123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186 |
- package outbound
- import (
- "bufio"
- "context"
- "crypto/tls"
- "encoding/base64"
- "errors"
- "fmt"
- "io"
- "net"
- "net/http"
- "strconv"
- N "github.com/metacubex/mihomo/common/net"
- "github.com/metacubex/mihomo/component/ca"
- "github.com/metacubex/mihomo/component/dialer"
- "github.com/metacubex/mihomo/component/proxydialer"
- C "github.com/metacubex/mihomo/constant"
- )
- type Http struct {
- *Base
- user string
- pass string
- tlsConfig *tls.Config
- option *HttpOption
- }
- type HttpOption struct {
- BasicOption
- Name string `proxy:"name"`
- Server string `proxy:"server"`
- Port int `proxy:"port"`
- UserName string `proxy:"username,omitempty"`
- Password string `proxy:"password,omitempty"`
- TLS bool `proxy:"tls,omitempty"`
- SNI string `proxy:"sni,omitempty"`
- SkipCertVerify bool `proxy:"skip-cert-verify,omitempty"`
- Fingerprint string `proxy:"fingerprint,omitempty"`
- Headers map[string]string `proxy:"headers,omitempty"`
- }
- // StreamConnContext implements C.ProxyAdapter
- func (h *Http) StreamConnContext(ctx context.Context, c net.Conn, metadata *C.Metadata) (net.Conn, error) {
- if h.tlsConfig != nil {
- cc := tls.Client(c, h.tlsConfig)
- err := cc.HandshakeContext(ctx)
- c = cc
- if err != nil {
- return nil, fmt.Errorf("%s connect error: %w", h.addr, err)
- }
- }
- if err := h.shakeHand(metadata, c); err != nil {
- return nil, err
- }
- return c, nil
- }
- // DialContext implements C.ProxyAdapter
- func (h *Http) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.Conn, err error) {
- return h.DialContextWithDialer(ctx, dialer.NewDialer(h.Base.DialOptions(opts...)...), metadata)
- }
- // DialContextWithDialer implements C.ProxyAdapter
- func (h *Http) DialContextWithDialer(ctx context.Context, dialer C.Dialer, metadata *C.Metadata) (_ C.Conn, err error) {
- if len(h.option.DialerProxy) > 0 {
- dialer, err = proxydialer.NewByName(h.option.DialerProxy, dialer)
- if err != nil {
- return nil, err
- }
- }
- c, err := dialer.DialContext(ctx, "tcp", h.addr)
- if err != nil {
- return nil, fmt.Errorf("%s connect error: %w", h.addr, err)
- }
- N.TCPKeepAlive(c)
- defer func(c net.Conn) {
- safeConnClose(c, err)
- }(c)
- c, err = h.StreamConnContext(ctx, c, metadata)
- if err != nil {
- return nil, err
- }
- return NewConn(c, h), nil
- }
- // SupportWithDialer implements C.ProxyAdapter
- func (h *Http) SupportWithDialer() C.NetWork {
- return C.TCP
- }
- func (h *Http) shakeHand(metadata *C.Metadata, rw io.ReadWriter) error {
- addr := metadata.RemoteAddress()
- HeaderString := "CONNECT " + addr + " HTTP/1.1\r\n"
- tempHeaders := map[string]string{
- "Host": addr,
- "User-Agent": "Go-http-client/1.1",
- "Proxy-Connection": "Keep-Alive",
- }
- for key, value := range h.option.Headers {
- tempHeaders[key] = value
- }
- if h.user != "" && h.pass != "" {
- auth := h.user + ":" + h.pass
- tempHeaders["Proxy-Authorization"] = "Basic " + base64.StdEncoding.EncodeToString([]byte(auth))
- }
- for key, value := range tempHeaders {
- HeaderString += key + ": " + value + "\r\n"
- }
- HeaderString += "\r\n"
- _, err := rw.Write([]byte(HeaderString))
- if err != nil {
- return err
- }
- resp, err := http.ReadResponse(bufio.NewReader(rw), nil)
- if err != nil {
- return err
- }
- if resp.StatusCode == http.StatusOK {
- return nil
- }
- if resp.StatusCode == http.StatusProxyAuthRequired {
- return errors.New("HTTP need auth")
- }
- if resp.StatusCode == http.StatusMethodNotAllowed {
- return errors.New("CONNECT method not allowed by proxy")
- }
- if resp.StatusCode >= http.StatusInternalServerError {
- return errors.New(resp.Status)
- }
- return fmt.Errorf("can not connect remote err code: %d", resp.StatusCode)
- }
- func NewHttp(option HttpOption) (*Http, error) {
- var tlsConfig *tls.Config
- if option.TLS {
- sni := option.Server
- if option.SNI != "" {
- sni = option.SNI
- }
- var err error
- tlsConfig, err = ca.GetSpecifiedFingerprintTLSConfig(&tls.Config{
- InsecureSkipVerify: option.SkipCertVerify,
- ServerName: sni,
- }, option.Fingerprint)
- if err != nil {
- return nil, err
- }
- }
- return &Http{
- Base: &Base{
- name: option.Name,
- addr: net.JoinHostPort(option.Server, strconv.Itoa(option.Port)),
- tp: C.Http,
- tfo: option.TFO,
- mpTcp: option.MPTCP,
- iface: option.Interface,
- rmark: option.RoutingMark,
- prefer: C.NewDNSPrefer(option.IPVersion),
- },
- user: option.UserName,
- pass: option.Password,
- tlsConfig: tlsConfig,
- option: &option,
- }, nil
- }
|