7x31/anylink
1
0
Fork 0
mirror of https://github.com/bjdgyc/anylink.git synced 2025-09-28 16:15:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: 7x31:v0.9.3
Branches Tags
7x31:main
7x31:v0.13.1 7x31:v0.12.2 7x31:v0.12.1 7x31:v0.11.4 7x31:v0.11.3 7x31:v0.11.2 7x31:v0.11.1 7x31:v0.10.1 7x31:v0.9.4 7x31:v0.9.3 7x31:v0.9.2-beta2 7x31:v0.9.2-beta1 7x31:v0.9.1-beta1 7x31:v0.8.1 7x31:v0.7.4 7x31:v0.7.3 7x31:v0.7.2 7x31:v0.7.1 7x31:v0.6.2 7x31:v0.6.1 7x31:v0.5.1 7x31:v0.4.2 7x31:v0.4.1 7x31:v0.3.3 7x31:v0.3.1 7x31:v0.2.1 7x31:v0.1.8 7x31:v0.1.7 7x31:v0.1.6 7x31:v0.1.0 7x31:v0.0.8 7x31:v0.0.6
...
compare: 7x31:v0.11.2
Branches Tags
7x31:main
7x31:v0.13.1 7x31:v0.12.2 7x31:v0.12.1 7x31:v0.11.4 7x31:v0.11.3 7x31:v0.11.2 7x31:v0.11.1 7x31:v0.10.1 7x31:v0.9.4 7x31:v0.9.3 7x31:v0.9.2-beta2 7x31:v0.9.2-beta1 7x31:v0.9.1-beta1 7x31:v0.8.1 7x31:v0.7.4 7x31:v0.7.3 7x31:v0.7.2 7x31:v0.7.1 7x31:v0.6.2 7x31:v0.6.1 7x31:v0.5.1 7x31:v0.4.2 7x31:v0.4.1 7x31:v0.3.3 7x31:v0.3.1 7x31:v0.2.1 7x31:v0.1.8 7x31:v0.1.7 7x31:v0.1.6 7x31:v0.1.0 7x31:v0.0.8 7x31:v0.0.6

154 Commits
v0.9.3 ... v0.11.2

Author SHA1 Message Date
bjdgyc
0ff6dbcd78 Merge pull request #297 from bjdgyc/dev 
添加otp说明文字
 2024-02-23 16:22:20 +08:00
bjdgyc
a650db816c 添加otp说明文字 2024-02-23 16:07:41 +08:00
bjdgyc
2b8ce3e94a Merge pull request #296 from bjdgyc/dev 
Dev
 2024-02-23 11:02:48 +08:00
bjdgyc
a59e480b61 修复 openconnect 重连问题 2024-02-22 17:15:43 +08:00
bjdgyc
33139a571d fix 2024-02-22 16:42:56 +08:00
bjdgyc
0227c3ee8b fix 2024-02-22 16:40:16 +08:00
bjdgyc
8eac03df03 修改证书名称 2024-02-22 11:39:18 +08:00
bjdgyc
d3d8b2620c fix 2024-02-22 10:36:03 +08:00
bjdgyc
bbb9cfda67 添加 appBuildDate 2024-02-21 18:38:38 +08:00
bjdgyc
ff07c81401 升级 axios 2024-02-21 12:57:52 +08:00
bjdgyc
6514657f2f 升级 axios 2024-02-21 12:51:05 +08:00
bjdgyc
70f3e4302c 修复 alpine:3.19 下 iptables 不生效的问题 2024-02-21 11:30:53 +08:00
bjdgyc
0e6e4e501c 修复 alpine:3.19 下 iptables 不生效的问题 2024-02-20 18:05:23 +08:00
bjdgyc
29a3e4bfb3 默认加白出口ip 2024-02-19 17:11:25 +08:00
bjdgyc
d73816a811 增加日志信息 2024-02-18 17:03:07 +08:00
bjdgyc
43a9d31b82 Update FUNDING.yml 2024-02-05 22:10:41 +08:00
bjdgy
5d4a9c0082 test 2024-02-04 19:57:07 +08:00
bjdgy
8bd8651fd7 删除armv7 2024-02-04 00:01:24 +08:00
bjdgy
545ddb337f 删除静态编译 2024-02-02 19:24:02 +08:00
bjdgy
d53ab80848 删除静态编译 2024-02-02 19:22:13 +08:00
bjdgyc
6c1f29ba3a 修复build错误 2024-02-02 18:59:34 +08:00
bjdgyc
947339384b 更新版本 2024-02-01 17:27:00 +08:00
bjdgyc
0849c6049b 更新版本 2024-02-01 17:20:44 +08:00
bjdgyc
936c44e866 优化编译脚本 2024-02-01 17:18:16 +08:00
bjdgyc
02bc75b27a 优化编译脚本 2024-02-01 16:12:41 +08:00
bjdgy
1aa8c83d58 修复go test报错 2024-01-31 22:56:59 +08:00
bjdgy
7554876259 修复go test报错 2024-01-31 22:47:54 +08:00
bjdgyc
2fc3c33880 添加 deploy 部署脚本 
优化应用易用性
 2024-01-31 17:44:35 +08:00
bjdgy
d45ecbf3b7 添加 Release 2024-01-30 21:26:09 +08:00
bjdgy
54c2d95dd5 添加 Release 2024-01-30 21:21:42 +08:00
bjdgy
7eb8cc2077 添加 Release 2024-01-30 21:03:28 +08:00
bjdgyc
fbd799f9f9 添加 Release 2024-01-30 18:23:09 +08:00
bjdgyc
f9ff92d73d 修改 docker 编译 2024-01-30 11:06:15 +08:00
bjdgy
10a335dc3d 修改 docker 编译 2024-01-29 22:25:41 +08:00
bjdgy
cd5652215f 修改 docker 编译 2024-01-29 22:17:01 +08:00
bjdgy
b153997cf1 修改 docker 编译 2024-01-29 22:13:40 +08:00
bjdgy
d5046a4f53 修改 docker 编译 2024-01-29 22:11:15 +08:00
bjdgy
b7fbbdc58c 修改 docker 编译 2024-01-29 22:07:52 +08:00
bjdgy
39b28f23c0 修改 docker 编译 2024-01-29 21:47:42 +08:00
bjdgy
aa09d928c3 修改 docker 编译 2024-01-29 21:34:03 +08:00
bjdgy
9099aea122 修改 docker 编译 2024-01-29 21:26:38 +08:00
bjdgy
ef3f2aba4c 修改 docker 编译 2024-01-29 21:11:40 +08:00
bjdgy
3c015651ef 修改 docker 编译 2024-01-29 20:59:34 +08:00
bjdgy
6a598b2570 修改 docker 编译 2024-01-29 20:50:55 +08:00
bjdgyc
1f47e3e254 修改 docker 编译 2024-01-29 17:56:39 +08:00
bjdgyc
79b7f0c88e 修改 docker 编译 2024-01-29 17:50:28 +08:00
bjdgyc
289f748543 修改 docker 编译 2024-01-29 17:47:46 +08:00
bjdgyc
4f77fd9013 添加 release.sh 脚本 2024-01-29 15:11:10 +08:00
bjdgyc
769c304e9a 添加 release.sh 脚本 2024-01-29 14:40:12 +08:00
bjdgyc
a5d9764d35 添加 release.sh 脚本 2024-01-29 14:32:41 +08:00
bjdgyc
f47fbd0252 添加 release.sh 脚本 2024-01-29 14:30:15 +08:00
bjdgyc
41278f722d Update build.sh 2024-01-29 00:25:18 +08:00
bjdgyc
87e50e8e0d Update build.sh 2024-01-29 00:21:51 +08:00
bjdgyc
5371e4530f Update release-tag-version.yml 2024-01-29 00:19:56 +08:00
bjdgyc
9d5f5719d8 Merge pull request #290 from bjdgyc/dev 
添加github action编译
 2024-01-29 00:15:27 +08:00
bjdgy
911b96cc74 修改readme 2024-01-29 00:09:48 +08:00
bjdgyc
13de601474 修改readme 2024-01-24 10:08:48 +08:00
bjdgyc
56576cb22a 修改配置参数 2024-01-23 17:38:48 +08:00
bjdgyc
70f3e46ef7 修改配置参数 2024-01-23 14:28:11 +08:00
bjdgy
1592a1f01b fix 2024-01-22 22:49:27 +08:00
bjdgy
279498e37e 更改 http server log 2024-01-22 21:18:26 +08:00
bjdgyc
9ed8b1a9f1 更新证书信息 2024-01-22 15:12:10 +08:00
bjdgyc
31a1035267 更新证书信息 2024-01-22 15:06:05 +08:00
bjdgyc
5731d9a01c 修复otp二维码 不显示的问题 2024-01-22 13:21:12 +08:00
bjdgyc
c63604aba3 修复otp二维码 不显示的问题 2024-01-22 10:38:20 +08:00
bjdgyc
7c3ed549d0 增加 用户名或姓名或邮箱 搜索支持 2024-01-15 17:46:47 +08:00
bjdgyc
4a33b42726 Merge remote-tracking branch 'origin/dev' into dev 2024-01-15 17:31:48 +08:00
bjdgyc
da92c111e7 增加 用户名或姓名或邮箱 搜索支持 2024-01-15 17:30:58 +08:00
bjdgyc
634c8c8145 Update go-update.yml 2024-01-15 15:50:39 +08:00
bjdgyc
3408198d2d 修改说明文件 2024-01-15 15:21:39 +08:00
bjdgyc
1df0f60ed3 Update go-update.yml 2024-01-15 10:10:30 +08:00
bjdgyc
1f5d7d0dab Merge pull request #288 from Potterli20/patch-1 
update go.mod 7day
 2024-01-15 10:07:09 +08:00
trli
e73504b4b6 Create go-update.yml 2024-01-15 09:52:44 +08:00
bjdgy
2e86547e97 修复 DPD-REQ 协议 2023-12-31 22:39:29 +08:00
bjdgyc
970213f269 Merge pull request #285 from itviewer/dev 
遵循 DPD-REQ 协议,修复 OpenConnect DTLS 的 MTU 探测
 2023-12-31 21:53:03 +08:00
XinJun Ma
ffd68d6c81 遵循 DPD-REQ 协议,修复 OpenConnect DTLS 的 MTU 探测 2023-12-31 18:36:02 +08:00
bjdgyc
3f072242f4 添加 空闲链接超时自动断开 2023-12-29 16:17:50 +08:00
bjdgyc
ef1e20a558 添加 空闲链接超时自动断开 2023-12-29 15:51:49 +08:00
bjdgy
42142d95b7 修改报错信息 2023-12-27 21:24:24 +08:00
bjdgy
638a99275e fix 2023-12-26 13:00:55 +08:00
bjdgyc
edc7a4a4a3 Merge pull request #283 from bjdgyc/dev 
修复容器频繁重启的问题
 2023-12-26 12:13:03 +08:00
bjdgy
17492d8172 修复容器频繁重启的问题 2023-12-26 11:24:01 +08:00
bjdgyc
65de1a58cf Merge pull request #282 from bjdgyc/dev 
添加问题信息
 2023-12-25 15:39:43 +08:00
bjdgyc
dfb25718f7 添加问题信息 2023-12-25 15:38:59 +08:00
bjdgyc
3deda4d77f Merge pull request #281 from bjdgyc/dev 
合并新版
 2023-12-25 14:56:58 +08:00
bjdgyc
2af524f87b Merge pull request #274 from aiminickwong/main 
解决电信DNS Let's Encrypt证书刷新缓慢问题
 2023-12-25 14:55:14 +08:00
bjdgyc
1b6abeb849 修复 modprobe 报错 2023-12-25 14:47:30 +08:00
bjdgyc
e3b303744b 修复 modprobe 报错 2023-12-25 14:34:21 +08:00
bjdgyc
d3f16eb2ad 修复 modprobe 报错 2023-12-25 14:31:35 +08:00
bjdgyc
64404ea94b 修改readme 2023-12-13 16:50:35 +08:00
bjdgyc
ededfddff4 Merge pull request #278 from lanrenwo/group_ip_list 
新增路由设置的编辑模式
 2023-12-04 18:38:17 +08:00
lanrenwo
8a3d34b737 优化isValidCIDR函数,解决部分格式检测有误,并给予建议提示。 2023-12-04 18:32:09 +08:00
lanrenwo
7c040e2a0f 过滤文本框内的空行 2023-12-04 13:44:06 +08:00
lanrenwo
3d03f6adb8 解决大量路由导致弹窗卡顿的问题(当点击“路由设置”时,才加载路由) 2023-12-04 13:08:37 +08:00
lanrenwo
5d24eda7fc 不限制路由的数量,并检测CIDR格式的正确性 2023-12-03 22:09:46 +08:00
lanrenwo
ea92857524 新增路由设置的编辑模式 2023-12-02 15:38:18 +08:00
bjdgyc
b521dddb98 Merge pull request #276 from lanrenwo/banner_special_chars 
优化处理Banner特殊字符的代码
 2023-11-27 10:18:31 +08:00
lanrenwo
2bd94aef2b 优化处理Banner特殊字符的代码 2023-11-20 12:24:44 +08:00
bjdgyc
3879c3a4bc 修复Banner特殊字符 2023-11-15 11:57:12 +08:00
bjdgyc
aa2b89855f 添加 DTLS12-CipherSuite 筛选 2023-11-09 10:52:10 +08:00
bjdgyc
9e1969e3d0 添加 DTLS12-CipherSuite 筛选 2023-11-08 18:07:32 +08:00
bjdgyc
5b1d86282a fix 2023-11-06 16:51:32 +08:00
bjdgyc
bfc39fe4ea 默认显示错误信息 2023-11-02 15:54:59 +08:00
bjdgyc
9019a5f03a 添加网卡 alias 信息 2023-10-30 13:04:07 +08:00
bjdgyc
38d268e999 添加网卡 alias 信息 2023-10-30 11:46:53 +08:00
bjdgyc
57990d3d2a 添加网卡 alias 2023-10-30 11:38:31 +08:00
bjdgyc
6788a875a2 优化 2023-10-24 17:49:13 +08:00
bjdgyc
a9ad21b3b5 修改dtls加密套件 2023-10-17 16:30:45 +08:00
bjdgyc
43ca09e985 修改dtls加密套件 2023-10-17 16:01:31 +08:00
aiminick
b7da567cee 解决电信DNS Let's Encrypt证书刷新缓慢问题 
解决电信DNS Let's Encrypt证书刷新缓慢问题,改为阿里DNS后问题改善
 2023-10-17 00:54:49 +08:00
bjdgyc
6eea265b15 添加自定义首页 2023-10-11 17:21:26 +08:00
bjdgyc
06c8ee1197 添加自定义首页 2023-10-11 17:20:57 +08:00
bjdgyc
ebc7cc85c0 添加nginx stream示例 2023-10-11 16:00:53 +08:00
bjdgyc
012f636cf7 修改 profile.xml 2023-10-11 10:19:23 +08:00
bjdgyc
4f9cc2074a Merge remote-tracking branch 'origin/dev' into dev 2023-09-22 16:19:10 +08:00
bjdgyc
bbc5877eb9 修复header 2023-09-22 16:18:38 +08:00
bjdgyc
c6b85c7d66 Merge pull request #270 from lanrenwo/dev 
修复logAudit的panic
 2023-09-12 08:40:50 +08:00
lanrenwo
8e843d5eae Update payload_access_audit.go 2023-09-08 21:01:03 +08:00
lanrenwo
7b9be9377f 修复logAudit的panic 2023-09-08 20:33:30 +08:00
bjdgyc
f03264faf3 Merge pull request #268 from shikaiguo/main 
修改邮件内容的参数
 2023-09-06 15:57:08 +08:00
bjdgyc
b19ff321ad Merge pull request #267 from lanrenwo/dev 
修复sniNewParser的panic
 2023-09-06 15:54:22 +08:00
lanrenwo
f6980261d4 logAudit引入recover, 防止主程序崩溃. 2023-09-03 11:18:52 +08:00
lanrenwo
7651b69ed6 删除sniNewParser多余的空格 2023-09-02 10:46:01 +08:00
lanrenwo
2af2d273e4 简化sniNewParser代码 2023-09-02 10:44:47 +08:00
K
ff54abc5d5 增加邮件内容的昵称参数 2023-09-01 22:49:07 +08:00
lanrenwo
a168c96a93 修复sniNewParser的panic 2023-09-01 18:10:20 +08:00
bjdgyc
6127c41aea 修复 panic 2023-09-01 17:55:15 +08:00
bjdgyc
da1d6c6c6d 添加安全的header头 2023-08-25 13:56:04 +08:00
bjdgyc
08de4fe086 添加安全的header头 2023-08-24 16:59:35 +08:00
bjdgyc
7714c2a3e8 debug信息 需要鉴权后显示 2023-08-24 14:27:12 +08:00
bjdgyc
78a8b06467 变更qq群 2023-08-17 16:27:12 +08:00
bjdgyc
28ffda2371 修复上传文件漏洞 2023-08-08 15:17:05 +08:00
bjdgyc
c23b120e90 更新 2023-08-08 15:01:15 +08:00
bjdgyc
287355de54 Merge pull request #260 from bjdgyc/dev 
Dev
 2023-08-04 17:52:26 +08:00
bjdgyc
01f90e5bb5 管理用户支持otp 2023-07-24 17:36:03 +08:00
bjdgyc
91a9190379 管理用户支持otp 2023-07-24 17:26:52 +08:00
bjdgyc
0a9fe8f96c Merge pull request #258 from bjdgyc/dev 
Dev
 2023-07-23 15:45:04 +08:00
bjdgy
254110ebff 修改readme 2023-07-23 15:07:14 +08:00
bjdgyc
9c706a7d0d 升级dtls 2023-07-20 11:14:14 +08:00
bjdgyc
d228e224cd 修改readme 2023-07-17 18:26:45 +08:00
bjdgyc
6e95ea5441 修改server信息 2023-07-14 17:25:43 +08:00
bjdgyc
ce61401304 Merge pull request #247 from bjdgyc/main 
pull main
 2023-06-14 16:47:22 +08:00
bjdgyc
d7d2696790 Merge pull request #246 from lanrenwo/bandwidth_to_mbps 
用户组列表-带宽限制的单位从BYTE修改为Mbps
 2023-06-14 16:43:17 +08:00
bjdgyc
9a6aaa87e5 Merge pull request #244 from xnow-me/main 
强制使用规范的网络路由地址
 2023-06-14 16:39:03 +08:00
lanrenwo
e31b5d83d4 用户组列表-带宽限制的单位从BYTE修改为Mbps 2023-06-14 14:30:18 +08:00
lihz
fc2920e140 强制使用规范的网络路由地址 2023-06-13 13:22:00 +08:00
bjdgyc
d36e2fe85a 修改参数比较 2023-06-08 17:09:19 +08:00
bjdgyc
14efb14a9a 修改配置文件报错,停止程序 2023-05-30 15:52:20 +08:00
bjdgyc
92de727db8 Merge pull request #240 from wsczx/dev 
修复腾讯云因DNS解析生效时间导致无法成功申请证书的bug
 2023-05-15 09:45:40 +08:00
wsczx
c63e4f33d5 申请证书前端添加等待效果,避免无法及时获取后端结果 2023-05-04 23:32:16 +08:00
wsczx
60095fbc9b 优化验证DNS超时时间和轮训间隔,避免申请证书失败 2023-05-04 22:24:53 +08:00
wsczx
fe9b84ce98 修改cf使用authToken的方式申请证书,修复因前后端cf名称不一致导致的指针错误 2023-05-04 19:08:40 +08:00
wsczx
fd5ec7f86a 修复腾讯云因DNS解析生效时间导致无法成功申请证书的bug 2023-05-02 00:38:17 +08:00
bjdgyc
50bc864fdd 添加版本显示 2023-04-26 21:14:40 +08:00
80 changed files with 4413 additions and 3404 deletions
Expand all files Collapse all files

10
.codecov.yml
View File

@@ -1,5 +1,7 @@
ignore:
- "screenshot"
- "web"
- "server/conf"
- "server/files"
- "^doc"
- "^home"
- "^web"
- "^server/conf"
- "^server/files"

2
.github/FUNDING.yml vendored
View File

@@ -10,4 +10,4 @@ liberapay: # Replace with a single Liberapay username
issuehunt: # Replace with a single IssueHunt username
otechie: # Replace with a single Otechie username
lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
custom: ['https://github.com/bjdgyc/anylink/blob/main/doc/README.md'] # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
custom: [ 'https://github.com/bjdgyc/anylink/blob/main/doc/README.md' ] # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']

64
.github/workflows/codeql-analysis.yml vendored
View File

@@ -12,13 +12,15 @@
name: "CodeQL"
on:
push:
branches: [ "main", "dev" ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ "main", "dev" ]
workflow_dispatch:
schedule:
- cron: '32 12 * * 5'
- cron: '32 5 * * 1'
# push:
# branches: [ "main", "dev" ]
# pull_request:
# branches: [ "main", "dev" ]
jobs:
analyze:
@@ -38,34 +40,34 @@ jobs:
# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Checkout repository
uses: actions/checkout@v4
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v2
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v2
# Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
# Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language
#- run: |
# make bootstrap
# make release
#- run: |
# make bootstrap
# make release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2

48
.github/workflows/go-update.yml vendored Normal file
View File

@@ -0,0 +1,48 @@
name: go-update
on:
workflow_dispatch:
# schedule:
# - cron: "1 2 * * 5"
jobs:
go:
runs-on: ubuntu-latest
steps:
- name: Setup Go 1.x.y
uses: actions/setup-go@main
with:
go-version: '1.20'
stable: true
- name: Checkout codebase
uses: actions/checkout@main
- name: go
run: |
cd ./server
go mod tidy -compat=1.20
#gofmt -w -r 'interface{} -> any' .
go get -u
go mod download
go get -u
go mod download
- name: Git push
run: |
git init
git config --local user.name "github-actions[bot]"
git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
git remote rm origin
git remote add origin "https://${{ github.actor }}:${{ secrets.GITHUBTOKEN }}@github.com/${{ github.repository }}"
git gc --aggressive
git add --all
git commit -m "update go.mod $(date +%Y.%m.%d.%H.%M)"
#git push -f -u origin _autoaction
git push -u origin _autoaction
# 删除无用 workflow runs;
- name: Delete workflow runs
uses: GitRML/delete-workflow-runs@main
with:
retain_days: 0.1
keep_minimum_runs: 1

25
.github/workflows/go.yml vendored
View File

@@ -1,6 +1,8 @@
name: Go
on:
workflow_dispatch:
push:
branches: [ "main", "dev" ]
pull_request:
@@ -12,15 +14,15 @@ jobs:
name: Build
runs-on: ubuntu-latest
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v4
- name: Set up Go 1.x
uses: actions/setup-go@v2
uses: actions/setup-go@v4
with:
go-version: 1.18
id: go
- name: Check out code into the Go module directory
uses: actions/checkout@v2
go-version: '1.20'
go-version-file: 'server/go.mod'
cache-dependency-path: 'server/go.sum'
- name: Get dependencies
run: |
@@ -32,15 +34,16 @@ jobs:
cd server
mkdir ui
touch ui/index.html
go build -v -o anylink -ldflags "-X main.CommitId=`git rev-parse HEAD`"
go build -v -o anylink -trimpath -ldflags "-X main.CommitId=`git rev-parse HEAD`"
./anylink tool -v
- name: Test coverage
run: |
cd server
go test ./...
go test -race -coverprofile=coverage.txt -covermode=atomic -v ./...
- name: Upload coverage to Codecov
run: |
cd server
bash <(curl -s https://codecov.io/bash)
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@v3
env:
CODECOV_TOKEN: 28d52fb0-8fc9-460f-95b9-fb84f9138e58

98
.github/workflows/release.yml vendored Normal file
View File

@@ -0,0 +1,98 @@
name: release
on:
workflow_dispatch:
push:
tags:
- "v0.*"
- "v1.*"
jobs:
Build:
name: build-binary
runs-on: ubuntu-latest
env:
TZ: Asia/Shanghai
steps:
- name: Hello world
run: uname -a
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '16'
cache: 'yarn'
cache-dependency-path: 'web/yarn.lock'
- name: Build web
working-directory: web
run: |
yarn install
yarn run build
# - uses: actions/setup-go@v4
# with:
# go-version: '1.20'
# cache-dependency-path: 'server/go.sum'
- name: Set up QEMU
# https://github.com/docker/setup-qemu-action
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: bjdgyc
password: ${{ secrets.DOCKERHUB_TOKEN }}
logout: true
- name: Pre bash
shell: bash
run: |
appVer=`cat version`
commitId=`git rev-parse HEAD`
echo "APP_VER=$appVer" >> $GITHUB_ENV
echo "commitId=$commitId" >> $GITHUB_ENV
echo $appVer > version_info
echo $commitId >> version_info
echo $GITHUB_REF >> version_info
echo $GITHUB_REF_NAME >> version_info
#cd server;go mod tidy
- name: Build and push
uses: docker/build-push-action@v5
with:
push: true
cache-from: type=gha,scope=anylink
cache-to: type=gha,mode=max,scope=anylink
context: .
file: ./docker/Dockerfile
platforms: linux/amd64,linux/arm64
#platforms: linux/amd64
build-args: |
appVer=${{ env.APP_VER }}
commitId=${{ env.commitId }}
tags: bjdgyc/anylink:${{ env.APP_VER }},bjdgyc/anylink:latest
#tags: bjdgyc/anylink:${{ env.APP_VER }}
- name: Build deploy binary
shell: bash
run: bash release.sh
- name: Release
# https://github.com/ncipollo/release-action
# artifacts: bin/release/*
# generateReleaseNotes: true
# draft: true
# https://github.com/softprops/action-gh-release
uses: softprops/action-gh-release@v1
#if: startsWith(github.ref, 'refs/tags/')
with:
tag_name: v${{ env.APP_VER }}
files: artifact-dist/*
# Docker:
# name: build-docker

7
.gitignore vendored
View File

@@ -2,4 +2,11 @@
.idea/
anylink-deploy
anylink-deploy.tar.gz
anylink
anylink.db
dist
artifact-dist
anylink_amd64
anylink_arm64

104
.goreleaser.yaml Normal file
View File

@@ -0,0 +1,104 @@
#https://goreleaser.com/static/schema.json
# release --skip=publish
# goreleaser build --skip=validate --clean --debug
# GOPROXY=https://goproxy.cn
# docker run -it --rm -v $PWD:/app -v /go:/go -w /app --platform=linux/arm64 golang:alpine3.19
# docker run -it --rm -v $PWD:/app -v /go:/go -w /app goreleaser/goreleaser-cross build --skip=validate --clean --debug
# docker run -it --rm -v $PWD:/app -v /go:/go -w /app bjdgyc/dcross goreleaser build --skip=validate --clean --debug
version: 1
dist: dist
before:
hooks:
- pwd
# - cmd: go mod tidy
# dir:
# "{{ dir .Dist}}"
# output: true
# - cmd: go generate
# dir:
# "{{ dir .Dist}}"
# output: true
builds:
- id: "build"
#main: .
dir: ./server
hooks:
pre:
- cmd: go mod tidy
dir: ./server
output: true
- cmd: go generate
dir: ./server
output: true
# {{- if eq .Arch "amd64" }}CC=x86_64-linux-gnu-gcc CXX=x86_64-linux-gnu-g++{{- end }}
env:
- CGO_ENABLED=1
- >-
{{- if eq .Os "linux" }}
{{- if eq .Arch "amd64" }}CC=x86_64-linux-musl-gcc{{- end }}
{{- if eq .Arch "arm64" }}CC=aarch64-linux-gnu-gcc{{- end }}
{{- end }}
{{- if eq .Os "darwin" }}
{{- if eq .Arch "amd64"}}CC=o64-clang{{- end }}
{{- if eq .Arch "arm64"}}CC=oa64-clang{{- end }}
{{- end }}
{{- if eq .Os "windows" }}
{{- if eq .Arch "amd64"}}CC=x86_64-w64-mingw32-gcc{{- end }}
{{- if eq .Arch "arm64"}}CC=aarch64-linux-gnu-gcc{{- end }}
{{- end }}
goos:
- linux
#- darwin
#- windows
goarch:
- amd64
#- arm64
# https://go.dev/wiki/MinimumRequirements
goamd64:
- v1
command: build
flags:
- -trimpath
- -tags osusergo,netgo,sqlite_omit_load_extension
ldflags:
# go tool link -help
# go tool compile -help
# -linkmode external
# -extld=$CC
# -fpic 作为动态链接库的时候 需要添加
- -s -w -extldflags '-static' -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.Date}} -X main.builtBy=dcross
archives:
- id: "archive1"
format: tar.gz
# this name template makes the OS and Arch compatible with the results of `uname`.
name_template: >-
{{ .ProjectName }}_
{{- title .Os }}_
{{- if eq .Arch "amd64" }}x86_64
{{- else if eq .Arch "386" }}i386
{{- else }}{{ .Arch }}{{ end }}
{{- if .Arm }}v{{ .Arm }}{{ end }}
# use zip for windows archives
format_overrides:
- goos: windows
format: zip
changelog:
sort: asc
filters:
exclude:
- "^docs:"
- "^test:"

132
README.md
View File

@@ -3,9 +3,10 @@
[![Go](https://github.com/bjdgyc/anylink/workflows/Go/badge.svg?branch=main)](https://github.com/bjdgyc/anylink/actions)
[![PkgGoDev](https://pkg.go.dev/badge/github.com/bjdgyc/anylink)](https://pkg.go.dev/github.com/bjdgyc/anylink)
[![Go Report Card](https://goreportcard.com/badge/github.com/bjdgyc/anylink)](https://goreportcard.com/report/github.com/bjdgyc/anylink)
[![codecov](https://codecov.io/gh/bjdgyc/anylink/branch/master/graph/badge.svg?token=JTFLIIIBQ0)](https://codecov.io/gh/bjdgyc/anylink)
[![codecov](https://codecov.io/gh/bjdgyc/anylink/graph/badge.svg?token=JTFLIIIBQ0)](https://codecov.io/gh/bjdgyc/anylink)
![GitHub release](https://img.shields.io/github/v/release/bjdgyc/anylink)
![GitHub downloads)](https://img.shields.io/github/downloads/bjdgyc/anylink/total)
![GitHub downloads total)](https://img.shields.io/github/downloads/bjdgyc/anylink/total)
![GitHub Downloads (all assets, latest release)](https://img.shields.io/github/downloads/bjdgyc/anylink/latest/total)
[![Docker pulls)](https://img.shields.io/docker/pulls/bjdgyc/anylink.svg)](https://hub.docker.com/r/bjdgyc/anylink)
![LICENSE](https://img.shields.io/github/license/bjdgyc/anylink)
@@ -24,7 +25,8 @@ AnyLink 基于 [ietf-openconnect](https://tools.ietf.org/html/draft-mavrogiannop
AnyLink 使用 TLS/DTLS 进行数据加密,因此需要 RSA 或 ECC 证书,可以通过 Let's Encrypt 和 TrustAsia 申请免费的 SSL 证书。
AnyLink 服务端仅在 CentOS 7、CentOS 8、Ubuntu 18.04、Ubuntu 20.04 测试通过,如需要安装在其他系统,需要服务端支持 tun/tap 功能、ip 设置命令。
AnyLink 服务端仅在 CentOS 7、CentOS 8、Ubuntu 18.04、Ubuntu 20.04 测试通过,如需要安装在其他系统,需要服务端支持 tun/tap
功能、ip 设置命令。
## Screenshot
@@ -45,6 +47,8 @@ AnyLink 服务端仅在 CentOS 7、CentOS 8、Ubuntu 18.04、Ubuntu 20.04 测试
> 没有编程基础的同学建议直接下载 release 包,从下面的地址下载 anylink-deploy.tar.gz
>
> https://github.com/bjdgyc/anylink/releases
>
> 如果不会安装可以提供有偿远程协助服务。添加QQ联系我 68492170
### 使用问题
@@ -52,19 +56,29 @@ AnyLink 服务端仅在 CentOS 7、CentOS 8、Ubuntu 18.04、Ubuntu 20.04 测试
>
> 对于线上环境,必须申请安全的 https 证书,不支持私有证书连接
>
> 服务端安装 yum install iproute 或者 apt-get install iproute2
>
> 客户端请使用群共享文件的版本,其他版本没有测试过,不保证使用正常
>
> 其他问题 [前往查看](doc/question.md)
>
> 首次使用,请在浏览器访问 https://域名:443浏览器提示安全后在客户端输入 【域名:443】 即可
> 默认管理后台访问地址 https://host:8800 或 https://域名:8800 默认账号密码 admin 123456
>
> 首次使用,请在浏览器访问 https://域名:443 浏览器提示安全后,在客户端输入 【域名:443】 即可
### 自行编译安装
> 需要提前安装好 golang >= 1.19 和 nodejs >= 14.x 和 yarn >= v1.22.x
> 需要提前安装好 golang >= 1.20 和 nodejs = 16.x 和 yarn >= v1.22.x
```shell
git clone https://github.com/bjdgyc/anylink.git
# 编译参考软件版本
# go 1.20.12
# node v16.20.2
# yarn 1.22.19
cd anylink
sh build.sh
@@ -73,7 +87,6 @@ cd anylink-deploy
sudo ./anylink
# 默认管理后台访问地址
# 注意该host为anylink的内网ip,不能跟客户端请求的ip一样
# https://host:8800
# 默认账号 密码
# admin 123456
@@ -111,17 +124,25 @@ sudo ./anylink
> 示例配置文件内有详细的注释,根据注释填写配置即可。
```shell
# 查看帮助信息
./anylink -h
# 生成后台密码
./anylink tool -p 123456
# 生成jwt密钥
./anylink tool -s
# 查看所有配置项
./anylink tool -d
```
> 数据库配置示例
>
> 数据库表结构自动生成,无需手动导入(请赋予 DDL 权限)
| db_type | db_source |
| -------- | ------------------------------------------------------ |
|----------|--------------------------------------------------------|
| sqlite3 | ./conf/anylink.db |
| mysql | user:password@tcp(127.0.0.1:3306)/anylink?charset=utf8 |
| postgres | user:password@localhost/anylink?sslmode=verify-full |
@@ -130,13 +151,23 @@ sudo ./anylink
>
> [conf/server-sample.toml](server/conf/server-sample.toml)
## Upgrade
> 升级前请备份配置文件`conf`目录 和 数据库,并停止服务
>
> 使用新版的 `anylink` 二进制文件替换旧版
>
> 重启服务后,即可完成升级
## Setting
> 以下参数必须设置其中之一
网络模式选择,需要配置 `link_mode` 参数,如 `link_mode="tun"`,`link_mode="macvtap"`,`link_mode="tap"(不推荐)` 等参数。 不同的参数需要对服务器做相应的设置。
网络模式选择,需要配置 `link_mode` 参数,如 `link_mode="tun"`,`link_mode="macvtap"`,`link_mode="tap"(不推荐)` 等参数。
不同的参数需要对服务器做相应的设置。
建议优先选择 tun 模式,其次选择 macvtap 模式,因客户端传输的是 IP 层数据,无须进行数据转换。 tap 模式是在用户态做的链路层到 IP 层的数据互相转换,性能会有所下降。 如果需要在虚拟机内开启 tap
建议优先选择 tun 模式,其次选择 macvtap 模式,因客户端传输的是 IP 层数据,无须进行数据转换。 tap 模式是在用户态做的链路层到
IP 层的数据互相转换,性能会有所下降。 如果需要在虚拟机内开启 tap
模式,请确认虚拟机的网卡开启混杂模式。
### tun 设置
@@ -190,7 +221,6 @@ https://cloud.tencent.com/document/product/216/62007
```
3. 使用 AnyConnect 客户端连接即可
### macvtap 设置
@@ -201,9 +231,17 @@ https://cloud.tencent.com/document/product/216/62007
> 以下参数可以通过执行 `ip a` 查看
```
# 命令行执行 master网卡需要打开混杂模式
ip link set dev eth0 promisc on
#=====================#
# 配置文件修改
# 首先关闭nat转发功能
iptables_nat = false
link_mode = "macvtap"
#内网主网卡名称
ipv4_master = "eth0"
#以下网段需要跟ipv4_master网卡设置成一样
@@ -213,29 +251,36 @@ ipv4_start = "10.1.2.100"
ipv4_end = "10.1.2.200"
```
## Deploy
## Systemd
> 部署配置文件放在 `deploy` 目录下,请根据实际情况修改配置文件
### Systemd
1. 添加 anylink 程序
- anylink 程序目录放入 `/usr/local/anylink-deploy`
- 首先把 `anylink-deploy` 文件夹放入 `/usr/local/anylink-deploy`
- 添加执行权限 `chmod +x /usr/local/anylink-deploy/anylink`
2. systemd/anylink.service 脚本放入:
2.`anylink.service` 脚本放入:
- centos: `/usr/lib/systemd/system/`
- ubuntu: `/lib/systemd/system/`
3. 操作命令:
- 启动: `systemctl start anylink`
- 停止: `systemctl stop anylink`
- 开机自启: `systemctl enable anylink`
### Docker Compose
1. 进入 `deploy` 目录
2. 执行脚本 `docker-compose up`
### k8s
1. 进入 `deploy` 目录
2. 执行脚本 `kubectl apply -f deployment.yaml`
## Docker
1. 获取镜像
```bash
# 具体tag可以从docker hub获取
# https://hub.docker.com/r/bjdgyc/anylink/tags
@@ -243,61 +288,79 @@ ipv4_end = "10.1.2.200"
```
2. 查看命令信息
```bash
docker run -it --rm bjdgyc/anylink -h
```
3. 生成密码
```bash
docker run -it --rm bjdgyc/anylink tool -p 123456
#Passwd:$2a$10$lCWTCcGmQdE/4Kb1wabbLelu4vY/cUwBwN64xIzvXcihFgRzUvH2a
```
4. 生成 jwt secret
```bash
docker run -it --rm bjdgyc/anylink tool -s
#Secret:9qXoIhY01jqhWIeIluGliOS4O_rhcXGGGu422uRZ1JjZxIZmh17WwzW36woEbA
```
5. 启动容器
5. 查看所有配置项
```bash
docker run -it --rm bjdgyc/anylink tool -d
```
6. 启动容器
```bash
# 默认启动
docker run -itd --name anylink --privileged \
-p 443:443 -p 8800:8800 \
-p 443:443 -p 8800:8800 -p 443:443/udp \
--restart=always \
bjdgyc/anylink
# 自定义配置目录
# 首次启动会自动创建配置文件
# 配置文件初始化完成后,容器会强制退出,请重新启动容器
docker run -itd --name anylink --privileged \
-p 443:443 -p 8800:8800 -p 443:443/udp \
-v /home/myconf:/app/conf \
--restart=always \
bjdgyc/anylink
docker restart anylink
```
6. 使用自定义参数启动容器
```bash
# 参数可以参考 -h 命令
# 参数可以参考 ./anylink tool -d
# 可以使用命令行参数 或者 环境变量 配置
docker run -itd --name anylink --privileged \
-p 443:443 -p 8800:8800 \
-e LINK_LOG_LEVEL=info \
-p 443:443 -p 8800:8800 -p 443:443/udp \
-v /home/myconf:/app/conf \
--restart=always \
bjdgyc/anylink \
-c=/etc/server.toml --ip_lease=1209600 # IP地址租约时长
--ip_lease=1209600 # IP地址租约时长
```
7. 构建镜像
7. 构建镜像 (非必需)
```bash
#获取仓库源码
git clone https://github.com/bjdgyc/anylink.git
# 构建镜像
sh build_docker.sh
docker build -t anylink -f docker/Dockerfile .
```
## 常见问题
请前往 [问题地址](doc/question.md) 查看具体信息
## Discussion
添加QQ群: 567510628
添加QQ群(1)(已满): 567510628
添加QQ群(2): 739072205
群共享文件有相关软件下载
@@ -307,6 +370,11 @@ ipv4_end = "10.1.2.200"
![contact_me_qr](doc/screenshot/contact_me_qr.png)
-->
## Support Client
- [AnyConnect Secure Client](https://www.cisco.com/) (可通过群文件下载: Windows/macOS/Linux/Android/iOS)
- [OpenConnect](https://gitlab.com/openconnect/openconnect) (Windows/macOS/Linux)
- [AnyLink Secure Client](https://github.com/tlslink/anylink-client) (Windows/macOS/Linux)
## Contribution

26
build.sh
View File

@@ -11,44 +11,52 @@ function RETVAL() {
#当前目录
cpath=$(pwd)
#ver=`cat server/base/app_ver.go | grep APP_VER | awk '{print $3}' | sed 's/"//g'`
ver=$(cat version)
echo "当前版本 $ver"
echo "编译前端项目"
cd $cpath/web
#国内可替换源加快速度
#npx browserslist@latest --update-db
#npm install --registry=https://registry.npm.taobao.org
#npm install
#npm run build
yarn install --registry=https://registry.npmmirror.com
yarn run build
RETVAL $?
echo "编译二进制文件"
cd $cpath/server
rm -rf ui
cp -rf $cpath/web/ui .
# -tags osusergo,netgo,sqlite_omit_load_extension
flags="-v -trimpath"
# -extldflags '-static'
ldflags="-s -w -X main.appVer=$ver -X main.commitId=$(git rev-parse HEAD) -X main.date=$(date -Iseconds)"
#国内可替换源加快速度
export GOPROXY=https://goproxy.io
go mod tidy
go build -v -o anylink -ldflags "-X main.CommitId=$(git rev-parse HEAD)"
RETVAL $?
go build -o anylink $flags -ldflags "$ldflags"
cd $cpath
exit 0
echo "整理部署文件"
deploy="anylink-deploy"
rm -rf $deploy ${deploy}.tar.gz
mkdir $deploy
mkdir $deploy/log
cp -r server/anylink $deploy
#cp -r server/bridge-init.sh $deploy
cp -r server/bridge-init.sh $deploy
cp -r server/conf $deploy
cp -r systemd $deploy
cp -r LICENSE $deploy
cp -r home $deploy
tar zcvf ${deploy}.tar.gz $deploy

22
build_docker.sh
View File

@@ -1,15 +1,25 @@
#!/bin/bash
ver=`cat server/base/app_ver.go | grep APP_VER | awk '{print $3}' | sed 's/"//g'`
ver=$(cat version)
echo $ver
#docker login -u bjdgyc
# docker login -u bjdgyc
#docker build -t bjdgyc/anylink .
docker build -t bjdgyc/anylink -f docker/Dockerfile .
# 生成时间 2024-01-30T21:41:27+08:00
# date -Iseconds
#docker run -it --rm -v $PWD/web:/app -w /app node:16-alpine \
# sh -c "yarn install --registry=https://registry.npmmirror.com && yarn run build"
# docker buildx build --platform linux/amd64,linux/arm64 本地不生成镜像
docker build -t bjdgyc/anylink:latest --progress=plain --build-arg CN="yes" --build-arg appVer=$ver \
--build-arg commitId=$(git rev-parse HEAD) -f docker/Dockerfile .
echo "docker tag latest $ver"
docker tag bjdgyc/anylink:latest bjdgyc/anylink:$ver
docker push bjdgyc/anylink:$ver
docker push bjdgyc/anylink:latest
#exit 0
docker tag bjdgyc/anylink:latest registry.cn-qingdao.aliyuncs.com/bjdgyc/anylink:latest
docker push registry.cn-qingdao.aliyuncs.com/bjdgyc/anylink:latest

8
systemd/anylink.service → deploy/anylink.service
View File

@@ -11,12 +11,14 @@ Restart=on-failure
RestartSec=5s
ExecStart=/usr/local/anylink-deploy/anylink --conf=/usr/local/anylink-deploy/conf/server.toml
# systemctl --version
# systemd older than v236
# ExecStart=/bin/bash -c 'exec /usr/local/anylink-deploy/anylink --conf=/usr/local/anylink-deploy/conf/server.toml >> /usr/local/anylink-deploy/log/anylink.log 2>&1'
StandardOutput=file:/usr/local/anylink-deploy/log/anylink.log
StandardError=file:/usr/local/anylink-deploy/log/anylink.log
# systemd new than v236
# StandardOutput=file:/usr/local/anylink-deploy/log/anylink-systemd.log
# StandardError=file:/usr/local/anylink-deploy/log/anylink-systemd.log
[Install]
WantedBy=multi-user.target

101
deploy/deployment.yaml Normal file
View File

@@ -0,0 +1,101 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: anylink
namespace: default
labels:
link-app: anylink
spec:
replicas: 1
selector:
matchLabels:
link-app: anylink
template:
metadata:
labels:
link-app: anylink
spec:
#hostNetwork: true
dnsPolicy: ClusterFirst
containers:
- name: anylink
env:
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: GOMAXPROCS
valueFrom:
resourceFieldRef:
resource: limits.cpu
- name: POD_CPU_LIMIT
valueFrom:
resourceFieldRef:
resource: limits.cpu
- name: POD_MEMORY_LIMIT
valueFrom:
resourceFieldRef:
resource: limits.memory
- name: TZ
value: "Asia/Shanghai"
image: bjdgyc/anylink:latest
imagePullPolicy: Always
args:
- --conf=/app/conf/server.toml
ports:
- name: https
containerPort: 443
protocol: TCP
- name: https-admin
containerPort: 8800
protocol: TCP
- name: dtls
containerPort: 443
protocol: UDP
# 设置资源
resources:
limits:
cpu: "2"
memory: 4Gi
ephemeral-storage: "2Gi"
securityContext:
privileged: true
# 禁用自动注入 service 信息到环境变量
enableServiceLinks: false
restartPolicy: Always
terminationGracePeriodSeconds: 30
nodeSelector:
kubernetes.io/os: linux
securityContext: { }
tolerations:
- operator: Exists
#设置优先级
priorityClassName: system-cluster-critical
---
apiVersion: v1
kind: Service
metadata:
name: anylink
namespace: default
labels:
link-app: anylink
spec:
ports:
- name: https
port: 443
targetPort: 443
protocol: TCP
- name: https-admin
port: 8800
targetPort: 8800
protocol: TCP
- name: dtls
port: 443
targetPort: 443
protocol: UDP
selector:
link-app: anylink
sessionAffinity: ClientIP
type: ClusterIP

19
deploy/docker-compose.yaml Normal file
View File

@@ -0,0 +1,19 @@
services:
anylink:
image: bjdgyc/anylink:latest
container_name: anylink
restart: always
privileged: true
#cpus: 2
#mem_limit: 4g
ports:
- 443:443
- 8800:8800
- 443:443/udp
environment:
LINK_LOG_LEVEL: info
command:
- --conf=/app/conf/server.toml
#volumes:
# - /home/myconf:/app/conf
dns_search: .

58
doc/README.md
View File

@@ -10,32 +10,40 @@
> 感谢以下同学的打赏AnyLink 有你更美好!
>
> 需要展示主页的同学可以在QQ群(567510628) 直接联系我添加。
> 需要展示主页的同学可以在QQ群 直接联系我添加。
| 昵称 | 主页 |
|---------| ---------------------------- |
| 代码 oo8 | |
| 甘磊 | https://github.com/ganlei333 |
| Oo@ | https://github.com/chooop |
| 虚极静笃 | |
| 请喝可乐 | |
| 加油加油 | |
| 李建 | |
| lanbin | |
| 乐在东途 | |
| 孤鸿 | |
| 刘国华 | |
| 改名好无聊 | |
| 全能互联网专家 | |
| JCM | |
| Eh... | |
| 沉 | |
| 刘国华 | |
| 忧郁的豚骨拉面 | |
| 张小旋当爹地 | |
| Ronny | |
| 奔跑的少年 | |
| ZBW | |
| 昵称 | 主页 / 联系方式 |
|-----------|------------------------------|
| 代码 oo8 | |
| 甘磊 | https://github.com/ganlei333 |
| Oo@ | https://github.com/chooop |
| 虚极静笃 | |
| 请喝可乐 | |
| 加油加油 | |
| 李建 | |
| lanbin | |
| 乐在东途 | |
| 孤鸿 | |
| 刘国华 | |
| 改名好无聊 | |
| 全能互联网专家 | |
| JCM | |
| Eh... | |
| 沉 | |
| 刘国华 | |
| 忧郁的豚骨拉面 | |
| 张小旋当爹地 | |
| 对方正在输入 | |
| Ronny | |
| 奔跑的少年 | |
| ZBW | |
| 悲鸣 | |
| 谢谢 | |
| 云思科技 | |
| 哆啦A伟(张佳伟) | |
| 人类的悲欢并不相通 | |
| 做人要低调 | |
| 洛洛 | |

65
doc/question.md
View File

@@ -1,34 +1,59 @@
## 常见问题
### anyconnect 客户端问题
> 客户端请使用群共享文件的版本,其他版本没有测试过,不保证使用正常
>
> 添加QQ群: 567510628
### OTP 动态码
> 请使用手机安装 freeotp 然后扫描otp二维码生成的数字即是动态码
### 远程桌面连接
> 本软件已经支持远程桌面里面连接anyconnect。
### 私有证书问题
> anylink 默认不支持私有证书
>
> 其他使用私有证书的问题,请自行解决
### 客户端连接名称
> 客户端连接名称需要修改 [profile.xml](../server/conf/profile.xml) 文件
```xml
<HostEntry>
<HostName>VPN</HostName>
<HostAddress>localhost</HostAddress>
</HostEntry>
```
### dpd timeout 设置问题
```
```yaml
#客户端失效检测时间(秒) dpd > keepalive
cstp_keepalive = 6
cstp_dpd = 10
mobile_keepalive = 15
mobile_dpd = 20
cstp_keepalive = 4
cstp_dpd = 9
mobile_keepalive = 7
mobile_dpd = 15
```
> 以上dpd参数为客户端的超时检测时间, 如一段时间内,没有数据传输,防火墙会主动关闭连接
>
> 如经常出现 timeout 的错误信息应根据当前防火墙的设置适当减小dpd数值
### 关于审计日志 audit_interval 参数
> 默认值 `audit_interval = 600` 表示相同日志600秒内只记录一次不同日志首次出现立即记录
>
> 去重key的格式: 16字节源IP地址 + 16字节目的IP地址 + 2字节目的端口 + 1字节协议类型 + 16字节域名MD5
### 反向代理问题
> anylink 仅支持四层反向代理,不支持七层反向代理
>
> 如Nginx请使用 stream模块
@@ -46,7 +71,36 @@ stream {
}
```
> nginx实现 共用443端口 示例
```conf
stream {
map $ssl_preread_server_name $name {
vpn.xx.com myvpn;
default defaultpage;
}
# upstream pool
upstream myvpn {
server 127.0.0.1:8443;
}
upstream defaultpage {
server 127.0.0.1:8080;
}
server {
listen 443 so_keepalive=on;
ssl_preread on;
#接收端也需要设置 proxy_protocol
#proxy_protocol on;
proxy_pass $name;
}
}
```
### 性能问题
```
内网环境测试数据
虚拟服务器: centos7 4C8G
@@ -55,6 +109,7 @@ anylink: tun模式 tcp传输
客户端网卡下载速度270Mb/s
服务端网卡上传速度280Mb/s
```
> 客户端tls加密协议、隧道header头都会占用一定带宽

72
docker/Dockerfile
View File

@@ -1,48 +1,58 @@
# web
FROM node:16.17.1-alpine3.15 as builder_node
WORKDIR /web
COPY ./web /web
RUN yarn install \
&& yarn run build \
&& ls /web/ui
#node:16-bullseye
#golang:1.20-bullseye
#debian:bullseye-slim
#bullseye
# sed -i 's/deb.debian.org/mirrors.ustc.edu.cn/g' /etc/apt/sources.list
#bookworm
# sed -i 's/deb.debian.org/mirrors.ustc.edu.cn/g' /etc/apt/sources.list.d/debian.sources
# sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
# 配合 github action 使用
# 需要先编译出ui文件后 再执行docker编译
# server
FROM golang:1.19-alpine as builder_golang
#TODO 本地打包时使用镜像
ENV GOPROXY=https://goproxy.io
ENV GOOS=linux
WORKDIR /anylink
COPY . /anylink
COPY --from=builder_node /web/ui /anylink/server/ui
FROM golang:1.20-alpine3.19 as builder_golang
ARG CN="no"
ARG appVer="appVer"
ARG commitId="commitId"
ENV TZ=Asia/Shanghai
WORKDIR /server
COPY docker/init_build.sh /tmp/
COPY server/ /server/
COPY web/ui /server/ui
#RUN apk add gcc musl-dev bash
RUN sh /tmp/init_build.sh
#TODO 本地打包时使用镜像
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
RUN apk add --no-cache git gcc musl-dev
RUN cd /anylink/server;go mod tidy;go build -o anylink -ldflags "-X main.CommitId=$(git rev-parse HEAD)" \
&& /anylink/server/anylink tool -v
# anylink
FROM alpine
FROM alpine:3.19
LABEL maintainer="github.com/bjdgyc"
#ENV IPV4_CIDR="192.168.10.0/24"
ARG CN="no"
ENV TZ=Asia/Shanghai
ENV ANYLINK_IN_CONTAINER=true
WORKDIR /app
COPY --from=builder_golang /anylink/server/anylink /app/
COPY docker/docker_entrypoint.sh /app/
COPY docker/init_release.sh /tmp/
#COPY ./server/bridge-init.sh /app/
COPY --from=builder_golang /server/anylink /app/
COPY docker/docker_entrypoint.sh server/bridge-init.sh ./README.md ./LICENSE version_info /app/
COPY ./deploy /app/deploy
COPY ./index_template /app/index_template
COPY ./server/conf /app/conf
COPY ./LICENSE /app/LICENSE
#TODO 本地打包时使用镜像
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
RUN apk add --no-cache bash iptables \
&& chmod +x /app/docker_entrypoint.sh \
&& ls /app
RUN sh /tmp/init_release.sh
EXPOSE 443 8800
EXPOSE 443 8800 443/udp
#CMD ["/app/anylink"]
ENTRYPOINT ["/app/docker_entrypoint.sh"]

10
docker/docker_entrypoint.sh
View File

@@ -14,10 +14,18 @@ case $var1 in
;;
*)
sysctl -w net.ipv4.ip_forward=1
#sysctl -w net.ipv4.ip_forward=1
#iptables -t nat -A POSTROUTING -s "${IPV4_CIDR}" -o eth0+ -j MASQUERADE
#iptables -nL -t nat
# 启动服务 先判断配置文件是否存在
if [ ! -f /app/conf/profile.xml ]; then
/bin/cp -r /home/conf-bak/* /app/conf/
echo "After the configuration file is initialized, the container will be forcibly exited. Restart the container."
echo "配置文件初始化完成后,容器会强制退出,请重新启动容器。"
exit 1
fi
exec /app/anylink "$@"
;;
esac

33
docker/init_build.sh Normal file
View File

@@ -0,0 +1,33 @@
#!/bin/sh
set -x
#TODO 本地打包时使用镜像
if [[ $CN == "yes" ]]; then
sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
export GOPROXY=https://goproxy.cn
fi
apk add build-base tzdata gcc g++ musl musl-dev upx
uname -a
env
date
cd /server
go mod tidy
echo "start build"
ldflags="-s -w -X main.appVer=$appVer -X main.commitId=$commitId -X main.buildDate=$(date -Iseconds) -extldflags '-static' "
export CGO_ENABLED=1
go build -v -o anylink -trimpath -ldflags "$ldflags"
ls -lh /server/
# 压缩文件
upx -9 -k anylink
/server/anylink -v

26
docker/init_release.sh Normal file
View File

@@ -0,0 +1,26 @@
#!/bin/sh
set -x
#TODO 本地打包时使用镜像
if [[ $CN == "yes" ]]; then
sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
export GOPROXY=https://goproxy.cn
fi
# alpine:3.19 兼容老版 iptables
apk add --no-cache iptables iptables-legacy
rm /sbin/iptables
ln -s /sbin/iptables-legacy /sbin/iptables
apk add --no-cache ca-certificates bash iproute2 tzdata
chmod +x /app/docker_entrypoint.sh
mkdir /app/log
#备份配置文件
cp -r /app/conf /home/conf-bak
tree /app
uname -a
date -Iseconds

101
index_template/自定义首页1.html Normal file
View File

@@ -0,0 +1,101 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>AnyLink - 企业级远程办公 SSL VPN</title>
<style>
/* CSS样式表 */
body {
font-family: Arial, sans-serif;
margin: 0;
padding: 0;
}
header {
background-color: #333;
color: #fff;
padding: 20px;
text-align: center;
}
h1 {
margin: 0;
font-size: 32px;
}
main {
max-width: 960px;
margin: 20px auto;
padding: 0 20px;
margin-bottom: 100px;
}
p {
line-height: 1.5;
}
/* 设置页脚固定在底部,并且占满横向宽度 */
footer {
position: fixed;
bottom: 0;
left: 0;
width: 100%;
}
footer {
background-color: #f2f2f2;
padding: 20px;
text-align: center;
}
.cta-button {
display: inline-block;
background-color: #007bff;
color: #fff;
padding: 10px 20px;
text-decoration: none;
border-radius: 4px;
font-weight: bold;
margin-right: 10px;
}
</style>
</head>
<body>
<header>
<h1>欢迎使用 AnyLink</h1>
</header>
<main>
<h2>什么是 AnyLink</h2>
<p>AnyLink 是一款面向企业级的远程办公 SSL VPN 软件,支持多人同时在线使用。它提供安全、便捷的访问内部网络资源的方式,使远程工作者能够有效协作。</p>
<h2>核心功能</h2>
<ul>
<li>安全远程访问AnyLink 使用 SSL/TLS 加密技术,确保远程用户与企业网络之间的连接安全可靠。</li>
<li>多用户支持:多个用户可以同时连接 VPN实现不同地点团队的无缝协作。</li>
<li>灵活网络访问AnyLink 能够安全地让远程工作者访问内部资源,如文件、应用程序和数据库。</li>
<li>集中化管理:该 VPN 解决方案提供集中化管理控制台,便于用户管理、访问控制和监控。</li>
</ul>
<h2>开始使用 AnyLink</h2>
<p>体验 AnyLink 为您的企业远程办公需求所带来的便利和安全。</p>
<h2>下载客户端</h2>
<a href="/files/anyconnect-win-4.10.05111.msi" class="cta-button">Windows 客户端</a>
<a href="/files/anyconnect-macos-4.10.05111.dmg" class="cta-button">Mac 客户端</a>
<a href="https://apps.apple.com/cn/app/cisco-secure-client/id1135064690" class="cta-button">iOS 客户端</a>
<a href="/files/CiscoSecureClientAnyConnect_v5.0.00247.apk" class="cta-button">Android 客户端</a>
<a href="/files/freeotp.apk" class="cta-button">Android FreeOTP客户端</a>
<a href="https://apps.apple.com/cn/app/freeotp-authenticator/id872559395" class="cta-button">iOS FreeOTP客户端</a>
<h2>使用手册</h2>
<a href="/files/anylink_doc.pdf" class="cta-button">使用手册(Windows)</a>
</main>
<footer>
&copy; 2023 AnyLink. 保留所有权利。
</footer>
</body>
</html>

50
release.sh Normal file
View File

@@ -0,0 +1,50 @@
#!/bin/bash
#github action release.sh
set -x
function RETVAL() {
rt=$1
if [ $rt != 0 ]; then
echo $rt
exit 1
fi
}
#当前目录
cpath=$(pwd)
ver=$(cat version)
echo "当前版本 $ver"
rm -rf artifact-dist
mkdir artifact-dist
function archive() {
arch=$1
#echo "整理部署文件 $arch"
arch_name=${arch//\//-}
echo $arch_name
deploy="anylink-$ver-$arch_name"
docker container rm $deploy
docker container create --platform $arch --name $deploy bjdgyc/anylink:$ver
rm -rf anylink-deploy
docker cp -a $deploy:/app ./anylink-deploy
ls -lh anylink-deploy
tar zcf ${deploy}.tar.gz anylink-deploy
mv ${deploy}.tar.gz artifact-dist/
}
echo "copy二进制文件"
archive "linux/amd64"
archive "linux/arm64"
ls -lh artifact-dist
#注意使用root权限运行
#cd anylink-deploy
#sudo ./anylink --conf="conf/server.toml"

74
release_test.sh Normal file
View File

@@ -0,0 +1,74 @@
#!/bin/bash
#github action release.sh
set -x
function RETVAL() {
rt=$1
if [ $rt != 0 ]; then
echo $rt
exit 1
fi
}
#当前目录
cpath=$(pwd)
ver=$(cat version)
echo $ver
echo "copy二进制文件"
cd $cpath/server
# -tags osusergo,netgo,sqlite_omit_load_extension
flags="-trimpath"
ldflags="-s -w -extldflags '-static' -X main.appVer=$ver -X main.commitId=$(git rev-parse HEAD) -X main.buildDate=$(date --iso-8601=seconds)"
#github action
gopath=/go
dockercmd=$(
cat <<EOF
sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
apk add gcc g++ musl musl-dev tzdata
export GOPROXY=https://goproxy.cn
go mod tidy
echo "build:"
export CGO_ENABLED=1
go build -v -o anylink_amd64 $flags -ldflags "$ldflags"
./anylink_amd64 -v
EOF
)
#使用 musl-dev 编译
docker run -q --rm -v $PWD:/app -v $gopath:/go -w /app --platform=linux/amd64 \
golang:1.20-alpine3.19 sh -c "$dockercmd"
exit 0
#arm64编译
docker run -q --rm -v $PWD:/app -v $gopath:/go -w /app --platform=linux/arm64 \
golang:1.20-alpine3.19 go build -o anylink_arm64 $flags -ldflags "$ldflags"
./anylink_arm64 -v
exit 0
cd $cpath
echo "整理部署文件"
deploy="anylink-deploy"
rm -rf $deploy ${deploy}.tar.gz
mkdir $deploy
mkdir $deploy/log
cp -r server/anylink $deploy
cp -r server/bridge-init.sh $deploy
cp -r server/conf $deploy
cp -r systemd $deploy
cp -r LICENSE $deploy
cp -r home $deploy
tar zcvf ${deploy}.tar.gz $deploy
#注意使用root权限运行
#cd anylink-deploy
#sudo ./anylink --conf="conf/server.toml"

44
server/admin/api_base.go
View File

@@ -8,6 +8,7 @@ import (
"github.com/bjdgyc/anylink/base"
"github.com/bjdgyc/anylink/pkg/utils"
"github.com/gorilla/mux"
"github.com/xlzd/gotp"
)
// Login 登陆接口
@@ -20,10 +21,35 @@ func Login(w http.ResponseWriter, r *http.Request) {
adminUser := r.PostFormValue("admin_user")
adminPass := r.PostFormValue("admin_pass")
// 启用otp验证
if base.Cfg.AdminOtp != "" {
pwd := adminPass
pl := len(pwd)
if pl < 6 {
RespError(w, RespUserOrPassErr)
base.Error(adminUser, "管理员otp错误")
return
}
// 判断otp信息
adminPass = pwd[:pl-6]
otp := pwd[pl-6:]
totp := gotp.NewDefaultTOTP(base.Cfg.AdminOtp)
unix := time.Now().Unix()
verify := totp.Verify(otp, unix)
if !verify {
RespError(w, RespUserOrPassErr)
base.Error(adminUser, "管理员otp错误")
return
}
}
// 认证错误
if !(adminUser == base.Cfg.AdminUser &&
utils.PasswordVerify(adminPass, base.Cfg.AdminPass)) {
RespError(w, RespUserOrPassErr)
base.Error(adminUser, "管理员用户名或密码错误")
return
}
@@ -41,6 +67,14 @@ func Login(w http.ResponseWriter, r *http.Request) {
data["admin_user"] = adminUser
data["expires_at"] = expiresAt
ck := &http.Cookie{
Name: "jwt",
Value: tokenString,
Path: "/",
HttpOnly: true,
}
http.SetCookie(w, ck)
RespSucess(w, data)
}
@@ -50,13 +84,15 @@ func authMiddleware(next http.Handler) http.Handler {
w.Header().Set("Access-Control-Allow-Methods", "GET,POST,OPTIONS")
w.Header().Set("Access-Control-Allow-Headers", "*")
if r.Method == http.MethodOptions {
// 正式环境不支持 OPTIONS
w.WriteHeader(http.StatusForbidden)
return
}
route := mux.CurrentRoute(r)
name := route.GetName()
// fmt.Println("bb", r.URL.Path, name)
if utils.InArrStr([]string{"login", "index", "static", "debug"}, name) {
if utils.InArrStr([]string{"login", "index", "static"}, name) {
// 不进行鉴权
next.ServeHTTP(w, r)
return
@@ -67,6 +103,12 @@ func authMiddleware(next http.Handler) http.Handler {
if jwtToken == "" {
jwtToken = r.FormValue("jwt")
}
if jwtToken == "" {
cc, err := r.Cookie("jwt")
if err == nil {
jwtToken = cc.Value
}
}
data, err := GetJwtData(jwtToken)
if err != nil || base.Cfg.AdminUser != fmt.Sprint(data["admin_user"]) {
w.WriteHeader(http.StatusUnauthorized)

13
server/admin/api_set.go
View File

@@ -66,12 +66,13 @@ func SetSystem(w http.ResponseWriter, r *http.Request) {
hi, _ := host.Info()
l, _ := load.Avg()
data["sys"] = map[string]interface{}{
"goOs": runtime.GOOS,
"goArch": runtime.GOARCH,
"goVersion": runtime.Version(),
"goroutine": runtime.NumGoroutine(),
"appVersion": "v" + base.APP_VER,
"appCommitId": base.CommitId,
"goOs": runtime.GOOS,
"goArch": runtime.GOARCH,
"goVersion": runtime.Version(),
"goroutine": runtime.NumGoroutine(),
"appVersion": "v" + base.APP_VER,
"appCommitId": base.CommitId,
"appBuildDate": base.BuildDate,
"hostname": hi.Hostname,
"platform": fmt.Sprintf("%v %v %v", hi.Platform, hi.PlatformFamily, hi.PlatformVersion),

14
server/admin/api_uploaduser.go
View File

@@ -5,11 +5,11 @@ import (
"io"
"net/http"
"os"
"path"
"strconv"
"strings"
"time"
"github.com/bjdgyc/anylink/base"
"github.com/bjdgyc/anylink/dbdata"
"github.com/bjdgyc/anylink/pkg/utils"
mapset "github.com/deckarep/golang-set"
@@ -25,21 +25,27 @@ func UserUpload(w http.ResponseWriter, r *http.Request) {
return
}
defer file.Close()
newFile, err := os.Create(base.Cfg.FilesPath + header.Filename)
// go/path-injection
// base.Cfg.FilesPath 可以直接对外访问,不能上传文件到此
fileName := path.Join(os.TempDir(), utils.RandomRunes(10))
newFile, err := os.Create(fileName)
if err != nil {
RespError(w, RespInternalErr, "创建文件失败:", err)
return
}
defer newFile.Close()
io.Copy(newFile, file)
if err = UploadUser(newFile.Name()); err != nil {
RespError(w, RespInternalErr, err)
os.Remove(base.Cfg.FilesPath + header.Filename)
os.Remove(fileName)
return
}
os.Remove(base.Cfg.FilesPath + header.Filename)
os.Remove(fileName)
RespSucess(w, "批量添加成功")
}
func UploadUser(file string) error {
f, err := excelize.OpenFile(file)
if err != nil {

13
server/admin/api_user.go
View File

@@ -22,6 +22,7 @@ import (
func UserList(w http.ResponseWriter, r *http.Request) {
_ = r.ParseForm()
prefix := r.FormValue("prefix")
prefix = strings.TrimSpace(prefix)
pageS := r.FormValue("page")
page, _ := strconv.Atoi(pageS)
if page < 1 {
@@ -37,8 +38,11 @@ func UserList(w http.ResponseWriter, r *http.Request) {
// 查询前缀匹配
if len(prefix) > 0 {
count = dbdata.CountPrefix("username", prefix, &dbdata.User{})
err = dbdata.Prefix("username", prefix, &datas, pageSize, 1)
fuzzy := "%" + prefix + "%"
where := "username LIKE ? OR nickname LIKE ? OR email LIKE ?"
count = dbdata.FindWhereCount(&dbdata.User{}, where, fuzzy, fuzzy, fuzzy)
err = dbdata.FindWhere(&datas, pageSize, page, where, fuzzy, fuzzy, fuzzy)
} else {
count = dbdata.CountAll(&dbdata.User{})
err = dbdata.Find(&datas, pageSize, page)
@@ -107,7 +111,7 @@ func UserSet(w http.ResponseWriter, r *http.Request) {
return
}
}
//修改用户资料后执行过期用户检测
// 修改用户资料后执行过期用户检测
sessdata.CloseUserLimittimeSession()
RespSucess(w, nil)
}
@@ -205,6 +209,7 @@ type userAccountMailData struct {
LinkAddr string
Group string
Username string
Nickname string
PinCode string
OtpImg string
OtpImgBase64 string
@@ -251,9 +256,11 @@ func userAccountMail(user *dbdata.User) error {
otpData, _ := userOtpQr(user.Id, true)
data := userAccountMailData{
Issuer: base.Cfg.Issuer,
LinkAddr: setting.LinkAddr,
Group: strings.Join(user.Groups, ","),
Username: user.Username,
Nickname: user.Nickname,
PinCode: user.PinCode,
OtpImg: fmt.Sprintf("https://%s/otp_qr?id=%d&jwt=%s", setting.LinkAddr, user.Id, tokenString),
OtpImgBase64: "data:image/png;base64," + otpData,

15
server/admin/server.go
View File

@@ -10,6 +10,7 @@ import (
"github.com/arl/statsviz"
"github.com/bjdgyc/anylink/base"
"github.com/bjdgyc/anylink/dbdata"
"github.com/bjdgyc/anylink/pkg/utils"
"github.com/gorilla/handlers"
"github.com/gorilla/mux"
)
@@ -20,6 +21,14 @@ var UiData embed.FS
func StartAdmin() {
r := mux.NewRouter()
// 所有路由添加安全头
r.Use(func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
utils.SetSecureHeader(w)
w.Header().Set("Server", "AnyLinkAdminOpenSource")
next.ServeHTTP(w, req)
})
})
r.Use(authMiddleware)
r.Use(handlers.CompressHandler)
@@ -88,8 +97,9 @@ func StartAdmin() {
r.HandleFunc("/debug/pprof", location("/debug/pprof/")).Name("debug")
r.PathPrefix("/debug/pprof/").HandlerFunc(pprof.Index).Name("debug")
// statsviz
r.Path("/debug/statsviz/ws").Name("debug").HandlerFunc(statsviz.Ws)
r.PathPrefix("/debug/statsviz/").Name("debug").Handler(statsviz.Index)
srv, _ := statsviz.NewServer() // Create server or handle error
r.Path("/debug/statsviz/ws").Name("debug").HandlerFunc(srv.Ws())
r.PathPrefix("/debug/statsviz/").Name("debug").Handler(srv.Index())
}
base.Info("Listen admin", base.Cfg.AdminAddr)
@@ -120,6 +130,7 @@ func StartAdmin() {
Addr: base.Cfg.AdminAddr,
Handler: r,
TLSConfig: tlsConfig,
ErrorLog: base.GetServerLog(),
}
err := srv.ListenAndServeTLS("", "")
if err != nil {

10
server/base/app_ver.go
View File

@@ -2,6 +2,12 @@ package base
const (
APP_NAME = "AnyLink"
// app版本号
APP_VER = "0.9.3"
)
var (
// APP_VER app版本号
APP_VER = "0.0.1"
// 提交id
CommitId string
BuildDate string
)

22
server/base/cfg.go
View File

@@ -45,10 +45,12 @@ type ServerConfig struct {
FilesPath string `json:"files_path"`
LogPath string `json:"log_path"`
LogLevel string `json:"log_level"`
HttpServerLog bool `json:"http_server_log"`
Pprof bool `json:"pprof"`
Issuer string `json:"issuer"`
AdminUser string `json:"admin_user"`
AdminPass string `json:"admin_pass"`
AdminOtp string `json:"admin_otp"`
JwtSecret string `json:"jwt_secret"`
LinkMode string `json:"link_mode"` // tun tap macvtap ipvtap
@@ -69,6 +71,7 @@ type ServerConfig struct {
Mtu int `json:"mtu"`
DefaultDomain string `json:"default_domain"`
IdleTimeout int `json:"idle_timeout"` // in seconds
SessionTimeout int `json:"session_timeout"` // in seconds
// AuthTimeout int `json:"auth_timeout"` // in seconds
AuditInterval int `json:"audit_interval"` // in seconds
@@ -78,7 +81,8 @@ type ServerConfig struct {
Compression bool `json:"compression"` // bool
NoCompressLimit int `json:"no_compress_limit"` // int
DisplayError bool `json:"display_error"`
DisplayError bool `json:"display_error"`
ExcludeExportIp bool `json:"exclude_export_ip"`
}
func initServerCfg() {
@@ -152,6 +156,7 @@ type SCfg struct {
Env string `json:"env"`
Info string `json:"info"`
Data interface{} `json:"data"`
Val interface{} `json:"default"`
}
func ServerCfg2Slice() []SCfg {
@@ -166,18 +171,27 @@ func ServerCfg2Slice() []SCfg {
field := typ.Field(i)
value := s.Field(i)
tag := field.Tag.Get("json")
usage, env := getUsageEnv(tag)
usage, env, val := getUsageEnv(tag)
datas = append(datas, SCfg{Name: tag, Env: env, Info: usage, Data: value.Interface()})
datas = append(datas, SCfg{Name: tag, Env: env, Info: usage, Data: value.Interface(), Val: val})
}
return datas
}
func getUsageEnv(name string) (usage, env string) {
func getUsageEnv(name string) (usage, env string, val interface{}) {
for _, v := range configs {
if v.Name == name {
usage = v.Usage
if v.Typ == cfgStr {
val = v.ValStr
}
if v.Typ == cfgInt {
val = v.ValInt
}
if v.Typ == cfgBool {
val = v.ValBool
}
}
}

58
server/base/cmd.go
View File

@@ -1,23 +1,25 @@
package base
import (
"errors"
"fmt"
"io"
"os"
"reflect"
"runtime"
"strings"
"github.com/bjdgyc/anylink/pkg/utils"
"github.com/skip2/go-qrcode"
"github.com/spf13/cobra"
"github.com/spf13/viper"
"github.com/xlzd/gotp"
)
var (
// 提交id
CommitId string
// pass明文
passwd string
// 生成otp
otp bool
// 生成密钥
secret bool
// 显示版本信息
@@ -56,8 +58,28 @@ func execute() {
}
if !runSrv {
if debug {
scfgData := ServerCfg2Slice()
fmtStr := "%-18v %-23v %-20v %v\n"
fmt.Printf(fmtStr, "Name", "Env", "Value", "Info")
for _, v := range scfgData {
if v.Name == "admin_pass" || v.Name == "jwt_secret" {
v.Val = "******"
}
fmt.Printf(fmtStr, v.Name, v.Env, v.Val, v.Info)
}
}
os.Exit(0)
}
// 移动配置解析代码
conf := linkViper.GetString("conf")
linkViper.SetConfigFile(conf)
err = linkViper.ReadInConfig()
if err != nil {
// 没有配置文件,直接报错
panic("config file err:" + err.Error())
}
}
func initCmd() {
@@ -80,7 +102,6 @@ func initCmd() {
linkViper.SetEnvPrefix("link")
// 基础配置
for _, v := range configs {
if v.Typ == cfgStr {
rootCmd.Flags().StringP(v.Name, v.Short, v.ValStr, v.Usage)
@@ -102,19 +123,6 @@ func initCmd() {
cobra.OnInitialize(func() {
linkViper.AutomaticEnv()
conf := linkViper.GetString("conf")
_, err := os.Stat(conf)
if errors.Is(err, os.ErrNotExist) {
// 没有配置文件,不做处理
panic(err)
}
linkViper.SetConfigFile(conf)
err = linkViper.ReadInConfig()
if err != nil {
fmt.Println("Using config file:", err)
}
})
}
@@ -128,9 +136,12 @@ func initToolCmd() *cobra.Command {
toolCmd.Flags().BoolVarP(&rev, "version", "v", false, "display version info")
toolCmd.Flags().BoolVarP(&secret, "secret", "s", false, "generate a random jwt secret")
toolCmd.Flags().StringVarP(&passwd, "passwd", "p", "", "convert the password plaintext")
toolCmd.Flags().BoolVarP(&otp, "otp", "o", false, "generate a random otp secret")
toolCmd.Flags().BoolVarP(&debug, "debug", "d", false, "list the config viper.Debug() info")
toolCmd.Run = func(cmd *cobra.Command, args []string) {
runSrv = false
switch {
case rev:
printVersion()
@@ -138,11 +149,18 @@ func initToolCmd() *cobra.Command {
s, _ := utils.RandSecret(40, 60)
s = strings.Trim(s, "=")
fmt.Printf("Secret:%s\n", s)
case otp:
s := gotp.RandomSecret(32)
fmt.Printf("Otp:%s\n\n", s)
qrstr := fmt.Sprintf("otpauth://totp/%s:%s?issuer=%s&secret=%s", "anylink_admin", "admin@anylink", "anylink_admin", s)
qr, _ := qrcode.New(qrstr, qrcode.High)
ss := qr.ToSmallString(false)
io.WriteString(os.Stderr, ss)
case passwd != "":
pass, _ := utils.PasswordHash(passwd)
fmt.Printf("Passwd:%s\n", pass)
case debug:
linkViper.Debug()
// linkViper.Debug()
default:
fmt.Println("Using [anylink tool -h] for help")
}
@@ -152,6 +170,6 @@ func initToolCmd() *cobra.Command {
}
func printVersion() {
fmt.Printf("%s v%s build on %s [%s, %s] commit_id(%s) \n",
APP_NAME, APP_VER, runtime.Version(), runtime.GOOS, runtime.GOARCH, CommitId)
fmt.Printf("%s v%s build on %s [%s, %s] date:%s commit_id(%s)\n",
APP_NAME, APP_VER, runtime.Version(), runtime.GOOS, runtime.GOARCH, BuildDate, CommitId)
}

24
server/base/config.go
View File

@@ -22,9 +22,9 @@ type config struct {
var configs = []config{
{Typ: cfgStr, Name: "conf", Usage: "config file", ValStr: "./conf/server.toml", Short: "c"},
{Typ: cfgStr, Name: "profile", Usage: "profile.xml file", ValStr: "./conf/profile.xml"},
{Typ: cfgStr, Name: "server_addr", Usage: "服务监听地址", ValStr: ":443"},
{Typ: cfgBool, Name: "server_dtls", Usage: "开启DTLS", ValBool: false},
{Typ: cfgStr, Name: "server_dtls_addr", Usage: "DTLS监听地址", ValStr: ":443"},
{Typ: cfgStr, Name: "server_addr", Usage: "TCP服务监听地址(任意端口)", ValStr: ":443"},
{Typ: cfgBool, Name: "server_dtls", Usage: "开启DTLS", ValBool: true},
{Typ: cfgStr, Name: "server_dtls_addr", Usage: "DTLS监听地址(任意端口)", ValStr: ":443"},
{Typ: cfgStr, Name: "admin_addr", Usage: "后台服务监听地址", ValStr: ":8800"},
{Typ: cfgBool, Name: "proxy_protocol", Usage: "TCP代理协议", ValBool: false},
{Typ: cfgStr, Name: "db_type", Usage: "数据库类型 [sqlite3 mysql postgres]", ValStr: "sqlite3"},
@@ -34,10 +34,12 @@ var configs = []config{
{Typ: cfgStr, Name: "files_path", Usage: "外部下载文件路径", ValStr: "./conf/files"},
{Typ: cfgStr, Name: "log_path", Usage: "日志文件路径,默认标准输出", ValStr: ""},
{Typ: cfgStr, Name: "log_level", Usage: "日志等级 [debug info warn error]", ValStr: "debug"},
{Typ: cfgBool, Name: "pprof", Usage: "开启pprof", ValBool: false},
{Typ: cfgBool, Name: "http_server_log", Usage: "开启go标准库http.Server的日志", ValBool: false},
{Typ: cfgBool, Name: "pprof", Usage: "开启pprof", ValBool: true},
{Typ: cfgStr, Name: "issuer", Usage: "系统名称", ValStr: "XX公司VPN"},
{Typ: cfgStr, Name: "admin_user", Usage: "管理用户名", ValStr: "admin"},
{Typ: cfgStr, Name: "admin_pass", Usage: "管理用户密码", ValStr: defaultPwd},
{Typ: cfgStr, Name: "admin_otp", Usage: "管理用户otp,生成命令 ./anylink tool -o", ValStr: ""},
{Typ: cfgStr, Name: "jwt_secret", Usage: "JWT密钥", ValStr: defaultJwt},
{Typ: cfgStr, Name: "link_mode", Usage: "虚拟网络类型[tun tap macvtap ipvtap]", ValStr: "tun"},
{Typ: cfgStr, Name: "ipv4_master", Usage: "ipv4主网卡名称", ValStr: "eth0"},
@@ -46,19 +48,20 @@ var configs = []config{
{Typ: cfgStr, Name: "ipv4_start", Usage: "IPV4开始地址", ValStr: "192.168.90.100"},
{Typ: cfgStr, Name: "ipv4_end", Usage: "IPV4结束", ValStr: "192.168.90.200"},
{Typ: cfgStr, Name: "default_group", Usage: "默认用户组", ValStr: "one"},
{Typ: cfgStr, Name: "default_domain", Usage: "要发布的默认域", ValStr: ""},
{Typ: cfgStr, Name: "default_domain", Usage: "客户端dns的默认搜索域", ValStr: ""},
{Typ: cfgInt, Name: "ip_lease", Usage: "IP租期(秒)", ValInt: 86400},
{Typ: cfgInt, Name: "max_client", Usage: "最大用户连接", ValInt: 200},
{Typ: cfgInt, Name: "max_user_client", Usage: "最大单用户连接", ValInt: 3},
{Typ: cfgInt, Name: "cstp_keepalive", Usage: "keepalive时间(秒)", ValInt: 4},
{Typ: cfgInt, Name: "cstp_dpd", Usage: "死链接检测时间(秒)", ValInt: 10},
{Typ: cfgInt, Name: "mobile_keepalive", Usage: "移动端keepalive接检测时间(秒)", ValInt: 7},
{Typ: cfgInt, Name: "mobile_dpd", Usage: "移动端死链接检测时间(秒)", ValInt: 15},
{Typ: cfgInt, Name: "cstp_keepalive", Usage: "keepalive时间(秒)", ValInt: 5},
{Typ: cfgInt, Name: "cstp_dpd", Usage: "死链接检测时间(秒)", ValInt: 12},
{Typ: cfgInt, Name: "mobile_keepalive", Usage: "移动端keepalive接检测时间(秒)", ValInt: 10},
{Typ: cfgInt, Name: "mobile_dpd", Usage: "移动端死链接检测时间(秒)", ValInt: 22},
{Typ: cfgInt, Name: "mtu", Usage: "最大传输单元MTU", ValInt: 1460},
{Typ: cfgInt, Name: "idle_timeout", Usage: "空闲链接超时时间(秒)-超时后断开链接0关闭此功能", ValInt: 1800},
{Typ: cfgInt, Name: "session_timeout", Usage: "session过期时间(秒)-用于断线重连0永不过期", ValInt: 3600},
// {Typ: cfgInt, Name: "auth_timeout", Usage: "auth_timeout", ValInt: 0},
{Typ: cfgInt, Name: "audit_interval", Usage: "审计去重间隔(秒),-1关闭", ValInt: -1},
{Typ: cfgInt, Name: "audit_interval", Usage: "审计去重间隔(秒),-1关闭", ValInt: 600},
{Typ: cfgBool, Name: "show_sql", Usage: "显示sql语句用于调试", ValBool: false},
{Typ: cfgBool, Name: "iptables_nat", Usage: "是否自动添加NAT", ValBool: true},
@@ -66,6 +69,7 @@ var configs = []config{
{Typ: cfgInt, Name: "no_compress_limit", Usage: "低于及等于多少字节不压缩", ValInt: 256},
{Typ: cfgBool, Name: "display_error", Usage: "客户端显示详细错误信息(线上环境慎开启)", ValBool: false},
{Typ: cfgBool, Name: "exclude_export_ip", Usage: "排除出口ip路由(出口ip不加密传输)", ValBool: true},
}
var envs = map[string]string{}

23
server/base/log.go
View File

@@ -28,6 +28,10 @@ var (
logName = "anylink.log"
)
func init() {
log.SetFlags(log.LstdFlags | log.Lshortfile)
}
// 实现 os.Writer 接口
type logWriter struct {
UseStdout bool
@@ -77,15 +81,28 @@ func initLog() {
baseLw.newFile()
baseLevel = logLevel2Int(Cfg.LogLevel)
baseLog = log.New(baseLw, "", log.LstdFlags|log.Lshortfile)
serverLog = log.New(&sLogWriter{}, "[http_server]", log.LstdFlags|log.Lshortfile)
}
func GetBaseLw() *logWriter {
return baseLw
}
var serverLog *log.Logger
type sLogWriter struct{}
func (w *sLogWriter) Write(p []byte) (n int, err error) {
if Cfg.HttpServerLog {
return os.Stderr.Write(p)
}
return 0, nil
}
// 获取 log.Logger
func GetBaseLog() *log.Logger {
return baseLog
func GetServerLog() *log.Logger {
return serverLog
}
func GetLogLevel() int {
@@ -103,7 +120,7 @@ func logLevel2Int(l string) int {
}
lvl := LogLevelInfo
for k, v := range levels {
if strings.EqualFold(strings.ToLower(l), strings.ToLower(v)) {
if strings.ToLower(l) == strings.ToLower(v) {
lvl = k
}
}

82
server/base/mod.go Normal file
View File

@@ -0,0 +1,82 @@
package base
import (
"bufio"
"fmt"
"log"
"os"
"os/exec"
"strings"
)
const (
procModulesPath = "/proc/modules"
inContainerKey = "ANYLINK_IN_CONTAINER"
tunPath = "/dev/net/tun"
)
var (
InContainer = false
modMap = map[string]struct{}{}
)
func initMod() {
container := os.Getenv(inContainerKey)
if container == "true" {
InContainer = true
}
log.Println("InContainer", InContainer)
file, err := os.Open(procModulesPath)
if err != nil {
err = fmt.Errorf("[ERROR] Problem with open file: %s", err)
panic(err)
}
defer file.Close()
scanner := bufio.NewScanner(file)
scanner.Split(bufio.ScanLines)
for scanner.Scan() {
splited := strings.Split(scanner.Text(), " ")
if len(splited[0]) > 0 {
modMap[splited[0]] = struct{}{}
}
}
}
func CheckModOrLoad(mod string) {
log.Println("CheckModOrLoad", mod)
if _, ok := modMap[mod]; ok {
return
}
var err error
if mod == "tun" || mod == "tap" {
_, err = os.Stat(tunPath)
if err == nil {
// 文件存在
return
}
err = fmt.Errorf("[error] Linux tunFile is null %s", tunPath)
log.Println(err)
return
// panic(err)
}
if InContainer {
err = fmt.Errorf("[error] Linux module %s is not loaded, please run `modprobe %s`", mod, mod)
log.Println(err)
return
// panic(err)
}
cmdstr := fmt.Sprintln("modprobe", mod)
cmd := exec.Command("sh", "-c", cmdstr)
b, err := cmd.CombinedOutput()
if err != nil {
log.Println(string(b))
panic(err)
}
}

1
server/base/start.go
View File

@@ -4,6 +4,7 @@ func Start() {
execute()
initCfg()
initLog()
initMod()
}
func Test() {

2
server/conf/files/info.txt
View File

@@ -1,2 +1,2 @@
客户端软件需放置在files目录内
如需要帮助请加QQ群567510628
如需要帮助请加QQ群567510628 、739072205

13
server/conf/profile.xml
View File

@@ -8,6 +8,7 @@
<RestrictPreferenceCaching>false</RestrictPreferenceCaching>
<RestrictTunnelProtocols>IPSec</RestrictTunnelProtocols>
<BypassDownloader>true</BypassDownloader>
<AutoUpdate UserControllable="false">false</AutoUpdate>
<WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>
<LinuxVPNEstablishment>AllowRemoteUsers</LinuxVPNEstablishment>
<CertEnrollmentPin>pinAllowed</CertEnrollmentPin>
@@ -20,15 +21,19 @@
</ExtendedKeyUsage>
</CertificateMatch>
<BackupServerList>
<HostAddress>localhost</HostAddress>
</BackupServerList>
</ClientInitialization>
<ServerList>
<HostEntry>
<HostName>VPN Server</HostName>
<HostName>VPN</HostName>
<HostAddress>localhost</HostAddress>
</HostEntry>
<HostEntry>
<HostName>VPN2</HostName>
<HostAddress>localhost2</HostAddress>
</HostEntry>
</ServerList>
</AnyConnectProfile>

31
server/conf/server-sample.toml
View File

@@ -7,7 +7,7 @@
db_type = "sqlite3"
db_source = "./conf/anylink.db"
#证书文件 使用跟nginx一样的证书即可
cert_file = "./conf/vpn_cert.crt"
cert_file = "./conf/vpn_cert.pem"
cert_key = "./conf/vpn_cert.key"
files_path = "./conf/files"
profile = "./conf/profile.xml"
@@ -15,7 +15,7 @@ profile = "./conf/profile.xml"
#log_path = "./log"
log_path = ""
log_level = "debug"
pprof = false
pprof = true
#系统名称
issuer = "XX公司VPN"
@@ -23,19 +23,24 @@ issuer = "XX公司VPN"
admin_user = "admin"
#pass 123456
admin_pass = "$2a$10$UQ7C.EoPifDeJh6d8.31TeSPQU7hM/NOM2nixmBucJpAuXDQNqNke"
# 留空表示不开启 otp, 开启otp后密码为 pass + 6位otp
# 生成 ./anylink tool -o
admin_otp = ""
jwt_secret = "abcdef.0123456789.abcdef"
#服务监听地址
#TCP服务监听地址(任意端口)
server_addr = ":443"
#开启 DTLS, 默认关闭
server_dtls = false
#开启 DTLS
server_dtls = true
#UDP监听地址(任意端口)
server_dtls_addr = ":443"
#后台服务监听地址
admin_addr = ":8800"
#开启tcp proxy protocol协议
proxy_protocol = false
#虚拟网络类型[tun macvtap tap]
link_mode = "tun"
#客户端分配的ip地址池
@@ -46,7 +51,7 @@ ipv4_start = "192.168.90.100"
ipv4_end = "192.168.90.200"
#最大客户端数量
max_client = 100
max_client = 200
#单个用户同时在线数量
max_user_client = 3
#IP租期(秒)
@@ -56,22 +61,24 @@ ip_lease = 86400
default_group = "one"
#客户端失效检测时间(秒) dpd > keepalive
cstp_keepalive = 6
cstp_dpd = 10
mobile_keepalive = 15
mobile_dpd = 20
cstp_keepalive = 5
cstp_dpd = 12
mobile_keepalive = 10
mobile_dpd = 22
#设置最大传输单元
mtu = 1460
# 要发布的默认域
# 客户端dns的默认搜索
default_domain = "example.com"
#default_domain = "example.com abc.example.com"
#空闲链接超时时间(秒)-超时后断开链接0关闭此功能
idle_timeout = 1800
#session过期时间用于断线重连0永不过期
session_timeout = 3600
auth_timeout = 0
audit_interval = -1
audit_interval = 600
show_sql = false

19
server/conf/server.toml
View File

@@ -7,7 +7,7 @@
db_type = "sqlite3"
db_source = "./conf/anylink.db"
#证书文件
cert_file = "./conf/vpn_cert.crt"
cert_file = "./conf/vpn_cert.pem"
cert_key = "./conf/vpn_cert.key"
files_path = "./conf/files"
log_level = "debug"
@@ -18,14 +18,27 @@ issuer = "XX公司VPN"
admin_user = "admin"
#pass 123456
admin_pass = "$2a$10$UQ7C.EoPifDeJh6d8.31TeSPQU7hM/NOM2nixmBucJpAuXDQNqNke"
# 留空表示不开启 otp, 开启otp后密码为 pass + 6位otp
# 生成 ./anylink tool -o
admin_otp = ""
jwt_secret = "abcdef.0123456789.abcdef"
#服务监听地址
#TCP服务监听地址(任意端口)
server_addr = ":443"
#开启 DTLS
server_dtls = true
#UDP监听地址(任意端口)
server_dtls_addr = ":443"
#后台服务监听地址
admin_addr = ":8800"
#最大客户端数量
max_client = 200
#单个用户同时在线数量
max_user_client = 3
#虚拟网络类型[tun macvtap]
link_mode = "tun"
#客户端分配的ip地址池
ipv4_master = "eth0"
ipv4_cidr = "192.168.90.0/24"
@@ -38,6 +51,6 @@ iptables_nat = true
#客户端显示详细错误信息(线上环境慎开启)
display_error = false
display_error = true

61
server/conf/vpn_cert.crt
View File

@@ -1,61 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIF9jCCBN6gAwIBAgIQAuUy6Rv6Bo3nDXn5FackbDANBgkqhkiG9w0BAQsFADBu
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMS0wKwYDVQQDEyRFbmNyeXB0aW9uIEV2ZXJ5d2hlcmUg
RFYgVExTIENBIC0gRzEwHhcNMjMwMTAzMDAwMDAwWhcNMjQwMTAzMjM1OTU5WjAc
MRowGAYDVQQDExF2cG4udGVzdC52cWlsdS5jbjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANJAJPYBvOP/7v8SgMIkVLIulN/ziPALvFcEwVnQDImUIky8
4udy0fmvJ2E3E3NL6Qv14ZHDGtH7CafukimNWTT2BVmQBYiO1ZlUkHcHUX4IoYEh
egdy2xw0WwknJWTOyvkRkeDhtT9QUpA/zeemS4q1TG95zRDf5htUR4OMZXsZpkQ2
bkSgnLtdyUmw2nhfSWgsD9fbwr6WnOx/swsUe52N3sIDZ6JTgn3N7xeT3/lVJKVN
wyYkZldialmRzrs6btr3mmnqpWObcc4FvKr/CLmoOSXl0I1wWsr+HnQ4X9hHsJUk
jk3EZKfhH3mM37HF8apqztb6WjC3R96Zam6Z8bMCAwEAAaOCAuAwggLcMB8GA1Ud
IwQYMBaAFFV0T7JyT/VgulDR1+ZRXJoBhxrXMB0GA1UdDgQWBBSUpPcW3emC2l0o
q6qRBOBDMjQ2rDAcBgNVHREEFTATghF2cG4udGVzdC52cWlsdS5jbjAOBgNVHQ8B
Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD4GA1UdIAQ3
MDUwMwYGZ4EMAQIBMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQu
Y29tL0NQUzCBgAYIKwYBBQUHAQEEdDByMCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz
cC5kaWdpY2VydC5jb20wSgYIKwYBBQUHMAKGPmh0dHA6Ly9jYWNlcnRzLmRpZ2lj
ZXJ0LmNvbS9FbmNyeXB0aW9uRXZlcnl3aGVyZURWVExTQ0EtRzEuY3J0MAkGA1Ud
EwQCMAAwggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB2AO7N0GTV2xrOxVy3nbTN
E6Iyh0Z8vOzew1FIWUZxH7WbAAABhXXkyXMAAAQDAEcwRQIgVhLvLOPcW0V1xhBv
5KSeqGHbAnRVhew3kutV3Bu1x+ICIQCbYjRtmkDo1hx6p0YNdNfkZ3N5u+syVjwH
Al3a9NpVxgB1AEiw42vapkc0D+VqAvqdMOscUgHLVt0sgdm7v6s52IRzAAABhXXk
yY4AAAQDAEYwRAIgcuscG2kkSGNvAsVH9CAtXjNUwk9UJriY0+3OtQ4WVrMCIAsC
CkqEI1Ek5M26yrWt0Q7+u+UZ8rXhfYu3kcMMq7PVAHYAO1N3dT4tuYBOizBbBv5A
O2fYT8P0x70ADS1yb+H61BcAAAGFdeTJkAAABAMARzBFAiAEJbJTN8hrRUZ6UaaD
2TlyDQfzUvTkex0XGT6PGKHkagIhAJ+Kg6tdt/csKde2vdweu+dT01fzg/fq4q3o
mjfPhFm1MA0GCSqGSIb3DQEBCwUAA4IBAQAKFTUHbpgKsXARCBIIfEZGqkOvaafm
QaoNodc6cj0+LJCbuMzrTlkzmII0X/U52MBG8JCEIO8BPe5R4NIFqqaE066zQANq
HOsROOJi2A+WTTZcSEHbH3uhdVwcEQHvDzaOEEJc9Ilz6pdYsrv+trOmeR5PeIxv
t1jQacSwN1z6z0N4CRjBpePV/9nwETkEaKjQuXSoYlN+pczK/4nX2W9+E/OnwtZs
ScyFffPtTLHf1u4eSYuBT/AdwaKHXetxWzh98GP9LRfQhm63Gs+/WcloYl489dG/
FOFjch2TdmrPcUwxxGEbbPt3zXRxSVlzvIaf4gTUl2+PsKwbKy/w4OLS
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEqjCCA5KgAwIBAgIQAnmsRYvBskWr+YBTzSybsTANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
QTAeFw0xNzExMjcxMjQ2MTBaFw0yNzExMjcxMjQ2MTBaMG4xCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xLTArBgNVBAMTJEVuY3J5cHRpb24gRXZlcnl3aGVyZSBEViBUTFMgQ0EgLSBH
MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALPeP6wkab41dyQh6mKc
oHqt3jRIxW5MDvf9QyiOR7VfFwK656es0UFiIb74N9pRntzF1UgYzDGu3ppZVMdo
lbxhm6dWS9OK/lFehKNT0OYI9aqk6F+U7cA6jxSC+iDBPXwdF4rs3KRyp3aQn6pj
pp1yr7IB6Y4zv72Ee/PlZ/6rK6InC6WpK0nPVOYR7n9iDuPe1E4IxUMBH/T33+3h
yuH3dvfgiWUOUkjdpMbyxX+XNle5uEIiyBsi4IvbcTCh8ruifCIi5mDXkZrnMT8n
wfYCV6v6kDdXkbgGRLKsR4pucbJtbKqIkUGxuZI2t7pfewKRc5nWecvDBZf3+p1M
pA8CAwEAAaOCAU8wggFLMB0GA1UdDgQWBBRVdE+yck/1YLpQ0dfmUVyaAYca1zAf
BgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8EBAMCAYYw
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8C
AQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp
Y2VydC5jb20wQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQu
Y29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDBMBgNVHSAERTBDMDcGCWCGSAGG
/WwBAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BT
MAgGBmeBDAECATANBgkqhkiG9w0BAQsFAAOCAQEAK3Gp6/aGq7aBZsxf/oQ+TD/B
SwW3AU4ETK+GQf2kFzYZkby5SFrHdPomunx2HBzViUchGoofGgg7gHW0W3MlQAXW
M0r5LUvStcr82QDWYNPaUy4taCQmyaJ+VB+6wxHstSigOlSNF2a6vg4rgexixeiV
4YSB03Yqp2t3TeZHM9ESfkus74nQyW7pRGezj+TC44xCagCQQOzzNmzEAP2SnCrJ
sNE2DpRVMnL8J6xBRdjmOsC3N6cQuKuRXbzByVBjCqAA8t1L0I+9wXJerLPyErjy
rMKWaBFLmfK/AHNF4ZihwPGOc7w6UHczBZXH5RFzJNnww+WnKuTPI0HfnVH8lg==
-----END CERTIFICATE-----

55
server/conf/vpn_cert.key
View File

@@ -1,27 +1,28 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA0kAk9gG84//u/xKAwiRUsi6U3/OI8Au8VwTBWdAMiZQiTLzi
53LR+a8nYTcTc0vpC/XhkcMa0fsJp+6SKY1ZNPYFWZAFiI7VmVSQdwdRfgihgSF6
B3LbHDRbCSclZM7K+RGR4OG1P1BSkD/N56ZLirVMb3nNEN/mG1RHg4xlexmmRDZu
RKCcu13JSbDaeF9JaCwP19vCvpac7H+zCxR7nY3ewgNnolOCfc3vF5Pf+VUkpU3D
JiRmV2JqWZHOuzpu2veaaeqlY5txzgW8qv8Iuag5JeXQjXBayv4edDhf2EewlSSO
TcRkp+EfeYzfscXxqmrO1vpaMLdH3plqbpnxswIDAQABAoIBAGKKzugAi4Q/Vch2
ZyPXPF0hCQToE3QSxAzy/R53rRCkfekClMTO44xHpEjjs/mTiCBjd3xGeiEVrIJp
hlb0WW3Bq2M9ZeKJs6JAaM9o/jB4oh2wT44DLqALB+oDz3puk+Jl8j34++a3YmMa
jIq4veo+rBsJduwkTKjdeQE2ge/ODZEQ6bUmSjYo1P9LNGEyO2wmcVk+jHx0zBi7
8fR3oY03Io+byuN0494Di1m3IpIdj3ma0MV5zJf31urLXqqYtOApouWL/yhZOIuo
YW+mcuS7ZgK5FsqrUm0vGBcf24GcKhhlBlUu0mfLrCRrWLDsqJDQ/8alvuNP0IVm
gqz0H5UCgYEA8yaKzMfkeRXSTERt6NZHo/8ShIn26Yf+pMDpVdYKfVBL254vGTeq
B+LQhDpxZV1iMr1FNvkhHtNGQ74ZbWOj4+5Xjsllaw1ao2iGp1w/chuJ6FG/Go4q
9FaY3eGiCqRJOQNivBxU/D7sN0y4b48HAEQdmp516pItlGtG+C8TY38CgYEA3VyD
6EczHdAmPO7bdbYn/irfe78so1lHT04P0FiVg2W77ZKuQINTNDK9w/alYyZ2tH1b
N2JznulJ6UDcl4xw43xJixxhme2jWPaYzmQUuQHviZ0D0tCgmOkN8bUnc9LSvEGA
SnaiKbOtUfP8Z3c/mF997wuFNfdmhww8LBpbO80CgYEAmdRKf9/+5bQuhd3NAz99
t31KQ9vdAEXvjmAVvx5ZKIrCU0EyXuvegHq4nM80qoJ3+83Omkbm80+K5pTAFXqy
VyOU9Vro9N9P9o3MktlDsndFulrtYmmLN2YJ9GYpVD43rQA9WPE7uxI784hwLvP3
4+00JXwW8b5lY76y+ZUe2RUCgYEAt6BQN/YgPCH4JmHKIWp64If2HbQntlWQJwRN
b/qcBIT3EQu1iwSll85jxtSqu4YjwHOgoGAGI5PIYTsSApFY8AyhAUoI2OTdtSXS
+prg6dvmNhTPICk6n73seE5bLOR9NfdsEdk5ijhnlW09OyMb2S2VzR+UYIEbRvnq
THeMqR0CgYEAwQ9aAIGD4t4DXjHHtz6Wqpbq6jj6mmYBsL9jqRgu8ASj1/THgWWn
iUrlCbFIXWu2vnP1h0SBV56GA7MSTqAt0ZdTzpI1PRkMOIO9z1dN4Q2R1SEya1eF
7/LPLqJIoLbILGvy6U3DLYdMckPZaoTPf5BNKD52paZcNbjkXTlVLSY=
-----END RSA PRIVATE KEY-----
-----BEGIN PRIVATE KEY-----
MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQDRVjwa+YPKcvKD
2YZJUMPcwXCL32hF9gFTyMFuojpvo/L9C710xkJBNW2ceEcAdYyohBhtylbCFKUy
QpDRJsAmRiWL5zSjfeds4bVEInmXvF+Ga9FuN/o/R27/kyrejBVd7u9AKzg9k5vI
/4FhXFMivZgwghaSiJkVHJG6ehmCVGR11A5LUIjrub+iYJfaS2dl4WVxn9kyYRuO
NU0nDMInWE6F+dVa57HEUEOolDEmr9R+N5XIXYfXwE4W4Xj/5CL+mBLME+OaADK8
RE9dPomgk3Vqc/s8thllyztqR/TfQIwCwmQNf+UB5DIWr5iYDsX4rU3hswJQUCTQ
CLNEcdStAgMBAAECgf97UHp7u8+x4lz6BQB8/c0xHWdAw1clIveZbEVl0hNoVUN/
EKku+q/1Sf+CuhnbgLjT1bkVnnotmVcGeWH2DeCnkMJqHVMOBRb/dso2fw+pCTzY
VofQpmbPy1xCXb6chqrpT3MTaJdI7IrBCNEQ54cOxsojwzp0MfejS/NI41q8iuCS
hVry+VEbmtA22vjwMvsF6NsRKlfc1DUyC/ZoHB91gzKmvLdXBREwBXtdiJfMlu9G
EKH3ORxbcanmdsXWIG84t5M9Sf9L5FZe6tlL4FdoKv25Vxv2z+PVM8Y/0B3IBTCb
yqMK8579PTlHl40WRjSgzpijGvMxuIpgm5KaXQECgYEA7U6lBhRWmPsJRaK0jyAv
qnaC5AbnM8OjIbsDtnQxn0BWvx7aZznxOE4jL0QejUD/gov6yYkNhIu797LzO8Mq
fEqEX7Bp23PfLvybqkyhJWFz26v0erU5q8Rlt648bK7Ul1j8FkmsEN3qu+64c8Fu
pzN081bqOGjEcaCjsHswvkMCgYEA4dOPvYYu8wBfrH3Gn94XHWWVvFMnWErXEOzK
eL0dFg3Ae+y8Sg5x9YTz3XjwyzwcTbrD0zg4huWwmD64BgPcliG7XKA093ea2JIs
Mah5/KTQmltcIut7qUvzwwbQVfN3xTwWzd7eDtEIAeFZ8r/HzJM6X21b/LaQIXUY
Gb7dik8CgYAaaUxYlt7ke9wWUfuCinSDplj/A/2rdzSqxmOtZNU5AjIlZ0urfXlp
aNjlo9E6q2dEokuxLn3AqMSs1s/XcOtDlg+RjtLZR9YpJpg0pf6xaF06r7KwDYdz
pJIllVDIT9T9WzwDRwPNhMVhUTpaN8cW+NUlWCENUiu68cQGGk/cfQKBgEmvRk+I
4PjZPl6CC7VOOiyVYO46E7RzdwlGuin7SupPQmctL6LaY8TAxPGW7LrjujiCoDLj
PU6G08BZdqI/0FIMX54xiBbXJ+dSiqkJWARfotE6zi12uLrc1YTlTEU/U+0/VhGG
jt42xm4WocrbWM4fnARXIpSq3QyNsHd2F8NxAoGBAMEcT0mFQ0J7HCQ+zL36ogGv
Bc/N6WR0xSEBQVG9D4iysxX4XyJukCuUCvMIbsBj5IVAVBlMNxfDtL/kD6tgy0L7
tdN7nOaYgnqTyZfQItz92cQ6oiIqW7GPJA5ATJe1fxXINjcP6EkRDAfACBW7/l85
Cd/yRpaOSMPbqKO1OOSn
-----END PRIVATE KEY-----

67
server/conf/vpn_cert.pem Normal file
View File

@@ -0,0 +1,67 @@
-----BEGIN CERTIFICATE-----
MIIGbTCCBNWgAwIBAgIQIodwqN03+Y3aYpdvfq2qKTANBgkqhkiG9w0BAQwFADBZ
MQswCQYDVQQGEwJDTjElMCMGA1UEChMcVHJ1c3RBc2lhIFRlY2hub2xvZ2llcywg
SW5jLjEjMCEGA1UEAxMaVHJ1c3RBc2lhIFJTQSBEViBUTFMgQ0EgRzIwHhcNMjQw
MTIyMDAwMDAwWhcNMjUwMTIxMjM1OTU5WjAcMRowGAYDVQQDExF2cG4udGVzdC52
cWlsdS5jbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANFWPBr5g8py
8oPZhklQw9zBcIvfaEX2AVPIwW6iOm+j8v0LvXTGQkE1bZx4RwB1jKiEGG3KVsIU
pTJCkNEmwCZGJYvnNKN952zhtUQieZe8X4Zr0W43+j9Hbv+TKt6MFV3u70ArOD2T
m8j/gWFcUyK9mDCCFpKImRUckbp6GYJUZHXUDktQiOu5v6Jgl9pLZ2XhZXGf2TJh
G441TScMwidYToX51VrnscRQQ6iUMSav1H43lchdh9fAThbheP/kIv6YEswT45oA
MrxET10+iaCTdWpz+zy2GWXLO2pH9N9AjALCZA1/5QHkMhavmJgOxfitTeGzAlBQ
JNAIs0Rx1K0CAwEAAaOCAuwwggLoMB8GA1UdIwQYMBaAFF86fBEQfgxncWHci6O1
AANn9VccMB0GA1UdDgQWBBRDRfNBNYRlLb4V1MRTnU+bUVnvnDAOBgNVHQ8BAf8E
BAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwSQYDVR0gBEIwQDA0BgsrBgEEAbIxAQICMTAlMCMGCCsGAQUFBwIBFhdodHRw
czovL3NlY3RpZ28uY29tL0NQUzAIBgZngQwBAgEwfQYIKwYBBQUHAQEEcTBvMEIG
CCsGAQUFBzAChjZodHRwOi8vY3J0LnRydXN0LXByb3ZpZGVyLmNuL1RydXN0QXNp
YVJTQURWVExTQ0FHMi5jcnQwKQYIKwYBBQUHMAGGHWh0dHA6Ly9vY3NwLnRydXN0
LXByb3ZpZGVyLmNuMBwGA1UdEQQVMBOCEXZwbi50ZXN0LnZxaWx1LmNuMIIBfwYK
KwYBBAHWeQIEAgSCAW8EggFrAWkAdgDPEVbu1S58r/OHW9lpLpvpGnFnSrAX7KwB
0lt3zsw7CAAAAY0v95Z6AAAEAwBHMEUCIDbFVgzV1DDvqTq6UnYisMqAEJn1cR+d
mc+agwaOuRbrAiEAz3W2HooNcKqADX9QyK8xQQ8r9BQKVCQzF76g9AZKeDoAdwCi
4wrkRe+9rZt+OO1HZ3dT14JbhJTXK14bLMS5UKRH5wAAAY0v95ZkAAAEAwBIMEYC
IQCWVxDjciJ/KMbwbqMbEZdsDq0nCrotlPhIBb5wFBurVgIhAOgnw3nqSqFYRm8y
OL3nz8rop0V5IEtgiNarOqMfLf33AHYATnWjJ1yaEMM4W2zU3z9S6x3w4I4bjWnA
sfpksWKaOd8AAAGNL/eWFwAABAMARzBFAiBB+V0NBebuCniZVuin5OaMYvWyNvRd
NJ6hRmLbSKQAwwIhAKrPRrAP3An/9HSrFN/70eEK5DHT8+q8m0L5tc0+TckmMA0G
CSqGSIb3DQEBDAUAA4IBgQCB65Q0V6Mewca0iVCxLJxczu6XYCCwsUzJiTWYjao3
XZVe8yB4RhAimsUY+U3nXIL3RivkJydqfOO9N5APWndDgbtS4r55TFdscDUDmzsR
S5kYCoEudbDWT89U+tHMOxzUKkb3nDA0WvJEN52CAanYO3blihnX3eX7enQMGtsM
gfDrArcQyS+WMKUkyOlNysqGtj3XWYKssBPrX/0GqMimoeYkg+B4daBTbOVB6sKs
+USnmhI2MF3QUxn0+fC207HbSDj7s4a6npjg5KsL0zUsFrNZlMH30Tx2L0WuI1T7
65lKHaKt8CyuL/YTjD5lAGYtJ+K9ypl5sBUFCXeW1lazTocjDa2CKv3WV+kVBhyO
2nA2Lo4e643YXwXw98+ufU2U9yUjn1OrhsUXo3qaxETGVMumRwubtX4O2dUKnYGF
xBxfHzXJKhZjX+U2ENIwsrm7pp3dcpIZqKxPCeowU5Ma9tvYpM7kgDhploMfsVic
H7pWcFY99X5nMwJoDDBYomY=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIRALIM7VUuMaC/NDp1KHQ76aswDQYJKoZIhvcNAQELBQAw
ezELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNV
BAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczAeFw0yMjAxMTAwMDAwMDBaFw0y
ODEyMzEyMzU5NTlaMFkxCzAJBgNVBAYTAkNOMSUwIwYDVQQKExxUcnVzdEFzaWEg
VGVjaG5vbG9naWVzLCBJbmMuMSMwIQYDVQQDExpUcnVzdEFzaWEgUlNBIERWIFRM
UyBDQSBHMjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKjGDe0GSaBs
Yl/VhMaTM6GhfR1TAt4mrhN8zfAMwEfLZth+N2ie5ULbW8YvSGzhqkDhGgSBlafm
qq05oeESrIJQyz24j7icGeGyIZ/jIChOOvjt4M8EVi3O0Se7E6RAgVYcX+QWVp5c
Sy+l7XrrtL/pDDL9Bngnq/DVfjCzm5ZYUb1PpyvYTP7trsV+yYOCNmmwQvB4yVjf
IIpHC1OcsPBntMUGeH1Eja4D+qJYhGOxX9kpa+2wTCW06L8T6OhkpJWYn5JYiht5
8exjAR7b8Zi3DeG9oZO5o6Qvhl3f8uGU8lK1j9jCUN/18mI/5vZJ76i+hsgdlfZB
Rh5lmAQjD80M9TY+oD4MYUqB5XrigPfFAUwXFGehhlwCVw7y6+5kpbq/NpvM5Ba8
SeQYUUuMA8RXpTtGlrrTPqJryfa55hTuX/ThhX4gcCVkbyujo0CYr+Uuc14IOyNY
1fD0/qORbllbgV41wiy/2ZUWZQUodqHWkjT1CwIMbQOY5jmrSYGBwwIDAQABo4IB
JjCCASIwHwYDVR0jBBgwFoAUoBEKIz6W8Qfs4q8p74Klf9AwpLQwHQYDVR0OBBYE
FF86fBEQfgxncWHci6O1AANn9VccMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8E
CDAGAQH/AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAiBgNVHSAE
GzAZMA0GCysGAQQBsjEBAgIxMAgGBmeBDAECATBDBgNVHR8EPDA6MDigNqA0hjJo
dHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNy
bDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9k
b2NhLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAHMUom5cxIje2IiFU7mOCsBr2F6CY
eU5cyfQ/Aep9kAXYUDuWsaT85721JxeXFYkf4D/cgNd9+hxT8ZeDOJrn+ysqR7NO
2K9AdqTdIY2uZPKmvgHOkvH2gQD6jc05eSPOwdY/10IPvmpgUKaGOa/tyygL8Og4
3tYyoHipMMnS4OiYKakDJny0XVuchIP7ZMKiP07Q3FIuSS4omzR77kmc75/6Q9dP
v4wa90UCOn1j6r7WhMmX3eT3Gsdj3WMe9bYD0AFuqa6MDyjIeXq08mVGraXiw73s
Zale8OMckn/BU3O/3aFNLHLfET2H2hT6Wb3nwxjpLIfXmSVcVd8A58XH0g==
-----END CERTIFICATE-----

13
server/dbdata/cert.go
View File

@@ -64,8 +64,7 @@ type DNSProvider struct {
SecretKey string `json:"secretKey"`
} `json:"txcloud"`
CfCloud struct {
AuthEmail string `json:"authEmail"`
AuthKey string `json:"authKey"`
AuthToken string `json:"authToken"`
} `json:"cfcloud"`
}
type LegoUserData struct {
@@ -89,15 +88,15 @@ type LeGoClient struct {
func GetDNSProvider(l *SettingLetsEncrypt) (Provider challenge.Provider, err error) {
switch l.Name {
case "aliyun":
if Provider, err = alidns.NewDNSProviderConfig(&alidns.Config{APIKey: l.DNSProvider.AliYun.APIKey, SecretKey: l.DNSProvider.AliYun.SecretKey, TTL: 600}); err != nil {
if Provider, err = alidns.NewDNSProviderConfig(&alidns.Config{APIKey: l.DNSProvider.AliYun.APIKey, SecretKey: l.DNSProvider.AliYun.SecretKey, PropagationTimeout: 60 * time.Second, PollingInterval: 2 * time.Second, TTL: 600}); err != nil {
return
}
case "txcloud":
if Provider, err = tencentcloud.NewDNSProviderConfig(&tencentcloud.Config{SecretID: l.DNSProvider.TXCloud.SecretID, SecretKey: l.DNSProvider.TXCloud.SecretKey, TTL: 600}); err != nil {
if Provider, err = tencentcloud.NewDNSProviderConfig(&tencentcloud.Config{SecretID: l.DNSProvider.TXCloud.SecretID, SecretKey: l.DNSProvider.TXCloud.SecretKey, PropagationTimeout: 60 * time.Second, PollingInterval: 2 * time.Second, TTL: 600}); err != nil {
return
}
case "cloudflare":
if Provider, err = cloudflare.NewDNSProviderConfig(&cloudflare.Config{AuthEmail: l.DNSProvider.CfCloud.AuthEmail, AuthKey: l.DNSProvider.CfCloud.AuthKey, TTL: 600}); err != nil {
case "cfcloud":
if Provider, err = cloudflare.NewDNSProviderConfig(&cloudflare.Config{AuthToken: l.DNSProvider.CfCloud.AuthToken, PropagationTimeout: 60 * time.Second, PollingInterval: 2 * time.Second, TTL: 600}); err != nil {
return
}
}
@@ -199,7 +198,7 @@ func (c *LeGoClient) NewClient(l *SettingLetsEncrypt) error {
if err != nil {
return err
}
if err := client.Challenge.SetDNS01Provider(Provider, dns01.AddRecursiveNameservers([]string{"114.114.114.114", "114.114.115.115"})); err != nil {
if err := client.Challenge.SetDNS01Provider(Provider, dns01.AddRecursiveNameservers([]string{"223.6.6.6", "223.5.5.5"})); err != nil {
return err
}
if legouser.Registration == nil {

24
server/dbdata/db.go
View File

@@ -101,23 +101,11 @@ func addInitData() error {
// SettingDnsProvider
provider := &SettingLetsEncrypt{
Domain: "vpn.xxx.com",
Legomail: "legomail",
Name: "aliyun",
Renew: false,
DNSProvider: DNSProvider{
AliYun: struct {
APIKey string `json:"apiKey"`
SecretKey string `json:"secretKey"`
}{APIKey: "", SecretKey: ""},
TXCloud: struct {
SecretID string `json:"secretId"`
SecretKey string `json:"secretKey"`
}{SecretID: "", SecretKey: ""},
CfCloud: struct {
AuthEmail string `json:"authEmail"`
AuthKey string `json:"authKey"`
}{AuthEmail: "", AuthKey: ""}},
Domain: "vpn.xxx.com",
Legomail: "legomail",
Name: "aliyun",
Renew: false,
DNSProvider: DNSProvider{},
}
err = SettingSessAdd(sess, provider)
if err != nil {
@@ -191,7 +179,7 @@ const accountMail = `<p>您好:</p>
<ul>
<li>请使用OTP软件扫描动态码二维码</li>
<li>然后使用anyconnect客户端进行登陆</li>
<li>登陆密码为 【PIN码+动态码】</li>
<li>登陆密码为 【PIN码+动态码】(中间没有+号)</li>
</ul>
</div>
<p>

5
server/dbdata/db_orm.go
View File

@@ -75,6 +75,11 @@ func Find(data interface{}, limit, page int) error {
return xdb.Limit(limit, start).Find(data)
}
func FindWhereCount(data interface{}, where string, args ...interface{}) int {
n, _ := xdb.Where(where, args...).Count(data)
return int(n)
}
func FindWhere(data interface{}, limit int, page int, where string, args ...interface{}) error {
if limit == 0 {
return xdb.Where(where, args...).Find(data)

17
server/dbdata/group.go
View File

@@ -117,11 +117,18 @@ func SetGroup(g *Group) error {
continue
}
ipMask, _, err := parseIpNet(v.Val)
ipMask, ipNet, err := parseIpNet(v.Val)
if err != nil {
return errors.New("RouteInclude 错误" + err.Error())
}
// 给Mac系统下发路由时必须是标准的网络地址
if strings.Split(ipMask, "/")[0] != ipNet.IP.String() {
errMsg := fmt.Sprintf("RouteInclude 错误: 网络地址错误,建议: %s 改为 %s", v.Val, ipNet)
return errors.New(errMsg)
}
v.IpMask = ipMask
routeInclude = append(routeInclude, v)
}
@@ -130,10 +137,16 @@ func SetGroup(g *Group) error {
routeExclude := []ValData{}
for _, v := range g.RouteExclude {
if v.Val != "" {
ipMask, _, err := parseIpNet(v.Val)
ipMask, ipNet, err := parseIpNet(v.Val)
if err != nil {
return errors.New("RouteExclude 错误" + err.Error())
}
if strings.Split(ipMask, "/")[0] != ipNet.IP.String() {
errMsg := fmt.Sprintf("RouteInclude 错误: 网络地址错误,建议: %s 改为 %s", v.Val, ipNet)
return errors.New(errMsg)
}
v.IpMask = ipMask
routeExclude = append(routeExclude, v)
}

15
server/dbdata/policy.go
View File

@@ -2,6 +2,7 @@ package dbdata
import (
"errors"
"fmt"
"net"
"strings"
"time"
@@ -31,11 +32,16 @@ func SetPolicy(p *Policy) error {
continue
}
ipMask, _, err := parseIpNet(v.Val)
ipMask, ipNet, err := parseIpNet(v.Val)
if err != nil {
return errors.New("RouteInclude 错误" + err.Error())
}
if strings.Split(ipMask, "/")[0] != ipNet.IP.String() {
errMsg := fmt.Sprintf("RouteInclude 错误: 网络地址错误,建议: %s 改为 %s", v.Val, ipNet)
return errors.New(errMsg)
}
v.IpMask = ipMask
routeInclude = append(routeInclude, v)
}
@@ -45,10 +51,15 @@ func SetPolicy(p *Policy) error {
routeExclude := []ValData{}
for _, v := range p.RouteExclude {
if v.Val != "" {
ipMask, _, err := parseIpNet(v.Val)
ipMask, ipNet, err := parseIpNet(v.Val)
if err != nil {
return errors.New("RouteExclude 错误" + err.Error())
}
if strings.Split(ipMask, "/")[0] != ipNet.IP.String() {
errMsg := fmt.Sprintf("RouteInclude 错误: 网络地址错误,建议: %s 改为 %s", v.Val, ipNet)
return errors.New(errMsg)
}
v.IpMask = ipMask
routeExclude = append(routeExclude, v)
}

8
server/dbdata/policy_test.go
View File

@@ -21,19 +21,19 @@ func TestGetPolicy(t *testing.T) {
err = SetPolicy(&p2)
ast.Nil(err)
route := []ValData{{Val: "192.168.1.1/24"}}
route := []ValData{{Val: "192.168.1.0/24"}}
p3 := Policy{Username: "a3", ClientDns: []ValData{{Val: "114.114.114.114"}}, RouteInclude: route, DsExcludeDomains: "com.cn,qq.com"}
err = SetPolicy(&p3)
ast.Nil(err)
// 判断 IpMask
ast.Equal(p3.RouteInclude[0].IpMask, "192.168.1.1/255.255.255.0")
ast.Equal(p3.RouteInclude[0].IpMask, "192.168.1.0/255.255.255.0")
route2 := []ValData{{Val: "192.168.2.1/24"}}
route2 := []ValData{{Val: "192.168.2.0/24"}}
p4 := Policy{Username: "a4", ClientDns: []ValData{{Val: "114.114.114.114"}}, RouteExclude: route2, DsIncludeDomains: "com.cn,qq.com"}
err = SetPolicy(&p4)
ast.Nil(err)
// 判断 IpMask
ast.Equal(p4.RouteExclude[0].IpMask, "192.168.2.1/255.255.255.0")
ast.Equal(p4.RouteExclude[0].IpMask, "192.168.2.0/255.255.255.0")
// 判断所有数据
var userPolicy *Policy

2
server/dbdata/setting.go
View File

@@ -62,7 +62,7 @@ func SettingSet(data interface{}) error {
func SettingGet(data interface{}) error {
name := StructName(data)
s := &Setting{Name: name}
s := &Setting{}
err := One("name", name, s)
if err != nil {
return err

2
server/dbdata/user.go
View File

@@ -186,7 +186,7 @@ func checkOtp(name, otp, secret string) bool {
totp := gotp.NewDefaultTOTP(secret)
unix := time.Now().Unix()
verify := totp.Verify(otp, int(unix))
verify := totp.Verify(otp, unix)
return verify
}

2
server/dbdata/user_act_log.go
View File

@@ -22,6 +22,7 @@ const (
UserLogoutTimeout = 3 // 用户超时登出
UserLogoutAdmin = 4 // 账号被管理员踢下线
UserLogoutExpire = 5 // 账号过期被踢下线
UserIdleTimeout = 6 // 用户空闲链接超时
)
type UserActLogProcess struct {
@@ -62,6 +63,7 @@ var (
UserLogoutTimeout: "Session过期被踢下线",
UserLogoutAdmin: "账号被管理员踢下线",
UserLogoutExpire: "账号过期被踢下线",
UserIdleTimeout: "用户空闲链接超时",
},
}
)

6
server/dbdata/user_test.go
View File

@@ -17,12 +17,12 @@ func TestCheckUser(t *testing.T) {
// 添加一个组
dns := []ValData{{Val: "114.114.114.114"}}
route := []ValData{{Val: "192.168.1.1/24"}}
route := []ValData{{Val: "192.168.1.0/24"}}
g := Group{Name: group, Status: 1, ClientDns: dns, RouteInclude: route}
err := SetGroup(&g)
ast.Nil(err)
// 判断 IpMask
ast.Equal(g.RouteInclude[0].IpMask, "192.168.1.1/255.255.255.0")
ast.Equal(g.RouteInclude[0].IpMask, "192.168.1.0/255.255.255.0")
// 添加一个用户
u := User{Username: "aaa", Groups: []string{group}, Status: 1}
@@ -59,7 +59,7 @@ func TestCheckUser(t *testing.T) {
}
// 添加用户策略
dns2 := []ValData{{Val: "8.8.8.8"}}
route2 := []ValData{{Val: "192.168.2.1/24"}}
route2 := []ValData{{Val: "192.168.2.0/24"}}
p1 := Policy{Username: "aaa", Status: 1, ClientDns: dns2, RouteInclude: route2}
err = SetPolicy(&p1)
ast.Nil(err)

135
server/go.mod
View File

@@ -1,104 +1,107 @@
module github.com/bjdgyc/anylink
go 1.19
go 1.20
require (
github.com/arl/statsviz v0.5.1
github.com/arl/statsviz v0.6.0
github.com/deckarep/golang-set v1.8.0
github.com/go-acme/lego/v4 v4.10.2
github.com/go-co-op/gocron v1.17.0
github.com/go-acme/lego/v4 v4.15.0
github.com/go-co-op/gocron v1.37.0
github.com/go-ldap/ldap v3.0.3+incompatible
github.com/go-sql-driver/mysql v1.6.0
github.com/gocarina/gocsv v0.0.0-20220712153207-8b2118da4570
github.com/golang-jwt/jwt/v4 v4.2.0
github.com/go-sql-driver/mysql v1.7.1
github.com/gocarina/gocsv v0.0.0-20231116093920-b87c2d0e983a
github.com/golang-jwt/jwt/v4 v4.5.0
github.com/google/gopacket v1.1.19
github.com/gorilla/handlers v1.5.1
github.com/gorilla/mux v1.8.0
github.com/gorilla/handlers v1.5.2
github.com/gorilla/mux v1.8.1
github.com/ivpusic/grpool v1.0.0
github.com/lanrenwo/lzsgo v0.0.2
github.com/lib/pq v1.10.2
github.com/mattn/go-sqlite3 v1.14.9
github.com/lib/pq v1.10.9
github.com/mattn/go-sqlite3 v1.14.22
github.com/orcaman/concurrent-map v1.0.0
github.com/pion/dtls/v2 v2.2.6
github.com/pion/dtls/v2 v2.2.10
github.com/pion/logging v0.2.2
github.com/pires/go-proxyproto v0.6.2
github.com/shirou/gopsutil v3.21.7+incompatible
github.com/pires/go-proxyproto v0.7.0
github.com/shirou/gopsutil v3.21.11+incompatible
github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
github.com/songgao/packets v0.0.0-20160404182456-549a10cd4091
github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8
github.com/spf13/cast v1.3.1
github.com/spf13/cobra v1.2.1
github.com/spf13/viper v1.8.1
github.com/stretchr/testify v1.8.1
github.com/xhit/go-simple-mail/v2 v2.10.0
github.com/xlzd/gotp v0.0.0-20181030022105-c8557ba2c119
github.com/xuri/excelize/v2 v2.6.1
go.uber.org/atomic v1.10.0
golang.org/x/crypto v0.5.0
golang.org/x/net v0.7.0
golang.org/x/text v0.7.0
golang.org/x/time v0.3.0
layeh.com/radius v0.0.0-20210819152912-ad72663a72ab
xorm.io/xorm v1.3.2
github.com/spf13/cast v1.6.0
github.com/spf13/cobra v1.8.0
github.com/spf13/viper v1.18.2
github.com/stretchr/testify v1.8.4
github.com/xhit/go-simple-mail/v2 v2.16.0
github.com/xlzd/gotp v0.1.0
github.com/xuri/excelize/v2 v2.8.0
go.uber.org/atomic v1.11.0
golang.org/x/crypto v0.19.0
golang.org/x/net v0.21.0
golang.org/x/text v0.14.0
golang.org/x/time v0.5.0
layeh.com/radius v0.0.0-20231213012653-1006025d24f8
xorm.io/xorm v1.3.8
)
require (
github.com/aliyun/alibaba-cloud-sdk-go v1.61.1755 // indirect
github.com/cenkalti/backoff/v4 v4.2.0 // indirect
github.com/cloudflare/cloudflare-go v0.49.0 // indirect
github.com/felixge/httpsnoop v1.0.1 // indirect
github.com/go-jose/go-jose/v3 v3.0.0 // indirect
github.com/aliyun/alibaba-cloud-sdk-go v1.62.680 // indirect
github.com/cenkalti/backoff/v4 v4.2.1 // indirect
github.com/cloudflare/cloudflare-go v0.88.0 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/go-jose/go-jose/v3 v3.0.1 // indirect
github.com/go-test/deep v1.1.0 // indirect
github.com/google/go-querystring v1.1.0 // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
github.com/hashicorp/go-retryablehttp v0.7.1 // indirect
github.com/hashicorp/go-retryablehttp v0.7.5 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/kr/text v0.2.0 // indirect
github.com/miekg/dns v1.1.50 // indirect
github.com/pion/transport/v2 v2.0.2 // indirect
github.com/pion/udp/v2 v2.0.1 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.490 // indirect
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.490 // indirect
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
golang.org/x/tools v0.1.12 // indirect
github.com/miekg/dns v1.1.58 // indirect
github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect
github.com/pelletier/go-toml/v2 v2.1.1 // indirect
github.com/pion/transport/v2 v2.2.4 // indirect
github.com/sagikazarmark/locafero v0.4.0 // indirect
github.com/sagikazarmark/slog-shim v0.1.0 // indirect
github.com/sourcegraph/conc v0.3.0 // indirect
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.860 // indirect
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.860 // indirect
github.com/toorop/go-dkim v0.0.0-20240103092955-90b7d1423f92 // indirect
github.com/yusufpapurcu/wmi v1.2.4 // indirect
go.uber.org/multierr v1.11.0 // indirect
golang.org/x/exp v0.0.0-20240213143201-ec583247a57a // indirect
golang.org/x/mod v0.15.0 // indirect
golang.org/x/tools v0.18.0 // indirect
)
require (
github.com/StackExchange/wmi v1.2.1 // indirect
github.com/coreos/go-iptables v0.6.0
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/fsnotify/fsnotify v1.5.4 // indirect
github.com/go-ole/go-ole v1.2.5 // indirect
github.com/goccy/go-json v0.8.1 // indirect
github.com/coreos/go-iptables v0.7.0
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/fsnotify/fsnotify v1.7.0 // indirect
github.com/go-ole/go-ole v1.3.0 // indirect
github.com/goccy/go-json v0.10.2 // indirect
github.com/golang/snappy v0.0.4 // indirect
github.com/gorilla/websocket v1.4.2 // indirect
github.com/gorilla/websocket v1.5.1 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/inconshreveable/mousetrap v1.0.0 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/magiconair/properties v1.8.5 // indirect
github.com/magiconair/properties v1.8.7 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect
github.com/pelletier/go-toml v1.9.3 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/richardlehane/mscfb v1.0.4 // indirect
github.com/richardlehane/msoleps v1.0.3 // indirect
github.com/robfig/cron/v3 v3.0.1 // indirect
github.com/spf13/afero v1.6.0 // indirect
github.com/spf13/jwalterweatherman v1.1.0 // indirect
github.com/spf13/afero v1.11.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/subosito/gotenv v1.2.0 // indirect
github.com/subosito/gotenv v1.6.0 // indirect
github.com/syndtr/goleveldb v1.0.0 // indirect
github.com/tklauser/go-sysconf v0.3.7 // indirect
github.com/tklauser/numcpus v0.2.3 // indirect
github.com/xuri/efp v0.0.0-20220603152613-6918739fd470 // indirect
github.com/xuri/nfp v0.0.0-20220409054826-5e722a1d9e22 // indirect
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect
golang.org/x/sys v0.5.0 // indirect
github.com/tklauser/go-sysconf v0.3.13 // indirect
github.com/tklauser/numcpus v0.7.0 // indirect
github.com/xuri/efp v0.0.0-20231025114914-d1ff6096ae53 // indirect
github.com/xuri/nfp v0.0.0-20230919160717-d98342af3f05 // indirect
golang.org/x/sys v0.17.0 // indirect
gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect
gopkg.in/ini.v1 v1.66.6 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
xorm.io/builder v0.3.11-0.20220531020008-1bd24a7dc978 // indirect
xorm.io/builder v0.3.13 // indirect
)

1259
server/go.sum
View File

File diff suppressed because it is too large Load Diff

43
server/handler/dtls.go
View File

@@ -2,10 +2,13 @@ package handler
import (
"context"
"crypto/rand"
"crypto/rsa"
"crypto/tls"
"encoding/hex"
"errors"
"net"
"strings"
"time"
"github.com/bjdgyc/anylink/base"
@@ -20,10 +23,13 @@ func startDtls() {
return
}
certificate, err := selfsign.GenerateSelfSigned()
// rsa 兼容 open connect
priv, _ := rsa.GenerateKey(rand.Reader, 2048)
certificate, err := selfsign.SelfSign(priv)
if err != nil {
panic(err)
}
logf := logging.NewDefaultLoggerFactory()
logf.Writer = base.GetBaseLw()
// logf.DefaultLogLevel = logging.LogLevelTrace
@@ -34,12 +40,17 @@ func startDtls() {
config := &dtls.Config{
Certificates: []tls.Certificate{certificate},
InsecureSkipVerify: true,
ExtendedMasterSecret: dtls.DisableExtendedMasterSecret,
CipherSuites: []dtls.CipherSuiteID{dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
LoggerFactory: logf,
MTU: BufferSize,
SessionStore: sessStore,
CipherSuites: func() []dtls.CipherSuiteID {
var cs = []dtls.CipherSuiteID{}
for _, vv := range dtlsCipherSuites {
cs = append(cs, vv)
}
return cs
}(),
LoggerFactory: logf,
MTU: BufferSize,
SessionStore: sessStore,
ConnectContextMaker: func() (context.Context, func()) {
return context.WithTimeout(context.Background(), 5*time.Second)
},
@@ -98,3 +109,23 @@ func (ms *sessionStore) Get(key []byte) (dtls.Session, error) {
func (ms *sessionStore) Del(key []byte) error {
return nil
}
// 客户端和服务端映射 X-DTLS12-CipherSuite
var dtlsCipherSuites = map[string]dtls.CipherSuiteID{
// "ECDHE-ECDSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
// "ECDHE-ECDSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
"ECDHE-RSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
"ECDHE-RSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
}
func checkDtls12Ciphersuite(ciphersuite string) string {
csArr := strings.Split(ciphersuite, ":")
for _, v := range csArr {
if _, ok := dtlsCipherSuites[v]; ok {
return v
}
}
// 返回默认值
return "ECDHE-RSA-AES128-GCM-SHA256"
}

11
server/handler/link_auth.go
View File

@@ -1,6 +1,7 @@
package handler
import (
"bytes"
"crypto/md5"
"encoding/xml"
"fmt"
@@ -49,7 +50,7 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
return
}
// fmt.Printf("%+v \n", cr)
setCommonHeader(w)
// setCommonHeader(w)
if cr.Type == "logout" {
// 退出删除session信息
if cr.SessionToken != "" {
@@ -154,10 +155,12 @@ func tplRequest(typ int, w io.Writer, data RequestData) {
return
}
if strings.Contains(data.Banner, "\n") {
// 替换xml文件的换行符
data.Banner = strings.ReplaceAll(data.Banner, "\n", "&#x0A;")
if data.Banner != "" {
buf := new(bytes.Buffer)
_ = xml.EscapeText(buf, []byte(data.Banner))
data.Banner = buf.String()
}
t, _ := template.New("auth_complete").Parse(auth_complete)
_ = t.Execute(w, data)
}

23
server/handler/link_base.go
View File

@@ -3,7 +3,6 @@ package handler
import (
"encoding/xml"
"log"
"net/http"
"os/exec"
)
@@ -42,28 +41,6 @@ type macAddressList struct {
MacAddress string `xml:"mac-address"`
}
func setCommonHeader(w http.ResponseWriter) {
// Content-Length Date 默认已经存在
w.Header().Set("Server", "AnyLink")
w.Header().Set("Content-Type", "text/html; charset=utf-8")
w.Header().Set("Cache-Control", "no-store,no-cache")
w.Header().Set("Pragma", "no-cache")
w.Header().Set("Transfer-Encoding", "chunked")
w.Header().Set("Connection", "keep-alive")
w.Header().Set("X-Frame-Options", "deny")
w.Header().Set("X-Content-Type-Options", "nosniff")
w.Header().Set("Content-Security-Policy", "default-src 'none'")
w.Header().Set("X-Permitted-Cross-Domain-Policies", "none")
w.Header().Set("Referrer-Policy", "no-referrer")
w.Header().Set("Clear-Site-Data", "cache,cookies,storage")
w.Header().Set("Cross-Origin-Embedder-Policy", "require-corp")
w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")
w.Header().Set("Cross-Origin-Resource-Policy", "same-origin")
w.Header().Set("X-XSS-Protection", "0")
w.Header().Set("X-Aggregate-Auth", "1")
w.Header().Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
}
func execCmd(cmdStrs []string) error {
for _, cmdStr := range cmdStrs {
cmd := exec.Command("sh", "-c", cmdStr)

34
server/handler/link_cstp.go
View File

@@ -21,10 +21,13 @@ func LinkCstp(conn net.Conn, bufRW *bufio.ReadWriter, cSess *sessdata.ConnSessio
}()
var (
err error
n int
dataLen uint16
dead = time.Duration(cSess.CstpDpd+5) * time.Second
err error
n int
dataLen uint16
dead = time.Second * time.Duration(cSess.CstpDpd+5)
idle = time.Second * time.Duration(base.Cfg.IdleTimeout)
checkIdle = base.Cfg.IdleTimeout > 0
lastTime time.Time
)
go cstpWrite(conn, bufRW, cSess)
@@ -54,19 +57,30 @@ func LinkCstp(conn net.Conn, bufRW *bufio.ReadWriter, cSess *sessdata.ConnSessio
switch pl.Data[6] {
case 0x07: // KEEPALIVE
// do nothing
// base.Debug("recv keepalive", cSess.IpAddr)
base.Trace("recv LinkCstp Keepalive", cSess.Username, cSess.IpAddr, conn.RemoteAddr())
// 判断超时时间
if checkIdle {
lastTime = cSess.LastDataTime.Load()
if lastTime.Before(utils.NowSec().Add(-idle)) {
base.Warn("IdleTimeout", cSess.Username, cSess.IpAddr, conn.RemoteAddr(), "lastTime", lastTime)
sessdata.CloseSess(cSess.Sess.Token, dbdata.UserIdleTimeout)
return
}
}
case 0x05: // DISCONNECT
cSess.UserLogoutCode = dbdata.UserLogoutClient
base.Debug("DISCONNECT", cSess.Username, cSess.IpAddr)
base.Debug("DISCONNECT", cSess.Username, cSess.IpAddr, conn.RemoteAddr())
sessdata.CloseSess(cSess.Sess.Token, dbdata.UserLogoutClient)
return
case 0x03: // DPD-REQ
// base.Debug("recv DPD-REQ", cSess.IpAddr)
base.Trace("recv LinkCstp DPD-REQ", cSess.Username, cSess.IpAddr, conn.RemoteAddr())
pl.PType = 0x04
pl.Data = pl.Data[:n]
if payloadOutCstp(cSess, pl) {
return
}
case 0x04:
// log.Println("recv DPD-RESP")
base.Trace("recv LinkCstp DPD-RESP", cSess.Username, cSess.IpAddr, conn.RemoteAddr())
case 0x08: // decompress
if cSess.CstpPickCmp == nil {
continue
@@ -98,6 +112,8 @@ func LinkCstp(conn net.Conn, bufRW *bufio.ReadWriter, cSess *sessdata.ConnSessio
if payloadIn(cSess, pl) {
return
}
// 只记录返回正确的数据时间
cSess.LastDataTime.Store(utils.NowSec())
}
}
}
@@ -153,7 +169,7 @@ func cstpWrite(conn net.Conn, bufRW *bufio.ReadWriter, cSess *sessdata.ConnSessi
binary.BigEndian.PutUint16(pl.Data[4:6], uint16(l))
}
} else {
pl.Data = append(pl.Data[:0], plHeader...)
// pl.Data = append(pl.Data[:0], plHeader...)
// 设置头类型
pl.Data[6] = pl.PType
}

14
server/handler/link_dtls.go
View File

@@ -56,19 +56,20 @@ func LinkDtls(conn net.Conn, cSess *sessdata.ConnSession) {
switch pl.Data[0] {
case 0x07: // KEEPALIVE
// do nothing
// base.Debug("recv keepalive", cSess.IpAddr)
base.Trace("recv LinkDtls Keepalive", cSess.Username, cSess.IpAddr, conn.RemoteAddr())
case 0x05: // DISCONNECT
cSess.UserLogoutCode = dbdata.UserLogoutClient
base.Debug("DISCONNECT DTLS", cSess.Username, cSess.IpAddr)
base.Debug("DISCONNECT DTLS", cSess.Username, cSess.IpAddr, conn.RemoteAddr())
return
case 0x03: // DPD-REQ
// base.Debug("recv DPD-REQ", cSess.IpAddr)
base.Trace("recv LinkDtls DPD-REQ", cSess.Username, cSess.IpAddr, conn.RemoteAddr())
pl.PType = 0x04
pl.Data = pl.Data[:n]
if payloadOutDtls(cSess, dSess, pl) {
return
}
case 0x04:
// base.Debug("recv DPD-RESP", cSess.IpAddr)
base.Trace("recv LinkDtls DPD-RESP", cSess.Username, cSess.IpAddr, conn.RemoteAddr())
case 0x08: // decompress
if cSess.DtlsPickCmp == nil {
continue
@@ -93,6 +94,8 @@ func LinkDtls(conn net.Conn, cSess *sessdata.ConnSession) {
if payloadIn(cSess, pl) {
return
}
// 只记录返回正确的数据时间
cSess.LastDataTime.Store(utils.NowSec())
}
}
@@ -147,7 +150,8 @@ func dtlsWrite(conn net.Conn, dSess *sessdata.DtlsSession, cSess *sessdata.ConnS
}
} else {
// 设置头类型
pl.Data = append(pl.Data[:0], pl.PType)
// pl.Data = append(pl.Data[:0], pl.PType)
pl.Data[0] = pl.PType
}
n, err := conn.Write(pl.Data)
if err != nil {

6
server/handler/link_home.go
View File

@@ -13,7 +13,9 @@ func LinkHome(w http.ResponseWriter, r *http.Request) {
// fmt.Println(r.RemoteAddr)
// hu, _ := httputil.DumpRequest(r, true)
// fmt.Println("DumpHome: ", string(hu))
w.Header().Set("Server", "AnyLinkOpenSource")
w.Header().Set("Content-Type", "text/html; charset=utf-8")
w.Header().Del("X-Aggregate-Auth")
connection := strings.ToLower(r.Header.Get("Connection"))
userAgent := strings.ToLower(r.UserAgent())
if connection == "close" && (strings.Contains(userAgent, "anyconnect") || strings.Contains(userAgent, "openconnect")) {
@@ -33,6 +35,8 @@ func LinkHome(w http.ResponseWriter, r *http.Request) {
}
func LinkOtpQr(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Cross-Origin-Resource-Policy", "cross-origin")
_ = r.ParseForm()
idS := r.FormValue("id")
jwtToken := r.FormValue("jwt")

23
server/handler/link_tun.go
View File

@@ -22,22 +22,29 @@ func checkTun() {
defer ifce.Close()
// 测试ip命令
cmdstr := fmt.Sprintf("ip link set dev %s up mtu %s multicast off", ifce.Name(), "1399")
err = execCmd([]string{cmdstr})
base.CheckModOrLoad("tun")
cmdstr1 := fmt.Sprintf("ip link set dev %s up mtu %s multicast off", ifce.Name(), "1399")
err = execCmd([]string{cmdstr1})
if err != nil {
base.Fatal("testTun err: ", err)
}
//开启服务器转发
// 开启服务器转发
if err := execCmd([]string{"sysctl -w net.ipv4.ip_forward=1"}); err != nil {
base.Error(err)
base.Fatal(err)
}
if base.Cfg.IptablesNat {
//添加NAT转发规则
// 添加NAT转发规则
ipt, err := iptables.New()
if err != nil {
base.Error(err)
base.Fatal(err)
return
}
// 修复 rockyos nat 不生效
base.CheckModOrLoad("iptable_filter")
base.CheckModOrLoad("iptable_nat")
natRule := []string{"-s", base.Cfg.Ipv4CIDR, "-o", base.Cfg.Ipv4Master, "-j", "MASQUERADE"}
forwardRule := []string{"-j", "ACCEPT"}
if natExists, _ := ipt.Exists("nat", "POSTROUTING", natRule...); !natExists {
@@ -65,7 +72,9 @@ func LinkTun(cSess *sessdata.ConnSession) error {
// log.Printf("Interface Name: %s\n", ifce.Name())
cSess.SetIfName(ifce.Name())
cmdstr1 := fmt.Sprintf("ip link set dev %s up mtu %d multicast off", ifce.Name(), cSess.Mtu)
// 通过 ip link show 查看 alias 信息
cmdstr1 := fmt.Sprintf("ip link set dev %s up mtu %d multicast off alias %s.%s", ifce.Name(), cSess.Mtu, cSess.Group.Name, cSess.Username)
cmdstr2 := fmt.Sprintf("ip addr add dev %s local %s peer %s/32",
ifce.Name(), base.Cfg.Ipv4Gateway, cSess.IpAddr)
err = execCmd([]string{cmdstr1, cmdstr2})

45
server/handler/link_tunnel.go
View File

@@ -43,13 +43,13 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
// 判断session-token的值
cookie, err := r.Cookie("webvpn")
if err != nil || cookie.Value == "" {
w.WriteHeader(http.StatusBadRequest)
w.WriteHeader(http.StatusUnauthorized)
return
}
sess := sessdata.SToken2Sess(cookie.Value)
if sess == nil {
w.WriteHeader(http.StatusBadRequest)
w.WriteHeader(http.StatusUnauthorized)
return
}
@@ -57,7 +57,7 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
cSess := sess.NewConn()
if cSess == nil {
log.Println(err)
w.WriteHeader(http.StatusBadRequest)
w.WriteHeader(http.StatusUnauthorized)
return
}
@@ -66,6 +66,8 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
cstpBaseMtu := r.Header.Get("X-CSTP-Base-MTU")
masterSecret := r.Header.Get("X-DTLS-Master-Secret")
localIp := r.Header.Get("X-Cstp-Local-Address-Ip4")
// 出口ip
exportIp4 := r.Header.Get("X-Cstp-Remote-Address-Ip4")
mobile := r.Header.Get("X-Cstp-License")
cSess.SetMtu(cstpMtu)
@@ -92,13 +94,9 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
base.Debug(cSess.IpAddr, cSess.MacHw, sess.Username, mobile)
// 压缩
if cmpName, ok := cSess.SetPickCmp("cstp", r.Header.Get("X-Cstp-Accept-Encoding")); ok {
HttpSetHeader(w, "X-CSTP-Content-Encoding", cmpName)
}
if cmpName, ok := cSess.SetPickCmp("dtls", r.Header.Get("X-Dtls-Accept-Encoding")); ok {
HttpSetHeader(w, "X-DTLS-Content-Encoding", cmpName)
}
// 检测密码套件
dtlsCiphersuite := checkDtls12Ciphersuite(r.Header.Get("X-Dtls12-Ciphersuite"))
base.Trace("dtlsCiphersuite", dtlsCiphersuite)
// 返回客户端数据
HttpSetHeader(w, "Server", fmt.Sprintf("%s %s", base.APP_NAME, base.APP_VER))
@@ -109,11 +107,19 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
HttpSetHeader(w, "X-CSTP-Netmask", sessdata.IpPool.Ipv4Mask.String()) // 子网掩码
HttpSetHeader(w, "X-CSTP-Hostname", hn) // 机器名称
HttpSetHeader(w, "X-CSTP-Base-MTU", cstpBaseMtu)
// 要发布的默认域
// 客户端dns的默认搜索
if base.Cfg.DefaultDomain != "" {
HttpSetHeader(w, "X-CSTP-Default-Domain", base.Cfg.DefaultDomain)
}
// 压缩
if cmpName, ok := cSess.SetPickCmp("cstp", r.Header.Get("X-Cstp-Accept-Encoding")); ok {
HttpSetHeader(w, "X-CSTP-Content-Encoding", cmpName)
}
if cmpName, ok := cSess.SetPickCmp("dtls", r.Header.Get("X-Dtls-Accept-Encoding")); ok {
HttpSetHeader(w, "X-DTLS-Content-Encoding", cmpName)
}
// 设置用户策略
SetUserPolicy(cSess.Username, cSess.Group)
@@ -136,6 +142,10 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
for _, v := range cSess.Group.RouteExclude {
HttpAddHeader(w, "X-CSTP-Split-Exclude", v.IpMask)
}
// 排除出口ip路由(出口ip不加密传输)
if base.Cfg.ExcludeExportIp && exportIp4 != "" {
HttpAddHeader(w, "X-CSTP-Split-Exclude", exportIp4+"/255.255.255.255")
}
HttpSetHeader(w, "X-CSTP-Lease-Duration", "1209600") // ip地址租期
HttpSetHeader(w, "X-CSTP-Session-Timeout", "none")
@@ -164,7 +174,7 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
HttpSetHeader(w, "X-DTLS-Port", dtlsPort)
HttpSetHeader(w, "X-DTLS-DPD", fmt.Sprintf("%d", cstpDpd))
HttpSetHeader(w, "X-DTLS-Keepalive", fmt.Sprintf("%d", cstpKeepalive))
HttpSetHeader(w, "X-DTLS12-CipherSuite", "ECDHE-ECDSA-AES128-GCM-SHA256")
HttpSetHeader(w, "X-DTLS12-CipherSuite", dtlsCiphersuite)
HttpSetHeader(w, "X-CSTP-License", "accept")
HttpSetHeader(w, "X-CSTP-Routing-Filtering-Ignore", "false")
@@ -180,10 +190,9 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
hClone := w.Header().Clone()
headers := make([]byte, 0)
buf := bytes.NewBuffer(headers)
buf := &bytes.Buffer{}
_ = hClone.Write(buf)
base.Debug(buf.String())
base.Debug("LinkTunnel Response Header:", buf.String())
hj := w.(http.Hijacker)
conn, bufRW, err := hj.Hijack()
@@ -234,7 +243,11 @@ func SetPostAuthXml(g *dbdata.Group, w http.ResponseWriter) error {
if err != nil {
return err
}
HttpSetHeader(w, "X-CSTP-Post-Auth-XML", result.String())
xmlAuth := ""
for _, v := range strings.Split(result.String(), "\n") {
xmlAuth += strings.TrimSpace(v)
}
HttpSetHeader(w, "X-CSTP-Post-Auth-XML", xmlAuth)
return nil
}

9
server/handler/link_vtap.go
View File

@@ -33,13 +33,14 @@ func checkMacvtap() {
ifName := "anylinkMacvtap"
// 加载 macvtap
cmdstr0 := fmt.Sprintln("modprobe -i macvtap")
base.CheckModOrLoad("macvtap")
// 开启主网卡混杂模式
cmdstr1 := fmt.Sprintf("ip link set dev %s promisc on", base.Cfg.Ipv4Master)
// 测试 macvtap 功能
cmdstr2 := fmt.Sprintf("ip link add link %s name %s type macvtap mode bridge", base.Cfg.Ipv4Master, ifName)
cmdstr3 := fmt.Sprintf("ip link del %s", ifName)
err := execCmd([]string{cmdstr0, cmdstr1, cmdstr2, cmdstr3})
err := execCmd([]string{cmdstr1, cmdstr2, cmdstr3})
if err != nil {
base.Fatal(err)
}
@@ -54,7 +55,9 @@ func LinkMacvtap(cSess *sessdata.ConnSession) error {
cSess.SetIfName(ifName)
cmdstr1 := fmt.Sprintf("ip link add link %s name %s type macvtap mode bridge", base.Cfg.Ipv4Master, ifName)
cmdstr2 := fmt.Sprintf("ip link set dev %s up mtu %d address %s", ifName, cSess.Mtu, cSess.MacHw)
cmdstr2 := fmt.Sprintf("ip link set dev %s up mtu %d address %s alias %s.%s", ifName, cSess.Mtu,
cSess.MacHw, cSess.Group.Name, cSess.Username)
err := execCmd([]string{cmdstr1, cmdstr2})
if err != nil {
base.Error(err)

21
server/handler/payload_access_audit.go
View File

@@ -3,6 +3,7 @@ package handler
import (
"crypto/md5"
"encoding/binary"
"runtime/debug"
"time"
"github.com/bjdgyc/anylink/base"
@@ -101,11 +102,17 @@ func logAuditBatch() {
// 解析IP包的数据
func logAudit(userName string, pl *sessdata.Payload) {
defer putPayload(pl)
defer func() {
if err := recover(); err != nil {
base.Error("logAudit is panic: ", err, "\n", string(debug.Stack()), "\n", pl.Data)
}
putPayload(pl)
}()
if !(pl.LType == sessdata.LTypeIPData && pl.PType == 0x00) {
return
}
ipProto := waterutil.IPv4Protocol(pl.Data)
// 访问协议
var accessProto uint8
@@ -118,12 +125,17 @@ func logAudit(userName string, pl *sessdata.Payload) {
default:
return
}
// IP报文只包含头部信息时, 则打印LOG并退出
ipPl := waterutil.IPv4Payload(pl.Data)
if len(ipPl) < 4 {
base.Error("ipPl len < 4", ipPl, pl.Data)
return
}
ipPort := (uint16(ipPl[2]) << 8) | uint16(ipPl[3])
ipSrc := waterutil.IPv4Source(pl.Data)
ipDst := waterutil.IPv4Destination(pl.Data)
ipPort := waterutil.IPv4DestinationPort(pl.Data)
b := getByte51()
// key格式 16字节源IP地址 + 16字节目的IP地址 + 2字节目的端口 + 1字节协议类型 + 16字节域名MD5
key := *b
copy(key[:16], ipSrc)
copy(key[16:32], ipDst)
@@ -178,7 +190,6 @@ func logAudit(userName string, pl *sessdata.Payload) {
AccessProto: accessProto,
Info: info,
}
select {
case logBatch.LogChan <- audit:
default:

2
server/handler/payload_tcp_parser.go
View File

@@ -29,7 +29,7 @@ func onTCP(payload []byte) (uint8, string) {
}
func sniNewParser(b []byte) (uint8, string) {
if len(b) < 2 || b[0] != 0x16 || b[1] != 0x03 {
if len(b) < 6 || b[0] != 0x16 || b[1] != 0x03 {
return acc_proto_tcp, ""
}
rest := b[5:]

28
server/handler/server.go
View File

@@ -4,14 +4,15 @@ import (
"crypto/tls"
"fmt"
"io"
"log"
"net"
"net/http"
"net/http/httputil"
"os"
"time"
"github.com/bjdgyc/anylink/base"
"github.com/bjdgyc/anylink/dbdata"
"github.com/bjdgyc/anylink/pkg/utils"
"github.com/gorilla/mux"
"github.com/pires/go-proxyproto"
)
@@ -50,23 +51,22 @@ func startTls() {
MinVersion: tls.VersionTLS12,
CipherSuites: selectedCipherSuites,
GetCertificate: func(chi *tls.ClientHelloInfo) (*tls.Certificate, error) {
base.Trace("GetCertificate", chi.ServerName)
base.Trace("GetCertificate ServerName", chi.ServerName)
return dbdata.GetCertificateBySNI(chi.ServerName)
},
// InsecureSkipVerify: true,
}
srv := &http.Server{
Addr: addr,
Handler: initRoute(),
TLSConfig: tlsConfig,
ErrorLog: base.GetBaseLog(),
ReadTimeout: 60 * time.Second,
WriteTimeout: 60 * time.Second,
ErrorLog: base.GetServerLog(),
ReadTimeout: 100 * time.Second,
WriteTimeout: 100 * time.Second,
}
ln, err = net.Listen("tcp", addr)
if err != nil {
log.Fatal(err)
base.Fatal(err)
}
defer ln.Close()
@@ -86,6 +86,14 @@ func startTls() {
func initRoute() http.Handler {
r := mux.NewRouter()
// 所有路由添加安全头
r.Use(func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
utils.SetSecureHeader(w)
next.ServeHTTP(w, req)
})
})
r.HandleFunc("/", LinkHome).Methods(http.MethodGet)
r.HandleFunc("/", LinkAuth).Methods(http.MethodPost)
r.HandleFunc("/CSCOSSLC/tunnel", LinkTunnel).Methods(http.MethodConnect)
@@ -109,8 +117,10 @@ func initRoute() http.Handler {
func notFound(w http.ResponseWriter, r *http.Request) {
// fmt.Println(r.RemoteAddr)
// hu, _ := httputil.DumpRequest(r, true)
// fmt.Println("NotFound: ", string(hu))
if base.GetLogLevel() == base.LogLevelTrace {
hd, _ := httputil.DumpRequest(r, true)
base.Trace("NotFound: ", r.RemoteAddr, string(hd))
}
w.WriteHeader(http.StatusNotFound)
fmt.Fprintln(w, "404 page not found")

13
server/main.go
View File

@@ -20,14 +20,21 @@ import (
var uiData embed.FS
// 程序版本
var CommitId string
var (
appVer string
commitId string
buildDate string
)
func main() {
base.CommitId = CommitId
admin.UiData = uiData
base.APP_VER = appVer
base.CommitId = commitId
base.BuildDate = buildDate
base.Start()
handler.Start()
signalWatch()
}
@@ -35,7 +42,7 @@ func signalWatch() {
base.Info("Server pid: ", os.Getpid())
sigs := make(chan os.Signal, 1)
signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM, syscall.SIGALRM)
signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM, syscall.SIGALRM, syscall.SIGUSR2)
for {
sig := <-sigs
base.Info("Get signal:", sig)

32
server/pkg/utils/secure_header.go Normal file
View File

@@ -0,0 +1,32 @@
package utils
import "net/http"
// SetSecureHeader 设置安全的header头
// https://blog.csdn.net/liwan09/article/details/130248003
// https://zhuanlan.zhihu.com/p/335165168
func SetSecureHeader(w http.ResponseWriter) {
// Content-Length Date 默认已经存在
w.Header().Set("Server", "AnyLinkOpenSource")
// w.Header().Set("Content-Type", "text/html; charset=utf-8")
// w.Header().Set("Transfer-Encoding", "chunked")
w.Header().Set("X-Aggregate-Auth", "1")
w.Header().Set("Cache-Control", "no-store,no-cache")
w.Header().Set("Pragma", "no-cache")
w.Header().Set("Connection", "keep-alive")
w.Header().Set("X-Frame-Options", "SAMEORIGIN")
w.Header().Set("X-Content-Type-Options", "nosniff")
w.Header().Set("X-Download-Options", "noopen")
w.Header().Set("Content-Security-Policy", "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'; base-uri 'self'; block-all-mixed-content")
w.Header().Set("X-Permitted-Cross-Domain-Policies", "none")
w.Header().Set("Referrer-Policy", "same-origin")
w.Header().Set("Cross-Origin-Embedder-Policy", "require-corp")
w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")
w.Header().Set("Cross-Origin-Resource-Policy", "same-origin")
w.Header().Set("X-XSS-Protection", "1;mode=block")
w.Header().Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
// w.Header().Set("Clear-Site-Data", "cache,cookies,storage")
}

9
server/sessdata/ip_pool.go
View File

@@ -89,10 +89,13 @@ func initIpPool() {
// }
// AcquireIp 获取动态ip
func AcquireIp(username, macAddr string, uniqueMac bool) net.IP {
base.Trace("AcquireIp:", username, macAddr, uniqueMac)
func AcquireIp(username, macAddr string, uniqueMac bool) (newIp net.IP) {
base.Trace("AcquireIp start:", username, macAddr, uniqueMac)
ipPoolMux.Lock()
defer ipPoolMux.Unlock()
defer func() {
ipPoolMux.Unlock()
base.Trace("AcquireIp end:", username, macAddr, uniqueMac, newIp)
}()
var (
err error

2
server/sessdata/session.go
View File

@@ -49,6 +49,7 @@ type ConnSession struct {
BandwidthDownAll atomic2.Uint64 // 使用下行带宽总量
closeOnce sync.Once
CloseChan chan struct{}
LastDataTime atomic2.Time // 最后数据传输时间
PayloadIn chan *Payload
PayloadOutCstp chan *Payload // Cstp的数据
PayloadOutDtls chan *Payload // Dtls的数据
@@ -219,6 +220,7 @@ func (s *Session) NewConn() *ConnSession {
PayloadOutDtls: make(chan *Payload, 64),
dSess: &atomic.Value{},
}
cSess.LastDataTime.Store(time.Now())
dSess := &DtlsSession{
isActive: -1,

5
server/sessdata/session_test.go
View File

@@ -33,7 +33,7 @@ func TestConnSession(t *testing.T) {
sess.MacAddr = "00:15:5d:50:14:43"
cSess := sess.NewConn()
base.Info("cSess", cSess)
// base.Info("cSess", cSess)
err := cSess.RateLimit(100, true)
ast.Nil(err)
@@ -60,4 +60,7 @@ func TestConnSession(t *testing.T) {
ast.Equal(cmpName, "")
cSess.Close()
// 等待日志执行完成
time.Sleep(time.Second * 10)
}

1
version Normal file
View File

@@ -0,0 +1 @@
0.11.2

1
version_info Normal file
View File

@@ -0,0 +1 @@
version_info

197
web/src/pages/group/List.vue
View File

@@ -47,7 +47,12 @@
<el-table-column
prop="bandwidth"
label="带宽限制">
label="带宽限制"
width="90">
<template slot-scope="scope">
<el-row v-if="scope.row.bandwidth > 0">{{ convertBandwidth(scope.row.bandwidth, 'BYTE', 'Mbps') }} Mbps</el-row>
<el-row v-else>不限</el-row>
</template>
</el-table-column>
<el-table-column
@@ -62,7 +67,7 @@
<el-table-column
prop="route_include"
label="路由包含"
width="200">
width="180">
<template slot-scope="scope">
<el-row v-for="(item,inx) in scope.row.route_include.slice(0, readMinRows)" :key="inx">{{ item.val }}</el-row>
<div v-if="scope.row.route_include.length > readMinRows">
@@ -77,7 +82,7 @@
<el-table-column
prop="route_exclude"
label="路由排除"
width="200">
width="180">
<template slot-scope="scope">
<el-row v-for="(item,inx) in scope.row.route_exclude.slice(0, readMinRows)" :key="inx">{{ item.val }}</el-row>
<div v-if="scope.row.route_exclude.length > readMinRows">
@@ -92,7 +97,7 @@
<el-table-column
prop="link_acl"
label="LINK-ACL"
min-width="200">
min-width="180">
<template slot-scope="scope">
<el-row v-for="(item,inx) in scope.row.link_acl.slice(0, readMinRows)" :key="inx">
{{ item.action }} => {{ item.val }} : {{ item.port }}
@@ -186,9 +191,9 @@
<el-input v-model="ruleForm.note"></el-input>
</el-form-item>
<el-form-item label="带宽限制" prop="bandwidth">
<el-input v-model.number="ruleForm.bandwidth">
<template slot="append">BYTE/S</template>
<el-form-item label="带宽限制" prop="bandwidth_format" style="width:260px;">
<el-input v-model="ruleForm.bandwidth_format" oninput="value= value.match(/\d+(\.\d{0,2})?/) ? value.match(/\d+(\.\d{0,2})?/)[0] : ''">
<template slot="append">Mbps</template>
</el-input>
</el-form-item>
<el-form-item label="排除本地网络" prop="allow_lan">
@@ -276,48 +281,60 @@
<el-tab-pane label="路由设置" name="route">
<el-form-item label="包含路由" prop="route_include">
<el-row class="msg-info">
<el-col :span="20">输入CIDR格式如: 192.168.1.0/24</el-col>
<el-col :span="4">
<el-col :span="18">输入CIDR格式如: 192.168.1.0/24</el-col>
<el-col :span="2">
<el-button size="mini" type="success" icon="el-icon-plus" circle
@click.prevent="addDomain(ruleForm.route_include)"></el-button>
</el-col>
</el-row>
<el-row v-for="(item,index) in ruleForm.route_include"
:key="index" style="margin-bottom: 5px" :gutter="10">
<el-col :span="10">
<el-input v-model="item.val"></el-input>
</el-col>
<el-col :span="12">
<el-input v-model="item.note" placeholder="备注"></el-input>
</el-col>
<el-col :span="2">
<el-button size="mini" type="danger" icon="el-icon-minus" circle
@click.prevent="removeDomain(ruleForm.route_include,index)"></el-button>
<el-col :span="4">
<el-button size="mini" type="info" icon="el-icon-edit" circle
@click.prevent="openIpListDialog('route_include')"></el-button>
</el-col>
</el-row>
<templete v-if="activeTab == 'route'">
<el-row v-for="(item,index) in ruleForm.route_include"
:key="index" style="margin-bottom: 5px" :gutter="10">
<el-col :span="10">
<el-input v-model="item.val"></el-input>
</el-col>
<el-col :span="12">
<el-input v-model="item.note" placeholder="备注"></el-input>
</el-col>
<el-col :span="2">
<el-button size="mini" type="danger" icon="el-icon-minus" circle
@click.prevent="removeDomain(ruleForm.route_include,index)"></el-button>
</el-col>
</el-row>
</templete>
</el-form-item>
<el-form-item label="排除路由" prop="route_exclude">
<el-row class="msg-info">
<el-col :span="20">输入CIDR格式如: 192.168.2.0/24</el-col>
<el-col :span="4">
<el-col :span="18">输入CIDR格式如: 192.168.2.0/24</el-col>
<el-col :span="2">
<el-button size="mini" type="success" icon="el-icon-plus" circle
@click.prevent="addDomain(ruleForm.route_exclude)"></el-button>
</el-col>
</el-row>
<el-row v-for="(item,index) in ruleForm.route_exclude"
:key="index" style="margin-bottom: 5px" :gutter="10">
<el-col :span="10">
<el-input v-model="item.val"></el-input>
</el-col>
<el-col :span="12">
<el-input v-model="item.note" placeholder="备注"></el-input>
</el-col>
<el-col :span="2">
<el-button size="mini" type="danger" icon="el-icon-minus" circle
@click.prevent="removeDomain(ruleForm.route_exclude,index)"></el-button>
<el-col :span="4">
<el-button size="mini" type="info" icon="el-icon-edit" circle
@click.prevent="openIpListDialog('route_exclude')"></el-button>
</el-col>
</el-row>
<templete v-if="activeTab == 'route'">
<el-row v-for="(item,index) in ruleForm.route_exclude"
:key="index" style="margin-bottom: 5px" :gutter="10">
<el-col :span="10">
<el-input v-model="item.val"></el-input>
</el-col>
<el-col :span="12">
<el-input v-model="item.note" placeholder="备注"></el-input>
</el-col>
<el-col :span="2">
<el-button size="mini" type="danger" icon="el-icon-minus" circle
@click.prevent="removeDomain(ruleForm.route_exclude,index)"></el-button>
</el-col>
</el-row>
</templete>
</el-form-item>
</el-tab-pane>
<el-tab-pane label="权限控制" name="link_acl">
@@ -360,6 +377,7 @@
</el-form-item>
<el-form-item label="排除域名" prop="ds_exclude_domains">
<el-input type="textarea" :rows="5" v-model="ruleForm.ds_exclude_domains" placeholder="输入域名用,号分隔,默认匹配所有子域名, 如baidu.com,163.com"></el-input>
<div class="msg-info">域名拆分隧道仅支持AnyConnect的桌面客户端不支持移动端.</div>
</el-form-item>
</el-tab-pane>
<el-form-item>
@@ -393,6 +411,25 @@
</el-form-item>
</el-form>
</el-dialog>
<!--编辑模式弹窗-->
<el-dialog
:close-on-click-modal="false"
title="编辑模式"
:visible.sync="ipListDialog"
width="650px"
custom-class="valgin-dialog"
center>
<el-form ref="ipEditForm" label-width="80px">
<el-form-item label="路由表" prop="ip_list">
<el-input type="textarea" :rows="10" v-model="ipEditForm.ip_list" placeholder="每行一条路由192.168.1.0/24,备注 或 192.168.1.0/24"></el-input>
<div class="msg-info">当前共 {{ ipEditForm.ip_list.trim() === '' ? 0 : ipEditForm.ip_list.trim().split("\n").length }} AnyConnect客户端最多支持{{ this.maxRouteRows }}条路由</div>
</el-form-item>
<el-form-item>
<el-button type="primary" @click="ipEdit()" :loading="ipEditLoading">更新</el-button>
<el-button @click="ipListDialog = false"> </el-button>
</el-form-item>
</el-form>
</el-dialog>
</div>
</template>
@@ -419,6 +456,7 @@ export default {
activeTab : "general",
readMore: {},
readMinRows : 5,
maxRouteRows : 2500,
defAuth : {
type:'local',
radius:{addr:"", secret:""},
@@ -435,6 +473,7 @@ export default {
},
ruleForm: {
bandwidth: 0,
bandwidth_format: '0',
status: 1,
allow_lan: true,
client_dns: [{val: '114.114.114.114'}],
@@ -444,11 +483,17 @@ export default {
auth : {},
},
authLoginDialog : false,
ipListDialog : false,
authLoginLoading : false,
authLoginForm : {
name : "",
pwd : "",
},
ipEditForm: {
ip_list: "",
type : "",
},
ipEditLoading : false,
authLoginRules: {
name: [
{required: true, message: '请输入账号', trigger: 'blur'},
@@ -463,9 +508,9 @@ export default {
{required: true, message: '请输入组名', trigger: 'blur'},
{max: 30, message: '长度小于 30 个字符', trigger: 'blur'}
],
bandwidth: [
bandwidth_format: [
{required: true, message: '请输入带宽限制', trigger: 'blur'},
{type: 'number', message: '带宽限制必须为数字值'}
{type: 'string', message: '带宽限制必须为数字值'}
],
status: [
{required: true}
@@ -536,6 +581,7 @@ export default {
id: row.id,
}
}).then(resp => {
resp.data.data.bandwidth_format = this.convertBandwidth(resp.data.data.bandwidth, 'BYTE', 'Mbps').toString();
this.ruleForm = resp.data.data;
this.setAuthData(resp.data.data);
}).catch(error => {
@@ -582,6 +628,7 @@ export default {
console.log('error submit!!');
return false;
}
this.ruleForm.bandwidth = this.convertBandwidth(this.ruleForm.bandwidth_format, 'Mbps', 'BYTE');
axios.post('/group/set', this.ruleForm).then(resp => {
const rdata = resp.data;
if (rdata.code === 0) {
@@ -636,6 +683,70 @@ export default {
});
});
},
openIpListDialog(type) {
this.ipListDialog = true;
this.ipEditForm.type = type;
this.ipEditForm.ip_list = this.ruleForm[type].map(item => item.val + (item.note ? "," + item.note : "")).join("\n");
},
ipEdit() {
this.ipEditLoading = true;
let ipList = [];
if (this.ipEditForm.ip_list.trim() !== "") {
ipList = this.ipEditForm.ip_list.trim().split("\n");
}
let arr = [];
for (let i = 0; i < ipList.length; i++) {
let item = ipList[i];
if (item.trim() === "") {
continue;
}
let ip = item.split(",");
if (ip.length > 2) {
ip[1] = ip.slice(1).join(",");
}
let note = ip[1] ? ip[1] : "";
const pushToArr = () => {
arr.push({val: ip[0], note: note});
};
if (this.ipEditForm.type == "route_include" && ip[0] == "all") {
pushToArr();
continue;
}
let valid = this.isValidCIDR(ip[0]);
if (!valid.valid) {
this.$message.error("错误CIDR格式错误建议 " + ip[0] + " 改为 " + valid.suggestion);
this.ipEditLoading = false;
return;
}
pushToArr();
}
this.ruleForm[this.ipEditForm.type] = arr;
this.ipEditLoading = false;
this.ipListDialog = false;
},
isValidCIDR(input) {
const cidrRegex = /^((25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(25[0-5]|2[0-4]\d|[01]?\d\d?)\/([12]?\d|3[0-2])$/;
if (!cidrRegex.test(input)) {
return { valid: false, suggestion: null };
}
const [ip, mask] = input.split('/');
const maskNum = parseInt(mask);
const ipParts = ip.split('.').map(part => parseInt(part));
const binaryIP = ipParts.map(part => part.toString(2).padStart(8, '0')).join('');
for (let i = maskNum; i < 32; i++) {
if (binaryIP[i] === '1') {
const binaryNetworkPart = binaryIP.substring(0, maskNum).padEnd(32, '0');
const networkIPParts = [];
for (let j = 0; j < 4; j++) {
const octet = binaryNetworkPart.substring(j * 8, (j + 1) * 8);
networkIPParts.push(parseInt(octet, 2));
}
const suggestedIP = networkIPParts.join('.');
return { valid: false, suggestion: `${suggestedIP}/${mask}` };
}
}
return { valid: true, suggestion: null };
},
resetForm(formName) {
this.$refs[formName].resetFields();
},
@@ -666,6 +777,18 @@ export default {
closeDialog() {
this.user_edit_dialog = false;
this.activeTab = "general";
},
convertBandwidth(bandwidth, fromUnit, toUnit) {
const units = {
bps: 1,
Kbps: 1000,
Mbps: 1000000,
Gbps: 1000000000,
BYTE: 8,
};
const result = bandwidth * units[fromUnit] / units[toUnit];
const fixedResult = result.toFixed(2);
return parseFloat(fixedResult);
}
},
}

28
web/src/pages/set/Other.vue
View File

@@ -248,11 +248,14 @@
<el-form-item label="自定义首页" prop="homeindex">
<el-input
type="textarea"
:rows="5"
:rows="10"
placeholder="请输入内容"
v-model="dataOther.homeindex"
>
</el-input>
<el-tooltip content="自定义内容可以参考 home 目录下的文件" placement="top">
<i class="el-icon-question"></i>
</el-tooltip>
</el-form-item>
<el-form-item label="账户开通邮件" prop="account_mail">
@@ -318,8 +321,7 @@ export default {
secretKey: "",
},
cfcloud: {
authEmail: "",
authKey: "",
authToken: "",
},
},
customCert: { cert: "", key: "" },
@@ -399,19 +401,13 @@ export default {
],
cfcloud: [
{
label: "Email",
prop: "email",
component: "el-input",
type: "text",
},
{
label: "AuthKey",
prop: "authKey",
label: "AuthToken",
prop: "authToken",
component: "el-input",
type: "password",
rules: {
required: true,
message: "请输入正确的APIKey",
message: "请输入正确的AuthToken",
trigger: "blur",
},
},
@@ -551,12 +547,20 @@ export default {
});
break;
case "letsCert":
var loading = this.$loading({
lock: true,
text: "证书申请中...",
spinner: "el-icon-loading",
background: "rgba(0, 0, 0, 0.7)",
});
axios.post("/set/other/createcert", this.letsCert).then((resp) => {
var rdata = resp.data;
console.log(rdata);
if (rdata.code === 0) {
loading.close();
this.$message.success(rdata.msg);
} else {
loading.close();
this.$message.error(rdata.msg);
}
});

1
web/src/pages/set/System.vue
View File

@@ -50,6 +50,7 @@
</div>
<Cell left="软件版本" :right="system.sys.appVersion" divider/>
<Cell left="软件CommitId" :right="system.sys.appCommitId" divider/>
<Cell left="软件BuildDate" :right="system.sys.appBuildDate" divider/>
<Cell left="GO系统" :right="system.sys.goOs" divider/>
<Cell left="GoArch" :right="system.sys.goArch" divider/>
<Cell left="GO版本" :right="system.sys.goVersion" divider/>

66
web/src/pages/user/List.vue
View File

@@ -13,23 +13,26 @@
<el-form-item>
<el-dropdown size="small" placement="bottom">
<el-upload
class="uploaduser"
action="uploaduser"
accept=".xlsx, .xls"
:http-request="upLoadUser"
:limit="1"
:show-file-list="false">
<el-button size="small" icon="el-icon-upload2" type="primary">批量添加</el-button>
class="uploaduser"
action="uploaduser"
accept=".xlsx, .xls"
:http-request="upLoadUser"
:limit="1"
:show-file-list="false">
<el-button size="small" icon="el-icon-upload2" type="primary">批量添加</el-button>
</el-upload>
<el-dropdown-menu slot="dropdown">
<el-dropdown-item>
<el-link style="font-size:12px;" type="success" href="批量添加用户模版.xlsx"><i class="el-icon-download"></i>下载模版</el-link>
</el-dropdown-item>
</el-dropdown-menu>
<el-dropdown-menu slot="dropdown">
<el-dropdown-item>
<el-link style="font-size:12px;" type="success" href="批量添加用户模版.xlsx"><i
class="el-icon-download"></i>下载模版
</el-link>
</el-dropdown-item>
</el-dropdown-menu>
</el-dropdown>
</el-form-item>
<el-form-item label="用户名:">
<el-input size="small" v-model="searchData" placeholder="请输入内容" @keydown.enter.native="searchEnterFun"></el-input>
<el-form-item label="用户名或姓名或邮箱:">
<el-input size="small" v-model="searchData" placeholder="请输入内容"
@keydown.enter.native="searchEnterFun"></el-input>
</el-form-item>
<el-form-item>
@@ -105,7 +108,7 @@
<template slot-scope="scope">
<el-tag v-if="scope.row.status === 1" type="success">可用</el-tag>
<el-tag v-if="scope.row.status === 0" type="danger">停用</el-tag>
<el-tag v-if="scope.row.status === 2" >过期</el-tag>
<el-tag v-if="scope.row.status === 2">过期</el-tag>
</template>
</el-table-column>
@@ -202,19 +205,20 @@
<el-form-item label="过期时间" prop="limittime">
<el-date-picker
v-model="ruleForm.limittime"
type="date"
size="small"
align="center"
style="width:130px"
:picker-options="pickerOptions"
placeholder="选择日期">
v-model="ruleForm.limittime"
type="date"
size="small"
align="center"
style="width:130px"
:picker-options="pickerOptions"
placeholder="选择日期">
</el-date-picker>
</el-form-item>
<el-form-item label="禁用OTP" prop="disable_otp">
<el-switch
v-model="ruleForm.disable_otp">
v-model="ruleForm.disable_otp"
active-text="开启OTP后用户密码为PIN码+OTP动态码(中间没有+)">
</el-switch>
</el-form-item>
@@ -278,7 +282,7 @@ export default {
count: 10,
pickerOptions: {
disabledDate(time) {
return time.getTime() < Date.now();
return time.getTime() < Date.now();
}
},
searchData: '',
@@ -324,7 +328,7 @@ export default {
const formData = new FormData();
formData.append("file", item.file);
axios.post('/user/uploaduser', formData, {
headers: {
headers: {
'Content-Type': 'multipart/form-data'
}
}).then(resp => {
@@ -456,14 +460,14 @@ export default {
this.$refs[formName].resetFields();
},
searchEnterFun(e) {
var keyCode = window.event ? e.keyCode : e.which;
if (keyCode == 13) {
this.handleSearch()
}
var keyCode = window.event ? e.keyCode : e.which;
if (keyCode == 13) {
this.handleSearch()
}
},
reset() {
this.searchData = "";
this.handleSearch();
this.searchData = "";
this.handleSearch();
},
},
}

3951
web/yarn.lock
View File

File diff suppressed because it is too large Load Diff

4
yarn.lock Normal file
View File

@@ -0,0 +1,4 @@
# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1