Added Regex destination matching

Author: ptjhuang

README.md

@@ -7,7 +7,13 @@ Simple socks5 server using go-socks5 with authentication options
 
 ## Start container with proxy
 
-```docker run -d --name socks5 -p 1080:1080 -e PROXY_USER=<PROXY_USER> -e PROXY_PASSWORD=<PROXY_PASSWORD>  serjs/go-socks5-proxy```
+```
+docker run -d --name socks5 -p 1080:1080 \
+    -e PROXY_USER=<PROXY_USER> \
+    -e PROXY_PASSWORD=<PROXY_PASSWORD> \
+    -e ALLOWED_DEST_FQDN=<REGEX_PATTERN> \
+    serjs/go-socks5-proxy
+```
 
 Leave `PROXY_USER` and `PROXY_PASSWORD` empty for skip authentication options while running socks5 server.
 
@@ -18,6 +24,7 @@ Leave `PROXY_USER` and `PROXY_PASSWORD` empty for skip authentication options wh
 |PROXY_USER|String|EMPTY|Set proxy user (also required existed PROXY_PASS)|
 |PROXY_PASSWORD|String|EMPTY|Set proxy password for auth, used with PROXY_USER|
 |PROXY_PORT|String|1080|Set listen port for application inside docker container|
+|ALLOWED_DEST_FQDN|String|EMPTY|Allowed destination address regular expression pattern. Default allows all.|
 |TZ|String|UTC|Set Timezone like in many common Operation Systems|
 
 ## Test running service

ruleset.go

@@ -0,0 +1,24 @@
+package main
+
+import (
+	"regexp"
+
+	"github.com/armon/go-socks5"
+	"golang.org/x/net/context"
+)
+
+// PermitDestAddrPattern returns a RuleSet which selectively allows addresses
+func PermitDestAddrPattern(pattern string) socks5.RuleSet {
+	return &PermitDestAddrPatternRuleSet{pattern}
+}
+
+// PermitDestAddrPatternRuleSet is an implementation of the RuleSet which
+// enables filtering supported destination address
+type PermitDestAddrPatternRuleSet struct {
+	AllowedFqdnPattern string
+}
+
+func (p *PermitDestAddrPatternRuleSet) Allow(ctx context.Context, req *socks5.Request) (context.Context, bool) {
+	match, _ := regexp.MatchString(p.AllowedFqdnPattern, req.DestAddr.FQDN)
+	return ctx, match
+}

server.go

@@ -9,9 +9,10 @@ import (
 )
 
 type params struct {
-	User     string `env:"PROXY_USER" envDefault:""`
-	Password string `env:"PROXY_PASSWORD" envDefault:""`
-	Port     string `env:"PROXY_PORT" envDefault:"1080"`
+	User            string `env:"PROXY_USER" envDefault:""`
+	Password        string `env:"PROXY_PASSWORD" envDefault:""`
+	Port            string `env:"PROXY_PORT" envDefault:"1080"`
+	AllowedDestFqdn string `env:"ALLOWED_DEST_FQDN" envDefault:""`
 }
 
 func main() {
@@ -23,7 +24,7 @@ func main() {
 	}
 
 	//Initialize socks5 config
-	socsk5conf := &socks5.Config{
+	socks5conf := &socks5.Config{
 		Logger: log.New(os.Stdout, "", log.LstdFlags),
 	}
 
@@ -32,10 +33,14 @@ func main() {
 			os.Getenv("PROXY_USER"): os.Getenv("PROXY_PASSWORD"),
 		}
 		cator := socks5.UserPassAuthenticator{Credentials: creds}
-		socsk5conf.AuthMethods = []socks5.Authenticator{cator}
+		socks5conf.AuthMethods = []socks5.Authenticator{cator}
 	}
 
-	server, err := socks5.New(socsk5conf)
+	if cfg.AllowedDestFqdn != "" {
+		socks5conf.Rules = PermitDestAddrPattern(cfg.AllowedDestFqdn)
+	}
+
+	server, err := socks5.New(socks5conf)
 	if err != nil {
 		log.Fatal(err)
 	}