zishuo/oneterm
1
0
Fork 0
mirror of https://github.com/veops/oneterm.git synced 2025-10-31 10:56:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

refactor

Browse Source
This commit is contained in:
ttk
2024-08-20 17:46:22 +08:00
parent deef8162b1
commit 6c9a8cc4be
92 changed files with 539 additions and 5350 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
backend/pkg/server/auth/acl/acl.go → backend/acl/acl.go
View File

0
backend/pkg/server/auth/acl/itsdangrous.go → backend/acl/itsdangrous.go
View File

4
backend/pkg/server/auth/acl/login.go → backend/acl/login.go
View File

@@ -8,8 +8,8 @@ import (
"encoding/json"
"fmt"
"github.com/veops/oneterm/pkg/conf"
"github.com/veops/oneterm/pkg/server/remote"
"github.com/veops/oneterm/conf"
"github.com/veops/oneterm/remote"
)
func LoginByPassword(ctx context.Context, username string, password string) (cookie string, err error) {

2
backend/pkg/server/auth/acl/perm.go → backend/acl/perm.go
View File

@@ -8,7 +8,7 @@ import (
"github.com/gin-gonic/gin"
"github.com/samber/lo"
"github.com/veops/oneterm/pkg/conf"
"github.com/veops/oneterm/conf"
)
func GetSessionFromCtx(ctx *gin.Context) (res *Session, err error) {

4
backend/pkg/server/auth/acl/resource.go → backend/acl/resource.go
View File

@@ -6,8 +6,8 @@ import (
"github.com/spf13/cast"
"github.com/veops/oneterm/pkg/conf"
"github.com/veops/oneterm/pkg/server/remote"
"github.com/veops/oneterm/conf"
"github.com/veops/oneterm/remote"
)
func AddResource(ctx context.Context, uid int, resourceTypeId string, name string) (res *Resource, err error) {

4
backend/pkg/server/auth/acl/role.go → backend/acl/role.go
View File

@@ -7,8 +7,8 @@ import (
"github.com/spf13/cast"
"golang.org/x/sync/errgroup"
"github.com/veops/oneterm/pkg/conf"
"github.com/veops/oneterm/pkg/server/remote"
"github.com/veops/oneterm/conf"
"github.com/veops/oneterm/remote"
)
func GetRoleResources(ctx context.Context, rid int, resourceTypeId string) (res []*Resource, err error) {

133
backend/api/api.go Normal file
View File

@@ -0,0 +1,133 @@
package api
import (
"context"
"net/http"
"github.com/gin-gonic/gin"
"go.uber.org/zap"
"github.com/veops/oneterm/api/controller"
"github.com/veops/oneterm/logger"
)
var (
ctx, cancel = context.WithCancel(context.Background())
srv = &http.Server{}
)
func RunApi() error {
c := controller.Controller{}
r := gin.New()
r.SetTrustedProxies([]string{"0.0.0.0/0", "::/0"})
r.MaxMultipartMemory = 128 << 20
r.Use(gin.Recovery(), ginLogger())
v1 := r.Group("/api/oneterm/v1", auth())
{
account := v1.Group("account")
{
account.POST("", c.CreateAccount)
account.DELETE("/:id", c.DeleteAccount)
account.PUT("/:id", c.UpdateAccount)
account.GET("", c.GetAccounts)
}
asset := v1.Group("asset")
{
asset.POST("", c.CreateAsset)
asset.DELETE("/:id", c.DeleteAsset)
asset.PUT("/:id", c.UpdateAsset)
asset.GET("", c.GetAssets)
}
node := v1.Group("node")
{
node.POST("", c.CreateNode)
node.DELETE("/:id", c.DeleteNode)
node.PUT("/:id", c.UpdateNode)
node.GET("", c.GetNodes)
}
publicKey := v1.Group("public_key")
{
publicKey.POST("", c.CreatePublicKey)
publicKey.DELETE("/:id", c.DeletePublicKey)
publicKey.PUT("/:id", c.UpdatePublicKey)
publicKey.GET("", c.GetPublicKeys)
}
gateway := v1.Group("gateway")
{
gateway.POST("", c.CreateGateway)
gateway.DELETE("/:id", c.DeleteGateway)
gateway.PUT("/:id", c.UpdateGateway)
gateway.GET("", c.GetGateways)
}
stat := v1.Group("stat")
{
stat.GET("assettype", c.StatAssetType)
stat.GET("count", c.StatCount)
stat.GET("count/ofuser", c.StatCountOfUser)
stat.GET("account", c.StatAccount)
stat.GET("asset", c.StatAsset)
stat.GET("rank/ofuser", c.StatRankOfUser)
}
command := v1.Group("command")
{
command.POST("", c.CreateCommand)
command.DELETE("/:id", c.DeleteCommand)
command.PUT("/:id", c.UpdateCommand)
command.GET("", c.GetCommands)
}
session := v1.Group("session")
{
session.GET("", c.GetSessions)
session.GET("/:session_id/cmd", c.GetSessionCmds)
session.GET("/option/asset", c.GetSessionOptionAsset)
session.GET("/option/clientip", c.GetSessionOptionClientIp)
session.GET("/replay/:session_id", c.GetSessionReplay)
session.POST("/replay/:session_id", c.CreateSessionReplay)
session.POST("", c.UpsertSession)
session.POST("/cmd", c.CreateSessionCmd)
}
connect := v1.Group("connect")
{
connect.POST("/:asset_id/:account_id/:protocol", c.Connect)
connect.GET("/:session_id", c.Connecting)
connect.GET("/monitor/:session_id", c.ConnectMonitor)
connect.POST("/close/:session_id", c.ConnectClose)
}
file := v1.Group("file")
{
file.GET("/history", c.GetFileHistory)
file.GET("/ls/:asset_id/:account_id", c.FileLS)
file.POST("/mkdir/:asset_id/:account_id", c.FileMkdir)
file.POST("/upload/:asset_id/:account_id", c.FileUpload)
file.GET("/download/:asset_id/:account_id", c.FileDownload)
}
history := v1.Group("history")
{
history.GET("", c.GetHistories)
history.GET("/type/mapping", c.GetHistoryTypeMapping)
}
}
srv.Addr = ":8888"
srv.Handler = r
err := srv.ListenAndServe()
if err != nil {
logger.L().Fatal("start http failed", zap.Error(err))
}
return err
}
func StopApi() {
defer cancel()
srv.Shutdown(ctx)
}

17
backend/pkg/server/controller/account.go → backend/api/controller/account.go
View File

@@ -11,11 +11,11 @@ import (
"golang.org/x/crypto/ssh"
"gorm.io/gorm"
"github.com/veops/oneterm/pkg/conf"
"github.com/veops/oneterm/pkg/server/auth/acl"
"github.com/veops/oneterm/pkg/server/model"
"github.com/veops/oneterm/pkg/server/storage/db/mysql"
"github.com/veops/oneterm/pkg/util"
"github.com/veops/oneterm/acl"
"github.com/veops/oneterm/conf"
mysql "github.com/veops/oneterm/db"
"github.com/veops/oneterm/model"
"github.com/veops/oneterm/util"
)
var (
@@ -61,13 +61,6 @@ var (
d.AssetCount = m[d.Id]
}
},
func(ctx *gin.Context, data []*model.Account) {
for _, d := range data {
d.Password = lo.Ternary(!cast.ToBool(ctx.Query("info")) || ctx.GetHeader("X-Token") == conf.Cfg.SshServer.Xtoken, util.DecryptAES(d.Password), "")
d.Pk = lo.Ternary(!cast.ToBool(ctx.Query("info")) || ctx.GetHeader("X-Token") == conf.Cfg.SshServer.Xtoken, util.DecryptAES(d.Pk), "")
d.Phrase = lo.Ternary(!cast.ToBool(ctx.Query("info")) || ctx.GetHeader("X-Token") == conf.Cfg.SshServer.Xtoken, util.DecryptAES(d.Phrase), "")
}
},
}
accountDcs = []deleteCheck{
func(ctx *gin.Context, id int) {

20
backend/pkg/server/controller/asset.go → backend/api/controller/asset.go
View File

@@ -10,12 +10,12 @@ import (
"github.com/spf13/cast"
"go.uber.org/zap"
"github.com/veops/oneterm/pkg/conf"
"github.com/veops/oneterm/pkg/logger"
"github.com/veops/oneterm/pkg/server/auth/acl"
"github.com/veops/oneterm/pkg/server/model"
"github.com/veops/oneterm/pkg/server/schedule/connectable"
"github.com/veops/oneterm/pkg/server/storage/db/mysql"
"github.com/veops/oneterm/acl"
"github.com/veops/oneterm/conf"
mysql "github.com/veops/oneterm/db"
"github.com/veops/oneterm/logger"
"github.com/veops/oneterm/model"
"github.com/veops/oneterm/schedule"
)
var (
@@ -31,7 +31,7 @@ var (
func (c *Controller) CreateAsset(ctx *gin.Context) {
asset := &model.Asset{}
doCreate(ctx, true, asset, conf.RESOURCE_ASSET)
connectable.CheckUpdate(asset.Id)
schedule.CheckUpdate(asset.Id)
}
// DeleteAsset godoc
@@ -53,7 +53,7 @@ func (c *Controller) DeleteAsset(ctx *gin.Context) {
// @Router /asset/:id [put]
func (c *Controller) UpdateAsset(ctx *gin.Context) {
doUpdate(ctx, true, &model.Asset{})
connectable.CheckUpdate(cast.ToInt(ctx.Param("id")))
schedule.CheckUpdate(cast.ToInt(ctx.Param("id")))
}
// GetAssets godoc
@@ -84,7 +84,7 @@ func (c *Controller) GetAssets(ctx *gin.Context) {
if q, ok := ctx.GetQuery("parent_id"); ok {
parentIds, err := handleParentId(cast.ToInt(q))
if err != nil {
logger.L.Error("parent id found failed", zap.Error(err))
logger.L().Error("parent id found failed", zap.Error(err))
return
}
db = db.Where("parent_id IN ?", parentIds)
@@ -163,7 +163,7 @@ func assetPostHookCount(ctx *gin.Context, data []*model.Asset) {
Model(nodes).
Find(&nodes).
Error; err != nil {
logger.L.Error("asset posthookfailed", zap.Error(err))
logger.L().Error("asset posthookfailed", zap.Error(err))
return
}
g := make(map[int][]model.Pair[int, string])

12
backend/pkg/server/controller/authorization.go → backend/api/controller/authorization.go
View File

@@ -14,11 +14,11 @@ import (
"golang.org/x/sync/errgroup"
"gorm.io/gorm"
"github.com/veops/oneterm/pkg/conf"
"github.com/veops/oneterm/pkg/logger"
"github.com/veops/oneterm/pkg/server/auth/acl"
"github.com/veops/oneterm/pkg/server/model"
"github.com/veops/oneterm/pkg/server/storage/db/mysql"
"github.com/veops/oneterm/acl"
"github.com/veops/oneterm/conf"
mysql "github.com/veops/oneterm/db"
"github.com/veops/oneterm/logger"
"github.com/veops/oneterm/model"
)
func HandleAuthorization(currentUser *acl.Session, tx *gorm.DB, action int, old, new *model.Asset) (err error) {
@@ -158,7 +158,7 @@ func HasAuthorization(ctx *gin.Context) (ok bool) {
currentUser, _ := acl.GetSessionFromCtx(ctx)
rs, err := acl.GetRoleResources(ctx, currentUser.Acl.Rid, conf.RESOURCE_AUTHORIZATION)
if err != nil {
logger.L.Error("check authorization failed", zap.Error(err))
logger.L().Error("check authorization failed", zap.Error(err))
return
}
k := fmt.Sprintf("%d-%d", ctx.Param("asset_id"), ctx.Param("account_id"))

8
backend/pkg/server/controller/command.go → backend/api/controller/command.go
View File

@@ -11,10 +11,10 @@ import (
"github.com/spf13/cast"
"gorm.io/gorm"
"github.com/veops/oneterm/pkg/conf"
"github.com/veops/oneterm/pkg/server/auth/acl"
"github.com/veops/oneterm/pkg/server/model"
"github.com/veops/oneterm/pkg/server/storage/db/mysql"
"github.com/veops/oneterm/acl"
"github.com/veops/oneterm/conf"
mysql "github.com/veops/oneterm/db"
"github.com/veops/oneterm/model"
)
var (

6
backend/pkg/server/controller/config.go → backend/api/controller/config.go
View File

@@ -8,9 +8,9 @@ import (
"github.com/spf13/cast"
"gorm.io/gorm"
"github.com/veops/oneterm/pkg/server/auth/acl"
"github.com/veops/oneterm/pkg/server/model"
"github.com/veops/oneterm/pkg/server/storage/db/mysql"
"github.com/veops/oneterm/acl"
mysql "github.com/veops/oneterm/db"
"github.com/veops/oneterm/model"
)
// PostConfig godoc

94
backend/pkg/server/controller/connect.go → backend/api/controller/connect.go
View File

@@ -24,15 +24,15 @@ import (
"golang.org/x/sync/errgroup"
"gorm.io/gorm"
"github.com/veops/oneterm/pkg/conf"
myi18n "github.com/veops/oneterm/pkg/i18n"
"github.com/veops/oneterm/pkg/logger"
"github.com/veops/oneterm/pkg/server/auth/acl"
gsession "github.com/veops/oneterm/pkg/server/global/session"
"github.com/veops/oneterm/pkg/server/guacd"
"github.com/veops/oneterm/pkg/server/model"
"github.com/veops/oneterm/pkg/server/storage/db/mysql"
"github.com/veops/oneterm/pkg/util"
"github.com/veops/oneterm/acl"
"github.com/veops/oneterm/api/guacd"
"github.com/veops/oneterm/conf"
mysql "github.com/veops/oneterm/db"
myi18n "github.com/veops/oneterm/i18n"
"github.com/veops/oneterm/logger"
"github.com/veops/oneterm/model"
gsession "github.com/veops/oneterm/session"
"github.com/veops/oneterm/util"
)
var (
@@ -100,10 +100,10 @@ func handleSsh(ctx *gin.Context, ws *websocket.Conn, session *gsession.Session)
ws.WriteMessage(websocket.TextMessage, out)
writeToMonitors(session.Monitors, out)
err := fmt.Errorf("colse by admin %s", closeBy)
logger.L.Warn(err.Error())
logger.L().Warn(err.Error())
return err
case err := <-chs.ErrChan:
logger.L.Error("server disconnected", zap.Error(err))
logger.L().Error("server disconnected", zap.Error(err))
return err
case in := <-chs.InChan:
rt := in[0]
@@ -149,7 +149,7 @@ func handleGuacd(ctx *gin.Context, ws *websocket.Conn, session *gsession.Session
case closeBy := <-chs.CloseChan:
return &ApiError{Code: ErrAdminClose, Data: map[string]any{"admin": closeBy}}
case err := <-chs.ErrChan:
logger.L.Error("disconnected", zap.Error(err))
logger.L().Error("disconnected", zap.Error(err))
return err
case <-tk.C:
if mysql.DB.Model(asset).Where("id = ?", session.AssetId).First(asset).Error != nil {
@@ -217,17 +217,17 @@ func (c *Controller) Connect(ctx *gin.Context) {
}
go connectGuacd(ctx, asset, protocol, chs)
default:
logger.L.Error("wrong protocol " + protocol)
logger.L().Error("wrong protocol " + protocol)
}
if err := <-chs.ErrChan; err != nil {
logger.L.Error("failed to connect", zap.Error(err))
logger.L().Error("failed to connect", zap.Error(err))
ctx.AbortWithError(http.StatusInternalServerError, &ApiError{Code: ErrConnectServer, Data: map[string]any{"err": err}})
return
}
resp = <-chs.RespChan
if resp.Code != 0 {
logger.L.Error("failed to connect", zap.Any("resp", *resp))
logger.L().Error("failed to connect", zap.Any("resp", *resp))
ctx.AbortWithError(http.StatusInternalServerError, &ApiError{Code: ErrConnectServer, Data: map[string]any{"err": resp.Message}})
return
}
@@ -260,7 +260,7 @@ func readWsMsg(ctx context.Context, ws *websocket.Conn, session *gsession.Sessio
return err
}
if len(msg) <= 0 {
logger.L.Warn("websocket msg length is zero")
logger.L().Warn("websocket msg length is zero")
continue
}
switch t {
@@ -322,14 +322,14 @@ func connectSsh(ctx *gin.Context, req *gsession.SshReq, chs *gsession.SessionCha
}
conn, err := ssh.Dial("tcp", fmt.Sprintf("%s:%d", conf.Cfg.SshServer.Ip, conf.Cfg.SshServer.Port), cfg)
if err != nil {
logger.L.Error("ssh tcp dail failed", zap.Error(err))
logger.L().Error("ssh tcp dail failed", zap.Error(err))
return
}
defer conn.Close()
sess, err := conn.NewSession()
if err != nil {
logger.L.Error("ssh session create failed", zap.Error(err))
logger.L().Error("ssh session create failed", zap.Error(err))
return
}
defer sess.Close()
@@ -345,21 +345,21 @@ func connectSsh(ctx *gin.Context, req *gsession.SshReq, chs *gsession.SessionCha
ssh.TTY_OP_OSPEED: 14400,
}
if err = sess.RequestPty("xterm", h, w, modes); err != nil {
logger.L.Error("ssh request pty failed", zap.Error(err))
logger.L().Error("ssh request pty failed", zap.Error(err))
return
}
if err = sess.Shell(); err != nil {
logger.L.Error("ssh start shell failed", zap.Error(err))
logger.L().Error("ssh start shell failed", zap.Error(err))
return
}
bs, err := json.Marshal(req)
if err != nil {
logger.L.Error("ssh req marshal failed", zap.Error(err))
logger.L().Error("ssh req marshal failed", zap.Error(err))
return
}
if _, err = chs.Win.Write(append(bs, '\r')); err != nil {
logger.L.Error("ssh req", zap.Error(err), zap.String("req content", string(bs)))
logger.L().Error("ssh req", zap.Error(err), zap.String("req content", string(bs)))
return
}
@@ -367,12 +367,12 @@ func connectSsh(ctx *gin.Context, req *gsession.SshReq, chs *gsession.SessionCha
line, err := buf.ReadBytes('\r')
if err != nil {
logger.L.Error("ssh read bytes failed", zap.Error(err))
logger.L().Error("ssh read bytes failed", zap.Error(err))
return
}
resp := &gsession.ServerResp{}
if err = json.Unmarshal([]byte(line)[0:len(line)-1], resp); err != nil {
logger.L.Error("ssh resp", zap.Error(err), zap.String("resp content", string(line)))
logger.L().Error("ssh resp", zap.Error(err), zap.String("resp content", string(line)))
return
}
@@ -395,7 +395,7 @@ func connectSsh(ctx *gin.Context, req *gsession.SshReq, chs *gsession.SessionCha
return nil
}
if err != nil {
logger.L.Debug("buf ReadRune failed", zap.Error(err))
logger.L().Debug("buf ReadRune failed", zap.Error(err))
return err
}
if size <= 0 || rn == utf8.RuneError {
@@ -416,7 +416,7 @@ func connectSsh(ctx *gin.Context, req *gsession.SshReq, chs *gsession.SessionCha
case err = <-waitCh:
return err
case <-chs.AwayChan:
logger.L.Debug("doSsh away")
logger.L().Debug("doSsh away")
return fmt.Errorf("away")
case s := <-chs.WindowChan:
wh := strings.Split(s, ",")
@@ -429,13 +429,13 @@ func connectSsh(ctx *gin.Context, req *gsession.SshReq, chs *gsession.SessionCha
continue
}
if err := sess.WindowChange(h, w); err != nil {
logger.L.Warn("reset window size failed", zap.Error(err))
logger.L().Warn("reset window size failed", zap.Error(err))
}
}
}
})
if err = g.Wait(); err != nil {
logger.L.Warn("doSsh stopped", zap.Error(err))
logger.L().Warn("doSsh stopped", zap.Error(err))
}
return
@@ -452,12 +452,12 @@ func connectGuacd(ctx *gin.Context, asset *model.Asset, protocol string, chs *gs
account, gateway := &model.Account{}, &model.Gateway{}
if err = mysql.DB.Model(&account).Where("id = ?", ctx.Param("account_id")).First(account).Error; err != nil {
logger.L.Error("find account failed", zap.Error(err))
logger.L().Error("find account failed", zap.Error(err))
return
}
if asset.GatewayId != 0 {
if err = mysql.DB.Model(&gateway).Where("id = ?", asset.GatewayId).First(gateway).Error; err != nil {
logger.L.Error("find gateway failed", zap.Error(err))
logger.L().Error("find gateway failed", zap.Error(err))
return
}
gateway.Password = util.DecryptAES(gateway.Password)
@@ -467,7 +467,7 @@ func connectGuacd(ctx *gin.Context, asset *model.Asset, protocol string, chs *gs
t, err := guacd.NewTunnel("", w, h, dpi, protocol, asset, account, gateway)
if err != nil {
logger.L.Error("guacd tunnel failed", zap.Error(err))
logger.L().Error("guacd tunnel failed", zap.Error(err))
return
}
@@ -513,7 +513,7 @@ func connectGuacd(ctx *gin.Context, asset *model.Asset, protocol string, chs *gs
return nil
}
if err != nil {
logger.L.Debug("read instruction failed", zap.Error(err))
logger.L().Debug("read instruction failed", zap.Error(err))
return err
}
if len(p) <= 0 {
@@ -530,7 +530,7 @@ func connectGuacd(ctx *gin.Context, asset *model.Asset, protocol string, chs *gs
session.Status = model.SESSIONSTATUS_OFFLINE
session.ClosedAt = lo.ToPtr(time.Now())
if err = gsession.HandleUpsertSession(ctx, session); err != nil {
logger.L.Error("offline guacd session failed", zap.Error(err))
logger.L().Error("offline guacd session failed", zap.Error(err))
return
}
}()
@@ -546,7 +546,7 @@ func connectGuacd(ctx *gin.Context, asset *model.Asset, protocol string, chs *gs
}
})
if err = g.Wait(); err != nil {
logger.L.Warn("doGuacd stopped", zap.Error(err))
logger.L().Warn("doGuacd stopped", zap.Error(err))
}
}
@@ -655,7 +655,7 @@ func (c *Controller) ConnectMonitor(ctx *gin.Context) {
default:
_, p, err := ws.ReadMessage()
if err != nil {
logger.L.Warn("end monitor", zap.Error(err))
logger.L().Warn("end monitor", zap.Error(err))
return err
}
if !session.IsSsh() {
@@ -671,7 +671,7 @@ func (c *Controller) ConnectMonitor(ctx *gin.Context) {
func monitSsh(ctx *gin.Context, session *gsession.Session, chs *gsession.SessionChans) (err error) {
req := newSshReq(ctx, model.SESSIONACTION_MONITOR)
req.SessionId = session.SessionId
logger.L.Debug("connect to monitor client", zap.String("sessionId", session.SessionId))
logger.L().Debug("connect to monitor client", zap.String("sessionId", session.SessionId))
go connectSsh(ctx, req, chs)
if err = <-chs.ErrChan; err != nil {
err = &ApiError{Code: ErrConnectServer, Data: map[string]any{"err": err}}
@@ -691,10 +691,10 @@ func monitSsh(ctx *gin.Context, session *gsession.Session, chs *gsession.Session
return nil
case closeBy := <-chs.CloseChan:
writeToMonitors(session.Monitors, []byte("\r\n \033[31m closed by admin"))
logger.L.Warn("close by admin", zap.String("username", closeBy))
logger.L().Warn("close by admin", zap.String("username", closeBy))
return nil
case err := <-chs.ErrChan:
logger.L.Error("ssh connection failed", zap.Error(err))
logger.L().Error("ssh connection failed", zap.Error(err))
return err
case out := <-chs.OutChan:
chs.Buf.Write(out)
@@ -705,7 +705,7 @@ func monitSsh(ctx *gin.Context, session *gsession.Session, chs *gsession.Session
})
if err = g.Wait(); err != nil {
logger.L.Warn("monit ssh stopped", zap.Error(err))
logger.L().Warn("monit ssh stopped", zap.Error(err))
}
return
@@ -720,7 +720,7 @@ func monitGuacd(ctx *gin.Context, connectionId string, chs *gsession.SessionChan
t, err := guacd.NewTunnel(connectionId, w, h, dpi, ":", nil, nil, nil)
if err != nil {
logger.L.Error("guacd tunnel failed", zap.Error(err))
logger.L().Error("guacd tunnel failed", zap.Error(err))
return
}
@@ -733,7 +733,7 @@ func monitGuacd(ctx *gin.Context, connectionId string, chs *gsession.SessionChan
default:
p, err := t.Read()
if err != nil {
logger.L.Debug("read instruction failed", zap.Error(err))
logger.L().Debug("read instruction failed", zap.Error(err))
return err
}
if len(p) <= 0 {
@@ -749,10 +749,10 @@ func monitGuacd(ctx *gin.Context, connectionId string, chs *gsession.SessionChan
case closeBy := <-chs.CloseChan:
err := fmt.Errorf("colse by admin %s", closeBy)
ws.WriteMessage(websocket.TextMessage, guacd.NewInstruction("disconnect", err.Error()).Bytes())
logger.L.Warn(err.Error())
logger.L().Warn(err.Error())
return err
case err := <-chs.ErrChan:
logger.L.Error("disconnected", zap.Error(err))
logger.L().Error("disconnected", zap.Error(err))
return err
case out := <-chs.OutChan:
ws.WriteMessage(websocket.TextMessage, out)
@@ -762,7 +762,7 @@ func monitGuacd(ctx *gin.Context, connectionId string, chs *gsession.SessionChan
}
})
if err = g.Wait(); err != nil {
logger.L.Warn("monit guacd stopped", zap.Error(err))
logger.L().Warn("monit guacd stopped", zap.Error(err))
}
return
@@ -796,7 +796,7 @@ func (c *Controller) ConnectClose(ctx *gin.Context) {
return
}
logger.L.Info("closing...", zap.String("sessionId", session.SessionId), zap.Int("type", session.SessionType))
logger.L().Info("closing...", zap.String("sessionId", session.SessionId), zap.Int("type", session.SessionType))
defer offlineSession(ctx, session.SessionId, currentUser.GetUserName())
if session.IsSsh() {
chs := makeChans()
@@ -822,7 +822,7 @@ func (c *Controller) ConnectClose(ctx *gin.Context) {
}
func offlineSession(ctx *gin.Context, sessionId string, closer string) {
logger.L.Debug("offline", zap.String("session_id", sessionId), zap.String("closer", closer))
logger.L().Debug("offline", zap.String("session_id", sessionId), zap.String("closer", closer))
defer gsession.GetOnlineSession().Delete(sessionId)
v, ok := gsession.GetOnlineSession().Load(sessionId)
if ok {
@@ -911,7 +911,7 @@ func handleError(ctx *gin.Context, session *gsession.Session, err error, ws *web
if err == nil {
return
}
logger.L.Debug("", zap.String("session_id", session.SessionId), zap.Error(err))
logger.L().Debug("", zap.String("session_id", session.SessionId), zap.Error(err))
ae, ok := err.(*ApiError)
if !ok {
return

8
backend/pkg/server/controller/controller.go → backend/api/controller/controller.go
View File

@@ -14,10 +14,10 @@ import (
"golang.org/x/sync/errgroup"
"gorm.io/gorm"
"github.com/veops/oneterm/pkg/server/auth/acl"
"github.com/veops/oneterm/pkg/server/model"
"github.com/veops/oneterm/pkg/server/remote"
"github.com/veops/oneterm/pkg/server/storage/db/mysql"
"github.com/veops/oneterm/acl"
mysql "github.com/veops/oneterm/db"
"github.com/veops/oneterm/model"
"github.com/veops/oneterm/remote"
)
var (

5
backend/pkg/server/controller/errors.go → backend/api/controller/errors.go
View File

@@ -7,8 +7,7 @@ import (
"github.com/gin-gonic/gin"
"github.com/nicksnyder/go-i18n/v2/i18n"
"github.com/veops/oneterm/pkg/conf"
myi18n "github.com/veops/oneterm/pkg/i18n"
myi18n "github.com/veops/oneterm/i18n"
)
const (
@@ -82,7 +81,7 @@ func (ae *ApiError) Message(localizer *i18n.Localizer) (msg string) {
func (ae *ApiError) MessageWithCtx(ctx *gin.Context) string {
lang := ctx.PostForm("lang")
accept := ctx.GetHeader("Accept-Language")
localizer := i18n.NewLocalizer(conf.Bundle, lang, accept)
localizer := i18n.NewLocalizer(myi18n.Bundle, lang, accept)
return ae.Message(localizer)
}

16
backend/pkg/server/controller/file.go → backend/api/controller/file.go
View File

@@ -13,11 +13,11 @@ import (
"github.com/spf13/cast"
"go.uber.org/zap"
"github.com/veops/oneterm/pkg/logger"
"github.com/veops/oneterm/pkg/server/auth/acl"
"github.com/veops/oneterm/pkg/server/global/file"
"github.com/veops/oneterm/pkg/server/model"
"github.com/veops/oneterm/pkg/server/storage/db/mysql"
"github.com/veops/oneterm/acl"
"github.com/veops/oneterm/api/file"
mysql "github.com/veops/oneterm/db"
"github.com/veops/oneterm/logger"
"github.com/veops/oneterm/model"
)
// GetFileHistory godoc
@@ -126,7 +126,7 @@ func (c *Controller) FileMkdir(ctx *gin.Context) {
Dir: ctx.Query("dir"),
}
if err = mysql.DB.Model(h).Create(h).Error; err != nil {
logger.L.Error("record mkdir failed", zap.Error(err), zap.Any("history", h))
logger.L().Error("record mkdir failed", zap.Error(err), zap.Any("history", h))
}
ctx.JSON(http.StatusOK, defaultHttpResponse)
}
@@ -184,7 +184,7 @@ func (c *Controller) FileUpload(ctx *gin.Context) {
Filename: fh.Filename,
}
if err = mysql.DB.Model(h).Create(h).Error; err != nil {
logger.L.Error("record upload failed", zap.Error(err), zap.Any("history", h))
logger.L().Error("record upload failed", zap.Error(err), zap.Any("history", h))
}
ctx.JSON(http.StatusOK, defaultHttpResponse)
@@ -238,6 +238,6 @@ func (c *Controller) FileDownload(ctx *gin.Context) {
}
if err = mysql.DB.Model(h).Create(h).Error; err != nil {
logger.L.Error("record download failed", zap.Error(err), zap.Any("history", h))
logger.L().Error("record download failed", zap.Error(err), zap.Any("history", h))
}
}

17
backend/pkg/server/controller/gateway.go → backend/api/controller/gateway.go
View File

@@ -11,11 +11,11 @@ import (
"golang.org/x/crypto/ssh"
"gorm.io/gorm"
"github.com/veops/oneterm/pkg/conf"
"github.com/veops/oneterm/pkg/server/auth/acl"
"github.com/veops/oneterm/pkg/server/model"
"github.com/veops/oneterm/pkg/server/storage/db/mysql"
"github.com/veops/oneterm/pkg/util"
"github.com/veops/oneterm/acl"
"github.com/veops/oneterm/conf"
mysql "github.com/veops/oneterm/db"
"github.com/veops/oneterm/model"
"github.com/veops/oneterm/util"
)
var (
@@ -60,13 +60,6 @@ var (
d.AssetCount = m[d.Id]
}
},
func(ctx *gin.Context, data []*model.Gateway) {
for _, d := range data {
d.Password = lo.Ternary(!cast.ToBool(ctx.Query("info")) || ctx.GetHeader("X-Token") == conf.Cfg.SshServer.Xtoken, util.DecryptAES(d.Password), "")
d.Pk = lo.Ternary(!cast.ToBool(ctx.Query("info")) || ctx.GetHeader("X-Token") == conf.Cfg.SshServer.Xtoken, util.DecryptAES(d.Pk), "")
d.Phrase = lo.Ternary(!cast.ToBool(ctx.Query("info")) || ctx.GetHeader("X-Token") == conf.Cfg.SshServer.Xtoken, util.DecryptAES(d.Phrase), "")
}
},
}
gatewayDcs = []deleteCheck{
func(ctx *gin.Context, id int) {

9
backend/pkg/server/controller/history.go → backend/api/controller/history.go
View File

@@ -6,10 +6,9 @@ import (
"github.com/gin-gonic/gin"
"github.com/nicksnyder/go-i18n/v2/i18n"
"github.com/veops/oneterm/pkg/conf"
myi18n "github.com/veops/oneterm/pkg/i18n"
"github.com/veops/oneterm/pkg/server/model"
"github.com/veops/oneterm/pkg/server/storage/db/mysql"
mysql "github.com/veops/oneterm/db"
myi18n "github.com/veops/oneterm/i18n"
"github.com/veops/oneterm/model"
)
// GetHistories godoc
@@ -46,7 +45,7 @@ func (c *Controller) GetHistories(ctx *gin.Context) {
func (c *Controller) GetHistoryTypeMapping(ctx *gin.Context) {
lang := ctx.PostForm("lang")
accept := ctx.GetHeader("Accept-Language")
localizer := i18n.NewLocalizer(conf.Bundle, lang, accept)
localizer := i18n.NewLocalizer(myi18n.Bundle, lang, accept)
cfg := &i18n.LocalizeConfig{}
key2msg := map[string]*i18n.Message{
"account": myi18n.MsgTypeMappingAccount,

14
backend/pkg/server/controller/node.go → backend/api/controller/node.go
View File

@@ -11,10 +11,10 @@ import (
"go.uber.org/zap"
"gorm.io/gorm"
"github.com/veops/oneterm/pkg/logger"
"github.com/veops/oneterm/pkg/server/auth/acl"
"github.com/veops/oneterm/pkg/server/model"
"github.com/veops/oneterm/pkg/server/storage/db/mysql"
"github.com/veops/oneterm/acl"
mysql "github.com/veops/oneterm/db"
"github.com/veops/oneterm/logger"
"github.com/veops/oneterm/model"
)
var (
@@ -142,12 +142,12 @@ func nodePostHookCountAsset(ctx *gin.Context, data []*model.Node) {
db = db.Where("id IN ?", ids)
}
if err := db.Find(&assets).Error; err != nil {
logger.L.Error("node posthookfailed asset count", zap.Error(err))
logger.L().Error("node posthookfailed asset count", zap.Error(err))
return
}
nodes := make([]*model.NodeIdPid, 0)
if err := mysql.DB.Model(&model.Node{}).Find(&nodes).Error; err != nil {
logger.L.Error("node posthookfailed node", zap.Error(err))
logger.L().Error("node posthookfailed node", zap.Error(err))
return
}
m := make(map[int]int64)
@@ -179,7 +179,7 @@ func nodePostHookHasChild(ctx *gin.Context, data []*model.Node) {
Where("parent_id IN ?", lo.Map(data, func(n *model.Node, _ int) int { return n.Id })).
Pluck("parent_id", &ps).
Error; err != nil {
logger.L.Error("node posthookfailed has child", zap.Error(err))
logger.L().Error("node posthookfailed has child", zap.Error(err))
return
}
pm := lo.SliceToMap(ps, func(pid int) (int, bool) { return pid, true })

8
backend/pkg/server/controller/publicKey.go → backend/api/controller/publicKey.go
View File

@@ -8,10 +8,10 @@ import (
"github.com/gin-gonic/gin"
"golang.org/x/crypto/ssh"
"github.com/veops/oneterm/pkg/server/auth/acl"
"github.com/veops/oneterm/pkg/server/model"
"github.com/veops/oneterm/pkg/server/storage/db/mysql"
"github.com/veops/oneterm/pkg/util"
"github.com/veops/oneterm/acl"
mysql "github.com/veops/oneterm/db"
"github.com/veops/oneterm/model"
"github.com/veops/oneterm/util"
)
var (

14
backend/pkg/server/controller/session.go → backend/api/controller/session.go
View File

@@ -12,11 +12,11 @@ import (
"github.com/samber/lo"
"go.uber.org/zap"
"github.com/veops/oneterm/pkg/logger"
"github.com/veops/oneterm/pkg/server/auth/acl"
gsession "github.com/veops/oneterm/pkg/server/global/session"
"github.com/veops/oneterm/pkg/server/model"
"github.com/veops/oneterm/pkg/server/storage/db/mysql"
"github.com/veops/oneterm/acl"
mysql "github.com/veops/oneterm/db"
"github.com/veops/oneterm/logger"
"github.com/veops/oneterm/model"
gsession "github.com/veops/oneterm/session"
)
var (
@@ -34,7 +34,7 @@ var (
Group("session_id").
Find(&post).
Error; err != nil {
logger.L.Error("gateway posthookfailed", zap.Error(err))
logger.L().Error("gateway posthookfailed", zap.Error(err))
return
}
m := lo.SliceToMap(post, func(p *model.CmdCount) (string, int64) { return p.SessionId, p.Count })
@@ -68,7 +68,7 @@ func (c *Controller) UpsertSession(ctx *gin.Context) {
return
}
if err := gsession.HandleUpsertSession(ctx, data); err != nil {
logger.L.Error("upsert session failed", zap.Error(err))
logger.L().Error("upsert session failed", zap.Error(err))
ctx.AbortWithError(http.StatusInternalServerError, &ApiError{Code: ErrInternal, Data: map[string]any{"err": err}})
}

8
backend/pkg/server/controller/stat.go → backend/api/controller/stat.go
View File

@@ -10,10 +10,10 @@ import (
"github.com/samber/lo"
"golang.org/x/sync/errgroup"
"github.com/veops/oneterm/pkg/server/auth/acl"
"github.com/veops/oneterm/pkg/server/model"
"github.com/veops/oneterm/pkg/server/storage/cache/redis"
"github.com/veops/oneterm/pkg/server/storage/db/mysql"
"github.com/veops/oneterm/acl"
redis "github.com/veops/oneterm/cache"
mysql "github.com/veops/oneterm/db"
"github.com/veops/oneterm/model"
)
// StatAssetType godoc

8
backend/pkg/server/global/file/file.go → backend/api/file/file.go
View File

@@ -11,10 +11,10 @@ import (
"github.com/spf13/cast"
"golang.org/x/crypto/ssh"
ggateway "github.com/veops/oneterm/pkg/server/global/gateway"
"github.com/veops/oneterm/pkg/server/model"
"github.com/veops/oneterm/pkg/server/storage/db/mysql"
"github.com/veops/oneterm/pkg/util"
mysql "github.com/veops/oneterm/db"
ggateway "github.com/veops/oneterm/gateway"
"github.com/veops/oneterm/model"
"github.com/veops/oneterm/util"
)
var (

12
backend/pkg/server/guacd/conn.go → backend/api/guacd/conn.go
View File

@@ -10,11 +10,11 @@ import (
"github.com/google/uuid"
"github.com/samber/lo"
"github.com/spf13/cast"
"github.com/veops/oneterm/pkg/conf"
"github.com/veops/oneterm/pkg/logger"
ggateway "github.com/veops/oneterm/pkg/server/global/gateway"
"github.com/veops/oneterm/pkg/server/model"
"github.com/veops/oneterm/pkg/util"
"github.com/veops/oneterm/conf"
ggateway "github.com/veops/oneterm/gateway"
"github.com/veops/oneterm/logger"
"github.com/veops/oneterm/model"
"github.com/veops/oneterm/util"
)
const (
@@ -214,6 +214,6 @@ func (t *Tunnel) Close() {
}
func (t *Tunnel) Disconnect() {
logger.L.Debug("client disconnect")
logger.L().Debug("client disconnect")
t.WriteInstruction(NewInstruction("disconnect"))
}

0
backend/pkg/server/guacd/instruction.go → backend/api/guacd/instruction.go
View File

55
backend/api/middleware.go Normal file
View File

@@ -0,0 +1,55 @@
package api
import (
"encoding/json"
"net/http"
"time"
"github.com/gin-gonic/gin"
"go.uber.org/zap"
"github.com/veops/oneterm/acl"
"github.com/veops/oneterm/conf"
"github.com/veops/oneterm/logger"
)
func ginLogger() gin.HandlerFunc {
return func(ctx *gin.Context) {
start := time.Now()
ctx.Next()
cost := time.Since(start)
logger.L().Info(ctx.Request.URL.String(),
zap.String("method", ctx.Request.Method),
zap.Int("status", ctx.Writer.Status()),
zap.String("ip", ctx.ClientIP()),
zap.Duration("cost", cost),
)
}
}
func auth() gin.HandlerFunc {
return func(ctx *gin.Context) {
session := &acl.Session{}
sess, err := ctx.Cookie("session")
if err == nil && sess != "" {
s := acl.NewSignature(conf.Cfg.SecretKey, "cookie-session", "", "hmac", nil, nil)
content, err := s.Unsign(sess)
if err != nil {
ctx.AbortWithStatus(http.StatusUnauthorized)
return
}
err = json.Unmarshal(content, &session)
if err != nil {
ctx.AbortWithStatus(http.StatusUnauthorized)
return
}
ctx.Set("session", session)
}
ctx.Next()
}
}

26
backend/pkg/server/storage/cache/redis/redis.go → backend/cache/redis.go vendored
View File

@@ -6,8 +6,10 @@ import (
"time"
"github.com/redis/go-redis/v9"
"go.uber.org/zap"
"github.com/veops/oneterm/pkg/conf"
"github.com/veops/oneterm/conf"
"github.com/veops/oneterm/logger"
)
var (
@@ -15,28 +17,16 @@ var (
RC *redis.Client
)
func Init(cfg *conf.RedisConfig) (err error) {
if cfg == nil {
return
}
func init() {
ctx := context.Background()
readTimeout := time.Duration(30) * time.Second
writeTimeout := time.Duration(30) * time.Second
RC = redis.NewClient(&redis.Options{
Addr: cfg.Addr,
DB: cfg.Db,
Password: cfg.Password,
PoolSize: cfg.PoolSize,
MaxIdleConns: cfg.MaxIdle,
ReadTimeout: readTimeout,
WriteTimeout: writeTimeout,
Addr: conf.Cfg.Redis.Addr,
Password: conf.Cfg.Redis.Password,
})
if _, err = RC.Ping(ctx).Result(); err != nil {
return err
if _, err := RC.Ping(ctx).Result(); err != nil {
logger.L().Fatal("ping redis failed", zap.Error(err))
}
return nil
}
func Get(ctx context.Context, key string, dst any) (err error) {

17
backend/cmd/api/api.go
View File

@@ -1,17 +0,0 @@
package main
import (
"fmt"
"os"
"github.com/veops/oneterm/cmd/api/app"
)
func main() {
command := app.NewServerCommand()
if err := command.Execute(); err != nil {
fmt.Println(err)
os.Exit(1)
}
}

137
backend/cmd/api/app/api.go
View File

@@ -1,137 +0,0 @@
// Package app
package app
import (
"context"
"fmt"
"os"
"os/signal"
"syscall"
"github.com/gin-gonic/gin"
"github.com/oklog/run"
"github.com/spf13/cobra"
"github.com/spf13/viper"
"github.com/veops/oneterm/pkg/conf"
"github.com/veops/oneterm/pkg/logger"
gsession "github.com/veops/oneterm/pkg/server/global/session"
"github.com/veops/oneterm/pkg/server/router"
"github.com/veops/oneterm/pkg/server/schedule/cmdb"
"github.com/veops/oneterm/pkg/server/schedule/connectable"
"github.com/veops/oneterm/pkg/server/storage/cache/local"
"github.com/veops/oneterm/pkg/server/storage/cache/redis"
"github.com/veops/oneterm/pkg/server/storage/db/mysql"
)
const (
componentServer = "./server"
)
var (
configFilePath string
)
var cmdRun = &cobra.Command{
Use: "run",
Example: fmt.Sprintf("%s run -c apps", componentServer),
Short: "run",
Long: `a run test`,
Args: cobra.MinimumNArgs(0),
Run: func(cmd *cobra.Command, args []string) {
Run()
os.Exit(0)
},
}
func NewServerCommand() *cobra.Command {
command := &cobra.Command{
Use: componentServer,
}
cmdRun.PersistentFlags().StringVarP(&configFilePath, "config", "c", "./", "config path")
command.AddCommand(cmdRun)
return command
}
func Run() {
parseConfig(configFilePath)
gr := run.Group{}
ctx, logCancel := context.WithCancel(context.Background())
if err := logger.Init(ctx, conf.Cfg.Log); err != nil {
fmt.Println("err init failed", err)
os.Exit(1)
}
if err := mysql.Init(conf.Cfg.Mysql); err != nil {
logger.L.Error("mysql init failed: " + err.Error())
os.Exit(1)
}
if err := redis.Init(conf.Cfg.Redis); err != nil {
logger.L.Error("redis init failed: " + err.Error())
os.Exit(1)
}
if err := local.Init(); err != nil {
logger.L.Error("local init failed: " + err.Error())
os.Exit(1)
}
if err := gsession.Init(); err != nil {
logger.L.Error("local init failed: " + err.Error())
os.Exit(1)
}
{
// Termination handler.
term := make(chan os.Signal, 1)
signal.Notify(term, os.Interrupt, syscall.SIGTERM)
gr.Add(
func() error {
<-term
logger.L.Warn("Received SIGTERM, exiting gracefully...")
return nil
},
func(err error) {},
)
}
{
cancel := make(chan struct{})
gr.Add(func() error {
gin.SetMode(conf.Cfg.Mode)
srv := router.Server(conf.Cfg)
router.GracefulExit(srv, cancel)
return nil
}, func(err error) {
close(cancel)
})
gr.Add(cmdb.Run, cmdb.Stop)
gr.Add(connectable.Run, connectable.Stop)
}
if err := gr.Run(); err != nil {
logger.L.Error(err.Error())
}
logger.L.Info("exiting")
logCancel()
}
func parseConfig(filePath string) {
viper.SetConfigName("config")
viper.SetConfigType("yaml")
viper.AddConfigPath(filePath)
viper.AddConfigPath(".")
err := viper.ReadInConfig()
if err != nil { // Handle errors reading the config file
panic(fmt.Errorf("fatal error config file: %s", err))
}
if err = viper.Unmarshal(&conf.Cfg); err != nil {
panic(fmt.Sprintf("parse config from config.yaml failed:%s", err))
}
}

137
backend/cmd/ssh/app/ssh.go
View File

@@ -1,137 +0,0 @@
package app
import (
"context"
"fmt"
"os"
"os/signal"
"syscall"
"github.com/mitchellh/mapstructure"
"github.com/oklog/run"
"github.com/spf13/cobra"
"github.com/spf13/viper"
"github.com/veops/oneterm/pkg/conf"
"github.com/veops/oneterm/pkg/logger"
sshproto "github.com/veops/oneterm/pkg/proto/ssh"
cfg "github.com/veops/oneterm/pkg/proto/ssh/config"
"github.com/veops/oneterm/pkg/proto/ssh/handler"
)
const (
componentServer = "./server"
)
var (
configFilePath string
)
var cmdRun = &cobra.Command{
Use: "ssh",
Example: fmt.Sprintf("%s ssh -c apps", componentServer),
Short: "run",
Long: `a run test`,
Args: cobra.MinimumNArgs(0),
Run: func(cmd *cobra.Command, args []string) {
Run()
os.Exit(0)
},
}
func NewServerCommand() *cobra.Command {
command := &cobra.Command{
Use: componentServer,
}
cmdRun.PersistentFlags().StringVarP(&configFilePath, "config", "c", "./", "config path")
command.AddCommand(cmdRun)
return command
}
func Run() {
parseConfig(configFilePath)
gr := run.Group{}
ctx, logCancel := context.WithCancel(context.Background())
if err := logger.Init(ctx, conf.Cfg.Log); err != nil {
fmt.Println("err init failed", err)
os.Exit(1)
}
handler.I18nInit(conf.Cfg.I18nDir)
{
// Termination handler.
term := make(chan os.Signal, 1)
signal.Notify(term, os.Interrupt, syscall.SIGTERM)
gr.Add(
func() error {
<-term
logger.L.Warn("Received SIGTERM, exiting gracefully...")
return nil
},
func(err error) {},
)
}
{
cancel := make(chan struct{})
gr.Add(func() error {
_ = sshproto.Run(fmt.Sprintf("%s:%d", cfg.SSHConfig.Ip, cfg.SSHConfig.Port),
cfg.SSHConfig.Api,
cfg.SSHConfig.Token,
cfg.SSHConfig.PrivateKeyPath,
conf.Cfg.SecretKey)
<-cancel
return nil
}, func(err error) {
close(cancel)
})
}
if err := gr.Run(); err != nil {
logger.L.Error(err.Error())
}
logger.L.Info("exiting")
logCancel()
}
func parseConfig(filePath string) {
viper.SetConfigName("config")
viper.SetConfigType("yaml")
viper.AddConfigPath(filePath)
viper.AddConfigPath(".")
err := viper.ReadInConfig()
if err != nil { // Handle errors reading the config file
panic(fmt.Errorf("fatal error config file: %s", err))
}
if err = viper.Unmarshal(&conf.Cfg); err != nil {
panic(fmt.Sprintf("parse config from config.yaml failed:%s", err))
}
if sc, ok := conf.Cfg.Protocols["ssh"]; ok {
er := mapstructure.Decode(sc, &cfg.SSHConfig)
if er != nil {
panic(er)
}
switch v := sc.(type) {
case map[string]interface{}:
if v1, ok := v["ip"]; ok {
cfg.SSHConfig.Ip = v1.(string)
} else {
cfg.SSHConfig.Ip = "127.0.0.1"
}
if v1, ok := v["port"]; ok {
cfg.SSHConfig.Port = v1.(int)
} else {
cfg.SSHConfig.Port = 45622
}
//cfg.SSHConfig.Api = fmt.Sprintf("%v", v["api"])
//cfg.SSHConfig.Token = fmt.Sprintf("%v", v["token"])
//cfg.SSHConfig.WebUser = v["webUser"]
}
}
}

12
backend/cmd/ssh/config.example.yaml
View File

@@ -1,12 +0,0 @@
protocols:
ssh:
api: oneterm-api:8080
ip: '0.0.0.0'
port: 2222
webUser: "test"
webToken: "135790"
privateKeyPath: /root/.ssh/id_ed25519
i18nDir: ./translate

17
backend/cmd/ssh/ssh.go
View File

@@ -1,17 +0,0 @@
package main
import (
"fmt"
"os"
"github.com/veops/oneterm/cmd/ssh/app"
)
func main() {
command := app.NewServerCommand()
if err := command.Execute(); err != nil {
fmt.Println(err)
os.Exit(1)
}
}

56
backend/pkg/conf/conf.go → backend/conf/conf.go
View File

@@ -1,27 +1,11 @@
package conf
import (
"fmt"
"github.com/BurntSushi/toml"
"github.com/nicksnyder/go-i18n/v2/i18n"
"golang.org/x/text/language"
)
var (
Bundle = i18n.NewBundle(language.English)
"github.com/spf13/pflag"
)
func init() {
Bundle.RegisterUnmarshalFunc("toml", toml.Unmarshal)
_, err := Bundle.LoadMessageFile("./translate/active.en.toml")
if err != nil {
fmt.Println("load i18n message failed", err)
}
_, err = Bundle.LoadMessageFile("./translate/active.zh.toml")
if err != nil {
fmt.Println("load i18n message failed", err)
}
pflag.Parse()
}
const (
@@ -35,11 +19,11 @@ const (
var (
Cfg = &ConfigYaml{
Mode: "debug",
Http: &HttpConfig{
Http: HttpConfig{
Host: "0.0.0.0",
Port: 80,
},
Log: &LogConfig{
Log: LogConfig{
Level: "info",
MaxSize: 100, // megabytes
MaxBackups: 5,
@@ -48,12 +32,11 @@ var (
Path: "app.log",
ConsoleEnable: true,
},
Auth: &Auth{
Auth: Auth{
Custom: map[string]string{},
},
Cmdb: &Cmdb{},
Worker: &Worker{},
Protocols: map[string]any{},
Cmdb: Cmdb{},
Worker: Worker{},
}
)
@@ -64,10 +47,7 @@ type HttpConfig struct {
type RedisConfig struct {
Addr string `yaml:"addr"`
Db int `yaml:"db"`
Password string `yaml:"password"`
MaxIdle int `yaml:"maxIdle"`
PoolSize int `yaml:"poolSize"`
}
type MysqlConfig struct {
@@ -138,19 +118,17 @@ type Guacd struct {
type ConfigYaml struct {
Mode string `yaml:"mode"`
Http *HttpConfig `yaml:"http"`
Log *LogConfig `yaml:"log"`
Redis *RedisConfig `yaml:"redis"`
Mysql *MysqlConfig `yaml:"mysql"`
Auth *Auth `yaml:"auth"`
SecretKey string `yaml:"secretKey"`
Cmdb *Cmdb `yaml:"cmdb"`
Worker *Worker `yaml:"worker"`
SshServer *SshServer `yaml:"sshServer"`
Guacd *Guacd `yaml:"guacd"`
Protocols map[string]any `yaml:"protocols"`
I18nDir string `yaml:"i18nDir"`
Log LogConfig `yaml:"log"`
Redis RedisConfig `yaml:"redis"`
Mysql MysqlConfig `yaml:"mysql"`
Guacd Guacd `yaml:"guacd"`
Http HttpConfig `yaml:"http"`
Ssh SshServer `yaml:"ssh"`
Auth Auth `yaml:"auth"`
SecretKey string `yaml:"secretKey"`
Cmdb Cmdb `yaml:"cmdb"`
Worker Worker `yaml:"worker"`
}
func GetResourceTypeName(key string) (val string) {

25
backend/cmd/api/config.example.yaml → backend/config.example.yaml
View File

@@ -2,7 +2,16 @@ mode: debug
http:
ip: 0.0.0.0
port: 8080
port: 8888
ssh:
ip: 0.0.0.0
port: 2222
guacd:
ip: oneterm-guacd
port: 4822
gateway: oneterm-api
mysql:
ip: mysql
@@ -11,15 +20,13 @@ mysql:
password: root
redis:
addr: myredis:6379
addr: redis:6379
password: root
log:
level: debug
path: app.log
format: json
maxSize: 1
# consoleEnable Whether to enable outputting logs to the console as the sametime
consoleEnable: true
auth:
@@ -50,14 +57,4 @@ worker:
key: acl key
secret: acl secret
sshServer:
ip: 127.0.0.1
port: 2222
account: test
password: 135790
xtoken: 123456
guacd:
ip: oneterm-guacd
port: 4822
gateway: oneterm-api

25
backend/db/mysql.go Normal file
View File

@@ -0,0 +1,25 @@
package mysql
import (
"fmt"
"go.uber.org/zap"
"gorm.io/driver/mysql"
"gorm.io/gorm"
"github.com/veops/oneterm/conf"
"github.com/veops/oneterm/logger"
)
var (
DB *gorm.DB
)
func init() {
var err error
dsn := fmt.Sprintf("%s:%s@tcp(%s:%s)/oneterm?charset=utf8mb4&parseTime=True&loc=Local",
conf.Cfg.Mysql.User, conf.Cfg.Mysql.Password, conf.Cfg.Mysql.Ip, conf.Cfg.Mysql.Port)
if DB, err = gorm.Open(mysql.Open(dsn), &gorm.Config{}); err != nil {
logger.L().Fatal("init mysql failed", zap.Error(err))
}
}

14
backend/pkg/server/global/gateway/gateway.go → backend/gateway/gateway.go
View File

@@ -10,9 +10,9 @@ import (
"go.uber.org/zap"
"golang.org/x/crypto/ssh"
"github.com/veops/oneterm/pkg/conf"
"github.com/veops/oneterm/pkg/logger"
"github.com/veops/oneterm/pkg/server/model"
"github.com/veops/oneterm/conf"
"github.com/veops/oneterm/logger"
"github.com/veops/oneterm/model"
)
var (
@@ -45,19 +45,19 @@ func (gt *GatewayTunnel) Open() (err error) {
defer close(gt.Chan)
go func() {
<-time.After(time.Second * 5)
logger.L.Debug("timeout 5 second close listener", zap.String("sessionId", gt.SessionId))
logger.L().Debug("timeout 5 second close listener", zap.String("sessionId", gt.SessionId))
gt.listener.Close()
}()
gt.LocalConn, err = gt.listener.Accept()
if err != nil {
logger.L.Error("accept failed", zap.String("sessionId", gt.SessionId), zap.Error(err))
logger.L().Error("accept failed", zap.String("sessionId", gt.SessionId), zap.Error(err))
return err
}
remoteAddr := fmt.Sprintf("%s:%d", gt.RemoteIp, gt.RemotePort)
gt.RemoteConn, err = manager.sshClients[gt.GatewayId].Dial("tcp", remoteAddr)
if err != nil {
logger.L.Error("dial remote failed", zap.String("sessionId", gt.SessionId), zap.Error(err))
logger.L().Error("dial remote failed", zap.String("sessionId", gt.SessionId), zap.Error(err))
return err
}
@@ -120,7 +120,7 @@ func (gm *GateWayManager) Open(sessionId, remoteIp string, remotePort int, gatew
Chan: make(chan struct{}),
}
gm.gateways[sessionId] = g
logger.L.Debug("opening gateway", zap.Any("sessionId", sessionId))
logger.L().Debug("opening gateway", zap.Any("sessionId", sessionId))
go g.Open()
return

95
backend/pkg/i18n/message.go → backend/i18n/i18n.go
View File

@@ -1,179 +1,198 @@
package i18n
import (
goi18n "github.com/nicksnyder/go-i18n/v2/i18n"
"fmt"
"github.com/BurntSushi/toml"
"github.com/nicksnyder/go-i18n/v2/i18n"
"golang.org/x/text/language"
)
var (
Bundle = i18n.NewBundle(language.English)
langs = []string{"en", "zh"}
)
func init() {
Bundle.RegisterUnmarshalFunc("toml", toml.Unmarshal)
for _, lang := range langs {
_, err := Bundle.LoadMessageFile(fmt.Sprintf("./translate/active.%s.toml", lang))
if err != nil {
fmt.Println("load i18n message failed", err)
}
}
}
var (
// errors
MsgBadRequest = &goi18n.Message{
MsgBadRequest = &i18n.Message{
ID: "MsgBadRequest",
One: "Bad Request: {{.err}}",
Other: "Bad Request: {{.err}}",
}
MsgInvalidArguemnt = &goi18n.Message{
MsgInvalidArguemnt = &i18n.Message{
ID: "MsgArgumentError",
One: "Bad Request: Argument is invalid, {{.err}}",
Other: "Bad Request: Argument is invalid, {{.err}}",
}
MsgDupName = &goi18n.Message{
MsgDupName = &i18n.Message{
ID: "MsgDupName",
One: "Bad Request: {{.name}} is duplicate",
Other: "Bad Request: {{.name}} is duplicate",
}
MsgHasChild = &goi18n.Message{
MsgHasChild = &i18n.Message{
ID: "MsgHasChild",
One: "Bad Request: This folder has sub folder or assert, cannot be deleted",
Other: "Bad Request: This folder has sub folder or assert, cannot be deleted",
}
MsgHasDepdency = &goi18n.Message{
MsgHasDepdency = &i18n.Message{
ID: "MsgHasDepdency",
One: "Bad Request: Asset {{.name}} dependens on this, cannot be deleted",
Other: "Bad Request: Asset {{.name}} dependens on this, cannot be deleted",
}
MsgNoPerm = &goi18n.Message{
MsgNoPerm = &i18n.Message{
ID: "MsgNoPerm",
One: "Bad Request: You do not have {{.perm}} permission",
Other: "Bad Request: You do not have {{.perm}} permission",
}
MsgRemoteClient = &goi18n.Message{
MsgRemoteClient = &i18n.Message{
ID: "MsgRemote",
One: "Bad Request: {{.message}}",
Other: "Bad Request: {{.message}}",
}
MsgWrongPk = &goi18n.Message{
MsgWrongPk = &i18n.Message{
ID: "MsgWrongPk",
One: "Bad Request: Invalid SSH public key",
Other: "Bad Request: Invalid SSH public key",
}
MsgWrongMac = &goi18n.Message{
MsgWrongMac = &i18n.Message{
ID: "MsgWrongMac",
One: "Bad Request: Invalid Mac address",
Other: "Bad Request: Invalid Mac address",
}
MsgInvalidSessionId = &goi18n.Message{
MsgInvalidSessionId = &i18n.Message{
ID: "MsgInvalidSessionId",
One: "Bad Request: Invalid session id {{.sessionId}}",
Other: "Bad Request: Invalid session id {{.sessionId}}",
}
MsgSessionEnd = &goi18n.Message{
MsgSessionEnd = &i18n.Message{
ID: "MsgSessionEnd",
One: "\n----------Session {{.sessionId}} has been ended----------\n",
Other: "\n----------Session {{.sessionId}} has been ended----------\n",
}
MsgLoginError = &goi18n.Message{
MsgLoginError = &i18n.Message{
ID: "MsgLoginError",
One: "Bad Request: Invalid account",
Other: "Bad Request: Invalid account",
}
MsgAccessTime = &goi18n.Message{
MsgAccessTime = &i18n.Message{
ID: "MsgAccessTime",
One: "Bad Request: current time is not allowed to access",
Other: "Bad Request: current time is not allowed to access",
}
MsgIdleTimeout = &goi18n.Message{
MsgIdleTimeout = &i18n.Message{
ID: "MsgIdleTimeout",
One: "Bad Request: idle timeout more than {{.second}} seconds",
Other: "Bad Request: idle timeout more than {{.second}} seconds",
}
//
MsgInternalError = &goi18n.Message{
MsgInternalError = &i18n.Message{
ID: "MsgInternalError",
One: "Server Error: {{.err}}",
Other: "Server Error: {{.err}}",
}
MsgRemoteServer = &goi18n.Message{
MsgRemoteServer = &i18n.Message{
ID: "MsgRemoteServer",
One: "Server Error: {{.message}}",
Other: "Server Error: {{.message}}",
}
MsgLoadSession = &goi18n.Message{
MsgLoadSession = &i18n.Message{
ID: "MsgLoadSession",
One: "Load Session Faild",
Other: "Load Session Faild",
}
MsgConnectServer = &goi18n.Message{
MsgConnectServer = &i18n.Message{
ID: "MsgConnectServer",
One: "Connect Server Error",
Other: "Connect Server Error",
}
MsgAdminClose = &goi18n.Message{
MsgAdminClose = &i18n.Message{
ID: "MsgAdminClose",
One: "Sessoin has been closed by admin {{.admin}}",
Other: "Sessoin has been closed by admin {{.admin}}",
}
// others
MsgTypeMappingAccount = &goi18n.Message{
MsgTypeMappingAccount = &i18n.Message{
ID: "MsgTypeMappingAccount",
One: "Account",
Other: "Account",
}
MsgTypeMappingAsset = &goi18n.Message{
MsgTypeMappingAsset = &i18n.Message{
ID: "MsgTypeMappingAsset",
One: "Asset",
Other: "Asset",
}
MsgTypeMappingCommand = &goi18n.Message{
MsgTypeMappingCommand = &i18n.Message{
ID: "MsgTypeMappingCommand",
One: "Command",
Other: "Command",
}
MsgTypeMappingGateway = &goi18n.Message{
MsgTypeMappingGateway = &i18n.Message{
ID: "MsgTypeMappingGateway",
One: "Gateway",
Other: "Gateway",
}
MsgTypeMappingNode = &goi18n.Message{
MsgTypeMappingNode = &i18n.Message{
ID: "MsgTypeMappingNode",
One: "Node",
Other: "Node",
}
MsgTypeMappingPublicKey = &goi18n.Message{
MsgTypeMappingPublicKey = &i18n.Message{
ID: "MsgTypeMappingPublicKey",
One: "Public Key",
Other: "Public Key",
}
// SSH
MsgSshShowAssetResults = &goi18n.Message{
MsgSshShowAssetResults = &i18n.Message{
ID: "MsgSshShowAssetResults",
One: "Total host count is:\033[0;32m {{.Count}} \033[0m \r\n{{.Msg}}\r\n",
Other: "Total host count is:\033[0;32m {{.Count}} \033[0m \r\n{{.Msg}}\r\n",
}
MsgSshAccountLoginError = &goi18n.Message{
MsgSshAccountLoginError = &i18n.Message{
ID: "MsgSshAccountLoginError",
One: "\x1b[1;30;32m failed login \x1b[0m \x1b[1;30;3m {{.User}}\x1b[0m\n" +
"\x1b[0;33m you need to choose asset again \u001B[0m\n",
Other: "\x1b[1;30;32m failed login \x1b[0m \x1b[1;30;3m {{.User}}\x1b[0m\n" +
"\x1b[0;33m you need to choose asset again \u001B[0m\n",
}
MsgSshNoAssetPermission = &goi18n.Message{
MsgSshNoAssetPermission = &i18n.Message{
ID: "MsgSshNoAssetPermission",
One: "\r\n\u001B[0;33mNo permission for[0m:\033[0;31m {{.Host}} \033[0m\r\n",
Other: "\r\n\u001B[0;33mNo permission for[0m:\033[0;31m {{.Host}} \033[0m\r\n",
}
MsgSshNoMatchingAsset = &goi18n.Message{
MsgSshNoMatchingAsset = &i18n.Message{
ID: "MsgSshNoMatchingAsset",
One: "\x1b[0;33mNo matching asset for :\x1b[0m \x1b[0;94m{{.Host}} \x1b[0m\r\n",
Other: "\x1b[0;33mNo matching asset for :\x1b[0m \x1b[0;94m{{.Host}} \x1b[0m\r\n",
}
MsgSshNoSshAccessMethod = &goi18n.Message{
MsgSshNoSshAccessMethod = &i18n.Message{
ID: "MsgSshNoSshAccessMethod",
One: "No ssh access method for :\033[0;31m {{.Host}} \033[0m\r\n",
Other: "No ssh access method for :\033[0;31m {{.Host}} \033[0m\r\n",
}
MsgSshNoSshAccountForAsset = &goi18n.Message{
MsgSshNoSshAccountForAsset = &i18n.Message{
ID: "MsgSshNoSshAccountForAsset",
One: "No ssh account for :\033[0;31m {{.Host}} \033[0m\r\n",
Other: "No ssh account for :\033[0;31m {{.Host}} \033[0m\r\n",
}
MsgSshMultiSshAccountForAsset = &goi18n.Message{
MsgSshMultiSshAccountForAsset = &i18n.Message{
ID: "MsgSshMultiSshAccountForAsset",
One: "choose account: \n\033[0;31m {{.Accounts}} \033[0m\n",
Other: "choose account: \n\033[0;31m {{.Accounts}} \033[0m\n",
}
MsgSshWelcome = &goi18n.Message{
MsgSshWelcome = &i18n.Message{
ID: "MsgSshWelcomeMsg",
One: "\x1b[0;47m Welcome: {{.User}} \x1b[0m\r\n" +
" \x1b[1;30;32m /s \x1b[0m to switch language between english and 中文\r\n" +
@@ -188,24 +207,24 @@ var (
"\x1b[1;30;32m /q \x1b[0m to exit\r\n" +
"\x1b[1;30;32m /? \x1b[0m for help\r\n",
}
MsgSshCommandRefused = &goi18n.Message{
MsgSshCommandRefused = &i18n.Message{
ID: "MsgSshCommandRefused",
One: "\x1b[0;31m you have no permission to execute command: \x1b[0m \x1b[0;33m{{.Command}} \x1b[0m\r\n",
Other: "\x1b[0;31m you have no permission to execute command: \x1b[0m \x1b[0;33m{{.Command}} \x1b[0m\r\n",
}
MsgSShHostIdleTimeout = &goi18n.Message{
MsgSShHostIdleTimeout = &i18n.Message{
ID: "MsgSShHostIdleTimeout",
One: "\r\n\x1b[0;31m disconnect since idle more than\x1b[0m \x1b[0;33m {{.Idle}} \x1b[0m\r\n",
Other: "\r\n\x1b[0;31m disconnect since idle more than\x1b[0m \x1b[0;33m {{.Idle}} \x1b[0m\r\n",
}
MsgSshAccessRefusedInTimespan = &goi18n.Message{
MsgSshAccessRefusedInTimespan = &i18n.Message{
ID: "MsgSshAccessRefusedInTimespan",
One: "\r\n\x1b[0;31m disconnect since current time is not allowed \x1b[0m\r\n",
Other: "\r\n\x1b[0;31m disconnect since current time is not allowed \x1b[0m\r\n",
}
MsgSShWelcomeForHelp = &goi18n.Message{
MsgSShWelcomeForHelp = &i18n.Message{
ID: "MsgSShWelcomeForHelp",
One: "\x1b[31;47m Welcome: {{.User}}",
Other: "\x1b[31;47m Welcome: {{.User}}",

0
backend/pkg/i18n/translate/active.en.toml → backend/i18n/translate/active.en.toml
View File

0
backend/pkg/i18n/translate/active.zh.toml → backend/i18n/translate/active.zh.toml
View File

0
backend/pkg/i18n/translate/translate.zh.toml → backend/i18n/translate/translate.zh.toml
View File

53
backend/logger/logger.go Normal file
View File

@@ -0,0 +1,53 @@
package logger
import (
"os"
"go.uber.org/zap"
"go.uber.org/zap/zapcore"
"gopkg.in/natefinch/lumberjack.v2"
"github.com/veops/oneterm/conf"
)
func init() {
level := zapcore.DebugLevel
switch conf.Cfg.Log.Level {
case "error":
level = zapcore.ErrorLevel
case "warn":
level = zapcore.WarnLevel
case "info":
level = zapcore.InfoLevel
case "debug":
level = zapcore.DebugLevel
}
fw := &lumberjack.Logger{
Filename: "logs/oneterm.log",
MaxSize: 0,
MaxBackups: 0,
MaxAge: 15,
LocalTime: false,
Compress: false,
}
cfg := zap.NewProductionEncoderConfig()
cfg.EncodeTime = zapcore.TimeEncoderOfLayout("2006-01-02 15:04:05.000")
encoder := zapcore.NewConsoleEncoder(cfg)
cores := []zapcore.Core{zapcore.NewCore(
encoder,
zapcore.AddSync(fw),
level,
)}
if conf.Cfg.Log.ConsoleEnable {
cores = append(cores, zapcore.NewCore(
encoder,
zapcore.AddSync(zapcore.Lock(os.Stderr)),
level,
))
}
zap.ReplaceGlobals(zap.New(zapcore.NewTee(cores...)))
}
func L() *zap.Logger {
return zap.L()
}

8
backend/main.go Normal file
View File

@@ -0,0 +1,8 @@
package main
import "github.com/spf13/pflag"
func main() {
path := pflag.StringP("config", "c", "config.yaml", "config path")
}

0
backend/pkg/server/model/account.go → backend/model/account.go
View File

0
backend/pkg/server/model/asset.go → backend/model/asset.go
View File

0
backend/pkg/server/model/authorization.go → backend/model/authorization.go
View File

0
backend/pkg/server/model/command.go → backend/model/command.go
View File

0
backend/pkg/server/model/config.go → backend/model/config.go
View File

0
backend/pkg/server/model/fileHistory.go → backend/model/fileHistory.go
View File

0
backend/pkg/server/model/gateway.go → backend/model/gateway.go
View File

0
backend/pkg/server/model/history.go → backend/model/history.go
View File

0
backend/pkg/server/model/model.go → backend/model/model.go
View File

0
backend/pkg/server/model/node.go → backend/model/node.go
View File

0
backend/pkg/server/model/publicKey.go → backend/model/publicKey.go
View File

0
backend/pkg/server/model/session.go → backend/model/session.go
View File

0
backend/pkg/server/model/stat.go → backend/model/stat.go
View File

93
backend/pkg/logger/logger.go
View File

@@ -1,93 +0,0 @@
package logger
import (
"context"
"fmt"
"os"
"strings"
"go.uber.org/zap"
"go.uber.org/zap/zapcore"
"gopkg.in/natefinch/lumberjack.v2"
"github.com/veops/oneterm/pkg/conf"
)
var (
L *zap.Logger
AtomicLevel = zap.NewAtomicLevel()
)
func Init(ctx context.Context, cfg *conf.LogConfig) (err error) {
err = initLogger(cfg)
if err != nil {
return
}
L = zap.L()
go func() {
<-ctx.Done()
err = L.Sync()
if err != nil {
fmt.Println(err)
}
}()
return nil
}
func getEncoder(format string) zapcore.Encoder {
encodeConfig := zap.NewProductionEncoderConfig()
encodeConfig.EncodeTime = zapcore.ISO8601TimeEncoder
encodeConfig.TimeKey = "time"
encodeConfig.EncodeLevel = zapcore.CapitalLevelEncoder
encodeConfig.EncodeCaller = zapcore.ShortCallerEncoder
if strings.ToUpper(format) == "JSON" {
return zapcore.NewJSONEncoder(encodeConfig)
} else {
encodeConfig.EncodeLevel = zapcore.CapitalColorLevelEncoder
return zapcore.NewConsoleEncoder(encodeConfig)
}
}
func getLogWriter(cfg *conf.LogConfig) zapcore.Core {
var cores []zapcore.Core
if cfg.Path != "" {
logRotate := &lumberjack.Logger{
Filename: cfg.Path,
MaxSize: cfg.MaxSize,
MaxBackups: cfg.MaxBackups,
MaxAge: cfg.MaxAge,
Compress: cfg.Compress,
}
fileEncoder := getEncoder(cfg.Format)
cores = append(cores, zapcore.NewCore(fileEncoder, zapcore.AddSync(logRotate), AtomicLevel))
}
if cfg.ConsoleEnable {
consoleEncoder := getEncoder("console")
cores = append(cores, zapcore.NewCore(consoleEncoder, zapcore.Lock(os.Stdout), AtomicLevel))
}
return zapcore.NewTee(cores...)
}
func initLogger(cfg *conf.LogConfig) (err error) {
level, err := zap.ParseAtomicLevel(cfg.Level)
if err != nil {
return err
}
AtomicLevel.SetLevel(level.Level())
core := getLogWriter(cfg)
logger := zap.New(core, zap.AddCaller())
zap.ReplaceGlobals(logger)
return
}

20
backend/pkg/proto/ssh/api/api.go
View File

@@ -1,20 +0,0 @@
package api
type Authentication interface {
Authenticate() (token string, err error)
}
type Asset interface {
Groups() (any, error)
Lists() (any, error)
}
type Audit interface {
NewSession(data any) error
}
type Core interface {
Authentication
Audit
Asset
}

196
backend/pkg/proto/ssh/api/asset.go
View File

@@ -1,196 +0,0 @@
package api
import (
"fmt"
"strings"
"time"
"github.com/go-resty/resty/v2"
cfg "github.com/veops/oneterm/pkg/proto/ssh/config"
"github.com/veops/oneterm/pkg/server/controller"
"github.com/veops/oneterm/pkg/server/model"
"github.com/veops/oneterm/pkg/util"
)
type AssetCore struct {
Api string
XToken string
}
func NewAssetServer(Api, token string) *AssetCore {
return &AssetCore{
Api: Api,
XToken: token,
}
}
func (a *AssetCore) Groups() (res any, err error) {
return res, err
}
func (a *AssetCore) Lists(cookie, search string, id int) (res *controller.ListData, err error) {
client := resty.New()
var (
data *controller.HttpResponse
)
params := map[string]string{
"page_index": "1",
"page_size": "-1",
"info": "true",
}
if strings.TrimSpace(search) != "" {
params["search"] = search
}
if id > 0 {
params["id"] = fmt.Sprintf("%d", id)
}
resp, err := client.R().
SetQueryParams(params).
SetHeader("Cookie", cookie).
SetHeader("X-Token", a.XToken).
SetResult(&data).
Get(strings.TrimSuffix(a.Api, "/") + assetUrl)
if err != nil {
return res, fmt.Errorf("api request error:%v", err.Error())
}
if resp.StatusCode() != 200 {
return res, fmt.Errorf("auth code: %d %v", resp.StatusCode(), string(resp.Body()))
}
if data.Code != 0 {
return res, fmt.Errorf(data.Message)
}
err = util.DecodeStruct(&res, data.Data)
return
}
func (a *AssetCore) AllAssets() (res []*model.Asset, err error) {
params := map[string]string{
"page_index": "1",
"page_size": "-1",
}
resp, err := request(resty.MethodGet,
a.Api+assetTotalUrl,
map[string]string{"X-Token": a.XToken}, params, nil)
if resp != nil {
for _, v := range resp.List {
var v1 model.Asset
_ = util.DecodeStruct(&v1, v)
res = append(res, &v1)
}
}
return
}
func (a *AssetCore) HasPermission(data *model.AccessAuth) bool {
now := time.Now()
in := true
if (data.Start != nil && now.Before(*data.Start)) || (data.End != nil && now.After(*data.End)) {
in = false
}
if !in {
return false
}
in = false
has := false
week, hm := now.Weekday(), now.Format("15:04")
for _, r := range data.Ranges {
has = has || len(r.Times) > 0
if (r.Week+1)%7 == int(week) {
for _, str := range r.Times {
ss := strings.Split(str, "~")
in = in || (len(ss) >= 2 && hm >= ss[0] && hm <= ss[1])
}
}
}
return !has || in == data.Allow
}
func (a *AssetCore) Gateway(cookie string, id int) (res *model.Gateway, err error) {
params := map[string]string{
"page_index": "1",
"page_size": "1",
"info": "true",
}
if id > 0 {
params["id"] = fmt.Sprintf("%d", id)
}
data, err := request(resty.MethodGet,
fmt.Sprintf("%s%s", strings.TrimSuffix(cfg.SSHConfig.Api, "/"), gatewayUrl),
map[string]string{
"Cookie": cookie,
"X-Token": cfg.SSHConfig.Token,
}, params, nil)
if err != nil {
return
}
var r1 controller.ListData
err = util.DecodeStruct(&r1, data)
if err != nil {
return
}
if len(r1.List) == 0 {
err = fmt.Errorf("not found gateway for %d", id)
return
}
err = util.DecodeStruct(&res, r1.List[0])
return
}
func (a *AssetCore) Commands(cookie string) (res []*model.Command, err error) {
params := map[string]string{
"page_index": "1",
"page_size": "-1",
"info": "true",
}
data, err := request(resty.MethodGet,
fmt.Sprintf("%s%s", strings.TrimSuffix(cfg.SSHConfig.Api, "/"), commandUrl),
map[string]string{
"Cookie": cookie,
"X-Token": cfg.SSHConfig.Token,
}, params, nil)
if err != nil {
return
}
var r1 controller.ListData
err = util.DecodeStruct(&r1, data)
if err != nil {
return
}
err = util.DecodeStruct(&res, r1.List)
return
}
func (a *AssetCore) Config(cookie string) (res *model.Config, err error) {
params := map[string]string{
"info": "true",
}
data := &controller.HttpResponse{}
_, err = resty.New().R().
SetQueryParams(params).
SetHeaders(map[string]string{
"Cookie": cookie,
"X-Token": cfg.SSHConfig.Token,
}).
SetResult(data).
Get(strings.TrimSuffix(a.Api, "/") + configUrl)
if err != nil {
return
}
err = util.DecodeStruct(&res, data.Data)
return
}
func (a *AssetCore) ChangeState(data map[int]map[string]any) error {
_, err := request(resty.MethodPut,
strings.TrimSuffix(a.Api, "/")+assetUpdateState,
map[string]string{
"X-Token": cfg.SSHConfig.Token,
}, nil, data)
return err
}

105
backend/pkg/proto/ssh/api/audit.go
View File

@@ -1,105 +0,0 @@
package api
import (
"fmt"
"regexp"
"strings"
"github.com/go-resty/resty/v2"
"go.uber.org/zap"
"github.com/veops/oneterm/pkg/logger"
cfg "github.com/veops/oneterm/pkg/proto/ssh/config"
"github.com/veops/oneterm/pkg/server/controller"
"github.com/veops/oneterm/pkg/util"
)
type AuditCore struct {
Api string
XToken string
}
func NewAuditServer(Api, token string) *Auth {
return &Auth{
Api: Api,
XToken: token,
}
}
type CommandLevel int
const (
CommandLevelNormal = iota + 1
CommandLevelReject
)
func (a *AuditCore) NewSession(data any) error {
_, err := request(resty.MethodPost,
fmt.Sprintf("%s%s", strings.TrimSuffix(cfg.SSHConfig.Api, "/"), sessionUrl),
map[string]string{
"X-Token": cfg.SSHConfig.Token,
}, nil, data)
return err
}
func (a *AuditCore) AddCommand(data any) {
_, err := request(resty.MethodPost,
fmt.Sprintf("%s%s", strings.TrimSuffix(cfg.SSHConfig.Api, "/"), sessionCmdUrl),
map[string]string{
"X-Token": cfg.SSHConfig.Token,
"Content-Type": "application/json",
}, nil, data)
if err != nil {
logger.L.Error(err.Error())
}
}
func AddReplay(sessionId string, data any) error {
_, err := request(resty.MethodPost,
fmt.Sprintf("%s%s/%s", strings.TrimSuffix(cfg.SSHConfig.Api, "/"), replayUrl, sessionId),
map[string]string{
"X-Token": cfg.SSHConfig.Token,
}, nil, data)
return err
}
func AddReplayFile(sessionId, filePath string) (err error) {
var response *controller.HttpResponse
r, er := resty.New().R().SetFile("replay.cast", filePath).
SetHeader("X-Token", cfg.SSHConfig.Token).
SetHeader("Content-Type", "application/json").
SetBody(map[string]any{
"session_id": sessionId,
"body": "",
}).SetResult(&response).Post(fmt.Sprintf("%s%s/%s", strings.TrimSuffix(cfg.SSHConfig.Api, "/"), replayFileUrl, sessionId))
if er != nil {
err = er
return err
}
if r.StatusCode() != 200 {
err = fmt.Errorf("auth code: %d: %s", r.StatusCode(), r.String())
return
}
if response.Code != 0 {
err = fmt.Errorf(response.Message)
return
}
err = util.DecodeStruct(&response, response.Data)
return err
}
func GetCommandLevel(command string, commands []string) CommandLevel {
for _, v := range commands {
pattern, err := regexp.Compile(v)
if err != nil {
logger.L.Warn(err.Error(), zap.String("module", ""))
continue
}
if pattern.MatchString(command) {
return CommandLevelReject
}
}
return CommandLevelNormal
}

169
backend/pkg/proto/ssh/api/auth.go
View File

@@ -1,169 +0,0 @@
package api
import (
"encoding/json"
"fmt"
"strings"
"time"
"github.com/go-resty/resty/v2"
"github.com/veops/oneterm/pkg/server/auth/acl"
"github.com/veops/oneterm/pkg/server/controller"
"github.com/veops/oneterm/pkg/server/model"
"github.com/veops/oneterm/pkg/util"
)
type Auth struct {
Username string
Password string
PublicKey string
Api string
XToken string
SecretKey string
}
func NewAuthServer(username, password, publicKey, Api, token, secretKey string) *Auth {
return &Auth{
Username: username,
Password: password,
PublicKey: publicKey,
Api: Api,
XToken: token,
SecretKey: secretKey,
}
}
func (a *Auth) Authenticate() (token string, err error) {
client := resty.New()
var (
method int8
data *controller.HttpResponse
)
if a.Password != "" {
method = 1
} else if a.PublicKey != "" {
method = 2
} else {
return "", fmt.Errorf("no password or publicKey")
}
resp, err := client.R().
SetHeader("X-Token", a.XToken).
SetHeader("Content-Type", "application/json").
SetBody(map[string]interface{}{
"method": method,
"password": a.Password,
"pk": a.PublicKey,
"username": a.Username,
}).
SetResult(&data).
Post(strings.TrimSuffix(a.Api, "/") + authUrl)
if err != nil {
return "", fmt.Errorf("api request error:%v", err.Error())
}
if resp.StatusCode() != 200 {
return "", fmt.Errorf("%s", string(resp.Body()))
}
if data.Code != 0 {
return "", fmt.Errorf(data.Message)
}
return data.Data.(map[string]any)["cookie"].(string), nil
}
func (a *Auth) AccountInfo(token string, uid int, name string) (account *model.Account, err error) {
data := map[string]string{"info": "true"}
if uid > 0 {
data["id"] = fmt.Sprintf("%d", uid)
}
if name != "" {
data["name"] = name
}
res, err := request(resty.MethodGet,
fmt.Sprintf("%s%s", strings.TrimSuffix(a.Api, "/"), accountUrl),
map[string]string{
"Cookie": token,
"X-Token": a.XToken,
}, data, nil)
if err != nil {
return
}
if res.Count == 0 {
err = fmt.Errorf("no account found for %v", uid)
return
}
err = util.DecodeStruct(&account, res.List[0])
return
}
func (a *Auth) Accounts(token string) (account []*model.Account, err error) {
res, err := request(resty.MethodGet,
fmt.Sprintf("%s%s", strings.TrimSuffix(a.Api, "/"), accountUrl),
map[string]string{
"Cookie": token,
"X-Token": a.XToken,
}, map[string]string{"info": "true"}, nil)
if err != nil {
return
}
if res.Count == 0 {
err = fmt.Errorf("no account found")
return
}
err = util.DecodeStruct(&account, res.List)
return
}
func request(method, path string, headers map[string]string, param map[string]string,
body any) (res *controller.ListData, err error) {
client := resty.New().SetTimeout(time.Second * 15).R()
if param != nil {
client = client.SetQueryParams(param)
}
for k, v := range headers {
client = client.SetHeader(k, v)
}
if body != nil {
client = client.SetBody(body)
}
var response *controller.HttpResponse
client = client.SetResult(&response)
r, err := client.Execute(method, path)
if err != nil {
err = fmt.Errorf("api request error:%v", err.Error())
return
}
if r.StatusCode() != 200 {
err = fmt.Errorf("auth code: %d: %s", r.StatusCode(), r.String())
return
}
if response.Code != 0 {
err = fmt.Errorf(response.Message)
return
}
err = util.DecodeStruct(&res, response.Data)
return res, err
}
func (a *Auth) AclInfo(sess string) (aclInfo *acl.Acl, er error) {
session := acl.Session{}
for _, v := range strings.Split(sess, ";") {
if strings.HasPrefix(strings.TrimSpace(v), "session=") {
sess = strings.TrimPrefix(strings.TrimSpace(v), "session=")
}
}
s := acl.NewSignature(a.SecretKey, "cookie-session", "", "hmac", nil, nil)
content, err := s.Unsign(sess)
if err != nil {
er = err
return
}
err = json.Unmarshal(content, &session)
if err != nil {
return aclInfo, err
}
return &session.Acl, nil
}

20
backend/pkg/proto/ssh/api/onterm.go
View File

@@ -1,20 +0,0 @@
package api
import (
gossh "github.com/gliderlabs/ssh"
)
type CoreInstance struct {
Auth *Auth
Asset *AssetCore
Session *gossh.Session
Audit *AuditCore
}
func NewCoreInstance(apiHost, token, secretKey string) *CoreInstance {
coreInstance := &CoreInstance{
Auth: NewAuthServer("", "", "", apiHost, token, secretKey),
Asset: NewAssetServer(apiHost, token),
}
return coreInstance
}

23
backend/pkg/proto/ssh/api/var.go
View File

@@ -1,23 +0,0 @@
package api
const (
// auth
authUrl = "/public_key/auth"
// asset
assetUrl = "/asset"
gatewayUrl = "/gateway"
commandUrl = "/command"
configUrl = "/config"
assetTotalUrl = "/asset/query_by_server"
assetUpdateState = "/asset/update_by_server"
// account
accountUrl = "/account"
// audit
sessionUrl = "/session"
replayUrl = "/session/replay"
replayFileUrl = "/session/replay"
sessionCmdUrl = "/session/cmd"
)

67
backend/pkg/proto/ssh/client/parse.go
View File

@@ -1,67 +0,0 @@
package client
import (
"bytes"
"sync"
)
type Parser struct {
lock sync.Mutex
vimState bool
commandState bool
}
var (
enterMarks = [][]byte{
[]byte("\x1b[?1049h"),
[]byte("\x1b[?1048h"),
[]byte("\x1b[?1047h"),
[]byte("\x1b[?47h"),
}
exitMarks = [][]byte{
[]byte("\x1b[?1049l"),
[]byte("\x1b[?1048l"),
[]byte("\x1b[?1047l"),
[]byte("\x1b[?47l"),
}
screenMarks = [][]byte{
{0x1b, 0x5b, 0x4b, 0x0d, 0x0a},
{0x1b, 0x5b, 0x34, 0x6c},
}
)
func (p *Parser) State(b []byte) bool {
if !p.vimState && IsEditEnterMode(b) {
if !isNewScreen(b) {
p.vimState = true
p.commandState = false
}
}
if p.vimState && IsEditExitMode(b) {
p.vimState = false
p.commandState = true
}
return p.vimState
}
func isNewScreen(p []byte) bool {
return matchMark(p, screenMarks)
}
func IsEditEnterMode(p []byte) bool {
return matchMark(p, enterMarks)
}
func IsEditExitMode(p []byte) bool {
return matchMark(p, exitMarks)
}
func matchMark(p []byte, marks [][]byte) bool {
for _, item := range marks {
if bytes.Contains(p, item) {
return true
}
}
return false
}

343
backend/pkg/proto/ssh/client/ssh.go
View File

@@ -1,343 +0,0 @@
package client
import (
"fmt"
"io"
"net"
"strings"
"sync"
"time"
gossh "github.com/gliderlabs/ssh"
"github.com/google/uuid"
gssh "golang.org/x/crypto/ssh"
"github.com/veops/oneterm/pkg/logger"
"github.com/veops/oneterm/pkg/proto/ssh/record"
"github.com/veops/oneterm/pkg/server/model"
)
type Connection struct {
Session *gssh.Session
Stdin io.Writer
Stdout io.Reader
SessionId string
Record record.Record
Commands []byte
AssetId int
AccountId int
Gateway *model.Gateway
Parser *Parser
GateWayCloseChan chan struct{}
Exit chan struct{}
}
type GatewayClient struct {
client *gssh.Client
targetAddr string
}
var (
GatewayListener net.Listener
GatewayConnections sync.Map
)
func NewSSHClientConfig(user string, account *model.Account) (*gssh.ClientConfig, error) {
am, er := authMethod(account)
if er != nil {
return nil, er
}
sshConfig := &gssh.ClientConfig{
Timeout: time.Second * 5,
User: user,
Auth: []gssh.AuthMethod{
am,
},
HostKeyCallback: gssh.InsecureIgnoreHostKey(), // 不验证服务器的HostKey
}
return sshConfig, nil
}
func authMethod(account *model.Account) (gssh.AuthMethod, error) {
switch account.AccountType {
case model.AUTHMETHOD_PASSWORD:
return gssh.Password(account.Password), nil
case model.AUTHMETHOD_PUBLICKEY:
if account.Phrase == "" {
pk, err := gssh.ParsePrivateKey([]byte(account.Pk))
if err != nil {
return nil, err
}
return gssh.PublicKeys(pk), nil
} else {
pk, err := gssh.ParsePrivateKeyWithPassphrase([]byte(account.Pk), []byte(account.Phrase))
if err != nil {
return nil, err
}
return gssh.PublicKeys(pk), nil
}
default:
return nil, fmt.Errorf("invalid authmethod %d", account.AccountType)
}
}
// publicKeyBytes
// path: ~/.ssh/id_ed25519
//func publicKeyBytes(path string) error {
// pbk, err := os.ReadFile(path)
// publicKey, err := gossh.ParsePublicKey(pbk)
// if err != nil {
// return err
// }
// gossh.PublicKeyAuth(func(ctx gossh.Context, key gossh.PublicKey) bool {
// return gossh.KeysEqual(key, publicKey)
// })
// return nil
//}
func NewSShSession(con *gssh.Client, pty gossh.Pty, gatewayCloseChan chan struct{}) (conn *Connection, err error) {
sess, er := con.NewSession()
if er != nil {
err = er
return
}
modes := gssh.TerminalModes{
gssh.ECHO: 1,
gssh.TTY_OP_ISPEED: 14400,
gssh.TTY_OP_OSPEED: 14400,
}
if err = sess.RequestPty("xterm", pty.Window.Height, pty.Window.Width, modes); err != nil {
return
}
stdin, err := sess.StdinPipe()
if err != nil {
return
}
stdout, err := sess.StdoutPipe()
if err != nil {
return
}
if err := sess.Shell(); err != nil {
_ = sess.Close()
}
conn = &Connection{
Stdin: stdin,
Stdout: stdout,
Session: sess,
SessionId: uuid.NewString(),
GateWayCloseChan: gatewayCloseChan,
Exit: make(chan struct{}),
}
conn.Record, err = record.NewAsciinema(conn.SessionId, pty)
conn.Parser = &Parser{
vimState: false,
commandState: true,
lock: sync.Mutex{},
}
return
}
// NewSShClient1
// =====================================================do not edit=============================================
func NewSShClient(addr string, account *model.Account, gateway *model.Gateway) (cli *gssh.Client, gatewayCloseChan chan struct{}, err error) {
sshConf, err := NewSSHClientConfig(account.Account, account)
if err != nil {
return
}
tmp := strings.Split(strings.TrimSpace(addr), ":")
if len(tmp) != 2 {
tmp = append(tmp, "22")
}
addr = strings.Join(tmp, ":")
if gateway != nil {
gatewayCloseChan = make(chan struct{})
gatewayConf, er := NewSSHClientConfig(gateway.Account,
&model.Account{AccountType: gateway.AccountType, Account: gateway.Account,
Password: gateway.Password, Pk: gateway.Pk, Phrase: gateway.Phrase})
if er != nil {
err = fmt.Errorf("gateway is not available %w", er)
return
}
gatewayCli, er := gssh.Dial("tcp", fmt.Sprintf("%s:%d", gateway.Host, gateway.Port), gatewayConf)
if er != nil {
err = fmt.Errorf("gateway is not available %w", er)
return
}
//hostname, er := os.Hostname()
//if er != nil {
// err = fmt.Errorf("gateway is not available %w", er)
// return
//}
targetAddr := addr
//addr = fmt.Sprintf("%s:%d", hostname, port)
port, er := GetAvailablePort()
addr = fmt.Sprintf("127.0.0.1:%d", port)
listener, er := net.Listen("tcp", addr)
if er != nil {
err = fmt.Errorf("gateway is not available %w", er)
return
}
var accept bool
go func() {
for {
select {
case <-gatewayCloseChan:
return
default:
if accept {
continue
}
lc, err := listener.Accept()
if err != nil {
return
}
gatewayConn, err := gatewayCli.Dial("tcp", targetAddr)
if err != nil {
return
}
go func() {
_, _ = io.Copy(lc, gatewayConn)
}()
go func() {
_, _ = io.Copy(gatewayConn, lc)
}()
accept = true
}
}
}()
}
cli, err = gssh.Dial("tcp", addr, sshConf)
return
}
func ResizeSshClient(sess *gssh.Session, h, w int) {
err := sess.WindowChange(h, w)
if err != nil {
logger.L.Warn(err.Error())
return
}
}
func GetAvailablePort() (int, error) {
addr, err := net.ResolveTCPAddr("tcp", "localhost:0")
if err != nil {
return 0, err
}
l, err := net.ListenTCP("tcp", addr)
if err != nil {
return 0, err
}
defer func(l *net.TCPListener) {
_ = l.Close()
}(l)
return l.Addr().(*net.TCPAddr).Port, nil
}
func AcquireGatewayListener() (string, error) {
if GatewayListener == nil {
port, err := GetAvailablePort()
if err != nil {
return "", fmt.Errorf("get available port failed:%s", err.Error())
}
addr := fmt.Sprintf("127.0.0.1:%d", port)
listener, er := net.Listen("tcp", addr)
if er != nil {
return "", fmt.Errorf("listen tcp %s failed: %s", addr, er.Error())
}
GatewayListener = listener
ListenGateway()
}
return GatewayListener.Addr().String(), nil
}
// func NewSShClient1(addr string, account *model.Account, gateway *model.Gateway) (cli *gssh.Client, gatewayCloseChan chan struct{}, err error) {
// password, pubkey := account.Password, ""
// if account.AccountType == model.AUTHMETHOD_PUBLICKEY {
// password, pubkey = pubkey, password
// }
// sshConf, err := NewSSHClientConfig(account.Account, password, pubkey)
// if err != nil {
// return
// }
// tmp := strings.Split(strings.TrimSpace(addr), ":")
// if len(tmp) != 2 {
// tmp = append(tmp, "22")
// }
// addr = strings.Join(tmp, ":")
// if gateway != nil {
// gatewayCloseChan = make(chan struct{})
// gatewayConf, er := NewSSHClientConfig(gateway.Account, gateway.Password, "")
// if er != nil {
// err = fmt.Errorf("gateway is not available %w", er)
// return
// }
// gatewayCli, er := gssh.Dial("tcp", fmt.Sprintf("%s:%d", gateway.Host, gateway.Port), gatewayConf)
// if er != nil {
// err = fmt.Errorf("gateway is not available %w", er)
// return
// }
// if gatewayAddr, er := AcquireGatewayListener(); er != nil {
// err = er
// return
// } else {
// fmt.Println("dial.........", gatewayAddr, sshConf)
// //c, er := net.DialTimeout("tcp", gatewayAddr, time.Second*5)
// //fmt.Println(c, er)
// cli, err = gssh.Dial("tcp", gatewayAddr, sshConf)
// if err != nil {
// return
// }
// fmt.Println("store.......")
// GatewayConnections.Store(cli.LocalAddr().String(), GatewayClient{client: gatewayCli, targetAddr: addr})
// fmt.Println("endd dial...", err)
// }
// } else {
// cli, err = gssh.Dial("tcp", addr, sshConf)
// }
// return
// }
func ListenGateway() {
go func() {
for {
conn, err := GatewayListener.Accept()
if err != nil {
logger.L.Warn(err.Error())
return
}
if v, ok := GatewayConnections.Load(conn.RemoteAddr().String()); ok {
cli := v.(GatewayClient)
gatewayConn, err := cli.client.Dial("tcp", cli.targetAddr)
if err != nil {
logger.L.Warn(err.Error())
break
}
go func() {
_, _ = io.Copy(conn, gatewayConn)
}()
go func() {
_, _ = io.Copy(gatewayConn, conn)
}()
}
}
}()
}

28
backend/pkg/proto/ssh/config/config.go
View File

@@ -1,28 +0,0 @@
package config
import (
"sync"
)
type Config struct {
Api string `yaml:"api"`
Token string `yaml:"token"`
Ip string `yaml:"ip"`
Port int `yaml:"port"`
WebUser string `yaml:"webUser"`
WebToken string `yaml:"webToken"`
RecordFilePath string `yaml:"recordFilePath"`
PrivateKeyPath string `yaml:"privateKeyPath"`
PlainMode bool `yaml:"plainMode"`
}
var (
SSHConfig Config
TotalMonitors = sync.Map{}
TotalHostSession = sync.Map{}
Assets = sync.Map{}
)

125
backend/pkg/proto/ssh/handler/handlers.go
View File

@@ -1,125 +0,0 @@
package handler
import (
"io"
"os"
"strings"
"time"
gossh "github.com/gliderlabs/ssh"
gssh "golang.org/x/crypto/ssh"
"github.com/veops/oneterm/pkg/logger"
"github.com/veops/oneterm/pkg/proto/ssh/api"
cfg "github.com/veops/oneterm/pkg/proto/ssh/config"
"github.com/veops/oneterm/pkg/server/model"
)
type sshdServer struct {
Core *api.CoreInstance
}
func Init(address, apiHost, token, privateKeyPath, secretKey string) (*gossh.Server, error) {
sshd := NewSshdServer(apiHost, token, secretKey)
s := &gossh.Server{
Addr: address,
Handler: sshd.HomeHandler,
PasswordHandler: sshd.PasswordHandler,
PublicKeyHandler: sshd.PublicKeyHandler,
IdleTimeout: time.Hour*2 + time.Minute,
}
for _, v := range hostPrivateKeys(privateKeyPath) {
singer, er := gssh.ParsePrivateKey(v)
if er != nil {
continue
}
s.AddHostKey(singer)
}
return s, nil
}
func hostPrivateKeys(privateKeyPath string) [][]byte {
var res [][]byte
if privateKeyPath == "" {
homeDir, er := os.UserHomeDir()
if er != nil {
logger.L.Error(er.Error())
}
privateKeyPath = homeDir + "/.ssh/id_ed25519"
}
privateKey, err := os.ReadFile(privateKeyPath)
if err != nil {
logger.L.Error(err.Error())
return res
}
return [][]byte{privateKey}
}
func NewSshdServer(apiHost, token, secretKey string) *sshdServer {
s := &sshdServer{
Core: api.NewCoreInstance(apiHost, token, secretKey),
}
return s
}
func (s *sshdServer) PasswordHandler(ctx gossh.Context, password string) bool {
if password == "" {
return false
}
if ctx.User() == cfg.SSHConfig.WebUser && password == cfg.SSHConfig.WebToken {
ctx.SetValue("sshType", model.SESSIONTYPE_WEB)
return true
}
ctx.SetValue("sshType", model.SESSIONTYPE_CLIENT)
s.Core.Auth.Username = ctx.User()
s.Core.Auth.Password = password
s.Core.Auth.PublicKey = ""
return s.Auth(ctx)
}
func (s *sshdServer) PublicKeyHandler(ctx gossh.Context, key gossh.PublicKey) bool {
authorizedKey := gssh.MarshalAuthorizedKey(key)
s.Core.Auth.PublicKey = strings.TrimSpace(string(authorizedKey))
if s.Core.Auth.PublicKey == "" {
return false
}
s.Core.Auth.Username = ctx.User()
s.Core.Auth.Password = ""
if ctx.Value("sshType") == nil {
ctx.SetValue("sshType", model.SESSIONTYPE_CLIENT)
}
return s.Auth(ctx)
}
func (s *sshdServer) Auth(ctx gossh.Context) bool {
cookie, err := s.Core.Auth.Authenticate()
if err != nil || cookie == "" {
return false
}
ctx.SetValue("cookie", cookie)
return true
}
func (s *sshdServer) HomeHandler(gs gossh.Session) {
if py, winChan, isPty := gs.Pty(); isPty {
if py.Window.Height == 0 {
py.Window.Height = 24
}
interactiveSrv := NewInteractiveHandler(gs, s, py)
go interactiveSrv.WatchWinSize(winChan)
interactiveSrv.Schedule(&py)
} else {
if _, err := io.WriteString(gs, "不是PTY请求.\n"); err != nil {
logger.L.Error(err.Error())
}
err := gs.Exit(1)
if err != nil {
logger.L.Error(err.Error())
}
return
}
}

801
backend/pkg/proto/ssh/handler/interactive.go
View File

@@ -1,801 +0,0 @@
// Package handler
/**
Copyright (c) The Authors.
* @Author: feng.xiang
* @Date: 2023/12/13 09:50
* @Desc:
*/
package handler
import (
"bytes"
"encoding/json"
"fmt"
"io"
"net"
"strings"
"sync"
"time"
"github.com/BurntSushi/toml"
"github.com/c-bata/go-prompt"
"github.com/chzyer/readline"
gossh "github.com/gliderlabs/ssh"
"github.com/mattn/go-runewidth"
"github.com/nicksnyder/go-i18n/v2/i18n"
"github.com/olekukonko/tablewriter"
"github.com/patrickmn/go-cache"
"github.com/spf13/cast"
"github.com/veops/go-ansiterm"
"go.uber.org/zap"
"golang.org/x/crypto/ssh"
"golang.org/x/text/language"
myi18n "github.com/veops/oneterm/pkg/i18n"
"github.com/veops/oneterm/pkg/logger"
"github.com/veops/oneterm/pkg/proto/ssh/client"
"github.com/veops/oneterm/pkg/proto/ssh/config"
gsession "github.com/veops/oneterm/pkg/server/global/session"
"github.com/veops/oneterm/pkg/server/model"
"github.com/veops/oneterm/pkg/util"
)
type InteractiveHandler struct {
Locker *sync.RWMutex
Session gossh.Session
//Term *term.Terminal
Term *readline.Instance
Prompt *prompt.Prompt
Localizer *i18n.Localizer
SshType int
pty *gossh.Pty
Sshd *sshdServer
Pty gossh.Pty
Language int
Assets []*model.Asset
Accounts map[int]*model.Account
Commands map[int]*model.Command
HistoryInput []string
SshClient *ssh.Client
SshSession map[string]*client.Connection
GatewayCloseChan chan struct{}
SelectedAsset *model.Asset
SessionReq *gsession.SshReq
AccountInfo *model.Account
NeedAccount bool
Parser *Parser
GatewayListener net.Listener
MessageChan chan string
AccountsForSelect []*model.Account
Cache *cache.Cache
}
type Parser struct {
Input *ansiterm.ByteStream
Output *ansiterm.ByteStream
InputData []byte
OutputData []byte
Ps1 string
Ps2 string
}
var (
Bundle = i18n.NewBundle(language.Chinese)
TotalSession = map[string]*client.Connection{}
)
func I18nInit(path string) {
Bundle.RegisterUnmarshalFunc("toml", toml.Unmarshal)
files, err := util.ListFiles(path)
if err != nil {
logger.L.Error(err.Error(), zap.String("module", "i18n"))
}
for _, f := range files {
_, err = Bundle.LoadMessageFile(f)
if err != nil {
logger.L.Warn(err.Error(), zap.String("module", "i18n"))
}
}
}
func NewInteractiveHandler(s gossh.Session, ss *sshdServer, pty gossh.Pty) *InteractiveHandler {
//t := term.NewTerminal(s, "> ")
t, err := readline.NewEx(&readline.Config{
Stdin: s,
Stdout: s,
Prompt: ">",
})
if err != nil {
logger.L.Error(err.Error())
}
ih := &InteractiveHandler{
Locker: new(sync.RWMutex),
Term: t,
Session: s,
Sshd: ss,
SessionReq: &gsession.SshReq{},
SshSession: map[string]*client.Connection{},
Pty: pty,
MessageChan: make(chan string, 128),
Cache: cache.New(time.Minute, time.Minute*5),
}
ih.Language = 1
ih.Localizer = i18n.NewLocalizer(Bundle)
width := 120
height := 40
if pty.Window.Width != 0 {
width = pty.Window.Width
}
if pty.Window.Height != 0 {
height = pty.Window.Height
}
ih.Parser = &Parser{
Input: NewParser(width, height),
Output: NewParser(width, height),
}
return ih
}
func completer(d prompt.Document) []prompt.Suggest {
// 这里可以根据用户的实时输入来动态生成建议
suggestions := []prompt.Suggest{
{Text: "users", Description: "Store the username"},
{Text: "articles", Description: "Store the article text posted by user"},
}
// 只有当用户输入为空,或者以 'u' 开始时,才显示建议
if d.TextBeforeCursor() == "" || d.GetWordBeforeCursorWithSpace() == "u" {
return prompt.FilterHasPrefix(suggestions, d.GetWordBeforeCursor(), true)
}
// 其他情况不显示任何建议
return []prompt.Suggest{}
}
func NewParser(width, height int) *ansiterm.ByteStream {
screen := ansiterm.NewScreen(width, height)
stream := ansiterm.InitByteStream(screen, false)
stream.Attach(screen)
return stream
}
func (i *InteractiveHandler) WatchWinSize(winChan <-chan gossh.Window) {
for {
select {
case <-i.Session.Context().Done():
return
case win, ok := <-winChan:
if !ok {
return
}
for _, v := range i.SshSession {
client.ResizeSshClient(v.Session, win.Height, win.Width)
_ = v.Record.Resize(win.Height, win.Width)
}
}
}
}
func (i *InteractiveHandler) SwitchLanguage(lang string) {
languages := []string{"zh", "en"}
switch len(lang) {
case 0:
length := len(languages)
if length <= 1 {
return
}
if i.Language >= length {
i.Language = 1
} else {
i.Language += 1
}
default:
for index, v := range languages {
if v == lang {
i.Language = index + 1
}
}
}
i.Localizer = i18n.NewLocalizer(Bundle, languages[i.Language-1])
}
func (i *InteractiveHandler) SwitchLang(lang string) {
languages := []string{"zh", "en"}
switch len(lang) {
case 0:
length := len(languages)
if length <= 1 {
return
}
if i.Language >= length {
i.Language = 1
} else {
i.Language += 1
}
default:
for index, v := range languages {
if v == lang {
i.Language = index + 1
}
}
}
i.Localizer = i18n.NewLocalizer(Bundle, languages[i.Language-1])
i.PrintMessage(myi18n.MsgSshWelcome, map[string]any{"User": i.Session.User()})
}
func (i *InteractiveHandler) output(msg string) {
_, _ = io.WriteString(i.Session, msg)
}
func (i *InteractiveHandler) HostInfo(id int) (asset *model.Asset, err error) {
if id < 0 {
return
}
cookie, ok := i.Session.Context().Value("cookie").(string)
if !ok {
err = fmt.Errorf("no cookie")
return
}
res, er := i.Sshd.Core.Asset.Lists(cookie, "", id)
if er != nil {
err = er
return
}
if res.Count != 1 {
er = fmt.Errorf("found %d hosts: not unique", res.Count)
return
}
bs, er := json.Marshal(res.List[0])
if er != nil {
err = er
return
}
err = json.Unmarshal(bs, &asset)
if err != nil {
return
}
return asset, nil
}
func (i *InteractiveHandler) Check(id int, host *model.Asset) (asset *model.Asset, state bool, err error) {
assets, er := i.AcquireAssets("", id)
if er != nil {
err = er
return
}
if len(assets) == 0 {
return
}
asset = assets[0]
state = i.Sshd.Core.Asset.HasPermission(asset.AccessAuth)
return
}
func (i *InteractiveHandler) generateSessionRecord(conn *client.Connection, status int) (res *model.Session, err error) {
res = &model.Session{
SessionType: cast.ToInt(i.Session.Context().Value("sshType")),
}
if i.SessionReq != nil && i.SessionReq.Uid != 0 {
err = util.DecodeStruct(&res, i.SessionReq)
if err != nil {
return
}
res.Uid = i.SessionReq.Uid
} else {
res.ClientIp = i.Session.RemoteAddr().String()
}
res.UserName = i.Session.Context().User()
res.AccountInfo = fmt.Sprintf("%s(%s)", i.AccountInfo.Name, i.AccountInfo.Account)
s, er := i.Sshd.Core.Auth.AclInfo(i.Session.Context().Value("cookie").(string))
if er != nil {
logger.L.Warn(er.Error(), zap.String("session", "add"))
} else if s != nil {
res.Uid = s.Uid
res.UserName = s.UserName
}
res.Status = status
res.AssetInfo = fmt.Sprintf("%s(%s)", i.SelectedAsset.Name, i.SelectedAsset.Ip)
res.SessionId = conn.SessionId
res.GatewayId = i.SelectedAsset.GatewayId
if conn.Gateway != nil {
res.GatewayInfo = fmt.Sprintf("%s:%d", conn.Gateway.Host, conn.Gateway.Port)
}
res.AssetId = i.SelectedAsset.Id
res.AccountId = i.AccountInfo.Id
if status == model.SESSIONSTATUS_OFFLINE {
t := time.Now()
res.ClosedAt = &t
}
return
}
func readLine(s gossh.Session) string {
buf := make([]byte, 1)
var in []byte
for {
_, _ = s.Read(buf)
switch buf[0] {
case []byte("\r")[0], []byte("\r\n")[0]:
return string(in)
default:
in = append(in, buf[0])
}
}
}
func (i *InteractiveHandler) Schedule(pty *gossh.Pty) {
i.pty = pty
var err error
var line string
if st, ok := i.Session.Context().Value("sshType").(int); ok && st == model.SESSIONTYPE_WEB {
//line, err = i.Term.ReadLine()
line = readLine(i.Session)
if err != nil {
logger.L.Debug("connection closed", zap.String("msg", err.Error()))
return
}
var r *gsession.SshReq
err = json.Unmarshal([]byte(line), &r)
if err != nil {
logger.L.Warn(err.Error())
return
}
// "Accept-Language")
//i.Localizer = i18n.NewLocalizer(conf.Bundle, lang, accept)
i.Session.Context().SetValue("cookie", r.Cookie)
i.SessionReq = r
// monitor
{
if i.SessionReq.SessionId != "" {
switch i.SessionReq.Action {
case model.SESSIONACTION_MONITOR:
i.wrapJsonResponse(i.SessionReq.SessionId, 0, "success")
RegisterMonitorSession(i.SessionReq.SessionId, i.Session)
return
case model.SESSIONACTION_CLOSE:
if v, ok := config.TotalHostSession.Load(i.SessionReq.SessionId); ok {
err = v.(*client.Connection).Session.Close()
if err != nil {
logger.L.Warn(err.Error())
i.wrapJsonResponse(i.SessionReq.SessionId, 1, "failed")
return
}
close(v.(*client.Connection).Exit)
}
i.wrapJsonResponse(i.SessionReq.SessionId, 0, "success")
return
}
}
}
host, ok, err := i.Check(r.AssetId, nil)
if err != nil {
logger.L.Warn(err.Error())
i.wrapJsonResponse("", 1, err.Error())
return
}
if !ok {
i.wrapJsonResponse("", 1, fmt.Sprintf("invalid status for %v", r.AssetId))
return
}
i.SelectedAsset = host
commands, er := i.AcquireCommands()
if er != nil {
return
}
i.Commands = commands
_, err = i.Proxy(host.Ip, r.AccountId)
if err != nil {
logger.L.Error(err.Error(), zap.String("module", "proxy"))
i.wrapJsonResponse("", 1, err.Error())
}
return
} else {
if config.SSHConfig.PlainMode {
i.SwitchLang("zh")
for {
//line, err = i.Term.ReadLine()
line, err = i.Term.Readline()
if err != nil {
logger.L.Debug("connection closed", zap.String("msg", err.Error()))
break
}
if strings.TrimSpace(line) == "" {
continue
}
if i.HandleInput(strings.TrimSpace(line)) {
break
}
}
} else {
tm := InitAndRunTerm(i)
_, err := tm.Run()
if err != nil {
logger.L.Error(err.Error(), zap.String("module", "schedule"))
}
}
}
}
func (i *InteractiveHandler) HandleInput(line string) (exit bool) {
switch strings.TrimSpace(line) {
case "/*":
i.SelectedAsset = nil
assets, er := i.AcquireAssets("", 0)
if er != nil {
return
}
accounts, er := i.AcquireAccounts()
if er != nil {
return
}
commands, er := i.AcquireCommands()
if er != nil {
return
}
i.Locker.Lock()
i.Assets = assets
i.Accounts = accounts
i.Commands = commands
i.Locker.Unlock()
i.showResult(assets)
return
case "/?", "/":
i.PrintMessage(myi18n.MsgSshWelcome, map[string]any{"User": i.Session.User()})
return
case "/s":
i.SwitchLang("")
return
case "/q":
i.Session.Close()
return
default:
switch {
case line == "exit":
logger.L.Info("exit", zap.String("user", i.Session.User()), zap.String("input", line))
i.Session.Close()
return
}
}
_, er := i.Proxy(line, -1)
if er != nil {
logger.L.Info(er.Error())
}
if st, ok := i.Session.Context().Value("sshType").(int); ok && st == model.SESSIONTYPE_WEB {
exit = true
}
return
}
func (i *InteractiveHandler) AcquireAndStoreAssets(search string, id int) (selectedHosts, likeHosts []*model.Asset, err error) {
i.Locker.RLock()
count := len(i.Assets)
i.Locker.RUnlock()
var find = func(assets []*model.Asset) (selectedHosts, likeHosts []*model.Asset) {
if search == "" {
return
}
for _, v := range assets {
if v.Ip == search || v.Name == search {
selectedHosts = append(selectedHosts, v)
} else if strings.Contains(v.Ip, search) || strings.Contains(v.Name, search) {
likeHosts = append(likeHosts, v)
}
}
return
}
if count == 0 {
res, er := i.AcquireAssets(search, id)
if er != nil {
err = er
return
}
selectedHosts, likeHosts = find(res)
i.Locker.Lock()
i.Assets = res
i.Locker.Unlock()
return
} else {
i.Locker.Lock()
selectedHosts, likeHosts = find(i.Assets)
i.Locker.Unlock()
return
}
}
func (i *InteractiveHandler) AcquireAssets(search string, id int) (assets []*model.Asset, err error) {
if search == "" && id <= 0 {
if v, ok := i.Cache.Get("assets"); ok {
return v.([]*model.Asset), nil
} else {
defer func() {
if err == nil {
i.Cache.Set("assets", assets, 0)
}
}()
}
}
if totalAssets, ok := i.Cache.Get("assets"); ok {
for _, v := range totalAssets.([]*model.Asset) {
if id > 0 {
if id == v.Id {
assets = append(assets, v)
return
} else {
continue
}
} else {
if strings.Contains(v.Name, search) {
assets = append(assets, v)
}
}
}
} else {
cookie, ok := i.Session.Context().Value("cookie").(string)
if ok {
res, er := i.Sshd.Core.Asset.Lists(cookie, search, id)
if er != nil {
err = er
return
}
if res != nil {
for _, v := range res.List {
var v1 model.Asset
_ = util.DecodeStruct(&v1, v)
bs, _ := json.Marshal(v.(map[string]interface{})["authorization"])
er = json.Unmarshal(bs, &v1.Authorization)
if er != nil {
logger.L.Warn(er.Error())
}
assets = append(assets, &v1)
}
}
} else {
err = fmt.Errorf("no cookies")
}
}
return
}
func (i *InteractiveHandler) AcquireAccounts() (accounts map[int]*model.Account, err error) {
accounts = map[int]*model.Account{}
cookie, ok := i.Session.Context().Value("cookie").(string)
if ok {
res, er := i.Sshd.Core.Auth.Accounts(cookie)
if er != nil {
err = er
return
}
for _, v := range res {
var v1 model.Account
_ = util.DecodeStruct(&v1, v)
accounts[v1.Id] = &v1
}
} else {
err = fmt.Errorf("no cookies")
}
return
}
func (i *InteractiveHandler) AcquireAccountInfo(id int, name string) (res *model.Account, err error) {
cookie, ok := i.Session.Context().Value("cookie").(string)
if ok {
return i.Sshd.Core.Auth.AccountInfo(cookie, id, name)
} else {
err = fmt.Errorf("no cookies")
}
return
}
func (i *InteractiveHandler) AcquireCommands() (commands map[int]*model.Command, err error) {
commands = map[int]*model.Command{}
cookie, ok := i.Session.Context().Value("cookie").(string)
if ok {
res, er := i.Sshd.Core.Asset.Commands(cookie)
if er != nil {
err = er
return
}
for _, v := range res {
var v1 model.Command
_ = util.DecodeStruct(&v1, v)
commands[v1.Id] = &v1
}
} else {
err = fmt.Errorf("no cookies")
}
return
}
func (i *InteractiveHandler) AcquireConfig() (config *model.Config, err error) {
config = &model.Config{}
cookie, ok := i.Session.Context().Value("cookie").(string)
if ok {
res, er := i.Sshd.Core.Asset.Config(cookie)
if er != nil {
err = er
return
}
config = res
} else {
err = fmt.Errorf("no cookies")
}
return
}
func (i *InteractiveHandler) showResult(data []*model.Asset) {
i.Term.SetPrompt("host> ")
var hosts []string
for _, d := range data {
hosts = append(hosts, d.Name)
}
var templateData = map[string]interface{}{
"Count": len(data),
"Msg": "",
}
if data != nil {
templateData["Msg"] = i.tableData(hosts)
}
i.PrintMessage(myi18n.MsgSshShowAssetResults, templateData)
}
func (i *InteractiveHandler) tableData(data []string) string {
chunkData := i.chunkData(data)
buf := &bytes.Buffer{}
tw := tablewriter.NewWriter(buf)
tw.SetAutoWrapText(false)
tw.SetColumnSeparator(" ")
tw.SetNoWhiteSpace(false)
tw.SetBorder(false)
tw.SetAlignment(tablewriter.ALIGN_LEFT)
tw.AppendBulk(chunkData)
tw.Render()
return buf.String()
}
func (i *InteractiveHandler) chunkData(data []string) (res [][]string) {
width := 80
if i.pty != nil {
width = i.pty.Window.Width
}
n := len(data)
chunk := n
for ; chunk >= 1; chunk -= 1 {
ok := true
for i := 0; i < n && ok; i += chunk {
w := chunk*3 + 4
r := i + chunk
if r > n {
r = n
}
for _, s := range data[i:r] {
w += runewidth.StringWidth(s)
}
ok = ok && w <= width
}
if ok {
t := i.getChunk(data, chunk)
maxLen := make(map[int]int)
for _, c := range t {
for i, v := range c {
l := runewidth.StringWidth(v)
if l > maxLen[i] {
maxLen[i] = l
}
}
}
for _, row := range t {
w := chunk*3 + 4
for i := range row {
w += maxLen[i]
}
ok = ok && w <= width
}
}
if ok {
break
}
}
if chunk < 1 {
chunk = 1
}
res = i.getChunk(data, chunk)
return
}
func (i *InteractiveHandler) getChunk(data []string, chunk int) (res [][]string) {
n := len(data)
for i := 0; i < n; i += chunk {
r := i + chunk
if r > n {
r = n
}
res = append(res, data[i:r])
}
return
}
func (i *InteractiveHandler) wrapJsonResponse(sessionId string, code int, message string) {
if st, ok := i.Session.Context().Value("sshType").(int); ok && st != model.SESSIONTYPE_WEB {
return
}
res, er := json.Marshal(gsession.ServerResp{
Code: code,
Message: message,
SessionId: sessionId,
Uid: i.SessionReq.Uid,
UserName: i.SessionReq.UserName,
})
if er != nil {
logger.L.Error(er.Error())
}
i.output(string(append(res, []byte("\r")...)))
}
func (i *InteractiveHandler) NewSession(account *model.Account, gateway *model.Gateway) (conn *client.Connection, err error) {
i.Locker.Lock()
defer i.Locker.Unlock()
if i.SshClient == nil {
protocol := i.SessionReq.Protocol
if strings.HasPrefix(i.SessionReq.Protocol, "ssh:") {
protocol = "ssh:" + getSshPort(i.SessionReq.Protocol)
}
con, ch, er := client.NewSShClient(strings.ReplaceAll(protocol, "ssh", i.SelectedAsset.Ip), account, gateway)
if er != nil {
err = er
return
}
i.SshClient = con
i.GatewayCloseChan = ch
}
i.AccountInfo = account
conn, err = client.NewSShSession(i.SshClient, i.Pty, i.GatewayCloseChan)
if err != nil {
return
}
conn.AssetId = i.SelectedAsset.Id
conn.AccountId = account.Id
conn.Gateway = gateway
i.SshSession[conn.SessionId] = conn
return
}
func (i *InteractiveHandler) UpsertSession(conn *client.Connection, status int) error {
resp, err := i.generateSessionRecord(conn, status)
if err != nil {
return err
}
return i.Sshd.Core.Audit.NewSession(resp)
}

34
backend/pkg/proto/ssh/handler/message.go
View File

@@ -1,34 +0,0 @@
package handler
import (
"github.com/nicksnyder/go-i18n/v2/i18n"
"go.uber.org/zap"
"github.com/veops/oneterm/pkg/logger"
"github.com/veops/oneterm/pkg/proto/ssh/config"
)
func (i *InteractiveHandler) PrintMessage(msg *i18n.Message, data any) {
if config.SSHConfig.PlainMode {
i.output("\r\n" + i.Message(msg, data))
} else {
i.MessageChan <- i.Message(msg, data)
}
}
func (i *InteractiveHandler) PrintMessageV1(msg *i18n.Message, data any) {
i.output(i.Message(msg, data))
}
func (i *InteractiveHandler) Message(msg *i18n.Message, data any) string {
str, er := i.Localizer.Localize(&i18n.LocalizeConfig{
DefaultMessage: msg,
TemplateData: data,
PluralCount: 1,
})
if er != nil {
logger.L.Warn(er.Error(), zap.String("module", "i18n"))
return ""
}
return str
}

554
backend/pkg/proto/ssh/handler/proxy.go
View File

@@ -1,554 +0,0 @@
// Package handler
/**
Copyright (c) The Authors.
* @Author: feng.xiang
* @Date: 2024/1/18 17:05
* @Desc:
*/
package handler
import (
"bytes"
"fmt"
"io"
"regexp"
"sort"
"strings"
"sync/atomic"
"time"
"unicode/utf8"
gossh "github.com/gliderlabs/ssh"
"github.com/nicksnyder/go-i18n/v2/i18n"
myi18n "github.com/veops/oneterm/pkg/i18n"
"github.com/veops/oneterm/pkg/logger"
"github.com/veops/oneterm/pkg/proto/ssh/client"
"github.com/veops/oneterm/pkg/proto/ssh/config"
"github.com/veops/oneterm/pkg/server/model"
)
var (
IdleTimeout = time.Minute * 5
ReturnKey = []byte{0x0d}
)
func (i *InteractiveHandler) Proxy(line string, accountId int) (step int, err error) {
step = 1
if accountId > 0 {
var accountName string
defer func() {
if err != nil {
i.PrintMessage(myi18n.MsgSshAccountLoginError, map[string]any{"User": accountName})
}
}()
if i.SelectedAsset != nil && accountId < 0 {
accountName = line
}
host, ok, er := i.Check(i.SelectedAsset.Id, nil)
if er != nil {
err = er
return
}
if !ok {
err = fmt.Errorf("current time is not allowed to access")
return
}
i.SelectedAsset = host
if _, ok := i.SelectedAsset.Authorization[accountId]; !ok {
err = fmt.Errorf("you donnot have permission")
return
}
account, er := i.Sshd.Core.Auth.AccountInfo(i.Session.Context().Value("cookie").(string), accountId, accountName)
if er != nil {
err = er
return
}
accountName = account.Name
var gateway *model.Gateway
if i.SelectedAsset.GatewayId != 0 {
gateway, err = i.Sshd.Core.Asset.Gateway(i.Session.Context().Value("cookie").(string), i.SelectedAsset.GatewayId)
if err != nil {
return
}
}
conn, er := i.NewSession(account, gateway)
if er != nil {
err = er
return
}
er = i.UpsertSession(conn, model.SESSIONSTATUS_ONLINE)
if er != nil {
logger.L.Warn(er.Error())
}
config.TotalHostSession.Store(conn.SessionId, conn)
if err := i.bind(i.Session, conn); err != nil {
logger.L.Error(err.Error())
}
step = 1
} else {
if i.NeedAccount && i.SelectedAsset != nil {
i.NeedAccount = false
var account *model.Account
accountIds := make([]int, 0)
for aId := range i.SelectedAsset.Authorization {
accountIds = append(accountIds, aId)
}
sort.Ints(accountIds)
for _, aId := range accountIds {
account := i.Accounts[aId]
if config.SSHConfig.PlainMode {
if account == nil || !strings.Contains(account.Name, line) {
continue
}
} else {
if account == nil || line != account.Name {
continue
}
}
return i.Proxy(line, account.Id)
}
if account == nil {
i.PrintMessage(myi18n.MsgSshAccountLoginError, map[string]any{"User": line})
}
return
} else if strings.TrimSpace(line) == "" {
return
}
var (
host *model.Asset
)
selectHosts, likeHosts, er := i.AcquireAndStoreAssets(line, 0)
if er != nil {
logger.L.Error(err.Error())
}
if len(selectHosts) == 0 && len(likeHosts) == 0 {
i.PrintMessage(myi18n.MsgSshNoMatchingAsset, map[string]any{"Host": line})
return
}
switch len(selectHosts) {
case 0:
switch len(likeHosts) {
case 0:
return
case 1:
host = likeHosts[0]
default:
i.showResult(likeHosts)
return
}
case 1:
host = selectHosts[0]
default:
i.showResult(selectHosts)
return
}
i.SelectedAsset = host
var sshPort string
for _, v := range host.Protocols {
if strings.HasPrefix(v, "ssh") {
sshPort = getSshPort(v)
break
}
}
if sshPort == "" {
i.PrintMessage(myi18n.MsgSshNoSshAccessMethod, map[string]any{"Host": line})
return
}
i.SessionReq.Protocol = "ssh:" + sshPort
var hostAccountIds []int
if len(i.Accounts) == 0 {
accounts, er := i.AcquireAccounts()
if er != nil {
logger.L.Info(er.Error())
} else {
i.Accounts = accounts
}
}
for k := range host.Authorization {
if v, ok := i.Accounts[k]; ok {
hostAccountIds = append(hostAccountIds, v.Id)
}
}
sort.Ints(hostAccountIds)
switch len(hostAccountIds) {
case 0:
i.PrintMessage(myi18n.MsgSshNoSshAccountForAsset, map[string]any{"Host": line})
return
case 1:
return i.Proxy(line, hostAccountIds[0])
default:
var accounts []string
for _, aId := range hostAccountIds {
if account, ok := i.Accounts[aId]; ok {
i.AccountsForSelect = append(i.AccountsForSelect, account)
accounts = append(accounts, account.Name)
}
}
i.NeedAccount = true
if config.SSHConfig.PlainMode {
i.PrintMessage(myi18n.MsgSshMultiSshAccountForAsset, map[string]any{"Accounts": i.tableData(accounts)})
}
step = 2
}
}
return
}
func getSshPort(protocol string) (sshPort string) {
tmp := strings.Split(protocol, ":")
if len(tmp) == 2 && tmp[0] == "ssh" {
sshPort = tmp[1]
}
if strings.TrimSpace(sshPort) == "" {
sshPort = "22"
}
return sshPort
}
func (i *InteractiveHandler) handleUserInput(userConn gossh.Session, targetInChan chan<- []byte,
done chan struct{}) {
buffer := bytes.NewBuffer(make([]byte, 0, 1024*2))
maxLen := 1024
for {
buf := make([]byte, maxLen)
nr, err := userConn.Read(buf)
if nr > 0 {
validBytes := buf[:nr]
bufferLen := buffer.Len()
if bufferLen > 0 || nr == maxLen {
buffer.Write(buf[:nr])
validBytes = validBytes[:0]
}
remainBytes := buffer.Bytes()
for len(remainBytes) > 0 {
r, size := utf8.DecodeRune(remainBytes)
if r == utf8.RuneError {
if len(remainBytes) <= 3 {
break
}
}
validBytes = append(validBytes, remainBytes[:size]...)
remainBytes = remainBytes[size:]
}
buffer.Reset()
if len(remainBytes) > 0 {
buffer.Write(remainBytes)
}
select {
case targetInChan <- validBytes:
case <-done:
break
}
}
if err != nil {
break
}
}
close(targetInChan)
}
func (i *InteractiveHandler) handleHostOutput(hostConn *client.Connection, userConn gossh.Session,
done chan struct{}, ticker *time.Ticker) {
for {
buf := make([]byte, 1024)
n, err := hostConn.Stdout.Read(buf)
if err != nil {
logger.L.Warn(err.Error())
}
ticker.Reset(IdleTimeout)
i.handleOutput(buf[:n], hostConn, userConn)
if err == io.EOF {
close(done)
break
}
}
}
func (i *InteractiveHandler) bind(userConn gossh.Session, hostConn *client.Connection) error {
maxIdleTimeout := time.Hour * 2
mConfig, _ := i.AcquireConfig()
if mConfig != nil && mConfig.Timeout > 0 {
IdleTimeout = time.Second * time.Duration(mConfig.Timeout)
}
if IdleTimeout > maxIdleTimeout {
IdleTimeout = maxIdleTimeout
}
targetInChan := make(chan []byte, 1)
done := make(chan struct{})
var (
exit bool
accessUpdateStep = time.Minute
waitRead atomic.Bool
)
waitRead.Store(true)
i.wrapJsonResponse(hostConn.SessionId, 0, "success")
tk, tkAccess, readReset := time.NewTicker(IdleTimeout), time.NewTicker(accessUpdateStep), time.NewTicker(time.Second)
go i.handleUserInput(userConn, targetInChan, done)
go i.handleHostOutput(hostConn, userConn, done, tk)
for {
select {
case p, ok := <-targetInChan:
if !ok {
return nil
}
tk.Reset(IdleTimeout)
//readL.WriteStdin(p)
err, _ := i.HandleData(p, hostConn, userConn)
if err != nil {
logger.L.Error(err.Error())
}
readReset.Reset(time.Second)
case <-done:
exit = true
case <-tk.C:
_, err := userConn.Write([]byte(i.Message(myi18n.MsgSShHostIdleTimeout, map[string]any{"Idle": IdleTimeout})))
if err != nil {
logger.L.Warn(err.Error())
}
exit = true
case <-readReset.C:
waitRead.Store(true)
case <-hostConn.Exit:
exit = true
case <-i.Session.Context().Done():
exit = true
case <-tkAccess.C:
commands, er := i.AcquireCommands()
if er == nil {
i.Commands = commands
}
asset, er := i.AcquireAssets("", hostConn.AssetId)
if er != nil || len(asset) <= 0 || !i.Sshd.Core.Asset.HasPermission(asset[0].AccessAuth) {
_, err := userConn.Write([]byte(i.Message(myi18n.MsgSshAccessRefusedInTimespan, nil)))
if err != nil {
logger.L.Error(err.Error())
}
exit = true
break
}
i.SelectedAsset = asset[0]
if _, ok := asset[0].Authorization[hostConn.AccountId]; !ok {
_, err := userConn.Write([]byte(i.Message(myi18n.MsgSshNoAssetPermission, map[string]any{"Host": i.SelectedAsset.Name})))
if err != nil {
logger.L.Warn(err.Error())
}
exit = true
break
}
account, er := i.AcquireAccountInfo(hostConn.AccountId, "")
if er != nil || account == nil {
_, err := userConn.Write([]byte(i.Message(myi18n.MsgSshNoAssetPermission, map[string]any{"Host": i.SelectedAsset.Name})))
if err != nil {
logger.L.Warn(err.Error())
}
exit = true
break
}
}
if exit {
i.Exits(hostConn)
return nil
}
}
}
func (i *InteractiveHandler) handleOutput(data []byte, hostConn *client.Connection, userConn gossh.Session) {
_, err := userConn.Write(data)
if err != nil {
logger.L.Info(err.Error())
}
if !hostConn.Parser.State(data) {
i.Parser.OutputData = append(i.Parser.OutputData, data...)
}
err = hostConn.Record.Write(data)
if err != nil {
logger.L.Error(err.Error())
}
Monitor(hostConn.SessionId, data)
}
func (i *InteractiveHandler) CommandLevel(cmd string) int {
// TODO
return 0
}
func parseOutput(data []string) (output []string) {
for _, line := range data {
if strings.TrimSpace(line) != "" {
output = append(output, line)
}
}
return output
}
func (i *InteractiveHandler) Output() string {
i.Parser.Output.Feed(i.Parser.OutputData)
res := parseOutput(i.Parser.Output.Listener.Display())
if len(res) == 0 {
return ""
}
return res[len(res)-1]
}
func (i *InteractiveHandler) Command() string {
s := i.Output()
return strings.TrimPrefix(s, i.Parser.Ps1)
}
func (i *InteractiveHandler) HandleData(data []byte, hostConn *client.Connection, userConn gossh.Session) (err error, exit bool) {
if hostConn.Parser.State(data) {
_, err = hostConn.Stdin.Write(data)
if err != nil {
logger.L.Error(err.Error())
}
return
}
var write bool
if bytes.LastIndex(data, []byte{0x0d}) == -1 {
_, err = hostConn.Stdin.Write(data)
if err != nil {
logger.L.Error(err.Error())
}
write = true
} else {
if len(data) > 1 {
var tmp []byte
for _, d := range data {
if d != 0x0d {
tmp = append(tmp, d)
continue
}
if len(tmp) > 0 {
err1, stop := i.HandleData(tmp, hostConn, userConn)
if err1 != nil {
return err1, stop
}
if stop {
break
}
}
err1, stop := i.HandleData(ReturnKey, hostConn, userConn)
if err != nil {
return err1, stop
}
if stop {
break
}
}
return
}
}
if bytes.LastIndex(data, ReturnKey) == 0 {
time.Sleep(time.Millisecond * 100)
}
if len(i.Parser.InputData) == 0 && i.Parser.Ps2 == "" {
i.Parser.Ps1 = i.Output()
}
i.Parser.InputData = append(i.Parser.InputData, data...)
if bytes.LastIndex(data, ReturnKey) == 0 {
command := i.Command()
i.Parser.Output.Listener.Reset()
i.Parser.OutputData = nil
i.Parser.InputData = nil
i.Parser.Ps2 = ""
if _, valid := i.CommandCheck(command); valid {
if strings.TrimSpace(command) != "" {
go i.Sshd.Core.Audit.AddCommand(model.SessionCmd{Cmd: command, Level: i.CommandLevel(command), SessionId: hostConn.SessionId})
}
if !write {
_, err = hostConn.Stdin.Write(data)
if err != nil {
logger.L.Warn(err.Error())
}
}
} else {
tips, _ := i.Localizer.Localize(&i18n.LocalizeConfig{
DefaultMessage: myi18n.MsgSshCommandRefused,
TemplateData: map[string]string{"Command": command},
PluralCount: 1,
})
_, err = hostConn.Stdin.Write([]byte{0x15})
if err != nil {
logger.L.Warn(err.Error())
}
i.Parser.Ps2 = i.Parser.Ps1 + command
i.handleOutput([]byte("\r\n"+tips+i.Parser.Ps2), hostConn, userConn)
_, err = hostConn.Stdin.Write([]byte{0x15})
return err, true
}
}
return
}
func (i *InteractiveHandler) Exits(conn *client.Connection) {
if conn.GateWayCloseChan != nil {
conn.GateWayCloseChan <- struct{}{}
}
_ = conn.Session.Close()
conn.Record.Close()
config.TotalHostSession.Delete(conn.SessionId)
config.TotalMonitors.Delete(conn.SessionId)
i.Locker.Lock()
delete(i.SshSession, conn.SessionId)
if len(i.SshSession) == 0 {
_ = i.SshClient.Close()
i.SshClient = nil
}
i.Locker.Unlock()
err := i.UpsertSession(conn, model.SESSIONSTATUS_OFFLINE)
if err != nil {
logger.L.Error(err.Error())
}
}
func (i *InteractiveHandler) CommandCheck(command string) (string, bool) {
for _, id := range i.SelectedAsset.CmdIds {
cmd, ok := i.Commands[id]
if !ok || !cmd.Enable {
continue
}
for _, c := range cmd.Cmds {
p, err := regexp.Compile(c)
if err == nil {
if p.Match([]byte(command)) {
return c, false
}
} else {
if c == command {
return c, false
}
}
}
}
return "", true
}
//func (v *VirtualTermIn) Read(p []byte) (n int, err error) {
// return v.InChan.Read(p)
//}
//
//func (v *VirtualTermIn) Close() error {
// return nil
//}
//
//func (v *VirtualTermOut) Write(p []byte) (n int, err error) {
// return v.OutChan.Write(p)
//}

47
backend/pkg/proto/ssh/handler/sider.go
View File

@@ -1,47 +0,0 @@
package handler
import (
"fmt"
gossh "github.com/gliderlabs/ssh"
"github.com/veops/oneterm/pkg/logger"
"github.com/veops/oneterm/pkg/proto/ssh/config"
)
func RegisterMonitorSession(sessionId string, sess gossh.Session) {
_, ok := config.TotalHostSession.Load(sessionId)
if !ok {
return
}
config.TotalMonitors.LoadOrStore(sessionId, sess)
if _, ok := config.TotalMonitors.Load(sessionId); !ok {
config.TotalMonitors.Store(sessionId, sess)
}
<-sess.Context().Done()
DeleteMonitorSession(sessionId)
}
func DeleteMonitorSession(sessionId string) {
config.TotalMonitors.Delete(sessionId)
}
func getMonitorSession(sessionId string) gossh.Session {
if v, ok := config.TotalMonitors.Load(sessionId); ok {
return v.(gossh.Session)
}
return nil
}
func Monitor(sessionId string, p []byte) {
if s := getMonitorSession(sessionId); s != nil {
_, err := s.Write(p)
if err != nil {
logger.L.Error(fmt.Sprintf("moninor session %s failed: %s", sessionId, err.Error()))
return
}
}
}

380
backend/pkg/proto/ssh/handler/term.go
View File

@@ -1,380 +0,0 @@
// Package handler
/**
Copyright (c) The Authors.
* @Author: feng.xiang
* @Date: 2024/1/24 15:20
* @Desc:
*/
package handler
import (
"fmt"
"io"
"strconv"
"strings"
"sync"
"sync/atomic"
"time"
"github.com/charmbracelet/bubbles/table"
tea "github.com/charmbracelet/bubbletea"
"github.com/charmbracelet/lipgloss"
"go.uber.org/zap"
myi18n "github.com/veops/oneterm/pkg/i18n"
"github.com/veops/oneterm/pkg/logger"
)
type TermModel struct {
table table.Model
query string
cookie string
Object *InteractiveHandler
SearchTime time.Time
Rows []table.Row
Step int
PreView int
lang string
lastOutputLines int
in *ProxyReader
out *ProxyWriter
hostExit bool
hasMsg chan struct{}
}
const (
Tip int = iota
ChooseHost
ChooseAccount
HostInteractive
)
var baseStyle = lipgloss.NewStyle().
BorderStyle(lipgloss.NormalBorder()).
BorderForeground(lipgloss.Color("240"))
func (m *TermModel) Init() tea.Cmd { return nil }
func (m *TermModel) addStep(v int) {
switch m.Step {
case Tip, ChooseHost:
m.Step += v
case ChooseAccount:
m.Step -= v
default:
m.Step = Tip
}
}
func (m *TermModel) printfToSSH(out string) tea.Cmd {
return func() tea.Msg {
_, err := m.Object.Session.Write([]byte(out + "\n"))
if err != nil {
return err
}
return nil
}
}
func (m *TermModel) CurrentState() int {
return Tip
}
func (m *TermModel) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
var (
cmd tea.Cmd
err error
)
switch msg := msg.(type) {
case tea.KeyMsg:
switch msg.String() {
case "esc":
if m.table.Focused() {
m.table.Blur()
} else {
m.table.Focus()
}
case "ctrl+c":
return m, tea.Quit
case "enter":
sr := m.table.SelectedRow()
if len(sr) == 0 {
break
}
s := m.query
m.query = ""
switch s {
case "/?":
m.Step = Tip
return m, nil
default:
switch len(sr) {
case 0:
return m, nil
default:
m.ClearDataSource()
m.Step, err = m.Object.Proxy(sr[1], 0)
if err != nil {
logger.L.Warn(err.Error())
}
m.ResetSource()
m.convertRows()
m.updateTable()
if len(m.Object.MessageChan) > 0 {
out := <-m.Object.MessageChan
return m, tea.Batch(tea.ClearScreen, tea.Printf(out))
}
if len(m.Object.AccountsForSelect) > 0 {
m.Object.AccountsForSelect = nil
}
return m, tea.ClearScreen
}
}
case "backspace":
if len(m.query) > 0 {
m.query = m.query[:len(m.query)-1]
}
m.updateTable()
default:
if msg.Type == tea.KeyRunes && len(msg.String()) >= 1 {
m.query += msg.String()
}
switch m.query {
case "/?":
m.Step = Tip
m.query = ""
return m, nil
case "/s":
m.Step = Tip
m.query = ""
m.Object.SwitchLanguage("")
return m, nil
case "/q":
return m, tea.Quit
case "/*":
m.Step = Tip
m.query = ""
}
if m.Step == Tip {
m.Step = ChooseHost
}
m.updateTable()
}
}
m.table, cmd = m.table.Update(msg)
return m, cmd
}
//func (m *TermModel) Welcome() []table.Row {
// rows := []table.Row{
// {"/?", "help"},
// {"/s", "swith"},
// }
//}
func (m *TermModel) View() string {
defer func() {
m.in.hasMsg.Store(false)
}()
var s string
switch m.Step {
case Tip:
//m.table.SetColumns([]table.Column{
//{Title: "Tip", Width: 80},
//})
m.PreView = Tip
s += m.Object.Message(myi18n.MsgSshWelcome, map[string]any{"User": m.Object.Session.User()})
s = "\x1b[2K\x1b[G" + s + "\n: " + m.query
case ChooseHost:
m.table.SetColumns([]table.Column{
{Title: "No.", Width: 5},
{Title: "Name", Width: 20},
{Title: "Ip", Width: 18},
})
if m.PreView == Tip {
s = "\x1b[2K\x1b[G"
}
s += baseStyle.Render(m.table.View() + "\n: " + m.query)
case ChooseAccount:
m.table.SetColumns([]table.Column{
{Title: "No.", Width: 5},
{Title: "Name", Width: 20},
{Title: "Account", Width: 18},
})
s += baseStyle.Render(m.table.View() + "\n: " + m.query)
}
return s
//m.lastOutputLines = strings.Count(s, "\n") + 1
//moveToBottomRight := "\033[999;999H"
//moveToBottomRight = ""
//return moveToBottomRight + s
}
func (m *TermModel) clearLastOutput() string {
return fmt.Sprintf("\033[%dA\033[J", m.lastOutputLines)
}
func (m *TermModel) updateTable() {
if m.query == "" {
m.table.SetRows(m.Rows)
return
}
var filteredRows []table.Row
for _, row := range m.Rows {
if rowContainsQuery(row, m.query) {
filteredRows = append(filteredRows, row)
}
}
m.table.SetRows(filteredRows)
}
func rowContainsQuery(row table.Row, query string) bool {
for _, cell := range row {
if strings.Contains(strings.ToLower(cell), strings.ToLower(query)) {
return true
}
}
return false
}
func InitAndRunTerm(obj *InteractiveHandler) *tea.Program {
columns := []table.Column{
{Title: "No.", Width: 5},
{Title: "Name", Width: 20},
{Title: "Ip", Width: 18},
}
t := table.New(
table.WithColumns(columns),
table.WithFocused(true),
table.WithHeight(7),
)
s := table.DefaultStyles()
s.Header = s.Header.
BorderStyle(lipgloss.NormalBorder()).
BorderForeground(lipgloss.Color("240")).
BorderBottom(true).
Bold(false)
s.Selected = s.Selected.
Foreground(lipgloss.Color("229")).
Background(lipgloss.Color("57")).
Bold(false)
t.SetStyles(s)
tm := &TermModel{
table: t,
Object: obj,
in: &ProxyReader{r: obj.Session},
out: &ProxyWriter{w: obj.Session},
hasMsg: make(chan struct{}),
}
tm.updateRows()
return tea.NewProgram(tm, tea.WithInput(tm.in), tea.WithOutput(tm.out))
}
func (m *TermModel) updateRows() {
assets, err := m.Object.AcquireAssets("", 0)
if err != nil {
logger.L.Warn(err.Error(), zap.String("module", "term"))
return
}
var rows []table.Row
for index, v1 := range assets {
rows = append(rows, []string{strconv.Itoa(index), v1.Name, v1.Ip})
}
m.Object.Locker.Lock()
m.Object.Assets = assets
m.Object.Locker.Unlock()
m.SearchTime = time.Now()
m.Rows = rows
}
func (m *TermModel) convertRows() {
switch m.Step {
case ChooseAccount:
var rows []table.Row
for index, v := range m.Object.AccountsForSelect {
rows = append(rows, table.Row{strconv.Itoa(index), v.Name, v.Account})
}
m.Rows = rows
default:
if time.Since(m.SearchTime) < time.Minute {
var rows []table.Row
for index, v1 := range m.Object.Assets {
rows = append(rows, []string{strconv.Itoa(index), v1.Name, v1.Ip})
}
m.Rows = rows
return
}
m.updateRows()
}
}
type nilWriter struct{}
func (nw nilWriter) Write(p []byte) (int, error) {
return len(p), nil
}
func (m *TermModel) ClearDataSource() {
m.in.SetReader(nil)
m.out.SetWriter(nil)
}
func (m *TermModel) ResetSource() {
m.in.SetReader(m.Object.Session)
m.out.SetWriter(m.Object.Session)
}
type ProxyWriter struct {
lock sync.RWMutex
w io.Writer
}
func (pw *ProxyWriter) Write(p []byte) (n int, err error) {
pw.lock.RLock()
defer pw.lock.RUnlock()
for pw.w == nil {
time.Sleep(time.Millisecond * 50)
}
return pw.w.Write(p)
}
func (pw *ProxyWriter) SetWriter(w io.Writer) {
pw.lock.Lock()
defer pw.lock.Unlock()
pw.w = w
}
type ProxyReader struct {
lock sync.RWMutex
r io.Reader
hasMsg atomic.Bool
}
func (pr *ProxyReader) Read(p []byte) (n int, err error) {
pr.lock.RLock()
defer pr.lock.RUnlock()
for pr.r == nil || pr.hasMsg.Load() {
time.Sleep(time.Millisecond * 100)
}
n, err = pr.r.Read(p)
pr.hasMsg.Store(true)
return
}
func (pr *ProxyReader) SetReader(r io.Reader) {
pr.r = r
}

154
backend/pkg/proto/ssh/record/asciinema.go
View File

@@ -1,154 +0,0 @@
package record
import (
"encoding/json"
"fmt"
"os"
"path/filepath"
"strings"
"time"
gossh "github.com/gliderlabs/ssh"
"go.uber.org/zap"
"github.com/veops/oneterm/pkg/logger"
"github.com/veops/oneterm/pkg/proto/ssh/api"
"github.com/veops/oneterm/pkg/proto/ssh/config"
)
type Asciinema struct {
Timestamp time.Time
FilePath string
SessionId string
Writer *os.File
InChan chan string
buf []string
HasWidth bool
}
func NewAsciinema(sessionId string, pty gossh.Pty) (asc *Asciinema, err error) {
asc = &Asciinema{
Timestamp: time.Now(),
InChan: make(chan string, 20480),
SessionId: sessionId,
}
if config.SSHConfig.RecordFilePath == "" {
asc.FilePath, _ = os.Getwd()
}
asc.FilePath = filepath.Join(asc.FilePath, sessionId+".cast")
castFile, err := os.Create(asc.FilePath)
if err != nil {
return
}
asc.Writer = castFile
head := map[string]any{
"version": 2,
"width": pty.Window.Width,
"height": pty.Window.Height,
"timestamp": asc.Timestamp.Unix(),
"env": map[string]any{
"SHELL": "/bin/bash",
"TERM": "xterm-256color",
},
}
s, _ := json.Marshal(head)
if pty.Window.Width == 0 {
asc.buf = append(asc.buf, string(s))
} else {
asc.HasWidth = true
_, err = castFile.Write(s)
if err != nil {
return asc, err
}
_, err = castFile.WriteString("\r\n")
if err != nil {
return asc, err
}
}
return asc, err
}
func (a *Asciinema) Write(data []byte) error {
s := make([]any, 3)
s[0] = (float64(time.Now().UnixMicro() - a.Timestamp.UnixMicro())) / 1000 / 1000
s[1] = "o"
s[2] = string(data)
res, err := json.Marshal(s)
if err != nil {
return err
}
if !a.HasWidth {
a.buf = append(a.buf, string(res))
} else {
_, err = a.Writer.Write(append(res, []byte("\r\n")...))
}
return err
}
func (a *Asciinema) RemoteWrite(rec string) {
a.InChan <- rec
for v := range a.InChan {
err := api.AddReplay(a.SessionId, map[string]string{
"session_id": a.SessionId,
"body": v,
})
if err != nil {
logger.L.Error(err.Error())
break
}
}
}
func (a *Asciinema) Close() {
a.Writer.Close()
err := api.AddReplayFile(a.SessionId, a.FilePath)
if err != nil {
logger.L.Error(err.Error())
}
err = os.Remove(a.FilePath)
if err != nil {
logger.L.Warn(err.Error(), zap.String("module", "asciinema"))
}
}
func (a *Asciinema) Resize(height, width int) error {
if !a.HasWidth {
a.ReWriteZeroWidth(height, width)
}
s := make([]any, 3)
s[0] = (float64(time.Now().UnixMicro() - a.Timestamp.UnixMicro())) / 1000 / 1000
s[1] = "r"
s[2] = fmt.Sprintf("%dx%d", width, height)
res, err := json.Marshal(s)
if err != nil {
return err
}
_, err = a.Writer.Write(append(res, []byte("\r\n")...))
return err
}
func (a *Asciinema) ReWriteZeroWidth(height, width int) {
defer func() {
a.HasWidth = true
}()
if len(a.buf) > 0 {
head := map[string]any{}
er := json.Unmarshal([]byte(a.buf[0]), &head)
if er == nil {
head["width"] = width
head["height"] = height
s, er := json.Marshal(head)
if er == nil {
a.buf[0] = string(s)
}
}
}
_, _ = a.Writer.WriteString(strings.Join(a.buf, "\r\n"))
_, _ = a.Writer.WriteString("\r\n")
return
}

7
backend/pkg/proto/ssh/record/record.go
View File

@@ -1,7 +0,0 @@
package record
type Record interface {
Write(record []byte) error
Close()
Resize(height, width int) error
}

40
backend/pkg/proto/ssh/ssh.go
View File

@@ -1,40 +0,0 @@
package ssh
import (
"net"
"time"
"github.com/pires/go-proxyproto"
"github.com/veops/oneterm/pkg/logger"
"github.com/veops/oneterm/pkg/proto/ssh/handler"
)
func Run(Addr, apiHost, token, privateKeyPath, secretKey string) error {
s, er := handler.Init(Addr, apiHost, token, privateKeyPath, secretKey)
if er != nil {
return er
}
go func() {
ln, err := net.Listen("tcp", s.Addr)
if err != nil {
logger.L.Fatal(err.Error())
}
proxyListener := &proxyproto.Listener{
Listener: ln,
ReadHeaderTimeout: 10 * time.Second,
}
defer proxyListener.Close()
err = s.Serve(proxyListener)
if err != nil {
logger.L.Fatal(err.Error())
return
}
}()
return nil
}

98
backend/pkg/server/router/middleware/auth.go
View File

@@ -1,98 +0,0 @@
// Package middleware
package middleware
import (
"encoding/json"
"fmt"
"net/http"
"sync"
"github.com/gin-gonic/gin"
"go.uber.org/zap"
"github.com/veops/oneterm/pkg/conf"
"github.com/veops/oneterm/pkg/logger"
"github.com/veops/oneterm/pkg/server/auth/acl"
)
var (
basicAuthDb = sync.Map{}
)
func init() {
basicAuthDb.Store("admin", "admin")
}
func Auth() gin.HandlerFunc {
return func(c *gin.Context) {
var err error
var ok bool
if conf.Cfg.Auth.Acl != nil && conf.Cfg.Auth.Acl.Url != "" {
err, ok = authAcl(c)
} else {
// TODO: add your auth here
ok = true
}
if !ok {
logger.L.Warn(err.Error())
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
"message": "authorized refused",
})
return
}
c.Next()
}
}
func AuthToken() gin.HandlerFunc {
return func(c *gin.Context) {
if c.GetHeader("X-Token") != conf.Cfg.SshServer.Xtoken {
logger.L.Warn("invalid token", zap.String("X-Token", c.GetHeader("X-Token")))
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
"message": "authorized refused",
})
return
}
c.Next()
}
}
func authAcl(ctx *gin.Context) (error, bool) {
session := &acl.Session{}
sess, err := ctx.Cookie("session")
if err == nil && sess != "" {
s := acl.NewSignature(conf.Cfg.SecretKey, "cookie-session", "", "hmac", nil, nil)
content, err := s.Unsign(sess)
if err != nil {
return err, false
}
err = json.Unmarshal(content, &session)
if err != nil {
return err, false
}
ctx.Set("session", session)
return nil, true
}
return fmt.Errorf("no session"), false
}
//func authBasic(ctx *gin.Context) (error, bool) {
// if user, password, ok := ctx.Request.BasicAuth(); ok {
// if p, ok := basicAuthDb.Load(user); ok && p.(string) == password {
// return nil, true
// } else {
// return fmt.Errorf("invalid user or password"), false
// }
// }
// return fmt.Errorf("invalid user or password"), false
//}
//func authWithWhiteList(ip string) bool {
// return lo.Contains(viper.GetStringSlice("gateway.whiteList"), ip)
//}

151
backend/pkg/server/router/middleware/cache.go
View File

@@ -1,151 +0,0 @@
package middleware
import (
"bytes"
"context"
"encoding/gob"
"fmt"
"net/http"
"time"
"github.com/gin-gonic/gin"
"golang.org/x/sync/singleflight"
"github.com/veops/oneterm/pkg/logger"
"github.com/veops/oneterm/pkg/server/storage/cache/redis"
)
var (
cachePrefix = "App::HttpCache"
)
type responseCache struct {
Status int
Header http.Header
Data []byte
}
func (c *responseCache) fillWithCacheWriter(cacheWriter *responseCacheWriter) {
c.Status = cacheWriter.Status()
c.Data = cacheWriter.body.Bytes()
c.Header = cacheWriter.Header().Clone()
}
// responseCacheWriter
type responseCacheWriter struct {
gin.ResponseWriter
body bytes.Buffer
}
func (w *responseCacheWriter) Write(b []byte) (int, error) {
w.body.Write(b)
return w.ResponseWriter.Write(b)
}
func replyWithCache(c *gin.Context, respCache *responseCache) {
c.Writer.WriteHeader(respCache.Status)
for key, values := range respCache.Header {
for _, val := range values {
c.Writer.Header().Set(key, val)
}
}
if _, err := c.Writer.Write(respCache.Data); err != nil {
logger.L.Error(err.Error())
}
c.Abort()
}
func RCache(ctx context.Context, defaultExpire time.Duration) gin.HandlerFunc {
sfGroup := singleflight.Group{}
return func(c *gin.Context) {
cacheKey := fmt.Sprintf("%s::%s", cachePrefix, c.Request.RequestURI)
cacheDuration := defaultExpire
// read cache first
{
respCache := &responseCache{}
err := RGet(ctx, cacheKey, &respCache)
if err == nil {
replyWithCache(c, respCache)
return
}
}
cacheWriter := &responseCacheWriter{ResponseWriter: c.Writer}
c.Writer = cacheWriter
inFlight := false
rawRespCache, _, _ := sfGroup.Do(cacheKey, func() (any, error) {
forgetTimer := time.AfterFunc(time.Second*15, func() {
sfGroup.Forget(cacheKey)
})
defer forgetTimer.Stop()
c.Next()
inFlight = true
respCache := &responseCache{}
respCache.fillWithCacheWriter(cacheWriter)
// only cache 2xx response
if !c.IsAborted() && cacheWriter.Status() < 300 && cacheWriter.Status() >= 200 {
if err := RSet(ctx, cacheKey, respCache, cacheDuration); err != nil {
logger.L.Error(err.Error())
}
}
return respCache, nil
})
if !inFlight {
replyWithCache(c, rawRespCache.(*responseCache))
return
}
}
}
// redis
func RSet(ctx context.Context, key string, value any, expire time.Duration) error {
payload, err := Serialize(value)
if err != nil {
return err
}
_, err = redis.RC.SetEx(ctx, key, payload, expire).Result()
return err
}
func RDelete(ctx context.Context, key string) error {
_, err := redis.RC.Del(ctx, key).Result()
return err
}
func RGet(ctx context.Context, key string, value any) error {
r, err := redis.RC.Get(ctx, key).Bytes()
if err != nil {
return err
}
return Deserialize(r, value)
}
// codec
func Serialize(value any) ([]byte, error) {
var b bytes.Buffer
encoder := gob.NewEncoder(&b)
if err := encoder.Encode(value); err != nil {
return nil, err
}
return b.Bytes(), nil
}
func Deserialize(byt []byte, ptr any) (err error) {
b := bytes.NewBuffer(byt)
decoder := gob.NewDecoder(b)
if err = decoder.Decode(ptr); err != nil {
return err
}
return nil
}

63
backend/pkg/server/router/middleware/error.go
View File

@@ -1,63 +0,0 @@
package middleware
import (
"bytes"
"encoding/json"
"strings"
"github.com/gin-gonic/gin"
"github.com/nicksnyder/go-i18n/v2/i18n"
"github.com/veops/oneterm/pkg/conf"
"github.com/veops/oneterm/pkg/server/controller"
)
type bodyWriter struct {
gin.ResponseWriter
body *bytes.Buffer
}
func (w bodyWriter) Write(b []byte) (int, error) {
return w.body.Write(b)
}
func Error2Resp() gin.HandlerFunc {
return func(ctx *gin.Context) {
if strings.Contains(ctx.Request.URL.String(), "session/replay") {
ctx.Next()
return
}
wb := &bodyWriter{
body: &bytes.Buffer{},
ResponseWriter: ctx.Writer,
}
ctx.Writer = wb
ctx.Next()
obj := make(map[string]any)
json.Unmarshal(wb.body.Bytes(), &obj)
if len(ctx.Errors) > 0 {
if v, ok := obj["code"]; !ok || v == 0 {
obj["code"] = ctx.Writer.Status()
}
if v, ok := obj["message"]; !ok || v == "" {
e := ctx.Errors.Last().Err
obj["message"] = e.Error()
ae, ok := e.(*controller.ApiError)
if ok {
lang := ctx.PostForm("lang")
accept := ctx.GetHeader("Accept-Language")
localizer := i18n.NewLocalizer(conf.Bundle, lang, accept)
obj["message"] = ae.Message(localizer)
}
}
}
bs, _ := json.Marshal(obj)
wb.ResponseWriter.Write(bs)
}
}

137
backend/pkg/server/router/middleware/log.go
View File

@@ -1,137 +0,0 @@
// Package middleware
package middleware
import (
"bytes"
"encoding/json"
"io"
"net"
"net/http"
"net/http/httputil"
"os"
"runtime/debug"
"strings"
"time"
"github.com/gin-gonic/gin"
"github.com/samber/lo"
"go.uber.org/zap"
"github.com/veops/oneterm/pkg/logger"
handler "github.com/veops/oneterm/pkg/server/controller"
)
var (
NotLogUrls = []string{"/favicon.ico"}
)
func GinLogger(logger *zap.Logger) gin.HandlerFunc {
return func(c *gin.Context) {
start := time.Now()
path := c.Request.URL.Path
query := c.Request.URL.RawQuery
c.Next()
if !lo.Contains(NotLogUrls, path) {
cost := time.Since(start)
logger.Info(path,
zap.Int("status", c.Writer.Status()),
zap.String("method", c.Request.Method),
zap.String("path", path),
zap.String("query", query),
zap.String("ip", c.ClientIP()),
zap.String("user-agent", c.Request.UserAgent()),
zap.String("errors", c.Errors.ByType(gin.ErrorTypePrivate).String()),
zap.Duration("cost", cost),
)
}
}
}
func GinRecovery(logger *zap.Logger, stack bool) gin.HandlerFunc {
return func(c *gin.Context) {
defer func() {
if err := recover(); err != nil {
var brokenPipe bool
if ne, ok := err.(*net.OpError); ok {
if se, ok := ne.Err.(*os.SyscallError); ok {
if strings.Contains(strings.ToLower(se.Error()), "broken pipe") ||
strings.Contains(strings.ToLower(se.Error()), "connection reset by peer") {
brokenPipe = true
}
}
}
httpRequest, _ := httputil.DumpRequest(c.Request, false)
if brokenPipe {
logger.Error(c.Request.URL.Path,
zap.Any("error", err),
zap.String("request", string(httpRequest)),
)
err := c.Error(err.(error))
if err != nil {
logger.Error(err.Error())
}
c.Abort()
return
}
if stack {
logger.Error("[Recovery from panic]",
zap.Any("error", err),
zap.String("request", string(httpRequest)),
zap.String("stack", string(debug.Stack())),
)
} else {
logger.Error("[Recovery from panic]",
zap.Any("error", err),
zap.String("request", string(httpRequest)),
)
}
c.AbortWithStatus(http.StatusInternalServerError)
}
}()
c.Next()
}
}
// LogRequest LogUpdate Record the specified HTTP request (including the URL and data) in a log or another location.
func LogRequest() gin.HandlerFunc {
return func(c *gin.Context) {
if !lo.Contains([]string{"GET", "HEAD"}, c.Request.Method) {
data := map[string]any{}
bodyBytes, _ := io.ReadAll(c.Request.Body)
_ = c.Request.Body.Close()
c.Request.Body = io.NopCloser(bytes.NewBuffer(bodyBytes))
if err := json.Unmarshal(bodyBytes, &data); err != nil {
if valid, err := permissionCheck(c, data); err != nil {
c.AbortWithStatusJSON(http.StatusBadRequest,
handler.HttpResponse{Code: http.StatusBadRequest, Message: err.Error()})
return
} else if !valid {
c.AbortWithStatusJSON(http.StatusBadRequest,
handler.HttpResponse{Code: http.StatusForbidden, Message: "no permission"})
return
}
}
excludeUrls := map[string]struct{}{}
if _, ok := excludeUrls[c.Request.RequestURI]; !ok {
if c.Request.Method != "POST" {
w := &responseWriter{ResponseWriter: c.Writer, body: []byte{}}
c.Writer = w
logger.L.Info("request record", zap.String("body", string(w.body)))
}
}
}
c.Next()
}
}
func permissionCheck(ctx *gin.Context, data map[string]any) (bool, error) {
return true, nil
}

62
backend/pkg/server/router/middleware/middleware.go
View File

@@ -1,62 +0,0 @@
package middleware
import (
"net/http"
"runtime"
"github.com/gin-gonic/gin"
"github.com/veops/oneterm/pkg/logger"
)
func Cors() gin.HandlerFunc {
return func(c *gin.Context) {
method := c.Request.Method
origin := c.Request.Header.Get("Origin")
if origin != "" {
c.Writer.Header().Set("Access-Control-Allow-Origin", origin)
c.Header("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, UPDATE")
c.Header("Access-Control-Allow-Headers", "Authorization, Content-Length, X-CSRF-Token, Token, session")
c.Header("Access-Control-Expose-Headers", "Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers")
c.Header("Access-Control-Max-Age", "172800")
c.Header("Access-Control-Allow-Credentials", "true")
}
if method == "OPTIONS" {
c.AbortWithStatus(http.StatusNoContent)
return
}
defer func() {
if err := recover(); err != nil {
logger.L.Sugar().Errorf("Panic info is: %v", err)
}
}()
c.Next()
}
}
func RecoveryWithWriter() gin.HandlerFunc {
return func(c *gin.Context) {
defer func() {
if err := recover(); err != nil {
var buf [4096]byte
n := runtime.Stack(buf[:], false)
logger.L.Error(string(buf[:n]))
}
}()
c.Next()
}
}
type responseWriter struct {
gin.ResponseWriter
body []byte
}
func (w *responseWriter) Write(data []byte) (int, error) {
w.body = append(w.body, data...)
return w.ResponseWriter.Write(data)
}

121
backend/pkg/server/router/router.go
View File

@@ -1,121 +0,0 @@
package router
import (
"context"
"encoding/gob"
"fmt"
"net/http"
"os"
"time"
"github.com/gin-contrib/sessions"
"github.com/gin-contrib/sessions/cookie"
"github.com/gin-gonic/gin"
"github.com/prometheus/client_golang/prometheus/promhttp"
"github.com/spf13/viper"
swaggerFiles "github.com/swaggo/files"
ginSwagger "github.com/swaggo/gin-swagger"
"github.com/veops/oneterm/docs"
"github.com/veops/oneterm/pkg/conf"
"github.com/veops/oneterm/pkg/logger"
"github.com/veops/oneterm/pkg/server/router/middleware"
"github.com/veops/oneterm/pkg/util"
)
var routeGroup []*GroupRoute
func Server(cfg *conf.ConfigYaml) *http.Server {
routeConfig()
srv := &http.Server{
Addr: fmt.Sprintf("%s:%d", cfg.Http.Host, cfg.Http.Port),
Handler: setupRouter(),
}
go func() {
if err := srv.ListenAndServe(); err != nil && err != http.ErrServerClosed {
logger.L.Error(err.Error())
os.Exit(1)
}
}()
logger.L.Info(fmt.Sprintf("start on server:%s", srv.Addr))
return srv
}
func GracefulExit(srv *http.Server, ch chan struct{}) {
<-ch
ctx, cancel := context.WithTimeout(context.Background(), time.Minute)
defer cancel()
if err := srv.Shutdown(ctx); err != nil {
logger.L.Error(err.Error())
}
logger.L.Info("Shutdown server ...")
}
func routeConfig() {
var commonRoute []Route
commonRoute = append(commonRoute, routes...)
routeGroup = []*GroupRoute{
{
Prefix: "/api/oneterm/v1",
GroupMiddleware: gin.HandlersChain{
middleware.Error2Resp(),
middleware.RecoveryWithWriter(),
},
SubRoutes: commonRoute,
},
{
Prefix: "",
SubRoutes: baseRoutes,
},
}
}
func setupRouter() *gin.Engine {
r := gin.New()
r.SetTrustedProxies([]string{"0.0.0.0/0", "::/0"})
r.MaxMultipartMemory = 128 << 20
r.Use(
middleware.GinLogger(logger.L),
middleware.LogRequest(),
middleware.Cors(),
middleware.GinRecovery(logger.L, true))
// sso
gob.Register(map[string]any{}) // important!
store := cookie.NewStore([]byte(viper.GetString("gateway.secretKey")))
r.Use(sessions.Sessions("session", store))
routeGroupsMap := make(map[string]*gin.RouterGroup)
for _, gRoute := range routeGroup {
if _, ok := routeGroupsMap[gRoute.Prefix]; !ok {
routeGroupsMap[gRoute.Prefix] = r.Group(gRoute.Prefix)
}
for _, gMiddleware := range gRoute.GroupMiddleware {
routeGroupsMap[gRoute.Prefix].Use(gMiddleware)
}
for _, subRoute := range gRoute.SubRoutes {
length := len(subRoute.Middleware) + 2
routes := make([]any, length)
routes[0] = subRoute.Pattern
for i, v := range subRoute.Middleware {
routes[i+1] = v
}
routes[length-1] = subRoute.HandlerFunc
util.CallReflect(
routeGroupsMap[gRoute.Prefix],
subRoute.Method,
routes...)
}
}
r.Handle("GET", "/metrics", gin.WrapH(promhttp.Handler()))
// swagger
docs.SwaggerInfo.Title = "ONETERM API"
docs.SwaggerInfo.BasePath = "/api/oneterm/v1"
r.GET("/swagger/*any", ginSwagger.WrapHandler(swaggerFiles.Handler))
return r
}

447
backend/pkg/server/router/routers.go
View File

@@ -1,447 +0,0 @@
package router
import (
"net/http"
"github.com/gin-gonic/gin"
"github.com/veops/oneterm/pkg/logger"
"github.com/veops/oneterm/pkg/server/controller"
"github.com/veops/oneterm/pkg/server/router/middleware"
)
var (
c = controller.NewController()
baseRoutes = []Route{
{
Name: "a health check, just for monitoring",
Method: "GET",
Pattern: "/-/health",
HandlerFunc: func(ctx *gin.Context) {
ctx.String(http.StatusOK, "OK")
},
},
{
Name: "favicon.ico",
Method: "GET",
Pattern: "/favicon.ico",
HandlerFunc: func(ctx *gin.Context) {
},
},
{
Name: "change the log level",
Method: "PUT",
Pattern: "/-/log/level",
HandlerFunc: func(ctx *gin.Context) {
logger.AtomicLevel.ServeHTTP(ctx.Writer, ctx.Request)
},
},
}
routes = []Route{
// account
{
Name: "create a account",
Method: "POST",
Pattern: "account",
HandlerFunc: c.CreateAccount,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "delete a account",
Method: "DELETE",
Pattern: "account/:id",
HandlerFunc: c.DeleteAccount,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "update a account",
Method: "PUT",
Pattern: "account/:id",
HandlerFunc: c.UpdateAccount,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "query accounts",
Method: "GET",
Pattern: "account",
HandlerFunc: c.GetAccounts,
Middleware: gin.HandlersChain{middleware.Auth()},
},
// asset
{
Name: "create a asset",
Method: "POST",
Pattern: "asset",
HandlerFunc: c.CreateAsset,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "delete a asset",
Method: "DELETE",
Pattern: "asset/:id",
HandlerFunc: c.DeleteAsset,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "update a asset",
Method: "PUT",
Pattern: "asset/:id",
HandlerFunc: c.UpdateAsset,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "query assets",
Method: "GET",
Pattern: "asset",
HandlerFunc: c.GetAssets,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "update asset by server",
Method: "PUT",
Pattern: "asset/update_by_server",
HandlerFunc: c.UpdateByServer,
Middleware: gin.HandlersChain{middleware.AuthToken()},
},
{
Name: "query asset by server",
Method: "GET",
Pattern: "asset/query_by_server",
HandlerFunc: c.QueryByServer,
Middleware: gin.HandlersChain{middleware.AuthToken()},
},
// command
{
Name: "create a command",
Method: "POST",
Pattern: "command",
HandlerFunc: c.CreateCommand,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "delete a command",
Method: "DELETE",
Pattern: "command/:id",
HandlerFunc: c.DeleteCommand,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "update a command",
Method: "PUT",
Pattern: "command/:id",
HandlerFunc: c.UpdateCommand,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "query commands",
Method: "GET",
Pattern: "command",
HandlerFunc: c.GetCommands,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "modify config",
Method: "POST",
Pattern: "config",
HandlerFunc: c.PostConfig,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "query config",
Method: "GET",
Pattern: "config",
HandlerFunc: c.GetConfig,
Middleware: gin.HandlersChain{middleware.Auth()},
},
// gateway
{
Name: "create a gateway",
Method: "POST",
Pattern: "gateway",
HandlerFunc: c.CreateGateway,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "delete a gateway",
Method: "DELETE",
Pattern: "gateway/:id",
HandlerFunc: c.DeleteGateway,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "update a gateway",
Method: "PUT",
Pattern: "gateway/:id",
HandlerFunc: c.UpdateGateway,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "query gateways",
Method: "GET",
Pattern: "gateway",
HandlerFunc: c.GetGateways,
Middleware: gin.HandlersChain{middleware.Auth()},
},
// node
{
Name: "create a node",
Method: "POST",
Pattern: "node",
HandlerFunc: c.CreateNode,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "delete a node",
Method: "DELETE",
Pattern: "node/:id",
HandlerFunc: c.DeleteNode,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "update a node",
Method: "PUT",
Pattern: "node/:id",
HandlerFunc: c.UpdateNode,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "query nodes",
Method: "GET",
Pattern: "node",
HandlerFunc: c.GetNodes,
Middleware: gin.HandlersChain{middleware.Auth()},
},
// publicKey
{
Name: "create a publicKey",
Method: "POST",
Pattern: "public_key",
HandlerFunc: c.CreatePublicKey,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "delete a publicKey",
Method: "DELETE",
Pattern: "public_key/:id",
HandlerFunc: c.DeletePublicKey,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "update a publicKey",
Method: "PUT",
Pattern: "public_key/:id",
HandlerFunc: c.UpdatePublicKey,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "query publicKeys",
Method: "GET",
Pattern: "public_key",
HandlerFunc: c.GetPublicKeys,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "auth by publicKey or password",
Method: "POST",
Pattern: "public_key/auth",
HandlerFunc: c.Auth,
Middleware: gin.HandlersChain{middleware.AuthToken()},
},
//stat
{
Name: "query stat asset type",
Method: "GET",
Pattern: "stat/assettype",
HandlerFunc: c.StatAssetType,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "query stat count",
Method: "GET",
Pattern: "stat/count",
HandlerFunc: c.StatCount,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "query stat count of user",
Method: "GET",
Pattern: "stat/count/ofuser",
HandlerFunc: c.StatCountOfUser,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "query stat account",
Method: "GET",
Pattern: "stat/account",
HandlerFunc: c.StatAccount,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "query stat asset",
Method: "GET",
Pattern: "stat/asset",
HandlerFunc: c.StatAsset,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "query stat rank of user",
Method: "GET",
Pattern: "stat/rank/ofuser",
HandlerFunc: c.StatRankOfUser,
Middleware: gin.HandlersChain{middleware.Auth()},
},
//session
{
Name: "query session",
Method: "GET",
Pattern: "session",
HandlerFunc: c.GetSessions,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "query session cmds",
Method: "GET",
Pattern: "session/:session_id/cmd",
HandlerFunc: c.GetSessionCmds,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "query session option asset",
Method: "GET",
Pattern: "session/option/asset",
HandlerFunc: c.GetSessionOptionAsset,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "query session option client ip",
Method: "GET",
Pattern: "session/option/clientip",
HandlerFunc: c.GetSessionOptionClientIp,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "query session replay",
Method: "GET",
Pattern: "session/replay/:session_id",
HandlerFunc: c.GetSessionReplay,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "create sesssin replay",
Method: "POST",
Pattern: "session/replay/:session_id",
HandlerFunc: c.CreateSessionReplay,
Middleware: gin.HandlersChain{middleware.AuthToken()},
},
{
Name: "upsert session",
Method: "POST",
Pattern: "session",
HandlerFunc: c.UpsertSession,
Middleware: gin.HandlersChain{middleware.AuthToken()},
},
{
Name: "create sesssin cmd",
Method: "POST",
Pattern: "session/cmd",
HandlerFunc: c.CreateSessionCmd,
Middleware: gin.HandlersChain{middleware.AuthToken()},
},
//history
{
Name: "query history",
Method: "GET",
Pattern: "history",
HandlerFunc: c.GetHistories,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "query history type mapping",
Method: "GET",
Pattern: "history/type/mapping",
HandlerFunc: c.GetHistoryTypeMapping,
Middleware: gin.HandlersChain{middleware.Auth()},
},
//connect
{
Name: "connect",
Method: "POST",
Pattern: "connect/:asset_id/:account_id/:protocol",
HandlerFunc: c.Connect,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "connecting",
Method: "GET",
Pattern: "connect/:session_id",
HandlerFunc: c.Connecting,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "connect monitor",
Method: "GET",
Pattern: "connect/monitor/:session_id",
HandlerFunc: c.ConnectMonitor,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "connect close",
Method: "POST",
Pattern: "connect/close/:session_id",
HandlerFunc: c.ConnectClose,
Middleware: gin.HandlersChain{middleware.Auth()},
},
//file
{
Name: "query file history",
Method: "GET",
Pattern: "file/history",
HandlerFunc: c.GetFileHistory,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "file action ls",
Method: "GET",
Pattern: "file/ls/:asset_id/:account_id",
HandlerFunc: c.FileLS,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "file action mkdir",
Method: "POST",
Pattern: "file/mkdir/:asset_id/:account_id",
HandlerFunc: c.FileMkdir,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "file action upload",
Method: "POST",
Pattern: "file/upload/:asset_id/:account_id",
HandlerFunc: c.FileUpload,
Middleware: gin.HandlersChain{middleware.Auth()},
},
{
Name: "file action download",
Method: "GET",
Pattern: "file/download/:asset_id/:account_id",
HandlerFunc: c.FileDownload,
Middleware: gin.HandlersChain{middleware.Auth()},
},
}
)
type Route struct {
Name string
Method string
Pattern string
HandlerFunc func(ctx *gin.Context)
Middleware []gin.HandlerFunc
}
type GroupRoute struct {
Prefix string
GroupMiddleware gin.HandlersChain
SubRoutes []Route
}

174
backend/pkg/server/schedule/cmdb/cmdb.go
View File

@@ -1,174 +0,0 @@
package cmdb
import (
"context"
"crypto/sha1"
"encoding/hex"
"errors"
"fmt"
"net/url"
"sort"
"strings"
"time"
"github.com/samber/lo"
"github.com/spf13/cast"
"go.uber.org/zap"
"gorm.io/gorm"
"github.com/veops/oneterm/pkg/conf"
"github.com/veops/oneterm/pkg/logger"
"github.com/veops/oneterm/pkg/server/auth/acl"
"github.com/veops/oneterm/pkg/server/controller"
"github.com/veops/oneterm/pkg/server/model"
"github.com/veops/oneterm/pkg/server/remote"
"github.com/veops/oneterm/pkg/server/storage/db/mysql"
)
var (
ctx, cancel = context.WithCancel(context.Background())
)
func Run() (err error) {
currentUser := &acl.Session{
Uid: conf.Cfg.Worker.Uid,
Acl: acl.Acl{
Rid: conf.Cfg.Worker.Rid,
},
}
tk := time.NewTicker(time.Minute)
last := make(map[int]time.Time)
for {
select {
case <-tk.C:
nodes, err := getNodes()
if err != nil {
logger.L.Error("get nodes faild", zap.Error(err))
continue
}
now := time.Now()
for _, n := range nodes {
d, _ := time.ParseDuration(fmt.Sprintf("%fh", n.Sync.Frequency))
if last[n.Id].Add(d).After(now) {
continue
}
if n.Sync.TypeId <= 0 {
continue
}
cis, err := getCis(n.Sync.TypeId, n.Sync.Filters)
if err != nil {
logger.L.Error("get cmdb failed", zap.Error(err))
continue
}
for _, ci := range cis {
a := &model.Asset{
Ciid: cast.ToInt(ci["_id"]),
ParentId: n.Id,
UpdaterId: conf.Cfg.Worker.Uid,
Ip: cast.ToString(ci[n.Sync.Mapping["ip"]]),
Name: fmt.Sprintf("%s@%v", cast.ToString(ci[n.Sync.Mapping["name"]]), time.Now().Format(time.RFC3339)),
Protocols: n.Protocols,
Authorization: n.Authorization,
AccessAuth: n.AccessAuth,
}
resourceIds := make([]int, 0)
if err := mysql.DB.Model(a).Select("resource_id").Where("ci_id = ?", a.Ciid).Find(&resourceIds).Error; err != nil {
logger.L.Error("insert ci failed", zap.Error(err))
continue
}
if !errors.Is(mysql.DB.Model(a).Where("ci_id = ?", a.Ciid).Where("parent_id = ?", a.ParentId).First(map[string]any{}).Error, gorm.ErrRecordNotFound) {
continue
}
a.CreatorId = conf.Cfg.Worker.Uid
a.ResourceId, err = acl.CreateAcl(ctx, currentUser, acl.GetResourceTypeName(conf.RESOURCE_ASSET), a.Name)
if err != nil {
continue
}
if err = mysql.DB.Transaction(func(tx *gorm.DB) (err error) {
if err = tx.Create(a).Error; err != nil {
return
}
err = controller.HandleAuthorization(currentUser, tx, model.ACTION_CREATE, nil, a)
return
}); err != nil {
continue
}
}
}
case <-ctx.Done():
return
}
}
}
func Stop(err error) {
defer cancel()
}
func getNodes() (res map[int]*model.Node, err error) {
data := make([]*model.Node, 0)
err = mysql.DB.
Model(&model.Node{}).
Where("enable = ?", 1).
Find(&data).
Error
if err != nil {
return
}
res = lo.SliceToMap(data, func(d *model.Node) (int, *model.Node) { return d.Id, d })
return
}
func getCis(typeId int, filters string) (res []map[string]any, err error) {
url := fmt.Sprintf("%s/ci/s", conf.Cfg.Cmdb.Url)
params := map[string]any{
"q": fmt.Sprintf("_type:(%d),%s", typeId, filters),
"count": 100000,
}
params["_secret"] = buildAPIKey(url, params)
params["_key"] = conf.Cfg.Worker.Key
ps := make(map[string]string)
for k, v := range params {
ps[k] = cast.ToString(v)
}
data := &GetCIResult{}
resp, err := remote.RC.R().
SetQueryParams(ps).
SetResult(data).
Get(url)
if err = remote.HandleErr(err, resp, func(dt map[string]any) bool { return true }); err != nil {
return
}
res = data.Result
return
}
type GetCIResult struct {
Counter map[string]int `json:"counter"`
Facet map[string]any `json:"facet"`
Numfound int `json:"numfound"`
Page int `json:"page"`
Result []map[string]any `json:"result"`
Total int `json:"total"`
}
func buildAPIKey(u string, params map[string]any) string {
pu, _ := url.Parse(u)
keys := lo.Keys(params)
sort.Slice(keys, func(i, j int) bool { return keys[i] < keys[j] })
vals := strings.Join(
lo.Map(keys, func(k string, _ int) string {
return lo.Ternary(strings.HasPrefix(k, "_"), "", cast.ToString(params[k]))
}),
"")
sha := sha1.New()
sha.Write([]byte(strings.Join([]string{pu.Path, conf.Cfg.Worker.Secret, vals}, "")))
return hex.EncodeToString(sha.Sum(nil))
}

21
backend/pkg/server/storage/cache/local/localcache.go vendored
View File

@@ -1,21 +0,0 @@
package local
import (
"context"
"time"
"github.com/allegro/bigcache/v3"
)
var (
// LC local cache client
LC *bigcache.BigCache
)
func Init() error {
var err error
if LC, err = bigcache.New(context.Background(), bigcache.DefaultConfig(time.Minute*10)); err != nil {
return err
}
return nil
}

27
backend/pkg/server/storage/db/mysql/mysql.go
View File

@@ -1,27 +0,0 @@
package mysql
import (
"fmt"
"gorm.io/driver/mysql"
"gorm.io/gorm"
"github.com/veops/oneterm/pkg/conf"
)
var (
DB *gorm.DB
)
func Init(cfg *conf.MysqlConfig) (err error) {
if cfg == nil {
return
}
dsn := fmt.Sprintf("%s:%s@tcp(%s:%s)/oneterm?charset=utf8mb4&parseTime=True&loc=Local", cfg.User, cfg.Password, cfg.Ip, cfg.Port)
if DB, err = gorm.Open(mysql.Open(dsn), &gorm.Config{}); err != nil {
return
}
return
}

52
backend/pkg/util/requests.go
View File

@@ -1,52 +0,0 @@
package util
import (
"bytes"
"fmt"
"io"
"net/http"
"net/url"
"strings"
)
func ClientRequest(client *http.Client, method, url string, headers map[string]string, data []byte) (int, []byte, error) {
var res []byte
var code = 0
req, err := http.NewRequest(strings.ToUpper(method), url, bytes.NewBuffer(data))
if err != nil {
return code, res, err
}
for k, v := range headers {
req.Header.Set(k, v)
}
//req.AddCookie(&http.Cookie{Name: "session", Value: ""})
response, err := client.Do(req)
if err != nil && response == nil {
return code, res, fmt.Errorf("error: %+v", err)
} else {
if response != nil {
defer response.Body.Close()
r, err := io.ReadAll(response.Body)
return response.StatusCode, r, err
}
return code, res, nil
}
}
func PostForm(reqUrl string, content map[string]string) (int, []byte, error) {
data := url.Values{}
for k, v := range content {
data.Add(k, v)
}
resp, err := http.PostForm(reqUrl, data)
if resp != nil {
defer resp.Body.Close()
}
if err != nil {
return 0, nil, err
}
r, err := io.ReadAll(resp.Body)
return resp.StatusCode, r, err
}

164
backend/pkg/util/util.go
View File

@@ -1,164 +0,0 @@
package util
import (
"errors"
"fmt"
"net"
"os"
"path/filepath"
"reflect"
"strconv"
"time"
"unsafe"
"github.com/mitchellh/mapstructure"
)
func GetLocalIP() (string, error) {
interfaces, err := net.Interfaces()
if err != nil {
return "", err
}
for _, iface := range interfaces {
addrs, err := iface.Addrs()
if err != nil {
return "", err
}
for _, addr := range addrs {
ipNet, ok := addr.(*net.IPNet)
if ok && !ipNet.IP.IsLoopback() && ipNet.IP.To4() != nil {
return ipNet.IP.String(), nil
}
}
}
return "", errors.New("cannot find the client IP address")
}
func GetMacAddrs() (macAddrs []string) {
netInterfaces, err := net.Interfaces()
if err != nil {
return macAddrs
}
for _, netInterface := range netInterfaces {
macAddr := netInterface.HardwareAddr.String()
if len(macAddr) == 0 {
continue
}
macAddrs = append(macAddrs, macAddr)
}
return macAddrs
}
func CallReflect(any any, name string, args ...any) []reflect.Value {
inputs := make([]reflect.Value, len(args))
for i := range args {
inputs[i] = reflect.ValueOf(args[i])
}
if v := reflect.ValueOf(any).MethodByName(name); v.String() == "<invalid Value>" {
return nil
} else {
return v.Call(inputs)
}
}
func SetUnExportedStructField(ptr any, field string, newValue any) error {
v := reflect.ValueOf(ptr).Elem().FieldByName(field)
v = reflect.NewAt(v.Type(), unsafe.Pointer(v.UnsafeAddr())).Elem()
nv := reflect.ValueOf(newValue)
if v.Kind() != nv.Kind() {
return fmt.Errorf("expected kind :%s, get kind: %s", v.Kind(), nv.Kind())
}
v.Set(nv)
return nil
}
//func CopyStruct(source interface{}, dest interface{}) {
// val := reflect.ValueOf(source)
// destVal := reflect.ValueOf(dest).Elem()
//
// for i := 0; i < val.NumField(); i++ {
// field := val.Type().Field(i).Name
// destField := destVal.FieldByName(field)
// if destField.IsValid() && destField.CanSet() {
// destField.Set(val.Field(i))
// }
// }
//}
func CopyStruct(src, dst interface{}) error {
srcVal := reflect.ValueOf(src)
dstVal := reflect.ValueOf(dst).Elem()
for i := 0; i < srcVal.NumField(); i++ {
srcField := srcVal.Type().Field(i)
dstField, found := dstVal.Type().FieldByName(srcField.Name)
if found {
if dstField.Type.AssignableTo(srcField.Type) {
dstVal.FieldByName(srcField.Name).Set(srcVal.Field(i))
} else {
return fmt.Errorf("Cannot assign %s field", srcField.Name)
}
}
}
return nil
}
func ToTimeHookFunc() mapstructure.DecodeHookFunc {
return func(
f reflect.Type,
t reflect.Type,
data interface{}) (interface{}, error) {
if t != reflect.TypeOf(time.Time{}) {
return data, nil
}
switch f.Kind() {
case reflect.String:
return time.Parse(time.RFC3339, data.(string))
case reflect.Float64:
return time.Unix(0, int64(data.(float64))*int64(time.Millisecond)), nil
case reflect.Int64:
return time.Unix(0, data.(int64)*int64(time.Millisecond)), nil
default:
return data, nil
}
// Convert it by parsing
}
}
func decodeHook(f reflect.Type, t reflect.Type, data interface{}) (interface{}, error) {
if f.Kind() == reflect.Int && t.Kind() == reflect.String {
return strconv.Itoa(data.(int)), nil
}
return data, nil
}
func DecodeStruct(dst, src any) error {
decoder, _ := mapstructure.NewDecoder(&mapstructure.DecoderConfig{
TagName: "json",
Result: &dst,
DecodeHook: mapstructure.ComposeDecodeHookFunc(
ToTimeHookFunc()),
})
return decoder.Decode(src)
}
func ListFiles(path string) (res []string, err error) {
err = filepath.Walk(path, func(path string, info os.FileInfo, err error) error {
if err != nil {
return err
}
if !info.IsDir() && filepath.Ext(path) == ".toml" {
res = append(res, path)
}
return nil
})
return
}

8
backend/pkg/server/remote/http.go → backend/remote/http.go
View File

@@ -14,9 +14,9 @@ import (
"github.com/spf13/cast"
"go.uber.org/zap"
"github.com/veops/oneterm/pkg/conf"
"github.com/veops/oneterm/pkg/logger"
"github.com/veops/oneterm/pkg/server/storage/cache/redis"
redis "github.com/veops/oneterm/cache"
"github.com/veops/oneterm/conf"
"github.com/veops/oneterm/logger"
)
var (
@@ -54,7 +54,7 @@ func HandleErr(e error, resp *resty.Response, isOk func(dt map[string]any) bool)
defer func() {
if err != nil {
bs, _ := json.Marshal(resp.Request.Body)
logger.L.Error(fmt.Sprintf("%s failed", runtime.FuncForPC(pc).Name()), zap.String("url", resp.Request.URL), zap.String("req", string(bs)), zap.String("resp", resp.String()))
logger.L().Error(fmt.Sprintf("%s failed", runtime.FuncForPC(pc).Name()), zap.String("url", resp.Request.URL), zap.String("req", string(bs)), zap.String("resp", resp.String()))
}
}()

30
backend/pkg/server/schedule/connectable/connectable.go → backend/schedule/connectable.go
View File

@@ -1,4 +1,4 @@
package connectable
package schedule
import (
"context"
@@ -12,11 +12,11 @@ import (
"github.com/spf13/cast"
"go.uber.org/zap"
"github.com/veops/oneterm/pkg/logger"
ggateway "github.com/veops/oneterm/pkg/server/global/gateway"
"github.com/veops/oneterm/pkg/server/model"
"github.com/veops/oneterm/pkg/server/storage/db/mysql"
"github.com/veops/oneterm/pkg/util"
mysql "github.com/veops/oneterm/db"
ggateway "github.com/veops/oneterm/gateway"
"github.com/veops/oneterm/logger"
"github.com/veops/oneterm/model"
"github.com/veops/oneterm/util"
)
var (
@@ -24,7 +24,7 @@ var (
d = time.Hour * 2
)
func Run() (err error) {
func RunConnectable() (err error) {
tk := time.NewTicker(d)
for {
select {
@@ -36,14 +36,14 @@ func Run() (err error) {
}
}
func Stop(err error) {
func StopConnectable(err error) {
defer cancel()
}
func CheckUpdate(ids ...int) (err error) {
defer func() {
if err != nil {
logger.L.Warn("check connectable failed", zap.Error(err))
logger.L().Warn("check connectable failed", zap.Error(err))
}
}()
assets := make([]*model.Asset, 0)
@@ -56,7 +56,7 @@ func CheckUpdate(ids ...int) (err error) {
}
if err = db.
Find(&assets).Error; err != nil {
logger.L.Debug("get assets to test connectable failed", zap.Error(err))
logger.L().Debug("get assets to test connectable failed", zap.Error(err))
return
}
gids := lo.Without(lo.Uniq(lo.Map(assets, func(a *model.Asset, _ int) int { return a.GatewayId })), 0)
@@ -66,7 +66,7 @@ func CheckUpdate(ids ...int) (err error) {
Model(gateways).
Where("id IN ?", gids).
Find(&gateways).Error; err != nil {
logger.L.Debug("get gatewats to test connectable failed", zap.Error(err))
logger.L().Debug("get gatewats to test connectable failed", zap.Error(err))
return
}
}
@@ -89,12 +89,12 @@ func CheckUpdate(ids ...int) (err error) {
ggateway.GetGatewayManager().Close(sids...)
if len(oks) > 0 {
if err := mysql.DB.Model(assets).Where("id IN ?", oks).Update("connectable", true).Error; err != nil {
logger.L.Debug("update connectable to ok failed", zap.Error(err))
logger.L().Debug("update connectable to ok failed", zap.Error(err))
}
}
if len(oks) < len(all) {
if err := mysql.DB.Model(assets).Where("id IN ?", lo.Without(all, oks...)).Update("connectable", false).Error; err != nil {
logger.L.Debug("update connectable to fail failed", zap.Error(err))
logger.L().Debug("update connectable to fail failed", zap.Error(err))
}
}
return
@@ -111,7 +111,7 @@ func checkOne(asset *model.Asset, gateway *model.Gateway) (sid string, ok bool)
if asset.GatewayId != 0 {
gt, err = ggateway.GetGatewayManager().Open(sid, ip, port, gateway)
if err != nil {
logger.L.Debug("open gateway failed", zap.Error(err))
logger.L().Debug("open gateway failed", zap.Error(err))
continue
}
ip, port = gt.LocalIp, gt.LocalPort
@@ -119,7 +119,7 @@ func checkOne(asset *model.Asset, gateway *model.Gateway) (sid string, ok bool)
addr := fmt.Sprintf("%s:%d", ip, port)
net, err := net.DialTimeout("tcp", addr, time.Second*3)
if err != nil {
logger.L.Debug("dail failed", zap.String("addr", addr), zap.Error(err))
logger.L().Debug("dail failed", zap.String("addr", addr), zap.Error(err))
continue
}
defer net.Close()

11
backend/pkg/server/global/session/session.go → backend/session/session.go
View File

@@ -9,12 +9,13 @@ import (
"time"
"github.com/gin-gonic/gin"
"github.com/veops/oneterm/pkg/logger"
"github.com/veops/oneterm/pkg/server/guacd"
"github.com/veops/oneterm/pkg/server/model"
"github.com/veops/oneterm/pkg/server/storage/db/mysql"
"go.uber.org/zap"
"gorm.io/gorm/clause"
"github.com/veops/oneterm/api/guacd"
mysql "github.com/veops/oneterm/db"
"github.com/veops/oneterm/logger"
"github.com/veops/oneterm/model"
)
var (
@@ -85,7 +86,7 @@ func Init() (err error) {
Where("status = ?", model.SESSIONSTATUS_ONLINE).
Find(&sessions).
Error; err != nil {
logger.L.Warn("get sessions failed", zap.Error(err))
logger.L().Warn("get sessions failed", zap.Error(err))
return
}
ctx := &gin.Context{}

0
backend/pkg/util/aes.go → backend/util/aes.go
View File

0
backend/pkg/util/aes_test.go → backend/util/aes_test.go
View File

11
docker-compose.yaml
View File

@@ -138,17 +138,6 @@ services:
aliases:
- acl-api
volumes:
db-data:
driver: local
name: oneterm_db-data
file-data:
driver: local
name: oneterm_file-data
ssh-data:
driver: local
name: oneterm_ssh
networks:
new:
driver: bridge