mirror of
https://github.com/bjdgyc/anylink.git
synced 2025-08-08 08:11:49 +08:00
新增用户策略的功能
This commit is contained in:
lanrenwo
@@ -25,7 +25,7 @@ func initDb() {
|
||||
}
|
||||
|
||||
// 初始化数据库
|
||||
err = xdb.Sync2(&User{}, &Setting{}, &Group{}, &IpMap{}, &AccessAudit{})
|
||||
err = xdb.Sync2(&User{}, &Setting{}, &Group{}, &IpMap{}, &AccessAudit{}, &Policy{})
|
||||
if err != nil {
|
||||
base.Fatal(err)
|
||||
}
|
||||
|
||||
@@ -161,7 +161,7 @@ func SetGroup(g *Group) error {
|
||||
} else {
|
||||
_, ok := authRegistry[authType]
|
||||
if !ok {
|
||||
return errors.New("未知的认证方式: " + fmt.Sprintf("%s", g.Auth["type"]))
|
||||
return errors.New("未知的认证方式: " + authType)
|
||||
}
|
||||
auth := makeInstance(authType).(IUserAuth)
|
||||
err = auth.checkData(g.Auth)
|
||||
|
||||
101
server/dbdata/policy.go
Normal file
101
server/dbdata/policy.go
Normal file
@@ -0,0 +1,101 @@
|
||||
package dbdata
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"net"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
||||
func GetPolicy(Username string) *Policy {
|
||||
policyData := &Policy{}
|
||||
err := One("Username", Username, policyData)
|
||||
if err != nil {
|
||||
return policyData
|
||||
}
|
||||
return policyData
|
||||
}
|
||||
|
||||
func SetPolicy(p *Policy) error {
|
||||
var err error
|
||||
if p.Username == "" {
|
||||
return errors.New("用户名错误")
|
||||
}
|
||||
|
||||
// 包含路由
|
||||
routeInclude := []ValData{}
|
||||
for _, v := range p.RouteInclude {
|
||||
if v.Val != "" {
|
||||
if v.Val == All {
|
||||
routeInclude = append(routeInclude, v)
|
||||
continue
|
||||
}
|
||||
|
||||
ipMask, _, err := parseIpNet(v.Val)
|
||||
if err != nil {
|
||||
return errors.New("RouteInclude 错误" + err.Error())
|
||||
}
|
||||
|
||||
v.IpMask = ipMask
|
||||
routeInclude = append(routeInclude, v)
|
||||
}
|
||||
}
|
||||
p.RouteInclude = routeInclude
|
||||
// 包含路由
|
||||
routeExclude := []ValData{}
|
||||
for _, v := range p.RouteExclude {
|
||||
if v.Val != "" {
|
||||
ipMask, _, err := parseIpNet(v.Val)
|
||||
if err != nil {
|
||||
return errors.New("RouteExclude 错误" + err.Error())
|
||||
}
|
||||
v.IpMask = ipMask
|
||||
routeExclude = append(routeExclude, v)
|
||||
}
|
||||
}
|
||||
p.RouteExclude = routeExclude
|
||||
|
||||
// DNS 判断
|
||||
clientDns := []ValData{}
|
||||
for _, v := range p.ClientDns {
|
||||
if v.Val != "" {
|
||||
ip := net.ParseIP(v.Val)
|
||||
if ip.String() != v.Val {
|
||||
return errors.New("DNS IP 错误")
|
||||
}
|
||||
clientDns = append(clientDns, v)
|
||||
}
|
||||
}
|
||||
if len(routeInclude) == 0 || (len(routeInclude) == 1 && routeInclude[0].Val == "all") {
|
||||
if len(clientDns) == 0 {
|
||||
return errors.New("默认路由,必须设置一个DNS")
|
||||
}
|
||||
}
|
||||
p.ClientDns = clientDns
|
||||
|
||||
// 域名拆分隧道,不能同时填写
|
||||
p.DsIncludeDomains = strings.TrimSpace(p.DsIncludeDomains)
|
||||
p.DsExcludeDomains = strings.TrimSpace(p.DsExcludeDomains)
|
||||
if p.DsIncludeDomains != "" && p.DsExcludeDomains != "" {
|
||||
return errors.New("包含/排除域名不能同时填写")
|
||||
}
|
||||
// 校验包含域名的格式
|
||||
err = CheckDomainNames(p.DsIncludeDomains)
|
||||
if err != nil {
|
||||
return errors.New("包含域名有误:" + err.Error())
|
||||
}
|
||||
// 校验排除域名的格式
|
||||
err = CheckDomainNames(p.DsExcludeDomains)
|
||||
if err != nil {
|
||||
return errors.New("排除域名有误:" + err.Error())
|
||||
}
|
||||
|
||||
p.UpdatedAt = time.Now()
|
||||
if p.Id > 0 {
|
||||
err = Set(p)
|
||||
} else {
|
||||
err = Add(p)
|
||||
}
|
||||
|
||||
return err
|
||||
}
|
||||
@@ -68,3 +68,17 @@ type AccessAudit struct {
|
||||
DstPort uint16 `json:"dst_port" xorm:"not null"`
|
||||
CreatedAt time.Time `json:"created_at" xorm:"DateTime"`
|
||||
}
|
||||
|
||||
type Policy struct {
|
||||
Id int `json:"id" xorm:"pk autoincr not null"`
|
||||
Username string `json:"username" xorm:"varchar(60) not null unique"`
|
||||
AllowLan bool `json:"allow_lan" xorm:"Bool"`
|
||||
ClientDns []ValData `json:"client_dns" xorm:"Text"`
|
||||
RouteInclude []ValData `json:"route_include" xorm:"Text"`
|
||||
RouteExclude []ValData `json:"route_exclude" xorm:"Text"`
|
||||
DsExcludeDomains string `json:"ds_exclude_domains" xorm:"Text"`
|
||||
DsIncludeDomains string `json:"ds_include_domains" xorm:"Text"`
|
||||
Status int8 `json:"status" xorm:"Int"` // 1正常 0 禁用
|
||||
CreatedAt time.Time `json:"created_at" xorm:"DateTime created"`
|
||||
UpdatedAt time.Time `json:"updated_at" xorm:"DateTime updated"`
|
||||
}
|
||||
|
||||
@@ -58,4 +58,12 @@ func TestCheckUser(t *testing.T) {
|
||||
ast.Equal("aaa Radius服务器连接异常, 请检测服务器和端口", err.Error())
|
||||
|
||||
}
|
||||
// 添加用户策略
|
||||
dns2 := []ValData{{Val: "8.8.8.8"}}
|
||||
route2 := []ValData{{Val: "192.168.2.1/24"}}
|
||||
p1 := Policy{Username: "aaa", Status: 1, ClientDns: dns2, RouteInclude: route2}
|
||||
err = SetPolicy(&p1)
|
||||
ast.Nil(err)
|
||||
err = CheckUser("aaa", u.PinCode, group)
|
||||
ast.Nil(err)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user