按协议判断连接权限，优化权限检查效率

2025-03-08 11:40:52 +08:00
parent 5786ac9d99
commit f996a20823
11 changed files with 328 additions and 101 deletions
--- a/server/fwd/http/http.go
+++ b/server/fwd/http/http.go
@@ -8,6 +8,7 @@ import (
 	"net"
 	"net/textproto"
 	"net/url"
+	"proxy-server/server/fwd/auth"
 	"proxy-server/server/fwd/core"
 	"strings"

@@ -47,11 +48,16 @@ func Process(ctx context.Context, conn net.Conn) (*core.Conn, error) {

 	// 验证账号
 	authInfo := headers.Get("Proxy-Authorization")
-	var auth *core.AuthContext
+	var authCtx *core.AuthContext
+	var authErr error
 	if authInfo == "" {
-		auth, err = core.CheckIp(conn)
-		if err != nil {
-			return nil, errors.Wrap(err, "验证账号失败")
+		authCtx, authErr = auth.CheckIp(conn, auth.Http)
+		if authErr != nil {
+			_, err := conn.Write([]byte("HTTP/1.1 407 Proxy Authentication Required\r\n\r\n"))
+			if err != nil {
+				return nil, errors.Wrap(err, "响应 407 失败")
+			}
+			return nil, errors.Wrap(authErr, "验证账号失败")
 		}
 	} else {
 		authParts := strings.Split(authInfo, " ")
@@ -66,7 +72,14 @@ func Process(ctx context.Context, conn net.Conn) (*core.Conn, error) {
 			return nil, errors.Wrap(err, "解码认证信息失败")
 		}
 		authPair := strings.Split(string(authBytes), ":")
-		auth, err = core.CheckPass(conn, authPair[0], authPair[1])
+		authCtx, authErr = auth.CheckPass(conn, auth.Http, authPair[0], authPair[1])
+		if authErr != nil {
+			_, err := conn.Write([]byte("HTTP/1.1 407 Proxy Authentication Required\r\n\r\n"))
+			if err != nil {
+				return nil, errors.Wrap(err, "响应 407 失败")
+			}
+			return nil, errors.Wrap(authErr, "验证账号失败")
+		}
 	}

 	// 获取 Host
@@ -94,7 +107,7 @@ func Process(ctx context.Context, conn net.Conn) (*core.Conn, error) {
 			Port:   addr.Port,
 			Domain: host,
 		},
-		auth: auth,
+		auth: authCtx,
 	}

 	var user *core.Conn