SUDP payload codec follows transport wireProtocol; same-protocol v1/v1 and v2/v2 keep raw join; only mixed proxy/visitor protocols use message-aware bridge; no new capability/selection field.
* auth/oidc: cache OIDC access token and refresh before expiry
- Use Config.TokenSource(ctx) once at init to create a persistent
oauth2.TokenSource that caches the token and only refreshes on expiry
- Wrap with oauth2.ReuseTokenSourceWithExpiry for configurable early refresh
- Add tokenRefreshAdvanceDuration config option (default: 300s)
- Add unit test verifying token caching with mock HTTP server
* address review comments
* auth/oidc: fallback to per-request token fetch when expires_in is missing
When an OIDC provider omits the expires_in field, oauth2.ReuseTokenSource
treats the cached token as valid forever and never refreshes it. This causes
server-side OIDC verification to fail once the JWT's exp claim passes.
Add a nonCachingTokenSource fallback: after fetching the initial token, if
its Expiry is the zero value, swap the caching TokenSource for one that
fetches a fresh token on every request, preserving the old behavior for
providers that don't return expires_in.
* auth/oidc: fix gosec lint and add test for zero-expiry fallback
Suppress G101 false positive on test-only dummy token responses.
Add test to verify per-request token fetch when expires_in is missing.
Update caching test to account for eager initial token fetch.
* fix lint
* test/e2e: replace sleeps with event-driven waits in chaos/group/store tests
Replace 21 time.Sleep calls with deterministic waiting using
WaitForOutput, WaitForTCPReady, and a new WaitForTCPUnreachable helper.
Add CountOutput method for snapshot-based incremental log matching.
* test/e2e: validate interval and cap dial/sleep to remaining deadline in WaitForTCPUnreachable
* test/e2e: replace RunProcesses client sleep with log-based proxy readiness detection
Replace the fixed 1500ms sleep in RunProcesses with event-driven proxy
registration detection by monitoring frpc log output for "start proxy
success" messages.
Key changes:
- Add thread-safe SafeBuffer to replace bytes.Buffer in Process, enabling
concurrent read/write of process output during execution
- Add Process.WaitForOutput() to poll process output for pattern matches
with timeout and early exit on process termination
- Add waitForClientProxyReady() that uses config.LoadClientConfig() to
extract proxy names, then waits for each proxy's success log
- For visitor-only clients (no deterministic readiness signal), fall back
to the original sleep with elapsed time deducted
* test/e2e: use shared deadline for proxy readiness and fix doc comment
- Use a single deadline in waitForClientProxyReady so total wait across
all proxies does not exceed the given timeout
- Fix WaitForOutput doc comment to accurately describe single pattern
with count semantics
* test/e2e: optimize RunFrps/RunFrpc with process exit detection
Refactor Process to track subprocess lifecycle via a done channel,
replacing direct cmd.Wait() in Stop() to avoid double-Wait races.
RunFrps/RunFrpc now use select on the done channel instead of fixed
sleeps, allowing short-lived processes (verify, startup failures) to
return immediately while preserving existing timeout behavior for
long-running daemons.
* test/e2e: guard Process against double-Start and Stop-before-Start
Add started flag to prevent double-Start panics and allow Stop to
return immediately when the process was never started. Use sync.Once
for closing the done channel as defense-in-depth against double close.
Replace the fixed 500ms sleep after each frps startup in RunProcesses
with a TCP dial-based readiness check that polls the server bind port.
This reduces the e2e suite wall time from ~97s to ~43s.
Also simplify the RunProcesses API to accept a single server template
string instead of a slice, matching how every call site uses it.
Remove 4 redundant pointer map write-backs in OpenConnection,
CloseConnection, AddTrafficIn, and AddTrafficOut since the map stores
pointers and mutations are already visible without reassignment.
Optimize GetProxiesByTypeAndName from O(n) full map scan to O(1) direct
map lookup by proxy name.
Extract two shared helpers to eliminate duplicated code across STCP,
SUDP, and XTCP visitors:
- dialRawVisitorConn: handles ConnectServer + NewVisitorConn handshake
(auth, sign key, 10s read deadline, error check)
- wrapVisitorConn: handles encryption + pooled compression wrapping,
returning a recycleFn for pool resource cleanup
SUDP is upgraded from WithCompression to WithCompressionFromPool,
aligning with the pooled compression used by STCP and XTCP.
Extract closeProxy() helper to eliminate duplicated 4-step cleanup
sequence (Close, PxyManager.Del, metrics, plugin notify) between
worker() and CloseProxy().
Extract loginUserInfo() helper to eliminate 4 repeated plugin.UserInfo
constructions using LoginMsg fields.
Optimize worker() to snapshot and clear the proxies map under lock,
then perform cleanup outside the lock to reduce lock hold time.
Replace 10 positional parameters in NewControl() with a single
SessionContext struct, matching the client-side pattern. This also
eliminates the post-construction mutation of clientRegistry and
removes two TODO comments.
