Feat: clarify VLESS encryption auth selection (#4271)

* feat(traffic_writer): enhance traffic writer with concurrency safety and state management

* Revert "feat(traffic_writer): enhance traffic writer with concurrency safety and state management"

This reverts commit e6760ae39629a592dec293197768f27ff0f5a578.

* feat(vless): clarify VLESS encryption auth selection and enhance parsing logic
This commit is contained in:
Farhad H. P. Shirvan
2026-05-12 11:39:28 +02:00
committed by GitHub
parent d86e87ed30
commit fdaa65ad7e
4 changed files with 151 additions and 17 deletions
+26 -6
View File
@@ -1275,7 +1275,13 @@ func (s *ServerService) GetNewVlessEnc() (any, error) {
return nil, err
}
lines := strings.Split(out.String(), "\n")
return map[string]any{
"auths": parseVlessEncAuths(out.String()),
}, nil
}
func parseVlessEncAuths(output string) []map[string]string {
lines := strings.Split(output, "\n")
var auths []map[string]string
var current map[string]string
@@ -1285,14 +1291,18 @@ func (s *ServerService) GetNewVlessEnc() (any, error) {
if current != nil {
auths = append(auths, current)
}
label := strings.TrimSpace(strings.TrimPrefix(line, "Authentication:"))
current = map[string]string{
"label": strings.TrimSpace(strings.TrimPrefix(line, "Authentication:")),
"id": vlessEncAuthID(label),
"label": label,
}
} else if strings.HasPrefix(line, `"decryption"`) || strings.HasPrefix(line, `"encryption"`) {
parts := strings.SplitN(line, ":", 2)
if len(parts) == 2 && current != nil {
key := strings.Trim(parts[0], `" `)
val := strings.Trim(parts[1], `" `)
val := strings.TrimSpace(parts[1])
val = strings.TrimSuffix(val, ",")
val = strings.Trim(val, `" `)
current[key] = val
}
}
@@ -1302,9 +1312,19 @@ func (s *ServerService) GetNewVlessEnc() (any, error) {
auths = append(auths, current)
}
return map[string]any{
"auths": auths,
}, nil
return auths
}
func vlessEncAuthID(label string) string {
normalized := strings.NewReplacer("-", "", "_", "", " ", "").Replace(strings.ToLower(label))
switch {
case strings.Contains(normalized, "mlkem768"):
return "mlkem768"
case strings.Contains(normalized, "x25519"):
return "x25519"
default:
return normalized
}
}
func (s *ServerService) GetNewUUID() (map[string]string, error) {
+82
View File
@@ -0,0 +1,82 @@
package service
import "testing"
func TestParseVlessEncAuthsAddsStableIDs(t *testing.T) {
output := `
Authentication: X25519, not Post-Quantum
{
"decryption": "mlkem768x25519plus.native.600s.server-x25519",
"encryption": "mlkem768x25519plus.native.0rtt.client-x25519"
}
Authentication: ML-KEM-768, Post-Quantum
{
"decryption": "mlkem768x25519plus.native.600s.server-mlkem",
"encryption": "mlkem768x25519plus.native.0rtt.client-mlkem"
}
`
auths := parseVlessEncAuths(output)
if len(auths) != 2 {
t.Fatalf("expected 2 auth blocks, got %d", len(auths))
}
tests := []struct {
index int
id string
label string
decryption string
encryption string
}{
{
index: 0,
id: "x25519",
label: "X25519, not Post-Quantum",
decryption: "mlkem768x25519plus.native.600s.server-x25519",
encryption: "mlkem768x25519plus.native.0rtt.client-x25519",
},
{
index: 1,
id: "mlkem768",
label: "ML-KEM-768, Post-Quantum",
decryption: "mlkem768x25519plus.native.600s.server-mlkem",
encryption: "mlkem768x25519plus.native.0rtt.client-mlkem",
},
}
for _, test := range tests {
auth := auths[test.index]
if auth["id"] != test.id {
t.Errorf("auth[%d] id = %q, want %q", test.index, auth["id"], test.id)
}
if auth["label"] != test.label {
t.Errorf("auth[%d] label = %q, want %q", test.index, auth["label"], test.label)
}
if auth["decryption"] != test.decryption {
t.Errorf("auth[%d] decryption = %q, want %q", test.index, auth["decryption"], test.decryption)
}
if auth["encryption"] != test.encryption {
t.Errorf("auth[%d] encryption = %q, want %q", test.index, auth["encryption"], test.encryption)
}
}
}
func TestParseVlessEncAuthsHandlesMissingTrailingComma(t *testing.T) {
output := `
Authentication: X25519, not Post-Quantum
"decryption": "server"
"encryption": "client"
`
auths := parseVlessEncAuths(output)
if len(auths) != 1 {
t.Fatalf("expected 1 auth block, got %d", len(auths))
}
if auths[0]["decryption"] != "server" {
t.Fatalf("decryption = %q, want server", auths[0]["decryption"])
}
if auths[0]["encryption"] != "client" {
t.Fatalf("encryption = %q, want client", auths[0]["encryption"])
}
}