test
This commit is contained in:
chenzhongjie
parent
36cd2202bb
commit
dd2f4b5973
9
README_agi7.md
Normal file
9
README_agi7.md
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
## build nvr frpc
|
||||||
|
```shell
|
||||||
|
env GOOS=linux GOARCH=arm GOARM=7 go build -v -o frpc ./cmd/frpc
|
||||||
|
```
|
||||||
|
|
||||||
|
## build frps for linux
|
||||||
|
```shell
|
||||||
|
env GOOS=linux GOARCH=amd64 go build -v -o frpc ./cmd/frps
|
||||||
|
```
|
||||||
@ -30,7 +30,9 @@ type Setter interface {
|
|||||||
func NewAuthSetter(cfg v1.AuthClientConfig) (authProvider Setter) {
|
func NewAuthSetter(cfg v1.AuthClientConfig) (authProvider Setter) {
|
||||||
switch cfg.Method {
|
switch cfg.Method {
|
||||||
case v1.AuthMethodToken:
|
case v1.AuthMethodToken:
|
||||||
authProvider = NewJWTAuth(cfg.AdditionalScopes, cfg.Token)
|
authProvider = NewTokenAuth(cfg.AdditionalScopes, cfg.Token)
|
||||||
|
case v1.AuthMethodJWT:
|
||||||
|
authProvider = NewJWTAuth(cfg.AdditionalScopes, cfg.Token, cfg.Secret)
|
||||||
case v1.AuthMethodOIDC:
|
case v1.AuthMethodOIDC:
|
||||||
authProvider = NewOidcAuthSetter(cfg.AdditionalScopes, cfg.OIDC)
|
authProvider = NewOidcAuthSetter(cfg.AdditionalScopes, cfg.OIDC)
|
||||||
default:
|
default:
|
||||||
@ -48,7 +50,9 @@ type Verifier interface {
|
|||||||
func NewAuthVerifier(cfg v1.AuthServerConfig) (authVerifier Verifier) {
|
func NewAuthVerifier(cfg v1.AuthServerConfig) (authVerifier Verifier) {
|
||||||
switch cfg.Method {
|
switch cfg.Method {
|
||||||
case v1.AuthMethodToken:
|
case v1.AuthMethodToken:
|
||||||
authVerifier = NewJWTAuth(cfg.AdditionalScopes, cfg.Token)
|
authVerifier = NewTokenAuth(cfg.AdditionalScopes, cfg.Token)
|
||||||
|
case v1.AuthMethodJWT:
|
||||||
|
authVerifier = NewJWTAuth(cfg.AdditionalScopes, cfg.Token, cfg.Secret)
|
||||||
case v1.AuthMethodOIDC:
|
case v1.AuthMethodOIDC:
|
||||||
authVerifier = NewOidcAuthVerifier(cfg.AdditionalScopes, cfg.OIDC)
|
authVerifier = NewOidcAuthVerifier(cfg.AdditionalScopes, cfg.OIDC)
|
||||||
}
|
}
|
||||||
|
|||||||
@ -15,12 +15,14 @@ import (
|
|||||||
type JWTAuthSetterVerifier struct {
|
type JWTAuthSetterVerifier struct {
|
||||||
additionalAuthScopes []v1.AuthScope
|
additionalAuthScopes []v1.AuthScope
|
||||||
token string
|
token string
|
||||||
|
secret string
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewJWTAuth(additionalAuthScopes []v1.AuthScope, token string) *JWTAuthSetterVerifier {
|
func NewJWTAuth(additionalAuthScopes []v1.AuthScope, token, secret string) *JWTAuthSetterVerifier {
|
||||||
return &JWTAuthSetterVerifier{
|
return &JWTAuthSetterVerifier{
|
||||||
additionalAuthScopes: additionalAuthScopes,
|
additionalAuthScopes: additionalAuthScopes,
|
||||||
token: token,
|
token: token,
|
||||||
|
secret: secret,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -50,7 +52,11 @@ func (auth *JWTAuthSetterVerifier) SetNewWorkConn(newWorkConnMsg *msg.NewWorkCon
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (auth *JWTAuthSetterVerifier) VerifyLogin(m *msg.Login) error {
|
func (auth *JWTAuthSetterVerifier) VerifyLogin(m *msg.Login) error {
|
||||||
return auth.VerifyToken(m.User, m.PrivilegeKey)
|
if m.User == "" {
|
||||||
|
return errors.New("user is empty")
|
||||||
|
}
|
||||||
|
token := m.PrivilegeKey
|
||||||
|
return auth.VerifyToken(m.User, token)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (auth *JWTAuthSetterVerifier) VerifyPing(m *msg.Ping) error {
|
func (auth *JWTAuthSetterVerifier) VerifyPing(m *msg.Ping) error {
|
||||||
@ -58,7 +64,8 @@ func (auth *JWTAuthSetterVerifier) VerifyPing(m *msg.Ping) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
return auth.VerifyToken("", m.PrivilegeKey)
|
token := m.PrivilegeKey
|
||||||
|
return auth.VerifyToken("", token)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (auth *JWTAuthSetterVerifier) VerifyNewWorkConn(m *msg.NewWorkConn) error {
|
func (auth *JWTAuthSetterVerifier) VerifyNewWorkConn(m *msg.NewWorkConn) error {
|
||||||
@ -66,11 +73,12 @@ func (auth *JWTAuthSetterVerifier) VerifyNewWorkConn(m *msg.NewWorkConn) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
return auth.VerifyToken("", m.PrivilegeKey)
|
token := m.PrivilegeKey
|
||||||
|
return auth.VerifyToken("", token)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (auth *JWTAuthSetterVerifier) VerifyToken(user, token string) error {
|
func (auth *JWTAuthSetterVerifier) VerifyToken(user, token string) error {
|
||||||
methodKey := map[string]string{jwt.SigningMethodHS256.Alg(): auth.token}
|
methodKey := map[string]string{jwt.SigningMethodHS256.Alg(): auth.secret}
|
||||||
parser := jwt.NewParser(jwt.WithValidMethods([]string{jwt.SigningMethodHS256.Name}))
|
parser := jwt.NewParser(jwt.WithValidMethods([]string{jwt.SigningMethodHS256.Name}))
|
||||||
parsedToken, err := parser.Parse(token, func(t *jwt.Token) (any, error) {
|
parsedToken, err := parser.Parse(token, func(t *jwt.Token) (any, error) {
|
||||||
key, ok := methodKey[t.Method.Alg()]
|
key, ok := methodKey[t.Method.Alg()]
|
||||||
|
|||||||
@ -40,6 +40,7 @@ type ClientConfig struct {
|
|||||||
BaseConfig `ini:",extends"`
|
BaseConfig `ini:",extends"`
|
||||||
OidcClientConfig `ini:",extends"`
|
OidcClientConfig `ini:",extends"`
|
||||||
TokenConfig `ini:",extends"`
|
TokenConfig `ini:",extends"`
|
||||||
|
JWTConfig `ini:",extends"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func GetDefaultClientConf() ClientConfig {
|
func GetDefaultClientConf() ClientConfig {
|
||||||
@ -47,6 +48,7 @@ func GetDefaultClientConf() ClientConfig {
|
|||||||
BaseConfig: getDefaultBaseConf(),
|
BaseConfig: getDefaultBaseConf(),
|
||||||
OidcClientConfig: getDefaultOidcClientConf(),
|
OidcClientConfig: getDefaultOidcClientConf(),
|
||||||
TokenConfig: getDefaultTokenConf(),
|
TokenConfig: getDefaultTokenConf(),
|
||||||
|
JWTConfig: getDefaultJWTConf(),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -54,6 +56,7 @@ type ServerConfig struct {
|
|||||||
BaseConfig `ini:",extends"`
|
BaseConfig `ini:",extends"`
|
||||||
OidcServerConfig `ini:",extends"`
|
OidcServerConfig `ini:",extends"`
|
||||||
TokenConfig `ini:",extends"`
|
TokenConfig `ini:",extends"`
|
||||||
|
JWTConfig `ini:",extends"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func GetDefaultServerConf() ServerConfig {
|
func GetDefaultServerConf() ServerConfig {
|
||||||
@ -61,6 +64,7 @@ func GetDefaultServerConf() ServerConfig {
|
|||||||
BaseConfig: getDefaultBaseConf(),
|
BaseConfig: getDefaultBaseConf(),
|
||||||
OidcServerConfig: getDefaultOidcServerConf(),
|
OidcServerConfig: getDefaultOidcServerConf(),
|
||||||
TokenConfig: getDefaultTokenConf(),
|
TokenConfig: getDefaultTokenConf(),
|
||||||
|
JWTConfig: getDefaultJWTConf(),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -143,3 +147,13 @@ func getDefaultTokenConf() TokenConfig {
|
|||||||
Token: "",
|
Token: "",
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type JWTConfig struct {
|
||||||
|
Secret string `ini:"secret" json:"secret"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func getDefaultJWTConf() JWTConfig {
|
||||||
|
return JWTConfig{
|
||||||
|
Secret: "",
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
@ -175,6 +175,8 @@ type AuthClientConfig struct {
|
|||||||
// to succeed. By default, this value is "".
|
// to succeed. By default, this value is "".
|
||||||
Token string `json:"token,omitempty"`
|
Token string `json:"token,omitempty"`
|
||||||
OIDC AuthOIDCClientConfig `json:"oidc,omitempty"`
|
OIDC AuthOIDCClientConfig `json:"oidc,omitempty"`
|
||||||
|
|
||||||
|
Secret string `json:"secret"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *AuthClientConfig) Complete() {
|
func (c *AuthClientConfig) Complete() {
|
||||||
|
|||||||
@ -44,6 +44,7 @@ type AuthMethod string
|
|||||||
const (
|
const (
|
||||||
AuthMethodToken AuthMethod = "token"
|
AuthMethodToken AuthMethod = "token"
|
||||||
AuthMethodOIDC AuthMethod = "oidc"
|
AuthMethodOIDC AuthMethod = "oidc"
|
||||||
|
AuthMethodJWT AuthMethod = "jwt"
|
||||||
)
|
)
|
||||||
|
|
||||||
// QUIC protocol options
|
// QUIC protocol options
|
||||||
|
|||||||
@ -127,6 +127,7 @@ type AuthServerConfig struct {
|
|||||||
AdditionalScopes []AuthScope `json:"additionalScopes,omitempty"`
|
AdditionalScopes []AuthScope `json:"additionalScopes,omitempty"`
|
||||||
Token string `json:"token,omitempty"`
|
Token string `json:"token,omitempty"`
|
||||||
OIDC AuthOIDCServerConfig `json:"oidc,omitempty"`
|
OIDC AuthOIDCServerConfig `json:"oidc,omitempty"`
|
||||||
|
Secret string `json:"secret,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *AuthServerConfig) Complete() {
|
func (c *AuthServerConfig) Complete() {
|
||||||
|
|||||||
@ -33,6 +33,7 @@ var (
|
|||||||
SupportedAuthMethods = []v1.AuthMethod{
|
SupportedAuthMethods = []v1.AuthMethod{
|
||||||
"token",
|
"token",
|
||||||
"oidc",
|
"oidc",
|
||||||
|
"jwt",
|
||||||
}
|
}
|
||||||
|
|
||||||
SupportedAuthAdditionalScopes = []v1.AuthScope{
|
SupportedAuthAdditionalScopes = []v1.AuthScope{
|
||||||
|
|||||||
@ -17,6 +17,8 @@ package msg
|
|||||||
import (
|
import (
|
||||||
"io"
|
"io"
|
||||||
"reflect"
|
"reflect"
|
||||||
|
|
||||||
|
"github.com/fatedier/frp/pkg/util/log"
|
||||||
)
|
)
|
||||||
|
|
||||||
func AsyncHandler(f func(Message)) func(Message) {
|
func AsyncHandler(f func(Message)) func(Message) {
|
||||||
@ -65,6 +67,7 @@ func (d *Dispatcher) readLoop() {
|
|||||||
for {
|
for {
|
||||||
m, err := ReadMsg(d.rw)
|
m, err := ReadMsg(d.rw)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Errorf("read msg error, %v", err)
|
||||||
close(d.doneCh)
|
close(d.doneCh)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|||||||
@ -186,7 +186,7 @@ func NewControl(
|
|||||||
ctl.lastPing.Store(time.Now())
|
ctl.lastPing.Store(time.Now())
|
||||||
|
|
||||||
if ctlConnEncrypted {
|
if ctlConnEncrypted {
|
||||||
cryptoRW, err := netpkg.NewCryptoReadWriter(ctl.conn, []byte(ctl.serverCfg.Auth.Token))
|
cryptoRW, err := netpkg.NewCryptoReadWriter(ctl.conn, []byte(loginMsg.PrivilegeKey))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user