7x31
/
anylink
mirror of https://github.com/bjdgyc/anylink.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #310 from imhun/main 

acl支持逗号分隔多端口号配置
This commit is contained in:
bjdgyc 2024-04-11 11:40:39 +08:00 committed by GitHub
parent 380a8cb3fb 8f196cb4e2
commit 6e0c0efa85
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 132 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
server/dbdata/group.go
View File

@ -5,6 +5,7 @@ import (
"fmt" "fmt"
"net" "net"
"regexp" "regexp"
"strconv"
"strings" "strings"
"time" "time"
@ -24,11 +25,12 @@ const DsMaxLen = 20000
type GroupLinkAcl struct { type GroupLinkAcl struct {
// 自上而下匹配 默认 allow * * // 自上而下匹配 默认 allow * *
Action string `json:"action"` // allow、deny Action string `json:"action"` // allow、deny
Val string `json:"val"` Val string `json:"val"`
Port uint16 `json:"port"` Port interface{} `json:"port"` //兼容单端口历史数据类型uint16
IpNet *net.IPNet `json:"ip_net"` Ports map[uint16]int8 `json:"ports"`
Note string `json:"note"` IpNet *net.IPNet `json:"ip_net"`
Note string `json:"note"`
} }
type ValData struct { type ValData struct {
@ -161,9 +163,52 @@ func SetGroup(g *Group) error {
return errors.New("GroupLinkAcl 错误" + err.Error()) return errors.New("GroupLinkAcl 错误" + err.Error())
} }
v.IpNet = ipNet v.IpNet = ipNet
linkAcl = append(linkAcl, v)
portsStr := ""
switch vp := v.Port.(type) {
case float64:
portsStr = strconv.Itoa(int(vp))
case string:
portsStr = vp
}
if regexp.MustCompile(`^\d{1,5}(-\d{1,5})?(,\d{1,5}(-\d{1,5})?)*$`).MatchString(portsStr) {
ports := map[uint16]int8{}
for _, p := range strings.Split(portsStr, ",") {
if p == "" {
continue
}
if regexp.MustCompile(`^\d{1,5}-\d{1,5}$`).MatchString(p) {
rp := strings.Split(p, "-")
portfrom, err := strconv.Atoi(rp[0])
if err != nil {
return errors.New("端口:" + rp[0] + " 格式错误, " + err.Error())
}
portto, err := strconv.Atoi(rp[1])
if err != nil {
return errors.New("端口:" + rp[1] + " 格式错误, " + err.Error())
}
for i := portfrom; i <= portto; i++ {
ports[uint16(i)] = 1
}
} else {
port, err := strconv.Atoi(p)
if err != nil {
return errors.New("端口:" + p + " 格式错误, " + err.Error())
}
ports[uint16(port)] = 1
}
}
v.Ports = ports
linkAcl = append(linkAcl, v)
} else {
return errors.New("端口: " + portsStr + " 格式错误,请用逗号分隔的端口,比如: 22,80,443 连续端口用-,比如:1234-5678")
}
} }
} }
g.LinkAcl = linkAcl g.LinkAcl = linkAcl
// DNS 判断 // DNS 判断
@ -238,6 +283,15 @@ func SetGroup(g *Group) error {
return err return err
} }
func ContainsInPorts(ports map[uint16]int8, port uint16) bool {
_, ok := ports[port]
if ok {
return true
} else {
return false
}
}
func GroupAuthLogin(name, pwd string, authData map[string]interface{}) error { func GroupAuthLogin(name, pwd string, authData map[string]interface{}) error {
g := &Group{Auth: authData} g := &Group{Auth: authData}
authType := g.Auth["type"].(string) authType := g.Auth["type"].(string)

23
server/handler/payload.go
View File

@ -88,12 +88,25 @@ func checkLinkAcl(group *dbdata.Group, pl *sessdata.Payload) bool {
for _, v := range group.LinkAcl { for _, v := range group.LinkAcl {
// 循环判断ip和端口 // 循环判断ip和端口
if v.IpNet.Contains(ipDst) { if v.IpNet.Contains(ipDst) {
// 放行允许ip的ping // 放行允许ip的ping
if v.Port == ipPort || v.Port == 0 || ipProto == waterutil.ICMP { if v.Ports == nil || len(v.Ports) == 0 {
if v.Action == dbdata.Allow { //单端口历史数据兼容
return true port := uint16(v.Port.(float64))
} else { if port == ipPort || port == 0 || ipProto == waterutil.ICMP {
return false if v.Action == dbdata.Allow {
return true
} else {
return false
}
}
} else {
if dbdata.ContainsInPorts(v.Ports, ipPort) || dbdata.ContainsInPorts(v.Ports, 0) || ipProto == waterutil.ICMP {
if v.Action == dbdata.Allow {
return true
} else {
return false
}
} }
} }
} }

14
web/src/pages/group/List.vue
View File

@ -344,16 +344,16 @@
<el-tab-pane label="权限控制" name="link_acl"> <el-tab-pane label="权限控制" name="link_acl">
<el-form-item label="权限控制" prop="link_acl"> <el-form-item label="权限控制" prop="link_acl">
<el-row class="msg-info"> <el-row class="msg-info">
<el-col :span="20">输入CIDR格式如: 192.168.3.0/24 端口0表示所有端口</el-col> <el-col :span="22">输入CIDR格式如: 192.168.3.0/24 端口0表示所有端口,多个端口用,号分隔,连续端口:1234-5678</el-col>
<el-col :span="4"> <el-col :span="2">
<el-button size="mini" type="success" icon="el-icon-plus" circle <el-button size="mini" type="success" icon="el-icon-plus" circle
@click.prevent="addDomain(ruleForm.link_acl)"></el-button> @click.prevent="addDomain(ruleForm.link_acl)"></el-button>
</el-col> </el-col>
</el-row> </el-row>
<el-row v-for="(item,index) in ruleForm.link_acl" <el-row v-for="(item,index) in ruleForm.link_acl"
:key="index" style="margin-bottom: 5px" :gutter="5"> :key="index" style="margin-bottom: 5px" :gutter="1">
<el-col :span="11"> <el-col :span="10">
<el-input placeholder="请输入CIDR地址" v-model="item.val"> <el-input placeholder="请输入CIDR地址" v-model="item.val">
<el-select v-model="item.action" slot="prepend"> <el-select v-model="item.action" slot="prepend">
<el-option label="允许" value="allow"></el-option> <el-option label="允许" value="allow"></el-option>
@ -361,10 +361,10 @@
</el-select> </el-select>
</el-input> </el-input>
</el-col> </el-col>
<el-col :span="3"> <el-col :span="6">
<el-input v-model.number="item.port" placeholder="端口"></el-input> <el-input type="textarea" :autosize="{ minRows: 1, maxRows: 2}" v-model="item.port" placeholder="多端口,号分隔"></el-input>
</el-col> </el-col>
<el-col :span="8"> <el-col :span="6">
<el-input v-model="item.note" placeholder="备注"></el-input> <el-input v-model="item.note" placeholder="备注"></el-input>
</el-col> </el-col>
<el-col :span="2"> <el-col :span="2">