aogg
diff --git a/‎.codebuddy/rules/common.mdc‎
Lines changed: 0 additions & 1 deletion b/‎.codebuddy/rules/common.mdc‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎.cursor/rules/common.mdc‎
Lines changed: 0 additions & 1 deletion b/‎.cursor/rules/common.mdc‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎README.md‎
Lines changed: 142 additions & 36 deletions b/‎README.md‎
Lines changed: 142 additions & 36 deletions
diff --git a/‎app/Listener/ApplicationLifecycleListener.php‎
Lines changed: 1 addition & 1 deletion b/‎app/Listener/ApplicationLifecycleListener.php‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/Protocol/ConnectionContext.php‎
Lines changed: 62 additions & 2 deletions b/‎app/Protocol/ConnectionContext.php‎
Lines changed: 62 additions & 2 deletions
@@ -21,7 +21,6 @@ provider:
 
 ## 文件组织
 - 每个功能模块保持单一职责
-- main入口文件, 其他文件放src去
 - 工具代码放/app/Helpers文件夹，文件名后缀要helper
 - 配置文件放到/config文件夹
 - 测试文件放/test
 
@@ -21,7 +21,6 @@ provider:
 
 ## 文件组织
 - 每个功能模块保持单一职责
-- main入口文件, 其他文件放src去
 - 工具代码放/app/Helpers文件夹，文件名后缀要helper
 - 配置文件放到/config文件夹
 - 测试文件放/test
 
@@ -1,63 +1,169 @@
-# Introduction
+# MySQL TLS 代理服务
 
-This is a skeleton application using the Hyperf framework. This application is meant to be used as a starting place for those looking to get their feet wet with Hyperf Framework.
+这是一个基于 Hyperf 框架的 MySQL 协议代理服务，支持 TLS/SSL 连接和代理层认证。客户端使用代理内配置的账号连接代理，代理使用写死的后端 MySQL 账号执行 SQL 并返回结果。
 
-# Requirements
+## 功能特性
 
-Hyperf has some requirements for the system environment, it can only run under Linux and Mac environment, but due to the development of Docker virtualization technology, Docker for Windows can also be used as the running environment under Windows.
+- ✅ **TLS/SSL 支持**: 支持客户端通过 `sslmode=require` 或 `sslmode=verify-*` 连接
+- ✅ **代理认证**: 客户端使用代理配置的账号进行认证，不直接使用后端 MySQL 账号
+- ✅ **统一后端账号**: 所有 SQL 都通过配置的固定 MySQL 账号执行
+- ✅ **连接池**: 自动管理后端 MySQL 连接池，提高性能
+- ✅ **SQL 日志**: 完整的 SQL 执行日志记录
+- ✅ **协议兼容**: 支持基本的 MySQL 协议，包括查询、预处理语句等
 
-The various versions of Dockerfile have been prepared for you in the [hyperf/hyperf-docker](https://github.com/hyperf/hyperf-docker) project, or directly based on the already built [hyperf/hyperf](https://hub.docker.com/r/hyperf/hyperf) Image to run.
+## 系统要求
 
-When you don't want to use Docker as the basis for your running environment, you need to make sure that your operating environment meets the following requirements:  
+- **PHP**: >= 8.1
+- **Swoole**: >= 5.0，支持 SSL (编译时需开启 `--enable-openssl`)
+- **扩展**: pdo_mysql, pcntl, json, openssl
+- **环境**: Linux/Mac/Windows (Docker)
 
- - PHP >= 8.1
- - Any of the following network engines
-   - Swoole PHP extension >= 5.0，with `swoole.use_shortname` set to `Off` in your `php.ini`
-   - Swow PHP extension >= 1.3
- - JSON PHP extension
- - Pcntl PHP extension
- - OpenSSL PHP extension （If you need to use the HTTPS）
- - PDO PHP extension （If you need to use the MySQL Client）
- - Redis PHP extension （If you need to use the Redis Client）
- - Protobuf PHP extension （If you need to use the gRPC Server or Client）
+## 快速开始
 
-# Installation using Composer
+### 1. 环境检查
 
-The easiest way to create a new Hyperf project is to use [Composer](https://getcomposer.org/). If you don't have it already installed, then please install as per [the documentation](https://getcomposer.org/download/).
+```bash
+# 检查 Swoole SSL 支持和其他环境要求
+php test/check_swoole_ssl.php
+```
 
-To create your new Hyperf project:
+### 2. 配置 SSL 证书
 
 ```bash
-composer create-project hyperf/hyperf-skeleton path/to/install
+# 创建证书目录
+mkdir -p runtime/certs
+
+# 生成自签名证书（生产环境请使用正式证书）
+openssl req -x509 -newkey rsa:4096 -keyout runtime/certs/server.key -out runtime/certs/server.crt -days 365 -nodes -subj '/CN=localhost'
+```
+
+### 3. 配置代理账号和后端 MySQL
+
+编辑 `config/autoload/proxy.php`：
+
+```php
+'proxy_accounts' => [
+    [
+        'username' => 'proxy_user',
+        'password' => 'proxy_pass',
+        'database' => '', // 空表示不限制数据库
+    ],
+],
+
+'backend_mysql' => [
+    'host' => 'mysql57',
+    'port' => 3306,
+    'username' => 'root',
+    'password' => 'root',
+    'database' => '',
+],
 ```
 
-If your development environment is based on Docker you can use the official Composer image to create a new Hyperf project:
+
+### 5. 测试连接
 
 ```bash
-docker run --rm -it -v $(pwd):/app composer create-project --ignore-platform-reqs hyperf/hyperf-skeleton path/to/install
+# 测试 SSL 连接和代理认证
+php test/ssl_test.php
+
+# 或使用 mysql 客户端
+mysql --ssl-mode=REQUIRED -h 127.0.0.1 -P 3317 -u proxy_user -p proxy_pass
 ```
 
-# Getting started
+## 配置说明
+
+### 代理账号配置
+
+在 `config/autoload/proxy.php` 中配置允许连接代理的账号：
+
+```php
+'proxy_accounts' => [
+    [
+        'username' => 'app_user',
+        'password' => 'secure_password',
+        'database' => 'app_db', // 可选，限制可访问的数据库
+    ],
+    [
+        'username' => 'admin',
+        'password' => 'admin_pass',
+        'database' => '', // 空字符串表示可访问任何数据库
+    ],
+],
+```
 
-Once installed, you can run the server immediately using the command below.
+### 后端 MySQL 配置
 
-```bash
-cd path/to/install
-php bin/hyperf.php start
+配置代理用于连接真实 MySQL 的账号：
+
+```php
+'backend_mysql' => [
+    'host' => 'mysql-server',
+    'port' => 3306,
+    'username' => 'service_account',
+    'password' => 'service_password',
+    'database' => '', // 默认数据库，可为空
+    'charset' => 'utf8mb4',
+    'tls' => false, // 是否对后端使用 TLS
+],
 ```
 
-Or if in a Docker based environment you can use the `docker-compose.yml` provided by the template:
+### SSL/TLS 配置
 
-```bash
-cd path/to/install
-docker-compose up
+```php
+'tls' => [
+    'server_cert' => BASE_PATH . '/runtime/certs/server.crt',
+    'server_key' => BASE_PATH . '/runtime/certs/server.key',
+    'ca_cert' => null, // 用于客户端证书验证
+    'require_client_cert' => false,
+],
+```
+
+## 架构说明
+
+```
+客户端 (mysql --ssl-mode=REQUIRED)
+    ↓ TLS 连接
+MySQL 代理 (端口 3317)
+├── 代理认证 (验证 proxy_accounts)
+├── SQL 执行 (使用 backend_mysql 账号)
+└── 结果返回 (MySQL 协议)
+    ↓
+真实 MySQL 服务器
 ```
 
-This will start the cli-server on port `9501`, and bind it to all network interfaces. You can then visit the site at `http://localhost:9501/` which will bring up Hyperf default home page.
+## 故障排除
+
+### 连接失败
+
+1. **检查服务状态**:
+   ```bash
+   php bin/hyperf.php status
+   ```
+
+2. **查看日志**:
+   ```bash
+   tail -f runtime/logs/hyperf.log
+   tail -f runtime/logs/connection.log
+   ```
+
+3. **测试证书**:
+   ```bash
+   openssl s_client -connect 127.0.0.1:3317 -servername localhost
+   ```
+
+### 常见问题
 
-## Hints
+- **SSL 连接失败**: 检查证书文件是否存在且可读
+- **认证失败**: 确认代理账号配置正确
+- **后端连接失败**: 检查后端 MySQL 服务器可访问性
+- **连接池耗尽**: 调整 `pool.size` 配置
 
-- A nice tip is to rename `hyperf-skeleton` of files like `composer.json` and `docker-compose.yml` to your actual project name.
-- Take a look at `config/routes.php` and `app/Controller/IndexController.php` to see an example of a HTTP entrypoint.
+## 开发说明
 
-**Remember:** you can always replace the contents of this README.md file to something that fits your project description.
+项目结构:
+- `App/Proxy/Protocol/` - MySQL 协议处理
+- `App/Proxy/Auth/` - 代理认证逻辑
+- `App/Proxy/Executor/` - 后端执行器
+- `App/Proxy/Pool/` - 连接池管理
+- `config/autoload/proxy.php` - 代理配置
+- `test/` - 测试脚本
@@ -64,7 +64,7 @@ public function process(object $event): void
             // 初始化连接池
             try {
                 $proxyService = $this->container->get(ProxyService::class);
-                $proxyService->initializeConnectionPool();
+                $proxyService->initialize();
 
                 $this->logger->info('连接池初始化完成', [
                     'event' => 'BeforeWorkerStart',
 
@@ -9,7 +9,7 @@
 
 class ConnectionContext
 {
-    private string $clientId;
+    private int $clientId;
     private string $clientIp;
     private int $clientPort;
     private ?Socket $mysqlSocket = null;
@@ -21,15 +21,25 @@ class ConnectionContext
     private bool $tlsEnabled = false;
     private ?string $clientTlsPeerCN = null;
     private ?Lock $socketLock = null;
+    private bool $authenticated = false;
+    private ?string $username = null;
+    private ?string $database = null;
+    private bool $sslRequested = false;
+    private string $authPluginData = '';
 
-    public function __construct(string $clientId, string $clientIp, int $clientPort)
+    public function __construct(int $clientId, string $clientIp, int $clientPort)
     {
         $this->clientId = $clientId;
         $this->clientIp = $clientIp;
         $this->clientPort = $clientPort;
     }
 
     public function getClientId(): string
+    {
+        return (string) $this->clientId;
+    }
+
+    public function getThreadId(): int
     {
         return $this->clientId;
     }
@@ -139,6 +149,56 @@ public function setClientTlsPeerCN(?string $clientTlsPeerCN): void
         $this->clientTlsPeerCN = $clientTlsPeerCN;
     }
 
+    public function isAuthenticated(): bool
+    {
+        return $this->authenticated;
+    }
+
+    public function setAuthenticated(bool $authenticated): void
+    {
+        $this->authenticated = $authenticated;
+    }
+
+    public function getUsername(): ?string
+    {
+        return $this->username;
+    }
+
+    public function setUsername(?string $username): void
+    {
+        $this->username = $username;
+    }
+
+    public function getDatabase(): ?string
+    {
+        return $this->database;
+    }
+
+    public function setDatabase(?string $database): void
+    {
+        $this->database = $database;
+    }
+
+    public function isSslRequested(): bool
+    {
+        return $this->sslRequested;
+    }
+
+    public function setSslRequested(bool $sslRequested): void
+    {
+        $this->sslRequested = $sslRequested;
+    }
+
+    public function getAuthPluginData(): string
+    {
+        return $this->authPluginData;
+    }
+
+    public function setAuthPluginData(string $authPluginData): void
+    {
+        $this->authPluginData = $authPluginData;
+    }
+
     public function __toString(): string
     {
         return sprintf('%s:%d', $this->clientIp, $this->clientPort);