diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml index 16b43e4c0..e00e94a7e 100644 --- a/.github/workflows/codecov.yml +++ b/.github/workflows/codecov.yml @@ -70,10 +70,6 @@ jobs: image: ghcr.io/psf/httpbin:0.10.2 ports: - 80:8080 - fluent-bit: - image: ghcr.io/fluent/fluent-bit:latest - ports: - - '24224:24224/tcp' steps: - name: Checkout sources uses: actions/checkout@v4 @@ -93,18 +89,33 @@ jobs: - name: Install binutils run: | cargo install cargo-binutils + - name: Install netcat-openbsd + run: | + sudo apt-get install netcat-openbsd + - name: Listen StatsD port + run: | + nc -u -l -k 127.0.0.1 8125 >/dev/null & + - name: Install fluent-bit + run: | + sudo curl https://raw.githubusercontent.com/fluent/fluent-bit/master/install.sh | sh + - name: Install fluent-bit.conf + run: | + sudo cp ${{ github.workspace }}/scripts/coverage/g3proxy/fluent-bit.conf /etc/fluent-bit/fluent-bit.conf + - name: Start fluent-bit + run: | + sudo systemctl start fluent-bit - name: Install dnsmasq run: | sudo apt-get install dnsmasq-base - name: Backup /etc/resolv.conf run: | sudo cp /etc/resolv.conf /etc/resolv.conf.backup - - name: Run dnsmasq - run: | - sudo dnsmasq --local-service -C ${{ github.workspace }}/scripts/coverage/g3proxy/dnsmasq.conf - name: Edit /etc/resolv.conf run: | echo "nameserver 127.0.0.1" | sudo tee /etc/resolv.conf + - name: Run dnsmasq + run: | + sudo dnsmasq --local-service -C ${{ github.workspace }}/scripts/coverage/g3proxy/dnsmasq.conf - name: run unit test run: | ./scripts/coverage/g3proxy.sh diff --git a/g3proxy/doc/configuration/user_group/source.rst b/g3proxy/doc/configuration/user_group/source.rst index 5839ce999..253581fc2 100644 --- a/g3proxy/doc/configuration/user_group/source.rst +++ b/g3proxy/doc/configuration/user_group/source.rst @@ -43,6 +43,16 @@ lua Fetch users through local lua script. +The following vars will be defined when running the script: + +* __file__ + + This will be the absolute path of the script file + + .. versionadded:: 1.11.0 + +The return value of the script should be the json encoded string of all dynamic users. + .. note:: Environment variable `LUA_PATH`_ and `LUA_CPATH`_ can be set to include more lua module files. @@ -51,9 +61,6 @@ Fetch users through local lua script. .. _LUA_PATH: https://www.lua.org/manual/5.1/manual.html#pdf-package.path .. _LUA_CPATH: https://www.lua.org/manual/5.1/manual.html#pdf-package.cpath - -The return value of the script should be the json encoded string of all dynamic users. - The keys used in *map* format are: * cache_file @@ -136,6 +143,14 @@ python Fetch users through local python script. +The following vars will be defined when running the script: + +* __file__ + + This will be the absolute path of the script file + + .. versionadded:: 1.11.0 + The keys used in *map* format are: * cache_file diff --git a/g3proxy/src/auth/mod.rs b/g3proxy/src/auth/mod.rs index 6664e885d..6d1ec7f58 100644 --- a/g3proxy/src/auth/mod.rs +++ b/g3proxy/src/auth/mod.rs @@ -234,11 +234,9 @@ impl UserGroup { return Some((Arc::clone(user), UserType::Static)); } - if self.config.dynamic_source.is_some() { - let dynamic_users = self.dynamic_users.load(); - if let Some(user) = dynamic_users.get(username) { - return Some((Arc::clone(user), UserType::Dynamic)); - } + let dynamic_users = self.dynamic_users.load(); + if let Some(user) = dynamic_users.get(username) { + return Some((Arc::clone(user), UserType::Dynamic)); } self.get_anonymous_user() diff --git a/g3proxy/src/auth/source/lua.rs b/g3proxy/src/auth/source/lua.rs index 56230add7..9294079de 100644 --- a/g3proxy/src/auth/source/lua.rs +++ b/g3proxy/src/auth/source/lua.rs @@ -25,6 +25,8 @@ use mlua::{Function, Lua, Value}; use crate::config::auth::source::lua::UserDynamicLuaSource; use crate::config::auth::UserConfig; +const LUA_GLOBAL_VAR_FILE: &str = "__file__"; + pub(super) async fn fetch_records( source: &Arc, cache: &Path, @@ -130,6 +132,16 @@ async fn call_lua_fetch(script: PathBuf) -> anyhow::Result { tokio::task::spawn_blocking(move || { let lua = unsafe { Lua::unsafe_new() }; + let globals = lua.globals(); + globals + .set(LUA_GLOBAL_VAR_FILE, script.display().to_string()) + .map_err(|e| { + anyhow!( + "failed to set {} to {}: {e}", + LUA_GLOBAL_VAR_FILE, + script.display() + ) + })?; let code = lua.load(&code); code.eval::() .map_err(|e| anyhow!("failed to run lua fetch script {}: {e}", script.display())) @@ -148,6 +160,16 @@ async fn call_lua_report_ok(script: PathBuf) -> anyhow::Result<()> { tokio::task::spawn_blocking(move || { let lua = unsafe { Lua::unsafe_new() }; + let globals = lua.globals(); + globals + .set(LUA_GLOBAL_VAR_FILE, script.display().to_string()) + .map_err(|e| { + anyhow!( + "failed to set {} to {}: {e}", + LUA_GLOBAL_VAR_FILE, + script.display() + ) + })?; lua.load(&code) .exec() .map_err(|e| anyhow!("failed to load lua report script {}: {e}", script.display()))?; @@ -175,6 +197,16 @@ async fn call_lua_report_err(script: PathBuf, e: String) -> anyhow::Result<()> { tokio::task::spawn_blocking(move || { let lua = unsafe { Lua::unsafe_new() }; + let globals = lua.globals(); + globals + .set(LUA_GLOBAL_VAR_FILE, script.display().to_string()) + .map_err(|e| { + anyhow!( + "failed to set {} to {}: {e}", + LUA_GLOBAL_VAR_FILE, + script.display() + ) + })?; lua.load(&code) .exec() .map_err(|e| anyhow!("failed to load lua report script {}: {e}", script.display()))?; diff --git a/g3proxy/src/auth/source/python.rs b/g3proxy/src/auth/source/python.rs index b6820790a..267f563e0 100644 --- a/g3proxy/src/auth/source/python.rs +++ b/g3proxy/src/auth/source/python.rs @@ -31,6 +31,8 @@ const FN_NAME_FETCH_USERS: &str = "fetch_users"; const FN_NAME_REPORT_OK: &str = "report_ok"; const FN_NAME_REPORT_ERR: &str = "report_err"; +const VAR_NAME_FILE: &str = "__file__"; + pub(super) async fn fetch_records( source: &Arc, cache: &Path, @@ -142,6 +144,14 @@ async fn call_python_fetch(script: PathBuf) -> anyhow::Result { script.display(), ) })?; + code.setattr(VAR_NAME_FILE, script.display().to_string()) + .map_err(|e| { + anyhow!( + "failed to set {} to {}: {e}", + VAR_NAME_FILE, + script.display() + ) + })?; let fetch_users = code.getattr(FN_NAME_FETCH_USERS).map_err(|e| { anyhow!( @@ -190,6 +200,14 @@ async fn call_python_report_ok(script: PathBuf) -> anyhow::Result<()> { script.display(), ) })?; + code.setattr(VAR_NAME_FILE, script.display().to_string()) + .map_err(|e| { + anyhow!( + "failed to set {} to {}: {e}", + VAR_NAME_FILE, + script.display() + ) + })?; if let Ok(report_ok) = code.getattr(FN_NAME_REPORT_OK) { report_ok.call0().map_err(|e| { @@ -224,6 +242,14 @@ async fn call_python_report_err(script: PathBuf, e: String) -> anyhow::Result<() script.display(), ) })?; + code.setattr(VAR_NAME_FILE, script.display().to_string()) + .map_err(|e| { + anyhow!( + "failed to set {} to {}: {e}", + VAR_NAME_FILE, + script.display() + ) + })?; if let Ok(report_ok) = code.getattr(FN_NAME_REPORT_ERR) { let tup = PyTuple::new(py, [e]) diff --git a/g3proxy/utils/lua/src/cmd_run.rs b/g3proxy/utils/lua/src/cmd_run.rs index 508d7a2d8..3a3b7d3cc 100644 --- a/g3proxy/utils/lua/src/cmd_run.rs +++ b/g3proxy/utils/lua/src/cmd_run.rs @@ -50,6 +50,13 @@ pub fn run(lua: &Lua, args: &ArgMatches) -> anyhow::Result<()> { let script = args .get_one::(COMMAND_ARG_SCRIPT) .ok_or_else(|| anyhow!("no script file to run"))?; + let absolute_path = if !script.is_absolute() { + let mut cur_dir = std::env::current_dir()?; + cur_dir.push(script); + cur_dir + } else { + script.to_path_buf() + }; let verbose_level = args .get_one::(COMMAND_ARG_VERBOSE) @@ -59,6 +66,8 @@ pub fn run(lua: &Lua, args: &ArgMatches) -> anyhow::Result<()> { let code = std::fs::read_to_string(script) .map_err(|e| anyhow!("failed to read script file {}: {e:?}", script.display()))?; + let globals = lua.globals(); + globals.set("__file__", absolute_path.display().to_string())?; let code = lua.load(&code); if verbose_level > 1 { diff --git a/scripts/coverage/g3proxy.sh b/scripts/coverage/g3proxy.sh index cf0ad7890..c788e00b8 100755 --- a/scripts/coverage/g3proxy.sh +++ b/scripts/coverage/g3proxy.sh @@ -45,6 +45,7 @@ do sleep 2 [ -f "${dir}/testcases.sh" ] || continue + TESTCASE_DIR=${dir} . "${dir}/testcases.sh" g3proxy_ctl offline diff --git a/scripts/coverage/g3proxy/0000_all_resolver/g3proxy.yaml b/scripts/coverage/g3proxy/0000_all_resolver/g3proxy.yaml index 192c81e4a..d4639828f 100644 --- a/scripts/coverage/g3proxy/0000_all_resolver/g3proxy.yaml +++ b/scripts/coverage/g3proxy/0000_all_resolver/g3proxy.yaml @@ -2,6 +2,10 @@ log: discard +stat: + target: + udp: 127.0.0.1:8125 + resolver: - name: cares1 type: c-ares diff --git a/scripts/coverage/g3proxy/0001_base_http_proxy/g3proxy.yaml b/scripts/coverage/g3proxy/0001_base_http_proxy/g3proxy.yaml index 21d5c742c..232af60b2 100644 --- a/scripts/coverage/g3proxy/0001_base_http_proxy/g3proxy.yaml +++ b/scripts/coverage/g3proxy/0001_base_http_proxy/g3proxy.yaml @@ -2,6 +2,10 @@ log: fluentd +stat: + target: + udp: 127.0.0.1:8125 + resolver: - name: default type: c-ares diff --git a/scripts/coverage/g3proxy/0002_base_socks_proxy/g3proxy.yaml b/scripts/coverage/g3proxy/0002_base_socks_proxy/g3proxy.yaml index 642584e54..899502c97 100644 --- a/scripts/coverage/g3proxy/0002_base_socks_proxy/g3proxy.yaml +++ b/scripts/coverage/g3proxy/0002_base_socks_proxy/g3proxy.yaml @@ -2,6 +2,10 @@ log: syslog +stat: + target: + udp: 127.0.0.1:8125 + resolver: - name: default type: c-ares diff --git a/scripts/coverage/g3proxy/0003_base_tcp_stream/g3proxy.yaml b/scripts/coverage/g3proxy/0003_base_tcp_stream/g3proxy.yaml index db5ed85dd..f1ccd29a7 100644 --- a/scripts/coverage/g3proxy/0003_base_tcp_stream/g3proxy.yaml +++ b/scripts/coverage/g3proxy/0003_base_tcp_stream/g3proxy.yaml @@ -2,6 +2,10 @@ log: stdout +stat: + target: + udp: 127.0.0.1:8125 + resolver: - name: default type: c-ares diff --git a/scripts/coverage/g3proxy/0004_base_http_gateway/g3proxy.yaml b/scripts/coverage/g3proxy/0004_base_http_gateway/g3proxy.yaml index 7d0ff23a3..84521b553 100644 --- a/scripts/coverage/g3proxy/0004_base_http_gateway/g3proxy.yaml +++ b/scripts/coverage/g3proxy/0004_base_http_gateway/g3proxy.yaml @@ -2,6 +2,10 @@ log: journal +stat: + target: + udp: 127.0.0.1:8125 + resolver: - name: default type: c-ares diff --git a/scripts/coverage/g3proxy/0005_transparent_proxy/g3proxy.yaml b/scripts/coverage/g3proxy/0005_transparent_proxy/g3proxy.yaml index e6240f30d..e32e186bf 100644 --- a/scripts/coverage/g3proxy/0005_transparent_proxy/g3proxy.yaml +++ b/scripts/coverage/g3proxy/0005_transparent_proxy/g3proxy.yaml @@ -2,6 +2,10 @@ log: journal +stat: + target: + udp: 127.0.0.1:8125 + resolver: - name: default type: c-ares diff --git a/scripts/coverage/g3proxy/0006_chain_http_proxy/g3proxy.yaml b/scripts/coverage/g3proxy/0006_chain_http_proxy/g3proxy.yaml index 80169d7dd..67cb41a83 100644 --- a/scripts/coverage/g3proxy/0006_chain_http_proxy/g3proxy.yaml +++ b/scripts/coverage/g3proxy/0006_chain_http_proxy/g3proxy.yaml @@ -2,6 +2,10 @@ log: journal +stat: + target: + udp: 127.0.0.1:8125 + resolver: - name: cares1 type: c-ares diff --git a/scripts/coverage/g3proxy/0007_chain_socks_proxy/g3proxy.yaml b/scripts/coverage/g3proxy/0007_chain_socks_proxy/g3proxy.yaml index 8df6e7ae7..526de0f96 100644 --- a/scripts/coverage/g3proxy/0007_chain_socks_proxy/g3proxy.yaml +++ b/scripts/coverage/g3proxy/0007_chain_socks_proxy/g3proxy.yaml @@ -2,6 +2,10 @@ log: syslog +stat: + target: + udp: 127.0.0.1:8125 + resolver: - name: cares1 type: c-ares diff --git a/scripts/coverage/g3proxy/0008_base_user_auth/g3proxy.yaml b/scripts/coverage/g3proxy/0008_base_user_auth/g3proxy.yaml index af02690f7..244c8e728 100644 --- a/scripts/coverage/g3proxy/0008_base_user_auth/g3proxy.yaml +++ b/scripts/coverage/g3proxy/0008_base_user_auth/g3proxy.yaml @@ -2,6 +2,10 @@ log: journal +stat: + target: + udp: 127.0.0.1:8125 + resolver: - name: default type: c-ares diff --git a/scripts/coverage/g3proxy/0009_anonymous_user/g3proxy.yaml b/scripts/coverage/g3proxy/0009_anonymous_user/g3proxy.yaml index 54938064b..dfa1dc4b4 100644 --- a/scripts/coverage/g3proxy/0009_anonymous_user/g3proxy.yaml +++ b/scripts/coverage/g3proxy/0009_anonymous_user/g3proxy.yaml @@ -2,6 +2,10 @@ log: journal +stat: + target: + udp: 127.0.0.1:8125 + resolver: - name: default type: c-ares diff --git a/scripts/coverage/g3proxy/0010_escaper_direct_float/g3proxy.yaml b/scripts/coverage/g3proxy/0010_escaper_direct_float/g3proxy.yaml index c29ce0502..928787d26 100644 --- a/scripts/coverage/g3proxy/0010_escaper_direct_float/g3proxy.yaml +++ b/scripts/coverage/g3proxy/0010_escaper_direct_float/g3proxy.yaml @@ -2,6 +2,10 @@ log: journal +stat: + target: + udp: 127.0.0.1:8125 + resolver: - name: default type: c-ares diff --git a/scripts/coverage/g3proxy/0011_escaper_proxy_float/g3proxy.yaml b/scripts/coverage/g3proxy/0011_escaper_proxy_float/g3proxy.yaml index c50ff7266..4f7353a20 100644 --- a/scripts/coverage/g3proxy/0011_escaper_proxy_float/g3proxy.yaml +++ b/scripts/coverage/g3proxy/0011_escaper_proxy_float/g3proxy.yaml @@ -2,6 +2,10 @@ log: journal +stat: + target: + udp: 127.0.0.1:8125 + resolver: - name: default type: c-ares diff --git a/scripts/coverage/g3proxy/0012_intelli_proxy/g3proxy.yaml b/scripts/coverage/g3proxy/0012_intelli_proxy/g3proxy.yaml new file mode 100644 index 000000000..0fd84fc06 --- /dev/null +++ b/scripts/coverage/g3proxy/0012_intelli_proxy/g3proxy.yaml @@ -0,0 +1,67 @@ +--- + +log: syslog + +stat: + target: + udp: 127.0.0.1:8125 + +resolver: + - name: hickory + type: hickory + server: 127.0.0.1 + +escaper: + - name: default + type: direct_fixed + resolver: hickory + egress_net_filter: + default: allow + allow: 127.0.0.1 + - name: chained_socks5 + type: proxy_socks5 + proxy_addr: 127.0.0.1:6080 + - name: chained_http + type: proxy_http + resolver: hickory + proxy_addr: 127.0.0.1:7080 + +server: + - name: rss + type: http_rproxy + listen: 127.0.0.1:9443 + escaper: default + enable_tls_server: true + global_tls_server: + cert_pairs: + certificate: ../httpbin.local.pem + private-key: ../httpbin.local-key.pem + hosts: + - exact_match: httpbin.local + upstream: 127.0.0.1:80 + tls_server: + cert_pairs: + certificate: ../httpbin.local.pem + private-key: ../httpbin.local-key.pem + - name: chained_socks + type: socks_proxy + listen: 127.0.0.1:6080 + escaper: default + use_udp_associate: true + - name: chained_http + type: http_proxy + listen: 127.0.0.1:7080 + escaper: default + - name: socks + type: socks_proxy + listen: 127.0.0.1:1080 + escaper: chained_socks5 + - name: http + type: http_proxy + listen: 127.0.0.1:8080 + escaper: chained_http + - name: intelli + type: intelli_proxy + listen: 127.0.0.1:9000 + http_server: http + socks_server: socks diff --git a/scripts/coverage/g3proxy/0012_intelli_proxy/testcases.sh b/scripts/coverage/g3proxy/0012_intelli_proxy/testcases.sh new file mode 100644 index 000000000..b3c22ee70 --- /dev/null +++ b/scripts/coverage/g3proxy/0012_intelli_proxy/testcases.sh @@ -0,0 +1,18 @@ +#!/bin/sh + + +HTTP_PROXY="http://127.0.0.1:9000" +test_http_proxy_http_forward +# FTP not supported in proxy escaper +#test_http_proxy_ftp_over_http +test_http_proxy_https_connect +test_http_proxy_https_forward + + +SOCKS5_PROXY="socks5h://127.0.0.1:9000" +test_socks5_proxy_http +test_socks5_proxy_dns + + +SOCKS4_PROXY="socks4a://127.0.0.1:9000" +test_socks4_proxy_http diff --git a/scripts/coverage/g3proxy/0013_dynamic_user/g3proxy.yaml b/scripts/coverage/g3proxy/0013_dynamic_user/g3proxy.yaml new file mode 100644 index 000000000..bd54c87a7 --- /dev/null +++ b/scripts/coverage/g3proxy/0013_dynamic_user/g3proxy.yaml @@ -0,0 +1,86 @@ +--- + +log: journal + +stat: + target: + udp: 127.0.0.1:8125 + +resolver: + - name: default + type: c-ares + server: + - 127.0.0.1 + +escaper: + - name: default + type: direct_fixed + resolver: default + egress_net_filter: + default: allow + allow: 127.0.0.1 + +user-group: + - name: g1 + static_users: + - name: t1 + token: + salt: 4e8f8a4e37f0fa1b + md5: d9d963915b9815d4cc39c196c2868900 + sha1: c28640e7b1a3d9db98187632aeba99c0cff0ffd4 + source: + type: file + path: group_1.json + - name: g2 + static_users: + - name: t1 + token: + salt: 4e8f8a4e37f0fa1b + md5: d9d963915b9815d4cc39c196c2868900 + sha1: c28640e7b1a3d9db98187632aeba99c0cff0ffd4 + - name: t2 + token: '$1$rnfSARNK$DJNIbbMpjjSmral92rE3k1' + - name: g3 + static_users: + - name: t1 + token: + salt: 4e8f8a4e37f0fa1b + md5: d9d963915b9815d4cc39c196c2868900 + sha1: c28640e7b1a3d9db98187632aeba99c0cff0ffd4 + source: + type: lua + fetch_script: group_3.lua + cache_file: group_3_cache.json + - name: g4 + static_users: + - name: t1 + token: + salt: 4e8f8a4e37f0fa1b + md5: d9d963915b9815d4cc39c196c2868900 + sha1: c28640e7b1a3d9db98187632aeba99c0cff0ffd4 + source: + type: python + script: group_4.py + cache_file: group_4_cache.json + +server: + - name: http1 + type: http_proxy + listen: 127.0.0.1:8080 + escaper: default + user-group: g1 + - name: http2 + type: http_proxy + listen: 127.0.0.1:8081 + escaper: default + user-group: g2 + - name: http3 + type: http_proxy + listen: 127.0.0.1:8082 + escaper: default + user-group: g3 + - name: http4 + type: http_proxy + listen: 127.0.0.1:8083 + escaper: default + user-group: g4 diff --git a/scripts/coverage/g3proxy/0013_dynamic_user/group_1.json b/scripts/coverage/g3proxy/0013_dynamic_user/group_1.json new file mode 100644 index 000000000..680f4dc23 --- /dev/null +++ b/scripts/coverage/g3proxy/0013_dynamic_user/group_1.json @@ -0,0 +1,49 @@ +[ + { + "name": "t2", + "token": { + "salt": "113323bdab6fd2cc", + "md5": "5c81f2becadde7fa5fde9026652ccc84", + "sha1": "ff9d5c1a14328dd85ee95d4e574bd0558a1dfa96" + }, + "dst_host_filter_set": { + "exact_match": { + "default": "allow", + "forbid": "192.168.1.1", + "allow": [ + "127.0.0.1" + ] + }, + "subnet_match": { + "default": "allow", + "forbid": [ + "192.168.0.0/16" + ] + } + }, + "dst_port_filter": { + "default": "allow", + "forbid": [ + 22, + "100-200" + ] + }, + "tcp_sock_speed_limit": { + "shift_millis": 8, + "north": "10M", + "south": "10M" + }, + "resolve_redirection": [ + { + "exact": "httpbin.local", + "to": "127.0.0.1" + } + ] + }, + { + "name": "t3", + "token": "$1$rnfSARNK$DJNIbbMpjjSmral92rE3k1", + "tcp_sock_speed_limit": "10M", + "udp_sock_speed_limit": "1M" + } +] diff --git a/scripts/coverage/g3proxy/0013_dynamic_user/group_2.json b/scripts/coverage/g3proxy/0013_dynamic_user/group_2.json new file mode 100644 index 000000000..3da35c0b4 --- /dev/null +++ b/scripts/coverage/g3proxy/0013_dynamic_user/group_2.json @@ -0,0 +1,20 @@ +[ + { + "name": "t2", + "token": { + "salt": "113323bdab6fd2cc", + "md5": "5c81f2becadde7fa5fde9026652ccc84", + "sha1": "ff9d5c1a14328dd85ee95d4e574bd0558a1dfa96" + }, + "proxy_request_filter": { + "default": "allow", + "forbid": "ftp_over_http" + } + }, + { + "name": "t3", + "token": "$1$rnfSARNK$DJNIbbMpjjSmral92rE3k1", + "tcp_sock_speed_limit": "10M", + "udp_sock_speed_limit": "1M" + } +] diff --git a/scripts/coverage/g3proxy/0013_dynamic_user/group_3.lua b/scripts/coverage/g3proxy/0013_dynamic_user/group_3.lua new file mode 100644 index 000000000..d1a5b7a48 --- /dev/null +++ b/scripts/coverage/g3proxy/0013_dynamic_user/group_3.lua @@ -0,0 +1,7 @@ + +local script_dir = __file__:match("(.*/)") +local file = io.open(string.format("%s%s", script_dir, "group_1.json"), "r") +local content = file:read "*a" +file:close() +-- return the json encoded string +return content diff --git a/scripts/coverage/g3proxy/0013_dynamic_user/group_3_cache.json b/scripts/coverage/g3proxy/0013_dynamic_user/group_3_cache.json new file mode 100644 index 000000000..680f4dc23 --- /dev/null +++ b/scripts/coverage/g3proxy/0013_dynamic_user/group_3_cache.json @@ -0,0 +1,49 @@ +[ + { + "name": "t2", + "token": { + "salt": "113323bdab6fd2cc", + "md5": "5c81f2becadde7fa5fde9026652ccc84", + "sha1": "ff9d5c1a14328dd85ee95d4e574bd0558a1dfa96" + }, + "dst_host_filter_set": { + "exact_match": { + "default": "allow", + "forbid": "192.168.1.1", + "allow": [ + "127.0.0.1" + ] + }, + "subnet_match": { + "default": "allow", + "forbid": [ + "192.168.0.0/16" + ] + } + }, + "dst_port_filter": { + "default": "allow", + "forbid": [ + 22, + "100-200" + ] + }, + "tcp_sock_speed_limit": { + "shift_millis": 8, + "north": "10M", + "south": "10M" + }, + "resolve_redirection": [ + { + "exact": "httpbin.local", + "to": "127.0.0.1" + } + ] + }, + { + "name": "t3", + "token": "$1$rnfSARNK$DJNIbbMpjjSmral92rE3k1", + "tcp_sock_speed_limit": "10M", + "udp_sock_speed_limit": "1M" + } +] diff --git a/scripts/coverage/g3proxy/0013_dynamic_user/group_4.py b/scripts/coverage/g3proxy/0013_dynamic_user/group_4.py new file mode 100644 index 000000000..3b049c406 --- /dev/null +++ b/scripts/coverage/g3proxy/0013_dynamic_user/group_4.py @@ -0,0 +1,21 @@ + +from pathlib import Path + + +def fetch_users(): + script_dir = Path(__file__).parent + json_file = script_dir.joinpath('group_1.json') + content = json_file.read_text() + return content + +def report_ok(): + # optional, takes no argument + pass + +def report_err(errmsg): + # optional, takes one positional argument, which is the error message string + pass + + +if __name__ == '__main__': + print(fetch_users()) diff --git a/scripts/coverage/g3proxy/0013_dynamic_user/group_4_cache.json b/scripts/coverage/g3proxy/0013_dynamic_user/group_4_cache.json new file mode 100644 index 000000000..680f4dc23 --- /dev/null +++ b/scripts/coverage/g3proxy/0013_dynamic_user/group_4_cache.json @@ -0,0 +1,49 @@ +[ + { + "name": "t2", + "token": { + "salt": "113323bdab6fd2cc", + "md5": "5c81f2becadde7fa5fde9026652ccc84", + "sha1": "ff9d5c1a14328dd85ee95d4e574bd0558a1dfa96" + }, + "dst_host_filter_set": { + "exact_match": { + "default": "allow", + "forbid": "192.168.1.1", + "allow": [ + "127.0.0.1" + ] + }, + "subnet_match": { + "default": "allow", + "forbid": [ + "192.168.0.0/16" + ] + } + }, + "dst_port_filter": { + "default": "allow", + "forbid": [ + 22, + "100-200" + ] + }, + "tcp_sock_speed_limit": { + "shift_millis": 8, + "north": "10M", + "south": "10M" + }, + "resolve_redirection": [ + { + "exact": "httpbin.local", + "to": "127.0.0.1" + } + ] + }, + { + "name": "t3", + "token": "$1$rnfSARNK$DJNIbbMpjjSmral92rE3k1", + "tcp_sock_speed_limit": "10M", + "udp_sock_speed_limit": "1M" + } +] diff --git a/scripts/coverage/g3proxy/0013_dynamic_user/testcases.sh b/scripts/coverage/g3proxy/0013_dynamic_user/testcases.sh new file mode 100644 index 000000000..4c20cf567 --- /dev/null +++ b/scripts/coverage/g3proxy/0013_dynamic_user/testcases.sh @@ -0,0 +1,15 @@ +#!/bin/sh + + +g3proxy_ctl user-group g2 publish-user ${TESTCASE_DIR}/group_2.json + + +for port in 8080 8081 8082 8083 +do + for user in "t1:toor" "t2:toor" "t3:toor" + do + HTTP_PROXY="http://${user}@127.0.0.1:${port}" + test_http_proxy_http_forward + test_http_proxy_ftp_over_http + done +done diff --git a/scripts/coverage/g3proxy/fluent-bit.conf b/scripts/coverage/g3proxy/fluent-bit.conf new file mode 100644 index 000000000..31fa62735 --- /dev/null +++ b/scripts/coverage/g3proxy/fluent-bit.conf @@ -0,0 +1,91 @@ +[SERVICE] + # Flush + # ===== + # set an interval of seconds before to flush records to a destination + flush 1 + + # Daemon + # ====== + # instruct Fluent Bit to run in foreground or background mode. + daemon Off + + # Log_Level + # ========= + # Set the verbosity level of the service, values can be: + # + # - error + # - warning + # - info + # - debug + # - trace + # + # by default 'info' is set, that means it includes 'error' and 'warning'. + log_level info + + # Parsers File + # ============ + # specify an optional 'Parsers' configuration file + parsers_file parsers.conf + + # Plugins File + # ============ + # specify an optional 'Plugins' configuration file to load external plugins. + plugins_file plugins.conf + + # HTTP Server + # =========== + # Enable/Disable the built-in HTTP Server for metrics + http_server Off + http_listen 0.0.0.0 + http_port 2020 + + # Storage + # ======= + # Fluent Bit can use memory and filesystem buffering based mechanisms + # + # - https://docs.fluentbit.io/manual/administration/buffering-and-storage + # + # storage metrics + # --------------- + # publish storage pipeline metrics in '/api/v1/storage'. The metrics are + # exported only if the 'http_server' option is enabled. + # + storage.metrics on + + # storage.path + # ------------ + # absolute file system path to store filesystem data buffers (chunks). + # + # storage.path /tmp/storage + + # storage.sync + # ------------ + # configure the synchronization mode used to store the data into the + # filesystem. It can take the values normal or full. + # + # storage.sync normal + + # storage.checksum + # ---------------- + # enable the data integrity check when writing and reading data from the + # filesystem. The storage layer uses the CRC32 algorithm. + # + # storage.checksum off + + # storage.backlog.mem_limit + # ------------------------- + # if storage.path is set, Fluent Bit will look for data chunks that were + # not delivered and are still in the storage layer, these are called + # backlog data. This option configure a hint of maximum value of memory + # to use when processing these records. + # + # storage.backlog.mem_limit 5M + +[INPUT] + name forward + listen 127.0.0.1 + port 24224 + +[OUTPUT] + name stdout + match * diff --git a/scripts/coverage/g3proxy/g3proxy.yaml b/scripts/coverage/g3proxy/g3proxy.yaml index 7c3d1673f..b611680a7 100644 --- a/scripts/coverage/g3proxy/g3proxy.yaml +++ b/scripts/coverage/g3proxy/g3proxy.yaml @@ -77,36 +77,6 @@ escaper: egress_net_filter: default: allow allow: 127.0.0.1 - - name: proxy10080 - type: proxy_http - proxy_addr: 127.0.0.1:10080 - http_forward_capability: - forward_ftp: true - - name: proxy10443 - type: proxy_https - proxy_addr: 127.0.0.1:10443 - http_forward_capability: - forward_ftp: true - tls_client: - ca_certificate: rootCA.pem - tls_name: g3proxy.local - - name: proxy11080 - type: proxy_socks5 - proxy_addr: 127.0.0.1:11080 - - name: float10080 - type: proxy_float - source: - type: passive - - name: float10443 - type: proxy_float - source: - type: passive - tls_client: - ca_certificate: rootCA.pem - - name: float11080 - type: proxy_float - source: - type: passive - name: route0 type: trick_float next: @@ -149,51 +119,6 @@ escaper: fallback_node: route3 server: - - name: http10080 - type: http_proxy - listen: 127.0.0.1:10080 - escaper: direct - - name: http10081 - type: http_proxy - listen: 127.0.0.1:10081 - escaper: direct_lazy - - name: http10082 - type: http_proxy - listen: 127.0.0.1:10082 - escaper: direct - user-group: default - - name: http10443 - type: http_proxy - listen: 127.0.0.1:10443 - escaper: direct - tls_server: - certificate: g3proxy.local.pem - private_key: g3proxy.local-key.pem - - name: socks11080 - type: socks_proxy - listen: 127.0.0.1:11080 - escaper: direct - - name: socks11082 - type: socks_proxy - listen: 127.0.0.1:11082 - escaper: direct - user-group: default - - name: http20082 - type: http_proxy - listen: 127.0.0.1:20082 - escaper: float10080 - - name: http20083 - type: http_proxy - listen: 127.0.0.1:20083 - escaper: float10443 - - name: http20084 - type: http_proxy - listen: 127.0.0.1:20084 - escaper: float11080 - - name: socks21083 - type: socks_proxy - listen: 127.0.0.1:21083 - escaper: float11080 - name: tls9443 escaper: direct type: tls_stream @@ -202,11 +127,6 @@ server: certificate: httpbin.local.pem private-key: httpbin.local-key.pem upstream: 127.0.0.1:80 - - name: ppdpport9003 - type: ppdp_tcp_port - listen: 127.0.0.1:9003 - http_server: http10080 - socks_server: socks11080 - name: http_route13128 type: http_proxy listen: 127.0.0.1:13128 diff --git a/scripts/coverage/g3proxy/testcases.sh b/scripts/coverage/g3proxy/testcases.sh index 544ab1194..070fd1107 100644 --- a/scripts/coverage/g3proxy/testcases.sh +++ b/scripts/coverage/g3proxy/testcases.sh @@ -1,15 +1,12 @@ #!/bin/sh -all_http_proxies="http://127.0.0.1:10080 http://t1:toor@127.0.0.1:10082 http://t2:toor@127.0.0.1:10082 http://127.0.0.1:9003" -all_socks_proxies="socks5h://127.0.0.1:11080 socks5h://t1:toor@127.0.0.1:11082 socks5h://127.0.0.1:9003" -partial_proxies="http://127.0.0.1:13128 http://127.0.0.1:10081 http://t3:toor@127.0.0.1:10082 http://127.0.0.1:20082 http://127.0.0.1:20083 http://127.0.0.1:20084 socks5h://127.0.0.1:21083" +all_http_proxies="http://127.0.0.1:10080" +all_socks_proxies="socks5h://127.0.0.1:11080" +partial_proxies="http://127.0.0.1:13128" all_proxies="${all_http_proxies} ${all_socks_proxies} ${partial_proxies}" ## echo "==== Update dynamic escapers" -./target/debug/g3proxy-ctl -G ${TEST_NAME} -p $PROXY_PID escaper float10080 publish '{"type":"http","addr":"127.0.0.1:10080"}' -./target/debug/g3proxy-ctl -G ${TEST_NAME} -p $PROXY_PID escaper float10443 publish '{"type":"https","addr":"127.0.0.1:10443", "tls_name": "g3proxy.local"}' -./target/debug/g3proxy-ctl -G ${TEST_NAME} -p $PROXY_PID escaper float11080 publish '{"type":"socks5","addr":"127.0.0.1:11080"}' ./target/debug/g3proxy-ctl -G ${TEST_NAME} -p $PROXY_PID escaper direct_lazy publish "{\"ipv4\": \"127.0.0.1\"}" ## httpbin @@ -20,21 +17,3 @@ do python3 "${PROJECT_DIR}/g3proxy/ci/python3+requests/test_httpbin.py" -x ${proxy} -T http://httpbin.local || : python3 "${PROJECT_DIR}/g3proxy/ci/python3+requests/test_httpbin.py" -x ${proxy} -T https://httpbin.local:9443 --ca-cert "${SCRIPTS_DIR}/g3proxy/rootCA.pem" || : done - -## DNS -echo "==== DNS" -for proxy in $all_socks_proxies -do - echo "-- ${proxy}" - "${SCRIPTS_DIR}/../test/socks5_dns_query.py" -x ${proxy} --dns-server 127.0.0.1 g3proxy.local httpbin.local -v || : -done - -## FTP over HTTP -echo "==== FTP over HTTP" -for proxy in $all_http_proxies -do - echo "-- ${proxy}" - curl -x ${proxy} --upload-file "${SCRIPTS_DIR}/g3proxy/README.md" ftp://ftpuser:ftppass@127.0.0.1/README - curl -x ${proxy} ftp://ftpuser:ftppass@127.0.0.1 - curl -x ${proxy} ftp://ftpuser:ftppass@127.0.0.1/README -done