99 Commits

Author SHA1 Message Date
Gouryella
9adad60c28 Merge pull request #23 from Gouryella/feat/qos-bandwidth-limiting-v2
feat(client): Add bandwidth limit function support
v0.7.5
2026-02-15 03:04:28 +08:00
Gouryella
6f1f4da5d9 feat(client): Add tunnel bandwidth verification and error handling
fix(server): Improve burst value calculation of bandwidth limiter
2026-02-15 03:04:15 +08:00
Gouryella
89f67ab145 feat(client): Add bandwidth limit function support
- Implement client bandwidth limitation parameter --bandwidth, supporting 1M, 1MB, 1G and other formats
- Added parseBandwidth function to parse bandwidth values and verify them
- Added bandwidth limit option in HTTP, HTTPS, TCP commands
- Pass bandwidth configuration to the server through protocol
- Add relevant test cases to verify the bandwidth analysis function

feat(server): implements server-side bandwidth limitation function

- Add bandwidth limitation logic in connection processing, using token bucket algorithm
- Implement an effective rate limiting strategy that minimizes the bandwidth of the client and server
- Added QoS limiter and restricted connection wrapper
- Integrated bandwidth throttling in HTTP and WebSocket proxies
- Added global bandwidth limit and burst multiplier settings in server configuration

docs: Updated documentation to describe bandwidth limiting functionality

- Add 2025-02-14 version update instructions in README and README_CN
- Add bandwidth limit function description and usage examples
- Provide client and server configuration examples and parameter descriptions
2026-02-15 02:39:50 +08:00
Gouryella
8edb792f13 Merge pull request #21 from Gouryella/feat/bearer-auth-refactor
feat: Add Bearer Token authentication support
v0.7.4
2026-01-29 14:53:58 +08:00
Gouryella
dfb19930c7 refactor(pool): optimize bufio pool's type definition and reset logic 2026-01-29 14:53:23 +08:00
zhiqing
307cf8e6cc feat: Add Bearer Token authentication support and optimize code structure
- Add Bearer Token authentication, supporting tunnel access control via the --auth-bearer parameter
- Refactor large modules into smaller, more focused components to improve code maintainability
- Update dependency versions, including golang.org/x/crypto, golang.org/x/net, etc.
- Add SilenceUsage and SilenceErrors configuration for all CLI commands
- Modify connector configuration structure to support the new authentication method
- Update recent change log in README with new feature descriptions

BREAKING CHANGE: Authentication via Bearer Token is now supported, requiring the new --auth-bearer parameter
2026-01-29 14:40:53 +08:00
Gouryella
3256a3486f Merge pull request #20 from Gouryella/feat/502-error-page
feat(tcp): Improved local service unavailability error response
v0.7.3
2026-01-16 20:43:26 +08:00
Gouryella
dc560580fc feat(tcp): Improved local service unavailability error response 2026-01-16 20:42:43 +08:00
Gouryella
3872bd9326 Merge pull request #19 from Gouryella/fix/subdomain-routing-and-404
feat(proxy): Support independent configuration for service domain and…
v0.7.2
2026-01-16 17:30:17 +08:00
Gouryella
10aa65065a feat(proxy): Support independent configuration for service domain and tunnel domain
- Add serverDomain and tunnelDomain fields to the Handler struct to distinguish between service domain and tunnel domain
- Modify the NewHandler function signature to support passing two separate domain parameters
- Update the extractSubdomain method to return a subdomain result type with three states: home, found, notFound
- Add serveTunnelNotFound method to handle tunnel not found cases, returning a 404 page
- Add favicon support to display an icon on the page
- Adjust routing logic to display a dedicated 404 page when accessing a tunnel domain but the corresponding tunnel is not found
2026-01-16 17:18:43 +08:00
Gouryella
73fa51480d Merge pull request #18 from Gouryella/fix/protocol-determination
feat(tcp): add transmission protocol control functionality
2026-01-16 14:58:13 +08:00
Gouryella
bb1ba6d4b2 feat(tcp): add transmission protocol control functionality 2026-01-16 14:50:18 +08:00
Gouryella
761c170642 docs(readme): Update document links and navigation structure 2026-01-16 12:34:47 +08:00
Gouryella
00a3ced765 docs: Update document link address 2026-01-16 12:23:39 +08:00
Gouryella
d1f1147dc4 fix(ci): Update Docker image tag generation rules 2026-01-15 20:40:03 +08:00
Gouryella
bc2254bd73 docs(readme): Update document link text and URL v0.7.1 2026-01-15 17:34:42 +08:00
Gouryella
18a0e6f1ce Merge pull request #17 from Gouryella/feat/config-file-management
feat(client): Support predefined tunnel configuration and management …
2026-01-15 17:32:21 +08:00
Gouryella
5459d952be feat(server): Optimize configuration priority processing logic 2026-01-15 17:32:08 +08:00
Gouryella
37d1bfc089 feat(client): Support predefined tunnel configuration and management commands
Added predefined tunnel functionality, allowing users to define multiple tunnels in the configuration file and start them by name, including the following improvements:
- Added --all flag to start all configured tunnels
- Added parameterless start command to list available tunnels
- Support configuration of multiple tunnel types (http, https, tcp)
- Support advanced configurations such as subdomains, transport protocols, and IP allowlists

refactor(deployments): Refactor Docker deployment configuration

Removed old Dockerfile and Compose configurations, added new deployment files:
- Removed .env.example and old Docker build files
- Added Caddy reverse proxy configuration file
- Added two deployment modes: standard and Caddy reverse proxy
- Added detailed server configuration example files

docs: Update documentation to include tunnel configuration and deployment guide

Updated Chinese and English README documents:
- Added usage instructions and configuration examples for predefined tunnels
- Expanded server deployment section to include direct TLS and reverse proxy modes
- Added server configuration reference table with detailed configuration item descriptions
- Added specific configuration methods for Caddy and Nginx reverse proxies
2026-01-15 17:18:27 +08:00
Gouryella
ba4c1761dc feat(install-scripts): support more architectures and improve download logic 2026-01-14 16:08:18 +08:00
Gouryella
eb2f168226 build(release): Ignore unsupported platform architecture combinations
fix(tuning): Fix type conversion issue in memory calculation
v0.7.0
2026-01-14 15:41:54 +08:00
Gouryella
a3cad40196 fix: Update goreleaser-action version to improve stability 2026-01-14 15:26:42 +08:00
Gouryella
2815e267be feat: add goreleaser configuration file
Add .goreleaser.yaml configuration file to automate building and releasing multi-platform binaries, supporting operating systems such as darwin, freebsd, linux, windows, and architectures including 386, arm, amd64, arm64, mips, with cross-compilation settings and release configurations.
2026-01-14 15:22:21 +08:00
Gouryella
6c3fb1130d Merge pull request #16 from Gouryella/feat/add-wss-transport
feat: add WebSocket transport protocol and GoReleaser integration
2026-01-14 14:58:54 +08:00
Gouryella
b8d1002d35 feat(tcp): add TCP transmission protocol check 2026-01-14 14:50:45 +08:00
Gouryella
4b2dcc0ee1 feat(workflow): Use GoReleaser to simplify the release process 2026-01-14 13:30:25 +08:00
Gouryella
6139a9c0ed feat: add transport protocol option supporting TCP and WebSocket connections
Added --transport parameter to allow users to select transport protocol type:
- auto: automatically choose based on server address (default)
- tcp: direct TLS 1.3 connection
- wss: WebSocket over TLS (CDN-friendly)

Also updated client connector to support WebSocket transport, and added server-side discovery endpoint to query supported transport protocols.
v0.7.0-alpha
2026-01-14 12:49:08 +08:00
Gouryella
81f156f49c Merge pull request #15 from Gouryella/feat/http-auth
feat(cli): add proxy authentication support
v0.6.3
2026-01-13 11:05:21 +08:00
Gouryella
029044a9ba feat(proxy): Implement HTML escaping in login pages to prevent XSS attacks 2026-01-13 11:03:20 +08:00
Gouryella
f75bd9f0d2 feat(cli): add proxy authentication support
Add the --auth parameter to enable proxy authentication for HTTP and HTTPS tunnels, supporting password verification and session management.

- Add --auth flag in CLI to set proxy authentication password
- Implement server-side authentication handling and login page
- Support Cookie-based session management and validation
- Add protocol message definitions related to authentication
2026-01-13 10:41:12 +08:00
Gouryella
0d1b72d19f Merge pull request #14 from Gouryella/feat/ip-access-control
feat/ip access control
v0.6.2
2026-01-12 11:51:49 +08:00
Gouryella
852dbb2ee6 feat(netutil): extend IP access checker blacklist from single IP to CIDR ranges
Rename denyIPs field to denyNets, supporting blacklist configuration with CIDR ranges. Now supports both individual IP addresses and CIDR subnet masks as deny rules, with IPv4 automatically converted to /32 and IPv6 to /128, using the Contains method for more flexible subnet matching.
2026-01-12 11:50:34 +08:00
Gouryella
d7b92a8b95 feat(server): Add server configuration validation and optimize connection handling
- Add Validate method to ServerConfig to validate port ranges, domain format, TCP port ranges, and other configuration items
- Add configuration validation logic in server.go to ensure valid configuration before server startup
- Improve channel naming in TCP connections for better code readability
- Enhance data copying mechanism with context cancellation support to avoid resource leaks
- Add private network definitions for secure validation of trusted proxy headers

fix(proxy): Strengthen client IP extraction security and fix error handling

- Trust X-Forwarded-For and X-Real-IP headers only when requests originate from private/loopback networks
- Define RFC 1918 and other private network ranges for proxy header validation
- Add JSON serialization error handling in TCP connections to prevent data loss
- Fix context handling logic in pipe callbacks
- Optimize error handling mechanism for data connection responses

refactor(config): Improve client configuration validation and error handling

- Add Validate method to ClientConfig to verify server address format and port validity
- Change configuration validation from simple checks to full validation function calls
- Provide more detailed error messages to help users correctly configure server address formats
2026-01-12 10:55:27 +08:00
Gouryella
85a0f44e44 feat: Add IP access control functionality
- Implement IP whitelist/blacklist access control mechanism
- Add --allow-ip and --deny-ip command-line arguments to configure IP access rules
- Support CIDR format for IP range configuration
- Enable IP access control in HTTP, HTTPS, and TCP tunnels
- Add IP access check logic to server-side proxy handling
- Update documentation to explain how to use IP access control
2026-01-11 14:22:41 +08:00
Gouryella
4b0e15dfb5 Merge pull request #13 from Gouryella/feat/prometheus-monitoring
Feat/prometheus monitoring
v0.6.1
2026-01-05 14:08:46 +08:00
Gouryella
12bd4115e3 feat(tunnel/manager): update tunnel IP metrics statistics
- Synchronously delete corresponding Prometheus metrics when removing IP records
- Update metric values when the number of IP tunnels changes
- Ensure accuracy and real-time nature of the tunnelsByIP metric
2026-01-05 13:38:08 +08:00
Gouryella
d03874b3d3 feat: Added Prometheus metrics support and optimized the homepage interface.
Added the prometheus/client_golang dependency to support metrics collection, and refactored the proxy processor's homepage.
It uses modern CSS styles and responsive design, and adds code copy functionality.
BREAKING CHANGE: Removed session selection-related methods and the large buffer feature of the buffer pool in TCP connection groups.
2026-01-05 11:56:18 +08:00
Gouryella
8c8a848320 docs(README): Removed v0.5.0 update content and added an acknowledgments section. 2026-01-04 11:31:33 +08:00
Gouryella
11ca454659 feat(server): Adds server configuration management commands and metric monitoring functionality.
- Add a new `server config` command to display server configuration.
- Supports displaying the full token via the --full flag.
- Add the metrics-token configuration option for monitoring access control.
- Integrate Prometheus metrics monitoring system
- Add the /metrics endpoint to provide monitoring data in Prometheus format.
- Add detailed metric collection for tunnels, connections, traffic, etc.
- Add a link to the metrics endpoint on the homepage
refactor: Refactor the token display logic to support full display options.
- Refactor the token mask logic in the configuration display
- Supports controlling the token display method via the configFull flag.
build: Update dependency versions
- Updated github.com/spf13/cobra from v1.10.1 to v1.10.2
- Updated golang.org/x/crypto from v0.45.0 to v0.46.0
- Updated golang.org/x/net from v0.47.0 to v0.48.0
- Update golang.org/x/sys from v0.38.0 to v0.39.0
- Added several new indirect dependency packages, including Prometheus-related components.
- Update the versions of several existing dependency packages.
v0.6.1-alpha
2026-01-03 16:50:28 +08:00
Gouryella
fa92896d7e Merge pull request #12 from Gouryella/perf/pool-scaling-and-latency-fix
Perf/pool scaling and latency fix
v0.6.0
2025-12-24 10:14:01 +08:00
Gouryella
e05f128a9c feat (tunnel/manager): Optimized concurrency security and resource management for tunnel registration.
A CAS loop is used to implement atomic operations on the global tunnel counter, avoiding race conditions.
Add a rollback mechanism to ensure that the occupied counter resources are properly released when registration fails.
Concurrency safety for IP rate limiting is achieved by using atomic operations and locks in combination.
Add appropriate resource rollback logic at each faulty branch to prevent resource leaks.
2025-12-24 10:13:30 +08:00
Gouryella
88e4525bf6 perf(core): Optimizes performance configuration and resource management
- Removed the manual performance optimization configuration in main.go and replaced it with a new tuning module.
- Add patterned GC tuning in server.go and tunnel_runner.go
- Updated yamux configuration to a unified optimized configuration to improve throughput.
- Implement connection pool preheating function to eliminate cold start delay.
- Optimize session selection using a min-heap, reducing the time complexity from O(n) to O(log n).
- Add a bufio.Reader pool and a buffer pool to reduce memory allocation.
- Implement a fragmented lock manager to improve performance under high concurrency.
- Adjust heartbeat and timeout configurations to suit high-throughput scenarios
BREAKING CHANGE: Manual GC tuning configuration has been removed; automatic tuning mode is now used.
v0.6.0-beta
2025-12-23 11:16:12 +08:00
Gouryella
0cff316334 feat(client): Optimized connection pool scaling logic and enhanced session statistics functionality.
- Reduce inspection intervals and cooling times to improve response speed
- Added burst load handling mechanism to support batch expansion.
- Introduced the GetSessionStats method to retrieve detailed statistics for each session.
- Create data sessions concurrently to accelerate scaling.
- Added a ping loop keep-alive mechanism for each session.
feat(server): Enhance tunnel management and security restrictions
- Implement IP-based tunnel number and registration frequency limits
- Add a rate limiter to prevent malicious registration behavior.
- Improved shutdown process to ensure proper exit of cleanup coroutines.
- Introduce atomic operations to tunnel connections to improve concurrency performance
- Track client IP addresses for access control
perf(server): Improves HTTP request processing performance and resource reuse.
- Use sync.Pool to reuse bufio.Writer to reduce GC pressure.
- Enable TCP_NODELAY to improve response speed
- Adjust HTTP server timeout configuration to balance performance and security
refactor(proxy): Optimizes the stream open timeout control logic
- Use context to control timeouts and avoid goroutine leaks.
- Ensure that established connections are properly closed upon timeout.
docs(test): Upgrade one-click test scripts to Go test service
- Replace Python's built-in server with a high-performance Go implementation
- Update dependency checks: Use Go instead of Python 3
- Enhanced startup log output for easier debugging
chore(shared): Enhances the security and consistency of the ID generator.
- Remove the timestamp fallback scheme and uniformly adopt crypto/rand.
- Added TryGenerateID to provide a non-panic error handling method.
- Define the maximum frame size explicitly and add comments to explain it.
style(frame): Reduce memory allocation and optimize read performance
- Use an array on the stack instead of heap allocation to read the frame header.
- Reduced maximum frame size from 10MB to 1MB to decrease DoS risk.
v0.6.0-alpha
2025-12-22 16:08:24 +08:00
Gouryella
9e2bcafa98 docs (nginx): Add proxy header configuration to support WebSocket upgrades 2025-12-22 14:24:46 +08:00
Gouryella
2ea604a55e Merge pull request #11 from Gouryella/fix/reconnect-sticky-endpoint
feat(tcp): Fix reconnect behavior to keep stable subdomain and TCP port
v0.5.3
2025-12-20 10:47:05 +08:00
Gouryella
b75a098f99 feat(tcp): Fix reconnect behavior to keep stable subdomain and TCP port
Persist the assigned subdomain after first connect so reconnects reuse it.
Allow reserving a specific TCP port when the subdomain is tcp-<port> to prevent port drift.
2025-12-20 10:25:13 +08:00
Gouryella
ddefbbdbd9 Merge pull request #10 from Gouryella/fix/websocket-error
fix(tcp): Fixed a connection reading issue during WebSocket upgrade
v0.5.2
2025-12-19 17:56:39 +08:00
Gouryella
bad099d0f3 fix(tcp): Fixed a connection reading issue during WebSocket upgrade processing.
When processing HTTP streams, support for buffered readers has been added for WebSocket upgrade requests.
This ensures that data not fully read before connection switching is not lost. The forwarding logic for the Host header has also been optimized.
Add the X-Forwarded-Host header to preserve the original host information.
2025-12-19 17:48:15 +08:00
Gouryella
b1393e5e0f Merge pull request #9 from Gouryella/fix/http-proxy
Fix/http proxy
v0.5.1
2025-12-19 10:34:34 +08:00
Gouryella
e5aaf150e3 feat(proxy): Removes support for the HTTP CONNECT method.
In the ServeHTTP processing logic, CONNECT requests are no longer processed, and a 405 status code is returned when such a request is received.
The method was flagged as not allowed. The original handleConnect implementation code was also removed.
2025-12-19 10:26:38 +08:00