add plugins
All checks were successful
Build Multi-Platform Binaries / build (push) Successful in 11m9s
All checks were successful
Build Multi-Platform Binaries / build (push) Successful in 11m9s
This commit is contained in:
Flik
@@ -3,12 +3,21 @@ package router
|
||||
import (
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
"regexp"
|
||||
|
||||
"github.com/gotunnel/internal/server/config"
|
||||
"github.com/gotunnel/internal/server/db"
|
||||
"github.com/gotunnel/pkg/protocol"
|
||||
)
|
||||
|
||||
// 客户端 ID 验证规则
|
||||
var clientIDRegex = regexp.MustCompile(`^[a-zA-Z0-9_-]{1,64}$`)
|
||||
|
||||
// validateClientID 验证客户端 ID 格式
|
||||
func validateClientID(id string) bool {
|
||||
return clientIDRegex.MatchString(id)
|
||||
}
|
||||
|
||||
// ClientStatus 客户端状态
|
||||
type ClientStatus struct {
|
||||
ID string `json:"id"`
|
||||
@@ -122,6 +131,10 @@ func (h *APIHandler) addClient(rw http.ResponseWriter, r *http.Request) {
|
||||
http.Error(rw, "client id required", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
if !validateClientID(req.ID) {
|
||||
http.Error(rw, "invalid client id: must be 1-64 alphanumeric characters, underscore or hyphen", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
exists, _ := h.clientStore.ClientExists(req.ID)
|
||||
if exists {
|
||||
@@ -218,11 +231,16 @@ func (h *APIHandler) handleConfig(rw http.ResponseWriter, r *http.Request) {
|
||||
|
||||
func (h *APIHandler) getConfig(rw http.ResponseWriter) {
|
||||
cfg := h.app.GetConfig()
|
||||
// Token 脱敏处理,只显示前4位
|
||||
maskedToken := cfg.Server.Token
|
||||
if len(maskedToken) > 4 {
|
||||
maskedToken = maskedToken[:4] + "****"
|
||||
}
|
||||
h.jsonResponse(rw, map[string]interface{}{
|
||||
"server": map[string]interface{}{
|
||||
"bind_addr": cfg.Server.BindAddr,
|
||||
"bind_port": cfg.Server.BindPort,
|
||||
"token": cfg.Server.Token,
|
||||
"token": maskedToken,
|
||||
"heartbeat_sec": cfg.Server.HeartbeatSec,
|
||||
"heartbeat_timeout": cfg.Server.HeartbeatTimeout,
|
||||
},
|
||||
@@ -231,7 +249,7 @@ func (h *APIHandler) getConfig(rw http.ResponseWriter) {
|
||||
"bind_addr": cfg.Web.BindAddr,
|
||||
"bind_port": cfg.Web.BindPort,
|
||||
"username": cfg.Web.Username,
|
||||
"password": cfg.Web.Password,
|
||||
"password": "****",
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
package router
|
||||
|
||||
import (
|
||||
"crypto/subtle"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
@@ -9,6 +10,12 @@ type Router struct {
|
||||
mux *http.ServeMux
|
||||
}
|
||||
|
||||
// AuthConfig 认证配置
|
||||
type AuthConfig struct {
|
||||
Username string
|
||||
Password string
|
||||
}
|
||||
|
||||
// New 创建路由管理器
|
||||
func New() *Router {
|
||||
return &Router{
|
||||
@@ -49,3 +56,31 @@ func (g *RouteGroup) HandleFunc(pattern string, handler http.HandlerFunc) {
|
||||
func (r *Router) Handler() http.Handler {
|
||||
return r.mux
|
||||
}
|
||||
|
||||
// BasicAuthMiddleware 基础认证中间件
|
||||
func BasicAuthMiddleware(auth *AuthConfig, next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if auth == nil || (auth.Username == "" && auth.Password == "") {
|
||||
next.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
user, pass, ok := r.BasicAuth()
|
||||
if !ok {
|
||||
w.Header().Set("WWW-Authenticate", `Basic realm="GoTunnel"`)
|
||||
http.Error(w, "Unauthorized", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
userMatch := subtle.ConstantTimeCompare([]byte(user), []byte(auth.Username)) == 1
|
||||
passMatch := subtle.ConstantTimeCompare([]byte(pass), []byte(auth.Password)) == 1
|
||||
|
||||
if !userMatch || !passMatch {
|
||||
w.Header().Set("WWW-Authenticate", `Basic realm="GoTunnel"`)
|
||||
http.Error(w, "Unauthorized", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
next.ServeHTTP(w, r)
|
||||
})
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user