[add] auth

gumeniukcom · May 28, 2018 · e91d5f4 · e91d5f4
1 parent e4aebae
commit e91d5f4
Show file tree

Hide file tree

Showing 13 changed files with 235 additions and 79 deletions.
diff --git a/.gometalinter.json b/.gometalinter.json
@@ -0,0 +1,41 @@
+{
+  "Vendor": true,
+  "Deadline": "2m",
+  "Sort": [
+    "linter",
+    "severity",
+    "path",
+    "line"
+  ],
+  "Exclude": [
+    "vendor"
+  ],
+  "EnableGC": true,
+  "Linters": {
+    "nakedret": {
+      "Command": "nakedret",
+      "Pattern": "^(?P<path>.*?\\.go):(?P<line>\\d+)\\s*(?P<message>.*)$"
+    }
+  },
+  "WarnUnmatchedDirective": true,
+  "DisableAll": true,
+  "Enable": [
+    "deadcode",
+    "gocyclo",
+    "gofmt",
+    "goimports",
+    "golint",
+    "gosimple",
+    "ineffassign",
+    "interfacer",
+    "lll",
+    "misspell",
+    "nakedret",
+    "unconvert",
+    "unparam",
+    "unused",
+    "vet"
+  ],
+  "Cyclo": 16,
+  "LineLength": 100
+}
diff --git a/BENCHMARKS.md b/BENCHMARKS.md
@@ -4,7 +4,7 @@ go test -bench=. -benchmem `go list ./... | grep -v vendor`
 goos: darwin
 goarch: amd64
 pkg: github.com/vigo5190/go-socks5/proxy
-BenchmarkProxy_Start-8             10000            161408 ns/op            5131 B/op         66 allocs/op
-BenchmarkAuth_Auth-8             3000000               441 ns/op             104 B/op          4 allocs/op
+BenchmarkProxy_Start-8             10000            145070 ns/op            5130 B/op         66 allocs/op
+BenchmarkAuth_Auth-8             3000000               499 ns/op              96 B/op          3 allocs/op
 PASS
 ```
diff --git a/Makefile b/Makefile
@@ -24,6 +24,9 @@ vet:
 lint:
 	golint $(GOFILES)
 
+metalint:
+	gometalinter  ./...
+
 docker:
 	docker build -t $(IMAGE) .
 
@@ -36,4 +39,4 @@ docker-push:
 travis:  lint vet test
 	echo "done all"
 
-pre: fmt lint vet test bench
+pre: fmt lint vet metalint test bench
diff --git a/README.md b/README.md
@@ -13,17 +13,35 @@ How to use
     docker run -d -p 5190:8008 vigo5190/gosocks5
 ```
 
-How to use (not docker)
-------------------------
-
-Build:
+How to build (local)
+----
 
 ```bash
     make
 ```
 
-Run:
 
+Configuration
+--------------
+
+By default your app run on `0.0.0.0:8008` without auth
+
+How to get password :
 ```bash
-    ./go-socks5 -port=8009 -addr=0.0.0.0
+    htpasswd -nbs  yourUsername yourPassword
+```
+
+You will get something like : `yourUsername:{SHA}pNvEyEKjh5XJ9cGgtK0l0WiuwmM=`
+You need part after `:{SHA}`. for this example its `pNvEyEKjh5XJ9cGgtK0l0WiuwmM=
+`
+
+Example:
+
+```toml
+listen ="0.0.0.0:8008"
+
+auth = true
+[[users]]
+    login = "vigo5190"
+    pass = "Ys23Ag/5IOWqZCw9QGaVDdHwH00="
 ```
diff --git a/config.toml b/config.toml
@@ -1 +1,3 @@
-listen ="0.0.0.0:8008"
+listen ="0.0.0.0:8008"
+
+auth = false
diff --git a/proxy/app.go b/proxy/app.go
@@ -6,13 +6,34 @@ import (
 
 //Proxy is main struct for all magic
 type Proxy struct {
-	Listen string `toml:"listen"`
+	Listen     string `toml:"listen"`
+	AuthEnable bool   `toml:"auth"`
+	Users      []user `toml:"users"`
+}
+
+type user struct {
+	Login string `toml:"login"`
+	Pass  string `toml:"pass"`
 }
 
 //Start method for start proxy
 func (p *Proxy) Start() {
-	server := &Server{}
+
+	server := &Server{
+		auth: p.authorizer(),
+	}
 
 	log.Info().Msgf("start %s", p.Listen)
 	server.ListenAndServe("tcp", p.Listen)
 }
+
+func (p *Proxy) authorizer() Authorizer {
+	upmap := map[string]string{}
+	for _, u := range p.Users {
+		upmap[u.Login] = u.Pass
+	}
+	return &Auth{
+		Users:      upmap,
+		AuthEnable: p.AuthEnable,
+	}
+}
diff --git a/proxy/auth.go b/proxy/auth.go
@@ -3,21 +3,30 @@ package proxy
 import (
 	"crypto/sha1"
 	"encoding/base64"
-	"sync"
 	"hash"
+	"sync"
 )
 
-type Auther interface {
-	Auth(login, pass string) bool
+//Authorizer interface for auth
+type Authorizer interface {
+	AuthLoginPassword(login string, pass []byte) bool
+	ShouldAuth() bool
 }
 
+//Auth container for auth info
 type Auth struct {
 	AuthEnable bool
 	Users      map[string]string
-	Shapool    sync.Pool
+	shapool    sync.Pool
 }
 
-func (p *Auth) Auth(login, pass string) bool {
+//ShouldAuth return true if aith enable
+func (p *Auth) ShouldAuth() bool {
+	return p.AuthEnable
+}
+
+//AuthLoginPassword return true if auth enable and login/password corrected
+func (p *Auth) AuthLoginPassword(login string, pass []byte) bool {
 	if !p.AuthEnable {
 		return true
 	}
@@ -33,17 +42,18 @@ func (p *Auth) Auth(login, pass string) bool {
 	return hashedPass == spass
 }
 
-func (p *Auth) hashSha(password string) string {
-	s := p.Shapool.Get()
+func (p *Auth) hashSha(password []byte) string {
+	s := p.shapool.Get()
 	if s == nil {
 		s = sha1.New()
 	}
 
 	ss := s.(hash.Hash)
+	defer ss.Reset()
+	defer p.shapool.Put(ss)
+
+	ss.Write(password)
+	passwordSum := ss.Sum(nil)
 
-	ss.Write([]byte(password))
-	passwordSum := []byte(ss.Sum(nil))
-	ss.Reset()
-	p.Shapool.Put(s)
 	return base64.StdEncoding.EncodeToString(passwordSum)
 }
diff --git a/proxy/auth_test.go b/proxy/auth_test.go
@@ -6,19 +6,19 @@ func TestProxy_Auth(t *testing.T) {
 	p := Auth{
 		AuthEnable: true,
 		Users: map[string]string{
-			"foo":"Ys23Ag/5IOWqZCw9QGaVDdHwH00=",
+			"foo": "Ys23Ag/5IOWqZCw9QGaVDdHwH00=",
 		},
 	}
 
-	if !p.Auth("foo", "bar") {
+	if !p.AuthLoginPassword("foo", []byte("bar")) {
 		t.Error("expected auth true, got false")
 	}
 
-	if p.Auth("foo", "bar1") {
+	if p.AuthLoginPassword("foo", []byte("bar1")) {
 		t.Error("expected auth false, got true")
 	}
 
-	if p.Auth("fooq", "bar") {
+	if p.AuthLoginPassword("fooq", []byte("bar")) {
 		t.Error("expected auth false, got true")
 	}
 }
@@ -27,32 +27,32 @@ func TestProxy_Auth2(t *testing.T) {
 	p := Auth{
 		AuthEnable: true,
 		Users: map[string]string{
-			"foo":"Ys23Ag/5IOWqZCw9QGaVDdHwH00=",
-			"bar":"C+7Hteo/D9vJXQ3UfzxbwnXaijM=",
+			"foo": "Ys23Ag/5IOWqZCw9QGaVDdHwH00=",
+			"bar": "C+7Hteo/D9vJXQ3UfzxbwnXaijM=",
 		},
 	}
 
-	if !p.Auth("foo", "bar") {
+	if !p.AuthLoginPassword("foo", []byte("bar")) {
 		t.Error("expected auth true, got false")
 	}
 
-	if p.Auth("foo", "bar1") {
+	if p.AuthLoginPassword("foo", []byte("bar1")) {
 		t.Error("expected auth false, got true")
 	}
 
-	if p.Auth("fooq", "bar") {
+	if p.AuthLoginPassword("fooq", []byte("bar")) {
 		t.Error("expected auth false, got true")
 	}
 
-	if !p.Auth("bar", "foo") {
+	if !p.AuthLoginPassword("bar", []byte("foo")) {
 		t.Error("expected auth true, got false")
 	}
 
-	if p.Auth("bar", "foo1") {
+	if p.AuthLoginPassword("bar", []byte("foo1")) {
 		t.Error("expected auth false, got true")
 	}
 
-	if p.Auth("bar1", "foo") {
+	if p.AuthLoginPassword("bar1", []byte("foo")) {
 		t.Error("expected auth false, got true")
 	}
 }
@@ -61,15 +61,14 @@ func BenchmarkAuth_Auth(b *testing.B) {
 	p := Auth{
 		AuthEnable: true,
 		Users: map[string]string{
-			"foo":"Ys23Ag/5IOWqZCw9QGaVDdHwH00=",
+			"foo": "Ys23Ag/5IOWqZCw9QGaVDdHwH00=",
 		},
 	}
-
+	pass := []byte("bar")
 	for n := 0; n < b.N; n++ {
-		if !p.Auth("foo", "bar") {
+		if !p.AuthLoginPassword("foo", pass) {
 			b.Error("expected auth true, got false")
 		}
 	}
 
-
-}
+}
diff --git a/proxy/command.go b/proxy/command.go
@@ -73,7 +73,7 @@ func (c *Command) connect() (rsp byte, err error) {
 
 	c.proxy()
 
-	return
+	return rspSuccess, nil
 }
 
 func (c *Command) proxy() {
-Original file line number
+Diff line change
@@ Expand Up / @@ -73,7 +73,7 @@ func (c *Command) connect() (rsp byte, err error) { @@
     	c.proxy()
-    	return
+    	return rspSuccess, nil
     }
     func (c *Command) proxy() {
@@ Expand Down @@