Support device authentication

Signed-off-by: Jianhui Zhao <[email protected]>
zhaojh329 · Apr 24, 2019 · ee2fd7e · ee2fd7e
1 parent 43ba54c
commit ee2fd7e
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 11 deletions.
diff --git a/client.go b/client.go
@@ -82,7 +82,14 @@ func (c *Client) writePump() {
 }
 
 /* serveWs handles websocket requests from the device or user. */
-func serveWs(br *Broker, w http.ResponseWriter, r *http.Request) {
+func serveWs(br *Broker, w http.ResponseWriter, r *http.Request, cfg *RttysConfig) {
+	token := r.Header.Get("Authorization")
+	if token != cfg.token {
+		log.Error("Invalid token from terminal device")
+		http.Error(w, "Forbidden", http.StatusForbidden)
+		return
+	}
+
 	keepalive, _ := strconv.Atoi(r.URL.Query().Get("keepalive"))
 	isDev := r.URL.Query().Get("device") != ""
 	devid := r.URL.Query().Get("devid")

diff --git a/http.go b/http.go
@@ -86,7 +86,7 @@ func httpStart(br *Broker, cfg *RttysConfig) {
 	staticfs := http.FileServer(statikFS)
 
 	http.HandleFunc("/ws", func(w http.ResponseWriter, r *http.Request) {
-		serveWs(br, w, r)
+		serveWs(br, w, r, cfg)
 	})
 
 	http.HandleFunc("/cmd", func(w http.ResponseWriter, r *http.Request) {

diff --git a/main.go b/main.go
@@ -25,6 +25,7 @@ import (
 	"encoding/binary"
 	"encoding/hex"
 	"flag"
+	"fmt"
 	"io"
 	"os"
 	"runtime"
@@ -42,6 +43,7 @@ type RttysConfig struct {
 	sslKey   string
 	username string
 	password string
+	token    string
 }
 
 func init() {
@@ -79,7 +81,7 @@ func genUniqueID(extra string) string {
 }
 
 func setConfigOpt(yamlCfg *yaml.File, name string, opt *string) {
-	val, err := yamlCfg.Get("addr")
+	val, err := yamlCfg.Get(name)
 	if err != nil {
 		return
 	}
@@ -92,17 +94,25 @@ func parseConfig() *RttysConfig {
 	flag.StringVar(&cfg.addr, "addr", ":5912", "address to listen")
 	flag.StringVar(&cfg.sslCert, "ssl-cert", "./rttys.crt", "certFile Path")
 	flag.StringVar(&cfg.sslKey, "ssl-key", "./rttys.key", "keyFile Path")
+	flag.StringVar(&cfg.token, "token", "", "token to use")
 	conf := flag.String("conf", "./rttys.conf", "config file to load")
+	genToken := flag.Bool("gen-token", false, "generate token")
 
 	flag.Parse()
 
+	if *genToken {
+		fmt.Println(genUniqueID("rttys-token"))
+		os.Exit(0)
+	}
+
 	yamlCfg, err := yaml.ReadFile(*conf)
 	if err == nil {
 		setConfigOpt(yamlCfg, "addr", &cfg.addr)
 		setConfigOpt(yamlCfg, "ssl-cert", &cfg.sslCert)
 		setConfigOpt(yamlCfg, "ssl-key", &cfg.sslKey)
 		setConfigOpt(yamlCfg, "username", &cfg.username)
 		setConfigOpt(yamlCfg, "password", &cfg.password)
+		setConfigOpt(yamlCfg, "token", &cfg.token)
 	}
 
 	return cfg

diff --git a/rttys.conf b/rttys.conf
@@ -1,8 +1,10 @@
-#addr: :5912
-
-# default from system
-#username: rttys
-#password: rttys
-
-#ssl-cert: /etc/rttys/rttys.crt
-#ssl-key: /etc/rttys/rttys.key
+#addr: :5912
+
+# default from system
+#username: rttys
+#password: rttys
+
+#ssl-cert: /etc/rttys/rttys.crt
+#ssl-key: /etc/rttys/rttys.key
+
+#token: a1d4cdb1a3cd6a0e94aa3599afcddcf5