mirror of
https://github.com/bjdgyc/anylink.git
synced 2025-09-10 12:56:19 +08:00
新增客户端证书认证的功能
This commit is contained in:
wsczx
@@ -55,6 +55,19 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
base.Trace(fmt.Sprintf("%+v \n", cr))
|
||||
// 用户活动日志
|
||||
ua := &dbdata.UserActLog{
|
||||
Username: cr.Auth.Username,
|
||||
GroupName: cr.GroupSelect,
|
||||
RemoteAddr: r.RemoteAddr,
|
||||
Status: dbdata.UserAuthSuccess,
|
||||
DeviceType: cr.DeviceId.DeviceType,
|
||||
PlatformVersion: cr.DeviceId.PlatformVersion,
|
||||
}
|
||||
sessionData := &AuthSession{
|
||||
ClientRequest: cr,
|
||||
UserActLog: ua,
|
||||
}
|
||||
// setCommonHeader(w)
|
||||
if cr.Type == "logout" {
|
||||
// 退出删除session信息
|
||||
@@ -64,6 +77,25 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(http.StatusOK)
|
||||
return
|
||||
}
|
||||
// 检查客户端证书认证
|
||||
if r.TLS != nil && len(r.TLS.PeerCertificates) > 0 {
|
||||
clientCert := r.TLS.PeerCertificates[0]
|
||||
username := clientCert.Subject.CommonName
|
||||
|
||||
// 验证证书有效性和用户状态
|
||||
if dbdata.ValidateClientCert(clientCert, userAgent) {
|
||||
// 证书认证成功,创建会话
|
||||
base.Info("用户通过证书认证:", username)
|
||||
|
||||
ua.Username = username
|
||||
ua.Info = "用户通过证书认证登录"
|
||||
ua.Status = dbdata.UserConnected
|
||||
dbdata.UserActLogIns.Add(*ua, userAgent)
|
||||
|
||||
CreateSession(w, r, sessionData)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
if cr.Type == "init" {
|
||||
w.WriteHeader(http.StatusOK)
|
||||
@@ -84,22 +116,8 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
// 用户活动日志
|
||||
ua := &dbdata.UserActLog{
|
||||
Username: cr.Auth.Username,
|
||||
GroupName: cr.GroupSelect,
|
||||
RemoteAddr: r.RemoteAddr,
|
||||
Status: dbdata.UserAuthSuccess,
|
||||
DeviceType: cr.DeviceId.DeviceType,
|
||||
PlatformVersion: cr.DeviceId.PlatformVersion,
|
||||
}
|
||||
|
||||
sessionData := &AuthSession{
|
||||
ClientRequest: cr,
|
||||
UserActLog: ua,
|
||||
}
|
||||
// TODO 用户密码校验
|
||||
ext := map[string]interface{}{"mac_addr": cr.MacAddressList.MacAddress}
|
||||
ext := map[string]any{"mac_addr": cr.MacAddressList.MacAddress}
|
||||
err = dbdata.CheckUser(cr.Auth.Username, cr.Auth.Password, cr.GroupSelect, ext)
|
||||
if err != nil {
|
||||
lockManager.UpdateLoginStatus(cr.Auth.Username, r.RemoteAddr, false) // 记录登录失败状态
|
||||
|
||||
@@ -66,6 +66,8 @@ func startTls() {
|
||||
NextProtos: []string{"http/1.1"},
|
||||
MinVersion: tls.VersionTLS12,
|
||||
CipherSuites: selectedCipherSuites,
|
||||
ClientAuth: tls.VerifyClientCertIfGiven, // 验证客户端证书
|
||||
ClientCAs: dbdata.LoadClientCAPool(), // 加载客户端CA证书
|
||||
GetCertificate: func(chi *tls.ClientHelloInfo) (*tls.Certificate, error) {
|
||||
base.Trace("GetCertificate ServerName", chi.ServerName)
|
||||
return dbdata.GetCertificateBySNI(chi.ServerName)
|
||||
|
||||
Reference in New Issue
Block a user