Merge pull request #58 from clue-labs/auth-remote

clue · web-flow · commit f42f2db34627 · 2017-07-18T09:19:05.000+02:00
Pass full remote URI as parameter to authentication callback
diff --git a/README.md b/README.md
@@ -615,9 +615,15 @@ While this might seem complex at first, it actually provides a very simple way
 to handle simultanous connections in a non-blocking fashion and increases overall performance.
 
 ```PHP
-$server->setAuth(function ($username, $password) {
+$server->setAuth(function ($username, $password, $remote) {
     // either return a boolean success value right away
     // or use promises for delayed authentication
+
+    // $remote is a full URI à la socks5://user:pass@192.168.1.1:1234
+    // useful for logging or extracting parts, such as the remote IP
+    $ip = parse_url($remote, PHP_URL_HOST);
+
+    return ($username === 'root' && $ip === '127.0.0.1');
 });
 ```
 
diff --git a/src/Server.php b/src/Server.php
@@ -66,8 +66,8 @@ public function setAuth($auth)
             throw new UnexpectedValueException('Authentication requires SOCKS5. Consider using protocol version 5 or waive authentication');
         }
         // wrap authentication callback in order to cast its return value to a promise
-        $this->auth = function($username, $password) use ($auth) {
-            $ret = call_user_func($auth, $username, $password);
+        $this->auth = function($username, $password, $remote) use ($auth) {
+            $ret = call_user_func($auth, $username, $password, $remote);
             if ($ret instanceof PromiseInterface) {
                 return $ret;
             }
@@ -237,9 +237,17 @@ public function handleSocks5(ConnectionInterface $stream, $auth=null, StreamRead
                     return $reader->readByte()->then(function ($length) use ($reader) {
                         return $reader->readLength($length);
                     })->then(function ($password) use ($username, $auth, $stream) {
-                        // username and password known => authenticate
-                        // echo 'auth: ' . $username.' : ' . $password . PHP_EOL;
-                        return $auth($username, $password)->then(function () use ($stream, $username) {
+                        // username and password given => authenticate
+                        $remote = $stream->getRemoteAddress();
+                        if ($remote !== null) {
+                            // remove transport scheme and prefix socks5:// instead
+                            if (($pos = strpos($remote, '://')) !== false) {
+                                $remote = substr($remote, $pos + 3);
+                            }
+                            $remote = 'socks5://' . rawurlencode($username) . ':' . rawurlencode($password) . '@' . $remote;
+                        }
+
+                        return $auth($username, $password, $remote)->then(function () use ($stream, $username) {
                             // accept
                             $stream->emit('auth', array($username));
                             $stream->write(pack('C2', 0x01, 0x00));
diff --git a/tests/FunctionalTest.php b/tests/FunctionalTest.php
@@ -97,6 +97,40 @@ public function testConnectionAuthenticationFromUri()
         $this->assertResolveStream($this->client->connect('www.google.com:80'));
     }
 
+    public function testConnectionAuthenticationCallback()
+    {
+        $called = 0;
+        $that = $this;
+        $this->server->setAuth(function ($name, $pass, $remote) use ($that, &$called) {
+            ++$called;
+            $that->assertEquals('name', $name);
+            $that->assertEquals('pass', $pass);
+            $that->assertStringStartsWith('socks5://name:pass@127.0.0.1:', $remote);
+
+            return true;
+        });
+
+        $this->client = new Client('name:pass@127.0.0.1:' . $this->port, $this->connector);
+
+        $this->assertResolveStream($this->client->connect('www.google.com:80'));
+        $this->assertEquals(1, $called);
+    }
+
+    public function testConnectionAuthenticationCallbackWillNotBeInvokedIfClientsSendsNoAuth()
+    {
+        $called = 0;
+        $this->server->setAuth(function () use (&$called) {
+            ++$called;
+
+            return true;
+        });
+
+        $this->client = new Client('127.0.0.1:' . $this->port, $this->connector);
+
+        $this->assertRejectPromise($this->client->connect('www.google.com:80'));
+        $this->assertEquals(0, $called);
+    }
+
     public function testConnectionAuthenticationFromUriEncoded()
     {
         $this->server->setAuthArray(array('name' => 'p@ss:w0rd'));
