[Bug] Incorrect & Inconsistent IN-USER behaviour

[NyaMisty]

Verify steps

• I have read the documentation and understand the meaning of all configuration items I have written, avoiding a large number of seemingly useful options or default values.
• I have not reviewed the documentation and resolve this issue.
• I have not searched the Issue Tracker for the problem I am going to raise.
• I have tested with the latest Alpha branch version, and the issue still persists.
• I have provided server and client configuration files and processes that can reproduce the issue locally, rather than a desensitized complex client configuration file.
• I have provided the simplest configuration that can reproduce the error I reported, rather than relying on remote servers, TUN, graphical client interfaces, or other closed-source software.
• I have provided complete configuration files and logs, rather than providing only parts that I believe are useful due to confidence in my own intelligence.

Operating System

Linux

System Version

Ubuntu 22.04

Mihomo Version

Mihomo Meta v1.18.5 windows amd64 with go1.22.3 Sun May 19 08:49:31 UTC 2024
Use tags: with_gvisor

Configuration File

# minimal reproducing mihomo config
mixed-port: 11223
authentication:
- "test:test"

proxies:
- name: test
  type: http
  server: 127.0.0.1
  port: 7890

rules:
- IN-USER,test,DIRECT
- MATCH,test

Description

Currently the mihomo's IN-USER rule behaviour is pretty inconsistent.

There's several problem:

• like described in [Bug] skip-auth-prefixes 会导致 IN-USER 规则失效 #1232, when the authentication was skipped, the IN-USER rule won't apply. However, some handlers (like socks4 handler) still recognizes the user.
• when triggered multiple times, mihomo's authentication cache mechanism won't return the authenticated user (see

  mihomo/listener/http/proxy.go

  Line 155 in 917c5fd

  if !exist {

  ), causing the IN-USER rule failed to apply again.

Suggestion:

1. ALWAYS accept user authentication: socks4 & http proxy protocol can accept without additional negotiation (that is to say, client can send the authentication credential even if server does not request it), which will be super helpful for dividing different traffics.
2. Fix the faulty auth caching, by caching user identifier together with auth result.

Reproduction Steps

1. start mihomo
2. run curl -vv --proxy http://test:[email protected]:11223 https://baidu.com multiple times

Logs

E:\Temp>mihomo -d .
time="2024-06-21T05:06:46.9299213+08:00" level=info msg="Start initial configuration in progress"
time="2024-06-21T05:06:46.9860414+08:00" level=info msg="Geodata Loader mode: memconservative"
time="2024-06-21T05:06:46.993794+08:00" level=info msg="Geosite Matcher implementation: succinct"
time="2024-06-21T05:06:47.0490108+08:00" level=info msg="Initial configuration complete, total time: 64ms"
time="2024-06-21T05:06:47.0555917+08:00" level=info msg="Authentication of local server updated"
time="2024-06-21T05:06:47.0561355+08:00" level=info msg="Sniffer is closed"
time="2024-06-21T05:06:47.0577534+08:00" level=info msg="Mixed(http+socks) proxy listening at: 127.0.0.1:11223"
time="2024-06-21T05:06:47.0604412+08:00" level=info msg="Start initial Compatible provider default"
time="2024-06-21T05:06:49.5471656+08:00" level=info msg="[TCP] 127.0.0.1:57685 --> baidu.com:443 match InUser(test) using DIRECT"
time="2024-06-21T05:06:53.6018805+08:00" level=info msg="[TCP] 127.0.0.1:57753 --> baidu.com:443 match Match using test"
time="2024-06-21T05:06:54.4617014+08:00" level=info msg="[TCP] 127.0.0.1:57787 --> baidu.com:443 match Match using test"
time="2024-06-21T05:06:55.2210637+08:00" level=info msg="[TCP] 127.0.0.1:57808 --> baidu.com:443 match Match using test"
time="2024-06-21T05:08:54.7561212+08:00" level=warning msg="Mihomo shutting down"

[wwqgtxx]

fixed in 4051ea5