网关实现自定义接口安全检查与边缘节点连接权限验证

server/fwd/http/http.go

@@ -49,18 +49,9 @@ func Process(ctx context.Context, conn net.Conn) (*core.Conn, error) {
 
 	// 验证账号
 	authInfo := headers.Get("Proxy-Authorization")
-	var authCtx *core.AuthContext
-	var authErr error
-	if authInfo == "" {
-		authCtx, authErr = auth.CheckIp(conn, auth.Http)
-		if authErr != nil {
-			_, err := conn.Write([]byte("HTTP/1.1 407 Proxy Authentication Required\r\n\r\n"))
-			if err != nil {
-				return nil, fmt.Errorf("响应 407 失败: %v", err)
-			}
-			return nil, fmt.Errorf("验证账号失败: %v", authErr)
-		}
-	} else {
+	var username *string = nil
+	var password *string = nil
+	if authInfo != "" {
 		authParts := strings.Split(authInfo, " ")
 		if len(authParts) != 2 {
 			return nil, errors.New("无效的 Proxy-Authorization")
@@ -73,14 +64,17 @@ func Process(ctx context.Context, conn net.Conn) (*core.Conn, error) {
 			return nil, fmt.Errorf("解码认证信息失败: %v", err)
 		}
 		authPair := strings.Split(string(authBytes), ":")
-		authCtx, authErr = auth.CheckPass(conn, auth.Http, authPair[0], authPair[1])
-		if authErr != nil {
-			_, err := conn.Write([]byte("HTTP/1.1 407 Proxy Authentication Required\r\n\r\n"))
-			if err != nil {
-				return nil, fmt.Errorf("响应 407 失败: %v", err)
-			}
-			return nil, fmt.Errorf("验证账号失败: %v", authErr)
+		username = &authPair[0]
+		password = &authPair[1]
+	}
+
+	authCtx, err := auth.Protect(conn, auth.Http, username, password)
+	if err != nil {
+		_, err = conn.Write([]byte("HTTP/1.1 407 Proxy Authentication Required\r\n\r\n"))
+		if err != nil {
+			return nil, fmt.Errorf("响应 407 失败: %v", err)
 		}
+		return nil, fmt.Errorf("验证账号失败: %v", err)
 	}
 
 	// 获取 Host