remove vendor (#1697)

bump version to v0.32.0

.github/ISSUE_TEMPLATE

@@ -0,0 +1,32 @@
+Issue is only used for submiting bug report and documents typo. If there are same issues or answers can be found in documents, we will close it directly.
+(为了节约时间，提高处理问题的效率，不按照格式填写的 issue 将会直接关闭。)
+(请不要在 issue 评论中出现无意义的 **加1**，**我也是** 等内容，将会被直接删除。)
+(由于个人精力有限，和系统环境，网络环境等相关的求助问题请转至其他论坛或社交平台。)
+
+Use the commands below to provide key information from your environment:
+You do NOT have to include this information if this is a FEATURE REQUEST
+
+**What version of frp are you using (./frpc -v or ./frps -v)?**
+
+
+**What operating system and processor architecture are you using (`go env`)?**
+
+
+**Configures you used:**
+
+
+**Steps to reproduce the issue:**
+1.
+2.
+3.
+
+**Describe the results you received:**
+
+
+**Describe the results you expected:**
+
+
+**Additional information you deem important (e.g. issue happens only occasionally):**
+
+
+**Can you point out what caused this issue (optional)**

.gitignore

@@ -25,6 +25,9 @@ _testmain.go
 
 # Self
 bin/
+packages/
+test/bin/
+vendor/
 
 # Cache
 *.swp

.travis.yml

@@ -2,11 +2,11 @@ sudo: false
 language: go
 
 go:
-    - 1.4.2
-    - 1.5.1
+    - 1.12.x
+    - 1.13.x
 
 install:
     - make
 
 script:
-    - make test
+    - make alltest

Dockerfile

@@ -1,14 +0,0 @@
-FROM golang:1.5
-
-MAINTAINER fatedier
-
-RUN echo "[common]\nbind_addr = 0.0.0.0\nbind_port = 7000\n[wiki]\npasswd = 123\nbind_addr = 0.0.0.0\nlisten_port = 80" > /usr/share/frps.ini
-
-ADD ./ /usr/share/frp/
-
-RUN cd /usr/share/frp && make
-
-EXPOSE 80
-EXPOSE 7000
-
-CMD ["/usr/share/frp/bin/frps -c /usr/share/frps.ini"]

Godeps/Godeps.json

@@ -1,23 +0,0 @@
-{
-	"ImportPath": "frp",
-	"GoVersion": "go1.4",
-	"Packages": [
-		"./..."
-	],
-	"Deps": [
-		{
-			"ImportPath": "github.com/astaxie/beego/logs",
-			"Comment": "v1.5.0-9-gfb7314f",
-			"Rev": "fb7314f8ac86b83ccd34386518d97cf2363e2ae5"
-		},
-		{
-			"ImportPath": "github.com/docopt/docopt-go",
-			"Comment": "0.6.2",
-			"Rev": "784ddc588536785e7299f7272f39101f7faccc3f"
-		},
-		{
-			"ImportPath": "github.com/vaughan0/go-ini",
-			"Rev": "a98ad7ee00ec53921f08832bc06ecf7fd600e6a1"
-		}
-	]
-}

Godeps/Readme

@@ -1,5 +0,0 @@
-This directory tree is generated automatically by godep.
-
-Please do not edit.
-
-See https://github.com/tools/godep for more information.

Godeps/_workspace/.gitignore

@@ -1,2 +0,0 @@
-/pkg
-/bin

Godeps/_workspace/src/github.com/astaxie/beego/LICENSE

@@ -1,13 +0,0 @@
-Copyright 2014 astaxie
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.

Godeps/_workspace/src/github.com/astaxie/beego/logs/README.md

@@ -1,63 +0,0 @@
-## logs
-logs is a Go logs manager. It can use many logs adapters. The repo is inspired by `database/sql` .
-
-
-## How to install?
-
-	go get github.com/astaxie/beego/logs
-
-
-## What adapters are supported?
-
-As of now this logs support console, file,smtp and conn.
-
-
-## How to use it?
-
-First you must import it
-
-	import (
-		"github.com/astaxie/beego/logs"
-	)
-
-Then init a Log (example with console adapter)
-
-	log := NewLogger(10000)
-	log.SetLogger("console", "")	
-
-> the first params stand for how many channel
-
-Use it like this:	
-	
-	log.Trace("trace")
-	log.Info("info")
-	log.Warn("warning")
-	log.Debug("debug")
-	log.Critical("critical")
-
-
-## File adapter
-
-Configure file adapter like this:
-
-	log := NewLogger(10000)
-	log.SetLogger("file", `{"filename":"test.log"}`)
-
-
-## Conn adapter
-
-Configure like this:
-
-	log := NewLogger(1000)
-	log.SetLogger("conn", `{"net":"tcp","addr":":7020"}`)
-	log.Info("info")
-
-
-## Smtp adapter
-
-Configure like this:
-
-	log := NewLogger(10000)
-	log.SetLogger("smtp", `{"username":"beegotest@gmail.com","password":"xxxxxxxx","host":"smtp.gmail.com:587","sendTos":["xiemengjun@gmail.com"]}`)
-	log.Critical("sendmail critical")
-	time.Sleep(time.Second * 30)

Godeps/_workspace/src/github.com/astaxie/beego/logs/conn.go

@@ -1,116 +0,0 @@
-// Copyright 2014 beego Author. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package logs
-
-import (
-	"encoding/json"
-	"io"
-	"log"
-	"net"
-)
-
-// ConnWriter implements LoggerInterface.
-// it writes messages in keep-live tcp connection.
-type ConnWriter struct {
-	lg             *log.Logger
-	innerWriter    io.WriteCloser
-	ReconnectOnMsg bool   `json:"reconnectOnMsg"`
-	Reconnect      bool   `json:"reconnect"`
-	Net            string `json:"net"`
-	Addr           string `json:"addr"`
-	Level          int    `json:"level"`
-}
-
-// create new ConnWrite returning as LoggerInterface.
-func NewConn() LoggerInterface {
-	conn := new(ConnWriter)
-	conn.Level = LevelTrace
-	return conn
-}
-
-// init connection writer with json config.
-// json config only need key "level".
-func (c *ConnWriter) Init(jsonconfig string) error {
-	return json.Unmarshal([]byte(jsonconfig), c)
-}
-
-// write message in connection.
-// if connection is down, try to re-connect.
-func (c *ConnWriter) WriteMsg(msg string, level int) error {
-	if level > c.Level {
-		return nil
-	}
-	if c.neddedConnectOnMsg() {
-		err := c.connect()
-		if err != nil {
-			return err
-		}
-	}
-
-	if c.ReconnectOnMsg {
-		defer c.innerWriter.Close()
-	}
-	c.lg.Println(msg)
-	return nil
-}
-
-// implementing method. empty.
-func (c *ConnWriter) Flush() {
-
-}
-
-// destroy connection writer and close tcp listener.
-func (c *ConnWriter) Destroy() {
-	if c.innerWriter != nil {
-		c.innerWriter.Close()
-	}
-}
-
-func (c *ConnWriter) connect() error {
-	if c.innerWriter != nil {
-		c.innerWriter.Close()
-		c.innerWriter = nil
-	}
-
-	conn, err := net.Dial(c.Net, c.Addr)
-	if err != nil {
-		return err
-	}
-
-	if tcpConn, ok := conn.(*net.TCPConn); ok {
-		tcpConn.SetKeepAlive(true)
-	}
-
-	c.innerWriter = conn
-	c.lg = log.New(conn, "", log.Ldate|log.Ltime)
-	return nil
-}
-
-func (c *ConnWriter) neddedConnectOnMsg() bool {
-	if c.Reconnect {
-		c.Reconnect = false
-		return true
-	}
-
-	if c.innerWriter == nil {
-		return true
-	}
-
-	return c.ReconnectOnMsg
-}
-
-func init() {
-	Register("conn", NewConn)
-}

Godeps/_workspace/src/github.com/astaxie/beego/logs/console.go

@@ -1,95 +0,0 @@
-// Copyright 2014 beego Author. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package logs
-
-import (
-	"encoding/json"
-	"log"
-	"os"
-	"runtime"
-)
-
-type Brush func(string) string
-
-func NewBrush(color string) Brush {
-	pre := "\033["
-	reset := "\033[0m"
-	return func(text string) string {
-		return pre + color + "m" + text + reset
-	}
-}
-
-var colors = []Brush{
-	NewBrush("1;37"), // Emergency	white
-	NewBrush("1;36"), // Alert			cyan
-	NewBrush("1;35"), // Critical   magenta
-	NewBrush("1;31"), // Error      red
-	NewBrush("1;33"), // Warning    yellow
-	NewBrush("1;32"), // Notice			green
-	NewBrush("1;34"), // Informational	blue
-	NewBrush("1;34"), // Debug      blue
-}
-
-// ConsoleWriter implements LoggerInterface and writes messages to terminal.
-type ConsoleWriter struct {
-	lg    *log.Logger
-	Level int `json:"level"`
-}
-
-// create ConsoleWriter returning as LoggerInterface.
-func NewConsole() LoggerInterface {
-	cw := &ConsoleWriter{
-		lg:    log.New(os.Stdout, "", log.Ldate|log.Ltime),
-		Level: LevelDebug,
-	}
-	return cw
-}
-
-// init console logger.
-// jsonconfig like '{"level":LevelTrace}'.
-func (c *ConsoleWriter) Init(jsonconfig string) error {
-	if len(jsonconfig) == 0 {
-		return nil
-	}
-	return json.Unmarshal([]byte(jsonconfig), c)
-}
-
-// write message in console.
-func (c *ConsoleWriter) WriteMsg(msg string, level int) error {
-	if level > c.Level {
-		return nil
-	}
-	if goos := runtime.GOOS; goos == "windows" {
-		c.lg.Println(msg)
-		return nil
-	}
-	c.lg.Println(colors[level](msg))
-
-	return nil
-}
-
-// implementing method. empty.
-func (c *ConsoleWriter) Destroy() {
-
-}
-
-// implementing method. empty.
-func (c *ConsoleWriter) Flush() {
-
-}
-
-func init() {
-	Register("console", NewConsole)
-}

Godeps/_workspace/src/github.com/astaxie/beego/logs/es/es.go

@@ -1,76 +0,0 @@
-package es
-
-import (
-	"encoding/json"
-	"errors"
-	"fmt"
-	"net"
-	"net/url"
-	"time"
-
-	"github.com/astaxie/beego/logs"
-	"github.com/belogik/goes"
-)
-
-func NewES() logs.LoggerInterface {
-	cw := &esLogger{
-		Level: logs.LevelDebug,
-	}
-	return cw
-}
-
-type esLogger struct {
-	*goes.Connection
-	DSN   string `json:"dsn"`
-	Level int    `json:"level"`
-}
-
-// {"dsn":"http://localhost:9200/","level":1}
-func (el *esLogger) Init(jsonconfig string) error {
-	err := json.Unmarshal([]byte(jsonconfig), el)
-	if err != nil {
-		return err
-	}
-	if el.DSN == "" {
-		return errors.New("empty dsn")
-	} else if u, err := url.Parse(el.DSN); err != nil {
-		return err
-	} else if u.Path == "" {
-		return errors.New("missing prefix")
-	} else if host, port, err := net.SplitHostPort(u.Host); err != nil {
-		return err
-	} else {
-		conn := goes.NewConnection(host, port)
-		el.Connection = conn
-	}
-	return nil
-}
-
-func (el *esLogger) WriteMsg(msg string, level int) error {
-	if level > el.Level {
-		return nil
-	}
-	t := time.Now()
-	vals := make(map[string]interface{})
-	vals["@timestamp"] = t.Format(time.RFC3339)
-	vals["@msg"] = msg
-	d := goes.Document{
-		Index:  fmt.Sprintf("%04d.%02d.%02d", t.Year(), t.Month(), t.Day()),
-		Type:   "logs",
-		Fields: vals,
-	}
-	_, err := el.Index(d, nil)
-	return err
-}
-
-func (el *esLogger) Destroy() {
-
-}
-
-func (el *esLogger) Flush() {
-
-}
-
-func init() {
-	logs.Register("es", NewES)
-}

Godeps/_workspace/src/github.com/astaxie/beego/logs/file.go

@@ -1,283 +0,0 @@
-// Copyright 2014 beego Author. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package logs
-
-import (
-	"bytes"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"io"
-	"log"
-	"os"
-	"path/filepath"
-	"strings"
-	"sync"
-	"time"
-)
-
-// FileLogWriter implements LoggerInterface.
-// It writes messages by lines limit, file size limit, or time frequency.
-type FileLogWriter struct {
-	*log.Logger
-	mw *MuxWriter
-	// The opened file
-	Filename string `json:"filename"`
-
-	Maxlines          int `json:"maxlines"`
-	maxlines_curlines int
-
-	// Rotate at size
-	Maxsize         int `json:"maxsize"`
-	maxsize_cursize int
-
-	// Rotate daily
-	Daily          bool  `json:"daily"`
-	Maxdays        int64 `json:"maxdays"`
-	daily_opendate int
-
-	Rotate bool `json:"rotate"`
-
-	startLock sync.Mutex // Only one log can write to the file
-
-	Level int `json:"level"`
-}
-
-// an *os.File writer with locker.
-type MuxWriter struct {
-	sync.Mutex
-	fd *os.File
-}
-
-// write to os.File.
-func (l *MuxWriter) Write(b []byte) (int, error) {
-	l.Lock()
-	defer l.Unlock()
-	return l.fd.Write(b)
-}
-
-// set os.File in writer.
-func (l *MuxWriter) SetFd(fd *os.File) {
-	if l.fd != nil {
-		l.fd.Close()
-	}
-	l.fd = fd
-}
-
-// create a FileLogWriter returning as LoggerInterface.
-func NewFileWriter() LoggerInterface {
-	w := &FileLogWriter{
-		Filename: "",
-		Maxlines: 1000000,
-		Maxsize:  1 << 28, //256 MB
-		Daily:    true,
-		Maxdays:  7,
-		Rotate:   true,
-		Level:    LevelTrace,
-	}
-	// use MuxWriter instead direct use os.File for lock write when rotate
-	w.mw = new(MuxWriter)
-	// set MuxWriter as Logger's io.Writer
-	w.Logger = log.New(w.mw, "", log.Ldate|log.Ltime)
-	return w
-}
-
-// Init file logger with json config.
-// jsonconfig like:
-//	{
-//	"filename":"logs/beego.log",
-//	"maxlines":10000,
-//	"maxsize":1<<30,
-//	"daily":true,
-//	"maxdays":15,
-//	"rotate":true
-//	}
-func (w *FileLogWriter) Init(jsonconfig string) error {
-	err := json.Unmarshal([]byte(jsonconfig), w)
-	if err != nil {
-		return err
-	}
-	if len(w.Filename) == 0 {
-		return errors.New("jsonconfig must have filename")
-	}
-	err = w.startLogger()
-	return err
-}
-
-// start file logger. create log file and set to locker-inside file writer.
-func (w *FileLogWriter) startLogger() error {
-	fd, err := w.createLogFile()
-	if err != nil {
-		return err
-	}
-	w.mw.SetFd(fd)
-	return w.initFd()
-}
-
-func (w *FileLogWriter) docheck(size int) {
-	w.startLock.Lock()
-	defer w.startLock.Unlock()
-	if w.Rotate && ((w.Maxlines > 0 && w.maxlines_curlines >= w.Maxlines) ||
-		(w.Maxsize > 0 && w.maxsize_cursize >= w.Maxsize) ||
-		(w.Daily && time.Now().Day() != w.daily_opendate)) {
-		if err := w.DoRotate(); err != nil {
-			fmt.Fprintf(os.Stderr, "FileLogWriter(%q): %s\n", w.Filename, err)
-			return
-		}
-	}
-	w.maxlines_curlines++
-	w.maxsize_cursize += size
-}
-
-// write logger message into file.
-func (w *FileLogWriter) WriteMsg(msg string, level int) error {
-	if level > w.Level {
-		return nil
-	}
-	n := 24 + len(msg) // 24 stand for the length "2013/06/23 21:00:22 [T] "
-	w.docheck(n)
-	w.Logger.Println(msg)
-	return nil
-}
-
-func (w *FileLogWriter) createLogFile() (*os.File, error) {
-	// Open the log file
-	fd, err := os.OpenFile(w.Filename, os.O_WRONLY|os.O_APPEND|os.O_CREATE, 0660)
-	return fd, err
-}
-
-func (w *FileLogWriter) initFd() error {
-	fd := w.mw.fd
-	finfo, err := fd.Stat()
-	if err != nil {
-		return fmt.Errorf("get stat err: %s\n", err)
-	}
-	w.maxsize_cursize = int(finfo.Size())
-	w.daily_opendate = time.Now().Day()
-	w.maxlines_curlines = 0
-	if finfo.Size() > 0 {
-		count, err := w.lines()
-		if err != nil {
-			return err
-		}
-		w.maxlines_curlines = count
-	}
-	return nil
-}
-
-func (w *FileLogWriter) lines() (int, error) {
-	fd, err := os.Open(w.Filename)
-	if err != nil {
-		return 0, err
-	}
-	defer fd.Close()
-
-	buf := make([]byte, 32768) // 32k
-	count := 0
-	lineSep := []byte{'\n'}
-
-	for {
-		c, err := fd.Read(buf)
-		if err != nil && err != io.EOF {
-			return count, err
-		}
-
-		count += bytes.Count(buf[:c], lineSep)
-
-		if err == io.EOF {
-			break
-		}
-	}
-
-	return count, nil
-}
-
-// DoRotate means it need to write file in new file.
-// new file name like xx.log.2013-01-01.2
-func (w *FileLogWriter) DoRotate() error {
-	_, err := os.Lstat(w.Filename)
-	if err == nil { // file exists
-		// Find the next available number
-		num := 1
-		fname := ""
-		for ; err == nil && num <= 999; num++ {
-			fname = w.Filename + fmt.Sprintf(".%s.%03d", time.Now().Format("2006-01-02"), num)
-			_, err = os.Lstat(fname)
-		}
-		// return error if the last file checked still existed
-		if err == nil {
-			return fmt.Errorf("Rotate: Cannot find free log number to rename %s\n", w.Filename)
-		}
-
-		// block Logger's io.Writer
-		w.mw.Lock()
-		defer w.mw.Unlock()
-
-		fd := w.mw.fd
-		fd.Close()
-
-		// close fd before rename
-		// Rename the file to its newfound home
-		err = os.Rename(w.Filename, fname)
-		if err != nil {
-			return fmt.Errorf("Rotate: %s\n", err)
-		}
-
-		// re-start logger
-		err = w.startLogger()
-		if err != nil {
-			return fmt.Errorf("Rotate StartLogger: %s\n", err)
-		}
-
-		go w.deleteOldLog()
-	}
-
-	return nil
-}
-
-func (w *FileLogWriter) deleteOldLog() {
-	dir := filepath.Dir(w.Filename)
-	filepath.Walk(dir, func(path string, info os.FileInfo, err error) (returnErr error) {
-		defer func() {
-			if r := recover(); r != nil {
-				returnErr = fmt.Errorf("Unable to delete old log '%s', error: %+v", path, r)
-				fmt.Println(returnErr)
-			}
-		}()
-
-		if !info.IsDir() && info.ModTime().Unix() < (time.Now().Unix()-60*60*24*w.Maxdays) {
-			if strings.HasPrefix(filepath.Base(path), filepath.Base(w.Filename)) {
-				os.Remove(path)
-			}
-		}
-		return
-	})
-}
-
-// destroy file logger, close file writer.
-func (w *FileLogWriter) Destroy() {
-	w.mw.fd.Close()
-}
-
-// flush file logger.
-// there are no buffering messages in file logger in memory.
-// flush file means sync file from disk.
-func (w *FileLogWriter) Flush() {
-	w.mw.fd.Sync()
-}
-
-func init() {
-	Register("file", NewFileWriter)
-}

Godeps/_workspace/src/github.com/astaxie/beego/logs/log.go

@@ -1,350 +0,0 @@
-// Copyright 2014 beego Author. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Usage:
-//
-// import "github.com/astaxie/beego/logs"
-//
-//	log := NewLogger(10000)
-//	log.SetLogger("console", "")
-//
-//	> the first params stand for how many channel
-//
-// Use it like this:
-//
-//	log.Trace("trace")
-//	log.Info("info")
-//	log.Warn("warning")
-//	log.Debug("debug")
-//	log.Critical("critical")
-//
-//  more docs http://beego.me/docs/module/logs.md
-package logs
-
-import (
-	"fmt"
-	"path"
-	"runtime"
-	"sync"
-)
-
-// RFC5424 log message levels.
-const (
-	LevelEmergency = iota
-	LevelAlert
-	LevelCritical
-	LevelError
-	LevelWarning
-	LevelNotice
-	LevelInformational
-	LevelDebug
-)
-
-// Legacy loglevel constants to ensure backwards compatibility.
-//
-// Deprecated: will be removed in 1.5.0.
-const (
-	LevelInfo  = LevelInformational
-	LevelTrace = LevelDebug
-	LevelWarn  = LevelWarning
-)
-
-type loggerType func() LoggerInterface
-
-// LoggerInterface defines the behavior of a log provider.
-type LoggerInterface interface {
-	Init(config string) error
-	WriteMsg(msg string, level int) error
-	Destroy()
-	Flush()
-}
-
-var adapters = make(map[string]loggerType)
-
-// Register makes a log provide available by the provided name.
-// If Register is called twice with the same name or if driver is nil,
-// it panics.
-func Register(name string, log loggerType) {
-	if log == nil {
-		panic("logs: Register provide is nil")
-	}
-	if _, dup := adapters[name]; dup {
-		panic("logs: Register called twice for provider " + name)
-	}
-	adapters[name] = log
-}
-
-// BeeLogger is default logger in beego application.
-// it can contain several providers and log message into all providers.
-type BeeLogger struct {
-	lock                sync.Mutex
-	level               int
-	enableFuncCallDepth bool
-	loggerFuncCallDepth int
-	asynchronous        bool
-	msg                 chan *logMsg
-	outputs             map[string]LoggerInterface
-}
-
-type logMsg struct {
-	level int
-	msg   string
-}
-
-// NewLogger returns a new BeeLogger.
-// channellen means the number of messages in chan.
-// if the buffering chan is full, logger adapters write to file or other way.
-func NewLogger(channellen int64) *BeeLogger {
-	bl := new(BeeLogger)
-	bl.level = LevelDebug
-	bl.loggerFuncCallDepth = 2
-	bl.msg = make(chan *logMsg, channellen)
-	bl.outputs = make(map[string]LoggerInterface)
-	return bl
-}
-
-func (bl *BeeLogger) Async() *BeeLogger {
-	bl.asynchronous = true
-	go bl.startLogger()
-	return bl
-}
-
-// SetLogger provides a given logger adapter into BeeLogger with config string.
-// config need to be correct JSON as string: {"interval":360}.
-func (bl *BeeLogger) SetLogger(adaptername string, config string) error {
-	bl.lock.Lock()
-	defer bl.lock.Unlock()
-	if log, ok := adapters[adaptername]; ok {
-		lg := log()
-		err := lg.Init(config)
-		bl.outputs[adaptername] = lg
-		if err != nil {
-			fmt.Println("logs.BeeLogger.SetLogger: " + err.Error())
-			return err
-		}
-	} else {
-		return fmt.Errorf("logs: unknown adaptername %q (forgotten Register?)", adaptername)
-	}
-	return nil
-}
-
-// remove a logger adapter in BeeLogger.
-func (bl *BeeLogger) DelLogger(adaptername string) error {
-	bl.lock.Lock()
-	defer bl.lock.Unlock()
-	if lg, ok := bl.outputs[adaptername]; ok {
-		lg.Destroy()
-		delete(bl.outputs, adaptername)
-		return nil
-	} else {
-		return fmt.Errorf("logs: unknown adaptername %q (forgotten Register?)", adaptername)
-	}
-}
-
-func (bl *BeeLogger) writerMsg(loglevel int, msg string) error {
-	lm := new(logMsg)
-	lm.level = loglevel
-	if bl.enableFuncCallDepth {
-		_, file, line, ok := runtime.Caller(bl.loggerFuncCallDepth)
-		if !ok {
-			file = "???"
-			line = 0
-		}
-		_, filename := path.Split(file)
-		lm.msg = fmt.Sprintf("[%s:%d] %s", filename, line, msg)
-	} else {
-		lm.msg = msg
-	}
-	if bl.asynchronous {
-		bl.msg <- lm
-	} else {
-		for name, l := range bl.outputs {
-			err := l.WriteMsg(lm.msg, lm.level)
-			if err != nil {
-				fmt.Println("unable to WriteMsg to adapter:", name, err)
-				return err
-			}
-		}
-	}
-	return nil
-}
-
-// Set log message level.
-//
-// If message level (such as LevelDebug) is higher than logger level (such as LevelWarning),
-// log providers will not even be sent the message.
-func (bl *BeeLogger) SetLevel(l int) {
-	bl.level = l
-}
-
-// set log funcCallDepth
-func (bl *BeeLogger) SetLogFuncCallDepth(d int) {
-	bl.loggerFuncCallDepth = d
-}
-
-// get log funcCallDepth for wrapper
-func (bl *BeeLogger) GetLogFuncCallDepth() int {
-	return bl.loggerFuncCallDepth
-}
-
-// enable log funcCallDepth
-func (bl *BeeLogger) EnableFuncCallDepth(b bool) {
-	bl.enableFuncCallDepth = b
-}
-
-// start logger chan reading.
-// when chan is not empty, write logs.
-func (bl *BeeLogger) startLogger() {
-	for {
-		select {
-		case bm := <-bl.msg:
-			for _, l := range bl.outputs {
-				err := l.WriteMsg(bm.msg, bm.level)
-				if err != nil {
-					fmt.Println("ERROR, unable to WriteMsg:", err)
-				}
-			}
-		}
-	}
-}
-
-// Log EMERGENCY level message.
-func (bl *BeeLogger) Emergency(format string, v ...interface{}) {
-	if LevelEmergency > bl.level {
-		return
-	}
-	msg := fmt.Sprintf("[M] "+format, v...)
-	bl.writerMsg(LevelEmergency, msg)
-}
-
-// Log ALERT level message.
-func (bl *BeeLogger) Alert(format string, v ...interface{}) {
-	if LevelAlert > bl.level {
-		return
-	}
-	msg := fmt.Sprintf("[A] "+format, v...)
-	bl.writerMsg(LevelAlert, msg)
-}
-
-// Log CRITICAL level message.
-func (bl *BeeLogger) Critical(format string, v ...interface{}) {
-	if LevelCritical > bl.level {
-		return
-	}
-	msg := fmt.Sprintf("[C] "+format, v...)
-	bl.writerMsg(LevelCritical, msg)
-}
-
-// Log ERROR level message.
-func (bl *BeeLogger) Error(format string, v ...interface{}) {
-	if LevelError > bl.level {
-		return
-	}
-	msg := fmt.Sprintf("[E] "+format, v...)
-	bl.writerMsg(LevelError, msg)
-}
-
-// Log WARNING level message.
-func (bl *BeeLogger) Warning(format string, v ...interface{}) {
-	if LevelWarning > bl.level {
-		return
-	}
-	msg := fmt.Sprintf("[W] "+format, v...)
-	bl.writerMsg(LevelWarning, msg)
-}
-
-// Log NOTICE level message.
-func (bl *BeeLogger) Notice(format string, v ...interface{}) {
-	if LevelNotice > bl.level {
-		return
-	}
-	msg := fmt.Sprintf("[N] "+format, v...)
-	bl.writerMsg(LevelNotice, msg)
-}
-
-// Log INFORMATIONAL level message.
-func (bl *BeeLogger) Informational(format string, v ...interface{}) {
-	if LevelInformational > bl.level {
-		return
-	}
-	msg := fmt.Sprintf("[I] "+format, v...)
-	bl.writerMsg(LevelInformational, msg)
-}
-
-// Log DEBUG level message.
-func (bl *BeeLogger) Debug(format string, v ...interface{}) {
-	if LevelDebug > bl.level {
-		return
-	}
-	msg := fmt.Sprintf("[D] "+format, v...)
-	bl.writerMsg(LevelDebug, msg)
-}
-
-// Log WARN level message.
-// compatibility alias for Warning()
-func (bl *BeeLogger) Warn(format string, v ...interface{}) {
-	if LevelWarning > bl.level {
-		return
-	}
-	msg := fmt.Sprintf("[W] "+format, v...)
-	bl.writerMsg(LevelWarning, msg)
-}
-
-// Log INFO level message.
-// compatibility alias for Informational()
-func (bl *BeeLogger) Info(format string, v ...interface{}) {
-	if LevelInformational > bl.level {
-		return
-	}
-	msg := fmt.Sprintf("[I] "+format, v...)
-	bl.writerMsg(LevelInformational, msg)
-}
-
-// Log TRACE level message.
-// compatibility alias for Debug()
-func (bl *BeeLogger) Trace(format string, v ...interface{}) {
-	if LevelDebug > bl.level {
-		return
-	}
-	msg := fmt.Sprintf("[D] "+format, v...)
-	bl.writerMsg(LevelDebug, msg)
-}
-
-// flush all chan data.
-func (bl *BeeLogger) Flush() {
-	for _, l := range bl.outputs {
-		l.Flush()
-	}
-}
-
-// close logger, flush all chan data and destroy all adapters in BeeLogger.
-func (bl *BeeLogger) Close() {
-	for {
-		if len(bl.msg) > 0 {
-			bm := <-bl.msg
-			for _, l := range bl.outputs {
-				err := l.WriteMsg(bm.msg, bm.level)
-				if err != nil {
-					fmt.Println("ERROR, unable to WriteMsg (while closing logger):", err)
-				}
-			}
-			continue
-		}
-		break
-	}
-	for _, l := range bl.outputs {
-		l.Flush()
-		l.Destroy()
-	}
-}

Godeps/_workspace/src/github.com/astaxie/beego/logs/smtp.go

@@ -1,165 +0,0 @@
-// Copyright 2014 beego Author. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package logs
-
-import (
-	"crypto/tls"
-	"encoding/json"
-	"fmt"
-	"net"
-	"net/smtp"
-	"strings"
-	"time"
-)
-
-const (
-// no usage
-// subjectPhrase = "Diagnostic message from server"
-)
-
-// smtpWriter implements LoggerInterface and is used to send emails via given SMTP-server.
-type SmtpWriter struct {
-	Username           string   `json:"Username"`
-	Password           string   `json:"password"`
-	Host               string   `json:"Host"`
-	Subject            string   `json:"subject"`
-	FromAddress        string   `json:"fromAddress"`
-	RecipientAddresses []string `json:"sendTos"`
-	Level              int      `json:"level"`
-}
-
-// create smtp writer.
-func NewSmtpWriter() LoggerInterface {
-	return &SmtpWriter{Level: LevelTrace}
-}
-
-// init smtp writer with json config.
-// config like:
-//	{
-//		"Username":"example@gmail.com",
-//		"password:"password",
-//		"host":"smtp.gmail.com:465",
-//		"subject":"email title",
-//		"fromAddress":"from@example.com",
-//		"sendTos":["email1","email2"],
-//		"level":LevelError
-//	}
-func (s *SmtpWriter) Init(jsonconfig string) error {
-	err := json.Unmarshal([]byte(jsonconfig), s)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-func (s *SmtpWriter) GetSmtpAuth(host string) smtp.Auth {
-	if len(strings.Trim(s.Username, " ")) == 0 && len(strings.Trim(s.Password, " ")) == 0 {
-		return nil
-	}
-	return smtp.PlainAuth(
-		"",
-		s.Username,
-		s.Password,
-		host,
-	)
-}
-
-func (s *SmtpWriter) sendMail(hostAddressWithPort string, auth smtp.Auth, fromAddress string, recipients []string, msgContent []byte) error {
-	client, err := smtp.Dial(hostAddressWithPort)
-	if err != nil {
-		return err
-	}
-
-	host, _, _ := net.SplitHostPort(hostAddressWithPort)
-	tlsConn := &tls.Config{
-		InsecureSkipVerify: true,
-		ServerName:         host,
-	}
-	if err = client.StartTLS(tlsConn); err != nil {
-		return err
-	}
-
-	if auth != nil {
-		if err = client.Auth(auth); err != nil {
-			return err
-		}
-	}
-
-	if err = client.Mail(fromAddress); err != nil {
-		return err
-	}
-
-	for _, rec := range recipients {
-		if err = client.Rcpt(rec); err != nil {
-			return err
-		}
-	}
-
-	w, err := client.Data()
-	if err != nil {
-		return err
-	}
-	_, err = w.Write([]byte(msgContent))
-	if err != nil {
-		return err
-	}
-
-	err = w.Close()
-	if err != nil {
-		return err
-	}
-
-	err = client.Quit()
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// write message in smtp writer.
-// it will send an email with subject and only this message.
-func (s *SmtpWriter) WriteMsg(msg string, level int) error {
-	if level > s.Level {
-		return nil
-	}
-
-	hp := strings.Split(s.Host, ":")
-
-	// Set up authentication information.
-	auth := s.GetSmtpAuth(hp[0])
-
-	// Connect to the server, authenticate, set the sender and recipient,
-	// and send the email all in one step.
-	content_type := "Content-Type: text/plain" + "; charset=UTF-8"
-	mailmsg := []byte("To: " + strings.Join(s.RecipientAddresses, ";") + "\r\nFrom: " + s.FromAddress + "<" + s.FromAddress +
-		">\r\nSubject: " + s.Subject + "\r\n" + content_type + "\r\n\r\n" + fmt.Sprintf(".%s", time.Now().Format("2006-01-02 15:04:05")) + msg)
-
-	return s.sendMail(s.Host, auth, s.FromAddress, s.RecipientAddresses, mailmsg)
-}
-
-// implementing method. empty.
-func (s *SmtpWriter) Flush() {
-	return
-}
-
-// implementing method. empty.
-func (s *SmtpWriter) Destroy() {
-	return
-}
-
-func init() {
-	Register("smtp", NewSmtpWriter)
-}

Godeps/_workspace/src/github.com/astaxie/beego/utils/captcha/LICENSE

@@ -1,19 +0,0 @@
-Copyright (c) 2011-2014 Dmitry Chestnykh <dmitry@codingrobots.com>
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.

Godeps/_workspace/src/github.com/docopt/docopt-go/.gitignore

@@ -1,25 +0,0 @@
-# Compiled Object files, Static and Dynamic libs (Shared Objects)
-*.o
-*.a
-*.so
-
-# Folders
-_obj
-_test
-
-# Architecture specific extensions/prefixes
-*.[568vq]
-[568vq].out
-
-*.cgo1.go
-*.cgo2.c
-_cgo_defun.c
-_cgo_gotypes.go
-_cgo_export.*
-
-_testmain.go
-
-*.exe
-
-# coverage droppings
-profile.cov

Godeps/_workspace/src/github.com/docopt/docopt-go/.travis.yml

@@ -1,31 +0,0 @@
-# Travis CI (http://travis-ci.org/) is a continuous integration
-# service for open source projects. This file configures it
-# to run unit tests for docopt-go.
-
-language: go
-
-go:
-    - 1.4
-    - 1.5
-    - tip
-
-matrix:
-    fast_finish: true
-
-before_install:
-    - go get golang.org/x/tools/cmd/vet
-    - go get golang.org/x/tools/cmd/cover
-    - go get github.com/golang/lint/golint
-    - go get github.com/mattn/goveralls
-
-install:
-    - go get -d -v ./... && go build -v ./...
-
-script:
-    - go vet -x ./...
-    - $HOME/gopath/bin/golint ./...
-    - go test -v ./...
-    - go test -covermode=count -coverprofile=profile.cov .
-
-after_script:
-    - $HOME/gopath/bin/goveralls -coverprofile=profile.cov -service=travis-ci

Godeps/_workspace/src/github.com/docopt/docopt-go/LICENSE

@@ -1,20 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2013 Keith Batten
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of
-this software and associated documentation files (the "Software"), to deal in
-the Software without restriction, including without limitation the rights to
-use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-the Software, and to permit persons to whom the Software is furnished to do so,
-subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Godeps/_workspace/src/github.com/docopt/docopt-go/README.md

@@ -1,88 +0,0 @@
-docopt-go
-=========
-
-[![Build Status](https://travis-ci.org/docopt/docopt.go.svg?branch=master)](https://travis-ci.org/docopt/docopt.go)
-[![Coverage Status](https://coveralls.io/repos/docopt/docopt.go/badge.png)](https://coveralls.io/r/docopt/docopt.go)
-[![GoDoc](https://godoc.org/github.com/docopt/docopt.go?status.png)](https://godoc.org/github.com/docopt/docopt.go)
-
-An implementation of [docopt](http://docopt.org/) in the
-[Go](http://golang.org/) programming language.
-
-**docopt** helps you create *beautiful* command-line interfaces easily:
-
-```go
-package main
-
-import (
-	"fmt"
-	"github.com/docopt/docopt-go"
-)
-
-func main() {
-	  usage := `Naval Fate.
-
-Usage:
-  naval_fate ship new <name>...
-  naval_fate ship <name> move <x> <y> [--speed=<kn>]
-  naval_fate ship shoot <x> <y>
-  naval_fate mine (set|remove) <x> <y> [--moored|--drifting]
-  naval_fate -h | --help
-  naval_fate --version
-
-Options:
-  -h --help     Show this screen.
-  --version     Show version.
-  --speed=<kn>  Speed in knots [default: 10].
-  --moored      Moored (anchored) mine.
-  --drifting    Drifting mine.`
-
-	  arguments, _ := docopt.Parse(usage, nil, true, "Naval Fate 2.0", false)
-	  fmt.Println(arguments)
-}
-```
-
-**docopt** parses command-line arguments based on a help message. Don't
-write parser code: a good help message already has all the necessary
-information in it.
-
-## Installation
-
-⚠ Use the alias “docopt-go”. To use docopt in your Go code:
-
-```go
-import "github.com/docopt/docopt-go"
-```
-
-To install docopt according to your `$GOPATH`:
-
-```console
-$ go get github.com/docopt/docopt-go
-```
-
-## API
-
-```go
-func Parse(doc string, argv []string, help bool, version string,
-    optionsFirst bool, exit ...bool) (map[string]interface{}, error)
-```
-Parse `argv` based on the command-line interface described in `doc`.
-
-Given a conventional command-line help message, docopt creates a parser and
-processes the arguments. See
-https://github.com/docopt/docopt#help-message-format for a description of the
-help message format. If `argv` is `nil`, `os.Args[1:]` is used.
-
-docopt returns a map of option names to the values parsed from `argv`, and an
-error or `nil`.
-
-More documentation for docopt is available at
-[GoDoc.org](https://godoc.org/github.com/docopt/docopt.go).
-
-## Testing
-
-All tests from the Python version are implemented and passing
-at [Travis CI](https://travis-ci.org/docopt/docopt.go). New
-language-agnostic tests have been added
-to [test_golang.docopt](test_golang.docopt).
-
-To run tests for docopt-go, use `go test`.

Godeps/_workspace/src/github.com/docopt/docopt-go/test_golang.docopt

@@ -1,9 +0,0 @@
-r"""usage: prog [NAME_-2]..."""
-$ prog 10 20
-{"NAME_-2": ["10", "20"]}
-
-$ prog 10
-{"NAME_-2": ["10"]}
-
-$ prog
-{"NAME_-2": []}

Godeps/_workspace/src/github.com/docopt/docopt-go/testcases.docopt

@@ -1,957 +0,0 @@
-r"""Usage: prog
-
-"""
-$ prog
-{}
-
-$ prog --xxx
-"user-error"
-
-
-r"""Usage: prog [options]
-
-Options: -a  All.
-
-"""
-$ prog
-{"-a": false}
-
-$ prog -a
-{"-a": true}
-
-$ prog -x
-"user-error"
-
-
-r"""Usage: prog [options]
-
-Options: --all  All.
-
-"""
-$ prog
-{"--all": false}
-
-$ prog --all
-{"--all": true}
-
-$ prog --xxx
-"user-error"
-
-
-r"""Usage: prog [options]
-
-Options: -v, --verbose  Verbose.
-
-"""
-$ prog --verbose
-{"--verbose": true}
-
-$ prog --ver
-{"--verbose": true}
-
-$ prog -v
-{"--verbose": true}
-
-
-r"""Usage: prog [options]
-
-Options: -p PATH
-
-"""
-$ prog -p home/
-{"-p": "home/"}
-
-$ prog -phome/
-{"-p": "home/"}
-
-$ prog -p
-"user-error"
-
-
-r"""Usage: prog [options]
-
-Options: --path <path>
-
-"""
-$ prog --path home/
-{"--path": "home/"}
-
-$ prog --path=home/
-{"--path": "home/"}
-
-$ prog --pa home/
-{"--path": "home/"}
-
-$ prog --pa=home/
-{"--path": "home/"}
-
-$ prog --path
-"user-error"
-
-
-r"""Usage: prog [options]
-
-Options: -p PATH, --path=<path>  Path to files.
-
-"""
-$ prog -proot
-{"--path": "root"}
-
-
-r"""Usage: prog [options]
-
-Options:    -p --path PATH  Path to files.
-
-"""
-$ prog -p root
-{"--path": "root"}
-
-$ prog --path root
-{"--path": "root"}
-
-
-r"""Usage: prog [options]
-
-Options:
- -p PATH  Path to files [default: ./]
-
-"""
-$ prog
-{"-p": "./"}
-
-$ prog -phome
-{"-p": "home"}
-
-
-r"""UsAgE: prog [options]
-
-OpTiOnS: --path=<files>  Path to files
-                [dEfAuLt: /root]
-
-"""
-$ prog
-{"--path": "/root"}
-
-$ prog --path=home
-{"--path": "home"}
-
-
-r"""usage: prog [options]
-
-options:
-    -a        Add
-    -r        Remote
-    -m <msg>  Message
-
-"""
-$ prog -a -r -m Hello
-{"-a": true,
- "-r": true,
- "-m": "Hello"}
-
-$ prog -armyourass
-{"-a": true,
- "-r": true,
- "-m": "yourass"}
-
-$ prog -a -r
-{"-a": true,
- "-r": true,
- "-m": null}
-
-
-r"""Usage: prog [options]
-
-Options: --version
-         --verbose
-
-"""
-$ prog --version
-{"--version": true,
- "--verbose": false}
-
-$ prog --verbose
-{"--version": false,
- "--verbose": true}
-
-$ prog --ver
-"user-error"
-
-$ prog --verb
-{"--version": false,
- "--verbose": true}
-
-
-r"""usage: prog [-a -r -m <msg>]
-
-options:
- -a        Add
- -r        Remote
- -m <msg>  Message
-
-"""
-$ prog -armyourass
-{"-a": true,
- "-r": true,
- "-m": "yourass"}
-
-
-r"""usage: prog [-armmsg]
-
-options: -a        Add
-         -r        Remote
-         -m <msg>  Message
-
-"""
-$ prog -a -r -m Hello
-{"-a": true,
- "-r": true,
- "-m": "Hello"}
-
-
-r"""usage: prog -a -b
-
-options:
- -a
- -b
-
-"""
-$ prog -a -b
-{"-a": true, "-b": true}
-
-$ prog -b -a
-{"-a": true, "-b": true}
-
-$ prog -a
-"user-error"
-
-$ prog
-"user-error"
-
-
-r"""usage: prog (-a -b)
-
-options: -a
-         -b
-
-"""
-$ prog -a -b
-{"-a": true, "-b": true}
-
-$ prog -b -a
-{"-a": true, "-b": true}
-
-$ prog -a
-"user-error"
-
-$ prog
-"user-error"
-
-
-r"""usage: prog [-a] -b
-
-options: -a
- -b
-
-"""
-$ prog -a -b
-{"-a": true, "-b": true}
-
-$ prog -b -a
-{"-a": true, "-b": true}
-
-$ prog -a
-"user-error"
-
-$ prog -b
-{"-a": false, "-b": true}
-
-$ prog
-"user-error"
-
-
-r"""usage: prog [(-a -b)]
-
-options: -a
-         -b
-
-"""
-$ prog -a -b
-{"-a": true, "-b": true}
-
-$ prog -b -a
-{"-a": true, "-b": true}
-
-$ prog -a
-"user-error"
-
-$ prog -b
-"user-error"
-
-$ prog
-{"-a": false, "-b": false}
-
-
-r"""usage: prog (-a|-b)
-
-options: -a
-         -b
-
-"""
-$ prog -a -b
-"user-error"
-
-$ prog
-"user-error"
-
-$ prog -a
-{"-a": true, "-b": false}
-
-$ prog -b
-{"-a": false, "-b": true}
-
-
-r"""usage: prog [ -a | -b ]
-
-options: -a
-         -b
-
-"""
-$ prog -a -b
-"user-error"
-
-$ prog
-{"-a": false, "-b": false}
-
-$ prog -a
-{"-a": true, "-b": false}
-
-$ prog -b
-{"-a": false, "-b": true}
-
-
-r"""usage: prog <arg>"""
-$ prog 10
-{"<arg>": "10"}
-
-$ prog 10 20
-"user-error"
-
-$ prog
-"user-error"
-
-
-r"""usage: prog [<arg>]"""
-$ prog 10
-{"<arg>": "10"}
-
-$ prog 10 20
-"user-error"
-
-$ prog
-{"<arg>": null}
-
-
-r"""usage: prog <kind> <name> <type>"""
-$ prog 10 20 40
-{"<kind>": "10", "<name>": "20", "<type>": "40"}
-
-$ prog 10 20
-"user-error"
-
-$ prog
-"user-error"
-
-
-r"""usage: prog <kind> [<name> <type>]"""
-$ prog 10 20 40
-{"<kind>": "10", "<name>": "20", "<type>": "40"}
-
-$ prog 10 20
-{"<kind>": "10", "<name>": "20", "<type>": null}
-
-$ prog
-"user-error"
-
-
-r"""usage: prog [<kind> | <name> <type>]"""
-$ prog 10 20 40
-"user-error"
-
-$ prog 20 40
-{"<kind>": null, "<name>": "20", "<type>": "40"}
-
-$ prog
-{"<kind>": null, "<name>": null, "<type>": null}
-
-
-r"""usage: prog (<kind> --all | <name>)
-
-options:
- --all
-
-"""
-$ prog 10 --all
-{"<kind>": "10", "--all": true, "<name>": null}
-
-$ prog 10
-{"<kind>": null, "--all": false, "<name>": "10"}
-
-$ prog
-"user-error"
-
-
-r"""usage: prog [<name> <name>]"""
-$ prog 10 20
-{"<name>": ["10", "20"]}
-
-$ prog 10
-{"<name>": ["10"]}
-
-$ prog
-{"<name>": []}
-
-
-r"""usage: prog [(<name> <name>)]"""
-$ prog 10 20
-{"<name>": ["10", "20"]}
-
-$ prog 10
-"user-error"
-
-$ prog
-{"<name>": []}
-
-
-r"""usage: prog NAME..."""
-$ prog 10 20
-{"NAME": ["10", "20"]}
-
-$ prog 10
-{"NAME": ["10"]}
-
-$ prog
-"user-error"
-
-
-r"""usage: prog [NAME]..."""
-$ prog 10 20
-{"NAME": ["10", "20"]}
-
-$ prog 10
-{"NAME": ["10"]}
-
-$ prog
-{"NAME": []}
-
-
-r"""usage: prog [NAME...]"""
-$ prog 10 20
-{"NAME": ["10", "20"]}
-
-$ prog 10
-{"NAME": ["10"]}
-
-$ prog
-{"NAME": []}
-
-
-r"""usage: prog [NAME [NAME ...]]"""
-$ prog 10 20
-{"NAME": ["10", "20"]}
-
-$ prog 10
-{"NAME": ["10"]}
-
-$ prog
-{"NAME": []}
-
-
-r"""usage: prog (NAME | --foo NAME)
-
-options: --foo
-
-"""
-$ prog 10
-{"NAME": "10", "--foo": false}
-
-$ prog --foo 10
-{"NAME": "10", "--foo": true}
-
-$ prog --foo=10
-"user-error"
-
-
-r"""usage: prog (NAME | --foo) [--bar | NAME]
-
-options: --foo
-options: --bar
-
-"""
-$ prog 10
-{"NAME": ["10"], "--foo": false, "--bar": false}
-
-$ prog 10 20
-{"NAME": ["10", "20"], "--foo": false, "--bar": false}
-
-$ prog --foo --bar
-{"NAME": [], "--foo": true, "--bar": true}
-
-
-r"""Naval Fate.
-
-Usage:
-  prog ship new <name>...
-  prog ship [<name>] move <x> <y> [--speed=<kn>]
-  prog ship shoot <x> <y>
-  prog mine (set|remove) <x> <y> [--moored|--drifting]
-  prog -h | --help
-  prog --version
-
-Options:
-  -h --help     Show this screen.
-  --version     Show version.
-  --speed=<kn>  Speed in knots [default: 10].
-  --moored      Mored (anchored) mine.
-  --drifting    Drifting mine.
-
-"""
-$ prog ship Guardian move 150 300 --speed=20
-{"--drifting": false,
- "--help": false,
- "--moored": false,
- "--speed": "20",
- "--version": false,
- "<name>": ["Guardian"],
- "<x>": "150",
- "<y>": "300",
- "mine": false,
- "move": true,
- "new": false,
- "remove": false,
- "set": false,
- "ship": true,
- "shoot": false}
-
-
-r"""usage: prog --hello"""
-$ prog --hello
-{"--hello": true}
-
-
-r"""usage: prog [--hello=<world>]"""
-$ prog
-{"--hello": null}
-
-$ prog --hello wrld
-{"--hello": "wrld"}
-
-
-r"""usage: prog [-o]"""
-$ prog
-{"-o": false}
-
-$ prog -o
-{"-o": true}
-
-
-r"""usage: prog [-opr]"""
-$ prog -op
-{"-o": true, "-p": true, "-r": false}
-
-
-r"""usage: prog --aabb | --aa"""
-$ prog --aa
-{"--aabb": false, "--aa": true}
-
-$ prog --a
-"user-error"  # not a unique prefix
-
-#
-# Counting number of flags
-#
-
-r"""Usage: prog -v"""
-$ prog -v
-{"-v": true}
-
-
-r"""Usage: prog [-v -v]"""
-$ prog
-{"-v": 0}
-
-$ prog -v
-{"-v": 1}
-
-$ prog -vv
-{"-v": 2}
-
-
-r"""Usage: prog -v ..."""
-$ prog
-"user-error"
-
-$ prog -v
-{"-v": 1}
-
-$ prog -vv
-{"-v": 2}
-
-$ prog -vvvvvv
-{"-v": 6}
-
-
-r"""Usage: prog [-v | -vv | -vvv]
-
-This one is probably most readable user-friednly variant.
-
-"""
-$ prog
-{"-v": 0}
-
-$ prog -v
-{"-v": 1}
-
-$ prog -vv
-{"-v": 2}
-
-$ prog -vvvv
-"user-error"
-
-
-r"""usage: prog [--ver --ver]"""
-$ prog --ver --ver
-{"--ver": 2}
-
-
-#
-# Counting commands
-#
-
-r"""usage: prog [go]"""
-$ prog go
-{"go": true}
-
-
-r"""usage: prog [go go]"""
-$ prog
-{"go": 0}
-
-$ prog go
-{"go": 1}
-
-$ prog go go
-{"go": 2}
-
-$ prog go go go
-"user-error"
-
-r"""usage: prog go..."""
-$ prog go go go go go
-{"go": 5}
-
-#
-# [options] does not include options from usage-pattern
-#
-r"""usage: prog [options] [-a]
-
-options: -a
-         -b
-"""
-$ prog -a
-{"-a": true, "-b": false}
-
-$ prog -aa
-"user-error"
-
-#
-# Test [options] shourtcut
-#
-
-r"""Usage: prog [options] A
-Options:
-    -q  Be quiet
-    -v  Be verbose.
-
-"""
-$ prog arg
-{"A": "arg", "-v": false, "-q": false}
-
-$ prog -v arg
-{"A": "arg", "-v": true, "-q": false}
-
-$ prog -q arg
-{"A": "arg", "-v": false, "-q": true}
-
-#
-# Test single dash
-#
-
-r"""usage: prog [-]"""
-
-$ prog -
-{"-": true}
-
-$ prog
-{"-": false}
-
-#
-# If argument is repeated, its value should always be a list
-#
-
-r"""usage: prog [NAME [NAME ...]]"""
-
-$ prog a b
-{"NAME": ["a", "b"]}
-
-$ prog
-{"NAME": []}
-
-#
-# Option's argument defaults to null/None
-#
-
-r"""usage: prog [options]
-options:
- -a        Add
- -m <msg>  Message
-
-"""
-$ prog -a
-{"-m": null, "-a": true}
-
-#
-# Test options without description
-#
-
-r"""usage: prog --hello"""
-$ prog --hello
-{"--hello": true}
-
-r"""usage: prog [--hello=<world>]"""
-$ prog
-{"--hello": null}
-
-$ prog --hello wrld
-{"--hello": "wrld"}
-
-r"""usage: prog [-o]"""
-$ prog
-{"-o": false}
-
-$ prog -o
-{"-o": true}
-
-r"""usage: prog [-opr]"""
-$ prog -op
-{"-o": true, "-p": true, "-r": false}
-
-r"""usage: git [-v | --verbose]"""
-$ prog -v
-{"-v": true, "--verbose": false}
-
-r"""usage: git remote [-v | --verbose]"""
-$ prog remote -v
-{"remote": true, "-v": true, "--verbose": false}
-
-#
-# Test empty usage pattern
-#
-
-r"""usage: prog"""
-$ prog
-{}
-
-r"""usage: prog
-           prog <a> <b>
-"""
-$ prog 1 2
-{"<a>": "1", "<b>": "2"}
-
-$ prog
-{"<a>": null, "<b>": null}
-
-r"""usage: prog <a> <b>
-           prog
-"""
-$ prog
-{"<a>": null, "<b>": null}
-
-#
-# Option's argument should not capture default value from usage pattern
-#
-
-r"""usage: prog [--file=<f>]"""
-$ prog
-{"--file": null}
-
-r"""usage: prog [--file=<f>]
-
-options: --file <a>
-
-"""
-$ prog
-{"--file": null}
-
-r"""Usage: prog [-a <host:port>]
-
-Options: -a, --address <host:port>  TCP address [default: localhost:6283].
-
-"""
-$ prog
-{"--address": "localhost:6283"}
-
-#
-# If option with argument could be repeated,
-# its arguments should be accumulated into a list
-#
-
-r"""usage: prog --long=<arg> ..."""
-
-$ prog --long one
-{"--long": ["one"]}
-
-$ prog --long one --long two
-{"--long": ["one", "two"]}
-
-#
-# Test multiple elements repeated at once
-#
-
-r"""usage: prog (go <direction> --speed=<km/h>)..."""
-$ prog  go left --speed=5  go right --speed=9
-{"go": 2, "<direction>": ["left", "right"], "--speed": ["5", "9"]}
-
-#
-# Required options should work with option shortcut
-#
-
-r"""usage: prog [options] -a
-
-options: -a
-
-"""
-$ prog -a
-{"-a": true}
-
-#
-# If option could be repeated its defaults should be split into a list
-#
-
-r"""usage: prog [-o <o>]...
-
-options: -o <o>  [default: x]
-
-"""
-$ prog -o this -o that
-{"-o": ["this", "that"]}
-
-$ prog
-{"-o": ["x"]}
-
-r"""usage: prog [-o <o>]...
-
-options: -o <o>  [default: x y]
-
-"""
-$ prog -o this
-{"-o": ["this"]}
-
-$ prog
-{"-o": ["x", "y"]}
-
-#
-# Test stacked option's argument
-#
-
-r"""usage: prog -pPATH
-
-options: -p PATH
-
-"""
-$ prog -pHOME
-{"-p": "HOME"}
-
-#
-# Issue 56: Repeated mutually exclusive args give nested lists sometimes
-#
-
-r"""Usage: foo (--xx=x|--yy=y)..."""
-$ prog --xx=1 --yy=2
-{"--xx": ["1"], "--yy": ["2"]}
-
-#
-# POSIXly correct tokenization
-#
-
-r"""usage: prog [<input file>]"""
-$ prog f.txt
-{"<input file>": "f.txt"}
-
-r"""usage: prog [--input=<file name>]..."""
-$ prog --input a.txt --input=b.txt
-{"--input": ["a.txt", "b.txt"]}
-
-#
-# Issue 85: `[options]` shourtcut with multiple subcommands
-#
-
-r"""usage: prog good [options]
-           prog fail [options]
-
-options: --loglevel=N
-
-"""
-$ prog fail --loglevel 5
-{"--loglevel": "5", "fail": true, "good": false}
-
-#
-# Usage-section syntax
-#
-
-r"""usage:prog --foo"""
-$ prog --foo
-{"--foo": true}
-
-r"""PROGRAM USAGE: prog --foo"""
-$ prog --foo
-{"--foo": true}
-
-r"""Usage: prog --foo
-           prog --bar
-NOT PART OF SECTION"""
-$ prog --foo
-{"--foo": true, "--bar": false}
-
-r"""Usage:
- prog --foo
- prog --bar
-
-NOT PART OF SECTION"""
-$ prog --foo
-{"--foo": true, "--bar": false}
-
-r"""Usage:
- prog --foo
- prog --bar
-NOT PART OF SECTION"""
-$ prog --foo
-{"--foo": true, "--bar": false}
-
-#
-# Options-section syntax
-#
-
-r"""Usage: prog [options]
-
-global options: --foo
-local options: --baz
-               --bar
-other options:
- --egg
- --spam
--not-an-option-
-
-"""
-$ prog --baz --egg
-{"--foo": false, "--baz": true, "--bar": false, "--egg": true, "--spam": false}

Godeps/_workspace/src/github.com/vaughan0/go-ini/LICENSE

@@ -1,14 +0,0 @@
-Copyright (c) 2013 Vaughan Newton
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
-documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
-rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit
-persons to whom the Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the
-Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
-WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
-OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Godeps/_workspace/src/github.com/vaughan0/go-ini/README.md

@@ -1,70 +0,0 @@
-go-ini
-======
-
-INI parsing library for Go (golang).
-
-View the API documentation [here](http://godoc.org/github.com/vaughan0/go-ini).
-
-Usage
------
-
-Parse an INI file:
-
-```go
-import "github.com/vaughan0/go-ini"
-
-file, err := ini.LoadFile("myfile.ini")
-```
-
-Get data from the parsed file:
-
-```go
-name, ok := file.Get("person", "name")
-if !ok {
-  panic("'name' variable missing from 'person' section")
-}
-```
-
-Iterate through values in a section:
-
-```go
-for key, value := range file["mysection"] {
-  fmt.Printf("%s => %s\n", key, value)
-}
-```
-
-Iterate through sections in a file:
-
-```go
-for name, section := range file {
-  fmt.Printf("Section name: %s\n", name)
-}
-```
-
-File Format
------------
-
-INI files are parsed by go-ini line-by-line. Each line may be one of the following:
-
-  * A section definition: [section-name]
-  * A property: key = value
-  * A comment: #blahblah _or_ ;blahblah
-  * Blank. The line will be ignored.
-
-Properties defined before any section headers are placed in the default section, which has
-the empty string as it's key.
-
-Example:
-
-```ini
-# I am a comment
-; So am I!
-
-[apples]
-colour = red or green
-shape = applish
-
-[oranges]
-shape = square
-colour = blue
-```

Godeps/_workspace/src/github.com/vaughan0/go-ini/ini.go

@@ -1,123 +0,0 @@
-// Package ini provides functions for parsing INI configuration files.
-package ini
-
-import (
-	"bufio"
-	"fmt"
-	"io"
-	"os"
-	"regexp"
-	"strings"
-)
-
-var (
-	sectionRegex = regexp.MustCompile(`^\[(.*)\]$`)
-	assignRegex  = regexp.MustCompile(`^([^=]+)=(.*)$`)
-)
-
-// ErrSyntax is returned when there is a syntax error in an INI file.
-type ErrSyntax struct {
-	Line   int
-	Source string // The contents of the erroneous line, without leading or trailing whitespace
-}
-
-func (e ErrSyntax) Error() string {
-	return fmt.Sprintf("invalid INI syntax on line %d: %s", e.Line, e.Source)
-}
-
-// A File represents a parsed INI file.
-type File map[string]Section
-
-// A Section represents a single section of an INI file.
-type Section map[string]string
-
-// Returns a named Section. A Section will be created if one does not already exist for the given name.
-func (f File) Section(name string) Section {
-	section := f[name]
-	if section == nil {
-		section = make(Section)
-		f[name] = section
-	}
-	return section
-}
-
-// Looks up a value for a key in a section and returns that value, along with a boolean result similar to a map lookup.
-func (f File) Get(section, key string) (value string, ok bool) {
-	if s := f[section]; s != nil {
-		value, ok = s[key]
-	}
-	return
-}
-
-// Loads INI data from a reader and stores the data in the File.
-func (f File) Load(in io.Reader) (err error) {
-	bufin, ok := in.(*bufio.Reader)
-	if !ok {
-		bufin = bufio.NewReader(in)
-	}
-	return parseFile(bufin, f)
-}
-
-// Loads INI data from a named file and stores the data in the File.
-func (f File) LoadFile(file string) (err error) {
-	in, err := os.Open(file)
-	if err != nil {
-		return
-	}
-	defer in.Close()
-	return f.Load(in)
-}
-
-func parseFile(in *bufio.Reader, file File) (err error) {
-	section := ""
-	lineNum := 0
-	for done := false; !done; {
-		var line string
-		if line, err = in.ReadString('\n'); err != nil {
-			if err == io.EOF {
-				done = true
-			} else {
-				return
-			}
-		}
-		lineNum++
-		line = strings.TrimSpace(line)
-		if len(line) == 0 {
-			// Skip blank lines
-			continue
-		}
-		if line[0] == ';' || line[0] == '#' {
-			// Skip comments
-			continue
-		}
-
-		if groups := assignRegex.FindStringSubmatch(line); groups != nil {
-			key, val := groups[1], groups[2]
-			key, val = strings.TrimSpace(key), strings.TrimSpace(val)
-			file.Section(section)[key] = val
-		} else if groups := sectionRegex.FindStringSubmatch(line); groups != nil {
-			name := strings.TrimSpace(groups[1])
-			section = name
-			// Create the section if it does not exist
-			file.Section(section)
-		} else {
-			return ErrSyntax{lineNum, line}
-		}
-
-	}
-	return nil
-}
-
-// Loads and returns a File from a reader.
-func Load(in io.Reader) (File, error) {
-	file := make(File)
-	err := file.Load(in)
-	return file, err
-}
-
-// Loads and returns an INI File from a file on disk.
-func LoadFile(filename string) (File, error) {
-	file := make(File)
-	err := file.LoadFile(filename)
-	return file, err
-}

Godeps/_workspace/src/github.com/vaughan0/go-ini/test.ini

@@ -1,2 +0,0 @@
-[default]
-stuff = things

Makefile

@@ -1,21 +1,44 @@
 export PATH := $(GOPATH)/bin:$(PATH)
-export NEW_GOPATH := $(shell pwd)
+export GO111MODULE=on
 
-all: build
+all: fmt build
 
-build: godep fmt frps frpc
+build: frps frpc
 
-godep:
-	@go get github.com/tools/godep
+# compile assets into binary file
+file:
+	rm -rf ./assets/frps/static/*
+	rm -rf ./assets/frpc/static/*
+	cp -rf ./web/frps/dist/* ./assets/frps/static
+	cp -rf ./web/frpc/dist/* ./assets/frpc/static
+	rm -rf ./assets/frps/statik
+	rm -rf ./assets/frpc/statik
+	go generate ./assets/...
 
 fmt:
-	GOPATH=$(NEW_GOPATH) godep go fmt ./...
+	go fmt ./...
 
 frps:
-	GOPATH=$(NEW_GOPATH) godep go build -o bin/frps ./src/frp/cmd/frps
+	go build -o bin/frps ./cmd/frps
 
 frpc:
-	GOPATH=$(NEW_GOPATH) godep go build -o bin/frpc ./src/frp/cmd/frpc
+	go build -o bin/frpc ./cmd/frpc
 
-test:
-	@GOPATH=$(NEW_GOPATH) godep go test -v ./...
+test: gotest
+
+gotest:
+	go test -v --cover ./assets/...
+	go test -v --cover ./client/...
+	go test -v --cover ./cmd/...
+	go test -v --cover ./models/...
+	go test -v --cover ./server/...
+	go test -v --cover ./utils/...
+
+ci:
+	go test -count=1 -p=1 -v ./tests/...
+
+alltest: gotest ci
+	
+clean:
+	rm -f ./bin/frpc
+	rm -f ./bin/frps

Makefile.cross-compiles

@@ -0,0 +1,37 @@
+export PATH := $(GOPATH)/bin:$(PATH)
+LDFLAGS := -s -w
+
+all: build
+
+build: app
+
+app:
+	env CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -ldflags "$(LDFLAGS)" -o ./frpc_darwin_amd64 ./cmd/frpc
+	env CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -ldflags "$(LDFLAGS)" -o ./frps_darwin_amd64 ./cmd/frps
+	env CGO_ENABLED=0 GOOS=freebsd GOARCH=386 go build -ldflags "$(LDFLAGS)" -o ./frpc_freebsd_386 ./cmd/frpc
+	env CGO_ENABLED=0 GOOS=freebsd GOARCH=386 go build -ldflags "$(LDFLAGS)" -o ./frps_freebsd_386 ./cmd/frps
+	env CGO_ENABLED=0 GOOS=freebsd GOARCH=amd64 go build -ldflags "$(LDFLAGS)" -o ./frpc_freebsd_amd64 ./cmd/frpc
+	env CGO_ENABLED=0 GOOS=freebsd GOARCH=amd64 go build -ldflags "$(LDFLAGS)" -o ./frps_freebsd_amd64 ./cmd/frps
+	env CGO_ENABLED=0 GOOS=linux GOARCH=386 go build -ldflags "$(LDFLAGS)" -o ./frpc_linux_386 ./cmd/frpc
+	env CGO_ENABLED=0 GOOS=linux GOARCH=386 go build -ldflags "$(LDFLAGS)" -o ./frps_linux_386 ./cmd/frps
+	env CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "$(LDFLAGS)" -o ./frpc_linux_amd64 ./cmd/frpc
+	env CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "$(LDFLAGS)" -o ./frps_linux_amd64 ./cmd/frps
+	env CGO_ENABLED=0 GOOS=linux GOARCH=arm go build -ldflags "$(LDFLAGS)" -o ./frpc_linux_arm ./cmd/frpc
+	env CGO_ENABLED=0 GOOS=linux GOARCH=arm go build -ldflags "$(LDFLAGS)" -o ./frps_linux_arm ./cmd/frps
+	env CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags "$(LDFLAGS)" -o ./frpc_linux_arm64 ./cmd/frpc
+	env CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags "$(LDFLAGS)" -o ./frps_linux_arm64 ./cmd/frps
+	env CGO_ENABLED=0 GOOS=windows GOARCH=386 go build -ldflags "$(LDFLAGS)" -o ./frpc_windows_386.exe ./cmd/frpc
+	env CGO_ENABLED=0 GOOS=windows GOARCH=386 go build -ldflags "$(LDFLAGS)" -o ./frps_windows_386.exe ./cmd/frps
+	env CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -ldflags "$(LDFLAGS)" -o ./frpc_windows_amd64.exe ./cmd/frpc
+	env CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -ldflags "$(LDFLAGS)" -o ./frps_windows_amd64.exe ./cmd/frps
+	env CGO_ENABLED=0 GOOS=linux GOARCH=mips64 go build -ldflags "$(LDFLAGS)" -o ./frpc_linux_mips64 ./cmd/frpc
+	env CGO_ENABLED=0 GOOS=linux GOARCH=mips64 go build -ldflags "$(LDFLAGS)" -o ./frps_linux_mips64 ./cmd/frps
+	env CGO_ENABLED=0 GOOS=linux GOARCH=mips64le go build -ldflags "$(LDFLAGS)" -o ./frpc_linux_mips64le ./cmd/frpc
+	env CGO_ENABLED=0 GOOS=linux GOARCH=mips64le go build -ldflags "$(LDFLAGS)" -o ./frps_linux_mips64le ./cmd/frps
+	env CGO_ENABLED=0 GOOS=linux GOARCH=mips GOMIPS=softfloat go build -ldflags "$(LDFLAGS)" -o ./frpc_linux_mips ./cmd/frpc
+	env CGO_ENABLED=0 GOOS=linux GOARCH=mips GOMIPS=softfloat go build -ldflags "$(LDFLAGS)" -o ./frps_linux_mips ./cmd/frps
+	env CGO_ENABLED=0 GOOS=linux GOARCH=mipsle GOMIPS=softfloat go build -ldflags "$(LDFLAGS)" -o ./frpc_linux_mipsle ./cmd/frpc
+	env CGO_ENABLED=0 GOOS=linux GOARCH=mipsle GOMIPS=softfloat go build -ldflags "$(LDFLAGS)" -o ./frps_linux_mipsle ./cmd/frps
+
+temp:
+	env CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "$(LDFLAGS)" -o ./frps_linux_amd64 ./cmd/frps

README.md

@@ -1,33 +1,967 @@
 # frp
 
-[![Build Status](https://travis-ci.org/fatedier/frp.svg)](https://travis-ci.org/fatedier/frp)
+[![Build Status](https://travis-ci.org/fatedier/frp.svg?branch=master)](https://travis-ci.org/fatedier/frp)
+
+[README](README.md) | [中文文档](README_zh.md)
 
 ## What is frp?
 
-frp is a fast reverse proxy which can help you expose a local server behind a NAT or firewall to the internet.
+frp is a fast reverse proxy to help you expose a local server behind a NAT or firewall to the Internet. As of now, it supports **TCP** and **UDP**, as well as **HTTP** and **HTTPS** protocols, where requests can be forwarded to internal services by domain name.
 
-## Status
+frp also has a P2P connect mode.
 
-frp is under development and you can try it with available version 0.1.
+## Table of Contents
 
-## Quick Start
+<!-- vim-markdown-toc GFM -->
 
-Read the [QuickStart](doc/quick_start_en.md) | [使用文档](doc/quick_start_zh.md)
+* [Development Status](#development-status)
+* [Architecture](#architecture)
+* [Example Usage](#example-usage)
+    * [Access your computer in LAN by SSH](#access-your-computer-in-lan-by-ssh)
+    * [Visit your web service in LAN by custom domains](#visit-your-web-service-in-lan-by-custom-domains)
+    * [Forward DNS query request](#forward-dns-query-request)
+    * [Forward Unix domain socket](#forward-unix-domain-socket)
+    * [Expose a simple HTTP file server](#expose-a-simple-http-file-server)
+    * [Enable HTTPS for local HTTP service](#enable-https-for-local-http-service)
+    * [Expose your service privately](#expose-your-service-privately)
+    * [P2P Mode](#p2p-mode)
+* [Features](#features)
+    * [Configuration Files](#configuration-files)
+    * [Using Environment Variables](#using-environment-variables)
+    * [Dashboard](#dashboard)
+    * [Admin UI](#admin-ui)
+    * [Monitor](#monitor)
+        * [Prometheus](#prometheus)
+    * [Authenticating the Client](#authenticating-the-client)
+        * [Token Authentication](#token-authentication)
+        * [OIDC Authentication](#oidc-authentication)
+    * [Encryption and Compression](#encryption-and-compression)
+        * [TLS](#tls)
+    * [Hot-Reloading frpc configuration](#hot-reloading-frpc-configuration)
+    * [Get proxy status from client](#get-proxy-status-from-client)
+    * [Only allowing certain ports on the server](#only-allowing-certain-ports-on-the-server)
+    * [Port Reuse](#port-reuse)
+    * [Bandwidth Limit](#bandwidth-limit)
+        * [For Each Proxy](#for-each-proxy)
+    * [TCP Stream Multiplexing](#tcp-stream-multiplexing)
+    * [Support KCP Protocol](#support-kcp-protocol)
+    * [Connection Pooling](#connection-pooling)
+    * [Load balancing](#load-balancing)
+    * [Service Health Check](#service-health-check)
+    * [Rewriting the HTTP Host Header](#rewriting-the-http-host-header)
+    * [Setting other HTTP Headers](#setting-other-http-headers)
+    * [Get Real IP](#get-real-ip)
+        * [HTTP X-Forwarded-For](#http-x-forwarded-for)
+        * [Proxy Protocol](#proxy-protocol)
+    * [Require HTTP Basic Auth (Password) for Web Services](#require-http-basic-auth-password-for-web-services)
+    * [Custom Subdomain Names](#custom-subdomain-names)
+    * [URL Routing](#url-routing)
+    * [TCP Port Multiplexing](#tcp-port-multiplexing)
+    * [Connecting to frps via HTTP PROXY](#connecting-to-frps-via-http-proxy)
+    * [Range ports mapping](#range-ports-mapping)
+    * [Client Plugins](#client-plugins)
+    * [Server Manage Plugins](#server-manage-plugins)
+* [Development Plan](#development-plan)
+* [Contributing](#contributing)
+* [Donation](#donation)
+    * [AliPay](#alipay)
+    * [Wechat Pay](#wechat-pay)
+    * [Paypal](#paypal)
+
+<!-- vim-markdown-toc -->
+
+## Development Status
+
+frp is under development. Try the latest release version in the `master` branch, or use the `dev` branch for the version in development.
+
+**The protocol might change at a release and we don't promise backwards compatibility. Please check the release log when upgrading the client and the server.**
 
 ## Architecture
 
-![architecture](doc/pic/architecture.png)
+![architecture](/doc/pic/architecture.png)
 
-## What can I do with frp?
+## Example Usage
 
-* Expose any http service behind a NAT or firewall to the internet by a server with public IP address.
-* Expose any tcp service behind a NAT or firewall to the internet by a server with public IP address.
-* Inspect all http requests/responses that are transmitted over the tunnel(future).
+Firstly, download the latest programs from [Release](https://github.com/fatedier/frp/releases) page according to your operating system and architecture.
+
+Put `frps` and `frps.ini` onto your server A with public IP.
+
+Put `frpc` and `frpc.ini` onto your server B in LAN (that can't be connected from public Internet).
+
+### Access your computer in LAN by SSH
+
+1. Modify `frps.ini` on server A:
+
+  ```ini
+  # frps.ini
+  [common]
+  bind_port = 7000
+  ```
+
+2. Start `frps` on server A:
+
+  `./frps -c ./frps.ini`
+
+3. On server B, modify `frpc.ini` to put in your `frps` server public IP as `server_addr` field:
+
+  ```ini
+  # frpc.ini
+  [common]
+  server_addr = x.x.x.x
+  server_port = 7000
+
+  [ssh]
+  type = tcp
+  local_ip = 127.0.0.1
+  local_port = 22
+  remote_port = 6000
+  ```
+
+4. Start `frpc` on server B:
+
+  `./frpc -c ./frpc.ini`
+
+5. From another machine, SSH to server B like this (assuming that username is `test`):
+
+  `ssh -oPort=6000 test@x.x.x.x`
+
+### Visit your web service in LAN by custom domains
+
+Sometimes we want to expose a local web service behind a NAT network to others for testing with your own domain name and unfortunately we can't resolve a domain name to a local IP.
+
+However, we can expose an HTTP(S) service using frp.
+
+1. Modify `frps.ini`, set the vhost HTTP port to 8080:
+
+  ```ini
+  # frps.ini
+  [common]
+  bind_port = 7000
+  vhost_http_port = 8080
+  ```
+
+2. Start `frps`:
+
+  `./frps -c ./frps.ini`
+
+3. Modify `frpc.ini` and set `server_addr` to the IP address of the remote frps server. The `local_port` is the port of your web service:
+
+  ```ini
+  # frpc.ini
+  [common]
+  server_addr = x.x.x.x
+  server_port = 7000
+
+  [web]
+  type = http
+  local_port = 80
+  custom_domains = www.example.com
+  ```
+
+4. Start `frpc`:
+
+  `./frpc -c ./frpc.ini`
+
+5. Resolve A record of `www.example.com` to the public IP of the remote frps server or CNAME record to your origin domain.
+
+6. Now visit your local web service using url `http://www.example.com:8080`.
+
+### Forward DNS query request
+
+1. Modify `frps.ini`:
+
+  ```ini
+  # frps.ini
+  [common]
+  bind_port = 7000
+  ```
+
+2. Start `frps`:
+
+  `./frps -c ./frps.ini`
+
+3. Modify `frpc.ini` and set `server_addr` to the IP address of the remote frps server, forward DNS query request to Google Public DNS server `8.8.8.8:53`:
+
+  ```ini
+  # frpc.ini
+  [common]
+  server_addr = x.x.x.x
+  server_port = 7000
+
+  [dns]
+  type = udp
+  local_ip = 8.8.8.8
+  local_port = 53
+  remote_port = 6000
+  ```
+
+4. Start frpc:
+
+  `./frpc -c ./frpc.ini`
+
+5. Test DNS resolution using `dig` command:
+
+  `dig @x.x.x.x -p 6000 www.google.com`
+
+### Forward Unix domain socket
+
+Expose a Unix domain socket (e.g. the Docker daemon socket) as TCP.
+
+Configure `frps` same as above.
+
+1. Start `frpc` with configuration:
+
+  ```ini
+  # frpc.ini
+  [common]
+  server_addr = x.x.x.x
+  server_port = 7000
+
+  [unix_domain_socket]
+  type = tcp
+  remote_port = 6000
+  plugin = unix_domain_socket
+  plugin_unix_path = /var/run/docker.sock
+  ```
+
+2. Test: Get Docker version using `curl`:
+
+  `curl http://x.x.x.x:6000/version`
+
+### Expose a simple HTTP file server
+
+Browser your files stored in the LAN, from public Internet.
+
+Configure `frps` same as above.
+
+1. Start `frpc` with configuration:
+
+  ```ini
+  # frpc.ini
+  [common]
+  server_addr = x.x.x.x
+  server_port = 7000
+
+  [test_static_file]
+  type = tcp
+  remote_port = 6000
+  plugin = static_file
+  plugin_local_path = /tmp/files
+  plugin_strip_prefix = static
+  plugin_http_user = abc
+  plugin_http_passwd = abc
+  ```
+
+2. Visit `http://x.x.x.x:6000/static/` from your browser and specify correct user and password to view files in `/tmp/files` on the `frpc` machine.
+
+### Enable HTTPS for local HTTP service
+
+1. Start `frpc` with configuration:
+
+  ```ini
+  # frpc.ini
+  [common]
+  server_addr = x.x.x.x
+  server_port = 7000
+
+  [test_https2http]
+  type = https
+  custom_domains = test.example.com
+
+  plugin = https2http
+  plugin_local_addr = 127.0.0.1:80
+  plugin_crt_path = ./server.crt
+  plugin_key_path = ./server.key
+  plugin_host_header_rewrite = 127.0.0.1
+  plugin_header_X-From-Where = frp
+  ```
+
+2. Visit `https://test.example.com`.
+
+### Expose your service privately
+
+Some services will be at risk if exposed directly to the public network. With **STCP** (secret TCP) mode, a preshared key is needed to access the service from another client.
+
+Configure `frps` same as above.
+
+1. Start `frpc` on machine B with the following config. This example is for exposing the SSH service (port 22), and note the `sk` field for the preshared key, and that the `remote_port` field is removed here:
+
+  ```ini
+  # frpc.ini
+  [common]
+  server_addr = x.x.x.x
+  server_port = 7000
+
+  [secret_ssh]
+  type = stcp
+  sk = abcdefg
+  local_ip = 127.0.0.1
+  local_port = 22
+  ```
+
+2. Start another `frpc` (typically on another machine C) with the following config to access the SSH service with a security key (`sk` field):
+
+  ```ini
+  # frpc.ini
+  [common]
+  server_addr = x.x.x.x
+  server_port = 7000
+
+  [secret_ssh_visitor]
+  type = stcp
+  role = visitor
+  server_name = secret_ssh
+  sk = abcdefg
+  bind_addr = 127.0.0.1
+  bind_port = 6000
+  ```
+
+3. On machine C, connect to SSH on machine B, using this command:
+
+  `ssh -oPort=6000 127.0.0.1`
+
+### P2P Mode
+
+**xtcp** is designed for transmitting large amounts of data directly between clients. A frps server is still needed, as P2P here only refers the actual data transmission.
+
+Note it can't penetrate all types of NAT devices. You might want to fallback to **stcp** if **xtcp** doesn't work.
+
+1. In `frps.ini` configure a UDP port for xtcp:
+
+  ```ini
+  # frps.ini
+  bind_udp_port = 7001
+  ```
+
+2. Start `frpc` on machine B, expose the SSH port. Note that `remote_port` field is removed:
+
+  ```ini
+  # frpc.ini
+  [common]
+  server_addr = x.x.x.x
+  server_port = 7000
+
+  [p2p_ssh]
+  type = xtcp
+  sk = abcdefg
+  local_ip = 127.0.0.1
+  local_port = 22
+  ```
+
+3. Start another `frpc` (typically on another machine C) with the config to connect to SSH using P2P mode:
+
+  ```ini
+  # frpc.ini
+  [common]
+  server_addr = x.x.x.x
+  server_port = 7000
+
+  [p2p_ssh_visitor]
+  type = xtcp
+  role = visitor
+  server_name = p2p_ssh
+  sk = abcdefg
+  bind_addr = 127.0.0.1
+  bind_port = 6000
+  ```
+
+4. On machine C, connect to SSH on machine B, using this command:
+
+  `ssh -oPort=6000 127.0.0.1`
+
+## Features
+
+### Configuration Files
+
+Read the full example configuration files to find out even more features not described here.
+
+[Full configuration file for frps (Server)](./conf/frps_full.ini)
+
+[Full configuration file for frpc (Client)](./conf/frpc_full.ini)
+
+### Using Environment Variables
+
+Environment variables can be referenced in the configuration file, using Go's standard format:
+
+```ini
+# frpc.ini
+[common]
+server_addr = {{ .Envs.FRP_SERVER_ADDR }}
+server_port = 7000
+
+[ssh]
+type = tcp
+local_ip = 127.0.0.1
+local_port = 22
+remote_port = {{ .Envs.FRP_SSH_REMOTE_PORT }}
+```
+
+With the config above, variables can be passed into `frpc` program like this:
+
+```
+export FRP_SERVER_ADDR="x.x.x.x"
+export FRP_SSH_REMOTE_PORT="6000"
+./frpc -c ./frpc.ini
+```
+
+`frpc` will render configuration file template using OS environment variables. Remember to prefix your reference with `.Envs`.
+
+### Dashboard
+
+Check frp's status and proxies' statistics information by Dashboard.
+
+Configure a port for dashboard to enable this feature:
+
+```ini
+[common]
+dashboard_port = 7500
+# dashboard's username and password are both optional，if not set, default is admin.
+dashboard_user = admin
+dashboard_pwd = admin
+```
+
+Then visit `http://[server_addr]:7500` to see the dashboard, with username and password both being `admin` by default.
+
+![dashboard](/doc/pic/dashboard.png)
+
+### Admin UI
+
+The Admin UI helps you check and manage frpc's configuration.
+
+Configure an address for admin UI to enable this feature:
+
+```ini
+[common]
+admin_addr = 127.0.0.1
+admin_port = 7400
+admin_user = admin
+admin_pwd = admin
+```
+
+Then visit `http://127.0.0.1:7400` to see admin UI, with username and password both being `admin` by default.
+
+### Monitor
+
+When dashboard is enabled, frps will save monitor data in cache. It will be cleared after process restart.
+
+Prometheus is also supported.
+
+#### Prometheus
+
+Enable dashboard first, then configure `enable_prometheus = true` in `frps.ini`.
+
+`http://{dashboard_addr}/metrics` will provide prometheus monitor data.
+
+### Authenticating the Client
+
+There are 2 authentication methods to authenticate frpc with frps. 
+
+You can decide which one to use by configuring `authentication_method` under `[common]` in `frpc.ini` and `frps.ini`.
+
+Configuring `authenticate_heartbeats = true` under `[common]` will use the configured authentication method to add and validate authentication on every heartbeat between frpc and frps.
+
+Configuring `authenticate_new_work_conns = true` under `[common]` will do the same for every new work connection between frpc and frps.
+
+#### Token Authentication
+
+When specifying `authentication_method = token` under `[common]` in `frpc.ini` and `frps.ini` - token based authentication will be used.
+
+Make sure to specify the same `token` in the `[common]` section in `frps.ini` and `frpc.ini` for frpc to pass frps validation
+
+#### OIDC Authentication
+
+When specifying `authentication_method = oidc` under `[common]` in `frpc.ini` and `frps.ini` - OIDC based authentication will be used.
+
+OIDC stands for OpenID Connect, and the flow used is called [Client Credentials Grant](https://tools.ietf.org/html/rfc6749#section-4.4).
+
+To use this authentication type - configure `frpc.ini` and `frps.ini` as follows:
+
+```ini
+# frps.ini
+[common]
+authentication_method = oidc
+oidc_issuer = https://example-oidc-issuer.com/
+oidc_audience = https://oidc-audience.com/.default
+```
+
+```ini
+# frpc.ini
+[common]
+authentication_method = oidc
+oidc_client_id = 98692467-37de-409a-9fac-bb2585826f18 # Replace with OIDC client ID
+oidc_client_secret = oidc_secret
+oidc_audience = https://oidc-audience.com/.default
+oidc_token_endpoint_url = https://example-oidc-endpoint.com/oauth2/v2.0/token
+```
+
+### Encryption and Compression
+
+The features are off by default. You can turn on encryption and/or compression:
+
+```ini
+# frpc.ini
+[ssh]
+type = tcp
+local_port = 22
+remote_port = 6000
+use_encryption = true
+use_compression = true
+```
+
+#### TLS
+
+frp supports the TLS protocol between `frpc` and `frps` since v0.25.0.
+
+Config `tls_enable = true` in the `[common]` section to `frpc.ini` to enable this feature.
+
+For port multiplexing, frp sends a first byte `0x17` to dial a TLS connection.
+
+To enforce `frps` to only accept TLS connections - configure `tls_only = true` in the `[common]` section in `frps.ini`.
+
+### Hot-Reloading frpc configuration
+
+The `admin_addr` and `admin_port` fields are required for enabling HTTP API:
+
+```ini
+# frpc.ini
+[common]
+admin_addr = 127.0.0.1
+admin_port = 7400
+```
+
+Then run command `frpc reload -c ./frpc.ini` and wait for about 10 seconds to let `frpc` create or update or delete proxies.
+
+**Note that parameters in [common] section won't be modified except 'start'.**
+
+### Get proxy status from client
+
+Use `frpc status -c ./frpc.ini` to get status of all proxies. The `admin_addr` and `admin_port` fields are required for enabling HTTP API.
+
+### Only allowing certain ports on the server
+
+`allow_ports` in `frps.ini` is used to avoid abuse of ports:
+
+```ini
+# frps.ini
+[common]
+allow_ports = 2000-3000,3001,3003,4000-50000
+```
+
+`allow_ports` consists of specific ports or port ranges (lowest port number, dash `-`, highest port number), separated by comma `,`.
+
+### Port Reuse
+
+`vhost_http_port` and `vhost_https_port` in frps can use same port with `bind_port`. frps will detect the connection's protocol and handle it correspondingly.
+
+We would like to try to allow multiple proxies bind a same remote port with different protocols in the future.
+
+### Bandwidth Limit
+
+#### For Each Proxy
+
+```ini
+# frpc.ini
+[ssh]
+type = tcp
+local_port = 22
+remote_port = 6000
+bandwidth_limit = 1MB
+```
+
+Set `bandwidth_limit` in each proxy's configure to enable this feature. Supported units are `MB` and `KB`.
+
+### TCP Stream Multiplexing
+
+frp supports tcp stream multiplexing since v0.10.0 like HTTP2 Multiplexing, in which case all logic connections to the same frpc are multiplexed into the same TCP connection.
+
+You can disable this feature by modify `frps.ini` and `frpc.ini`:
+
+```ini
+# frps.ini and frpc.ini, must be same
+[common]
+tcp_mux = false
+```
+
+### Support KCP Protocol
+
+KCP is a fast and reliable protocol that can achieve the transmission effect of a reduction of the average latency by 30% to 40% and reduction of the maximum delay by a factor of three, at the cost of 10% to 20% more bandwidth wasted than TCP.
+
+KCP mode uses UDP as the underlying transport. Using KCP in frp:
+
+1. Enable KCP in frps:
+
+  ```ini
+  # frps.ini
+  [common]
+  bind_port = 7000
+  # Specify a UDP port for KCP.
+  kcp_bind_port = 7000
+  ```
+
+  The `kcp_bind_port` number can be the same number as `bind_port`, since `bind_port` field specifies a TCP port.
+
+2. Configure `frpc.ini` to use KCP to connect to frps:
+
+  ```ini
+  # frpc.ini
+  [common]
+  server_addr = x.x.x.x
+  # Same as the 'kcp_bind_port' in frps.ini
+  server_port = 7000
+  protocol = kcp
+  ```
+
+### Connection Pooling
+
+By default, frps creates a new frpc connection to the backend service upon a user request. With connection pooling, frps keeps a certain number of pre-established connections, reducing the time needed to establish a connection.
+
+This feature is suitable for a large number of short connections.
+
+1. Configure the limit of pool count each proxy can use in `frps.ini`:
+
+  ```ini
+  # frps.ini
+  [common]
+  max_pool_count = 5
+  ```
+
+2. Enable and specify the number of connection pool:
+
+  ```ini
+  # frpc.ini
+  [common]
+  pool_count = 1
+  ```
+
+### Load balancing
+
+Load balancing is supported by `group`.
+
+This feature is only available for types `tcp` and `http` now.
+
+```ini
+# frpc.ini
+[test1]
+type = tcp
+local_port = 8080
+remote_port = 80
+group = web
+group_key = 123
+
+[test2]
+type = tcp
+local_port = 8081
+remote_port = 80
+group = web
+group_key = 123
+```
+
+`group_key` is used for authentication.
+
+Connections to port 80 will be dispatched to proxies in the same group randomly.
+
+For type `tcp`, `remote_port` in the same group should be the same.
+
+For type `http`, `custom_domains`, `subdomain`, `locations` should be the same.
+
+### Service Health Check
+
+Health check feature can help you achieve high availability with load balancing.
+
+Add `health_check_type = tcp` or `health_check_type = http` to enable health check.
+
+With health check type **tcp**, the service port will be pinged (TCPing):
+
+```ini
+# frpc.ini
+[test1]
+type = tcp
+local_port = 22
+remote_port = 6000
+# Enable TCP health check
+health_check_type = tcp
+# TCPing timeout seconds
+health_check_timeout_s = 3
+# If health check failed 3 times in a row, the proxy will be removed from frps
+health_check_max_failed = 3
+# A health check every 10 seconds
+health_check_interval_s = 10
+```
+
+With health check type **http**, an HTTP request will be sent to the service and an HTTP 2xx OK response is expected:
+
+```ini
+# frpc.ini
+[web]
+type = http
+local_ip = 127.0.0.1
+local_port = 80
+custom_domains = test.example.com
+# Enable HTTP health check
+health_check_type = http
+# frpc will send a GET request to '/status'
+# and expect an HTTP 2xx OK response
+health_check_url = /status
+health_check_timeout_s = 3
+health_check_max_failed = 3
+health_check_interval_s = 10
+```
+
+### Rewriting the HTTP Host Header
+
+By default frp does not modify the tunneled HTTP requests at all as it's a byte-for-byte copy.
+
+However, speaking of web servers and HTTP requests, your web server might rely on the `Host` HTTP header to determine the website to be accessed. frp can rewrite the `Host` header when forwarding the HTTP requests, with the `host_header_rewrite` field:
+
+```ini
+# frpc.ini
+[web]
+type = http
+local_port = 80
+custom_domains = test.example.com
+host_header_rewrite = dev.example.com
+```
+
+The HTTP request will have the the `Host` header rewritten to `Host: dev.example.com` when it reaches the actual web server, although the request from the browser probably has `Host: test.example.com`.
+
+### Setting other HTTP Headers
+
+Similar to `Host`, You can override other HTTP request headers with proxy type `http`.
+
+```ini
+# frpc.ini
+[web]
+type = http
+local_port = 80
+custom_domains = test.example.com
+host_header_rewrite = dev.example.com
+header_X-From-Where = frp
+```
+
+Note that parameter(s) prefixed with `header_` will be added to HTTP request headers.
+
+In this example, it will set header `X-From-Where: frp` in the HTTP request.
+
+### Get Real IP
+
+#### HTTP X-Forwarded-For
+
+This feature is for http proxy only.
+
+You can get user's real IP from HTTP request headers `X-Forwarded-For` and `X-Real-IP`.
+
+#### Proxy Protocol
+
+frp supports Proxy Protocol to send user's real IP to local services. It support all types except UDP.
+
+Here is an example for https service:
+
+```ini
+# frpc.ini
+[web]
+type = https
+local_port = 443
+custom_domains = test.example.com
+
+# now v1 and v2 are supported
+proxy_protocol_version = v2
+```
+
+You can enable Proxy Protocol support in nginx to expose user's real IP in HTTP header `X-Real-IP`, and then read `X-Real-IP` header in your web service for the real IP.
+
+### Require HTTP Basic Auth (Password) for Web Services
+
+Anyone who can guess your tunnel URL can access your local web server unless you protect it with a password.
+
+This enforces HTTP Basic Auth on all requests with the username and password specified in frpc's configure file.
+
+It can only be enabled when proxy type is http.
+
+```ini
+# frpc.ini
+[web]
+type = http
+local_port = 80
+custom_domains = test.example.com
+http_user = abc
+http_pwd = abc
+```
+
+Visit `http://test.example.com` in the browser and now you are prompted to enter the username and password.
+
+### Custom Subdomain Names
+
+It is convenient to use `subdomain` configure for http and https types when many people share one frps server.
+
+```ini
+# frps.ini
+subdomain_host = frps.com
+```
+
+Resolve `*.frps.com` to the frps server's IP. This is usually called a Wildcard DNS record.
+
+```ini
+# frpc.ini
+[web]
+type = http
+local_port = 80
+subdomain = test
+```
+
+Now you can visit your web service on `test.frps.com`.
+
+Note that if `subdomain_host` is not empty, `custom_domains` should not be the subdomain of `subdomain_host`.
+
+### URL Routing
+
+frp supports forwarding HTTP requests to different backend web services by url routing.
+
+`locations` specifies the prefix of URL used for routing. frps first searches for the most specific prefix location given by literal strings regardless of the listed order.
+
+```ini
+# frpc.ini
+[web01]
+type = http
+local_port = 80
+custom_domains = web.example.com
+locations = /
+
+[web02]
+type = http
+local_port = 81
+custom_domains = web.example.com
+locations = /news,/about
+```
+
+HTTP requests with URL prefix `/news` or `/about` will be forwarded to **web02** and other requests to **web01**.
+
+### TCP Port Multiplexing
+
+frp supports receiving TCP sockets directed to different proxies on a single port on frps, similar to `vhost_http_port` and `vhost_https_port`.
+
+The only supported TCP port multiplexing method available at the moment is `httpconnect` - HTTP CONNECT tunnel.
+
+When setting `tcpmux_httpconnect_port` to anything other than 0 in frps under `[common]`, frps will listen on this port for HTTP CONNECT requests.
+
+The host of the HTTP CONNECT request will be used to match the proxy in frps. Proxy hosts can be configured in frpc by configuring `custom_domain` and / or `subdomain` under `type = tcpmux` proxies, when `multiplexer = httpconnect`.
+
+For example:
+
+```ini
+# frps.ini
+[common]
+bind_port = 7000
+tcpmux_httpconnect_port = 1337
+```
+
+```ini
+# frpc.ini
+[common]
+server_addr = x.x.x.x
+server_port = 7000
+
+[proxy1]
+type = tcpmux
+multiplexer = httpconnect
+custom_domains = test1
+
+[proxy2]
+type = tcpmux
+multiplexer = httpconnect
+custom_domains = test2
+```
+
+In the above configuration - frps can be contacted on port 1337 with a HTTP CONNECT header such as:
+
+```
+CONNECT test1 HTTP/1.1\r\n\r\n
+```
+and the connection will be routed to `proxy1`.
+
+### Connecting to frps via HTTP PROXY
+
+frpc can connect to frps using HTTP proxy if you set OS environment variable `HTTP_PROXY`, or if `http_proxy` is set in frpc.ini file.
+
+It only works when protocol is tcp.
+
+```ini
+# frpc.ini
+[common]
+server_addr = x.x.x.x
+server_port = 7000
+http_proxy = http://user:pwd@192.168.1.128:8080
+```
+
+### Range ports mapping
+
+Proxy with names that start with `range:` will support mapping range ports.
+
+```ini
+# frpc.ini
+[range:test_tcp]
+type = tcp
+local_ip = 127.0.0.1
+local_port = 6000-6006,6007
+remote_port = 6000-6006,6007
+```
+
+frpc will generate 8 proxies like `test_tcp_0`, `test_tcp_1`, ..., `test_tcp_7`.
+
+### Client Plugins
+
+frpc only forwards requests to local TCP or UDP ports by default.
+
+Plugins are used for providing rich features. There are built-in plugins such as `unix_domain_socket`, `http_proxy`, `socks5`, `static_file` and you can see [example usage](#example-usage).
+
+Specify which plugin to use with the `plugin` parameter. Configuration parameters of plugin should be started with `plugin_`. `local_ip` and `local_port` are not used for plugin.
+
+Using plugin **http_proxy**:
+
+```ini
+# frpc.ini
+[http_proxy]
+type = tcp
+remote_port = 6000
+plugin = http_proxy
+plugin_http_user = abc
+plugin_http_passwd = abc
+```
+
+`plugin_http_user` and `plugin_http_passwd` are configuration parameters used in `http_proxy` plugin.
+
+### Server Manage Plugins
+
+Read the [document](/doc/server_plugin.md).
+
+## Development Plan
+
+* Log HTTP request information in frps.
 
 ## Contributing
 
-Interested in getting involved? We would love to help you!
+Interested in getting involved? We would like to help you!
 
-For simple bug fixes, just submit a PR with the fix and we can discuss the fix directly in the PR. If the fix is more complex, start with an issue.
+* Take a look at our [issues list](https://github.com/fatedier/frp/issues) and consider sending a Pull Request to **dev branch**.
+* If you want to add a new feature, please create an issue first to describe the new feature, as well as the implementation approach. Once a proposal is accepted, create an implementation of the new features and submit it as a pull request.
+* Sorry for my poor English. Improvements for this document are welcome, even some typo fixes.
+* If you have great ideas, send an email to fatedier@gmail.com.
 
-If you have some wanderful ideas, send email to fatedier@gmail.com.
+**Note: We prefer you to give your advise in [issues](https://github.com/fatedier/frp/issues), so others with a same question can search it quickly and we don't need to answer them repeatedly.**
+
+## Donation
+
+If frp helps you a lot, you can support us by:
+
+frp QQ group: 606194980
+
+### AliPay
+
+![donation-alipay](/doc/pic/donate-alipay.png)
+
+### Wechat Pay
+
+![donation-wechatpay](/doc/pic/donate-wechatpay.png)
+
+### Paypal
+
+Donate money by [paypal](https://www.paypal.me/fatedier) to my account **fatedier@gmail.com**.

assets/assets.go

@@ -0,0 +1,77 @@
+// Copyright 2016 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package assets
+
+//go:generate statik -src=./frps/static -dest=./frps
+//go:generate statik -src=./frpc/static -dest=./frpc
+//go:generate go fmt ./frps/statik/statik.go
+//go:generate go fmt ./frpc/statik/statik.go
+
+import (
+	"io/ioutil"
+	"net/http"
+	"os"
+	"path"
+
+	"github.com/rakyll/statik/fs"
+)
+
+var (
+	// store static files in memory by statik
+	FileSystem http.FileSystem
+
+	// if prefix is not empty, we get file content from disk
+	prefixPath string
+)
+
+// if path is empty, load assets in memory
+// or set FileSystem using disk files
+func Load(path string) (err error) {
+	prefixPath = path
+	if prefixPath != "" {
+		FileSystem = http.Dir(prefixPath)
+		return nil
+	} else {
+		FileSystem, err = fs.New()
+	}
+	return err
+}
+
+func ReadFile(file string) (content string, err error) {
+	if prefixPath == "" {
+		file, err := FileSystem.Open(path.Join("/", file))
+		if err != nil {
+			return content, err
+		}
+		defer file.Close()
+		buf, err := ioutil.ReadAll(file)
+		if err != nil {
+			return content, err
+		}
+		content = string(buf)
+	} else {
+		file, err := os.Open(path.Join(prefixPath, file))
+		if err != nil {
+			return content, err
+		}
+		defer file.Close()
+		buf, err := ioutil.ReadAll(file)
+		if err != nil {
+			return content, err
+		}
+		content = string(buf)
+	}
+	return content, err
+}

assets/frpc/static/index.html

@@ -0,0 +1 @@
+<!doctype html> <html lang=en> <head> <meta charset=utf-8> <title>frp client admin UI</title> <link rel="shortcut icon" href="favicon.ico"></head> <body> <div id=app></div> <script type="text/javascript" src="manifest.js?d2cd6337d30c7b22e836"></script><script type="text/javascript" src="vendor.js?edb271e1d9c81f857840"></script></body> </html> 

assets/frpc/static/manifest.js

@@ -0,0 +1 @@
+!function(e){function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}var r=window.webpackJsonp;window.webpackJsonp=function(t,c,u){for(var i,a,f,l=0,s=[];l<t.length;l++)a=t[l],o[a]&&s.push(o[a][0]),o[a]=0;for(i in c)Object.prototype.hasOwnProperty.call(c,i)&&(e[i]=c[i]);for(r&&r(t,c,u);s.length;)s.shift()();if(u)for(l=0;l<u.length;l++)f=n(n.s=u[l]);return f};var t={},o={1:0};n.e=function(e){function r(){i.onerror=i.onload=null,clearTimeout(a);var n=o[e];0!==n&&(n&&n[1](new Error("Loading chunk "+e+" failed.")),o[e]=void 0)}var t=o[e];if(0===t)return new Promise(function(e){e()});if(t)return t[2];var c=new Promise(function(n,r){t=o[e]=[n,r]});t[2]=c;var u=document.getElementsByTagName("head")[0],i=document.createElement("script");i.type="text/javascript",i.charset="utf-8",i.async=!0,i.timeout=12e4,n.nc&&i.setAttribute("nonce",n.nc),i.src=n.p+""+e+".js?"+{0:"edb271e1d9c81f857840"}[e];var a=setTimeout(r,12e4);return i.onerror=i.onload=r,u.appendChild(i),c},n.m=e,n.c=t,n.i=function(e){return e},n.d=function(e,r,t){n.o(e,r)||Object.defineProperty(e,r,{configurable:!1,enumerable:!0,get:t})},n.n=function(e){var r=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(r,"a",r),r},n.o=function(e,n){return Object.prototype.hasOwnProperty.call(e,n)},n.p="",n.oe=function(e){throw console.error(e),e}}([]);

assets/frps/static/index.html

@@ -0,0 +1 @@
+<!DOCTYPE html> <html lang=en> <head> <meta charset=utf-8> <title>frps dashboard</title> <link rel="shortcut icon" href="favicon.ico"></head> <body> <div id=app></div> <script type="text/javascript" src="manifest.js?14bea8276eef86cc7c61"></script><script type="text/javascript" src="vendor.js?51925ec1a77936b64d61"></script></body> </html> 

assets/frps/static/manifest.js

@@ -0,0 +1 @@
+!function(e){function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}var r=window.webpackJsonp;window.webpackJsonp=function(t,c,u){for(var i,a,f,l=0,s=[];l<t.length;l++)a=t[l],o[a]&&s.push(o[a][0]),o[a]=0;for(i in c)Object.prototype.hasOwnProperty.call(c,i)&&(e[i]=c[i]);for(r&&r(t,c,u);s.length;)s.shift()();if(u)for(l=0;l<u.length;l++)f=n(n.s=u[l]);return f};var t={},o={1:0};n.e=function(e){function r(){i.onerror=i.onload=null,clearTimeout(a);var n=o[e];0!==n&&(n&&n[1](new Error("Loading chunk "+e+" failed.")),o[e]=void 0)}var t=o[e];if(0===t)return new Promise(function(e){e()});if(t)return t[2];var c=new Promise(function(n,r){t=o[e]=[n,r]});t[2]=c;var u=document.getElementsByTagName("head")[0],i=document.createElement("script");i.type="text/javascript",i.charset="utf-8",i.async=!0,i.timeout=12e4,n.nc&&i.setAttribute("nonce",n.nc),i.src=n.p+""+e+".js?"+{0:"51925ec1a77936b64d61"}[e];var a=setTimeout(r,12e4);return i.onerror=i.onload=r,u.appendChild(i),c},n.m=e,n.c=t,n.i=function(e){return e},n.d=function(e,r,t){n.o(e,r)||Object.defineProperty(e,r,{configurable:!1,enumerable:!0,get:t})},n.n=function(e){var r=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(r,"a",r),r},n.o=function(e,n){return Object.prototype.hasOwnProperty.call(e,n)},n.p="",n.oe=function(e){throw console.error(e),e}}([]);

client/admin.go

@@ -0,0 +1,71 @@
+// Copyright 2017 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package client
+
+import (
+	"fmt"
+	"net"
+	"net/http"
+	"time"
+
+	"github.com/fatedier/frp/assets"
+	frpNet "github.com/fatedier/frp/utils/net"
+
+	"github.com/gorilla/mux"
+)
+
+var (
+	httpServerReadTimeout  = 10 * time.Second
+	httpServerWriteTimeout = 10 * time.Second
+)
+
+func (svr *Service) RunAdminServer(addr string, port int) (err error) {
+	// url router
+	router := mux.NewRouter()
+
+	user, passwd := svr.cfg.AdminUser, svr.cfg.AdminPwd
+	router.Use(frpNet.NewHttpAuthMiddleware(user, passwd).Middleware)
+
+	// api, see dashboard_api.go
+	router.HandleFunc("/api/reload", svr.apiReload).Methods("GET")
+	router.HandleFunc("/api/status", svr.apiStatus).Methods("GET")
+	router.HandleFunc("/api/config", svr.apiGetConfig).Methods("GET")
+	router.HandleFunc("/api/config", svr.apiPutConfig).Methods("PUT")
+
+	// view
+	router.Handle("/favicon.ico", http.FileServer(assets.FileSystem)).Methods("GET")
+	router.PathPrefix("/static/").Handler(frpNet.MakeHttpGzipHandler(http.StripPrefix("/static/", http.FileServer(assets.FileSystem)))).Methods("GET")
+	router.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+		http.Redirect(w, r, "/static/", http.StatusMovedPermanently)
+	})
+
+	address := fmt.Sprintf("%s:%d", addr, port)
+	server := &http.Server{
+		Addr:         address,
+		Handler:      router,
+		ReadTimeout:  httpServerReadTimeout,
+		WriteTimeout: httpServerWriteTimeout,
+	}
+	if address == "" {
+		address = ":http"
+	}
+	ln, err := net.Listen("tcp", address)
+	if err != nil {
+		return err
+	}
+
+	go server.Serve(ln)
+	return
+}

client/admin_api.go

@@ -0,0 +1,325 @@
+// Copyright 2017 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package client
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"sort"
+	"strings"
+
+	"github.com/fatedier/frp/client/proxy"
+	"github.com/fatedier/frp/models/config"
+	"github.com/fatedier/frp/utils/log"
+)
+
+type GeneralResponse struct {
+	Code int
+	Msg  string
+}
+
+// GET api/reload
+
+func (svr *Service) apiReload(w http.ResponseWriter, r *http.Request) {
+	res := GeneralResponse{Code: 200}
+
+	log.Info("Http request [/api/reload]")
+	defer func() {
+		log.Info("Http response [/api/reload], code [%d]", res.Code)
+		w.WriteHeader(res.Code)
+		if len(res.Msg) > 0 {
+			w.Write([]byte(res.Msg))
+		}
+	}()
+
+	content, err := config.GetRenderedConfFromFile(svr.cfgFile)
+	if err != nil {
+		res.Code = 400
+		res.Msg = err.Error()
+		log.Warn("reload frpc config file error: %s", res.Msg)
+		return
+	}
+
+	newCommonCfg, err := config.UnmarshalClientConfFromIni(content)
+	if err != nil {
+		res.Code = 400
+		res.Msg = err.Error()
+		log.Warn("reload frpc common section error: %s", res.Msg)
+		return
+	}
+
+	pxyCfgs, visitorCfgs, err := config.LoadAllConfFromIni(svr.cfg.User, content, newCommonCfg.Start)
+	if err != nil {
+		res.Code = 400
+		res.Msg = err.Error()
+		log.Warn("reload frpc proxy config error: %s", res.Msg)
+		return
+	}
+
+	err = svr.ReloadConf(pxyCfgs, visitorCfgs)
+	if err != nil {
+		res.Code = 500
+		res.Msg = err.Error()
+		log.Warn("reload frpc proxy config error: %s", res.Msg)
+		return
+	}
+	log.Info("success reload conf")
+	return
+}
+
+type StatusResp struct {
+	Tcp   []ProxyStatusResp `json:"tcp"`
+	Udp   []ProxyStatusResp `json:"udp"`
+	Http  []ProxyStatusResp `json:"http"`
+	Https []ProxyStatusResp `json:"https"`
+	Stcp  []ProxyStatusResp `json:"stcp"`
+	Xtcp  []ProxyStatusResp `json:"xtcp"`
+}
+
+type ProxyStatusResp struct {
+	Name       string `json:"name"`
+	Type       string `json:"type"`
+	Status     string `json:"status"`
+	Err        string `json:"err"`
+	LocalAddr  string `json:"local_addr"`
+	Plugin     string `json:"plugin"`
+	RemoteAddr string `json:"remote_addr"`
+}
+
+type ByProxyStatusResp []ProxyStatusResp
+
+func (a ByProxyStatusResp) Len() int           { return len(a) }
+func (a ByProxyStatusResp) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
+func (a ByProxyStatusResp) Less(i, j int) bool { return strings.Compare(a[i].Name, a[j].Name) < 0 }
+
+func NewProxyStatusResp(status *proxy.ProxyStatus, serverAddr string) ProxyStatusResp {
+	psr := ProxyStatusResp{
+		Name:   status.Name,
+		Type:   status.Type,
+		Status: status.Status,
+		Err:    status.Err,
+	}
+	switch cfg := status.Cfg.(type) {
+	case *config.TcpProxyConf:
+		if cfg.LocalPort != 0 {
+			psr.LocalAddr = fmt.Sprintf("%s:%d", cfg.LocalIp, cfg.LocalPort)
+		}
+		psr.Plugin = cfg.Plugin
+		if status.Err != "" {
+			psr.RemoteAddr = fmt.Sprintf("%s:%d", serverAddr, cfg.RemotePort)
+		} else {
+			psr.RemoteAddr = serverAddr + status.RemoteAddr
+		}
+	case *config.UdpProxyConf:
+		if cfg.LocalPort != 0 {
+			psr.LocalAddr = fmt.Sprintf("%s:%d", cfg.LocalIp, cfg.LocalPort)
+		}
+		if status.Err != "" {
+			psr.RemoteAddr = fmt.Sprintf("%s:%d", serverAddr, cfg.RemotePort)
+		} else {
+			psr.RemoteAddr = serverAddr + status.RemoteAddr
+		}
+	case *config.HttpProxyConf:
+		if cfg.LocalPort != 0 {
+			psr.LocalAddr = fmt.Sprintf("%s:%d", cfg.LocalIp, cfg.LocalPort)
+		}
+		psr.Plugin = cfg.Plugin
+		psr.RemoteAddr = status.RemoteAddr
+	case *config.HttpsProxyConf:
+		if cfg.LocalPort != 0 {
+			psr.LocalAddr = fmt.Sprintf("%s:%d", cfg.LocalIp, cfg.LocalPort)
+		}
+		psr.Plugin = cfg.Plugin
+		psr.RemoteAddr = status.RemoteAddr
+	case *config.StcpProxyConf:
+		if cfg.LocalPort != 0 {
+			psr.LocalAddr = fmt.Sprintf("%s:%d", cfg.LocalIp, cfg.LocalPort)
+		}
+		psr.Plugin = cfg.Plugin
+	case *config.XtcpProxyConf:
+		if cfg.LocalPort != 0 {
+			psr.LocalAddr = fmt.Sprintf("%s:%d", cfg.LocalIp, cfg.LocalPort)
+		}
+		psr.Plugin = cfg.Plugin
+	}
+	return psr
+}
+
+// GET api/status
+func (svr *Service) apiStatus(w http.ResponseWriter, r *http.Request) {
+	var (
+		buf []byte
+		res StatusResp
+	)
+	res.Tcp = make([]ProxyStatusResp, 0)
+	res.Udp = make([]ProxyStatusResp, 0)
+	res.Http = make([]ProxyStatusResp, 0)
+	res.Https = make([]ProxyStatusResp, 0)
+	res.Stcp = make([]ProxyStatusResp, 0)
+	res.Xtcp = make([]ProxyStatusResp, 0)
+
+	log.Info("Http request [/api/status]")
+	defer func() {
+		log.Info("Http response [/api/status]")
+		buf, _ = json.Marshal(&res)
+		w.Write(buf)
+	}()
+
+	ps := svr.ctl.pm.GetAllProxyStatus()
+	for _, status := range ps {
+		switch status.Type {
+		case "tcp":
+			res.Tcp = append(res.Tcp, NewProxyStatusResp(status, svr.cfg.ServerAddr))
+		case "udp":
+			res.Udp = append(res.Udp, NewProxyStatusResp(status, svr.cfg.ServerAddr))
+		case "http":
+			res.Http = append(res.Http, NewProxyStatusResp(status, svr.cfg.ServerAddr))
+		case "https":
+			res.Https = append(res.Https, NewProxyStatusResp(status, svr.cfg.ServerAddr))
+		case "stcp":
+			res.Stcp = append(res.Stcp, NewProxyStatusResp(status, svr.cfg.ServerAddr))
+		case "xtcp":
+			res.Xtcp = append(res.Xtcp, NewProxyStatusResp(status, svr.cfg.ServerAddr))
+		}
+	}
+	sort.Sort(ByProxyStatusResp(res.Tcp))
+	sort.Sort(ByProxyStatusResp(res.Udp))
+	sort.Sort(ByProxyStatusResp(res.Http))
+	sort.Sort(ByProxyStatusResp(res.Https))
+	sort.Sort(ByProxyStatusResp(res.Stcp))
+	sort.Sort(ByProxyStatusResp(res.Xtcp))
+	return
+}
+
+// GET api/config
+func (svr *Service) apiGetConfig(w http.ResponseWriter, r *http.Request) {
+	res := GeneralResponse{Code: 200}
+
+	log.Info("Http get request [/api/config]")
+	defer func() {
+		log.Info("Http get response [/api/config], code [%d]", res.Code)
+		w.WriteHeader(res.Code)
+		if len(res.Msg) > 0 {
+			w.Write([]byte(res.Msg))
+		}
+	}()
+
+	if svr.cfgFile == "" {
+		res.Code = 400
+		res.Msg = "frpc has no config file path"
+		log.Warn("%s", res.Msg)
+		return
+	}
+
+	content, err := config.GetRenderedConfFromFile(svr.cfgFile)
+	if err != nil {
+		res.Code = 400
+		res.Msg = err.Error()
+		log.Warn("load frpc config file error: %s", res.Msg)
+		return
+	}
+
+	rows := strings.Split(content, "\n")
+	newRows := make([]string, 0, len(rows))
+	for _, row := range rows {
+		row = strings.TrimSpace(row)
+		if strings.HasPrefix(row, "token") {
+			continue
+		}
+		newRows = append(newRows, row)
+	}
+	res.Msg = strings.Join(newRows, "\n")
+}
+
+// PUT api/config
+func (svr *Service) apiPutConfig(w http.ResponseWriter, r *http.Request) {
+	res := GeneralResponse{Code: 200}
+
+	log.Info("Http put request [/api/config]")
+	defer func() {
+		log.Info("Http put response [/api/config], code [%d]", res.Code)
+		w.WriteHeader(res.Code)
+		if len(res.Msg) > 0 {
+			w.Write([]byte(res.Msg))
+		}
+	}()
+
+	// get new config content
+	body, err := ioutil.ReadAll(r.Body)
+	if err != nil {
+		res.Code = 400
+		res.Msg = fmt.Sprintf("read request body error: %v", err)
+		log.Warn("%s", res.Msg)
+		return
+	}
+
+	if len(body) == 0 {
+		res.Code = 400
+		res.Msg = "body can't be empty"
+		log.Warn("%s", res.Msg)
+		return
+	}
+
+	// get token from origin content
+	token := ""
+	b, err := ioutil.ReadFile(svr.cfgFile)
+	if err != nil {
+		res.Code = 400
+		res.Msg = err.Error()
+		log.Warn("load frpc config file error: %s", res.Msg)
+		return
+	}
+	content := string(b)
+
+	for _, row := range strings.Split(content, "\n") {
+		row = strings.TrimSpace(row)
+		if strings.HasPrefix(row, "token") {
+			token = row
+			break
+		}
+	}
+
+	tmpRows := make([]string, 0)
+	for _, row := range strings.Split(string(body), "\n") {
+		row = strings.TrimSpace(row)
+		if strings.HasPrefix(row, "token") {
+			continue
+		}
+		tmpRows = append(tmpRows, row)
+	}
+
+	newRows := make([]string, 0)
+	if token != "" {
+		for _, row := range tmpRows {
+			newRows = append(newRows, row)
+			if strings.HasPrefix(row, "[common]") {
+				newRows = append(newRows, token)
+			}
+		}
+	} else {
+		newRows = tmpRows
+	}
+	content = strings.Join(newRows, "\n")
+
+	err = ioutil.WriteFile(svr.cfgFile, []byte(content), 0644)
+	if err != nil {
+		res.Code = 500
+		res.Msg = fmt.Sprintf("write content to frpc config file error: %v", err)
+		log.Warn("%s", res.Msg)
+		return
+	}
+}

client/control.go

@@ -0,0 +1,367 @@
+// Copyright 2017 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package client
+
+import (
+	"context"
+	"crypto/tls"
+	"fmt"
+	"io"
+	"net"
+	"runtime/debug"
+	"sync"
+	"time"
+
+	"github.com/fatedier/frp/client/proxy"
+	"github.com/fatedier/frp/models/auth"
+	"github.com/fatedier/frp/models/config"
+	"github.com/fatedier/frp/models/msg"
+	frpNet "github.com/fatedier/frp/utils/net"
+	"github.com/fatedier/frp/utils/xlog"
+
+	"github.com/fatedier/golib/control/shutdown"
+	"github.com/fatedier/golib/crypto"
+	fmux "github.com/hashicorp/yamux"
+)
+
+type Control struct {
+	// uniq id got from frps, attach it in loginMsg
+	runId string
+
+	// manage all proxies
+	pxyCfgs map[string]config.ProxyConf
+	pm      *proxy.ProxyManager
+
+	// manage all visitors
+	vm *VisitorManager
+
+	// control connection
+	conn net.Conn
+
+	// tcp stream multiplexing, if enabled
+	session *fmux.Session
+
+	// put a message in this channel to send it over control connection to server
+	sendCh chan (msg.Message)
+
+	// read from this channel to get the next message sent by server
+	readCh chan (msg.Message)
+
+	// goroutines can block by reading from this channel, it will be closed only in reader() when control connection is closed
+	closedCh chan struct{}
+
+	closedDoneCh chan struct{}
+
+	// last time got the Pong message
+	lastPong time.Time
+
+	// The client configuration
+	clientCfg config.ClientCommonConf
+
+	readerShutdown     *shutdown.Shutdown
+	writerShutdown     *shutdown.Shutdown
+	msgHandlerShutdown *shutdown.Shutdown
+
+	// The UDP port that the server is listening on
+	serverUDPPort int
+
+	mu sync.RWMutex
+
+	xl *xlog.Logger
+
+	// service context
+	ctx context.Context
+
+	// sets authentication based on selected method
+	authSetter auth.Setter
+}
+
+func NewControl(ctx context.Context, runId string, conn net.Conn, session *fmux.Session,
+	clientCfg config.ClientCommonConf,
+	pxyCfgs map[string]config.ProxyConf,
+	visitorCfgs map[string]config.VisitorConf,
+	serverUDPPort int,
+	authSetter auth.Setter) *Control {
+
+	// new xlog instance
+	ctl := &Control{
+		runId:              runId,
+		conn:               conn,
+		session:            session,
+		pxyCfgs:            pxyCfgs,
+		sendCh:             make(chan msg.Message, 100),
+		readCh:             make(chan msg.Message, 100),
+		closedCh:           make(chan struct{}),
+		closedDoneCh:       make(chan struct{}),
+		clientCfg:          clientCfg,
+		readerShutdown:     shutdown.New(),
+		writerShutdown:     shutdown.New(),
+		msgHandlerShutdown: shutdown.New(),
+		serverUDPPort:      serverUDPPort,
+		xl:                 xlog.FromContextSafe(ctx),
+		ctx:                ctx,
+		authSetter:         authSetter,
+	}
+	ctl.pm = proxy.NewProxyManager(ctl.ctx, ctl.sendCh, clientCfg, serverUDPPort)
+
+	ctl.vm = NewVisitorManager(ctl.ctx, ctl)
+	ctl.vm.Reload(visitorCfgs)
+	return ctl
+}
+
+func (ctl *Control) Run() {
+	go ctl.worker()
+
+	// start all proxies
+	ctl.pm.Reload(ctl.pxyCfgs)
+
+	// start all visitors
+	go ctl.vm.Run()
+	return
+}
+
+func (ctl *Control) HandleReqWorkConn(inMsg *msg.ReqWorkConn) {
+	xl := ctl.xl
+	workConn, err := ctl.connectServer()
+	if err != nil {
+		return
+	}
+
+	m := &msg.NewWorkConn{
+		RunId: ctl.runId,
+	}
+	if err = ctl.authSetter.SetNewWorkConn(m); err != nil {
+		xl.Warn("error during NewWorkConn authentication: %v", err)
+		return
+	}
+	if err = msg.WriteMsg(workConn, m); err != nil {
+		xl.Warn("work connection write to server error: %v", err)
+		workConn.Close()
+		return
+	}
+
+	var startMsg msg.StartWorkConn
+	if err = msg.ReadMsgInto(workConn, &startMsg); err != nil {
+		xl.Error("work connection closed before response StartWorkConn message: %v", err)
+		workConn.Close()
+		return
+	}
+	if startMsg.Error != "" {
+		xl.Error("StartWorkConn contains error: %s", startMsg.Error)
+		workConn.Close()
+		return
+	}
+
+	// dispatch this work connection to related proxy
+	ctl.pm.HandleWorkConn(startMsg.ProxyName, workConn, &startMsg)
+}
+
+func (ctl *Control) HandleNewProxyResp(inMsg *msg.NewProxyResp) {
+	xl := ctl.xl
+	// Server will return NewProxyResp message to each NewProxy message.
+	// Start a new proxy handler if no error got
+	err := ctl.pm.StartProxy(inMsg.ProxyName, inMsg.RemoteAddr, inMsg.Error)
+	if err != nil {
+		xl.Warn("[%s] start error: %v", inMsg.ProxyName, err)
+	} else {
+		xl.Info("[%s] start proxy success", inMsg.ProxyName)
+	}
+}
+
+func (ctl *Control) Close() error {
+	ctl.pm.Close()
+	ctl.conn.Close()
+	if ctl.session != nil {
+		ctl.session.Close()
+	}
+	return nil
+}
+
+// ClosedDoneCh returns a channel which will be closed after all resources are released
+func (ctl *Control) ClosedDoneCh() <-chan struct{} {
+	return ctl.closedDoneCh
+}
+
+// connectServer return a new connection to frps
+func (ctl *Control) connectServer() (conn net.Conn, err error) {
+	xl := ctl.xl
+	if ctl.clientCfg.TcpMux {
+		stream, errRet := ctl.session.OpenStream()
+		if errRet != nil {
+			err = errRet
+			xl.Warn("start new connection to server error: %v", err)
+			return
+		}
+		conn = stream
+	} else {
+		var tlsConfig *tls.Config
+		if ctl.clientCfg.TLSEnable {
+			tlsConfig = &tls.Config{
+				InsecureSkipVerify: true,
+			}
+		}
+		conn, err = frpNet.ConnectServerByProxyWithTLS(ctl.clientCfg.HttpProxy, ctl.clientCfg.Protocol,
+			fmt.Sprintf("%s:%d", ctl.clientCfg.ServerAddr, ctl.clientCfg.ServerPort), tlsConfig)
+		if err != nil {
+			xl.Warn("start new connection to server error: %v", err)
+			return
+		}
+	}
+	return
+}
+
+// reader read all messages from frps and send to readCh
+func (ctl *Control) reader() {
+	xl := ctl.xl
+	defer func() {
+		if err := recover(); err != nil {
+			xl.Error("panic error: %v", err)
+			xl.Error(string(debug.Stack()))
+		}
+	}()
+	defer ctl.readerShutdown.Done()
+	defer close(ctl.closedCh)
+
+	encReader := crypto.NewReader(ctl.conn, []byte(ctl.clientCfg.Token))
+	for {
+		if m, err := msg.ReadMsg(encReader); err != nil {
+			if err == io.EOF {
+				xl.Debug("read from control connection EOF")
+				return
+			} else {
+				xl.Warn("read error: %v", err)
+				ctl.conn.Close()
+				return
+			}
+		} else {
+			ctl.readCh <- m
+		}
+	}
+}
+
+// writer writes messages got from sendCh to frps
+func (ctl *Control) writer() {
+	xl := ctl.xl
+	defer ctl.writerShutdown.Done()
+	encWriter, err := crypto.NewWriter(ctl.conn, []byte(ctl.clientCfg.Token))
+	if err != nil {
+		xl.Error("crypto new writer error: %v", err)
+		ctl.conn.Close()
+		return
+	}
+	for {
+		if m, ok := <-ctl.sendCh; !ok {
+			xl.Info("control writer is closing")
+			return
+		} else {
+			if err := msg.WriteMsg(encWriter, m); err != nil {
+				xl.Warn("write message to control connection error: %v", err)
+				return
+			}
+		}
+	}
+}
+
+// msgHandler handles all channel events and do corresponding operations.
+func (ctl *Control) msgHandler() {
+	xl := ctl.xl
+	defer func() {
+		if err := recover(); err != nil {
+			xl.Error("panic error: %v", err)
+			xl.Error(string(debug.Stack()))
+		}
+	}()
+	defer ctl.msgHandlerShutdown.Done()
+
+	hbSend := time.NewTicker(time.Duration(ctl.clientCfg.HeartBeatInterval) * time.Second)
+	defer hbSend.Stop()
+	hbCheck := time.NewTicker(time.Second)
+	defer hbCheck.Stop()
+
+	ctl.lastPong = time.Now()
+
+	for {
+		select {
+		case <-hbSend.C:
+			// send heartbeat to server
+			xl.Debug("send heartbeat to server")
+			pingMsg := &msg.Ping{}
+			if err := ctl.authSetter.SetPing(pingMsg); err != nil {
+				xl.Warn("error during ping authentication: %v", err)
+				return
+			}
+			ctl.sendCh <- pingMsg
+		case <-hbCheck.C:
+			if time.Since(ctl.lastPong) > time.Duration(ctl.clientCfg.HeartBeatTimeout)*time.Second {
+				xl.Warn("heartbeat timeout")
+				// let reader() stop
+				ctl.conn.Close()
+				return
+			}
+		case rawMsg, ok := <-ctl.readCh:
+			if !ok {
+				return
+			}
+
+			switch m := rawMsg.(type) {
+			case *msg.ReqWorkConn:
+				go ctl.HandleReqWorkConn(m)
+			case *msg.NewProxyResp:
+				ctl.HandleNewProxyResp(m)
+			case *msg.Pong:
+				if m.Error != "" {
+					xl.Error("Pong contains error: %s", m.Error)
+					ctl.conn.Close()
+					return
+				}
+				ctl.lastPong = time.Now()
+				xl.Debug("receive heartbeat from server")
+			}
+		}
+	}
+}
+
+// If controler is notified by closedCh, reader and writer and handler will exit
+func (ctl *Control) worker() {
+	go ctl.msgHandler()
+	go ctl.reader()
+	go ctl.writer()
+
+	select {
+	case <-ctl.closedCh:
+		// close related channels and wait until other goroutines done
+		close(ctl.readCh)
+		ctl.readerShutdown.WaitDone()
+		ctl.msgHandlerShutdown.WaitDone()
+
+		close(ctl.sendCh)
+		ctl.writerShutdown.WaitDone()
+
+		ctl.pm.Close()
+		ctl.vm.Close()
+
+		close(ctl.closedDoneCh)
+		if ctl.session != nil {
+			ctl.session.Close()
+		}
+		return
+	}
+}
+
+func (ctl *Control) ReloadConf(pxyCfgs map[string]config.ProxyConf, visitorCfgs map[string]config.VisitorConf) error {
+	ctl.vm.Reload(visitorCfgs)
+	ctl.pm.Reload(pxyCfgs)
+	return nil
+}

client/event/event.go

@@ -0,0 +1,28 @@
+package event
+
+import (
+	"errors"
+
+	"github.com/fatedier/frp/models/msg"
+)
+
+type EventType int
+
+const (
+	EvStartProxy EventType = iota
+	EvCloseProxy
+)
+
+var (
+	ErrPayloadType = errors.New("error payload type")
+)
+
+type EventHandler func(evType EventType, payload interface{}) error
+
+type StartProxyPayload struct {
+	NewProxyMsg *msg.NewProxy
+}
+
+type CloseProxyPayload struct {
+	CloseProxyMsg *msg.CloseProxy
+}

client/health/health.go

@@ -0,0 +1,171 @@
+// Copyright 2018 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package health
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net"
+	"net/http"
+	"time"
+
+	"github.com/fatedier/frp/utils/xlog"
+)
+
+var (
+	ErrHealthCheckType = errors.New("error health check type")
+)
+
+type HealthCheckMonitor struct {
+	checkType      string
+	interval       time.Duration
+	timeout        time.Duration
+	maxFailedTimes int
+
+	// For tcp
+	addr string
+
+	// For http
+	url string
+
+	failedTimes    uint64
+	statusOK       bool
+	statusNormalFn func()
+	statusFailedFn func()
+
+	ctx    context.Context
+	cancel context.CancelFunc
+}
+
+func NewHealthCheckMonitor(ctx context.Context, checkType string,
+	intervalS int, timeoutS int, maxFailedTimes int,
+	addr string, url string,
+	statusNormalFn func(), statusFailedFn func()) *HealthCheckMonitor {
+
+	if intervalS <= 0 {
+		intervalS = 10
+	}
+	if timeoutS <= 0 {
+		timeoutS = 3
+	}
+	if maxFailedTimes <= 0 {
+		maxFailedTimes = 1
+	}
+	newctx, cancel := context.WithCancel(ctx)
+	return &HealthCheckMonitor{
+		checkType:      checkType,
+		interval:       time.Duration(intervalS) * time.Second,
+		timeout:        time.Duration(timeoutS) * time.Second,
+		maxFailedTimes: maxFailedTimes,
+		addr:           addr,
+		url:            url,
+		statusOK:       false,
+		statusNormalFn: statusNormalFn,
+		statusFailedFn: statusFailedFn,
+		ctx:            newctx,
+		cancel:         cancel,
+	}
+}
+
+func (monitor *HealthCheckMonitor) Start() {
+	go monitor.checkWorker()
+}
+
+func (monitor *HealthCheckMonitor) Stop() {
+	monitor.cancel()
+}
+
+func (monitor *HealthCheckMonitor) checkWorker() {
+	xl := xlog.FromContextSafe(monitor.ctx)
+	for {
+		doCtx, cancel := context.WithDeadline(monitor.ctx, time.Now().Add(monitor.timeout))
+		err := monitor.doCheck(doCtx)
+
+		// check if this monitor has been closed
+		select {
+		case <-monitor.ctx.Done():
+			cancel()
+			return
+		default:
+			cancel()
+		}
+
+		if err == nil {
+			xl.Trace("do one health check success")
+			if !monitor.statusOK && monitor.statusNormalFn != nil {
+				xl.Info("health check status change to success")
+				monitor.statusOK = true
+				monitor.statusNormalFn()
+			}
+		} else {
+			xl.Warn("do one health check failed: %v", err)
+			monitor.failedTimes++
+			if monitor.statusOK && int(monitor.failedTimes) >= monitor.maxFailedTimes && monitor.statusFailedFn != nil {
+				xl.Warn("health check status change to failed")
+				monitor.statusOK = false
+				monitor.statusFailedFn()
+			}
+		}
+
+		time.Sleep(monitor.interval)
+	}
+}
+
+func (monitor *HealthCheckMonitor) doCheck(ctx context.Context) error {
+	switch monitor.checkType {
+	case "tcp":
+		return monitor.doTcpCheck(ctx)
+	case "http":
+		return monitor.doHttpCheck(ctx)
+	default:
+		return ErrHealthCheckType
+	}
+}
+
+func (monitor *HealthCheckMonitor) doTcpCheck(ctx context.Context) error {
+	// if tcp address is not specified, always return nil
+	if monitor.addr == "" {
+		return nil
+	}
+
+	var d net.Dialer
+	conn, err := d.DialContext(ctx, "tcp", monitor.addr)
+	if err != nil {
+		return err
+	}
+	conn.Close()
+	return nil
+}
+
+func (monitor *HealthCheckMonitor) doHttpCheck(ctx context.Context) error {
+	req, err := http.NewRequest("GET", monitor.url, nil)
+	if err != nil {
+		return err
+	}
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+	io.Copy(ioutil.Discard, resp.Body)
+
+	if resp.StatusCode/100 != 2 {
+		return fmt.Errorf("do http health check, StatusCode is [%d] not 2xx", resp.StatusCode)
+	}
+	return nil
+}

client/proxy/proxy.go

@@ -0,0 +1,629 @@
+// Copyright 2017 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package proxy
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/fatedier/frp/models/config"
+	"github.com/fatedier/frp/models/msg"
+	plugin "github.com/fatedier/frp/models/plugin/client"
+	"github.com/fatedier/frp/models/proto/udp"
+	"github.com/fatedier/frp/utils/limit"
+	frpNet "github.com/fatedier/frp/utils/net"
+	"github.com/fatedier/frp/utils/xlog"
+
+	"github.com/fatedier/golib/errors"
+	frpIo "github.com/fatedier/golib/io"
+	"github.com/fatedier/golib/pool"
+	fmux "github.com/hashicorp/yamux"
+	pp "github.com/pires/go-proxyproto"
+	"golang.org/x/time/rate"
+)
+
+// Proxy defines how to handle work connections for different proxy type.
+type Proxy interface {
+	Run() error
+
+	// InWorkConn accept work connections registered to server.
+	InWorkConn(net.Conn, *msg.StartWorkConn)
+
+	Close()
+}
+
+func NewProxy(ctx context.Context, pxyConf config.ProxyConf, clientCfg config.ClientCommonConf, serverUDPPort int) (pxy Proxy) {
+	var limiter *rate.Limiter
+	limitBytes := pxyConf.GetBaseInfo().BandwidthLimit.Bytes()
+	if limitBytes > 0 {
+		limiter = rate.NewLimiter(rate.Limit(float64(limitBytes)), int(limitBytes))
+	}
+
+	baseProxy := BaseProxy{
+		clientCfg:     clientCfg,
+		serverUDPPort: serverUDPPort,
+		limiter:       limiter,
+		xl:            xlog.FromContextSafe(ctx),
+		ctx:           ctx,
+	}
+	switch cfg := pxyConf.(type) {
+	case *config.TcpProxyConf:
+		pxy = &TcpProxy{
+			BaseProxy: &baseProxy,
+			cfg:       cfg,
+		}
+	case *config.TcpMuxProxyConf:
+		pxy = &TcpMuxProxy{
+			BaseProxy: &baseProxy,
+			cfg:       cfg,
+		}
+	case *config.UdpProxyConf:
+		pxy = &UdpProxy{
+			BaseProxy: &baseProxy,
+			cfg:       cfg,
+		}
+	case *config.HttpProxyConf:
+		pxy = &HttpProxy{
+			BaseProxy: &baseProxy,
+			cfg:       cfg,
+		}
+	case *config.HttpsProxyConf:
+		pxy = &HttpsProxy{
+			BaseProxy: &baseProxy,
+			cfg:       cfg,
+		}
+	case *config.StcpProxyConf:
+		pxy = &StcpProxy{
+			BaseProxy: &baseProxy,
+			cfg:       cfg,
+		}
+	case *config.XtcpProxyConf:
+		pxy = &XtcpProxy{
+			BaseProxy: &baseProxy,
+			cfg:       cfg,
+		}
+	}
+	return
+}
+
+type BaseProxy struct {
+	closed        bool
+	clientCfg     config.ClientCommonConf
+	serverUDPPort int
+	limiter       *rate.Limiter
+
+	mu  sync.RWMutex
+	xl  *xlog.Logger
+	ctx context.Context
+}
+
+// TCP
+type TcpProxy struct {
+	*BaseProxy
+
+	cfg         *config.TcpProxyConf
+	proxyPlugin plugin.Plugin
+}
+
+func (pxy *TcpProxy) Run() (err error) {
+	if pxy.cfg.Plugin != "" {
+		pxy.proxyPlugin, err = plugin.Create(pxy.cfg.Plugin, pxy.cfg.PluginParams)
+		if err != nil {
+			return
+		}
+	}
+	return
+}
+
+func (pxy *TcpProxy) Close() {
+	if pxy.proxyPlugin != nil {
+		pxy.proxyPlugin.Close()
+	}
+}
+
+func (pxy *TcpProxy) InWorkConn(conn net.Conn, m *msg.StartWorkConn) {
+	HandleTcpWorkConnection(pxy.ctx, &pxy.cfg.LocalSvrConf, pxy.proxyPlugin, &pxy.cfg.BaseProxyConf, pxy.limiter,
+		conn, []byte(pxy.clientCfg.Token), m)
+}
+
+// TCP Multiplexer
+type TcpMuxProxy struct {
+	*BaseProxy
+
+	cfg         *config.TcpMuxProxyConf
+	proxyPlugin plugin.Plugin
+}
+
+func (pxy *TcpMuxProxy) Run() (err error) {
+	if pxy.cfg.Plugin != "" {
+		pxy.proxyPlugin, err = plugin.Create(pxy.cfg.Plugin, pxy.cfg.PluginParams)
+		if err != nil {
+			return
+		}
+	}
+	return
+}
+
+func (pxy *TcpMuxProxy) Close() {
+	if pxy.proxyPlugin != nil {
+		pxy.proxyPlugin.Close()
+	}
+}
+
+func (pxy *TcpMuxProxy) InWorkConn(conn net.Conn, m *msg.StartWorkConn) {
+	HandleTcpWorkConnection(pxy.ctx, &pxy.cfg.LocalSvrConf, pxy.proxyPlugin, &pxy.cfg.BaseProxyConf, pxy.limiter,
+		conn, []byte(pxy.clientCfg.Token), m)
+}
+
+// HTTP
+type HttpProxy struct {
+	*BaseProxy
+
+	cfg         *config.HttpProxyConf
+	proxyPlugin plugin.Plugin
+}
+
+func (pxy *HttpProxy) Run() (err error) {
+	if pxy.cfg.Plugin != "" {
+		pxy.proxyPlugin, err = plugin.Create(pxy.cfg.Plugin, pxy.cfg.PluginParams)
+		if err != nil {
+			return
+		}
+	}
+	return
+}
+
+func (pxy *HttpProxy) Close() {
+	if pxy.proxyPlugin != nil {
+		pxy.proxyPlugin.Close()
+	}
+}
+
+func (pxy *HttpProxy) InWorkConn(conn net.Conn, m *msg.StartWorkConn) {
+	HandleTcpWorkConnection(pxy.ctx, &pxy.cfg.LocalSvrConf, pxy.proxyPlugin, &pxy.cfg.BaseProxyConf, pxy.limiter,
+		conn, []byte(pxy.clientCfg.Token), m)
+}
+
+// HTTPS
+type HttpsProxy struct {
+	*BaseProxy
+
+	cfg         *config.HttpsProxyConf
+	proxyPlugin plugin.Plugin
+}
+
+func (pxy *HttpsProxy) Run() (err error) {
+	if pxy.cfg.Plugin != "" {
+		pxy.proxyPlugin, err = plugin.Create(pxy.cfg.Plugin, pxy.cfg.PluginParams)
+		if err != nil {
+			return
+		}
+	}
+	return
+}
+
+func (pxy *HttpsProxy) Close() {
+	if pxy.proxyPlugin != nil {
+		pxy.proxyPlugin.Close()
+	}
+}
+
+func (pxy *HttpsProxy) InWorkConn(conn net.Conn, m *msg.StartWorkConn) {
+	HandleTcpWorkConnection(pxy.ctx, &pxy.cfg.LocalSvrConf, pxy.proxyPlugin, &pxy.cfg.BaseProxyConf, pxy.limiter,
+		conn, []byte(pxy.clientCfg.Token), m)
+}
+
+// STCP
+type StcpProxy struct {
+	*BaseProxy
+
+	cfg         *config.StcpProxyConf
+	proxyPlugin plugin.Plugin
+}
+
+func (pxy *StcpProxy) Run() (err error) {
+	if pxy.cfg.Plugin != "" {
+		pxy.proxyPlugin, err = plugin.Create(pxy.cfg.Plugin, pxy.cfg.PluginParams)
+		if err != nil {
+			return
+		}
+	}
+	return
+}
+
+func (pxy *StcpProxy) Close() {
+	if pxy.proxyPlugin != nil {
+		pxy.proxyPlugin.Close()
+	}
+}
+
+func (pxy *StcpProxy) InWorkConn(conn net.Conn, m *msg.StartWorkConn) {
+	HandleTcpWorkConnection(pxy.ctx, &pxy.cfg.LocalSvrConf, pxy.proxyPlugin, &pxy.cfg.BaseProxyConf, pxy.limiter,
+		conn, []byte(pxy.clientCfg.Token), m)
+}
+
+// XTCP
+type XtcpProxy struct {
+	*BaseProxy
+
+	cfg         *config.XtcpProxyConf
+	proxyPlugin plugin.Plugin
+}
+
+func (pxy *XtcpProxy) Run() (err error) {
+	if pxy.cfg.Plugin != "" {
+		pxy.proxyPlugin, err = plugin.Create(pxy.cfg.Plugin, pxy.cfg.PluginParams)
+		if err != nil {
+			return
+		}
+	}
+	return
+}
+
+func (pxy *XtcpProxy) Close() {
+	if pxy.proxyPlugin != nil {
+		pxy.proxyPlugin.Close()
+	}
+}
+
+func (pxy *XtcpProxy) InWorkConn(conn net.Conn, m *msg.StartWorkConn) {
+	xl := pxy.xl
+	defer conn.Close()
+	var natHoleSidMsg msg.NatHoleSid
+	err := msg.ReadMsgInto(conn, &natHoleSidMsg)
+	if err != nil {
+		xl.Error("xtcp read from workConn error: %v", err)
+		return
+	}
+
+	natHoleClientMsg := &msg.NatHoleClient{
+		ProxyName: pxy.cfg.ProxyName,
+		Sid:       natHoleSidMsg.Sid,
+	}
+	raddr, _ := net.ResolveUDPAddr("udp",
+		fmt.Sprintf("%s:%d", pxy.clientCfg.ServerAddr, pxy.serverUDPPort))
+	clientConn, err := net.DialUDP("udp", nil, raddr)
+	defer clientConn.Close()
+
+	err = msg.WriteMsg(clientConn, natHoleClientMsg)
+	if err != nil {
+		xl.Error("send natHoleClientMsg to server error: %v", err)
+		return
+	}
+
+	// Wait for client address at most 5 seconds.
+	var natHoleRespMsg msg.NatHoleResp
+	clientConn.SetReadDeadline(time.Now().Add(5 * time.Second))
+
+	buf := pool.GetBuf(1024)
+	n, err := clientConn.Read(buf)
+	if err != nil {
+		xl.Error("get natHoleRespMsg error: %v", err)
+		return
+	}
+	err = msg.ReadMsgInto(bytes.NewReader(buf[:n]), &natHoleRespMsg)
+	if err != nil {
+		xl.Error("get natHoleRespMsg error: %v", err)
+		return
+	}
+	clientConn.SetReadDeadline(time.Time{})
+	clientConn.Close()
+
+	if natHoleRespMsg.Error != "" {
+		xl.Error("natHoleRespMsg get error info: %s", natHoleRespMsg.Error)
+		return
+	}
+
+	xl.Trace("get natHoleRespMsg, sid [%s], client address [%s] visitor address [%s]", natHoleRespMsg.Sid, natHoleRespMsg.ClientAddr, natHoleRespMsg.VisitorAddr)
+
+	// Send detect message
+	array := strings.Split(natHoleRespMsg.VisitorAddr, ":")
+	if len(array) <= 1 {
+		xl.Error("get NatHoleResp visitor address error: %v", natHoleRespMsg.VisitorAddr)
+	}
+	laddr, _ := net.ResolveUDPAddr("udp", clientConn.LocalAddr().String())
+	/*
+		for i := 1000; i < 65000; i++ {
+			pxy.sendDetectMsg(array[0], int64(i), laddr, "a")
+		}
+	*/
+	port, err := strconv.ParseInt(array[1], 10, 64)
+	if err != nil {
+		xl.Error("get natHoleResp visitor address error: %v", natHoleRespMsg.VisitorAddr)
+		return
+	}
+	pxy.sendDetectMsg(array[0], int(port), laddr, []byte(natHoleRespMsg.Sid))
+	xl.Trace("send all detect msg done")
+
+	msg.WriteMsg(conn, &msg.NatHoleClientDetectOK{})
+
+	// Listen for clientConn's address and wait for visitor connection
+	lConn, err := net.ListenUDP("udp", laddr)
+	if err != nil {
+		xl.Error("listen on visitorConn's local adress error: %v", err)
+		return
+	}
+	defer lConn.Close()
+
+	lConn.SetReadDeadline(time.Now().Add(8 * time.Second))
+	sidBuf := pool.GetBuf(1024)
+	var uAddr *net.UDPAddr
+	n, uAddr, err = lConn.ReadFromUDP(sidBuf)
+	if err != nil {
+		xl.Warn("get sid from visitor error: %v", err)
+		return
+	}
+	lConn.SetReadDeadline(time.Time{})
+	if string(sidBuf[:n]) != natHoleRespMsg.Sid {
+		xl.Warn("incorrect sid from visitor")
+		return
+	}
+	pool.PutBuf(sidBuf)
+	xl.Info("nat hole connection make success, sid [%s]", natHoleRespMsg.Sid)
+
+	lConn.WriteToUDP(sidBuf[:n], uAddr)
+
+	kcpConn, err := frpNet.NewKcpConnFromUdp(lConn, false, uAddr.String())
+	if err != nil {
+		xl.Error("create kcp connection from udp connection error: %v", err)
+		return
+	}
+
+	fmuxCfg := fmux.DefaultConfig()
+	fmuxCfg.KeepAliveInterval = 5 * time.Second
+	fmuxCfg.LogOutput = ioutil.Discard
+	sess, err := fmux.Server(kcpConn, fmuxCfg)
+	if err != nil {
+		xl.Error("create yamux server from kcp connection error: %v", err)
+		return
+	}
+	defer sess.Close()
+	muxConn, err := sess.Accept()
+	if err != nil {
+		xl.Error("accept for yamux connection error: %v", err)
+		return
+	}
+
+	HandleTcpWorkConnection(pxy.ctx, &pxy.cfg.LocalSvrConf, pxy.proxyPlugin, &pxy.cfg.BaseProxyConf, pxy.limiter,
+		muxConn, []byte(pxy.cfg.Sk), m)
+}
+
+func (pxy *XtcpProxy) sendDetectMsg(addr string, port int, laddr *net.UDPAddr, content []byte) (err error) {
+	daddr, err := net.ResolveUDPAddr("udp", fmt.Sprintf("%s:%d", addr, port))
+	if err != nil {
+		return err
+	}
+
+	tConn, err := net.DialUDP("udp", laddr, daddr)
+	if err != nil {
+		return err
+	}
+
+	//uConn := ipv4.NewConn(tConn)
+	//uConn.SetTTL(3)
+
+	tConn.Write(content)
+	tConn.Close()
+	return nil
+}
+
+// UDP
+type UdpProxy struct {
+	*BaseProxy
+
+	cfg *config.UdpProxyConf
+
+	localAddr *net.UDPAddr
+	readCh    chan *msg.UdpPacket
+
+	// include msg.UdpPacket and msg.Ping
+	sendCh   chan msg.Message
+	workConn net.Conn
+}
+
+func (pxy *UdpProxy) Run() (err error) {
+	pxy.localAddr, err = net.ResolveUDPAddr("udp", fmt.Sprintf("%s:%d", pxy.cfg.LocalIp, pxy.cfg.LocalPort))
+	if err != nil {
+		return
+	}
+	return
+}
+
+func (pxy *UdpProxy) Close() {
+	pxy.mu.Lock()
+	defer pxy.mu.Unlock()
+
+	if !pxy.closed {
+		pxy.closed = true
+		if pxy.workConn != nil {
+			pxy.workConn.Close()
+		}
+		if pxy.readCh != nil {
+			close(pxy.readCh)
+		}
+		if pxy.sendCh != nil {
+			close(pxy.sendCh)
+		}
+	}
+}
+
+func (pxy *UdpProxy) InWorkConn(conn net.Conn, m *msg.StartWorkConn) {
+	xl := pxy.xl
+	xl.Info("incoming a new work connection for udp proxy, %s", conn.RemoteAddr().String())
+	// close resources releated with old workConn
+	pxy.Close()
+
+	if pxy.limiter != nil {
+		rwc := frpIo.WrapReadWriteCloser(limit.NewReader(conn, pxy.limiter), limit.NewWriter(conn, pxy.limiter), func() error {
+			return conn.Close()
+		})
+		conn = frpNet.WrapReadWriteCloserToConn(rwc, conn)
+	}
+
+	pxy.mu.Lock()
+	pxy.workConn = conn
+	pxy.readCh = make(chan *msg.UdpPacket, 1024)
+	pxy.sendCh = make(chan msg.Message, 1024)
+	pxy.closed = false
+	pxy.mu.Unlock()
+
+	workConnReaderFn := func(conn net.Conn, readCh chan *msg.UdpPacket) {
+		for {
+			var udpMsg msg.UdpPacket
+			if errRet := msg.ReadMsgInto(conn, &udpMsg); errRet != nil {
+				xl.Warn("read from workConn for udp error: %v", errRet)
+				return
+			}
+			if errRet := errors.PanicToError(func() {
+				xl.Trace("get udp package from workConn: %s", udpMsg.Content)
+				readCh <- &udpMsg
+			}); errRet != nil {
+				xl.Info("reader goroutine for udp work connection closed: %v", errRet)
+				return
+			}
+		}
+	}
+	workConnSenderFn := func(conn net.Conn, sendCh chan msg.Message) {
+		defer func() {
+			xl.Info("writer goroutine for udp work connection closed")
+		}()
+		var errRet error
+		for rawMsg := range sendCh {
+			switch m := rawMsg.(type) {
+			case *msg.UdpPacket:
+				xl.Trace("send udp package to workConn: %s", m.Content)
+			case *msg.Ping:
+				xl.Trace("send ping message to udp workConn")
+			}
+			if errRet = msg.WriteMsg(conn, rawMsg); errRet != nil {
+				xl.Error("udp work write error: %v", errRet)
+				return
+			}
+		}
+	}
+	heartbeatFn := func(conn net.Conn, sendCh chan msg.Message) {
+		var errRet error
+		for {
+			time.Sleep(time.Duration(30) * time.Second)
+			if errRet = errors.PanicToError(func() {
+				sendCh <- &msg.Ping{}
+			}); errRet != nil {
+				xl.Trace("heartbeat goroutine for udp work connection closed")
+				break
+			}
+		}
+	}
+
+	go workConnSenderFn(pxy.workConn, pxy.sendCh)
+	go workConnReaderFn(pxy.workConn, pxy.readCh)
+	go heartbeatFn(pxy.workConn, pxy.sendCh)
+	udp.Forwarder(pxy.localAddr, pxy.readCh, pxy.sendCh)
+}
+
+// Common handler for tcp work connections.
+func HandleTcpWorkConnection(ctx context.Context, localInfo *config.LocalSvrConf, proxyPlugin plugin.Plugin,
+	baseInfo *config.BaseProxyConf, limiter *rate.Limiter, workConn net.Conn, encKey []byte, m *msg.StartWorkConn) {
+	xl := xlog.FromContextSafe(ctx)
+	var (
+		remote io.ReadWriteCloser
+		err    error
+	)
+	remote = workConn
+	if limiter != nil {
+		remote = frpIo.WrapReadWriteCloser(limit.NewReader(workConn, limiter), limit.NewWriter(workConn, limiter), func() error {
+			return workConn.Close()
+		})
+	}
+
+	xl.Trace("handle tcp work connection, use_encryption: %t, use_compression: %t",
+		baseInfo.UseEncryption, baseInfo.UseCompression)
+	if baseInfo.UseEncryption {
+		remote, err = frpIo.WithEncryption(remote, encKey)
+		if err != nil {
+			workConn.Close()
+			xl.Error("create encryption stream error: %v", err)
+			return
+		}
+	}
+	if baseInfo.UseCompression {
+		remote = frpIo.WithCompression(remote)
+	}
+
+	// check if we need to send proxy protocol info
+	var extraInfo []byte
+	if baseInfo.ProxyProtocolVersion != "" {
+		if m.SrcAddr != "" && m.SrcPort != 0 {
+			if m.DstAddr == "" {
+				m.DstAddr = "127.0.0.1"
+			}
+			h := &pp.Header{
+				Command:            pp.PROXY,
+				SourceAddress:      net.ParseIP(m.SrcAddr),
+				SourcePort:         m.SrcPort,
+				DestinationAddress: net.ParseIP(m.DstAddr),
+				DestinationPort:    m.DstPort,
+			}
+
+			if strings.Contains(m.SrcAddr, ".") {
+				h.TransportProtocol = pp.TCPv4
+			} else {
+				h.TransportProtocol = pp.TCPv6
+			}
+
+			if baseInfo.ProxyProtocolVersion == "v1" {
+				h.Version = 1
+			} else if baseInfo.ProxyProtocolVersion == "v2" {
+				h.Version = 2
+			}
+
+			buf := bytes.NewBuffer(nil)
+			h.WriteTo(buf)
+			extraInfo = buf.Bytes()
+		}
+	}
+
+	if proxyPlugin != nil {
+		// if plugin is set, let plugin handle connections first
+		xl.Debug("handle by plugin: %s", proxyPlugin.Name())
+		proxyPlugin.Handle(remote, workConn, extraInfo)
+		xl.Debug("handle by plugin finished")
+		return
+	} else {
+		localConn, err := frpNet.ConnectServer("tcp", fmt.Sprintf("%s:%d", localInfo.LocalIp, localInfo.LocalPort))
+		if err != nil {
+			workConn.Close()
+			xl.Error("connect to local service [%s:%d] error: %v", localInfo.LocalIp, localInfo.LocalPort, err)
+			return
+		}
+
+		xl.Debug("join connections, localConn(l[%s] r[%s]) workConn(l[%s] r[%s])", localConn.LocalAddr().String(),
+			localConn.RemoteAddr().String(), workConn.LocalAddr().String(), workConn.RemoteAddr().String())
+
+		if len(extraInfo) > 0 {
+			localConn.Write(extraInfo)
+		}
+
+		frpIo.Join(localConn, remote)
+		xl.Debug("join connections closed")
+	}
+}

client/proxy/proxy_manager.go

@@ -0,0 +1,146 @@
+package proxy
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"sync"
+
+	"github.com/fatedier/frp/client/event"
+	"github.com/fatedier/frp/models/config"
+	"github.com/fatedier/frp/models/msg"
+	"github.com/fatedier/frp/utils/xlog"
+
+	"github.com/fatedier/golib/errors"
+)
+
+type ProxyManager struct {
+	sendCh  chan (msg.Message)
+	proxies map[string]*ProxyWrapper
+
+	closed bool
+	mu     sync.RWMutex
+
+	clientCfg config.ClientCommonConf
+
+	// The UDP port that the server is listening on
+	serverUDPPort int
+
+	ctx context.Context
+}
+
+func NewProxyManager(ctx context.Context, msgSendCh chan (msg.Message), clientCfg config.ClientCommonConf, serverUDPPort int) *ProxyManager {
+	return &ProxyManager{
+		sendCh:        msgSendCh,
+		proxies:       make(map[string]*ProxyWrapper),
+		closed:        false,
+		clientCfg:     clientCfg,
+		serverUDPPort: serverUDPPort,
+		ctx:           ctx,
+	}
+}
+
+func (pm *ProxyManager) StartProxy(name string, remoteAddr string, serverRespErr string) error {
+	pm.mu.RLock()
+	pxy, ok := pm.proxies[name]
+	pm.mu.RUnlock()
+	if !ok {
+		return fmt.Errorf("proxy [%s] not found", name)
+	}
+
+	err := pxy.SetRunningStatus(remoteAddr, serverRespErr)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (pm *ProxyManager) Close() {
+	pm.mu.Lock()
+	defer pm.mu.Unlock()
+	for _, pxy := range pm.proxies {
+		pxy.Stop()
+	}
+	pm.proxies = make(map[string]*ProxyWrapper)
+}
+
+func (pm *ProxyManager) HandleWorkConn(name string, workConn net.Conn, m *msg.StartWorkConn) {
+	pm.mu.RLock()
+	pw, ok := pm.proxies[name]
+	pm.mu.RUnlock()
+	if ok {
+		pw.InWorkConn(workConn, m)
+	} else {
+		workConn.Close()
+	}
+}
+
+func (pm *ProxyManager) HandleEvent(evType event.EventType, payload interface{}) error {
+	var m msg.Message
+	switch e := payload.(type) {
+	case *event.StartProxyPayload:
+		m = e.NewProxyMsg
+	case *event.CloseProxyPayload:
+		m = e.CloseProxyMsg
+	default:
+		return event.ErrPayloadType
+	}
+
+	err := errors.PanicToError(func() {
+		pm.sendCh <- m
+	})
+	return err
+}
+
+func (pm *ProxyManager) GetAllProxyStatus() []*ProxyStatus {
+	ps := make([]*ProxyStatus, 0)
+	pm.mu.RLock()
+	defer pm.mu.RUnlock()
+	for _, pxy := range pm.proxies {
+		ps = append(ps, pxy.GetStatus())
+	}
+	return ps
+}
+
+func (pm *ProxyManager) Reload(pxyCfgs map[string]config.ProxyConf) {
+	xl := xlog.FromContextSafe(pm.ctx)
+	pm.mu.Lock()
+	defer pm.mu.Unlock()
+
+	delPxyNames := make([]string, 0)
+	for name, pxy := range pm.proxies {
+		del := false
+		cfg, ok := pxyCfgs[name]
+		if !ok {
+			del = true
+		} else {
+			if !pxy.Cfg.Compare(cfg) {
+				del = true
+			}
+		}
+
+		if del {
+			delPxyNames = append(delPxyNames, name)
+			delete(pm.proxies, name)
+
+			pxy.Stop()
+		}
+	}
+	if len(delPxyNames) > 0 {
+		xl.Info("proxy removed: %v", delPxyNames)
+	}
+
+	addPxyNames := make([]string, 0)
+	for name, cfg := range pxyCfgs {
+		if _, ok := pm.proxies[name]; !ok {
+			pxy := NewProxyWrapper(pm.ctx, cfg, pm.clientCfg, pm.HandleEvent, pm.serverUDPPort)
+			pm.proxies[name] = pxy
+			addPxyNames = append(addPxyNames, name)
+
+			pxy.Start()
+		}
+	}
+	if len(addPxyNames) > 0 {
+		xl.Info("proxy added: %v", addPxyNames)
+	}
+}

client/proxy/proxy_wrapper.go

@@ -0,0 +1,250 @@
+package proxy
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"github.com/fatedier/frp/client/event"
+	"github.com/fatedier/frp/client/health"
+	"github.com/fatedier/frp/models/config"
+	"github.com/fatedier/frp/models/msg"
+	"github.com/fatedier/frp/utils/xlog"
+
+	"github.com/fatedier/golib/errors"
+)
+
+const (
+	ProxyStatusNew         = "new"
+	ProxyStatusWaitStart   = "wait start"
+	ProxyStatusStartErr    = "start error"
+	ProxyStatusRunning     = "running"
+	ProxyStatusCheckFailed = "check failed"
+	ProxyStatusClosed      = "closed"
+)
+
+var (
+	statusCheckInterval time.Duration = 3 * time.Second
+	waitResponseTimeout               = 20 * time.Second
+	startErrTimeout                   = 30 * time.Second
+)
+
+type ProxyStatus struct {
+	Name   string           `json:"name"`
+	Type   string           `json:"type"`
+	Status string           `json:"status"`
+	Err    string           `json:"err"`
+	Cfg    config.ProxyConf `json:"cfg"`
+
+	// Got from server.
+	RemoteAddr string `json:"remote_addr"`
+}
+
+type ProxyWrapper struct {
+	ProxyStatus
+
+	// underlying proxy
+	pxy Proxy
+
+	// if ProxyConf has healcheck config
+	// monitor will watch if it is alive
+	monitor *health.HealthCheckMonitor
+
+	// event handler
+	handler event.EventHandler
+
+	health           uint32
+	lastSendStartMsg time.Time
+	lastStartErr     time.Time
+	closeCh          chan struct{}
+	healthNotifyCh   chan struct{}
+	mu               sync.RWMutex
+
+	xl  *xlog.Logger
+	ctx context.Context
+}
+
+func NewProxyWrapper(ctx context.Context, cfg config.ProxyConf, clientCfg config.ClientCommonConf, eventHandler event.EventHandler, serverUDPPort int) *ProxyWrapper {
+	baseInfo := cfg.GetBaseInfo()
+	xl := xlog.FromContextSafe(ctx).Spawn().AppendPrefix(baseInfo.ProxyName)
+	pw := &ProxyWrapper{
+		ProxyStatus: ProxyStatus{
+			Name:   baseInfo.ProxyName,
+			Type:   baseInfo.ProxyType,
+			Status: ProxyStatusNew,
+			Cfg:    cfg,
+		},
+		closeCh:        make(chan struct{}),
+		healthNotifyCh: make(chan struct{}),
+		handler:        eventHandler,
+		xl:             xl,
+		ctx:            xlog.NewContext(ctx, xl),
+	}
+
+	if baseInfo.HealthCheckType != "" {
+		pw.health = 1 // means failed
+		pw.monitor = health.NewHealthCheckMonitor(pw.ctx, baseInfo.HealthCheckType, baseInfo.HealthCheckIntervalS,
+			baseInfo.HealthCheckTimeoutS, baseInfo.HealthCheckMaxFailed, baseInfo.HealthCheckAddr,
+			baseInfo.HealthCheckUrl, pw.statusNormalCallback, pw.statusFailedCallback)
+		xl.Trace("enable health check monitor")
+	}
+
+	pw.pxy = NewProxy(pw.ctx, pw.Cfg, clientCfg, serverUDPPort)
+	return pw
+}
+
+func (pw *ProxyWrapper) SetRunningStatus(remoteAddr string, respErr string) error {
+	pw.mu.Lock()
+	defer pw.mu.Unlock()
+	if pw.Status != ProxyStatusWaitStart {
+		return fmt.Errorf("status not wait start, ignore start message")
+	}
+
+	pw.RemoteAddr = remoteAddr
+	if respErr != "" {
+		pw.Status = ProxyStatusStartErr
+		pw.Err = respErr
+		pw.lastStartErr = time.Now()
+		return fmt.Errorf(pw.Err)
+	}
+
+	if err := pw.pxy.Run(); err != nil {
+		pw.close()
+		pw.Status = ProxyStatusStartErr
+		pw.Err = err.Error()
+		pw.lastStartErr = time.Now()
+		return err
+	}
+
+	pw.Status = ProxyStatusRunning
+	pw.Err = ""
+	return nil
+}
+
+func (pw *ProxyWrapper) Start() {
+	go pw.checkWorker()
+	if pw.monitor != nil {
+		go pw.monitor.Start()
+	}
+}
+
+func (pw *ProxyWrapper) Stop() {
+	pw.mu.Lock()
+	defer pw.mu.Unlock()
+	close(pw.closeCh)
+	close(pw.healthNotifyCh)
+	pw.pxy.Close()
+	if pw.monitor != nil {
+		pw.monitor.Stop()
+	}
+	pw.Status = ProxyStatusClosed
+	pw.close()
+}
+
+func (pw *ProxyWrapper) close() {
+	pw.handler(event.EvCloseProxy, &event.CloseProxyPayload{
+		CloseProxyMsg: &msg.CloseProxy{
+			ProxyName: pw.Name,
+		},
+	})
+}
+
+func (pw *ProxyWrapper) checkWorker() {
+	xl := pw.xl
+	if pw.monitor != nil {
+		// let monitor do check request first
+		time.Sleep(500 * time.Millisecond)
+	}
+	for {
+		// check proxy status
+		now := time.Now()
+		if atomic.LoadUint32(&pw.health) == 0 {
+			pw.mu.Lock()
+			if pw.Status == ProxyStatusNew ||
+				pw.Status == ProxyStatusCheckFailed ||
+				(pw.Status == ProxyStatusWaitStart && now.After(pw.lastSendStartMsg.Add(waitResponseTimeout))) ||
+				(pw.Status == ProxyStatusStartErr && now.After(pw.lastStartErr.Add(startErrTimeout))) {
+
+				xl.Trace("change status from [%s] to [%s]", pw.Status, ProxyStatusWaitStart)
+				pw.Status = ProxyStatusWaitStart
+
+				var newProxyMsg msg.NewProxy
+				pw.Cfg.MarshalToMsg(&newProxyMsg)
+				pw.lastSendStartMsg = now
+				pw.handler(event.EvStartProxy, &event.StartProxyPayload{
+					NewProxyMsg: &newProxyMsg,
+				})
+			}
+			pw.mu.Unlock()
+		} else {
+			pw.mu.Lock()
+			if pw.Status == ProxyStatusRunning || pw.Status == ProxyStatusWaitStart {
+				pw.close()
+				xl.Trace("change status from [%s] to [%s]", pw.Status, ProxyStatusCheckFailed)
+				pw.Status = ProxyStatusCheckFailed
+			}
+			pw.mu.Unlock()
+		}
+
+		select {
+		case <-pw.closeCh:
+			return
+		case <-time.After(statusCheckInterval):
+		case <-pw.healthNotifyCh:
+		}
+	}
+}
+
+func (pw *ProxyWrapper) statusNormalCallback() {
+	xl := pw.xl
+	atomic.StoreUint32(&pw.health, 0)
+	errors.PanicToError(func() {
+		select {
+		case pw.healthNotifyCh <- struct{}{}:
+		default:
+		}
+	})
+	xl.Info("health check success")
+}
+
+func (pw *ProxyWrapper) statusFailedCallback() {
+	xl := pw.xl
+	atomic.StoreUint32(&pw.health, 1)
+	errors.PanicToError(func() {
+		select {
+		case pw.healthNotifyCh <- struct{}{}:
+		default:
+		}
+	})
+	xl.Info("health check failed")
+}
+
+func (pw *ProxyWrapper) InWorkConn(workConn net.Conn, m *msg.StartWorkConn) {
+	xl := pw.xl
+	pw.mu.RLock()
+	pxy := pw.pxy
+	pw.mu.RUnlock()
+	if pxy != nil {
+		xl.Debug("start a new work connection, localAddr: %s remoteAddr: %s", workConn.LocalAddr().String(), workConn.RemoteAddr().String())
+		go pxy.InWorkConn(workConn, m)
+	} else {
+		workConn.Close()
+	}
+}
+
+func (pw *ProxyWrapper) GetStatus() *ProxyStatus {
+	pw.mu.RLock()
+	defer pw.mu.RUnlock()
+	ps := &ProxyStatus{
+		Name:       pw.Name,
+		Type:       pw.Type,
+		Status:     pw.Status,
+		Err:        pw.Err,
+		Cfg:        pw.Cfg,
+		RemoteAddr: pw.RemoteAddr,
+	}
+	return ps
+}

client/service.go

@@ -0,0 +1,274 @@
+// Copyright 2017 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package client
+
+import (
+	"context"
+	"crypto/tls"
+	"fmt"
+	"io/ioutil"
+	"net"
+	"runtime"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"github.com/fatedier/frp/assets"
+	"github.com/fatedier/frp/models/auth"
+	"github.com/fatedier/frp/models/config"
+	"github.com/fatedier/frp/models/msg"
+	"github.com/fatedier/frp/utils/log"
+	frpNet "github.com/fatedier/frp/utils/net"
+	"github.com/fatedier/frp/utils/version"
+	"github.com/fatedier/frp/utils/xlog"
+
+	fmux "github.com/hashicorp/yamux"
+)
+
+// Service is a client service.
+type Service struct {
+	// uniq id got from frps, attach it in loginMsg
+	runId string
+
+	// manager control connection with server
+	ctl   *Control
+	ctlMu sync.RWMutex
+
+	// Sets authentication based on selected method
+	authSetter auth.Setter
+
+	cfg         config.ClientCommonConf
+	pxyCfgs     map[string]config.ProxyConf
+	visitorCfgs map[string]config.VisitorConf
+	cfgMu       sync.RWMutex
+
+	// The configuration file used to initialize this client, or an empty
+	// string if no configuration file was used.
+	cfgFile string
+
+	// This is configured by the login response from frps
+	serverUDPPort int
+
+	exit uint32 // 0 means not exit
+
+	// service context
+	ctx context.Context
+	// call cancel to stop service
+	cancel context.CancelFunc
+}
+
+func NewService(cfg config.ClientCommonConf, pxyCfgs map[string]config.ProxyConf, visitorCfgs map[string]config.VisitorConf, cfgFile string) (svr *Service, err error) {
+
+	ctx, cancel := context.WithCancel(context.Background())
+	svr = &Service{
+		authSetter:  auth.NewAuthSetter(cfg.AuthClientConfig),
+		cfg:         cfg,
+		cfgFile:     cfgFile,
+		pxyCfgs:     pxyCfgs,
+		visitorCfgs: visitorCfgs,
+		exit:        0,
+		ctx:         xlog.NewContext(ctx, xlog.New()),
+		cancel:      cancel,
+	}
+	return
+}
+
+func (svr *Service) GetController() *Control {
+	svr.ctlMu.RLock()
+	defer svr.ctlMu.RUnlock()
+	return svr.ctl
+}
+
+func (svr *Service) Run() error {
+	xl := xlog.FromContextSafe(svr.ctx)
+
+	// login to frps
+	for {
+		conn, session, err := svr.login()
+		if err != nil {
+			xl.Warn("login to server failed: %v", err)
+
+			// if login_fail_exit is true, just exit this program
+			// otherwise sleep a while and try again to connect to server
+			if svr.cfg.LoginFailExit {
+				return err
+			} else {
+				time.Sleep(10 * time.Second)
+			}
+		} else {
+			// login success
+			ctl := NewControl(svr.ctx, svr.runId, conn, session, svr.cfg, svr.pxyCfgs, svr.visitorCfgs, svr.serverUDPPort, svr.authSetter)
+			ctl.Run()
+			svr.ctlMu.Lock()
+			svr.ctl = ctl
+			svr.ctlMu.Unlock()
+			break
+		}
+	}
+
+	go svr.keepControllerWorking()
+
+	if svr.cfg.AdminPort != 0 {
+		// Init admin server assets
+		err := assets.Load(svr.cfg.AssetsDir)
+		if err != nil {
+			return fmt.Errorf("Load assets error: %v", err)
+		}
+
+		err = svr.RunAdminServer(svr.cfg.AdminAddr, svr.cfg.AdminPort)
+		if err != nil {
+			log.Warn("run admin server error: %v", err)
+		}
+		log.Info("admin server listen on %s:%d", svr.cfg.AdminAddr, svr.cfg.AdminPort)
+	}
+	<-svr.ctx.Done()
+	return nil
+}
+
+func (svr *Service) keepControllerWorking() {
+	xl := xlog.FromContextSafe(svr.ctx)
+	maxDelayTime := 20 * time.Second
+	delayTime := time.Second
+
+	for {
+		<-svr.ctl.ClosedDoneCh()
+		if atomic.LoadUint32(&svr.exit) != 0 {
+			return
+		}
+
+		for {
+			xl.Info("try to reconnect to server...")
+			conn, session, err := svr.login()
+			if err != nil {
+				xl.Warn("reconnect to server error: %v", err)
+				time.Sleep(delayTime)
+				delayTime = delayTime * 2
+				if delayTime > maxDelayTime {
+					delayTime = maxDelayTime
+				}
+				continue
+			}
+			// reconnect success, init delayTime
+			delayTime = time.Second
+
+			ctl := NewControl(svr.ctx, svr.runId, conn, session, svr.cfg, svr.pxyCfgs, svr.visitorCfgs, svr.serverUDPPort, svr.authSetter)
+			ctl.Run()
+			svr.ctlMu.Lock()
+			svr.ctl = ctl
+			svr.ctlMu.Unlock()
+			break
+		}
+	}
+}
+
+// login creates a connection to frps and registers it self as a client
+// conn: control connection
+// session: if it's not nil, using tcp mux
+func (svr *Service) login() (conn net.Conn, session *fmux.Session, err error) {
+	xl := xlog.FromContextSafe(svr.ctx)
+	var tlsConfig *tls.Config
+	if svr.cfg.TLSEnable {
+		tlsConfig = &tls.Config{
+			InsecureSkipVerify: true,
+		}
+	}
+	conn, err = frpNet.ConnectServerByProxyWithTLS(svr.cfg.HttpProxy, svr.cfg.Protocol,
+		fmt.Sprintf("%s:%d", svr.cfg.ServerAddr, svr.cfg.ServerPort), tlsConfig)
+	if err != nil {
+		return
+	}
+
+	defer func() {
+		if err != nil {
+			conn.Close()
+			if session != nil {
+				session.Close()
+			}
+		}
+	}()
+
+	if svr.cfg.TcpMux {
+		fmuxCfg := fmux.DefaultConfig()
+		fmuxCfg.KeepAliveInterval = 20 * time.Second
+		fmuxCfg.LogOutput = ioutil.Discard
+		session, err = fmux.Client(conn, fmuxCfg)
+		if err != nil {
+			return
+		}
+		stream, errRet := session.OpenStream()
+		if errRet != nil {
+			session.Close()
+			err = errRet
+			return
+		}
+		conn = stream
+	}
+
+	loginMsg := &msg.Login{
+		Arch:      runtime.GOARCH,
+		Os:        runtime.GOOS,
+		PoolCount: svr.cfg.PoolCount,
+		User:      svr.cfg.User,
+		Version:   version.Full(),
+		Timestamp: time.Now().Unix(),
+		RunId:     svr.runId,
+		Metas:     svr.cfg.Metas,
+	}
+
+	// Add auth
+	if err = svr.authSetter.SetLogin(loginMsg); err != nil {
+		return
+	}
+
+	if err = msg.WriteMsg(conn, loginMsg); err != nil {
+		return
+	}
+
+	var loginRespMsg msg.LoginResp
+	conn.SetReadDeadline(time.Now().Add(10 * time.Second))
+	if err = msg.ReadMsgInto(conn, &loginRespMsg); err != nil {
+		return
+	}
+	conn.SetReadDeadline(time.Time{})
+
+	if loginRespMsg.Error != "" {
+		err = fmt.Errorf("%s", loginRespMsg.Error)
+		xl.Error("%s", loginRespMsg.Error)
+		return
+	}
+
+	svr.runId = loginRespMsg.RunId
+	xl.ResetPrefixes()
+	xl.AppendPrefix(svr.runId)
+
+	svr.serverUDPPort = loginRespMsg.ServerUdpPort
+	xl.Info("login to server success, get run id [%s], server udp port [%d]", loginRespMsg.RunId, loginRespMsg.ServerUdpPort)
+	return
+}
+
+func (svr *Service) ReloadConf(pxyCfgs map[string]config.ProxyConf, visitorCfgs map[string]config.VisitorConf) error {
+	svr.cfgMu.Lock()
+	svr.pxyCfgs = pxyCfgs
+	svr.visitorCfgs = visitorCfgs
+	svr.cfgMu.Unlock()
+
+	return svr.ctl.ReloadConf(pxyCfgs, visitorCfgs)
+}
+
+func (svr *Service) Close() {
+	atomic.StoreUint32(&svr.exit, 1)
+	svr.ctl.Close()
+	svr.cancel()
+}

client/visitor.go

@@ -0,0 +1,330 @@
+// Copyright 2017 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package client
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net"
+	"sync"
+	"time"
+
+	"github.com/fatedier/frp/models/config"
+	"github.com/fatedier/frp/models/msg"
+	frpNet "github.com/fatedier/frp/utils/net"
+	"github.com/fatedier/frp/utils/util"
+	"github.com/fatedier/frp/utils/xlog"
+
+	frpIo "github.com/fatedier/golib/io"
+	"github.com/fatedier/golib/pool"
+	fmux "github.com/hashicorp/yamux"
+)
+
+// Visitor is used for forward traffics from local port tot remote service.
+type Visitor interface {
+	Run() error
+	Close()
+}
+
+func NewVisitor(ctx context.Context, ctl *Control, cfg config.VisitorConf) (visitor Visitor) {
+	xl := xlog.FromContextSafe(ctx).Spawn().AppendPrefix(cfg.GetBaseInfo().ProxyName)
+	baseVisitor := BaseVisitor{
+		ctl: ctl,
+		ctx: xlog.NewContext(ctx, xl),
+	}
+	switch cfg := cfg.(type) {
+	case *config.StcpVisitorConf:
+		visitor = &StcpVisitor{
+			BaseVisitor: &baseVisitor,
+			cfg:         cfg,
+		}
+	case *config.XtcpVisitorConf:
+		visitor = &XtcpVisitor{
+			BaseVisitor: &baseVisitor,
+			cfg:         cfg,
+		}
+	}
+	return
+}
+
+type BaseVisitor struct {
+	ctl    *Control
+	l      net.Listener
+	closed bool
+
+	mu  sync.RWMutex
+	ctx context.Context
+}
+
+type StcpVisitor struct {
+	*BaseVisitor
+
+	cfg *config.StcpVisitorConf
+}
+
+func (sv *StcpVisitor) Run() (err error) {
+	sv.l, err = net.Listen("tcp", fmt.Sprintf("%s:%d", sv.cfg.BindAddr, sv.cfg.BindPort))
+	if err != nil {
+		return
+	}
+
+	go sv.worker()
+	return
+}
+
+func (sv *StcpVisitor) Close() {
+	sv.l.Close()
+}
+
+func (sv *StcpVisitor) worker() {
+	xl := xlog.FromContextSafe(sv.ctx)
+	for {
+		conn, err := sv.l.Accept()
+		if err != nil {
+			xl.Warn("stcp local listener closed")
+			return
+		}
+
+		go sv.handleConn(conn)
+	}
+}
+
+func (sv *StcpVisitor) handleConn(userConn net.Conn) {
+	xl := xlog.FromContextSafe(sv.ctx)
+	defer userConn.Close()
+
+	xl.Debug("get a new stcp user connection")
+	visitorConn, err := sv.ctl.connectServer()
+	if err != nil {
+		return
+	}
+	defer visitorConn.Close()
+
+	now := time.Now().Unix()
+	newVisitorConnMsg := &msg.NewVisitorConn{
+		ProxyName:      sv.cfg.ServerName,
+		SignKey:        util.GetAuthKey(sv.cfg.Sk, now),
+		Timestamp:      now,
+		UseEncryption:  sv.cfg.UseEncryption,
+		UseCompression: sv.cfg.UseCompression,
+	}
+	err = msg.WriteMsg(visitorConn, newVisitorConnMsg)
+	if err != nil {
+		xl.Warn("send newVisitorConnMsg to server error: %v", err)
+		return
+	}
+
+	var newVisitorConnRespMsg msg.NewVisitorConnResp
+	visitorConn.SetReadDeadline(time.Now().Add(10 * time.Second))
+	err = msg.ReadMsgInto(visitorConn, &newVisitorConnRespMsg)
+	if err != nil {
+		xl.Warn("get newVisitorConnRespMsg error: %v", err)
+		return
+	}
+	visitorConn.SetReadDeadline(time.Time{})
+
+	if newVisitorConnRespMsg.Error != "" {
+		xl.Warn("start new visitor connection error: %s", newVisitorConnRespMsg.Error)
+		return
+	}
+
+	var remote io.ReadWriteCloser
+	remote = visitorConn
+	if sv.cfg.UseEncryption {
+		remote, err = frpIo.WithEncryption(remote, []byte(sv.cfg.Sk))
+		if err != nil {
+			xl.Error("create encryption stream error: %v", err)
+			return
+		}
+	}
+
+	if sv.cfg.UseCompression {
+		remote = frpIo.WithCompression(remote)
+	}
+
+	frpIo.Join(userConn, remote)
+}
+
+type XtcpVisitor struct {
+	*BaseVisitor
+
+	cfg *config.XtcpVisitorConf
+}
+
+func (sv *XtcpVisitor) Run() (err error) {
+	sv.l, err = net.Listen("tcp", fmt.Sprintf("%s:%d", sv.cfg.BindAddr, sv.cfg.BindPort))
+	if err != nil {
+		return
+	}
+
+	go sv.worker()
+	return
+}
+
+func (sv *XtcpVisitor) Close() {
+	sv.l.Close()
+}
+
+func (sv *XtcpVisitor) worker() {
+	xl := xlog.FromContextSafe(sv.ctx)
+	for {
+		conn, err := sv.l.Accept()
+		if err != nil {
+			xl.Warn("xtcp local listener closed")
+			return
+		}
+
+		go sv.handleConn(conn)
+	}
+}
+
+func (sv *XtcpVisitor) handleConn(userConn net.Conn) {
+	xl := xlog.FromContextSafe(sv.ctx)
+	defer userConn.Close()
+
+	xl.Debug("get a new xtcp user connection")
+	if sv.ctl.serverUDPPort == 0 {
+		xl.Error("xtcp is not supported by server")
+		return
+	}
+
+	raddr, err := net.ResolveUDPAddr("udp",
+		fmt.Sprintf("%s:%d", sv.ctl.clientCfg.ServerAddr, sv.ctl.serverUDPPort))
+	if err != nil {
+		xl.Error("resolve server UDP addr error")
+		return
+	}
+
+	visitorConn, err := net.DialUDP("udp", nil, raddr)
+	if err != nil {
+		xl.Warn("dial server udp addr error: %v", err)
+		return
+	}
+	defer visitorConn.Close()
+
+	now := time.Now().Unix()
+	natHoleVisitorMsg := &msg.NatHoleVisitor{
+		ProxyName: sv.cfg.ServerName,
+		SignKey:   util.GetAuthKey(sv.cfg.Sk, now),
+		Timestamp: now,
+	}
+	err = msg.WriteMsg(visitorConn, natHoleVisitorMsg)
+	if err != nil {
+		xl.Warn("send natHoleVisitorMsg to server error: %v", err)
+		return
+	}
+
+	// Wait for client address at most 10 seconds.
+	var natHoleRespMsg msg.NatHoleResp
+	visitorConn.SetReadDeadline(time.Now().Add(10 * time.Second))
+	buf := pool.GetBuf(1024)
+	n, err := visitorConn.Read(buf)
+	if err != nil {
+		xl.Warn("get natHoleRespMsg error: %v", err)
+		return
+	}
+
+	err = msg.ReadMsgInto(bytes.NewReader(buf[:n]), &natHoleRespMsg)
+	if err != nil {
+		xl.Warn("get natHoleRespMsg error: %v", err)
+		return
+	}
+	visitorConn.SetReadDeadline(time.Time{})
+	pool.PutBuf(buf)
+
+	if natHoleRespMsg.Error != "" {
+		xl.Error("natHoleRespMsg get error info: %s", natHoleRespMsg.Error)
+		return
+	}
+
+	xl.Trace("get natHoleRespMsg, sid [%s], client address [%s], visitor address [%s]", natHoleRespMsg.Sid, natHoleRespMsg.ClientAddr, natHoleRespMsg.VisitorAddr)
+
+	// Close visitorConn, so we can use it's local address.
+	visitorConn.Close()
+
+	// send sid message to client
+	laddr, _ := net.ResolveUDPAddr("udp", visitorConn.LocalAddr().String())
+	daddr, err := net.ResolveUDPAddr("udp", natHoleRespMsg.ClientAddr)
+	if err != nil {
+		xl.Error("resolve client udp address error: %v", err)
+		return
+	}
+	lConn, err := net.DialUDP("udp", laddr, daddr)
+	if err != nil {
+		xl.Error("dial client udp address error: %v", err)
+		return
+	}
+	defer lConn.Close()
+
+	lConn.Write([]byte(natHoleRespMsg.Sid))
+
+	// read ack sid from client
+	sidBuf := pool.GetBuf(1024)
+	lConn.SetReadDeadline(time.Now().Add(8 * time.Second))
+	n, err = lConn.Read(sidBuf)
+	if err != nil {
+		xl.Warn("get sid from client error: %v", err)
+		return
+	}
+	lConn.SetReadDeadline(time.Time{})
+	if string(sidBuf[:n]) != natHoleRespMsg.Sid {
+		xl.Warn("incorrect sid from client")
+		return
+	}
+	pool.PutBuf(sidBuf)
+
+	xl.Info("nat hole connection make success, sid [%s]", natHoleRespMsg.Sid)
+
+	// wrap kcp connection
+	var remote io.ReadWriteCloser
+	remote, err = frpNet.NewKcpConnFromUdp(lConn, true, natHoleRespMsg.ClientAddr)
+	if err != nil {
+		xl.Error("create kcp connection from udp connection error: %v", err)
+		return
+	}
+
+	fmuxCfg := fmux.DefaultConfig()
+	fmuxCfg.KeepAliveInterval = 5 * time.Second
+	fmuxCfg.LogOutput = ioutil.Discard
+	sess, err := fmux.Client(remote, fmuxCfg)
+	if err != nil {
+		xl.Error("create yamux session error: %v", err)
+		return
+	}
+	defer sess.Close()
+	muxConn, err := sess.Open()
+	if err != nil {
+		xl.Error("open yamux stream error: %v", err)
+		return
+	}
+
+	var muxConnRWCloser io.ReadWriteCloser = muxConn
+	if sv.cfg.UseEncryption {
+		muxConnRWCloser, err = frpIo.WithEncryption(muxConnRWCloser, []byte(sv.cfg.Sk))
+		if err != nil {
+			xl.Error("create encryption stream error: %v", err)
+			return
+		}
+	}
+	if sv.cfg.UseCompression {
+		muxConnRWCloser = frpIo.WithCompression(muxConnRWCloser)
+	}
+
+	frpIo.Join(userConn, muxConnRWCloser)
+	xl.Debug("join connections closed")
+}

client/visitor_manager.go

@@ -0,0 +1,129 @@
+// Copyright 2018 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package client
+
+import (
+	"context"
+	"sync"
+	"time"
+
+	"github.com/fatedier/frp/models/config"
+	"github.com/fatedier/frp/utils/xlog"
+)
+
+type VisitorManager struct {
+	ctl *Control
+
+	cfgs     map[string]config.VisitorConf
+	visitors map[string]Visitor
+
+	checkInterval time.Duration
+
+	mu  sync.Mutex
+	ctx context.Context
+}
+
+func NewVisitorManager(ctx context.Context, ctl *Control) *VisitorManager {
+	return &VisitorManager{
+		ctl:           ctl,
+		cfgs:          make(map[string]config.VisitorConf),
+		visitors:      make(map[string]Visitor),
+		checkInterval: 10 * time.Second,
+		ctx:           ctx,
+	}
+}
+
+func (vm *VisitorManager) Run() {
+	xl := xlog.FromContextSafe(vm.ctx)
+	for {
+		time.Sleep(vm.checkInterval)
+		vm.mu.Lock()
+		for _, cfg := range vm.cfgs {
+			name := cfg.GetBaseInfo().ProxyName
+			if _, exist := vm.visitors[name]; !exist {
+				xl.Info("try to start visitor [%s]", name)
+				vm.startVisitor(cfg)
+			}
+		}
+		vm.mu.Unlock()
+	}
+}
+
+// Hold lock before calling this function.
+func (vm *VisitorManager) startVisitor(cfg config.VisitorConf) (err error) {
+	xl := xlog.FromContextSafe(vm.ctx)
+	name := cfg.GetBaseInfo().ProxyName
+	visitor := NewVisitor(vm.ctx, vm.ctl, cfg)
+	err = visitor.Run()
+	if err != nil {
+		xl.Warn("start error: %v", err)
+	} else {
+		vm.visitors[name] = visitor
+		xl.Info("start visitor success")
+	}
+	return
+}
+
+func (vm *VisitorManager) Reload(cfgs map[string]config.VisitorConf) {
+	xl := xlog.FromContextSafe(vm.ctx)
+	vm.mu.Lock()
+	defer vm.mu.Unlock()
+
+	delNames := make([]string, 0)
+	for name, oldCfg := range vm.cfgs {
+		del := false
+		cfg, ok := cfgs[name]
+		if !ok {
+			del = true
+		} else {
+			if !oldCfg.Compare(cfg) {
+				del = true
+			}
+		}
+
+		if del {
+			delNames = append(delNames, name)
+			delete(vm.cfgs, name)
+			if visitor, ok := vm.visitors[name]; ok {
+				visitor.Close()
+			}
+			delete(vm.visitors, name)
+		}
+	}
+	if len(delNames) > 0 {
+		xl.Info("visitor removed: %v", delNames)
+	}
+
+	addNames := make([]string, 0)
+	for name, cfg := range cfgs {
+		if _, ok := vm.cfgs[name]; !ok {
+			vm.cfgs[name] = cfg
+			addNames = append(addNames, name)
+			vm.startVisitor(cfg)
+		}
+	}
+	if len(addNames) > 0 {
+		xl.Info("visitor added: %v", addNames)
+	}
+	return
+}
+
+func (vm *VisitorManager) Close() {
+	vm.mu.Lock()
+	defer vm.mu.Unlock()
+	for _, v := range vm.visitors {
+		v.Close()
+	}
+}

cmd/frpc/main.go

@@ -12,23 +12,21 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package msg
+package main
 
-type GeneralRes struct {
-	Code int64  `json:"code"`
-	Msg  string `json:"msg"`
-}
+import (
+	"math/rand"
+	"time"
 
-type ClientCtlReq struct {
-	Type      int64  `json:"type"`
-	ProxyName string `json:"proxy_name"`
-	Passwd    string `json:"passwd"`
-}
+	_ "github.com/fatedier/frp/assets/frpc/statik"
+	"github.com/fatedier/frp/cmd/frpc/sub"
 
-type ClientCtlRes struct {
-	GeneralRes
-}
+	"github.com/fatedier/golib/crypto"
+)
 
-type ServerCtlReq struct {
-	Type int64 `json:"type"`
+func main() {
+	crypto.DefaultSalt = "frp"
+	rand.Seed(time.Now().UnixNano())
+
+	sub.Execute()
 }

cmd/frpc/sub/http.go

@@ -0,0 +1,97 @@
+// Copyright 2018 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package sub
+
+import (
+	"fmt"
+	"os"
+	"strings"
+
+	"github.com/spf13/cobra"
+
+	"github.com/fatedier/frp/models/config"
+	"github.com/fatedier/frp/models/consts"
+)
+
+func init() {
+	httpCmd.PersistentFlags().StringVarP(&serverAddr, "server_addr", "s", "127.0.0.1:7000", "frp server's address")
+	httpCmd.PersistentFlags().StringVarP(&user, "user", "u", "", "user")
+	httpCmd.PersistentFlags().StringVarP(&protocol, "protocol", "p", "tcp", "tcp or kcp or websocket")
+	httpCmd.PersistentFlags().StringVarP(&token, "token", "t", "", "auth token")
+	httpCmd.PersistentFlags().StringVarP(&logLevel, "log_level", "", "info", "log level")
+	httpCmd.PersistentFlags().StringVarP(&logFile, "log_file", "", "console", "console or file path")
+	httpCmd.PersistentFlags().IntVarP(&logMaxDays, "log_max_days", "", 3, "log file reversed days")
+	httpCmd.PersistentFlags().BoolVarP(&disableLogColor, "disable_log_color", "", false, "disable log color in console")
+
+	httpCmd.PersistentFlags().StringVarP(&proxyName, "proxy_name", "n", "", "proxy name")
+	httpCmd.PersistentFlags().StringVarP(&localIp, "local_ip", "i", "127.0.0.1", "local ip")
+	httpCmd.PersistentFlags().IntVarP(&localPort, "local_port", "l", 0, "local port")
+	httpCmd.PersistentFlags().StringVarP(&customDomains, "custom_domain", "d", "", "custom domain")
+	httpCmd.PersistentFlags().StringVarP(&subDomain, "sd", "", "", "sub domain")
+	httpCmd.PersistentFlags().StringVarP(&locations, "locations", "", "", "locations")
+	httpCmd.PersistentFlags().StringVarP(&httpUser, "http_user", "", "", "http auth user")
+	httpCmd.PersistentFlags().StringVarP(&httpPwd, "http_pwd", "", "", "http auth password")
+	httpCmd.PersistentFlags().StringVarP(&hostHeaderRewrite, "host_header_rewrite", "", "", "host header rewrite")
+	httpCmd.PersistentFlags().BoolVarP(&useEncryption, "ue", "", false, "use encryption")
+	httpCmd.PersistentFlags().BoolVarP(&useCompression, "uc", "", false, "use compression")
+
+	rootCmd.AddCommand(httpCmd)
+}
+
+var httpCmd = &cobra.Command{
+	Use:   "http",
+	Short: "Run frpc with a single http proxy",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		clientCfg, err := parseClientCommonCfg(CfgFileTypeCmd, "")
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		cfg := &config.HttpProxyConf{}
+		var prefix string
+		if user != "" {
+			prefix = user + "."
+		}
+		cfg.ProxyName = prefix + proxyName
+		cfg.ProxyType = consts.HttpProxy
+		cfg.LocalIp = localIp
+		cfg.LocalPort = localPort
+		cfg.CustomDomains = strings.Split(customDomains, ",")
+		cfg.SubDomain = subDomain
+		cfg.Locations = strings.Split(locations, ",")
+		cfg.HttpUser = httpUser
+		cfg.HttpPwd = httpPwd
+		cfg.HostHeaderRewrite = hostHeaderRewrite
+		cfg.UseEncryption = useEncryption
+		cfg.UseCompression = useCompression
+
+		err = cfg.CheckForCli()
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		proxyConfs := map[string]config.ProxyConf{
+			cfg.ProxyName: cfg,
+		}
+		err = startService(clientCfg, proxyConfs, nil, "")
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+		return nil
+	},
+}

cmd/frpc/sub/https.go

@@ -0,0 +1,89 @@
+// Copyright 2018 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package sub
+
+import (
+	"fmt"
+	"os"
+	"strings"
+
+	"github.com/spf13/cobra"
+
+	"github.com/fatedier/frp/models/config"
+	"github.com/fatedier/frp/models/consts"
+)
+
+func init() {
+	httpsCmd.PersistentFlags().StringVarP(&serverAddr, "server_addr", "s", "127.0.0.1:7000", "frp server's address")
+	httpsCmd.PersistentFlags().StringVarP(&user, "user", "u", "", "user")
+	httpsCmd.PersistentFlags().StringVarP(&protocol, "protocol", "p", "tcp", "tcp or kcp or websocket")
+	httpsCmd.PersistentFlags().StringVarP(&token, "token", "t", "", "auth token")
+	httpsCmd.PersistentFlags().StringVarP(&logLevel, "log_level", "", "info", "log level")
+	httpsCmd.PersistentFlags().StringVarP(&logFile, "log_file", "", "console", "console or file path")
+	httpsCmd.PersistentFlags().IntVarP(&logMaxDays, "log_max_days", "", 3, "log file reversed days")
+	httpsCmd.PersistentFlags().BoolVarP(&disableLogColor, "disable_log_color", "", false, "disable log color in console")
+
+	httpsCmd.PersistentFlags().StringVarP(&proxyName, "proxy_name", "n", "", "proxy name")
+	httpsCmd.PersistentFlags().StringVarP(&localIp, "local_ip", "i", "127.0.0.1", "local ip")
+	httpsCmd.PersistentFlags().IntVarP(&localPort, "local_port", "l", 0, "local port")
+	httpsCmd.PersistentFlags().StringVarP(&customDomains, "custom_domain", "d", "", "custom domain")
+	httpsCmd.PersistentFlags().StringVarP(&subDomain, "sd", "", "", "sub domain")
+	httpsCmd.PersistentFlags().BoolVarP(&useEncryption, "ue", "", false, "use encryption")
+	httpsCmd.PersistentFlags().BoolVarP(&useCompression, "uc", "", false, "use compression")
+
+	rootCmd.AddCommand(httpsCmd)
+}
+
+var httpsCmd = &cobra.Command{
+	Use:   "https",
+	Short: "Run frpc with a single https proxy",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		clientCfg, err := parseClientCommonCfg(CfgFileTypeCmd, "")
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		cfg := &config.HttpsProxyConf{}
+		var prefix string
+		if user != "" {
+			prefix = user + "."
+		}
+		cfg.ProxyName = prefix + proxyName
+		cfg.ProxyType = consts.HttpsProxy
+		cfg.LocalIp = localIp
+		cfg.LocalPort = localPort
+		cfg.CustomDomains = strings.Split(customDomains, ",")
+		cfg.SubDomain = subDomain
+		cfg.UseEncryption = useEncryption
+		cfg.UseCompression = useCompression
+
+		err = cfg.CheckForCli()
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		proxyConfs := map[string]config.ProxyConf{
+			cfg.ProxyName: cfg,
+		}
+		err = startService(clientCfg, proxyConfs, nil, "")
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+		return nil
+	},
+}

cmd/frpc/sub/reload.go

@@ -0,0 +1,90 @@
+// Copyright 2018 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package sub
+
+import (
+	"encoding/base64"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"os"
+	"strings"
+
+	"github.com/spf13/cobra"
+
+	"github.com/fatedier/frp/models/config"
+)
+
+func init() {
+	rootCmd.AddCommand(reloadCmd)
+}
+
+var reloadCmd = &cobra.Command{
+	Use:   "reload",
+	Short: "Hot-Reload frpc configuration",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		iniContent, err := config.GetRenderedConfFromFile(cfgFile)
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		clientCfg, err := parseClientCommonCfg(CfgFileTypeIni, iniContent)
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		err = reload(clientCfg)
+		if err != nil {
+			fmt.Printf("frpc reload error: %v\n", err)
+			os.Exit(1)
+		}
+		fmt.Printf("reload success\n")
+		return nil
+	},
+}
+
+func reload(clientCfg config.ClientCommonConf) error {
+	if clientCfg.AdminPort == 0 {
+		return fmt.Errorf("admin_port shoud be set if you want to use reload feature")
+	}
+
+	req, err := http.NewRequest("GET", "http://"+
+		clientCfg.AdminAddr+":"+fmt.Sprintf("%d", clientCfg.AdminPort)+"/api/reload", nil)
+	if err != nil {
+		return err
+	}
+
+	authStr := "Basic " + base64.StdEncoding.EncodeToString([]byte(clientCfg.AdminUser+":"+
+		clientCfg.AdminPwd))
+
+	req.Header.Add("Authorization", authStr)
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode == 200 {
+		return nil
+	}
+
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return err
+	}
+	return fmt.Errorf("code [%d], %s", resp.StatusCode, strings.TrimSpace(string(body)))
+}

cmd/frpc/sub/root.go

@@ -0,0 +1,233 @@
+// Copyright 2018 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package sub
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"os"
+	"os/signal"
+	"strconv"
+	"strings"
+	"syscall"
+	"time"
+
+	"github.com/spf13/cobra"
+
+	"github.com/fatedier/frp/client"
+	"github.com/fatedier/frp/models/auth"
+	"github.com/fatedier/frp/models/config"
+	"github.com/fatedier/frp/utils/log"
+	"github.com/fatedier/frp/utils/version"
+)
+
+const (
+	CfgFileTypeIni = iota
+	CfgFileTypeCmd
+)
+
+var (
+	cfgFile     string
+	showVersion bool
+
+	serverAddr      string
+	user            string
+	protocol        string
+	token           string
+	logLevel        string
+	logFile         string
+	logMaxDays      int
+	disableLogColor bool
+
+	proxyName         string
+	localIp           string
+	localPort         int
+	remotePort        int
+	useEncryption     bool
+	useCompression    bool
+	customDomains     string
+	subDomain         string
+	httpUser          string
+	httpPwd           string
+	locations         string
+	hostHeaderRewrite string
+	role              string
+	sk                string
+	multiplexer       string
+	serverName        string
+	bindAddr          string
+	bindPort          int
+
+	kcpDoneCh chan struct{}
+)
+
+func init() {
+	rootCmd.PersistentFlags().StringVarP(&cfgFile, "config", "c", "./frpc.ini", "config file of frpc")
+	rootCmd.PersistentFlags().BoolVarP(&showVersion, "version", "v", false, "version of frpc")
+
+	kcpDoneCh = make(chan struct{})
+}
+
+var rootCmd = &cobra.Command{
+	Use:   "frpc",
+	Short: "frpc is the client of frp (https://github.com/fatedier/frp)",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		if showVersion {
+			fmt.Println(version.Full())
+			return nil
+		}
+
+		// Do not show command usage here.
+		err := runClient(cfgFile)
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+		return nil
+	},
+}
+
+func Execute() {
+	if err := rootCmd.Execute(); err != nil {
+		os.Exit(1)
+	}
+}
+
+func handleSignal(svr *client.Service) {
+	ch := make(chan os.Signal)
+	signal.Notify(ch, syscall.SIGINT, syscall.SIGTERM)
+	<-ch
+	svr.Close()
+	time.Sleep(250 * time.Millisecond)
+	close(kcpDoneCh)
+}
+
+func parseClientCommonCfg(fileType int, content string) (cfg config.ClientCommonConf, err error) {
+	if fileType == CfgFileTypeIni {
+		cfg, err = parseClientCommonCfgFromIni(content)
+	} else if fileType == CfgFileTypeCmd {
+		cfg, err = parseClientCommonCfgFromCmd()
+	}
+	if err != nil {
+		return
+	}
+
+	err = cfg.Check()
+	if err != nil {
+		return
+	}
+	return
+}
+
+func parseClientCommonCfgFromIni(content string) (config.ClientCommonConf, error) {
+	cfg, err := config.UnmarshalClientConfFromIni(content)
+	if err != nil {
+		return config.ClientCommonConf{}, err
+	}
+	return cfg, err
+}
+
+func parseClientCommonCfgFromCmd() (cfg config.ClientCommonConf, err error) {
+	cfg = config.GetDefaultClientConf()
+
+	strs := strings.Split(serverAddr, ":")
+	if len(strs) < 2 {
+		err = fmt.Errorf("invalid server_addr")
+		return
+	}
+	if strs[0] != "" {
+		cfg.ServerAddr = strs[0]
+	}
+	cfg.ServerPort, err = strconv.Atoi(strs[1])
+	if err != nil {
+		err = fmt.Errorf("invalid server_addr")
+		return
+	}
+
+	cfg.User = user
+	cfg.Protocol = protocol
+	cfg.LogLevel = logLevel
+	cfg.LogFile = logFile
+	cfg.LogMaxDays = int64(logMaxDays)
+	if logFile == "console" {
+		cfg.LogWay = "console"
+	} else {
+		cfg.LogWay = "file"
+	}
+	cfg.DisableLogColor = disableLogColor
+
+	// Only token authentication is supported in cmd mode
+	cfg.AuthClientConfig = auth.GetDefaultAuthClientConf()
+	cfg.Token = token
+
+	return
+}
+
+func runClient(cfgFilePath string) (err error) {
+	var content string
+	content, err = config.GetRenderedConfFromFile(cfgFilePath)
+	if err != nil {
+		return
+	}
+
+	cfg, err := parseClientCommonCfg(CfgFileTypeIni, content)
+	if err != nil {
+		return
+	}
+
+	pxyCfgs, visitorCfgs, err := config.LoadAllConfFromIni(cfg.User, content, cfg.Start)
+	if err != nil {
+		return err
+	}
+
+	err = startService(cfg, pxyCfgs, visitorCfgs, cfgFilePath)
+	return
+}
+
+func startService(cfg config.ClientCommonConf, pxyCfgs map[string]config.ProxyConf, visitorCfgs map[string]config.VisitorConf, cfgFile string) (err error) {
+	log.InitLog(cfg.LogWay, cfg.LogFile, cfg.LogLevel,
+		cfg.LogMaxDays, cfg.DisableLogColor)
+
+	if cfg.DnsServer != "" {
+		s := cfg.DnsServer
+		if !strings.Contains(s, ":") {
+			s += ":53"
+		}
+		// Change default dns server for frpc
+		net.DefaultResolver = &net.Resolver{
+			PreferGo: true,
+			Dial: func(ctx context.Context, network, address string) (net.Conn, error) {
+				return net.Dial("udp", s)
+			},
+		}
+	}
+	svr, errRet := client.NewService(cfg, pxyCfgs, visitorCfgs, cfgFile)
+	if errRet != nil {
+		err = errRet
+		return
+	}
+
+	// Capture the exit signal if we use kcp.
+	if cfg.Protocol == "kcp" {
+		go handleSignal(svr)
+	}
+
+	err = svr.Run()
+	if cfg.Protocol == "kcp" {
+		<-kcpDoneCh
+	}
+	return
+}

cmd/frpc/sub/status.go

@@ -0,0 +1,154 @@
+// Copyright 2018 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package sub
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"os"
+	"strings"
+
+	"github.com/rodaine/table"
+	"github.com/spf13/cobra"
+
+	"github.com/fatedier/frp/client"
+	"github.com/fatedier/frp/models/config"
+)
+
+func init() {
+	rootCmd.AddCommand(statusCmd)
+}
+
+var statusCmd = &cobra.Command{
+	Use:   "status",
+	Short: "Overview of all proxies status",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		iniContent, err := config.GetRenderedConfFromFile(cfgFile)
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		clientCfg, err := parseClientCommonCfg(CfgFileTypeIni, iniContent)
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		err = status(clientCfg)
+		if err != nil {
+			fmt.Printf("frpc get status error: %v\n", err)
+			os.Exit(1)
+		}
+		return nil
+	},
+}
+
+func status(clientCfg config.ClientCommonConf) error {
+	if clientCfg.AdminPort == 0 {
+		return fmt.Errorf("admin_port shoud be set if you want to get proxy status")
+	}
+
+	req, err := http.NewRequest("GET", "http://"+
+		clientCfg.AdminAddr+":"+fmt.Sprintf("%d", clientCfg.AdminPort)+"/api/status", nil)
+	if err != nil {
+		return err
+	}
+
+	authStr := "Basic " + base64.StdEncoding.EncodeToString([]byte(clientCfg.AdminUser+":"+
+		clientCfg.AdminPwd))
+
+	req.Header.Add("Authorization", authStr)
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != 200 {
+		return fmt.Errorf("admin api status code [%d]", resp.StatusCode)
+	}
+
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return err
+	}
+	res := &client.StatusResp{}
+	err = json.Unmarshal(body, &res)
+	if err != nil {
+		return fmt.Errorf("unmarshal http response error: %s", strings.TrimSpace(string(body)))
+	}
+
+	fmt.Println("Proxy Status...")
+	if len(res.Tcp) > 0 {
+		fmt.Printf("TCP")
+		tbl := table.New("Name", "Status", "LocalAddr", "Plugin", "RemoteAddr", "Error")
+		for _, ps := range res.Tcp {
+			tbl.AddRow(ps.Name, ps.Status, ps.LocalAddr, ps.Plugin, ps.RemoteAddr, ps.Err)
+		}
+		tbl.Print()
+		fmt.Println("")
+	}
+	if len(res.Udp) > 0 {
+		fmt.Printf("UDP")
+		tbl := table.New("Name", "Status", "LocalAddr", "Plugin", "RemoteAddr", "Error")
+		for _, ps := range res.Udp {
+			tbl.AddRow(ps.Name, ps.Status, ps.LocalAddr, ps.Plugin, ps.RemoteAddr, ps.Err)
+		}
+		tbl.Print()
+		fmt.Println("")
+	}
+	if len(res.Http) > 0 {
+		fmt.Printf("HTTP")
+		tbl := table.New("Name", "Status", "LocalAddr", "Plugin", "RemoteAddr", "Error")
+		for _, ps := range res.Http {
+			tbl.AddRow(ps.Name, ps.Status, ps.LocalAddr, ps.Plugin, ps.RemoteAddr, ps.Err)
+		}
+		tbl.Print()
+		fmt.Println("")
+	}
+	if len(res.Https) > 0 {
+		fmt.Printf("HTTPS")
+		tbl := table.New("Name", "Status", "LocalAddr", "Plugin", "RemoteAddr", "Error")
+		for _, ps := range res.Https {
+			tbl.AddRow(ps.Name, ps.Status, ps.LocalAddr, ps.Plugin, ps.RemoteAddr, ps.Err)
+		}
+		tbl.Print()
+		fmt.Println("")
+	}
+	if len(res.Stcp) > 0 {
+		fmt.Printf("STCP")
+		tbl := table.New("Name", "Status", "LocalAddr", "Plugin", "RemoteAddr", "Error")
+		for _, ps := range res.Stcp {
+			tbl.AddRow(ps.Name, ps.Status, ps.LocalAddr, ps.Plugin, ps.RemoteAddr, ps.Err)
+		}
+		tbl.Print()
+		fmt.Println("")
+	}
+	if len(res.Xtcp) > 0 {
+		fmt.Printf("XTCP")
+		tbl := table.New("Name", "Status", "LocalAddr", "Plugin", "RemoteAddr", "Error")
+		for _, ps := range res.Xtcp {
+			tbl.AddRow(ps.Name, ps.Status, ps.LocalAddr, ps.Plugin, ps.RemoteAddr, ps.Err)
+		}
+		tbl.Print()
+		fmt.Println("")
+	}
+
+	return nil
+}

cmd/frpc/sub/stcp.go

@@ -0,0 +1,114 @@
+// Copyright 2018 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package sub
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/spf13/cobra"
+
+	"github.com/fatedier/frp/models/config"
+	"github.com/fatedier/frp/models/consts"
+)
+
+func init() {
+	stcpCmd.PersistentFlags().StringVarP(&serverAddr, "server_addr", "s", "127.0.0.1:7000", "frp server's address")
+	stcpCmd.PersistentFlags().StringVarP(&user, "user", "u", "", "user")
+	stcpCmd.PersistentFlags().StringVarP(&protocol, "protocol", "p", "tcp", "tcp or kcp or websocket")
+	stcpCmd.PersistentFlags().StringVarP(&token, "token", "t", "", "auth token")
+	stcpCmd.PersistentFlags().StringVarP(&logLevel, "log_level", "", "info", "log level")
+	stcpCmd.PersistentFlags().StringVarP(&logFile, "log_file", "", "console", "console or file path")
+	stcpCmd.PersistentFlags().IntVarP(&logMaxDays, "log_max_days", "", 3, "log file reversed days")
+	stcpCmd.PersistentFlags().BoolVarP(&disableLogColor, "disable_log_color", "", false, "disable log color in console")
+
+	stcpCmd.PersistentFlags().StringVarP(&proxyName, "proxy_name", "n", "", "proxy name")
+	stcpCmd.PersistentFlags().StringVarP(&role, "role", "", "server", "role")
+	stcpCmd.PersistentFlags().StringVarP(&sk, "sk", "", "", "secret key")
+	stcpCmd.PersistentFlags().StringVarP(&serverName, "server_name", "", "", "server name")
+	stcpCmd.PersistentFlags().StringVarP(&localIp, "local_ip", "i", "127.0.0.1", "local ip")
+	stcpCmd.PersistentFlags().IntVarP(&localPort, "local_port", "l", 0, "local port")
+	stcpCmd.PersistentFlags().StringVarP(&bindAddr, "bind_addr", "", "", "bind addr")
+	stcpCmd.PersistentFlags().IntVarP(&bindPort, "bind_port", "", 0, "bind port")
+	stcpCmd.PersistentFlags().BoolVarP(&useEncryption, "ue", "", false, "use encryption")
+	stcpCmd.PersistentFlags().BoolVarP(&useCompression, "uc", "", false, "use compression")
+
+	rootCmd.AddCommand(stcpCmd)
+}
+
+var stcpCmd = &cobra.Command{
+	Use:   "stcp",
+	Short: "Run frpc with a single stcp proxy",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		clientCfg, err := parseClientCommonCfg(CfgFileTypeCmd, "")
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		proxyConfs := make(map[string]config.ProxyConf)
+		visitorConfs := make(map[string]config.VisitorConf)
+
+		var prefix string
+		if user != "" {
+			prefix = user + "."
+		}
+
+		if role == "server" {
+			cfg := &config.StcpProxyConf{}
+			cfg.ProxyName = prefix + proxyName
+			cfg.ProxyType = consts.StcpProxy
+			cfg.UseEncryption = useEncryption
+			cfg.UseCompression = useCompression
+			cfg.Role = role
+			cfg.Sk = sk
+			cfg.LocalIp = localIp
+			cfg.LocalPort = localPort
+			err = cfg.CheckForCli()
+			if err != nil {
+				fmt.Println(err)
+				os.Exit(1)
+			}
+			proxyConfs[cfg.ProxyName] = cfg
+		} else if role == "visitor" {
+			cfg := &config.StcpVisitorConf{}
+			cfg.ProxyName = prefix + proxyName
+			cfg.ProxyType = consts.StcpProxy
+			cfg.UseEncryption = useEncryption
+			cfg.UseCompression = useCompression
+			cfg.Role = role
+			cfg.Sk = sk
+			cfg.ServerName = serverName
+			cfg.BindAddr = bindAddr
+			cfg.BindPort = bindPort
+			err = cfg.Check()
+			if err != nil {
+				fmt.Println(err)
+				os.Exit(1)
+			}
+			visitorConfs[cfg.ProxyName] = cfg
+		} else {
+			fmt.Println("invalid role")
+			os.Exit(1)
+		}
+
+		err = startService(clientCfg, proxyConfs, visitorConfs, "")
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+		return nil
+	},
+}

cmd/frpc/sub/tcp.go

@@ -0,0 +1,86 @@
+// Copyright 2018 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package sub
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/spf13/cobra"
+
+	"github.com/fatedier/frp/models/config"
+	"github.com/fatedier/frp/models/consts"
+)
+
+func init() {
+	tcpCmd.PersistentFlags().StringVarP(&serverAddr, "server_addr", "s", "127.0.0.1:7000", "frp server's address")
+	tcpCmd.PersistentFlags().StringVarP(&user, "user", "u", "", "user")
+	tcpCmd.PersistentFlags().StringVarP(&protocol, "protocol", "p", "tcp", "tcp or kcp")
+	tcpCmd.PersistentFlags().StringVarP(&token, "token", "t", "", "auth token")
+	tcpCmd.PersistentFlags().StringVarP(&logLevel, "log_level", "", "info", "log level")
+	tcpCmd.PersistentFlags().StringVarP(&logFile, "log_file", "", "console", "console or file path")
+	tcpCmd.PersistentFlags().IntVarP(&logMaxDays, "log_max_days", "", 3, "log file reversed days")
+	tcpCmd.PersistentFlags().BoolVarP(&disableLogColor, "disable_log_color", "", false, "disable log color in console")
+
+	tcpCmd.PersistentFlags().StringVarP(&proxyName, "proxy_name", "n", "", "proxy name")
+	tcpCmd.PersistentFlags().StringVarP(&localIp, "local_ip", "i", "127.0.0.1", "local ip")
+	tcpCmd.PersistentFlags().IntVarP(&localPort, "local_port", "l", 0, "local port")
+	tcpCmd.PersistentFlags().IntVarP(&remotePort, "remote_port", "r", 0, "remote port")
+	tcpCmd.PersistentFlags().BoolVarP(&useEncryption, "ue", "", false, "use encryption")
+	tcpCmd.PersistentFlags().BoolVarP(&useCompression, "uc", "", false, "use compression")
+
+	rootCmd.AddCommand(tcpCmd)
+}
+
+var tcpCmd = &cobra.Command{
+	Use:   "tcp",
+	Short: "Run frpc with a single tcp proxy",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		clientCfg, err := parseClientCommonCfg(CfgFileTypeCmd, "")
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		cfg := &config.TcpProxyConf{}
+		var prefix string
+		if user != "" {
+			prefix = user + "."
+		}
+		cfg.ProxyName = prefix + proxyName
+		cfg.ProxyType = consts.TcpProxy
+		cfg.LocalIp = localIp
+		cfg.LocalPort = localPort
+		cfg.RemotePort = remotePort
+		cfg.UseEncryption = useEncryption
+		cfg.UseCompression = useCompression
+
+		err = cfg.CheckForCli()
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		proxyConfs := map[string]config.ProxyConf{
+			cfg.ProxyName: cfg,
+		}
+		err = startService(clientCfg, proxyConfs, nil, "")
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+		return nil
+	},
+}

cmd/frpc/sub/tcpmux.go

@@ -0,0 +1,91 @@
+// Copyright 2020 guylewin, guy@lewin.co.il
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package sub
+
+import (
+	"fmt"
+	"os"
+	"strings"
+
+	"github.com/spf13/cobra"
+
+	"github.com/fatedier/frp/models/config"
+	"github.com/fatedier/frp/models/consts"
+)
+
+func init() {
+	tcpMuxCmd.PersistentFlags().StringVarP(&serverAddr, "server_addr", "s", "127.0.0.1:7000", "frp server's address")
+	tcpMuxCmd.PersistentFlags().StringVarP(&user, "user", "u", "", "user")
+	tcpMuxCmd.PersistentFlags().StringVarP(&protocol, "protocol", "p", "tcp", "tcp or kcp or websocket")
+	tcpMuxCmd.PersistentFlags().StringVarP(&token, "token", "t", "", "auth token")
+	tcpMuxCmd.PersistentFlags().StringVarP(&logLevel, "log_level", "", "info", "log level")
+	tcpMuxCmd.PersistentFlags().StringVarP(&logFile, "log_file", "", "console", "console or file path")
+	tcpMuxCmd.PersistentFlags().IntVarP(&logMaxDays, "log_max_days", "", 3, "log file reversed days")
+	tcpMuxCmd.PersistentFlags().BoolVarP(&disableLogColor, "disable_log_color", "", false, "disable log color in console")
+
+	tcpMuxCmd.PersistentFlags().StringVarP(&proxyName, "proxy_name", "n", "", "proxy name")
+	tcpMuxCmd.PersistentFlags().StringVarP(&localIp, "local_ip", "i", "127.0.0.1", "local ip")
+	tcpMuxCmd.PersistentFlags().IntVarP(&localPort, "local_port", "l", 0, "local port")
+	tcpMuxCmd.PersistentFlags().StringVarP(&customDomains, "custom_domain", "d", "", "custom domain")
+	tcpMuxCmd.PersistentFlags().StringVarP(&subDomain, "sd", "", "", "sub domain")
+	tcpMuxCmd.PersistentFlags().StringVarP(&multiplexer, "mux", "", "", "multiplexer")
+	tcpMuxCmd.PersistentFlags().BoolVarP(&useEncryption, "ue", "", false, "use encryption")
+	tcpMuxCmd.PersistentFlags().BoolVarP(&useCompression, "uc", "", false, "use compression")
+
+	rootCmd.AddCommand(tcpMuxCmd)
+}
+
+var tcpMuxCmd = &cobra.Command{
+	Use:   "tcpmux",
+	Short: "Run frpc with a single tcpmux proxy",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		clientCfg, err := parseClientCommonCfg(CfgFileTypeCmd, "")
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		cfg := &config.TcpMuxProxyConf{}
+		var prefix string
+		if user != "" {
+			prefix = user + "."
+		}
+		cfg.ProxyName = prefix + proxyName
+		cfg.ProxyType = consts.TcpMuxProxy
+		cfg.LocalIp = localIp
+		cfg.LocalPort = localPort
+		cfg.CustomDomains = strings.Split(customDomains, ",")
+		cfg.SubDomain = subDomain
+		cfg.Multiplexer = multiplexer
+		cfg.UseEncryption = useEncryption
+		cfg.UseCompression = useCompression
+
+		err = cfg.CheckForCli()
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		proxyConfs := map[string]config.ProxyConf{
+			cfg.ProxyName: cfg,
+		}
+		err = startService(clientCfg, proxyConfs, nil, "")
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+		return nil
+	},
+}

cmd/frpc/sub/udp.go

@@ -0,0 +1,86 @@
+// Copyright 2018 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package sub
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/spf13/cobra"
+
+	"github.com/fatedier/frp/models/config"
+	"github.com/fatedier/frp/models/consts"
+)
+
+func init() {
+	udpCmd.PersistentFlags().StringVarP(&serverAddr, "server_addr", "s", "127.0.0.1:7000", "frp server's address")
+	udpCmd.PersistentFlags().StringVarP(&user, "user", "u", "", "user")
+	udpCmd.PersistentFlags().StringVarP(&protocol, "protocol", "p", "tcp", "tcp or kcp or websocket")
+	udpCmd.PersistentFlags().StringVarP(&token, "token", "t", "", "auth token")
+	udpCmd.PersistentFlags().StringVarP(&logLevel, "log_level", "", "info", "log level")
+	udpCmd.PersistentFlags().StringVarP(&logFile, "log_file", "", "console", "console or file path")
+	udpCmd.PersistentFlags().IntVarP(&logMaxDays, "log_max_days", "", 3, "log file reversed days")
+	udpCmd.PersistentFlags().BoolVarP(&disableLogColor, "disable_log_color", "", false, "disable log color in console")
+
+	udpCmd.PersistentFlags().StringVarP(&proxyName, "proxy_name", "n", "", "proxy name")
+	udpCmd.PersistentFlags().StringVarP(&localIp, "local_ip", "i", "127.0.0.1", "local ip")
+	udpCmd.PersistentFlags().IntVarP(&localPort, "local_port", "l", 0, "local port")
+	udpCmd.PersistentFlags().IntVarP(&remotePort, "remote_port", "r", 0, "remote port")
+	udpCmd.PersistentFlags().BoolVarP(&useEncryption, "ue", "", false, "use encryption")
+	udpCmd.PersistentFlags().BoolVarP(&useCompression, "uc", "", false, "use compression")
+
+	rootCmd.AddCommand(udpCmd)
+}
+
+var udpCmd = &cobra.Command{
+	Use:   "udp",
+	Short: "Run frpc with a single udp proxy",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		clientCfg, err := parseClientCommonCfg(CfgFileTypeCmd, "")
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		cfg := &config.UdpProxyConf{}
+		var prefix string
+		if user != "" {
+			prefix = user + "."
+		}
+		cfg.ProxyName = prefix + proxyName
+		cfg.ProxyType = consts.UdpProxy
+		cfg.LocalIp = localIp
+		cfg.LocalPort = localPort
+		cfg.RemotePort = remotePort
+		cfg.UseEncryption = useEncryption
+		cfg.UseCompression = useCompression
+
+		err = cfg.CheckForCli()
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		proxyConfs := map[string]config.ProxyConf{
+			cfg.ProxyName: cfg,
+		}
+		err = startService(clientCfg, proxyConfs, nil, "")
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+		return nil
+	},
+}

cmd/frpc/sub/xtcp.go

@@ -0,0 +1,114 @@
+// Copyright 2018 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package sub
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/spf13/cobra"
+
+	"github.com/fatedier/frp/models/config"
+	"github.com/fatedier/frp/models/consts"
+)
+
+func init() {
+	xtcpCmd.PersistentFlags().StringVarP(&serverAddr, "server_addr", "s", "127.0.0.1:7000", "frp server's address")
+	xtcpCmd.PersistentFlags().StringVarP(&user, "user", "u", "", "user")
+	xtcpCmd.PersistentFlags().StringVarP(&protocol, "protocol", "p", "tcp", "tcp or kcp or websocket")
+	xtcpCmd.PersistentFlags().StringVarP(&token, "token", "t", "", "auth token")
+	xtcpCmd.PersistentFlags().StringVarP(&logLevel, "log_level", "", "info", "log level")
+	xtcpCmd.PersistentFlags().StringVarP(&logFile, "log_file", "", "console", "console or file path")
+	xtcpCmd.PersistentFlags().IntVarP(&logMaxDays, "log_max_days", "", 3, "log file reversed days")
+	xtcpCmd.PersistentFlags().BoolVarP(&disableLogColor, "disable_log_color", "", false, "disable log color in console")
+
+	xtcpCmd.PersistentFlags().StringVarP(&proxyName, "proxy_name", "n", "", "proxy name")
+	xtcpCmd.PersistentFlags().StringVarP(&role, "role", "", "server", "role")
+	xtcpCmd.PersistentFlags().StringVarP(&sk, "sk", "", "", "secret key")
+	xtcpCmd.PersistentFlags().StringVarP(&serverName, "server_name", "", "", "server name")
+	xtcpCmd.PersistentFlags().StringVarP(&localIp, "local_ip", "i", "127.0.0.1", "local ip")
+	xtcpCmd.PersistentFlags().IntVarP(&localPort, "local_port", "l", 0, "local port")
+	xtcpCmd.PersistentFlags().StringVarP(&bindAddr, "bind_addr", "", "", "bind addr")
+	xtcpCmd.PersistentFlags().IntVarP(&bindPort, "bind_port", "", 0, "bind port")
+	xtcpCmd.PersistentFlags().BoolVarP(&useEncryption, "ue", "", false, "use encryption")
+	xtcpCmd.PersistentFlags().BoolVarP(&useCompression, "uc", "", false, "use compression")
+
+	rootCmd.AddCommand(xtcpCmd)
+}
+
+var xtcpCmd = &cobra.Command{
+	Use:   "xtcp",
+	Short: "Run frpc with a single xtcp proxy",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		clientCfg, err := parseClientCommonCfg(CfgFileTypeCmd, "")
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		proxyConfs := make(map[string]config.ProxyConf)
+		visitorConfs := make(map[string]config.VisitorConf)
+
+		var prefix string
+		if user != "" {
+			prefix = user + "."
+		}
+
+		if role == "server" {
+			cfg := &config.XtcpProxyConf{}
+			cfg.ProxyName = prefix + proxyName
+			cfg.ProxyType = consts.XtcpProxy
+			cfg.UseEncryption = useEncryption
+			cfg.UseCompression = useCompression
+			cfg.Role = role
+			cfg.Sk = sk
+			cfg.LocalIp = localIp
+			cfg.LocalPort = localPort
+			err = cfg.CheckForCli()
+			if err != nil {
+				fmt.Println(err)
+				os.Exit(1)
+			}
+			proxyConfs[cfg.ProxyName] = cfg
+		} else if role == "visitor" {
+			cfg := &config.XtcpVisitorConf{}
+			cfg.ProxyName = prefix + proxyName
+			cfg.ProxyType = consts.XtcpProxy
+			cfg.UseEncryption = useEncryption
+			cfg.UseCompression = useCompression
+			cfg.Role = role
+			cfg.Sk = sk
+			cfg.ServerName = serverName
+			cfg.BindAddr = bindAddr
+			cfg.BindPort = bindPort
+			err = cfg.Check()
+			if err != nil {
+				fmt.Println(err)
+				os.Exit(1)
+			}
+			visitorConfs[cfg.ProxyName] = cfg
+		} else {
+			fmt.Println("invalid role")
+			os.Exit(1)
+		}
+
+		err = startService(clientCfg, proxyConfs, visitorConfs, "")
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+		return nil
+	},
+}

cmd/frps/main.go

@@ -0,0 +1,32 @@
+// Copyright 2018 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package main
+
+import (
+	"math/rand"
+	"time"
+
+	"github.com/fatedier/golib/crypto"
+
+	_ "github.com/fatedier/frp/assets/frps/statik"
+	_ "github.com/fatedier/frp/models/metrics"
+)
+
+func main() {
+	crypto.DefaultSalt = "frp"
+	rand.Seed(time.Now().UnixNano())
+
+	Execute()
+}

cmd/frps/root.go

@@ -0,0 +1,212 @@
+// Copyright 2018 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package main
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/spf13/cobra"
+
+	"github.com/fatedier/frp/models/auth"
+	"github.com/fatedier/frp/models/config"
+	"github.com/fatedier/frp/server"
+	"github.com/fatedier/frp/utils/log"
+	"github.com/fatedier/frp/utils/util"
+	"github.com/fatedier/frp/utils/version"
+)
+
+const (
+	CfgFileTypeIni = iota
+	CfgFileTypeCmd
+)
+
+var (
+	cfgFile     string
+	showVersion bool
+
+	bindAddr          string
+	bindPort          int
+	bindUdpPort       int
+	kcpBindPort       int
+	proxyBindAddr     string
+	vhostHttpPort     int
+	vhostHttpsPort    int
+	vhostHttpTimeout  int64
+	dashboardAddr     string
+	dashboardPort     int
+	dashboardUser     string
+	dashboardPwd      string
+	assetsDir         string
+	logFile           string
+	logLevel          string
+	logMaxDays        int64
+	disableLogColor   bool
+	token             string
+	subDomainHost     string
+	tcpMux            bool
+	allowPorts        string
+	maxPoolCount      int64
+	maxPortsPerClient int64
+)
+
+func init() {
+	rootCmd.PersistentFlags().StringVarP(&cfgFile, "config", "c", "", "config file of frps")
+	rootCmd.PersistentFlags().BoolVarP(&showVersion, "version", "v", false, "version of frpc")
+
+	rootCmd.PersistentFlags().StringVarP(&bindAddr, "bind_addr", "", "0.0.0.0", "bind address")
+	rootCmd.PersistentFlags().IntVarP(&bindPort, "bind_port", "p", 7000, "bind port")
+	rootCmd.PersistentFlags().IntVarP(&bindUdpPort, "bind_udp_port", "", 0, "bind udp port")
+	rootCmd.PersistentFlags().IntVarP(&kcpBindPort, "kcp_bind_port", "", 0, "kcp bind udp port")
+	rootCmd.PersistentFlags().StringVarP(&proxyBindAddr, "proxy_bind_addr", "", "0.0.0.0", "proxy bind address")
+	rootCmd.PersistentFlags().IntVarP(&vhostHttpPort, "vhost_http_port", "", 0, "vhost http port")
+	rootCmd.PersistentFlags().IntVarP(&vhostHttpsPort, "vhost_https_port", "", 0, "vhost https port")
+	rootCmd.PersistentFlags().Int64VarP(&vhostHttpTimeout, "vhost_http_timeout", "", 60, "vhost http response header timeout")
+	rootCmd.PersistentFlags().StringVarP(&dashboardAddr, "dashboard_addr", "", "0.0.0.0", "dasboard address")
+	rootCmd.PersistentFlags().IntVarP(&dashboardPort, "dashboard_port", "", 0, "dashboard port")
+	rootCmd.PersistentFlags().StringVarP(&dashboardUser, "dashboard_user", "", "admin", "dashboard user")
+	rootCmd.PersistentFlags().StringVarP(&dashboardPwd, "dashboard_pwd", "", "admin", "dashboard password")
+	rootCmd.PersistentFlags().StringVarP(&logFile, "log_file", "", "console", "log file")
+	rootCmd.PersistentFlags().StringVarP(&logLevel, "log_level", "", "info", "log level")
+	rootCmd.PersistentFlags().Int64VarP(&logMaxDays, "log_max_days", "", 3, "log max days")
+	rootCmd.PersistentFlags().BoolVarP(&disableLogColor, "disable_log_color", "", false, "disable log color in console")
+
+	rootCmd.PersistentFlags().StringVarP(&token, "token", "t", "", "auth token")
+	rootCmd.PersistentFlags().StringVarP(&subDomainHost, "subdomain_host", "", "", "subdomain host")
+	rootCmd.PersistentFlags().StringVarP(&allowPorts, "allow_ports", "", "", "allow ports")
+	rootCmd.PersistentFlags().Int64VarP(&maxPortsPerClient, "max_ports_per_client", "", 0, "max ports per client")
+}
+
+var rootCmd = &cobra.Command{
+	Use:   "frps",
+	Short: "frps is the server of frp (https://github.com/fatedier/frp)",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		if showVersion {
+			fmt.Println(version.Full())
+			return nil
+		}
+
+		var cfg config.ServerCommonConf
+		var err error
+		if cfgFile != "" {
+			var content string
+			content, err = config.GetRenderedConfFromFile(cfgFile)
+			if err != nil {
+				return err
+			}
+			cfg, err = parseServerCommonCfg(CfgFileTypeIni, content)
+		} else {
+			cfg, err = parseServerCommonCfg(CfgFileTypeCmd, "")
+		}
+		if err != nil {
+			return err
+		}
+
+		err = runServer(cfg)
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+		return nil
+	},
+}
+
+func Execute() {
+	if err := rootCmd.Execute(); err != nil {
+		os.Exit(1)
+	}
+}
+
+func parseServerCommonCfg(fileType int, content string) (cfg config.ServerCommonConf, err error) {
+	if fileType == CfgFileTypeIni {
+		cfg, err = parseServerCommonCfgFromIni(content)
+	} else if fileType == CfgFileTypeCmd {
+		cfg, err = parseServerCommonCfgFromCmd()
+	}
+	if err != nil {
+		return
+	}
+
+	err = cfg.Check()
+	if err != nil {
+		return
+	}
+	return
+}
+
+func parseServerCommonCfgFromIni(content string) (config.ServerCommonConf, error) {
+	cfg, err := config.UnmarshalServerConfFromIni(content)
+	if err != nil {
+		return config.ServerCommonConf{}, err
+	}
+	return cfg, nil
+}
+
+func parseServerCommonCfgFromCmd() (cfg config.ServerCommonConf, err error) {
+	cfg = config.GetDefaultServerConf()
+
+	cfg.BindAddr = bindAddr
+	cfg.BindPort = bindPort
+	cfg.BindUdpPort = bindUdpPort
+	cfg.KcpBindPort = kcpBindPort
+	cfg.ProxyBindAddr = proxyBindAddr
+	cfg.VhostHttpPort = vhostHttpPort
+	cfg.VhostHttpsPort = vhostHttpsPort
+	cfg.VhostHttpTimeout = vhostHttpTimeout
+	cfg.DashboardAddr = dashboardAddr
+	cfg.DashboardPort = dashboardPort
+	cfg.DashboardUser = dashboardUser
+	cfg.DashboardPwd = dashboardPwd
+	cfg.LogFile = logFile
+	cfg.LogLevel = logLevel
+	cfg.LogMaxDays = logMaxDays
+	cfg.SubDomainHost = subDomainHost
+
+	// Only token authentication is supported in cmd mode
+	cfg.AuthServerConfig = auth.GetDefaultAuthServerConf()
+	cfg.Token = token
+	if len(allowPorts) > 0 {
+		// e.g. 1000-2000,2001,2002,3000-4000
+		ports, errRet := util.ParseRangeNumbers(allowPorts)
+		if errRet != nil {
+			err = fmt.Errorf("Parse conf error: allow_ports: %v", errRet)
+			return
+		}
+
+		for _, port := range ports {
+			cfg.AllowPorts[int(port)] = struct{}{}
+		}
+	}
+	cfg.MaxPortsPerClient = maxPortsPerClient
+
+	if logFile == "console" {
+		cfg.LogWay = "console"
+	} else {
+		cfg.LogWay = "file"
+	}
+	cfg.DisableLogColor = disableLogColor
+	return
+}
+
+func runServer(cfg config.ServerCommonConf) (err error) {
+	log.InitLog(cfg.LogWay, cfg.LogFile, cfg.LogLevel, cfg.LogMaxDays, cfg.DisableLogColor)
+	svr, err := server.NewService(cfg)
+	if err != nil {
+		return err
+	}
+	log.Info("start frps success")
+	svr.Run()
+	return
+}

conf/frpc.ini

@@ -1,14 +1,9 @@
-# [common] is integral section
 [common]
-server_addr = 0.0.0.0
+server_addr = 127.0.0.1
 server_port = 7000
-# console or real logFile path like ./frpc.log
-log_file = console
-# debug, info, warn, error
-log_level = debug
 
-# test1 is the proxy name same as server's configuration
-[test1]
-passwd = 123
+[ssh]
+type = tcp
 local_ip = 127.0.0.1
 local_port = 22
+remote_port = 6000

conf/frpc_full.ini

@@ -0,0 +1,273 @@
+# [common] is integral section
+[common]
+# A literal address or host name for IPv6 must be enclosed
+# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
+server_addr = 0.0.0.0
+server_port = 7000
+
+# if you want to connect frps by http proxy or socks5 proxy, you can set http_proxy here or in global environment variables
+# it only works when protocol is tcp
+# http_proxy = http://user:passwd@192.168.1.128:8080
+# http_proxy = socks5://user:passwd@192.168.1.128:1080
+
+# console or real logFile path like ./frpc.log
+log_file = ./frpc.log
+
+# trace, debug, info, warn, error
+log_level = info
+
+log_max_days = 3
+
+# disable log colors when log_file is console, default is false
+disable_log_color = false
+
+# for authentication
+token = 12345678
+
+# set admin address for control frpc's action by http api such as reload
+admin_addr = 127.0.0.1
+admin_port = 7400
+admin_user = admin
+admin_pwd = admin
+# Admin assets directory. By default, these assets are bundled with frpc.
+# assets_dir = ./static
+
+# connections will be established in advance, default value is zero
+pool_count = 5
+
+# if tcp stream multiplexing is used, default is true, it must be same with frps
+tcp_mux = true
+
+# your proxy name will be changed to {user}.{proxy}
+user = your_name
+
+# decide if exit program when first login failed, otherwise continuous relogin to frps
+# default is true
+login_fail_exit = true
+
+# communication protocol used to connect to server
+# now it supports tcp and kcp and websocket, default is tcp
+protocol = tcp
+
+# if tls_enable is true, frpc will connect frps by tls
+tls_enable = true
+
+# specify a dns server, so frpc will use this instead of default one
+# dns_server = 8.8.8.8
+
+# proxy names you want to start seperated by ','
+# default is empty, means all proxies
+# start = ssh,dns
+
+# heartbeat configure, it's not recommended to modify the default value
+# the default value of heartbeat_interval is 10 and heartbeat_timeout is 90
+# heartbeat_interval = 30
+# heartbeat_timeout = 90
+
+# additional meta info for client
+meta_var1 = 123
+meta_var2 = 234
+
+# 'ssh' is the unique proxy name
+# if user in [common] section is not empty, it will be changed to {user}.{proxy} such as 'your_name.ssh'
+[ssh]
+# tcp | udp | http | https | stcp | xtcp, default is tcp
+type = tcp
+local_ip = 127.0.0.1
+local_port = 22
+# limit bandwidth for this proxy, unit is KB and MB
+bandwidth_limit = 1MB
+# true or false, if true, messages between frps and frpc will be encrypted, default is false
+use_encryption = false
+# if true, message will be compressed
+use_compression = false
+# remote port listen by frps
+remote_port = 6001
+# frps will load balancing connections for proxies in same group
+group = test_group
+# group should have same group key
+group_key = 123456
+# enable health check for the backend service, it support 'tcp' and 'http' now
+# frpc will connect local service's port to detect it's healthy status
+health_check_type = tcp
+# health check connection timeout
+health_check_timeout_s = 3
+# if continuous failed in 3 times, the proxy will be removed from frps
+health_check_max_failed = 3
+# every 10 seconds will do a health check
+health_check_interval_s = 10
+# additional meta info for each proxy
+meta_var1 = 123
+meta_var2 = 234
+
+[ssh_random]
+type = tcp
+local_ip = 127.0.0.1
+local_port = 22
+# if remote_port is 0, frps will assign a random port for you
+remote_port = 0
+
+# if you want to expose multiple ports, add 'range:' prefix to the section name
+# frpc will generate multiple proxies such as 'tcp_port_6010', 'tcp_port_6011' and so on.
+[range:tcp_port]
+type = tcp
+local_ip = 127.0.0.1
+local_port = 6010-6020,6022,6024-6028
+remote_port = 6010-6020,6022,6024-6028
+use_encryption = false
+use_compression = false
+
+[dns]
+type = udp
+local_ip = 114.114.114.114
+local_port = 53
+remote_port = 6002
+use_encryption = false
+use_compression = false
+
+[range:udp_port]
+type = udp
+local_ip = 127.0.0.1
+local_port = 6010-6020
+remote_port = 6010-6020
+use_encryption = false
+use_compression = false
+
+# Resolve your domain names to [server_addr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02
+[web01]
+type = http
+local_ip = 127.0.0.1
+local_port = 80
+use_encryption = false
+use_compression = true
+# http username and password are safety certification for http protocol
+# if not set, you can access this custom_domains without certification
+http_user = admin
+http_pwd = admin
+# if domain for frps is frps.com, then you can access [web01] proxy by URL http://test.frps.com
+subdomain = web01
+custom_domains = web02.yourdomain.com
+# locations is only available for http type
+locations = /,/pic
+host_header_rewrite = example.com
+# params with prefix "header_" will be used to update http request headers
+header_X-From-Where = frp
+health_check_type = http
+# frpc will send a GET http request '/status' to local http service
+# http service is alive when it return 2xx http response code
+health_check_url = /status
+health_check_interval_s = 10
+health_check_max_failed = 3
+health_check_timeout_s = 3
+
+[web02]
+type = https
+local_ip = 127.0.0.1
+local_port = 8000
+use_encryption = false
+use_compression = false
+subdomain = web01
+custom_domains = web02.yourdomain.com
+# if not empty, frpc will use proxy protocol to transfer connection info to your local service
+# v1 or v2 or empty
+proxy_protocol_version = v2
+
+[plugin_unix_domain_socket]
+type = tcp
+remote_port = 6003
+# if plugin is defined, local_ip and local_port is useless
+# plugin will handle connections got from frps
+plugin = unix_domain_socket
+# params with prefix "plugin_" that plugin needed
+plugin_unix_path = /var/run/docker.sock
+
+[plugin_http_proxy]
+type = tcp
+remote_port = 6004
+plugin = http_proxy
+plugin_http_user = abc
+plugin_http_passwd = abc
+
+[plugin_socks5]
+type = tcp
+remote_port = 6005
+plugin = socks5
+plugin_user = abc
+plugin_passwd = abc
+
+[plugin_static_file]
+type = tcp
+remote_port = 6006
+plugin = static_file
+plugin_local_path = /var/www/blog
+plugin_strip_prefix = static
+plugin_http_user = abc
+plugin_http_passwd = abc
+
+[plugin_https2http]
+type = https
+custom_domains = test.yourdomain.com
+plugin = https2http
+plugin_local_addr = 127.0.0.1:80
+plugin_crt_path = ./server.crt
+plugin_key_path = ./server.key
+plugin_host_header_rewrite = 127.0.0.1
+plugin_header_X-From-Where = frp
+
+[plugin_http2https]
+type = http
+custom_domains = test.yourdomain.com
+plugin = http2https
+plugin_local_addr = 127.0.0.1:443
+plugin_host_header_rewrite = 127.0.0.1
+plugin_header_X-From-Where = frp
+
+[secret_tcp]
+# If the type is secret tcp, remote_port is useless
+# Who want to connect local port should deploy another frpc with stcp proxy and role is visitor
+type = stcp
+# sk used for authentication for visitors
+sk = abcdefg
+local_ip = 127.0.0.1
+local_port = 22
+use_encryption = false
+use_compression = false
+
+# user of frpc should be same in both stcp server and stcp visitor
+[secret_tcp_visitor]
+# frpc role visitor -> frps -> frpc role server
+role = visitor
+type = stcp
+# the server name you want to visitor
+server_name = secret_tcp
+sk = abcdefg
+# connect this address to visitor stcp server
+bind_addr = 127.0.0.1
+bind_port = 9000
+use_encryption = false
+use_compression = false
+
+[p2p_tcp]
+type = xtcp
+sk = abcdefg
+local_ip = 127.0.0.1
+local_port = 22
+use_encryption = false
+use_compression = false
+
+[p2p_tcp_visitor]
+role = visitor
+type = xtcp
+server_name = p2p_tcp
+sk = abcdefg
+bind_addr = 127.0.0.1
+bind_port = 9001
+use_encryption = false
+use_compression = false
+
+[tcpmuxhttpconnect]
+type = tcpmux
+multiplexer = httpconnect
+local_ip = 127.0.0.1
+local_port = 10701
+custom_domains = tunnel1

conf/frps.ini

@@ -1,14 +1,2 @@
-# [common] is integral section
 [common]
-bind_addr = 0.0.0.0
 bind_port = 7000
-# console or real logFile path like ./frps.log
-log_file = console
-# debug, info, warn, error
-log_level = debug
-
-# test1 is the proxy name, client will use this name and passwd to connect to server
-[test1]
-passwd = 123
-bind_addr = 0.0.0.0
-listen_port = 6000

conf/frps_full.ini

@@ -0,0 +1,124 @@
+# [common] is integral section
+[common]
+# A literal address or host name for IPv6 must be enclosed
+# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
+bind_addr = 0.0.0.0
+bind_port = 7000
+
+# udp port to help make udp hole to penetrate nat
+bind_udp_port = 7001
+
+# udp port used for kcp protocol, it can be same with 'bind_port'
+# if not set, kcp is disabled in frps
+kcp_bind_port = 7000
+
+# specify which address proxy will listen for, default value is same with bind_addr
+# proxy_bind_addr = 127.0.0.1
+
+# if you want to support virtual host, you must set the http port for listening (optional)
+# Note: http port and https port can be same with bind_port
+vhost_http_port = 80
+vhost_https_port = 443
+
+# response header timeout(seconds) for vhost http server, default is 60s
+# vhost_http_timeout = 60
+
+# TcpMuxHttpConnectPort specifies the port that the server listens for TCP
+# HTTP CONNECT requests. If the value is 0, the server will not multiplex TCP
+# requests on one single port. If it's not - it will listen on this value for
+# HTTP CONNECT requests. By default, this value is 0.
+# tcpmux_httpconnect_port = 1337
+
+# set dashboard_addr and dashboard_port to view dashboard of frps
+# dashboard_addr's default value is same with bind_addr
+# dashboard is available only if dashboard_port is set
+dashboard_addr = 0.0.0.0
+dashboard_port = 7500
+
+# dashboard user and passwd for basic auth protect, if not set, both default value is admin
+dashboard_user = admin
+dashboard_pwd = admin
+
+# enable_prometheus will export prometheus metrics on {dashboard_addr}:{dashboard_port} in /metrics api.
+enable_prometheus = true
+
+# dashboard assets directory(only for debug mode)
+# assets_dir = ./static
+# console or real logFile path like ./frps.log
+log_file = ./frps.log
+
+# trace, debug, info, warn, error
+log_level = info
+
+log_max_days = 3
+
+# disable log colors when log_file is console, default is false
+disable_log_color = false
+
+# DetailedErrorsToClient defines whether to send the specific error (with debug info) to frpc. By default, this value is true.
+detailed_errors_to_client = true
+
+# AuthenticationMethod specifies what authentication method to use authenticate frpc with frps.
+# If "token" is specified - token will be read into login message.
+# If "oidc" is specified - OIDC (Open ID Connect) token will be issued using OIDC settings. By default, this value is "token".
+authentication_method = token
+
+# AuthenticateHeartBeats specifies whether to include authentication token in heartbeats sent to frps. By default, this value is false.
+authenticate_heartbeats = false
+
+# AuthenticateNewWorkConns specifies whether to include authentication token in new work connections sent to frps. By default, this value is false.
+authenticate_new_work_conns = false
+
+# auth token
+token = 12345678
+
+# OidcClientId specifies the client ID to use to get a token in OIDC authentication if AuthenticationMethod == "oidc".
+# By default, this value is "".
+oidc_client_id =
+
+# OidcClientSecret specifies the client secret to use to get a token in OIDC authentication if AuthenticationMethod == "oidc".
+# By default, this value is "".
+oidc_client_secret = 
+
+# OidcAudience specifies the audience of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "".
+oidc_audience = 
+
+# OidcTokenEndpointUrl specifies the URL which implements OIDC Token Endpoint.
+# It will be used to get an OIDC token if AuthenticationMethod == "oidc". By default, this value is "".
+oidc_token_endpoint_url = 
+
+# heartbeat configure, it's not recommended to modify the default value
+# the default value of heartbeat_timeout is 90
+# heartbeat_timeout = 90
+
+# only allow frpc to bind ports you list, if you set nothing, there won't be any limit
+allow_ports = 2000-3000,3001,3003,4000-50000
+
+# pool_count in each proxy will change to max_pool_count if they exceed the maximum value
+max_pool_count = 5
+
+# max ports can be used for each client, default value is 0 means no limit
+max_ports_per_client = 0
+
+# TlsOnly specifies whether to only accept TLS-encrypted connections. By default, the value is false.
+tls_only = false
+
+# if subdomain_host is not empty, you can set subdomain when type is http or https in frpc's configure file
+# when subdomain is test, the host used by routing is test.frps.com
+subdomain_host = frps.com
+
+# if tcp stream multiplexing is used, default is true
+tcp_mux = true
+
+# custom 404 page for HTTP requests
+# custom_404_page = /path/to/404.html
+
+[plugin.user-manager]
+addr = 127.0.0.1:9000
+path = /handler
+ops = Login
+
+[plugin.port-manager]
+addr = 127.0.0.1:9001
+path = /handler
+ops = NewProxy

conf/systemd/frpc.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=Frp Client Service
+After=network.target
+
+[Service]
+Type=simple
+User=nobody
+Restart=on-failure
+RestartSec=5s
+ExecStart=/usr/bin/frpc -c /etc/frp/frpc.ini
+ExecReload=/usr/bin/frpc reload -c /etc/frp/frpc.ini
+
+[Install]
+WantedBy=multi-user.target

conf/systemd/frpc@.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=Frp Client Service
+After=network.target
+
+[Service]
+Type=idle
+User=nobody
+Restart=on-failure
+RestartSec=5s
+ExecStart=/usr/bin/frpc -c /etc/frp/%i.ini
+ExecReload=/usr/bin/frpc reload -c /etc/frp/%i.ini
+
+[Install]
+WantedBy=multi-user.target

conf/systemd/frps.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=Frp Server Service
+After=network.target
+
+[Service]
+Type=simple
+User=nobody
+Restart=on-failure
+RestartSec=5s
+ExecStart=/usr/bin/frps -c /etc/frp/frps.ini
+
+[Install]
+WantedBy=multi-user.target

conf/systemd/frps@.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=Frp Server Service
+After=network.target
+
+[Service]
+Type=simple
+User=nobody
+Restart=on-failure
+RestartSec=5s
+ExecStart=/usr/bin/frps -c /etc/frp/%i.ini
+
+[Install]
+WantedBy=multi-user.target

doc/quick_start_en.md

@@ -1,68 +0,0 @@
-# Quick Start
-
-frp is easier to use compared with other similar projects.
-
-We will use a simple demo to demonstrate how to create a connection to server A's ssh port by server B with public IP address x.x.x.x(replace to the real IP address of your server).
-
-### Download SourceCode
-
-`go get github.com/fatedier/frp` is recommended, then the code will be copied to the directory `$GOPATH/src/github.com/fatedier/frp`.
-
-Or you can use `git clone https://github.com/fatedier/frp.git $GOPATH/src/github.com/fatedier/frp`.
-
-### Compile
-
-Enter the root directory and execute `make`, then wait until finished.
-
-**bin** include all executable programs when **conf** include corresponding configuration files.
-
-### Pre-requirement
-
-* Go environment. Version of go >= 1.4.
-* Godep (if not exist, go get will be executed to download godep when compiling)
-
-### Deploy
-
-1. Move `./bin/frps` and `./conf/frps.ini` to any directory of server B.
-2. Move `./bin/frpc` and `./conf/frpc.ini` to any directory of server A.
-3. Modify all configuration files, details in next paragraph.
-4. Execute `nohup ./frps &` or `nohup ./frps -c ./frps.ini &` in server B.
-5. Execute `nohup ./frpc &` or `nohup ./frpc -c ./frpc.ini &` in server A.
-6. Use `ssh -oPort=6000 {user}@x.x.x.x` to test if frp is work(replace {user} to real username in server A).
-
-### Configuration files
-
-#### frps.ini
-
-```ini
-[common]
-bind_addr = 0.0.0.0
-# for accept connections from frpc
-bind_port = 7000
-log_file = ./frps.log
-log_level = info
-
-# test is the custom name of proxy and there can be many proxies with unique name in one configure file
-[test]
-passwd = 123
-bind_addr = 0.0.0.0
-# finally we connect to server A by this port
-listen_port = 6000
-```
-
-#### frpc.ini
-
-```ini
-[common]
-# server address of frps
-server_addr = x.x.x.x
-server_port = 7000
-log_file = ./frpc.log
-log_level = info
-
-# test is proxy name same with configure in frps.ini
-[test]
-passwd = 123
-# local port which need to be transferred
-local_port = 22
-```

doc/quick_start_zh.md

@@ -1,66 +0,0 @@
-# frp 使用文档
-
-frp 相比于其他项目而言非常易于部署和使用，这里我们用一个简单的示例演示如何通过一台拥有公网IP地址的服务器B，访问处于内网环境中的服务器A的ssh端口，服务器B的IP地址为 x.x.x.x（测试时替换为真实的IP地址）。
-
-### 下载源码
-
-推荐直接使用 `go get github.com/fatedier/frp` 下载源代码安装，执行命令后代码将会拷贝到 `$GOPATH/src/github.com/fatedier/frp` 目录下。
-
-或者可以使用 `git clone https://github.com/fatedier/frp.git $GOPATH/src/github.com/fatedier/frp` 拷贝到相应目录下。
-
-### 编译
-
-进入下载后的源码根目录，执行 `make` 命令，等待编译完成。
-
-编译完成后， **bin** 目录下是编译好的可执行文件，**conf** 目录下是示例配置文件。
-
-### 依赖
-
-* go 1.4 以上版本
-* godep （如果检查不存在，编译时会通过 go get 命令安装）
-
-### 部署
-
-1. 将 ./bin/frps 和 ./conf/frps.ini 拷贝至服务器B任意目录。
-2. 将 ./bin/frpc 和 ./conf/frpc.ini 拷贝至服务器A任意目录。
-3. 修改两边的配置文件，见下一节说明。
-4. 在服务器B执行 `nohup ./frps &` 或者 `nohup ./frps -c ./frps.ini &`。
-5. 在服务器A执行 `nohup ./frpc &` 或者 `nohup ./frpc -c ./frpc.ini &`。
-6. 通过 `ssh -oPort=6000 {user}@x.x.x.x` 测试是否能够成功连接服务器A（{user}替换为服务器A上存在的真实用户）。
-
-### 配置文件
-
-#### frps.ini
-
-```ini
-[common]
-bind_addr = 0.0.0.0
-# 用于接收 frpc 连接的端口
-bind_port = 7000
-log_file = ./frps.log
-log_level = info
-
-# test 为代理的自定义名称，可以有多个，不能重复，和frpc中名称对应
-[test]
-passwd = 123
-bind_addr = 0.0.0.0
-# 最后将通过此端口访问后端服务
-listen_port = 6000
-```
-
-#### frpc.ini
-
-```ini
-[common]
-# frps 所在服务器绑定的IP地址
-server_addr = x.x.x.x
-server_port = 7000
-log_file = ./frpc.log
-log_level = info
-
-# test需要和 frps.ini 中配置一致
-[test]
-passwd = 123
-# 需要转发的本地端口
-local_port = 22
-```

doc/server_plugin.md

@@ -0,0 +1,171 @@
+### Manage Plugin
+
+frp manage plugin is aim to extend frp's ability without modifing self code.
+
+It runs as a process and listen on a port to provide RPC interface. Before frps doing some operations, frps will send RPC requests to manage plugin and do operations by it's response.
+
+### RPC request
+
+Support HTTP first.
+
+When manage plugin accept the operation request, it can give three different responses.
+
+* Reject operation and return the reason.
+* Allow operation and keep original content.
+* Allow operation and return modified content.
+
+### Interface
+
+HTTP path can be configured for each manage plugin in frps. Assume here is `/handler`.
+
+Request
+
+```
+POST /handler
+{
+    "version": "0.1.0",
+    "op": "Login",
+    "content": {
+        ... // Operation info
+    }
+}
+
+Request Header
+X-Frp-Reqid: for tracing
+```
+
+Response
+
+Error if not return 200 http code.
+
+Reject opeartion
+
+```
+{
+    "reject": true,
+    "reject_reason": "invalid user"
+}
+```
+
+Allow operation and keep original content
+
+```
+{
+    "reject": false,
+    "unchange": true
+}
+```
+
+Allow opeartion and modify content
+
+```
+{
+    "unchange": "false",
+    "content": {
+        ... // Replaced content
+    }
+}
+```
+
+### Operation
+
+Now it supports `Login` and `NewProxy`.
+
+#### Login
+
+Client login operation
+
+```
+{
+    "content": {
+        "version": <string>,
+        "hostname": <string>,
+        "os": <string>,
+        "arch": <string>,
+        "user": <string>,
+        "timestamp": <int64>,
+        "privilege_key": <string>,
+        "run_id": <string>,
+        "pool_count": <int>,
+        "metas": map<string>string
+    }
+}
+```
+
+#### NewProxy
+
+Create new proxy
+
+```
+{
+    "content": {
+        "user": {
+            "user": <string>,
+            "metas": map<string>string
+        },
+        "proxy_name": <string>,
+        "proxy_type": <string>,
+        "use_encryption": <bool>,
+        "use_compression": <bool>,
+        "group": <string>,
+        "group_key": <string>,
+
+        // tcp and udp only
+        "remote_port": <int>,
+
+        // http and https only
+        "custom_domains": []<string>,
+        "subdomain": <string>,
+        "locations": <string>,
+        "http_user": <string>,
+        "http_pwd": <string>,
+        "host_header_rewrite": <string>,
+        "headers": map<string>string,
+
+        "metas": map<string>string
+    }
+}
+```
+
+### manage plugin configure
+
+```ini
+[common]
+bind_port = 7000
+
+[plugin.user-manager]
+addr = 127.0.0.1:9000
+path = /handler
+ops = Login
+
+[plugin.port-manager]
+addr = 127.0.0.1:9001
+path = /handler
+ops = NewProxy
+```
+
+addr: plugin listen on.
+path: http request url path.
+ops: opeartions plugin needs handle.
+
+### meta data
+
+Meta data will be sent to manage plugin in each RCP request.
+
+Meta data start with `meta_`. It can be configured in `common` and each proxy.
+
+```
+# frpc.ini
+[common]
+server_addr = 127.0.0.1
+server_port = 7000
+user = fake
+meta_token = fake
+meta_version = 1.0.0
+
+[ssh]
+type = tcp
+local_port = 22
+remote_port = 6000
+meta_id = 123
+```

doc/server_plugin_zh.md

@@ -0,0 +1,171 @@
+### 服务端管理插件
+
+frp 管理插件的作用是在不侵入自身代码的前提下，扩展 frp 服务端的能力。
+
+frp 管理插件会以单独进程的形式运行，并且监听在一个端口上，对外提供 RPC 接口，响应 frps 的请求。
+
+frps 在执行某些操作前，会根据配置向管理插件发送 RPC 请求，根据管理插件的响应来执行相应的操作。
+
+### RPC 请求
+
+管理插件接收到操作请求后，可以给出三种回应。
+
+* 拒绝操作，需要返回拒绝操作的原因。
+* 允许操作，不需要修改操作内容。
+* 允许操作，对操作请求进行修改后，返回修改后的内容。
+
+### 接口
+
+接口路径可以在 frps 配置中为每个插件单独配置，这里以 `/handler` 为例。
+
+Request
+
+```
+POST /handler
+{
+    "version": "0.1.0",
+    "op": "Login",
+    "content": {
+        ... // 具体的操作信息
+    }
+}
+
+请求 Header
+X-Frp-Reqid: 用于追踪请求
+```
+
+Response
+
+非 200 的返回都认为是请求异常。
+
+拒绝执行操作
+
+```
+{
+   "reject": true,
+   "reject_reason": "invalid user"
+}
+```
+
+允许且内容不需要变动
+
+```
+{
+    "reject": false,
+    "unchange": true
+}
+```
+
+允许且需要替换操作内容
+
+```
+{
+    "unchange": "false",
+    "content": {
+        ... // 替换后的操作信息，格式必须和请求时的一致
+    }
+}
+```
+
+### 操作类型
+
+目前插件支持管理的操作类型有 `Login` 和 `NewProxy`。
+
+#### Login
+
+用户登录操作信息
+
+```
+{
+    "content": {
+        "version": <string>,
+        "hostname": <string>,
+        "os": <string>,
+        "arch": <string>,
+        "user": <string>,
+        "timestamp": <int64>,
+        "privilege_key": <string>,
+        "run_id": <string>,
+        "pool_count": <int>,
+        "metas": map<string>string
+    }
+}
+```
+
+#### NewProxy
+
+创建代理的相关信息
+
+```
+{
+    "content": {
+        "user": {
+            "user": <string>,
+            "metas": map<string>string
+        },
+        "proxy_name": <string>,
+        "proxy_type": <string>,
+        "use_encryption": <bool>,
+        "use_compression": <bool>,
+        "group": <string>,
+        "group_key": <string>,
+
+        // tcp and udp only
+        "remote_port": <int>,
+
+        // http and https only
+        "custom_domains": []<string>,
+        "subdomain": <string>,
+        "locations": <string>,
+        "http_user": <string>,
+        "http_pwd": <string>,
+        "host_header_rewrite": <string>,
+        "headers": map<string>string,
+
+        "metas": map<string>string
+    }
+}
+```
+
+### frps 中插件配置
+
+```ini
+[common]
+bind_port = 7000
+
+[plugin.user-manager]
+addr = 127.0.0.1:9000
+path = /handler
+ops = Login
+
+[plugin.port-manager]
+addr = 127.0.0.1:9001
+path = /handler
+ops = NewProxy
+```
+
+addr: 插件监听的网络地址。
+path: 插件监听的 HTTP 请求路径。
+ops: 插件需要处理的操作列表，多个 op 以英文逗号分隔。
+
+### 元数据
+
+为了减少 frps 的代码修改，同时提高管理插件的扩展能力，在 frpc 的配置文件中引入自定义元数据的概念。元数据会在调用 RPC 请求时发送给插件。
+
+元数据以 `meta_` 开头，可以配置多个，元数据分为两种，一种配置在 `common` 下，一种配置在各个 proxy 中。
+
+```
+# frpc.ini
+[common]
+server_addr = 127.0.0.1
+server_port = 7000
+user = fake
+meta_token = fake
+meta_version = 1.0.0
+
+[ssh]
+type = tcp
+local_port = 22
+remote_port = 6000
+meta_id = 123
+```

go.mod

@@ -0,0 +1,37 @@
+module github.com/fatedier/frp
+
+go 1.12
+
+require (
+	github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5
+	github.com/coreos/go-oidc v2.2.1+incompatible
+	github.com/fatedier/beego v0.0.0-20171024143340-6c6a4f5bd5eb
+	github.com/fatedier/golib v0.0.0-20181107124048-ff8cd814b049
+	github.com/fatedier/kcp-go v2.0.4-0.20190803094908-fe8645b0a904+incompatible
+	github.com/golang/snappy v0.0.0-20170215233205-553a64147049 // indirect
+	github.com/gorilla/mux v1.7.3
+	github.com/gorilla/websocket v1.4.0
+	github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d
+	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/klauspost/cpuid v1.2.0 // indirect
+	github.com/klauspost/reedsolomon v1.9.1 // indirect
+	github.com/mattn/go-runewidth v0.0.4 // indirect
+	github.com/pires/go-proxyproto v0.0.0-20190111085350-4d51b51e3bfc
+	github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect
+	github.com/prometheus/client_golang v1.4.1
+	github.com/rakyll/statik v0.1.1
+	github.com/rodaine/table v1.0.0
+	github.com/spf13/cobra v0.0.3
+	github.com/spf13/pflag v1.0.1 // indirect
+	github.com/stretchr/testify v1.4.0
+	github.com/templexxx/cpufeat v0.0.0-20170927014610-3794dfbfb047 // indirect
+	github.com/templexxx/xor v0.0.0-20170926022130-0af8e873c554 // indirect
+	github.com/tjfoc/gmsm v0.0.0-20171124023159-98aa888b79d8 // indirect
+	github.com/vaughan0/go-ini v0.0.0-20130923145212-a98ad7ee00ec
+	github.com/xtaci/lossyconn v0.0.0-20190602105132-8df528c0c9ae // indirect
+	golang.org/x/net v0.0.0-20190724013045-ca1201d0de80
+	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
+	golang.org/x/text v0.3.2 // indirect
+	golang.org/x/time v0.0.0-20191024005414-555d28b269f0
+	gopkg.in/square/go-jose.v2 v2.4.1 // indirect
+)

go.sum

@@ -0,0 +1,141 @@
+cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
+github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
+github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
+github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
+github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY=
+github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/coreos/go-oidc v2.2.1+incompatible h1:mh48q/BqXqgjVHpy2ZY7WnWAbenxRjsz9N1i1YxjHAk=
+github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/fatedier/beego v0.0.0-20171024143340-6c6a4f5bd5eb/go.mod h1:wx3gB6dbIfBRcucp94PI9Bt3I0F2c/MyNEWuhzpWiwk=
+github.com/fatedier/golib v0.0.0-20181107124048-ff8cd814b049 h1:teH578mf2ii42NHhIp3PhgvjU5bv+NFMq9fSQR8NaG8=
+github.com/fatedier/golib v0.0.0-20181107124048-ff8cd814b049/go.mod h1:DqIrnl0rp3Zybg9zbJmozTy1n8fYJoX+QoAj9slIkKM=
+github.com/fatedier/kcp-go v2.0.4-0.20190803094908-fe8645b0a904+incompatible h1:ssXat9YXFvigNge/IkkZvFMn8yeYKFX+uI6wn2mLJ74=
+github.com/fatedier/kcp-go v2.0.4-0.20190803094908-fe8645b0a904+incompatible/go.mod h1:YpCOaxj7vvMThhIQ9AfTOPW2sfztQR5WDfs7AflSy4s=
+github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
+github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
+github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/snappy v0.0.0-20170215233205-553a64147049/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/gorilla/mux v1.7.3 h1:gnP5JzjVOuiZD07fKKToCAOjS0yOpj/qPETTXCCS6hw=
+github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
+github.com/gorilla/websocket v1.4.0 h1:WDFjx/TMzVgy9VdMMQi2K2Emtwi2QcUQsztZ/zLaH/Q=
+github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
+github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d h1:kJCB4vdITiW1eC1vq2e6IsrXKrZit1bv/TDYFGMp4BQ=
+github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
+github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
+github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
+github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
+github.com/klauspost/cpuid v1.2.0 h1:NMpwD2G9JSFOE1/TJjGSo5zG7Yb2bTe7eq1jH+irmeE=
+github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
+github.com/klauspost/reedsolomon v1.9.1 h1:kYrT1MlR4JH6PqOpC+okdb9CDTcwEC/BqpzK4WFyXL8=
+github.com/klauspost/reedsolomon v1.9.1/go.mod h1:CwCi+NUr9pqSVktrkN+Ondf06rkhYZ/pcNv7fu+8Un4=
+github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
+github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
+github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/pires/go-proxyproto v0.0.0-20190111085350-4d51b51e3bfc h1:lNOt1SMsgHXTdpuGw+RpnJtzUcCb/oRKZP65pBy9pr8=
+github.com/pires/go-proxyproto v0.0.0-20190111085350-4d51b51e3bfc/go.mod h1:6/gX3+E/IYGa0wMORlSMla999awQFdbaeQCHjSMKIzY=
+github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
+github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 h1:J9b7z+QKAmPf4YLrFg6oQUotqHQeUNWwkvo7jZp1GLU=
+github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
+github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
+github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
+github.com/prometheus/client_golang v1.4.1 h1:FFSuS004yOQEtDdTq+TAOLP5xUq63KqAFYyOi8zA+Y8=
+github.com/prometheus/client_golang v1.4.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
+github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
+github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M=
+github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
+github.com/prometheus/common v0.9.1 h1:KOMtN28tlbam3/7ZKEYKHhKoJZYYj3gMH4uc62x7X7U=
+github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
+github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
+github.com/prometheus/procfs v0.0.8 h1:+fpWZdT24pJBiqJdAwYBjPSk+5YmQzYNPYzQsdzLkt8=
+github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
+github.com/rakyll/statik v0.1.1/go.mod h1:OEi9wJV/fMUAGx1eNjq75DKDsJVuEv1U0oYdX6GX8Zs=
+github.com/rodaine/table v1.0.0/go.mod h1:YAUzwPOji0DUJNEvggdxyQcUAl4g3hDRcFlyjnnR51I=
+github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
+github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
+github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/templexxx/cpufeat v0.0.0-20170927014610-3794dfbfb047/go.mod h1:wM7WEvslTq+iOEAMDLSzhVuOt5BRZ05WirO+b09GHQU=
+github.com/templexxx/xor v0.0.0-20170926022130-0af8e873c554/go.mod h1:5XA7W9S6mni3h5uvOC75dA3m9CCCaS83lltmc0ukdi4=
+github.com/tjfoc/gmsm v0.0.0-20171124023159-98aa888b79d8/go.mod h1:XxO4hdhhrzAd+G4CjDqaOkd0hUzmtPR/d3EiBBMn/wc=
+github.com/vaughan0/go-ini v0.0.0-20130923145212-a98ad7ee00ec/go.mod h1:owBmyHYMLkxyrugmfwE/DLJyW8Ro9mkphwuVErQ0iUw=
+github.com/xtaci/lossyconn v0.0.0-20190602105132-8df528c0c9ae/go.mod h1:gXtu8J62kEgmN++bm9BVICuT/e8yiLI2KFobd/TRFsE=
+golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90PveolxSbWFaJdECFbxSq0Mqo2M=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190724013045-ca1201d0de80 h1:Ao/3l156eZf2AW5wK8a7/smtodRU+gha3+BeqJ69lRk=
+golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d h1:TzXSXBo42m9gQenoE3b9BGiEpg5IG2JkU5FkPIawgtw=
+golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200122134326-e047566fdf82 h1:ywK/j/KkyTHcdyYSZNXGjMwgmDSfjglYZ3vStQ/gSCU=
+golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqGHIWVuyCkGJLwGh9JJFs=
+golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/square/go-jose.v2 v2.4.1 h1:H0TmLt7/KmzlrDOpa1F+zr0Tk90PbJYBfsVUmRLrf9Y=
+gopkg.in/square/go-jose.v2 v2.4.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
+gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.5 h1:ymVxjfMaHvXD8RqPRmzHHsB3VvucivSkIAvJFDI5O3c=
+gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

models/auth/auth.go

@@ -0,0 +1,151 @@
+// Copyright 2020 guylewin, guy@lewin.co.il
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package auth
+
+import (
+	"fmt"
+
+	"github.com/fatedier/frp/models/consts"
+	"github.com/fatedier/frp/models/msg"
+
+	"github.com/vaughan0/go-ini"
+)
+
+type baseConfig struct {
+	// AuthenticationMethod specifies what authentication method to use to
+	// authenticate frpc with frps. If "token" is specified - token will be
+	// read into login message. If "oidc" is specified - OIDC (Open ID Connect)
+	// token will be issued using OIDC settings. By default, this value is "token".
+	AuthenticationMethod string `json:"authentication_method"`
+	// AuthenticateHeartBeats specifies whether to include authentication token in
+	// heartbeats sent to frps. By default, this value is false.
+	AuthenticateHeartBeats bool `json:"authenticate_heartbeats"`
+	// AuthenticateNewWorkConns specifies whether to include authentication token in
+	// new work connections sent to frps. By default, this value is false.
+	AuthenticateNewWorkConns bool `json:"authenticate_new_work_conns"`
+}
+
+func getDefaultBaseConf() baseConfig {
+	return baseConfig{
+		AuthenticationMethod:     "token",
+		AuthenticateHeartBeats:   false,
+		AuthenticateNewWorkConns: false,
+	}
+}
+
+func unmarshalBaseConfFromIni(conf ini.File) baseConfig {
+	var (
+		tmpStr string
+		ok     bool
+	)
+
+	cfg := getDefaultBaseConf()
+
+	if tmpStr, ok = conf.Get("common", "authentication_method"); ok {
+		cfg.AuthenticationMethod = tmpStr
+	}
+
+	if tmpStr, ok = conf.Get("common", "authenticate_heartbeats"); ok && tmpStr == "true" {
+		cfg.AuthenticateHeartBeats = true
+	} else {
+		cfg.AuthenticateHeartBeats = false
+	}
+
+	if tmpStr, ok = conf.Get("common", "authenticate_new_work_conns"); ok && tmpStr == "true" {
+		cfg.AuthenticateNewWorkConns = true
+	} else {
+		cfg.AuthenticateNewWorkConns = false
+	}
+
+	return cfg
+}
+
+type AuthClientConfig struct {
+	baseConfig
+	oidcClientConfig
+	tokenConfig
+}
+
+func GetDefaultAuthClientConf() AuthClientConfig {
+	return AuthClientConfig{
+		baseConfig:       getDefaultBaseConf(),
+		oidcClientConfig: getDefaultOidcClientConf(),
+		tokenConfig:      getDefaultTokenConf(),
+	}
+}
+
+func UnmarshalAuthClientConfFromIni(conf ini.File) (cfg AuthClientConfig) {
+	cfg.baseConfig = unmarshalBaseConfFromIni(conf)
+	cfg.oidcClientConfig = unmarshalOidcClientConfFromIni(conf)
+	cfg.tokenConfig = unmarshalTokenConfFromIni(conf)
+	return cfg
+}
+
+type AuthServerConfig struct {
+	baseConfig
+	oidcServerConfig
+	tokenConfig
+}
+
+func GetDefaultAuthServerConf() AuthServerConfig {
+	return AuthServerConfig{
+		baseConfig:       getDefaultBaseConf(),
+		oidcServerConfig: getDefaultOidcServerConf(),
+		tokenConfig:      getDefaultTokenConf(),
+	}
+}
+
+func UnmarshalAuthServerConfFromIni(conf ini.File) (cfg AuthServerConfig) {
+	cfg.baseConfig = unmarshalBaseConfFromIni(conf)
+	cfg.oidcServerConfig = unmarshalOidcServerConfFromIni(conf)
+	cfg.tokenConfig = unmarshalTokenConfFromIni(conf)
+	return cfg
+}
+
+type Setter interface {
+	SetLogin(*msg.Login) error
+	SetPing(*msg.Ping) error
+	SetNewWorkConn(*msg.NewWorkConn) error
+}
+
+func NewAuthSetter(cfg AuthClientConfig) (authProvider Setter) {
+	switch cfg.AuthenticationMethod {
+	case consts.TokenAuthMethod:
+		authProvider = NewTokenAuth(cfg.baseConfig, cfg.tokenConfig)
+	case consts.OidcAuthMethod:
+		authProvider = NewOidcAuthSetter(cfg.baseConfig, cfg.oidcClientConfig)
+	default:
+		panic(fmt.Sprintf("wrong authentication method: '%s'", cfg.AuthenticationMethod))
+	}
+
+	return authProvider
+}
+
+type Verifier interface {
+	VerifyLogin(*msg.Login) error
+	VerifyPing(*msg.Ping) error
+	VerifyNewWorkConn(*msg.NewWorkConn) error
+}
+
+func NewAuthVerifier(cfg AuthServerConfig) (authVerifier Verifier) {
+	switch cfg.AuthenticationMethod {
+	case consts.TokenAuthMethod:
+		authVerifier = NewTokenAuth(cfg.baseConfig, cfg.tokenConfig)
+	case consts.OidcAuthMethod:
+		authVerifier = NewOidcAuthVerifier(cfg.baseConfig, cfg.oidcServerConfig)
+	}
+
+	return authVerifier
+}

models/auth/oidc.go

@@ -0,0 +1,255 @@
+// Copyright 2020 guylewin, guy@lewin.co.il
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package auth
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/fatedier/frp/models/msg"
+
+	"github.com/coreos/go-oidc"
+	"github.com/vaughan0/go-ini"
+	"golang.org/x/oauth2/clientcredentials"
+)
+
+type oidcClientConfig struct {
+	// OidcClientId specifies the client ID to use to get a token in OIDC
+	// authentication if AuthenticationMethod == "oidc". By default, this value
+	// is "".
+	OidcClientId string `json:"oidc_client_id"`
+	// OidcClientSecret specifies the client secret to use to get a token in OIDC
+	// authentication if AuthenticationMethod == "oidc". By default, this value
+	// is "".
+	OidcClientSecret string `json:"oidc_client_secret"`
+	// OidcAudience specifies the audience of the token in OIDC authentication
+	//if AuthenticationMethod == "oidc". By default, this value is "".
+	OidcAudience string `json:"oidc_audience"`
+	// OidcTokenEndpointUrl specifies the URL which implements OIDC Token Endpoint.
+	// It will be used to get an OIDC token if AuthenticationMethod == "oidc".
+	// By default, this value is "".
+	OidcTokenEndpointUrl string `json:"oidc_token_endpoint_url"`
+}
+
+func getDefaultOidcClientConf() oidcClientConfig {
+	return oidcClientConfig{
+		OidcClientId:         "",
+		OidcClientSecret:     "",
+		OidcAudience:         "",
+		OidcTokenEndpointUrl: "",
+	}
+}
+
+func unmarshalOidcClientConfFromIni(conf ini.File) oidcClientConfig {
+	var (
+		tmpStr string
+		ok     bool
+	)
+
+	cfg := getDefaultOidcClientConf()
+
+	if tmpStr, ok = conf.Get("common", "oidc_client_id"); ok {
+		cfg.OidcClientId = tmpStr
+	}
+
+	if tmpStr, ok = conf.Get("common", "oidc_client_secret"); ok {
+		cfg.OidcClientSecret = tmpStr
+	}
+
+	if tmpStr, ok = conf.Get("common", "oidc_audience"); ok {
+		cfg.OidcAudience = tmpStr
+	}
+
+	if tmpStr, ok = conf.Get("common", "oidc_token_endpoint_url"); ok {
+		cfg.OidcTokenEndpointUrl = tmpStr
+	}
+
+	return cfg
+}
+
+type oidcServerConfig struct {
+	// OidcIssuer specifies the issuer to verify OIDC tokens with. This issuer
+	// will be used to load public keys to verify signature and will be compared
+	// with the issuer claim in the OIDC token. It will be used if
+	// AuthenticationMethod == "oidc". By default, this value is "".
+	OidcIssuer string `json:"oidc_issuer"`
+	// OidcAudience specifies the audience OIDC tokens should contain when validated.
+	// If this value is empty, audience ("client ID") verification will be skipped.
+	// It will be used when AuthenticationMethod == "oidc". By default, this
+	// value is "".
+	OidcAudience string `json:"oidc_audience"`
+	// OidcSkipExpiryCheck specifies whether to skip checking if the OIDC token is
+	// expired. It will be used when AuthenticationMethod == "oidc". By default, this
+	// value is false.
+	OidcSkipExpiryCheck bool `json:"oidc_skip_expiry_check"`
+	// OidcSkipIssuerCheck specifies whether to skip checking if the OIDC token's
+	// issuer claim matches the issuer specified in OidcIssuer. It will be used when
+	// AuthenticationMethod == "oidc". By default, this value is false.
+	OidcSkipIssuerCheck bool `json:"oidc_skip_issuer_check"`
+}
+
+func getDefaultOidcServerConf() oidcServerConfig {
+	return oidcServerConfig{
+		OidcIssuer:          "",
+		OidcAudience:        "",
+		OidcSkipExpiryCheck: false,
+		OidcSkipIssuerCheck: false,
+	}
+}
+
+func unmarshalOidcServerConfFromIni(conf ini.File) oidcServerConfig {
+	var (
+		tmpStr string
+		ok     bool
+	)
+
+	cfg := getDefaultOidcServerConf()
+
+	if tmpStr, ok = conf.Get("common", "oidc_issuer"); ok {
+		cfg.OidcIssuer = tmpStr
+	}
+
+	if tmpStr, ok = conf.Get("common", "oidc_audience"); ok {
+		cfg.OidcAudience = tmpStr
+	}
+
+	if tmpStr, ok = conf.Get("common", "oidc_skip_expiry_check"); ok && tmpStr == "true" {
+		cfg.OidcSkipExpiryCheck = true
+	} else {
+		cfg.OidcSkipExpiryCheck = false
+	}
+
+	if tmpStr, ok = conf.Get("common", "oidc_skip_issuer_check"); ok && tmpStr == "true" {
+		cfg.OidcSkipIssuerCheck = true
+	} else {
+		cfg.OidcSkipIssuerCheck = false
+	}
+
+	return cfg
+}
+
+type OidcAuthProvider struct {
+	baseConfig
+
+	tokenGenerator *clientcredentials.Config
+}
+
+func NewOidcAuthSetter(baseCfg baseConfig, cfg oidcClientConfig) *OidcAuthProvider {
+	tokenGenerator := &clientcredentials.Config{
+		ClientID:     cfg.OidcClientId,
+		ClientSecret: cfg.OidcClientSecret,
+		Scopes:       []string{cfg.OidcAudience},
+		TokenURL:     cfg.OidcTokenEndpointUrl,
+	}
+
+	return &OidcAuthProvider{
+		baseConfig:     baseCfg,
+		tokenGenerator: tokenGenerator,
+	}
+}
+
+func (auth *OidcAuthProvider) generateAccessToken() (accessToken string, err error) {
+	tokenObj, err := auth.tokenGenerator.Token(context.Background())
+	if err != nil {
+		return "", fmt.Errorf("couldn't generate OIDC token for login: %v", err)
+	}
+	return tokenObj.AccessToken, nil
+}
+
+func (auth *OidcAuthProvider) SetLogin(loginMsg *msg.Login) (err error) {
+	loginMsg.PrivilegeKey, err = auth.generateAccessToken()
+	return err
+}
+
+func (auth *OidcAuthProvider) SetPing(pingMsg *msg.Ping) (err error) {
+	if !auth.AuthenticateHeartBeats {
+		return nil
+	}
+
+	pingMsg.PrivilegeKey, err = auth.generateAccessToken()
+	return err
+}
+
+func (auth *OidcAuthProvider) SetNewWorkConn(newWorkConnMsg *msg.NewWorkConn) (err error) {
+	if !auth.AuthenticateNewWorkConns {
+		return nil
+	}
+
+	newWorkConnMsg.PrivilegeKey, err = auth.generateAccessToken()
+	return err
+}
+
+type OidcAuthConsumer struct {
+	baseConfig
+
+	verifier         *oidc.IDTokenVerifier
+	subjectFromLogin string
+}
+
+func NewOidcAuthVerifier(baseCfg baseConfig, cfg oidcServerConfig) *OidcAuthConsumer {
+	provider, err := oidc.NewProvider(context.Background(), cfg.OidcIssuer)
+	if err != nil {
+		panic(err)
+	}
+	verifierConf := oidc.Config{
+		ClientID:          cfg.OidcAudience,
+		SkipClientIDCheck: cfg.OidcAudience == "",
+		SkipExpiryCheck:   cfg.OidcSkipExpiryCheck,
+		SkipIssuerCheck:   cfg.OidcSkipIssuerCheck,
+	}
+	return &OidcAuthConsumer{
+		baseConfig: baseCfg,
+		verifier:   provider.Verifier(&verifierConf),
+	}
+}
+
+func (auth *OidcAuthConsumer) VerifyLogin(loginMsg *msg.Login) (err error) {
+	token, err := auth.verifier.Verify(context.Background(), loginMsg.PrivilegeKey)
+	if err != nil {
+		return fmt.Errorf("invalid OIDC token in login: %v", err)
+	}
+	auth.subjectFromLogin = token.Subject
+	return nil
+}
+
+func (auth *OidcAuthConsumer) verifyPostLoginToken(privilegeKey string) (err error) {
+	token, err := auth.verifier.Verify(context.Background(), privilegeKey)
+	if err != nil {
+		return fmt.Errorf("invalid OIDC token in ping: %v", err)
+	}
+	if token.Subject != auth.subjectFromLogin {
+		return fmt.Errorf("received different OIDC subject in login and ping. "+
+			"original subject: %s, "+
+			"new subject: %s",
+			auth.subjectFromLogin, token.Subject)
+	}
+	return nil
+}
+
+func (auth *OidcAuthConsumer) VerifyPing(pingMsg *msg.Ping) (err error) {
+	if !auth.AuthenticateHeartBeats {
+		return nil
+	}
+
+	return auth.verifyPostLoginToken(pingMsg.PrivilegeKey)
+}
+
+func (auth *OidcAuthConsumer) VerifyNewWorkConn(newWorkConnMsg *msg.NewWorkConn) (err error) {
+	if !auth.AuthenticateNewWorkConns {
+		return nil
+	}
+
+	return auth.verifyPostLoginToken(newWorkConnMsg.PrivilegeKey)
+}

models/auth/token.go

@@ -0,0 +1,120 @@
+// Copyright 2020 guylewin, guy@lewin.co.il
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package auth
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/fatedier/frp/models/msg"
+	"github.com/fatedier/frp/utils/util"
+
+	"github.com/vaughan0/go-ini"
+)
+
+type tokenConfig struct {
+	// Token specifies the authorization token used to create keys to be sent
+	// to the server. The server must have a matching token for authorization
+	// to succeed.  By default, this value is "".
+	Token string `json:"token"`
+}
+
+func getDefaultTokenConf() tokenConfig {
+	return tokenConfig{
+		Token: "",
+	}
+}
+
+func unmarshalTokenConfFromIni(conf ini.File) tokenConfig {
+	var (
+		tmpStr string
+		ok     bool
+	)
+
+	cfg := getDefaultTokenConf()
+
+	if tmpStr, ok = conf.Get("common", "token"); ok {
+		cfg.Token = tmpStr
+	}
+
+	return cfg
+}
+
+type TokenAuthSetterVerifier struct {
+	baseConfig
+
+	token string
+}
+
+func NewTokenAuth(baseCfg baseConfig, cfg tokenConfig) *TokenAuthSetterVerifier {
+	return &TokenAuthSetterVerifier{
+		baseConfig: baseCfg,
+		token:      cfg.Token,
+	}
+}
+
+func (auth *TokenAuthSetterVerifier) SetLogin(loginMsg *msg.Login) (err error) {
+	loginMsg.PrivilegeKey = util.GetAuthKey(auth.token, loginMsg.Timestamp)
+	return nil
+}
+
+func (auth *TokenAuthSetterVerifier) SetPing(pingMsg *msg.Ping) error {
+	if !auth.AuthenticateHeartBeats {
+		return nil
+	}
+
+	pingMsg.Timestamp = time.Now().Unix()
+	pingMsg.PrivilegeKey = util.GetAuthKey(auth.token, pingMsg.Timestamp)
+	return nil
+}
+
+func (auth *TokenAuthSetterVerifier) SetNewWorkConn(newWorkConnMsg *msg.NewWorkConn) error {
+	if !auth.AuthenticateHeartBeats {
+		return nil
+	}
+
+	newWorkConnMsg.Timestamp = time.Now().Unix()
+	newWorkConnMsg.PrivilegeKey = util.GetAuthKey(auth.token, newWorkConnMsg.Timestamp)
+	return nil
+}
+
+func (auth *TokenAuthSetterVerifier) VerifyLogin(loginMsg *msg.Login) error {
+	if util.GetAuthKey(auth.token, loginMsg.Timestamp) != loginMsg.PrivilegeKey {
+		return fmt.Errorf("token in login doesn't match token from configuration")
+	}
+	return nil
+}
+
+func (auth *TokenAuthSetterVerifier) VerifyPing(pingMsg *msg.Ping) error {
+	if !auth.AuthenticateHeartBeats {
+		return nil
+	}
+
+	if util.GetAuthKey(auth.token, pingMsg.Timestamp) != pingMsg.PrivilegeKey {
+		return fmt.Errorf("token in heartbeat doesn't match token from configuration")
+	}
+	return nil
+}
+
+func (auth *TokenAuthSetterVerifier) VerifyNewWorkConn(newWorkConnMsg *msg.NewWorkConn) error {
+	if !auth.AuthenticateNewWorkConns {
+		return nil
+	}
+
+	if util.GetAuthKey(auth.token, newWorkConnMsg.Timestamp) != newWorkConnMsg.PrivilegeKey {
+		return fmt.Errorf("token in NewWorkConn doesn't match token from configuration")
+	}
+	return nil
+}

models/config/client_common.go

@@ -0,0 +1,315 @@
+// Copyright 2016 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package config
+
+import (
+	"fmt"
+	"os"
+	"strconv"
+	"strings"
+
+	ini "github.com/vaughan0/go-ini"
+
+	"github.com/fatedier/frp/models/auth"
+)
+
+// ClientCommonConf contains information for a client service. It is
+// recommended to use GetDefaultClientConf instead of creating this object
+// directly, so that all unspecified fields have reasonable default values.
+type ClientCommonConf struct {
+	auth.AuthClientConfig
+	// ServerAddr specifies the address of the server to connect to. By
+	// default, this value is "0.0.0.0".
+	ServerAddr string `json:"server_addr"`
+	// ServerPort specifies the port to connect to the server on. By default,
+	// this value is 7000.
+	ServerPort int `json:"server_port"`
+	// HttpProxy specifies a proxy address to connect to the server through. If
+	// this value is "", the server will be connected to directly. By default,
+	// this value is read from the "http_proxy" environment variable.
+	HttpProxy string `json:"http_proxy"`
+	// LogFile specifies a file where logs will be written to. This value will
+	// only be used if LogWay is set appropriately. By default, this value is
+	// "console".
+	LogFile string `json:"log_file"`
+	// LogWay specifies the way logging is managed. Valid values are "console"
+	// or "file". If "console" is used, logs will be printed to stdout. If
+	// "file" is used, logs will be printed to LogFile. By default, this value
+	// is "console".
+	LogWay string `json:"log_way"`
+	// LogLevel specifies the minimum log level. Valid values are "trace",
+	// "debug", "info", "warn", and "error". By default, this value is "info".
+	LogLevel string `json:"log_level"`
+	// LogMaxDays specifies the maximum number of days to store log information
+	// before deletion. This is only used if LogWay == "file". By default, this
+	// value is 0.
+	LogMaxDays int64 `json:"log_max_days"`
+	// DisableLogColor disables log colors when LogWay == "console" when set to
+	// true. By default, this value is false.
+	DisableLogColor bool `json:"disable_log_color"`
+	// AdminAddr specifies the address that the admin server binds to. By
+	// default, this value is "127.0.0.1".
+	AdminAddr string `json:"admin_addr"`
+	// AdminPort specifies the port for the admin server to listen on. If this
+	// value is 0, the admin server will not be started. By default, this value
+	// is 0.
+	AdminPort int `json:"admin_port"`
+	// AdminUser specifies the username that the admin server will use for
+	// login. By default, this value is "admin".
+	AdminUser string `json:"admin_user"`
+	// AdminPwd specifies the password that the admin server will use for
+	// login. By default, this value is "admin".
+	AdminPwd string `json:"admin_pwd"`
+	// AssetsDir specifies the local directory that the admin server will load
+	// resources from. If this value is "", assets will be loaded from the
+	// bundled executable using statik. By default, this value is "".
+	AssetsDir string `json:"assets_dir"`
+	// PoolCount specifies the number of connections the client will make to
+	// the server in advance. By default, this value is 0.
+	PoolCount int `json:"pool_count"`
+	// TcpMux toggles TCP stream multiplexing. This allows multiple requests
+	// from a client to share a single TCP connection. If this value is true,
+	// the server must have TCP multiplexing enabled as well. By default, this
+	// value is true.
+	TcpMux bool `json:"tcp_mux"`
+	// User specifies a prefix for proxy names to distinguish them from other
+	// clients. If this value is not "", proxy names will automatically be
+	// changed to "{user}.{proxy_name}". By default, this value is "".
+	User string `json:"user"`
+	// DnsServer specifies a DNS server address for FRPC to use. If this value
+	// is "", the default DNS will be used. By default, this value is "".
+	DnsServer string `json:"dns_server"`
+	// LoginFailExit controls whether or not the client should exit after a
+	// failed login attempt. If false, the client will retry until a login
+	// attempt succeeds. By default, this value is true.
+	LoginFailExit bool `json:"login_fail_exit"`
+	// Start specifies a set of enabled proxies by name. If this set is empty,
+	// all supplied proxies are enabled. By default, this value is an empty
+	// set.
+	Start map[string]struct{} `json:"start"`
+	// Protocol specifies the protocol to use when interacting with the server.
+	// Valid values are "tcp", "kcp", and "websocket". By default, this value
+	// is "tcp".
+	Protocol string `json:"protocol"`
+	// TLSEnable specifies whether or not TLS should be used when communicating
+	// with the server.
+	TLSEnable bool `json:"tls_enable"`
+	// HeartBeatInterval specifies at what interval heartbeats are sent to the
+	// server, in seconds. It is not recommended to change this value. By
+	// default, this value is 30.
+	HeartBeatInterval int64 `json:"heartbeat_interval"`
+	// HeartBeatTimeout specifies the maximum allowed heartbeat response delay
+	// before the connection is terminated, in seconds. It is not recommended
+	// to change this value. By default, this value is 90.
+	HeartBeatTimeout int64 `json:"heartbeat_timeout"`
+	// Client meta info
+	Metas map[string]string `json:"metas"`
+}
+
+// GetDefaultClientConf returns a client configuration with default values.
+func GetDefaultClientConf() ClientCommonConf {
+	return ClientCommonConf{
+		ServerAddr:        "0.0.0.0",
+		ServerPort:        7000,
+		HttpProxy:         os.Getenv("http_proxy"),
+		LogFile:           "console",
+		LogWay:            "console",
+		LogLevel:          "info",
+		LogMaxDays:        3,
+		DisableLogColor:   false,
+		AdminAddr:         "127.0.0.1",
+		AdminPort:         0,
+		AdminUser:         "",
+		AdminPwd:          "",
+		AssetsDir:         "",
+		PoolCount:         1,
+		TcpMux:            true,
+		User:              "",
+		DnsServer:         "",
+		LoginFailExit:     true,
+		Start:             make(map[string]struct{}),
+		Protocol:          "tcp",
+		TLSEnable:         false,
+		HeartBeatInterval: 30,
+		HeartBeatTimeout:  90,
+		Metas:             make(map[string]string),
+	}
+}
+
+func UnmarshalClientConfFromIni(content string) (cfg ClientCommonConf, err error) {
+	cfg = GetDefaultClientConf()
+
+	conf, err := ini.Load(strings.NewReader(content))
+	if err != nil {
+		return ClientCommonConf{}, fmt.Errorf("parse ini conf file error: %v", err)
+	}
+
+	cfg.AuthClientConfig = auth.UnmarshalAuthClientConfFromIni(conf)
+
+	var (
+		tmpStr string
+		ok     bool
+		v      int64
+	)
+	if tmpStr, ok = conf.Get("common", "server_addr"); ok {
+		cfg.ServerAddr = tmpStr
+	}
+
+	if tmpStr, ok = conf.Get("common", "server_port"); ok {
+		v, err = strconv.ParseInt(tmpStr, 10, 64)
+		if err != nil {
+			err = fmt.Errorf("Parse conf error: invalid server_port")
+			return
+		}
+		cfg.ServerPort = int(v)
+	}
+
+	if tmpStr, ok = conf.Get("common", "disable_log_color"); ok && tmpStr == "true" {
+		cfg.DisableLogColor = true
+	}
+
+	if tmpStr, ok = conf.Get("common", "http_proxy"); ok {
+		cfg.HttpProxy = tmpStr
+	}
+
+	if tmpStr, ok = conf.Get("common", "log_file"); ok {
+		cfg.LogFile = tmpStr
+		if cfg.LogFile == "console" {
+			cfg.LogWay = "console"
+		} else {
+			cfg.LogWay = "file"
+		}
+	}
+
+	if tmpStr, ok = conf.Get("common", "log_level"); ok {
+		cfg.LogLevel = tmpStr
+	}
+
+	if tmpStr, ok = conf.Get("common", "log_max_days"); ok {
+		if v, err = strconv.ParseInt(tmpStr, 10, 64); err == nil {
+			cfg.LogMaxDays = v
+		}
+	}
+
+	if tmpStr, ok = conf.Get("common", "admin_addr"); ok {
+		cfg.AdminAddr = tmpStr
+	}
+
+	if tmpStr, ok = conf.Get("common", "admin_port"); ok {
+		if v, err = strconv.ParseInt(tmpStr, 10, 64); err == nil {
+			cfg.AdminPort = int(v)
+		} else {
+			err = fmt.Errorf("Parse conf error: invalid admin_port")
+			return
+		}
+	}
+
+	if tmpStr, ok = conf.Get("common", "admin_user"); ok {
+		cfg.AdminUser = tmpStr
+	}
+
+	if tmpStr, ok = conf.Get("common", "admin_pwd"); ok {
+		cfg.AdminPwd = tmpStr
+	}
+
+	if tmpStr, ok = conf.Get("common", "assets_dir"); ok {
+		cfg.AssetsDir = tmpStr
+	}
+
+	if tmpStr, ok = conf.Get("common", "pool_count"); ok {
+		if v, err = strconv.ParseInt(tmpStr, 10, 64); err == nil {
+			cfg.PoolCount = int(v)
+		}
+	}
+
+	if tmpStr, ok = conf.Get("common", "tcp_mux"); ok && tmpStr == "false" {
+		cfg.TcpMux = false
+	} else {
+		cfg.TcpMux = true
+	}
+
+	if tmpStr, ok = conf.Get("common", "user"); ok {
+		cfg.User = tmpStr
+	}
+
+	if tmpStr, ok = conf.Get("common", "dns_server"); ok {
+		cfg.DnsServer = tmpStr
+	}
+
+	if tmpStr, ok = conf.Get("common", "start"); ok {
+		proxyNames := strings.Split(tmpStr, ",")
+		for _, name := range proxyNames {
+			cfg.Start[strings.TrimSpace(name)] = struct{}{}
+		}
+	}
+
+	if tmpStr, ok = conf.Get("common", "login_fail_exit"); ok && tmpStr == "false" {
+		cfg.LoginFailExit = false
+	} else {
+		cfg.LoginFailExit = true
+	}
+
+	if tmpStr, ok = conf.Get("common", "protocol"); ok {
+		// Now it only support tcp and kcp and websocket.
+		if tmpStr != "tcp" && tmpStr != "kcp" && tmpStr != "websocket" {
+			err = fmt.Errorf("Parse conf error: invalid protocol")
+			return
+		}
+		cfg.Protocol = tmpStr
+	}
+
+	if tmpStr, ok = conf.Get("common", "tls_enable"); ok && tmpStr == "true" {
+		cfg.TLSEnable = true
+	} else {
+		cfg.TLSEnable = false
+	}
+
+	if tmpStr, ok = conf.Get("common", "heartbeat_timeout"); ok {
+		if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
+			err = fmt.Errorf("Parse conf error: invalid heartbeat_timeout")
+			return
+		} else {
+			cfg.HeartBeatTimeout = v
+		}
+	}
+
+	if tmpStr, ok = conf.Get("common", "heartbeat_interval"); ok {
+		if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
+			err = fmt.Errorf("Parse conf error: invalid heartbeat_interval")
+			return
+		} else {
+			cfg.HeartBeatInterval = v
+		}
+	}
+	for k, v := range conf.Section("common") {
+		if strings.HasPrefix(k, "meta_") {
+			cfg.Metas[strings.TrimPrefix(k, "meta_")] = v
+		}
+	}
+	return
+}
+
+func (cfg *ClientCommonConf) Check() (err error) {
+	if cfg.HeartBeatInterval <= 0 {
+		err = fmt.Errorf("Parse conf error: invalid heartbeat_interval")
+		return
+	}
+
+	if cfg.HeartBeatTimeout < cfg.HeartBeatInterval {
+		err = fmt.Errorf("Parse conf error: invalid heartbeat_timeout, heartbeat_timeout is less than heartbeat_interval")
+		return
+	}
+	return
+}

models/config/server_common.go

@@ -0,0 +1,442 @@
+// Copyright 2016 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package config
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+
+	ini "github.com/vaughan0/go-ini"
+
+	"github.com/fatedier/frp/models/auth"
+	plugin "github.com/fatedier/frp/models/plugin/server"
+	"github.com/fatedier/frp/utils/util"
+)
+
+// ServerCommonConf contains information for a server service. It is
+// recommended to use GetDefaultServerConf instead of creating this object
+// directly, so that all unspecified fields have reasonable default values.
+type ServerCommonConf struct {
+	auth.AuthServerConfig
+	// BindAddr specifies the address that the server binds to. By default,
+	// this value is "0.0.0.0".
+	BindAddr string `json:"bind_addr"`
+	// BindPort specifies the port that the server listens on. By default, this
+	// value is 7000.
+	BindPort int `json:"bind_port"`
+	// BindUdpPort specifies the UDP port that the server listens on. If this
+	// value is 0, the server will not listen for UDP connections. By default,
+	// this value is 0
+	BindUdpPort int `json:"bind_udp_port"`
+	// BindKcpPort specifies the KCP port that the server listens on. If this
+	// value is 0, the server will not listen for KCP connections. By default,
+	// this value is 0.
+	KcpBindPort int `json:"kcp_bind_port"`
+	// ProxyBindAddr specifies the address that the proxy binds to. This value
+	// may be the same as BindAddr. By default, this value is "0.0.0.0".
+	ProxyBindAddr string `json:"proxy_bind_addr"`
+	// VhostHttpPort specifies the port that the server listens for HTTP Vhost
+	// requests. If this value is 0, the server will not listen for HTTP
+	// requests. By default, this value is 0.
+	VhostHttpPort int `json:"vhost_http_port"`
+	// VhostHttpsPort specifies the port that the server listens for HTTPS
+	// Vhost requests. If this value is 0, the server will not listen for HTTPS
+	// requests. By default, this value is 0.
+	VhostHttpsPort int `json:"vhost_https_port"`
+	// TcpMuxHttpConnectPort specifies the port that the server listens for TCP
+	// HTTP CONNECT requests. If the value is 0, the server will not multiplex TCP
+	// requests on one single port. If it's not - it will listen on this value for
+	// HTTP CONNECT requests. By default, this value is 0.
+	TcpMuxHttpConnectPort int `json:"tcpmux_httpconnect_port"`
+	// VhostHttpTimeout specifies the response header timeout for the Vhost
+	// HTTP server, in seconds. By default, this value is 60.
+	VhostHttpTimeout int64 `json:"vhost_http_timeout"`
+	// DashboardAddr specifies the address that the dashboard binds to. By
+	// default, this value is "0.0.0.0".
+	DashboardAddr string `json:"dashboard_addr"`
+	// DashboardPort specifies the port that the dashboard listens on. If this
+	// value is 0, the dashboard will not be started. By default, this value is
+	// 0.
+	DashboardPort int `json:"dashboard_port"`
+	// DashboardUser specifies the username that the dashboard will use for
+	// login. By default, this value is "admin".
+	DashboardUser string `json:"dashboard_user"`
+	// DashboardUser specifies the password that the dashboard will use for
+	// login. By default, this value is "admin".
+	DashboardPwd string `json:"dashboard_pwd"`
+	// EnablePrometheus will export prometheus metrics on {dashboard_addr}:{dashboard_port}
+	// in /metrics api.
+	EnablePrometheus bool `json:"enable_prometheus"`
+	// AssetsDir specifies the local directory that the dashboard will load
+	// resources from. If this value is "", assets will be loaded from the
+	// bundled executable using statik. By default, this value is "".
+	AssetsDir string `json:"asserts_dir"`
+	// LogFile specifies a file where logs will be written to. This value will
+	// only be used if LogWay is set appropriately. By default, this value is
+	// "console".
+	LogFile string `json:"log_file"`
+	// LogWay specifies the way logging is managed. Valid values are "console"
+	// or "file". If "console" is used, logs will be printed to stdout. If
+	// "file" is used, logs will be printed to LogFile. By default, this value
+	// is "console".
+	LogWay string `json:"log_way"`
+	// LogLevel specifies the minimum log level. Valid values are "trace",
+	// "debug", "info", "warn", and "error". By default, this value is "info".
+	LogLevel string `json:"log_level"`
+	// LogMaxDays specifies the maximum number of days to store log information
+	// before deletion. This is only used if LogWay == "file". By default, this
+	// value is 0.
+	LogMaxDays int64 `json:"log_max_days"`
+	// DisableLogColor disables log colors when LogWay == "console" when set to
+	// true. By default, this value is false.
+	DisableLogColor bool `json:"disable_log_color"`
+	// DetailedErrorsToClient defines whether to send the specific error (with
+	// debug info) to frpc. By default, this value is true.
+	DetailedErrorsToClient bool `json:"detailed_errors_to_client"`
+
+	// SubDomainHost specifies the domain that will be attached to sub-domains
+	// requested by the client when using Vhost proxying. For example, if this
+	// value is set to "frps.com" and the client requested the subdomain
+	// "test", the resulting URL would be "test.frps.com". By default, this
+	// value is "".
+	SubDomainHost string `json:"subdomain_host"`
+	// TcpMux toggles TCP stream multiplexing. This allows multiple requests
+	// from a client to share a single TCP connection. By default, this value
+	// is true.
+	TcpMux bool `json:"tcp_mux"`
+	// Custom404Page specifies a path to a custom 404 page to display. If this
+	// value is "", a default page will be displayed. By default, this value is
+	// "".
+	Custom404Page string `json:"custom_404_page"`
+
+	// AllowPorts specifies a set of ports that clients are able to proxy to.
+	// If the length of this value is 0, all ports are allowed. By default,
+	// this value is an empty set.
+	AllowPorts map[int]struct{}
+	// MaxPoolCount specifies the maximum pool size for each proxy. By default,
+	// this value is 5.
+	MaxPoolCount int64 `json:"max_pool_count"`
+	// MaxPortsPerClient specifies the maximum number of ports a single client
+	// may proxy to. If this value is 0, no limit will be applied. By default,
+	// this value is 0.
+	MaxPortsPerClient int64 `json:"max_ports_per_client"`
+	// TlsOnly specifies whether to only accept TLS-encrypted connections. By
+	// default, the value is false.
+	TlsOnly bool `json:"tls_only"`
+	// HeartBeatTimeout specifies the maximum time to wait for a heartbeat
+	// before terminating the connection. It is not recommended to change this
+	// value. By default, this value is 90.
+	HeartBeatTimeout int64 `json:"heart_beat_timeout"`
+	// UserConnTimeout specifies the maximum time to wait for a work
+	// connection. By default, this value is 10.
+	UserConnTimeout int64 `json:"user_conn_timeout"`
+	// HTTPPlugins specify the server plugins support HTTP protocol.
+	HTTPPlugins map[string]plugin.HTTPPluginOptions `json:"http_plugins"`
+}
+
+// GetDefaultServerConf returns a server configuration with reasonable
+// defaults.
+func GetDefaultServerConf() ServerCommonConf {
+	return ServerCommonConf{
+		BindAddr:               "0.0.0.0",
+		BindPort:               7000,
+		BindUdpPort:            0,
+		KcpBindPort:            0,
+		ProxyBindAddr:          "0.0.0.0",
+		VhostHttpPort:          0,
+		VhostHttpsPort:         0,
+		TcpMuxHttpConnectPort:  0,
+		VhostHttpTimeout:       60,
+		DashboardAddr:          "0.0.0.0",
+		DashboardPort:          0,
+		DashboardUser:          "admin",
+		DashboardPwd:           "admin",
+		EnablePrometheus:       false,
+		AssetsDir:              "",
+		LogFile:                "console",
+		LogWay:                 "console",
+		LogLevel:               "info",
+		LogMaxDays:             3,
+		DisableLogColor:        false,
+		DetailedErrorsToClient: true,
+		SubDomainHost:          "",
+		TcpMux:                 true,
+		AllowPorts:             make(map[int]struct{}),
+		MaxPoolCount:           5,
+		MaxPortsPerClient:      0,
+		TlsOnly:                false,
+		HeartBeatTimeout:       90,
+		UserConnTimeout:        10,
+		Custom404Page:          "",
+		HTTPPlugins:            make(map[string]plugin.HTTPPluginOptions),
+	}
+}
+
+// UnmarshalServerConfFromIni parses the contents of a server configuration ini
+// file and returns the resulting server configuration.
+func UnmarshalServerConfFromIni(content string) (cfg ServerCommonConf, err error) {
+	cfg = GetDefaultServerConf()
+
+	conf, err := ini.Load(strings.NewReader(content))
+	if err != nil {
+		err = fmt.Errorf("parse ini conf file error: %v", err)
+		return ServerCommonConf{}, err
+	}
+
+	UnmarshalPluginsFromIni(conf, &cfg)
+
+	cfg.AuthServerConfig = auth.UnmarshalAuthServerConfFromIni(conf)
+
+	var (
+		tmpStr string
+		ok     bool
+		v      int64
+	)
+	if tmpStr, ok = conf.Get("common", "bind_addr"); ok {
+		cfg.BindAddr = tmpStr
+	}
+
+	if tmpStr, ok = conf.Get("common", "bind_port"); ok {
+		if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
+			err = fmt.Errorf("Parse conf error: invalid bind_port")
+			return
+		} else {
+			cfg.BindPort = int(v)
+		}
+	}
+
+	if tmpStr, ok = conf.Get("common", "bind_udp_port"); ok {
+		if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
+			err = fmt.Errorf("Parse conf error: invalid bind_udp_port")
+			return
+		} else {
+			cfg.BindUdpPort = int(v)
+		}
+	}
+
+	if tmpStr, ok = conf.Get("common", "kcp_bind_port"); ok {
+		if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
+			err = fmt.Errorf("Parse conf error: invalid kcp_bind_port")
+			return
+		} else {
+			cfg.KcpBindPort = int(v)
+		}
+	}
+
+	if tmpStr, ok = conf.Get("common", "proxy_bind_addr"); ok {
+		cfg.ProxyBindAddr = tmpStr
+	} else {
+		cfg.ProxyBindAddr = cfg.BindAddr
+	}
+
+	if tmpStr, ok = conf.Get("common", "vhost_http_port"); ok {
+		if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
+			err = fmt.Errorf("Parse conf error: invalid vhost_http_port")
+			return
+		} else {
+			cfg.VhostHttpPort = int(v)
+		}
+	} else {
+		cfg.VhostHttpPort = 0
+	}
+
+	if tmpStr, ok = conf.Get("common", "vhost_https_port"); ok {
+		if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
+			err = fmt.Errorf("Parse conf error: invalid vhost_https_port")
+			return
+		} else {
+			cfg.VhostHttpsPort = int(v)
+		}
+	} else {
+		cfg.VhostHttpsPort = 0
+	}
+
+	if tmpStr, ok = conf.Get("common", "tcpmux_httpconnect_port"); ok {
+		if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
+			err = fmt.Errorf("Parse conf error: invalid tcpmux_httpconnect_port")
+			return
+		} else {
+			cfg.TcpMuxHttpConnectPort = int(v)
+		}
+	} else {
+		cfg.TcpMuxHttpConnectPort = 0
+	}
+
+	if tmpStr, ok = conf.Get("common", "vhost_http_timeout"); ok {
+		v, errRet := strconv.ParseInt(tmpStr, 10, 64)
+		if errRet != nil || v < 0 {
+			err = fmt.Errorf("Parse conf error: invalid vhost_http_timeout")
+			return
+		} else {
+			cfg.VhostHttpTimeout = v
+		}
+	}
+
+	if tmpStr, ok = conf.Get("common", "dashboard_addr"); ok {
+		cfg.DashboardAddr = tmpStr
+	} else {
+		cfg.DashboardAddr = cfg.BindAddr
+	}
+
+	if tmpStr, ok = conf.Get("common", "dashboard_port"); ok {
+		if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
+			err = fmt.Errorf("Parse conf error: invalid dashboard_port")
+			return
+		} else {
+			cfg.DashboardPort = int(v)
+		}
+	} else {
+		cfg.DashboardPort = 0
+	}
+
+	if tmpStr, ok = conf.Get("common", "dashboard_user"); ok {
+		cfg.DashboardUser = tmpStr
+	}
+
+	if tmpStr, ok = conf.Get("common", "dashboard_pwd"); ok {
+		cfg.DashboardPwd = tmpStr
+	}
+
+	if tmpStr, ok = conf.Get("common", "enable_prometheus"); ok && tmpStr == "true" {
+		cfg.EnablePrometheus = true
+	}
+
+	if tmpStr, ok = conf.Get("common", "assets_dir"); ok {
+		cfg.AssetsDir = tmpStr
+	}
+
+	if tmpStr, ok = conf.Get("common", "log_file"); ok {
+		cfg.LogFile = tmpStr
+		if cfg.LogFile == "console" {
+			cfg.LogWay = "console"
+		} else {
+			cfg.LogWay = "file"
+		}
+	}
+
+	if tmpStr, ok = conf.Get("common", "log_level"); ok {
+		cfg.LogLevel = tmpStr
+	}
+
+	if tmpStr, ok = conf.Get("common", "log_max_days"); ok {
+		v, err = strconv.ParseInt(tmpStr, 10, 64)
+		if err == nil {
+			cfg.LogMaxDays = v
+		}
+	}
+
+	if tmpStr, ok = conf.Get("common", "disable_log_color"); ok && tmpStr == "true" {
+		cfg.DisableLogColor = true
+	}
+
+	if tmpStr, ok = conf.Get("common", "detailed_errors_to_client"); ok && tmpStr == "false" {
+		cfg.DetailedErrorsToClient = false
+	} else {
+		cfg.DetailedErrorsToClient = true
+	}
+
+	if allowPortsStr, ok := conf.Get("common", "allow_ports"); ok {
+		// e.g. 1000-2000,2001,2002,3000-4000
+		ports, errRet := util.ParseRangeNumbers(allowPortsStr)
+		if errRet != nil {
+			err = fmt.Errorf("Parse conf error: allow_ports: %v", errRet)
+			return
+		}
+
+		for _, port := range ports {
+			cfg.AllowPorts[int(port)] = struct{}{}
+		}
+	}
+
+	if tmpStr, ok = conf.Get("common", "max_pool_count"); ok {
+		if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
+			err = fmt.Errorf("Parse conf error: invalid max_pool_count")
+			return
+		} else {
+			if v < 0 {
+				err = fmt.Errorf("Parse conf error: invalid max_pool_count")
+				return
+			}
+			cfg.MaxPoolCount = v
+		}
+	}
+
+	if tmpStr, ok = conf.Get("common", "max_ports_per_client"); ok {
+		if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
+			err = fmt.Errorf("Parse conf error: invalid max_ports_per_client")
+			return
+		} else {
+			if v < 0 {
+				err = fmt.Errorf("Parse conf error: invalid max_ports_per_client")
+				return
+			}
+			cfg.MaxPortsPerClient = v
+		}
+	}
+
+	if tmpStr, ok = conf.Get("common", "subdomain_host"); ok {
+		cfg.SubDomainHost = strings.ToLower(strings.TrimSpace(tmpStr))
+	}
+
+	if tmpStr, ok = conf.Get("common", "tcp_mux"); ok && tmpStr == "false" {
+		cfg.TcpMux = false
+	} else {
+		cfg.TcpMux = true
+	}
+
+	if tmpStr, ok = conf.Get("common", "custom_404_page"); ok {
+		cfg.Custom404Page = tmpStr
+	}
+
+	if tmpStr, ok = conf.Get("common", "heartbeat_timeout"); ok {
+		v, errRet := strconv.ParseInt(tmpStr, 10, 64)
+		if errRet != nil {
+			err = fmt.Errorf("Parse conf error: heartbeat_timeout is incorrect")
+			return
+		} else {
+			cfg.HeartBeatTimeout = v
+		}
+	}
+
+	if tmpStr, ok = conf.Get("common", "tls_only"); ok && tmpStr == "true" {
+		cfg.TlsOnly = true
+	} else {
+		cfg.TlsOnly = false
+	}
+	return
+}
+
+func UnmarshalPluginsFromIni(sections ini.File, cfg *ServerCommonConf) {
+	for name, section := range sections {
+		if strings.HasPrefix(name, "plugin.") {
+			name = strings.TrimSpace(strings.TrimPrefix(name, "plugin."))
+			options := plugin.HTTPPluginOptions{
+				Name: name,
+				Addr: section["addr"],
+				Path: section["path"],
+				Ops:  strings.Split(section["ops"], ","),
+			}
+			for i, _ := range options.Ops {
+				options.Ops[i] = strings.TrimSpace(options.Ops[i])
+			}
+			cfg.HTTPPlugins[name] = options
+		}
+	}
+}
+
+func (cfg *ServerCommonConf) Check() (err error) {
+	return
+}

models/config/types.go

@@ -0,0 +1,112 @@
+// Copyright 2019 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package config
+
+import (
+	"encoding/json"
+	"errors"
+	"strconv"
+	"strings"
+)
+
+const (
+	MB = 1024 * 1024
+	KB = 1024
+)
+
+type BandwidthQuantity struct {
+	s string // MB or KB
+
+	i int64 // bytes
+}
+
+func NewBandwidthQuantity(s string) (BandwidthQuantity, error) {
+	q := BandwidthQuantity{}
+	err := q.UnmarshalString(s)
+	if err != nil {
+		return q, err
+	}
+	return q, nil
+}
+
+func (q *BandwidthQuantity) Equal(u *BandwidthQuantity) bool {
+	if q == nil && u == nil {
+		return true
+	}
+	if q != nil && u != nil {
+		return q.i == u.i
+	}
+	return false
+}
+
+func (q *BandwidthQuantity) String() string {
+	return q.s
+}
+
+func (q *BandwidthQuantity) UnmarshalString(s string) error {
+	s = strings.TrimSpace(s)
+	if s == "" {
+		return nil
+	}
+
+	var (
+		base int64
+		f    float64
+		err  error
+	)
+	if strings.HasSuffix(s, "MB") {
+		base = MB
+		fstr := strings.TrimSuffix(s, "MB")
+		f, err = strconv.ParseFloat(fstr, 64)
+		if err != nil {
+			return err
+		}
+	} else if strings.HasSuffix(s, "KB") {
+		base = KB
+		fstr := strings.TrimSuffix(s, "KB")
+		f, err = strconv.ParseFloat(fstr, 64)
+		if err != nil {
+			return err
+		}
+	} else {
+		return errors.New("unit not support")
+	}
+
+	q.s = s
+	q.i = int64(f * float64(base))
+	return nil
+}
+
+func (q *BandwidthQuantity) UnmarshalJSON(b []byte) error {
+	if len(b) == 4 && string(b) == "null" {
+		return nil
+	}
+
+	var str string
+	err := json.Unmarshal(b, &str)
+	if err != nil {
+		return err
+	}
+
+	return q.UnmarshalString(str)
+}
+
+func (q *BandwidthQuantity) MarshalJSON() ([]byte, error) {
+	return []byte("\"" + q.s + "\""), nil
+}
+
+func (q *BandwidthQuantity) Bytes() int64 {
+	return q.i
+}

models/config/types_test.go

@@ -0,0 +1,40 @@
+// Copyright 2019 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package config
+
+import (
+	"encoding/json"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+type Wrap struct {
+	B   BandwidthQuantity `json:"b"`
+	Int int               `json:"int"`
+}
+
+func TestBandwidthQuantity(t *testing.T) {
+	assert := assert.New(t)
+
+	var w Wrap
+	err := json.Unmarshal([]byte(`{"b":"1KB","int":5}`), &w)
+	assert.NoError(err)
+	assert.EqualValues(1*KB, w.B.Bytes())
+
+	buf, err := json.Marshal(&w)
+	assert.NoError(err)
+	assert.Equal(`{"b":"1KB","int":5}`, string(buf))
+}

models/config/value.go

@@ -0,0 +1,64 @@
+package config
+
+import (
+	"bytes"
+	"io/ioutil"
+	"os"
+	"strings"
+	"text/template"
+)
+
+var (
+	glbEnvs map[string]string
+)
+
+func init() {
+	glbEnvs = make(map[string]string)
+	envs := os.Environ()
+	for _, env := range envs {
+		kv := strings.Split(env, "=")
+		if len(kv) != 2 {
+			continue
+		}
+		glbEnvs[kv[0]] = kv[1]
+	}
+}
+
+type Values struct {
+	Envs map[string]string // environment vars
+}
+
+func GetValues() *Values {
+	return &Values{
+		Envs: glbEnvs,
+	}
+}
+
+func RenderContent(in string) (out string, err error) {
+	tmpl, errRet := template.New("frp").Parse(in)
+	if errRet != nil {
+		err = errRet
+		return
+	}
+
+	buffer := bytes.NewBufferString("")
+	v := GetValues()
+	err = tmpl.Execute(buffer, v)
+	if err != nil {
+		return
+	}
+	out = buffer.String()
+	return
+}
+
+func GetRenderedConfFromFile(path string) (out string, err error) {
+	var b []byte
+	b, err = ioutil.ReadFile(path)
+	if err != nil {
+		return
+	}
+	content := string(b)
+
+	out, err = RenderContent(content)
+	return
+}

models/config/visitor.go

@@ -0,0 +1,213 @@
+// Copyright 2018 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package config
+
+import (
+	"fmt"
+	"reflect"
+	"strconv"
+
+	"github.com/fatedier/frp/models/consts"
+
+	ini "github.com/vaughan0/go-ini"
+)
+
+var (
+	visitorConfTypeMap map[string]reflect.Type
+)
+
+func init() {
+	visitorConfTypeMap = make(map[string]reflect.Type)
+	visitorConfTypeMap[consts.StcpProxy] = reflect.TypeOf(StcpVisitorConf{})
+	visitorConfTypeMap[consts.XtcpProxy] = reflect.TypeOf(XtcpVisitorConf{})
+}
+
+type VisitorConf interface {
+	GetBaseInfo() *BaseVisitorConf
+	Compare(cmp VisitorConf) bool
+	UnmarshalFromIni(prefix string, name string, section ini.Section) error
+	Check() error
+}
+
+func NewVisitorConfByType(cfgType string) VisitorConf {
+	v, ok := visitorConfTypeMap[cfgType]
+	if !ok {
+		return nil
+	}
+	cfg := reflect.New(v).Interface().(VisitorConf)
+	return cfg
+}
+
+func NewVisitorConfFromIni(prefix string, name string, section ini.Section) (cfg VisitorConf, err error) {
+	cfgType := section["type"]
+	if cfgType == "" {
+		err = fmt.Errorf("visitor [%s] type shouldn't be empty", name)
+		return
+	}
+	cfg = NewVisitorConfByType(cfgType)
+	if cfg == nil {
+		err = fmt.Errorf("visitor [%s] type [%s] error", name, cfgType)
+		return
+	}
+	if err = cfg.UnmarshalFromIni(prefix, name, section); err != nil {
+		return
+	}
+	if err = cfg.Check(); err != nil {
+		return
+	}
+	return
+}
+
+type BaseVisitorConf struct {
+	ProxyName      string `json:"proxy_name"`
+	ProxyType      string `json:"proxy_type"`
+	UseEncryption  bool   `json:"use_encryption"`
+	UseCompression bool   `json:"use_compression"`
+	Role           string `json:"role"`
+	Sk             string `json:"sk"`
+	ServerName     string `json:"server_name"`
+	BindAddr       string `json:"bind_addr"`
+	BindPort       int    `json:"bind_port"`
+}
+
+func (cfg *BaseVisitorConf) GetBaseInfo() *BaseVisitorConf {
+	return cfg
+}
+
+func (cfg *BaseVisitorConf) compare(cmp *BaseVisitorConf) bool {
+	if cfg.ProxyName != cmp.ProxyName ||
+		cfg.ProxyType != cmp.ProxyType ||
+		cfg.UseEncryption != cmp.UseEncryption ||
+		cfg.UseCompression != cmp.UseCompression ||
+		cfg.Role != cmp.Role ||
+		cfg.Sk != cmp.Sk ||
+		cfg.ServerName != cmp.ServerName ||
+		cfg.BindAddr != cmp.BindAddr ||
+		cfg.BindPort != cmp.BindPort {
+		return false
+	}
+	return true
+}
+
+func (cfg *BaseVisitorConf) check() (err error) {
+	if cfg.Role != "visitor" {
+		err = fmt.Errorf("invalid role")
+		return
+	}
+	if cfg.BindAddr == "" {
+		err = fmt.Errorf("bind_addr shouldn't be empty")
+		return
+	}
+	if cfg.BindPort <= 0 {
+		err = fmt.Errorf("bind_port is required")
+		return
+	}
+	return
+}
+
+func (cfg *BaseVisitorConf) UnmarshalFromIni(prefix string, name string, section ini.Section) (err error) {
+	var (
+		tmpStr string
+		ok     bool
+	)
+	cfg.ProxyName = prefix + name
+	cfg.ProxyType = section["type"]
+
+	if tmpStr, ok = section["use_encryption"]; ok && tmpStr == "true" {
+		cfg.UseEncryption = true
+	}
+	if tmpStr, ok = section["use_compression"]; ok && tmpStr == "true" {
+		cfg.UseCompression = true
+	}
+
+	cfg.Role = section["role"]
+	if cfg.Role != "visitor" {
+		return fmt.Errorf("Parse conf error: proxy [%s] incorrect role [%s]", name, cfg.Role)
+	}
+	cfg.Sk = section["sk"]
+	cfg.ServerName = prefix + section["server_name"]
+	if cfg.BindAddr = section["bind_addr"]; cfg.BindAddr == "" {
+		cfg.BindAddr = "127.0.0.1"
+	}
+
+	if tmpStr, ok = section["bind_port"]; ok {
+		if cfg.BindPort, err = strconv.Atoi(tmpStr); err != nil {
+			return fmt.Errorf("Parse conf error: proxy [%s] bind_port incorrect", name)
+		}
+	} else {
+		return fmt.Errorf("Parse conf error: proxy [%s] bind_port not found", name)
+	}
+	return nil
+}
+
+type StcpVisitorConf struct {
+	BaseVisitorConf
+}
+
+func (cfg *StcpVisitorConf) Compare(cmp VisitorConf) bool {
+	cmpConf, ok := cmp.(*StcpVisitorConf)
+	if !ok {
+		return false
+	}
+
+	if !cfg.BaseVisitorConf.compare(&cmpConf.BaseVisitorConf) {
+		return false
+	}
+	return true
+}
+
+func (cfg *StcpVisitorConf) UnmarshalFromIni(prefix string, name string, section ini.Section) (err error) {
+	if err = cfg.BaseVisitorConf.UnmarshalFromIni(prefix, name, section); err != nil {
+		return
+	}
+	return
+}
+
+func (cfg *StcpVisitorConf) Check() (err error) {
+	if err = cfg.BaseVisitorConf.check(); err != nil {
+		return
+	}
+	return
+}
+
+type XtcpVisitorConf struct {
+	BaseVisitorConf
+}
+
+func (cfg *XtcpVisitorConf) Compare(cmp VisitorConf) bool {
+	cmpConf, ok := cmp.(*XtcpVisitorConf)
+	if !ok {
+		return false
+	}
+
+	if !cfg.BaseVisitorConf.compare(&cmpConf.BaseVisitorConf) {
+		return false
+	}
+	return true
+}
+
+func (cfg *XtcpVisitorConf) UnmarshalFromIni(prefix string, name string, section ini.Section) (err error) {
+	if err = cfg.BaseVisitorConf.UnmarshalFromIni(prefix, name, section); err != nil {
+		return
+	}
+	return
+}
+
+func (cfg *XtcpVisitorConf) Check() (err error) {
+	if err = cfg.BaseVisitorConf.check(); err != nil {
+		return
+	}
+	return
+}

models/consts/consts.go

@@ -0,0 +1,40 @@
+// Copyright 2016 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package consts
+
+var (
+	// proxy status
+	Idle    string = "idle"
+	Working string = "working"
+	Closed  string = "closed"
+	Online  string = "online"
+	Offline string = "offline"
+
+	// proxy type
+	TcpProxy    string = "tcp"
+	UdpProxy    string = "udp"
+	TcpMuxProxy string = "tcpmux"
+	HttpProxy   string = "http"
+	HttpsProxy  string = "https"
+	StcpProxy   string = "stcp"
+	XtcpProxy   string = "xtcp"
+
+	// authentication method
+	TokenAuthMethod string = "token"
+	OidcAuthMethod  string = "oidc"
+
+	// tcp multiplexer
+	HttpConnectTcpMultiplexer string = "httpconnect"
+)

models/errors/errors.go

@@ -12,26 +12,13 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package consts
+package errors
 
-// server status
-const (
-	Idle = iota
-	Working
+import (
+	"errors"
 )
 
-// connection type
-const (
-	CtlConn = iota
-	WorkConn
-)
-
-// msg from client to server
-const (
-	CSHeartBeatReq = 1
-)
-
-// msg from server to client
-const (
-	SCHeartBeatRes = 100
+var (
+	ErrMsgType   = errors.New("message type error")
+	ErrCtlClosed = errors.New("control is closed")
 )

models/metrics/aggregate/server.go

@@ -0,0 +1,93 @@
+// Copyright 2020 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package aggregate
+
+import (
+	"github.com/fatedier/frp/models/metrics/mem"
+	"github.com/fatedier/frp/models/metrics/prometheus"
+	"github.com/fatedier/frp/server/metrics"
+)
+
+// EnableMem start to mark metrics to memory monitor system.
+func EnableMem() {
+	sm.Add(mem.ServerMetrics)
+}
+
+// EnablePrometheus start to mark metrics to prometheus.
+func EnablePrometheus() {
+	sm.Add(prometheus.ServerMetrics)
+}
+
+var sm *serverMetrics = &serverMetrics{}
+
+func init() {
+	metrics.Register(sm)
+}
+
+type serverMetrics struct {
+	ms []metrics.ServerMetrics
+}
+
+func (m *serverMetrics) Add(sm metrics.ServerMetrics) {
+	m.ms = append(m.ms, sm)
+}
+
+func (m *serverMetrics) NewClient() {
+	for _, v := range m.ms {
+		v.NewClient()
+	}
+}
+
+func (m *serverMetrics) CloseClient() {
+	for _, v := range m.ms {
+		v.CloseClient()
+	}
+}
+
+func (m *serverMetrics) NewProxy(name string, proxyType string) {
+	for _, v := range m.ms {
+		v.NewProxy(name, proxyType)
+	}
+}
+
+func (m *serverMetrics) CloseProxy(name string, proxyType string) {
+	for _, v := range m.ms {
+		v.CloseProxy(name, proxyType)
+	}
+}
+
+func (m *serverMetrics) OpenConnection(name string, proxyType string) {
+	for _, v := range m.ms {
+		v.OpenConnection(name, proxyType)
+	}
+}
+
+func (m *serverMetrics) CloseConnection(name string, proxyType string) {
+	for _, v := range m.ms {
+		v.CloseConnection(name, proxyType)
+	}
+}
+
+func (m *serverMetrics) AddTrafficIn(name string, proxyType string, trafficBytes int64) {
+	for _, v := range m.ms {
+		v.AddTrafficIn(name, proxyType, trafficBytes)
+	}
+}
+
+func (m *serverMetrics) AddTrafficOut(name string, proxyType string, trafficBytes int64) {
+	for _, v := range m.ms {
+		v.AddTrafficOut(name, proxyType, trafficBytes)
+	}
+}

models/metrics/mem/server.go

@@ -0,0 +1,262 @@
+// Copyright 2019 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package mem
+
+import (
+	"sync"
+	"time"
+
+	server "github.com/fatedier/frp/server/metrics"
+	"github.com/fatedier/frp/utils/log"
+	"github.com/fatedier/frp/utils/metric"
+)
+
+var sm *serverMetrics = newServerMetrics()
+var ServerMetrics server.ServerMetrics
+var StatsCollector Collector
+
+func init() {
+	ServerMetrics = sm
+	StatsCollector = sm
+	sm.run()
+}
+
+type serverMetrics struct {
+	info *ServerStatistics
+	mu   sync.Mutex
+}
+
+func newServerMetrics() *serverMetrics {
+	return &serverMetrics{
+		info: &ServerStatistics{
+			TotalTrafficIn:  metric.NewDateCounter(ReserveDays),
+			TotalTrafficOut: metric.NewDateCounter(ReserveDays),
+			CurConns:        metric.NewCounter(),
+
+			ClientCounts:    metric.NewCounter(),
+			ProxyTypeCounts: make(map[string]metric.Counter),
+
+			ProxyStatistics: make(map[string]*ProxyStatistics),
+		},
+	}
+}
+
+func (m *serverMetrics) run() {
+	go func() {
+		for {
+			time.Sleep(12 * time.Hour)
+			log.Debug("start to clear useless proxy statistics data...")
+			m.clearUselessInfo()
+			log.Debug("finish to clear useless proxy statistics data")
+		}
+	}()
+}
+
+func (m *serverMetrics) clearUselessInfo() {
+	// To check if there are proxies that closed than 7 days and drop them.
+	m.mu.Lock()
+	defer m.mu.Unlock()
+	for name, data := range m.info.ProxyStatistics {
+		if !data.LastCloseTime.IsZero() && time.Since(data.LastCloseTime) > time.Duration(7*24)*time.Hour {
+			delete(m.info.ProxyStatistics, name)
+			log.Trace("clear proxy [%s]'s statistics data, lastCloseTime: [%s]", name, data.LastCloseTime.String())
+		}
+	}
+}
+
+func (m *serverMetrics) NewClient() {
+	m.info.ClientCounts.Inc(1)
+}
+
+func (m *serverMetrics) CloseClient() {
+	m.info.ClientCounts.Dec(1)
+}
+
+func (m *serverMetrics) NewProxy(name string, proxyType string) {
+	m.mu.Lock()
+	defer m.mu.Unlock()
+	counter, ok := m.info.ProxyTypeCounts[proxyType]
+	if !ok {
+		counter = metric.NewCounter()
+	}
+	counter.Inc(1)
+	m.info.ProxyTypeCounts[proxyType] = counter
+
+	proxyStats, ok := m.info.ProxyStatistics[name]
+	if !(ok && proxyStats.ProxyType == proxyType) {
+		proxyStats = &ProxyStatistics{
+			Name:       name,
+			ProxyType:  proxyType,
+			CurConns:   metric.NewCounter(),
+			TrafficIn:  metric.NewDateCounter(ReserveDays),
+			TrafficOut: metric.NewDateCounter(ReserveDays),
+		}
+		m.info.ProxyStatistics[name] = proxyStats
+	}
+	proxyStats.LastStartTime = time.Now()
+}
+
+func (m *serverMetrics) CloseProxy(name string, proxyType string) {
+	m.mu.Lock()
+	defer m.mu.Unlock()
+	if counter, ok := m.info.ProxyTypeCounts[proxyType]; ok {
+		counter.Dec(1)
+	}
+	if proxyStats, ok := m.info.ProxyStatistics[name]; ok {
+		proxyStats.LastCloseTime = time.Now()
+	}
+}
+
+func (m *serverMetrics) OpenConnection(name string, proxyType string) {
+	m.info.CurConns.Inc(1)
+
+	m.mu.Lock()
+	defer m.mu.Unlock()
+	proxyStats, ok := m.info.ProxyStatistics[name]
+	if ok {
+		proxyStats.CurConns.Inc(1)
+		m.info.ProxyStatistics[name] = proxyStats
+	}
+}
+
+func (m *serverMetrics) CloseConnection(name string, proxyType string) {
+	m.info.CurConns.Dec(1)
+
+	m.mu.Lock()
+	defer m.mu.Unlock()
+	proxyStats, ok := m.info.ProxyStatistics[name]
+	if ok {
+		proxyStats.CurConns.Dec(1)
+		m.info.ProxyStatistics[name] = proxyStats
+	}
+}
+
+func (m *serverMetrics) AddTrafficIn(name string, proxyType string, trafficBytes int64) {
+	m.info.TotalTrafficIn.Inc(trafficBytes)
+
+	m.mu.Lock()
+	defer m.mu.Unlock()
+
+	proxyStats, ok := m.info.ProxyStatistics[name]
+	if ok {
+		proxyStats.TrafficIn.Inc(trafficBytes)
+		m.info.ProxyStatistics[name] = proxyStats
+	}
+}
+
+func (m *serverMetrics) AddTrafficOut(name string, proxyType string, trafficBytes int64) {
+	m.info.TotalTrafficOut.Inc(trafficBytes)
+
+	m.mu.Lock()
+	defer m.mu.Unlock()
+
+	proxyStats, ok := m.info.ProxyStatistics[name]
+	if ok {
+		proxyStats.TrafficOut.Inc(trafficBytes)
+		m.info.ProxyStatistics[name] = proxyStats
+	}
+}
+
+// Get stats data api.
+
+func (m *serverMetrics) GetServer() *ServerStats {
+	m.mu.Lock()
+	defer m.mu.Unlock()
+	s := &ServerStats{
+		TotalTrafficIn:  m.info.TotalTrafficIn.TodayCount(),
+		TotalTrafficOut: m.info.TotalTrafficOut.TodayCount(),
+		CurConns:        m.info.CurConns.Count(),
+		ClientCounts:    m.info.ClientCounts.Count(),
+		ProxyTypeCounts: make(map[string]int64),
+	}
+	for k, v := range m.info.ProxyTypeCounts {
+		s.ProxyTypeCounts[k] = v.Count()
+	}
+	return s
+}
+
+func (m *serverMetrics) GetProxiesByType(proxyType string) []*ProxyStats {
+	res := make([]*ProxyStats, 0)
+	m.mu.Lock()
+	defer m.mu.Unlock()
+
+	for name, proxyStats := range m.info.ProxyStatistics {
+		if proxyStats.ProxyType != proxyType {
+			continue
+		}
+
+		ps := &ProxyStats{
+			Name:            name,
+			Type:            proxyStats.ProxyType,
+			TodayTrafficIn:  proxyStats.TrafficIn.TodayCount(),
+			TodayTrafficOut: proxyStats.TrafficOut.TodayCount(),
+			CurConns:        proxyStats.CurConns.Count(),
+		}
+		if !proxyStats.LastStartTime.IsZero() {
+			ps.LastStartTime = proxyStats.LastStartTime.Format("01-02 15:04:05")
+		}
+		if !proxyStats.LastCloseTime.IsZero() {
+			ps.LastCloseTime = proxyStats.LastCloseTime.Format("01-02 15:04:05")
+		}
+		res = append(res, ps)
+	}
+	return res
+}
+
+func (m *serverMetrics) GetProxiesByTypeAndName(proxyType string, proxyName string) (res *ProxyStats) {
+	m.mu.Lock()
+	defer m.mu.Unlock()
+
+	for name, proxyStats := range m.info.ProxyStatistics {
+		if proxyStats.ProxyType != proxyType {
+			continue
+		}
+
+		if name != proxyName {
+			continue
+		}
+
+		res = &ProxyStats{
+			Name:            name,
+			Type:            proxyStats.ProxyType,
+			TodayTrafficIn:  proxyStats.TrafficIn.TodayCount(),
+			TodayTrafficOut: proxyStats.TrafficOut.TodayCount(),
+			CurConns:        proxyStats.CurConns.Count(),
+		}
+		if !proxyStats.LastStartTime.IsZero() {
+			res.LastStartTime = proxyStats.LastStartTime.Format("01-02 15:04:05")
+		}
+		if !proxyStats.LastCloseTime.IsZero() {
+			res.LastCloseTime = proxyStats.LastCloseTime.Format("01-02 15:04:05")
+		}
+		break
+	}
+	return
+}
+
+func (m *serverMetrics) GetProxyTraffic(name string) (res *ProxyTrafficInfo) {
+	m.mu.Lock()
+	defer m.mu.Unlock()
+
+	proxyStats, ok := m.info.ProxyStatistics[name]
+	if ok {
+		res = &ProxyTrafficInfo{
+			Name: name,
+		}
+		res.TrafficIn = proxyStats.TrafficIn.GetLastDaysCount(ReserveDays)
+		res.TrafficOut = proxyStats.TrafficOut.GetLastDaysCount(ReserveDays)
+	}
+	return
+}