chore(deps): upgrade dependencies in submodules

fix(http): correct Unwrap method and enhance error handling in Hijack method
- Updated the Hijack method in LazyResponseModifier and ResponseModifier to return a wrapped error for unsupported hijacking. - Added a nil check in LazyResponseModifier's Unwrap method to ensure safe access to the underlying ResponseWriter.
2026-01-16 08:26:49 +01:00 · 2025-12-08 14:17:14 +08:00 · 2025-12-08 14:06:58 +08:00 · 2025-12-08 13:45:53 +08:00 · 2025-12-08 10:46:00 +08:00 · 2025-12-05 18:26:34 +08:00
15 changed files with 62 additions and 101 deletions
--- a/.github/workflows/merge-main-into-compat.yml
+++ b/.github/workflows/merge-main-into-compat.yml
@@ -1,28 +0,0 @@
-name: Merge Main Into Compat
-
-on:
-  push:
-    tags:
-      - v*
-
-jobs:
-  merge:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - name: Configure git user
-        run: |
-          git config user.name "github-actions[bot]"
-          git config user.email "github-actions[bot]@users.noreply.github.com"
-      - name: Merge main into compat
-        run: |
-          git fetch origin compat
-          git checkout compat
-          git merge --no-edit origin/main
-      - name: Push compat
-        run: |
-          git push origin compat
--- a/3
+++ b/3
@@ -80,6 +80,7 @@ test:
 docker-build-test:
 	docker build -t godoxy .
 	docker build --build-arg=MAKE_ARGS=agent=1 -t godoxy-agent .
+	docker build --build-arg=MAKE_ARGS=socket-proxy=1 -t godoxy-socket-proxy .

 go_ver := $(shell go version | cut -d' ' -f3 | cut -d'o' -f2)
 files := $(shell find . -name go.mod -type f -or -name Dockerfile -type f)
@@ -110,7 +111,7 @@ mod-tidy:

 build:
 	mkdir -p $(shell dirname ${BIN_PATH})
-	cd ${PWD} && go build ${BUILD_FLAGS} -o ${BIN_PATH} ./cmd
+	go build -C ${PWD} ${BUILD_FLAGS} -o ${BIN_PATH} ./cmd
 	${POST_BUILD}

 run:
--- a/agent/go.mod
+++ b/agent/go.mod
@@ -41,7 +41,6 @@ require (
 	github.com/cloudwego/base64x v0.1.6 // indirect
 	github.com/containerd/errdefs v1.0.0 // indirect
 	github.com/containerd/errdefs/pkg v0.3.0 // indirect
-	github.com/coreos/go-oidc/v3 v3.17.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/diskfs/go-diskfs v1.7.0 // indirect
 	github.com/distribution/reference v0.6.0 // indirect
@@ -64,7 +63,6 @@ require (
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/goccy/go-json v0.10.5 // indirect
 	github.com/goccy/go-yaml v1.19.0 // indirect
-	github.com/golang-jwt/jwt/v5 v5.3.0 // indirect
 	github.com/gorilla/mux v1.8.1 // indirect
 	github.com/gotify/server/v2 v2.7.3 // indirect
 	github.com/jinzhu/copier v0.4.0 // indirect
@@ -118,7 +116,6 @@ require (
 	golang.org/x/crypto v0.45.0 // indirect
 	golang.org/x/mod v0.30.0 // indirect
 	golang.org/x/net v0.47.0 // indirect
-	golang.org/x/oauth2 v0.33.0 // indirect
 	golang.org/x/sync v0.18.0 // indirect
 	golang.org/x/sys v0.38.0 // indirect
 	golang.org/x/text v0.31.0 // indirect
--- a/go.work
+++ b/go.work
@@ -1,7 +0,0 @@
-go 1.25.5
-
-use (
-	.
-	./agent
-	./socket-proxy
-)
--- a/2
+++ b/2
--- a/internal/autocert/config.go
+++ b/internal/autocert/config.go
@@ -16,16 +16,17 @@ import (
 	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/internal/common"
 	gperr "github.com/yusing/goutils/errs"
+	strutils "github.com/yusing/goutils/strings"
 )

 type Config struct {
-	Email       string         `json:"email,omitempty"`
-	Domains     []string       `json:"domains,omitempty"`
-	CertPath    string         `json:"cert_path,omitempty"`
-	KeyPath     string         `json:"key_path,omitempty"`
-	ACMEKeyPath string         `json:"acme_key_path,omitempty"`
-	Provider    string         `json:"provider,omitempty"`
-	Options     map[string]any `json:"options,omitempty"`
+	Email       string                       `json:"email,omitempty"`
+	Domains     []string                     `json:"domains,omitempty"`
+	CertPath    string                       `json:"cert_path,omitempty"`
+	KeyPath     string                       `json:"key_path,omitempty"`
+	ACMEKeyPath string                       `json:"acme_key_path,omitempty"`
+	Provider    string                       `json:"provider,omitempty"`
+	Options     map[string]strutils.Redacted `json:"options,omitempty"`

 	Resolvers []string `json:"resolvers,omitempty"`

--- a/internal/autocert/providers.go
+++ b/internal/autocert/providers.go
@@ -4,9 +4,10 @@ import (
 	"github.com/go-acme/lego/v4/challenge"
 	"github.com/yusing/godoxy/internal/serialization"
 	gperr "github.com/yusing/goutils/errs"
+	strutils "github.com/yusing/goutils/strings"
 )

-type Generator func(map[string]any) (challenge.Provider, gperr.Error)
+type Generator func(map[string]strutils.Redacted) (challenge.Provider, gperr.Error)

 var Providers = make(map[string]Generator)

@@ -14,10 +15,10 @@ func DNSProvider[CT any, PT challenge.Provider](
 	defaultCfg func() *CT,
 	newProvider func(*CT) (PT, error),
 ) Generator {
-	return func(opt map[string]any) (challenge.Provider, gperr.Error) {
+	return func(opt map[string]strutils.Redacted) (challenge.Provider, gperr.Error) {
 		cfg := defaultCfg()
 		if len(opt) > 0 {
-			err := serialization.MapUnmarshalValidate(opt, &cfg)
+			err := serialization.MapUnmarshalValidate(serialization.ToSerializedObject(opt), &cfg)
 			if err != nil {
 				return nil, err
 			}
--- a/internal/go-oidc
+++ b/internal/go-oidc
--- a/internal/gopsutil
+++ b/internal/gopsutil
--- a/internal/maxmind/maxmind.go
+++ b/internal/maxmind/maxmind.go
@@ -178,7 +178,7 @@ func (cfg *MaxMind) doReq(method string) (*http.Response, error) {
 	if err != nil {
 		return nil, err
 	}
-	req.SetBasicAuth(cfg.AccountID, cfg.LicenseKey)
+	req.SetBasicAuth(cfg.AccountID, cfg.LicenseKey.String())
 	resp, err := doReq(req)
 	if err != nil {
 		return nil, err
--- a/internal/maxmind/types/config.go
+++ b/internal/maxmind/types/config.go
@@ -4,14 +4,15 @@ import (
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 	gperr "github.com/yusing/goutils/errs"
+	strutils "github.com/yusing/goutils/strings"
 )

 type (
 	DatabaseType string
 	Config       struct {
-		AccountID  string       `json:"account_id" validate:"required"`
-		LicenseKey string       `json:"license_key" validate:"required"`
-		Database   DatabaseType `json:"database" validate:"omitempty,oneof=geolite geoip2"`
+		AccountID  string            `json:"account_id" validate:"required"`
+		LicenseKey strutils.Redacted `json:"license_key" validate:"required"`
+		Database   DatabaseType      `json:"database" validate:"omitempty,oneof=geolite geoip2"`
 	}
 )

--- a/internal/net/gphttp/middleware/middleware.go
+++ b/internal/net/gphttp/middleware/middleware.go
@@ -197,10 +197,16 @@ func (m *Middleware) ServeHTTP(next http.HandlerFunc, w http.ResponseWriter, r *
 	}

 	if exec, ok := m.impl.(ResponseModifier); ok {
-		rm := httputils.NewResponseModifier(w)
-		defer rm.FlushRelease()
-		next(rm, r)
+		lrm := httputils.NewLazyResponseModifier(w, needsBuffering)
+		defer lrm.FlushRelease()
+		next(lrm, r)

+		// Skip modification if response wasn't buffered (non-HTML content)
+		if !lrm.IsBuffered() {
+			return
+		}
+
+		rm := lrm.ResponseModifier()
 		currentBody := rm.BodyReader()
 		currentResp := &http.Response{
 			StatusCode:    rm.StatusCode(),
@@ -228,6 +234,12 @@ func (m *Middleware) ServeHTTP(next http.HandlerFunc, w http.ResponseWriter, r *
 	}
 }

+// needsBuffering determines if a response should be buffered for modification.
+// Only HTML responses need buffering; streaming content (video, audio, etc.) should pass through.
+func needsBuffering(header http.Header) bool {
+	return httputils.GetContentType(header).IsHTML()
+}
+
 func (m *Middleware) LogWarn(req *http.Request) *zerolog.Event {
 	return log.Warn().Str("middleware", m.name).
 		Str("host", req.Host).
--- a/internal/proxmox/config.go
+++ b/internal/proxmox/config.go
@@ -11,13 +11,14 @@ import (
 	"github.com/luthermonson/go-proxmox"
 	"github.com/yusing/godoxy/internal/net/gphttp"
 	gperr "github.com/yusing/goutils/errs"
+	strutils "github.com/yusing/goutils/strings"
 )

 type Config struct {
 	URL string `json:"url" validate:"required,url"`

-	TokenID string `json:"token_id" validate:"required"`
-	Secret  string `json:"secret" validate:"required"`
+	TokenID string            `json:"token_id" validate:"required"`
+	Secret  strutils.Redacted `json:"secret" validate:"required"`

 	NoTLSVerify bool `json:"no_tls_verify" yaml:"no_tls_verify,omitempty"`

@@ -48,7 +49,7 @@ func (c *Config) Init() gperr.Error {
 	}

 	opts := []proxmox.Option{
-		proxmox.WithAPIToken(c.TokenID, c.Secret),
+		proxmox.WithAPIToken(c.TokenID, c.Secret.String()),
 		proxmox.WithHTTPClient(&http.Client{
 			Transport: tr,
 		}),
--- a/internal/route/routes/context.go
+++ b/internal/route/routes/context.go
@@ -2,10 +2,6 @@ package routes

 import (
 	"context"
-	"crypto/tls"
-	"fmt"
-	"io"
-	"mime/multipart"
 	"net/http"
 	"net/url"
 	"reflect"
@@ -34,7 +30,8 @@ func (r *RouteContext) Value(key any) any {
 func WithRouteContext(r *http.Request, route types.HTTPRoute) *http.Request {
 	// we don't want to copy the request object every fucking requests
 	// return r.WithContext(context.WithValue(r.Context(), routeContextKey, route))
-	(*requestInternal)(unsafe.Pointer(r)).ctx = &RouteContext{
+	ctxFieldPtr := (*context.Context)(unsafe.Pointer(uintptr(unsafe.Pointer(r)) + ctxFieldOffset))
+	*ctxFieldPtr = &RouteContext{
 		Context: r.Context(),
 		Route:   route,
 	}
@@ -107,43 +104,12 @@ func TryGetUpstreamURL(r *http.Request) string {
 	return ""
 }

-type requestInternal struct {
-	Method           string
-	URL              *url.URL
-	Proto            string
-	ProtoMajor       int
-	ProtoMinor       int
-	Header           http.Header
-	Body             io.ReadCloser
-	GetBody          func() (io.ReadCloser, error)
-	ContentLength    int64
-	TransferEncoding []string
-	Close            bool
-	Host             string
-	Form             url.Values
-	PostForm         url.Values
-	MultipartForm    *multipart.Form
-	Trailer          http.Header
-	RemoteAddr       string
-	RequestURI       string
-	TLS              *tls.ConnectionState
-	Cancel           <-chan struct{}
-	Response         *http.Response
-	Pattern          string
-	ctx              context.Context
-}
+var ctxFieldOffset uintptr

 func init() {
-	// make sure ctx has the same offset as http.Request
-	f, ok := reflect.TypeFor[requestInternal]().FieldByName("ctx")
+	f, ok := reflect.TypeFor[http.Request]().FieldByName("ctx")
 	if !ok {
 		panic("ctx field not found")
 	}
-	f2, ok := reflect.TypeFor[http.Request]().FieldByName("ctx")
-	if !ok {
-		panic("ctx field not found")
-	}
-	if f.Offset != f2.Offset {
-		panic(fmt.Sprintf("ctx has different offset than http.Request: %d != %d", f.Offset, f2.Offset))
-	}
+	ctxFieldOffset = f.Offset
 }
--- a/internal/serialization/serialization.go
+++ b/internal/serialization/serialization.go
@@ -21,6 +21,22 @@ import (

 type SerializedObject = map[string]any

+// ToSerializedObject converts a map[string]VT to a SerializedObject.
+func ToSerializedObject[VT any](m map[string]VT) SerializedObject {
+	so := make(SerializedObject, len(m))
+	for k, v := range m {
+		so[k] = v
+	}
+	return so
+}
+
+func init() {
+	strutils.SetJSONMarshaler(sonic.Marshal)
+	strutils.SetJSONUnmarshaler(sonic.Unmarshal)
+	strutils.SetYAMLMarshaler(yaml.Marshal)
+	strutils.SetYAMLUnmarshaler(yaml.Unmarshal)
+}
+
 type MapUnmarshaller interface {
 	UnmarshalMap(m map[string]any) gperr.Error
 }
Author	SHA1	Message	Date
yusing	bc19a54976	chore(deps): upgrade dependencies in submodules	2025-12-08 14:17:14 +08:00
yusing	12d999809f	fix(http): correct Unwrap method and enhance error handling in Hijack method - Updated the Hijack method in LazyResponseModifier and ResponseModifier to return a wrapped error for unsupported hijacking. - Added a nil check in LazyResponseModifier's Unwrap method to ensure safe access to the underlying ResponseWriter.	2025-12-08 14:06:58 +08:00
yusing	6771293336	fix(middleware): enhance response modification handling in ServeHTTP - Replaced ResponseModifier with new LazyResponseModifier. - Added logic to skip modification for non-HTML content.	2025-12-08 13:45:53 +08:00
yusing	d240c9dfee	fix(io): limit buffer size to 16KB to avoid high memory usage and improve context propagation	2025-12-08 10:46:00 +08:00
yusing	c7eda38933	refactor(route): simplify context handling in RouteContext - Removed unnecessary requestInternal struct and directly accessed the context field of http.Request. - Simplified the initialization of ctxFieldOffset.	2025-12-05 18:26:34 +08:00
yusing	09caa888ad	refactor(config): update config structures to use strutils.Redacted for sensitive fields - Modified Config structs in various packages to replace string fields with strutils.Redacted to prevent logging sensitive information. - Updated serialization methods to accommodate new data types. - Adjusted API token handling in Proxmox configuration.	2025-12-05 18:26:16 +08:00
yusing	e41a487371	chore: remove go.work	2025-12-05 17:51:22 +08:00
yusing	7c08a8da2e	Revert "ci: Add workflow to automatically merge main into compat on tag push" This reverts commit `9930f3fa2e`.	2025-12-05 16:29:45 +08:00
yusing	82df824490	chore: go mod tidy	2025-12-05 16:20:29 +08:00
yusing	2f341001c1	chore(Makefile): add socket-proxy to docker build test and update build command syntax	2025-12-05 16:10:14 +08:00