7x31/anylink
1
0
Fork 0
mirror of https://github.com/bjdgyc/anylink.git synced 2025-09-28 07:59:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: 7x31:v0.9.2-beta2
Branches Tags
7x31:main
7x31:v0.13.1 7x31:v0.12.2 7x31:v0.12.1 7x31:v0.11.4 7x31:v0.11.3 7x31:v0.11.2 7x31:v0.11.1 7x31:v0.10.1 7x31:v0.9.4 7x31:v0.9.3 7x31:v0.9.2-beta2 7x31:v0.9.2-beta1 7x31:v0.9.1-beta1 7x31:v0.8.1 7x31:v0.7.4 7x31:v0.7.3 7x31:v0.7.2 7x31:v0.7.1 7x31:v0.6.2 7x31:v0.6.1 7x31:v0.5.1 7x31:v0.4.2 7x31:v0.4.1 7x31:v0.3.3 7x31:v0.3.1 7x31:v0.2.1 7x31:v0.1.8 7x31:v0.1.7 7x31:v0.1.6 7x31:v0.1.0 7x31:v0.0.8 7x31:v0.0.6
...
compare: 7x31:v0.10.1
Branches Tags
7x31:main
7x31:v0.13.1 7x31:v0.12.2 7x31:v0.12.1 7x31:v0.11.4 7x31:v0.11.3 7x31:v0.11.2 7x31:v0.11.1 7x31:v0.10.1 7x31:v0.9.4 7x31:v0.9.3 7x31:v0.9.2-beta2 7x31:v0.9.2-beta1 7x31:v0.9.1-beta1 7x31:v0.8.1 7x31:v0.7.4 7x31:v0.7.3 7x31:v0.7.2 7x31:v0.7.1 7x31:v0.6.2 7x31:v0.6.1 7x31:v0.5.1 7x31:v0.4.2 7x31:v0.4.1 7x31:v0.3.3 7x31:v0.3.1 7x31:v0.2.1 7x31:v0.1.8 7x31:v0.1.7 7x31:v0.1.6 7x31:v0.1.0 7x31:v0.0.8 7x31:v0.0.6

116 Commits
v0.9.2-bet ... v0.10.1

Author SHA1 Message Date
bjdgyc
edc7a4a4a3 Merge pull request #283 from bjdgyc/dev 
修复容器频繁重启的问题
 2023-12-26 12:13:03 +08:00
bjdgy
17492d8172 修复容器频繁重启的问题 2023-12-26 11:24:01 +08:00
bjdgyc
65de1a58cf Merge pull request #282 from bjdgyc/dev 
添加问题信息
 2023-12-25 15:39:43 +08:00
bjdgyc
dfb25718f7 添加问题信息 2023-12-25 15:38:59 +08:00
bjdgyc
3deda4d77f Merge pull request #281 from bjdgyc/dev 
合并新版
 2023-12-25 14:56:58 +08:00
bjdgyc
2af524f87b Merge pull request #274 from aiminickwong/main 
解决电信DNS Let's Encrypt证书刷新缓慢问题
 2023-12-25 14:55:14 +08:00
bjdgyc
1b6abeb849 修复 modprobe 报错 2023-12-25 14:47:30 +08:00
bjdgyc
e3b303744b 修复 modprobe 报错 2023-12-25 14:34:21 +08:00
bjdgyc
d3f16eb2ad 修复 modprobe 报错 2023-12-25 14:31:35 +08:00
bjdgyc
64404ea94b 修改readme 2023-12-13 16:50:35 +08:00
bjdgyc
ededfddff4 Merge pull request #278 from lanrenwo/group_ip_list 
新增路由设置的编辑模式
 2023-12-04 18:38:17 +08:00
lanrenwo
8a3d34b737 优化isValidCIDR函数,解决部分格式检测有误,并给予建议提示。 2023-12-04 18:32:09 +08:00
lanrenwo
7c040e2a0f 过滤文本框内的空行 2023-12-04 13:44:06 +08:00
lanrenwo
3d03f6adb8 解决大量路由导致弹窗卡顿的问题(当点击“路由设置”时,才加载路由) 2023-12-04 13:08:37 +08:00
lanrenwo
5d24eda7fc 不限制路由的数量,并检测CIDR格式的正确性 2023-12-03 22:09:46 +08:00
lanrenwo
ea92857524 新增路由设置的编辑模式 2023-12-02 15:38:18 +08:00
bjdgyc
b521dddb98 Merge pull request #276 from lanrenwo/banner_special_chars 
优化处理Banner特殊字符的代码
 2023-11-27 10:18:31 +08:00
lanrenwo
2bd94aef2b 优化处理Banner特殊字符的代码 2023-11-20 12:24:44 +08:00
bjdgyc
3879c3a4bc 修复Banner特殊字符 2023-11-15 11:57:12 +08:00
bjdgyc
aa2b89855f 添加 DTLS12-CipherSuite 筛选 2023-11-09 10:52:10 +08:00
bjdgyc
9e1969e3d0 添加 DTLS12-CipherSuite 筛选 2023-11-08 18:07:32 +08:00
bjdgyc
5b1d86282a fix 2023-11-06 16:51:32 +08:00
bjdgyc
bfc39fe4ea 默认显示错误信息 2023-11-02 15:54:59 +08:00
bjdgyc
9019a5f03a 添加网卡 alias 信息 2023-10-30 13:04:07 +08:00
bjdgyc
38d268e999 添加网卡 alias 信息 2023-10-30 11:46:53 +08:00
bjdgyc
57990d3d2a 添加网卡 alias 2023-10-30 11:38:31 +08:00
bjdgyc
6788a875a2 优化 2023-10-24 17:49:13 +08:00
bjdgyc
a9ad21b3b5 修改dtls加密套件 2023-10-17 16:30:45 +08:00
bjdgyc
43ca09e985 修改dtls加密套件 2023-10-17 16:01:31 +08:00
aiminick
b7da567cee 解决电信DNS Let's Encrypt证书刷新缓慢问题 
解决电信DNS Let's Encrypt证书刷新缓慢问题,改为阿里DNS后问题改善
 2023-10-17 00:54:49 +08:00
bjdgyc
6eea265b15 添加自定义首页 2023-10-11 17:21:26 +08:00
bjdgyc
06c8ee1197 添加自定义首页 2023-10-11 17:20:57 +08:00
bjdgyc
ebc7cc85c0 添加nginx stream示例 2023-10-11 16:00:53 +08:00
bjdgyc
012f636cf7 修改 profile.xml 2023-10-11 10:19:23 +08:00
bjdgyc
4f9cc2074a Merge remote-tracking branch 'origin/dev' into dev 2023-09-22 16:19:10 +08:00
bjdgyc
bbc5877eb9 修复header 2023-09-22 16:18:38 +08:00
bjdgyc
c6b85c7d66 Merge pull request #270 from lanrenwo/dev 
修复logAudit的panic
 2023-09-12 08:40:50 +08:00
lanrenwo
8e843d5eae Update payload_access_audit.go 2023-09-08 21:01:03 +08:00
lanrenwo
7b9be9377f 修复logAudit的panic 2023-09-08 20:33:30 +08:00
bjdgyc
f03264faf3 Merge pull request #268 from shikaiguo/main 
修改邮件内容的参数
 2023-09-06 15:57:08 +08:00
bjdgyc
b19ff321ad Merge pull request #267 from lanrenwo/dev 
修复sniNewParser的panic
 2023-09-06 15:54:22 +08:00
lanrenwo
f6980261d4 logAudit引入recover, 防止主程序崩溃. 2023-09-03 11:18:52 +08:00
lanrenwo
7651b69ed6 删除sniNewParser多余的空格 2023-09-02 10:46:01 +08:00
lanrenwo
2af2d273e4 简化sniNewParser代码 2023-09-02 10:44:47 +08:00
K
ff54abc5d5 增加邮件内容的昵称参数 2023-09-01 22:49:07 +08:00
lanrenwo
a168c96a93 修复sniNewParser的panic 2023-09-01 18:10:20 +08:00
bjdgyc
6127c41aea 修复 panic 2023-09-01 17:55:15 +08:00
bjdgyc
da1d6c6c6d 添加安全的header头 2023-08-25 13:56:04 +08:00
bjdgyc
08de4fe086 添加安全的header头 2023-08-24 16:59:35 +08:00
bjdgyc
7714c2a3e8 debug信息 需要鉴权后显示 2023-08-24 14:27:12 +08:00
bjdgyc
78a8b06467 变更qq群 2023-08-17 16:27:12 +08:00
bjdgyc
28ffda2371 修复上传文件漏洞 2023-08-08 15:17:05 +08:00
bjdgyc
c23b120e90 更新 2023-08-08 15:01:15 +08:00
bjdgyc
287355de54 Merge pull request #260 from bjdgyc/dev 
Dev
 2023-08-04 17:52:26 +08:00
bjdgyc
01f90e5bb5 管理用户支持otp 2023-07-24 17:36:03 +08:00
bjdgyc
91a9190379 管理用户支持otp 2023-07-24 17:26:52 +08:00
bjdgyc
0a9fe8f96c Merge pull request #258 from bjdgyc/dev 
Dev
 2023-07-23 15:45:04 +08:00
bjdgy
254110ebff 修改readme 2023-07-23 15:07:14 +08:00
bjdgyc
9c706a7d0d 升级dtls 2023-07-20 11:14:14 +08:00
bjdgyc
d228e224cd 修改readme 2023-07-17 18:26:45 +08:00
bjdgyc
6e95ea5441 修改server信息 2023-07-14 17:25:43 +08:00
bjdgyc
ce61401304 Merge pull request #247 from bjdgyc/main 
pull main
 2023-06-14 16:47:22 +08:00
bjdgyc
d7d2696790 Merge pull request #246 from lanrenwo/bandwidth_to_mbps 
用户组列表-带宽限制的单位从BYTE修改为Mbps
 2023-06-14 16:43:17 +08:00
bjdgyc
9a6aaa87e5 Merge pull request #244 from xnow-me/main 
强制使用规范的网络路由地址
 2023-06-14 16:39:03 +08:00
lanrenwo
e31b5d83d4 用户组列表-带宽限制的单位从BYTE修改为Mbps 2023-06-14 14:30:18 +08:00
lihz
fc2920e140 强制使用规范的网络路由地址 2023-06-13 13:22:00 +08:00
bjdgyc
d36e2fe85a 修改参数比较 2023-06-08 17:09:19 +08:00
bjdgyc
14efb14a9a 修改配置文件报错,停止程序 2023-05-30 15:52:20 +08:00
bjdgyc
92de727db8 Merge pull request #240 from wsczx/dev 
修复腾讯云因DNS解析生效时间导致无法成功申请证书的bug
 2023-05-15 09:45:40 +08:00
wsczx
c63e4f33d5 申请证书前端添加等待效果,避免无法及时获取后端结果 2023-05-04 23:32:16 +08:00
wsczx
60095fbc9b 优化验证DNS超时时间和轮训间隔,避免申请证书失败 2023-05-04 22:24:53 +08:00
wsczx
fe9b84ce98 修改cf使用authToken的方式申请证书,修复因前后端cf名称不一致导致的指针错误 2023-05-04 19:08:40 +08:00
wsczx
fd5ec7f86a 修复腾讯云因DNS解析生效时间导致无法成功申请证书的bug 2023-05-02 00:38:17 +08:00
bjdgyc
50bc864fdd 添加版本显示 2023-04-26 21:14:40 +08:00
bjdgyc
a9e798f203 修改版本打印 2023-04-26 21:05:18 +08:00
bjdgyc
165d4ef8a0 修改捐赠列表 2023-04-26 20:47:24 +08:00
bjdgyc
65c24c4e27 Merge pull request #237 from bjdgyc/dev 
Dev
 2023-04-26 20:39:36 +08:00
bjdgyc
b81bc5c283 修复test报错 2023-04-25 21:48:54 +08:00
bjdgyc
b52b8598df 修复test报错 2023-04-25 15:49:56 +08:00
bjdgyc
22fda0f6a1 修改systemd文件 2023-04-23 10:49:02 +08:00
bjdgyc
fed9066f22 修改ip分配的错误 2023-04-21 18:27:49 +08:00
bjdgyc
91ce4752f3 兼容不支持SNI的情况 2023-04-21 15:57:12 +08:00
bjdgyc
c05ec9ab36 兼容不支持SNI的情况 2023-04-21 14:44:53 +08:00
bjdgyc
6ee80d32ea 修改证书设置 2023-04-21 11:39:51 +08:00
bjdgyc
cc5aff08ad 修改ip pool策略 2023-04-21 10:17:51 +08:00
bjdgyc
690b4460ad 修改ip pool策略 2023-04-20 21:07:02 +08:00
bjdgyc
9dff39d299 Merge pull request #235 from wsczx/dev 
修复直接升级anylink无法创建证书数据库信息,导致无法申请证书的BUG
 2023-04-20 12:40:00 +08:00
bjdgyc
638c601c02 修改ip pool策略 2023-04-19 18:12:50 +08:00
wsczx
c2129af104 修复升级anylink无法创建证书数据库信息,导致无法申请证书的BUG 2023-04-19 15:37:55 +08:00
bjdgyc
bc9248e16b 添加allow_lan 提示 2023-04-19 15:24:41 +08:00
bjdgyc
8028b73d81 Merge branch 'main' into dev 2023-04-18 18:11:38 +08:00
bjdgyc
214311e80c 修改版本 2023-04-18 18:11:08 +08:00
bjdgyc
43de8148a0 添加pnpm支持 2023-04-18 16:52:14 +08:00
bjdgyc
150fff328f Merge pull request #233 from denymz/sni 
feat:根据SNI返回SSL证书
 2023-04-18 10:16:15 +08:00
deny
609a893feb feat:根据SNI返回SSL证书 2023-04-17 11:07:39 +00:00
bjdgyc
9cb8c97af9 Merge pull request #229 from DimitriPapadopoulos/codespell 
Fix typos found by codespell
 2023-04-17 10:13:12 +08:00
bjdgyc
8798de0d6d Merge pull request #226 from wsczx/dev 
增加证书相关功能
 2023-04-17 10:12:37 +08:00
Dimitri Papadopoulos
26d20c0b40 Fix typos found by codespell 2023-04-11 17:42:30 +02:00
wsczx
19e99b7648 修复检查证书文件是否存在失败的bug 2023-04-07 23:59:44 +08:00
wsczx
5dc8114167 更新go mod文件 2023-04-06 14:51:25 +08:00
wsczx
4b83bd7ccf 修改Let's Encrypt注册地址为生产模式 2023-04-06 14:16:36 +08:00
wsczx
bc7c61c337 优化代码 2023-04-06 12:29:21 +08:00
wsczx
b3e7212b03 增加校验证书合法性,不合法或不存在则创建一个自签名证书,保证服务正常启动 2023-04-05 02:00:57 +08:00
wsczx
748adadd1e 保存Lego注册信息,避免重复注册导致失败 
优化动态加载TLS证书性能
 2023-04-04 22:35:40 +08:00
bjdgyc
c646f79ef8 添加问题说明 2023-04-04 15:33:25 +08:00
wsczx
061f6f222b Let's Encrypt添加Cloudflare接口,优化DNS服务商信息的存储方式和前端显示 2023-04-02 00:43:17 +08:00
wsczx
9bac773961 * 新增支持自定义上传证书功能 
* 新增支持申请和自动续期Let's Encrypt证书(暂只支持阿里云和腾讯云)功能
* 新增支持动态加载证书(更换证书不需重启)功能
 2023-03-31 20:34:29 +08:00
bjdgyc
4d15fe286a Create FUNDING.yml 
add Sponsors
 2023-02-27 14:42:46 +08:00
bjdgyc
df52087473 Merge pull request #219 from lanrenwo/add_lzs_compress 
新增压缩功能-LZS算法
 2023-02-16 16:01:19 +08:00
lanrenwo
9533ecd6c5 优化压缩的代码 2023-02-16 14:35:55 +08:00
bjdgyc
8608c6acee Merge pull request #216 from lanrenwo/add_auth_test_login 
新增后台测试登录的功能
 2023-02-06 11:39:12 +08:00
lanrenwo
768e137ff9 新增压缩功能-LZS算法 2023-01-17 12:09:04 +08:00
lanrenwo
ef314c891b 让测试用户登录框垂直居中 2023-01-17 10:34:45 +08:00
lanrenwo
4d9919d43c 优化前端监控图表的报错逻辑 2023-01-13 18:02:13 +08:00
lanrenwo
262ad49df6 增加object_class的处理逻辑 2023-01-13 15:00:14 +08:00
lanrenwo
6cfa92944c 新增后台测试登录的功能 2023-01-13 14:14:47 +08:00
69 changed files with 2899 additions and 806 deletions
Expand all files Collapse all files

13
.github/FUNDING.yml vendored Normal file
View File

@@ -0,0 +1,13 @@
# These are supported funding model platforms
github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
patreon: # Replace with a single Patreon username
open_collective: # Replace with a single Open Collective username
ko_fi: # Replace with a single Ko-fi username
tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
liberapay: # Replace with a single Liberapay username
issuehunt: # Replace with a single IssueHunt username
otechie: # Replace with a single Otechie username
lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
custom: ['https://github.com/bjdgyc/anylink/blob/main/doc/README.md'] # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']

38
README.md
View File

@@ -24,7 +24,8 @@ AnyLink 基于 [ietf-openconnect](https://tools.ietf.org/html/draft-mavrogiannop
AnyLink 使用 TLS/DTLS 进行数据加密,因此需要 RSA 或 ECC 证书,可以通过 Let's Encrypt 和 TrustAsia 申请免费的 SSL 证书。
AnyLink 服务端仅在 CentOS 7、CentOS 8、Ubuntu 18.04、Ubuntu 20.04 测试通过,如需要安装在其他系统,需要服务端支持 tun/tap 功能、ip 设置命令。
AnyLink 服务端仅在 CentOS 7、CentOS 8、Ubuntu 18.04、Ubuntu 20.04 测试通过,如需要安装在其他系统,需要服务端支持 tun/tap
功能、ip 设置命令。
## Screenshot
@@ -52,17 +53,27 @@ AnyLink 服务端仅在 CentOS 7、CentOS 8、Ubuntu 18.04、Ubuntu 20.04 测试
>
> 对于线上环境,必须申请安全的 https 证书,不支持私有证书连接
>
> 服务端安装 yum install iproute 或者 apt-get install iproute2
>
> 客户端请使用群共享文件的版本,其他版本没有测试过,不保证使用正常
>
> 其他问题 [前往查看](doc/question.md)
>
> 首次使用,请在浏览器访问 https://域名:443浏览器提示安全后在客户端输入 【域名:443】 即可
### 自行编译安装
> 需要提前安装好 golang >= 1.18 和 nodejs >= 14.x 和 yarn >= v1.22.x
> 需要提前安装好 golang >= 1.19 和 nodejs >= 16.x 和 yarn >= v1.22.x
```shell
git clone https://github.com/bjdgyc/anylink.git
# 编译参考软件版本
# go 1.20.12
# node v16.20.2
# yarn 1.22.19
cd anylink
sh build.sh
@@ -119,7 +130,7 @@ sudo ./anylink
> 数据库配置示例
| db_type | db_source |
| -------- | ------------------------------------------------------ |
|----------|--------------------------------------------------------|
| sqlite3 | ./conf/anylink.db |
| mysql | user:password@tcp(127.0.0.1:3306)/anylink?charset=utf8 |
| postgres | user:password@localhost/anylink?sslmode=verify-full |
@@ -132,9 +143,11 @@ sudo ./anylink
> 以下参数必须设置其中之一
网络模式选择,需要配置 `link_mode` 参数,如 `link_mode="tun"`,`link_mode="macvtap"`,`link_mode="tap"(不推荐)` 等参数。 不同的参数需要对服务器做相应的设置。
网络模式选择,需要配置 `link_mode` 参数,如 `link_mode="tun"`,`link_mode="macvtap"`,`link_mode="tap"(不推荐)` 等参数。
不同的参数需要对服务器做相应的设置。
建议优先选择 tun 模式,其次选择 macvtap 模式,因客户端传输的是 IP 层数据,无须进行数据转换。 tap 模式是在用户态做的链路层到 IP 层的数据互相转换,性能会有所下降。 如果需要在虚拟机内开启 tap
建议优先选择 tun 模式,其次选择 macvtap 模式,因客户端传输的是 IP 层数据,无须进行数据转换。 tap 模式是在用户态做的链路层到
IP 层的数据互相转换,性能会有所下降。 如果需要在虚拟机内开启 tap
模式,请确认虚拟机的网卡开启混杂模式。
### tun 设置
@@ -142,7 +155,7 @@ sudo ./anylink
1. 开启服务器转发
```shell
# flie: /etc/sysctl.conf
# file: /etc/sysctl.conf
net.ipv4.ip_forward = 1
#执行如下命令
@@ -188,7 +201,6 @@ https://cloud.tencent.com/document/product/216/62007
```
3. 使用 AnyConnect 客户端连接即可
### macvtap 设置
@@ -202,6 +214,9 @@ https://cloud.tencent.com/document/product/216/62007
# 首先关闭nat转发功能
iptables_nat = false
# master网卡需要打开混杂模式
ip link set dev eth0 promisc on
#内网主网卡名称
ipv4_master = "eth0"
#以下网段需要跟ipv4_master网卡设置成一样
@@ -211,7 +226,6 @@ ipv4_start = "10.1.2.100"
ipv4_end = "10.1.2.200"
```
## Systemd
1. 添加 anylink 程序
@@ -279,7 +293,7 @@ ipv4_end = "10.1.2.200"
-c=/etc/server.toml --ip_lease=1209600 # IP地址租约时长
```
7. 构建镜像
7. 构建镜像 (非必需)
```bash
#获取仓库源码
@@ -288,14 +302,15 @@ ipv4_end = "10.1.2.200"
docker build -t anylink -f docker/Dockerfile .
```
## 常见问题
请前往 [问题地址](doc/question.md) 查看具体信息
## Discussion
添加QQ群: 567510628
添加QQ群(1): 567510628
添加QQ群(2): 739072205
群共享文件有相关软件下载
@@ -305,7 +320,6 @@ ipv4_end = "10.1.2.200"
![contact_me_qr](doc/screenshot/contact_me_qr.png)
-->
## Contribution
欢迎提交 PR、Issues感谢为 AnyLink 做出贡献。

9
build.sh
View File

@@ -12,6 +12,9 @@ function RETVAL() {
#当前目录
cpath=$(pwd)
ver=`cat server/base/app_ver.go | grep APP_VER | awk '{print $3}' | sed 's/"//g'`
echo "当前版本 $ver"
echo "编译前端项目"
cd $cpath/web
#国内可替换源加快速度
@@ -20,9 +23,10 @@ cd $cpath/web
#npm install
#npm run build
yarn install
yarn install --registry=https://registry.npmmirror.com
yarn run build
RETVAL $?
echo "编译二进制文件"
@@ -32,7 +36,7 @@ cp -rf $cpath/web/ui .
#国内可替换源加快速度
export GOPROXY=https://goproxy.io
go mod tidy
go build -v -o anylink -ldflags "-X main.CommitId=$(git rev-parse HEAD)"
go build -v -o anylink -ldflags "-s -w -X main.CommitId=$(git rev-parse HEAD)"
RETVAL $?
cd $cpath
@@ -48,6 +52,7 @@ cp -r server/conf $deploy
cp -r systemd $deploy
cp -r LICENSE $deploy
cp -r home $deploy
tar zcvf ${deploy}.tar.gz $deploy

5
build_docker.sh
View File

@@ -6,10 +6,13 @@ echo $ver
#docker login -u bjdgyc
#docker build -t bjdgyc/anylink .
docker build -t bjdgyc/anylink -f docker/Dockerfile .
docker build -t bjdgyc/anylink --build-arg GitCommitId=$(git rev-parse HEAD) -f docker/Dockerfile .
docker tag bjdgyc/anylink:latest bjdgyc/anylink:$ver
exit 0
docker push bjdgyc/anylink:$ver
docker push bjdgyc/anylink:latest

17
doc/README.md
View File

@@ -10,10 +10,10 @@
> 感谢以下同学的打赏AnyLink 有你更美好!
>
> 需要展示主页的同学可以在QQ群(567510628) 直接联系我添加。
> 需要展示主页的同学可以在QQ群 直接联系我添加。
| 昵称 | 主页 |
|---------| ---------------------------- |
| 昵称 | 主页 / 留言 |
|-----------|------------------------------|
| 代码 oo8 | |
| 甘磊 | https://github.com/ganlei333 |
| Oo@ | https://github.com/chooop |
@@ -33,6 +33,17 @@
| 刘国华 | |
| 忧郁的豚骨拉面 | |
| 张小旋当爹地 | |
| 对方正在输入 | |
| Ronny | |
| 奔跑的少年 | |
| ZBW | |
| 悲鸣 | |
| 谢谢 | |
| 云思科技 | |
| 哆啦A伟(张佳伟) | 嘿嘿 |
| 人类的悲欢并不相通 | 开源不易,感谢分享 |
| 做人要低调 | |

79
doc/question.md
View File

@@ -1,34 +1,100 @@
# 常见问题
## 常见问题
### anyconnect 客户端问题
> 客户端请使用群共享文件的版本,其他版本没有测试过,不保证使用正常
>
> 添加QQ群: 567510628
### OTP 动态码
> 请使用手机安装 freeotp 然后扫描otp二维码生成的数字即是动态码
### 远程桌面连接
> 本软件已经支持远程桌面里面连接anyconnect。
### 私有证书问题
> anylink 默认不支持私有证书
>
> 其他使用私有证书的问题,请自行解决
### 客户端连接名称
> 客户端连接名称需要修改 [profile.xml](../server/conf/profile.xml) 文件
```xml
<HostEntry>
<HostName>VPN</HostName>
<HostAddress>localhost</HostAddress>
</HostEntry>
```
### dpd timeout 设置问题
```
```yaml
#客户端失效检测时间(秒) dpd > keepalive
cstp_keepalive = 20
cstp_dpd = 30
mobile_keepalive = 40
mobile_dpd = 50
cstp_keepalive = 4
cstp_dpd = 9
mobile_keepalive = 7
mobile_dpd = 15
```
> 以上dpd参数为客户端的超时检测时间, 如一段时间内,没有数据传输,防火墙会主动关闭连接
>
> 如经常出现 timeout 的错误信息应根据当前防火墙的设置适当减小dpd数值
### 反向代理问题
> anylink 仅支持四层反向代理,不支持七层反向代理
>
> 如Nginx请使用 stream模块
```conf
stream {
upstream anylink_server {
server 127.0.0.1:8443;
}
server {
listen 443 tcp;
proxy_timeout 30s;
proxy_pass anylink_server;
}
}
```
> nginx实现 共用443端口 示例
```conf
stream {
map $ssl_preread_server_name $name {
vpn.xx.com myvpn;
default defaultpage;
}
# upstream pool
upstream myvpn {
server 127.0.0.1:8443;
}
upstream defaultpage {
server 127.0.0.1:8080;
}
server {
listen 443 so_keepalive=on;
ssl_preread on;
#接收端也需要设置 proxy_protocol
#proxy_protocol on;
proxy_pass $name;
}
}
```
### 性能问题
```
内网环境测试数据
虚拟服务器: centos7 4C8G
@@ -37,6 +103,7 @@ anylink: tun模式 tcp传输
客户端网卡下载速度270Mb/s
服务端网卡上传速度280Mb/s
```
> 客户端tls加密协议、隧道header头都会占用一定带宽

37
docker/Dockerfile
View File

@@ -1,40 +1,49 @@
#node:16-bullseye
#golang:1.20-bullseye
#debian:bullseye-slim
#sed -i 's/deb.debian.org/mirrors.ustc.edu.cn/g' /etc/apt/sources.list
# web
FROM node:16.17.1-alpine3.15 as builder_node
FROM node:16-alpine3.18 as builder_node
WORKDIR /web
COPY ./web /web
RUN yarn install \
&& yarn run build \
&& ls /web/ui
# server
FROM golang:1.18-alpine as builder_golang
FROM golang:1.20-alpine3.18 as builder_golang
#TODO 本地打包时使用镜像
ENV GOPROXY=https://goproxy.io
ENV GOPROXY=https://goproxy.cn
ENV GOOS=linux
ARG GitCommitId="gitCommitId"
WORKDIR /anylink
COPY . /anylink
COPY --from=builder_node /web/ui /anylink/server/ui
COPY server /anylink
COPY --from=builder_node /web/ui /anylink/ui
#TODO 本地打包时使用镜像
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
RUN apk add --no-cache git gcc musl-dev
RUN cd /anylink/server;go mod tidy;go build -o anylink -ldflags "-X main.CommitId=$(git rev-parse HEAD)" \
&& /anylink/server/anylink tool -v
RUN apk add gcc musl-dev
RUN cd /anylink;go mod tidy;go build -o anylink -ldflags "-s -w -X main.CommitId=${GitCommitId}" \
&& /anylink/anylink tool -v
# anylink
FROM alpine
FROM alpine:3.18
LABEL maintainer="github.com/bjdgyc"
ENV IPV4_CIDR="192.168.10.0/24"
ENV ANYLINK_IN_CONTAINER=true
WORKDIR /app
COPY --from=builder_golang /anylink/server/anylink /app/
COPY --from=builder_golang /anylink/anylink /app/
COPY docker/docker_entrypoint.sh /app/
#COPY ./server/bridge-init.sh /app/
COPY ./server/bridge-init.sh /app/
COPY ./server/conf /app/conf
COPY ./LICENSE /app/LICENSE
COPY ./home /app/home
#TODO 本地打包时使用镜像
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories

2
docker/docker_entrypoint.sh
View File

@@ -14,7 +14,7 @@ case $var1 in
;;
*)
sysctl -w net.ipv4.ip_forward=1
#sysctl -w net.ipv4.ip_forward=1
#iptables -t nat -A POSTROUTING -s "${IPV4_CIDR}" -o eth0+ -j MASQUERADE
#iptables -nL -t nat

101
home/自定义首页1.html Normal file
View File

@@ -0,0 +1,101 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>AnyLink - 企业级远程办公 SSL VPN</title>
<style>
/* CSS样式表 */
body {
font-family: Arial, sans-serif;
margin: 0;
padding: 0;
}
header {
background-color: #333;
color: #fff;
padding: 20px;
text-align: center;
}
h1 {
margin: 0;
font-size: 32px;
}
main {
max-width: 960px;
margin: 20px auto;
padding: 0 20px;
margin-bottom: 100px;
}
p {
line-height: 1.5;
}
/* 设置页脚固定在底部,并且占满横向宽度 */
footer {
position: fixed;
bottom: 0;
left: 0;
width: 100%;
}
footer {
background-color: #f2f2f2;
padding: 20px;
text-align: center;
}
.cta-button {
display: inline-block;
background-color: #007bff;
color: #fff;
padding: 10px 20px;
text-decoration: none;
border-radius: 4px;
font-weight: bold;
margin-right: 10px;
}
</style>
</head>
<body>
<header>
<h1>欢迎使用 AnyLink</h1>
</header>
<main>
<h2>什么是 AnyLink</h2>
<p>AnyLink 是一款面向企业级的远程办公 SSL VPN 软件,支持多人同时在线使用。它提供安全、便捷的访问内部网络资源的方式,使远程工作者能够有效协作。</p>
<h2>核心功能</h2>
<ul>
<li>安全远程访问AnyLink 使用 SSL/TLS 加密技术,确保远程用户与企业网络之间的连接安全可靠。</li>
<li>多用户支持:多个用户可以同时连接 VPN实现不同地点团队的无缝协作。</li>
<li>灵活网络访问AnyLink 能够安全地让远程工作者访问内部资源,如文件、应用程序和数据库。</li>
<li>集中化管理:该 VPN 解决方案提供集中化管理控制台,便于用户管理、访问控制和监控。</li>
</ul>
<h2>开始使用 AnyLink</h2>
<p>体验 AnyLink 为您的企业远程办公需求所带来的便利和安全。</p>
<h2>下载客户端</h2>
<a href="/files/anyconnect-win-4.10.05111.msi" class="cta-button">Windows 客户端</a>
<a href="/files/anyconnect-macos-4.10.05111.dmg" class="cta-button">Mac 客户端</a>
<a href="https://apps.apple.com/cn/app/cisco-secure-client/id1135064690" class="cta-button">iOS 客户端</a>
<a href="/files/CiscoSecureClientAnyConnect_v5.0.00247.apk" class="cta-button">Android 客户端</a>
<a href="/files/freeotp.apk" class="cta-button">Android FreeOTP客户端</a>
<a href="https://apps.apple.com/cn/app/freeotp-authenticator/id872559395" class="cta-button">iOS FreeOTP客户端</a>
<h2>使用手册</h2>
<a href="/files/anylink_doc.pdf" class="cta-button">使用手册(Windows)</a>
</main>
<footer>
&copy; 2023 AnyLink. 保留所有权利。
</footer>
</body>
</html>

44
server/admin/api_base.go
View File

@@ -8,6 +8,7 @@ import (
"github.com/bjdgyc/anylink/base"
"github.com/bjdgyc/anylink/pkg/utils"
"github.com/gorilla/mux"
"github.com/xlzd/gotp"
)
// Login 登陆接口
@@ -20,10 +21,35 @@ func Login(w http.ResponseWriter, r *http.Request) {
adminUser := r.PostFormValue("admin_user")
adminPass := r.PostFormValue("admin_pass")
// 启用otp验证
if base.Cfg.AdminOtp != "" {
pwd := adminPass
pl := len(pwd)
if pl < 6 {
RespError(w, RespUserOrPassErr)
base.Error(adminUser, "管理员otp错误")
return
}
// 判断otp信息
adminPass = pwd[:pl-6]
otp := pwd[pl-6:]
totp := gotp.NewDefaultTOTP(base.Cfg.AdminOtp)
unix := time.Now().Unix()
verify := totp.Verify(otp, int(unix))
if !verify {
RespError(w, RespUserOrPassErr)
base.Error(adminUser, "管理员otp错误")
return
}
}
// 认证错误
if !(adminUser == base.Cfg.AdminUser &&
utils.PasswordVerify(adminPass, base.Cfg.AdminPass)) {
RespError(w, RespUserOrPassErr)
base.Error(adminUser, "管理员用户名或密码错误")
return
}
@@ -41,6 +67,14 @@ func Login(w http.ResponseWriter, r *http.Request) {
data["admin_user"] = adminUser
data["expires_at"] = expiresAt
ck := &http.Cookie{
Name: "jwt",
Value: tokenString,
Path: "/",
HttpOnly: true,
}
http.SetCookie(w, ck)
RespSucess(w, data)
}
@@ -50,13 +84,15 @@ func authMiddleware(next http.Handler) http.Handler {
w.Header().Set("Access-Control-Allow-Methods", "GET,POST,OPTIONS")
w.Header().Set("Access-Control-Allow-Headers", "*")
if r.Method == http.MethodOptions {
// 正式环境不支持 OPTIONS
w.WriteHeader(http.StatusForbidden)
return
}
route := mux.CurrentRoute(r)
name := route.GetName()
// fmt.Println("bb", r.URL.Path, name)
if utils.InArrStr([]string{"login", "index", "static", "debug"}, name) {
if utils.InArrStr([]string{"login", "index", "static"}, name) {
// 不进行鉴权
next.ServeHTTP(w, r)
return
@@ -67,6 +103,12 @@ func authMiddleware(next http.Handler) http.Handler {
if jwtToken == "" {
jwtToken = r.FormValue("jwt")
}
if jwtToken == "" {
cc, err := r.Cookie("jwt")
if err == nil {
jwtToken = cc.Value
}
}
data, err := GetJwtData(jwtToken)
if err != nil || base.Cfg.AdminUser != fmt.Sprint(data["admin_user"]) {
w.WriteHeader(http.StatusUnauthorized)

99
server/admin/api_cert.go Normal file
View File

@@ -0,0 +1,99 @@
package admin
import (
"encoding/json"
"fmt"
"io"
"net/http"
"os"
"github.com/bjdgyc/anylink/base"
"github.com/bjdgyc/anylink/dbdata"
)
func CustomCert(w http.ResponseWriter, r *http.Request) {
cert, _, err := r.FormFile("cert")
if err != nil {
RespError(w, RespInternalErr, err)
return
}
key, _, err := r.FormFile("key")
if err != nil {
RespError(w, RespInternalErr, err)
return
}
certFile, err := os.OpenFile(base.Cfg.CertFile, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0600)
if err != nil {
RespError(w, RespInternalErr, err)
return
}
defer certFile.Close()
if _, err := io.Copy(certFile, cert); err != nil {
RespError(w, RespInternalErr, err)
return
}
keyFile, err := os.OpenFile(base.Cfg.CertKey, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0600)
if err != nil {
RespError(w, RespInternalErr, err)
return
}
defer keyFile.Close()
if _, err := io.Copy(keyFile, key); err != nil {
RespError(w, RespInternalErr, err)
return
}
if tlscert, _, err := dbdata.ParseCert(); err != nil {
RespError(w, RespInternalErr, fmt.Sprintf("证书不合法,请重新上传:%v", err))
return
} else {
dbdata.LoadCertificate(tlscert)
}
RespSucess(w, "上传成功")
}
func GetCertSetting(w http.ResponseWriter, r *http.Request) {
sess := dbdata.GetXdb().NewSession()
defer sess.Close()
data := &dbdata.SettingLetsEncrypt{}
if err := dbdata.SettingGet(data); err != nil {
dbdata.SettingSessAdd(sess, data)
RespError(w, RespInternalErr, err)
}
userData := &dbdata.LegoUserData{}
if err := dbdata.SettingGet(userData); err != nil {
dbdata.SettingSessAdd(sess, userData)
}
RespSucess(w, data)
}
func CreatCert(w http.ResponseWriter, r *http.Request) {
if err := r.ParseForm(); err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
body, err := io.ReadAll(r.Body)
if err != nil {
RespError(w, RespInternalErr, err)
return
}
defer r.Body.Close()
config := &dbdata.SettingLetsEncrypt{}
if err := json.Unmarshal(body, config); err != nil {
RespError(w, RespInternalErr, err)
return
}
if err := dbdata.SettingSet(config); err != nil {
RespError(w, RespInternalErr, err)
return
}
client := dbdata.LeGoClient{}
if err := client.NewClient(config); err != nil {
base.Error(err)
RespError(w, RespInternalErr, fmt.Sprintf("获取证书失败:%v", err))
return
}
if err := client.GetCert(config.Domain); err != nil {
base.Error(err)
RespError(w, RespInternalErr, fmt.Sprintf("获取证书失败:%v", err))
return
}
RespSucess(w, "生成证书成功")
}

27
server/admin/api_group.go
View File

@@ -118,3 +118,30 @@ func GroupDel(w http.ResponseWriter, r *http.Request) {
}
RespSucess(w, nil)
}
func GroupAuthLogin(w http.ResponseWriter, r *http.Request) {
type AuthLoginData struct {
Name string `json:"name"`
Pwd string `json:"pwd"`
Auth map[string]interface{} `json:"auth"`
}
body, err := io.ReadAll(r.Body)
if err != nil {
RespError(w, RespInternalErr, err)
return
}
defer r.Body.Close()
v := &AuthLoginData{}
err = json.Unmarshal(body, &v)
if err != nil {
RespError(w, RespInternalErr, err)
return
}
err = dbdata.GroupAuthLogin(v.Name, v.Pwd, v.Auth)
if err != nil {
RespError(w, RespInternalErr, err)
return
}
RespSucess(w, "ok")
}

15
server/admin/api_ip_map.go
View File

@@ -80,6 +80,8 @@ func UserIpMapSet(w http.ResponseWriter, r *http.Request) {
return
}
// sessdata.IpAllSet(v)
RespSucess(w, nil)
}
@@ -93,11 +95,20 @@ func UserIpMapDel(w http.ResponseWriter, r *http.Request) {
return
}
data := dbdata.IpMap{Id: id}
err := dbdata.Del(&data)
var data dbdata.IpMap
err := dbdata.One("Id", id, &data)
if err != nil {
RespError(w, RespInternalErr, err)
return
}
err = dbdata.Del(&data)
if err != nil {
RespError(w, RespInternalErr, err)
return
}
// sessdata.IpAllDel(&data)
RespSucess(w, nil)
}

14
server/admin/api_uploaduser.go
View File

@@ -5,11 +5,11 @@ import (
"io"
"net/http"
"os"
"path"
"strconv"
"strings"
"time"
"github.com/bjdgyc/anylink/base"
"github.com/bjdgyc/anylink/dbdata"
"github.com/bjdgyc/anylink/pkg/utils"
mapset "github.com/deckarep/golang-set"
@@ -25,21 +25,27 @@ func UserUpload(w http.ResponseWriter, r *http.Request) {
return
}
defer file.Close()
newFile, err := os.Create(base.Cfg.FilesPath + header.Filename)
// go/path-injection
// base.Cfg.FilesPath 可以直接对外访问,不能上传文件到此
fileName := path.Join(os.TempDir(), utils.RandomRunes(10))
newFile, err := os.Create(fileName)
if err != nil {
RespError(w, RespInternalErr, "创建文件失败:", err)
return
}
defer newFile.Close()
io.Copy(newFile, file)
if err = UploadUser(newFile.Name()); err != nil {
RespError(w, RespInternalErr, err)
os.Remove(base.Cfg.FilesPath + header.Filename)
os.Remove(fileName)
return
}
os.Remove(base.Cfg.FilesPath + header.Filename)
os.Remove(fileName)
RespSucess(w, "批量添加成功")
}
func UploadUser(file string) error {
f, err := excelize.OpenFile(file)
if err != nil {

3
server/admin/api_user.go
View File

@@ -205,6 +205,7 @@ type userAccountMailData struct {
LinkAddr string
Group string
Username string
Nickname string
PinCode string
OtpImg string
OtpImgBase64 string
@@ -251,9 +252,11 @@ func userAccountMail(user *dbdata.User) error {
otpData, _ := userOtpQr(user.Id, true)
data := userAccountMailData{
Issuer: base.Cfg.Issuer,
LinkAddr: setting.LinkAddr,
Group: strings.Join(user.Groups, ","),
Username: user.Username,
Nickname: user.Nickname,
PinCode: user.PinCode,
OtpImg: fmt.Sprintf("https://%s/otp_qr?id=%d&jwt=%s", setting.LinkAddr, user.Id, tokenString),
OtpImgBase64: "data:image/png;base64," + otpData,

25
server/admin/server.go
View File

@@ -9,6 +9,8 @@ import (
"github.com/arl/statsviz"
"github.com/bjdgyc/anylink/base"
"github.com/bjdgyc/anylink/dbdata"
"github.com/bjdgyc/anylink/pkg/utils"
"github.com/gorilla/handlers"
"github.com/gorilla/mux"
)
@@ -19,6 +21,13 @@ var UiData embed.FS
func StartAdmin() {
r := mux.NewRouter()
// 所有路由添加安全头
r.Use(func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
utils.SetSecureHeader(w)
next.ServeHTTP(w, req)
})
})
r.Use(authMiddleware)
r.Use(handlers.CompressHandler)
@@ -46,6 +55,9 @@ func StartAdmin() {
r.HandleFunc("/set/audit/list", SetAuditList)
r.HandleFunc("/set/audit/export", SetAuditExport)
r.HandleFunc("/set/audit/act_log_list", UserActLogList)
r.HandleFunc("/set/other/createcert", CreatCert)
r.HandleFunc("/set/other/getcertset", GetCertSetting)
r.HandleFunc("/set/other/customcert", CustomCert)
r.HandleFunc("/user/list", UserList)
r.HandleFunc("/user/detail", UserDetail)
@@ -71,6 +83,7 @@ func StartAdmin() {
r.HandleFunc("/group/detail", GroupDetail)
r.HandleFunc("/group/set", GroupSet)
r.HandleFunc("/group/del", GroupDel)
r.HandleFunc("/group/auth_login", GroupAuthLogin)
r.HandleFunc("/statsinfo/list", StatsInfoList)
@@ -95,18 +108,28 @@ func StartAdmin() {
for _, s := range cipherSuites {
selectedCipherSuites = append(selectedCipherSuites, s.ID)
}
if tlscert, _, err := dbdata.ParseCert(); err != nil {
base.Fatal("证书加载失败", err)
} else {
dbdata.LoadCertificate(tlscert)
}
// 设置tls信息
tlsConfig := &tls.Config{
NextProtos: []string{"http/1.1"},
MinVersion: tls.VersionTLS12,
CipherSuites: selectedCipherSuites,
GetCertificate: func(chi *tls.ClientHelloInfo) (*tls.Certificate, error) {
return dbdata.GetCertificateBySNI(chi.ServerName)
},
}
srv := &http.Server{
Addr: base.Cfg.AdminAddr,
Handler: r,
TLSConfig: tlsConfig,
}
err := srv.ListenAndServeTLS(base.Cfg.CertFile, base.Cfg.CertKey)
err := srv.ListenAndServeTLS("", "")
if err != nil {
base.Fatal(err)
}

2
server/base/app_ver.go
View File

@@ -3,5 +3,5 @@ package base
const (
APP_NAME = "AnyLink"
// app版本号
APP_VER = "0.9.2-beta2"
APP_VER = "0.10.1"
)

5
server/base/cfg.go
View File

@@ -49,6 +49,7 @@ type ServerConfig struct {
Issuer string `json:"issuer"`
AdminUser string `json:"admin_user"`
AdminPass string `json:"admin_pass"`
AdminOtp string `json:"admin_otp"`
JwtSecret string `json:"jwt_secret"`
LinkMode string `json:"link_mode"` // tun tap macvtap ipvtap
@@ -75,6 +76,10 @@ type ServerConfig struct {
ShowSQL bool `json:"show_sql"` // bool
IptablesNat bool `json:"iptables_nat"`
Compression bool `json:"compression"` // bool
NoCompressLimit int `json:"no_compress_limit"` // int
DisplayError bool `json:"display_error"`
}
func initServerCfg() {

30
server/base/cmd.go
View File

@@ -3,14 +3,17 @@ package base
import (
"errors"
"fmt"
"io"
"os"
"reflect"
"runtime"
"strings"
"github.com/bjdgyc/anylink/pkg/utils"
"github.com/skip2/go-qrcode"
"github.com/spf13/cobra"
"github.com/spf13/viper"
"github.com/xlzd/gotp"
)
var (
@@ -18,6 +21,8 @@ var (
CommitId string
// pass明文
passwd string
// 生成otp
otp bool
// 生成密钥
secret bool
// 显示版本信息
@@ -69,13 +74,17 @@ func initCmd() {
Run: func(cmd *cobra.Command, args []string) {
// fmt.Println("cmd", cmd.Use, args)
runSrv = true
if rev {
printVersion()
os.Exit(0)
}
},
}
linkViper.SetEnvPrefix("link")
// 基础配置
for _, v := range configs {
if v.Typ == cfgStr {
rootCmd.Flags().StringP(v.Name, v.Short, v.ValStr, v.Usage)
@@ -92,6 +101,7 @@ func initCmd() {
// viper.SetDefault(v.Name, v.Value)
}
rootCmd.Flags().BoolVarP(&rev, "version", "v", false, "display version info")
rootCmd.AddCommand(initToolCmd())
cobra.OnInitialize(func() {
@@ -107,7 +117,7 @@ func initCmd() {
linkViper.SetConfigFile(conf)
err = linkViper.ReadInConfig()
if err != nil {
fmt.Println("Using config file:", err)
panic("config file err:" + err.Error())
}
})
}
@@ -122,17 +132,24 @@ func initToolCmd() *cobra.Command {
toolCmd.Flags().BoolVarP(&rev, "version", "v", false, "display version info")
toolCmd.Flags().BoolVarP(&secret, "secret", "s", false, "generate a random jwt secret")
toolCmd.Flags().StringVarP(&passwd, "passwd", "p", "", "convert the password plaintext")
toolCmd.Flags().BoolVarP(&otp, "otp", "o", false, "generate a random otp secret")
toolCmd.Flags().BoolVarP(&debug, "debug", "d", false, "list the config viper.Debug() info")
toolCmd.Run = func(cmd *cobra.Command, args []string) {
switch {
case rev:
fmt.Printf("%s v%s build on %s [%s, %s] commit_id(%s) \n",
APP_NAME, APP_VER, runtime.Version(), runtime.GOOS, runtime.GOARCH, CommitId)
printVersion()
case secret:
s, _ := utils.RandSecret(40, 60)
s = strings.Trim(s, "=")
fmt.Printf("Secret:%s\n", s)
case otp:
s := gotp.RandomSecret(32)
fmt.Printf("Otp:%s\n\n", s)
qrstr := fmt.Sprintf("otpauth://totp/%s:%s?issuer=%s&secret=%s", "anylink_admin", "admin@anylink", "anylink_admin", s)
qr, _ := qrcode.New(qrstr, qrcode.High)
ss := qr.ToSmallString(false)
io.WriteString(os.Stderr, ss)
case passwd != "":
pass, _ := utils.PasswordHash(passwd)
fmt.Printf("Passwd:%s\n", pass)
@@ -145,3 +162,8 @@ func initToolCmd() *cobra.Command {
return toolCmd
}
func printVersion() {
fmt.Printf("%s v%s build on %s [%s, %s] commit_id(%s) \n",
APP_NAME, APP_VER, runtime.Version(), runtime.GOOS, runtime.GOARCH, CommitId)
}

11
server/base/config.go
View File

@@ -38,6 +38,7 @@ var configs = []config{
{Typ: cfgStr, Name: "issuer", Usage: "系统名称", ValStr: "XX公司VPN"},
{Typ: cfgStr, Name: "admin_user", Usage: "管理用户名", ValStr: "admin"},
{Typ: cfgStr, Name: "admin_pass", Usage: "管理用户密码", ValStr: defaultPwd},
{Typ: cfgStr, Name: "admin_otp", Usage: "管理用户otp,生成命令 ./anylink tool -o", ValStr: ""},
{Typ: cfgStr, Name: "jwt_secret", Usage: "JWT密钥", ValStr: defaultJwt},
{Typ: cfgStr, Name: "link_mode", Usage: "虚拟网络类型[tun tap macvtap ipvtap]", ValStr: "tun"},
{Typ: cfgStr, Name: "ipv4_master", Usage: "ipv4主网卡名称", ValStr: "eth0"},
@@ -48,20 +49,24 @@ var configs = []config{
{Typ: cfgStr, Name: "default_group", Usage: "默认用户组", ValStr: "one"},
{Typ: cfgStr, Name: "default_domain", Usage: "要发布的默认域", ValStr: ""},
{Typ: cfgInt, Name: "ip_lease", Usage: "IP租期(秒)", ValInt: 1209600},
{Typ: cfgInt, Name: "ip_lease", Usage: "IP租期(秒)", ValInt: 86400},
{Typ: cfgInt, Name: "max_client", Usage: "最大用户连接", ValInt: 200},
{Typ: cfgInt, Name: "max_user_client", Usage: "最大单用户连接", ValInt: 3},
{Typ: cfgInt, Name: "cstp_keepalive", Usage: "keepalive时间(秒)", ValInt: 4},
{Typ: cfgInt, Name: "cstp_dpd", Usage: "死链接检测时间(秒)", ValInt: 10},
{Typ: cfgInt, Name: "cstp_dpd", Usage: "死链接检测时间(秒)", ValInt: 9},
{Typ: cfgInt, Name: "mobile_keepalive", Usage: "移动端keepalive接检测时间(秒)", ValInt: 7},
{Typ: cfgInt, Name: "mobile_dpd", Usage: "移动端死链接检测时间(秒)", ValInt: 15},
{Typ: cfgInt, Name: "mtu", Usage: "最大传输单元MTU", ValInt: 1460},
{Typ: cfgInt, Name: "session_timeout", Usage: "session过期时间(秒)", ValInt: 3600},
{Typ: cfgInt, Name: "session_timeout", Usage: "session过期时间(秒)-用于断线重连0永不过期", ValInt: 3600},
// {Typ: cfgInt, Name: "auth_timeout", Usage: "auth_timeout", ValInt: 0},
{Typ: cfgInt, Name: "audit_interval", Usage: "审计去重间隔(秒),-1关闭", ValInt: -1},
{Typ: cfgBool, Name: "show_sql", Usage: "显示sql语句用于调试", ValBool: false},
{Typ: cfgBool, Name: "iptables_nat", Usage: "是否自动添加NAT", ValBool: true},
{Typ: cfgBool, Name: "compression", Usage: "启用压缩", ValBool: false},
{Typ: cfgInt, Name: "no_compress_limit", Usage: "低于及等于多少字节不压缩", ValInt: 256},
{Typ: cfgBool, Name: "display_error", Usage: "客户端显示详细错误信息(线上环境慎开启)", ValBool: false},
}
var envs = map[string]string{}

48
server/base/log.go
View File

@@ -10,11 +10,12 @@ import (
)
const (
_Debug = iota
_Info
_Warn
_Error
_Fatal
LogLevelTrace = iota
LogLevelDebug
LogLevelInfo
LogLevelWarn
LogLevelError
LogLevelFatal
)
var (
@@ -87,17 +88,22 @@ func GetBaseLog() *log.Logger {
return baseLog
}
func GetLogLevel() int {
return baseLevel
}
func logLevel2Int(l string) int {
levels = map[int]string{
_Debug: "Debug",
_Info: "Info",
_Warn: "Warn",
_Error: "Error",
_Fatal: "Fatal",
LogLevelTrace: "Trace",
LogLevelDebug: "Debug",
LogLevelInfo: "Info",
LogLevelWarn: "Warn",
LogLevelError: "Error",
LogLevelFatal: "Fatal",
}
lvl := _Info
lvl := LogLevelInfo
for k, v := range levels {
if strings.EqualFold(strings.ToLower(l), strings.ToLower(v)) {
if strings.ToLower(l) == strings.ToLower(v) {
lvl = k
}
}
@@ -109,8 +115,16 @@ func output(l int, s ...interface{}) {
_ = baseLog.Output(3, lvl+fmt.Sprintln(s...))
}
func Trace(v ...interface{}) {
l := LogLevelTrace
if baseLevel > l {
return
}
output(l, v...)
}
func Debug(v ...interface{}) {
l := _Debug
l := LogLevelDebug
if baseLevel > l {
return
}
@@ -118,7 +132,7 @@ func Debug(v ...interface{}) {
}
func Info(v ...interface{}) {
l := _Info
l := LogLevelInfo
if baseLevel > l {
return
}
@@ -126,7 +140,7 @@ func Info(v ...interface{}) {
}
func Warn(v ...interface{}) {
l := _Warn
l := LogLevelWarn
if baseLevel > l {
return
}
@@ -134,7 +148,7 @@ func Warn(v ...interface{}) {
}
func Error(v ...interface{}) {
l := _Error
l := LogLevelError
if baseLevel > l {
return
}
@@ -142,7 +156,7 @@ func Error(v ...interface{}) {
}
func Fatal(v ...interface{}) {
l := _Fatal
l := LogLevelFatal
if baseLevel > l {
return
}

77
server/base/mod.go Normal file
View File

@@ -0,0 +1,77 @@
package base
import (
"bufio"
"fmt"
"log"
"os"
"os/exec"
"strings"
)
const (
procModulesPath = "/proc/modules"
inContainerKey = "ANYLINK_IN_CONTAINER"
tunPath = "/dev/net/tun"
)
var (
InContainer = false
modMap = map[string]struct{}{}
)
func initMod() {
container := os.Getenv(inContainerKey)
if container == "true" {
InContainer = true
}
log.Println("InContainer", InContainer)
file, err := os.Open(procModulesPath)
if err != nil {
err = fmt.Errorf("[ERROR] Problem with open file: %s", err)
panic(err)
}
defer file.Close()
scanner := bufio.NewScanner(file)
scanner.Split(bufio.ScanLines)
for scanner.Scan() {
splited := strings.Split(scanner.Text(), " ")
if len(splited[0]) > 0 {
modMap[splited[0]] = struct{}{}
}
}
}
func CheckModOrLoad(mod string) {
log.Println("CheckModOrLoad", mod)
if _, ok := modMap[mod]; ok {
return
}
if mod == "tun" || mod == "tap" {
_, err := os.Stat(tunPath)
if err == nil {
// 文件存在
return
}
panic("Linux tunFile is null " + tunPath)
}
if InContainer {
err := fmt.Errorf("Linux module %s is not loaded, please run `modprobe %s`", mod, mod)
// log.Println(err)
// return
panic(err)
}
cmdstr := fmt.Sprintln("modprobe", mod)
cmd := exec.Command("sh", "-c", cmdstr)
b, err := cmd.CombinedOutput()
if err != nil {
log.Println(string(b))
panic(err)
}
}

1
server/base/start.go
View File

@@ -4,6 +4,7 @@ func Start() {
execute()
initCfg()
initLog()
initMod()
}
func Test() {

2
server/conf/files/info.txt
View File

@@ -1,2 +1,2 @@
客户端软件需放置在files目录内
如需要帮助请加QQ群567510628
如需要帮助请加QQ群567510628 、739072205

13
server/conf/profile.xml
View File

@@ -8,6 +8,7 @@
<RestrictPreferenceCaching>false</RestrictPreferenceCaching>
<RestrictTunnelProtocols>IPSec</RestrictTunnelProtocols>
<BypassDownloader>true</BypassDownloader>
<AutoUpdate UserControllable="false">false</AutoUpdate>
<WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>
<LinuxVPNEstablishment>AllowRemoteUsers</LinuxVPNEstablishment>
<CertEnrollmentPin>pinAllowed</CertEnrollmentPin>
@@ -20,15 +21,19 @@
</ExtendedKeyUsage>
</CertificateMatch>
<BackupServerList>
<HostAddress>localhost</HostAddress>
</BackupServerList>
</ClientInitialization>
<ServerList>
<HostEntry>
<HostName>VPN Server</HostName>
<HostName>VPN</HostName>
<HostAddress>localhost</HostAddress>
</HostEntry>
<HostEntry>
<HostName>VPN2</HostName>
<HostAddress>localhost2</HostAddress>
</HostEntry>
</ServerList>
</AnyConnectProfile>

13
server/conf/server-sample.toml
View File

@@ -23,6 +23,9 @@ issuer = "XX公司VPN"
admin_user = "admin"
#pass 123456
admin_pass = "$2a$10$UQ7C.EoPifDeJh6d8.31TeSPQU7hM/NOM2nixmBucJpAuXDQNqNke"
# 留空表示不开启 otp, 开启otp后密码为 pass + 6位otp
# 生成 ./anylink tool -o
admin_otp = ""
jwt_secret = "abcdef.0123456789.abcdef"
@@ -50,7 +53,7 @@ max_client = 100
#单个用户同时在线数量
max_user_client = 3
#IP租期(秒)
ip_lease = 1209600
ip_lease = 86400
#默认选择的组
default_group = "one"
@@ -78,4 +81,12 @@ show_sql = false
#是否自动添加nat
iptables_nat = true
#启用压缩
compression = false
#低于及等于多少字节不压缩
no_compress_limit = 256
#客户端显示详细错误信息(线上环境慎开启)
display_error = false

9
server/conf/server.toml
View File

@@ -18,6 +18,9 @@ issuer = "XX公司VPN"
admin_user = "admin"
#pass 123456
admin_pass = "$2a$10$UQ7C.EoPifDeJh6d8.31TeSPQU7hM/NOM2nixmBucJpAuXDQNqNke"
# 留空表示不开启 otp, 开启otp后密码为 pass + 6位otp
# 生成 ./anylink tool -o
admin_otp = ""
jwt_secret = "abcdef.0123456789.abcdef"
#服务监听地址
@@ -35,3 +38,9 @@ ipv4_end = "192.168.90.200"
#是否自动添加nat
iptables_nat = true
#客户端显示详细错误信息(线上环境慎开启)
display_error = true

2
server/cron/start.go
View File

@@ -3,6 +3,7 @@ package cron
import (
"time"
"github.com/bjdgyc/anylink/dbdata"
"github.com/bjdgyc/anylink/sessdata"
"github.com/go-co-op/gocron"
)
@@ -13,5 +14,6 @@ func Start() {
s.Cron("0 * * * *").Do(ClearStatsInfo)
s.Cron("0 * * * *").Do(ClearUserActLog)
s.Every(1).Day().At("00:00").Do(sessdata.CloseUserLimittimeSession)
s.Every(1).Day().At("00:00").Do(dbdata.ReNewCert)
s.StartAsync()
}

411
server/dbdata/cert.go Normal file
View File

@@ -0,0 +1,411 @@
package dbdata
import (
"crypto"
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/rsa"
"crypto/tls"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"errors"
"fmt"
"math/big"
"net"
"os"
"strings"
"sync"
"time"
"github.com/pion/dtls/v2/pkg/crypto/selfsign"
"github.com/bjdgyc/anylink/base"
"github.com/go-acme/lego/v4/certcrypto"
"github.com/go-acme/lego/v4/certificate"
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/lego"
"github.com/go-acme/lego/v4/providers/dns/alidns"
"github.com/go-acme/lego/v4/providers/dns/cloudflare"
"github.com/go-acme/lego/v4/providers/dns/tencentcloud"
"github.com/go-acme/lego/v4/registration"
)
var (
// nameToCertificate mutex
ntcMux sync.RWMutex
nameToCertificate = make(map[string]*tls.Certificate)
tempCert *tls.Certificate
)
func init() {
c, _ := selfsign.GenerateSelfSignedWithDNS("localhost")
tempCert = &c
}
type SettingLetsEncrypt struct {
Domain string `json:"domain"`
Legomail string `json:"legomail"`
Name string `json:"name"`
Renew bool `json:"renew"`
DNSProvider
}
type DNSProvider struct {
AliYun struct {
APIKey string `json:"apiKey"`
SecretKey string `json:"secretKey"`
} `json:"aliyun"`
TXCloud struct {
SecretID string `json:"secretId"`
SecretKey string `json:"secretKey"`
} `json:"txcloud"`
CfCloud struct {
AuthToken string `json:"authToken"`
} `json:"cfcloud"`
}
type LegoUserData struct {
Email string `json:"email"`
Registration *registration.Resource `json:"registration"`
Key []byte `json:"key"`
}
type LegoUser struct {
Email string
Registration *registration.Resource
Key *ecdsa.PrivateKey
}
type LeGoClient struct {
mutex sync.Mutex
Client *lego.Client
Cert *certificate.Resource
LegoUserData
}
func GetDNSProvider(l *SettingLetsEncrypt) (Provider challenge.Provider, err error) {
switch l.Name {
case "aliyun":
if Provider, err = alidns.NewDNSProviderConfig(&alidns.Config{APIKey: l.DNSProvider.AliYun.APIKey, SecretKey: l.DNSProvider.AliYun.SecretKey, PropagationTimeout: 60 * time.Second, PollingInterval: 2 * time.Second, TTL: 600}); err != nil {
return
}
case "txcloud":
if Provider, err = tencentcloud.NewDNSProviderConfig(&tencentcloud.Config{SecretID: l.DNSProvider.TXCloud.SecretID, SecretKey: l.DNSProvider.TXCloud.SecretKey, PropagationTimeout: 60 * time.Second, PollingInterval: 2 * time.Second, TTL: 600}); err != nil {
return
}
case "cfcloud":
if Provider, err = cloudflare.NewDNSProviderConfig(&cloudflare.Config{AuthToken: l.DNSProvider.CfCloud.AuthToken, PropagationTimeout: 60 * time.Second, PollingInterval: 2 * time.Second, TTL: 600}); err != nil {
return
}
}
return
}
func (u *LegoUser) GetEmail() string {
return u.Email
}
func (u LegoUser) GetRegistration() *registration.Resource {
return u.Registration
}
func (u *LegoUser) GetPrivateKey() crypto.PrivateKey {
return u.Key
}
func (l *LegoUserData) SaveUserData(u *LegoUser) error {
key, err := x509.MarshalECPrivateKey(u.Key)
if err != nil {
return err
}
l.Email = u.Email
l.Registration = u.Registration
l.Key = key
if err := SettingSet(l); err != nil {
return err
}
return nil
}
func (l *LegoUserData) GetUserData(d *SettingLetsEncrypt) (*LegoUser, error) {
if err := SettingGet(l); err != nil {
return nil, err
}
if l.Email != "" {
key, err := x509.ParseECPrivateKey(l.Key)
if err != nil {
return nil, err
}
return &LegoUser{
Email: l.Email,
Registration: l.Registration,
Key: key,
}, nil
}
privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
return nil, err
}
return &LegoUser{
Email: d.Legomail,
Key: privateKey,
}, nil
}
func ReNewCert() {
_, certtime, err := ParseCert()
if err != nil {
base.Error(err)
return
}
if certtime.AddDate(0, 0, -7).Before(time.Now()) {
config := &SettingLetsEncrypt{}
if err := SettingGet(config); err != nil {
base.Error(err)
return
}
if config.Renew {
client := &LeGoClient{}
if err := client.NewClient(config); err != nil {
base.Error(err)
return
}
if err := client.RenewCert(base.Cfg.CertFile, base.Cfg.CertKey); err != nil {
base.Error(err)
return
}
base.Info("证书续期成功")
}
} else {
base.Info(fmt.Sprintf("证书过期时间:%s", certtime.Local().Format("2006-1-2 15:04:05")))
}
}
func (c *LeGoClient) NewClient(l *SettingLetsEncrypt) error {
c.mutex.Lock()
defer c.mutex.Unlock()
legouser, err := c.GetUserData(l)
if err != nil {
return err
}
config := lego.NewConfig(legouser)
config.CADirURL = lego.LEDirectoryProduction
config.Certificate.KeyType = certcrypto.RSA2048
client, err := lego.NewClient(config)
if err != nil {
return err
}
Provider, err := GetDNSProvider(l)
if err != nil {
return err
}
if err := client.Challenge.SetDNS01Provider(Provider, dns01.AddRecursiveNameservers([]string{"223.6.6.6", "223.5.5.5"})); err != nil {
return err
}
if legouser.Registration == nil {
reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
if err != nil {
return err
}
legouser.Registration = reg
c.SaveUserData(legouser)
}
c.Client = client
return nil
}
func (c *LeGoClient) GetCert(domain string) error {
// 申请证书
certificates, err := c.Client.Certificate.Obtain(
certificate.ObtainRequest{
Domains: []string{domain},
Bundle: true,
})
if err != nil {
return err
}
c.Cert = certificates
// 保存证书
if err := c.SaveCert(); err != nil {
return err
}
return nil
}
func (c *LeGoClient) RenewCert(certFile, keyFile string) error {
cert, err := os.ReadFile(certFile)
if err != nil {
return err
}
key, err := os.ReadFile(keyFile)
if err != nil {
return err
}
// 续期证书
renewcert, err := c.Client.Certificate.Renew(certificate.Resource{
Certificate: cert,
PrivateKey: key,
}, true, false, "")
if err != nil {
return err
}
c.Cert = renewcert
// 保存更新证书
if err := c.SaveCert(); err != nil {
return err
}
return nil
}
func (c *LeGoClient) SaveCert() error {
err := os.WriteFile(base.Cfg.CertFile, c.Cert.Certificate, 0600)
if err != nil {
return err
}
err = os.WriteFile(base.Cfg.CertKey, c.Cert.PrivateKey, 0600)
if err != nil {
return err
}
if tlscert, _, err := ParseCert(); err != nil {
return err
} else {
LoadCertificate(tlscert)
}
return nil
}
func ParseCert() (*tls.Certificate, *time.Time, error) {
_, errCert := os.Stat(base.Cfg.CertFile)
_, errKey := os.Stat(base.Cfg.CertKey)
if os.IsNotExist(errCert) || os.IsNotExist(errKey) {
err := PrivateCert()
if err != nil {
return nil, nil, err
}
}
cert, err := tls.LoadX509KeyPair(base.Cfg.CertFile, base.Cfg.CertKey)
if err != nil || errors.Is(err, os.ErrNotExist) {
PrivateCert()
return nil, nil, err
}
parseCert, err := x509.ParseCertificate(cert.Certificate[0])
if err != nil {
return nil, nil, err
}
return &cert, &parseCert.NotAfter, nil
}
func PrivateCert() error {
// 创建一个RSA密钥对
priv, _ := rsa.GenerateKey(rand.Reader, 2048)
pub := &priv.PublicKey
// 生成一个自签名证书
template := x509.Certificate{
SerialNumber: big.NewInt(1658),
Subject: pkix.Name{CommonName: "localhost"},
NotBefore: time.Now(),
NotAfter: time.Now().Add(time.Hour * 24 * 365),
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
BasicConstraintsValid: true,
IPAddresses: []net.IP{},
}
derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, pub, priv)
if err != nil {
return err
}
// 将证书编码为PEM格式并将其写入文件
certOut, _ := os.OpenFile(base.Cfg.CertFile, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0600)
pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
certOut.Close()
// 将私钥编码为PEM格式并将其写入文件
keyOut, _ := os.OpenFile(base.Cfg.CertKey, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)})
keyOut.Close()
cert, err := tls.LoadX509KeyPair(base.Cfg.CertFile, base.Cfg.CertKey)
if err != nil {
return err
}
LoadCertificate(&cert)
return nil
}
func getTempCertificate() (*tls.Certificate, error) {
var err error
var cert tls.Certificate
if tempCert == nil {
cert, err = selfsign.GenerateSelfSignedWithDNS("localhost")
tempCert = &cert
}
return tempCert, err
}
func GetCertificateBySNI(commonName string) (*tls.Certificate, error) {
ntcMux.RLock()
defer ntcMux.RUnlock()
// Copy from tls.Config getCertificate()
name := strings.ToLower(commonName)
if cert, ok := nameToCertificate[name]; ok {
return cert, nil
}
if len(name) > 0 {
labels := strings.Split(name, ".")
labels[0] = "*"
wildcardName := strings.Join(labels, ".")
if cert, ok := nameToCertificate[wildcardName]; ok {
return cert, nil
}
}
// TODO 默认证书 兼容不支持 SNI 的客户端
if cert, ok := nameToCertificate["default"]; ok {
return cert, nil
}
return getTempCertificate()
}
func LoadCertificate(cert *tls.Certificate) {
buildNameToCertificate(cert)
}
// Copy from tls.Config BuildNameToCertificate()
func buildNameToCertificate(cert *tls.Certificate) {
ntcMux.Lock()
defer ntcMux.Unlock()
// TODO 设置默认证书
nameToCertificate["default"] = cert
x509Cert, err := x509.ParseCertificate(cert.Certificate[0])
if err != nil {
return
}
startTime := x509Cert.NotBefore.String()
expiredTime := x509Cert.NotAfter.String()
if x509Cert.Subject.CommonName != "" && len(x509Cert.DNSNames) == 0 {
commonName := x509Cert.Subject.CommonName
fmt.Printf("┏ Load Certificate: %s\n", commonName)
fmt.Printf("┠╌╌ Start Time: %s\n", startTime)
fmt.Printf("┖╌╌ Expired Time: %s\n", expiredTime)
nameToCertificate[commonName] = cert
}
for _, san := range x509Cert.DNSNames {
fmt.Printf("┏ Load Certificate: %s\n", san)
fmt.Printf("┠╌╌ Start Time: %s\n", startTime)
fmt.Printf("┖╌╌ Expired Time: %s\n", expiredTime)
nameToCertificate[san] = cert
}
}
// func Scrypt(passwd string) string {
// salt := []byte{0xc8, 0x28, 0xf2, 0x58, 0xa7, 0x6a, 0xad, 0x7b}
// hashPasswd, err := scrypt.Key([]byte(passwd), salt, 1<<15, 8, 1, 32)
// if err != nil {
// return err.Error()
// }
// return base64.StdEncoding.EncodeToString(hashPasswd)
// }

29
server/dbdata/db.go
View File

@@ -99,6 +99,35 @@ func addInitData() error {
return err
}
// SettingDnsProvider
provider := &SettingLetsEncrypt{
Domain: "vpn.xxx.com",
Legomail: "legomail",
Name: "aliyun",
Renew: false,
DNSProvider: DNSProvider{
AliYun: struct {
APIKey string `json:"apiKey"`
SecretKey string `json:"secretKey"`
}{APIKey: "", SecretKey: ""},
TXCloud: struct {
SecretID string `json:"secretId"`
SecretKey string `json:"secretKey"`
}{SecretID: "", SecretKey: ""},
CfCloud: struct {
AuthToken string `json:"authToken"`
}{AuthToken: ""}},
}
err = SettingSessAdd(sess, provider)
if err != nil {
return err
}
// LegoUser
legouser := &LegoUserData{}
err = SettingSessAdd(sess, legouser)
if err != nil {
return err
}
// SettingOther
other := &SettingOther{
LinkAddr: "vpn.xx.com",

32
server/dbdata/group.go
View File

@@ -117,11 +117,18 @@ func SetGroup(g *Group) error {
continue
}
ipMask, _, err := parseIpNet(v.Val)
ipMask, ipNet, err := parseIpNet(v.Val)
if err != nil {
return errors.New("RouteInclude 错误" + err.Error())
}
// 给Mac系统下发路由时必须是标准的网络地址
if strings.Split(ipMask, "/")[0] != ipNet.IP.String() {
errMsg := fmt.Sprintf("RouteInclude 错误: 网络地址错误,建议: %s 改为 %s", v.Val, ipNet)
return errors.New(errMsg)
}
v.IpMask = ipMask
routeInclude = append(routeInclude, v)
}
@@ -130,10 +137,16 @@ func SetGroup(g *Group) error {
routeExclude := []ValData{}
for _, v := range g.RouteExclude {
if v.Val != "" {
ipMask, _, err := parseIpNet(v.Val)
ipMask, ipNet, err := parseIpNet(v.Val)
if err != nil {
return errors.New("RouteExclude 错误" + err.Error())
}
if strings.Split(ipMask, "/")[0] != ipNet.IP.String() {
errMsg := fmt.Sprintf("RouteInclude 错误: 网络地址错误,建议: %s 改为 %s", v.Val, ipNet)
return errors.New(errMsg)
}
v.IpMask = ipMask
routeExclude = append(routeExclude, v)
}
@@ -225,6 +238,21 @@ func SetGroup(g *Group) error {
return err
}
func GroupAuthLogin(name, pwd string, authData map[string]interface{}) error {
g := &Group{Auth: authData}
authType := g.Auth["type"].(string)
if _, ok := authRegistry[authType]; !ok {
return errors.New("未知的认证方式: " + authType)
}
auth := makeInstance(authType).(IUserAuth)
err := auth.checkData(g.Auth)
if err != nil {
return err
}
err = auth.checkUser(name, pwd, g)
return err
}
func parseIpNet(s string) (string, *net.IPNet, error) {
ip, ipNet, err := net.ParseCIDR(s)
if err != nil {

1
server/dbdata/group_test.go
View File

@@ -51,6 +51,7 @@ func TestGetGroupNames(t *testing.T) {
"bind_name": "userfind@abc.com",
"bind_pwd": "afdbfdsafds",
"base_dn": "dc=abc,dc=com",
"object_class": "person",
"search_attr": "sAMAccountName",
"member_of": "cn=vpn,cn=user,dc=abc,dc=com",
},

31
server/dbdata/ip_map.go
View File

@@ -2,20 +2,22 @@ package dbdata
import (
"errors"
"net"
"time"
)
// type IpMap struct {
// Id int `json:"id" xorm:"pk autoincr not null"`
// IpAddr string `json:"ip_addr" xorm:"not null unique"`
// MacAddr string `json:"mac_addr" xorm:"not null unique"`
// Username string `json:"username"`
// Keep bool `json:"keep"` // 保留 ip-mac 绑定
// KeepTime time.Time `json:"keep_time"`
// Note string `json:"note"` // 备注
// LastLogin time.Time `json:"last_login"`
// UpdatedAt time.Time `json:"updated_at"`
// }
type IpMap struct {
Id int `json:"id" xorm:"pk autoincr not null"`
IpAddr string `json:"ip_addr" xorm:"varchar(32) not null unique"`
MacAddr string `json:"mac_addr" xorm:"varchar(32) not null unique"`
UniqueMac bool `json:"unique_mac" xorm:"Bool index"`
Username string `json:"username" xorm:"varchar(60)"`
Keep bool `json:"keep" xorm:"Bool"` // 保留 ip-mac 绑定
KeepTime time.Time `json:"keep_time" xorm:"DateTime"`
Note string `json:"note" xorm:"varchar(255)"` // 备注
LastLogin time.Time `json:"last_login" xorm:"DateTime"`
UpdatedAt time.Time `json:"updated_at" xorm:"DateTime updated"`
}
func SetIpMap(v *IpMap) error {
var err error
@@ -24,6 +26,13 @@ func SetIpMap(v *IpMap) error {
return errors.New("IP或MAC错误")
}
macHw, err := net.ParseMAC(v.MacAddr)
if err != nil {
return errors.New("MAC错误")
}
// 统一macAddr的格式
v.MacAddr = macHw.String()
v.UpdatedAt = time.Now()
if v.Id > 0 {
err = Set(v)

15
server/dbdata/policy.go
View File

@@ -2,6 +2,7 @@ package dbdata
import (
"errors"
"fmt"
"net"
"strings"
"time"
@@ -31,11 +32,16 @@ func SetPolicy(p *Policy) error {
continue
}
ipMask, _, err := parseIpNet(v.Val)
ipMask, ipNet, err := parseIpNet(v.Val)
if err != nil {
return errors.New("RouteInclude 错误" + err.Error())
}
if strings.Split(ipMask, "/")[0] != ipNet.IP.String() {
errMsg := fmt.Sprintf("RouteInclude 错误: 网络地址错误,建议: %s 改为 %s", v.Val, ipNet)
return errors.New(errMsg)
}
v.IpMask = ipMask
routeInclude = append(routeInclude, v)
}
@@ -45,10 +51,15 @@ func SetPolicy(p *Policy) error {
routeExclude := []ValData{}
for _, v := range p.RouteExclude {
if v.Val != "" {
ipMask, _, err := parseIpNet(v.Val)
ipMask, ipNet, err := parseIpNet(v.Val)
if err != nil {
return errors.New("RouteExclude 错误" + err.Error())
}
if strings.Split(ipMask, "/")[0] != ipNet.IP.String() {
errMsg := fmt.Sprintf("RouteInclude 错误: 网络地址错误,建议: %s 改为 %s", v.Val, ipNet)
return errors.New(errMsg)
}
v.IpMask = ipMask
routeExclude = append(routeExclude, v)
}

8
server/dbdata/policy_test.go
View File

@@ -21,19 +21,19 @@ func TestGetPolicy(t *testing.T) {
err = SetPolicy(&p2)
ast.Nil(err)
route := []ValData{{Val: "192.168.1.1/24"}}
route := []ValData{{Val: "192.168.1.0/24"}}
p3 := Policy{Username: "a3", ClientDns: []ValData{{Val: "114.114.114.114"}}, RouteInclude: route, DsExcludeDomains: "com.cn,qq.com"}
err = SetPolicy(&p3)
ast.Nil(err)
// 判断 IpMask
ast.Equal(p3.RouteInclude[0].IpMask, "192.168.1.1/255.255.255.0")
ast.Equal(p3.RouteInclude[0].IpMask, "192.168.1.0/255.255.255.0")
route2 := []ValData{{Val: "192.168.2.1/24"}}
route2 := []ValData{{Val: "192.168.2.0/24"}}
p4 := Policy{Username: "a4", ClientDns: []ValData{{Val: "114.114.114.114"}}, RouteExclude: route2, DsIncludeDomains: "com.cn,qq.com"}
err = SetPolicy(&p4)
ast.Nil(err)
// 判断 IpMask
ast.Equal(p4.RouteExclude[0].IpMask, "192.168.2.1/255.255.255.0")
ast.Equal(p4.RouteExclude[0].IpMask, "192.168.2.0/255.255.255.0")
// 判断所有数据
var userPolicy *Policy

1
server/dbdata/setting.go
View File

@@ -49,7 +49,6 @@ func SettingSessAdd(sess *xorm.Session, data interface{}) error {
v, _ := json.Marshal(data)
s := &Setting{Name: name, Data: v}
_, err := sess.InsertOne(s)
return err
}

13
server/dbdata/tables.go
View File

@@ -56,19 +56,6 @@ type UserActLog struct {
CreatedAt time.Time `json:"created_at" xorm:"DateTime created"`
}
type IpMap struct {
Id int `json:"id" xorm:"pk autoincr not null"`
IpAddr string `json:"ip_addr" xorm:"varchar(32) not null unique"`
MacAddr string `json:"mac_addr" xorm:"varchar(32) not null unique"`
UniqueMac bool `json:"unique_mac" xorm:"Bool index"`
Username string `json:"username" xorm:"varchar(60)"`
Keep bool `json:"keep" xorm:"Bool"` // 保留 ip-mac 绑定
KeepTime time.Time `json:"keep_time" xorm:"DateTime"`
Note string `json:"note" xorm:"varchar(255)"` // 备注
LastLogin time.Time `json:"last_login" xorm:"DateTime"`
UpdatedAt time.Time `json:"updated_at" xorm:"DateTime updated"`
}
type Setting struct {
Id int `json:"id" xorm:"pk autoincr not null"`
Name string `json:"name" xorm:"varchar(60) not null unique"`

2
server/dbdata/user_act_log.go
View File

@@ -155,7 +155,7 @@ func (ua *UserActLogProcess) ParseUserAgent(userAgent string) (os_idx, client_id
} else if strings.Contains(userAgent, "anylink") {
client_idx = 3
}
// Verion
// Version
uaSlice := strings.Split(userAgent, " ")
ver = uaSlice[len(uaSlice)-1]
if ver[0] == 'v' {

7
server/dbdata/user_test.go
View File

@@ -17,12 +17,12 @@ func TestCheckUser(t *testing.T) {
// 添加一个组
dns := []ValData{{Val: "114.114.114.114"}}
route := []ValData{{Val: "192.168.1.1/24"}}
route := []ValData{{Val: "192.168.1.0/24"}}
g := Group{Name: group, Status: 1, ClientDns: dns, RouteInclude: route}
err := SetGroup(&g)
ast.Nil(err)
// 判断 IpMask
ast.Equal(g.RouteInclude[0].IpMask, "192.168.1.1/255.255.255.0")
ast.Equal(g.RouteInclude[0].IpMask, "192.168.1.0/255.255.255.0")
// 添加一个用户
u := User{Username: "aaa", Groups: []string{group}, Status: 1}
@@ -59,7 +59,7 @@ func TestCheckUser(t *testing.T) {
}
// 添加用户策略
dns2 := []ValData{{Val: "8.8.8.8"}}
route2 := []ValData{{Val: "192.168.2.1/24"}}
route2 := []ValData{{Val: "192.168.2.0/24"}}
p1 := Policy{Username: "aaa", Status: 1, ClientDns: dns2, RouteInclude: route2}
err = SetPolicy(&p1)
ast.Nil(err)
@@ -75,6 +75,7 @@ func TestCheckUser(t *testing.T) {
"bind_name": "userfind@abc.com",
"bind_pwd": "afdbfdsafds",
"base_dn": "dc=abc,dc=com",
"object_class": "person",
"search_attr": "sAMAccountName",
"member_of": "cn=vpn,cn=user,dc=abc,dc=com",
},

13
server/dbdata/userauth_ldap.go
View File

@@ -20,6 +20,7 @@ type AuthLdap struct {
BindName string `json:"bind_name"`
BindPwd string `json:"bind_pwd"`
BaseDn string `json:"base_dn"`
ObjectClass string `json:"object_class"`
SearchAttr string `json:"search_attr"`
MemberOf string `json:"member_of"`
}
@@ -40,7 +41,7 @@ func (auth AuthLdap) checkData(authData map[string]interface{}) error {
return errors.New("LDAP的服务器地址(含端口)填写有误")
}
if auth.BindName == "" {
return errors.New("LDAP的管理员账号不能为空")
return errors.New("LDAP的管理员 DN不能为空")
}
if auth.BindPwd == "" {
return errors.New("LDAP的管理员密码不能为空")
@@ -48,6 +49,9 @@ func (auth AuthLdap) checkData(authData map[string]interface{}) error {
if auth.BaseDn == "" || !ValidateDN(auth.BaseDn) {
return errors.New("LDAP的Base DN填写有误")
}
if auth.ObjectClass == "" {
return errors.New("LDAP的用户对象类填写有误")
}
if auth.SearchAttr == "" {
return errors.New("LDAP的用户唯一ID不能为空")
}
@@ -94,9 +98,12 @@ func (auth AuthLdap) checkUser(name, pwd string, g *Group) error {
}
err = l.Bind(auth.BindName, auth.BindPwd)
if err != nil {
return fmt.Errorf("%s LDAP 管理员账号或密码填写有误 %s", name, err.Error())
return fmt.Errorf("%s LDAP 管理员 DN或密码填写有误 %s", name, err.Error())
}
filterAttr := "(objectClass=person)"
if auth.ObjectClass == "" {
auth.ObjectClass = "person"
}
filterAttr := "(objectClass=" + auth.ObjectClass + ")"
filterAttr += "(" + auth.SearchAttr + "=" + name + ")"
if auth.MemberOf != "" {
filterAttr += "(memberOf:=" + auth.MemberOf + ")"

51
server/go.mod
View File

@@ -1,23 +1,25 @@
module github.com/bjdgyc/anylink
go 1.18
go 1.19
require (
github.com/arl/statsviz v0.5.1
github.com/deckarep/golang-set v1.8.0
github.com/go-acme/lego/v4 v4.10.2
github.com/go-co-op/gocron v1.17.0
github.com/go-ldap/ldap v3.0.3+incompatible
github.com/go-sql-driver/mysql v1.6.0
github.com/gocarina/gocsv v0.0.0-20220712153207-8b2118da4570
github.com/golang-jwt/jwt/v4 v4.0.0
github.com/golang-jwt/jwt/v4 v4.2.0
github.com/google/gopacket v1.1.19
github.com/gorilla/handlers v1.5.1
github.com/gorilla/mux v1.8.0
github.com/ivpusic/grpool v1.0.0
github.com/lanrenwo/lzsgo v0.0.2
github.com/lib/pq v1.10.2
github.com/mattn/go-sqlite3 v1.14.9
github.com/orcaman/concurrent-map v1.0.0
github.com/pion/dtls/v2 v2.1.5
github.com/pion/dtls/v2 v2.2.7
github.com/pion/logging v0.2.2
github.com/pires/go-proxyproto v0.6.2
github.com/shirou/gopsutil v3.21.7+incompatible
@@ -27,25 +29,44 @@ require (
github.com/spf13/cast v1.3.1
github.com/spf13/cobra v1.2.1
github.com/spf13/viper v1.8.1
github.com/stretchr/testify v1.8.0
github.com/stretchr/testify v1.8.3
github.com/xhit/go-simple-mail/v2 v2.10.0
github.com/xlzd/gotp v0.0.0-20181030022105-c8557ba2c119
github.com/xuri/excelize/v2 v2.6.1
go.uber.org/atomic v1.10.0
golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8
golang.org/x/net v0.0.0-20220812174116-3211cb980234
golang.org/x/text v0.3.7
golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac
golang.org/x/crypto v0.8.0
golang.org/x/net v0.9.0
golang.org/x/text v0.9.0
golang.org/x/time v0.3.0
layeh.com/radius v0.0.0-20210819152912-ad72663a72ab
xorm.io/xorm v1.3.2
)
require (
github.com/aliyun/alibaba-cloud-sdk-go v1.61.1755 // indirect
github.com/cenkalti/backoff/v4 v4.2.0 // indirect
github.com/cloudflare/cloudflare-go v0.49.0 // indirect
github.com/felixge/httpsnoop v1.0.1 // indirect
github.com/go-jose/go-jose/v3 v3.0.0 // indirect
github.com/google/go-querystring v1.1.0 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
github.com/hashicorp/go-retryablehttp v0.7.1 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/kr/text v0.2.0 // indirect
github.com/miekg/dns v1.1.50 // indirect
github.com/pion/transport/v2 v2.2.1 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.490 // indirect
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.490 // indirect
golang.org/x/mod v0.8.0 // indirect
golang.org/x/tools v0.6.0 // indirect
)
require (
github.com/StackExchange/wmi v1.2.1 // indirect
github.com/coreos/go-iptables v0.6.0
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/felixge/httpsnoop v1.0.1 // indirect
github.com/fsnotify/fsnotify v1.4.9 // indirect
github.com/fsnotify/fsnotify v1.5.4 // indirect
github.com/go-ole/go-ole v1.2.5 // indirect
github.com/goccy/go-json v0.8.1 // indirect
github.com/golang/snappy v0.0.4 // indirect
@@ -54,13 +75,11 @@ require (
github.com/inconshreveable/mousetrap v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/magiconair/properties v1.8.5 // indirect
github.com/mitchellh/mapstructure v1.4.1 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect
github.com/pelletier/go-toml v1.9.3 // indirect
github.com/pion/transport v0.13.0 // indirect
github.com/pion/udp v0.1.1 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/richardlehane/mscfb v1.0.4 // indirect
github.com/richardlehane/msoleps v1.0.3 // indirect
@@ -74,10 +93,10 @@ require (
github.com/tklauser/numcpus v0.2.3 // indirect
github.com/xuri/efp v0.0.0-20220603152613-6918739fd470 // indirect
github.com/xuri/nfp v0.0.0-20220409054826-5e722a1d9e22 // indirect
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 // indirect
golang.org/x/sync v0.1.0 // indirect
golang.org/x/sys v0.7.0 // indirect
gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect
gopkg.in/ini.v1 v1.62.0 // indirect
gopkg.in/ini.v1 v1.66.6 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
xorm.io/builder v0.3.11-0.20220531020008-1bd24a7dc978 // indirect

128
server/go.sum
View File

@@ -54,6 +54,8 @@ github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuy
github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
github.com/aliyun/alibaba-cloud-sdk-go v1.61.1755 h1:J45/QHgrzUdqe/Vco/Vxk0wRvdS2nKUxmf/zLgvfass=
github.com/aliyun/alibaba-cloud-sdk-go v1.61.1755/go.mod h1:RcDobYh8k5VP6TNybz9m++gL3ijVI5wueVr0EM10VsU=
github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
@@ -73,6 +75,8 @@ github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kB
github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM=
github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ=
github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
github.com/cenkalti/backoff/v4 v4.2.0 h1:HN5dHm3WBOgndBH6E8V0q2jIYIR3s9yglV8k/+MN3u4=
github.com/cenkalti/backoff/v4 v4.2.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
@@ -80,6 +84,8 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P
github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
github.com/cloudflare/cloudflare-go v0.49.0 h1:KqJYk/YQ5ZhmyYz1oa4kGDskfF1gVuZfqesaJ/XDLto=
github.com/cloudflare/cloudflare-go v0.49.0/go.mod h1:h0QgcIZ3qEXwFiwfBO8sQxjVdYsLX+PfD7NFEnANaKg=
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
@@ -98,6 +104,7 @@ github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfc
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -120,19 +127,25 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m
github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
github.com/felixge/httpsnoop v1.0.1 h1:lvB5Jl89CsZtGIWuTcDM1E/vkVs49/Ml7JJe07l8SPQ=
github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4=
github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20=
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI=
github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU=
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/go-acme/lego/v4 v4.10.2 h1:5eW3qmda5v/LP21v1Hj70edKY1jeFZQwO617tdkwp6Q=
github.com/go-acme/lego/v4 v4.10.2/go.mod h1:EMbf0Jmqwv94nJ5WL9qWnSXIBZnvsS9gNypansHGc6U=
github.com/go-co-op/gocron v1.17.0 h1:IixLXsti+Qo0wMvmn6Kmjp2csk2ykpkcL+EmHmST18w=
github.com/go-co-op/gocron v1.17.0/go.mod h1:IpDBSaJOVfFw7hXZuTag3SCSkqazXBBUkbQ1m1aesBs=
github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo=
github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o=
@@ -159,8 +172,9 @@ github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7a
github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
github.com/golang-jwt/jwt/v4 v4.0.0 h1:RAqyYixv1p7uEnocuy8P1nru5wprCh/MH2BIlW5z5/o=
github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptGaCkuDUx6wNykzzlUixGxvkme+H/lnzb+A=
github.com/golang-jwt/jwt/v4 v4.2.0 h1:besgBTC8w8HjP6NzQdxwKH9Z5oQMZ24ThTrHp3cZ8eU=
github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -209,6 +223,9 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=
github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo=
@@ -233,7 +250,6 @@ github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
@@ -255,9 +271,15 @@ github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyN
github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
github.com/hashicorp/go-hclog v1.2.0 h1:La19f8d7WIlm4ogzNHB0JGqs5AUDAZ2UfCY4sJXcJdM=
github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
github.com/hashicorp/go-retryablehttp v0.7.1 h1:sUiuQAnLlbvmExtFQs72iFW/HXeUn8Z1aJLQ4LJJbTQ=
github.com/hashicorp/go-retryablehttp v0.7.1/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
@@ -331,7 +353,12 @@ github.com/jackc/puddle v1.1.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dv
github.com/jackc/puddle v1.1.1/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
@@ -340,7 +367,6 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr
github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=
@@ -352,12 +378,15 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxv
github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/lanrenwo/lzsgo v0.0.2 h1:FA30LAaJFYLoaM17b+H32gA+5H+abjoomNLSA9HCbrI=
github.com/lanrenwo/lzsgo v0.0.2/go.mod h1:oxDZy2vgi6VBGIdvL80ayRMtIyXV+TbjavVuINXZY2k=
github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
@@ -373,19 +402,22 @@ github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaO
github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ=
github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40=
github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ=
github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY=
github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng=
github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
github.com/mattn/go-sqlite3 v1.14.9 h1:10HX2Td0ocZpYEjhilsuo6WWtUqttj2Kb0KtD86/KYA=
github.com/mattn/go-sqlite3 v1.14.9/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA=
github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
@@ -393,8 +425,9 @@ github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS4
github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
github.com/mitchellh/mapstructure v1.4.1 h1:CpVNEelQCZBooIPDn+AR3NpivK/TIKU8bDxdASFVQag=
github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -439,19 +472,18 @@ github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCko
github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac=
github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc=
github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
github.com/pion/dtls/v2 v2.1.5 h1:jlh2vtIyUBShchoTDqpCCqiYCyRFJ/lvf/gQ8TALs+c=
github.com/pion/dtls/v2 v2.1.5/go.mod h1:BqCE7xPZbPSubGasRoDFJeTsyJtdD1FanJYL0JGheqY=
github.com/pion/dtls/v2 v2.2.7 h1:cSUBsETxepsCSFSxC3mc/aDo14qQLMSL+O6IjG28yV8=
github.com/pion/dtls/v2 v2.2.7/go.mod h1:8WiMkebSHFD0T+dIU+UeBaoV7kDhOW5oDCzZ7WZ/F9s=
github.com/pion/logging v0.2.2 h1:M9+AIj/+pxNsDfAT64+MAVgJO0rsyLnoJKCqf//DoeY=
github.com/pion/logging v0.2.2/go.mod h1:k0/tDVsRCX2Mb2ZEmTqNa7CWsQPc+YYCB7Q+5pahoms=
github.com/pion/transport v0.12.2/go.mod h1:N3+vZQD9HlDP5GWkZ85LohxNsDcNgofQmyL6ojX5d8Q=
github.com/pion/transport v0.13.0 h1:KWTA5ZrQogizzYwPEciGtHPLwpAjE91FgXnyu+Hv2uY=
github.com/pion/transport v0.13.0/go.mod h1:yxm9uXpK9bpBBWkITk13cLo1y5/ur5VQpG22ny6EP7g=
github.com/pion/udp v0.1.1 h1:8UAPvyqmsxK8oOjloDk4wUt63TzFe9WEJkg5lChlj7o=
github.com/pion/udp v0.1.1/go.mod h1:6AFo+CMdKQm7UiA0eUPA8/eVCTx8jBIITLZHc9DWX5M=
github.com/pion/transport/v2 v2.2.1 h1:7qYnCBlpgSJNYMbLCKuSY9KbQdBFoETvPNETv0y4N7c=
github.com/pion/transport/v2 v2.2.1/go.mod h1:cXXWavvCnFF6McHTft3DWS9iic2Mftcz1Aq29pGcU5g=
github.com/pires/go-proxyproto v0.6.2 h1:KAZ7UteSOt6urjme6ZldyFm4wDe/z0ZUP0Yv0Dos0d8=
github.com/pires/go-proxyproto v0.6.2/go.mod h1:Odh9VFOZJCf9G8cLW5o435Xf1J95Jw9Gw5rnCjcwzAY=
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA=
github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
@@ -486,6 +518,7 @@ github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzG
github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg=
github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc=
@@ -505,9 +538,7 @@ github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMB
github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e h1:MRM5ITcdelLK2j1vwZ3Je0FKVCfqOLp5zO6trqMLYs0=
github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e/go.mod h1:XV66xRDqSt+GTGFMVlhk3ULuV0y9ZmzeVGR4mloJI3M=
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
github.com/songgao/packets v0.0.0-20160404182456-549a10cd4091 h1:1zN6ImoqhSJhN8hGXFaJlSC8msLmIbX8bFqOfWLKw0w=
@@ -536,6 +567,7 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
@@ -543,12 +575,17 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY=
github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s=
github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
github.com/syndtr/goleveldb v1.0.0 h1:fBdIW9lB4Iz0n9khmH8w27SJ3QEJ7+IgjPEwGSZiFdE=
github.com/syndtr/goleveldb v1.0.0/go.mod h1:ZVVdQEZoIme9iO1Ch2Jdy24qqXrMMOU6lpPAyBWyWuQ=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.490 h1:mmz27tVi2r70JYnm5y0Zk8w0Qzsx+vfUw3oqSyrEfP8=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.490/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.490 h1:g9SWTaTy/rEuhMErC2jWq9Qt5ci+jBYSvXnJsLq4adg=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.490/go.mod h1:l9q4vc1QiawUB1m3RU+87yLvrrxe54jc0w/kEl4DbSQ=
github.com/tklauser/go-sysconf v0.3.7 h1:HT7h4+536gjqeq1ZIJPgOl1rg1XFatQGVZWp7Py53eg=
github.com/tklauser/go-sysconf v0.3.7/go.mod h1:JZIdXh4RmBvZDBZ41ld2bGxRV3n4daiiqA3skYhAoQ4=
github.com/tklauser/numcpus v0.2.3 h1:nQ0QYpiritP6ViFhrKYsiv6VVxOpum2Gks5GhnJbS/8=
@@ -572,6 +609,7 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de
github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0=
go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
@@ -621,9 +659,10 @@ golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899/go.mod h1:LzIPMQfyMNhhGPh
golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8 h1:GIAS/yBem/gq2MUqgNIzUHW7cJMmx3TGZOrnyYaNQ6c=
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ=
golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -660,8 +699,10 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.4.2 h1:Gz96sIWK3OalVv/I/qNygP42zyoKp3xptRVCWRFEBvo=
golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -699,17 +740,18 @@ golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81R
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20201201195509-5d6afe98e0b7/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20211201190559-0a0e4e1bb54c/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
golang.org/x/net v0.0.0-20220812174116-3211cb980234 h1:RDqmgfe7SvlMWoqC3xwQ2blLO3fcWcxMa3eBLRdRW7E=
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.0.0-20220812174116-3211cb980234/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM=
golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -732,8 +774,10 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ
golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -795,12 +839,18 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210902050250-f475640dd07b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 h1:WIoqL4EROvwiPdUtaip4VcDdpZ4kha7wBWZrbVKCIZg=
golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU=
golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -809,14 +859,16 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac h1:7zkz7BUtwNFFqcowJ+RIgu2MaV/MapERkDIy+mwPyjs=
golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -875,14 +927,16 @@ golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4f
golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
golang.org/x/tools v0.1.2 h1:kRBLX7v7Af8W7Gdbbc908OJcdgtK8bOz9Uaj8/F1ACA=
golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=
golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk=
google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
@@ -998,16 +1052,18 @@ gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLks
gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d h1:TxyelI5cVkbREznMhfzycHdkp5cLA7DpE+GKjSslYhM=
gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4=
gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o=
gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s=
gopkg.in/ini.v1 v1.62.0 h1:duBzk771uxoUuOlyRLkHsygud9+5lrlGjdFBb4mSKDU=
gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/ini.v1 v1.66.6 h1:LATuAqN/shcYAOkv3wl2L4rkaKqkcgTBQjOyYDvcPKI=
gopkg.in/ini.v1 v1.66.6/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=

37
server/handler/dtls.go
View File

@@ -2,10 +2,13 @@ package handler
import (
"context"
"crypto/rand"
"crypto/rsa"
"crypto/tls"
"encoding/hex"
"errors"
"net"
"strings"
"time"
"github.com/bjdgyc/anylink/base"
@@ -20,10 +23,13 @@ func startDtls() {
return
}
certificate, err := selfsign.GenerateSelfSigned()
// rsa 兼容 open connect
priv, _ := rsa.GenerateKey(rand.Reader, 2048)
certificate, err := selfsign.SelfSign(priv)
if err != nil {
panic(err)
}
logf := logging.NewDefaultLoggerFactory()
logf.Writer = base.GetBaseLw()
// logf.DefaultLogLevel = logging.LogLevelTrace
@@ -34,9 +40,14 @@ func startDtls() {
config := &dtls.Config{
Certificates: []tls.Certificate{certificate},
InsecureSkipVerify: true,
ExtendedMasterSecret: dtls.DisableExtendedMasterSecret,
CipherSuites: []dtls.CipherSuiteID{dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
CipherSuites: func() []dtls.CipherSuiteID {
var cs = []dtls.CipherSuiteID{}
for _, vv := range dtlsCipherSuites {
cs = append(cs, vv)
}
return cs
}(),
LoggerFactory: logf,
MTU: BufferSize,
SessionStore: sessStore,
@@ -98,3 +109,23 @@ func (ms *sessionStore) Get(key []byte) (dtls.Session, error) {
func (ms *sessionStore) Del(key []byte) error {
return nil
}
// 客户端和服务端映射 X-DTLS12-CipherSuite
var dtlsCipherSuites = map[string]dtls.CipherSuiteID{
// "ECDHE-ECDSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
// "ECDHE-ECDSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
"ECDHE-RSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
"ECDHE-RSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
}
func checkDtls12Ciphersuite(ciphersuite string) string {
csArr := strings.Split(ciphersuite, ":")
for _, v := range csArr {
if _, ok := dtlsCipherSuites[v]; ok {
return v
}
}
// 返回默认值
return "ECDHE-RSA-AES128-GCM-SHA256"
}

29
server/handler/link_auth.go
View File

@@ -1,12 +1,14 @@
package handler
import (
"bytes"
"crypto/md5"
"encoding/xml"
"fmt"
"io"
"net"
"net/http"
"net/http/httputil"
"strings"
"text/template"
@@ -19,9 +21,10 @@ var profileHash = ""
func LinkAuth(w http.ResponseWriter, r *http.Request) {
// TODO 调试信息输出
//hd, _ := httputil.DumpRequest(r, true)
//base.Debug("DumpRequest: ", string(hd))
if base.GetLogLevel() == base.LogLevelTrace {
hd, _ := httputil.DumpRequest(r, true)
base.Trace("LinkAuth: ", string(hd))
}
// 判断anyconnect客户端
userAgent := strings.ToLower(r.UserAgent())
xAggregateAuth := r.Header.Get("X-Aggregate-Auth")
@@ -47,7 +50,7 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
return
}
// fmt.Printf("%+v \n", cr)
setCommonHeader(w)
// setCommonHeader(w)
if cr.Type == "logout" {
// 退出删除session信息
if cr.SessionToken != "" {
@@ -88,6 +91,9 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
data := RequestData{Group: cr.GroupSelect, Groups: dbdata.GetGroupNamesNormal(), Error: "用户名或密码错误"}
if base.Cfg.DisplayError {
data.Error = err.Error()
}
tplRequest(tpl_request, w, data)
return
}
@@ -103,7 +109,7 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
sess := sessdata.NewSession("")
sess.Username = cr.Auth.Username
sess.Group = cr.GroupSelect
sess.MacAddr = strings.ToLower(cr.MacAddressList.MacAddress)
oriMac := cr.MacAddressList.MacAddress
sess.UniqueIdGlobal = cr.DeviceId.UniqueIdGlobal
sess.UserAgent = userAgent
sess.DeviceType = ua.DeviceType
@@ -111,7 +117,7 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
sess.RemoteAddr = r.RemoteAddr
// 获取客户端mac地址
sess.UniqueMac = true
macHw, err := net.ParseMAC(sess.MacAddr)
macHw, err := net.ParseMAC(oriMac)
if err != nil {
var sum [16]byte
if sess.UniqueIdGlobal != "" {
@@ -125,6 +131,9 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
sess.MacAddr = macHw.String()
}
sess.MacHw = macHw
// 统一macAddr的格式
sess.MacAddr = macHw.String()
other := &dbdata.SettingOther{}
_ = dbdata.SettingGet(other)
rd := RequestData{SessionId: sess.Sid, SessionToken: sess.Sid + "@" + sess.Token,
@@ -146,10 +155,12 @@ func tplRequest(typ int, w io.Writer, data RequestData) {
return
}
if strings.Contains(data.Banner, "\n") {
// 替换xml文件的换行符
data.Banner = strings.ReplaceAll(data.Banner, "\n", "&#x0A;")
if data.Banner != "" {
buf := new(bytes.Buffer)
xml.EscapeText(buf, []byte(data.Banner))
data.Banner = buf.String()
}
t, _ := template.New("auth_complete").Parse(auth_complete)
_ = t.Execute(w, data)
}

23
server/handler/link_base.go
View File

@@ -3,7 +3,6 @@ package handler
import (
"encoding/xml"
"log"
"net/http"
"os/exec"
)
@@ -42,28 +41,6 @@ type macAddressList struct {
MacAddress string `xml:"mac-address"`
}
func setCommonHeader(w http.ResponseWriter) {
// Content-Length Date 默认已经存在
w.Header().Set("Server", "AnyLink")
w.Header().Set("Content-Type", "text/html; charset=utf-8")
w.Header().Set("Cache-Control", "no-store,no-cache")
w.Header().Set("Pragma", "no-cache")
w.Header().Set("Transfer-Encoding", "chunked")
w.Header().Set("Connection", "keep-alive")
w.Header().Set("X-Frame-Options", "deny")
w.Header().Set("X-Content-Type-Options", "nosniff")
w.Header().Set("Content-Security-Policy", "default-src 'none'")
w.Header().Set("X-Permitted-Cross-Domain-Policies", "none")
w.Header().Set("Referrer-Policy", "no-referrer")
w.Header().Set("Clear-Site-Data", "cache,cookies,storage")
w.Header().Set("Cross-Origin-Embedder-Policy", "require-corp")
w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")
w.Header().Set("Cross-Origin-Resource-Policy", "same-origin")
w.Header().Set("X-XSS-Protection", "0")
w.Header().Set("X-Aggregate-Auth", "1")
w.Header().Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
}
func execCmd(cmdStrs []string) error {
for _, cmdStr := range cmdStrs {
cmd := exec.Command("sh", "-c", cmdStr)

30
server/handler/link_cstp.go
View File

@@ -67,6 +67,21 @@ func LinkCstp(conn net.Conn, bufRW *bufio.ReadWriter, cSess *sessdata.ConnSessio
}
case 0x04:
// log.Println("recv DPD-RESP")
case 0x08: // decompress
if cSess.CstpPickCmp == nil {
continue
}
dst := getByteFull()
nn, err := cSess.CstpPickCmp.Uncompress(pl.Data[8:], *dst)
if err != nil {
putByte(dst)
base.Error("cstp decompress error", err, nn)
continue
}
binary.BigEndian.PutUint16(pl.Data[4:6], uint16(nn))
pl.Data = append(pl.Data[:8], (*dst)[:nn]...)
putByte(dst)
fallthrough
case 0x00: // DATA
// 获取数据长度
dataLen = binary.BigEndian.Uint16(pl.Data[4:6]) // 4,5
@@ -112,6 +127,20 @@ func cstpWrite(conn net.Conn, bufRW *bufio.ReadWriter, cSess *sessdata.ConnSessi
}
if pl.PType == 0x00 {
isCompress := false
if cSess.CstpPickCmp != nil && len(pl.Data) > base.Cfg.NoCompressLimit {
dst := getByteFull()
size, err := cSess.CstpPickCmp.Compress(pl.Data, (*dst)[8:])
if err == nil && size < len(pl.Data) {
copy((*dst)[:8], plHeader)
binary.BigEndian.PutUint16((*dst)[4:6], uint16(size))
(*dst)[6] = 0x08
pl.Data = append(pl.Data[:0], (*dst)[:size+8]...)
isCompress = true
}
putByte(dst)
}
if !isCompress {
// 获取数据长度
l := len(pl.Data)
// 先扩容 +8
@@ -122,6 +151,7 @@ func cstpWrite(conn net.Conn, bufRW *bufio.ReadWriter, cSess *sessdata.ConnSessi
copy(pl.Data[:8], plHeader)
// 更新头长度
binary.BigEndian.PutUint16(pl.Data[4:6], uint16(l))
}
} else {
pl.Data = append(pl.Data[:0], plHeader...)
// 设置头类型

29
server/handler/link_dtls.go
View File

@@ -69,6 +69,21 @@ func LinkDtls(conn net.Conn, cSess *sessdata.ConnSession) {
}
case 0x04:
// base.Debug("recv DPD-RESP", cSess.IpAddr)
case 0x08: // decompress
if cSess.DtlsPickCmp == nil {
continue
}
dst := getByteFull()
nn, err := cSess.DtlsPickCmp.Uncompress(pl.Data[1:], *dst)
if err != nil {
putByte(dst)
base.Error("dtls decompress error", err, n)
continue
}
pl.Data = append(pl.Data[:1], (*dst)[:nn]...)
putByte(dst)
n = nn + 1
fallthrough
case 0x00: // DATA
// 去除数据头
// copy(pl.Data, pl.Data[1:n])
@@ -108,6 +123,19 @@ func dtlsWrite(conn net.Conn, dSess *sessdata.DtlsSession, cSess *sessdata.ConnS
// header = []byte{payload.PType}
if pl.PType == 0x00 { // data
isCompress := false
if cSess.DtlsPickCmp != nil && len(pl.Data) > base.Cfg.NoCompressLimit {
dst := getByteFull()
size, err := cSess.DtlsPickCmp.Compress(pl.Data, (*dst)[1:])
if err == nil && size < len(pl.Data) {
(*dst)[0] = 0x08
pl.Data = append(pl.Data[:0], (*dst)[:size+1]...)
isCompress = true
}
putByte(dst)
}
// 未压缩
if !isCompress {
// 获取数据长度
l := len(pl.Data)
// 先扩容 +1
@@ -116,6 +144,7 @@ func dtlsWrite(conn net.Conn, dSess *sessdata.DtlsSession, cSess *sessdata.ConnS
copy(pl.Data[1:], pl.Data)
// 添加头信息
pl.Data[0] = pl.PType
}
} else {
// 设置头类型
pl.Data = append(pl.Data[:0], pl.PType)

2
server/handler/link_home.go
View File

@@ -13,7 +13,7 @@ func LinkHome(w http.ResponseWriter, r *http.Request) {
// fmt.Println(r.RemoteAddr)
// hu, _ := httputil.DumpRequest(r, true)
// fmt.Println("DumpHome: ", string(hu))
w.Header().Set("Server", "AnyLink")
w.Header().Set("Content-Type", "text/html; charset=utf-8")
connection := strings.ToLower(r.Header.Get("Connection"))
userAgent := strings.ToLower(r.UserAgent())
if connection == "close" && (strings.Contains(userAgent, "anyconnect") || strings.Contains(userAgent, "openconnect")) {

21
server/handler/link_tun.go
View File

@@ -22,22 +22,29 @@ func checkTun() {
defer ifce.Close()
// 测试ip命令
cmdstr := fmt.Sprintf("ip link set dev %s up mtu %s multicast off", ifce.Name(), "1399")
err = execCmd([]string{cmdstr})
base.CheckModOrLoad("tun")
cmdstr1 := fmt.Sprintf("ip link set dev %s up mtu %s multicast off", ifce.Name(), "1399")
err = execCmd([]string{cmdstr1})
if err != nil {
base.Fatal("testTun err: ", err)
}
// 开启服务器转发
if err := execCmd([]string{"sysctl -w net.ipv4.ip_forward=1"}); err != nil {
base.Error(err)
base.Fatal(err)
}
if base.Cfg.IptablesNat {
// 添加NAT转发规则
ipt, err := iptables.New()
if err != nil {
base.Error(err)
base.Fatal(err)
return
}
// 修复 rockyos nat 不生效
base.CheckModOrLoad("iptable_filter")
base.CheckModOrLoad("iptable_nat")
natRule := []string{"-s", base.Cfg.Ipv4CIDR, "-o", base.Cfg.Ipv4Master, "-j", "MASQUERADE"}
forwardRule := []string{"-j", "ACCEPT"}
if natExists, _ := ipt.Exists("nat", "POSTROUTING", natRule...); !natExists {
@@ -65,7 +72,13 @@ func LinkTun(cSess *sessdata.ConnSession) error {
// log.Printf("Interface Name: %s\n", ifce.Name())
cSess.SetIfName(ifce.Name())
// 通过 ip link show 查看 alias 信息
cmdstr1 := fmt.Sprintf("ip link set dev %s up mtu %d multicast off", ifce.Name(), cSess.Mtu)
if !base.InContainer {
// 容器默认 iproute 不支持 alias
cmdstr1 += fmt.Sprintf(" alias %s.%s", cSess.Group.Name, cSess.Username)
}
cmdstr2 := fmt.Sprintf("ip addr add dev %s local %s peer %s/32",
ifce.Name(), base.Cfg.Ipv4Gateway, cSess.IpAddr)
err = execCmd([]string{cmdstr1, cmdstr2})

27
server/handler/link_tunnel.go
View File

@@ -6,6 +6,7 @@ import (
"log"
"net"
"net/http"
"net/http/httputil"
"os"
"strings"
"text/template"
@@ -34,8 +35,10 @@ func HttpAddHeader(w http.ResponseWriter, key string, value string) {
func LinkTunnel(w http.ResponseWriter, r *http.Request) {
// TODO 调试信息输出
//hd, _ := httputil.DumpRequest(r, true)
//base.Debug("DumpRequest: ", string(hd))
if base.GetLogLevel() == base.LogLevelTrace {
hd, _ := httputil.DumpRequest(r, true)
base.Trace("LinkTunnel: ", string(hd))
}
// 判断session-token的值
cookie, err := r.Cookie("webvpn")
@@ -89,6 +92,18 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
base.Debug(cSess.IpAddr, cSess.MacHw, sess.Username, mobile)
// 检测密码套件
dtlsCiphersuite := checkDtls12Ciphersuite(r.Header.Get("X-Dtls12-Ciphersuite"))
base.Trace("dtlsCiphersuite", dtlsCiphersuite)
// 压缩
if cmpName, ok := cSess.SetPickCmp("cstp", r.Header.Get("X-Cstp-Accept-Encoding")); ok {
HttpSetHeader(w, "X-CSTP-Content-Encoding", cmpName)
}
if cmpName, ok := cSess.SetPickCmp("dtls", r.Header.Get("X-Dtls-Accept-Encoding")); ok {
HttpSetHeader(w, "X-DTLS-Content-Encoding", cmpName)
}
// 返回客户端数据
HttpSetHeader(w, "Server", fmt.Sprintf("%s %s", base.APP_NAME, base.APP_VER))
HttpSetHeader(w, "X-CSTP-Version", "1")
@@ -153,7 +168,7 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
HttpSetHeader(w, "X-DTLS-Port", dtlsPort)
HttpSetHeader(w, "X-DTLS-DPD", fmt.Sprintf("%d", cstpDpd))
HttpSetHeader(w, "X-DTLS-Keepalive", fmt.Sprintf("%d", cstpKeepalive))
HttpSetHeader(w, "X-DTLS12-CipherSuite", "ECDHE-ECDSA-AES128-GCM-SHA256")
HttpSetHeader(w, "X-DTLS12-CipherSuite", dtlsCiphersuite)
HttpSetHeader(w, "X-CSTP-License", "accept")
HttpSetHeader(w, "X-CSTP-Routing-Filtering-Ignore", "false")
@@ -223,7 +238,11 @@ func SetPostAuthXml(g *dbdata.Group, w http.ResponseWriter) error {
if err != nil {
return err
}
HttpSetHeader(w, "X-CSTP-Post-Auth-XML", result.String())
xmlAuth := ""
for _, v := range strings.Split(result.String(), "\n") {
xmlAuth += strings.TrimSpace(v)
}
HttpSetHeader(w, "X-CSTP-Post-Auth-XML", xmlAuth)
return nil
}

9
server/handler/link_vtap.go
View File

@@ -33,13 +33,14 @@ func checkMacvtap() {
ifName := "anylinkMacvtap"
// 加载 macvtap
cmdstr0 := fmt.Sprintln("modprobe -i macvtap")
base.CheckModOrLoad("macvtap")
// 开启主网卡混杂模式
cmdstr1 := fmt.Sprintf("ip link set dev %s promisc on", base.Cfg.Ipv4Master)
// 测试 macvtap 功能
cmdstr2 := fmt.Sprintf("ip link add link %s name %s type macvtap mode bridge", base.Cfg.Ipv4Master, ifName)
cmdstr3 := fmt.Sprintf("ip link del %s", ifName)
err := execCmd([]string{cmdstr0, cmdstr1, cmdstr2, cmdstr3})
err := execCmd([]string{cmdstr1, cmdstr2, cmdstr3})
if err != nil {
base.Fatal(err)
}
@@ -55,6 +56,10 @@ func LinkMacvtap(cSess *sessdata.ConnSession) error {
cmdstr1 := fmt.Sprintf("ip link add link %s name %s type macvtap mode bridge", base.Cfg.Ipv4Master, ifName)
cmdstr2 := fmt.Sprintf("ip link set dev %s up mtu %d address %s", ifName, cSess.Mtu, cSess.MacHw)
if !base.InContainer {
// 容器默认 iproute 不支持 alias
cmdstr2 += fmt.Sprintf(" alias %s.%s", cSess.Group.Name, cSess.Username)
}
err := execCmd([]string{cmdstr1, cmdstr2})
if err != nil {
base.Error(err)

20
server/handler/payload_access_audit.go
View File

@@ -3,6 +3,7 @@ package handler
import (
"crypto/md5"
"encoding/binary"
"runtime/debug"
"time"
"github.com/bjdgyc/anylink/base"
@@ -101,11 +102,17 @@ func logAuditBatch() {
// 解析IP包的数据
func logAudit(userName string, pl *sessdata.Payload) {
defer putPayload(pl)
defer func() {
if err := recover(); err != nil {
base.Error("logAudit is panic: ", err, "\n", string(debug.Stack()), "\n", pl.Data)
}
putPayload(pl)
}()
if !(pl.LType == sessdata.LTypeIPData && pl.PType == 0x00) {
return
}
ipProto := waterutil.IPv4Protocol(pl.Data)
// 访问协议
var accessProto uint8
@@ -118,11 +125,15 @@ func logAudit(userName string, pl *sessdata.Payload) {
default:
return
}
// IP报文只包含头部信息时, 则打印LOG并退出
ipPl := waterutil.IPv4Payload(pl.Data)
if len(ipPl) < 4 {
base.Error("ipPl len < 4", ipPl, pl.Data)
return
}
ipPort := (uint16(ipPl[2]) << 8) | uint16(ipPl[3])
ipSrc := waterutil.IPv4Source(pl.Data)
ipDst := waterutil.IPv4Destination(pl.Data)
ipPort := waterutil.IPv4DestinationPort(pl.Data)
b := getByte51()
key := *b
copy(key[:16], ipSrc)
@@ -178,7 +189,6 @@ func logAudit(userName string, pl *sessdata.Payload) {
AccessProto: accessProto,
Info: info,
}
select {
case logBatch.LogChan <- audit:
default:

2
server/handler/payload_tcp_parser.go
View File

@@ -29,7 +29,7 @@ func onTCP(payload []byte) (uint8, string) {
}
func sniNewParser(b []byte) (uint8, string) {
if len(b) < 2 || b[0] != 0x16 || b[1] != 0x03 {
if len(b) < 6 || b[0] != 0x16 || b[1] != 0x03 {
return acc_proto_tcp, ""
}
rest := b[5:]

21
server/handler/server.go
View File

@@ -11,6 +11,8 @@ import (
"time"
"github.com/bjdgyc/anylink/base"
"github.com/bjdgyc/anylink/dbdata"
"github.com/bjdgyc/anylink/pkg/utils"
"github.com/gorilla/mux"
"github.com/pires/go-proxyproto"
)
@@ -48,13 +50,18 @@ func startTls() {
NextProtos: []string{"http/1.1"},
MinVersion: tls.VersionTLS12,
CipherSuites: selectedCipherSuites,
// InsecureSkipVerify: true,
GetCertificate: func(chi *tls.ClientHelloInfo) (*tls.Certificate, error) {
base.Trace("GetCertificate", chi.ServerName)
return dbdata.GetCertificateBySNI(chi.ServerName)
},
}
srv := &http.Server{
Addr: addr,
Handler: initRoute(),
TLSConfig: tlsConfig,
ErrorLog: base.GetBaseLog(),
ReadTimeout: 60 * time.Second,
WriteTimeout: 60 * time.Second,
}
ln, err = net.Listen("tcp", addr)
@@ -66,12 +73,12 @@ func startTls() {
if base.Cfg.ProxyProtocol {
ln = &proxyproto.Listener{
Listener: ln,
ReadHeaderTimeout: 40 * time.Second,
ReadHeaderTimeout: 30 * time.Second,
}
}
base.Info("listen server", addr)
err = srv.ServeTLS(ln, base.Cfg.CertFile, base.Cfg.CertKey)
err = srv.ServeTLS(ln, "", "")
if err != nil {
base.Fatal(err)
}
@@ -79,6 +86,14 @@ func startTls() {
func initRoute() http.Handler {
r := mux.NewRouter()
// 所有路由添加安全头
r.Use(func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
utils.SetSecureHeader(w)
next.ServeHTTP(w, req)
})
})
r.HandleFunc("/", LinkHome).Methods(http.MethodGet)
r.HandleFunc("/", LinkAuth).Methods(http.MethodPost)
r.HandleFunc("/CSCOSSLC/tunnel", LinkTunnel).Methods(http.MethodConnect)

32
server/pkg/utils/secure_header.go Normal file
View File

@@ -0,0 +1,32 @@
package utils
import "net/http"
// SetSecureHeader 设置安全的header头
// https://blog.csdn.net/liwan09/article/details/130248003
// https://zhuanlan.zhihu.com/p/335165168
func SetSecureHeader(w http.ResponseWriter) {
// Content-Length Date 默认已经存在
w.Header().Set("Server", "AnyLinkOpenSource")
// w.Header().Set("Content-Type", "text/html; charset=utf-8")
// w.Header().Set("Transfer-Encoding", "chunked")
w.Header().Set("X-Aggregate-Auth", "1")
w.Header().Set("Cache-Control", "no-store,no-cache")
w.Header().Set("Pragma", "no-cache")
w.Header().Set("Connection", "keep-alive")
w.Header().Set("X-Frame-Options", "SAMEORIGIN")
w.Header().Set("X-Content-Type-Options", "nosniff")
w.Header().Set("X-Download-Options", "noopen")
w.Header().Set("Content-Security-Policy", "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'; base-uri 'self'; block-all-mixed-content")
w.Header().Set("X-Permitted-Cross-Domain-Policies", "none")
w.Header().Set("Referrer-Policy", "same-origin")
w.Header().Set("Cross-Origin-Embedder-Policy", "require-corp")
w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")
w.Header().Set("Cross-Origin-Resource-Policy", "same-origin")
w.Header().Set("X-XSS-Protection", "1;mode=block")
w.Header().Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
// w.Header().Set("Clear-Site-Data", "cache,cookies,storage")
}

35
server/sessdata/compress.go Normal file
View File

@@ -0,0 +1,35 @@
package sessdata
import (
"github.com/lanrenwo/lzsgo"
)
type CmpEncoding interface {
Compress(src []byte, dst []byte) (int, error)
Uncompress(src []byte, dst []byte) (int, error)
}
type LzsgoCmp struct {
}
func (l LzsgoCmp) Compress(src []byte, dst []byte) (int, error) {
n, err := lzsgo.Compress(src, dst)
return n, err
}
func (l LzsgoCmp) Uncompress(src []byte, dst []byte) (int, error) {
n, err := lzsgo.Uncompress(src, dst)
return n, err
}
// type Lz4Cmp struct {
// c lz4.Compressor
// }
// func (l Lz4Cmp) Compress(src []byte, dst []byte) (int, error) {
// return l.c.CompressBlock(src, dst)
// }
// func (l Lz4Cmp) Uncompress(src []byte, dst []byte) (int, error) {
// return lz4.UncompressBlock(src, dst)
// }

28
server/sessdata/compress_test.go Normal file
View File

@@ -0,0 +1,28 @@
package sessdata
import (
"strings"
"testing"
"github.com/stretchr/testify/assert"
)
func TestLzsCompress(t *testing.T) {
var (
n int
err error
)
assert := assert.New(t)
c := LzsgoCmp{}
s := "hello anylink, you are best!"
src := []byte(strings.Repeat(s, 50))
comprBuf := make([]byte, 2048)
n, err = c.Compress(src, comprBuf)
assert.Nil(err)
unprBuf := make([]byte, 2048)
n, err = c.Uncompress(comprBuf[:n], unprBuf)
assert.Nil(err)
assert.Equal(src, unprBuf[:n])
}

175
server/sessdata/ip_pool.go
View File

@@ -14,8 +14,10 @@ var (
IpPool = &ipPoolConfig{}
ipActive = map[string]bool{}
// ipKeep and ipLease ipAddr => type
ipLease = map[string]bool{}
// ipLease = map[string]bool{}
ipPoolMux sync.Mutex
// 记录循环点
loopCurIp uint32
)
type ipPoolConfig struct {
@@ -36,7 +38,19 @@ func initIpPool() {
}
IpPool.Ipv4IPNet = ipNet
IpPool.Ipv4Mask = net.IP(ipNet.Mask)
IpPool.Ipv4Gateway = net.ParseIP(base.Cfg.Ipv4Gateway)
ipv4Gateway := net.ParseIP(base.Cfg.Ipv4Gateway)
ipStart := net.ParseIP(base.Cfg.Ipv4Start)
ipEnd := net.ParseIP(base.Cfg.Ipv4End)
if !ipNet.Contains(ipv4Gateway) || !ipNet.Contains(ipStart) || !ipNet.Contains(ipEnd) {
panic("ip段 设置错误")
}
// ip地址池
IpPool.Ipv4Gateway = ipv4Gateway
IpPool.IpLongMin = utils.Ip2long(ipStart)
IpPool.IpLongMax = utils.Ip2long(ipEnd)
loopCurIp = IpPool.IpLongMin
// 网络地址零值
// zero := binary.BigEndian.Uint32(ip.Mask(mask))
@@ -44,70 +58,70 @@ func initIpPool() {
// one, _ := ipNet.Mask.Size()
// max := min | uint32(math.Pow(2, float64(32-one))-1)
// ip地址池
IpPool.IpLongMin = utils.Ip2long(net.ParseIP(base.Cfg.Ipv4Start))
IpPool.IpLongMax = utils.Ip2long(net.ParseIP(base.Cfg.Ipv4End))
// 获取IpLease数据
// go cronIpLease()
}
func cronIpLease() {
getIpLease()
tick := time.NewTicker(time.Minute * 30)
for range tick.C {
getIpLease()
}
}
func getIpLease() {
xdb := dbdata.GetXdb()
keepIpMaps := []dbdata.IpMap{}
sNow := time.Now().Add(-1 * time.Duration(base.Cfg.IpLease) * time.Second)
err := xdb.Cols("ip_addr").Where("keep=?", true).
Or("unique_mac=? and last_login>?", true, sNow).Find(&keepIpMaps)
if err != nil {
base.Error(err)
}
// fmt.Println(keepIpMaps)
ipPoolMux.Lock()
ipLease = map[string]bool{}
for _, v := range keepIpMaps {
ipLease[v.IpAddr] = true
}
ipPoolMux.Unlock()
}
// func cronIpLease() {
// getIpLease()
// tick := time.NewTicker(time.Minute * 30)
// for range tick.C {
// getIpLease()
// }
// }
//
// func getIpLease() {
// xdb := dbdata.GetXdb()
// keepIpMaps := []dbdata.IpMap{}
// sNow := time.Now().Add(-1 * time.Duration(base.Cfg.IpLease) * time.Second)
// err := xdb.Cols("ip_addr").Where("keep=?", true).
// Or("unique_mac=? and last_login>?", true, sNow).Find(&keepIpMaps)
// if err != nil {
// base.Error(err)
// }
// // fmt.Println(keepIpMaps)
// ipPoolMux.Lock()
// ipLease = map[string]bool{}
// for _, v := range keepIpMaps {
// ipLease[v.IpAddr] = true
// }
// ipPoolMux.Unlock()
// }
// AcquireIp 获取动态ip
func AcquireIp(username, macAddr string, uniqueMac bool) net.IP {
base.Trace("AcquireIp:", username, macAddr, uniqueMac)
ipPoolMux.Lock()
defer ipPoolMux.Unlock()
var (
err error
tNow = time.Now()
leaseTime = time.Now().Add(-1 * time.Duration(base.Cfg.IpLease) * time.Second)
)
if uniqueMac {
// 判断是否已经分配过
mi := &dbdata.IpMap{}
err = dbdata.One("mac_addr", macAddr, mi)
// 查询报错
if err != nil {
if !dbdata.CheckErrNotFound(err) {
// 没有查询到数据
if dbdata.CheckErrNotFound(err) {
return loopIp(username, macAddr, uniqueMac)
}
// 查询报错
base.Error(err)
return nil
}
}
// 存在ip记录
base.Trace("uniqueMac:", username, mi)
ipStr := mi.IpAddr
ip := net.ParseIP(ipStr)
// 跳过活跃连接
_, ok := ipActive[ipStr]
// 检测原有ip是否在新的ip池内
if IpPool.Ipv4IPNet.Contains(ip) && !ok &&
// IpPool.Ipv4IPNet.Contains(ip) &&
if !ok &&
utils.Ip2long(ip) >= IpPool.IpLongMin &&
utils.Ip2long(ip) <= IpPool.IpLongMax {
mi.Username = username
@@ -118,18 +132,23 @@ func AcquireIp(username, macAddr string, uniqueMac bool) net.IP {
ipActive[ipStr] = true
return ip
}
// 删除当前macAddr
mi = &dbdata.IpMap{MacAddr: macAddr}
_ = dbdata.Del(mi)
} else {
// 没有获取到mac的情况
ipMaps := []dbdata.IpMap{}
err = dbdata.FindWhere(&ipMaps, 50, 1, "username=? and unique_mac=?", username, false)
// 查询报错
if err != nil {
if !dbdata.CheckErrNotFound(err) {
// 没有查询到数据
if dbdata.CheckErrNotFound(err) {
return loopIp(username, macAddr, uniqueMac)
}
// 查询报错
base.Error(err)
return nil
}
}
// 遍历mac记录
for _, mi := range ipMaps {
@@ -144,10 +163,9 @@ func AcquireIp(username, macAddr string, uniqueMac bool) net.IP {
if mi.Keep {
continue
}
if IpPool.Ipv4IPNet.Contains(ip) &&
mi.LastLogin.Before(leaseTime) && // 说明已经超过租期,可以直接使用
utils.Ip2long(ip) >= IpPool.IpLongMin &&
// 没有mac的 不需要验证租期
// mi.LastLogin.Before(leaseTime) &&
if utils.Ip2long(ip) >= IpPool.IpLongMin &&
utils.Ip2long(ip) <= IpPool.IpLongMax {
mi.LastLogin = tNow
mi.MacAddr = macAddr
@@ -160,8 +178,40 @@ func AcquireIp(username, macAddr string, uniqueMac bool) net.IP {
}
}
return loopIp(username, macAddr, uniqueMac)
}
func loopIp(username, macAddr string, uniqueMac bool) net.IP {
var (
i uint32
ip net.IP
)
i, ip = loopLong(loopCurIp, IpPool.IpLongMax, username, macAddr, uniqueMac)
if ip != nil {
loopCurIp = i
return ip
}
i, ip = loopLong(IpPool.IpLongMin, loopCurIp, username, macAddr, uniqueMac)
if ip != nil {
loopCurIp = i
return ip
}
base.Warn("no ip available, please see ip_map table row", username, macAddr)
return nil
}
func loopLong(start, end uint32, username, macAddr string, uniqueMac bool) (uint32, net.IP) {
var (
err error
tNow = time.Now()
leaseTime = time.Now().Add(-1 * time.Duration(base.Cfg.IpLease) * time.Second)
)
// 全局遍历超过租期和未保留的ip
for i := IpPool.IpLongMin; i <= IpPool.IpLongMax; i++ {
for i := start; i <= end; i++ {
ip := utils.Long2ip(i)
ipStr := ip.String()
@@ -172,11 +222,26 @@ func AcquireIp(username, macAddr string, uniqueMac bool) net.IP {
mi := &dbdata.IpMap{}
err = dbdata.One("ip_addr", ipStr, mi)
if err == nil {
if err != nil {
// 没有查询到数据
if dbdata.CheckErrNotFound(err) {
// 该ip没有被使用
mi = &dbdata.IpMap{IpAddr: ipStr, MacAddr: macAddr, UniqueMac: uniqueMac, Username: username, LastLogin: tNow}
_ = dbdata.Add(mi)
ipActive[ipStr] = true
return i, ip
}
// 查询报错
base.Error(err)
return 0, nil
}
// 查询到已经使用的ip
// 跳过保留ip
if mi.Keep {
continue
}
// 判断租期
if mi.LastLogin.Before(leaseTime) {
// 存在记录,说明已经超过租期,可以直接使用
mi.LastLogin = tNow
@@ -185,27 +250,11 @@ func AcquireIp(username, macAddr string, uniqueMac bool) net.IP {
// 回写db数据
_ = dbdata.Set(mi)
ipActive[ipStr] = true
return ip
return i, ip
}
}
if dbdata.CheckErrNotFound(err) {
// 该ip没有被使用
mi := &dbdata.IpMap{IpAddr: ipStr, MacAddr: macAddr, UniqueMac: uniqueMac, Username: username, LastLogin: tNow}
_ = dbdata.Add(mi)
ipActive[ipStr] = true
return ip
}
// 查询报错
if err != nil {
base.Error(err)
return nil
}
}
base.Warn("no ip available, please see ip_map table row")
return nil
return 0, nil
}
// 回收ip

49
server/sessdata/ip_pool_test.go
View File

@@ -6,6 +6,7 @@ import (
"os"
"path"
"testing"
"time"
"github.com/bjdgyc/anylink/base"
"github.com/bjdgyc/anylink/dbdata"
@@ -18,10 +19,12 @@ func preData(tmpDir string) {
base.Cfg.DbType = "sqlite3"
base.Cfg.DbSource = tmpDb
base.Cfg.Ipv4CIDR = "192.168.3.0/24"
base.Cfg.Ipv4Start = "192.168.3.1"
base.Cfg.Ipv4End = "192.168.3.199"
base.Cfg.Ipv4Gateway = "192.168.3.1"
base.Cfg.Ipv4Start = "192.168.3.100"
base.Cfg.Ipv4End = "192.168.3.150"
base.Cfg.MaxClient = 100
base.Cfg.MaxUserClient = 3
base.Cfg.IpLease = 5
dbdata.Start()
group := dbdata.Group{
@@ -46,22 +49,34 @@ func TestIpPool(t *testing.T) {
var ip net.IP
for i := 1; i <= 100; i++ {
_ = AcquireIp("user", fmt.Sprintf("mac-%d", i), true)
for i := 100; i <= 150; i++ {
_ = AcquireIp(getTestUser(i), getTestMacAddr(i), true)
}
ip = AcquireIp("user", "mac-new", true)
assert.True(net.IPv4(192, 168, 3, 101).Equal(ip))
for i := 102; i <= 199; i++ {
ip = AcquireIp("user", fmt.Sprintf("mac-%d", i), true)
}
assert.True(net.IPv4(192, 168, 3, 199).Equal(ip))
ip = AcquireIp("user", "mac-nil", true)
assert.Nil(ip)
ReleaseIp(net.IPv4(192, 168, 3, 88), "mac-88")
ReleaseIp(net.IPv4(192, 168, 3, 188), "mac-188")
// 回收
ReleaseIp(net.IPv4(192, 168, 3, 140), getTestMacAddr(140))
time.Sleep(time.Second * 6)
// 从头循环获取可用ip
ip = AcquireIp("user", "mac-188", true)
t.Log("mac-188", ip)
assert.True(net.IPv4(192, 168, 3, 188).Equal(ip))
user_new := getTestUser(210)
mac_new := getTestMacAddr(210)
ip = AcquireIp(user_new, mac_new, true)
t.Log("mac_new", ip)
assert.NotNil(ip)
assert.True(net.IPv4(192, 168, 3, 140).Equal(ip))
// 回收全部
for i := 100; i <= 150; i++ {
ReleaseIp(net.IPv4(192, 168, 3, byte(i)), getTestMacAddr(i))
}
}
func getTestUser(i int) string {
return fmt.Sprintf("user-%d", i)
}
func getTestMacAddr(i int) string {
// 前缀mac
macAddr := "02:00:00:00:00"
return fmt.Sprintf("%s:%x", macAddr, i)
}

28
server/sessdata/session.go
View File

@@ -54,6 +54,9 @@ type ConnSession struct {
PayloadOutDtls chan *Payload // Dtls的数据
// dSess *DtlsSession
dSess *atomic.Value
// compress
CstpPickCmp CmpEncoding
DtlsPickCmp CmpEncoding
}
type DtlsSession struct {
@@ -187,6 +190,7 @@ func (s *Session) NewConn() *ConnSession {
limit := LimitClient(username, false)
if !limit {
base.Warn("limit is full", username)
return nil
}
ip := AcquireIp(username, macAddr, uniqueMac)
@@ -359,6 +363,30 @@ func (cs *ConnSession) RateLimit(byt int, isUp bool) error {
return cs.Limit.Wait(byt)
}
func (cs *ConnSession) SetPickCmp(cate, encoding string) (string, bool) {
var cmpName string
if !base.Cfg.Compression {
return cmpName, false
}
var cmp CmpEncoding
switch {
// case strings.Contains(encoding, "oc-lz4"):
// cmpName = "oc-lz4"
// cmp = Lz4Cmp{}
case strings.Contains(encoding, "lzs"):
cmpName = "lzs"
cmp = LzsgoCmp{}
default:
return cmpName, false
}
if cate == "cstp" {
cs.CstpPickCmp = cmp
} else {
cs.DtlsPickCmp = cmp
}
return cmpName, true
}
func SToken2Sess(stoken string) *Session {
stoken = strings.TrimSpace(stoken)
sarr := strings.Split(stoken, "@")

25
server/sessdata/session_test.go
View File

@@ -1,8 +1,11 @@
package sessdata
import (
"fmt"
"testing"
"time"
"github.com/bjdgyc/anylink/base"
"github.com/stretchr/testify/assert"
)
@@ -22,11 +25,15 @@ func TestConnSession(t *testing.T) {
preData(tmp)
defer cleardata(tmp)
time.Sleep(time.Second * 10)
sess := NewSession("")
sess.Username = "user-test"
sess.Group = "group1"
sess.MacAddr = "00:15:5d:50:14:43"
cSess := sess.NewConn()
base.Info("cSess", cSess)
err := cSess.RateLimit(100, true)
ast.Nil(err)
@@ -34,5 +41,23 @@ func TestConnSession(t *testing.T) {
err = cSess.RateLimit(200, false)
ast.Nil(err)
ast.Equal(cSess.BandwidthDown.Load(), uint32(200))
var (
cmpName string
ok bool
)
base.Cfg.Compression = true
cmpName, ok = cSess.SetPickCmp("cstp", "oc-lz4,lzs")
fmt.Println(cmpName, ok)
ast.True(ok)
ast.Equal(cmpName, "lzs")
cmpName, ok = cSess.SetPickCmp("dtls", "lzs")
ast.True(ok)
ast.Equal(cmpName, "lzs")
cmpName, ok = cSess.SetPickCmp("dtls", "test")
ast.False(ok)
ast.Equal(cmpName, "")
cSess.Close()
}

9
systemd/anylink.service
View File

@@ -11,5 +11,14 @@ Restart=on-failure
RestartSec=5s
ExecStart=/usr/local/anylink-deploy/anylink --conf=/usr/local/anylink-deploy/conf/server.toml
# systemctl --version
# systemd older than v236
# ExecStart=/bin/bash -c 'exec /usr/local/anylink-deploy/anylink --conf=/usr/local/anylink-deploy/conf/server.toml >> /usr/local/anylink-deploy/log/anylink.log 2>&1'
# systemd new than v236
# StandardOutput=file:/usr/local/anylink-deploy/log/anylink.log
# StandardError=file:/usr/local/anylink-deploy/log/anylink.log
[Install]
WantedBy=multi-user.target

1
web/package.json
View File

@@ -12,6 +12,7 @@
"core-js": "^3.6.5",
"echarts": "^4.9.0",
"element-ui": "^2.4.5",
"qs": "^6.11.1",
"vue": "^2.6.11",
"vue-count-to": "^1.0.13",
"vue-router": "^3.5.2"

0
web/public/批量添加用户模版.xlsx Executable file → Normal file
View File

3
web/src/pages/Home.vue
View File

@@ -230,6 +230,9 @@ export default {
case "mem": this.formatMem(data); break;
}
}).catch(error => {
if (error.response.status === 401) {
return ;
}
this.$message.error('哦,请求出错');
console.log(error);
});

270
web/src/pages/group/List.vue
View File

@@ -47,7 +47,12 @@
<el-table-column
prop="bandwidth"
label="带宽限制">
label="带宽限制"
width="90">
<template slot-scope="scope">
<el-row v-if="scope.row.bandwidth > 0">{{ convertBandwidth(scope.row.bandwidth, 'BYTE', 'Mbps') }} Mbps</el-row>
<el-row v-else>不限</el-row>
</template>
</el-table-column>
<el-table-column
@@ -62,7 +67,7 @@
<el-table-column
prop="route_include"
label="路由包含"
width="200">
width="180">
<template slot-scope="scope">
<el-row v-for="(item,inx) in scope.row.route_include.slice(0, readMinRows)" :key="inx">{{ item.val }}</el-row>
<div v-if="scope.row.route_include.length > readMinRows">
@@ -77,7 +82,7 @@
<el-table-column
prop="route_exclude"
label="路由排除"
width="200">
width="180">
<template slot-scope="scope">
<el-row v-for="(item,inx) in scope.row.route_exclude.slice(0, readMinRows)" :key="inx">{{ item.val }}</el-row>
<div v-if="scope.row.route_exclude.length > readMinRows">
@@ -92,7 +97,7 @@
<el-table-column
prop="link_acl"
label="LINK-ACL"
min-width="200">
min-width="180">
<template slot-scope="scope">
<el-row v-for="(item,inx) in scope.row.link_acl.slice(0, readMinRows)" :key="inx">
{{ item.action }} => {{ item.val }} : {{ item.port }}
@@ -186,14 +191,15 @@
<el-input v-model="ruleForm.note"></el-input>
</el-form-item>
<el-form-item label="带宽限制" prop="bandwidth">
<el-input v-model.number="ruleForm.bandwidth">
<template slot="append">BYTE/S</template>
<el-form-item label="带宽限制" prop="bandwidth_format" style="width:260px;">
<el-input v-model="ruleForm.bandwidth_format" oninput="value= value.match(/\d+(\.\d{0,2})?/) ? value.match(/\d+(\.\d{0,2})?/)[0] : ''">
<template slot="append">Mbps</template>
</el-input>
</el-form-item>
<el-form-item label="排除本地网络" prop="allow_lan">
<el-switch
v-model="ruleForm.allow_lan">
v-model="ruleForm.allow_lan"
active-text="开启后 用户本地所在网段将不通过anylink加密传输">
</el-switch>
</el-form-item>
@@ -235,23 +241,23 @@
<el-radio label="ldap" border>LDAP</el-radio>
</el-radio-group>
</el-form-item>
<templete v-if="ruleForm.auth.type == 'radius'">
<template v-if="ruleForm.auth.type == 'radius'">
<el-form-item label="服务器地址" prop="auth.radius.addr" :rules="this.ruleForm.auth.type== 'radius' ? this.rules['auth.radius.addr'] : [{ required: false }]">
<el-input v-model="ruleForm.auth.radius.addr" placeholder="例如 ip:1812"></el-input>
</el-form-item>
<el-form-item label="密钥" prop="auth.radius.secret" :rules="this.ruleForm.auth.type== 'radius' ? this.rules['auth.radius.secret'] : [{ required: false }]">
<el-input v-model="ruleForm.auth.radius.secret" placeholder=""></el-input>
</el-form-item>
</templete>
</template>
<templete v-if="ruleForm.auth.type == 'ldap'">
<template v-if="ruleForm.auth.type == 'ldap'">
<el-form-item label="服务器地址" prop="auth.ldap.addr" :rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.addr'] : [{ required: false }]">
<el-input v-model="ruleForm.auth.ldap.addr" placeholder="例如 ip:389 / 域名:389"></el-input>
</el-form-item>
<el-form-item label="开启TLS" prop="auth.ldap.tls">
<el-switch v-model="ruleForm.auth.ldap.tls"></el-switch>
</el-form-item>
<el-form-item label="管理员账号" prop="auth.ldap.bind_name" :rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.bind_name'] : [{ required: false }]">
<el-form-item label="管理员 DN" prop="auth.ldap.bind_name" :rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.bind_name'] : [{ required: false }]">
<el-input v-model="ruleForm.auth.ldap.bind_name" placeholder="例如 CN=bindadmin,DC=abc,DC=COM"></el-input>
</el-form-item>
<el-form-item label="管理员密码" prop="auth.ldap.bind_pwd" :rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.bind_pwd'] : [{ required: false }]">
@@ -260,24 +266,32 @@
<el-form-item label="Base DN" prop="auth.ldap.base_dn" :rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.base_dn'] : [{ required: false }]">
<el-input v-model="ruleForm.auth.ldap.base_dn" placeholder="例如 DC=abc,DC=com"></el-input>
</el-form-item>
<el-form-item label="用户对象类" prop="auth.ldap.object_class" :rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.object_class'] : [{ required: false }]">
<el-input v-model="ruleForm.auth.ldap.object_class" placeholder="例如 person / user / posixAccount"></el-input>
</el-form-item>
<el-form-item label="用户唯一ID" prop="auth.ldap.search_attr" :rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.search_attr'] : [{ required: false }]">
<el-input v-model="ruleForm.auth.ldap.search_attr" placeholder="例如 sAMAccountName uid"></el-input>
<el-input v-model="ruleForm.auth.ldap.search_attr" placeholder="例如 sAMAccountName / uid / cn"></el-input>
</el-form-item>
<el-form-item label="受限用户组" prop="auth.ldap.member_of">
<el-input v-model="ruleForm.auth.ldap.member_of" placeholder="选填, 只允许指定组登入, 例如 CN=HomeWork,DC=abc,DC=com"></el-input>
</el-form-item>
</templete>
</template>
</el-tab-pane>
<el-tab-pane label="路由设置" name="route">
<el-form-item label="包含路由" prop="route_include">
<el-row class="msg-info">
<el-col :span="20">输入CIDR格式如: 192.168.1.0/24</el-col>
<el-col :span="4">
<el-col :span="18">输入CIDR格式如: 192.168.1.0/24</el-col>
<el-col :span="2">
<el-button size="mini" type="success" icon="el-icon-plus" circle
@click.prevent="addDomain(ruleForm.route_include)"></el-button>
</el-col>
<el-col :span="4">
<el-button size="mini" type="info" icon="el-icon-edit" circle
@click.prevent="openIpListDialog('route_include')"></el-button>
</el-col>
</el-row>
<templete v-if="activeTab == 'route'">
<el-row v-for="(item,index) in ruleForm.route_include"
:key="index" style="margin-bottom: 5px" :gutter="10">
<el-col :span="10">
@@ -291,16 +305,22 @@
@click.prevent="removeDomain(ruleForm.route_include,index)"></el-button>
</el-col>
</el-row>
</templete>
</el-form-item>
<el-form-item label="排除路由" prop="route_exclude">
<el-row class="msg-info">
<el-col :span="20">输入CIDR格式如: 192.168.2.0/24</el-col>
<el-col :span="4">
<el-col :span="18">输入CIDR格式如: 192.168.2.0/24</el-col>
<el-col :span="2">
<el-button size="mini" type="success" icon="el-icon-plus" circle
@click.prevent="addDomain(ruleForm.route_exclude)"></el-button>
</el-col>
<el-col :span="4">
<el-button size="mini" type="info" icon="el-icon-edit" circle
@click.prevent="openIpListDialog('route_exclude')"></el-button>
</el-col>
</el-row>
<templete v-if="activeTab == 'route'">
<el-row v-for="(item,index) in ruleForm.route_exclude"
:key="index" style="margin-bottom: 5px" :gutter="10">
<el-col :span="10">
@@ -314,6 +334,7 @@
@click.prevent="removeDomain(ruleForm.route_exclude,index)"></el-button>
</el-col>
</el-row>
</templete>
</el-form-item>
</el-tab-pane>
<el-tab-pane label="权限控制" name="link_acl">
@@ -356,16 +377,59 @@
</el-form-item>
<el-form-item label="排除域名" prop="ds_exclude_domains">
<el-input type="textarea" :rows="5" v-model="ruleForm.ds_exclude_domains" placeholder="输入域名用,号分隔,默认匹配所有子域名, 如baidu.com,163.com"></el-input>
<div class="msg-info">域名拆分隧道仅支持AnyConnect的桌面客户端不支持移动端.</div>
</el-form-item>
</el-tab-pane>
<el-form-item>
<templete v-if="activeTab == 'authtype' && ruleForm.auth.type != 'local'">
<el-button @click="openAuthLoginDialog()" style="margin-right:10px">测试登录</el-button>
</templete>
<el-button type="primary" @click="submitForm('ruleForm')">保存</el-button>
<el-button @click="closeDialog">取消</el-button>
</el-form-item>
</el-tabs>
</el-form>
</el-dialog>
<!--测试用户登录弹出框-->
<el-dialog
:close-on-click-modal="false"
title="测试用户登录"
:visible.sync="authLoginDialog"
width="600px"
custom-class="valgin-dialog"
center>
<el-form :model="authLoginForm" :rules="authLoginRules" ref="authLoginForm" label-width="100px">
<el-form-item label="账号" prop="name">
<el-input v-model="authLoginForm.name" ref="authLoginFormName" @keydown.enter.native="testAuthLogin"></el-input>
</el-form-item>
<el-form-item label="密码" prop="pwd">
<el-input type="password" v-model="authLoginForm.pwd" @keydown.enter.native="testAuthLogin"></el-input>
</el-form-item>
<el-form-item>
<el-button type="primary" @click="testAuthLogin()" :loading="authLoginLoading">登录</el-button>
<el-button @click="authLoginDialog = false"> </el-button>
</el-form-item>
</el-form>
</el-dialog>
<!--编辑模式弹窗-->
<el-dialog
:close-on-click-modal="false"
title="编辑模式"
:visible.sync="ipListDialog"
width="650px"
custom-class="valgin-dialog"
center>
<el-form ref="ipEditForm" label-width="80px">
<el-form-item label="路由表" prop="ip_list">
<el-input type="textarea" :rows="10" v-model="ipEditForm.ip_list" placeholder="每行一条路由192.168.1.0/24,备注 或 192.168.1.0/24"></el-input>
<div class="msg-info">当前共 {{ ipEditForm.ip_list.trim() === '' ? 0 : ipEditForm.ip_list.trim().split("\n").length }} AnyConnect客户端最多支持{{ this.maxRouteRows }}条路由</div>
</el-form-item>
<el-form-item>
<el-button type="primary" @click="ipEdit()" :loading="ipEditLoading">更新</el-button>
<el-button @click="ipListDialog = false"> </el-button>
</el-form-item>
</el-form>
</el-dialog>
</div>
</template>
@@ -392,6 +456,7 @@ export default {
activeTab : "general",
readMore: {},
readMinRows : 5,
maxRouteRows : 2500,
defAuth : {
type:'local',
radius:{addr:"", secret:""},
@@ -399,6 +464,7 @@ export default {
addr:"",
tls:false,
base_dn:"",
object_class:"person",
search_attr:"sAMAccountName",
member_of:"",
bind_name:"",
@@ -407,6 +473,7 @@ export default {
},
ruleForm: {
bandwidth: 0,
bandwidth_format: '0',
status: 1,
allow_lan: true,
client_dns: [{val: '114.114.114.114'}],
@@ -415,14 +482,35 @@ export default {
link_acl: [],
auth : {},
},
authLoginDialog : false,
ipListDialog : false,
authLoginLoading : false,
authLoginForm : {
name : "",
pwd : "",
},
ipEditForm: {
ip_list: "",
type : "",
},
ipEditLoading : false,
authLoginRules: {
name: [
{required: true, message: '请输入账号', trigger: 'blur'},
],
pwd: [
{required: true, message: '请输入密码', trigger: 'blur'},
{min: 6, message: '长度至少 6 个字符', trigger: 'blur'}
],
},
rules: {
name: [
{required: true, message: '请输入组名', trigger: 'blur'},
{max: 30, message: '长度小于 30 个字符', trigger: 'blur'}
],
bandwidth: [
bandwidth_format: [
{required: true, message: '请输入带宽限制', trigger: 'blur'},
{type: 'number', message: '带宽限制必须为数字值'}
{type: 'string', message: '带宽限制必须为数字值'}
],
status: [
{required: true}
@@ -437,7 +525,7 @@ export default {
{required: true, message: '请输入服务器地址(含端口)', trigger: 'blur'}
],
"auth.ldap.bind_name": [
{required: true, message: '请输入管理员账号', trigger: 'blur'}
{required: true, message: '请输入管理员 DN', trigger: 'blur'}
],
"auth.ldap.bind_pwd": [
{required: true, message: '请输入管理员密码', trigger: 'blur'}
@@ -445,6 +533,9 @@ export default {
"auth.ldap.base_dn": [
{required: true, message: '请输入Base DN值', trigger: 'blur'}
],
"auth.ldap.object_class": [
{required: true, message: '请输入用户对象类', trigger: 'blur'}
],
"auth.ldap.search_attr": [
{required: true, message: '请输入用户唯一ID', trigger: 'blur'}
],
@@ -457,6 +548,9 @@ export default {
this.ruleForm.auth = JSON.parse(JSON.stringify(this.defAuth));
return ;
}
if (row.auth.type == "ldap" && ! row.auth.ldap.object_class) {
row.auth.ldap.object_class = this.defAuth.ldap.object_class;
}
this.ruleForm.auth = Object.assign(JSON.parse(JSON.stringify(this.defAuth)), row.auth);
},
handleDel(row) {
@@ -487,6 +581,7 @@ export default {
id: row.id,
}
}).then(resp => {
resp.data.data.bandwidth_format = this.convertBandwidth(resp.data.data.bandwidth, 'BYTE', 'Mbps').toString();
this.ruleForm = resp.data.data;
this.setAuthData(resp.data.data);
}).catch(error => {
@@ -533,6 +628,7 @@ export default {
console.log('error submit!!');
return false;
}
this.ruleForm.bandwidth = this.convertBandwidth(this.ruleForm.bandwidth_format, 'Mbps', 'BYTE');
axios.post('/group/set', this.ruleForm).then(resp => {
const rdata = resp.data;
if (rdata.code === 0) {
@@ -549,6 +645,108 @@ export default {
});
});
},
testAuthLogin() {
this.$refs["authLoginForm"].validate((valid) => {
if (!valid) {
console.log('error submit!!');
return false;
}
this.authLoginLoading = true;
axios.post('/group/auth_login', {name:this.authLoginForm.name,
pwd:this.authLoginForm.pwd,
auth:this.ruleForm.auth}).then(resp => {
const rdata = resp.data;
if (rdata.code === 0) {
this.$message.success("登录成功");
} else {
this.$message.error(rdata.msg);
}
this.authLoginLoading = false;
console.log(rdata);
}).catch(error => {
this.$message.error('哦,请求出错');
console.log(error);
this.authLoginLoading = false;
});
});
},
openAuthLoginDialog() {
this.$refs["ruleForm"].validate((valid) => {
if (!valid) {
console.log('error submit!!');
return false;
}
this.authLoginDialog = true;
// set authLoginFormName focus
this.$nextTick(() => {
this.$refs['authLoginFormName'].focus();
});
});
},
openIpListDialog(type) {
this.ipListDialog = true;
this.ipEditForm.type = type;
this.ipEditForm.ip_list = this.ruleForm[type].map(item => item.val + (item.note ? "," + item.note : "")).join("\n");
},
ipEdit() {
this.ipEditLoading = true;
let ipList = [];
if (this.ipEditForm.ip_list.trim() !== "") {
ipList = this.ipEditForm.ip_list.trim().split("\n");
}
let arr = [];
for (let i = 0; i < ipList.length; i++) {
let item = ipList[i];
if (item.trim() === "") {
continue;
}
let ip = item.split(",");
if (ip.length > 2) {
ip[1] = ip.slice(1).join(",");
}
let note = ip[1] ? ip[1] : "";
const pushToArr = () => {
arr.push({val: ip[0], note: note});
};
if (this.ipEditForm.type == "route_include" && ip[0] == "all") {
pushToArr();
continue;
}
let valid = this.isValidCIDR(ip[0]);
if (!valid.valid) {
this.$message.error("错误CIDR格式错误建议 " + ip[0] + " 改为 " + valid.suggestion);
this.ipEditLoading = false;
return;
}
pushToArr();
}
this.ruleForm[this.ipEditForm.type] = arr;
this.ipEditLoading = false;
this.ipListDialog = false;
},
isValidCIDR(input) {
const cidrRegex = /^((25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(25[0-5]|2[0-4]\d|[01]?\d\d?)\/([12]?\d|3[0-2])$/;
if (!cidrRegex.test(input)) {
return { valid: false, suggestion: null };
}
const [ip, mask] = input.split('/');
const maskNum = parseInt(mask);
const ipParts = ip.split('.').map(part => parseInt(part));
const binaryIP = ipParts.map(part => part.toString(2).padStart(8, '0')).join('');
for (let i = maskNum; i < 32; i++) {
if (binaryIP[i] === '1') {
const binaryNetworkPart = binaryIP.substring(0, maskNum).padEnd(32, '0');
const networkIPParts = [];
for (let j = 0; j < 4; j++) {
const octet = binaryNetworkPart.substring(j * 8, (j + 1) * 8);
networkIPParts.push(parseInt(octet, 2));
}
const suggestedIP = networkIPParts.join('.');
return { valid: false, suggestion: `${suggestedIP}/${mask}` };
}
}
return { valid: true, suggestion: null };
},
resetForm(formName) {
this.$refs[formName].resetFields();
},
@@ -579,6 +777,18 @@ export default {
closeDialog() {
this.user_edit_dialog = false;
this.activeTab = "general";
},
convertBandwidth(bandwidth, fromUnit, toUnit) {
const units = {
bps: 1,
Kbps: 1000,
Mbps: 1000000,
Gbps: 1000000000,
BYTE: 8,
};
const result = bandwidth * units[fromUnit] / units[toUnit];
const fixedResult = result.toFixed(2);
return parseFloat(fixedResult);
}
},
}
@@ -598,4 +808,20 @@ export default {
.el-select {
width: 80px;
}
::v-deep .valgin-dialog{
display: flex;
flex-direction: column;
margin:0 !important;
position:absolute;
top:50%;
left:50%;
transform:translate(-50%,-50%);
max-height:calc(100% - 30px);
max-width:calc(100% - 30px);
}
::v-deep .valgin-dialog .el-dialog__body{
flex:1;
overflow: auto;
}
</style>

486
web/src/pages/set/Other.vue
View File

@@ -2,7 +2,13 @@
<el-card>
<el-tabs v-model="activeName" @tab-click="handleClick">
<el-tab-pane label="邮件配置" name="dataSmtp">
<el-form :model="dataSmtp" ref="dataSmtp" :rules="rules" label-width="100px" class="tab-one">
<el-form
:model="dataSmtp"
ref="dataSmtp"
:rules="rules"
label-width="100px"
class="tab-one"
>
<el-form-item label="服务器地址" prop="host">
<el-input v-model="dataSmtp.host"></el-input>
</el-form-item>
@@ -13,7 +19,11 @@
<el-input v-model="dataSmtp.username"></el-input>
</el-form-item>
<el-form-item label="密码" prop="password">
<el-input type="password" v-model="dataSmtp.password" placeholder="密码为空则不修改"></el-input>
<el-input
type="password"
v-model="dataSmtp.password"
placeholder="密码为空则不修改"
></el-input>
</el-form-item>
<el-form-item label="加密类型" prop="encryption">
<el-radio-group v-model="dataSmtp.encryption">
@@ -26,21 +36,49 @@
<el-input v-model="dataSmtp.from"></el-input>
</el-form-item>
<el-form-item>
<el-button type="primary" @click="submitForm('dataSmtp')">保存</el-button>
<el-button type="primary" @click="submitForm('dataSmtp')"
>保存</el-button
>
<el-button @click="resetForm('dataSmtp')">重置</el-button>
</el-form-item>
</el-form>
</el-tab-pane>
<el-tab-pane label="审计日志" name="dataAuditLog">
<el-form :model="dataAuditLog" ref="dataAuditLog" :rules="rules" label-width="100px" class="tab-one">
<el-form
:model="dataAuditLog"
ref="dataAuditLog"
:rules="rules"
label-width="100px"
class="tab-one"
>
<el-form-item label="审计去重间隔" prop="audit_interval">
<el-input-number v-model="dataAuditLog.audit_interval" :min="-1" size="small" label="秒" :disabled="true"></el-input-number>
<p class="input_tip">请手动修改配置文件中的 audit_interval 参数后再重启服务, <strong style="color:#EA3323;">-1 代表关闭审计日志</strong></p>
<el-input-number
v-model="dataAuditLog.audit_interval"
:min="-1"
size="small"
label="秒"
:disabled="true"
></el-input-number>
<p class="input_tip">
请手动修改配置文件中的 audit_interval 参数后再重启服务,
<strong style="color: #ea3323">-1 代表关闭审计日志</strong>
</p>
</el-form-item>
<el-form-item label="存储时长" prop="life_day">
<el-input-number v-model="dataAuditLog.life_day" :min="0" :max="365" size="small" label="天数"></el-input-number>
<p class="input_tip">范围: 0 ~ 365 , <strong style="color:#EA3323;">0 代表永久保存</strong></p>
<el-input-number
v-model="dataAuditLog.life_day"
:min="0"
:max="365"
size="small"
label="天数"
></el-input-number>
<p class="input_tip">
范围: 0 ~ 365 ,
<strong style="color: #ea3323">0 代表永久保存</strong>
</p>
</el-form-item>
<el-form-item label="清理时间" prop="clear_time">
<el-time-select
@@ -48,27 +86,152 @@
:picker-options="{
start: '00:00',
step: '01:00',
end: '23:00'
end: '23:00',
}"
editable=false,
editable="false,"
size="small"
placeholder="请选择"
style="width:130px;">
style="width: 130px"
>
</el-time-select>
</el-form-item>
<el-form-item>
<el-button type="primary" @click="submitForm('dataAuditLog')">保存</el-button>
<el-button type="primary" @click="submitForm('dataAuditLog')"
>保存</el-button
>
<el-button @click="resetForm('dataAuditLog')">重置</el-button>
</el-form-item>
</el-form>
</el-tab-pane>
<el-tab-pane label="证书设置" name="datacertManage">
<el-tabs
tab-position="left"
v-model="datacertManage"
@tab-click="handleClick"
>
<el-tab-pane label="自定义证书" name="customCert">
<el-form
ref="customCert"
:model="customCert"
label-width="100px"
size="small"
class="tab-one"
>
<el-form-item>
<el-upload
class="uploadCert"
:before-upload="beforeCertUpload"
:action="certUpload"
:limit="1"
>
<el-button size="mini" icon="el-icon-plus" slot="trigger"
>证书文件</el-button
>
<el-tooltip
class="item"
effect="dark"
content="请上传 .pem 格式的 cert 文件"
placement="top"
>
<i class="el-icon-info"></i>
</el-tooltip>
</el-upload>
</el-form-item>
<el-form-item>
<el-upload
class="uploadCert"
:before-upload="beforeKeyUpload"
:action="certUpload"
:limit="1"
>
<el-button size="mini" icon="el-icon-plus" slot="trigger"
>私钥文件</el-button
>
<el-tooltip
class="item"
effect="dark"
content="请上传 .pem 格式的 key 文件"
placement="top"
>
<i class="el-icon-info"></i>
</el-tooltip>
</el-upload>
</el-form-item>
<el-form-item>
<el-button
size="small"
icon="el-icon-upload"
type="primary"
@click="submitForm('customCert')"
>上传</el-button
>
</el-form-item>
</el-form>
</el-tab-pane>
<el-tab-pane label="Let's Encrypt证书" name="letsCert">
<el-form
:model="letsCert"
ref="letsCert"
:rules="rules"
label-width="120px"
size="small"
class="tab-one"
>
<el-form-item label="域名" prop="domain">
<el-input v-model="letsCert.domain"></el-input>
</el-form-item>
<el-form-item label="邮箱" prop="legomail">
<el-input v-model="letsCert.legomail"></el-input>
</el-form-item>
<el-form-item label="域名服务商" prop="name">
<el-radio-group v-model="letsCert.name">
<el-radio label="aliyun">阿里云</el-radio>
<el-radio label="txcloud">腾讯云</el-radio>
<el-radio label="cfcloud">cloudflare</el-radio>
</el-radio-group>
</el-form-item>
<el-form-item
v-for="component in dnsProvider[letsCert.name]"
:key="component.prop"
:label="component.label"
:rules="component.rules"
>
<component
:is="component.component"
:type="component.type"
v-model="letsCert[letsCert.name][component.prop]"
></component>
</el-form-item>
<el-form-item>
<el-switch
style="display: block"
v-model="letsCert.renew"
active-color="#13ce66"
inactive-color="#ff4949"
inactive-text="自动续期"
>
</el-switch>
</el-form-item>
<el-form-item>
<el-button type="primary" @click="submitForm('letsCert')"
>申请</el-button
>
<el-button @click="resetForm('letsCert')">重置</el-button>
</el-form-item>
</el-form>
</el-tab-pane>
</el-tabs>
</el-tab-pane>
<el-tab-pane label="其他设置" name="dataOther">
<el-form :model="dataOther" ref="dataOther" :rules="rules" label-width="100px" class="tab-one">
<el-form
:model="dataOther"
ref="dataOther"
:rules="rules"
label-width="100px"
class="tab-one"
>
<el-form-item label="vpn对外地址" prop="link_addr">
<el-input
placeholder="请输入内容"
v-model="dataOther.link_addr">
<el-input placeholder="请输入内容" v-model="dataOther.link_addr">
</el-input>
</el-form-item>
@@ -77,17 +240,22 @@
type="textarea"
:rows="5"
placeholder="请输入内容"
v-model="dataOther.banner">
v-model="dataOther.banner"
>
</el-input>
</el-form-item>
<el-form-item label="自定义首页" prop="homeindex">
<el-input
type="textarea"
:rows="5"
:rows="10"
placeholder="请输入内容"
v-model="dataOther.homeindex">
v-model="dataOther.homeindex"
>
</el-input>
<el-tooltip content="自定义内容可以参考 home 目录下的文件" placement="top">
<i class="el-icon-question"></i>
</el-tooltip>
</el-form-item>
<el-form-item label="账户开通邮件" prop="account_mail">
@@ -95,7 +263,8 @@
type="textarea"
:rows="10"
placeholder="请输入内容"
v-model="dataOther.account_mail">
v-model="dataOther.account_mail"
>
</el-input>
</el-form-item>
@@ -103,17 +272,19 @@
<iframe
width="500px"
height="300px"
:srcdoc="dataOther.account_mail">
:srcdoc="dataOther.account_mail"
>
</iframe>
</el-form-item>
<el-form-item>
<el-button type="primary" @click="submitForm('dataOther')">保存</el-button>
<el-button type="primary" @click="submitForm('dataOther')"
>保存</el-button
>
<el-button @click="resetForm('dataOther')">重置</el-button>
</el-form-item>
</el-form>
</el-tab-pane>
</el-tabs>
</el-card>
</template>
@@ -124,25 +295,123 @@ import axios from "axios";
export default {
name: "Other",
created() {
this.$emit('update:route_path', this.$route.path)
this.$emit('update:route_name', ['基础信息', '其他设置'])
this.$emit("update:route_path", this.$route.path);
this.$emit("update:route_name", ["基础信息", "其他设置"]);
},
mounted() {
this.getSmtp()
this.getSmtp();
},
data() {
return {
activeName: 'dataSmtp',
activeName: "dataSmtp",
datacertManage: "customCert",
dataSmtp: {},
dataAuditLog: {},
letsCert: {
domain: ``,
legomail: ``,
name: "",
renew: "",
aliyun: {
apiKey: "",
secretKey: "",
},
txcloud: {
secretId: "",
secretKey: "",
},
cfcloud: {
authToken: "",
},
},
customCert: { cert: "", key: "" },
dataOther: {},
rules: {
host: {required: true, message: '请输入服务器地址', trigger: 'blur'},
host: { required: true, message: "请输入服务器地址", trigger: "blur" },
port: [
{required: true, message: '请输入服务器端口', trigger: 'blur'},
{type: 'number', message: '请输入正确的服务器端口', trigger: ['blur', 'change']}
{ required: true, message: "请输入服务器端口", trigger: "blur" },
{
type: "number",
message: "请输入正确的服务器端口",
trigger: ["blur", "change"],
},
],
issuer: { required: true, message: "请输入系统名称", trigger: "blur" },
domain: {
required: true,
message: "请输入需要申请证书的域名",
trigger: "blur",
},
legomail: {
required: true,
message: "请输入申请证书的邮箱地址",
trigger: "blur",
},
name: { required: true, message: "请选择域名服务商", trigger: "blur" },
},
certUpload: "/set/other/customcert",
dnsProvider: {
aliyun: [
{
label: "APIKey",
prop: "apiKey",
component: "el-input",
type: "password",
rules: {
required: true,
message: "请输入正确的APIKey",
trigger: "blur",
},
},
{
label: "SecretKey",
prop: "secretKey",
component: "el-input",
type: "password",
rules: {
required: true,
message: "请输入正确的SecretKey",
trigger: "blur",
},
},
],
txcloud: [
{
label: "SecretID",
prop: "secretId",
component: "el-input",
type: "password",
rules: {
required: true,
message: "请输入正确的APIKey",
trigger: "blur",
},
},
{
label: "SecretKey",
prop: "secretKey",
component: "el-input",
type: "password",
rules: {
required: true,
message: "请输入正确的APIKey",
trigger: "blur",
},
},
],
cfcloud: [
{
label: "AuthToken",
prop: "authToken",
component: "el-input",
type: "password",
rules: {
required: true,
message: "请输入正确的AuthToken",
trigger: "blur",
},
},
],
issuer: {required: true, message: '请输入系统名称', trigger: 'blur'},
},
};
},
@@ -151,108 +420,184 @@ export default {
window.console.log(tab.name, event);
switch (tab.name) {
case "dataSmtp":
this.getSmtp()
break
this.getSmtp();
break;
case "dataAuditLog":
this.getAuditLog()
break
this.getAuditLog();
break;
case "letsCert":
this.getletsCert();
break;
case "dataOther":
this.getOther()
break
this.getOther();
break;
}
},
beforeCertUpload(file) {
// if (file.type !== 'application/x-pem-file') {
// this.$message.error('只能上传 .pem 格式的证书文件')
// return false
// }
this.customCert.cert = file;
},
beforeKeyUpload(file) {
// if (file.type !== 'application/x-pem-file') {
// this.$message.error('只能上传 .pem 格式的私钥文件')
// return false
// }
this.customCert.key = file;
},
getSmtp() {
axios.get('/set/other/smtp').then(resp => {
let rdata = resp.data
console.log(rdata)
axios
.get("/set/other/smtp")
.then((resp) => {
let rdata = resp.data;
console.log(rdata);
if (rdata.code !== 0) {
this.$message.error(rdata.msg);
return;
}
this.dataSmtp = rdata.data
}).catch(error => {
this.$message.error('哦,请求出错');
this.dataSmtp = rdata.data;
})
.catch((error) => {
this.$message.error("哦,请求出错");
console.log(error);
});
},
getAuditLog() {
axios.get('/set/other/audit_log').then(resp => {
let rdata = resp.data
console.log(rdata)
axios
.get("/set/other/audit_log")
.then((resp) => {
let rdata = resp.data;
console.log(rdata);
if (rdata.code !== 0) {
this.$message.error(rdata.msg);
return;
}
this.dataAuditLog = rdata.data
}).catch(error => {
this.$message.error('哦,请求出错');
this.dataAuditLog = rdata.data;
})
.catch((error) => {
this.$message.error("哦,请求出错");
console.log(error);
});
},
getletsCert() {
axios
.get("/set/other/getcertset")
.then((resp) => {
let rdata = resp.data;
console.log(rdata);
if (rdata.code !== 0) {
this.$message.error(rdata.msg);
return;
}
this.letsCert = Object.assign({}, this.letsCert, rdata.data);
})
.catch((error) => {
this.$message.error("哦,请求出错");
console.log(error);
});
},
getOther() {
axios.get('/set/other').then(resp => {
let rdata = resp.data
console.log(rdata)
axios
.get("/set/other")
.then((resp) => {
let rdata = resp.data;
console.log(rdata);
if (rdata.code !== 0) {
this.$message.error(rdata.msg);
return;
}
this.dataOther = rdata.data
}).catch(error => {
this.$message.error('哦,请求出错');
this.dataOther = rdata.data;
})
.catch((error) => {
this.$message.error("哦,请求出错");
console.log(error);
});
},
submitForm(formName) {
this.$refs[formName].validate((valid) => {
if (!valid) {
alert('error submit!');
alert("error submit!");
}
switch (formName) {
case "dataSmtp":
axios.post('/set/other/smtp/edit', this.dataSmtp).then(resp => {
var rdata = resp.data
axios.post("/set/other/smtp/edit", this.dataSmtp).then((resp) => {
var rdata = resp.data;
console.log(rdata);
if (rdata.code === 0) {
this.$message.success(rdata.msg);
} else {
this.$message.error(rdata.msg);
}
})
});
break;
case "dataAuditLog":
axios.post('/set/other/audit_log/edit', this.dataAuditLog).then(resp => {
var rdata = resp.data
axios
.post("/set/other/audit_log/edit", this.dataAuditLog)
.then((resp) => {
var rdata = resp.data;
console.log(rdata);
if (rdata.code === 0) {
this.$message.success(rdata.msg);
} else {
this.$message.error(rdata.msg);
}
})
});
break;
case "letsCert":
var loading = this.$loading({
lock: true,
text: "证书申请中...",
spinner: "el-icon-loading",
background: "rgba(0, 0, 0, 0.7)",
});
axios.post("/set/other/createcert", this.letsCert).then((resp) => {
var rdata = resp.data;
console.log(rdata);
if (rdata.code === 0) {
loading.close();
this.$message.success(rdata.msg);
} else {
loading.close();
this.$message.error(rdata.msg);
}
});
break;
case "customCert":
var formData = new FormData();
formData.append("cert", this.customCert.cert);
formData.append("key", this.customCert.key);
axios.post(this.certUpload, formData).then((resp) => {
var rdata = resp.data;
console.log(rdata);
if (rdata.code === 0) {
this.$message.success(rdata.msg);
} else {
this.$message.error(rdata.msg);
}
});
break;
case "dataOther":
axios.post('/set/other/edit', this.dataOther).then(resp => {
var rdata = resp.data
axios.post("/set/other/edit", this.dataOther).then((resp) => {
var rdata = resp.data;
console.log(rdata);
if (rdata.code === 0) {
this.$message.success(rdata.msg);
} else {
this.$message.error(rdata.msg);
}
})
});
break;
}
});
},
resetForm(formName) {
this.$refs[formName].resetFields();
}
},
}
},
};
</script>
<style scoped>
@@ -264,5 +609,4 @@ export default {
line-height: 1.428;
margin: 2px 0 0 0;
}
</style>

8
web/src/pages/user/IpMap.vue
View File

@@ -11,6 +11,14 @@
@click="handleEdit('')">添加
</el-button>
</el-form-item>
<!--
<el-form-item>
<el-alert
title="直接操作数据库增删改数据后请重启anylink服务"
type="warning">
</el-alert>
</el-form-item>
-->
</el-form>
<el-table

7
web/yarn.lock
View File

@@ -6759,6 +6759,13 @@ qs@6.9.7:
resolved "https://registry.yarnpkg.com/qs/-/qs-6.9.7.tgz#4610846871485e1e048f44ae3b94033f0e675afe"
integrity sha512-IhMFgUmuNpyRfxA90umL7ByLlgRXu6tIfKPpF5TmcfRLlLCckfP/g3IQmju6jjpu+Hh8rA+2p6A27ZSPOOHdKw==
qs@^6.11.1:
version "6.11.1"
resolved "https://registry.npmmirror.com/qs/-/qs-6.11.1.tgz#6c29dff97f0c0060765911ba65cbc9764186109f"
integrity sha512-0wsrzgTz/kAVIeuxSjnpGC56rzYtr6JT/2BwEvMaPhFIoYa1aGO8LbzuU1R0uUYQkLpWBTOj0l/CLAJB64J6nQ==
dependencies:
side-channel "^1.0.4"
qs@~6.5.2:
version "6.5.3"
resolved "https://registry.yarnpkg.com/qs/-/qs-6.5.3.tgz#3aeeffc91967ef6e35c0e488ef46fb296ab76aad"