✨ 前台查看密码 close #24 close #41

2025-01-22 12:48:14 -05:00 · 2021-01-31 13:37:43 +08:00 · 2021-01-31 13:37:43 +08:00 · c3dcc721dc
commit c3dcc721dc
parent 061a9992ff
13 changed files with 159 additions and 15 deletions
--- a/cmd/dashboard/controller/common_page.go
+++ b/cmd/dashboard/controller/common_page.go
@ -1,12 +1,15 @@
 package controller

 import (
+	"errors"
+	"fmt"
 	"log"
 	"net/http"
 	"time"

 	"github.com/gin-gonic/gin"
 	"github.com/gorilla/websocket"
+	"golang.org/x/crypto/bcrypt"

 	"github.com/naiba/nezha/model"
 	"github.com/naiba/nezha/pkg/mygin"
@ -20,11 +23,63 @@ type commonPage struct {
 func (cp *commonPage) serve() {
 	cr := cp.r.Group("")
 	cr.Use(mygin.Authorize(mygin.AuthorizeOption{}))
+	cr.POST("/view-password", cp.issueViewPassword)
+	cr.Use(cp.checkViewPassword) // 前端查看密码鉴权
 	cr.GET("/", cp.home)
 	cr.GET("/service", cp.service)
 	cr.GET("/ws", cp.ws)
 }

+type viewPasswordForm struct {
+	Password string
+}
+
+func (p *commonPage) issueViewPassword(c *gin.Context) {
+	var vpf viewPasswordForm
+	err := c.ShouldBind(&vpf)
+	var hash []byte
+	if err == nil && vpf.Password != dao.Conf.Site.ViewPassword {
+		err = errors.New("查看密码错误")
+	}
+	if err == nil {
+		hash, err = bcrypt.GenerateFromPassword([]byte(vpf.Password), bcrypt.DefaultCost)
+	}
+	if err != nil {
+		mygin.ShowErrorPage(c, mygin.ErrInfo{
+			Title: "出现错误",
+			Msg:   fmt.Sprintf("请求错误：%s", err),
+		}, true)
+		c.Abort()
+		return
+	}
+	c.SetCookie(dao.Conf.Site.CookieName+"-vp", string(hash), 60*60*24, "", "", false, false)
+	c.Redirect(http.StatusFound, c.Request.Referer())
+}
+
+func (p *commonPage) checkViewPassword(c *gin.Context) {
+	if dao.Conf.Site.ViewPassword == "" {
+		c.Next()
+		return
+	}
+	if _, authorized := c.Get(model.CtxKeyAuthorizedUser); authorized {
+		c.Next()
+		return
+	}
+
+	// 验证查看密码
+	viewPassword, _ := c.Cookie(dao.Conf.Site.CookieName + "-vp")
+	if err := bcrypt.CompareHashAndPassword([]byte(viewPassword), []byte(dao.Conf.Site.ViewPassword)); err != nil {
+		c.HTML(http.StatusOK, "theme-"+dao.Conf.Site.Theme+"/viewpassword", mygin.CommonEnvironment(c, gin.H{
+			"Title":      "验证查看密码",
+			"CustomCode": dao.Conf.Site.CustomCode,
+		}))
+		c.Abort()
+		return
+	}
+
+	c.Next()
+}
+
 type ServiceItem struct {
 	Monitor     model.Monitor
 	TotalUp     uint64
--- a/cmd/dashboard/controller/member_api.go
+++ b/cmd/dashboard/controller/member_api.go
@ -445,6 +445,7 @@ type settingForm struct {
 	Admin                      string
 	Theme                      string
 	CustomCode                 string
+	ViewPassword               string
 	EnableIPChangeNotification string
 }

@ -461,6 +462,7 @@ func (ma *memberAPI) updateSetting(c *gin.Context) {
 	dao.Conf.Site.Brand = sf.Title
 	dao.Conf.Site.Theme = sf.Theme
 	dao.Conf.Site.CustomCode = sf.CustomCode
+	dao.Conf.Site.ViewPassword = sf.ViewPassword
 	dao.Conf.GitHub.Admin = sf.Admin
 	if err := dao.Conf.Save(); err != nil {
 		c.JSON(http.StatusOK, model.Response{
--- a/cmd/dashboard/main.go
+++ b/cmd/dashboard/main.go
@ -40,6 +40,9 @@ func init() {
 	if dao.Conf.Debug {
 		dao.DB = dao.DB.Debug()
 	}
+	if dao.Conf.GRPCPort == 0 {
+		dao.Conf.GRPCPort = 5555
+	}
 	dao.Cache = cache.New(5*time.Minute, 10*time.Minute)

 	initSystem()
@ -105,7 +108,7 @@ func loadCrons() {

 func main() {
 	go controller.ServeWeb(dao.Conf.HTTPPort)
-	go rpc.ServeRPC(5555)
+	go rpc.ServeRPC(dao.Conf.GRPCPort)
 	go rpc.DispatchTask(time.Minute * 3)
 	dao.AlertSentinelStart()
 }
--- a/go.mod
+++ b/go.mod
@ -20,6 +20,7 @@ require (
 	github.com/shirou/gopsutil/v3 v3.20.11
 	github.com/spf13/viper v1.7.1
 	github.com/stretchr/testify v1.6.1
+	golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9
 	golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43
 	google.golang.org/grpc v1.33.1
 	google.golang.org/protobuf v1.25.0
--- a/model/config.go
+++ b/model/config.go
@ -13,10 +13,11 @@ import (
 type Config struct {
 	Debug bool
 	Site  struct {
-		Brand      string // 站点名称
-		CookieName string // 浏览器 Cookie 名称
-		Theme      string
-		CustomCode string
+		Brand        string // 站点名称
+		CookieName   string // 浏览器 Cookie 名称
+		Theme        string
+		CustomCode   string
+		ViewPassword string // 前台查看密码
 	}
 	GitHub struct {
 		Admin        string // 管理员ID列表
@ -24,6 +25,7 @@ type Config struct {
 		ClientSecret string
 	}
 	HTTPPort                   uint
+	GRPCPort                   uint
 	EnableIPChangeNotification bool

 	v *viper.Viper
--- a/pkg/mygin/auth.go
+++ b/pkg/mygin/auth.go
@ -26,6 +26,7 @@ func Authorize(opt AuthorizeOption) func(*gin.Context) {
 		if opt.Guest {
 			code = http.StatusBadRequest
 		}
+
 		commonErr := ErrInfo{
 			Title: "访问受限",
 			Code:  code,
@ -36,6 +37,7 @@ func Authorize(opt AuthorizeOption) func(*gin.Context) {

 		var isLogin bool

+		// 用户鉴权
 		token, _ := c.Cookie(dao.Conf.Site.CookieName)
 		token = strings.TrimSpace(token)
 		if token != "" {
--- a/resource/template/dashboard/setting.html
+++ b/resource/template/dashboard/setting.html
@ -23,6 +23,10 @@
                <label>自定义代码(style、script 都可以)</label>
                <textarea name="CustomCode">{{.Conf.Site.CustomCode}}</textarea>
            </div>
+            <div class="field">
+                <label>前台查看密码</label>
+                <input type="text" name="ViewPassword" placeholder="" value="{{.Conf.Site.ViewPassword}}">
+            </div>
            <div class="field">
                <div class="ui nf-ssl checkbox">
                    <input name="EnableIPChangeNotification" type="checkbox" tabindex="0" class="hidden">
--- a/resource/template/theme-daynight/viewpassword.html
+++ b/resource/template/theme-daynight/viewpassword.html
@ -0,0 +1,25 @@
+{{define "theme-daynight/viewpassword"}}
+{{template "common/header" .}}
+{{if ts .CustomCode}}
+{{.CustomCode|safe}}
+{{end}}
+<div class="login nb-container">
+    <div class="ui center aligned grid">
+        <div class="column">
+            <h2 class="ui teal image header">
+                <img src="static/logo.png" class="image">
+                <div class="content">
+                    验证查看密码
+                </div>
+            </h2>
+            <form action="/view-password" method="POST" class="ui form">
+                <div class="field">
+                    <input type="password" name="Password">
+                </div>
+                <button class="ui button" type="submit">确认</button>
+            </form>
+        </div>
+    </div>
+</div>
+{{template "common/footer" .}}
+{{end}}
--- a/resource/template/theme-default/viewpassword.html
+++ b/resource/template/theme-default/viewpassword.html
@ -0,0 +1,25 @@
+{{define "theme-default/viewpassword"}}
+{{template "common/header" .}}
+{{if ts .CustomCode}}
+{{.CustomCode|safe}}
+{{end}}
+<div class="login nb-container">
+    <div class="ui center aligned grid">
+        <div class="column">
+            <h2 class="ui teal image header">
+                <img src="static/logo.png" class="image">
+                <div class="content">
+                    验证查看密码
+                </div>
+            </h2>
+            <form action="/view-password" method="POST" class="ui form">
+                <div class="field">
+                    <input type="password" name="Password">
+                </div>
+                <button class="ui button" type="submit">确认</button>
+            </form>
+        </div>
+    </div>
+</div>
+{{template "common/footer" .}}
+{{end}}
--- a/resource/template/theme-hotaru/viewpassword.html
+++ b/resource/template/theme-hotaru/viewpassword.html
@ -0,0 +1,25 @@
+{{define "theme-horaru/viewpassword"}}
+{{template "common/header" .}}
+{{if ts .CustomCode}}
+{{.CustomCode|safe}}
+{{end}}
+<div class="login nb-container">
+    <div class="ui center aligned grid">
+        <div class="column">
+            <h2 class="ui teal image header">
+                <img src="static/logo.png" class="image">
+                <div class="content">
+                    验证查看密码
+                </div>
+            </h2>
+            <form action="/view-password" method="POST" class="ui form">
+                <div class="field">
+                    <input type="password" name="Password">
+                </div>
+                <button class="ui button" type="submit">确认</button>
+            </form>
+        </div>
+    </div>
+</div>
+{{template "common/footer" .}}
+{{end}}
--- a/script/docker-compose.yaml
+++ b/script/docker-compose.yaml
@ -8,4 +8,4 @@ services:
      - ./data:/dashboard/data
    ports:
      - nz_site_port:80
-      - nz_rpc_port:5555
+      - nz_grpc_port:5555
--- a/script/install.sh
+++ b/script/install.sh
@ -202,7 +202,7 @@ modify_agent_config() {

    echo "请先在管理面板上添加Agent，记录下密钥" &&
        read -p "请输入一个解析到面板所在IP的域名（不可套CDN）: " nz_rpc_host &&
-        read -p "请输入面板RPC端口: (5555)" nz_rpc_port &&
+        read -p "请输入面板RPC端口: (5555)" nz_grpc_port &&
        read -p "请输入Agent 密钥: " nezha_client_secret
    if [[ -z "${nz_rpc_host}" || -z "${nezha_client_secret}" ]]; then
        echo -e "${red}所有选项都不能为空${plain}"
@ -210,12 +210,12 @@ modify_agent_config() {
        return 1
    fi

-    if [[ -z "${nz_rpc_port}" ]]; then
-        nz_rpc_port=5555
+    if [[ -z "${nz_grpc_port}" ]]; then
+        nz_grpc_port=5555
    fi

    sed -i "s/nz_rpc_host/${nz_rpc_host}/" ${NZ_AGENT_SERVICE}
-    sed -i "s/nz_rpc_port/${nz_rpc_port}/" ${NZ_AGENT_SERVICE}
+    sed -i "s/nz_grpc_port/${nz_grpc_port}/" ${NZ_AGENT_SERVICE}
    sed -i "s/nezha_client_secret/${nezha_client_secret}/" ${NZ_AGENT_SERVICE}

    echo -e "Agent配置 ${green}修改成功，请稍等重启生效${plain}"
@ -254,7 +254,7 @@ modify_dashboard_config() {
        read -p "请输入 GitHub Oauth2 应用的 Client Secret: " nz_github_oauth_client_secret &&
        read -p "请输入站点标题: " nz_site_title &&
        read -p "请输入站点访问端口: (8008)" nz_site_port &&
-        read -p "请输入用于 Agent 接入的 RPC 端口: (5555)" nz_rpc_port
+        read -p "请输入用于 Agent 接入的 RPC 端口: (5555)" nz_grpc_port
    if [[ -z "${nz_admin_ids}" || -z "${nz_github_oauth_client_id}" || -z "${nz_github_oauth_client_secret}" || -z "${nz_site_title}" ]]; then
        echo -e "${red}所有选项都不能为空${plain}"
        before_show_menu
@ -264,8 +264,8 @@ modify_dashboard_config() {
    if [[ -z "${nz_site_port}" ]]; then
        nz_site_port=8008
    fi
-    if [[ -z "${nz_rpc_port}" ]]; then
-        nz_rpc_port=5555
+    if [[ -z "${nz_grpc_port}" ]]; then
+        nz_grpc_port=5555
    fi

    sed -i "s/nz_admin_ids/${nz_admin_ids}/" ${NZ_DASHBOARD_PATH}/data/config.yaml
@ -273,7 +273,7 @@ modify_dashboard_config() {
    sed -i "s/nz_github_oauth_client_secret/${nz_github_oauth_client_secret}/" ${NZ_DASHBOARD_PATH}/data/config.yaml
    sed -i "s/nz_site_title/${nz_site_title}/" ${NZ_DASHBOARD_PATH}/data/config.yaml
    sed -i "s/nz_site_port/${nz_site_port}/" ${NZ_DASHBOARD_PATH}/docker-compose.yaml
-    sed -i "s/nz_rpc_port/${nz_rpc_port}/" ${NZ_DASHBOARD_PATH}/docker-compose.yaml
+    sed -i "s/nz_grpc_port/${nz_grpc_port}/" ${NZ_DASHBOARD_PATH}/docker-compose.yaml

    echo -e "面板配置 ${green}修改成功，请稍等重启生效${plain}"

--- a/script/nezha-agent.service
+++ b/script/nezha-agent.service
@ -15,7 +15,7 @@ Type=simple
 User=root
 Group=root
 WorkingDirectory=/opt/nezha/agent/
-ExecStart=/opt/nezha/agent/nezha-agent -d -s nz_rpc_host:nz_rpc_port -p nezha_client_secret
+ExecStart=/opt/nezha/agent/nezha-agent -d -s nz_rpc_host:nz_grpc_port -p nezha_client_secret
 Restart=always
 #Environment=DEBUG=true