bug fixes (#918)

* bug fixes

* fix for backward compatibility

* fix init

* cleanup

* possible fix

* optimize permission check

* Revert "possible fix"

This reverts commit 003f1bbb2a.

cmd/dashboard/controller/notification_group.go

@@ -168,7 +168,7 @@ func updateNotificationGroup(c *gin.Context) (any, error) {
 	ngf.Notifications = slices.Compact(ngf.Notifications)
 
 	var count int64
-	if err := singleton.DB.Model(&model.Server{}).Where("id in (?)", ngf.Notifications).Count(&count).Error; err != nil {
+	if err := singleton.DB.Model(&model.Notification{}).Where("id in (?)", ngf.Notifications).Count(&count).Error; err != nil {
 		return nil, newGormError("%v", err)
 	}
 	if count != int64(len(ngf.Notifications)) {

model/alertrule.go

@@ -62,13 +62,9 @@ func (r *AlertRule) Enabled() bool {
 }
 
 // Snapshot 对传入的Server进行该报警规则下所有type的检查 返回每项检查结果
-func (r *AlertRule) Snapshot(cycleTransferStats *CycleTransferStats, server *Server, db *gorm.DB, role uint8) []bool {
+func (r *AlertRule) Snapshot(cycleTransferStats *CycleTransferStats, server *Server, db *gorm.DB) []bool {
 	point := make([]bool, len(r.Rules))
 
-	if r.UserID != server.UserID && role != RoleAdmin {
-		return point
-	}
-
 	for i, rule := range r.Rules {
 		point[i] = rule.Snapshot(cycleTransferStats, server, db)
 	}
@@ -85,8 +81,8 @@ func (r *AlertRule) Check(points [][]bool) (maxDuration int, passed bool) {
 			if maxDuration < 1 {
 				maxDuration = 1
 			}
-			for j := len(points[i]) - 1; j >= 0; j-- {
+			for j := len(points) - 1; j >= 0; j-- {
-				if !points[i][j] {
+				if !points[j][i] {
 					failCount++
 					break
 				}

service/rpc/auth.go

@@ -38,7 +38,7 @@ func (a *authHandler) Check(ctx context.Context) (uint64, error) {
 
 	singleton.UserLock.RLock()
 	userId, ok := singleton.AgentSecretToUserId[clientSecret]
-	if !ok && clientSecret != singleton.Conf.AgentSecretKey {
+	if !ok {
 		singleton.UserLock.RUnlock()
 		model.BlockIP(singleton.DB, ip, model.WAFBlockReasonTypeAgentAuthFail, model.BlockIDgRPC)
 		return 0, status.Error(codes.Unauthenticated, "客户端认证失败")

service/singleton/alertsentinel.go

@@ -151,8 +151,11 @@ func checkStatus() {
 				role = u.Role
 			}
 			UserLock.RUnlock()
+			if alert.UserID != server.UserID && role != model.RoleAdmin {
+				continue
+			}
 			alertsStore[alert.ID][server.ID] = append(alertsStore[alert.
-				ID][server.ID], alert.Snapshot(AlertsCycleTransferStatsStore[alert.ID], server, DB, role))
+				ID][server.ID], alert.Snapshot(AlertsCycleTransferStatsStore[alert.ID], server, DB))
 			// 发送通知，分为触发报警和恢复通知
 			max, passed := alert.Check(alertsStore[alert.ID][server.ID])
 			// 保存当前服务器状态信息

service/singleton/user.go

@@ -21,6 +21,13 @@ func initUser() {
 	var users []model.User
 	DB.Find(&users)
 
+	// for backward compatibility
+	UserInfoMap[0] = model.UserInfo{
+		Role:        model.RoleAdmin,
+		AgentSecret: Conf.AgentSecretKey,
+	}
+	AgentSecretToUserId[Conf.AgentSecretKey] = 0
+
 	for _, u := range users {
 		UserInfoMap[u.ID] = model.UserInfo{
 			Role:        u.Role,