Commit graph

1470 commits

Author SHA1 Message Date
fatedier
7fe152e3aa
web/frps: use API v2 for client and proxy details (#5386)
Some checks failed
golangci-lint / lint (push) Has been cancelled
2026-06-30 01:33:57 +08:00
fatedier
7c343fc6e7
web: bump esbuild to 0.28.1 and remove unused ElPopover type (#5385) 2026-06-29 23:21:22 +08:00
fatedier
a3b3b35b69
feat(ui): default proxies view to all tab (#5384) 2026-06-29 22:49:08 +08:00
fatedier
ae1c0504ec
feat(dashboard): add v2 client detail status (#5381)
Some checks failed
golangci-lint / lint (push) Has been cancelled
2026-06-26 21:15:30 +08:00
fatedier
393a533744
docs: add release note for duplicate config names (#5379)
Some checks failed
golangci-lint / lint (push) Has been cancelled
2026-06-24 15:03:22 +08:00
MAAZIZ Adel Ayoub
035889c360
fix(client): reject duplicate proxy and visitor names (#5378) 2026-06-24 13:37:29 +08:00
fatedier
940bde5c46
docs: update release notes (#5377)
Some checks are pending
golangci-lint / lint (push) Waiting to run
2026-06-23 17:06:16 +08:00
fatedier
14628df63c
test: cover tls2raw proxy protocol header (#5376)
Some checks are pending
golangci-lint / lint (push) Waiting to run
2026-06-23 00:04:38 +08:00
Shani Pathak
ba7adcab8f
fix(websocket): send tunnel payload as binary frames (#5363)
The ws/wss transport carries a raw byte stream (yamux), but the
golang.org/x/net/websocket Conn defaults to text frames (PayloadType
TextFrame). Per RFC 6455 §5.6 a text frame must contain valid UTF-8, so
RFC-compliant intermediaries (API gateways / reverse proxies) validate
the payload and close the connection when the binary tunnel data is not
valid UTF-8.

This goes unnoticed peer-to-peer because x/net/websocket does not
validate UTF-8 on read, but it breaks the connection through a compliant
validating proxy. Set PayloadType to BinaryFrame on both the server
listener and the client dialer so the tunnel is framed as binary.
2026-06-22 23:34:02 +08:00
kaixings
4cc826e236
fix(client): write proxy protocol header in tls2raw plugin (#5362)
Co-authored-by: futrobo <futrobo@163.com>
2026-06-22 23:08:50 +08:00
fatedier
54c6ccdfec
feat: remove proxies client filter (#5375) 2026-06-22 22:53:57 +08:00
fatedier
9bde0b07de
feat: paginate dashboard clients and proxies via API v2 (#5354)
Some checks failed
golangci-lint / lint (push) Has been cancelled
Move the frps dashboard Clients and Proxies views to the paginated
/api/v2/clients and /api/v2/proxies endpoints instead of fetching all
data at once, and extend server-side proxy search so the search box
keeps working under pagination.

Frontend:
- Add V2Envelope/V2Page types and getV2 HTTP helper to api/http.ts
- Add v2 paginated fetch functions to api/client.ts and api/proxy.ts
- Add ClientV2Info and ProxyV2Info types for v2 API responses
- Rewrite Clients.vue with server-side pagination, status/user search
  filtering, and ElPagination component
- Rewrite Proxies.vue with server-side pagination, type tabs, client
  dropdown filter, and a search box that passes q to the API
- Default page size 10, selectable sizes [10, 20, 50, 100]

Backend:
- Extend /api/v2/proxies q matching to also cover online proxy spec
  fields: TCP/UDP remotePort and HTTP/HTTPS/TCPMux customDomains and
  subdomain, so dashboard search no longer needs to scan every page
- Add controller_v2 tests for the new spec-field matching
2026-06-03 14:08:45 +08:00
fatedier
c6c545289c
fix: normalize web package lockfile (#5353)
Some checks are pending
golangci-lint / lint (push) Waiting to run
2026-06-02 13:39:37 +08:00
fatedier
503afe78b7 feat: add dashboard API v2 pagination endpoints (#5351)
Some checks are pending
golangci-lint / lint (push) Waiting to run
2026-06-01 20:09:25 +08:00
fatedier
9ea1d86f03
test: handle wire v2 compatibility baselines (#5349) 2026-06-01 17:52:57 +08:00
fatedier
ac3e82db4e Release v0.69.1 (#5348) 2026-06-01 16:22:34 +08:00
fatedier
0773938d70 feat: bridge mixed wire protocol SUDP payloads (#5347)
SUDP payload codec follows transport wireProtocol; same-protocol v1/v1 and v2/v2 keep raw join; only mixed proxy/visitor protocols use message-aware bridge; no new capability/selection field.
2026-06-01 16:22:34 +08:00
fatedier
9bacce22a2 feat: use wire v2 framing for XTCP NatHoleSid (#5343) 2026-06-01 16:22:34 +08:00
fatedier
7f8d68b666 feat: use wire v2 framing for UDP workConn payload (#5340) 2026-06-01 16:22:34 +08:00
fatedier
3e19ef9bfd
feat(ui): add xtcp tab to frps dashboard (#5322)
Some checks failed
golangci-lint / lint (push) Has been cancelled
2026-05-21 22:18:00 +08:00
fatedier
e20f974d61
feat(ui): add all proxies tab to frps dashboard (#5321)
Some checks are pending
golangci-lint / lint (push) Waiting to run
2026-05-20 16:20:58 +08:00
fatedier
a88e0e9a49
refactor: clean up code (#5308)
Some checks failed
golangci-lint / lint (push) Has been cancelled
2026-05-12 11:13:50 +08:00
霜冷长河
ad07d27914
fix: reset UDP read deadline on write activity to prevent idle timeout
Some checks are pending
golangci-lint / lint (push) Waiting to run
2026-05-11 20:23:39 +08:00
fatedier
8666e3643f
protocol: add AEAD encryption negotiation to v2 wire control channel (#5304)
Some checks failed
golangci-lint / lint (push) Has been cancelled
2026-05-06 10:43:47 +08:00
fatedier
57bb9e80fe
test/e2e: add compatibility test suite for wire protocol version negotiation (#5297) 2026-04-27 18:28:22 +08:00
fatedier
cef71fb949
plugin/http_proxy: fix fragmented CONNECT method detection and add read deadline (#5296) 2026-04-27 02:30:29 +08:00
fatedier
410c4861c4
update Release.md (#5295) 2026-04-27 01:31:10 +08:00
fatedier
e9464919d1
protocol: add v2 wire protocol with binary framing and capability negotiation (#5294) 2026-04-27 00:17:00 +08:00
fatedier
e8dfd6efcc
web/frpc: use static imports for proxy and visitor route components (#5286) 2026-04-14 01:18:31 +08:00
fatedier
a9a4416ecf
vhost/http: fix auth bypass when routeByHTTPUser is used with proxy-style requests (#5285) 2026-04-14 00:58:19 +08:00
fatedier
d667be7a0a
update architecture pic (#5270) 2026-03-30 03:22:35 +08:00
fatedier
31c3deb4f7
deps: bump golib to v0.6.0 (#5269) 2026-03-30 00:29:17 +08:00
fatedier
31e271939b
test/e2e: allocate dynamic ports outside whitelist ranges in server whitelist test (#5268) 2026-03-30 00:21:30 +08:00
fatedier
061c141756
update README.md (#5267) 2026-03-29 23:53:17 +08:00
cui
98ee1adb13
client: close TCP connection when fmux session creation fails (#5262)
If realConnect() succeeds but fmux.Client returns an error, the
connection was not assigned to the connector and would leak.
2026-03-29 23:16:00 +08:00
fatedier
76abeff881
ci: remove security vulnerability scan workflow (#5266) 2026-03-29 22:55:52 +08:00
Oleksandr Redko
c694b1f6a9
bump pion/stun to v3 to fix vulnerability (#5245) 2026-03-29 22:45:23 +08:00
fatedier
5ed02275da docker: copy shared web directory for npm workspace builds 2026-03-20 14:39:35 +08:00
fatedier
60c4f5d4bd ci: bump github actions to latest major versions (#5251) 2026-03-20 14:39:00 +08:00
fatedier
d20e384bf1
doc: add agent runbooks directory with release process (#5248)
* web: remove redundant SCSS and CSS files superseded by shared

* doc: add agent runbooks directory with release process
2026-03-20 13:52:12 +08:00
fatedier
c95dc9d88a
web: remove redundant SCSS and CSS files superseded by shared (#5247) 2026-03-20 13:08:18 +08:00
fatedier
38a71a6803
web/frps: redesign frps dashboard with sidebar nav, responsive layout, and shared component workspace (#5246) 2026-03-20 03:33:44 +08:00
fatedier
6cdef90113
web: bump dev dependencies in frpc and frps package-lock.json (#5239) 2026-03-16 23:22:42 +08:00
fatedier
85e8e2c830
web/frpc: redesign frpc dashboard with sidebar nav, proxy/visitor list and detail views (#5237) 2026-03-16 09:44:30 +08:00
fatedier
ff4ad2f907
auth/oidc: fix eager token fetch at startup, add validation and e2e tests (#5234) 2026-03-15 22:29:45 +08:00
Shani Pathak
94a631fe9c
auth/oidc: cache OIDC access token and refresh before expiry (#5175)
* auth/oidc: cache OIDC access token and refresh before expiry

- Use Config.TokenSource(ctx) once at init to create a persistent
  oauth2.TokenSource that caches the token and only refreshes on expiry
- Wrap with oauth2.ReuseTokenSourceWithExpiry for configurable early refresh
- Add tokenRefreshAdvanceDuration config option (default: 300s)
- Add unit test verifying token caching with mock HTTP server

* address review comments

* auth/oidc: fallback to per-request token fetch when expires_in is missing

When an OIDC provider omits the expires_in field, oauth2.ReuseTokenSource
treats the cached token as valid forever and never refreshes it. This causes
server-side OIDC verification to fail once the JWT's exp claim passes.

Add a nonCachingTokenSource fallback: after fetching the initial token, if
its Expiry is the zero value, swap the caching TokenSource for one that
fetches a fresh token on every request, preserving the old behavior for
providers that don't return expires_in.

* auth/oidc: fix gosec lint and add test for zero-expiry fallback

Suppress G101 false positive on test-only dummy token responses.
Add test to verify per-request token fetch when expires_in is missing.
Update caching test to account for eager initial token fetch.

* fix lint
2026-03-12 00:24:46 +08:00
fatedier
6b1be922e1
add AGENTS.md and CLAUDE.md, remove them from .gitignore (#5232) 2026-03-12 00:21:31 +08:00
fatedier
4f584f81d0
test/e2e: replace sleeps with event-driven waits in chaos/group/store tests (#5231)
* test/e2e: replace sleeps with event-driven waits in chaos/group/store tests

Replace 21 time.Sleep calls with deterministic waiting using
WaitForOutput, WaitForTCPReady, and a new WaitForTCPUnreachable helper.
Add CountOutput method for snapshot-based incremental log matching.

* test/e2e: validate interval and cap dial/sleep to remaining deadline in WaitForTCPUnreachable
2026-03-12 00:11:09 +08:00
fatedier
9669e1ca0c
test/e2e: replace RunProcesses client sleep with log-based proxy readiness detection (#5226)
* test/e2e: replace RunProcesses client sleep with log-based proxy readiness detection

Replace the fixed 1500ms sleep in RunProcesses with event-driven proxy
registration detection by monitoring frpc log output for "start proxy
success" messages.

Key changes:
- Add thread-safe SafeBuffer to replace bytes.Buffer in Process, enabling
  concurrent read/write of process output during execution
- Add Process.WaitForOutput() to poll process output for pattern matches
  with timeout and early exit on process termination
- Add waitForClientProxyReady() that uses config.LoadClientConfig() to
  extract proxy names, then waits for each proxy's success log
- For visitor-only clients (no deterministic readiness signal), fall back
  to the original sleep with elapsed time deducted

* test/e2e: use shared deadline for proxy readiness and fix doc comment

- Use a single deadline in waitForClientProxyReady so total wait across
  all proxies does not exceed the given timeout
- Fix WaitForOutput doc comment to accurately describe single pattern
  with count semantics
2026-03-09 22:28:23 +08:00
fatedier
48e8901466
test/e2e: optimize RunFrps/RunFrpc with process exit detection (#5225)
* test/e2e: optimize RunFrps/RunFrpc with process exit detection

Refactor Process to track subprocess lifecycle via a done channel,
replacing direct cmd.Wait() in Stop() to avoid double-Wait races.
RunFrps/RunFrpc now use select on the done channel instead of fixed
sleeps, allowing short-lived processes (verify, startup failures) to
return immediately while preserving existing timeout behavior for
long-running daemons.

* test/e2e: guard Process against double-Start and Stop-before-Start

Add started flag to prevent double-Start panics and allow Stop to
return immediately when the process was never started. Use sync.Once
for closing the done channel as defense-in-depth against double close.
2026-03-09 10:28:47 +08:00