From 8df34428dd015893df9466ba6b9101f47fe695bb Mon Sep 17 00:00:00 2001 From: huweishan Date: Mon, 8 Apr 2024 14:54:09 +0800 Subject: [PATCH] =?UTF-8?q?acl=E6=94=AF=E6=8C=81=E9=80=97=E5=8F=B7?= =?UTF-8?q?=E5=88=86=E9=9A=94=E5=A4=9A=E7=AB=AF=E5=8F=A3=E5=8F=B7=E9=85=8D?= =?UTF-8?q?=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- server/dbdata/group.go | 39 +++++++++++-- server/handler/payload.go | 2 +- web/src/pages/group/List.vue | 110 +++++++++++++++++------------------ 3 files changed, 89 insertions(+), 62 deletions(-) diff --git a/server/dbdata/group.go b/server/dbdata/group.go index 8e561b6..d8f8f1f 100644 --- a/server/dbdata/group.go +++ b/server/dbdata/group.go @@ -6,6 +6,7 @@ import ( "net" "regexp" "strings" + "strconv" "time" "github.com/bjdgyc/anylink/base" @@ -24,11 +25,12 @@ const DsMaxLen = 20000 type GroupLinkAcl struct { // 自上而下匹配 默认 allow * * - Action string `json:"action"` // allow、deny - Val string `json:"val"` - Port uint16 `json:"port"` - IpNet *net.IPNet `json:"ip_net"` - Note string `json:"note"` + Action string `json:"action"` // allow、deny + Val string `json:"val"` + PortStr string `json:"port_str"` + Ports []uint16 `json:"ports"` + IpNet *net.IPNet `json:"ip_net"` + Note string `json:"note"` } type ValData struct { @@ -161,9 +163,25 @@ func SetGroup(g *Group) error { return errors.New("GroupLinkAcl 错误" + err.Error()) } v.IpNet = ipNet - linkAcl = append(linkAcl, v) + if regexp.MustCompile(`^\d{1,5}(,\d{1,5})*$`).MatchString(v.PortStr) { + for _, port := range strings.Split(v.PortStr, ",") { + if port == "" { + continue + } + portInt, err := strconv.Atoi(port) + if err != nil { + return errors.New("端口:"+port+" 格式错误, " + err.Error()) + } + v.Ports = append(v.Ports, uint16(portInt)) + } + linkAcl = append(linkAcl, v) + } else { + return errors.New("端口: "+v.PortStr+" 格式错误,请用逗号分隔的端口列表,比如: 22,80,443") + } + } } + g.LinkAcl = linkAcl // DNS 判断 @@ -238,6 +256,15 @@ func SetGroup(g *Group) error { return err } +func ContainsInPorts(ports []uint16, port uint16) bool { + for _, p := range ports { + if p == port { + return true + } + } + return false +} + func GroupAuthLogin(name, pwd string, authData map[string]interface{}) error { g := &Group{Auth: authData} authType := g.Auth["type"].(string) diff --git a/server/handler/payload.go b/server/handler/payload.go index e5ed545..2bca3f6 100644 --- a/server/handler/payload.go +++ b/server/handler/payload.go @@ -89,7 +89,7 @@ func checkLinkAcl(group *dbdata.Group, pl *sessdata.Payload) bool { // 循环判断ip和端口 if v.IpNet.Contains(ipDst) { // 放行允许ip的ping - if v.Port == ipPort || v.Port == 0 || ipProto == waterutil.ICMP { + if dbdata.ContainsInPorts( v.Ports , ipPort) || v.Ports[0] == 0 || ipProto == waterutil.ICMP { if v.Action == dbdata.Allow { return true } else { diff --git a/web/src/pages/group/List.vue b/web/src/pages/group/List.vue index cb28dce..085b22a 100644 --- a/web/src/pages/group/List.vue +++ b/web/src/pages/group/List.vue @@ -52,7 +52,7 @@ + {{ item.val }}
- {{ item.val }} + {{ item.val }}
- {{ readMore[`ri_${ scope.row.id }`] ? "▲ 收起" : "▼ 更多" }} -
+ {{ readMore[`ri_${ scope.row.id }`] ? "▲ 收起" : "▼ 更多" }} + @@ -87,9 +87,9 @@ {{ item.val }}
- {{ item.val }} + {{ item.val }}
- {{ readMore[`re_${ scope.row.id }`] ? "▲ 收起" : "▼ 更多" }} + {{ readMore[`re_${ scope.row.id }`] ? "▲ 收起" : "▼ 更多" }}
@@ -100,15 +100,15 @@ min-width="180"> @@ -178,7 +178,7 @@ - + @@ -234,7 +234,7 @@ 启用 停用 - + @@ -244,43 +244,43 @@ Radius LDAP - + - + + + @@ -293,7 +293,7 @@ - + - + - 输入CIDR格式如: 192.168.3.0/24 端口0表示所有端口 + 输入CIDR格式如: 192.168.3.0/24 端口0表示所有端口,多个端口用,号分隔 - + - + :key="index" style="margin-bottom: 5px" :gutter="1"> + @@ -361,10 +361,10 @@ - - + + - + @@ -378,7 +378,7 @@ - +
注:域名拆分隧道,仅支持AnyConnect的windows和MacOS桌面客户端,不支持移动端.
@@ -392,7 +392,7 @@ 取消 - + 取 消 - + { resp.data.data.bandwidth_format = this.convertBandwidth(resp.data.data.bandwidth, 'BYTE', 'Mbps').toString(); - this.ruleForm = resp.data.data; + this.ruleForm = resp.data.data; this.setAuthData(resp.data.data); }).catch(error => { this.$message.error('哦,请求出错'); @@ -654,7 +654,7 @@ export default { if (!valid) { console.log('error submit!!'); return false; - } + } this.authLoginLoading = true; axios.post('/group/auth_login', {name:this.authLoginForm.name, pwd:this.authLoginForm.pwd, @@ -663,7 +663,7 @@ export default { if (rdata.code === 0) { this.$message.success("登录成功"); } else { - this.$message.error(rdata.msg); + this.$message.error(rdata.msg); } this.authLoginLoading = false; console.log(rdata); @@ -679,7 +679,7 @@ export default { if (!valid) { console.log('error submit!!'); return false; - } + } this.authLoginDialog = true; // set authLoginFormName focus this.$nextTick(() => { @@ -690,14 +690,14 @@ export default { openIpListDialog(type) { this.ipListDialog = true; this.ipEditForm.type = type; - this.ipEditForm.ip_list = this.ruleForm[type].map(item => item.val + (item.note ? "," + item.note : "")).join("\n"); + this.ipEditForm.ip_list = this.ruleForm[type].map(item => item.val + (item.note ? "," + item.note : "")).join("\n"); }, ipEdit() { this.ipEditLoading = true; let ipList = []; if (this.ipEditForm.ip_list.trim() !== "") { ipList = this.ipEditForm.ip_list.trim().split("\n"); - } + } let arr = []; for (let i = 0; i < ipList.length; i++) { let item = ipList[i]; @@ -714,7 +714,7 @@ export default { }; if (this.ipEditForm.type == "route_include" && ip[0] == "all") { pushToArr(); - continue; + continue; } let valid = this.isValidCIDR(ip[0]); if (!valid.valid) { @@ -768,14 +768,14 @@ export default { var isSwitch = true if (! this.user_edit_dialog) { return isSwitch; - } + } this.$refs['ruleForm'].validate((valid) => { if (!valid) { this.$message.error("错误:您有必填项没有填写。") isSwitch = false; return false; } - }); + }); return isSwitch; }, closeDialog() {