acepanel/panel
2
0
Fork 0
mirror of https://github.com/acepanel/panel.git synced 2026-02-05 00:39:32 +08:00
Code Issues Packages Releases Activity
Files
645895765033c8a1cdd9a329051ed5919c1ffd0c
panel/internal/service/user.go
Copilot f2e41a3364 feat: 添加操作日志记录功能和前端日志查看页面 (#1227) 
* Initial plan

* feat: 添加操作日志记录功能和前端日志查看页面

Co-authored-by: devhaozi <115467771+devhaozi@users.noreply.github.com>

* fix: 修复 HttpLog 中 IP 字符串处理的类型安全问题

Co-authored-by: devhaozi <115467771+devhaozi@users.noreply.github.com>

* fix: lint

* feat: 完善面板内日志记录,添加网站/数据库/项目/计划任务/备份CRUD日志

Co-authored-by: devhaozi <115467771+devhaozi@users.noreply.github.com>

* feat: 完善更多模块的日志记录(证书/SSH/Webhook/用户/设置/安全)

Co-authored-by: devhaozi <115467771+devhaozi@users.noreply.github.com>

* fix: 改进cert_dns删除方法,在删除前获取实体信息用于日志记录

Co-authored-by: devhaozi <115467771+devhaozi@users.noreply.github.com>

* fix: lint

* feat: 从session获取操作员ID并在前端显示用户名

Co-authored-by: devhaozi <115467771+devhaozi@users.noreply.github.com>

* fix: lint

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: devhaozi <115467771+devhaozi@users.noreply.github.com>
Co-authored-by: 耗子 <haozi@loli.email>
2026-01-12 23:31:22 +08:00

377 lines
8.9 KiB
Go
Raw Blame History

package service
import (
"bytes"
"crypto/rsa"
"crypto/sha256"
"encoding/base64"
"encoding/gob"
"fmt"
"image/png"
"net"
"net/http"
"strings"
"time"
"github.com/dchest/captcha"
"github.com/leonelquinteros/gotext"
"github.com/libtnb/chix"
"github.com/libtnb/sessions"
"github.com/pquerna/otp/totp"
"github.com/spf13/cast"
"github.com/acepanel/panel/internal/biz"
"github.com/acepanel/panel/internal/http/request"
"github.com/acepanel/panel/pkg/config"
"github.com/acepanel/panel/pkg/rsacrypto"
)
// 登录失败次数阈值,超过此次数需要验证码
const loginFailThreshold = 3
type UserService struct {
t *gotext.Locale
conf *config.Config
session *sessions.Manager
userRepo biz.UserRepo
}
func NewUserService(t *gotext.Locale, conf *config.Config, session *sessions.Manager, user biz.UserRepo) *UserService {
gob.Register(rsa.PrivateKey{}) // 必须注册 rsa.PrivateKey 类型否则无法反序列化 session 中的 key
return &UserService{
t: t,
conf: conf,
session: session,
userRepo: user,
}
}
func (s *UserService) GetKey(w http.ResponseWriter, r *http.Request) {
key, err := rsacrypto.GenerateKey()
if err != nil {
Error(w, http.StatusInternalServerError, "%v", err)
return
}
sess, err := s.session.GetSession(r)
if err != nil {
Error(w, http.StatusInternalServerError, "%v", err)
return
}
sess.Put("key", *key)
pk, err := rsacrypto.PublicKeyToString(&key.PublicKey)
if err != nil {
Error(w, http.StatusInternalServerError, "%v", err)
return
}
Success(w, pk)
}
// GetCaptcha 获取登录验证码
func (s *UserService) GetCaptcha(w http.ResponseWriter, r *http.Request) {
sess, err := s.session.GetSession(r)
if err != nil {
Error(w, http.StatusInternalServerError, "%v", err)
return
}
failCount := cast.ToInt(sess.Get("login_fail_count"))
if !s.conf.HTTP.LoginCaptcha || failCount < loginFailThreshold {
Success(w, chix.M{
"required": false,
})
return
}
captchaID := captcha.NewLen(4)
sess.Put("captcha_id", captchaID)
var buf bytes.Buffer
if err := captcha.WriteImage(&buf, captchaID, 150, 50); err != nil {
Error(w, http.StatusInternalServerError, "%v", err)
return
}
Success(w, chix.M{
"required": true,
"image": base64.StdEncoding.EncodeToString(buf.Bytes()),
})
}
func (s *UserService) Login(w http.ResponseWriter, r *http.Request) {
sess, err := s.session.GetSession(r)
if err != nil {
Error(w, http.StatusInternalServerError, "%v", err)
return
}
req, err := Bind[request.UserLogin](r)
if err != nil {
Error(w, http.StatusUnprocessableEntity, "%v", err)
return
}
failCount := cast.ToInt(sess.Get("login_fail_count"))
if s.conf.HTTP.LoginCaptcha && failCount >= loginFailThreshold {
captchaID, ok := sess.Get("captcha_id").(string)
if !ok || captchaID == "" || !captcha.VerifyString(captchaID, req.CaptchaCode) {
Error(w, http.StatusForbidden, s.t.Get("invalid captcha code"))
return
}
sess.Forget("captcha_id")
}
key, ok := sess.Get("key").(rsa.PrivateKey)
if !ok {
Error(w, http.StatusForbidden, s.t.Get("invalid key, please refresh the page"))
return
}
decryptedUsername, _ := rsacrypto.DecryptData(&key, req.Username)
decryptedPassword, _ := rsacrypto.DecryptData(&key, req.Password)
user, err := s.userRepo.CheckPassword(string(decryptedUsername), string(decryptedPassword))
if err != nil {
sess.Put("login_fail_count", failCount+1)
Error(w, http.StatusForbidden, "%v", err)
return
}
if user.TwoFA != "" {
if valid := totp.Validate(req.PassCode, user.TwoFA); !valid {
Error(w, http.StatusForbidden, s.t.Get("invalid 2FA code"))
return
}
}
// 重新生成会话 ID
if err = sess.Regenerate(true); err != nil {
Error(w, http.StatusInternalServerError, "%v", err)
return
}
// 安全登录下,将当前客户端与会话绑定
// 安全登录只在未启用面板 HTTPS 时生效
ip := r.RemoteAddr
ipHeader := s.conf.HTTP.IPHeader
if ipHeader != "" && r.Header.Get(ipHeader) != "" {
ip = strings.Split(r.Header.Get(ipHeader), ",")[0]
}
ip, _, err = net.SplitHostPort(strings.TrimSpace(ip))
if err != nil {
ip = r.RemoteAddr
}
if req.SafeLogin && !s.conf.HTTP.TLS {
sess.Put("safe_login", true)
sess.Put("safe_client", fmt.Sprintf("%x", sha256.Sum256([]byte(ip))))
} else {
sess.Forget("safe_login")
sess.Forget("safe_client")
}
sess.Put("user_id", user.ID)
sess.Put("refresh_at", time.Now().Unix())
sess.Forget("key")
sess.Forget("login_fail_count")
Success(w, nil)
}
func (s *UserService) Logout(w http.ResponseWriter, r *http.Request) {
sess, err := s.session.GetSession(r)
if err != nil {
Error(w, http.StatusInternalServerError, "%v", err)
}
sess.Forget("user_id")
sess.Forget("key")
sess.Forget("safe_login")
sess.Forget("safe_client")
// 重新生成会话 ID
if err = sess.Regenerate(true); err != nil {
Error(w, http.StatusInternalServerError, "%v", err)
return
}
Success(w, nil)
}
func (s *UserService) IsLogin(w http.ResponseWriter, r *http.Request) {
sess, err := s.session.GetSession(r)
if err != nil {
Success(w, false)
return
}
Success(w, sess.Has("user_id"))
}
func (s *UserService) IsTwoFA(w http.ResponseWriter, r *http.Request) {
req, err := Bind[request.UserIsTwoFA](r)
if err != nil {
Error(w, http.StatusUnprocessableEntity, "%v", err)
return
}
twoFA, _ := s.userRepo.IsTwoFA(req.Username)
Success(w, twoFA)
}
func (s *UserService) Info(w http.ResponseWriter, r *http.Request) {
userID := cast.ToUint(r.Context().Value("user_id"))
if userID == 0 {
ErrorSystem(w)
return
}
user, err := s.userRepo.Get(userID)
if err != nil {
ErrorSystem(w)
return
}
Success(w, chix.M{
"id": user.ID,
"role": []string{"admin"},
"username": user.Username,
"email": user.Email,
})
}
func (s *UserService) List(w http.ResponseWriter, r *http.Request) {
req, err := Bind[request.Paginate](r)
if err != nil {
Error(w, http.StatusUnprocessableEntity, "%v", err)
return
}
users, total, err := s.userRepo.List(req.Page, req.Limit)
if err != nil {
Error(w, http.StatusInternalServerError, "%v", err)
return
}
Success(w, chix.M{
"total": total,
"items": users,
})
}
func (s *UserService) Create(w http.ResponseWriter, r *http.Request) {
req, err := Bind[request.UserCreate](r)
if err != nil {
Error(w, http.StatusUnprocessableEntity, "%v", err)
return
}
user, err := s.userRepo.Create(r.Context(), req.Username, req.Password, req.Email)
if err != nil {
Error(w, http.StatusInternalServerError, "%v", err)
return
}
Success(w, user)
}
func (s *UserService) UpdateUsername(w http.ResponseWriter, r *http.Request) {
req, err := Bind[request.UserUpdateUsername](r)
if err != nil {
Error(w, http.StatusUnprocessableEntity, "%v", err)
return
}
if err = s.userRepo.UpdateUsername(r.Context(), req.ID, req.Username); err != nil {
Error(w, http.StatusInternalServerError, "%v", err)
return
}
Success(w, nil)
}
func (s *UserService) UpdatePassword(w http.ResponseWriter, r *http.Request) {
req, err := Bind[request.UserUpdatePassword](r)
if err != nil {
Error(w, http.StatusUnprocessableEntity, "%v", err)
return
}
if err = s.userRepo.UpdatePassword(r.Context(), req.ID, req.Password); err != nil {
Error(w, http.StatusInternalServerError, "%v", err)
return
}
Success(w, nil)
}
func (s *UserService) UpdateEmail(w http.ResponseWriter, r *http.Request) {
req, err := Bind[request.UserUpdateEmail](r)
if err != nil {
Error(w, http.StatusUnprocessableEntity, "%v", err)
return
}
if err = s.userRepo.UpdateEmail(r.Context(), req.ID, req.Email); err != nil {
Error(w, http.StatusInternalServerError, "%v", err)
return
}
Success(w, nil)
}
func (s *UserService) GenerateTwoFA(w http.ResponseWriter, r *http.Request) {
req, err := Bind[request.UserID](r)
if err != nil {
Error(w, http.StatusUnprocessableEntity, "%v", err)
return
}
img, url, secret, err := s.userRepo.GenerateTwoFA(req.ID)
if err != nil {
Error(w, http.StatusInternalServerError, "%v", err)
return
}
buf := new(bytes.Buffer)
if err = png.Encode(buf, img); err != nil {
Error(w, http.StatusInternalServerError, "%v", err)
return
}
Success(w, chix.M{
"img": base64.StdEncoding.EncodeToString(buf.Bytes()),
"url": url,
"secret": secret,
})
}
func (s *UserService) UpdateTwoFA(w http.ResponseWriter, r *http.Request) {
req, err := Bind[request.UserUpdateTwoFA](r)
if err != nil {
Error(w, http.StatusUnprocessableEntity, "%v", err)
return
}
if err = s.userRepo.UpdateTwoFA(req.ID, req.Code, req.Secret); err != nil {
Error(w, http.StatusInternalServerError, "%v", err)
return
}
Success(w, nil)
}
func (s *UserService) Delete(w http.ResponseWriter, r *http.Request) {
req, err := Bind[request.UserID](r)
if err != nil {
Error(w, http.StatusUnprocessableEntity, "%v", err)
return
}
if err = s.userRepo.Delete(r.Context(), req.ID); err != nil {
Error(w, http.StatusInternalServerError, "%v", err)
return
}
Success(w, nil)
}
Reference in New Issue View Git Blame Copy Permalink