// admin:后台管理接口
package admin
import (
"crypto/tls"
"embed"
"net/http"
"net/http/pprof"
"github.com/arl/statsviz"
"github.com/bjdgyc/anylink/base"
"github.com/bjdgyc/anylink/dbdata"
"github.com/gorilla/handlers"
"github.com/gorilla/mux"
)
var UiData embed.FS
// StartAdmin 开启服务
func StartAdmin() {
r := mux.NewRouter()
r.Use(authMiddleware)
r.Use(handlers.CompressHandler)
// 监控检测
r.HandleFunc("/status.html", func(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("ok"))
}).Name("index")
r.Handle("/", http.RedirectHandler("/ui/", http.StatusFound)).Name("index")
r.PathPrefix("/ui/").Handler(
// http.StripPrefix("/ui/", http.FileServer(http.Dir(base.Cfg.UiPath))),
http.FileServer(http.FS(UiData)),
).Name("static")
r.HandleFunc("/base/login", Login).Name("login")
r.HandleFunc("/set/home", SetHome)
r.HandleFunc("/set/system", SetSystem)
r.HandleFunc("/set/soft", SetSoft)
r.HandleFunc("/set/other", SetOther)
r.HandleFunc("/set/other/edit", SetOtherEdit)
r.HandleFunc("/set/other/smtp", SetOtherSmtp)
r.HandleFunc("/set/other/smtp/edit", SetOtherSmtpEdit)
r.HandleFunc("/set/other/audit_log", SetOtherAuditLog)
r.HandleFunc("/set/other/audit_log/edit", SetOtherAuditLogEdit)
r.HandleFunc("/set/audit/list", SetAuditList)
r.HandleFunc("/set/audit/export", SetAuditExport)
r.HandleFunc("/set/audit/act_log_list", UserActLogList)
r.HandleFunc("/set/other/createcert", CreatCert)
r.HandleFunc("/set/other/getcertset", GetCertSetting)
r.HandleFunc("/set/other/customcert", CustomCert)
r.HandleFunc("/user/list", UserList)
r.HandleFunc("/user/detail", UserDetail)
r.HandleFunc("/user/set", UserSet)
r.HandleFunc("/user/uploaduser", UserUpload).Methods(http.MethodPost)
r.HandleFunc("/user/del", UserDel)
r.HandleFunc("/user/online", UserOnline)
r.HandleFunc("/user/offline", UserOffline)
r.HandleFunc("/user/reline", UserReline)
r.HandleFunc("/user/otp_qr", UserOtpQr)
r.HandleFunc("/user/ip_map/list", UserIpMapList)
r.HandleFunc("/user/ip_map/detail", UserIpMapDetail)
r.HandleFunc("/user/ip_map/set", UserIpMapSet)
r.HandleFunc("/user/ip_map/del", UserIpMapDel)
r.HandleFunc("/user/policy/list", PolicyList)
r.HandleFunc("/user/policy/detail", PolicyDetail)
r.HandleFunc("/user/policy/set", PolicySet)
r.HandleFunc("/user/policy/del", PolicyDel)
r.HandleFunc("/group/list", GroupList)
r.HandleFunc("/group/names", GroupNames)
r.HandleFunc("/group/names_ids", GroupNamesIds)
r.HandleFunc("/group/detail", GroupDetail)
r.HandleFunc("/group/set", GroupSet)
r.HandleFunc("/group/del", GroupDel)
r.HandleFunc("/group/auth_login", GroupAuthLogin)
r.HandleFunc("/statsinfo/list", StatsInfoList)
// pprof
if base.Cfg.Pprof {
r.HandleFunc("/debug/pprof/cmdline", pprof.Cmdline).Name("debug")
r.HandleFunc("/debug/pprof/profile", pprof.Profile).Name("debug")
r.HandleFunc("/debug/pprof/symbol", pprof.Symbol).Name("debug")
r.HandleFunc("/debug/pprof/trace", pprof.Trace).Name("debug")
r.HandleFunc("/debug/pprof", location("/debug/pprof/")).Name("debug")
r.PathPrefix("/debug/pprof/").HandlerFunc(pprof.Index).Name("debug")
// statsviz
r.Path("/debug/statsviz/ws").Name("debug").HandlerFunc(statsviz.Ws)
r.PathPrefix("/debug/statsviz/").Name("debug").Handler(statsviz.Index)
}
base.Info("Listen admin", base.Cfg.AdminAddr)
// 修复 CVE-2016-2183
cipherSuites := tls.CipherSuites()
selectedCipherSuites := make([]uint16, 0, len(cipherSuites))
for _, s := range cipherSuites {
selectedCipherSuites = append(selectedCipherSuites, s.ID)
}
if tlscert, _, err := dbdata.ParseCert(); err != nil {
base.Error(err)
return
} else {
dbdata.TLSCert = tlscert
}
// 设置tls信息
tlsConfig := &tls.Config{
NextProtos: []string{"http/1.1"},
MinVersion: tls.VersionTLS12,
CipherSuites: selectedCipherSuites,
GetCertificate: func(*tls.ClientHelloInfo) (*tls.Certificate, error) {
return dbdata.TLSCert, nil
},
}
srv := &http.Server{
Addr: base.Cfg.AdminAddr,
Handler: r,
TLSConfig: tlsConfig,
}
err := srv.ListenAndServeTLS("", "")
if err != nil {
base.Fatal(err)
}
}
func location(url string) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Location", url)
w.WriteHeader(http.StatusFound)
}
}