fix(acl): ensure acl behind proxy protocol for TCP; fix acl not working for TCP/UDP by replacing ActiveConfig with context value

This commit is contained in:
yusing
2026-01-18 11:23:40 +08:00
committed by github-actions[bot]
parent ab1881d02e
commit d938e24cf5
5 changed files with 17 additions and 10 deletions

Submodule goutils updated: 813b4fae7f...061245e969

View File

@@ -4,7 +4,6 @@ import (
"fmt" "fmt"
"math" "math"
"net" "net"
"sync/atomic"
"time" "time"
"github.com/puzpuzpuz/xsync/v4" "github.com/puzpuzpuz/xsync/v4"
@@ -75,8 +74,7 @@ type ipLog struct {
allowed bool allowed bool
} }
// could be nil type ContextKey struct{}
var ActiveConfig atomic.Pointer[Config]
const cacheTTL = 1 * time.Minute const cacheTTL = 1 * time.Minute

View File

@@ -74,7 +74,6 @@ func SetState(state config.State) {
cfg := state.Value() cfg := state.Value()
config.ActiveState.Store(state) config.ActiveState.Store(state)
acl.ActiveConfig.Store(cfg.ACL)
entrypoint.ActiveConfig.Store(&cfg.Entrypoint) entrypoint.ActiveConfig.Store(&cfg.Entrypoint)
homepage.ActiveConfig.Store(&cfg.Homepage) homepage.ActiveConfig.Store(&cfg.Homepage)
if autocertProvider := state.AutoCertProvider(); autocertProvider != nil { if autocertProvider := state.AutoCertProvider(); autocertProvider != nil {
@@ -197,7 +196,12 @@ func (state *state) initAccessLogger() error {
if !state.ACL.Valid() { if !state.ACL.Valid() {
return nil return nil
} }
return state.ACL.Start(state.task) err := state.ACL.Start(state.task)
if err != nil {
return err
}
state.task.SetValue(acl.ContextKey{}, state.ACL)
return nil
} }
func (state *state) initEntrypoint() error { func (state *state) initEntrypoint() error {

View File

@@ -6,6 +6,7 @@ import (
"github.com/pires/go-proxyproto" "github.com/pires/go-proxyproto"
"github.com/rs/zerolog" "github.com/rs/zerolog"
"github.com/rs/zerolog/log"
"github.com/yusing/godoxy/internal/acl" "github.com/yusing/godoxy/internal/acl"
"github.com/yusing/godoxy/internal/agentpool" "github.com/yusing/godoxy/internal/agentpool"
"github.com/yusing/godoxy/internal/entrypoint" "github.com/yusing/godoxy/internal/entrypoint"
@@ -50,12 +51,14 @@ func (s *TCPTCPStream) ListenAndServe(ctx context.Context, preDial, onRead netty
return return
} }
if acl, ok := ctx.Value(acl.ContextKey{}).(*acl.Config); ok {
log.Debug().Str("listener", s.listener.Addr().String()).Msg("wrapping listener with ACL")
s.listener = acl.WrapTCP(s.listener)
}
if proxyProto := entrypoint.ActiveConfig.Load().SupportProxyProtocol; proxyProto { if proxyProto := entrypoint.ActiveConfig.Load().SupportProxyProtocol; proxyProto {
s.listener = &proxyproto.Listener{Listener: s.listener} s.listener = &proxyproto.Listener{Listener: s.listener}
} }
if acl := acl.ActiveConfig.Load(); acl != nil {
s.listener = acl.WrapTCP(s.listener)
}
s.preDial = preDial s.preDial = preDial
s.onRead = onRead s.onRead = onRead

View File

@@ -10,6 +10,7 @@ import (
"time" "time"
"github.com/rs/zerolog" "github.com/rs/zerolog"
"github.com/rs/zerolog/log"
"github.com/yusing/godoxy/internal/acl" "github.com/yusing/godoxy/internal/acl"
"github.com/yusing/godoxy/internal/agentpool" "github.com/yusing/godoxy/internal/agentpool"
nettypes "github.com/yusing/godoxy/internal/net/types" nettypes "github.com/yusing/godoxy/internal/net/types"
@@ -81,7 +82,8 @@ func (s *UDPUDPStream) ListenAndServe(ctx context.Context, preDial, onRead netty
return return
} }
s.listener = l s.listener = l
if acl := acl.ActiveConfig.Load(); acl != nil { if acl, ok := ctx.Value(acl.ContextKey{}).(*acl.Config); ok {
log.Debug().Str("listener", s.listener.LocalAddr().String()).Msg("wrapping listener with ACL")
s.listener = acl.WrapUDP(s.listener) s.listener = acl.WrapUDP(s.listener)
} }
s.preDial = preDial s.preDial = preDial