修复 「1.2.2 用户管理-用户列表勾选单一用户会全选 」 close #216

server/app/app.go

@@ -0,0 +1,118 @@
+package app
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"next-terminal/server/cli"
+	"next-terminal/server/config"
+	"next-terminal/server/constant"
+	"next-terminal/server/service"
+
+	"github.com/labstack/echo/v4"
+)
+
+var app *App
+
+type App struct {
+	Server *echo.Echo
+}
+
+func newApp() *App {
+	return &App{}
+}
+
+func init() {
+	setupCache()
+	app = newApp()
+	if err := app.InitDBData(); err != nil {
+		panic(err)
+	}
+	if err := app.ReloadData(); err != nil {
+		panic(err)
+	}
+	app.Server = setupRoutes()
+}
+
+func (app App) InitDBData() (err error) {
+	if err := service.PropertyService.DeleteDeprecatedProperty(); err != nil {
+		return err
+	}
+	if err := service.GatewayService.ReConnectAll(); err != nil {
+		return err
+	}
+	if err := service.PropertyService.InitProperties(); err != nil {
+		return err
+	}
+	if err := service.UserService.InitUser(); err != nil {
+		return err
+	}
+	if err := service.JobService.InitJob(); err != nil {
+		return err
+	}
+	if err := service.UserService.FixUserOnlineState(); err != nil {
+		return err
+	}
+	if err := service.SessionService.FixSessionState(); err != nil {
+		return err
+	}
+	if err := service.SessionService.EmptyPassword(); err != nil {
+		return err
+	}
+	if err := service.CredentialService.EncryptAll(); err != nil {
+		return err
+	}
+	if err := service.AssetService.EncryptAll(); err != nil {
+		return err
+	}
+	if err := service.StorageService.InitStorages(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (app App) ReloadData() error {
+	if err := service.SecurityService.ReloadAccessSecurity(); err != nil {
+		return err
+	}
+	if err := service.UserService.ReloadToken(); err != nil {
+		return err
+	}
+	if err := service.AccessTokenService.Reload(); err != nil {
+		return err
+	}
+	return nil
+}
+
+func Run() error {
+
+	fmt.Printf(constant.Banner, constant.Version)
+
+	if config.GlobalCfg.Debug {
+		jsonBytes, err := json.MarshalIndent(config.GlobalCfg, "", "    ")
+		if err != nil {
+			return err
+		}
+		fmt.Printf("当前配置为: %v\n", string(jsonBytes))
+	}
+
+	_cli := cli.NewCli()
+
+	if config.GlobalCfg.ResetPassword != "" {
+		return _cli.ResetPassword(config.GlobalCfg.ResetPassword)
+	}
+	if config.GlobalCfg.ResetTotp != "" {
+		return _cli.ResetTotp(config.GlobalCfg.ResetTotp)
+	}
+
+	if config.GlobalCfg.NewEncryptionKey != "" {
+		return _cli.ChangeEncryptionKey(config.GlobalCfg.EncryptionKey, config.GlobalCfg.NewEncryptionKey)
+	}
+
+	if config.GlobalCfg.Server.Cert != "" && config.GlobalCfg.Server.Key != "" {
+		return app.Server.StartTLS(config.GlobalCfg.Server.Addr, config.GlobalCfg.Server.Cert, config.GlobalCfg.Server.Key)
+	} else {
+		return app.Server.Start(config.GlobalCfg.Server.Addr)
+	}
+}

server/app/cache.go

@@ -0,0 +1,10 @@
+package app
+
+import (
+	"next-terminal/server/global/cache"
+	"next-terminal/server/service"
+)
+
+func setupCache() {
+	cache.TokenManager.OnEvicted(service.UserService.OnEvicted)
+}

server/app/middleware.go

@@ -0,0 +1,166 @@
+package app
+
+import (
+	"fmt"
+	"net"
+	"strings"
+
+	"next-terminal/server/api"
+	"next-terminal/server/constant"
+	"next-terminal/server/dto"
+	"next-terminal/server/global/cache"
+	"next-terminal/server/global/security"
+	"next-terminal/server/utils"
+
+	"github.com/labstack/echo/v4"
+)
+
+func ErrorHandler(next echo.HandlerFunc) echo.HandlerFunc {
+	return func(c echo.Context) error {
+
+		if err := next(c); err != nil {
+
+			if he, ok := err.(*echo.HTTPError); ok {
+				message := fmt.Sprintf("%v", he.Message)
+				return api.Fail(c, he.Code, message)
+			}
+
+			return api.Fail(c, 0, err.Error())
+		}
+		return nil
+	}
+}
+
+func TcpWall(next echo.HandlerFunc) echo.HandlerFunc {
+
+	return func(c echo.Context) error {
+		securities := security.GlobalSecurityManager.Values()
+		if len(securities) == 0 {
+			return next(c)
+		}
+
+		ip := c.RealIP()
+
+		for _, s := range securities {
+			if strings.Contains(s.IP, "/") {
+				// CIDR
+				_, ipNet, err := net.ParseCIDR(s.IP)
+				if err != nil {
+					continue
+				}
+				if !ipNet.Contains(net.ParseIP(ip)) {
+					continue
+				}
+			} else if strings.Contains(s.IP, "-") {
+				// 范围段
+				split := strings.Split(s.IP, "-")
+				if len(split) < 2 {
+					continue
+				}
+				start := split[0]
+				end := split[1]
+				intReqIP := utils.IpToInt(ip)
+				if intReqIP < utils.IpToInt(start) || intReqIP > utils.IpToInt(end) {
+					continue
+				}
+			} else {
+				// IP
+				if s.IP != ip {
+					continue
+				}
+			}
+
+			if s.Rule == constant.AccessRuleAllow {
+				return next(c)
+			}
+			if s.Rule == constant.AccessRuleReject {
+				if c.Request().Header.Get("X-Requested-With") != "" || c.Request().Header.Get(constant.Token) != "" {
+					return api.Fail(c, 0, "您的访问请求被拒绝 :(")
+				} else {
+					return c.HTML(666, "您的访问请求被拒绝 :(")
+				}
+			}
+		}
+
+		return next(c)
+	}
+}
+
+var anonymousUrls = []string{"/login", "/static", "/favicon.ico", "/logo.svg", "/asciinema"}
+
+func Auth(next echo.HandlerFunc) echo.HandlerFunc {
+
+	return func(c echo.Context) error {
+
+		uri := c.Request().RequestURI
+		if uri == "/" || strings.HasPrefix(uri, "/#") {
+			return next(c)
+		}
+		// 路由拦截 - 登录身份、资源权限判断等
+		for i := range anonymousUrls {
+			if strings.HasPrefix(uri, anonymousUrls[i]) {
+				return next(c)
+			}
+		}
+
+		token := api.GetToken(c)
+		if token == "" {
+			return api.Fail(c, 401, "您的登录信息已失效，请重新登录后再试。")
+		}
+
+		v, found := cache.TokenManager.Get(token)
+		if !found {
+			return api.Fail(c, 401, "您的登录信息已失效，请重新登录后再试。")
+		}
+
+		authorization := v.(dto.Authorization)
+
+		if strings.EqualFold(constant.LoginToken, authorization.Type) {
+			if authorization.Remember {
+				// 记住登录有效期两周
+				cache.TokenManager.Set(token, authorization, cache.RememberMeExpiration)
+			} else {
+				cache.TokenManager.Set(token, authorization, cache.NotRememberExpiration)
+			}
+		} else if strings.EqualFold(constant.ShareSession, authorization.Type) {
+			id := c.Param("id")
+			uri = strings.Split(uri, "?")[0]
+			allowUrls := []string{
+				"/share-sessions/" + id,
+				"/sessions",
+				"/sessions/" + id + "/tunnel",
+				"/sessions/" + id + "/connect",
+				"/sessions/" + id + "/resize",
+				"/sessions/" + id + "/stats",
+				"/sessions/" + id + "/ls",
+				"/sessions/" + id + "/download",
+				"/sessions/" + id + "/upload",
+				"/sessions/" + id + "/edit",
+				"/sessions/" + id + "/mkdir",
+				"/sessions/" + id + "/rm",
+				"/sessions/" + id + "/rename",
+			}
+			if !utils.Contains(allowUrls, uri) {
+				return api.Fail(c, 401, "您的登录信息已失效，请重新登录后再试。")
+			}
+		}
+
+		return next(c)
+	}
+}
+
+func Admin(next echo.HandlerFunc) echo.HandlerFunc {
+	return func(c echo.Context) error {
+
+		account, found := api.GetCurrentAccount(c)
+		if !found {
+			return api.Fail(c, 401, "您的登录信息已失效，请重新登录后再试。")
+		}
+
+		if account.Type != constant.TypeAdmin {
+			return api.Fail(c, 403, "permission denied")
+		}
+
+		return next(c)
+	}
+}

server/app/server.go

@@ -0,0 +1,254 @@
+package app
+
+import (
+	"net/http"
+
+	"next-terminal/server/api"
+
+	"github.com/labstack/echo/v4"
+	"github.com/labstack/echo/v4/middleware"
+)
+
+func setupRoutes() *echo.Echo {
+
+	e := echo.New()
+	e.HideBanner = true
+	//e.Logger = log.GetEchoLogger()
+	//e.Use(log.Hook())
+	e.File("/", "web/build/index.html")
+	e.File("/asciinema.html", "web/build/asciinema.html")
+	e.File("/", "web/build/index.html")
+	e.File("/favicon.ico", "web/build/favicon.ico")
+	e.File("/logo.png", "web/build/logo.png")
+	e.Static("/static", "web/build/static")
+
+	e.Use(middleware.Recover())
+	e.Use(middleware.CORSWithConfig(middleware.CORSConfig{
+		Skipper:      middleware.DefaultSkipper,
+		AllowOrigins: []string{"*"},
+		AllowMethods: []string{http.MethodGet, http.MethodHead, http.MethodPut, http.MethodPatch, http.MethodPost, http.MethodDelete},
+	}))
+	e.Use(ErrorHandler)
+	e.Use(TcpWall)
+	e.Use(Auth)
+
+	accountApi := new(api.AccountApi)
+	guacamoleApi := new(api.GuacamoleApi)
+	webTerminalApi := new(api.WebTerminalApi)
+	UserApi := new(api.UserApi)
+	UserGroupApi := new(api.UserGroupApi)
+	AssetApi := new(api.AssetApi)
+	CommandApi := new(api.CommandApi)
+	CredentialApi := new(api.CredentialApi)
+	SessionApi := new(api.SessionApi)
+	ResourceSharerApi := new(api.ResourceSharerApi)
+	LoginLogApi := new(api.LoginLogApi)
+	PropertyApi := new(api.PropertyApi)
+	OverviewApi := new(api.OverviewApi)
+	JobApi := new(api.JobApi)
+	SecurityApi := new(api.SecurityApi)
+	StorageApi := new(api.StorageApi)
+	StrategyApi := new(api.StrategyApi)
+	AccessGatewayApi := new(api.AccessGatewayApi)
+	BackupApi := new(api.BackupApi)
+
+	e.POST("/login", accountApi.LoginEndpoint)
+	e.POST("/loginWithTotp", accountApi.LoginWithTotpEndpoint)
+
+	e.GET("/ssh", webTerminalApi.SshEndpoint)
+	e.GET("/ssh-monitor", webTerminalApi.SshMonitorEndpoint)
+
+	account := e.Group("/account")
+	{
+		account.GET("/info", accountApi.InfoEndpoint)
+		account.GET("/assets", accountApi.AccountAssetEndpoint)
+		account.GET("/storage", accountApi.AccountStorageEndpoint)
+		account.POST("/logout", accountApi.LogoutEndpoint)
+		account.POST("/change-password", accountApi.ChangePasswordEndpoint)
+		account.GET("/reload-totp", accountApi.ReloadTOTPEndpoint)
+		account.POST("/reset-totp", accountApi.ResetTOTPEndpoint)
+		account.POST("/confirm-totp", accountApi.ConfirmTOTPEndpoint)
+		account.GET("/access-token", accountApi.AccessTokenGetEndpoint)
+		account.POST("/access-token", accountApi.AccessTokenGenEndpoint)
+	}
+
+	users := e.Group("/users", Admin)
+	{
+		users.POST("", UserApi.UserCreateEndpoint)
+		users.GET("/paging", UserApi.UserPagingEndpoint)
+		users.PUT("/:id", UserApi.UserUpdateEndpoint)
+		users.PATCH("/:id/status", UserApi.UserUpdateStatusEndpoint)
+		users.DELETE("/:id", UserApi.UserDeleteEndpoint)
+		users.GET("/:id", UserApi.UserGetEndpoint)
+		users.POST("/:id/change-password", UserApi.UserChangePasswordEndpoint)
+		users.POST("/:id/reset-totp", UserApi.UserResetTotpEndpoint)
+	}
+
+	userGroups := e.Group("/user-groups", Admin)
+	{
+		userGroups.POST("", UserGroupApi.UserGroupCreateEndpoint)
+		userGroups.GET("/paging", UserGroupApi.UserGroupPagingEndpoint)
+		userGroups.PUT("/:id", UserGroupApi.UserGroupUpdateEndpoint)
+		userGroups.DELETE("/:id", UserGroupApi.UserGroupDeleteEndpoint)
+		userGroups.GET("/:id", UserGroupApi.UserGroupGetEndpoint)
+	}
+
+	assets := e.Group("/assets", Admin)
+	{
+		assets.GET("", AssetApi.AssetAllEndpoint)
+		assets.POST("", AssetApi.AssetCreateEndpoint)
+		assets.POST("/import", AssetApi.AssetImportEndpoint)
+		assets.GET("/paging", AssetApi.AssetPagingEndpoint)
+		assets.POST("/:id/tcping", AssetApi.AssetTcpingEndpoint)
+		assets.PUT("/:id", AssetApi.AssetUpdateEndpoint)
+		assets.GET("/:id", AssetApi.AssetGetEndpoint)
+		assets.DELETE("/:id", AssetApi.AssetDeleteEndpoint)
+		assets.POST("/:id/change-owner", AssetApi.AssetChangeOwnerEndpoint)
+	}
+
+	e.GET("/tags", AssetApi.AssetTagsEndpoint)
+
+	commands := e.Group("/commands")
+	{
+		commands.GET("", CommandApi.CommandAllEndpoint)
+		commands.GET("/paging", CommandApi.CommandPagingEndpoint)
+		commands.POST("", CommandApi.CommandCreateEndpoint)
+		commands.PUT("/:id", CommandApi.CommandUpdateEndpoint)
+		commands.DELETE("/:id", CommandApi.CommandDeleteEndpoint)
+		commands.GET("/:id", CommandApi.CommandGetEndpoint)
+		commands.POST("/:id/change-owner", CommandApi.CommandChangeOwnerEndpoint, Admin)
+	}
+
+	credentials := e.Group("/credentials", Admin)
+	{
+		credentials.GET("", CredentialApi.CredentialAllEndpoint)
+		credentials.GET("/paging", CredentialApi.CredentialPagingEndpoint)
+		credentials.POST("", CredentialApi.CredentialCreateEndpoint)
+		credentials.PUT("/:id", CredentialApi.CredentialUpdateEndpoint)
+		credentials.DELETE("/:id", CredentialApi.CredentialDeleteEndpoint)
+		credentials.GET("/:id", CredentialApi.CredentialGetEndpoint)
+		credentials.POST("/:id/change-owner", CredentialApi.CredentialChangeOwnerEndpoint)
+	}
+
+	sessions := e.Group("/sessions")
+	{
+		sessions.GET("/paging", Admin(SessionApi.SessionPagingEndpoint))
+		sessions.POST("/:id/disconnect", Admin(SessionApi.SessionDisconnectEndpoint))
+		sessions.DELETE("/:id", Admin(SessionApi.SessionDeleteEndpoint))
+		sessions.GET("/:id/recording", Admin(SessionApi.SessionRecordingEndpoint))
+		sessions.GET("/:id", Admin(SessionApi.SessionGetEndpoint))
+		sessions.POST("/:id/reviewed", Admin(SessionApi.SessionReviewedEndpoint))
+		sessions.POST("/:id/unreviewed", Admin(SessionApi.SessionUnViewedEndpoint))
+		sessions.POST("/clear", Admin(SessionApi.SessionClearEndpoint))
+		sessions.POST("/reviewed", Admin(SessionApi.SessionReviewedAllEndpoint))
+
+		sessions.POST("", SessionApi.SessionCreateEndpoint)
+		sessions.POST("/:id/connect", SessionApi.SessionConnectEndpoint)
+		sessions.GET("/:id/tunnel", guacamoleApi.Guacamole)
+		sessions.POST("/:id/resize", SessionApi.SessionResizeEndpoint)
+		sessions.GET("/:id/stats", SessionApi.SessionStatsEndpoint)
+
+		sessions.POST("/:id/ls", SessionApi.SessionLsEndpoint)
+		sessions.GET("/:id/download", SessionApi.SessionDownloadEndpoint)
+		sessions.POST("/:id/upload", SessionApi.SessionUploadEndpoint)
+		sessions.POST("/:id/edit", SessionApi.SessionEditEndpoint)
+		sessions.POST("/:id/mkdir", SessionApi.SessionMkDirEndpoint)
+		sessions.POST("/:id/rm", SessionApi.SessionRmEndpoint)
+		sessions.POST("/:id/rename", SessionApi.SessionRenameEndpoint)
+	}
+
+	resourceSharers := e.Group("/resource-sharers", Admin)
+	{
+		resourceSharers.GET("", ResourceSharerApi.RSGetSharersEndPoint)
+		resourceSharers.POST("/remove-resources", ResourceSharerApi.ResourceRemoveByUserIdAssignEndPoint)
+		resourceSharers.POST("/add-resources", ResourceSharerApi.ResourceAddByUserIdAssignEndPoint)
+	}
+
+	loginLogs := e.Group("login-logs", Admin)
+	{
+		loginLogs.GET("/paging", LoginLogApi.LoginLogPagingEndpoint)
+		loginLogs.DELETE("/:id", LoginLogApi.LoginLogDeleteEndpoint)
+		loginLogs.POST("/clear", LoginLogApi.LoginLogClearEndpoint)
+	}
+
+	properties := e.Group("properties", Admin)
+	{
+		properties.GET("", PropertyApi.PropertyGetEndpoint)
+		properties.PUT("", PropertyApi.PropertyUpdateEndpoint)
+	}
+
+	overview := e.Group("overview", Admin)
+	{
+		overview.GET("/counter", OverviewApi.OverviewCounterEndPoint)
+		overview.GET("/asset", OverviewApi.OverviewAssetEndPoint)
+		overview.GET("/access", OverviewApi.OverviewAccessEndPoint)
+	}
+
+	jobs := e.Group("/jobs", Admin)
+	{
+		jobs.POST("", JobApi.JobCreateEndpoint)
+		jobs.GET("/paging", JobApi.JobPagingEndpoint)
+		jobs.PUT("/:id", JobApi.JobUpdateEndpoint)
+		jobs.POST("/:id/change-status", JobApi.JobChangeStatusEndpoint)
+		jobs.POST("/:id/exec", JobApi.JobExecEndpoint)
+		jobs.DELETE("/:id", JobApi.JobDeleteEndpoint)
+		jobs.GET("/:id", JobApi.JobGetEndpoint)
+		jobs.GET("/:id/logs", JobApi.JobGetLogsEndpoint)
+		jobs.DELETE("/:id/logs", JobApi.JobDeleteLogsEndpoint)
+	}
+
+	securities := e.Group("/securities", Admin)
+	{
+		securities.POST("", SecurityApi.SecurityCreateEndpoint)
+		securities.GET("/paging", SecurityApi.SecurityPagingEndpoint)
+		securities.PUT("/:id", SecurityApi.SecurityUpdateEndpoint)
+		securities.DELETE("/:id", SecurityApi.SecurityDeleteEndpoint)
+		securities.GET("/:id", SecurityApi.SecurityGetEndpoint)
+	}
+
+	storages := e.Group("/storages")
+	{
+		storages.GET("/paging", StorageApi.StoragePagingEndpoint, Admin)
+		storages.POST("", StorageApi.StorageCreateEndpoint, Admin)
+		storages.DELETE("/:id", StorageApi.StorageDeleteEndpoint, Admin)
+		storages.PUT("/:id", StorageApi.StorageUpdateEndpoint, Admin)
+		storages.GET("/shares", StorageApi.StorageSharesEndpoint, Admin)
+		storages.GET("/:id", StorageApi.StorageGetEndpoint, Admin)
+
+		storages.POST("/:storageId/ls", StorageApi.StorageLsEndpoint)
+		storages.GET("/:storageId/download", StorageApi.StorageDownloadEndpoint)
+		storages.POST("/:storageId/upload", StorageApi.StorageUploadEndpoint)
+		storages.POST("/:storageId/mkdir", StorageApi.StorageMkDirEndpoint)
+		storages.POST("/:storageId/rm", StorageApi.StorageRmEndpoint)
+		storages.POST("/:storageId/rename", StorageApi.StorageRenameEndpoint)
+		storages.POST("/:storageId/edit", StorageApi.StorageEditEndpoint)
+	}
+
+	strategies := e.Group("/strategies", Admin)
+	{
+		strategies.GET("", StrategyApi.StrategyAllEndpoint)
+		strategies.GET("/paging", StrategyApi.StrategyPagingEndpoint)
+		strategies.POST("", StrategyApi.StrategyCreateEndpoint)
+		strategies.DELETE("/:id", StrategyApi.StrategyDeleteEndpoint)
+		strategies.PUT("/:id", StrategyApi.StrategyUpdateEndpoint)
+	}
+
+	accessGateways := e.Group("/access-gateways", Admin)
+	{
+		accessGateways.GET("", AccessGatewayApi.AccessGatewayAllEndpoint)
+		accessGateways.POST("", AccessGatewayApi.AccessGatewayCreateEndpoint)
+		accessGateways.GET("/paging", AccessGatewayApi.AccessGatewayPagingEndpoint)
+		accessGateways.PUT("/:id", AccessGatewayApi.AccessGatewayUpdateEndpoint)
+		accessGateways.DELETE("/:id", AccessGatewayApi.AccessGatewayDeleteEndpoint)
+		accessGateways.GET("/:id", AccessGatewayApi.AccessGatewayGetEndpoint)
+		accessGateways.POST("/:id/reconnect", AccessGatewayApi.AccessGatewayReconnectEndpoint)
+	}
+
+	backup := e.Group("/backup", Admin)
+	{
+		backup.GET("/export", BackupApi.BackupExportEndpoint)
+		backup.POST("/import", BackupApi.BackupImportEndpoint)
+	}
+
+	return e
+}