stcp, xtcp, sudp: support allow_users and specified server user (#3472)

2025-07-27 15:45:39 +00:00 · 2023-06-02 16:06:29 +08:00
parent cceab7e1b1
commit de85c9455a
17 changed files with 355 additions and 176 deletions
--- a/test/e2e/basic/basic.go
+++ b/test/e2e/basic/basic.go
@@ -282,8 +282,9 @@ var _ = ginkgo.Describe("[Feature: Basic]", func() {
 			proxyType := t
 			ginkgo.It(fmt.Sprintf("Expose echo server with %s", strings.ToUpper(proxyType)), func() {
 				serverConf := consts.DefaultServerConfig
-				clientServerConf := consts.DefaultClientConfig
-				clientVisitorConf := consts.DefaultClientConfig
+				clientServerConf := consts.DefaultClientConfig + "\nuser = user1"
+				clientVisitorConf := consts.DefaultClientConfig + "\nuser = user1"
+				clientUser2VisitorConf := consts.DefaultClientConfig + "\nuser = user2"

 				localPortName := ""
 				protocol := "tcp"
@@ -312,7 +313,7 @@ var _ = ginkgo.Describe("[Feature: Basic]", func() {
 				`+extra, proxyName, proxyType, correctSK, localPortName)
 				}
 				getProxyVisitorConf := func(proxyName string, portName, visitorSK, extra string) string {
-					return fmt.Sprintf(`
+					out := fmt.Sprintf(`
 				[%s]
 				type = %s
 				role = visitor
@@ -320,14 +321,22 @@ var _ = ginkgo.Describe("[Feature: Basic]", func() {
 				sk = %s
 				bind_port = {{ .%s }}
 				`+extra, proxyName, proxyType, proxyName, visitorSK, portName)
+					if proxyType == "xtcp" {
+						// Set keep_tunnel_open to reduce testing time.
+						out += "\nkeep_tunnel_open = true"
+					}
+					return out
 				}

 				tests := []struct {
-					proxyName    string
-					bindPortName string
-					visitorSK    string
-					extraConfig  string
-					expectError  bool
+					proxyName          string
+					bindPortName       string
+					visitorSK          string
+					commonExtraConfig  string
+					proxyExtraConfig   string
+					visitorExtraConfig string
+					expectError        bool
+					user2              bool
 				}{
 					{
 						proxyName:    "normal",
@@ -335,22 +344,22 @@ var _ = ginkgo.Describe("[Feature: Basic]", func() {
 						visitorSK:    correctSK,
 					},
 					{
-						proxyName:    "with-encryption",
-						bindPortName: port.GenName("WithEncryption"),
-						visitorSK:    correctSK,
-						extraConfig:  "use_encryption = true",
+						proxyName:         "with-encryption",
+						bindPortName:      port.GenName("WithEncryption"),
+						visitorSK:         correctSK,
+						commonExtraConfig: "use_encryption = true",
 					},
 					{
-						proxyName:    "with-compression",
-						bindPortName: port.GenName("WithCompression"),
-						visitorSK:    correctSK,
-						extraConfig:  "use_compression = true",
+						proxyName:         "with-compression",
+						bindPortName:      port.GenName("WithCompression"),
+						visitorSK:         correctSK,
+						commonExtraConfig: "use_compression = true",
 					},
 					{
 						proxyName:    "with-encryption-and-compression",
 						bindPortName: port.GenName("WithEncryptionAndCompression"),
 						visitorSK:    correctSK,
-						extraConfig: `
+						commonExtraConfig: `
 						use_encryption = true
 						use_compression = true
 						`,
@@ -361,22 +370,53 @@ var _ = ginkgo.Describe("[Feature: Basic]", func() {
 						visitorSK:    wrongSK,
 						expectError:  true,
 					},
+					{
+						proxyName:          "allowed-user",
+						bindPortName:       port.GenName("AllowedUser"),
+						visitorSK:          correctSK,
+						proxyExtraConfig:   "allow_users = another, user2",
+						visitorExtraConfig: "server_user = user1",
+						user2:              true,
+					},
+					{
+						proxyName:          "not-allowed-user",
+						bindPortName:       port.GenName("NotAllowedUser"),
+						visitorSK:          correctSK,
+						proxyExtraConfig:   "allow_users = invalid",
+						visitorExtraConfig: "server_user = user1",
+						expectError:        true,
+					},
+					{
+						proxyName:          "allow-all",
+						bindPortName:       port.GenName("AllowAll"),
+						visitorSK:          correctSK,
+						proxyExtraConfig:   "allow_users = *",
+						visitorExtraConfig: "server_user = user1",
+						user2:              true,
+					},
 				}

 				// build all client config
 				for _, test := range tests {
-					clientServerConf += getProxyServerConf(test.proxyName, test.extraConfig) + "\n"
+					clientServerConf += getProxyServerConf(test.proxyName, test.commonExtraConfig+"\n"+test.proxyExtraConfig) + "\n"
 				}
 				for _, test := range tests {
-					clientVisitorConf += getProxyVisitorConf(test.proxyName, test.bindPortName, test.visitorSK, test.extraConfig) + "\n"
+					config := getProxyVisitorConf(
+						test.proxyName, test.bindPortName, test.visitorSK, test.commonExtraConfig+"\n"+test.visitorExtraConfig,
+					) + "\n"
+					if test.user2 {
+						clientUser2VisitorConf += config
+					} else {
+						clientVisitorConf += config
+					}
 				}
 				// run frps and frpc
-				f.RunProcesses([]string{serverConf}, []string{clientServerConf, clientVisitorConf})
+				f.RunProcesses([]string{serverConf}, []string{clientServerConf, clientVisitorConf, clientUser2VisitorConf})

 				for _, test := range tests {
 					framework.NewRequestExpect(f).
 						RequestModify(func(r *request.Request) {
-							r.Timeout(10 * time.Second)
+							r.Timeout(3 * time.Second)
 						}).
 						Protocol(protocol).
 						PortName(test.bindPortName).
--- a/test/e2e/framework/process.go
+++ b/test/e2e/framework/process.go
@@ -56,7 +56,7 @@ func (f *Framework) RunProcesses(serverTemplates []string, clientTemplates []str
 		ExpectNoError(err)
 		time.Sleep(500 * time.Millisecond)
 	}
-	time.Sleep(2 * time.Second)
+	time.Sleep(3 * time.Second)

 	return currentServerProcesses, currentClientProcesses
 }