proxy

package
v0.13.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 25, 2026 License: MIT Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Forward 

func Forward(ctx context.Context, client, upstream net.Conn, peeked []byte, logger zerolog.Logger)

Forward pipes data bidirectionally between client and upstream, replaying peeked ClientHello bytes to upstream first.

func PeekClientHello 

func PeekClientHello(conn net.Conn) (peeked []byte, serverName string, err error)

PeekClientHello reads the TLS ClientHello from conn without consuming it. Returns the peeked bytes (to replay to upstream) and the extracted SNI hostname.

Types

type Config 

type Config struct {
	Mode    Mode     `mapstructure:"mode"`
	Domains []string `mapstructure:"domains"`
}

Config holds the proxy section of .humanconfig.yaml.

func LoadConfig 

func LoadConfig(dir string) (*Config, error)

LoadConfig reads the proxy configuration from .humanconfig.yaml in dir. Returns (nil, nil) when the proxy section is absent.

type Decider 

type Decider interface {
	Allowed(hostname string) bool
}

Decider decides whether a given hostname is allowed to pass through the proxy.

type InteractiveDecider 

type InteractiveDecider struct {
	// contains filtered or unexported fields
}

InteractiveDecider wraps a base Decider and prompts the user for hostnames that the base does not allow. Decisions are cached for the session.

func NewInteractiveDecider 

func NewInteractiveDecider(base Decider, prompt PromptFunc) *InteractiveDecider

NewInteractiveDecider creates an InteractiveDecider that falls through to prompt for hostnames not allowed by base.

func (*InteractiveDecider) Allowed 

func (d *InteractiveDecider) Allowed(hostname string) bool

Allowed returns true if the hostname is permitted. Hostnames allowed by the base decider pass through immediately. Unknown hostnames trigger a prompt; the result is cached for subsequent calls.

type Mode 

type Mode string

Mode determines whether the domain list is an allowlist or blocklist. 

const (
	ModeAllow Mode = "allowlist"
	ModeBlock Mode = "blocklist"
)

type Policy 

type Policy struct {
	// contains filtered or unexported fields
}

Policy decides whether a given hostname is allowed to pass through the proxy.

func BlockAllPolicy 

func BlockAllPolicy() *Policy

BlockAllPolicy returns a policy that blocks every hostname.

func NewPolicy 

func NewPolicy(mode Mode, domains []string) (*Policy, error)

NewPolicy creates a policy from a mode and domain list.

func (*Policy) Allowed 

func (p *Policy) Allowed(hostname string) bool

Allowed reports whether hostname is permitted by this policy.

type PromptFunc 

type PromptFunc func(hostname string) (bool, error)

PromptFunc asks the user whether a hostname should be allowed. It returns true to allow, false to deny.

func NewTerminalPrompt 

func NewTerminalPrompt(in io.Reader, out io.Writer) PromptFunc

NewTerminalPrompt returns a PromptFunc that asks the user via the terminal. It serialises I/O with its own mutex so that concurrent prompts don't interleave on the terminal.

type Server 

type Server struct {
	Addr   string
	Policy Decider
	Logger zerolog.Logger
	// Dialer connects to upstream servers. Injected for testing.
	Dialer func(ctx context.Context, network, address string) (net.Conn, error)
}

Server is a transparent HTTPS proxy that reads the SNI from TLS ClientHello to block/allow domains without decrypting traffic.

func (*Server) ListenAndServe 

func (s *Server) ListenAndServe(ctx context.Context) error

ListenAndServe starts the TCP listener and blocks until ctx is cancelled.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.