fa3621806d
Per-listener username/password auth via `auth:` config key. When set, clients must negotiate method 0x02 and pass RFC 1929 subnegotiation; no-auth (0x00) is rejected to prevent downgrade. Listeners without `auth` keep current no-auth behavior. Includes auth_failures metric, API integration (/status auth flag, /config auth_users count without exposing passwords), config parsing with YAML int coercion, integration tests (success, failure, method rejection, no-auth unchanged), and documentation updates. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
3.3 KiB
s5p -- Tasks
Current
-
Scaffold project structure
-
Implement SOCKS5 server
-
Implement protocol handshakes (SOCKS5, SOCKS4/4a, HTTP CONNECT)
-
Implement chain builder
-
CLI and config loading
-
Unit tests (config, proto)
-
Documentation
-
Smoke test with Tor
-
Containerfile + compose.yaml (Alpine)
-
Graceful SIGTERM shutdown
-
cProfile support (
--cprofile) -
Config split (example.yaml tracked, s5p.yaml gitignored)
-
Dynamic proxy source API integration
-
Connection retry with proxy rotation
-
Connection metrics (periodic + shutdown logging)
-
Managed proxy pool (multi-source, health-tested, persistent)
-
Weighted proxy selection (prefer recently-tested proxies)
-
Per-proxy backoff (60s cooldown after connection failure)
-
Stale proxy expiry (evict dead proxies not seen for 3 refresh cycles)
-
Pool stats in periodic metrics log (
pool=alive/total) -
Fast warm start (trust cached state, defer all health tests)
-
Static chain health check (skip pool tests if chain unreachable)
-
SIGHUP hot config reload (timeout, retries, log_level, pool config)
-
Dead proxy reporting (
report_urlPOST evicted proxies to API) -
Concurrent connection semaphore (
max_connections, CLI-m) -
Async HTTP client (replace blocking urllib, parallel source fetch)
-
First-hop TCP connection pool (
pool_size,pool_max_idle) -
Codebase consolidation (refactor/codebase-consolidation)
- Extract shared proxy parsing and constants to config.py
- Consolidate health-check HTTP logic in pool
- Remove threading from metrics (pure asyncio, no lock needed)
- Replace
ensure_futurewithcreate_task - Rename ambiguous variables in config loader
- Remove legacy ProxySource layer (source.py deleted)
- Add tests for extracted
parse_api_proxies
-
Instant warm start (trust cached state, defer all health tests)
-
Register signal handlers before startup (fix SIGKILL on stop)
-
Use k8s-file logging driver with rotation
-
Built-in control API (
api.py,--api,api_listen) -
Tor control port integration (NEWNYM signaling, periodic rotation)
-
Replace HTTP health check with TLS handshake (round-robin targets, no httpbin dependency)
-
Multi-listener with configurable proxy chaining (per-port chain depth)
-
Connection rate and chain latency metrics (rate/s, p50/p95/p99)
-
Per-listener latency tracking
-
Dynamic health test concurrency
-
Multi-Tor round-robin via
tor_nodesconfig -
Named proxy pools with per-listener assignment (
proxy_pools:,pool:)mitmsource filter (?mitm=0/?mitm=1API query param)- Per-pool state files (
pool-{name}.json) - Per-pool log prefixes (
pool[name]: ...) - API: merged
/poolwith per-pool breakdown,/statuspools summary - Backward compat: singular
proxy_pool:registers as"default"
-
Integration tests with mock SOCKS5 proxy (end-to-end)
-
Per-destination bypass rules (CIDR, suffix, exact match)
-
Weighted multi-candidate pool selection
-
Onion chain-only routing (.onion skips pool hops)
-
Graceful shutdown timeout (fixes cProfile data dump)
Next
- Integration tests with mock proxy server
- SOCKS5 server-side authentication