| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161 |
- package mtglib
-
- import (
- "context"
- "errors"
- "fmt"
- "net"
- "sync"
- "time"
-
- "github.com/9seconds/mtg/v2/mtglib/internal/obfuscated2"
- "github.com/panjf2000/ants/v2"
- )
-
- type Proxy struct {
- ctx context.Context
- ctxCancel context.CancelFunc
- streamWaitGroup sync.WaitGroup
- workerPool *ants.PoolWithFunc
-
- secret Secret
- network Network
- antiReplayCache AntiReplayCache
- ipBlocklist IPBlocklist
- eventStream EventStream
- logger Logger
- }
-
- func (p *Proxy) ServeConn(conn net.Conn) {
- ctx := newStreamContext(p.ctx, p.logger, conn)
- defer ctx.Close()
-
- go func() {
- <-ctx.Done()
- ctx.Close()
- }()
-
- p.eventStream.Send(ctx, EventStart{
- CreatedAt: time.Now(),
- ConnID: ctx.connID,
- RemoteIP: ctx.ClientIP(),
- })
- ctx.logger.Info("Stream has been started")
-
- defer func() {
- p.eventStream.Send(ctx, EventFinish{
- CreatedAt: time.Now(),
- ConnID: ctx.connID,
- })
- ctx.logger.Info("Stream has been finished")
- }()
-
- if err := p.doObfuscated2Handshake(ctx); err != nil {
- p.logger.InfoError("obfuscated2 handshake is failed", err)
-
- return
- }
- }
-
- func (p *Proxy) Serve(listener net.Listener) error {
- for {
- conn, err := listener.Accept()
- if err != nil {
- return fmt.Errorf("cannot accept a new connection: %w", err)
- }
-
- if addr := conn.RemoteAddr().(*net.TCPAddr).IP; p.ipBlocklist.Contains(addr) {
- conn.Close()
- p.eventStream.Send(p.ctx, EventIPBlocklisted{
- CreatedAt: time.Now(),
- RemoteIP: addr,
- })
-
- continue
- }
-
- err = p.workerPool.Invoke(conn)
-
- switch {
- case err == nil:
- case errors.Is(err, ants.ErrPoolClosed):
- return nil
- case errors.Is(err, ants.ErrPoolOverload):
- p.eventStream.Send(p.ctx, EventConcurrencyLimited{
- CreatedAt: time.Now(),
- })
- }
- }
- }
-
- func (p *Proxy) Shutdown() {
- p.ctxCancel()
- p.streamWaitGroup.Wait()
- p.workerPool.Release()
- }
-
- func (p *Proxy) doObfuscated2Handshake(ctx *streamContext) error {
- dc, encryptor, decryptor, err := obfuscated2.ClientHandshake(p.secret.Key[:], ctx.clientConn)
- if err != nil {
- return fmt.Errorf("cannot process client handshake: %w", err)
- }
-
- if dc < 0 {
- dc = -dc
- }
-
- ctx.dc = int(dc)
- ctx.logger = ctx.logger.BindInt("dc", ctx.dc)
- ctx.clientConn = &obfuscated2.Conn{
- Conn: ctx.clientConn,
- Encryptor: encryptor,
- Decryptor: decryptor,
- }
-
- return nil
- }
-
- func NewProxy(opts ProxyOpts) (*Proxy, error) {
- switch {
- case opts.Network == nil:
- return nil, ErrNetworkIsNotDefined
- case opts.AntiReplayCache == nil:
- return nil, ErrAntiReplayCacheIsNotDefined
- case opts.IPBlocklist == nil:
- return nil, ErrIPBlocklistIsNotDefined
- case opts.EventStream == nil:
- return nil, ErrEventStreamIsNotDefined
- case opts.Logger == nil:
- return nil, ErrLoggerIsNotDefined
- case !opts.Secret.Valid():
- return nil, ErrSecretInvalid
- }
-
- concurrency := opts.Concurrency
- if concurrency == 0 {
- concurrency = DefaultConcurrency
- }
-
- ctx, cancel := context.WithCancel(context.Background())
- proxy := &Proxy{
- ctx: ctx,
- ctxCancel: cancel,
- secret: opts.Secret,
- network: opts.Network,
- antiReplayCache: opts.AntiReplayCache,
- ipBlocklist: opts.IPBlocklist,
- eventStream: opts.EventStream,
- logger: opts.Logger.Named("proxy"),
- }
-
- pool, err := ants.NewPoolWithFunc(int(concurrency), func(arg interface{}) {
- proxy.ServeConn(arg.(net.Conn))
- }, ants.WithLogger(opts.Logger.Named("ants")))
- if err != nil {
- return nil, fmt.Errorf("cannot initialize a pool: %w", err)
- }
-
- proxy.workerPool = pool
-
- return proxy, nil
- }
|
