feat: 通过传递客户端Cookie的方式使web终端兼容被Cloudflare Access保护的面板

cmd/agent/main.go

@@ -433,6 +433,12 @@ func handleTerminalTask(task *pb.Task) {
 	}
 	header := http.Header{}
 	header.Add("Secret", agentCliParam.ClientSecret)
+	// 目前只兼容Cloudflare验证
+	// 后续可能需要兼容更多的Cookie验证情况
+	if terminal.Cookie != "" {
+		cfCookie := fmt.Sprintf("CF_Authorization=%s", terminal.Cookie)
+		header.Add("Cookie", cfCookie)
+	}
 	conn, _, err := websocket.DefaultDialer.Dial(fmt.Sprintf("%s://%s/terminal/%s", protocol, terminal.Host, terminal.Session), header)
 	if err != nil {
 		println("Terminal 连接失败：", err)

cmd/dashboard/controller/common_page.go

@@ -275,13 +275,14 @@ func (cp *commonPage) terminal(c *gin.Context) {
 			}, true)
 			return
 		}
-
+		var cloudflareCookies string
+		cloudflareCookies, _ = c.Cookie("CF_Authorization")
 		terminalData, _ := utils.Json.Marshal(&model.TerminalTask{
 			Host:    terminal.host,
 			UseSSL:  terminal.useSSL,
 			Session: terminalID,
+			Cookie:  cloudflareCookies,
 		})
-
 		if err := server.TaskStream.Send(&proto.Task{
 			Type: model.TaskTypeTerminal,
 			Data: string(terminalData),

model/monitor.go

@@ -27,6 +27,8 @@ type TerminalTask struct {
 	UseSSL bool `json:"use_ssl,omitempty"`
 	// 会话标识
 	Session string `json:"session,omitempty"`
+	// Agent在连接Server时需要的额外Cookie信息
+	Cookie string `json:"cookie,omitempty"`
 }
 
 const (