From f76deb88986b916f05c539f6d6d114111fd45626 Mon Sep 17 00:00:00 2001 From: fatedier Date: Tue, 15 Jan 2019 00:22:13 +0800 Subject: [PATCH] frps: remove auth timeout --- README.md | 4 ---- README_zh.md | 4 ---- cmd/frps/root.go | 3 --- conf/frps_full.ini | 4 ---- models/config/server_common.go | 12 ------------ server/dashboard_api.go | 2 -- server/service.go | 5 ----- web/frps/src/components/Overview.vue | 5 ----- 8 files changed, 39 deletions(-) diff --git a/README.md b/README.md index fdef5c7e..d78e6485 100644 --- a/README.md +++ b/README.md @@ -396,10 +396,6 @@ Then visit `http://[server_addr]:7500` to see dashboard, default username and pa Since v0.10.0, you only need to set `token` in frps.ini and frpc.ini. -Note that time duration between server of frpc and frps mustn't exceed 15 minutes because timestamp is used for authentication. - -Howerver, this timeout duration can be modified by setting `authentication_timeout` in frps's configure file. It's defalut value is 900, means 15 minutes. If it is equals 0, then frps will not check authentication timeout. - ### Encryption and Compression Defalut value is false, you could decide if the proxy will use encryption or compression: diff --git a/README_zh.md b/README_zh.md index a97b04db..76c67415 100644 --- a/README_zh.md +++ b/README_zh.md @@ -412,10 +412,6 @@ dashboard_pwd = admin 从 v0.10.0 版本开始,所有 proxy 配置全部放在客户端(也就是之前版本的特权模式),服务端和客户端的 common 配置中的 `token` 参数一致则身份验证通过。 -需要注意的是 frpc 所在机器和 frps 所在机器的时间相差不能超过 15 分钟,因为时间戳会被用于加密验证中,防止报文被劫持后被其他人利用。 - -这个超时时间可以在配置文件中通过 `authentication_timeout` 这个参数来修改,单位为秒,默认值为 900,即 15 分钟。如果修改为 0,则 frps 将不对身份验证报文的时间戳进行超时校验。 - ### 加密与压缩 这两个功能默认是不开启的,需要在 frpc.ini 中通过配置来为指定的代理启用加密与压缩的功能,压缩算法使用 snappy: diff --git a/cmd/frps/root.go b/cmd/frps/root.go index 11368b25..573417f7 100644 --- a/cmd/frps/root.go +++ b/cmd/frps/root.go @@ -54,7 +54,6 @@ var ( logLevel string logMaxDays int64 token string - authTimeout int64 subDomainHost string tcpMux bool allowPorts string @@ -82,7 +81,6 @@ func init() { rootCmd.PersistentFlags().StringVarP(&logLevel, "log_level", "", "info", "log level") rootCmd.PersistentFlags().Int64VarP(&logMaxDays, "log_max_days", "", 3, "log_max_days") rootCmd.PersistentFlags().StringVarP(&token, "token", "t", "", "auth token") - rootCmd.PersistentFlags().Int64VarP(&authTimeout, "auth_timeout", "", 900, "auth timeout") rootCmd.PersistentFlags().StringVarP(&subDomainHost, "subdomain_host", "", "", "subdomain host") rootCmd.PersistentFlags().StringVarP(&allowPorts, "allow_ports", "", "", "allow ports") rootCmd.PersistentFlags().Int64VarP(&maxPortsPerClient, "max_ports_per_client", "", 0, "max ports per client") @@ -173,7 +171,6 @@ func parseServerCommonCfgFromCmd() (err error) { g.GlbServerCfg.LogLevel = logLevel g.GlbServerCfg.LogMaxDays = logMaxDays g.GlbServerCfg.Token = token - g.GlbServerCfg.AuthTimeout = authTimeout g.GlbServerCfg.SubDomainHost = subDomainHost if len(allowPorts) > 0 { // e.g. 1000-2000,2001,2002,3000-4000 diff --git a/conf/frps_full.ini b/conf/frps_full.ini index a1fc50c9..d45bb0af 100644 --- a/conf/frps_full.ini +++ b/conf/frps_full.ini @@ -59,10 +59,6 @@ max_pool_count = 5 # max ports can be used for each client, default value is 0 means no limit max_ports_per_client = 0 -# authentication_timeout means the timeout interval (seconds) when the frpc connects frps -# if authentication_timeout is zero, the time is not verified, default is 900s -authentication_timeout = 900 - # if subdomain_host is not empty, you can set subdomain when type is http or https in frpc's configure file # when subdomain is test, the host used by routing is test.frps.com subdomain_host = frps.com diff --git a/models/config/server_common.go b/models/config/server_common.go index 9df432ed..9587f8af 100644 --- a/models/config/server_common.go +++ b/models/config/server_common.go @@ -67,7 +67,6 @@ type ServerCommonConf struct { LogLevel string `json:"log_level"` LogMaxDays int64 `json:"log_max_days"` Token string `json:"token"` - AuthTimeout int64 `json:"auth_timeout"` SubDomainHost string `json:"subdomain_host"` TcpMux bool `json:"tcp_mux"` @@ -98,7 +97,6 @@ func GetDefaultServerConf() *ServerCommonConf { LogLevel: "info", LogMaxDays: 3, Token: "", - AuthTimeout: 900, SubDomainHost: "", TcpMux: true, AllowPorts: make(map[int]struct{}), @@ -285,16 +283,6 @@ func UnmarshalServerConfFromIni(defaultCfg *ServerCommonConf, content string) (c } } - if tmpStr, ok = conf.Get("common", "authentication_timeout"); ok { - v, errRet := strconv.ParseInt(tmpStr, 10, 64) - if errRet != nil { - err = fmt.Errorf("Parse conf error: authentication_timeout is incorrect") - return - } else { - cfg.AuthTimeout = v - } - } - if tmpStr, ok = conf.Get("common", "subdomain_host"); ok { cfg.SubDomainHost = strings.ToLower(strings.TrimSpace(tmpStr)) } diff --git a/server/dashboard_api.go b/server/dashboard_api.go index cc7e7bb6..d51389f8 100644 --- a/server/dashboard_api.go +++ b/server/dashboard_api.go @@ -41,7 +41,6 @@ type ServerInfoResp struct { VhostHttpPort int `json:"vhost_http_port"` VhostHttpsPort int `json:"vhost_https_port"` KcpBindPort int `json:"kcp_bind_port"` - AuthTimeout int64 `json:"auth_timeout"` SubdomainHost string `json:"subdomain_host"` MaxPoolCount int64 `json:"max_pool_count"` MaxPortsPerClient int64 `json:"max_ports_per_client"` @@ -74,7 +73,6 @@ func (svr *Service) ApiServerInfo(w http.ResponseWriter, r *http.Request) { VhostHttpPort: cfg.VhostHttpPort, VhostHttpsPort: cfg.VhostHttpsPort, KcpBindPort: cfg.KcpBindPort, - AuthTimeout: cfg.AuthTimeout, SubdomainHost: cfg.SubDomainHost, MaxPoolCount: cfg.MaxPoolCount, MaxPortsPerClient: cfg.MaxPortsPerClient, diff --git a/server/service.go b/server/service.go index 8befe7e3..bbeb8b1a 100644 --- a/server/service.go +++ b/server/service.go @@ -324,11 +324,6 @@ func (svr *Service) RegisterControl(ctlConn frpNet.Conn, loginMsg *msg.Login) (e } // Check auth. - nowTime := time.Now().Unix() - if g.GlbServerCfg.AuthTimeout != 0 && nowTime-loginMsg.Timestamp > g.GlbServerCfg.AuthTimeout { - err = fmt.Errorf("authorization timeout") - return - } if util.GetAuthKey(g.GlbServerCfg.Token, loginMsg.Timestamp) != loginMsg.PrivilegeKey { err = fmt.Errorf("authorization failed") return diff --git a/web/frps/src/components/Overview.vue b/web/frps/src/components/Overview.vue index cdc79541..e4b8dfaa 100644 --- a/web/frps/src/components/Overview.vue +++ b/web/frps/src/components/Overview.vue @@ -19,9 +19,6 @@ {{ vhost_https_port }} - - {{ auth_timeout }} - {{ subdomain_host }} @@ -64,7 +61,6 @@ bind_udp_port: '', vhost_http_port: '', vhost_https_port: '', - auth_timeout: '', subdomain_host: '', max_pool_count: '', max_ports_per_client: '', @@ -100,7 +96,6 @@ if (this.vhost_https_port == 0) { this.vhost_https_port = "disable" } - this.auth_timeout = json.auth_timeout this.subdomain_host = json.subdomain_host this.max_pool_count = json.max_pool_count this.max_ports_per_client = json.max_ports_per_client