def _find_access_user(self, first_data: bytes):
"""通过auth校验来找到正确的user"""
with memoryview(first_data) as d:
salt = first_data[:self.cipher_cls.SALT_SIZE]
if salt in self.bf:
raise RuntimeError("repeated salt founded!")
else:
self.bf.add(salt)
t1 = time.time()
cnt = 0
for user in User.list_by_port(self.user_port).iterator():
if not self.last_access_user:
self.last_access_user = user
try:
cnt += 1
cipher = self.cipher_cls(user.password)
with memoryview(first_data) as d:
if self.ts_protocol == flag.TRANSPORT_TCP:
cipher.decrypt(d)
else:
cipher.unpack(d)
self.access_user = user
break
except ValueError as e:
if e.args[0] != "MAC check failed":
raise e
del cipher
logging.info(
f"用户:{self.access_user} 一共寻找了{ cnt }个user,共花费{(time.time()-t1)*1000}ms"
)
def get_cipher_by_port(cls, port) -> CipherMan:
user_list = User.list_by_port(port)
if len(user_list) == 1:
access_user = user_list[0]
else:
access_user = None
return cls(user_list, access_user=access_user)
def get_cipher_by_port(cls, port, ts_protocol) -> CipherMan:
user_query = User.list_by_port(port)
if user_query.count() == 1:
access_user = user_query.first()
else:
access_user = None
return cls(port, access_user=access_user, ts_protocol=ts_protocol)
def __init__(
self,
user_port=None,
access_user: User = None,
ts_protocol=flag.TRANSPORT_TCP,
):
self.user_port = user_port
self.access_user = access_user
self.ts_protocol = ts_protocol
self.cipher = None
self._buffer = bytearray()
self.last_access_user = None
if self.access_user:
self.method = access_user.method
else:
self.method = (User.list_by_port(self.user_port).first().method
) # NOTE 所有的user用的加密方式必须是一种
self.cipher_cls = self.SUPPORT_METHODS.get(self.method)
if self.cipher_cls.AEAD_CIPHER:
if self.ts_protocol == flag.TRANSPORT_TCP:
self._first_data_len = self.cipher_cls.tcp_first_data_len()
else:
self._first_data_len = self.cipher_cls.udp_first_data_len()
else:
self._first_data_len = 0
def get_cipher_by_port(cls, port, ts_protocol, peername) -> CipherMan:
user_query = User.list_by_port(port)
access_user = user_query.first() if user_query.count() == 1 else None
return cls(port,
access_user=access_user,
ts_protocol=ts_protocol,
peername=peername)
def __init__(
self,
user_port=None,
access_user: User = None,
ts_protocol=flag.TRANSPORT_TCP,
peername=None,
):
self.user_port = user_port
self.access_user = access_user
self.ts_protocol = ts_protocol
self.peername = peername
self.cipher = None
self._buffer = bytearray()
if self.access_user:
self.method = access_user.method
else:
self.method = (User.list_by_port(self.user_port).first().method
) # NOTE 所有的user用的加密方式必须是一种
self.cipher_cls = SUPPORT_METHODS.get(self.method)
if not self.cipher_cls:
raise Exception(f"暂时不支持这种加密方式:{self.method}")
if self.cipher_cls.AEAD_CIPHER and self.ts_protocol == flag.TRANSPORT_TCP:
self._first_data_len = self.cipher_cls.tcp_first_data_len()
else:
self._first_data_len = 0
def get_cipher_by_port(cls, port) -> CipherMan:
user_list = User.list_by_port(port)
if len(user_list) != 1:
raise ValueError("单个端口找到了多个用户")
return cls(user_list[0])