cyonjan/frp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add possibility to store password hashed

Browse Source
This commit is contained in:
ravenclaw900 2021-06-12 16:23:33 -05:00
parent c7d4637382
commit 523047ad06
2 changed files with 36 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
README.md
View File

@ -906,6 +906,18 @@ http_user = abc
http_pwd = abc http_pwd = abc
``` ```
You can also use a BCrypt encrypted hash as your password.
```ini
# frpc.ini
[web]
type = http
local_port = 80
custom_domains = test.example.com
http_user = abc
http_pwd = $2a$10$q92.cZZ5/Q0P2cVrRZomquuQdvCEAG9Zx6yoE4GG.Yvq0CiiCDQIW
```
Visit `http://test.example.com` in the browser and now you are prompted to enter the username and password. Visit `http://test.example.com` in the browser and now you are prompted to enter the username and password.
### Custom Subdomain Names ### Custom Subdomain Names

26
pkg/util/net/http.go
View File

@ -19,6 +19,8 @@ import (
"io" "io"
"net/http" "net/http"
"strings" "strings"
"golang.org/x/crypto/bcrypt"
) )
type HTTPAuthWraper struct { type HTTPAuthWraper struct {
@ -63,7 +65,17 @@ func (authMid *HTTPAuthMiddleware) Middleware(next http.Handler) http.Handler {
if (authMid.user == "" && authMid.passwd == "") || if (authMid.user == "" && authMid.passwd == "") ||
(hasAuth && reqUser == authMid.user && reqPasswd == authMid.passwd) { (hasAuth && reqUser == authMid.user && reqPasswd == authMid.passwd) {
next.ServeHTTP(w, r) next.ServeHTTP(w, r)
} else { }
else if (authMid.user == reqUser && authMid.passwd[:4] == "$2a$") {
correct := bcrypt.CompareHashAndPassword([]byte(reqPasswd), []byte(authMid.passwd))
if (correct == nil) {
next.ServeHTTP(w, r)
} else {
w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
}
}
else {
w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`) w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
} }
@ -76,7 +88,17 @@ func HTTPBasicAuth(h http.HandlerFunc, user, passwd string) http.HandlerFunc {
if (user == "" && passwd == "") || if (user == "" && passwd == "") ||
(hasAuth && reqUser == user && reqPasswd == passwd) { (hasAuth && reqUser == user && reqPasswd == passwd) {
h.ServeHTTP(w, r) h.ServeHTTP(w, r)
} else { }
else if (user == reqUser && authMid.passwd[:4] == "$2a$") {
correct := bcrypt.CompareHashAndPassword([]byte(reqPasswd), []byte(authMid.passwd))
if (correct == nil) {
h.ServeHTTP(w, r)
} else {
w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
}
}
else {
w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`) w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
} }