diff --git a/cmd/auth/funcs.go b/cmd/auth/funcs.go new file mode 100644 index 0000000..695af67 --- /dev/null +++ b/cmd/auth/funcs.go @@ -0,0 +1,59 @@ +package auth + +import ( + "errors" + "net" + "net/http" + "time" + + "github.com/HyNetwork/hysteria/pkg/core" + "github.com/yosuke-furukawa/json5/encoding/json5" +) + +func PasswordAuthFunc(rawMsg json5.RawMessage) (core.ConnectFunc, error) { + var pwds []string + err := json5.Unmarshal(rawMsg, &pwds) + if err != nil { + // not a string list, legacy format? + var pwdConfig map[string]string + err = json5.Unmarshal(rawMsg, &pwdConfig) + if err != nil || len(pwdConfig["password"]) == 0 { + // still no, invalid config + return nil, errors.New("invalid config") + } + // yes it is + pwds = []string{pwdConfig["password"]} + } + return func(addr net.Addr, auth []byte, sSend uint64, sRecv uint64) (bool, string) { + for _, pwd := range pwds { + if string(auth) == pwd { + return true, "Welcome" + } + } + return false, "Wrong password" + }, nil +} + +func ExternalAuthFunc(rawMsg json5.RawMessage) (core.ConnectFunc, error) { + var extConfig map[string]string + err := json5.Unmarshal(rawMsg, &extConfig) + if err != nil { + return nil, errors.New("invalid config") + } + if len(extConfig["http"]) != 0 { + hp := &HTTPAuthProvider{ + Client: &http.Client{ + Timeout: 10 * time.Second, + }, + URL: extConfig["http"], + } + return hp.Auth, nil + } else if len(extConfig["cmd"]) != 0 { + cp := &CmdAuthProvider{ + Cmd: extConfig["cmd"], + } + return cp.Auth, nil + } else { + return nil, errors.New("invalid config") + } +} diff --git a/cmd/server.go b/cmd/server.go index 061b336..9e3c51f 100644 --- a/cmd/server.go +++ b/cmd/server.go @@ -2,7 +2,6 @@ package main import ( "crypto/tls" - "errors" "io" "net" "net/http" @@ -116,7 +115,7 @@ func server(config *serverConfig) { return true, "Welcome" } case "password", "passwords": - authFunc, err = passwordAuthFunc(config.Auth.Config) + authFunc, err = auth.PasswordAuthFunc(config.Auth.Config) if err != nil { logrus.WithFields(logrus.Fields{ "error": err, @@ -125,7 +124,7 @@ func server(config *serverConfig) { logrus.Info("Password authentication enabled") } case "external": - authFunc, err = externalAuthFunc(config.Auth.Config) + authFunc, err = auth.ExternalAuthFunc(config.Auth.Config) if err != nil { logrus.WithFields(logrus.Fields{ "error": err, @@ -252,54 +251,6 @@ func server(config *serverConfig) { logrus.WithField("error", err).Fatal("Server shutdown") } -func passwordAuthFunc(rawMsg json5.RawMessage) (core.ConnectFunc, error) { - var pwds []string - err := json5.Unmarshal(rawMsg, &pwds) - if err != nil { - // not a string list, legacy format? - var pwdConfig map[string]string - err = json5.Unmarshal(rawMsg, &pwdConfig) - if err != nil || len(pwdConfig["password"]) == 0 { - // still no, invalid config - return nil, errors.New("invalid config") - } - // yes it is - pwds = []string{pwdConfig["password"]} - } - return func(addr net.Addr, auth []byte, sSend uint64, sRecv uint64) (bool, string) { - for _, pwd := range pwds { - if string(auth) == pwd { - return true, "Welcome" - } - } - return false, "Wrong password" - }, nil -} - -func externalAuthFunc(rawMsg json5.RawMessage) (core.ConnectFunc, error) { - var extConfig map[string]string - err := json5.Unmarshal(rawMsg, &extConfig) - if err != nil { - return nil, errors.New("invalid config") - } - if len(extConfig["http"]) != 0 { - hp := &auth.HTTPAuthProvider{ - Client: &http.Client{ - Timeout: 10 * time.Second, - }, - URL: extConfig["http"], - } - return hp.Auth, nil - } else if len(extConfig["cmd"]) != 0 { - cp := &auth.CmdAuthProvider{ - Cmd: extConfig["cmd"], - } - return cp.Auth, nil - } else { - return nil, errors.New("invalid config") - } -} - func disconnectFunc(addr net.Addr, auth []byte, err error) { logrus.WithFields(logrus.Fields{ "src": defaultIPMasker.Mask(addr.String()),