diff --git a/server/dashboard.go b/server/dashboard.go index 3c77875c..2e3b3134 100644 --- a/server/dashboard.go +++ b/server/dashboard.go @@ -45,6 +45,8 @@ func RunDashboardServer(addr string, port int) (err error) { router.GET("/api/proxy/http", frpNet.HttprouterBasicAuth(apiProxyHttp, user, passwd)) router.GET("/api/proxy/https", frpNet.HttprouterBasicAuth(apiProxyHttps, user, passwd)) router.GET("/api/proxy/traffic/:name", frpNet.HttprouterBasicAuth(apiProxyTraffic, user, passwd)) + // irain 接口 + router.POST("/irain/api/token", IrainToken) // view router.Handler("GET", "/favicon.ico", http.FileServer(assets.FileSystem)) diff --git a/server/irain.go b/server/irain.go new file mode 100644 index 00000000..11c5fe75 --- /dev/null +++ b/server/irain.go @@ -0,0 +1,87 @@ +package server + +import ( + "crypto/md5" + "encoding/json" + "fmt" + "github.com/julienschmidt/httprouter" + "net" + "net/http" + "strconv" + "strings" + "sync" + "time" +) + +type IRainApiRestult struct { + Code int + Message string +} + +func IRainRespone(w http.ResponseWriter, code int, msg string) { + ret := IRainApiRestult{ + Code: code, + Message: msg, + } + b, _ := json.Marshal(ret) + if code != 0 { + w.WriteHeader(code) + } + w.Write(b) +} + +func irainSign(ip string, timestamp int64) string { + // 得到动态密钥 + key := time.Now().Format("20060102") + "irainkey" + src := fmt.Sprintf("%s%d%s", key, timestamp, ip) + return fmt.Sprintf("%x", md5.Sum([]byte(src))) +} + +type IRainIPPool struct { + mux sync.RWMutex + list map[string]time.Time +} + +var globalIRainIPPool = &IRainIPPool{list: make(map[string]time.Time)} + +func (p *IRainIPPool) Put(ip string) { + // 过期时间为当前时间后的半小时 + p.mux.Lock() + defer p.mux.Unlock() + p.list[ip] = time.Now().Add(time.Minute * 30) +} + +func (p *IRainIPPool) Check(addr net.Addr) bool { + ip := strings.Split(addr.String(), ":")[0] + p.mux.RLock() + defer p.mux.RUnlock() + if v, ok := p.list[ip]; ok { + if time.Now().Before(v) { + return true + } + } + return false +} + +// IrainToken 获取可以访问的客户端地址 +func IrainToken(w http.ResponseWriter, r *http.Request, params httprouter.Params) { + var ( + clientIP = r.PostFormValue("ip") + timestamp, _ = strconv.ParseInt(r.PostFormValue("timestamp"), 10, 64) + sign = r.PostFormValue("sign") + ) + if sign == "" || clientIP == "" { + IRainRespone(w, 400, "参数错误") + return + } + if (time.Now().Unix() - timestamp) > 60*30 { + IRainRespone(w, 403, "请求已过期") + return + } + if irainSign(clientIP, timestamp) != sign { + IRainRespone(w, 403, "签名错误") + return + } + globalIRainIPPool.Put(clientIP) + IRainRespone(w, 0, "ok") +} diff --git a/server/proxy.go b/server/proxy.go index 554e8181..78f2dc49 100644 --- a/server/proxy.go +++ b/server/proxy.go @@ -110,7 +110,13 @@ func (pxy *BaseProxy) startListenHandler(p Proxy, handler func(Proxy, frpNet.Con pxy.Info("listener is closed") return } - pxy.Debug("get a user connection [%s]", c.RemoteAddr().String()) + useraddr := c.RemoteAddr().String() + pxy.Debug("get a user connection [%s]", useraddr) + if !globalIRainIPPool.Check(c.RemoteAddr()) { + c.Close() + pxy.Warn("user connection not auth [%s]", useraddr) + continue + } go handler(p, c) } }(listener)