修复acl表结构

2024-04-22 16:47:06 +08:00 · 2024-04-22 16:47:06 +08:00 · cb902a6b9b
parent 1b066ef602
commit cb902a6b9b
3 changed files with 27 additions and 26 deletions
--- a/server/dbdata/group.go
+++ b/server/dbdata/group.go
@ -27,7 +27,7 @@ type GroupLinkAcl struct {
 	// 自上而下匹配 默认 allow * *
 	Action string          `json:"action"` // allow、deny
 	Val    string          `json:"val"`
-	Port   interface{}     `json:"port"` //兼容单端口历史数据类型uint16
+	Port   string          `json:"port"` // 兼容单端口历史数据类型uint16
 	Ports  map[uint16]int8 `json:"ports"`
 	IpNet  *net.IPNet      `json:"ip_net"`
 	Note   string          `json:"note"`
@ -164,13 +164,14 @@ func SetGroup(g *Group) error {
 			}
 			v.IpNet = ipNet

-			portsStr := ""
-			switch vp := v.Port.(type) {
-				case float64:
-					portsStr = strconv.Itoa(int(vp))
-				case string:
-					portsStr = vp
-			}
+			portsStr := v.Port
+			v.Port = strings.TrimSpace(portsStr)
+			// switch vp := v.Port.(type) {
+			// case float64:
+			// 	portsStr = strconv.Itoa(int(vp))
+			// case string:
+			// 	portsStr = vp
+			// }

 			if regexp.MustCompile(`^\d{1,5}(-\d{1,5})?(,\d{1,5}(-\d{1,5})?)*$`).MatchString(portsStr) {
 				ports := map[uint16]int8{}
--- a/server/handler/payload.go
+++ b/server/handler/payload.go
@ -90,17 +90,18 @@ func checkLinkAcl(group *dbdata.Group, pl *sessdata.Payload) bool {
 		if v.IpNet.Contains(ipDst) {

 			// 放行允许ip的ping
-			if v.Ports == nil || len(v.Ports) == 0 {
-				//单端口历史数据兼容
-				port := uint16(v.Port.(float64))
-				if port == ipPort || port == 0 || ipProto == waterutil.ICMP {
-					if v.Action == dbdata.Allow {
-						return true
-					} else {
-						return false
-					}
-				}
-			} else {
+			// if v.Ports == nil || len(v.Ports) == 0 {
+			// 	//单端口历史数据兼容
+			// 	port := uint16(v.Port.(float64))
+			// 	if port == ipPort || port == 0 || ipProto == waterutil.ICMP {
+			// 		if v.Action == dbdata.Allow {
+			// 			return true
+			// 		} else {
+			// 			return false
+			// 		}
+			// 	}
+			// } else {
+
 			if dbdata.ContainsInPorts(v.Ports, ipPort) || dbdata.ContainsInPorts(v.Ports, 0) || ipProto == waterutil.ICMP {
 				if v.Action == dbdata.Allow {
 					return true
@ -110,7 +111,6 @@ func checkLinkAcl(group *dbdata.Group, pl *sessdata.Payload) bool {
 			}
 		}
 	}
-	}

 	return false
 }
--- a/web/src/pages/group/List.vue
+++ b/web/src/pages/group/List.vue
@ -344,7 +344,7 @@
            <el-tab-pane label="权限控制" name="link_acl">
                <el-form-item label="权限控制" prop="link_acl">
                <el-row class="msg-info">
-                    <el-col :span="22">输入CIDR格式如: 192.168.3.0/24 端口0表示所有端口,多个端口用,号分隔,连续端口:1234-5678</el-col>
+                    <el-col :span="22">输入CIDR格式如: 192.168.3.0/24 端口0表示所有端口,多个端口用','号分隔,连续端口:1234-5678</el-col>
                    <el-col :span="2">
                    <el-button size="mini" type="success" icon="el-icon-plus" circle
                                @click.prevent="addDomain(ruleForm.link_acl)"></el-button>