7x31/anylink
1
0
Fork 0
mirror of https://github.com/bjdgyc/anylink.git synced 2025-09-28 16:15:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: 7x31:v0.11.3
Branches Tags
7x31:main
7x31:v0.13.1 7x31:v0.12.2 7x31:v0.12.1 7x31:v0.11.4 7x31:v0.11.3 7x31:v0.11.2 7x31:v0.11.1 7x31:v0.10.1 7x31:v0.9.4 7x31:v0.9.3 7x31:v0.9.2-beta2 7x31:v0.9.2-beta1 7x31:v0.9.1-beta1 7x31:v0.8.1 7x31:v0.7.4 7x31:v0.7.3 7x31:v0.7.2 7x31:v0.7.1 7x31:v0.6.2 7x31:v0.6.1 7x31:v0.5.1 7x31:v0.4.2 7x31:v0.4.1 7x31:v0.3.3 7x31:v0.3.1 7x31:v0.2.1 7x31:v0.1.8 7x31:v0.1.7 7x31:v0.1.6 7x31:v0.1.0 7x31:v0.0.8 7x31:v0.0.6
..
compare: 7x31:v0.12.1
Branches Tags
7x31:main
7x31:v0.13.1 7x31:v0.12.2 7x31:v0.12.1 7x31:v0.11.4 7x31:v0.11.3 7x31:v0.11.2 7x31:v0.11.1 7x31:v0.10.1 7x31:v0.9.4 7x31:v0.9.3 7x31:v0.9.2-beta2 7x31:v0.9.2-beta1 7x31:v0.9.1-beta1 7x31:v0.8.1 7x31:v0.7.4 7x31:v0.7.3 7x31:v0.7.2 7x31:v0.7.1 7x31:v0.6.2 7x31:v0.6.1 7x31:v0.5.1 7x31:v0.4.2 7x31:v0.4.1 7x31:v0.3.3 7x31:v0.3.1 7x31:v0.2.1 7x31:v0.1.8 7x31:v0.1.7 7x31:v0.1.6 7x31:v0.1.0 7x31:v0.0.8 7x31:v0.0.6

32 Commits
v0.11.3 ... v0.12.1

Author SHA1 Message Date
bjdgyc
9d926edabb 内网域名 2024-04-25 10:18:40 +08:00
bjdgyc
7329603c47 Merge pull request #314 from bjdgyc/dev 
支持分割DNS功能
 2024-04-24 17:56:18 +08:00
bjdgyc
a7c6791c1e 支持分割DNS功能 2024-04-24 17:39:50 +08:00
bjdgyc
96c95bb6cd 更新版本 2024-04-24 15:27:53 +08:00
bjdgyc
6d3dab6798 Client-Bypass 2024-04-23 16:59:52 +08:00
bjdgyc
b313c6fa00 Client-Bypass 2024-04-23 16:59:14 +08:00
bjdgyc
75b138a7a8 Client-Bypass 2024-04-23 16:56:40 +08:00
bjdgyc
641d6127ba 修复acl样式 2024-04-22 17:41:18 +08:00
bjdgyc
2828d1038d Merge pull request #313 from bjdgyc/dev 
修复acl表结构
 2024-04-22 17:04:37 +08:00
bjdgyc
cb902a6b9b 修复acl表结构 2024-04-22 16:47:06 +08:00
bjdgyc
1b066ef602 Merge pull request #312 from bjdgyc/dev 
支持 私有自签证书
 2024-04-22 14:42:06 +08:00
bjdgyc
5e804a3483 支持 私有自签证书 2024-04-22 14:40:03 +08:00
bjdgyc
6e0c0efa85 Merge pull request #310 from imhun/main 
acl支持逗号分隔多端口号配置
 2024-04-11 11:40:39 +08:00
imhun
8f196cb4e2 Merge branch 'main' of https://github.com/imhun/anylink 2024-04-09 11:25:34 +08:00
imhun
9182ccfba2 兼容历史单端口配置 2024-04-09 11:23:13 +08:00
huweishan
39d89b8c84 兼容历史单端口配置 2024-04-09 10:33:30 +08:00
huweishan
24e30509e4 兼容历史单端口配置 2024-04-09 10:29:54 +08:00
huweishan
4f56ea49c3 ports保存为map 
兼容老的配置数据
 2024-04-08 19:34:11 +08:00
huweishan
e55b2b6f0a 支持连续端口 2024-04-08 16:16:45 +08:00
huweishan
15573a6ef3 支持连续端口,比如1234-5678 2024-04-08 16:13:52 +08:00
huweishan
38b8f0b2aa ports初始化 2024-04-08 15:12:47 +08:00
huweishan
8df34428dd acl支持逗号分隔多端口号配置 2024-04-08 14:54:09 +08:00
bjdgyc
26483533a9 修复 关闭otp时,发送邮件附件的问题 2024-03-29 10:04:15 +08:00
bjdgyc
380a8cb3fb 添加文档 2024-03-27 15:11:36 +08:00
bjdgyc
fa5ced4660 Merge pull request #308 from bjdgyc/dev 
Dev
 2024-03-26 16:28:49 +08:00
bjdgyc
bac497475f 全局 开启服务器转发 2024-03-26 11:39:12 +08:00
bjdgyc
f43b413ed4 配置优化 2024-03-25 11:14:00 +08:00
bjdgyc
356e135ea1 配置优化 2024-03-24 17:59:41 +08:00
bjdgyc
e5c6533c9b 修复邮箱图片显示逻辑,兼容 google gmail 2024-03-22 16:45:11 +08:00
bjdgyc
8d92cac37d Merge pull request #306 from bjdgyc/dev 
Dev
 2024-03-21 18:19:52 +08:00
bjdgyc
eb7401f6e5 添加自定义首页 状态码 2024-03-21 18:13:37 +08:00
bjdgyc
8777501391 添加自定义首页 状态码 2024-03-21 18:09:47 +08:00
29 changed files with 1061 additions and 617 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -2,6 +2,7 @@
.idea/ .idea/
anylink-deploy anylink-deploy
anylink-deploy.tar.gz anylink-deploy.tar.gz
anylink-deploy-*
anylink anylink
anylink.db anylink.db

18
README.md
View File

@@ -23,10 +23,10 @@ AnyLink 是一个企业级远程办公 sslvpn 的软件,可以支持多人同
AnyLink 基于 [ietf-openconnect](https://tools.ietf.org/html/draft-mavrogiannopoulos-openconnect-02) AnyLink 基于 [ietf-openconnect](https://tools.ietf.org/html/draft-mavrogiannopoulos-openconnect-02)
协议开发,并且借鉴了 [ocserv](http://ocserv.gitlab.io/www/index.html) 的开发思路,使其可以同时兼容 AnyConnect 客户端。 协议开发,并且借鉴了 [ocserv](http://ocserv.gitlab.io/www/index.html) 的开发思路,使其可以同时兼容 AnyConnect 客户端。
AnyLink 使用 TLS/DTLS 进行数据加密,因此需要 RSA 或 ECC 证书,可以通过 Let's Encrypt 和 TrustAsia 申请免费的 SSL 证书。 AnyLink 使用 TLS/DTLS 进行数据加密,因此需要 RSA 或 ECC 证书,可以使用私有自签证书,可以通过 Let's Encrypt 和 TrustAsia 申请免费的 SSL 证书。
AnyLink 服务端仅在 CentOS 7、CentOS 8、Ubuntu 18.04、Ubuntu 20.04 测试通过,如需要安装在其他系统,需要服务端支持 tun/tap AnyLink 服务端仅在 CentOS 7、CentOS 8、Ubuntu 18.04、Ubuntu 20.04 测试通过,如需要安装在其他系统,需要服务端支持 tun/tap
功能、ip 设置命令。 功能、ip 设置命令、iptables命令
## Screenshot ## Screenshot
@@ -60,9 +60,9 @@ AnyLink 服务端仅在 CentOS 7、CentOS 8、Ubuntu 18.04、Ubuntu 20.04 测试
### 使用问题 ### 使用问题
> 对于测试环境,可以使用 vpn.test.vqilu.cn 绑定host进行测试 > 对于测试环境,可以直接进行测试,需要客户端取消勾选【阻止不受信任的服务器(Block connections to untrusted servers)】
> >
> 对于线上环境,必须申请安全的https证书(跟nginx使用的证书类型一致),不支持私有证书连接 > 对于线上环境,尽量申请安全的https证书(跟nginx使用的pem证书类型一致)
> >
> 群共享文件有相关客户端软件下载,其他版本没有测试过,不保证使用正常 > 群共享文件有相关客户端软件下载,其他版本没有测试过,不保证使用正常
> >
@@ -74,18 +74,22 @@ AnyLink 服务端仅在 CentOS 7、CentOS 8、Ubuntu 18.04、Ubuntu 20.04 测试
### 自行编译安装 ### 自行编译安装
> 需要提前安装好 golang >= 1.20 和 nodejs = 16.x 和 yarn >= v1.22.x > 需要提前安装好 docker
```shell ```shell
git clone https://github.com/bjdgyc/anylink.git git clone https://github.com/bjdgyc/anylink.git
# 编译参考软件版本 # docker编译 参考软件版本(不需要安装)
# go 1.20.12 # go 1.20.12
# node v16.20.2 # node v16.20.2
# yarn 1.22.19 # yarn 1.22.19
cd anylink cd anylink
# 编译前端
bash build_web.sh
# 编译 anylink-deploy 发布文件
bash build.sh bash build.sh
# 注意使用root权限运行 # 注意使用root权限运行
@@ -129,6 +133,7 @@ sudo ./anylink
- [x] 流量压缩功能 - [x] 流量压缩功能
- [x] 出口 IP 自动放行 - [x] 出口 IP 自动放行
- [x] 支持多服务的配置区分 - [x] 支持多服务的配置区分
- [x] 支持私有自签证书
- [ ] 基于 ipvtap 设备的桥接访问模式 - [ ] 基于 ipvtap 设备的桥接访问模式
## Config ## Config
@@ -432,6 +437,7 @@ ipv4_end = "10.1.2.200"
- [三方文档-男孩的天职](https://note.youdao.com/s/X4AxyWfL) - [三方文档-男孩的天职](https://note.youdao.com/s/X4AxyWfL)
- [三方文档-issues](https://github.com/bjdgyc/anylink/issues) - [三方文档-issues](https://github.com/bjdgyc/anylink/issues)
- [三方文档-思有云](https://www.ioiox.com/archives/128.html) - [三方文档-思有云](https://www.ioiox.com/archives/128.html)
- [三方文档-啵品](https://yangpin.link/archives/1633.html)
## Support Client ## Support Client

19
build.sh
View File

@@ -7,15 +7,22 @@ ver=$(cat version)
echo $ver echo $ver
#前端编译 仅需要执行一次 #前端编译 仅需要执行一次
bash ./build_web.sh #bash ./build_web.sh
cd $cpath/server bash build_docker.sh
go build -v -o anylink deploy="anylink-deploy-$ver"
docker container rm $deploy
./anylink -v docker container create --name $deploy bjdgyc/anylink:$ver
rm -rf anylink-deploy anylink-deploy.tar.gz
docker cp -a $deploy:/app ./anylink-deploy
tar zcf ${deploy}.tar.gz anylink-deploy
echo "anylink 编译完成,目录: $cpath/server/anylink" ./anylink-deploy/anylink -v
echo "anylink 编译完成,目录: anylink-deploy"
ls -lh anylink-deploy

5
build_docker.sh
View File

@@ -11,8 +11,9 @@ echo $ver
#bash ./build_web.sh #bash ./build_web.sh
# docker buildx build --platform linux/amd64,linux/arm64,linux/arm/v7 本地不生成镜像 # docker buildx build --platform linux/amd64,linux/arm64,linux/arm/v7 本地不生成镜像
docker build -t bjdgyc/anylink:latest --no-cache --progress=plain --platform linux/amd64 \ docker build -t bjdgyc/anylink:latest --no-cache --progress=plain \
--build-arg CN="yes" --build-arg appVer=$ver --build-arg commitId=$(git rev-parse HEAD) -f docker/Dockerfile . --build-arg CN="yes" --build-arg appVer=$ver --build-arg commitId=$(git rev-parse HEAD) \
-f docker/Dockerfile .
echo "docker tag latest $ver" echo "docker tag latest $ver"
docker tag bjdgyc/anylink:latest bjdgyc/anylink:$ver docker tag bjdgyc/anylink:latest bjdgyc/anylink:$ver

4
build_web.sh
View File

@@ -1,7 +1,9 @@
#!/bin/bash #!/bin/bash
rm -rf web/ui server/ui
docker run -it --rm -v $PWD/web:/app -w /app node:16-alpine \ docker run -it --rm -v $PWD/web:/app -w /app node:16-alpine \
sh -c "yarn install --registry=https://registry.npmmirror.com && yarn run build" sh -c "yarn install --registry=https://registry.npmmirror.com && yarn run build"
rm -rf server/ui
cp -r web/ui server/ui cp -r web/ui server/ui

4
doc/question.md
View File

@@ -10,6 +10,10 @@
> 请使用手机安装 freeotp 然后扫描otp二维码生成的数字即是动态码 > 请使用手机安装 freeotp 然后扫描otp二维码生成的数字即是动态码
### 用户策略问题
> 只要有用户策略,组策略就不生效,相当于覆盖了组策略的配置
### 远程桌面连接 ### 远程桌面连接
> 本软件已经支持远程桌面里面连接anyconnect。 > 本软件已经支持远程桌面里面连接anyconnect。

165
index_template/自定义首页2.html Normal file
View File

@@ -0,0 +1,165 @@
<!DOCTYPE html>
<html lang="zh-CN">
<head>
<meta charset=UTF-8">
<title id="pageTitle">客户端下载</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<style type="text/css">
body {
background-color: #fff;
background-image: linear-gradient(0deg, transparent 24%, rgba(207, 207, 207, 0.2) 25%, rgba(207, 207, 207, 0.2) 26%, transparent 27%, transparent 74%, rgba(207, 207, 207, 0.2) 75%, rgba(207, 207, 207, 0.2) 76%, transparent 77%, transparent),
linear-gradient(90deg, transparent 24%, rgba(207, 207, 207, 0.2) 25%, rgba(207, 207, 207, 0.2) 26%, transparent 27%, transparent 74%, rgba(207, 207, 207, 0.2) 75%, rgba(207, 207, 207, 0.2) 76%, transparent 77%, transparent);
background-size: 50px 50px;
margin: 0;
padding: 0;
display: flex;
justify-content: center;
align-items: center;
height: 100vh;
}
#box {
background-color: #ffffff;
box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);
position: relative;
padding: 20px;
border-radius: 8px;
max-width: 550px;
width: 100%;
box-sizing: border-box;
}
h2 {
color: #333;
font-weight: 600;
font-size: 28px;
margin: 0 0 20px 0;
}
p {
color: #666;
font-size: 16px;
line-height: 1.6;
margin-top: 20px;
}
.button {
background-color: #ddd;
text-decoration: none;
line-height: 44px;
padding: 9px 42px;
font-weight: 500;
color: #fff;
font-size: 16px;
-webkit-transition: background-color 0.25s ease-out 0s;
-moz-transition: background-color 0.25s ease-out 0s;
transition: background-color 0.25s ease-out 0s;
-moz-border-radius: 4px;
-webkit-border-radius: 4px;
border-radius: 4px;
}
.button:hover {
background-color: #CCC;
color: #444;
}
.button:active {
background-color: #666;
color: #eee;
}
.blue {
background-color: #007BFF;
}
.deep-blue {
background-color: #0056B3;
}
.green {
background-color: #28A745;
}
.grey {
background-color: #6C757D;
}
.black {
background-color: #343A40;
}
.light-blue {
background-color: #17A2B8;
}
.dark-grey {
background-color: #495057;
}
@media (max-width: 768px) {
h2 {
font-size: 24px;
}
p {
font-size: 14px;
}
.button {
padding: 7px 35px;
}
}
</style>
</head>
<body>
<div id="app">
<div id="box">
<h2 id="title">请选择对应平台下载</h2>
<p id="windowsTab">Windows 系统</p>
<a id="linkWindowsX86_64" class="button blue" href="#">Win X86_64</a>
<a id="linkWindowsARM64" class="button deep-blue" href="#">Win ARM64</a>
<p id="mobileTab">移动端</p>
<a id="linkAndroid" class="button green" href="#">Android</a>
<a id="linkIphone" class="button grey" href="#" target="_blank">iPhone</a>
<p id="macOSTab">MacOS 系统</p>
<a id="linkMacos" class="button black" href="#">Mac Intel</a>
<a id="linkMacosARM64" class="button blue" href="#">Mac ARM64</a>
<p id="totpTab">TOTP 移动客户端</p>
<a id="linkTotpAndroid" class="button light-blue" href="#">Android</a>
<a id="linkTotpIphone" class="button dark-grey" href="#" target="_blank">iPhone</a>
</div>
</div>
<script>
const data = {
links: {
windowsX86_64: '/files/anyconnect-win-4.10.05111.msi',
windowsARM64: '/files/anyconnect-win-4.10.05111.msi',
android: '/files/CiscoSecureClientAnyConnect_v5.0.00247.apk',
iphone: 'https://apps.apple.com/cn/app/cisco-anyconnect/id1135064690',
macosIntel: '/files/anyconnect-macos-4.10.05111.dmg',
macosARM64: '/files/anyconnect-macos-4.10.05111.dmg',
totpAndroid: '/files/Authenticator_v5.10_apkpure.com.apk',
totpIphone: 'https://apps.apple.com/cn/app/google-authenticator/id388497605',
}
};
window.onload = function () {
document.getElementById('linkWindowsX86_64').href = data.links.windowsX86_64;
document.getElementById('linkWindowsARM64').href = data.links.windowsARM64;
document.getElementById('linkAndroid').href = data.links.android;
document.getElementById('linkIphone').href = data.links.iphone;
document.getElementById('linkMacos').href = data.links.macosIntel;
document.getElementById('linkMacosARM64').href = data.links.macosARM64;
document.getElementById('linkTotpAndroid').href = data.links.totpAndroid;
document.getElementById('linkTotpIphone').href = data.links.totpIphone;
};
</script>
</body>
</html>

4
server/admin/api_group.go
View File

@@ -75,6 +75,10 @@ func GroupDetail(w http.ResponseWriter, r *http.Request) {
if len(data.Auth) == 0 { if len(data.Auth) == 0 {
data.Auth["type"] = "local" data.Auth["type"] = "local"
} }
// 兼容旧数据
if data.SplitDns == nil {
data.SplitDns = []dbdata.ValData{}
}
RespSucess(w, data) RespSucess(w, data)
} }

19
server/admin/api_user.go
View File

@@ -17,6 +17,7 @@ import (
"github.com/bjdgyc/anylink/dbdata" "github.com/bjdgyc/anylink/dbdata"
"github.com/bjdgyc/anylink/sessdata" "github.com/bjdgyc/anylink/sessdata"
"github.com/skip2/go-qrcode" "github.com/skip2/go-qrcode"
mail "github.com/xhit/go-simple-mail/v2"
) )
func UserList(w http.ResponseWriter, r *http.Request) { func UserList(w http.ResponseWriter, r *http.Request) {
@@ -213,6 +214,7 @@ type userAccountMailData struct {
PinCode string PinCode string
OtpImg string OtpImg string
OtpImgBase64 string OtpImgBase64 string
DisableOtp bool
} }
func userAccountMail(user *dbdata.User) error { func userAccountMail(user *dbdata.User) error {
@@ -264,6 +266,7 @@ func userAccountMail(user *dbdata.User) error {
PinCode: user.PinCode, PinCode: user.PinCode,
OtpImg: fmt.Sprintf("https://%s/otp_qr?id=%d&jwt=%s", setting.LinkAddr, user.Id, tokenString), OtpImg: fmt.Sprintf("https://%s/otp_qr?id=%d&jwt=%s", setting.LinkAddr, user.Id, tokenString),
OtpImgBase64: "data:image/png;base64," + otpData, OtpImgBase64: "data:image/png;base64," + otpData,
DisableOtp: user.DisableOtp,
} }
w := bytes.NewBufferString("") w := bytes.NewBufferString("")
t, _ := template.New("auth_complete").Parse(htmlBody) t, _ := template.New("auth_complete").Parse(htmlBody)
@@ -272,5 +275,19 @@ func userAccountMail(user *dbdata.User) error {
return err return err
} }
// fmt.Println(w.String()) // fmt.Println(w.String())
return SendMail(base.Cfg.Issuer+"平台通知", user.Email, w.String())
var attach *mail.File
if user.DisableOtp {
attach = nil
} else {
imgData, _ := userOtpQr(user.Id, false)
attach = &mail.File{
MimeType: "image/png",
Name: "userOtpQr.png",
Data: []byte(imgData),
Inline: true,
}
}
return SendMail(base.Cfg.Issuer, user.Email, w.String(), attach)
} }

6
server/admin/common.go
View File

@@ -43,7 +43,7 @@ func GetJwtData(jwtToken string) (map[string]interface{}, error) {
return claims, nil return claims, nil
} }
func SendMail(subject, to, htmlBody string) error { func SendMail(subject, to, htmlBody string, attach *mail.File) error {
dataSmtp := &dbdata.SettingSmtp{} dataSmtp := &dbdata.SettingSmtp{}
err := dbdata.SettingGet(dataSmtp) err := dbdata.SettingGet(dataSmtp)
@@ -102,6 +102,10 @@ func SendMail(subject, to, htmlBody string) error {
AddTo(to). AddTo(to).
SetSubject(subject) SetSubject(subject)
if attach != nil {
email.Attach(attach)
}
email.SetBody(mail.TextHTML, htmlBody) email.SetBody(mail.TextHTML, htmlBody)
// Call Send and pass the client // Call Send and pass the client

6
server/admin/server.go
View File

@@ -111,12 +111,6 @@ func StartAdmin() {
selectedCipherSuites = append(selectedCipherSuites, s.ID) selectedCipherSuites = append(selectedCipherSuites, s.ID)
} }
if tlscert, _, err := dbdata.ParseCert(); err != nil {
base.Fatal("证书加载失败", err)
} else {
dbdata.LoadCertificate(tlscert)
}
// 设置tls信息 // 设置tls信息
tlsConfig := &tls.Config{ tlsConfig := &tls.Config{
NextProtos: []string{"http/1.1"}, NextProtos: []string{"http/1.1"},

4
server/base/config.go
View File

@@ -55,9 +55,9 @@ var configs = []config{
{Typ: cfgInt, Name: "max_client", Usage: "最大用户连接", ValInt: 200}, {Typ: cfgInt, Name: "max_client", Usage: "最大用户连接", ValInt: 200},
{Typ: cfgInt, Name: "max_user_client", Usage: "最大单用户连接", ValInt: 3}, {Typ: cfgInt, Name: "max_user_client", Usage: "最大单用户连接", ValInt: 3},
{Typ: cfgInt, Name: "cstp_keepalive", Usage: "keepalive时间(秒)", ValInt: 3}, {Typ: cfgInt, Name: "cstp_keepalive", Usage: "keepalive时间(秒)", ValInt: 3},
{Typ: cfgInt, Name: "cstp_dpd", Usage: "死链接检测时间(秒)", ValInt: 10}, {Typ: cfgInt, Name: "cstp_dpd", Usage: "死链接检测时间(秒)", ValInt: 20},
{Typ: cfgInt, Name: "mobile_keepalive", Usage: "移动端keepalive接检测时间(秒)", ValInt: 4}, {Typ: cfgInt, Name: "mobile_keepalive", Usage: "移动端keepalive接检测时间(秒)", ValInt: 4},
{Typ: cfgInt, Name: "mobile_dpd", Usage: "移动端死链接检测时间(秒)", ValInt: 15}, {Typ: cfgInt, Name: "mobile_dpd", Usage: "移动端死链接检测时间(秒)", ValInt: 60},
{Typ: cfgInt, Name: "mtu", Usage: "最大传输单元MTU", ValInt: 1460}, {Typ: cfgInt, Name: "mtu", Usage: "最大传输单元MTU", ValInt: 1460},
{Typ: cfgInt, Name: "idle_timeout", Usage: "空闲链接超时时间(秒)-超时后断开链接0关闭此功能", ValInt: 0}, {Typ: cfgInt, Name: "idle_timeout", Usage: "空闲链接超时时间(秒)-超时后断开链接0关闭此功能", ValInt: 0},
{Typ: cfgInt, Name: "session_timeout", Usage: "session过期时间(秒)-用于断线重连0永不过期", ValInt: 3600}, {Typ: cfgInt, Name: "session_timeout", Usage: "session过期时间(秒)-用于断线重连0永不过期", ValInt: 3600},

1
server/conf/profile.xml
View File

@@ -9,6 +9,7 @@
<RestrictTunnelProtocols>IPSec</RestrictTunnelProtocols> <RestrictTunnelProtocols>IPSec</RestrictTunnelProtocols>
<BypassDownloader>true</BypassDownloader> <BypassDownloader>true</BypassDownloader>
<AutoUpdate UserControllable="false">false</AutoUpdate> <AutoUpdate UserControllable="false">false</AutoUpdate>
<LocalLanAccess UserControllable="true">true</LocalLanAccess>
<WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment> <WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>
<LinuxVPNEstablishment>AllowRemoteUsers</LinuxVPNEstablishment> <LinuxVPNEstablishment>AllowRemoteUsers</LinuxVPNEstablishment>
<CertEnrollmentPin>pinAllowed</CertEnrollmentPin> <CertEnrollmentPin>pinAllowed</CertEnrollmentPin>

14
server/conf/server-sample.toml
View File

@@ -12,9 +12,15 @@ cert_key = "./conf/vpn_cert.key"
files_path = "./conf/files" files_path = "./conf/files"
profile = "./conf/profile.xml" profile = "./conf/profile.xml"
#profile name(用于区分不同服务端的配置) #profile name(用于区分不同服务端的配置)
#客户端存放位置 C:\ProgramData\Cisco\Cisco Secure Client\VPN\Profile #客户端存放位置
#Windows 10
#%ProgramData%Cisco\Cisco AnyConnect Secure Mobility Client\Profile
#Mac Os X
#/opt/cisco/anyconnect/profile
#Linux
#/opt/cisco/anyconnect/profile
profile_name = "anylink" profile_name = "anylink"
#日志目录,为空写入标准输出 #日志目录,默认为空写入标准输出
#log_path = "./log" #log_path = "./log"
log_path = "" log_path = ""
log_level = "debug" log_level = "debug"
@@ -66,9 +72,9 @@ default_group = "one"
#客户端失效检测时间(秒) dpd > keepalive #客户端失效检测时间(秒) dpd > keepalive
cstp_keepalive = 3 cstp_keepalive = 3
cstp_dpd = 10 cstp_dpd = 20
mobile_keepalive = 4 mobile_keepalive = 4
mobile_dpd = 15 mobile_dpd = 60
# 根据实际情况修改 # 根据实际情况修改
#cstp_keepalive = 20 #cstp_keepalive = 20

3
server/conf/server.toml
View File

@@ -10,6 +10,9 @@ db_source = "./conf/anylink.db"
cert_file = "./conf/vpn_cert.pem" cert_file = "./conf/vpn_cert.pem"
cert_key = "./conf/vpn_cert.key" cert_key = "./conf/vpn_cert.key"
files_path = "./conf/files" files_path = "./conf/files"
#日志目录,默认为空写入标准输出
#log_path = "./log"
log_level = "debug" log_level = "debug"
#系统名称 #系统名称

15
server/dbdata/db.go
View File

@@ -1,6 +1,7 @@
package dbdata package dbdata
import ( import (
"net/http"
"time" "time"
"github.com/bjdgyc/anylink/base" "github.com/bjdgyc/anylink/base"
@@ -121,6 +122,7 @@ func addInitData() error {
other := &SettingOther{ other := &SettingOther{
LinkAddr: "vpn.xx.com", LinkAddr: "vpn.xx.com",
Banner: "您已接入公司网络,请按照公司规定使用。\n请勿进行非工作下载及视频行为", Banner: "您已接入公司网络,请按照公司规定使用。\n请勿进行非工作下载及视频行为",
Homecode: http.StatusOK,
Homeindex: "AnyLink 是一个企业级远程办公 sslvpn 的软件,可以支持多人同时在线使用。", Homeindex: "AnyLink 是一个企业级远程办公 sslvpn 的软件,可以支持多人同时在线使用。",
AccountMail: accountMail, AccountMail: accountMail,
} }
@@ -172,6 +174,9 @@ func CheckErrNotFound(err error) bool {
return err == ErrNotFound return err == ErrNotFound
} }
// base64 图片
// 用户动态码(请妥善保存):<br/>
// <img src="{{.OtpImgBase64}}"/><br/>
const accountMail = `<p>您好:</p> const accountMail = `<p>您好:</p>
<p>&nbsp;&nbsp;您的{{.Issuer}}账号已经审核开通。</p> <p>&nbsp;&nbsp;您的{{.Issuer}}账号已经审核开通。</p>
<p> <p>
@@ -179,12 +184,18 @@ const accountMail = `<p>您好:</p>
用户组: <b>{{.Group}}</b> <br/> 用户组: <b>{{.Group}}</b> <br/>
用户名: <b>{{.Username}}</b> <br/> 用户名: <b>{{.Username}}</b> <br/>
用户PIN码: <b>{{.PinCode}}</b> <br/> 用户PIN码: <b>{{.PinCode}}</b> <br/>
{{if .DisableOtp}}
<!-- nothing -->
{{else}}
<!-- <!--
用户动态码(3天后失效):<br/> 用户动态码(3天后失效):<br/>
<img src="{{.OtpImg}}"/> <img src="{{.OtpImg}}"/><br/>
--> -->
用户动态码(请妥善保存):<br/> 用户动态码(请妥善保存):<br/>
<img src="{{.OtpImgBase64}}"/> <img src="cid:userOtpQr.png" alt="userOtpQr" /><br/>
{{end}}
</p> </p>
<div> <div>
使用说明: 使用说明:

82
server/dbdata/group.go
View File

@@ -5,6 +5,7 @@ import (
"fmt" "fmt"
"net" "net"
"regexp" "regexp"
"strconv"
"strings" "strings"
"time" "time"
@@ -24,11 +25,12 @@ const DsMaxLen = 20000
type GroupLinkAcl struct { type GroupLinkAcl struct {
// 自上而下匹配 默认 allow * * // 自上而下匹配 默认 allow * *
Action string `json:"action"` // allow、deny Action string `json:"action"` // allow、deny
Val string `json:"val"` Val string `json:"val"`
Port uint16 `json:"port"` Port string `json:"port"` // 兼容单端口历史数据类型uint16
IpNet *net.IPNet `json:"ip_net"` Ports map[uint16]int8 `json:"ports"`
Note string `json:"note"` IpNet *net.IPNet `json:"ip_net"`
Note string `json:"note"`
} }
type ValData struct { type ValData struct {
@@ -161,14 +163,59 @@ func SetGroup(g *Group) error {
return errors.New("GroupLinkAcl 错误" + err.Error()) return errors.New("GroupLinkAcl 错误" + err.Error())
} }
v.IpNet = ipNet v.IpNet = ipNet
linkAcl = append(linkAcl, v)
portsStr := v.Port
v.Port = strings.TrimSpace(portsStr)
// switch vp := v.Port.(type) {
// case float64:
// portsStr = strconv.Itoa(int(vp))
// case string:
// portsStr = vp
// }
if regexp.MustCompile(`^\d{1,5}(-\d{1,5})?(,\d{1,5}(-\d{1,5})?)*$`).MatchString(portsStr) {
ports := map[uint16]int8{}
for _, p := range strings.Split(portsStr, ",") {
if p == "" {
continue
}
if regexp.MustCompile(`^\d{1,5}-\d{1,5}$`).MatchString(p) {
rp := strings.Split(p, "-")
portfrom, err := strconv.Atoi(rp[0])
if err != nil {
return errors.New("端口:" + rp[0] + " 格式错误, " + err.Error())
}
portto, err := strconv.Atoi(rp[1])
if err != nil {
return errors.New("端口:" + rp[1] + " 格式错误, " + err.Error())
}
for i := portfrom; i <= portto; i++ {
ports[uint16(i)] = 1
}
} else {
port, err := strconv.Atoi(p)
if err != nil {
return errors.New("端口:" + p + " 格式错误, " + err.Error())
}
ports[uint16(port)] = 1
}
}
v.Ports = ports
linkAcl = append(linkAcl, v)
} else {
return errors.New("端口: " + portsStr + " 格式错误,请用逗号分隔的端口,比如: 22,80,443 连续端口用-,比如:1234-5678")
}
} }
} }
g.LinkAcl = linkAcl g.LinkAcl = linkAcl
// DNS 判断 // DNS 判断
clientDns := []ValData{} clientDns := []ValData{}
for _, v := range g.ClientDns { for _, v := range g.ClientDns {
v.Val = strings.TrimSpace(v.Val)
if v.Val != "" { if v.Val != "" {
ip := net.ParseIP(v.Val) ip := net.ParseIP(v.Val)
if ip.String() != v.Val { if ip.String() != v.Val {
@@ -183,6 +230,20 @@ func SetGroup(g *Group) error {
return errors.New("默认路由必须设置一个DNS") return errors.New("默认路由必须设置一个DNS")
} }
g.ClientDns = clientDns g.ClientDns = clientDns
splitDns := []ValData{}
for _, v := range g.SplitDns {
v.Val = strings.TrimSpace(v.Val)
if v.Val != "" {
ValidateDomainName(v.Val)
if !ValidateDomainName(v.Val) {
return errors.New("域名 错误")
}
splitDns = append(splitDns, v)
}
}
g.SplitDns = splitDns
// 域名拆分隧道,不能同时填写 // 域名拆分隧道,不能同时填写
g.DsIncludeDomains = strings.TrimSpace(g.DsIncludeDomains) g.DsIncludeDomains = strings.TrimSpace(g.DsIncludeDomains)
g.DsExcludeDomains = strings.TrimSpace(g.DsExcludeDomains) g.DsExcludeDomains = strings.TrimSpace(g.DsExcludeDomains)
@@ -238,6 +299,15 @@ func SetGroup(g *Group) error {
return err return err
} }
func ContainsInPorts(ports map[uint16]int8, port uint16) bool {
_, ok := ports[port]
if ok {
return true
} else {
return false
}
}
func GroupAuthLogin(name, pwd string, authData map[string]interface{}) error { func GroupAuthLogin(name, pwd string, authData map[string]interface{}) error {
g := &Group{Auth: authData} g := &Group{Auth: authData}
authType := g.Auth["type"].(string) authType := g.Auth["type"].(string)

1
server/dbdata/setting.go
View File

@@ -29,6 +29,7 @@ type SettingAuditLog struct {
type SettingOther struct { type SettingOther struct {
LinkAddr string `json:"link_addr"` LinkAddr string `json:"link_addr"`
Banner string `json:"banner"` Banner string `json:"banner"`
Homecode int `json:"homecode"`
Homeindex string `json:"homeindex"` Homeindex string `json:"homeindex"`
AccountMail string `json:"account_mail"` AccountMail string `json:"account_mail"`
} }

1
server/dbdata/tables.go
View File

@@ -11,6 +11,7 @@ type Group struct {
Note string `json:"note" xorm:"varchar(255)"` Note string `json:"note" xorm:"varchar(255)"`
AllowLan bool `json:"allow_lan" xorm:"Bool"` AllowLan bool `json:"allow_lan" xorm:"Bool"`
ClientDns []ValData `json:"client_dns" xorm:"Text"` ClientDns []ValData `json:"client_dns" xorm:"Text"`
SplitDns []ValData `json:"split_dns" xorm:"Text"`
RouteInclude []ValData `json:"route_include" xorm:"Text"` RouteInclude []ValData `json:"route_include" xorm:"Text"`
RouteExclude []ValData `json:"route_exclude" xorm:"Text"` RouteExclude []ValData `json:"route_exclude" xorm:"Text"`
DsExcludeDomains string `json:"ds_exclude_domains" xorm:"Text"` DsExcludeDomains string `json:"ds_exclude_domains" xorm:"Text"`

10
server/handler/link_auth.go
View File

@@ -17,7 +17,10 @@ import (
"github.com/bjdgyc/anylink/sessdata" "github.com/bjdgyc/anylink/sessdata"
) )
var profileHash = "" var (
profileHash = ""
certHash = ""
)
func LinkAuth(w http.ResponseWriter, r *http.Request) { func LinkAuth(w http.ResponseWriter, r *http.Request) {
// TODO 调试信息输出 // TODO 调试信息输出
@@ -138,7 +141,7 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
other := &dbdata.SettingOther{} other := &dbdata.SettingOther{}
_ = dbdata.SettingGet(other) _ = dbdata.SettingGet(other)
rd := RequestData{SessionId: sess.Sid, SessionToken: sess.Sid + "@" + sess.Token, rd := RequestData{SessionId: sess.Sid, SessionToken: sess.Sid + "@" + sess.Token,
Banner: other.Banner, ProfileName: base.Cfg.ProfileName, ProfileHash: profileHash} Banner: other.Banner, ProfileName: base.Cfg.ProfileName, ProfileHash: profileHash, CertHash: certHash}
w.WriteHeader(http.StatusOK) w.WriteHeader(http.StatusOK)
tplRequest(tpl_complete, w, rd) tplRequest(tpl_complete, w, rd)
base.Info("login", cr.Auth.Username, userAgent) base.Info("login", cr.Auth.Username, userAgent)
@@ -178,6 +181,7 @@ type RequestData struct {
Banner string Banner string
ProfileName string ProfileName string
ProfileHash string ProfileHash string
CertHash string
} }
var auth_request = `<?xml version="1.0" encoding="UTF-8"?> var auth_request = `<?xml version="1.0" encoding="UTF-8"?>
@@ -223,7 +227,7 @@ var auth_complete = `<?xml version="1.0" encoding="UTF-8"?>
</capabilities> </capabilities>
<config client="vpn" type="private"> <config client="vpn" type="private">
<vpn-base-config> <vpn-base-config>
<server-cert-hash>240B97A685B2BFA66AD699B90AAC49EA66495D69</server-cert-hash> <server-cert-hash>{{.CertHash}}</server-cert-hash>
</vpn-base-config> </vpn-base-config>
<opaque is-for="vpn-client"></opaque> <opaque is-for="vpn-client"></opaque>
<vpn-profile-manifest> <vpn-profile-manifest>

12
server/handler/link_home.go
View File

@@ -27,10 +27,16 @@ func LinkHome(w http.ResponseWriter, r *http.Request) {
if err := dbdata.SettingGet(index); err != nil { if err := dbdata.SettingGet(index); err != nil {
return return
} }
w.WriteHeader(http.StatusOK)
if index.Homeindex == "" { if index.Homecode > 0 {
index.Homeindex = "AnyLink 是一个企业级远程办公 SSL VPN 软件,可以支持多人同时在线使用。" w.WriteHeader(index.Homecode)
} else {
w.WriteHeader(http.StatusOK)
} }
// if index.Homeindex == "" {
// index.Homeindex = "AnyLink 是一个企业级远程办公 SSL VPN 软件,可以支持多人同时在线使用。"
// }
fmt.Fprintln(w, index.Homeindex) fmt.Fprintln(w, index.Homeindex)
} }

6
server/handler/link_tun.go
View File

@@ -51,6 +51,9 @@ func checkTun() {
// 添加注释 // 添加注释
natRule := []string{"-s", base.Cfg.Ipv4CIDR, "-o", base.Cfg.Ipv4Master, "-m", "comment", natRule := []string{"-s", base.Cfg.Ipv4CIDR, "-o", base.Cfg.Ipv4Master, "-m", "comment",
"--comment", "AnyLink", "-j", "MASQUERADE"} "--comment", "AnyLink", "-j", "MASQUERADE"}
if base.InContainer {
natRule = []string{"-s", base.Cfg.Ipv4CIDR, "-o", base.Cfg.Ipv4Master, "-j", "MASQUERADE"}
}
err = ipt.InsertUnique("nat", "POSTROUTING", 1, natRule...) err = ipt.InsertUnique("nat", "POSTROUTING", 1, natRule...)
if err != nil { if err != nil {
base.Error(err) base.Error(err)
@@ -58,6 +61,9 @@ func checkTun() {
// 添加注释 // 添加注释
forwardRule := []string{"-m", "comment", "--comment", "AnyLink", "-j", "ACCEPT"} forwardRule := []string{"-m", "comment", "--comment", "AnyLink", "-j", "ACCEPT"}
if base.InContainer {
forwardRule = []string{"-j", "ACCEPT"}
}
err = ipt.InsertUnique("filter", "FORWARD", 1, forwardRule...) err = ipt.InsertUnique("filter", "FORWARD", 1, forwardRule...)
if err != nil { if err != nil {
base.Error(err) base.Error(err)

13
server/handler/link_tunnel.go
View File

@@ -86,7 +86,7 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
} }
cSess.CstpDpd = cstpDpd cSess.CstpDpd = cstpDpd
dtlsPort := "4433" dtlsPort := "443"
if strings.Contains(base.Cfg.ServerDTLSAddr, ":") { if strings.Contains(base.Cfg.ServerDTLSAddr, ":") {
ss := strings.Split(base.Cfg.ServerDTLSAddr, ":") ss := strings.Split(base.Cfg.ServerDTLSAddr, ":")
dtlsPort = ss[1] dtlsPort = ss[1]
@@ -131,6 +131,11 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
for _, v := range cSess.Group.ClientDns { for _, v := range cSess.Group.ClientDns {
HttpAddHeader(w, "X-CSTP-DNS", v.Val) HttpAddHeader(w, "X-CSTP-DNS", v.Val)
} }
// 分割dns
for _, v := range cSess.Group.SplitDns {
HttpAddHeader(w, "X-CSTP-Split-DNS", v.Val)
}
// 允许的路由 // 允许的路由
for _, v := range cSess.Group.RouteInclude { for _, v := range cSess.Group.RouteInclude {
if strings.ToLower(v.Val) == dbdata.All { if strings.ToLower(v.Val) == dbdata.All {
@@ -156,9 +161,9 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
HttpSetHeader(w, "X-CSTP-Keep", "true") HttpSetHeader(w, "X-CSTP-Keep", "true")
HttpSetHeader(w, "X-CSTP-Tunnel-All-DNS", "false") HttpSetHeader(w, "X-CSTP-Tunnel-All-DNS", "false")
HttpSetHeader(w, "X-CSTP-Rekey-Time", "43200") // 172800 HttpSetHeader(w, "X-CSTP-Rekey-Time", "86400") // 172800
HttpSetHeader(w, "X-CSTP-Rekey-Method", "new-tunnel") HttpSetHeader(w, "X-CSTP-Rekey-Method", "new-tunnel")
HttpSetHeader(w, "X-DTLS-Rekey-Time", "43200") HttpSetHeader(w, "X-DTLS-Rekey-Time", "86400")
HttpSetHeader(w, "X-DTLS-Rekey-Method", "new-tunnel") HttpSetHeader(w, "X-DTLS-Rekey-Method", "new-tunnel")
HttpSetHeader(w, "X-CSTP-DPD", fmt.Sprintf("%d", cstpDpd)) HttpSetHeader(w, "X-CSTP-DPD", fmt.Sprintf("%d", cstpDpd))
@@ -180,7 +185,7 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
HttpSetHeader(w, "X-CSTP-Routing-Filtering-Ignore", "false") HttpSetHeader(w, "X-CSTP-Routing-Filtering-Ignore", "false")
HttpSetHeader(w, "X-CSTP-Quarantine", "false") HttpSetHeader(w, "X-CSTP-Quarantine", "false")
HttpSetHeader(w, "X-CSTP-Disable-Always-On-VPN", "false") HttpSetHeader(w, "X-CSTP-Disable-Always-On-VPN", "false")
HttpSetHeader(w, "X-CSTP-Client-Bypass-Protocol", "false") HttpSetHeader(w, "X-CSTP-Client-Bypass-Protocol", "true")
HttpSetHeader(w, "X-CSTP-TCP-Keepalive", "false") HttpSetHeader(w, "X-CSTP-TCP-Keepalive", "false")
// 设置域名拆分隧道(移动端不支持) // 设置域名拆分隧道(移动端不支持)
if mobile != "mobile" { if mobile != "mobile" {

15
server/handler/payload.go
View File

@@ -88,8 +88,21 @@ func checkLinkAcl(group *dbdata.Group, pl *sessdata.Payload) bool {
for _, v := range group.LinkAcl { for _, v := range group.LinkAcl {
// 循环判断ip和端口 // 循环判断ip和端口
if v.IpNet.Contains(ipDst) { if v.IpNet.Contains(ipDst) {
// 放行允许ip的ping // 放行允许ip的ping
if v.Port == ipPort || v.Port == 0 || ipProto == waterutil.ICMP { // if v.Ports == nil || len(v.Ports) == 0 {
// //单端口历史数据兼容
// port := uint16(v.Port.(float64))
// if port == ipPort || port == 0 || ipProto == waterutil.ICMP {
// if v.Action == dbdata.Allow {
// return true
// } else {
// return false
// }
// }
// } else {
if dbdata.ContainsInPorts(v.Ports, ipPort) || dbdata.ContainsInPorts(v.Ports, 0) || ipProto == waterutil.ICMP {
if v.Action == dbdata.Allow { if v.Action == dbdata.Allow {
return true return true
} else { } else {

16
server/handler/server.go
View File

@@ -1,13 +1,16 @@
package handler package handler
import ( import (
"crypto/sha1"
"crypto/tls" "crypto/tls"
"encoding/hex"
"fmt" "fmt"
"io" "io"
"net" "net"
"net/http" "net/http"
"net/http/httputil" "net/http/httputil"
"os" "os"
"strings"
"time" "time"
"github.com/bjdgyc/anylink/base" "github.com/bjdgyc/anylink/base"
@@ -36,6 +39,19 @@ func startTls() {
// certs[0], err = tls.LoadX509KeyPair(certFile, keyFile) // certs[0], err = tls.LoadX509KeyPair(certFile, keyFile)
// } // }
tlscert, _, err := dbdata.ParseCert()
if err != nil {
base.Fatal("证书加载失败", err)
}
dbdata.LoadCertificate(tlscert)
// 计算证书hash值
s1 := sha1.New()
s1.Write(tlscert.Certificate[0])
h2s := hex.EncodeToString(s1.Sum(nil))
certHash = strings.ToUpper(h2s)
base.Info("certHash", certHash)
// 修复 CVE-2016-2183 // 修复 CVE-2016-2183
// https://segmentfault.com/a/1190000038486901 // https://segmentfault.com/a/1190000038486901
// nmap -sV --script ssl-enum-ciphers -p 443 www.example.com // nmap -sV --script ssl-enum-ciphers -p 443 www.example.com

6
server/handler/start.go
View File

@@ -17,6 +17,12 @@ func Start() {
sessdata.Start() sessdata.Start()
cron.Start() cron.Start()
// 开启服务器转发
err := execCmd([]string{"sysctl -w net.ipv4.ip_forward=1"})
if err != nil {
base.Fatal(err)
}
switch base.Cfg.LinkMode { switch base.Cfg.LinkMode {
case base.LinkModeTUN: case base.LinkModeTUN:
checkTun() checkTun()

2
version
View File

@@ -1 +1 @@
0.11.3 0.12.1

861
web/src/pages/group/List.vue
View File

File diff suppressed because it is too large Load Diff

365
web/src/pages/set/Other.vue
View File

@@ -3,11 +3,11 @@
<el-tabs v-model="activeName" @tab-click="handleClick"> <el-tabs v-model="activeName" @tab-click="handleClick">
<el-tab-pane label="邮件配置" name="dataSmtp"> <el-tab-pane label="邮件配置" name="dataSmtp">
<el-form <el-form
:model="dataSmtp" :model="dataSmtp"
ref="dataSmtp" ref="dataSmtp"
:rules="rules" :rules="rules"
label-width="100px" label-width="100px"
class="tab-one" class="tab-one"
> >
<el-form-item label="服务器地址" prop="host"> <el-form-item label="服务器地址" prop="host">
<el-input v-model="dataSmtp.host"></el-input> <el-input v-model="dataSmtp.host"></el-input>
@@ -20,9 +20,9 @@
</el-form-item> </el-form-item>
<el-form-item label="密码" prop="password"> <el-form-item label="密码" prop="password">
<el-input <el-input
type="password" type="password"
v-model="dataSmtp.password" v-model="dataSmtp.password"
placeholder="密码为空则不修改" placeholder="密码为空则不修改"
></el-input> ></el-input>
</el-form-item> </el-form-item>
<el-form-item label="加密类型" prop="encryption"> <el-form-item label="加密类型" prop="encryption">
@@ -37,7 +37,8 @@
</el-form-item> </el-form-item>
<el-form-item> <el-form-item>
<el-button type="primary" @click="submitForm('dataSmtp')" <el-button type="primary" @click="submitForm('dataSmtp')"
>保存</el-button >保存
</el-button
> >
<el-button @click="resetForm('dataSmtp')">重置</el-button> <el-button @click="resetForm('dataSmtp')">重置</el-button>
</el-form-item> </el-form-item>
@@ -46,19 +47,19 @@
<el-tab-pane label="审计日志" name="dataAuditLog"> <el-tab-pane label="审计日志" name="dataAuditLog">
<el-form <el-form
:model="dataAuditLog" :model="dataAuditLog"
ref="dataAuditLog" ref="dataAuditLog"
:rules="rules" :rules="rules"
label-width="100px" label-width="100px"
class="tab-one" class="tab-one"
> >
<el-form-item label="审计去重间隔" prop="audit_interval"> <el-form-item label="审计去重间隔" prop="audit_interval">
<el-input-number <el-input-number
v-model="dataAuditLog.audit_interval" v-model="dataAuditLog.audit_interval"
:min="-1" :min="-1"
size="small" size="small"
label="秒" label="秒"
:disabled="true" :disabled="true"
></el-input-number> ></el-input-number>
<p class="input_tip"> <p class="input_tip">
@@ -68,11 +69,11 @@
</el-form-item> </el-form-item>
<el-form-item label="存储时长" prop="life_day"> <el-form-item label="存储时长" prop="life_day">
<el-input-number <el-input-number
v-model="dataAuditLog.life_day" v-model="dataAuditLog.life_day"
:min="0" :min="0"
:max="365" :max="365"
size="small" size="small"
label="天数" label="天数"
></el-input-number> ></el-input-number>
<p class="input_tip"> <p class="input_tip">
@@ -82,22 +83,23 @@
</el-form-item> </el-form-item>
<el-form-item label="清理时间" prop="clear_time"> <el-form-item label="清理时间" prop="clear_time">
<el-time-select <el-time-select
v-model="dataAuditLog.clear_time" v-model="dataAuditLog.clear_time"
:picker-options="{ :picker-options="{
start: '00:00', start: '00:00',
step: '01:00', step: '01:00',
end: '23:00', end: '23:00',
}" }"
:editable="false" :editable="false"
size="small" size="small"
placeholder="请选择" placeholder="请选择"
style="width: 130px" style="width: 130px"
> >
</el-time-select> </el-time-select>
</el-form-item> </el-form-item>
<el-form-item> <el-form-item>
<el-button type="primary" @click="submitForm('dataAuditLog')" <el-button type="primary" @click="submitForm('dataAuditLog')"
>保存</el-button >保存
</el-button
> >
<el-button @click="resetForm('dataAuditLog')">重置</el-button> <el-button @click="resetForm('dataAuditLog')">重置</el-button>
</el-form-item> </el-form-item>
@@ -105,33 +107,34 @@
</el-tab-pane> </el-tab-pane>
<el-tab-pane label="证书设置" name="datacertManage"> <el-tab-pane label="证书设置" name="datacertManage">
<el-tabs <el-tabs
tab-position="left" tab-position="left"
v-model="datacertManage" v-model="datacertManage"
@tab-click="handleClick" @tab-click="handleClick"
> >
<el-tab-pane label="自定义证书" name="customCert"> <el-tab-pane label="自定义证书" name="customCert">
<el-form <el-form
ref="customCert" ref="customCert"
:model="customCert" :model="customCert"
label-width="100px" label-width="100px"
size="small" size="small"
class="tab-one" class="tab-one"
> >
<el-form-item> <el-form-item>
<el-upload <el-upload
class="uploadCert" class="uploadCert"
:before-upload="beforeCertUpload" :before-upload="beforeCertUpload"
:action="certUpload" :action="certUpload"
:limit="1" :limit="1"
> >
<el-button size="mini" icon="el-icon-plus" slot="trigger" <el-button size="mini" icon="el-icon-plus" slot="trigger"
>证书文件</el-button >证书文件
</el-button
> >
<el-tooltip <el-tooltip
class="item" class="item"
effect="dark" effect="dark"
content="请上传 .pem 格式的 cert 文件" content="请上传 .pem 格式的 cert 文件"
placement="top" placement="top"
> >
<i class="el-icon-info"></i> <i class="el-icon-info"></i>
</el-tooltip> </el-tooltip>
@@ -139,19 +142,20 @@
</el-form-item> </el-form-item>
<el-form-item> <el-form-item>
<el-upload <el-upload
class="uploadCert" class="uploadCert"
:before-upload="beforeKeyUpload" :before-upload="beforeKeyUpload"
:action="certUpload" :action="certUpload"
:limit="1" :limit="1"
> >
<el-button size="mini" icon="el-icon-plus" slot="trigger" <el-button size="mini" icon="el-icon-plus" slot="trigger"
>私钥文件</el-button >私钥文件
</el-button
> >
<el-tooltip <el-tooltip
class="item" class="item"
effect="dark" effect="dark"
content="请上传 .pem 格式的 key 文件" content="请上传 .pem 格式的 key 文件"
placement="top" placement="top"
> >
<i class="el-icon-info"></i> <i class="el-icon-info"></i>
</el-tooltip> </el-tooltip>
@@ -159,23 +163,24 @@
</el-form-item> </el-form-item>
<el-form-item> <el-form-item>
<el-button <el-button
size="small" size="small"
icon="el-icon-upload" icon="el-icon-upload"
type="primary" type="primary"
@click="submitForm('customCert')" @click="submitForm('customCert')"
>上传</el-button >上传
</el-button
> >
</el-form-item> </el-form-item>
</el-form> </el-form>
</el-tab-pane> </el-tab-pane>
<el-tab-pane label="Let's Encrypt证书" name="letsCert"> <el-tab-pane label="Let's Encrypt证书" name="letsCert">
<el-form <el-form
:model="letsCert" :model="letsCert"
ref="letsCert" ref="letsCert"
:rules="rules" :rules="rules"
label-width="120px" label-width="120px"
size="small" size="small"
class="tab-one" class="tab-one"
> >
<el-form-item label="域名" prop="domain"> <el-form-item label="域名" prop="domain">
<el-input v-model="letsCert.domain"></el-input> <el-input v-model="letsCert.domain"></el-input>
@@ -191,30 +196,31 @@
</el-radio-group> </el-radio-group>
</el-form-item> </el-form-item>
<el-form-item <el-form-item
v-for="component in dnsProvider[letsCert.name]" v-for="component in dnsProvider[letsCert.name]"
:key="component.prop" :key="component.prop"
:label="component.label" :label="component.label"
:rules="component.rules" :rules="component.rules"
> >
<component <component
:is="component.component" :is="component.component"
:type="component.type" :type="component.type"
v-model="letsCert[letsCert.name][component.prop]" v-model="letsCert[letsCert.name][component.prop]"
></component> ></component>
</el-form-item> </el-form-item>
<el-form-item> <el-form-item>
<el-switch <el-switch
style="display: block" style="display: block"
v-model="letsCert.renew" v-model="letsCert.renew"
active-color="#13ce66" active-color="#13ce66"
inactive-color="#ff4949" inactive-color="#ff4949"
inactive-text="自动续期" inactive-text="自动续期"
> >
</el-switch> </el-switch>
</el-form-item> </el-form-item>
<el-form-item> <el-form-item>
<el-button type="primary" @click="submitForm('letsCert')" <el-button type="primary" @click="submitForm('letsCert')"
>申请</el-button >申请
</el-button
> >
<el-button @click="resetForm('letsCert')">重置</el-button> <el-button @click="resetForm('letsCert')">重置</el-button>
</el-form-item> </el-form-item>
@@ -224,11 +230,11 @@
</el-tab-pane> </el-tab-pane>
<el-tab-pane label="其他设置" name="dataOther"> <el-tab-pane label="其他设置" name="dataOther">
<el-form <el-form
:model="dataOther" :model="dataOther"
ref="dataOther" ref="dataOther"
:rules="rules" :rules="rules"
label-width="100px" label-width="130px"
class="tab-one" class="tab-one"
> >
<el-form-item label="vpn对外地址" prop="link_addr"> <el-form-item label="vpn对外地址" prop="link_addr">
<el-input placeholder="请输入内容" v-model="dataOther.link_addr"> <el-input placeholder="请输入内容" v-model="dataOther.link_addr">
@@ -237,49 +243,58 @@
<el-form-item label="Banner信息" prop="banner"> <el-form-item label="Banner信息" prop="banner">
<el-input <el-input
type="textarea" type="textarea"
:rows="5" :rows="5"
placeholder="请输入内容" placeholder="请输入内容"
v-model="dataOther.banner" v-model="dataOther.banner"
> >
</el-input> </el-input>
</el-form-item> </el-form-item>
<el-form-item label="自定义首页状态码" prop="homecode">
<el-input-number
v-model="dataOther.homecode"
:min="0"
:max="1000"
></el-input-number>
</el-form-item>
<el-form-item label="自定义首页" prop="homeindex"> <el-form-item label="自定义首页" prop="homeindex">
<el-input <el-input
type="textarea" type="textarea"
:rows="10" :rows="10"
placeholder="请输入内容" placeholder="请输入内容"
v-model="dataOther.homeindex" v-model="dataOther.homeindex"
> >
</el-input> </el-input>
<el-tooltip content="自定义内容可以参考 home 目录下的文件" placement="top"> <el-tooltip content="自定义内容可以参考 index_template 目录下的文件" placement="top">
<i class="el-icon-question"></i> <i class="el-icon-question"></i>
</el-tooltip> </el-tooltip>
</el-form-item> </el-form-item>
<el-form-item label="账户开通邮件" prop="account_mail"> <el-form-item label="账户开通邮件模板" prop="account_mail">
<el-input <el-input
type="textarea" type="textarea"
:rows="10" :rows="10"
placeholder="请输入内容" placeholder="请输入内容"
v-model="dataOther.account_mail" v-model="dataOther.account_mail"
> >
</el-input> </el-input>
</el-form-item> </el-form-item>
<el-form-item label="邮件展示"> <el-form-item label="邮件展示">
<iframe <iframe
width="500px" width="500px"
height="300px" height="300px"
:srcdoc="dataOther.account_mail" :srcdoc="dataOther.account_mail"
> >
</iframe> </iframe>
</el-form-item> </el-form-item>
<el-form-item> <el-form-item>
<el-button type="primary" @click="submitForm('dataOther')" <el-button type="primary" @click="submitForm('dataOther')"
>保存</el-button >保存
</el-button
> >
<el-button @click="resetForm('dataOther')">重置</el-button> <el-button @click="resetForm('dataOther')">重置</el-button>
</el-form-item> </el-form-item>
@@ -324,19 +339,19 @@ export default {
authToken: "", authToken: "",
}, },
}, },
customCert: { cert: "", key: "" }, customCert: {cert: "", key: ""},
dataOther: {}, dataOther: {},
rules: { rules: {
host: { required: true, message: "请输入服务器地址", trigger: "blur" }, host: {required: true, message: "请输入服务器地址", trigger: "blur"},
port: [ port: [
{ required: true, message: "请输入服务器端口", trigger: "blur" }, {required: true, message: "请输入服务器端口", trigger: "blur"},
{ {
type: "number", type: "number",
message: "请输入正确的服务器端口", message: "请输入正确的服务器端口",
trigger: ["blur", "change"], trigger: ["blur", "change"],
}, },
], ],
issuer: { required: true, message: "请输入系统名称", trigger: "blur" }, issuer: {required: true, message: "请输入系统名称", trigger: "blur"},
domain: { domain: {
required: true, required: true,
message: "请输入需要申请证书的域名", message: "请输入需要申请证书的域名",
@@ -347,7 +362,7 @@ export default {
message: "请输入申请证书的邮箱地址", message: "请输入申请证书的邮箱地址",
trigger: "blur", trigger: "blur",
}, },
name: { required: true, message: "请选择域名服务商", trigger: "blur" }, name: {required: true, message: "请选择域名服务商", trigger: "blur"},
}, },
certUpload: "/set/other/customcert", certUpload: "/set/other/customcert",
dnsProvider: { dnsProvider: {
@@ -449,71 +464,71 @@ export default {
}, },
getSmtp() { getSmtp() {
axios axios
.get("/set/other/smtp") .get("/set/other/smtp")
.then((resp) => { .then((resp) => {
let rdata = resp.data; let rdata = resp.data;
console.log(rdata); console.log(rdata);
if (rdata.code !== 0) { if (rdata.code !== 0) {
this.$message.error(rdata.msg); this.$message.error(rdata.msg);
return; return;
} }
this.dataSmtp = rdata.data; this.dataSmtp = rdata.data;
}) })
.catch((error) => { .catch((error) => {
this.$message.error("哦,请求出错"); this.$message.error("哦,请求出错");
console.log(error); console.log(error);
}); });
}, },
getAuditLog() { getAuditLog() {
axios axios
.get("/set/other/audit_log") .get("/set/other/audit_log")
.then((resp) => { .then((resp) => {
let rdata = resp.data; let rdata = resp.data;
console.log(rdata); console.log(rdata);
if (rdata.code !== 0) { if (rdata.code !== 0) {
this.$message.error(rdata.msg); this.$message.error(rdata.msg);
return; return;
} }
this.dataAuditLog = rdata.data; this.dataAuditLog = rdata.data;
}) })
.catch((error) => { .catch((error) => {
this.$message.error("哦,请求出错"); this.$message.error("哦,请求出错");
console.log(error); console.log(error);
}); });
}, },
getletsCert() { getletsCert() {
axios axios
.get("/set/other/getcertset") .get("/set/other/getcertset")
.then((resp) => { .then((resp) => {
let rdata = resp.data; let rdata = resp.data;
console.log(rdata); console.log(rdata);
if (rdata.code !== 0) { if (rdata.code !== 0) {
this.$message.error(rdata.msg); this.$message.error(rdata.msg);
return; return;
} }
this.letsCert = Object.assign({}, this.letsCert, rdata.data); this.letsCert = Object.assign({}, this.letsCert, rdata.data);
}) })
.catch((error) => { .catch((error) => {
this.$message.error("哦,请求出错"); this.$message.error("哦,请求出错");
console.log(error); console.log(error);
}); });
}, },
getOther() { getOther() {
axios axios
.get("/set/other") .get("/set/other")
.then((resp) => { .then((resp) => {
let rdata = resp.data; let rdata = resp.data;
console.log(rdata); console.log(rdata);
if (rdata.code !== 0) { if (rdata.code !== 0) {
this.$message.error(rdata.msg); this.$message.error(rdata.msg);
return; return;
} }
this.dataOther = rdata.data; this.dataOther = rdata.data;
}) })
.catch((error) => { .catch((error) => {
this.$message.error("哦,请求出错"); this.$message.error("哦,请求出错");
console.log(error); console.log(error);
}); });
}, },
submitForm(formName) { submitForm(formName) {
this.$refs[formName].validate((valid) => { this.$refs[formName].validate((valid) => {
@@ -535,16 +550,16 @@ export default {
break; break;
case "dataAuditLog": case "dataAuditLog":
axios axios
.post("/set/other/audit_log/edit", this.dataAuditLog) .post("/set/other/audit_log/edit", this.dataAuditLog)
.then((resp) => { .then((resp) => {
var rdata = resp.data; var rdata = resp.data;
console.log(rdata); console.log(rdata);
if (rdata.code === 0) { if (rdata.code === 0) {
this.$message.success(rdata.msg); this.$message.success(rdata.msg);
} else { } else {
this.$message.error(rdata.msg); this.$message.error(rdata.msg);
} }
}); });
break; break;
case "letsCert": case "letsCert":
var loading = this.$loading({ var loading = this.$loading({