12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091 |
- package auth
- import (
- "fmt"
- "slices"
- "time"
- v1 "github.com/fatedier/frp/pkg/config/v1"
- "github.com/fatedier/frp/pkg/msg"
- "github.com/fatedier/frp/pkg/util/util"
- )
- type TokenAuthSetterVerifier struct {
- additionalAuthScopes []v1.AuthScope
- token string
- }
- func NewTokenAuth(additionalAuthScopes []v1.AuthScope, token string) *TokenAuthSetterVerifier {
- return &TokenAuthSetterVerifier{
- additionalAuthScopes: additionalAuthScopes,
- token: token,
- }
- }
- func (auth *TokenAuthSetterVerifier) SetLogin(loginMsg *msg.Login) error {
- loginMsg.PrivilegeKey = util.GetAuthKey(auth.token, loginMsg.Timestamp)
- return nil
- }
- func (auth *TokenAuthSetterVerifier) SetPing(pingMsg *msg.Ping) error {
- if !slices.Contains(auth.additionalAuthScopes, v1.AuthScopeHeartBeats) {
- return nil
- }
- pingMsg.Timestamp = time.Now().Unix()
- pingMsg.PrivilegeKey = util.GetAuthKey(auth.token, pingMsg.Timestamp)
- return nil
- }
- func (auth *TokenAuthSetterVerifier) SetNewWorkConn(newWorkConnMsg *msg.NewWorkConn) error {
- if !slices.Contains(auth.additionalAuthScopes, v1.AuthScopeNewWorkConns) {
- return nil
- }
- newWorkConnMsg.Timestamp = time.Now().Unix()
- newWorkConnMsg.PrivilegeKey = util.GetAuthKey(auth.token, newWorkConnMsg.Timestamp)
- return nil
- }
- func (auth *TokenAuthSetterVerifier) VerifyLogin(m *msg.Login) error {
- if !util.ConstantTimeEqString(util.GetAuthKey(auth.token, m.Timestamp), m.PrivilegeKey) {
- return fmt.Errorf("token in login doesn't match token from configuration")
- }
- return nil
- }
- func (auth *TokenAuthSetterVerifier) VerifyPing(m *msg.Ping) error {
- if !slices.Contains(auth.additionalAuthScopes, v1.AuthScopeHeartBeats) {
- return nil
- }
- if !util.ConstantTimeEqString(util.GetAuthKey(auth.token, m.Timestamp), m.PrivilegeKey) {
- return fmt.Errorf("token in heartbeat doesn't match token from configuration")
- }
- return nil
- }
- func (auth *TokenAuthSetterVerifier) VerifyNewWorkConn(m *msg.NewWorkConn) error {
- if !slices.Contains(auth.additionalAuthScopes, v1.AuthScopeNewWorkConns) {
- return nil
- }
- if !util.ConstantTimeEqString(util.GetAuthKey(auth.token, m.Timestamp), m.PrivilegeKey) {
- return fmt.Errorf("token in NewWorkConn doesn't match token from configuration")
- }
- return nil
- }
|