Add auth request info expire time, if over expire time then auth failed

no-src · Dec 28, 2021 · b22baf3 · b22baf3
1 parent 697347f
commit b22baf3
Show file tree

Hide file tree

Showing 7 changed files with 59 additions and 17 deletions.
diff --git a/auth/auth.go b/auth/auth.go
@@ -8,21 +8,26 @@ import (
 // ParseAuthCommandData parse auth command request data
 func ParseAuthCommandData(data []byte) (user *HashUser, err error) {
 	authCmdLen := len(contract.AuthCommand)
-	length := authCmdLen + 16 + 16
+	length := authCmdLen + userNameHashLength + PasswordHashLength + expireLength
 	if len(data) != length {
 		return nil, fmt.Errorf("auth command data is invalid => [%s]", string(data))
 	}
 	user = &HashUser{
-		UserNameHash: string(data[authCmdLen : authCmdLen+16]),
-		PasswordHash: string(data[authCmdLen+16 : authCmdLen+32]),
+		UserNameHash: string(data[authCmdLen : authCmdLen+userNameHashLength]),
+		PasswordHash: string(data[authCmdLen+userNameHashLength : authCmdLen+userNameHashLength+PasswordHashLength]),
+		Expire:       string(data[authCmdLen+userNameHashLength+PasswordHashLength : length]),
 	}
 	return user, nil
 }
 
 // GenerateAuthCommandData generate auth command request data
-func GenerateAuthCommandData(userNameHash, passwordHash string) []byte {
+func GenerateAuthCommandData(user *HashUser) []byte {
+	if user == nil {
+		return nil
+	}
 	authData := contract.AuthCommand
-	authData = append(authData, []byte(userNameHash)...)
-	authData = append(authData, []byte(passwordHash)...)
+	authData = append(authData, []byte(user.UserNameHash)...)
+	authData = append(authData, []byte(user.PasswordHash)...)
+	authData = append(authData, []byte(user.Expire)...)
 	return authData
 }
diff --git a/auth/hash_user.go b/auth/hash_user.go
@@ -1,11 +1,45 @@
 package auth
 
+import (
+	"time"
+)
+
+const (
+	defaultExpireDuration = time.Second * 15
+	userNameHashLength    = 16
+	PasswordHashLength    = 16
+	expireLength          = 14
+	expireTimeFormat      = "20060102150405"
+)
+
 // HashUser store the hash info of User
 type HashUser struct {
 	// UserNameHash a 16 bytes hash of username
 	UserNameHash string
 	// PasswordHash a 16 bytes hash of password
 	PasswordHash string
+	// Expire 14 bytes auth request info expire time of utc, format like "20060102150405"
+	Expire string
+}
+
+// IsExpired auth request info is expired or not
+func (h *HashUser) IsExpired() bool {
+	if len(h.Expire) != expireLength {
+		return true
+	}
+	expire, err := time.Parse(expireTimeFormat, h.Expire)
+	if err != nil {
+		return true
+	}
+	return time.Now().UTC().After(expire)
+}
+
+func NewHashUser(userNameHash, passwordHash string) *HashUser {
+	return &HashUser{
+		UserNameHash: userNameHash,
+		PasswordHash: passwordHash,
+		Expire:       time.Now().UTC().Add(defaultExpireDuration).Format(expireTimeFormat),
+	}
 }
 
 // ToHashUserList convert User list to HashUser list

diff --git a/auth/user.go b/auth/user.go
@@ -32,17 +32,15 @@ func (user *User) Password() string {
 
 // ToHashUser convert User to HashUser
 func (user *User) ToHashUser() (hashUser *HashUser, err error) {
-	hashUser = &HashUser{}
-	hashUser.UserNameHash, err = util.MD5(user.userName)
+	userNameHash, err := util.MD5(user.userName)
 	if err != nil {
 		return nil, err
 	}
-	hashUser.PasswordHash, err = util.MD5(user.password)
+	passwordHash, err := util.MD5(user.password)
 	if err != nil {
 		return nil, err
 	}
-	hashUser.UserNameHash = hashUser.UserNameHash[:16]
-	hashUser.PasswordHash = hashUser.PasswordHash[:16]
+	hashUser = NewHashUser(userNameHash[:userNameHashLength], passwordHash[:PasswordHashLength])
 	return hashUser, err
 }
 

diff --git a/monitor/remote_client_monitor.go b/monitor/remote_client_monitor.go
@@ -61,7 +61,7 @@ func (m *remoteClientMonitor) auth() error {
 		return nil
 	}
 	go m.retry.Do(func() error {
-		authData := auth.GenerateAuthCommandData(m.currentUser.UserNameHash, m.currentUser.PasswordHash)
+		authData := auth.GenerateAuthCommandData(m.currentUser)
 		err := m.client.Write(authData)
 		return err
 	}, "send auth request")

diff --git a/sync/remote_server_sync.go b/sync/remote_server_sync.go
@@ -273,7 +273,7 @@ func (rs *remoteServerSync) authCommand(client *tran.Conn, data []byte) (cmd con
 	authData := contract.FailStatus(contract.AuthApi)
 	hashUser, err := auth.ParseAuthCommandData(data)
 	if err == nil && client != nil {
-		if rs.server.Auth(hashUser.UserNameHash, hashUser.PasswordHash) {
+		if rs.server.Auth(hashUser) {
 			client.MarkAuthorized(hashUser.UserNameHash, hashUser.PasswordHash)
 			authData = contract.SuccessStatus(contract.AuthApi)
 		}

diff --git a/tran/server.go b/tran/server.go
@@ -1,5 +1,7 @@
 package tran
 
+import "github.com/no-src/gofs/auth"
+
 // Server a network communication server
 type Server interface {
 	// Listen listen the specified port to wait client connect
@@ -17,5 +19,5 @@ type Server interface {
 	// Close close the server
 	Close() error
 	// Auth client sign in
-	Auth(userName, password string) bool
+	Auth(user *auth.HashUser) bool
 }
diff --git a/tran/tcpserver.go b/tran/tcpserver.go
@@ -175,16 +175,19 @@ func (srv *tcpServer) Close() error {
 	return srv.listener.Close()
 }
 
-func (srv *tcpServer) Auth(userNameHash, passwordHash string) bool {
+func (srv *tcpServer) Auth(user *auth.HashUser) bool {
 	if len(srv.users) == 0 {
 		return true
 	}
-	if len(userNameHash) == 0 || len(passwordHash) == 0 {
+	if user == nil || len(user.UserNameHash) == 0 || len(user.PasswordHash) == 0 {
+		return false
+	}
+	if user.IsExpired() {
 		return false
 	}
 	var loginUser *auth.HashUser
 	for _, user := range srv.users {
-		if user.UserNameHash == userNameHash && user.PasswordHash == passwordHash {
+		if user.UserNameHash == user.UserNameHash && user.PasswordHash == user.PasswordHash {
 			loginUser = user
 		}
 	}