feat(cli): add proxy authentication support

Add the --auth parameter to enable proxy authentication for HTTP and HTTPS tunnels, supporting password verification and session management. - Add --auth flag in CLI to set proxy authentication password - Implement server-side authentication handling and login page - Support Cookie-based session management and validation - Add protocol message definitions related to authentication
2026-02-26 22:31:35 +00:00 · 2026-01-13 10:41:12 +08:00
parent 0d1b72d19f
commit f75bd9f0d2
8 changed files with 315 additions and 90 deletions
--- a/internal/shared/protocol/messages.go
+++ b/internal/shared/protocol/messages.go
@@ -2,68 +2,60 @@ package protocol

 import json "github.com/goccy/go-json"

-// PoolCapabilities advertises client connection pool capabilities
 type PoolCapabilities struct {
-	MaxDataConns int `json:"max_data_conns"` // Maximum data connections client supports
-	Version      int `json:"version"`        // Protocol version for pool features
+	MaxDataConns int `json:"max_data_conns"`
+	Version      int `json:"version"`
 }

-// IPAccessControl defines IP-based access control rules for a tunnel
 type IPAccessControl struct {
-	AllowIPs []string `json:"allow_ips,omitempty"` // Allowed IPs or CIDR ranges (whitelist)
-	DenyIPs  []string `json:"deny_ips,omitempty"`  // Denied IPs or CIDR ranges (blacklist)
+	AllowIPs []string `json:"allow_ips,omitempty"`
+	DenyIPs  []string `json:"deny_ips,omitempty"`
+}
+
+type ProxyAuth struct {
+	Enabled  bool   `json:"enabled"`
+	Password string `json:"password,omitempty"`
 }

-// RegisterRequest is sent by client to register a tunnel
 type RegisterRequest struct {
-	Token           string     `json:"token"`            // Authentication token
-	CustomSubdomain string     `json:"custom_subdomain"` // Optional custom subdomain
-	TunnelType      TunnelType `json:"tunnel_type"`      // http, tcp, udp
-	LocalPort       int        `json:"local_port"`       // Local port to forward to
-
-	// Connection pool fields (optional, for multi-connection support)
-	ConnectionType   string            `json:"connection_type,omitempty"`   // "primary" or empty for legacy
-	TunnelID         string            `json:"tunnel_id,omitempty"`         // For data connections to join
-	PoolCapabilities *PoolCapabilities `json:"pool_capabilities,omitempty"` // Client pool capabilities
-
-	// Access control (optional)
-	IPAccess *IPAccessControl `json:"ip_access,omitempty"` // IP-based access control rules
+	Token            string            `json:"token"`
+	CustomSubdomain  string            `json:"custom_subdomain"`
+	TunnelType       TunnelType        `json:"tunnel_type"`
+	LocalPort        int               `json:"local_port"`
+	ConnectionType   string            `json:"connection_type,omitempty"`
+	TunnelID         string            `json:"tunnel_id,omitempty"`
+	PoolCapabilities *PoolCapabilities `json:"pool_capabilities,omitempty"`
+	IPAccess         *IPAccessControl  `json:"ip_access,omitempty"`
+	ProxyAuth        *ProxyAuth        `json:"proxy_auth,omitempty"`
 }

-// RegisterResponse is sent by server after successful registration
 type RegisterResponse struct {
-	Subdomain string `json:"subdomain"`        // Assigned subdomain
-	Port      int    `json:"port,omitempty"`   // Assigned TCP port (for TCP tunnels)
-	URL       string `json:"url"`              // Full tunnel URL
-	Message   string `json:"message"`          // Success message
-
-	// Connection pool fields (optional, for multi-connection support)
-	TunnelID         string `json:"tunnel_id,omitempty"`          // Unique tunnel identifier
-	SupportsDataConn bool   `json:"supports_data_conn,omitempty"` // Server supports multi-connection
-	RecommendedConns int    `json:"recommended_conns,omitempty"`  // Suggested data connection count
+	Subdomain        string `json:"subdomain"`
+	Port             int    `json:"port,omitempty"`
+	URL              string `json:"url"`
+	Message          string `json:"message"`
+	TunnelID         string `json:"tunnel_id,omitempty"`
+	SupportsDataConn bool   `json:"supports_data_conn,omitempty"`
+	RecommendedConns int    `json:"recommended_conns,omitempty"`
 }

-// DataConnectRequest is sent by data connections to join a tunnel
 type DataConnectRequest struct {
-	TunnelID     string `json:"tunnel_id"`     // Tunnel to join
-	Token        string `json:"token"`         // Same auth token as primary
-	ConnectionID string `json:"connection_id"` // Unique connection identifier
+	TunnelID     string `json:"tunnel_id"`
+	Token        string `json:"token"`
+	ConnectionID string `json:"connection_id"`
 }

-// DataConnectResponse acknowledges data connection
 type DataConnectResponse struct {
-	Accepted     bool   `json:"accepted"`              // Whether connection was accepted
-	ConnectionID string `json:"connection_id"`         // Echoed connection ID
-	Message      string `json:"message,omitempty"`     // Optional message
+	Accepted     bool   `json:"accepted"`
+	ConnectionID string `json:"connection_id"`
+	Message      string `json:"message,omitempty"`
 }

-// ErrorMessage represents an error
 type ErrorMessage struct {
-	Code    string `json:"code"`    // Error code
-	Message string `json:"message"` // Error message
+	Code    string `json:"code"`
+	Message string `json:"message"`
 }

-// Marshal helpers for control plane messages (JSON encoding)
 func MarshalJSON(v interface{}) ([]byte, error) {
 	return json.Marshal(v)
 }