XiaoMo/frp
1
0
Fork 0
mirror of https://github.com/fatedier/frp.git synced 2025-07-27 07:35:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

tcpmux: support authentication (#3345)

Browse Source
This commit is contained in:
fatedier
2023-03-07 19:53:32 +08:00
committed by GitHub
parent 54eb704650
commit 862b1642ba
11 changed files with 324 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
pkg/util/tcpmux/httpconnect.go
View File

@@ -31,18 +31,21 @@ import (
type HTTPConnectTCPMuxer struct {
*vhost.Muxer
passthrough bool
authRequired bool // Not supported until we really need this.
// If passthrough is set to true, the CONNECT request will be forwarded to the backend service.
// Otherwise, it will return an OK response to the client and forward the remaining content to the backend service.
passthrough bool
}
func NewHTTPConnectTCPMuxer(listener net.Listener, passthrough bool, timeout time.Duration) (*HTTPConnectTCPMuxer, error) {
ret := &HTTPConnectTCPMuxer{passthrough: passthrough, authRequired: false}
mux, err := vhost.NewMuxer(listener, ret.getHostFromHTTPConnect, nil, ret.sendConnectResponse, nil, timeout)
ret := &HTTPConnectTCPMuxer{passthrough: passthrough}
mux, err := vhost.NewMuxer(listener, ret.getHostFromHTTPConnect, timeout)
mux.SetCheckAuthFunc(ret.auth).
SetSuccessHookFunc(ret.sendConnectResponse)
ret.Muxer = mux
return ret, err
}
func (muxer *HTTPConnectTCPMuxer) readHTTPConnectRequest(rd io.Reader) (host string, httpUser string, err error) {
func (muxer *HTTPConnectTCPMuxer) readHTTPConnectRequest(rd io.Reader) (host, httpUser, httpPwd string, err error) {
bufioReader := bufio.NewReader(rd)
req, err := http.ReadRequest(bufioReader)
@@ -58,7 +61,7 @@ func (muxer *HTTPConnectTCPMuxer) readHTTPConnectRequest(rd io.Reader) (host str
host, _ = util.CanonicalHost(req.Host)
proxyAuth := req.Header.Get("Proxy-Authorization")
if proxyAuth != "" {
httpUser, _, _ = util.ParseBasicAuth(proxyAuth)
httpUser, httpPwd, _ = util.ParseBasicAuth(proxyAuth)
}
return
}
@@ -74,11 +77,26 @@ func (muxer *HTTPConnectTCPMuxer) sendConnectResponse(c net.Conn, reqInfo map[st
return res.Write(c)
}
func (muxer *HTTPConnectTCPMuxer) auth(c net.Conn, username, password string, reqInfo map[string]string) (bool, error) {
reqUsername := reqInfo["HTTPUser"]
reqPassword := reqInfo["HTTPPwd"]
if username == reqUsername && password == reqPassword {
return true, nil
}
resp := util.ProxyUnauthorizedResponse()
if resp.Body != nil {
defer resp.Body.Close()
}
_ = resp.Write(c)
return false, nil
}
func (muxer *HTTPConnectTCPMuxer) getHostFromHTTPConnect(c net.Conn) (net.Conn, map[string]string, error) {
reqInfoMap := make(map[string]string, 0)
sc, rd := gnet.NewSharedConn(c)
host, httpUser, err := muxer.readHTTPConnectRequest(rd)
host, httpUser, httpPwd, err := muxer.readHTTPConnectRequest(rd)
if err != nil {
return nil, reqInfoMap, err
}
@@ -86,18 +104,11 @@ func (muxer *HTTPConnectTCPMuxer) getHostFromHTTPConnect(c net.Conn) (net.Conn,
reqInfoMap["Host"] = host
reqInfoMap["Scheme"] = "tcp"
reqInfoMap["HTTPUser"] = httpUser
reqInfoMap["HTTPPwd"] = httpPwd
outConn := c
if muxer.passthrough {
outConn = sc
if muxer.authRequired && httpUser == "" {
resp := util.ProxyUnauthorizedResponse()
if resp.Body != nil {
defer resp.Body.Close()
}
_ = resp.Write(c)
outConn = c
}
}
return outConn, reqInfoMap, nil
}