mirror of
https://github.com/acepanel/panel.git
synced 2026-02-05 04:37:17 +08:00
f2e41a3364
* Initial plan * feat: 添加操作日志记录功能和前端日志查看页面 Co-authored-by: devhaozi <115467771+devhaozi@users.noreply.github.com> * fix: 修复 HttpLog 中 IP 字符串处理的类型安全问题 Co-authored-by: devhaozi <115467771+devhaozi@users.noreply.github.com> * fix: lint * feat: 完善面板内日志记录,添加网站/数据库/项目/计划任务/备份CRUD日志 Co-authored-by: devhaozi <115467771+devhaozi@users.noreply.github.com> * feat: 完善更多模块的日志记录(证书/SSH/Webhook/用户/设置/安全) Co-authored-by: devhaozi <115467771+devhaozi@users.noreply.github.com> * fix: 改进cert_dns删除方法,在删除前获取实体信息用于日志记录 Co-authored-by: devhaozi <115467771+devhaozi@users.noreply.github.com> * fix: lint * feat: 从session获取操作员ID并在前端显示用户名 Co-authored-by: devhaozi <115467771+devhaozi@users.noreply.github.com> * fix: lint --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: devhaozi <115467771+devhaozi@users.noreply.github.com> Co-authored-by: 耗子 <haozi@loli.email>
116 lines
2.6 KiB
Go
116 lines
2.6 KiB
Go
package data
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"log/slog"
|
|
"strings"
|
|
|
|
"github.com/spf13/cast"
|
|
|
|
"github.com/acepanel/panel/internal/biz"
|
|
"github.com/acepanel/panel/pkg/firewall"
|
|
"github.com/acepanel/panel/pkg/os"
|
|
"github.com/acepanel/panel/pkg/shell"
|
|
"github.com/acepanel/panel/pkg/systemctl"
|
|
)
|
|
|
|
type safeRepo struct {
|
|
ssh string
|
|
log *slog.Logger
|
|
}
|
|
|
|
func NewSafeRepo(log *slog.Logger) biz.SafeRepo {
|
|
var ssh string
|
|
if os.IsRHEL() {
|
|
ssh = "sshd"
|
|
} else {
|
|
ssh = "ssh"
|
|
}
|
|
return &safeRepo{
|
|
ssh: ssh,
|
|
log: log,
|
|
}
|
|
}
|
|
|
|
func (r *safeRepo) GetSSH() (uint, bool, error) {
|
|
out, err := shell.Execf("cat /etc/ssh/sshd_config | grep 'Port ' | awk '{print $2}'")
|
|
if err != nil {
|
|
return 0, false, err
|
|
}
|
|
|
|
running, err := systemctl.Status(r.ssh)
|
|
if err != nil {
|
|
return 0, false, err
|
|
}
|
|
|
|
return cast.ToUint(out), running, nil
|
|
}
|
|
|
|
func (r *safeRepo) UpdateSSH(ctx context.Context, port uint, status bool) error {
|
|
oldPort, err := shell.Execf("cat /etc/ssh/sshd_config | grep 'Port ' | awk '{print $2}'")
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
_, _ = shell.Execf("sed -i 's/#Port %s/Port %d/g' /etc/ssh/sshd_config", oldPort, port)
|
|
_, _ = shell.Execf("sed -i 's/Port %s/Port %d/g' /etc/ssh/sshd_config", oldPort, port)
|
|
|
|
if !status {
|
|
if err = systemctl.Stop(r.ssh); err != nil {
|
|
return err
|
|
}
|
|
} else {
|
|
if err = systemctl.Restart(r.ssh); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
// 记录日志
|
|
r.log.Info("ssh settings updated", slog.String("type", biz.OperationTypeSafe), slog.Uint64("operator_id", getOperatorID(ctx)), slog.Uint64("port", uint64(port)), slog.Bool("status", status))
|
|
|
|
return nil
|
|
}
|
|
|
|
func (r *safeRepo) GetPingStatus() (bool, error) {
|
|
out, err := shell.Execf(`firewall-cmd --list-rich-rules`)
|
|
if err != nil { // 可能防火墙已关闭等
|
|
return true, nil
|
|
}
|
|
|
|
if !strings.Contains(out, `rule protocol value="icmp" drop`) {
|
|
return true, nil
|
|
}
|
|
|
|
return false, nil
|
|
}
|
|
|
|
func (r *safeRepo) UpdatePingStatus(ctx context.Context, status bool) error {
|
|
fw, err := firewall.NewFirewall().Status()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if !fw {
|
|
return fmt.Errorf("failed to update ping status: firewalld is not running")
|
|
}
|
|
|
|
if status {
|
|
_, err = shell.Execf(`firewall-cmd --permanent --remove-rich-rule='rule protocol value=icmp drop'`)
|
|
} else {
|
|
_, err = shell.Execf(`firewall-cmd --permanent --add-rich-rule='rule protocol value=icmp drop'`)
|
|
}
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
_, err = shell.Execf(`firewall-cmd --reload`)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// 记录日志
|
|
r.log.Info("ping status updated", slog.String("type", biz.OperationTypeSafe), slog.Uint64("operator_id", getOperatorID(ctx)), slog.Bool("status", status))
|
|
|
|
return nil
|
|
}
|