cyonjan/frp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

填加二次验证

Browse Source
This commit is contained in:
afocus 2018-01-23 13:59:58 +08:00
parent 14733dd109
commit eaa8c1560a
3 changed files with 93 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/dashboard.go
View File

@ -45,6 +45,8 @@ func RunDashboardServer(addr string, port int) (err error) {
router.GET("/api/proxy/http", frpNet.HttprouterBasicAuth(apiProxyHttp, user, passwd)) router.GET("/api/proxy/http", frpNet.HttprouterBasicAuth(apiProxyHttp, user, passwd))
router.GET("/api/proxy/https", frpNet.HttprouterBasicAuth(apiProxyHttps, user, passwd)) router.GET("/api/proxy/https", frpNet.HttprouterBasicAuth(apiProxyHttps, user, passwd))
router.GET("/api/proxy/traffic/:name", frpNet.HttprouterBasicAuth(apiProxyTraffic, user, passwd)) router.GET("/api/proxy/traffic/:name", frpNet.HttprouterBasicAuth(apiProxyTraffic, user, passwd))
// irain 接口
router.POST("/irain/api/token", IrainToken)
// view // view
router.Handler("GET", "/favicon.ico", http.FileServer(assets.FileSystem)) router.Handler("GET", "/favicon.ico", http.FileServer(assets.FileSystem))

82
server/irain.go Normal file
View File

@ -0,0 +1,82 @@
package server
import (
"crypto/md5"
"encoding/json"
"fmt"
"github.com/julienschmidt/httprouter"
"net/http"
"strconv"
"sync"
"time"
)
type IRainApiRestult struct {
Code int
Message string
}
func IRainRespone(w http.ResponseWriter, code int, msg string) {
ret := IRainApiRestult{
Code: code,
Message: msg,
}
b, _ := json.Marshal(ret)
w.WriteHeader(code)
w.Write(b)
}
func irainSign(ip string, timestamp int64) string {
// 得到动态密钥
key := time.Now().Format("20060102") + "irainkey"
src := fmt.Sprintf("%s%d%s", key, timestamp, ip)
return fmt.Sprintf("%x", md5.Sum([]byte(src)))
}
type IRainIPPool struct {
mux sync.RWMutex
list map[string]time.Time
}
var globalIRainIPPool = &IRainIPPool{list: make(map[string]time.Time)}
func (p *IRainIPPool) Put(ip string) {
// 过期时间为当前时间后的半小时
p.mux.Lock()
defer p.mux.Unlock()
p.list[ip] = time.Now().Add(time.Minute * 30)
}
func (p *IRainIPPool) Check(ip string) bool {
p.mux.RLock()
defer p.mux.RUnlock()
if v, ok := p.list[ip]; ok {
if time.Now().Before(v) {
return true
}
}
return false
}
// IrainToken 获取可以访问的客户端地址
func IrainToken(w http.ResponseWriter, r *http.Request, params httprouter.Params) {
var (
clientIP = r.PostFormValue("ip")
timestamp, _ = strconv.ParseInt(r.PostFormValue("timestamp"), 10, 64)
sign = r.PostFormValue("sign")
)
if sign == "" || clientIP == "" {
IRainRespone(w, 400, "参数错误")
return
}
if (time.Now().Unix() - timestamp) > 60*30 {
IRainRespone(w, 403, "请求已过期")
return
}
if irainSign(clientIP, timestamp) != sign {
IRainRespone(w, 403, "签名错误")
return
}
globalIRainIPPool.Put(clientIP)
IRainRespone(w, 0, "ok")
}

9
server/service.go
View File

@ -214,6 +214,15 @@ func (svr *Service) HandleListener(l frpNet.Listener) {
case *msg.NewWorkConn: case *msg.NewWorkConn:
svr.RegisterWorkConn(conn, m) svr.RegisterWorkConn(conn, m)
case *msg.NewVisitorConn: case *msg.NewVisitorConn:
// irain
// 检测是否允许访问者ip
if globalIRainIPPool.Check(conn.RemoteAddr().String()) {
log.Warn("visitor[%s] not allow access: %s", conn.RemoteAddr())
conn.Close()
return
}
if err = svr.RegisterVisitorConn(conn, m); err != nil { if err = svr.RegisterVisitorConn(conn, m); err != nil {
conn.Warn("%v", err) conn.Warn("%v", err)
msg.WriteMsg(conn, &msg.NewVisitorConnResp{ msg.WriteMsg(conn, &msg.NewVisitorConnResp{