feat(cli): add proxy authentication support

Add the --auth parameter to enable proxy authentication for HTTP and HTTPS tunnels, supporting password verification and session management. - Add --auth flag in CLI to set proxy authentication password - Implement server-side authentication handling and login page - Support Cookie-based session management and validation - Add protocol message definitions related to authentication
2026-02-24 05:10:43 +00:00 · 2026-01-13 10:41:12 +08:00
parent 0d1b72d19f
commit f75bd9f0d2
8 changed files with 315 additions and 90 deletions
--- a/internal/client/cli/http.go
+++ b/internal/client/cli/http.go
@@ -17,6 +17,7 @@ var (
 	localAddress string
 	allowIPs     []string
 	denyIPs      []string
+	authPass     string
 )

 var httpCmd = &cobra.Command{
@@ -30,6 +31,7 @@ Example:
  drip http 3000 --allow-ip 192.168.0.0/16  Only allow IPs from 192.168.x.x
  drip http 3000 --allow-ip 10.0.0.1        Allow single IP
  drip http 3000 --deny-ip 1.2.3.4          Block specific IP
+  drip http 3000 --auth secret              Enable proxy authentication with password

 Configuration:
  First time: Run 'drip config init' to save server and token
@@ -46,6 +48,7 @@ func init() {
 	httpCmd.Flags().StringVarP(&localAddress, "address", "a", "127.0.0.1", "Local address to forward to (default: 127.0.0.1)")
 	httpCmd.Flags().StringSliceVar(&allowIPs, "allow-ip", nil, "Allow only these IPs or CIDR ranges (e.g., 192.168.1.1,10.0.0.0/8)")
 	httpCmd.Flags().StringSliceVar(&denyIPs, "deny-ip", nil, "Deny these IPs or CIDR ranges (e.g., 1.2.3.4,192.168.1.0/24)")
+	httpCmd.Flags().StringVar(&authPass, "auth", "", "Password for proxy authentication")
 	httpCmd.Flags().BoolVar(&daemonMarker, "daemon-child", false, "Internal flag for daemon child process")
 	httpCmd.Flags().MarkHidden("daemon-child")
 	rootCmd.AddCommand(httpCmd)
@@ -76,6 +79,7 @@ func runHTTP(_ *cobra.Command, args []string) error {
 		Insecure:   insecure,
 		AllowIPs:   allowIPs,
 		DenyIPs:    denyIPs,
+		AuthPass:   authPass,
 	}

 	var daemon *DaemonInfo
--- a/internal/client/cli/https.go
+++ b/internal/client/cli/https.go
@@ -21,6 +21,7 @@ Example:
  drip https 443 --allow-ip 192.168.0.0/16  Only allow IPs from 192.168.x.x
  drip https 443 --allow-ip 10.0.0.1        Allow single IP
  drip https 443 --deny-ip 1.2.3.4          Block specific IP
+  drip https 443 --auth secret              Enable proxy authentication with password

 Configuration:
  First time: Run 'drip config init' to save server and token
@@ -37,6 +38,7 @@ func init() {
 	httpsCmd.Flags().StringVarP(&localAddress, "address", "a", "127.0.0.1", "Local address to forward to (default: 127.0.0.1)")
 	httpsCmd.Flags().StringSliceVar(&allowIPs, "allow-ip", nil, "Allow only these IPs or CIDR ranges (e.g., 192.168.1.1,10.0.0.0/8)")
 	httpsCmd.Flags().StringSliceVar(&denyIPs, "deny-ip", nil, "Deny these IPs or CIDR ranges (e.g., 1.2.3.4,192.168.1.0/24)")
+	httpsCmd.Flags().StringVar(&authPass, "auth", "", "Password for proxy authentication")
 	httpsCmd.Flags().BoolVar(&daemonMarker, "daemon-child", false, "Internal flag for daemon child process")
 	httpsCmd.Flags().MarkHidden("daemon-child")
 	rootCmd.AddCommand(httpsCmd)
@@ -67,6 +69,7 @@ func runHTTPS(_ *cobra.Command, args []string) error {
 		Insecure:   insecure,
 		AllowIPs:   allowIPs,
 		DenyIPs:    denyIPs,
+		AuthPass:   authPass,
 	}

 	var daemon *DaemonInfo