Added Regex destination matching

2021-07-24 21:22:03 +10:00 · 2021-07-24 21:22:03 +10:00 · ca40be5600
commit ca40be5600
parent 76cd1a28e6
3 changed files with 43 additions and 7 deletions
--- a/README.md
+++ b/README.md
@ -7,7 +7,13 @@ Simple socks5 server using go-socks5 with authentication options

 ## Start container with proxy

-```docker run -d --name socks5 -p 1080:1080 -e PROXY_USER=<PROXY_USER> -e PROXY_PASSWORD=<PROXY_PASSWORD>  serjs/go-socks5-proxy```
+```
+docker run -d --name socks5 -p 1080:1080 \
+    -e PROXY_USER=<PROXY_USER> \
+    -e PROXY_PASSWORD=<PROXY_PASSWORD> \
+    -e ALLOWED_DEST_FQDN=<REGEX_PATTERN> \
+    serjs/go-socks5-proxy
+```

 Leave `PROXY_USER` and `PROXY_PASSWORD` empty for skip authentication options while running socks5 server.

@ -18,6 +24,7 @@ Leave `PROXY_USER` and `PROXY_PASSWORD` empty for skip authentication options wh
 |PROXY_USER|String|EMPTY|Set proxy user (also required existed PROXY_PASS)|
 |PROXY_PASSWORD|String|EMPTY|Set proxy password for auth, used with PROXY_USER|
 |PROXY_PORT|String|1080|Set listen port for application inside docker container|
+|ALLOWED_DEST_FQDN|String|EMPTY|Allowed destination address regular expression pattern. Default allows all.|
 |TZ|String|UTC|Set Timezone like in many common Operation Systems|

 ## Test running service
--- a/ruleset.go
+++ b/ruleset.go
@ -0,0 +1,24 @@
+package main
+
+import (
+	"regexp"
+
+	"github.com/armon/go-socks5"
+	"golang.org/x/net/context"
+)
+
+// PermitDestAddrPattern returns a RuleSet which selectively allows addresses
+func PermitDestAddrPattern(pattern string) socks5.RuleSet {
+	return &PermitDestAddrPatternRuleSet{pattern}
+}
+
+// PermitDestAddrPatternRuleSet is an implementation of the RuleSet which
+// enables filtering supported destination address
+type PermitDestAddrPatternRuleSet struct {
+	AllowedFqdnPattern string
+}
+
+func (p *PermitDestAddrPatternRuleSet) Allow(ctx context.Context, req *socks5.Request) (context.Context, bool) {
+	match, _ := regexp.MatchString(p.AllowedFqdnPattern, req.DestAddr.FQDN)
+	return ctx, match
+}
--- a/server.go
+++ b/server.go
@ -9,9 +9,10 @@ import (
 )

 type params struct {
-	User     string `env:"PROXY_USER" envDefault:""`
-	Password string `env:"PROXY_PASSWORD" envDefault:""`
-	Port     string `env:"PROXY_PORT" envDefault:"1080"`
+	User            string `env:"PROXY_USER" envDefault:""`
+	Password        string `env:"PROXY_PASSWORD" envDefault:""`
+	Port            string `env:"PROXY_PORT" envDefault:"1080"`
+	AllowedDestFqdn string `env:"ALLOWED_DEST_FQDN" envDefault:""`
 }

 func main() {
@ -23,7 +24,7 @@ func main() {
 	}

 	//Initialize socks5 config
-	socsk5conf := &socks5.Config{
+	socks5conf := &socks5.Config{
 		Logger: log.New(os.Stdout, "", log.LstdFlags),
 	}

@ -32,10 +33,14 @@ func main() {
 			os.Getenv("PROXY_USER"): os.Getenv("PROXY_PASSWORD"),
 		}
 		cator := socks5.UserPassAuthenticator{Credentials: creds}
-		socsk5conf.AuthMethods = []socks5.Authenticator{cator}
+		socks5conf.AuthMethods = []socks5.Authenticator{cator}
 	}

-	server, err := socks5.New(socsk5conf)
+	if cfg.AllowedDestFqdn != "" {
+		socks5conf.Rules = PermitDestAddrPattern(cfg.AllowedDestFqdn)
+	}
+
+	server, err := socks5.New(socks5conf)
 	if err != nil {
 		log.Fatal(err)
 	}