add login page screenshots

README.md

@@ -7,6 +7,7 @@ frp server plugin to show server info and support multiple users for [frp](https
 frps-panel will run as one single process and accept HTTP requests from frps.
 
 ![支持英文](screenshots/i18n.png)
+![登录页面](screenshots/login.png)
 ![服务器信息](screenshots/server%20info.png)
 ![用户列表](screenshots/user%20list.png)
 ![新增列表](screenshots/new%20user.png)
@@ -47,9 +48,15 @@ plugin_port = 7200
 admin_user  = admin
 ;the password of manage ui,optional
 admin_pwd   = admin
+;specified login state keep time in seconds.0 - before the browser completely exit, don't need to re-login,greater than 0: when Idle time exceeds this value,you should re-login
+admin_keep_time = 0
 
-; frp server's dashboard config info, it's required and should be the same as frp server
-; otherwaise, this plugin cannot get server info
+; enable tls
+tls_mode = false
+; tls_cert_file = cert.crt
+; tls_key_file = cert.key
+
+; frp dashboard info
 dashboard_addr = 127.0.0.1
 dashboard_port = 7500
 dashboard_user = admin
@@ -92,6 +99,7 @@ user2 = disable
 bind_port = 7000
 
 [plugin.multiuser]
+; if you set tls_mode = true, you should change addr value to https://127.0.0.1:7200
 addr = 127.0.0.1:7200
 path = /handler
 ops = Login,NewWorkConn,NewUserConn,NewProxy,Ping
@@ -131,6 +139,8 @@ local_port = 22
 remote_port = 6000
 ```
 
+5. Manage your users in browser via: http://127.0.0.1:7200 or https://127.0.0.1:7200
+
 ## Run as service
 
 this example is for `ubuntu` and with `root` user
@@ -169,3 +179,4 @@ If you have any issues or ideas, put it on [issues](https://github.com/yhl452493
 + [fp-multiuser](https://github.com/gofrp/fp-multiuser)
 + [layui](https://github.com/layui/layui)
 + [layui-theme-dark](https://github.com/Sight-wcg/layui-theme-dark)
++ [echarts](https://github.com/apache/echarts)

README_zh.md

@@ -7,6 +7,7 @@ frps-panel 是 [frp](https://github.com/fatedier/frp) 的一个服务端插件
 frps-panel 会以一个单独的进程运行，并接收 frps 发送过来的 HTTP 请求。
 
 ![支持英文](screenshots/i18n.png)
+![登录页面](screenshots/login.png)
 ![服务器信息](screenshots/server%20info.png)
 ![用户列表](screenshots/user%20list.png)
 ![新增列表](screenshots/new%20user.png)
@@ -41,6 +42,7 @@ frps-panel 会以一个单独的进程运行，并接收 frps 发送过来的 HT
 ```ini
 [common]
 ;插件监听地址
+;如果上面配置中 tls_mode = true, 则把plugin_addr的值改为 https://127.0.0.1:7200
 plugin_addr = 127.0.0.1
 ;插件端口
 plugin_port = 7200
@@ -48,6 +50,13 @@ plugin_port = 7200
 admin_user  = admin
 ;插件管理页面密码,与账号一起进行鉴权,可选
 admin_pwd   = admin
+;登录状态空闲时间(秒):0-浏览器完全退出前不用重新登录,大于0-空闲超过此时间则需要重新登录.
+admin_keep_time = 0
+
+; frps 面板页面是否启用https访问,如果为true,则只能通过https访问
+tls_mode = false
+; tls_cert_file = cert.crt
+; tls_key_file = cert.key
 
 ; frp服务器的看板页面信息，必须配置，且与frp服务器一致，否则无法获取服务器信息
 dashboard_addr = 127.0.0.1
@@ -131,6 +140,8 @@ local_port = 22
 remote_port = 6000
 ```
 
+5.浏览器中输入地址: http://127.0.0.1:7200 或 https://127.0.0.1:7200 进入管理页面进行用户管理
+
 ## 以服务的形式运行
 
 本实例是在 `ubuntu` 下， 以 `root` 用户执操作
@@ -169,3 +180,4 @@ ___如果要从外网访问管理界面, 需要把配置中的 `plugin_addr` 改
 + [fp-multiuser](https://github.com/gofrp/fp-multiuser)
 + [layui](https://github.com/layui/layui)
 + [layui-theme-dark](https://github.com/Sight-wcg/layui-theme-dark)
++ [echarts](https://github.com/apache/echarts)

assets/lang/en.json

@@ -89,5 +89,14 @@
   "Current Connections": "Current Connections",
   "Client Counts": "Client Counts",
   "Proxy Counts": "Proxy Counts",
-  "Not Set": "Not Set"
+  "Not Set": "Not Set",
+  "Proxy": "Proxies",
+  "Username": "Username",
+  "Password": "Password",
+  "Login": "Login",
+  "Please input username": "Please input username",
+  "Please input password": "Please input password",
+  "Login success": "Login success",
+  "Username or password incorrect": "Username or password incorrect",
+  "Token invalid": "Token invalid"
 }

assets/lang/zh.json

@@ -89,5 +89,14 @@
   "Current Connections": "当前连接数",
   "Client Counts": "客户端总数",
   "Proxy Counts": "代理总数",
-  "Not Set": "未配置"
+  "Not Set": "未配置",
+  "Proxy": "代理数量",
+  "Username": "用户名",
+  "Password": "密码",
+  "Login": "登录",
+  "Please input username": "请填写用户名",
+  "Please input password": "请填写密码",
+  "Login success": "登录成功",
+  "Username or password incorrect": "用户名或密码错误",
+  "Token invalid": "登录信息无效"
 }

assets/static/css/color.css

@@ -113,7 +113,17 @@ section.proxy-list .proxy-info .layui-row .layui-row > div:first-child {
     color: #99a9bf;
 }
 
+.login-title,
+.login-title a {
+    color: #333 !important;
+}
+
 @media (prefers-color-scheme: dark) {
+    .login-title,
+    .login-title a {
+        color: #99a9bf !important;
+    }
+
     .layui-bg-blue {
         background-color: #395c74 !important;
     }
@@ -154,6 +164,11 @@ section.proxy-list .proxy-info .layui-row .layui-row > div:first-child {
         border-color: #5f5f60;
     }
 
+    .layui-form-danger + .layui-form-select .layui-input,
+    .layui-form-danger:focus {
+        border-color: #ff5722 !important;
+    }
+
     .layui-form-checkbox[lay-skin=primary]:hover > i {
         border-color: #5f5f60;
     }

assets/static/css/index.css

@@ -14,6 +14,10 @@ section {
     box-sizing: border-box;
 }
 
+.layui-layout-admin .layui-body {
+    padding: 0;
+}
+
 .layui-header {
     line-height: 60px;
     font-size: 16px;
@@ -43,6 +47,19 @@ section {
     height: 100%;
     padding: 0 15px;
     box-sizing: border-box;
+    display: flex;
+}
+
+.layui-title #title {
+    flex: 1;
+    display: inline-block;
+}
+
+.layui-title #logout{
+    display: inline-block;
+    font-size: 20px;
+    font-weight: bold;
+    cursor: pointer;
 }
 
 .layui-nav.layui-nav-tree {

assets/static/css/layui-theme-dark.css

@@ -443,10 +443,6 @@
     border-left: 5px solid var(--lay-color-border-4)
   }
 
-  .layui-text pre > code:not(.layui-code) {
-    background-color: var(--lay-color-bg-white)
-  }
-
   /* 字体颜色 */
   .layui-font-red {
     color: var(--lay-color-red-6) !important
@@ -595,7 +591,7 @@
   }
 
   /* 数字输入框动态点缀  */
-  .layui-input-wrap .layui-input-number .layui-icon:first-child {
+  .layui-input-wrap .layui-input-number .layui-icon-up {
     border-bottom-color: var(--lay-color-border-1)
   }
 
@@ -1042,6 +1038,7 @@
     background-color: var(--lay-color-bg-5)
   }
 
+  /* 单元格多行展开风格  */
   .layui-table-cell-c {
     background-color: var(--lay-color-gray-13);
     color: var(--lay-color-text-1);
@@ -1052,6 +1049,25 @@
     border-color: var(--lay-color-secondary-hover);
   }
 
+  /* 单元格 TIPS 展开风格  */
+  body .layui-table-tips .layui-layer-content {
+    box-shadow: var(--lay-shadow-3)
+  }
+
+  .layui-table-tips-main {
+    background-color: var(--lay-color-bg-5);
+    color: var(--lay-color-text-3)
+  }
+
+  .layui-table-tips-c {
+    background-color: var(--lay-color-gray-13);
+    color: var(--lay-color-text-1)
+  }
+
+  .layui-table-tips-c:hover {
+    background-color: var(--lay-color-gray-10)
+  }
+
   /** 文件上传 **/
   .layui-upload-choose {
     color: var(--lay-color-gray-8)
@@ -1411,7 +1427,7 @@
   .layui-code {
     border: 1px solid var(--lay-color-border-2);
     background-color: var(--lay-color-bg-white);
-    color: var(--lay-color-black-5)
+    color: var(--lay-color-text-2)
   }
 
   /** 穿梭框 **/
@@ -1634,37 +1650,58 @@
   /*code 不处理*/
   .layui-code-view {
     border: 1px solid var(--lay-color-border-1);
+  }
+
+  .layui-code-view:not(.layui-code-hl) {
     background-color: var(--lay-color-bg-2);
     color: var(--lay-color-text-2);
-    border-left-width: 6px;
   }
 
-  .layui-code-title {
-    border-bottom: 1px solid var(--lay-color-border-2)
-  }
-
-  .layui-code-title > .layui-code-about {
-    color: #c5c5c5
-  }
-
-  .layui-code-view > .layui-code-ol > li {
-    border-left: 1px solid var(--lay-color-border-2);
+  .layui-code-header {
+    border-bottom: 1px solid var(--lay-color-border-1);
     background-color: var(--lay-color-bg-2)
   }
 
-  .layui-code-view > .layui-code-ul > li {
-    background-color: var(--lay-color-bg-2)
+  .layui-code-header > .layui-code-header-about {
+    color: var(--lay-color-text-2);
   }
 
-  .layui-code-dark {
-    border: 1px solid #3d3d3d;
-    border-left-color: #656565;
-    background-color: #3d3d3d;
-    color: var(--lay-color-gray-8)
+  .layui-code-view:not(.layui-code-hl) .layui-code-ln-side {
+    border-color: var(--lay-color-border-1);
+    background-color: var(--lay-color-bg-2);
   }
 
-  .layui-code-dark > .layui-code-ol > li, .layui-code-dark > .layui-code-ul > li {
-    background-color: #3f3f3f
+  .layui-code-nowrap > .layui-code-ln-side {
+    background: none !important;
+  }
+
+  .layui-code-fixbar > span {
+    color: var(--lay-color-text-3);
+  }
+
+  .layui-code-fixbar > span:hover {
+    color: var(--lay-color-secondary-hover);
+  }
+
+  .layui-code-theme-dark {
+    border-color: rgb(126 122 122 / 15%);
+    background-color: #1f1f1f;
+    color: #ccc;
+  }
+
+  .layui-code-theme-dark > .layui-code-ln-side {
+    border-right-color: #2a2a2a;
+    background: none;
+    color: #6e7681;
+  }
+
+  .layui-code-view.layui-code-hl > .layui-code-ln-side {
+    background-color: transparent;
+  }
+
+  .layui-code-theme-dark.layui-code-hl,
+  .layui-code-theme-dark.layui-code-hl > .layui-code-ln-side {
+    border-color: rgb(126 122 122 / 15%);
   }
 
   .layui-code-full {
@@ -2183,12 +2220,4 @@
   .layui-slider-input .layui-input {
     background-color: var(--lay-color-bg-2);
   }
-
-  a {
-    color: var(--lay-color-text-1)
-  }
-
-  .layui-code, pre > code {
-    background-color: var(--lay-color-bg-2)
-  }
 }

assets/static/css/login.css

@@ -0,0 +1,30 @@
+html, body {
+    width: 100%;
+    height: 100%;
+}
+
+body {
+    display: flex;
+    flex-direction: column;
+    justify-content: center;
+}
+
+.login-title {
+    text-align: center;
+    margin-bottom: 50px;
+}
+
+.login-title .title-text {
+    font-size: 24px;
+    text-align: center;
+    font-weight: bold;
+}
+
+.login-title .title-version {
+    font-size: 12px;
+}
+
+.login-container {
+    width: 320px;
+    margin: 0 auto;
+}

assets/static/js/index-proxy-list.js

@@ -106,6 +106,10 @@ var loadProxyInfo = (function ($) {
             cols: [cols],
             page: navigator.language.indexOf("zh") !== -1,
             data: data,
+            initSort: {
+                field: 'name',
+                type: 'asc'
+            },
             done: function (res, curr, count, origin) {
                 //向每一行tr后面追加显示子table的tr
                 var $tr = $('.layui-table-view[lay-id=' + this.id + '] tbody tr');
@@ -116,7 +120,6 @@ var loadProxyInfo = (function ($) {
                     var useCompression = datum.conf.use_compression;
                     datum.conf.use_encryption = i18n[useEncryption];
                     datum.conf.use_compression = i18n[useCompression];
-                    console.log(datum)
                     var html = layui.laytpl(expandTrTemplateHtml).render({
                         index: i,
                         colspan: cols.length - 1,

assets/static/js/index-server-info.js

@@ -139,7 +139,7 @@ var loadServerInfo = (function ($) {
         var chart = echarts.init(chartDom);
         var option = {
             title: {
-                text: i18n['Proxies'],
+                text: i18n['Proxy'],
                 subtext: i18n['now'],
                 left: 'center',
                 textStyle: {

assets/static/js/index-user-list.js

@@ -227,10 +227,7 @@ var loadUserList = (function ($) {
      * set verify rule of layui.form
      */
     (function setFormVerifyRule() {
-        layui.form.set({
-            verIncludeRequired: true,
-            verify: verifyRules
-        });
+        layui.form.verify(verifyRules);
     })();
 
     /**

assets/static/js/index.js

@@ -1,8 +1,19 @@
 var http_port, https_port;
 (function ($) {
     $(function () {
+        function init() {
             var langLoading = layui.layer.load()
             $.getJSON('/lang.json').done(function (lang) {
+                $.ajaxSetup({
+                    error: function (xhr,) {
+                        if (xhr.status === 401) {
+                            layui.layer.msg(lang['TokenInvalid'], function () {
+                                window.location.reload();
+                            });
+                        }
+                    },
+                })
+
                 layui.element.on('nav(leftNav)', function (elem) {
                     var id = elem.attr('id');
                     var title = elem.text();
@@ -22,5 +33,18 @@ var http_port, https_port;
             }).always(function () {
                 layui.layer.close(langLoading);
             });
+        }
+
+        function logout() {
+            $.get("/logout", function (result) {
+                window.location.reload();
+            });
+        }
+
+        $(document).on('click.logout', '#logout', function () {
+            logout();
+        });
+
+        init();
     });
 })(layui.$);

assets/static/js/login.js

@@ -0,0 +1,33 @@
+(function ($) {
+    $(function () {
+        function login() {
+            if (!layui.form.validate('#loginForm')) {
+                return;
+            }
+
+            $.ajax({
+                url: "/login",
+                type: 'post',
+                data: {
+                    username: $('#username').val(),
+                    password: $('#password').val()
+                },
+                success: function (result) {
+                    if (result.success) {
+                        window.location.reload();
+                    } else {
+                        layui.layer.msg(result.message);
+                    }
+                }
+            });
+        }
+
+        $(document).on('click.login', '#login', function () {
+            login();
+        }).on('keydown', function (e) {
+            if (e.keyCode === 13) {
+                login();
+            }
+        });
+    })
+})(layui.$)

assets/templates/index.html

@@ -5,7 +5,7 @@
     <link rel="stylesheet" href="./static/lib/layui/css/layui.css">
     <link rel="stylesheet" href="./static/css/layui-theme-dark.css">
     <link rel="stylesheet" href="./static/css/index.css">
-    <link rel="stylesheet" href="./static/css/index-color.css">
+    <link rel="stylesheet" href="./static/css/color.css">
     <script src="./static/lib/layui/layui.js"></script>
     <script src="./static/lib/echarts.min.js"></script>
     <script src="./static/lib/filesize.min.js"></script>
@@ -22,17 +22,17 @@
             content: '${ .None }';
         }
     </style>
-    <style>
-        .layui-layout-admin .layui-body {
-            padding: 0;
-        }
-    </style>
 </head>
 <body>
 <div class="layui-layout layui-layout-admin">
     <div class="layui-header layui-bg-blue">
-        <div class="layui-logo layui-hide-xs layui-bg-black">${ .FrpsPanel }</div>
-        <div class="layui-title" id="title"></div>
+        <div class="layui-logo layui-bg-black">${ .FrpsPanel }</div>
+        <div class="layui-title">
+            <span id="title"></span>
+            ${ if .showExit }
+            <span class="layui-icon layui-icon-logout" id="logout"></span>
+            ${ end }
+        </div>
     </div>
     <div class="layui-side layui-bg-black">
         <div class="layui-side-scroll">

assets/templates/login.html

@@ -0,0 +1,43 @@
+<!DOCTYPE html>
+<html lang="">
+<head>
+    <title>Login</title>
+    <link rel="stylesheet" href="./static/lib/layui/css/layui.css">
+    <link rel="stylesheet" href="./static/css/layui-theme-dark.css">
+    <link rel="stylesheet" href="./static/css/color.css">
+    <link rel="stylesheet" href="./static/css/login.css">
+    <script src="./static/lib/layui/layui.js"></script>
+    <script src="./static/js/login.js"></script>
+</head>
+<body>
+<div class="login-title">
+    <a href="https://github.com/yhl452493373/frps-panel" target="_blank">
+        <span class="title-text">${ .FrpsPanel }</span>
+        <span class="title-version">${ .version }</span>
+    </a>
+</div>
+<div class="layui-form login-container" id="loginForm">
+    <div class="layui-form-item">
+        <div class="layui-input-wrap">
+            <div class="layui-input-prefix">
+                <i class="layui-icon layui-icon-username"></i>
+            </div>
+            <input type="text" id="username" value="" lay-verify="required" placeholder="${ .Username }"
+                   lay-reqtext="${ .PleaseInputUsername }" autocomplete="off" class="layui-input" lay-affix="clear">
+        </div>
+    </div>
+    <div class="layui-form-item">
+        <div class="layui-input-wrap">
+            <div class="layui-input-prefix">
+                <i class="layui-icon layui-icon-password"></i>
+            </div>
+            <input type="password" id="password" value="" lay-verify="required" placeholder="${ .Password }"
+                   lay-reqtext="${ .PleaseInputPassword }" autocomplete="off" class="layui-input" lay-affix="eye">
+        </div>
+    </div>
+    <div class="layui-form-item">
+        <button class="layui-btn layui-btn-fluid" id="login">${ .Login }</button>
+    </div>
+</div>
+</body>
+</html>

cmd/frps-panel/cmd.go

@@ -13,7 +13,7 @@ import (
 	"strings"
 )
 
-const version = "1.4.0"
+const version = "1.6.0"
 
 var (
 	showVersion bool
@@ -40,23 +40,17 @@ var rootCmd = &cobra.Command{
 		}
 		rootDir := filepath.Dir(executable)
 
-		common, tokens, ports, domains, subdomains, iniFile, err := ParseConfigFile(configFile)
+		config, tls, err := ParseConfigFile(configFile)
 		if err != nil {
 			log.Printf("fail to start frps-panel : %v", err)
 			return err
 		}
+
 		s, err := server.New(
 			rootDir,
-			controller.HandleController{
-				CommonInfo: common,
-				Tokens:     tokens,
-				Ports:      ports,
-				Domains:    domains,
-				Subdomains: subdomains,
-				ConfigFile: configFile,
-				IniFile:    iniFile,
-				Version:    version,
-			})
+			config,
+			tls,
+		)
 		if err != nil {
 			return err
 		}
@@ -74,12 +68,16 @@ func Execute() {
 	}
 }
 
-func ParseConfigFile(file string) (controller.CommonInfo, map[string]controller.TokenInfo, map[string][]string, map[string][]string, map[string][]string, *ini.File, error) {
+func ParseConfigFile(file string) (controller.HandleController, server.TLS, error) {
 	common := controller.CommonInfo{}
 	users := make(map[string]controller.TokenInfo)
 	ports := make(map[string][]string)
 	domains := make(map[string][]string)
 	subdomains := make(map[string][]string)
+	tls := server.TLS{
+		Enable:   false,
+		Protocol: "HTTP",
+	}
 
 	iniFile, err := ini.LoadSources(ini.LoadOptions{
 		Insensitive:         false,
@@ -95,27 +93,66 @@ func ParseConfigFile(file string) (controller.CommonInfo, map[string]controller.
 		} else {
 			log.Printf("fail to parse token file %s : %v", file, err)
 		}
-		return common, nil, nil, nil, nil, iniFile, err
+		return controller.HandleController{
+			CommonInfo: common,
+			Tokens:     nil,
+			Ports:      nil,
+			Domains:    nil,
+			Subdomains: nil,
+			IniFile:    iniFile,
+		}, tls, err
 	}
 
 	commonSection, err := iniFile.GetSection("common")
 	if err != nil {
 		log.Printf("fail to get [common] section from file %s : %v", file, err)
-		return common, nil, nil, nil, nil, iniFile, err
+		return controller.HandleController{
+			CommonInfo: common,
+			Tokens:     nil,
+			Ports:      nil,
+			Domains:    nil,
+			Subdomains: nil,
+			IniFile:    iniFile,
+		}, tls, err
 	}
 	common.PluginAddr = commonSection.Key("plugin_addr").MustString("0.0.0.0")
 	common.PluginPort = commonSection.Key("plugin_port").MustInt(7200)
 	common.User = commonSection.Key("admin_user").Value()
 	common.Pwd = commonSection.Key("admin_pwd").Value()
+	common.KeepTime = commonSection.Key("admin_keep_time").MustInt(0)
 	common.DashboardAddr = commonSection.Key("dashboard_addr").MustString("127.0.0.1")
 	common.DashboardPort = commonSection.Key("dashboard_port").MustInt(7500)
 	common.DashboardUser = commonSection.Key("dashboard_user").Value()
 	common.DashboardPwd = commonSection.Key("dashboard_pwd").Value()
+	common.DashboardTLS = strings.HasPrefix(strings.ToLower(common.DashboardAddr), "https://")
+
+	if common.KeepTime < 0 {
+		common.KeepTime = 0
+	}
+
+	tls.Enable = commonSection.Key("tls_mode").MustBool(false)
+	tls.Cert = commonSection.Key("tls_cert_file").MustString("")
+	tls.Key = commonSection.Key("tls_key_file").MustString("")
+	if tls.Enable {
+		tls.Protocol = "HTTPS"
+	}
+	if tls.Enable && (strings.TrimSpace(tls.Cert) == "" || strings.TrimSpace(tls.Key) == "") {
+		tls.Enable = false
+		tls.Protocol = "HTTP"
+		log.Printf("fail to enable tls: tls cert or key not exist, use http as default.")
+	}
 
 	portsSection, err := iniFile.GetSection("ports")
 	if err != nil {
 		log.Printf("fail to get [ports] section from file %s : %v", file, err)
-		return common, nil, nil, nil, nil, iniFile, err
+		return controller.HandleController{
+			CommonInfo: common,
+			Tokens:     nil,
+			Ports:      nil,
+			Domains:    nil,
+			Subdomains: nil,
+			IniFile:    iniFile,
+		}, tls, err
 	}
 	for _, key := range portsSection.Keys() {
 		user := key.Name()
@@ -127,7 +164,14 @@ func ParseConfigFile(file string) (controller.CommonInfo, map[string]controller.
 	domainsSection, err := iniFile.GetSection("domains")
 	if err != nil {
 		log.Printf("fail to get [domains] section from file %s : %v", file, err)
-		return common, nil, nil, nil, nil, iniFile, err
+		return controller.HandleController{
+			CommonInfo: common,
+			Tokens:     nil,
+			Ports:      nil,
+			Domains:    nil,
+			Subdomains: nil,
+			IniFile:    iniFile,
+		}, tls, err
 	}
 	for _, key := range domainsSection.Keys() {
 		user := key.Name()
@@ -139,7 +183,14 @@ func ParseConfigFile(file string) (controller.CommonInfo, map[string]controller.
 	subdomainsSection, err := iniFile.GetSection("subdomains")
 	if err != nil {
 		log.Printf("fail to get [subdomains] section from file %s : %v", file, err)
-		return common, nil, nil, nil, nil, iniFile, err
+		return controller.HandleController{
+			CommonInfo: common,
+			Tokens:     nil,
+			Ports:      nil,
+			Domains:    nil,
+			Subdomains: nil,
+			IniFile:    iniFile,
+		}, tls, err
 	}
 	for _, key := range subdomainsSection.Keys() {
 		user := key.Name()
@@ -151,13 +202,27 @@ func ParseConfigFile(file string) (controller.CommonInfo, map[string]controller.
 	usersSection, err := iniFile.GetSection("users")
 	if err != nil {
 		log.Printf("fail to get [users] section from file %s : %v", file, err)
-		return common, nil, nil, nil, nil, iniFile, err
+		return controller.HandleController{
+			CommonInfo: common,
+			Tokens:     nil,
+			Ports:      nil,
+			Domains:    nil,
+			Subdomains: nil,
+			IniFile:    iniFile,
+		}, tls, err
 	}
 
 	disabledSection, err := iniFile.GetSection("disabled")
 	if err != nil {
 		log.Printf("fail to get [disabled] section from file %s : %v", file, err)
-		return common, nil, nil, nil, nil, iniFile, err
+		return controller.HandleController{
+			CommonInfo: common,
+			Tokens:     nil,
+			Ports:      nil,
+			Domains:    nil,
+			Subdomains: nil,
+			IniFile:    iniFile,
+		}, tls, err
 	}
 
 	keys := usersSection.Keys()
@@ -177,6 +242,14 @@ func ParseConfigFile(file string) (controller.CommonInfo, map[string]controller.
 		}
 		users[token.User] = token
 	}
-
-	return common, users, ports, domains, subdomains, iniFile, nil
+	return controller.HandleController{
+		CommonInfo: common,
+		Tokens:     users,
+		Ports:      ports,
+		Domains:    domains,
+		Subdomains: subdomains,
+		ConfigFile: configFile,
+		IniFile:    iniFile,
+		Version:    version,
+	}, tls, nil
 }

config/cert.crt

@@ -0,0 +1,46 @@
+-----BEGIN CERTIFICATE-----
+MIIDwDCCAqigAwIBAgIIYb+7dG3vm+swDQYJKoZIhvcNAQELBQAwejELMAkGA1UE
+BhMCQ04xFzAVBgNVBAoTDktleU1hbmFnZXIub3JnMTEwLwYDVQQLEyhLZXlNYW5h
+Z2VyIFRlc3QgUm9vdCAtIEZvciBUZXN0IFVzZSBPbmx5MR8wHQYDVQQDExZLZXlN
+YW5hZ2VyIFRlc3QgUlNBIENBMB4XDTIzMDkxMTA5NTY0NloXDTI0MDkxMTA5NTY0
+NlowJjELMAkGA1UEBhMCQ04xFzAVBgNVBAMTDmxvY2FsaG9zdDo3MjAwMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqp/BNnNx4OGqJHNLN0GX8MDUO4PI
+WJ9rq6by65i2RXd4t51yyOH68l/TNmfCXcUQ91SvBBD+P2dK2gkZOlprDOS3tO+G
+sCTAAEf/tv1+N2ZqDUPKwaIH60seDJd2a3A97KtfySFVrCUrlTeB/tPL5XMBFwTT
+xPvfV6RULAaK6lJGdrM9/k/vYfneE+ZY5Bo1b7kaqZLOz9LW3icarPGcFDIes/Lu
+d3sCbpjza0bAKFy594vIdwqjRY4OHdubwXV3wV/AxgA0tQNyYADFwa3YeSvBsfFq
+PortWOAYKrg86RJJ8ilQumNiEs6FSYnSatbjMkKh7q9EerJf/exlW1IzDQIDAQAB
+o4GdMIGaMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
+BQUHAwIwHQYDVR0OBBYEFJFGsaMxKCw1E2r2NC+PxdiI4p/VMB8GA1UdIwQYMBaA
+FIBNaqqKRqtaWv5Us+XACf5jiY2rMCkGA1UdEQQiMCCCDmxvY2FsaG9zdDo3MjAw
+gg4xMjcuMC4wLjE6NzIwMDANBgkqhkiG9w0BAQsFAAOCAQEAhuNAScvlzJKL4aAm
+bPl6Yru85GZZk+QmL8tICT9rxfq5L/5RhZXuTIqBDLB+ETHq5yQdiUJTphMpq2i3
+UZUzSMkUFokLROKWaENJz82RWYPUGNLqUO7vTIy2HGd4qOYjWDlHba7d9UIRTcKx
+1pd4rqXRTka1rprmoBcSNgcFDcKmctgliOPFqa9V89xrWSznahNqRqdkvbzuuHFz
+oZHKsTBzZ65Mk/E5+EdOYgEPg4kBfBMP7LXabUYCON1ArekRUHS1QJ0yCrzDpUxu
+0XnFTHaoBtP2o7tqmRQk78/8UkqOkz8241p2Tl8n3YZDiJbrv6okTPe+c/m9xD37
+2kwdDg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID2jCCAsKgAwIBAgIIcAbJXpLHgDkwDQYJKoZIhvcNAQELBQAwezELMAkGA1UE
+BhMCQ04xFzAVBgNVBAoTDktleU1hbmFnZXIub3JnMTEwLwYDVQQLEyhLZXlNYW5h
+Z2VyIFRlc3QgUm9vdCAtIEZvciBUZXN0IFVzZSBPbmx5MSAwHgYDVQQDExdLZXlN
+YW5hZ2VyIFRlc3QgUm9vdCBDQTAeFw0yMzA5MTEwOTEzNTFaFw0zMzA5MTEwOTEz
+NTFaMHoxCzAJBgNVBAYTAkNOMRcwFQYDVQQKEw5LZXlNYW5hZ2VyLm9yZzExMC8G
+A1UECxMoS2V5TWFuYWdlciBUZXN0IFJvb3QgLSBGb3IgVGVzdCBVc2UgT25seTEf
+MB0GA1UEAxMWS2V5TWFuYWdlciBUZXN0IFJTQSBDQTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBANfE1y7r94k5LeDncCnOfjItWXWWuNAzJFXsd0620cON
+5jXCYfVGdRqPkpHtLml1OiMtnSyxxqIASCsxn+puvXPy12FJkTq8D5GtuuLk/8oI
+iiGvFTbVR1C63ZwYQ/MOjMbmlICNVNFYDZfPbALLaZbvtd2q9xc/bq0zd9P6cfW4
+GKZyGNwmrNukUtXkIdPIaUiNRiseHwwyR//bJh9GFhCw5jpVK5bnDT1PZYFKww0J
+qv5kA9fCY/Xm635MfRsvNI+2RMOBhKgblWGmDCaJMOglgyao3AVK8ajrNrlAoTHC
+9Lcm4dQc2p0KUVfRitLio2ANKM3oh8q2qHPFrAnvjzcCAwEAAaNjMGEwDgYDVR0P
+AQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFIBNaqqKRqtaWv5U
+s+XACf5jiY2rMB8GA1UdIwQYMBaAFEOl8mT1ZXKyUe00w/jyQQKMYUQAMA0GCSqG
+SIb3DQEBCwUAA4IBAQCouCabkdzZKiGMKlrCE0y/eDNqBUwdERWD+Xrxhm/K13bg
+gJJXZsWWr2/iumbWkc3N9W5J2gyFc+iO79VrVMzlq2Kfbhy5XY5gioC8n1BL4FPs
+lmOGtO/8NubZhjTVrE/wH2iDcC9vfE5EAM/axnQXA1DjuEhyRnZe40lTXnA37vc1
+f0hizePrPiMNpzJLZ9kj9pvOYRc7h+Oe04fz+iG5iSlJ/s4y81o0oOJkDLatfveC
++L2ZqbiagZTsBYiL68Y612n7UDH2tUpyE6hCxYlNb+hCMFLakRHfp/IHcz6oHxvV
+kyJ5FwVvwn9fy4QOi/NsfASdb4AnyqRkJKNSlqWw
+-----END CERTIFICATE-----

config/cert.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAqp/BNnNx4OGqJHNLN0GX8MDUO4PIWJ9rq6by65i2RXd4t51y
+yOH68l/TNmfCXcUQ91SvBBD+P2dK2gkZOlprDOS3tO+GsCTAAEf/tv1+N2ZqDUPK
+waIH60seDJd2a3A97KtfySFVrCUrlTeB/tPL5XMBFwTTxPvfV6RULAaK6lJGdrM9
+/k/vYfneE+ZY5Bo1b7kaqZLOz9LW3icarPGcFDIes/Lud3sCbpjza0bAKFy594vI
+dwqjRY4OHdubwXV3wV/AxgA0tQNyYADFwa3YeSvBsfFqPortWOAYKrg86RJJ8ilQ
+umNiEs6FSYnSatbjMkKh7q9EerJf/exlW1IzDQIDAQABAoIBAFcIGBEDQAI6eYQQ
+PzyXO751TYxyAv6Zit1K0jw0cDzs3Omj6UnoYw3ArUbiFDWqcKYITyGe3WFP+dFP
+tMucFWDFRaOITkaI6Fr8XsZjdT8jAVN00faFBM8TSOeZVrEk1qFjJP+9/ipJ53o8
+jxWByU5npBWuw6qF432b98dhKvisW5Uu1hw8z935ld7uk3nF2mWAxzrTq8GE+Mn5
+Ic0yDmxnd/6rgUuAVtfGMDsKCks7P0J4bvxIG8fDnWh40SwNffrlHZ1Fz/yqJCCl
+tzkbQnX7lp4JGq1NkubgIchQ5pJzoqzWSShr72tyipjpTBIKDWT6TMapp0Y+veJX
+jl4fXs0CgYEA2kBFyO+/BSjOLmlftvos1YqrJD9eSy9ydSY9jRF/6qX1AWbbmH2c
+rIN+kLeQtoFP87BMpMU1qDhmqbXx+WLaMYU0RTB8oNhriUbXE2hs7ndGm/FS8yzu
+wG0xHBT8Bm8WA/5/bmFbjUCA7eSKYczYrHFd/aaf5HKGtGFJx8jz4t8CgYEAyCKm
+vqJ1WGK2Ql/hN1Gw3/rmyzgPqMgfq0gi7cQ3bRY/txK5vWHcDQdIywpxmmMWpkzy
+UX3m9hMb2ao01riFngIhBJslong0ExLSv50bi9evCAL0dZCQFPaBCgjNoMRjofGq
+SE0fJMDEOqcEt2fEAH8Fa4FUw9MKAypV++H7s5MCgYEA1gZpaN8Sp/CYIJNdNYao
+KNDPe8BYq8pfp9pUSd57XpRYa4N+nU+xMMvSdgBNfWvaB9M/leV+9PQ6WPr/y9vQ
+tPc3hxJBZUpWSkyZ5YJmMIPvTkWdXrMVfsaVfkBl1bliEZClTo1SxnYW+TNBMR88
+6/5QecnIyrI0vvcY7z51TGkCgYB8CpYEc5Z9WHkUPG7PJY+V0uE2tSFnf9m5BDW5
+3jJoJzEIW8/JJB0J6ijgxzFP+fgwzGInxfvfKkrJpqenKaiPHUyvmSVDRHMqGzGJ
+12saSmzOb15qe1YB2CJ0QK6J5Q7HcYwT0dDqq5szqw7OSb7+e7u1POx3jpaXDadL
+PW4OhwKBgHcZWsXJUaKesNJbeGeRKmQHooSdrE69gika1HU7GYmTV3JwvAFrHSNF
+EGMMTmWc6nTh63ADO/f+dpAoJVOQM/OhEVVyfvlByLEFeieGegwyREWVYajW+6Dt
+Ztrafmyvn+r3yhWN9g+p1yQTeVLw23ir9cYhP8OqnL4d89c3o+r3
+-----END RSA PRIVATE KEY-----

config/frps-panel.ini

@@ -5,6 +5,14 @@ plugin_addr    = 127.0.0.1
 plugin_port = 7200
 admin_user = admin
 admin_pwd = admin
+; specified login state keep time
+admin_keep_time = 0
+
+; enable tls
+tls_mode = false
+; tls_cert_file = cert.crt
+; tls_key_file = cert.key
+
 ; frp dashboard info
 dashboard_addr = 127.0.0.1
 dashboard_port = 7500

go.mod

@@ -17,11 +17,15 @@ require (
 	github.com/fatedier/beego v0.0.0-20171024143340-6c6a4f5bd5eb // indirect
 	github.com/fatedier/golib v0.1.1-0.20200901083111-1f870741e185 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
+	github.com/gin-contrib/sessions v0.0.5 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-playground/validator/v10 v10.14.1 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
+	github.com/gorilla/context v1.1.1 // indirect
+	github.com/gorilla/securecookie v1.1.1 // indirect
+	github.com/gorilla/sessions v1.2.1 // indirect
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.5 // indirect

go.sum

@@ -46,6 +46,8 @@ github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9
 github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gin-contrib/i18n v1.0.0 h1:e5uEOmaAr09Iyr4vuWuvvpByjmvxGDO7iSkmiFpSsk0=
 github.com/gin-contrib/i18n v1.0.0/go.mod h1:yyyTArpVZeXCFT/kbLbD5CS192+OZ8Y+angnJjvnB98=
+github.com/gin-contrib/sessions v0.0.5 h1:CATtfHmLMQrMNpJRgzjWXD7worTh7g7ritsQfmF+0jE=
+github.com/gin-contrib/sessions v0.0.5/go.mod h1:vYAuaUPqie3WUSsft6HUlCjlwwoJQs97miaG2+7neKY=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
 github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg=
@@ -95,7 +97,13 @@ github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
 github.com/googleapis/gnostic v0.1.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
+github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8=
+github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
 github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
+github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
+github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
+github.com/gorilla/sessions v1.2.1 h1:DHd3rPN5lE3Ts3D8rKkQ8x/0kqfeNmBAaiSi+o7FsgI=
+github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
 github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=

package.sh

@@ -1,12 +1,19 @@
 #!/bin/bash
+version=$(cat cmd/frps-panel/cmd.go | grep 'const version' | egrep -o '[0-9.]+')
 cd ./release || exit
 rm -rf *.zip
 list=$(ls frps-panel-*)
 echo "$list"
 for binFile in $list
   do
-    cp "$binFile" frps-panel
-    zip -r "$binFile".zip frps-panel frps-panel.ini assets -x "*.git*" "*.idea*" "*.DS_Store" "*.contentFlavour"
-    rm -rf "$binFile" frps-panel
+    tmpFile=frps-panel
+    newBinFile=$binFile
+    if echo "$binFile" | grep  -q -E "\.exe";then
+      tmpFile=frps-panel.exe
+      newBinFile=${newBinFile%%.exe*}
+    fi
+    cp "$binFile" "$tmpFile"
+    zip -r "$newBinFile-$version".zip "$tmpFile" frps-panel.ini assets -x "*.git*" "*.idea*" "*.DS_Store" "*.contentFlavour"
+    rm -rf "$binFile" "$tmpFile"
   done
   rm -rf frps-panel.ini assets

pkg/server/controller/authorizer.go

@@ -0,0 +1,104 @@
+package controller
+
+import (
+	"encoding/base64"
+	"fmt"
+	"github.com/gin-contrib/sessions"
+	"github.com/gin-gonic/gin"
+	"net/http"
+	"strings"
+	"time"
+)
+
+func (c *HandleController) BasicAuth() gin.HandlerFunc {
+	return func(context *gin.Context) {
+		if strings.TrimSpace(c.CommonInfo.User) == "" || strings.TrimSpace(c.CommonInfo.Pwd) == "" {
+			if context.Request.RequestURI == LoginUrl {
+				context.Redirect(http.StatusTemporaryRedirect, LoginSuccessUrl)
+			}
+			return
+		}
+
+		session := sessions.Default(context)
+		auth := session.Get(AuthName)
+
+		if auth != nil {
+			if c.CommonInfo.KeepTime > 0 {
+				cookie, _ := context.Request.Cookie(SessionName)
+				if cookie != nil {
+					//important thx https://blog.csdn.net/zhanghongxia8285/article/details/107321838/
+					cookie.Expires = time.Now().Add(time.Second * time.Duration(c.CommonInfo.KeepTime))
+					http.SetCookie(context.Writer, cookie)
+				}
+			}
+
+			username, password, _ := parseBasicAuth(fmt.Sprintf("%v", auth))
+
+			usernameMatch := username == c.CommonInfo.User
+			passwordMatch := password == c.CommonInfo.Pwd
+
+			if usernameMatch && passwordMatch {
+				context.Next()
+				return
+			}
+		}
+
+		isAjax := context.GetHeader("X-Requested-With") == "XMLHttpRequest"
+
+		if !isAjax && context.Request.RequestURI != LoginUrl {
+			context.Redirect(http.StatusTemporaryRedirect, LoginUrl)
+		} else {
+			context.AbortWithStatus(http.StatusUnauthorized)
+		}
+	}
+}
+
+func (c *HandleController) LoginAuth(username, password string, context *gin.Context) bool {
+	if strings.TrimSpace(c.CommonInfo.User) == "" || strings.TrimSpace(c.CommonInfo.Pwd) == "" {
+		return true
+	}
+
+	session := sessions.Default(context)
+
+	sessionAuth := session.Get(AuthName)
+	internalAuth := encodeBasicAuth(c.CommonInfo.User, c.CommonInfo.Pwd)
+
+	if sessionAuth == internalAuth {
+		return true
+	} else {
+		basicAuth := encodeBasicAuth(username, password)
+		if basicAuth == internalAuth {
+			session.Set(AuthName, basicAuth)
+			_ = session.Save()
+			return true
+		} else {
+			session.Delete(AuthName)
+			_ = session.Save()
+			return false
+		}
+	}
+}
+
+func ClearAuth(context *gin.Context) {
+	session := sessions.Default(context)
+	session.Delete(AuthName)
+	_ = session.Save()
+}
+
+func parseBasicAuth(auth string) (username, password string, ok bool) {
+	c, err := base64.StdEncoding.DecodeString(auth)
+	if err != nil {
+		return "", "", false
+	}
+	cs := string(c)
+	username, password, ok = strings.Cut(cs, ":")
+	if !ok {
+		return "", "", false
+	}
+	return username, password, true
+}
+
+func encodeBasicAuth(username, password string) string {
+	authString := fmt.Sprintf("%s:%s", username, password)
+	return base64.StdEncoding.EncodeToString([]byte(authString))
+}

pkg/server/controller/controller.go

@@ -1,7 +1,7 @@
 package controller
 
 import (
-	"encoding/base64"
+	"crypto/tls"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -11,104 +11,11 @@ import (
 	"io"
 	"log"
 	"net/http"
-	"regexp"
 	"sort"
 	"strconv"
 	"strings"
 )
 
-const (
-	Success          = 0
-	ParamError       = 1
-	UserExist        = 2
-	SaveError        = 3
-	UserFormatError  = 4
-	TokenFormatError = 5
-	FrpServerError   = 6
-)
-
-var UserFormatReg = regexp.MustCompile("^\\w+$")
-var TokenFormatReg = regexp.MustCompile("^[\\w!@#$%^&*()]+$")
-var TrimAllSpaceReg = regexp.MustCompile("[\\n\\t\\r\\s]")
-var TrimBreakLineReg = regexp.MustCompile("[\\n\\t\\r]")
-
-type Response struct {
-	Msg string `json:"msg"`
-}
-
-type HTTPError struct {
-	Code int
-	Err  error
-}
-
-type CommonInfo struct {
-	PluginAddr    string
-	PluginPort    int
-	User          string
-	Pwd           string
-	DashboardAddr string
-	DashboardPort int
-	DashboardUser string
-	DashboardPwd  string
-}
-
-type TokenInfo struct {
-	User       string `json:"user" form:"user"`
-	Token      string `json:"token" form:"token"`
-	Comment    string `json:"comment" form:"comment"`
-	Ports      string `json:"ports" from:"ports"`
-	Domains    string `json:"domains" from:"domains"`
-	Subdomains string `json:"subdomains" from:"subdomains"`
-	Status     bool   `json:"status" form:"status"`
-}
-
-type TokenResponse struct {
-	Code  int         `json:"code"`
-	Msg   string      `json:"msg"`
-	Count int         `json:"count"`
-	Data  []TokenInfo `json:"data"`
-}
-
-type OperationResponse struct {
-	Success bool   `json:"success"`
-	Code    int    `json:"code"`
-	Message string `json:"message"`
-}
-
-type ProxyResponse struct {
-	OperationResponse
-	Data string `json:"data"`
-}
-
-type TokenSearch struct {
-	TokenInfo
-	Page  int `form:"page"`
-	Limit int `form:"limit"`
-}
-
-type TokenUpdate struct {
-	Before TokenInfo `json:"before"`
-	After  TokenInfo `json:"after"`
-}
-
-type TokenRemove struct {
-	Users []TokenInfo `json:"users"`
-}
-
-type TokenDisable struct {
-	TokenRemove
-}
-
-type TokenEnable struct {
-	TokenDisable
-}
-
-func (e *HTTPError) Error() string {
-	return e.Err.Error()
-}
-
-type HandlerFunc func(ctx *gin.Context) (interface{}, error)
-
 func (c *HandleController) MakeHandlerFunc() gin.HandlerFunc {
 	return func(context *gin.Context) {
 		var response plugin.Response
@@ -116,19 +23,13 @@ func (c *HandleController) MakeHandlerFunc() gin.HandlerFunc {
 
 		request := plugin.Request{}
 		if err := context.BindJSON(&request); err != nil {
-			_ = context.Error(&HTTPError{
-				Code: http.StatusBadRequest,
-				Err:  err,
-			})
+			_ = context.AbortWithError(http.StatusBadRequest, err)
 			return
 		}
 
 		jsonStr, err := json.Marshal(request.Content)
 		if err != nil {
-			_ = context.Error(&HTTPError{
-				Code: http.StatusBadRequest,
-				Err:  err,
-			})
+			_ = context.AbortWithError(http.StatusBadRequest, err)
 			return
 		}
 
@@ -173,10 +74,54 @@ func (c *HandleController) MakeHandlerFunc() gin.HandlerFunc {
 	}
 }
 
-func (c *HandleController) MakeManagerFunc() func(context *gin.Context) {
+func (c *HandleController) MakeLoginFunc() func(context *gin.Context) {
+	return func(context *gin.Context) {
+		if context.Request.Method == "GET" {
+			if c.LoginAuth("", "", context) {
+				if context.Request.RequestURI == LoginUrl {
+					context.Redirect(http.StatusTemporaryRedirect, LoginSuccessUrl)
+				}
+				return
+			}
+			context.HTML(http.StatusOK, "login.html", gin.H{
+				"version":             c.Version,
+				"FrpsPanel":           ginI18n.MustGetMessage(context, "Frps Panel"),
+				"Username":            ginI18n.MustGetMessage(context, "Username"),
+				"Password":            ginI18n.MustGetMessage(context, "Password"),
+				"Login":               ginI18n.MustGetMessage(context, "Login"),
+				"PleaseInputUsername": ginI18n.MustGetMessage(context, "Please input username"),
+				"PleaseInputPassword": ginI18n.MustGetMessage(context, "Please input password"),
+			})
+		} else if context.Request.Method == "POST" {
+			username := context.PostForm("username")
+			password := context.PostForm("password")
+			if c.LoginAuth(username, password, context) {
+				context.JSON(http.StatusOK, gin.H{
+					"success": true,
+					"message": ginI18n.MustGetMessage(context, "Login success"),
+				})
+			} else {
+				context.JSON(http.StatusOK, gin.H{
+					"success": false,
+					"message": ginI18n.MustGetMessage(context, "Username or password incorrect"),
+				})
+			}
+		}
+	}
+}
+
+func (c *HandleController) MakeLogoutFunc() func(context *gin.Context) {
+	return func(context *gin.Context) {
+		ClearAuth(context)
+		context.Redirect(http.StatusTemporaryRedirect, LogoutSuccessUrl)
+	}
+}
+
+func (c *HandleController) MakeIndexFunc() func(context *gin.Context) {
 	return func(context *gin.Context) {
 		context.HTML(http.StatusOK, "index.html", gin.H{
 			"version":                      c.Version,
+			"showExit":                     strings.TrimSpace(c.CommonInfo.User) != "" && strings.TrimSpace(c.CommonInfo.Pwd) != "",
 			"FrpsPanel":                    ginI18n.MustGetMessage(context, "Frps Panel"),
 			"User":                         ginI18n.MustGetMessage(context, "User"),
 			"Token":                        ginI18n.MustGetMessage(context, "Token"),
@@ -289,6 +234,8 @@ func (c *HandleController) MakeLangFunc() func(context *gin.Context) {
 			"now":                   ginI18n.MustGetMessage(context, "now"),
 			"Proxies":               ginI18n.MustGetMessage(context, "Proxies"),
 			"NotSet":                ginI18n.MustGetMessage(context, "Not Set"),
+			"Proxy":                 ginI18n.MustGetMessage(context, "Proxy"),
+			"TokenInvalid":          ginI18n.MustGetMessage(context, "Token invalid"),
 		})
 	}
 }
@@ -696,20 +643,36 @@ func (c *HandleController) MakeEnableTokensFunc() func(context *gin.Context) {
 
 func (c *HandleController) MakeProxyFunc() func(context *gin.Context) {
 	return func(context *gin.Context) {
+		var client *http.Client
+		var protocol string
+
+		if c.CommonInfo.DashboardTLS {
+			client = &http.Client{
+				Transport: &http.Transport{
+					TLSClientConfig: &tls.Config{
+						InsecureSkipVerify: true,
+					},
+				},
+			}
+			protocol = "https://"
+		} else {
+			client = http.DefaultClient
+			protocol = "http://"
+		}
+
 		res := ProxyResponse{}
 		host := c.CommonInfo.DashboardAddr
 		port := c.CommonInfo.DashboardPort
-		requestUrl := "http://" + host + ":" + strconv.Itoa(port) + context.Param("serverApi")
+		requestUrl := protocol + host + ":" + strconv.Itoa(port) + context.Param("serverApi")
 		request, _ := http.NewRequest("GET", requestUrl, nil)
 		username := c.CommonInfo.DashboardUser
-		if len(strings.TrimSpace(username)) != 0 {
 		password := c.CommonInfo.DashboardPwd
-			userAndPwd := []byte(username + ":" + password)
-			authorization := "Basic " + base64.StdEncoding.EncodeToString(userAndPwd)
-			request.Header.Add("Authorization", authorization)
-			log.Printf("Proxy to %s with Authorization %s", requestUrl, authorization)
+		if len(strings.TrimSpace(username)) != 0 && len(strings.TrimSpace(password)) != 0 {
+			request.SetBasicAuth(username, password)
+			log.Printf("Proxy to %s", requestUrl)
 		}
-		response, err := http.DefaultClient.Do(request)
+
+		response, err := client.Do(request)
 
 		if err != nil {
 			res.Code = FrpServerError

pkg/server/controller/handler.go

@@ -3,61 +3,11 @@ package controller
 import (
 	"fmt"
 	plugin "github.com/fatedier/frp/pkg/plugin/server"
-	"github.com/gin-gonic/gin"
-	"gopkg.in/ini.v1"
 	"log"
-	"os"
-	"path/filepath"
 	"strconv"
 	"strings"
 )
 
-type HandleController struct {
-	CommonInfo CommonInfo
-	Tokens     map[string]TokenInfo
-	Ports      map[string][]string
-	Domains    map[string][]string
-	Subdomains map[string][]string
-	ConfigFile string
-	IniFile    *ini.File
-	Version    string
-}
-
-func NewHandleController(config *HandleController) *HandleController {
-	return config
-}
-
-func (c *HandleController) Register(rootDir string, engine *gin.Engine) {
-	assets := filepath.Join(rootDir, "assets")
-	_, err := os.Stat(assets)
-	if err != nil && !os.IsExist(err) {
-		assets = "./assets"
-	}
-
-	engine.Delims("${", "}")
-	engine.LoadHTMLGlob(filepath.Join(assets, "templates/*"))
-	engine.POST("/handler", c.MakeHandlerFunc())
-
-	var group *gin.RouterGroup
-	if len(c.CommonInfo.User) != 0 {
-		group = engine.Group("/", gin.BasicAuthForRealm(gin.Accounts{
-			c.CommonInfo.User: c.CommonInfo.Pwd,
-		}, "Restricted"))
-	} else {
-		group = engine.Group("/")
-	}
-	group.Static("/static", filepath.Join(assets, "static"))
-	group.GET("/", c.MakeManagerFunc())
-	group.GET("/lang.json", c.MakeLangFunc())
-	group.GET("/tokens", c.MakeQueryTokensFunc())
-	group.POST("/add", c.MakeAddTokenFunc())
-	group.POST("/update", c.MakeUpdateTokensFunc())
-	group.POST("/remove", c.MakeRemoveTokensFunc())
-	group.POST("/disable", c.MakeDisableTokensFunc())
-	group.POST("/enable", c.MakeEnableTokensFunc())
-	group.GET("/proxy/*serverApi", c.MakeProxyFunc())
-}
-
 func (c *HandleController) HandleLogin(content *plugin.LoginContent) plugin.Response {
 	token := content.Metas["token"]
 	user := content.User

pkg/server/controller/register.go

@@ -0,0 +1,58 @@
+package controller
+
+import (
+	"github.com/gin-gonic/gin"
+	"gopkg.in/ini.v1"
+	"os"
+	"path/filepath"
+)
+
+type HandleController struct {
+	CommonInfo CommonInfo
+	Tokens     map[string]TokenInfo
+	Ports      map[string][]string
+	Domains    map[string][]string
+	Subdomains map[string][]string
+	ConfigFile string
+	IniFile    *ini.File
+	Version    string
+}
+
+func NewHandleController(config *HandleController) *HandleController {
+	return config
+}
+
+func (c *HandleController) Register(rootDir string, engine *gin.Engine) {
+	assets := filepath.Join(rootDir, "assets")
+	_, err := os.Stat(assets)
+	if err != nil && !os.IsExist(err) {
+		assets = "./assets"
+	}
+
+	engine.Delims("${", "}")
+	engine.LoadHTMLGlob(filepath.Join(assets, "templates/*"))
+	engine.POST("/handler", c.MakeHandlerFunc())
+	engine.Static("/static", filepath.Join(assets, "static"))
+	engine.GET("/lang.json", c.MakeLangFunc())
+	engine.GET(LoginUrl, c.MakeLoginFunc())
+	engine.POST(LoginUrl, c.MakeLoginFunc())
+	engine.GET(LogoutUrl, c.MakeLogoutFunc())
+
+	var group *gin.RouterGroup
+	if len(c.CommonInfo.User) != 0 {
+		//group = engine.Group("/", gin.BasicAuthForRealm(gin.Accounts{
+		//	c.CommonInfo.User: c.CommonInfo.Pwd,
+		//}, "Restricted"))
+		group = engine.Group("/", c.BasicAuth())
+	} else {
+		group = engine.Group("/")
+	}
+	group.GET("/", c.MakeIndexFunc())
+	group.GET("/tokens", c.MakeQueryTokensFunc())
+	group.POST("/add", c.MakeAddTokenFunc())
+	group.POST("/update", c.MakeUpdateTokensFunc())
+	group.POST("/remove", c.MakeRemoveTokensFunc())
+	group.POST("/disable", c.MakeDisableTokensFunc())
+	group.POST("/enable", c.MakeEnableTokensFunc())
+	group.GET("/proxy/*serverApi", c.MakeProxyFunc())
+}

pkg/server/controller/variables.go

@@ -0,0 +1,106 @@
+package controller
+
+import (
+	"regexp"
+)
+
+const (
+	Success          = 0
+	ParamError       = 1
+	UserExist        = 2
+	SaveError        = 3
+	UserFormatError  = 4
+	TokenFormatError = 5
+	FrpServerError   = 6
+
+	SessionName      = "GOSESSION"
+	AuthName         = "_PANEL_AUTH"
+	LoginUrl         = "/login"
+	LoginSuccessUrl  = "/"
+	LogoutUrl        = "/logout"
+	LogoutSuccessUrl = "/login"
+)
+
+var (
+	UserFormatReg    = regexp.MustCompile("^\\w+$")
+	TokenFormatReg   = regexp.MustCompile("^[\\w!@#$%^&*()]+$")
+	TrimAllSpaceReg  = regexp.MustCompile("[\\n\\t\\r\\s]")
+	TrimBreakLineReg = regexp.MustCompile("[\\n\\t\\r]")
+)
+
+type Response struct {
+	Msg string `json:"msg"`
+}
+
+type HTTPError struct {
+	Code int
+	Err  error
+}
+
+type CommonInfo struct {
+	PluginAddr    string
+	PluginPort    int
+	User          string
+	Pwd           string
+	KeepTime      int
+	DashboardTLS  bool
+	DashboardAddr string
+	DashboardPort int
+	DashboardUser string
+	DashboardPwd  string
+}
+
+type TokenInfo struct {
+	User       string `json:"user" form:"user"`
+	Token      string `json:"token" form:"token"`
+	Comment    string `json:"comment" form:"comment"`
+	Ports      string `json:"ports" from:"ports"`
+	Domains    string `json:"domains" from:"domains"`
+	Subdomains string `json:"subdomains" from:"subdomains"`
+	Status     bool   `json:"status" form:"status"`
+}
+
+type TokenResponse struct {
+	Code  int         `json:"code"`
+	Msg   string      `json:"msg"`
+	Count int         `json:"count"`
+	Data  []TokenInfo `json:"data"`
+}
+
+type OperationResponse struct {
+	Success bool   `json:"success"`
+	Code    int    `json:"code"`
+	Message string `json:"message"`
+}
+
+type ProxyResponse struct {
+	OperationResponse
+	Data string `json:"data"`
+}
+
+type TokenSearch struct {
+	TokenInfo
+	Page  int `form:"page"`
+	Limit int `form:"limit"`
+}
+
+type TokenUpdate struct {
+	Before TokenInfo `json:"before"`
+	After  TokenInfo `json:"after"`
+}
+
+type TokenRemove struct {
+	Users []TokenInfo `json:"users"`
+}
+
+type TokenDisable struct {
+	TokenRemove
+}
+
+type TokenEnable struct {
+	TokenDisable
+}
+
+func (e *HTTPError) Error() string {
+	return e.Err.Error()
+}

pkg/server/server.go

@@ -7,6 +7,8 @@ import (
 	"fmt"
 	"frps-panel/pkg/server/controller"
 	ginI18n "github.com/gin-contrib/i18n"
+	"github.com/gin-contrib/sessions"
+	"github.com/gin-contrib/sessions/cookie"
 	"github.com/gin-gonic/gin"
 	"golang.org/x/text/language"
 	"log"
@@ -22,16 +24,26 @@ import (
 type Server struct {
 	cfg     controller.HandleController
 	s       *http.Server
+	tls     TLS
 	done    chan struct{}
 	rootDir string
 }
 
-func New(rootDir string, cfg controller.HandleController) (*Server, error) {
+type TLS struct {
+	Enable   bool
+	Cert     string
+	Key      string
+	Protocol string
+}
+
+func New(rootDir string, cfg controller.HandleController, tls TLS) (*Server, error) {
 	s := &Server{
 		cfg:     cfg,
 		done:    make(chan struct{}),
 		rootDir: rootDir,
+		tls:     tls,
 	}
+
 	if err := s.init(); err != nil {
 		return nil, err
 	}
@@ -44,10 +56,32 @@ func (s *Server) Run() error {
 	if err != nil {
 		return err
 	}
-	log.Printf("HTTP server listen on %s", l.Addr().String())
+	log.Printf("%s server listen on %s", s.tls.Protocol, l.Addr().String())
 	go func() {
+		if s.tls.Enable {
+			configDir := filepath.Dir(s.cfg.ConfigFile)
+
+			cert := filepath.Join(configDir, s.tls.Cert)
+			_, err := os.Stat(cert)
+			if err != nil && !os.IsExist(err) {
+				cert = s.tls.Cert
+			}
+
+			key := filepath.Join(configDir, s.tls.Key)
+			_, err = os.Stat(key)
+			if err != nil && !os.IsExist(err) {
+				key = s.tls.Key
+			}
+
+			if err = s.s.ServeTLS(l, cert, key); !errors.Is(http.ErrServerClosed, err) {
+				log.Printf("error shutdown %s server: %v", s.tls.Protocol, err)
+				_ = s.Stop()
+			}
+		} else {
 			if err = s.s.Serve(l); !errors.Is(http.ErrServerClosed, err) {
-			log.Printf("error shutdown HTTP server: %v", err)
+				log.Printf("error shutdown %s server: %v", s.tls.Protocol, err)
+				_ = s.Stop()
+			}
 		}
 	}()
 	<-s.done
@@ -58,16 +92,17 @@ func (s *Server) Stop() error {
 	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
 	defer cancel()
 	if err := s.s.Shutdown(ctx); err != nil {
-		log.Fatalf("shutdown HTTP server error: %v", err)
+		log.Fatalf("shutdown %s server error: %v", s.tls.Protocol, err)
 	}
-	log.Printf("HTTP server exited")
+	log.Printf("%s server exited", s.tls.Protocol)
+
 	close(s.done)
 	return nil
 }
 
 func (s *Server) init() error {
 	if err := s.initHTTPServer(); err != nil {
-		log.Printf("init HTTP server error: %v", err)
+		log.Printf("init %s server error: %v", s.tls.Protocol, err)
 		return err
 	}
 	return nil
@@ -138,6 +173,15 @@ func GinI18nLocalize(rootDir string) gin.HandlerFunc {
 func (s *Server) initHTTPServer() error {
 	gin.SetMode(gin.ReleaseMode)
 	engine := gin.New()
+	authStore := cookie.NewStore([]byte("frps-panel"))
+	authStore.Options(sessions.Options{
+		Secure:   true,
+		HttpOnly: false,
+		SameSite: 4,
+		Path:     "/",
+		MaxAge:   s.cfg.CommonInfo.KeepTime,
+	})
+	engine.Use(sessions.Sessions(controller.SessionName, authStore))
 	engine.Use(GinI18nLocalize(s.rootDir))
 	s.s = &http.Server{
 		Handler: engine,