fix(acl): ensure acl behind proxy protocol for TCP; fix acl not working for TCP/UDP by replacing ActiveConfig with context value

internal/acl/config.go

@@ -4,7 +4,6 @@ import (
 	"fmt"
 	"math"
 	"net"
-	"sync/atomic"
 	"time"
 
 	"github.com/puzpuzpuz/xsync/v4"
@@ -75,8 +74,7 @@ type ipLog struct {
 	allowed bool
 }
 
-// could be nil
-var ActiveConfig atomic.Pointer[Config]
+type ContextKey struct{}
 
 const cacheTTL = 1 * time.Minute
 

internal/config/state.go

@@ -74,7 +74,6 @@ func SetState(state config.State) {
 
 	cfg := state.Value()
 	config.ActiveState.Store(state)
-	acl.ActiveConfig.Store(cfg.ACL)
 	entrypoint.ActiveConfig.Store(&cfg.Entrypoint)
 	homepage.ActiveConfig.Store(&cfg.Homepage)
 	if autocertProvider := state.AutoCertProvider(); autocertProvider != nil {
@@ -197,7 +196,12 @@ func (state *state) initAccessLogger() error {
 	if !state.ACL.Valid() {
 		return nil
 	}
-	return state.ACL.Start(state.task)
+	err := state.ACL.Start(state.task)
+	if err != nil {
+		return err
+	}
+	state.task.SetValue(acl.ContextKey{}, state.ACL)
+	return nil
 }
 
 func (state *state) initEntrypoint() error {

internal/route/stream/tcp_tcp.go

@@ -6,6 +6,7 @@ import (
 
 	"github.com/pires/go-proxyproto"
 	"github.com/rs/zerolog"
+	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/internal/acl"
 	"github.com/yusing/godoxy/internal/agentpool"
 	"github.com/yusing/godoxy/internal/entrypoint"
@@ -50,12 +51,14 @@ func (s *TCPTCPStream) ListenAndServe(ctx context.Context, preDial, onRead netty
 		return
 	}
 
+	if acl, ok := ctx.Value(acl.ContextKey{}).(*acl.Config); ok {
+		log.Debug().Str("listener", s.listener.Addr().String()).Msg("wrapping listener with ACL")
+		s.listener = acl.WrapTCP(s.listener)
+	}
+
 	if proxyProto := entrypoint.ActiveConfig.Load().SupportProxyProtocol; proxyProto {
 		s.listener = &proxyproto.Listener{Listener: s.listener}
 	}
-	if acl := acl.ActiveConfig.Load(); acl != nil {
-		s.listener = acl.WrapTCP(s.listener)
-	}
 
 	s.preDial = preDial
 	s.onRead = onRead

internal/route/stream/udp_udp.go

@@ -10,6 +10,7 @@ import (
 	"time"
 
 	"github.com/rs/zerolog"
+	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/internal/acl"
 	"github.com/yusing/godoxy/internal/agentpool"
 	nettypes "github.com/yusing/godoxy/internal/net/types"
@@ -81,7 +82,8 @@ func (s *UDPUDPStream) ListenAndServe(ctx context.Context, preDial, onRead netty
 		return
 	}
 	s.listener = l
-	if acl := acl.ActiveConfig.Load(); acl != nil {
+	if acl, ok := ctx.Value(acl.ContextKey{}).(*acl.Config); ok {
+		log.Debug().Str("listener", s.listener.LocalAddr().String()).Msg("wrapping listener with ACL")
 		s.listener = acl.WrapUDP(s.listener)
 	}
 	s.preDial = preDial