7x31/anylink
1
0
Fork 0
mirror of https://github.com/bjdgyc/anylink.git synced 2025-09-28 16:15:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: 7x31:v0.9.3
Branches Tags
7x31:main
7x31:v0.13.1 7x31:v0.12.2 7x31:v0.12.1 7x31:v0.11.4 7x31:v0.11.3 7x31:v0.11.2 7x31:v0.11.1 7x31:v0.10.1 7x31:v0.9.4 7x31:v0.9.3 7x31:v0.9.2-beta2 7x31:v0.9.2-beta1 7x31:v0.9.1-beta1 7x31:v0.8.1 7x31:v0.7.4 7x31:v0.7.3 7x31:v0.7.2 7x31:v0.7.1 7x31:v0.6.2 7x31:v0.6.1 7x31:v0.5.1 7x31:v0.4.2 7x31:v0.4.1 7x31:v0.3.3 7x31:v0.3.1 7x31:v0.2.1 7x31:v0.1.8 7x31:v0.1.7 7x31:v0.1.6 7x31:v0.1.0 7x31:v0.0.8 7x31:v0.0.6
...
compare: 7x31:v0.11.1
Branches Tags
7x31:main
7x31:v0.13.1 7x31:v0.12.2 7x31:v0.12.1 7x31:v0.11.4 7x31:v0.11.3 7x31:v0.11.2 7x31:v0.11.1 7x31:v0.10.1 7x31:v0.9.4 7x31:v0.9.3 7x31:v0.9.2-beta2 7x31:v0.9.2-beta1 7x31:v0.9.1-beta1 7x31:v0.8.1 7x31:v0.7.4 7x31:v0.7.3 7x31:v0.7.2 7x31:v0.7.1 7x31:v0.6.2 7x31:v0.6.1 7x31:v0.5.1 7x31:v0.4.2 7x31:v0.4.1 7x31:v0.3.3 7x31:v0.3.1 7x31:v0.2.1 7x31:v0.1.8 7x31:v0.1.7 7x31:v0.1.6 7x31:v0.1.0 7x31:v0.0.8 7x31:v0.0.6

138 Commits
v0.9.3 ... v0.11.1

Author SHA1 Message Date
bjdgy
5d4a9c0082 test 2024-02-04 19:57:07 +08:00
bjdgy
8bd8651fd7 删除armv7 2024-02-04 00:01:24 +08:00
bjdgy
545ddb337f 删除静态编译 2024-02-02 19:24:02 +08:00
bjdgy
d53ab80848 删除静态编译 2024-02-02 19:22:13 +08:00
bjdgyc
6c1f29ba3a 修复build错误 2024-02-02 18:59:34 +08:00
bjdgyc
947339384b 更新版本 2024-02-01 17:27:00 +08:00
bjdgyc
0849c6049b 更新版本 2024-02-01 17:20:44 +08:00
bjdgyc
936c44e866 优化编译脚本 2024-02-01 17:18:16 +08:00
bjdgyc
02bc75b27a 优化编译脚本 2024-02-01 16:12:41 +08:00
bjdgy
1aa8c83d58 修复go test报错 2024-01-31 22:56:59 +08:00
bjdgy
7554876259 修复go test报错 2024-01-31 22:47:54 +08:00
bjdgyc
2fc3c33880 添加 deploy 部署脚本 
优化应用易用性
 2024-01-31 17:44:35 +08:00
bjdgy
d45ecbf3b7 添加 Release 2024-01-30 21:26:09 +08:00
bjdgy
54c2d95dd5 添加 Release 2024-01-30 21:21:42 +08:00
bjdgy
7eb8cc2077 添加 Release 2024-01-30 21:03:28 +08:00
bjdgyc
fbd799f9f9 添加 Release 2024-01-30 18:23:09 +08:00
bjdgyc
f9ff92d73d 修改 docker 编译 2024-01-30 11:06:15 +08:00
bjdgy
10a335dc3d 修改 docker 编译 2024-01-29 22:25:41 +08:00
bjdgy
cd5652215f 修改 docker 编译 2024-01-29 22:17:01 +08:00
bjdgy
b153997cf1 修改 docker 编译 2024-01-29 22:13:40 +08:00
bjdgy
d5046a4f53 修改 docker 编译 2024-01-29 22:11:15 +08:00
bjdgy
b7fbbdc58c 修改 docker 编译 2024-01-29 22:07:52 +08:00
bjdgy
39b28f23c0 修改 docker 编译 2024-01-29 21:47:42 +08:00
bjdgy
aa09d928c3 修改 docker 编译 2024-01-29 21:34:03 +08:00
bjdgy
9099aea122 修改 docker 编译 2024-01-29 21:26:38 +08:00
bjdgy
ef3f2aba4c 修改 docker 编译 2024-01-29 21:11:40 +08:00
bjdgy
3c015651ef 修改 docker 编译 2024-01-29 20:59:34 +08:00
bjdgy
6a598b2570 修改 docker 编译 2024-01-29 20:50:55 +08:00
bjdgyc
1f47e3e254 修改 docker 编译 2024-01-29 17:56:39 +08:00
bjdgyc
79b7f0c88e 修改 docker 编译 2024-01-29 17:50:28 +08:00
bjdgyc
289f748543 修改 docker 编译 2024-01-29 17:47:46 +08:00
bjdgyc
4f77fd9013 添加 release.sh 脚本 2024-01-29 15:11:10 +08:00
bjdgyc
769c304e9a 添加 release.sh 脚本 2024-01-29 14:40:12 +08:00
bjdgyc
a5d9764d35 添加 release.sh 脚本 2024-01-29 14:32:41 +08:00
bjdgyc
f47fbd0252 添加 release.sh 脚本 2024-01-29 14:30:15 +08:00
bjdgyc
41278f722d Update build.sh 2024-01-29 00:25:18 +08:00
bjdgyc
87e50e8e0d Update build.sh 2024-01-29 00:21:51 +08:00
bjdgyc
5371e4530f Update release-tag-version.yml 2024-01-29 00:19:56 +08:00
bjdgyc
9d5f5719d8 Merge pull request #290 from bjdgyc/dev 
添加github action编译
 2024-01-29 00:15:27 +08:00
bjdgy
911b96cc74 修改readme 2024-01-29 00:09:48 +08:00
bjdgyc
13de601474 修改readme 2024-01-24 10:08:48 +08:00
bjdgyc
56576cb22a 修改配置参数 2024-01-23 17:38:48 +08:00
bjdgyc
70f3e46ef7 修改配置参数 2024-01-23 14:28:11 +08:00
bjdgy
1592a1f01b fix 2024-01-22 22:49:27 +08:00
bjdgy
279498e37e 更改 http server log 2024-01-22 21:18:26 +08:00
bjdgyc
9ed8b1a9f1 更新证书信息 2024-01-22 15:12:10 +08:00
bjdgyc
31a1035267 更新证书信息 2024-01-22 15:06:05 +08:00
bjdgyc
5731d9a01c 修复otp二维码 不显示的问题 2024-01-22 13:21:12 +08:00
bjdgyc
c63604aba3 修复otp二维码 不显示的问题 2024-01-22 10:38:20 +08:00
bjdgyc
7c3ed549d0 增加 用户名或姓名或邮箱 搜索支持 2024-01-15 17:46:47 +08:00
bjdgyc
4a33b42726 Merge remote-tracking branch 'origin/dev' into dev 2024-01-15 17:31:48 +08:00
bjdgyc
da92c111e7 增加 用户名或姓名或邮箱 搜索支持 2024-01-15 17:30:58 +08:00
bjdgyc
634c8c8145 Update go-update.yml 2024-01-15 15:50:39 +08:00
bjdgyc
3408198d2d 修改说明文件 2024-01-15 15:21:39 +08:00
bjdgyc
1df0f60ed3 Update go-update.yml 2024-01-15 10:10:30 +08:00
bjdgyc
1f5d7d0dab Merge pull request #288 from Potterli20/patch-1 
update go.mod 7day
 2024-01-15 10:07:09 +08:00
trli
e73504b4b6 Create go-update.yml 2024-01-15 09:52:44 +08:00
bjdgy
2e86547e97 修复 DPD-REQ 协议 2023-12-31 22:39:29 +08:00
bjdgyc
970213f269 Merge pull request #285 from itviewer/dev 
遵循 DPD-REQ 协议,修复 OpenConnect DTLS 的 MTU 探测
 2023-12-31 21:53:03 +08:00
XinJun Ma
ffd68d6c81 遵循 DPD-REQ 协议,修复 OpenConnect DTLS 的 MTU 探测 2023-12-31 18:36:02 +08:00
bjdgyc
3f072242f4 添加 空闲链接超时自动断开 2023-12-29 16:17:50 +08:00
bjdgyc
ef1e20a558 添加 空闲链接超时自动断开 2023-12-29 15:51:49 +08:00
bjdgy
42142d95b7 修改报错信息 2023-12-27 21:24:24 +08:00
bjdgy
638a99275e fix 2023-12-26 13:00:55 +08:00
bjdgyc
edc7a4a4a3 Merge pull request #283 from bjdgyc/dev 
修复容器频繁重启的问题
 2023-12-26 12:13:03 +08:00
bjdgy
17492d8172 修复容器频繁重启的问题 2023-12-26 11:24:01 +08:00
bjdgyc
65de1a58cf Merge pull request #282 from bjdgyc/dev 
添加问题信息
 2023-12-25 15:39:43 +08:00
bjdgyc
dfb25718f7 添加问题信息 2023-12-25 15:38:59 +08:00
bjdgyc
3deda4d77f Merge pull request #281 from bjdgyc/dev 
合并新版
 2023-12-25 14:56:58 +08:00
bjdgyc
2af524f87b Merge pull request #274 from aiminickwong/main 
解决电信DNS Let's Encrypt证书刷新缓慢问题
 2023-12-25 14:55:14 +08:00
bjdgyc
1b6abeb849 修复 modprobe 报错 2023-12-25 14:47:30 +08:00
bjdgyc
e3b303744b 修复 modprobe 报错 2023-12-25 14:34:21 +08:00
bjdgyc
d3f16eb2ad 修复 modprobe 报错 2023-12-25 14:31:35 +08:00
bjdgyc
64404ea94b 修改readme 2023-12-13 16:50:35 +08:00
bjdgyc
ededfddff4 Merge pull request #278 from lanrenwo/group_ip_list 
新增路由设置的编辑模式
 2023-12-04 18:38:17 +08:00
lanrenwo
8a3d34b737 优化isValidCIDR函数,解决部分格式检测有误,并给予建议提示。 2023-12-04 18:32:09 +08:00
lanrenwo
7c040e2a0f 过滤文本框内的空行 2023-12-04 13:44:06 +08:00
lanrenwo
3d03f6adb8 解决大量路由导致弹窗卡顿的问题(当点击“路由设置”时,才加载路由) 2023-12-04 13:08:37 +08:00
lanrenwo
5d24eda7fc 不限制路由的数量,并检测CIDR格式的正确性 2023-12-03 22:09:46 +08:00
lanrenwo
ea92857524 新增路由设置的编辑模式 2023-12-02 15:38:18 +08:00
bjdgyc
b521dddb98 Merge pull request #276 from lanrenwo/banner_special_chars 
优化处理Banner特殊字符的代码
 2023-11-27 10:18:31 +08:00
lanrenwo
2bd94aef2b 优化处理Banner特殊字符的代码 2023-11-20 12:24:44 +08:00
bjdgyc
3879c3a4bc 修复Banner特殊字符 2023-11-15 11:57:12 +08:00
bjdgyc
aa2b89855f 添加 DTLS12-CipherSuite 筛选 2023-11-09 10:52:10 +08:00
bjdgyc
9e1969e3d0 添加 DTLS12-CipherSuite 筛选 2023-11-08 18:07:32 +08:00
bjdgyc
5b1d86282a fix 2023-11-06 16:51:32 +08:00
bjdgyc
bfc39fe4ea 默认显示错误信息 2023-11-02 15:54:59 +08:00
bjdgyc
9019a5f03a 添加网卡 alias 信息 2023-10-30 13:04:07 +08:00
bjdgyc
38d268e999 添加网卡 alias 信息 2023-10-30 11:46:53 +08:00
bjdgyc
57990d3d2a 添加网卡 alias 2023-10-30 11:38:31 +08:00
bjdgyc
6788a875a2 优化 2023-10-24 17:49:13 +08:00
bjdgyc
a9ad21b3b5 修改dtls加密套件 2023-10-17 16:30:45 +08:00
bjdgyc
43ca09e985 修改dtls加密套件 2023-10-17 16:01:31 +08:00
aiminick
b7da567cee 解决电信DNS Let's Encrypt证书刷新缓慢问题 
解决电信DNS Let's Encrypt证书刷新缓慢问题,改为阿里DNS后问题改善
 2023-10-17 00:54:49 +08:00
bjdgyc
6eea265b15 添加自定义首页 2023-10-11 17:21:26 +08:00
bjdgyc
06c8ee1197 添加自定义首页 2023-10-11 17:20:57 +08:00
bjdgyc
ebc7cc85c0 添加nginx stream示例 2023-10-11 16:00:53 +08:00
bjdgyc
012f636cf7 修改 profile.xml 2023-10-11 10:19:23 +08:00
bjdgyc
4f9cc2074a Merge remote-tracking branch 'origin/dev' into dev 2023-09-22 16:19:10 +08:00
bjdgyc
bbc5877eb9 修复header 2023-09-22 16:18:38 +08:00
bjdgyc
c6b85c7d66 Merge pull request #270 from lanrenwo/dev 
修复logAudit的panic
 2023-09-12 08:40:50 +08:00
lanrenwo
8e843d5eae Update payload_access_audit.go 2023-09-08 21:01:03 +08:00
lanrenwo
7b9be9377f 修复logAudit的panic 2023-09-08 20:33:30 +08:00
bjdgyc
f03264faf3 Merge pull request #268 from shikaiguo/main 
修改邮件内容的参数
 2023-09-06 15:57:08 +08:00
bjdgyc
b19ff321ad Merge pull request #267 from lanrenwo/dev 
修复sniNewParser的panic
 2023-09-06 15:54:22 +08:00
lanrenwo
f6980261d4 logAudit引入recover, 防止主程序崩溃. 2023-09-03 11:18:52 +08:00
lanrenwo
7651b69ed6 删除sniNewParser多余的空格 2023-09-02 10:46:01 +08:00
lanrenwo
2af2d273e4 简化sniNewParser代码 2023-09-02 10:44:47 +08:00
K
ff54abc5d5 增加邮件内容的昵称参数 2023-09-01 22:49:07 +08:00
lanrenwo
a168c96a93 修复sniNewParser的panic 2023-09-01 18:10:20 +08:00
bjdgyc
6127c41aea 修复 panic 2023-09-01 17:55:15 +08:00
bjdgyc
da1d6c6c6d 添加安全的header头 2023-08-25 13:56:04 +08:00
bjdgyc
08de4fe086 添加安全的header头 2023-08-24 16:59:35 +08:00
bjdgyc
7714c2a3e8 debug信息 需要鉴权后显示 2023-08-24 14:27:12 +08:00
bjdgyc
78a8b06467 变更qq群 2023-08-17 16:27:12 +08:00
bjdgyc
28ffda2371 修复上传文件漏洞 2023-08-08 15:17:05 +08:00
bjdgyc
c23b120e90 更新 2023-08-08 15:01:15 +08:00
bjdgyc
287355de54 Merge pull request #260 from bjdgyc/dev 
Dev
 2023-08-04 17:52:26 +08:00
bjdgyc
01f90e5bb5 管理用户支持otp 2023-07-24 17:36:03 +08:00
bjdgyc
91a9190379 管理用户支持otp 2023-07-24 17:26:52 +08:00
bjdgyc
0a9fe8f96c Merge pull request #258 from bjdgyc/dev 
Dev
 2023-07-23 15:45:04 +08:00
bjdgy
254110ebff 修改readme 2023-07-23 15:07:14 +08:00
bjdgyc
9c706a7d0d 升级dtls 2023-07-20 11:14:14 +08:00
bjdgyc
d228e224cd 修改readme 2023-07-17 18:26:45 +08:00
bjdgyc
6e95ea5441 修改server信息 2023-07-14 17:25:43 +08:00
bjdgyc
ce61401304 Merge pull request #247 from bjdgyc/main 
pull main
 2023-06-14 16:47:22 +08:00
bjdgyc
d7d2696790 Merge pull request #246 from lanrenwo/bandwidth_to_mbps 
用户组列表-带宽限制的单位从BYTE修改为Mbps
 2023-06-14 16:43:17 +08:00
bjdgyc
9a6aaa87e5 Merge pull request #244 from xnow-me/main 
强制使用规范的网络路由地址
 2023-06-14 16:39:03 +08:00
lanrenwo
e31b5d83d4 用户组列表-带宽限制的单位从BYTE修改为Mbps 2023-06-14 14:30:18 +08:00
lihz
fc2920e140 强制使用规范的网络路由地址 2023-06-13 13:22:00 +08:00
bjdgyc
d36e2fe85a 修改参数比较 2023-06-08 17:09:19 +08:00
bjdgyc
14efb14a9a 修改配置文件报错,停止程序 2023-05-30 15:52:20 +08:00
bjdgyc
92de727db8 Merge pull request #240 from wsczx/dev 
修复腾讯云因DNS解析生效时间导致无法成功申请证书的bug
 2023-05-15 09:45:40 +08:00
wsczx
c63e4f33d5 申请证书前端添加等待效果,避免无法及时获取后端结果 2023-05-04 23:32:16 +08:00
wsczx
60095fbc9b 优化验证DNS超时时间和轮训间隔,避免申请证书失败 2023-05-04 22:24:53 +08:00
wsczx
fe9b84ce98 修改cf使用authToken的方式申请证书,修复因前后端cf名称不一致导致的指针错误 2023-05-04 19:08:40 +08:00
wsczx
fd5ec7f86a 修复腾讯云因DNS解析生效时间导致无法成功申请证书的bug 2023-05-02 00:38:17 +08:00
bjdgyc
50bc864fdd 添加版本显示 2023-04-26 21:14:40 +08:00
76 changed files with 2140 additions and 1626 deletions
Expand all files Collapse all files

10
.codecov.yml
View File

@@ -1,5 +1,7 @@
ignore: ignore:
- "screenshot" - "^doc"
- "web" - "^home"
- "server/conf" - "^web"
- "server/files" - "^server/conf"
- "^server/files"

4
.github/FUNDING.yml vendored
View File

@@ -1,6 +1,6 @@
# These are supported funding model platforms # These are supported funding model platforms
github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] github: [ 'bjdgyc' ] # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
patreon: # Replace with a single Patreon username patreon: # Replace with a single Patreon username
open_collective: # Replace with a single Open Collective username open_collective: # Replace with a single Open Collective username
ko_fi: # Replace with a single Ko-fi username ko_fi: # Replace with a single Ko-fi username
@@ -10,4 +10,4 @@ liberapay: # Replace with a single Liberapay username
issuehunt: # Replace with a single IssueHunt username issuehunt: # Replace with a single IssueHunt username
otechie: # Replace with a single Otechie username otechie: # Replace with a single Otechie username
lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
custom: ['https://github.com/bjdgyc/anylink/blob/main/doc/README.md'] # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2'] custom: [ 'https://github.com/bjdgyc/anylink/blob/main/doc/README.md' ] # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']

16
.github/workflows/codeql-analysis.yml vendored
View File

@@ -12,13 +12,15 @@
name: "CodeQL" name: "CodeQL"
on: on:
push: workflow_dispatch:
branches: [ "main", "dev" ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ "main", "dev" ]
schedule: schedule:
- cron: '32 12 * * 5' - cron: '32 5 * * 1'
# push:
# branches: [ "main", "dev" ]
# pull_request:
# branches: [ "main", "dev" ]
jobs: jobs:
analyze: analyze:
@@ -39,7 +41,7 @@ jobs:
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v2 uses: actions/checkout@v4
# Initializes the CodeQL tools for scanning. # Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL - name: Initialize CodeQL

48
.github/workflows/go-update.yml vendored Normal file
View File

@@ -0,0 +1,48 @@
name: go-update
on:
workflow_dispatch:
# schedule:
# - cron: "1 2 * * 5"
jobs:
go:
runs-on: ubuntu-latest
steps:
- name: Setup Go 1.x.y
uses: actions/setup-go@main
with:
go-version: '1.20'
stable: true
- name: Checkout codebase
uses: actions/checkout@main
- name: go
run: |
cd ./server
go mod tidy -compat=1.20
#gofmt -w -r 'interface{} -> any' .
go get -u
go mod download
go get -u
go mod download
- name: Git push
run: |
git init
git config --local user.name "github-actions[bot]"
git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
git remote rm origin
git remote add origin "https://${{ github.actor }}:${{ secrets.GITHUBTOKEN }}@github.com/${{ github.repository }}"
git gc --aggressive
git add --all
git commit -m "update go.mod $(date +%Y.%m.%d.%H.%M)"
#git push -f -u origin _autoaction
git push -u origin _autoaction
# 删除无用 workflow runs;
- name: Delete workflow runs
uses: GitRML/delete-workflow-runs@main
with:
retain_days: 0.1
keep_minimum_runs: 1

25
.github/workflows/go.yml vendored
View File

@@ -1,6 +1,8 @@
name: Go name: Go
on: on:
workflow_dispatch:
push: push:
branches: [ "main", "dev" ] branches: [ "main", "dev" ]
pull_request: pull_request:
@@ -12,15 +14,15 @@ jobs:
name: Build name: Build
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v4
- name: Set up Go 1.x - name: Set up Go 1.x
uses: actions/setup-go@v2 uses: actions/setup-go@v4
with: with:
go-version: 1.18 go-version: '1.20'
id: go go-version-file: 'server/go.mod'
cache-dependency-path: 'server/go.sum'
- name: Check out code into the Go module directory
uses: actions/checkout@v2
- name: Get dependencies - name: Get dependencies
run: | run: |
@@ -32,15 +34,16 @@ jobs:
cd server cd server
mkdir ui mkdir ui
touch ui/index.html touch ui/index.html
go build -v -o anylink -ldflags "-X main.CommitId=`git rev-parse HEAD`" go build -v -o anylink -trimpath -ldflags "-X main.CommitId=`git rev-parse HEAD`"
./anylink tool -v ./anylink tool -v
- name: Test coverage - name: Test coverage
run: | run: |
cd server cd server
go test ./...
go test -race -coverprofile=coverage.txt -covermode=atomic -v ./... go test -race -coverprofile=coverage.txt -covermode=atomic -v ./...
- name: Upload coverage to Codecov - name: Upload coverage reports to Codecov
run: | uses: codecov/codecov-action@v3
cd server env:
bash <(curl -s https://codecov.io/bash) CODECOV_TOKEN: 28d52fb0-8fc9-460f-95b9-fb84f9138e58

98
.github/workflows/release.yml vendored Normal file
View File

@@ -0,0 +1,98 @@
name: release
on:
workflow_dispatch:
push:
tags:
- "v0.*"
- "v1.*"
jobs:
Build:
name: build-binary
runs-on: ubuntu-latest
env:
TZ: Asia/Shanghai
steps:
- name: Hello world
run: uname -a
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '16'
cache: 'yarn'
cache-dependency-path: 'web/yarn.lock'
- name: Build web
working-directory: web
run: |
yarn install
yarn run build
# - uses: actions/setup-go@v4
# with:
# go-version: '1.20'
# cache-dependency-path: 'server/go.sum'
- name: Set up QEMU
# https://github.com/docker/setup-qemu-action
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: bjdgyc
password: ${{ secrets.DOCKERHUB_TOKEN }}
logout: true
- name: Pre bash
shell: bash
run: |
appVer=`cat version`
commitId=`git rev-parse HEAD`
echo "APP_VER=$appVer" >> $GITHUB_ENV
echo "commitId=$commitId" >> $GITHUB_ENV
echo $appVer > version_info
echo $commitId >> version_info
echo $GITHUB_REF >> version_info
echo $GITHUB_REF_NAME >> version_info
#cd server;go mod tidy
- name: Build and push
uses: docker/build-push-action@v5
with:
push: true
cache-from: type=gha,scope=anylink
cache-to: type=gha,mode=max,scope=anylink
context: .
file: ./docker/Dockerfile
platforms: linux/amd64,linux/arm64
#platforms: linux/amd64
build-args: |
appVer=${{ env.APP_VER }}
commitId=${{ env.commitId }}
tags: bjdgyc/anylink:latest,bjdgyc/anylink:${{ env.APP_VER }}
#tags: bjdgyc/anylink:${{ env.APP_VER }}
- name: Build deploy binary
shell: bash
run: bash release.sh
- name: Release
# https://github.com/ncipollo/release-action
# artifacts: bin/release/*
# generateReleaseNotes: true
# draft: true
# https://github.com/softprops/action-gh-release
uses: softprops/action-gh-release@v1
#if: startsWith(github.ref, 'refs/tags/')
with:
tag_name: v${{ env.APP_VER }}
files: artifact-dist/*
# Docker:
# name: build-docker

4
.gitignore vendored
View File

@@ -2,4 +2,8 @@
.idea/ .idea/
anylink-deploy anylink-deploy
anylink-deploy.tar.gz anylink-deploy.tar.gz
anylink
anylink.db
dist
artifact-dist

104
.goreleaser.yaml Normal file
View File

@@ -0,0 +1,104 @@
#https://goreleaser.com/static/schema.json
# release --skip=publish
# goreleaser build --skip=validate --clean --debug
# GOPROXY=https://goproxy.cn
# docker run -it --rm -v $PWD:/app -v /go:/go -w /app --platform=linux/arm64 golang:alpine3.19
# docker run -it --rm -v $PWD:/app -v /go:/go -w /app goreleaser/goreleaser-cross build --skip=validate --clean --debug
# docker run -it --rm -v $PWD:/app -v /go:/go -w /app bjdgyc/dcross goreleaser build --skip=validate --clean --debug
version: 1
dist: dist
before:
hooks:
- pwd
# - cmd: go mod tidy
# dir:
# "{{ dir .Dist}}"
# output: true
# - cmd: go generate
# dir:
# "{{ dir .Dist}}"
# output: true
builds:
- id: "build"
#main: .
dir: ./server
hooks:
pre:
- cmd: go mod tidy
dir: ./server
output: true
- cmd: go generate
dir: ./server
output: true
# {{- if eq .Arch "amd64" }}CC=x86_64-linux-gnu-gcc CXX=x86_64-linux-gnu-g++{{- end }}
env:
- CGO_ENABLED=1
- >-
{{- if eq .Os "linux" }}
{{- if eq .Arch "amd64" }}CC=x86_64-linux-musl-gcc{{- end }}
{{- if eq .Arch "arm64" }}CC=aarch64-linux-gnu-gcc{{- end }}
{{- end }}
{{- if eq .Os "darwin" }}
{{- if eq .Arch "amd64"}}CC=o64-clang{{- end }}
{{- if eq .Arch "arm64"}}CC=oa64-clang{{- end }}
{{- end }}
{{- if eq .Os "windows" }}
{{- if eq .Arch "amd64"}}CC=x86_64-w64-mingw32-gcc{{- end }}
{{- if eq .Arch "arm64"}}CC=aarch64-linux-gnu-gcc{{- end }}
{{- end }}
goos:
- linux
#- darwin
#- windows
goarch:
- amd64
#- arm64
# https://go.dev/wiki/MinimumRequirements
goamd64:
- v1
command: build
flags:
- -trimpath
- -tags osusergo,netgo,sqlite_omit_load_extension
ldflags:
# go tool link -help
# go tool compile -help
# -linkmode external
# -extld=$CC
# -fpic 作为动态链接库的时候 需要添加
- -s -w -extldflags '-static' -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.Date}} -X main.builtBy=dcross
archives:
- id: "archive1"
format: tar.gz
# this name template makes the OS and Arch compatible with the results of `uname`.
name_template: >-
{{ .ProjectName }}_
{{- title .Os }}_
{{- if eq .Arch "amd64" }}x86_64
{{- else if eq .Arch "386" }}i386
{{- else }}{{ .Arch }}{{ end }}
{{- if .Arm }}v{{ .Arm }}{{ end }}
# use zip for windows archives
format_overrides:
- goos: windows
format: zip
changelog:
sort: asc
filters:
exclude:
- "^docs:"
- "^test:"

131
README.md
View File

@@ -3,9 +3,10 @@
[![Go](https://github.com/bjdgyc/anylink/workflows/Go/badge.svg?branch=main)](https://github.com/bjdgyc/anylink/actions) [![Go](https://github.com/bjdgyc/anylink/workflows/Go/badge.svg?branch=main)](https://github.com/bjdgyc/anylink/actions)
[![PkgGoDev](https://pkg.go.dev/badge/github.com/bjdgyc/anylink)](https://pkg.go.dev/github.com/bjdgyc/anylink) [![PkgGoDev](https://pkg.go.dev/badge/github.com/bjdgyc/anylink)](https://pkg.go.dev/github.com/bjdgyc/anylink)
[![Go Report Card](https://goreportcard.com/badge/github.com/bjdgyc/anylink)](https://goreportcard.com/report/github.com/bjdgyc/anylink) [![Go Report Card](https://goreportcard.com/badge/github.com/bjdgyc/anylink)](https://goreportcard.com/report/github.com/bjdgyc/anylink)
[![codecov](https://codecov.io/gh/bjdgyc/anylink/branch/master/graph/badge.svg?token=JTFLIIIBQ0)](https://codecov.io/gh/bjdgyc/anylink) [![codecov](https://codecov.io/gh/bjdgyc/anylink/graph/badge.svg?token=JTFLIIIBQ0)](https://codecov.io/gh/bjdgyc/anylink)
![GitHub release](https://img.shields.io/github/v/release/bjdgyc/anylink) ![GitHub release](https://img.shields.io/github/v/release/bjdgyc/anylink)
![GitHub downloads)](https://img.shields.io/github/downloads/bjdgyc/anylink/total) ![GitHub downloads total)](https://img.shields.io/github/downloads/bjdgyc/anylink/total)
![GitHub Downloads (all assets, latest release)](https://img.shields.io/github/downloads/bjdgyc/anylink/latest/total)
[![Docker pulls)](https://img.shields.io/docker/pulls/bjdgyc/anylink.svg)](https://hub.docker.com/r/bjdgyc/anylink) [![Docker pulls)](https://img.shields.io/docker/pulls/bjdgyc/anylink.svg)](https://hub.docker.com/r/bjdgyc/anylink)
![LICENSE](https://img.shields.io/github/license/bjdgyc/anylink) ![LICENSE](https://img.shields.io/github/license/bjdgyc/anylink)
@@ -24,7 +25,8 @@ AnyLink 基于 [ietf-openconnect](https://tools.ietf.org/html/draft-mavrogiannop
AnyLink 使用 TLS/DTLS 进行数据加密,因此需要 RSA 或 ECC 证书,可以通过 Let's Encrypt 和 TrustAsia 申请免费的 SSL 证书。 AnyLink 使用 TLS/DTLS 进行数据加密,因此需要 RSA 或 ECC 证书,可以通过 Let's Encrypt 和 TrustAsia 申请免费的 SSL 证书。
AnyLink 服务端仅在 CentOS 7、CentOS 8、Ubuntu 18.04、Ubuntu 20.04 测试通过,如需要安装在其他系统,需要服务端支持 tun/tap 功能、ip 设置命令。 AnyLink 服务端仅在 CentOS 7、CentOS 8、Ubuntu 18.04、Ubuntu 20.04 测试通过,如需要安装在其他系统,需要服务端支持 tun/tap
功能、ip 设置命令。
## Screenshot ## Screenshot
@@ -45,6 +47,8 @@ AnyLink 服务端仅在 CentOS 7、CentOS 8、Ubuntu 18.04、Ubuntu 20.04 测试
> 没有编程基础的同学建议直接下载 release 包,从下面的地址下载 anylink-deploy.tar.gz > 没有编程基础的同学建议直接下载 release 包,从下面的地址下载 anylink-deploy.tar.gz
> >
> https://github.com/bjdgyc/anylink/releases > https://github.com/bjdgyc/anylink/releases
>
> 如果不会安装可以提供有偿远程协助服务。添加QQ联系我 68492170
### 使用问题 ### 使用问题
@@ -52,19 +56,29 @@ AnyLink 服务端仅在 CentOS 7、CentOS 8、Ubuntu 18.04、Ubuntu 20.04 测试
> >
> 对于线上环境,必须申请安全的 https 证书,不支持私有证书连接 > 对于线上环境,必须申请安全的 https 证书,不支持私有证书连接
> >
> 服务端安装 yum install iproute 或者 apt-get install iproute2
>
> 客户端请使用群共享文件的版本,其他版本没有测试过,不保证使用正常 > 客户端请使用群共享文件的版本,其他版本没有测试过,不保证使用正常
> >
> 其他问题 [前往查看](doc/question.md) > 其他问题 [前往查看](doc/question.md)
> >
> 首次使用,请在浏览器访问 https://域名:443浏览器提示安全后在客户端输入 【域名:443】 即可 > 默认管理后台访问地址 https://host:8800 默认账号密码 admin 123456
>
> 首次使用,请在浏览器访问 https://域名:443 浏览器提示安全后,在客户端输入 【域名:443】 即可
### 自行编译安装 ### 自行编译安装
> 需要提前安装好 golang >= 1.19 和 nodejs >= 14.x 和 yarn >= v1.22.x > 需要提前安装好 golang >= 1.20 和 nodejs = 16.x 和 yarn >= v1.22.x
```shell ```shell
git clone https://github.com/bjdgyc/anylink.git git clone https://github.com/bjdgyc/anylink.git
# 编译参考软件版本
# go 1.20.12
# node v16.20.2
# yarn 1.22.19
cd anylink cd anylink
sh build.sh sh build.sh
@@ -111,17 +125,25 @@ sudo ./anylink
> 示例配置文件内有详细的注释,根据注释填写配置即可。 > 示例配置文件内有详细的注释,根据注释填写配置即可。
```shell ```shell
# 查看帮助信息
./anylink -h
# 生成后台密码 # 生成后台密码
./anylink tool -p 123456 ./anylink tool -p 123456
# 生成jwt密钥 # 生成jwt密钥
./anylink tool -s ./anylink tool -s
# 查看所有配置项
./anylink tool -d
``` ```
> 数据库配置示例 > 数据库配置示例
>
> 数据库表结构自动生成,无需手动导入(请赋予 DDL 权限)
| db_type | db_source | | db_type | db_source |
| -------- | ------------------------------------------------------ | |----------|--------------------------------------------------------|
| sqlite3 | ./conf/anylink.db | | sqlite3 | ./conf/anylink.db |
| mysql | user:password@tcp(127.0.0.1:3306)/anylink?charset=utf8 | | mysql | user:password@tcp(127.0.0.1:3306)/anylink?charset=utf8 |
| postgres | user:password@localhost/anylink?sslmode=verify-full | | postgres | user:password@localhost/anylink?sslmode=verify-full |
@@ -130,13 +152,23 @@ sudo ./anylink
> >
> [conf/server-sample.toml](server/conf/server-sample.toml) > [conf/server-sample.toml](server/conf/server-sample.toml)
## Upgrade
> 升级前请备份配置文件`conf`目录 和 数据库,并停止服务
>
> 使用新版的 `anylink` 二进制文件替换旧版
>
> 重启服务后,即可完成升级
## Setting ## Setting
> 以下参数必须设置其中之一 > 以下参数必须设置其中之一
网络模式选择,需要配置 `link_mode` 参数,如 `link_mode="tun"`,`link_mode="macvtap"`,`link_mode="tap"(不推荐)` 等参数。 不同的参数需要对服务器做相应的设置。 网络模式选择,需要配置 `link_mode` 参数,如 `link_mode="tun"`,`link_mode="macvtap"`,`link_mode="tap"(不推荐)` 等参数。
不同的参数需要对服务器做相应的设置。
建议优先选择 tun 模式,其次选择 macvtap 模式,因客户端传输的是 IP 层数据,无须进行数据转换。 tap 模式是在用户态做的链路层到 IP 层的数据互相转换,性能会有所下降。 如果需要在虚拟机内开启 tap 建议优先选择 tun 模式,其次选择 macvtap 模式,因客户端传输的是 IP 层数据,无须进行数据转换。 tap 模式是在用户态做的链路层到
IP 层的数据互相转换,性能会有所下降。 如果需要在虚拟机内开启 tap
模式,请确认虚拟机的网卡开启混杂模式。 模式,请确认虚拟机的网卡开启混杂模式。
### tun 设置 ### tun 设置
@@ -190,7 +222,6 @@ https://cloud.tencent.com/document/product/216/62007
``` ```
3. 使用 AnyConnect 客户端连接即可 3. 使用 AnyConnect 客户端连接即可
### macvtap 设置 ### macvtap 设置
@@ -201,9 +232,17 @@ https://cloud.tencent.com/document/product/216/62007
> 以下参数可以通过执行 `ip a` 查看 > 以下参数可以通过执行 `ip a` 查看
``` ```
# 命令行执行 master网卡需要打开混杂模式
ip link set dev eth0 promisc on
#=====================#
# 配置文件修改
# 首先关闭nat转发功能 # 首先关闭nat转发功能
iptables_nat = false iptables_nat = false
link_mode = "macvtap"
#内网主网卡名称 #内网主网卡名称
ipv4_master = "eth0" ipv4_master = "eth0"
#以下网段需要跟ipv4_master网卡设置成一样 #以下网段需要跟ipv4_master网卡设置成一样
@@ -213,29 +252,36 @@ ipv4_start = "10.1.2.100"
ipv4_end = "10.1.2.200" ipv4_end = "10.1.2.200"
``` ```
## Deploy
## Systemd > 部署配置文件放在 `deploy` 目录下,请根据实际情况修改配置文件
### Systemd
1. 添加 anylink 程序 1. 添加 anylink 程序
- 首先把 `anylink-deploy` 文件夹放入 `/usr/local/anylink-deploy`
- anylink 程序目录放入 `/usr/local/anylink-deploy`
- 添加执行权限 `chmod +x /usr/local/anylink-deploy/anylink` - 添加执行权限 `chmod +x /usr/local/anylink-deploy/anylink`
2.`anylink.service` 脚本放入:
2. systemd/anylink.service 脚本放入:
- centos: `/usr/lib/systemd/system/` - centos: `/usr/lib/systemd/system/`
- ubuntu: `/lib/systemd/system/` - ubuntu: `/lib/systemd/system/`
3. 操作命令: 3. 操作命令:
- 启动: `systemctl start anylink` - 启动: `systemctl start anylink`
- 停止: `systemctl stop anylink` - 停止: `systemctl stop anylink`
- 开机自启: `systemctl enable anylink` - 开机自启: `systemctl enable anylink`
### Docker Compose
1. 进入 `deploy` 目录
2. 执行脚本 `docker-compose up`
### k8s
1. 进入 `deploy` 目录
2. 执行脚本 `kubectl apply -f deployment.yaml`
## Docker ## Docker
1. 获取镜像 1. 获取镜像
```bash ```bash
# 具体tag可以从docker hub获取 # 具体tag可以从docker hub获取
# https://hub.docker.com/r/bjdgyc/anylink/tags # https://hub.docker.com/r/bjdgyc/anylink/tags
@@ -243,61 +289,79 @@ ipv4_end = "10.1.2.200"
``` ```
2. 查看命令信息 2. 查看命令信息
```bash ```bash
docker run -it --rm bjdgyc/anylink -h docker run -it --rm bjdgyc/anylink -h
``` ```
3. 生成密码 3. 生成密码
```bash ```bash
docker run -it --rm bjdgyc/anylink tool -p 123456 docker run -it --rm bjdgyc/anylink tool -p 123456
#Passwd:$2a$10$lCWTCcGmQdE/4Kb1wabbLelu4vY/cUwBwN64xIzvXcihFgRzUvH2a #Passwd:$2a$10$lCWTCcGmQdE/4Kb1wabbLelu4vY/cUwBwN64xIzvXcihFgRzUvH2a
``` ```
4. 生成 jwt secret 4. 生成 jwt secret
```bash ```bash
docker run -it --rm bjdgyc/anylink tool -s docker run -it --rm bjdgyc/anylink tool -s
#Secret:9qXoIhY01jqhWIeIluGliOS4O_rhcXGGGu422uRZ1JjZxIZmh17WwzW36woEbA #Secret:9qXoIhY01jqhWIeIluGliOS4O_rhcXGGGu422uRZ1JjZxIZmh17WwzW36woEbA
``` ```
5. 启动容器 5. 查看所有配置项
```bash ```bash
docker run -it --rm bjdgyc/anylink tool -d
```
6. 启动容器
```bash
# 默认启动
docker run -itd --name anylink --privileged \ docker run -itd --name anylink --privileged \
-p 443:443 -p 8800:8800 \ -p 443:443 -p 8800:8800 -p 443:443/udp \
--restart=always \ --restart=always \
bjdgyc/anylink bjdgyc/anylink
# 自定义配置目录
# 首次启动会自动创建配置文件
# 配置文件初始化完成后,容器会强制退出,请重新启动容器
docker run -itd --name anylink --privileged \
-p 443:443 -p 8800:8800 -p 443:443/udp \
-v /home/myconf:/app/conf \
--restart=always \
bjdgyc/anylink
docker restart anylink
``` ```
6. 使用自定义参数启动容器 6. 使用自定义参数启动容器
```bash ```bash
# 参数可以参考 -h 命令 # 参数可以参考 ./anylink tool -d
# 可以使用命令行参数 或者 环境变量 配置
docker run -itd --name anylink --privileged \ docker run -itd --name anylink --privileged \
-p 443:443 -p 8800:8800 \ -e LINK_LOG_LEVEL=info \
-p 443:443 -p 8800:8800 -p 443:443/udp \
-v /home/myconf:/app/conf \
--restart=always \ --restart=always \
bjdgyc/anylink \ bjdgyc/anylink \
-c=/etc/server.toml --ip_lease=1209600 # IP地址租约时长 --ip_lease=1209600 # IP地址租约时长
``` ```
7. 构建镜像 7. 构建镜像 (非必需)
```bash ```bash
#获取仓库源码 #获取仓库源码
git clone https://github.com/bjdgyc/anylink.git git clone https://github.com/bjdgyc/anylink.git
# 构建镜像 # 构建镜像
sh build_docker.sh
docker build -t anylink -f docker/Dockerfile . docker build -t anylink -f docker/Dockerfile .
``` ```
## 常见问题 ## 常见问题
请前往 [问题地址](doc/question.md) 查看具体信息 请前往 [问题地址](doc/question.md) 查看具体信息
## Discussion ## Discussion
添加QQ群: 567510628 添加QQ群(1)(已满): 567510628
添加QQ群(2): 739072205
群共享文件有相关软件下载 群共享文件有相关软件下载
@@ -307,6 +371,11 @@ ipv4_end = "10.1.2.200"
![contact_me_qr](doc/screenshot/contact_me_qr.png) ![contact_me_qr](doc/screenshot/contact_me_qr.png)
--> -->
## Support Client
- [AnyConnect Secure Client](https://www.cisco.com/) (可通过群文件下载: Windows/macOS/Linux/Android/iOS)
- [OpenConnect](https://gitlab.com/openconnect/openconnect) (Windows/macOS/Linux)
- [AnyLink Secure Client](https://github.com/tlslink/anylink-client) (Windows/macOS/Linux)
## Contribution ## Contribution

26
build.sh
View File

@@ -11,44 +11,52 @@ function RETVAL() {
#当前目录 #当前目录
cpath=$(pwd) cpath=$(pwd)
#ver=`cat server/base/app_ver.go | grep APP_VER | awk '{print $3}' | sed 's/"//g'`
ver=$(cat version)
echo "当前版本 $ver"
echo "编译前端项目" echo "编译前端项目"
cd $cpath/web cd $cpath/web
#国内可替换源加快速度 #国内可替换源加快速度
#npx browserslist@latest --update-db #npx browserslist@latest --update-db
#npm install --registry=https://registry.npm.taobao.org
#npm install
#npm run build
yarn install --registry=https://registry.npmmirror.com yarn install --registry=https://registry.npmmirror.com
yarn run build yarn run build
RETVAL $? RETVAL $?
echo "编译二进制文件" echo "编译二进制文件"
cd $cpath/server cd $cpath/server
rm -rf ui rm -rf ui
cp -rf $cpath/web/ui . cp -rf $cpath/web/ui .
# -tags osusergo,netgo,sqlite_omit_load_extension
flags="-v -trimpath"
# -extldflags '-static'
ldflags="-s -w -X main.appVer=$ver -X main.commitId=$(git rev-parse HEAD) -X main.date=$(date -Iseconds)"
#国内可替换源加快速度 #国内可替换源加快速度
export GOPROXY=https://goproxy.io export GOPROXY=https://goproxy.io
go mod tidy go mod tidy
go build -v -o anylink -ldflags "-X main.CommitId=$(git rev-parse HEAD)" go build -o anylink $flags -ldflags "$ldflags"
RETVAL $?
cd $cpath cd $cpath
exit 0
echo "整理部署文件" echo "整理部署文件"
deploy="anylink-deploy" deploy="anylink-deploy"
rm -rf $deploy ${deploy}.tar.gz rm -rf $deploy ${deploy}.tar.gz
mkdir $deploy mkdir $deploy
mkdir $deploy/log
cp -r server/anylink $deploy cp -r server/anylink $deploy
#cp -r server/bridge-init.sh $deploy cp -r server/bridge-init.sh $deploy
cp -r server/conf $deploy cp -r server/conf $deploy
cp -r systemd $deploy cp -r systemd $deploy
cp -r LICENSE $deploy cp -r LICENSE $deploy
cp -r home $deploy
tar zcvf ${deploy}.tar.gz $deploy tar zcvf ${deploy}.tar.gz $deploy

19
build_docker.sh
View File

@@ -1,15 +1,18 @@
#!/bin/bash #!/bin/bash
ver=`cat server/base/app_ver.go | grep APP_VER | awk '{print $3}' | sed 's/"//g'` ver=$(cat version)
echo $ver echo $ver
#docker login -u bjdgyc # docker login -u bjdgyc
#docker build -t bjdgyc/anylink . # 生成时间 2024-01-30T21:41:27+08:00
docker build -t bjdgyc/anylink -f docker/Dockerfile . # date -Iseconds
docker run -it --rm -v $PWD/web:/app -w /app node:16-alpine \
sh -c "yarn install --registry=https://registry.npmmirror.com && yarn run build"
docker buildx build -t bjdgyc/anylink:latest --progress=plain --build-arg CN="yes" --build-arg appVer=$ver \
--build-arg commitId=$(git rev-parse HEAD) -f docker/Dockerfile .
echo "docker tag latest $ver"
docker tag bjdgyc/anylink:latest bjdgyc/anylink:$ver docker tag bjdgyc/anylink:latest bjdgyc/anylink:$ver
docker push bjdgyc/anylink:$ver
docker push bjdgyc/anylink:latest

8
systemd/anylink.service → deploy/anylink.service
View File

@@ -11,12 +11,14 @@ Restart=on-failure
RestartSec=5s RestartSec=5s
ExecStart=/usr/local/anylink-deploy/anylink --conf=/usr/local/anylink-deploy/conf/server.toml ExecStart=/usr/local/anylink-deploy/anylink --conf=/usr/local/anylink-deploy/conf/server.toml
# systemctl --version
# systemd older than v236 # systemd older than v236
# ExecStart=/bin/bash -c 'exec /usr/local/anylink-deploy/anylink --conf=/usr/local/anylink-deploy/conf/server.toml >> /usr/local/anylink-deploy/log/anylink.log 2>&1' # ExecStart=/bin/bash -c 'exec /usr/local/anylink-deploy/anylink --conf=/usr/local/anylink-deploy/conf/server.toml >> /usr/local/anylink-deploy/log/anylink.log 2>&1'
# systemd new than v236
StandardOutput=file:/usr/local/anylink-deploy/log/anylink.log # StandardOutput=file:/usr/local/anylink-deploy/log/anylink-systemd.log
StandardError=file:/usr/local/anylink-deploy/log/anylink.log # StandardError=file:/usr/local/anylink-deploy/log/anylink-systemd.log
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

101
deploy/deployment.yaml Normal file
View File

@@ -0,0 +1,101 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: anylink
namespace: default
labels:
link-app: anylink
spec:
replicas: 1
selector:
matchLabels:
link-app: anylink
template:
metadata:
labels:
link-app: anylink
spec:
#hostNetwork: true
dnsPolicy: ClusterFirst
containers:
- name: anylink
env:
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: GOMAXPROCS
valueFrom:
resourceFieldRef:
resource: limits.cpu
- name: POD_CPU_LIMIT
valueFrom:
resourceFieldRef:
resource: limits.cpu
- name: POD_MEMORY_LIMIT
valueFrom:
resourceFieldRef:
resource: limits.memory
- name: TZ
value: "Asia/Shanghai"
image: bjdgyc/anylink:latest
imagePullPolicy: Always
args:
- --conf=/app/conf/server.toml
ports:
- name: https
containerPort: 443
protocol: TCP
- name: https-admin
containerPort: 8800
protocol: TCP
- name: dtls
containerPort: 443
protocol: UDP
# 设置资源
resources:
limits:
cpu: "2"
memory: 4Gi
ephemeral-storage: "2Gi"
securityContext:
privileged: true
# 禁用自动注入 service 信息到环境变量
enableServiceLinks: false
restartPolicy: Always
terminationGracePeriodSeconds: 30
nodeSelector:
kubernetes.io/os: linux
securityContext: { }
tolerations:
- operator: Exists
#设置优先级
priorityClassName: system-cluster-critical
---
apiVersion: v1
kind: Service
metadata:
name: anylink
namespace: default
labels:
link-app: anylink
spec:
ports:
- name: https
port: 443
targetPort: 443
protocol: TCP
- name: https-admin
port: 8800
targetPort: 8800
protocol: TCP
- name: dtls
port: 443
targetPort: 443
protocol: UDP
selector:
link-app: anylink
sessionAffinity: ClientIP
type: ClusterIP

19
deploy/docker-compose.yaml Normal file
View File

@@ -0,0 +1,19 @@
services:
anylink:
image: bjdgyc/anylink:latest
container_name: anylink
restart: always
privileged: true
#cpus: 2
#mem_limit: 4g
ports:
- 443:443
- 8800:8800
- 443:443/udp
environment:
LINK_LOG_LEVEL: info
command:
- --conf=/app/conf/server.toml
#volumes:
# - /home/myconf:/app/conf
dns_search: .

14
doc/README.md
View File

@@ -10,10 +10,10 @@
> 感谢以下同学的打赏AnyLink 有你更美好! > 感谢以下同学的打赏AnyLink 有你更美好!
> >
> 需要展示主页的同学可以在QQ群(567510628) 直接联系我添加。 > 需要展示主页的同学可以在QQ群 直接联系我添加。
| 昵称 | 主页 | | 昵称 | 主页 / 联系方式 |
|---------| ---------------------------- | |-----------|------------------------------|
| 代码 oo8 | | | 代码 oo8 | |
| 甘磊 | https://github.com/ganlei333 | | 甘磊 | https://github.com/ganlei333 |
| Oo@ | https://github.com/chooop | | Oo@ | https://github.com/chooop |
@@ -33,9 +33,17 @@
| 刘国华 | | | 刘国华 | |
| 忧郁的豚骨拉面 | | | 忧郁的豚骨拉面 | |
| 张小旋当爹地 | | | 张小旋当爹地 | |
| 对方正在输入 | |
| Ronny | | | Ronny | |
| 奔跑的少年 | | | 奔跑的少年 | |
| ZBW | | | ZBW | |
| 悲鸣 | |
| 谢谢 | |
| 云思科技 | |
| 哆啦A伟(张佳伟) | |
| 人类的悲欢并不相通 | |
| 做人要低调 | |
| 洛洛 | |

65
doc/question.md
View File

@@ -1,34 +1,59 @@
## 常见问题 ## 常见问题
### anyconnect 客户端问题 ### anyconnect 客户端问题
> 客户端请使用群共享文件的版本,其他版本没有测试过,不保证使用正常 > 客户端请使用群共享文件的版本,其他版本没有测试过,不保证使用正常
> >
> 添加QQ群: 567510628 > 添加QQ群: 567510628
### OTP 动态码 ### OTP 动态码
> 请使用手机安装 freeotp 然后扫描otp二维码生成的数字即是动态码 > 请使用手机安装 freeotp 然后扫描otp二维码生成的数字即是动态码
### 远程桌面连接 ### 远程桌面连接
> 本软件已经支持远程桌面里面连接anyconnect。 > 本软件已经支持远程桌面里面连接anyconnect。
### 私有证书问题 ### 私有证书问题
> anylink 默认不支持私有证书 > anylink 默认不支持私有证书
> >
> 其他使用私有证书的问题,请自行解决 > 其他使用私有证书的问题,请自行解决
### 客户端连接名称
> 客户端连接名称需要修改 [profile.xml](../server/conf/profile.xml) 文件
```xml
<HostEntry>
<HostName>VPN</HostName>
<HostAddress>localhost</HostAddress>
</HostEntry>
```
### dpd timeout 设置问题 ### dpd timeout 设置问题
```
```yaml
#客户端失效检测时间(秒) dpd > keepalive #客户端失效检测时间(秒) dpd > keepalive
cstp_keepalive = 6 cstp_keepalive = 4
cstp_dpd = 10 cstp_dpd = 9
mobile_keepalive = 15 mobile_keepalive = 7
mobile_dpd = 20 mobile_dpd = 15
``` ```
> 以上dpd参数为客户端的超时检测时间, 如一段时间内,没有数据传输,防火墙会主动关闭连接 > 以上dpd参数为客户端的超时检测时间, 如一段时间内,没有数据传输,防火墙会主动关闭连接
> >
> 如经常出现 timeout 的错误信息应根据当前防火墙的设置适当减小dpd数值 > 如经常出现 timeout 的错误信息应根据当前防火墙的设置适当减小dpd数值
### 关于审计日志 audit_interval 参数
> 默认值 `audit_interval = 600` 表示相同日志600秒内只记录一次不同日志首次出现立即记录
>
> 去重key的格式: 16字节源IP地址 + 16字节目的IP地址 + 2字节目的端口 + 1字节协议类型 + 16字节域名MD5
### 反向代理问题 ### 反向代理问题
> anylink 仅支持四层反向代理,不支持七层反向代理 > anylink 仅支持四层反向代理,不支持七层反向代理
> >
> 如Nginx请使用 stream模块 > 如Nginx请使用 stream模块
@@ -46,7 +71,36 @@ stream {
} }
``` ```
> nginx实现 共用443端口 示例
```conf
stream {
map $ssl_preread_server_name $name {
vpn.xx.com myvpn;
default defaultpage;
}
# upstream pool
upstream myvpn {
server 127.0.0.1:8443;
}
upstream defaultpage {
server 127.0.0.1:8080;
}
server {
listen 443 so_keepalive=on;
ssl_preread on;
#接收端也需要设置 proxy_protocol
#proxy_protocol on;
proxy_pass $name;
}
}
```
### 性能问题 ### 性能问题
``` ```
内网环境测试数据 内网环境测试数据
虚拟服务器: centos7 4C8G 虚拟服务器: centos7 4C8G
@@ -55,6 +109,7 @@ anylink: tun模式 tcp传输
客户端网卡下载速度270Mb/s 客户端网卡下载速度270Mb/s
服务端网卡上传速度280Mb/s 服务端网卡上传速度280Mb/s
``` ```
> 客户端tls加密协议、隧道header头都会占用一定带宽 > 客户端tls加密协议、隧道header头都会占用一定带宽

72
docker/Dockerfile
View File

@@ -1,48 +1,58 @@
# web #node:16-bullseye
FROM node:16.17.1-alpine3.15 as builder_node #golang:1.20-bullseye
WORKDIR /web #debian:bullseye-slim
COPY ./web /web #bullseye
RUN yarn install \ # sed -i 's/deb.debian.org/mirrors.ustc.edu.cn/g' /etc/apt/sources.list
&& yarn run build \ #bookworm
&& ls /web/ui # sed -i 's/deb.debian.org/mirrors.ustc.edu.cn/g' /etc/apt/sources.list.d/debian.sources
# sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
# 配合 github action 使用
# 需要先编译出ui文件后 再执行docker编译
# server # server
FROM golang:1.19-alpine as builder_golang FROM golang:1.20-alpine3.19 as builder_golang
#TODO 本地打包时使用镜像
ENV GOPROXY=https://goproxy.io ARG CN="no"
ENV GOOS=linux ARG appVer="appVer"
WORKDIR /anylink ARG commitId="commitId"
COPY . /anylink
COPY --from=builder_node /web/ui /anylink/server/ui ENV TZ=Asia/Shanghai
WORKDIR /server
COPY docker/init_build.sh /tmp/
COPY server/ /server/
COPY web/ui /server/ui
#RUN apk add gcc musl-dev bash
RUN sh /tmp/init_build.sh
#TODO 本地打包时使用镜像
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
RUN apk add --no-cache git gcc musl-dev
RUN cd /anylink/server;go mod tidy;go build -o anylink -ldflags "-X main.CommitId=$(git rev-parse HEAD)" \
&& /anylink/server/anylink tool -v
# anylink # anylink
FROM alpine FROM alpine:3.19
LABEL maintainer="github.com/bjdgyc" LABEL maintainer="github.com/bjdgyc"
#ENV IPV4_CIDR="192.168.10.0/24" ARG CN="no"
ENV TZ=Asia/Shanghai
ENV ANYLINK_IN_CONTAINER=true
WORKDIR /app WORKDIR /app
COPY --from=builder_golang /anylink/server/anylink /app/ COPY docker/init_release.sh /tmp/
COPY docker/docker_entrypoint.sh /app/
#COPY ./server/bridge-init.sh /app/ COPY --from=builder_golang /server/anylink /app/
COPY docker/docker_entrypoint.sh server/bridge-init.sh ./README.md ./LICENSE version_info /app/
COPY ./deploy /app/deploy
COPY ./index_template /app/index_template
COPY ./server/conf /app/conf COPY ./server/conf /app/conf
COPY ./LICENSE /app/LICENSE
#TODO 本地打包时使用镜像 #TODO 本地打包时使用镜像
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories RUN sh /tmp/init_release.sh
RUN apk add --no-cache bash iptables \
&& chmod +x /app/docker_entrypoint.sh \
&& ls /app
EXPOSE 443 8800
EXPOSE 443 8800 443/udp
#CMD ["/app/anylink"] #CMD ["/app/anylink"]
ENTRYPOINT ["/app/docker_entrypoint.sh"] ENTRYPOINT ["/app/docker_entrypoint.sh"]

10
docker/docker_entrypoint.sh
View File

@@ -14,10 +14,18 @@ case $var1 in
;; ;;
*) *)
sysctl -w net.ipv4.ip_forward=1 #sysctl -w net.ipv4.ip_forward=1
#iptables -t nat -A POSTROUTING -s "${IPV4_CIDR}" -o eth0+ -j MASQUERADE #iptables -t nat -A POSTROUTING -s "${IPV4_CIDR}" -o eth0+ -j MASQUERADE
#iptables -nL -t nat #iptables -nL -t nat
# 启动服务 先判断配置文件是否存在
if [ ! -f /app/conf/profile.xml ]; then
/bin/cp -r /home/conf-bak/* /app/conf/
echo "After the configuration file is initialized, the container will be forcibly exited. Restart the container."
echo "配置文件初始化完成后,容器会强制退出,请重新启动容器。"
exit 1
fi
exec /app/anylink "$@" exec /app/anylink "$@"
;; ;;
esac esac

34
docker/init_build.sh Normal file
View File

@@ -0,0 +1,34 @@
#!/bin/sh
set -x
#TODO 本地打包时使用镜像
if [[ $CN == "yes" ]]; then
sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
export GOPROXY=https://goproxy.cn
fi
apk add build-base tzdata gcc musl-dev upx
uname -a
env
date
cd /server
go mod tidy
echo "start build"
extldflags="-static"
ldflags="-s -w -X main.appVer=$appVer -X main.commitId=$commitId -X main.buildDate=$(date -Iseconds) \
-extldflags \"$extldflags\" "
CGO_ENABLED=1 go build -o anylink -trimpath -ldflags "$ldflags"
ls -lh /server/
# 压缩文件
upx -9 -k anylink
/server/anylink -v

21
docker/init_release.sh Normal file
View File

@@ -0,0 +1,21 @@
#!/bin/sh
set -x
#TODO 本地打包时使用镜像
if [[ $CN == "yes" ]]; then
sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
export GOPROXY=https://goproxy.cn
fi
apk add --no-cache bash iptables iproute2 tzdata
chmod +x /app/docker_entrypoint.sh
mkdir /app/log
#备份配置文件
cp -r /app/conf /home/conf-bak
tree /app
uname -a
date -Iseconds

101
index_template/自定义首页1.html Normal file
View File

@@ -0,0 +1,101 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>AnyLink - 企业级远程办公 SSL VPN</title>
<style>
/* CSS样式表 */
body {
font-family: Arial, sans-serif;
margin: 0;
padding: 0;
}
header {
background-color: #333;
color: #fff;
padding: 20px;
text-align: center;
}
h1 {
margin: 0;
font-size: 32px;
}
main {
max-width: 960px;
margin: 20px auto;
padding: 0 20px;
margin-bottom: 100px;
}
p {
line-height: 1.5;
}
/* 设置页脚固定在底部,并且占满横向宽度 */
footer {
position: fixed;
bottom: 0;
left: 0;
width: 100%;
}
footer {
background-color: #f2f2f2;
padding: 20px;
text-align: center;
}
.cta-button {
display: inline-block;
background-color: #007bff;
color: #fff;
padding: 10px 20px;
text-decoration: none;
border-radius: 4px;
font-weight: bold;
margin-right: 10px;
}
</style>
</head>
<body>
<header>
<h1>欢迎使用 AnyLink</h1>
</header>
<main>
<h2>什么是 AnyLink</h2>
<p>AnyLink 是一款面向企业级的远程办公 SSL VPN 软件,支持多人同时在线使用。它提供安全、便捷的访问内部网络资源的方式,使远程工作者能够有效协作。</p>
<h2>核心功能</h2>
<ul>
<li>安全远程访问AnyLink 使用 SSL/TLS 加密技术,确保远程用户与企业网络之间的连接安全可靠。</li>
<li>多用户支持:多个用户可以同时连接 VPN实现不同地点团队的无缝协作。</li>
<li>灵活网络访问AnyLink 能够安全地让远程工作者访问内部资源,如文件、应用程序和数据库。</li>
<li>集中化管理:该 VPN 解决方案提供集中化管理控制台,便于用户管理、访问控制和监控。</li>
</ul>
<h2>开始使用 AnyLink</h2>
<p>体验 AnyLink 为您的企业远程办公需求所带来的便利和安全。</p>
<h2>下载客户端</h2>
<a href="/files/anyconnect-win-4.10.05111.msi" class="cta-button">Windows 客户端</a>
<a href="/files/anyconnect-macos-4.10.05111.dmg" class="cta-button">Mac 客户端</a>
<a href="https://apps.apple.com/cn/app/cisco-secure-client/id1135064690" class="cta-button">iOS 客户端</a>
<a href="/files/CiscoSecureClientAnyConnect_v5.0.00247.apk" class="cta-button">Android 客户端</a>
<a href="/files/freeotp.apk" class="cta-button">Android FreeOTP客户端</a>
<a href="https://apps.apple.com/cn/app/freeotp-authenticator/id872559395" class="cta-button">iOS FreeOTP客户端</a>
<h2>使用手册</h2>
<a href="/files/anylink_doc.pdf" class="cta-button">使用手册(Windows)</a>
</main>
<footer>
&copy; 2023 AnyLink. 保留所有权利。
</footer>
</body>
</html>

50
release.sh Normal file
View File

@@ -0,0 +1,50 @@
#!/bin/bash
#github action release.sh
set -x
function RETVAL() {
rt=$1
if [ $rt != 0 ]; then
echo $rt
exit 1
fi
}
#当前目录
cpath=$(pwd)
ver=$(cat version)
echo "当前版本 $ver"
rm -rf artifact-dist
mkdir artifact-dist
function archive() {
arch=$1
#echo "整理部署文件 $arch"
arch_name=${arch//\//-}
echo $arch_name
deploy="anylink-$ver-$arch_name"
docker container rm $deploy
docker container create --platform $arch --name $deploy bjdgyc/anylink:$ver
rm -rf anylink-deploy
docker cp -a $deploy:/app ./anylink-deploy
ls -lh anylink-deploy
tar zcf ${deploy}.tar.gz anylink-deploy
mv ${deploy}.tar.gz artifact-dist/
}
echo "copy二进制文件"
archive "linux/amd64"
archive "linux/arm64"
ls -lh artifact-dist
#注意使用root权限运行
#cd anylink-deploy
#sudo ./anylink --conf="conf/server.toml"

58
release_bak.sh Normal file
View File

@@ -0,0 +1,58 @@
#!/bin/bash
#github action release.sh
set -x
function RETVAL() {
rt=$1
if [ $rt != 0 ]; then
echo $rt
exit 1
fi
}
#当前目录
cpath=$(pwd)
echo "copy二进制文件"
cd $cpath/server
# -tags osusergo,netgo,sqlite_omit_load_extension
flags="-trimpath"
ldflags="-s -w -extldflags '-static' -X main.appVer=$ver -X main.commitId=$(git rev-parse HEAD) -X main.date=$(date --iso-8601=seconds)"
#github action
gopath=$(go env GOPATH)
go mod tidy
# alpine3
apk add gcc musl-dev
#使用 musl-dev 编译
docker run -q --rm -v $PWD:/app -v $gopath:/go -w /app --platform=linux/amd64 \
golang:1.20-alpine3.19 go build -o anylink_amd64 $flags -ldflags "$ldflags"
./anylink_amd64 -v
#arm64编译
docker run -q --rm -v $PWD:/app -v $gopath:/go -w /app --platform=linux/arm64 \
golang:1.20-alpine3.19 go build -o anylink_arm64 $flags -ldflags "$ldflags"
./anylink_arm64 -v
exit 0
cd $cpath
echo "整理部署文件"
deploy="anylink-deploy"
rm -rf $deploy ${deploy}.tar.gz
mkdir $deploy
mkdir $deploy/log
cp -r server/anylink $deploy
cp -r server/bridge-init.sh $deploy
cp -r server/conf $deploy
cp -r systemd $deploy
cp -r LICENSE $deploy
cp -r home $deploy
tar zcvf ${deploy}.tar.gz $deploy
#注意使用root权限运行
#cd anylink-deploy
#sudo ./anylink --conf="conf/server.toml"

44
server/admin/api_base.go
View File

@@ -8,6 +8,7 @@ import (
"github.com/bjdgyc/anylink/base" "github.com/bjdgyc/anylink/base"
"github.com/bjdgyc/anylink/pkg/utils" "github.com/bjdgyc/anylink/pkg/utils"
"github.com/gorilla/mux" "github.com/gorilla/mux"
"github.com/xlzd/gotp"
) )
// Login 登陆接口 // Login 登陆接口
@@ -20,10 +21,35 @@ func Login(w http.ResponseWriter, r *http.Request) {
adminUser := r.PostFormValue("admin_user") adminUser := r.PostFormValue("admin_user")
adminPass := r.PostFormValue("admin_pass") adminPass := r.PostFormValue("admin_pass")
// 启用otp验证
if base.Cfg.AdminOtp != "" {
pwd := adminPass
pl := len(pwd)
if pl < 6 {
RespError(w, RespUserOrPassErr)
base.Error(adminUser, "管理员otp错误")
return
}
// 判断otp信息
adminPass = pwd[:pl-6]
otp := pwd[pl-6:]
totp := gotp.NewDefaultTOTP(base.Cfg.AdminOtp)
unix := time.Now().Unix()
verify := totp.Verify(otp, unix)
if !verify {
RespError(w, RespUserOrPassErr)
base.Error(adminUser, "管理员otp错误")
return
}
}
// 认证错误 // 认证错误
if !(adminUser == base.Cfg.AdminUser && if !(adminUser == base.Cfg.AdminUser &&
utils.PasswordVerify(adminPass, base.Cfg.AdminPass)) { utils.PasswordVerify(adminPass, base.Cfg.AdminPass)) {
RespError(w, RespUserOrPassErr) RespError(w, RespUserOrPassErr)
base.Error(adminUser, "管理员用户名或密码错误")
return return
} }
@@ -41,6 +67,14 @@ func Login(w http.ResponseWriter, r *http.Request) {
data["admin_user"] = adminUser data["admin_user"] = adminUser
data["expires_at"] = expiresAt data["expires_at"] = expiresAt
ck := &http.Cookie{
Name: "jwt",
Value: tokenString,
Path: "/",
HttpOnly: true,
}
http.SetCookie(w, ck)
RespSucess(w, data) RespSucess(w, data)
} }
@@ -50,13 +84,15 @@ func authMiddleware(next http.Handler) http.Handler {
w.Header().Set("Access-Control-Allow-Methods", "GET,POST,OPTIONS") w.Header().Set("Access-Control-Allow-Methods", "GET,POST,OPTIONS")
w.Header().Set("Access-Control-Allow-Headers", "*") w.Header().Set("Access-Control-Allow-Headers", "*")
if r.Method == http.MethodOptions { if r.Method == http.MethodOptions {
// 正式环境不支持 OPTIONS
w.WriteHeader(http.StatusForbidden)
return return
} }
route := mux.CurrentRoute(r) route := mux.CurrentRoute(r)
name := route.GetName() name := route.GetName()
// fmt.Println("bb", r.URL.Path, name) // fmt.Println("bb", r.URL.Path, name)
if utils.InArrStr([]string{"login", "index", "static", "debug"}, name) { if utils.InArrStr([]string{"login", "index", "static"}, name) {
// 不进行鉴权 // 不进行鉴权
next.ServeHTTP(w, r) next.ServeHTTP(w, r)
return return
@@ -67,6 +103,12 @@ func authMiddleware(next http.Handler) http.Handler {
if jwtToken == "" { if jwtToken == "" {
jwtToken = r.FormValue("jwt") jwtToken = r.FormValue("jwt")
} }
if jwtToken == "" {
cc, err := r.Cookie("jwt")
if err == nil {
jwtToken = cc.Value
}
}
data, err := GetJwtData(jwtToken) data, err := GetJwtData(jwtToken)
if err != nil || base.Cfg.AdminUser != fmt.Sprint(data["admin_user"]) { if err != nil || base.Cfg.AdminUser != fmt.Sprint(data["admin_user"]) {
w.WriteHeader(http.StatusUnauthorized) w.WriteHeader(http.StatusUnauthorized)

14
server/admin/api_uploaduser.go
View File

@@ -5,11 +5,11 @@ import (
"io" "io"
"net/http" "net/http"
"os" "os"
"path"
"strconv" "strconv"
"strings" "strings"
"time" "time"
"github.com/bjdgyc/anylink/base"
"github.com/bjdgyc/anylink/dbdata" "github.com/bjdgyc/anylink/dbdata"
"github.com/bjdgyc/anylink/pkg/utils" "github.com/bjdgyc/anylink/pkg/utils"
mapset "github.com/deckarep/golang-set" mapset "github.com/deckarep/golang-set"
@@ -25,21 +25,27 @@ func UserUpload(w http.ResponseWriter, r *http.Request) {
return return
} }
defer file.Close() defer file.Close()
newFile, err := os.Create(base.Cfg.FilesPath + header.Filename)
// go/path-injection
// base.Cfg.FilesPath 可以直接对外访问,不能上传文件到此
fileName := path.Join(os.TempDir(), utils.RandomRunes(10))
newFile, err := os.Create(fileName)
if err != nil { if err != nil {
RespError(w, RespInternalErr, "创建文件失败:", err) RespError(w, RespInternalErr, "创建文件失败:", err)
return return
} }
defer newFile.Close() defer newFile.Close()
io.Copy(newFile, file) io.Copy(newFile, file)
if err = UploadUser(newFile.Name()); err != nil { if err = UploadUser(newFile.Name()); err != nil {
RespError(w, RespInternalErr, err) RespError(w, RespInternalErr, err)
os.Remove(base.Cfg.FilesPath + header.Filename) os.Remove(fileName)
return return
} }
os.Remove(base.Cfg.FilesPath + header.Filename) os.Remove(fileName)
RespSucess(w, "批量添加成功") RespSucess(w, "批量添加成功")
} }
func UploadUser(file string) error { func UploadUser(file string) error {
f, err := excelize.OpenFile(file) f, err := excelize.OpenFile(file)
if err != nil { if err != nil {

13
server/admin/api_user.go
View File

@@ -22,6 +22,7 @@ import (
func UserList(w http.ResponseWriter, r *http.Request) { func UserList(w http.ResponseWriter, r *http.Request) {
_ = r.ParseForm() _ = r.ParseForm()
prefix := r.FormValue("prefix") prefix := r.FormValue("prefix")
prefix = strings.TrimSpace(prefix)
pageS := r.FormValue("page") pageS := r.FormValue("page")
page, _ := strconv.Atoi(pageS) page, _ := strconv.Atoi(pageS)
if page < 1 { if page < 1 {
@@ -37,8 +38,11 @@ func UserList(w http.ResponseWriter, r *http.Request) {
// 查询前缀匹配 // 查询前缀匹配
if len(prefix) > 0 { if len(prefix) > 0 {
count = dbdata.CountPrefix("username", prefix, &dbdata.User{}) fuzzy := "%" + prefix + "%"
err = dbdata.Prefix("username", prefix, &datas, pageSize, 1) where := "username LIKE ? OR nickname LIKE ? OR email LIKE ?"
count = dbdata.FindWhereCount(&dbdata.User{}, where, fuzzy, fuzzy, fuzzy)
err = dbdata.FindWhere(&datas, pageSize, page, where, fuzzy, fuzzy, fuzzy)
} else { } else {
count = dbdata.CountAll(&dbdata.User{}) count = dbdata.CountAll(&dbdata.User{})
err = dbdata.Find(&datas, pageSize, page) err = dbdata.Find(&datas, pageSize, page)
@@ -107,7 +111,7 @@ func UserSet(w http.ResponseWriter, r *http.Request) {
return return
} }
} }
//修改用户资料后执行过期用户检测 // 修改用户资料后执行过期用户检测
sessdata.CloseUserLimittimeSession() sessdata.CloseUserLimittimeSession()
RespSucess(w, nil) RespSucess(w, nil)
} }
@@ -205,6 +209,7 @@ type userAccountMailData struct {
LinkAddr string LinkAddr string
Group string Group string
Username string Username string
Nickname string
PinCode string PinCode string
OtpImg string OtpImg string
OtpImgBase64 string OtpImgBase64 string
@@ -251,9 +256,11 @@ func userAccountMail(user *dbdata.User) error {
otpData, _ := userOtpQr(user.Id, true) otpData, _ := userOtpQr(user.Id, true)
data := userAccountMailData{ data := userAccountMailData{
Issuer: base.Cfg.Issuer,
LinkAddr: setting.LinkAddr, LinkAddr: setting.LinkAddr,
Group: strings.Join(user.Groups, ","), Group: strings.Join(user.Groups, ","),
Username: user.Username, Username: user.Username,
Nickname: user.Nickname,
PinCode: user.PinCode, PinCode: user.PinCode,
OtpImg: fmt.Sprintf("https://%s/otp_qr?id=%d&jwt=%s", setting.LinkAddr, user.Id, tokenString), OtpImg: fmt.Sprintf("https://%s/otp_qr?id=%d&jwt=%s", setting.LinkAddr, user.Id, tokenString),
OtpImgBase64: "data:image/png;base64," + otpData, OtpImgBase64: "data:image/png;base64," + otpData,

15
server/admin/server.go
View File

@@ -10,6 +10,7 @@ import (
"github.com/arl/statsviz" "github.com/arl/statsviz"
"github.com/bjdgyc/anylink/base" "github.com/bjdgyc/anylink/base"
"github.com/bjdgyc/anylink/dbdata" "github.com/bjdgyc/anylink/dbdata"
"github.com/bjdgyc/anylink/pkg/utils"
"github.com/gorilla/handlers" "github.com/gorilla/handlers"
"github.com/gorilla/mux" "github.com/gorilla/mux"
) )
@@ -20,6 +21,14 @@ var UiData embed.FS
func StartAdmin() { func StartAdmin() {
r := mux.NewRouter() r := mux.NewRouter()
// 所有路由添加安全头
r.Use(func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
utils.SetSecureHeader(w)
w.Header().Set("Server", "AnyLinkAdminOpenSource")
next.ServeHTTP(w, req)
})
})
r.Use(authMiddleware) r.Use(authMiddleware)
r.Use(handlers.CompressHandler) r.Use(handlers.CompressHandler)
@@ -88,8 +97,9 @@ func StartAdmin() {
r.HandleFunc("/debug/pprof", location("/debug/pprof/")).Name("debug") r.HandleFunc("/debug/pprof", location("/debug/pprof/")).Name("debug")
r.PathPrefix("/debug/pprof/").HandlerFunc(pprof.Index).Name("debug") r.PathPrefix("/debug/pprof/").HandlerFunc(pprof.Index).Name("debug")
// statsviz // statsviz
r.Path("/debug/statsviz/ws").Name("debug").HandlerFunc(statsviz.Ws) srv, _ := statsviz.NewServer() // Create server or handle error
r.PathPrefix("/debug/statsviz/").Name("debug").Handler(statsviz.Index) r.Path("/debug/statsviz/ws").Name("debug").HandlerFunc(srv.Ws())
r.PathPrefix("/debug/statsviz/").Name("debug").Handler(srv.Index())
} }
base.Info("Listen admin", base.Cfg.AdminAddr) base.Info("Listen admin", base.Cfg.AdminAddr)
@@ -120,6 +130,7 @@ func StartAdmin() {
Addr: base.Cfg.AdminAddr, Addr: base.Cfg.AdminAddr,
Handler: r, Handler: r,
TLSConfig: tlsConfig, TLSConfig: tlsConfig,
ErrorLog: base.GetServerLog(),
} }
err := srv.ListenAndServeTLS("", "") err := srv.ListenAndServeTLS("", "")
if err != nil { if err != nil {

10
server/base/app_ver.go
View File

@@ -2,6 +2,12 @@ package base
const ( const (
APP_NAME = "AnyLink" APP_NAME = "AnyLink"
// app版本号 )
APP_VER = "0.9.3"
var (
// APP_VER app版本号
APP_VER = "0.0.1"
// 提交id
CommitId string
BuildDate string
) )

19
server/base/cfg.go
View File

@@ -45,10 +45,12 @@ type ServerConfig struct {
FilesPath string `json:"files_path"` FilesPath string `json:"files_path"`
LogPath string `json:"log_path"` LogPath string `json:"log_path"`
LogLevel string `json:"log_level"` LogLevel string `json:"log_level"`
HttpServerLog bool `json:"http_server_log"`
Pprof bool `json:"pprof"` Pprof bool `json:"pprof"`
Issuer string `json:"issuer"` Issuer string `json:"issuer"`
AdminUser string `json:"admin_user"` AdminUser string `json:"admin_user"`
AdminPass string `json:"admin_pass"` AdminPass string `json:"admin_pass"`
AdminOtp string `json:"admin_otp"`
JwtSecret string `json:"jwt_secret"` JwtSecret string `json:"jwt_secret"`
LinkMode string `json:"link_mode"` // tun tap macvtap ipvtap LinkMode string `json:"link_mode"` // tun tap macvtap ipvtap
@@ -69,6 +71,7 @@ type ServerConfig struct {
Mtu int `json:"mtu"` Mtu int `json:"mtu"`
DefaultDomain string `json:"default_domain"` DefaultDomain string `json:"default_domain"`
IdleTimeout int `json:"idle_timeout"` // in seconds
SessionTimeout int `json:"session_timeout"` // in seconds SessionTimeout int `json:"session_timeout"` // in seconds
// AuthTimeout int `json:"auth_timeout"` // in seconds // AuthTimeout int `json:"auth_timeout"` // in seconds
AuditInterval int `json:"audit_interval"` // in seconds AuditInterval int `json:"audit_interval"` // in seconds
@@ -152,6 +155,7 @@ type SCfg struct {
Env string `json:"env"` Env string `json:"env"`
Info string `json:"info"` Info string `json:"info"`
Data interface{} `json:"data"` Data interface{} `json:"data"`
Val interface{} `json:"default"`
} }
func ServerCfg2Slice() []SCfg { func ServerCfg2Slice() []SCfg {
@@ -166,18 +170,27 @@ func ServerCfg2Slice() []SCfg {
field := typ.Field(i) field := typ.Field(i)
value := s.Field(i) value := s.Field(i)
tag := field.Tag.Get("json") tag := field.Tag.Get("json")
usage, env := getUsageEnv(tag) usage, env, val := getUsageEnv(tag)
datas = append(datas, SCfg{Name: tag, Env: env, Info: usage, Data: value.Interface()}) datas = append(datas, SCfg{Name: tag, Env: env, Info: usage, Data: value.Interface(), Val: val})
} }
return datas return datas
} }
func getUsageEnv(name string) (usage, env string) { func getUsageEnv(name string) (usage, env string, val interface{}) {
for _, v := range configs { for _, v := range configs {
if v.Name == name { if v.Name == name {
usage = v.Usage usage = v.Usage
if v.Typ == cfgStr {
val = v.ValStr
}
if v.Typ == cfgInt {
val = v.ValInt
}
if v.Typ == cfgBool {
val = v.ValBool
}
} }
} }

58
server/base/cmd.go
View File

@@ -1,23 +1,25 @@
package base package base
import ( import (
"errors"
"fmt" "fmt"
"io"
"os" "os"
"reflect" "reflect"
"runtime" "runtime"
"strings" "strings"
"github.com/bjdgyc/anylink/pkg/utils" "github.com/bjdgyc/anylink/pkg/utils"
"github.com/skip2/go-qrcode"
"github.com/spf13/cobra" "github.com/spf13/cobra"
"github.com/spf13/viper" "github.com/spf13/viper"
"github.com/xlzd/gotp"
) )
var ( var (
// 提交id
CommitId string
// pass明文 // pass明文
passwd string passwd string
// 生成otp
otp bool
// 生成密钥 // 生成密钥
secret bool secret bool
// 显示版本信息 // 显示版本信息
@@ -56,8 +58,28 @@ func execute() {
} }
if !runSrv { if !runSrv {
if debug {
scfgData := ServerCfg2Slice()
fmtStr := "%-18v %-23v %-20v %v\n"
fmt.Printf(fmtStr, "Name", "Env", "Value", "Info")
for _, v := range scfgData {
if v.Name == "admin_pass" || v.Name == "jwt_secret" {
v.Val = "******"
}
fmt.Printf(fmtStr, v.Name, v.Env, v.Val, v.Info)
}
}
os.Exit(0) os.Exit(0)
} }
// 移动配置解析代码
conf := linkViper.GetString("conf")
linkViper.SetConfigFile(conf)
err = linkViper.ReadInConfig()
if err != nil {
// 没有配置文件,直接报错
panic("config file err:" + err.Error())
}
} }
func initCmd() { func initCmd() {
@@ -80,7 +102,6 @@ func initCmd() {
linkViper.SetEnvPrefix("link") linkViper.SetEnvPrefix("link")
// 基础配置 // 基础配置
for _, v := range configs { for _, v := range configs {
if v.Typ == cfgStr { if v.Typ == cfgStr {
rootCmd.Flags().StringP(v.Name, v.Short, v.ValStr, v.Usage) rootCmd.Flags().StringP(v.Name, v.Short, v.ValStr, v.Usage)
@@ -102,19 +123,6 @@ func initCmd() {
cobra.OnInitialize(func() { cobra.OnInitialize(func() {
linkViper.AutomaticEnv() linkViper.AutomaticEnv()
conf := linkViper.GetString("conf")
_, err := os.Stat(conf)
if errors.Is(err, os.ErrNotExist) {
// 没有配置文件,不做处理
panic(err)
}
linkViper.SetConfigFile(conf)
err = linkViper.ReadInConfig()
if err != nil {
fmt.Println("Using config file:", err)
}
}) })
} }
@@ -128,9 +136,12 @@ func initToolCmd() *cobra.Command {
toolCmd.Flags().BoolVarP(&rev, "version", "v", false, "display version info") toolCmd.Flags().BoolVarP(&rev, "version", "v", false, "display version info")
toolCmd.Flags().BoolVarP(&secret, "secret", "s", false, "generate a random jwt secret") toolCmd.Flags().BoolVarP(&secret, "secret", "s", false, "generate a random jwt secret")
toolCmd.Flags().StringVarP(&passwd, "passwd", "p", "", "convert the password plaintext") toolCmd.Flags().StringVarP(&passwd, "passwd", "p", "", "convert the password plaintext")
toolCmd.Flags().BoolVarP(&otp, "otp", "o", false, "generate a random otp secret")
toolCmd.Flags().BoolVarP(&debug, "debug", "d", false, "list the config viper.Debug() info") toolCmd.Flags().BoolVarP(&debug, "debug", "d", false, "list the config viper.Debug() info")
toolCmd.Run = func(cmd *cobra.Command, args []string) { toolCmd.Run = func(cmd *cobra.Command, args []string) {
runSrv = false
switch { switch {
case rev: case rev:
printVersion() printVersion()
@@ -138,11 +149,18 @@ func initToolCmd() *cobra.Command {
s, _ := utils.RandSecret(40, 60) s, _ := utils.RandSecret(40, 60)
s = strings.Trim(s, "=") s = strings.Trim(s, "=")
fmt.Printf("Secret:%s\n", s) fmt.Printf("Secret:%s\n", s)
case otp:
s := gotp.RandomSecret(32)
fmt.Printf("Otp:%s\n\n", s)
qrstr := fmt.Sprintf("otpauth://totp/%s:%s?issuer=%s&secret=%s", "anylink_admin", "admin@anylink", "anylink_admin", s)
qr, _ := qrcode.New(qrstr, qrcode.High)
ss := qr.ToSmallString(false)
io.WriteString(os.Stderr, ss)
case passwd != "": case passwd != "":
pass, _ := utils.PasswordHash(passwd) pass, _ := utils.PasswordHash(passwd)
fmt.Printf("Passwd:%s\n", pass) fmt.Printf("Passwd:%s\n", pass)
case debug: case debug:
linkViper.Debug() // linkViper.Debug()
default: default:
fmt.Println("Using [anylink tool -h] for help") fmt.Println("Using [anylink tool -h] for help")
} }
@@ -152,6 +170,6 @@ func initToolCmd() *cobra.Command {
} }
func printVersion() { func printVersion() {
fmt.Printf("%s v%s build on %s [%s, %s] commit_id(%s) \n", fmt.Printf("%s v%s build on %s [%s, %s] date:%s commit_id(%s)\n",
APP_NAME, APP_VER, runtime.Version(), runtime.GOOS, runtime.GOARCH, CommitId) APP_NAME, APP_VER, runtime.Version(), runtime.GOOS, runtime.GOARCH, BuildDate, CommitId)
} }

19
server/base/config.go
View File

@@ -22,9 +22,9 @@ type config struct {
var configs = []config{ var configs = []config{
{Typ: cfgStr, Name: "conf", Usage: "config file", ValStr: "./conf/server.toml", Short: "c"}, {Typ: cfgStr, Name: "conf", Usage: "config file", ValStr: "./conf/server.toml", Short: "c"},
{Typ: cfgStr, Name: "profile", Usage: "profile.xml file", ValStr: "./conf/profile.xml"}, {Typ: cfgStr, Name: "profile", Usage: "profile.xml file", ValStr: "./conf/profile.xml"},
{Typ: cfgStr, Name: "server_addr", Usage: "服务监听地址", ValStr: ":443"}, {Typ: cfgStr, Name: "server_addr", Usage: "TCP服务监听地址(任意端口)", ValStr: ":443"},
{Typ: cfgBool, Name: "server_dtls", Usage: "开启DTLS", ValBool: false}, {Typ: cfgBool, Name: "server_dtls", Usage: "开启DTLS", ValBool: true},
{Typ: cfgStr, Name: "server_dtls_addr", Usage: "DTLS监听地址", ValStr: ":443"}, {Typ: cfgStr, Name: "server_dtls_addr", Usage: "DTLS监听地址(任意端口)", ValStr: ":443"},
{Typ: cfgStr, Name: "admin_addr", Usage: "后台服务监听地址", ValStr: ":8800"}, {Typ: cfgStr, Name: "admin_addr", Usage: "后台服务监听地址", ValStr: ":8800"},
{Typ: cfgBool, Name: "proxy_protocol", Usage: "TCP代理协议", ValBool: false}, {Typ: cfgBool, Name: "proxy_protocol", Usage: "TCP代理协议", ValBool: false},
{Typ: cfgStr, Name: "db_type", Usage: "数据库类型 [sqlite3 mysql postgres]", ValStr: "sqlite3"}, {Typ: cfgStr, Name: "db_type", Usage: "数据库类型 [sqlite3 mysql postgres]", ValStr: "sqlite3"},
@@ -34,10 +34,12 @@ var configs = []config{
{Typ: cfgStr, Name: "files_path", Usage: "外部下载文件路径", ValStr: "./conf/files"}, {Typ: cfgStr, Name: "files_path", Usage: "外部下载文件路径", ValStr: "./conf/files"},
{Typ: cfgStr, Name: "log_path", Usage: "日志文件路径,默认标准输出", ValStr: ""}, {Typ: cfgStr, Name: "log_path", Usage: "日志文件路径,默认标准输出", ValStr: ""},
{Typ: cfgStr, Name: "log_level", Usage: "日志等级 [debug info warn error]", ValStr: "debug"}, {Typ: cfgStr, Name: "log_level", Usage: "日志等级 [debug info warn error]", ValStr: "debug"},
{Typ: cfgBool, Name: "http_server_log", Usage: "开启go标准库http.Server的日志", ValBool: false},
{Typ: cfgBool, Name: "pprof", Usage: "开启pprof", ValBool: false}, {Typ: cfgBool, Name: "pprof", Usage: "开启pprof", ValBool: false},
{Typ: cfgStr, Name: "issuer", Usage: "系统名称", ValStr: "XX公司VPN"}, {Typ: cfgStr, Name: "issuer", Usage: "系统名称", ValStr: "XX公司VPN"},
{Typ: cfgStr, Name: "admin_user", Usage: "管理用户名", ValStr: "admin"}, {Typ: cfgStr, Name: "admin_user", Usage: "管理用户名", ValStr: "admin"},
{Typ: cfgStr, Name: "admin_pass", Usage: "管理用户密码", ValStr: defaultPwd}, {Typ: cfgStr, Name: "admin_pass", Usage: "管理用户密码", ValStr: defaultPwd},
{Typ: cfgStr, Name: "admin_otp", Usage: "管理用户otp,生成命令 ./anylink tool -o", ValStr: ""},
{Typ: cfgStr, Name: "jwt_secret", Usage: "JWT密钥", ValStr: defaultJwt}, {Typ: cfgStr, Name: "jwt_secret", Usage: "JWT密钥", ValStr: defaultJwt},
{Typ: cfgStr, Name: "link_mode", Usage: "虚拟网络类型[tun tap macvtap ipvtap]", ValStr: "tun"}, {Typ: cfgStr, Name: "link_mode", Usage: "虚拟网络类型[tun tap macvtap ipvtap]", ValStr: "tun"},
{Typ: cfgStr, Name: "ipv4_master", Usage: "ipv4主网卡名称", ValStr: "eth0"}, {Typ: cfgStr, Name: "ipv4_master", Usage: "ipv4主网卡名称", ValStr: "eth0"},
@@ -51,14 +53,15 @@ var configs = []config{
{Typ: cfgInt, Name: "ip_lease", Usage: "IP租期(秒)", ValInt: 86400}, {Typ: cfgInt, Name: "ip_lease", Usage: "IP租期(秒)", ValInt: 86400},
{Typ: cfgInt, Name: "max_client", Usage: "最大用户连接", ValInt: 200}, {Typ: cfgInt, Name: "max_client", Usage: "最大用户连接", ValInt: 200},
{Typ: cfgInt, Name: "max_user_client", Usage: "最大单用户连接", ValInt: 3}, {Typ: cfgInt, Name: "max_user_client", Usage: "最大单用户连接", ValInt: 3},
{Typ: cfgInt, Name: "cstp_keepalive", Usage: "keepalive时间(秒)", ValInt: 4}, {Typ: cfgInt, Name: "cstp_keepalive", Usage: "keepalive时间(秒)", ValInt: 5},
{Typ: cfgInt, Name: "cstp_dpd", Usage: "死链接检测时间(秒)", ValInt: 10}, {Typ: cfgInt, Name: "cstp_dpd", Usage: "死链接检测时间(秒)", ValInt: 12},
{Typ: cfgInt, Name: "mobile_keepalive", Usage: "移动端keepalive接检测时间(秒)", ValInt: 7}, {Typ: cfgInt, Name: "mobile_keepalive", Usage: "移动端keepalive接检测时间(秒)", ValInt: 10},
{Typ: cfgInt, Name: "mobile_dpd", Usage: "移动端死链接检测时间(秒)", ValInt: 15}, {Typ: cfgInt, Name: "mobile_dpd", Usage: "移动端死链接检测时间(秒)", ValInt: 22},
{Typ: cfgInt, Name: "mtu", Usage: "最大传输单元MTU", ValInt: 1460}, {Typ: cfgInt, Name: "mtu", Usage: "最大传输单元MTU", ValInt: 1460},
{Typ: cfgInt, Name: "idle_timeout", Usage: "空闲链接超时时间(秒)-超时后断开链接0关闭此功能", ValInt: 7200},
{Typ: cfgInt, Name: "session_timeout", Usage: "session过期时间(秒)-用于断线重连0永不过期", ValInt: 3600}, {Typ: cfgInt, Name: "session_timeout", Usage: "session过期时间(秒)-用于断线重连0永不过期", ValInt: 3600},
// {Typ: cfgInt, Name: "auth_timeout", Usage: "auth_timeout", ValInt: 0}, // {Typ: cfgInt, Name: "auth_timeout", Usage: "auth_timeout", ValInt: 0},
{Typ: cfgInt, Name: "audit_interval", Usage: "审计去重间隔(秒),-1关闭", ValInt: -1}, {Typ: cfgInt, Name: "audit_interval", Usage: "审计去重间隔(秒),-1关闭", ValInt: 600},
{Typ: cfgBool, Name: "show_sql", Usage: "显示sql语句用于调试", ValBool: false}, {Typ: cfgBool, Name: "show_sql", Usage: "显示sql语句用于调试", ValBool: false},
{Typ: cfgBool, Name: "iptables_nat", Usage: "是否自动添加NAT", ValBool: true}, {Typ: cfgBool, Name: "iptables_nat", Usage: "是否自动添加NAT", ValBool: true},

23
server/base/log.go
View File

@@ -28,6 +28,10 @@ var (
logName = "anylink.log" logName = "anylink.log"
) )
func init() {
log.SetFlags(log.LstdFlags | log.Lshortfile)
}
// 实现 os.Writer 接口 // 实现 os.Writer 接口
type logWriter struct { type logWriter struct {
UseStdout bool UseStdout bool
@@ -77,15 +81,28 @@ func initLog() {
baseLw.newFile() baseLw.newFile()
baseLevel = logLevel2Int(Cfg.LogLevel) baseLevel = logLevel2Int(Cfg.LogLevel)
baseLog = log.New(baseLw, "", log.LstdFlags|log.Lshortfile) baseLog = log.New(baseLw, "", log.LstdFlags|log.Lshortfile)
serverLog = log.New(&sLogWriter{}, "[http_server]", log.LstdFlags|log.Lshortfile)
} }
func GetBaseLw() *logWriter { func GetBaseLw() *logWriter {
return baseLw return baseLw
} }
var serverLog *log.Logger
type sLogWriter struct{}
func (w *sLogWriter) Write(p []byte) (n int, err error) {
if Cfg.HttpServerLog {
return os.Stderr.Write(p)
}
return 0, nil
}
// 获取 log.Logger // 获取 log.Logger
func GetBaseLog() *log.Logger { func GetServerLog() *log.Logger {
return baseLog return serverLog
} }
func GetLogLevel() int { func GetLogLevel() int {
@@ -103,7 +120,7 @@ func logLevel2Int(l string) int {
} }
lvl := LogLevelInfo lvl := LogLevelInfo
for k, v := range levels { for k, v := range levels {
if strings.EqualFold(strings.ToLower(l), strings.ToLower(v)) { if strings.ToLower(l) == strings.ToLower(v) {
lvl = k lvl = k
} }
} }

82
server/base/mod.go Normal file
View File

@@ -0,0 +1,82 @@
package base
import (
"bufio"
"fmt"
"log"
"os"
"os/exec"
"strings"
)
const (
procModulesPath = "/proc/modules"
inContainerKey = "ANYLINK_IN_CONTAINER"
tunPath = "/dev/net/tun"
)
var (
InContainer = false
modMap = map[string]struct{}{}
)
func initMod() {
container := os.Getenv(inContainerKey)
if container == "true" {
InContainer = true
}
log.Println("InContainer", InContainer)
file, err := os.Open(procModulesPath)
if err != nil {
err = fmt.Errorf("[ERROR] Problem with open file: %s", err)
panic(err)
}
defer file.Close()
scanner := bufio.NewScanner(file)
scanner.Split(bufio.ScanLines)
for scanner.Scan() {
splited := strings.Split(scanner.Text(), " ")
if len(splited[0]) > 0 {
modMap[splited[0]] = struct{}{}
}
}
}
func CheckModOrLoad(mod string) {
log.Println("CheckModOrLoad", mod)
if _, ok := modMap[mod]; ok {
return
}
var err error
if mod == "tun" || mod == "tap" {
_, err = os.Stat(tunPath)
if err == nil {
// 文件存在
return
}
err = fmt.Errorf("[error] Linux tunFile is null %s", tunPath)
log.Println(err)
return
// panic(err)
}
if InContainer {
err = fmt.Errorf("[error] Linux module %s is not loaded, please run `modprobe %s`", mod, mod)
log.Println(err)
return
// panic(err)
}
cmdstr := fmt.Sprintln("modprobe", mod)
cmd := exec.Command("sh", "-c", cmdstr)
b, err := cmd.CombinedOutput()
if err != nil {
log.Println(string(b))
panic(err)
}
}

1
server/base/start.go
View File

@@ -4,6 +4,7 @@ func Start() {
execute() execute()
initCfg() initCfg()
initLog() initLog()
initMod()
} }
func Test() { func Test() {

20
server/build_test.sh Normal file
View File

@@ -0,0 +1,20 @@
#!/bin/sh
# docker run -it --rm -v $PWD:/app -v /go:/go -w /app --platform=linux/arm64 golang:alpine3.19 sh build_test.sh
set -x
sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
export GOPROXY=https://goproxy.cn
apk add build-base tzdata gcc musl-dev upx
#go build -o anylink
go build -o anylink -ldflags "-s -w -extldflags '-static'"
go env
uname -a
./anylink -v

2
server/conf/files/info.txt
View File

@@ -1,2 +1,2 @@
客户端软件需放置在files目录内 客户端软件需放置在files目录内
如需要帮助请加QQ群567510628 如需要帮助请加QQ群567510628 、739072205

13
server/conf/profile.xml
View File

@@ -8,6 +8,7 @@
<RestrictPreferenceCaching>false</RestrictPreferenceCaching> <RestrictPreferenceCaching>false</RestrictPreferenceCaching>
<RestrictTunnelProtocols>IPSec</RestrictTunnelProtocols> <RestrictTunnelProtocols>IPSec</RestrictTunnelProtocols>
<BypassDownloader>true</BypassDownloader> <BypassDownloader>true</BypassDownloader>
<AutoUpdate UserControllable="false">false</AutoUpdate>
<WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment> <WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>
<LinuxVPNEstablishment>AllowRemoteUsers</LinuxVPNEstablishment> <LinuxVPNEstablishment>AllowRemoteUsers</LinuxVPNEstablishment>
<CertEnrollmentPin>pinAllowed</CertEnrollmentPin> <CertEnrollmentPin>pinAllowed</CertEnrollmentPin>
@@ -20,15 +21,19 @@
</ExtendedKeyUsage> </ExtendedKeyUsage>
</CertificateMatch> </CertificateMatch>
<BackupServerList>
<HostAddress>localhost</HostAddress>
</BackupServerList>
</ClientInitialization> </ClientInitialization>
<ServerList> <ServerList>
<HostEntry> <HostEntry>
<HostName>VPN Server</HostName> <HostName>VPN</HostName>
<HostAddress>localhost</HostAddress> <HostAddress>localhost</HostAddress>
</HostEntry> </HostEntry>
<HostEntry>
<HostName>VPN2</HostName>
<HostAddress>localhost2</HostAddress>
</HostEntry>
</ServerList> </ServerList>
</AnyConnectProfile> </AnyConnectProfile>

25
server/conf/server-sample.toml
View File

@@ -23,19 +23,24 @@ issuer = "XX公司VPN"
admin_user = "admin" admin_user = "admin"
#pass 123456 #pass 123456
admin_pass = "$2a$10$UQ7C.EoPifDeJh6d8.31TeSPQU7hM/NOM2nixmBucJpAuXDQNqNke" admin_pass = "$2a$10$UQ7C.EoPifDeJh6d8.31TeSPQU7hM/NOM2nixmBucJpAuXDQNqNke"
# 留空表示不开启 otp, 开启otp后密码为 pass + 6位otp
# 生成 ./anylink tool -o
admin_otp = ""
jwt_secret = "abcdef.0123456789.abcdef" jwt_secret = "abcdef.0123456789.abcdef"
#服务监听地址 #TCP服务监听地址(任意端口)
server_addr = ":443" server_addr = ":443"
#开启 DTLS, 默认关闭 #开启 DTLS
server_dtls = false server_dtls = true
#UDP监听地址(任意端口)
server_dtls_addr = ":443" server_dtls_addr = ":443"
#后台服务监听地址 #后台服务监听地址
admin_addr = ":8800" admin_addr = ":8800"
#开启tcp proxy protocol协议 #开启tcp proxy protocol协议
proxy_protocol = false proxy_protocol = false
#虚拟网络类型[tun macvtap tap]
link_mode = "tun" link_mode = "tun"
#客户端分配的ip地址池 #客户端分配的ip地址池
@@ -46,7 +51,7 @@ ipv4_start = "192.168.90.100"
ipv4_end = "192.168.90.200" ipv4_end = "192.168.90.200"
#最大客户端数量 #最大客户端数量
max_client = 100 max_client = 200
#单个用户同时在线数量 #单个用户同时在线数量
max_user_client = 3 max_user_client = 3
#IP租期(秒) #IP租期(秒)
@@ -56,10 +61,10 @@ ip_lease = 86400
default_group = "one" default_group = "one"
#客户端失效检测时间(秒) dpd > keepalive #客户端失效检测时间(秒) dpd > keepalive
cstp_keepalive = 6 cstp_keepalive = 5
cstp_dpd = 10 cstp_dpd = 12
mobile_keepalive = 15 mobile_keepalive = 10
mobile_dpd = 20 mobile_dpd = 22
#设置最大传输单元 #设置最大传输单元
mtu = 1460 mtu = 1460
@@ -68,10 +73,12 @@ mtu = 1460
default_domain = "example.com" default_domain = "example.com"
#default_domain = "example.com abc.example.com" #default_domain = "example.com abc.example.com"
#空闲链接超时时间(秒)-超时后断开链接0关闭此功能
idle_timeout = 7200
#session过期时间用于断线重连0永不过期 #session过期时间用于断线重连0永不过期
session_timeout = 3600 session_timeout = 3600
auth_timeout = 0 auth_timeout = 0
audit_interval = -1 audit_interval = 600
show_sql = false show_sql = false

14
server/conf/server.toml
View File

@@ -18,14 +18,22 @@ issuer = "XX公司VPN"
admin_user = "admin" admin_user = "admin"
#pass 123456 #pass 123456
admin_pass = "$2a$10$UQ7C.EoPifDeJh6d8.31TeSPQU7hM/NOM2nixmBucJpAuXDQNqNke" admin_pass = "$2a$10$UQ7C.EoPifDeJh6d8.31TeSPQU7hM/NOM2nixmBucJpAuXDQNqNke"
# 留空表示不开启 otp, 开启otp后密码为 pass + 6位otp
# 生成 ./anylink tool -o
admin_otp = ""
jwt_secret = "abcdef.0123456789.abcdef" jwt_secret = "abcdef.0123456789.abcdef"
#服务监听地址 #TCP服务监听地址(任意端口)
server_addr = ":443" server_addr = ":443"
#开启 DTLS
server_dtls = true
#UDP监听地址(任意端口)
server_dtls_addr = ":443"
#后台服务监听地址 #后台服务监听地址
admin_addr = ":8800" admin_addr = ":8800"
#虚拟网络类型[tun macvtap]
link_mode = "tun"
#客户端分配的ip地址池 #客户端分配的ip地址池
ipv4_master = "eth0" ipv4_master = "eth0"
ipv4_cidr = "192.168.90.0/24" ipv4_cidr = "192.168.90.0/24"
@@ -38,6 +46,6 @@ iptables_nat = true
#客户端显示详细错误信息(线上环境慎开启) #客户端显示详细错误信息(线上环境慎开启)
display_error = false display_error = true

120
server/conf/vpn_cert.crt
View File

@@ -1,61 +1,67 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIF9jCCBN6gAwIBAgIQAuUy6Rv6Bo3nDXn5FackbDANBgkqhkiG9w0BAQsFADBu MIIGbTCCBNWgAwIBAgIQIodwqN03+Y3aYpdvfq2qKTANBgkqhkiG9w0BAQwFADBZ
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 MQswCQYDVQQGEwJDTjElMCMGA1UEChMcVHJ1c3RBc2lhIFRlY2hub2xvZ2llcywg
d3cuZGlnaWNlcnQuY29tMS0wKwYDVQQDEyRFbmNyeXB0aW9uIEV2ZXJ5d2hlcmUg SW5jLjEjMCEGA1UEAxMaVHJ1c3RBc2lhIFJTQSBEViBUTFMgQ0EgRzIwHhcNMjQw
RFYgVExTIENBIC0gRzEwHhcNMjMwMTAzMDAwMDAwWhcNMjQwMTAzMjM1OTU5WjAc MTIyMDAwMDAwWhcNMjUwMTIxMjM1OTU5WjAcMRowGAYDVQQDExF2cG4udGVzdC52
MRowGAYDVQQDExF2cG4udGVzdC52cWlsdS5jbjCCASIwDQYJKoZIhvcNAQEBBQAD cWlsdS5jbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANFWPBr5g8py
ggEPADCCAQoCggEBANJAJPYBvOP/7v8SgMIkVLIulN/ziPALvFcEwVnQDImUIky8 8oPZhklQw9zBcIvfaEX2AVPIwW6iOm+j8v0LvXTGQkE1bZx4RwB1jKiEGG3KVsIU
4udy0fmvJ2E3E3NL6Qv14ZHDGtH7CafukimNWTT2BVmQBYiO1ZlUkHcHUX4IoYEh pTJCkNEmwCZGJYvnNKN952zhtUQieZe8X4Zr0W43+j9Hbv+TKt6MFV3u70ArOD2T
egdy2xw0WwknJWTOyvkRkeDhtT9QUpA/zeemS4q1TG95zRDf5htUR4OMZXsZpkQ2 m8j/gWFcUyK9mDCCFpKImRUckbp6GYJUZHXUDktQiOu5v6Jgl9pLZ2XhZXGf2TJh
bkSgnLtdyUmw2nhfSWgsD9fbwr6WnOx/swsUe52N3sIDZ6JTgn3N7xeT3/lVJKVN G441TScMwidYToX51VrnscRQQ6iUMSav1H43lchdh9fAThbheP/kIv6YEswT45oA
wyYkZldialmRzrs6btr3mmnqpWObcc4FvKr/CLmoOSXl0I1wWsr+HnQ4X9hHsJUk MrxET10+iaCTdWpz+zy2GWXLO2pH9N9AjALCZA1/5QHkMhavmJgOxfitTeGzAlBQ
jk3EZKfhH3mM37HF8apqztb6WjC3R96Zam6Z8bMCAwEAAaOCAuAwggLcMB8GA1Ud JNAIs0Rx1K0CAwEAAaOCAuwwggLoMB8GA1UdIwQYMBaAFF86fBEQfgxncWHci6O1
IwQYMBaAFFV0T7JyT/VgulDR1+ZRXJoBhxrXMB0GA1UdDgQWBBSUpPcW3emC2l0o AANn9VccMB0GA1UdDgQWBBRDRfNBNYRlLb4V1MRTnU+bUVnvnDAOBgNVHQ8BAf8E
q6qRBOBDMjQ2rDAcBgNVHREEFTATghF2cG4udGVzdC52cWlsdS5jbjAOBgNVHQ8B BAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD4GA1UdIAQ3 AwIwSQYDVR0gBEIwQDA0BgsrBgEEAbIxAQICMTAlMCMGCCsGAQUFBwIBFhdodHRw
MDUwMwYGZ4EMAQIBMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQu czovL3NlY3RpZ28uY29tL0NQUzAIBgZngQwBAgEwfQYIKwYBBQUHAQEEcTBvMEIG
Y29tL0NQUzCBgAYIKwYBBQUHAQEEdDByMCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz CCsGAQUFBzAChjZodHRwOi8vY3J0LnRydXN0LXByb3ZpZGVyLmNuL1RydXN0QXNp
cC5kaWdpY2VydC5jb20wSgYIKwYBBQUHMAKGPmh0dHA6Ly9jYWNlcnRzLmRpZ2lj YVJTQURWVExTQ0FHMi5jcnQwKQYIKwYBBQUHMAGGHWh0dHA6Ly9vY3NwLnRydXN0
ZXJ0LmNvbS9FbmNyeXB0aW9uRXZlcnl3aGVyZURWVExTQ0EtRzEuY3J0MAkGA1Ud LXByb3ZpZGVyLmNuMBwGA1UdEQQVMBOCEXZwbi50ZXN0LnZxaWx1LmNuMIIBfwYK
EwQCMAAwggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB2AO7N0GTV2xrOxVy3nbTN KwYBBAHWeQIEAgSCAW8EggFrAWkAdgDPEVbu1S58r/OHW9lpLpvpGnFnSrAX7KwB
E6Iyh0Z8vOzew1FIWUZxH7WbAAABhXXkyXMAAAQDAEcwRQIgVhLvLOPcW0V1xhBv 0lt3zsw7CAAAAY0v95Z6AAAEAwBHMEUCIDbFVgzV1DDvqTq6UnYisMqAEJn1cR+d
5KSeqGHbAnRVhew3kutV3Bu1x+ICIQCbYjRtmkDo1hx6p0YNdNfkZ3N5u+syVjwH mc+agwaOuRbrAiEAz3W2HooNcKqADX9QyK8xQQ8r9BQKVCQzF76g9AZKeDoAdwCi
Al3a9NpVxgB1AEiw42vapkc0D+VqAvqdMOscUgHLVt0sgdm7v6s52IRzAAABhXXk 4wrkRe+9rZt+OO1HZ3dT14JbhJTXK14bLMS5UKRH5wAAAY0v95ZkAAAEAwBIMEYC
yY4AAAQDAEYwRAIgcuscG2kkSGNvAsVH9CAtXjNUwk9UJriY0+3OtQ4WVrMCIAsC IQCWVxDjciJ/KMbwbqMbEZdsDq0nCrotlPhIBb5wFBurVgIhAOgnw3nqSqFYRm8y
CkqEI1Ek5M26yrWt0Q7+u+UZ8rXhfYu3kcMMq7PVAHYAO1N3dT4tuYBOizBbBv5A OL3nz8rop0V5IEtgiNarOqMfLf33AHYATnWjJ1yaEMM4W2zU3z9S6x3w4I4bjWnA
O2fYT8P0x70ADS1yb+H61BcAAAGFdeTJkAAABAMARzBFAiAEJbJTN8hrRUZ6UaaD sfpksWKaOd8AAAGNL/eWFwAABAMARzBFAiBB+V0NBebuCniZVuin5OaMYvWyNvRd
2TlyDQfzUvTkex0XGT6PGKHkagIhAJ+Kg6tdt/csKde2vdweu+dT01fzg/fq4q3o NJ6hRmLbSKQAwwIhAKrPRrAP3An/9HSrFN/70eEK5DHT8+q8m0L5tc0+TckmMA0G
mjfPhFm1MA0GCSqGSIb3DQEBCwUAA4IBAQAKFTUHbpgKsXARCBIIfEZGqkOvaafm CSqGSIb3DQEBDAUAA4IBgQCB65Q0V6Mewca0iVCxLJxczu6XYCCwsUzJiTWYjao3
QaoNodc6cj0+LJCbuMzrTlkzmII0X/U52MBG8JCEIO8BPe5R4NIFqqaE066zQANq XZVe8yB4RhAimsUY+U3nXIL3RivkJydqfOO9N5APWndDgbtS4r55TFdscDUDmzsR
HOsROOJi2A+WTTZcSEHbH3uhdVwcEQHvDzaOEEJc9Ilz6pdYsrv+trOmeR5PeIxv S5kYCoEudbDWT89U+tHMOxzUKkb3nDA0WvJEN52CAanYO3blihnX3eX7enQMGtsM
t1jQacSwN1z6z0N4CRjBpePV/9nwETkEaKjQuXSoYlN+pczK/4nX2W9+E/OnwtZs gfDrArcQyS+WMKUkyOlNysqGtj3XWYKssBPrX/0GqMimoeYkg+B4daBTbOVB6sKs
ScyFffPtTLHf1u4eSYuBT/AdwaKHXetxWzh98GP9LRfQhm63Gs+/WcloYl489dG/ +USnmhI2MF3QUxn0+fC207HbSDj7s4a6npjg5KsL0zUsFrNZlMH30Tx2L0WuI1T7
FOFjch2TdmrPcUwxxGEbbPt3zXRxSVlzvIaf4gTUl2+PsKwbKy/w4OLS 65lKHaKt8CyuL/YTjD5lAGYtJ+K9ypl5sBUFCXeW1lazTocjDa2CKv3WV+kVBhyO
2nA2Lo4e643YXwXw98+ufU2U9yUjn1OrhsUXo3qaxETGVMumRwubtX4O2dUKnYGF
xBxfHzXJKhZjX+U2ENIwsrm7pp3dcpIZqKxPCeowU5Ma9tvYpM7kgDhploMfsVic
H7pWcFY99X5nMwJoDDBYomY=
-----END CERTIFICATE----- -----END CERTIFICATE-----
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIEqjCCA5KgAwIBAgIQAnmsRYvBskWr+YBTzSybsTANBgkqhkiG9w0BAQsFADBh MIIFBzCCA++gAwIBAgIRALIM7VUuMaC/NDp1KHQ76aswDQYJKoZIhvcNAQELBQAw
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 ezELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD A1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNV
QTAeFw0xNzExMjcxMjQ2MTBaFw0yNzExMjcxMjQ2MTBaMG4xCzAJBgNVBAYTAlVT BAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczAeFw0yMjAxMTAwMDAwMDBaFw0y
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j ODEyMzEyMzU5NTlaMFkxCzAJBgNVBAYTAkNOMSUwIwYDVQQKExxUcnVzdEFzaWEg
b20xLTArBgNVBAMTJEVuY3J5cHRpb24gRXZlcnl3aGVyZSBEViBUTFMgQ0EgLSBH VGVjaG5vbG9naWVzLCBJbmMuMSMwIQYDVQQDExpUcnVzdEFzaWEgUlNBIERWIFRM
MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALPeP6wkab41dyQh6mKc UyBDQSBHMjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKjGDe0GSaBs
oHqt3jRIxW5MDvf9QyiOR7VfFwK656es0UFiIb74N9pRntzF1UgYzDGu3ppZVMdo Yl/VhMaTM6GhfR1TAt4mrhN8zfAMwEfLZth+N2ie5ULbW8YvSGzhqkDhGgSBlafm
lbxhm6dWS9OK/lFehKNT0OYI9aqk6F+U7cA6jxSC+iDBPXwdF4rs3KRyp3aQn6pj qq05oeESrIJQyz24j7icGeGyIZ/jIChOOvjt4M8EVi3O0Se7E6RAgVYcX+QWVp5c
pp1yr7IB6Y4zv72Ee/PlZ/6rK6InC6WpK0nPVOYR7n9iDuPe1E4IxUMBH/T33+3h Sy+l7XrrtL/pDDL9Bngnq/DVfjCzm5ZYUb1PpyvYTP7trsV+yYOCNmmwQvB4yVjf
yuH3dvfgiWUOUkjdpMbyxX+XNle5uEIiyBsi4IvbcTCh8ruifCIi5mDXkZrnMT8n IIpHC1OcsPBntMUGeH1Eja4D+qJYhGOxX9kpa+2wTCW06L8T6OhkpJWYn5JYiht5
wfYCV6v6kDdXkbgGRLKsR4pucbJtbKqIkUGxuZI2t7pfewKRc5nWecvDBZf3+p1M 8exjAR7b8Zi3DeG9oZO5o6Qvhl3f8uGU8lK1j9jCUN/18mI/5vZJ76i+hsgdlfZB
pA8CAwEAAaOCAU8wggFLMB0GA1UdDgQWBBRVdE+yck/1YLpQ0dfmUVyaAYca1zAf Rh5lmAQjD80M9TY+oD4MYUqB5XrigPfFAUwXFGehhlwCVw7y6+5kpbq/NpvM5Ba8
BgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8EBAMCAYYw SeQYUUuMA8RXpTtGlrrTPqJryfa55hTuX/ThhX4gcCVkbyujo0CYr+Uuc14IOyNY
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8C 1fD0/qORbllbgV41wiy/2ZUWZQUodqHWkjT1CwIMbQOY5jmrSYGBwwIDAQABo4IB
AQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp JjCCASIwHwYDVR0jBBgwFoAUoBEKIz6W8Qfs4q8p74Klf9AwpLQwHQYDVR0OBBYE
Y2VydC5jb20wQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQu FF86fBEQfgxncWHci6O1AANn9VccMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8E
Y29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDBMBgNVHSAERTBDMDcGCWCGSAGG CDAGAQH/AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAiBgNVHSAE
/WwBAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BT GzAZMA0GCysGAQQBsjEBAgIxMAgGBmeBDAECATBDBgNVHR8EPDA6MDigNqA0hjJo
MAgGBmeBDAECATANBgkqhkiG9w0BAQsFAAOCAQEAK3Gp6/aGq7aBZsxf/oQ+TD/B dHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNy
SwW3AU4ETK+GQf2kFzYZkby5SFrHdPomunx2HBzViUchGoofGgg7gHW0W3MlQAXW bDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9k
M0r5LUvStcr82QDWYNPaUy4taCQmyaJ+VB+6wxHstSigOlSNF2a6vg4rgexixeiV b2NhLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAHMUom5cxIje2IiFU7mOCsBr2F6CY
4YSB03Yqp2t3TeZHM9ESfkus74nQyW7pRGezj+TC44xCagCQQOzzNmzEAP2SnCrJ eU5cyfQ/Aep9kAXYUDuWsaT85721JxeXFYkf4D/cgNd9+hxT8ZeDOJrn+ysqR7NO
sNE2DpRVMnL8J6xBRdjmOsC3N6cQuKuRXbzByVBjCqAA8t1L0I+9wXJerLPyErjy 2K9AdqTdIY2uZPKmvgHOkvH2gQD6jc05eSPOwdY/10IPvmpgUKaGOa/tyygL8Og4
rMKWaBFLmfK/AHNF4ZihwPGOc7w6UHczBZXH5RFzJNnww+WnKuTPI0HfnVH8lg== 3tYyoHipMMnS4OiYKakDJny0XVuchIP7ZMKiP07Q3FIuSS4omzR77kmc75/6Q9dP
v4wa90UCOn1j6r7WhMmX3eT3Gsdj3WMe9bYD0AFuqa6MDyjIeXq08mVGraXiw73s
Zale8OMckn/BU3O/3aFNLHLfET2H2hT6Wb3nwxjpLIfXmSVcVd8A58XH0g==
-----END CERTIFICATE----- -----END CERTIFICATE-----

55
server/conf/vpn_cert.key
View File

@@ -1,27 +1,28 @@
-----BEGIN RSA PRIVATE KEY----- -----BEGIN PRIVATE KEY-----
MIIEpQIBAAKCAQEA0kAk9gG84//u/xKAwiRUsi6U3/OI8Au8VwTBWdAMiZQiTLzi MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQDRVjwa+YPKcvKD
53LR+a8nYTcTc0vpC/XhkcMa0fsJp+6SKY1ZNPYFWZAFiI7VmVSQdwdRfgihgSF6 2YZJUMPcwXCL32hF9gFTyMFuojpvo/L9C710xkJBNW2ceEcAdYyohBhtylbCFKUy
B3LbHDRbCSclZM7K+RGR4OG1P1BSkD/N56ZLirVMb3nNEN/mG1RHg4xlexmmRDZu QpDRJsAmRiWL5zSjfeds4bVEInmXvF+Ga9FuN/o/R27/kyrejBVd7u9AKzg9k5vI
RKCcu13JSbDaeF9JaCwP19vCvpac7H+zCxR7nY3ewgNnolOCfc3vF5Pf+VUkpU3D /4FhXFMivZgwghaSiJkVHJG6ehmCVGR11A5LUIjrub+iYJfaS2dl4WVxn9kyYRuO
JiRmV2JqWZHOuzpu2veaaeqlY5txzgW8qv8Iuag5JeXQjXBayv4edDhf2EewlSSO NU0nDMInWE6F+dVa57HEUEOolDEmr9R+N5XIXYfXwE4W4Xj/5CL+mBLME+OaADK8
TcRkp+EfeYzfscXxqmrO1vpaMLdH3plqbpnxswIDAQABAoIBAGKKzugAi4Q/Vch2 RE9dPomgk3Vqc/s8thllyztqR/TfQIwCwmQNf+UB5DIWr5iYDsX4rU3hswJQUCTQ
ZyPXPF0hCQToE3QSxAzy/R53rRCkfekClMTO44xHpEjjs/mTiCBjd3xGeiEVrIJp CLNEcdStAgMBAAECgf97UHp7u8+x4lz6BQB8/c0xHWdAw1clIveZbEVl0hNoVUN/
hlb0WW3Bq2M9ZeKJs6JAaM9o/jB4oh2wT44DLqALB+oDz3puk+Jl8j34++a3YmMa EKku+q/1Sf+CuhnbgLjT1bkVnnotmVcGeWH2DeCnkMJqHVMOBRb/dso2fw+pCTzY
jIq4veo+rBsJduwkTKjdeQE2ge/ODZEQ6bUmSjYo1P9LNGEyO2wmcVk+jHx0zBi7 VofQpmbPy1xCXb6chqrpT3MTaJdI7IrBCNEQ54cOxsojwzp0MfejS/NI41q8iuCS
8fR3oY03Io+byuN0494Di1m3IpIdj3ma0MV5zJf31urLXqqYtOApouWL/yhZOIuo hVry+VEbmtA22vjwMvsF6NsRKlfc1DUyC/ZoHB91gzKmvLdXBREwBXtdiJfMlu9G
YW+mcuS7ZgK5FsqrUm0vGBcf24GcKhhlBlUu0mfLrCRrWLDsqJDQ/8alvuNP0IVm EKH3ORxbcanmdsXWIG84t5M9Sf9L5FZe6tlL4FdoKv25Vxv2z+PVM8Y/0B3IBTCb
gqz0H5UCgYEA8yaKzMfkeRXSTERt6NZHo/8ShIn26Yf+pMDpVdYKfVBL254vGTeq yqMK8579PTlHl40WRjSgzpijGvMxuIpgm5KaXQECgYEA7U6lBhRWmPsJRaK0jyAv
B+LQhDpxZV1iMr1FNvkhHtNGQ74ZbWOj4+5Xjsllaw1ao2iGp1w/chuJ6FG/Go4q qnaC5AbnM8OjIbsDtnQxn0BWvx7aZznxOE4jL0QejUD/gov6yYkNhIu797LzO8Mq
9FaY3eGiCqRJOQNivBxU/D7sN0y4b48HAEQdmp516pItlGtG+C8TY38CgYEA3VyD fEqEX7Bp23PfLvybqkyhJWFz26v0erU5q8Rlt648bK7Ul1j8FkmsEN3qu+64c8Fu
6EczHdAmPO7bdbYn/irfe78so1lHT04P0FiVg2W77ZKuQINTNDK9w/alYyZ2tH1b pzN081bqOGjEcaCjsHswvkMCgYEA4dOPvYYu8wBfrH3Gn94XHWWVvFMnWErXEOzK
N2JznulJ6UDcl4xw43xJixxhme2jWPaYzmQUuQHviZ0D0tCgmOkN8bUnc9LSvEGA eL0dFg3Ae+y8Sg5x9YTz3XjwyzwcTbrD0zg4huWwmD64BgPcliG7XKA093ea2JIs
SnaiKbOtUfP8Z3c/mF997wuFNfdmhww8LBpbO80CgYEAmdRKf9/+5bQuhd3NAz99 Mah5/KTQmltcIut7qUvzwwbQVfN3xTwWzd7eDtEIAeFZ8r/HzJM6X21b/LaQIXUY
t31KQ9vdAEXvjmAVvx5ZKIrCU0EyXuvegHq4nM80qoJ3+83Omkbm80+K5pTAFXqy Gb7dik8CgYAaaUxYlt7ke9wWUfuCinSDplj/A/2rdzSqxmOtZNU5AjIlZ0urfXlp
VyOU9Vro9N9P9o3MktlDsndFulrtYmmLN2YJ9GYpVD43rQA9WPE7uxI784hwLvP3 aNjlo9E6q2dEokuxLn3AqMSs1s/XcOtDlg+RjtLZR9YpJpg0pf6xaF06r7KwDYdz
4+00JXwW8b5lY76y+ZUe2RUCgYEAt6BQN/YgPCH4JmHKIWp64If2HbQntlWQJwRN pJIllVDIT9T9WzwDRwPNhMVhUTpaN8cW+NUlWCENUiu68cQGGk/cfQKBgEmvRk+I
b/qcBIT3EQu1iwSll85jxtSqu4YjwHOgoGAGI5PIYTsSApFY8AyhAUoI2OTdtSXS 4PjZPl6CC7VOOiyVYO46E7RzdwlGuin7SupPQmctL6LaY8TAxPGW7LrjujiCoDLj
+prg6dvmNhTPICk6n73seE5bLOR9NfdsEdk5ijhnlW09OyMb2S2VzR+UYIEbRvnq PU6G08BZdqI/0FIMX54xiBbXJ+dSiqkJWARfotE6zi12uLrc1YTlTEU/U+0/VhGG
THeMqR0CgYEAwQ9aAIGD4t4DXjHHtz6Wqpbq6jj6mmYBsL9jqRgu8ASj1/THgWWn jt42xm4WocrbWM4fnARXIpSq3QyNsHd2F8NxAoGBAMEcT0mFQ0J7HCQ+zL36ogGv
iUrlCbFIXWu2vnP1h0SBV56GA7MSTqAt0ZdTzpI1PRkMOIO9z1dN4Q2R1SEya1eF Bc/N6WR0xSEBQVG9D4iysxX4XyJukCuUCvMIbsBj5IVAVBlMNxfDtL/kD6tgy0L7
7/LPLqJIoLbILGvy6U3DLYdMckPZaoTPf5BNKD52paZcNbjkXTlVLSY= tdN7nOaYgnqTyZfQItz92cQ6oiIqW7GPJA5ATJe1fxXINjcP6EkRDAfACBW7/l85
-----END RSA PRIVATE KEY----- Cd/yRpaOSMPbqKO1OOSn
-----END PRIVATE KEY-----

13
server/dbdata/cert.go
View File

@@ -64,8 +64,7 @@ type DNSProvider struct {
SecretKey string `json:"secretKey"` SecretKey string `json:"secretKey"`
} `json:"txcloud"` } `json:"txcloud"`
CfCloud struct { CfCloud struct {
AuthEmail string `json:"authEmail"` AuthToken string `json:"authToken"`
AuthKey string `json:"authKey"`
} `json:"cfcloud"` } `json:"cfcloud"`
} }
type LegoUserData struct { type LegoUserData struct {
@@ -89,15 +88,15 @@ type LeGoClient struct {
func GetDNSProvider(l *SettingLetsEncrypt) (Provider challenge.Provider, err error) { func GetDNSProvider(l *SettingLetsEncrypt) (Provider challenge.Provider, err error) {
switch l.Name { switch l.Name {
case "aliyun": case "aliyun":
if Provider, err = alidns.NewDNSProviderConfig(&alidns.Config{APIKey: l.DNSProvider.AliYun.APIKey, SecretKey: l.DNSProvider.AliYun.SecretKey, TTL: 600}); err != nil { if Provider, err = alidns.NewDNSProviderConfig(&alidns.Config{APIKey: l.DNSProvider.AliYun.APIKey, SecretKey: l.DNSProvider.AliYun.SecretKey, PropagationTimeout: 60 * time.Second, PollingInterval: 2 * time.Second, TTL: 600}); err != nil {
return return
} }
case "txcloud": case "txcloud":
if Provider, err = tencentcloud.NewDNSProviderConfig(&tencentcloud.Config{SecretID: l.DNSProvider.TXCloud.SecretID, SecretKey: l.DNSProvider.TXCloud.SecretKey, TTL: 600}); err != nil { if Provider, err = tencentcloud.NewDNSProviderConfig(&tencentcloud.Config{SecretID: l.DNSProvider.TXCloud.SecretID, SecretKey: l.DNSProvider.TXCloud.SecretKey, PropagationTimeout: 60 * time.Second, PollingInterval: 2 * time.Second, TTL: 600}); err != nil {
return return
} }
case "cloudflare": case "cfcloud":
if Provider, err = cloudflare.NewDNSProviderConfig(&cloudflare.Config{AuthEmail: l.DNSProvider.CfCloud.AuthEmail, AuthKey: l.DNSProvider.CfCloud.AuthKey, TTL: 600}); err != nil { if Provider, err = cloudflare.NewDNSProviderConfig(&cloudflare.Config{AuthToken: l.DNSProvider.CfCloud.AuthToken, PropagationTimeout: 60 * time.Second, PollingInterval: 2 * time.Second, TTL: 600}); err != nil {
return return
} }
} }
@@ -199,7 +198,7 @@ func (c *LeGoClient) NewClient(l *SettingLetsEncrypt) error {
if err != nil { if err != nil {
return err return err
} }
if err := client.Challenge.SetDNS01Provider(Provider, dns01.AddRecursiveNameservers([]string{"114.114.114.114", "114.114.115.115"})); err != nil { if err := client.Challenge.SetDNS01Provider(Provider, dns01.AddRecursiveNameservers([]string{"223.6.6.6", "223.5.5.5"})); err != nil {
return err return err
} }
if legouser.Registration == nil { if legouser.Registration == nil {

14
server/dbdata/db.go
View File

@@ -105,19 +105,7 @@ func addInitData() error {
Legomail: "legomail", Legomail: "legomail",
Name: "aliyun", Name: "aliyun",
Renew: false, Renew: false,
DNSProvider: DNSProvider{ DNSProvider: DNSProvider{},
AliYun: struct {
APIKey string `json:"apiKey"`
SecretKey string `json:"secretKey"`
}{APIKey: "", SecretKey: ""},
TXCloud: struct {
SecretID string `json:"secretId"`
SecretKey string `json:"secretKey"`
}{SecretID: "", SecretKey: ""},
CfCloud: struct {
AuthEmail string `json:"authEmail"`
AuthKey string `json:"authKey"`
}{AuthEmail: "", AuthKey: ""}},
} }
err = SettingSessAdd(sess, provider) err = SettingSessAdd(sess, provider)
if err != nil { if err != nil {

5
server/dbdata/db_orm.go
View File

@@ -75,6 +75,11 @@ func Find(data interface{}, limit, page int) error {
return xdb.Limit(limit, start).Find(data) return xdb.Limit(limit, start).Find(data)
} }
func FindWhereCount(data interface{}, where string, args ...interface{}) int {
n, _ := xdb.Where(where, args...).Count(data)
return int(n)
}
func FindWhere(data interface{}, limit int, page int, where string, args ...interface{}) error { func FindWhere(data interface{}, limit int, page int, where string, args ...interface{}) error {
if limit == 0 { if limit == 0 {
return xdb.Where(where, args...).Find(data) return xdb.Where(where, args...).Find(data)

17
server/dbdata/group.go
View File

@@ -117,11 +117,18 @@ func SetGroup(g *Group) error {
continue continue
} }
ipMask, _, err := parseIpNet(v.Val) ipMask, ipNet, err := parseIpNet(v.Val)
if err != nil { if err != nil {
return errors.New("RouteInclude 错误" + err.Error()) return errors.New("RouteInclude 错误" + err.Error())
} }
// 给Mac系统下发路由时必须是标准的网络地址
if strings.Split(ipMask, "/")[0] != ipNet.IP.String() {
errMsg := fmt.Sprintf("RouteInclude 错误: 网络地址错误,建议: %s 改为 %s", v.Val, ipNet)
return errors.New(errMsg)
}
v.IpMask = ipMask v.IpMask = ipMask
routeInclude = append(routeInclude, v) routeInclude = append(routeInclude, v)
} }
@@ -130,10 +137,16 @@ func SetGroup(g *Group) error {
routeExclude := []ValData{} routeExclude := []ValData{}
for _, v := range g.RouteExclude { for _, v := range g.RouteExclude {
if v.Val != "" { if v.Val != "" {
ipMask, _, err := parseIpNet(v.Val) ipMask, ipNet, err := parseIpNet(v.Val)
if err != nil { if err != nil {
return errors.New("RouteExclude 错误" + err.Error()) return errors.New("RouteExclude 错误" + err.Error())
} }
if strings.Split(ipMask, "/")[0] != ipNet.IP.String() {
errMsg := fmt.Sprintf("RouteInclude 错误: 网络地址错误,建议: %s 改为 %s", v.Val, ipNet)
return errors.New(errMsg)
}
v.IpMask = ipMask v.IpMask = ipMask
routeExclude = append(routeExclude, v) routeExclude = append(routeExclude, v)
} }

15
server/dbdata/policy.go
View File

@@ -2,6 +2,7 @@ package dbdata
import ( import (
"errors" "errors"
"fmt"
"net" "net"
"strings" "strings"
"time" "time"
@@ -31,11 +32,16 @@ func SetPolicy(p *Policy) error {
continue continue
} }
ipMask, _, err := parseIpNet(v.Val) ipMask, ipNet, err := parseIpNet(v.Val)
if err != nil { if err != nil {
return errors.New("RouteInclude 错误" + err.Error()) return errors.New("RouteInclude 错误" + err.Error())
} }
if strings.Split(ipMask, "/")[0] != ipNet.IP.String() {
errMsg := fmt.Sprintf("RouteInclude 错误: 网络地址错误,建议: %s 改为 %s", v.Val, ipNet)
return errors.New(errMsg)
}
v.IpMask = ipMask v.IpMask = ipMask
routeInclude = append(routeInclude, v) routeInclude = append(routeInclude, v)
} }
@@ -45,10 +51,15 @@ func SetPolicy(p *Policy) error {
routeExclude := []ValData{} routeExclude := []ValData{}
for _, v := range p.RouteExclude { for _, v := range p.RouteExclude {
if v.Val != "" { if v.Val != "" {
ipMask, _, err := parseIpNet(v.Val) ipMask, ipNet, err := parseIpNet(v.Val)
if err != nil { if err != nil {
return errors.New("RouteExclude 错误" + err.Error()) return errors.New("RouteExclude 错误" + err.Error())
} }
if strings.Split(ipMask, "/")[0] != ipNet.IP.String() {
errMsg := fmt.Sprintf("RouteInclude 错误: 网络地址错误,建议: %s 改为 %s", v.Val, ipNet)
return errors.New(errMsg)
}
v.IpMask = ipMask v.IpMask = ipMask
routeExclude = append(routeExclude, v) routeExclude = append(routeExclude, v)
} }

8
server/dbdata/policy_test.go
View File

@@ -21,19 +21,19 @@ func TestGetPolicy(t *testing.T) {
err = SetPolicy(&p2) err = SetPolicy(&p2)
ast.Nil(err) ast.Nil(err)
route := []ValData{{Val: "192.168.1.1/24"}} route := []ValData{{Val: "192.168.1.0/24"}}
p3 := Policy{Username: "a3", ClientDns: []ValData{{Val: "114.114.114.114"}}, RouteInclude: route, DsExcludeDomains: "com.cn,qq.com"} p3 := Policy{Username: "a3", ClientDns: []ValData{{Val: "114.114.114.114"}}, RouteInclude: route, DsExcludeDomains: "com.cn,qq.com"}
err = SetPolicy(&p3) err = SetPolicy(&p3)
ast.Nil(err) ast.Nil(err)
// 判断 IpMask // 判断 IpMask
ast.Equal(p3.RouteInclude[0].IpMask, "192.168.1.1/255.255.255.0") ast.Equal(p3.RouteInclude[0].IpMask, "192.168.1.0/255.255.255.0")
route2 := []ValData{{Val: "192.168.2.1/24"}} route2 := []ValData{{Val: "192.168.2.0/24"}}
p4 := Policy{Username: "a4", ClientDns: []ValData{{Val: "114.114.114.114"}}, RouteExclude: route2, DsIncludeDomains: "com.cn,qq.com"} p4 := Policy{Username: "a4", ClientDns: []ValData{{Val: "114.114.114.114"}}, RouteExclude: route2, DsIncludeDomains: "com.cn,qq.com"}
err = SetPolicy(&p4) err = SetPolicy(&p4)
ast.Nil(err) ast.Nil(err)
// 判断 IpMask // 判断 IpMask
ast.Equal(p4.RouteExclude[0].IpMask, "192.168.2.1/255.255.255.0") ast.Equal(p4.RouteExclude[0].IpMask, "192.168.2.0/255.255.255.0")
// 判断所有数据 // 判断所有数据
var userPolicy *Policy var userPolicy *Policy

2
server/dbdata/setting.go
View File

@@ -62,7 +62,7 @@ func SettingSet(data interface{}) error {
func SettingGet(data interface{}) error { func SettingGet(data interface{}) error {
name := StructName(data) name := StructName(data)
s := &Setting{Name: name} s := &Setting{}
err := One("name", name, s) err := One("name", name, s)
if err != nil { if err != nil {
return err return err

2
server/dbdata/user.go
View File

@@ -186,7 +186,7 @@ func checkOtp(name, otp, secret string) bool {
totp := gotp.NewDefaultTOTP(secret) totp := gotp.NewDefaultTOTP(secret)
unix := time.Now().Unix() unix := time.Now().Unix()
verify := totp.Verify(otp, int(unix)) verify := totp.Verify(otp, unix)
return verify return verify
} }

2
server/dbdata/user_act_log.go
View File

@@ -22,6 +22,7 @@ const (
UserLogoutTimeout = 3 // 用户超时登出 UserLogoutTimeout = 3 // 用户超时登出
UserLogoutAdmin = 4 // 账号被管理员踢下线 UserLogoutAdmin = 4 // 账号被管理员踢下线
UserLogoutExpire = 5 // 账号过期被踢下线 UserLogoutExpire = 5 // 账号过期被踢下线
UserIdleTimeout = 6 // 用户空闲链接超时
) )
type UserActLogProcess struct { type UserActLogProcess struct {
@@ -62,6 +63,7 @@ var (
UserLogoutTimeout: "Session过期被踢下线", UserLogoutTimeout: "Session过期被踢下线",
UserLogoutAdmin: "账号被管理员踢下线", UserLogoutAdmin: "账号被管理员踢下线",
UserLogoutExpire: "账号过期被踢下线", UserLogoutExpire: "账号过期被踢下线",
UserIdleTimeout: "用户空闲链接超时",
}, },
} }
) )

6
server/dbdata/user_test.go
View File

@@ -17,12 +17,12 @@ func TestCheckUser(t *testing.T) {
// 添加一个组 // 添加一个组
dns := []ValData{{Val: "114.114.114.114"}} dns := []ValData{{Val: "114.114.114.114"}}
route := []ValData{{Val: "192.168.1.1/24"}} route := []ValData{{Val: "192.168.1.0/24"}}
g := Group{Name: group, Status: 1, ClientDns: dns, RouteInclude: route} g := Group{Name: group, Status: 1, ClientDns: dns, RouteInclude: route}
err := SetGroup(&g) err := SetGroup(&g)
ast.Nil(err) ast.Nil(err)
// 判断 IpMask // 判断 IpMask
ast.Equal(g.RouteInclude[0].IpMask, "192.168.1.1/255.255.255.0") ast.Equal(g.RouteInclude[0].IpMask, "192.168.1.0/255.255.255.0")
// 添加一个用户 // 添加一个用户
u := User{Username: "aaa", Groups: []string{group}, Status: 1} u := User{Username: "aaa", Groups: []string{group}, Status: 1}
@@ -59,7 +59,7 @@ func TestCheckUser(t *testing.T) {
} }
// 添加用户策略 // 添加用户策略
dns2 := []ValData{{Val: "8.8.8.8"}} dns2 := []ValData{{Val: "8.8.8.8"}}
route2 := []ValData{{Val: "192.168.2.1/24"}} route2 := []ValData{{Val: "192.168.2.0/24"}}
p1 := Policy{Username: "aaa", Status: 1, ClientDns: dns2, RouteInclude: route2} p1 := Policy{Username: "aaa", Status: 1, ClientDns: dns2, RouteInclude: route2}
err = SetPolicy(&p1) err = SetPolicy(&p1)
ast.Nil(err) ast.Nil(err)

135
server/go.mod
View File

@@ -1,104 +1,107 @@
module github.com/bjdgyc/anylink module github.com/bjdgyc/anylink
go 1.19 go 1.20
require ( require (
github.com/arl/statsviz v0.5.1 github.com/arl/statsviz v0.6.0
github.com/deckarep/golang-set v1.8.0 github.com/deckarep/golang-set v1.8.0
github.com/go-acme/lego/v4 v4.10.2 github.com/go-acme/lego/v4 v4.14.2
github.com/go-co-op/gocron v1.17.0 github.com/go-co-op/gocron v1.37.0
github.com/go-ldap/ldap v3.0.3+incompatible github.com/go-ldap/ldap v3.0.3+incompatible
github.com/go-sql-driver/mysql v1.6.0 github.com/go-sql-driver/mysql v1.7.1
github.com/gocarina/gocsv v0.0.0-20220712153207-8b2118da4570 github.com/gocarina/gocsv v0.0.0-20231116093920-b87c2d0e983a
github.com/golang-jwt/jwt/v4 v4.2.0 github.com/golang-jwt/jwt/v4 v4.5.0
github.com/google/gopacket v1.1.19 github.com/google/gopacket v1.1.19
github.com/gorilla/handlers v1.5.1 github.com/gorilla/handlers v1.5.2
github.com/gorilla/mux v1.8.0 github.com/gorilla/mux v1.8.1
github.com/ivpusic/grpool v1.0.0 github.com/ivpusic/grpool v1.0.0
github.com/lanrenwo/lzsgo v0.0.2 github.com/lanrenwo/lzsgo v0.0.2
github.com/lib/pq v1.10.2 github.com/lib/pq v1.10.9
github.com/mattn/go-sqlite3 v1.14.9 github.com/mattn/go-sqlite3 v1.14.19
github.com/orcaman/concurrent-map v1.0.0 github.com/orcaman/concurrent-map v1.0.0
github.com/pion/dtls/v2 v2.2.6 github.com/pion/dtls/v2 v2.2.9
github.com/pion/logging v0.2.2 github.com/pion/logging v0.2.2
github.com/pires/go-proxyproto v0.6.2 github.com/pires/go-proxyproto v0.7.0
github.com/shirou/gopsutil v3.21.7+incompatible github.com/shirou/gopsutil v3.21.11+incompatible
github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
github.com/songgao/packets v0.0.0-20160404182456-549a10cd4091 github.com/songgao/packets v0.0.0-20160404182456-549a10cd4091
github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8 github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8
github.com/spf13/cast v1.3.1 github.com/spf13/cast v1.6.0
github.com/spf13/cobra v1.2.1 github.com/spf13/cobra v1.8.0
github.com/spf13/viper v1.8.1 github.com/spf13/viper v1.18.2
github.com/stretchr/testify v1.8.1 github.com/stretchr/testify v1.8.4
github.com/xhit/go-simple-mail/v2 v2.10.0 github.com/xhit/go-simple-mail/v2 v2.16.0
github.com/xlzd/gotp v0.0.0-20181030022105-c8557ba2c119 github.com/xlzd/gotp v0.1.0
github.com/xuri/excelize/v2 v2.6.1 github.com/xuri/excelize/v2 v2.8.0
go.uber.org/atomic v1.10.0 go.uber.org/atomic v1.11.0
golang.org/x/crypto v0.5.0 golang.org/x/crypto v0.18.0
golang.org/x/net v0.7.0 golang.org/x/net v0.20.0
golang.org/x/text v0.7.0 golang.org/x/text v0.14.0
golang.org/x/time v0.3.0 golang.org/x/time v0.5.0
layeh.com/radius v0.0.0-20210819152912-ad72663a72ab layeh.com/radius v0.0.0-20231213012653-1006025d24f8
xorm.io/xorm v1.3.2 xorm.io/xorm v1.3.7
) )
require ( require (
github.com/aliyun/alibaba-cloud-sdk-go v1.61.1755 // indirect github.com/aliyun/alibaba-cloud-sdk-go v1.62.664 // indirect
github.com/cenkalti/backoff/v4 v4.2.0 // indirect github.com/cenkalti/backoff/v4 v4.2.1 // indirect
github.com/cloudflare/cloudflare-go v0.49.0 // indirect github.com/cloudflare/cloudflare-go v0.86.0 // indirect
github.com/felixge/httpsnoop v1.0.1 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/go-jose/go-jose/v3 v3.0.0 // indirect github.com/go-jose/go-jose/v3 v3.0.1 // indirect
github.com/go-test/deep v1.1.0 // indirect
github.com/google/go-querystring v1.1.0 // indirect github.com/google/go-querystring v1.1.0 // indirect
github.com/google/uuid v1.5.0 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
github.com/hashicorp/go-retryablehttp v0.7.1 // indirect github.com/hashicorp/go-retryablehttp v0.7.5 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/kr/text v0.2.0 // indirect github.com/miekg/dns v1.1.58 // indirect
github.com/miekg/dns v1.1.50 // indirect github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect
github.com/pion/transport/v2 v2.0.2 // indirect github.com/pelletier/go-toml/v2 v2.1.1 // indirect
github.com/pion/udp/v2 v2.0.1 // indirect github.com/pion/transport/v2 v2.2.4 // indirect
github.com/pkg/errors v0.9.1 // indirect github.com/sagikazarmark/locafero v0.4.0 // indirect
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.490 // indirect github.com/sagikazarmark/slog-shim v0.1.0 // indirect
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.490 // indirect github.com/sourcegraph/conc v0.3.0 // indirect
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.846 // indirect
golang.org/x/tools v0.1.12 // indirect github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.846 // indirect
github.com/toorop/go-dkim v0.0.0-20240103092955-90b7d1423f92 // indirect
github.com/yusufpapurcu/wmi v1.2.3 // indirect
go.uber.org/multierr v1.11.0 // indirect
golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect
golang.org/x/mod v0.14.0 // indirect
golang.org/x/tools v0.17.0 // indirect
) )
require ( require (
github.com/StackExchange/wmi v1.2.1 // indirect github.com/coreos/go-iptables v0.7.0
github.com/coreos/go-iptables v0.6.0 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/davecgh/go-spew v1.1.1 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect
github.com/fsnotify/fsnotify v1.5.4 // indirect github.com/go-ole/go-ole v1.3.0 // indirect
github.com/go-ole/go-ole v1.2.5 // indirect github.com/goccy/go-json v0.10.2 // indirect
github.com/goccy/go-json v0.8.1 // indirect
github.com/golang/snappy v0.0.4 // indirect github.com/golang/snappy v0.0.4 // indirect
github.com/gorilla/websocket v1.4.2 // indirect github.com/gorilla/websocket v1.5.1 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect github.com/hashicorp/hcl v1.0.0 // indirect
github.com/inconshreveable/mousetrap v1.0.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect github.com/json-iterator/go v1.1.12 // indirect
github.com/magiconair/properties v1.8.5 // indirect github.com/magiconair/properties v1.8.7 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect
github.com/pelletier/go-toml v1.9.3 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/richardlehane/mscfb v1.0.4 // indirect github.com/richardlehane/mscfb v1.0.4 // indirect
github.com/richardlehane/msoleps v1.0.3 // indirect github.com/richardlehane/msoleps v1.0.3 // indirect
github.com/robfig/cron/v3 v3.0.1 // indirect github.com/robfig/cron/v3 v3.0.1 // indirect
github.com/spf13/afero v1.6.0 // indirect github.com/spf13/afero v1.11.0 // indirect
github.com/spf13/jwalterweatherman v1.1.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect github.com/spf13/pflag v1.0.5 // indirect
github.com/subosito/gotenv v1.2.0 // indirect github.com/subosito/gotenv v1.6.0 // indirect
github.com/syndtr/goleveldb v1.0.0 // indirect github.com/syndtr/goleveldb v1.0.0 // indirect
github.com/tklauser/go-sysconf v0.3.7 // indirect github.com/tklauser/go-sysconf v0.3.13 // indirect
github.com/tklauser/numcpus v0.2.3 // indirect github.com/tklauser/numcpus v0.7.0 // indirect
github.com/xuri/efp v0.0.0-20220603152613-6918739fd470 // indirect github.com/xuri/efp v0.0.0-20231025114914-d1ff6096ae53 // indirect
github.com/xuri/nfp v0.0.0-20220409054826-5e722a1d9e22 // indirect github.com/xuri/nfp v0.0.0-20230919160717-d98342af3f05 // indirect
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect golang.org/x/sys v0.16.0 // indirect
golang.org/x/sys v0.5.0 // indirect
gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect
gopkg.in/ini.v1 v1.66.6 // indirect gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect
xorm.io/builder v0.3.11-0.20220531020008-1bd24a7dc978 // indirect xorm.io/builder v0.3.13 // indirect
) )

1261
server/go.sum
View File

File diff suppressed because it is too large Load Diff

37
server/handler/dtls.go
View File

@@ -2,10 +2,13 @@ package handler
import ( import (
"context" "context"
"crypto/rand"
"crypto/rsa"
"crypto/tls" "crypto/tls"
"encoding/hex" "encoding/hex"
"errors" "errors"
"net" "net"
"strings"
"time" "time"
"github.com/bjdgyc/anylink/base" "github.com/bjdgyc/anylink/base"
@@ -20,10 +23,13 @@ func startDtls() {
return return
} }
certificate, err := selfsign.GenerateSelfSigned() // rsa 兼容 open connect
priv, _ := rsa.GenerateKey(rand.Reader, 2048)
certificate, err := selfsign.SelfSign(priv)
if err != nil { if err != nil {
panic(err) panic(err)
} }
logf := logging.NewDefaultLoggerFactory() logf := logging.NewDefaultLoggerFactory()
logf.Writer = base.GetBaseLw() logf.Writer = base.GetBaseLw()
// logf.DefaultLogLevel = logging.LogLevelTrace // logf.DefaultLogLevel = logging.LogLevelTrace
@@ -34,9 +40,14 @@ func startDtls() {
config := &dtls.Config{ config := &dtls.Config{
Certificates: []tls.Certificate{certificate}, Certificates: []tls.Certificate{certificate},
InsecureSkipVerify: true,
ExtendedMasterSecret: dtls.DisableExtendedMasterSecret, ExtendedMasterSecret: dtls.DisableExtendedMasterSecret,
CipherSuites: []dtls.CipherSuiteID{dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}, CipherSuites: func() []dtls.CipherSuiteID {
var cs = []dtls.CipherSuiteID{}
for _, vv := range dtlsCipherSuites {
cs = append(cs, vv)
}
return cs
}(),
LoggerFactory: logf, LoggerFactory: logf,
MTU: BufferSize, MTU: BufferSize,
SessionStore: sessStore, SessionStore: sessStore,
@@ -98,3 +109,23 @@ func (ms *sessionStore) Get(key []byte) (dtls.Session, error) {
func (ms *sessionStore) Del(key []byte) error { func (ms *sessionStore) Del(key []byte) error {
return nil return nil
} }
// 客户端和服务端映射 X-DTLS12-CipherSuite
var dtlsCipherSuites = map[string]dtls.CipherSuiteID{
// "ECDHE-ECDSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
// "ECDHE-ECDSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
"ECDHE-RSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
"ECDHE-RSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
}
func checkDtls12Ciphersuite(ciphersuite string) string {
csArr := strings.Split(ciphersuite, ":")
for _, v := range csArr {
if _, ok := dtlsCipherSuites[v]; ok {
return v
}
}
// 返回默认值
return "ECDHE-RSA-AES128-GCM-SHA256"
}

11
server/handler/link_auth.go
View File

@@ -1,6 +1,7 @@
package handler package handler
import ( import (
"bytes"
"crypto/md5" "crypto/md5"
"encoding/xml" "encoding/xml"
"fmt" "fmt"
@@ -49,7 +50,7 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
return return
} }
// fmt.Printf("%+v \n", cr) // fmt.Printf("%+v \n", cr)
setCommonHeader(w) // setCommonHeader(w)
if cr.Type == "logout" { if cr.Type == "logout" {
// 退出删除session信息 // 退出删除session信息
if cr.SessionToken != "" { if cr.SessionToken != "" {
@@ -154,10 +155,12 @@ func tplRequest(typ int, w io.Writer, data RequestData) {
return return
} }
if strings.Contains(data.Banner, "\n") { if data.Banner != "" {
// 替换xml文件的换行符 buf := new(bytes.Buffer)
data.Banner = strings.ReplaceAll(data.Banner, "\n", "&#x0A;") _ = xml.EscapeText(buf, []byte(data.Banner))
data.Banner = buf.String()
} }
t, _ := template.New("auth_complete").Parse(auth_complete) t, _ := template.New("auth_complete").Parse(auth_complete)
_ = t.Execute(w, data) _ = t.Execute(w, data)
} }

23
server/handler/link_base.go
View File

@@ -3,7 +3,6 @@ package handler
import ( import (
"encoding/xml" "encoding/xml"
"log" "log"
"net/http"
"os/exec" "os/exec"
) )
@@ -42,28 +41,6 @@ type macAddressList struct {
MacAddress string `xml:"mac-address"` MacAddress string `xml:"mac-address"`
} }
func setCommonHeader(w http.ResponseWriter) {
// Content-Length Date 默认已经存在
w.Header().Set("Server", "AnyLink")
w.Header().Set("Content-Type", "text/html; charset=utf-8")
w.Header().Set("Cache-Control", "no-store,no-cache")
w.Header().Set("Pragma", "no-cache")
w.Header().Set("Transfer-Encoding", "chunked")
w.Header().Set("Connection", "keep-alive")
w.Header().Set("X-Frame-Options", "deny")
w.Header().Set("X-Content-Type-Options", "nosniff")
w.Header().Set("Content-Security-Policy", "default-src 'none'")
w.Header().Set("X-Permitted-Cross-Domain-Policies", "none")
w.Header().Set("Referrer-Policy", "no-referrer")
w.Header().Set("Clear-Site-Data", "cache,cookies,storage")
w.Header().Set("Cross-Origin-Embedder-Policy", "require-corp")
w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")
w.Header().Set("Cross-Origin-Resource-Policy", "same-origin")
w.Header().Set("X-XSS-Protection", "0")
w.Header().Set("X-Aggregate-Auth", "1")
w.Header().Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
}
func execCmd(cmdStrs []string) error { func execCmd(cmdStrs []string) error {
for _, cmdStr := range cmdStrs { for _, cmdStr := range cmdStrs {
cmd := exec.Command("sh", "-c", cmdStr) cmd := exec.Command("sh", "-c", cmdStr)

20
server/handler/link_cstp.go
View File

@@ -24,7 +24,10 @@ func LinkCstp(conn net.Conn, bufRW *bufio.ReadWriter, cSess *sessdata.ConnSessio
err error err error
n int n int
dataLen uint16 dataLen uint16
dead = time.Duration(cSess.CstpDpd+5) * time.Second dead = time.Second * time.Duration(cSess.CstpDpd+5)
idle = time.Second * time.Duration(base.Cfg.IdleTimeout)
checkIdle = base.Cfg.IdleTimeout > 0
lastTime time.Time
) )
go cstpWrite(conn, bufRW, cSess) go cstpWrite(conn, bufRW, cSess)
@@ -55,13 +58,24 @@ func LinkCstp(conn net.Conn, bufRW *bufio.ReadWriter, cSess *sessdata.ConnSessio
case 0x07: // KEEPALIVE case 0x07: // KEEPALIVE
// do nothing // do nothing
// base.Debug("recv keepalive", cSess.IpAddr) // base.Debug("recv keepalive", cSess.IpAddr)
// 判断超时时间
if checkIdle {
lastTime = cSess.LastDataTime.Load()
if lastTime.Before(utils.NowSec().Add(-idle)) {
base.Warn("IdleTimeout", cSess.Username, cSess.IpAddr, "lastTime", lastTime)
sessdata.CloseSess(cSess.Sess.Token, dbdata.UserIdleTimeout)
return
}
}
case 0x05: // DISCONNECT case 0x05: // DISCONNECT
cSess.UserLogoutCode = dbdata.UserLogoutClient cSess.UserLogoutCode = dbdata.UserLogoutClient
base.Debug("DISCONNECT", cSess.Username, cSess.IpAddr) base.Debug("DISCONNECT", cSess.Username, cSess.IpAddr)
sessdata.CloseSess(cSess.Sess.Token, dbdata.UserLogoutClient)
return return
case 0x03: // DPD-REQ case 0x03: // DPD-REQ
// base.Debug("recv DPD-REQ", cSess.IpAddr) // base.Debug("recv DPD-REQ", cSess.IpAddr)
pl.PType = 0x04 pl.PType = 0x04
pl.Data = pl.Data[:n]
if payloadOutCstp(cSess, pl) { if payloadOutCstp(cSess, pl) {
return return
} }
@@ -98,6 +112,8 @@ func LinkCstp(conn net.Conn, bufRW *bufio.ReadWriter, cSess *sessdata.ConnSessio
if payloadIn(cSess, pl) { if payloadIn(cSess, pl) {
return return
} }
// 只记录返回正确的数据时间
cSess.LastDataTime.Store(utils.NowSec())
} }
} }
} }
@@ -153,7 +169,7 @@ func cstpWrite(conn net.Conn, bufRW *bufio.ReadWriter, cSess *sessdata.ConnSessi
binary.BigEndian.PutUint16(pl.Data[4:6], uint16(l)) binary.BigEndian.PutUint16(pl.Data[4:6], uint16(l))
} }
} else { } else {
pl.Data = append(pl.Data[:0], plHeader...) // pl.Data = append(pl.Data[:0], plHeader...)
// 设置头类型 // 设置头类型
pl.Data[6] = pl.PType pl.Data[6] = pl.PType
} }

6
server/handler/link_dtls.go
View File

@@ -64,6 +64,7 @@ func LinkDtls(conn net.Conn, cSess *sessdata.ConnSession) {
case 0x03: // DPD-REQ case 0x03: // DPD-REQ
// base.Debug("recv DPD-REQ", cSess.IpAddr) // base.Debug("recv DPD-REQ", cSess.IpAddr)
pl.PType = 0x04 pl.PType = 0x04
pl.Data = pl.Data[:n]
if payloadOutDtls(cSess, dSess, pl) { if payloadOutDtls(cSess, dSess, pl) {
return return
} }
@@ -93,6 +94,8 @@ func LinkDtls(conn net.Conn, cSess *sessdata.ConnSession) {
if payloadIn(cSess, pl) { if payloadIn(cSess, pl) {
return return
} }
// 只记录返回正确的数据时间
cSess.LastDataTime.Store(utils.NowSec())
} }
} }
@@ -147,7 +150,8 @@ func dtlsWrite(conn net.Conn, dSess *sessdata.DtlsSession, cSess *sessdata.ConnS
} }
} else { } else {
// 设置头类型 // 设置头类型
pl.Data = append(pl.Data[:0], pl.PType) // pl.Data = append(pl.Data[:0], pl.PType)
pl.Data[0] = pl.PType
} }
n, err := conn.Write(pl.Data) n, err := conn.Write(pl.Data)
if err != nil { if err != nil {

6
server/handler/link_home.go
View File

@@ -13,7 +13,9 @@ func LinkHome(w http.ResponseWriter, r *http.Request) {
// fmt.Println(r.RemoteAddr) // fmt.Println(r.RemoteAddr)
// hu, _ := httputil.DumpRequest(r, true) // hu, _ := httputil.DumpRequest(r, true)
// fmt.Println("DumpHome: ", string(hu)) // fmt.Println("DumpHome: ", string(hu))
w.Header().Set("Server", "AnyLinkOpenSource") w.Header().Set("Content-Type", "text/html; charset=utf-8")
w.Header().Del("X-Aggregate-Auth")
connection := strings.ToLower(r.Header.Get("Connection")) connection := strings.ToLower(r.Header.Get("Connection"))
userAgent := strings.ToLower(r.UserAgent()) userAgent := strings.ToLower(r.UserAgent())
if connection == "close" && (strings.Contains(userAgent, "anyconnect") || strings.Contains(userAgent, "openconnect")) { if connection == "close" && (strings.Contains(userAgent, "anyconnect") || strings.Contains(userAgent, "openconnect")) {
@@ -33,6 +35,8 @@ func LinkHome(w http.ResponseWriter, r *http.Request) {
} }
func LinkOtpQr(w http.ResponseWriter, r *http.Request) { func LinkOtpQr(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Cross-Origin-Resource-Policy", "cross-origin")
_ = r.ParseForm() _ = r.ParseForm()
idS := r.FormValue("id") idS := r.FormValue("id")
jwtToken := r.FormValue("jwt") jwtToken := r.FormValue("jwt")

23
server/handler/link_tun.go
View File

@@ -22,22 +22,29 @@ func checkTun() {
defer ifce.Close() defer ifce.Close()
// 测试ip命令 // 测试ip命令
cmdstr := fmt.Sprintf("ip link set dev %s up mtu %s multicast off", ifce.Name(), "1399") base.CheckModOrLoad("tun")
err = execCmd([]string{cmdstr})
cmdstr1 := fmt.Sprintf("ip link set dev %s up mtu %s multicast off", ifce.Name(), "1399")
err = execCmd([]string{cmdstr1})
if err != nil { if err != nil {
base.Fatal("testTun err: ", err) base.Fatal("testTun err: ", err)
} }
//开启服务器转发 // 开启服务器转发
if err := execCmd([]string{"sysctl -w net.ipv4.ip_forward=1"}); err != nil { if err := execCmd([]string{"sysctl -w net.ipv4.ip_forward=1"}); err != nil {
base.Error(err) base.Fatal(err)
} }
if base.Cfg.IptablesNat { if base.Cfg.IptablesNat {
//添加NAT转发规则 // 添加NAT转发规则
ipt, err := iptables.New() ipt, err := iptables.New()
if err != nil { if err != nil {
base.Error(err) base.Fatal(err)
return return
} }
// 修复 rockyos nat 不生效
base.CheckModOrLoad("iptable_filter")
base.CheckModOrLoad("iptable_nat")
natRule := []string{"-s", base.Cfg.Ipv4CIDR, "-o", base.Cfg.Ipv4Master, "-j", "MASQUERADE"} natRule := []string{"-s", base.Cfg.Ipv4CIDR, "-o", base.Cfg.Ipv4Master, "-j", "MASQUERADE"}
forwardRule := []string{"-j", "ACCEPT"} forwardRule := []string{"-j", "ACCEPT"}
if natExists, _ := ipt.Exists("nat", "POSTROUTING", natRule...); !natExists { if natExists, _ := ipt.Exists("nat", "POSTROUTING", natRule...); !natExists {
@@ -65,7 +72,9 @@ func LinkTun(cSess *sessdata.ConnSession) error {
// log.Printf("Interface Name: %s\n", ifce.Name()) // log.Printf("Interface Name: %s\n", ifce.Name())
cSess.SetIfName(ifce.Name()) cSess.SetIfName(ifce.Name())
cmdstr1 := fmt.Sprintf("ip link set dev %s up mtu %d multicast off", ifce.Name(), cSess.Mtu) // 通过 ip link show 查看 alias 信息
cmdstr1 := fmt.Sprintf("ip link set dev %s up mtu %d multicast off alias %s.%s", ifce.Name(), cSess.Mtu, cSess.Group.Name, cSess.Username)
cmdstr2 := fmt.Sprintf("ip addr add dev %s local %s peer %s/32", cmdstr2 := fmt.Sprintf("ip addr add dev %s local %s peer %s/32",
ifce.Name(), base.Cfg.Ipv4Gateway, cSess.IpAddr) ifce.Name(), base.Cfg.Ipv4Gateway, cSess.IpAddr)
err = execCmd([]string{cmdstr1, cmdstr2}) err = execCmd([]string{cmdstr1, cmdstr2})

19
server/handler/link_tunnel.go
View File

@@ -92,6 +92,10 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
base.Debug(cSess.IpAddr, cSess.MacHw, sess.Username, mobile) base.Debug(cSess.IpAddr, cSess.MacHw, sess.Username, mobile)
// 检测密码套件
dtlsCiphersuite := checkDtls12Ciphersuite(r.Header.Get("X-Dtls12-Ciphersuite"))
base.Trace("dtlsCiphersuite", dtlsCiphersuite)
// 压缩 // 压缩
if cmpName, ok := cSess.SetPickCmp("cstp", r.Header.Get("X-Cstp-Accept-Encoding")); ok { if cmpName, ok := cSess.SetPickCmp("cstp", r.Header.Get("X-Cstp-Accept-Encoding")); ok {
HttpSetHeader(w, "X-CSTP-Content-Encoding", cmpName) HttpSetHeader(w, "X-CSTP-Content-Encoding", cmpName)
@@ -132,7 +136,7 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
} }
HttpAddHeader(w, "X-CSTP-Split-Include", v.IpMask) HttpAddHeader(w, "X-CSTP-Split-Include", v.IpMask)
} }
// 不允许的路由 // 不允许的路由 X-Cstp-Remote-Address-Ip4:
for _, v := range cSess.Group.RouteExclude { for _, v := range cSess.Group.RouteExclude {
HttpAddHeader(w, "X-CSTP-Split-Exclude", v.IpMask) HttpAddHeader(w, "X-CSTP-Split-Exclude", v.IpMask)
} }
@@ -164,7 +168,7 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
HttpSetHeader(w, "X-DTLS-Port", dtlsPort) HttpSetHeader(w, "X-DTLS-Port", dtlsPort)
HttpSetHeader(w, "X-DTLS-DPD", fmt.Sprintf("%d", cstpDpd)) HttpSetHeader(w, "X-DTLS-DPD", fmt.Sprintf("%d", cstpDpd))
HttpSetHeader(w, "X-DTLS-Keepalive", fmt.Sprintf("%d", cstpKeepalive)) HttpSetHeader(w, "X-DTLS-Keepalive", fmt.Sprintf("%d", cstpKeepalive))
HttpSetHeader(w, "X-DTLS12-CipherSuite", "ECDHE-ECDSA-AES128-GCM-SHA256") HttpSetHeader(w, "X-DTLS12-CipherSuite", dtlsCiphersuite)
HttpSetHeader(w, "X-CSTP-License", "accept") HttpSetHeader(w, "X-CSTP-License", "accept")
HttpSetHeader(w, "X-CSTP-Routing-Filtering-Ignore", "false") HttpSetHeader(w, "X-CSTP-Routing-Filtering-Ignore", "false")
@@ -180,10 +184,9 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK) w.WriteHeader(http.StatusOK)
hClone := w.Header().Clone() hClone := w.Header().Clone()
headers := make([]byte, 0) buf := &bytes.Buffer{}
buf := bytes.NewBuffer(headers)
_ = hClone.Write(buf) _ = hClone.Write(buf)
base.Debug(buf.String()) base.Trace("LinkTunnel Response Header:", buf.String())
hj := w.(http.Hijacker) hj := w.(http.Hijacker)
conn, bufRW, err := hj.Hijack() conn, bufRW, err := hj.Hijack()
@@ -234,7 +237,11 @@ func SetPostAuthXml(g *dbdata.Group, w http.ResponseWriter) error {
if err != nil { if err != nil {
return err return err
} }
HttpSetHeader(w, "X-CSTP-Post-Auth-XML", result.String()) xmlAuth := ""
for _, v := range strings.Split(result.String(), "\n") {
xmlAuth += strings.TrimSpace(v)
}
HttpSetHeader(w, "X-CSTP-Post-Auth-XML", xmlAuth)
return nil return nil
} }

9
server/handler/link_vtap.go
View File

@@ -33,13 +33,14 @@ func checkMacvtap() {
ifName := "anylinkMacvtap" ifName := "anylinkMacvtap"
// 加载 macvtap // 加载 macvtap
cmdstr0 := fmt.Sprintln("modprobe -i macvtap") base.CheckModOrLoad("macvtap")
// 开启主网卡混杂模式 // 开启主网卡混杂模式
cmdstr1 := fmt.Sprintf("ip link set dev %s promisc on", base.Cfg.Ipv4Master) cmdstr1 := fmt.Sprintf("ip link set dev %s promisc on", base.Cfg.Ipv4Master)
// 测试 macvtap 功能 // 测试 macvtap 功能
cmdstr2 := fmt.Sprintf("ip link add link %s name %s type macvtap mode bridge", base.Cfg.Ipv4Master, ifName) cmdstr2 := fmt.Sprintf("ip link add link %s name %s type macvtap mode bridge", base.Cfg.Ipv4Master, ifName)
cmdstr3 := fmt.Sprintf("ip link del %s", ifName) cmdstr3 := fmt.Sprintf("ip link del %s", ifName)
err := execCmd([]string{cmdstr0, cmdstr1, cmdstr2, cmdstr3}) err := execCmd([]string{cmdstr1, cmdstr2, cmdstr3})
if err != nil { if err != nil {
base.Fatal(err) base.Fatal(err)
} }
@@ -54,7 +55,9 @@ func LinkMacvtap(cSess *sessdata.ConnSession) error {
cSess.SetIfName(ifName) cSess.SetIfName(ifName)
cmdstr1 := fmt.Sprintf("ip link add link %s name %s type macvtap mode bridge", base.Cfg.Ipv4Master, ifName) cmdstr1 := fmt.Sprintf("ip link add link %s name %s type macvtap mode bridge", base.Cfg.Ipv4Master, ifName)
cmdstr2 := fmt.Sprintf("ip link set dev %s up mtu %d address %s", ifName, cSess.Mtu, cSess.MacHw) cmdstr2 := fmt.Sprintf("ip link set dev %s up mtu %d address %s alias %s.%s", ifName, cSess.Mtu,
cSess.MacHw, cSess.Group.Name, cSess.Username)
err := execCmd([]string{cmdstr1, cmdstr2}) err := execCmd([]string{cmdstr1, cmdstr2})
if err != nil { if err != nil {
base.Error(err) base.Error(err)

21
server/handler/payload_access_audit.go
View File

@@ -3,6 +3,7 @@ package handler
import ( import (
"crypto/md5" "crypto/md5"
"encoding/binary" "encoding/binary"
"runtime/debug"
"time" "time"
"github.com/bjdgyc/anylink/base" "github.com/bjdgyc/anylink/base"
@@ -101,11 +102,17 @@ func logAuditBatch() {
// 解析IP包的数据 // 解析IP包的数据
func logAudit(userName string, pl *sessdata.Payload) { func logAudit(userName string, pl *sessdata.Payload) {
defer putPayload(pl) defer func() {
if err := recover(); err != nil {
base.Error("logAudit is panic: ", err, "\n", string(debug.Stack()), "\n", pl.Data)
}
putPayload(pl)
}()
if !(pl.LType == sessdata.LTypeIPData && pl.PType == 0x00) { if !(pl.LType == sessdata.LTypeIPData && pl.PType == 0x00) {
return return
} }
ipProto := waterutil.IPv4Protocol(pl.Data) ipProto := waterutil.IPv4Protocol(pl.Data)
// 访问协议 // 访问协议
var accessProto uint8 var accessProto uint8
@@ -118,12 +125,17 @@ func logAudit(userName string, pl *sessdata.Payload) {
default: default:
return return
} }
// IP报文只包含头部信息时, 则打印LOG并退出
ipPl := waterutil.IPv4Payload(pl.Data)
if len(ipPl) < 4 {
base.Error("ipPl len < 4", ipPl, pl.Data)
return
}
ipPort := (uint16(ipPl[2]) << 8) | uint16(ipPl[3])
ipSrc := waterutil.IPv4Source(pl.Data) ipSrc := waterutil.IPv4Source(pl.Data)
ipDst := waterutil.IPv4Destination(pl.Data) ipDst := waterutil.IPv4Destination(pl.Data)
ipPort := waterutil.IPv4DestinationPort(pl.Data)
b := getByte51() b := getByte51()
// key格式 16字节源IP地址 + 16字节目的IP地址 + 2字节目的端口 + 1字节协议类型 + 16字节域名MD5
key := *b key := *b
copy(key[:16], ipSrc) copy(key[:16], ipSrc)
copy(key[16:32], ipDst) copy(key[16:32], ipDst)
@@ -178,7 +190,6 @@ func logAudit(userName string, pl *sessdata.Payload) {
AccessProto: accessProto, AccessProto: accessProto,
Info: info, Info: info,
} }
select { select {
case logBatch.LogChan <- audit: case logBatch.LogChan <- audit:
default: default:

2
server/handler/payload_tcp_parser.go
View File

@@ -29,7 +29,7 @@ func onTCP(payload []byte) (uint8, string) {
} }
func sniNewParser(b []byte) (uint8, string) { func sniNewParser(b []byte) (uint8, string) {
if len(b) < 2 || b[0] != 0x16 || b[1] != 0x03 { if len(b) < 6 || b[0] != 0x16 || b[1] != 0x03 {
return acc_proto_tcp, "" return acc_proto_tcp, ""
} }
rest := b[5:] rest := b[5:]

21
server/handler/server.go
View File

@@ -4,7 +4,6 @@ import (
"crypto/tls" "crypto/tls"
"fmt" "fmt"
"io" "io"
"log"
"net" "net"
"net/http" "net/http"
"os" "os"
@@ -12,6 +11,7 @@ import (
"github.com/bjdgyc/anylink/base" "github.com/bjdgyc/anylink/base"
"github.com/bjdgyc/anylink/dbdata" "github.com/bjdgyc/anylink/dbdata"
"github.com/bjdgyc/anylink/pkg/utils"
"github.com/gorilla/mux" "github.com/gorilla/mux"
"github.com/pires/go-proxyproto" "github.com/pires/go-proxyproto"
) )
@@ -50,23 +50,22 @@ func startTls() {
MinVersion: tls.VersionTLS12, MinVersion: tls.VersionTLS12,
CipherSuites: selectedCipherSuites, CipherSuites: selectedCipherSuites,
GetCertificate: func(chi *tls.ClientHelloInfo) (*tls.Certificate, error) { GetCertificate: func(chi *tls.ClientHelloInfo) (*tls.Certificate, error) {
base.Trace("GetCertificate", chi.ServerName) base.Trace("GetCertificate ServerName", chi.ServerName)
return dbdata.GetCertificateBySNI(chi.ServerName) return dbdata.GetCertificateBySNI(chi.ServerName)
}, },
// InsecureSkipVerify: true,
} }
srv := &http.Server{ srv := &http.Server{
Addr: addr, Addr: addr,
Handler: initRoute(), Handler: initRoute(),
TLSConfig: tlsConfig, TLSConfig: tlsConfig,
ErrorLog: base.GetBaseLog(), ErrorLog: base.GetServerLog(),
ReadTimeout: 60 * time.Second, ReadTimeout: 100 * time.Second,
WriteTimeout: 60 * time.Second, WriteTimeout: 100 * time.Second,
} }
ln, err = net.Listen("tcp", addr) ln, err = net.Listen("tcp", addr)
if err != nil { if err != nil {
log.Fatal(err) base.Fatal(err)
} }
defer ln.Close() defer ln.Close()
@@ -86,6 +85,14 @@ func startTls() {
func initRoute() http.Handler { func initRoute() http.Handler {
r := mux.NewRouter() r := mux.NewRouter()
// 所有路由添加安全头
r.Use(func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
utils.SetSecureHeader(w)
next.ServeHTTP(w, req)
})
})
r.HandleFunc("/", LinkHome).Methods(http.MethodGet) r.HandleFunc("/", LinkHome).Methods(http.MethodGet)
r.HandleFunc("/", LinkAuth).Methods(http.MethodPost) r.HandleFunc("/", LinkAuth).Methods(http.MethodPost)
r.HandleFunc("/CSCOSSLC/tunnel", LinkTunnel).Methods(http.MethodConnect) r.HandleFunc("/CSCOSSLC/tunnel", LinkTunnel).Methods(http.MethodConnect)

13
server/main.go
View File

@@ -20,14 +20,21 @@ import (
var uiData embed.FS var uiData embed.FS
// 程序版本 // 程序版本
var CommitId string var (
appVer string
commitId string
buildDate string
)
func main() { func main() {
base.CommitId = CommitId
admin.UiData = uiData admin.UiData = uiData
base.APP_VER = appVer
base.CommitId = commitId
base.BuildDate = buildDate
base.Start() base.Start()
handler.Start() handler.Start()
signalWatch() signalWatch()
} }
@@ -35,7 +42,7 @@ func signalWatch() {
base.Info("Server pid: ", os.Getpid()) base.Info("Server pid: ", os.Getpid())
sigs := make(chan os.Signal, 1) sigs := make(chan os.Signal, 1)
signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM, syscall.SIGALRM) signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM, syscall.SIGALRM, syscall.SIGUSR2)
for { for {
sig := <-sigs sig := <-sigs
base.Info("Get signal:", sig) base.Info("Get signal:", sig)

32
server/pkg/utils/secure_header.go Normal file
View File

@@ -0,0 +1,32 @@
package utils
import "net/http"
// SetSecureHeader 设置安全的header头
// https://blog.csdn.net/liwan09/article/details/130248003
// https://zhuanlan.zhihu.com/p/335165168
func SetSecureHeader(w http.ResponseWriter) {
// Content-Length Date 默认已经存在
w.Header().Set("Server", "AnyLinkOpenSource")
// w.Header().Set("Content-Type", "text/html; charset=utf-8")
// w.Header().Set("Transfer-Encoding", "chunked")
w.Header().Set("X-Aggregate-Auth", "1")
w.Header().Set("Cache-Control", "no-store,no-cache")
w.Header().Set("Pragma", "no-cache")
w.Header().Set("Connection", "keep-alive")
w.Header().Set("X-Frame-Options", "SAMEORIGIN")
w.Header().Set("X-Content-Type-Options", "nosniff")
w.Header().Set("X-Download-Options", "noopen")
w.Header().Set("Content-Security-Policy", "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'; base-uri 'self'; block-all-mixed-content")
w.Header().Set("X-Permitted-Cross-Domain-Policies", "none")
w.Header().Set("Referrer-Policy", "same-origin")
w.Header().Set("Cross-Origin-Embedder-Policy", "require-corp")
w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")
w.Header().Set("Cross-Origin-Resource-Policy", "same-origin")
w.Header().Set("X-XSS-Protection", "1;mode=block")
w.Header().Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
// w.Header().Set("Clear-Site-Data", "cache,cookies,storage")
}

9
server/sessdata/ip_pool.go
View File

@@ -89,10 +89,13 @@ func initIpPool() {
// } // }
// AcquireIp 获取动态ip // AcquireIp 获取动态ip
func AcquireIp(username, macAddr string, uniqueMac bool) net.IP { func AcquireIp(username, macAddr string, uniqueMac bool) (newIp net.IP) {
base.Trace("AcquireIp:", username, macAddr, uniqueMac) base.Trace("AcquireIp start:", username, macAddr, uniqueMac)
ipPoolMux.Lock() ipPoolMux.Lock()
defer ipPoolMux.Unlock() defer func() {
ipPoolMux.Unlock()
base.Trace("AcquireIp end:", username, macAddr, uniqueMac, newIp)
}()
var ( var (
err error err error

2
server/sessdata/session.go
View File

@@ -49,6 +49,7 @@ type ConnSession struct {
BandwidthDownAll atomic2.Uint64 // 使用下行带宽总量 BandwidthDownAll atomic2.Uint64 // 使用下行带宽总量
closeOnce sync.Once closeOnce sync.Once
CloseChan chan struct{} CloseChan chan struct{}
LastDataTime atomic2.Time // 最后数据传输时间
PayloadIn chan *Payload PayloadIn chan *Payload
PayloadOutCstp chan *Payload // Cstp的数据 PayloadOutCstp chan *Payload // Cstp的数据
PayloadOutDtls chan *Payload // Dtls的数据 PayloadOutDtls chan *Payload // Dtls的数据
@@ -219,6 +220,7 @@ func (s *Session) NewConn() *ConnSession {
PayloadOutDtls: make(chan *Payload, 64), PayloadOutDtls: make(chan *Payload, 64),
dSess: &atomic.Value{}, dSess: &atomic.Value{},
} }
cSess.LastDataTime.Store(time.Now())
dSess := &DtlsSession{ dSess := &DtlsSession{
isActive: -1, isActive: -1,

5
server/sessdata/session_test.go
View File

@@ -33,7 +33,7 @@ func TestConnSession(t *testing.T) {
sess.MacAddr = "00:15:5d:50:14:43" sess.MacAddr = "00:15:5d:50:14:43"
cSess := sess.NewConn() cSess := sess.NewConn()
base.Info("cSess", cSess) // base.Info("cSess", cSess)
err := cSess.RateLimit(100, true) err := cSess.RateLimit(100, true)
ast.Nil(err) ast.Nil(err)
@@ -60,4 +60,7 @@ func TestConnSession(t *testing.T) {
ast.Equal(cmpName, "") ast.Equal(cmpName, "")
cSess.Close() cSess.Close()
// 等待日志执行完成
time.Sleep(time.Second * 10)
} }

1
version Normal file
View File

@@ -0,0 +1 @@
0.11.1

1
version_info Normal file
View File

@@ -0,0 +1 @@
version_info

149
web/src/pages/group/List.vue
View File

@@ -47,7 +47,12 @@
<el-table-column <el-table-column
prop="bandwidth" prop="bandwidth"
label="带宽限制"> label="带宽限制"
width="90">
<template slot-scope="scope">
<el-row v-if="scope.row.bandwidth > 0">{{ convertBandwidth(scope.row.bandwidth, 'BYTE', 'Mbps') }} Mbps</el-row>
<el-row v-else>不限</el-row>
</template>
</el-table-column> </el-table-column>
<el-table-column <el-table-column
@@ -62,7 +67,7 @@
<el-table-column <el-table-column
prop="route_include" prop="route_include"
label="路由包含" label="路由包含"
width="200"> width="180">
<template slot-scope="scope"> <template slot-scope="scope">
<el-row v-for="(item,inx) in scope.row.route_include.slice(0, readMinRows)" :key="inx">{{ item.val }}</el-row> <el-row v-for="(item,inx) in scope.row.route_include.slice(0, readMinRows)" :key="inx">{{ item.val }}</el-row>
<div v-if="scope.row.route_include.length > readMinRows"> <div v-if="scope.row.route_include.length > readMinRows">
@@ -77,7 +82,7 @@
<el-table-column <el-table-column
prop="route_exclude" prop="route_exclude"
label="路由排除" label="路由排除"
width="200"> width="180">
<template slot-scope="scope"> <template slot-scope="scope">
<el-row v-for="(item,inx) in scope.row.route_exclude.slice(0, readMinRows)" :key="inx">{{ item.val }}</el-row> <el-row v-for="(item,inx) in scope.row.route_exclude.slice(0, readMinRows)" :key="inx">{{ item.val }}</el-row>
<div v-if="scope.row.route_exclude.length > readMinRows"> <div v-if="scope.row.route_exclude.length > readMinRows">
@@ -92,7 +97,7 @@
<el-table-column <el-table-column
prop="link_acl" prop="link_acl"
label="LINK-ACL" label="LINK-ACL"
min-width="200"> min-width="180">
<template slot-scope="scope"> <template slot-scope="scope">
<el-row v-for="(item,inx) in scope.row.link_acl.slice(0, readMinRows)" :key="inx"> <el-row v-for="(item,inx) in scope.row.link_acl.slice(0, readMinRows)" :key="inx">
{{ item.action }} => {{ item.val }} : {{ item.port }} {{ item.action }} => {{ item.val }} : {{ item.port }}
@@ -186,9 +191,9 @@
<el-input v-model="ruleForm.note"></el-input> <el-input v-model="ruleForm.note"></el-input>
</el-form-item> </el-form-item>
<el-form-item label="带宽限制" prop="bandwidth"> <el-form-item label="带宽限制" prop="bandwidth_format" style="width:260px;">
<el-input v-model.number="ruleForm.bandwidth"> <el-input v-model="ruleForm.bandwidth_format" oninput="value= value.match(/\d+(\.\d{0,2})?/) ? value.match(/\d+(\.\d{0,2})?/)[0] : ''">
<template slot="append">BYTE/S</template> <template slot="append">Mbps</template>
</el-input> </el-input>
</el-form-item> </el-form-item>
<el-form-item label="排除本地网络" prop="allow_lan"> <el-form-item label="排除本地网络" prop="allow_lan">
@@ -276,12 +281,17 @@
<el-tab-pane label="路由设置" name="route"> <el-tab-pane label="路由设置" name="route">
<el-form-item label="包含路由" prop="route_include"> <el-form-item label="包含路由" prop="route_include">
<el-row class="msg-info"> <el-row class="msg-info">
<el-col :span="20">输入CIDR格式如: 192.168.1.0/24</el-col> <el-col :span="18">输入CIDR格式如: 192.168.1.0/24</el-col>
<el-col :span="4"> <el-col :span="2">
<el-button size="mini" type="success" icon="el-icon-plus" circle <el-button size="mini" type="success" icon="el-icon-plus" circle
@click.prevent="addDomain(ruleForm.route_include)"></el-button> @click.prevent="addDomain(ruleForm.route_include)"></el-button>
</el-col> </el-col>
<el-col :span="4">
<el-button size="mini" type="info" icon="el-icon-edit" circle
@click.prevent="openIpListDialog('route_include')"></el-button>
</el-col>
</el-row> </el-row>
<templete v-if="activeTab == 'route'">
<el-row v-for="(item,index) in ruleForm.route_include" <el-row v-for="(item,index) in ruleForm.route_include"
:key="index" style="margin-bottom: 5px" :gutter="10"> :key="index" style="margin-bottom: 5px" :gutter="10">
<el-col :span="10"> <el-col :span="10">
@@ -295,16 +305,22 @@
@click.prevent="removeDomain(ruleForm.route_include,index)"></el-button> @click.prevent="removeDomain(ruleForm.route_include,index)"></el-button>
</el-col> </el-col>
</el-row> </el-row>
</templete>
</el-form-item> </el-form-item>
<el-form-item label="排除路由" prop="route_exclude"> <el-form-item label="排除路由" prop="route_exclude">
<el-row class="msg-info"> <el-row class="msg-info">
<el-col :span="20">输入CIDR格式如: 192.168.2.0/24</el-col> <el-col :span="18">输入CIDR格式如: 192.168.2.0/24</el-col>
<el-col :span="4"> <el-col :span="2">
<el-button size="mini" type="success" icon="el-icon-plus" circle <el-button size="mini" type="success" icon="el-icon-plus" circle
@click.prevent="addDomain(ruleForm.route_exclude)"></el-button> @click.prevent="addDomain(ruleForm.route_exclude)"></el-button>
</el-col> </el-col>
<el-col :span="4">
<el-button size="mini" type="info" icon="el-icon-edit" circle
@click.prevent="openIpListDialog('route_exclude')"></el-button>
</el-col>
</el-row> </el-row>
<templete v-if="activeTab == 'route'">
<el-row v-for="(item,index) in ruleForm.route_exclude" <el-row v-for="(item,index) in ruleForm.route_exclude"
:key="index" style="margin-bottom: 5px" :gutter="10"> :key="index" style="margin-bottom: 5px" :gutter="10">
<el-col :span="10"> <el-col :span="10">
@@ -318,6 +334,7 @@
@click.prevent="removeDomain(ruleForm.route_exclude,index)"></el-button> @click.prevent="removeDomain(ruleForm.route_exclude,index)"></el-button>
</el-col> </el-col>
</el-row> </el-row>
</templete>
</el-form-item> </el-form-item>
</el-tab-pane> </el-tab-pane>
<el-tab-pane label="权限控制" name="link_acl"> <el-tab-pane label="权限控制" name="link_acl">
@@ -360,6 +377,7 @@
</el-form-item> </el-form-item>
<el-form-item label="排除域名" prop="ds_exclude_domains"> <el-form-item label="排除域名" prop="ds_exclude_domains">
<el-input type="textarea" :rows="5" v-model="ruleForm.ds_exclude_domains" placeholder="输入域名用,号分隔,默认匹配所有子域名, 如baidu.com,163.com"></el-input> <el-input type="textarea" :rows="5" v-model="ruleForm.ds_exclude_domains" placeholder="输入域名用,号分隔,默认匹配所有子域名, 如baidu.com,163.com"></el-input>
<div class="msg-info">域名拆分隧道仅支持AnyConnect的桌面客户端不支持移动端.</div>
</el-form-item> </el-form-item>
</el-tab-pane> </el-tab-pane>
<el-form-item> <el-form-item>
@@ -393,6 +411,25 @@
</el-form-item> </el-form-item>
</el-form> </el-form>
</el-dialog> </el-dialog>
<!--编辑模式弹窗-->
<el-dialog
:close-on-click-modal="false"
title="编辑模式"
:visible.sync="ipListDialog"
width="650px"
custom-class="valgin-dialog"
center>
<el-form ref="ipEditForm" label-width="80px">
<el-form-item label="路由表" prop="ip_list">
<el-input type="textarea" :rows="10" v-model="ipEditForm.ip_list" placeholder="每行一条路由192.168.1.0/24,备注 或 192.168.1.0/24"></el-input>
<div class="msg-info">当前共 {{ ipEditForm.ip_list.trim() === '' ? 0 : ipEditForm.ip_list.trim().split("\n").length }} AnyConnect客户端最多支持{{ this.maxRouteRows }}条路由</div>
</el-form-item>
<el-form-item>
<el-button type="primary" @click="ipEdit()" :loading="ipEditLoading">更新</el-button>
<el-button @click="ipListDialog = false"> </el-button>
</el-form-item>
</el-form>
</el-dialog>
</div> </div>
</template> </template>
@@ -419,6 +456,7 @@ export default {
activeTab : "general", activeTab : "general",
readMore: {}, readMore: {},
readMinRows : 5, readMinRows : 5,
maxRouteRows : 2500,
defAuth : { defAuth : {
type:'local', type:'local',
radius:{addr:"", secret:""}, radius:{addr:"", secret:""},
@@ -435,6 +473,7 @@ export default {
}, },
ruleForm: { ruleForm: {
bandwidth: 0, bandwidth: 0,
bandwidth_format: '0',
status: 1, status: 1,
allow_lan: true, allow_lan: true,
client_dns: [{val: '114.114.114.114'}], client_dns: [{val: '114.114.114.114'}],
@@ -444,11 +483,17 @@ export default {
auth : {}, auth : {},
}, },
authLoginDialog : false, authLoginDialog : false,
ipListDialog : false,
authLoginLoading : false, authLoginLoading : false,
authLoginForm : { authLoginForm : {
name : "", name : "",
pwd : "", pwd : "",
}, },
ipEditForm: {
ip_list: "",
type : "",
},
ipEditLoading : false,
authLoginRules: { authLoginRules: {
name: [ name: [
{required: true, message: '请输入账号', trigger: 'blur'}, {required: true, message: '请输入账号', trigger: 'blur'},
@@ -463,9 +508,9 @@ export default {
{required: true, message: '请输入组名', trigger: 'blur'}, {required: true, message: '请输入组名', trigger: 'blur'},
{max: 30, message: '长度小于 30 个字符', trigger: 'blur'} {max: 30, message: '长度小于 30 个字符', trigger: 'blur'}
], ],
bandwidth: [ bandwidth_format: [
{required: true, message: '请输入带宽限制', trigger: 'blur'}, {required: true, message: '请输入带宽限制', trigger: 'blur'},
{type: 'number', message: '带宽限制必须为数字值'} {type: 'string', message: '带宽限制必须为数字值'}
], ],
status: [ status: [
{required: true} {required: true}
@@ -536,6 +581,7 @@ export default {
id: row.id, id: row.id,
} }
}).then(resp => { }).then(resp => {
resp.data.data.bandwidth_format = this.convertBandwidth(resp.data.data.bandwidth, 'BYTE', 'Mbps').toString();
this.ruleForm = resp.data.data; this.ruleForm = resp.data.data;
this.setAuthData(resp.data.data); this.setAuthData(resp.data.data);
}).catch(error => { }).catch(error => {
@@ -582,6 +628,7 @@ export default {
console.log('error submit!!'); console.log('error submit!!');
return false; return false;
} }
this.ruleForm.bandwidth = this.convertBandwidth(this.ruleForm.bandwidth_format, 'Mbps', 'BYTE');
axios.post('/group/set', this.ruleForm).then(resp => { axios.post('/group/set', this.ruleForm).then(resp => {
const rdata = resp.data; const rdata = resp.data;
if (rdata.code === 0) { if (rdata.code === 0) {
@@ -636,6 +683,70 @@ export default {
}); });
}); });
}, },
openIpListDialog(type) {
this.ipListDialog = true;
this.ipEditForm.type = type;
this.ipEditForm.ip_list = this.ruleForm[type].map(item => item.val + (item.note ? "," + item.note : "")).join("\n");
},
ipEdit() {
this.ipEditLoading = true;
let ipList = [];
if (this.ipEditForm.ip_list.trim() !== "") {
ipList = this.ipEditForm.ip_list.trim().split("\n");
}
let arr = [];
for (let i = 0; i < ipList.length; i++) {
let item = ipList[i];
if (item.trim() === "") {
continue;
}
let ip = item.split(",");
if (ip.length > 2) {
ip[1] = ip.slice(1).join(",");
}
let note = ip[1] ? ip[1] : "";
const pushToArr = () => {
arr.push({val: ip[0], note: note});
};
if (this.ipEditForm.type == "route_include" && ip[0] == "all") {
pushToArr();
continue;
}
let valid = this.isValidCIDR(ip[0]);
if (!valid.valid) {
this.$message.error("错误CIDR格式错误建议 " + ip[0] + " 改为 " + valid.suggestion);
this.ipEditLoading = false;
return;
}
pushToArr();
}
this.ruleForm[this.ipEditForm.type] = arr;
this.ipEditLoading = false;
this.ipListDialog = false;
},
isValidCIDR(input) {
const cidrRegex = /^((25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(25[0-5]|2[0-4]\d|[01]?\d\d?)\/([12]?\d|3[0-2])$/;
if (!cidrRegex.test(input)) {
return { valid: false, suggestion: null };
}
const [ip, mask] = input.split('/');
const maskNum = parseInt(mask);
const ipParts = ip.split('.').map(part => parseInt(part));
const binaryIP = ipParts.map(part => part.toString(2).padStart(8, '0')).join('');
for (let i = maskNum; i < 32; i++) {
if (binaryIP[i] === '1') {
const binaryNetworkPart = binaryIP.substring(0, maskNum).padEnd(32, '0');
const networkIPParts = [];
for (let j = 0; j < 4; j++) {
const octet = binaryNetworkPart.substring(j * 8, (j + 1) * 8);
networkIPParts.push(parseInt(octet, 2));
}
const suggestedIP = networkIPParts.join('.');
return { valid: false, suggestion: `${suggestedIP}/${mask}` };
}
}
return { valid: true, suggestion: null };
},
resetForm(formName) { resetForm(formName) {
this.$refs[formName].resetFields(); this.$refs[formName].resetFields();
}, },
@@ -666,6 +777,18 @@ export default {
closeDialog() { closeDialog() {
this.user_edit_dialog = false; this.user_edit_dialog = false;
this.activeTab = "general"; this.activeTab = "general";
},
convertBandwidth(bandwidth, fromUnit, toUnit) {
const units = {
bps: 1,
Kbps: 1000,
Mbps: 1000000,
Gbps: 1000000000,
BYTE: 8,
};
const result = bandwidth * units[fromUnit] / units[toUnit];
const fixedResult = result.toFixed(2);
return parseFloat(fixedResult);
} }
}, },
} }

28
web/src/pages/set/Other.vue
View File

@@ -248,11 +248,14 @@
<el-form-item label="自定义首页" prop="homeindex"> <el-form-item label="自定义首页" prop="homeindex">
<el-input <el-input
type="textarea" type="textarea"
:rows="5" :rows="10"
placeholder="请输入内容" placeholder="请输入内容"
v-model="dataOther.homeindex" v-model="dataOther.homeindex"
> >
</el-input> </el-input>
<el-tooltip content="自定义内容可以参考 home 目录下的文件" placement="top">
<i class="el-icon-question"></i>
</el-tooltip>
</el-form-item> </el-form-item>
<el-form-item label="账户开通邮件" prop="account_mail"> <el-form-item label="账户开通邮件" prop="account_mail">
@@ -318,8 +321,7 @@ export default {
secretKey: "", secretKey: "",
}, },
cfcloud: { cfcloud: {
authEmail: "", authToken: "",
authKey: "",
}, },
}, },
customCert: { cert: "", key: "" }, customCert: { cert: "", key: "" },
@@ -399,19 +401,13 @@ export default {
], ],
cfcloud: [ cfcloud: [
{ {
label: "Email", label: "AuthToken",
prop: "email", prop: "authToken",
component: "el-input",
type: "text",
},
{
label: "AuthKey",
prop: "authKey",
component: "el-input", component: "el-input",
type: "password", type: "password",
rules: { rules: {
required: true, required: true,
message: "请输入正确的APIKey", message: "请输入正确的AuthToken",
trigger: "blur", trigger: "blur",
}, },
}, },
@@ -551,12 +547,20 @@ export default {
}); });
break; break;
case "letsCert": case "letsCert":
var loading = this.$loading({
lock: true,
text: "证书申请中...",
spinner: "el-icon-loading",
background: "rgba(0, 0, 0, 0.7)",
});
axios.post("/set/other/createcert", this.letsCert).then((resp) => { axios.post("/set/other/createcert", this.letsCert).then((resp) => {
var rdata = resp.data; var rdata = resp.data;
console.log(rdata); console.log(rdata);
if (rdata.code === 0) { if (rdata.code === 0) {
loading.close();
this.$message.success(rdata.msg); this.$message.success(rdata.msg);
} else { } else {
loading.close();
this.$message.error(rdata.msg); this.$message.error(rdata.msg);
} }
}); });

11
web/src/pages/user/List.vue
View File

@@ -23,13 +23,16 @@
</el-upload> </el-upload>
<el-dropdown-menu slot="dropdown"> <el-dropdown-menu slot="dropdown">
<el-dropdown-item> <el-dropdown-item>
<el-link style="font-size:12px;" type="success" href="批量添加用户模版.xlsx"><i class="el-icon-download"></i>下载模版</el-link> <el-link style="font-size:12px;" type="success" href="批量添加用户模版.xlsx"><i
class="el-icon-download"></i>下载模版
</el-link>
</el-dropdown-item> </el-dropdown-item>
</el-dropdown-menu> </el-dropdown-menu>
</el-dropdown> </el-dropdown>
</el-form-item> </el-form-item>
<el-form-item label="用户名:"> <el-form-item label="用户名或姓名或邮箱:">
<el-input size="small" v-model="searchData" placeholder="请输入内容" @keydown.enter.native="searchEnterFun"></el-input> <el-input size="small" v-model="searchData" placeholder="请输入内容"
@keydown.enter.native="searchEnterFun"></el-input>
</el-form-item> </el-form-item>
<el-form-item> <el-form-item>
@@ -105,7 +108,7 @@
<template slot-scope="scope"> <template slot-scope="scope">
<el-tag v-if="scope.row.status === 1" type="success">可用</el-tag> <el-tag v-if="scope.row.status === 1" type="success">可用</el-tag>
<el-tag v-if="scope.row.status === 0" type="danger">停用</el-tag> <el-tag v-if="scope.row.status === 0" type="danger">停用</el-tag>
<el-tag v-if="scope.row.status === 2" >过期</el-tag> <el-tag v-if="scope.row.status === 2">过期</el-tag>
</template> </template>
</el-table-column> </el-table-column>

4
yarn.lock Normal file
View File

@@ -0,0 +1,4 @@
# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1