frps: remove auth timeout

2024-11-21 23:09:47 +00:00 · 2019-01-15 00:22:13 +08:00 · 2019-01-15 00:22:13 +08:00 · f76deb8898
commit f76deb8898
parent 611d063e1f
8 changed files with 0 additions and 39 deletions
--- a/README.md
+++ b/README.md
@ -396,10 +396,6 @@ Then visit `http://[server_addr]:7500` to see dashboard, default username and pa

 Since v0.10.0, you only need to set `token` in frps.ini and frpc.ini.

-Note that time duration between server of frpc and frps mustn't exceed 15 minutes because timestamp is used for authentication.
-
-Howerver, this timeout duration can be modified by setting `authentication_timeout` in frps's configure file. It's defalut value is 900, means 15 minutes. If it is equals 0, then frps will not check authentication timeout.
-
 ### Encryption and Compression

 Defalut value is false, you could decide if the proxy will use encryption or compression:
--- a/README_zh.md
+++ b/README_zh.md
@ -412,10 +412,6 @@ dashboard_pwd = admin

 从 v0.10.0 版本开始，所有 proxy 配置全部放在客户端(也就是之前版本的特权模式)，服务端和客户端的 common 配置中的 `token` 参数一致则身份验证通过。

-需要注意的是 frpc 所在机器和 frps 所在机器的时间相差不能超过 15 分钟，因为时间戳会被用于加密验证中，防止报文被劫持后被其他人利用。
-
-这个超时时间可以在配置文件中通过 `authentication_timeout` 这个参数来修改，单位为秒，默认值为 900，即 15 分钟。如果修改为 0，则 frps 将不对身份验证报文的时间戳进行超时校验。
-
 ### 加密与压缩

 这两个功能默认是不开启的，需要在 frpc.ini 中通过配置来为指定的代理启用加密与压缩的功能，压缩算法使用 snappy：
--- a/cmd/frps/root.go
+++ b/cmd/frps/root.go
@ -54,7 +54,6 @@ var (
 	logLevel          string
 	logMaxDays        int64
 	token             string
-	authTimeout       int64
 	subDomainHost     string
 	tcpMux            bool
 	allowPorts        string
@ -82,7 +81,6 @@ func init() {
 	rootCmd.PersistentFlags().StringVarP(&logLevel, "log_level", "", "info", "log level")
 	rootCmd.PersistentFlags().Int64VarP(&logMaxDays, "log_max_days", "", 3, "log_max_days")
 	rootCmd.PersistentFlags().StringVarP(&token, "token", "t", "", "auth token")
-	rootCmd.PersistentFlags().Int64VarP(&authTimeout, "auth_timeout", "", 900, "auth timeout")
 	rootCmd.PersistentFlags().StringVarP(&subDomainHost, "subdomain_host", "", "", "subdomain host")
 	rootCmd.PersistentFlags().StringVarP(&allowPorts, "allow_ports", "", "", "allow ports")
 	rootCmd.PersistentFlags().Int64VarP(&maxPortsPerClient, "max_ports_per_client", "", 0, "max ports per client")
@ -173,7 +171,6 @@ func parseServerCommonCfgFromCmd() (err error) {
 	g.GlbServerCfg.LogLevel = logLevel
 	g.GlbServerCfg.LogMaxDays = logMaxDays
 	g.GlbServerCfg.Token = token
-	g.GlbServerCfg.AuthTimeout = authTimeout
 	g.GlbServerCfg.SubDomainHost = subDomainHost
 	if len(allowPorts) > 0 {
 		// e.g. 1000-2000,2001,2002,3000-4000
--- a/conf/frps_full.ini
+++ b/conf/frps_full.ini
@ -59,10 +59,6 @@ max_pool_count = 5
 # max ports can be used for each client, default value is 0 means no limit
 max_ports_per_client = 0

-# authentication_timeout means the timeout interval (seconds) when the frpc connects frps
-# if authentication_timeout is zero, the time is not verified, default is 900s
-authentication_timeout = 900
-
 # if subdomain_host is not empty, you can set subdomain when type is http or https in frpc's configure file
 # when subdomain is test, the host used by routing is test.frps.com
 subdomain_host = frps.com
--- a/models/config/server_common.go
+++ b/models/config/server_common.go
@ -67,7 +67,6 @@ type ServerCommonConf struct {
 	LogLevel      string `json:"log_level"`
 	LogMaxDays    int64  `json:"log_max_days"`
 	Token         string `json:"token"`
-	AuthTimeout   int64  `json:"auth_timeout"`
 	SubDomainHost string `json:"subdomain_host"`
 	TcpMux        bool   `json:"tcp_mux"`

@ -98,7 +97,6 @@ func GetDefaultServerConf() *ServerCommonConf {
 		LogLevel:          "info",
 		LogMaxDays:        3,
 		Token:             "",
-		AuthTimeout:       900,
 		SubDomainHost:     "",
 		TcpMux:            true,
 		AllowPorts:        make(map[int]struct{}),
@ -285,16 +283,6 @@ func UnmarshalServerConfFromIni(defaultCfg *ServerCommonConf, content string) (c
 		}
 	}

-	if tmpStr, ok = conf.Get("common", "authentication_timeout"); ok {
-		v, errRet := strconv.ParseInt(tmpStr, 10, 64)
-		if errRet != nil {
-			err = fmt.Errorf("Parse conf error: authentication_timeout is incorrect")
-			return
-		} else {
-			cfg.AuthTimeout = v
-		}
-	}
-
 	if tmpStr, ok = conf.Get("common", "subdomain_host"); ok {
 		cfg.SubDomainHost = strings.ToLower(strings.TrimSpace(tmpStr))
 	}
--- a/server/dashboard_api.go
+++ b/server/dashboard_api.go
@ -41,7 +41,6 @@ type ServerInfoResp struct {
 	VhostHttpPort     int    `json:"vhost_http_port"`
 	VhostHttpsPort    int    `json:"vhost_https_port"`
 	KcpBindPort       int    `json:"kcp_bind_port"`
-	AuthTimeout       int64  `json:"auth_timeout"`
 	SubdomainHost     string `json:"subdomain_host"`
 	MaxPoolCount      int64  `json:"max_pool_count"`
 	MaxPortsPerClient int64  `json:"max_ports_per_client"`
@ -74,7 +73,6 @@ func (svr *Service) ApiServerInfo(w http.ResponseWriter, r *http.Request) {
 		VhostHttpPort:     cfg.VhostHttpPort,
 		VhostHttpsPort:    cfg.VhostHttpsPort,
 		KcpBindPort:       cfg.KcpBindPort,
-		AuthTimeout:       cfg.AuthTimeout,
 		SubdomainHost:     cfg.SubDomainHost,
 		MaxPoolCount:      cfg.MaxPoolCount,
 		MaxPortsPerClient: cfg.MaxPortsPerClient,
--- a/server/service.go
+++ b/server/service.go
@ -324,11 +324,6 @@ func (svr *Service) RegisterControl(ctlConn frpNet.Conn, loginMsg *msg.Login) (e
 	}

 	// Check auth.
-	nowTime := time.Now().Unix()
-	if g.GlbServerCfg.AuthTimeout != 0 && nowTime-loginMsg.Timestamp > g.GlbServerCfg.AuthTimeout {
-		err = fmt.Errorf("authorization timeout")
-		return
-	}
 	if util.GetAuthKey(g.GlbServerCfg.Token, loginMsg.Timestamp) != loginMsg.PrivilegeKey {
 		err = fmt.Errorf("authorization failed")
 		return
--- a/web/frps/src/components/Overview.vue
+++ b/web/frps/src/components/Overview.vue
@ -19,9 +19,6 @@
                        <el-form-item label="Https Port">
                          <span>{{ vhost_https_port }}</span>
                        </el-form-item>
-                        <el-form-item label="Auth Timeout">
-                          <span>{{ auth_timeout }}</span>
-                        </el-form-item>
                        <el-form-item label="Subdomain Host">
                          <span>{{ subdomain_host }}</span>
                        </el-form-item>
@ -64,7 +61,6 @@
                bind_udp_port: '',
                vhost_http_port: '',
                vhost_https_port: '',
-                auth_timeout: '',
                subdomain_host: '',
                max_pool_count: '',
                max_ports_per_client: '',
@ -100,7 +96,6 @@
                if (this.vhost_https_port == 0) {
                    this.vhost_https_port = "disable"
                }
-                this.auth_timeout = json.auth_timeout
                this.subdomain_host = json.subdomain_host
                this.max_pool_count = json.max_pool_count
                this.max_ports_per_client = json.max_ports_per_client