XiaoMo/frp
1
0
Fork 0
mirror of https://github.com/fatedier/frp.git synced 2026-01-10 10:13:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix lint (#5068)

Browse Source
This commit is contained in:
fatedier
2025-11-18 01:11:44 +08:00
committed by GitHub
parent 66973a03db
commit 15fd19a16d
6 changed files with 35 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
pkg/config/v1/client.go
View File

@@ -249,6 +249,22 @@ type VirtualNetConfig struct {
Address string `json:"address,omitempty"`
}
const (
UnsafeFeatureTokenSourceExec = "TokenSourceExec"
)
type UnsafeFeatures struct {
TokenSourceExec bool
features map[string]bool
}
func NewUnsafeFeatures(allowed []string) UnsafeFeatures {
features := make(map[string]bool)
for _, f := range allowed {
features[f] = true
}
return UnsafeFeatures{features: features}
}
func (u UnsafeFeatures) IsEnabled(feature string) bool {
return u.features[feature]
}

15
pkg/config/v1/validation/client.go
View File

@@ -52,7 +52,7 @@ func ValidateClientCommonConfig(c *v1.ClientCommonConfig, unsafeFeatures v1.Unsa
// Validate tokenSource if specified
if c.Auth.TokenSource != nil {
if c.Auth.TokenSource.Type == "exec" && !unsafeFeatures.TokenSourceExec {
if c.Auth.TokenSource.Type == "exec" && !unsafeFeatures.IsEnabled(v1.UnsafeFeatureTokenSourceExec) {
errs = AppendError(errs, fmt.Errorf("unsafe 'exec' not allowed for auth.tokenSource.type"))
}
if err := c.Auth.TokenSource.Validate(); err != nil {
@@ -62,10 +62,12 @@ func ValidateClientCommonConfig(c *v1.ClientCommonConfig, unsafeFeatures v1.Unsa
if c.Auth.OIDC.TokenSource != nil {
// Validate oidc.tokenSource mutual exclusivity with other fields of oidc
if c.Auth.OIDC.ClientID != "" || c.Auth.OIDC.ClientSecret != "" || c.Auth.OIDC.Audience != "" || c.Auth.OIDC.Scope != "" || c.Auth.OIDC.TokenEndpointURL != "" || len(c.Auth.OIDC.AdditionalEndpointParams) > 0 || c.Auth.OIDC.TrustedCaFile != "" || c.Auth.OIDC.InsecureSkipVerify || c.Auth.OIDC.ProxyURL != "" {
if c.Auth.OIDC.ClientID != "" || c.Auth.OIDC.ClientSecret != "" || c.Auth.OIDC.Audience != "" ||
c.Auth.OIDC.Scope != "" || c.Auth.OIDC.TokenEndpointURL != "" || len(c.Auth.OIDC.AdditionalEndpointParams) > 0 ||
c.Auth.OIDC.TrustedCaFile != "" || c.Auth.OIDC.InsecureSkipVerify || c.Auth.OIDC.ProxyURL != "" {
errs = AppendError(errs, fmt.Errorf("cannot specify both auth.oidc.tokenSource and any other field of auth.oidc"))
}
if c.Auth.OIDC.TokenSource.Type == "exec" && !unsafeFeatures.TokenSourceExec {
if c.Auth.OIDC.TokenSource.Type == "exec" && !unsafeFeatures.IsEnabled(v1.UnsafeFeatureTokenSourceExec) {
errs = AppendError(errs, fmt.Errorf("unsafe 'exec' not allowed for auth.oidc.tokenSource.type"))
}
}
@@ -114,7 +116,12 @@ func ValidateClientCommonConfig(c *v1.ClientCommonConfig, unsafeFeatures v1.Unsa
return warnings, errs
}
func ValidateAllClientConfig(c *v1.ClientCommonConfig, proxyCfgs []v1.ProxyConfigurer, visitorCfgs []v1.VisitorConfigurer, unsafeFeatures v1.UnsafeFeatures) (Warning, error) {
func ValidateAllClientConfig(
c *v1.ClientCommonConfig,
proxyCfgs []v1.ProxyConfigurer,
visitorCfgs []v1.VisitorConfigurer,
unsafeFeatures v1.UnsafeFeatures,
) (Warning, error) {
var warnings Warning
if c != nil {
warning, err := ValidateClientCommonConfig(c, unsafeFeatures)