2019-12-08 03:59:58 -05:00
|
|
|
package rpc
|
2019-12-07 05:14:40 -05:00
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
2024-11-22 23:43:02 -05:00
|
|
|
"strings"
|
2024-10-20 11:23:04 -04:00
|
|
|
"sync"
|
2019-12-07 05:14:40 -05:00
|
|
|
|
2024-11-22 09:40:43 -05:00
|
|
|
petname "github.com/dustinkirkland/golang-petname"
|
|
|
|
"github.com/hashicorp/go-uuid"
|
2019-12-07 05:14:40 -05:00
|
|
|
"google.golang.org/grpc/codes"
|
|
|
|
"google.golang.org/grpc/metadata"
|
|
|
|
"google.golang.org/grpc/status"
|
2022-01-08 22:54:14 -05:00
|
|
|
|
2024-11-28 06:38:54 -05:00
|
|
|
"github.com/nezhahq/nezha/model"
|
|
|
|
"github.com/nezhahq/nezha/service/singleton"
|
2019-12-07 05:14:40 -05:00
|
|
|
)
|
|
|
|
|
2024-07-14 00:47:36 -04:00
|
|
|
type authHandler struct {
|
2019-12-09 03:02:49 -05:00
|
|
|
ClientSecret string
|
2024-10-20 11:23:04 -04:00
|
|
|
ClientUUID string
|
2019-12-07 05:14:40 -05:00
|
|
|
}
|
|
|
|
|
2024-07-14 00:47:36 -04:00
|
|
|
func (a *authHandler) Check(ctx context.Context) (uint64, error) {
|
2019-12-07 05:14:40 -05:00
|
|
|
md, ok := metadata.FromIncomingContext(ctx)
|
|
|
|
if !ok {
|
2021-01-30 04:10:51 -05:00
|
|
|
return 0, status.Errorf(codes.Unauthenticated, "获取 metaData 失败")
|
2019-12-07 05:14:40 -05:00
|
|
|
}
|
2021-01-30 04:10:51 -05:00
|
|
|
|
2021-01-08 08:04:50 -05:00
|
|
|
var clientSecret string
|
2019-12-09 05:14:31 -05:00
|
|
|
if value, ok := md["client_secret"]; ok {
|
2024-11-22 23:43:02 -05:00
|
|
|
clientSecret = strings.TrimSpace(value[0])
|
2019-12-07 05:14:40 -05:00
|
|
|
}
|
|
|
|
|
2024-11-22 23:43:02 -05:00
|
|
|
if clientSecret == "" {
|
|
|
|
return 0, status.Error(codes.Unauthenticated, "客户端认证失败")
|
|
|
|
}
|
|
|
|
|
|
|
|
ip, _ := ctx.Value(model.CtxKeyRealIP{}).(string)
|
|
|
|
|
2024-10-20 11:23:04 -04:00
|
|
|
if clientSecret != singleton.Conf.AgentSecretKey {
|
2024-11-22 23:43:02 -05:00
|
|
|
model.BlockIP(singleton.DB, ip, model.WAFBlockReasonTypeAgentAuthFail)
|
2024-11-22 09:40:43 -05:00
|
|
|
return 0, status.Error(codes.Unauthenticated, "客户端认证失败")
|
2024-10-20 11:23:04 -04:00
|
|
|
}
|
|
|
|
|
2024-11-22 23:43:02 -05:00
|
|
|
model.ClearIP(singleton.DB, ip)
|
|
|
|
|
2024-10-20 11:23:04 -04:00
|
|
|
var clientUUID string
|
|
|
|
if value, ok := md["client_uuid"]; ok {
|
|
|
|
clientUUID = value[0]
|
|
|
|
}
|
|
|
|
|
2024-10-22 11:44:50 -04:00
|
|
|
if _, err := uuid.ParseUUID(clientUUID); err != nil {
|
2024-11-22 09:40:43 -05:00
|
|
|
return 0, status.Error(codes.Unauthenticated, "客户端 UUID 不合法")
|
2024-10-22 11:44:50 -04:00
|
|
|
}
|
|
|
|
|
2022-01-08 22:54:14 -05:00
|
|
|
singleton.ServerLock.RLock()
|
|
|
|
defer singleton.ServerLock.RUnlock()
|
2024-11-22 09:40:43 -05:00
|
|
|
|
2024-10-20 11:23:04 -04:00
|
|
|
clientID, hasID := singleton.ServerUUIDToID[clientUUID]
|
2021-07-25 11:50:08 -04:00
|
|
|
if !hasID {
|
2024-11-22 09:40:43 -05:00
|
|
|
s := model.Server{UUID: clientUUID, Name: petname.Generate(2, "-")}
|
2024-10-20 11:23:04 -04:00
|
|
|
if err := singleton.DB.Create(&s).Error; err != nil {
|
2024-11-22 09:40:43 -05:00
|
|
|
return 0, status.Error(codes.Unauthenticated, err.Error())
|
2024-10-20 11:23:04 -04:00
|
|
|
}
|
|
|
|
s.Host = &model.Host{}
|
|
|
|
s.State = &model.HostState{}
|
|
|
|
s.TaskCloseLock = new(sync.Mutex)
|
2024-11-22 09:40:43 -05:00
|
|
|
// generate a random silly server name
|
2024-10-20 11:23:04 -04:00
|
|
|
singleton.ServerList[s.ID] = &s
|
|
|
|
singleton.ServerUUIDToID[clientUUID] = s.ID
|
2024-11-22 09:40:43 -05:00
|
|
|
singleton.ReSortServer()
|
2024-10-22 11:44:50 -04:00
|
|
|
clientID = s.ID
|
2019-12-07 05:14:40 -05:00
|
|
|
}
|
2024-10-20 11:23:04 -04:00
|
|
|
|
2021-01-30 04:10:51 -05:00
|
|
|
return clientID, nil
|
2019-12-07 05:14:40 -05:00
|
|
|
}
|