From bf0542bf180e40ab7c67ebf076e7e06ba2ca7cab Mon Sep 17 00:00:00 2001 From: ravenclaw900 <50060110+ravenclaw900@users.noreply.github.com> Date: Fri, 15 Apr 2022 10:24:58 -0500 Subject: [PATCH] Add config file setting --- client/admin.go | 4 ++-- cmd/frps/root.go | 3 +++ pkg/config/client.go | 2 ++ pkg/config/proxy.go | 1 + pkg/config/server.go | 3 +++ pkg/plugin/client/static_file.go | 10 +++++++++- pkg/util/net/http.go | 6 ++++-- server/dashboard.go | 4 ++-- 8 files changed, 26 insertions(+), 7 deletions(-) diff --git a/client/admin.go b/client/admin.go index 6a6ceecb..fc2ada3f 100644 --- a/client/admin.go +++ b/client/admin.go @@ -47,8 +47,8 @@ func (svr *Service) RunAdminServer(address string) (err error) { } subRouter := router.NewRoute().Subrouter() - user, passwd := svr.cfg.AdminUser, svr.cfg.AdminPwd - subRouter.Use(frpNet.NewHTTPAuthMiddleware(user, passwd).Middleware) + user, passwd, hashed := svr.cfg.AdminUser, svr.cfg.AdminPwd, svr.cfg.HashedPwd + subRouter.Use(frpNet.NewHTTPAuthMiddleware(user, passwd, hashed).Middleware) // api, see admin_api.go subRouter.HandleFunc("/api/reload", svr.apiReload).Methods("GET") diff --git a/cmd/frps/root.go b/cmd/frps/root.go index cdf92672..edc5289c 100644 --- a/cmd/frps/root.go +++ b/cmd/frps/root.go @@ -49,6 +49,7 @@ var ( dashboardPort int dashboardUser string dashboardPwd string + hashedPwd bool enablePrometheus bool assetsDir string logFile string @@ -80,6 +81,7 @@ func init() { rootCmd.PersistentFlags().IntVarP(&dashboardPort, "dashboard_port", "", 0, "dashboard port") rootCmd.PersistentFlags().StringVarP(&dashboardUser, "dashboard_user", "", "admin", "dashboard user") rootCmd.PersistentFlags().StringVarP(&dashboardPwd, "dashboard_pwd", "", "admin", "dashboard password") + rootCmd.PersistentFlags().BoolVarP(&hashedPwd, "hashed_pwd", "", false, "specify if password is hashed") rootCmd.PersistentFlags().BoolVarP(&enablePrometheus, "enable_prometheus", "", false, "enable prometheus dashboard") rootCmd.PersistentFlags().StringVarP(&logFile, "log_file", "", "console", "log file") rootCmd.PersistentFlags().StringVarP(&logLevel, "log_level", "", "info", "log level") @@ -166,6 +168,7 @@ func parseServerCommonCfgFromCmd() (cfg config.ServerCommonConf, err error) { cfg.DashboardPort = dashboardPort cfg.DashboardUser = dashboardUser cfg.DashboardPwd = dashboardPwd + cfg.HashedPwd = hashedPwd cfg.EnablePrometheus = enablePrometheus cfg.LogFile = logFile cfg.LogLevel = logLevel diff --git a/pkg/config/client.go b/pkg/config/client.go index f503711b..be14a877 100644 --- a/pkg/config/client.go +++ b/pkg/config/client.go @@ -83,6 +83,8 @@ type ClientCommonConf struct { // AdminPwd specifies the password that the admin server will use for // login. AdminPwd string `ini:"admin_pwd" json:"admin_pwd"` + // HashedPwd specifies if the password is hashed using BCrypt or not + HashedPwd bool `ini:"hashed_pwd" json:"hashed_pwd"` // AssetsDir specifies the local directory that the admin server will load // resources from. If this value is "", assets will be loaded from the // bundled executable using statik. By default, this value is "". diff --git a/pkg/config/proxy.go b/pkg/config/proxy.go index c000bb30..f92b58cb 100644 --- a/pkg/config/proxy.go +++ b/pkg/config/proxy.go @@ -160,6 +160,7 @@ type HTTPProxyConf struct { Locations []string `ini:"locations" json:"locations"` HTTPUser string `ini:"http_user" json:"http_user"` HTTPPwd string `ini:"http_pwd" json:"http_pwd"` + HashedPwd bool `ini:"hashed_pwd" json:"hashed_pwd"` HostHeaderRewrite string `ini:"host_header_rewrite" json:"host_header_rewrite"` Headers map[string]string `ini:"-" json:"headers"` } diff --git a/pkg/config/server.go b/pkg/config/server.go index cf298f2e..2f6ae555 100644 --- a/pkg/config/server.go +++ b/pkg/config/server.go @@ -78,6 +78,8 @@ type ServerCommonConf struct { // DashboardPwd specifies the password that the dashboard will use for // login. DashboardPwd string `ini:"dashboard_pwd" json:"dashboard_pwd"` + // HashedPwd specifies if the password is hashed using BCrypt or not + HashedPwd bool `ini:"hashed_pwd" json:"hashed_pwd"` // EnablePrometheus will export prometheus metrics on {dashboard_addr}:{dashboard_port} // in /metrics api. EnablePrometheus bool `ini:"enable_prometheus" json:"enable_prometheus"` @@ -193,6 +195,7 @@ func GetDefaultServerConf() ServerCommonConf { DashboardPort: 0, DashboardUser: "", DashboardPwd: "", + HashedPwd: false, EnablePrometheus: false, AssetsDir: "", LogFile: "console", diff --git a/pkg/plugin/client/static_file.go b/pkg/plugin/client/static_file.go index 1eeea3ba..8d2d8b0f 100644 --- a/pkg/plugin/client/static_file.go +++ b/pkg/plugin/client/static_file.go @@ -18,6 +18,7 @@ import ( "io" "net" "net/http" + "strconv" frpNet "github.com/fatedier/frp/pkg/util/net" @@ -35,6 +36,7 @@ type StaticFilePlugin struct { stripPrefix string httpUser string httpPasswd string + hashedPwd bool l *Listener s *http.Server @@ -45,6 +47,11 @@ func NewStaticFilePlugin(params map[string]string) (Plugin, error) { stripPrefix := params["plugin_strip_prefix"] httpUser := params["plugin_http_user"] httpPasswd := params["plugin_http_passwd"] + hashedPwd, err := strconv.ParseBool(params["plugin_hashed_pwd"]) + + if err != nil { + hashedPwd = false + } listener := NewProxyListener() @@ -53,6 +60,7 @@ func NewStaticFilePlugin(params map[string]string) (Plugin, error) { stripPrefix: stripPrefix, httpUser: httpUser, httpPasswd: httpPasswd, + hashedPwd: hashedPwd, l: listener, } @@ -64,7 +72,7 @@ func NewStaticFilePlugin(params map[string]string) (Plugin, error) { } router := mux.NewRouter() - router.Use(frpNet.NewHTTPAuthMiddleware(httpUser, httpPasswd).Middleware) + router.Use(frpNet.NewHTTPAuthMiddleware(httpUser, httpPasswd, hashedPwd).Middleware) router.PathPrefix(prefix).Handler(frpNet.MakeHTTPGzipHandler(http.StripPrefix(prefix, http.FileServer(http.Dir(localPath))))).Methods("GET") sp.s = &http.Server{ Handler: router, diff --git a/pkg/util/net/http.go b/pkg/util/net/http.go index 1ea0ed91..13941e5d 100644 --- a/pkg/util/net/http.go +++ b/pkg/util/net/http.go @@ -50,12 +50,14 @@ func (aw *HTTPAuthWraper) ServeHTTP(w http.ResponseWriter, r *http.Request) { type HTTPAuthMiddleware struct { user string passwd string + hashed bool } -func NewHTTPAuthMiddleware(user, passwd string) *HTTPAuthMiddleware { +func NewHTTPAuthMiddleware(user, passwd string, hashed bool) *HTTPAuthMiddleware { return &HTTPAuthMiddleware{ user: user, passwd: passwd, + hashed: hashed, } } @@ -65,7 +67,7 @@ func (authMid *HTTPAuthMiddleware) Middleware(next http.Handler) http.Handler { if (authMid.user == "" && authMid.passwd == "") || (hasAuth && reqUser == authMid.user && reqPasswd == authMid.passwd) { next.ServeHTTP(w, r) - } else if authMid.user == reqUser && authMid.passwd[:4] == "$2a$" || authMid.passwd[:4] == "$2y$" { + } else if authMid.user == reqUser && authMid.hashed { correct := bcrypt.CompareHashAndPassword([]byte(authMid.passwd), []byte(reqPasswd)) if correct == nil { next.ServeHTTP(w, r) diff --git a/server/dashboard.go b/server/dashboard.go index 8ae1ea86..95d35f88 100644 --- a/server/dashboard.go +++ b/server/dashboard.go @@ -48,8 +48,8 @@ func (svr *Service) RunDashboardServer(address string) (err error) { subRouter := router.NewRoute().Subrouter() - user, passwd := svr.cfg.DashboardUser, svr.cfg.DashboardPwd - subRouter.Use(frpNet.NewHTTPAuthMiddleware(user, passwd).Middleware) + user, passwd, hashed := svr.cfg.DashboardUser, svr.cfg.DashboardPwd, svr.cfg.HashedPwd + subRouter.Use(frpNet.NewHTTPAuthMiddleware(user, passwd, hashed).Middleware) // metrics if svr.cfg.EnablePrometheus {