7x31/anylink
1
0
Fork 0
mirror of https://github.com/bjdgyc/anylink.git synced 2025-09-13 14:37:37 +08:00
Code Issues Packages Projects Releases Wiki Activity

新增:ldap用户OTP认证(同步ldap用户到本地【仅作为管理otp秘钥,支持ldap用户下发客户端证书】)

Browse Source 
新增:支持用户批量发送邮件,批量删除
This commit is contained in:
wsczx
2025-08-29 15:11:38 +08:00
parent 861b07a47d
commit efdcd236f5
9 changed files with 649 additions and 13928 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
server/admin/api_group.go
View File

@@ -6,6 +6,7 @@ import (
"net/http"
"strconv"
"github.com/bjdgyc/anylink/base"
"github.com/bjdgyc/anylink/dbdata"
)
@@ -149,3 +150,35 @@ func GroupAuthLogin(w http.ResponseWriter, r *http.Request) {
}
RespSucess(w, "ok")
}
func SaveLdapUsers(w http.ResponseWriter, r *http.Request) {
body, err := io.ReadAll(r.Body)
if err != nil {
RespError(w, RespInternalErr, err)
return
}
defer r.Body.Close()
v := &dbdata.Group{}
err = json.Unmarshal(body, v)
if err != nil {
RespError(w, RespParamErr, "参数错误")
return
}
// 保存LDAP用户
if v.Auth["type"] == "ldap" {
authLdap := dbdata.AuthLdap{}
if err := authLdap.ParseGroup(v); err != nil {
RespError(w, RespInternalErr, err)
return
}
go func() {
if err := authLdap.SaveUsers(v); err != nil {
base.Error("LDAP用户同步失败:", err)
} else {
base.Info("LDAP用户同步成功")
}
}()
}
RespSucess(w, "LDAP用户同步成功")
}

102
server/admin/api_user.go
View File

@@ -4,6 +4,7 @@ import (
"bytes"
"encoding/base64"
"encoding/json"
"errors"
"fmt"
"io"
"net/http"
@@ -41,10 +42,10 @@ func UserList(w http.ResponseWriter, r *http.Request) {
// 查询前缀匹配
if len(prefix) > 0 {
fuzzy := "%" + prefix + "%"
where := "username LIKE ? OR nickname LIKE ? OR email LIKE ?"
where := "username LIKE ? OR nickname LIKE ? OR email LIKE ? OR type LIKE ?"
count = dbdata.FindWhereCount(&dbdata.User{}, where, fuzzy, fuzzy, fuzzy)
err = dbdata.FindWhere(&datas, pageSize, page, where, fuzzy, fuzzy, fuzzy)
count = dbdata.FindWhereCount(&dbdata.User{}, where, fuzzy, fuzzy, fuzzy, fuzzy)
err = dbdata.FindWhere(&datas, pageSize, page, where, fuzzy, fuzzy, fuzzy, fuzzy)
} else {
count = dbdata.CountAll(&dbdata.User{})
err = dbdata.Find(&datas, pageSize, page)
@@ -220,6 +221,97 @@ func UserReline(w http.ResponseWriter, r *http.Request) {
RespSucess(w, nil)
}
// 批量发送邮件
func UserBatchSendEmail(w http.ResponseWriter, r *http.Request) {
var req struct {
UserIds []int `json:"user_ids"`
}
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
RespError(w, RespInternalErr, err)
return
}
if len(req.UserIds) == 0 {
RespError(w, RespInternalErr, errors.New("用户ID列表不能为空"))
return
}
successCount := 0
failCount := 0
for _, userId := range req.UserIds {
user := &dbdata.User{}
err := dbdata.One("Id", userId, user)
if err != nil {
failCount++
continue
}
// 发送邮件
err = userAccountMail(user)
if err != nil {
base.Error("批量发送邮件失败:", user.Username, err)
failCount++
} else {
successCount++
}
}
msg := fmt.Sprintf("批量发送邮件完成,成功:%d失败%d", successCount, failCount)
if successCount > 0 {
RespSucess(w, msg)
} else {
RespError(w, RespInternalErr, errors.New(msg))
}
}
// 批量删除用户
func UserBatchDelete(w http.ResponseWriter, r *http.Request) {
var req struct {
UserIds []int `json:"user_ids"`
}
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
RespError(w, RespInternalErr, err)
return
}
if len(req.UserIds) == 0 {
RespError(w, RespInternalErr, errors.New("用户ID列表不能为空"))
return
}
successCount := 0
failCount := 0
for _, userId := range req.UserIds {
user := &dbdata.User{}
err := dbdata.One("Id", userId, user)
if err != nil {
failCount++
continue
}
err = dbdata.Del(user)
if err != nil {
base.Error("批量删除用户失败:", user.Username, err)
failCount++
} else {
successCount++
}
}
msg := fmt.Sprintf("批量删除完成,成功:%d失败%d", successCount, failCount)
if successCount > 0 {
RespSucess(w, msg)
} else {
RespError(w, RespInternalErr, errors.New(msg))
}
}
type userAccountMailData struct {
Issuer string
LinkAddr string
@@ -285,6 +377,10 @@ func userAccountMail(user *dbdata.User) error {
DisableOtp: user.DisableOtp,
}
if user.Type == "ldap" {
data.PinCode = "同ldap密码"
}
if user.LimitTime == nil {
data.LimitTime = "无限制"
} else {

3
server/admin/server.go
View File

@@ -87,6 +87,8 @@ func StartAdmin() {
r.HandleFunc("/user/policy/del", PolicyDel)
r.HandleFunc("/user/reset/forgotPassword", ForgotPassword).Name("forgot_password")
r.HandleFunc("/user/reset/resetPassword", ResetPassword).Name("reset_password")
r.HandleFunc("/user/batch/send_email", UserBatchSendEmail).Methods(http.MethodPost)
r.HandleFunc("/user/batch/delete", UserBatchDelete).Methods(http.MethodPost)
r.HandleFunc("/group/list", GroupList)
r.HandleFunc("/group/names", GroupNames)
@@ -95,6 +97,7 @@ func StartAdmin() {
r.HandleFunc("/group/set", GroupSet)
r.HandleFunc("/group/del", GroupDel)
r.HandleFunc("/group/auth_login", GroupAuthLogin)
r.HandleFunc("/group/saveldapusers", SaveLdapUsers)
r.HandleFunc("/statsinfo/list", StatsInfoList)
r.HandleFunc("/locksinfo/list", GetLocksInfo)

1
server/dbdata/tables.go
View File

@@ -26,6 +26,7 @@ type Group struct {
type User struct {
Id int `json:"id" xorm:"pk autoincr not null"`
Type string `json:"type" xorm:"varchar(20) default('local')"`
Username string `json:"username" xorm:"varchar(60) not null unique"`
Nickname string `json:"nickname" xorm:"varchar(255)"`
Email string `json:"email" xorm:"varchar(255)"`

3
server/dbdata/user.go
View File

@@ -114,6 +114,9 @@ func checkLocalUser(name, pwd, group string, ext map[string]interface{}) error {
return fmt.Errorf("%s %s", name, "用户已过期")
}
}
if v.Type == "ldap" {
return fmt.Errorf("%s %s", name, "LDAP用户不能使用本地认证")
}
// 判断用户组信息
if !utils.InArrStr(v.Groups, group) {
return fmt.Errorf("%s %s", name, "用户组错误")

271
server/dbdata/userauth_ldap.go
View File

@@ -11,7 +11,10 @@ import (
"strconv"
"time"
"github.com/bjdgyc/anylink/base"
"github.com/bjdgyc/anylink/pkg/utils"
"github.com/go-ldap/ldap"
"github.com/xlzd/gotp"
)
type AuthLdap struct {
@@ -23,12 +26,205 @@ type AuthLdap struct {
ObjectClass string `json:"object_class"`
SearchAttr string `json:"search_attr"`
MemberOf string `json:"member_of"`
EnableOTP bool `json:"enable_otp"`
}
func init() {
authRegistry["ldap"] = reflect.TypeOf(AuthLdap{})
}
// 建立 LDAP 连接
func (auth AuthLdap) Connect() (*ldap.Conn, error) {
// 检测服务器和端口的可用性
con, err := net.DialTimeout("tcp", auth.Addr, 3*time.Second)
if err != nil {
return nil, fmt.Errorf("LDAP服务器连接异常, 请检测服务器和端口: %s", err.Error())
}
con.Close()
// 连接LDAP
l, err := ldap.Dial("tcp", auth.Addr)
if err != nil {
return nil, fmt.Errorf("LDAP连接失败 %s %s", auth.Addr, err.Error())
}
if auth.Tls {
err = l.StartTLS(&tls.Config{InsecureSkipVerify: true})
if err != nil {
return nil, fmt.Errorf("LDAP TLS连接失败 %s", err.Error())
}
}
err = l.Bind(auth.BindName, auth.BindPwd)
if err != nil {
return nil, fmt.Errorf("LDAP 管理员 DN或密码填写有误 %s", err.Error())
}
return l, nil
}
// 构建LDAP搜索过滤器
func (auth AuthLdap) SearchFilter(username string) string {
filterAttr := "(objectClass=" + auth.ObjectClass + ")"
if username != "" {
filterAttr += "(" + auth.SearchAttr + "=" + username + ")"
} else {
filterAttr += "(" + auth.SearchAttr + "=*)"
}
if auth.MemberOf != "" {
filterAttr += "(memberOf:=" + auth.MemberOf + ")"
}
return fmt.Sprintf("(&%s)", filterAttr)
}
// 从组配置中解析LDAP认证配置
func (auth *AuthLdap) ParseGroup(g *Group) error {
authType := g.Auth["type"].(string)
if _, ok := g.Auth[authType]; !ok {
return fmt.Errorf("LDAP的ldap值不存在")
}
bodyBytes, err := json.Marshal(g.Auth[authType])
if err != nil {
return fmt.Errorf("LDAP Marshal出现错误: %s", err.Error())
}
err = json.Unmarshal(bodyBytes, auth)
if err != nil {
return fmt.Errorf("LDAP Unmarshal出现错误: %s", err.Error())
}
// 设置默认值
if auth.ObjectClass == "" {
auth.ObjectClass = "person"
}
return nil
}
// 搜索用户
func (auth AuthLdap) SearchUsers(l *ldap.Conn, username string, attributes []string) (*ldap.SearchResult, error) {
filter := auth.SearchFilter(username)
searchRequest := ldap.NewSearchRequest(
auth.BaseDn,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 30, false,
filter,
[]string{},
nil,
)
sr, err := l.Search(searchRequest)
if err != nil {
return nil, fmt.Errorf("LDAP 查询失败 %s %s %s", auth.BaseDn, filter, err.Error())
}
return sr, nil
}
func (auth AuthLdap) SaveUsers(g *Group) error {
// 解析LDAP配置
if err := auth.ParseGroup(g); err != nil {
return fmt.Errorf("LDAP配置填写有误: %s", err.Error())
}
// 建立LDAP连接
l, err := auth.Connect()
if err != nil {
return err
}
defer l.Close()
// 搜索所有用户
sr, err := auth.SearchUsers(l, "", []string{
"displayName",
"mail",
"userAccountControl", // AD用户状态
"accountExpires", // AD账号过期时间
"shadowExpire", // Linux LDAP用户状态
auth.SearchAttr,
})
if err != nil {
return err
}
// 创建LDAP用户映射
ldapUserMap := make(map[string]bool)
// 处理搜索结果
for _, entry := range sr.Entries {
// 检查用户状态,只同步正常用户
if err := parseEntries(&ldap.SearchResult{Entries: []*ldap.Entry{entry}}); err != nil {
continue
}
var groups []string
ldapuser := &User{
Type: "ldap",
Username: entry.GetAttributeValue(auth.SearchAttr),
Nickname: entry.GetAttributeValue("displayName"),
Email: entry.GetAttributeValue("mail"),
Groups: append(groups, g.Name),
DisableOtp: !auth.EnableOTP,
OtpSecret: gotp.RandomSecret(32),
SendEmail: false,
Status: 1,
}
ldapUserMap[ldapuser.Username] = true // 添加LDAP用户到映射中
// 新增或更新ldap用户
u := &User{}
if err := One("username", ldapuser.Username, u); err != nil {
if CheckErrNotFound(err) {
if err := Add(ldapuser); err != nil {
base.Error("新增ldap用户失败", ldapuser.Username, err)
continue
}
continue
}
base.Error("查询用户失败", ldapuser.Username, err)
continue
}
if u.Type != "ldap" {
base.Warn("已存在本地同名用户:", ldapuser.Username)
continue
}
// 现有LDAP用户更新字段
u.Nickname = entry.GetAttributeValue("displayName")
u.DisableOtp = !auth.EnableOTP
if u.OtpSecret == "" {
u.OtpSecret = gotp.RandomSecret(32)
}
if u.Email == "" {
u.Email = entry.GetAttributeValue("mail")
}
if !utils.InArrStr(u.Groups, g.Name) {
u.Groups = append(u.Groups, g.Name)
}
if err := Set(u); err != nil {
return fmt.Errorf("更新ldap用户%s失败:%v", u.Username, err.Error())
}
}
// 查询本地LDAP用户
var localLdapUsers []User
if err := FindWhere(&localLdapUsers, 0, 0, "type = 'ldap' AND groups LIKE ?", "%"+g.Name+"%"); err != nil {
base.Error("查询本地LDAP用户失败:", err)
return nil
}
// 删除LDAP中不存在的本地用户
for _, localUser := range localLdapUsers {
if !ldapUserMap[localUser.Username] {
if err := Del(&localUser); err != nil {
base.Error("删除本地LDAP用户失败:", localUser.Username, err)
} else {
base.Info("删除本地LDAP用户:", localUser.Username)
}
}
}
return nil
}
func (auth AuthLdap) checkData(authData map[string]interface{}) error {
authType := authData["type"].(string)
bodyBytes, err := json.Marshal(authData[authType])
@@ -62,73 +258,37 @@ func (auth AuthLdap) checkData(authData map[string]interface{}) error {
}
func (auth AuthLdap) checkUser(name, pwd string, g *Group, ext map[string]interface{}) error {
pl := len(pwd)
if name == "" || pl < 1 {
if name == "" || len(pwd) < 1 {
return fmt.Errorf("%s %s", name, "密码错误")
}
authType := g.Auth["type"].(string)
if _, ok := g.Auth[authType]; !ok {
return fmt.Errorf("%s %s", name, "LDAP的ldap值不存在")
// 解析LDAP配置
if err := auth.ParseGroup(g); err != nil {
return fmt.Errorf("%s %s", name, err.Error())
}
bodyBytes, err := json.Marshal(g.Auth[authType])
// 建立LDAP连接
l, err := auth.Connect()
if err != nil {
return fmt.Errorf("%s %s", name, "LDAP Marshal出现错误")
}
err = json.Unmarshal(bodyBytes, &auth)
if err != nil {
return fmt.Errorf("%s %s", name, "LDAP Unmarshal出现错误")
}
// 检测服务器和端口的可用性
con, err := net.DialTimeout("tcp", auth.Addr, 3*time.Second)
if err != nil {
return fmt.Errorf("%s %s", name, "LDAP服务器连接异常, 请检测服务器和端口")
}
defer con.Close()
// 连接LDAP
l, err := ldap.Dial("tcp", auth.Addr)
if err != nil {
return fmt.Errorf("LDAP连接失败 %s %s", auth.Addr, err.Error())
return fmt.Errorf("%s %s", name, err.Error())
}
defer l.Close()
if auth.Tls {
err = l.StartTLS(&tls.Config{InsecureSkipVerify: true})
if err != nil {
return fmt.Errorf("%s LDAP TLS连接失败 %s", name, err.Error())
}
}
err = l.Bind(auth.BindName, auth.BindPwd)
// 搜索特定用户
sr, err := auth.SearchUsers(l, name, []string{})
if err != nil {
return fmt.Errorf("%s LDAP 管理员 DN或密码填写有误 %s", name, err.Error())
}
if auth.ObjectClass == "" {
auth.ObjectClass = "person"
}
filterAttr := "(objectClass=" + auth.ObjectClass + ")"
filterAttr += "(" + auth.SearchAttr + "=" + name + ")"
if auth.MemberOf != "" {
filterAttr += "(memberOf:=" + auth.MemberOf + ")"
}
searchRequest := ldap.NewSearchRequest(
auth.BaseDn,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 3, false,
fmt.Sprintf("(&%s)", filterAttr),
[]string{},
nil,
)
sr, err := l.Search(searchRequest)
if err != nil {
return fmt.Errorf("%s LDAP 查询失败 %s %s %s", name, auth.BaseDn, filterAttr, err.Error())
return fmt.Errorf("%s %s", name, err.Error())
}
// 验证搜索结果
if len(sr.Entries) != 1 {
if len(sr.Entries) == 0 {
return fmt.Errorf("LDAP 找不到 %s 用户, 请检查用户或LDAP配置参数", name)
}
return fmt.Errorf("LDAP发现 %s 用户,存在多个账号", name)
}
// 检查账号状态
err = parseEntries(sr)
if err != nil {
return fmt.Errorf("LDAP %s 用户 %s", name, err.Error())
}
// 验证用户密码
userDN := sr.Entries[0].DN
err = l.Bind(userDN, pwd)
if err != nil {
@@ -140,6 +300,19 @@ func (auth AuthLdap) checkUser(name, pwd string, g *Group, ext map[string]interf
func parseEntries(sr *ldap.SearchResult) error {
for _, attr := range sr.Entries[0].Attributes {
switch attr.Name {
case "userAccountControl": // Active Directory用户状态属性
val, _ := strconv.ParseInt(attr.Values[0], 10, 64)
if val == 514 { // 514为禁用512为启用
return fmt.Errorf("账号已禁用")
}
case "accountExpires": // Active Directory账号过期时间
val, _ := strconv.ParseInt(attr.Values[0], 10, 64)
if val > 0 && val < 9223372036854775807 { // 不是永不过期
expireTime := time.Unix((val-116444736000000000)/10000000, 0)
if expireTime.Before(time.Now()) {
return fmt.Errorf("账号已过期")
}
}
case "shadowExpire":
// -1 启用, 1 停用, >1 从1970-01-01至到期日的天数
val, _ := strconv.ParseInt(attr.Values[0], 10, 64)

13652
web/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

398
web/src/pages/group/List.vue
View File

@@ -3,52 +3,30 @@
<el-card>
<el-form :inline="true">
<el-form-item>
<el-button
size="small"
type="primary"
icon="el-icon-plus"
@click="handleEdit('')">添加
<el-button size="small" type="primary" icon="el-icon-plus" @click="handleEdit('')">添加
</el-button>
</el-form-item>
</el-form>
<el-table
ref="multipleTable"
:data="tableData"
border>
<el-table ref="multipleTable" :data="tableData" border>
<el-table-column
sortable="true"
prop="id"
label="ID"
width="60">
<el-table-column sortable="true" prop="id" label="ID" width="60">
</el-table-column>
<el-table-column
prop="name"
label="组名">
<el-table-column prop="name" label="组名">
</el-table-column>
<el-table-column
prop="note"
label="备注">
<el-table-column prop="note" label="备注">
</el-table-column>
<el-table-column
prop="allow_lan"
label="本地网络">
<el-table-column prop="allow_lan" label="本地网络">
<template slot-scope="scope">
<el-switch
v-model="scope.row.allow_lan"
disabled>
<el-switch v-model="scope.row.allow_lan" disabled>
</el-switch>
</template>
</el-table-column>
<el-table-column
prop="bandwidth"
label="带宽限制"
width="90">
<el-table-column prop="bandwidth" label="带宽限制" width="90">
<template slot-scope="scope">
<el-row v-if="scope.row.bandwidth > 0">{{ convertBandwidth(scope.row.bandwidth, 'BYTE', 'Mbps') }} Mbps
</el-row>
@@ -56,86 +34,71 @@
</template>
</el-table-column>
<el-table-column
prop="client_dns"
label="客户端DNS"
width="160">
<el-table-column prop="client_dns" label="客户端DNS" width="160">
<template slot-scope="scope">
<el-row v-for="(item,inx) in scope.row.client_dns" :key="inx">{{ item.val }}</el-row>
<el-row v-for="(item, inx) in scope.row.client_dns" :key="inx">{{ item.val }}</el-row>
</template>
</el-table-column>
<el-table-column
prop="route_include"
label="路由包含"
width="180">
<el-table-column prop="route_include" label="路由包含" width="180">
<template slot-scope="scope">
<el-row v-for="(item,inx) in scope.row.route_include.slice(0, readMinRows)" :key="inx">{{
item.val
}}
<el-row v-for="(item, inx) in scope.row.route_include.slice(0, readMinRows)" :key="inx">{{
item.val
}}
</el-row>
<div v-if="scope.row.route_include.length > readMinRows">
<div v-if="readMore[`ri_${ scope.row.id }`]">
<el-row v-for="(item,inx) in scope.row.route_include.slice(readMinRows)" :key="inx">{{
item.val
}}
<div v-if="readMore[`ri_${scope.row.id}`]">
<el-row v-for="(item, inx) in scope.row.route_include.slice(readMinRows)" :key="inx">{{
item.val
}}
</el-row>
</div>
<el-button size="mini" type="text" @click="toggleMore(`ri_${ scope.row.id }`)">
<el-button size="mini" type="text" @click="toggleMore(`ri_${scope.row.id}`)">
{{ readMore[`ri_${scope.row.id}`] ? " 收起" : " 更多" }}
</el-button>
</div>
</template>
</el-table-column>
<el-table-column
prop="route_exclude"
label="路由排除"
width="180">
<el-table-column prop="route_exclude" label="路由排除" width="180">
<template slot-scope="scope">
<el-row v-for="(item,inx) in scope.row.route_exclude.slice(0, readMinRows)" :key="inx">{{
item.val
}}
<el-row v-for="(item, inx) in scope.row.route_exclude.slice(0, readMinRows)" :key="inx">{{
item.val
}}
</el-row>
<div v-if="scope.row.route_exclude.length > readMinRows">
<div v-if="readMore[`re_${ scope.row.id }`]">
<el-row v-for="(item,inx) in scope.row.route_exclude.slice(readMinRows)" :key="inx">{{
item.val
}}
<div v-if="readMore[`re_${scope.row.id}`]">
<el-row v-for="(item, inx) in scope.row.route_exclude.slice(readMinRows)" :key="inx">{{
item.val
}}
</el-row>
</div>
<el-button size="mini" type="text" @click="toggleMore(`re_${ scope.row.id }`)">
<el-button size="mini" type="text" @click="toggleMore(`re_${scope.row.id}`)">
{{ readMore[`re_${scope.row.id}`] ? " 收起" : " 更多" }}
</el-button>
</div>
</template>
</el-table-column>
<el-table-column
prop="link_acl"
label="LINK-ACL"
min-width="180">
<el-table-column prop="link_acl" label="LINK-ACL" min-width="180">
<template slot-scope="scope">
<el-row v-for="(item,inx) in scope.row.link_acl.slice(0, readMinRows)" :key="inx">
<el-row v-for="(item, inx) in scope.row.link_acl.slice(0, readMinRows)" :key="inx">
{{ item.action }} => {{ item.val }} : {{ item.port }}
</el-row>
<div v-if="scope.row.link_acl.length > readMinRows">
<div v-if="readMore[`la_${ scope.row.id }`]">
<el-row v-for="(item,inx) in scope.row.link_acl.slice(readMinRows)" :key="inx">
<div v-if="readMore[`la_${scope.row.id}`]">
<el-row v-for="(item, inx) in scope.row.link_acl.slice(readMinRows)" :key="inx">
{{ item.action }} => {{ item.val }} : {{ item.port }}
</el-row>
</div>
<el-button size="mini" type="text" @click="toggleMore(`la_${ scope.row.id }`)">
<el-button size="mini" type="text" @click="toggleMore(`la_${scope.row.id}`)">
{{ readMore[`la_${scope.row.id}`] ? " 收起" : " 更多" }}
</el-button>
</div>
</template>
</el-table-column>
<el-table-column
prop="status"
label="状态"
width="70">
<el-table-column prop="status" label="状态" width="70">
<template slot-scope="scope">
<el-tag v-if="scope.row.status === 1" type="success">可用</el-tag>
<el-tag v-else type="danger">停用</el-tag>
@@ -143,30 +106,16 @@
</el-table-column>
<el-table-column
prop="updated_at"
label="更新时间"
:formatter="tableDateFormat">
<el-table-column prop="updated_at" label="更新时间" :formatter="tableDateFormat">
</el-table-column>
<el-table-column
label="操作"
width="150">
<el-table-column label="操作" width="150">
<template slot-scope="scope">
<el-button
size="mini"
type="primary"
@click="handleEdit(scope.row)">编辑
<el-button size="mini" type="primary" @click="handleEdit(scope.row)">编辑
</el-button>
<el-popconfirm
style="margin-left: 10px"
@confirm="handleDel(scope.row)"
title="确定要删除用户组吗?">
<el-button
slot="reference"
size="mini"
type="danger">删除
<el-popconfirm style="margin-left: 10px" @confirm="handleDel(scope.row)" title="确定要删除用户组吗?">
<el-button slot="reference" size="mini" type="danger">删除
</el-button>
</el-popconfirm>
</template>
@@ -175,25 +124,15 @@
<div class="sh-20"></div>
<el-pagination
background
layout="prev, pager, next"
:pager-count="11"
@current-change="pageChange"
:current-page="page"
:total="count">
<el-pagination background layout="prev, pager, next" :pager-count="11" @current-change="pageChange"
:current-page="page" :total="count">
</el-pagination>
</el-card>
<!--新增修改弹出框-->
<el-dialog
:close-on-click-modal="false"
title="用户组"
:visible.sync="user_edit_dialog"
width="850px"
@close='closeDialog'
center>
<el-dialog :close-on-click-modal="false" title="用户组" :visible.sync="user_edit_dialog" width="850px"
@close='closeDialog' center>
<el-form :model="ruleForm" :rules="rules" ref="ruleForm" label-width="100px" class="ruleForm">
<el-tabs v-model="activeTab" :before-leave="beforeTabLeave">
@@ -212,7 +151,7 @@
<el-form-item label="带宽限制" prop="bandwidth_format" style="width:260px;">
<el-input v-model="ruleForm.bandwidth_format"
oninput="value= value.match(/\d+(\.\d{0,2})?/) ? value.match(/\d+(\.\d{0,2})?/)[0] : ''">
oninput="value= value.match(/\d+(\.\d{0,2})?/) ? value.match(/\d+(\.\d{0,2})?/)[0] : ''">
<template slot="append">Mbps</template>
</el-input>
</el-form-item>
@@ -232,11 +171,10 @@
<el-col :span="20">输入IP格式如: 192.168.0.10</el-col>
<el-col :span="4">
<el-button size="mini" type="success" icon="el-icon-plus" circle
@click.prevent="addDomain(ruleForm.client_dns)"></el-button>
@click.prevent="addDomain(ruleForm.client_dns)"></el-button>
</el-col>
</el-row>
<el-row v-for="(item,index) in ruleForm.client_dns"
:key="index" style="margin-bottom: 5px" :gutter="10">
<el-row v-for="(item, index) in ruleForm.client_dns" :key="index" style="margin-bottom: 5px" :gutter="10">
<el-col :span="10">
<el-input v-model="item.val"></el-input>
</el-col>
@@ -245,7 +183,7 @@
</el-col>
<el-col :span="2">
<el-button size="mini" type="danger" icon="el-icon-minus" circle
@click.prevent="removeDomain(ruleForm.client_dns,index)"></el-button>
@click.prevent="removeDomain(ruleForm.client_dns, index)"></el-button>
</el-col>
</el-row>
</el-form-item>
@@ -255,11 +193,10 @@
<el-col :span="20">(分割DNS)一般留空如果输入域名只有配置的域名(包含子域名)走配置的dns</el-col>
<el-col :span="4">
<el-button size="mini" type="success" icon="el-icon-plus" circle
@click.prevent="addDomain(ruleForm.split_dns)"></el-button>
@click.prevent="addDomain(ruleForm.split_dns)"></el-button>
</el-col>
</el-row>
<el-row v-for="(item,index) in ruleForm.split_dns"
:key="index" style="margin-bottom: 5px" :gutter="10">
<el-row v-for="(item, index) in ruleForm.split_dns" :key="index" style="margin-bottom: 5px" :gutter="10">
<el-col :span="10">
<el-input v-model="item.val"></el-input>
</el-col>
@@ -268,7 +205,7 @@
</el-col>
<el-col :span="2">
<el-button size="mini" type="danger" icon="el-icon-minus" circle
@click.prevent="removeDomain(ruleForm.split_dns,index)"></el-button>
@click.prevent="removeDomain(ruleForm.split_dns, index)"></el-button>
</el-col>
</el-row>
</el-form-item>
@@ -291,11 +228,11 @@
</el-form-item>
<template v-if="ruleForm.auth.type == 'radius'">
<el-form-item label="服务器地址" prop="auth.radius.addr"
:rules="this.ruleForm.auth.type== 'radius' ? this.rules['auth.radius.addr'] : [{ required: false }]">
:rules="this.ruleForm.auth.type == 'radius' ? this.rules['auth.radius.addr'] : [{ required: false }]">
<el-input v-model="ruleForm.auth.radius.addr" placeholder="例如 ip:1812"></el-input>
</el-form-item>
<el-form-item label="密钥" prop="auth.radius.secret"
:rules="this.ruleForm.auth.type== 'radius' ? this.rules['auth.radius.secret'] : [{ required: false }]">
:rules="this.ruleForm.auth.type == 'radius' ? this.rules['auth.radius.secret'] : [{ required: false }]">
<el-input v-model="ruleForm.auth.radius.secret" placeholder=""></el-input>
</el-form-item>
<el-form-item label="Nasip" prop="auth.radius.nasip">
@@ -305,38 +242,46 @@
<template v-if="ruleForm.auth.type == 'ldap'">
<el-form-item label="服务器地址" prop="auth.ldap.addr"
:rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.addr'] : [{ required: false }]">
:rules="this.ruleForm.auth.type == 'ldap' ? this.rules['auth.ldap.addr'] : [{ required: false }]">
<el-input v-model="ruleForm.auth.ldap.addr" placeholder="例如 ip:389 / 域名:389"></el-input>
</el-form-item>
<el-form-item label="开启TLS" prop="auth.ldap.tls">
<el-switch v-model="ruleForm.auth.ldap.tls"></el-switch>
</el-form-item>
<el-form :inline="true" label-width="100px" class="ruleForm">
<el-form-item label="开启TLS" prop="auth.ldap.tls">
<el-switch v-model="ruleForm.auth.ldap.tls"></el-switch>
</el-form-item>
<el-form-item label="开启OTP" prop="auth.ldap.enable_otp">
<el-switch v-model="ruleForm.auth.ldap.enable_otp" @change="handleOtpChange">
</el-switch>
<el-tooltip content="全局关闭\启用ldap用户otp验证,开启后会自动同步用户到本地,用户界面可手动管理OTP秘钥." placement="top">
<i class="el-icon-info" style="margin-left: 10px; cursor: pointer; color: #888;"></i>
</el-tooltip>
</el-form-item>
</el-form>
<el-form-item label="管理员 DN" prop="auth.ldap.bind_name"
:rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.bind_name'] : [{ required: false }]">
<el-input v-model="ruleForm.auth.ldap.bind_name"
placeholder="例如 CN=bindadmin,DC=abc,DC=COM"></el-input>
:rules="this.ruleForm.auth.type == 'ldap' ? this.rules['auth.ldap.bind_name'] : [{ required: false }]">
<el-input v-model="ruleForm.auth.ldap.bind_name" placeholder="例如 CN=bindadmin,DC=abc,DC=COM"></el-input>
</el-form-item>
<el-form-item label="管理员密码" prop="auth.ldap.bind_pwd"
:rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.bind_pwd'] : [{ required: false }]">
:rules="this.ruleForm.auth.type == 'ldap' ? this.rules['auth.ldap.bind_pwd'] : [{ required: false }]">
<el-input type="password" v-model="ruleForm.auth.ldap.bind_pwd" placeholder=""></el-input>
</el-form-item>
<el-form-item label="Base DN" prop="auth.ldap.base_dn"
:rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.base_dn'] : [{ required: false }]">
:rules="this.ruleForm.auth.type == 'ldap' ? this.rules['auth.ldap.base_dn'] : [{ required: false }]">
<el-input v-model="ruleForm.auth.ldap.base_dn" placeholder="例如 DC=abc,DC=com"></el-input>
</el-form-item>
<el-form-item label="用户对象类" prop="auth.ldap.object_class"
:rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.object_class'] : [{ required: false }]">
:rules="this.ruleForm.auth.type == 'ldap' ? this.rules['auth.ldap.object_class'] : [{ required: false }]">
<el-input v-model="ruleForm.auth.ldap.object_class"
placeholder="例如 person / user / posixAccount"></el-input>
placeholder="例如 person / user / posixAccount"></el-input>
</el-form-item>
<el-form-item label="用户唯一ID" prop="auth.ldap.search_attr"
:rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.search_attr'] : [{ required: false }]">
:rules="this.ruleForm.auth.type == 'ldap' ? this.rules['auth.ldap.search_attr'] : [{ required: false }]">
<el-input v-model="ruleForm.auth.ldap.search_attr"
placeholder="例如 sAMAccountName / uid / cn"></el-input>
placeholder="例如 sAMAccountName / uid / cn"></el-input>
</el-form-item>
<el-form-item label="受限用户组" prop="auth.ldap.member_of">
<el-input v-model="ruleForm.auth.ldap.member_of"
placeholder="选填, 只允许指定组登入, 例如 CN=HomeWork,DC=abc,DC=com"></el-input>
placeholder="选填, 只允许指定组登入, 例如 CN=HomeWork,DC=abc,DC=com"></el-input>
</el-form-item>
</template>
</el-tab-pane>
@@ -347,16 +292,16 @@
<el-col :span="18">输入CIDR格式如: 192.168.1.0/24</el-col>
<el-col :span="2">
<el-button size="mini" type="success" icon="el-icon-plus" circle
@click.prevent="addDomain(ruleForm.route_include)"></el-button>
@click.prevent="addDomain(ruleForm.route_include)"></el-button>
</el-col>
<el-col :span="4">
<el-button size="mini" type="info" icon="el-icon-edit" circle
@click.prevent="openIpListDialog('route_include')"></el-button>
@click.prevent="openIpListDialog('route_include')"></el-button>
</el-col>
</el-row>
<templete v-if="activeTab == 'route'">
<el-row v-for="(item,index) in ruleForm.route_include"
:key="index" style="margin-bottom: 5px" :gutter="10">
<el-row v-for="(item, index) in ruleForm.route_include" :key="index" style="margin-bottom: 5px"
:gutter="10">
<el-col :span="10">
<el-input v-model="item.val"></el-input>
</el-col>
@@ -365,7 +310,7 @@
</el-col>
<el-col :span="2">
<el-button size="mini" type="danger" icon="el-icon-minus" circle
@click.prevent="removeDomain(ruleForm.route_include,index)"></el-button>
@click.prevent="removeDomain(ruleForm.route_include, index)"></el-button>
</el-col>
</el-row>
</templete>
@@ -376,16 +321,16 @@
<el-col :span="18">输入CIDR格式如: 192.168.2.0/24</el-col>
<el-col :span="2">
<el-button size="mini" type="success" icon="el-icon-plus" circle
@click.prevent="addDomain(ruleForm.route_exclude)"></el-button>
@click.prevent="addDomain(ruleForm.route_exclude)"></el-button>
</el-col>
<el-col :span="4">
<el-button size="mini" type="info" icon="el-icon-edit" circle
@click.prevent="openIpListDialog('route_exclude')"></el-button>
@click.prevent="openIpListDialog('route_exclude')"></el-button>
</el-col>
</el-row>
<templete v-if="activeTab == 'route'">
<el-row v-for="(item,index) in ruleForm.route_exclude"
:key="index" style="margin-bottom: 5px" :gutter="10">
<el-row v-for="(item, index) in ruleForm.route_exclude" :key="index" style="margin-bottom: 5px"
:gutter="10">
<el-col :span="10">
<el-input v-model="item.val"></el-input>
</el-col>
@@ -394,7 +339,7 @@
</el-col>
<el-col :span="2">
<el-button size="mini" type="danger" icon="el-icon-minus" circle
@click.prevent="removeDomain(ruleForm.route_exclude,index)"></el-button>
@click.prevent="removeDomain(ruleForm.route_exclude, index)"></el-button>
</el-col>
</el-row>
</templete>
@@ -409,46 +354,45 @@
</el-col>
<el-col :span="2">
<el-button size="mini" type="success" icon="el-icon-plus" circle
@click.prevent="addDomain(ruleForm.link_acl)"></el-button>
@click.prevent="addDomain(ruleForm.link_acl)"></el-button>
</el-col>
</el-row>
<!-- 添加拖拽功能 -->
<draggable v-model="ruleForm.link_acl" handle=".drag-handle" @end="onEnd">
<el-row v-for="(item,index) in ruleForm.link_acl"
:key="index" style="margin-bottom: 5px" :gutter="1">
<el-row v-for="(item, index) in ruleForm.link_acl" :key="index" style="margin-bottom: 5px" :gutter="1">
<el-col :span="1" class="drag-handle">
<i class="el-icon-rank"></i>
</el-col>
<el-col :span="1" class="drag-handle">
<i class="el-icon-rank"></i>
</el-col>
<el-col :span="9">
<el-input placeholder="请输入CIDR地址" v-model="item.val">
<el-select v-model="item.action" slot="prepend">
<el-option label="允许" value="allow"></el-option>
<el-option label="禁止" value="deny"></el-option>
</el-select>
</el-input>
</el-col>
<el-col :span="9">
<el-input placeholder="请输入CIDR地址" v-model="item.val">
<el-select v-model="item.action" slot="prepend">
<el-option label="允许" value="allow"></el-option>
<el-option label="禁止" value="deny"></el-option>
</el-select>
</el-input>
</el-col>
<el-col :span="3">
<el-input placeholder="协议" v-model="item.protocol">
</el-col>
<el-col :span="3">
<el-input placeholder="协议" v-model="item.protocol"></el-input>
</el-col>
<el-col :span="6">
<!-- type="textarea" :autosize="{ minRows: 1, maxRows: 2}" -->
<el-input v-model="item.port" placeholder="多端口,号分隔"></el-input>
</el-col>
<el-col :span="3">
<el-input v-model="item.note" placeholder="备注"></el-input>
</el-col>
<el-col :span="6">
<!-- type="textarea" :autosize="{ minRows: 1, maxRows: 2}" -->
<el-input v-model="item.port" placeholder="多端口,号分隔"></el-input>
</el-col>
<el-col :span="3">
<el-input v-model="item.note" placeholder="备注"></el-input>
</el-col>
<el-col :span="2">
<el-button size="mini" type="danger" icon="el-icon-minus" circle
@click.prevent="removeDomain(ruleForm.link_acl,index)"></el-button>
</el-col>
</el-row>
<el-col :span="2">
<el-button size="mini" type="danger" icon="el-icon-minus" circle
@click.prevent="removeDomain(ruleForm.link_acl, index)"></el-button>
</el-col>
</el-row>
</draggable>
</el-form-item>
@@ -457,11 +401,11 @@
<el-tab-pane label="域名拆分隧道" name="ds_domains">
<el-form-item label="包含域名" prop="ds_include_domains">
<el-input type="textarea" :rows="5" v-model="ruleForm.ds_include_domains"
placeholder="输入域名用,号分隔,默认匹配所有子域名, 如baidu.com,163.com"></el-input>
placeholder="输入域名用,号分隔,默认匹配所有子域名, 如baidu.com,163.com"></el-input>
</el-form-item>
<el-form-item label="排除域名" prop="ds_exclude_domains">
<el-input type="textarea" :rows="5" v-model="ruleForm.ds_exclude_domains"
placeholder="输入域名用,号分隔,默认匹配所有子域名, 如baidu.com,163.com"></el-input>
placeholder="输入域名用,号分隔,默认匹配所有子域名, 如baidu.com,163.com"></el-input>
<div class="msg-info">域名拆分隧道仅支持AnyConnect的windows和MacOS桌面客户端不支持移动端.</div>
</el-form-item>
</el-tab-pane>
@@ -471,22 +415,24 @@
</templete>
<el-button type="primary" @click="submitForm('ruleForm')">保存</el-button>
<el-button @click="closeDialog">取消</el-button>
<templete v-if="activeTab == 'authtype' && ruleForm.auth.type != 'local'">
<el-button type="success" @click="saveldapUsers" :loading="saveLoading"
style="margin-left:10px">同步用户</el-button>
<el-tooltip content="保存或更新LDAP用户到本地" placement="top">
<i class="el-icon-info" style="margin-left: 10px; cursor: pointer; color: #888;"></i>
</el-tooltip>
</templete>
</el-form-item>
</el-tabs>
</el-form>
</el-dialog>
<!--测试用户登录弹出框-->
<el-dialog
:close-on-click-modal="false"
title="测试用户登录"
:visible.sync="authLoginDialog"
width="600px"
custom-class="valgin-dialog"
center>
<el-dialog :close-on-click-modal="false" title="测试用户登录" :visible.sync="authLoginDialog" width="600px"
custom-class="valgin-dialog" center>
<el-form :model="authLoginForm" :rules="authLoginRules" ref="authLoginForm" label-width="100px">
<el-form-item label="账号" prop="name">
<el-input v-model="authLoginForm.name" ref="authLoginFormName"
@keydown.enter.native="testAuthLogin"></el-input>
@keydown.enter.native="testAuthLogin"></el-input>
</el-form-item>
<el-form-item label="密码" prop="pwd">
<el-input type="password" v-model="authLoginForm.pwd" @keydown.enter.native="testAuthLogin"></el-input>
@@ -498,17 +444,12 @@
</el-form>
</el-dialog>
<!--编辑模式弹窗-->
<el-dialog
:close-on-click-modal="false"
title="编辑模式"
:visible.sync="ipListDialog"
width="650px"
custom-class="valgin-dialog"
center>
<el-dialog :close-on-click-modal="false" title="编辑模式" :visible.sync="ipListDialog" width="650px"
custom-class="valgin-dialog" center>
<el-form ref="ipEditForm" label-width="80px">
<el-form-item label="路由表" prop="ip_list">
<el-input type="textarea" :rows="10" v-model="ipEditForm.ip_list"
placeholder="每行一条路由192.168.1.0/24,备注 或 192.168.1.0/24"></el-input>
placeholder="每行一条路由192.168.1.0/24,备注 或 192.168.1.0/24"></el-input>
<div class="msg-info">当前共
{{ ipEditForm.ip_list.trim() === '' ? 0 : ipEditForm.ip_list.trim().split("\n").length }}
AnyConnect客户端最多支持{{ this.maxRouteRows }}条路由
@@ -529,7 +470,7 @@ import draggable from 'vuedraggable'
export default {
name: "List",
components: {draggable},
components: { draggable },
mixins: [],
created() {
this.$emit('update:route_path', this.$route.path)
@@ -550,7 +491,7 @@ export default {
maxRouteRows: 2500,
defAuth: {
type: 'local',
radius: {addr: "", secret: "", nasip: ""},
radius: { addr: "", secret: "", nasip: "" },
ldap: {
addr: "",
tls: false,
@@ -560,6 +501,7 @@ export default {
member_of: "",
bind_name: "",
bind_pwd: "",
enable_otp: false,
},
},
ruleForm: {
@@ -567,14 +509,15 @@ export default {
bandwidth_format: '0',
status: 1,
allow_lan: true,
client_dns: [{val: '114.114.114.114', note: '默认dns'}],
client_dns: [{ val: '114.114.114.114', note: '默认dns' }],
split_dns: [],
route_include: [{val: 'all', note: '默认全局代理'}],
route_include: [{ val: 'all', note: '默认全局代理' }],
route_exclude: [],
link_acl: [],
auth: {},
},
authLoginDialog: false,
saveLoading: false,
ipListDialog: false,
authLoginLoading: false,
authLoginForm: {
@@ -588,55 +531,55 @@ export default {
ipEditLoading: false,
authLoginRules: {
name: [
{required: true, message: '请输入账号', trigger: 'blur'},
{ required: true, message: '请输入账号', trigger: 'blur' },
],
pwd: [
{required: true, message: '请输入密码', trigger: 'blur'},
{min: 6, message: '长度至少 6 个字符', trigger: 'blur'}
{ required: true, message: '请输入密码', trigger: 'blur' },
{ min: 6, message: '长度至少 6 个字符', trigger: 'blur' }
],
},
rules: {
name: [
{required: true, message: '请输入组名', trigger: 'blur'},
{max: 30, message: '长度小于 30 个字符', trigger: 'blur'}
{ required: true, message: '请输入组名', trigger: 'blur' },
{ max: 30, message: '长度小于 30 个字符', trigger: 'blur' }
],
bandwidth_format: [
{required: true, message: '请输入带宽限制', trigger: 'blur'},
{type: 'string', message: '带宽限制必须为数字值'}
{ required: true, message: '请输入带宽限制', trigger: 'blur' },
{ type: 'string', message: '带宽限制必须为数字值' }
],
status: [
{required: true}
{ required: true }
],
"auth.radius.addr": [
{required: true, message: '请输入Radius服务器', trigger: 'blur'}
{ required: true, message: '请输入Radius服务器', trigger: 'blur' }
],
"auth.radius.secret": [
{required: true, message: '请输入Radius密钥', trigger: 'blur'}
{ required: true, message: '请输入Radius密钥', trigger: 'blur' }
],
"auth.ldap.addr": [
{required: true, message: '请输入服务器地址(含端口)', trigger: 'blur'}
{ required: true, message: '请输入服务器地址(含端口)', trigger: 'blur' }
],
"auth.ldap.bind_name": [
{required: true, message: '请输入管理员 DN', trigger: 'blur'}
{ required: true, message: '请输入管理员 DN', trigger: 'blur' }
],
"auth.ldap.bind_pwd": [
{required: true, message: '请输入管理员密码', trigger: 'blur'}
{ required: true, message: '请输入管理员密码', trigger: 'blur' }
],
"auth.ldap.base_dn": [
{required: true, message: '请输入Base DN值', trigger: 'blur'}
{ required: true, message: '请输入Base DN值', trigger: 'blur' }
],
"auth.ldap.object_class": [
{required: true, message: '请输入用户对象类', trigger: 'blur'}
{ required: true, message: '请输入用户对象类', trigger: 'blur' }
],
"auth.ldap.search_attr": [
{required: true, message: '请输入用户唯一ID', trigger: 'blur'}
{ required: true, message: '请输入用户唯一ID', trigger: 'blur' }
],
},
}
},
methods: {
onEnd: function() {
window.console.log("onEnd", this.ruleForm.link_acl);
onEnd: function () {
window.console.log("onEnd", this.ruleForm.link_acl);
},
setAuthData(row) {
if (!row) {
@@ -716,7 +659,12 @@ export default {
},
addDomain(arr) {
console.log("arr", arr)
arr.push({protocol:"all", val: "", action: "allow", port: "0", note: ""});
arr.push({ protocol: "all", val: "", action: "allow", port: "0", note: "" });
},
handleOtpChange(newValue) {
// 记录 OTP 状态变化
this.otpChanged = true;
this.newOtpState = newValue;
},
submitForm(formName) {
this.$refs[formName].validate((valid) => {
@@ -729,6 +677,13 @@ export default {
const rdata = resp.data;
if (rdata.code === 0) {
this.$message.success(rdata.msg);
// 如果 OTP 状态发生变化,触发用户同步
if (this.ruleForm.auth.type === 'ldap' && this.otpChanged) {
this.saveldapUsers();
}
// 重置变化标记
this.otpChanged = false;
this.getData(1);
this.user_edit_dialog = false
} else {
@@ -741,6 +696,22 @@ export default {
});
});
},
saveldapUsers() {
this.saveLoading = true;
axios.post('/group/saveldapusers', this.ruleForm).then(resp => {
const rdata = resp.data;
if (rdata.code === 0) {
this.$message.success(rdata.data || '同步成功');
} else {
this.$message.error(rdata.msg);
}
}).catch(error => {
this.$message.error('同步失败请检查LDAP配置');
console.log(error);
}).finally(() => {
this.saveLoading = false;
});
},
testAuthLogin() {
this.$refs["authLoginForm"].validate((valid) => {
if (!valid) {
@@ -804,7 +775,7 @@ export default {
}
let note = ip[1] ? ip[1] : "";
const pushToArr = () => {
arr.push({val: ip[0], note: note});
arr.push({ val: ip[0], note: note });
};
if (this.ipEditForm.type == "route_include" && ip[0] == "all") {
pushToArr();
@@ -825,7 +796,7 @@ export default {
isValidCIDR(input) {
const cidrRegex = /^((25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(25[0-5]|2[0-4]\d|[01]?\d\d?)\/([12]?\d|3[0-2])$/;
if (!cidrRegex.test(input)) {
return {valid: false, suggestion: null};
return { valid: false, suggestion: null };
}
const [ip, mask] = input.split('/');
const maskNum = parseInt(mask);
@@ -840,10 +811,10 @@ export default {
networkIPParts.push(parseInt(octet, 2));
}
const suggestedIP = networkIPParts.join('.');
return {valid: false, suggestion: `${suggestedIP}/${mask}`};
return { valid: false, suggestion: `${suggestedIP}/${mask}` };
}
}
return {valid: true, suggestion: null};
return { valid: true, suggestion: null };
},
resetForm(formName) {
this.$refs[formName].resetFields();
@@ -927,5 +898,4 @@ export default {
.drag-handle {
cursor: move;
}
</style>

114
web/src/pages/user/List.vue
View File

@@ -21,7 +21,7 @@
</el-dropdown-menu>
</el-dropdown>
</el-form-item>
<el-form-item label="用户名或姓名或邮箱:">
<el-form-item label="用户名或姓名或邮箱或类型:">
<el-input size="small" v-model="searchData" placeholder="请输入内容"
@keydown.enter.native="searchEnterFun"></el-input>
</el-form-item>
@@ -32,13 +32,47 @@
<el-button size="small" icon="el-icon-refresh" @click="reset">重置搜索
</el-button>
</el-form-item>
<!-- 批量操作按钮 -->
<el-form-item>
<el-dropdown size="small" :disabled="multipleSelection.length === 0">
<el-button size="small" type="warning">批量操作<i class="el-icon-arrow-down el-icon--right"></i>
</el-button>
<el-dropdown-menu slot="dropdown">
<el-dropdown-item @click.native="batchSendEmail">
<i class="el-icon-message" style="margin-right: 5px; color: #409EFF;"></i>批量邮件
</el-dropdown-item>
<el-dropdown-item @click.native="batchDelete">
<i class="el-icon-delete" style="margin-right: 5px; color: #F56C6C;"></i>批量删除
</el-dropdown-item>
</el-dropdown-menu>
</el-dropdown>
</el-form-item>
</el-form>
<el-table ref="multipleTable" :data="tableData" border>
<el-table ref="multipleTable" :data="tableData" border @selection-change="handleSelectionChange">
<!-- 添加多选列 -->
<el-table-column type="selection" width="55"></el-table-column>
<el-table-column sortable="true" prop="id" label="ID" width="60">
</el-table-column>
<el-table-column prop="type" label="类型" width="70">
<template slot-scope="scope">
<el-tag v-if="scope.row.type === 'local'" type="success" size="small">
local
</el-tag>
<el-tag v-else-if="scope.row.type === 'ldap'" type="warning" size="small">
ldap
</el-tag>
<el-tag v-else-if="scope.row.type === 'radius'" type="info" size="small">
radius
</el-tag>
<el-tag v-else size="small">
{{ scope.row.type || '未知' }}
</el-tag>
</template>
</el-table-column>
<el-table-column prop="username" label="用户名" width="150">
</el-table-column>
@@ -118,28 +152,31 @@
<el-form-item label="用户ID" prop="id">
<el-input v-model="ruleForm.id" disabled></el-input>
</el-form-item>
<el-form-item label="类型" prop="type">
<el-input v-model="ruleForm.type" disabled></el-input>
</el-form-item>
<el-form-item label="用户名" prop="username">
<el-input v-model="ruleForm.username" :disabled="ruleForm.id > 0"></el-input>
</el-form-item>
<el-form-item label="姓名" prop="nickname">
<el-input v-model="ruleForm.nickname"></el-input>
<el-input v-model="ruleForm.nickname" :disabled="ruleForm.type === 'ldap'"></el-input>
</el-form-item>
<el-form-item label="邮箱" prop="email">
<el-input v-model="ruleForm.email"></el-input>
<el-input v-model="ruleForm.email" :disabled="false"></el-input>
</el-form-item>
<el-form-item label="PIN码" prop="pin_code">
<el-input v-model="ruleForm.pin_code" placeholder="不填由系统自动生成"></el-input>
<el-input v-model="ruleForm.pin_code" :disabled="ruleForm.type === 'ldap'" placeholder="不填由系统自动生成"></el-input>
</el-form-item>
<el-form-item label="过期时间" prop="limittime">
<el-date-picker v-model="ruleForm.limittime" type="date" size="small" align="center" style="width:130px"
:picker-options="pickerOptions" placeholder="选择日期">
</el-date-picker>
:picker-options="pickerOptions" placeholder="选择日期" :disabled="ruleForm.type === 'ldap'"></el-date-picker>
</el-form-item>
<el-form-item label="禁用OTP" prop="disable_otp">
<el-switch v-model="ruleForm.disable_otp" active-text="开启OTP后用户密码为PIN码,OTP密码为扫码后生成的动态码">
<el-switch v-model="ruleForm.disable_otp" active-text="开启OTP后用户密码为PIN码,OTP密码为扫码后生成的动态码"
:disabled="ruleForm.type === 'ldap'">
</el-switch>
</el-form-item>
@@ -148,7 +185,7 @@
</el-form-item>
<el-form-item label="用户组" prop="groups">
<el-checkbox-group v-model="ruleForm.groups">
<el-checkbox-group v-model="ruleForm.groups" :disabled="ruleForm.type === 'ldap'">
<el-checkbox v-for="(item) in grouNames" :key="item" :label="item" :name="item"></el-checkbox>
</el-checkbox-group>
</el-form-item>
@@ -159,7 +196,7 @@
</el-form-item>
<el-form-item label="状态" prop="status">
<el-radio-group v-model="ruleForm.status">
<el-radio-group v-model="ruleForm.status" :disabled="ruleForm.type === 'ldap'">
<el-radio :label="1" border>启用</el-radio>
<el-radio :label="0" border>停用</el-radio>
<el-radio :label="2" border>过期</el-radio>
@@ -200,6 +237,7 @@ export default {
grouNames: [],
tableData: [],
count: 10,
multipleSelection: [], // 多选数据
pickerOptions: {
disabledDate(time) {
return time.getTime() < Date.now();
@@ -208,6 +246,7 @@ export default {
searchData: '',
otpImgData: { visible: false, username: '', nickname: '', base64Img: '' },
ruleForm: {
type: `local`,
send_email: true,
status: 1,
groups: [],
@@ -322,6 +361,61 @@ export default {
console.log(this.searchData)
this.getData(1, this.searchData)
},
handleSelectionChange(val) {
this.multipleSelection = val;
},
// 批量发邮件
batchSendEmail() {
if (this.multipleSelection.length === 0) {
this.$message.warning('请选择要发送邮件的用户');
return;
}
this.$confirm('确定要给选中的用户发送账号邮件吗?', '批量发邮件', {
confirmButtonText: '确定',
cancelButtonText: '取消',
type: 'warning'
}).then(() => {
const userIds = this.multipleSelection.map(user => user.id);
axios.post('/user/batch/send_email', { user_ids: userIds })
.then(resp => {
if (resp.data.code === 0) {
this.$message.success('批量发送邮件成功');
} else {
this.$message.error(resp.data.msg);
}
}).catch(error => {
this.$message.error('批量发送邮件失败', error);
});
});
},
// 批量删除
batchDelete() {
if (this.multipleSelection.length === 0) {
this.$message.warning('请选择要删除的用户');
return;
}
this.$confirm('确定要删除选中的用户吗?此操作不可恢复!', '批量删除', {
confirmButtonText: '确定',
cancelButtonText: '取消',
type: 'danger'
}).then(() => {
const userIds = this.multipleSelection.map(user => user.id);
axios.post('/user/batch/delete', { user_ids: userIds })
.then(resp => {
if (resp.data.code === 0) {
this.$message.success('批量删除成功');
this.getData(this.page);
this.$refs.multipleTable.clearSelection();
} else {
this.$message.error(resp.data.msg);
}
}).catch(error => {
this.$message.error('批量删除失败', error);
});
});
},
pageChange(p) {
this.getData(p)
},