Fix V2Ray transport path validation behavior

transport/v2rayhttp/client.go

@@ -7,6 +7,7 @@ import (
 	"net"
 	"net/http"
 	"net/url"
+	"strings"
 	"time"
 
 	"github.com/sagernet/sing-box/adapter"
@@ -28,7 +29,7 @@ type Client struct {
 	serverAddr M.Socksaddr
 	transport  http.RoundTripper
 	http2      bool
-	url        *url.URL
+	requestURL url.URL
 	host       []string
 	method     string
 	headers    http.Header
@@ -58,33 +59,35 @@ func NewClient(ctx context.Context, dialer N.Dialer, serverAddr M.Socksaddr, opt
 			},
 		}
 	}
-	client := &Client{
+	if options.Method == "" {
+		options.Method = http.MethodPut
+	}
+	var requestURL url.URL
+	if tlsConfig == nil {
+		requestURL.Scheme = "http"
+	} else {
+		requestURL.Scheme = "https"
+	}
+	requestURL.Host = serverAddr.String()
+	requestURL.Path = options.Path
+	err := sHTTP.URLSetPath(&requestURL, options.Path)
+	if err != nil {
+		return nil, E.Cause(err, "parse path")
+	}
+	if !strings.HasPrefix(requestURL.Path, "/") {
+		requestURL.Path = "/" + requestURL.Path
+	}
+	return &Client{
 		ctx:        ctx,
 		dialer:     dialer,
 		serverAddr: serverAddr,
+		requestURL: requestURL,
 		host:       options.Host,
 		method:     options.Method,
 		headers:    options.Headers.Build(),
 		transport:  transport,
 		http2:      tlsConfig != nil,
-	}
-	if client.method == "" {
-		client.method = "PUT"
-	}
-	var uri url.URL
-	if tlsConfig == nil {
-		uri.Scheme = "http"
-	} else {
-		uri.Scheme = "https"
-	}
-	uri.Host = serverAddr.String()
-	uri.Path = options.Path
-	err := sHTTP.URLSetPath(&uri, options.Path)
-	if err != nil {
-		return nil, E.Cause(err, "parse path")
-	}
-	client.url = &uri
-	return client, nil
+	}, nil
 }
 
 func (c *Client) DialContext(ctx context.Context) (net.Conn, error) {
@@ -103,7 +106,7 @@ func (c *Client) dialHTTP(ctx context.Context) (net.Conn, error) {
 
 	request := &http.Request{
 		Method: c.method,
-		URL:    c.url,
+		URL:    &c.requestURL,
 		Header: c.headers.Clone(),
 	}
 	switch hostLen := len(c.host); hostLen {
@@ -123,7 +126,7 @@ func (c *Client) dialHTTP2(ctx context.Context) (net.Conn, error) {
 	request := &http.Request{
 		Method: c.method,
 		Body:   pipeInReader,
-		URL:    c.url,
+		URL:    &c.requestURL,
 		Header: c.headers.Clone(),
 	}
 	request = request.WithContext(ctx)

transport/v2rayhttpupgrade/server.go

@@ -65,7 +65,7 @@ func (s *Server) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
 		s.invalidRequest(writer, request, http.StatusBadRequest, E.New("bad host: ", host))
 		return
 	}
-	if !strings.HasPrefix(request.URL.Path, s.path) {
+	if request.URL.Path != s.path {
 		s.invalidRequest(writer, request, http.StatusNotFound, E.New("bad path: ", request.URL.Path))
 		return
 	}

transport/v2raywebsocket/server.go

@@ -33,6 +33,7 @@ type Server struct {
 	path                string
 	maxEarlyData        uint32
 	earlyDataHeaderName string
+	upgrader            ws.HTTPUpgrader
 }
 
 func NewServer(ctx context.Context, options option.V2RayWebsocketOptions, tlsConfig tls.ServerConfig, handler adapter.V2RayServerTransportHandler) (*Server, error) {
@@ -43,6 +44,10 @@ func NewServer(ctx context.Context, options option.V2RayWebsocketOptions, tlsCon
 		path:                options.Path,
 		maxEarlyData:        options.MaxEarlyData,
 		earlyDataHeaderName: options.EarlyDataHeaderName,
+		upgrader: ws.HTTPUpgrader{
+			Timeout: C.TCPTimeout,
+			Header:  options.Headers.Build(),
+		},
 	}
 	if !strings.HasPrefix(server.path, "/") {
 		server.path = "/" + server.path
@@ -79,6 +84,10 @@ func (s *Server) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
 			return
 		}
 	} else {
+		if request.URL.Path != s.path {
+			s.invalidRequest(writer, request, http.StatusNotFound, E.New("bad path: ", request.URL.Path))
+			return
+		}
 		earlyDataStr := request.Header.Get(s.earlyDataHeaderName)
 		if earlyDataStr != "" {
 			earlyData, err = base64.RawURLEncoding.DecodeString(earlyDataStr)