填加二次验证

2018-01-23 13:59:58 +08:00 · 2018-01-23 13:59:58 +08:00 · eaa8c1560a
commit eaa8c1560a
parent 14733dd109
3 changed files with 93 additions and 0 deletions
--- a/server/dashboard.go
+++ b/server/dashboard.go
@ -45,6 +45,8 @@ func RunDashboardServer(addr string, port int) (err error) {
 	router.GET("/api/proxy/http", frpNet.HttprouterBasicAuth(apiProxyHttp, user, passwd))
 	router.GET("/api/proxy/https", frpNet.HttprouterBasicAuth(apiProxyHttps, user, passwd))
 	router.GET("/api/proxy/traffic/:name", frpNet.HttprouterBasicAuth(apiProxyTraffic, user, passwd))
+	// irain 接口
+	router.POST("/irain/api/token", IrainToken)

 	// view
 	router.Handler("GET", "/favicon.ico", http.FileServer(assets.FileSystem))
--- a/server/irain.go
+++ b/server/irain.go
@ -0,0 +1,82 @@
+package server
+
+import (
+	"crypto/md5"
+	"encoding/json"
+	"fmt"
+	"github.com/julienschmidt/httprouter"
+	"net/http"
+	"strconv"
+	"sync"
+	"time"
+)
+
+type IRainApiRestult struct {
+	Code    int
+	Message string
+}
+
+func IRainRespone(w http.ResponseWriter, code int, msg string) {
+	ret := IRainApiRestult{
+		Code:    code,
+		Message: msg,
+	}
+	b, _ := json.Marshal(ret)
+	w.WriteHeader(code)
+	w.Write(b)
+}
+
+func irainSign(ip string, timestamp int64) string {
+	// 得到动态密钥
+	key := time.Now().Format("20060102") + "irainkey"
+	src := fmt.Sprintf("%s%d%s", key, timestamp, ip)
+	return fmt.Sprintf("%x", md5.Sum([]byte(src)))
+}
+
+type IRainIPPool struct {
+	mux  sync.RWMutex
+	list map[string]time.Time
+}
+
+var globalIRainIPPool = &IRainIPPool{list: make(map[string]time.Time)}
+
+func (p *IRainIPPool) Put(ip string) {
+	// 过期时间为当前时间后的半小时
+	p.mux.Lock()
+	defer p.mux.Unlock()
+	p.list[ip] = time.Now().Add(time.Minute * 30)
+}
+
+func (p *IRainIPPool) Check(ip string) bool {
+	p.mux.RLock()
+	defer p.mux.RUnlock()
+	if v, ok := p.list[ip]; ok {
+		if time.Now().Before(v) {
+			return true
+		}
+	}
+	return false
+}
+
+// IrainToken 获取可以访问的客户端地址
+func IrainToken(w http.ResponseWriter, r *http.Request, params httprouter.Params) {
+	var (
+		clientIP     = r.PostFormValue("ip")
+		timestamp, _ = strconv.ParseInt(r.PostFormValue("timestamp"), 10, 64)
+		sign         = r.PostFormValue("sign")
+	)
+	if sign == "" || clientIP == "" {
+		IRainRespone(w, 400, "参数错误")
+		return
+	}
+	if (time.Now().Unix() - timestamp) > 60*30 {
+		IRainRespone(w, 403, "请求已过期")
+		return
+	}
+	if irainSign(clientIP, timestamp) != sign {
+		IRainRespone(w, 403, "签名错误")
+		return
+	}
+	globalIRainIPPool.Put(clientIP)
+	IRainRespone(w, 0, "ok")
+}
--- a/server/service.go
+++ b/server/service.go
@ -214,6 +214,15 @@ func (svr *Service) HandleListener(l frpNet.Listener) {
 				case *msg.NewWorkConn:
 					svr.RegisterWorkConn(conn, m)
 				case *msg.NewVisitorConn:
+
+					// irain
+					// 检测是否允许访问者ip
+					if globalIRainIPPool.Check(conn.RemoteAddr().String()) {
+						log.Warn("visitor[%s] not allow access: %s", conn.RemoteAddr())
+						conn.Close()
+						return
+					}
+
 					if err = svr.RegisterVisitorConn(conn, m); err != nil {
 						conn.Warn("%v", err)
 						msg.WriteMsg(conn, &msg.NewVisitorConnResp{