feat: add SOCKS5 proxy support to ProxyAgent #4385
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add comprehensive plan for implementing SOCKS5 proxy support in ProxyAgent. The plan covers RFC 1928 protocol implementation, integration with existing architecture, authentication methods, and testing strategy. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Matteo Collina <hello@matteocollina.com>
Add core SOCKS5 protocol implementation including: - Core SOCKS5 client with connection establishment and authentication - SOCKS5 utilities for protocol constants and message handling - Authentication module supporting both no-auth and username/password - Proxy wrapper dispatcher for SOCKS5 integration - Updated error classes with Socks5ProxyError - Updated symbols with kSocks5ProxyAgent - Comprehensive test suite for client and utilities - Docker compose setup with Dante SOCKS5 server for testing - Updated implementation plan with Docker testing phase This implements the core SOCKS5 protocol as outlined in RFC 1928 and prepares the foundation for ProxyAgent integration. Refs: #2224
- Add critical architectural requirement for Pool-based connection management - Document current implementation issues with Client usage - Specify required changes for proper connection pooling - Ensure consistency with Undici's architectural patterns - Fix linting issues in test files 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
Integrate SOCKS5 proxy support into the existing ProxyAgent class: - Add SOCKS5 protocol detection (socks5: and socks: schemes) - Use Socks5ProxyWrapper for SOCKS5 connections instead of HTTP CONNECT - Properly handle SOCKS5 proxy lifecycle (no proxy client needed) - Pass through authentication credentials to SOCKS5 wrapper - Disable CONNECT tunneling for SOCKS5 proxies This completes Phase 2 of the SOCKS5 implementation. Note: Current implementation has architectural limitation requiring Pool dispatcher instead of Client for proper connection lifecycle management. Resolves: #4260
- Switch from Client to Pool architecture for better connection management - Add proper connection pooling and reuse for SOCKS5 tunneled connections - Improve timeout handling for authentication and connection establishment - Fix state checking logic for NO_AUTH authentication method - Enhance error handling throughout the SOCKS5 connection process 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
…roxy - Add complete TypeScript definitions for Socks5ProxyWrapper and Socks5Client - Include SOCKS5 constants and error types in TypeScript definitions - Export Socks5ProxyWrapper from main entry points - Add comprehensive integration tests covering: - Basic HTTP connections through SOCKS5 proxy - Authentication with username/password - Multiple requests through same proxy instance - Connection pooling and reuse - Error handling for proxy failures - URL parsing edge cases - Add enhanced test SOCKS5 server supporting authentication - Skip HTTPS test temporarily (TLS option passing needs refinement) 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Add complete API documentation for Socks5ProxyWrapper class - Include detailed usage examples with authentication, pooling, and error handling - Add SOCKS5 proxy examples file with various use cases - Update docsify sidebar to include SOCKS5 proxy documentation - Mention SOCKS5 proxy support in README feature list - Document protocol support, security considerations, and compatibility 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Fix spacing and formatting in example files - Remove unused imports in test files - Standardize TypeScript definition formatting Signed-off-by: Claude <noreply@anthropic.com>
Resolve merge conflicts in: - lib/core/errors.js (added MaxOriginsReachedError alongside Socks5ProxyError) - lib/dispatcher/proxy-agent.js (added diagnostics channels import) - types/errors.d.ts (added MaxOriginsReachedError alongside Socks5ProxyError) - types/index.d.ts (merged new exports: RoundRobinPool, cacheStores, install) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: Matteo Collina <hello@matteocollina.com>
- Refactor buildConnectRequest to use parseAddress utility from socks5-utils - Implement proper IPv6 address parsing in handleConnectResponse - Update documentation to reflect IPv6 full support 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: Matteo Collina <hello@matteocollina.com>
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #4385 +/- ##
==========================================
- Coverage 92.85% 92.35% -0.51%
==========================================
Files 109 113 +4
Lines 33809 34870 +1061
==========================================
+ Hits 31395 32203 +808
- Misses 2414 2667 +253 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
- Move docker-compose.yml to test/fixtures/docker/ for better organization - Update paths in docker-compose.yml to be relative to new location - Remove deprecated version attribute from docker-compose.yml - Fix REQUIRE_AUTH and PROXY_PASSWORD environment variables for go-socks5-proxy - Fix ProxyAgent.close() and destroy() to handle null kClient for SOCKS5 proxies 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: Matteo Collina <hello@matteocollina.com>
🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: Matteo Collina <hello@matteocollina.com>
…al warning - Rename class from Socks5ProxyWrapper to Socks5Agent for consistency with other agents - Add experimental warning on first use of Socks5Agent - Update all imports, exports, types, docs, and tests - Rename files accordingly 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: Matteo Collina <hello@matteocollina.com>
The dispatch, close, and destroy methods are inherited from Dispatcher and don't need to be redeclared. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: Matteo Collina <hello@matteocollina.com>
Extract duplicated TestSocks5Server class from test files into test/fixtures/socks5-test-server.js for reuse. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: Matteo Collina <hello@matteocollina.com>
metcoder95
reviewed
Jan 4, 2026
|
|
||
| A SOCKS5 proxy wrapper class that implements the Dispatcher API. It enables HTTP requests to be routed through a SOCKS5 proxy server, providing connection tunneling and authentication support. | ||
|
|
||
| ## `new Socks5Agent(proxyUrl[, options])` |
Member
There was a problem hiding this comment.
Should we make the name explicit that is a Proxy?
From the name, it seems it just enables allows Sock5 support
Member
There was a problem hiding this comment.
Should we maybe keep this close to the sock5 implementation?
Maybe add it under the dispatchers folder
Comment on lines
+15
to
+20
| const AUTH_METHODS = { | ||
| NO_AUTH: 0x00, | ||
| GSSAPI: 0x01, | ||
| USERNAME_PASSWORD: 0x02, | ||
| NO_ACCEPTABLE: 0xFF | ||
| } |
Member
There was a problem hiding this comment.
This is repeated in the auth file?
Comment on lines
+226
to
+233
| const request = Buffer.alloc(3 + usernameBuffer.length + passwordBuffer.length) | ||
| request[0] = 0x01 // Sub-negotiation version | ||
| request[1] = usernameBuffer.length | ||
| usernameBuffer.copy(request, 2) | ||
| request[2 + usernameBuffer.length] = passwordBuffer.length | ||
| passwordBuffer.copy(request, 3 + usernameBuffer.length) | ||
|
|
||
| this.socket.write(request) |
Member
There was a problem hiding this comment.
Isn't this also handled similarly in auth's file?
| * SOCKS5 client implementation | ||
| * Handles SOCKS5 protocol negotiation and connection establishment | ||
| */ | ||
| class Socks5Client extends EventEmitter { |
Member
There was a problem hiding this comment.
Should we consider exposing the client itself?
| ...opts, | ||
| factory, | ||
| connect: async (opts, callback) => { | ||
| // For SOCKS5 proxies, the connection is handled by the Socks5ProxyWrapper |
Member
There was a problem hiding this comment.
Is this possible or just a safe guard?
Comment on lines
+35
to
+39
| export const COMMANDS: { | ||
| readonly CONNECT: 0x01; | ||
| readonly BIND: 0x02; | ||
| readonly UDP_ASSOCIATE: 0x03; | ||
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR implements comprehensive SOCKS5 proxy support for Undici's ProxyAgent, addressing the long-standing feature request in issue #2224.
Key Features
Usage
Files Added/Modified
lib/core/socks5-client.js- Core SOCKS5 client implementationlib/core/socks5-utils.js- Protocol utilities and constantslib/core/errors.js- SOCKS5-specific error typeslib/dispatcher/socks5-agent.js- Dispatcher for SOCKS5 proxieslib/dispatcher/proxy-agent.js- Extended to support SOCKS5 protocol detectiontypes/socks5-agent.d.ts- TypeScript definitionsdocs/docs/api/Socks5Agent.md- API documentationtest/socks5-*.js- Comprehensive test suitestest/fixtures/docker/docker-compose.yml- Docker setup for testingTesting
Standards Compliance
Backwards Compatibility
This implementation maintains full backwards compatibility with existing ProxyAgent functionality. HTTP CONNECT proxies continue to work unchanged.
Resolves
Resolves: #2224
Test Plan
Documentation
docs/docs/api/Socks5Agent.mddocs/examples/socks5-proxy.js🤖 Generated with Claude Code