From 05cc45b068e3f83f54669a0bd1594858c904552b Mon Sep 17 00:00:00 2001 From: yisier <1340976576@qq.com> Date: Thu, 1 Jun 2023 18:01:43 +0800 Subject: [PATCH] =?UTF-8?q?=20=20***=E4=BF=AE=E5=A4=8D***=EF=BC=9Ahttps=20?= =?UTF-8?q?=E6=B5=81=E9=87=8F=E4=B8=8D=E7=BB=9F=E8=AE=A1=20Bug=20=E4=BF=AE?= =?UTF-8?q?=E5=A4=8D=E3=80=82=20=20=20***=E6=96=B0=E5=A2=9E***=EF=BC=9A?= =?UTF-8?q?=E6=96=B0=E5=A2=9E=E5=85=A8=E5=B1=80=E9=BB=91=E5=90=8D=E5=8D=95?= =?UTF-8?q?IP=EF=BC=8C=E7=94=A8=E4=BA=8E=E9=98=B2=E6=AD=A2=E8=A2=AB?= =?UTF-8?q?=E8=82=89=E9=B8=A1=E6=89=AB=E6=8F=8F=E7=AB=AF=E5=8F=A3=E6=88=96?= =?UTF-8?q?=E8=A2=AB=E6=81=B6=E6=84=8F=E6=94=BB=E5=87=BB=E3=80=82=20=20=20?= =?UTF-8?q?***=E6=96=B0=E5=A2=9E***=EF=BC=9A=E6=96=B0=E5=A2=9E=E5=AE=A2?= =?UTF-8?q?=E6=88=B7=E7=AB=AF=E4=B8=8A=E6=AC=A1=E5=9C=A8=E7=BA=BF=E6=97=B6?= =?UTF-8?q?=E9=97=B4=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 6 +++++ lib/file/db.go | 11 ++++++++ lib/file/file.go | 49 +++++++++++++++++++++++++++++----- lib/file/obj.go | 1 + lib/version/version.go | 2 +- server/proxy/base.go | 21 +++++++++++++++ server/proxy/http.go | 6 +++++ server/proxy/udp.go | 5 ++++ server/server.go | 1 + web/controllers/global.go | 47 ++++++++++++++++++++++++++++++++ web/routers/router.go | 3 +++ web/static/js/language.js | 12 +++++++++ web/static/page/languages.xml | 14 ++++++++++ web/views/client/list.html | 1 + web/views/global/index.html | 44 ++++++++++++++++++++++++++++++ web/views/index/index.html | 50 ----------------------------------- web/views/public/layout.html | 9 +++++++ 17 files changed, 224 insertions(+), 58 deletions(-) create mode 100644 web/controllers/global.go create mode 100644 web/views/global/index.html diff --git a/README.md b/README.md index 17aaf5f2..25f8f021 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,12 @@ ## 更新日志 +- 2023-06-01 v0.26.16 + ***修复***:https 流量不统计 Bug 修复。 + ***新增***:新增全局黑名单IP,用于防止被肉鸡扫描端口或被恶意攻击。 + ***新增***:新增客户端上次在线时间。 + + - 2023-02-24 v0.26.15 ***修复***:更新程序 url 更改到当前仓库中 ***修复***:nps 在外部路径启动时找不到配置文件 diff --git a/lib/file/db.go b/lib/file/db.go index 86cfac62..8701ecd9 100644 --- a/lib/file/db.go +++ b/lib/file/db.go @@ -29,6 +29,7 @@ func GetDb() *DbUtils { jsonDb.LoadClientFromJsonFile() jsonDb.LoadTaskFromJsonFile() jsonDb.LoadHostFromJsonFile() + jsonDb.LoadGlobalFromJsonFile() Db = &DbUtils{JsonDb: jsonDb} }) return Db @@ -115,6 +116,12 @@ func (s *DbUtils) UpdateTask(t *Tunnel) error { return nil } +func (s *DbUtils) SaveGlobal(t *Glob) error { + s.JsonDb.Global = t + s.JsonDb.StoreGlobalToJsonFile() + return nil +} + func (s *DbUtils) DelTask(id int) error { s.JsonDb.Tasks.Delete(id) s.JsonDb.StoreTasksToJsonFile() @@ -288,6 +295,10 @@ func (s *DbUtils) GetClient(id int) (c *Client, err error) { return } +func (s *DbUtils) GetGlobal() (c *Glob) { + return s.JsonDb.Global +} + func (s *DbUtils) GetClientIdByVkey(vkey string) (id int, err error) { var exist bool s.JsonDb.Clients.Range(func(key, value interface{}) bool { diff --git a/lib/file/file.go b/lib/file/file.go index 22aada30..601714c6 100644 --- a/lib/file/file.go +++ b/lib/file/file.go @@ -29,7 +29,7 @@ type JsonDb struct { Hosts sync.Map HostsTmp sync.Map Clients sync.Map - Global sync.Map + Global *Glob RunPath string ClientIncreaseId int32 //client increased id TaskIncreaseId int32 //task increased id @@ -95,12 +95,12 @@ func (s *JsonDb) LoadHostFromJsonFile() { } func (s *JsonDb) LoadGlobalFromJsonFile() { - loadSyncMapFromFile(s.GlobalFilePath, func(v string) { + loadSyncMapFromFileWithSingleJson(s.GlobalFilePath, func(v string) { post := new(Glob) if json.Unmarshal([]byte(v), &post) != nil { return } - s.Global.Store("value", post) + s.Global = post }) } @@ -141,7 +141,7 @@ var globalLock sync.Mutex func (s *JsonDb) StoreGlobalToJsonFile() { globalLock.Lock() - storeSyncMapToFile(s.Global, s.GlobalFilePath) + storeGlobalToFile(s.Global, s.GlobalFilePath) globalLock.Unlock() } @@ -167,6 +167,19 @@ func loadSyncMapFromFile(filePath string, f func(value string)) { } } +func loadSyncMapFromFileWithSingleJson(filePath string, f func(value string)) { + if !common.FileExists(filePath) { + return + } + + b, err := common.ReadAllFromFile(filePath) + if err != nil { + panic(err) + } + + f(string(b)) +} + func storeSyncMapToFile(m sync.Map, filePath string) { file, err := os.Create(filePath + ".tmp") // first create a temporary file to store @@ -195,9 +208,9 @@ func storeSyncMapToFile(m sync.Map, filePath string) { return true } b, err = json.Marshal(obj) - case *Glob: - obj := value.(*Glob) - b, err = json.Marshal(obj) + //case *Glob: + // obj := value.(*Glob) + // b, err = json.Marshal(obj) default: return true } @@ -223,3 +236,25 @@ func storeSyncMapToFile(m sync.Map, filePath string) { } // replace the file, maybe provides atomic operation } + +func storeGlobalToFile(m *Glob, filePath string) { + file, err := os.Create(filePath + ".tmp") + // first create a temporary file to store + if err != nil { + panic(err) + } + + var b []byte + b, err = json.Marshal(m) + _, err = file.Write(b) + if err != nil { + panic(err) + } + _ = file.Sync() + _ = file.Close() + // must close file first, then rename it + err = os.Rename(filePath+".tmp", filePath) + if err != nil { + logs.Error(err, "store to file err, data will lost") + } +} diff --git a/lib/file/obj.go b/lib/file/obj.go index aff9f77a..1a11c8ab 100644 --- a/lib/file/obj.go +++ b/lib/file/obj.go @@ -52,6 +52,7 @@ type Client struct { MaxTunnelNum int Version string BlackIpList []string + LastOnlineTime string sync.RWMutex } diff --git a/lib/version/version.go b/lib/version/version.go index 93a8bf0b..63bb0776 100644 --- a/lib/version/version.go +++ b/lib/version/version.go @@ -1,6 +1,6 @@ package version -const VERSION = "0.26.14" +const VERSION = "0.26.16" // Compulsory minimum version, Minimum downward compatibility to this version func GetVersion() string { diff --git a/server/proxy/base.go b/server/proxy/base.go index edf75899..e4c9a92b 100644 --- a/server/proxy/base.go +++ b/server/proxy/base.go @@ -97,6 +97,12 @@ func in(target string, str_array []string) bool { func (s *BaseServer) DealClient(c *conn.Conn, client *file.Client, addr string, rb []byte, tp string, f func(), flow *file.Flow, localProxy bool, task *file.Tunnel) error { + // 判断访问地址是否在全局黑名单内 + if IsGlobalBlackIp(c.RemoteAddr().String()) { + c.Close() + return nil + } + // 判断访问地址是否在黑名单内 if common.IsBlackIp(c.RemoteAddr().String(), client.VerifyKey, client.BlackIpList) { c.Close() @@ -116,3 +122,18 @@ func (s *BaseServer) DealClient(c *conn.Conn, client *file.Client, addr string, } return nil } + +// 判断访问地址是否在全局黑名单内 +func IsGlobalBlackIp(ipPort string) bool { + // 判断访问地址是否在全局黑名单内 + global := file.GetDb().GetGlobal() + if global != nil { + ip := common.GetIpByAddr(ipPort) + if in(ip, global.BlackIpList) { + logs.Error("IP地址[" + ip + "]在全局黑名单列表内") + return true + } + } + + return false +} diff --git a/server/proxy/http.go b/server/proxy/http.go index 79dd5696..9c68f9aa 100644 --- a/server/proxy/http.go +++ b/server/proxy/http.go @@ -166,6 +166,12 @@ reset: return } + // 判断访问地址是否在全局黑名单内 + if IsGlobalBlackIp(c.RemoteAddr().String()) { + c.Close() + return + } + // 判断访问地址是否在黑名单内 if common.IsBlackIp(c.RemoteAddr().String(), host.Client.VerifyKey, host.Client.BlackIpList) { c.Close() diff --git a/server/proxy/udp.go b/server/proxy/udp.go index 0bf9eb97..a59e9f19 100755 --- a/server/proxy/udp.go +++ b/server/proxy/udp.go @@ -47,6 +47,11 @@ func (s *UdpModeServer) Start() error { continue } + // 判断访问地址是否在全局黑名单内 + if IsGlobalBlackIp(addr.String()) { + break + } + // 判断访问地址是否在黑名单内 if common.IsBlackIp(addr.String(), s.task.Client.VerifyKey, s.task.Client.BlackIpList) { break diff --git a/server/server.go b/server/server.go index 357218e9..9296c8b8 100644 --- a/server/server.go +++ b/server/server.go @@ -288,6 +288,7 @@ func dealClientData() { v := value.(*file.Client) if vv, ok := Bridge.Client.Load(v.Id); ok { v.IsConnect = true + v.LastOnlineTime = time.Now().Format("2006-01-02 15:04:05") v.Version = vv.(*bridge.Client).Version } else { v.IsConnect = false diff --git a/web/controllers/global.go b/web/controllers/global.go new file mode 100644 index 00000000..760ad810 --- /dev/null +++ b/web/controllers/global.go @@ -0,0 +1,47 @@ +package controllers + +import ( + "ehang.io/nps/lib/file" + "strings" +) + +type GlobalController struct { + BaseController +} + +func (s *GlobalController) Index() { + //if s.Ctx.Request.Method == "GET" { + // + // return + //} + s.Data["menu"] = "global" + s.SetInfo("global") + s.display("global/index") + + global := file.GetDb().GetGlobal() + if global == nil { + return + } + s.Data["globalBlackIpList"] = strings.Join(global.BlackIpList, "\r\n") +} + +//添加全局黑名单IP +func (s *GlobalController) Save() { + //global, err := file.GetDb().GetGlobal() + //if err != nil { + // return + //} + if s.Ctx.Request.Method == "GET" { + s.Data["menu"] = "global" + s.SetInfo("save global") + s.display() + } else { + + t := &file.Glob{BlackIpList: RemoveRepeatedElement(strings.Split(s.getEscapeString("globalBlackIpList"), "\r\n"))} + + if err := file.GetDb().SaveGlobal(t); err != nil { + s.AjaxErr(err.Error()) + } + s.AjaxOk("save success") + } +} diff --git a/web/routers/router.go b/web/routers/router.go index 51ab97d1..be289dbd 100755 --- a/web/routers/router.go +++ b/web/routers/router.go @@ -14,6 +14,7 @@ func Init() { beego.NSAutoRouter(&controllers.LoginController{}), beego.NSAutoRouter(&controllers.ClientController{}), beego.NSAutoRouter(&controllers.AuthController{}), + beego.NSAutoRouter(&controllers.GlobalController{}), ) beego.AddNamespace(ns) } else { @@ -22,5 +23,7 @@ func Init() { beego.AutoRouter(&controllers.LoginController{}) beego.AutoRouter(&controllers.ClientController{}) beego.AutoRouter(&controllers.AuthController{}) + beego.AutoRouter(&controllers.GlobalController{}) + } } diff --git a/web/static/js/language.js b/web/static/js/language.js index 2aab40bd..bddc8d62 100644 --- a/web/static/js/language.js +++ b/web/static/js/language.js @@ -161,6 +161,18 @@ function submitform(action, url, postdata) { } } }); + case 'global': + $.ajax({ + type: "POST", + url: url, + data: postdata, + success: function (res) { + alert(langreply(res.msg)); + if (res.status) { + document.location.reload(); + } + } + }); } } diff --git a/web/static/page/languages.xml b/web/static/page/languages.xml index 6fe57ae3..8a5e8931 100644 --- a/web/static/page/languages.xml +++ b/web/static/page/languages.xml @@ -237,6 +237,10 @@ 仪表盘 Dashboard + + 全局参数 + Global Params + 出口流量 Export Flow @@ -707,6 +711,12 @@ IP Black List + + + 全局IP黑名单(防暴力破解) + Global IP Black List + + 例如 10.1.50.203 10.1.50.202 such as 10.1.50.203 10.1.50.202 @@ -723,6 +733,10 @@ IP Black List + + 上次在线时间 + Last Online Time + diff --git a/web/views/client/list.html b/web/views/client/list.html index 81312451..0c9e1416 100644 --- a/web/views/client/list.html +++ b/web/views/client/list.html @@ -71,6 +71,7 @@
+ ':  ' + ':

' + ': ' + row.BlackIpList + ' 

' + + ': ' + row.LastOnlineTime + ' 

' + ': ' + "./npc{{.win}} -server={{.ip}}:{{.p}} -vkey=" + row.VerifyKey + " -type=" +{{.bridgeType}} +"" }, //表格的列 diff --git a/web/views/global/index.html b/web/views/global/index.html new file mode 100644 index 00000000..7489e8fb --- /dev/null +++ b/web/views/global/index.html @@ -0,0 +1,44 @@ +
+ +
+
+
+
+
+
+
+ +
+
+ +
+ + +
+
+ +
+
+ +
+
+
+
+
+
+
+ + +
+ + diff --git a/web/views/index/index.html b/web/views/index/index.html index a3f03b3e..ebfbe4d9 100644 --- a/web/views/index/index.html +++ b/web/views/index/index.html @@ -46,56 +46,6 @@

{{.data.tcpCount}}

- - - -
-
-
-
-
-
-
- -
-
- -
- - -
-
- -
-
- -
-
-
- -
-
-
-
- - - - - - - - - - - - - - - - -
diff --git a/web/views/public/layout.html b/web/views/public/layout.html index 0859093b9..4047d6f0 100644 --- a/web/views/public/layout.html +++ b/web/views/public/layout.html @@ -54,6 +54,9 @@ + + +
  • @@ -90,6 +93,12 @@
  • + +
  • + + +
  • +