feat: Add SOCKS5 Proxy Support with Bootstrap Only Mode

INTERNALBUILDS.md

@@ -91,6 +91,8 @@ yarn build # transpile and assemble files
 yarn build-release
 ```
 
+> Release packaging will rebuild `libsession_util_nodejs` if its native binary is missing, so ensure your toolchain (cmake, compiler, etc.) is available before running `yarn build-release`.
+
 The binaries will be placed inside the `release/` folder.
 
 <details>

SOCKS_PROXY_PATCH.md

@@ -0,0 +1,146 @@
+# SOCKS5 Proxy Support Patch for Session Desktop
+
+This patch adds full SOCKS5 proxy support to Session Desktop, allowing all application traffic (including onion requests) to be routed through a SOCKS proxy server.
+
+## Features
+
+- ✅ SOCKS5 proxy support with authentication
+- ✅ Proper timeout handling for proxy connections (30s vs 5s for direct)
+- ✅ TLS/SSL certificate validation through proxy
+- ✅ Certificate pinning preservation
+- ✅ Agent caching for performance optimization
+- ✅ Detailed error logging for debugging
+- ✅ UI for proxy configuration in Settings
+- ✅ Auto-updater disabled when proxy is enabled (prevents traffic leaks)
+
+## Changes Summary
+
+### Critical Changes (Required for functionality)
+
+1. **InsecureNodeFetch.ts** - Core proxy implementation
+   - `SocksProxyAgentWithTls` class for TLS options propagation
+   - Proxy agent priority over sslAgent
+   - TLS options extraction from original agent
+   - Agent caching with TLS configuration support
+
+2. **SeedNodeAPI.ts** - Timeout adjustment
+   - Increased timeout from 5s to 30s when proxy is enabled
+
+3. **onionPath.ts** - Timeout adjustment
+   - Increased timeout from 10s to 30s when proxy is enabled
+
+### Optional Improvements
+
+4. **Enhanced error logging** - Better debugging capabilities
+5. **Patch stamp tracking** - Version verification tool
+6. **Agent caching** - Performance optimization
+
+## Security Considerations
+
+- TLS settings are extracted from the original `sslAgent` and preserved through the proxy
+- Certificate pinning continues to work through SOCKS proxy
+- `rejectUnauthorized` is only set to `false` if it was already disabled in the original agent
+- No security regression for production seed nodes
+- **Auto-updater is disabled when proxy is enabled** to prevent traffic leaks
+  - electron-updater uses native HTTP clients that bypass our proxy configuration
+  - Users must update manually when using proxy mode
+  - This ensures 100% traffic routing through proxy with no leaks
+
+## Installation
+
+### Apply the patch:
+
+```bash
+cd ~/Nextcloud/WORKSPACE/PROJECTS/session-desktop
+git apply socks-proxy-support.patch
+```
+
+### Build and install:
+
+```bash
+# Build the application
+PATH=~/.nvm/versions/node/v20.18.2/bin:/bin:/usr/bin:$PATH npx yarn build
+
+# Build release package
+PATH=~/.nvm/versions/node/v20.18.2/bin:/bin:/usr/bin:$PATH \
+  NODE_OPTIONS='--max-old-space-size=8192' \
+  npx yarn build-release
+
+# Install the package
+sudo dpkg -i release/session-desktop-linux-amd64-1.17.5.deb
+```
+
+## Usage
+
+1. Open Session Desktop
+2. Go to **Settings** → **Proxy**
+3. Enable proxy and configure:
+   - **Proxy Server**: Your SOCKS5 proxy address (e.g., 192.168.1.254)
+   - **Port**: SOCKS5 proxy port (e.g., 1080)
+   - **Username** (optional): For authenticated proxies
+   - **Password** (optional): For authenticated proxies
+4. Click **Save**
+
+**⚠️ Important Notes:**
+- **Auto-updates are disabled** when proxy is enabled to prevent traffic leaks
+- To update Session Desktop while using proxy, download new version manually from GitHub Releases
+- All application traffic (messages, media, metadata) routes through proxy
+- Disable proxy to re-enable auto-updates
+
+## Testing
+
+To verify the proxy is working, check the logs:
+
+```bash
+tail -f ~/.config/Session/logs/app.log | grep -i "proxy"
+```
+
+You should see:
+- `Creating new SOCKS5 agent` on first connection
+- `Using cached agent` on subsequent connections
+- No `self signed certificate` errors
+- Successful connections through proxy
+
+## Files Modified
+
+- `ts/session/utils/InsecureNodeFetch.ts` - Core proxy logic
+- `ts/session/apis/seed_node_api/SeedNodeAPI.ts` - Timeout adjustment
+- `ts/session/onions/onionPath.ts` - Timeout adjustment
+- `ts/components/dialog/user-settings/pages/ProxySettingsPage.tsx` - UI component
+- `ts/data/settings-key.ts` - Proxy settings keys
+- `ts/state/ducks/modalDialog.tsx` - Modal state
+- `_locales/en/messages.json` - Localization strings
+- `_locales/ru/messages.json` - Russian localization
+- `package.json` - Dependencies (socks-proxy-agent, etc.)
+
+## Dependencies Added
+
+- `socks-proxy-agent` - SOCKS5 proxy support
+- `socks` - SOCKS protocol implementation
+- `smart-buffer` - Buffer utilities for SOCKS
+
+## Troubleshooting
+
+### Timeouts after 30 seconds
+- Check if your SOCKS proxy is accessible
+- Verify proxy address and port are correct
+- Test proxy with curl: `curl --socks5 host:port https://example.com`
+
+### Self-signed certificate errors
+- Ensure you're not using a local devnet with custom certificates
+- Check if the issue occurs without proxy (to isolate the problem)
+
+### Connection works without proxy but fails with proxy
+- Verify SOCKS5 proxy supports HTTPS/TLS connections
+- Check proxy logs for connection attempts
+- Enable debug logging in Session to see detailed errors
+
+## Credits
+
+Patch created: 2025-12-23
+Session Desktop version: 1.17.5
+Node.js version: 20.18.2
+
+## License
+
+This patch maintains the same license as Session Desktop (GPL-3.0).

_locales/en/messages.json

@@ -1049,6 +1049,26 @@
   "proUserProfileModalCallToAction": "Want to get more out of Session?<br/>Upgrade to Session Pro Beta for a more powerful messaging experience.",
   "processingRefundRequest": "{platform} is processing your refund request",
   "profile": "Profile",
+  "proxyAuthPassword": "Password (optional)",
+  "proxyAuthUsername": "Username (optional)",
+  "proxyBootstrapOnly": "Bootstrap Only",
+  "proxyBootstrapOnlyDescription": "Use proxy only for handshake (initial connection phase). All other traffic will be sent directly.",
+  "proxyDescription": "Configure a SOCKS5 proxy to route all application traffic, including onion requests, through a proxy server. This can help bypass network restrictions and Deep Packet Inspection (DPI).",
+  "proxyEnabled": "Enable Proxy",
+  "proxyHost": "Proxy Server",
+  "proxyHostPlaceholder": "e.g. 127.0.0.1 or proxy.example.com",
+  "proxyPort": "Port",
+  "proxyPortPlaceholder": "e.g. 1080",
+  "proxySettings": "Proxy Settings",
+  "proxySaved": "Proxy settings saved",
+  "proxySavedDescription": "Your proxy settings have been saved and applied.",
+  "proxyTestConnection": "Test Connection",
+  "proxyTestFailed": "Proxy connection test failed",
+  "proxyTestFailedDescription": "Unable to connect through the proxy. Please check your settings.",
+  "proxyTestSuccess": "Proxy connection successful",
+  "proxyTestSuccessDescription": "Successfully connected through the proxy server.",
+  "proxyValidationErrorHost": "Please enter a valid proxy server address",
+  "proxyValidationErrorPort": "Please enter a valid port number (1-65535)",
   "profileDisplayPicture": "Display Picture",
   "profileDisplayPictureRemoveError": "Failed to remove display picture.",
   "profileDisplayPictureSet": "Set Display Picture",
@@ -1178,6 +1198,7 @@
   "sessionPermissions": "Permissions",
   "sessionPrivacy": "Privacy",
   "sessionProBeta": "Session Pro Beta",
+  "sessionProxy": "Proxy",
   "sessionRecoveryPassword": "Recovery Password",
   "sessionSettings": "Settings",
   "set": "Set",

_locales/ru/messages.json

@@ -826,6 +826,26 @@
   "proMessageInfoFeatures": "Это сообщение использовало следующие функции Session Pro:",
   "proSendMore": "Отправить еще с",
   "profile": "Профиль",
+  "proxyAuthPassword": "Пароль (опционально)",
+  "proxyAuthUsername": "Имя пользователя (опционально)",
+  "proxyBootstrapOnly": "Только фаза подключения",
+  "proxyBootstrapOnlyDescription": "Использовать прокси только для handshake (начальной фазы подключения). Весь остальной трафик будет передаваться напрямую.",
+  "proxyDescription": "Настройка SOCKS5 прокси для маршрутизации всего трафика приложения, включая onion-запросы, через прокси-сервер. Это может помочь обойти сетевые ограничения и глубокую проверку пакетов (DPI).",
+  "proxyEnabled": "Включить прокси",
+  "proxyHost": "Прокси-сервер",
+  "proxyHostPlaceholder": "например 127.0.0.1 или proxy.example.com",
+  "proxyPort": "Порт",
+  "proxyPortPlaceholder": "например 1080",
+  "proxySettings": "Настройки прокси",
+  "proxySaved": "Настройки прокси сохранены",
+  "proxySavedDescription": "Ваши настройки прокси были сохранены и применены.",
+  "proxyTestConnection": "Проверить соединение",
+  "proxyTestFailed": "Проверка подключения прокси не удалась",
+  "proxyTestFailedDescription": "Не удалось подключиться через прокси. Проверьте настройки.",
+  "proxyTestSuccess": "Подключение через прокси успешно",
+  "proxyTestSuccessDescription": "Успешно подключено через прокси-сервер.",
+  "proxyValidationErrorHost": "Пожалуйста, введите корректный адрес прокси-сервера",
+  "proxyValidationErrorPort": "Пожалуйста, введите корректный номер порта (1-65535)",
   "profileDisplayPicture": "Изображение профиля",
   "profileDisplayPictureRemoveError": "Не удалось удалить изображение профиля.",
   "profileDisplayPictureSet": "Установить изображение профиля",
@@ -935,6 +955,7 @@
   "sessionNotifications": "Уведомления",
   "sessionPermissions": "Разрешения",
   "sessionPrivacy": "Конфиденциальность",
+  "sessionProxy": "Прокси",
   "sessionRecoveryPassword": "Пароль восстановления",
   "sessionSettings": "Настройки",
   "set": "Установить",

package.json

@@ -36,8 +36,10 @@
     "format": "prettier --list-different --write \"*.{css,js,json,scss,ts,tsx}\" \"./**/*.{css,js,json,scss,ts,tsx}\"",
     "start-prod-test": "cross-env NODE_ENV=production NODE_APP_INSTANCE=$MULTI electron .",
     "test": "cross-env IS_UNIT_TEST=1 mocha",
+    "prebuild-release-base": "node ./build/ensureLibsessionNative.js",
     "build-release-base": "cross-env NODE_ENV=production electron-builder --config.extraMetadata.environment=production",
     "build-release": "yarn build-release-base --publish=never --config.directories.output=release",
+    "build-release-install": "yarn build && yarn build-release && sudo dpkg -i release/session-desktop-linux-amd64-${npm_package_version}.deb",
     "build-release-publish": "yarn build-release-base --publish=always",
     "ready": "yarn dedup --fail && yarn build && yarn lint && yarn test",
     "postinstall": "yarn patch-package && yarn electron-builder install-app-deps",
@@ -108,6 +110,9 @@
     "redux-persist": "^6.0.0",
     "redux-promise-middleware": "^6.2.0",
     "rimraf": "6.0.1",
+    "smart-buffer": "^4.2.0",
+    "socks": "^2.8.3",
+    "socks-proxy-agent": "^8.0.4",
     "sanitize.css": "^12.0.1",
     "semver": "^7.7.1",
     "sharp": "https://github.com/session-foundation/sharp/releases/download/v0.34.5/sharp-0.34.5.tgz",
@@ -347,5 +352,6 @@
       "ts/webworker/workers/node/libsession/*.node",
       "!dev-app-update.yml"
     ]
-  }
+  },
+  "packageManager": "yarn@1.22.22+sha512.a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e"
 }

ts/components/dialog/user-settings/UserSettingsDialog.tsx

@@ -10,6 +10,7 @@ import { SessionNetworkPage } from './pages/network/SessionNetworkPage';
 import { NotificationsSettingsPage } from './pages/NotificationsSettingsPage';
 import { PreferencesSettingsPage } from './pages/PreferencesSettingsPage';
 import { PrivacySettingsPage } from './pages/PrivacySettingsPage';
+import { ProxySettingsPage } from './pages/ProxySettingsPage';
 import { RecoveryPasswordSettingsPage } from './pages/RecoveryPasswordSettingsPage';
 import { ProNonOriginatingPage } from './pages/user-pro/ProNonOriginatingPage';
 import { ProSettingsPage } from './pages/user-pro/ProSettingsPage';
@@ -42,6 +43,8 @@ export const UserSettingsDialog = (modalState: UserSettingsModalState) => {
       return <RecoveryPasswordSettingsPage {...modalState} />;
     case 'password':
       return <EditPasswordSettingsPage {...modalState} />;
+    case 'proxy':
+      return <ProxySettingsPage {...modalState} />;
     case 'network':
       return <SessionNetworkPage {...modalState} />;
     case 'pro':

ts/components/dialog/user-settings/pages/DefaultSettingsPage.tsx

@@ -189,6 +189,14 @@ function SettingsSection() {
         }}
         dataTestId="privacy-settings-menu-item"
       />
+      <PanelIconButton
+        iconElement={<LucideIconForSettings unicode={LUCIDE_ICONS_UNICODE.GLOBE} />}
+        text={{ token: 'sessionProxy' }}
+        onClick={() => {
+          dispatch(userSettingsModal({ userSettingsPage: 'proxy' }));
+        }}
+        dataTestId="proxy-settings-menu-item"
+      />
       <PanelIconButton
         iconElement={<LucideIconForSettings unicode={LUCIDE_ICONS_UNICODE.VOLUME_2} />}
         text={{ token: 'sessionNotifications' }}