TRKJ/EdgeNode
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeNode.git synced 2025-12-03 15:00:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

优化鉴权

Browse Source
This commit is contained in:
刘祥超
2022-08-30 11:24:23 +08:00
parent abda886de5
commit b5f52dd136
1 changed files with 23 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
internal/nodes/http_request_auth.go
View File

@@ -19,7 +19,10 @@ func (this *HTTPRequest) doAuth() (shouldStop bool) {
if !ref.IsOn || ref.AuthPolicy == nil || !ref.AuthPolicy.IsOn { if !ref.IsOn || ref.AuthPolicy == nil || !ref.AuthPolicy.IsOn {
continue continue
} }
b, err := ref.AuthPolicy.Filter(this.RawReq, func(subReq *http.Request) (status int, err error) { if !ref.AuthPolicy.MatchRequest(this.RawReq) {
continue
}
ok, newURI, uriChanged, err := ref.AuthPolicy.Filter(this.RawReq, func(subReq *http.Request) (status int, err error) {
subReq.TLS = this.RawReq.TLS subReq.TLS = this.RawReq.TLS
subReq.RemoteAddr = this.RawReq.RemoteAddr subReq.RemoteAddr = this.RawReq.RemoteAddr
subReq.Host = this.RawReq.Host subReq.Host = this.RawReq.Host
@@ -36,11 +39,16 @@ func (this *HTTPRequest) doAuth() (shouldStop bool) {
this.write50x(err, http.StatusInternalServerError, "Failed to execute the AuthPolicy", "认证策略执行失败", false) this.write50x(err, http.StatusInternalServerError, "Failed to execute the AuthPolicy", "认证策略执行失败", false)
return return
} }
if b { if ok {
if uriChanged {
this.uri = newURI
}
return return
} else { } else {
// Basic Auth比较特殊
if ref.AuthPolicy.Type == serverconfigs.HTTPAuthTypeBasicAuth { if ref.AuthPolicy.Type == serverconfigs.HTTPAuthTypeBasicAuth {
var method = ref.AuthPolicy.Method().(*serverconfigs.HTTPAuthBasicMethod) method, ok := ref.AuthPolicy.Method().(*serverconfigs.HTTPAuthBasicMethod)
if ok {
var headerValue = "Basic realm=\"" var headerValue = "Basic realm=\""
if len(method.Realm) > 0 { if len(method.Realm) > 0 {
headerValue += method.Realm headerValue += method.Realm
@@ -53,7 +61,9 @@ func (this *HTTPRequest) doAuth() (shouldStop bool) {
} }
this.writer.Header()["WWW-Authenticate"] = []string{headerValue} this.writer.Header()["WWW-Authenticate"] = []string{headerValue}
} }
}
this.writer.WriteHeader(http.StatusUnauthorized) this.writer.WriteHeader(http.StatusUnauthorized)
this.tags = append(this.tags, ref.AuthPolicy.Type)
return true return true
} }
} }