5 years ago · 6007e4cc6f
--- a/proxy/vmess/aead/authid.go
+++ b/proxy/vmess/aead/authid.go
@@ -90,7 +90,7 @@ func (a *AuthIDDecoderHolder) RemoveUser(key [16]byte) {
 
				 
			
 
				 func (a *AuthIDDecoderHolder) Match(AuthID [16]byte) (interface{}, error) {
			
 
				 	if !a.apw.Check(AuthID[:]) {
			
 
				-		return nil, errReplay
			
 
				+		return nil, ErrReplay
			
 
				 	}
			
 
				 	for _, v := range a.aidhi {
			
 
				 
			
@@ -106,9 +106,9 @@ func (a *AuthIDDecoderHolder) Match(AuthID [16]byte) (interface{}, error) {
 
				 		return v.ticket, nil
			
 
				 
			
 
				 	}
			
 
				-	return nil, errNotFound
			
 
				+	return nil, ErrNotFound
			
 
				 }
			
 
				 
			
 
				-var errNotFound = errors.New("user do not exist")
			
 
				+var ErrNotFound = errors.New("user do not exist")
			
 
				 
			
 
				-var errReplay = errors.New("replayed request")
			
 
				+var ErrReplay = errors.New("replayed request")
			
--- a/proxy/vmess/encoding/server.go
+++ b/proxy/vmess/encoding/server.go
@@ -165,7 +165,7 @@ func (s *ServerSession) DecodeRequestHeader(reader io.Reader) (*protocol.Request
 
				 	var decryptor io.Reader
			
 
				 	var vmessAccount *vmess.MemoryAccount
			
 
				 
			
 
				-	user, foundAEAD := s.userValidator.GetAEAD(buffer.Bytes())
			
 
				+	user, foundAEAD, errorAEAD := s.userValidator.GetAEAD(buffer.Bytes())
			
 
				 
			
 
				 	var fixedSizeAuthID [16]byte
			
 
				 	copy(fixedSizeAuthID[:], buffer.Bytes())
			
@@ -185,7 +185,7 @@ func (s *ServerSession) DecodeRequestHeader(reader io.Reader) (*protocol.Request
 
				 		}
			
 
				 		decryptor = bytes.NewReader(aeadData)
			
 
				 		s.isAEADRequest = true
			
 
				-	} else if !s.isAEADForced {
			
 
				+	} else if !s.isAEADForced && errorAEAD == vmessaead.ErrNotFound {
			
 
				 		userLegacy, timestamp, valid, userValidationError := s.userValidator.Get(buffer.Bytes())
			
 
				 		if !valid || userValidationError != nil {
			
 
				 			return nil, drainConnection(newError("invalid user").Base(userValidationError))
			
@@ -197,7 +197,7 @@ func (s *ServerSession) DecodeRequestHeader(reader io.Reader) (*protocol.Request
 
				 		aesStream := crypto.NewAesDecryptionStream(vmessAccount.ID.CmdKey(), iv[:])
			
 
				 		decryptor = crypto.NewCryptionReader(aesStream, reader)
			
 
				 	} else {
			
 
				-		return nil, drainConnection(newError("invalid user"))
			
 
				+		return nil, drainConnection(newError("invalid user").Base(errorAEAD))
			
 
				 	}
			
 
				 
			
 
				 	readSizeRemain -= int(buffer.Len())
			
--- a/proxy/vmess/validator.go
+++ b/proxy/vmess/validator.go
@@ -168,7 +168,7 @@ func (v *TimedUserValidator) Get(userHash []byte) (*protocol.MemoryUser, protoco
 
				 	return nil, 0, false, ErrNotFound
			
 
				 }
			
 
				 
			
 
				-func (v *TimedUserValidator) GetAEAD(userHash []byte) (*protocol.MemoryUser, bool) {
			
 
				+func (v *TimedUserValidator) GetAEAD(userHash []byte) (*protocol.MemoryUser, bool, error) {
			
 
				 	defer v.RUnlock()
			
 
				 	v.RLock()
			
 
				 	var userHashFL [16]byte
			
@@ -176,9 +176,9 @@ func (v *TimedUserValidator) GetAEAD(userHash []byte) (*protocol.MemoryUser, boo
 
				 
			
 
				 	userd, err := v.aeadDecoderHolder.Match(userHashFL)
			
 
				 	if err != nil {
			
 
				-		return nil, false
			
 
				+		return nil, false, err
			
 
				 	}
			
 
				-	return userd.(*protocol.MemoryUser), true
			
 
				+	return userd.(*protocol.MemoryUser), true, err
			
 
				 }
			
 
				 
			
 
				 func (v *TimedUserValidator) Remove(email string) bool {