***修复***：https 流量不统计 Bug 修复。

***新增***：新增全局黑名单IP，用于防止被肉鸡扫描端口或被恶意攻击。 ***新增***：新增客户端上次在线时间。
mozillo · Jun 1, 2023 · 05cc45b · 05cc45b
1 parent 00e4fc7
commit 05cc45b
Show file tree

Hide file tree

Showing 17 changed files with 224 additions and 58 deletions.
diff --git a/README.md b/README.md
@@ -13,6 +13,12 @@
 
 ## 更新日志
 
+- 2023-06-01  v0.26.16  
+  ***修复***：https 流量不统计 Bug 修复。  
+  ***新增***：新增全局黑名单IP，用于防止被肉鸡扫描端口或被恶意攻击。  
+  ***新增***：新增客户端上次在线时间。
+
+
 - 2023-02-24  v0.26.15  
   ***修复***：更新程序 url 更改到当前仓库中   
   ***修复***：nps 在外部路径启动时找不到配置文件  

diff --git a/lib/file/db.go b/lib/file/db.go
@@ -29,6 +29,7 @@ func GetDb() *DbUtils {
 		jsonDb.LoadClientFromJsonFile()
 		jsonDb.LoadTaskFromJsonFile()
 		jsonDb.LoadHostFromJsonFile()
+		jsonDb.LoadGlobalFromJsonFile()
 		Db = &DbUtils{JsonDb: jsonDb}
 	})
 	return Db
@@ -115,6 +116,12 @@ func (s *DbUtils) UpdateTask(t *Tunnel) error {
 	return nil
 }
 
+func (s *DbUtils) SaveGlobal(t *Glob) error {
+	s.JsonDb.Global = t
+	s.JsonDb.StoreGlobalToJsonFile()
+	return nil
+}
+
 func (s *DbUtils) DelTask(id int) error {
 	s.JsonDb.Tasks.Delete(id)
 	s.JsonDb.StoreTasksToJsonFile()
@@ -288,6 +295,10 @@ func (s *DbUtils) GetClient(id int) (c *Client, err error) {
 	return
 }
 
+func (s *DbUtils) GetGlobal() (c *Glob) {
+	return s.JsonDb.Global
+}
+
 func (s *DbUtils) GetClientIdByVkey(vkey string) (id int, err error) {
 	var exist bool
 	s.JsonDb.Clients.Range(func(key, value interface{}) bool {

diff --git a/lib/file/file.go b/lib/file/file.go
@@ -29,7 +29,7 @@ type JsonDb struct {
 	Hosts            sync.Map
 	HostsTmp         sync.Map
 	Clients          sync.Map
-	Global           sync.Map
+	Global           *Glob
 	RunPath          string
 	ClientIncreaseId int32  //client increased id
 	TaskIncreaseId   int32  //task increased id
@@ -95,12 +95,12 @@ func (s *JsonDb) LoadHostFromJsonFile() {
 }
 
 func (s *JsonDb) LoadGlobalFromJsonFile() {
-	loadSyncMapFromFile(s.GlobalFilePath, func(v string) {
+	loadSyncMapFromFileWithSingleJson(s.GlobalFilePath, func(v string) {
 		post := new(Glob)
 		if json.Unmarshal([]byte(v), &post) != nil {
 			return
 		}
-		s.Global.Store("value", post)
+		s.Global = post
 	})
 }
 
@@ -141,7 +141,7 @@ var globalLock sync.Mutex
 
 func (s *JsonDb) StoreGlobalToJsonFile() {
 	globalLock.Lock()
-	storeSyncMapToFile(s.Global, s.GlobalFilePath)
+	storeGlobalToFile(s.Global, s.GlobalFilePath)
 	globalLock.Unlock()
 }
 
@@ -167,6 +167,19 @@ func loadSyncMapFromFile(filePath string, f func(value string)) {
 	}
 }
 
+func loadSyncMapFromFileWithSingleJson(filePath string, f func(value string)) {
+	if !common.FileExists(filePath) {
+		return
+	}
+
+	b, err := common.ReadAllFromFile(filePath)
+	if err != nil {
+		panic(err)
+	}
+
+	f(string(b))
+}
+
 func storeSyncMapToFile(m sync.Map, filePath string) {
 	file, err := os.Create(filePath + ".tmp")
 	// first create a temporary file to store
@@ -195,9 +208,9 @@ func storeSyncMapToFile(m sync.Map, filePath string) {
 				return true
 			}
 			b, err = json.Marshal(obj)
-		case *Glob:
-			obj := value.(*Glob)
-			b, err = json.Marshal(obj)
+		//case *Glob:
+		//	obj := value.(*Glob)
+		//	b, err = json.Marshal(obj)
 		default:
 			return true
 		}
@@ -223,3 +236,25 @@ func storeSyncMapToFile(m sync.Map, filePath string) {
 	}
 	// replace the file, maybe provides atomic operation
 }
+
+func storeGlobalToFile(m *Glob, filePath string) {
+	file, err := os.Create(filePath + ".tmp")
+	// first create a temporary file to store
+	if err != nil {
+		panic(err)
+	}
+
+	var b []byte
+	b, err = json.Marshal(m)
+	_, err = file.Write(b)
+	if err != nil {
+		panic(err)
+	}
+	_ = file.Sync()
+	_ = file.Close()
+	// must close file first, then rename it
+	err = os.Rename(filePath+".tmp", filePath)
+	if err != nil {
+		logs.Error(err, "store to file err, data will lost")
+	}
+}
diff --git a/lib/file/obj.go b/lib/file/obj.go
@@ -52,6 +52,7 @@ type Client struct {
 	MaxTunnelNum    int
 	Version         string
 	BlackIpList     []string
+	LastOnlineTime  string
 	sync.RWMutex
 }
 

diff --git a/lib/version/version.go b/lib/version/version.go
@@ -1,6 +1,6 @@
 package version
 
-const VERSION = "0.26.14"
+const VERSION = "0.26.16"
 
 // Compulsory minimum version, Minimum downward compatibility to this version
 func GetVersion() string {

diff --git a/server/proxy/base.go b/server/proxy/base.go
@@ -97,6 +97,12 @@ func in(target string, str_array []string) bool {
 func (s *BaseServer) DealClient(c *conn.Conn, client *file.Client, addr string,
 	rb []byte, tp string, f func(), flow *file.Flow, localProxy bool, task *file.Tunnel) error {
 
+	// 判断访问地址是否在全局黑名单内
+	if IsGlobalBlackIp(c.RemoteAddr().String()) {
+		c.Close()
+		return nil
+	}
+
 	// 判断访问地址是否在黑名单内
 	if common.IsBlackIp(c.RemoteAddr().String(), client.VerifyKey, client.BlackIpList) {
 		c.Close()
@@ -116,3 +122,18 @@ func (s *BaseServer) DealClient(c *conn.Conn, client *file.Client, addr string,
 	}
 	return nil
 }
+
+// 判断访问地址是否在全局黑名单内
+func IsGlobalBlackIp(ipPort string) bool {
+	// 判断访问地址是否在全局黑名单内
+	global := file.GetDb().GetGlobal()
+	if global != nil {
+		ip := common.GetIpByAddr(ipPort)
+		if in(ip, global.BlackIpList) {
+			logs.Error("IP地址[" + ip + "]在全局黑名单列表内")
+			return true
+		}
+	}
+
+	return false
+}
diff --git a/server/proxy/http.go b/server/proxy/http.go
@@ -166,6 +166,12 @@ reset:
 		return
 	}
 
+	// 判断访问地址是否在全局黑名单内
+	if IsGlobalBlackIp(c.RemoteAddr().String()) {
+		c.Close()
+		return
+	}
+
 	// 判断访问地址是否在黑名单内
 	if common.IsBlackIp(c.RemoteAddr().String(), host.Client.VerifyKey, host.Client.BlackIpList) {
 		c.Close()

diff --git a/server/proxy/udp.go b/server/proxy/udp.go
@@ -47,6 +47,11 @@ func (s *UdpModeServer) Start() error {
 			continue
 		}
 
+		// 判断访问地址是否在全局黑名单内
+		if IsGlobalBlackIp(addr.String()) {
+			break
+		}
+
 		// 判断访问地址是否在黑名单内
 		if common.IsBlackIp(addr.String(), s.task.Client.VerifyKey, s.task.Client.BlackIpList) {
 			break

diff --git a/server/server.go b/server/server.go
@@ -288,6 +288,7 @@ func dealClientData() {
 		v := value.(*file.Client)
 		if vv, ok := Bridge.Client.Load(v.Id); ok {
 			v.IsConnect = true
+			v.LastOnlineTime = time.Now().Format("2006-01-02 15:04:05")
 			v.Version = vv.(*bridge.Client).Version
 		} else {
 			v.IsConnect = false

diff --git a/web/controllers/global.go b/web/controllers/global.go
@@ -0,0 +1,47 @@
+package controllers
+
+import (
+	"ehang.io/nps/lib/file"
+	"strings"
+)
+
+type GlobalController struct {
+	BaseController
+}
+
+func (s *GlobalController) Index() {
+	//if s.Ctx.Request.Method == "GET" {
+	//
+	//	return
+	//}
+	s.Data["menu"] = "global"
+	s.SetInfo("global")
+	s.display("global/index")
+
+	global := file.GetDb().GetGlobal()
+	if global == nil {
+		return
+	}
+	s.Data["globalBlackIpList"] = strings.Join(global.BlackIpList, "\r\n")
+}
+
+//添加全局黑名单IP
+func (s *GlobalController) Save() {
+	//global, err := file.GetDb().GetGlobal()
+	//if err != nil {
+	//	return
+	//}
+	if s.Ctx.Request.Method == "GET" {
+		s.Data["menu"] = "global"
+		s.SetInfo("save global")
+		s.display()
+	} else {
+
+		t := &file.Glob{BlackIpList: RemoveRepeatedElement(strings.Split(s.getEscapeString("globalBlackIpList"), "\r\n"))}
+
+		if err := file.GetDb().SaveGlobal(t); err != nil {
+			s.AjaxErr(err.Error())
+		}
+		s.AjaxOk("save success")
+	}
+}
diff --git a/web/routers/router.go b/web/routers/router.go
@@ -14,6 +14,7 @@ func Init() {
 			beego.NSAutoRouter(&controllers.LoginController{}),
 			beego.NSAutoRouter(&controllers.ClientController{}),
 			beego.NSAutoRouter(&controllers.AuthController{}),
+			beego.NSAutoRouter(&controllers.GlobalController{}),
 		)
 		beego.AddNamespace(ns)
 	} else {
@@ -22,5 +23,7 @@ func Init() {
 		beego.AutoRouter(&controllers.LoginController{})
 		beego.AutoRouter(&controllers.ClientController{})
 		beego.AutoRouter(&controllers.AuthController{})
+		beego.AutoRouter(&controllers.GlobalController{})
+
 	}
 }
diff --git a/web/static/js/language.js b/web/static/js/language.js
@@ -161,6 +161,18 @@ function submitform(action, url, postdata) {
                     }
                 }
             });
+		case 'global':
+			$.ajax({
+				type: "POST",
+				url: url,
+				data: postdata,
+				success: function (res) {
+					alert(langreply(res.msg));
+					if (res.status) {
+						document.location.reload();
+					}
+				}
+			});
     }
 }
 

diff --git a/web/static/page/languages.xml b/web/static/page/languages.xml
@@ -237,6 +237,10 @@
 		<zh-CN>仪表盘</zh-CN>
 		<en-US>Dashboard</en-US>
 	</lang>
+	<lang id="word-globalparam">
+		<zh-CN>全局参数</zh-CN>
+		<en-US>Global Params</en-US>
+	</lang>
 	<lang id="word-exportflow">
 		<zh-CN>出口流量</zh-CN>
 		<en-US>Export Flow</en-US>
@@ -707,6 +711,12 @@
 		<en-US>IP Black List</en-US>
 	</lang>
 
+
+	<lang id="word-globalblackiplist">
+		<zh-CN>全局IP黑名单（防暴力破解）</zh-CN>
+		<en-US>Global IP Black List</en-US>
+	</lang>
+
 	<lang id="info-suchasblackiplist">
 		<zh-CN>例如&#10;10.1.50.203&#10;10.1.50.202</zh-CN>
 		<en-US>such as&#10;10.1.50.203&#10;10.1.50.202</en-US>
@@ -723,6 +733,10 @@
 		<en-US>IP Black List</en-US>
 	</lang>
 
+	<lang id="word-lastonlinetime">
+		<zh-CN>上次在线时间</zh-CN>
+		<en-US>Last Online Time</en-US>
+	</lang>
 
 	<confirm>
 		<lang id="delete">

diff --git a/web/views/client/list.html b/web/views/client/list.html
@@ -71,6 +71,7 @@ <h5 langtag="page-clientlist"></h5>
                 + '<b langtag="word-compress"></b>: <span langtag="word-' + row.Cnf.Compress + '"></span>&emsp;'
                 + '<b langtag="word-connectbyconfig"></b>: <span langtag="word-' + row.ConfigConnAllow + '"></span>&emsp;<br/><br/>'
                 + '<b langtag="word-blackip"></b>: ' + row.BlackIpList + '&emsp;<br/><br/>'
+                + '<b langtag="word-lastonlinetime"></b>: ' + row.LastOnlineTime + '&emsp;<br/><br/>'
                 + '<b langtag="word-commandclient"></b>: ' + "<code>./npc{{.win}} -server={{.ip}}:{{.p}} -vkey=" + row.VerifyKey + " -type=" +{{.bridgeType}} +"</code>"
         },
         //表格的列

diff --git a/web/views/global/index.html b/web/views/global/index.html
@@ -0,0 +1,44 @@
+<div class="wrapper wrapper-content">
+    <!--全局参数-->
+    <div class="row">
+        <div class="col-lg-12">
+            <div class="ibox float-e-margins">
+                <div class="ibox-title">
+                    <h5 langtag="word-globalparam"></h5>
+                </div>
+                <div class="ibox-content">
+
+                    <form class="form-horizontal">
+                        <div class="form-group" id="black_ip_list">
+                            <label class="control-label font-bold" langtag="word-globalblackiplist"></label>
+                            <div class="col-sm-4">
+                                <textarea class="form-control" rows="10" type="text" name="globalBlackIpList" placeholder=""
+                                          langtag="info-suchasblackiplist">{{.globalBlackIpList}}</textarea>
+                                <span class="help-block m-b-none" langtag="info-descblackiplist"></span>
+                            </div>
+                        </div>
+
+                        <div class="form-group">
+                            <div class="col-sm-4 col-sm-offset-2">
+                                <button class="btn btn-success" type="button"
+                                        onclick="submitform('global', '{{.web_base_url}}/global/save', $('form').serializeArray())">
+                                    <i class="fa fa-fw fa-lg fa-check-circle"></i> <span langtag="word-save"></span>
+                                </button>
+                            </div>
+                        </div>
+                    </form>
+                </div>
+            </div>
+        </div>
+    </div>
+
+
+</div>
+
+<script>
+    window.addEventListener('resize', () => {
+        for (var key in charts) {
+            charts[key].resize();
+        }
+    });
+</script>