feat: gateway authentication

surgioproject · Oct 28, 2019 · 48d5371 · 48d5371
1 parent bc4e9fc
commit 48d5371
Show file tree

Hide file tree

Showing 6 changed files with 45 additions and 14 deletions.
diff --git a/lib/gateway/index.ts b/lib/gateway/index.ts
@@ -94,6 +94,20 @@ export const createHttpServer = () => {
  const config = loadConfig(cwd, configFile);
  const surgioServer = new Server(config);
 
+ if (config.gateway && config.gateway.auth) {
+ router.use((() => {
+ return async (ctx, next) => {
+ const accessToken = ctx.query.access_token;
+
+ if (accessToken === config.gateway.accessToken) {
+ await next();
+ } else {
+ ctx.throw(401);
+ }
+ };
+ })());
+ }
+
  router.use((() => {
  return async (_, next) => {
  await surgioServer.init();

diff --git a/lib/gateway/server.ts b/lib/gateway/server.ts
@@ -135,7 +135,7 @@ export class Server {
  const artifactName = ctx.params.name;
 
  if (!artifactName) {
- ctx.status = 400;
+ ctx.throw(400);
  return;
  }
 
@@ -151,7 +151,7 @@ export class Server {
 
  ctx.body = result;
  } else {
- ctx.status = 404;
+ ctx.throw(404);
  }
  }
 
@@ -160,18 +160,12 @@ export class Server {
  autoescape: false,
  });
  const artifactListTpl = require('./template/artifact-list').default;
+ const accessToken = this.config.gateway && this.config.gateway.accessToken;
 
  ctx.body = engine.renderString(artifactListTpl, {
  artifactList: this.artifactList,
- getPreviewUrl: (name: string) => getDownloadUrl(this.config.urlBase, name),
- getDownloadUrl: (name: string) => (
- url.format({
- pathname: `/get-artifact/${name}`,
- query: {
- dl: '1',
- },
- })
- ),
+ getPreviewUrl: (name: string) => getDownloadUrl(this.config.urlBase, name, true, accessToken),
+ getDownloadUrl: (name: string) => getDownloadUrl(this.config.urlBase, name, false, accessToken),
  encodeURIComponent,
  surgioVersion: require('../../package.json').version,
  });

diff --git a/lib/generate.ts b/lib/generate.ts
@@ -83,6 +83,8 @@ export async function generate(
  assert(template, '必须指定 artifact 的 template 属性');
  assert(artifact.provider, '必须指定 artifact 的 provider 属性');
 
+ const gatewayConfig = config.gateway;
+ const gatewayHasToken: boolean = !!(gatewayConfig && gatewayConfig.accessToken);
  const combineProviders = artifact.combineProviders || [];
  const providerList = [artifact.provider].concat(combineProviders);
  const nodeList: PossibleNodeConfigType[] = [];
@@ -164,7 +166,7 @@ export async function generate(
 
  try {
  return templateEngine.render(`${template}.tpl`, {
- downloadUrl: getDownloadUrl(config.urlBase, artifactName),
+ downloadUrl: getDownloadUrl(config.urlBase, artifactName, true, gatewayHasToken ? gatewayConfig.accessToken : undefined),
  nodes: nodeList,
  names: nodeNameList,
  remoteSnippets: _.keyBy(remoteSnippetList, item => {
@@ -174,7 +176,7 @@ export async function generate(
  provider: artifact.provider,
  providerName: artifact.provider,
  artifactName,
- getDownloadUrl: (name: string) => getDownloadUrl(config.urlBase, name),
+ getDownloadUrl: (name: string) => getDownloadUrl(config.urlBase, name, true, gatewayHasToken ? gatewayConfig.accessToken : undefined),
  getNodeNames,
  getClashNodes,
  getClashNodeNames,

diff --git a/lib/types.ts b/lib/types.ts
@@ -23,6 +23,7 @@ export interface CommandConfig {
  readonly providerDir: string;
  readonly templateDir: string;
  readonly configDir: string;
+ readonly analytics?: boolean;
  readonly upload?: {
  readonly prefix: string;
  readonly region: string;
@@ -38,6 +39,10 @@ export interface CommandConfig {
  readonly surgeConfig?: {
  readonly v2ray: 'native'|'external';
  };
+ readonly gateway?: {
+ readonly accessToken?: string;
+ readonly auth?: boolean;
+ },
 }
 
 export interface RemoteSnippetConfig {

diff --git a/lib/utils/config.ts b/lib/utils/config.ts
@@ -69,6 +69,10 @@ export const validateConfig = (userConfig: Partial<CommandConfig>): void => {
  v2ray: Joi.string().valid('native', 'external')
  }),
  analytics: Joi.boolean(),
+ gateway: Joi.object({
+ accessToken: Joi.string(),
+ auth: Joi.boolean(),
+ }),
  })
  .unknown();
 

diff --git a/lib/utils/index.ts b/lib/utils/index.ts
@@ -41,7 +41,19 @@ const ConfigCache = new LRU<string, any>({
 // istanbul ignore next
 export const resolveRoot = (...args: readonly string[]): string => path.join(__dirname, '../../', ...args);
 
-export const getDownloadUrl = (baseUrl: string = '/', artifactName: string): string => `${baseUrl}${artifactName}`;
+export const getDownloadUrl = (baseUrl: string = '/', artifactName: string, inline: boolean = true, accessToken?: string): string => {
+ const urlObject = URL.parse(`${baseUrl}${artifactName}`, true);
+
+ if (accessToken) {
+ urlObject.query.access_token = accessToken;
+ }
+
+ if (!inline) {
+ urlObject.query.dl = '1';
+ }
+
+ return URL.format(urlObject);
+};
 
 export const getBlackSSLConfig = async (config: {
  readonly username: string;