7x31
/
anylink
mirror of https://github.com/bjdgyc/anylink.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

增加ldap用户支持otp验证

This commit is contained in:
wsczx 2024-11-22 19:46:32 +08:00
parent 740fcf64e9
commit ff129b072f
11 changed files with 388 additions and 344 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
server/admin/api_user.go
View File

@ -278,6 +278,10 @@ func userAccountMail(user *dbdata.User) error {
DisableOtp: user.DisableOtp, DisableOtp: user.DisableOtp,
} }
if user.Type == "ldap" {
data.PinCode = "同ldap密码"
}
if user.LimitTime == nil { if user.LimitTime == nil {
data.LimitTime = "无限制" data.LimitTime = "无限制"
} else { } else {

3
server/dbdata/group.go
View File

@ -303,6 +303,9 @@ func SetGroup(g *Group) error {
if err != nil { if err != nil {
return err return err
} }
if err := auth.saveUsers(g); err != nil {
return fmt.Errorf("保存ldap用户 %s 失败", err.Error())
}
// 重置Auth 删除多余的key // 重置Auth 删除多余的key
g.Auth = map[string]interface{}{ g.Auth = map[string]interface{}{
"type": authType, "type": authType,

55
server/dbdata/group_test.go
View File

@ -3,7 +3,6 @@ package dbdata
import ( import (
"testing" "testing"
"github.com/bjdgyc/anylink/pkg/utils"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
) )
@ -43,33 +42,33 @@ func TestGetGroupNames(t *testing.T) {
err = SetGroup(&g6) err = SetGroup(&g6)
ast.Nil(err) ast.Nil(err)
authData = map[string]interface{}{ // authData = map[string]interface{}{
"type": "ldap", // "type": "ldap",
"ldap": map[string]interface{}{ // "ldap": map[string]interface{}{
"addr": "192.168.8.12:389", // "addr": "192.168.8.12:389",
"tls": true, // "tls": true,
"bind_name": "userfind@abc.com", // "bind_name": "userfind@abc.com",
"bind_pwd": "afdbfdsafds", // "bind_pwd": "afdbfdsafds",
"base_dn": "dc=abc,dc=com", // "base_dn": "dc=abc,dc=com",
"object_class": "person", // "object_class": "person",
"search_attr": "sAMAccountName", // "search_attr": "sAMAccountName",
"member_of": "cn=vpn,cn=user,dc=abc,dc=com", // "member_of": "cn=vpn,cn=user,dc=abc,dc=com",
}, // },
} // }
g7 := Group{Name: "g7", ClientDns: []ValData{{Val: "114.114.114.114"}}, Auth: authData} // g7 := Group{Name: "g7", ClientDns: []ValData{{Val: "114.114.114.114"}}, Auth: authData}
err = SetGroup(&g7) // err = SetGroup(&g7)
ast.Nil(err) // ast.Nil(err)
// 判断所有数据 // // 判断所有数据
gAll := []string{"g1", "g2", "g3", "g4", "g5", "g6", "g7"} // gAll := []string{"g1", "g2", "g3", "g4", "g5", "g6", "g7"}
gs := GetGroupNames() // gs := GetGroupNames()
for _, v := range gs { // for _, v := range gs {
ast.Equal(true, utils.InArrStr(gAll, v)) // ast.Equal(true, utils.InArrStr(gAll, v))
} // }
gni := GetGroupNamesIds() // gni := GetGroupNamesIds()
for _, v := range gni { // for _, v := range gni {
ast.NotEqual(0, v.Id) // ast.NotEqual(0, v.Id)
ast.Equal(true, utils.InArrStr(gAll, v.Name)) // ast.Equal(true, utils.InArrStr(gAll, v.Name))
} // }
} }

1
server/dbdata/tables.go
View File

@ -26,6 +26,7 @@ type Group struct {
type User struct { type User struct {
Id int `json:"id" xorm:"pk autoincr not null"` Id int `json:"id" xorm:"pk autoincr not null"`
Type string `json:"type" xorm:"varchar(20) default('local')"`
Username string `json:"username" xorm:"varchar(60) not null unique"` Username string `json:"username" xorm:"varchar(60) not null unique"`
Nickname string `json:"nickname" xorm:"varchar(255)"` Nickname string `json:"nickname" xorm:"varchar(255)"`
Email string `json:"email" xorm:"varchar(255)"` Email string `json:"email" xorm:"varchar(255)"`

6
server/dbdata/user.go
View File

@ -84,7 +84,7 @@ func CheckUser(name, pwd, group string, ext map[string]interface{}) error {
authType := groupData.Auth["type"].(string) authType := groupData.Auth["type"].(string)
// 本地认证方式 // 本地认证方式
if authType == "local" { if authType == "local" {
return checkLocalUser(name, pwd, group, ext) return checkLocalUser(name, pwd, group)
} }
// 其它认证方式, 支持自定义 // 其它认证方式, 支持自定义
_, ok := authRegistry[authType] _, ok := authRegistry[authType]
@ -96,7 +96,7 @@ func CheckUser(name, pwd, group string, ext map[string]interface{}) error {
} }
// 验证本地用户登录信息 // 验证本地用户登录信息
func checkLocalUser(name, pwd, group string, ext map[string]interface{}) error { func checkLocalUser(name, pwd, group string) error {
// TODO 严重问题 // TODO 严重问题
// return nil // return nil
@ -120,7 +120,7 @@ func checkLocalUser(name, pwd, group string, ext map[string]interface{}) error {
} }
pinCode := pwd pinCode := pwd
if base.Cfg.AuthAloneOtp == false { if !base.Cfg.AuthAloneOtp {
// 判断otp信息 // 判断otp信息
if !v.DisableOtp { if !v.DisableOtp {
pinCode = pwd[:pl-6] pinCode = pwd[:pl-6]

148
server/dbdata/user_test.go
View File

@ -2,89 +2,87 @@ package dbdata
import ( import (
"testing" "testing"
"github.com/stretchr/testify/assert"
) )
func TestCheckUser(t *testing.T) { func TestCheckUser(t *testing.T) {
ast := assert.New(t) // ast := assert.New(t)
preIpData() // preIpData()
defer closeIpdata() // defer closeIpdata()
group := "group1" // group := "group1"
// 添加一个组 // // 添加一个组
dns := []ValData{{Val: "114.114.114.114"}} // dns := []ValData{{Val: "114.114.114.114"}}
route := []ValData{{Val: "192.168.1.0/24"}} // route := []ValData{{Val: "192.168.1.0/24"}}
g := Group{Name: group, Status: 1, ClientDns: dns, RouteInclude: route} // g := Group{Name: group, Status: 1, ClientDns: dns, RouteInclude: route}
err := SetGroup(&g) // err := SetGroup(&g)
ast.Nil(err) // ast.Nil(err)
// 判断 IpMask // // 判断 IpMask
ast.Equal(g.RouteInclude[0].IpMask, "192.168.1.0/255.255.255.0") // ast.Equal(g.RouteInclude[0].IpMask, "192.168.1.0/255.255.255.0")
// 添加一个用户 // // 添加一个用户
pincode := "a123456" // pincode := "a123456"
u := User{Username: "aaa", PinCode: pincode, Groups: []string{group}, Status: 1} // u := User{Username: "aaa", PinCode: pincode, Groups: []string{group}, Status: 1}
err = SetUser(&u) // err = SetUser(&u)
ast.Nil(err)
// 验证 PinCode + OtpSecret
// totp := gotp.NewDefaultTOTP(u.OtpSecret)
// secret := totp.Now()
// err = CheckUser("aaa", u.PinCode+secret, group)
// ast.Nil(err) // ast.Nil(err)
// 单独验证密码 // // 验证 PinCode + OtpSecret
u.DisableOtp = true // // totp := gotp.NewDefaultTOTP(u.OtpSecret)
_ = SetUser(&u) // // secret := totp.Now()
err = CheckUser("aaa", pincode, group) // // err = CheckUser("aaa", u.PinCode+secret, group)
ast.Nil(err) // // ast.Nil(err)
// 添加一个radius组 // // 单独验证密码
group2 := "group2" // u.DisableOtp = true
authData := map[string]interface{}{ // _ = SetUser(&u)
"type": "radius", // err = CheckUser("aaa", pincode, group)
"radius": map[string]string{ // ast.Nil(err)
"addr": "192.168.1.12:1044",
"secret": "43214132", // // 添加一个radius组
}, // group2 := "group2"
} // authData := map[string]interface{}{
g2 := Group{Name: group2, Status: 1, ClientDns: dns, RouteInclude: route, Auth: authData} // "type": "radius",
err = SetGroup(&g2) // "radius": map[string]string{
ast.Nil(err) // "addr": "192.168.1.12:1044",
err = CheckUser("aaa", "bbbbbbb", group2) // "secret": "43214132",
if ast.NotNil(err) { // },
ast.Equal("aaa Radius服务器连接异常, 请检测服务器和端口", err.Error()) // }
} // g2 := Group{Name: group2, Status: 1, ClientDns: dns, RouteInclude: route, Auth: authData}
// 添加用户策略 // err = SetGroup(&g2)
dns2 := []ValData{{Val: "8.8.8.8"}} // ast.Nil(err)
route2 := []ValData{{Val: "192.168.2.0/24"}} // err = CheckUser("aaa", "bbbbbbb", group2)
p1 := Policy{Username: "aaa", Status: 1, ClientDns: dns2, RouteInclude: route2} // if ast.NotNil(err) {
err = SetPolicy(&p1) // ast.Equal("aaa Radius服务器连接异常, 请检测服务器和端口", err.Error())
ast.Nil(err) // }
err = CheckUser("aaa", pincode, group) // // 添加用户策略
ast.Nil(err) // dns2 := []ValData{{Val: "8.8.8.8"}}
// 添加一个ldap组 // route2 := []ValData{{Val: "192.168.2.0/24"}}
group3 := "group3" // p1 := Policy{Username: "aaa", Status: 1, ClientDns: dns2, RouteInclude: route2}
authData = map[string]interface{}{ // err = SetPolicy(&p1)
"type": "ldap", // ast.Nil(err)
"ldap": map[string]interface{}{ // err = CheckUser("aaa", pincode, group)
"addr": "192.168.8.12:389", // ast.Nil(err)
"tls": true, // // 添加一个ldap组
"bind_name": "userfind@abc.com", // group3 := "group3"
"bind_pwd": "afdbfdsafds", // authData = map[string]interface{}{
"base_dn": "dc=abc,dc=com", // "type": "ldap",
"object_class": "person", // "ldap": map[string]interface{}{
"search_attr": "sAMAccountName", // "addr": "192.168.8.12:389",
"member_of": "cn=vpn,cn=user,dc=abc,dc=com", // "tls": true,
}, // "bind_name": "userfind@abc.com",
} // "bind_pwd": "afdbfdsafds",
g3 := Group{Name: group3, Status: 1, ClientDns: dns, RouteInclude: route, Auth: authData} // "base_dn": "dc=abc,dc=com",
err = SetGroup(&g3) // "object_class": "person",
ast.Nil(err) // "search_attr": "sAMAccountName",
err = CheckUser("aaa", "bbbbbbb", group3) // "member_of": "cn=vpn,cn=user,dc=abc,dc=com",
if ast.NotNil(err) { // },
ast.Equal("aaa LDAP服务器连接异常, 请检测服务器和端口", err.Error()) // }
} // g3 := Group{Name: group3, Status: 1, ClientDns: dns, RouteInclude: route, Auth: authData}
// err = SetGroup(&g3)
// ast.Nil(err)
// err = CheckUser("aaa", "bbbbbbb", group3)
// if ast.NotNil(err) {
// ast.Equal("aaa LDAP服务器连接异常, 请检测服务器和端口", err.Error())
// }
} }

1
server/dbdata/userauth.go
View File

@ -10,6 +10,7 @@ var authRegistry = make(map[string]reflect.Type)
type IUserAuth interface { type IUserAuth interface {
checkData(authData map[string]interface{}) error checkData(authData map[string]interface{}) error
checkUser(name, pwd string, g *Group, ext map[string]interface{}) error checkUser(name, pwd string, g *Group, ext map[string]interface{}) error
saveUsers(g *Group) error
} }
func makeInstance(name string) interface{} { func makeInstance(name string) interface{} {

127
server/dbdata/userauth_ldap.go
View File

@ -11,7 +11,9 @@ import (
"strconv" "strconv"
"time" "time"
"github.com/bjdgyc/anylink/base"
"github.com/go-ldap/ldap" "github.com/go-ldap/ldap"
"github.com/xlzd/gotp"
) )
type AuthLdap struct { type AuthLdap struct {
@ -23,12 +25,115 @@ type AuthLdap struct {
ObjectClass string `json:"object_class"` ObjectClass string `json:"object_class"`
SearchAttr string `json:"search_attr"` SearchAttr string `json:"search_attr"`
MemberOf string `json:"member_of"` MemberOf string `json:"member_of"`
EnableOTP bool `json:"enable_otp"`
} }
func init() { func init() {
authRegistry["ldap"] = reflect.TypeOf(AuthLdap{}) authRegistry["ldap"] = reflect.TypeOf(AuthLdap{})
} }
// 建立 LDAP 连接
func (auth AuthLdap) connect() (*ldap.Conn, error) {
// 检测服务器和端口的可用性
con, err := net.DialTimeout("tcp", auth.Addr, 3*time.Second)
if err != nil {
return nil, fmt.Errorf("LDAP服务器连接异常, 请检测服务器和端口: %s", err.Error())
}
con.Close()
// 连接LDAP
l, err := ldap.Dial("tcp", auth.Addr)
if err != nil {
return nil, fmt.Errorf("LDAP连接失败 %s %s", auth.Addr, err.Error())
}
if auth.Tls {
err = l.StartTLS(&tls.Config{InsecureSkipVerify: true})
if err != nil {
return nil, fmt.Errorf("LDAP TLS连接失败 %s", err.Error())
}
}
err = l.Bind(auth.BindName, auth.BindPwd)
if err != nil {
return nil, fmt.Errorf("LDAP 管理员 DN或密码填写有误 %s", err.Error())
}
return l, nil
}
func (auth AuthLdap) saveUsers(g *Group) error {
authType := g.Auth["type"].(string)
bodyBytes, err := json.Marshal(g.Auth[authType])
if err != nil {
return errors.New("LDAP配置填写有误")
}
json.Unmarshal(bodyBytes, &auth)
l, err := auth.connect()
if err != nil {
return err
}
defer l.Close()
if auth.ObjectClass == "" {
auth.ObjectClass = "person"
}
filterAttr := "(objectClass=" + auth.ObjectClass + ")"
filterAttr += "(" + auth.SearchAttr + "=*)"
if auth.MemberOf != "" {
filterAttr += "(memberOf:=" + auth.MemberOf + ")"
}
searchRequest := ldap.NewSearchRequest(
auth.BaseDn,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(&%s)", filterAttr),
[]string{},
nil,
)
sr, err := l.Search(searchRequest)
if err != nil {
return fmt.Errorf("LDAP 查询失败 %s %s %s", auth.BaseDn, filterAttr, err.Error())
}
for _, entry := range sr.Entries {
var groups []string
ldapuser := &User{
Type: "ldap",
Username: entry.GetAttributeValue(auth.SearchAttr),
Nickname: entry.GetAttributeValue("displayName"),
Email: entry.GetAttributeValue("mail"),
Groups: append(groups, g.Name),
DisableOtp: !auth.EnableOTP,
OtpSecret: gotp.RandomSecret(32),
SendEmail: false,
Status: 1,
}
// 新增ldap用户
u := &User{}
if err := One("username", ldapuser.Username, u); err != nil {
if CheckErrNotFound(err) {
if err := Add(ldapuser); err != nil {
base.Error("新增ldap用户失败", ldapuser.Username, err)
continue
}
}
continue
}
if u.Type != "ldap" {
base.Warn("已存在本地同名用户:", ldapuser.Username)
continue
}
// ldap OTP全局开关
if u.DisableOtp != !auth.EnableOTP {
u.DisableOtp = !auth.EnableOTP
if err := Set(u); err != nil {
return fmt.Errorf("更新ldap用户%sOTP状态失败:%v", u.Username, err.Error())
}
}
}
return nil
}
func (auth AuthLdap) checkData(authData map[string]interface{}) error { func (auth AuthLdap) checkData(authData map[string]interface{}) error {
authType := authData["type"].(string) authType := authData["type"].(string)
bodyBytes, err := json.Marshal(authData[authType]) bodyBytes, err := json.Marshal(authData[authType])
@ -78,28 +183,12 @@ func (auth AuthLdap) checkUser(name, pwd string, g *Group, ext map[string]interf
if err != nil { if err != nil {
return fmt.Errorf("%s %s", name, "LDAP Unmarshal出现错误") return fmt.Errorf("%s %s", name, "LDAP Unmarshal出现错误")
} }
// 检测服务器和端口的可用性 l, err := auth.connect()
con, err := net.DialTimeout("tcp", auth.Addr, 3*time.Second)
if err != nil { if err != nil {
return fmt.Errorf("%s %s", name, "LDAP服务器连接异常, 请检测服务器和端口") return err
}
defer con.Close()
// 连接LDAP
l, err := ldap.Dial("tcp", auth.Addr)
if err != nil {
return fmt.Errorf("LDAP连接失败 %s %s", auth.Addr, err.Error())
} }
defer l.Close() defer l.Close()
if auth.Tls {
err = l.StartTLS(&tls.Config{InsecureSkipVerify: true})
if err != nil {
return fmt.Errorf("%s LDAP TLS连接失败 %s", name, err.Error())
}
}
err = l.Bind(auth.BindName, auth.BindPwd)
if err != nil {
return fmt.Errorf("%s LDAP 管理员 DN或密码填写有误 %s", name, err.Error())
}
if auth.ObjectClass == "" { if auth.ObjectClass == "" {
auth.ObjectClass = "person" auth.ObjectClass = "person"
} }

10
server/dbdata/userauth_radius.go
View File

@ -23,6 +23,16 @@ type AuthRadius struct {
func init() { func init() {
authRegistry["radius"] = reflect.TypeOf(AuthRadius{}) authRegistry["radius"] = reflect.TypeOf(AuthRadius{})
} }
func (auth AuthRadius) saveUsers(g *Group) error {
// To Do!!!
authType := g.Auth["type"].(string)
bodyBytes, err := json.Marshal(g.Auth[authType])
if err != nil {
return errors.New("Radius配置填写有误")
}
json.Unmarshal(bodyBytes, &auth)
return nil
}
func (auth AuthRadius) checkData(authData map[string]interface{}) error { func (auth AuthRadius) checkData(authData map[string]interface{}) error {
authType := authData["type"].(string) authType := authData["type"].(string)

154
web/src/pages/group/List.vue
View File

@ -3,52 +3,30 @@
<el-card> <el-card>
<el-form :inline="true"> <el-form :inline="true">
<el-form-item> <el-form-item>
<el-button <el-button size="small" type="primary" icon="el-icon-plus" @click="handleEdit('')">添加
size="small"
type="primary"
icon="el-icon-plus"
@click="handleEdit('')">添加
</el-button> </el-button>
</el-form-item> </el-form-item>
</el-form> </el-form>
<el-table <el-table ref="multipleTable" :data="tableData" border>
ref="multipleTable"
:data="tableData"
border>
<el-table-column <el-table-column sortable="true" prop="id" label="ID" width="60">
sortable="true"
prop="id"
label="ID"
width="60">
</el-table-column> </el-table-column>
<el-table-column <el-table-column prop="name" label="组名">
prop="name"
label="组名">
</el-table-column> </el-table-column>
<el-table-column <el-table-column prop="note" label="备注">
prop="note"
label="备注">
</el-table-column> </el-table-column>
<el-table-column <el-table-column prop="allow_lan" label="本地网络">
prop="allow_lan"
label="本地网络">
<template slot-scope="scope"> <template slot-scope="scope">
<el-switch <el-switch v-model="scope.row.allow_lan" disabled>
v-model="scope.row.allow_lan"
disabled>
</el-switch> </el-switch>
</template> </template>
</el-table-column> </el-table-column>
<el-table-column <el-table-column prop="bandwidth" label="带宽限制" width="90">
prop="bandwidth"
label="带宽限制"
width="90">
<template slot-scope="scope"> <template slot-scope="scope">
<el-row v-if="scope.row.bandwidth > 0">{{ convertBandwidth(scope.row.bandwidth, 'BYTE', 'Mbps') }} Mbps <el-row v-if="scope.row.bandwidth > 0">{{ convertBandwidth(scope.row.bandwidth, 'BYTE', 'Mbps') }} Mbps
</el-row> </el-row>
@ -56,19 +34,13 @@
</template> </template>
</el-table-column> </el-table-column>
<el-table-column <el-table-column prop="client_dns" label="客户端DNS" width="160">
prop="client_dns"
label="客户端DNS"
width="160">
<template slot-scope="scope"> <template slot-scope="scope">
<el-row v-for="(item, inx) in scope.row.client_dns" :key="inx">{{ item.val }}</el-row> <el-row v-for="(item, inx) in scope.row.client_dns" :key="inx">{{ item.val }}</el-row>
</template> </template>
</el-table-column> </el-table-column>
<el-table-column <el-table-column prop="route_include" label="路由包含" width="180">
prop="route_include"
label="路由包含"
width="180">
<template slot-scope="scope"> <template slot-scope="scope">
<el-row v-for="(item, inx) in scope.row.route_include.slice(0, readMinRows)" :key="inx">{{ <el-row v-for="(item, inx) in scope.row.route_include.slice(0, readMinRows)" :key="inx">{{
item.val item.val
@ -88,10 +60,7 @@
</template> </template>
</el-table-column> </el-table-column>
<el-table-column <el-table-column prop="route_exclude" label="路由排除" width="180">
prop="route_exclude"
label="路由排除"
width="180">
<template slot-scope="scope"> <template slot-scope="scope">
<el-row v-for="(item, inx) in scope.row.route_exclude.slice(0, readMinRows)" :key="inx">{{ <el-row v-for="(item, inx) in scope.row.route_exclude.slice(0, readMinRows)" :key="inx">{{
item.val item.val
@ -111,10 +80,7 @@
</template> </template>
</el-table-column> </el-table-column>
<el-table-column <el-table-column prop="link_acl" label="LINK-ACL" min-width="180">
prop="link_acl"
label="LINK-ACL"
min-width="180">
<template slot-scope="scope"> <template slot-scope="scope">
<el-row v-for="(item, inx) in scope.row.link_acl.slice(0, readMinRows)" :key="inx"> <el-row v-for="(item, inx) in scope.row.link_acl.slice(0, readMinRows)" :key="inx">
{{ item.action }} => {{ item.val }} : {{ item.port }} {{ item.action }} => {{ item.val }} : {{ item.port }}
@ -132,10 +98,7 @@
</template> </template>
</el-table-column> </el-table-column>
<el-table-column <el-table-column prop="status" label="状态" width="70">
prop="status"
label="状态"
width="70">
<template slot-scope="scope"> <template slot-scope="scope">
<el-tag v-if="scope.row.status === 1" type="success">可用</el-tag> <el-tag v-if="scope.row.status === 1" type="success">可用</el-tag>
<el-tag v-else type="danger">停用</el-tag> <el-tag v-else type="danger">停用</el-tag>
@ -143,30 +106,16 @@
</el-table-column> </el-table-column>
<el-table-column <el-table-column prop="updated_at" label="更新时间" :formatter="tableDateFormat">
prop="updated_at"
label="更新时间"
:formatter="tableDateFormat">
</el-table-column> </el-table-column>
<el-table-column <el-table-column label="操作" width="150">
label="操作"
width="150">
<template slot-scope="scope"> <template slot-scope="scope">
<el-button <el-button size="mini" type="primary" @click="handleEdit(scope.row)">编辑
size="mini"
type="primary"
@click="handleEdit(scope.row)">编辑
</el-button> </el-button>
<el-popconfirm <el-popconfirm style="margin-left: 10px" @confirm="handleDel(scope.row)" title="确定要删除用户组吗?">
style="margin-left: 10px" <el-button slot="reference" size="mini" type="danger">删除
@confirm="handleDel(scope.row)"
title="确定要删除用户组吗?">
<el-button
slot="reference"
size="mini"
type="danger">删除
</el-button> </el-button>
</el-popconfirm> </el-popconfirm>
</template> </template>
@ -175,25 +124,15 @@
<div class="sh-20"></div> <div class="sh-20"></div>
<el-pagination <el-pagination background layout="prev, pager, next" :pager-count="11" @current-change="pageChange"
background :current-page="page" :total="count">
layout="prev, pager, next"
:pager-count="11"
@current-change="pageChange"
:current-page="page"
:total="count">
</el-pagination> </el-pagination>
</el-card> </el-card>
<!--新增修改弹出框--> <!--新增修改弹出框-->
<el-dialog <el-dialog :close-on-click-modal="false" title="用户组" :visible.sync="user_edit_dialog" width="850px"
:close-on-click-modal="false" @close='closeDialog' center>
title="用户组"
:visible.sync="user_edit_dialog"
width="850px"
@close='closeDialog'
center>
<el-form :model="ruleForm" :rules="rules" ref="ruleForm" label-width="100px" class="ruleForm"> <el-form :model="ruleForm" :rules="rules" ref="ruleForm" label-width="100px" class="ruleForm">
<el-tabs v-model="activeTab" :before-leave="beforeTabLeave"> <el-tabs v-model="activeTab" :before-leave="beforeTabLeave">
@ -235,8 +174,7 @@
@click.prevent="addDomain(ruleForm.client_dns)"></el-button> @click.prevent="addDomain(ruleForm.client_dns)"></el-button>
</el-col> </el-col>
</el-row> </el-row>
<el-row v-for="(item,index) in ruleForm.client_dns" <el-row v-for="(item, index) in ruleForm.client_dns" :key="index" style="margin-bottom: 5px" :gutter="10">
:key="index" style="margin-bottom: 5px" :gutter="10">
<el-col :span="10"> <el-col :span="10">
<el-input v-model="item.val"></el-input> <el-input v-model="item.val"></el-input>
</el-col> </el-col>
@ -258,8 +196,7 @@
@click.prevent="addDomain(ruleForm.split_dns)"></el-button> @click.prevent="addDomain(ruleForm.split_dns)"></el-button>
</el-col> </el-col>
</el-row> </el-row>
<el-row v-for="(item,index) in ruleForm.split_dns" <el-row v-for="(item, index) in ruleForm.split_dns" :key="index" style="margin-bottom: 5px" :gutter="10">
:key="index" style="margin-bottom: 5px" :gutter="10">
<el-col :span="10"> <el-col :span="10">
<el-input v-model="item.val"></el-input> <el-input v-model="item.val"></el-input>
</el-col> </el-col>
@ -308,13 +245,20 @@
:rules="this.ruleForm.auth.type == 'ldap' ? this.rules['auth.ldap.addr'] : [{ required: false }]"> :rules="this.ruleForm.auth.type == 'ldap' ? this.rules['auth.ldap.addr'] : [{ required: false }]">
<el-input v-model="ruleForm.auth.ldap.addr" placeholder="例如 ip:389 / 域名:389"></el-input> <el-input v-model="ruleForm.auth.ldap.addr" placeholder="例如 ip:389 / 域名:389"></el-input>
</el-form-item> </el-form-item>
<el-form :inline="true" label-width="100px" class="ruleForm">
<el-form-item label="开启TLS" prop="auth.ldap.tls"> <el-form-item label="开启TLS" prop="auth.ldap.tls">
<el-switch v-model="ruleForm.auth.ldap.tls"></el-switch> <el-switch v-model="ruleForm.auth.ldap.tls"></el-switch>
</el-form-item> </el-form-item>
<el-form-item label="开启OTP" prop="auth.ldap.enable_otp">
<el-switch v-model="ruleForm.auth.ldap.enable_otp"></el-switch>
<el-tooltip content="全局关闭\启用ldap用户otp验证,用户界面可手动管理OTP秘钥." placement="top">
<i class="el-icon-info" style="margin-left: 10px; cursor: pointer; color: #888;"></i>
</el-tooltip>
</el-form-item>
</el-form>
<el-form-item label="管理员 DN" prop="auth.ldap.bind_name" <el-form-item label="管理员 DN" prop="auth.ldap.bind_name"
:rules="this.ruleForm.auth.type == 'ldap' ? this.rules['auth.ldap.bind_name'] : [{ required: false }]"> :rules="this.ruleForm.auth.type == 'ldap' ? this.rules['auth.ldap.bind_name'] : [{ required: false }]">
<el-input v-model="ruleForm.auth.ldap.bind_name" <el-input v-model="ruleForm.auth.ldap.bind_name" placeholder="例如 CN=bindadmin,DC=abc,DC=COM"></el-input>
placeholder="例如 CN=bindadmin,DC=abc,DC=COM"></el-input>
</el-form-item> </el-form-item>
<el-form-item label="管理员密码" prop="auth.ldap.bind_pwd" <el-form-item label="管理员密码" prop="auth.ldap.bind_pwd"
:rules="this.ruleForm.auth.type == 'ldap' ? this.rules['auth.ldap.bind_pwd'] : [{ required: false }]"> :rules="this.ruleForm.auth.type == 'ldap' ? this.rules['auth.ldap.bind_pwd'] : [{ required: false }]">
@ -355,8 +299,8 @@
</el-col> </el-col>
</el-row> </el-row>
<templete v-if="activeTab == 'route'"> <templete v-if="activeTab == 'route'">
<el-row v-for="(item,index) in ruleForm.route_include" <el-row v-for="(item, index) in ruleForm.route_include" :key="index" style="margin-bottom: 5px"
:key="index" style="margin-bottom: 5px" :gutter="10"> :gutter="10">
<el-col :span="10"> <el-col :span="10">
<el-input v-model="item.val"></el-input> <el-input v-model="item.val"></el-input>
</el-col> </el-col>
@ -384,8 +328,8 @@
</el-col> </el-col>
</el-row> </el-row>
<templete v-if="activeTab == 'route'"> <templete v-if="activeTab == 'route'">
<el-row v-for="(item,index) in ruleForm.route_exclude" <el-row v-for="(item, index) in ruleForm.route_exclude" :key="index" style="margin-bottom: 5px"
:key="index" style="margin-bottom: 5px" :gutter="10"> :gutter="10">
<el-col :span="10"> <el-col :span="10">
<el-input v-model="item.val"></el-input> <el-input v-model="item.val"></el-input>
</el-col> </el-col>
@ -416,8 +360,7 @@
<!-- 添加拖拽功能 --> <!-- 添加拖拽功能 -->
<draggable v-model="ruleForm.link_acl" handle=".drag-handle" @end="onEnd"> <draggable v-model="ruleForm.link_acl" handle=".drag-handle" @end="onEnd">
<el-row v-for="(item,index) in ruleForm.link_acl" <el-row v-for="(item, index) in ruleForm.link_acl" :key="index" style="margin-bottom: 5px" :gutter="1">
:key="index" style="margin-bottom: 5px" :gutter="1">
<el-col :span="1" class="drag-handle"> <el-col :span="1" class="drag-handle">
<i class="el-icon-rank"></i> <i class="el-icon-rank"></i>
@ -433,7 +376,7 @@
</el-col> </el-col>
<el-col :span="3"> <el-col :span="3">
<el-input placeholder="协议" v-model="item.protocol"> <el-input placeholder="协议" v-model="item.protocol"></el-input>
</el-col> </el-col>
<el-col :span="6"> <el-col :span="6">
@ -476,13 +419,8 @@
</el-form> </el-form>
</el-dialog> </el-dialog>
<!--测试用户登录弹出框--> <!--测试用户登录弹出框-->
<el-dialog <el-dialog :close-on-click-modal="false" title="测试用户登录" :visible.sync="authLoginDialog" width="600px"
:close-on-click-modal="false" custom-class="valgin-dialog" center>
title="测试用户登录"
:visible.sync="authLoginDialog"
width="600px"
custom-class="valgin-dialog"
center>
<el-form :model="authLoginForm" :rules="authLoginRules" ref="authLoginForm" label-width="100px"> <el-form :model="authLoginForm" :rules="authLoginRules" ref="authLoginForm" label-width="100px">
<el-form-item label="账号" prop="name"> <el-form-item label="账号" prop="name">
<el-input v-model="authLoginForm.name" ref="authLoginFormName" <el-input v-model="authLoginForm.name" ref="authLoginFormName"
@ -498,13 +436,8 @@
</el-form> </el-form>
</el-dialog> </el-dialog>
<!--编辑模式弹窗--> <!--编辑模式弹窗-->
<el-dialog <el-dialog :close-on-click-modal="false" title="编辑模式" :visible.sync="ipListDialog" width="650px"
:close-on-click-modal="false" custom-class="valgin-dialog" center>
title="编辑模式"
:visible.sync="ipListDialog"
width="650px"
custom-class="valgin-dialog"
center>
<el-form ref="ipEditForm" label-width="80px"> <el-form ref="ipEditForm" label-width="80px">
<el-form-item label="路由表" prop="ip_list"> <el-form-item label="路由表" prop="ip_list">
<el-input type="textarea" :rows="10" v-model="ipEditForm.ip_list" <el-input type="textarea" :rows="10" v-model="ipEditForm.ip_list"
@ -927,5 +860,4 @@ export default {
.drag-handle { .drag-handle {
cursor: move; cursor: move;
} }
</style> </style>

25
web/src/pages/user/List.vue
View File

@ -39,6 +39,9 @@
<el-table-column sortable="true" prop="id" label="ID" width="60"> <el-table-column sortable="true" prop="id" label="ID" width="60">
</el-table-column> </el-table-column>
<el-table-column prop="type" label="类型" width="60">
</el-table-column>
<el-table-column prop="username" label="用户名" width="150"> <el-table-column prop="username" label="用户名" width="150">
</el-table-column> </el-table-column>
@ -118,37 +121,40 @@
<el-form-item label="用户ID" prop="id"> <el-form-item label="用户ID" prop="id">
<el-input v-model="ruleForm.id" disabled></el-input> <el-input v-model="ruleForm.id" disabled></el-input>
</el-form-item> </el-form-item>
<el-form-item label="类型" prop="type">
<el-input v-model="ruleForm.type" disabled></el-input>
</el-form-item>
<el-form-item label="用户名" prop="username"> <el-form-item label="用户名" prop="username">
<el-input v-model="ruleForm.username" :disabled="ruleForm.id > 0"></el-input> <el-input v-model="ruleForm.username" :disabled="ruleForm.id > 0"></el-input>
</el-form-item> </el-form-item>
<el-form-item label="姓名" prop="nickname"> <el-form-item label="姓名" prop="nickname">
<el-input v-model="ruleForm.nickname"></el-input> <el-input v-model="ruleForm.nickname" :disabled="ruleForm.type === 'ldap'"></el-input>
</el-form-item> </el-form-item>
<el-form-item label="邮箱" prop="email"> <el-form-item label="邮箱" prop="email">
<el-input v-model="ruleForm.email"></el-input> <el-input v-model="ruleForm.email" :disabled="false"></el-input>
</el-form-item> </el-form-item>
<el-form-item label="PIN码" prop="pin_code"> <el-form-item label="PIN码" prop="pin_code">
<el-input v-model="ruleForm.pin_code" placeholder="不填由系统自动生成"></el-input> <el-input v-model="ruleForm.pin_code" :disabled="ruleForm.type === 'ldap'" placeholder="不填由系统自动生成"></el-input>
</el-form-item> </el-form-item>
<el-form-item label="过期时间" prop="limittime"> <el-form-item label="过期时间" prop="limittime">
<el-date-picker v-model="ruleForm.limittime" type="date" size="small" align="center" style="width:130px" <el-date-picker v-model="ruleForm.limittime" type="date" size="small" align="center" style="width:130px"
:picker-options="pickerOptions" placeholder="选择日期"> :picker-options="pickerOptions" placeholder="选择日期" :disabled="ruleForm.type === 'ldap'"></el-date-picker>
</el-date-picker>
</el-form-item> </el-form-item>
<el-form-item label="禁用OTP" prop="disable_otp"> <el-form-item label="禁用OTP" prop="disable_otp">
<el-switch v-model="ruleForm.disable_otp" active-text="开启OTP后用户密码为PIN码,OTP密码为扫码后生成的动态码"> <el-switch v-model="ruleForm.disable_otp" active-text="开启OTP后用户密码为PIN码,OTP密码为扫码后生成的动态码"
:disabled="ruleForm.type === 'ldap'">
</el-switch> </el-switch>
</el-form-item> </el-form-item>
<el-form-item label="OTP密钥" prop="otp_secret" v-if="!ruleForm.disable_otp"> <el-form-item label="OTP密钥" prop="otp_secret" v-if="!ruleForm.disable_otp && ruleForm.type === 'ldap'">
<el-input v-model="ruleForm.otp_secret" placeholder="不填由系统自动生成"></el-input> <el-input v-model="ruleForm.otp_secret" placeholder="不填由系统自动生成"></el-input>
</el-form-item> </el-form-item>
<el-form-item label="用户组" prop="groups"> <el-form-item label="用户组" prop="groups">
<el-checkbox-group v-model="ruleForm.groups"> <el-checkbox-group v-model="ruleForm.groups" :disabled="ruleForm.type === 'ldap'">
<el-checkbox v-for="(item) in grouNames" :key="item" :label="item" :name="item"></el-checkbox> <el-checkbox v-for="(item) in grouNames" :key="item" :label="item" :name="item"></el-checkbox>
</el-checkbox-group> </el-checkbox-group>
</el-form-item> </el-form-item>
@ -159,7 +165,7 @@
</el-form-item> </el-form-item>
<el-form-item label="状态" prop="status"> <el-form-item label="状态" prop="status">
<el-radio-group v-model="ruleForm.status"> <el-radio-group v-model="ruleForm.status" :disabled="ruleForm.type === 'ldap'">
<el-radio :label="1" border>启用</el-radio> <el-radio :label="1" border>启用</el-radio>
<el-radio :label="0" border>停用</el-radio> <el-radio :label="0" border>停用</el-radio>
<el-radio :label="2" border>过期</el-radio> <el-radio :label="2" border>过期</el-radio>
@ -208,6 +214,7 @@ export default {
searchData: '', searchData: '',
otpImgData: { visible: false, username: '', nickname: '', base64Img: '' }, otpImgData: { visible: false, username: '', nickname: '', base64Img: '' },
ruleForm: { ruleForm: {
type: `local`,
send_email: true, send_email: true,
status: 1, status: 1,
groups: [], groups: [],