| * | Forward PROXY v2 AUTHORITY end-to-end•••wscat now sits transparently in the untls → wscat → papod path:
on Accept, it parses any PROXY v2 header from upstream and stashes
the AUTHORITY TLV on the wrapped conn; on the downstream dial to
papod, it re-emits a PROXY v2 header with the same authority
before forwarding any WebSocket payload bytes.
A 5-second read deadline caps the parse window (so a slowloris
peer can't pin the accept goroutine), and Accept loops past
per-connection wrap errors — without that, an "nc -z" liveness
probe (open + close, zero bytes) bubbles up as EOF to
http.Server.Serve and panics the whole process.
When no PROXY header is present (e.g. the integration test stack
where binder speaks raw bytes) wscat skips the re-emit and lets
papod fall back to PAPOD_NETWORK_NAME.
Tests cover header build/parse roundtrip, the no-signature-pass-
through case, and header byte layout.
| EuAndreh | 9 days | 1 | -0/+63 |
