XiaoMo/frp
1
0
Fork 0
mirror of https://github.com/fatedier/frp.git synced 2025-07-27 15:45:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

lint by golangci-lint (#3080)

Browse Source
This commit is contained in:
fatedier
2022-08-29 01:02:53 +08:00
committed by GitHub
parent f4e4fbea62
commit 9d077b02cf
122 changed files with 947 additions and 1331 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/auth/oidc.go
View File

@@ -18,10 +18,10 @@ import (
"context"
"fmt"
"github.com/fatedier/frp/pkg/msg"
"github.com/coreos/go-oidc"
"golang.org/x/oauth2/clientcredentials"
"github.com/fatedier/frp/pkg/msg"
)
type OidcClientConfig struct {
@@ -34,7 +34,7 @@ type OidcClientConfig struct {
// is "".
OidcClientSecret string `ini:"oidc_client_secret" json:"oidc_client_secret"`
// OidcAudience specifies the audience of the token in OIDC authentication
//if AuthenticationMethod == "oidc". By default, this value is "".
// if AuthenticationMethod == "oidc". By default, this value is "".
OidcAudience string `ini:"oidc_audience" json:"oidc_audience"`
// OidcTokenEndpointURL specifies the URL which implements OIDC Token Endpoint.
// It will be used to get an OIDC token if AuthenticationMethod == "oidc".

20
pkg/config/client.go
View File

@@ -20,10 +20,10 @@ import (
"path/filepath"
"strings"
"gopkg.in/ini.v1"
"github.com/fatedier/frp/pkg/auth"
"github.com/fatedier/frp/pkg/util/util"
"gopkg.in/ini.v1"
)
// ClientCommonConf contains information for a client service. It is
@@ -113,7 +113,7 @@ type ClientCommonConf struct {
// all supplied proxies are enabled. By default, this value is an empty
// set.
Start []string `ini:"start" json:"start"`
//Start map[string]struct{} `json:"start"`
// Start map[string]struct{} `json:"start"`
// Protocol specifies the protocol to use when interacting with the server.
// Valid values are "tcp", "kcp" and "websocket". By default, this value
// is "tcp".
@@ -214,7 +214,7 @@ func (cfg *ClientCommonConf) Validate() error {
}
}
if cfg.TLSEnable == false {
if !cfg.TLSEnable {
if cfg.TLSCertFile != "" {
fmt.Println("WARNING! tls_cert_file is invalid when tls_enable is false")
}
@@ -281,7 +281,6 @@ func LoadAllProxyConfsFromIni(
source interface{},
start []string,
) (map[string]ProxyConf, map[string]VisitorConf, error) {
f, err := ini.LoadSources(ini.LoadOptions{
Insensitive: false,
InsensitiveSections: false,
@@ -366,7 +365,6 @@ func LoadAllProxyConfsFromIni(
}
func renderRangeProxyTemplates(f *ini.File, section *ini.Section) error {
// Validation
localPortStr := section.Key("local_port").String()
remotePortStr := section.Key("remote_port").String()
@@ -404,8 +402,12 @@ func renderRangeProxyTemplates(f *ini.File, section *ini.Section) error {
}
copySection(section, tmpsection)
tmpsection.NewKey("local_port", fmt.Sprintf("%d", localPorts[i]))
tmpsection.NewKey("remote_port", fmt.Sprintf("%d", remotePorts[i]))
if _, err := tmpsection.NewKey("local_port", fmt.Sprintf("%d", localPorts[i])); err != nil {
return fmt.Errorf("local_port new key in section error: %v", err)
}
if _, err := tmpsection.NewKey("remote_port", fmt.Sprintf("%d", remotePorts[i])); err != nil {
return fmt.Errorf("remote_port new key in section error: %v", err)
}
}
return nil
@@ -413,6 +415,6 @@ func renderRangeProxyTemplates(f *ini.File, section *ini.Section) error {
func copySection(source, target *ini.Section) {
for key, value := range source.KeysHash() {
target.NewKey(key, value)
_, _ = target.NewKey(key, value)
}
}

8
pkg/config/client_test.go
View File

@@ -17,18 +17,17 @@ package config
import (
"testing"
"github.com/stretchr/testify/assert"
"github.com/fatedier/frp/pkg/auth"
"github.com/fatedier/frp/pkg/consts"
"github.com/stretchr/testify/assert"
)
const (
testUser = "test"
)
var (
testClientBytesWithFull = []byte(`
var testClientBytesWithFull = []byte(`
# [common] is integral section
[common]
server_addr = 0.0.0.9
@@ -237,7 +236,6 @@ var (
use_encryption = false
use_compression = false
`)
)
func Test_LoadClientCommonConf(t *testing.T) {
assert := assert.New(t)

2
pkg/config/parse.go
View File

@@ -42,7 +42,7 @@ func ParseClientConfig(filePath string) (
}
cfg.Complete()
if err = cfg.Validate(); err != nil {
err = fmt.Errorf("Parse config error: %v", err)
err = fmt.Errorf("parse config error: %v", err)
return
}

8
pkg/config/proxy.go
View File

@@ -21,10 +21,10 @@ import (
"strconv"
"strings"
"gopkg.in/ini.v1"
"github.com/fatedier/frp/pkg/consts"
"github.com/fatedier/frp/pkg/msg"
"gopkg.in/ini.v1"
)
// Proxy
@@ -420,10 +420,6 @@ func (cfg *BaseProxyConf) checkForCli() (err error) {
return nil
}
func (cfg *BaseProxyConf) checkForSvr(conf ServerCommonConf) error {
return nil
}
// DomainConf
func (cfg *DomainConf) check() (err error) {
if len(cfg.CustomDomains) == 0 && cfg.SubDomain == "" {

6
pkg/config/proxy_test.go
View File

@@ -17,10 +17,10 @@ package config
import (
"testing"
"github.com/fatedier/frp/pkg/consts"
"github.com/stretchr/testify/assert"
"gopkg.in/ini.v1"
"github.com/fatedier/frp/pkg/consts"
)
var (
@@ -49,7 +49,6 @@ func Test_Proxy_UnmarshalFromIni(t *testing.T) {
source []byte
expected ProxyConf
}{
{
sname: "ssh",
source: []byte(`
@@ -457,5 +456,4 @@ func Test_RangeProxy_UnmarshalFromIni(t *testing.T) {
assert.Equal(c.expected, actual)
}
}

9
pkg/config/server.go
View File

@@ -18,12 +18,12 @@ import (
"fmt"
"strings"
"github.com/go-playground/validator/v10"
"gopkg.in/ini.v1"
"github.com/fatedier/frp/pkg/auth"
plugin "github.com/fatedier/frp/pkg/plugin/server"
"github.com/fatedier/frp/pkg/util/util"
"github.com/go-playground/validator/v10"
"gopkg.in/ini.v1"
)
// ServerCommonConf contains information for a server service. It is
@@ -236,7 +236,6 @@ func GetDefaultServerConf() ServerCommonConf {
}
func UnmarshalServerConfFromIni(source interface{}) (ServerCommonConf, error) {
f, err := ini.LoadSources(ini.LoadOptions{
Insensitive: false,
InsensitiveSections: false,
@@ -308,7 +307,7 @@ func (cfg *ServerCommonConf) Complete() {
}
func (cfg *ServerCommonConf) Validate() error {
if cfg.DashboardTLSMode == false {
if !cfg.DashboardTLSMode {
if cfg.DashboardTLSCertFile != "" {
fmt.Println("WARNING! dashboard_tls_cert_file is invalid when dashboard_tls_mode is false")
}

12
pkg/config/server_test.go
View File

@@ -17,10 +17,10 @@ package config
import (
"testing"
"github.com/stretchr/testify/assert"
"github.com/fatedier/frp/pkg/auth"
plugin "github.com/fatedier/frp/pkg/plugin/server"
"github.com/stretchr/testify/assert"
)
func Test_LoadServerCommonConf(t *testing.T) {
@@ -126,10 +126,10 @@ func Test_LoadServerCommonConf(t *testing.T) {
HeartbeatTimeout: 99,
UserConnTimeout: 9,
AllowPorts: map[int]struct{}{
10: struct{}{},
11: struct{}{},
12: struct{}{},
99: struct{}{},
10: {},
11: {},
12: {},
99: {},
},
MaxPoolCount: 59,
MaxPortsPerClient: 9,

7
pkg/config/types.go
View File

@@ -75,21 +75,22 @@ func (q *BandwidthQuantity) UnmarshalString(s string) error {
f float64
err error
)
if strings.HasSuffix(s, "MB") {
switch {
case strings.HasSuffix(s, "MB"):
base = MB
fstr := strings.TrimSuffix(s, "MB")
f, err = strconv.ParseFloat(fstr, 64)
if err != nil {
return err
}
} else if strings.HasSuffix(s, "KB") {
case strings.HasSuffix(s, "KB"):
base = KB
fstr := strings.TrimSuffix(s, "KB")
f, err = strconv.ParseFloat(fstr, 64)
if err != nil {
return err
}
} else {
default:
return errors.New("unit not support")
}

4
pkg/config/value.go
View File

@@ -21,9 +21,7 @@ import (
"text/template"
)
var (
glbEnvs map[string]string
)
var glbEnvs map[string]string
func init() {
glbEnvs = make(map[string]string)

5
pkg/config/visitor.go
View File

@@ -18,9 +18,9 @@ import (
"fmt"
"reflect"
"github.com/fatedier/frp/pkg/consts"
"gopkg.in/ini.v1"
"github.com/fatedier/frp/pkg/consts"
)
// Visitor
@@ -136,6 +136,7 @@ func (cfg *BaseVisitorConf) check() (err error) {
}
func (cfg *BaseVisitorConf) unmarshalFromIni(prefix string, name string, section *ini.Section) error {
_ = section
// Custom decoration after basic unmarshal:
// proxy name

4
pkg/config/visitor_test.go
View File

@@ -17,10 +17,10 @@ package config
import (
"testing"
"github.com/fatedier/frp/pkg/consts"
"github.com/stretchr/testify/assert"
"gopkg.in/ini.v1"
"github.com/fatedier/frp/pkg/consts"
)
const testVisitorPrefix = "test."

32
pkg/consts/consts.go
View File

@@ -16,26 +16,26 @@ package consts
var (
// proxy status
Idle string = "idle"
Working string = "working"
Closed string = "closed"
Online string = "online"
Offline string = "offline"
Idle = "idle"
Working = "working"
Closed = "closed"
Online = "online"
Offline = "offline"
// proxy type
TCPProxy string = "tcp"
UDPProxy string = "udp"
TCPMuxProxy string = "tcpmux"
HTTPProxy string = "http"
HTTPSProxy string = "https"
STCPProxy string = "stcp"
XTCPProxy string = "xtcp"
SUDPProxy string = "sudp"
TCPProxy = "tcp"
UDPProxy = "udp"
TCPMuxProxy = "tcpmux"
HTTPProxy = "http"
HTTPSProxy = "https"
STCPProxy = "stcp"
XTCPProxy = "xtcp"
SUDPProxy = "sudp"
// authentication method
TokenAuthMethod string = "token"
OidcAuthMethod string = "oidc"
TokenAuthMethod = "token"
OidcAuthMethod = "oidc"
// TCP multiplexer
HTTPConnectTCPMultiplexer string = "httpconnect"
HTTPConnectTCPMultiplexer = "httpconnect"
)

2
pkg/metrics/aggregate/server.go
View File

@@ -30,7 +30,7 @@ func EnablePrometheus() {
sm.Add(prometheus.ServerMetrics)
}
var sm *serverMetrics = &serverMetrics{}
var sm = &serverMetrics{}
func init() {
metrics.Register(sm)

9
pkg/metrics/mem/server.go
View File

@@ -23,9 +23,12 @@ import (
server "github.com/fatedier/frp/server/metrics"
)
var sm *serverMetrics = newServerMetrics()
var ServerMetrics server.ServerMetrics
var StatsCollector Collector
var (
sm = newServerMetrics()
ServerMetrics server.ServerMetrics
StatsCollector Collector
)
func init() {
ServerMetrics = sm

6
pkg/metrics/metrics.go
View File

@@ -4,5 +4,7 @@ import (
"github.com/fatedier/frp/pkg/metrics/aggregate"
)
var EnableMem = aggregate.EnableMem
var EnablePrometheus = aggregate.EnablePrometheus
var (
EnableMem = aggregate.EnableMem
EnablePrometheus = aggregate.EnablePrometheus
)

4
pkg/metrics/prometheus/server.go
View File

@@ -1,9 +1,9 @@
package prometheus
import (
"github.com/fatedier/frp/server/metrics"
"github.com/prometheus/client_golang/prometheus"
"github.com/fatedier/frp/server/metrics"
)
const (

4
pkg/msg/ctl.go
View File

@@ -22,9 +22,7 @@ import (
type Message = jsonMsg.Message
var (
msgCtl *jsonMsg.MsgCtl
)
var msgCtl *jsonMsg.MsgCtl
func init() {
msgCtl = jsonMsg.NewMsgCtl()

48
pkg/msg/msg.go
View File

@@ -37,28 +37,26 @@ const (
TypeNatHoleSid = '5'
)
var (
msgTypeMap = map[byte]interface{}{
TypeLogin: Login{},
TypeLoginResp: LoginResp{},
TypeNewProxy: NewProxy{},
TypeNewProxyResp: NewProxyResp{},
TypeCloseProxy: CloseProxy{},
TypeNewWorkConn: NewWorkConn{},
TypeReqWorkConn: ReqWorkConn{},
TypeStartWorkConn: StartWorkConn{},
TypeNewVisitorConn: NewVisitorConn{},
TypeNewVisitorConnResp: NewVisitorConnResp{},
TypePing: Ping{},
TypePong: Pong{},
TypeUDPPacket: UDPPacket{},
TypeNatHoleVisitor: NatHoleVisitor{},
TypeNatHoleClient: NatHoleClient{},
TypeNatHoleResp: NatHoleResp{},
TypeNatHoleClientDetectOK: NatHoleClientDetectOK{},
TypeNatHoleSid: NatHoleSid{},
}
)
var msgTypeMap = map[byte]interface{}{
TypeLogin: Login{},
TypeLoginResp: LoginResp{},
TypeNewProxy: NewProxy{},
TypeNewProxyResp: NewProxyResp{},
TypeCloseProxy: CloseProxy{},
TypeNewWorkConn: NewWorkConn{},
TypeReqWorkConn: ReqWorkConn{},
TypeStartWorkConn: StartWorkConn{},
TypeNewVisitorConn: NewVisitorConn{},
TypeNewVisitorConnResp: NewVisitorConnResp{},
TypePing: Ping{},
TypePong: Pong{},
TypeUDPPacket: UDPPacket{},
TypeNatHoleVisitor: NatHoleVisitor{},
TypeNatHoleClient: NatHoleClient{},
TypeNatHoleResp: NatHoleResp{},
TypeNatHoleClientDetectOK: NatHoleClientDetectOK{},
TypeNatHoleSid: NatHoleSid{},
}
// When frpc start, client send this message to login to server.
type Login struct {
@@ -129,8 +127,7 @@ type NewWorkConn struct {
Timestamp int64 `json:"timestamp,omitempty"`
}
type ReqWorkConn struct {
}
type ReqWorkConn struct{}
type StartWorkConn struct {
ProxyName string `json:"proxy_name,omitempty"`
@@ -187,8 +184,7 @@ type NatHoleResp struct {
Error string `json:"error,omitempty"`
}
type NatHoleClientDetectOK struct {
}
type NatHoleClientDetectOK struct{}
type NatHoleSid struct {
Sid string `json:"sid,omitempty"`

18
pkg/nathole/nathole.go
View File

@@ -7,15 +7,15 @@ import (
"sync"
"time"
"github.com/fatedier/golib/errors"
"github.com/fatedier/golib/pool"
"github.com/fatedier/frp/pkg/msg"
"github.com/fatedier/frp/pkg/util/log"
"github.com/fatedier/frp/pkg/util/util"
"github.com/fatedier/golib/errors"
"github.com/fatedier/golib/pool"
)
// Timeout seconds.
// NatHoleTimeout seconds.
var NatHoleTimeout int64 = 10
type SidRequest struct {
@@ -107,7 +107,7 @@ func (nc *Controller) HandleVisitor(m *msg.NatHoleVisitor, raddr *net.UDPAddr) {
session := &Session{
Sid: sid,
VisitorAddr: raddr,
NotifyCh: make(chan struct{}, 0),
NotifyCh: make(chan struct{}),
}
nc.mu.Lock()
clientCfg, ok := nc.clientCfgs[m.ProxyName]
@@ -115,14 +115,14 @@ func (nc *Controller) HandleVisitor(m *msg.NatHoleVisitor, raddr *net.UDPAddr) {
nc.mu.Unlock()
errInfo := fmt.Sprintf("xtcp server for [%s] doesn't exist", m.ProxyName)
log.Debug(errInfo)
nc.listener.WriteToUDP(nc.GenNatHoleResponse(nil, errInfo), raddr)
_, _ = nc.listener.WriteToUDP(nc.GenNatHoleResponse(nil, errInfo), raddr)
return
}
if m.SignKey != util.GetAuthKey(clientCfg.Sk, m.Timestamp) {
nc.mu.Unlock()
errInfo := fmt.Sprintf("xtcp connection of [%s] auth failed", m.ProxyName)
log.Debug(errInfo)
nc.listener.WriteToUDP(nc.GenNatHoleResponse(nil, errInfo), raddr)
_, _ = nc.listener.WriteToUDP(nc.GenNatHoleResponse(nil, errInfo), raddr)
return
}
@@ -151,7 +151,7 @@ func (nc *Controller) HandleVisitor(m *msg.NatHoleVisitor, raddr *net.UDPAddr) {
case <-session.NotifyCh:
resp := nc.GenNatHoleResponse(session, "")
log.Trace("send nat hole response to visitor")
nc.listener.WriteToUDP(resp, raddr)
_, _ = nc.listener.WriteToUDP(resp, raddr)
case <-time.After(time.Duration(NatHoleTimeout) * time.Second):
return
}
@@ -169,7 +169,7 @@ func (nc *Controller) HandleClient(m *msg.NatHoleClient, raddr *net.UDPAddr) {
resp := nc.GenNatHoleResponse(session, "")
log.Trace("send nat hole response to client")
nc.listener.WriteToUDP(resp, raddr)
_, _ = nc.listener.WriteToUDP(resp, raddr)
}
func (nc *Controller) GenNatHoleResponse(session *Session, errInfo string) []byte {

9
pkg/plugin/client/http2https.go
View File

@@ -86,17 +86,20 @@ func NewHTTP2HTTPSPlugin(params map[string]string) (Plugin, error) {
}
p.s = &http.Server{
Handler: rp,
Handler: rp,
ReadHeaderTimeout: 0,
}
go p.s.Serve(listener)
go func() {
_ = p.s.Serve(listener)
}()
return p, nil
}
func (p *HTTP2HTTPSPlugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, extraBufToLocal []byte) {
wrapConn := frpNet.WrapReadWriteCloserToConn(conn, realConn)
p.l.PutConn(wrapConn)
_ = p.l.PutConn(wrapConn)
}
func (p *HTTP2HTTPSPlugin) Name() string {

22
pkg/plugin/client/http_proxy.go
View File

@@ -22,10 +22,10 @@ import (
"net/http"
"strings"
frpNet "github.com/fatedier/frp/pkg/util/net"
frpIo "github.com/fatedier/golib/io"
gnet "github.com/fatedier/golib/net"
frpNet "github.com/fatedier/frp/pkg/util/net"
)
const PluginHTTPProxy = "http_proxy"
@@ -56,7 +56,9 @@ func NewHTTPProxyPlugin(params map[string]string) (Plugin, error) {
Handler: hp,
}
go hp.s.Serve(listener)
go func() {
_ = hp.s.Serve(listener)
}()
return hp, nil
}
@@ -86,8 +88,7 @@ func (hp *HTTPProxy) Handle(conn io.ReadWriteCloser, realConn net.Conn, extraBuf
return
}
hp.l.PutConn(sc)
return
_ = hp.l.PutConn(sc)
}
func (hp *HTTPProxy) Close() error {
@@ -153,7 +154,7 @@ func (hp *HTTPProxy) ConnectHandler(rw http.ResponseWriter, req *http.Request) {
client.Close()
return
}
client.Write([]byte("HTTP/1.1 200 OK\r\n\r\n"))
_, _ = client.Write([]byte("HTTP/1.1 200 OK\r\n\r\n"))
go frpIo.Join(remote, client)
}
@@ -188,7 +189,10 @@ func (hp *HTTPProxy) handleConnectReq(req *http.Request, rwc io.ReadWriteCloser)
defer rwc.Close()
if ok := hp.Auth(req); !ok {
res := getBadResponse()
res.Write(rwc)
_ = res.Write(rwc)
if res.Body != nil {
res.Body.Close()
}
return
}
@@ -200,10 +204,10 @@ func (hp *HTTPProxy) handleConnectReq(req *http.Request, rwc io.ReadWriteCloser)
ProtoMajor: 1,
ProtoMinor: 1,
}
res.Write(rwc)
_ = res.Write(rwc)
return
}
rwc.Write([]byte("HTTP/1.1 200 OK\r\n\r\n"))
_, _ = rwc.Write([]byte("HTTP/1.1 200 OK\r\n\r\n"))
frpIo.Join(remote, rwc)
}

6
pkg/plugin/client/https2http.go
View File

@@ -106,7 +106,9 @@ func NewHTTPS2HTTPPlugin(params map[string]string) (Plugin, error) {
}
ln := tls.NewListener(listener, tlsConfig)
go p.s.Serve(ln)
go func() {
_ = p.s.Serve(ln)
}()
return p, nil
}
@@ -122,7 +124,7 @@ func (p *HTTPS2HTTPPlugin) genTLSConfig() (*tls.Config, error) {
func (p *HTTPS2HTTPPlugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, extraBufToLocal []byte) {
wrapConn := frpNet.WrapReadWriteCloserToConn(conn, realConn)
p.l.PutConn(wrapConn)
_ = p.l.PutConn(wrapConn)
}
func (p *HTTPS2HTTPPlugin) Name() string {

6
pkg/plugin/client/https2https.go
View File

@@ -111,7 +111,9 @@ func NewHTTPS2HTTPSPlugin(params map[string]string) (Plugin, error) {
}
ln := tls.NewListener(listener, tlsConfig)
go p.s.Serve(ln)
go func() {
_ = p.s.Serve(ln)
}()
return p, nil
}
@@ -127,7 +129,7 @@ func (p *HTTPS2HTTPSPlugin) genTLSConfig() (*tls.Config, error) {
func (p *HTTPS2HTTPSPlugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, extraBufToLocal []byte) {
wrapConn := frpNet.WrapReadWriteCloserToConn(conn, realConn)
p.l.PutConn(wrapConn)
_ = p.l.PutConn(wrapConn)
}
func (p *HTTPS2HTTPSPlugin) Name() string {

9
pkg/plugin/client/socks5.go
View File

@@ -19,9 +19,9 @@ import (
"log"
"net"
frpNet "github.com/fatedier/frp/pkg/util/net"
gosocks5 "github.com/armon/go-socks5"
frpNet "github.com/fatedier/frp/pkg/util/net"
)
const PluginSocks5 = "socks5"
@@ -32,9 +32,6 @@ func init() {
type Socks5Plugin struct {
Server *gosocks5.Server
user string
passwd string
}
func NewSocks5Plugin(params map[string]string) (p Plugin, err error) {
@@ -56,7 +53,7 @@ func NewSocks5Plugin(params map[string]string) (p Plugin, err error) {
func (sp *Socks5Plugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, extraBufToLocal []byte) {
defer conn.Close()
wrapConn := frpNet.WrapReadWriteCloserToConn(conn, realConn)
sp.Server.ServeConn(wrapConn)
_ = sp.Server.ServeConn(wrapConn)
}
func (sp *Socks5Plugin) Name() string {

10
pkg/plugin/client/static_file.go
View File

@@ -19,9 +19,9 @@ import (
"net"
"net/http"
frpNet "github.com/fatedier/frp/pkg/util/net"
"github.com/gorilla/mux"
frpNet "github.com/fatedier/frp/pkg/util/net"
)
const PluginStaticFile = "static_file"
@@ -69,13 +69,15 @@ func NewStaticFilePlugin(params map[string]string) (Plugin, error) {
sp.s = &http.Server{
Handler: router,
}
go sp.s.Serve(listener)
go func() {
_ = sp.s.Serve(listener)
}()
return sp, nil
}
func (sp *StaticFilePlugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, extraBufToLocal []byte) {
wrapConn := frpNet.WrapReadWriteCloserToConn(conn, realConn)
sp.l.PutConn(wrapConn)
_ = sp.l.PutConn(wrapConn)
}
func (sp *StaticFilePlugin) Name() string {

4
pkg/plugin/client/unix_domain_socket.go
View File

@@ -57,7 +57,9 @@ func (uds *UnixDomainSocketPlugin) Handle(conn io.ReadWriteCloser, realConn net.
return
}
if len(extraBufToLocal) > 0 {
localConn.Write(extraBufToLocal)
if _, err := localConn.Write(extraBufToLocal); err != nil {
return
}
}
frpIo.Join(localConn, conn)

4
pkg/plugin/server/http.go
View File

@@ -43,12 +43,12 @@ type httpPlugin struct {
}
func NewHTTPPluginOptions(options HTTPPluginOptions) Plugin {
var url = fmt.Sprintf("%s%s", options.Addr, options.Path)
url := fmt.Sprintf("%s%s", options.Addr, options.Path)
var client *http.Client
if strings.HasPrefix(url, "https://") {
tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: options.TLSVerify == false},
TLSClientConfig: &tls.Config{InsecureSkipVerify: !options.TLSVerify},
}
client = &http.Client{Transport: tr}
} else {

3
pkg/plugin/server/manager.go
View File

@@ -154,9 +154,8 @@ func (m *Manager) CloseProxy(content *CloseProxyContent) error {
if len(errs) > 0 {
return fmt.Errorf("send CloseProxy request to plugin errors: %s", strings.Join(errs, "; "))
} else {
return nil
}
return nil
}
func (m *Manager) Ping(content *PingContent) (*PingContent, error) {

12
pkg/proto/udp/udp.go
View File

@@ -20,10 +20,10 @@ import (
"sync"
"time"
"github.com/fatedier/frp/pkg/msg"
"github.com/fatedier/golib/errors"
"github.com/fatedier/golib/pool"
"github.com/fatedier/frp/pkg/msg"
)
func NewUDPPacket(buf []byte, laddr, raddr *net.UDPAddr) *msg.UDPPacket {
@@ -47,7 +47,7 @@ func ForwardUserConn(udpConn *net.UDPConn, readCh <-chan *msg.UDPPacket, sendCh
if err != nil {
continue
}
udpConn.WriteToUDP(buf, udpMsg.RemoteAddr)
_, _ = udpConn.WriteToUDP(buf, udpMsg.RemoteAddr)
}
}()
@@ -70,9 +70,7 @@ func ForwardUserConn(udpConn *net.UDPConn, readCh <-chan *msg.UDPPacket, sendCh
}
func Forwarder(dstAddr *net.UDPAddr, readCh <-chan *msg.UDPPacket, sendCh chan<- msg.Message, bufSize int) {
var (
mu sync.RWMutex
)
var mu sync.RWMutex
udpConnMap := make(map[string]*net.UDPConn)
// read from dstAddr and write to sendCh
@@ -87,7 +85,7 @@ func Forwarder(dstAddr *net.UDPAddr, readCh <-chan *msg.UDPPacket, sendCh chan<-
buf := pool.GetBuf(bufSize)
for {
udpConn.SetReadDeadline(time.Now().Add(30 * time.Second))
_ = udpConn.SetReadDeadline(time.Now().Add(30 * time.Second))
n, _, err := udpConn.ReadFromUDP(buf)
if err != nil {
return

6
pkg/transport/tls.go
View File

@@ -19,7 +19,7 @@ func newCustomTLSKeyPair(certfile, keyfile string) (*tls.Certificate, error) {
}
func newRandomTLSKeyPair() *tls.Certificate {
key, err := rsa.GenerateKey(rand.Reader, 1024)
key, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
panic(err)
}
@@ -58,7 +58,7 @@ func newCertPool(caPath string) (*x509.CertPool, error) {
}
func NewServerTLSConfig(certPath, keyPath, caPath string) (*tls.Config, error) {
var base = &tls.Config{}
base := &tls.Config{}
if certPath == "" || keyPath == "" {
// server will generate tls conf by itself
@@ -87,7 +87,7 @@ func NewServerTLSConfig(certPath, keyPath, caPath string) (*tls.Config, error) {
}
func NewClientTLSConfig(certPath, keyPath, caPath, serverName string) (*tls.Config, error) {
var base = &tls.Config{}
base := &tls.Config{}
if certPath == "" || keyPath == "" {
// client will not generate tls conf by itself

10
pkg/util/log/log.go
View File

@@ -40,19 +40,19 @@ func SetLogFile(logWay string, logFile string, maxdays int64, disableLogColor bo
if logWay == "console" {
params := ""
if disableLogColor {
params = fmt.Sprintf(`{"color": false}`)
params = `{"color": false}`
}
Log.SetLogger("console", params)
_ = Log.SetLogger("console", params)
} else {
params := fmt.Sprintf(`{"filename": "%s", "maxdays": %d}`, logFile, maxdays)
Log.SetLogger("file", params)
_ = Log.SetLogger("file", params)
}
}
// SetLogLevel set log level, default is warning
// value: error, warning, info, debug, trace
func SetLogLevel(logLevel string) {
level := 4 // warning
var level int
switch logLevel {
case "error":
level = 3
@@ -65,7 +65,7 @@ func SetLogLevel(logLevel string) {
case "trace":
level = 8
default:
level = 4
level = 4 // warning
}
Log.SetLevel(level)
}

4
pkg/util/net/kcp.go
View File

@@ -32,8 +32,8 @@ func ListenKcp(address string) (l *KCPListener, err error) {
if err != nil {
return l, err
}
listener.SetReadBuffer(4194304)
listener.SetWriteBuffer(4194304)
_ = listener.SetReadBuffer(4194304)
_ = listener.SetWriteBuffer(4194304)
l = &KCPListener{
listener: listener,

16
pkg/util/net/tls.go
View File

@@ -23,32 +23,30 @@ import (
gnet "github.com/fatedier/golib/net"
)
var (
FRPTLSHeadByte = 0x17
)
var FRPTLSHeadByte = 0x17
func CheckAndEnableTLSServerConnWithTimeout(
c net.Conn, tlsConfig *tls.Config, tlsOnly bool, timeout time.Duration,
) (out net.Conn, isTLS bool, custom bool, err error) {
sc, r := gnet.NewSharedConnSize(c, 2)
buf := make([]byte, 1)
var n int
c.SetReadDeadline(time.Now().Add(timeout))
_ = c.SetReadDeadline(time.Now().Add(timeout))
n, err = r.Read(buf)
c.SetReadDeadline(time.Time{})
_ = c.SetReadDeadline(time.Time{})
if err != nil {
return
}
if n == 1 && int(buf[0]) == FRPTLSHeadByte {
switch {
case n == 1 && int(buf[0]) == FRPTLSHeadByte:
out = tls.Server(c, tlsConfig)
isTLS = true
custom = true
} else if n == 1 && int(buf[0]) == 0x16 {
case n == 1 && int(buf[0]) == 0x16:
out = tls.Server(sc, tlsConfig)
isTLS = true
} else {
default:
if tlsOnly {
err = fmt.Errorf("non-TLS connection received on a TlsOnly server")
return

9
pkg/util/net/udp.go
View File

@@ -55,7 +55,7 @@ func NewFakeUDPConn(l *UDPListener, laddr, raddr net.Addr) *FakeUDPConn {
for {
time.Sleep(5 * time.Second)
fc.mu.RLock()
if time.Now().Sub(fc.lastActive) > 10*time.Second {
if time.Since(fc.lastActive) > 10*time.Second {
fc.mu.RUnlock()
fc.Close()
break
@@ -68,8 +68,7 @@ func NewFakeUDPConn(l *UDPListener, laddr, raddr net.Addr) *FakeUDPConn {
func (c *FakeUDPConn) putPacket(content []byte) {
defer func() {
if err := recover(); err != nil {
}
_ = recover()
}()
select {
@@ -109,7 +108,7 @@ func (c *FakeUDPConn) Write(b []byte) (n int, err error) {
LocalAddr: c.localAddr,
RemoteAddr: c.remoteAddr,
}
c.l.writeUDPPacket(packet)
_ = c.l.writeUDPPacket(packet)
c.mu.Lock()
c.lastActive = time.Now()
@@ -208,7 +207,7 @@ func ListenUDP(bindAddr string, bindPort int) (l *UDPListener, err error) {
}
if addr, ok := packet.RemoteAddr.(*net.UDPAddr); ok {
readConn.WriteToUDP(packet.Buf, addr)
_, _ = readConn.WriteToUDP(packet.Buf, addr)
}
}
}()

11
pkg/util/net/websocket.go
View File

@@ -9,9 +9,7 @@ import (
"golang.org/x/net/websocket"
)
var (
ErrWebsocketListenerClosed = errors.New("websocket listener closed")
)
var ErrWebsocketListenerClosed = errors.New("websocket listener closed")
const (
FrpWebsocketPath = "/~!frp"
@@ -21,8 +19,7 @@ type WebsocketListener struct {
ln net.Listener
acceptCh chan net.Conn
server *http.Server
httpMutex *http.ServeMux
server *http.Server
}
// NewWebsocketListener to handle websocket connections
@@ -47,7 +44,9 @@ func NewWebsocketListener(ln net.Listener) (wl *WebsocketListener) {
Handler: muxer,
}
go wl.server.Serve(ln)
go func() {
_ = wl.server.Serve(ln)
}()
return
}

17
pkg/util/tcpmux/httpconnect.go
View File

@@ -22,9 +22,10 @@ import (
"net/http"
"time"
gnet "github.com/fatedier/golib/net"
"github.com/fatedier/frp/pkg/util/util"
"github.com/fatedier/frp/pkg/util/vhost"
gnet "github.com/fatedier/golib/net"
)
type HTTPConnectTCPMuxer struct {
@@ -66,7 +67,11 @@ func (muxer *HTTPConnectTCPMuxer) sendConnectResponse(c net.Conn, reqInfo map[st
if muxer.passthrough {
return nil
}
return util.OkResponse().Write(c)
res := util.OkResponse()
if res.Body != nil {
defer res.Body.Close()
}
return res.Write(c)
}
func (muxer *HTTPConnectTCPMuxer) getHostFromHTTPConnect(c net.Conn) (net.Conn, map[string]string, error) {
@@ -82,11 +87,15 @@ func (muxer *HTTPConnectTCPMuxer) getHostFromHTTPConnect(c net.Conn) (net.Conn,
reqInfoMap["Scheme"] = "tcp"
reqInfoMap["HTTPUser"] = httpUser
var outConn net.Conn = c
outConn := c
if muxer.passthrough {
outConn = sc
if muxer.authRequired && httpUser == "" {
util.ProxyUnauthorizedResponse().Write(c)
resp := util.ProxyUnauthorizedResponse()
if resp.Body != nil {
defer resp.Body.Close()
}
_ = resp.Write(c)
outConn = c
}
}

6
pkg/util/util/http.go
View File

@@ -60,10 +60,8 @@ func CanonicalHost(host string) (string, error) {
return "", err
}
}
if strings.HasSuffix(host, ".") {
// Strip trailing dot from fully qualified domain names.
host = host[:len(host)-1]
}
// Strip trailing dot from fully qualified domain names.
host = strings.TrimSuffix(host, ".")
return host, nil
}

9
pkg/util/util/util.go
View File

@@ -44,7 +44,7 @@ func RandIDWithLen(idLen int) (id string, err error) {
}
func GetAuthKey(token string, timestamp int64) (key string) {
token = token + fmt.Sprintf("%d", timestamp)
token += fmt.Sprintf("%d", timestamp)
md5Ctx := md5.New()
md5Ctx.Write([]byte(token))
data := md5Ctx.Sum(nil)
@@ -70,7 +70,8 @@ func ParseRangeNumbers(rangeStr string) (numbers []int64, err error) {
numArray := strings.Split(numRangeStr, "-")
// length: only 1 or 2 is correct
rangeType := len(numArray)
if rangeType == 1 {
switch rangeType {
case 1:
// single number
singleNum, errRet := strconv.ParseInt(strings.TrimSpace(numArray[0]), 10, 64)
if errRet != nil {
@@ -78,7 +79,7 @@ func ParseRangeNumbers(rangeStr string) (numbers []int64, err error) {
return
}
numbers = append(numbers, singleNum)
} else if rangeType == 2 {
case 2:
// range numbers
min, errRet := strconv.ParseInt(strings.TrimSpace(numArray[0]), 10, 64)
if errRet != nil {
@@ -97,7 +98,7 @@ func ParseRangeNumbers(rangeStr string) (numbers []int64, err error) {
for i := min; i <= max; i++ {
numbers = append(numbers, i)
}
} else {
default:
err = fmt.Errorf("range number is invalid")
return
}

2
pkg/util/version/version.go
View File

@@ -19,7 +19,7 @@ import (
"strings"
)
var version string = "0.44.0"
var version = "0.44.0"
func Full() string {
return version

38
pkg/util/vhost/http.go
View File

@@ -23,27 +23,26 @@ import (
"log"
"net"
"net/http"
"net/http/httputil"
"net/url"
"strings"
"time"
frpIo "github.com/fatedier/golib/io"
"github.com/fatedier/golib/pool"
frpLog "github.com/fatedier/frp/pkg/util/log"
"github.com/fatedier/frp/pkg/util/util"
frpIo "github.com/fatedier/golib/io"
"github.com/fatedier/golib/pool"
)
var (
ErrNoRouteFound = errors.New("no route found")
)
var ErrNoRouteFound = errors.New("no route found")
type HTTPReverseProxyOptions struct {
ResponseHeaderTimeoutS int64
}
type HTTPReverseProxy struct {
proxy *ReverseProxy
proxy *httputil.ReverseProxy
vhostRouter *Routers
responseHeaderTimeout time.Duration
@@ -57,7 +56,7 @@ func NewHTTPReverseProxy(option HTTPReverseProxyOptions, vhostRouter *Routers) *
responseHeaderTimeout: time.Duration(option.ResponseHeaderTimeoutS) * time.Second,
vhostRouter: vhostRouter,
}
proxy := &ReverseProxy{
proxy := &httputil.ReverseProxy{
// Modify incoming requests by route policies.
Director: func(req *http.Request) {
req.URL.Scheme = "http"
@@ -81,7 +80,6 @@ func NewHTTPReverseProxy(option HTTPReverseProxyOptions, vhostRouter *Routers) *
} else {
req.URL.Host = req.Host
}
},
// Create a connection to one proxy routed by route policy.
Transport: &http.Transport{
@@ -114,7 +112,7 @@ func NewHTTPReverseProxy(option HTTPReverseProxyOptions, vhostRouter *Routers) *
ErrorHandler: func(rw http.ResponseWriter, req *http.Request, err error) {
frpLog.Warn("do http proxy request [host: %s] error: %v", req.Host, err)
rw.WriteHeader(http.StatusNotFound)
rw.Write(getNotFoundPageContent())
_, _ = rw.Write(getNotFoundPageContent())
},
}
rp.proxy = proxy
@@ -257,10 +255,28 @@ func (rp *HTTPReverseProxy) connectHandler(rw http.ResponseWriter, req *http.Req
client.Close()
return
}
req.Write(remote)
_ = req.Write(remote)
go frpIo.Join(remote, client)
}
func parseBasicAuth(auth string) (username, password string, ok bool) {
const prefix = "Basic "
// Case insensitive prefix match. See Issue 22736.
if len(auth) < len(prefix) || !strings.EqualFold(auth[:len(prefix)], prefix) {
return
}
c, err := base64.StdEncoding.DecodeString(auth[len(prefix):])
if err != nil {
return
}
cs := string(c)
s := strings.IndexByte(cs, ':')
if s < 0 {
return
}
return cs[:s], cs[s+1:], true
}
func (rp *HTTPReverseProxy) injectRequestInfoToCtx(req *http.Request) *http.Request {
newctx := req.Context()
newctx = context.WithValue(newctx, RouteInfoURL, req.URL.Path)

4
pkg/util/vhost/resource.go
View File

@@ -24,9 +24,7 @@ import (
"github.com/fatedier/frp/pkg/util/version"
)
var (
NotFoundPagePath = ""
)
var NotFoundPagePath = ""
const (
NotFound = `<!DOCTYPE html>

636
pkg/util/vhost/reverseproxy.go
View File

@@ -1,636 +0,0 @@
// Copyright 2011 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// HTTP reverse proxy handler
package vhost
import (
"context"
"encoding/base64"
"fmt"
"io"
"log"
"net"
"net/http"
"net/textproto"
"net/url"
"strings"
"sync"
"time"
"golang.org/x/net/http/httpguts"
)
// ReverseProxy is an HTTP Handler that takes an incoming request and
// sends it to another server, proxying the response back to the
// client.
//
// ReverseProxy by default sets the client IP as the value of the
// X-Forwarded-For header.
//
// If an X-Forwarded-For header already exists, the client IP is
// appended to the existing values. As a special case, if the header
// exists in the Request.Header map but has a nil value (such as when
// set by the Director func), the X-Forwarded-For header is
// not modified.
//
// To prevent IP spoofing, be sure to delete any pre-existing
// X-Forwarded-For header coming from the client or
// an untrusted proxy.
type ReverseProxy struct {
// Director must be a function which modifies
// the request into a new request to be sent
// using Transport. Its response is then copied
// back to the original client unmodified.
// Director must not access the provided Request
// after returning.
Director func(*http.Request)
// The transport used to perform proxy requests.
// If nil, http.DefaultTransport is used.
Transport http.RoundTripper
// FlushInterval specifies the flush interval
// to flush to the client while copying the
// response body.
// If zero, no periodic flushing is done.
// A negative value means to flush immediately
// after each write to the client.
// The FlushInterval is ignored when ReverseProxy
// recognizes a response as a streaming response, or
// if its ContentLength is -1; for such responses, writes
// are flushed to the client immediately.
FlushInterval time.Duration
// ErrorLog specifies an optional logger for errors
// that occur when attempting to proxy the request.
// If nil, logging is done via the log package's standard logger.
ErrorLog *log.Logger
// BufferPool optionally specifies a buffer pool to
// get byte slices for use by io.CopyBuffer when
// copying HTTP response bodies.
BufferPool BufferPool
// ModifyResponse is an optional function that modifies the
// Response from the backend. It is called if the backend
// returns a response at all, with any HTTP status code.
// If the backend is unreachable, the optional ErrorHandler is
// called without any call to ModifyResponse.
//
// If ModifyResponse returns an error, ErrorHandler is called
// with its error value. If ErrorHandler is nil, its default
// implementation is used.
ModifyResponse func(*http.Response) error
// ErrorHandler is an optional function that handles errors
// reaching the backend or errors from ModifyResponse.
//
// If nil, the default is to log the provided error and return
// a 502 Status Bad Gateway response.
ErrorHandler func(http.ResponseWriter, *http.Request, error)
}
// A BufferPool is an interface for getting and returning temporary
// byte slices for use by io.CopyBuffer.
type BufferPool interface {
Get() []byte
Put([]byte)
}
func singleJoiningSlash(a, b string) string {
aslash := strings.HasSuffix(a, "/")
bslash := strings.HasPrefix(b, "/")
switch {
case aslash && bslash:
return a + b[1:]
case !aslash && !bslash:
return a + "/" + b
}
return a + b
}
func joinURLPath(a, b *url.URL) (path, rawpath string) {
if a.RawPath == "" && b.RawPath == "" {
return singleJoiningSlash(a.Path, b.Path), ""
}
// Same as singleJoiningSlash, but uses EscapedPath to determine
// whether a slash should be added
apath := a.EscapedPath()
bpath := b.EscapedPath()
aslash := strings.HasSuffix(apath, "/")
bslash := strings.HasPrefix(bpath, "/")
switch {
case aslash && bslash:
return a.Path + b.Path[1:], apath + bpath[1:]
case !aslash && !bslash:
return a.Path + "/" + b.Path, apath + "/" + bpath
}
return a.Path + b.Path, apath + bpath
}
// NewSingleHostReverseProxy returns a new ReverseProxy that routes
// URLs to the scheme, host, and base path provided in target. If the
// target's path is "/base" and the incoming request was for "/dir",
// the target request will be for /base/dir.
// NewSingleHostReverseProxy does not rewrite the Host header.
// To rewrite Host headers, use ReverseProxy directly with a custom
// Director policy.
func NewSingleHostReverseProxy(target *url.URL) *ReverseProxy {
targetQuery := target.RawQuery
director := func(req *http.Request) {
req.URL.Scheme = target.Scheme
req.URL.Host = target.Host
req.URL.Path, req.URL.RawPath = joinURLPath(target, req.URL)
if targetQuery == "" || req.URL.RawQuery == "" {
req.URL.RawQuery = targetQuery + req.URL.RawQuery
} else {
req.URL.RawQuery = targetQuery + "&" + req.URL.RawQuery
}
if _, ok := req.Header["User-Agent"]; !ok {
// explicitly disable User-Agent so it's not set to default value
req.Header.Set("User-Agent", "")
}
}
return &ReverseProxy{Director: director}
}
func copyHeader(dst, src http.Header) {
for k, vv := range src {
for _, v := range vv {
dst.Add(k, v)
}
}
}
// Hop-by-hop headers. These are removed when sent to the backend.
// As of RFC 7230, hop-by-hop headers are required to appear in the
// Connection header field. These are the headers defined by the
// obsoleted RFC 2616 (section 13.5.1) and are used for backward
// compatibility.
var hopHeaders = []string{
"Connection",
"Proxy-Connection", // non-standard but still sent by libcurl and rejected by e.g. google
"Keep-Alive",
"Proxy-Authenticate",
"Proxy-Authorization",
"Te", // canonicalized version of "TE"
"Trailer", // not Trailers per URL above; https://www.rfc-editor.org/errata_search.php?eid=4522
"Transfer-Encoding",
"Upgrade",
}
func (p *ReverseProxy) defaultErrorHandler(rw http.ResponseWriter, req *http.Request, err error) {
p.logf("http: proxy error: %v", err)
rw.WriteHeader(http.StatusBadGateway)
}
func (p *ReverseProxy) getErrorHandler() func(http.ResponseWriter, *http.Request, error) {
if p.ErrorHandler != nil {
return p.ErrorHandler
}
return p.defaultErrorHandler
}
// modifyResponse conditionally runs the optional ModifyResponse hook
// and reports whether the request should proceed.
func (p *ReverseProxy) modifyResponse(rw http.ResponseWriter, res *http.Response, req *http.Request) bool {
if p.ModifyResponse == nil {
return true
}
if err := p.ModifyResponse(res); err != nil {
res.Body.Close()
p.getErrorHandler()(rw, req, err)
return false
}
return true
}
func parseBasicAuth(auth string) (username, password string, ok bool) {
const prefix = "Basic "
// Case insensitive prefix match. See Issue 22736.
if len(auth) < len(prefix) || !strings.EqualFold(auth[:len(prefix)], prefix) {
return
}
c, err := base64.StdEncoding.DecodeString(auth[len(prefix):])
if err != nil {
return
}
cs := string(c)
s := strings.IndexByte(cs, ':')
if s < 0 {
return
}
return cs[:s], cs[s+1:], true
}
func (p *ReverseProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
transport := p.Transport
if transport == nil {
transport = http.DefaultTransport
}
ctx := req.Context()
if cn, ok := rw.(http.CloseNotifier); ok {
var cancel context.CancelFunc
ctx, cancel = context.WithCancel(ctx)
defer cancel()
notifyChan := cn.CloseNotify()
go func() {
select {
case <-notifyChan:
cancel()
case <-ctx.Done():
}
}()
}
outreq := req.Clone(ctx)
if req.ContentLength == 0 {
outreq.Body = nil // Issue 16036: nil Body for http.Transport retries
}
if outreq.Header == nil {
outreq.Header = make(http.Header) // Issue 33142: historical behavior was to always allocate
}
p.Director(outreq)
outreq.Close = false
reqUpType := upgradeType(outreq.Header)
removeConnectionHeaders(outreq.Header)
// Remove hop-by-hop headers to the backend. Especially
// important is "Connection" because we want a persistent
// connection, regardless of what the client sent to us.
for _, h := range hopHeaders {
hv := outreq.Header.Get(h)
if hv == "" {
continue
}
if h == "Te" && hv == "trailers" {
// Issue 21096: tell backend applications that
// care about trailer support that we support
// trailers. (We do, but we don't go out of
// our way to advertise that unless the
// incoming client request thought it was
// worth mentioning)
continue
}
outreq.Header.Del(h)
}
// After stripping all the hop-by-hop connection headers above, add back any
// necessary for protocol upgrades, such as for websockets.
if reqUpType != "" {
outreq.Header.Set("Connection", "Upgrade")
outreq.Header.Set("Upgrade", reqUpType)
}
if clientIP, _, err := net.SplitHostPort(req.RemoteAddr); err == nil {
// If we aren't the first proxy retain prior
// X-Forwarded-For information as a comma+space
// separated list and fold multiple headers into one.
prior, ok := outreq.Header["X-Forwarded-For"]
omit := ok && prior == nil // Issue 38079: nil now means don't populate the header
if len(prior) > 0 {
clientIP = strings.Join(prior, ", ") + ", " + clientIP
}
if !omit {
outreq.Header.Set("X-Forwarded-For", clientIP)
}
}
res, err := transport.RoundTrip(outreq)
if err != nil {
p.getErrorHandler()(rw, outreq, err)
return
}
// Deal with 101 Switching Protocols responses: (WebSocket, h2c, etc)
if res.StatusCode == http.StatusSwitchingProtocols {
if !p.modifyResponse(rw, res, outreq) {
return
}
p.handleUpgradeResponse(rw, outreq, res)
return
}
removeConnectionHeaders(res.Header)
for _, h := range hopHeaders {
res.Header.Del(h)
}
if !p.modifyResponse(rw, res, outreq) {
return
}
copyHeader(rw.Header(), res.Header)
// The "Trailer" header isn't included in the Transport's response,
// at least for *http.Transport. Build it up from Trailer.
announcedTrailers := len(res.Trailer)
if announcedTrailers > 0 {
trailerKeys := make([]string, 0, len(res.Trailer))
for k := range res.Trailer {
trailerKeys = append(trailerKeys, k)
}
rw.Header().Add("Trailer", strings.Join(trailerKeys, ", "))
}
rw.WriteHeader(res.StatusCode)
err = p.copyResponse(rw, res.Body, p.flushInterval(res))
if err != nil {
defer res.Body.Close()
// Since we're streaming the response, if we run into an error all we can do
// is abort the request. Issue 23643: ReverseProxy should use ErrAbortHandler
// on read error while copying body.
if !shouldPanicOnCopyError(req) {
p.logf("suppressing panic for copyResponse error in test; copy error: %v", err)
return
}
panic(http.ErrAbortHandler)
}
res.Body.Close() // close now, instead of defer, to populate res.Trailer
if len(res.Trailer) > 0 {
// Force chunking if we saw a response trailer.
// This prevents net/http from calculating the length for short
// bodies and adding a Content-Length.
if fl, ok := rw.(http.Flusher); ok {
fl.Flush()
}
}
if len(res.Trailer) == announcedTrailers {
copyHeader(rw.Header(), res.Trailer)
return
}
for k, vv := range res.Trailer {
k = http.TrailerPrefix + k
for _, v := range vv {
rw.Header().Add(k, v)
}
}
}
var inOurTests bool // whether we're in our own tests
// shouldPanicOnCopyError reports whether the reverse proxy should
// panic with http.ErrAbortHandler. This is the right thing to do by
// default, but Go 1.10 and earlier did not, so existing unit tests
// weren't expecting panics. Only panic in our own tests, or when
// running under the HTTP server.
func shouldPanicOnCopyError(req *http.Request) bool {
if inOurTests {
// Our tests know to handle this panic.
return true
}
if req.Context().Value(http.ServerContextKey) != nil {
// We seem to be running under an HTTP server, so
// it'll recover the panic.
return true
}
// Otherwise act like Go 1.10 and earlier to not break
// existing tests.
return false
}
// removeConnectionHeaders removes hop-by-hop headers listed in the "Connection" header of h.
// See RFC 7230, section 6.1
func removeConnectionHeaders(h http.Header) {
for _, f := range h["Connection"] {
for _, sf := range strings.Split(f, ",") {
if sf = textproto.TrimString(sf); sf != "" {
h.Del(sf)
}
}
}
}
// flushInterval returns the p.FlushInterval value, conditionally
// overriding its value for a specific request/response.
func (p *ReverseProxy) flushInterval(res *http.Response) time.Duration {
resCT := res.Header.Get("Content-Type")
// For Server-Sent Events responses, flush immediately.
// The MIME type is defined in https://www.w3.org/TR/eventsource/#text-event-stream
if resCT == "text/event-stream" {
return -1 // negative means immediately
}
// We might have the case of streaming for which Content-Length might be unset.
if res.ContentLength == -1 {
return -1
}
return p.FlushInterval
}
func (p *ReverseProxy) copyResponse(dst io.Writer, src io.Reader, flushInterval time.Duration) error {
if flushInterval != 0 {
if wf, ok := dst.(writeFlusher); ok {
mlw := &maxLatencyWriter{
dst: wf,
latency: flushInterval,
}
defer mlw.stop()
// set up initial timer so headers get flushed even if body writes are delayed
mlw.flushPending = true
mlw.t = time.AfterFunc(flushInterval, mlw.delayedFlush)
dst = mlw
}
}
var buf []byte
if p.BufferPool != nil {
buf = p.BufferPool.Get()
defer p.BufferPool.Put(buf)
}
_, err := p.copyBuffer(dst, src, buf)
return err
}
// copyBuffer returns any write errors or non-EOF read errors, and the amount
// of bytes written.
func (p *ReverseProxy) copyBuffer(dst io.Writer, src io.Reader, buf []byte) (int64, error) {
if len(buf) == 0 {
buf = make([]byte, 32*1024)
}
var written int64
for {
nr, rerr := src.Read(buf)
if rerr != nil && rerr != io.EOF && rerr != context.Canceled {
p.logf("httputil: ReverseProxy read error during body copy: %v", rerr)
}
if nr > 0 {
nw, werr := dst.Write(buf[:nr])
if nw > 0 {
written += int64(nw)
}
if werr != nil {
return written, werr
}
if nr != nw {
return written, io.ErrShortWrite
}
}
if rerr != nil {
if rerr == io.EOF {
rerr = nil
}
return written, rerr
}
}
}
func (p *ReverseProxy) logf(format string, args ...interface{}) {
if p.ErrorLog != nil {
p.ErrorLog.Printf(format, args...)
} else {
log.Printf(format, args...)
}
}
type writeFlusher interface {
io.Writer
http.Flusher
}
type maxLatencyWriter struct {
dst writeFlusher
latency time.Duration // non-zero; negative means to flush immediately
mu sync.Mutex // protects t, flushPending, and dst.Flush
t *time.Timer
flushPending bool
}
func (m *maxLatencyWriter) Write(p []byte) (n int, err error) {
m.mu.Lock()
defer m.mu.Unlock()
n, err = m.dst.Write(p)
if m.latency < 0 {
m.dst.Flush()
return
}
if m.flushPending {
return
}
if m.t == nil {
m.t = time.AfterFunc(m.latency, m.delayedFlush)
} else {
m.t.Reset(m.latency)
}
m.flushPending = true
return
}
func (m *maxLatencyWriter) delayedFlush() {
m.mu.Lock()
defer m.mu.Unlock()
if !m.flushPending { // if stop was called but AfterFunc already started this goroutine
return
}
m.dst.Flush()
m.flushPending = false
}
func (m *maxLatencyWriter) stop() {
m.mu.Lock()
defer m.mu.Unlock()
m.flushPending = false
if m.t != nil {
m.t.Stop()
}
}
func upgradeType(h http.Header) string {
if !httpguts.HeaderValuesContainsToken(h["Connection"], "Upgrade") {
return ""
}
return strings.ToLower(h.Get("Upgrade"))
}
func (p *ReverseProxy) handleUpgradeResponse(rw http.ResponseWriter, req *http.Request, res *http.Response) {
reqUpType := upgradeType(req.Header)
resUpType := upgradeType(res.Header)
if reqUpType != resUpType {
p.getErrorHandler()(rw, req, fmt.Errorf("backend tried to switch protocol %q when %q was requested", resUpType, reqUpType))
return
}
hj, ok := rw.(http.Hijacker)
if !ok {
p.getErrorHandler()(rw, req, fmt.Errorf("can't switch protocols using non-Hijacker ResponseWriter type %T", rw))
return
}
backConn, ok := res.Body.(io.ReadWriteCloser)
if !ok {
p.getErrorHandler()(rw, req, fmt.Errorf("internal error: 101 switching protocols response with non-writable body"))
return
}
backConnCloseCh := make(chan bool)
go func() {
// Ensure that the cancelation of a request closes the backend.
// See issue https://golang.org/issue/35559.
select {
case <-req.Context().Done():
case <-backConnCloseCh:
}
backConn.Close()
}()
defer close(backConnCloseCh)
conn, brw, err := hj.Hijack()
if err != nil {
p.getErrorHandler()(rw, req, fmt.Errorf("Hijack failed on protocol switch: %v", err))
return
}
defer conn.Close()
copyHeader(rw.Header(), res.Header)
res.Header = rw.Header()
res.Body = nil // so res.Write only writes the headers; we have res.Body in backConn above
if err := res.Write(brw); err != nil {
p.getErrorHandler()(rw, req, fmt.Errorf("response write: %v", err))
return
}
if err := brw.Flush(); err != nil {
p.getErrorHandler()(rw, req, fmt.Errorf("response flush: %v", err))
return
}
errc := make(chan error, 1)
spc := switchProtocolCopier{user: conn, backend: backConn}
go spc.copyToBackend(errc)
go spc.copyFromBackend(errc)
<-errc
return
}
// switchProtocolCopier exists so goroutines proxying data back and
// forth have nice names in stacks.
type switchProtocolCopier struct {
user, backend io.ReadWriter
}
func (c switchProtocolCopier) copyFromBackend(errc chan<- error) {
_, err := io.Copy(c.user, c.backend)
errc <- err
}
func (c switchProtocolCopier) copyToBackend(errc chan<- error) {
_, err := io.Copy(c.backend, c.user)
errc <- err
}

6
pkg/util/vhost/router.go
View File

@@ -7,9 +7,7 @@ import (
"sync"
)
var (
ErrRouterConfigConflict = errors.New("router config conflict")
)
var ErrRouterConfigConflict = errors.New("router config conflict")
type routerByHTTPUser map[string][]*Router
@@ -133,9 +131,11 @@ type ByLocation []*Router
func (a ByLocation) Len() int {
return len(a)
}
func (a ByLocation) Swap(i, j int) {
a[i], a[j] = a[j], a[i]
}
func (a ByLocation) Less(i, j int) bool {
return strings.Compare(a[i].location, a[j].location) < 0
}

42
pkg/util/vhost/vhost.go
View File

@@ -19,11 +19,11 @@ import (
"strings"
"time"
"github.com/fatedier/golib/errors"
"github.com/fatedier/frp/pkg/util/log"
frpNet "github.com/fatedier/frp/pkg/util/net"
"github.com/fatedier/frp/pkg/util/xlog"
"github.com/fatedier/golib/errors"
)
type RouteInfo string
@@ -36,10 +36,12 @@ const (
RouteInfoURLHost RouteInfo = "urlHost"
)
type muxFunc func(net.Conn) (net.Conn, map[string]string, error)
type httpAuthFunc func(net.Conn, string, string, string) (bool, error)
type hostRewriteFunc func(net.Conn, string) (net.Conn, error)
type successFunc func(net.Conn, map[string]string) error
type (
muxFunc func(net.Conn) (net.Conn, map[string]string, error)
httpAuthFunc func(net.Conn, string, string, string) (bool, error)
hostRewriteFunc func(net.Conn, string) (net.Conn, error)
successFunc func(net.Conn, map[string]string) error
)
// Muxer is only used for https and tcpmux proxy.
type Muxer struct {
@@ -60,7 +62,6 @@ func NewMuxer(
rewriteFunc hostRewriteFunc,
timeout time.Duration,
) (mux *Muxer, err error) {
mux = &Muxer{
listener: listener,
timeout: timeout,
@@ -111,9 +112,8 @@ func (v *Muxer) Listen(ctx context.Context, cfg *RouteConfig) (l *Listener, err
}
func (v *Muxer) getListener(name, path, httpUser string) (*Listener, bool) {
findRouter := func(inName, inPath, inHTTPUser string) (*Listener, bool) {
vr, ok := v.registryRouter.Get(inName, inPath, httpUser)
vr, ok := v.registryRouter.Get(inName, inPath, inHTTPUser)
if ok {
return vr.payload.(*Listener), true
}
@@ -167,14 +167,14 @@ func (v *Muxer) run() {
func (v *Muxer) handle(c net.Conn) {
if err := c.SetDeadline(time.Now().Add(v.timeout)); err != nil {
c.Close()
_ = c.Close()
return
}
sConn, reqInfoMap, err := v.vhostFunc(c)
if err != nil {
log.Debug("get hostname from http/https request error: %v", err)
c.Close()
_ = c.Close()
return
}
@@ -184,9 +184,12 @@ func (v *Muxer) handle(c net.Conn) {
l, ok := v.getListener(name, path, httpUser)
if !ok {
res := notFoundResponse()
res.Write(c)
if res.Body != nil {
defer res.Body.Close()
}
_ = res.Write(c)
log.Debug("http request for host [%s] path [%s] httpUser [%s] not found", name, path, httpUser)
c.Close()
_ = c.Close()
return
}
@@ -194,7 +197,7 @@ func (v *Muxer) handle(c net.Conn) {
if v.successFunc != nil {
if err := v.successFunc(c, reqInfoMap); err != nil {
xl.Info("success func failure on vhost connection: %v", err)
c.Close()
_ = c.Close()
return
}
}
@@ -203,17 +206,20 @@ func (v *Muxer) handle(c net.Conn) {
// then verify user access
if l.mux.authFunc != nil && l.userName != "" && l.passWord != "" {
bAccess, err := l.mux.authFunc(c, l.userName, l.passWord, reqInfoMap["Authorization"])
if bAccess == false || err != nil {
if !bAccess || err != nil {
xl.Debug("check http Authorization failed")
res := noAuthResponse()
res.Write(c)
c.Close()
if res.Body != nil {
defer res.Body.Close()
}
_ = res.Write(c)
_ = c.Close()
return
}
}
if err = sConn.SetDeadline(time.Time{}); err != nil {
c.Close()
_ = c.Close()
return
}
c = sConn