7x31/anylink
1
0
Fork 0
mirror of https://github.com/bjdgyc/anylink.git synced 2025-09-28 16:15:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: 7x31:v0.9.2-beta1
Branches Tags
7x31:main
7x31:v0.13.1 7x31:v0.12.2 7x31:v0.12.1 7x31:v0.11.4 7x31:v0.11.3 7x31:v0.11.2 7x31:v0.11.1 7x31:v0.10.1 7x31:v0.9.4 7x31:v0.9.3 7x31:v0.9.2-beta2 7x31:v0.9.2-beta1 7x31:v0.9.1-beta1 7x31:v0.8.1 7x31:v0.7.4 7x31:v0.7.3 7x31:v0.7.2 7x31:v0.7.1 7x31:v0.6.2 7x31:v0.6.1 7x31:v0.5.1 7x31:v0.4.2 7x31:v0.4.1 7x31:v0.3.3 7x31:v0.3.1 7x31:v0.2.1 7x31:v0.1.8 7x31:v0.1.7 7x31:v0.1.6 7x31:v0.1.0 7x31:v0.0.8 7x31:v0.0.6
..
compare: 7x31:v0.11.1
Branches Tags
7x31:main
7x31:v0.13.1 7x31:v0.12.2 7x31:v0.12.1 7x31:v0.11.4 7x31:v0.11.3 7x31:v0.11.2 7x31:v0.11.1 7x31:v0.10.1 7x31:v0.9.4 7x31:v0.9.3 7x31:v0.9.2-beta2 7x31:v0.9.2-beta1 7x31:v0.9.1-beta1 7x31:v0.8.1 7x31:v0.7.4 7x31:v0.7.3 7x31:v0.7.2 7x31:v0.7.1 7x31:v0.6.2 7x31:v0.6.1 7x31:v0.5.1 7x31:v0.4.2 7x31:v0.4.1 7x31:v0.3.3 7x31:v0.3.1 7x31:v0.2.1 7x31:v0.1.8 7x31:v0.1.7 7x31:v0.1.6 7x31:v0.1.0 7x31:v0.0.8 7x31:v0.0.6

186 Commits
v0.9.2-bet ... v0.11.1

Author SHA1 Message Date
bjdgy
5d4a9c0082 test 2024-02-04 19:57:07 +08:00
bjdgy
8bd8651fd7 删除armv7 2024-02-04 00:01:24 +08:00
bjdgy
545ddb337f 删除静态编译 2024-02-02 19:24:02 +08:00
bjdgy
d53ab80848 删除静态编译 2024-02-02 19:22:13 +08:00
bjdgyc
6c1f29ba3a 修复build错误 2024-02-02 18:59:34 +08:00
bjdgyc
947339384b 更新版本 2024-02-01 17:27:00 +08:00
bjdgyc
0849c6049b 更新版本 2024-02-01 17:20:44 +08:00
bjdgyc
936c44e866 优化编译脚本 2024-02-01 17:18:16 +08:00
bjdgyc
02bc75b27a 优化编译脚本 2024-02-01 16:12:41 +08:00
bjdgy
1aa8c83d58 修复go test报错 2024-01-31 22:56:59 +08:00
bjdgy
7554876259 修复go test报错 2024-01-31 22:47:54 +08:00
bjdgyc
2fc3c33880 添加 deploy 部署脚本 
优化应用易用性
 2024-01-31 17:44:35 +08:00
bjdgy
d45ecbf3b7 添加 Release 2024-01-30 21:26:09 +08:00
bjdgy
54c2d95dd5 添加 Release 2024-01-30 21:21:42 +08:00
bjdgy
7eb8cc2077 添加 Release 2024-01-30 21:03:28 +08:00
bjdgyc
fbd799f9f9 添加 Release 2024-01-30 18:23:09 +08:00
bjdgyc
f9ff92d73d 修改 docker 编译 2024-01-30 11:06:15 +08:00
bjdgy
10a335dc3d 修改 docker 编译 2024-01-29 22:25:41 +08:00
bjdgy
cd5652215f 修改 docker 编译 2024-01-29 22:17:01 +08:00
bjdgy
b153997cf1 修改 docker 编译 2024-01-29 22:13:40 +08:00
bjdgy
d5046a4f53 修改 docker 编译 2024-01-29 22:11:15 +08:00
bjdgy
b7fbbdc58c 修改 docker 编译 2024-01-29 22:07:52 +08:00
bjdgy
39b28f23c0 修改 docker 编译 2024-01-29 21:47:42 +08:00
bjdgy
aa09d928c3 修改 docker 编译 2024-01-29 21:34:03 +08:00
bjdgy
9099aea122 修改 docker 编译 2024-01-29 21:26:38 +08:00
bjdgy
ef3f2aba4c 修改 docker 编译 2024-01-29 21:11:40 +08:00
bjdgy
3c015651ef 修改 docker 编译 2024-01-29 20:59:34 +08:00
bjdgy
6a598b2570 修改 docker 编译 2024-01-29 20:50:55 +08:00
bjdgyc
1f47e3e254 修改 docker 编译 2024-01-29 17:56:39 +08:00
bjdgyc
79b7f0c88e 修改 docker 编译 2024-01-29 17:50:28 +08:00
bjdgyc
289f748543 修改 docker 编译 2024-01-29 17:47:46 +08:00
bjdgyc
4f77fd9013 添加 release.sh 脚本 2024-01-29 15:11:10 +08:00
bjdgyc
769c304e9a 添加 release.sh 脚本 2024-01-29 14:40:12 +08:00
bjdgyc
a5d9764d35 添加 release.sh 脚本 2024-01-29 14:32:41 +08:00
bjdgyc
f47fbd0252 添加 release.sh 脚本 2024-01-29 14:30:15 +08:00
bjdgyc
41278f722d Update build.sh 2024-01-29 00:25:18 +08:00
bjdgyc
87e50e8e0d Update build.sh 2024-01-29 00:21:51 +08:00
bjdgyc
5371e4530f Update release-tag-version.yml 2024-01-29 00:19:56 +08:00
bjdgyc
9d5f5719d8 Merge pull request #290 from bjdgyc/dev 
添加github action编译
 2024-01-29 00:15:27 +08:00
bjdgy
911b96cc74 修改readme 2024-01-29 00:09:48 +08:00
bjdgyc
13de601474 修改readme 2024-01-24 10:08:48 +08:00
bjdgyc
56576cb22a 修改配置参数 2024-01-23 17:38:48 +08:00
bjdgyc
70f3e46ef7 修改配置参数 2024-01-23 14:28:11 +08:00
bjdgy
1592a1f01b fix 2024-01-22 22:49:27 +08:00
bjdgy
279498e37e 更改 http server log 2024-01-22 21:18:26 +08:00
bjdgyc
9ed8b1a9f1 更新证书信息 2024-01-22 15:12:10 +08:00
bjdgyc
31a1035267 更新证书信息 2024-01-22 15:06:05 +08:00
bjdgyc
5731d9a01c 修复otp二维码 不显示的问题 2024-01-22 13:21:12 +08:00
bjdgyc
c63604aba3 修复otp二维码 不显示的问题 2024-01-22 10:38:20 +08:00
bjdgyc
7c3ed549d0 增加 用户名或姓名或邮箱 搜索支持 2024-01-15 17:46:47 +08:00
bjdgyc
4a33b42726 Merge remote-tracking branch 'origin/dev' into dev 2024-01-15 17:31:48 +08:00
bjdgyc
da92c111e7 增加 用户名或姓名或邮箱 搜索支持 2024-01-15 17:30:58 +08:00
bjdgyc
634c8c8145 Update go-update.yml 2024-01-15 15:50:39 +08:00
bjdgyc
3408198d2d 修改说明文件 2024-01-15 15:21:39 +08:00
bjdgyc
1df0f60ed3 Update go-update.yml 2024-01-15 10:10:30 +08:00
bjdgyc
1f5d7d0dab Merge pull request #288 from Potterli20/patch-1 
update go.mod 7day
 2024-01-15 10:07:09 +08:00
trli
e73504b4b6 Create go-update.yml 2024-01-15 09:52:44 +08:00
bjdgy
2e86547e97 修复 DPD-REQ 协议 2023-12-31 22:39:29 +08:00
bjdgyc
970213f269 Merge pull request #285 from itviewer/dev 
遵循 DPD-REQ 协议,修复 OpenConnect DTLS 的 MTU 探测
 2023-12-31 21:53:03 +08:00
XinJun Ma
ffd68d6c81 遵循 DPD-REQ 协议,修复 OpenConnect DTLS 的 MTU 探测 2023-12-31 18:36:02 +08:00
bjdgyc
3f072242f4 添加 空闲链接超时自动断开 2023-12-29 16:17:50 +08:00
bjdgyc
ef1e20a558 添加 空闲链接超时自动断开 2023-12-29 15:51:49 +08:00
bjdgy
42142d95b7 修改报错信息 2023-12-27 21:24:24 +08:00
bjdgy
638a99275e fix 2023-12-26 13:00:55 +08:00
bjdgyc
edc7a4a4a3 Merge pull request #283 from bjdgyc/dev 
修复容器频繁重启的问题
 2023-12-26 12:13:03 +08:00
bjdgy
17492d8172 修复容器频繁重启的问题 2023-12-26 11:24:01 +08:00
bjdgyc
65de1a58cf Merge pull request #282 from bjdgyc/dev 
添加问题信息
 2023-12-25 15:39:43 +08:00
bjdgyc
dfb25718f7 添加问题信息 2023-12-25 15:38:59 +08:00
bjdgyc
3deda4d77f Merge pull request #281 from bjdgyc/dev 
合并新版
 2023-12-25 14:56:58 +08:00
bjdgyc
2af524f87b Merge pull request #274 from aiminickwong/main 
解决电信DNS Let's Encrypt证书刷新缓慢问题
 2023-12-25 14:55:14 +08:00
bjdgyc
1b6abeb849 修复 modprobe 报错 2023-12-25 14:47:30 +08:00
bjdgyc
e3b303744b 修复 modprobe 报错 2023-12-25 14:34:21 +08:00
bjdgyc
d3f16eb2ad 修复 modprobe 报错 2023-12-25 14:31:35 +08:00
bjdgyc
64404ea94b 修改readme 2023-12-13 16:50:35 +08:00
bjdgyc
ededfddff4 Merge pull request #278 from lanrenwo/group_ip_list 
新增路由设置的编辑模式
 2023-12-04 18:38:17 +08:00
lanrenwo
8a3d34b737 优化isValidCIDR函数,解决部分格式检测有误,并给予建议提示。 2023-12-04 18:32:09 +08:00
lanrenwo
7c040e2a0f 过滤文本框内的空行 2023-12-04 13:44:06 +08:00
lanrenwo
3d03f6adb8 解决大量路由导致弹窗卡顿的问题(当点击“路由设置”时,才加载路由) 2023-12-04 13:08:37 +08:00
lanrenwo
5d24eda7fc 不限制路由的数量,并检测CIDR格式的正确性 2023-12-03 22:09:46 +08:00
lanrenwo
ea92857524 新增路由设置的编辑模式 2023-12-02 15:38:18 +08:00
bjdgyc
b521dddb98 Merge pull request #276 from lanrenwo/banner_special_chars 
优化处理Banner特殊字符的代码
 2023-11-27 10:18:31 +08:00
lanrenwo
2bd94aef2b 优化处理Banner特殊字符的代码 2023-11-20 12:24:44 +08:00
bjdgyc
3879c3a4bc 修复Banner特殊字符 2023-11-15 11:57:12 +08:00
bjdgyc
aa2b89855f 添加 DTLS12-CipherSuite 筛选 2023-11-09 10:52:10 +08:00
bjdgyc
9e1969e3d0 添加 DTLS12-CipherSuite 筛选 2023-11-08 18:07:32 +08:00
bjdgyc
5b1d86282a fix 2023-11-06 16:51:32 +08:00
bjdgyc
bfc39fe4ea 默认显示错误信息 2023-11-02 15:54:59 +08:00
bjdgyc
9019a5f03a 添加网卡 alias 信息 2023-10-30 13:04:07 +08:00
bjdgyc
38d268e999 添加网卡 alias 信息 2023-10-30 11:46:53 +08:00
bjdgyc
57990d3d2a 添加网卡 alias 2023-10-30 11:38:31 +08:00
bjdgyc
6788a875a2 优化 2023-10-24 17:49:13 +08:00
bjdgyc
a9ad21b3b5 修改dtls加密套件 2023-10-17 16:30:45 +08:00
bjdgyc
43ca09e985 修改dtls加密套件 2023-10-17 16:01:31 +08:00
aiminick
b7da567cee 解决电信DNS Let's Encrypt证书刷新缓慢问题 
解决电信DNS Let's Encrypt证书刷新缓慢问题,改为阿里DNS后问题改善
 2023-10-17 00:54:49 +08:00
bjdgyc
6eea265b15 添加自定义首页 2023-10-11 17:21:26 +08:00
bjdgyc
06c8ee1197 添加自定义首页 2023-10-11 17:20:57 +08:00
bjdgyc
ebc7cc85c0 添加nginx stream示例 2023-10-11 16:00:53 +08:00
bjdgyc
012f636cf7 修改 profile.xml 2023-10-11 10:19:23 +08:00
bjdgyc
4f9cc2074a Merge remote-tracking branch 'origin/dev' into dev 2023-09-22 16:19:10 +08:00
bjdgyc
bbc5877eb9 修复header 2023-09-22 16:18:38 +08:00
bjdgyc
c6b85c7d66 Merge pull request #270 from lanrenwo/dev 
修复logAudit的panic
 2023-09-12 08:40:50 +08:00
lanrenwo
8e843d5eae Update payload_access_audit.go 2023-09-08 21:01:03 +08:00
lanrenwo
7b9be9377f 修复logAudit的panic 2023-09-08 20:33:30 +08:00
bjdgyc
f03264faf3 Merge pull request #268 from shikaiguo/main 
修改邮件内容的参数
 2023-09-06 15:57:08 +08:00
bjdgyc
b19ff321ad Merge pull request #267 from lanrenwo/dev 
修复sniNewParser的panic
 2023-09-06 15:54:22 +08:00
lanrenwo
f6980261d4 logAudit引入recover, 防止主程序崩溃. 2023-09-03 11:18:52 +08:00
lanrenwo
7651b69ed6 删除sniNewParser多余的空格 2023-09-02 10:46:01 +08:00
lanrenwo
2af2d273e4 简化sniNewParser代码 2023-09-02 10:44:47 +08:00
K
ff54abc5d5 增加邮件内容的昵称参数 2023-09-01 22:49:07 +08:00
lanrenwo
a168c96a93 修复sniNewParser的panic 2023-09-01 18:10:20 +08:00
bjdgyc
6127c41aea 修复 panic 2023-09-01 17:55:15 +08:00
bjdgyc
da1d6c6c6d 添加安全的header头 2023-08-25 13:56:04 +08:00
bjdgyc
08de4fe086 添加安全的header头 2023-08-24 16:59:35 +08:00
bjdgyc
7714c2a3e8 debug信息 需要鉴权后显示 2023-08-24 14:27:12 +08:00
bjdgyc
78a8b06467 变更qq群 2023-08-17 16:27:12 +08:00
bjdgyc
28ffda2371 修复上传文件漏洞 2023-08-08 15:17:05 +08:00
bjdgyc
c23b120e90 更新 2023-08-08 15:01:15 +08:00
bjdgyc
287355de54 Merge pull request #260 from bjdgyc/dev 
Dev
 2023-08-04 17:52:26 +08:00
bjdgyc
01f90e5bb5 管理用户支持otp 2023-07-24 17:36:03 +08:00
bjdgyc
91a9190379 管理用户支持otp 2023-07-24 17:26:52 +08:00
bjdgyc
0a9fe8f96c Merge pull request #258 from bjdgyc/dev 
Dev
 2023-07-23 15:45:04 +08:00
bjdgy
254110ebff 修改readme 2023-07-23 15:07:14 +08:00
bjdgyc
9c706a7d0d 升级dtls 2023-07-20 11:14:14 +08:00
bjdgyc
d228e224cd 修改readme 2023-07-17 18:26:45 +08:00
bjdgyc
6e95ea5441 修改server信息 2023-07-14 17:25:43 +08:00
bjdgyc
ce61401304 Merge pull request #247 from bjdgyc/main 
pull main
 2023-06-14 16:47:22 +08:00
bjdgyc
d7d2696790 Merge pull request #246 from lanrenwo/bandwidth_to_mbps 
用户组列表-带宽限制的单位从BYTE修改为Mbps
 2023-06-14 16:43:17 +08:00
bjdgyc
9a6aaa87e5 Merge pull request #244 from xnow-me/main 
强制使用规范的网络路由地址
 2023-06-14 16:39:03 +08:00
lanrenwo
e31b5d83d4 用户组列表-带宽限制的单位从BYTE修改为Mbps 2023-06-14 14:30:18 +08:00
lihz
fc2920e140 强制使用规范的网络路由地址 2023-06-13 13:22:00 +08:00
bjdgyc
d36e2fe85a 修改参数比较 2023-06-08 17:09:19 +08:00
bjdgyc
14efb14a9a 修改配置文件报错,停止程序 2023-05-30 15:52:20 +08:00
bjdgyc
92de727db8 Merge pull request #240 from wsczx/dev 
修复腾讯云因DNS解析生效时间导致无法成功申请证书的bug
 2023-05-15 09:45:40 +08:00
wsczx
c63e4f33d5 申请证书前端添加等待效果,避免无法及时获取后端结果 2023-05-04 23:32:16 +08:00
wsczx
60095fbc9b 优化验证DNS超时时间和轮训间隔,避免申请证书失败 2023-05-04 22:24:53 +08:00
wsczx
fe9b84ce98 修改cf使用authToken的方式申请证书,修复因前后端cf名称不一致导致的指针错误 2023-05-04 19:08:40 +08:00
wsczx
fd5ec7f86a 修复腾讯云因DNS解析生效时间导致无法成功申请证书的bug 2023-05-02 00:38:17 +08:00
bjdgyc
50bc864fdd 添加版本显示 2023-04-26 21:14:40 +08:00
bjdgyc
a9e798f203 修改版本打印 2023-04-26 21:05:18 +08:00
bjdgyc
165d4ef8a0 修改捐赠列表 2023-04-26 20:47:24 +08:00
bjdgyc
65c24c4e27 Merge pull request #237 from bjdgyc/dev 
Dev
 2023-04-26 20:39:36 +08:00
bjdgyc
b81bc5c283 修复test报错 2023-04-25 21:48:54 +08:00
bjdgyc
b52b8598df 修复test报错 2023-04-25 15:49:56 +08:00
bjdgyc
22fda0f6a1 修改systemd文件 2023-04-23 10:49:02 +08:00
bjdgyc
fed9066f22 修改ip分配的错误 2023-04-21 18:27:49 +08:00
bjdgyc
91ce4752f3 兼容不支持SNI的情况 2023-04-21 15:57:12 +08:00
bjdgyc
c05ec9ab36 兼容不支持SNI的情况 2023-04-21 14:44:53 +08:00
bjdgyc
6ee80d32ea 修改证书设置 2023-04-21 11:39:51 +08:00
bjdgyc
cc5aff08ad 修改ip pool策略 2023-04-21 10:17:51 +08:00
bjdgyc
690b4460ad 修改ip pool策略 2023-04-20 21:07:02 +08:00
bjdgyc
9dff39d299 Merge pull request #235 from wsczx/dev 
修复直接升级anylink无法创建证书数据库信息,导致无法申请证书的BUG
 2023-04-20 12:40:00 +08:00
bjdgyc
638c601c02 修改ip pool策略 2023-04-19 18:12:50 +08:00
wsczx
c2129af104 修复升级anylink无法创建证书数据库信息,导致无法申请证书的BUG 2023-04-19 15:37:55 +08:00
bjdgyc
bc9248e16b 添加allow_lan 提示 2023-04-19 15:24:41 +08:00
bjdgyc
8028b73d81 Merge branch 'main' into dev 2023-04-18 18:11:38 +08:00
bjdgyc
214311e80c 修改版本 2023-04-18 18:11:08 +08:00
bjdgyc
43de8148a0 添加pnpm支持 2023-04-18 16:52:14 +08:00
bjdgyc
150fff328f Merge pull request #233 from denymz/sni 
feat:根据SNI返回SSL证书
 2023-04-18 10:16:15 +08:00
deny
609a893feb feat:根据SNI返回SSL证书 2023-04-17 11:07:39 +00:00
bjdgyc
9cb8c97af9 Merge pull request #229 from DimitriPapadopoulos/codespell 
Fix typos found by codespell
 2023-04-17 10:13:12 +08:00
bjdgyc
8798de0d6d Merge pull request #226 from wsczx/dev 
增加证书相关功能
 2023-04-17 10:12:37 +08:00
Dimitri Papadopoulos
26d20c0b40 Fix typos found by codespell 2023-04-11 17:42:30 +02:00
wsczx
19e99b7648 修复检查证书文件是否存在失败的bug 2023-04-07 23:59:44 +08:00
wsczx
5dc8114167 更新go mod文件 2023-04-06 14:51:25 +08:00
wsczx
4b83bd7ccf 修改Let's Encrypt注册地址为生产模式 2023-04-06 14:16:36 +08:00
wsczx
bc7c61c337 优化代码 2023-04-06 12:29:21 +08:00
wsczx
b3e7212b03 增加校验证书合法性,不合法或不存在则创建一个自签名证书,保证服务正常启动 2023-04-05 02:00:57 +08:00
wsczx
748adadd1e 保存Lego注册信息,避免重复注册导致失败 
优化动态加载TLS证书性能
 2023-04-04 22:35:40 +08:00
bjdgyc
c646f79ef8 添加问题说明 2023-04-04 15:33:25 +08:00
wsczx
061f6f222b Let's Encrypt添加Cloudflare接口,优化DNS服务商信息的存储方式和前端显示 2023-04-02 00:43:17 +08:00
wsczx
9bac773961 * 新增支持自定义上传证书功能 
* 新增支持申请和自动续期Let's Encrypt证书(暂只支持阿里云和腾讯云)功能
* 新增支持动态加载证书(更换证书不需重启)功能
 2023-03-31 20:34:29 +08:00
bjdgyc
4d15fe286a Create FUNDING.yml 
add Sponsors
 2023-02-27 14:42:46 +08:00
bjdgyc
df52087473 Merge pull request #219 from lanrenwo/add_lzs_compress 
新增压缩功能-LZS算法
 2023-02-16 16:01:19 +08:00
lanrenwo
9533ecd6c5 优化压缩的代码 2023-02-16 14:35:55 +08:00
bjdgyc
8608c6acee Merge pull request #216 from lanrenwo/add_auth_test_login 
新增后台测试登录的功能
 2023-02-06 11:39:12 +08:00
lanrenwo
768e137ff9 新增压缩功能-LZS算法 2023-01-17 12:09:04 +08:00
lanrenwo
ef314c891b 让测试用户登录框垂直居中 2023-01-17 10:34:45 +08:00
lanrenwo
4d9919d43c 优化前端监控图表的报错逻辑 2023-01-13 18:02:13 +08:00
lanrenwo
262ad49df6 增加object_class的处理逻辑 2023-01-13 15:00:14 +08:00
lanrenwo
6cfa92944c 新增后台测试登录的功能 2023-01-13 14:14:47 +08:00
bjdgyc
8ab46e3279 Merge pull request #215 from bjdgyc/dev 
修复ip分配的bug
 2023-01-13 11:47:52 +08:00
bjdgyc
70c82b8baa 修复ip分配的bug 2023-01-13 11:43:12 +08:00
bjdgyc
29953911da 修复ip分配的bug 2023-01-13 11:32:48 +08:00
bjdgyc
273552ddfe Merge pull request #214 from lanrenwo/add_shadow_expire 
兼容群晖LDAP Server的停用账号功能
 2023-01-12 19:16:39 +08:00
lanrenwo
710cfe4244 修复sniNewParser切片越界的问题 2023-01-12 10:25:07 +08:00
lanrenwo
d5205c74cf 兼容群晖LDAP Server的停用账号功能 2023-01-12 10:09:33 +08:00
93 changed files with 4208 additions and 2136 deletions
Expand all files Collapse all files

10
.codecov.yml
View File

@@ -1,5 +1,7 @@
ignore:
- "screenshot"
- "web"
- "server/conf"
- "server/files"
- "^doc"
- "^home"
- "^web"
- "^server/conf"
- "^server/files"

13
.github/FUNDING.yml vendored Normal file
View File

@@ -0,0 +1,13 @@
# These are supported funding model platforms
github: [ 'bjdgyc' ] # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
patreon: # Replace with a single Patreon username
open_collective: # Replace with a single Open Collective username
ko_fi: # Replace with a single Ko-fi username
tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
liberapay: # Replace with a single Liberapay username
issuehunt: # Replace with a single IssueHunt username
otechie: # Replace with a single Otechie username
lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
custom: [ 'https://github.com/bjdgyc/anylink/blob/main/doc/README.md' ] # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']

16
.github/workflows/codeql-analysis.yml vendored
View File

@@ -12,13 +12,15 @@
name: "CodeQL"
on:
push:
branches: [ "main", "dev" ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ "main", "dev" ]
workflow_dispatch:
schedule:
- cron: '32 12 * * 5'
- cron: '32 5 * * 1'
# push:
# branches: [ "main", "dev" ]
# pull_request:
# branches: [ "main", "dev" ]
jobs:
analyze:
@@ -39,7 +41,7 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v2
uses: actions/checkout@v4
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL

48
.github/workflows/go-update.yml vendored Normal file
View File

@@ -0,0 +1,48 @@
name: go-update
on:
workflow_dispatch:
# schedule:
# - cron: "1 2 * * 5"
jobs:
go:
runs-on: ubuntu-latest
steps:
- name: Setup Go 1.x.y
uses: actions/setup-go@main
with:
go-version: '1.20'
stable: true
- name: Checkout codebase
uses: actions/checkout@main
- name: go
run: |
cd ./server
go mod tidy -compat=1.20
#gofmt -w -r 'interface{} -> any' .
go get -u
go mod download
go get -u
go mod download
- name: Git push
run: |
git init
git config --local user.name "github-actions[bot]"
git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
git remote rm origin
git remote add origin "https://${{ github.actor }}:${{ secrets.GITHUBTOKEN }}@github.com/${{ github.repository }}"
git gc --aggressive
git add --all
git commit -m "update go.mod $(date +%Y.%m.%d.%H.%M)"
#git push -f -u origin _autoaction
git push -u origin _autoaction
# 删除无用 workflow runs;
- name: Delete workflow runs
uses: GitRML/delete-workflow-runs@main
with:
retain_days: 0.1
keep_minimum_runs: 1

25
.github/workflows/go.yml vendored
View File

@@ -1,6 +1,8 @@
name: Go
on:
workflow_dispatch:
push:
branches: [ "main", "dev" ]
pull_request:
@@ -12,15 +14,15 @@ jobs:
name: Build
runs-on: ubuntu-latest
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v4
- name: Set up Go 1.x
uses: actions/setup-go@v2
uses: actions/setup-go@v4
with:
go-version: 1.18
id: go
- name: Check out code into the Go module directory
uses: actions/checkout@v2
go-version: '1.20'
go-version-file: 'server/go.mod'
cache-dependency-path: 'server/go.sum'
- name: Get dependencies
run: |
@@ -32,15 +34,16 @@ jobs:
cd server
mkdir ui
touch ui/index.html
go build -v -o anylink -ldflags "-X main.CommitId=`git rev-parse HEAD`"
go build -v -o anylink -trimpath -ldflags "-X main.CommitId=`git rev-parse HEAD`"
./anylink tool -v
- name: Test coverage
run: |
cd server
go test ./...
go test -race -coverprofile=coverage.txt -covermode=atomic -v ./...
- name: Upload coverage to Codecov
run: |
cd server
bash <(curl -s https://codecov.io/bash)
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@v3
env:
CODECOV_TOKEN: 28d52fb0-8fc9-460f-95b9-fb84f9138e58

98
.github/workflows/release.yml vendored Normal file
View File

@@ -0,0 +1,98 @@
name: release
on:
workflow_dispatch:
push:
tags:
- "v0.*"
- "v1.*"
jobs:
Build:
name: build-binary
runs-on: ubuntu-latest
env:
TZ: Asia/Shanghai
steps:
- name: Hello world
run: uname -a
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '16'
cache: 'yarn'
cache-dependency-path: 'web/yarn.lock'
- name: Build web
working-directory: web
run: |
yarn install
yarn run build
# - uses: actions/setup-go@v4
# with:
# go-version: '1.20'
# cache-dependency-path: 'server/go.sum'
- name: Set up QEMU
# https://github.com/docker/setup-qemu-action
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: bjdgyc
password: ${{ secrets.DOCKERHUB_TOKEN }}
logout: true
- name: Pre bash
shell: bash
run: |
appVer=`cat version`
commitId=`git rev-parse HEAD`
echo "APP_VER=$appVer" >> $GITHUB_ENV
echo "commitId=$commitId" >> $GITHUB_ENV
echo $appVer > version_info
echo $commitId >> version_info
echo $GITHUB_REF >> version_info
echo $GITHUB_REF_NAME >> version_info
#cd server;go mod tidy
- name: Build and push
uses: docker/build-push-action@v5
with:
push: true
cache-from: type=gha,scope=anylink
cache-to: type=gha,mode=max,scope=anylink
context: .
file: ./docker/Dockerfile
platforms: linux/amd64,linux/arm64
#platforms: linux/amd64
build-args: |
appVer=${{ env.APP_VER }}
commitId=${{ env.commitId }}
tags: bjdgyc/anylink:latest,bjdgyc/anylink:${{ env.APP_VER }}
#tags: bjdgyc/anylink:${{ env.APP_VER }}
- name: Build deploy binary
shell: bash
run: bash release.sh
- name: Release
# https://github.com/ncipollo/release-action
# artifacts: bin/release/*
# generateReleaseNotes: true
# draft: true
# https://github.com/softprops/action-gh-release
uses: softprops/action-gh-release@v1
#if: startsWith(github.ref, 'refs/tags/')
with:
tag_name: v${{ env.APP_VER }}
files: artifact-dist/*
# Docker:
# name: build-docker

4
.gitignore vendored
View File

@@ -2,4 +2,8 @@
.idea/
anylink-deploy
anylink-deploy.tar.gz
anylink
anylink.db
dist
artifact-dist

104
.goreleaser.yaml Normal file
View File

@@ -0,0 +1,104 @@
#https://goreleaser.com/static/schema.json
# release --skip=publish
# goreleaser build --skip=validate --clean --debug
# GOPROXY=https://goproxy.cn
# docker run -it --rm -v $PWD:/app -v /go:/go -w /app --platform=linux/arm64 golang:alpine3.19
# docker run -it --rm -v $PWD:/app -v /go:/go -w /app goreleaser/goreleaser-cross build --skip=validate --clean --debug
# docker run -it --rm -v $PWD:/app -v /go:/go -w /app bjdgyc/dcross goreleaser build --skip=validate --clean --debug
version: 1
dist: dist
before:
hooks:
- pwd
# - cmd: go mod tidy
# dir:
# "{{ dir .Dist}}"
# output: true
# - cmd: go generate
# dir:
# "{{ dir .Dist}}"
# output: true
builds:
- id: "build"
#main: .
dir: ./server
hooks:
pre:
- cmd: go mod tidy
dir: ./server
output: true
- cmd: go generate
dir: ./server
output: true
# {{- if eq .Arch "amd64" }}CC=x86_64-linux-gnu-gcc CXX=x86_64-linux-gnu-g++{{- end }}
env:
- CGO_ENABLED=1
- >-
{{- if eq .Os "linux" }}
{{- if eq .Arch "amd64" }}CC=x86_64-linux-musl-gcc{{- end }}
{{- if eq .Arch "arm64" }}CC=aarch64-linux-gnu-gcc{{- end }}
{{- end }}
{{- if eq .Os "darwin" }}
{{- if eq .Arch "amd64"}}CC=o64-clang{{- end }}
{{- if eq .Arch "arm64"}}CC=oa64-clang{{- end }}
{{- end }}
{{- if eq .Os "windows" }}
{{- if eq .Arch "amd64"}}CC=x86_64-w64-mingw32-gcc{{- end }}
{{- if eq .Arch "arm64"}}CC=aarch64-linux-gnu-gcc{{- end }}
{{- end }}
goos:
- linux
#- darwin
#- windows
goarch:
- amd64
#- arm64
# https://go.dev/wiki/MinimumRequirements
goamd64:
- v1
command: build
flags:
- -trimpath
- -tags osusergo,netgo,sqlite_omit_load_extension
ldflags:
# go tool link -help
# go tool compile -help
# -linkmode external
# -extld=$CC
# -fpic 作为动态链接库的时候 需要添加
- -s -w -extldflags '-static' -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.Date}} -X main.builtBy=dcross
archives:
- id: "archive1"
format: tar.gz
# this name template makes the OS and Arch compatible with the results of `uname`.
name_template: >-
{{ .ProjectName }}_
{{- title .Os }}_
{{- if eq .Arch "amd64" }}x86_64
{{- else if eq .Arch "386" }}i386
{{- else }}{{ .Arch }}{{ end }}
{{- if .Arm }}v{{ .Arm }}{{ end }}
# use zip for windows archives
format_overrides:
- goos: windows
format: zip
changelog:
sort: asc
filters:
exclude:
- "^docs:"
- "^test:"

135
README.md
View File

@@ -3,9 +3,10 @@
[![Go](https://github.com/bjdgyc/anylink/workflows/Go/badge.svg?branch=main)](https://github.com/bjdgyc/anylink/actions)
[![PkgGoDev](https://pkg.go.dev/badge/github.com/bjdgyc/anylink)](https://pkg.go.dev/github.com/bjdgyc/anylink)
[![Go Report Card](https://goreportcard.com/badge/github.com/bjdgyc/anylink)](https://goreportcard.com/report/github.com/bjdgyc/anylink)
[![codecov](https://codecov.io/gh/bjdgyc/anylink/branch/master/graph/badge.svg?token=JTFLIIIBQ0)](https://codecov.io/gh/bjdgyc/anylink)
[![codecov](https://codecov.io/gh/bjdgyc/anylink/graph/badge.svg?token=JTFLIIIBQ0)](https://codecov.io/gh/bjdgyc/anylink)
![GitHub release](https://img.shields.io/github/v/release/bjdgyc/anylink)
![GitHub downloads)](https://img.shields.io/github/downloads/bjdgyc/anylink/total)
![GitHub downloads total)](https://img.shields.io/github/downloads/bjdgyc/anylink/total)
![GitHub Downloads (all assets, latest release)](https://img.shields.io/github/downloads/bjdgyc/anylink/latest/total)
[![Docker pulls)](https://img.shields.io/docker/pulls/bjdgyc/anylink.svg)](https://hub.docker.com/r/bjdgyc/anylink)
![LICENSE](https://img.shields.io/github/license/bjdgyc/anylink)
@@ -24,7 +25,8 @@ AnyLink 基于 [ietf-openconnect](https://tools.ietf.org/html/draft-mavrogiannop
AnyLink 使用 TLS/DTLS 进行数据加密,因此需要 RSA 或 ECC 证书,可以通过 Let's Encrypt 和 TrustAsia 申请免费的 SSL 证书。
AnyLink 服务端仅在 CentOS 7、CentOS 8、Ubuntu 18.04、Ubuntu 20.04 测试通过,如需要安装在其他系统,需要服务端支持 tun/tap 功能、ip 设置命令。
AnyLink 服务端仅在 CentOS 7、CentOS 8、Ubuntu 18.04、Ubuntu 20.04 测试通过,如需要安装在其他系统,需要服务端支持 tun/tap
功能、ip 设置命令。
## Screenshot
@@ -45,6 +47,8 @@ AnyLink 服务端仅在 CentOS 7、CentOS 8、Ubuntu 18.04、Ubuntu 20.04 测试
> 没有编程基础的同学建议直接下载 release 包,从下面的地址下载 anylink-deploy.tar.gz
>
> https://github.com/bjdgyc/anylink/releases
>
> 如果不会安装可以提供有偿远程协助服务。添加QQ联系我 68492170
### 使用问题
@@ -52,17 +56,29 @@ AnyLink 服务端仅在 CentOS 7、CentOS 8、Ubuntu 18.04、Ubuntu 20.04 测试
>
> 对于线上环境,必须申请安全的 https 证书,不支持私有证书连接
>
> 服务端安装 yum install iproute 或者 apt-get install iproute2
>
> 客户端请使用群共享文件的版本,其他版本没有测试过,不保证使用正常
>
> 首次使用,请在浏览器访问 https://域名:443浏览器提示安全后在客户端输入 【域名:443】 即可
> 其他问题 [前往查看](doc/question.md)
>
> 默认管理后台访问地址 https://host:8800 默认账号密码 admin 123456
>
> 首次使用,请在浏览器访问 https://域名:443 浏览器提示安全后,在客户端输入 【域名:443】 即可
### 自行编译安装
> 需要提前安装好 golang >= 1.18 和 nodejs >= 14.x 和 yarn >= v1.22.x
> 需要提前安装好 golang >= 1.20 和 nodejs = 16.x 和 yarn >= v1.22.x
```shell
git clone https://github.com/bjdgyc/anylink.git
# 编译参考软件版本
# go 1.20.12
# node v16.20.2
# yarn 1.22.19
cd anylink
sh build.sh
@@ -109,17 +125,25 @@ sudo ./anylink
> 示例配置文件内有详细的注释,根据注释填写配置即可。
```shell
# 查看帮助信息
./anylink -h
# 生成后台密码
./anylink tool -p 123456
# 生成jwt密钥
./anylink tool -s
# 查看所有配置项
./anylink tool -d
```
> 数据库配置示例
>
> 数据库表结构自动生成,无需手动导入(请赋予 DDL 权限)
| db_type | db_source |
| -------- | ------------------------------------------------------ |
|----------|--------------------------------------------------------|
| sqlite3 | ./conf/anylink.db |
| mysql | user:password@tcp(127.0.0.1:3306)/anylink?charset=utf8 |
| postgres | user:password@localhost/anylink?sslmode=verify-full |
@@ -128,13 +152,23 @@ sudo ./anylink
>
> [conf/server-sample.toml](server/conf/server-sample.toml)
## Upgrade
> 升级前请备份配置文件`conf`目录 和 数据库,并停止服务
>
> 使用新版的 `anylink` 二进制文件替换旧版
>
> 重启服务后,即可完成升级
## Setting
> 以下参数必须设置其中之一
网络模式选择,需要配置 `link_mode` 参数,如 `link_mode="tun"`,`link_mode="macvtap"`,`link_mode="tap"(不推荐)` 等参数。 不同的参数需要对服务器做相应的设置。
网络模式选择,需要配置 `link_mode` 参数,如 `link_mode="tun"`,`link_mode="macvtap"`,`link_mode="tap"(不推荐)` 等参数。
不同的参数需要对服务器做相应的设置。
建议优先选择 tun 模式,其次选择 macvtap 模式,因客户端传输的是 IP 层数据,无须进行数据转换。 tap 模式是在用户态做的链路层到 IP 层的数据互相转换,性能会有所下降。 如果需要在虚拟机内开启 tap
建议优先选择 tun 模式,其次选择 macvtap 模式,因客户端传输的是 IP 层数据,无须进行数据转换。 tap 模式是在用户态做的链路层到
IP 层的数据互相转换,性能会有所下降。 如果需要在虚拟机内开启 tap
模式,请确认虚拟机的网卡开启混杂模式。
### tun 设置
@@ -142,7 +176,7 @@ sudo ./anylink
1. 开启服务器转发
```shell
# flie: /etc/sysctl.conf
# file: /etc/sysctl.conf
net.ipv4.ip_forward = 1
#执行如下命令
@@ -188,7 +222,6 @@ https://cloud.tencent.com/document/product/216/62007
```
3. 使用 AnyConnect 客户端连接即可
### macvtap 设置
@@ -199,9 +232,17 @@ https://cloud.tencent.com/document/product/216/62007
> 以下参数可以通过执行 `ip a` 查看
```
# 命令行执行 master网卡需要打开混杂模式
ip link set dev eth0 promisc on
#=====================#
# 配置文件修改
# 首先关闭nat转发功能
iptables_nat = false
link_mode = "macvtap"
#内网主网卡名称
ipv4_master = "eth0"
#以下网段需要跟ipv4_master网卡设置成一样
@@ -211,29 +252,36 @@ ipv4_start = "10.1.2.100"
ipv4_end = "10.1.2.200"
```
## Deploy
## Systemd
> 部署配置文件放在 `deploy` 目录下,请根据实际情况修改配置文件
### Systemd
1. 添加 anylink 程序
- anylink 程序目录放入 `/usr/local/anylink-deploy`
- 首先把 `anylink-deploy` 文件夹放入 `/usr/local/anylink-deploy`
- 添加执行权限 `chmod +x /usr/local/anylink-deploy/anylink`
2. systemd/anylink.service 脚本放入:
2.`anylink.service` 脚本放入:
- centos: `/usr/lib/systemd/system/`
- ubuntu: `/lib/systemd/system/`
3. 操作命令:
- 启动: `systemctl start anylink`
- 停止: `systemctl stop anylink`
- 开机自启: `systemctl enable anylink`
### Docker Compose
1. 进入 `deploy` 目录
2. 执行脚本 `docker-compose up`
### k8s
1. 进入 `deploy` 目录
2. 执行脚本 `kubectl apply -f deployment.yaml`
## Docker
1. 获取镜像
```bash
# 具体tag可以从docker hub获取
# https://hub.docker.com/r/bjdgyc/anylink/tags
@@ -241,61 +289,79 @@ ipv4_end = "10.1.2.200"
```
2. 查看命令信息
```bash
docker run -it --rm bjdgyc/anylink -h
```
3. 生成密码
```bash
docker run -it --rm bjdgyc/anylink tool -p 123456
#Passwd:$2a$10$lCWTCcGmQdE/4Kb1wabbLelu4vY/cUwBwN64xIzvXcihFgRzUvH2a
```
4. 生成 jwt secret
```bash
docker run -it --rm bjdgyc/anylink tool -s
#Secret:9qXoIhY01jqhWIeIluGliOS4O_rhcXGGGu422uRZ1JjZxIZmh17WwzW36woEbA
```
5. 启动容器
5. 查看所有配置项
```bash
docker run -it --rm bjdgyc/anylink tool -d
```
6. 启动容器
```bash
# 默认启动
docker run -itd --name anylink --privileged \
-p 443:443 -p 8800:8800 \
-p 443:443 -p 8800:8800 -p 443:443/udp \
--restart=always \
bjdgyc/anylink
# 自定义配置目录
# 首次启动会自动创建配置文件
# 配置文件初始化完成后,容器会强制退出,请重新启动容器
docker run -itd --name anylink --privileged \
-p 443:443 -p 8800:8800 -p 443:443/udp \
-v /home/myconf:/app/conf \
--restart=always \
bjdgyc/anylink
docker restart anylink
```
6. 使用自定义参数启动容器
```bash
# 参数可以参考 -h 命令
# 参数可以参考 ./anylink tool -d
# 可以使用命令行参数 或者 环境变量 配置
docker run -itd --name anylink --privileged \
-p 443:443 -p 8800:8800 \
-e LINK_LOG_LEVEL=info \
-p 443:443 -p 8800:8800 -p 443:443/udp \
-v /home/myconf:/app/conf \
--restart=always \
bjdgyc/anylink \
-c=/etc/server.toml --ip_lease=1209600 # IP地址租约时长
--ip_lease=1209600 # IP地址租约时长
```
7. 构建镜像
7. 构建镜像 (非必需)
```bash
#获取仓库源码
git clone https://github.com/bjdgyc/anylink.git
# 构建镜像
sh build_docker.sh
docker build -t anylink -f docker/Dockerfile .
```
## 常见问题
请前往 [问题地址](doc/question.md) 查看具体信息
## Discussion
添加QQ群: 567510628
添加QQ群(1)(已满): 567510628
添加QQ群(2): 739072205
群共享文件有相关软件下载
@@ -305,6 +371,11 @@ ipv4_end = "10.1.2.200"
![contact_me_qr](doc/screenshot/contact_me_qr.png)
-->
## Support Client
- [AnyConnect Secure Client](https://www.cisco.com/) (可通过群文件下载: Windows/macOS/Linux/Android/iOS)
- [OpenConnect](https://gitlab.com/openconnect/openconnect) (Windows/macOS/Linux)
- [AnyLink Secure Client](https://github.com/tlslink/anylink-client) (Windows/macOS/Linux)
## Contribution

27
build.sh
View File

@@ -11,43 +11,52 @@ function RETVAL() {
#当前目录
cpath=$(pwd)
#ver=`cat server/base/app_ver.go | grep APP_VER | awk '{print $3}' | sed 's/"//g'`
ver=$(cat version)
echo "当前版本 $ver"
echo "编译前端项目"
cd $cpath/web
#国内可替换源加快速度
#npx browserslist@latest --update-db
#npm install --registry=https://registry.npm.taobao.org
#npm install
#npm run build
yarn install
yarn install --registry=https://registry.npmmirror.com
yarn run build
RETVAL $?
echo "编译二进制文件"
cd $cpath/server
rm -rf ui
cp -rf $cpath/web/ui .
# -tags osusergo,netgo,sqlite_omit_load_extension
flags="-v -trimpath"
# -extldflags '-static'
ldflags="-s -w -X main.appVer=$ver -X main.commitId=$(git rev-parse HEAD) -X main.date=$(date -Iseconds)"
#国内可替换源加快速度
export GOPROXY=https://goproxy.io
go mod tidy
go build -v -o anylink -ldflags "-X main.CommitId=$(git rev-parse HEAD)"
RETVAL $?
go build -o anylink $flags -ldflags "$ldflags"
cd $cpath
exit 0
echo "整理部署文件"
deploy="anylink-deploy"
rm -rf $deploy ${deploy}.tar.gz
mkdir $deploy
mkdir $deploy/log
cp -r server/anylink $deploy
#cp -r server/bridge-init.sh $deploy
cp -r server/bridge-init.sh $deploy
cp -r server/conf $deploy
cp -r systemd $deploy
cp -r LICENSE $deploy
cp -r home $deploy
tar zcvf ${deploy}.tar.gz $deploy

19
build_docker.sh
View File

@@ -1,15 +1,18 @@
#!/bin/bash
ver=`cat server/base/app_ver.go | grep APP_VER | awk '{print $3}' | sed 's/"//g'`
ver=$(cat version)
echo $ver
#docker login -u bjdgyc
# docker login -u bjdgyc
#docker build -t bjdgyc/anylink .
docker build -t bjdgyc/anylink -f docker/Dockerfile .
# 生成时间 2024-01-30T21:41:27+08:00
# date -Iseconds
docker run -it --rm -v $PWD/web:/app -w /app node:16-alpine \
sh -c "yarn install --registry=https://registry.npmmirror.com && yarn run build"
docker buildx build -t bjdgyc/anylink:latest --progress=plain --build-arg CN="yes" --build-arg appVer=$ver \
--build-arg commitId=$(git rev-parse HEAD) -f docker/Dockerfile .
echo "docker tag latest $ver"
docker tag bjdgyc/anylink:latest bjdgyc/anylink:$ver
docker push bjdgyc/anylink:$ver
docker push bjdgyc/anylink:latest

24
deploy/anylink.service Normal file
View File

@@ -0,0 +1,24 @@
[Unit]
Description=AnyLink Server Service
Documentation=https://github.com/bjdgyc/anylink
After=network-online.target
[Service]
Type=simple
User=root
WorkingDirectory=/usr/local/anylink-deploy
Restart=on-failure
RestartSec=5s
ExecStart=/usr/local/anylink-deploy/anylink --conf=/usr/local/anylink-deploy/conf/server.toml
# systemctl --version
# systemd older than v236
# ExecStart=/bin/bash -c 'exec /usr/local/anylink-deploy/anylink --conf=/usr/local/anylink-deploy/conf/server.toml >> /usr/local/anylink-deploy/log/anylink.log 2>&1'
# systemd new than v236
# StandardOutput=file:/usr/local/anylink-deploy/log/anylink-systemd.log
# StandardError=file:/usr/local/anylink-deploy/log/anylink-systemd.log
[Install]
WantedBy=multi-user.target

101
deploy/deployment.yaml Normal file
View File

@@ -0,0 +1,101 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: anylink
namespace: default
labels:
link-app: anylink
spec:
replicas: 1
selector:
matchLabels:
link-app: anylink
template:
metadata:
labels:
link-app: anylink
spec:
#hostNetwork: true
dnsPolicy: ClusterFirst
containers:
- name: anylink
env:
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: GOMAXPROCS
valueFrom:
resourceFieldRef:
resource: limits.cpu
- name: POD_CPU_LIMIT
valueFrom:
resourceFieldRef:
resource: limits.cpu
- name: POD_MEMORY_LIMIT
valueFrom:
resourceFieldRef:
resource: limits.memory
- name: TZ
value: "Asia/Shanghai"
image: bjdgyc/anylink:latest
imagePullPolicy: Always
args:
- --conf=/app/conf/server.toml
ports:
- name: https
containerPort: 443
protocol: TCP
- name: https-admin
containerPort: 8800
protocol: TCP
- name: dtls
containerPort: 443
protocol: UDP
# 设置资源
resources:
limits:
cpu: "2"
memory: 4Gi
ephemeral-storage: "2Gi"
securityContext:
privileged: true
# 禁用自动注入 service 信息到环境变量
enableServiceLinks: false
restartPolicy: Always
terminationGracePeriodSeconds: 30
nodeSelector:
kubernetes.io/os: linux
securityContext: { }
tolerations:
- operator: Exists
#设置优先级
priorityClassName: system-cluster-critical
---
apiVersion: v1
kind: Service
metadata:
name: anylink
namespace: default
labels:
link-app: anylink
spec:
ports:
- name: https
port: 443
targetPort: 443
protocol: TCP
- name: https-admin
port: 8800
targetPort: 8800
protocol: TCP
- name: dtls
port: 443
targetPort: 443
protocol: UDP
selector:
link-app: anylink
sessionAffinity: ClientIP
type: ClusterIP

19
deploy/docker-compose.yaml Normal file
View File

@@ -0,0 +1,19 @@
services:
anylink:
image: bjdgyc/anylink:latest
container_name: anylink
restart: always
privileged: true
#cpus: 2
#mem_limit: 4g
ports:
- 443:443
- 8800:8800
- 443:443/udp
environment:
LINK_LOG_LEVEL: info
command:
- --conf=/app/conf/server.toml
#volumes:
# - /home/myconf:/app/conf
dns_search: .

18
doc/README.md
View File

@@ -10,10 +10,10 @@
> 感谢以下同学的打赏AnyLink 有你更美好!
>
> 需要展示主页的同学可以在QQ群(567510628) 直接联系我添加。
> 需要展示主页的同学可以在QQ群 直接联系我添加。
| 昵称 | 主页 |
|---------| ---------------------------- |
| 昵称 | 主页 / 联系方式 |
|-----------|------------------------------|
| 代码 oo8 | |
| 甘磊 | https://github.com/ganlei333 |
| Oo@ | https://github.com/chooop |
@@ -33,6 +33,18 @@
| 刘国华 | |
| 忧郁的豚骨拉面 | |
| 张小旋当爹地 | |
| 对方正在输入 | |
| Ronny | |
| 奔跑的少年 | |
| ZBW | |
| 悲鸣 | |
| 谢谢 | |
| 云思科技 | |
| 哆啦A伟(张佳伟) | |
| 人类的悲欢并不相通 | |
| 做人要低调 | |
| 洛洛 | |

85
doc/question.md
View File

@@ -1,34 +1,106 @@
# 常见问题
## 常见问题
### anyconnect 客户端问题
> 客户端请使用群共享文件的版本,其他版本没有测试过,不保证使用正常
>
> 添加QQ群: 567510628
### OTP 动态码
> 请使用手机安装 freeotp 然后扫描otp二维码生成的数字即是动态码
### 远程桌面连接
> 本软件已经支持远程桌面里面连接anyconnect。
### 私有证书问题
> anylink 默认不支持私有证书
>
> 其他使用私有证书的问题,请自行解决
### 客户端连接名称
> 客户端连接名称需要修改 [profile.xml](../server/conf/profile.xml) 文件
```xml
<HostEntry>
<HostName>VPN</HostName>
<HostAddress>localhost</HostAddress>
</HostEntry>
```
### dpd timeout 设置问题
```
```yaml
#客户端失效检测时间(秒) dpd > keepalive
cstp_keepalive = 20
cstp_dpd = 30
mobile_keepalive = 40
mobile_dpd = 50
cstp_keepalive = 4
cstp_dpd = 9
mobile_keepalive = 7
mobile_dpd = 15
```
> 以上dpd参数为客户端的超时检测时间, 如一段时间内,没有数据传输,防火墙会主动关闭连接
>
> 如经常出现 timeout 的错误信息应根据当前防火墙的设置适当减小dpd数值
### 关于审计日志 audit_interval 参数
> 默认值 `audit_interval = 600` 表示相同日志600秒内只记录一次不同日志首次出现立即记录
>
> 去重key的格式: 16字节源IP地址 + 16字节目的IP地址 + 2字节目的端口 + 1字节协议类型 + 16字节域名MD5
### 反向代理问题
> anylink 仅支持四层反向代理,不支持七层反向代理
>
> 如Nginx请使用 stream模块
```conf
stream {
upstream anylink_server {
server 127.0.0.1:8443;
}
server {
listen 443 tcp;
proxy_timeout 30s;
proxy_pass anylink_server;
}
}
```
> nginx实现 共用443端口 示例
```conf
stream {
map $ssl_preread_server_name $name {
vpn.xx.com myvpn;
default defaultpage;
}
# upstream pool
upstream myvpn {
server 127.0.0.1:8443;
}
upstream defaultpage {
server 127.0.0.1:8080;
}
server {
listen 443 so_keepalive=on;
ssl_preread on;
#接收端也需要设置 proxy_protocol
#proxy_protocol on;
proxy_pass $name;
}
}
```
### 性能问题
```
内网环境测试数据
虚拟服务器: centos7 4C8G
@@ -37,6 +109,7 @@ anylink: tun模式 tcp传输
客户端网卡下载速度270Mb/s
服务端网卡上传速度280Mb/s
```
> 客户端tls加密协议、隧道header头都会占用一定带宽

72
docker/Dockerfile
View File

@@ -1,48 +1,58 @@
# web
FROM node:16.17.1-alpine3.15 as builder_node
WORKDIR /web
COPY ./web /web
RUN yarn install \
&& yarn run build \
&& ls /web/ui
#node:16-bullseye
#golang:1.20-bullseye
#debian:bullseye-slim
#bullseye
# sed -i 's/deb.debian.org/mirrors.ustc.edu.cn/g' /etc/apt/sources.list
#bookworm
# sed -i 's/deb.debian.org/mirrors.ustc.edu.cn/g' /etc/apt/sources.list.d/debian.sources
# sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
# 配合 github action 使用
# 需要先编译出ui文件后 再执行docker编译
# server
FROM golang:1.18-alpine as builder_golang
#TODO 本地打包时使用镜像
ENV GOPROXY=https://goproxy.io
ENV GOOS=linux
WORKDIR /anylink
COPY . /anylink
COPY --from=builder_node /web/ui /anylink/server/ui
FROM golang:1.20-alpine3.19 as builder_golang
ARG CN="no"
ARG appVer="appVer"
ARG commitId="commitId"
ENV TZ=Asia/Shanghai
WORKDIR /server
COPY docker/init_build.sh /tmp/
COPY server/ /server/
COPY web/ui /server/ui
#RUN apk add gcc musl-dev bash
RUN sh /tmp/init_build.sh
#TODO 本地打包时使用镜像
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
RUN apk add --no-cache git gcc musl-dev
RUN cd /anylink/server;go mod tidy;go build -o anylink -ldflags "-X main.CommitId=$(git rev-parse HEAD)" \
&& /anylink/server/anylink tool -v
# anylink
FROM alpine
FROM alpine:3.19
LABEL maintainer="github.com/bjdgyc"
ENV IPV4_CIDR="192.168.10.0/24"
ARG CN="no"
ENV TZ=Asia/Shanghai
ENV ANYLINK_IN_CONTAINER=true
WORKDIR /app
COPY --from=builder_golang /anylink/server/anylink /app/
COPY docker/docker_entrypoint.sh /app/
COPY docker/init_release.sh /tmp/
#COPY ./server/bridge-init.sh /app/
COPY --from=builder_golang /server/anylink /app/
COPY docker/docker_entrypoint.sh server/bridge-init.sh ./README.md ./LICENSE version_info /app/
COPY ./deploy /app/deploy
COPY ./index_template /app/index_template
COPY ./server/conf /app/conf
COPY ./LICENSE /app/LICENSE
#TODO 本地打包时使用镜像
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
RUN apk add --no-cache bash iptables \
&& chmod +x /app/docker_entrypoint.sh \
&& ls /app
RUN sh /tmp/init_release.sh
EXPOSE 443 8800
EXPOSE 443 8800 443/udp
#CMD ["/app/anylink"]
ENTRYPOINT ["/app/docker_entrypoint.sh"]

10
docker/docker_entrypoint.sh
View File

@@ -14,10 +14,18 @@ case $var1 in
;;
*)
sysctl -w net.ipv4.ip_forward=1
#sysctl -w net.ipv4.ip_forward=1
#iptables -t nat -A POSTROUTING -s "${IPV4_CIDR}" -o eth0+ -j MASQUERADE
#iptables -nL -t nat
# 启动服务 先判断配置文件是否存在
if [ ! -f /app/conf/profile.xml ]; then
/bin/cp -r /home/conf-bak/* /app/conf/
echo "After the configuration file is initialized, the container will be forcibly exited. Restart the container."
echo "配置文件初始化完成后,容器会强制退出,请重新启动容器。"
exit 1
fi
exec /app/anylink "$@"
;;
esac

34
docker/init_build.sh Normal file
View File

@@ -0,0 +1,34 @@
#!/bin/sh
set -x
#TODO 本地打包时使用镜像
if [[ $CN == "yes" ]]; then
sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
export GOPROXY=https://goproxy.cn
fi
apk add build-base tzdata gcc musl-dev upx
uname -a
env
date
cd /server
go mod tidy
echo "start build"
extldflags="-static"
ldflags="-s -w -X main.appVer=$appVer -X main.commitId=$commitId -X main.buildDate=$(date -Iseconds) \
-extldflags \"$extldflags\" "
CGO_ENABLED=1 go build -o anylink -trimpath -ldflags "$ldflags"
ls -lh /server/
# 压缩文件
upx -9 -k anylink
/server/anylink -v

21
docker/init_release.sh Normal file
View File

@@ -0,0 +1,21 @@
#!/bin/sh
set -x
#TODO 本地打包时使用镜像
if [[ $CN == "yes" ]]; then
sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
export GOPROXY=https://goproxy.cn
fi
apk add --no-cache bash iptables iproute2 tzdata
chmod +x /app/docker_entrypoint.sh
mkdir /app/log
#备份配置文件
cp -r /app/conf /home/conf-bak
tree /app
uname -a
date -Iseconds

101
index_template/自定义首页1.html Normal file
View File

@@ -0,0 +1,101 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>AnyLink - 企业级远程办公 SSL VPN</title>
<style>
/* CSS样式表 */
body {
font-family: Arial, sans-serif;
margin: 0;
padding: 0;
}
header {
background-color: #333;
color: #fff;
padding: 20px;
text-align: center;
}
h1 {
margin: 0;
font-size: 32px;
}
main {
max-width: 960px;
margin: 20px auto;
padding: 0 20px;
margin-bottom: 100px;
}
p {
line-height: 1.5;
}
/* 设置页脚固定在底部,并且占满横向宽度 */
footer {
position: fixed;
bottom: 0;
left: 0;
width: 100%;
}
footer {
background-color: #f2f2f2;
padding: 20px;
text-align: center;
}
.cta-button {
display: inline-block;
background-color: #007bff;
color: #fff;
padding: 10px 20px;
text-decoration: none;
border-radius: 4px;
font-weight: bold;
margin-right: 10px;
}
</style>
</head>
<body>
<header>
<h1>欢迎使用 AnyLink</h1>
</header>
<main>
<h2>什么是 AnyLink</h2>
<p>AnyLink 是一款面向企业级的远程办公 SSL VPN 软件,支持多人同时在线使用。它提供安全、便捷的访问内部网络资源的方式,使远程工作者能够有效协作。</p>
<h2>核心功能</h2>
<ul>
<li>安全远程访问AnyLink 使用 SSL/TLS 加密技术,确保远程用户与企业网络之间的连接安全可靠。</li>
<li>多用户支持:多个用户可以同时连接 VPN实现不同地点团队的无缝协作。</li>
<li>灵活网络访问AnyLink 能够安全地让远程工作者访问内部资源,如文件、应用程序和数据库。</li>
<li>集中化管理:该 VPN 解决方案提供集中化管理控制台,便于用户管理、访问控制和监控。</li>
</ul>
<h2>开始使用 AnyLink</h2>
<p>体验 AnyLink 为您的企业远程办公需求所带来的便利和安全。</p>
<h2>下载客户端</h2>
<a href="/files/anyconnect-win-4.10.05111.msi" class="cta-button">Windows 客户端</a>
<a href="/files/anyconnect-macos-4.10.05111.dmg" class="cta-button">Mac 客户端</a>
<a href="https://apps.apple.com/cn/app/cisco-secure-client/id1135064690" class="cta-button">iOS 客户端</a>
<a href="/files/CiscoSecureClientAnyConnect_v5.0.00247.apk" class="cta-button">Android 客户端</a>
<a href="/files/freeotp.apk" class="cta-button">Android FreeOTP客户端</a>
<a href="https://apps.apple.com/cn/app/freeotp-authenticator/id872559395" class="cta-button">iOS FreeOTP客户端</a>
<h2>使用手册</h2>
<a href="/files/anylink_doc.pdf" class="cta-button">使用手册(Windows)</a>
</main>
<footer>
&copy; 2023 AnyLink. 保留所有权利。
</footer>
</body>
</html>

50
release.sh Normal file
View File

@@ -0,0 +1,50 @@
#!/bin/bash
#github action release.sh
set -x
function RETVAL() {
rt=$1
if [ $rt != 0 ]; then
echo $rt
exit 1
fi
}
#当前目录
cpath=$(pwd)
ver=$(cat version)
echo "当前版本 $ver"
rm -rf artifact-dist
mkdir artifact-dist
function archive() {
arch=$1
#echo "整理部署文件 $arch"
arch_name=${arch//\//-}
echo $arch_name
deploy="anylink-$ver-$arch_name"
docker container rm $deploy
docker container create --platform $arch --name $deploy bjdgyc/anylink:$ver
rm -rf anylink-deploy
docker cp -a $deploy:/app ./anylink-deploy
ls -lh anylink-deploy
tar zcf ${deploy}.tar.gz anylink-deploy
mv ${deploy}.tar.gz artifact-dist/
}
echo "copy二进制文件"
archive "linux/amd64"
archive "linux/arm64"
ls -lh artifact-dist
#注意使用root权限运行
#cd anylink-deploy
#sudo ./anylink --conf="conf/server.toml"

58
release_bak.sh Normal file
View File

@@ -0,0 +1,58 @@
#!/bin/bash
#github action release.sh
set -x
function RETVAL() {
rt=$1
if [ $rt != 0 ]; then
echo $rt
exit 1
fi
}
#当前目录
cpath=$(pwd)
echo "copy二进制文件"
cd $cpath/server
# -tags osusergo,netgo,sqlite_omit_load_extension
flags="-trimpath"
ldflags="-s -w -extldflags '-static' -X main.appVer=$ver -X main.commitId=$(git rev-parse HEAD) -X main.date=$(date --iso-8601=seconds)"
#github action
gopath=$(go env GOPATH)
go mod tidy
# alpine3
apk add gcc musl-dev
#使用 musl-dev 编译
docker run -q --rm -v $PWD:/app -v $gopath:/go -w /app --platform=linux/amd64 \
golang:1.20-alpine3.19 go build -o anylink_amd64 $flags -ldflags "$ldflags"
./anylink_amd64 -v
#arm64编译
docker run -q --rm -v $PWD:/app -v $gopath:/go -w /app --platform=linux/arm64 \
golang:1.20-alpine3.19 go build -o anylink_arm64 $flags -ldflags "$ldflags"
./anylink_arm64 -v
exit 0
cd $cpath
echo "整理部署文件"
deploy="anylink-deploy"
rm -rf $deploy ${deploy}.tar.gz
mkdir $deploy
mkdir $deploy/log
cp -r server/anylink $deploy
cp -r server/bridge-init.sh $deploy
cp -r server/conf $deploy
cp -r systemd $deploy
cp -r LICENSE $deploy
cp -r home $deploy
tar zcvf ${deploy}.tar.gz $deploy
#注意使用root权限运行
#cd anylink-deploy
#sudo ./anylink --conf="conf/server.toml"

44
server/admin/api_base.go
View File

@@ -8,6 +8,7 @@ import (
"github.com/bjdgyc/anylink/base"
"github.com/bjdgyc/anylink/pkg/utils"
"github.com/gorilla/mux"
"github.com/xlzd/gotp"
)
// Login 登陆接口
@@ -20,10 +21,35 @@ func Login(w http.ResponseWriter, r *http.Request) {
adminUser := r.PostFormValue("admin_user")
adminPass := r.PostFormValue("admin_pass")
// 启用otp验证
if base.Cfg.AdminOtp != "" {
pwd := adminPass
pl := len(pwd)
if pl < 6 {
RespError(w, RespUserOrPassErr)
base.Error(adminUser, "管理员otp错误")
return
}
// 判断otp信息
adminPass = pwd[:pl-6]
otp := pwd[pl-6:]
totp := gotp.NewDefaultTOTP(base.Cfg.AdminOtp)
unix := time.Now().Unix()
verify := totp.Verify(otp, unix)
if !verify {
RespError(w, RespUserOrPassErr)
base.Error(adminUser, "管理员otp错误")
return
}
}
// 认证错误
if !(adminUser == base.Cfg.AdminUser &&
utils.PasswordVerify(adminPass, base.Cfg.AdminPass)) {
RespError(w, RespUserOrPassErr)
base.Error(adminUser, "管理员用户名或密码错误")
return
}
@@ -41,6 +67,14 @@ func Login(w http.ResponseWriter, r *http.Request) {
data["admin_user"] = adminUser
data["expires_at"] = expiresAt
ck := &http.Cookie{
Name: "jwt",
Value: tokenString,
Path: "/",
HttpOnly: true,
}
http.SetCookie(w, ck)
RespSucess(w, data)
}
@@ -50,13 +84,15 @@ func authMiddleware(next http.Handler) http.Handler {
w.Header().Set("Access-Control-Allow-Methods", "GET,POST,OPTIONS")
w.Header().Set("Access-Control-Allow-Headers", "*")
if r.Method == http.MethodOptions {
// 正式环境不支持 OPTIONS
w.WriteHeader(http.StatusForbidden)
return
}
route := mux.CurrentRoute(r)
name := route.GetName()
// fmt.Println("bb", r.URL.Path, name)
if utils.InArrStr([]string{"login", "index", "static", "debug"}, name) {
if utils.InArrStr([]string{"login", "index", "static"}, name) {
// 不进行鉴权
next.ServeHTTP(w, r)
return
@@ -67,6 +103,12 @@ func authMiddleware(next http.Handler) http.Handler {
if jwtToken == "" {
jwtToken = r.FormValue("jwt")
}
if jwtToken == "" {
cc, err := r.Cookie("jwt")
if err == nil {
jwtToken = cc.Value
}
}
data, err := GetJwtData(jwtToken)
if err != nil || base.Cfg.AdminUser != fmt.Sprint(data["admin_user"]) {
w.WriteHeader(http.StatusUnauthorized)

99
server/admin/api_cert.go Normal file
View File

@@ -0,0 +1,99 @@
package admin
import (
"encoding/json"
"fmt"
"io"
"net/http"
"os"
"github.com/bjdgyc/anylink/base"
"github.com/bjdgyc/anylink/dbdata"
)
func CustomCert(w http.ResponseWriter, r *http.Request) {
cert, _, err := r.FormFile("cert")
if err != nil {
RespError(w, RespInternalErr, err)
return
}
key, _, err := r.FormFile("key")
if err != nil {
RespError(w, RespInternalErr, err)
return
}
certFile, err := os.OpenFile(base.Cfg.CertFile, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0600)
if err != nil {
RespError(w, RespInternalErr, err)
return
}
defer certFile.Close()
if _, err := io.Copy(certFile, cert); err != nil {
RespError(w, RespInternalErr, err)
return
}
keyFile, err := os.OpenFile(base.Cfg.CertKey, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0600)
if err != nil {
RespError(w, RespInternalErr, err)
return
}
defer keyFile.Close()
if _, err := io.Copy(keyFile, key); err != nil {
RespError(w, RespInternalErr, err)
return
}
if tlscert, _, err := dbdata.ParseCert(); err != nil {
RespError(w, RespInternalErr, fmt.Sprintf("证书不合法,请重新上传:%v", err))
return
} else {
dbdata.LoadCertificate(tlscert)
}
RespSucess(w, "上传成功")
}
func GetCertSetting(w http.ResponseWriter, r *http.Request) {
sess := dbdata.GetXdb().NewSession()
defer sess.Close()
data := &dbdata.SettingLetsEncrypt{}
if err := dbdata.SettingGet(data); err != nil {
dbdata.SettingSessAdd(sess, data)
RespError(w, RespInternalErr, err)
}
userData := &dbdata.LegoUserData{}
if err := dbdata.SettingGet(userData); err != nil {
dbdata.SettingSessAdd(sess, userData)
}
RespSucess(w, data)
}
func CreatCert(w http.ResponseWriter, r *http.Request) {
if err := r.ParseForm(); err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
body, err := io.ReadAll(r.Body)
if err != nil {
RespError(w, RespInternalErr, err)
return
}
defer r.Body.Close()
config := &dbdata.SettingLetsEncrypt{}
if err := json.Unmarshal(body, config); err != nil {
RespError(w, RespInternalErr, err)
return
}
if err := dbdata.SettingSet(config); err != nil {
RespError(w, RespInternalErr, err)
return
}
client := dbdata.LeGoClient{}
if err := client.NewClient(config); err != nil {
base.Error(err)
RespError(w, RespInternalErr, fmt.Sprintf("获取证书失败:%v", err))
return
}
if err := client.GetCert(config.Domain); err != nil {
base.Error(err)
RespError(w, RespInternalErr, fmt.Sprintf("获取证书失败:%v", err))
return
}
RespSucess(w, "生成证书成功")
}

27
server/admin/api_group.go
View File

@@ -118,3 +118,30 @@ func GroupDel(w http.ResponseWriter, r *http.Request) {
}
RespSucess(w, nil)
}
func GroupAuthLogin(w http.ResponseWriter, r *http.Request) {
type AuthLoginData struct {
Name string `json:"name"`
Pwd string `json:"pwd"`
Auth map[string]interface{} `json:"auth"`
}
body, err := io.ReadAll(r.Body)
if err != nil {
RespError(w, RespInternalErr, err)
return
}
defer r.Body.Close()
v := &AuthLoginData{}
err = json.Unmarshal(body, &v)
if err != nil {
RespError(w, RespInternalErr, err)
return
}
err = dbdata.GroupAuthLogin(v.Name, v.Pwd, v.Auth)
if err != nil {
RespError(w, RespInternalErr, err)
return
}
RespSucess(w, "ok")
}

15
server/admin/api_ip_map.go
View File

@@ -80,6 +80,8 @@ func UserIpMapSet(w http.ResponseWriter, r *http.Request) {
return
}
// sessdata.IpAllSet(v)
RespSucess(w, nil)
}
@@ -93,11 +95,20 @@ func UserIpMapDel(w http.ResponseWriter, r *http.Request) {
return
}
data := dbdata.IpMap{Id: id}
err := dbdata.Del(&data)
var data dbdata.IpMap
err := dbdata.One("Id", id, &data)
if err != nil {
RespError(w, RespInternalErr, err)
return
}
err = dbdata.Del(&data)
if err != nil {
RespError(w, RespInternalErr, err)
return
}
// sessdata.IpAllDel(&data)
RespSucess(w, nil)
}

14
server/admin/api_uploaduser.go
View File

@@ -5,11 +5,11 @@ import (
"io"
"net/http"
"os"
"path"
"strconv"
"strings"
"time"
"github.com/bjdgyc/anylink/base"
"github.com/bjdgyc/anylink/dbdata"
"github.com/bjdgyc/anylink/pkg/utils"
mapset "github.com/deckarep/golang-set"
@@ -25,21 +25,27 @@ func UserUpload(w http.ResponseWriter, r *http.Request) {
return
}
defer file.Close()
newFile, err := os.Create(base.Cfg.FilesPath + header.Filename)
// go/path-injection
// base.Cfg.FilesPath 可以直接对外访问,不能上传文件到此
fileName := path.Join(os.TempDir(), utils.RandomRunes(10))
newFile, err := os.Create(fileName)
if err != nil {
RespError(w, RespInternalErr, "创建文件失败:", err)
return
}
defer newFile.Close()
io.Copy(newFile, file)
if err = UploadUser(newFile.Name()); err != nil {
RespError(w, RespInternalErr, err)
os.Remove(base.Cfg.FilesPath + header.Filename)
os.Remove(fileName)
return
}
os.Remove(base.Cfg.FilesPath + header.Filename)
os.Remove(fileName)
RespSucess(w, "批量添加成功")
}
func UploadUser(file string) error {
f, err := excelize.OpenFile(file)
if err != nil {

13
server/admin/api_user.go
View File

@@ -22,6 +22,7 @@ import (
func UserList(w http.ResponseWriter, r *http.Request) {
_ = r.ParseForm()
prefix := r.FormValue("prefix")
prefix = strings.TrimSpace(prefix)
pageS := r.FormValue("page")
page, _ := strconv.Atoi(pageS)
if page < 1 {
@@ -37,8 +38,11 @@ func UserList(w http.ResponseWriter, r *http.Request) {
// 查询前缀匹配
if len(prefix) > 0 {
count = dbdata.CountPrefix("username", prefix, &dbdata.User{})
err = dbdata.Prefix("username", prefix, &datas, pageSize, 1)
fuzzy := "%" + prefix + "%"
where := "username LIKE ? OR nickname LIKE ? OR email LIKE ?"
count = dbdata.FindWhereCount(&dbdata.User{}, where, fuzzy, fuzzy, fuzzy)
err = dbdata.FindWhere(&datas, pageSize, page, where, fuzzy, fuzzy, fuzzy)
} else {
count = dbdata.CountAll(&dbdata.User{})
err = dbdata.Find(&datas, pageSize, page)
@@ -107,7 +111,7 @@ func UserSet(w http.ResponseWriter, r *http.Request) {
return
}
}
//修改用户资料后执行过期用户检测
// 修改用户资料后执行过期用户检测
sessdata.CloseUserLimittimeSession()
RespSucess(w, nil)
}
@@ -205,6 +209,7 @@ type userAccountMailData struct {
LinkAddr string
Group string
Username string
Nickname string
PinCode string
OtpImg string
OtpImgBase64 string
@@ -251,9 +256,11 @@ func userAccountMail(user *dbdata.User) error {
otpData, _ := userOtpQr(user.Id, true)
data := userAccountMailData{
Issuer: base.Cfg.Issuer,
LinkAddr: setting.LinkAddr,
Group: strings.Join(user.Groups, ","),
Username: user.Username,
Nickname: user.Nickname,
PinCode: user.PinCode,
OtpImg: fmt.Sprintf("https://%s/otp_qr?id=%d&jwt=%s", setting.LinkAddr, user.Id, tokenString),
OtpImgBase64: "data:image/png;base64," + otpData,

32
server/admin/server.go
View File

@@ -9,6 +9,8 @@ import (
"github.com/arl/statsviz"
"github.com/bjdgyc/anylink/base"
"github.com/bjdgyc/anylink/dbdata"
"github.com/bjdgyc/anylink/pkg/utils"
"github.com/gorilla/handlers"
"github.com/gorilla/mux"
)
@@ -19,6 +21,14 @@ var UiData embed.FS
func StartAdmin() {
r := mux.NewRouter()
// 所有路由添加安全头
r.Use(func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
utils.SetSecureHeader(w)
w.Header().Set("Server", "AnyLinkAdminOpenSource")
next.ServeHTTP(w, req)
})
})
r.Use(authMiddleware)
r.Use(handlers.CompressHandler)
@@ -46,6 +56,9 @@ func StartAdmin() {
r.HandleFunc("/set/audit/list", SetAuditList)
r.HandleFunc("/set/audit/export", SetAuditExport)
r.HandleFunc("/set/audit/act_log_list", UserActLogList)
r.HandleFunc("/set/other/createcert", CreatCert)
r.HandleFunc("/set/other/getcertset", GetCertSetting)
r.HandleFunc("/set/other/customcert", CustomCert)
r.HandleFunc("/user/list", UserList)
r.HandleFunc("/user/detail", UserDetail)
@@ -71,6 +84,7 @@ func StartAdmin() {
r.HandleFunc("/group/detail", GroupDetail)
r.HandleFunc("/group/set", GroupSet)
r.HandleFunc("/group/del", GroupDel)
r.HandleFunc("/group/auth_login", GroupAuthLogin)
r.HandleFunc("/statsinfo/list", StatsInfoList)
@@ -83,8 +97,9 @@ func StartAdmin() {
r.HandleFunc("/debug/pprof", location("/debug/pprof/")).Name("debug")
r.PathPrefix("/debug/pprof/").HandlerFunc(pprof.Index).Name("debug")
// statsviz
r.Path("/debug/statsviz/ws").Name("debug").HandlerFunc(statsviz.Ws)
r.PathPrefix("/debug/statsviz/").Name("debug").Handler(statsviz.Index)
srv, _ := statsviz.NewServer() // Create server or handle error
r.Path("/debug/statsviz/ws").Name("debug").HandlerFunc(srv.Ws())
r.PathPrefix("/debug/statsviz/").Name("debug").Handler(srv.Index())
}
base.Info("Listen admin", base.Cfg.AdminAddr)
@@ -95,18 +110,29 @@ func StartAdmin() {
for _, s := range cipherSuites {
selectedCipherSuites = append(selectedCipherSuites, s.ID)
}
if tlscert, _, err := dbdata.ParseCert(); err != nil {
base.Fatal("证书加载失败", err)
} else {
dbdata.LoadCertificate(tlscert)
}
// 设置tls信息
tlsConfig := &tls.Config{
NextProtos: []string{"http/1.1"},
MinVersion: tls.VersionTLS12,
CipherSuites: selectedCipherSuites,
GetCertificate: func(chi *tls.ClientHelloInfo) (*tls.Certificate, error) {
return dbdata.GetCertificateBySNI(chi.ServerName)
},
}
srv := &http.Server{
Addr: base.Cfg.AdminAddr,
Handler: r,
TLSConfig: tlsConfig,
ErrorLog: base.GetServerLog(),
}
err := srv.ListenAndServeTLS(base.Cfg.CertFile, base.Cfg.CertKey)
err := srv.ListenAndServeTLS("", "")
if err != nil {
base.Fatal(err)
}

10
server/base/app_ver.go
View File

@@ -2,6 +2,12 @@ package base
const (
APP_NAME = "AnyLink"
// app版本号
APP_VER = "0.9.2-beta1"
)
var (
// APP_VER app版本号
APP_VER = "0.0.1"
// 提交id
CommitId string
BuildDate string
)

23
server/base/cfg.go
View File

@@ -45,10 +45,12 @@ type ServerConfig struct {
FilesPath string `json:"files_path"`
LogPath string `json:"log_path"`
LogLevel string `json:"log_level"`
HttpServerLog bool `json:"http_server_log"`
Pprof bool `json:"pprof"`
Issuer string `json:"issuer"`
AdminUser string `json:"admin_user"`
AdminPass string `json:"admin_pass"`
AdminOtp string `json:"admin_otp"`
JwtSecret string `json:"jwt_secret"`
LinkMode string `json:"link_mode"` // tun tap macvtap ipvtap
@@ -69,12 +71,17 @@ type ServerConfig struct {
Mtu int `json:"mtu"`
DefaultDomain string `json:"default_domain"`
IdleTimeout int `json:"idle_timeout"` // in seconds
SessionTimeout int `json:"session_timeout"` // in seconds
// AuthTimeout int `json:"auth_timeout"` // in seconds
AuditInterval int `json:"audit_interval"` // in seconds
ShowSQL bool `json:"show_sql"` // bool
IptablesNat bool `json:"iptables_nat"`
Compression bool `json:"compression"` // bool
NoCompressLimit int `json:"no_compress_limit"` // int
DisplayError bool `json:"display_error"`
}
func initServerCfg() {
@@ -148,6 +155,7 @@ type SCfg struct {
Env string `json:"env"`
Info string `json:"info"`
Data interface{} `json:"data"`
Val interface{} `json:"default"`
}
func ServerCfg2Slice() []SCfg {
@@ -162,18 +170,27 @@ func ServerCfg2Slice() []SCfg {
field := typ.Field(i)
value := s.Field(i)
tag := field.Tag.Get("json")
usage, env := getUsageEnv(tag)
usage, env, val := getUsageEnv(tag)
datas = append(datas, SCfg{Name: tag, Env: env, Info: usage, Data: value.Interface()})
datas = append(datas, SCfg{Name: tag, Env: env, Info: usage, Data: value.Interface(), Val: val})
}
return datas
}
func getUsageEnv(name string) (usage, env string) {
func getUsageEnv(name string) (usage, env string, val interface{}) {
for _, v := range configs {
if v.Name == name {
usage = v.Usage
if v.Typ == cfgStr {
val = v.ValStr
}
if v.Typ == cfgInt {
val = v.ValInt
}
if v.Typ == cfgBool {
val = v.ValBool
}
}
}

68
server/base/cmd.go
View File

@@ -1,23 +1,25 @@
package base
import (
"errors"
"fmt"
"io"
"os"
"reflect"
"runtime"
"strings"
"github.com/bjdgyc/anylink/pkg/utils"
"github.com/skip2/go-qrcode"
"github.com/spf13/cobra"
"github.com/spf13/viper"
"github.com/xlzd/gotp"
)
var (
// 提交id
CommitId string
// pass明文
passwd string
// 生成otp
otp bool
// 生成密钥
secret bool
// 显示版本信息
@@ -56,8 +58,28 @@ func execute() {
}
if !runSrv {
if debug {
scfgData := ServerCfg2Slice()
fmtStr := "%-18v %-23v %-20v %v\n"
fmt.Printf(fmtStr, "Name", "Env", "Value", "Info")
for _, v := range scfgData {
if v.Name == "admin_pass" || v.Name == "jwt_secret" {
v.Val = "******"
}
fmt.Printf(fmtStr, v.Name, v.Env, v.Val, v.Info)
}
}
os.Exit(0)
}
// 移动配置解析代码
conf := linkViper.GetString("conf")
linkViper.SetConfigFile(conf)
err = linkViper.ReadInConfig()
if err != nil {
// 没有配置文件,直接报错
panic("config file err:" + err.Error())
}
}
func initCmd() {
@@ -69,13 +91,17 @@ func initCmd() {
Run: func(cmd *cobra.Command, args []string) {
// fmt.Println("cmd", cmd.Use, args)
runSrv = true
if rev {
printVersion()
os.Exit(0)
}
},
}
linkViper.SetEnvPrefix("link")
// 基础配置
for _, v := range configs {
if v.Typ == cfgStr {
rootCmd.Flags().StringP(v.Name, v.Short, v.ValStr, v.Usage)
@@ -92,23 +118,11 @@ func initCmd() {
// viper.SetDefault(v.Name, v.Value)
}
rootCmd.Flags().BoolVarP(&rev, "version", "v", false, "display version info")
rootCmd.AddCommand(initToolCmd())
cobra.OnInitialize(func() {
linkViper.AutomaticEnv()
conf := linkViper.GetString("conf")
_, err := os.Stat(conf)
if errors.Is(err, os.ErrNotExist) {
// 没有配置文件,不做处理
panic(err)
}
linkViper.SetConfigFile(conf)
err = linkViper.ReadInConfig()
if err != nil {
fmt.Println("Using config file:", err)
}
})
}
@@ -122,22 +136,31 @@ func initToolCmd() *cobra.Command {
toolCmd.Flags().BoolVarP(&rev, "version", "v", false, "display version info")
toolCmd.Flags().BoolVarP(&secret, "secret", "s", false, "generate a random jwt secret")
toolCmd.Flags().StringVarP(&passwd, "passwd", "p", "", "convert the password plaintext")
toolCmd.Flags().BoolVarP(&otp, "otp", "o", false, "generate a random otp secret")
toolCmd.Flags().BoolVarP(&debug, "debug", "d", false, "list the config viper.Debug() info")
toolCmd.Run = func(cmd *cobra.Command, args []string) {
runSrv = false
switch {
case rev:
fmt.Printf("%s v%s build on %s [%s, %s] commit_id(%s) \n",
APP_NAME, APP_VER, runtime.Version(), runtime.GOOS, runtime.GOARCH, CommitId)
printVersion()
case secret:
s, _ := utils.RandSecret(40, 60)
s = strings.Trim(s, "=")
fmt.Printf("Secret:%s\n", s)
case otp:
s := gotp.RandomSecret(32)
fmt.Printf("Otp:%s\n\n", s)
qrstr := fmt.Sprintf("otpauth://totp/%s:%s?issuer=%s&secret=%s", "anylink_admin", "admin@anylink", "anylink_admin", s)
qr, _ := qrcode.New(qrstr, qrcode.High)
ss := qr.ToSmallString(false)
io.WriteString(os.Stderr, ss)
case passwd != "":
pass, _ := utils.PasswordHash(passwd)
fmt.Printf("Passwd:%s\n", pass)
case debug:
linkViper.Debug()
// linkViper.Debug()
default:
fmt.Println("Using [anylink tool -h] for help")
}
@@ -145,3 +168,8 @@ func initToolCmd() *cobra.Command {
return toolCmd
}
func printVersion() {
fmt.Printf("%s v%s build on %s [%s, %s] date:%s commit_id(%s)\n",
APP_NAME, APP_VER, runtime.Version(), runtime.GOOS, runtime.GOARCH, BuildDate, CommitId)
}

27
server/base/config.go
View File

@@ -22,9 +22,9 @@ type config struct {
var configs = []config{
{Typ: cfgStr, Name: "conf", Usage: "config file", ValStr: "./conf/server.toml", Short: "c"},
{Typ: cfgStr, Name: "profile", Usage: "profile.xml file", ValStr: "./conf/profile.xml"},
{Typ: cfgStr, Name: "server_addr", Usage: "服务监听地址", ValStr: ":443"},
{Typ: cfgBool, Name: "server_dtls", Usage: "开启DTLS", ValBool: false},
{Typ: cfgStr, Name: "server_dtls_addr", Usage: "DTLS监听地址", ValStr: ":443"},
{Typ: cfgStr, Name: "server_addr", Usage: "TCP服务监听地址(任意端口)", ValStr: ":443"},
{Typ: cfgBool, Name: "server_dtls", Usage: "开启DTLS", ValBool: true},
{Typ: cfgStr, Name: "server_dtls_addr", Usage: "DTLS监听地址(任意端口)", ValStr: ":443"},
{Typ: cfgStr, Name: "admin_addr", Usage: "后台服务监听地址", ValStr: ":8800"},
{Typ: cfgBool, Name: "proxy_protocol", Usage: "TCP代理协议", ValBool: false},
{Typ: cfgStr, Name: "db_type", Usage: "数据库类型 [sqlite3 mysql postgres]", ValStr: "sqlite3"},
@@ -34,10 +34,12 @@ var configs = []config{
{Typ: cfgStr, Name: "files_path", Usage: "外部下载文件路径", ValStr: "./conf/files"},
{Typ: cfgStr, Name: "log_path", Usage: "日志文件路径,默认标准输出", ValStr: ""},
{Typ: cfgStr, Name: "log_level", Usage: "日志等级 [debug info warn error]", ValStr: "debug"},
{Typ: cfgBool, Name: "http_server_log", Usage: "开启go标准库http.Server的日志", ValBool: false},
{Typ: cfgBool, Name: "pprof", Usage: "开启pprof", ValBool: false},
{Typ: cfgStr, Name: "issuer", Usage: "系统名称", ValStr: "XX公司VPN"},
{Typ: cfgStr, Name: "admin_user", Usage: "管理用户名", ValStr: "admin"},
{Typ: cfgStr, Name: "admin_pass", Usage: "管理用户密码", ValStr: defaultPwd},
{Typ: cfgStr, Name: "admin_otp", Usage: "管理用户otp,生成命令 ./anylink tool -o", ValStr: ""},
{Typ: cfgStr, Name: "jwt_secret", Usage: "JWT密钥", ValStr: defaultJwt},
{Typ: cfgStr, Name: "link_mode", Usage: "虚拟网络类型[tun tap macvtap ipvtap]", ValStr: "tun"},
{Typ: cfgStr, Name: "ipv4_master", Usage: "ipv4主网卡名称", ValStr: "eth0"},
@@ -48,20 +50,25 @@ var configs = []config{
{Typ: cfgStr, Name: "default_group", Usage: "默认用户组", ValStr: "one"},
{Typ: cfgStr, Name: "default_domain", Usage: "要发布的默认域", ValStr: ""},
{Typ: cfgInt, Name: "ip_lease", Usage: "IP租期(秒)", ValInt: 1209600},
{Typ: cfgInt, Name: "ip_lease", Usage: "IP租期(秒)", ValInt: 86400},
{Typ: cfgInt, Name: "max_client", Usage: "最大用户连接", ValInt: 200},
{Typ: cfgInt, Name: "max_user_client", Usage: "最大单用户连接", ValInt: 3},
{Typ: cfgInt, Name: "cstp_keepalive", Usage: "keepalive时间(秒)", ValInt: 4},
{Typ: cfgInt, Name: "cstp_dpd", Usage: "死链接检测时间(秒)", ValInt: 10},
{Typ: cfgInt, Name: "mobile_keepalive", Usage: "移动端keepalive接检测时间(秒)", ValInt: 7},
{Typ: cfgInt, Name: "mobile_dpd", Usage: "移动端死链接检测时间(秒)", ValInt: 15},
{Typ: cfgInt, Name: "cstp_keepalive", Usage: "keepalive时间(秒)", ValInt: 5},
{Typ: cfgInt, Name: "cstp_dpd", Usage: "死链接检测时间(秒)", ValInt: 12},
{Typ: cfgInt, Name: "mobile_keepalive", Usage: "移动端keepalive接检测时间(秒)", ValInt: 10},
{Typ: cfgInt, Name: "mobile_dpd", Usage: "移动端死链接检测时间(秒)", ValInt: 22},
{Typ: cfgInt, Name: "mtu", Usage: "最大传输单元MTU", ValInt: 1460},
{Typ: cfgInt, Name: "session_timeout", Usage: "session过期时间(秒)", ValInt: 3600},
{Typ: cfgInt, Name: "idle_timeout", Usage: "空闲链接超时时间(秒)-超时后断开链接0关闭此功能", ValInt: 7200},
{Typ: cfgInt, Name: "session_timeout", Usage: "session过期时间(秒)-用于断线重连0永不过期", ValInt: 3600},
// {Typ: cfgInt, Name: "auth_timeout", Usage: "auth_timeout", ValInt: 0},
{Typ: cfgInt, Name: "audit_interval", Usage: "审计去重间隔(秒),-1关闭", ValInt: -1},
{Typ: cfgInt, Name: "audit_interval", Usage: "审计去重间隔(秒),-1关闭", ValInt: 600},
{Typ: cfgBool, Name: "show_sql", Usage: "显示sql语句用于调试", ValBool: false},
{Typ: cfgBool, Name: "iptables_nat", Usage: "是否自动添加NAT", ValBool: true},
{Typ: cfgBool, Name: "compression", Usage: "启用压缩", ValBool: false},
{Typ: cfgInt, Name: "no_compress_limit", Usage: "低于及等于多少字节不压缩", ValInt: 256},
{Typ: cfgBool, Name: "display_error", Usage: "客户端显示详细错误信息(线上环境慎开启)", ValBool: false},
}
var envs = map[string]string{}

69
server/base/log.go
View File

@@ -10,11 +10,12 @@ import (
)
const (
_Debug = iota
_Info
_Warn
_Error
_Fatal
LogLevelTrace = iota
LogLevelDebug
LogLevelInfo
LogLevelWarn
LogLevelError
LogLevelFatal
)
var (
@@ -27,6 +28,10 @@ var (
logName = "anylink.log"
)
func init() {
log.SetFlags(log.LstdFlags | log.Lshortfile)
}
// 实现 os.Writer 接口
type logWriter struct {
UseStdout bool
@@ -76,28 +81,46 @@ func initLog() {
baseLw.newFile()
baseLevel = logLevel2Int(Cfg.LogLevel)
baseLog = log.New(baseLw, "", log.LstdFlags|log.Lshortfile)
serverLog = log.New(&sLogWriter{}, "[http_server]", log.LstdFlags|log.Lshortfile)
}
func GetBaseLw() *logWriter {
return baseLw
}
var serverLog *log.Logger
type sLogWriter struct{}
func (w *sLogWriter) Write(p []byte) (n int, err error) {
if Cfg.HttpServerLog {
return os.Stderr.Write(p)
}
return 0, nil
}
// 获取 log.Logger
func GetBaseLog() *log.Logger {
return baseLog
func GetServerLog() *log.Logger {
return serverLog
}
func GetLogLevel() int {
return baseLevel
}
func logLevel2Int(l string) int {
levels = map[int]string{
_Debug: "Debug",
_Info: "Info",
_Warn: "Warn",
_Error: "Error",
_Fatal: "Fatal",
LogLevelTrace: "Trace",
LogLevelDebug: "Debug",
LogLevelInfo: "Info",
LogLevelWarn: "Warn",
LogLevelError: "Error",
LogLevelFatal: "Fatal",
}
lvl := _Info
lvl := LogLevelInfo
for k, v := range levels {
if strings.EqualFold(strings.ToLower(l), strings.ToLower(v)) {
if strings.ToLower(l) == strings.ToLower(v) {
lvl = k
}
}
@@ -109,8 +132,16 @@ func output(l int, s ...interface{}) {
_ = baseLog.Output(3, lvl+fmt.Sprintln(s...))
}
func Trace(v ...interface{}) {
l := LogLevelTrace
if baseLevel > l {
return
}
output(l, v...)
}
func Debug(v ...interface{}) {
l := _Debug
l := LogLevelDebug
if baseLevel > l {
return
}
@@ -118,7 +149,7 @@ func Debug(v ...interface{}) {
}
func Info(v ...interface{}) {
l := _Info
l := LogLevelInfo
if baseLevel > l {
return
}
@@ -126,7 +157,7 @@ func Info(v ...interface{}) {
}
func Warn(v ...interface{}) {
l := _Warn
l := LogLevelWarn
if baseLevel > l {
return
}
@@ -134,7 +165,7 @@ func Warn(v ...interface{}) {
}
func Error(v ...interface{}) {
l := _Error
l := LogLevelError
if baseLevel > l {
return
}
@@ -142,7 +173,7 @@ func Error(v ...interface{}) {
}
func Fatal(v ...interface{}) {
l := _Fatal
l := LogLevelFatal
if baseLevel > l {
return
}

82
server/base/mod.go Normal file
View File

@@ -0,0 +1,82 @@
package base
import (
"bufio"
"fmt"
"log"
"os"
"os/exec"
"strings"
)
const (
procModulesPath = "/proc/modules"
inContainerKey = "ANYLINK_IN_CONTAINER"
tunPath = "/dev/net/tun"
)
var (
InContainer = false
modMap = map[string]struct{}{}
)
func initMod() {
container := os.Getenv(inContainerKey)
if container == "true" {
InContainer = true
}
log.Println("InContainer", InContainer)
file, err := os.Open(procModulesPath)
if err != nil {
err = fmt.Errorf("[ERROR] Problem with open file: %s", err)
panic(err)
}
defer file.Close()
scanner := bufio.NewScanner(file)
scanner.Split(bufio.ScanLines)
for scanner.Scan() {
splited := strings.Split(scanner.Text(), " ")
if len(splited[0]) > 0 {
modMap[splited[0]] = struct{}{}
}
}
}
func CheckModOrLoad(mod string) {
log.Println("CheckModOrLoad", mod)
if _, ok := modMap[mod]; ok {
return
}
var err error
if mod == "tun" || mod == "tap" {
_, err = os.Stat(tunPath)
if err == nil {
// 文件存在
return
}
err = fmt.Errorf("[error] Linux tunFile is null %s", tunPath)
log.Println(err)
return
// panic(err)
}
if InContainer {
err = fmt.Errorf("[error] Linux module %s is not loaded, please run `modprobe %s`", mod, mod)
log.Println(err)
return
// panic(err)
}
cmdstr := fmt.Sprintln("modprobe", mod)
cmd := exec.Command("sh", "-c", cmdstr)
b, err := cmd.CombinedOutput()
if err != nil {
log.Println(string(b))
panic(err)
}
}

1
server/base/start.go
View File

@@ -4,6 +4,7 @@ func Start() {
execute()
initCfg()
initLog()
initMod()
}
func Test() {

20
server/build_test.sh Normal file
View File

@@ -0,0 +1,20 @@
#!/bin/sh
# docker run -it --rm -v $PWD:/app -v /go:/go -w /app --platform=linux/arm64 golang:alpine3.19 sh build_test.sh
set -x
sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
export GOPROXY=https://goproxy.cn
apk add build-base tzdata gcc musl-dev upx
#go build -o anylink
go build -o anylink -ldflags "-s -w -extldflags '-static'"
go env
uname -a
./anylink -v

2
server/conf/files/info.txt
View File

@@ -1,2 +1,2 @@
客户端软件需放置在files目录内
如需要帮助请加QQ群567510628
如需要帮助请加QQ群567510628 、739072205

13
server/conf/profile.xml
View File

@@ -8,6 +8,7 @@
<RestrictPreferenceCaching>false</RestrictPreferenceCaching>
<RestrictTunnelProtocols>IPSec</RestrictTunnelProtocols>
<BypassDownloader>true</BypassDownloader>
<AutoUpdate UserControllable="false">false</AutoUpdate>
<WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>
<LinuxVPNEstablishment>AllowRemoteUsers</LinuxVPNEstablishment>
<CertEnrollmentPin>pinAllowed</CertEnrollmentPin>
@@ -20,15 +21,19 @@
</ExtendedKeyUsage>
</CertificateMatch>
<BackupServerList>
<HostAddress>localhost</HostAddress>
</BackupServerList>
</ClientInitialization>
<ServerList>
<HostEntry>
<HostName>VPN Server</HostName>
<HostName>VPN</HostName>
<HostAddress>localhost</HostAddress>
</HostEntry>
<HostEntry>
<HostName>VPN2</HostName>
<HostAddress>localhost2</HostAddress>
</HostEntry>
</ServerList>
</AnyConnectProfile>

35
server/conf/server-sample.toml
View File

@@ -23,19 +23,24 @@ issuer = "XX公司VPN"
admin_user = "admin"
#pass 123456
admin_pass = "$2a$10$UQ7C.EoPifDeJh6d8.31TeSPQU7hM/NOM2nixmBucJpAuXDQNqNke"
# 留空表示不开启 otp, 开启otp后密码为 pass + 6位otp
# 生成 ./anylink tool -o
admin_otp = ""
jwt_secret = "abcdef.0123456789.abcdef"
#服务监听地址
#TCP服务监听地址(任意端口)
server_addr = ":443"
#开启 DTLS, 默认关闭
server_dtls = false
#开启 DTLS
server_dtls = true
#UDP监听地址(任意端口)
server_dtls_addr = ":443"
#后台服务监听地址
admin_addr = ":8800"
#开启tcp proxy protocol协议
proxy_protocol = false
#虚拟网络类型[tun macvtap tap]
link_mode = "tun"
#客户端分配的ip地址池
@@ -46,20 +51,20 @@ ipv4_start = "192.168.90.100"
ipv4_end = "192.168.90.200"
#最大客户端数量
max_client = 100
max_client = 200
#单个用户同时在线数量
max_user_client = 3
#IP租期(秒)
ip_lease = 1209600
ip_lease = 86400
#默认选择的组
default_group = "one"
#客户端失效检测时间(秒) dpd > keepalive
cstp_keepalive = 6
cstp_dpd = 10
mobile_keepalive = 15
mobile_dpd = 20
cstp_keepalive = 5
cstp_dpd = 12
mobile_keepalive = 10
mobile_dpd = 22
#设置最大传输单元
mtu = 1460
@@ -68,14 +73,24 @@ mtu = 1460
default_domain = "example.com"
#default_domain = "example.com abc.example.com"
#空闲链接超时时间(秒)-超时后断开链接0关闭此功能
idle_timeout = 7200
#session过期时间用于断线重连0永不过期
session_timeout = 3600
auth_timeout = 0
audit_interval = -1
audit_interval = 600
show_sql = false
#是否自动添加nat
iptables_nat = true
#启用压缩
compression = false
#低于及等于多少字节不压缩
no_compress_limit = 256
#客户端显示详细错误信息(线上环境慎开启)
display_error = false

18
server/conf/server.toml
View File

@@ -18,14 +18,22 @@ issuer = "XX公司VPN"
admin_user = "admin"
#pass 123456
admin_pass = "$2a$10$UQ7C.EoPifDeJh6d8.31TeSPQU7hM/NOM2nixmBucJpAuXDQNqNke"
# 留空表示不开启 otp, 开启otp后密码为 pass + 6位otp
# 生成 ./anylink tool -o
admin_otp = ""
jwt_secret = "abcdef.0123456789.abcdef"
#服务监听地址
#TCP服务监听地址(任意端口)
server_addr = ":443"
#开启 DTLS
server_dtls = true
#UDP监听地址(任意端口)
server_dtls_addr = ":443"
#后台服务监听地址
admin_addr = ":8800"
#虚拟网络类型[tun macvtap]
link_mode = "tun"
#客户端分配的ip地址池
ipv4_master = "eth0"
ipv4_cidr = "192.168.90.0/24"
@@ -35,3 +43,9 @@ ipv4_end = "192.168.90.200"
#是否自动添加nat
iptables_nat = true
#客户端显示详细错误信息(线上环境慎开启)
display_error = true

120
server/conf/vpn_cert.crt
View File

@@ -1,61 +1,67 @@
-----BEGIN CERTIFICATE-----
MIIF9jCCBN6gAwIBAgIQAuUy6Rv6Bo3nDXn5FackbDANBgkqhkiG9w0BAQsFADBu
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMS0wKwYDVQQDEyRFbmNyeXB0aW9uIEV2ZXJ5d2hlcmUg
RFYgVExTIENBIC0gRzEwHhcNMjMwMTAzMDAwMDAwWhcNMjQwMTAzMjM1OTU5WjAc
MRowGAYDVQQDExF2cG4udGVzdC52cWlsdS5jbjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANJAJPYBvOP/7v8SgMIkVLIulN/ziPALvFcEwVnQDImUIky8
4udy0fmvJ2E3E3NL6Qv14ZHDGtH7CafukimNWTT2BVmQBYiO1ZlUkHcHUX4IoYEh
egdy2xw0WwknJWTOyvkRkeDhtT9QUpA/zeemS4q1TG95zRDf5htUR4OMZXsZpkQ2
bkSgnLtdyUmw2nhfSWgsD9fbwr6WnOx/swsUe52N3sIDZ6JTgn3N7xeT3/lVJKVN
wyYkZldialmRzrs6btr3mmnqpWObcc4FvKr/CLmoOSXl0I1wWsr+HnQ4X9hHsJUk
jk3EZKfhH3mM37HF8apqztb6WjC3R96Zam6Z8bMCAwEAAaOCAuAwggLcMB8GA1Ud
IwQYMBaAFFV0T7JyT/VgulDR1+ZRXJoBhxrXMB0GA1UdDgQWBBSUpPcW3emC2l0o
q6qRBOBDMjQ2rDAcBgNVHREEFTATghF2cG4udGVzdC52cWlsdS5jbjAOBgNVHQ8B
Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD4GA1UdIAQ3
MDUwMwYGZ4EMAQIBMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQu
Y29tL0NQUzCBgAYIKwYBBQUHAQEEdDByMCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz
cC5kaWdpY2VydC5jb20wSgYIKwYBBQUHMAKGPmh0dHA6Ly9jYWNlcnRzLmRpZ2lj
ZXJ0LmNvbS9FbmNyeXB0aW9uRXZlcnl3aGVyZURWVExTQ0EtRzEuY3J0MAkGA1Ud
EwQCMAAwggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB2AO7N0GTV2xrOxVy3nbTN
E6Iyh0Z8vOzew1FIWUZxH7WbAAABhXXkyXMAAAQDAEcwRQIgVhLvLOPcW0V1xhBv
5KSeqGHbAnRVhew3kutV3Bu1x+ICIQCbYjRtmkDo1hx6p0YNdNfkZ3N5u+syVjwH
Al3a9NpVxgB1AEiw42vapkc0D+VqAvqdMOscUgHLVt0sgdm7v6s52IRzAAABhXXk
yY4AAAQDAEYwRAIgcuscG2kkSGNvAsVH9CAtXjNUwk9UJriY0+3OtQ4WVrMCIAsC
CkqEI1Ek5M26yrWt0Q7+u+UZ8rXhfYu3kcMMq7PVAHYAO1N3dT4tuYBOizBbBv5A
O2fYT8P0x70ADS1yb+H61BcAAAGFdeTJkAAABAMARzBFAiAEJbJTN8hrRUZ6UaaD
2TlyDQfzUvTkex0XGT6PGKHkagIhAJ+Kg6tdt/csKde2vdweu+dT01fzg/fq4q3o
mjfPhFm1MA0GCSqGSIb3DQEBCwUAA4IBAQAKFTUHbpgKsXARCBIIfEZGqkOvaafm
QaoNodc6cj0+LJCbuMzrTlkzmII0X/U52MBG8JCEIO8BPe5R4NIFqqaE066zQANq
HOsROOJi2A+WTTZcSEHbH3uhdVwcEQHvDzaOEEJc9Ilz6pdYsrv+trOmeR5PeIxv
t1jQacSwN1z6z0N4CRjBpePV/9nwETkEaKjQuXSoYlN+pczK/4nX2W9+E/OnwtZs
ScyFffPtTLHf1u4eSYuBT/AdwaKHXetxWzh98GP9LRfQhm63Gs+/WcloYl489dG/
FOFjch2TdmrPcUwxxGEbbPt3zXRxSVlzvIaf4gTUl2+PsKwbKy/w4OLS
MIIGbTCCBNWgAwIBAgIQIodwqN03+Y3aYpdvfq2qKTANBgkqhkiG9w0BAQwFADBZ
MQswCQYDVQQGEwJDTjElMCMGA1UEChMcVHJ1c3RBc2lhIFRlY2hub2xvZ2llcywg
SW5jLjEjMCEGA1UEAxMaVHJ1c3RBc2lhIFJTQSBEViBUTFMgQ0EgRzIwHhcNMjQw
MTIyMDAwMDAwWhcNMjUwMTIxMjM1OTU5WjAcMRowGAYDVQQDExF2cG4udGVzdC52
cWlsdS5jbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANFWPBr5g8py
8oPZhklQw9zBcIvfaEX2AVPIwW6iOm+j8v0LvXTGQkE1bZx4RwB1jKiEGG3KVsIU
pTJCkNEmwCZGJYvnNKN952zhtUQieZe8X4Zr0W43+j9Hbv+TKt6MFV3u70ArOD2T
m8j/gWFcUyK9mDCCFpKImRUckbp6GYJUZHXUDktQiOu5v6Jgl9pLZ2XhZXGf2TJh
G441TScMwidYToX51VrnscRQQ6iUMSav1H43lchdh9fAThbheP/kIv6YEswT45oA
MrxET10+iaCTdWpz+zy2GWXLO2pH9N9AjALCZA1/5QHkMhavmJgOxfitTeGzAlBQ
JNAIs0Rx1K0CAwEAAaOCAuwwggLoMB8GA1UdIwQYMBaAFF86fBEQfgxncWHci6O1
AANn9VccMB0GA1UdDgQWBBRDRfNBNYRlLb4V1MRTnU+bUVnvnDAOBgNVHQ8BAf8E
BAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwSQYDVR0gBEIwQDA0BgsrBgEEAbIxAQICMTAlMCMGCCsGAQUFBwIBFhdodHRw
czovL3NlY3RpZ28uY29tL0NQUzAIBgZngQwBAgEwfQYIKwYBBQUHAQEEcTBvMEIG
CCsGAQUFBzAChjZodHRwOi8vY3J0LnRydXN0LXByb3ZpZGVyLmNuL1RydXN0QXNp
YVJTQURWVExTQ0FHMi5jcnQwKQYIKwYBBQUHMAGGHWh0dHA6Ly9vY3NwLnRydXN0
LXByb3ZpZGVyLmNuMBwGA1UdEQQVMBOCEXZwbi50ZXN0LnZxaWx1LmNuMIIBfwYK
KwYBBAHWeQIEAgSCAW8EggFrAWkAdgDPEVbu1S58r/OHW9lpLpvpGnFnSrAX7KwB
0lt3zsw7CAAAAY0v95Z6AAAEAwBHMEUCIDbFVgzV1DDvqTq6UnYisMqAEJn1cR+d
mc+agwaOuRbrAiEAz3W2HooNcKqADX9QyK8xQQ8r9BQKVCQzF76g9AZKeDoAdwCi
4wrkRe+9rZt+OO1HZ3dT14JbhJTXK14bLMS5UKRH5wAAAY0v95ZkAAAEAwBIMEYC
IQCWVxDjciJ/KMbwbqMbEZdsDq0nCrotlPhIBb5wFBurVgIhAOgnw3nqSqFYRm8y
OL3nz8rop0V5IEtgiNarOqMfLf33AHYATnWjJ1yaEMM4W2zU3z9S6x3w4I4bjWnA
sfpksWKaOd8AAAGNL/eWFwAABAMARzBFAiBB+V0NBebuCniZVuin5OaMYvWyNvRd
NJ6hRmLbSKQAwwIhAKrPRrAP3An/9HSrFN/70eEK5DHT8+q8m0L5tc0+TckmMA0G
CSqGSIb3DQEBDAUAA4IBgQCB65Q0V6Mewca0iVCxLJxczu6XYCCwsUzJiTWYjao3
XZVe8yB4RhAimsUY+U3nXIL3RivkJydqfOO9N5APWndDgbtS4r55TFdscDUDmzsR
S5kYCoEudbDWT89U+tHMOxzUKkb3nDA0WvJEN52CAanYO3blihnX3eX7enQMGtsM
gfDrArcQyS+WMKUkyOlNysqGtj3XWYKssBPrX/0GqMimoeYkg+B4daBTbOVB6sKs
+USnmhI2MF3QUxn0+fC207HbSDj7s4a6npjg5KsL0zUsFrNZlMH30Tx2L0WuI1T7
65lKHaKt8CyuL/YTjD5lAGYtJ+K9ypl5sBUFCXeW1lazTocjDa2CKv3WV+kVBhyO
2nA2Lo4e643YXwXw98+ufU2U9yUjn1OrhsUXo3qaxETGVMumRwubtX4O2dUKnYGF
xBxfHzXJKhZjX+U2ENIwsrm7pp3dcpIZqKxPCeowU5Ma9tvYpM7kgDhploMfsVic
H7pWcFY99X5nMwJoDDBYomY=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEqjCCA5KgAwIBAgIQAnmsRYvBskWr+YBTzSybsTANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
QTAeFw0xNzExMjcxMjQ2MTBaFw0yNzExMjcxMjQ2MTBaMG4xCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xLTArBgNVBAMTJEVuY3J5cHRpb24gRXZlcnl3aGVyZSBEViBUTFMgQ0EgLSBH
MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALPeP6wkab41dyQh6mKc
oHqt3jRIxW5MDvf9QyiOR7VfFwK656es0UFiIb74N9pRntzF1UgYzDGu3ppZVMdo
lbxhm6dWS9OK/lFehKNT0OYI9aqk6F+U7cA6jxSC+iDBPXwdF4rs3KRyp3aQn6pj
pp1yr7IB6Y4zv72Ee/PlZ/6rK6InC6WpK0nPVOYR7n9iDuPe1E4IxUMBH/T33+3h
yuH3dvfgiWUOUkjdpMbyxX+XNle5uEIiyBsi4IvbcTCh8ruifCIi5mDXkZrnMT8n
wfYCV6v6kDdXkbgGRLKsR4pucbJtbKqIkUGxuZI2t7pfewKRc5nWecvDBZf3+p1M
pA8CAwEAAaOCAU8wggFLMB0GA1UdDgQWBBRVdE+yck/1YLpQ0dfmUVyaAYca1zAf
BgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8EBAMCAYYw
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8C
AQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp
Y2VydC5jb20wQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQu
Y29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDBMBgNVHSAERTBDMDcGCWCGSAGG
/WwBAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BT
MAgGBmeBDAECATANBgkqhkiG9w0BAQsFAAOCAQEAK3Gp6/aGq7aBZsxf/oQ+TD/B
SwW3AU4ETK+GQf2kFzYZkby5SFrHdPomunx2HBzViUchGoofGgg7gHW0W3MlQAXW
M0r5LUvStcr82QDWYNPaUy4taCQmyaJ+VB+6wxHstSigOlSNF2a6vg4rgexixeiV
4YSB03Yqp2t3TeZHM9ESfkus74nQyW7pRGezj+TC44xCagCQQOzzNmzEAP2SnCrJ
sNE2DpRVMnL8J6xBRdjmOsC3N6cQuKuRXbzByVBjCqAA8t1L0I+9wXJerLPyErjy
rMKWaBFLmfK/AHNF4ZihwPGOc7w6UHczBZXH5RFzJNnww+WnKuTPI0HfnVH8lg==
MIIFBzCCA++gAwIBAgIRALIM7VUuMaC/NDp1KHQ76aswDQYJKoZIhvcNAQELBQAw
ezELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNV
BAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczAeFw0yMjAxMTAwMDAwMDBaFw0y
ODEyMzEyMzU5NTlaMFkxCzAJBgNVBAYTAkNOMSUwIwYDVQQKExxUcnVzdEFzaWEg
VGVjaG5vbG9naWVzLCBJbmMuMSMwIQYDVQQDExpUcnVzdEFzaWEgUlNBIERWIFRM
UyBDQSBHMjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKjGDe0GSaBs
Yl/VhMaTM6GhfR1TAt4mrhN8zfAMwEfLZth+N2ie5ULbW8YvSGzhqkDhGgSBlafm
qq05oeESrIJQyz24j7icGeGyIZ/jIChOOvjt4M8EVi3O0Se7E6RAgVYcX+QWVp5c
Sy+l7XrrtL/pDDL9Bngnq/DVfjCzm5ZYUb1PpyvYTP7trsV+yYOCNmmwQvB4yVjf
IIpHC1OcsPBntMUGeH1Eja4D+qJYhGOxX9kpa+2wTCW06L8T6OhkpJWYn5JYiht5
8exjAR7b8Zi3DeG9oZO5o6Qvhl3f8uGU8lK1j9jCUN/18mI/5vZJ76i+hsgdlfZB
Rh5lmAQjD80M9TY+oD4MYUqB5XrigPfFAUwXFGehhlwCVw7y6+5kpbq/NpvM5Ba8
SeQYUUuMA8RXpTtGlrrTPqJryfa55hTuX/ThhX4gcCVkbyujo0CYr+Uuc14IOyNY
1fD0/qORbllbgV41wiy/2ZUWZQUodqHWkjT1CwIMbQOY5jmrSYGBwwIDAQABo4IB
JjCCASIwHwYDVR0jBBgwFoAUoBEKIz6W8Qfs4q8p74Klf9AwpLQwHQYDVR0OBBYE
FF86fBEQfgxncWHci6O1AANn9VccMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8E
CDAGAQH/AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAiBgNVHSAE
GzAZMA0GCysGAQQBsjEBAgIxMAgGBmeBDAECATBDBgNVHR8EPDA6MDigNqA0hjJo
dHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNy
bDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9k
b2NhLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAHMUom5cxIje2IiFU7mOCsBr2F6CY
eU5cyfQ/Aep9kAXYUDuWsaT85721JxeXFYkf4D/cgNd9+hxT8ZeDOJrn+ysqR7NO
2K9AdqTdIY2uZPKmvgHOkvH2gQD6jc05eSPOwdY/10IPvmpgUKaGOa/tyygL8Og4
3tYyoHipMMnS4OiYKakDJny0XVuchIP7ZMKiP07Q3FIuSS4omzR77kmc75/6Q9dP
v4wa90UCOn1j6r7WhMmX3eT3Gsdj3WMe9bYD0AFuqa6MDyjIeXq08mVGraXiw73s
Zale8OMckn/BU3O/3aFNLHLfET2H2hT6Wb3nwxjpLIfXmSVcVd8A58XH0g==
-----END CERTIFICATE-----

55
server/conf/vpn_cert.key
View File

@@ -1,27 +1,28 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA0kAk9gG84//u/xKAwiRUsi6U3/OI8Au8VwTBWdAMiZQiTLzi
53LR+a8nYTcTc0vpC/XhkcMa0fsJp+6SKY1ZNPYFWZAFiI7VmVSQdwdRfgihgSF6
B3LbHDRbCSclZM7K+RGR4OG1P1BSkD/N56ZLirVMb3nNEN/mG1RHg4xlexmmRDZu
RKCcu13JSbDaeF9JaCwP19vCvpac7H+zCxR7nY3ewgNnolOCfc3vF5Pf+VUkpU3D
JiRmV2JqWZHOuzpu2veaaeqlY5txzgW8qv8Iuag5JeXQjXBayv4edDhf2EewlSSO
TcRkp+EfeYzfscXxqmrO1vpaMLdH3plqbpnxswIDAQABAoIBAGKKzugAi4Q/Vch2
ZyPXPF0hCQToE3QSxAzy/R53rRCkfekClMTO44xHpEjjs/mTiCBjd3xGeiEVrIJp
hlb0WW3Bq2M9ZeKJs6JAaM9o/jB4oh2wT44DLqALB+oDz3puk+Jl8j34++a3YmMa
jIq4veo+rBsJduwkTKjdeQE2ge/ODZEQ6bUmSjYo1P9LNGEyO2wmcVk+jHx0zBi7
8fR3oY03Io+byuN0494Di1m3IpIdj3ma0MV5zJf31urLXqqYtOApouWL/yhZOIuo
YW+mcuS7ZgK5FsqrUm0vGBcf24GcKhhlBlUu0mfLrCRrWLDsqJDQ/8alvuNP0IVm
gqz0H5UCgYEA8yaKzMfkeRXSTERt6NZHo/8ShIn26Yf+pMDpVdYKfVBL254vGTeq
B+LQhDpxZV1iMr1FNvkhHtNGQ74ZbWOj4+5Xjsllaw1ao2iGp1w/chuJ6FG/Go4q
9FaY3eGiCqRJOQNivBxU/D7sN0y4b48HAEQdmp516pItlGtG+C8TY38CgYEA3VyD
6EczHdAmPO7bdbYn/irfe78so1lHT04P0FiVg2W77ZKuQINTNDK9w/alYyZ2tH1b
N2JznulJ6UDcl4xw43xJixxhme2jWPaYzmQUuQHviZ0D0tCgmOkN8bUnc9LSvEGA
SnaiKbOtUfP8Z3c/mF997wuFNfdmhww8LBpbO80CgYEAmdRKf9/+5bQuhd3NAz99
t31KQ9vdAEXvjmAVvx5ZKIrCU0EyXuvegHq4nM80qoJ3+83Omkbm80+K5pTAFXqy
VyOU9Vro9N9P9o3MktlDsndFulrtYmmLN2YJ9GYpVD43rQA9WPE7uxI784hwLvP3
4+00JXwW8b5lY76y+ZUe2RUCgYEAt6BQN/YgPCH4JmHKIWp64If2HbQntlWQJwRN
b/qcBIT3EQu1iwSll85jxtSqu4YjwHOgoGAGI5PIYTsSApFY8AyhAUoI2OTdtSXS
+prg6dvmNhTPICk6n73seE5bLOR9NfdsEdk5ijhnlW09OyMb2S2VzR+UYIEbRvnq
THeMqR0CgYEAwQ9aAIGD4t4DXjHHtz6Wqpbq6jj6mmYBsL9jqRgu8ASj1/THgWWn
iUrlCbFIXWu2vnP1h0SBV56GA7MSTqAt0ZdTzpI1PRkMOIO9z1dN4Q2R1SEya1eF
7/LPLqJIoLbILGvy6U3DLYdMckPZaoTPf5BNKD52paZcNbjkXTlVLSY=
-----END RSA PRIVATE KEY-----
-----BEGIN PRIVATE KEY-----
MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQDRVjwa+YPKcvKD
2YZJUMPcwXCL32hF9gFTyMFuojpvo/L9C710xkJBNW2ceEcAdYyohBhtylbCFKUy
QpDRJsAmRiWL5zSjfeds4bVEInmXvF+Ga9FuN/o/R27/kyrejBVd7u9AKzg9k5vI
/4FhXFMivZgwghaSiJkVHJG6ehmCVGR11A5LUIjrub+iYJfaS2dl4WVxn9kyYRuO
NU0nDMInWE6F+dVa57HEUEOolDEmr9R+N5XIXYfXwE4W4Xj/5CL+mBLME+OaADK8
RE9dPomgk3Vqc/s8thllyztqR/TfQIwCwmQNf+UB5DIWr5iYDsX4rU3hswJQUCTQ
CLNEcdStAgMBAAECgf97UHp7u8+x4lz6BQB8/c0xHWdAw1clIveZbEVl0hNoVUN/
EKku+q/1Sf+CuhnbgLjT1bkVnnotmVcGeWH2DeCnkMJqHVMOBRb/dso2fw+pCTzY
VofQpmbPy1xCXb6chqrpT3MTaJdI7IrBCNEQ54cOxsojwzp0MfejS/NI41q8iuCS
hVry+VEbmtA22vjwMvsF6NsRKlfc1DUyC/ZoHB91gzKmvLdXBREwBXtdiJfMlu9G
EKH3ORxbcanmdsXWIG84t5M9Sf9L5FZe6tlL4FdoKv25Vxv2z+PVM8Y/0B3IBTCb
yqMK8579PTlHl40WRjSgzpijGvMxuIpgm5KaXQECgYEA7U6lBhRWmPsJRaK0jyAv
qnaC5AbnM8OjIbsDtnQxn0BWvx7aZznxOE4jL0QejUD/gov6yYkNhIu797LzO8Mq
fEqEX7Bp23PfLvybqkyhJWFz26v0erU5q8Rlt648bK7Ul1j8FkmsEN3qu+64c8Fu
pzN081bqOGjEcaCjsHswvkMCgYEA4dOPvYYu8wBfrH3Gn94XHWWVvFMnWErXEOzK
eL0dFg3Ae+y8Sg5x9YTz3XjwyzwcTbrD0zg4huWwmD64BgPcliG7XKA093ea2JIs
Mah5/KTQmltcIut7qUvzwwbQVfN3xTwWzd7eDtEIAeFZ8r/HzJM6X21b/LaQIXUY
Gb7dik8CgYAaaUxYlt7ke9wWUfuCinSDplj/A/2rdzSqxmOtZNU5AjIlZ0urfXlp
aNjlo9E6q2dEokuxLn3AqMSs1s/XcOtDlg+RjtLZR9YpJpg0pf6xaF06r7KwDYdz
pJIllVDIT9T9WzwDRwPNhMVhUTpaN8cW+NUlWCENUiu68cQGGk/cfQKBgEmvRk+I
4PjZPl6CC7VOOiyVYO46E7RzdwlGuin7SupPQmctL6LaY8TAxPGW7LrjujiCoDLj
PU6G08BZdqI/0FIMX54xiBbXJ+dSiqkJWARfotE6zi12uLrc1YTlTEU/U+0/VhGG
jt42xm4WocrbWM4fnARXIpSq3QyNsHd2F8NxAoGBAMEcT0mFQ0J7HCQ+zL36ogGv
Bc/N6WR0xSEBQVG9D4iysxX4XyJukCuUCvMIbsBj5IVAVBlMNxfDtL/kD6tgy0L7
tdN7nOaYgnqTyZfQItz92cQ6oiIqW7GPJA5ATJe1fxXINjcP6EkRDAfACBW7/l85
Cd/yRpaOSMPbqKO1OOSn
-----END PRIVATE KEY-----

2
server/cron/start.go
View File

@@ -3,6 +3,7 @@ package cron
import (
"time"
"github.com/bjdgyc/anylink/dbdata"
"github.com/bjdgyc/anylink/sessdata"
"github.com/go-co-op/gocron"
)
@@ -13,5 +14,6 @@ func Start() {
s.Cron("0 * * * *").Do(ClearStatsInfo)
s.Cron("0 * * * *").Do(ClearUserActLog)
s.Every(1).Day().At("00:00").Do(sessdata.CloseUserLimittimeSession)
s.Every(1).Day().At("00:00").Do(dbdata.ReNewCert)
s.StartAsync()
}

411
server/dbdata/cert.go Normal file
View File

@@ -0,0 +1,411 @@
package dbdata
import (
"crypto"
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/rsa"
"crypto/tls"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"errors"
"fmt"
"math/big"
"net"
"os"
"strings"
"sync"
"time"
"github.com/pion/dtls/v2/pkg/crypto/selfsign"
"github.com/bjdgyc/anylink/base"
"github.com/go-acme/lego/v4/certcrypto"
"github.com/go-acme/lego/v4/certificate"
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/lego"
"github.com/go-acme/lego/v4/providers/dns/alidns"
"github.com/go-acme/lego/v4/providers/dns/cloudflare"
"github.com/go-acme/lego/v4/providers/dns/tencentcloud"
"github.com/go-acme/lego/v4/registration"
)
var (
// nameToCertificate mutex
ntcMux sync.RWMutex
nameToCertificate = make(map[string]*tls.Certificate)
tempCert *tls.Certificate
)
func init() {
c, _ := selfsign.GenerateSelfSignedWithDNS("localhost")
tempCert = &c
}
type SettingLetsEncrypt struct {
Domain string `json:"domain"`
Legomail string `json:"legomail"`
Name string `json:"name"`
Renew bool `json:"renew"`
DNSProvider
}
type DNSProvider struct {
AliYun struct {
APIKey string `json:"apiKey"`
SecretKey string `json:"secretKey"`
} `json:"aliyun"`
TXCloud struct {
SecretID string `json:"secretId"`
SecretKey string `json:"secretKey"`
} `json:"txcloud"`
CfCloud struct {
AuthToken string `json:"authToken"`
} `json:"cfcloud"`
}
type LegoUserData struct {
Email string `json:"email"`
Registration *registration.Resource `json:"registration"`
Key []byte `json:"key"`
}
type LegoUser struct {
Email string
Registration *registration.Resource
Key *ecdsa.PrivateKey
}
type LeGoClient struct {
mutex sync.Mutex
Client *lego.Client
Cert *certificate.Resource
LegoUserData
}
func GetDNSProvider(l *SettingLetsEncrypt) (Provider challenge.Provider, err error) {
switch l.Name {
case "aliyun":
if Provider, err = alidns.NewDNSProviderConfig(&alidns.Config{APIKey: l.DNSProvider.AliYun.APIKey, SecretKey: l.DNSProvider.AliYun.SecretKey, PropagationTimeout: 60 * time.Second, PollingInterval: 2 * time.Second, TTL: 600}); err != nil {
return
}
case "txcloud":
if Provider, err = tencentcloud.NewDNSProviderConfig(&tencentcloud.Config{SecretID: l.DNSProvider.TXCloud.SecretID, SecretKey: l.DNSProvider.TXCloud.SecretKey, PropagationTimeout: 60 * time.Second, PollingInterval: 2 * time.Second, TTL: 600}); err != nil {
return
}
case "cfcloud":
if Provider, err = cloudflare.NewDNSProviderConfig(&cloudflare.Config{AuthToken: l.DNSProvider.CfCloud.AuthToken, PropagationTimeout: 60 * time.Second, PollingInterval: 2 * time.Second, TTL: 600}); err != nil {
return
}
}
return
}
func (u *LegoUser) GetEmail() string {
return u.Email
}
func (u LegoUser) GetRegistration() *registration.Resource {
return u.Registration
}
func (u *LegoUser) GetPrivateKey() crypto.PrivateKey {
return u.Key
}
func (l *LegoUserData) SaveUserData(u *LegoUser) error {
key, err := x509.MarshalECPrivateKey(u.Key)
if err != nil {
return err
}
l.Email = u.Email
l.Registration = u.Registration
l.Key = key
if err := SettingSet(l); err != nil {
return err
}
return nil
}
func (l *LegoUserData) GetUserData(d *SettingLetsEncrypt) (*LegoUser, error) {
if err := SettingGet(l); err != nil {
return nil, err
}
if l.Email != "" {
key, err := x509.ParseECPrivateKey(l.Key)
if err != nil {
return nil, err
}
return &LegoUser{
Email: l.Email,
Registration: l.Registration,
Key: key,
}, nil
}
privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
return nil, err
}
return &LegoUser{
Email: d.Legomail,
Key: privateKey,
}, nil
}
func ReNewCert() {
_, certtime, err := ParseCert()
if err != nil {
base.Error(err)
return
}
if certtime.AddDate(0, 0, -7).Before(time.Now()) {
config := &SettingLetsEncrypt{}
if err := SettingGet(config); err != nil {
base.Error(err)
return
}
if config.Renew {
client := &LeGoClient{}
if err := client.NewClient(config); err != nil {
base.Error(err)
return
}
if err := client.RenewCert(base.Cfg.CertFile, base.Cfg.CertKey); err != nil {
base.Error(err)
return
}
base.Info("证书续期成功")
}
} else {
base.Info(fmt.Sprintf("证书过期时间:%s", certtime.Local().Format("2006-1-2 15:04:05")))
}
}
func (c *LeGoClient) NewClient(l *SettingLetsEncrypt) error {
c.mutex.Lock()
defer c.mutex.Unlock()
legouser, err := c.GetUserData(l)
if err != nil {
return err
}
config := lego.NewConfig(legouser)
config.CADirURL = lego.LEDirectoryProduction
config.Certificate.KeyType = certcrypto.RSA2048
client, err := lego.NewClient(config)
if err != nil {
return err
}
Provider, err := GetDNSProvider(l)
if err != nil {
return err
}
if err := client.Challenge.SetDNS01Provider(Provider, dns01.AddRecursiveNameservers([]string{"223.6.6.6", "223.5.5.5"})); err != nil {
return err
}
if legouser.Registration == nil {
reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
if err != nil {
return err
}
legouser.Registration = reg
c.SaveUserData(legouser)
}
c.Client = client
return nil
}
func (c *LeGoClient) GetCert(domain string) error {
// 申请证书
certificates, err := c.Client.Certificate.Obtain(
certificate.ObtainRequest{
Domains: []string{domain},
Bundle: true,
})
if err != nil {
return err
}
c.Cert = certificates
// 保存证书
if err := c.SaveCert(); err != nil {
return err
}
return nil
}
func (c *LeGoClient) RenewCert(certFile, keyFile string) error {
cert, err := os.ReadFile(certFile)
if err != nil {
return err
}
key, err := os.ReadFile(keyFile)
if err != nil {
return err
}
// 续期证书
renewcert, err := c.Client.Certificate.Renew(certificate.Resource{
Certificate: cert,
PrivateKey: key,
}, true, false, "")
if err != nil {
return err
}
c.Cert = renewcert
// 保存更新证书
if err := c.SaveCert(); err != nil {
return err
}
return nil
}
func (c *LeGoClient) SaveCert() error {
err := os.WriteFile(base.Cfg.CertFile, c.Cert.Certificate, 0600)
if err != nil {
return err
}
err = os.WriteFile(base.Cfg.CertKey, c.Cert.PrivateKey, 0600)
if err != nil {
return err
}
if tlscert, _, err := ParseCert(); err != nil {
return err
} else {
LoadCertificate(tlscert)
}
return nil
}
func ParseCert() (*tls.Certificate, *time.Time, error) {
_, errCert := os.Stat(base.Cfg.CertFile)
_, errKey := os.Stat(base.Cfg.CertKey)
if os.IsNotExist(errCert) || os.IsNotExist(errKey) {
err := PrivateCert()
if err != nil {
return nil, nil, err
}
}
cert, err := tls.LoadX509KeyPair(base.Cfg.CertFile, base.Cfg.CertKey)
if err != nil || errors.Is(err, os.ErrNotExist) {
PrivateCert()
return nil, nil, err
}
parseCert, err := x509.ParseCertificate(cert.Certificate[0])
if err != nil {
return nil, nil, err
}
return &cert, &parseCert.NotAfter, nil
}
func PrivateCert() error {
// 创建一个RSA密钥对
priv, _ := rsa.GenerateKey(rand.Reader, 2048)
pub := &priv.PublicKey
// 生成一个自签名证书
template := x509.Certificate{
SerialNumber: big.NewInt(1658),
Subject: pkix.Name{CommonName: "localhost"},
NotBefore: time.Now(),
NotAfter: time.Now().Add(time.Hour * 24 * 365),
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
BasicConstraintsValid: true,
IPAddresses: []net.IP{},
}
derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, pub, priv)
if err != nil {
return err
}
// 将证书编码为PEM格式并将其写入文件
certOut, _ := os.OpenFile(base.Cfg.CertFile, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0600)
pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
certOut.Close()
// 将私钥编码为PEM格式并将其写入文件
keyOut, _ := os.OpenFile(base.Cfg.CertKey, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)})
keyOut.Close()
cert, err := tls.LoadX509KeyPair(base.Cfg.CertFile, base.Cfg.CertKey)
if err != nil {
return err
}
LoadCertificate(&cert)
return nil
}
func getTempCertificate() (*tls.Certificate, error) {
var err error
var cert tls.Certificate
if tempCert == nil {
cert, err = selfsign.GenerateSelfSignedWithDNS("localhost")
tempCert = &cert
}
return tempCert, err
}
func GetCertificateBySNI(commonName string) (*tls.Certificate, error) {
ntcMux.RLock()
defer ntcMux.RUnlock()
// Copy from tls.Config getCertificate()
name := strings.ToLower(commonName)
if cert, ok := nameToCertificate[name]; ok {
return cert, nil
}
if len(name) > 0 {
labels := strings.Split(name, ".")
labels[0] = "*"
wildcardName := strings.Join(labels, ".")
if cert, ok := nameToCertificate[wildcardName]; ok {
return cert, nil
}
}
// TODO 默认证书 兼容不支持 SNI 的客户端
if cert, ok := nameToCertificate["default"]; ok {
return cert, nil
}
return getTempCertificate()
}
func LoadCertificate(cert *tls.Certificate) {
buildNameToCertificate(cert)
}
// Copy from tls.Config BuildNameToCertificate()
func buildNameToCertificate(cert *tls.Certificate) {
ntcMux.Lock()
defer ntcMux.Unlock()
// TODO 设置默认证书
nameToCertificate["default"] = cert
x509Cert, err := x509.ParseCertificate(cert.Certificate[0])
if err != nil {
return
}
startTime := x509Cert.NotBefore.String()
expiredTime := x509Cert.NotAfter.String()
if x509Cert.Subject.CommonName != "" && len(x509Cert.DNSNames) == 0 {
commonName := x509Cert.Subject.CommonName
fmt.Printf("┏ Load Certificate: %s\n", commonName)
fmt.Printf("┠╌╌ Start Time: %s\n", startTime)
fmt.Printf("┖╌╌ Expired Time: %s\n", expiredTime)
nameToCertificate[commonName] = cert
}
for _, san := range x509Cert.DNSNames {
fmt.Printf("┏ Load Certificate: %s\n", san)
fmt.Printf("┠╌╌ Start Time: %s\n", startTime)
fmt.Printf("┖╌╌ Expired Time: %s\n", expiredTime)
nameToCertificate[san] = cert
}
}
// func Scrypt(passwd string) string {
// salt := []byte{0xc8, 0x28, 0xf2, 0x58, 0xa7, 0x6a, 0xad, 0x7b}
// hashPasswd, err := scrypt.Key([]byte(passwd), salt, 1<<15, 8, 1, 32)
// if err != nil {
// return err.Error()
// }
// return base64.StdEncoding.EncodeToString(hashPasswd)
// }

18
server/dbdata/db.go
View File

@@ -99,6 +99,24 @@ func addInitData() error {
return err
}
// SettingDnsProvider
provider := &SettingLetsEncrypt{
Domain: "vpn.xxx.com",
Legomail: "legomail",
Name: "aliyun",
Renew: false,
DNSProvider: DNSProvider{},
}
err = SettingSessAdd(sess, provider)
if err != nil {
return err
}
// LegoUser
legouser := &LegoUserData{}
err = SettingSessAdd(sess, legouser)
if err != nil {
return err
}
// SettingOther
other := &SettingOther{
LinkAddr: "vpn.xx.com",

5
server/dbdata/db_orm.go
View File

@@ -75,6 +75,11 @@ func Find(data interface{}, limit, page int) error {
return xdb.Limit(limit, start).Find(data)
}
func FindWhereCount(data interface{}, where string, args ...interface{}) int {
n, _ := xdb.Where(where, args...).Count(data)
return int(n)
}
func FindWhere(data interface{}, limit int, page int, where string, args ...interface{}) error {
if limit == 0 {
return xdb.Where(where, args...).Find(data)

32
server/dbdata/group.go
View File

@@ -117,11 +117,18 @@ func SetGroup(g *Group) error {
continue
}
ipMask, _, err := parseIpNet(v.Val)
ipMask, ipNet, err := parseIpNet(v.Val)
if err != nil {
return errors.New("RouteInclude 错误" + err.Error())
}
// 给Mac系统下发路由时必须是标准的网络地址
if strings.Split(ipMask, "/")[0] != ipNet.IP.String() {
errMsg := fmt.Sprintf("RouteInclude 错误: 网络地址错误,建议: %s 改为 %s", v.Val, ipNet)
return errors.New(errMsg)
}
v.IpMask = ipMask
routeInclude = append(routeInclude, v)
}
@@ -130,10 +137,16 @@ func SetGroup(g *Group) error {
routeExclude := []ValData{}
for _, v := range g.RouteExclude {
if v.Val != "" {
ipMask, _, err := parseIpNet(v.Val)
ipMask, ipNet, err := parseIpNet(v.Val)
if err != nil {
return errors.New("RouteExclude 错误" + err.Error())
}
if strings.Split(ipMask, "/")[0] != ipNet.IP.String() {
errMsg := fmt.Sprintf("RouteInclude 错误: 网络地址错误,建议: %s 改为 %s", v.Val, ipNet)
return errors.New(errMsg)
}
v.IpMask = ipMask
routeExclude = append(routeExclude, v)
}
@@ -225,6 +238,21 @@ func SetGroup(g *Group) error {
return err
}
func GroupAuthLogin(name, pwd string, authData map[string]interface{}) error {
g := &Group{Auth: authData}
authType := g.Auth["type"].(string)
if _, ok := authRegistry[authType]; !ok {
return errors.New("未知的认证方式: " + authType)
}
auth := makeInstance(authType).(IUserAuth)
err := auth.checkData(g.Auth)
if err != nil {
return err
}
err = auth.checkUser(name, pwd, g)
return err
}
func parseIpNet(s string) (string, *net.IPNet, error) {
ip, ipNet, err := net.ParseCIDR(s)
if err != nil {

1
server/dbdata/group_test.go
View File

@@ -51,6 +51,7 @@ func TestGetGroupNames(t *testing.T) {
"bind_name": "userfind@abc.com",
"bind_pwd": "afdbfdsafds",
"base_dn": "dc=abc,dc=com",
"object_class": "person",
"search_attr": "sAMAccountName",
"member_of": "cn=vpn,cn=user,dc=abc,dc=com",
},

31
server/dbdata/ip_map.go
View File

@@ -2,20 +2,22 @@ package dbdata
import (
"errors"
"net"
"time"
)
// type IpMap struct {
// Id int `json:"id" xorm:"pk autoincr not null"`
// IpAddr string `json:"ip_addr" xorm:"not null unique"`
// MacAddr string `json:"mac_addr" xorm:"not null unique"`
// Username string `json:"username"`
// Keep bool `json:"keep"` // 保留 ip-mac 绑定
// KeepTime time.Time `json:"keep_time"`
// Note string `json:"note"` // 备注
// LastLogin time.Time `json:"last_login"`
// UpdatedAt time.Time `json:"updated_at"`
// }
type IpMap struct {
Id int `json:"id" xorm:"pk autoincr not null"`
IpAddr string `json:"ip_addr" xorm:"varchar(32) not null unique"`
MacAddr string `json:"mac_addr" xorm:"varchar(32) not null unique"`
UniqueMac bool `json:"unique_mac" xorm:"Bool index"`
Username string `json:"username" xorm:"varchar(60)"`
Keep bool `json:"keep" xorm:"Bool"` // 保留 ip-mac 绑定
KeepTime time.Time `json:"keep_time" xorm:"DateTime"`
Note string `json:"note" xorm:"varchar(255)"` // 备注
LastLogin time.Time `json:"last_login" xorm:"DateTime"`
UpdatedAt time.Time `json:"updated_at" xorm:"DateTime updated"`
}
func SetIpMap(v *IpMap) error {
var err error
@@ -24,6 +26,13 @@ func SetIpMap(v *IpMap) error {
return errors.New("IP或MAC错误")
}
macHw, err := net.ParseMAC(v.MacAddr)
if err != nil {
return errors.New("MAC错误")
}
// 统一macAddr的格式
v.MacAddr = macHw.String()
v.UpdatedAt = time.Now()
if v.Id > 0 {
err = Set(v)

15
server/dbdata/policy.go
View File

@@ -2,6 +2,7 @@ package dbdata
import (
"errors"
"fmt"
"net"
"strings"
"time"
@@ -31,11 +32,16 @@ func SetPolicy(p *Policy) error {
continue
}
ipMask, _, err := parseIpNet(v.Val)
ipMask, ipNet, err := parseIpNet(v.Val)
if err != nil {
return errors.New("RouteInclude 错误" + err.Error())
}
if strings.Split(ipMask, "/")[0] != ipNet.IP.String() {
errMsg := fmt.Sprintf("RouteInclude 错误: 网络地址错误,建议: %s 改为 %s", v.Val, ipNet)
return errors.New(errMsg)
}
v.IpMask = ipMask
routeInclude = append(routeInclude, v)
}
@@ -45,10 +51,15 @@ func SetPolicy(p *Policy) error {
routeExclude := []ValData{}
for _, v := range p.RouteExclude {
if v.Val != "" {
ipMask, _, err := parseIpNet(v.Val)
ipMask, ipNet, err := parseIpNet(v.Val)
if err != nil {
return errors.New("RouteExclude 错误" + err.Error())
}
if strings.Split(ipMask, "/")[0] != ipNet.IP.String() {
errMsg := fmt.Sprintf("RouteInclude 错误: 网络地址错误,建议: %s 改为 %s", v.Val, ipNet)
return errors.New(errMsg)
}
v.IpMask = ipMask
routeExclude = append(routeExclude, v)
}

8
server/dbdata/policy_test.go
View File

@@ -21,19 +21,19 @@ func TestGetPolicy(t *testing.T) {
err = SetPolicy(&p2)
ast.Nil(err)
route := []ValData{{Val: "192.168.1.1/24"}}
route := []ValData{{Val: "192.168.1.0/24"}}
p3 := Policy{Username: "a3", ClientDns: []ValData{{Val: "114.114.114.114"}}, RouteInclude: route, DsExcludeDomains: "com.cn,qq.com"}
err = SetPolicy(&p3)
ast.Nil(err)
// 判断 IpMask
ast.Equal(p3.RouteInclude[0].IpMask, "192.168.1.1/255.255.255.0")
ast.Equal(p3.RouteInclude[0].IpMask, "192.168.1.0/255.255.255.0")
route2 := []ValData{{Val: "192.168.2.1/24"}}
route2 := []ValData{{Val: "192.168.2.0/24"}}
p4 := Policy{Username: "a4", ClientDns: []ValData{{Val: "114.114.114.114"}}, RouteExclude: route2, DsIncludeDomains: "com.cn,qq.com"}
err = SetPolicy(&p4)
ast.Nil(err)
// 判断 IpMask
ast.Equal(p4.RouteExclude[0].IpMask, "192.168.2.1/255.255.255.0")
ast.Equal(p4.RouteExclude[0].IpMask, "192.168.2.0/255.255.255.0")
// 判断所有数据
var userPolicy *Policy

3
server/dbdata/setting.go
View File

@@ -49,7 +49,6 @@ func SettingSessAdd(sess *xorm.Session, data interface{}) error {
v, _ := json.Marshal(data)
s := &Setting{Name: name, Data: v}
_, err := sess.InsertOne(s)
return err
}
@@ -63,7 +62,7 @@ func SettingSet(data interface{}) error {
func SettingGet(data interface{}) error {
name := StructName(data)
s := &Setting{Name: name}
s := &Setting{}
err := One("name", name, s)
if err != nil {
return err

15
server/dbdata/tables.go
View File

@@ -30,7 +30,7 @@ type User struct {
Email string `json:"email" xorm:"varchar(255)"`
// Password string `json:"password"`
PinCode string `json:"pin_code" xorm:"varchar(32)"`
LimitTime *time.Time `json:"limittime,omitempty" xorm:"Datetime limittime"` //值为null时前端不显示
LimitTime *time.Time `json:"limittime,omitempty" xorm:"Datetime limittime"` // 值为null时前端不显示
OtpSecret string `json:"otp_secret" xorm:"varchar(255)"`
DisableOtp bool `json:"disable_otp" xorm:"Bool"` // 禁用otp
Groups []string `json:"groups" xorm:"Text"`
@@ -56,19 +56,6 @@ type UserActLog struct {
CreatedAt time.Time `json:"created_at" xorm:"DateTime created"`
}
type IpMap struct {
Id int `json:"id" xorm:"pk autoincr not null"`
IpAddr string `json:"ip_addr" xorm:"varchar(32) not null unique"`
MacAddr string `json:"mac_addr" xorm:"varchar(32) not null unique"`
UniqueMac bool `json:"unique_mac" xorm:"Bool index"`
Username string `json:"username" xorm:"varchar(60)"`
Keep bool `json:"keep" xorm:"Bool"` // 保留 ip-mac 绑定
KeepTime time.Time `json:"keep_time" xorm:"DateTime"`
Note string `json:"note" xorm:"varchar(255)"` // 备注
LastLogin time.Time `json:"last_login" xorm:"DateTime"`
UpdatedAt time.Time `json:"updated_at" xorm:"DateTime updated"`
}
type Setting struct {
Id int `json:"id" xorm:"pk autoincr not null"`
Name string `json:"name" xorm:"varchar(60) not null unique"`

2
server/dbdata/user.go
View File

@@ -186,7 +186,7 @@ func checkOtp(name, otp, secret string) bool {
totp := gotp.NewDefaultTOTP(secret)
unix := time.Now().Unix()
verify := totp.Verify(otp, int(unix))
verify := totp.Verify(otp, unix)
return verify
}

4
server/dbdata/user_act_log.go
View File

@@ -22,6 +22,7 @@ const (
UserLogoutTimeout = 3 // 用户超时登出
UserLogoutAdmin = 4 // 账号被管理员踢下线
UserLogoutExpire = 5 // 账号过期被踢下线
UserIdleTimeout = 6 // 用户空闲链接超时
)
type UserActLogProcess struct {
@@ -62,6 +63,7 @@ var (
UserLogoutTimeout: "Session过期被踢下线",
UserLogoutAdmin: "账号被管理员踢下线",
UserLogoutExpire: "账号过期被踢下线",
UserIdleTimeout: "用户空闲链接超时",
},
}
)
@@ -155,7 +157,7 @@ func (ua *UserActLogProcess) ParseUserAgent(userAgent string) (os_idx, client_id
} else if strings.Contains(userAgent, "anylink") {
client_idx = 3
}
// Verion
// Version
uaSlice := strings.Split(userAgent, " ")
ver = uaSlice[len(uaSlice)-1]
if ver[0] == 'v' {

7
server/dbdata/user_test.go
View File

@@ -17,12 +17,12 @@ func TestCheckUser(t *testing.T) {
// 添加一个组
dns := []ValData{{Val: "114.114.114.114"}}
route := []ValData{{Val: "192.168.1.1/24"}}
route := []ValData{{Val: "192.168.1.0/24"}}
g := Group{Name: group, Status: 1, ClientDns: dns, RouteInclude: route}
err := SetGroup(&g)
ast.Nil(err)
// 判断 IpMask
ast.Equal(g.RouteInclude[0].IpMask, "192.168.1.1/255.255.255.0")
ast.Equal(g.RouteInclude[0].IpMask, "192.168.1.0/255.255.255.0")
// 添加一个用户
u := User{Username: "aaa", Groups: []string{group}, Status: 1}
@@ -59,7 +59,7 @@ func TestCheckUser(t *testing.T) {
}
// 添加用户策略
dns2 := []ValData{{Val: "8.8.8.8"}}
route2 := []ValData{{Val: "192.168.2.1/24"}}
route2 := []ValData{{Val: "192.168.2.0/24"}}
p1 := Policy{Username: "aaa", Status: 1, ClientDns: dns2, RouteInclude: route2}
err = SetPolicy(&p1)
ast.Nil(err)
@@ -75,6 +75,7 @@ func TestCheckUser(t *testing.T) {
"bind_name": "userfind@abc.com",
"bind_pwd": "afdbfdsafds",
"base_dn": "dc=abc,dc=com",
"object_class": "person",
"search_attr": "sAMAccountName",
"member_of": "cn=vpn,cn=user,dc=abc,dc=com",
},

44
server/dbdata/userauth_ldap.go
View File

@@ -8,6 +8,7 @@ import (
"net"
"reflect"
"regexp"
"strconv"
"time"
"github.com/go-ldap/ldap"
@@ -19,6 +20,7 @@ type AuthLdap struct {
BindName string `json:"bind_name"`
BindPwd string `json:"bind_pwd"`
BaseDn string `json:"base_dn"`
ObjectClass string `json:"object_class"`
SearchAttr string `json:"search_attr"`
MemberOf string `json:"member_of"`
}
@@ -39,7 +41,7 @@ func (auth AuthLdap) checkData(authData map[string]interface{}) error {
return errors.New("LDAP的服务器地址(含端口)填写有误")
}
if auth.BindName == "" {
return errors.New("LDAP的管理员账号不能为空")
return errors.New("LDAP的管理员 DN不能为空")
}
if auth.BindPwd == "" {
return errors.New("LDAP的管理员密码不能为空")
@@ -47,6 +49,9 @@ func (auth AuthLdap) checkData(authData map[string]interface{}) error {
if auth.BaseDn == "" || !ValidateDN(auth.BaseDn) {
return errors.New("LDAP的Base DN填写有误")
}
if auth.ObjectClass == "" {
return errors.New("LDAP的用户对象类填写有误")
}
if auth.SearchAttr == "" {
return errors.New("LDAP的用户唯一ID不能为空")
}
@@ -93,9 +98,12 @@ func (auth AuthLdap) checkUser(name, pwd string, g *Group) error {
}
err = l.Bind(auth.BindName, auth.BindPwd)
if err != nil {
return fmt.Errorf("%s LDAP 管理员账号或密码填写有误 %s", name, err.Error())
return fmt.Errorf("%s LDAP 管理员 DN或密码填写有误 %s", name, err.Error())
}
filterAttr := "(objectClass=person)"
if auth.ObjectClass == "" {
auth.ObjectClass = "person"
}
filterAttr := "(objectClass=" + auth.ObjectClass + ")"
filterAttr += "(" + auth.SearchAttr + "=" + name + ")"
if auth.MemberOf != "" {
filterAttr += "(memberOf:=" + auth.MemberOf + ")"
@@ -117,6 +125,10 @@ func (auth AuthLdap) checkUser(name, pwd string, g *Group) error {
}
return fmt.Errorf("LDAP发现 %s 用户,存在多个账号", name)
}
err = parseEntries(sr)
if err != nil {
return fmt.Errorf("LDAP %s 用户 %s", name, err.Error())
}
userDN := sr.Entries[0].DN
err = l.Bind(userDN, pwd)
if err != nil {
@@ -125,6 +137,32 @@ func (auth AuthLdap) checkUser(name, pwd string, g *Group) error {
return nil
}
func parseEntries(sr *ldap.SearchResult) error {
for _, attr := range sr.Entries[0].Attributes {
switch attr.Name {
case "shadowExpire":
// -1 启用, 1 停用, >1 从1970-01-01至到期日的天数
val, _ := strconv.ParseInt(attr.Values[0], 10, 64)
if val == -1 {
return nil
}
if val == 1 {
return fmt.Errorf("账号已停用")
}
if val > 1 {
expireTime := time.Unix(val*86400, 0)
t := time.Date(expireTime.Year(), expireTime.Month(), expireTime.Day(), 23, 59, 59, 0, time.Local)
if t.Before(time.Now()) {
return fmt.Errorf("账号已过期(过期日期: %s)", t.Format("2006-01-02"))
}
return nil
}
return fmt.Errorf("账号shadowExpire值异常: %d", val)
}
}
return nil
}
func ValidateDomainPort(addr string) bool {
re := regexp.MustCompile(`^([a-zA-Z0-9][-a-zA-Z0-9]{0,62}\.)+[A-Za-z]{2,18}\:([0-9]|[1-9]\d{1,3}|[1-5]\d{4}|6[0-5]{2}[0-3][0-5])$`)
return re.MatchString(addr)

131
server/go.mod
View File

@@ -1,84 +1,107 @@
module github.com/bjdgyc/anylink
go 1.18
go 1.20
require (
github.com/arl/statsviz v0.5.1
github.com/arl/statsviz v0.6.0
github.com/deckarep/golang-set v1.8.0
github.com/go-co-op/gocron v1.17.0
github.com/go-acme/lego/v4 v4.14.2
github.com/go-co-op/gocron v1.37.0
github.com/go-ldap/ldap v3.0.3+incompatible
github.com/go-sql-driver/mysql v1.6.0
github.com/gocarina/gocsv v0.0.0-20220712153207-8b2118da4570
github.com/golang-jwt/jwt/v4 v4.0.0
github.com/go-sql-driver/mysql v1.7.1
github.com/gocarina/gocsv v0.0.0-20231116093920-b87c2d0e983a
github.com/golang-jwt/jwt/v4 v4.5.0
github.com/google/gopacket v1.1.19
github.com/gorilla/handlers v1.5.1
github.com/gorilla/mux v1.8.0
github.com/gorilla/handlers v1.5.2
github.com/gorilla/mux v1.8.1
github.com/ivpusic/grpool v1.0.0
github.com/lib/pq v1.10.2
github.com/mattn/go-sqlite3 v1.14.9
github.com/lanrenwo/lzsgo v0.0.2
github.com/lib/pq v1.10.9
github.com/mattn/go-sqlite3 v1.14.19
github.com/orcaman/concurrent-map v1.0.0
github.com/pion/dtls/v2 v2.1.5
github.com/pion/dtls/v2 v2.2.9
github.com/pion/logging v0.2.2
github.com/pires/go-proxyproto v0.6.2
github.com/shirou/gopsutil v3.21.7+incompatible
github.com/pires/go-proxyproto v0.7.0
github.com/shirou/gopsutil v3.21.11+incompatible
github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
github.com/songgao/packets v0.0.0-20160404182456-549a10cd4091
github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8
github.com/spf13/cast v1.3.1
github.com/spf13/cobra v1.2.1
github.com/spf13/viper v1.8.1
github.com/stretchr/testify v1.8.0
github.com/xhit/go-simple-mail/v2 v2.10.0
github.com/xlzd/gotp v0.0.0-20181030022105-c8557ba2c119
github.com/xuri/excelize/v2 v2.6.1
go.uber.org/atomic v1.10.0
golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8
golang.org/x/net v0.0.0-20220812174116-3211cb980234
golang.org/x/text v0.3.7
golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac
layeh.com/radius v0.0.0-20210819152912-ad72663a72ab
xorm.io/xorm v1.3.2
github.com/spf13/cast v1.6.0
github.com/spf13/cobra v1.8.0
github.com/spf13/viper v1.18.2
github.com/stretchr/testify v1.8.4
github.com/xhit/go-simple-mail/v2 v2.16.0
github.com/xlzd/gotp v0.1.0
github.com/xuri/excelize/v2 v2.8.0
go.uber.org/atomic v1.11.0
golang.org/x/crypto v0.18.0
golang.org/x/net v0.20.0
golang.org/x/text v0.14.0
golang.org/x/time v0.5.0
layeh.com/radius v0.0.0-20231213012653-1006025d24f8
xorm.io/xorm v1.3.7
)
require (
github.com/StackExchange/wmi v1.2.1 // indirect
github.com/coreos/go-iptables v0.6.0
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/felixge/httpsnoop v1.0.1 // indirect
github.com/fsnotify/fsnotify v1.4.9 // indirect
github.com/go-ole/go-ole v1.2.5 // indirect
github.com/goccy/go-json v0.8.1 // indirect
github.com/aliyun/alibaba-cloud-sdk-go v1.62.664 // indirect
github.com/cenkalti/backoff/v4 v4.2.1 // indirect
github.com/cloudflare/cloudflare-go v0.86.0 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/go-jose/go-jose/v3 v3.0.1 // indirect
github.com/go-test/deep v1.1.0 // indirect
github.com/google/go-querystring v1.1.0 // indirect
github.com/google/uuid v1.5.0 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
github.com/hashicorp/go-retryablehttp v0.7.5 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/miekg/dns v1.1.58 // indirect
github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect
github.com/pelletier/go-toml/v2 v2.1.1 // indirect
github.com/pion/transport/v2 v2.2.4 // indirect
github.com/sagikazarmark/locafero v0.4.0 // indirect
github.com/sagikazarmark/slog-shim v0.1.0 // indirect
github.com/sourcegraph/conc v0.3.0 // indirect
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.846 // indirect
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.846 // indirect
github.com/toorop/go-dkim v0.0.0-20240103092955-90b7d1423f92 // indirect
github.com/yusufpapurcu/wmi v1.2.3 // indirect
go.uber.org/multierr v1.11.0 // indirect
golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect
golang.org/x/mod v0.14.0 // indirect
golang.org/x/tools v0.17.0 // indirect
)
require (
github.com/coreos/go-iptables v0.7.0
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/fsnotify/fsnotify v1.7.0 // indirect
github.com/go-ole/go-ole v1.3.0 // indirect
github.com/goccy/go-json v0.10.2 // indirect
github.com/golang/snappy v0.0.4 // indirect
github.com/gorilla/websocket v1.4.2 // indirect
github.com/gorilla/websocket v1.5.1 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/inconshreveable/mousetrap v1.0.0 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/magiconair/properties v1.8.5 // indirect
github.com/mitchellh/mapstructure v1.4.1 // indirect
github.com/magiconair/properties v1.8.7 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect
github.com/pelletier/go-toml v1.9.3 // indirect
github.com/pion/transport v0.13.0 // indirect
github.com/pion/udp v0.1.1 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/richardlehane/mscfb v1.0.4 // indirect
github.com/richardlehane/msoleps v1.0.3 // indirect
github.com/robfig/cron/v3 v3.0.1 // indirect
github.com/spf13/afero v1.6.0 // indirect
github.com/spf13/jwalterweatherman v1.1.0 // indirect
github.com/spf13/afero v1.11.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/subosito/gotenv v1.2.0 // indirect
github.com/subosito/gotenv v1.6.0 // indirect
github.com/syndtr/goleveldb v1.0.0 // indirect
github.com/tklauser/go-sysconf v0.3.7 // indirect
github.com/tklauser/numcpus v0.2.3 // indirect
github.com/xuri/efp v0.0.0-20220603152613-6918739fd470 // indirect
github.com/xuri/nfp v0.0.0-20220409054826-5e722a1d9e22 // indirect
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 // indirect
github.com/tklauser/go-sysconf v0.3.13 // indirect
github.com/tklauser/numcpus v0.7.0 // indirect
github.com/xuri/efp v0.0.0-20231025114914-d1ff6096ae53 // indirect
github.com/xuri/nfp v0.0.0-20230919160717-d98342af3f05 // indirect
golang.org/x/sys v0.16.0 // indirect
gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect
gopkg.in/ini.v1 v1.62.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
xorm.io/builder v0.3.11-0.20220531020008-1bd24a7dc978 // indirect
xorm.io/builder v0.3.13 // indirect
)

1274
server/go.sum
View File

File diff suppressed because it is too large Load Diff

37
server/handler/dtls.go
View File

@@ -2,10 +2,13 @@ package handler
import (
"context"
"crypto/rand"
"crypto/rsa"
"crypto/tls"
"encoding/hex"
"errors"
"net"
"strings"
"time"
"github.com/bjdgyc/anylink/base"
@@ -20,10 +23,13 @@ func startDtls() {
return
}
certificate, err := selfsign.GenerateSelfSigned()
// rsa 兼容 open connect
priv, _ := rsa.GenerateKey(rand.Reader, 2048)
certificate, err := selfsign.SelfSign(priv)
if err != nil {
panic(err)
}
logf := logging.NewDefaultLoggerFactory()
logf.Writer = base.GetBaseLw()
// logf.DefaultLogLevel = logging.LogLevelTrace
@@ -34,9 +40,14 @@ func startDtls() {
config := &dtls.Config{
Certificates: []tls.Certificate{certificate},
InsecureSkipVerify: true,
ExtendedMasterSecret: dtls.DisableExtendedMasterSecret,
CipherSuites: []dtls.CipherSuiteID{dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
CipherSuites: func() []dtls.CipherSuiteID {
var cs = []dtls.CipherSuiteID{}
for _, vv := range dtlsCipherSuites {
cs = append(cs, vv)
}
return cs
}(),
LoggerFactory: logf,
MTU: BufferSize,
SessionStore: sessStore,
@@ -98,3 +109,23 @@ func (ms *sessionStore) Get(key []byte) (dtls.Session, error) {
func (ms *sessionStore) Del(key []byte) error {
return nil
}
// 客户端和服务端映射 X-DTLS12-CipherSuite
var dtlsCipherSuites = map[string]dtls.CipherSuiteID{
// "ECDHE-ECDSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
// "ECDHE-ECDSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
"ECDHE-RSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
"ECDHE-RSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
}
func checkDtls12Ciphersuite(ciphersuite string) string {
csArr := strings.Split(ciphersuite, ":")
for _, v := range csArr {
if _, ok := dtlsCipherSuites[v]; ok {
return v
}
}
// 返回默认值
return "ECDHE-RSA-AES128-GCM-SHA256"
}

29
server/handler/link_auth.go
View File

@@ -1,12 +1,14 @@
package handler
import (
"bytes"
"crypto/md5"
"encoding/xml"
"fmt"
"io"
"net"
"net/http"
"net/http/httputil"
"strings"
"text/template"
@@ -19,9 +21,10 @@ var profileHash = ""
func LinkAuth(w http.ResponseWriter, r *http.Request) {
// TODO 调试信息输出
//hd, _ := httputil.DumpRequest(r, true)
//base.Debug("DumpRequest: ", string(hd))
if base.GetLogLevel() == base.LogLevelTrace {
hd, _ := httputil.DumpRequest(r, true)
base.Trace("LinkAuth: ", string(hd))
}
// 判断anyconnect客户端
userAgent := strings.ToLower(r.UserAgent())
xAggregateAuth := r.Header.Get("X-Aggregate-Auth")
@@ -47,7 +50,7 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
return
}
// fmt.Printf("%+v \n", cr)
setCommonHeader(w)
// setCommonHeader(w)
if cr.Type == "logout" {
// 退出删除session信息
if cr.SessionToken != "" {
@@ -88,6 +91,9 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
data := RequestData{Group: cr.GroupSelect, Groups: dbdata.GetGroupNamesNormal(), Error: "用户名或密码错误"}
if base.Cfg.DisplayError {
data.Error = err.Error()
}
tplRequest(tpl_request, w, data)
return
}
@@ -103,7 +109,7 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
sess := sessdata.NewSession("")
sess.Username = cr.Auth.Username
sess.Group = cr.GroupSelect
sess.MacAddr = strings.ToLower(cr.MacAddressList.MacAddress)
oriMac := cr.MacAddressList.MacAddress
sess.UniqueIdGlobal = cr.DeviceId.UniqueIdGlobal
sess.UserAgent = userAgent
sess.DeviceType = ua.DeviceType
@@ -111,7 +117,7 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
sess.RemoteAddr = r.RemoteAddr
// 获取客户端mac地址
sess.UniqueMac = true
macHw, err := net.ParseMAC(sess.MacAddr)
macHw, err := net.ParseMAC(oriMac)
if err != nil {
var sum [16]byte
if sess.UniqueIdGlobal != "" {
@@ -125,6 +131,9 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
sess.MacAddr = macHw.String()
}
sess.MacHw = macHw
// 统一macAddr的格式
sess.MacAddr = macHw.String()
other := &dbdata.SettingOther{}
_ = dbdata.SettingGet(other)
rd := RequestData{SessionId: sess.Sid, SessionToken: sess.Sid + "@" + sess.Token,
@@ -146,10 +155,12 @@ func tplRequest(typ int, w io.Writer, data RequestData) {
return
}
if strings.Contains(data.Banner, "\n") {
// 替换xml文件的换行符
data.Banner = strings.ReplaceAll(data.Banner, "\n", "&#x0A;")
if data.Banner != "" {
buf := new(bytes.Buffer)
_ = xml.EscapeText(buf, []byte(data.Banner))
data.Banner = buf.String()
}
t, _ := template.New("auth_complete").Parse(auth_complete)
_ = t.Execute(w, data)
}

23
server/handler/link_base.go
View File

@@ -3,7 +3,6 @@ package handler
import (
"encoding/xml"
"log"
"net/http"
"os/exec"
)
@@ -42,28 +41,6 @@ type macAddressList struct {
MacAddress string `xml:"mac-address"`
}
func setCommonHeader(w http.ResponseWriter) {
// Content-Length Date 默认已经存在
w.Header().Set("Server", "AnyLink")
w.Header().Set("Content-Type", "text/html; charset=utf-8")
w.Header().Set("Cache-Control", "no-store,no-cache")
w.Header().Set("Pragma", "no-cache")
w.Header().Set("Transfer-Encoding", "chunked")
w.Header().Set("Connection", "keep-alive")
w.Header().Set("X-Frame-Options", "deny")
w.Header().Set("X-Content-Type-Options", "nosniff")
w.Header().Set("Content-Security-Policy", "default-src 'none'")
w.Header().Set("X-Permitted-Cross-Domain-Policies", "none")
w.Header().Set("Referrer-Policy", "no-referrer")
w.Header().Set("Clear-Site-Data", "cache,cookies,storage")
w.Header().Set("Cross-Origin-Embedder-Policy", "require-corp")
w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")
w.Header().Set("Cross-Origin-Resource-Policy", "same-origin")
w.Header().Set("X-XSS-Protection", "0")
w.Header().Set("X-Aggregate-Auth", "1")
w.Header().Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
}
func execCmd(cmdStrs []string) error {
for _, cmdStr := range cmdStrs {
cmd := exec.Command("sh", "-c", cmdStr)

50
server/handler/link_cstp.go
View File

@@ -24,7 +24,10 @@ func LinkCstp(conn net.Conn, bufRW *bufio.ReadWriter, cSess *sessdata.ConnSessio
err error
n int
dataLen uint16
dead = time.Duration(cSess.CstpDpd+5) * time.Second
dead = time.Second * time.Duration(cSess.CstpDpd+5)
idle = time.Second * time.Duration(base.Cfg.IdleTimeout)
checkIdle = base.Cfg.IdleTimeout > 0
lastTime time.Time
)
go cstpWrite(conn, bufRW, cSess)
@@ -55,18 +58,44 @@ func LinkCstp(conn net.Conn, bufRW *bufio.ReadWriter, cSess *sessdata.ConnSessio
case 0x07: // KEEPALIVE
// do nothing
// base.Debug("recv keepalive", cSess.IpAddr)
// 判断超时时间
if checkIdle {
lastTime = cSess.LastDataTime.Load()
if lastTime.Before(utils.NowSec().Add(-idle)) {
base.Warn("IdleTimeout", cSess.Username, cSess.IpAddr, "lastTime", lastTime)
sessdata.CloseSess(cSess.Sess.Token, dbdata.UserIdleTimeout)
return
}
}
case 0x05: // DISCONNECT
cSess.UserLogoutCode = dbdata.UserLogoutClient
base.Debug("DISCONNECT", cSess.Username, cSess.IpAddr)
sessdata.CloseSess(cSess.Sess.Token, dbdata.UserLogoutClient)
return
case 0x03: // DPD-REQ
// base.Debug("recv DPD-REQ", cSess.IpAddr)
pl.PType = 0x04
pl.Data = pl.Data[:n]
if payloadOutCstp(cSess, pl) {
return
}
case 0x04:
// log.Println("recv DPD-RESP")
case 0x08: // decompress
if cSess.CstpPickCmp == nil {
continue
}
dst := getByteFull()
nn, err := cSess.CstpPickCmp.Uncompress(pl.Data[8:], *dst)
if err != nil {
putByte(dst)
base.Error("cstp decompress error", err, nn)
continue
}
binary.BigEndian.PutUint16(pl.Data[4:6], uint16(nn))
pl.Data = append(pl.Data[:8], (*dst)[:nn]...)
putByte(dst)
fallthrough
case 0x00: // DATA
// 获取数据长度
dataLen = binary.BigEndian.Uint16(pl.Data[4:6]) // 4,5
@@ -83,6 +112,8 @@ func LinkCstp(conn net.Conn, bufRW *bufio.ReadWriter, cSess *sessdata.ConnSessio
if payloadIn(cSess, pl) {
return
}
// 只记录返回正确的数据时间
cSess.LastDataTime.Store(utils.NowSec())
}
}
}
@@ -112,6 +143,20 @@ func cstpWrite(conn net.Conn, bufRW *bufio.ReadWriter, cSess *sessdata.ConnSessi
}
if pl.PType == 0x00 {
isCompress := false
if cSess.CstpPickCmp != nil && len(pl.Data) > base.Cfg.NoCompressLimit {
dst := getByteFull()
size, err := cSess.CstpPickCmp.Compress(pl.Data, (*dst)[8:])
if err == nil && size < len(pl.Data) {
copy((*dst)[:8], plHeader)
binary.BigEndian.PutUint16((*dst)[4:6], uint16(size))
(*dst)[6] = 0x08
pl.Data = append(pl.Data[:0], (*dst)[:size+8]...)
isCompress = true
}
putByte(dst)
}
if !isCompress {
// 获取数据长度
l := len(pl.Data)
// 先扩容 +8
@@ -122,8 +167,9 @@ func cstpWrite(conn net.Conn, bufRW *bufio.ReadWriter, cSess *sessdata.ConnSessi
copy(pl.Data[:8], plHeader)
// 更新头长度
binary.BigEndian.PutUint16(pl.Data[4:6], uint16(l))
}
} else {
pl.Data = append(pl.Data[:0], plHeader...)
// pl.Data = append(pl.Data[:0], plHeader...)
// 设置头类型
pl.Data[6] = pl.PType
}

35
server/handler/link_dtls.go
View File

@@ -64,11 +64,27 @@ func LinkDtls(conn net.Conn, cSess *sessdata.ConnSession) {
case 0x03: // DPD-REQ
// base.Debug("recv DPD-REQ", cSess.IpAddr)
pl.PType = 0x04
pl.Data = pl.Data[:n]
if payloadOutDtls(cSess, dSess, pl) {
return
}
case 0x04:
// base.Debug("recv DPD-RESP", cSess.IpAddr)
case 0x08: // decompress
if cSess.DtlsPickCmp == nil {
continue
}
dst := getByteFull()
nn, err := cSess.DtlsPickCmp.Uncompress(pl.Data[1:], *dst)
if err != nil {
putByte(dst)
base.Error("dtls decompress error", err, n)
continue
}
pl.Data = append(pl.Data[:1], (*dst)[:nn]...)
putByte(dst)
n = nn + 1
fallthrough
case 0x00: // DATA
// 去除数据头
// copy(pl.Data, pl.Data[1:n])
@@ -78,6 +94,8 @@ func LinkDtls(conn net.Conn, cSess *sessdata.ConnSession) {
if payloadIn(cSess, pl) {
return
}
// 只记录返回正确的数据时间
cSess.LastDataTime.Store(utils.NowSec())
}
}
@@ -108,6 +126,19 @@ func dtlsWrite(conn net.Conn, dSess *sessdata.DtlsSession, cSess *sessdata.ConnS
// header = []byte{payload.PType}
if pl.PType == 0x00 { // data
isCompress := false
if cSess.DtlsPickCmp != nil && len(pl.Data) > base.Cfg.NoCompressLimit {
dst := getByteFull()
size, err := cSess.DtlsPickCmp.Compress(pl.Data, (*dst)[1:])
if err == nil && size < len(pl.Data) {
(*dst)[0] = 0x08
pl.Data = append(pl.Data[:0], (*dst)[:size+1]...)
isCompress = true
}
putByte(dst)
}
// 未压缩
if !isCompress {
// 获取数据长度
l := len(pl.Data)
// 先扩容 +1
@@ -116,9 +147,11 @@ func dtlsWrite(conn net.Conn, dSess *sessdata.DtlsSession, cSess *sessdata.ConnS
copy(pl.Data[1:], pl.Data)
// 添加头信息
pl.Data[0] = pl.PType
}
} else {
// 设置头类型
pl.Data = append(pl.Data[:0], pl.PType)
// pl.Data = append(pl.Data[:0], pl.PType)
pl.Data[0] = pl.PType
}
n, err := conn.Write(pl.Data)
if err != nil {

6
server/handler/link_home.go
View File

@@ -13,7 +13,9 @@ func LinkHome(w http.ResponseWriter, r *http.Request) {
// fmt.Println(r.RemoteAddr)
// hu, _ := httputil.DumpRequest(r, true)
// fmt.Println("DumpHome: ", string(hu))
w.Header().Set("Server", "AnyLink")
w.Header().Set("Content-Type", "text/html; charset=utf-8")
w.Header().Del("X-Aggregate-Auth")
connection := strings.ToLower(r.Header.Get("Connection"))
userAgent := strings.ToLower(r.UserAgent())
if connection == "close" && (strings.Contains(userAgent, "anyconnect") || strings.Contains(userAgent, "openconnect")) {
@@ -33,6 +35,8 @@ func LinkHome(w http.ResponseWriter, r *http.Request) {
}
func LinkOtpQr(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Cross-Origin-Resource-Policy", "cross-origin")
_ = r.ParseForm()
idS := r.FormValue("id")
jwtToken := r.FormValue("jwt")

23
server/handler/link_tun.go
View File

@@ -22,22 +22,29 @@ func checkTun() {
defer ifce.Close()
// 测试ip命令
cmdstr := fmt.Sprintf("ip link set dev %s up mtu %s multicast off", ifce.Name(), "1399")
err = execCmd([]string{cmdstr})
base.CheckModOrLoad("tun")
cmdstr1 := fmt.Sprintf("ip link set dev %s up mtu %s multicast off", ifce.Name(), "1399")
err = execCmd([]string{cmdstr1})
if err != nil {
base.Fatal("testTun err: ", err)
}
//开启服务器转发
// 开启服务器转发
if err := execCmd([]string{"sysctl -w net.ipv4.ip_forward=1"}); err != nil {
base.Error(err)
base.Fatal(err)
}
if base.Cfg.IptablesNat {
//添加NAT转发规则
// 添加NAT转发规则
ipt, err := iptables.New()
if err != nil {
base.Error(err)
base.Fatal(err)
return
}
// 修复 rockyos nat 不生效
base.CheckModOrLoad("iptable_filter")
base.CheckModOrLoad("iptable_nat")
natRule := []string{"-s", base.Cfg.Ipv4CIDR, "-o", base.Cfg.Ipv4Master, "-j", "MASQUERADE"}
forwardRule := []string{"-j", "ACCEPT"}
if natExists, _ := ipt.Exists("nat", "POSTROUTING", natRule...); !natExists {
@@ -65,7 +72,9 @@ func LinkTun(cSess *sessdata.ConnSession) error {
// log.Printf("Interface Name: %s\n", ifce.Name())
cSess.SetIfName(ifce.Name())
cmdstr1 := fmt.Sprintf("ip link set dev %s up mtu %d multicast off", ifce.Name(), cSess.Mtu)
// 通过 ip link show 查看 alias 信息
cmdstr1 := fmt.Sprintf("ip link set dev %s up mtu %d multicast off alias %s.%s", ifce.Name(), cSess.Mtu, cSess.Group.Name, cSess.Username)
cmdstr2 := fmt.Sprintf("ip addr add dev %s local %s peer %s/32",
ifce.Name(), base.Cfg.Ipv4Gateway, cSess.IpAddr)
err = execCmd([]string{cmdstr1, cmdstr2})

34
server/handler/link_tunnel.go
View File

@@ -6,6 +6,7 @@ import (
"log"
"net"
"net/http"
"net/http/httputil"
"os"
"strings"
"text/template"
@@ -34,8 +35,10 @@ func HttpAddHeader(w http.ResponseWriter, key string, value string) {
func LinkTunnel(w http.ResponseWriter, r *http.Request) {
// TODO 调试信息输出
//hd, _ := httputil.DumpRequest(r, true)
//base.Debug("DumpRequest: ", string(hd))
if base.GetLogLevel() == base.LogLevelTrace {
hd, _ := httputil.DumpRequest(r, true)
base.Trace("LinkTunnel: ", string(hd))
}
// 判断session-token的值
cookie, err := r.Cookie("webvpn")
@@ -89,6 +92,18 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
base.Debug(cSess.IpAddr, cSess.MacHw, sess.Username, mobile)
// 检测密码套件
dtlsCiphersuite := checkDtls12Ciphersuite(r.Header.Get("X-Dtls12-Ciphersuite"))
base.Trace("dtlsCiphersuite", dtlsCiphersuite)
// 压缩
if cmpName, ok := cSess.SetPickCmp("cstp", r.Header.Get("X-Cstp-Accept-Encoding")); ok {
HttpSetHeader(w, "X-CSTP-Content-Encoding", cmpName)
}
if cmpName, ok := cSess.SetPickCmp("dtls", r.Header.Get("X-Dtls-Accept-Encoding")); ok {
HttpSetHeader(w, "X-DTLS-Content-Encoding", cmpName)
}
// 返回客户端数据
HttpSetHeader(w, "Server", fmt.Sprintf("%s %s", base.APP_NAME, base.APP_VER))
HttpSetHeader(w, "X-CSTP-Version", "1")
@@ -121,7 +136,7 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
}
HttpAddHeader(w, "X-CSTP-Split-Include", v.IpMask)
}
// 不允许的路由
// 不允许的路由 X-Cstp-Remote-Address-Ip4:
for _, v := range cSess.Group.RouteExclude {
HttpAddHeader(w, "X-CSTP-Split-Exclude", v.IpMask)
}
@@ -153,7 +168,7 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
HttpSetHeader(w, "X-DTLS-Port", dtlsPort)
HttpSetHeader(w, "X-DTLS-DPD", fmt.Sprintf("%d", cstpDpd))
HttpSetHeader(w, "X-DTLS-Keepalive", fmt.Sprintf("%d", cstpKeepalive))
HttpSetHeader(w, "X-DTLS12-CipherSuite", "ECDHE-ECDSA-AES128-GCM-SHA256")
HttpSetHeader(w, "X-DTLS12-CipherSuite", dtlsCiphersuite)
HttpSetHeader(w, "X-CSTP-License", "accept")
HttpSetHeader(w, "X-CSTP-Routing-Filtering-Ignore", "false")
@@ -169,10 +184,9 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
hClone := w.Header().Clone()
headers := make([]byte, 0)
buf := bytes.NewBuffer(headers)
buf := &bytes.Buffer{}
_ = hClone.Write(buf)
base.Debug(buf.String())
base.Trace("LinkTunnel Response Header:", buf.String())
hj := w.(http.Hijacker)
conn, bufRW, err := hj.Hijack()
@@ -223,7 +237,11 @@ func SetPostAuthXml(g *dbdata.Group, w http.ResponseWriter) error {
if err != nil {
return err
}
HttpSetHeader(w, "X-CSTP-Post-Auth-XML", result.String())
xmlAuth := ""
for _, v := range strings.Split(result.String(), "\n") {
xmlAuth += strings.TrimSpace(v)
}
HttpSetHeader(w, "X-CSTP-Post-Auth-XML", xmlAuth)
return nil
}

9
server/handler/link_vtap.go
View File

@@ -33,13 +33,14 @@ func checkMacvtap() {
ifName := "anylinkMacvtap"
// 加载 macvtap
cmdstr0 := fmt.Sprintln("modprobe -i macvtap")
base.CheckModOrLoad("macvtap")
// 开启主网卡混杂模式
cmdstr1 := fmt.Sprintf("ip link set dev %s promisc on", base.Cfg.Ipv4Master)
// 测试 macvtap 功能
cmdstr2 := fmt.Sprintf("ip link add link %s name %s type macvtap mode bridge", base.Cfg.Ipv4Master, ifName)
cmdstr3 := fmt.Sprintf("ip link del %s", ifName)
err := execCmd([]string{cmdstr0, cmdstr1, cmdstr2, cmdstr3})
err := execCmd([]string{cmdstr1, cmdstr2, cmdstr3})
if err != nil {
base.Fatal(err)
}
@@ -54,7 +55,9 @@ func LinkMacvtap(cSess *sessdata.ConnSession) error {
cSess.SetIfName(ifName)
cmdstr1 := fmt.Sprintf("ip link add link %s name %s type macvtap mode bridge", base.Cfg.Ipv4Master, ifName)
cmdstr2 := fmt.Sprintf("ip link set dev %s up mtu %d address %s", ifName, cSess.Mtu, cSess.MacHw)
cmdstr2 := fmt.Sprintf("ip link set dev %s up mtu %d address %s alias %s.%s", ifName, cSess.Mtu,
cSess.MacHw, cSess.Group.Name, cSess.Username)
err := execCmd([]string{cmdstr1, cmdstr2})
if err != nil {
base.Error(err)

21
server/handler/payload_access_audit.go
View File

@@ -3,6 +3,7 @@ package handler
import (
"crypto/md5"
"encoding/binary"
"runtime/debug"
"time"
"github.com/bjdgyc/anylink/base"
@@ -101,11 +102,17 @@ func logAuditBatch() {
// 解析IP包的数据
func logAudit(userName string, pl *sessdata.Payload) {
defer putPayload(pl)
defer func() {
if err := recover(); err != nil {
base.Error("logAudit is panic: ", err, "\n", string(debug.Stack()), "\n", pl.Data)
}
putPayload(pl)
}()
if !(pl.LType == sessdata.LTypeIPData && pl.PType == 0x00) {
return
}
ipProto := waterutil.IPv4Protocol(pl.Data)
// 访问协议
var accessProto uint8
@@ -118,12 +125,17 @@ func logAudit(userName string, pl *sessdata.Payload) {
default:
return
}
// IP报文只包含头部信息时, 则打印LOG并退出
ipPl := waterutil.IPv4Payload(pl.Data)
if len(ipPl) < 4 {
base.Error("ipPl len < 4", ipPl, pl.Data)
return
}
ipPort := (uint16(ipPl[2]) << 8) | uint16(ipPl[3])
ipSrc := waterutil.IPv4Source(pl.Data)
ipDst := waterutil.IPv4Destination(pl.Data)
ipPort := waterutil.IPv4DestinationPort(pl.Data)
b := getByte51()
// key格式 16字节源IP地址 + 16字节目的IP地址 + 2字节目的端口 + 1字节协议类型 + 16字节域名MD5
key := *b
copy(key[:16], ipSrc)
copy(key[16:32], ipDst)
@@ -178,7 +190,6 @@ func logAudit(userName string, pl *sessdata.Payload) {
AccessProto: accessProto,
Info: info,
}
select {
case logBatch.LogChan <- audit:
default:

4
server/handler/payload_tcp_parser.go
View File

@@ -29,7 +29,7 @@ func onTCP(payload []byte) (uint8, string) {
}
func sniNewParser(b []byte) (uint8, string) {
if len(b) < 2 || b[0] != 0x16 || b[1] != 0x03 {
if len(b) < 6 || b[0] != 0x16 || b[1] != 0x03 {
return acc_proto_tcp, ""
}
rest := b[5:]
@@ -56,7 +56,7 @@ func sniNewParser(b []byte) (uint8, string) {
sessionIDLength := int(rest[current])
current += 1
current += sessionIDLength
if current >= restLen {
if current+1 >= restLen {
return acc_proto_https, ""
}
cipherSuiteLength := (int(rest[current]) << 8) + int(rest[current+1])

26
server/handler/server.go
View File

@@ -4,13 +4,14 @@ import (
"crypto/tls"
"fmt"
"io"
"log"
"net"
"net/http"
"os"
"time"
"github.com/bjdgyc/anylink/base"
"github.com/bjdgyc/anylink/dbdata"
"github.com/bjdgyc/anylink/pkg/utils"
"github.com/gorilla/mux"
"github.com/pires/go-proxyproto"
)
@@ -48,30 +49,35 @@ func startTls() {
NextProtos: []string{"http/1.1"},
MinVersion: tls.VersionTLS12,
CipherSuites: selectedCipherSuites,
// InsecureSkipVerify: true,
GetCertificate: func(chi *tls.ClientHelloInfo) (*tls.Certificate, error) {
base.Trace("GetCertificate ServerName", chi.ServerName)
return dbdata.GetCertificateBySNI(chi.ServerName)
},
}
srv := &http.Server{
Addr: addr,
Handler: initRoute(),
TLSConfig: tlsConfig,
ErrorLog: base.GetBaseLog(),
ErrorLog: base.GetServerLog(),
ReadTimeout: 100 * time.Second,
WriteTimeout: 100 * time.Second,
}
ln, err = net.Listen("tcp", addr)
if err != nil {
log.Fatal(err)
base.Fatal(err)
}
defer ln.Close()
if base.Cfg.ProxyProtocol {
ln = &proxyproto.Listener{
Listener: ln,
ReadHeaderTimeout: 40 * time.Second,
ReadHeaderTimeout: 30 * time.Second,
}
}
base.Info("listen server", addr)
err = srv.ServeTLS(ln, base.Cfg.CertFile, base.Cfg.CertKey)
err = srv.ServeTLS(ln, "", "")
if err != nil {
base.Fatal(err)
}
@@ -79,6 +85,14 @@ func startTls() {
func initRoute() http.Handler {
r := mux.NewRouter()
// 所有路由添加安全头
r.Use(func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
utils.SetSecureHeader(w)
next.ServeHTTP(w, req)
})
})
r.HandleFunc("/", LinkHome).Methods(http.MethodGet)
r.HandleFunc("/", LinkAuth).Methods(http.MethodPost)
r.HandleFunc("/CSCOSSLC/tunnel", LinkTunnel).Methods(http.MethodConnect)

13
server/main.go
View File

@@ -20,14 +20,21 @@ import (
var uiData embed.FS
// 程序版本
var CommitId string
var (
appVer string
commitId string
buildDate string
)
func main() {
base.CommitId = CommitId
admin.UiData = uiData
base.APP_VER = appVer
base.CommitId = commitId
base.BuildDate = buildDate
base.Start()
handler.Start()
signalWatch()
}
@@ -35,7 +42,7 @@ func signalWatch() {
base.Info("Server pid: ", os.Getpid())
sigs := make(chan os.Signal, 1)
signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM, syscall.SIGALRM)
signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM, syscall.SIGALRM, syscall.SIGUSR2)
for {
sig := <-sigs
base.Info("Get signal:", sig)

32
server/pkg/utils/secure_header.go Normal file
View File

@@ -0,0 +1,32 @@
package utils
import "net/http"
// SetSecureHeader 设置安全的header头
// https://blog.csdn.net/liwan09/article/details/130248003
// https://zhuanlan.zhihu.com/p/335165168
func SetSecureHeader(w http.ResponseWriter) {
// Content-Length Date 默认已经存在
w.Header().Set("Server", "AnyLinkOpenSource")
// w.Header().Set("Content-Type", "text/html; charset=utf-8")
// w.Header().Set("Transfer-Encoding", "chunked")
w.Header().Set("X-Aggregate-Auth", "1")
w.Header().Set("Cache-Control", "no-store,no-cache")
w.Header().Set("Pragma", "no-cache")
w.Header().Set("Connection", "keep-alive")
w.Header().Set("X-Frame-Options", "SAMEORIGIN")
w.Header().Set("X-Content-Type-Options", "nosniff")
w.Header().Set("X-Download-Options", "noopen")
w.Header().Set("Content-Security-Policy", "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'; base-uri 'self'; block-all-mixed-content")
w.Header().Set("X-Permitted-Cross-Domain-Policies", "none")
w.Header().Set("Referrer-Policy", "same-origin")
w.Header().Set("Cross-Origin-Embedder-Policy", "require-corp")
w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")
w.Header().Set("Cross-Origin-Resource-Policy", "same-origin")
w.Header().Set("X-XSS-Protection", "1;mode=block")
w.Header().Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
// w.Header().Set("Clear-Site-Data", "cache,cookies,storage")
}

35
server/sessdata/compress.go Normal file
View File

@@ -0,0 +1,35 @@
package sessdata
import (
"github.com/lanrenwo/lzsgo"
)
type CmpEncoding interface {
Compress(src []byte, dst []byte) (int, error)
Uncompress(src []byte, dst []byte) (int, error)
}
type LzsgoCmp struct {
}
func (l LzsgoCmp) Compress(src []byte, dst []byte) (int, error) {
n, err := lzsgo.Compress(src, dst)
return n, err
}
func (l LzsgoCmp) Uncompress(src []byte, dst []byte) (int, error) {
n, err := lzsgo.Uncompress(src, dst)
return n, err
}
// type Lz4Cmp struct {
// c lz4.Compressor
// }
// func (l Lz4Cmp) Compress(src []byte, dst []byte) (int, error) {
// return l.c.CompressBlock(src, dst)
// }
// func (l Lz4Cmp) Uncompress(src []byte, dst []byte) (int, error) {
// return lz4.UncompressBlock(src, dst)
// }

28
server/sessdata/compress_test.go Normal file
View File

@@ -0,0 +1,28 @@
package sessdata
import (
"strings"
"testing"
"github.com/stretchr/testify/assert"
)
func TestLzsCompress(t *testing.T) {
var (
n int
err error
)
assert := assert.New(t)
c := LzsgoCmp{}
s := "hello anylink, you are best!"
src := []byte(strings.Repeat(s, 50))
comprBuf := make([]byte, 2048)
n, err = c.Compress(src, comprBuf)
assert.Nil(err)
unprBuf := make([]byte, 2048)
n, err = c.Uncompress(comprBuf[:n], unprBuf)
assert.Nil(err)
assert.Equal(src, unprBuf[:n])
}

203
server/sessdata/ip_pool.go
View File

@@ -14,8 +14,10 @@ var (
IpPool = &ipPoolConfig{}
ipActive = map[string]bool{}
// ipKeep and ipLease ipAddr => type
ipLease = map[string]bool{}
// ipLease = map[string]bool{}
ipPoolMux sync.Mutex
// 记录循环点
loopCurIp uint32
)
type ipPoolConfig struct {
@@ -36,7 +38,19 @@ func initIpPool() {
}
IpPool.Ipv4IPNet = ipNet
IpPool.Ipv4Mask = net.IP(ipNet.Mask)
IpPool.Ipv4Gateway = net.ParseIP(base.Cfg.Ipv4Gateway)
ipv4Gateway := net.ParseIP(base.Cfg.Ipv4Gateway)
ipStart := net.ParseIP(base.Cfg.Ipv4Start)
ipEnd := net.ParseIP(base.Cfg.Ipv4End)
if !ipNet.Contains(ipv4Gateway) || !ipNet.Contains(ipStart) || !ipNet.Contains(ipEnd) {
panic("ip段 设置错误")
}
// ip地址池
IpPool.Ipv4Gateway = ipv4Gateway
IpPool.IpLongMin = utils.Ip2long(ipStart)
IpPool.IpLongMax = utils.Ip2long(ipEnd)
loopCurIp = IpPool.IpLongMin
// 网络地址零值
// zero := binary.BigEndian.Uint32(ip.Mask(mask))
@@ -44,63 +58,73 @@ func initIpPool() {
// one, _ := ipNet.Mask.Size()
// max := min | uint32(math.Pow(2, float64(32-one))-1)
// ip地址池
IpPool.IpLongMin = utils.Ip2long(net.ParseIP(base.Cfg.Ipv4Start))
IpPool.IpLongMax = utils.Ip2long(net.ParseIP(base.Cfg.Ipv4End))
// 获取IpLease数据
go cronIpLease()
// go cronIpLease()
}
func cronIpLease() {
getIpLease()
tick := time.NewTicker(time.Minute * 30)
for range tick.C {
getIpLease()
}
}
func getIpLease() {
xdb := dbdata.GetXdb()
keepIpMaps := []dbdata.IpMap{}
sNow := time.Now().Add(-1 * time.Duration(base.Cfg.IpLease) * time.Second)
err := xdb.Cols("ip_addr").Where("keep=?", true).
Or("unique_mac=? and last_login>?", true, sNow).Find(&keepIpMaps)
if err != nil {
base.Error(err)
}
// fmt.Println(keepIpMaps)
ipPoolMux.Lock()
ipLease = map[string]bool{}
for _, v := range keepIpMaps {
ipLease[v.IpAddr] = true
}
ipPoolMux.Unlock()
}
// func cronIpLease() {
// getIpLease()
// tick := time.NewTicker(time.Minute * 30)
// for range tick.C {
// getIpLease()
// }
// }
//
// func getIpLease() {
// xdb := dbdata.GetXdb()
// keepIpMaps := []dbdata.IpMap{}
// sNow := time.Now().Add(-1 * time.Duration(base.Cfg.IpLease) * time.Second)
// err := xdb.Cols("ip_addr").Where("keep=?", true).
// Or("unique_mac=? and last_login>?", true, sNow).Find(&keepIpMaps)
// if err != nil {
// base.Error(err)
// }
// // fmt.Println(keepIpMaps)
// ipPoolMux.Lock()
// ipLease = map[string]bool{}
// for _, v := range keepIpMaps {
// ipLease[v.IpAddr] = true
// }
// ipPoolMux.Unlock()
// }
// AcquireIp 获取动态ip
func AcquireIp(username, macAddr string, uniqueMac bool) net.IP {
func AcquireIp(username, macAddr string, uniqueMac bool) (newIp net.IP) {
base.Trace("AcquireIp start:", username, macAddr, uniqueMac)
ipPoolMux.Lock()
defer ipPoolMux.Unlock()
defer func() {
ipPoolMux.Unlock()
base.Trace("AcquireIp end:", username, macAddr, uniqueMac, newIp)
}()
var (
err error
tNow = time.Now()
sNow = time.Now().Add(-1 * time.Duration(base.Cfg.IpLease) * time.Second)
)
if uniqueMac {
// 判断是否已经分配过
mi := &dbdata.IpMap{}
err = dbdata.One("mac_addr", macAddr, mi)
if err != nil {
// 没有查询到数据
if dbdata.CheckErrNotFound(err) {
return loopIp(username, macAddr, uniqueMac)
}
// 查询报错
base.Error(err)
return nil
}
// 存在ip记录
if err == nil {
base.Trace("uniqueMac:", username, mi)
ipStr := mi.IpAddr
ip := net.ParseIP(ipStr)
// 跳过活跃连接
_, ok := ipActive[ipStr]
// 检测原有ip是否在新的ip池内
if IpPool.Ipv4IPNet.Contains(ip) && !ok &&
// IpPool.Ipv4IPNet.Contains(ip) &&
if !ok &&
utils.Ip2long(ip) >= IpPool.IpLongMin &&
utils.Ip2long(ip) <= IpPool.IpLongMax {
mi.Username = username
@@ -111,13 +135,25 @@ func AcquireIp(username, macAddr string, uniqueMac bool) net.IP {
ipActive[ipStr] = true
return ip
}
// 删除当前macAddr
mi = &dbdata.IpMap{MacAddr: macAddr}
_ = dbdata.Del(mi)
}
} else {
// 没有获取到mac的情况
ipMaps := []dbdata.IpMap{}
err = dbdata.FindWhere(&ipMaps, 50, 1, "username=? and unique_mac=?", username, false)
if err == nil {
//遍历mac记录
if err != nil {
// 没有查询到数据
if dbdata.CheckErrNotFound(err) {
return loopIp(username, macAddr, uniqueMac)
}
// 查询报错
base.Error(err)
return nil
}
// 遍历mac记录
for _, mi := range ipMaps {
ipStr := mi.IpAddr
ip := net.ParseIP(ipStr)
@@ -126,13 +162,13 @@ func AcquireIp(username, macAddr string, uniqueMac bool) net.IP {
if _, ok := ipActive[ipStr]; ok {
continue
}
// 跳过ip租期内数据
if _, ok := ipLease[ipStr]; ok {
// 跳过保留ip
if mi.Keep {
continue
}
if IpPool.Ipv4IPNet.Contains(ip) &&
utils.Ip2long(ip) >= IpPool.IpLongMin &&
// 没有mac的 不需要验证租期
// mi.LastLogin.Before(leaseTime) &&
if utils.Ip2long(ip) >= IpPool.IpLongMin &&
utils.Ip2long(ip) <= IpPool.IpLongMax {
mi.LastLogin = tNow
mi.MacAddr = macAddr
@@ -144,10 +180,41 @@ func AcquireIp(username, macAddr string, uniqueMac bool) net.IP {
}
}
}
return loopIp(username, macAddr, uniqueMac)
}
func loopIp(username, macAddr string, uniqueMac bool) net.IP {
var (
i uint32
ip net.IP
)
i, ip = loopLong(loopCurIp, IpPool.IpLongMax, username, macAddr, uniqueMac)
if ip != nil {
loopCurIp = i
return ip
}
i, ip = loopLong(IpPool.IpLongMin, loopCurIp, username, macAddr, uniqueMac)
if ip != nil {
loopCurIp = i
return ip
}
base.Warn("no ip available, please see ip_map table row", username, macAddr)
return nil
}
func loopLong(start, end uint32, username, macAddr string, uniqueMac bool) (uint32, net.IP) {
var (
err error
tNow = time.Now()
leaseTime = time.Now().Add(-1 * time.Duration(base.Cfg.IpLease) * time.Second)
)
// 全局遍历超过租期和未保留的ip
for i := IpPool.IpLongMin; i <= IpPool.IpLongMax; i++ {
for i := start; i <= end; i++ {
ip := utils.Long2ip(i)
ipStr := ip.String()
@@ -155,14 +222,30 @@ func AcquireIp(username, macAddr string, uniqueMac bool) net.IP {
if _, ok := ipActive[ipStr]; ok {
continue
}
// 跳过ip租期内数据
if _, ok := ipLease[ipStr]; ok {
continue
}
mi := &dbdata.IpMap{}
err = dbdata.One("ip_addr", ipStr, mi)
if err == nil && mi.LastLogin.Before(sNow) {
if err != nil {
// 没有查询到数据
if dbdata.CheckErrNotFound(err) {
// 该ip没有被使用
mi = &dbdata.IpMap{IpAddr: ipStr, MacAddr: macAddr, UniqueMac: uniqueMac, Username: username, LastLogin: tNow}
_ = dbdata.Add(mi)
ipActive[ipStr] = true
return i, ip
}
// 查询报错
base.Error(err)
return 0, nil
}
// 查询到已经使用的ip
// 跳过保留ip
if mi.Keep {
continue
}
// 判断租期
if mi.LastLogin.Before(leaseTime) {
// 存在记录,说明已经超过租期,可以直接使用
mi.LastLogin = tNow
mi.MacAddr = macAddr
@@ -170,23 +253,11 @@ func AcquireIp(username, macAddr string, uniqueMac bool) net.IP {
// 回写db数据
_ = dbdata.Set(mi)
ipActive[ipStr] = true
return ip
return i, ip
}
}
if dbdata.CheckErrNotFound(err) {
// 该ip没有被使用
mi := &dbdata.IpMap{IpAddr: ipStr, MacAddr: macAddr, UniqueMac: uniqueMac, Username: username, LastLogin: tNow}
_ = dbdata.Add(mi)
ipActive[ipStr] = true
return ip
}
// 查询报错
base.Error(err)
return nil
}
base.Warn("no ip available, please see ip_map table row")
return nil
return 0, nil
}
// 回收ip

49
server/sessdata/ip_pool_test.go
View File

@@ -6,6 +6,7 @@ import (
"os"
"path"
"testing"
"time"
"github.com/bjdgyc/anylink/base"
"github.com/bjdgyc/anylink/dbdata"
@@ -18,10 +19,12 @@ func preData(tmpDir string) {
base.Cfg.DbType = "sqlite3"
base.Cfg.DbSource = tmpDb
base.Cfg.Ipv4CIDR = "192.168.3.0/24"
base.Cfg.Ipv4Start = "192.168.3.1"
base.Cfg.Ipv4End = "192.168.3.199"
base.Cfg.Ipv4Gateway = "192.168.3.1"
base.Cfg.Ipv4Start = "192.168.3.100"
base.Cfg.Ipv4End = "192.168.3.150"
base.Cfg.MaxClient = 100
base.Cfg.MaxUserClient = 3
base.Cfg.IpLease = 5
dbdata.Start()
group := dbdata.Group{
@@ -46,22 +49,34 @@ func TestIpPool(t *testing.T) {
var ip net.IP
for i := 1; i <= 100; i++ {
_ = AcquireIp("user", fmt.Sprintf("mac-%d", i), true)
for i := 100; i <= 150; i++ {
_ = AcquireIp(getTestUser(i), getTestMacAddr(i), true)
}
ip = AcquireIp("user", "mac-new", true)
assert.True(net.IPv4(192, 168, 3, 101).Equal(ip))
for i := 102; i <= 199; i++ {
ip = AcquireIp("user", fmt.Sprintf("mac-%d", i), true)
}
assert.True(net.IPv4(192, 168, 3, 199).Equal(ip))
ip = AcquireIp("user", "mac-nil", true)
assert.Nil(ip)
ReleaseIp(net.IPv4(192, 168, 3, 88), "mac-88")
ReleaseIp(net.IPv4(192, 168, 3, 188), "mac-188")
// 回收
ReleaseIp(net.IPv4(192, 168, 3, 140), getTestMacAddr(140))
time.Sleep(time.Second * 6)
// 从头循环获取可用ip
ip = AcquireIp("user", "mac-188", true)
t.Log("mac-188", ip)
assert.True(net.IPv4(192, 168, 3, 188).Equal(ip))
user_new := getTestUser(210)
mac_new := getTestMacAddr(210)
ip = AcquireIp(user_new, mac_new, true)
t.Log("mac_new", ip)
assert.NotNil(ip)
assert.True(net.IPv4(192, 168, 3, 140).Equal(ip))
// 回收全部
for i := 100; i <= 150; i++ {
ReleaseIp(net.IPv4(192, 168, 3, byte(i)), getTestMacAddr(i))
}
}
func getTestUser(i int) string {
return fmt.Sprintf("user-%d", i)
}
func getTestMacAddr(i int) string {
// 前缀mac
macAddr := "02:00:00:00:00"
return fmt.Sprintf("%s:%x", macAddr, i)
}

30
server/sessdata/session.go
View File

@@ -49,11 +49,15 @@ type ConnSession struct {
BandwidthDownAll atomic2.Uint64 // 使用下行带宽总量
closeOnce sync.Once
CloseChan chan struct{}
LastDataTime atomic2.Time // 最后数据传输时间
PayloadIn chan *Payload
PayloadOutCstp chan *Payload // Cstp的数据
PayloadOutDtls chan *Payload // Dtls的数据
// dSess *DtlsSession
dSess *atomic.Value
// compress
CstpPickCmp CmpEncoding
DtlsPickCmp CmpEncoding
}
type DtlsSession struct {
@@ -187,6 +191,7 @@ func (s *Session) NewConn() *ConnSession {
limit := LimitClient(username, false)
if !limit {
base.Warn("limit is full", username)
return nil
}
ip := AcquireIp(username, macAddr, uniqueMac)
@@ -215,6 +220,7 @@ func (s *Session) NewConn() *ConnSession {
PayloadOutDtls: make(chan *Payload, 64),
dSess: &atomic.Value{},
}
cSess.LastDataTime.Store(time.Now())
dSess := &DtlsSession{
isActive: -1,
@@ -359,6 +365,30 @@ func (cs *ConnSession) RateLimit(byt int, isUp bool) error {
return cs.Limit.Wait(byt)
}
func (cs *ConnSession) SetPickCmp(cate, encoding string) (string, bool) {
var cmpName string
if !base.Cfg.Compression {
return cmpName, false
}
var cmp CmpEncoding
switch {
// case strings.Contains(encoding, "oc-lz4"):
// cmpName = "oc-lz4"
// cmp = Lz4Cmp{}
case strings.Contains(encoding, "lzs"):
cmpName = "lzs"
cmp = LzsgoCmp{}
default:
return cmpName, false
}
if cate == "cstp" {
cs.CstpPickCmp = cmp
} else {
cs.DtlsPickCmp = cmp
}
return cmpName, true
}
func SToken2Sess(stoken string) *Session {
stoken = strings.TrimSpace(stoken)
sarr := strings.Split(stoken, "@")

28
server/sessdata/session_test.go
View File

@@ -1,8 +1,11 @@
package sessdata
import (
"fmt"
"testing"
"time"
"github.com/bjdgyc/anylink/base"
"github.com/stretchr/testify/assert"
)
@@ -22,11 +25,15 @@ func TestConnSession(t *testing.T) {
preData(tmp)
defer cleardata(tmp)
time.Sleep(time.Second * 10)
sess := NewSession("")
sess.Username = "user-test"
sess.Group = "group1"
sess.MacAddr = "00:15:5d:50:14:43"
cSess := sess.NewConn()
// base.Info("cSess", cSess)
err := cSess.RateLimit(100, true)
ast.Nil(err)
@@ -34,5 +41,26 @@ func TestConnSession(t *testing.T) {
err = cSess.RateLimit(200, false)
ast.Nil(err)
ast.Equal(cSess.BandwidthDown.Load(), uint32(200))
var (
cmpName string
ok bool
)
base.Cfg.Compression = true
cmpName, ok = cSess.SetPickCmp("cstp", "oc-lz4,lzs")
fmt.Println(cmpName, ok)
ast.True(ok)
ast.Equal(cmpName, "lzs")
cmpName, ok = cSess.SetPickCmp("dtls", "lzs")
ast.True(ok)
ast.Equal(cmpName, "lzs")
cmpName, ok = cSess.SetPickCmp("dtls", "test")
ast.False(ok)
ast.Equal(cmpName, "")
cSess.Close()
// 等待日志执行完成
time.Sleep(time.Second * 10)
}

15
systemd/anylink.service
View File

@@ -1,15 +0,0 @@
[Unit]
Description=AnyLink Server Service
Documentation=https://github.com/bjdgyc/anylink
After=network-online.target
[Service]
Type=simple
User=root
WorkingDirectory=/usr/local/anylink-deploy
Restart=on-failure
RestartSec=5s
ExecStart=/usr/local/anylink-deploy/anylink --conf=/usr/local/anylink-deploy/conf/server.toml
[Install]
WantedBy=multi-user.target

1
version Normal file
View File

@@ -0,0 +1 @@
0.11.1

1
version_info Normal file
View File

@@ -0,0 +1 @@
version_info

1
web/package.json
View File

@@ -12,6 +12,7 @@
"core-js": "^3.6.5",
"echarts": "^4.9.0",
"element-ui": "^2.4.5",
"qs": "^6.11.1",
"vue": "^2.6.11",
"vue-count-to": "^1.0.13",
"vue-router": "^3.5.2"

0
web/public/批量添加用户模版.xlsx Executable file → Normal file
View File

3
web/src/pages/Home.vue
View File

@@ -230,6 +230,9 @@ export default {
case "mem": this.formatMem(data); break;
}
}).catch(error => {
if (error.response.status === 401) {
return ;
}
this.$message.error('哦,请求出错');
console.log(error);
});

270
web/src/pages/group/List.vue
View File

@@ -47,7 +47,12 @@
<el-table-column
prop="bandwidth"
label="带宽限制">
label="带宽限制"
width="90">
<template slot-scope="scope">
<el-row v-if="scope.row.bandwidth > 0">{{ convertBandwidth(scope.row.bandwidth, 'BYTE', 'Mbps') }} Mbps</el-row>
<el-row v-else>不限</el-row>
</template>
</el-table-column>
<el-table-column
@@ -62,7 +67,7 @@
<el-table-column
prop="route_include"
label="路由包含"
width="200">
width="180">
<template slot-scope="scope">
<el-row v-for="(item,inx) in scope.row.route_include.slice(0, readMinRows)" :key="inx">{{ item.val }}</el-row>
<div v-if="scope.row.route_include.length > readMinRows">
@@ -77,7 +82,7 @@
<el-table-column
prop="route_exclude"
label="路由排除"
width="200">
width="180">
<template slot-scope="scope">
<el-row v-for="(item,inx) in scope.row.route_exclude.slice(0, readMinRows)" :key="inx">{{ item.val }}</el-row>
<div v-if="scope.row.route_exclude.length > readMinRows">
@@ -92,7 +97,7 @@
<el-table-column
prop="link_acl"
label="LINK-ACL"
min-width="200">
min-width="180">
<template slot-scope="scope">
<el-row v-for="(item,inx) in scope.row.link_acl.slice(0, readMinRows)" :key="inx">
{{ item.action }} => {{ item.val }} : {{ item.port }}
@@ -186,14 +191,15 @@
<el-input v-model="ruleForm.note"></el-input>
</el-form-item>
<el-form-item label="带宽限制" prop="bandwidth">
<el-input v-model.number="ruleForm.bandwidth">
<template slot="append">BYTE/S</template>
<el-form-item label="带宽限制" prop="bandwidth_format" style="width:260px;">
<el-input v-model="ruleForm.bandwidth_format" oninput="value= value.match(/\d+(\.\d{0,2})?/) ? value.match(/\d+(\.\d{0,2})?/)[0] : ''">
<template slot="append">Mbps</template>
</el-input>
</el-form-item>
<el-form-item label="排除本地网络" prop="allow_lan">
<el-switch
v-model="ruleForm.allow_lan">
v-model="ruleForm.allow_lan"
active-text="开启后 用户本地所在网段将不通过anylink加密传输">
</el-switch>
</el-form-item>
@@ -235,23 +241,23 @@
<el-radio label="ldap" border>LDAP</el-radio>
</el-radio-group>
</el-form-item>
<templete v-if="ruleForm.auth.type == 'radius'">
<template v-if="ruleForm.auth.type == 'radius'">
<el-form-item label="服务器地址" prop="auth.radius.addr" :rules="this.ruleForm.auth.type== 'radius' ? this.rules['auth.radius.addr'] : [{ required: false }]">
<el-input v-model="ruleForm.auth.radius.addr" placeholder="例如 ip:1812"></el-input>
</el-form-item>
<el-form-item label="密钥" prop="auth.radius.secret" :rules="this.ruleForm.auth.type== 'radius' ? this.rules['auth.radius.secret'] : [{ required: false }]">
<el-input v-model="ruleForm.auth.radius.secret" placeholder=""></el-input>
</el-form-item>
</templete>
</template>
<templete v-if="ruleForm.auth.type == 'ldap'">
<template v-if="ruleForm.auth.type == 'ldap'">
<el-form-item label="服务器地址" prop="auth.ldap.addr" :rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.addr'] : [{ required: false }]">
<el-input v-model="ruleForm.auth.ldap.addr" placeholder="例如 ip:389 / 域名:389"></el-input>
</el-form-item>
<el-form-item label="开启TLS" prop="auth.ldap.tls">
<el-switch v-model="ruleForm.auth.ldap.tls"></el-switch>
</el-form-item>
<el-form-item label="管理员账号" prop="auth.ldap.bind_name" :rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.bind_name'] : [{ required: false }]">
<el-form-item label="管理员 DN" prop="auth.ldap.bind_name" :rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.bind_name'] : [{ required: false }]">
<el-input v-model="ruleForm.auth.ldap.bind_name" placeholder="例如 CN=bindadmin,DC=abc,DC=COM"></el-input>
</el-form-item>
<el-form-item label="管理员密码" prop="auth.ldap.bind_pwd" :rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.bind_pwd'] : [{ required: false }]">
@@ -260,24 +266,32 @@
<el-form-item label="Base DN" prop="auth.ldap.base_dn" :rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.base_dn'] : [{ required: false }]">
<el-input v-model="ruleForm.auth.ldap.base_dn" placeholder="例如 DC=abc,DC=com"></el-input>
</el-form-item>
<el-form-item label="用户对象类" prop="auth.ldap.object_class" :rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.object_class'] : [{ required: false }]">
<el-input v-model="ruleForm.auth.ldap.object_class" placeholder="例如 person / user / posixAccount"></el-input>
</el-form-item>
<el-form-item label="用户唯一ID" prop="auth.ldap.search_attr" :rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.search_attr'] : [{ required: false }]">
<el-input v-model="ruleForm.auth.ldap.search_attr" placeholder="例如 sAMAccountName uid"></el-input>
<el-input v-model="ruleForm.auth.ldap.search_attr" placeholder="例如 sAMAccountName / uid / cn"></el-input>
</el-form-item>
<el-form-item label="受限用户组" prop="auth.ldap.member_of">
<el-input v-model="ruleForm.auth.ldap.member_of" placeholder="选填, 只允许指定组登入, 例如 CN=HomeWork,DC=abc,DC=com"></el-input>
</el-form-item>
</templete>
</template>
</el-tab-pane>
<el-tab-pane label="路由设置" name="route">
<el-form-item label="包含路由" prop="route_include">
<el-row class="msg-info">
<el-col :span="20">输入CIDR格式如: 192.168.1.0/24</el-col>
<el-col :span="4">
<el-col :span="18">输入CIDR格式如: 192.168.1.0/24</el-col>
<el-col :span="2">
<el-button size="mini" type="success" icon="el-icon-plus" circle
@click.prevent="addDomain(ruleForm.route_include)"></el-button>
</el-col>
<el-col :span="4">
<el-button size="mini" type="info" icon="el-icon-edit" circle
@click.prevent="openIpListDialog('route_include')"></el-button>
</el-col>
</el-row>
<templete v-if="activeTab == 'route'">
<el-row v-for="(item,index) in ruleForm.route_include"
:key="index" style="margin-bottom: 5px" :gutter="10">
<el-col :span="10">
@@ -291,16 +305,22 @@
@click.prevent="removeDomain(ruleForm.route_include,index)"></el-button>
</el-col>
</el-row>
</templete>
</el-form-item>
<el-form-item label="排除路由" prop="route_exclude">
<el-row class="msg-info">
<el-col :span="20">输入CIDR格式如: 192.168.2.0/24</el-col>
<el-col :span="4">
<el-col :span="18">输入CIDR格式如: 192.168.2.0/24</el-col>
<el-col :span="2">
<el-button size="mini" type="success" icon="el-icon-plus" circle
@click.prevent="addDomain(ruleForm.route_exclude)"></el-button>
</el-col>
<el-col :span="4">
<el-button size="mini" type="info" icon="el-icon-edit" circle
@click.prevent="openIpListDialog('route_exclude')"></el-button>
</el-col>
</el-row>
<templete v-if="activeTab == 'route'">
<el-row v-for="(item,index) in ruleForm.route_exclude"
:key="index" style="margin-bottom: 5px" :gutter="10">
<el-col :span="10">
@@ -314,6 +334,7 @@
@click.prevent="removeDomain(ruleForm.route_exclude,index)"></el-button>
</el-col>
</el-row>
</templete>
</el-form-item>
</el-tab-pane>
<el-tab-pane label="权限控制" name="link_acl">
@@ -356,16 +377,59 @@
</el-form-item>
<el-form-item label="排除域名" prop="ds_exclude_domains">
<el-input type="textarea" :rows="5" v-model="ruleForm.ds_exclude_domains" placeholder="输入域名用,号分隔,默认匹配所有子域名, 如baidu.com,163.com"></el-input>
<div class="msg-info">域名拆分隧道仅支持AnyConnect的桌面客户端不支持移动端.</div>
</el-form-item>
</el-tab-pane>
<el-form-item>
<templete v-if="activeTab == 'authtype' && ruleForm.auth.type != 'local'">
<el-button @click="openAuthLoginDialog()" style="margin-right:10px">测试登录</el-button>
</templete>
<el-button type="primary" @click="submitForm('ruleForm')">保存</el-button>
<el-button @click="closeDialog">取消</el-button>
</el-form-item>
</el-tabs>
</el-form>
</el-dialog>
<!--测试用户登录弹出框-->
<el-dialog
:close-on-click-modal="false"
title="测试用户登录"
:visible.sync="authLoginDialog"
width="600px"
custom-class="valgin-dialog"
center>
<el-form :model="authLoginForm" :rules="authLoginRules" ref="authLoginForm" label-width="100px">
<el-form-item label="账号" prop="name">
<el-input v-model="authLoginForm.name" ref="authLoginFormName" @keydown.enter.native="testAuthLogin"></el-input>
</el-form-item>
<el-form-item label="密码" prop="pwd">
<el-input type="password" v-model="authLoginForm.pwd" @keydown.enter.native="testAuthLogin"></el-input>
</el-form-item>
<el-form-item>
<el-button type="primary" @click="testAuthLogin()" :loading="authLoginLoading">登录</el-button>
<el-button @click="authLoginDialog = false"> </el-button>
</el-form-item>
</el-form>
</el-dialog>
<!--编辑模式弹窗-->
<el-dialog
:close-on-click-modal="false"
title="编辑模式"
:visible.sync="ipListDialog"
width="650px"
custom-class="valgin-dialog"
center>
<el-form ref="ipEditForm" label-width="80px">
<el-form-item label="路由表" prop="ip_list">
<el-input type="textarea" :rows="10" v-model="ipEditForm.ip_list" placeholder="每行一条路由192.168.1.0/24,备注 或 192.168.1.0/24"></el-input>
<div class="msg-info">当前共 {{ ipEditForm.ip_list.trim() === '' ? 0 : ipEditForm.ip_list.trim().split("\n").length }} AnyConnect客户端最多支持{{ this.maxRouteRows }}条路由</div>
</el-form-item>
<el-form-item>
<el-button type="primary" @click="ipEdit()" :loading="ipEditLoading">更新</el-button>
<el-button @click="ipListDialog = false"> </el-button>
</el-form-item>
</el-form>
</el-dialog>
</div>
</template>
@@ -392,6 +456,7 @@ export default {
activeTab : "general",
readMore: {},
readMinRows : 5,
maxRouteRows : 2500,
defAuth : {
type:'local',
radius:{addr:"", secret:""},
@@ -399,6 +464,7 @@ export default {
addr:"",
tls:false,
base_dn:"",
object_class:"person",
search_attr:"sAMAccountName",
member_of:"",
bind_name:"",
@@ -407,6 +473,7 @@ export default {
},
ruleForm: {
bandwidth: 0,
bandwidth_format: '0',
status: 1,
allow_lan: true,
client_dns: [{val: '114.114.114.114'}],
@@ -415,14 +482,35 @@ export default {
link_acl: [],
auth : {},
},
authLoginDialog : false,
ipListDialog : false,
authLoginLoading : false,
authLoginForm : {
name : "",
pwd : "",
},
ipEditForm: {
ip_list: "",
type : "",
},
ipEditLoading : false,
authLoginRules: {
name: [
{required: true, message: '请输入账号', trigger: 'blur'},
],
pwd: [
{required: true, message: '请输入密码', trigger: 'blur'},
{min: 6, message: '长度至少 6 个字符', trigger: 'blur'}
],
},
rules: {
name: [
{required: true, message: '请输入组名', trigger: 'blur'},
{max: 30, message: '长度小于 30 个字符', trigger: 'blur'}
],
bandwidth: [
bandwidth_format: [
{required: true, message: '请输入带宽限制', trigger: 'blur'},
{type: 'number', message: '带宽限制必须为数字值'}
{type: 'string', message: '带宽限制必须为数字值'}
],
status: [
{required: true}
@@ -437,7 +525,7 @@ export default {
{required: true, message: '请输入服务器地址(含端口)', trigger: 'blur'}
],
"auth.ldap.bind_name": [
{required: true, message: '请输入管理员账号', trigger: 'blur'}
{required: true, message: '请输入管理员 DN', trigger: 'blur'}
],
"auth.ldap.bind_pwd": [
{required: true, message: '请输入管理员密码', trigger: 'blur'}
@@ -445,6 +533,9 @@ export default {
"auth.ldap.base_dn": [
{required: true, message: '请输入Base DN值', trigger: 'blur'}
],
"auth.ldap.object_class": [
{required: true, message: '请输入用户对象类', trigger: 'blur'}
],
"auth.ldap.search_attr": [
{required: true, message: '请输入用户唯一ID', trigger: 'blur'}
],
@@ -457,6 +548,9 @@ export default {
this.ruleForm.auth = JSON.parse(JSON.stringify(this.defAuth));
return ;
}
if (row.auth.type == "ldap" && ! row.auth.ldap.object_class) {
row.auth.ldap.object_class = this.defAuth.ldap.object_class;
}
this.ruleForm.auth = Object.assign(JSON.parse(JSON.stringify(this.defAuth)), row.auth);
},
handleDel(row) {
@@ -487,6 +581,7 @@ export default {
id: row.id,
}
}).then(resp => {
resp.data.data.bandwidth_format = this.convertBandwidth(resp.data.data.bandwidth, 'BYTE', 'Mbps').toString();
this.ruleForm = resp.data.data;
this.setAuthData(resp.data.data);
}).catch(error => {
@@ -533,6 +628,7 @@ export default {
console.log('error submit!!');
return false;
}
this.ruleForm.bandwidth = this.convertBandwidth(this.ruleForm.bandwidth_format, 'Mbps', 'BYTE');
axios.post('/group/set', this.ruleForm).then(resp => {
const rdata = resp.data;
if (rdata.code === 0) {
@@ -549,6 +645,108 @@ export default {
});
});
},
testAuthLogin() {
this.$refs["authLoginForm"].validate((valid) => {
if (!valid) {
console.log('error submit!!');
return false;
}
this.authLoginLoading = true;
axios.post('/group/auth_login', {name:this.authLoginForm.name,
pwd:this.authLoginForm.pwd,
auth:this.ruleForm.auth}).then(resp => {
const rdata = resp.data;
if (rdata.code === 0) {
this.$message.success("登录成功");
} else {
this.$message.error(rdata.msg);
}
this.authLoginLoading = false;
console.log(rdata);
}).catch(error => {
this.$message.error('哦,请求出错');
console.log(error);
this.authLoginLoading = false;
});
});
},
openAuthLoginDialog() {
this.$refs["ruleForm"].validate((valid) => {
if (!valid) {
console.log('error submit!!');
return false;
}
this.authLoginDialog = true;
// set authLoginFormName focus
this.$nextTick(() => {
this.$refs['authLoginFormName'].focus();
});
});
},
openIpListDialog(type) {
this.ipListDialog = true;
this.ipEditForm.type = type;
this.ipEditForm.ip_list = this.ruleForm[type].map(item => item.val + (item.note ? "," + item.note : "")).join("\n");
},
ipEdit() {
this.ipEditLoading = true;
let ipList = [];
if (this.ipEditForm.ip_list.trim() !== "") {
ipList = this.ipEditForm.ip_list.trim().split("\n");
}
let arr = [];
for (let i = 0; i < ipList.length; i++) {
let item = ipList[i];
if (item.trim() === "") {
continue;
}
let ip = item.split(",");
if (ip.length > 2) {
ip[1] = ip.slice(1).join(",");
}
let note = ip[1] ? ip[1] : "";
const pushToArr = () => {
arr.push({val: ip[0], note: note});
};
if (this.ipEditForm.type == "route_include" && ip[0] == "all") {
pushToArr();
continue;
}
let valid = this.isValidCIDR(ip[0]);
if (!valid.valid) {
this.$message.error("错误CIDR格式错误建议 " + ip[0] + " 改为 " + valid.suggestion);
this.ipEditLoading = false;
return;
}
pushToArr();
}
this.ruleForm[this.ipEditForm.type] = arr;
this.ipEditLoading = false;
this.ipListDialog = false;
},
isValidCIDR(input) {
const cidrRegex = /^((25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(25[0-5]|2[0-4]\d|[01]?\d\d?)\/([12]?\d|3[0-2])$/;
if (!cidrRegex.test(input)) {
return { valid: false, suggestion: null };
}
const [ip, mask] = input.split('/');
const maskNum = parseInt(mask);
const ipParts = ip.split('.').map(part => parseInt(part));
const binaryIP = ipParts.map(part => part.toString(2).padStart(8, '0')).join('');
for (let i = maskNum; i < 32; i++) {
if (binaryIP[i] === '1') {
const binaryNetworkPart = binaryIP.substring(0, maskNum).padEnd(32, '0');
const networkIPParts = [];
for (let j = 0; j < 4; j++) {
const octet = binaryNetworkPart.substring(j * 8, (j + 1) * 8);
networkIPParts.push(parseInt(octet, 2));
}
const suggestedIP = networkIPParts.join('.');
return { valid: false, suggestion: `${suggestedIP}/${mask}` };
}
}
return { valid: true, suggestion: null };
},
resetForm(formName) {
this.$refs[formName].resetFields();
},
@@ -579,6 +777,18 @@ export default {
closeDialog() {
this.user_edit_dialog = false;
this.activeTab = "general";
},
convertBandwidth(bandwidth, fromUnit, toUnit) {
const units = {
bps: 1,
Kbps: 1000,
Mbps: 1000000,
Gbps: 1000000000,
BYTE: 8,
};
const result = bandwidth * units[fromUnit] / units[toUnit];
const fixedResult = result.toFixed(2);
return parseFloat(fixedResult);
}
},
}
@@ -598,4 +808,20 @@ export default {
.el-select {
width: 80px;
}
::v-deep .valgin-dialog{
display: flex;
flex-direction: column;
margin:0 !important;
position:absolute;
top:50%;
left:50%;
transform:translate(-50%,-50%);
max-height:calc(100% - 30px);
max-width:calc(100% - 30px);
}
::v-deep .valgin-dialog .el-dialog__body{
flex:1;
overflow: auto;
}
</style>

488
web/src/pages/set/Other.vue
View File

@@ -2,7 +2,13 @@
<el-card>
<el-tabs v-model="activeName" @tab-click="handleClick">
<el-tab-pane label="邮件配置" name="dataSmtp">
<el-form :model="dataSmtp" ref="dataSmtp" :rules="rules" label-width="100px" class="tab-one">
<el-form
:model="dataSmtp"
ref="dataSmtp"
:rules="rules"
label-width="100px"
class="tab-one"
>
<el-form-item label="服务器地址" prop="host">
<el-input v-model="dataSmtp.host"></el-input>
</el-form-item>
@@ -13,7 +19,11 @@
<el-input v-model="dataSmtp.username"></el-input>
</el-form-item>
<el-form-item label="密码" prop="password">
<el-input type="password" v-model="dataSmtp.password" placeholder="密码为空则不修改"></el-input>
<el-input
type="password"
v-model="dataSmtp.password"
placeholder="密码为空则不修改"
></el-input>
</el-form-item>
<el-form-item label="加密类型" prop="encryption">
<el-radio-group v-model="dataSmtp.encryption">
@@ -26,21 +36,49 @@
<el-input v-model="dataSmtp.from"></el-input>
</el-form-item>
<el-form-item>
<el-button type="primary" @click="submitForm('dataSmtp')">保存</el-button>
<el-button type="primary" @click="submitForm('dataSmtp')"
>保存</el-button
>
<el-button @click="resetForm('dataSmtp')">重置</el-button>
</el-form-item>
</el-form>
</el-tab-pane>
<el-tab-pane label="审计日志" name="dataAuditLog">
<el-form :model="dataAuditLog" ref="dataAuditLog" :rules="rules" label-width="100px" class="tab-one">
<el-form
:model="dataAuditLog"
ref="dataAuditLog"
:rules="rules"
label-width="100px"
class="tab-one"
>
<el-form-item label="审计去重间隔" prop="audit_interval">
<el-input-number v-model="dataAuditLog.audit_interval" :min="-1" size="small" label="秒" :disabled="true"></el-input-number>
<p class="input_tip">请手动修改配置文件中的 audit_interval 参数后再重启服务, <strong style="color:#EA3323;">-1 代表关闭审计日志</strong></p>
<el-input-number
v-model="dataAuditLog.audit_interval"
:min="-1"
size="small"
label="秒"
:disabled="true"
></el-input-number>
<p class="input_tip">
请手动修改配置文件中的 audit_interval 参数后再重启服务,
<strong style="color: #ea3323">-1 代表关闭审计日志</strong>
</p>
</el-form-item>
<el-form-item label="存储时长" prop="life_day">
<el-input-number v-model="dataAuditLog.life_day" :min="0" :max="365" size="small" label="天数"></el-input-number>
<p class="input_tip">范围: 0 ~ 365 , <strong style="color:#EA3323;">0 代表永久保存</strong></p>
<el-input-number
v-model="dataAuditLog.life_day"
:min="0"
:max="365"
size="small"
label="天数"
></el-input-number>
<p class="input_tip">
范围: 0 ~ 365 ,
<strong style="color: #ea3323">0 代表永久保存</strong>
</p>
</el-form-item>
<el-form-item label="清理时间" prop="clear_time">
<el-time-select
@@ -48,27 +86,152 @@
:picker-options="{
start: '00:00',
step: '01:00',
end: '23:00'
end: '23:00',
}"
editable=false,
editable="false,"
size="small"
placeholder="请选择"
style="width:130px;">
style="width: 130px"
>
</el-time-select>
</el-form-item>
<el-form-item>
<el-button type="primary" @click="submitForm('dataAuditLog')">保存</el-button>
<el-button type="primary" @click="submitForm('dataAuditLog')"
>保存</el-button
>
<el-button @click="resetForm('dataAuditLog')">重置</el-button>
</el-form-item>
</el-form>
</el-tab-pane>
<el-tab-pane label="证书设置" name="datacertManage">
<el-tabs
tab-position="left"
v-model="datacertManage"
@tab-click="handleClick"
>
<el-tab-pane label="自定义证书" name="customCert">
<el-form
ref="customCert"
:model="customCert"
label-width="100px"
size="small"
class="tab-one"
>
<el-form-item>
<el-upload
class="uploadCert"
:before-upload="beforeCertUpload"
:action="certUpload"
:limit="1"
>
<el-button size="mini" icon="el-icon-plus" slot="trigger"
>证书文件</el-button
>
<el-tooltip
class="item"
effect="dark"
content="请上传 .pem 格式的 cert 文件"
placement="top"
>
<i class="el-icon-info"></i>
</el-tooltip>
</el-upload>
</el-form-item>
<el-form-item>
<el-upload
class="uploadCert"
:before-upload="beforeKeyUpload"
:action="certUpload"
:limit="1"
>
<el-button size="mini" icon="el-icon-plus" slot="trigger"
>私钥文件</el-button
>
<el-tooltip
class="item"
effect="dark"
content="请上传 .pem 格式的 key 文件"
placement="top"
>
<i class="el-icon-info"></i>
</el-tooltip>
</el-upload>
</el-form-item>
<el-form-item>
<el-button
size="small"
icon="el-icon-upload"
type="primary"
@click="submitForm('customCert')"
>上传</el-button
>
</el-form-item>
</el-form>
</el-tab-pane>
<el-tab-pane label="Let's Encrypt证书" name="letsCert">
<el-form
:model="letsCert"
ref="letsCert"
:rules="rules"
label-width="120px"
size="small"
class="tab-one"
>
<el-form-item label="域名" prop="domain">
<el-input v-model="letsCert.domain"></el-input>
</el-form-item>
<el-form-item label="邮箱" prop="legomail">
<el-input v-model="letsCert.legomail"></el-input>
</el-form-item>
<el-form-item label="域名服务商" prop="name">
<el-radio-group v-model="letsCert.name">
<el-radio label="aliyun">阿里云</el-radio>
<el-radio label="txcloud">腾讯云</el-radio>
<el-radio label="cfcloud">cloudflare</el-radio>
</el-radio-group>
</el-form-item>
<el-form-item
v-for="component in dnsProvider[letsCert.name]"
:key="component.prop"
:label="component.label"
:rules="component.rules"
>
<component
:is="component.component"
:type="component.type"
v-model="letsCert[letsCert.name][component.prop]"
></component>
</el-form-item>
<el-form-item>
<el-switch
style="display: block"
v-model="letsCert.renew"
active-color="#13ce66"
inactive-color="#ff4949"
inactive-text="自动续期"
>
</el-switch>
</el-form-item>
<el-form-item>
<el-button type="primary" @click="submitForm('letsCert')"
>申请</el-button
>
<el-button @click="resetForm('letsCert')">重置</el-button>
</el-form-item>
</el-form>
</el-tab-pane>
</el-tabs>
</el-tab-pane>
<el-tab-pane label="其他设置" name="dataOther">
<el-form :model="dataOther" ref="dataOther" :rules="rules" label-width="100px" class="tab-one">
<el-form
:model="dataOther"
ref="dataOther"
:rules="rules"
label-width="100px"
class="tab-one"
>
<el-form-item label="vpn对外地址" prop="link_addr">
<el-input
placeholder="请输入内容"
v-model="dataOther.link_addr">
<el-input placeholder="请输入内容" v-model="dataOther.link_addr">
</el-input>
</el-form-item>
@@ -77,17 +240,22 @@
type="textarea"
:rows="5"
placeholder="请输入内容"
v-model="dataOther.banner">
v-model="dataOther.banner"
>
</el-input>
</el-form-item>
<el-form-item label="自定义首页" prop="homeindex">
<el-input
type="textarea"
:rows="5"
:rows="10"
placeholder="请输入内容"
v-model="dataOther.homeindex">
v-model="dataOther.homeindex"
>
</el-input>
<el-tooltip content="自定义内容可以参考 home 目录下的文件" placement="top">
<i class="el-icon-question"></i>
</el-tooltip>
</el-form-item>
<el-form-item label="账户开通邮件" prop="account_mail">
@@ -95,7 +263,8 @@
type="textarea"
:rows="10"
placeholder="请输入内容"
v-model="dataOther.account_mail">
v-model="dataOther.account_mail"
>
</el-input>
</el-form-item>
@@ -103,17 +272,19 @@
<iframe
width="500px"
height="300px"
:srcdoc="dataOther.account_mail">
:srcdoc="dataOther.account_mail"
>
</iframe>
</el-form-item>
<el-form-item>
<el-button type="primary" @click="submitForm('dataOther')">保存</el-button>
<el-button type="primary" @click="submitForm('dataOther')"
>保存</el-button
>
<el-button @click="resetForm('dataOther')">重置</el-button>
</el-form-item>
</el-form>
</el-tab-pane>
</el-tabs>
</el-card>
</template>
@@ -124,25 +295,123 @@ import axios from "axios";
export default {
name: "Other",
created() {
this.$emit('update:route_path', this.$route.path)
this.$emit('update:route_name', ['基础信息', '其他设置'])
this.$emit("update:route_path", this.$route.path);
this.$emit("update:route_name", ["基础信息", "其他设置"]);
},
mounted() {
this.getSmtp()
this.getSmtp();
},
data() {
return {
activeName: 'dataSmtp',
activeName: "dataSmtp",
datacertManage: "customCert",
dataSmtp: {},
dataAuditLog: {},
letsCert: {
domain: ``,
legomail: ``,
name: "",
renew: "",
aliyun: {
apiKey: "",
secretKey: "",
},
txcloud: {
secretId: "",
secretKey: "",
},
cfcloud: {
authToken: "",
},
},
customCert: { cert: "", key: "" },
dataOther: {},
rules: {
host: {required: true, message: '请输入服务器地址', trigger: 'blur'},
host: { required: true, message: "请输入服务器地址", trigger: "blur" },
port: [
{required: true, message: '请输入服务器端口', trigger: 'blur'},
{type: 'number', message: '请输入正确的服务器端口', trigger: ['blur', 'change']}
{ required: true, message: "请输入服务器端口", trigger: "blur" },
{
type: "number",
message: "请输入正确的服务器端口",
trigger: ["blur", "change"],
},
],
issuer: { required: true, message: "请输入系统名称", trigger: "blur" },
domain: {
required: true,
message: "请输入需要申请证书的域名",
trigger: "blur",
},
legomail: {
required: true,
message: "请输入申请证书的邮箱地址",
trigger: "blur",
},
name: { required: true, message: "请选择域名服务商", trigger: "blur" },
},
certUpload: "/set/other/customcert",
dnsProvider: {
aliyun: [
{
label: "APIKey",
prop: "apiKey",
component: "el-input",
type: "password",
rules: {
required: true,
message: "请输入正确的APIKey",
trigger: "blur",
},
},
{
label: "SecretKey",
prop: "secretKey",
component: "el-input",
type: "password",
rules: {
required: true,
message: "请输入正确的SecretKey",
trigger: "blur",
},
},
],
txcloud: [
{
label: "SecretID",
prop: "secretId",
component: "el-input",
type: "password",
rules: {
required: true,
message: "请输入正确的APIKey",
trigger: "blur",
},
},
{
label: "SecretKey",
prop: "secretKey",
component: "el-input",
type: "password",
rules: {
required: true,
message: "请输入正确的APIKey",
trigger: "blur",
},
},
],
cfcloud: [
{
label: "AuthToken",
prop: "authToken",
component: "el-input",
type: "password",
rules: {
required: true,
message: "请输入正确的AuthToken",
trigger: "blur",
},
},
],
issuer: {required: true, message: '请输入系统名称', trigger: 'blur'},
},
};
},
@@ -151,108 +420,184 @@ export default {
window.console.log(tab.name, event);
switch (tab.name) {
case "dataSmtp":
this.getSmtp()
break
this.getSmtp();
break;
case "dataAuditLog":
this.getAuditLog()
break
this.getAuditLog();
break;
case "letsCert":
this.getletsCert();
break;
case "dataOther":
this.getOther()
break
this.getOther();
break;
}
},
beforeCertUpload(file) {
// if (file.type !== 'application/x-pem-file') {
// this.$message.error('只能上传 .pem 格式的证书文件')
// return false
// }
this.customCert.cert = file;
},
beforeKeyUpload(file) {
// if (file.type !== 'application/x-pem-file') {
// this.$message.error('只能上传 .pem 格式的私钥文件')
// return false
// }
this.customCert.key = file;
},
getSmtp() {
axios.get('/set/other/smtp').then(resp => {
let rdata = resp.data
console.log(rdata)
axios
.get("/set/other/smtp")
.then((resp) => {
let rdata = resp.data;
console.log(rdata);
if (rdata.code !== 0) {
this.$message.error(rdata.msg);
return;
}
this.dataSmtp = rdata.data
}).catch(error => {
this.$message.error('哦,请求出错');
this.dataSmtp = rdata.data;
})
.catch((error) => {
this.$message.error("哦,请求出错");
console.log(error);
});
},
getAuditLog() {
axios.get('/set/other/audit_log').then(resp => {
let rdata = resp.data
console.log(rdata)
axios
.get("/set/other/audit_log")
.then((resp) => {
let rdata = resp.data;
console.log(rdata);
if (rdata.code !== 0) {
this.$message.error(rdata.msg);
return;
}
this.dataAuditLog = rdata.data
}).catch(error => {
this.$message.error('哦,请求出错');
this.dataAuditLog = rdata.data;
})
.catch((error) => {
this.$message.error("哦,请求出错");
console.log(error);
});
},
getletsCert() {
axios
.get("/set/other/getcertset")
.then((resp) => {
let rdata = resp.data;
console.log(rdata);
if (rdata.code !== 0) {
this.$message.error(rdata.msg);
return;
}
this.letsCert = Object.assign({}, this.letsCert, rdata.data);
})
.catch((error) => {
this.$message.error("哦,请求出错");
console.log(error);
});
},
getOther() {
axios.get('/set/other').then(resp => {
let rdata = resp.data
console.log(rdata)
axios
.get("/set/other")
.then((resp) => {
let rdata = resp.data;
console.log(rdata);
if (rdata.code !== 0) {
this.$message.error(rdata.msg);
return;
}
this.dataOther = rdata.data
}).catch(error => {
this.$message.error('哦,请求出错');
this.dataOther = rdata.data;
})
.catch((error) => {
this.$message.error("哦,请求出错");
console.log(error);
});
},
submitForm(formName) {
this.$refs[formName].validate((valid) => {
if (!valid) {
alert('error submit!');
alert("error submit!");
}
switch (formName) {
case "dataSmtp":
axios.post('/set/other/smtp/edit', this.dataSmtp).then(resp => {
var rdata = resp.data
axios.post("/set/other/smtp/edit", this.dataSmtp).then((resp) => {
var rdata = resp.data;
console.log(rdata);
if (rdata.code === 0) {
this.$message.success(rdata.msg);
} else {
this.$message.error(rdata.msg);
}
})
});
break;
case "dataAuditLog":
axios.post('/set/other/audit_log/edit', this.dataAuditLog).then(resp => {
var rdata = resp.data
axios
.post("/set/other/audit_log/edit", this.dataAuditLog)
.then((resp) => {
var rdata = resp.data;
console.log(rdata);
if (rdata.code === 0) {
this.$message.success(rdata.msg);
} else {
this.$message.error(rdata.msg);
}
})
});
break;
case "letsCert":
var loading = this.$loading({
lock: true,
text: "证书申请中...",
spinner: "el-icon-loading",
background: "rgba(0, 0, 0, 0.7)",
});
axios.post("/set/other/createcert", this.letsCert).then((resp) => {
var rdata = resp.data;
console.log(rdata);
if (rdata.code === 0) {
loading.close();
this.$message.success(rdata.msg);
} else {
loading.close();
this.$message.error(rdata.msg);
}
});
break;
case "customCert":
var formData = new FormData();
formData.append("cert", this.customCert.cert);
formData.append("key", this.customCert.key);
axios.post(this.certUpload, formData).then((resp) => {
var rdata = resp.data;
console.log(rdata);
if (rdata.code === 0) {
this.$message.success(rdata.msg);
} else {
this.$message.error(rdata.msg);
}
});
break;
case "dataOther":
axios.post('/set/other/edit', this.dataOther).then(resp => {
var rdata = resp.data
axios.post("/set/other/edit", this.dataOther).then((resp) => {
var rdata = resp.data;
console.log(rdata);
if (rdata.code === 0) {
this.$message.success(rdata.msg);
} else {
this.$message.error(rdata.msg);
}
})
});
break;
}
});
},
resetForm(formName) {
this.$refs[formName].resetFields();
}
},
}
},
};
</script>
<style scoped>
@@ -262,7 +607,6 @@ export default {
.input_tip {
line-height: 1.428;
margin:2px 0 0 0;
margin: 2px 0 0 0;
}
</style>

10
web/src/pages/user/IpMap.vue
View File

@@ -11,6 +11,14 @@
@click="handleEdit('')">添加
</el-button>
</el-form-item>
<!--
<el-form-item>
<el-alert
title="直接操作数据库增删改数据后请重启anylink服务"
type="warning">
</el-alert>
</el-form-item>
-->
</el-form>
<el-table
@@ -160,7 +168,7 @@ import axios from "axios";
export default {
name: "IpMap",
components: {},
mixins:[],
mixins: [],
created() {
this.$emit('update:route_path', this.$route.path)
this.$emit('update:route_name', ['用户信息', 'IP映射'])

11
web/src/pages/user/List.vue
View File

@@ -23,13 +23,16 @@
</el-upload>
<el-dropdown-menu slot="dropdown">
<el-dropdown-item>
<el-link style="font-size:12px;" type="success" href="批量添加用户模版.xlsx"><i class="el-icon-download"></i>下载模版</el-link>
<el-link style="font-size:12px;" type="success" href="批量添加用户模版.xlsx"><i
class="el-icon-download"></i>下载模版
</el-link>
</el-dropdown-item>
</el-dropdown-menu>
</el-dropdown>
</el-form-item>
<el-form-item label="用户名:">
<el-input size="small" v-model="searchData" placeholder="请输入内容" @keydown.enter.native="searchEnterFun"></el-input>
<el-form-item label="用户名或姓名或邮箱:">
<el-input size="small" v-model="searchData" placeholder="请输入内容"
@keydown.enter.native="searchEnterFun"></el-input>
</el-form-item>
<el-form-item>
@@ -105,7 +108,7 @@
<template slot-scope="scope">
<el-tag v-if="scope.row.status === 1" type="success">可用</el-tag>
<el-tag v-if="scope.row.status === 0" type="danger">停用</el-tag>
<el-tag v-if="scope.row.status === 2" >过期</el-tag>
<el-tag v-if="scope.row.status === 2">过期</el-tag>
</template>
</el-table-column>

7
web/yarn.lock
View File

@@ -6759,6 +6759,13 @@ qs@6.9.7:
resolved "https://registry.yarnpkg.com/qs/-/qs-6.9.7.tgz#4610846871485e1e048f44ae3b94033f0e675afe"
integrity sha512-IhMFgUmuNpyRfxA90umL7ByLlgRXu6tIfKPpF5TmcfRLlLCckfP/g3IQmju6jjpu+Hh8rA+2p6A27ZSPOOHdKw==
qs@^6.11.1:
version "6.11.1"
resolved "https://registry.npmmirror.com/qs/-/qs-6.11.1.tgz#6c29dff97f0c0060765911ba65cbc9764186109f"
integrity sha512-0wsrzgTz/kAVIeuxSjnpGC56rzYtr6JT/2BwEvMaPhFIoYa1aGO8LbzuU1R0uUYQkLpWBTOj0l/CLAJB64J6nQ==
dependencies:
side-channel "^1.0.4"
qs@~6.5.2:
version "6.5.3"
resolved "https://registry.yarnpkg.com/qs/-/qs-6.5.3.tgz#3aeeffc91967ef6e35c0e488ef46fb296ab76aad"

4
yarn.lock Normal file
View File

@@ -0,0 +1,4 @@
# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1