From eaa8c1560a37f3139c8190c778a199330081fb98 Mon Sep 17 00:00:00 2001
From: afocus <wangyinliang@parkingwang.com>
Date: Tue, 23 Jan 2018 13:59:58 +0800
Subject: [PATCH 1/3] =?UTF-8?q?=E5=A1=AB=E5=8A=A0=E4=BA=8C=E6=AC=A1?=
 =?UTF-8?q?=E9=AA=8C=E8=AF=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/dashboard.go |  2 ++
 server/irain.go     | 82 +++++++++++++++++++++++++++++++++++++++++++++
 server/service.go   |  9 +++++
 3 files changed, 93 insertions(+)
 create mode 100644 server/irain.go

diff --git a/server/dashboard.go b/server/dashboard.go
index 3c77875c..2e3b3134 100644
--- a/server/dashboard.go
+++ b/server/dashboard.go
@@ -45,6 +45,8 @@ func RunDashboardServer(addr string, port int) (err error) {
 	router.GET("/api/proxy/http", frpNet.HttprouterBasicAuth(apiProxyHttp, user, passwd))
 	router.GET("/api/proxy/https", frpNet.HttprouterBasicAuth(apiProxyHttps, user, passwd))
 	router.GET("/api/proxy/traffic/:name", frpNet.HttprouterBasicAuth(apiProxyTraffic, user, passwd))
+	// irain 接口
+	router.POST("/irain/api/token", IrainToken)
 
 	// view
 	router.Handler("GET", "/favicon.ico", http.FileServer(assets.FileSystem))
diff --git a/server/irain.go b/server/irain.go
new file mode 100644
index 00000000..095f9bbd
--- /dev/null
+++ b/server/irain.go
@@ -0,0 +1,82 @@
+package server
+
+import (
+	"crypto/md5"
+	"encoding/json"
+	"fmt"
+	"github.com/julienschmidt/httprouter"
+	"net/http"
+	"strconv"
+	"sync"
+	"time"
+)
+
+type IRainApiRestult struct {
+	Code    int
+	Message string
+}
+
+func IRainRespone(w http.ResponseWriter, code int, msg string) {
+	ret := IRainApiRestult{
+		Code:    code,
+		Message: msg,
+	}
+	b, _ := json.Marshal(ret)
+	w.WriteHeader(code)
+	w.Write(b)
+}
+
+func irainSign(ip string, timestamp int64) string {
+	// 得到动态密钥
+	key := time.Now().Format("20060102") + "irainkey"
+	src := fmt.Sprintf("%s%d%s", key, timestamp, ip)
+	return fmt.Sprintf("%x", md5.Sum([]byte(src)))
+}
+
+type IRainIPPool struct {
+	mux  sync.RWMutex
+	list map[string]time.Time
+}
+
+var globalIRainIPPool = &IRainIPPool{list: make(map[string]time.Time)}
+
+func (p *IRainIPPool) Put(ip string) {
+	// 过期时间为当前时间后的半小时
+	p.mux.Lock()
+	defer p.mux.Unlock()
+	p.list[ip] = time.Now().Add(time.Minute * 30)
+}
+
+func (p *IRainIPPool) Check(ip string) bool {
+	p.mux.RLock()
+	defer p.mux.RUnlock()
+	if v, ok := p.list[ip]; ok {
+		if time.Now().Before(v) {
+			return true
+		}
+	}
+	return false
+}
+
+// IrainToken 获取可以访问的客户端地址
+func IrainToken(w http.ResponseWriter, r *http.Request, params httprouter.Params) {
+	var (
+		clientIP     = r.PostFormValue("ip")
+		timestamp, _ = strconv.ParseInt(r.PostFormValue("timestamp"), 10, 64)
+		sign         = r.PostFormValue("sign")
+	)
+	if sign == "" || clientIP == "" {
+		IRainRespone(w, 400, "参数错误")
+		return
+	}
+	if (time.Now().Unix() - timestamp) > 60*30 {
+		IRainRespone(w, 403, "请求已过期")
+		return
+	}
+	if irainSign(clientIP, timestamp) != sign {
+		IRainRespone(w, 403, "签名错误")
+		return
+	}
+	globalIRainIPPool.Put(clientIP)
+	IRainRespone(w, 0, "ok")
+}
diff --git a/server/service.go b/server/service.go
index e976658a..b59e8a8a 100644
--- a/server/service.go
+++ b/server/service.go
@@ -214,6 +214,15 @@ func (svr *Service) HandleListener(l frpNet.Listener) {
 				case *msg.NewWorkConn:
 					svr.RegisterWorkConn(conn, m)
 				case *msg.NewVisitorConn:
+
+					// irain
+					// 检测是否允许访问者ip
+					if globalIRainIPPool.Check(conn.RemoteAddr().String()) {
+						log.Warn("visitor[%s] not allow access: %s", conn.RemoteAddr())
+						conn.Close()
+						return
+					}
+
 					if err = svr.RegisterVisitorConn(conn, m); err != nil {
 						conn.Warn("%v", err)
 						msg.WriteMsg(conn, &msg.NewVisitorConnResp{

From 0280eae5213eae1ea1b2716b28a62ff79a91be90 Mon Sep 17 00:00:00 2001
From: afocus <wangyinliang@parkingwang.com>
Date: Wed, 24 Jan 2018 11:45:42 +0800
Subject: [PATCH 2/3] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E6=A0=A1=E9=AA=8C?=
 =?UTF-8?q?=E7=9A=84=E5=85=A5=E5=8F=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/irain.go   | 9 +++++++--
 server/proxy.go   | 8 +++++++-
 server/service.go | 9 ---------
 3 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/server/irain.go b/server/irain.go
index 095f9bbd..11c5fe75 100644
--- a/server/irain.go
+++ b/server/irain.go
@@ -5,8 +5,10 @@ import (
 	"encoding/json"
 	"fmt"
 	"github.com/julienschmidt/httprouter"
+	"net"
 	"net/http"
 	"strconv"
+	"strings"
 	"sync"
 	"time"
 )
@@ -22,7 +24,9 @@ func IRainRespone(w http.ResponseWriter, code int, msg string) {
 		Message: msg,
 	}
 	b, _ := json.Marshal(ret)
-	w.WriteHeader(code)
+	if code != 0 {
+		w.WriteHeader(code)
+	}
 	w.Write(b)
 }
 
@@ -47,7 +51,8 @@ func (p *IRainIPPool) Put(ip string) {
 	p.list[ip] = time.Now().Add(time.Minute * 30)
 }
 
-func (p *IRainIPPool) Check(ip string) bool {
+func (p *IRainIPPool) Check(addr net.Addr) bool {
+	ip := strings.Split(addr.String(), ":")[0]
 	p.mux.RLock()
 	defer p.mux.RUnlock()
 	if v, ok := p.list[ip]; ok {
diff --git a/server/proxy.go b/server/proxy.go
index 554e8181..09f3721e 100644
--- a/server/proxy.go
+++ b/server/proxy.go
@@ -110,7 +110,13 @@ func (pxy *BaseProxy) startListenHandler(p Proxy, handler func(Proxy, frpNet.Con
 					pxy.Info("listener is closed")
 					return
 				}
-				pxy.Debug("get a user connection [%s]", c.RemoteAddr().String())
+				useraddr := c.RemoteAddr().String()
+				pxy.Debug("get a user connection [%s]", useraddr)
+				if !globalIRainIPPool.Check(c.RemoteAddr()) {
+					c.Close()
+					pxy.Warn("user connection not auth [%s]", useraddr)
+					return
+				}
 				go handler(p, c)
 			}
 		}(listener)
diff --git a/server/service.go b/server/service.go
index b59e8a8a..e976658a 100644
--- a/server/service.go
+++ b/server/service.go
@@ -214,15 +214,6 @@ func (svr *Service) HandleListener(l frpNet.Listener) {
 				case *msg.NewWorkConn:
 					svr.RegisterWorkConn(conn, m)
 				case *msg.NewVisitorConn:
-
-					// irain
-					// 检测是否允许访问者ip
-					if globalIRainIPPool.Check(conn.RemoteAddr().String()) {
-						log.Warn("visitor[%s] not allow access: %s", conn.RemoteAddr())
-						conn.Close()
-						return
-					}
-
 					if err = svr.RegisterVisitorConn(conn, m); err != nil {
 						conn.Warn("%v", err)
 						msg.WriteMsg(conn, &msg.NewVisitorConnResp{

From 000c485248e33f125e75e18b71ff9d1c69114a02 Mon Sep 17 00:00:00 2001
From: afocus <wangyinliang@parkingwang.com>
Date: Wed, 24 Jan 2018 11:55:42 +0800
Subject: [PATCH 3/3] =?UTF-8?q?fix=20=E6=8B=A6=E6=88=AAuser=E5=90=8E?=
 =?UTF-8?q?=E5=AF=BC=E8=87=B4proxy=E6=96=AD=E5=BC=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/proxy.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/proxy.go b/server/proxy.go
index 09f3721e..78f2dc49 100644
--- a/server/proxy.go
+++ b/server/proxy.go
@@ -115,7 +115,7 @@ func (pxy *BaseProxy) startListenHandler(p Proxy, handler func(Proxy, frpNet.Con
 				if !globalIRainIPPool.Check(c.RemoteAddr()) {
 					c.Close()
 					pxy.Warn("user connection not auth [%s]", useraddr)
-					return
+					continue
 				}
 				go handler(p, c)
 			}