mirror of
				https://github.com/fatedier/frp
				synced 2025-10-20 10:03:07 +08:00 
			
		
		
		
	
		
			
				
	
	
		
			146 lines
		
	
	
		
			5.9 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			146 lines
		
	
	
		
			5.9 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
| // Copyright 2023 The frp Authors
 | |
| //
 | |
| // Licensed under the Apache License, Version 2.0 (the "License");
 | |
| // you may not use this file except in compliance with the License.
 | |
| // You may obtain a copy of the License at
 | |
| //
 | |
| //     http://www.apache.org/licenses/LICENSE-2.0
 | |
| //
 | |
| // Unless required by applicable law or agreed to in writing, software
 | |
| // distributed under the License is distributed on an "AS IS" BASIS,
 | |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 | |
| // See the License for the specific language governing permissions and
 | |
| // limitations under the License.
 | |
| 
 | |
| package legacy
 | |
| 
 | |
| type BaseConfig struct {
 | |
| 	// AuthenticationMethod specifies what authentication method to use to
 | |
| 	// authenticate frpc with frps. If "token" is specified - token will be
 | |
| 	// read into login message. If "oidc" is specified - OIDC (Open ID Connect)
 | |
| 	// token will be issued using OIDC settings. By default, this value is "token".
 | |
| 	AuthenticationMethod string `ini:"authentication_method" json:"authentication_method"`
 | |
| 	// AuthenticateHeartBeats specifies whether to include authentication token in
 | |
| 	// heartbeats sent to frps. By default, this value is false.
 | |
| 	AuthenticateHeartBeats bool `ini:"authenticate_heartbeats" json:"authenticate_heartbeats"`
 | |
| 	// AuthenticateNewWorkConns specifies whether to include authentication token in
 | |
| 	// new work connections sent to frps. By default, this value is false.
 | |
| 	AuthenticateNewWorkConns bool `ini:"authenticate_new_work_conns" json:"authenticate_new_work_conns"`
 | |
| }
 | |
| 
 | |
| func getDefaultBaseConf() BaseConfig {
 | |
| 	return BaseConfig{
 | |
| 		AuthenticationMethod:     "token",
 | |
| 		AuthenticateHeartBeats:   false,
 | |
| 		AuthenticateNewWorkConns: false,
 | |
| 	}
 | |
| }
 | |
| 
 | |
| type ClientConfig struct {
 | |
| 	BaseConfig       `ini:",extends"`
 | |
| 	OidcClientConfig `ini:",extends"`
 | |
| 	TokenConfig      `ini:",extends"`
 | |
| }
 | |
| 
 | |
| func GetDefaultClientConf() ClientConfig {
 | |
| 	return ClientConfig{
 | |
| 		BaseConfig:       getDefaultBaseConf(),
 | |
| 		OidcClientConfig: getDefaultOidcClientConf(),
 | |
| 		TokenConfig:      getDefaultTokenConf(),
 | |
| 	}
 | |
| }
 | |
| 
 | |
| type ServerConfig struct {
 | |
| 	BaseConfig       `ini:",extends"`
 | |
| 	OidcServerConfig `ini:",extends"`
 | |
| 	TokenConfig      `ini:",extends"`
 | |
| }
 | |
| 
 | |
| func GetDefaultServerConf() ServerConfig {
 | |
| 	return ServerConfig{
 | |
| 		BaseConfig:       getDefaultBaseConf(),
 | |
| 		OidcServerConfig: getDefaultOidcServerConf(),
 | |
| 		TokenConfig:      getDefaultTokenConf(),
 | |
| 	}
 | |
| }
 | |
| 
 | |
| type OidcClientConfig struct {
 | |
| 	// OidcClientID specifies the client ID to use to get a token in OIDC
 | |
| 	// authentication if AuthenticationMethod == "oidc". By default, this value
 | |
| 	// is "".
 | |
| 	OidcClientID string `ini:"oidc_client_id" json:"oidc_client_id"`
 | |
| 	// OidcClientSecret specifies the client secret to use to get a token in OIDC
 | |
| 	// authentication if AuthenticationMethod == "oidc". By default, this value
 | |
| 	// is "".
 | |
| 	OidcClientSecret string `ini:"oidc_client_secret" json:"oidc_client_secret"`
 | |
| 	// OidcAudience specifies the audience of the token in OIDC authentication
 | |
| 	// if AuthenticationMethod == "oidc". By default, this value is "".
 | |
| 	OidcAudience string `ini:"oidc_audience" json:"oidc_audience"`
 | |
| 	// OidcScope specifies the scope of the token in OIDC authentication
 | |
| 	// if AuthenticationMethod == "oidc". By default, this value is "".
 | |
| 	OidcScope string `ini:"oidc_scope" json:"oidc_scope"`
 | |
| 	// OidcTokenEndpointURL specifies the URL which implements OIDC Token Endpoint.
 | |
| 	// It will be used to get an OIDC token if AuthenticationMethod == "oidc".
 | |
| 	// By default, this value is "".
 | |
| 	OidcTokenEndpointURL string `ini:"oidc_token_endpoint_url" json:"oidc_token_endpoint_url"`
 | |
| 
 | |
| 	// OidcAdditionalEndpointParams specifies additional parameters to be sent
 | |
| 	// this field will be transfer to map[string][]string in OIDC token generator
 | |
| 	// The field will be set by prefix "oidc_additional_"
 | |
| 	OidcAdditionalEndpointParams map[string]string `ini:"-" json:"oidc_additional_endpoint_params"`
 | |
| }
 | |
| 
 | |
| func getDefaultOidcClientConf() OidcClientConfig {
 | |
| 	return OidcClientConfig{
 | |
| 		OidcClientID:                 "",
 | |
| 		OidcClientSecret:             "",
 | |
| 		OidcAudience:                 "",
 | |
| 		OidcScope:                    "",
 | |
| 		OidcTokenEndpointURL:         "",
 | |
| 		OidcAdditionalEndpointParams: make(map[string]string),
 | |
| 	}
 | |
| }
 | |
| 
 | |
| type OidcServerConfig struct {
 | |
| 	// OidcIssuer specifies the issuer to verify OIDC tokens with. This issuer
 | |
| 	// will be used to load public keys to verify signature and will be compared
 | |
| 	// with the issuer claim in the OIDC token. It will be used if
 | |
| 	// AuthenticationMethod == "oidc". By default, this value is "".
 | |
| 	OidcIssuer string `ini:"oidc_issuer" json:"oidc_issuer"`
 | |
| 	// OidcAudience specifies the audience OIDC tokens should contain when validated.
 | |
| 	// If this value is empty, audience ("client ID") verification will be skipped.
 | |
| 	// It will be used when AuthenticationMethod == "oidc". By default, this
 | |
| 	// value is "".
 | |
| 	OidcAudience string `ini:"oidc_audience" json:"oidc_audience"`
 | |
| 	// OidcSkipExpiryCheck specifies whether to skip checking if the OIDC token is
 | |
| 	// expired. It will be used when AuthenticationMethod == "oidc". By default, this
 | |
| 	// value is false.
 | |
| 	OidcSkipExpiryCheck bool `ini:"oidc_skip_expiry_check" json:"oidc_skip_expiry_check"`
 | |
| 	// OidcSkipIssuerCheck specifies whether to skip checking if the OIDC token's
 | |
| 	// issuer claim matches the issuer specified in OidcIssuer. It will be used when
 | |
| 	// AuthenticationMethod == "oidc". By default, this value is false.
 | |
| 	OidcSkipIssuerCheck bool `ini:"oidc_skip_issuer_check" json:"oidc_skip_issuer_check"`
 | |
| }
 | |
| 
 | |
| func getDefaultOidcServerConf() OidcServerConfig {
 | |
| 	return OidcServerConfig{
 | |
| 		OidcIssuer:          "",
 | |
| 		OidcAudience:        "",
 | |
| 		OidcSkipExpiryCheck: false,
 | |
| 		OidcSkipIssuerCheck: false,
 | |
| 	}
 | |
| }
 | |
| 
 | |
| type TokenConfig struct {
 | |
| 	// Token specifies the authorization token used to create keys to be sent
 | |
| 	// to the server. The server must have a matching token for authorization
 | |
| 	// to succeed.  By default, this value is "".
 | |
| 	Token string `ini:"token" json:"token"`
 | |
| }
 | |
| 
 | |
| func getDefaultTokenConf() TokenConfig {
 | |
| 	return TokenConfig{
 | |
| 		Token: "",
 | |
| 	}
 | |
| }
 | 
