mirror of
https://github.com/simplex-chat/simplex-chat.git
synced 2026-05-03 11:58:00 +00:00
sh
01906ae1b2
* android, desktop: fix link previews bypassing SOCKS proxy getLinkPreview used Jsoup.connect() and URL.openStream() directly, bypassing the configured SOCKS proxy. Both the HTML fetch and image download now route through the proxy when one is configured. If the proxy address is misconfigured (unparseable port), the preview is cancelled and the user is alerted rather than falling back to a direct connection. When enabling SOCKS proxy with link previews active, or enabling link previews while SOCKS is active, the user is warned that DNS lookups may still occur locally and given the option to disable previews. Updates the SOCKS proxy limitations notice to clarify that calls cannot be proxied, and highlights it in warning colour. Note: DNS lookups may still occur locally before the SOCKS connection is established. Full SOCKS5h hostname forwarding is a separate follow-up. * android, desktop: fix SOCKS proxy parser, auth credentials, and repeated alert in link previews - Build proxy from typed NetworkProxy fields instead of parsing socksProxy string, fixing breakage on IPv6 hosts and USERNAME auth configurations - Register java.net.Authenticator for SOCKS5 credential negotiation (Java 21 SocksSocketImpl uses RequestorType.SERVER for this callback) - Remove per-keystroke invalid-proxy alert, which fired on every URL change for valid but unparseable proxy strings * ui: drop link preview SOCKS warnings and strings * ui: soften link preview alert when SOCKS is on Show the link previews opt-in alert in both SOCKS-on and SOCKS-off cases (previously skipped entirely when SOCKS was on). When SOCKS is on, use a softer description that mentions the proxy and the remaining local DNS lookup risk, and render the Disable button in primary colour instead of red. Also drop the link-previews caveat from the SOCKS limitations footer since previews now go through the proxy. * fix: harden socks proxy auth in link previews - Gate the SOCKS5 Authenticator on host:port match so destination 401 challenges no longer leak proxy credentials via the JDK auto-retry. - Snapshot Authenticator.getDefault() and restore in finally to stop leaking process-global state. - Mutex around getLinkPreview to serialize concurrent calls. - Generate a random UUID per call in ISOLATE mode for stream isolation. - Skip auth when USERNAME mode has empty username or password. * ui: shift red emphasis from Disable to Enable in link preview alert Disable is now always primary; Enable is red by default and primary when SOCKS is on. The dangerous action is enabling without proxy protection, not disabling. * ui: append SOCKS notice to link preview alert --------- Co-authored-by: iversonianGremling <24989959+iversonianGremling@users.noreply.github.com>