From e2d17640ef7335543e38c31bae73b8941743c490 Mon Sep 17 00:00:00 2001 From: TsMask <340112800@qq.com> Date: Tue, 17 Oct 2023 19:43:49 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E5=90=88=E5=B9=B6=E4=BB=A3=E7=A0=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- features/security/account.go | 1 + features/trace/tcpdump.go | 79 +++++++++++++++++-- lib/routes/routes.go | 20 +---- restagent/etc/restconf-t.yaml | 2 +- restagent/etc/restconf.yaml | 2 +- .../config/config/config.default.yaml | 4 +- src/framework/config/config/config.local.yaml | 2 +- src/framework/config/config/config.prod.yaml | 2 +- src/framework/middleware/security/referer.go | 22 +++--- src/modules/common/service/account.impl.go | 7 +- 10 files changed, 100 insertions(+), 41 deletions(-) diff --git a/features/security/account.go b/features/security/account.go index d8c7d3a..0e593d8 100644 --- a/features/security/account.go +++ b/features/security/account.go @@ -302,6 +302,7 @@ func LoginOMC(w http.ResponseWriter, r *http.Request) { if user != nil { // 缓存用户信息 account.CacheLoginUser(user) + redis.SetByExpire("", "session_token", token, time.Second*1800) ctx.JSON(w, 200, result.OkData(map[string]any{ "accessToken": token, })) diff --git a/features/trace/tcpdump.go b/features/trace/tcpdump.go index ccab0b5..3c1ffb0 100644 --- a/features/trace/tcpdump.go +++ b/features/trace/tcpdump.go @@ -130,15 +130,15 @@ func TcpdumpNeUPFTask(w http.ResponseWriter, r *http.Request) { return } - // 开始 - if body.RunType == "start" { + // 开始telnet + if body.RunType == "start_telnet" { // 创建TCP连接 conn, err := net.Dial("tcp", fmt.Sprintf("%s:%d", neInfo.Ip, 5002)) if err != nil { - conn.Close() ctx.JSON(w, 200, result.ErrMsg(err.Error())) return } + defer conn.Close() filePcapName := fmt.Sprintf("tmp_%s_%s.pcap", body.NeType, body.NeId) cmdStr := fmt.Sprintf("pcap dispatch trace on max 100000 file %s", filePcapName) @@ -169,15 +169,15 @@ func TcpdumpNeUPFTask(w http.ResponseWriter, r *http.Request) { conn.Close() return } - // 停止 - if body.RunType == "stop" { + // 停止telnet + if body.RunType == "stop_telnet" { // 创建TCP连接 conn, err := net.Dial("tcp", fmt.Sprintf("%s:%d", neInfo.Ip, 5002)) if err != nil { - conn.Close() ctx.JSON(w, 200, result.ErrMsg(err.Error())) return } + defer conn.Close() filePcapName := fmt.Sprintf("tmp_%s_%s.pcap", body.NeType, body.NeId) cmdStr := "pcap dispatch trace off" @@ -268,5 +268,72 @@ func TcpdumpNeUPFTask(w http.ResponseWriter, r *http.Request) { return } + // 开始-脚本字符串 + if body.RunType == "start_str" { + fileLogName := fmt.Sprintf("tmp_%s_%s.log", body.NeType, body.NeId) + filePcapName := fmt.Sprintf("tmp_%s_%s.pcap", body.NeType, body.NeId) + scriptStr := "#!/bin/expect\nset capcmd [lindex $argv 0]\nspawn telnet localhost 5002\nexpect \"upfd1# \"\nsend \"$capcmd\\n\"\nexpect \"upfd1# \"\nsend \"quit\\n\"\nexpect \"eof\"" + writeLog := fmt.Sprintf(" > %s 2>&1 \ncat %s", fileLogName, fileLogName) // 执行信息写入日志文件输出,避免弹出code 127 + + capCmdStr := fmt.Sprintf("%s file %s", body.Cmd, filePcapName) + + cmdStr := fmt.Sprintf("cd /tmp\n\necho '%s' > cap.sh\n\nchmod +x cap.sh\n\n./cap.sh '%s'%s", scriptStr, capCmdStr, writeLog) + usernameNe := conf.Get("ne.user").(string) // 网元统一用户 + sshHost := fmt.Sprintf("%s@%s", usernameNe, neInfo.Ip) + msg, err := cmd.ExecWithCheck("ssh", sshHost, cmdStr) + if err != nil { + ctx.JSON(w, 200, result.ErrMsg(err.Error())) + } else { + s := strings.Index(msg, "pcap dispatch trace:") + if s != -1 { + e := strings.Index(msg, "\r\nupfd1#") + msg = msg[s:e] + } else { + msg = "Executed, please stop before proceeding" + } + ctx.JSON(w, 200, result.OkData(map[string]any{ + "cmd": capCmdStr, + "msg": msg, + "fileName": filePcapName, + })) + } + return + } + // 停止-脚本字符串 + if body.RunType == "stop_str" { + fileLogName := fmt.Sprintf("tmp_%s_%s.log", body.NeType, body.NeId) + filePcapName := fmt.Sprintf("tmp_%s_%s.pcap", body.NeType, body.NeId) + scriptStr := "#!/bin/expect\nset capcmd [lindex $argv 0]\nspawn telnet localhost 5002\nexpect \"upfd1# \"\nsend \"$capcmd\\n\"\nexpect \"upfd1# \"\nsend \"quit\\n\"\nexpect \"eof\"" + writeLog := fmt.Sprintf(" > %s 2>&1 \ncat %s", fileLogName, fileLogName) // 执行信息写入日志文件输出,避免弹出code 127 + + capCmdStr := body.Cmd + + cmdStr := fmt.Sprintf("cd /tmp\n\necho '%s' > cap.sh\n\nchmod +x cap.sh\n\n./cap.sh '%s'%s", scriptStr, capCmdStr, writeLog) + + usernameNe := conf.Get("ne.user").(string) // 网元统一用户 + sshHost := fmt.Sprintf("%s@%s", usernameNe, neInfo.Ip) + msg, err := cmd.ExecWithCheck("ssh", sshHost, cmdStr) + if err != nil { + ctx.JSON(w, 200, result.ErrMsg(err.Error())) + } else { + s := strings.Index(msg, "pcap dispatch trace:") + if s == -1 { + s = strings.Index(msg, "Write ") + } + if s != -1 { + e := strings.Index(msg, "\r\nupfd1#") + msg = msg[s:e] + } else { + msg = "No stoppable found" + } + ctx.JSON(w, 200, result.OkData(map[string]any{ + "cmd": capCmdStr, + "msg": msg, + "fileName": filePcapName, + })) + } + return + } + ctx.JSON(w, 200, result.ErrMsg("runType is start or stop")) } diff --git a/lib/routes/routes.go b/lib/routes/routes.go index 8ada599..0a97156 100644 --- a/lib/routes/routes.go +++ b/lib/routes/routes.go @@ -71,22 +71,10 @@ func init() { Register("GET", sm.CustomUriOMCLocalTime, sm.GetOMCLocalTime, nil) // 数据库直连操作权限 - selectPermission := midware.Authorize(map[string][]string{ - "hasRoles": {"dba"}, - "hasPerms": {"db:select"}, - }) - updatePermission := midware.Authorize(map[string][]string{ - "hasRoles": {"dba"}, - "hasPerms": {"db:update"}, - }) - insertPermission := midware.Authorize(map[string][]string{ - "hasRoles": {"dba"}, - "hasPerms": {"db:insert"}, - }) - deletePermission := midware.Authorize(map[string][]string{ - "hasRoles": {"dba"}, - "hasPerms": {"db:delete"}, - }) + selectPermission := midware.Authorize(map[string][]string{}) + updatePermission := midware.Authorize(map[string][]string{}) + insertPermission := midware.Authorize(map[string][]string{}) + deletePermission := midware.Authorize(map[string][]string{}) // database management Register("GET", dbrest.XormGetDataUri, dbrest.DatabaseGetData, selectPermission) diff --git a/restagent/etc/restconf-t.yaml b/restagent/etc/restconf-t.yaml index bafe50f..2a8acc4 100644 --- a/restagent/etc/restconf-t.yaml +++ b/restagent/etc/restconf-t.yaml @@ -62,7 +62,7 @@ ne: # chk2ne: true/false, if put OmcNeConfig parameters to NE omc: - uriPrefix: /api/rest/oam + uriPrefix: "/omc/rest" neType: OMC neId: 001 rmUID: 4400HX101 diff --git a/restagent/etc/restconf.yaml b/restagent/etc/restconf.yaml index 0cbfd00..d31683e 100644 --- a/restagent/etc/restconf.yaml +++ b/restagent/etc/restconf.yaml @@ -92,7 +92,7 @@ omc: checksign: false backup: ./backup upload: ./upload - frontUpload: C:\AMP\Probject\ems_frontend\upload + frontUpload: d:/local.git/fe.ems/upload frontTraceDir: d:/local.git/fe.ems/trace software: ./software license: ./license diff --git a/src/framework/config/config/config.default.yaml b/src/framework/config/config/config.default.yaml index 0a0bc1f..2a5daa6 100644 --- a/src/framework/config/config/config.default.yaml +++ b/src/framework/config/config/config.default.yaml @@ -1,7 +1,7 @@ # 项目信息 framework: name: "ems_agt" - version: "1.6.2" + version: "0.0.1" # 应用服务配置 server: @@ -12,7 +12,7 @@ server: # 日志 logger: - fileDir: "/usr/local/omc/logs" + fileDir: "/usr/local/omc/log" fileName: "ems_agt.log" level: 2 # 日志记录的等级 0:silent<1:info<2:warn<3:error maxDay: 30 # 日志会保留 30 天 diff --git a/src/framework/config/config/config.local.yaml b/src/framework/config/config/config.local.yaml index 5ea34a6..a0b210e 100644 --- a/src/framework/config/config/config.local.yaml +++ b/src/framework/config/config/config.local.yaml @@ -4,7 +4,7 @@ server: # 日志 logger: - fileDir: "C:/usr/local/omc/logs" + fileDir: "C:/usr/local/omc/log" level: 0 # 输出最低等级 # 静态文件配置, 相对项目根路径或填绝对路径 diff --git a/src/framework/config/config/config.prod.yaml b/src/framework/config/config/config.prod.yaml index 3323c4b..36cccb2 100644 --- a/src/framework/config/config/config.prod.yaml +++ b/src/framework/config/config/config.prod.yaml @@ -1,6 +1,6 @@ # 应用服务配置 server: - port: 3040 + port: 3030 proxy: true # security 安全 diff --git a/src/framework/middleware/security/referer.go b/src/framework/middleware/security/referer.go index b716f7f..f4e4ba2 100644 --- a/src/framework/middleware/security/referer.go +++ b/src/framework/middleware/security/referer.go @@ -15,6 +15,9 @@ func referer(c *gin.Context) { if v := config.Get("security.csrf.enable"); v != nil { enable = v.(bool) } + if !enable { + return + } // csrf 校验类型 okType := false @@ -59,16 +62,15 @@ func referer(c *gin.Context) { } } - if enable && okType { - ok := false - for _, domain := range refererWhiteList { - if domain == host { - ok = true - } - } - if !ok { - c.AbortWithStatusJSON(200, result.ErrMsg("无效 Referer "+host)) - return + // 遍历检查 + ok := false + for _, domain := range refererWhiteList { + if domain == host { + ok = true } } + if !ok { + c.AbortWithStatusJSON(200, result.ErrMsg("无效 Referer "+host)) + return + } } diff --git a/src/modules/common/service/account.impl.go b/src/modules/common/service/account.impl.go index 82d0c8f..a598a83 100644 --- a/src/modules/common/service/account.impl.go +++ b/src/modules/common/service/account.impl.go @@ -128,11 +128,12 @@ func (s *AccountImpl) passwordRetryCount(username string) (string, int64, time.D retryCount = "0" } // 是否超过错误值 - if parse.Number(retryCount) >= int64(maxRetryCount) { + retryCountInt64 := parse.Number(retryCount) + if retryCountInt64 >= int64(maxRetryCount) { msg := fmt.Sprintf("密码输入错误 %d 次,帐户锁定 %d 分钟", maxRetryCount, lockTime) - return retrykey, int64(maxRetryCount), time.Duration(lockTime) * time.Minute, errors.New(msg) + return retrykey, retryCountInt64, time.Duration(lockTime) * time.Minute, errors.New(msg) } - return retrykey, int64(maxRetryCount), time.Duration(lockTime) * time.Minute, nil + return retrykey, retryCountInt64, time.Duration(lockTime) * time.Minute, nil } // RoleAndMenuPerms 角色和菜单数据权限