feat: Support enabling proxy when adding nodes

Author: ssongliu

core/utils/cloud_storage/sftp.go

@@ -0,0 +1,93 @@
+package ssh
+
+import (
+	"bufio"
+	"bytes"
+	"crypto/tls"
+	"encoding/base64"
+	"fmt"
+	"net"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type HTTPProxyDialer struct {
+	ProxyURL  *url.URL
+	Timeout   time.Duration
+	TLSConfig *tls.Config
+}
+
+func NewHTTPProxyDialer(proxyURL string) (*HTTPProxyDialer, error) {
+	parsedURL, err := url.Parse(proxyURL)
+	if err != nil {
+		return nil, err
+	}
+
+	return &HTTPProxyDialer{
+		ProxyURL:  parsedURL,
+		Timeout:   30 * time.Second,
+		TLSConfig: &tls.Config{InsecureSkipVerify: false},
+	}, nil
+}
+
+func (d *HTTPProxyDialer) Dial(network, addr string) (net.Conn, error) {
+	var conn net.Conn
+	var err error
+
+	if d.ProxyURL.Scheme == "https" {
+		conn, err = tls.DialWithDialer(
+			&net.Dialer{Timeout: d.Timeout},
+			"tcp",
+			d.ProxyURL.Host,
+			d.TLSConfig,
+		)
+	} else {
+		conn, err = net.DialTimeout("tcp", d.ProxyURL.Host, d.Timeout)
+	}
+	if err != nil {
+		return nil, err
+	}
+	conn.SetDeadline(time.Now().Add(d.Timeout))
+	connectReq := &bytes.Buffer{}
+
+	if d.ProxyURL.User != nil {
+		password, _ := d.ProxyURL.User.Password()
+		auth := base64.StdEncoding.EncodeToString(
+			[]byte(d.ProxyURL.User.Username() + ":" + password),
+		)
+		fmt.Fprintf(connectReq, "Proxy-Authorization: Basic %s\r\n", auth)
+	}
+	fmt.Fprintf(connectReq, "Proxy-Connection: Keep-Alive\r\n")
+	fmt.Fprintf(connectReq, "User-Agent: Go-HTTP-Proxy-Client\r\n")
+	fmt.Fprintf(connectReq, "\r\n")
+
+	if _, err := conn.Write(connectReq.Bytes()); err != nil {
+		conn.Close()
+		return nil, err
+	}
+	reader := bufio.NewReader(conn)
+	response, err := reader.ReadString('\n')
+	if err != nil {
+		conn.Close()
+		return nil, err
+	}
+	if !strings.HasPrefix(response, "HTTP/1.1 200") &&
+		!strings.HasPrefix(response, "HTTP/1.0 200") {
+		conn.Close()
+		return nil, fmt.Errorf("proxy connection failed: %s", strings.TrimSpace(response))
+	}
+	for {
+		line, err := reader.ReadString('\n')
+		if err != nil {
+			conn.Close()
+			return nil, err
+		}
+		if line == "\r\n" || line == "\n" {
+			break
+		}
+	}
+	conn.SetDeadline(time.Time{})
+
+	return conn, nil
+}

core/utils/ssh/http.go

@@ -8,18 +8,23 @@ import (
 	"strings"
 	"time"
 
+	"github.com/1Panel-dev/1Panel/core/app/repo"
 	"github.com/1Panel-dev/1Panel/core/global"
+	"github.com/1Panel-dev/1Panel/core/utils/encrypt"
 	gossh "golang.org/x/crypto/ssh"
+	"golang.org/x/net/proxy"
 )
 
 type ConnInfo struct {
-	User        string        `json:"user"`
-	Addr        string        `json:"addr"`
-	Port        int           `json:"port"`
-	AuthMode    string        `json:"authMode"`
-	Password    string        `json:"password"`
-	PrivateKey  []byte        `json:"privateKey"`
-	PassPhrase  []byte        `json:"passPhrase"`
+	User       string `json:"user"`
+	Addr       string `json:"addr"`
+	Port       int    `json:"port"`
+	AuthMode   string `json:"authMode"`
+	Password   string `json:"password"`
+	PrivateKey []byte `json:"privateKey"`
+	PassPhrase []byte `json:"passPhrase"`
+
+	UseProxy    bool          `json:"useProxy"`
 	DialTimeOut time.Duration `json:"dialTimeOut"`
 }
 
@@ -52,7 +57,7 @@ func NewClient(c ConnInfo) (*SSHClient, error) {
 	if strings.Contains(c.Addr, ":") {
 		proto = "tcp6"
 	}
-	client, err := DialWithTimeout(proto, addr, config)
+	client, err := DialWithTimeout(proto, addr, c.UseProxy, config)
 	if nil != err {
 		return nil, err
 	}
@@ -240,10 +245,13 @@ func (c *SSHClient) RunWithStreamOutput(command string, outputCallback func(stri
 	return err
 }
 
-func DialWithTimeout(network, addr string, config *gossh.ClientConfig) (*gossh.Client, error) {
-	conn, err := net.DialTimeout(network, addr, config.Timeout)
-	if err != nil {
-		return nil, err
+func DialWithTimeout(network, addr string, useProxy bool, config *gossh.ClientConfig) (*gossh.Client, error) {
+	var conn net.Conn
+	var err error
+	if useProxy {
+		conn, err = loadSSHConnByProxy(network, addr, config.Timeout)
+	} else {
+		conn, err = net.DialTimeout(network, addr, config.Timeout)
 	}
 	_ = conn.SetDeadline(time.Now().Add(config.Timeout))
 	c, chans, reqs, err := gossh.NewClientConn(conn, addr, config)
@@ -256,3 +264,54 @@ func DialWithTimeout(network, addr string, config *gossh.ClientConfig) (*gossh.C
 	}
 	return gossh.NewClient(c, chans, reqs), nil
 }
+
+func loadSSHConnByProxy(network, addr string, timeout time.Duration) (net.Conn, error) {
+	settingRepo := repo.NewISettingRepo()
+	proxyType, err := settingRepo.Get(repo.WithByKey("ProxyType"))
+	if err != nil {
+		return nil, fmt.Errorf("get proxy type from db failed, err: %v", err)
+	}
+	if len(proxyType.Value) == 0 {
+		return nil, fmt.Errorf("get proxy type from db failed, err: %v", err)
+	}
+	proxyUrl, _ := settingRepo.Get(repo.WithByKey("ProxyUrl"))
+	port, _ := settingRepo.Get(repo.WithByKey("ProxyPort"))
+	user, _ := settingRepo.Get(repo.WithByKey("ProxyUser"))
+	passwd, _ := settingRepo.Get(repo.WithByKey("ProxyPasswd"))
+
+	pass, _ := encrypt.StringDecrypt(passwd.Value)
+	proxyItem := fmt.Sprintf("%s:%s", proxyUrl.Value, port.Value)
+	switch proxyType.Value {
+	case "http", "https":
+		proxyURL := fmt.Sprintf("%s://%s:%s@%s:%s", proxyType.Value, user.Value, pass, proxyUrl.Value, port.Value)
+		proxyDialer, err := NewHTTPProxyDialer(proxyURL)
+		if err != nil {
+			return nil, fmt.Errorf("failed to create proxy dialer: %w", err)
+		}
+		return proxyDialer.Dial(network, addr)
+	case "socks5":
+		var auth *proxy.Auth
+		if len(user.Value) == 0 {
+			auth = nil
+		} else {
+			auth = &proxy.Auth{
+				User:     user.Value,
+				Password: pass,
+			}
+		}
+		dialer, err := proxy.SOCKS5("tcp", proxyItem, auth, &net.Dialer{
+			Timeout:   30 * time.Second,
+			KeepAlive: 30 * time.Second,
+		})
+		if err != nil {
+			return nil, fmt.Errorf("new socks5 proxy failed, err: %v", err)
+		}
+		return dialer.Dial(network, addr)
+	default:
+		conn, err := net.DialTimeout(network, addr, timeout)
+		if err != nil {
+			return nil, err
+		}
+		return conn, nil
+	}
+}