Skip to content

Commit

Permalink
support ping_auth_enabled #65
Browse files Browse the repository at this point in the history
  • Loading branch information
chengshiwen committed Aug 5, 2024
1 parent 8791a8d commit 32a0386
Show file tree
Hide file tree
Showing 7 changed files with 33 additions and 18 deletions.
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,7 @@ The configuration settings are as follows:
* `username`: proxy username, with encryption if auth_encrypt is enabled, default is `empty` which means no auth
* `password`: proxy password, with encryption if auth_encrypt is enabled, default is `empty` which means no auth
* `auth_encrypt`: whether to encrypt auth (username/password), default is `false`
* `ping_auth_enabled`: enable authentication on the `/ping`, default is `false`
* `write_tracing`: enable logging for the write, default is `false`
* `query_tracing`: enable logging for the query, default is `false`
* `pprof_enabled`: enable `/debug/pprof` HTTP endpoint, default is `false`
Expand Down
1 change: 1 addition & 0 deletions backend/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ type ProxyConfig struct {
Username string `mapstructure:"username"`
Password string `mapstructure:"password"`
AuthEncrypt bool `mapstructure:"auth_encrypt"`
PingAuthEnabled bool `mapstructure:"ping_auth_enabled"`
WriteTracing bool `mapstructure:"write_tracing"`
QueryTracing bool `mapstructure:"query_tracing"`
PprofEnabled bool `mapstructure:"pprof_enabled"`
Expand Down
1 change: 1 addition & 0 deletions conf/proxy.toml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ write_timeout = 10
idle_timeout = 10
username = ""
password = ""
ping_auth_enabled = false
write_tracing = false
query_tracing = false
pprof_enabled = false
Expand Down
1 change: 1 addition & 0 deletions conf/proxy.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ write_timeout: 10
idle_timeout: 10
username: ""
password: ""
ping_auth_enabled: false
write_tracing: false
query_tracing: false
pprof_enabled: false
Expand Down
1 change: 1 addition & 0 deletions docker/quick/proxy.json
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@
"idle_timeout": 10,
"username": "",
"password": "",
"ping_auth_enabled": false,
"write_tracing": false,
"query_tracing": false,
"pprof_enabled": false,
Expand Down
1 change: 1 addition & 0 deletions proxy.json
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@
"idle_timeout": 10,
"username": "",
"password": "",
"ping_auth_enabled": false,
"write_tracing": false,
"query_tracing": false,
"pprof_enabled": false,
Expand Down
45 changes: 27 additions & 18 deletions service/http.go
Original file line number Diff line number Diff line change
Expand Up @@ -51,27 +51,29 @@ func (mux *ServeMux) ServeHTTP(w http.ResponseWriter, r *http.Request) {
}

type HttpService struct { // nolint:revive
ip *backend.Proxy
tx *transfer.Transfer
username string
password string
authEncrypt bool
writeTracing bool
queryTracing bool
pprofEnabled bool
ip *backend.Proxy
tx *transfer.Transfer
username string
password string
authEncrypt bool
pingAuthEnabled bool
writeTracing bool
queryTracing bool
pprofEnabled bool
}

func NewHttpService(cfg *backend.ProxyConfig) (hs *HttpService) { // nolint:revive
ip := backend.NewProxy(cfg)
hs = &HttpService{
ip: ip,
tx: transfer.NewTransfer(cfg, ip.Circles),
username: cfg.Username,
password: cfg.Password,
authEncrypt: cfg.AuthEncrypt,
writeTracing: cfg.WriteTracing,
queryTracing: cfg.QueryTracing,
pprofEnabled: cfg.PprofEnabled,
ip: ip,
tx: transfer.NewTransfer(cfg, ip.Circles),
username: cfg.Username,
password: cfg.Password,
authEncrypt: cfg.AuthEncrypt,
pingAuthEnabled: cfg.PingAuthEnabled,
writeTracing: cfg.WriteTracing,
queryTracing: cfg.QueryTracing,
pprofEnabled: cfg.PprofEnabled,
}
return
}
Expand Down Expand Up @@ -100,7 +102,10 @@ func (hs *HttpService) Register(mux *ServeMux) {
}
}

func (hs *HttpService) HandlerPing(w http.ResponseWriter, _ *http.Request) {
func (hs *HttpService) HandlerPing(w http.ResponseWriter, req *http.Request) {
if hs.isAuthEnabled() && hs.pingAuthEnabled && !hs.checkAuth(w, req) {
return
}
w.WriteHeader(http.StatusNoContent)
}

Expand Down Expand Up @@ -729,7 +734,7 @@ func (hs *HttpService) checkMethod(w http.ResponseWriter, req *http.Request, met
}

func (hs *HttpService) checkAuth(w http.ResponseWriter, req *http.Request) bool {
if hs.username == "" && hs.password == "" {
if !hs.isAuthEnabled() {
return true
}
q := req.URL.Query()
Expand Down Expand Up @@ -760,6 +765,10 @@ func (hs *HttpService) parseAuth(req *http.Request) (string, string, bool) {
return "", "", false
}

func (hs *HttpService) isAuthEnabled() bool {
return hs.username != "" || hs.password != ""
}

func (hs *HttpService) compareAuth(u, p string) bool {
return hs.transAuth(u) == hs.username && hs.transAuth(p) == hs.password
}
Expand Down

0 comments on commit 32a0386

Please sign in to comment.