feat: add outbound proxy support (socks5/http) for restricted networks

2026-05-11 21:40:45 +08:00
parent 221348b975
commit 404e2425fa
9 changed files with 205 additions and 42 deletions
--- a/auth/http_client.go
+++ b/auth/http_client.go
@@ -3,18 +3,46 @@ package auth

 import (
 	"net/http"
+	"net/url"
+	"sync/atomic"
 	"time"
 )

-// 全局 HTTP 客户端，复用连接池
-// 用于所有 auth 模块的 HTTP 请求
-var httpClient = &http.Client{
-	Timeout: 30 * time.Second,
-	Transport: &http.Transport{
-		MaxIdleConns:        50,               // 最大空闲连接数
-		MaxIdleConnsPerHost: 10,               // 每个 Host 最大空闲连接数
-		IdleConnTimeout:     90 * time.Second, // 空闲连接超时
-		DisableCompression:  false,            // 启用压缩
-		ForceAttemptHTTP2:   true,             // 尝试使用 HTTP/2
-	},
+// 全局 HTTP 客户端存储，支持运行时代理重配置
+var httpClientStore atomic.Pointer[http.Client]
+
+// httpClient 返回当前全局 auth HTTP 客户端
+func httpClient() *http.Client {
+	return httpClientStore.Load()
+}
+
+func init() {
+	InitHttpClient("")
+}
+
+// buildAuthTransport 构建带可选代理的 Transport
+func buildAuthTransport(proxyURL string) *http.Transport {
+	t := &http.Transport{
+		MaxIdleConns:        50,
+		MaxIdleConnsPerHost: 10,
+		IdleConnTimeout:     90 * time.Second,
+		DisableCompression:  false,
+		ForceAttemptHTTP2:   true,
+	}
+	if proxyURL != "" {
+		if u, err := url.Parse(proxyURL); err == nil {
+			t.Proxy = http.ProxyURL(u)
+			t.ForceAttemptHTTP2 = false
+		}
+	}
+	return t
+}
+
+// InitHttpClient 初始化（或重新初始化）auth 模块的全局 HTTP 客户端
+func InitHttpClient(proxyURL string) {
+	client := &http.Client{
+		Timeout:   30 * time.Second,
+		Transport: buildAuthTransport(proxyURL),
+	}
+	httpClientStore.Store(client)
 }