bitreq: add SOCKS5 proxy support

Add SOCKS5 proxy support (RFC 1928) alongside existing HTTP CONNECT.
Targets are encoded per RFC 1928: IPv4 literals as ATYP 0x01, IPv6
literals as ATYP 0x04, and anything else as a domain name (ATYP 0x03)
with DNS resolution left to the proxy. The latter enables .onion
routing through Tor.

New public API:
- `Proxy::new_socks5(addr)` for unauthenticated SOCKS5. Accepts both
  `socks5://` and `socks5h://` URL schemes; both behave identically.
- `Proxy::new_socks5_with_credentials(addr, user, pass)` for RFC 1929
  username/password auth at construction.
- `Proxy::set_credentials(user, pass)` to mutate credentials on an
  existing `Proxy`. Takes `String` so callers can hand over an
  existing allocation. Lets a caller hold one `Proxy` and rotate
  credentials for Tor circuit isolation without rebuilding from URL.
  Length validation is kind-aware: SOCKS5 enforces RFC 1929's 1-255 /
  0-255 byte limits; HTTP Basic (RFC 7617) has no protocol-level limit.

Internally, both proxy kinds expose a single `handshake_sync` /
`handshake_async` entry point. The connection layer treats every
proxy uniformly and no longer branches on type. Sync and async
handshake bodies share protocol logic via two `macro_rules!` macros
that template over `.await` insertion.

Motivation: ldk-node needs to route HTTP calls (RGS, scoring) through
Tor's SOCKS proxy. See lightningdevkit/ldk-node#834.

Tests cover SOCKS5 parsing and credentials (including empty-user and
length-limit edge cases per proxy kind), SOCKS5 mock-server handshakes
(success, .onion, server rejection, port encoding, domain length,
IPv4/IPv6 literal ATYP encoding, credential auth, rejection, no-auth,
rotation), and HTTP CONNECT mock-server handshakes through the
polymorphic dispatcher.

Author: heyjoe127

bitreq/README.md

@@ -7,10 +7,29 @@ This crate is a fork for the very nice
 rename it because I wanted to totally gut it and provide a crate with
 different goals. Many thanks to the original author.
 
-Simple, minimal-dependency HTTP client. Optional features for http
-proxies (`proxy`), async support (`async`, `async-https`), and https
-with various TLS implementations (`https-rustls`, `https-rustls-probe`,
-and `https` which is an alias for `https-rustls`).
+Simple, minimal-dependency HTTP client. Optional features for HTTP
+proxies and SOCKS5 proxies (`proxy`), async support (`async`,
+`async-https`), and https with various TLS implementations
+(`https-rustls`, `https-rustls-probe`, and `https` which is an alias
+for `https-rustls`).
+
+### Proxy Support
+
+The `proxy` feature enables both HTTP CONNECT and SOCKS5 proxies:
+
+```rust
+// HTTP CONNECT proxy
+let proxy = bitreq::Proxy::new_http("http://proxy.example.com:8080").unwrap();
+let response = bitreq::get("http://example.com").with_proxy(proxy).send();
+
+// SOCKS5 proxy (e.g., Tor)
+let proxy = bitreq::Proxy::new_socks5("127.0.0.1:9050").unwrap();
+let response = bitreq::get("http://example.com").with_proxy(proxy).send();
+```
+
+SOCKS5 proxies use domain-based addressing (RFC 1928 ATYP 0x03), so
+DNS resolution happens at the proxy. This is required for `.onion`
+routing through Tor.
 
 Without any optional features, my casual testing indicates about 100
 KB additional executable size for stripped release builds using this

bitreq/src/connection.rs

@@ -13,8 +13,6 @@ use std::sync::{Arc, Mutex};
 use std::task::{Context, Poll};
 use std::time::Instant;
 
-#[cfg(all(feature = "async", feature = "proxy"))]
-use tokio::io::AsyncReadExt;
 #[cfg(feature = "async")]
 use tokio::io::{AsyncRead, AsyncWrite, AsyncWriteExt, ReadHalf, WriteHalf};
 #[cfg(feature = "async")]
@@ -337,36 +335,8 @@ impl AsyncConnection {
         #[cfg(feature = "proxy")]
         match &params.proxy {
             Some(proxy) => {
-                // do proxy things
                 let mut tcp = Self::tcp_connect(&proxy.server, proxy.port).await?;
-
-                let proxy_request = proxy.connect(params.host, params.port);
-                tcp.write_all(proxy_request.as_bytes()).await?;
-                tcp.flush().await?;
-
-                // Max proxy response size to prevent unbounded memory allocation
-                const MAX_PROXY_RESPONSE_SIZE: usize = 16 * 1024;
-                let mut proxy_response = Vec::new();
-                let mut buf = [0; 256];
-
-                loop {
-                    let n = tcp.read(&mut buf).await?;
-                    if n == 0 {
-                        // EOF reached
-                        break;
-                    }
-                    proxy_response.extend_from_slice(&buf[..n]);
-                    if proxy_response.len() > MAX_PROXY_RESPONSE_SIZE {
-                        return Err(Error::ProxyConnect);
-                    }
-                    if n < buf.len() {
-                        // Partial read indicates end of response
-                        break;
-                    }
-                }
-
-                crate::Proxy::verify_response(&proxy_response)?;
-
+                proxy.handshake_async(&mut tcp, params.host, params.port).await?;
                 Ok(tcp)
             }
             None => Self::tcp_connect(params.host, params.port).await,
@@ -710,35 +680,8 @@ impl Connection {
         #[cfg(feature = "proxy")]
         match &params.proxy {
             Some(proxy) => {
-                // do proxy things
                 let mut tcp = Self::tcp_connect(&proxy.server, proxy.port, timeout_at)?;
-
-                write!(tcp, "{}", proxy.connect(params.host, params.port))?;
-                tcp.flush()?;
-
-                // Max proxy response size to prevent unbounded memory allocation
-                const MAX_PROXY_RESPONSE_SIZE: usize = 16 * 1024;
-                let mut proxy_response = Vec::new();
-                let mut buf = [0; 256];
-
-                loop {
-                    let n = tcp.read(&mut buf)?;
-                    if n == 0 {
-                        // EOF reached
-                        break;
-                    }
-                    proxy_response.extend_from_slice(&buf[..n]);
-                    if proxy_response.len() > MAX_PROXY_RESPONSE_SIZE {
-                        return Err(Error::ProxyConnect);
-                    }
-                    if n < buf.len() {
-                        // Partial read indicates end of response
-                        break;
-                    }
-                }
-
-                crate::Proxy::verify_response(&proxy_response)?;
-
+                proxy.handshake_sync(&mut tcp, params.host, params.port)?;
                 Ok(tcp)
             }
             None => Self::tcp_connect(params.host, params.port, timeout_at),