From 85818c2630a5e499dd1a57f090b98f2a403c0959 Mon Sep 17 00:00:00 2001 From: UUBulb <35923940+uubulb@users.noreply.github.com> Date: Thu, 26 Dec 2024 23:38:40 +0800 Subject: [PATCH] bug fixes (#918) * bug fixes * fix for backward compatibility * fix init * cleanup * possible fix * optimize permission check * Revert "possible fix" This reverts commit 003f1bbb2aa368aade6702e6019922b7f4871a39. --- cmd/dashboard/controller/notification_group.go | 2 +- model/alertrule.go | 10 +++------- service/rpc/auth.go | 2 +- service/singleton/alertsentinel.go | 5 ++++- service/singleton/user.go | 7 +++++++ 5 files changed, 16 insertions(+), 10 deletions(-) diff --git a/cmd/dashboard/controller/notification_group.go b/cmd/dashboard/controller/notification_group.go index 8f5eef6..0569b4f 100644 --- a/cmd/dashboard/controller/notification_group.go +++ b/cmd/dashboard/controller/notification_group.go @@ -168,7 +168,7 @@ func updateNotificationGroup(c *gin.Context) (any, error) { ngf.Notifications = slices.Compact(ngf.Notifications) var count int64 - if err := singleton.DB.Model(&model.Server{}).Where("id in (?)", ngf.Notifications).Count(&count).Error; err != nil { + if err := singleton.DB.Model(&model.Notification{}).Where("id in (?)", ngf.Notifications).Count(&count).Error; err != nil { return nil, newGormError("%v", err) } if count != int64(len(ngf.Notifications)) { diff --git a/model/alertrule.go b/model/alertrule.go index b505cf5..2653b1c 100644 --- a/model/alertrule.go +++ b/model/alertrule.go @@ -62,13 +62,9 @@ func (r *AlertRule) Enabled() bool { } // Snapshot 对传入的Server进行该报警规则下所有type的检查 返回每项检查结果 -func (r *AlertRule) Snapshot(cycleTransferStats *CycleTransferStats, server *Server, db *gorm.DB, role uint8) []bool { +func (r *AlertRule) Snapshot(cycleTransferStats *CycleTransferStats, server *Server, db *gorm.DB) []bool { point := make([]bool, len(r.Rules)) - if r.UserID != server.UserID && role != RoleAdmin { - return point - } - for i, rule := range r.Rules { point[i] = rule.Snapshot(cycleTransferStats, server, db) } @@ -85,8 +81,8 @@ func (r *AlertRule) Check(points [][]bool) (maxDuration int, passed bool) { if maxDuration < 1 { maxDuration = 1 } - for j := len(points[i]) - 1; j >= 0; j-- { - if !points[i][j] { + for j := len(points) - 1; j >= 0; j-- { + if !points[j][i] { failCount++ break } diff --git a/service/rpc/auth.go b/service/rpc/auth.go index d91bf6d..fa601dd 100644 --- a/service/rpc/auth.go +++ b/service/rpc/auth.go @@ -38,7 +38,7 @@ func (a *authHandler) Check(ctx context.Context) (uint64, error) { singleton.UserLock.RLock() userId, ok := singleton.AgentSecretToUserId[clientSecret] - if !ok && clientSecret != singleton.Conf.AgentSecretKey { + if !ok { singleton.UserLock.RUnlock() model.BlockIP(singleton.DB, ip, model.WAFBlockReasonTypeAgentAuthFail, model.BlockIDgRPC) return 0, status.Error(codes.Unauthenticated, "客户端认证失败") diff --git a/service/singleton/alertsentinel.go b/service/singleton/alertsentinel.go index ec20a80..891f487 100644 --- a/service/singleton/alertsentinel.go +++ b/service/singleton/alertsentinel.go @@ -151,8 +151,11 @@ func checkStatus() { role = u.Role } UserLock.RUnlock() + if alert.UserID != server.UserID && role != model.RoleAdmin { + continue + } alertsStore[alert.ID][server.ID] = append(alertsStore[alert. - ID][server.ID], alert.Snapshot(AlertsCycleTransferStatsStore[alert.ID], server, DB, role)) + ID][server.ID], alert.Snapshot(AlertsCycleTransferStatsStore[alert.ID], server, DB)) // 发送通知,分为触发报警和恢复通知 max, passed := alert.Check(alertsStore[alert.ID][server.ID]) // 保存当前服务器状态信息 diff --git a/service/singleton/user.go b/service/singleton/user.go index ab883d6..ef972d0 100644 --- a/service/singleton/user.go +++ b/service/singleton/user.go @@ -21,6 +21,13 @@ func initUser() { var users []model.User DB.Find(&users) + // for backward compatibility + UserInfoMap[0] = model.UserInfo{ + Role: model.RoleAdmin, + AgentSecret: Conf.AgentSecretKey, + } + AgentSecretToUserId[Conf.AgentSecretKey] = 0 + for _, u := range users { UserInfoMap[u.ID] = model.UserInfo{ Role: u.Role,