proxy

package
v0.14.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 27, 2026 License: MIT Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Forward 

func Forward(ctx context.Context, client, upstream net.Conn, peeked []byte, logger zerolog.Logger)

Forward pipes data bidirectionally between client and upstream, replaying peeked ClientHello bytes to upstream first.

func PeekClientHello 

func PeekClientHello(conn net.Conn) (peeked []byte, serverName string, err error)

PeekClientHello reads the TLS ClientHello from conn without consuming it. Returns the peeked bytes (to replay to upstream) and the extracted SNI hostname.

func RemoveStats added in v0.14.0 

func RemoveStats(path string)

RemoveStats removes the proxy stats file (best-effort).

func StatsPath added in v0.14.0 

func StatsPath() string

StatsPath returns the default path for the proxy stats file (~/.human/proxy-stats.json).

func WriteStats added in v0.14.0 

func WriteStats(path string, s Stats) error

WriteStats atomically writes stats to path (write tmp + rename).

Types

type Config 

type Config struct {
	Mode    Mode     `mapstructure:"mode"`
	Domains []string `mapstructure:"domains"`
}

Config holds the proxy section of .humanconfig.yaml.

func LoadConfig 

func LoadConfig(dir string) (*Config, error)

LoadConfig reads the proxy configuration from .humanconfig.yaml in dir. Returns (nil, nil) when the proxy section is absent.

type Decider 

type Decider interface {
	Allowed(hostname string) bool
}

Decider decides whether a given hostname is allowed to pass through the proxy.

type InteractiveDecider 

type InteractiveDecider struct {
	// contains filtered or unexported fields
}

InteractiveDecider wraps a base Decider and prompts the user for hostnames that the base does not allow. Decisions are cached for the session.

func NewInteractiveDecider 

func NewInteractiveDecider(base Decider, prompt PromptFunc) *InteractiveDecider

NewInteractiveDecider creates an InteractiveDecider that falls through to prompt for hostnames not allowed by base.

func (*InteractiveDecider) Allowed 

func (d *InteractiveDecider) Allowed(hostname string) bool

Allowed returns true if the hostname is permitted. Hostnames allowed by the base decider pass through immediately. Unknown hostnames trigger a prompt; the result is cached for subsequent calls.

type Mode 

type Mode string

Mode determines whether the domain list is an allowlist or blocklist. 

const (
	ModeAllow Mode = "allowlist"
	ModeBlock Mode = "blocklist"
)

type Policy 

type Policy struct {
	// contains filtered or unexported fields
}

Policy decides whether a given hostname is allowed to pass through the proxy.

func BlockAllPolicy 

func BlockAllPolicy() *Policy

BlockAllPolicy returns a policy that blocks every hostname.

func NewPolicy 

func NewPolicy(mode Mode, domains []string) (*Policy, error)

NewPolicy creates a policy from a mode and domain list.

func (*Policy) Allowed 

func (p *Policy) Allowed(hostname string) bool

Allowed reports whether hostname is permitted by this policy.

type PromptFunc 

type PromptFunc func(hostname string) (bool, error)

PromptFunc asks the user whether a hostname should be allowed. It returns true to allow, false to deny.

func NewTerminalPrompt 

func NewTerminalPrompt(in io.Reader, out io.Writer) PromptFunc

NewTerminalPrompt returns a PromptFunc that asks the user via the terminal. It serialises I/O with its own mutex so that concurrent prompts don't interleave on the terminal.

type Server 

type Server struct {
	Addr   string
	Policy Decider
	Logger zerolog.Logger
	// Dialer connects to upstream servers. Injected for testing.
	Dialer func(ctx context.Context, network, address string) (net.Conn, error)
	// contains filtered or unexported fields
}

Server is a transparent HTTPS proxy that reads the SNI from TLS ClientHello to block/allow domains without decrypting traffic.

func (*Server) ActiveConns added in v0.14.0 

func (s *Server) ActiveConns() int64

ActiveConns returns the number of currently active forwarded connections.

func (*Server) ListenAndServe 

func (s *Server) ListenAndServe(ctx context.Context) error

ListenAndServe starts the TCP listener and blocks until ctx is cancelled.

type Stats added in v0.14.0 

type Stats struct {
	ActiveConns int64 `json:"active_conns"`
}

Stats holds proxy runtime metrics written by the daemon and read by the TUI.

func ReadStats added in v0.14.0 

func ReadStats(path string) Stats

ReadStats reads proxy stats from path. Returns zero stats on any error.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.