- Implement client bandwidth limitation parameter --bandwidth, supporting 1M, 1MB, 1G and other formats
- Added parseBandwidth function to parse bandwidth values and verify them
- Added bandwidth limit option in HTTP, HTTPS, TCP commands
- Pass bandwidth configuration to the server through protocol
- Add relevant test cases to verify the bandwidth analysis function
feat(server): implements server-side bandwidth limitation function
- Add bandwidth limitation logic in connection processing, using token bucket algorithm
- Implement an effective rate limiting strategy that minimizes the bandwidth of the client and server
- Added QoS limiter and restricted connection wrapper
- Integrated bandwidth throttling in HTTP and WebSocket proxies
- Added global bandwidth limit and burst multiplier settings in server configuration
docs: Updated documentation to describe bandwidth limiting functionality
- Add 2025-02-14 version update instructions in README and README_CN
- Add bandwidth limit function description and usage examples
- Provide client and server configuration examples and parameter descriptions
- Add Bearer Token authentication, supporting tunnel access control via the --auth-bearer parameter
- Refactor large modules into smaller, more focused components to improve code maintainability
- Update dependency versions, including golang.org/x/crypto, golang.org/x/net, etc.
- Add SilenceUsage and SilenceErrors configuration for all CLI commands
- Modify connector configuration structure to support the new authentication method
- Update recent change log in README with new feature descriptions
BREAKING CHANGE: Authentication via Bearer Token is now supported, requiring the new --auth-bearer parameter
Added predefined tunnel functionality, allowing users to define multiple tunnels in the configuration file and start them by name, including the following improvements:
- Added --all flag to start all configured tunnels
- Added parameterless start command to list available tunnels
- Support configuration of multiple tunnel types (http, https, tcp)
- Support advanced configurations such as subdomains, transport protocols, and IP allowlists
refactor(deployments): Refactor Docker deployment configuration
Removed old Dockerfile and Compose configurations, added new deployment files:
- Removed .env.example and old Docker build files
- Added Caddy reverse proxy configuration file
- Added two deployment modes: standard and Caddy reverse proxy
- Added detailed server configuration example files
docs: Update documentation to include tunnel configuration and deployment guide
Updated Chinese and English README documents:
- Added usage instructions and configuration examples for predefined tunnels
- Expanded server deployment section to include direct TLS and reverse proxy modes
- Added server configuration reference table with detailed configuration item descriptions
- Added specific configuration methods for Caddy and Nginx reverse proxies
Added --transport parameter to allow users to select transport protocol type:
- auto: automatically choose based on server address (default)
- tcp: direct TLS 1.3 connection
- wss: WebSocket over TLS (CDN-friendly)
Also updated client connector to support WebSocket transport, and added server-side discovery endpoint to query supported transport protocols.
- Add Validate method to ServerConfig to validate port ranges, domain format, TCP port ranges, and other configuration items
- Add configuration validation logic in server.go to ensure valid configuration before server startup
- Improve channel naming in TCP connections for better code readability
- Enhance data copying mechanism with context cancellation support to avoid resource leaks
- Add private network definitions for secure validation of trusted proxy headers
fix(proxy): Strengthen client IP extraction security and fix error handling
- Trust X-Forwarded-For and X-Real-IP headers only when requests originate from private/loopback networks
- Define RFC 1918 and other private network ranges for proxy header validation
- Add JSON serialization error handling in TCP connections to prevent data loss
- Fix context handling logic in pipe callbacks
- Optimize error handling mechanism for data connection responses
refactor(config): Improve client configuration validation and error handling
- Add Validate method to ClientConfig to verify server address format and port validity
- Change configuration validation from simple checks to full validation function calls
- Provide more detailed error messages to help users correctly configure server address formats
- Set a read timeout before the TLS handshake to prevent slow handshake attacks
- Clear the read timeout setting after a successful handshake
- Enable session resumption for server and client TLS configurations
- Explicitly prioritize the use of server-side cipher suites (ignored in TLS 1.3 but retained to ensure consistency)
- Optimized terminal output style and configuration management using libraries such as `lipgloss` and `go-json`
- Introduced the `ui` package to unify the display logic of colors, tables, and prompts
- Updated the README document structure and installation script links to improve readability and internationalization support
- Improved the interaction flow and log display effects of the daemon startup and attach commands
- Fixed some command parameter parsing issues, improving program robustness and user onboarding experience
