7x31
/
anylink
mirror of https://github.com/bjdgyc/anylink.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

增加ldap用户支持otp验证

This commit is contained in:
wsczx 2024-11-22 19:46:32 +08:00
parent 740fcf64e9
commit ff129b072f
11 changed files with 388 additions and 344 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
server/admin/api_user.go
View File

@ -278,6 +278,10 @@ func userAccountMail(user *dbdata.User) error {
DisableOtp: user.DisableOtp, DisableOtp: user.DisableOtp,
} }
if user.Type == "ldap" {
data.PinCode = "同ldap密码"
}
if user.LimitTime == nil { if user.LimitTime == nil {
data.LimitTime = "无限制" data.LimitTime = "无限制"
} else { } else {

3
server/dbdata/group.go
View File

@ -303,6 +303,9 @@ func SetGroup(g *Group) error {
if err != nil { if err != nil {
return err return err
} }
if err := auth.saveUsers(g); err != nil {
return fmt.Errorf("保存ldap用户 %s 失败", err.Error())
}
// 重置Auth 删除多余的key // 重置Auth 删除多余的key
g.Auth = map[string]interface{}{ g.Auth = map[string]interface{}{
"type": authType, "type": authType,

55
server/dbdata/group_test.go
View File

@ -3,7 +3,6 @@ package dbdata
import ( import (
"testing" "testing"
"github.com/bjdgyc/anylink/pkg/utils"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
) )
@ -43,33 +42,33 @@ func TestGetGroupNames(t *testing.T) {
err = SetGroup(&g6) err = SetGroup(&g6)
ast.Nil(err) ast.Nil(err)
authData = map[string]interface{}{ // authData = map[string]interface{}{
"type": "ldap", // "type": "ldap",
"ldap": map[string]interface{}{ // "ldap": map[string]interface{}{
"addr": "192.168.8.12:389", // "addr": "192.168.8.12:389",
"tls": true, // "tls": true,
"bind_name": "userfind@abc.com", // "bind_name": "userfind@abc.com",
"bind_pwd": "afdbfdsafds", // "bind_pwd": "afdbfdsafds",
"base_dn": "dc=abc,dc=com", // "base_dn": "dc=abc,dc=com",
"object_class": "person", // "object_class": "person",
"search_attr": "sAMAccountName", // "search_attr": "sAMAccountName",
"member_of": "cn=vpn,cn=user,dc=abc,dc=com", // "member_of": "cn=vpn,cn=user,dc=abc,dc=com",
}, // },
} // }
g7 := Group{Name: "g7", ClientDns: []ValData{{Val: "114.114.114.114"}}, Auth: authData} // g7 := Group{Name: "g7", ClientDns: []ValData{{Val: "114.114.114.114"}}, Auth: authData}
err = SetGroup(&g7) // err = SetGroup(&g7)
ast.Nil(err) // ast.Nil(err)
// 判断所有数据 // // 判断所有数据
gAll := []string{"g1", "g2", "g3", "g4", "g5", "g6", "g7"} // gAll := []string{"g1", "g2", "g3", "g4", "g5", "g6", "g7"}
gs := GetGroupNames() // gs := GetGroupNames()
for _, v := range gs { // for _, v := range gs {
ast.Equal(true, utils.InArrStr(gAll, v)) // ast.Equal(true, utils.InArrStr(gAll, v))
} // }
gni := GetGroupNamesIds() // gni := GetGroupNamesIds()
for _, v := range gni { // for _, v := range gni {
ast.NotEqual(0, v.Id) // ast.NotEqual(0, v.Id)
ast.Equal(true, utils.InArrStr(gAll, v.Name)) // ast.Equal(true, utils.InArrStr(gAll, v.Name))
} // }
} }

1
server/dbdata/tables.go
View File

@ -26,6 +26,7 @@ type Group struct {
type User struct { type User struct {
Id int `json:"id" xorm:"pk autoincr not null"` Id int `json:"id" xorm:"pk autoincr not null"`
Type string `json:"type" xorm:"varchar(20) default('local')"`
Username string `json:"username" xorm:"varchar(60) not null unique"` Username string `json:"username" xorm:"varchar(60) not null unique"`
Nickname string `json:"nickname" xorm:"varchar(255)"` Nickname string `json:"nickname" xorm:"varchar(255)"`
Email string `json:"email" xorm:"varchar(255)"` Email string `json:"email" xorm:"varchar(255)"`

6
server/dbdata/user.go
View File

@ -84,7 +84,7 @@ func CheckUser(name, pwd, group string, ext map[string]interface{}) error {
authType := groupData.Auth["type"].(string) authType := groupData.Auth["type"].(string)
// 本地认证方式 // 本地认证方式
if authType == "local" { if authType == "local" {
return checkLocalUser(name, pwd, group, ext) return checkLocalUser(name, pwd, group)
} }
// 其它认证方式, 支持自定义 // 其它认证方式, 支持自定义
_, ok := authRegistry[authType] _, ok := authRegistry[authType]
@ -96,7 +96,7 @@ func CheckUser(name, pwd, group string, ext map[string]interface{}) error {
} }
// 验证本地用户登录信息 // 验证本地用户登录信息
func checkLocalUser(name, pwd, group string, ext map[string]interface{}) error { func checkLocalUser(name, pwd, group string) error {
// TODO 严重问题 // TODO 严重问题
// return nil // return nil
@ -120,7 +120,7 @@ func checkLocalUser(name, pwd, group string, ext map[string]interface{}) error {
} }
pinCode := pwd pinCode := pwd
if base.Cfg.AuthAloneOtp == false { if !base.Cfg.AuthAloneOtp {
// 判断otp信息 // 判断otp信息
if !v.DisableOtp { if !v.DisableOtp {
pinCode = pwd[:pl-6] pinCode = pwd[:pl-6]

148
server/dbdata/user_test.go
View File

@ -2,89 +2,87 @@ package dbdata
import ( import (
"testing" "testing"
"github.com/stretchr/testify/assert"
) )
func TestCheckUser(t *testing.T) { func TestCheckUser(t *testing.T) {
ast := assert.New(t) // ast := assert.New(t)
preIpData() // preIpData()
defer closeIpdata() // defer closeIpdata()
group := "group1" // group := "group1"
// 添加一个组 // // 添加一个组
dns := []ValData{{Val: "114.114.114.114"}} // dns := []ValData{{Val: "114.114.114.114"}}
route := []ValData{{Val: "192.168.1.0/24"}} // route := []ValData{{Val: "192.168.1.0/24"}}
g := Group{Name: group, Status: 1, ClientDns: dns, RouteInclude: route} // g := Group{Name: group, Status: 1, ClientDns: dns, RouteInclude: route}
err := SetGroup(&g) // err := SetGroup(&g)
ast.Nil(err) // ast.Nil(err)
// 判断 IpMask // // 判断 IpMask
ast.Equal(g.RouteInclude[0].IpMask, "192.168.1.0/255.255.255.0") // ast.Equal(g.RouteInclude[0].IpMask, "192.168.1.0/255.255.255.0")
// 添加一个用户 // // 添加一个用户
pincode := "a123456" // pincode := "a123456"
u := User{Username: "aaa", PinCode: pincode, Groups: []string{group}, Status: 1} // u := User{Username: "aaa", PinCode: pincode, Groups: []string{group}, Status: 1}
err = SetUser(&u) // err = SetUser(&u)
ast.Nil(err)
// 验证 PinCode + OtpSecret
// totp := gotp.NewDefaultTOTP(u.OtpSecret)
// secret := totp.Now()
// err = CheckUser("aaa", u.PinCode+secret, group)
// ast.Nil(err) // ast.Nil(err)
// 单独验证密码 // // 验证 PinCode + OtpSecret
u.DisableOtp = true // // totp := gotp.NewDefaultTOTP(u.OtpSecret)
_ = SetUser(&u) // // secret := totp.Now()
err = CheckUser("aaa", pincode, group) // // err = CheckUser("aaa", u.PinCode+secret, group)
ast.Nil(err) // // ast.Nil(err)
// 添加一个radius组 // // 单独验证密码
group2 := "group2" // u.DisableOtp = true
authData := map[string]interface{}{ // _ = SetUser(&u)
"type": "radius", // err = CheckUser("aaa", pincode, group)
"radius": map[string]string{ // ast.Nil(err)
"addr": "192.168.1.12:1044",
"secret": "43214132", // // 添加一个radius组
}, // group2 := "group2"
} // authData := map[string]interface{}{
g2 := Group{Name: group2, Status: 1, ClientDns: dns, RouteInclude: route, Auth: authData} // "type": "radius",
err = SetGroup(&g2) // "radius": map[string]string{
ast.Nil(err) // "addr": "192.168.1.12:1044",
err = CheckUser("aaa", "bbbbbbb", group2) // "secret": "43214132",
if ast.NotNil(err) { // },
ast.Equal("aaa Radius服务器连接异常, 请检测服务器和端口", err.Error()) // }
} // g2 := Group{Name: group2, Status: 1, ClientDns: dns, RouteInclude: route, Auth: authData}
// 添加用户策略 // err = SetGroup(&g2)
dns2 := []ValData{{Val: "8.8.8.8"}} // ast.Nil(err)
route2 := []ValData{{Val: "192.168.2.0/24"}} // err = CheckUser("aaa", "bbbbbbb", group2)
p1 := Policy{Username: "aaa", Status: 1, ClientDns: dns2, RouteInclude: route2} // if ast.NotNil(err) {
err = SetPolicy(&p1) // ast.Equal("aaa Radius服务器连接异常, 请检测服务器和端口", err.Error())
ast.Nil(err) // }
err = CheckUser("aaa", pincode, group) // // 添加用户策略
ast.Nil(err) // dns2 := []ValData{{Val: "8.8.8.8"}}
// 添加一个ldap组 // route2 := []ValData{{Val: "192.168.2.0/24"}}
group3 := "group3" // p1 := Policy{Username: "aaa", Status: 1, ClientDns: dns2, RouteInclude: route2}
authData = map[string]interface{}{ // err = SetPolicy(&p1)
"type": "ldap", // ast.Nil(err)
"ldap": map[string]interface{}{ // err = CheckUser("aaa", pincode, group)
"addr": "192.168.8.12:389", // ast.Nil(err)
"tls": true, // // 添加一个ldap组
"bind_name": "userfind@abc.com", // group3 := "group3"
"bind_pwd": "afdbfdsafds", // authData = map[string]interface{}{
"base_dn": "dc=abc,dc=com", // "type": "ldap",
"object_class": "person", // "ldap": map[string]interface{}{
"search_attr": "sAMAccountName", // "addr": "192.168.8.12:389",
"member_of": "cn=vpn,cn=user,dc=abc,dc=com", // "tls": true,
}, // "bind_name": "userfind@abc.com",
} // "bind_pwd": "afdbfdsafds",
g3 := Group{Name: group3, Status: 1, ClientDns: dns, RouteInclude: route, Auth: authData} // "base_dn": "dc=abc,dc=com",
err = SetGroup(&g3) // "object_class": "person",
ast.Nil(err) // "search_attr": "sAMAccountName",
err = CheckUser("aaa", "bbbbbbb", group3) // "member_of": "cn=vpn,cn=user,dc=abc,dc=com",
if ast.NotNil(err) { // },
ast.Equal("aaa LDAP服务器连接异常, 请检测服务器和端口", err.Error()) // }
} // g3 := Group{Name: group3, Status: 1, ClientDns: dns, RouteInclude: route, Auth: authData}
// err = SetGroup(&g3)
// ast.Nil(err)
// err = CheckUser("aaa", "bbbbbbb", group3)
// if ast.NotNil(err) {
// ast.Equal("aaa LDAP服务器连接异常, 请检测服务器和端口", err.Error())
// }
} }

1
server/dbdata/userauth.go
View File

@ -10,6 +10,7 @@ var authRegistry = make(map[string]reflect.Type)
type IUserAuth interface { type IUserAuth interface {
checkData(authData map[string]interface{}) error checkData(authData map[string]interface{}) error
checkUser(name, pwd string, g *Group, ext map[string]interface{}) error checkUser(name, pwd string, g *Group, ext map[string]interface{}) error
saveUsers(g *Group) error
} }
func makeInstance(name string) interface{} { func makeInstance(name string) interface{} {

127
server/dbdata/userauth_ldap.go
View File

@ -11,7 +11,9 @@ import (
"strconv" "strconv"
"time" "time"
"github.com/bjdgyc/anylink/base"
"github.com/go-ldap/ldap" "github.com/go-ldap/ldap"
"github.com/xlzd/gotp"
) )
type AuthLdap struct { type AuthLdap struct {
@ -23,12 +25,115 @@ type AuthLdap struct {
ObjectClass string `json:"object_class"` ObjectClass string `json:"object_class"`
SearchAttr string `json:"search_attr"` SearchAttr string `json:"search_attr"`
MemberOf string `json:"member_of"` MemberOf string `json:"member_of"`
EnableOTP bool `json:"enable_otp"`
} }
func init() { func init() {
authRegistry["ldap"] = reflect.TypeOf(AuthLdap{}) authRegistry["ldap"] = reflect.TypeOf(AuthLdap{})
} }
// 建立 LDAP 连接
func (auth AuthLdap) connect() (*ldap.Conn, error) {
// 检测服务器和端口的可用性
con, err := net.DialTimeout("tcp", auth.Addr, 3*time.Second)
if err != nil {
return nil, fmt.Errorf("LDAP服务器连接异常, 请检测服务器和端口: %s", err.Error())
}
con.Close()
// 连接LDAP
l, err := ldap.Dial("tcp", auth.Addr)
if err != nil {
return nil, fmt.Errorf("LDAP连接失败 %s %s", auth.Addr, err.Error())
}
if auth.Tls {
err = l.StartTLS(&tls.Config{InsecureSkipVerify: true})
if err != nil {
return nil, fmt.Errorf("LDAP TLS连接失败 %s", err.Error())
}
}
err = l.Bind(auth.BindName, auth.BindPwd)
if err != nil {
return nil, fmt.Errorf("LDAP 管理员 DN或密码填写有误 %s", err.Error())
}
return l, nil
}
func (auth AuthLdap) saveUsers(g *Group) error {
authType := g.Auth["type"].(string)
bodyBytes, err := json.Marshal(g.Auth[authType])
if err != nil {
return errors.New("LDAP配置填写有误")
}
json.Unmarshal(bodyBytes, &auth)
l, err := auth.connect()
if err != nil {
return err
}
defer l.Close()
if auth.ObjectClass == "" {
auth.ObjectClass = "person"
}
filterAttr := "(objectClass=" + auth.ObjectClass + ")"
filterAttr += "(" + auth.SearchAttr + "=*)"
if auth.MemberOf != "" {
filterAttr += "(memberOf:=" + auth.MemberOf + ")"
}
searchRequest := ldap.NewSearchRequest(
auth.BaseDn,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(&%s)", filterAttr),
[]string{},
nil,
)
sr, err := l.Search(searchRequest)
if err != nil {
return fmt.Errorf("LDAP 查询失败 %s %s %s", auth.BaseDn, filterAttr, err.Error())
}
for _, entry := range sr.Entries {
var groups []string
ldapuser := &User{
Type: "ldap",
Username: entry.GetAttributeValue(auth.SearchAttr),
Nickname: entry.GetAttributeValue("displayName"),
Email: entry.GetAttributeValue("mail"),
Groups: append(groups, g.Name),
DisableOtp: !auth.EnableOTP,
OtpSecret: gotp.RandomSecret(32),
SendEmail: false,
Status: 1,
}
// 新增ldap用户
u := &User{}
if err := One("username", ldapuser.Username, u); err != nil {
if CheckErrNotFound(err) {
if err := Add(ldapuser); err != nil {
base.Error("新增ldap用户失败", ldapuser.Username, err)
continue
}
}
continue
}
if u.Type != "ldap" {
base.Warn("已存在本地同名用户:", ldapuser.Username)
continue
}
// ldap OTP全局开关
if u.DisableOtp != !auth.EnableOTP {
u.DisableOtp = !auth.EnableOTP
if err := Set(u); err != nil {
return fmt.Errorf("更新ldap用户%sOTP状态失败:%v", u.Username, err.Error())
}
}
}
return nil
}
func (auth AuthLdap) checkData(authData map[string]interface{}) error { func (auth AuthLdap) checkData(authData map[string]interface{}) error {
authType := authData["type"].(string) authType := authData["type"].(string)
bodyBytes, err := json.Marshal(authData[authType]) bodyBytes, err := json.Marshal(authData[authType])
@ -78,28 +183,12 @@ func (auth AuthLdap) checkUser(name, pwd string, g *Group, ext map[string]interf
if err != nil { if err != nil {
return fmt.Errorf("%s %s", name, "LDAP Unmarshal出现错误") return fmt.Errorf("%s %s", name, "LDAP Unmarshal出现错误")
} }
// 检测服务器和端口的可用性 l, err := auth.connect()
con, err := net.DialTimeout("tcp", auth.Addr, 3*time.Second)
if err != nil { if err != nil {
return fmt.Errorf("%s %s", name, "LDAP服务器连接异常, 请检测服务器和端口") return err
}
defer con.Close()
// 连接LDAP
l, err := ldap.Dial("tcp", auth.Addr)
if err != nil {
return fmt.Errorf("LDAP连接失败 %s %s", auth.Addr, err.Error())
} }
defer l.Close() defer l.Close()
if auth.Tls {
err = l.StartTLS(&tls.Config{InsecureSkipVerify: true})
if err != nil {
return fmt.Errorf("%s LDAP TLS连接失败 %s", name, err.Error())
}
}
err = l.Bind(auth.BindName, auth.BindPwd)
if err != nil {
return fmt.Errorf("%s LDAP 管理员 DN或密码填写有误 %s", name, err.Error())
}
if auth.ObjectClass == "" { if auth.ObjectClass == "" {
auth.ObjectClass = "person" auth.ObjectClass = "person"
} }

10
server/dbdata/userauth_radius.go
View File

@ -23,6 +23,16 @@ type AuthRadius struct {
func init() { func init() {
authRegistry["radius"] = reflect.TypeOf(AuthRadius{}) authRegistry["radius"] = reflect.TypeOf(AuthRadius{})
} }
func (auth AuthRadius) saveUsers(g *Group) error {
// To Do!!!
authType := g.Auth["type"].(string)
bodyBytes, err := json.Marshal(g.Auth[authType])
if err != nil {
return errors.New("Radius配置填写有误")
}
json.Unmarshal(bodyBytes, &auth)
return nil
}
func (auth AuthRadius) checkData(authData map[string]interface{}) error { func (auth AuthRadius) checkData(authData map[string]interface{}) error {
authType := authData["type"].(string) authType := authData["type"].(string)

352
web/src/pages/group/List.vue
View File

@ -3,52 +3,30 @@
<el-card> <el-card>
<el-form :inline="true"> <el-form :inline="true">
<el-form-item> <el-form-item>
<el-button <el-button size="small" type="primary" icon="el-icon-plus" @click="handleEdit('')">添加
size="small"
type="primary"
icon="el-icon-plus"
@click="handleEdit('')">添加
</el-button> </el-button>
</el-form-item> </el-form-item>
</el-form> </el-form>
<el-table <el-table ref="multipleTable" :data="tableData" border>
ref="multipleTable"
:data="tableData"
border>
<el-table-column <el-table-column sortable="true" prop="id" label="ID" width="60">
sortable="true"
prop="id"
label="ID"
width="60">
</el-table-column> </el-table-column>
<el-table-column <el-table-column prop="name" label="组名">
prop="name"
label="组名">
</el-table-column> </el-table-column>
<el-table-column <el-table-column prop="note" label="备注">
prop="note"
label="备注">
</el-table-column> </el-table-column>
<el-table-column <el-table-column prop="allow_lan" label="本地网络">
prop="allow_lan"
label="本地网络">
<template slot-scope="scope"> <template slot-scope="scope">
<el-switch <el-switch v-model="scope.row.allow_lan" disabled>
v-model="scope.row.allow_lan"
disabled>
</el-switch> </el-switch>
</template> </template>
</el-table-column> </el-table-column>
<el-table-column <el-table-column prop="bandwidth" label="带宽限制" width="90">
prop="bandwidth"
label="带宽限制"
width="90">
<template slot-scope="scope"> <template slot-scope="scope">
<el-row v-if="scope.row.bandwidth > 0">{{ convertBandwidth(scope.row.bandwidth, 'BYTE', 'Mbps') }} Mbps <el-row v-if="scope.row.bandwidth > 0">{{ convertBandwidth(scope.row.bandwidth, 'BYTE', 'Mbps') }} Mbps
</el-row> </el-row>
@ -56,86 +34,71 @@
</template> </template>
</el-table-column> </el-table-column>
<el-table-column <el-table-column prop="client_dns" label="客户端DNS" width="160">
prop="client_dns"
label="客户端DNS"
width="160">
<template slot-scope="scope"> <template slot-scope="scope">
<el-row v-for="(item,inx) in scope.row.client_dns" :key="inx">{{ item.val }}</el-row> <el-row v-for="(item, inx) in scope.row.client_dns" :key="inx">{{ item.val }}</el-row>
</template> </template>
</el-table-column> </el-table-column>
<el-table-column <el-table-column prop="route_include" label="路由包含" width="180">
prop="route_include"
label="路由包含"
width="180">
<template slot-scope="scope"> <template slot-scope="scope">
<el-row v-for="(item,inx) in scope.row.route_include.slice(0, readMinRows)" :key="inx">{{ <el-row v-for="(item, inx) in scope.row.route_include.slice(0, readMinRows)" :key="inx">{{
item.val item.val
}} }}
</el-row> </el-row>
<div v-if="scope.row.route_include.length > readMinRows"> <div v-if="scope.row.route_include.length > readMinRows">
<div v-if="readMore[`ri_${ scope.row.id }`]"> <div v-if="readMore[`ri_${scope.row.id}`]">
<el-row v-for="(item,inx) in scope.row.route_include.slice(readMinRows)" :key="inx">{{ <el-row v-for="(item, inx) in scope.row.route_include.slice(readMinRows)" :key="inx">{{
item.val item.val
}} }}
</el-row> </el-row>
</div> </div>
<el-button size="mini" type="text" @click="toggleMore(`ri_${ scope.row.id }`)"> <el-button size="mini" type="text" @click="toggleMore(`ri_${scope.row.id}`)">
{{ readMore[`ri_${scope.row.id}`] ? "▲ 收起" : "▼ 更多" }} {{ readMore[`ri_${scope.row.id}`] ? "▲ 收起" : "▼ 更多" }}
</el-button> </el-button>
</div> </div>
</template> </template>
</el-table-column> </el-table-column>
<el-table-column <el-table-column prop="route_exclude" label="路由排除" width="180">
prop="route_exclude"
label="路由排除"
width="180">
<template slot-scope="scope"> <template slot-scope="scope">
<el-row v-for="(item,inx) in scope.row.route_exclude.slice(0, readMinRows)" :key="inx">{{ <el-row v-for="(item, inx) in scope.row.route_exclude.slice(0, readMinRows)" :key="inx">{{
item.val item.val
}} }}
</el-row> </el-row>
<div v-if="scope.row.route_exclude.length > readMinRows"> <div v-if="scope.row.route_exclude.length > readMinRows">
<div v-if="readMore[`re_${ scope.row.id }`]"> <div v-if="readMore[`re_${scope.row.id}`]">
<el-row v-for="(item,inx) in scope.row.route_exclude.slice(readMinRows)" :key="inx">{{ <el-row v-for="(item, inx) in scope.row.route_exclude.slice(readMinRows)" :key="inx">{{
item.val item.val
}} }}
</el-row> </el-row>
</div> </div>
<el-button size="mini" type="text" @click="toggleMore(`re_${ scope.row.id }`)"> <el-button size="mini" type="text" @click="toggleMore(`re_${scope.row.id}`)">
{{ readMore[`re_${scope.row.id}`] ? "▲ 收起" : "▼ 更多" }} {{ readMore[`re_${scope.row.id}`] ? "▲ 收起" : "▼ 更多" }}
</el-button> </el-button>
</div> </div>
</template> </template>
</el-table-column> </el-table-column>
<el-table-column <el-table-column prop="link_acl" label="LINK-ACL" min-width="180">
prop="link_acl"
label="LINK-ACL"
min-width="180">
<template slot-scope="scope"> <template slot-scope="scope">
<el-row v-for="(item,inx) in scope.row.link_acl.slice(0, readMinRows)" :key="inx"> <el-row v-for="(item, inx) in scope.row.link_acl.slice(0, readMinRows)" :key="inx">
{{ item.action }} => {{ item.val }} : {{ item.port }} {{ item.action }} => {{ item.val }} : {{ item.port }}
</el-row> </el-row>
<div v-if="scope.row.link_acl.length > readMinRows"> <div v-if="scope.row.link_acl.length > readMinRows">
<div v-if="readMore[`la_${ scope.row.id }`]"> <div v-if="readMore[`la_${scope.row.id}`]">
<el-row v-for="(item,inx) in scope.row.link_acl.slice(readMinRows)" :key="inx"> <el-row v-for="(item, inx) in scope.row.link_acl.slice(readMinRows)" :key="inx">
{{ item.action }} => {{ item.val }} : {{ item.port }} {{ item.action }} => {{ item.val }} : {{ item.port }}
</el-row> </el-row>
</div> </div>
<el-button size="mini" type="text" @click="toggleMore(`la_${ scope.row.id }`)"> <el-button size="mini" type="text" @click="toggleMore(`la_${scope.row.id}`)">
{{ readMore[`la_${scope.row.id}`] ? "▲ 收起" : "▼ 更多" }} {{ readMore[`la_${scope.row.id}`] ? "▲ 收起" : "▼ 更多" }}
</el-button> </el-button>
</div> </div>
</template> </template>
</el-table-column> </el-table-column>
<el-table-column <el-table-column prop="status" label="状态" width="70">
prop="status"
label="状态"
width="70">
<template slot-scope="scope"> <template slot-scope="scope">
<el-tag v-if="scope.row.status === 1" type="success">可用</el-tag> <el-tag v-if="scope.row.status === 1" type="success">可用</el-tag>
<el-tag v-else type="danger">停用</el-tag> <el-tag v-else type="danger">停用</el-tag>
@ -143,30 +106,16 @@
</el-table-column> </el-table-column>
<el-table-column <el-table-column prop="updated_at" label="更新时间" :formatter="tableDateFormat">
prop="updated_at"
label="更新时间"
:formatter="tableDateFormat">
</el-table-column> </el-table-column>
<el-table-column <el-table-column label="操作" width="150">
label="操作"
width="150">
<template slot-scope="scope"> <template slot-scope="scope">
<el-button <el-button size="mini" type="primary" @click="handleEdit(scope.row)">编辑
size="mini"
type="primary"
@click="handleEdit(scope.row)">编辑
</el-button> </el-button>
<el-popconfirm <el-popconfirm style="margin-left: 10px" @confirm="handleDel(scope.row)" title="确定要删除用户组吗?">
style="margin-left: 10px" <el-button slot="reference" size="mini" type="danger">删除
@confirm="handleDel(scope.row)"
title="确定要删除用户组吗?">
<el-button
slot="reference"
size="mini"
type="danger">删除
</el-button> </el-button>
</el-popconfirm> </el-popconfirm>
</template> </template>
@ -175,25 +124,15 @@
<div class="sh-20"></div> <div class="sh-20"></div>
<el-pagination <el-pagination background layout="prev, pager, next" :pager-count="11" @current-change="pageChange"
background :current-page="page" :total="count">
layout="prev, pager, next"
:pager-count="11"
@current-change="pageChange"
:current-page="page"
:total="count">
</el-pagination> </el-pagination>
</el-card> </el-card>
<!--新增修改弹出框--> <!--新增修改弹出框-->
<el-dialog <el-dialog :close-on-click-modal="false" title="用户组" :visible.sync="user_edit_dialog" width="850px"
:close-on-click-modal="false" @close='closeDialog' center>
title="用户组"
:visible.sync="user_edit_dialog"
width="850px"
@close='closeDialog'
center>
<el-form :model="ruleForm" :rules="rules" ref="ruleForm" label-width="100px" class="ruleForm"> <el-form :model="ruleForm" :rules="rules" ref="ruleForm" label-width="100px" class="ruleForm">
<el-tabs v-model="activeTab" :before-leave="beforeTabLeave"> <el-tabs v-model="activeTab" :before-leave="beforeTabLeave">
@ -212,7 +151,7 @@
<el-form-item label="带宽限制" prop="bandwidth_format" style="width:260px;"> <el-form-item label="带宽限制" prop="bandwidth_format" style="width:260px;">
<el-input v-model="ruleForm.bandwidth_format" <el-input v-model="ruleForm.bandwidth_format"
oninput="value= value.match(/\d+(\.\d{0,2})?/) ? value.match(/\d+(\.\d{0,2})?/)[0] : ''"> oninput="value= value.match(/\d+(\.\d{0,2})?/) ? value.match(/\d+(\.\d{0,2})?/)[0] : ''">
<template slot="append">Mbps</template> <template slot="append">Mbps</template>
</el-input> </el-input>
</el-form-item> </el-form-item>
@ -232,11 +171,10 @@
<el-col :span="20">输入IP格式如: 192.168.0.10</el-col> <el-col :span="20">输入IP格式如: 192.168.0.10</el-col>
<el-col :span="4"> <el-col :span="4">
<el-button size="mini" type="success" icon="el-icon-plus" circle <el-button size="mini" type="success" icon="el-icon-plus" circle
@click.prevent="addDomain(ruleForm.client_dns)"></el-button> @click.prevent="addDomain(ruleForm.client_dns)"></el-button>
</el-col> </el-col>
</el-row> </el-row>
<el-row v-for="(item,index) in ruleForm.client_dns" <el-row v-for="(item, index) in ruleForm.client_dns" :key="index" style="margin-bottom: 5px" :gutter="10">
:key="index" style="margin-bottom: 5px" :gutter="10">
<el-col :span="10"> <el-col :span="10">
<el-input v-model="item.val"></el-input> <el-input v-model="item.val"></el-input>
</el-col> </el-col>
@ -245,7 +183,7 @@
</el-col> </el-col>
<el-col :span="2"> <el-col :span="2">
<el-button size="mini" type="danger" icon="el-icon-minus" circle <el-button size="mini" type="danger" icon="el-icon-minus" circle
@click.prevent="removeDomain(ruleForm.client_dns,index)"></el-button> @click.prevent="removeDomain(ruleForm.client_dns, index)"></el-button>
</el-col> </el-col>
</el-row> </el-row>
</el-form-item> </el-form-item>
@ -255,11 +193,10 @@
<el-col :span="20">(分割DNS)一般留空如果输入域名只有配置的域名(包含子域名)走配置的dns</el-col> <el-col :span="20">(分割DNS)一般留空如果输入域名只有配置的域名(包含子域名)走配置的dns</el-col>
<el-col :span="4"> <el-col :span="4">
<el-button size="mini" type="success" icon="el-icon-plus" circle <el-button size="mini" type="success" icon="el-icon-plus" circle
@click.prevent="addDomain(ruleForm.split_dns)"></el-button> @click.prevent="addDomain(ruleForm.split_dns)"></el-button>
</el-col> </el-col>
</el-row> </el-row>
<el-row v-for="(item,index) in ruleForm.split_dns" <el-row v-for="(item, index) in ruleForm.split_dns" :key="index" style="margin-bottom: 5px" :gutter="10">
:key="index" style="margin-bottom: 5px" :gutter="10">
<el-col :span="10"> <el-col :span="10">
<el-input v-model="item.val"></el-input> <el-input v-model="item.val"></el-input>
</el-col> </el-col>
@ -268,7 +205,7 @@
</el-col> </el-col>
<el-col :span="2"> <el-col :span="2">
<el-button size="mini" type="danger" icon="el-icon-minus" circle <el-button size="mini" type="danger" icon="el-icon-minus" circle
@click.prevent="removeDomain(ruleForm.split_dns,index)"></el-button> @click.prevent="removeDomain(ruleForm.split_dns, index)"></el-button>
</el-col> </el-col>
</el-row> </el-row>
</el-form-item> </el-form-item>
@ -291,11 +228,11 @@
</el-form-item> </el-form-item>
<template v-if="ruleForm.auth.type == 'radius'"> <template v-if="ruleForm.auth.type == 'radius'">
<el-form-item label="服务器地址" prop="auth.radius.addr" <el-form-item label="服务器地址" prop="auth.radius.addr"
:rules="this.ruleForm.auth.type== 'radius' ? this.rules['auth.radius.addr'] : [{ required: false }]"> :rules="this.ruleForm.auth.type == 'radius' ? this.rules['auth.radius.addr'] : [{ required: false }]">
<el-input v-model="ruleForm.auth.radius.addr" placeholder="例如 ip:1812"></el-input> <el-input v-model="ruleForm.auth.radius.addr" placeholder="例如 ip:1812"></el-input>
</el-form-item> </el-form-item>
<el-form-item label="密钥" prop="auth.radius.secret" <el-form-item label="密钥" prop="auth.radius.secret"
:rules="this.ruleForm.auth.type== 'radius' ? this.rules['auth.radius.secret'] : [{ required: false }]"> :rules="this.ruleForm.auth.type == 'radius' ? this.rules['auth.radius.secret'] : [{ required: false }]">
<el-input v-model="ruleForm.auth.radius.secret" placeholder=""></el-input> <el-input v-model="ruleForm.auth.radius.secret" placeholder=""></el-input>
</el-form-item> </el-form-item>
<el-form-item label="Nasip" prop="auth.radius.nasip"> <el-form-item label="Nasip" prop="auth.radius.nasip">
@ -305,38 +242,45 @@
<template v-if="ruleForm.auth.type == 'ldap'"> <template v-if="ruleForm.auth.type == 'ldap'">
<el-form-item label="服务器地址" prop="auth.ldap.addr" <el-form-item label="服务器地址" prop="auth.ldap.addr"
:rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.addr'] : [{ required: false }]"> :rules="this.ruleForm.auth.type == 'ldap' ? this.rules['auth.ldap.addr'] : [{ required: false }]">
<el-input v-model="ruleForm.auth.ldap.addr" placeholder="例如 ip:389 / 域名:389"></el-input> <el-input v-model="ruleForm.auth.ldap.addr" placeholder="例如 ip:389 / 域名:389"></el-input>
</el-form-item> </el-form-item>
<el-form-item label="开启TLS" prop="auth.ldap.tls"> <el-form :inline="true" label-width="100px" class="ruleForm">
<el-switch v-model="ruleForm.auth.ldap.tls"></el-switch> <el-form-item label="开启TLS" prop="auth.ldap.tls">
</el-form-item> <el-switch v-model="ruleForm.auth.ldap.tls"></el-switch>
</el-form-item>
<el-form-item label="开启OTP" prop="auth.ldap.enable_otp">
<el-switch v-model="ruleForm.auth.ldap.enable_otp"></el-switch>
<el-tooltip content="全局关闭\启用ldap用户otp验证,用户界面可手动管理OTP秘钥." placement="top">
<i class="el-icon-info" style="margin-left: 10px; cursor: pointer; color: #888;"></i>
</el-tooltip>
</el-form-item>
</el-form>
<el-form-item label="管理员 DN" prop="auth.ldap.bind_name" <el-form-item label="管理员 DN" prop="auth.ldap.bind_name"
:rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.bind_name'] : [{ required: false }]"> :rules="this.ruleForm.auth.type == 'ldap' ? this.rules['auth.ldap.bind_name'] : [{ required: false }]">
<el-input v-model="ruleForm.auth.ldap.bind_name" <el-input v-model="ruleForm.auth.ldap.bind_name" placeholder="例如 CN=bindadmin,DC=abc,DC=COM"></el-input>
placeholder="例如 CN=bindadmin,DC=abc,DC=COM"></el-input>
</el-form-item> </el-form-item>
<el-form-item label="管理员密码" prop="auth.ldap.bind_pwd" <el-form-item label="管理员密码" prop="auth.ldap.bind_pwd"
:rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.bind_pwd'] : [{ required: false }]"> :rules="this.ruleForm.auth.type == 'ldap' ? this.rules['auth.ldap.bind_pwd'] : [{ required: false }]">
<el-input type="password" v-model="ruleForm.auth.ldap.bind_pwd" placeholder=""></el-input> <el-input type="password" v-model="ruleForm.auth.ldap.bind_pwd" placeholder=""></el-input>
</el-form-item> </el-form-item>
<el-form-item label="Base DN" prop="auth.ldap.base_dn" <el-form-item label="Base DN" prop="auth.ldap.base_dn"
:rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.base_dn'] : [{ required: false }]"> :rules="this.ruleForm.auth.type == 'ldap' ? this.rules['auth.ldap.base_dn'] : [{ required: false }]">
<el-input v-model="ruleForm.auth.ldap.base_dn" placeholder="例如 DC=abc,DC=com"></el-input> <el-input v-model="ruleForm.auth.ldap.base_dn" placeholder="例如 DC=abc,DC=com"></el-input>
</el-form-item> </el-form-item>
<el-form-item label="用户对象类" prop="auth.ldap.object_class" <el-form-item label="用户对象类" prop="auth.ldap.object_class"
:rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.object_class'] : [{ required: false }]"> :rules="this.ruleForm.auth.type == 'ldap' ? this.rules['auth.ldap.object_class'] : [{ required: false }]">
<el-input v-model="ruleForm.auth.ldap.object_class" <el-input v-model="ruleForm.auth.ldap.object_class"
placeholder="例如 person / user / posixAccount"></el-input> placeholder="例如 person / user / posixAccount"></el-input>
</el-form-item> </el-form-item>
<el-form-item label="用户唯一ID" prop="auth.ldap.search_attr" <el-form-item label="用户唯一ID" prop="auth.ldap.search_attr"
:rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.search_attr'] : [{ required: false }]"> :rules="this.ruleForm.auth.type == 'ldap' ? this.rules['auth.ldap.search_attr'] : [{ required: false }]">
<el-input v-model="ruleForm.auth.ldap.search_attr" <el-input v-model="ruleForm.auth.ldap.search_attr"
placeholder="例如 sAMAccountName / uid / cn"></el-input> placeholder="例如 sAMAccountName / uid / cn"></el-input>
</el-form-item> </el-form-item>
<el-form-item label="受限用户组" prop="auth.ldap.member_of"> <el-form-item label="受限用户组" prop="auth.ldap.member_of">
<el-input v-model="ruleForm.auth.ldap.member_of" <el-input v-model="ruleForm.auth.ldap.member_of"
placeholder="选填, 只允许指定组登入, 例如 CN=HomeWork,DC=abc,DC=com"></el-input> placeholder="选填, 只允许指定组登入, 例如 CN=HomeWork,DC=abc,DC=com"></el-input>
</el-form-item> </el-form-item>
</template> </template>
</el-tab-pane> </el-tab-pane>
@ -347,16 +291,16 @@
<el-col :span="18">输入CIDR格式如: 192.168.1.0/24</el-col> <el-col :span="18">输入CIDR格式如: 192.168.1.0/24</el-col>
<el-col :span="2"> <el-col :span="2">
<el-button size="mini" type="success" icon="el-icon-plus" circle <el-button size="mini" type="success" icon="el-icon-plus" circle
@click.prevent="addDomain(ruleForm.route_include)"></el-button> @click.prevent="addDomain(ruleForm.route_include)"></el-button>
</el-col> </el-col>
<el-col :span="4"> <el-col :span="4">
<el-button size="mini" type="info" icon="el-icon-edit" circle <el-button size="mini" type="info" icon="el-icon-edit" circle
@click.prevent="openIpListDialog('route_include')"></el-button> @click.prevent="openIpListDialog('route_include')"></el-button>
</el-col> </el-col>
</el-row> </el-row>
<templete v-if="activeTab == 'route'"> <templete v-if="activeTab == 'route'">
<el-row v-for="(item,index) in ruleForm.route_include" <el-row v-for="(item, index) in ruleForm.route_include" :key="index" style="margin-bottom: 5px"
:key="index" style="margin-bottom: 5px" :gutter="10"> :gutter="10">
<el-col :span="10"> <el-col :span="10">
<el-input v-model="item.val"></el-input> <el-input v-model="item.val"></el-input>
</el-col> </el-col>
@ -365,7 +309,7 @@
</el-col> </el-col>
<el-col :span="2"> <el-col :span="2">
<el-button size="mini" type="danger" icon="el-icon-minus" circle <el-button size="mini" type="danger" icon="el-icon-minus" circle
@click.prevent="removeDomain(ruleForm.route_include,index)"></el-button> @click.prevent="removeDomain(ruleForm.route_include, index)"></el-button>
</el-col> </el-col>
</el-row> </el-row>
</templete> </templete>
@ -376,16 +320,16 @@
<el-col :span="18">输入CIDR格式如: 192.168.2.0/24</el-col> <el-col :span="18">输入CIDR格式如: 192.168.2.0/24</el-col>
<el-col :span="2"> <el-col :span="2">
<el-button size="mini" type="success" icon="el-icon-plus" circle <el-button size="mini" type="success" icon="el-icon-plus" circle
@click.prevent="addDomain(ruleForm.route_exclude)"></el-button> @click.prevent="addDomain(ruleForm.route_exclude)"></el-button>
</el-col> </el-col>
<el-col :span="4"> <el-col :span="4">
<el-button size="mini" type="info" icon="el-icon-edit" circle <el-button size="mini" type="info" icon="el-icon-edit" circle
@click.prevent="openIpListDialog('route_exclude')"></el-button> @click.prevent="openIpListDialog('route_exclude')"></el-button>
</el-col> </el-col>
</el-row> </el-row>
<templete v-if="activeTab == 'route'"> <templete v-if="activeTab == 'route'">
<el-row v-for="(item,index) in ruleForm.route_exclude" <el-row v-for="(item, index) in ruleForm.route_exclude" :key="index" style="margin-bottom: 5px"
:key="index" style="margin-bottom: 5px" :gutter="10"> :gutter="10">
<el-col :span="10"> <el-col :span="10">
<el-input v-model="item.val"></el-input> <el-input v-model="item.val"></el-input>
</el-col> </el-col>
@ -394,7 +338,7 @@
</el-col> </el-col>
<el-col :span="2"> <el-col :span="2">
<el-button size="mini" type="danger" icon="el-icon-minus" circle <el-button size="mini" type="danger" icon="el-icon-minus" circle
@click.prevent="removeDomain(ruleForm.route_exclude,index)"></el-button> @click.prevent="removeDomain(ruleForm.route_exclude, index)"></el-button>
</el-col> </el-col>
</el-row> </el-row>
</templete> </templete>
@ -409,46 +353,45 @@
</el-col> </el-col>
<el-col :span="2"> <el-col :span="2">
<el-button size="mini" type="success" icon="el-icon-plus" circle <el-button size="mini" type="success" icon="el-icon-plus" circle
@click.prevent="addDomain(ruleForm.link_acl)"></el-button> @click.prevent="addDomain(ruleForm.link_acl)"></el-button>
</el-col> </el-col>
</el-row> </el-row>
<!-- 添加拖拽功能 --> <!-- 添加拖拽功能 -->
<draggable v-model="ruleForm.link_acl" handle=".drag-handle" @end="onEnd"> <draggable v-model="ruleForm.link_acl" handle=".drag-handle" @end="onEnd">
<el-row v-for="(item,index) in ruleForm.link_acl" <el-row v-for="(item, index) in ruleForm.link_acl" :key="index" style="margin-bottom: 5px" :gutter="1">
:key="index" style="margin-bottom: 5px" :gutter="1">
<el-col :span="1" class="drag-handle"> <el-col :span="1" class="drag-handle">
<i class="el-icon-rank"></i> <i class="el-icon-rank"></i>
</el-col> </el-col>
<el-col :span="9"> <el-col :span="9">
<el-input placeholder="请输入CIDR地址" v-model="item.val"> <el-input placeholder="请输入CIDR地址" v-model="item.val">
<el-select v-model="item.action" slot="prepend"> <el-select v-model="item.action" slot="prepend">
<el-option label="允许" value="allow"></el-option> <el-option label="允许" value="allow"></el-option>
<el-option label="禁止" value="deny"></el-option> <el-option label="禁止" value="deny"></el-option>
</el-select> </el-select>
</el-input> </el-input>
</el-col> </el-col>
<el-col :span="3"> <el-col :span="3">
<el-input placeholder="协议" v-model="item.protocol"> <el-input placeholder="协议" v-model="item.protocol"></el-input>
</el-col> </el-col>
<el-col :span="6"> <el-col :span="6">
<!-- type="textarea" :autosize="{ minRows: 1, maxRows: 2}" --> <!-- type="textarea" :autosize="{ minRows: 1, maxRows: 2}" -->
<el-input v-model="item.port" placeholder="多端口,号分隔"></el-input> <el-input v-model="item.port" placeholder="多端口,号分隔"></el-input>
</el-col> </el-col>
<el-col :span="3"> <el-col :span="3">
<el-input v-model="item.note" placeholder="备注"></el-input> <el-input v-model="item.note" placeholder="备注"></el-input>
</el-col> </el-col>
<el-col :span="2"> <el-col :span="2">
<el-button size="mini" type="danger" icon="el-icon-minus" circle <el-button size="mini" type="danger" icon="el-icon-minus" circle
@click.prevent="removeDomain(ruleForm.link_acl,index)"></el-button> @click.prevent="removeDomain(ruleForm.link_acl, index)"></el-button>
</el-col> </el-col>
</el-row> </el-row>
</draggable> </draggable>
</el-form-item> </el-form-item>
@ -457,11 +400,11 @@
<el-tab-pane label="域名拆分隧道" name="ds_domains"> <el-tab-pane label="域名拆分隧道" name="ds_domains">
<el-form-item label="包含域名" prop="ds_include_domains"> <el-form-item label="包含域名" prop="ds_include_domains">
<el-input type="textarea" :rows="5" v-model="ruleForm.ds_include_domains" <el-input type="textarea" :rows="5" v-model="ruleForm.ds_include_domains"
placeholder="输入域名用,号分隔,默认匹配所有子域名, 如baidu.com,163.com"></el-input> placeholder="输入域名用,号分隔,默认匹配所有子域名, 如baidu.com,163.com"></el-input>
</el-form-item> </el-form-item>
<el-form-item label="排除域名" prop="ds_exclude_domains"> <el-form-item label="排除域名" prop="ds_exclude_domains">
<el-input type="textarea" :rows="5" v-model="ruleForm.ds_exclude_domains" <el-input type="textarea" :rows="5" v-model="ruleForm.ds_exclude_domains"
placeholder="输入域名用,号分隔,默认匹配所有子域名, 如baidu.com,163.com"></el-input> placeholder="输入域名用,号分隔,默认匹配所有子域名, 如baidu.com,163.com"></el-input>
<div class="msg-info">域名拆分隧道仅支持AnyConnect的windows和MacOS桌面客户端不支持移动端.</div> <div class="msg-info">域名拆分隧道仅支持AnyConnect的windows和MacOS桌面客户端不支持移动端.</div>
</el-form-item> </el-form-item>
</el-tab-pane> </el-tab-pane>
@ -476,17 +419,12 @@
</el-form> </el-form>
</el-dialog> </el-dialog>
<!--测试用户登录弹出框--> <!--测试用户登录弹出框-->
<el-dialog <el-dialog :close-on-click-modal="false" title="测试用户登录" :visible.sync="authLoginDialog" width="600px"
:close-on-click-modal="false" custom-class="valgin-dialog" center>
title="测试用户登录"
:visible.sync="authLoginDialog"
width="600px"
custom-class="valgin-dialog"
center>
<el-form :model="authLoginForm" :rules="authLoginRules" ref="authLoginForm" label-width="100px"> <el-form :model="authLoginForm" :rules="authLoginRules" ref="authLoginForm" label-width="100px">
<el-form-item label="账号" prop="name"> <el-form-item label="账号" prop="name">
<el-input v-model="authLoginForm.name" ref="authLoginFormName" <el-input v-model="authLoginForm.name" ref="authLoginFormName"
@keydown.enter.native="testAuthLogin"></el-input> @keydown.enter.native="testAuthLogin"></el-input>
</el-form-item> </el-form-item>
<el-form-item label="密码" prop="pwd"> <el-form-item label="密码" prop="pwd">
<el-input type="password" v-model="authLoginForm.pwd" @keydown.enter.native="testAuthLogin"></el-input> <el-input type="password" v-model="authLoginForm.pwd" @keydown.enter.native="testAuthLogin"></el-input>
@ -498,17 +436,12 @@
</el-form> </el-form>
</el-dialog> </el-dialog>
<!--编辑模式弹窗--> <!--编辑模式弹窗-->
<el-dialog <el-dialog :close-on-click-modal="false" title="编辑模式" :visible.sync="ipListDialog" width="650px"
:close-on-click-modal="false" custom-class="valgin-dialog" center>
title="编辑模式"
:visible.sync="ipListDialog"
width="650px"
custom-class="valgin-dialog"
center>
<el-form ref="ipEditForm" label-width="80px"> <el-form ref="ipEditForm" label-width="80px">
<el-form-item label="路由表" prop="ip_list"> <el-form-item label="路由表" prop="ip_list">
<el-input type="textarea" :rows="10" v-model="ipEditForm.ip_list" <el-input type="textarea" :rows="10" v-model="ipEditForm.ip_list"
placeholder="每行一条路由192.168.1.0/24,备注 或 192.168.1.0/24"></el-input> placeholder="每行一条路由192.168.1.0/24,备注 或 192.168.1.0/24"></el-input>
<div class="msg-info">当前共 <div class="msg-info">当前共
{{ ipEditForm.ip_list.trim() === '' ? 0 : ipEditForm.ip_list.trim().split("\n").length }} {{ ipEditForm.ip_list.trim() === '' ? 0 : ipEditForm.ip_list.trim().split("\n").length }}
AnyConnect客户端最多支持{{ this.maxRouteRows }}条路由 AnyConnect客户端最多支持{{ this.maxRouteRows }}条路由
@ -529,7 +462,7 @@ import draggable from 'vuedraggable'
export default { export default {
name: "List", name: "List",
components: {draggable}, components: { draggable },
mixins: [], mixins: [],
created() { created() {
this.$emit('update:route_path', this.$route.path) this.$emit('update:route_path', this.$route.path)
@ -550,7 +483,7 @@ export default {
maxRouteRows: 2500, maxRouteRows: 2500,
defAuth: { defAuth: {
type: 'local', type: 'local',
radius: {addr: "", secret: "", nasip: ""}, radius: { addr: "", secret: "", nasip: "" },
ldap: { ldap: {
addr: "", addr: "",
tls: false, tls: false,
@ -567,9 +500,9 @@ export default {
bandwidth_format: '0', bandwidth_format: '0',
status: 1, status: 1,
allow_lan: true, allow_lan: true,
client_dns: [{val: '114.114.114.114', note: '默认dns'}], client_dns: [{ val: '114.114.114.114', note: '默认dns' }],
split_dns: [], split_dns: [],
route_include: [{val: 'all', note: '默认全局代理'}], route_include: [{ val: 'all', note: '默认全局代理' }],
route_exclude: [], route_exclude: [],
link_acl: [], link_acl: [],
auth: {}, auth: {},
@ -588,55 +521,55 @@ export default {
ipEditLoading: false, ipEditLoading: false,
authLoginRules: { authLoginRules: {
name: [ name: [
{required: true, message: '请输入账号', trigger: 'blur'}, { required: true, message: '请输入账号', trigger: 'blur' },
], ],
pwd: [ pwd: [
{required: true, message: '请输入密码', trigger: 'blur'}, { required: true, message: '请输入密码', trigger: 'blur' },
{min: 6, message: '长度至少 6 个字符', trigger: 'blur'} { min: 6, message: '长度至少 6 个字符', trigger: 'blur' }
], ],
}, },
rules: { rules: {
name: [ name: [
{required: true, message: '请输入组名', trigger: 'blur'}, { required: true, message: '请输入组名', trigger: 'blur' },
{max: 30, message: '长度小于 30 个字符', trigger: 'blur'} { max: 30, message: '长度小于 30 个字符', trigger: 'blur' }
], ],
bandwidth_format: [ bandwidth_format: [
{required: true, message: '请输入带宽限制', trigger: 'blur'}, { required: true, message: '请输入带宽限制', trigger: 'blur' },
{type: 'string', message: '带宽限制必须为数字值'} { type: 'string', message: '带宽限制必须为数字值' }
], ],
status: [ status: [
{required: true} { required: true }
], ],
"auth.radius.addr": [ "auth.radius.addr": [
{required: true, message: '请输入Radius服务器', trigger: 'blur'} { required: true, message: '请输入Radius服务器', trigger: 'blur' }
], ],
"auth.radius.secret": [ "auth.radius.secret": [
{required: true, message: '请输入Radius密钥', trigger: 'blur'} { required: true, message: '请输入Radius密钥', trigger: 'blur' }
], ],
"auth.ldap.addr": [ "auth.ldap.addr": [
{required: true, message: '请输入服务器地址(含端口)', trigger: 'blur'} { required: true, message: '请输入服务器地址(含端口)', trigger: 'blur' }
], ],
"auth.ldap.bind_name": [ "auth.ldap.bind_name": [
{required: true, message: '请输入管理员 DN', trigger: 'blur'} { required: true, message: '请输入管理员 DN', trigger: 'blur' }
], ],
"auth.ldap.bind_pwd": [ "auth.ldap.bind_pwd": [
{required: true, message: '请输入管理员密码', trigger: 'blur'} { required: true, message: '请输入管理员密码', trigger: 'blur' }
], ],
"auth.ldap.base_dn": [ "auth.ldap.base_dn": [
{required: true, message: '请输入Base DN值', trigger: 'blur'} { required: true, message: '请输入Base DN值', trigger: 'blur' }
], ],
"auth.ldap.object_class": [ "auth.ldap.object_class": [
{required: true, message: '请输入用户对象类', trigger: 'blur'} { required: true, message: '请输入用户对象类', trigger: 'blur' }
], ],
"auth.ldap.search_attr": [ "auth.ldap.search_attr": [
{required: true, message: '请输入用户唯一ID', trigger: 'blur'} { required: true, message: '请输入用户唯一ID', trigger: 'blur' }
], ],
}, },
} }
}, },
methods: { methods: {
onEnd: function() { onEnd: function () {
window.console.log("onEnd", this.ruleForm.link_acl); window.console.log("onEnd", this.ruleForm.link_acl);
}, },
setAuthData(row) { setAuthData(row) {
if (!row) { if (!row) {
@ -716,7 +649,7 @@ export default {
}, },
addDomain(arr) { addDomain(arr) {
console.log("arr", arr) console.log("arr", arr)
arr.push({protocol:"all", val: "", action: "allow", port: "0", note: ""}); arr.push({ protocol: "all", val: "", action: "allow", port: "0", note: "" });
}, },
submitForm(formName) { submitForm(formName) {
this.$refs[formName].validate((valid) => { this.$refs[formName].validate((valid) => {
@ -804,7 +737,7 @@ export default {
} }
let note = ip[1] ? ip[1] : ""; let note = ip[1] ? ip[1] : "";
const pushToArr = () => { const pushToArr = () => {
arr.push({val: ip[0], note: note}); arr.push({ val: ip[0], note: note });
}; };
if (this.ipEditForm.type == "route_include" && ip[0] == "all") { if (this.ipEditForm.type == "route_include" && ip[0] == "all") {
pushToArr(); pushToArr();
@ -825,7 +758,7 @@ export default {
isValidCIDR(input) { isValidCIDR(input) {
const cidrRegex = /^((25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(25[0-5]|2[0-4]\d|[01]?\d\d?)\/([12]?\d|3[0-2])$/; const cidrRegex = /^((25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(25[0-5]|2[0-4]\d|[01]?\d\d?)\/([12]?\d|3[0-2])$/;
if (!cidrRegex.test(input)) { if (!cidrRegex.test(input)) {
return {valid: false, suggestion: null}; return { valid: false, suggestion: null };
} }
const [ip, mask] = input.split('/'); const [ip, mask] = input.split('/');
const maskNum = parseInt(mask); const maskNum = parseInt(mask);
@ -840,10 +773,10 @@ export default {
networkIPParts.push(parseInt(octet, 2)); networkIPParts.push(parseInt(octet, 2));
} }
const suggestedIP = networkIPParts.join('.'); const suggestedIP = networkIPParts.join('.');
return {valid: false, suggestion: `${suggestedIP}/${mask}`}; return { valid: false, suggestion: `${suggestedIP}/${mask}` };
} }
} }
return {valid: true, suggestion: null}; return { valid: true, suggestion: null };
}, },
resetForm(formName) { resetForm(formName) {
this.$refs[formName].resetFields(); this.$refs[formName].resetFields();
@ -927,5 +860,4 @@ export default {
.drag-handle { .drag-handle {
cursor: move; cursor: move;
} }
</style> </style>

25
web/src/pages/user/List.vue
View File

@ -39,6 +39,9 @@
<el-table-column sortable="true" prop="id" label="ID" width="60"> <el-table-column sortable="true" prop="id" label="ID" width="60">
</el-table-column> </el-table-column>
<el-table-column prop="type" label="类型" width="60">
</el-table-column>
<el-table-column prop="username" label="用户名" width="150"> <el-table-column prop="username" label="用户名" width="150">
</el-table-column> </el-table-column>
@ -118,37 +121,40 @@
<el-form-item label="用户ID" prop="id"> <el-form-item label="用户ID" prop="id">
<el-input v-model="ruleForm.id" disabled></el-input> <el-input v-model="ruleForm.id" disabled></el-input>
</el-form-item> </el-form-item>
<el-form-item label="类型" prop="type">
<el-input v-model="ruleForm.type" disabled></el-input>
</el-form-item>
<el-form-item label="用户名" prop="username"> <el-form-item label="用户名" prop="username">
<el-input v-model="ruleForm.username" :disabled="ruleForm.id > 0"></el-input> <el-input v-model="ruleForm.username" :disabled="ruleForm.id > 0"></el-input>
</el-form-item> </el-form-item>
<el-form-item label="姓名" prop="nickname"> <el-form-item label="姓名" prop="nickname">
<el-input v-model="ruleForm.nickname"></el-input> <el-input v-model="ruleForm.nickname" :disabled="ruleForm.type === 'ldap'"></el-input>
</el-form-item> </el-form-item>
<el-form-item label="邮箱" prop="email"> <el-form-item label="邮箱" prop="email">
<el-input v-model="ruleForm.email"></el-input> <el-input v-model="ruleForm.email" :disabled="false"></el-input>
</el-form-item> </el-form-item>
<el-form-item label="PIN码" prop="pin_code"> <el-form-item label="PIN码" prop="pin_code">
<el-input v-model="ruleForm.pin_code" placeholder="不填由系统自动生成"></el-input> <el-input v-model="ruleForm.pin_code" :disabled="ruleForm.type === 'ldap'" placeholder="不填由系统自动生成"></el-input>
</el-form-item> </el-form-item>
<el-form-item label="过期时间" prop="limittime"> <el-form-item label="过期时间" prop="limittime">
<el-date-picker v-model="ruleForm.limittime" type="date" size="small" align="center" style="width:130px" <el-date-picker v-model="ruleForm.limittime" type="date" size="small" align="center" style="width:130px"
:picker-options="pickerOptions" placeholder="选择日期"> :picker-options="pickerOptions" placeholder="选择日期" :disabled="ruleForm.type === 'ldap'"></el-date-picker>
</el-date-picker>
</el-form-item> </el-form-item>
<el-form-item label="禁用OTP" prop="disable_otp"> <el-form-item label="禁用OTP" prop="disable_otp">
<el-switch v-model="ruleForm.disable_otp" active-text="开启OTP后用户密码为PIN码,OTP密码为扫码后生成的动态码"> <el-switch v-model="ruleForm.disable_otp" active-text="开启OTP后用户密码为PIN码,OTP密码为扫码后生成的动态码"
:disabled="ruleForm.type === 'ldap'">
</el-switch> </el-switch>
</el-form-item> </el-form-item>
<el-form-item label="OTP密钥" prop="otp_secret" v-if="!ruleForm.disable_otp"> <el-form-item label="OTP密钥" prop="otp_secret" v-if="!ruleForm.disable_otp && ruleForm.type === 'ldap'">
<el-input v-model="ruleForm.otp_secret" placeholder="不填由系统自动生成"></el-input> <el-input v-model="ruleForm.otp_secret" placeholder="不填由系统自动生成"></el-input>
</el-form-item> </el-form-item>
<el-form-item label="用户组" prop="groups"> <el-form-item label="用户组" prop="groups">
<el-checkbox-group v-model="ruleForm.groups"> <el-checkbox-group v-model="ruleForm.groups" :disabled="ruleForm.type === 'ldap'">
<el-checkbox v-for="(item) in grouNames" :key="item" :label="item" :name="item"></el-checkbox> <el-checkbox v-for="(item) in grouNames" :key="item" :label="item" :name="item"></el-checkbox>
</el-checkbox-group> </el-checkbox-group>
</el-form-item> </el-form-item>
@ -159,7 +165,7 @@
</el-form-item> </el-form-item>
<el-form-item label="状态" prop="status"> <el-form-item label="状态" prop="status">
<el-radio-group v-model="ruleForm.status"> <el-radio-group v-model="ruleForm.status" :disabled="ruleForm.type === 'ldap'">
<el-radio :label="1" border>启用</el-radio> <el-radio :label="1" border>启用</el-radio>
<el-radio :label="0" border>停用</el-radio> <el-radio :label="0" border>停用</el-radio>
<el-radio :label="2" border>过期</el-radio> <el-radio :label="2" border>过期</el-radio>
@ -208,6 +214,7 @@ export default {
searchData: '', searchData: '',
otpImgData: { visible: false, username: '', nickname: '', base64Img: '' }, otpImgData: { visible: false, username: '', nickname: '', base64Img: '' },
ruleForm: { ruleForm: {
type: `local`,
send_email: true, send_email: true,
status: 1, status: 1,
groups: [], groups: [],