Allow base64url encoding of SOCKS password-smuggled metadata

We're getting a bit silly here, but this should make it very widely
compatible so it's super easy to use this metadata basically anywhere
(at the cost of reducing the max length, since b64 encoding this is not
very efficient).

Author: pimterry

src/server/socks-server.ts

@@ -296,10 +296,15 @@ async function handleUsernamePasswordMetadata(socket: net.Socket) {
         return false;
     }
 
-    const passwordString = password.toString('utf8');
     let metadataJson: any = {};
     try {
-        metadataJson = JSON.parse(passwordString);
+        // Base64'd json always starts with 'e' (typically eyI), so we can use this fairly
+        // reliably to detect base64 (and definitely exclude valid object JSON encoding).
+        const decoded = password[0] === 'e'.charCodeAt(0)
+            ? Buffer.from(password.toString('utf8'), 'base64url').toString('utf8')
+            : password.toString('utf8');
+
+        metadataJson = JSON.parse(decoded);
     } catch (e) {
         socket.end(Buffer.from([
             0x05,

test/integration/proxying/socks-proxying.spec.ts

@@ -269,6 +269,25 @@ nodeOnly(() => {
                 expect(responseData.tags).to.deep.equal(['socket-metadata:response-test-tag']);
             });
 
+            it("should accept and use username/password base64 metadata SOCKSv5 connections", async () => {
+                const responseEventDeferred = getDeferred<CompletedResponse>();
+                await server.on('response', (res) => responseEventDeferred.resolve(res));
+
+                const socksSocket = await openSocksSocket(server, '127.0.0.1', remoteServer.port, {
+                    type: 5,
+                    userId: "mockttp-metadata",
+                    password: Buffer.from(
+                        JSON.stringify({ tags: ['base64d-test-tag'] })
+                    ).toString('base64url')
+                });
+
+                const response = await h1RequestOverSocket(socksSocket, remoteServer.url);
+                expect(response.statusCode).to.equal(200);
+
+                const responseData = await responseEventDeferred;
+                expect(responseData.tags).to.deep.equal(['socket-metadata:base64d-test-tag']);
+            });
+
             it("to reject username/password auth with unparseable JSON metadata", async () => {
                 try {
                     await openSocksSocket(server, '127.0.0.1', remoteServer.port, {