Merge branch 'develop'

changelogs.md

@@ -0,0 +1,40 @@
+# v6.1.1.3 build_20190617
+
+- 加入打包脚本与安装脚本
+
+# v6.1.1.2
+
+- API 访问控制支持白名单和黑名单
+
+# v6.1.1.1
+
+- 加入 routeros hostpot wifi 认证支持
+
+# v6.1.1.0
+
+- 加入radsec 协议支持
+
+# v6.1.0.1
+
+- 增加无线认证模块，支持帐号，固定密码， 短信，微信连WiFi四种认证模式
+- 增加无线认证的配置模块
+- 增加批量创建用户功能
+- 增加用户模拟拨号测试功能
+- 控制面板扩展，增加认证结果统计，认证耗时统计，在线趋势统计
+- 优化UI界面
+- 修复上一版本的BUG
+
+
+# v6.0.1.1
+
+- 数据库结构调整
+- 大量界面调整，添加标签模式
+- 修复以前版本中的错误
+- 内存日志模块优化
+
+
+# v6.0.0.1  20190326
+
+- 基于Java语言重新开发。提供了一个高性能的 RADIUS 处理引擎，同时提供了一个简洁易用的 WEB管理界面，可以轻松上手。
+- [基本功能清单见](https://github.com/talkincode/ToughRADIUS/wiki/features)
+

release.sh

@@ -0,0 +1,41 @@
+#!/bin/sh
+currdir=$PWD
+version="v6.1.1.3"
+releasedir=${currdir}/release/toughradius-${version}
+releasefile=toughradius-${version}.zip
+
+
+build_version()
+{
+    echo "release version ${version}"
+    test -d ${releasedir} || mkdir ${releasedir}
+    rm -fr ${releasedir}/*
+    test -f ${releasefile} && rm -f ${releasefile}
+
+    cp -r ${currdir}/src/main/resources/portal ${releasedir}
+    cp ${currdir}/scripts/application-prod.properties ${releasedir}/application-prod.properties
+    cp ${currdir}/scripts/createdb.sql ${releasedir}/createdb.sql
+    cp ${currdir}/scripts/database.sql ${releasedir}/database.sql
+    cp ${currdir}/scripts/init.sql ${releasedir}/init.sql
+    cp ${currdir}/scripts/installer.sh ${releasedir}/installer.sh
+    cp ${currdir}/scripts/toughradius.service ${releasedir}/toughradius.service
+    cp ${currdir}/scripts/linux-installer.md ${releasedir}/linux-installer.md
+    cp ${currdir}/README.md ${releasedir}/README.md
+    dos2unix ${releasedir}/*.properties
+    dos2unix ${releasedir}/*.sql
+    dos2unix ${releasedir}/*.sh
+    dos2unix ${releasedir}/*.service
+    cp ${currdir}/scripts/startup.bat ${releasedir}/startup.bat
+    cp ${currdir}/target/toughradius-latest.jar ${releasedir}/toughradius-latest.jar
+    cd ${currdir}/release && zip -r ${releasefile} toughradius-${version}
+    echo "release file ${releasefile}"
+}
+
+
+case "$1" in
+
+  build)
+    build_version
+  ;;
+
+esac

scripts/application-prod.properties

@@ -12,4 +12,7 @@ spring.datasource.url=${RADIUS_DBURL:jdbc:mysql://127.0.0.1:3306/toughradius?ser
 spring.datasource.username=${RADIUS_DBUSER:raduser}
 spring.datasource.password=${RADIUS_DBPWD:radpwd}
 spring.datasource.max-active=${RADIUS_DBPOOL:120}
-spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
+spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
+
+# custom wlan portal template path
+#org.toughradius.portal.templateDir=file:/opt/portal/

scripts/database.sql

@@ -1,3 +1,5 @@
+use toughradius;
+
 create table if not exists tr_bras
 (
 	id bigint auto_increment primary key,

scripts/init.sql

@@ -1,3 +1,4 @@
+use toughradius;
 INSERT INTO toughradius.tr_bras
 (identifier, name, ipaddr, vendor_id, portal_vendor,secret, coa_port,ac_port, auth_limit, acct_limit, STATUS, remark, create_time)
 VALUES ('radius-tester', 'radius-tester', '127.0.0.1', '14988',"cmccv1", 'secret', 3799,2000, 1000, 1000, NULL, '0', '2019-03-01 14:07:46');

scripts/installer.sh

@@ -0,0 +1,35 @@
+#!/bin/sh
+
+install_package()
+{
+    \cp application-prod.properties /opt/application-prod.properties
+    \cp toughradius-latest.jar /opt/toughradius-latest.jar
+    \cp toughradius.service /usr/lib/systemd/system/toughradius.service
+    \cp -r portal /opt/
+    systemctl enable toughradius
+    echo "install done, please exec systenctl start toughradius after initdb"
+}
+
+setup_mysql()
+{
+    echo "create database toughradius"
+    mysql -uroot -p -e "create database toughradius DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
+    echo "GRANT db user"
+    mysql -uroot -p -e "GRANT ALL ON toughradius.* TO raduser@'127.0.0.1' IDENTIFIED BY 'radpwd' WITH GRANT OPTION;FLUSH PRIVILEGES;" -v
+    echo "create tables"
+    mysql -uroot -p  < database.sql
+    echo "insert test data"
+    mysql -uroot -p  < init.sql
+}
+
+case "$1" in
+
+  initdb)
+    setup_mysql
+  ;;
+
+  install)
+    install_package
+  ;;
+
+esac

scripts/linux-installer.md

@@ -0,0 +1,37 @@
+## 系统环境依赖
+
+- 操作系统：Linux(推荐CentOS7)
+- java 版本: 1.8
+- 数据库服务器：MySQL/MariaDB
+
+## 上传安装包到服务器
+
+通过sftp或ftp上传安装包到服务器目录并解压， 通过终端 cd 进入解压目录， 比如
+
+> /opt/toughradius-v6.1.1.3
+
+## 数据库初始化
+
+> 数据库的安装配置请自行完成,首先确保你的数据库服务器已经运行
+
+执行安装目录下的 installer.sh 脚本进行初始化数据库
+
+> sh installer.sh initdb
+
+## 安装服务程序
+
+> sh installer.sh install
+
+## 修改配置
+
+注意修改 /opt/application-prod.properties 配置文件中的数据库部分
+
+如果希望使用自定义的模板，请取消该行注释
+
+> `#org.toughradius.portal.templateDir=file:/opt/portal/`
+
+/opt/portal/ 是自定义模板目录， 可以参照安装包里的模板进行修改
+
+## 运行服务
+
+> systemctl start toughradius

scripts/startup.bat

@@ -1 +1 @@
-java -jar -Xms256m -Xmx1024G toughradius-latest.jar  --spring.profiles.active=prod
+java -jar -Xms256m -Xmx1024M toughradius-latest.jar  --spring.profiles.active=prod

src/main/java/org/toughradius/common/CookieUtils.java

@@ -0,0 +1,34 @@
+package org.toughradius.common;
+import org.toughradius.common.coder.Encypt;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+public class CookieUtils {
+
+    public static String getCookie(HttpServletRequest request,String cookieName){
+        Cookie[] cookies =  request.getCookies();
+        String ename = Encypt.encrypt(cookieName);
+        if(cookies != null){
+            for(Cookie cookie : cookies){
+                if(cookie.getName().equals(ename)){
+                    return Encypt.decrypt(cookie.getValue());
+                }
+            }
+        }
+        return null;
+    }
+
+
+
+    public static void writeCookie(HttpServletResponse response, String cookieName,String value){
+        Cookie cookie = new Cookie(Encypt.encrypt(cookieName),Encypt.encrypt(value));
+        cookie.setPath("/");
+        cookie.setMaxAge(86400*30);
+        response.addCookie(cookie);
+    }
+
+
+
+}

src/main/java/org/toughradius/component/OnlineCache.java

@@ -516,6 +516,24 @@ public  List<RadiusOnline> queryOnlineByIds(String ids){
 
     }
 
+
+    /**
+     * 根据用户名强制下线
+     */
+    public void unlockOnlineByUser(String username)
+    {
+        try{
+            lock.unLock();
+            for (RadiusOnline _online : cacheData.values()) {
+                if (username.equals(_online.getUsername())) {
+                    asyncUnlockOnline(_online.getAcctSessionId());
+                }
+            }
+        }finally {
+            lock.unLock();
+        }
+    }
+
     public int clearOnlineByFilter(String nodeId, Integer invlan,Integer outVlan,String nasAddr, String nasId, String beginTime, String endTime,  String keyword){
         try{
             lock.lock();

src/main/java/org/toughradius/config/AccessInterceptor.java

@@ -15,6 +15,8 @@
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import java.net.InetAddress;
+import java.util.Objects;
 
 @Configuration
 public class AccessInterceptor extends HandlerInterceptorAdapter implements Constant {
@@ -34,9 +36,55 @@ public class AccessInterceptor extends HandlerInterceptorAdapter implements Cons
     @Autowired
     protected ConfigService cfgService;
 
+    private String getIpAddr(HttpServletRequest request) {
+        String ip = request.getHeader("x-forwarded-for");
+        if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
+            ip = request.getHeader("Proxy-Client-IP");
+        }
+        if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
+            ip = request.getHeader("WL-Proxy-Client-IP");
+        }
+        if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
+            ip = request.getRemoteAddr();
+            if(ip.equals("127.0.0.1")){
+                //根据网卡取本机配置的IP
+                InetAddress inet=null;
+                try {
+                    inet = InetAddress.getLocalHost();
+                } catch (Exception e) {
+                    e.printStackTrace();
+                }
+                ip= Objects.requireNonNull(inet).getHostAddress();
+            }
+        }
+        // 多个代理的情况，第一个IP为客户端真实IP,多个IP按照','分割
+        if(ip != null && ip.length() > 15){
+            if(ip.indexOf(",")>0){
+                ip = ip.substring(0,ip.indexOf(","));
+            }
+        }
+        return ip;
+    }
+
 
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+        String ip = getIpAddr(request);
+
+        // 白名单检测
+        String allows = cfgService.getStringValue(API_MODULE,API_ALLOW_IPLIST);
+        if(ValidateUtil.isNotEmpty(allows) && allows.contains(ip)){
+            return true;
+        }
+
+        // 黑名单检测
+        String blacks = cfgService.getStringValue(API_MODULE,API_BLACK_IPLIST);
+        if(ValidateUtil.isNotEmpty(blacks) && blacks.contains(ip)){
+            response.setStatus(HttpServletResponse.SC_FORBIDDEN);
+            response.getWriter().print(gson.toJson(new RestResult(1,"Forbidden, black ip " + ip)));
+            return false;
+        }
+
         String header = request.getHeader("Authorization");
         response.setContentType("application/json;charset=UTF-8");
         if(ValidateUtil.isEmpty(header)){