feat: add per-listener SOCKS5 server authentication (RFC 1929)
Per-listener username/password auth via `auth:` config key. When set, clients must negotiate method 0x02 and pass RFC 1929 subnegotiation; no-auth (0x00) is rejected to prevent downgrade. Listeners without `auth` keep current no-auth behavior. Includes auth_failures metric, API integration (/status auth flag, /config auth_users count without exposing passwords), config parsing with YAML int coercion, integration tests (success, failure, method rejection, no-auth unchanged), and documentation updates. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
user
8
TASKS.md
8
TASKS.md
@@ -59,6 +59,12 @@
|
||||
- [x] API: merged `/pool` with per-pool breakdown, `/status` pools summary
|
||||
- [x] Backward compat: singular `proxy_pool:` registers as `"default"`
|
||||
|
||||
- [x] Integration tests with mock SOCKS5 proxy (end-to-end)
|
||||
- [x] Per-destination bypass rules (CIDR, suffix, exact match)
|
||||
- [x] Weighted multi-candidate pool selection
|
||||
- [x] Onion chain-only routing (.onion skips pool hops)
|
||||
- [x] Graceful shutdown timeout (fixes cProfile data dump)
|
||||
|
||||
## Next
|
||||
- [ ] Integration tests with mock proxy server
|
||||
- [x] Integration tests with mock proxy server
|
||||
- [ ] SOCKS5 server-side authentication
|
||||
|
||||
Reference in New Issue
Block a user