refine shadowsocks ota settings

2024-12-30 05:56:54 -05:00 · 2016-11-02 16:17:57 +01:00 · 2016-11-02 16:17:57 +01:00 · 687e008c9a
commit 687e008c9a
parent 43dacc3936
3 changed files with 26 additions and 6 deletions
--- a/proxy/shadowsocks/client.go
+++ b/proxy/shadowsocks/client.go
@ -66,7 +66,7 @@ func (this *Client) Dispatch(destination v2net.Destination, payload *alloc.Buffe
 	account := rawAccount.(*ShadowsocksAccount)
 	request.User = user

-	if account.OneTimeAuth {
+	if account.OneTimeAuth == Account_Auto || account.OneTimeAuth == Account_Enabled {
 		request.Option |= RequestOptionOneTimeAuth
 	}

--- a/proxy/shadowsocks/config.go
+++ b/proxy/shadowsocks/config.go
@ -13,7 +13,7 @@ import (
 type ShadowsocksAccount struct {
 	Cipher      Cipher
 	Key         []byte
-	OneTimeAuth bool
+	OneTimeAuth Account_OneTimeAuth
 }

 func (this *ShadowsocksAccount) Equals(another protocol.Account) bool {
@ -46,7 +46,7 @@ func (this *Account) AsAccount() (protocol.Account, error) {
 	return &ShadowsocksAccount{
 		Cipher:      cipher,
 		Key:         this.GetCipherKey(),
-		OneTimeAuth: this.Ota == Account_Auto || this.Ota == Account_Enabled,
+		OneTimeAuth: this.Ota,
 	}, nil
 }

--- a/proxy/shadowsocks/server.go
+++ b/proxy/shadowsocks/server.go
@ -21,6 +21,7 @@ type Server struct {
 	packetDispatcher dispatcher.PacketDispatcher
 	config           *ServerConfig
 	user             *protocol.User
+	account          *ShadowsocksAccount
 	meta             *proxy.InboundHandlerMeta
 	accepting        bool
 	tcpHub           *internet.TCPHub
@ -33,10 +34,17 @@ func NewServer(config *ServerConfig, space app.Space, meta *proxy.InboundHandler
 		return nil, protocol.ErrUserMissing
 	}

+	rawAccount, err := user.GetTypedAccount()
+	if err != nil {
+		return nil, errors.New("Shadowsocks|Server: Failed to get user account: " + err.Error())
+	}
+	account := rawAccount.(*ShadowsocksAccount)
+
 	s := &Server{
-		config: config,
-		meta:   meta,
-		user:   config.GetUser(),
+		config:  config,
+		meta:    meta,
+		user:    config.GetUser(),
+		account: account,
 	}

 	space.InitializeApplication(func() error {
@ -105,6 +113,18 @@ func (this *Server) handlerUDPPayload(payload *alloc.Buffer, session *proxy.Sess
 		return
 	}

+	if request.Option.Has(RequestOptionOneTimeAuth) && this.account.OneTimeAuth == Account_Disabled {
+		log.Info("Shadowsocks|Server: Client payload enables OTA but server doesn't allow it.")
+		payload.Release()
+		return
+	}
+
+	if !request.Option.Has(RequestOptionOneTimeAuth) && this.account.OneTimeAuth == Account_Enabled {
+		log.Info("Shadowsocks|Server: Client payload disables OTA but server forces it.")
+		payload.Release()
+		return
+	}
+
 	dest := request.Destination()
 	log.Access(source, dest, log.AccessAccepted, "")
 	log.Info("Shadowsocks|Server: Tunnelling request to ", dest)