acl支持逗号分隔多端口号配置

2024-04-08 14:54:09 +08:00 · 2024-04-08 14:54:09 +08:00 · 8df34428dd
parent 380a8cb3fb
commit 8df34428dd
3 changed files with 89 additions and 62 deletions
--- a/server/dbdata/group.go
+++ b/server/dbdata/group.go
@ -6,6 +6,7 @@ import (
 	"net"
 	"regexp"
 	"strings"
+	"strconv"
 	"time"

 	"github.com/bjdgyc/anylink/base"
@ -26,7 +27,8 @@ type GroupLinkAcl struct {
 	// 自上而下匹配 默认 allow * *
 	Action 		string     `json:"action"` // allow、deny
 	Val    		string     `json:"val"`
-	Port   uint16     `json:"port"`
+	PortStr    	string     `json:"port_str"`
+	Ports   	[]uint16   `json:"ports"`
 	IpNet  		*net.IPNet `json:"ip_net"`
 	Note   		string     `json:"note"`
 }
@ -161,9 +163,25 @@ func SetGroup(g *Group) error {
 				return errors.New("GroupLinkAcl 错误" + err.Error())
 			}
 			v.IpNet = ipNet
+			if regexp.MustCompile(`^\d{1,5}(,\d{1,5})*$`).MatchString(v.PortStr) {
+				for _, port := range strings.Split(v.PortStr, ",") {
+					if port == "" {
+						continue
+					}
+					portInt, err := strconv.Atoi(port)
+					if err != nil {
+						return errors.New("端口:"+port+" 格式错误, " + err.Error())
+					}
+					v.Ports = append(v.Ports, uint16(portInt))
+				}
 				linkAcl = append(linkAcl, v)
+			} else {
+				return errors.New("端口: "+v.PortStr+" 格式错误,请用逗号分隔的端口列表,比如: 22,80,443")
+			}
+
 		}
 	}
+
 	g.LinkAcl = linkAcl

 	// DNS 判断
@ -238,6 +256,15 @@ func SetGroup(g *Group) error {
 	return err
 }

+func ContainsInPorts(ports []uint16, port uint16) bool {
+	for _, p := range ports {
+		if p == port {
+			return true
+		}
+	}
+	return false
+}
+
 func GroupAuthLogin(name, pwd string, authData map[string]interface{}) error {
 	g := &Group{Auth: authData}
 	authType := g.Auth["type"].(string)
--- a/server/handler/payload.go
+++ b/server/handler/payload.go
@ -89,7 +89,7 @@ func checkLinkAcl(group *dbdata.Group, pl *sessdata.Payload) bool {
 		// 循环判断ip和端口
 		if v.IpNet.Contains(ipDst) {
 			// 放行允许ip的ping
-			if v.Port == ipPort || v.Port == 0 || ipProto == waterutil.ICMP {
+			if dbdata.ContainsInPorts( v.Ports , ipPort) || v.Ports[0] == 0 || ipProto == waterutil.ICMP {
 				if v.Action == dbdata.Allow {
 					return true
 				} else {
--- a/web/src/pages/group/List.vue
+++ b/web/src/pages/group/List.vue
@ -100,12 +100,12 @@
            min-width="180">
          <template slot-scope="scope">
            <el-row v-for="(item,inx) in scope.row.link_acl.slice(0, readMinRows)" :key="inx">
-              {{ item.action }} => {{ item.val }} : {{ item.port }}
+              {{ item.action }} => {{ item.val }} : {{ item.port_str }}
            </el-row>
            <div v-if="scope.row.link_acl.length > readMinRows">
              <div v-if="readMore[`la_${ scope.row.id }`]">
                <el-row v-for="(item,inx) in scope.row.link_acl.slice(readMinRows)" :key="inx">
-                  {{ item.action }} => {{ item.val }} : {{ item.port }}
+                  {{ item.action }} => {{ item.val }} : {{ item.port_str }}
                </el-row>
              </div>
              <el-button size="mini" type="text" @click="toggleMore(`la_${ scope.row.id }`)">{{ readMore[`la_${ scope.row.id }`] ? "▲ 收起" : "▼ 更多" }}</el-button>
@ -344,7 +344,7 @@
            <el-tab-pane label="权限控制" name="link_acl">
                <el-form-item label="权限控制" prop="link_acl">
                <el-row class="msg-info">
-                    <el-col :span="20">输入CIDR格式如: 192.168.3.0/24 端口0表示所有端口</el-col>
+                    <el-col :span="20">输入CIDR格式如: 192.168.3.0/24 端口0表示所有端口,多个端口用,号分隔</el-col>
                    <el-col :span="4">
                    <el-button size="mini" type="success" icon="el-icon-plus" circle
                                @click.prevent="addDomain(ruleForm.link_acl)"></el-button>
@ -352,8 +352,8 @@
                </el-row>

                <el-row v-for="(item,index) in ruleForm.link_acl"
-                        :key="index" style="margin-bottom: 5px" :gutter="5">
-                    <el-col :span="11">
+                        :key="index" style="margin-bottom: 5px" :gutter="1">
+                    <el-col :span="10">
                    <el-input placeholder="请输入CIDR地址" v-model="item.val">
                        <el-select v-model="item.action" slot="prepend">
                        <el-option label="允许" value="allow"></el-option>
@ -361,10 +361,10 @@
                        </el-select>
                    </el-input>
                    </el-col>
-                    <el-col :span="3">
-                    <el-input v-model.number="item.port" placeholder="端口"></el-input>
+                    <el-col :span="6">
+                    <el-input v-model="item.port_str" type="textarea" :autosize="{ minRows: 1, maxRows: 2}" placeholder="多端口,号分隔"></el-input>
                    </el-col>
-                    <el-col :span="8">
+                    <el-col :span="6">
                    <el-input v-model="item.note" placeholder="备注"></el-input>
                    </el-col>
                    <el-col :span="2">