lanhu/proxy
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

网关实现自定义接口安全检查与边缘节点连接权限验证

Browse Source
This commit is contained in:
luorijun
2025-05-15 15:56:20 +08:00
parent b29882f0a7
commit d65fe4db6f
25 changed files with 353 additions and 703 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
server/fwd/socks/socks.go
View File

@@ -104,10 +104,10 @@ func checkVersion(reader io.Reader) error {
}
// authenticate 执行认证流程
func authenticate(ctx context.Context, reader *bufio.Reader, conn net.Conn) (*core.AuthContext, error) {
func authenticate(ctx context.Context, reader *bufio.Reader, conn net.Conn) (authContext *core.AuthContext, err error) {
// 版本检查
err := checkVersion(reader)
err = checkVersion(reader)
if err != nil {
return nil, err
}
@@ -122,7 +122,6 @@ func authenticate(ctx context.Context, reader *bufio.Reader, conn net.Conn) (*co
return nil, err
}
// 密码模式
if slices.Contains(methods, UserPassAuth) {
_, err := conn.Write([]byte{Version, byte(UserPassAuth)})
if err != nil {
@@ -167,7 +166,7 @@ func authenticate(ctx context.Context, reader *bufio.Reader, conn net.Conn) (*co
password := string(passwordBuf)
// 检查权限
authContext, err := auth.CheckPass(conn, auth.Socks5, username, password)
authContext, err = auth.Protect(conn, auth.Socks5, &username, &password)
if err != nil {
return nil, fmt.Errorf("权限检查失败: %w", err)
}
@@ -179,30 +178,29 @@ func authenticate(ctx context.Context, reader *bufio.Reader, conn net.Conn) (*co
}
return authContext, nil
}
// 无认证
if slices.Contains(methods, NoAuth) {
} else if slices.Contains(methods, NoAuth) {
_, err = conn.Write([]byte{Version, NoAuth})
if err != nil {
return nil, fmt.Errorf("响应认证方式失败: %w", err)
}
authCtx, err := auth.CheckIp(conn, auth.Socks5)
authContext, err = auth.Protect(conn, auth.Socks5, nil, nil)
if err != nil {
return nil, fmt.Errorf("权限检查失败: %w", err)
}
return authContext, nil
return authCtx, nil
} else {
_, err = conn.Write([]byte{Version, NoAcceptable})
if err != nil {
return nil, err
}
return nil, errors.New("没有适用的认证方式")
}
// 无适用的认证方式
_, err = conn.Write([]byte{Version, NoAcceptable})
if err != nil {
return nil, err
}
return nil, errors.New("没有适用的认证方式")
}
type Request struct {