Merge e2b34fff62ba7c2e642b07e5d00d7525aaab1f03 into 62352c7ba5c4f783062f904949f2b5d7f1e3f7fc

.github/workflows/golangci-lint.yml

@@ -17,13 +17,13 @@ jobs:
     - uses: actions/checkout@v4
     - uses: actions/setup-go@v5
       with:
-        go-version: '1.22'
+        go-version: '1.23'
         cache: false
     - name: golangci-lint
       uses: golangci/golangci-lint-action@v4
       with:
         # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
-        version: v1.57
+        version: v1.61
 
         # Optional: golangci-lint command line arguments.
         # args: --issues-exit-code=0

.github/workflows/goreleaser.yml

@@ -15,7 +15,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: '1.22'
+          go-version: '1.23'
           
       - name: Make All
         run: |

.golangci.yml

@@ -1,5 +1,5 @@
 service:
-  golangci-lint-version: 1.57.x # use the fixed version to not introduce new linters unexpectedly
+  golangci-lint-version: 1.61.x # use the fixed version to not introduce new linters unexpectedly
 
 run:
   concurrency: 4
@@ -14,7 +14,7 @@ linters:
   enable:
   - unused
   - errcheck
-  - exportloopref
+  - copyloopvar
   - gocritic
   - gofumpt
   - goimports
@@ -90,6 +90,7 @@ linters-settings:
     - G402
     - G404
     - G501
+    - G115 # integer overflow conversion
 
 issues:
   # List of regexps of issue texts to exclude, empty list by default.

Release.md

@@ -1,5 +1,4 @@
 ### Features
 
 * The frpc visitor command-line parameter adds the `--server-user` option to specify the username of the server-side proxy to connect to.
-
-* Support multiple frpc instances with different subjects when using oidc authentication.
+* Support multiple frpc instances with different subjects when using oidc authentication.

client/proxy/proxy_wrapper.go

@@ -137,7 +137,7 @@ func (pw *Wrapper) SetRunningStatus(remoteAddr string, respErr string) error {
 		pw.Phase = ProxyPhaseStartErr
 		pw.Err = respErr
 		pw.lastStartErr = time.Now()
-		return fmt.Errorf(pw.Err)
+		return fmt.Errorf("%s", pw.Err)
 	}
 
 	if err := pw.pxy.Run(); err != nil {

conf/frpc_full_example.toml

@@ -327,7 +327,7 @@ requestHeaders.set.x-from-where = "frp"
 
 [[proxies]]
 name = "plugin_tls2raw"
-type = "https"
+type = "tcp"
 remotePort = 6008
 [proxies.plugin]
 type = "tls2raw"

dockerfiles/Dockerfile-for-frpc

@@ -1,4 +1,4 @@
-FROM golang:1.22 AS building
+FROM golang:1.23 AS building
 
 COPY . /building
 WORKDIR /building
@@ -7,6 +7,8 @@ RUN make frpc
 
 FROM alpine:3
 
+RUN apk add --no-cache tzdata
+
 COPY --from=building /building/bin/frpc /usr/bin/frpc
 
 ENTRYPOINT ["/usr/bin/frpc"]

dockerfiles/Dockerfile-for-frps

@@ -1,4 +1,4 @@
-FROM golang:1.22 AS building
+FROM golang:1.23 AS building
 
 COPY . /building
 WORKDIR /building
@@ -7,6 +7,8 @@ RUN make frps
 
 FROM alpine:3
 
+RUN apk add --no-cache tzdata
+
 COPY --from=building /building/bin/frps /usr/bin/frps
 
 ENTRYPOINT ["/usr/bin/frps"]

pkg/config/types/types.go

@@ -159,18 +159,18 @@ func NewPortsRangeSliceFromString(str string) ([]PortsRange, error) {
 			out = append(out, PortsRange{Single: int(singleNum)})
 		case 2:
 			// range numbers
-			min, err := strconv.ParseInt(strings.TrimSpace(numArray[0]), 10, 64)
+			minNum, err := strconv.ParseInt(strings.TrimSpace(numArray[0]), 10, 64)
 			if err != nil {
 				return nil, fmt.Errorf("range number is invalid, %v", err)
 			}
-			max, err := strconv.ParseInt(strings.TrimSpace(numArray[1]), 10, 64)
+			maxNum, err := strconv.ParseInt(strings.TrimSpace(numArray[1]), 10, 64)
 			if err != nil {
 				return nil, fmt.Errorf("range number is invalid, %v", err)
 			}
-			if max < min {
+			if maxNum < minNum {
 				return nil, fmt.Errorf("range number is invalid")
 			}
-			out = append(out, PortsRange{Start: int(min), End: int(max)})
+			out = append(out, PortsRange{Start: int(minNum), End: int(maxNum)})
 		default:
 			return nil, fmt.Errorf("range number is invalid")
 		}

pkg/config/v1/plugin.go

@@ -103,6 +103,7 @@ type HTTP2HTTPSPluginOptions struct {
 	LocalAddr         string           `json:"localAddr,omitempty"`
 	HostHeaderRewrite string           `json:"hostHeaderRewrite,omitempty"`
 	RequestHeaders    HeaderOperations `json:"requestHeaders,omitempty"`
+	RootCA            string           `json:"rootCA,omitempty"`
 }
 
 func (o *HTTP2HTTPSPluginOptions) Complete() {}
@@ -137,6 +138,7 @@ type HTTPS2HTTPSPluginOptions struct {
 	EnableHTTP2       *bool            `json:"enableHTTP2,omitempty"`
 	CrtPath           string           `json:"crtPath,omitempty"`
 	KeyPath           string           `json:"keyPath,omitempty"`
+	RootCA            string           `json:"rootCA,omitempty"`
 }
 
 func (o *HTTPS2HTTPSPluginOptions) Complete() {

pkg/nathole/utils.go

@@ -78,9 +78,9 @@ func ListAllLocalIPs() ([]net.IP, error) {
 	return ips, nil
 }
 
-func ListLocalIPsForNatHole(max int) ([]string, error) {
-	if max <= 0 {
-		return nil, fmt.Errorf("max must be greater than 0")
+func ListLocalIPsForNatHole(maxItems int) ([]string, error) {
+	if maxItems <= 0 {
+		return nil, fmt.Errorf("maxItems must be greater than 0")
 	}
 
 	ips, err := ListAllLocalIPs()
@@ -88,9 +88,9 @@ func ListLocalIPsForNatHole(max int) ([]string, error) {
 		return nil, err
 	}
 
-	filtered := make([]string, 0, max)
+	filtered := make([]string, 0, maxItems)
 	for _, ip := range ips {
-		if len(filtered) >= max {
+		if len(filtered) >= maxItems {
 			break
 		}
 

pkg/plugin/client/http2https.go

@@ -19,11 +19,13 @@ package plugin
 import (
 	"context"
 	"crypto/tls"
+	"crypto/x509"
 	"io"
 	stdlog "log"
 	"net"
 	"net/http"
 	"net/http/httputil"
+	"os"
 
 	"github.com/fatedier/golib/pool"
 
@@ -53,8 +55,23 @@ func NewHTTP2HTTPSPlugin(options v1.ClientPluginOptions) (Plugin, error) {
 		l:    listener,
 	}
 
-	tr := &http.Transport{
-		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+	tr := &http.Transport{}
+
+	if opts.RootCA != "" {
+		caCert, err := os.ReadFile(opts.RootCA)
+		if err != nil {
+			return nil, err
+		}
+		caCertPool, err := x509.SystemCertPool()
+		if err != nil {
+			return nil, err
+		}
+		caCertPool.AppendCertsFromPEM(caCert)
+		tr.TLSClientConfig = &tls.Config{
+			RootCAs: caCertPool,
+		}
+	} else {
+		tr.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
 	}
 
 	rp := &httputil.ReverseProxy{

pkg/plugin/client/https2https.go

@@ -19,12 +19,14 @@ package plugin
 import (
 	"context"
 	"crypto/tls"
+	"crypto/x509"
 	"fmt"
 	"io"
 	stdlog "log"
 	"net"
 	"net/http"
 	"net/http/httputil"
+	"os"
 	"time"
 
 	"github.com/fatedier/golib/pool"
@@ -58,8 +60,23 @@ func NewHTTPS2HTTPSPlugin(options v1.ClientPluginOptions) (Plugin, error) {
 		l:    listener,
 	}
 
-	tr := &http.Transport{
-		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+	tr := &http.Transport{}
+
+	if opts.RootCA != "" {
+		caCert, err := os.ReadFile(opts.RootCA)
+		if err != nil {
+			return nil, err
+		}
+		caCertPool, err := x509.SystemCertPool()
+		if err != nil {
+			return nil, err
+		}
+		caCertPool.AppendCertsFromPEM(caCert)
+		tr.TLSClientConfig = &tls.Config{
+			RootCAs: caCertPool,
+		}
+	} else {
+		tr.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
 	}
 
 	rp := &httputil.ReverseProxy{

pkg/util/util/util.go

@@ -85,21 +85,21 @@ func ParseRangeNumbers(rangeStr string) (numbers []int64, err error) {
 			numbers = append(numbers, singleNum)
 		case 2:
 			// range numbers
-			min, errRet := strconv.ParseInt(strings.TrimSpace(numArray[0]), 10, 64)
+			minValue, errRet := strconv.ParseInt(strings.TrimSpace(numArray[0]), 10, 64)
 			if errRet != nil {
 				err = fmt.Errorf("range number is invalid, %v", errRet)
 				return
 			}
-			max, errRet := strconv.ParseInt(strings.TrimSpace(numArray[1]), 10, 64)
+			maxValue, errRet := strconv.ParseInt(strings.TrimSpace(numArray[1]), 10, 64)
 			if errRet != nil {
 				err = fmt.Errorf("range number is invalid, %v", errRet)
 				return
 			}
-			if max < min {
+			if maxValue < minValue {
 				err = fmt.Errorf("range number is invalid")
 				return
 			}
-			for i := min; i <= max; i++ {
+			for i := minValue; i <= maxValue; i++ {
 				numbers = append(numbers, i)
 			}
 		default:
@@ -118,13 +118,13 @@ func GenerateResponseErrorString(summary string, err error, detailed bool) strin
 }
 
 func RandomSleep(duration time.Duration, minRatio, maxRatio float64) time.Duration {
-	min := int64(minRatio * 1000.0)
-	max := int64(maxRatio * 1000.0)
+	minValue := int64(minRatio * 1000.0)
+	maxValue := int64(maxRatio * 1000.0)
 	var n int64
-	if max <= min {
-		n = min
+	if maxValue <= minValue {
+		n = minValue
 	} else {
-		n = mathrand.Int64N(max-min) + min
+		n = mathrand.Int64N(maxValue-minValue) + minValue
 	}
 	d := duration * time.Duration(n) / time.Duration(1000)
 	time.Sleep(d)

pkg/util/version/version.go

@@ -14,7 +14,7 @@
 
 package version
 
-var version = "0.60.0"
+var version = "0.61.0"
 
 func Full() string {
 	return version

server/proxy/proxy.go

@@ -137,17 +137,17 @@ func (pxy *BaseProxy) GetWorkConnFromPool(src, dst net.Addr) (workConn net.Conn,
 			dstAddr    string
 			srcPortStr string
 			dstPortStr string
-			srcPort    int
-			dstPort    int
+			srcPort    uint64
+			dstPort    uint64
 		)
 
 		if src != nil {
 			srcAddr, srcPortStr, _ = net.SplitHostPort(src.String())
-			srcPort, _ = strconv.Atoi(srcPortStr)
+			srcPort, _ = strconv.ParseUint(srcPortStr, 10, 16)
 		}
 		if dst != nil {
 			dstAddr, dstPortStr, _ = net.SplitHostPort(dst.String())
-			dstPort, _ = strconv.Atoi(dstPortStr)
+			dstPort, _ = strconv.ParseUint(dstPortStr, 10, 16)
 		}
 		err := msg.WriteMsg(workConn, &msg.StartWorkConn{
 			ProxyName: pxy.GetName(),
@@ -190,8 +190,8 @@ func (pxy *BaseProxy) startCommonTCPListenersHandler() {
 						} else {
 							tempDelay *= 2
 						}
-						if max := 1 * time.Second; tempDelay > max {
-							tempDelay = max
+						if maxTime := 1 * time.Second; tempDelay > maxTime {
+							tempDelay = maxTime
 						}
 						xl.Infof("met temporary error: %s, sleep for %s ...", err, tempDelay)
 						time.Sleep(tempDelay)