From fc2920e1403e1b5d1fbab805ee18dc0d57160787 Mon Sep 17 00:00:00 2001 From: lihz Date: Tue, 13 Jun 2023 13:22:00 +0800 Subject: [PATCH] =?UTF-8?q?=E5=BC=BA=E5=88=B6=E4=BD=BF=E7=94=A8=E8=A7=84?= =?UTF-8?q?=E8=8C=83=E7=9A=84=E7=BD=91=E7=BB=9C=E8=B7=AF=E7=94=B1=E5=9C=B0?= =?UTF-8?q?=E5=9D=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- build.sh | 0 server/dbdata/group.go | 17 +++++++++++++++-- server/dbdata/policy.go | 15 +++++++++++++-- server/dbdata/policy_test.go | 8 ++++---- server/dbdata/user_test.go | 6 +++--- 5 files changed, 35 insertions(+), 11 deletions(-) mode change 100644 => 100755 build.sh diff --git a/build.sh b/build.sh old mode 100644 new mode 100755 diff --git a/server/dbdata/group.go b/server/dbdata/group.go index e664aeb..8e561b6 100644 --- a/server/dbdata/group.go +++ b/server/dbdata/group.go @@ -117,11 +117,18 @@ func SetGroup(g *Group) error { continue } - ipMask, _, err := parseIpNet(v.Val) + ipMask, ipNet, err := parseIpNet(v.Val) + if err != nil { return errors.New("RouteInclude 错误" + err.Error()) } + // 给Mac系统下发路由时,必须是标准的网络地址 + if strings.Split(ipMask, "/")[0] != ipNet.IP.String() { + errMsg := fmt.Sprintf("RouteInclude 错误: 网络地址错误,建议: %s 改为 %s", v.Val, ipNet) + return errors.New(errMsg) + } + v.IpMask = ipMask routeInclude = append(routeInclude, v) } @@ -130,10 +137,16 @@ func SetGroup(g *Group) error { routeExclude := []ValData{} for _, v := range g.RouteExclude { if v.Val != "" { - ipMask, _, err := parseIpNet(v.Val) + ipMask, ipNet, err := parseIpNet(v.Val) if err != nil { return errors.New("RouteExclude 错误" + err.Error()) } + + if strings.Split(ipMask, "/")[0] != ipNet.IP.String() { + errMsg := fmt.Sprintf("RouteInclude 错误: 网络地址错误,建议: %s 改为 %s", v.Val, ipNet) + return errors.New(errMsg) + } + v.IpMask = ipMask routeExclude = append(routeExclude, v) } diff --git a/server/dbdata/policy.go b/server/dbdata/policy.go index 9777804..e2e3b7b 100644 --- a/server/dbdata/policy.go +++ b/server/dbdata/policy.go @@ -2,6 +2,7 @@ package dbdata import ( "errors" + "fmt" "net" "strings" "time" @@ -31,11 +32,16 @@ func SetPolicy(p *Policy) error { continue } - ipMask, _, err := parseIpNet(v.Val) + ipMask, ipNet, err := parseIpNet(v.Val) if err != nil { return errors.New("RouteInclude 错误" + err.Error()) } + if strings.Split(ipMask, "/")[0] != ipNet.IP.String() { + errMsg := fmt.Sprintf("RouteInclude 错误: 网络地址错误,建议: %s 改为 %s", v.Val, ipNet) + return errors.New(errMsg) + } + v.IpMask = ipMask routeInclude = append(routeInclude, v) } @@ -45,10 +51,15 @@ func SetPolicy(p *Policy) error { routeExclude := []ValData{} for _, v := range p.RouteExclude { if v.Val != "" { - ipMask, _, err := parseIpNet(v.Val) + ipMask, ipNet, err := parseIpNet(v.Val) if err != nil { return errors.New("RouteExclude 错误" + err.Error()) } + + if strings.Split(ipMask, "/")[0] != ipNet.IP.String() { + errMsg := fmt.Sprintf("RouteInclude 错误: 网络地址错误,建议: %s 改为 %s", v.Val, ipNet) + return errors.New(errMsg) + } v.IpMask = ipMask routeExclude = append(routeExclude, v) } diff --git a/server/dbdata/policy_test.go b/server/dbdata/policy_test.go index e2dd409..102e288 100644 --- a/server/dbdata/policy_test.go +++ b/server/dbdata/policy_test.go @@ -21,19 +21,19 @@ func TestGetPolicy(t *testing.T) { err = SetPolicy(&p2) ast.Nil(err) - route := []ValData{{Val: "192.168.1.1/24"}} + route := []ValData{{Val: "192.168.1.0/24"}} p3 := Policy{Username: "a3", ClientDns: []ValData{{Val: "114.114.114.114"}}, RouteInclude: route, DsExcludeDomains: "com.cn,qq.com"} err = SetPolicy(&p3) ast.Nil(err) // 判断 IpMask - ast.Equal(p3.RouteInclude[0].IpMask, "192.168.1.1/255.255.255.0") + ast.Equal(p3.RouteInclude[0].IpMask, "192.168.1.0/255.255.255.0") - route2 := []ValData{{Val: "192.168.2.1/24"}} + route2 := []ValData{{Val: "192.168.2.0/24"}} p4 := Policy{Username: "a4", ClientDns: []ValData{{Val: "114.114.114.114"}}, RouteExclude: route2, DsIncludeDomains: "com.cn,qq.com"} err = SetPolicy(&p4) ast.Nil(err) // 判断 IpMask - ast.Equal(p4.RouteExclude[0].IpMask, "192.168.2.1/255.255.255.0") + ast.Equal(p4.RouteExclude[0].IpMask, "192.168.2.0/255.255.255.0") // 判断所有数据 var userPolicy *Policy diff --git a/server/dbdata/user_test.go b/server/dbdata/user_test.go index fea4735..2238837 100644 --- a/server/dbdata/user_test.go +++ b/server/dbdata/user_test.go @@ -17,12 +17,12 @@ func TestCheckUser(t *testing.T) { // 添加一个组 dns := []ValData{{Val: "114.114.114.114"}} - route := []ValData{{Val: "192.168.1.1/24"}} + route := []ValData{{Val: "192.168.1.0/24"}} g := Group{Name: group, Status: 1, ClientDns: dns, RouteInclude: route} err := SetGroup(&g) ast.Nil(err) // 判断 IpMask - ast.Equal(g.RouteInclude[0].IpMask, "192.168.1.1/255.255.255.0") + ast.Equal(g.RouteInclude[0].IpMask, "192.168.1.0/255.255.255.0") // 添加一个用户 u := User{Username: "aaa", Groups: []string{group}, Status: 1} @@ -59,7 +59,7 @@ func TestCheckUser(t *testing.T) { } // 添加用户策略 dns2 := []ValData{{Val: "8.8.8.8"}} - route2 := []ValData{{Val: "192.168.2.1/24"}} + route2 := []ValData{{Val: "192.168.2.0/24"}} p1 := Policy{Username: "aaa", Status: 1, ClientDns: dns2, RouteInclude: route2} err = SetPolicy(&p1) ast.Nil(err)