按协议判断连接权限，优化权限检查效率

2025-03-08 11:40:52 +08:00
parent 5786ac9d99
commit f996a20823
11 changed files with 328 additions and 101 deletions
--- a/server/fwd/socks/socks.go
+++ b/server/fwd/socks/socks.go
@@ -9,6 +9,7 @@ import (
 	"log/slog"
 	"net"
 	"proxy-server/pkg/utils"
+	"proxy-server/server/fwd/auth"
 	"proxy-server/server/fwd/core"
 	"slices"

@@ -60,7 +61,7 @@ func Process(ctx context.Context, conn net.Conn) (*core.Conn, error) {
 	reader := bufio.NewReader(conn)

 	// 认证
-	auth, err := authenticate(ctx, reader, conn)
+	authCtx, err := authenticate(ctx, reader, conn)
 	if err != nil {
 		return nil, errors.Wrap(err, "认证失败")
 	}
@@ -85,7 +86,7 @@ func Process(ctx context.Context, conn net.Conn) (*core.Conn, error) {
 		Protocol: "socks5",
 		Tag:      conn.RemoteAddr().String() + "_" + conn.LocalAddr().String(),
 		Dest:     request.DestAddr,
-		Auth:     auth,
+		Auth:     authCtx,
 	}, nil
 }

@@ -167,7 +168,7 @@ func authenticate(ctx context.Context, reader *bufio.Reader, conn net.Conn) (*co
 		password := string(passwordBuf)

 		// 检查权限
-		authContext, err := core.CheckPass(conn, username, password)
+		authContext, err := auth.CheckPass(conn, auth.Socks5, username, password)
 		if err != nil {
 			return nil, errors.Wrap(err, "权限检查失败")
 		}
@@ -188,12 +189,12 @@ func authenticate(ctx context.Context, reader *bufio.Reader, conn net.Conn) (*co
 			return nil, errors.Wrap(err, "响应认证方式失败")
 		}

-		authContext, err := core.CheckIp(conn)
+		authCtx, err := auth.CheckIp(conn, auth.Socks5)
 		if err != nil {
 			return nil, errors.Wrap(err, "权限检查失败")
 		}

-		return authContext, nil
+		return authCtx, nil
 	}

 	// 无适用的认证方式