feat: 导出udm-auth未加密数据

2025-09-28 18:14:05 +08:00
parent bc55dfb9d5
commit f4fdde0cf3
4 changed files with 94 additions and 0 deletions
--- a/src/modules/network_data/controller/udm_auth.go
+++ b/src/modules/network_data/controller/udm_auth.go
@@ -2,12 +2,15 @@ package controller

 import (
 	"fmt"
+	"os"
 	"path/filepath"
+	"runtime"
 	"strings"
 	"time"

 	"be.ems/src/framework/constants/uploadsubpath"
 	"be.ems/src/framework/i18n"
+	"be.ems/src/framework/resp"
 	"be.ems/src/framework/telnet"
 	"be.ems/src/framework/utils/ctx"
 	"be.ems/src/framework/utils/file"
@@ -642,3 +645,83 @@ func (s *UDMAuthController) Import(c *gin.Context) {
 	}
 	c.JSON(200, result.OkMsg(resultMsg))
 }
+
+// UDM鉴权用户导出解密数据
+//
+// GET /export-dec
+//
+//	@Tags			network_data/udm/auth
+//	@Accept			json
+//	@Produce		json
+//	@Param			data	body		object	true	"Request Param"
+//	@Success		200		{object}	object	"Response Results"
+//	@Security		TokenAuth
+//	@Summary		UDM Authenticated User Export Decrypted Data
+//	@Description	UDM Authenticated User Export Decrypted Data
+//	@Router			/neData/udm/auth/export-dec [get]
+func (s *UDMAuthController) ExportDec(c *gin.Context) {
+	language := ctx.AcceptLanguage(c)
+	neId := c.Query("neId")
+	if neId == "" {
+		c.JSON(400, result.CodeMsg(400, i18n.TKey(language, "app.common.err400")))
+		return
+	}
+
+	// 查询网元获取IP
+	neInfo := s.neInfoService.SelectNeInfoByNeTypeAndNeID("UDM", neId)
+	if neInfo.NeId != neId || neInfo.IP == "" {
+		c.JSON(200, result.ErrMsg(i18n.TKey(language, "app.common.noNEInfo")))
+		return
+	}
+	// 网元主机的Telnet客户端
+	telnetClient, err := s.neInfoService.NeRunTelnetClient("UDM", neId, 1)
+	if err != nil {
+		c.JSON(200, result.ErrMsg(err.Error()))
+		return
+	}
+	defer telnetClient.Close()
+
+	// 发送MML
+	// 导出解密的ki和opc 需要执行 dec authdat:imsi=all
+	// 生成文件 /user/local/etc/udm/authdata.txt
+	cmd := "dec authdat:imsi=all"
+	data, err := telnet.ConvertToStr(telnetClient, cmd)
+	if err != nil {
+		c.JSON(200, result.ErrMsg(err.Error()))
+		return
+	}
+
+	// 命令ok时
+	if strings.Contains(data, "ok") {
+		// 网元主机的SSH客户端
+		sshClient, err := s.neInfoService.NeRunSSHClient(neInfo.NeType, neInfo.NeId)
+		if err != nil {
+			c.JSON(200, resp.ErrMsg(err.Error()))
+			return
+		}
+		defer sshClient.Close()
+		// 网元主机的SSH客户端进行文件传输
+		sftpClient, err := sshClient.NewClientSFTP()
+		if err != nil {
+			c.JSON(200, resp.ErrMsg(err.Error()))
+			return
+		}
+		defer sftpClient.Close()
+
+		// 复制到本地
+		nePath := "/usr/local/etc/udm/authdata.txt"
+		localFilePath := filepath.Join("/tmp/omc/pull", filepath.Base(nePath))
+		if runtime.GOOS == "windows" {
+			localFilePath = fmt.Sprintf("C:%s", localFilePath)
+		}
+		if err = sftpClient.CopyFileRemoteToLocal(nePath, localFilePath); err != nil {
+			c.JSON(200, resp.ErrMsg(err.Error()))
+			return
+		}
+		sshClient.RunCMD("sudo rm -rf /user/local/etc/udm/authdata.txt")
+		defer os.Remove(localFilePath)
+		c.FileAttachment(localFilePath, filepath.Base(nePath))
+		return
+	}
+	c.JSON(200, result.ErrMsg("unexpected result"))
+}
--- a/src/modules/network_data/network_data.go
+++ b/src/modules/network_data/network_data.go
@@ -194,6 +194,10 @@ func Setup(router *gin.Engine) {
 			middleware.PreAuthorize(nil),
 			controller.NewAMF.NbStateList,
 		)
+		amfGroup.GET("/log/audit",
+			middleware.PreAuthorize(nil),
+			controller.NewAMF.AuditLog,
+		)
 	}

 	// 网元UPF
@@ -257,6 +261,11 @@ func Setup(router *gin.Engine) {
 			collectlogs.OperateLog(collectlogs.OptionNew("log.operate.title.udmAuth", collectlogs.BUSINESS_TYPE_IMPORT)),
 			controller.NewUDMAuth.Import,
 		)
+		udmAuthGroup.GET("/export-dec",
+			middleware.PreAuthorize(map[string][]string{"hasPerms": {"neUser:auth:export-dec"}}),
+			collectlogs.OperateLog(collectlogs.OptionNew("log.operate.title.udmAuth", collectlogs.BUSINESS_TYPE_EXPORT)),
+			controller.NewUDMAuth.ExportDec,
+		)
 	}

 	// 备份数据