From 18c31c0f165a4de1f95c4faf0dff14747f39b788 Mon Sep 17 00:00:00 2001 From: Guy Lewin Date: Tue, 25 Feb 2020 12:40:27 -0500 Subject: [PATCH] style: split ini parsing to auth and its implementations --- cmd/frpc/sub/root.go | 6 ++- cmd/frps/root.go | 6 ++- models/auth/auth.go | 71 ++++++++++++++++++++++++++++------ models/auth/oidc.go | 59 ++++++++++++++++++++++++++++ models/auth/token.go | 17 ++++++++ models/config/client_common.go | 39 +------------------ models/config/server_common.go | 41 +------------------- 7 files changed, 149 insertions(+), 90 deletions(-) diff --git a/cmd/frpc/sub/root.go b/cmd/frpc/sub/root.go index 82a906bd..8ef25e48 100644 --- a/cmd/frpc/sub/root.go +++ b/cmd/frpc/sub/root.go @@ -28,6 +28,7 @@ import ( "github.com/spf13/cobra" "github.com/fatedier/frp/client" + "github.com/fatedier/frp/models/auth" "github.com/fatedier/frp/models/config" "github.com/fatedier/frp/utils/log" "github.com/fatedier/frp/utils/version" @@ -157,7 +158,6 @@ func parseClientCommonCfgFromCmd() (cfg config.ClientCommonConf, err error) { cfg.User = user cfg.Protocol = protocol - cfg.Token = token cfg.LogLevel = logLevel cfg.LogFile = logFile cfg.LogMaxDays = int64(logMaxDays) @@ -168,6 +168,10 @@ func parseClientCommonCfgFromCmd() (cfg config.ClientCommonConf, err error) { } cfg.DisableLogColor = disableLogColor + // Only token authentication is supported in cmd mode + cfg.AuthClientConfig = auth.GetDefaultAuthClientConf() + cfg.Token = token + return } diff --git a/cmd/frps/root.go b/cmd/frps/root.go index ec175fe3..9096b28c 100644 --- a/cmd/frps/root.go +++ b/cmd/frps/root.go @@ -20,6 +20,7 @@ import ( "github.com/spf13/cobra" + "github.com/fatedier/frp/models/auth" "github.com/fatedier/frp/models/config" "github.com/fatedier/frp/server" "github.com/fatedier/frp/utils/log" @@ -171,8 +172,11 @@ func parseServerCommonCfgFromCmd() (cfg config.ServerCommonConf, err error) { cfg.LogFile = logFile cfg.LogLevel = logLevel cfg.LogMaxDays = logMaxDays - cfg.Token = token cfg.SubDomainHost = subDomainHost + + // Only token authentication is supported in cmd mode + cfg.AuthServerConfig = auth.GetDefaultAuthServerConf() + cfg.Token = token if len(allowPorts) > 0 { // e.g. 1000-2000,2001,2002,3000-4000 ports, errRet := util.ParseRangeNumbers(allowPorts) diff --git a/models/auth/auth.go b/models/auth/auth.go index a11609fc..90a0c160 100644 --- a/models/auth/auth.go +++ b/models/auth/auth.go @@ -15,8 +15,12 @@ package auth import ( + "fmt" + "github.com/fatedier/frp/models/consts" "github.com/fatedier/frp/models/msg" + + "github.com/vaughan0/go-ini" ) type baseConfig struct { @@ -33,42 +37,83 @@ type baseConfig struct { AuthenticateNewWorkConns bool `json:"authenticate_new_work_conns"` } +func getDefaultBaseConf() baseConfig { + return baseConfig{ + AuthenticationMethod: "token", + AuthenticateHeartBeats: false, + AuthenticateNewWorkConns: false, + } +} + +func unmarshalBaseConfFromIni(conf ini.File) baseConfig { + var ( + tmpStr string + ok bool + ) + + cfg := getDefaultBaseConf() + + if tmpStr, ok = conf.Get("common", "authentication_method"); ok { + cfg.AuthenticationMethod = tmpStr + } + + if tmpStr, ok = conf.Get("common", "authenticate_heartbeats"); ok && tmpStr == "true" { + cfg.AuthenticateHeartBeats = true + } else { + cfg.AuthenticateHeartBeats = false + } + + if tmpStr, ok = conf.Get("common", "authenticate_new_work_conns"); ok && tmpStr == "true" { + cfg.AuthenticateNewWorkConns = true + } else { + cfg.AuthenticateNewWorkConns = false + } + + return cfg +} + type AuthClientConfig struct { baseConfig oidcClientConfig tokenConfig } -func GetDefaultClientConf() AuthClientConfig { +func GetDefaultAuthClientConf() AuthClientConfig { return AuthClientConfig{ - baseConfig: baseConfig{ - AuthenticationMethod: "token", - AuthenticateHeartBeats: false, - AuthenticateNewWorkConns: false, - }, + baseConfig: getDefaultBaseConf(), oidcClientConfig: getDefaultOidcClientConf(), tokenConfig: getDefaultTokenConf(), } } +func UnmarshalAuthClientConfFromIni(conf ini.File) (cfg AuthClientConfig) { + cfg.baseConfig = unmarshalBaseConfFromIni(conf) + cfg.oidcClientConfig = unmarshalOidcClientConfFromIni(conf) + cfg.tokenConfig = unmarshalTokenConfFromIni(conf) + return cfg +} + type AuthServerConfig struct { baseConfig oidcServerConfig tokenConfig } -func GetDefaultServerConf() AuthServerConfig { +func GetDefaultAuthServerConf() AuthServerConfig { return AuthServerConfig{ - baseConfig: baseConfig{ - AuthenticationMethod: "token", - AuthenticateHeartBeats: false, - AuthenticateNewWorkConns: false, - }, + baseConfig: getDefaultBaseConf(), oidcServerConfig: getDefaultOidcServerConf(), tokenConfig: getDefaultTokenConf(), } } +func UnmarshalAuthServerConfFromIni(conf ini.File) (cfg AuthServerConfig) { + cfg.baseConfig = unmarshalBaseConfFromIni(conf) + cfg.oidcServerConfig = unmarshalOidcServerConfFromIni(conf) + cfg.tokenConfig = unmarshalTokenConfFromIni(conf) + return cfg +} + type Setter interface { SetLogin(*msg.Login) error SetPing(*msg.Ping) error @@ -81,6 +126,8 @@ func NewAuthSetter(cfg AuthClientConfig) (authProvider Setter) { authProvider = NewTokenAuth(cfg.baseConfig, cfg.tokenConfig) case consts.OidcAuthMethod: authProvider = NewOidcAuthSetter(cfg.baseConfig, cfg.oidcClientConfig) + default: + panic(fmt.Sprintf("wrong authentication method: '%s'", cfg.AuthenticationMethod)) } return authProvider diff --git a/models/auth/oidc.go b/models/auth/oidc.go index aa929954..b38b1c08 100644 --- a/models/auth/oidc.go +++ b/models/auth/oidc.go @@ -21,6 +21,7 @@ import ( "github.com/fatedier/frp/models/msg" "github.com/coreos/go-oidc" + "github.com/vaughan0/go-ini" "golang.org/x/oauth2/clientcredentials" ) @@ -51,6 +52,33 @@ func getDefaultOidcClientConf() oidcClientConfig { } } +func unmarshalOidcClientConfFromIni(conf ini.File) oidcClientConfig { + var ( + tmpStr string + ok bool + ) + + cfg := getDefaultOidcClientConf() + + if tmpStr, ok = conf.Get("common", "oidc_client_id"); ok { + cfg.OidcClientId = tmpStr + } + + if tmpStr, ok = conf.Get("common", "oidc_client_secret"); ok { + cfg.OidcClientSecret = tmpStr + } + + if tmpStr, ok = conf.Get("common", "oidc_audience"); ok { + cfg.OidcAudience = tmpStr + } + + if tmpStr, ok = conf.Get("common", "oidc_token_endpoint_url"); ok { + cfg.OidcTokenEndpointUrl = tmpStr + } + + return cfg +} + type oidcServerConfig struct { // OidcIssuer specifies the issuer to verify OIDC tokens with. This issuer // will be used to load public keys to verify signature and will be compared @@ -81,6 +109,37 @@ func getDefaultOidcServerConf() oidcServerConfig { } } +func unmarshalOidcServerConfFromIni(conf ini.File) oidcServerConfig { + var ( + tmpStr string + ok bool + ) + + cfg := getDefaultOidcServerConf() + + if tmpStr, ok = conf.Get("common", "oidc_issuer"); ok { + cfg.OidcIssuer = tmpStr + } + + if tmpStr, ok = conf.Get("common", "oidc_audience"); ok { + cfg.OidcAudience = tmpStr + } + + if tmpStr, ok = conf.Get("common", "oidc_skip_expiry_check"); ok && tmpStr == "true" { + cfg.OidcSkipExpiryCheck = true + } else { + cfg.OidcSkipExpiryCheck = false + } + + if tmpStr, ok = conf.Get("common", "oidc_skip_issuer_check"); ok && tmpStr == "true" { + cfg.OidcSkipIssuerCheck = true + } else { + cfg.OidcSkipIssuerCheck = false + } + + return cfg +} + type OidcAuthProvider struct { baseConfig diff --git a/models/auth/token.go b/models/auth/token.go index d7999f4d..71eea3f7 100644 --- a/models/auth/token.go +++ b/models/auth/token.go @@ -19,6 +19,8 @@ import ( "github.com/fatedier/frp/models/msg" "github.com/fatedier/frp/utils/util" + + "github.com/vaughan0/go-ini" ) type tokenConfig struct { @@ -34,6 +36,21 @@ func getDefaultTokenConf() tokenConfig { } } +func unmarshalTokenConfFromIni(conf ini.File) tokenConfig { + var ( + tmpStr string + ok bool + ) + + cfg := getDefaultTokenConf() + + if tmpStr, ok = conf.Get("common", "token"); ok { + cfg.Token = tmpStr + } + + return cfg +} + type TokenAuthSetterVerifier struct { baseConfig diff --git a/models/config/client_common.go b/models/config/client_common.go index 76103f85..3f8c485d 100644 --- a/models/config/client_common.go +++ b/models/config/client_common.go @@ -121,7 +121,6 @@ type ClientCommonConf struct { // GetDefaultClientConf returns a client configuration with default values. func GetDefaultClientConf() ClientCommonConf { return ClientCommonConf{ - AuthClientConfig: auth.GetDefaultClientConf(), ServerAddr: "0.0.0.0", ServerPort: 7000, HttpProxy: os.Getenv("http_proxy"), @@ -157,6 +156,8 @@ func UnmarshalClientConfFromIni(content string) (cfg ClientCommonConf, err error return ClientCommonConf{}, fmt.Errorf("parse ini conf file error: %v", err) } + cfg.AuthClientConfig = auth.UnmarshalAuthClientConfFromIni(conf) + var ( tmpStr string ok bool @@ -202,42 +203,6 @@ func UnmarshalClientConfFromIni(content string) (cfg ClientCommonConf, err error } } - if tmpStr, ok = conf.Get("common", "token"); ok { - cfg.Token = tmpStr - } - - if tmpStr, ok = conf.Get("common", "authentication_method"); ok { - cfg.AuthenticationMethod = tmpStr - } - - if tmpStr, ok = conf.Get("common", "authenticate_heartbeats"); ok && tmpStr == "true" { - cfg.AuthenticateHeartBeats = true - } else { - cfg.AuthenticateHeartBeats = false - } - - if tmpStr, ok = conf.Get("common", "authenticate_new_work_conns"); ok && tmpStr == "true" { - cfg.AuthenticateNewWorkConns = true - } else { - cfg.AuthenticateNewWorkConns = false - } - - if tmpStr, ok = conf.Get("common", "oidc_client_id"); ok { - cfg.OidcClientId = tmpStr - } - - if tmpStr, ok = conf.Get("common", "oidc_client_secret"); ok { - cfg.OidcClientSecret = tmpStr - } - - if tmpStr, ok = conf.Get("common", "oidc_audience"); ok { - cfg.OidcAudience = tmpStr - } - - if tmpStr, ok = conf.Get("common", "oidc_token_endpoint_url"); ok { - cfg.OidcTokenEndpointUrl = tmpStr - } - if tmpStr, ok = conf.Get("common", "admin_addr"); ok { cfg.AdminAddr = tmpStr } diff --git a/models/config/server_common.go b/models/config/server_common.go index 254f80ac..f4f3c413 100644 --- a/models/config/server_common.go +++ b/models/config/server_common.go @@ -148,7 +148,6 @@ type ServerCommonConf struct { // defaults. func GetDefaultServerConf() ServerCommonConf { return ServerCommonConf{ - AuthServerConfig: auth.GetDefaultServerConf(), BindAddr: "0.0.0.0", BindPort: 7000, BindUdpPort: 0, @@ -194,6 +193,8 @@ func UnmarshalServerConfFromIni(content string) (cfg ServerCommonConf, err error UnmarshalPluginsFromIni(conf, &cfg) + cfg.AuthServerConfig = auth.UnmarshalAuthServerConfFromIni(conf) + var ( tmpStr string ok bool @@ -327,44 +328,6 @@ func UnmarshalServerConfFromIni(content string) (cfg ServerCommonConf, err error cfg.DetailedErrorsToClient = true } - cfg.Token, _ = conf.Get("common", "token") - - if tmpStr, ok = conf.Get("common", "authentication_method"); ok { - cfg.AuthenticationMethod = tmpStr - } - - if tmpStr, ok = conf.Get("common", "authenticate_heartbeats"); ok && tmpStr == "true" { - cfg.AuthenticateHeartBeats = true - } else { - cfg.AuthenticateHeartBeats = false - } - - if tmpStr, ok = conf.Get("common", "authenticate_new_work_conns"); ok && tmpStr == "true" { - cfg.AuthenticateNewWorkConns = true - } else { - cfg.AuthenticateNewWorkConns = false - } - - if tmpStr, ok = conf.Get("common", "oidc_issuer"); ok { - cfg.OidcIssuer = tmpStr - } - - if tmpStr, ok = conf.Get("common", "oidc_audience"); ok { - cfg.OidcAudience = tmpStr - } - - if tmpStr, ok = conf.Get("common", "oidc_skip_expiry_check"); ok && tmpStr == "true" { - cfg.OidcSkipExpiryCheck = true - } else { - cfg.OidcSkipExpiryCheck = false - } - - if tmpStr, ok = conf.Get("common", "oidc_skip_issuer_check"); ok && tmpStr == "true" { - cfg.OidcSkipIssuerCheck = true - } else { - cfg.OidcSkipIssuerCheck = false - } - if allowPortsStr, ok := conf.Get("common", "allow_ports"); ok { // e.g. 1000-2000,2001,2002,3000-4000 ports, errRet := util.ParseRangeNumbers(allowPortsStr)