feat: make URLS to obtain proxy_secret, getProxyConfig, getProxyConfigV6 files optionally configurable

2026-04-19 19:44:11 +03:00 · 2026-04-17 12:23:17 +00:00
parent cd0771eee4
commit 2a168b2600
6 changed files with 106 additions and 11 deletions
--- a/src/config/types.rs
+++ b/src/config/types.rs
@@ -392,14 +392,26 @@ pub struct GeneralConfig {
    #[serde(default = "default_proxy_secret_path")]
    pub proxy_secret_path: Option<String>,

+    /// Optional custom URL for infrastructure secret (https://core.telegram.org/getProxySecret if absent).
+    #[serde(default)]
+    pub proxy_secret_url: Option<String>,
+
    /// Optional path to cache raw getProxyConfig (IPv4) snapshot for startup fallback.
    #[serde(default = "default_proxy_config_v4_cache_path")]
    pub proxy_config_v4_cache_path: Option<String>,

+    /// Optional custom URL for getProxyConfig (https://core.telegram.org/getProxyConfig if absent).
+    #[serde(default)]
+    pub proxy_config_v4_url: Option<String>,
+
    /// Optional path to cache raw getProxyConfigV6 snapshot for startup fallback.
    #[serde(default = "default_proxy_config_v6_cache_path")]
    pub proxy_config_v6_cache_path: Option<String>,

+    /// Optional custom URL for getProxyConfigV6 (https://core.telegram.org/getProxyConfigV6 if absent).
+    #[serde(default)]
+    pub proxy_config_v6_url: Option<String>,
+
    /// Global ad_tag (32 hex chars from @MTProxybot). Fallback when user has no per-user tag in access.user_ad_tags.
    #[serde(default)]
    pub ad_tag: Option<String>,
@@ -960,8 +972,11 @@ impl Default for GeneralConfig {
            use_middle_proxy: default_true(),
            ad_tag: None,
            proxy_secret_path: default_proxy_secret_path(),
+            proxy_secret_url: None,
            proxy_config_v4_cache_path: default_proxy_config_v4_cache_path(),
+            proxy_config_v4_url: None,
            proxy_config_v6_cache_path: default_proxy_config_v6_cache_path(),
+            proxy_config_v6_url: None,
            middle_proxy_nat_ip: None,
            middle_proxy_nat_probe: default_true(),
            middle_proxy_nat_stun: default_middle_proxy_nat_stun(),
--- a/src/maestro/me_startup.rs
+++ b/src/maestro/me_startup.rs
@@ -66,6 +66,7 @@ pub(crate) async fn initialize_me_pool(
        match crate::transport::middle_proxy::fetch_proxy_secret_with_upstream(
            proxy_secret_path,
            config.general.proxy_secret_len_max,
+            config.general.proxy_secret_url.as_deref(),
            Some(upstream_manager.clone()),
        )
        .await
@@ -126,7 +127,11 @@ pub(crate) async fn initialize_me_pool(
                .set_me_status(StartupMeStatus::Initializing, COMPONENT_ME_PROXY_CONFIG_V4)
                .await;
            let cfg_v4 = load_startup_proxy_config_snapshot(
-                "https://core.telegram.org/getProxyConfig",
+                config
+                    .general
+                    .proxy_config_v4_url
+                    .as_deref()
+                    .unwrap_or("https://core.telegram.org/getProxyConfig"),
                config.general.proxy_config_v4_cache_path.as_deref(),
                me2dc_fallback,
                "getProxyConfig",
@@ -158,7 +163,11 @@ pub(crate) async fn initialize_me_pool(
                .set_me_status(StartupMeStatus::Initializing, COMPONENT_ME_PROXY_CONFIG_V6)
                .await;
            let cfg_v6 = load_startup_proxy_config_snapshot(
-                "https://core.telegram.org/getProxyConfigV6",
+                config
+                    .general
+                    .proxy_config_v6_url
+                    .as_deref()
+                    .unwrap_or("https://core.telegram.org/getProxyConfigV6"),
                config.general.proxy_config_v6_cache_path.as_deref(),
                me2dc_fallback,
                "getProxyConfigV6",
--- a/src/transport/middle_proxy/config_updater.rs
+++ b/src/transport/middle_proxy/config_updater.rs
@@ -321,7 +321,14 @@ async fn run_update_cycle(
    let mut maps_changed = false;

    let mut ready_v4: Option<(ProxyConfigData, u64)> = None;
-    let cfg_v4 = retry_fetch("https://core.telegram.org/getProxyConfig", upstream.clone()).await;
+    let cfg_v4 = retry_fetch(
+        cfg.general
+            .proxy_config_v4_url
+            .as_deref()
+            .unwrap_or("https://core.telegram.org/getProxyConfig"),
+        upstream.clone(),
+    )
+    .await;
    if let Some(cfg_v4) = cfg_v4
        && snapshot_passes_guards(cfg, &cfg_v4, "getProxyConfig")
    {
@@ -346,7 +353,10 @@ async fn run_update_cycle(

    let mut ready_v6: Option<(ProxyConfigData, u64)> = None;
    let cfg_v6 = retry_fetch(
-        "https://core.telegram.org/getProxyConfigV6",
+        cfg.general
+            .proxy_config_v6_url
+            .as_deref()
+            .unwrap_or("https://core.telegram.org/getProxyConfigV6"),
        upstream.clone(),
    )
    .await;
@@ -430,6 +440,7 @@ async fn run_update_cycle(
        match download_proxy_secret_with_max_len_via_upstream(
            cfg.general.proxy_secret_len_max,
            upstream,
+            cfg.general.proxy_secret_url.as_deref()
        )
        .await
        {
--- a/src/transport/middle_proxy/secret.rs
+++ b/src/transport/middle_proxy/secret.rs
@@ -37,20 +37,21 @@ pub(super) fn validate_proxy_secret_len(data_len: usize, max_len: usize) -> Resu

 /// Fetch Telegram proxy-secret binary.
 #[allow(dead_code)]
-pub async fn fetch_proxy_secret(cache_path: Option<&str>, max_len: usize) -> Result<Vec<u8>> {
-    fetch_proxy_secret_with_upstream(cache_path, max_len, None).await
+pub async fn fetch_proxy_secret(cache_path: Option<&str>, max_len: usize, proxy_secret_url: Option<&str>) -> Result<Vec<u8>> {
+    fetch_proxy_secret_with_upstream(cache_path, max_len, proxy_secret_url, None).await
 }

 /// Fetch Telegram proxy-secret binary, optionally through upstream routing.
 pub async fn fetch_proxy_secret_with_upstream(
    cache_path: Option<&str>,
    max_len: usize,
+    proxy_secret_url: Option<&str>,
    upstream: Option<Arc<UpstreamManager>>,
 ) -> Result<Vec<u8>> {
    let cache = cache_path.unwrap_or("proxy-secret");

    // 1) Try fresh download first.
-    match download_proxy_secret_with_max_len_via_upstream(max_len, upstream).await {
+    match download_proxy_secret_with_max_len_via_upstream(max_len, upstream, proxy_secret_url).await {
        Ok(data) => {
            if let Err(e) = tokio::fs::write(cache, &data).await {
                warn!(error = %e, "Failed to cache proxy-secret (non-fatal)");
@@ -91,14 +92,19 @@ pub async fn fetch_proxy_secret_with_upstream(

 #[allow(dead_code)]
 pub async fn download_proxy_secret_with_max_len(max_len: usize) -> Result<Vec<u8>> {
-    download_proxy_secret_with_max_len_via_upstream(max_len, None).await
+    download_proxy_secret_with_max_len_via_upstream(max_len, None, None).await
 }

 pub async fn download_proxy_secret_with_max_len_via_upstream(
    max_len: usize,
    upstream: Option<Arc<UpstreamManager>>,
+    proxy_secret_url: Option<&str>,
 ) -> Result<Vec<u8>> {
-    let resp = https_get("https://core.telegram.org/getProxySecret", upstream).await?;
+    let resp = https_get(
+        proxy_secret_url.unwrap_or("https://core.telegram.org/getProxySecret"),
+        upstream,
+    )
+    .await?;

    if !(200..=299).contains(&resp.status) {
        return Err(ProxyError::Proxy(format!(