Merge pull request #283 from bjdgyc/dev

修复容器频繁重启的问题

.github/FUNDING.yml

@@ -0,0 +1,13 @@
+# These are supported funding model platforms
+
+github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
+custom: ['https://github.com/bjdgyc/anylink/blob/main/doc/README.md'] # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']

README.md

@@ -24,7 +24,8 @@ AnyLink 基于 [ietf-openconnect](https://tools.ietf.org/html/draft-mavrogiannop
 
 AnyLink 使用 TLS/DTLS 进行数据加密，因此需要 RSA 或 ECC 证书，可以通过 Let's Encrypt 和 TrustAsia 申请免费的 SSL 证书。
 
-AnyLink 服务端仅在 CentOS 7、CentOS 8、Ubuntu 18.04、Ubuntu 20.04 测试通过，如需要安装在其他系统，需要服务端支持 tun/tap 功能、ip 设置命令。
+AnyLink 服务端仅在 CentOS 7、CentOS 8、Ubuntu 18.04、Ubuntu 20.04 测试通过，如需要安装在其他系统，需要服务端支持 tun/tap
+功能、ip 设置命令。
 
 ## Screenshot
 
@@ -52,17 +53,27 @@ AnyLink 服务端仅在 CentOS 7、CentOS 8、Ubuntu 18.04、Ubuntu 20.04 测试
 >
 > 对于线上环境，必须申请安全的 https 证书，不支持私有证书连接
 >
+> 服务端安装 yum install iproute 或者 apt-get install iproute2
+>
 > 客户端请使用群共享文件的版本，其他版本没有测试过，不保证使用正常
-> 
+>
+> 其他问题 [前往查看](doc/question.md)
+>
 > 首次使用，请在浏览器访问 https://域名:443，浏览器提示安全后，在客户端输入 【域名:443】 即可
 
 ### 自行编译安装
 
-> 需要提前安装好 golang >= 1.18 和 nodejs >= 14.x 和 yarn >= v1.22.x
+> 需要提前安装好 golang >= 1.19 和 nodejs >= 16.x 和 yarn >= v1.22.x
 
 ```shell
 git clone https://github.com/bjdgyc/anylink.git
 
+# 编译参考软件版本
+# go 1.20.12
+# node v16.20.2
+# yarn 1.22.19
+
+
 cd anylink
 sh build.sh
 
@@ -119,7 +130,7 @@ sudo ./anylink
 > 数据库配置示例
 
 | db_type  | db_source                                              |
-| -------- | ------------------------------------------------------ |
+|----------|--------------------------------------------------------|
 | sqlite3  | ./conf/anylink.db                                      |
 | mysql    | user:password@tcp(127.0.0.1:3306)/anylink?charset=utf8 |
 | postgres | user:password@localhost/anylink?sslmode=verify-full    |
@@ -132,9 +143,11 @@ sudo ./anylink
 
 > 以下参数必须设置其中之一
 
-网络模式选择，需要配置 `link_mode` 参数，如 `link_mode="tun"`,`link_mode="macvtap"`,`link_mode="tap"(不推荐)` 等参数。 不同的参数需要对服务器做相应的设置。
+网络模式选择，需要配置 `link_mode` 参数，如 `link_mode="tun"`,`link_mode="macvtap"`,`link_mode="tap"(不推荐)` 等参数。
+不同的参数需要对服务器做相应的设置。
 
-建议优先选择 tun 模式，其次选择 macvtap 模式，因客户端传输的是 IP 层数据，无须进行数据转换。 tap 模式是在用户态做的链路层到 IP 层的数据互相转换，性能会有所下降。 如果需要在虚拟机内开启 tap
+建议优先选择 tun 模式，其次选择 macvtap 模式，因客户端传输的是 IP 层数据，无须进行数据转换。 tap 模式是在用户态做的链路层到
+IP 层的数据互相转换，性能会有所下降。 如果需要在虚拟机内开启 tap
 模式，请确认虚拟机的网卡开启混杂模式。
 
 ### tun 设置
@@ -142,7 +155,7 @@ sudo ./anylink
 1. 开启服务器转发
 
 ```shell
-# flie: /etc/sysctl.conf
+# file: /etc/sysctl.conf
 net.ipv4.ip_forward = 1
 
 #执行如下命令
@@ -188,7 +201,6 @@ https://cloud.tencent.com/document/product/216/62007
 
 ```
 
-
 3. 使用 AnyConnect 客户端连接即可
 
 ### macvtap 设置
@@ -202,6 +214,9 @@ https://cloud.tencent.com/document/product/216/62007
 # 首先关闭nat转发功能
 iptables_nat = false
 
+# master网卡需要打开混杂模式
+ip link set dev eth0 promisc on
+
 #内网主网卡名称
 ipv4_master = "eth0"
 #以下网段需要跟ipv4_master网卡设置成一样
@@ -211,7 +226,6 @@ ipv4_start = "10.1.2.100"
 ipv4_end = "10.1.2.200"
 ```
 
-
 ## Systemd
 
 1. 添加 anylink 程序
@@ -279,7 +293,7 @@ ipv4_end = "10.1.2.200"
        -c=/etc/server.toml --ip_lease=1209600 # IP地址租约时长
    ```
 
-7. 构建镜像
+7. 构建镜像 (非必需)
 
    ```bash
    #获取仓库源码
@@ -288,14 +302,15 @@ ipv4_end = "10.1.2.200"
    docker build -t anylink -f docker/Dockerfile .
    ```
 
-
 ## 常见问题
 
 请前往 [问题地址](doc/question.md) 查看具体信息
 
 ## Discussion
 
-添加QQ群: 567510628
+添加QQ群(1): 567510628
+
+添加QQ群(2): 739072205
 
 群共享文件有相关软件下载
 
@@ -305,7 +320,6 @@ ipv4_end = "10.1.2.200"
 ![contact_me_qr](doc/screenshot/contact_me_qr.png)
 -->
 
-
 ## Contribution
 
 欢迎提交 PR、Issues，感谢为 AnyLink 做出贡献。

build.sh

@@ -12,6 +12,9 @@ function RETVAL() {
 #当前目录
 cpath=$(pwd)
 
+ver=`cat server/base/app_ver.go | grep APP_VER | awk '{print $3}' | sed 's/"//g'`
+echo "当前版本 $ver"
+
 echo "编译前端项目"
 cd $cpath/web
 #国内可替换源加快速度
@@ -20,9 +23,10 @@ cd $cpath/web
 #npm install
 #npm run build
 
-yarn install
+yarn install --registry=https://registry.npmmirror.com
 yarn run build
 
+
 RETVAL $?
 
 echo "编译二进制文件"
@@ -32,7 +36,7 @@ cp -rf $cpath/web/ui .
 #国内可替换源加快速度
 export GOPROXY=https://goproxy.io
 go mod tidy
-go build -v -o anylink -ldflags "-X main.CommitId=$(git rev-parse HEAD)"
+go build -v -o anylink -ldflags "-s -w -X main.CommitId=$(git rev-parse HEAD)"
 RETVAL $?
 
 cd $cpath
@@ -48,6 +52,7 @@ cp -r server/conf $deploy
 
 cp -r systemd $deploy
 cp -r LICENSE $deploy
+cp -r home $deploy
 
 tar zcvf ${deploy}.tar.gz $deploy
 

build_docker.sh

@@ -6,10 +6,13 @@ echo $ver
 #docker login -u bjdgyc
 
 #docker build -t bjdgyc/anylink .
-docker build -t bjdgyc/anylink -f docker/Dockerfile .
+
+docker build -t bjdgyc/anylink --build-arg GitCommitId=$(git rev-parse HEAD) -f docker/Dockerfile .
 
 docker tag bjdgyc/anylink:latest bjdgyc/anylink:$ver
 
+exit 0
+
 docker push bjdgyc/anylink:$ver
 docker push bjdgyc/anylink:latest
 

doc/README.md

@@ -9,30 +9,41 @@
 ## Donator
 
 > 感谢以下同学的打赏，AnyLink 有你更美好！
-> 
+>
-> 需要展示主页的同学，可以在QQ群(567510628) 直接联系我添加。
+> 需要展示主页的同学，可以在QQ群 直接联系我添加。
+
+| 昵称        | 主页 / 留言                      |
+|-----------|------------------------------|
+| 代码 oo8    |                              |
+| 甘磊        | https://github.com/ganlei333 |
+| Oo@       | https://github.com/chooop    |
+| 虚极静笃      |                              |
+| 请喝可乐      |                              |
+| 加油加油      |                              |
+| 李建        |                              |
+| lanbin    |                              |
+| 乐在东途      |                              |
+| 孤鸿        |                              |
+| 刘国华       |                              |
+| 改名好无聊     |                              |
+| 全能互联网专家   |                              |
+| JCM       |                              |
+| Eh...     |                              |
+| 沉         |                              |
+| 刘国华       |                              |
+| 忧郁的豚骨拉面   |                              |
+| 张小旋当爹地    |                              |
+| 对方正在输入    |                              |
+| Ronny     |                              |
+| 奔跑的少年     |                              |
+| ZBW       |                              |
+| 悲鸣        |                              |
+| 谢谢        |                              |
+| 云思科技      |                              |
+| 哆啦A伟(张佳伟) | 嘿嘿                           |
+| 人类的悲欢并不相通 | 开源不易，感谢分享                    |
+| 做人要低调     |                              |
 
-| 昵称      | 主页                         |
-|---------| ---------------------------- |
-| 代码 oo8  |                              |
-| 甘磊      | https://github.com/ganlei333 |
-| Oo@     | https://github.com/chooop    |
-| 虚极静笃    |                              |
-| 请喝可乐    |                              |
-| 加油加油    |                              |
-| 李建      |                              |
-| lanbin  |                              |
-| 乐在东途    |                              |
-| 孤鸿      |                              |
-| 刘国华     |                              |
-| 改名好无聊   |                              |
-| 全能互联网专家 |                              |
-| JCM     |                              |
-| Eh...   |                              |
-| 沉       |                              |
-| 刘国华     |                              |
-| 忧郁的豚骨拉面 |                              |
-| 张小旋当爹地  |                              |
 
 
 

doc/question.md

@@ -1,34 +1,100 @@
-# 常见问题
+## 常见问题
 
 ### anyconnect 客户端问题
+
 > 客户端请使用群共享文件的版本，其他版本没有测试过，不保证使用正常
-> 
+>
 > 添加QQ群: 567510628
 
 ### OTP 动态码
+
 > 请使用手机安装 freeotp ，然后扫描otp二维码，生成的数字即是动态码
 
 ### 远程桌面连接
+
 > 本软件已经支持远程桌面里面连接anyconnect。
 
 ### 私有证书问题
+
 > anylink 默认不支持私有证书
-> 
+>
 > 其他使用私有证书的问题，请自行解决
 
+### 客户端连接名称
+
+> 客户端连接名称需要修改 [profile.xml](../server/conf/profile.xml) 文件
+
+```xml
+
+<HostEntry>
+    <HostName>VPN</HostName>
+    <HostAddress>localhost</HostAddress>
+</HostEntry>
+```
+
 ### dpd timeout 设置问题
-```
+
+```yaml
 #客户端失效检测时间(秒) dpd > keepalive
-cstp_keepalive = 20
+cstp_keepalive = 4
-cstp_dpd = 30
+cstp_dpd = 9
-mobile_keepalive = 40
+mobile_keepalive = 7
-mobile_dpd = 50
+mobile_dpd = 15
 ```
+
 > 以上dpd参数为客户端的超时检测时间, 如一段时间内，没有数据传输，防火墙会主动关闭连接
-> 
+>
 > 如经常出现 timeout 的错误信息，应根据当前防火墙的设置，适当减小dpd数值
 
+### 反向代理问题
+
+> anylink 仅支持四层反向代理，不支持七层反向代理
+>
+> 如Nginx请使用 stream模块
+
+```conf
+stream {
+    upstream anylink_server {
+        server 127.0.0.1:8443;
+    }
+    server {
+        listen 443 tcp;
+        proxy_timeout 30s;
+        proxy_pass anylink_server;
+    }
+}
+```
+
+> nginx实现 共用443端口 示例
+
+```conf
+stream {
+    map $ssl_preread_server_name $name {
+        vpn.xx.com        myvpn;
+        default     defaultpage;
+    }
+    
+    # upstream pool
+    upstream myvpn {
+        server 127.0.0.1:8443;
+    }
+    upstream defaultpage {
+        server 127.0.0.1:8080;
+    }
+    
+    server {
+        listen 443 so_keepalive=on;
+        ssl_preread on;
+        #接收端也需要设置 proxy_protocol
+        #proxy_protocol on;
+        proxy_pass $name;
+    }
+}
+
+```
+
 ### 性能问题
+
 ```
 内网环境测试数据
 虚拟服务器：  centos7 4C8G
@@ -37,6 +103,7 @@ anylink:    tun模式 tcp传输
 客户端网卡下载速度：270Mb/s
 服务端网卡上传速度：280Mb/s
 ```
+
 > 客户端tls加密协议、隧道header头都会占用一定带宽
 
 

docker/Dockerfile

@@ -1,40 +1,49 @@
+#node:16-bullseye
+#golang:1.20-bullseye
+#debian:bullseye-slim
+#sed -i 's/deb.debian.org/mirrors.ustc.edu.cn/g' /etc/apt/sources.list
+
+
 # web
-FROM node:16.17.1-alpine3.15 as builder_node
+FROM node:16-alpine3.18 as builder_node
 WORKDIR /web
 COPY ./web /web
 RUN yarn install \
     && yarn run build \
     && ls /web/ui
 
+
 # server
-FROM golang:1.18-alpine as builder_golang
+FROM golang:1.20-alpine3.18 as builder_golang
 #TODO 本地打包时使用镜像
-ENV GOPROXY=https://goproxy.io
+ENV GOPROXY=https://goproxy.cn
 ENV GOOS=linux
+ARG GitCommitId="gitCommitId"
+
 WORKDIR /anylink
-COPY . /anylink
+COPY server /anylink
-COPY --from=builder_node /web/ui  /anylink/server/ui
+COPY --from=builder_node /web/ui  /anylink/ui
 
 #TODO 本地打包时使用镜像
 RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
-RUN apk add --no-cache git gcc musl-dev
+RUN apk add gcc musl-dev
-RUN cd /anylink/server;go mod tidy;go build -o anylink -ldflags "-X main.CommitId=$(git rev-parse HEAD)" \
+RUN cd /anylink;go mod tidy;go build -o anylink -ldflags "-s -w -X main.CommitId=${GitCommitId}" \
-    && /anylink/server/anylink tool -v
+    && /anylink/anylink tool -v
+
 
 # anylink
-FROM alpine
+FROM alpine:3.18
 LABEL maintainer="github.com/bjdgyc"
 
-ENV IPV4_CIDR="192.168.10.0/24"
+ENV ANYLINK_IN_CONTAINER=true
 
 WORKDIR /app
-COPY --from=builder_golang /anylink/server/anylink  /app/
+COPY --from=builder_golang /anylink/anylink  /app/
 COPY docker/docker_entrypoint.sh  /app/
-
+COPY ./server/bridge-init.sh /app/
-#COPY ./server/bridge-init.sh /app/
 COPY ./server/conf  /app/conf
 COPY ./LICENSE  /app/LICENSE
-
+COPY ./home  /app/home
 
 #TODO 本地打包时使用镜像
 RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories

docker/docker_entrypoint.sh

@@ -14,7 +14,7 @@ case $var1 in
   ;;
 
 *)
-  sysctl -w net.ipv4.ip_forward=1
+  #sysctl -w net.ipv4.ip_forward=1
   #iptables -t nat -A POSTROUTING -s "${IPV4_CIDR}" -o eth0+ -j MASQUERADE
   #iptables -nL -t nat
 

home/自定义首页1.html

@@ -0,0 +1,101 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="UTF-8">
+  <title>AnyLink - 企业级远程办公 SSL VPN</title>
+  <style>
+    /* CSS样式表 */
+    body {
+      font-family: Arial, sans-serif;
+      margin: 0;
+      padding: 0;
+    }
+    
+    header {
+      background-color: #333;
+      color: #fff;
+      padding: 20px;
+      text-align: center;
+    }
+    
+    h1 {
+      margin: 0;
+      font-size: 32px;
+    }
+    
+    main {
+      max-width: 960px;
+      margin: 20px auto;
+      padding: 0 20px;
+	  margin-bottom: 100px;
+    }
+    
+    p {
+      line-height: 1.5;
+    }
+    
+	/* 设置页脚固定在底部，并且占满横向宽度 */
+	footer {
+		position: fixed;
+		bottom: 0;
+		left: 0;
+		width: 100%;
+	}
+	
+    footer {
+      background-color: #f2f2f2;
+      padding: 20px;
+      text-align: center;
+    }
+	
+    
+    .cta-button {
+      display: inline-block;
+      background-color: #007bff;
+      color: #fff;
+      padding: 10px 20px;
+      text-decoration: none;
+      border-radius: 4px;
+      font-weight: bold;
+      margin-right: 10px;
+    }
+  </style>
+</head>
+<body>
+  <header>
+    <h1>欢迎使用 AnyLink</h1>
+  </header>
+
+  <main>
+    <h2>什么是 AnyLink？</h2>
+    <p>AnyLink 是一款面向企业级的远程办公 SSL VPN 软件，支持多人同时在线使用。它提供安全、便捷的访问内部网络资源的方式，使远程工作者能够有效协作。</p>
+
+    <h2>核心功能</h2>
+    <ul>
+      <li>安全远程访问：AnyLink 使用 SSL/TLS 加密技术，确保远程用户与企业网络之间的连接安全可靠。</li>
+      <li>多用户支持：多个用户可以同时连接 VPN，实现不同地点团队的无缝协作。</li>
+      <li>灵活网络访问：AnyLink 能够安全地让远程工作者访问内部资源，如文件、应用程序和数据库。</li>
+      <li>集中化管理：该 VPN 解决方案提供集中化管理控制台，便于用户管理、访问控制和监控。</li>
+    </ul>
+
+    <h2>开始使用 AnyLink</h2>
+    <p>体验 AnyLink 为您的企业远程办公需求所带来的便利和安全。</p>
+
+    <h2>下载客户端</h2>
+    <a href="/files/anyconnect-win-4.10.05111.msi" class="cta-button">Windows 客户端</a>
+    <a href="/files/anyconnect-macos-4.10.05111.dmg" class="cta-button">Mac 客户端</a>
+
+    <a href="https://apps.apple.com/cn/app/cisco-secure-client/id1135064690" class="cta-button">iOS 客户端</a>
+    <a href="/files/CiscoSecureClientAnyConnect_v5.0.00247.apk" class="cta-button">Android 客户端</a>
+
+    <a href="/files/freeotp.apk" class="cta-button">Android FreeOTP客户端</a>
+    <a href="https://apps.apple.com/cn/app/freeotp-authenticator/id872559395" class="cta-button">iOS FreeOTP客户端</a>
+    <h2>使用手册</h2>
+    <a href="/files/anylink_doc.pdf" class="cta-button">使用手册(Windows)</a>
+  </main>
+
+  <footer>
+    &copy; 2023 AnyLink. 保留所有权利。
+  </footer>
+</body>
+</html>

server/admin/api_base.go

@@ -8,6 +8,7 @@ import (
 	"github.com/bjdgyc/anylink/base"
 	"github.com/bjdgyc/anylink/pkg/utils"
 	"github.com/gorilla/mux"
+	"github.com/xlzd/gotp"
 )
 
 // Login 登陆接口
@@ -20,10 +21,35 @@ func Login(w http.ResponseWriter, r *http.Request) {
 	adminUser := r.PostFormValue("admin_user")
 	adminPass := r.PostFormValue("admin_pass")
 
+	// 启用otp验证
+	if base.Cfg.AdminOtp != "" {
+		pwd := adminPass
+		pl := len(pwd)
+		if pl < 6 {
+			RespError(w, RespUserOrPassErr)
+			base.Error(adminUser, "管理员otp错误")
+			return
+		}
+		// 判断otp信息
+		adminPass = pwd[:pl-6]
+		otp := pwd[pl-6:]
+
+		totp := gotp.NewDefaultTOTP(base.Cfg.AdminOtp)
+		unix := time.Now().Unix()
+		verify := totp.Verify(otp, int(unix))
+
+		if !verify {
+			RespError(w, RespUserOrPassErr)
+			base.Error(adminUser, "管理员otp错误")
+			return
+		}
+	}
+
 	// 认证错误
 	if !(adminUser == base.Cfg.AdminUser &&
 		utils.PasswordVerify(adminPass, base.Cfg.AdminPass)) {
 		RespError(w, RespUserOrPassErr)
+		base.Error(adminUser, "管理员用户名或密码错误")
 		return
 	}
 
@@ -41,6 +67,14 @@ func Login(w http.ResponseWriter, r *http.Request) {
 	data["admin_user"] = adminUser
 	data["expires_at"] = expiresAt
 
+	ck := &http.Cookie{
+		Name:     "jwt",
+		Value:    tokenString,
+		Path:     "/",
+		HttpOnly: true,
+	}
+	http.SetCookie(w, ck)
+
 	RespSucess(w, data)
 }
 
@@ -50,13 +84,15 @@ func authMiddleware(next http.Handler) http.Handler {
 		w.Header().Set("Access-Control-Allow-Methods", "GET,POST,OPTIONS")
 		w.Header().Set("Access-Control-Allow-Headers", "*")
 		if r.Method == http.MethodOptions {
+			// 正式环境不支持 OPTIONS
+			w.WriteHeader(http.StatusForbidden)
 			return
 		}
 
 		route := mux.CurrentRoute(r)
 		name := route.GetName()
 		// fmt.Println("bb", r.URL.Path, name)
-		if utils.InArrStr([]string{"login", "index", "static", "debug"}, name) {
+		if utils.InArrStr([]string{"login", "index", "static"}, name) {
 			// 不进行鉴权
 			next.ServeHTTP(w, r)
 			return
@@ -67,6 +103,12 @@ func authMiddleware(next http.Handler) http.Handler {
 		if jwtToken == "" {
 			jwtToken = r.FormValue("jwt")
 		}
+		if jwtToken == "" {
+			cc, err := r.Cookie("jwt")
+			if err == nil {
+				jwtToken = cc.Value
+			}
+		}
 		data, err := GetJwtData(jwtToken)
 		if err != nil || base.Cfg.AdminUser != fmt.Sprint(data["admin_user"]) {
 			w.WriteHeader(http.StatusUnauthorized)

server/admin/api_cert.go

@@ -0,0 +1,99 @@
+package admin
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+
+	"github.com/bjdgyc/anylink/base"
+	"github.com/bjdgyc/anylink/dbdata"
+)
+
+func CustomCert(w http.ResponseWriter, r *http.Request) {
+	cert, _, err := r.FormFile("cert")
+	if err != nil {
+		RespError(w, RespInternalErr, err)
+		return
+	}
+	key, _, err := r.FormFile("key")
+	if err != nil {
+		RespError(w, RespInternalErr, err)
+		return
+	}
+	certFile, err := os.OpenFile(base.Cfg.CertFile, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0600)
+	if err != nil {
+		RespError(w, RespInternalErr, err)
+		return
+	}
+	defer certFile.Close()
+	if _, err := io.Copy(certFile, cert); err != nil {
+		RespError(w, RespInternalErr, err)
+		return
+	}
+	keyFile, err := os.OpenFile(base.Cfg.CertKey, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0600)
+	if err != nil {
+		RespError(w, RespInternalErr, err)
+		return
+	}
+	defer keyFile.Close()
+	if _, err := io.Copy(keyFile, key); err != nil {
+		RespError(w, RespInternalErr, err)
+		return
+	}
+	if tlscert, _, err := dbdata.ParseCert(); err != nil {
+		RespError(w, RespInternalErr, fmt.Sprintf("证书不合法，请重新上传:%v", err))
+		return
+	} else {
+		dbdata.LoadCertificate(tlscert)
+	}
+	RespSucess(w, "上传成功")
+}
+func GetCertSetting(w http.ResponseWriter, r *http.Request) {
+	sess := dbdata.GetXdb().NewSession()
+	defer sess.Close()
+	data := &dbdata.SettingLetsEncrypt{}
+	if err := dbdata.SettingGet(data); err != nil {
+		dbdata.SettingSessAdd(sess, data)
+		RespError(w, RespInternalErr, err)
+	}
+	userData := &dbdata.LegoUserData{}
+	if err := dbdata.SettingGet(userData); err != nil {
+		dbdata.SettingSessAdd(sess, userData)
+	}
+	RespSucess(w, data)
+}
+func CreatCert(w http.ResponseWriter, r *http.Request) {
+	if err := r.ParseForm(); err != nil {
+		http.Error(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+	body, err := io.ReadAll(r.Body)
+	if err != nil {
+		RespError(w, RespInternalErr, err)
+		return
+	}
+	defer r.Body.Close()
+	config := &dbdata.SettingLetsEncrypt{}
+	if err := json.Unmarshal(body, config); err != nil {
+		RespError(w, RespInternalErr, err)
+		return
+	}
+	if err := dbdata.SettingSet(config); err != nil {
+		RespError(w, RespInternalErr, err)
+		return
+	}
+	client := dbdata.LeGoClient{}
+	if err := client.NewClient(config); err != nil {
+		base.Error(err)
+		RespError(w, RespInternalErr, fmt.Sprintf("获取证书失败:%v", err))
+		return
+	}
+	if err := client.GetCert(config.Domain); err != nil {
+		base.Error(err)
+		RespError(w, RespInternalErr, fmt.Sprintf("获取证书失败:%v", err))
+		return
+	}
+	RespSucess(w, "生成证书成功")
+}

server/admin/api_group.go

@@ -118,3 +118,30 @@ func GroupDel(w http.ResponseWriter, r *http.Request) {
 	}
 	RespSucess(w, nil)
 }
+
+func GroupAuthLogin(w http.ResponseWriter, r *http.Request) {
+	type AuthLoginData struct {
+		Name string                 `json:"name"`
+		Pwd  string                 `json:"pwd"`
+		Auth map[string]interface{} `json:"auth"`
+	}
+
+	body, err := io.ReadAll(r.Body)
+	if err != nil {
+		RespError(w, RespInternalErr, err)
+		return
+	}
+	defer r.Body.Close()
+	v := &AuthLoginData{}
+	err = json.Unmarshal(body, &v)
+	if err != nil {
+		RespError(w, RespInternalErr, err)
+		return
+	}
+	err = dbdata.GroupAuthLogin(v.Name, v.Pwd, v.Auth)
+	if err != nil {
+		RespError(w, RespInternalErr, err)
+		return
+	}
+	RespSucess(w, "ok")
+}

server/admin/api_ip_map.go

@@ -80,6 +80,8 @@ func UserIpMapSet(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	// sessdata.IpAllSet(v)
+
 	RespSucess(w, nil)
 }
 
@@ -93,11 +95,20 @@ func UserIpMapDel(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	data := dbdata.IpMap{Id: id}
+	var data dbdata.IpMap
-	err := dbdata.Del(&data)
+	err := dbdata.One("Id", id, &data)
 	if err != nil {
 		RespError(w, RespInternalErr, err)
 		return
 	}
+
+	err = dbdata.Del(&data)
+	if err != nil {
+		RespError(w, RespInternalErr, err)
+		return
+	}
+
+	// sessdata.IpAllDel(&data)
+
 	RespSucess(w, nil)
 }

server/admin/api_uploaduser.go

@@ -5,11 +5,11 @@ import (
 	"io"
 	"net/http"
 	"os"
+	"path"
 	"strconv"
 	"strings"
 	"time"
 
-	"github.com/bjdgyc/anylink/base"
 	"github.com/bjdgyc/anylink/dbdata"
 	"github.com/bjdgyc/anylink/pkg/utils"
 	mapset "github.com/deckarep/golang-set"
@@ -25,21 +25,27 @@ func UserUpload(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	defer file.Close()
-	newFile, err := os.Create(base.Cfg.FilesPath + header.Filename)
+
+	// go/path-injection
+	// base.Cfg.FilesPath 可以直接对外访问，不能上传文件到此
+	fileName := path.Join(os.TempDir(), utils.RandomRunes(10))
+	newFile, err := os.Create(fileName)
 	if err != nil {
 		RespError(w, RespInternalErr, "创建文件失败:", err)
 		return
 	}
 	defer newFile.Close()
+
 	io.Copy(newFile, file)
 	if err = UploadUser(newFile.Name()); err != nil {
 		RespError(w, RespInternalErr, err)
-		os.Remove(base.Cfg.FilesPath + header.Filename)
+		os.Remove(fileName)
 		return
 	}
-	os.Remove(base.Cfg.FilesPath + header.Filename)
+	os.Remove(fileName)
 	RespSucess(w, "批量添加成功")
 }
+
 func UploadUser(file string) error {
 	f, err := excelize.OpenFile(file)
 	if err != nil {

server/admin/api_user.go

@@ -205,6 +205,7 @@ type userAccountMailData struct {
 	LinkAddr     string
 	Group        string
 	Username     string
+	Nickname     string
 	PinCode      string
 	OtpImg       string
 	OtpImgBase64 string
@@ -251,9 +252,11 @@ func userAccountMail(user *dbdata.User) error {
 	otpData, _ := userOtpQr(user.Id, true)
 
 	data := userAccountMailData{
+		Issuer:       base.Cfg.Issuer,
 		LinkAddr:     setting.LinkAddr,
 		Group:        strings.Join(user.Groups, ","),
 		Username:     user.Username,
+		Nickname:     user.Nickname,
 		PinCode:      user.PinCode,
 		OtpImg:       fmt.Sprintf("https://%s/otp_qr?id=%d&jwt=%s", setting.LinkAddr, user.Id, tokenString),
 		OtpImgBase64: "data:image/png;base64," + otpData,

server/admin/server.go

@@ -9,6 +9,8 @@ import (
 
 	"github.com/arl/statsviz"
 	"github.com/bjdgyc/anylink/base"
+	"github.com/bjdgyc/anylink/dbdata"
+	"github.com/bjdgyc/anylink/pkg/utils"
 	"github.com/gorilla/handlers"
 	"github.com/gorilla/mux"
 )
@@ -19,6 +21,13 @@ var UiData embed.FS
 func StartAdmin() {
 
 	r := mux.NewRouter()
+	// 所有路由添加安全头
+	r.Use(func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+			utils.SetSecureHeader(w)
+			next.ServeHTTP(w, req)
+		})
+	})
 	r.Use(authMiddleware)
 	r.Use(handlers.CompressHandler)
 
@@ -46,6 +55,9 @@ func StartAdmin() {
 	r.HandleFunc("/set/audit/list", SetAuditList)
 	r.HandleFunc("/set/audit/export", SetAuditExport)
 	r.HandleFunc("/set/audit/act_log_list", UserActLogList)
+	r.HandleFunc("/set/other/createcert", CreatCert)
+	r.HandleFunc("/set/other/getcertset", GetCertSetting)
+	r.HandleFunc("/set/other/customcert", CustomCert)
 
 	r.HandleFunc("/user/list", UserList)
 	r.HandleFunc("/user/detail", UserDetail)
@@ -71,6 +83,7 @@ func StartAdmin() {
 	r.HandleFunc("/group/detail", GroupDetail)
 	r.HandleFunc("/group/set", GroupSet)
 	r.HandleFunc("/group/del", GroupDel)
+	r.HandleFunc("/group/auth_login", GroupAuthLogin)
 
 	r.HandleFunc("/statsinfo/list", StatsInfoList)
 
@@ -95,18 +108,28 @@ func StartAdmin() {
 	for _, s := range cipherSuites {
 		selectedCipherSuites = append(selectedCipherSuites, s.ID)
 	}
+
+	if tlscert, _, err := dbdata.ParseCert(); err != nil {
+		base.Fatal("证书加载失败", err)
+	} else {
+		dbdata.LoadCertificate(tlscert)
+	}
+
 	// 设置tls信息
 	tlsConfig := &tls.Config{
 		NextProtos:   []string{"http/1.1"},
 		MinVersion:   tls.VersionTLS12,
 		CipherSuites: selectedCipherSuites,
+		GetCertificate: func(chi *tls.ClientHelloInfo) (*tls.Certificate, error) {
+			return dbdata.GetCertificateBySNI(chi.ServerName)
+		},
 	}
 	srv := &http.Server{
 		Addr:      base.Cfg.AdminAddr,
 		Handler:   r,
 		TLSConfig: tlsConfig,
 	}
-	err := srv.ListenAndServeTLS(base.Cfg.CertFile, base.Cfg.CertKey)
+	err := srv.ListenAndServeTLS("", "")
 	if err != nil {
 		base.Fatal(err)
 	}

server/base/app_ver.go

@@ -3,5 +3,5 @@ package base
 const (
 	APP_NAME = "AnyLink"
 	// app版本号
-	APP_VER = "0.9.2-beta1"
+	APP_VER = "0.10.1"
 )

server/base/cfg.go

@@ -49,6 +49,7 @@ type ServerConfig struct {
 	Issuer         string `json:"issuer"`
 	AdminUser      string `json:"admin_user"`
 	AdminPass      string `json:"admin_pass"`
+	AdminOtp       string `json:"admin_otp"`
 	JwtSecret      string `json:"jwt_secret"`
 
 	LinkMode    string `json:"link_mode"`    // tun tap macvtap ipvtap
@@ -73,8 +74,12 @@ type ServerConfig struct {
 	// AuthTimeout    int `json:"auth_timeout"`    // in seconds
 	AuditInterval int `json:"audit_interval"` // in seconds
 
-	ShowSQL     bool `json:"show_sql"` // bool
+	ShowSQL         bool `json:"show_sql"` // bool
-	IptablesNat bool `json:"iptables_nat"`
+	IptablesNat     bool `json:"iptables_nat"`
+	Compression     bool `json:"compression"`       // bool
+	NoCompressLimit int  `json:"no_compress_limit"` // int
+
+	DisplayError bool `json:"display_error"`
 }
 
 func initServerCfg() {

server/base/cmd.go

@@ -3,14 +3,17 @@ package base
 import (
 	"errors"
 	"fmt"
+	"io"
 	"os"
 	"reflect"
 	"runtime"
 	"strings"
 
 	"github.com/bjdgyc/anylink/pkg/utils"
+	"github.com/skip2/go-qrcode"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
+	"github.com/xlzd/gotp"
 )
 
 var (
@@ -18,6 +21,8 @@ var (
 	CommitId string
 	// pass明文
 	passwd string
+	// 生成otp
+	otp bool
 	// 生成密钥
 	secret bool
 	// 显示版本信息
@@ -69,13 +74,17 @@ func initCmd() {
 		Run: func(cmd *cobra.Command, args []string) {
 			// fmt.Println("cmd：", cmd.Use, args)
 			runSrv = true
+
+			if rev {
+				printVersion()
+				os.Exit(0)
+			}
 		},
 	}
 
 	linkViper.SetEnvPrefix("link")
 
 	// 基础配置
-
 	for _, v := range configs {
 		if v.Typ == cfgStr {
 			rootCmd.Flags().StringP(v.Name, v.Short, v.ValStr, v.Usage)
@@ -92,6 +101,7 @@ func initCmd() {
 		// viper.SetDefault(v.Name, v.Value)
 	}
 
+	rootCmd.Flags().BoolVarP(&rev, "version", "v", false, "display version info")
 	rootCmd.AddCommand(initToolCmd())
 
 	cobra.OnInitialize(func() {
@@ -107,7 +117,7 @@ func initCmd() {
 		linkViper.SetConfigFile(conf)
 		err = linkViper.ReadInConfig()
 		if err != nil {
-			fmt.Println("Using config file:", err)
+			panic("config file err:" + err.Error())
 		}
 	})
 }
@@ -122,17 +132,24 @@ func initToolCmd() *cobra.Command {
 	toolCmd.Flags().BoolVarP(&rev, "version", "v", false, "display version info")
 	toolCmd.Flags().BoolVarP(&secret, "secret", "s", false, "generate a random jwt secret")
 	toolCmd.Flags().StringVarP(&passwd, "passwd", "p", "", "convert the password plaintext")
+	toolCmd.Flags().BoolVarP(&otp, "otp", "o", false, "generate a random otp secret")
 	toolCmd.Flags().BoolVarP(&debug, "debug", "d", false, "list the config viper.Debug() info")
 
 	toolCmd.Run = func(cmd *cobra.Command, args []string) {
 		switch {
 		case rev:
-			fmt.Printf("%s v%s build on %s [%s, %s] commit_id(%s) \n",
+			printVersion()
-				APP_NAME, APP_VER, runtime.Version(), runtime.GOOS, runtime.GOARCH, CommitId)
 		case secret:
 			s, _ := utils.RandSecret(40, 60)
 			s = strings.Trim(s, "=")
 			fmt.Printf("Secret:%s\n", s)
+		case otp:
+			s := gotp.RandomSecret(32)
+			fmt.Printf("Otp:%s\n\n", s)
+			qrstr := fmt.Sprintf("otpauth://totp/%s:%s?issuer=%s&secret=%s", "anylink_admin", "admin@anylink", "anylink_admin", s)
+			qr, _ := qrcode.New(qrstr, qrcode.High)
+			ss := qr.ToSmallString(false)
+			io.WriteString(os.Stderr, ss)
 		case passwd != "":
 			pass, _ := utils.PasswordHash(passwd)
 			fmt.Printf("Passwd:%s\n", pass)
@@ -145,3 +162,8 @@ func initToolCmd() *cobra.Command {
 
 	return toolCmd
 }
+
+func printVersion() {
+	fmt.Printf("%s v%s build on %s [%s, %s] commit_id(%s) \n",
+		APP_NAME, APP_VER, runtime.Version(), runtime.GOOS, runtime.GOARCH, CommitId)
+}

server/base/config.go

@@ -38,6 +38,7 @@ var configs = []config{
 	{Typ: cfgStr, Name: "issuer", Usage: "系统名称", ValStr: "XX公司VPN"},
 	{Typ: cfgStr, Name: "admin_user", Usage: "管理用户名", ValStr: "admin"},
 	{Typ: cfgStr, Name: "admin_pass", Usage: "管理用户密码", ValStr: defaultPwd},
+	{Typ: cfgStr, Name: "admin_otp", Usage: "管理用户otp,生成命令 ./anylink tool -o", ValStr: ""},
 	{Typ: cfgStr, Name: "jwt_secret", Usage: "JWT密钥", ValStr: defaultJwt},
 	{Typ: cfgStr, Name: "link_mode", Usage: "虚拟网络类型[tun tap macvtap ipvtap]", ValStr: "tun"},
 	{Typ: cfgStr, Name: "ipv4_master", Usage: "ipv4主网卡名称", ValStr: "eth0"},
@@ -48,20 +49,24 @@ var configs = []config{
 	{Typ: cfgStr, Name: "default_group", Usage: "默认用户组", ValStr: "one"},
 	{Typ: cfgStr, Name: "default_domain", Usage: "要发布的默认域", ValStr: ""},
 
-	{Typ: cfgInt, Name: "ip_lease", Usage: "IP租期(秒)", ValInt: 1209600},
+	{Typ: cfgInt, Name: "ip_lease", Usage: "IP租期(秒)", ValInt: 86400},
 	{Typ: cfgInt, Name: "max_client", Usage: "最大用户连接", ValInt: 200},
 	{Typ: cfgInt, Name: "max_user_client", Usage: "最大单用户连接", ValInt: 3},
 	{Typ: cfgInt, Name: "cstp_keepalive", Usage: "keepalive时间(秒)", ValInt: 4},
-	{Typ: cfgInt, Name: "cstp_dpd", Usage: "死链接检测时间(秒)", ValInt: 10},
+	{Typ: cfgInt, Name: "cstp_dpd", Usage: "死链接检测时间(秒)", ValInt: 9},
 	{Typ: cfgInt, Name: "mobile_keepalive", Usage: "移动端keepalive接检测时间(秒)", ValInt: 7},
 	{Typ: cfgInt, Name: "mobile_dpd", Usage: "移动端死链接检测时间(秒)", ValInt: 15},
 	{Typ: cfgInt, Name: "mtu", Usage: "最大传输单元MTU", ValInt: 1460},
-	{Typ: cfgInt, Name: "session_timeout", Usage: "session过期时间(秒)", ValInt: 3600},
+	{Typ: cfgInt, Name: "session_timeout", Usage: "session过期时间(秒)-用于断线重连，0永不过期", ValInt: 3600},
 	// {Typ: cfgInt, Name: "auth_timeout", Usage: "auth_timeout", ValInt: 0},
 	{Typ: cfgInt, Name: "audit_interval", Usage: "审计去重间隔(秒),-1关闭", ValInt: -1},
 
 	{Typ: cfgBool, Name: "show_sql", Usage: "显示sql语句，用于调试", ValBool: false},
 	{Typ: cfgBool, Name: "iptables_nat", Usage: "是否自动添加NAT", ValBool: true},
+	{Typ: cfgBool, Name: "compression", Usage: "启用压缩", ValBool: false},
+	{Typ: cfgInt, Name: "no_compress_limit", Usage: "低于及等于多少字节不压缩", ValInt: 256},
+
+	{Typ: cfgBool, Name: "display_error", Usage: "客户端显示详细错误信息(线上环境慎开启)", ValBool: false},
 }
 
 var envs = map[string]string{}

server/base/log.go

@@ -10,11 +10,12 @@ import (
 )
 
 const (
-	_Debug = iota
+	LogLevelTrace = iota
-	_Info
+	LogLevelDebug
-	_Warn
+	LogLevelInfo
-	_Error
+	LogLevelWarn
-	_Fatal
+	LogLevelError
+	LogLevelFatal
 )
 
 var (
@@ -87,17 +88,22 @@ func GetBaseLog() *log.Logger {
 	return baseLog
 }
 
+func GetLogLevel() int {
+	return baseLevel
+}
+
 func logLevel2Int(l string) int {
 	levels = map[int]string{
-		_Debug: "Debug",
+		LogLevelTrace: "Trace",
-		_Info:  "Info",
+		LogLevelDebug: "Debug",
-		_Warn:  "Warn",
+		LogLevelInfo:  "Info",
-		_Error: "Error",
+		LogLevelWarn:  "Warn",
-		_Fatal: "Fatal",
+		LogLevelError: "Error",
+		LogLevelFatal: "Fatal",
 	}
-	lvl := _Info
+	lvl := LogLevelInfo
 	for k, v := range levels {
-		if strings.EqualFold(strings.ToLower(l), strings.ToLower(v)) {
+		if strings.ToLower(l) == strings.ToLower(v) {
 			lvl = k
 		}
 	}
@@ -109,8 +115,16 @@ func output(l int, s ...interface{}) {
 	_ = baseLog.Output(3, lvl+fmt.Sprintln(s...))
 }
 
+func Trace(v ...interface{}) {
+	l := LogLevelTrace
+	if baseLevel > l {
+		return
+	}
+	output(l, v...)
+}
+
 func Debug(v ...interface{}) {
-	l := _Debug
+	l := LogLevelDebug
 	if baseLevel > l {
 		return
 	}
@@ -118,7 +132,7 @@ func Debug(v ...interface{}) {
 }
 
 func Info(v ...interface{}) {
-	l := _Info
+	l := LogLevelInfo
 	if baseLevel > l {
 		return
 	}
@@ -126,7 +140,7 @@ func Info(v ...interface{}) {
 }
 
 func Warn(v ...interface{}) {
-	l := _Warn
+	l := LogLevelWarn
 	if baseLevel > l {
 		return
 	}
@@ -134,7 +148,7 @@ func Warn(v ...interface{}) {
 }
 
 func Error(v ...interface{}) {
-	l := _Error
+	l := LogLevelError
 	if baseLevel > l {
 		return
 	}
@@ -142,7 +156,7 @@ func Error(v ...interface{}) {
 }
 
 func Fatal(v ...interface{}) {
-	l := _Fatal
+	l := LogLevelFatal
 	if baseLevel > l {
 		return
 	}

server/base/mod.go

@@ -0,0 +1,77 @@
+package base
+
+import (
+	"bufio"
+	"fmt"
+	"log"
+	"os"
+	"os/exec"
+	"strings"
+)
+
+const (
+	procModulesPath = "/proc/modules"
+	inContainerKey  = "ANYLINK_IN_CONTAINER"
+	tunPath         = "/dev/net/tun"
+)
+
+var (
+	InContainer = false
+	modMap      = map[string]struct{}{}
+)
+
+func initMod() {
+	container := os.Getenv(inContainerKey)
+	if container == "true" {
+		InContainer = true
+	}
+	log.Println("InContainer", InContainer)
+
+	file, err := os.Open(procModulesPath)
+	if err != nil {
+		err = fmt.Errorf("[ERROR] Problem with open file: %s", err)
+		panic(err)
+	}
+	defer file.Close()
+	scanner := bufio.NewScanner(file)
+	scanner.Split(bufio.ScanLines)
+	for scanner.Scan() {
+		splited := strings.Split(scanner.Text(), " ")
+		if len(splited[0]) > 0 {
+			modMap[splited[0]] = struct{}{}
+		}
+	}
+}
+
+func CheckModOrLoad(mod string) {
+	log.Println("CheckModOrLoad", mod)
+
+	if _, ok := modMap[mod]; ok {
+		return
+	}
+
+	if mod == "tun" || mod == "tap" {
+		_, err := os.Stat(tunPath)
+		if err == nil {
+			// 文件存在
+			return
+		}
+		panic("Linux tunFile is null " + tunPath)
+	}
+
+	if InContainer {
+		err := fmt.Errorf("Linux module %s is not loaded, please run `modprobe %s`", mod, mod)
+		// log.Println(err)
+		// return
+		panic(err)
+	}
+
+	cmdstr := fmt.Sprintln("modprobe", mod)
+
+	cmd := exec.Command("sh", "-c", cmdstr)
+	b, err := cmd.CombinedOutput()
+	if err != nil {
+		log.Println(string(b))
+		panic(err)
+	}
+}

server/base/start.go

@@ -4,6 +4,7 @@ func Start() {
 	execute()
 	initCfg()
 	initLog()
+	initMod()
 }
 
 func Test() {

server/conf/files/info.txt

@@ -1,2 +1,2 @@
 客户端软件需放置在files目录内，
-如需要帮助请加QQ群：567510628
+如需要帮助请加QQ群：567510628 、739072205

server/conf/profile.xml

@@ -8,6 +8,7 @@
         <RestrictPreferenceCaching>false</RestrictPreferenceCaching>
         <RestrictTunnelProtocols>IPSec</RestrictTunnelProtocols>
         <BypassDownloader>true</BypassDownloader>
+        <AutoUpdate UserControllable="false">false</AutoUpdate>
         <WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>
         <LinuxVPNEstablishment>AllowRemoteUsers</LinuxVPNEstablishment>
         <CertEnrollmentPin>pinAllowed</CertEnrollmentPin>
@@ -20,15 +21,19 @@
             </ExtendedKeyUsage>
         </CertificateMatch>
 
-        <BackupServerList>
-            <HostAddress>localhost</HostAddress>
-        </BackupServerList>
     </ClientInitialization>
 
     <ServerList>
+
         <HostEntry>
-            <HostName>VPN Server</HostName>
+            <HostName>VPN</HostName>
             <HostAddress>localhost</HostAddress>
         </HostEntry>
+
+        <HostEntry>
+            <HostName>VPN2</HostName>
+            <HostAddress>localhost2</HostAddress>
+        </HostEntry>
+
     </ServerList>
 </AnyConnectProfile>

server/conf/server-sample.toml

@@ -23,6 +23,9 @@ issuer = "XX公司VPN"
 admin_user = "admin"
 #pass 123456
 admin_pass = "$2a$10$UQ7C.EoPifDeJh6d8.31TeSPQU7hM/NOM2nixmBucJpAuXDQNqNke"
+# 留空表示不开启 otp, 开启otp后密码为  pass + 6位otp
+# 生成 ./anylink tool -o
+admin_otp = ""
 jwt_secret = "abcdef.0123456789.abcdef"
 
 
@@ -50,7 +53,7 @@ max_client = 100
 #单个用户同时在线数量
 max_user_client = 3
 #IP租期(秒)
-ip_lease = 1209600
+ip_lease = 86400
 
 #默认选择的组
 default_group = "one"
@@ -78,4 +81,12 @@ show_sql = false
 #是否自动添加nat
 iptables_nat = true
 
+#启用压缩
+compression = false
+#低于及等于多少字节不压缩
+no_compress_limit = 256
+
+#客户端显示详细错误信息(线上环境慎开启)
+display_error = false
+
 

server/conf/server.toml

@@ -18,6 +18,9 @@ issuer = "XX公司VPN"
 admin_user = "admin"
 #pass 123456
 admin_pass = "$2a$10$UQ7C.EoPifDeJh6d8.31TeSPQU7hM/NOM2nixmBucJpAuXDQNqNke"
+# 留空表示不开启 otp, 开启otp后密码为  pass + 6位otp
+# 生成 ./anylink tool -o
+admin_otp = ""
 jwt_secret = "abcdef.0123456789.abcdef"
 
 #服务监听地址
@@ -35,3 +38,9 @@ ipv4_end = "192.168.90.200"
 
 #是否自动添加nat
 iptables_nat = true
+
+
+#客户端显示详细错误信息(线上环境慎开启)
+display_error = true
+
+

server/cron/start.go

@@ -3,6 +3,7 @@ package cron
 import (
 	"time"
 
+	"github.com/bjdgyc/anylink/dbdata"
 	"github.com/bjdgyc/anylink/sessdata"
 	"github.com/go-co-op/gocron"
 )
@@ -13,5 +14,6 @@ func Start() {
 	s.Cron("0 * * * *").Do(ClearStatsInfo)
 	s.Cron("0 * * * *").Do(ClearUserActLog)
 	s.Every(1).Day().At("00:00").Do(sessdata.CloseUserLimittimeSession)
+	s.Every(1).Day().At("00:00").Do(dbdata.ReNewCert)
 	s.StartAsync()
 }

server/dbdata/cert.go

@@ -0,0 +1,411 @@
+package dbdata
+
+import (
+	"crypto"
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/tls"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+	"errors"
+	"fmt"
+	"math/big"
+	"net"
+	"os"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/pion/dtls/v2/pkg/crypto/selfsign"
+
+	"github.com/bjdgyc/anylink/base"
+	"github.com/go-acme/lego/v4/certcrypto"
+	"github.com/go-acme/lego/v4/certificate"
+	"github.com/go-acme/lego/v4/challenge"
+	"github.com/go-acme/lego/v4/challenge/dns01"
+	"github.com/go-acme/lego/v4/lego"
+	"github.com/go-acme/lego/v4/providers/dns/alidns"
+	"github.com/go-acme/lego/v4/providers/dns/cloudflare"
+	"github.com/go-acme/lego/v4/providers/dns/tencentcloud"
+	"github.com/go-acme/lego/v4/registration"
+)
+
+var (
+	// nameToCertificate mutex
+	ntcMux            sync.RWMutex
+	nameToCertificate = make(map[string]*tls.Certificate)
+	tempCert          *tls.Certificate
+)
+
+func init() {
+	c, _ := selfsign.GenerateSelfSignedWithDNS("localhost")
+	tempCert = &c
+}
+
+type SettingLetsEncrypt struct {
+	Domain   string `json:"domain"`
+	Legomail string `json:"legomail"`
+	Name     string `json:"name"`
+	Renew    bool   `json:"renew"`
+	DNSProvider
+}
+
+type DNSProvider struct {
+	AliYun struct {
+		APIKey    string `json:"apiKey"`
+		SecretKey string `json:"secretKey"`
+	} `json:"aliyun"`
+
+	TXCloud struct {
+		SecretID  string `json:"secretId"`
+		SecretKey string `json:"secretKey"`
+	} `json:"txcloud"`
+	CfCloud struct {
+		AuthToken string `json:"authToken"`
+	} `json:"cfcloud"`
+}
+type LegoUserData struct {
+	Email        string                 `json:"email"`
+	Registration *registration.Resource `json:"registration"`
+	Key          []byte                 `json:"key"`
+}
+type LegoUser struct {
+	Email        string
+	Registration *registration.Resource
+	Key          *ecdsa.PrivateKey
+}
+
+type LeGoClient struct {
+	mutex  sync.Mutex
+	Client *lego.Client
+	Cert   *certificate.Resource
+	LegoUserData
+}
+
+func GetDNSProvider(l *SettingLetsEncrypt) (Provider challenge.Provider, err error) {
+	switch l.Name {
+	case "aliyun":
+		if Provider, err = alidns.NewDNSProviderConfig(&alidns.Config{APIKey: l.DNSProvider.AliYun.APIKey, SecretKey: l.DNSProvider.AliYun.SecretKey, PropagationTimeout: 60 * time.Second, PollingInterval: 2 * time.Second, TTL: 600}); err != nil {
+			return
+		}
+	case "txcloud":
+		if Provider, err = tencentcloud.NewDNSProviderConfig(&tencentcloud.Config{SecretID: l.DNSProvider.TXCloud.SecretID, SecretKey: l.DNSProvider.TXCloud.SecretKey, PropagationTimeout: 60 * time.Second, PollingInterval: 2 * time.Second, TTL: 600}); err != nil {
+			return
+		}
+	case "cfcloud":
+		if Provider, err = cloudflare.NewDNSProviderConfig(&cloudflare.Config{AuthToken: l.DNSProvider.CfCloud.AuthToken, PropagationTimeout: 60 * time.Second, PollingInterval: 2 * time.Second, TTL: 600}); err != nil {
+			return
+		}
+	}
+	return
+}
+func (u *LegoUser) GetEmail() string {
+	return u.Email
+}
+func (u LegoUser) GetRegistration() *registration.Resource {
+	return u.Registration
+}
+func (u *LegoUser) GetPrivateKey() crypto.PrivateKey {
+	return u.Key
+}
+
+func (l *LegoUserData) SaveUserData(u *LegoUser) error {
+	key, err := x509.MarshalECPrivateKey(u.Key)
+	if err != nil {
+		return err
+	}
+	l.Email = u.Email
+	l.Registration = u.Registration
+	l.Key = key
+	if err := SettingSet(l); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (l *LegoUserData) GetUserData(d *SettingLetsEncrypt) (*LegoUser, error) {
+	if err := SettingGet(l); err != nil {
+		return nil, err
+	}
+	if l.Email != "" {
+		key, err := x509.ParseECPrivateKey(l.Key)
+		if err != nil {
+			return nil, err
+		}
+		return &LegoUser{
+			Email:        l.Email,
+			Registration: l.Registration,
+			Key:          key,
+		}, nil
+	}
+	privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	if err != nil {
+		return nil, err
+	}
+	return &LegoUser{
+		Email: d.Legomail,
+		Key:   privateKey,
+	}, nil
+}
+func ReNewCert() {
+	_, certtime, err := ParseCert()
+	if err != nil {
+		base.Error(err)
+		return
+	}
+	if certtime.AddDate(0, 0, -7).Before(time.Now()) {
+		config := &SettingLetsEncrypt{}
+		if err := SettingGet(config); err != nil {
+			base.Error(err)
+			return
+		}
+		if config.Renew {
+			client := &LeGoClient{}
+			if err := client.NewClient(config); err != nil {
+				base.Error(err)
+				return
+			}
+			if err := client.RenewCert(base.Cfg.CertFile, base.Cfg.CertKey); err != nil {
+				base.Error(err)
+				return
+			}
+			base.Info("证书续期成功")
+		}
+	} else {
+		base.Info(fmt.Sprintf("证书过期时间：%s", certtime.Local().Format("2006-1-2 15:04:05")))
+	}
+}
+
+func (c *LeGoClient) NewClient(l *SettingLetsEncrypt) error {
+	c.mutex.Lock()
+	defer c.mutex.Unlock()
+	legouser, err := c.GetUserData(l)
+	if err != nil {
+		return err
+	}
+	config := lego.NewConfig(legouser)
+	config.CADirURL = lego.LEDirectoryProduction
+	config.Certificate.KeyType = certcrypto.RSA2048
+
+	client, err := lego.NewClient(config)
+	if err != nil {
+		return err
+	}
+	Provider, err := GetDNSProvider(l)
+	if err != nil {
+		return err
+	}
+	if err := client.Challenge.SetDNS01Provider(Provider, dns01.AddRecursiveNameservers([]string{"223.6.6.6", "223.5.5.5"})); err != nil {
+		return err
+	}
+	if legouser.Registration == nil {
+		reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
+		if err != nil {
+			return err
+		}
+		legouser.Registration = reg
+		c.SaveUserData(legouser)
+	}
+	c.Client = client
+	return nil
+}
+
+func (c *LeGoClient) GetCert(domain string) error {
+	// 申请证书
+	certificates, err := c.Client.Certificate.Obtain(
+		certificate.ObtainRequest{
+			Domains: []string{domain},
+			Bundle:  true,
+		})
+	if err != nil {
+		return err
+	}
+	c.Cert = certificates
+	// 保存证书
+	if err := c.SaveCert(); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (c *LeGoClient) RenewCert(certFile, keyFile string) error {
+	cert, err := os.ReadFile(certFile)
+	if err != nil {
+		return err
+	}
+	key, err := os.ReadFile(keyFile)
+	if err != nil {
+		return err
+	}
+	// 续期证书
+	renewcert, err := c.Client.Certificate.Renew(certificate.Resource{
+		Certificate: cert,
+		PrivateKey:  key,
+	}, true, false, "")
+	if err != nil {
+		return err
+	}
+	c.Cert = renewcert
+	// 保存更新证书
+	if err := c.SaveCert(); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (c *LeGoClient) SaveCert() error {
+	err := os.WriteFile(base.Cfg.CertFile, c.Cert.Certificate, 0600)
+	if err != nil {
+		return err
+	}
+	err = os.WriteFile(base.Cfg.CertKey, c.Cert.PrivateKey, 0600)
+	if err != nil {
+		return err
+	}
+	if tlscert, _, err := ParseCert(); err != nil {
+		return err
+	} else {
+		LoadCertificate(tlscert)
+	}
+	return nil
+}
+
+func ParseCert() (*tls.Certificate, *time.Time, error) {
+	_, errCert := os.Stat(base.Cfg.CertFile)
+	_, errKey := os.Stat(base.Cfg.CertKey)
+	if os.IsNotExist(errCert) || os.IsNotExist(errKey) {
+		err := PrivateCert()
+		if err != nil {
+			return nil, nil, err
+		}
+	}
+	cert, err := tls.LoadX509KeyPair(base.Cfg.CertFile, base.Cfg.CertKey)
+	if err != nil || errors.Is(err, os.ErrNotExist) {
+		PrivateCert()
+		return nil, nil, err
+	}
+	parseCert, err := x509.ParseCertificate(cert.Certificate[0])
+	if err != nil {
+		return nil, nil, err
+	}
+	return &cert, &parseCert.NotAfter, nil
+}
+
+func PrivateCert() error {
+	// 创建一个RSA密钥对
+	priv, _ := rsa.GenerateKey(rand.Reader, 2048)
+	pub := &priv.PublicKey
+
+	// 生成一个自签名证书
+	template := x509.Certificate{
+		SerialNumber:          big.NewInt(1658),
+		Subject:               pkix.Name{CommonName: "localhost"},
+		NotBefore:             time.Now(),
+		NotAfter:              time.Now().Add(time.Hour * 24 * 365),
+		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
+		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+		BasicConstraintsValid: true,
+		IPAddresses:           []net.IP{},
+	}
+
+	derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, pub, priv)
+	if err != nil {
+		return err
+	}
+
+	// 将证书编码为PEM格式并将其写入文件
+	certOut, _ := os.OpenFile(base.Cfg.CertFile, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0600)
+	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
+	certOut.Close()
+
+	// 将私钥编码为PEM格式并将其写入文件
+	keyOut, _ := os.OpenFile(base.Cfg.CertKey, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
+	pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)})
+	keyOut.Close()
+	cert, err := tls.LoadX509KeyPair(base.Cfg.CertFile, base.Cfg.CertKey)
+	if err != nil {
+		return err
+	}
+	LoadCertificate(&cert)
+	return nil
+}
+
+func getTempCertificate() (*tls.Certificate, error) {
+	var err error
+	var cert tls.Certificate
+	if tempCert == nil {
+		cert, err = selfsign.GenerateSelfSignedWithDNS("localhost")
+		tempCert = &cert
+	}
+	return tempCert, err
+}
+
+func GetCertificateBySNI(commonName string) (*tls.Certificate, error) {
+	ntcMux.RLock()
+	defer ntcMux.RUnlock()
+
+	// Copy from tls.Config getCertificate()
+	name := strings.ToLower(commonName)
+	if cert, ok := nameToCertificate[name]; ok {
+		return cert, nil
+	}
+	if len(name) > 0 {
+		labels := strings.Split(name, ".")
+		labels[0] = "*"
+		wildcardName := strings.Join(labels, ".")
+		if cert, ok := nameToCertificate[wildcardName]; ok {
+			return cert, nil
+		}
+	}
+	// TODO 默认证书 兼容不支持 SNI 的客户端
+	if cert, ok := nameToCertificate["default"]; ok {
+		return cert, nil
+	}
+
+	return getTempCertificate()
+}
+
+func LoadCertificate(cert *tls.Certificate) {
+	buildNameToCertificate(cert)
+}
+
+// Copy from tls.Config BuildNameToCertificate()
+func buildNameToCertificate(cert *tls.Certificate) {
+	ntcMux.Lock()
+	defer ntcMux.Unlock()
+
+	// TODO 设置默认证书
+	nameToCertificate["default"] = cert
+
+	x509Cert, err := x509.ParseCertificate(cert.Certificate[0])
+	if err != nil {
+		return
+	}
+	startTime := x509Cert.NotBefore.String()
+	expiredTime := x509Cert.NotAfter.String()
+	if x509Cert.Subject.CommonName != "" && len(x509Cert.DNSNames) == 0 {
+		commonName := x509Cert.Subject.CommonName
+		fmt.Printf("┏ Load Certificate: %s\n", commonName)
+		fmt.Printf("┠╌╌ Start Time:     %s\n", startTime)
+		fmt.Printf("┖╌╌ Expired Time:   %s\n", expiredTime)
+		nameToCertificate[commonName] = cert
+	}
+	for _, san := range x509Cert.DNSNames {
+		fmt.Printf("┏ Load Certificate: %s\n", san)
+		fmt.Printf("┠╌╌ Start Time:     %s\n", startTime)
+		fmt.Printf("┖╌╌ Expired Time:   %s\n", expiredTime)
+		nameToCertificate[san] = cert
+	}
+}
+
+// func Scrypt(passwd string) string {
+// 	salt := []byte{0xc8, 0x28, 0xf2, 0x58, 0xa7, 0x6a, 0xad, 0x7b}
+// 	hashPasswd, err := scrypt.Key([]byte(passwd), salt, 1<<15, 8, 1, 32)
+// 	if err != nil {
+// 		return err.Error()
+// 	}
+// 	return base64.StdEncoding.EncodeToString(hashPasswd)
+// }

server/dbdata/db.go

@@ -99,6 +99,35 @@ func addInitData() error {
 		return err
 	}
 
+	// SettingDnsProvider
+	provider := &SettingLetsEncrypt{
+		Domain:   "vpn.xxx.com",
+		Legomail: "legomail",
+		Name:     "aliyun",
+		Renew:    false,
+		DNSProvider: DNSProvider{
+			AliYun: struct {
+				APIKey    string `json:"apiKey"`
+				SecretKey string `json:"secretKey"`
+			}{APIKey: "", SecretKey: ""},
+			TXCloud: struct {
+				SecretID  string `json:"secretId"`
+				SecretKey string `json:"secretKey"`
+			}{SecretID: "", SecretKey: ""},
+			CfCloud: struct {
+				AuthToken string `json:"authToken"`
+			}{AuthToken: ""}},
+	}
+	err = SettingSessAdd(sess, provider)
+	if err != nil {
+		return err
+	}
+	// LegoUser
+	legouser := &LegoUserData{}
+	err = SettingSessAdd(sess, legouser)
+	if err != nil {
+		return err
+	}
 	// SettingOther
 	other := &SettingOther{
 		LinkAddr:    "vpn.xx.com",

server/dbdata/group.go

@@ -117,11 +117,18 @@ func SetGroup(g *Group) error {
 				continue
 			}
 
-			ipMask, _, err := parseIpNet(v.Val)
+			ipMask, ipNet, err := parseIpNet(v.Val)
+
 			if err != nil {
 				return errors.New("RouteInclude 错误" + err.Error())
 			}
 
+			// 给Mac系统下发路由时，必须是标准的网络地址
+			if strings.Split(ipMask, "/")[0] != ipNet.IP.String() {
+				errMsg := fmt.Sprintf("RouteInclude 错误: 网络地址错误，建议： %s 改为 %s", v.Val, ipNet)
+				return errors.New(errMsg)
+			}
+
 			v.IpMask = ipMask
 			routeInclude = append(routeInclude, v)
 		}
@@ -130,10 +137,16 @@ func SetGroup(g *Group) error {
 	routeExclude := []ValData{}
 	for _, v := range g.RouteExclude {
 		if v.Val != "" {
-			ipMask, _, err := parseIpNet(v.Val)
+			ipMask, ipNet, err := parseIpNet(v.Val)
 			if err != nil {
 				return errors.New("RouteExclude 错误" + err.Error())
 			}
+
+			if strings.Split(ipMask, "/")[0] != ipNet.IP.String() {
+				errMsg := fmt.Sprintf("RouteInclude 错误: 网络地址错误，建议： %s 改为 %s", v.Val, ipNet)
+				return errors.New(errMsg)
+			}
+
 			v.IpMask = ipMask
 			routeExclude = append(routeExclude, v)
 		}
@@ -225,6 +238,21 @@ func SetGroup(g *Group) error {
 	return err
 }
 
+func GroupAuthLogin(name, pwd string, authData map[string]interface{}) error {
+	g := &Group{Auth: authData}
+	authType := g.Auth["type"].(string)
+	if _, ok := authRegistry[authType]; !ok {
+		return errors.New("未知的认证方式: " + authType)
+	}
+	auth := makeInstance(authType).(IUserAuth)
+	err := auth.checkData(g.Auth)
+	if err != nil {
+		return err
+	}
+	err = auth.checkUser(name, pwd, g)
+	return err
+}
+
 func parseIpNet(s string) (string, *net.IPNet, error) {
 	ip, ipNet, err := net.ParseCIDR(s)
 	if err != nil {

server/dbdata/group_test.go

@@ -46,13 +46,14 @@ func TestGetGroupNames(t *testing.T) {
 	authData = map[string]interface{}{
 		"type": "ldap",
 		"ldap": map[string]interface{}{
-			"addr":        "192.168.8.12:389",
+			"addr":         "192.168.8.12:389",
-			"tls":         true,
+			"tls":          true,
-			"bind_name":   "userfind@abc.com",
+			"bind_name":    "userfind@abc.com",
-			"bind_pwd":    "afdbfdsafds",
+			"bind_pwd":     "afdbfdsafds",
-			"base_dn":     "dc=abc,dc=com",
+			"base_dn":      "dc=abc,dc=com",
-			"search_attr": "sAMAccountName",
+			"object_class": "person",
-			"member_of":   "cn=vpn,cn=user,dc=abc,dc=com",
+			"search_attr":  "sAMAccountName",
+			"member_of":    "cn=vpn,cn=user,dc=abc,dc=com",
 		},
 	}
 	g7 := Group{Name: "g7", ClientDns: []ValData{{Val: "114.114.114.114"}}, Auth: authData}

server/dbdata/ip_map.go

@@ -2,20 +2,22 @@ package dbdata
 
 import (
 	"errors"
+	"net"
 	"time"
 )
 
-// type IpMap struct {
+type IpMap struct {
-// 	Id        int       `json:"id" xorm:"pk autoincr not null"`
+	Id        int       `json:"id" xorm:"pk autoincr not null"`
-// 	IpAddr    string    `json:"ip_addr" xorm:"not null unique"`
+	IpAddr    string    `json:"ip_addr" xorm:"varchar(32) not null unique"`
-// 	MacAddr   string    `json:"mac_addr" xorm:"not null unique"`
+	MacAddr   string    `json:"mac_addr" xorm:"varchar(32) not null unique"`
-// 	Username  string    `json:"username"`
+	UniqueMac bool      `json:"unique_mac" xorm:"Bool index"`
-// 	Keep      bool      `json:"keep"` // 保留 ip-mac 绑定
+	Username  string    `json:"username" xorm:"varchar(60)"`
-// 	KeepTime  time.Time `json:"keep_time"`
+	Keep      bool      `json:"keep" xorm:"Bool"` // 保留 ip-mac 绑定
-// 	Note      string    `json:"note"` // 备注
+	KeepTime  time.Time `json:"keep_time" xorm:"DateTime"`
-// 	LastLogin time.Time `json:"last_login"`
+	Note      string    `json:"note" xorm:"varchar(255)"` // 备注
-// 	UpdatedAt time.Time `json:"updated_at"`
+	LastLogin time.Time `json:"last_login" xorm:"DateTime"`
-// }
+	UpdatedAt time.Time `json:"updated_at" xorm:"DateTime updated"`
+}
 
 func SetIpMap(v *IpMap) error {
 	var err error
@@ -24,6 +26,13 @@ func SetIpMap(v *IpMap) error {
 		return errors.New("IP或MAC错误")
 	}
 
+	macHw, err := net.ParseMAC(v.MacAddr)
+	if err != nil {
+		return errors.New("MAC错误")
+	}
+	// 统一macAddr的格式
+	v.MacAddr = macHw.String()
+
 	v.UpdatedAt = time.Now()
 	if v.Id > 0 {
 		err = Set(v)

server/dbdata/policy.go

@@ -2,6 +2,7 @@ package dbdata
 
 import (
 	"errors"
+	"fmt"
 	"net"
 	"strings"
 	"time"
@@ -31,11 +32,16 @@ func SetPolicy(p *Policy) error {
 				continue
 			}
 
-			ipMask, _, err := parseIpNet(v.Val)
+			ipMask, ipNet, err := parseIpNet(v.Val)
 			if err != nil {
 				return errors.New("RouteInclude 错误" + err.Error())
 			}
 
+			if strings.Split(ipMask, "/")[0] != ipNet.IP.String() {
+				errMsg := fmt.Sprintf("RouteInclude 错误: 网络地址错误，建议： %s 改为 %s", v.Val, ipNet)
+				return errors.New(errMsg)
+			}
+
 			v.IpMask = ipMask
 			routeInclude = append(routeInclude, v)
 		}
@@ -45,10 +51,15 @@ func SetPolicy(p *Policy) error {
 	routeExclude := []ValData{}
 	for _, v := range p.RouteExclude {
 		if v.Val != "" {
-			ipMask, _, err := parseIpNet(v.Val)
+			ipMask, ipNet, err := parseIpNet(v.Val)
 			if err != nil {
 				return errors.New("RouteExclude 错误" + err.Error())
 			}
+
+			if strings.Split(ipMask, "/")[0] != ipNet.IP.String() {
+				errMsg := fmt.Sprintf("RouteInclude 错误: 网络地址错误，建议： %s 改为 %s", v.Val, ipNet)
+				return errors.New(errMsg)
+			}
 			v.IpMask = ipMask
 			routeExclude = append(routeExclude, v)
 		}

server/dbdata/policy_test.go

@@ -21,19 +21,19 @@ func TestGetPolicy(t *testing.T) {
 	err = SetPolicy(&p2)
 	ast.Nil(err)
 
-	route := []ValData{{Val: "192.168.1.1/24"}}
+	route := []ValData{{Val: "192.168.1.0/24"}}
 	p3 := Policy{Username: "a3", ClientDns: []ValData{{Val: "114.114.114.114"}}, RouteInclude: route, DsExcludeDomains: "com.cn,qq.com"}
 	err = SetPolicy(&p3)
 	ast.Nil(err)
 	// 判断 IpMask
-	ast.Equal(p3.RouteInclude[0].IpMask, "192.168.1.1/255.255.255.0")
+	ast.Equal(p3.RouteInclude[0].IpMask, "192.168.1.0/255.255.255.0")
 
-	route2 := []ValData{{Val: "192.168.2.1/24"}}
+	route2 := []ValData{{Val: "192.168.2.0/24"}}
 	p4 := Policy{Username: "a4", ClientDns: []ValData{{Val: "114.114.114.114"}}, RouteExclude: route2, DsIncludeDomains: "com.cn,qq.com"}
 	err = SetPolicy(&p4)
 	ast.Nil(err)
 	// 判断 IpMask
-	ast.Equal(p4.RouteExclude[0].IpMask, "192.168.2.1/255.255.255.0")
+	ast.Equal(p4.RouteExclude[0].IpMask, "192.168.2.0/255.255.255.0")
 
 	// 判断所有数据
 	var userPolicy *Policy

server/dbdata/setting.go

@@ -49,7 +49,6 @@ func SettingSessAdd(sess *xorm.Session, data interface{}) error {
 	v, _ := json.Marshal(data)
 	s := &Setting{Name: name, Data: v}
 	_, err := sess.InsertOne(s)
-
 	return err
 }
 

server/dbdata/tables.go

@@ -30,7 +30,7 @@ type User struct {
 	Email    string `json:"email" xorm:"varchar(255)"`
 	// Password  string    `json:"password"`
 	PinCode    string     `json:"pin_code" xorm:"varchar(32)"`
-	LimitTime  *time.Time `json:"limittime,omitempty" xorm:"Datetime limittime"` //值为null时，前端不显示
+	LimitTime  *time.Time `json:"limittime,omitempty" xorm:"Datetime limittime"` // 值为null时，前端不显示
 	OtpSecret  string     `json:"otp_secret" xorm:"varchar(255)"`
 	DisableOtp bool       `json:"disable_otp" xorm:"Bool"` // 禁用otp
 	Groups     []string   `json:"groups" xorm:"Text"`
@@ -56,19 +56,6 @@ type UserActLog struct {
 	CreatedAt       time.Time `json:"created_at" xorm:"DateTime created"`
 }
 
-type IpMap struct {
-	Id        int       `json:"id" xorm:"pk autoincr not null"`
-	IpAddr    string    `json:"ip_addr" xorm:"varchar(32) not null unique"`
-	MacAddr   string    `json:"mac_addr" xorm:"varchar(32) not null unique"`
-	UniqueMac bool      `json:"unique_mac" xorm:"Bool index"`
-	Username  string    `json:"username" xorm:"varchar(60)"`
-	Keep      bool      `json:"keep" xorm:"Bool"` // 保留 ip-mac 绑定
-	KeepTime  time.Time `json:"keep_time" xorm:"DateTime"`
-	Note      string    `json:"note" xorm:"varchar(255)"` // 备注
-	LastLogin time.Time `json:"last_login" xorm:"DateTime"`
-	UpdatedAt time.Time `json:"updated_at" xorm:"DateTime updated"`
-}
-
 type Setting struct {
 	Id        int             `json:"id" xorm:"pk autoincr not null"`
 	Name      string          `json:"name" xorm:"varchar(60) not null unique"`

server/dbdata/user_act_log.go

@@ -155,7 +155,7 @@ func (ua *UserActLogProcess) ParseUserAgent(userAgent string) (os_idx, client_id
 	} else if strings.Contains(userAgent, "anylink") {
 		client_idx = 3
 	}
-	// Verion
+	// Version
 	uaSlice := strings.Split(userAgent, " ")
 	ver = uaSlice[len(uaSlice)-1]
 	if ver[0] == 'v' {

server/dbdata/user_test.go

@@ -17,12 +17,12 @@ func TestCheckUser(t *testing.T) {
 
 	// 添加一个组
 	dns := []ValData{{Val: "114.114.114.114"}}
-	route := []ValData{{Val: "192.168.1.1/24"}}
+	route := []ValData{{Val: "192.168.1.0/24"}}
 	g := Group{Name: group, Status: 1, ClientDns: dns, RouteInclude: route}
 	err := SetGroup(&g)
 	ast.Nil(err)
 	// 判断 IpMask
-	ast.Equal(g.RouteInclude[0].IpMask, "192.168.1.1/255.255.255.0")
+	ast.Equal(g.RouteInclude[0].IpMask, "192.168.1.0/255.255.255.0")
 
 	// 添加一个用户
 	u := User{Username: "aaa", Groups: []string{group}, Status: 1}
@@ -59,7 +59,7 @@ func TestCheckUser(t *testing.T) {
 	}
 	// 添加用户策略
 	dns2 := []ValData{{Val: "8.8.8.8"}}
-	route2 := []ValData{{Val: "192.168.2.1/24"}}
+	route2 := []ValData{{Val: "192.168.2.0/24"}}
 	p1 := Policy{Username: "aaa", Status: 1, ClientDns: dns2, RouteInclude: route2}
 	err = SetPolicy(&p1)
 	ast.Nil(err)
@@ -70,13 +70,14 @@ func TestCheckUser(t *testing.T) {
 	authData = map[string]interface{}{
 		"type": "ldap",
 		"ldap": map[string]interface{}{
-			"addr":        "192.168.8.12:389",
+			"addr":         "192.168.8.12:389",
-			"tls":         true,
+			"tls":          true,
-			"bind_name":   "userfind@abc.com",
+			"bind_name":    "userfind@abc.com",
-			"bind_pwd":    "afdbfdsafds",
+			"bind_pwd":     "afdbfdsafds",
-			"base_dn":     "dc=abc,dc=com",
+			"base_dn":      "dc=abc,dc=com",
-			"search_attr": "sAMAccountName",
+			"object_class": "person",
-			"member_of":   "cn=vpn,cn=user,dc=abc,dc=com",
+			"search_attr":  "sAMAccountName",
+			"member_of":    "cn=vpn,cn=user,dc=abc,dc=com",
 		},
 	}
 	g3 := Group{Name: group3, Status: 1, ClientDns: dns, RouteInclude: route, Auth: authData}

server/dbdata/userauth_ldap.go

@@ -8,19 +8,21 @@ import (
 	"net"
 	"reflect"
 	"regexp"
+	"strconv"
 	"time"
 
 	"github.com/go-ldap/ldap"
 )
 
 type AuthLdap struct {
-	Addr       string `json:"addr"`
+	Addr        string `json:"addr"`
-	Tls        bool   `json:"tls"`
+	Tls         bool   `json:"tls"`
-	BindName   string `json:"bind_name"`
+	BindName    string `json:"bind_name"`
-	BindPwd    string `json:"bind_pwd"`
+	BindPwd     string `json:"bind_pwd"`
-	BaseDn     string `json:"base_dn"`
+	BaseDn      string `json:"base_dn"`
-	SearchAttr string `json:"search_attr"`
+	ObjectClass string `json:"object_class"`
-	MemberOf   string `json:"member_of"`
+	SearchAttr  string `json:"search_attr"`
+	MemberOf    string `json:"member_of"`
 }
 
 func init() {
@@ -39,7 +41,7 @@ func (auth AuthLdap) checkData(authData map[string]interface{}) error {
 		return errors.New("LDAP的服务器地址(含端口)填写有误")
 	}
 	if auth.BindName == "" {
-		return errors.New("LDAP的管理员账号不能为空")
+		return errors.New("LDAP的管理员 DN不能为空")
 	}
 	if auth.BindPwd == "" {
 		return errors.New("LDAP的管理员密码不能为空")
@@ -47,6 +49,9 @@ func (auth AuthLdap) checkData(authData map[string]interface{}) error {
 	if auth.BaseDn == "" || !ValidateDN(auth.BaseDn) {
 		return errors.New("LDAP的Base DN填写有误")
 	}
+	if auth.ObjectClass == "" {
+		return errors.New("LDAP的用户对象类填写有误")
+	}
 	if auth.SearchAttr == "" {
 		return errors.New("LDAP的用户唯一ID不能为空")
 	}
@@ -93,9 +98,12 @@ func (auth AuthLdap) checkUser(name, pwd string, g *Group) error {
 	}
 	err = l.Bind(auth.BindName, auth.BindPwd)
 	if err != nil {
-		return fmt.Errorf("%s LDAP 管理员账号或密码填写有误 %s", name, err.Error())
+		return fmt.Errorf("%s LDAP 管理员 DN或密码填写有误 %s", name, err.Error())
 	}
-	filterAttr := "(objectClass=person)"
+	if auth.ObjectClass == "" {
+		auth.ObjectClass = "person"
+	}
+	filterAttr := "(objectClass=" + auth.ObjectClass + ")"
 	filterAttr += "(" + auth.SearchAttr + "=" + name + ")"
 	if auth.MemberOf != "" {
 		filterAttr += "(memberOf:=" + auth.MemberOf + ")"
@@ -117,6 +125,10 @@ func (auth AuthLdap) checkUser(name, pwd string, g *Group) error {
 		}
 		return fmt.Errorf("LDAP发现 %s 用户，存在多个账号", name)
 	}
+	err = parseEntries(sr)
+	if err != nil {
+		return fmt.Errorf("LDAP %s 用户 %s", name, err.Error())
+	}
 	userDN := sr.Entries[0].DN
 	err = l.Bind(userDN, pwd)
 	if err != nil {
@@ -125,6 +137,32 @@ func (auth AuthLdap) checkUser(name, pwd string, g *Group) error {
 	return nil
 }
 
+func parseEntries(sr *ldap.SearchResult) error {
+	for _, attr := range sr.Entries[0].Attributes {
+		switch attr.Name {
+		case "shadowExpire":
+			// -1 启用, 1 停用, >1 从1970-01-01至到期日的天数
+			val, _ := strconv.ParseInt(attr.Values[0], 10, 64)
+			if val == -1 {
+				return nil
+			}
+			if val == 1 {
+				return fmt.Errorf("账号已停用")
+			}
+			if val > 1 {
+				expireTime := time.Unix(val*86400, 0)
+				t := time.Date(expireTime.Year(), expireTime.Month(), expireTime.Day(), 23, 59, 59, 0, time.Local)
+				if t.Before(time.Now()) {
+					return fmt.Errorf("账号已过期(过期日期: %s)", t.Format("2006-01-02"))
+				}
+				return nil
+			}
+			return fmt.Errorf("账号shadowExpire值异常: %d", val)
+		}
+	}
+	return nil
+}
+
 func ValidateDomainPort(addr string) bool {
 	re := regexp.MustCompile(`^([a-zA-Z0-9][-a-zA-Z0-9]{0,62}\.)+[A-Za-z]{2,18}\:([0-9]|[1-9]\d{1,3}|[1-5]\d{4}|6[0-5]{2}[0-3][0-5])$`)
 	return re.MatchString(addr)

server/go.mod

@@ -1,23 +1,25 @@
 module github.com/bjdgyc/anylink
 
-go 1.18
+go 1.19
 
 require (
 	github.com/arl/statsviz v0.5.1
 	github.com/deckarep/golang-set v1.8.0
+	github.com/go-acme/lego/v4 v4.10.2
 	github.com/go-co-op/gocron v1.17.0
 	github.com/go-ldap/ldap v3.0.3+incompatible
 	github.com/go-sql-driver/mysql v1.6.0
 	github.com/gocarina/gocsv v0.0.0-20220712153207-8b2118da4570
-	github.com/golang-jwt/jwt/v4 v4.0.0
+	github.com/golang-jwt/jwt/v4 v4.2.0
 	github.com/google/gopacket v1.1.19
 	github.com/gorilla/handlers v1.5.1
 	github.com/gorilla/mux v1.8.0
 	github.com/ivpusic/grpool v1.0.0
+	github.com/lanrenwo/lzsgo v0.0.2
 	github.com/lib/pq v1.10.2
 	github.com/mattn/go-sqlite3 v1.14.9
 	github.com/orcaman/concurrent-map v1.0.0
-	github.com/pion/dtls/v2 v2.1.5
+	github.com/pion/dtls/v2 v2.2.7
 	github.com/pion/logging v0.2.2
 	github.com/pires/go-proxyproto v0.6.2
 	github.com/shirou/gopsutil v3.21.7+incompatible
@@ -27,25 +29,44 @@ require (
 	github.com/spf13/cast v1.3.1
 	github.com/spf13/cobra v1.2.1
 	github.com/spf13/viper v1.8.1
-	github.com/stretchr/testify v1.8.0
+	github.com/stretchr/testify v1.8.3
 	github.com/xhit/go-simple-mail/v2 v2.10.0
 	github.com/xlzd/gotp v0.0.0-20181030022105-c8557ba2c119
 	github.com/xuri/excelize/v2 v2.6.1
 	go.uber.org/atomic v1.10.0
-	golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8
+	golang.org/x/crypto v0.8.0
-	golang.org/x/net v0.0.0-20220812174116-3211cb980234
+	golang.org/x/net v0.9.0
-	golang.org/x/text v0.3.7
+	golang.org/x/text v0.9.0
-	golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac
+	golang.org/x/time v0.3.0
 	layeh.com/radius v0.0.0-20210819152912-ad72663a72ab
 	xorm.io/xorm v1.3.2
 )
 
+require (
+	github.com/aliyun/alibaba-cloud-sdk-go v1.61.1755 // indirect
+	github.com/cenkalti/backoff/v4 v4.2.0 // indirect
+	github.com/cloudflare/cloudflare-go v0.49.0 // indirect
+	github.com/felixge/httpsnoop v1.0.1 // indirect
+	github.com/go-jose/go-jose/v3 v3.0.0 // indirect
+	github.com/google/go-querystring v1.1.0 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.1 // indirect
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/kr/text v0.2.0 // indirect
+	github.com/miekg/dns v1.1.50 // indirect
+	github.com/pion/transport/v2 v2.2.1 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.490 // indirect
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.490 // indirect
+	golang.org/x/mod v0.8.0 // indirect
+	golang.org/x/tools v0.6.0 // indirect
+)
+
 require (
 	github.com/StackExchange/wmi v1.2.1 // indirect
 	github.com/coreos/go-iptables v0.6.0
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/felixge/httpsnoop v1.0.1 // indirect
+	github.com/fsnotify/fsnotify v1.5.4 // indirect
-	github.com/fsnotify/fsnotify v1.4.9 // indirect
 	github.com/go-ole/go-ole v1.2.5 // indirect
 	github.com/goccy/go-json v0.8.1 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
@@ -54,13 +75,11 @@ require (
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/magiconair/properties v1.8.5 // indirect
-	github.com/mitchellh/mapstructure v1.4.1 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect
 	github.com/pelletier/go-toml v1.9.3 // indirect
-	github.com/pion/transport v0.13.0 // indirect
-	github.com/pion/udp v0.1.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/richardlehane/mscfb v1.0.4 // indirect
 	github.com/richardlehane/msoleps v1.0.3 // indirect
@@ -74,10 +93,10 @@ require (
 	github.com/tklauser/numcpus v0.2.3 // indirect
 	github.com/xuri/efp v0.0.0-20220603152613-6918739fd470 // indirect
 	github.com/xuri/nfp v0.0.0-20220409054826-5e722a1d9e22 // indirect
-	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
+	golang.org/x/sync v0.1.0 // indirect
-	golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 // indirect
+	golang.org/x/sys v0.7.0 // indirect
 	gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect
-	gopkg.in/ini.v1 v1.62.0 // indirect
+	gopkg.in/ini.v1 v1.66.6 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	xorm.io/builder v0.3.11-0.20220531020008-1bd24a7dc978 // indirect

server/go.sum

@@ -54,6 +54,8 @@ github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuy
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/aliyun/alibaba-cloud-sdk-go v1.61.1755 h1:J45/QHgrzUdqe/Vco/Vxk0wRvdS2nKUxmf/zLgvfass=
+github.com/aliyun/alibaba-cloud-sdk-go v1.61.1755/go.mod h1:RcDobYh8k5VP6TNybz9m++gL3ijVI5wueVr0EM10VsU=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
 github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
@@ -73,6 +75,8 @@ github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kB
 github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM=
 github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ=
 github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
+github.com/cenkalti/backoff/v4 v4.2.0 h1:HN5dHm3WBOgndBH6E8V0q2jIYIR3s9yglV8k/+MN3u4=
+github.com/cenkalti/backoff/v4 v4.2.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
@@ -80,6 +84,8 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cloudflare/cloudflare-go v0.49.0 h1:KqJYk/YQ5ZhmyYz1oa4kGDskfF1gVuZfqesaJ/XDLto=
+github.com/cloudflare/cloudflare-go v0.49.0/go.mod h1:h0QgcIZ3qEXwFiwfBO8sQxjVdYsLX+PfD7NFEnANaKg=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
@@ -98,6 +104,7 @@ github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfc
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -120,19 +127,25 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
+github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
 github.com/felixge/httpsnoop v1.0.1 h1:lvB5Jl89CsZtGIWuTcDM1E/vkVs49/Ml7JJe07l8SPQ=
 github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4=
 github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
+github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI=
+github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/go-acme/lego/v4 v4.10.2 h1:5eW3qmda5v/LP21v1Hj70edKY1jeFZQwO617tdkwp6Q=
+github.com/go-acme/lego/v4 v4.10.2/go.mod h1:EMbf0Jmqwv94nJ5WL9qWnSXIBZnvsS9gNypansHGc6U=
 github.com/go-co-op/gocron v1.17.0 h1:IixLXsti+Qo0wMvmn6Kmjp2csk2ykpkcL+EmHmST18w=
 github.com/go-co-op/gocron v1.17.0/go.mod h1:IpDBSaJOVfFw7hXZuTag3SCSkqazXBBUkbQ1m1aesBs=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo=
+github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o=
@@ -159,8 +172,9 @@ github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7a
 github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang-jwt/jwt/v4 v4.0.0 h1:RAqyYixv1p7uEnocuy8P1nru5wprCh/MH2BIlW5z5/o=
+github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptGaCkuDUx6wNykzzlUixGxvkme+H/lnzb+A=
-github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
+github.com/golang-jwt/jwt/v4 v4.2.0 h1:besgBTC8w8HjP6NzQdxwKH9Z5oQMZ24ThTrHp3cZ8eU=
+github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -209,6 +223,9 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
+github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
+github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=
 github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo=
@@ -233,7 +250,6 @@ github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
 github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
@@ -255,9 +271,15 @@ github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyN
 github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
+github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
+github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
+github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
+github.com/hashicorp/go-hclog v1.2.0 h1:La19f8d7WIlm4ogzNHB0JGqs5AUDAZ2UfCY4sJXcJdM=
 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
 github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
+github.com/hashicorp/go-retryablehttp v0.7.1 h1:sUiuQAnLlbvmExtFQs72iFW/HXeUn8Z1aJLQ4LJJbTQ=
+github.com/hashicorp/go-retryablehttp v0.7.1/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
 github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
 github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
 github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
@@ -331,7 +353,12 @@ github.com/jackc/puddle v1.1.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dv
 github.com/jackc/puddle v1.1.1/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
 github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
 github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
+github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
+github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
+github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
@@ -340,7 +367,6 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
-github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=
@@ -352,12 +378,15 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxv
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
-github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
-github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/lanrenwo/lzsgo v0.0.2 h1:FA30LAaJFYLoaM17b+H32gA+5H+abjoomNLSA9HCbrI=
+github.com/lanrenwo/lzsgo v0.0.2/go.mod h1:oxDZy2vgi6VBGIdvL80ayRMtIyXV+TbjavVuINXZY2k=
 github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
@@ -373,19 +402,22 @@ github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaO
 github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ=
 github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
+github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40=
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ=
-github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
+github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng=
 github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
 github.com/mattn/go-sqlite3 v1.14.9 h1:10HX2Td0ocZpYEjhilsuo6WWtUqttj2Kb0KtD86/KYA=
 github.com/mattn/go-sqlite3 v1.14.9/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
+github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA=
+github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
 github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
@@ -393,8 +425,9 @@ github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS4
 github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
 github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
-github.com/mitchellh/mapstructure v1.4.1 h1:CpVNEelQCZBooIPDn+AR3NpivK/TIKU8bDxdASFVQag=
 github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
+github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -439,19 +472,18 @@ github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCko
 github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac=
 github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc=
 github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
-github.com/pion/dtls/v2 v2.1.5 h1:jlh2vtIyUBShchoTDqpCCqiYCyRFJ/lvf/gQ8TALs+c=
+github.com/pion/dtls/v2 v2.2.7 h1:cSUBsETxepsCSFSxC3mc/aDo14qQLMSL+O6IjG28yV8=
-github.com/pion/dtls/v2 v2.1.5/go.mod h1:BqCE7xPZbPSubGasRoDFJeTsyJtdD1FanJYL0JGheqY=
+github.com/pion/dtls/v2 v2.2.7/go.mod h1:8WiMkebSHFD0T+dIU+UeBaoV7kDhOW5oDCzZ7WZ/F9s=
 github.com/pion/logging v0.2.2 h1:M9+AIj/+pxNsDfAT64+MAVgJO0rsyLnoJKCqf//DoeY=
 github.com/pion/logging v0.2.2/go.mod h1:k0/tDVsRCX2Mb2ZEmTqNa7CWsQPc+YYCB7Q+5pahoms=
-github.com/pion/transport v0.12.2/go.mod h1:N3+vZQD9HlDP5GWkZ85LohxNsDcNgofQmyL6ojX5d8Q=
+github.com/pion/transport/v2 v2.2.1 h1:7qYnCBlpgSJNYMbLCKuSY9KbQdBFoETvPNETv0y4N7c=
-github.com/pion/transport v0.13.0 h1:KWTA5ZrQogizzYwPEciGtHPLwpAjE91FgXnyu+Hv2uY=
+github.com/pion/transport/v2 v2.2.1/go.mod h1:cXXWavvCnFF6McHTft3DWS9iic2Mftcz1Aq29pGcU5g=
-github.com/pion/transport v0.13.0/go.mod h1:yxm9uXpK9bpBBWkITk13cLo1y5/ur5VQpG22ny6EP7g=
-github.com/pion/udp v0.1.1 h1:8UAPvyqmsxK8oOjloDk4wUt63TzFe9WEJkg5lChlj7o=
-github.com/pion/udp v0.1.1/go.mod h1:6AFo+CMdKQm7UiA0eUPA8/eVCTx8jBIITLZHc9DWX5M=
 github.com/pires/go-proxyproto v0.6.2 h1:KAZ7UteSOt6urjme6ZldyFm4wDe/z0ZUP0Yv0Dos0d8=
 github.com/pires/go-proxyproto v0.6.2/go.mod h1:Odh9VFOZJCf9G8cLW5o435Xf1J95Jw9Gw5rnCjcwzAY=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA=
 github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
@@ -486,6 +518,7 @@ github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzG
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg=
 github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
 github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
 github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc=
@@ -505,9 +538,7 @@ github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMB
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e h1:MRM5ITcdelLK2j1vwZ3Je0FKVCfqOLp5zO6trqMLYs0=
 github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e/go.mod h1:XV66xRDqSt+GTGFMVlhk3ULuV0y9ZmzeVGR4mloJI3M=
-github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
-github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
 github.com/songgao/packets v0.0.0-20160404182456-549a10cd4091 h1:1zN6ImoqhSJhN8hGXFaJlSC8msLmIbX8bFqOfWLKw0w=
@@ -536,6 +567,7 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
@@ -543,12 +575,17 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY=
+github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/syndtr/goleveldb v1.0.0 h1:fBdIW9lB4Iz0n9khmH8w27SJ3QEJ7+IgjPEwGSZiFdE=
 github.com/syndtr/goleveldb v1.0.0/go.mod h1:ZVVdQEZoIme9iO1Ch2Jdy24qqXrMMOU6lpPAyBWyWuQ=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.490 h1:mmz27tVi2r70JYnm5y0Zk8w0Qzsx+vfUw3oqSyrEfP8=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.490/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.490 h1:g9SWTaTy/rEuhMErC2jWq9Qt5ci+jBYSvXnJsLq4adg=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.490/go.mod h1:l9q4vc1QiawUB1m3RU+87yLvrrxe54jc0w/kEl4DbSQ=
 github.com/tklauser/go-sysconf v0.3.7 h1:HT7h4+536gjqeq1ZIJPgOl1rg1XFatQGVZWp7Py53eg=
 github.com/tklauser/go-sysconf v0.3.7/go.mod h1:JZIdXh4RmBvZDBZ41ld2bGxRV3n4daiiqA3skYhAoQ4=
 github.com/tklauser/numcpus v0.2.3 h1:nQ0QYpiritP6ViFhrKYsiv6VVxOpum2Gks5GhnJbS/8=
@@ -572,6 +609,7 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
 github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0=
 go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
@@ -621,9 +659,10 @@ golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8 h1:GIAS/yBem/gq2MUqgNIzUHW7cJMmx3TGZOrnyYaNQ6c=
 golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ=
+golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -660,8 +699,10 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.2 h1:Gz96sIWK3OalVv/I/qNygP42zyoKp3xptRVCWRFEBvo=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -699,17 +740,18 @@ golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81R
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201201195509-5d6afe98e0b7/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
+golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211201190559-0a0e4e1bb54c/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220812174116-3211cb980234 h1:RDqmgfe7SvlMWoqC3xwQ2blLO3fcWcxMa3eBLRdRW7E=
 golang.org/x/net v0.0.0-20220812174116-3211cb980234/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM=
+golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -732,8 +774,10 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -795,12 +839,18 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210902050250-f475640dd07b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 h1:WIoqL4EROvwiPdUtaip4VcDdpZ4kha7wBWZrbVKCIZg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU=
+golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -809,14 +859,16 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac h1:7zkz7BUtwNFFqcowJ+RIgu2MaV/MapERkDIy+mwPyjs=
+golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
-golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -875,14 +927,16 @@ golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4f
 golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
-golang.org/x/tools v0.1.2 h1:kRBLX7v7Af8W7Gdbbc908OJcdgtK8bOz9Uaj8/F1ACA=
 golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
@@ -998,16 +1052,18 @@ gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLks
 gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d h1:TxyelI5cVkbREznMhfzycHdkp5cLA7DpE+GKjSslYhM=
 gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o=
 gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s=
-gopkg.in/ini.v1 v1.62.0 h1:duBzk771uxoUuOlyRLkHsygud9+5lrlGjdFBb4mSKDU=
 gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.66.6 h1:LATuAqN/shcYAOkv3wl2L4rkaKqkcgTBQjOyYDvcPKI=
+gopkg.in/ini.v1 v1.66.6/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=

server/handler/dtls.go

@@ -2,10 +2,13 @@ package handler
 
 import (
 	"context"
+	"crypto/rand"
+	"crypto/rsa"
 	"crypto/tls"
 	"encoding/hex"
 	"errors"
 	"net"
+	"strings"
 	"time"
 
 	"github.com/bjdgyc/anylink/base"
@@ -20,10 +23,13 @@ func startDtls() {
 		return
 	}
 
-	certificate, err := selfsign.GenerateSelfSigned()
+	// rsa 兼容 open connect
+	priv, _ := rsa.GenerateKey(rand.Reader, 2048)
+	certificate, err := selfsign.SelfSign(priv)
 	if err != nil {
 		panic(err)
 	}
+
 	logf := logging.NewDefaultLoggerFactory()
 	logf.Writer = base.GetBaseLw()
 	// logf.DefaultLogLevel = logging.LogLevelTrace
@@ -34,12 +40,17 @@ func startDtls() {
 
 	config := &dtls.Config{
 		Certificates:         []tls.Certificate{certificate},
-		InsecureSkipVerify:   true,
 		ExtendedMasterSecret: dtls.DisableExtendedMasterSecret,
-		CipherSuites:         []dtls.CipherSuiteID{dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
+		CipherSuites: func() []dtls.CipherSuiteID {
-		LoggerFactory:        logf,
+			var cs = []dtls.CipherSuiteID{}
-		MTU:                  BufferSize,
+			for _, vv := range dtlsCipherSuites {
-		SessionStore:         sessStore,
+				cs = append(cs, vv)
+			}
+			return cs
+		}(),
+		LoggerFactory: logf,
+		MTU:           BufferSize,
+		SessionStore:  sessStore,
 		ConnectContextMaker: func() (context.Context, func()) {
 			return context.WithTimeout(context.Background(), 5*time.Second)
 		},
@@ -98,3 +109,23 @@ func (ms *sessionStore) Get(key []byte) (dtls.Session, error) {
 func (ms *sessionStore) Del(key []byte) error {
 	return nil
 }
+
+// 客户端和服务端映射 X-DTLS12-CipherSuite
+var dtlsCipherSuites = map[string]dtls.CipherSuiteID{
+	// "ECDHE-ECDSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+	// "ECDHE-ECDSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+	"ECDHE-RSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+	"ECDHE-RSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+}
+
+func checkDtls12Ciphersuite(ciphersuite string) string {
+	csArr := strings.Split(ciphersuite, ":")
+
+	for _, v := range csArr {
+		if _, ok := dtlsCipherSuites[v]; ok {
+			return v
+		}
+	}
+	// 返回默认值
+	return "ECDHE-RSA-AES128-GCM-SHA256"
+}

server/handler/link_auth.go

@@ -1,12 +1,14 @@
 package handler
 
 import (
+	"bytes"
 	"crypto/md5"
 	"encoding/xml"
 	"fmt"
 	"io"
 	"net"
 	"net/http"
+	"net/http/httputil"
 	"strings"
 	"text/template"
 
@@ -19,9 +21,10 @@ var profileHash = ""
 
 func LinkAuth(w http.ResponseWriter, r *http.Request) {
 	// TODO 调试信息输出
-	//hd, _ := httputil.DumpRequest(r, true)
+	if base.GetLogLevel() == base.LogLevelTrace {
-	//base.Debug("DumpRequest: ", string(hd))
+		hd, _ := httputil.DumpRequest(r, true)
-
+		base.Trace("LinkAuth: ", string(hd))
+	}
 	// 判断anyconnect客户端
 	userAgent := strings.ToLower(r.UserAgent())
 	xAggregateAuth := r.Header.Get("X-Aggregate-Auth")
@@ -47,7 +50,7 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	// fmt.Printf("%+v \n", cr)
-	setCommonHeader(w)
+	// setCommonHeader(w)
 	if cr.Type == "logout" {
 		// 退出删除session信息
 		if cr.SessionToken != "" {
@@ -88,6 +91,9 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
 
 		w.WriteHeader(http.StatusOK)
 		data := RequestData{Group: cr.GroupSelect, Groups: dbdata.GetGroupNamesNormal(), Error: "用户名或密码错误"}
+		if base.Cfg.DisplayError {
+			data.Error = err.Error()
+		}
 		tplRequest(tpl_request, w, data)
 		return
 	}
@@ -103,7 +109,7 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
 	sess := sessdata.NewSession("")
 	sess.Username = cr.Auth.Username
 	sess.Group = cr.GroupSelect
-	sess.MacAddr = strings.ToLower(cr.MacAddressList.MacAddress)
+	oriMac := cr.MacAddressList.MacAddress
 	sess.UniqueIdGlobal = cr.DeviceId.UniqueIdGlobal
 	sess.UserAgent = userAgent
 	sess.DeviceType = ua.DeviceType
@@ -111,7 +117,7 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
 	sess.RemoteAddr = r.RemoteAddr
 	// 获取客户端mac地址
 	sess.UniqueMac = true
-	macHw, err := net.ParseMAC(sess.MacAddr)
+	macHw, err := net.ParseMAC(oriMac)
 	if err != nil {
 		var sum [16]byte
 		if sess.UniqueIdGlobal != "" {
@@ -125,6 +131,9 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
 		sess.MacAddr = macHw.String()
 	}
 	sess.MacHw = macHw
+	// 统一macAddr的格式
+	sess.MacAddr = macHw.String()
+
 	other := &dbdata.SettingOther{}
 	_ = dbdata.SettingGet(other)
 	rd := RequestData{SessionId: sess.Sid, SessionToken: sess.Sid + "@" + sess.Token,
@@ -146,10 +155,12 @@ func tplRequest(typ int, w io.Writer, data RequestData) {
 		return
 	}
 
-	if strings.Contains(data.Banner, "\n") {
+	if data.Banner != "" {
-		// 替换xml文件的换行符
+		buf := new(bytes.Buffer)
-		data.Banner = strings.ReplaceAll(data.Banner, "\n", "
")
+		xml.EscapeText(buf, []byte(data.Banner))
+		data.Banner = buf.String()
 	}
+
 	t, _ := template.New("auth_complete").Parse(auth_complete)
 	_ = t.Execute(w, data)
 }

server/handler/link_base.go

@@ -3,7 +3,6 @@ package handler
 import (
 	"encoding/xml"
 	"log"
-	"net/http"
 	"os/exec"
 )
 
@@ -42,28 +41,6 @@ type macAddressList struct {
 	MacAddress string `xml:"mac-address"`
 }
 
-func setCommonHeader(w http.ResponseWriter) {
-	// Content-Length Date 默认已经存在
-	w.Header().Set("Server", "AnyLink")
-	w.Header().Set("Content-Type", "text/html; charset=utf-8")
-	w.Header().Set("Cache-Control", "no-store,no-cache")
-	w.Header().Set("Pragma", "no-cache")
-	w.Header().Set("Transfer-Encoding", "chunked")
-	w.Header().Set("Connection", "keep-alive")
-	w.Header().Set("X-Frame-Options", "deny")
-	w.Header().Set("X-Content-Type-Options", "nosniff")
-	w.Header().Set("Content-Security-Policy", "default-src 'none'")
-	w.Header().Set("X-Permitted-Cross-Domain-Policies", "none")
-	w.Header().Set("Referrer-Policy", "no-referrer")
-	w.Header().Set("Clear-Site-Data", "cache,cookies,storage")
-	w.Header().Set("Cross-Origin-Embedder-Policy", "require-corp")
-	w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")
-	w.Header().Set("Cross-Origin-Resource-Policy", "same-origin")
-	w.Header().Set("X-XSS-Protection", "0")
-	w.Header().Set("X-Aggregate-Auth", "1")
-	w.Header().Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
-}
-
 func execCmd(cmdStrs []string) error {
 	for _, cmdStr := range cmdStrs {
 		cmd := exec.Command("sh", "-c", cmdStr)

server/handler/link_cstp.go

@@ -66,7 +66,22 @@ func LinkCstp(conn net.Conn, bufRW *bufio.ReadWriter, cSess *sessdata.ConnSessio
 				return
 			}
 		case 0x04:
-			// log.Println("recv DPD-RESP")
+		// log.Println("recv DPD-RESP")
+		case 0x08: // decompress
+			if cSess.CstpPickCmp == nil {
+				continue
+			}
+			dst := getByteFull()
+			nn, err := cSess.CstpPickCmp.Uncompress(pl.Data[8:], *dst)
+			if err != nil {
+				putByte(dst)
+				base.Error("cstp decompress error", err, nn)
+				continue
+			}
+			binary.BigEndian.PutUint16(pl.Data[4:6], uint16(nn))
+			pl.Data = append(pl.Data[:8], (*dst)[:nn]...)
+			putByte(dst)
+			fallthrough
 		case 0x00: // DATA
 			// 获取数据长度
 			dataLen = binary.BigEndian.Uint16(pl.Data[4:6]) // 4,5
@@ -112,16 +127,31 @@ func cstpWrite(conn net.Conn, bufRW *bufio.ReadWriter, cSess *sessdata.ConnSessi
 		}
 
 		if pl.PType == 0x00 {
-			// 获取数据长度
+			isCompress := false
-			l := len(pl.Data)
+			if cSess.CstpPickCmp != nil && len(pl.Data) > base.Cfg.NoCompressLimit {
-			// 先扩容 +8
+				dst := getByteFull()
-			pl.Data = pl.Data[:l+8]
+				size, err := cSess.CstpPickCmp.Compress(pl.Data, (*dst)[8:])
-			// 数据后移
+				if err == nil && size < len(pl.Data) {
-			copy(pl.Data[8:], pl.Data)
+					copy((*dst)[:8], plHeader)
-			// 添加头信息
+					binary.BigEndian.PutUint16((*dst)[4:6], uint16(size))
-			copy(pl.Data[:8], plHeader)
+					(*dst)[6] = 0x08
-			// 更新头长度
+					pl.Data = append(pl.Data[:0], (*dst)[:size+8]...)
-			binary.BigEndian.PutUint16(pl.Data[4:6], uint16(l))
+					isCompress = true
+				}
+				putByte(dst)
+			}
+			if !isCompress {
+				// 获取数据长度
+				l := len(pl.Data)
+				// 先扩容 +8
+				pl.Data = pl.Data[:l+8]
+				// 数据后移
+				copy(pl.Data[8:], pl.Data)
+				// 添加头信息
+				copy(pl.Data[:8], plHeader)
+				// 更新头长度
+				binary.BigEndian.PutUint16(pl.Data[4:6], uint16(l))
+			}
 		} else {
 			pl.Data = append(pl.Data[:0], plHeader...)
 			// 设置头类型

server/handler/link_dtls.go

@@ -68,7 +68,22 @@ func LinkDtls(conn net.Conn, cSess *sessdata.ConnSession) {
 				return
 			}
 		case 0x04:
-			// base.Debug("recv DPD-RESP", cSess.IpAddr)
+		// base.Debug("recv DPD-RESP", cSess.IpAddr)
+		case 0x08: // decompress
+			if cSess.DtlsPickCmp == nil {
+				continue
+			}
+			dst := getByteFull()
+			nn, err := cSess.DtlsPickCmp.Uncompress(pl.Data[1:], *dst)
+			if err != nil {
+				putByte(dst)
+				base.Error("dtls decompress error", err, n)
+				continue
+			}
+			pl.Data = append(pl.Data[:1], (*dst)[:nn]...)
+			putByte(dst)
+			n = nn + 1
+			fallthrough
 		case 0x00: // DATA
 			// 去除数据头
 			// copy(pl.Data, pl.Data[1:n])
@@ -108,14 +123,28 @@ func dtlsWrite(conn net.Conn, dSess *sessdata.DtlsSession, cSess *sessdata.ConnS
 
 		// header = []byte{payload.PType}
 		if pl.PType == 0x00 { // data
-			// 获取数据长度
+			isCompress := false
-			l := len(pl.Data)
+			if cSess.DtlsPickCmp != nil && len(pl.Data) > base.Cfg.NoCompressLimit {
-			// 先扩容 +1
+				dst := getByteFull()
-			pl.Data = pl.Data[:l+1]
+				size, err := cSess.DtlsPickCmp.Compress(pl.Data, (*dst)[1:])
-			// 数据后移
+				if err == nil && size < len(pl.Data) {
-			copy(pl.Data[1:], pl.Data)
+					(*dst)[0] = 0x08
-			// 添加头信息
+					pl.Data = append(pl.Data[:0], (*dst)[:size+1]...)
-			pl.Data[0] = pl.PType
+					isCompress = true
+				}
+				putByte(dst)
+			}
+			// 未压缩
+			if !isCompress {
+				// 获取数据长度
+				l := len(pl.Data)
+				// 先扩容 +1
+				pl.Data = pl.Data[:l+1]
+				// 数据后移
+				copy(pl.Data[1:], pl.Data)
+				// 添加头信息
+				pl.Data[0] = pl.PType
+			}
 		} else {
 			// 设置头类型
 			pl.Data = append(pl.Data[:0], pl.PType)

server/handler/link_home.go

@@ -13,7 +13,7 @@ func LinkHome(w http.ResponseWriter, r *http.Request) {
 	// fmt.Println(r.RemoteAddr)
 	// hu, _ := httputil.DumpRequest(r, true)
 	// fmt.Println("DumpHome: ", string(hu))
-	w.Header().Set("Server", "AnyLink")
+	w.Header().Set("Content-Type", "text/html; charset=utf-8")
 	connection := strings.ToLower(r.Header.Get("Connection"))
 	userAgent := strings.ToLower(r.UserAgent())
 	if connection == "close" && (strings.Contains(userAgent, "anyconnect") || strings.Contains(userAgent, "openconnect")) {

server/handler/link_tun.go

@@ -22,22 +22,29 @@ func checkTun() {
 	defer ifce.Close()
 
 	// 测试ip命令
-	cmdstr := fmt.Sprintf("ip link set dev %s up mtu %s multicast off", ifce.Name(), "1399")
+	base.CheckModOrLoad("tun")
-	err = execCmd([]string{cmdstr})
+
+	cmdstr1 := fmt.Sprintf("ip link set dev %s up mtu %s multicast off", ifce.Name(), "1399")
+	err = execCmd([]string{cmdstr1})
 	if err != nil {
 		base.Fatal("testTun err: ", err)
 	}
-	//开启服务器转发
+	// 开启服务器转发
 	if err := execCmd([]string{"sysctl -w net.ipv4.ip_forward=1"}); err != nil {
-		base.Error(err)
+		base.Fatal(err)
 	}
 	if base.Cfg.IptablesNat {
-		//添加NAT转发规则
+		// 添加NAT转发规则
 		ipt, err := iptables.New()
 		if err != nil {
-			base.Error(err)
+			base.Fatal(err)
 			return
 		}
+
+		// 修复 rockyos nat 不生效
+		base.CheckModOrLoad("iptable_filter")
+		base.CheckModOrLoad("iptable_nat")
+
 		natRule := []string{"-s", base.Cfg.Ipv4CIDR, "-o", base.Cfg.Ipv4Master, "-j", "MASQUERADE"}
 		forwardRule := []string{"-j", "ACCEPT"}
 		if natExists, _ := ipt.Exists("nat", "POSTROUTING", natRule...); !natExists {
@@ -65,7 +72,13 @@ func LinkTun(cSess *sessdata.ConnSession) error {
 	// log.Printf("Interface Name: %s\n", ifce.Name())
 	cSess.SetIfName(ifce.Name())
 
+	// 通过 ip link show  查看 alias 信息
+
 	cmdstr1 := fmt.Sprintf("ip link set dev %s up mtu %d multicast off", ifce.Name(), cSess.Mtu)
+	if !base.InContainer {
+		// 容器默认 iproute 不支持 alias
+		cmdstr1 += fmt.Sprintf(" alias %s.%s", cSess.Group.Name, cSess.Username)
+	}
 	cmdstr2 := fmt.Sprintf("ip addr add dev %s local %s peer %s/32",
 		ifce.Name(), base.Cfg.Ipv4Gateway, cSess.IpAddr)
 	err = execCmd([]string{cmdstr1, cmdstr2})

server/handler/link_tunnel.go

@@ -6,6 +6,7 @@ import (
 	"log"
 	"net"
 	"net/http"
+	"net/http/httputil"
 	"os"
 	"strings"
 	"text/template"
@@ -34,8 +35,10 @@ func HttpAddHeader(w http.ResponseWriter, key string, value string) {
 
 func LinkTunnel(w http.ResponseWriter, r *http.Request) {
 	// TODO 调试信息输出
-	//hd, _ := httputil.DumpRequest(r, true)
+	if base.GetLogLevel() == base.LogLevelTrace {
-	//base.Debug("DumpRequest: ", string(hd))
+		hd, _ := httputil.DumpRequest(r, true)
+		base.Trace("LinkTunnel: ", string(hd))
+	}
 
 	// 判断session-token的值
 	cookie, err := r.Cookie("webvpn")
@@ -89,6 +92,18 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
 
 	base.Debug(cSess.IpAddr, cSess.MacHw, sess.Username, mobile)
 
+	// 检测密码套件
+	dtlsCiphersuite := checkDtls12Ciphersuite(r.Header.Get("X-Dtls12-Ciphersuite"))
+	base.Trace("dtlsCiphersuite", dtlsCiphersuite)
+
+	// 压缩
+	if cmpName, ok := cSess.SetPickCmp("cstp", r.Header.Get("X-Cstp-Accept-Encoding")); ok {
+		HttpSetHeader(w, "X-CSTP-Content-Encoding", cmpName)
+	}
+	if cmpName, ok := cSess.SetPickCmp("dtls", r.Header.Get("X-Dtls-Accept-Encoding")); ok {
+		HttpSetHeader(w, "X-DTLS-Content-Encoding", cmpName)
+	}
+
 	// 返回客户端数据
 	HttpSetHeader(w, "Server", fmt.Sprintf("%s %s", base.APP_NAME, base.APP_VER))
 	HttpSetHeader(w, "X-CSTP-Version", "1")
@@ -153,7 +168,7 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
 	HttpSetHeader(w, "X-DTLS-Port", dtlsPort)
 	HttpSetHeader(w, "X-DTLS-DPD", fmt.Sprintf("%d", cstpDpd))
 	HttpSetHeader(w, "X-DTLS-Keepalive", fmt.Sprintf("%d", cstpKeepalive))
-	HttpSetHeader(w, "X-DTLS12-CipherSuite", "ECDHE-ECDSA-AES128-GCM-SHA256")
+	HttpSetHeader(w, "X-DTLS12-CipherSuite", dtlsCiphersuite)
 
 	HttpSetHeader(w, "X-CSTP-License", "accept")
 	HttpSetHeader(w, "X-CSTP-Routing-Filtering-Ignore", "false")
@@ -223,7 +238,11 @@ func SetPostAuthXml(g *dbdata.Group, w http.ResponseWriter) error {
 	if err != nil {
 		return err
 	}
-	HttpSetHeader(w, "X-CSTP-Post-Auth-XML", result.String())
+	xmlAuth := ""
+	for _, v := range strings.Split(result.String(), "\n") {
+		xmlAuth += strings.TrimSpace(v)
+	}
+	HttpSetHeader(w, "X-CSTP-Post-Auth-XML", xmlAuth)
 	return nil
 }
 

server/handler/link_vtap.go

@@ -33,13 +33,14 @@ func checkMacvtap() {
 
 	ifName := "anylinkMacvtap"
 	// 加载 macvtap
-	cmdstr0 := fmt.Sprintln("modprobe -i macvtap")
+	base.CheckModOrLoad("macvtap")
+
 	// 开启主网卡混杂模式
 	cmdstr1 := fmt.Sprintf("ip link set dev %s promisc on", base.Cfg.Ipv4Master)
 	// 测试 macvtap 功能
 	cmdstr2 := fmt.Sprintf("ip link add link %s name %s type macvtap mode bridge", base.Cfg.Ipv4Master, ifName)
 	cmdstr3 := fmt.Sprintf("ip link del %s", ifName)
-	err := execCmd([]string{cmdstr0, cmdstr1, cmdstr2, cmdstr3})
+	err := execCmd([]string{cmdstr1, cmdstr2, cmdstr3})
 	if err != nil {
 		base.Fatal(err)
 	}
@@ -55,6 +56,10 @@ func LinkMacvtap(cSess *sessdata.ConnSession) error {
 
 	cmdstr1 := fmt.Sprintf("ip link add link %s name %s type macvtap mode bridge", base.Cfg.Ipv4Master, ifName)
 	cmdstr2 := fmt.Sprintf("ip link set dev %s up mtu %d address %s", ifName, cSess.Mtu, cSess.MacHw)
+	if !base.InContainer {
+		// 容器默认 iproute 不支持 alias
+		cmdstr2 += fmt.Sprintf(" alias %s.%s", cSess.Group.Name, cSess.Username)
+	}
 	err := execCmd([]string{cmdstr1, cmdstr2})
 	if err != nil {
 		base.Error(err)

server/handler/payload_access_audit.go

@@ -3,6 +3,7 @@ package handler
 import (
 	"crypto/md5"
 	"encoding/binary"
+	"runtime/debug"
 	"time"
 
 	"github.com/bjdgyc/anylink/base"
@@ -101,11 +102,17 @@ func logAuditBatch() {
 
 // 解析IP包的数据
 func logAudit(userName string, pl *sessdata.Payload) {
-	defer putPayload(pl)
+	defer func() {
+		if err := recover(); err != nil {
+			base.Error("logAudit is panic: ", err, "\n", string(debug.Stack()), "\n", pl.Data)
+		}
+		putPayload(pl)
+	}()
 
 	if !(pl.LType == sessdata.LTypeIPData && pl.PType == 0x00) {
 		return
 	}
+
 	ipProto := waterutil.IPv4Protocol(pl.Data)
 	// 访问协议
 	var accessProto uint8
@@ -118,11 +125,15 @@ func logAudit(userName string, pl *sessdata.Payload) {
 	default:
 		return
 	}
-
+	// IP报文只包含头部信息时, 则打印LOG，并退出
+	ipPl := waterutil.IPv4Payload(pl.Data)
+	if len(ipPl) < 4 {
+		base.Error("ipPl len < 4", ipPl, pl.Data)
+		return
+	}
+	ipPort := (uint16(ipPl[2]) << 8) | uint16(ipPl[3])
 	ipSrc := waterutil.IPv4Source(pl.Data)
 	ipDst := waterutil.IPv4Destination(pl.Data)
-	ipPort := waterutil.IPv4DestinationPort(pl.Data)
-
 	b := getByte51()
 	key := *b
 	copy(key[:16], ipSrc)
@@ -178,7 +189,6 @@ func logAudit(userName string, pl *sessdata.Payload) {
 		AccessProto: accessProto,
 		Info:        info,
 	}
-
 	select {
 	case logBatch.LogChan <- audit:
 	default:

server/handler/payload_tcp_parser.go

@@ -29,7 +29,7 @@ func onTCP(payload []byte) (uint8, string) {
 }
 
 func sniNewParser(b []byte) (uint8, string) {
-	if len(b) < 2 || b[0] != 0x16 || b[1] != 0x03 {
+	if len(b) < 6 || b[0] != 0x16 || b[1] != 0x03 {
 		return acc_proto_tcp, ""
 	}
 	rest := b[5:]
@@ -56,7 +56,7 @@ func sniNewParser(b []byte) (uint8, string) {
 	sessionIDLength := int(rest[current])
 	current += 1
 	current += sessionIDLength
-	if current >= restLen {
+	if current+1 >= restLen {
 		return acc_proto_https, ""
 	}
 	cipherSuiteLength := (int(rest[current]) << 8) + int(rest[current+1])

server/handler/server.go

@@ -11,6 +11,8 @@ import (
 	"time"
 
 	"github.com/bjdgyc/anylink/base"
+	"github.com/bjdgyc/anylink/dbdata"
+	"github.com/bjdgyc/anylink/pkg/utils"
 	"github.com/gorilla/mux"
 	"github.com/pires/go-proxyproto"
 )
@@ -48,13 +50,18 @@ func startTls() {
 		NextProtos:   []string{"http/1.1"},
 		MinVersion:   tls.VersionTLS12,
 		CipherSuites: selectedCipherSuites,
-		// InsecureSkipVerify: true,
+		GetCertificate: func(chi *tls.ClientHelloInfo) (*tls.Certificate, error) {
+			base.Trace("GetCertificate", chi.ServerName)
+			return dbdata.GetCertificateBySNI(chi.ServerName)
+		},
 	}
 	srv := &http.Server{
-		Addr:      addr,
+		Addr:         addr,
-		Handler:   initRoute(),
+		Handler:      initRoute(),
-		TLSConfig: tlsConfig,
+		TLSConfig:    tlsConfig,
-		ErrorLog:  base.GetBaseLog(),
+		ErrorLog:     base.GetBaseLog(),
+		ReadTimeout:  60 * time.Second,
+		WriteTimeout: 60 * time.Second,
 	}
 
 	ln, err = net.Listen("tcp", addr)
@@ -66,12 +73,12 @@ func startTls() {
 	if base.Cfg.ProxyProtocol {
 		ln = &proxyproto.Listener{
 			Listener:          ln,
-			ReadHeaderTimeout: 40 * time.Second,
+			ReadHeaderTimeout: 30 * time.Second,
 		}
 	}
 
 	base.Info("listen server", addr)
-	err = srv.ServeTLS(ln, base.Cfg.CertFile, base.Cfg.CertKey)
+	err = srv.ServeTLS(ln, "", "")
 	if err != nil {
 		base.Fatal(err)
 	}
@@ -79,6 +86,14 @@ func startTls() {
 
 func initRoute() http.Handler {
 	r := mux.NewRouter()
+	// 所有路由添加安全头
+	r.Use(func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+			utils.SetSecureHeader(w)
+			next.ServeHTTP(w, req)
+		})
+	})
+
 	r.HandleFunc("/", LinkHome).Methods(http.MethodGet)
 	r.HandleFunc("/", LinkAuth).Methods(http.MethodPost)
 	r.HandleFunc("/CSCOSSLC/tunnel", LinkTunnel).Methods(http.MethodConnect)

server/pkg/utils/secure_header.go

@@ -0,0 +1,32 @@
+package utils
+
+import "net/http"
+
+// SetSecureHeader 设置安全的header头
+// https://blog.csdn.net/liwan09/article/details/130248003
+// https://zhuanlan.zhihu.com/p/335165168
+func SetSecureHeader(w http.ResponseWriter) {
+	// Content-Length Date 默认已经存在
+	w.Header().Set("Server", "AnyLinkOpenSource")
+	// w.Header().Set("Content-Type", "text/html; charset=utf-8")
+	// w.Header().Set("Transfer-Encoding", "chunked")
+	w.Header().Set("X-Aggregate-Auth", "1")
+
+	w.Header().Set("Cache-Control", "no-store,no-cache")
+	w.Header().Set("Pragma", "no-cache")
+	w.Header().Set("Connection", "keep-alive")
+	w.Header().Set("X-Frame-Options", "SAMEORIGIN")
+	w.Header().Set("X-Content-Type-Options", "nosniff")
+	w.Header().Set("X-Download-Options", "noopen")
+	w.Header().Set("Content-Security-Policy", "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'; base-uri 'self'; block-all-mixed-content")
+	w.Header().Set("X-Permitted-Cross-Domain-Policies", "none")
+	w.Header().Set("Referrer-Policy", "same-origin")
+	w.Header().Set("Cross-Origin-Embedder-Policy", "require-corp")
+	w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")
+	w.Header().Set("Cross-Origin-Resource-Policy", "same-origin")
+	w.Header().Set("X-XSS-Protection", "1;mode=block")
+	w.Header().Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
+
+	// w.Header().Set("Clear-Site-Data", "cache,cookies,storage")
+
+}

server/sessdata/compress.go

@@ -0,0 +1,35 @@
+package sessdata
+
+import (
+	"github.com/lanrenwo/lzsgo"
+)
+
+type CmpEncoding interface {
+	Compress(src []byte, dst []byte) (int, error)
+	Uncompress(src []byte, dst []byte) (int, error)
+}
+
+type LzsgoCmp struct {
+}
+
+func (l LzsgoCmp) Compress(src []byte, dst []byte) (int, error) {
+	n, err := lzsgo.Compress(src, dst)
+	return n, err
+}
+
+func (l LzsgoCmp) Uncompress(src []byte, dst []byte) (int, error) {
+	n, err := lzsgo.Uncompress(src, dst)
+	return n, err
+}
+
+// type Lz4Cmp struct {
+// 	c lz4.Compressor
+// }
+
+// func (l Lz4Cmp) Compress(src []byte, dst []byte) (int, error) {
+// 	return l.c.CompressBlock(src, dst)
+// }
+
+// func (l Lz4Cmp) Uncompress(src []byte, dst []byte) (int, error) {
+// 	return lz4.UncompressBlock(src, dst)
+// }

server/sessdata/compress_test.go

@@ -0,0 +1,28 @@
+package sessdata
+
+import (
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestLzsCompress(t *testing.T) {
+	var (
+		n   int
+		err error
+	)
+	assert := assert.New(t)
+	c := LzsgoCmp{}
+	s := "hello anylink, you are best!"
+	src := []byte(strings.Repeat(s, 50))
+
+	comprBuf := make([]byte, 2048)
+	n, err = c.Compress(src, comprBuf)
+	assert.Nil(err)
+
+	unprBuf := make([]byte, 2048)
+	n, err = c.Uncompress(comprBuf[:n], unprBuf)
+	assert.Nil(err)
+	assert.Equal(src, unprBuf[:n])
+}

server/sessdata/ip_pool.go

@@ -14,8 +14,10 @@ var (
 	IpPool   = &ipPoolConfig{}
 	ipActive = map[string]bool{}
 	// ipKeep and ipLease  ipAddr => type
-	ipLease   = map[string]bool{}
+	// ipLease   = map[string]bool{}
 	ipPoolMux sync.Mutex
+	// 记录循环点
+	loopCurIp uint32
 )
 
 type ipPoolConfig struct {
@@ -36,7 +38,19 @@ func initIpPool() {
 	}
 	IpPool.Ipv4IPNet = ipNet
 	IpPool.Ipv4Mask = net.IP(ipNet.Mask)
-	IpPool.Ipv4Gateway = net.ParseIP(base.Cfg.Ipv4Gateway)
+
+	ipv4Gateway := net.ParseIP(base.Cfg.Ipv4Gateway)
+	ipStart := net.ParseIP(base.Cfg.Ipv4Start)
+	ipEnd := net.ParseIP(base.Cfg.Ipv4End)
+	if !ipNet.Contains(ipv4Gateway) || !ipNet.Contains(ipStart) || !ipNet.Contains(ipEnd) {
+		panic("ip段 设置错误")
+	}
+	// ip地址池
+	IpPool.Ipv4Gateway = ipv4Gateway
+	IpPool.IpLongMin = utils.Ip2long(ipStart)
+	IpPool.IpLongMax = utils.Ip2long(ipEnd)
+
+	loopCurIp = IpPool.IpLongMin
 
 	// 网络地址零值
 	// zero := binary.BigEndian.Uint32(ip.Mask(mask))
@@ -44,110 +58,160 @@ func initIpPool() {
 	// one, _ := ipNet.Mask.Size()
 	// max := min | uint32(math.Pow(2, float64(32-one))-1)
 
-	// ip地址池
-	IpPool.IpLongMin = utils.Ip2long(net.ParseIP(base.Cfg.Ipv4Start))
-	IpPool.IpLongMax = utils.Ip2long(net.ParseIP(base.Cfg.Ipv4End))
-
 	// 获取IpLease数据
-	go cronIpLease()
+	// go cronIpLease()
 }
 
-func cronIpLease() {
+// func cronIpLease() {
-	getIpLease()
+// 	getIpLease()
-	tick := time.NewTicker(time.Minute * 30)
+// 	tick := time.NewTicker(time.Minute * 30)
-	for range tick.C {
+// 	for range tick.C {
-		getIpLease()
+// 		getIpLease()
-	}
+// 	}
-}
+// }
-
+//
-func getIpLease() {
+// func getIpLease() {
-	xdb := dbdata.GetXdb()
+// 	xdb := dbdata.GetXdb()
-	keepIpMaps := []dbdata.IpMap{}
+// 	keepIpMaps := []dbdata.IpMap{}
-	sNow := time.Now().Add(-1 * time.Duration(base.Cfg.IpLease) * time.Second)
+// 	sNow := time.Now().Add(-1 * time.Duration(base.Cfg.IpLease) * time.Second)
-	err := xdb.Cols("ip_addr").Where("keep=?", true).
+// 	err := xdb.Cols("ip_addr").Where("keep=?", true).
-		Or("unique_mac=? and last_login>?", true, sNow).Find(&keepIpMaps)
+// 		Or("unique_mac=? and last_login>?", true, sNow).Find(&keepIpMaps)
-	if err != nil {
+// 	if err != nil {
-		base.Error(err)
+// 		base.Error(err)
-	}
+// 	}
-	// fmt.Println(keepIpMaps)
+// 	// fmt.Println(keepIpMaps)
-	ipPoolMux.Lock()
+// 	ipPoolMux.Lock()
-	ipLease = map[string]bool{}
+// 	ipLease = map[string]bool{}
-	for _, v := range keepIpMaps {
+// 	for _, v := range keepIpMaps {
-		ipLease[v.IpAddr] = true
+// 		ipLease[v.IpAddr] = true
-	}
+// 	}
-	ipPoolMux.Unlock()
+// 	ipPoolMux.Unlock()
-}
+// }
 
 // AcquireIp 获取动态ip
 func AcquireIp(username, macAddr string, uniqueMac bool) net.IP {
+	base.Trace("AcquireIp:", username, macAddr, uniqueMac)
 	ipPoolMux.Lock()
 	defer ipPoolMux.Unlock()
 
 	var (
 		err  error
 		tNow = time.Now()
-		sNow = time.Now().Add(-1 * time.Duration(base.Cfg.IpLease) * time.Second)
 	)
 
 	if uniqueMac {
 		// 判断是否已经分配过
 		mi := &dbdata.IpMap{}
 		err = dbdata.One("mac_addr", macAddr, mi)
+		if err != nil {
+			// 没有查询到数据
+			if dbdata.CheckErrNotFound(err) {
+				return loopIp(username, macAddr, uniqueMac)
+			}
+			// 查询报错
+			base.Error(err)
+			return nil
+		}
+
 		// 存在ip记录
-		if err == nil {
+		base.Trace("uniqueMac:", username, mi)
+		ipStr := mi.IpAddr
+		ip := net.ParseIP(ipStr)
+		// 跳过活跃连接
+		_, ok := ipActive[ipStr]
+		// 检测原有ip是否在新的ip池内
+		// IpPool.Ipv4IPNet.Contains(ip) &&
+		if !ok &&
+			utils.Ip2long(ip) >= IpPool.IpLongMin &&
+			utils.Ip2long(ip) <= IpPool.IpLongMax {
+			mi.Username = username
+			mi.LastLogin = tNow
+			mi.UniqueMac = uniqueMac
+			// 回写db数据
+			_ = dbdata.Set(mi)
+			ipActive[ipStr] = true
+			return ip
+		}
+		// 删除当前macAddr
+		mi = &dbdata.IpMap{MacAddr: macAddr}
+		_ = dbdata.Del(mi)
+
+	} else {
+		// 没有获取到mac的情况
+		ipMaps := []dbdata.IpMap{}
+		err = dbdata.FindWhere(&ipMaps, 50, 1, "username=? and unique_mac=?", username, false)
+		if err != nil {
+			// 没有查询到数据
+			if dbdata.CheckErrNotFound(err) {
+				return loopIp(username, macAddr, uniqueMac)
+			}
+			// 查询报错
+			base.Error(err)
+			return nil
+		}
+
+		// 遍历mac记录
+		for _, mi := range ipMaps {
 			ipStr := mi.IpAddr
 			ip := net.ParseIP(ipStr)
+
 			// 跳过活跃连接
-			_, ok := ipActive[ipStr]
+			if _, ok := ipActive[ipStr]; ok {
-			// 检测原有ip是否在新的ip池内
+				continue
-			if IpPool.Ipv4IPNet.Contains(ip) && !ok &&
+			}
-				utils.Ip2long(ip) >= IpPool.IpLongMin &&
+			// 跳过保留ip
+			if mi.Keep {
+				continue
+			}
+			// 没有mac的 不需要验证租期
+			// mi.LastLogin.Before(leaseTime) &&
+			if utils.Ip2long(ip) >= IpPool.IpLongMin &&
 				utils.Ip2long(ip) <= IpPool.IpLongMax {
-				mi.Username = username
 				mi.LastLogin = tNow
+				mi.MacAddr = macAddr
 				mi.UniqueMac = uniqueMac
 				// 回写db数据
 				_ = dbdata.Set(mi)
 				ipActive[ipStr] = true
 				return ip
 			}
-			_ = dbdata.Del(mi)
-		}
-	} else {
-		ipMaps := []dbdata.IpMap{}
-		err = dbdata.FindWhere(&ipMaps, 50, 1, "username=? and unique_mac=?", username, false)
-		if err == nil {
-			//遍历mac记录
-			for _, mi := range ipMaps {
-				ipStr := mi.IpAddr
-				ip := net.ParseIP(ipStr)
-
-				// 跳过活跃连接
-				if _, ok := ipActive[ipStr]; ok {
-					continue
-				}
-				// 跳过ip租期内数据
-				if _, ok := ipLease[ipStr]; ok {
-					continue
-				}
-
-				if IpPool.Ipv4IPNet.Contains(ip) &&
-					utils.Ip2long(ip) >= IpPool.IpLongMin &&
-					utils.Ip2long(ip) <= IpPool.IpLongMax {
-					mi.LastLogin = tNow
-					mi.MacAddr = macAddr
-					mi.UniqueMac = uniqueMac
-					// 回写db数据
-					_ = dbdata.Set(mi)
-					ipActive[ipStr] = true
-					return ip
-				}
-			}
 		}
 	}
 
+	return loopIp(username, macAddr, uniqueMac)
+}
+
+func loopIp(username, macAddr string, uniqueMac bool) net.IP {
+	var (
+		i  uint32
+		ip net.IP
+	)
+
+	i, ip = loopLong(loopCurIp, IpPool.IpLongMax, username, macAddr, uniqueMac)
+	if ip != nil {
+		loopCurIp = i
+		return ip
+	}
+
+	i, ip = loopLong(IpPool.IpLongMin, loopCurIp, username, macAddr, uniqueMac)
+	if ip != nil {
+		loopCurIp = i
+		return ip
+	}
+
+	base.Warn("no ip available, please see ip_map table row", username, macAddr)
+	return nil
+}
+
+func loopLong(start, end uint32, username, macAddr string, uniqueMac bool) (uint32, net.IP) {
+	var (
+		err       error
+		tNow      = time.Now()
+		leaseTime = time.Now().Add(-1 * time.Duration(base.Cfg.IpLease) * time.Second)
+	)
+
 	// 全局遍历超过租期和未保留的ip
-	for i := IpPool.IpLongMin; i <= IpPool.IpLongMax; i++ {
+	for i := start; i <= end; i++ {
 		ip := utils.Long2ip(i)
 		ipStr := ip.String()
 
@@ -155,14 +219,30 @@ func AcquireIp(username, macAddr string, uniqueMac bool) net.IP {
 		if _, ok := ipActive[ipStr]; ok {
 			continue
 		}
-		// 跳过ip租期内数据
-		if _, ok := ipLease[ipStr]; ok {
-			continue
-		}
 
 		mi := &dbdata.IpMap{}
 		err = dbdata.One("ip_addr", ipStr, mi)
-		if err == nil && mi.LastLogin.Before(sNow) {
+		if err != nil {
+			// 没有查询到数据
+			if dbdata.CheckErrNotFound(err) {
+				// 该ip没有被使用
+				mi = &dbdata.IpMap{IpAddr: ipStr, MacAddr: macAddr, UniqueMac: uniqueMac, Username: username, LastLogin: tNow}
+				_ = dbdata.Add(mi)
+				ipActive[ipStr] = true
+				return i, ip
+			}
+			// 查询报错
+			base.Error(err)
+			return 0, nil
+		}
+
+		// 查询到已经使用的ip
+		// 跳过保留ip
+		if mi.Keep {
+			continue
+		}
+		// 判断租期
+		if mi.LastLogin.Before(leaseTime) {
 			// 存在记录，说明已经超过租期，可以直接使用
 			mi.LastLogin = tNow
 			mi.MacAddr = macAddr
@@ -170,23 +250,11 @@ func AcquireIp(username, macAddr string, uniqueMac bool) net.IP {
 			// 回写db数据
 			_ = dbdata.Set(mi)
 			ipActive[ipStr] = true
-			return ip
+			return i, ip
 		}
-
-		if dbdata.CheckErrNotFound(err) {
-			// 该ip没有被使用
-			mi := &dbdata.IpMap{IpAddr: ipStr, MacAddr: macAddr, UniqueMac: uniqueMac, Username: username, LastLogin: tNow}
-			_ = dbdata.Add(mi)
-			ipActive[ipStr] = true
-			return ip
-		}
-		// 查询报错
-		base.Error(err)
-		return nil
 	}
 
-	base.Warn("no ip available, please see ip_map table row")
+	return 0, nil
-	return nil
 }
 
 // 回收ip

server/sessdata/ip_pool_test.go

@@ -6,6 +6,7 @@ import (
 	"os"
 	"path"
 	"testing"
+	"time"
 
 	"github.com/bjdgyc/anylink/base"
 	"github.com/bjdgyc/anylink/dbdata"
@@ -18,10 +19,12 @@ func preData(tmpDir string) {
 	base.Cfg.DbType = "sqlite3"
 	base.Cfg.DbSource = tmpDb
 	base.Cfg.Ipv4CIDR = "192.168.3.0/24"
-	base.Cfg.Ipv4Start = "192.168.3.1"
+	base.Cfg.Ipv4Gateway = "192.168.3.1"
-	base.Cfg.Ipv4End = "192.168.3.199"
+	base.Cfg.Ipv4Start = "192.168.3.100"
+	base.Cfg.Ipv4End = "192.168.3.150"
 	base.Cfg.MaxClient = 100
 	base.Cfg.MaxUserClient = 3
+	base.Cfg.IpLease = 5
 
 	dbdata.Start()
 	group := dbdata.Group{
@@ -46,22 +49,34 @@ func TestIpPool(t *testing.T) {
 
 	var ip net.IP
 
-	for i := 1; i <= 100; i++ {
+	for i := 100; i <= 150; i++ {
-		_ = AcquireIp("user", fmt.Sprintf("mac-%d", i), true)
+		_ = AcquireIp(getTestUser(i), getTestMacAddr(i), true)
 	}
-	ip = AcquireIp("user", "mac-new", true)
-	assert.True(net.IPv4(192, 168, 3, 101).Equal(ip))
-	for i := 102; i <= 199; i++ {
-		ip = AcquireIp("user", fmt.Sprintf("mac-%d", i), true)
-	}
-	assert.True(net.IPv4(192, 168, 3, 199).Equal(ip))
-	ip = AcquireIp("user", "mac-nil", true)
-	assert.Nil(ip)
 
-	ReleaseIp(net.IPv4(192, 168, 3, 88), "mac-88")
+	// 回收
-	ReleaseIp(net.IPv4(192, 168, 3, 188), "mac-188")
+	ReleaseIp(net.IPv4(192, 168, 3, 140), getTestMacAddr(140))
+	time.Sleep(time.Second * 6)
+
 	// 从头循环获取可用ip
-	ip = AcquireIp("user", "mac-188", true)
+	user_new := getTestUser(210)
-	t.Log("mac-188", ip)
+	mac_new := getTestMacAddr(210)
-	assert.True(net.IPv4(192, 168, 3, 188).Equal(ip))
+	ip = AcquireIp(user_new, mac_new, true)
+	t.Log("mac_new", ip)
+	assert.NotNil(ip)
+	assert.True(net.IPv4(192, 168, 3, 140).Equal(ip))
+
+	// 回收全部
+	for i := 100; i <= 150; i++ {
+		ReleaseIp(net.IPv4(192, 168, 3, byte(i)), getTestMacAddr(i))
+	}
+}
+
+func getTestUser(i int) string {
+	return fmt.Sprintf("user-%d", i)
+}
+
+func getTestMacAddr(i int) string {
+	// 前缀mac
+	macAddr := "02:00:00:00:00"
+	return fmt.Sprintf("%s:%x", macAddr, i)
 }

server/sessdata/session.go

@@ -54,6 +54,9 @@ type ConnSession struct {
 	PayloadOutDtls      chan *Payload // Dtls的数据
 	// dSess *DtlsSession
 	dSess *atomic.Value
+	// compress
+	CstpPickCmp CmpEncoding
+	DtlsPickCmp CmpEncoding
 }
 
 type DtlsSession struct {
@@ -187,6 +190,7 @@ func (s *Session) NewConn() *ConnSession {
 
 	limit := LimitClient(username, false)
 	if !limit {
+		base.Warn("limit is full", username)
 		return nil
 	}
 	ip := AcquireIp(username, macAddr, uniqueMac)
@@ -359,6 +363,30 @@ func (cs *ConnSession) RateLimit(byt int, isUp bool) error {
 	return cs.Limit.Wait(byt)
 }
 
+func (cs *ConnSession) SetPickCmp(cate, encoding string) (string, bool) {
+	var cmpName string
+	if !base.Cfg.Compression {
+		return cmpName, false
+	}
+	var cmp CmpEncoding
+	switch {
+	// case strings.Contains(encoding, "oc-lz4"):
+	// 	cmpName = "oc-lz4"
+	// 	cmp = Lz4Cmp{}
+	case strings.Contains(encoding, "lzs"):
+		cmpName = "lzs"
+		cmp = LzsgoCmp{}
+	default:
+		return cmpName, false
+	}
+	if cate == "cstp" {
+		cs.CstpPickCmp = cmp
+	} else {
+		cs.DtlsPickCmp = cmp
+	}
+	return cmpName, true
+}
+
 func SToken2Sess(stoken string) *Session {
 	stoken = strings.TrimSpace(stoken)
 	sarr := strings.Split(stoken, "@")

server/sessdata/session_test.go

@@ -1,8 +1,11 @@
 package sessdata
 
 import (
+	"fmt"
 	"testing"
+	"time"
 
+	"github.com/bjdgyc/anylink/base"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -22,11 +25,15 @@ func TestConnSession(t *testing.T) {
 	preData(tmp)
 	defer cleardata(tmp)
 
+	time.Sleep(time.Second * 10)
+
 	sess := NewSession("")
+	sess.Username = "user-test"
 	sess.Group = "group1"
 	sess.MacAddr = "00:15:5d:50:14:43"
 
 	cSess := sess.NewConn()
+	base.Info("cSess", cSess)
 
 	err := cSess.RateLimit(100, true)
 	ast.Nil(err)
@@ -34,5 +41,23 @@ func TestConnSession(t *testing.T) {
 	err = cSess.RateLimit(200, false)
 	ast.Nil(err)
 	ast.Equal(cSess.BandwidthDown.Load(), uint32(200))
+
+	var (
+		cmpName string
+		ok      bool
+	)
+	base.Cfg.Compression = true
+
+	cmpName, ok = cSess.SetPickCmp("cstp", "oc-lz4,lzs")
+	fmt.Println(cmpName, ok)
+	ast.True(ok)
+	ast.Equal(cmpName, "lzs")
+	cmpName, ok = cSess.SetPickCmp("dtls", "lzs")
+	ast.True(ok)
+	ast.Equal(cmpName, "lzs")
+	cmpName, ok = cSess.SetPickCmp("dtls", "test")
+	ast.False(ok)
+	ast.Equal(cmpName, "")
+
 	cSess.Close()
 }

systemd/anylink.service

@@ -11,5 +11,14 @@ Restart=on-failure
 RestartSec=5s
 ExecStart=/usr/local/anylink-deploy/anylink --conf=/usr/local/anylink-deploy/conf/server.toml
 
+# systemctl --version
+
+# systemd older than v236
+# ExecStart=/bin/bash -c 'exec /usr/local/anylink-deploy/anylink --conf=/usr/local/anylink-deploy/conf/server.toml >> /usr/local/anylink-deploy/log/anylink.log 2>&1'
+
+# systemd new than v236
+# StandardOutput=file:/usr/local/anylink-deploy/log/anylink.log
+# StandardError=file:/usr/local/anylink-deploy/log/anylink.log
+
 [Install]
 WantedBy=multi-user.target

web/package.json

@@ -12,6 +12,7 @@
     "core-js": "^3.6.5",
     "echarts": "^4.9.0",
     "element-ui": "^2.4.5",
+    "qs": "^6.11.1",
     "vue": "^2.6.11",
     "vue-count-to": "^1.0.13",
     "vue-router": "^3.5.2"

web/src/pages/Home.vue

@@ -230,6 +230,9 @@ export default {
                 case "mem": this.formatMem(data); break;
             }
         }).catch(error => {
+            if (error.response.status === 401) {
+               return ;
+            }            
             this.$message.error('哦，请求出错');
             console.log(error);
         });

web/src/pages/group/List.vue

@@ -47,7 +47,12 @@
 
         <el-table-column
             prop="bandwidth"
-            label="带宽限制">
+            label="带宽限制"
+            width="90">
+            <template slot-scope="scope">
+                <el-row v-if="scope.row.bandwidth > 0">{{ convertBandwidth(scope.row.bandwidth, 'BYTE', 'Mbps') }} Mbps</el-row>
+                <el-row v-else>不限</el-row>
+            </template>            
         </el-table-column>
 
         <el-table-column
@@ -62,7 +67,7 @@
         <el-table-column
             prop="route_include"
             label="路由包含"
-            width="200">
+            width="180">
           <template slot-scope="scope">
             <el-row v-for="(item,inx) in scope.row.route_include.slice(0, readMinRows)" :key="inx">{{ item.val }}</el-row>
             <div v-if="scope.row.route_include.length > readMinRows">
@@ -77,7 +82,7 @@
         <el-table-column
             prop="route_exclude"
             label="路由排除"
-            width="200">
+            width="180">
           <template slot-scope="scope">
             <el-row v-for="(item,inx) in scope.row.route_exclude.slice(0, readMinRows)" :key="inx">{{ item.val }}</el-row>
             <div v-if="scope.row.route_exclude.length > readMinRows">
@@ -92,7 +97,7 @@
         <el-table-column
             prop="link_acl"
             label="LINK-ACL"
-            min-width="200">
+            min-width="180">
           <template slot-scope="scope">
             <el-row v-for="(item,inx) in scope.row.link_acl.slice(0, readMinRows)" :key="inx">
               {{ item.action }} => {{ item.val }} : {{ item.port }}
@@ -186,14 +191,15 @@
                 <el-input v-model="ruleForm.note"></el-input>
                 </el-form-item>
 
-                <el-form-item label="带宽限制" prop="bandwidth">
+                <el-form-item label="带宽限制" prop="bandwidth_format" style="width:260px;">
-                <el-input v-model.number="ruleForm.bandwidth">
+                <el-input v-model="ruleForm.bandwidth_format" oninput="value= value.match(/\d+(\.\d{0,2})?/) ? value.match(/\d+(\.\d{0,2})?/)[0] : ''">
-                    <template slot="append">BYTE/S</template>
+                    <template slot="append">Mbps</template>
                 </el-input>
                 </el-form-item>
                 <el-form-item label="排除本地网络" prop="allow_lan">
                 <el-switch
-                    v-model="ruleForm.allow_lan">
+                    v-model="ruleForm.allow_lan"
+                    active-text="开启后 用户本地所在网段将不通过anylink加密传输">
                 </el-switch>
                 </el-form-item>
 
@@ -235,23 +241,23 @@
                         <el-radio label="ldap" border>LDAP</el-radio>
                     </el-radio-group>
                 </el-form-item>   
-                <templete v-if="ruleForm.auth.type == 'radius'">
+                <template v-if="ruleForm.auth.type == 'radius'">
                   <el-form-item label="服务器地址" prop="auth.radius.addr" :rules="this.ruleForm.auth.type== 'radius' ? this.rules['auth.radius.addr'] : [{ required: false }]">
                       <el-input v-model="ruleForm.auth.radius.addr" placeholder="例如 ip:1812"></el-input>
                   </el-form-item>                
                   <el-form-item label="密钥" prop="auth.radius.secret" :rules="this.ruleForm.auth.type== 'radius' ? this.rules['auth.radius.secret'] : [{ required: false }]">
                       <el-input v-model="ruleForm.auth.radius.secret" placeholder=""></el-input>
                   </el-form-item>               
-                </templete>
+                </template>
 
-                <templete v-if="ruleForm.auth.type == 'ldap'">
+                <template v-if="ruleForm.auth.type == 'ldap'">
                   <el-form-item label="服务器地址" prop="auth.ldap.addr" :rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.addr'] : [{ required: false }]">
                       <el-input v-model="ruleForm.auth.ldap.addr" placeholder="例如 ip:389 / 域名:389"></el-input>    
                   </el-form-item> 
                   <el-form-item label="开启TLS" prop="auth.ldap.tls">
                     <el-switch v-model="ruleForm.auth.ldap.tls"></el-switch>                      
                   </el-form-item>
-                  <el-form-item label="管理员账号" prop="auth.ldap.bind_name" :rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.bind_name'] : [{ required: false }]">
+                  <el-form-item label="管理员 DN" prop="auth.ldap.bind_name" :rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.bind_name'] : [{ required: false }]">
                     <el-input v-model="ruleForm.auth.ldap.bind_name" placeholder="例如 CN=bindadmin,DC=abc,DC=COM"></el-input>
                   </el-form-item>
                   <el-form-item label="管理员密码" prop="auth.ldap.bind_pwd" :rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.bind_pwd'] : [{ required: false }]">
@@ -259,61 +265,76 @@
                   </el-form-item>                                                
                   <el-form-item label="Base DN" prop="auth.ldap.base_dn" :rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.base_dn'] : [{ required: false }]">
                     <el-input v-model="ruleForm.auth.ldap.base_dn" placeholder="例如 DC=abc,DC=com"></el-input>
-                  </el-form-item>  
+                  </el-form-item>
+                  <el-form-item label="用户对象类" prop="auth.ldap.object_class" :rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.object_class'] : [{ required: false }]">
+                    <el-input v-model="ruleForm.auth.ldap.object_class" placeholder="例如 person / user / posixAccount"></el-input>
+                  </el-form-item>                  
                   <el-form-item label="用户唯一ID" prop="auth.ldap.search_attr" :rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.search_attr'] : [{ required: false }]">
-                    <el-input v-model="ruleForm.auth.ldap.search_attr" placeholder="例如 sAMAccountName 或 uid"></el-input>
+                    <el-input v-model="ruleForm.auth.ldap.search_attr" placeholder="例如 sAMAccountName / uid / cn"></el-input>
-                  </el-form-item>    
+                  </el-form-item>
                   <el-form-item label="受限用户组" prop="auth.ldap.member_of">
                     <el-input v-model="ruleForm.auth.ldap.member_of" placeholder="选填, 只允许指定组登入, 例如 CN=HomeWork,DC=abc,DC=com"></el-input>
                   </el-form-item>                                                                      
-                </templete>                 
+                </template>                 
             </el-tab-pane>  
 
             <el-tab-pane label="路由设置" name="route">
                 <el-form-item label="包含路由" prop="route_include">
                 <el-row class="msg-info">
-                    <el-col :span="20">输入CIDR格式如: 192.168.1.0/24</el-col>
+                    <el-col :span="18">输入CIDR格式如: 192.168.1.0/24</el-col>
-                    <el-col :span="4">
+                    <el-col :span="2">
                     <el-button size="mini" type="success" icon="el-icon-plus" circle
                                 @click.prevent="addDomain(ruleForm.route_include)"></el-button>
                     </el-col>
+                    <el-col :span="4">
+                      <el-button size="mini" type="info" icon="el-icon-edit" circle
+                                @click.prevent="openIpListDialog('route_include')"></el-button>
+                    </el-col>                    
                 </el-row>
-                <el-row v-for="(item,index) in ruleForm.route_include"
+                <templete v-if="activeTab == 'route'">
-                        :key="index" style="margin-bottom: 5px" :gutter="10">
+                    <el-row v-for="(item,index) in ruleForm.route_include"
-                    <el-col :span="10">
+                            :key="index" style="margin-bottom: 5px" :gutter="10">
-                    <el-input v-model="item.val"></el-input>
+                        <el-col :span="10">
-                    </el-col>
+                        <el-input v-model="item.val"></el-input>
-                    <el-col :span="12">
+                        </el-col>
-                    <el-input v-model="item.note" placeholder="备注"></el-input>
+                        <el-col :span="12">
-                    </el-col>
+                        <el-input v-model="item.note" placeholder="备注"></el-input>
-                    <el-col :span="2">
+                        </el-col>
-                    <el-button size="mini" type="danger" icon="el-icon-minus" circle
+                        <el-col :span="2">
-                                @click.prevent="removeDomain(ruleForm.route_include,index)"></el-button>
+                        <el-button size="mini" type="danger" icon="el-icon-minus" circle
-                    </el-col>
+                                    @click.prevent="removeDomain(ruleForm.route_include,index)"></el-button>
-                </el-row>
+                        </el-col>
+                    </el-row>
+                </templete>
                 </el-form-item>
 
                 <el-form-item label="排除路由" prop="route_exclude">
                 <el-row class="msg-info">
-                    <el-col :span="20">输入CIDR格式如: 192.168.2.0/24</el-col>
+                    <el-col :span="18">输入CIDR格式如: 192.168.2.0/24</el-col>
-                    <el-col :span="4">
+                    <el-col :span="2">
                     <el-button size="mini" type="success" icon="el-icon-plus" circle
                                 @click.prevent="addDomain(ruleForm.route_exclude)"></el-button>
                     </el-col>
+                    <el-col :span="4">
+                      <el-button size="mini" type="info" icon="el-icon-edit" circle
+                                @click.prevent="openIpListDialog('route_exclude')"></el-button>
+                    </el-col>                    
                 </el-row>
-                <el-row v-for="(item,index) in ruleForm.route_exclude"
+                <templete v-if="activeTab == 'route'">
-                        :key="index" style="margin-bottom: 5px" :gutter="10">
+                    <el-row v-for="(item,index) in ruleForm.route_exclude"
-                    <el-col :span="10">
+                            :key="index" style="margin-bottom: 5px" :gutter="10">
-                    <el-input v-model="item.val"></el-input>
+                        <el-col :span="10">
-                    </el-col>
+                        <el-input v-model="item.val"></el-input>
-                    <el-col :span="12">
+                        </el-col>
-                    <el-input v-model="item.note" placeholder="备注"></el-input>
+                        <el-col :span="12">
-                    </el-col>
+                        <el-input v-model="item.note" placeholder="备注"></el-input>
-                    <el-col :span="2">
+                        </el-col>
-                    <el-button size="mini" type="danger" icon="el-icon-minus" circle
+                        <el-col :span="2">
-                                @click.prevent="removeDomain(ruleForm.route_exclude,index)"></el-button>
+                        <el-button size="mini" type="danger" icon="el-icon-minus" circle
-                    </el-col>
+                                    @click.prevent="removeDomain(ruleForm.route_exclude,index)"></el-button>
-                </el-row>
+                        </el-col>
+                    </el-row>
+                </templete>
                 </el-form-item>
             </el-tab-pane>
             <el-tab-pane label="权限控制" name="link_acl">
@@ -324,7 +345,7 @@
                     <el-button size="mini" type="success" icon="el-icon-plus" circle
                                 @click.prevent="addDomain(ruleForm.link_acl)"></el-button>
                     </el-col>
-                </el-row>
+                </el-row>  
 
                 <el-row v-for="(item,index) in ruleForm.link_acl"
                         :key="index" style="margin-bottom: 5px" :gutter="5">
@@ -356,16 +377,59 @@
                 </el-form-item>                
                 <el-form-item label="排除域名" prop="ds_exclude_domains">
                     <el-input type="textarea" :rows="5" v-model="ruleForm.ds_exclude_domains" placeholder="输入域名用,号分隔，默认匹配所有子域名, 如baidu.com,163.com"></el-input>
+                    <div class="msg-info">注：域名拆分隧道，仅支持AnyConnect的桌面客户端，不支持移动端.</div>
                 </el-form-item>
             </el-tab-pane>
             <el-form-item>
-            <el-button type="primary" @click="submitForm('ruleForm')">保存</el-button>
+                <templete v-if="activeTab == 'authtype' && ruleForm.auth.type != 'local'">
-            <el-button @click="closeDialog">取消</el-button>
+                    <el-button @click="openAuthLoginDialog()" style="margin-right:10px">测试登录</el-button>
+                </templete>
+                <el-button type="primary" @click="submitForm('ruleForm')">保存</el-button>
+                <el-button @click="closeDialog">取消</el-button>
             </el-form-item>
           </el-tabs>
         </el-form> 
     </el-dialog>
-
+    <!--测试用户登录弹出框-->
+    <el-dialog
+        :close-on-click-modal="false"
+        title="测试用户登录"
+        :visible.sync="authLoginDialog"
+        width="600px"
+        custom-class="valgin-dialog"
+        center>
+        <el-form :model="authLoginForm" :rules="authLoginRules" ref="authLoginForm" label-width="100px">
+            <el-form-item label="账号" prop="name">
+                <el-input v-model="authLoginForm.name" ref="authLoginFormName" @keydown.enter.native="testAuthLogin"></el-input>
+            </el-form-item>
+            <el-form-item label="密码" prop="pwd">
+                <el-input type="password" v-model="authLoginForm.pwd" @keydown.enter.native="testAuthLogin"></el-input>
+            </el-form-item>
+            <el-form-item>
+                <el-button type="primary" @click="testAuthLogin()" :loading="authLoginLoading">登录</el-button>
+                <el-button @click="authLoginDialog = false">取 消</el-button>
+            </el-form-item>
+        </el-form>
+    </el-dialog> 
+    <!--编辑模式弹窗-->
+    <el-dialog
+    :close-on-click-modal="false"
+    title="编辑模式"
+    :visible.sync="ipListDialog"
+    width="650px"
+    custom-class="valgin-dialog"
+    center>
+      <el-form ref="ipEditForm" label-width="80px">
+          <el-form-item label="路由表" prop="ip_list">
+              <el-input type="textarea" :rows="10" v-model="ipEditForm.ip_list" placeholder="每行一条路由，例：192.168.1.0/24,备注 或 192.168.1.0/24"></el-input>
+              <div class="msg-info">当前共 {{ ipEditForm.ip_list.trim() === '' ? 0 : ipEditForm.ip_list.trim().split("\n").length }} 条（注：AnyConnect客户端最多支持{{ this.maxRouteRows }}条路由）</div>
+          </el-form-item>
+          <el-form-item>
+              <el-button type="primary" @click="ipEdit()" :loading="ipEditLoading">更新</el-button>
+              <el-button @click="ipListDialog = false">取 消</el-button>
+          </el-form-item>
+      </el-form>
+    </el-dialog>
   </div>
 </template>
 
@@ -392,6 +456,7 @@ export default {
       activeTab : "general",
       readMore: {},
       readMinRows : 5,
+      maxRouteRows : 2500,
       defAuth : {
                 type:'local', 
                 radius:{addr:"", secret:""},
@@ -399,6 +464,7 @@ export default {
                       addr:"", 
                       tls:false,
                       base_dn:"",
+                      object_class:"person",
                       search_attr:"sAMAccountName",
                       member_of:"",
                       bind_name:"",
@@ -407,6 +473,7 @@ export default {
       },          
       ruleForm: {
         bandwidth: 0,
+        bandwidth_format: '0',
         status: 1,
         allow_lan: true,
         client_dns: [{val: '114.114.114.114'}],
@@ -415,14 +482,35 @@ export default {
         link_acl: [],
         auth : {},
       },
+      authLoginDialog : false,
+      ipListDialog : false,
+      authLoginLoading : false,      
+      authLoginForm : {
+        name : "",
+        pwd : "",
+      },
+      ipEditForm: {
+        ip_list: "",
+        type : "",
+      },
+      ipEditLoading : false,
+      authLoginRules: {
+        name: [
+          {required: true, message: '请输入账号', trigger: 'blur'},
+        ],
+        pwd: [
+          {required: true, message: '请输入密码', trigger: 'blur'},
+          {min: 6, message: '长度至少 6 个字符', trigger: 'blur'}
+        ],
+      },         
       rules: {
         name: [
           {required: true, message: '请输入组名', trigger: 'blur'},
           {max: 30, message: '长度小于 30 个字符', trigger: 'blur'}
         ],
-        bandwidth: [
+        bandwidth_format: [
           {required: true, message: '请输入带宽限制', trigger: 'blur'},
-          {type: 'number', message: '带宽限制必须为数字值'}
+          {type: 'string', message: '带宽限制必须为数字值'}
         ],
         status: [
           {required: true}
@@ -437,7 +525,7 @@ export default {
           {required: true, message: '请输入服务器地址(含端口)', trigger: 'blur'}
         ],  
         "auth.ldap.bind_name": [
-          {required: true, message: '请输入管理员账号', trigger: 'blur'}
+          {required: true, message: '请输入管理员 DN', trigger: 'blur'}
         ],
         "auth.ldap.bind_pwd": [
           {required: true, message: '请输入管理员密码', trigger: 'blur'}
@@ -445,9 +533,12 @@ export default {
         "auth.ldap.base_dn": [
           {required: true, message: '请输入Base DN值', trigger: 'blur'}
         ],
+        "auth.ldap.object_class": [
+          {required: true, message: '请输入用户对象类', trigger: 'blur'}
+        ],        
         "auth.ldap.search_attr": [
           {required: true, message: '请输入用户唯一ID', trigger: 'blur'}
-        ],                                       
+        ],
       },
     }
   },
@@ -457,6 +548,9 @@ export default {
         this.ruleForm.auth = JSON.parse(JSON.stringify(this.defAuth));
         return ;
       }
+      if (row.auth.type == "ldap" && ! row.auth.ldap.object_class) {
+        row.auth.ldap.object_class = this.defAuth.ldap.object_class;
+      }      
       this.ruleForm.auth = Object.assign(JSON.parse(JSON.stringify(this.defAuth)), row.auth);
     },
     handleDel(row) {
@@ -487,7 +581,8 @@ export default {
           id: row.id,
         }
       }).then(resp => {
-        this.ruleForm = resp.data.data;
+        resp.data.data.bandwidth_format = this.convertBandwidth(resp.data.data.bandwidth, 'BYTE', 'Mbps').toString();
+        this.ruleForm = resp.data.data;        
         this.setAuthData(resp.data.data);
       }).catch(error => {
         this.$message.error('哦，请求出错');
@@ -533,6 +628,7 @@ export default {
           console.log('error submit!!');
           return false;
         }
+        this.ruleForm.bandwidth = this.convertBandwidth(this.ruleForm.bandwidth_format, 'Mbps', 'BYTE');
         axios.post('/group/set', this.ruleForm).then(resp => {
           const rdata = resp.data;
           if (rdata.code === 0) {
@@ -549,6 +645,108 @@ export default {
         });
       });
     },
+    testAuthLogin() {
+        this.$refs["authLoginForm"].validate((valid) => {
+            if (!valid) {
+                console.log('error submit!!');
+                return false;
+            }        
+            this.authLoginLoading = true;
+            axios.post('/group/auth_login', {name:this.authLoginForm.name,
+                                            pwd:this.authLoginForm.pwd,
+                                            auth:this.ruleForm.auth}).then(resp => {
+                    const rdata = resp.data;
+                    if (rdata.code === 0) {
+                        this.$message.success("登录成功");
+                    } else {
+                        this.$message.error(rdata.msg);                
+                    }
+                    this.authLoginLoading = false;
+                    console.log(rdata);
+                }).catch(error => {
+                    this.$message.error('哦，请求出错');
+                    console.log(error);
+                    this.authLoginLoading = false;
+            });
+        });
+    },
+    openAuthLoginDialog() {
+      this.$refs["ruleForm"].validate((valid) => {
+        if (!valid) {
+          console.log('error submit!!');
+          return false;
+        }        
+        this.authLoginDialog = true;
+        // set authLoginFormName focus
+        this.$nextTick(() => {
+            this.$refs['authLoginFormName'].focus();
+        });
+      });
+    },
+    openIpListDialog(type) {
+      this.ipListDialog = true;
+      this.ipEditForm.type = type;
+      this.ipEditForm.ip_list = this.ruleForm[type].map(item => item.val + (item.note ? "," + item.note : "")).join("\n");      
+    },
+    ipEdit() {
+        this.ipEditLoading = true;
+        let ipList = [];
+        if (this.ipEditForm.ip_list.trim() !== "") {
+            ipList = this.ipEditForm.ip_list.trim().split("\n");
+        }        
+        let arr = [];
+        for (let i = 0; i < ipList.length; i++) {
+          let item = ipList[i];
+          if (item.trim() === "") {
+            continue;
+          }
+          let ip = item.split(",");
+          if (ip.length > 2) {
+            ip[1] = ip.slice(1).join(",");
+          }
+          let note = ip[1] ? ip[1] : "";
+          const pushToArr = () => {
+            arr.push({val: ip[0], note: note});
+          };
+          if (this.ipEditForm.type == "route_include" && ip[0] == "all") {
+            pushToArr();
+            continue;  
+          }
+          let valid = this.isValidCIDR(ip[0]);
+          if (!valid.valid) {
+                this.$message.error("错误：CIDR格式错误，建议 " + ip[0] + " 改为 " + valid.suggestion);
+                this.ipEditLoading = false;
+                return;
+          }
+          pushToArr();
+        }
+        this.ruleForm[this.ipEditForm.type] = arr;
+        this.ipEditLoading = false;
+        this.ipListDialog = false;
+    },
+    isValidCIDR(input) {
+        const cidrRegex = /^((25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(25[0-5]|2[0-4]\d|[01]?\d\d?)\/([12]?\d|3[0-2])$/;
+        if (!cidrRegex.test(input)) {
+            return { valid: false, suggestion: null };
+        }
+        const [ip, mask] = input.split('/');
+        const maskNum = parseInt(mask);
+        const ipParts = ip.split('.').map(part => parseInt(part));
+        const binaryIP = ipParts.map(part => part.toString(2).padStart(8, '0')).join('');
+        for (let i = maskNum; i < 32; i++) {
+            if (binaryIP[i] === '1') {
+                const binaryNetworkPart = binaryIP.substring(0, maskNum).padEnd(32, '0');
+                const networkIPParts = [];
+                for (let j = 0; j < 4; j++) {
+                    const octet = binaryNetworkPart.substring(j * 8, (j + 1) * 8);
+                    networkIPParts.push(parseInt(octet, 2));
+                }
+                const suggestedIP = networkIPParts.join('.');
+                return { valid: false, suggestion: `${suggestedIP}/${mask}` };
+            }
+        }
+        return { valid: true, suggestion: null };
+    },
     resetForm(formName) {
       this.$refs[formName].resetFields();
     },
@@ -579,6 +777,18 @@ export default {
     closeDialog() {
       this.user_edit_dialog = false;
       this.activeTab = "general";
+    },
+    convertBandwidth(bandwidth, fromUnit, toUnit) {
+        const units = {
+            bps: 1,
+            Kbps: 1000,
+            Mbps: 1000000,
+            Gbps: 1000000000,
+            BYTE: 8,
+        };
+        const result = bandwidth * units[fromUnit] / units[toUnit];
+        const fixedResult = result.toFixed(2);
+        return parseFloat(fixedResult);
     }
   },
 }
@@ -598,4 +808,20 @@ export default {
 .el-select {
   width: 80px;
 }
+
+::v-deep .valgin-dialog{
+    display: flex;
+    flex-direction: column;
+    margin:0 !important;
+    position:absolute;
+    top:50%;
+    left:50%;
+    transform:translate(-50%,-50%);
+    max-height:calc(100% - 30px);
+    max-width:calc(100% - 30px);
+}
+::v-deep  .valgin-dialog .el-dialog__body{
+    flex:1;
+    overflow: auto;
+}
 </style>

web/src/pages/set/Other.vue

@@ -2,7 +2,13 @@
   <el-card>
     <el-tabs v-model="activeName" @tab-click="handleClick">
       <el-tab-pane label="邮件配置" name="dataSmtp">
-        <el-form :model="dataSmtp" ref="dataSmtp" :rules="rules" label-width="100px" class="tab-one">
+        <el-form
+          :model="dataSmtp"
+          ref="dataSmtp"
+          :rules="rules"
+          label-width="100px"
+          class="tab-one"
+        >
           <el-form-item label="服务器地址" prop="host">
             <el-input v-model="dataSmtp.host"></el-input>
           </el-form-item>
@@ -13,7 +19,11 @@
             <el-input v-model="dataSmtp.username"></el-input>
           </el-form-item>
           <el-form-item label="密码" prop="password">
-            <el-input type="password" v-model="dataSmtp.password" placeholder="密码为空则不修改"></el-input>
+            <el-input
+              type="password"
+              v-model="dataSmtp.password"
+              placeholder="密码为空则不修改"
+            ></el-input>
           </el-form-item>
           <el-form-item label="加密类型" prop="encryption">
             <el-radio-group v-model="dataSmtp.encryption">
@@ -26,94 +36,255 @@
             <el-input v-model="dataSmtp.from"></el-input>
           </el-form-item>
           <el-form-item>
-            <el-button type="primary" @click="submitForm('dataSmtp')">保存</el-button>
+            <el-button type="primary" @click="submitForm('dataSmtp')"
+              >保存</el-button
+            >
             <el-button @click="resetForm('dataSmtp')">重置</el-button>
           </el-form-item>
         </el-form>
       </el-tab-pane>
 
       <el-tab-pane label="审计日志" name="dataAuditLog">
-        <el-form :model="dataAuditLog" ref="dataAuditLog" :rules="rules" label-width="100px" class="tab-one">
+        <el-form
+          :model="dataAuditLog"
+          ref="dataAuditLog"
+          :rules="rules"
+          label-width="100px"
+          class="tab-one"
+        >
           <el-form-item label="审计去重间隔" prop="audit_interval">
-                <el-input-number v-model="dataAuditLog.audit_interval" :min="-1" size="small" label="秒" :disabled="true"></el-input-number>  秒
+            <el-input-number
-                <p class="input_tip">请手动修改配置文件中的 audit_interval 参数后，再重启服务, <strong style="color:#EA3323;">-1 代表关闭审计日志</strong></p>
+              v-model="dataAuditLog.audit_interval"
-          </el-form-item>            
+              :min="-1"
+              size="small"
+              label="秒"
+              :disabled="true"
+            ></el-input-number>
+            秒
+            <p class="input_tip">
+              请手动修改配置文件中的 audit_interval 参数后，再重启服务,
+              <strong style="color: #ea3323">-1 代表关闭审计日志</strong>
+            </p>
+          </el-form-item>
           <el-form-item label="存储时长" prop="life_day">
-                <el-input-number v-model="dataAuditLog.life_day" :min="0" :max="365" size="small" label="天数"></el-input-number>  天
+            <el-input-number
-                <p class="input_tip">范围: 0 ~ 365天 , <strong style="color:#EA3323;">0 代表永久保存</strong></p>
+              v-model="dataAuditLog.life_day"
+              :min="0"
+              :max="365"
+              size="small"
+              label="天数"
+            ></el-input-number>
+            天
+            <p class="input_tip">
+              范围: 0 ~ 365天 ,
+              <strong style="color: #ea3323">0 代表永久保存</strong>
+            </p>
           </el-form-item>
           <el-form-item label="清理时间" prop="clear_time">
             <el-time-select
-                v-model="dataAuditLog.clear_time"
+              v-model="dataAuditLog.clear_time"
-                :picker-options="{
+              :picker-options="{
-                    start: '00:00',
+                start: '00:00',
-                    step: '01:00',
+                step: '01:00',
-                    end: '23:00'
+                end: '23:00',
-                }"
+              }"
-                editable=false,
+              editable="false,"
-                size="small"
+              size="small"
-                placeholder="请选择"
+              placeholder="请选择"
-                style="width:130px;">
+              style="width: 130px"
-                </el-time-select>  
+            >
-            </el-form-item>
+            </el-time-select>
+          </el-form-item>
           <el-form-item>
-            <el-button type="primary" @click="submitForm('dataAuditLog')">保存</el-button>
+            <el-button type="primary" @click="submitForm('dataAuditLog')"
+              >保存</el-button
+            >
             <el-button @click="resetForm('dataAuditLog')">重置</el-button>
-          </el-form-item>          
+          </el-form-item>
         </el-form>
-      </el-tab-pane>     
+      </el-tab-pane>
+      <el-tab-pane label="证书设置" name="datacertManage">
+        <el-tabs
+          tab-position="left"
+          v-model="datacertManage"
+          @tab-click="handleClick"
+        >
+          <el-tab-pane label="自定义证书" name="customCert">
+            <el-form
+              ref="customCert"
+              :model="customCert"
+              label-width="100px"
+              size="small"
+              class="tab-one"
+            >
+              <el-form-item>
+                <el-upload
+                  class="uploadCert"
+                  :before-upload="beforeCertUpload"
+                  :action="certUpload"
+                  :limit="1"
+                >
+                  <el-button size="mini" icon="el-icon-plus" slot="trigger"
+                    >证书文件</el-button
+                  >
+                  <el-tooltip
+                    class="item"
+                    effect="dark"
+                    content="请上传 .pem 格式的 cert 文件"
+                    placement="top"
+                  >
+                    <i class="el-icon-info"></i>
+                  </el-tooltip>
+                </el-upload>
+              </el-form-item>
+              <el-form-item>
+                <el-upload
+                  class="uploadCert"
+                  :before-upload="beforeKeyUpload"
+                  :action="certUpload"
+                  :limit="1"
+                >
+                  <el-button size="mini" icon="el-icon-plus" slot="trigger"
+                    >私钥文件</el-button
+                  >
+                  <el-tooltip
+                    class="item"
+                    effect="dark"
+                    content="请上传 .pem 格式的 key 文件"
+                    placement="top"
+                  >
+                    <i class="el-icon-info"></i>
+                  </el-tooltip>
+                </el-upload>
+              </el-form-item>
+              <el-form-item>
+                <el-button
+                  size="small"
+                  icon="el-icon-upload"
+                  type="primary"
+                  @click="submitForm('customCert')"
+                  >上传</el-button
+                >
+              </el-form-item>
+            </el-form>
+          </el-tab-pane>
+          <el-tab-pane label="Let's Encrypt证书" name="letsCert">
+            <el-form
+              :model="letsCert"
+              ref="letsCert"
+              :rules="rules"
+              label-width="120px"
+              size="small"
+              class="tab-one"
+            >
+              <el-form-item label="域名" prop="domain">
+                <el-input v-model="letsCert.domain"></el-input>
+              </el-form-item>
+              <el-form-item label="邮箱" prop="legomail">
+                <el-input v-model="letsCert.legomail"></el-input>
+              </el-form-item>
+              <el-form-item label="域名服务商" prop="name">
+                <el-radio-group v-model="letsCert.name">
+                  <el-radio label="aliyun">阿里云</el-radio>
+                  <el-radio label="txcloud">腾讯云</el-radio>
+                  <el-radio label="cfcloud">cloudflare</el-radio>
+                </el-radio-group>
+              </el-form-item>
+              <el-form-item
+                v-for="component in dnsProvider[letsCert.name]"
+                :key="component.prop"
+                :label="component.label"
+                :rules="component.rules"
+              >
+                <component
+                  :is="component.component"
+                  :type="component.type"
+                  v-model="letsCert[letsCert.name][component.prop]"
+                ></component>
+              </el-form-item>
+              <el-form-item>
+                <el-switch
+                  style="display: block"
+                  v-model="letsCert.renew"
+                  active-color="#13ce66"
+                  inactive-color="#ff4949"
+                  inactive-text="自动续期"
+                >
+                </el-switch>
+              </el-form-item>
+              <el-form-item>
+                <el-button type="primary" @click="submitForm('letsCert')"
+                  >申请</el-button
+                >
+                <el-button @click="resetForm('letsCert')">重置</el-button>
+              </el-form-item>
+            </el-form>
+          </el-tab-pane>
+        </el-tabs>
+      </el-tab-pane>
       <el-tab-pane label="其他设置" name="dataOther">
-        <el-form :model="dataOther" ref="dataOther" :rules="rules" label-width="100px" class="tab-one">
+        <el-form
-
+          :model="dataOther"
+          ref="dataOther"
+          :rules="rules"
+          label-width="100px"
+          class="tab-one"
+        >
           <el-form-item label="vpn对外地址" prop="link_addr">
-            <el-input
+            <el-input placeholder="请输入内容" v-model="dataOther.link_addr">
-                placeholder="请输入内容"
-                v-model="dataOther.link_addr">
             </el-input>
           </el-form-item>
 
           <el-form-item label="Banner信息" prop="banner">
             <el-input
-                type="textarea"
+              type="textarea"
-                :rows="5"
+              :rows="5"
-                placeholder="请输入内容"
+              placeholder="请输入内容"
-                v-model="dataOther.banner">
+              v-model="dataOther.banner"
+            >
             </el-input>
           </el-form-item>
 
           <el-form-item label="自定义首页" prop="homeindex">
             <el-input
-                type="textarea"
+              type="textarea"
-                :rows="5"
+              :rows="10"
-                placeholder="请输入内容"
+              placeholder="请输入内容"
-                v-model="dataOther.homeindex">
+              v-model="dataOther.homeindex"
+            >
             </el-input>
+            <el-tooltip content="自定义内容可以参考 home 目录下的文件" placement="top">
+              <i class="el-icon-question"></i>
+            </el-tooltip>
           </el-form-item>
 
           <el-form-item label="账户开通邮件" prop="account_mail">
             <el-input
-                type="textarea"
+              type="textarea"
-                :rows="10"
+              :rows="10"
-                placeholder="请输入内容"
+              placeholder="请输入内容"
-                v-model="dataOther.account_mail">
+              v-model="dataOther.account_mail"
+            >
             </el-input>
           </el-form-item>
 
           <el-form-item label="邮件展示">
             <iframe
-                width="500px"
+              width="500px"
-                height="300px"
+              height="300px"
-                :srcdoc="dataOther.account_mail">
+              :srcdoc="dataOther.account_mail"
+            >
             </iframe>
           </el-form-item>
 
           <el-form-item>
-            <el-button type="primary" @click="submitForm('dataOther')">保存</el-button>
+            <el-button type="primary" @click="submitForm('dataOther')"
+              >保存</el-button
+            >
             <el-button @click="resetForm('dataOther')">重置</el-button>
           </el-form-item>
         </el-form>
       </el-tab-pane>
-
     </el-tabs>
   </el-card>
 </template>
@@ -124,25 +295,123 @@ import axios from "axios";
 export default {
   name: "Other",
   created() {
-    this.$emit('update:route_path', this.$route.path)
+    this.$emit("update:route_path", this.$route.path);
-    this.$emit('update:route_name', ['基础信息', '其他设置'])
+    this.$emit("update:route_name", ["基础信息", "其他设置"]);
   },
   mounted() {
-    this.getSmtp()
+    this.getSmtp();
   },
   data() {
     return {
-      activeName: 'dataSmtp',
+      activeName: "dataSmtp",
+      datacertManage: "customCert",
       dataSmtp: {},
       dataAuditLog: {},
+      letsCert: {
+        domain: ``,
+        legomail: ``,
+        name: "",
+        renew: "",
+        aliyun: {
+          apiKey: "",
+          secretKey: "",
+        },
+        txcloud: {
+          secretId: "",
+          secretKey: "",
+        },
+        cfcloud: {
+          authToken: "",
+        },
+      },
+      customCert: { cert: "", key: "" },
       dataOther: {},
       rules: {
-        host: {required: true, message: '请输入服务器地址', trigger: 'blur'},
+        host: { required: true, message: "请输入服务器地址", trigger: "blur" },
         port: [
-          {required: true, message: '请输入服务器端口', trigger: 'blur'},
+          { required: true, message: "请输入服务器端口", trigger: "blur" },
-          {type: 'number', message: '请输入正确的服务器端口', trigger: ['blur', 'change']}
+          {
+            type: "number",
+            message: "请输入正确的服务器端口",
+            trigger: ["blur", "change"],
+          },
+        ],
+        issuer: { required: true, message: "请输入系统名称", trigger: "blur" },
+        domain: {
+          required: true,
+          message: "请输入需要申请证书的域名",
+          trigger: "blur",
+        },
+        legomail: {
+          required: true,
+          message: "请输入申请证书的邮箱地址",
+          trigger: "blur",
+        },
+        name: { required: true, message: "请选择域名服务商", trigger: "blur" },
+      },
+      certUpload: "/set/other/customcert",
+      dnsProvider: {
+        aliyun: [
+          {
+            label: "APIKey",
+            prop: "apiKey",
+            component: "el-input",
+            type: "password",
+            rules: {
+              required: true,
+              message: "请输入正确的APIKey",
+              trigger: "blur",
+            },
+          },
+          {
+            label: "SecretKey",
+            prop: "secretKey",
+            component: "el-input",
+            type: "password",
+            rules: {
+              required: true,
+              message: "请输入正确的SecretKey",
+              trigger: "blur",
+            },
+          },
+        ],
+        txcloud: [
+          {
+            label: "SecretID",
+            prop: "secretId",
+            component: "el-input",
+            type: "password",
+            rules: {
+              required: true,
+              message: "请输入正确的APIKey",
+              trigger: "blur",
+            },
+          },
+          {
+            label: "SecretKey",
+            prop: "secretKey",
+            component: "el-input",
+            type: "password",
+            rules: {
+              required: true,
+              message: "请输入正确的APIKey",
+              trigger: "blur",
+            },
+          },
+        ],
+        cfcloud: [
+          {
+            label: "AuthToken",
+            prop: "authToken",
+            component: "el-input",
+            type: "password",
+            rules: {
+              required: true,
+              message: "请输入正确的AuthToken",
+              trigger: "blur",
+            },
+          },
         ],
-        issuer: {required: true, message: '请输入系统名称', trigger: 'blur'},
       },
     };
   },
@@ -151,108 +420,184 @@ export default {
       window.console.log(tab.name, event);
       switch (tab.name) {
         case "dataSmtp":
-          this.getSmtp()
+          this.getSmtp();
-          break
+          break;
         case "dataAuditLog":
-          this.getAuditLog()
+          this.getAuditLog();
-          break          
+          break;
+        case "letsCert":
+          this.getletsCert();
+          break;
         case "dataOther":
-          this.getOther()
+          this.getOther();
-          break          
+          break;
       }
     },
+    beforeCertUpload(file) {
+      // if (file.type !== 'application/x-pem-file') {
+      //   this.$message.error('只能上传 .pem 格式的证书文件')
+      //   return false
+      // }
+      this.customCert.cert = file;
+    },
+    beforeKeyUpload(file) {
+      // if (file.type !== 'application/x-pem-file') {
+      //   this.$message.error('只能上传 .pem 格式的私钥文件')
+      //   return false
+      // }
+      this.customCert.key = file;
+    },
     getSmtp() {
-      axios.get('/set/other/smtp').then(resp => {
+      axios
-        let rdata = resp.data
+        .get("/set/other/smtp")
-        console.log(rdata)
+        .then((resp) => {
-        if (rdata.code !== 0) {
+          let rdata = resp.data;
-          this.$message.error(rdata.msg);
+          console.log(rdata);
-          return;
+          if (rdata.code !== 0) {
-        }
+            this.$message.error(rdata.msg);
-        this.dataSmtp = rdata.data
+            return;
-      }).catch(error => {
+          }
-        this.$message.error('哦，请求出错');
+          this.dataSmtp = rdata.data;
-        console.log(error);
+        })
-      });
+        .catch((error) => {
+          this.$message.error("哦，请求出错");
+          console.log(error);
+        });
     },
     getAuditLog() {
-      axios.get('/set/other/audit_log').then(resp => {
+      axios
-        let rdata = resp.data
+        .get("/set/other/audit_log")
-        console.log(rdata)
+        .then((resp) => {
-        if (rdata.code !== 0) {
+          let rdata = resp.data;
-          this.$message.error(rdata.msg);
+          console.log(rdata);
-          return;
+          if (rdata.code !== 0) {
-        }
+            this.$message.error(rdata.msg);
-        this.dataAuditLog = rdata.data
+            return;
-      }).catch(error => {
+          }
-        this.$message.error('哦，请求出错');
+          this.dataAuditLog = rdata.data;
-        console.log(error);
+        })
-      });
+        .catch((error) => {
-    },     
+          this.$message.error("哦，请求出错");
+          console.log(error);
+        });
+    },
+    getletsCert() {
+      axios
+        .get("/set/other/getcertset")
+        .then((resp) => {
+          let rdata = resp.data;
+          console.log(rdata);
+          if (rdata.code !== 0) {
+            this.$message.error(rdata.msg);
+            return;
+          }
+          this.letsCert = Object.assign({}, this.letsCert, rdata.data);
+        })
+        .catch((error) => {
+          this.$message.error("哦，请求出错");
+          console.log(error);
+        });
+    },
     getOther() {
-      axios.get('/set/other').then(resp => {
+      axios
-        let rdata = resp.data
+        .get("/set/other")
-        console.log(rdata)
+        .then((resp) => {
-        if (rdata.code !== 0) {
+          let rdata = resp.data;
-          this.$message.error(rdata.msg);
+          console.log(rdata);
-          return;
+          if (rdata.code !== 0) {
-        }
+            this.$message.error(rdata.msg);
-        this.dataOther = rdata.data
+            return;
-      }).catch(error => {
+          }
-        this.$message.error('哦，请求出错');
+          this.dataOther = rdata.data;
-        console.log(error);
+        })
-      });
+        .catch((error) => {
+          this.$message.error("哦，请求出错");
+          console.log(error);
+        });
     },
     submitForm(formName) {
       this.$refs[formName].validate((valid) => {
         if (!valid) {
-          alert('error submit!');
+          alert("error submit!");
         }
 
         switch (formName) {
           case "dataSmtp":
-            axios.post('/set/other/smtp/edit', this.dataSmtp).then(resp => {
+            axios.post("/set/other/smtp/edit", this.dataSmtp).then((resp) => {
-              var rdata = resp.data
+              var rdata = resp.data;
               console.log(rdata);
               if (rdata.code === 0) {
                 this.$message.success(rdata.msg);
               } else {
                 this.$message.error(rdata.msg);
               }
-
+            });
-            })
             break;
           case "dataAuditLog":
-            axios.post('/set/other/audit_log/edit', this.dataAuditLog).then(resp => {
+            axios
-              var rdata = resp.data
+              .post("/set/other/audit_log/edit", this.dataAuditLog)
+              .then((resp) => {
+                var rdata = resp.data;
+                console.log(rdata);
+                if (rdata.code === 0) {
+                  this.$message.success(rdata.msg);
+                } else {
+                  this.$message.error(rdata.msg);
+                }
+              });
+            break;
+          case "letsCert":
+            var loading = this.$loading({
+              lock: true,
+              text: "证书申请中...",
+              spinner: "el-icon-loading",
+              background: "rgba(0, 0, 0, 0.7)",
+            });
+            axios.post("/set/other/createcert", this.letsCert).then((resp) => {
+              var rdata = resp.data;
+              console.log(rdata);
+              if (rdata.code === 0) {
+                loading.close();
+                this.$message.success(rdata.msg);
+              } else {
+                loading.close();
+                this.$message.error(rdata.msg);
+              }
+            });
+            break;
+          case "customCert":
+            var formData = new FormData();
+            formData.append("cert", this.customCert.cert);
+            formData.append("key", this.customCert.key);
+            axios.post(this.certUpload, formData).then((resp) => {
+              var rdata = resp.data;
               console.log(rdata);
               if (rdata.code === 0) {
                 this.$message.success(rdata.msg);
               } else {
                 this.$message.error(rdata.msg);
               }
-            })
+            });
             break;
           case "dataOther":
-            axios.post('/set/other/edit', this.dataOther).then(resp => {
+            axios.post("/set/other/edit", this.dataOther).then((resp) => {
-              var rdata = resp.data
+              var rdata = resp.data;
               console.log(rdata);
               if (rdata.code === 0) {
                 this.$message.success(rdata.msg);
               } else {
                 this.$message.error(rdata.msg);
               }
-            })
+            });
             break;
         }
-
       });
     },
     resetForm(formName) {
       this.$refs[formName].resetFields();
-    }
+    },
   },
-}
+};
 </script>
 
 <style scoped>
@@ -261,8 +606,7 @@ export default {
 }
 
 .input_tip {
-    line-height: 1.428;    
+  line-height: 1.428;
-    margin:2px 0 0 0;
+  margin: 2px 0 0 0;
 }
-
 </style>

web/src/pages/user/IpMap.vue

@@ -1,277 +1,285 @@
 <template>
-  <div>
+    <div>
-    <el-card>
+        <el-card>
 
-      <el-form :inline="true">
+            <el-form :inline="true">
-        <el-form-item>
+                <el-form-item>
-          <el-button
+                    <el-button
-              size="small"
+                            size="small"
-              type="primary"
+                            type="primary"
-              icon="el-icon-plus"
+                            icon="el-icon-plus"
-              @click="handleEdit('')">添加
+                            @click="handleEdit('')">添加
-          </el-button>
+                    </el-button>
-        </el-form-item>
+                </el-form-item>
-      </el-form>
+                <!--
+                <el-form-item>
+                    <el-alert
+                            title="直接操作数据库增删改数据后，请重启anylink服务"
+                            type="warning">
+                    </el-alert>
+                </el-form-item>
+                -->
+            </el-form>
 
-      <el-table
+            <el-table
-          ref="multipleTable"
+                    ref="multipleTable"
-          :data="tableData"
+                    :data="tableData"
-          border>
+                    border>
 
-        <el-table-column
+                <el-table-column
-            sortable="true"
+                        sortable="true"
-            prop="id"
+                        prop="id"
-            label="ID"
+                        label="ID"
-            width="60">
+                        width="60">
-        </el-table-column>
+                </el-table-column>
 
-        <el-table-column
+                <el-table-column
-            prop="ip_addr"
+                        prop="ip_addr"
-            label="IP地址">
+                        label="IP地址">
-        </el-table-column>
+                </el-table-column>
 
-        <el-table-column
+                <el-table-column
-            prop="mac_addr"
+                        prop="mac_addr"
-            label="MAC地址">
+                        label="MAC地址">
-        </el-table-column>
+                </el-table-column>
 
-        <el-table-column
+                <el-table-column
-            prop="unique_mac"
+                        prop="unique_mac"
-            label="唯一MAC">
+                        label="唯一MAC">
-            <template slot-scope="scope">
+                    <template slot-scope="scope">
-                <el-tag v-if="scope.row.unique_mac" type="success">是</el-tag>
+                        <el-tag v-if="scope.row.unique_mac" type="success">是</el-tag>
-            </template>
+                    </template>
-        </el-table-column>
+                </el-table-column>
 
-        <el-table-column
+                <el-table-column
-            prop="username"
+                        prop="username"
-            label="用户名">
+                        label="用户名">
-        </el-table-column>
+                </el-table-column>
 
-        <el-table-column
+                <el-table-column
-            prop="keep"
+                        prop="keep"
-            label="IP保留">
+                        label="IP保留">
-          <template slot-scope="scope">
+                    <template slot-scope="scope">
-            <!--            <el-tag v-if="scope.row.keep" type="success">保留</el-tag>-->
+                        <!--            <el-tag v-if="scope.row.keep" type="success">保留</el-tag>-->
-            <el-switch
+                        <el-switch
-                disabled
+                                disabled
-                v-model="scope.row.keep"
+                                v-model="scope.row.keep"
-                active-color="#13ce66">
+                                active-color="#13ce66">
-            </el-switch>
+                        </el-switch>
-          </template>
+                    </template>
-        </el-table-column>
+                </el-table-column>
 
-        <el-table-column
+                <el-table-column
-            prop="note"
+                        prop="note"
-            label="备注">
+                        label="备注">
-        </el-table-column>
+                </el-table-column>
 
-        <el-table-column
+                <el-table-column
-            prop="last_login"
+                        prop="last_login"
-            label="最后登陆时间"
+                        label="最后登陆时间"
-            :formatter="tableDateFormat">
+                        :formatter="tableDateFormat">
-        </el-table-column>
+                </el-table-column>
 
-        <el-table-column
+                <el-table-column
-            label="操作"
+                        label="操作"
-            width="150">
+                        width="150">
-          <template slot-scope="scope">
+                    <template slot-scope="scope">
-            <el-button
+                        <el-button
-                size="mini"
+                                size="mini"
-                type="primary"
+                                type="primary"
-                @click="handleEdit(scope.row)">编辑
+                                @click="handleEdit(scope.row)">编辑
-            </el-button>
+                        </el-button>
 
-            <el-popconfirm
+                        <el-popconfirm
-                class="m-left-10"
+                                class="m-left-10"
-                @confirm="handleDel(scope.row)"
+                                @confirm="handleDel(scope.row)"
-                title="确定要删除IP映射吗？">
+                                title="确定要删除IP映射吗？">
-              <el-button
+                            <el-button
-                  slot="reference"
+                                    slot="reference"
-                  size="mini"
+                                    size="mini"
-                  type="danger">删除
+                                    type="danger">删除
-              </el-button>
+                            </el-button>
-            </el-popconfirm>
+                        </el-popconfirm>
 
-          </template>
+                    </template>
-        </el-table-column>
+                </el-table-column>
-      </el-table>
+            </el-table>
 
-      <div class="sh-20"></div>
+            <div class="sh-20"></div>
 
-      <el-pagination
+            <el-pagination
-          background
+                    background
-          layout="prev, pager, next"
+                    layout="prev, pager, next"
-          :pager-count="11"
+                    :pager-count="11"
-          @current-change="pageChange"
+                    @current-change="pageChange"
-          :total="count">
+                    :total="count">
-      </el-pagination>
+            </el-pagination>
 
-    </el-card>
+        </el-card>
 
-    <!--新增、修改弹出框-->
+        <!--新增、修改弹出框-->
-    <el-dialog
+        <el-dialog
-        title="提示"
+                title="提示"
-        :close-on-click-modal="false"
+                :close-on-click-modal="false"
-        :visible="user_edit_dialog"
+                :visible="user_edit_dialog"
-        @close="disVisible"
+                @close="disVisible"
-        width="600px"
+                width="600px"
-        center>
+                center>
 
-      <el-form :model="ruleForm" :rules="rules" ref="ruleForm" label-width="100px" class="ruleForm">
+            <el-form :model="ruleForm" :rules="rules" ref="ruleForm" label-width="100px" class="ruleForm">
-        <el-form-item label="ID" prop="id">
+                <el-form-item label="ID" prop="id">
-          <el-input v-model="ruleForm.id" disabled></el-input>
+                    <el-input v-model="ruleForm.id" disabled></el-input>
-        </el-form-item>
+                </el-form-item>
-        <el-form-item label="IP地址" prop="ip_addr">
+                <el-form-item label="IP地址" prop="ip_addr">
-          <el-input v-model="ruleForm.ip_addr"></el-input>
+                    <el-input v-model="ruleForm.ip_addr"></el-input>
-        </el-form-item>
+                </el-form-item>
-        <el-form-item label="MAC地址" prop="mac_addr">
+                <el-form-item label="MAC地址" prop="mac_addr">
-          <el-input v-model="ruleForm.mac_addr"></el-input>
+                    <el-input v-model="ruleForm.mac_addr"></el-input>
-        </el-form-item>
+                </el-form-item>
-        <el-form-item label="用户名" prop="username">
+                <el-form-item label="用户名" prop="username">
-          <el-input v-model="ruleForm.username"></el-input>
+                    <el-input v-model="ruleForm.username"></el-input>
-        </el-form-item>
+                </el-form-item>
 
-        <el-form-item label="备注" prop="note">
+                <el-form-item label="备注" prop="note">
-          <el-input v-model="ruleForm.note"></el-input>
+                    <el-input v-model="ruleForm.note"></el-input>
-        </el-form-item>
+                </el-form-item>
 
-        <el-form-item label="IP保留" prop="keep">
+                <el-form-item label="IP保留" prop="keep">
-          <el-switch
+                    <el-switch
-              v-model="ruleForm.keep"
+                            v-model="ruleForm.keep"
-              active-color="#13ce66">
+                            active-color="#13ce66">
-          </el-switch>
+                    </el-switch>
-        </el-form-item>
+                </el-form-item>
 
-        <el-form-item>
+                <el-form-item>
-          <el-button type="primary" @click="submitForm('ruleForm')">保存</el-button>
+                    <el-button type="primary" @click="submitForm('ruleForm')">保存</el-button>
-          <el-button @click="disVisible">取消</el-button>
+                    <el-button @click="disVisible">取消</el-button>
-        </el-form-item>
+                </el-form-item>
-      </el-form>
+            </el-form>
 
-    </el-dialog>
+        </el-dialog>
 
-  </div>
+    </div>
 </template>
 
 <script>
 import axios from "axios";
 
 export default {
-  name: "IpMap",
+    name: "IpMap",
-  components: {},
+    components: {},
-  mixins:[],
+    mixins: [],
-  created() {
+    created() {
-    this.$emit('update:route_path', this.$route.path)
+        this.$emit('update:route_path', this.$route.path)
-    this.$emit('update:route_name', ['用户信息', 'IP映射'])
+        this.$emit('update:route_name', ['用户信息', 'IP映射'])
-  },
+    },
-  mounted() {
+    mounted() {
-    this.getData(1)
+        this.getData(1)
-  },
+    },
-  data() {
+    data() {
-    return {
+        return {
-      tableData: [],
+            tableData: [],
-      count: 10,
+            count: 10,
-      nowIndex: 0,
+            nowIndex: 0,
-      ruleForm: {
+            ruleForm: {
-        status: 1,
+                status: 1,
-        groups: [],
+                groups: [],
-      },
+            },
-      rules: {
+            rules: {
-        username: [
+                username: [
-          {required: false, message: '请输入用户名', trigger: 'blur'},
+                    {required: false, message: '请输入用户名', trigger: 'blur'},
-          {max: 50, message: '长度小于 50 个字符', trigger: 'blur'}
+                    {max: 50, message: '长度小于 50 个字符', trigger: 'blur'}
-        ],
+                ],
-        mac_addr: [
+                mac_addr: [
-          {required: true, message: '请输入mac地址', trigger: 'blur'}
+                    {required: true, message: '请输入mac地址', trigger: 'blur'}
-        ],
+                ],
-        ip_addr: [
+                ip_addr: [
-          {required: true, message: '请输入ip地址', trigger: 'blur'}
+                    {required: true, message: '请输入ip地址', trigger: 'blur'}
-        ],
+                ],
 
-        status: [
+                status: [
-          {required: true}
+                    {required: true}
-        ],
+                ],
-      },
+            },
-    }
-  },
-  methods: {
-    getData(p) {
-      axios.get('/user/ip_map/list', {
-        params: {
-          page: p,
         }
-      }).then(resp => {
-        var data = resp.data.data
-        console.log(data);
-        this.tableData = data.datas;
-        this.count = data.count
-      }).catch(error => {
-        this.$message.error('哦，请求出错');
-        console.log(error);
-      });
     },
-    pageChange(p) {
+    methods: {
-      this.getData(p)
+        getData(p) {
-    },
+            axios.get('/user/ip_map/list', {
-    handleEdit(row) {
+                params: {
-      !this.$refs['ruleForm'] || this.$refs['ruleForm'].resetFields();
+                    page: p,
-      console.log(row)
+                }
-      this.user_edit_dialog = true
+            }).then(resp => {
-      if (!row) {
+                var data = resp.data.data
-        return;
+                console.log(data);
-      }
+                this.tableData = data.datas;
+                this.count = data.count
+            }).catch(error => {
+                this.$message.error('哦，请求出错');
+                console.log(error);
+            });
+        },
+        pageChange(p) {
+            this.getData(p)
+        },
+        handleEdit(row) {
+            !this.$refs['ruleForm'] || this.$refs['ruleForm'].resetFields();
+            console.log(row)
+            this.user_edit_dialog = true
+            if (!row) {
+                return;
+            }
 
-      axios.get('/user/ip_map/detail', {
+            axios.get('/user/ip_map/detail', {
-        params: {
+                params: {
-          id: row.id,
+                    id: row.id,
-        }
+                }
-      }).then(resp => {
+            }).then(resp => {
-        this.ruleForm = resp.data.data
+                this.ruleForm = resp.data.data
-      }).catch(error => {
+            }).catch(error => {
-        this.$message.error('哦，请求出错');
+                this.$message.error('哦，请求出错');
-        console.log(error);
+                console.log(error);
-      });
+            });
-    },
+        },
-    handleDel(row) {
+        handleDel(row) {
-      axios.post('/user/ip_map/del?id=' + row.id).then(resp => {
+            axios.post('/user/ip_map/del?id=' + row.id).then(resp => {
-        var rdata = resp.data
+                var rdata = resp.data
-        if (rdata.code === 0) {
+                if (rdata.code === 0) {
-          this.$message.success(rdata.msg);
+                    this.$message.success(rdata.msg);
-          this.getData(1);
+                    this.getData(1);
-        } else {
+                } else {
-          this.$message.error(rdata.msg);
+                    this.$message.error(rdata.msg);
-        }
+                }
-        console.log(rdata);
+                console.log(rdata);
-      }).catch(error => {
+            }).catch(error => {
-        this.$message.error('哦，请求出错');
+                this.$message.error('哦，请求出错');
-        console.log(error);
+                console.log(error);
-      });
+            });
-    },
+        },
-    submitForm(formName) {
+        submitForm(formName) {
-      this.$refs[formName].validate((valid) => {
+            this.$refs[formName].validate((valid) => {
-        if (!valid) {
+                if (!valid) {
-          console.log('error submit!!');
+                    console.log('error submit!!');
-          return false;
+                    return false;
-        }
+                }
 
-        // alert('submit!');
+                // alert('submit!');
-        axios.post('/user/ip_map/set', this.ruleForm).then(resp => {
+                axios.post('/user/ip_map/set', this.ruleForm).then(resp => {
-          var rdata = resp.data
+                    var rdata = resp.data
-          if (rdata.code === 0) {
+                    if (rdata.code === 0) {
-            this.$message.success(rdata.msg);
+                        this.$message.success(rdata.msg);
-            this.getData(1);
+                        this.getData(1);
-          } else {
+                    } else {
-            this.$message.error(rdata.msg);
+                        this.$message.error(rdata.msg);
-          }
+                    }
-          console.log(rdata);
+                    console.log(rdata);
-        }).catch(error => {
+                }).catch(error => {
-          this.$message.error('哦，请求出错');
+                    this.$message.error('哦，请求出错');
-          console.log(error);
+                    console.log(error);
-        });
+                });
-      });
+            });
+        },
     },
-  },
 }
 </script>
 

web/yarn.lock

@@ -6759,6 +6759,13 @@ qs@6.9.7:
   resolved "https://registry.yarnpkg.com/qs/-/qs-6.9.7.tgz#4610846871485e1e048f44ae3b94033f0e675afe"
   integrity sha512-IhMFgUmuNpyRfxA90umL7ByLlgRXu6tIfKPpF5TmcfRLlLCckfP/g3IQmju6jjpu+Hh8rA+2p6A27ZSPOOHdKw==
 
+qs@^6.11.1:
+  version "6.11.1"
+  resolved "https://registry.npmmirror.com/qs/-/qs-6.11.1.tgz#6c29dff97f0c0060765911ba65cbc9764186109f"
+  integrity sha512-0wsrzgTz/kAVIeuxSjnpGC56rzYtr6JT/2BwEvMaPhFIoYa1aGO8LbzuU1R0uUYQkLpWBTOj0l/CLAJB64J6nQ==
+  dependencies:
+    side-channel "^1.0.4"
+
 qs@~6.5.2:
   version "6.5.3"
   resolved "https://registry.yarnpkg.com/qs/-/qs-6.5.3.tgz#3aeeffc91967ef6e35c0e488ef46fb296ab76aad"