兼容不支持SNI的情况

2023-04-21 15:57:12 +08:00 · 2023-04-21 15:57:12 +08:00 · 91ce4752f3
parent c05ec9ab36
commit 91ce4752f3
3 changed files with 40 additions and 25 deletions
--- a/server/base/log.go
+++ b/server/base/log.go
@ -10,12 +10,12 @@ import (
 )

 const (
-	_Trace = iota
-	_Debug
-	_Info
-	_Warn
-	_Error
-	_Fatal
+	LogLevelTrace = iota
+	LogLevelDebug
+	LogLevelInfo
+	LogLevelWarn
+	LogLevelError
+	LogLevelFatal
 )

 var (
@ -88,16 +88,20 @@ func GetBaseLog() *log.Logger {
 	return baseLog
 }

+func GetLogLevel() int {
+	return baseLevel
+}
+
 func logLevel2Int(l string) int {
 	levels = map[int]string{
-		_Trace: "Trace",
-		_Debug: "Debug",
-		_Info:  "Info",
-		_Warn:  "Warn",
-		_Error: "Error",
-		_Fatal: "Fatal",
+		LogLevelTrace: "Trace",
+		LogLevelDebug: "Debug",
+		LogLevelInfo:  "Info",
+		LogLevelWarn:  "Warn",
+		LogLevelError: "Error",
+		LogLevelFatal: "Fatal",
 	}
-	lvl := _Info
+	lvl := LogLevelInfo
 	for k, v := range levels {
 		if strings.EqualFold(strings.ToLower(l), strings.ToLower(v)) {
 			lvl = k
@ -112,7 +116,7 @@ func output(l int, s ...interface{}) {
 }

 func Trace(v ...interface{}) {
-	l := _Trace
+	l := LogLevelTrace
 	if baseLevel > l {
 		return
 	}
@ -120,7 +124,7 @@ func Trace(v ...interface{}) {
 }

 func Debug(v ...interface{}) {
-	l := _Debug
+	l := LogLevelDebug
 	if baseLevel > l {
 		return
 	}
@ -128,7 +132,7 @@ func Debug(v ...interface{}) {
 }

 func Info(v ...interface{}) {
-	l := _Info
+	l := LogLevelInfo
 	if baseLevel > l {
 		return
 	}
@ -136,7 +140,7 @@ func Info(v ...interface{}) {
 }

 func Warn(v ...interface{}) {
-	l := _Warn
+	l := LogLevelWarn
 	if baseLevel > l {
 		return
 	}
@ -144,7 +148,7 @@ func Warn(v ...interface{}) {
 }

 func Error(v ...interface{}) {
-	l := _Error
+	l := LogLevelError
 	if baseLevel > l {
 		return
 	}
@ -152,7 +156,7 @@ func Error(v ...interface{}) {
 }

 func Fatal(v ...interface{}) {
-	l := _Fatal
+	l := LogLevelFatal
 	if baseLevel > l {
 		return
 	}
--- a/server/dbdata/cert.go
+++ b/server/dbdata/cert.go
@ -33,9 +33,12 @@ import (
 	"github.com/go-acme/lego/v4/registration"
 )

-var nameToCertificate = make(map[string]*tls.Certificate)
-
-var tempCert *tls.Certificate
+var (
+	// nameToCertificate mutex
+	ntcMux            sync.RWMutex
+	nameToCertificate = make(map[string]*tls.Certificate)
+	tempCert          *tls.Certificate
+)

 func init() {
 	c, _ := selfsign.GenerateSelfSignedWithDNS("localhost")
@ -342,6 +345,9 @@ func getTempCertificate() (*tls.Certificate, error) {
 }

 func GetCertificateBySNI(commonName string) (*tls.Certificate, error) {
+	ntcMux.RLock()
+	defer ntcMux.RUnlock()
+
 	// Copy from tls.Config getCertificate()
 	name := strings.ToLower(commonName)
 	if cert, ok := nameToCertificate[name]; ok {
@ -369,6 +375,9 @@ func LoadCertificate(cert *tls.Certificate) {

 // Copy from tls.Config BuildNameToCertificate()
 func buildNameToCertificate(cert *tls.Certificate) {
+	ntcMux.Lock()
+	defer ntcMux.Unlock()
+
 	// TODO 设置默认证书
 	nameToCertificate["default"] = cert

--- a/server/handler/link_auth.go
+++ b/server/handler/link_auth.go
@ -7,6 +7,7 @@ import (
 	"io"
 	"net"
 	"net/http"
+	"net/http/httputil"
 	"strings"
 	"text/template"

@ -19,9 +20,10 @@ var profileHash = ""

 func LinkAuth(w http.ResponseWriter, r *http.Request) {
 	// TODO 调试信息输出
-	// hd, _ := httputil.DumpRequest(r, true)
-	// base.Debug("DumpRequest: ", string(hd))
-
+	if base.GetLogLevel() == base.LogLevelTrace {
+		hd, _ := httputil.DumpRequest(r, true)
+		base.Trace("LinkAuth: ", string(hd))
+	}
 	// 判断anyconnect客户端
 	userAgent := strings.ToLower(r.UserAgent())
 	xAggregateAuth := r.Header.Get("X-Aggregate-Auth")