feat(client): add Websocket support to the Outline Client config (#2351)

Author: fortuna

client/config.md

@@ -70,6 +70,51 @@ transport:
   udp: *shared
 ```
 
+In case of blocking of "look-like-nothing" protocols like Shadowsocks, you can use Shadowsocks over Websockets. See the [server examnple configuration](https://github.com/Jigsaw-Code/outline-ss-server/blob/master/cmd/outline-ss-server/config_example.yml) on how to deploy it. A client configuration will look like:
+
+```yaml
+transport:
+  $type: tcpudp
+  tcp:
+    $type: shadowsocks
+    endpoint:
+        $type: websocket
+        url: wss://legendary-faster-packs-und.trycloudflare.com/SECRET_PATH/tcp
+    cipher: chacha20-ietf-poly1305
+    secret: SS_SECRET
+
+  udp:
+    $type: shadowsocks
+    endpoint:
+        $type: websocket
+        url: wss://legendary-faster-packs-und.trycloudflare.com/SECRET_PATH/udp
+    cipher: chacha20-ietf-poly1305
+    secret: SS_SECRET
+```
+
+Note that the Websocket endpoint can, in turn, take an endpoint, which can be leveraged to bypass DNS-based blocking:
+```yaml
+transport:
+  $type: tcpudp
+  tcp:
+    $type: shadowsocks
+    endpoint:
+        $type: websocket
+        url: wss://legendary-faster-packs-und.trycloudflare.com/SECRET_PATH/tcp
+        endpoint: cloudflare.net:443
+    cipher: chacha20-ietf-poly1305
+    secret: SS_SECRET
+
+  udp:
+    $type: shadowsocks
+    endpoint:
+        $type: websocket
+        url: wss://legendary-faster-packs-und.trycloudflare.com/SECRET_PATH/udp
+        endpoint: cloudflare.net:443
+    cipher: chacha20-ietf-poly1305
+    secret: SS_SECRET
+```
+
 ## Tunnels
 
 ### <a id=TunnelConfig></a>TunnelConfig
@@ -163,8 +208,10 @@ The _string_ Endpoint is the host:port address of the desired endpoint. The conn
 Supported Interface types for Stream and Packet Endpoints:
 
 - `dial`: [DialEndpointConfig](#DialEndpointConfig)
-<!-- - `shadowsocks`: [ShadowsocksConfig](#ShadowsocksConfig) -->
-<!-- - `websocket`: [WebsocketEndpointConfig](#WebsocketEndpointConfig) -->
+- `websocket`: [WebsocketEndpointConfig](#WebsocketEndpointConfig)
+<!-- TODO(fortuna): Add Shadowsocks endpoint
+- `shadowsocks`: [ShadowsocksConfig](#ShadowsocksConfig)
+-->
 
 ### <a id=DialEndpointConfig></a>DialEndpointConfig
 
@@ -177,6 +224,20 @@ Establishes connections by dialing a fixed address. It can take a dialer, which
 - `address` (_string_): the endpoint address to dial
 - `dialer` ([DialerConfig](#dialers)): the dialer to use to dial the address
 
+### <a id=WebsocketEndpointConfig></a>WebsocketEndpointConfig
+
+Tunnels stream and packet connections to an endpoint over Websockets.
+
+For stream connections, each write is turned into a Websocket message. For packet connections, each packet is turned into a Websocket message.
+
+**Format:** _struct_
+
+**Fields:**
+
+- `url` (_string_): the URL for the Websocket endpoint. The schema must be `https` or `wss` for Websocket over TLS, and `http` or `ws` for plaintext Websocket. 
+- `endpoint` ([EndpointConfig](#EndpointConfig)): the web server endpoint to connect to. If absent, is connects to the address specified in the URL.
+
+
 ## Dialers
 
 Dialers establishes connections given an endpoint address. There are Stream and Packet Dialers.

client/go/outline/client_test.go

@@ -194,8 +194,6 @@ func Test_NewTransport_Unsupported(t *testing.T) {
 	require.Equal(t, "unsupported config", result.Error.Message)
 }
 
-/*
-TODO: Add Websocket support
 func Test_NewTransport_Websocket(t *testing.T) {
 	config := `
 $type: tcpudp
@@ -218,7 +216,6 @@ udp:
 	require.Equal(t, firstHop, result.Client.sd.FirstHop)
 	require.Equal(t, firstHop, result.Client.pl.FirstHop)
 }
-*/
 
 func Test_NewClientFromJSON_Errors(t *testing.T) {
 	tests := []struct {

client/go/outline/config/config_websocket.go

@@ -0,0 +1,86 @@
+// Copyright 2025 The Outline Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package config
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"net/http"
+	"net/url"
+	"runtime"
+
+	"github.com/Jigsaw-Code/outline-sdk/transport"
+	"github.com/Jigsaw-Code/outline-sdk/x/websocket"
+)
+
+type WebsocketEndpointConfig struct {
+	URL      string
+	Endpoint any
+}
+
+func parseWebsocketStreamEndpoint(ctx context.Context, configMap map[string]any, parseSE ParseFunc[*Endpoint[transport.StreamConn]]) (*Endpoint[transport.StreamConn], error) {
+	return parseWebsocketEndpoint[transport.StreamConn](ctx, configMap, parseSE, websocket.NewStreamEndpoint)
+}
+
+func parseWebsocketPacketEndpoint(ctx context.Context, configMap map[string]any, parseSE ParseFunc[*Endpoint[transport.StreamConn]]) (*Endpoint[net.Conn], error) {
+	return parseWebsocketEndpoint[net.Conn](ctx, configMap, parseSE, websocket.NewPacketEndpoint)
+}
+
+type newWebsocketEndpoint[ConnType any] func(urlStr string, se transport.StreamEndpoint, opts ...websocket.Option) (func(context.Context) (ConnType, error), error)
+
+func parseWebsocketEndpoint[ConnType any](ctx context.Context, configMap map[string]any, parseSE ParseFunc[*Endpoint[transport.StreamConn]], newWE newWebsocketEndpoint[ConnType]) (*Endpoint[ConnType], error) {
+	var config WebsocketEndpointConfig
+	if err := mapToAny(configMap, &config); err != nil {
+		return nil, fmt.Errorf("invalid config format: %w", err)
+	}
+
+	url, err := url.Parse(config.URL)
+	if err != nil {
+		return nil, fmt.Errorf("url is invalid: %w", err)
+	}
+	port := url.Port()
+	if port == "" {
+		switch url.Scheme {
+		case "https", "wss":
+			url.Scheme = "wss"
+			port = "443"
+		case "http", "ws":
+			url.Scheme = "ws"
+			port = "80"
+		}
+	}
+
+	if config.Endpoint == nil {
+		config.Endpoint = net.JoinHostPort(url.Hostname(), port)
+	}
+	se, err := parseSE(ctx, config.Endpoint)
+	if err != nil {
+		return nil, fmt.Errorf("failed to parse websocket endpoint: %w", err)
+	}
+
+	headers := http.Header(map[string][]string{
+		"User-Agent": {fmt.Sprintf("Outline (%s; %s; %s)", runtime.GOOS, runtime.GOARCH, runtime.Version())},
+	})
+	connect, err := newWE(url.String(), transport.FuncStreamEndpoint(se.Connect), websocket.WithHTTPHeaders(headers))
+	if err != nil {
+		return nil, err
+	}
+
+	return &Endpoint[ConnType]{
+		ConnectionProviderInfo: se.ConnectionProviderInfo,
+		Connect:                connect,
+	}, nil
+}

client/go/outline/config/module.go

@@ -18,6 +18,7 @@ import (
 	"context"
 	"errors"
 	"net"
+	"runtime"
 
 	"github.com/Jigsaw-Code/outline-sdk/transport"
 )
@@ -111,14 +112,16 @@ func NewDefaultTransportProvider(tcpDialer transport.StreamDialer, udpDialer tra
 		return parseShadowsocksPacketListener(ctx, input, packetEndpoints.Parse)
 	})
 
-	// TODO: Websocket support.
-	// httpClient := http.DefaultClient
-	// streamEndpoints.RegisterSubParser("websocket", func(ctx context.Context, input map[string]any) (*Endpoint[transport.StreamConn], error) {
-	// 	return parseWebsocketStreamEndpoint(ctx, input, httpClient)
-	// })
-	// packetEndpoints.RegisterSubParser("websocket", func(ctx context.Context, input map[string]any) (*Endpoint[net.Conn], error) {
-	// 	return parseWebsocketPacketEndpoint(ctx, input, httpClient)
-	// })
+	// Websocket support.
+	// TODO: make it available on Windows.
+	if runtime.GOOS != "windows" {
+		streamEndpoints.RegisterSubParser("websocket", func(ctx context.Context, input map[string]any) (*Endpoint[transport.StreamConn], error) {
+			return parseWebsocketStreamEndpoint(ctx, input, streamEndpoints.Parse)
+		})
+		packetEndpoints.RegisterSubParser("websocket", func(ctx context.Context, input map[string]any) (*Endpoint[net.Conn], error) {
+			return parseWebsocketPacketEndpoint(ctx, input, streamEndpoints.Parse)
+		})
+	}
 
 	// Support distinct TCP and UDP configuration.
 	transports.RegisterSubParser("tcpudp", func(ctx context.Context, config map[string]any) (*TransportPair, error) {

go.mod

@@ -3,7 +3,8 @@ module github.com/Jigsaw-Code/outline-apps
 go 1.22.0
 
 require (
-	github.com/Jigsaw-Code/outline-sdk v0.0.14-0.20240216220040-f741c57bf854
+	github.com/Jigsaw-Code/outline-sdk v0.0.18-0.20241106233708-faffebb12629
+	github.com/Jigsaw-Code/outline-sdk/x v0.0.0-20250131142109-b32720fa2c3e
 	github.com/Wifx/gonetworkmanager/v2 v2.1.0
 	github.com/eycorsican/go-tun2socks v1.16.11
 	github.com/go-task/task/v3 v3.36.0
@@ -27,6 +28,7 @@ require (
 	github.com/godbus/dbus/v5 v5.1.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/google/licenseclassifier v0.0.0-20210722185704-3043a050f148 // indirect
+	github.com/gorilla/websocket v1.5.3 // indirect
 	github.com/inconshreveable/mousetrap v1.0.1 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/joho/godotenv v1.5.1 // indirect

go.sum

@@ -59,8 +59,12 @@ cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/Jigsaw-Code/outline-sdk v0.0.14-0.20240216220040-f741c57bf854 h1:SXp/tNjb70hpjF/MXAuLDkgCttlRA9qxLR7FCosGydg=
-github.com/Jigsaw-Code/outline-sdk v0.0.14-0.20240216220040-f741c57bf854/go.mod h1:9cEaF6sWWMzY8orcUI9pV5D0oFp2FZArTSyJiYtMQQs=
+github.com/Jigsaw-Code/outline-sdk v0.0.18-0.20241106233708-faffebb12629 h1:sHi1X4vwtNNBUDCbxynGXe7cM/inwTbavowHziaxlbk=
+github.com/Jigsaw-Code/outline-sdk v0.0.18-0.20241106233708-faffebb12629/go.mod h1:CFDKyGZA4zatKE4vMLe8TyQpZCyINOeRFbMAmYHxodw=
+github.com/Jigsaw-Code/outline-sdk/x v0.0.0-20250130191133-1f7340826841 h1:1tpY2KX6a9/1/uyN0riQVxQHqNthyAvzIhoWWmdYOBA=
+github.com/Jigsaw-Code/outline-sdk/x v0.0.0-20250130191133-1f7340826841/go.mod h1:9iEpNbKBsNU3WJs2XzhlI2AOf6DH018bjWxOC38o1Zc=
+github.com/Jigsaw-Code/outline-sdk/x v0.0.0-20250131142109-b32720fa2c3e h1:JN3TZFpi98BTw/CZuQWxovFsgqjQ79gGrbvZE1wFIIc=
+github.com/Jigsaw-Code/outline-sdk/x v0.0.0-20250131142109-b32720fa2c3e/go.mod h1:aFUEz6Z/eD0NS3c3fEIX+JO2D9aIrXCmWTb1zJFlItw=
 github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=
 github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
@@ -91,6 +95,8 @@ github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWH
 github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/coder/websocket v1.8.12 h1:5bUXkEPPIbewrnkU8LTCLVaxi4N4J8ahufH2vlo4NAo=
+github.com/coder/websocket v1.8.12/go.mod h1:LNVeNrXQZfe5qhS9ALED3uA+l5pPqvwXg3CKoDBB2gs=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
@@ -228,6 +234,8 @@ github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/Oth
 github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM=
 github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c=
 github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4=
+github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
+github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=