diff --git a/cmd/dashboard/controller/common_page.go b/cmd/dashboard/controller/common_page.go index c6396c9..57a4bae 100644 --- a/cmd/dashboard/controller/common_page.go +++ b/cmd/dashboard/controller/common_page.go @@ -1,12 +1,15 @@ package controller import ( + "errors" + "fmt" "log" "net/http" "time" "github.com/gin-gonic/gin" "github.com/gorilla/websocket" + "golang.org/x/crypto/bcrypt" "github.com/naiba/nezha/model" "github.com/naiba/nezha/pkg/mygin" @@ -20,11 +23,63 @@ type commonPage struct { func (cp *commonPage) serve() { cr := cp.r.Group("") cr.Use(mygin.Authorize(mygin.AuthorizeOption{})) + cr.POST("/view-password", cp.issueViewPassword) + cr.Use(cp.checkViewPassword) // 前端查看密码鉴权 cr.GET("/", cp.home) cr.GET("/service", cp.service) cr.GET("/ws", cp.ws) } +type viewPasswordForm struct { + Password string +} + +func (p *commonPage) issueViewPassword(c *gin.Context) { + var vpf viewPasswordForm + err := c.ShouldBind(&vpf) + var hash []byte + if err == nil && vpf.Password != dao.Conf.Site.ViewPassword { + err = errors.New("查看密码错误") + } + if err == nil { + hash, err = bcrypt.GenerateFromPassword([]byte(vpf.Password), bcrypt.DefaultCost) + } + if err != nil { + mygin.ShowErrorPage(c, mygin.ErrInfo{ + Title: "出现错误", + Msg: fmt.Sprintf("请求错误:%s", err), + }, true) + c.Abort() + return + } + c.SetCookie(dao.Conf.Site.CookieName+"-vp", string(hash), 60*60*24, "", "", false, false) + c.Redirect(http.StatusFound, c.Request.Referer()) +} + +func (p *commonPage) checkViewPassword(c *gin.Context) { + if dao.Conf.Site.ViewPassword == "" { + c.Next() + return + } + if _, authorized := c.Get(model.CtxKeyAuthorizedUser); authorized { + c.Next() + return + } + + // 验证查看密码 + viewPassword, _ := c.Cookie(dao.Conf.Site.CookieName + "-vp") + if err := bcrypt.CompareHashAndPassword([]byte(viewPassword), []byte(dao.Conf.Site.ViewPassword)); err != nil { + c.HTML(http.StatusOK, "theme-"+dao.Conf.Site.Theme+"/viewpassword", mygin.CommonEnvironment(c, gin.H{ + "Title": "验证查看密码", + "CustomCode": dao.Conf.Site.CustomCode, + })) + c.Abort() + return + } + + c.Next() +} + type ServiceItem struct { Monitor model.Monitor TotalUp uint64 diff --git a/cmd/dashboard/controller/member_api.go b/cmd/dashboard/controller/member_api.go index f19ebc2..01cd38b 100644 --- a/cmd/dashboard/controller/member_api.go +++ b/cmd/dashboard/controller/member_api.go @@ -445,6 +445,7 @@ type settingForm struct { Admin string Theme string CustomCode string + ViewPassword string EnableIPChangeNotification string } @@ -461,6 +462,7 @@ func (ma *memberAPI) updateSetting(c *gin.Context) { dao.Conf.Site.Brand = sf.Title dao.Conf.Site.Theme = sf.Theme dao.Conf.Site.CustomCode = sf.CustomCode + dao.Conf.Site.ViewPassword = sf.ViewPassword dao.Conf.GitHub.Admin = sf.Admin if err := dao.Conf.Save(); err != nil { c.JSON(http.StatusOK, model.Response{ diff --git a/cmd/dashboard/main.go b/cmd/dashboard/main.go index 39a6a51..c36b729 100644 --- a/cmd/dashboard/main.go +++ b/cmd/dashboard/main.go @@ -40,6 +40,9 @@ func init() { if dao.Conf.Debug { dao.DB = dao.DB.Debug() } + if dao.Conf.GRPCPort == 0 { + dao.Conf.GRPCPort = 5555 + } dao.Cache = cache.New(5*time.Minute, 10*time.Minute) initSystem() @@ -105,7 +108,7 @@ func loadCrons() { func main() { go controller.ServeWeb(dao.Conf.HTTPPort) - go rpc.ServeRPC(5555) + go rpc.ServeRPC(dao.Conf.GRPCPort) go rpc.DispatchTask(time.Minute * 3) dao.AlertSentinelStart() } diff --git a/go.mod b/go.mod index 27fb8f9..7c175f4 100644 --- a/go.mod +++ b/go.mod @@ -20,6 +20,7 @@ require ( github.com/shirou/gopsutil/v3 v3.20.11 github.com/spf13/viper v1.7.1 github.com/stretchr/testify v1.6.1 + golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43 google.golang.org/grpc v1.33.1 google.golang.org/protobuf v1.25.0 diff --git a/model/config.go b/model/config.go index a3e12d1..5d5b7f4 100644 --- a/model/config.go +++ b/model/config.go @@ -13,10 +13,11 @@ import ( type Config struct { Debug bool Site struct { - Brand string // 站点名称 - CookieName string // 浏览器 Cookie 名称 - Theme string - CustomCode string + Brand string // 站点名称 + CookieName string // 浏览器 Cookie 名称 + Theme string + CustomCode string + ViewPassword string // 前台查看密码 } GitHub struct { Admin string // 管理员ID列表 @@ -24,6 +25,7 @@ type Config struct { ClientSecret string } HTTPPort uint + GRPCPort uint EnableIPChangeNotification bool v *viper.Viper diff --git a/pkg/mygin/auth.go b/pkg/mygin/auth.go index 8ee0103..83726d9 100644 --- a/pkg/mygin/auth.go +++ b/pkg/mygin/auth.go @@ -26,6 +26,7 @@ func Authorize(opt AuthorizeOption) func(*gin.Context) { if opt.Guest { code = http.StatusBadRequest } + commonErr := ErrInfo{ Title: "访问受限", Code: code, @@ -36,6 +37,7 @@ func Authorize(opt AuthorizeOption) func(*gin.Context) { var isLogin bool + // 用户鉴权 token, _ := c.Cookie(dao.Conf.Site.CookieName) token = strings.TrimSpace(token) if token != "" { diff --git a/resource/template/dashboard/setting.html b/resource/template/dashboard/setting.html index f628dcb..b597cc3 100644 --- a/resource/template/dashboard/setting.html +++ b/resource/template/dashboard/setting.html @@ -23,6 +23,10 @@ +
+ + +
diff --git a/resource/template/theme-daynight/viewpassword.html b/resource/template/theme-daynight/viewpassword.html new file mode 100644 index 0000000..e1000fc --- /dev/null +++ b/resource/template/theme-daynight/viewpassword.html @@ -0,0 +1,25 @@ +{{define "theme-daynight/viewpassword"}} +{{template "common/header" .}} +{{if ts .CustomCode}} +{{.CustomCode|safe}} +{{end}} + +{{template "common/footer" .}} +{{end}} \ No newline at end of file diff --git a/resource/template/theme-default/viewpassword.html b/resource/template/theme-default/viewpassword.html new file mode 100644 index 0000000..aa00d7b --- /dev/null +++ b/resource/template/theme-default/viewpassword.html @@ -0,0 +1,25 @@ +{{define "theme-default/viewpassword"}} +{{template "common/header" .}} +{{if ts .CustomCode}} +{{.CustomCode|safe}} +{{end}} + +{{template "common/footer" .}} +{{end}} \ No newline at end of file diff --git a/resource/template/theme-hotaru/viewpassword.html b/resource/template/theme-hotaru/viewpassword.html new file mode 100644 index 0000000..d4a41a6 --- /dev/null +++ b/resource/template/theme-hotaru/viewpassword.html @@ -0,0 +1,25 @@ +{{define "theme-horaru/viewpassword"}} +{{template "common/header" .}} +{{if ts .CustomCode}} +{{.CustomCode|safe}} +{{end}} + +{{template "common/footer" .}} +{{end}} \ No newline at end of file diff --git a/script/docker-compose.yaml b/script/docker-compose.yaml index 42e1718..856b02f 100644 --- a/script/docker-compose.yaml +++ b/script/docker-compose.yaml @@ -8,4 +8,4 @@ services: - ./data:/dashboard/data ports: - nz_site_port:80 - - nz_rpc_port:5555 + - nz_grpc_port:5555 diff --git a/script/install.sh b/script/install.sh index cc9c191..8578e26 100755 --- a/script/install.sh +++ b/script/install.sh @@ -202,7 +202,7 @@ modify_agent_config() { echo "请先在管理面板上添加Agent,记录下密钥" && read -p "请输入一个解析到面板所在IP的域名(不可套CDN): " nz_rpc_host && - read -p "请输入面板RPC端口: (5555)" nz_rpc_port && + read -p "请输入面板RPC端口: (5555)" nz_grpc_port && read -p "请输入Agent 密钥: " nezha_client_secret if [[ -z "${nz_rpc_host}" || -z "${nezha_client_secret}" ]]; then echo -e "${red}所有选项都不能为空${plain}" @@ -210,12 +210,12 @@ modify_agent_config() { return 1 fi - if [[ -z "${nz_rpc_port}" ]]; then - nz_rpc_port=5555 + if [[ -z "${nz_grpc_port}" ]]; then + nz_grpc_port=5555 fi sed -i "s/nz_rpc_host/${nz_rpc_host}/" ${NZ_AGENT_SERVICE} - sed -i "s/nz_rpc_port/${nz_rpc_port}/" ${NZ_AGENT_SERVICE} + sed -i "s/nz_grpc_port/${nz_grpc_port}/" ${NZ_AGENT_SERVICE} sed -i "s/nezha_client_secret/${nezha_client_secret}/" ${NZ_AGENT_SERVICE} echo -e "Agent配置 ${green}修改成功,请稍等重启生效${plain}" @@ -254,7 +254,7 @@ modify_dashboard_config() { read -p "请输入 GitHub Oauth2 应用的 Client Secret: " nz_github_oauth_client_secret && read -p "请输入站点标题: " nz_site_title && read -p "请输入站点访问端口: (8008)" nz_site_port && - read -p "请输入用于 Agent 接入的 RPC 端口: (5555)" nz_rpc_port + read -p "请输入用于 Agent 接入的 RPC 端口: (5555)" nz_grpc_port if [[ -z "${nz_admin_ids}" || -z "${nz_github_oauth_client_id}" || -z "${nz_github_oauth_client_secret}" || -z "${nz_site_title}" ]]; then echo -e "${red}所有选项都不能为空${plain}" before_show_menu @@ -264,8 +264,8 @@ modify_dashboard_config() { if [[ -z "${nz_site_port}" ]]; then nz_site_port=8008 fi - if [[ -z "${nz_rpc_port}" ]]; then - nz_rpc_port=5555 + if [[ -z "${nz_grpc_port}" ]]; then + nz_grpc_port=5555 fi sed -i "s/nz_admin_ids/${nz_admin_ids}/" ${NZ_DASHBOARD_PATH}/data/config.yaml @@ -273,7 +273,7 @@ modify_dashboard_config() { sed -i "s/nz_github_oauth_client_secret/${nz_github_oauth_client_secret}/" ${NZ_DASHBOARD_PATH}/data/config.yaml sed -i "s/nz_site_title/${nz_site_title}/" ${NZ_DASHBOARD_PATH}/data/config.yaml sed -i "s/nz_site_port/${nz_site_port}/" ${NZ_DASHBOARD_PATH}/docker-compose.yaml - sed -i "s/nz_rpc_port/${nz_rpc_port}/" ${NZ_DASHBOARD_PATH}/docker-compose.yaml + sed -i "s/nz_grpc_port/${nz_grpc_port}/" ${NZ_DASHBOARD_PATH}/docker-compose.yaml echo -e "面板配置 ${green}修改成功,请稍等重启生效${plain}" diff --git a/script/nezha-agent.service b/script/nezha-agent.service index 04386a1..9bd917b 100644 --- a/script/nezha-agent.service +++ b/script/nezha-agent.service @@ -15,7 +15,7 @@ Type=simple User=root Group=root WorkingDirectory=/opt/nezha/agent/ -ExecStart=/opt/nezha/agent/nezha-agent -d -s nz_rpc_host:nz_rpc_port -p nezha_client_secret +ExecStart=/opt/nezha/agent/nezha-agent -d -s nz_rpc_host:nz_grpc_port -p nezha_client_secret Restart=always #Environment=DEBUG=true