outbound_test.go 8.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257
  1. package link
  2. import (
  3. "encoding/base64"
  4. "net/url"
  5. "strings"
  6. "testing"
  7. )
  8. func TestParseVmessLink(t *testing.T) {
  9. // vmess:// + base64 of:
  10. // {"v":"2","ps":"test","add":"1.2.3.4","port":443,"id":"uuid","aid":"0","net":"ws","type":"","host":"ex.com","path":"/","tls":"tls"}
  11. link := "vmess://eyJ2IjoiMiIsInBzIjoidGVzdCIsImFkZCI6IjEuMi4zLjQiLCJwb3J0Ijo0NDMsImlkIjoidXVpZCIsImFpZCI6IjAiLCJuZXQiOiJ3cyIsInR5cGUiOiIiLCJob3N0IjoiZXguY29tIiwicGF0aCI6Ii8iLCJ0bHMiOiJ0bHMifQ=="
  12. res, err := ParseLink(link)
  13. if err != nil {
  14. t.Fatalf("parse vmess: %v", err)
  15. }
  16. if res.Outbound["protocol"] != "vmess" {
  17. t.Errorf("expected vmess protocol, got %v", res.Outbound["protocol"])
  18. }
  19. if res.Outbound["tag"] != "test" {
  20. t.Errorf("expected tag 'test', got %v", res.Outbound["tag"])
  21. }
  22. }
  23. func TestParseVlessLink(t *testing.T) {
  24. link := "vless://[email protected]:443?type=ws&security=tls&path=/&host=ex.com#node1"
  25. res, err := ParseLink(link)
  26. if err != nil {
  27. t.Fatalf("parse vless: %v", err)
  28. }
  29. if res.Outbound["protocol"] != "vless" {
  30. t.Fatalf("bad protocol")
  31. }
  32. if res.Outbound["tag"] != "node1" {
  33. t.Errorf("tag mismatch: %v", res.Outbound["tag"])
  34. }
  35. }
  36. func TestParseVlessLink_FinalMaskQuicParamsSanitized(t *testing.T) {
  37. fm := url.QueryEscape(`{"mask":"dtls","quicParams":{"keepAlivePeriod":"10s","maxIdleTimeout":"30","initStreamReceiveWindow":524288,"maxIncomingStreams":true,"brutalUp":"100 mbps"}}`)
  38. res, err := ParseLink("vless://[email protected]:443?type=tcp&security=none&fm=" + fm + "#node1")
  39. if err != nil {
  40. t.Fatalf("parse vless with fm: %v", err)
  41. }
  42. stream, ok := res.Outbound["streamSettings"].(map[string]any)
  43. if !ok {
  44. t.Fatalf("missing streamSettings: %v", res.Outbound)
  45. }
  46. finalmask, ok := stream["finalmask"].(map[string]any)
  47. if !ok {
  48. t.Fatalf("missing finalmask: %v", stream)
  49. }
  50. if finalmask["mask"] != "dtls" {
  51. t.Errorf("mask changed: %v", finalmask["mask"])
  52. }
  53. qp, ok := finalmask["quicParams"].(map[string]any)
  54. if !ok {
  55. t.Fatalf("missing quicParams: %v", finalmask)
  56. }
  57. if got := qp["keepAlivePeriod"]; got != int64(10) {
  58. t.Errorf("keepAlivePeriod: expected 10, got %v (%T)", got, got)
  59. }
  60. if got := qp["maxIdleTimeout"]; got != int64(30) {
  61. t.Errorf("maxIdleTimeout: expected 30, got %v (%T)", got, got)
  62. }
  63. if got := qp["initStreamReceiveWindow"]; got != int64(524288) {
  64. t.Errorf("initStreamReceiveWindow: expected 524288, got %v (%T)", got, got)
  65. }
  66. if _, exists := qp["maxIncomingStreams"]; exists {
  67. t.Errorf("maxIncomingStreams should be dropped, got %v", qp["maxIncomingStreams"])
  68. }
  69. if got := qp["brutalUp"]; got != "100 mbps" {
  70. t.Errorf("brutalUp should stay a string, got %v (%T)", got, got)
  71. }
  72. }
  73. func TestSanitizeFinalMaskQuicParams_ClampsAndRejects(t *testing.T) {
  74. cases := []struct {
  75. name string
  76. key string
  77. in any
  78. want any
  79. }{
  80. {"infinite string dropped", "keepAlivePeriod", "inf", nil},
  81. {"nan string dropped", "keepAlivePeriod", "NaN", nil},
  82. {"negative dropped", "maxStreamReceiveWindow", float64(-5), nil},
  83. {"negative duration dropped", "keepAlivePeriod", "-10s", nil},
  84. {"absurd magnitude dropped", "initConnectionReceiveWindow", float64(1e30), nil},
  85. {"keepAlive clamped up", "keepAlivePeriod", "1s", int64(2)},
  86. {"keepAlive clamped down", "keepAlivePeriod", "90s", int64(60)},
  87. {"idle clamped up", "maxIdleTimeout", float64(1), int64(4)},
  88. {"idle clamped down", "maxIdleTimeout", "10m", int64(120)},
  89. {"streams clamped up", "maxIncomingStreams", float64(4), int64(8)},
  90. {"zero means unset and survives", "maxIdleTimeout", float64(0), int64(0)},
  91. {"window passes through", "initStreamReceiveWindow", float64(524288), int64(524288)},
  92. }
  93. for _, c := range cases {
  94. t.Run(c.name, func(t *testing.T) {
  95. parsed := map[string]any{"quicParams": map[string]any{c.key: c.in}}
  96. sanitizeFinalMaskQuicParams(parsed)
  97. qp := parsed["quicParams"].(map[string]any)
  98. got, exists := qp[c.key]
  99. if c.want == nil {
  100. if exists {
  101. t.Fatalf("%s: expected key dropped, got %v (%T)", c.key, got, got)
  102. }
  103. return
  104. }
  105. if !exists || got != c.want {
  106. t.Fatalf("%s: expected %v, got %v (%T)", c.key, c.want, got, got)
  107. }
  108. })
  109. }
  110. }
  111. func TestParseShadowsocks(t *testing.T) {
  112. modernUser := base64.StdEncoding.EncodeToString([]byte("aes-256-gcm:secretpass"))
  113. legacyBody := base64.StdEncoding.EncodeToString([]byte("aes-256-gcm:[email protected]:8388"))
  114. cases := []struct {
  115. name string
  116. link string
  117. host string
  118. port int
  119. method string
  120. pass string
  121. }{
  122. {
  123. name: "modern",
  124. link: "ss://" + modernUser + "@1.2.3.4:8388#node",
  125. host: "1.2.3.4",
  126. port: 8388,
  127. method: "aes-256-gcm",
  128. pass: "secretpass",
  129. },
  130. {
  131. name: "modern with plugin query",
  132. link: "ss://" + modernUser + "@1.2.3.4:8388?plugin=v2ray-plugin#node",
  133. host: "1.2.3.4",
  134. port: 8388,
  135. method: "aes-256-gcm",
  136. pass: "secretpass",
  137. },
  138. {
  139. name: "modern sip002 slash query",
  140. link: "ss://" + modernUser + "@1.2.3.4:8388/?plugin=obfs-local%3Bobfs%3Dhttp#node",
  141. host: "1.2.3.4",
  142. port: 8388,
  143. method: "aes-256-gcm",
  144. pass: "secretpass",
  145. },
  146. {
  147. name: "legacy",
  148. link: "ss://" + legacyBody + "#node",
  149. host: "1.2.3.4",
  150. port: 8388,
  151. method: "aes-256-gcm",
  152. pass: "secretpass",
  153. },
  154. {
  155. name: "base64url userinfo with plugin and trailing slash",
  156. link: "ss://" + base64.RawURLEncoding.EncodeToString([]byte("aes-128-gcm:pa+ss/word")) + "@1.2.3.4:8388/?plugin=obfs-local%3Bobfs%3Dhttp#node",
  157. host: "1.2.3.4",
  158. port: 8388,
  159. method: "aes-128-gcm",
  160. pass: "pa+ss/word",
  161. },
  162. {
  163. name: "sip022 percent-encoded userinfo",
  164. link: "ss://2022-blake3-aes-256-gcm:YctPZ6U7xPPcU%2Bgp3u%2B0tx%2FtRizJN9K8y%2BuKlW2qjlI%[email protected]:8888#Example3",
  165. host: "example.com",
  166. port: 8888,
  167. method: "2022-blake3-aes-256-gcm",
  168. pass: "YctPZ6U7xPPcU+gp3u+0tx/tRizJN9K8y+uKlW2qjlI=",
  169. },
  170. {
  171. name: "sip022 dual-key password with type query preserves inner colon",
  172. link: "ss://2022-blake3-aes-256-gcm:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA%3D:BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB%[email protected]:9999?type=tcp#node",
  173. host: "1.2.3.4",
  174. port: 9999,
  175. method: "2022-blake3-aes-256-gcm",
  176. pass: "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=:BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB=",
  177. },
  178. }
  179. for _, c := range cases {
  180. t.Run(c.name, func(t *testing.T) {
  181. res, err := ParseLink(c.link)
  182. if err != nil {
  183. t.Fatalf("parse ss: %v", err)
  184. }
  185. if res.Outbound["protocol"] != "shadowsocks" {
  186. t.Fatalf("protocol = %v, want shadowsocks", res.Outbound["protocol"])
  187. }
  188. srv := res.Outbound["settings"].(map[string]any)["servers"].([]any)[0].(map[string]any)
  189. if srv["address"] != c.host {
  190. t.Errorf("address = %v, want %v", srv["address"], c.host)
  191. }
  192. if srv["port"] != c.port {
  193. t.Errorf("port = %v, want %v", srv["port"], c.port)
  194. }
  195. if srv["method"] != c.method {
  196. t.Errorf("method = %v, want %v", srv["method"], c.method)
  197. }
  198. if srv["password"] != c.pass {
  199. t.Errorf("password = %v, want %v", srv["password"], c.pass)
  200. }
  201. })
  202. }
  203. }
  204. func TestParseShadowsocksBadPort(t *testing.T) {
  205. user := base64.StdEncoding.EncodeToString([]byte("aes-256-gcm:secretpass"))
  206. cases := map[string]string{
  207. "modern": "ss://" + user + "@1.2.3.4:notaport#node",
  208. "legacy": "ss://" + base64.StdEncoding.EncodeToString([]byte("aes-256-gcm:[email protected]:notaport")) + "#node",
  209. }
  210. for name, link := range cases {
  211. t.Run(name, func(t *testing.T) {
  212. if _, err := ParseLink(link); err == nil {
  213. t.Errorf("expected parse error for non-numeric port, got nil")
  214. }
  215. })
  216. }
  217. }
  218. func TestParseSubscriptionBody_Base64(t *testing.T) {
  219. // base64 of the two joined links:
  220. // vless://u@h:443?type=tcp#A\nvless://u2@h2:443?type=tcp#B
  221. b64 := "dmxlc3M6Ly91QGg6NDQzP3R5cGU9dGNwI0EKdmxlc3M6Ly91MkBoMjo0NDM/dHlwZT10Y3AjQg=="
  222. obs, ids, err := ParseSubscriptionBody([]byte(b64))
  223. if err != nil {
  224. t.Fatalf("parse sub body: %v", err)
  225. }
  226. if len(obs) != 2 {
  227. t.Fatalf("expected 2 outbounds, got %d", len(obs))
  228. }
  229. if !strings.HasPrefix(ids[0], "vless:") || !strings.HasPrefix(ids[1], "vless:") {
  230. t.Errorf("bad identities: %v", ids)
  231. }
  232. }
  233. func TestSlugAndSuggest(t *testing.T) {
  234. if SlugRemark("Hello World!") != "hello-world" {
  235. t.Errorf("slug failed")
  236. }
  237. tag := SuggestTag("hk-", " SG 01 !! ", 0)
  238. if tag != "hk-sg-01" {
  239. t.Errorf("suggest tag got %q", tag)
  240. }
  241. // Non-ASCII letters/digits are preserved rather than stripped.
  242. if got := SlugRemark("Москва 🇷🇺 01"); got != "москва-01" {
  243. t.Errorf("unicode slug got %q", got)
  244. }
  245. if got := SuggestTag("ru-", "Сервер 2", 0); got != "ru-сервер-2" {
  246. t.Errorf("unicode suggest tag got %q", got)
  247. }
  248. }