errorf("权限检查失败: %w", err)
}
// 响应认证成功
_, err = conn.Write([]byte{AuthVersion, AuthSuccess})
if err != nil {
return nil, fmt.Errorf("响应认证成功失败: %w", err)
}
return authContext, nil
} else if slices.Contains(methods, NoAuth) {
_, err = conn.Write([]byte{Version, NoAuth})
if err != nil {
return nil, fmt.Errorf("响应认证方式失败: %w", err)
}
authContext, err = auth.Protect(conn, auth.Socks5, nil, nil)
if err != nil {
return nil, fmt.Errorf("权限检查失败: %w", err)
}
return authContext, nil
} else {
_, err = conn.Write([]byte{Version, NoAcceptable})
if err != nil {
return nil, err
}
return nil, errors.New("没有适用的认证方式")
}
}
type Request struct {
Command uint8
DestAddr *core.FwdAddr
}
// request 处理连接请求
func request(ctx context.Context, reader io.Reader, writer io.Writer) (*Request, error) {
// 检查版本
err := checkVersion(reader)
if err != nil {
return nil, err
}
// 检查连接命令
command, err := utils.ReadByte(reader)
if err != nil {
return nil, err
}
if command != ConnectCommand && command != BindCommand && command != AssociateCommand {
err = sendReply(writer, commandNotSupported, nil)
if err != nil {
return nil, err
}
return nil, errors.New("不支持该连接指令")
}
// 跳过保留字段 rsv
_, err = utils.ReadByte(reader)
if err != nil {
return nil, err
}
// 获取目标地址
dest, err := parseTarget(reader, writer)
if err != nil {
return nil, err
}
request := &Request{
Command: command,
DestAddr: dest,
}
return request, nil
}
func parseTarget(reader io.Reader, writer io.Writer) (*core.FwdAddr, error) {
dest := &core.FwdAddr{}
aTypeBuf, err := utils.ReadByte(reader)
if err != nil {
return nil, err
}
switch aTypeBuf {
case ipv4Address:
addr := make([]byte, 4)
_, err := io.ReadFull(reader, addr)
if err != nil {
return nil, err
}
dest.IP = addr
case ipv6Address:
addr := make([]byte, 16)
_, err := io.ReadFull(reader, addr)
if err != nil {
return nil, err
}
dest.IP = addr
case fqdnAddress:
aLenBuf := make([]byte, 1)
_, err := reader.Read(aLenBuf)
if err != nil {
return nil, err
}
fqdnBuff := make([]byte, int(aLenBuf[0]))
_, err = io.ReadFull(reader, fqdnBuff)
if err != nil {
return nil, err
}
dest.Domain = string(fqdnBuff)
// 域名解析
addr, err := net.ResolveIPAddr("ip", dest.Domain)
if err != nil {
err := sendReply(writer, hostUnreachable, nil)
if err != nil {
return nil, fmt.Errorf("failed to send reply: %v", err)
}
return nil, fmt.Errorf("failed to resolve destination '%v': %v", dest.Domain, err)
}
dest.IP = addr.IP
default:
err := sendReply(writer, addrTypeNotSupported, nil)
if err != nil {
return nil, err
}
return nil, fmt.Errorf("unrecognized address type")
}
portBuf := make([]byte, 2)
_, err = io.ReadFull(reader, portBuf)
if err != nil {
return nil, err
}
dest.Port = int(binary.BigEndian.Uint16(portBuf))
return dest, nil
}
func sendReply(w io.Writer, resp uint8, addr *core.FwdAddr) error {
var addrType uint8
var addrBody []byte
var addrPort uint16
switch {
case addr == nil:
addrType = ipv4Address
addrBody = []byte{0, 0, 0, 0}
addrPort = 0
case addr.Domain != "":
addrType = fqdnAddress
addrBody = append([]byte{byte(len(addr.Domain))}, addr.Domain...)
addrPort = uint16(addr.Port)
case addr.IP.To4() != nil:
addrType = ipv4Address
addrBody = addr.IP.To4()
addrPort = uint16(addr.Port)
case addr.IP.To16() != nil:
addrType = ipv6Address
addrBody = addr.IP.To16()
addrPort = uint16(addr.Port)
default:
return fmt.Errorf("failed to format address: %v", addr)
}
msg := make([]byte, 6+len(addrBody))
msg[0] = Version
msg[1] = resp
msg[2] = 0 // Reserved
msg[3] = addrType
copy(msg[4:], addrBody)
msg[4+len(addrBody)] = byte(addrPort >> 8)
msg[4+len(addrBody)+1] = byte(addrPort & 0xff)
_, err := w.Write(msg)
return err
}
func SendSuccess(user net.Conn, target net.Conn) error {
local := target.LocalAddr().(*net.TCPAddr)
bind := core.FwdAddr{IP: local.IP, Port: local.Port}
err := sendReply(user, successReply, &bind)
if err != nil {
return err
}
return nil
}

82
gateway/fwd/user.go Normal file
View File

@@ -0,0 +1,82 @@
package fwd
import (
"context"
"encoding/hex"
"errors"
"log/slog"
"net"
"proxy-server/gateway/core"
"proxy-server/gateway/env"
"proxy-server/gateway/fwd/dispatcher"
"proxy-server/gateway/fwd/metrics"
"proxy-server/pkg/utils"
"time"
)
func (s *Service) listenUser(port uint16, ctrl net.Conn) error {
dspt, err := dispatcher.New(port, time.Duration(env.AppUserTimeout)*time.Second)
if err != nil {
return err
}
defer dspt.Close()
go func() {
err := dspt.Run()
if err != nil {
slog.Error("代理服务运行失败", "err", err)
}
}()
// 处理连接
for {
select {
case <-s.ctx.Done():
return nil
case user := <-dspt.Conn:
metrics.TimerAuth.Store(user.Conn, time.Now())
s.userConnWg.Add(1)
go func() {
defer s.userConnWg.Done()
err := s.processUserConn(user, ctrl)
if err != nil {
slog.Error("处理用户连接失败", "err", err)
utils.Close(user)
}
}()
}
}
}
func (s *Service) processUserConn(user *core.Conn, ctrl net.Conn) (err error) {
// 发送代理命令
err = s.sendProxy(ctrl, user.Tag, user.Dest.String())
if err != nil {
return err
}
// 保存用户连接
s.userConnMap.Store(hex.EncodeToString(user.Tag[:]), user)
// 如果限定时间内没有建立数据通道,则关闭连接
var timeout, cancel = context.WithTimeout(context.Background(), time.Duration(env.AppDataTimeout)*time.Second)
defer cancel()
select {
case <-timeout.Done():
err = timeout.Err()
case <-s.ctx.Done():
err = s.ctx.Err()
}
_, ok := s.userConnMap.LoadAndDelete(hex.EncodeToString(user.Tag[:]))
if ok {
utils.Close(user)
if errors.Is(err, context.DeadlineExceeded) {
slog.Error("用户连接超时", "tag", hex.EncodeToString(user.Tag[:]), "addr", user.RemoteAddr().String())
}
}
return nil
}

198
gateway/gateway.go Normal file
View File

@@ -0,0 +1,198 @@
package gateway
import (
"context"
"fmt"
"log/slog"
"os"
"os/signal"
"proxy-server/gateway/app"
"proxy-server/gateway/core"
"proxy-server/gateway/debug"
"proxy-server/gateway/env"
"proxy-server/gateway/fwd"
g "proxy-server/gateway/globals"
"proxy-server/gateway/log"
"proxy-server/gateway/report"
"proxy-server/gateway/web"
"proxy-server/pkg/utils"
"sync"
"time"
"github.com/google/uuid"
"github.com/joho/godotenv"
_ "net/http/pprof"
)
type server struct {
}
func New() *server {
return &server{}
}
func (s *server) Run() (err error) {
// 初始化
err = s.init()
if err != nil {
return err
}
// 恢复服务状态
err = s.restore()
if err != nil {
return err
}
// 准备子服务
ctx, cancel := signal.NotifyContext(context.Background(), os.Interrupt, os.Kill)
defer cancel()
wg := sync.WaitGroup{}
// 转发服务
wg.Add(1)
fwdQuit := make(chan error, 1)
defer close(fwdQuit)
go func() {
defer wg.Done()
err = s.startFwd(ctx)
fwdQuit <- err
}()
// 接口服务
wg.Add(1)
apiQuit := make(chan error, 1)
defer close(apiQuit)
go func() {
defer wg.Done()
err := s.startWeb(ctx)
apiQuit <- err
}()
// debug
go func() {
debug.Start(ctx)
}()
// 性能监控
// go func() {
// runtime.SetBlockProfileRate(1)
// err := http.ListenAndServe(":6060", nil)
// if err != nil {
// slog.Error("性能监控服务发生错误", "err", err)
// }
// }()
// 报告上线
slog.Debug("报告服务上线")
err = report.Online(app.Name)
if err != nil {
return fmt.Errorf("服务上线失败: %w", err)
}
select {
case <-ctx.Done():
case err := <-fwdQuit:
if err != nil {
slog.Warn("fwd 服务异常退出", "err", err)
}
case err := <-apiQuit:
if err != nil {
slog.Warn("web 服务异常退出", "err", err)
}
}
cancel()
// 主协程退出流程
wg.Add(1)
go func() {
defer wg.Done()
// 报告下线
slog.Debug("报告服务下线")
err = report.Offline(app.Name)
if err != nil {
slog.Error("服务下线失败", "err", err)
}
// 关闭 redis
g.ExitRedis()
}()
// 等待其它服务关闭
select {
case <-utils.WgWait(&wg):
slog.Info("服务正常关闭")
case <-time.After(time.Duration(env.AppExitTimeout) * time.Second):
slog.Warn("超时强制关闭")
}
return nil
}
func (s *server) init() error {
err := godotenv.Load()
if err != nil {
println("没有本地环境变量文件")
}
log.Init()
env.Init()
g.InitRedis()
return nil
}
func (s *server) restore() error {
var file = "proxy.lock"
bytes, err := os.ReadFile(file)
if err != nil {
return err
}
if len(bytes) == 17 && bytes[0] == core.RestoreMagic {
app.Name = uuid.UUID(bytes[1:]).String()
slog.Info("恢复服务名称", "name", app.Name)
} else {
var u = uuid.New()
app.Name = u.String()
bytes = make([]byte, 17)
bytes[0] = core.RestoreMagic
copy(bytes[1:], u[:])
err := os.WriteFile(file, bytes, 0644)
if err != nil {
return err
}
slog.Info("生成服务名称", "name", app.Name)
}
return nil
}
func (s *server) startFwd(ctx context.Context) error {
server := fwd.New()
go func() {
<-ctx.Done()
server.Stop()
}()
return server.Run()
}
func (s *server) startWeb(ctx context.Context) error {
server := web.New()
go func() {
<-ctx.Done()
err := server.Stop()
if err != nil {
slog.Error("web 服务关闭发生错误", "err", err)
}
}()
return server.Run()
}

27
gateway/globals/redis.go Normal file
View File

@@ -0,0 +1,27 @@
package globals
import (
"github.com/redis/go-redis/v9"
"log/slog"
"net"
"proxy-server/gateway/env"
)
var Redis *redis.Client
func InitRedis() {
Redis = redis.NewClient(&redis.Options{
Addr: net.JoinHostPort(env.RedisHost, env.RedisPort),
DB: env.RedisDb,
Password: env.RedisPass,
})
}
func ExitRedis() {
if Redis != nil {
var err = Redis.Close()
if err != nil {
slog.Warn("关闭 Redis 连接失败", "err", err)
}
}
}

43
gateway/log/logs.go Normal file
View File

@@ -0,0 +1,43 @@
package log
import (
"log/slog"
"os"
"proxy-server/gateway/env"
"time"
"github.com/lmittmann/tint"
"github.com/mattn/go-colorable"
)
func Init() {
var mode = env.AppLogMode
var level = slog.LevelDebug
if mode == "test" {
level = slog.LevelInfo
}
switch mode {
case "dev":
writer := colorable.NewColorable(os.Stdout)
logger := slog.New(tint.NewHandler(writer, &tint.Options{
Level: level,
TimeFormat: time.RFC3339,
ReplaceAttr: func(_ []string, attr slog.Attr) slog.Attr {
err, ok := attr.Value.Any().(error)
if ok {
return tint.Err(err)
}
return attr
},
}))
slog.SetDefault(logger)
case "test":
logger := slog.New(slog.NewJSONHandler(os.Stdout, &slog.HandlerOptions{
Level: level,
}))
slog.SetDefault(logger)
default:
panic("日志模式错误")
}
}

88
gateway/report/report.go Normal file
View File

@@ -0,0 +1,88 @@
package report
import (
"encoding/base64"
"encoding/json"
"fmt"
"io"
"net/http"
"proxy-server/gateway/app"
"proxy-server/gateway/core"
"proxy-server/gateway/env"
"strings"
)
func Online(name string) (err error) {
var resp string
resp, err = call(env.EndpointOnline, map[string]any{
"name": name,
"version": core.Version,
})
if err != nil {
return err
}
var body struct {
Id int32 `json:"id"`
Secret string `json:"secret"`
}
err = json.Unmarshal([]byte(resp), &body)
if err != nil {
return err
}
app.Id = body.Id
app.PlatformSecret = body.Secret
return nil
}
func Offline(name string) (err error) {
_, err = call(env.EndpointOffline, map[string]any{
"name": name,
"version": core.Version,
})
return err
}
func Assigned(edgeId int32, port uint16) (err error) {
_, err = call(env.EndpointAssigned, map[string]any{
"proxy": app.Id,
"edge": edgeId,
"port": port,
})
return err
}
func call(endpoint string, body any) (string, error) {
bodyStr, err := json.Marshal(body)
if err != nil {
panic(err)
}
req, err := http.NewRequest("POST", endpoint, strings.NewReader(string(bodyStr)))
if err != nil {
panic(err)
}
var auth = base64.RawURLEncoding.EncodeToString([]byte(env.ClientId + ":" + env.ClientSecret))
var basic = fmt.Sprintf("Basic %s", auth)
req.Header.Set("Authorization", basic)
req.Header.Set("Content-Type", "application/json")
resp, err := http.DefaultClient.Do(req)
if err != nil {
return "", err
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
return "", fmt.Errorf("请求失败,状态码:%d", resp.StatusCode)
}
respBody, err := io.ReadAll(resp.Body)
if err != nil {
return "", err
}
return string(respBody), nil
}

32
gateway/web/handlers/auth.go Normal file
View File

@@ -0,0 +1,32 @@
package handlers
import (
"github.com/gofiber/fiber/v2"
"proxy-server/gateway/app"
"proxy-server/gateway/core"
)
type AuthReq struct {
Port uint16 `json:"port"`
core.Permit
}
func Auth(ctx *fiber.Ctx) (err error) {
// 安全验证
var sec core.SecuredReq
if err := ctx.BodyParser(&sec); err != nil {
return err
}
// 获取请求参数
req, err := core.Decrypt[AuthReq](&sec, app.PlatformSecret)
if err != nil {
return err
}
// 保存授权配置
app.Permits.Store(req.Port, &req.Permit)
return nil
}

35
gateway/web/handlers/debug.go Normal file
View File

@@ -0,0 +1,35 @@
package handlers
import (
"fmt"
"github.com/gofiber/fiber/v2"
"proxy-server/gateway/debug"
"slices"
)
func GetConsuming(c *fiber.Ctx) error {
list := debug.ConsumingList()
// sort by total time
slices.SortFunc(list, func(a debug.Consuming, b debug.Consuming) int {
if a.Total < b.Total {
return 1
} else if a.Total > b.Total {
return -1
}
return 0
})
// map to string
strList := make([]string, len(list))
for i := 0; i < len(list); i++ {
times := list[i]
strList[i] = fmt.Sprintf("Auth: %s, Data: %s, Proxy: %s, Total: %s", times.Auth, times.Data, times.Proxy, times.Total)
}
return c.JSON(strList)
}
func RestConsuming(c *fiber.Ctx) error {
debug.InitConsumingList()
return c.JSON(fiber.Map{
"message": "success",
})
}

12
gateway/web/router.go Normal file
View File

@@ -0,0 +1,12 @@
package web
import (
"github.com/gofiber/fiber/v2"
"proxy-server/gateway/web/handlers"
)
func Router(r *fiber.App) {
var debug = r.Group("/debug")
debug.Get("/debug/consuming/list", handlers.GetConsuming)
debug.Get("/debug/consuming/reset", handlers.RestConsuming)
}

41
gateway/web/web.go Normal file
View File

@@ -0,0 +1,41 @@
package web
import (
"proxy-server/gateway/env"
"strconv"
"github.com/gofiber/fiber/v2"
)
type Server struct {
web *fiber.App
}
func New() *Server {
return &Server{}
}
func (s *Server) Run() error {
s.web = fiber.New()
// 配置中间件和路由
Router(s.web)
// 启动服务
address := ":" + strconv.Itoa(int(env.AppWebPort))
err := s.web.Listen(address)
if err != nil {
return err
}
return nil
}
func (s *Server) Stop() error {
err := s.web.Shutdown()
if err != nil {
return err
}
return nil
}