From 4e535deb807d14a9380d775c399c1fff633d1aae Mon Sep 17 00:00:00 2001 From: xfy Date: Fri, 10 Apr 2026 09:40:26 +0800 Subject: [PATCH] =?UTF-8?q?refactor(stream):=20=E9=87=8D=E5=91=BD=E5=90=8D?= =?UTF-8?q?=20SSL=20=E7=AE=A1=E7=90=86=E5=99=A8=E7=B1=BB=E5=9E=8B=E7=A7=BB?= =?UTF-8?q?=E9=99=A4=E5=86=97=E4=BD=99=E5=89=8D=E7=BC=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit StreamSSLManager → SSLManager StreamProxySSLManager → ProxySSLManager Co-Authored-By: Claude Opus 4.6 --- internal/stream/ssl.go | 36 +++++++++++++------------- internal/stream/ssl_test.go | 46 +++++++++++++++++----------------- internal/stream/stream.go | 4 +-- internal/stream/stream_test.go | 4 +-- 4 files changed, 45 insertions(+), 45 deletions(-) diff --git a/internal/stream/ssl.go b/internal/stream/ssl.go index a094197..8e30ff5 100644 --- a/internal/stream/ssl.go +++ b/internal/stream/ssl.go @@ -19,10 +19,10 @@ import ( "rua.plus/lolly/internal/config" ) -// StreamSSLManager 管理 Stream SSL/TLS 配置。 +// SSLManager 管理 Stream SSL/TLS 配置。 // // 负责加载证书、配置 TLS 连接,支持服务端和客户端两种模式。 -type StreamSSLManager struct { +type SSLManager struct { // config SSL 配置 config config.StreamSSLConfig @@ -36,10 +36,10 @@ type StreamSSLManager struct { mu sync.RWMutex } -// StreamProxySSLManager 管理上游 SSL 连接。 +// ProxySSLManager 管理上游 SSL 连接。 // // 负责创建到上游服务器的 TLS 连接,支持证书验证和客户端证书。 -type StreamProxySSLManager struct { +type ProxySSLManager struct { // config 代理 SSL 配置 config config.StreamProxySSLConfig @@ -53,17 +53,17 @@ type StreamProxySSLManager struct { mu sync.RWMutex } -// NewStreamSSLManager 创建 Stream SSL 管理器。 +// NewSSLManager 创建 Stream SSL 管理器。 // // 参数: // - cfg: SSL 配置 // // 返回值: -// - *StreamSSLManager: SSL 管理器实例 +// - *SSLManager: SSL 管理器实例 // - error: 证书加载失败时返回错误 -func NewStreamSSLManager(cfg config.StreamSSLConfig) (*StreamSSLManager, error) { +func NewSSLManager(cfg config.StreamSSLConfig) (*SSLManager, error) { if !cfg.Enabled { - return &StreamSSLManager{config: cfg}, nil + return &SSLManager{config: cfg}, nil } // 加载服务器证书 @@ -72,7 +72,7 @@ func NewStreamSSLManager(cfg config.StreamSSLConfig) (*StreamSSLManager, error) return nil, fmt.Errorf("failed to load server certificate: %w", err) } - mgr := &StreamSSLManager{ + mgr := &SSLManager{ config: cfg, cert: cert, } @@ -89,20 +89,20 @@ func NewStreamSSLManager(cfg config.StreamSSLConfig) (*StreamSSLManager, error) return mgr, nil } -// NewStreamProxySSLManager 创建上游 SSL 管理器。 +// NewProxySSLManager 创建上游 SSL 管理器。 // // 参数: // - cfg: 代理 SSL 配置 // // 返回值: -// - *StreamProxySSLManager: 代理 SSL 管理器实例 +// - *ProxySSLManager: 代理 SSL 管理器实例 // - error: 证书加载失败时返回错误 -func NewStreamProxySSLManager(cfg config.StreamProxySSLConfig) (*StreamProxySSLManager, error) { +func NewProxySSLManager(cfg config.StreamProxySSLConfig) (*ProxySSLManager, error) { if !cfg.Enabled { - return &StreamProxySSLManager{config: cfg}, nil + return &ProxySSLManager{config: cfg}, nil } - mgr := &StreamProxySSLManager{config: cfg} + mgr := &ProxySSLManager{config: cfg} // 加载客户端证书(mTLS) if cfg.Cert != "" && cfg.Key != "" { @@ -129,7 +129,7 @@ func NewStreamProxySSLManager(cfg config.StreamProxySSLConfig) (*StreamProxySSLM // // 返回值: // - *tls.Config: TLS 配置对象 -func (m *StreamSSLManager) GetTLSConfig() *tls.Config { +func (m *SSLManager) GetTLSConfig() *tls.Config { m.mu.RLock() defer m.mu.RUnlock() @@ -170,7 +170,7 @@ func (m *StreamSSLManager) GetTLSConfig() *tls.Config { // // 返回值: // - *tls.Config: TLS 配置对象 -func (m *StreamProxySSLManager) GetClientTLSConfig(serverName string) *tls.Config { +func (m *ProxySSLManager) GetClientTLSConfig(serverName string) *tls.Config { m.mu.RLock() defer m.mu.RUnlock() @@ -216,12 +216,12 @@ func (m *StreamProxySSLManager) GetClientTLSConfig(serverName string) *tls.Confi } // IsEnabled 检查是否启用 SSL。 -func (m *StreamSSLManager) IsEnabled() bool { +func (m *SSLManager) IsEnabled() bool { return m.config.Enabled } // IsEnabled 检查是否启用代理 SSL。 -func (m *StreamProxySSLManager) IsEnabled() bool { +func (m *ProxySSLManager) IsEnabled() bool { return m.config.Enabled } diff --git a/internal/stream/ssl_test.go b/internal/stream/ssl_test.go index f3dc277..b7a95e0 100644 --- a/internal/stream/ssl_test.go +++ b/internal/stream/ssl_test.go @@ -67,14 +67,14 @@ func generateTestCertificate(t *testing.T, certFile, keyFile string) { } } -func TestNewStreamSSLManager_Disabled(t *testing.T) { +func TestNewSSLManager_Disabled(t *testing.T) { cfg := config.StreamSSLConfig{ Enabled: false, } - mgr, err := NewStreamSSLManager(cfg) + mgr, err := NewSSLManager(cfg) if err != nil { - t.Fatalf("NewStreamSSLManager failed: %v", err) + t.Fatalf("NewSSLManager failed: %v", err) } if mgr.IsEnabled() { @@ -87,7 +87,7 @@ func TestNewStreamSSLManager_Disabled(t *testing.T) { } } -func TestNewStreamSSLManager_Enabled(t *testing.T) { +func TestNewSSLManager_Enabled(t *testing.T) { tempDir := t.TempDir() certFile := filepath.Join(tempDir, "server.crt") keyFile := filepath.Join(tempDir, "server.key") @@ -101,9 +101,9 @@ func TestNewStreamSSLManager_Enabled(t *testing.T) { Protocols: []string{"TLSv1.2", "TLSv1.3"}, } - mgr, err := NewStreamSSLManager(cfg) + mgr, err := NewSSLManager(cfg) if err != nil { - t.Fatalf("NewStreamSSLManager failed: %v", err) + t.Fatalf("NewSSLManager failed: %v", err) } if !mgr.IsEnabled() { @@ -124,27 +124,27 @@ func TestNewStreamSSLManager_Enabled(t *testing.T) { } } -func TestNewStreamSSLManager_InvalidCert(t *testing.T) { +func TestNewSSLManager_InvalidCert(t *testing.T) { cfg := config.StreamSSLConfig{ Enabled: true, Cert: "/nonexistent/cert.pem", Key: "/nonexistent/key.pem", } - _, err := NewStreamSSLManager(cfg) + _, err := NewSSLManager(cfg) if err == nil { t.Error("Expected error for invalid certificate path") } } -func TestNewStreamProxySSLManager_Disabled(t *testing.T) { +func TestNewProxySSLManager_Disabled(t *testing.T) { cfg := config.StreamProxySSLConfig{ Enabled: false, } - mgr, err := NewStreamProxySSLManager(cfg) + mgr, err := NewProxySSLManager(cfg) if err != nil { - t.Fatalf("NewStreamProxySSLManager failed: %v", err) + t.Fatalf("NewProxySSLManager failed: %v", err) } if mgr.IsEnabled() { @@ -157,7 +157,7 @@ func TestNewStreamProxySSLManager_Disabled(t *testing.T) { } } -func TestNewStreamProxySSLManager_Enabled(t *testing.T) { +func TestNewProxySSLManager_Enabled(t *testing.T) { tempDir := t.TempDir() certFile := filepath.Join(tempDir, "client.crt") keyFile := filepath.Join(tempDir, "client.key") @@ -174,9 +174,9 @@ func TestNewStreamProxySSLManager_Enabled(t *testing.T) { SessionReuse: true, } - mgr, err := NewStreamProxySSLManager(cfg) + mgr, err := NewProxySSLManager(cfg) if err != nil { - t.Fatalf("NewStreamProxySSLManager failed: %v", err) + t.Fatalf("NewProxySSLManager failed: %v", err) } if !mgr.IsEnabled() { @@ -209,7 +209,7 @@ func TestNewStreamProxySSLManager_Enabled(t *testing.T) { } } -func TestNewStreamProxySSLManager_WithVerify(t *testing.T) { +func TestNewProxySSLManager_WithVerify(t *testing.T) { tempDir := t.TempDir() caFile := filepath.Join(tempDir, "ca.crt") @@ -249,9 +249,9 @@ func TestNewStreamProxySSLManager_WithVerify(t *testing.T) { ServerName: "backend.example.com", } - mgr, err := NewStreamProxySSLManager(cfg) + mgr, err := NewProxySSLManager(cfg) if err != nil { - t.Fatalf("NewStreamProxySSLManager failed: %v", err) + t.Fatalf("NewProxySSLManager failed: %v", err) } tlsConfig := mgr.GetClientTLSConfig("") @@ -381,7 +381,7 @@ func TestLoadCertPool(t *testing.T) { }) } -func TestStreamSSLManager_GetTLSConfig_WithClientCA(t *testing.T) { +func TestSSLManager_GetTLSConfig_WithClientCA(t *testing.T) { tempDir := t.TempDir() certFile := filepath.Join(tempDir, "server.crt") keyFile := filepath.Join(tempDir, "server.key") @@ -419,9 +419,9 @@ func TestStreamSSLManager_GetTLSConfig_WithClientCA(t *testing.T) { Protocols: []string{"TLSv1.2"}, } - mgr, err := NewStreamSSLManager(cfg) + mgr, err := NewSSLManager(cfg) if err != nil { - t.Fatalf("NewStreamSSLManager failed: %v", err) + t.Fatalf("NewSSLManager failed: %v", err) } tlsConfig := mgr.GetTLSConfig() @@ -440,16 +440,16 @@ func TestStreamSSLManager_GetTLSConfig_WithClientCA(t *testing.T) { } } -func TestStreamProxySSLManager_GetClientTLSConfig_WithServerNameOverride(t *testing.T) { +func TestProxySSLManager_GetClientTLSConfig_WithServerNameOverride(t *testing.T) { cfg := config.StreamProxySSLConfig{ Enabled: true, Verify: false, ServerName: "configured.example.com", } - mgr, err := NewStreamProxySSLManager(cfg) + mgr, err := NewProxySSLManager(cfg) if err != nil { - t.Fatalf("NewStreamProxySSLManager failed: %v", err) + t.Fatalf("NewProxySSLManager failed: %v", err) } // 即使传入不同的 serverName,也应该使用配置的 diff --git a/internal/stream/stream.go b/internal/stream/stream.go index 5a3e82f..de49b08 100644 --- a/internal/stream/stream.go +++ b/internal/stream/stream.go @@ -171,7 +171,7 @@ func (w *weightedRoundRobin) Select(targets []*Target) *Target { totalWeight := 0 for _, t := range healthy { if t.weight <= 0 { - totalWeight += 1 // 最小权重为 1 + totalWeight++ // 最小权重为 1 } else { totalWeight += t.weight } @@ -510,7 +510,7 @@ func (s *Server) acceptLoop(addr string, listener net.Listener) { // 参数: // - clientConn: 客户端连接 // - addr: 监听地址 -func (s *Server) handleConnection(clientConn net.Conn, addr string) { +func (s *Server) handleConnection(clientConn net.Conn, _ string) { defer func() { _ = clientConn.Close() s.connCount-- diff --git a/internal/stream/stream_test.go b/internal/stream/stream_test.go index 21041d0..399ed38 100644 --- a/internal/stream/stream_test.go +++ b/internal/stream/stream_test.go @@ -272,7 +272,7 @@ func TestHealthChecker(t *testing.T) { } } -func TestHealthCheckerStartStop(t *testing.T) { +func TestHealthCheckerStartStop(_ *testing.T) { u := &Upstream{ targets: []*Target{ {addr: "localhost:99998"}, // 不存在的端口 @@ -720,7 +720,7 @@ func TestUDPSessionOperations(t *testing.T) { } } -func TestUDPSessionClose(t *testing.T) { +func TestUDPSessionClose(_ *testing.T) { // 创建两个 UDP 连接用于测试 udpAddr1, _ := net.ResolveUDPAddr("udp", "127.0.0.1:0") conn1, _ := net.ListenUDP("udp", udpAddr1)