Update: ldap 支持 otp 动态口令认证

2024-08-27 14:37:42 +08:00 · 2024-08-27 14:37:42 +08:00 · a91cd28f04
parent ff9b7c7dcc
commit a91cd28f04
11 changed files with 341 additions and 9 deletions
--- a/server/admin/api_user.go
+++ b/server/admin/api_user.go
@ -113,7 +113,7 @@ func UserSet(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 	// 修改用户资料后执行过期用户检测
-	sessdata.CloseUserLimittimeSession()
+	sessdata.CloseUserLimitTimeSession()
 	RespSucess(w, nil)
 }

--- a/server/conf/server.toml
+++ b/server/conf/server.toml
@ -53,8 +53,15 @@ ipv4_end = "192.168.90.200"
 #是否自动添加nat
 iptables_nat = true

-
 #客户端显示详细错误信息(线上环境慎开启)
 display_error = true

+# ldap server
+ldap_admin_user = "anylink"
+ldap_server = "127.0.0.1:389"
+ldap_user = "cn=anylink,ou=user,dc=test,dc=com"
+ldap_pass = "12123z8qvBqrG"
+ldap_base_dn = "dc=test,dc=com"

+# Token verify
+otp_server = "https://otp.test.com/otp/api/v1/check/user"
--- a/server/cron/start.go
+++ b/server/cron/start.go
@ -13,7 +13,7 @@ func Start() {
 	s.Cron("0 * * * *").Do(ClearAudit)
 	s.Cron("0 * * * *").Do(ClearStatsInfo)
 	s.Cron("0 * * * *").Do(ClearUserActLog)
-	s.Every(1).Day().At("00:00").Do(sessdata.CloseUserLimittimeSession)
+	s.Every(1).Day().At("00:00").Do(sessdata.CloseUserLimitTimeSession)
 	s.Every(1).Day().At("00:00").Do(dbdata.ReNewCert)
 	s.StartAsync()
 }
--- a/server/dbdata/otp_auth.go
+++ b/server/dbdata/otp_auth.go
@ -0,0 +1,59 @@
+package dbdata
+
+import (
+	"encoding/json"
+	"fmt"
+	"github.com/spf13/viper"
+	"io"
+	"log"
+	"net/http"
+)
+
+type OtpAuthResult struct {
+	User       string `json:"user"`
+	TokenValid bool   `json:"token_valid"`
+}
+
+func ValidateUserOtp(name string, otp int) (bool, error) {
+
+	v := viper.New()
+	v.SetConfigFile("./conf/server.toml")
+	if err := v.ReadInConfig(); err != nil {
+		panic("config file err:" + err.Error())
+
+	}
+
+	// 验证动态口令
+	otpServ := v.Get("otp_server")
+	otpAuthUrl := fmt.Sprintf("%s/%s/token/%d", otpServ, name, otp)
+	fmt.Println("otpAuthUrl: ", otpAuthUrl)
+	resp, err := http.Get(otpAuthUrl)
+
+	if err != nil || resp.StatusCode != 200 {
+		log.Fatalf("otp server auth err, user=[%s], token=[%d], httpcode=[%d], err=[%v]", name, otp, resp.StatusCode, err)
+		return false, err
+	}
+
+	defer func(Body io.ReadCloser) {
+		err := Body.Close()
+		if err != nil {
+			panic(err)
+		}
+	}(resp.Body)
+
+	b, err := io.ReadAll(resp.Body)
+	if err != nil {
+		log.Fatalf("io.ReadAll read http response body failed, err=[%v]", err)
+		return false, err
+	}
+
+	var optAuthResult OtpAuthResult
+	err = json.Unmarshal(b, &optAuthResult)
+
+	if err != nil {
+		log.Fatalf("unmarshalotp retmsg failed, user=[%s], token=[%d], httpcode=[%d], err=[%v]", name, otp, resp.StatusCode, err)
+		return false, err
+	}
+
+	return optAuthResult.TokenValid, nil
+}
--- a/server/dbdata/otp_auth_test.go
+++ b/server/dbdata/otp_auth_test.go
@ -0,0 +1,74 @@
+package dbdata
+
+import (
+	"fmt"
+	. "github.com/go-ldap/ldap/v3"
+	"github.com/spf13/viper"
+	"strconv"
+	"testing"
+)
+
+var attributes = []string{
+	"cn",
+	"sAMAccountName",
+	"displayName",
+}
+
+func TestUserOtpAuth(t *testing.T) {
+
+	v := viper.New()
+	v.SetConfigFile("../conf/server.toml")
+	if err := v.ReadInConfig(); err != nil {
+		panic("config file err:" + err.Error())
+	}
+
+	user, pwd := v.Get("ldap_user").(string), v.Get("ldap_pass").(string)
+	addr, baseDN := v.Get("ldap_server").(string), v.Get("ldap_base_dn").(string)
+
+	l, err := DialURL(fmt.Sprintf("ldap://%s", addr))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	defer l.Close()
+
+	err = l.Bind(user, pwd)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	user = "test"
+	searchRequest := NewSearchRequest(
+		baseDN,
+		ScopeWholeSubtree, DerefAlways, 0, 0, false,
+		fmt.Sprintf("(&(objectClass=person)(sAMAccountName=%s))", user),
+		attributes,
+		nil)
+
+	sr, err := l.Search(searchRequest)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	userDN := sr.Entries[0].DN
+	fmt.Println("userDN: ", userDN)
+
+	pwd = "tests1sDSs$872322"
+	pl := len(pwd)
+	pinCode := pwd[:pl-6]
+	otp := pwd[pl-6:]
+
+	err = l.Bind(userDN, pinCode)
+	if err != nil {
+		t.Fatalf("LDAP 登入失败，请检查登入的账号 [%s] 或密码 [%v], err=[%v]", userDN, pinCode, err.Error())
+	} else {
+		// check user otp
+		ot, err := strconv.Atoi(otp)
+		otpAuthRes, err := ValidateUserOtp(user, ot)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		fmt.Println("otpAuthRes: ", otpAuthRes)
+	}
+}
--- a/server/dbdata/userauth_ldap.go
+++ b/server/dbdata/userauth_ldap.go
@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"github.com/spf13/viper"
 	"net"
 	"reflect"
 	"regexp"
@ -62,6 +63,14 @@ func (auth AuthLdap) checkData(authData map[string]interface{}) error {
 }

 func (auth AuthLdap) checkUser(name, pwd string, g *Group) error {
+
+	v := viper.New()
+	v.SetConfigFile("./conf/server.toml")
+	if err := v.ReadInConfig(); err != nil {
+		panic("config file err:" + err.Error())
+
+	}
+
 	pl := len(pwd)
 	if name == "" || pl < 1 {
 		return fmt.Errorf("%s %s", name, "密码错误")
@ -130,10 +139,32 @@ func (auth AuthLdap) checkUser(name, pwd string, g *Group) error {
 		return fmt.Errorf("LDAP %s 用户 %s", name, err.Error())
 	}
 	userDN := sr.Entries[0].DN
-	err = l.Bind(userDN, pwd)
-	if err != nil {
-		return fmt.Errorf("%s LDAP 登入失败，请检查登入的账号或密码 %s", name, err.Error())
+	ldapAdminUser := v.Get("ldap_admin_user")
+	if name == ldapAdminUser {
+		pinCode := pwd
+		err = l.Bind(userDN, pinCode)
+		if err != nil {
+			return fmt.Errorf("LDAP 登入失败，请检查登入的账号 [%s] 或密码 [%v], err=[%v]", userDN, pinCode, err.Error())
+		}
+	} else {
+		pinCode := pwd[:pl-6]
+		otp := pwd[pl-6:]
+		err = l.Bind(userDN, pinCode)
+		if err != nil {
+			return fmt.Errorf("LDAP 登入失败，请检查登入的账号 [%s] 或密码 [%v], err=[%v]", userDN, pinCode, err.Error())
+		}
+		// check user otp
+		ot, err := strconv.Atoi(otp)
+		otpAuthRes, err := ValidateUserOtp(name, ot)
+		if err != nil {
+			return err
+		}
+
+		if !otpAuthRes {
+			return fmt.Errorf("LDAP 用户 [%s] 动态口令 [%d] 验证失败，请检查登入的动态口令，err=[%v]", name, ot, err.Error())
+		}
 	}
+
 	return nil
 }

--- a/server/dbdata/userauth_ldap_test.go
+++ b/server/dbdata/userauth_ldap_test.go
@ -0,0 +1,125 @@
+package dbdata
+
+import (
+	"crypto/tls"
+	"fmt"
+	"github.com/go-ldap/ldap"
+	"github.com/spf13/viper"
+	"net"
+	"strconv"
+	"testing"
+	"time"
+)
+
+type AuthTestLdap struct {
+	Addr        string `json:"addr"`
+	Tls         bool   `json:"tls"`
+	BindName    string `json:"bind_name"`
+	BindPwd     string `json:"bind_pwd"`
+	BaseDn      string `json:"base_dn"`
+	ObjectClass string `json:"object_class"`
+	SearchAttr  string `json:"search_attr"`
+	MemberOf    string `json:"member_of"`
+}
+
+func TestCheckLdapUserAuth(t *testing.T) {
+
+	v := viper.New()
+	v.SetConfigFile("../conf/server.toml")
+	if err := v.ReadInConfig(); err != nil {
+		panic("config file err:" + err.Error())
+	}
+
+	user, pwd, ldapAdminUser := v.Get("ldap_user").(string), v.Get("ldap_pass").(string), v.Get("ldap_admin_user").(string)
+	addr, baseDN := v.Get("ldap_server").(string), v.Get("ldap_base_dn").(string)
+	pl := len(pwd)
+
+	if user == "" || pl < 1 {
+		t.Errorf("%s %s", user, "密码错误")
+	}
+
+	// 检测服务器和端口的可用性
+	con, err := net.DialTimeout("tcp", addr, 3*time.Second)
+	if err != nil {
+		t.Errorf("%s %s", user, "LDAP服务器连接异常, 请检测服务器和端口")
+	}
+	defer con.Close()
+
+	// 连接LDAP
+	l, err := ldap.Dial("tcp", addr)
+	if err != nil {
+		t.Errorf("LDAP连接失败 %s %s", addr, err.Error())
+	}
+	defer l.Close()
+
+	var auth AuthTestLdap
+	if auth.Tls {
+		err = l.StartTLS(&tls.Config{InsecureSkipVerify: true})
+		if err != nil {
+			t.Errorf("%s LDAP TLS连接失败 %s", user, err.Error())
+		}
+	}
+
+	err = l.Bind(user, pwd)
+	if err != nil {
+		t.Errorf("%s LDAP 管理员 DN或密码填写有误 %s", user, err.Error())
+	}
+
+	if auth.ObjectClass == "" {
+		auth.ObjectClass = "person"
+	}
+
+	// 普通用户验证
+	user = "test"
+	searchAttr := fmt.Sprintf("(&(objectClass=person)(sAMAccountName=%s))", user)
+	fmt.Println("searchAttr:", searchAttr)
+
+	searchRequest := ldap.NewSearchRequest(
+		baseDN,
+		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 3, false,
+		fmt.Sprintf("(&%s)", searchAttr),
+		[]string{},
+		nil,
+	)
+
+	sr, err := l.Search(searchRequest)
+	if err != nil {
+		t.Logf("%s LDAP 查询失败 %s %s %s", user, auth.BaseDn, searchAttr, err.Error())
+	}
+
+	//验证密码和动态口令
+	userDN := sr.Entries[0].DN
+	fmt.Println("userDN: ", userDN)
+
+	// 管理员用户不需要 otp 认证，或可以设置为固定的 otp，可根据自身情况调整
+	if user == ldapAdminUser {
+		pinCode := pwd
+		err = l.Bind(userDN, pinCode)
+		if err != nil {
+			t.Logf("LDAP 登入失败，请检查登入的账号 [%s] 或密码 [%v], err=[%v]", userDN, pinCode, err.Error())
+		}
+	} else {
+
+		pwd = "TEstestS#23$331239"
+		pl = len(pwd)
+		pinCode := pwd[:pl-6]
+		otp := pwd[pl-6:]
+
+		err = l.Bind(userDN, pinCode)
+		if err != nil {
+			t.Errorf("LDAP 登入失败，请检查登入的账号 [%s] 或密码 [%v], err=[%v]", userDN, pinCode, err.Error())
+		} else {
+
+			ot, err := strconv.Atoi(otp)
+
+			otpAuthRes, err := ValidateUserOtp(user, ot)
+			if err != nil {
+				t.Fatal(err)
+			}
+
+			fmt.Println("otpAuthRes: ", otpAuthRes)
+		}
+
+		fmt.Println("otp auth stop")
+	}
+}
--- a/server/go.mod
+++ b/server/go.mod
@ -8,6 +8,7 @@ require (
 	github.com/go-acme/lego/v4 v4.15.0
 	github.com/go-co-op/gocron v1.37.0
 	github.com/go-ldap/ldap v3.0.3+incompatible
+	github.com/go-ldap/ldap/v3 v3.4.8
 	github.com/go-sql-driver/mysql v1.8.0
 	github.com/gocarina/gocsv v0.0.0-20231116093920-b87c2d0e983a
 	github.com/golang-jwt/jwt/v4 v4.5.0
@ -43,10 +44,12 @@ require (

 require (
 	filippo.io/edwards25519 v1.1.0 // indirect
+	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
 	github.com/aliyun/alibaba-cloud-sdk-go v1.62.690 // indirect
 	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
 	github.com/cloudflare/cloudflare-go v0.89.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/go-asn1-ber/asn1-ber v1.5.5 // indirect
 	github.com/go-jose/go-jose/v3 v3.0.3 // indirect
 	github.com/go-test/deep v1.1.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
--- a/server/go.sum
+++ b/server/go.sum
@ -3,9 +3,13 @@ filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
 filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
 gitea.com/xorm/sqlfiddle v0.0.0-20180821085327-62ce714f951a h1:lSA0F4e9A2NcQSqGqTOXqu2aRi/XEQxDCBwM8yJtE6s=
 gitea.com/xorm/sqlfiddle v0.0.0-20180821085327-62ce714f951a/go.mod h1:EXuID2Zs0pAQhH8yz+DNjUbjppKQzKFAn28TMYPB6IU=
+github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
+github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo=
 github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw=
+github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa h1:LHTHcTQiSGT7VVbI0o4wBRNQIgn917usHWOd6VAffYI=
+github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
 github.com/aliyun/alibaba-cloud-sdk-go v1.62.690 h1:9ChlXyXZxVeHXPlsUqquutxxmrEGhNmfQiOW/YKIbq8=
 github.com/aliyun/alibaba-cloud-sdk-go v1.62.690/go.mod h1:CJJYa1ZMxjlN/NbXEwmejEnBkhi0DV+Yb3B2lxf+74o=
 github.com/arl/statsviz v0.6.0 h1:jbW1QJkEYQkufd//4NDYRSNBpwJNrdzPahF7ZmoGdyE=
@ -35,6 +39,8 @@ github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nos
 github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
 github.com/go-acme/lego/v4 v4.15.0 h1:A7MHEU3b+TDFqhC/HmzMJnzPbyeaYvMZQBbqgvbThhU=
 github.com/go-acme/lego/v4 v4.15.0/go.mod h1:eeGhjW4zWT7Ccqa3sY7ayEqFLCAICx+mXgkMHKIkLxg=
+github.com/go-asn1-ber/asn1-ber v1.5.5 h1:MNHlNMBDgEKD4TcKr36vQN68BA00aDfjIt3/bD50WnA=
+github.com/go-asn1-ber/asn1-ber v1.5.5/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-co-op/gocron v1.37.0 h1:ZYDJGtQ4OMhTLKOKMIch+/CY70Brbb1dGdooLEhh7b0=
 github.com/go-co-op/gocron v1.37.0/go.mod h1:3L/n6BkO7ABj+TrfSVXLRzsP26zmikL4ISkLQ0O8iNY=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
@ -42,6 +48,8 @@ github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7
 github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ=
 github.com/go-ldap/ldap v3.0.3+incompatible h1:HTeSZO8hWMS1Rgb2Ziku6b8a7qRIZZMHjsvuZyatzwk=
 github.com/go-ldap/ldap v3.0.3+incompatible/go.mod h1:qfd9rJvER9Q0/D/Sqn1DfHRoBp40uXYvFoEVrNEPqRc=
+github.com/go-ldap/ldap/v3 v3.4.8 h1:loKJyspcRezt2Q3ZRMq2p/0v8iOurlmeXDPw6fikSvQ=
+github.com/go-ldap/ldap/v3 v3.4.8/go.mod h1:qS3Sjlu76eHfHGpUdWkAXQTw4beih+cHsco2jXlIXrk=
 github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
 github.com/go-ole/go-ole v1.3.0 h1:Dt6ye7+vXGIKZ7Xtk4s6/xVdGDQynvom7xCFEdWr6uE=
 github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW6zv78=
@ -77,6 +85,8 @@ github.com/gorilla/handlers v1.5.2 h1:cLTUSsNkgcwhgRqvCNmdbRWG0A3N4F+M2nWKdScwyE
 github.com/gorilla/handlers v1.5.2/go.mod h1:dX+xVpaxdSw+q0Qek8SSsl3dfMk3jNddUkMzo0GtH0w=
 github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
 github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
+github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
+github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
 github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY=
 github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
@ -85,6 +95,9 @@ github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrj
 github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c=
 github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M=
 github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
+github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
+github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
@ -93,6 +106,18 @@ github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/ivpusic/grpool v1.0.0 h1:+FCiCo3GhfsvzfXuJWnpJUNb/VaqyYVgG8C+qvh07Rc=
 github.com/ivpusic/grpool v1.0.0/go.mod h1:WPmiAI5ExAn06vg+0JzyPzXMQutJmpb7TrBtyLJkOHQ=
+github.com/jcmturner/aescts/v2 v2.0.0 h1:9YKLH6ey7H4eDBXW8khjYslgyqG2xZikXP0EQFKrle8=
+github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs=
+github.com/jcmturner/dnsutils/v2 v2.0.0 h1:lltnkeZGL0wILNvrNiVCR6Ro5PGU/SeBvVO/8c/iPbo=
+github.com/jcmturner/dnsutils/v2 v2.0.0/go.mod h1:b0TnjGOvI/n42bZa+hmXL+kFJZsFT7G4t3HTlQ184QM=
+github.com/jcmturner/gofork v1.7.6 h1:QH0l3hzAU1tfT3rZCnW5zXl+orbkNMMRGJfdJjHVETg=
+github.com/jcmturner/gofork v1.7.6/go.mod h1:1622LH6i/EZqLloHfE7IeZ0uEJwMSUyQ/nDd82IeqRo=
+github.com/jcmturner/goidentity/v6 v6.0.1 h1:VKnZd2oEIMorCTsFBnJWbExfNN7yZr3EhJAxwOkZg6o=
+github.com/jcmturner/goidentity/v6 v6.0.1/go.mod h1:X1YW3bgtvwAXju7V3LCIMpY0Gbxyjn/mY9zx4tFonSg=
+github.com/jcmturner/gokrb5/v8 v8.4.4 h1:x1Sv4HaTpepFkXbt2IkL29DXRf8sOfZXo8eRKh687T8=
+github.com/jcmturner/gokrb5/v8 v8.4.4/go.mod h1:1btQEpgT6k+unzCwX1KdWMEwPPkkgBtP+F6aCACiMrs=
+github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZY=
+github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
 github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
 github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
@ -200,9 +225,11 @@ github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSS
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
@ -247,6 +274,7 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
 golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
 golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
 golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
@ -275,12 +303,15 @@ golang.org/x/mod v0.16.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI=
 golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc=
 golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@ -314,6 +345,7 @@ golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU=
 golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
 golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
+golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
@ -359,6 +391,7 @@ gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
--- a/server/sessdata/session.go
+++ b/server/sessdata/session.go
@ -126,8 +126,8 @@ func checkSession() {
 	}()
 }

-// 状态为过期的用户踢下线
-func CloseUserLimittimeSession() {
+// CloseUserLimitTimeSession 状态为过期的用户踢下线
+func CloseUserLimitTimeSession() {
 	s := mapset.NewSetFromSlice(dbdata.CheckUserlimittime())
 	limitTimeToken := []string{}
 	sessMux.RLock()
--- a/server/sessdata/start.go
+++ b/server/sessdata/start.go
@ -4,5 +4,5 @@ func Start() {
 	initIpPool()
 	checkSession()
 	saveStatsInfo()
-	CloseUserLimittimeSession()
+	CloseUserLimitTimeSession()
 }