frps: remove auth timeout

pull/1041/head
fatedier 6 years ago
parent 611d063e1f
commit f76deb8898

@ -396,10 +396,6 @@ Then visit `http://[server_addr]:7500` to see dashboard, default username and pa
Since v0.10.0, you only need to set `token` in frps.ini and frpc.ini. Since v0.10.0, you only need to set `token` in frps.ini and frpc.ini.
Note that time duration between server of frpc and frps mustn't exceed 15 minutes because timestamp is used for authentication.
Howerver, this timeout duration can be modified by setting `authentication_timeout` in frps's configure file. It's defalut value is 900, means 15 minutes. If it is equals 0, then frps will not check authentication timeout.
### Encryption and Compression ### Encryption and Compression
Defalut value is false, you could decide if the proxy will use encryption or compression: Defalut value is false, you could decide if the proxy will use encryption or compression:

@ -412,10 +412,6 @@ dashboard_pwd = admin
从 v0.10.0 版本开始,所有 proxy 配置全部放在客户端(也就是之前版本的特权模式),服务端和客户端的 common 配置中的 `token` 参数一致则身份验证通过。 从 v0.10.0 版本开始,所有 proxy 配置全部放在客户端(也就是之前版本的特权模式),服务端和客户端的 common 配置中的 `token` 参数一致则身份验证通过。
需要注意的是 frpc 所在机器和 frps 所在机器的时间相差不能超过 15 分钟,因为时间戳会被用于加密验证中,防止报文被劫持后被其他人利用。
这个超时时间可以在配置文件中通过 `authentication_timeout` 这个参数来修改,单位为秒,默认值为 900即 15 分钟。如果修改为 0则 frps 将不对身份验证报文的时间戳进行超时校验。
### 加密与压缩 ### 加密与压缩
这两个功能默认是不开启的,需要在 frpc.ini 中通过配置来为指定的代理启用加密与压缩的功能,压缩算法使用 snappy 这两个功能默认是不开启的,需要在 frpc.ini 中通过配置来为指定的代理启用加密与压缩的功能,压缩算法使用 snappy

@ -54,7 +54,6 @@ var (
logLevel string logLevel string
logMaxDays int64 logMaxDays int64
token string token string
authTimeout int64
subDomainHost string subDomainHost string
tcpMux bool tcpMux bool
allowPorts string allowPorts string
@ -82,7 +81,6 @@ func init() {
rootCmd.PersistentFlags().StringVarP(&logLevel, "log_level", "", "info", "log level") rootCmd.PersistentFlags().StringVarP(&logLevel, "log_level", "", "info", "log level")
rootCmd.PersistentFlags().Int64VarP(&logMaxDays, "log_max_days", "", 3, "log_max_days") rootCmd.PersistentFlags().Int64VarP(&logMaxDays, "log_max_days", "", 3, "log_max_days")
rootCmd.PersistentFlags().StringVarP(&token, "token", "t", "", "auth token") rootCmd.PersistentFlags().StringVarP(&token, "token", "t", "", "auth token")
rootCmd.PersistentFlags().Int64VarP(&authTimeout, "auth_timeout", "", 900, "auth timeout")
rootCmd.PersistentFlags().StringVarP(&subDomainHost, "subdomain_host", "", "", "subdomain host") rootCmd.PersistentFlags().StringVarP(&subDomainHost, "subdomain_host", "", "", "subdomain host")
rootCmd.PersistentFlags().StringVarP(&allowPorts, "allow_ports", "", "", "allow ports") rootCmd.PersistentFlags().StringVarP(&allowPorts, "allow_ports", "", "", "allow ports")
rootCmd.PersistentFlags().Int64VarP(&maxPortsPerClient, "max_ports_per_client", "", 0, "max ports per client") rootCmd.PersistentFlags().Int64VarP(&maxPortsPerClient, "max_ports_per_client", "", 0, "max ports per client")
@ -173,7 +171,6 @@ func parseServerCommonCfgFromCmd() (err error) {
g.GlbServerCfg.LogLevel = logLevel g.GlbServerCfg.LogLevel = logLevel
g.GlbServerCfg.LogMaxDays = logMaxDays g.GlbServerCfg.LogMaxDays = logMaxDays
g.GlbServerCfg.Token = token g.GlbServerCfg.Token = token
g.GlbServerCfg.AuthTimeout = authTimeout
g.GlbServerCfg.SubDomainHost = subDomainHost g.GlbServerCfg.SubDomainHost = subDomainHost
if len(allowPorts) > 0 { if len(allowPorts) > 0 {
// e.g. 1000-2000,2001,2002,3000-4000 // e.g. 1000-2000,2001,2002,3000-4000

@ -59,10 +59,6 @@ max_pool_count = 5
# max ports can be used for each client, default value is 0 means no limit # max ports can be used for each client, default value is 0 means no limit
max_ports_per_client = 0 max_ports_per_client = 0
# authentication_timeout means the timeout interval (seconds) when the frpc connects frps
# if authentication_timeout is zero, the time is not verified, default is 900s
authentication_timeout = 900
# if subdomain_host is not empty, you can set subdomain when type is http or https in frpc's configure file # if subdomain_host is not empty, you can set subdomain when type is http or https in frpc's configure file
# when subdomain is test, the host used by routing is test.frps.com # when subdomain is test, the host used by routing is test.frps.com
subdomain_host = frps.com subdomain_host = frps.com

@ -67,7 +67,6 @@ type ServerCommonConf struct {
LogLevel string `json:"log_level"` LogLevel string `json:"log_level"`
LogMaxDays int64 `json:"log_max_days"` LogMaxDays int64 `json:"log_max_days"`
Token string `json:"token"` Token string `json:"token"`
AuthTimeout int64 `json:"auth_timeout"`
SubDomainHost string `json:"subdomain_host"` SubDomainHost string `json:"subdomain_host"`
TcpMux bool `json:"tcp_mux"` TcpMux bool `json:"tcp_mux"`
@ -98,7 +97,6 @@ func GetDefaultServerConf() *ServerCommonConf {
LogLevel: "info", LogLevel: "info",
LogMaxDays: 3, LogMaxDays: 3,
Token: "", Token: "",
AuthTimeout: 900,
SubDomainHost: "", SubDomainHost: "",
TcpMux: true, TcpMux: true,
AllowPorts: make(map[int]struct{}), AllowPorts: make(map[int]struct{}),
@ -285,16 +283,6 @@ func UnmarshalServerConfFromIni(defaultCfg *ServerCommonConf, content string) (c
} }
} }
if tmpStr, ok = conf.Get("common", "authentication_timeout"); ok {
v, errRet := strconv.ParseInt(tmpStr, 10, 64)
if errRet != nil {
err = fmt.Errorf("Parse conf error: authentication_timeout is incorrect")
return
} else {
cfg.AuthTimeout = v
}
}
if tmpStr, ok = conf.Get("common", "subdomain_host"); ok { if tmpStr, ok = conf.Get("common", "subdomain_host"); ok {
cfg.SubDomainHost = strings.ToLower(strings.TrimSpace(tmpStr)) cfg.SubDomainHost = strings.ToLower(strings.TrimSpace(tmpStr))
} }

@ -41,7 +41,6 @@ type ServerInfoResp struct {
VhostHttpPort int `json:"vhost_http_port"` VhostHttpPort int `json:"vhost_http_port"`
VhostHttpsPort int `json:"vhost_https_port"` VhostHttpsPort int `json:"vhost_https_port"`
KcpBindPort int `json:"kcp_bind_port"` KcpBindPort int `json:"kcp_bind_port"`
AuthTimeout int64 `json:"auth_timeout"`
SubdomainHost string `json:"subdomain_host"` SubdomainHost string `json:"subdomain_host"`
MaxPoolCount int64 `json:"max_pool_count"` MaxPoolCount int64 `json:"max_pool_count"`
MaxPortsPerClient int64 `json:"max_ports_per_client"` MaxPortsPerClient int64 `json:"max_ports_per_client"`
@ -74,7 +73,6 @@ func (svr *Service) ApiServerInfo(w http.ResponseWriter, r *http.Request) {
VhostHttpPort: cfg.VhostHttpPort, VhostHttpPort: cfg.VhostHttpPort,
VhostHttpsPort: cfg.VhostHttpsPort, VhostHttpsPort: cfg.VhostHttpsPort,
KcpBindPort: cfg.KcpBindPort, KcpBindPort: cfg.KcpBindPort,
AuthTimeout: cfg.AuthTimeout,
SubdomainHost: cfg.SubDomainHost, SubdomainHost: cfg.SubDomainHost,
MaxPoolCount: cfg.MaxPoolCount, MaxPoolCount: cfg.MaxPoolCount,
MaxPortsPerClient: cfg.MaxPortsPerClient, MaxPortsPerClient: cfg.MaxPortsPerClient,

@ -324,11 +324,6 @@ func (svr *Service) RegisterControl(ctlConn frpNet.Conn, loginMsg *msg.Login) (e
} }
// Check auth. // Check auth.
nowTime := time.Now().Unix()
if g.GlbServerCfg.AuthTimeout != 0 && nowTime-loginMsg.Timestamp > g.GlbServerCfg.AuthTimeout {
err = fmt.Errorf("authorization timeout")
return
}
if util.GetAuthKey(g.GlbServerCfg.Token, loginMsg.Timestamp) != loginMsg.PrivilegeKey { if util.GetAuthKey(g.GlbServerCfg.Token, loginMsg.Timestamp) != loginMsg.PrivilegeKey {
err = fmt.Errorf("authorization failed") err = fmt.Errorf("authorization failed")
return return

@ -19,9 +19,6 @@
<el-form-item label="Https Port"> <el-form-item label="Https Port">
<span>{{ vhost_https_port }}</span> <span>{{ vhost_https_port }}</span>
</el-form-item> </el-form-item>
<el-form-item label="Auth Timeout">
<span>{{ auth_timeout }}</span>
</el-form-item>
<el-form-item label="Subdomain Host"> <el-form-item label="Subdomain Host">
<span>{{ subdomain_host }}</span> <span>{{ subdomain_host }}</span>
</el-form-item> </el-form-item>
@ -64,7 +61,6 @@
bind_udp_port: '', bind_udp_port: '',
vhost_http_port: '', vhost_http_port: '',
vhost_https_port: '', vhost_https_port: '',
auth_timeout: '',
subdomain_host: '', subdomain_host: '',
max_pool_count: '', max_pool_count: '',
max_ports_per_client: '', max_ports_per_client: '',
@ -100,7 +96,6 @@
if (this.vhost_https_port == 0) { if (this.vhost_https_port == 0) {
this.vhost_https_port = "disable" this.vhost_https_port = "disable"
} }
this.auth_timeout = json.auth_timeout
this.subdomain_host = json.subdomain_host this.subdomain_host = json.subdomain_host
this.max_pool_count = json.max_pool_count this.max_pool_count = json.max_pool_count
this.max_ports_per_client = json.max_ports_per_client this.max_ports_per_client = json.max_ports_per_client

Loading…
Cancel
Save