From dd2f4b5973635f380c1294fb0f6bc2a7224d89cd Mon Sep 17 00:00:00 2001 From: chenzhongjie Date: Wed, 10 Apr 2024 16:56:05 +0800 Subject: [PATCH] test --- README_agi7.md | 9 +++++++++ pkg/auth/auth.go | 8 ++++++-- pkg/auth/jwt.go | 18 +++++++++++++----- pkg/auth/legacy/legacy.go | 14 ++++++++++++++ pkg/config/v1/client.go | 2 ++ pkg/config/v1/common.go | 1 + pkg/config/v1/server.go | 1 + pkg/config/v1/validation/validation.go | 1 + pkg/msg/handler.go | 3 +++ server/control.go | 2 +- 10 files changed, 51 insertions(+), 8 deletions(-) create mode 100644 README_agi7.md diff --git a/README_agi7.md b/README_agi7.md new file mode 100644 index 00000000..2c5a9f50 --- /dev/null +++ b/README_agi7.md @@ -0,0 +1,9 @@ +## build nvr frpc +```shell +env GOOS=linux GOARCH=arm GOARM=7 go build -v -o frpc ./cmd/frpc +``` + +## build frps for linux +```shell +env GOOS=linux GOARCH=amd64 go build -v -o frpc ./cmd/frps +``` diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go index dcb9e52f..47cb76f4 100644 --- a/pkg/auth/auth.go +++ b/pkg/auth/auth.go @@ -30,7 +30,9 @@ type Setter interface { func NewAuthSetter(cfg v1.AuthClientConfig) (authProvider Setter) { switch cfg.Method { case v1.AuthMethodToken: - authProvider = NewJWTAuth(cfg.AdditionalScopes, cfg.Token) + authProvider = NewTokenAuth(cfg.AdditionalScopes, cfg.Token) + case v1.AuthMethodJWT: + authProvider = NewJWTAuth(cfg.AdditionalScopes, cfg.Token, cfg.Secret) case v1.AuthMethodOIDC: authProvider = NewOidcAuthSetter(cfg.AdditionalScopes, cfg.OIDC) default: @@ -48,7 +50,9 @@ type Verifier interface { func NewAuthVerifier(cfg v1.AuthServerConfig) (authVerifier Verifier) { switch cfg.Method { case v1.AuthMethodToken: - authVerifier = NewJWTAuth(cfg.AdditionalScopes, cfg.Token) + authVerifier = NewTokenAuth(cfg.AdditionalScopes, cfg.Token) + case v1.AuthMethodJWT: + authVerifier = NewJWTAuth(cfg.AdditionalScopes, cfg.Token, cfg.Secret) case v1.AuthMethodOIDC: authVerifier = NewOidcAuthVerifier(cfg.AdditionalScopes, cfg.OIDC) } diff --git a/pkg/auth/jwt.go b/pkg/auth/jwt.go index 0473ea28..e083fe29 100644 --- a/pkg/auth/jwt.go +++ b/pkg/auth/jwt.go @@ -15,12 +15,14 @@ import ( type JWTAuthSetterVerifier struct { additionalAuthScopes []v1.AuthScope token string + secret string } -func NewJWTAuth(additionalAuthScopes []v1.AuthScope, token string) *JWTAuthSetterVerifier { +func NewJWTAuth(additionalAuthScopes []v1.AuthScope, token, secret string) *JWTAuthSetterVerifier { return &JWTAuthSetterVerifier{ additionalAuthScopes: additionalAuthScopes, token: token, + secret: secret, } } @@ -50,7 +52,11 @@ func (auth *JWTAuthSetterVerifier) SetNewWorkConn(newWorkConnMsg *msg.NewWorkCon } func (auth *JWTAuthSetterVerifier) VerifyLogin(m *msg.Login) error { - return auth.VerifyToken(m.User, m.PrivilegeKey) + if m.User == "" { + return errors.New("user is empty") + } + token := m.PrivilegeKey + return auth.VerifyToken(m.User, token) } func (auth *JWTAuthSetterVerifier) VerifyPing(m *msg.Ping) error { @@ -58,7 +64,8 @@ func (auth *JWTAuthSetterVerifier) VerifyPing(m *msg.Ping) error { return nil } - return auth.VerifyToken("", m.PrivilegeKey) + token := m.PrivilegeKey + return auth.VerifyToken("", token) } func (auth *JWTAuthSetterVerifier) VerifyNewWorkConn(m *msg.NewWorkConn) error { @@ -66,11 +73,12 @@ func (auth *JWTAuthSetterVerifier) VerifyNewWorkConn(m *msg.NewWorkConn) error { return nil } - return auth.VerifyToken("", m.PrivilegeKey) + token := m.PrivilegeKey + return auth.VerifyToken("", token) } func (auth *JWTAuthSetterVerifier) VerifyToken(user, token string) error { - methodKey := map[string]string{jwt.SigningMethodHS256.Alg(): auth.token} + methodKey := map[string]string{jwt.SigningMethodHS256.Alg(): auth.secret} parser := jwt.NewParser(jwt.WithValidMethods([]string{jwt.SigningMethodHS256.Name})) parsedToken, err := parser.Parse(token, func(t *jwt.Token) (any, error) { key, ok := methodKey[t.Method.Alg()] diff --git a/pkg/auth/legacy/legacy.go b/pkg/auth/legacy/legacy.go index c16d38f2..8567ad7a 100644 --- a/pkg/auth/legacy/legacy.go +++ b/pkg/auth/legacy/legacy.go @@ -40,6 +40,7 @@ type ClientConfig struct { BaseConfig `ini:",extends"` OidcClientConfig `ini:",extends"` TokenConfig `ini:",extends"` + JWTConfig `ini:",extends"` } func GetDefaultClientConf() ClientConfig { @@ -47,6 +48,7 @@ func GetDefaultClientConf() ClientConfig { BaseConfig: getDefaultBaseConf(), OidcClientConfig: getDefaultOidcClientConf(), TokenConfig: getDefaultTokenConf(), + JWTConfig: getDefaultJWTConf(), } } @@ -54,6 +56,7 @@ type ServerConfig struct { BaseConfig `ini:",extends"` OidcServerConfig `ini:",extends"` TokenConfig `ini:",extends"` + JWTConfig `ini:",extends"` } func GetDefaultServerConf() ServerConfig { @@ -61,6 +64,7 @@ func GetDefaultServerConf() ServerConfig { BaseConfig: getDefaultBaseConf(), OidcServerConfig: getDefaultOidcServerConf(), TokenConfig: getDefaultTokenConf(), + JWTConfig: getDefaultJWTConf(), } } @@ -143,3 +147,13 @@ func getDefaultTokenConf() TokenConfig { Token: "", } } + +type JWTConfig struct { + Secret string `ini:"secret" json:"secret"` +} + +func getDefaultJWTConf() JWTConfig { + return JWTConfig{ + Secret: "", + } +} diff --git a/pkg/config/v1/client.go b/pkg/config/v1/client.go index 52b87690..7041e4ed 100644 --- a/pkg/config/v1/client.go +++ b/pkg/config/v1/client.go @@ -175,6 +175,8 @@ type AuthClientConfig struct { // to succeed. By default, this value is "". Token string `json:"token,omitempty"` OIDC AuthOIDCClientConfig `json:"oidc,omitempty"` + + Secret string `json:"secret"` } func (c *AuthClientConfig) Complete() { diff --git a/pkg/config/v1/common.go b/pkg/config/v1/common.go index ddb23356..2579415f 100644 --- a/pkg/config/v1/common.go +++ b/pkg/config/v1/common.go @@ -44,6 +44,7 @@ type AuthMethod string const ( AuthMethodToken AuthMethod = "token" AuthMethodOIDC AuthMethod = "oidc" + AuthMethodJWT AuthMethod = "jwt" ) // QUIC protocol options diff --git a/pkg/config/v1/server.go b/pkg/config/v1/server.go index 03b05d9d..b2cfabf1 100644 --- a/pkg/config/v1/server.go +++ b/pkg/config/v1/server.go @@ -127,6 +127,7 @@ type AuthServerConfig struct { AdditionalScopes []AuthScope `json:"additionalScopes,omitempty"` Token string `json:"token,omitempty"` OIDC AuthOIDCServerConfig `json:"oidc,omitempty"` + Secret string `json:"secret,omitempty"` } func (c *AuthServerConfig) Complete() { diff --git a/pkg/config/v1/validation/validation.go b/pkg/config/v1/validation/validation.go index 4ca6b67f..cbe7a397 100644 --- a/pkg/config/v1/validation/validation.go +++ b/pkg/config/v1/validation/validation.go @@ -33,6 +33,7 @@ var ( SupportedAuthMethods = []v1.AuthMethod{ "token", "oidc", + "jwt", } SupportedAuthAdditionalScopes = []v1.AuthScope{ diff --git a/pkg/msg/handler.go b/pkg/msg/handler.go index cb1eb15a..be6d62bb 100644 --- a/pkg/msg/handler.go +++ b/pkg/msg/handler.go @@ -17,6 +17,8 @@ package msg import ( "io" "reflect" + + "github.com/fatedier/frp/pkg/util/log" ) func AsyncHandler(f func(Message)) func(Message) { @@ -65,6 +67,7 @@ func (d *Dispatcher) readLoop() { for { m, err := ReadMsg(d.rw) if err != nil { + log.Errorf("read msg error, %v", err) close(d.doneCh) return } diff --git a/server/control.go b/server/control.go index ea8a34c1..9938c3bf 100644 --- a/server/control.go +++ b/server/control.go @@ -186,7 +186,7 @@ func NewControl( ctl.lastPing.Store(time.Now()) if ctlConnEncrypted { - cryptoRW, err := netpkg.NewCryptoReadWriter(ctl.conn, []byte(ctl.serverCfg.Auth.Token)) + cryptoRW, err := netpkg.NewCryptoReadWriter(ctl.conn, []byte(loginMsg.PrivilegeKey)) if err != nil { return nil, err }