evan/next-terminal
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

release v1.2.0

Browse Source
This commit is contained in:
dushixiang
2021-10-31 17:15:35 +08:00
parent 4665ab6f78
commit 6132a05786
173 changed files with 37928 additions and 9349 deletions
Download Patch File Download Diff File Expand all files Collapse all files

119
server/api/access_gateway.go Normal file
View File

@ -0,0 +1,119 @@
package api
import (
"strconv"
"strings"
"next-terminal/server/model"
"next-terminal/server/utils"
"github.com/labstack/echo/v4"
)
func AccessGatewayCreateEndpoint(c echo.Context) error {
var item model.AccessGateway
if err := c.Bind(&item); err != nil {
return err
}
item.ID = utils.UUID()
item.Created = utils.NowJsonTime()
if err := accessGatewayRepository.Create(&item); err != nil {
return err
}
// 连接网关
accessGatewayService.ReConnect(&item)
return Success(c, "")
}
func AccessGatewayAllEndpoint(c echo.Context) error {
gateways, err := accessGatewayRepository.FindAll()
if err != nil {
return err
}
var simpleGateways = make([]model.AccessGatewayForPage, 0)
for i := 0; i < len(gateways); i++ {
simpleGateways = append(simpleGateways, model.AccessGatewayForPage{ID: gateways[i].ID, Name: gateways[i].Name})
}
return Success(c, simpleGateways)
}
func AccessGatewayPagingEndpoint(c echo.Context) error {
pageIndex, _ := strconv.Atoi(c.QueryParam("pageIndex"))
pageSize, _ := strconv.Atoi(c.QueryParam("pageSize"))
ip := c.QueryParam("ip")
name := c.QueryParam("name")
order := c.QueryParam("order")
field := c.QueryParam("field")
items, total, err := accessGatewayRepository.Find(pageIndex, pageSize, ip, name, order, field)
if err != nil {
return err
}
for i := 0; i < len(items); i++ {
g, err := accessGatewayService.GetGatewayById(items[i].ID)
if err != nil {
return err
}
items[i].Connected = g.Connected
items[i].Message = g.Message
}
return Success(c, H{
"total": total,
"items": items,
})
}
func AccessGatewayUpdateEndpoint(c echo.Context) error {
id := c.Param("id")
var item model.AccessGateway
if err := c.Bind(&item); err != nil {
return err
}
if err := accessGatewayRepository.UpdateById(&item, id); err != nil {
return err
}
accessGatewayService.DisconnectById(id)
_, _ = accessGatewayService.GetGatewayAndReconnectById(id)
return Success(c, nil)
}
func AccessGatewayDeleteEndpoint(c echo.Context) error {
ids := c.Param("id")
split := strings.Split(ids, ",")
for i := range split {
id := split[i]
if err := accessGatewayRepository.DeleteById(id); err != nil {
return err
}
accessGatewayService.DisconnectById(id)
}
return Success(c, nil)
}
func AccessGatewayGetEndpoint(c echo.Context) error {
id := c.Param("id")
item, err := accessGatewayRepository.FindById(id)
if err != nil {
return err
}
return Success(c, item)
}
func AccessGatewayReconnectEndpoint(c echo.Context) error {
id := c.Param("id")
item, err := accessGatewayRepository.FindById(id)
if err != nil {
return err
}
accessGatewayService.ReConnect(&item)
return Success(c, "")
}

175
server/api/account.go
View File

@ -1,12 +1,15 @@
package api
import (
"path"
"strconv"
"strings"
"time"
"next-terminal/pkg/global"
"next-terminal/pkg/totp"
"next-terminal/server/config"
"next-terminal/server/global/cache"
"next-terminal/server/model"
"next-terminal/server/totp"
"next-terminal/server/utils"
"github.com/labstack/echo/v4"
@ -40,11 +43,6 @@ type Authorization struct {
User model.User
}
//
//type UserServer struct {
// repository.UserRepository
//}
func LoginEndpoint(c echo.Context) error {
var loginAccount LoginAccount
if err := c.Bind(&loginAccount); err != nil {
@ -54,25 +52,33 @@ func LoginEndpoint(c echo.Context) error {
user, err := userRepository.FindByUsername(loginAccount.Username)
// 存储登录失败次数信息
loginFailCountKey := loginAccount.Username
v, ok := global.Cache.Get(loginFailCountKey)
loginFailCountKey := c.RealIP() + loginAccount.Username
v, ok := cache.GlobalCache.Get(loginFailCountKey)
if !ok {
v = 1
}
count := v.(int)
if count >= 5 {
return Fail(c, -1, "登录失败次数过多,请后再试")
return Fail(c, -1, "登录失败次数过多,请等待5分钟后再试")
}
if err != nil {
count++
global.Cache.Set(loginFailCountKey, count, time.Minute*time.Duration(5))
cache.GlobalCache.Set(loginFailCountKey, count, time.Minute*time.Duration(5))
// 保存登录日志
if err := SaveLoginLog(c.RealIP(), c.Request().UserAgent(), loginAccount.Username, false, loginAccount.Remember, "", "账号或密码不正确"); err != nil {
return err
}
return FailWithData(c, -1, "您输入的账号或密码不正确", count)
}
if err := utils.Encoder.Match([]byte(user.Password), []byte(loginAccount.Password)); err != nil {
count++
global.Cache.Set(loginFailCountKey, count, time.Minute*time.Duration(5))
cache.GlobalCache.Set(loginFailCountKey, count, time.Minute*time.Duration(5))
// 保存登录日志
if err := SaveLoginLog(c.RealIP(), c.Request().UserAgent(), loginAccount.Username, false, loginAccount.Remember, "", "账号或密码不正确"); err != nil {
return err
}
return FailWithData(c, -1, "您输入的账号或密码不正确", count)
}
@ -80,15 +86,42 @@ func LoginEndpoint(c echo.Context) error {
return Fail(c, 0, "")
}
token, err := LoginSuccess(c, loginAccount, user)
token, err := LoginSuccess(loginAccount, user)
if err != nil {
return err
}
// 保存登录日志
if err := SaveLoginLog(c.RealIP(), c.Request().UserAgent(), loginAccount.Username, true, loginAccount.Remember, token, ""); err != nil {
return err
}
return Success(c, token)
}
func LoginSuccess(c echo.Context, loginAccount LoginAccount, user model.User) (token string, err error) {
func SaveLoginLog(clientIP, clientUserAgent string, username string, success, remember bool, id, reason string) error {
loginLog := model.LoginLog{
Username: username,
ClientIP: clientIP,
ClientUserAgent: clientUserAgent,
LoginTime: utils.NowJsonTime(),
Reason: reason,
Remember: remember,
}
if success {
loginLog.State = "1"
loginLog.ID = id
} else {
loginLog.State = "0"
loginLog.ID = utils.UUID()
}
if err := loginLogRepository.Create(&loginLog); err != nil {
return err
}
return nil
}
func LoginSuccess(loginAccount LoginAccount, user model.User) (token string, err error) {
token = strings.Join([]string{utils.UUID(), utils.UUID(), utils.UUID(), utils.UUID()}, "")
authorization := Authorization{
@ -97,45 +130,20 @@ func LoginSuccess(c echo.Context, loginAccount LoginAccount, user model.User) (t
User: user,
}
cacheKey := BuildCacheKeyByToken(token)
cacheKey := userService.BuildCacheKeyByToken(token)
if authorization.Remember {
// 记住登录有效期两周
global.Cache.Set(cacheKey, authorization, RememberEffectiveTime)
cache.GlobalCache.Set(cacheKey, authorization, RememberEffectiveTime)
} else {
global.Cache.Set(cacheKey, authorization, NotRememberEffectiveTime)
}
// 保存登录日志
loginLog := model.LoginLog{
ID: token,
UserId: user.ID,
ClientIP: c.RealIP(),
ClientUserAgent: c.Request().UserAgent(),
LoginTime: utils.NowJsonTime(),
Remember: authorization.Remember,
}
if loginLogRepository.Create(&loginLog) != nil {
return "", err
cache.GlobalCache.Set(cacheKey, authorization, NotRememberEffectiveTime)
}
// 修改登录状态
err = userRepository.Update(&model.User{Online: true, ID: user.ID})
return token, err
}
func BuildCacheKeyByToken(token string) string {
cacheKey := strings.Join([]string{Token, token}, ":")
return cacheKey
}
func GetTokenFormCacheKey(cacheKey string) string {
token := strings.Split(cacheKey, ":")[1]
return token
}
func loginWithTotpEndpoint(c echo.Context) error {
var loginAccount LoginAccount
if err := c.Bind(&loginAccount); err != nil {
@ -143,47 +151,63 @@ func loginWithTotpEndpoint(c echo.Context) error {
}
// 存储登录失败次数信息
loginFailCountKey := loginAccount.Username
v, ok := global.Cache.Get(loginFailCountKey)
loginFailCountKey := c.RealIP() + loginAccount.Username
v, ok := cache.GlobalCache.Get(loginFailCountKey)
if !ok {
v = 1
}
count := v.(int)
if count >= 5 {
return Fail(c, -1, "登录失败次数过多,请后再试")
return Fail(c, -1, "登录失败次数过多,请等待5分钟后再试")
}
user, err := userRepository.FindByUsername(loginAccount.Username)
if err != nil {
count++
global.Cache.Set(loginFailCountKey, count, time.Minute*time.Duration(5))
cache.GlobalCache.Set(loginFailCountKey, count, time.Minute*time.Duration(5))
// 保存登录日志
if err := SaveLoginLog(c.RealIP(), c.Request().UserAgent(), loginAccount.Username, false, loginAccount.Remember, "", "账号或密码不正确"); err != nil {
return err
}
return FailWithData(c, -1, "您输入的账号或密码不正确", count)
}
if err := utils.Encoder.Match([]byte(user.Password), []byte(loginAccount.Password)); err != nil {
count++
global.Cache.Set(loginFailCountKey, count, time.Minute*time.Duration(5))
cache.GlobalCache.Set(loginFailCountKey, count, time.Minute*time.Duration(5))
// 保存登录日志
if err := SaveLoginLog(c.RealIP(), c.Request().UserAgent(), loginAccount.Username, false, loginAccount.Remember, "", "账号或密码不正确"); err != nil {
return err
}
return FailWithData(c, -1, "您输入的账号或密码不正确", count)
}
if !totp.Validate(loginAccount.TOTP, user.TOTPSecret) {
count++
global.Cache.Set(loginFailCountKey, count, time.Minute*time.Duration(5))
cache.GlobalCache.Set(loginFailCountKey, count, time.Minute*time.Duration(5))
// 保存登录日志
if err := SaveLoginLog(c.RealIP(), c.Request().UserAgent(), loginAccount.Username, false, loginAccount.Remember, "", "双因素认证授权码不正确"); err != nil {
return err
}
return FailWithData(c, -1, "您输入双因素认证授权码不正确", count)
}
token, err := LoginSuccess(c, loginAccount, user)
token, err := LoginSuccess(loginAccount, user)
if err != nil {
return err
}
// 保存登录日志
if err := SaveLoginLog(c.RealIP(), c.Request().UserAgent(), loginAccount.Username, true, loginAccount.Remember, token, ""); err != nil {
return err
}
return Success(c, token)
}
func LogoutEndpoint(c echo.Context) error {
token := GetToken(c)
cacheKey := BuildCacheKeyByToken(token)
global.Cache.Delete(cacheKey)
cacheKey := userService.BuildCacheKeyByToken(token)
cache.GlobalCache.Delete(cacheKey)
err := userService.Logout(token)
if err != nil {
return err
@ -192,7 +216,7 @@ func LogoutEndpoint(c echo.Context) error {
}
func ConfirmTOTPEndpoint(c echo.Context) error {
if global.Config.Demo {
if config.GlobalCfg.Demo {
return Fail(c, 0, "演示模式禁止开启两步验证")
}
account, _ := GetCurrentAccount(c)
@ -258,7 +282,7 @@ func ResetTOTPEndpoint(c echo.Context) error {
}
func ChangePasswordEndpoint(c echo.Context) error {
if global.Config.Demo {
if config.GlobalCfg.Demo {
return Fail(c, 0, "演示模式禁止修改密码")
}
account, _ := GetCurrentAccount(c)
@ -313,3 +337,48 @@ func InfoEndpoint(c echo.Context) error {
}
return Success(c, info)
}
func AccountAssetEndpoint(c echo.Context) error {
pageIndex, _ := strconv.Atoi(c.QueryParam("pageIndex"))
pageSize, _ := strconv.Atoi(c.QueryParam("pageSize"))
name := c.QueryParam("name")
protocol := c.QueryParam("protocol")
tags := c.QueryParam("tags")
owner := c.QueryParam("owner")
sharer := c.QueryParam("sharer")
userGroupId := c.QueryParam("userGroupId")
ip := c.QueryParam("ip")
order := c.QueryParam("order")
field := c.QueryParam("field")
account, _ := GetCurrentAccount(c)
items, total, err := assetRepository.Find(pageIndex, pageSize, name, protocol, tags, account, owner, sharer, userGroupId, ip, order, field)
if err != nil {
return err
}
return Success(c, H{
"total": total,
"items": items,
})
}
func AccountStorageEndpoint(c echo.Context) error {
account, _ := GetCurrentAccount(c)
storageId := account.ID
storage, err := storageRepository.FindById(storageId)
if err != nil {
return err
}
structMap := utils.StructToMap(storage)
drivePath := storageService.GetBaseDrivePath()
dirSize, err := utils.DirSize(path.Join(drivePath, storageId))
if err != nil {
structMap["usedSize"] = -1
} else {
structMap["usedSize"] = dirSize
}
return Success(c, structMap)
}

12
server/api/api.go
View File

@ -1,8 +1,8 @@
package api
import (
"next-terminal/pkg/constant"
"next-terminal/pkg/global"
"next-terminal/server/constant"
"next-terminal/server/global/cache"
"next-terminal/server/model"
"github.com/labstack/echo/v4"
@ -41,17 +41,17 @@ func NotFound(c echo.Context, message string) error {
}
func GetToken(c echo.Context) string {
token := c.Request().Header.Get(Token)
token := c.Request().Header.Get(constant.Token)
if len(token) > 0 {
return token
}
return c.QueryParam(Token)
return c.QueryParam(constant.Token)
}
func GetCurrentAccount(c echo.Context) (model.User, bool) {
token := GetToken(c)
cacheKey := BuildCacheKeyByToken(token)
get, b := global.Cache.Get(cacheKey)
cacheKey := userService.BuildCacheKeyByToken(token)
get, b := cache.GlobalCache.Get(cacheKey)
if b {
return get.(Authorization).User, true
}

38
server/api/asset.go
View File

@ -8,8 +8,8 @@ import (
"strconv"
"strings"
"next-terminal/pkg/constant"
"next-terminal/pkg/global"
"next-terminal/server/config"
"next-terminal/server/constant"
"next-terminal/server/model"
"next-terminal/server/utils"
@ -32,6 +32,7 @@ func AssetCreateEndpoint(c echo.Context) error {
item.Owner = account.ID
item.ID = utils.UUID()
item.Created = utils.NowJsonTime()
item.Active = true
if err := assetRepository.Create(&item); err != nil {
return err
@ -41,10 +42,12 @@ func AssetCreateEndpoint(c echo.Context) error {
return err
}
// 创建后自动检测资产是否存活
go func() {
active := utils.Tcping(item.IP, item.Port)
_ = assetRepository.UpdateActiveById(active, item.ID)
active, _ := assetService.CheckStatus(item.AccessGatewayId, item.IP, item.Port)
if item.Active != active {
_ = assetRepository.UpdateActiveById(active, item.ID)
}
}()
return Success(c, item)
@ -74,7 +77,6 @@ func AssetImportEndpoint(c echo.Context) error {
if total == 0 {
return errors.New("csv数据为空")
}
var successCount = 0
var errorCount = 0
m := echo.Map{}
@ -97,6 +99,7 @@ func AssetImportEndpoint(c echo.Context) error {
Description: record[8],
Created: utils.NowJsonTime(),
Owner: account.ID,
Active: true,
}
if len(record) >= 10 {
@ -110,11 +113,6 @@ func AssetImportEndpoint(c echo.Context) error {
m[strconv.Itoa(i)] = err.Error()
} else {
successCount++
// 创建后自动检测资产是否存活
go func() {
active := utils.Tcping(asset.IP, asset.Port)
_ = assetRepository.UpdateActiveById(active, asset.ID)
}()
}
}
}
@ -141,6 +139,7 @@ func AssetPagingEndpoint(c echo.Context) error {
field := c.QueryParam("field")
account, _ := GetCurrentAccount(c)
items, total, err := assetRepository.Find(pageIndex, pageSize, name, protocol, tags, account, owner, sharer, userGroupId, ip, order, field)
if err != nil {
return err
@ -154,8 +153,7 @@ func AssetPagingEndpoint(c echo.Context) error {
func AssetAllEndpoint(c echo.Context) error {
protocol := c.QueryParam("protocol")
account, _ := GetCurrentAccount(c)
items, _ := assetRepository.FindByProtocolAndUser(protocol, account)
items, _ := assetRepository.FindByProtocol(protocol)
return Success(c, items)
}
@ -205,7 +203,7 @@ func AssetUpdateEndpoint(c echo.Context) error {
item.Description = "-"
}
if err := assetRepository.Encrypt(&item, global.Config.EncryptionPassword); err != nil {
if err := assetRepository.Encrypt(&item, config.GlobalCfg.EncryptionPassword); err != nil {
return err
}
if err := assetRepository.UpdateById(&item, id); err != nil {
@ -267,7 +265,7 @@ func AssetTcpingEndpoint(c echo.Context) (err error) {
return err
}
active := utils.Tcping(item.IP, item.Port)
active, err := assetService.CheckStatus(item.AccessGatewayId, item.IP, item.Port)
if item.Active != active {
if err := assetRepository.UpdateActiveById(active, item.ID); err != nil {
@ -275,7 +273,15 @@ func AssetTcpingEndpoint(c echo.Context) (err error) {
}
}
return Success(c, active)
var message = ""
if err != nil {
message = err.Error()
}
return Success(c, H{
"active": active,
"message": message,
})
}
func AssetTagsEndpoint(c echo.Context) (err error) {

6
server/api/command.go
View File

@ -29,6 +29,12 @@ func CommandCreateEndpoint(c echo.Context) error {
return Success(c, item)
}
func CommandAllEndpoint(c echo.Context) error {
account, _ := GetCurrentAccount(c)
items, _ := commandRepository.FindByUser(account)
return Success(c, items)
}
func CommandPagingEndpoint(c echo.Context) error {
pageIndex, _ := strconv.Atoi(c.QueryParam("pageIndex"))
pageSize, _ := strconv.Atoi(c.QueryParam("pageSize"))

10
server/api/credential.go
View File

@ -6,8 +6,8 @@ import (
"strconv"
"strings"
"next-terminal/pkg/constant"
"next-terminal/pkg/global"
"next-terminal/server/config"
"next-terminal/server/constant"
"next-terminal/server/model"
"next-terminal/server/utils"
@ -106,7 +106,7 @@ func CredentialUpdateEndpoint(c echo.Context) error {
item.Password = "-"
}
if item.Password != "-" {
encryptedCBC, err := utils.AesEncryptCBC([]byte(item.Password), global.Config.EncryptionPassword)
encryptedCBC, err := utils.AesEncryptCBC([]byte(item.Password), config.GlobalCfg.EncryptionPassword)
if err != nil {
return err
}
@ -121,7 +121,7 @@ func CredentialUpdateEndpoint(c echo.Context) error {
item.PrivateKey = "-"
}
if item.PrivateKey != "-" {
encryptedCBC, err := utils.AesEncryptCBC([]byte(item.PrivateKey), global.Config.EncryptionPassword)
encryptedCBC, err := utils.AesEncryptCBC([]byte(item.PrivateKey), config.GlobalCfg.EncryptionPassword)
if err != nil {
return err
}
@ -131,7 +131,7 @@ func CredentialUpdateEndpoint(c echo.Context) error {
item.Passphrase = "-"
}
if item.Passphrase != "-" {
encryptedCBC, err := utils.AesEncryptCBC([]byte(item.Passphrase), global.Config.EncryptionPassword)
encryptedCBC, err := utils.AesEncryptCBC([]byte(item.Passphrase), config.GlobalCfg.EncryptionPassword)
if err != nil {
return err
}

4
server/api/job.go
View File

@ -53,7 +53,7 @@ func JobUpdateEndpoint(c echo.Context) error {
return err
}
item.ID = id
if err := jobRepository.UpdateById(&item); err != nil {
if err := jobService.UpdateById(&item); err != nil {
return err
}
@ -83,7 +83,7 @@ func JobDeleteEndpoint(c echo.Context) error {
split := strings.Split(ids, ",")
for i := range split {
jobId := split[i]
if err := jobRepository.DeleteJobById(jobId); err != nil {
if err := jobService.DeleteJobById(jobId); err != nil {
return err
}
}

18
server/api/login-log.go
View File

@ -4,8 +4,8 @@ import (
"strconv"
"strings"
"next-terminal/pkg/global"
"next-terminal/pkg/log"
"next-terminal/server/global/cache"
"next-terminal/server/log"
"github.com/labstack/echo/v4"
)
@ -13,10 +13,11 @@ import (
func LoginLogPagingEndpoint(c echo.Context) error {
pageIndex, _ := strconv.Atoi(c.QueryParam("pageIndex"))
pageSize, _ := strconv.Atoi(c.QueryParam("pageSize"))
userId := c.QueryParam("userId")
username := c.QueryParam("username")
clientIp := c.QueryParam("clientIp")
state := c.QueryParam("state")
items, total, err := loginLogRepository.Find(pageIndex, pageSize, userId, clientIp)
items, total, err := loginLogRepository.Find(pageIndex, pageSize, username, clientIp, state)
if err != nil {
return err
@ -33,7 +34,7 @@ func LoginLogDeleteEndpoint(c echo.Context) error {
split := strings.Split(ids, ",")
for i := range split {
token := split[i]
global.Cache.Delete(token)
cache.GlobalCache.Delete(token)
if err := userService.Logout(token); err != nil {
log.WithError(err).Error("Cache Delete Failed")
}
@ -44,3 +45,10 @@ func LoginLogDeleteEndpoint(c echo.Context) error {
return Success(c, nil)
}
//func LoginLogClearEndpoint(c echo.Context) error {
// loginLogs, err := loginLogRepository.FindAliveLoginLogs()
// if err != nil {
// return err
// }
//}

57
server/api/middleware.go
View File

@ -3,12 +3,12 @@ package api
import (
"fmt"
"net"
"regexp"
"strings"
"time"
"next-terminal/pkg/constant"
"next-terminal/pkg/global"
"next-terminal/server/constant"
"next-terminal/server/global/cache"
"next-terminal/server/global/security"
"next-terminal/server/utils"
"github.com/labstack/echo/v4"
@ -33,27 +33,26 @@ func ErrorHandler(next echo.HandlerFunc) echo.HandlerFunc {
func TcpWall(next echo.HandlerFunc) echo.HandlerFunc {
return func(c echo.Context) error {
if global.Securities == nil {
securities := security.GlobalSecurityManager.Values()
if len(securities) == 0 {
return next(c)
}
ip := c.RealIP()
for i := 0; i < len(global.Securities); i++ {
security := global.Securities[i]
if strings.Contains(security.IP, "/") {
for _, s := range securities {
if strings.Contains(s.IP, "/") {
// CIDR
_, ipNet, err := net.ParseCIDR(security.IP)
_, ipNet, err := net.ParseCIDR(s.IP)
if err != nil {
continue
}
if !ipNet.Contains(net.ParseIP(ip)) {
continue
}
} else if strings.Contains(security.IP, "-") {
} else if strings.Contains(s.IP, "-") {
// 范围段
split := strings.Split(security.IP, "-")
split := strings.Split(s.IP, "-")
if len(split) < 2 {
continue
}
@ -65,16 +64,16 @@ func TcpWall(next echo.HandlerFunc) echo.HandlerFunc {
}
} else {
// IP
if security.IP != ip {
if s.IP != ip {
continue
}
}
if security.Rule == constant.AccessRuleAllow {
if s.Rule == constant.AccessRuleAllow {
return next(c)
}
if security.Rule == constant.AccessRuleReject {
if c.Request().Header.Get("X-Requested-With") != "" || c.Request().Header.Get(Token) != "" {
if s.Rule == constant.AccessRuleReject {
if c.Request().Header.Get("X-Requested-With") != "" || c.Request().Header.Get(constant.Token) != "" {
return Fail(c, 0, "您的访问请求被拒绝 :(")
} else {
return c.HTML(666, "您的访问请求被拒绝 :(")
@ -88,10 +87,7 @@ func TcpWall(next echo.HandlerFunc) echo.HandlerFunc {
func Auth(next echo.HandlerFunc) echo.HandlerFunc {
startWithUrls := []string{"/login", "/static", "/favicon.ico", "/logo.svg", "/asciinema"}
download := regexp.MustCompile(`^/sessions/\w{8}(-\w{4}){3}-\w{12}/download`)
recording := regexp.MustCompile(`^/sessions/\w{8}(-\w{4}){3}-\w{12}/recording`)
anonymousUrls := []string{"/login", "/static", "/favicon.ico", "/logo.svg", "/asciinema"}
return func(c echo.Context) error {
@ -100,32 +96,27 @@ func Auth(next echo.HandlerFunc) echo.HandlerFunc {
return next(c)
}
// 路由拦截 - 登录身份、资源权限判断等
for i := range startWithUrls {
if strings.HasPrefix(uri, startWithUrls[i]) {
for i := range anonymousUrls {
if strings.HasPrefix(uri, anonymousUrls[i]) {
return next(c)
}
}
if download.FindString(uri) != "" {
return next(c)
}
if recording.FindString(uri) != "" {
return next(c)
}
token := GetToken(c)
cacheKey := BuildCacheKeyByToken(token)
authorization, found := global.Cache.Get(cacheKey)
if token == "" {
return Fail(c, 401, "您的登录信息已失效,请重新登录后再试。")
}
cacheKey := userService.BuildCacheKeyByToken(token)
authorization, found := cache.GlobalCache.Get(cacheKey)
if !found {
return Fail(c, 401, "您的登录信息已失效,请重新登录后再试。")
}
if authorization.(Authorization).Remember {
// 记住登录有效期两周
global.Cache.Set(cacheKey, authorization, time.Hour*time.Duration(24*14))
cache.GlobalCache.Set(cacheKey, authorization, time.Hour*time.Duration(24*14))
} else {
global.Cache.Set(cacheKey, authorization, time.Hour*time.Duration(2))
cache.GlobalCache.Set(cacheKey, authorization, time.Hour*time.Duration(2))
}
return next(c)

17
server/api/monitor.go
View File

@ -1,17 +0,0 @@
package api
import (
"github.com/labstack/echo/v4"
)
// todo 监控
func MonitorEndpoint(c echo.Context) (err error) {
//ws, err := UpGrader.Upgrade(c.Response().Writer, c.Request(), nil)
//if err != nil {
// log.Errorf("升级为WebSocket协议失败%v", err.Error())
// return err
//}
return
}

44
server/api/overview.go
View File

@ -1,8 +1,7 @@
package api
import (
"next-terminal/pkg/constant"
"next-terminal/server/repository"
"next-terminal/server/constant"
"github.com/labstack/echo/v4"
)
@ -44,16 +43,43 @@ func OverviewCounterEndPoint(c echo.Context) error {
return Success(c, counter)
}
func OverviewSessionPoint(c echo.Context) (err error) {
d := c.QueryParam("d")
var results []repository.D
if d == "m" {
results, err = sessionRepository.CountSessionByDay(30)
func OverviewAssetEndPoint(c echo.Context) error {
account, _ := GetCurrentAccount(c)
var (
ssh int64
rdp int64
vnc int64
telnet int64
kubernetes int64
)
if constant.TypeUser == account.Type {
ssh, _ = assetRepository.CountByUserIdAndProtocol(account.ID, constant.SSH)
rdp, _ = assetRepository.CountByUserIdAndProtocol(account.ID, constant.RDP)
vnc, _ = assetRepository.CountByUserIdAndProtocol(account.ID, constant.VNC)
telnet, _ = assetRepository.CountByUserIdAndProtocol(account.ID, constant.Telnet)
kubernetes, _ = assetRepository.CountByUserIdAndProtocol(account.ID, constant.K8s)
} else {
results, err = sessionRepository.CountSessionByDay(7)
ssh, _ = assetRepository.CountByProtocol(constant.SSH)
rdp, _ = assetRepository.CountByProtocol(constant.RDP)
vnc, _ = assetRepository.CountByProtocol(constant.VNC)
telnet, _ = assetRepository.CountByProtocol(constant.Telnet)
kubernetes, _ = assetRepository.CountByProtocol(constant.K8s)
}
m := echo.Map{
"ssh": ssh,
"rdp": rdp,
"vnc": vnc,
"telnet": telnet,
"kubernetes": kubernetes,
}
return Success(c, m)
}
func OverviewAccessEndPoint(c echo.Context) error {
account, _ := GetCurrentAccount(c)
access, err := sessionRepository.OverviewAccess(account)
if err != nil {
return err
}
return Success(c, results)
return Success(c, access)
}

21
server/api/resource-sharer.go
View File

@ -7,6 +7,7 @@ import (
type RU struct {
UserGroupId string `json:"userGroupId"`
UserId string `json:"userId"`
StrategyId string `json:"strategyId"`
ResourceType string `json:"resourceType"`
ResourceIds []string `json:"resourceIds"`
}
@ -19,26 +20,16 @@ type UR struct {
func RSGetSharersEndPoint(c echo.Context) error {
resourceId := c.QueryParam("resourceId")
userIds, err := resourceSharerRepository.FindUserIdsByResourceId(resourceId)
resourceType := c.QueryParam("resourceType")
userId := c.QueryParam("userId")
userGroupId := c.QueryParam("userGroupId")
userIds, err := resourceSharerRepository.Find(resourceId, resourceType, userId, userGroupId)
if err != nil {
return err
}
return Success(c, userIds)
}
func RSOverwriteSharersEndPoint(c echo.Context) error {
var ur UR
if err := c.Bind(&ur); err != nil {
return err
}
if err := resourceSharerRepository.OverwriteUserIdsByResourceId(ur.ResourceId, ur.ResourceType, ur.UserIds); err != nil {
return err
}
return Success(c, "")
}
func ResourceRemoveByUserIdAssignEndPoint(c echo.Context) error {
var ru RU
if err := c.Bind(&ru); err != nil {
@ -58,7 +49,7 @@ func ResourceAddByUserIdAssignEndPoint(c echo.Context) error {
return err
}
if err := resourceSharerRepository.AddSharerResources(ru.UserGroupId, ru.UserId, ru.ResourceType, ru.ResourceIds); err != nil {
if err := resourceSharerRepository.AddSharerResources(ru.UserGroupId, ru.UserId, ru.StrategyId, ru.ResourceType, ru.ResourceIds); err != nil {
return err
}

216
server/api/routes.go
View File

@ -5,27 +5,23 @@ import (
"fmt"
"net/http"
"os"
"strings"
"time"
"next-terminal/pkg/global"
"next-terminal/pkg/log"
"next-terminal/pkg/service"
"next-terminal/server/config"
"next-terminal/server/global/cache"
"next-terminal/server/log"
"next-terminal/server/model"
"next-terminal/server/repository"
"next-terminal/server/service"
"next-terminal/server/utils"
"github.com/labstack/echo/v4"
"github.com/labstack/echo/v4/middleware"
"github.com/patrickmn/go-cache"
"gorm.io/driver/mysql"
"gorm.io/driver/sqlite"
"gorm.io/gorm"
"gorm.io/gorm/logger"
)
const Token = "X-Auth-Token"
var (
userRepository *repository.UserRepository
userGroupRepository *repository.UserGroupRepository
@ -35,20 +31,23 @@ var (
propertyRepository *repository.PropertyRepository
commandRepository *repository.CommandRepository
sessionRepository *repository.SessionRepository
numRepository *repository.NumRepository
accessSecurityRepository *repository.AccessSecurityRepository
accessGatewayRepository *repository.AccessGatewayRepository
jobRepository *repository.JobRepository
jobLogRepository *repository.JobLogRepository
loginLogRepository *repository.LoginLogRepository
storageRepository *repository.StorageRepository
strategyRepository *repository.StrategyRepository
jobService *service.JobService
propertyService *service.PropertyService
userService *service.UserService
sessionService *service.SessionService
mailService *service.MailService
numService *service.NumService
assetService *service.AssetService
credentialService *service.CredentialService
jobService *service.JobService
propertyService *service.PropertyService
userService *service.UserService
sessionService *service.SessionService
mailService *service.MailService
assetService *service.AssetService
credentialService *service.CredentialService
storageService *service.StorageService
accessGatewayService *service.AccessGatewayService
)
func SetupRoutes(db *gorm.DB) *echo.Echo {
@ -56,8 +55,10 @@ func SetupRoutes(db *gorm.DB) *echo.Echo {
InitRepository(db)
InitService()
cache.GlobalCache.OnEvicted(userService.OnEvicted)
if err := InitDBData(); err != nil {
log.WithError(err).Error("初始化数据异常")
log.Errorf("初始化数据异常: %v", err.Error())
os.Exit(0)
}
@ -68,13 +69,10 @@ func SetupRoutes(db *gorm.DB) *echo.Echo {
e := echo.New()
e.HideBanner = true
//e.Logger = log.GetEchoLogger()
e.Use(log.Hook())
//e.Use(log.Hook())
e.File("/", "web/build/index.html")
e.File("/asciinema.html", "web/build/asciinema.html")
e.File("/asciinema-player.js", "web/build/asciinema-player.js")
e.File("/asciinema-player.css", "web/build/asciinema-player.css")
e.File("/", "web/build/index.html")
e.File("/logo.svg", "web/build/logo.svg")
e.File("/favicon.ico", "web/build/favicon.ico")
e.Static("/static", "web/build/static")
@ -93,7 +91,7 @@ func SetupRoutes(db *gorm.DB) *echo.Echo {
e.GET("/tunnel", TunEndpoint)
e.GET("/ssh", SSHEndpoint)
e.GET("/ssh-monitor", SshMonitor)
e.POST("/logout", LogoutEndpoint)
e.POST("/change-password", ChangePasswordEndpoint)
e.GET("/reload-totp", ReloadTOTPEndpoint)
@ -101,15 +99,21 @@ func SetupRoutes(db *gorm.DB) *echo.Echo {
e.POST("/confirm-totp", ConfirmTOTPEndpoint)
e.GET("/info", InfoEndpoint)
users := e.Group("/users")
account := e.Group("/account")
{
users.POST("", Admin(UserCreateEndpoint))
account.GET("/assets", AccountAssetEndpoint)
account.GET("/storage", AccountStorageEndpoint)
}
users := e.Group("/users", Admin)
{
users.POST("", UserCreateEndpoint)
users.GET("/paging", UserPagingEndpoint)
users.PUT("/:id", Admin(UserUpdateEndpoint))
users.DELETE("/:id", Admin(UserDeleteEndpoint))
users.GET("/:id", Admin(UserGetEndpoint))
users.POST("/:id/change-password", Admin(UserChangePasswordEndpoint))
users.POST("/:id/reset-totp", Admin(UserResetTotpEndpoint))
users.PUT("/:id", UserUpdateEndpoint)
users.DELETE("/:id", UserDeleteEndpoint)
users.GET("/:id", UserGetEndpoint)
users.POST("/:id/change-password", UserChangePasswordEndpoint)
users.POST("/:id/reset-totp", UserResetTotpEndpoint)
}
userGroups := e.Group("/user-groups", Admin)
@ -119,36 +123,35 @@ func SetupRoutes(db *gorm.DB) *echo.Echo {
userGroups.PUT("/:id", UserGroupUpdateEndpoint)
userGroups.DELETE("/:id", UserGroupDeleteEndpoint)
userGroups.GET("/:id", UserGroupGetEndpoint)
//userGroups.POST("/:id/members", UserGroupAddMembersEndpoint)
//userGroups.DELETE("/:id/members/:memberId", UserGroupDelMembersEndpoint)
}
assets := e.Group("/assets")
assets := e.Group("/assets", Admin)
{
assets.GET("", AssetAllEndpoint)
assets.POST("", AssetCreateEndpoint)
assets.POST("/import", Admin(AssetImportEndpoint))
assets.POST("/import", AssetImportEndpoint)
assets.GET("/paging", AssetPagingEndpoint)
assets.POST("/:id/tcping", AssetTcpingEndpoint)
assets.PUT("/:id", AssetUpdateEndpoint)
assets.DELETE("/:id", AssetDeleteEndpoint)
assets.GET("/:id", AssetGetEndpoint)
assets.POST("/:id/change-owner", Admin(AssetChangeOwnerEndpoint))
assets.DELETE("/:id", AssetDeleteEndpoint)
assets.POST("/:id/change-owner", AssetChangeOwnerEndpoint)
}
e.GET("/tags", AssetTagsEndpoint)
commands := e.Group("/commands")
{
commands.GET("", CommandAllEndpoint)
commands.GET("/paging", CommandPagingEndpoint)
commands.POST("", CommandCreateEndpoint)
commands.PUT("/:id", CommandUpdateEndpoint)
commands.DELETE("/:id", CommandDeleteEndpoint)
commands.GET("/:id", CommandGetEndpoint)
commands.POST("/:id/change-owner", Admin(CommandChangeOwnerEndpoint))
commands.POST("/:id/change-owner", CommandChangeOwnerEndpoint, Admin)
}
credentials := e.Group("/credentials")
credentials := e.Group("/credentials", Admin)
{
credentials.GET("", CredentialAllEndpoint)
credentials.GET("/paging", CredentialPagingEndpoint)
@ -156,45 +159,54 @@ func SetupRoutes(db *gorm.DB) *echo.Echo {
credentials.PUT("/:id", CredentialUpdateEndpoint)
credentials.DELETE("/:id", CredentialDeleteEndpoint)
credentials.GET("/:id", CredentialGetEndpoint)
credentials.POST("/:id/change-owner", Admin(CredentialChangeOwnerEndpoint))
credentials.POST("/:id/change-owner", CredentialChangeOwnerEndpoint)
}
sessions := e.Group("/sessions")
{
sessions.POST("", SessionCreateEndpoint)
sessions.GET("/paging", Admin(SessionPagingEndpoint))
sessions.POST("/:id/connect", SessionConnectEndpoint)
sessions.POST("/:id/disconnect", Admin(SessionDisconnectEndpoint))
sessions.DELETE("/:id", Admin(SessionDeleteEndpoint))
sessions.GET("/:id/recording", Admin(SessionRecordingEndpoint))
sessions.GET("/:id", Admin(SessionGetEndpoint))
sessions.POST("", SessionCreateEndpoint)
sessions.POST("/:id/connect", SessionConnectEndpoint)
sessions.POST("/:id/resize", SessionResizeEndpoint)
sessions.GET("/:id/ls", SessionLsEndpoint)
sessions.GET("/:id/stats", SessionStatsEndpoint)
sessions.POST("/:id/ls", SessionLsEndpoint)
sessions.GET("/:id/download", SessionDownloadEndpoint)
sessions.POST("/:id/upload", SessionUploadEndpoint)
sessions.POST("/:id/edit", SessionEditEndpoint)
sessions.POST("/:id/mkdir", SessionMkDirEndpoint)
sessions.POST("/:id/rm", SessionRmEndpoint)
sessions.POST("/:id/rename", SessionRenameEndpoint)
sessions.DELETE("/:id", Admin(SessionDeleteEndpoint))
sessions.GET("/:id/recording", SessionRecordingEndpoint)
}
resourceSharers := e.Group("/resource-sharers")
resourceSharers := e.Group("/resource-sharers", Admin)
{
resourceSharers.GET("/sharers", RSGetSharersEndPoint)
resourceSharers.POST("/overwrite-sharers", RSOverwriteSharersEndPoint)
resourceSharers.POST("/remove-resources", Admin(ResourceRemoveByUserIdAssignEndPoint))
resourceSharers.POST("/add-resources", Admin(ResourceAddByUserIdAssignEndPoint))
resourceSharers.GET("", RSGetSharersEndPoint)
resourceSharers.POST("/remove-resources", ResourceRemoveByUserIdAssignEndPoint)
resourceSharers.POST("/add-resources", ResourceAddByUserIdAssignEndPoint)
}
loginLogs := e.Group("login-logs", Admin)
{
loginLogs.GET("/paging", LoginLogPagingEndpoint)
loginLogs.DELETE("/:id", LoginLogDeleteEndpoint)
//loginLogs.DELETE("/clear", LoginLogClearEndpoint)
}
e.GET("/properties", Admin(PropertyGetEndpoint))
e.PUT("/properties", Admin(PropertyUpdateEndpoint))
e.GET("/overview/counter", OverviewCounterEndPoint)
e.GET("/overview/sessions", OverviewSessionPoint)
overview := e.Group("overview", Admin)
{
overview.GET("/counter", OverviewCounterEndPoint)
overview.GET("/asset", OverviewAssetEndPoint)
overview.GET("/access", OverviewAccessEndPoint)
}
jobs := e.Group("/jobs", Admin)
{
@ -218,6 +230,44 @@ func SetupRoutes(db *gorm.DB) *echo.Echo {
securities.GET("/:id", SecurityGetEndpoint)
}
storages := e.Group("/storages")
{
storages.GET("/paging", StoragePagingEndpoint, Admin)
storages.POST("", StorageCreateEndpoint, Admin)
storages.DELETE("/:id", StorageDeleteEndpoint, Admin)
storages.PUT("/:id", StorageUpdateEndpoint, Admin)
storages.GET("/shares", StorageSharesEndpoint, Admin)
storages.GET("/:id", StorageGetEndpoint, Admin)
storages.POST("/:storageId/ls", StorageLsEndpoint)
storages.GET("/:storageId/download", StorageDownloadEndpoint)
storages.POST("/:storageId/upload", StorageUploadEndpoint)
storages.POST("/:storageId/mkdir", StorageMkDirEndpoint)
storages.POST("/:storageId/rm", StorageRmEndpoint)
storages.POST("/:storageId/rename", StorageRenameEndpoint)
storages.POST("/:storageId/edit", StorageEditEndpoint)
}
strategies := e.Group("/strategies", Admin)
{
strategies.GET("", StrategyAllEndpoint)
strategies.GET("/paging", StrategyPagingEndpoint)
strategies.POST("", StrategyCreateEndpoint)
strategies.DELETE("/:id", StrategyDeleteEndpoint)
strategies.PUT("/:id", StrategyUpdateEndpoint)
}
accessGateways := e.Group("/access-gateways", Admin)
{
accessGateways.GET("", AccessGatewayAllEndpoint)
accessGateways.POST("", AccessGatewayCreateEndpoint)
accessGateways.GET("/paging", AccessGatewayPagingEndpoint)
accessGateways.PUT("/:id", AccessGatewayUpdateEndpoint)
accessGateways.DELETE("/:id", AccessGatewayDeleteEndpoint)
accessGateways.GET("/:id", AccessGatewayGetEndpoint)
accessGateways.POST("/:id/reconnect", AccessGatewayReconnectEndpoint)
}
return e
}
@ -241,29 +291,32 @@ func InitRepository(db *gorm.DB) {
propertyRepository = repository.NewPropertyRepository(db)
commandRepository = repository.NewCommandRepository(db)
sessionRepository = repository.NewSessionRepository(db)
numRepository = repository.NewNumRepository(db)
accessSecurityRepository = repository.NewAccessSecurityRepository(db)
accessGatewayRepository = repository.NewAccessGatewayRepository(db)
jobRepository = repository.NewJobRepository(db)
jobLogRepository = repository.NewJobLogRepository(db)
loginLogRepository = repository.NewLoginLogRepository(db)
storageRepository = repository.NewStorageRepository(db)
strategyRepository = repository.NewStrategyRepository(db)
}
func InitService() {
jobService = service.NewJobService(jobRepository, jobLogRepository, assetRepository, credentialRepository)
propertyService = service.NewPropertyService(propertyRepository)
userService = service.NewUserService(userRepository, loginLogRepository)
sessionService = service.NewSessionService(sessionRepository)
mailService = service.NewMailService(propertyRepository)
numService = service.NewNumService(numRepository)
assetService = service.NewAssetService(assetRepository)
jobService = service.NewJobService(jobRepository, jobLogRepository, assetRepository, credentialRepository, assetService)
credentialService = service.NewCredentialService(credentialRepository)
storageService = service.NewStorageService(storageRepository, userRepository, propertyRepository)
accessGatewayService = service.NewAccessGatewayService(accessGatewayRepository)
}
func InitDBData() (err error) {
if err := propertyService.InitProperties(); err != nil {
if err := propertyService.DeleteDeprecatedProperty(); err != nil {
return err
}
if err := numService.InitNums(); err != nil {
if err := propertyService.InitProperties(); err != nil {
return err
}
if err := userService.InitUser(); err != nil {
@ -287,6 +340,12 @@ func InitDBData() (err error) {
if err := assetService.Encrypt(); err != nil {
return err
}
if err := storageService.InitStorages(); err != nil {
return err
}
if err := accessGatewayService.ReConnectAll(); err != nil {
return err
}
return nil
}
@ -368,59 +427,46 @@ func ChangeEncryptionKey(oldEncryptionKey, newEncryptionKey string) error {
return nil
}
func SetupCache() *cache.Cache {
// 配置缓存器
mCache := cache.New(5*time.Minute, 10*time.Minute)
mCache.OnEvicted(func(key string, value interface{}) {
if strings.HasPrefix(key, Token) {
token := GetTokenFormCacheKey(key)
log.Debugf("用户Token「%v」过期", token)
err := userService.Logout(token)
if err != nil {
log.Errorf("退出登录失败 %v", err)
}
}
})
return mCache
}
func SetupDB() *gorm.DB {
var logMode logger.Interface
if global.Config.Debug {
if config.GlobalCfg.Debug {
logMode = logger.Default.LogMode(logger.Info)
} else {
logMode = logger.Default.LogMode(logger.Silent)
}
fmt.Printf("当前数据库模式为:%v\n", global.Config.DB)
fmt.Printf("当前数据库模式为:%v\n", config.GlobalCfg.DB)
var err error
var db *gorm.DB
if global.Config.DB == "mysql" {
dsn := fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?charset=utf8mb4&parseTime=True&loc=Local",
global.Config.Mysql.Username,
global.Config.Mysql.Password,
global.Config.Mysql.Hostname,
global.Config.Mysql.Port,
global.Config.Mysql.Database,
if config.GlobalCfg.DB == "mysql" {
dsn := fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?charset=utf8mb4&parseTime=True&loc=Local&timeout=60s",
config.GlobalCfg.Mysql.Username,
config.GlobalCfg.Mysql.Password,
config.GlobalCfg.Mysql.Hostname,
config.GlobalCfg.Mysql.Port,
config.GlobalCfg.Mysql.Database,
)
db, err = gorm.Open(mysql.Open(dsn), &gorm.Config{
Logger: logMode,
})
} else {
db, err = gorm.Open(sqlite.Open(global.Config.Sqlite.File), &gorm.Config{
db, err = gorm.Open(sqlite.Open(config.GlobalCfg.Sqlite.File), &gorm.Config{
Logger: logMode,
})
}
if err != nil {
log.WithError(err).Panic("连接数据库异常")
log.Errorf("连接数据库异常: %v", err.Error())
os.Exit(0)
}
if err := db.AutoMigrate(&model.User{}, &model.Asset{}, &model.AssetAttribute{}, &model.Session{}, &model.Command{},
&model.Credential{}, &model.Property{}, &model.ResourceSharer{}, &model.UserGroup{}, &model.UserGroupMember{},
&model.LoginLog{}, &model.Num{}, &model.Job{}, &model.JobLog{}, &model.AccessSecurity{}); err != nil {
log.WithError(err).Panic("初始化数据库表结构异常")
&model.LoginLog{}, &model.Job{}, &model.JobLog{}, &model.AccessSecurity{}, &model.AccessGateway{},
&model.Storage{}, &model.Strategy{}); err != nil {
log.Errorf("初始化数据库表结构异常: %v", err.Error())
os.Exit(0)
}
return db
}

47
server/api/security.go
View File

@ -4,7 +4,7 @@ import (
"strconv"
"strings"
"next-terminal/pkg/global"
"next-terminal/server/global/security"
"next-terminal/server/model"
"next-terminal/server/utils"
@ -24,9 +24,14 @@ func SecurityCreateEndpoint(c echo.Context) error {
return err
}
// 更新内存中的安全规则
if err := ReloadAccessSecurity(); err != nil {
return err
rule := &security.Security{
ID: item.ID,
IP: item.IP,
Rule: item.Rule,
Priority: item.Priority,
}
security.GlobalSecurityManager.Add <- rule
return Success(c, "")
}
@ -36,15 +41,18 @@ func ReloadAccessSecurity() error {
return err
}
if len(rules) > 0 {
var securities []*global.Security
// 先清空
security.GlobalSecurityManager.Clear()
// 再添加到全局的安全管理器中
for i := 0; i < len(rules); i++ {
rule := global.Security{
IP: rules[i].IP,
Rule: rules[i].Rule,
rule := &security.Security{
ID: rules[i].ID,
IP: rules[i].IP,
Rule: rules[i].Rule,
Priority: rules[i].Priority,
}
securities = append(securities, &rule)
security.GlobalSecurityManager.Add <- rule
}
global.Securities = securities
}
return nil
}
@ -81,9 +89,15 @@ func SecurityUpdateEndpoint(c echo.Context) error {
return err
}
// 更新内存中的安全规则
if err := ReloadAccessSecurity(); err != nil {
return err
security.GlobalSecurityManager.Del <- id
rule := &security.Security{
ID: item.ID,
IP: item.IP,
Rule: item.Rule,
Priority: item.Priority,
}
security.GlobalSecurityManager.Add <- rule
return Success(c, nil)
}
@ -92,15 +106,14 @@ func SecurityDeleteEndpoint(c echo.Context) error {
split := strings.Split(ids, ",")
for i := range split {
jobId := split[i]
if err := accessSecurityRepository.DeleteById(jobId); err != nil {
id := split[i]
if err := accessSecurityRepository.DeleteById(id); err != nil {
return err
}
// 更新内存中的安全规则
security.GlobalSecurityManager.Del <- id
}
// 更新内存中的安全规则
if err := ReloadAccessSecurity(); err != nil {
return err
}
return Success(c, nil)
}

607
server/api/session.go
View File

@ -1,11 +1,11 @@
package api
import (
"bufio"
"bytes"
"errors"
"fmt"
"io"
"io/ioutil"
"net/http"
"os"
"path"
@ -13,14 +13,18 @@ import (
"strings"
"sync"
"next-terminal/pkg/constant"
"next-terminal/pkg/global"
"next-terminal/pkg/log"
"next-terminal/server/constant"
"next-terminal/server/global/session"
"next-terminal/server/guacd"
"next-terminal/server/log"
"next-terminal/server/model"
"next-terminal/server/service"
"next-terminal/server/utils"
"github.com/gorilla/websocket"
"github.com/labstack/echo/v4"
"github.com/pkg/sftp"
"gorm.io/gorm"
)
func SessionPagingEndpoint(c echo.Context) error {
@ -42,7 +46,7 @@ func SessionPagingEndpoint(c echo.Context) error {
if status == constant.Disconnected && len(items[i].Recording) > 0 {
var recording string
if items[i].Mode == constant.Naive {
if items[i].Mode == constant.Naive || items[i].Mode == constant.Terminal {
recording = items[i].Recording
} else {
recording = items[i].Recording + "/recording"
@ -78,14 +82,28 @@ func SessionDeleteEndpoint(c echo.Context) error {
func SessionConnectEndpoint(c echo.Context) error {
sessionId := c.Param("id")
session := model.Session{}
session.ID = sessionId
session.Status = constant.Connected
session.ConnectedTime = utils.NowJsonTime()
s := model.Session{}
s.ID = sessionId
s.Status = constant.Connected
s.ConnectedTime = utils.NowJsonTime()
if err := sessionRepository.UpdateById(&session, sessionId); err != nil {
if err := sessionRepository.UpdateById(&s, sessionId); err != nil {
return err
}
o, err := sessionRepository.FindById(sessionId)
if err != nil {
return err
}
asset, err := assetRepository.FindById(o.AssetId)
if err != nil {
return err
}
if !asset.Active {
asset.Active = true
_ = assetRepository.UpdateById(&asset, asset.ID)
}
return Success(c, nil)
}
@ -104,18 +122,48 @@ var mutex sync.Mutex
func CloseSessionById(sessionId string, code int, reason string) {
mutex.Lock()
defer mutex.Unlock()
observable, _ := global.Store.Get(sessionId)
if observable != nil {
log.Debugf("会话%v创建者退出,原因:%v", sessionId, reason)
observable.Subject.Close(code, reason)
nextSession := session.GlobalSessionManager.GetById(sessionId)
if nextSession != nil {
log.Debugf("[%v] 会话关闭,原因:%v", sessionId, reason)
WriteCloseMessage(nextSession.WebSocket, nextSession.Mode, code, reason)
for i := 0; i < len(observable.Observers); i++ {
observable.Observers[i].Close(code, reason)
log.Debugf("强制踢出会话%v的观察者", sessionId)
if nextSession.Observer != nil {
obs := nextSession.Observer.All()
for _, ob := range obs {
WriteCloseMessage(ob.WebSocket, ob.Mode, code, reason)
log.Debugf("[%v] 强制踢出会话的观察者: %v", sessionId, ob.ID)
}
}
}
global.Store.Del(sessionId)
session.GlobalSessionManager.Del <- sessionId
DisDBSess(sessionId, code, reason)
}
func WriteCloseMessage(ws *websocket.Conn, mode string, code int, reason string) {
switch mode {
case constant.Guacd:
if ws != nil {
err := guacd.NewInstruction("error", "", strconv.Itoa(code))
_ = ws.WriteMessage(websocket.TextMessage, []byte(err.String()))
disconnect := guacd.NewInstruction("disconnect")
_ = ws.WriteMessage(websocket.TextMessage, []byte(disconnect.String()))
}
case constant.Naive:
if ws != nil {
msg := `0` + reason
_ = ws.WriteMessage(websocket.TextMessage, []byte(msg))
}
case constant.Terminal:
// 这里是关闭观察者的ssh会话
if ws != nil {
msg := `0` + reason
_ = ws.WriteMessage(websocket.TextMessage, []byte(msg))
}
}
}
func DisDBSess(sessionId string, code int, reason string) {
s, err := sessionRepository.FindById(sessionId)
if err != nil {
return
@ -131,17 +179,17 @@ func CloseSessionById(sessionId string, code int, reason string) {
return
}
session := model.Session{}
session.ID = sessionId
session.Status = constant.Disconnected
session.DisconnectedTime = utils.NowJsonTime()
session.Code = code
session.Message = reason
session.Password = "-"
session.PrivateKey = "-"
session.Passphrase = "-"
ss := model.Session{}
ss.ID = sessionId
ss.Status = constant.Disconnected
ss.DisconnectedTime = utils.NowJsonTime()
ss.Code = code
ss.Message = reason
ss.Password = "-"
ss.PrivateKey = "-"
ss.Passphrase = "-"
_ = sessionRepository.UpdateById(&session, sessionId)
_ = sessionRepository.UpdateById(&ss, sessionId)
}
func SessionResizeEndpoint(c echo.Context) error {
@ -150,11 +198,10 @@ func SessionResizeEndpoint(c echo.Context) error {
sessionId := c.Param("id")
if len(width) == 0 || len(height) == 0 {
panic("参数异常")
return errors.New("参数异常")
}
intWidth, _ := strconv.Atoi(width)
intHeight, _ := strconv.Atoi(height)
if err := sessionRepository.UpdateWindowSizeById(intWidth, intHeight, sessionId); err != nil {
@ -175,37 +222,83 @@ func SessionCreateEndpoint(c echo.Context) error {
user, _ := GetCurrentAccount(c)
if constant.TypeUser == user.Type {
// 检测是否有访问权限
assetIds, err := resourceSharerRepository.FindAssetIdsByUserId(user.ID)
if err != nil {
return err
}
if !utils.Contains(assetIds, assetId) {
return errors.New("您没有权限访问此资产")
}
}
asset, err := assetRepository.FindById(assetId)
if err != nil {
return err
}
session := &model.Session{
ID: utils.UUID(),
AssetId: asset.ID,
Username: asset.Username,
Password: asset.Password,
PrivateKey: asset.PrivateKey,
Passphrase: asset.Passphrase,
Protocol: asset.Protocol,
IP: asset.IP,
Port: asset.Port,
Status: constant.NoConnect,
Creator: user.ID,
ClientIP: c.RealIP(),
Mode: mode,
var (
upload = "1"
download = "1"
_delete = "1"
rename = "1"
edit = "1"
fileSystem = "1"
)
if asset.Owner != user.ID && constant.TypeUser == user.Type {
// 普通用户访问非自己创建的资产需要校验权限
resourceSharers, err := resourceSharerRepository.FindByResourceIdAndUserId(assetId, user.ID)
if err != nil {
return err
}
if len(resourceSharers) == 0 {
return errors.New("您没有权限访问此资产")
}
strategyId := resourceSharers[0].StrategyId
if strategyId != "" {
strategy, err := strategyRepository.FindById(strategyId)
if err != nil {
if !errors.Is(gorm.ErrRecordNotFound, err) {
return err
}
} else {
upload = strategy.Upload
download = strategy.Download
_delete = strategy.Delete
rename = strategy.Rename
edit = strategy.Edit
}
}
}
var storageId = ""
if constant.RDP == asset.Protocol {
attr, err := assetRepository.FindAssetAttrMapByAssetId(assetId)
if err != nil {
return err
}
if "true" == attr[guacd.EnableDrive] {
fileSystem = "1"
storageId = attr[guacd.DrivePath]
if storageId == "" {
storageId = user.ID
}
} else {
fileSystem = "0"
}
}
s := &model.Session{
ID: utils.UUID(),
AssetId: asset.ID,
Username: asset.Username,
Password: asset.Password,
PrivateKey: asset.PrivateKey,
Passphrase: asset.Passphrase,
Protocol: asset.Protocol,
IP: asset.IP,
Port: asset.Port,
Status: constant.NoConnect,
Creator: user.ID,
ClientIP: c.RealIP(),
Mode: mode,
Upload: upload,
Download: download,
Delete: _delete,
Rename: rename,
Edit: edit,
StorageId: storageId,
AccessGatewayId: asset.AccessGatewayId,
}
if asset.AccountType == "credential" {
@ -215,28 +308,41 @@ func SessionCreateEndpoint(c echo.Context) error {
}
if credential.Type == constant.Custom {
session.Username = credential.Username
session.Password = credential.Password
s.Username = credential.Username
s.Password = credential.Password
} else {
session.Username = credential.Username
session.PrivateKey = credential.PrivateKey
session.Passphrase = credential.Passphrase
s.Username = credential.Username
s.PrivateKey = credential.PrivateKey
s.Passphrase = credential.Passphrase
}
}
if err := sessionRepository.Create(session); err != nil {
if err := sessionRepository.Create(s); err != nil {
return err
}
return Success(c, echo.Map{"id": session.ID})
return Success(c, echo.Map{
"id": s.ID,
"upload": s.Upload,
"download": s.Download,
"delete": s.Delete,
"rename": s.Rename,
"edit": s.Edit,
"storageId": s.StorageId,
"fileSystem": fileSystem,
})
}
func SessionUploadEndpoint(c echo.Context) error {
sessionId := c.Param("id")
session, err := sessionRepository.FindById(sessionId)
s, err := sessionRepository.FindById(sessionId)
if err != nil {
return err
}
if s.Upload != "1" {
return errors.New("禁止操作")
}
file, err := c.FormFile("file")
if err != nil {
return err
@ -251,77 +357,94 @@ func SessionUploadEndpoint(c echo.Context) error {
remoteDir := c.QueryParam("dir")
remoteFile := path.Join(remoteDir, filename)
if "ssh" == session.Protocol {
tun, ok := global.Store.Get(sessionId)
if !ok {
return errors.New("获取sftp客户端失败")
if "ssh" == s.Protocol {
nextSession := session.GlobalSessionManager.GetById(sessionId)
if nextSession == nil {
return errors.New("获取会话失败")
}
dstFile, err := tun.Subject.NextTerminal.SftpClient.Create(remoteFile)
sftpClient := nextSession.NextTerminal.SftpClient
// 文件夹不存在时自动创建文件夹
if _, err := sftpClient.Stat(remoteDir); os.IsNotExist(err) {
if err := sftpClient.MkdirAll(remoteDir); err != nil {
return err
}
}
dstFile, err := sftpClient.Create(remoteFile)
if err != nil {
return err
}
defer dstFile.Close()
buf := make([]byte, 1024)
for {
n, err := src.Read(buf)
if err != nil {
if err != io.EOF {
log.Warnf("文件上传错误 %v", err)
} else {
break
}
}
_, _ = dstFile.Write(buf[:n])
}
return Success(c, nil)
} else if "rdp" == session.Protocol {
if strings.Contains(remoteFile, "../") {
SafetyRuleTrigger(c)
return Fail(c, -1, ":) 您的IP已被记录请去向管理员自首。")
}
drivePath, err := propertyRepository.GetDrivePath()
if err != nil {
return err
}
// Destination
dst, err := os.Create(path.Join(drivePath, remoteFile))
if err != nil {
return err
}
defer dst.Close()
// Copy
if _, err = io.Copy(dst, src); err != nil {
if _, err = io.Copy(dstFile, src); err != nil {
return err
}
return Success(c, nil)
} else if "rdp" == s.Protocol {
return StorageUpload(c, file, s.StorageId)
}
return err
}
func SessionDownloadEndpoint(c echo.Context) error {
func SessionEditEndpoint(c echo.Context) error {
sessionId := c.Param("id")
session, err := sessionRepository.FindById(sessionId)
s, err := sessionRepository.FindById(sessionId)
if err != nil {
return err
}
//remoteDir := c.Query("dir")
if s.Edit != "1" {
return errors.New("禁止操作")
}
file := c.FormValue("file")
fileContent := c.FormValue("fileContent")
if "ssh" == s.Protocol {
nextSession := session.GlobalSessionManager.GetById(sessionId)
if nextSession == nil {
return errors.New("获取会话失败")
}
sftpClient := nextSession.NextTerminal.SftpClient
dstFile, err := sftpClient.OpenFile(file, os.O_WRONLY|os.O_CREATE|os.O_TRUNC)
if err != nil {
return err
}
defer dstFile.Close()
write := bufio.NewWriter(dstFile)
if _, err := write.WriteString(fileContent); err != nil {
return err
}
if err := write.Flush(); err != nil {
return err
}
return Success(c, nil)
} else if "rdp" == s.Protocol {
return StorageEdit(c, file, fileContent, s.StorageId)
}
return err
}
func SessionDownloadEndpoint(c echo.Context) error {
sessionId := c.Param("id")
s, err := sessionRepository.FindById(sessionId)
if err != nil {
return err
}
if s.Download != "1" {
return errors.New("禁止操作")
}
remoteFile := c.QueryParam("file")
// 获取带后缀的文件名称
filenameWithSuffix := path.Base(remoteFile)
if "ssh" == session.Protocol {
tun, ok := global.Store.Get(sessionId)
if !ok {
return errors.New("获取sftp客户端失败")
if "ssh" == s.Protocol {
nextSession := session.GlobalSessionManager.GetById(sessionId)
if nextSession == nil {
return errors.New("获取会话失败")
}
dstFile, err := tun.Subject.NextTerminal.SftpClient.Open(remoteFile)
dstFile, err := nextSession.NextTerminal.SftpClient.Open(remoteFile)
if err != nil {
return err
}
@ -335,105 +458,51 @@ func SessionDownloadEndpoint(c echo.Context) error {
}
return c.Stream(http.StatusOK, echo.MIMEOctetStream, bytes.NewReader(buff.Bytes()))
} else if "rdp" == session.Protocol {
if strings.Contains(remoteFile, "../") {
SafetyRuleTrigger(c)
return Fail(c, -1, ":) 您的IP已被记录请去向管理员自首。")
}
drivePath, err := propertyRepository.GetDrivePath()
if err != nil {
return err
}
return c.Attachment(path.Join(drivePath, remoteFile), filenameWithSuffix)
} else if "rdp" == s.Protocol {
storageId := s.StorageId
return StorageDownload(c, remoteFile, storageId)
}
return err
}
type File struct {
Name string `json:"name"`
Path string `json:"path"`
IsDir bool `json:"isDir"`
Mode string `json:"mode"`
IsLink bool `json:"isLink"`
ModTime utils.JsonTime `json:"modTime"`
Size int64 `json:"size"`
}
func SessionLsEndpoint(c echo.Context) error {
sessionId := c.Param("id")
session, err := sessionRepository.FindByIdAndDecrypt(sessionId)
s, err := sessionRepository.FindByIdAndDecrypt(sessionId)
if err != nil {
return err
}
remoteDir := c.QueryParam("dir")
if "ssh" == session.Protocol {
tun, ok := global.Store.Get(sessionId)
if !ok {
return errors.New("获取sftp客户端失败")
remoteDir := c.FormValue("dir")
if "ssh" == s.Protocol {
nextSession := session.GlobalSessionManager.GetById(sessionId)
if nextSession == nil {
return errors.New("获取会话失败")
}
if tun.Subject.NextTerminal == nil {
nextTerminal, err := CreateNextTerminalBySession(session)
if err != nil {
return err
}
tun.Subject.NextTerminal = nextTerminal
}
if tun.Subject.NextTerminal.SftpClient == nil {
sftpClient, err := sftp.NewClient(tun.Subject.NextTerminal.SshClient)
if nextSession.NextTerminal.SftpClient == nil {
sftpClient, err := sftp.NewClient(nextSession.NextTerminal.SshClient)
if err != nil {
log.Errorf("创建sftp客户端失败%v", err.Error())
return err
}
tun.Subject.NextTerminal.SftpClient = sftpClient
nextSession.NextTerminal.SftpClient = sftpClient
}
fileInfos, err := tun.Subject.NextTerminal.SftpClient.ReadDir(remoteDir)
fileInfos, err := nextSession.NextTerminal.SftpClient.ReadDir(remoteDir)
if err != nil {
return err
}
var files = make([]File, 0)
var files = make([]service.File, 0)
for i := range fileInfos {
// 忽略因此文件
// 忽略隐藏文件
if strings.HasPrefix(fileInfos[i].Name(), ".") {
continue
}
file := File{
Name: fileInfos[i].Name(),
Path: path.Join(remoteDir, fileInfos[i].Name()),
IsDir: fileInfos[i].IsDir(),
Mode: fileInfos[i].Mode().String(),
IsLink: fileInfos[i].Mode()&os.ModeSymlink == os.ModeSymlink,
ModTime: utils.NewJsonTime(fileInfos[i].ModTime()),
Size: fileInfos[i].Size(),
}
files = append(files, file)
}
return Success(c, files)
} else if "rdp" == session.Protocol {
if strings.Contains(remoteDir, "../") {
SafetyRuleTrigger(c)
return Fail(c, -1, ":) 您的IP已被记录请去向管理员自首。")
}
drivePath, err := propertyRepository.GetDrivePath()
if err != nil {
return err
}
fileInfos, err := ioutil.ReadDir(path.Join(drivePath, remoteDir))
if err != nil {
return err
}
var files = make([]File, 0)
for i := range fileInfos {
file := File{
file := service.File{
Name: fileInfos[i].Name(),
Path: path.Join(remoteDir, fileInfos[i].Name()),
IsDir: fileInfos[i].IsDir(),
@ -447,115 +516,87 @@ func SessionLsEndpoint(c echo.Context) error {
}
return Success(c, files)
} else if "rdp" == s.Protocol {
storageId := s.StorageId
return StorageLs(c, remoteDir, storageId)
}
return errors.New("当前协议不支持此操作")
}
func SafetyRuleTrigger(c echo.Context) {
log.Warnf("IP %v 尝试进行攻击请ban掉此IP", c.RealIP())
security := model.AccessSecurity{
ID: utils.UUID(),
Source: "安全规则触发",
IP: c.RealIP(),
Rule: constant.AccessRuleReject,
}
_ = accessSecurityRepository.Create(&security)
}
func SessionMkDirEndpoint(c echo.Context) error {
sessionId := c.Param("id")
session, err := sessionRepository.FindById(sessionId)
s, err := sessionRepository.FindById(sessionId)
if err != nil {
return err
}
remoteDir := c.QueryParam("dir")
if "ssh" == session.Protocol {
tun, ok := global.Store.Get(sessionId)
if !ok {
return errors.New("获取sftp客户端失败")
}
if err := tun.Subject.NextTerminal.SftpClient.Mkdir(remoteDir); err != nil {
return err
}
return Success(c, nil)
} else if "rdp" == session.Protocol {
if strings.Contains(remoteDir, "../") {
SafetyRuleTrigger(c)
return Fail(c, -1, ":) 您的IP已被记录请去向管理员自首。")
}
drivePath, err := propertyRepository.GetDrivePath()
if err != nil {
return err
}
if err := os.MkdirAll(path.Join(drivePath, remoteDir), os.ModePerm); err != nil {
return err
}
return Success(c, nil)
if s.Upload != "1" {
return errors.New("禁止操作")
}
remoteDir := c.QueryParam("dir")
if "ssh" == s.Protocol {
nextSession := session.GlobalSessionManager.GetById(sessionId)
if nextSession == nil {
return errors.New("获取会话失败")
}
if err := nextSession.NextTerminal.SftpClient.Mkdir(remoteDir); err != nil {
return err
}
return Success(c, nil)
} else if "rdp" == s.Protocol {
return StorageMkDir(c, remoteDir, s.StorageId)
}
return errors.New("当前协议不支持此操作")
}
func SessionRmEndpoint(c echo.Context) error {
sessionId := c.Param("id")
session, err := sessionRepository.FindById(sessionId)
s, err := sessionRepository.FindById(sessionId)
if err != nil {
return err
}
key := c.QueryParam("key")
if "ssh" == session.Protocol {
tun, ok := global.Store.Get(sessionId)
if !ok {
return errors.New("获取sftp客户端失败")
if s.Delete != "1" {
return errors.New("禁止操作")
}
// 文件夹或者文件
file := c.FormValue("file")
if "ssh" == s.Protocol {
nextSession := session.GlobalSessionManager.GetById(sessionId)
if nextSession == nil {
return errors.New("获取会话失败")
}
sftpClient := tun.Subject.NextTerminal.SftpClient
sftpClient := nextSession.NextTerminal.SftpClient
stat, err := sftpClient.Stat(key)
stat, err := sftpClient.Stat(file)
if err != nil {
return err
}
if stat.IsDir() {
fileInfos, err := sftpClient.ReadDir(key)
fileInfos, err := sftpClient.ReadDir(file)
if err != nil {
return err
}
for i := range fileInfos {
if err := sftpClient.Remove(path.Join(key, fileInfos[i].Name())); err != nil {
if err := sftpClient.Remove(path.Join(file, fileInfos[i].Name())); err != nil {
return err
}
}
if err := sftpClient.RemoveDirectory(key); err != nil {
if err := sftpClient.RemoveDirectory(file); err != nil {
return err
}
} else {
if err := sftpClient.Remove(key); err != nil {
if err := sftpClient.Remove(file); err != nil {
return err
}
}
return Success(c, nil)
} else if "rdp" == session.Protocol {
if strings.Contains(key, "../") {
SafetyRuleTrigger(c)
return Fail(c, -1, ":) 您的IP已被记录请去向管理员自首。")
}
drivePath, err := propertyRepository.GetDrivePath()
if err != nil {
return err
}
if err := os.RemoveAll(path.Join(drivePath, key)); err != nil {
return err
}
return Success(c, nil)
} else if "rdp" == s.Protocol {
return StorageRm(c, file, s.StorageId)
}
return errors.New("当前协议不支持此操作")
@ -563,58 +604,80 @@ func SessionRmEndpoint(c echo.Context) error {
func SessionRenameEndpoint(c echo.Context) error {
sessionId := c.Param("id")
session, err := sessionRepository.FindById(sessionId)
s, err := sessionRepository.FindById(sessionId)
if err != nil {
return err
}
if s.Rename != "1" {
return errors.New("禁止操作")
}
oldName := c.QueryParam("oldName")
newName := c.QueryParam("newName")
if "ssh" == session.Protocol {
tun, ok := global.Store.Get(sessionId)
if !ok {
return errors.New("获取sftp客户端失败")
if "ssh" == s.Protocol {
nextSession := session.GlobalSessionManager.GetById(sessionId)
if nextSession == nil {
return errors.New("获取会话失败")
}
sftpClient := tun.Subject.NextTerminal.SftpClient
sftpClient := nextSession.NextTerminal.SftpClient
if err := sftpClient.Rename(oldName, newName); err != nil {
return err
}
return Success(c, nil)
} else if "rdp" == session.Protocol {
if strings.Contains(oldName, "../") {
SafetyRuleTrigger(c)
return Fail(c, -1, ":) 您的IP已被记录请去向管理员自首。")
}
drivePath, err := propertyRepository.GetDrivePath()
if err != nil {
return err
}
if err := os.Rename(path.Join(drivePath, oldName), path.Join(drivePath, newName)); err != nil {
return err
}
return Success(c, nil)
} else if "rdp" == s.Protocol {
return StorageRename(c, oldName, newName, s.StorageId)
}
return errors.New("当前协议不支持此操作")
}
func SessionRecordingEndpoint(c echo.Context) error {
sessionId := c.Param("id")
session, err := sessionRepository.FindById(sessionId)
s, err := sessionRepository.FindById(sessionId)
if err != nil {
return err
}
var recording string
if session.Mode == constant.Naive {
recording = session.Recording
if s.Mode == constant.Naive || s.Mode == constant.Terminal {
recording = s.Recording
} else {
recording = session.Recording + "/recording"
recording = s.Recording + "/recording"
}
log.Debugf("读取录屏文件:%v,是否存在: %v, 是否为文件: %v", recording, utils.FileExists(recording), utils.IsFile(recording))
return c.File(recording)
}
func SessionGetEndpoint(c echo.Context) error {
sessionId := c.Param("id")
s, err := sessionRepository.FindById(sessionId)
if err != nil {
return err
}
return Success(c, s)
}
func SessionStatsEndpoint(c echo.Context) error {
sessionId := c.Param("id")
s, err := sessionRepository.FindByIdAndDecrypt(sessionId)
if err != nil {
return err
}
if "ssh" != s.Protocol {
return Fail(c, -1, "不支持当前协议")
}
nextSession := session.GlobalSessionManager.GetById(sessionId)
if nextSession == nil {
return errors.New("获取会话失败")
}
sshClient := nextSession.NextTerminal.SshClient
stats, err := GetAllStats(sshClient)
if err != nil {
return err
}
return Success(c, stats)
}

433
server/api/ssh.go
View File

@ -1,18 +1,23 @@
package api
import (
"context"
"encoding/base64"
"encoding/json"
"errors"
"net/http"
"path"
"strconv"
"time"
"unicode/utf8"
"next-terminal/pkg/constant"
"next-terminal/pkg/global"
"next-terminal/pkg/guacd"
"next-terminal/pkg/log"
"next-terminal/pkg/term"
"next-terminal/server/config"
"next-terminal/server/constant"
"next-terminal/server/global/session"
"next-terminal/server/guacd"
"next-terminal/server/log"
"next-terminal/server/model"
"next-terminal/server/term"
"next-terminal/server/utils"
"github.com/gorilla/websocket"
@ -27,17 +32,44 @@ var UpGrader = websocket.Upgrader{
}
const (
Connected = "connected"
Data = "data"
Resize = "resize"
Closed = "closed"
Closed = 0
Connected = 1
Data = 2
Resize = 3
Ping = 4
)
type Message struct {
Type string `json:"type"`
Type int `json:"type"`
Content string `json:"content"`
}
func (r Message) ToString() string {
if r.Content != "" {
return strconv.Itoa(r.Type) + r.Content
} else {
return strconv.Itoa(r.Type)
}
}
func NewMessage(_type int, content string) Message {
return Message{Content: content, Type: _type}
}
func ParseMessage(value string) (message Message, err error) {
if value == "" {
return
}
_type, err := strconv.Atoi(value[:1])
if err != nil {
return
}
var content = value[1:]
message = NewMessage(_type, content)
return
}
type WindowSize struct {
Cols int `json:"cols"`
Rows int `json:"rows"`
@ -50,92 +82,73 @@ func SSHEndpoint(c echo.Context) (err error) {
return err
}
defer ws.Close()
sessionId := c.QueryParam("sessionId")
cols, _ := strconv.Atoi(c.QueryParam("cols"))
rows, _ := strconv.Atoi(c.QueryParam("rows"))
session, err := sessionRepository.FindByIdAndDecrypt(sessionId)
s, err := sessionRepository.FindByIdAndDecrypt(sessionId)
if err != nil {
msg := Message{
Type: Closed,
Content: "get sshSession error." + err.Error(),
}
_ = WriteMessage(ws, msg)
return err
return WriteMessage(ws, NewMessage(Closed, "获取会话失败"))
}
user, _ := GetCurrentAccount(c)
if constant.TypeUser == user.Type {
// 检测是否有访问权限
assetIds, err := resourceSharerRepository.FindAssetIdsByUserId(user.ID)
if err != nil {
return err
}
if !utils.Contains(assetIds, session.AssetId) {
msg := Message{
Type: Closed,
Content: "您没有权限访问此资产",
}
return WriteMessage(ws, msg)
}
if err := permissionCheck(c, s.AssetId); err != nil {
return WriteMessage(ws, NewMessage(Closed, err.Error()))
}
var (
username = session.Username
password = session.Password
privateKey = session.PrivateKey
passphrase = session.Passphrase
ip = session.IP
port = session.Port
username = s.Username
password = s.Password
privateKey = s.PrivateKey
passphrase = s.Passphrase
ip = s.IP
port = s.Port
)
recording := ""
propertyMap := propertyRepository.FindAllMap()
if propertyMap[guacd.EnableRecording] == "true" {
recording = path.Join(propertyMap[guacd.RecordingPath], sessionId, "recording.cast")
}
tun := global.Tun{
Protocol: session.Protocol,
Mode: session.Mode,
WebSocket: ws,
}
if session.ConnectionId != "" {
// 监控会话
observable, ok := global.Store.Get(sessionId)
if ok {
observers := append(observable.Observers, tun)
observable.Observers = observers
global.Store.Set(sessionId, observable)
log.Debugf("加入会话%v,当前观察者数量为:%v", session.ConnectionId, len(observers))
if s.AccessGatewayId != "" && s.AccessGatewayId != "-" {
g, err := accessGatewayService.GetGatewayAndReconnectById(s.AccessGatewayId)
if err != nil {
return WriteMessage(ws, NewMessage(Closed, "获取接入网关失败:"+err.Error()))
}
return err
if !g.Connected {
return WriteMessage(ws, NewMessage(Closed, "接入网关不可用:"+g.Message))
}
exposedIP, exposedPort, err := g.OpenSshTunnel(s.ID, ip, port)
if err != nil {
return WriteMessage(ws, NewMessage(Closed, "创建隧道失败:"+err.Error()))
}
defer g.CloseSshTunnel(s.ID)
ip = exposedIP
port = exposedPort
}
nextTerminal, err := term.NewNextTerminal(ip, port, username, password, privateKey, passphrase, rows, cols, recording)
recording := ""
var isRecording = false
property, err := propertyRepository.FindByName(guacd.EnableRecording)
if err == nil && property.Value == "true" {
isRecording = true
}
if isRecording {
recording = path.Join(config.GlobalCfg.Guacd.Recording, sessionId, "recording.cast")
}
var xterm = "xterm-256color"
nextTerminal, err := term.NewNextTerminal(ip, port, username, password, privateKey, passphrase, rows, cols, recording, xterm, true)
if err != nil {
log.Errorf("创建SSH客户端失败%v", err.Error())
msg := Message{
Type: Closed,
Content: err.Error(),
}
err := WriteMessage(ws, msg)
return WriteMessage(ws, NewMessage(Closed, "创建SSH客户端失败"+err.Error()))
}
if err := nextTerminal.RequestPty(xterm, rows, cols); err != nil {
return err
}
tun.NextTerminal = nextTerminal
var observers []global.Tun
observable := global.Observable{
Subject: &tun,
Observers: observers,
if err := nextTerminal.Shell(); err != nil {
return err
}
global.Store.Set(sessionId, &observable)
sess := model.Session{
ConnectionId: sessionId,
Width: cols,
@ -149,106 +162,209 @@ func SSHEndpoint(c echo.Context) (err error) {
return err
}
msg := Message{
Type: Connected,
Content: "",
if err := WriteMessage(ws, NewMessage(Connected, "")); err != nil {
return err
}
_ = WriteMessage(ws, msg)
quitChan := make(chan bool)
nextSession := &session.Session{
ID: s.ID,
Protocol: s.Protocol,
Mode: s.Mode,
WebSocket: ws,
GuacdTunnel: nil,
NextTerminal: nextTerminal,
Observer: session.NewObserver(s.ID),
}
go nextSession.Observer.Run()
session.GlobalSessionManager.Add <- nextSession
go ReadMessage(nextTerminal, quitChan, ws)
ctx, cancel := context.WithCancel(context.Background())
tick := time.NewTicker(time.Millisecond * time.Duration(60))
defer tick.Stop()
var buf []byte
dataChan := make(chan rune)
go func() {
SshLoop:
for {
select {
case <-ctx.Done():
log.Debugf("WebSocket已关闭即将关闭SSH连接...")
break SshLoop
default:
r, size, err := nextTerminal.StdoutReader.ReadRune()
if err != nil {
log.Debugf("SSH 读取失败,即将退出循环...")
_ = WriteMessage(ws, NewMessage(Closed, ""))
break SshLoop
}
if size > 0 {
dataChan <- r
}
}
}
log.Debugf("SSH 连接已关闭,退出循环。")
}()
go func() {
tickLoop:
for {
select {
case <-ctx.Done():
break tickLoop
case <-tick.C:
if len(buf) > 0 {
s := string(buf)
// 录屏
if isRecording {
_ = nextTerminal.Recorder.WriteData(s)
}
// 监控
if len(nextSession.Observer.All()) > 0 {
obs := nextSession.Observer.All()
for _, ob := range obs {
_ = WriteMessage(ob.WebSocket, NewMessage(Data, s))
}
}
if err := WriteMessage(ws, NewMessage(Data, s)); err != nil {
log.Debugf("WebSocket写入失败即将退出循环...")
cancel()
}
buf = []byte{}
}
case data := <-dataChan:
if data != utf8.RuneError {
p := make([]byte, utf8.RuneLen(data))
utf8.EncodeRune(p, data)
buf = append(buf, p...)
} else {
buf = append(buf, []byte("@")...)
}
}
}
log.Debugf("SSH 连接已关闭,退出定时器循环。")
}()
//var enterKeys []rune
//enterIndex := 0
for {
_, message, err := ws.ReadMessage()
if err != nil {
// web socket会话关闭后主动关闭ssh会话
CloseSessionById(sessionId, Normal, "正常退出")
quitChan <- true
quitChan <- true
log.Debugf("WebSocket已关闭")
CloseSessionById(sessionId, Normal, "用户正常退出")
cancel()
break
}
var msg Message
err = json.Unmarshal(message, &msg)
msg, err := ParseMessage(string(message))
if err != nil {
log.Warnf("解析Json失败: %v, 原始字符串:%v", err, string(message))
log.Warnf("消息解码失败: %v, 原始字符串:%v", err, string(message))
continue
}
switch msg.Type {
case Resize:
var winSize WindowSize
err = json.Unmarshal([]byte(msg.Content), &winSize)
decodeString, err := base64.StdEncoding.DecodeString(msg.Content)
if err != nil {
log.Warnf("解析SSH会话窗口大小失败: %v", err)
log.Warnf("Base64解码失败: %v原始字符串%v", err, msg.Content)
continue
}
var winSize WindowSize
err = json.Unmarshal(decodeString, &winSize)
if err != nil {
log.Warnf("解析SSH会话窗口大小失败: %v原始字符串%v", err, msg.Content)
continue
}
if err := nextTerminal.WindowChange(winSize.Rows, winSize.Cols); err != nil {
log.Warnf("更改SSH会话窗口大小失败: %v", err)
continue
}
_ = sessionRepository.UpdateWindowSizeById(winSize.Rows, winSize.Cols, sessionId)
case Data:
_, err = nextTerminal.Write([]byte(msg.Content))
input := []byte(msg.Content)
//hexInput := hex.EncodeToString(input)
//switch hexInput {
//case "0d": // 回车
// DealCommand(enterKeys)
// // 清空输入的字符
// enterKeys = enterKeys[:0]
// enterIndex = 0
//case "7f": // backspace
// enterIndex--
// if enterIndex < 0 {
// enterIndex = 0
// }
// temp := enterKeys[:enterIndex]
// if len(enterKeys) > enterIndex {
// enterKeys = append(temp, enterKeys[enterIndex+1:]...)
// } else {
// enterKeys = temp
// }
//case "1b5b337e": // del
// temp := enterKeys[:enterIndex]
// if len(enterKeys) > enterIndex {
// enterKeys = append(temp, enterKeys[enterIndex+1:]...)
// } else {
// enterKeys = temp
// }
// enterIndex--
// if enterIndex < 0 {
// enterIndex = 0
// }
//case "1b5b41":
//case "1b5b42":
// break
//case "1b5b43": // ->
// enterIndex++
// if enterIndex > len(enterKeys) {
// enterIndex = len(enterKeys)
// }
//case "1b5b44": // <-
// enterIndex--
// if enterIndex < 0 {
// enterIndex = 0
// }
//default:
// enterKeys = utils.InsertSlice(enterIndex, []rune(msg.Content), enterKeys)
// enterIndex++
//}
_, err := nextTerminal.Write(input)
if err != nil {
log.Debugf("SSH会话写入失败: %v", err)
msg := Message{
Type: Closed,
Content: "the remote connection is closed.",
}
_ = WriteMessage(ws, msg)
CloseSessionById(sessionId, TunnelClosed, "远程连接已关闭")
}
case Ping:
_, _, err := nextTerminal.SshClient.Conn.SendRequest("helloworld1024@foxmail.com", true, nil)
if err != nil {
CloseSessionById(sessionId, TunnelClosed, "远程连接已关闭")
} else {
_ = WriteMessage(ws, NewMessage(Ping, ""))
}
}
}
}
return err
}
func ReadMessage(nextTerminal *term.NextTerminal, quitChan chan bool, ws *websocket.Conn) {
func permissionCheck(c echo.Context, assetId string) error {
user, _ := GetCurrentAccount(c)
if constant.TypeUser == user.Type {
// 检测是否有访问权限
assetIds, err := resourceSharerRepository.FindAssetIdsByUserId(user.ID)
if err != nil {
return err
}
var quit bool
for {
select {
case quit = <-quitChan:
if quit {
return
}
default:
p, n, err := nextTerminal.Read()
if err != nil {
msg := Message{
Type: Closed,
Content: err.Error(),
}
_ = WriteMessage(ws, msg)
}
if n > 0 {
s := string(p)
msg := Message{
Type: Data,
Content: s,
}
_ = WriteMessage(ws, msg)
}
time.Sleep(time.Duration(10) * time.Millisecond)
if !utils.Contains(assetIds, assetId) {
return errors.New("您没有权限访问此资产")
}
}
return nil
}
func WriteMessage(ws *websocket.Conn, msg Message) error {
message, err := json.Marshal(msg)
if err != nil {
return err
}
WriteByteMessage(ws, message)
return err
}
func WriteByteMessage(ws *websocket.Conn, p []byte) {
err := ws.WriteMessage(websocket.TextMessage, p)
if err != nil {
log.Debugf("write: %v", err)
}
message := []byte(msg.ToString())
return ws.WriteMessage(websocket.TextMessage, message)
}
func CreateNextTerminalBySession(session model.Session) (*term.NextTerminal, error) {
@ -260,5 +376,46 @@ func CreateNextTerminalBySession(session model.Session) (*term.NextTerminal, err
ip = session.IP
port = session.Port
)
return term.NewNextTerminal(ip, port, username, password, privateKey, passphrase, 10, 10, "")
return term.NewNextTerminal(ip, port, username, password, privateKey, passphrase, 10, 10, "", "", false)
}
func SshMonitor(c echo.Context) error {
ws, err := UpGrader.Upgrade(c.Response().Writer, c.Request(), nil)
if err != nil {
log.Errorf("升级为WebSocket协议失败%v", err.Error())
return err
}
defer ws.Close()
sessionId := c.QueryParam("sessionId")
s, err := sessionRepository.FindById(sessionId)
if err != nil {
return WriteMessage(ws, NewMessage(Closed, "获取会话失败"))
}
nextSession := session.GlobalSessionManager.GetById(sessionId)
if nextSession == nil {
return WriteMessage(ws, NewMessage(Closed, "会话已离线"))
}
obId := utils.UUID()
obSession := &session.Session{
ID: obId,
Protocol: s.Protocol,
Mode: s.Mode,
WebSocket: ws,
}
nextSession.Observer.Add <- obSession
log.Debugf("会话 %v 观察者 %v 进入", sessionId, obId)
for {
_, _, err := ws.ReadMessage()
if err != nil {
log.Debugf("会话 %v 观察者 %v 退出", sessionId, obId)
nextSession.Observer.Del <- obId
break
}
}
return nil
}

6
server/api/ssh_command_deal.go Normal file
View File

@ -0,0 +1,6 @@
package api
func DealCommand(enterKeys []rune) {
println(string(enterKeys))
}

468
server/api/sshd.go Normal file
View File

@ -0,0 +1,468 @@
package api
import (
"encoding/hex"
"errors"
"fmt"
"io"
"path"
"strings"
"time"
"next-terminal/server/config"
"next-terminal/server/constant"
"next-terminal/server/global/cache"
"next-terminal/server/global/session"
"next-terminal/server/guacd"
"next-terminal/server/log"
"next-terminal/server/model"
"next-terminal/server/term"
"next-terminal/server/totp"
"next-terminal/server/utils"
"github.com/gliderlabs/ssh"
"github.com/manifoldco/promptui"
"gorm.io/gorm"
)
func sessionHandler(sess *ssh.Session) {
defer func() {
(*sess).Close()
}()
username := (*sess).User()
remoteAddr := strings.Split((*sess).RemoteAddr().String(), ":")[0]
user, err := userRepository.FindByUsername(username)
if err != nil {
if errors.Is(err, gorm.ErrRecordNotFound) {
_, _ = io.WriteString(*sess, "您输入的账户或密码不正确.\n")
} else {
_, _ = io.WriteString(*sess, err.Error())
}
return
}
// 判断是否需要进行双因素认证
if user.TOTPSecret != "" && user.TOTPSecret != "-" {
totpUI(sess, user, remoteAddr, username)
} else {
// 保存登录日志
_ = SaveLoginLog(remoteAddr, "terminal", username, true, false, utils.UUID(), "")
mainUI(sess, user)
}
}
func totpUI(sess *ssh.Session, user model.User, remoteAddr string, username string) {
validate := func(input string) error {
if len(input) < 6 {
return errors.New("双因素认证授权码必须为6个数字")
}
return nil
}
prompt := promptui.Prompt{
Label: "请输入双因素认证授权码",
Validate: validate,
Mask: '*',
Stdin: *sess,
Stdout: *sess,
}
var success = false
for i := 0; i < 5; i++ {
result, err := prompt.Run()
if err != nil {
fmt.Printf("Prompt failed %v\n", err)
return
}
loginFailCountKey := remoteAddr + username
v, ok := cache.GlobalCache.Get(loginFailCountKey)
if !ok {
v = 1
}
count := v.(int)
if count >= 5 {
_, _ = io.WriteString(*sess, "登录失败次数过多请等待30秒后再试\r\n")
continue
}
if !totp.Validate(result, user.TOTPSecret) {
count++
println(count)
cache.GlobalCache.Set(loginFailCountKey, count, time.Second*time.Duration(30))
// 保存登录日志
_ = SaveLoginLog(remoteAddr, "terminal", username, false, false, "", "双因素认证授权码不正确")
_, _ = io.WriteString(*sess, "您输入的双因素认证授权码不匹配\r\n")
continue
}
success = true
break
}
if success {
// 保存登录日志
_ = SaveLoginLog(remoteAddr, "terminal", username, true, false, utils.UUID(), "")
mainUI(sess, user)
}
}
func mainUI(sess *ssh.Session, user model.User) {
prompt := promptui.Select{
Label: "欢迎使用 Next Terminal请选择您要使用的功能",
Items: []string{"我的资产", "退出系统"},
Stdin: *sess,
Stdout: *sess,
}
MainLoop:
for {
_, result, err := prompt.Run()
if err != nil {
fmt.Printf("Prompt failed %v\n", err)
return
}
switch result {
case "我的资产":
AssetUI(sess, user)
case "退出系统":
break MainLoop
}
}
}
func AssetUI(sess *ssh.Session, user model.User) {
assets, err := assetRepository.FindByProtocolAndUser(constant.SSH, user)
if err != nil {
return
}
quitItem := model.Asset{ID: "quit", Name: "返回上级菜单", Description: "这里是返回上级菜单的选项"}
assets = append([]model.Asset{quitItem}, assets...)
templates := &promptui.SelectTemplates{
Label: "{{ . }}?",
Active: "\U0001F336 {{ .Name | cyan }} ({{ .IP | red }}:{{ .Port | red }})",
Inactive: " {{ .Name | cyan }} ({{ .IP | red }}:{{ .Port | red }})",
Selected: "\U0001F336 {{ .Name | red | cyan }}",
Details: `
--------- 详细信息 ----------
{{ "名称:" | faint }} {{ .Name }}
{{ "主机:" | faint }} {{ .IP }}
{{ "端口:" | faint }} {{ .Port }}
{{ "标签:" | faint }} {{ .Tags }}
{{ "备注:" | faint }} {{ .Description }}
`,
}
searcher := func(input string, index int) bool {
asset := assets[index]
name := strings.Replace(strings.ToLower(asset.Name), " ", "", -1)
input = strings.Replace(strings.ToLower(input), " ", "", -1)
return strings.Contains(name, input)
}
prompt := promptui.Select{
Label: "请选择您要访问的资产",
Items: assets,
Templates: templates,
Size: 4,
Searcher: searcher,
Stdin: *sess,
Stdout: *sess,
}
AssetUILoop:
for {
i, _, err := prompt.Run()
if err != nil {
fmt.Printf("Prompt failed %v\n", err)
return
}
chooseAssetId := assets[i].ID
switch chooseAssetId {
case "quit":
break AssetUILoop
default:
if err := createSession(sess, assets[i].ID, user.ID); err != nil {
_, _ = io.WriteString(*sess, err.Error()+"\r\n")
return
}
}
}
}
func createSession(sess *ssh.Session, assetId, creator string) (err error) {
asset, err := assetRepository.FindById(assetId)
if err != nil {
return err
}
ClientIP := strings.Split((*sess).RemoteAddr().String(), ":")[0]
s := &model.Session{
ID: utils.UUID(),
AssetId: asset.ID,
Username: asset.Username,
Password: asset.Password,
PrivateKey: asset.PrivateKey,
Passphrase: asset.Passphrase,
Protocol: asset.Protocol,
IP: asset.IP,
Port: asset.Port,
Status: constant.NoConnect,
Creator: creator,
ClientIP: ClientIP,
Mode: constant.Terminal,
Upload: "0",
Download: "0",
Delete: "0",
Rename: "0",
StorageId: "",
AccessGatewayId: asset.AccessGatewayId,
}
if asset.AccountType == "credential" {
credential, err := credentialRepository.FindById(asset.CredentialId)
if err != nil {
return nil
}
if credential.Type == constant.Custom {
s.Username = credential.Username
s.Password = credential.Password
} else {
s.Username = credential.Username
s.PrivateKey = credential.PrivateKey
s.Passphrase = credential.Passphrase
}
}
if err := sessionRepository.Create(s); err != nil {
return err
}
return handleAccessAsset(sess, s.ID)
}
func handleAccessAsset(sess *ssh.Session, sessionId string) (err error) {
s, err := sessionRepository.FindByIdAndDecrypt(sessionId)
if err != nil {
return err
}
var (
username = s.Username
password = s.Password
privateKey = s.PrivateKey
passphrase = s.Passphrase
ip = s.IP
port = s.Port
)
if s.AccessGatewayId != "" && s.AccessGatewayId != "-" {
g, err := accessGatewayService.GetGatewayAndReconnectById(s.AccessGatewayId)
if err != nil {
return errors.New("获取接入网关失败:" + err.Error())
}
if !g.Connected {
return errors.New("接入网关不可用:" + g.Message)
}
exposedIP, exposedPort, err := g.OpenSshTunnel(s.ID, ip, port)
if err != nil {
return errors.New("开启SSH隧道失败" + err.Error())
}
defer g.CloseSshTunnel(s.ID)
ip = exposedIP
port = exposedPort
}
pty, winCh, isPty := (*sess).Pty()
if !isPty {
return errors.New("No PTY requested.\n")
}
recording := ""
property, err := propertyRepository.FindByName(guacd.EnableRecording)
if err == nil && property.Value == "true" {
recording = path.Join(config.GlobalCfg.Guacd.Recording, sessionId, "recording.cast")
}
nextTerminal, err := term.NewNextTerminal(ip, port, username, password, privateKey, passphrase, pty.Window.Height, pty.Window.Width, recording, pty.Term, false)
if err != nil {
return err
}
sshSession := nextTerminal.SshSession
writer := NewWriter(sessionId, sess, nextTerminal.Recorder)
sshSession.Stdout = writer
sshSession.Stdin = *sess
sshSession.Stderr = *sess
if err := nextTerminal.RequestPty(pty.Term, pty.Window.Height, pty.Window.Width); err != nil {
return err
}
if err := nextTerminal.Shell(); err != nil {
return err
}
go func() {
log.Debugf("开启窗口大小监控...")
for win := range winCh {
_ = sshSession.WindowChange(win.Height, win.Width)
}
log.Debugf("退出窗口大小监控")
// ==== 修改数据库中的会话状态为已断开,修复用户直接关闭窗口时会话状态不正确的问题 ====
CloseSessionById(sessionId, Normal, "用户正常退出")
// ==== 修改数据库中的会话状态为已断开,修复用户直接关闭窗口时会话状态不正确的问题 ====
}()
// ==== 修改数据库中的会话状态为已连接 ====
sessionForUpdate := model.Session{}
sessionForUpdate.ID = sessionId
sessionForUpdate.Status = constant.Connected
sessionForUpdate.Recording = recording
sessionForUpdate.ConnectedTime = utils.NowJsonTime()
if err := sessionRepository.UpdateById(&sessionForUpdate, sessionId); err != nil {
return err
}
// ==== 修改数据库中的会话状态为已连接 ====
nextSession := &session.Session{
ID: s.ID,
Protocol: s.Protocol,
Mode: s.Mode,
NextTerminal: nextTerminal,
Observer: session.NewObserver(s.ID),
}
go nextSession.Observer.Run()
session.GlobalSessionManager.Add <- nextSession
if err := sshSession.Wait(); err != nil {
return err
}
// ==== 修改数据库中的会话状态为已断开 ====
CloseSessionById(sessionId, Normal, "用户正常退出")
// ==== 修改数据库中的会话状态为已断开 ====
return nil
}
func passwordAuth(ctx ssh.Context, pass string) bool {
username := ctx.User()
remoteAddr := strings.Split(ctx.RemoteAddr().String(), ":")[0]
user, err := userRepository.FindByUsername(username)
if err != nil {
// 保存登录日志
_ = SaveLoginLog(remoteAddr, "terminal", username, false, false, "", "账号或密码不正确")
return false
}
if err := utils.Encoder.Match([]byte(user.Password), []byte(pass)); err != nil {
// 保存登录日志
_ = SaveLoginLog(remoteAddr, "terminal", username, false, false, "", "账号或密码不正确")
return false
}
return true
}
func Setup() {
ssh.Handle(func(s ssh.Session) {
_, _ = io.WriteString(s, fmt.Sprintf(constant.Banner, constant.Version))
defer func() {
if e, ok := recover().(error); ok {
log.Fatal(e)
}
}()
sessionHandler(&s)
})
fmt.Printf("⇨ sshd server started on %v\n", config.GlobalCfg.Sshd.Addr)
err := ssh.ListenAndServe(
config.GlobalCfg.Sshd.Addr,
nil,
ssh.PasswordAuth(passwordAuth),
ssh.HostKeyFile(config.GlobalCfg.Sshd.Key),
)
log.Fatal(fmt.Sprintf("启动sshd服务失败: %v", err.Error()))
}
func init() {
if config.GlobalCfg.Sshd.Enable {
go Setup()
}
}
type Writer struct {
sessionId string
sess *ssh.Session
recorder *term.Recorder
rz bool
sz bool
}
func NewWriter(sessionId string, sess *ssh.Session, recorder *term.Recorder) *Writer {
return &Writer{sessionId: sessionId, sess: sess, recorder: recorder}
}
func (w *Writer) Write(p []byte) (n int, err error) {
if w.recorder != nil {
s := string(p)
if !w.sz && !w.rz {
// rz的开头字符
hexData := hex.EncodeToString(p)
if strings.Contains(hexData, "727a0d2a2a184230303030303030303030303030300d8a11") {
w.sz = true
} else if strings.Contains(hexData, "727a2077616974696e6720746f20726563656976652e2a2a184230313030303030303233626535300d8a11") {
w.rz = true
}
}
if w.sz {
// sz 会以 OO 结尾
if "OO" == s {
w.sz = false
}
} else if w.rz {
// rz 最后会显示 Received /home/xxx
if strings.Contains(s, "Received") {
w.rz = false
// 把上传的文件名称也显示一下
err := w.recorder.WriteData(s)
if err != nil {
return 0, err
}
sendObData(w.sessionId, s)
}
} else {
err := w.recorder.WriteData(s)
if err != nil {
return 0, err
}
sendObData(w.sessionId, s)
}
}
return (*w.sess).Write(p)
}
func sendObData(sessionId, s string) {
nextSession := session.GlobalSessionManager.GetById(sessionId)
if nextSession != nil {
if nextSession.Observer != nil {
obs := nextSession.Observer.All()
for _, ob := range obs {
_ = WriteMessage(ob.WebSocket, NewMessage(Data, s))
}
}
}
}

384
server/api/stats.go Normal file
View File

@ -0,0 +1,384 @@
package api
import (
"bufio"
"fmt"
"strconv"
"strings"
"time"
"next-terminal/server/utils"
"golang.org/x/crypto/ssh"
)
type FileSystem struct {
MountPoint string `json:"mountPoint"`
Used uint64 `json:"used"`
Free uint64 `json:"free"`
}
type Network struct {
IPv4 string `json:"ipv4"`
IPv6 string `json:"ipv6"`
Rx uint64 `json:"rx"`
Tx uint64 `json:"tx"`
}
type cpuRaw struct {
User uint64 // time spent in user mode
Nice uint64 // time spent in user mode with low priority (nice)
System uint64 // time spent in system mode
Idle uint64 // time spent in the idle task
Iowait uint64 // time spent waiting for I/O to complete (since Linux 2.5.41)
Irq uint64 // time spent servicing interrupts (since 2.6.0-test4)
SoftIrq uint64 // time spent servicing softirqs (since 2.6.0-test4)
Steal uint64 // time spent in other OSes when running in a virtualized environment
Guest uint64 // time spent running a virtual CPU for guest operating systems under the control of the Linux kernel.
Total uint64 // total of all time fields
}
type CPU struct {
User float32 `json:"user"`
Nice float32 `json:"nice"`
System float32 `json:"system"`
Idle float32 `json:"idle"`
IOWait float32 `json:"ioWait"`
Irq float32 `json:"irq"`
SoftIrq float32 `json:"softIrq"`
Steal float32 `json:"steal"`
Guest float32 `json:"guest"`
}
type Stat struct {
Uptime int64 `json:"uptime"`
Hostname string `json:"hostname"`
Load1 string `json:"load1"`
Load5 string `json:"load5"`
Load10 string `json:"load10"`
RunningProcess string `json:"runningProcess"`
TotalProcess string `json:"totalProcess"`
MemTotal uint64 `json:"memTotal"`
MemAvailable uint64 `json:"memAvailable"`
MemFree uint64 `json:"memFree"`
MemBuffers uint64 `json:"memBuffers"`
MemCached uint64 `json:"memCached"`
SwapTotal uint64 `json:"swapTotal"`
SwapFree uint64 `json:"swapFree"`
FileSystems []FileSystem `json:"fileSystems"`
Network map[string]Network `json:"network"`
CPU CPU `json:"cpu"`
}
func GetAllStats(client *ssh.Client) (*Stat, error) {
start := time.Now()
stats := &Stat{}
if err := getUptime(client, stats); err != nil {
return nil, err
}
if err := getHostname(client, stats); err != nil {
return nil, err
}
if err := getLoad(client, stats); err != nil {
return nil, err
}
if err := getMem(client, stats); err != nil {
return nil, err
}
if err := getFileSystems(client, stats); err != nil {
return nil, err
}
if err := getInterfaces(client, stats); err != nil {
return nil, err
}
if err := getInterfaceInfo(client, stats); err != nil {
return nil, err
}
if err := getCPU(client, stats); err != nil {
return nil, err
}
cost := time.Since(start)
fmt.Printf("%s: %v\n", "GetAllStats", cost)
return stats, nil
}
func getHostname(client *ssh.Client, stat *Stat) (err error) {
//defer utils.TimeWatcher("getHostname")
hostname, err := utils.RunCommand(client, "/bin/hostname -f")
if err != nil {
return
}
stat.Hostname = strings.TrimSpace(hostname)
return
}
func getUptime(client *ssh.Client, stat *Stat) (err error) {
//defer utils.TimeWatcher("getUptime")
uptime, err := utils.RunCommand(client, "/bin/cat /proc/uptime")
if err != nil {
return
}
parts := strings.Fields(uptime)
if len(parts) == 2 {
var upSeconds float64
upSeconds, err = strconv.ParseFloat(parts[0], 64)
if err != nil {
return
}
stat.Uptime = int64(upSeconds * 1000)
}
return
}
func getLoad(client *ssh.Client, stat *Stat) (err error) {
//defer utils.TimeWatcher("getLoad")
line, err := utils.RunCommand(client, "/bin/cat /proc/loadavg")
if err != nil {
return
}
parts := strings.Fields(line)
if len(parts) == 5 {
stat.Load1 = parts[0]
stat.Load5 = parts[1]
stat.Load10 = parts[2]
if i := strings.Index(parts[3], "/"); i != -1 {
stat.RunningProcess = parts[3][0:i]
if i+1 < len(parts[3]) {
stat.TotalProcess = parts[3][i+1:]
}
}
}
return
}
func getMem(client *ssh.Client, stat *Stat) (err error) {
//defer utils.TimeWatcher("getMem")
lines, err := utils.RunCommand(client, "/bin/cat /proc/meminfo")
if err != nil {
return
}
scanner := bufio.NewScanner(strings.NewReader(lines))
for scanner.Scan() {
line := scanner.Text()
parts := strings.Fields(line)
if len(parts) == 3 {
val, err := strconv.ParseUint(parts[1], 10, 64)
if err != nil {
continue
}
val *= 1024
switch parts[0] {
case "MemTotal:":
stat.MemTotal = val
case "MemFree:":
stat.MemFree = val
case "MemAvailable:":
stat.MemAvailable = val
case "Buffers:":
stat.MemBuffers = val
case "Cached:":
stat.MemCached = val
case "SwapTotal:":
stat.SwapTotal = val
case "SwapFree:":
stat.SwapFree = val
}
}
}
return
}
func getFileSystems(client *ssh.Client, stat *Stat) (err error) {
//defer utils.TimeWatcher("getFileSystems")
lines, err := utils.RunCommand(client, "/bin/df -B1")
if err != nil {
return
}
scanner := bufio.NewScanner(strings.NewReader(lines))
flag := 0
for scanner.Scan() {
line := scanner.Text()
parts := strings.Fields(line)
n := len(parts)
dev := n > 0 && strings.Index(parts[0], "/dev/") == 0
if n == 1 && dev {
flag = 1
} else if (n == 5 && flag == 1) || (n == 6 && dev) {
i := flag
flag = 0
used, err := strconv.ParseUint(parts[2-i], 10, 64)
if err != nil {
continue
}
free, err := strconv.ParseUint(parts[3-i], 10, 64)
if err != nil {
continue
}
stat.FileSystems = append(stat.FileSystems, FileSystem{
parts[5-i], used, free,
})
}
}
return
}
func getInterfaces(client *ssh.Client, stats *Stat) (err error) {
//defer utils.TimeWatcher("getInterfaces")
var lines string
lines, err = utils.RunCommand(client, "/bin/ip -o addr")
if err != nil {
// try /sbin/ip
lines, err = utils.RunCommand(client, "/sbin/ip -o addr")
if err != nil {
return
}
}
if stats.Network == nil {
stats.Network = make(map[string]Network)
}
scanner := bufio.NewScanner(strings.NewReader(lines))
for scanner.Scan() {
line := scanner.Text()
parts := strings.Fields(line)
if len(parts) >= 4 && (parts[2] == "inet" || parts[2] == "inet6") {
ipv4 := parts[2] == "inet"
intfname := parts[1]
if info, ok := stats.Network[intfname]; ok {
if ipv4 {
info.IPv4 = parts[3]
} else {
info.IPv6 = parts[3]
}
stats.Network[intfname] = info
} else {
info := Network{}
if ipv4 {
info.IPv4 = parts[3]
} else {
info.IPv6 = parts[3]
}
stats.Network[intfname] = info
}
}
}
return
}
func getInterfaceInfo(client *ssh.Client, stats *Stat) (err error) {
//defer utils.TimeWatcher("getInterfaceInfo")
lines, err := utils.RunCommand(client, "/bin/cat /proc/net/dev")
if err != nil {
return
}
if stats.Network == nil {
return
} // should have been here already
scanner := bufio.NewScanner(strings.NewReader(lines))
for scanner.Scan() {
line := scanner.Text()
parts := strings.Fields(line)
if len(parts) == 17 {
intf := strings.TrimSpace(parts[0])
intf = strings.TrimSuffix(intf, ":")
if info, ok := stats.Network[intf]; ok {
rx, err := strconv.ParseUint(parts[1], 10, 64)
if err != nil {
continue
}
tx, err := strconv.ParseUint(parts[9], 10, 64)
if err != nil {
continue
}
info.Rx = rx
info.Tx = tx
stats.Network[intf] = info
}
}
}
return
}
func parseCPUFields(fields []string, stat *cpuRaw) {
numFields := len(fields)
for i := 1; i < numFields; i++ {
val, err := strconv.ParseUint(fields[i], 10, 64)
if err != nil {
continue
}
stat.Total += val
switch i {
case 1:
stat.User = val
case 2:
stat.Nice = val
case 3:
stat.System = val
case 4:
stat.Idle = val
case 5:
stat.Iowait = val
case 6:
stat.Irq = val
case 7:
stat.SoftIrq = val
case 8:
stat.Steal = val
case 9:
stat.Guest = val
}
}
}
// the CPU stats that were fetched last time round
var preCPU cpuRaw
func getCPU(client *ssh.Client, stats *Stat) (err error) {
//defer utils.TimeWatcher("getCPU")
lines, err := utils.RunCommand(client, "/bin/cat /proc/stat")
if err != nil {
return
}
var (
nowCPU cpuRaw
total float32
)
scanner := bufio.NewScanner(strings.NewReader(lines))
for scanner.Scan() {
line := scanner.Text()
fields := strings.Fields(line)
if len(fields) > 0 && fields[0] == "cpu" { // changing here if want to get every cpu-core's stats
parseCPUFields(fields, &nowCPU)
break
}
}
if preCPU.Total == 0 { // having no pre raw cpu data
goto END
}
total = float32(nowCPU.Total - preCPU.Total)
stats.CPU.User = float32(nowCPU.User-preCPU.User) / total * 100
stats.CPU.Nice = float32(nowCPU.Nice-preCPU.Nice) / total * 100
stats.CPU.System = float32(nowCPU.System-preCPU.System) / total * 100
stats.CPU.Idle = float32(nowCPU.Idle-preCPU.Idle) / total * 100
stats.CPU.IOWait = float32(nowCPU.Iowait-preCPU.Iowait) / total * 100
stats.CPU.Irq = float32(nowCPU.Irq-preCPU.Irq) / total * 100
stats.CPU.SoftIrq = float32(nowCPU.SoftIrq-preCPU.SoftIrq) / total * 100
stats.CPU.Guest = float32(nowCPU.Guest-preCPU.Guest) / total * 100
END:
preCPU = nowCPU
return
}

353
server/api/storage.go Normal file
View File

@ -0,0 +1,353 @@
package api
import (
"bufio"
"errors"
"io"
"mime/multipart"
"os"
"path"
"strconv"
"strings"
"next-terminal/server/constant"
"next-terminal/server/model"
"next-terminal/server/utils"
"github.com/labstack/echo/v4"
)
func StoragePagingEndpoint(c echo.Context) error {
pageIndex, _ := strconv.Atoi(c.QueryParam("pageIndex"))
pageSize, _ := strconv.Atoi(c.QueryParam("pageSize"))
name := c.QueryParam("name")
order := c.QueryParam("order")
field := c.QueryParam("field")
items, total, err := storageRepository.Find(pageIndex, pageSize, name, order, field)
if err != nil {
return err
}
drivePath := storageService.GetBaseDrivePath()
for i := range items {
item := items[i]
dirSize, err := utils.DirSize(path.Join(drivePath, item.ID))
if err != nil {
items[i].UsedSize = -1
} else {
items[i].UsedSize = dirSize
}
}
return Success(c, H{
"total": total,
"items": items,
})
}
func StorageCreateEndpoint(c echo.Context) error {
var item model.Storage
if err := c.Bind(&item); err != nil {
return err
}
account, _ := GetCurrentAccount(c)
item.ID = utils.UUID()
item.Created = utils.NowJsonTime()
item.Owner = account.ID
// 创建对应的目录文件夹
drivePath := storageService.GetBaseDrivePath()
if err := os.MkdirAll(path.Join(drivePath, item.ID), os.ModePerm); err != nil {
return err
}
if err := storageRepository.Create(&item); err != nil {
return err
}
return Success(c, "")
}
func StorageUpdateEndpoint(c echo.Context) error {
id := c.Param("id")
var item model.Storage
if err := c.Bind(&item); err != nil {
return err
}
drivePath := storageService.GetBaseDrivePath()
dirSize, err := utils.DirSize(path.Join(drivePath, item.ID))
if err != nil {
return err
}
if item.LimitSize > 0 && item.LimitSize < dirSize {
// 不能小于已使用的大小
return errors.New("空间大小不能小于已使用大小")
}
storage, err := storageRepository.FindById(id)
if err != nil {
return err
}
storage.Name = item.Name
storage.LimitSize = item.LimitSize
storage.IsShare = item.IsShare
if err := storageRepository.UpdateById(&storage, id); err != nil {
return err
}
return Success(c, "")
}
func StorageGetEndpoint(c echo.Context) error {
storageId := c.Param("id")
storage, err := storageRepository.FindById(storageId)
if err != nil {
return err
}
structMap := utils.StructToMap(storage)
drivePath := storageService.GetBaseDrivePath()
dirSize, err := utils.DirSize(path.Join(drivePath, storageId))
if err != nil {
structMap["usedSize"] = -1
} else {
structMap["usedSize"] = dirSize
}
return Success(c, structMap)
}
func StorageSharesEndpoint(c echo.Context) error {
storages, err := storageRepository.FindShares()
if err != nil {
return err
}
return Success(c, storages)
}
func StorageDeleteEndpoint(c echo.Context) error {
ids := c.Param("id")
split := strings.Split(ids, ",")
for i := range split {
id := split[i]
if err := storageService.DeleteStorageById(id, false); err != nil {
return err
}
}
return Success(c, nil)
}
func PermissionCheck(c echo.Context, id string) error {
storage, err := storageRepository.FindById(id)
if err != nil {
return err
}
account, _ := GetCurrentAccount(c)
if account.Type != constant.TypeAdmin {
if storage.Owner != account.ID {
return errors.New("您没有权限访问此地址 :(")
}
}
return nil
}
func StorageLsEndpoint(c echo.Context) error {
storageId := c.Param("storageId")
if err := PermissionCheck(c, storageId); err != nil {
return err
}
remoteDir := c.FormValue("dir")
return StorageLs(c, remoteDir, storageId)
}
func StorageLs(c echo.Context, remoteDir, storageId string) error {
drivePath := storageService.GetBaseDrivePath()
if strings.Contains(remoteDir, "../") {
return Fail(c, -1, "非法请求 :(")
}
files, err := storageService.Ls(path.Join(drivePath, storageId), remoteDir)
if err != nil {
return err
}
return Success(c, files)
}
func StorageDownloadEndpoint(c echo.Context) error {
storageId := c.Param("storageId")
if err := PermissionCheck(c, storageId); err != nil {
return err
}
remoteFile := c.QueryParam("file")
return StorageDownload(c, remoteFile, storageId)
}
func StorageDownload(c echo.Context, remoteFile, storageId string) error {
drivePath := storageService.GetBaseDrivePath()
if strings.Contains(remoteFile, "../") {
return Fail(c, -1, "非法请求 :(")
}
// 获取带后缀的文件名称
filenameWithSuffix := path.Base(remoteFile)
return c.Attachment(path.Join(path.Join(drivePath, storageId), remoteFile), filenameWithSuffix)
}
func StorageUploadEndpoint(c echo.Context) error {
storageId := c.Param("storageId")
if err := PermissionCheck(c, storageId); err != nil {
return err
}
file, err := c.FormFile("file")
if err != nil {
return err
}
return StorageUpload(c, file, storageId)
}
func StorageUpload(c echo.Context, file *multipart.FileHeader, storageId string) error {
drivePath := storageService.GetBaseDrivePath()
storage, _ := storageRepository.FindById(storageId)
if storage.LimitSize > 0 {
dirSize, err := utils.DirSize(path.Join(drivePath, storageId))
if err != nil {
return err
}
if dirSize+file.Size > storage.LimitSize {
return errors.New("可用空间不足")
}
}
filename := file.Filename
src, err := file.Open()
if err != nil {
return err
}
remoteDir := c.QueryParam("dir")
remoteFile := path.Join(remoteDir, filename)
if strings.Contains(remoteDir, "../") {
return Fail(c, -1, "非法请求 :(")
}
if strings.Contains(remoteFile, "../") {
return Fail(c, -1, "非法请求 :(")
}
// 判断文件夹不存在时自动创建
dir := path.Join(path.Join(drivePath, storageId), remoteDir)
if !utils.FileExists(dir) {
if err := os.MkdirAll(dir, os.ModePerm); err != nil {
return err
}
}
// Destination
dst, err := os.Create(path.Join(path.Join(drivePath, storageId), remoteFile))
if err != nil {
return err
}
defer dst.Close()
// Copy
if _, err = io.Copy(dst, src); err != nil {
return err
}
return Success(c, nil)
}
func StorageMkDirEndpoint(c echo.Context) error {
storageId := c.Param("storageId")
if err := PermissionCheck(c, storageId); err != nil {
return err
}
remoteDir := c.QueryParam("dir")
return StorageMkDir(c, remoteDir, storageId)
}
func StorageMkDir(c echo.Context, remoteDir, storageId string) error {
drivePath := storageService.GetBaseDrivePath()
if strings.Contains(remoteDir, "../") {
return Fail(c, -1, ":) 非法请求")
}
if err := os.MkdirAll(path.Join(path.Join(drivePath, storageId), remoteDir), os.ModePerm); err != nil {
return err
}
return Success(c, nil)
}
func StorageRmEndpoint(c echo.Context) error {
storageId := c.Param("storageId")
if err := PermissionCheck(c, storageId); err != nil {
return err
}
// 文件夹或者文件
file := c.FormValue("file")
return StorageRm(c, file, storageId)
}
func StorageRm(c echo.Context, file, storageId string) error {
drivePath := storageService.GetBaseDrivePath()
if strings.Contains(file, "../") {
return Fail(c, -1, ":) 非法请求")
}
if err := os.RemoveAll(path.Join(path.Join(drivePath, storageId), file)); err != nil {
return err
}
return Success(c, nil)
}
func StorageRenameEndpoint(c echo.Context) error {
storageId := c.Param("storageId")
if err := PermissionCheck(c, storageId); err != nil {
return err
}
oldName := c.QueryParam("oldName")
newName := c.QueryParam("newName")
return StorageRename(c, oldName, newName, storageId)
}
func StorageRename(c echo.Context, oldName, newName, storageId string) error {
drivePath := storageService.GetBaseDrivePath()
if strings.Contains(oldName, "../") {
return Fail(c, -1, ":) 非法请求")
}
if strings.Contains(newName, "../") {
return Fail(c, -1, ":) 非法请求")
}
if err := os.Rename(path.Join(path.Join(drivePath, storageId), oldName), path.Join(path.Join(drivePath, storageId), newName)); err != nil {
return err
}
return Success(c, nil)
}
func StorageEditEndpoint(c echo.Context) error {
storageId := c.Param("storageId")
if err := PermissionCheck(c, storageId); err != nil {
return err
}
file := c.Param("file")
fileContent := c.Param("fileContent")
return StorageEdit(c, file, fileContent, storageId)
}
func StorageEdit(c echo.Context, file string, fileContent string, storageId string) error {
drivePath := storageService.GetBaseDrivePath()
if strings.Contains(file, "../") {
return Fail(c, -1, ":) 非法请求")
}
realFilePath := path.Join(path.Join(drivePath, storageId), file)
dstFile, err := os.OpenFile(realFilePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0666)
if err != nil {
return err
}
defer dstFile.Close()
write := bufio.NewWriter(dstFile)
if _, err := write.WriteString(fileContent); err != nil {
return err
}
if err := write.Flush(); err != nil {
return err
}
return Success(c, nil)
}

77
server/api/strategy.go Normal file
View File

@ -0,0 +1,77 @@
package api
import (
"strconv"
"strings"
"next-terminal/server/model"
"next-terminal/server/utils"
"github.com/labstack/echo/v4"
)
func StrategyAllEndpoint(c echo.Context) error {
items, err := strategyRepository.FindAll()
if err != nil {
return err
}
return Success(c, items)
}
func StrategyPagingEndpoint(c echo.Context) error {
pageIndex, _ := strconv.Atoi(c.QueryParam("pageIndex"))
pageSize, _ := strconv.Atoi(c.QueryParam("pageSize"))
name := c.QueryParam("name")
order := c.QueryParam("order")
field := c.QueryParam("field")
items, total, err := strategyRepository.Find(pageIndex, pageSize, name, order, field)
if err != nil {
return err
}
return Success(c, H{
"total": total,
"items": items,
})
}
func StrategyCreateEndpoint(c echo.Context) error {
var item model.Strategy
if err := c.Bind(&item); err != nil {
return err
}
item.ID = utils.UUID()
item.Created = utils.NowJsonTime()
if err := strategyRepository.Create(&item); err != nil {
return err
}
return Success(c, "")
}
func StrategyDeleteEndpoint(c echo.Context) error {
ids := c.Param("id")
split := strings.Split(ids, ",")
for i := range split {
id := split[i]
if err := strategyRepository.DeleteById(id); err != nil {
return err
}
}
return Success(c, nil)
}
func StrategyUpdateEndpoint(c echo.Context) error {
id := c.Param("id")
var item model.Strategy
if err := c.Bind(&item); err != nil {
return err
}
if err := strategyRepository.UpdateById(&item, id); err != nil {
return err
}
return Success(c, "")
}

66
server/api/test/test.go Normal file
View File

@ -0,0 +1,66 @@
package main
import (
"fmt"
"strings"
"github.com/manifoldco/promptui"
)
type pepper struct {
Name string
HeatUnit int
Peppers int
}
func main() {
peppers := []pepper{
{Name: "Bell Pepper", HeatUnit: 0, Peppers: 0},
{Name: "Banana Pepper", HeatUnit: 100, Peppers: 1},
{Name: "Poblano", HeatUnit: 1000, Peppers: 2},
{Name: "Jalapeño", HeatUnit: 3500, Peppers: 3},
{Name: "Aleppo", HeatUnit: 10000, Peppers: 4},
{Name: "Tabasco", HeatUnit: 30000, Peppers: 5},
{Name: "Malagueta", HeatUnit: 50000, Peppers: 6},
{Name: "Habanero", HeatUnit: 100000, Peppers: 7},
{Name: "Red Savina Habanero", HeatUnit: 350000, Peppers: 8},
{Name: "Dragons Breath", HeatUnit: 855000, Peppers: 9},
}
templates := &promptui.SelectTemplates{
Label: "{{ . }}?",
Active: "\U0001F336 {{ .Name | cyan }} ({{ .HeatUnit | red }})",
Inactive: " {{ .Name | cyan }} ({{ .HeatUnit | red }})",
Selected: "\U0001F336 {{ .Name | red | cyan }}",
Details: `
--------- Pepper ----------
{{ "Name:" | faint }} {{ .Name }}/
{{ "Heat Unit:" | faint }} {{ .HeatUnit }}
{{ "Peppers:" | faint }} {{ .Peppers }}`,
}
searcher := func(input string, index int) bool {
pepper := peppers[index]
name := strings.Replace(strings.ToLower(pepper.Name), " ", "", -1)
input = strings.Replace(strings.ToLower(input), " ", "", -1)
return strings.Contains(name, input)
}
prompt := promptui.Select{
Label: "Spicy Level",
Items: peppers,
Templates: templates,
Size: 4,
Searcher: searcher,
}
i, _, err := prompt.Run()
if err != nil {
fmt.Printf("Prompt failed %v\n", err)
return
}
fmt.Printf("You choose number %d: %s\n", i+1, peppers[i].Name)
}

383
server/api/tunnel.go
View File

@ -1,26 +1,34 @@
package api
import (
"context"
"encoding/base64"
"errors"
"path"
"strconv"
"time"
"next-terminal/pkg/constant"
"next-terminal/pkg/global"
"next-terminal/pkg/guacd"
"next-terminal/pkg/log"
"next-terminal/server/config"
"next-terminal/server/constant"
"next-terminal/server/global/session"
"next-terminal/server/guacd"
"next-terminal/server/log"
"next-terminal/server/model"
"next-terminal/server/utils"
"github.com/gorilla/websocket"
"github.com/labstack/echo/v4"
)
const (
TunnelClosed int = -1
Normal int = 0
NotFoundSession int = 800
NewTunnelError int = 801
ForcedDisconnect int = 802
TunnelClosed int = -1
Normal int = 0
NotFoundSession int = 800
NewTunnelError int = 801
ForcedDisconnect int = 802
AccessGatewayUnAvailable int = 803
AccessGatewayCreateError int = 804
AccessGatewayConnectError int = 804
)
func TunEndpoint(c echo.Context) error {
@ -44,111 +52,63 @@ func TunEndpoint(c echo.Context) error {
propertyMap := propertyRepository.FindAllMap()
var session model.Session
var s model.Session
if len(connectionId) > 0 {
session, err = sessionRepository.FindByConnectionId(connectionId)
s, err = sessionRepository.FindByConnectionId(connectionId)
if err != nil {
log.Warnf("会话不存在")
return err
}
if session.Status != constant.Connected {
log.Warnf("会话未在线")
if s.Status != constant.Connected {
return errors.New("会话未在线")
}
configuration.ConnectionID = connectionId
sessionId = session.ID
configuration.SetParameter("width", strconv.Itoa(session.Width))
configuration.SetParameter("height", strconv.Itoa(session.Height))
sessionId = s.ID
configuration.SetParameter("width", strconv.Itoa(s.Width))
configuration.SetParameter("height", strconv.Itoa(s.Height))
configuration.SetParameter("dpi", "96")
} else {
configuration.SetParameter("width", width)
configuration.SetParameter("height", height)
configuration.SetParameter("dpi", dpi)
session, err = sessionRepository.FindByIdAndDecrypt(sessionId)
s, err = sessionRepository.FindByIdAndDecrypt(sessionId)
if err != nil {
CloseSessionById(sessionId, NotFoundSession, "会话不存在")
return err
}
if propertyMap[guacd.EnableRecording] == "true" {
configuration.SetParameter(guacd.RecordingPath, path.Join(propertyMap[guacd.RecordingPath], sessionId))
configuration.SetParameter(guacd.CreateRecordingPath, propertyMap[guacd.CreateRecordingPath])
} else {
configuration.SetParameter(guacd.RecordingPath, "")
}
configuration.Protocol = session.Protocol
switch configuration.Protocol {
case "rdp":
configuration.SetParameter("username", session.Username)
configuration.SetParameter("password", session.Password)
configuration.SetParameter("security", "any")
configuration.SetParameter("ignore-cert", "true")
configuration.SetParameter("create-drive-path", "true")
configuration.SetParameter("resize-method", "reconnect")
configuration.SetParameter(guacd.EnableDrive, propertyMap[guacd.EnableDrive])
configuration.SetParameter(guacd.DriveName, propertyMap[guacd.DriveName])
configuration.SetParameter(guacd.DrivePath, propertyMap[guacd.DrivePath])
configuration.SetParameter(guacd.EnableWallpaper, propertyMap[guacd.EnableWallpaper])
configuration.SetParameter(guacd.EnableTheming, propertyMap[guacd.EnableTheming])
configuration.SetParameter(guacd.EnableFontSmoothing, propertyMap[guacd.EnableFontSmoothing])
configuration.SetParameter(guacd.EnableFullWindowDrag, propertyMap[guacd.EnableFullWindowDrag])
configuration.SetParameter(guacd.EnableDesktopComposition, propertyMap[guacd.EnableDesktopComposition])
configuration.SetParameter(guacd.EnableMenuAnimations, propertyMap[guacd.EnableMenuAnimations])
configuration.SetParameter(guacd.DisableBitmapCaching, propertyMap[guacd.DisableBitmapCaching])
configuration.SetParameter(guacd.DisableOffscreenCaching, propertyMap[guacd.DisableOffscreenCaching])
configuration.SetParameter(guacd.DisableGlyphCaching, propertyMap[guacd.DisableGlyphCaching])
case "ssh":
if len(session.PrivateKey) > 0 && session.PrivateKey != "-" {
configuration.SetParameter("username", session.Username)
configuration.SetParameter("private-key", session.PrivateKey)
configuration.SetParameter("passphrase", session.Passphrase)
} else {
configuration.SetParameter("username", session.Username)
configuration.SetParameter("password", session.Password)
setConfig(propertyMap, s, configuration)
var (
ip = s.IP
port = s.Port
)
if s.AccessGatewayId != "" && s.AccessGatewayId != "-" {
g, err := accessGatewayService.GetGatewayAndReconnectById(s.AccessGatewayId)
if err != nil {
disconnect(ws, AccessGatewayUnAvailable, "获取接入网关失败:"+err.Error())
return nil
}
configuration.SetParameter(guacd.FontSize, propertyMap[guacd.FontSize])
configuration.SetParameter(guacd.FontName, propertyMap[guacd.FontName])
configuration.SetParameter(guacd.ColorScheme, propertyMap[guacd.ColorScheme])
configuration.SetParameter(guacd.Backspace, propertyMap[guacd.Backspace])
configuration.SetParameter(guacd.TerminalType, propertyMap[guacd.TerminalType])
case "vnc":
configuration.SetParameter("username", session.Username)
configuration.SetParameter("password", session.Password)
case "telnet":
configuration.SetParameter("username", session.Username)
configuration.SetParameter("password", session.Password)
configuration.SetParameter(guacd.FontSize, propertyMap[guacd.FontSize])
configuration.SetParameter(guacd.FontName, propertyMap[guacd.FontName])
configuration.SetParameter(guacd.ColorScheme, propertyMap[guacd.ColorScheme])
configuration.SetParameter(guacd.Backspace, propertyMap[guacd.Backspace])
configuration.SetParameter(guacd.TerminalType, propertyMap[guacd.TerminalType])
case "kubernetes":
configuration.SetParameter(guacd.FontSize, propertyMap[guacd.FontSize])
configuration.SetParameter(guacd.FontName, propertyMap[guacd.FontName])
configuration.SetParameter(guacd.ColorScheme, propertyMap[guacd.ColorScheme])
configuration.SetParameter(guacd.Backspace, propertyMap[guacd.Backspace])
configuration.SetParameter(guacd.TerminalType, propertyMap[guacd.TerminalType])
default:
log.WithField("configuration.Protocol", configuration.Protocol).Error("UnSupport Protocol")
return Fail(c, 400, "不支持的协议")
if !g.Connected {
disconnect(ws, AccessGatewayUnAvailable, "接入网关不可用:"+g.Message)
return nil
}
exposedIP, exposedPort, err := g.OpenSshTunnel(s.ID, ip, port)
if err != nil {
disconnect(ws, AccessGatewayCreateError, "创建SSH隧道失败"+err.Error())
return nil
}
defer g.CloseSshTunnel(s.ID)
ip = exposedIP
port = exposedPort
}
configuration.SetParameter("hostname", session.IP)
configuration.SetParameter("port", strconv.Itoa(session.Port))
configuration.SetParameter("hostname", ip)
configuration.SetParameter("port", strconv.Itoa(port))
// 加载资产配置的属性,优先级比全局配置的高,因此最后加载,覆盖掉全局配置
attributes, _ := assetRepository.FindAttrById(session.AssetId)
attributes, err := assetRepository.FindAssetAttrMapByAssetId(s.AssetId)
if err != nil {
return err
}
if len(attributes) > 0 {
for i := range attributes {
attribute := attributes[i]
configuration.SetParameter(attribute.Name, attribute.Value)
}
setAssetConfig(attributes, s, configuration)
}
}
for name := range configuration.Parameters {
@ -158,94 +118,235 @@ func TunEndpoint(c echo.Context) error {
}
}
addr := propertyMap[guacd.Host] + ":" + propertyMap[guacd.Port]
addr := config.GlobalCfg.Guacd.Hostname + ":" + strconv.Itoa(config.GlobalCfg.Guacd.Port)
log.Debugf("[%v:%v] 创建guacd隧道[%v]", sessionId, connectionId, addr)
tunnel, err := guacd.NewTunnel(addr, configuration)
guacdTunnel, err := guacd.NewTunnel(addr, configuration)
if err != nil {
if connectionId == "" {
CloseSessionById(sessionId, NewTunnelError, err.Error())
disconnect(ws, NewTunnelError, err.Error())
}
log.Printf("建立连接失败: %v", err.Error())
log.Printf("[%v:%v] 建立连接失败: %v", sessionId, connectionId, err.Error())
return err
}
tun := global.Tun{
Protocol: session.Protocol,
Mode: session.Mode,
WebSocket: ws,
Tunnel: tunnel,
nextSession := &session.Session{
ID: sessionId,
Protocol: s.Protocol,
Mode: s.Mode,
WebSocket: ws,
GuacdTunnel: guacdTunnel,
}
if len(session.ConnectionId) == 0 {
var observers []global.Tun
observable := global.Observable{
Subject: &tun,
Observers: observers,
if len(s.ConnectionId) == 0 {
if configuration.Protocol == constant.SSH {
nextTerminal, err := CreateNextTerminalBySession(s)
if err != nil {
return err
}
nextSession.NextTerminal = nextTerminal
}
global.Store.Set(sessionId, &observable)
nextSession.Observer = session.NewObserver(sessionId)
session.GlobalSessionManager.Add <- nextSession
go nextSession.Observer.Run()
sess := model.Session{
ConnectionId: tunnel.UUID,
ConnectionId: guacdTunnel.UUID,
Width: intWidth,
Height: intHeight,
Status: constant.Connecting,
Recording: configuration.GetParameter(guacd.RecordingPath),
}
// 创建新会话
log.Debugf("创建新会话 %v", sess.ConnectionId)
log.Debugf("[%v:%v] 创建新会话: %v", sessionId, connectionId, sess.ConnectionId)
if err := sessionRepository.UpdateById(&sess, sessionId); err != nil {
return err
}
} else {
// 监控会话
observable, ok := global.Store.Get(sessionId)
if ok {
observers := append(observable.Observers, tun)
observable.Observers = observers
global.Store.Set(sessionId, observable)
log.Debugf("加入会话%v,当前观察者数量为:%v", session.ConnectionId, len(observers))
// 监控会话
forObsSession := session.GlobalSessionManager.GetById(sessionId)
if forObsSession == nil {
disconnect(ws, NotFoundSession, "获取会话失败")
return nil
}
nextSession.ID = utils.UUID()
forObsSession.Observer.Add <- nextSession
log.Debugf("[%v:%v] 观察者[%v]加入会话[%v]", sessionId, connectionId, nextSession.ID, s.ConnectionId)
}
ctx, cancel := context.WithCancel(context.Background())
tick := time.NewTicker(time.Millisecond * time.Duration(60))
defer tick.Stop()
var buf []byte
dataChan := make(chan []byte)
go func() {
GuacdLoop:
for {
instruction, err := tunnel.Read()
if err != nil {
if connectionId == "" {
CloseSessionById(sessionId, TunnelClosed, "远程连接关闭")
select {
case <-ctx.Done():
log.Debugf("[%v:%v] WebSocket 已关闭,即将关闭 Guacd 连接...", sessionId, connectionId)
break GuacdLoop
default:
instruction, err := guacdTunnel.Read()
if err != nil {
log.Debugf("[%v:%v] Guacd 读取失败,即将退出循环...", sessionId, connectionId)
disconnect(ws, TunnelClosed, "远程连接已关闭")
break GuacdLoop
}
break
}
if len(instruction) == 0 {
continue
}
err = ws.WriteMessage(websocket.TextMessage, instruction)
if err != nil {
if connectionId == "" {
CloseSessionById(sessionId, Normal, "正常退出")
if len(instruction) == 0 {
continue
}
break
dataChan <- instruction
}
}
log.Debugf("[%v:%v] Guacd 连接已关闭,退出 Guacd 循环。", sessionId, connectionId)
}()
go func() {
tickLoop:
for {
select {
case <-ctx.Done():
break tickLoop
case <-tick.C:
if len(buf) > 0 {
err = ws.WriteMessage(websocket.TextMessage, buf)
if err != nil {
log.Debugf("[%v:%v] WebSocket写入失败即将关闭Guacd连接...", sessionId, connectionId)
break tickLoop
}
buf = []byte{}
}
case data := <-dataChan:
buf = append(buf, data...)
}
}
log.Debugf("[%v:%v] Guacd连接已关闭退出定时器循环。", sessionId, connectionId)
}()
for {
_, message, err := ws.ReadMessage()
if err != nil {
if connectionId == "" {
CloseSessionById(sessionId, Normal, "正常退出")
log.Debugf("[%v:%v] WebSocket已关闭", sessionId, connectionId)
// guacdTunnel.Read() 会阻塞所以要先把guacdTunnel客户端关闭才能退出Guacd循环
_ = guacdTunnel.Close()
if connectionId != "" {
observerId := nextSession.ID
forObsSession := session.GlobalSessionManager.GetById(sessionId)
if forObsSession != nil {
// 移除会话中保存的观察者信息
forObsSession.Observer.Del <- observerId
log.Debugf("[%v:%v] 观察者[%v]退出会话", sessionId, connectionId, observerId)
}
} else {
CloseSessionById(sessionId, Normal, "用户正常退出")
}
cancel()
break
}
_, err = tunnel.WriteAndFlush(message)
_, err = guacdTunnel.WriteAndFlush(message)
if err != nil {
if connectionId == "" {
CloseSessionById(sessionId, TunnelClosed, "远程连接关闭")
}
break
CloseSessionById(sessionId, TunnelClosed, "远程连接已关闭")
}
}
return err
return nil
}
func setAssetConfig(attributes map[string]string, s model.Session, configuration *guacd.Configuration) {
for key, value := range attributes {
if guacd.DrivePath == key {
// 忽略该参数
continue
}
if guacd.EnableDrive == key && value == "true" {
storageId := attributes[guacd.DrivePath]
if storageId == "" || storageId == "-" {
// 默认空间ID和用户ID相同
storageId = s.Creator
}
realPath := path.Join(storageService.GetBaseDrivePath(), storageId)
configuration.SetParameter(guacd.EnableDrive, "true")
configuration.SetParameter(guacd.DriveName, "Next Terminal Filesystem")
configuration.SetParameter(guacd.DrivePath, realPath)
log.Debugf("[%v] 会话 %v:%v 映射目录地址为 %v", s.ID, s.IP, s.Port, realPath)
} else {
configuration.SetParameter(key, value)
}
}
}
func setConfig(propertyMap map[string]string, s model.Session, configuration *guacd.Configuration) {
if propertyMap[guacd.EnableRecording] == "true" {
configuration.SetParameter(guacd.RecordingPath, path.Join(config.GlobalCfg.Guacd.Recording, s.ID))
configuration.SetParameter(guacd.CreateRecordingPath, propertyMap[guacd.CreateRecordingPath])
} else {
configuration.SetParameter(guacd.RecordingPath, "")
}
configuration.Protocol = s.Protocol
switch configuration.Protocol {
case "rdp":
configuration.SetParameter("username", s.Username)
configuration.SetParameter("password", s.Password)
configuration.SetParameter("security", "any")
configuration.SetParameter("ignore-cert", "true")
configuration.SetParameter("create-drive-path", "true")
configuration.SetParameter("resize-method", "reconnect")
configuration.SetParameter(guacd.EnableWallpaper, propertyMap[guacd.EnableWallpaper])
configuration.SetParameter(guacd.EnableTheming, propertyMap[guacd.EnableTheming])
configuration.SetParameter(guacd.EnableFontSmoothing, propertyMap[guacd.EnableFontSmoothing])
configuration.SetParameter(guacd.EnableFullWindowDrag, propertyMap[guacd.EnableFullWindowDrag])
configuration.SetParameter(guacd.EnableDesktopComposition, propertyMap[guacd.EnableDesktopComposition])
configuration.SetParameter(guacd.EnableMenuAnimations, propertyMap[guacd.EnableMenuAnimations])
configuration.SetParameter(guacd.DisableBitmapCaching, propertyMap[guacd.DisableBitmapCaching])
configuration.SetParameter(guacd.DisableOffscreenCaching, propertyMap[guacd.DisableOffscreenCaching])
configuration.SetParameter(guacd.DisableGlyphCaching, propertyMap[guacd.DisableGlyphCaching])
case "ssh":
if len(s.PrivateKey) > 0 && s.PrivateKey != "-" {
configuration.SetParameter("username", s.Username)
configuration.SetParameter("private-key", s.PrivateKey)
configuration.SetParameter("passphrase", s.Passphrase)
} else {
configuration.SetParameter("username", s.Username)
configuration.SetParameter("password", s.Password)
}
configuration.SetParameter(guacd.FontSize, propertyMap[guacd.FontSize])
configuration.SetParameter(guacd.FontName, propertyMap[guacd.FontName])
configuration.SetParameter(guacd.ColorScheme, propertyMap[guacd.ColorScheme])
configuration.SetParameter(guacd.Backspace, propertyMap[guacd.Backspace])
configuration.SetParameter(guacd.TerminalType, propertyMap[guacd.TerminalType])
case "vnc":
configuration.SetParameter("username", s.Username)
configuration.SetParameter("password", s.Password)
case "telnet":
configuration.SetParameter("username", s.Username)
configuration.SetParameter("password", s.Password)
configuration.SetParameter(guacd.FontSize, propertyMap[guacd.FontSize])
configuration.SetParameter(guacd.FontName, propertyMap[guacd.FontName])
configuration.SetParameter(guacd.ColorScheme, propertyMap[guacd.ColorScheme])
configuration.SetParameter(guacd.Backspace, propertyMap[guacd.Backspace])
configuration.SetParameter(guacd.TerminalType, propertyMap[guacd.TerminalType])
case "kubernetes":
configuration.SetParameter(guacd.FontSize, propertyMap[guacd.FontSize])
configuration.SetParameter(guacd.FontName, propertyMap[guacd.FontName])
configuration.SetParameter(guacd.ColorScheme, propertyMap[guacd.ColorScheme])
configuration.SetParameter(guacd.Backspace, propertyMap[guacd.Backspace])
configuration.SetParameter(guacd.TerminalType, propertyMap[guacd.TerminalType])
default:
}
}
func disconnect(ws *websocket.Conn, code int, reason string) {
// guacd 无法处理中文字符所以进行了base64编码。
encodeReason := base64.StdEncoding.EncodeToString([]byte(reason))
err := guacd.NewInstruction("error", encodeReason, strconv.Itoa(code))
_ = ws.WriteMessage(websocket.TextMessage, []byte(err.String()))
disconnect := guacd.NewInstruction("disconnect")
_ = ws.WriteMessage(websocket.TextMessage, []byte(disconnect.String()))
}

48
server/api/user.go
View File

@ -1,18 +1,20 @@
package api
import (
"errors"
"strconv"
"strings"
"next-terminal/pkg/global"
"next-terminal/pkg/log"
"next-terminal/server/global/cache"
"next-terminal/server/log"
"next-terminal/server/model"
"next-terminal/server/utils"
"github.com/labstack/echo/v4"
"gorm.io/gorm"
)
func UserCreateEndpoint(c echo.Context) error {
func UserCreateEndpoint(c echo.Context) (err error) {
var item model.User
if err := c.Bind(&item); err != nil {
return err
@ -20,7 +22,6 @@ func UserCreateEndpoint(c echo.Context) error {
password := item.Password
var pass []byte
var err error
if pass, err = utils.Encoder.Encode([]byte(password)); err != nil {
return err
}
@ -32,6 +33,10 @@ func UserCreateEndpoint(c echo.Context) error {
if err := userRepository.Create(&item); err != nil {
return err
}
err = storageService.CreateStorageByUser(&item)
if err != nil {
return err
}
if item.Mail != "" {
go mailService.SendMail(item.Mail, "[Next Terminal] 注册通知", "你好,"+item.Nickname+"。管理员为你注册了账号:"+item.Username+" 密码:"+password)
@ -89,16 +94,22 @@ func UserDeleteEndpoint(c echo.Context) error {
if account.ID == userId {
return Fail(c, -1, "不允许删除自身账户")
}
user, err := userRepository.FindById(userId)
if err != nil {
return err
}
// 将用户强制下线
loginLogs, err := loginLogRepository.FindAliveLoginLogsByUserId(userId)
loginLogs, err := loginLogRepository.FindAliveLoginLogsByUsername(user.Username)
if err != nil {
return err
}
for j := range loginLogs {
global.Cache.Delete(loginLogs[j].ID)
if err := userService.Logout(loginLogs[j].ID); err != nil {
log.WithError(err).WithField("id:", loginLogs[j].ID).Error("Cache Deleted Error")
token := loginLogs[j].ID
cacheKey := userService.BuildCacheKeyByToken(token)
cache.GlobalCache.Delete(cacheKey)
if err := userService.Logout(token); err != nil {
log.WithError(err).WithField("id:", token).Error("Cache Deleted Error")
return Fail(c, 500, "强制下线错误")
}
}
@ -107,6 +118,10 @@ func UserDeleteEndpoint(c echo.Context) error {
if err := userRepository.DeleteById(userId); err != nil {
return err
}
// 删除用户的默认磁盘空间
if err := storageService.DeleteStorageById(userId, true); err != nil {
return err
}
}
return Success(c, nil)
@ -125,7 +140,10 @@ func UserGetEndpoint(c echo.Context) error {
func UserChangePasswordEndpoint(c echo.Context) error {
id := c.Param("id")
password := c.QueryParam("password")
password := c.FormValue("password")
if password == "" {
return Fail(c, -1, "请输入密码")
}
user, err := userRepository.FindById(id)
if err != nil {
@ -172,9 +190,11 @@ func ReloadToken() error {
for i := range loginLogs {
loginLog := loginLogs[i]
token := loginLog.ID
user, err := userRepository.FindById(loginLog.UserId)
user, err := userRepository.FindByUsername(loginLog.Username)
if err != nil {
log.Debugf("用户「%v」获取失败忽略", loginLog.UserId)
if errors.Is(gorm.ErrRecordNotFound, err) {
_ = loginLogRepository.DeleteById(token)
}
continue
}
@ -184,13 +204,13 @@ func ReloadToken() error {
User: user,
}
cacheKey := BuildCacheKeyByToken(token)
cacheKey := userService.BuildCacheKeyByToken(token)
if authorization.Remember {
// 记住登录有效期两周
global.Cache.Set(cacheKey, authorization, RememberEffectiveTime)
cache.GlobalCache.Set(cacheKey, authorization, RememberEffectiveTime)
} else {
global.Cache.Set(cacheKey, authorization, NotRememberEffectiveTime)
cache.GlobalCache.Set(cacheKey, authorization, NotRememberEffectiveTime)
}
log.Debugf("重新加载用户「%v」授权Token「%v」到缓存", user.Nickname, token)
}