132 lines
3.0 KiB
Go
132 lines
3.0 KiB
Go
package auth
|
|
|
|
import (
|
|
"log/slog"
|
|
"net"
|
|
"proxy-server/server/fwd/core"
|
|
"proxy-server/server/pkg/models"
|
|
"proxy-server/server/pkg/orm"
|
|
"strconv"
|
|
"time"
|
|
|
|
"github.com/pkg/errors"
|
|
)
|
|
|
|
type Protocol string
|
|
|
|
const (
|
|
Socks5 = Protocol("socks5")
|
|
Http = Protocol("http")
|
|
)
|
|
|
|
func CheckIp(conn net.Conn, proto Protocol) (*core.AuthContext, error) {
|
|
|
|
// 获取用户地址
|
|
remoteAddr := conn.RemoteAddr().String()
|
|
remoteHost, _, err := net.SplitHostPort(remoteAddr)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "noAuth 认证失败")
|
|
}
|
|
|
|
// 获取服务端口
|
|
localAddr := conn.LocalAddr().String()
|
|
_, _localPort, err := net.SplitHostPort(localAddr)
|
|
localPort, err := strconv.Atoi(_localPort)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "noAuth 认证失败")
|
|
}
|
|
|
|
// 查询权限记录
|
|
slog.Debug("用户 " + remoteHost + " 请求连接到 " + _localPort)
|
|
var channels []models.Channel
|
|
err = orm.DB.Find(&channels, &models.Channel{
|
|
AuthIp: true,
|
|
UserAddr: remoteHost,
|
|
NodePort: localPort,
|
|
Protocol: string(proto),
|
|
}).Error
|
|
if err != nil {
|
|
return nil, errors.New("查询用户权限失败")
|
|
}
|
|
// 记录应该只有一条
|
|
channel, err := orm.MaySingle(channels)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "不在白名单内")
|
|
}
|
|
|
|
// 检查是否需要密码认证
|
|
if channel.AuthPass {
|
|
return nil, errors.New("需要密码认证")
|
|
}
|
|
|
|
// 检查权限是否过期
|
|
timeout := channel.Expiration.Sub(time.Now()).Seconds()
|
|
if timeout <= 0 {
|
|
return nil, errors.New("权限已过期")
|
|
}
|
|
|
|
return &core.AuthContext{
|
|
Timeout: timeout,
|
|
Payload: core.Payload{
|
|
ID: channel.UserId,
|
|
},
|
|
}, nil
|
|
}
|
|
|
|
func CheckPass(conn net.Conn, proto Protocol, username, password string) (*core.AuthContext, error) {
|
|
|
|
// 获取服务端口
|
|
localAddr := conn.LocalAddr().String()
|
|
_, _localPort, err := net.SplitHostPort(localAddr)
|
|
localPort, err := strconv.Atoi(_localPort)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "noAuth 认证失败")
|
|
}
|
|
|
|
// 查询权限记录
|
|
var channel models.Channel
|
|
err = orm.DB.Take(&channel, &models.Channel{
|
|
AuthPass: true,
|
|
Username: username,
|
|
NodePort: localPort,
|
|
Protocol: string(proto),
|
|
}).Error
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "用户不存在")
|
|
}
|
|
|
|
// 检查密码 todo 哈希
|
|
if channel.Password != password {
|
|
return nil, errors.New("密码错误")
|
|
}
|
|
|
|
// 如果用户设置了双验证则检查 ip 是否在白名单中
|
|
if channel.AuthIp {
|
|
|
|
// 获取用户地址
|
|
remoteAddr := conn.RemoteAddr().String()
|
|
remoteHost, _, err := net.SplitHostPort(remoteAddr)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "无法获取连接信息")
|
|
}
|
|
|
|
// 查询权限记录
|
|
if channel.UserAddr != remoteHost {
|
|
return nil, errors.New("不在白名单内")
|
|
}
|
|
}
|
|
|
|
// 检查权限是否过期
|
|
timeout := channel.Expiration.Sub(time.Now()).Seconds()
|
|
if timeout <= 0 {
|
|
return nil, errors.New("权限已过期")
|
|
}
|
|
|
|
return &core.AuthContext{
|
|
Timeout: timeout,
|
|
Payload: core.Payload{
|
|
ID: channel.UserId,
|
|
},
|
|
}, nil
|
|
}
|