mirror of
https://github.com/fatedier/frp.git
synced 2025-07-29 09:18:11 +00:00
Compare commits
77 Commits
c260a42e1f
...
v0.61.0
| Author | SHA1 | Date | |
|---|---|---|---|
|
4bbec09d57 | ||
|
|
f7a06cbe61 | ||
|
|
3a08c2aeb0 | ||
|
b14192a8d3 | ||
|
2466e65f43 | ||
|
|
2855ac71e3 | ||
|
fe4ca1b54e | ||
|
edd7cf8967 | ||
|
|
ccfe8c97f4 | ||
|
03c8d7bf96 | ||
|
|
2dcdb24cc4 | ||
|
|
d47e138bc9 | ||
|
|
f1fb2d721a | ||
|
|
243ca994e0 | ||
|
|
e649692217 | ||
|
|
4e8e9e1dec | ||
|
|
8f23733f47 | ||
|
|
5a6d9f60c2 | ||
|
|
a5b7abfc8b | ||
|
|
1e650ea9a7 | ||
|
|
d689f0fc53 | ||
|
|
d505ecb473 | ||
|
|
2b83436a97 | ||
|
|
051299ec25 | ||
|
|
44985f574d | ||
|
|
c9ca9353cf | ||
|
|
31fa3f021a | ||
|
|
2d3af8a108 | ||
|
|
466d69eae0 | ||
|
|
7c8cbeb250 | ||
|
|
4fd6301577 | ||
|
|
53626b370c | ||
|
|
4fd800bc48 | ||
|
|
0d6d968fe8 | ||
|
|
8fb99ef7a9 | ||
|
|
88e74ff24d | ||
|
|
534dc99d55 | ||
|
|
595aba5a9b | ||
|
|
a4189ba474 | ||
|
|
9ec84f8143 | ||
|
|
8ab474cc97 | ||
|
|
a301046f3d | ||
|
|
8888610d83 | ||
|
|
fe5fb0326b | ||
|
|
eb1e19a821 | ||
|
|
10f2620131 | ||
|
|
ce677820c6 | ||
|
|
88fcc079e8 | ||
|
|
2dab5d0bca | ||
|
|
143750901e | ||
|
|
997d406ec2 | ||
|
|
cfd1a3128a | ||
|
|
57577ea044 | ||
|
|
c5c79e4148 | ||
|
|
55da58eca4 | ||
|
|
76a1efccd9 | ||
|
|
980f084ad1 | ||
|
|
3bf1eb8565 | ||
|
|
b2ae433e18 | ||
|
|
aa0a41ee4e | ||
|
|
1ea1530b36 | ||
|
|
e0c45a1aca | ||
|
|
813c45f5c2 | ||
|
|
aa74dc4646 | ||
|
|
2406ecdfea | ||
|
|
8668fef136 | ||
|
|
ea62bc5a34 | ||
|
|
23bb76397a | ||
|
|
487c8d7c29 | ||
|
|
f480160e2d | ||
|
|
30c246c488 | ||
|
|
75f3bce04d | ||
|
|
adc3adc13b | ||
|
|
e62d9a5242 | ||
|
|
134a46c00b | ||
|
|
ae08811636 | ||
|
|
6451583e60 |
2
.github/FUNDING.yml
vendored
2
.github/FUNDING.yml
vendored
@@ -1,4 +1,4 @@
|
||||
# These are supported funding model platforms
|
||||
|
||||
github: [fatedier]
|
||||
custom: ["https://afdian.net/a/fatedier"]
|
||||
custom: ["https://afdian.com/a/fatedier"]
|
||||
|
||||
4
.github/workflows/golangci-lint.yml
vendored
4
.github/workflows/golangci-lint.yml
vendored
@@ -17,13 +17,13 @@ jobs:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/setup-go@v5
|
||||
with:
|
||||
go-version: '1.22'
|
||||
go-version: '1.23'
|
||||
cache: false
|
||||
- name: golangci-lint
|
||||
uses: golangci/golangci-lint-action@v4
|
||||
with:
|
||||
# Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
|
||||
version: v1.57
|
||||
version: v1.61
|
||||
|
||||
# Optional: golangci-lint command line arguments.
|
||||
# args: --issues-exit-code=0
|
||||
|
||||
2
.github/workflows/goreleaser.yml
vendored
2
.github/workflows/goreleaser.yml
vendored
@@ -15,7 +15,7 @@ jobs:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v5
|
||||
with:
|
||||
go-version: '1.22'
|
||||
go-version: '1.23'
|
||||
|
||||
- name: Make All
|
||||
run: |
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
service:
|
||||
golangci-lint-version: 1.57.x # use the fixed version to not introduce new linters unexpectedly
|
||||
golangci-lint-version: 1.61.x # use the fixed version to not introduce new linters unexpectedly
|
||||
|
||||
run:
|
||||
concurrency: 4
|
||||
@@ -14,7 +14,7 @@ linters:
|
||||
enable:
|
||||
- unused
|
||||
- errcheck
|
||||
- exportloopref
|
||||
- copyloopvar
|
||||
- gocritic
|
||||
- gofumpt
|
||||
- goimports
|
||||
@@ -90,6 +90,7 @@ linters-settings:
|
||||
- G402
|
||||
- G404
|
||||
- G501
|
||||
- G115 # integer overflow conversion
|
||||
|
||||
issues:
|
||||
# List of regexps of issue texts to exclude, empty list by default.
|
||||
|
||||
@@ -2,7 +2,7 @@ export PATH := $(PATH):`go env GOPATH`/bin
|
||||
export GO111MODULE=on
|
||||
LDFLAGS := -s -w
|
||||
|
||||
os-archs=darwin:amd64 darwin:arm64 freebsd:amd64 linux:amd64 linux:arm:7 linux:arm:5 linux:arm64 windows:amd64 windows:arm64 linux:mips64 linux:mips64le linux:mips:softfloat linux:mipsle:softfloat linux:riscv64 android:arm64
|
||||
os-archs=darwin:amd64 darwin:arm64 freebsd:amd64 linux:amd64 linux:arm:7 linux:arm:5 linux:arm64 windows:amd64 windows:arm64 linux:mips64 linux:mips64le linux:mips:softfloat linux:mipsle:softfloat linux:riscv64 linux:loong64 android:arm64
|
||||
|
||||
all: build
|
||||
|
||||
|
||||
@@ -95,7 +95,7 @@ frp 是一个免费且开源的项目,我们欢迎任何人为其开发和进
|
||||
|
||||
您可以通过 [GitHub Sponsors](https://github.com/sponsors/fatedier) 赞助我们。
|
||||
|
||||
国内用户可以通过 [爱发电](https://afdian.net/a/fatedier) 赞助我们。
|
||||
国内用户可以通过 [爱发电](https://afdian.com/a/fatedier) 赞助我们。
|
||||
|
||||
企业赞助者可以将贵公司的 Logo 以及链接放置在项目 README 文件中。
|
||||
|
||||
|
||||
@@ -1,8 +1,4 @@
|
||||
### Features
|
||||
|
||||
* Added a new plugin `tls2raw`: Enables TLS termination and forwarding of decrypted raw traffic to local service.
|
||||
* Added a default timeout of 30 seconds for the frpc subcommands to prevent commands from being stuck for a long time due to network issues.
|
||||
|
||||
### Fixes
|
||||
|
||||
* Fixed the issue that when `loginFailExit = false`, the frpc stop command cannot be stopped correctly if the server is not successfully connected after startup.
|
||||
* The frpc visitor command-line parameter adds the `--server-user` option to specify the username of the server-side proxy to connect to.
|
||||
* Support multiple frpc instances with different subjects when using oidc authentication.
|
||||
|
||||
@@ -230,7 +230,7 @@ func (ctl *Control) registerMsgHandlers() {
|
||||
ctl.msgDispatcher.RegisterHandler(&msg.Pong{}, ctl.handlePong)
|
||||
}
|
||||
|
||||
// headerWorker sends heartbeat to server and check heartbeat timeout.
|
||||
// heartbeatWorker sends heartbeat to server and check heartbeat timeout.
|
||||
func (ctl *Control) heartbeatWorker() {
|
||||
xl := ctl.xl
|
||||
|
||||
|
||||
@@ -137,7 +137,7 @@ func (pw *Wrapper) SetRunningStatus(remoteAddr string, respErr string) error {
|
||||
pw.Phase = ProxyPhaseStartErr
|
||||
pw.Err = respErr
|
||||
pw.lastStartErr = time.Now()
|
||||
return fmt.Errorf(pw.Err)
|
||||
return fmt.Errorf("%s", pw.Err)
|
||||
}
|
||||
|
||||
if err := pw.pxy.Run(); err != nil {
|
||||
|
||||
@@ -327,7 +327,7 @@ requestHeaders.set.x-from-where = "frp"
|
||||
|
||||
[[proxies]]
|
||||
name = "plugin_tls2raw"
|
||||
type = "https"
|
||||
type = "tcp"
|
||||
remotePort = 6008
|
||||
[proxies.plugin]
|
||||
type = "tls2raw"
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
FROM golang:1.22 AS building
|
||||
FROM golang:1.23 AS building
|
||||
|
||||
COPY . /building
|
||||
WORKDIR /building
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
FROM golang:1.22 AS building
|
||||
FROM golang:1.23 AS building
|
||||
|
||||
COPY . /building
|
||||
WORKDIR /building
|
||||
|
||||
7
go.mod
7
go.mod
@@ -23,7 +23,7 @@ require (
|
||||
github.com/spf13/pflag v1.0.5
|
||||
github.com/stretchr/testify v1.9.0
|
||||
github.com/tidwall/gjson v1.17.1
|
||||
github.com/xtaci/kcp-go/v5 v5.6.8
|
||||
github.com/xtaci/kcp-go/v5 v5.6.13
|
||||
golang.org/x/crypto v0.22.0
|
||||
golang.org/x/net v0.24.0
|
||||
golang.org/x/oauth2 v0.16.0
|
||||
@@ -59,9 +59,8 @@ require (
|
||||
github.com/prometheus/client_model v0.5.0 // indirect
|
||||
github.com/prometheus/common v0.48.0 // indirect
|
||||
github.com/prometheus/procfs v0.12.0 // indirect
|
||||
github.com/rogpeppe/go-internal v1.11.0 // indirect
|
||||
github.com/templexxx/cpu v0.1.0 // indirect
|
||||
github.com/templexxx/xorsimd v0.4.2 // indirect
|
||||
github.com/templexxx/cpu v0.1.1 // indirect
|
||||
github.com/templexxx/xorsimd v0.4.3 // indirect
|
||||
github.com/tidwall/match v1.1.1 // indirect
|
||||
github.com/tidwall/pretty v1.2.0 // indirect
|
||||
github.com/tjfoc/gmsm v1.4.1 // indirect
|
||||
|
||||
16
go.sum
16
go.sum
@@ -116,8 +116,8 @@ github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
|
||||
github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
|
||||
github.com/rodaine/table v1.2.0 h1:38HEnwK4mKSHQJIkavVj+bst1TEY7j9zhLMWu4QJrMA=
|
||||
github.com/rodaine/table v1.2.0/go.mod h1:wejb/q/Yd4T/SVmBSRMr7GCq3KlcZp3gyNYdLSBhkaE=
|
||||
github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
|
||||
github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
|
||||
github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
|
||||
github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
|
||||
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
|
||||
github.com/samber/lo v1.39.0 h1:4gTz1wUhNYLhFSKl6O+8peW0v2F4BCY034GRpU9WnuA=
|
||||
github.com/samber/lo v1.39.0/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA=
|
||||
@@ -136,10 +136,10 @@ github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXl
|
||||
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
|
||||
github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
|
||||
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
|
||||
github.com/templexxx/cpu v0.1.0 h1:wVM+WIJP2nYaxVxqgHPD4wGA2aJ9rvrQRV8CvFzNb40=
|
||||
github.com/templexxx/cpu v0.1.0/go.mod h1:w7Tb+7qgcAlIyX4NhLuDKt78AHA5SzPmq0Wj6HiEnnk=
|
||||
github.com/templexxx/xorsimd v0.4.2 h1:ocZZ+Nvu65LGHmCLZ7OoCtg8Fx8jnHKK37SjvngUoVI=
|
||||
github.com/templexxx/xorsimd v0.4.2/go.mod h1:HgwaPoDREdi6OnULpSfxhzaiiSUY4Fi3JPn1wpt28NI=
|
||||
github.com/templexxx/cpu v0.1.1 h1:isxHaxBXpYFWnk2DReuKkigaZyrjs2+9ypIdGP4h+HI=
|
||||
github.com/templexxx/cpu v0.1.1/go.mod h1:w7Tb+7qgcAlIyX4NhLuDKt78AHA5SzPmq0Wj6HiEnnk=
|
||||
github.com/templexxx/xorsimd v0.4.3 h1:9AQTFHd7Bhk3dIT7Al2XeBX5DWOvsUPZCuhyAtNbHjU=
|
||||
github.com/templexxx/xorsimd v0.4.3/go.mod h1:oZQcD6RFDisW2Am58dSAGwwL6rHjbzrlu25VDqfWkQg=
|
||||
github.com/tidwall/gjson v1.17.1 h1:wlYEnwqAHgzmhNUFfw7Xalt2JzQvsMx2Se4PcoFCT/U=
|
||||
github.com/tidwall/gjson v1.17.1/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
|
||||
github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
|
||||
@@ -148,8 +148,8 @@ github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs=
|
||||
github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
|
||||
github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho=
|
||||
github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE=
|
||||
github.com/xtaci/kcp-go/v5 v5.6.8 h1:jlI/0jAyjoOjT/SaGB58s4bQMJiNS41A2RKzR6TMWeI=
|
||||
github.com/xtaci/kcp-go/v5 v5.6.8/go.mod h1:oE9j2NVqAkuKO5o8ByKGch3vgVX3BNf8zqP8JiGq0bM=
|
||||
github.com/xtaci/kcp-go/v5 v5.6.13 h1:FEjtz9+D4p8t2x4WjciGt/jsIuhlWjjgPCCWjrVR4Hk=
|
||||
github.com/xtaci/kcp-go/v5 v5.6.13/go.mod h1:75S1AKYYzNUSXIv30h+jPKJYZUwqpfvLshu63nCNSOM=
|
||||
github.com/xtaci/lossyconn v0.0.0-20200209145036-adba10fffc37 h1:EWU6Pktpas0n8lLQwDsRyZfmkPeRbdgPtW609es+/9E=
|
||||
github.com/xtaci/lossyconn v0.0.0-20200209145036-adba10fffc37/go.mod h1:HpMP7DB2CyokmAh4lp0EQnnWhmycP/TvwBGzvuie+H0=
|
||||
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
|
||||
|
||||
@@ -18,7 +18,7 @@ rm -rf ./release/packages
|
||||
mkdir -p ./release/packages
|
||||
|
||||
os_all='linux windows darwin freebsd android'
|
||||
arch_all='386 amd64 arm arm64 mips64 mips64le mips mipsle riscv64'
|
||||
arch_all='386 amd64 arm arm64 mips64 mips64le mips mipsle riscv64 loong64'
|
||||
extra_all='_ hf'
|
||||
|
||||
cd ./release
|
||||
|
||||
@@ -50,7 +50,8 @@ func NewAuthVerifier(cfg v1.AuthServerConfig) (authVerifier Verifier) {
|
||||
case v1.AuthMethodToken:
|
||||
authVerifier = NewTokenAuth(cfg.AdditionalScopes, cfg.Token)
|
||||
case v1.AuthMethodOIDC:
|
||||
authVerifier = NewOidcAuthVerifier(cfg.AdditionalScopes, cfg.OIDC)
|
||||
tokenVerifier := NewTokenVerifier(cfg.OIDC)
|
||||
authVerifier = NewOidcAuthVerifier(cfg.AdditionalScopes, tokenVerifier)
|
||||
}
|
||||
return authVerifier
|
||||
}
|
||||
|
||||
@@ -87,14 +87,18 @@ func (auth *OidcAuthProvider) SetNewWorkConn(newWorkConnMsg *msg.NewWorkConn) (e
|
||||
return err
|
||||
}
|
||||
|
||||
type TokenVerifier interface {
|
||||
Verify(context.Context, string) (*oidc.IDToken, error)
|
||||
}
|
||||
|
||||
type OidcAuthConsumer struct {
|
||||
additionalAuthScopes []v1.AuthScope
|
||||
|
||||
verifier *oidc.IDTokenVerifier
|
||||
subjectFromLogin string
|
||||
verifier TokenVerifier
|
||||
subjectsFromLogin []string
|
||||
}
|
||||
|
||||
func NewOidcAuthVerifier(additionalAuthScopes []v1.AuthScope, cfg v1.AuthOIDCServerConfig) *OidcAuthConsumer {
|
||||
func NewTokenVerifier(cfg v1.AuthOIDCServerConfig) TokenVerifier {
|
||||
provider, err := oidc.NewProvider(context.Background(), cfg.Issuer)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
@@ -105,9 +109,14 @@ func NewOidcAuthVerifier(additionalAuthScopes []v1.AuthScope, cfg v1.AuthOIDCSer
|
||||
SkipExpiryCheck: cfg.SkipExpiryCheck,
|
||||
SkipIssuerCheck: cfg.SkipIssuerCheck,
|
||||
}
|
||||
return provider.Verifier(&verifierConf)
|
||||
}
|
||||
|
||||
func NewOidcAuthVerifier(additionalAuthScopes []v1.AuthScope, verifier TokenVerifier) *OidcAuthConsumer {
|
||||
return &OidcAuthConsumer{
|
||||
additionalAuthScopes: additionalAuthScopes,
|
||||
verifier: provider.Verifier(&verifierConf),
|
||||
verifier: verifier,
|
||||
subjectsFromLogin: []string{},
|
||||
}
|
||||
}
|
||||
|
||||
@@ -116,7 +125,9 @@ func (auth *OidcAuthConsumer) VerifyLogin(loginMsg *msg.Login) (err error) {
|
||||
if err != nil {
|
||||
return fmt.Errorf("invalid OIDC token in login: %v", err)
|
||||
}
|
||||
auth.subjectFromLogin = token.Subject
|
||||
if !slices.Contains(auth.subjectsFromLogin, token.Subject) {
|
||||
auth.subjectsFromLogin = append(auth.subjectsFromLogin, token.Subject)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -125,11 +136,11 @@ func (auth *OidcAuthConsumer) verifyPostLoginToken(privilegeKey string) (err err
|
||||
if err != nil {
|
||||
return fmt.Errorf("invalid OIDC token in ping: %v", err)
|
||||
}
|
||||
if token.Subject != auth.subjectFromLogin {
|
||||
if !slices.Contains(auth.subjectsFromLogin, token.Subject) {
|
||||
return fmt.Errorf("received different OIDC subject in login and ping. "+
|
||||
"original subject: %s, "+
|
||||
"original subjects: %s, "+
|
||||
"new subject: %s",
|
||||
auth.subjectFromLogin, token.Subject)
|
||||
auth.subjectsFromLogin, token.Subject)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
64
pkg/auth/oidc_test.go
Normal file
64
pkg/auth/oidc_test.go
Normal file
@@ -0,0 +1,64 @@
|
||||
package auth_test
|
||||
|
||||
import (
|
||||
"context"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/coreos/go-oidc/v3/oidc"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"github.com/fatedier/frp/pkg/auth"
|
||||
v1 "github.com/fatedier/frp/pkg/config/v1"
|
||||
"github.com/fatedier/frp/pkg/msg"
|
||||
)
|
||||
|
||||
type mockTokenVerifier struct{}
|
||||
|
||||
func (m *mockTokenVerifier) Verify(ctx context.Context, subject string) (*oidc.IDToken, error) {
|
||||
return &oidc.IDToken{
|
||||
Subject: subject,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func TestPingWithEmptySubjectFromLoginFails(t *testing.T) {
|
||||
r := require.New(t)
|
||||
consumer := auth.NewOidcAuthVerifier([]v1.AuthScope{v1.AuthScopeHeartBeats}, &mockTokenVerifier{})
|
||||
err := consumer.VerifyPing(&msg.Ping{
|
||||
PrivilegeKey: "ping-without-login",
|
||||
Timestamp: time.Now().UnixMilli(),
|
||||
})
|
||||
r.Error(err)
|
||||
r.Contains(err.Error(), "received different OIDC subject in login and ping")
|
||||
}
|
||||
|
||||
func TestPingAfterLoginWithNewSubjectSucceeds(t *testing.T) {
|
||||
r := require.New(t)
|
||||
consumer := auth.NewOidcAuthVerifier([]v1.AuthScope{v1.AuthScopeHeartBeats}, &mockTokenVerifier{})
|
||||
err := consumer.VerifyLogin(&msg.Login{
|
||||
PrivilegeKey: "ping-after-login",
|
||||
})
|
||||
r.NoError(err)
|
||||
|
||||
err = consumer.VerifyPing(&msg.Ping{
|
||||
PrivilegeKey: "ping-after-login",
|
||||
Timestamp: time.Now().UnixMilli(),
|
||||
})
|
||||
r.NoError(err)
|
||||
}
|
||||
|
||||
func TestPingAfterLoginWithDifferentSubjectFails(t *testing.T) {
|
||||
r := require.New(t)
|
||||
consumer := auth.NewOidcAuthVerifier([]v1.AuthScope{v1.AuthScopeHeartBeats}, &mockTokenVerifier{})
|
||||
err := consumer.VerifyLogin(&msg.Login{
|
||||
PrivilegeKey: "login-with-first-subject",
|
||||
})
|
||||
r.NoError(err)
|
||||
|
||||
err = consumer.VerifyPing(&msg.Ping{
|
||||
PrivilegeKey: "ping-with-different-subject",
|
||||
Timestamp: time.Now().UnixMilli(),
|
||||
})
|
||||
r.Error(err)
|
||||
r.Contains(err.Error(), "received different OIDC subject in login and ping")
|
||||
}
|
||||
@@ -140,6 +140,7 @@ func registerVisitorBaseConfigFlags(cmd *cobra.Command, c *v1.VisitorBaseConfig,
|
||||
cmd.Flags().BoolVarP(&c.Transport.UseCompression, "uc", "", false, "use compression")
|
||||
cmd.Flags().StringVarP(&c.SecretKey, "sk", "", "", "secret key")
|
||||
cmd.Flags().StringVarP(&c.ServerName, "server_name", "", "", "server name")
|
||||
cmd.Flags().StringVarP(&c.ServerUser, "server-user", "", "", "server user")
|
||||
cmd.Flags().StringVarP(&c.BindAddr, "bind_addr", "", "", "bind addr")
|
||||
cmd.Flags().IntVarP(&c.BindPort, "bind_port", "", 0, "bind port")
|
||||
}
|
||||
|
||||
@@ -159,18 +159,18 @@ func NewPortsRangeSliceFromString(str string) ([]PortsRange, error) {
|
||||
out = append(out, PortsRange{Single: int(singleNum)})
|
||||
case 2:
|
||||
// range numbers
|
||||
min, err := strconv.ParseInt(strings.TrimSpace(numArray[0]), 10, 64)
|
||||
minNum, err := strconv.ParseInt(strings.TrimSpace(numArray[0]), 10, 64)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("range number is invalid, %v", err)
|
||||
}
|
||||
max, err := strconv.ParseInt(strings.TrimSpace(numArray[1]), 10, 64)
|
||||
maxNum, err := strconv.ParseInt(strings.TrimSpace(numArray[1]), 10, 64)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("range number is invalid, %v", err)
|
||||
}
|
||||
if max < min {
|
||||
if maxNum < minNum {
|
||||
return nil, fmt.Errorf("range number is invalid")
|
||||
}
|
||||
out = append(out, PortsRange{Start: int(min), End: int(max)})
|
||||
out = append(out, PortsRange{Start: int(minNum), End: int(maxNum)})
|
||||
default:
|
||||
return nil, fmt.Errorf("range number is invalid")
|
||||
}
|
||||
|
||||
@@ -78,9 +78,9 @@ func ListAllLocalIPs() ([]net.IP, error) {
|
||||
return ips, nil
|
||||
}
|
||||
|
||||
func ListLocalIPsForNatHole(max int) ([]string, error) {
|
||||
if max <= 0 {
|
||||
return nil, fmt.Errorf("max must be greater than 0")
|
||||
func ListLocalIPsForNatHole(maxItems int) ([]string, error) {
|
||||
if maxItems <= 0 {
|
||||
return nil, fmt.Errorf("maxItems must be greater than 0")
|
||||
}
|
||||
|
||||
ips, err := ListAllLocalIPs()
|
||||
@@ -88,9 +88,9 @@ func ListLocalIPsForNatHole(max int) ([]string, error) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
filtered := make([]string, 0, max)
|
||||
filtered := make([]string, 0, maxItems)
|
||||
for _, ip := range ips {
|
||||
if len(filtered) >= max {
|
||||
if len(filtered) >= maxItems {
|
||||
break
|
||||
}
|
||||
|
||||
|
||||
@@ -85,21 +85,21 @@ func ParseRangeNumbers(rangeStr string) (numbers []int64, err error) {
|
||||
numbers = append(numbers, singleNum)
|
||||
case 2:
|
||||
// range numbers
|
||||
min, errRet := strconv.ParseInt(strings.TrimSpace(numArray[0]), 10, 64)
|
||||
minValue, errRet := strconv.ParseInt(strings.TrimSpace(numArray[0]), 10, 64)
|
||||
if errRet != nil {
|
||||
err = fmt.Errorf("range number is invalid, %v", errRet)
|
||||
return
|
||||
}
|
||||
max, errRet := strconv.ParseInt(strings.TrimSpace(numArray[1]), 10, 64)
|
||||
maxValue, errRet := strconv.ParseInt(strings.TrimSpace(numArray[1]), 10, 64)
|
||||
if errRet != nil {
|
||||
err = fmt.Errorf("range number is invalid, %v", errRet)
|
||||
return
|
||||
}
|
||||
if max < min {
|
||||
if maxValue < minValue {
|
||||
err = fmt.Errorf("range number is invalid")
|
||||
return
|
||||
}
|
||||
for i := min; i <= max; i++ {
|
||||
for i := minValue; i <= maxValue; i++ {
|
||||
numbers = append(numbers, i)
|
||||
}
|
||||
default:
|
||||
@@ -118,13 +118,13 @@ func GenerateResponseErrorString(summary string, err error, detailed bool) strin
|
||||
}
|
||||
|
||||
func RandomSleep(duration time.Duration, minRatio, maxRatio float64) time.Duration {
|
||||
min := int64(minRatio * 1000.0)
|
||||
max := int64(maxRatio * 1000.0)
|
||||
minValue := int64(minRatio * 1000.0)
|
||||
maxValue := int64(maxRatio * 1000.0)
|
||||
var n int64
|
||||
if max <= min {
|
||||
n = min
|
||||
if maxValue <= minValue {
|
||||
n = minValue
|
||||
} else {
|
||||
n = mathrand.Int64N(max-min) + min
|
||||
n = mathrand.Int64N(maxValue-minValue) + minValue
|
||||
}
|
||||
d := duration * time.Duration(n) / time.Duration(1000)
|
||||
time.Sleep(d)
|
||||
|
||||
@@ -14,7 +14,7 @@
|
||||
|
||||
package version
|
||||
|
||||
var version = "0.60.0"
|
||||
var version = "0.61.0"
|
||||
|
||||
func Full() string {
|
||||
return version
|
||||
|
||||
@@ -137,17 +137,17 @@ func (pxy *BaseProxy) GetWorkConnFromPool(src, dst net.Addr) (workConn net.Conn,
|
||||
dstAddr string
|
||||
srcPortStr string
|
||||
dstPortStr string
|
||||
srcPort int
|
||||
dstPort int
|
||||
srcPort uint64
|
||||
dstPort uint64
|
||||
)
|
||||
|
||||
if src != nil {
|
||||
srcAddr, srcPortStr, _ = net.SplitHostPort(src.String())
|
||||
srcPort, _ = strconv.Atoi(srcPortStr)
|
||||
srcPort, _ = strconv.ParseUint(srcPortStr, 10, 16)
|
||||
}
|
||||
if dst != nil {
|
||||
dstAddr, dstPortStr, _ = net.SplitHostPort(dst.String())
|
||||
dstPort, _ = strconv.Atoi(dstPortStr)
|
||||
dstPort, _ = strconv.ParseUint(dstPortStr, 10, 16)
|
||||
}
|
||||
err := msg.WriteMsg(workConn, &msg.StartWorkConn{
|
||||
ProxyName: pxy.GetName(),
|
||||
@@ -190,8 +190,8 @@ func (pxy *BaseProxy) startCommonTCPListenersHandler() {
|
||||
} else {
|
||||
tempDelay *= 2
|
||||
}
|
||||
if max := 1 * time.Second; tempDelay > max {
|
||||
tempDelay = max
|
||||
if maxTime := 1 * time.Second; tempDelay > maxTime {
|
||||
tempDelay = maxTime
|
||||
}
|
||||
xl.Infof("met temporary error: %s, sleep for %s ...", err, tempDelay)
|
||||
time.Sleep(tempDelay)
|
||||
|
||||
Reference in New Issue
Block a user