From 7c401920bb580f1ecf816e47e81257d1aaf39491 Mon Sep 17 00:00:00 2001 From: Vladislav Yarmak Date: Fri, 10 Oct 2025 15:25:12 +0300 Subject: [PATCH 1/2] API proxy feature --- main.go | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/main.go b/main.go index 996842b..b7872e2 100644 --- a/main.go +++ b/main.go @@ -114,6 +114,7 @@ type CLIArgs struct { apiClientType string apiClientVersion string apiUserAgent string + apiProxy string bootstrapDNS *CSVArg refresh time.Duration refreshRetry time.Duration @@ -164,6 +165,7 @@ func parse_args() *CLIArgs { flag.StringVar(&args.apiLogin, "api-login", "se0316", "SurfEasy API login") flag.StringVar(&args.apiPassword, "api-password", "SILrMEPBmJuhomxWkfm3JalqHX2Eheg1YhlEZiMh8II", "SurfEasy API password") flag.StringVar(&args.apiAddress, "api-address", "", fmt.Sprintf("override IP address of %s", API_DOMAIN)) + flag.StringVar(&args.apiProxy, "api-proxy", "", "additional proxy server used to access SurfEasy API") flag.Var(args.bootstrapDNS, "bootstrap-dns", "comma-separated list of DNS/DoH/DoT resolvers for initial discovery of SurfEasy API address. "+ "Supported schemes are: dns://, https://, tls://, tcp://. "+ @@ -241,9 +243,9 @@ func run() int { } } + xproxy.RegisterDialerType("http", proxyFromURLWrapper) + xproxy.RegisterDialerType("https", proxyFromURLWrapper) if args.proxy != "" { - xproxy.RegisterDialerType("http", proxyFromURLWrapper) - xproxy.RegisterDialerType("https", proxyFromURLWrapper) proxyURL, err := url.Parse(args.proxy) if err != nil { mainLogger.Critical("Unable to parse base proxy URL: %v", err) @@ -258,16 +260,29 @@ func run() int { } seclientDialer := d + if args.apiProxy != "" { + apiProxyURL, err := url.Parse(args.apiProxy) + if err != nil { + mainLogger.Critical("Unable to parse base proxy URL: %v", err) + return 6 + } + pxDialer, err := xproxy.FromURL(apiProxyURL, seclientDialer) + if err != nil { + mainLogger.Critical("Unable to instantiate base proxy dialer: %v", err) + return 7 + } + seclientDialer = pxDialer.(dialer.ContextDialer) + } if args.apiAddress != "" { mainLogger.Info("Using fixed API host address = %s", args.apiAddress) - seclientDialer = dialer.NewFixedDialer(args.apiAddress, d) + seclientDialer = dialer.NewFixedDialer(args.apiAddress, seclientDialer) } else if len(args.bootstrapDNS.values) > 0 { resolver, err := resolver.FastFromURLs(args.bootstrapDNS.values...) if err != nil { mainLogger.Critical("Unable to instantiate DNS resolver: %v", err) return 4 } - seclientDialer = dialer.NewResolvingDialer(resolver, d) + seclientDialer = dialer.NewResolvingDialer(resolver, seclientDialer) } // Dialing w/o SNI, receiving self-signed certificate, so skip verification. From eb056997baf6bf24ebc8bf33c0197cba6caf1750 Mon Sep 17 00:00:00 2001 From: Vladislav Yarmak Date: Fri, 10 Oct 2025 15:29:51 +0300 Subject: [PATCH 2/2] upd doc --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index ee338d3..ad84e28 100644 --- a/README.md +++ b/README.md @@ -94,6 +94,7 @@ eu3.sec-tunnel.com,77.111.244.22,443 | api-client-version | String | client version reported to SurfEasy API (default "Stable 114.0.5282.21") | | api-login | String | SurfEasy API login (default "se0316") | | api-password | String | SurfEasy API password (default "SILrMEPBmJuhomxWkfm3JalqHX2Eheg1YhlEZiMh8II") | +| api-proxy | String | additional proxy server used to access SurfEasy API | | api-user-agent | String | user agent reported to SurfEasy API (default "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/114.0.0.0") | | bind-address | String | proxy listen address (default "127.0.0.1:18080") | | bootstrap-dns | String | Comma-separated list of DNS/DoH/DoT resolvers for initial discovery of SurfEasy API address. Supported schemes are: `dns://`, `https://`, `tls://`, `tcp://`. Examples: `https://1.1.1.1/dns-query`, `tls://9.9.9.9:853` (default `https://1.1.1.3/dns-query,https://8.8.8.8/dns-query,https://dns.google/dns-query,https://security.cloudflare-dns.com/dns-query,https://fidelity.vm-0.com/q,https://wikimedia-dns.org/dns-query,https://dns.adguard-dns.com/dns-query,https://dns.quad9.net/dns-query,https://doh.cleanbrowsing.org/doh/adult-filter/`) |