[PR #5169] [CLOSED] feat: add etcd-based multi-tenant token management with traffic reporting #5155

New issue

Closed

opened 2026-05-05 14:55:45 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 14:55:45 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/fatedier/frp/pull/5169
Author: @u-wlkjyy
Created: 2/8/2026
Status: ❌ Closed

Base: dev ← Head: dev

📝 Commits (5)

09baf7f feat: add etcd-based multi-tenant token management with traffic reporting
c06a9de docs: add etcd multi-tenant authentication section to README
feab6d5 test: add unit tests for etcd config and traffic reporter
fceb0e0 fix: resolve lint errors for CI
58f3610 fix: format files with gci for proper alignment

📊 Changes

22 files changed (+2128 additions, -100 deletions)

View changed files

📝 README.md (+64 -0)
➕ descript.md (+77 -0)
➕ doc/build.md (+184 -0)
➕ doc/etcd_multi_tenant.md (+252 -0)
➕ frpc (+0 -0)
➕ frpc_test.toml (+12 -0)
➕ frps (+0 -0)
➕ frps_test.toml (+7 -0)
📝 go.mod (+27 -13)
📝 go.sum (+93 -30)
📝 pkg/auth/auth.go (+12 -0)
➕ pkg/auth/etcd/store.go (+287 -0)
➕ pkg/auth/etcd/verifier.go (+119 -0)
➕ pkg/config/v1/etcd.go (+75 -0)
➕ pkg/config/v1/etcd_test.go (+127 -0)
📝 pkg/config/v1/server.go (+3 -0)
➕ pkg/traffic/conn.go (+99 -0)
➕ pkg/traffic/reporter.go (+222 -0)
➕ pkg/traffic/reporter_test.go (+205 -0)
📝 server/control.go (+134 -27)

...and 2 more files

📄 Description

Summary

This PR adds etcd-based multi-tenant token management for frps, enabling dynamic token configuration with per-token settings.

Features

Etcd-based multi-token authentication - Store and manage multiple tokens in etcd
Region validation - Each token has a region field, must match frps's configured region
Per-token bandwidth limiting - Configure bandwidth limits for individual tokens
Per-token port restrictions - Limit which ports each token can use (allowPorts)
Per-token max ports - Limit maximum number of ports per client (maxPortsPerClient)
Dynamic token management - Add/update/delete tokens in etcd without restarting frps
Auto disconnect - When a token is deleted or disabled, existing connections are automatically closed
Traffic reporting - Report traffic usage to an external URL at configurable intervals per token

Configuration

Server (frps.toml)

bindPort = 7000

[etcd]
endpoints = ["127.0.0.1:2379"]
region = "us-east"
prefix = "/frp/tokens/"
trafficReportUrl = "http://billing-service/api/traffic/report"

Token in etcd

{
  "token": "your-token",
  "region": "us-east",
  "allowPorts": [{"start": 8000, "end": 9000}],
  "bandwidthLimit": "10MB",
  "maxPortsPerClient": 5,
  "enabled": true,
  "trafficReportIntervalMB": 50
}

Client (frpc.toml)

No changes required - uses standard token authentication.

Traffic Report Format

POST to configured URL:

{
  "token": "xxx",
  "region": "us-east",
  "proxyName": "web",
  "trafficIn": 1048576,
  "trafficOut": 10485760,
  "timestamp": 1234567890
}

Backward Compatibility

If [etcd] is not configured, frps works as before with single token authentication
No changes required for frpc

New Files

pkg/config/v1/etcd.go - EtcdConfig and TokenConfig structures
pkg/auth/etcd/store.go - TokenStore with etcd client, caching, and watch
pkg/auth/etcd/verifier.go - MultiTokenVerifier for authentication
pkg/traffic/reporter.go - TrafficManager and TokenTrafficCounter
pkg/traffic/conn.go - CountedConn wrapper for traffic counting
doc/etcd_multi_tenant.md - Documentation

Tests

Added unit tests for pkg/config/v1/etcd_test.go
Added unit tests for pkg/traffic/reporter_test.go
All existing tests pass

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/fatedier/frp/pull/5169 **Author:** [@u-wlkjyy](https://github.com/u-wlkjyy) **Created:** 2/8/2026 **Status:** ❌ Closed **Base:** `dev` ← **Head:** `dev` --- ### 📝 Commits (5) - [`09baf7f`](https://github.com/fatedier/frp/commit/09baf7fd52049631eee73fdd0ff4d871d57f8af3) feat: add etcd-based multi-tenant token management with traffic reporting - [`c06a9de`](https://github.com/fatedier/frp/commit/c06a9de267e53d3d5f791ebb88d2043fd8e3b880) docs: add etcd multi-tenant authentication section to README - [`feab6d5`](https://github.com/fatedier/frp/commit/feab6d53b8ae3efac3dd533e0f7a7ccde9a11ddc) test: add unit tests for etcd config and traffic reporter - [`fceb0e0`](https://github.com/fatedier/frp/commit/fceb0e08b2e7439f42d9e5d46927d797c901352b) fix: resolve lint errors for CI - [`58f3610`](https://github.com/fatedier/frp/commit/58f3610150217bf9f174d94b2cd7e7c48a9e5091) fix: format files with gci for proper alignment ### 📊 Changes **22 files changed** (+2128 additions, -100 deletions) <details> <summary>View changed files</summary> 📝 `README.md` (+64 -0) ➕ `descript.md` (+77 -0) ➕ `doc/build.md` (+184 -0) ➕ `doc/etcd_multi_tenant.md` (+252 -0) ➕ `frpc` (+0 -0) ➕ `frpc_test.toml` (+12 -0) ➕ `frps` (+0 -0) ➕ `frps_test.toml` (+7 -0) 📝 `go.mod` (+27 -13) 📝 `go.sum` (+93 -30) 📝 `pkg/auth/auth.go` (+12 -0) ➕ `pkg/auth/etcd/store.go` (+287 -0) ➕ `pkg/auth/etcd/verifier.go` (+119 -0) ➕ `pkg/config/v1/etcd.go` (+75 -0) ➕ `pkg/config/v1/etcd_test.go` (+127 -0) 📝 `pkg/config/v1/server.go` (+3 -0) ➕ `pkg/traffic/conn.go` (+99 -0) ➕ `pkg/traffic/reporter.go` (+222 -0) ➕ `pkg/traffic/reporter_test.go` (+205 -0) 📝 `server/control.go` (+134 -27) _...and 2 more files_ </details> ### 📄 Description ## Summary This PR adds etcd-based multi-tenant token management for frps, enabling dynamic token configuration with per-token settings. ## Features - **Etcd-based multi-token authentication** - Store and manage multiple tokens in etcd - **Region validation** - Each token has a region field, must match frps's configured region - **Per-token bandwidth limiting** - Configure bandwidth limits for individual tokens - **Per-token port restrictions** - Limit which ports each token can use (`allowPorts`) - **Per-token max ports** - Limit maximum number of ports per client (`maxPortsPerClient`) - **Dynamic token management** - Add/update/delete tokens in etcd without restarting frps - **Auto disconnect** - When a token is deleted or disabled, existing connections are automatically closed - **Traffic reporting** - Report traffic usage to an external URL at configurable intervals per token ## Configuration ### Server (frps.toml) ```toml bindPort = 7000 [etcd] endpoints = ["127.0.0.1:2379"] region = "us-east" prefix = "/frp/tokens/" trafficReportUrl = "http://billing-service/api/traffic/report" ``` ### Token in etcd ```json { "token": "your-token", "region": "us-east", "allowPorts": [{"start": 8000, "end": 9000}], "bandwidthLimit": "10MB", "maxPortsPerClient": 5, "enabled": true, "trafficReportIntervalMB": 50 } ``` ### Client (frpc.toml) No changes required - uses standard token authentication. ## Traffic Report Format POST to configured URL: ```json { "token": "xxx", "region": "us-east", "proxyName": "web", "trafficIn": 1048576, "trafficOut": 10485760, "timestamp": 1234567890 } ``` ## Backward Compatibility - If `[etcd]` is not configured, frps works as before with single token authentication - No changes required for frpc ## New Files - `pkg/config/v1/etcd.go` - EtcdConfig and TokenConfig structures - `pkg/auth/etcd/store.go` - TokenStore with etcd client, caching, and watch - `pkg/auth/etcd/verifier.go` - MultiTokenVerifier for authentication - `pkg/traffic/reporter.go` - TrafficManager and TokenTrafficCounter - `pkg/traffic/conn.go` - CountedConn wrapper for traffic counting - `doc/etcd_multi_tenant.md` - Documentation ## Tests - Added unit tests for `pkg/config/v1/etcd_test.go` - Added unit tests for `pkg/traffic/reporter_test.go` - All existing tests pass --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>