Create connection handlers that can be shared between WebSocket and layer4 connections.

Author: sbruens

caddy/app.go

@@ -28,15 +28,19 @@ import (
 	"github.com/prometheus/client_golang/prometheus"
 )
 
-const outlineModuleName = "outline"
+const (
+	outlineModuleName = "outline"
+	replayCacheCtxKey = "outline_replay_cache"
+	metricsCtxKey     = "outline_metrics"
+)
 
 func init() {
 	replayCache := outline.NewReplayCache(0)
 	caddy.RegisterModule(ModuleRegistration{
 		ID: outlineModuleName,
 		New: func() caddy.Module {
 			app := new(OutlineApp)
-			app.ReplayCache = replayCache
+			app.replayCache = replayCache
 			return app
 		},
 	})
@@ -48,10 +52,11 @@ type ShadowsocksConfig struct {
 
 type OutlineApp struct {
 	ShadowsocksConfig *ShadowsocksConfig `json:"shadowsocks,omitempty"`
+	Handlers          ConnectionHandlers `json:"connection_handlers,omitempty"`
 
-	ReplayCache outline.ReplayCache
 	logger      *slog.Logger
-	Metrics     outline.ServiceMetrics
+	replayCache outline.ReplayCache
+	metrics     outline.ServiceMetrics
 	buildInfo   *prometheus.GaugeVec
 }
 
@@ -71,7 +76,7 @@ func (app *OutlineApp) Provision(ctx caddy.Context) error {
 	app.logger.Info("provisioning app instance")
 
 	if app.ShadowsocksConfig != nil {
-		if err := app.ReplayCache.Resize(app.ShadowsocksConfig.ReplayHistory); err != nil {
+		if err := app.replayCache.Resize(app.ShadowsocksConfig.ReplayHistory); err != nil {
 			return fmt.Errorf("failed to configure replay history with capacity %d: %v", app.ShadowsocksConfig.ReplayHistory, err)
 		}
 	}
@@ -83,6 +88,14 @@ func (app *OutlineApp) Provision(ctx caddy.Context) error {
 	app.buildInfo.WithLabelValues("dev").Set(1)
 	// TODO: Add replacement metrics for `shadowsocks_keys` and `shadowsocks_ports`.
 
+	ctx = ctx.WithValue(replayCacheCtxKey, app.replayCache)
+	ctx = ctx.WithValue(metricsCtxKey, app.metrics)
+
+	err := app.Handlers.Provision(ctx)
+	if err != nil {
+		return err
+	}
+
 	return nil
 }
 
@@ -104,7 +117,7 @@ func (app *OutlineApp) defineMetrics() error {
 	if err != nil {
 		return err
 	}
-	app.Metrics, err = registerCollector(r, metrics)
+	app.metrics, err = registerCollector(r, metrics)
 	if err != nil {
 		return err
 	}

caddy/connection_handler.go

@@ -0,0 +1,66 @@
+// Copyright 2024 The Outline Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package outlinecaddy
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"github.com/caddyserver/caddy/v2"
+	"github.com/mholt/caddy-l4/layer4"
+)
+
+type ConnectionHandler struct {
+	Name              string          `json:"name,omitempty"`
+	WrappedHandlerRaw json.RawMessage `json:"handle,omitempty" caddy:"namespace=layer4.handlers inline_key=handler"`
+
+	compiled layer4.NextHandler
+}
+
+var (
+	_ caddy.Provisioner  = (*ConnectionHandler)(nil)
+	_ layer4.NextHandler = (*ConnectionHandler)(nil)
+)
+
+// Provision sets up the connection handler.
+func (ch *ConnectionHandler) Provision(ctx caddy.Context) error {
+	mod, err := ctx.LoadModule(ch, "WrappedHandlerRaw")
+	if err != nil {
+		return err
+	}
+	compiled, ok := mod.(layer4.NextHandler)
+	if !ok {
+		return fmt.Errorf("module is of type `%T`, expected `layer4.NextHandler`", compiled)
+	}
+	ch.compiled = compiled
+	return nil
+}
+
+func (ch *ConnectionHandler) Handle(cx *layer4.Connection, next layer4.Handler) error {
+	return ch.compiled.Handle(cx, next)
+}
+
+type ConnectionHandlers []*ConnectionHandler
+
+// Provision sets up all the connection handlers.
+func (ch ConnectionHandlers) Provision(ctx caddy.Context) error {
+	for i, h := range ch {
+		err := h.Provision(ctx)
+		if err != nil {
+			return fmt.Errorf("connection handler %d: %v", i, err)
+		}
+	}
+	return nil
+}

caddy/examples/config_example.json

@@ -31,115 +31,53 @@
                             ]
                         }
                     ]
-                }
-            }
-        },
-        "layer4": {
-            "servers": {
-                "1": {
-                    "listen": [
-                        "tcp/[::]:9000",
-                        "udp/[::]:9000"
-                    ],
+                },
+                "ws1": {
+                    "listen": [":8000"],
                     "routes": [
                         {
-                            "match": [
-                                {
-                                    "http": [
-                                        {
-                                            "path": [
-                                                "/tcp"
-                                            ],
-                                            "header": {
-                                                "Connection": ["*Upgrade*"],
-                                                "Upgrade": ["websocket"]
-                                            }
-                                        }
-                                    ]
-                                }
-                            ],
+                            "match": [{"path": ["/tcp"]}],
                             "handle": [
                                 {
-                                    "handler": "websocket",
-                                    "type": "stream"
-                                },
-                                {
-                                    "handler": "shadowsocks",
-                                    "keys": [
-                                        {
-                                            "id": "user-0",
-                                            "cipher": "chacha20-ietf-poly1305",
-                                            "secret": "Secret0"
-                                        },
-                                        {
-                                            "id": "user-1",
-                                            "cipher": "chacha20-ietf-poly1305",
-                                            "secret": "Secret1"
-                                        }
-                                    ]
+                                    "handler": "ws2outline",
+                                    "type": "stream",
+                                    "connection_handler": "main"
                                 }
                             ]
                         },
                         {
-                            "match": [
-                                {
-                                    "http": [
-                                        {
-                                            "path": [
-                                                "/udp"
-                                            ],
-                                            "header": {
-                                                "Connection": ["*Upgrade*"],
-                                                "Upgrade": ["websocket"]
-                                            }
-                                        }
-                                    ]
-                                }
-                            ],
+                            "match": [{"path": ["/udp"]}],
                             "handle": [
                                 {
-                                    "handler": "websocket",
-                                    "type": "packet"
-                                },
-                                {
-                                    "handler": "shadowsocks",
-                                    "keys": [
-                                        {
-                                            "id": "user-0",
-                                            "cipher": "chacha20-ietf-poly1305",
-                                            "secret": "Secret0"
-                                        },
-                                        {
-                                            "id": "user-1",
-                                            "cipher": "chacha20-ietf-poly1305",
-                                            "secret": "Secret1"
-                                        }
-                                    ]
+                                    "handler": "ws2outline",
+                                    "type": "packet",
+                                    "connection_handler": "main"
                                 }
                             ]
-                        },
+                        }
+                    ]
+                }
+            }
+        },
+        "layer4": {
+            "servers": {
+                "ss1": {
+                    "listen": [
+                        "tcp/[::]:9000",
+                        "udp/[::]:9000"
+                    ],
+                    "routes": [
                         {
                             "handle": [
                                 {
-                                    "handler": "shadowsocks",
-                                    "keys": [
-                                        {
-                                            "id": "user-0",
-                                            "cipher": "chacha20-ietf-poly1305",
-                                            "secret": "Secret0"
-                                        },
-                                        {
-                                            "id": "user-1",
-                                            "cipher": "chacha20-ietf-poly1305",
-                                            "secret": "Secret1"
-                                        }
-                                    ]
+                                    "handler": "outline",
+                                    "connection_handler": "main"
                                 }
                             ]
                         }
                     ]
                 },
-                "2": {
+                "ss2_no_replaycache": {
                     "listen": [
                         "tcp/[::]:9001",
                         "udp/[::]:9001"
@@ -166,7 +104,27 @@
         "outline": {
             "shadowsocks": {
                 "replay_history": 10000
-            }
+            },
+            "connection_handlers": [
+                {
+                    "name": "main",
+                    "handle": {
+                        "handler": "shadowsocks",
+                        "keys": [
+                            {
+                                "id": "user-0",
+                                "cipher": "chacha20-ietf-poly1305",
+                                "secret": "Secret0"
+                            },
+                            {
+                                "id": "user-1",
+                                "cipher": "chacha20-ietf-poly1305",
+                                "secret": "Secret1"
+                            }
+                        ]
+                    }
+                }
+            ]
         }
     }
 }

caddy/examples/simple.yml

@@ -1,3 +1,17 @@
+# Copyright 2024 The Outline Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 ---
 admin:
   disabled: true

caddy/examples/websocket.yml

@@ -1,3 +1,17 @@
+# Copyright 2024 The Outline Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 ---
 admin:
   disabled: true

caddy/go.mod

@@ -6,9 +6,10 @@ require (
 	github.com/Jigsaw-Code/outline-sdk v0.0.16
 	github.com/Jigsaw-Code/outline-ss-server v1.7.3-0.20240923183844-cb5965fd1a69
 	github.com/caddyserver/caddy/v2 v2.8.4
-	github.com/gorilla/websocket v1.5.3
 	github.com/mholt/caddy-l4 v0.0.0-20240812213304-afa78d72257b
 	github.com/prometheus/client_golang v1.20.0
+	go.uber.org/zap v1.27.0
+	golang.org/x/net v0.30.0
 )
 
 require (
@@ -108,17 +109,15 @@ require (
 	go.uber.org/automaxprocs v1.5.3 // indirect
 	go.uber.org/mock v0.4.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	go.uber.org/zap v1.27.0 // indirect
 	go.uber.org/zap/exp v0.2.0 // indirect
-	golang.org/x/crypto v0.24.0 // indirect
+	golang.org/x/crypto v0.28.0 // indirect
 	golang.org/x/crypto/x509roots/fallback v0.0.0-20240507223354-67b13616a595 // indirect
 	golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect
 	golang.org/x/mod v0.17.0 // indirect
-	golang.org/x/net v0.26.0 // indirect
-	golang.org/x/sync v0.7.0 // indirect
-	golang.org/x/sys v0.22.0 // indirect
-	golang.org/x/term v0.21.0 // indirect
-	golang.org/x/text v0.16.0 // indirect
+	golang.org/x/sync v0.8.0 // indirect
+	golang.org/x/sys v0.26.0 // indirect
+	golang.org/x/term v0.25.0 // indirect
+	golang.org/x/text v0.19.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20240506185236-b8a5c65736ae // indirect