some ground work to support authentcation on the control channel

2025-01-28 12:43:03 +09:00 · 2025-01-28 12:43:03 +09:00 · a97be385ec
commit a97be385ec
parent d3afe29d5a
5 changed files with 66 additions and 21 deletions
--- a/cmd/config.go
+++ b/cmd/config.go
@ -2,12 +2,14 @@ package main
 import "crypto/tls"
 import "crypto/x509"
 import "encoding/base64"
 import "errors"
 import "fmt"
 import "hodu"
 import "io"
 import "io/ioutil"
 import "os"
 import "strings"
 import "time"
 import "gopkg.in/yaml.v3"
@ -45,8 +47,7 @@ type ClientTLSConfig struct {
 type BasicAuthConfig struct {
 	Enabled bool `yaml:"enabled"`
 	Realm string `yaml:"realm"`
-	Users []string `yaml:"users"`
+	Creds []string `yaml:"credentials"`
 	UserFile string `yaml:"user-file"`
 }
 type CTLServiceConfig struct {
@ -342,3 +343,30 @@ func make_tls_client_config(cfg *ClientTLSConfig) (*tls.Config, error) {
 	return tlscfg, nil
 }
 // --------------------------------------------------------------------
 func make_server_basic_auth_config(cfg *BasicAuthConfig) (*hodu.ServerBasicAuth, error) {
 	var config hodu.ServerBasicAuth
 	var cred string
 	var b []byte
 	var x []string
 	var err error
 	config.Enabled = cfg.Enabled
 	config.Realm = cfg.Realm
 	for _, cred = range cfg.Creds {
 		b, err = base64.StdEncoding.DecodeString(cred)
 		if err == nil { cred = string(b) }
 		// each entry must be of the form username:password
 		x = strings.Split(cred, ":")
 		if len(x) != 2 {
 			return nil, fmt.Errorf("invalid basic auth credential - %s", cred)
 		}
 		config.Creds = append(config.Creds, hodu.ServerBasicAuthCred{ Username: x[0], Password: x[1] })
 	}
 	return &config, nil
 }
--- a/cmd/main.go
+++ b/cmd/main.go
@ -93,7 +93,7 @@ func server_main(ctl_addrs []string, rpc_addrs []string, pxy_addrs []string, wpx
 	var s *hodu.Server
 	var config *hodu.ServerConfig
 	var logger *AppLogger
-	var log_mask hodu.LogMask
+	var logmask hodu.LogMask
 	var logfile string
 	var logfile_maxsize int64
 	var logfile_rotate int
@ -101,7 +101,7 @@ func server_main(ctl_addrs []string, rpc_addrs []string, pxy_addrs []string, wpx
 	var xterm_html string
 	var err error
-	log_mask = hodu.LOG_ALL
+	logmask = hodu.LOG_ALL
 	config = &hodu.ServerConfig{
 		CtlAddrs: ctl_addrs,
@ -125,12 +125,15 @@ func server_main(ctl_addrs []string, rpc_addrs []string, pxy_addrs []string, wpx
 		if len(config.PxyAddrs) <= 0 { config.PxyAddrs = cfg.PXY.Service.Addrs }
 		if len(config.WpxAddrs) <= 0 { config.WpxAddrs = cfg.WPX.Service.Addrs }
 		config.CtlBasicAuth, err = make_server_basic_auth_config(&cfg.CTL.Service.BasicAuth)
 		if err != nil { return err }
 		config.CtlPrefix = cfg.CTL.Service.Prefix
 		config.RpcMaxConns = cfg.APP.MaxRpcConns
 		config.MaxPeers = cfg.APP.MaxPeers
 		xterm_html_file = cfg.APP.XtermHtmlFile
-		log_mask = log_strings_to_mask(cfg.APP.LogMask)
+		logmask = log_strings_to_mask(cfg.APP.LogMask)
 		logfile = cfg.APP.LogFile
 		logfile_maxsize = cfg.APP.LogMaxSize
 		logfile_rotate = cfg.APP.LogRotate
@ -141,9 +144,9 @@ func server_main(ctl_addrs []string, rpc_addrs []string, pxy_addrs []string, wpx
 	}
 	if logfile == "" {
-		logger = NewAppLogger("server", os.Stderr, log_mask)
+		logger = NewAppLogger("server", os.Stderr, logmask)
 	} else {
-		logger, err = NewAppLoggerToFile("server", logfile, logfile_maxsize, logfile_rotate, log_mask)
+		logger, err = NewAppLoggerToFile("server", logfile, logfile_maxsize, logfile_rotate, logmask)
 		if err != nil {
 			return fmt.Errorf("failed to initialize logger - %s", err.Error())
 		}
@ -158,13 +161,9 @@ func server_main(ctl_addrs []string, rpc_addrs []string, pxy_addrs []string, wpx
 		xterm_html = string(tmp)
 	}
-	s, err = hodu.NewServer(
+	s, err = hodu.NewServer(context.Background(), HODU_NAME, logger, config)
 		context.Background(),
 		HODU_NAME,
 		logger,
 		config)
 	if err != nil {
-		return fmt.Errorf("failed to create new server - %s", err.Error())
+		return fmt.Errorf("failed to create server - %s", err.Error())
 	}
 	if xterm_html != "" { s.SetXtermHtml(xterm_html) }
@ -251,7 +250,7 @@ func client_main(ctl_addrs []string, rpc_addrs []string, route_configs []string,
 	var ctl_prefix string
 	var cc hodu.ClientConfig
 	var logger *AppLogger
-	var log_mask hodu.LogMask
+	var logmask hodu.LogMask
 	var logfile string
 	var logfile_maxsize int64
 	var logfile_rotate int
@ -261,7 +260,7 @@ func client_main(ctl_addrs []string, rpc_addrs []string, route_configs []string,
 	var i int
 	var err error
-	log_mask = hodu.LOG_ALL
+	logmask = hodu.LOG_ALL
 	if cfg != nil {
 		ctltlscfg, err = make_tls_server_config(&cfg.CTL.TLS)
 		if err != nil {
@ -278,7 +277,7 @@ func client_main(ctl_addrs []string, rpc_addrs []string, route_configs []string,
 		cc.ServerSeedTmout = cfg.RPC.Endpoint.SeedTmout
 		cc.ServerAuthority = cfg.RPC.Endpoint.Authority
-		log_mask = log_strings_to_mask(cfg.APP.LogMask)
+		logmask = log_strings_to_mask(cfg.APP.LogMask)
 		logfile = cfg.APP.LogFile
 		logfile_maxsize = cfg.APP.LogMaxSize
 		logfile_rotate = cfg.APP.LogRotate
@ -299,9 +298,9 @@ func client_main(ctl_addrs []string, rpc_addrs []string, route_configs []string,
 	}
 	if logfile == "" {
-		logger = NewAppLogger("client", os.Stderr, log_mask)
+		logger = NewAppLogger("client", os.Stderr, logmask)
 	} else {
-		logger, err = NewAppLoggerToFile("client", logfile, logfile_maxsize, logfile_rotate, log_mask)
+		logger, err = NewAppLoggerToFile("client", logfile, logfile_maxsize, logfile_rotate, logmask)
 		if err != nil {
 			return fmt.Errorf("failed to initialize logger - %s", err.Error())
 		}
--- a/server-ctl.go
+++ b/server-ctl.go
@ -62,6 +62,17 @@ func (ctl *server_ctl) Id() string {
 	return ctl.id
 }
 func (ctl *server_ctl) Authenticate(req *http.Request) bool {
 	var s *Server
 	s = ctl.s
 	if s.cfg.CtlBasicAuth != nil && s.cfg.CtlBasicAuth.Enabled {
 		// perform basic authentication
 	}
 	return true
 }
 // ------------------------------------
 func (ctl *server_ctl_server_conns) ServeHTTP(w http.ResponseWriter, req *http.Request) (int, error) {
--- a/server-proxy.go
+++ b/server-proxy.go
@ -184,10 +184,16 @@ func mutate_proxy_req_headers(req *http.Request, newreq *http.Request, path_pref
 	return upgrade_required
 }
 // ------------------------------------
 func (pxy *server_proxy) Id() string {
 	return pxy.id
 }
 func (pxy *server_proxy) Authenticate(req *http.Request) bool {
 	return true
 }
 // ------------------------------------
 func prevent_follow_redirect (req *http.Request, via []*http.Request) error {
--- a/server.go
+++ b/server.go
@ -42,7 +42,7 @@ type ServerSvcPortMap = map[PortId]ConnRouteId
 type ServerWpxResponseTransformer func(r *ServerRouteProxyInfo, resp *http.Response) io.Reader
 type ServerWpxForeignPortProxyMaker func(wpx_type string, port_id string) (*ServerRouteProxyInfo, error)
-type ServerBasicAuthUser struct {
+type ServerBasicAuthCred struct {
 	Username string
 	Password string
 }
@ -50,7 +50,7 @@ type ServerBasicAuthUser struct {
 type ServerBasicAuth struct {
 	Enabled bool
 	Realm string
-	User []ServerBasicAuthUser
+	Creds []ServerBasicAuthCred
 }
 type ServerConfig struct {
@ -62,7 +62,7 @@ type ServerConfig struct {
 	CtlAddrs []string
 	CtlTls *tls.Config
 	CtlPrefix string
-	CtlBasicAuth ServerBasicAuth
+	CtlBasicAuth *ServerBasicAuth
 	PxyAddrs []string
 	PxyTls *tls.Config
@ -953,6 +953,7 @@ func (hlw *server_http_log_writer) Write(p []byte) (n int, err error) {
 type ServerHttpHandler interface {
 	Id() string
 	Authenticate(req *http.Request) bool
 	ServeHTTP (w http.ResponseWriter, req *http.Request) (int, error)
 }