Client-to-Server Masking can make outbound traffic unpredictabe.

local.js

@@ -3,8 +3,7 @@ import fs from 'fs';
 import WebSocket, {createWebSocketStream} from 'ws';
 import parseArgs from 'minimist';
 import {HttpsProxyAgent} from 'https-proxy-agent';
-import {Encryptor} from './encrypt.js';
-import {inetNtoa, createTransform} from './utils.js';
+import {inetNtoa} from './utils.js';
 import {pipeline} from 'node:stream/promises';
 
 const options = {
@@ -75,7 +74,6 @@ var server = net.createServer(async (conn) => {
   server.getConnections(function (err, count) {
     console.log('concurrent connections:', count);
   });
-  const encryptor = new Encryptor(KEY, METHOD);
   let ws;
   let remoteAddr = null;
   let remotePort = null;
@@ -203,10 +201,8 @@ var server = net.createServer(async (conn) => {
   const wss = createWebSocketStream(ws);
   console.log(`connecting ${remoteAddr} via ${aServer}`);
 
-  const writable = createTransform(encryptor.encrypt.bind(encryptor));
-  writable.pipe(wss);
-  writable.write(data.subarray(3));
-  pipeline(conn, writable).catch(
+  wss.write(data.subarray(3));
+  pipeline(conn, wss).catch(
     (e) => e.name !== 'AbortError' && console.error(`local: ${e}`),
   );
   pipeline(wss, conn).catch(

server.js

@@ -3,8 +3,7 @@ import fs from 'fs';
 import http from 'http';
 import {WebSocketServer, createWebSocketStream} from 'ws';
 import parseArgs from 'minimist';
-import {Encryptor} from './encrypt.js';
-import {inetNtoa, createTransform} from './utils.js';
+import {inetNtoa} from './utils.js';
 import {pipeline} from 'node:stream/promises';
 
 const options = {
@@ -60,25 +59,21 @@ const wsserver = new WebSocketServer({
 
 wsserver.on('connection', async (ws) => {
   console.log('concurrent connections:', wsserver.clients.size);
-  const encryptor = new Encryptor(KEY, METHOD);
   let remoteAddr;
   let remotePort;
 
   ws.on('error', (err) => console.error(`server: ${err}`));
 
   const conn = createWebSocketStream(ws);
-  const readable = conn.pipe(
-    createTransform(encryptor.decrypt.bind(encryptor)),
-  );
-  readable.on('error', (e) => console.error(`server: ${e}`));
+  conn.on('error', (e) => console.error(`server: ${e}`));
 
-  let data = await readable.read();
+  let data = await conn.read();
   while (!data) {
     await new Promise((resolve, reject) => {
-      readable.once('readable', resolve);
+      conn.once('readable', resolve);
     });
 
-    data = await readable.read();
+    data = await conn.read();
   }
 
   let headerLength = 2;
@@ -131,7 +126,7 @@ wsserver.on('connection', async (ws) => {
     remote.write(data.subarray(headerLength));
   }
 
-  pipeline(readable, remote).catch(
+  pipeline(conn, remote).catch(
     (e) => e.name !== 'AbortError' && console.error(`server: ${e}`),
   );
   pipeline(remote, conn).catch(

utils.js

@@ -1,5 +1,3 @@
-import {Transform} from 'node:stream';
-
 export function inetNtoa(family, buf) {
   if (family === 4) return buf[0] + '.' + buf[1] + '.' + buf[2] + '.' + buf[3];
   else if (family === 6) {
@@ -10,29 +8,3 @@ export function inetNtoa(family, buf) {
     return addr.join(':');
   }
 }
-
-export function memoize(func) {
-  const cache = {};
-
-  return function (...args) {
-    const key = args.join('');
-    if (cache[key]) return cache[key];
-
-    const result = func.apply(this, args);
-    cache[key] = result;
-
-    return result;
-  };
-}
-
-export function createTransform(withFn) {
-  return new Transform({
-    transform(chunk, encoding, callback) {
-      try {
-        callback(null, withFn(chunk));
-      } catch (err) {
-        callback(err);
-      }
-    },
-  });
-}