gh_mirrors/1Panel
1
0
Fork 0
mirror of https://github.com/1Panel-dev/1Panel.git synced 2025-03-14 01:34:47 +08:00
Code

feat: 同步修改防火墙端口

Browse Source
This commit is contained in:
ssongliu 2023-04-01 00:51:25 +08:00 committed by ssongliu
parent 1c5d01b11c
commit 8902fdc78a
18 changed files with 363 additions and 121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
backend/app/repo/app_install.go
View File

@ -112,6 +112,7 @@ type RootInfo struct {
ID uint `json:"id"` ID uint `json:"id"`
Name string `json:"name"` Name string `json:"name"`
Port int64 `json:"port"` Port int64 `json:"port"`
HttpsPort int64 `json:"httpsPort"`
Password string `json:"password"` Password string `json:"password"`
UserPassword string `json:"userPassword"` UserPassword string `json:"userPassword"`
ContainerName string `json:"containerName"` ContainerName string `json:"containerName"`
@ -152,6 +153,7 @@ func (a *AppInstallRepo) LoadBaseInfo(key string, name string) (*RootInfo, error
info.UserPassword = userPassword info.UserPassword = userPassword
} }
info.Port = int64(appInstall.HttpPort) info.Port = int64(appInstall.HttpPort)
info.HttpsPort = int64(appInstall.HttpsPort)
info.ID = appInstall.ID info.ID = appInstall.ID
info.ContainerName = appInstall.ContainerName info.ContainerName = appInstall.ContainerName
info.Name = appInstall.Name info.Name = appInstall.Name

4
backend/app/service/app_install.go
View File

@ -387,6 +387,10 @@ func (a *AppInstallService) ChangeAppPort(req request.PortUpdate) error {
} }
} }
if err := OperateFirewallPort([]int{int(appInstall.Port)}, []int{int(req.Port)}); err != nil {
global.LOG.Errorf("allow firewall failed, err: %v", err)
}
return nil return nil
} }

133
backend/app/service/firewall.go
View File

@ -2,9 +2,12 @@ package service
import ( import (
"fmt" "fmt"
"strconv"
"strings" "strings"
"github.com/1Panel-dev/1Panel/backend/app/dto" "github.com/1Panel-dev/1Panel/backend/app/dto"
"github.com/1Panel-dev/1Panel/backend/utils/cmd"
"github.com/1Panel-dev/1Panel/backend/utils/common"
"github.com/1Panel-dev/1Panel/backend/utils/firewall" "github.com/1Panel-dev/1Panel/backend/utils/firewall"
fireClient "github.com/1Panel-dev/1Panel/backend/utils/firewall/client" fireClient "github.com/1Panel-dev/1Panel/backend/utils/firewall/client"
"github.com/jinzhu/copier" "github.com/jinzhu/copier"
@ -101,6 +104,22 @@ func (u *FirewallService) SearchWithPage(req dto.RuleSearch) (int64, interface{}
backDatas = datas[start:end] backDatas = datas[start:end]
} }
if req.Type == "port" {
apps := u.loadPortByApp()
for i := 0; i < len(backDatas); i++ {
backDatas[i].IsUsed = common.ScanPortWithProtocol(backDatas[i].Port, backDatas[i].Protocol)
if backDatas[i].Protocol == "udp" {
continue
}
for _, app := range apps {
if app.HttpPort == backDatas[i].Port || app.HttpsPort == backDatas[i].Port {
backDatas[i].APPName = app.AppName
break
}
}
}
}
return int64(total), backDatas, nil return int64(total), backDatas, nil
} }
@ -111,9 +130,24 @@ func (u *FirewallService) OperateFirewall(operation string) error {
} }
switch operation { switch operation {
case "start": case "start":
return client.Start() if err := client.Start(); err != nil {
return err
}
serverPort, err := settingRepo.Get(settingRepo.WithByKey("ServerPort"))
if err != nil {
return err
}
if err := client.Port(fireClient.FireInfo{Port: serverPort.Value, Protocol: "tcp", Strategy: "accept"}, "add"); err != nil {
return err
}
_, _ = cmd.Exec("systemctl restart docker")
return nil
case "stop": case "stop":
return client.Stop() if err := client.Stop(); err != nil {
return err
}
_, _ = cmd.Exec("systemctl restart docker")
return nil
case "disablePing": case "disablePing":
return client.UpdatePingStatus("0") return client.UpdatePingStatus("0")
case "enablePing": case "enablePing":
@ -134,16 +168,47 @@ func (u *FirewallService) OperatePortRule(req dto.PortRuleOperate, reload bool)
return u.operatePort(client, req) return u.operatePort(client, req)
} }
} }
if req.Protocol == "tcp/udp" { if req.Protocol == "tcp/udp" {
req.Protocol = "tcp" if client.Name() == "firewalld" && strings.Contains(req.Port, ",") {
if err := u.operatePort(client, req); err != nil { ports := strings.Split(req.Port, ",")
return err for _, port := range ports {
if len(port) == 0 {
continue
}
req.Port = port
req.Protocol = "tcp"
if err := u.operatePort(client, req); err != nil {
return err
}
req.Protocol = "udp"
if err := u.operatePort(client, req); err != nil {
return err
}
}
} else {
req.Protocol = "tcp"
if err := u.operatePort(client, req); err != nil {
return err
}
req.Protocol = "udp"
if err := u.operatePort(client, req); err != nil {
return err
}
}
} else {
if strings.Contains(req.Port, ",") {
ports := strings.Split(req.Port, ",")
for _, port := range ports {
req.Port = port
if err := u.operatePort(client, req); err != nil {
return err
}
}
} else {
if err := u.operatePort(client, req); err != nil {
return err
}
} }
req.Protocol = "udp"
}
if err := u.operatePort(client, req); err != nil {
return err
} }
if reload { if reload {
return client.Reload() return client.Reload()
@ -228,6 +293,26 @@ func (u *FirewallService) BacthOperateRule(req dto.BatchRuleOperate) error {
return client.Reload() return client.Reload()
} }
func OperateFirewallPort(oldPorts, newPorts []int) error {
fmt.Printf("old: %v, new: %v \n", oldPorts, newPorts)
client, err := firewall.NewFirewallClient()
if err != nil {
return err
}
for _, port := range newPorts {
if err := client.Port(fireClient.FireInfo{Port: strconv.Itoa(port), Protocol: "tcp", Strategy: "accept"}, "add"); err != nil {
return err
}
}
for _, port := range oldPorts {
if err := client.Port(fireClient.FireInfo{Port: strconv.Itoa(port), Protocol: "tcp", Strategy: "accept"}, "remove"); err != nil {
return err
}
}
return client.Reload()
}
func (u *FirewallService) operatePort(client firewall.FirewallClient, req dto.PortRuleOperate) error { func (u *FirewallService) operatePort(client firewall.FirewallClient, req dto.PortRuleOperate) error {
var fireInfo fireClient.FireInfo var fireInfo fireClient.FireInfo
if err := copier.Copy(&fireInfo, &req); err != nil { if err := copier.Copy(&fireInfo, &req); err != nil {
@ -246,3 +331,31 @@ func (u *FirewallService) operatePort(client firewall.FirewallClient, req dto.Po
} }
return client.Port(fireInfo, req.Operation) return client.Port(fireInfo, req.Operation)
} }
type portOfApp struct {
AppName string
HttpPort string
HttpsPort string
}
func (u *FirewallService) loadPortByApp() []portOfApp {
var datas []portOfApp
apps, err := appInstallRepo.ListBy()
if err != nil {
return datas
}
for i := 0; i < len(apps); i++ {
datas = append(datas, portOfApp{
AppName: apps[i].App.Key,
HttpPort: strconv.Itoa(apps[i].HttpPort),
HttpsPort: strconv.Itoa(apps[i].HttpsPort),
})
}
systemPort, err := settingRepo.Get(settingRepo.WithByKey("ServerPort"))
if err != nil {
return datas
}
datas = append(datas, portOfApp{AppName: "1panel", HttpPort: systemPort.Value})
return datas
}

9
backend/app/service/setting.go
View File

@ -70,7 +70,14 @@ func (u *SettingService) UpdatePort(port uint) error {
if common.ScanPort(int(port)) { if common.ScanPort(int(port)) {
return buserr.WithDetail(constant.ErrPortInUsed, port, nil) return buserr.WithDetail(constant.ErrPortInUsed, port, nil)
} }
serverPort, err := settingRepo.Get(settingRepo.WithByKey("ServerPort"))
if err != nil {
return err
}
portValue, _ := strconv.Atoi(serverPort.Value)
if err := OperateFirewallPort([]int{portValue}, []int{int(port)}); err != nil {
global.LOG.Errorf("set system firewall ports failed, err: %v", err)
}
if err := settingRepo.Update("ServerPort", strconv.Itoa(int(port))); err != nil { if err := settingRepo.Update("ServerPort", strconv.Itoa(int(port))); err != nil {
return err return err
} }

23
backend/utils/common/common.go
View File

@ -11,6 +11,8 @@ import (
"sort" "sort"
"strconv" "strconv"
"strings" "strings"
"github.com/1Panel-dev/1Panel/backend/utils/cmd"
) )
func CompareVersion(version1 string, version2 string) bool { func CompareVersion(version1 string, version2 string) bool {
@ -92,6 +94,27 @@ func ScanPort(port int) bool {
return false return false
} }
func ScanPortWithProtocol(port, Protocol string) bool {
command := "netstat -ntpl"
if Protocol == "udp" {
command = "netstat -nupl"
}
stdout, err := cmd.Execf("%s | awk '{print $4}' ", command)
if err != nil {
return false
}
lines := strings.Split(stdout, "\n")
if len(lines) == 0 {
return false
}
for _, line := range lines {
if strings.HasSuffix(line, ":"+port) {
return true
}
}
return false
}
func ExistWithStrArray(str string, arr []string) bool { func ExistWithStrArray(str string, arr []string) bool {
for _, a := range arr { for _, a := range arr {
if strings.Contains(a, str) { if strings.Contains(a, str) {

40
backend/utils/firewall/client/firewalld.go
View File

@ -20,7 +20,10 @@ func (f *Firewall) Name() string {
func (f *Firewall) Status() (string, error) { func (f *Firewall) Status() (string, error) {
stdout, _ := cmd.Exec("firewall-cmd --state") stdout, _ := cmd.Exec("firewall-cmd --state")
return strings.ReplaceAll(stdout, "\n", ""), nil if stdout == "running\n" {
return "running", nil
}
return "not running", nil
} }
func (f *Firewall) Version() (string, error) { func (f *Firewall) Version() (string, error) {
@ -83,6 +86,9 @@ func (f *Firewall) ListPort() ([]FireInfo, error) {
ports := strings.Split(strings.ReplaceAll(stdout, "\n", ""), " ") ports := strings.Split(strings.ReplaceAll(stdout, "\n", ""), " ")
var datas []FireInfo var datas []FireInfo
for _, port := range ports { for _, port := range ports {
if len(port) == 0 {
continue
}
var itemPort FireInfo var itemPort FireInfo
if strings.Contains(port, "/") { if strings.Contains(port, "/") {
itemPort.Port = strings.Split(port, "/")[0] itemPort.Port = strings.Split(port, "/")[0]
@ -121,7 +127,7 @@ func (f *Firewall) ListAddress() ([]FireInfo, error) {
continue continue
} }
itemRule := f.loadInfo(rule) itemRule := f.loadInfo(rule)
if len(itemRule.Port) == 0 { if len(itemRule.Port) == 0 && len(itemRule.Address) != 0 {
datas = append(datas, itemRule) datas = append(datas, itemRule)
} }
} }
@ -137,18 +143,22 @@ func (f *Firewall) Port(port FireInfo, operation string) error {
} }
func (f *Firewall) RichRules(rule FireInfo, operation string) error { func (f *Firewall) RichRules(rule FireInfo, operation string) error {
ruleStr := "rule family=ipv4 " ruleStr := ""
if len(rule.Address) != 0 { if strings.Contains(rule.Address, "-") {
ruleStr += fmt.Sprintf("source address=%s ", rule.Address) ruleStr = fmt.Sprintf("rule source ipset=%s %s", rule.Address, rule.Strategy)
} else {
ruleStr = "rule family=ipv4 "
if len(rule.Address) != 0 {
ruleStr += fmt.Sprintf("source address=%s ", rule.Address)
}
if len(rule.Port) != 0 {
ruleStr += fmt.Sprintf("port port=%s ", rule.Port)
}
if len(rule.Protocol) != 0 {
ruleStr += fmt.Sprintf("protocol=%s ", rule.Protocol)
}
ruleStr += rule.Strategy
} }
if len(rule.Port) != 0 {
ruleStr += fmt.Sprintf("port port=%s ", rule.Port)
}
if len(rule.Protocol) != 0 {
ruleStr += fmt.Sprintf("protocol=%s ", rule.Protocol)
}
ruleStr += rule.Strategy
stdout, err := cmd.Execf("firewall-cmd --zone=public --%s-rich-rule '%s' --permanent", operation, ruleStr) stdout, err := cmd.Execf("firewall-cmd --zone=public --%s-rich-rule '%s' --permanent", operation, ruleStr)
if err != nil { if err != nil {
return fmt.Errorf("%s rich rules failed, err: %s", operation, stdout) return fmt.Errorf("%s rich rules failed, err: %s", operation, stdout)
@ -176,13 +186,15 @@ func (f *Firewall) loadInfo(line string) FireInfo {
switch { switch {
case strings.Contains(item, "family="): case strings.Contains(item, "family="):
itemRule.Family = strings.ReplaceAll(item, "family=", "") itemRule.Family = strings.ReplaceAll(item, "family=", "")
case strings.Contains(item, "ipset="):
itemRule.Address = strings.ReplaceAll(item, "ipset=", "")
case strings.Contains(item, "address="): case strings.Contains(item, "address="):
itemRule.Address = strings.ReplaceAll(item, "address=", "") itemRule.Address = strings.ReplaceAll(item, "address=", "")
case strings.Contains(item, "port="): case strings.Contains(item, "port="):
itemRule.Port = strings.ReplaceAll(item, "port=", "") itemRule.Port = strings.ReplaceAll(item, "port=", "")
case strings.Contains(item, "protocol="): case strings.Contains(item, "protocol="):
itemRule.Protocol = strings.ReplaceAll(item, "protocol=", "") itemRule.Protocol = strings.ReplaceAll(item, "protocol=", "")
case item == "accept" || item == "drop": case item == "accept" || item == "drop" || item == "reject":
itemRule.Strategy = item itemRule.Strategy = item
} }
} }

37
backend/utils/firewall/client/firewalld_test.go
View File

@ -1,37 +0,0 @@
package client
import (
"fmt"
"strings"
"testing"
"github.com/1Panel-dev/1Panel/backend/utils/ssh"
)
func TestFire(t *testing.T) {
ConnInfo := ssh.ConnInfo{
Addr: "172.16.10.234",
User: "ubuntu",
AuthMode: "password",
Port: 22,
}
output, err := ConnInfo.Run("sudo ufw status verbose")
if err != nil {
fmt.Println(err)
}
lines := strings.Split(string(output), "\n")
var datas []FireInfo
isStart := false
for _, line := range lines {
if strings.HasPrefix(line, "--") {
isStart = true
continue
}
if !isStart {
continue
}
}
fmt.Println(datas)
}

3
backend/utils/firewall/client/info.go
View File

@ -6,6 +6,9 @@ type FireInfo struct {
Port string `json:"port"` Port string `json:"port"`
Protocol string `json:"protocol"` // tcp udp tcp/udp Protocol string `json:"protocol"` // tcp udp tcp/udp
Strategy string `json:"strategy"` // accept drop Strategy string `json:"strategy"` // accept drop
APPName string `json:"appName"`
IsUsed bool `json:"isUsed"`
} }
type Forward struct { type Forward struct {

5
backend/utils/firewall/client/ufw.go
View File

@ -85,6 +85,11 @@ func (f *Ufw) UpdatePingStatus(enabel string) error {
return err return err
} }
stdout, err := cmd.Exec("sudo ufw reload")
if err != nil {
return fmt.Errorf("reload ufw setting failed, err: %v", stdout)
}
return nil return nil
} }

2
frontend/src/api/interface/host.ts
View File

@ -69,6 +69,8 @@ export namespace Host {
port: string; port: string;
protocol: string; protocol: string;
strategy: string; strategy: string;
appName: string;
isUsed: boolean;
} }
export interface RulePort { export interface RulePort {
operation: string; operation: string;

29
frontend/src/lang/modules/en.ts
View File

@ -1185,19 +1185,33 @@ const message = {
cookieBlockList: 'Cookie Blacklist', cookieBlockList: 'Cookie Blacklist',
firewall: 'Firewall', firewall: 'Firewall',
used: 'Used',
unUsed: 'Unused',
firewallHelper: '{0} System firewall', firewallHelper: '{0} System firewall',
firewallNotStart: 'The firewall service is not enabled at present, please enable it first!', firewallNotStart: 'The firewall service is not enabled at present, please enable it first!',
stopFirewallHelper: stopFirewallHelper:
'If the firewall is disabled, the server loses security protection. Do you want to continue?', 'After the system firewall is disabled, the server loses security protection. Do you want to continue?',
startFirewallHelper: startFirewallHelper:
'After the firewall is enabled, the current server security can be better protected. Do you want to continue?', 'After the firewall is enabled, the server security can be better protected. Do you want to continue?',
noPing: 'Disable ping', noPing: 'Disable ping',
noPingHelper: noPingTitle: 'Disable ping',
'If the ping function is disabled, the server cannot be pinged. Do you want to continue the operation?', noPingHelper: 'If the ping function is disabled, the server cannot be pinged. Do you want to continue?',
onPingHelper: 'If you disable ping, hackers may discover your server. Do you want to continue?', onPingHelper: 'If you disable ping, hackers may discover your server. Do you want to continue?',
protocol: 'Protocol', protocol: 'Protocol',
port: 'Port', port: 'Port',
changeStrategy: 'Change the {0} strategy', changeStrategy: 'Change the {0} strategy',
changeStrategyIPHelper1:
'Change the IP address strategy to [deny]. After the IP address is set, access to the server is prohibited. Do you want to continue?',
changeStrategyIPHelper2:
'Change the IP address strategy to [allow]. After the IP address is set, normal access is restored. Do you want to continue?',
changeStrategyPortHelper1:
'Change the port policy to [drop]. After the port policy is set, external access is denied. Do you want to continue?',
changeStrategyPortHelper2:
'Change the port policy to [accept]. After the policy is set, normal port access will be restored. Do you want to continue?',
stop: 'Stop',
portFormatError: 'Please enter the correct port information!',
portHelper1: 'Multiple ports, such as 8080 and 8081',
portHelper2: 'Range port, such as 8080-8089',
changeStrategyHelper: changeStrategyHelper:
'Change [{1}] {0} strategy to [{2}]. After setting, {0} will access {2} externally. Do you want to continue?', 'Change [{1}] {0} strategy to [{2}]. After setting, {0} will access {2} externally. Do you want to continue?',
portHelper: 'Multiple ports can be entered, such as 80,81, or range ports, such as 80-88', portHelper: 'Multiple ports can be entered, such as 80,81, or range ports, such as 80-88',
@ -1209,9 +1223,10 @@ const message = {
address: 'Specified IP', address: 'Specified IP',
allow: 'Allow', allow: 'Allow',
deny: 'Deny', deny: 'Deny',
addressHelper1: 'Support for multiple IP, such as 172.16.10.11 172.16.10.99', addressFormatError: 'Please enter a valid ip address!',
addressHelper2: 'You can enter an IP address segment, for example, 172.16.10.0/24', addressHelper1: 'Multiple IP please separated with ",", such as 172.16.10.11, 172.16.10.99',
addressHelper3: 'You can enter an IP address range, such as 172.16.10.11-172.16.10.99', addressHelper2: 'IP segment, such as 172.16.10.0/24',
addressHelper3: 'IP address range, such as 172.16.10.11-172.16.10.99',
allIP: 'All IP', allIP: 'All IP',
portRule: 'Port rule', portRule: 'Port rule',
ipRule: 'IP rule', ipRule: 'IP rule',

30
frontend/src/lang/modules/zh.ts
View File

@ -807,6 +807,8 @@ const message = {
LOCAL: '服务器磁盘', LOCAL: '服务器磁盘',
currentPath: '当前路径', currentPath: '当前路径',
OSS: '阿里云 OSS', OSS: '阿里云 OSS',
COS: '腾讯云 cos browser',
KODO: '七牛云 Kodo',
S3: '亚马逊 S3 云存储', S3: '亚马逊 S3 云存储',
MINIO: 'MINIO', MINIO: 'MINIO',
SFTP: 'SFTP', SFTP: 'SFTP',
@ -1184,18 +1186,27 @@ const message = {
cookieBlockList: 'Cookie 黑名单', cookieBlockList: 'Cookie 黑名单',
firewall: '防火墙', firewall: '防火墙',
used: '已使用',
unUsed: '未使用',
firewallHelper: '{0}系统防火墙', firewallHelper: '{0}系统防火墙',
firewallNotStart: '当前未开启防火墙服务请先开启', firewallNotStart: '当前未开启防火墙服务请先开启',
stopFirewallHelper: '停用系统防火墙服务器将失去安全防护是否继续操作', stopFirewallHelper: '系统防火墙关闭后服务器将失去安全防护是否继续',
startFirewallHelper: '启用系统防火墙后可以更好的防护当前的服务器安全是否继续操作', startFirewallHelper: '系统防火墙开启可以更好的防护服务器安全是否继续',
noPing: ' ping', noPing: ' ping',
noPingHelper: ' ping 后不影响服务器正常使用但无法 ping 通服务器是否继续操作', noPingTitle: '是否禁 ping',
onPingHelper: '解除禁 ping 状态可能会被黑客发现您的服务器是否继续操作', noPingHelper: ' ping 后将无法 ping 通服务器是否继续',
onPingHelper: '解除禁 ping 后您的服务器可能会被黑客发现是否继续',
protocol: '协议', protocol: '协议',
port: '端口', port: '端口',
changeStrategy: '修改{0}策略', changeStrategy: '修改{0}策略',
changeStrategyHelper: '修改 [{1}] {0}策略为 [{2}]设置后该{0}{2}外部访问是否继续操作', changeStrategyIPHelper1: 'IP 策略修改为屏蔽设置后该 IP 将禁止访问服务器是否继续',
portHelper: '支持输入多个端口 80,81 或者范围端口 80-88', changeStrategyIPHelper2: 'IP 策略修改为放行设置后该 IP 将恢复正常访问是否继续',
changeStrategyPortHelper1: '端口策略修改为拒绝设置后端口将拒绝外部访问是否继续',
changeStrategyPortHelper2: '端口策略为允许设置后端口将恢复正常访问是否继续',
stop: '禁止',
portFormatError: '请输入正确的端口信息',
portHelper1: '多个端口8080,8081',
portHelper2: '范围端口8080-8089',
strategy: '策略', strategy: '策略',
accept: '允许', accept: '允许',
drop: '拒绝', drop: '拒绝',
@ -1204,9 +1215,10 @@ const message = {
address: '指定 IP', address: '指定 IP',
allow: '放行', allow: '放行',
deny: '屏蔽', deny: '屏蔽',
addressHelper1: '支持输入多个 IP 172.16.10.11,172.16.10.99', addressFormatError: '请输入合法的 ip 地址',
addressHelper2: '支持输入 IP 172.16.10.0/24', addressHelper1: '多个 IP 请用 "," 隔开172.16.10.11,172.16.10.99',
addressHelper3: '支持输入 IP 范围 172.16.10.11-172.16.10.99', addressHelper2: 'IP 172.16.0.0/24',
addressHelper3: 'IP 范围172.16.10.10-172.16.10.19暂不支持跨网段范围',
allIP: '所有 IP', allIP: '所有 IP',
portRule: '端口规则', portRule: '端口规则',
ipRule: 'IP 规则', ipRule: 'IP 规则',

9
frontend/src/utils/util.ts
View File

@ -167,6 +167,15 @@ export function checkIp(value: string): boolean {
} }
} }
export function checkPort(value: string): boolean {
const reg = /^([0-9]|[1-9]\d{1,3}|[1-5]\d{4}|6[0-5]{2}[0-3][0-5])$/;
if (!reg.test(value) && value !== '') {
return true;
} else {
return false;
}
}
export function getProvider(provider: string): string { export function getProvider(provider: string): string {
switch (provider) { switch (provider) {
case 'dnsAccount': case 'dnsAccount':

25
frontend/src/views/host/firewall/ip/index.vue
View File

@ -1,5 +1,5 @@
<template> <template>
<div v-loading="loading"> <div v-loading="loading" style="position: relative">
<FireRouter /> <FireRouter />
<FireStatus ref="fireStatuRef" @search="search" v-model:loading="loading" v-model:status="fireStatus" /> <FireStatus ref="fireStatuRef" @search="search" v-model:loading="loading" v-model:status="fireStatus" />
@ -108,6 +108,12 @@ const paginationConfig = reactive({
}); });
const search = async () => { const search = async () => {
if (fireStatus.value !== 'running') {
loading.value = false;
data.value = [];
paginationConfig.total = 0;
return;
}
let params = { let params = {
type: activeTag.value, type: activeTag.value,
info: searchName.value, info: searchName.value,
@ -141,15 +147,14 @@ const onOpenDialog = async (
}; };
const onChangeStatus = async (row: Host.RuleInfo, status: string) => { const onChangeStatus = async (row: Host.RuleInfo, status: string) => {
let operation = status === 'accept' ? i18n.global.t('firewall.allow') : i18n.global.t('firewall.deny'); let operation =
ElMessageBox.confirm( status === 'accept'
i18n.global.t('firewall.changeStrategyHelper', ['IP', row.address, operation]), ? i18n.global.t('firewall.changeStrategyIPHelper2')
i18n.global.t('firewall.changeStrategy', ['IP']), : i18n.global.t('firewall.changeStrategyIPHelper1');
{ ElMessageBox.confirm(operation, i18n.global.t('firewall.changeStrategy', [' IP ']), {
confirmButtonText: i18n.global.t('commons.button.confirm'), confirmButtonText: i18n.global.t('commons.button.confirm'),
cancelButtonText: i18n.global.t('commons.button.cancel'), cancelButtonText: i18n.global.t('commons.button.cancel'),
}, }).then(async () => {
).then(async () => {
let params = { let params = {
oldRule: { oldRule: {
operation: 'remove', operation: 'remove',

25
frontend/src/views/host/firewall/ip/operate/index.vue
View File

@ -9,10 +9,11 @@
<el-col :span="22"> <el-col :span="22">
<el-form-item :label="$t('firewall.address')" prop="address"> <el-form-item :label="$t('firewall.address')" prop="address">
<el-input <el-input
:disabled="dialogData.title === 'edit'"
:autosize="{ minRows: 3, maxRows: 6 }" :autosize="{ minRows: 3, maxRows: 6 }"
type="textarea" type="textarea"
clearable clearable
v-model="dialogData.rowData!.address" v-model.trim="dialogData.rowData!.address"
/> />
<span class="input-help">{{ $t('firewall.addressHelper1') }}</span> <span class="input-help">{{ $t('firewall.addressHelper1') }}</span>
<span class="input-help">{{ $t('firewall.addressHelper2') }}</span> <span class="input-help">{{ $t('firewall.addressHelper2') }}</span>
@ -45,10 +46,10 @@ import { Rules } from '@/global/form-rules';
import i18n from '@/lang'; import i18n from '@/lang';
import { ElForm } from 'element-plus'; import { ElForm } from 'element-plus';
import DrawerHeader from '@/components/drawer-header/index.vue'; import DrawerHeader from '@/components/drawer-header/index.vue';
import { MsgSuccess } from '@/utils/message'; import { MsgError, MsgSuccess } from '@/utils/message';
import { Host } from '@/api/interface/host'; import { Host } from '@/api/interface/host';
import { operateIPRule, updateAddrRule } from '@/api/modules/host'; import { operateIPRule, updateAddrRule } from '@/api/modules/host';
import { deepCopy } from '@/utils/util'; import { checkIp, deepCopy } from '@/utils/util';
const loading = ref(); const loading = ref();
const oldRule = ref<Host.RuleIP>(); const oldRule = ref<Host.RuleIP>();
@ -88,9 +89,25 @@ const onSubmit = async (formEl: FormInstance | undefined) => {
if (!formEl) return; if (!formEl) return;
formEl.validate(async (valid) => { formEl.validate(async (valid) => {
if (!valid) return; if (!valid) return;
loading.value = true;
dialogData.value.rowData.operation = 'add'; dialogData.value.rowData.operation = 'add';
if (!dialogData.value.rowData) return; if (!dialogData.value.rowData) return;
let ips = [];
if (dialogData.value.rowData.address.indexOf('-') !== -1) {
ips = dialogData.value.rowData.address.split('-');
} else if (dialogData.value.rowData.address.indexOf(',') !== -1) {
ips = dialogData.value.rowData.address.split(',');
} else if (dialogData.value.rowData.address.indexOf('/') !== -1) {
ips.push(dialogData.value.rowData.address.split('/')[0]);
} else {
ips.push(dialogData.value.rowData.address);
}
for (const ip of ips) {
if (checkIp(ip)) {
MsgError(i18n.global.t('firewall.addressFormatError'));
return;
}
}
loading.value = true;
if (dialogData.value.title === 'create') { if (dialogData.value.title === 'create') {
await operateIPRule(dialogData.value.rowData) await operateIPRule(dialogData.value.rowData)
.then(() => { .then(() => {

48
frontend/src/views/host/firewall/port/index.vue
View File

@ -1,5 +1,5 @@
<template> <template>
<div v-loading="loading"> <div v-loading="loading" style="position: relative">
<FireRouter /> <FireRouter />
<FireStatus ref="fireStatuRef" @search="search" v-model:loading="loading" v-model:status="fireStatus" /> <FireStatus ref="fireStatuRef" @search="search" v-model:loading="loading" v-model:status="fireStatus" />
@ -42,13 +42,24 @@
@search="search" @search="search"
:data="data" :data="data"
> >
<el-table-column type="selection" fix /> <el-table-column type="selection" :selectable="selectable" fix />
<el-table-column :label="$t('firewall.protocol')" :min-width="90" prop="protocol" /> <el-table-column :label="$t('firewall.protocol')" :min-width="90" prop="protocol" />
<el-table-column :label="$t('firewall.port')" :min-width="120" prop="port" /> <el-table-column :label="$t('firewall.port')" :min-width="120" prop="port" />
<el-table-column :label="$t('commons.table.status')" :min-width="120">
<template #default="{ row }">
<el-tag type="info" v-if="row.isUsed">
{{
row.appName ? $t('firewall.used') + ' ( ' + row.appName + ' )' : $t('firewall.used')
}}
</el-tag>
<el-tag type="success" v-else>{{ $t('firewall.unUsed') }}</el-tag>
</template>
</el-table-column>
<el-table-column :min-width="80" :label="$t('firewall.strategy')" prop="strategy"> <el-table-column :min-width="80" :label="$t('firewall.strategy')" prop="strategy">
<template #default="{ row }"> <template #default="{ row }">
<el-button <el-button
v-if="row.strategy === 'accept'" v-if="row.strategy === 'accept'"
:disabled="row.appName === '1panel'"
@click="onChangeStatus(row, 'drop')" @click="onChangeStatus(row, 'drop')"
link link
type="success" type="success"
@ -111,6 +122,12 @@ const paginationConfig = reactive({
}); });
const search = async () => { const search = async () => {
if (fireStatus.value !== 'running') {
loading.value = false;
data.value = [];
paginationConfig.total = 0;
return;
}
let params = { let params = {
type: activeTag.value, type: activeTag.value,
info: searchName.value, info: searchName.value,
@ -146,15 +163,14 @@ const onOpenDialog = async (
}; };
const onChangeStatus = async (row: Host.RuleInfo, status: string) => { const onChangeStatus = async (row: Host.RuleInfo, status: string) => {
let operation = i18n.global.t('firewall.' + status); let operation =
ElMessageBox.confirm( status === 'accept'
i18n.global.t('firewall.changeStrategyHelper', [i18n.global.t('firewall.port'), row.port, operation]), ? i18n.global.t('firewall.changeStrategyPortHelper2')
i18n.global.t('firewall.changeStrategy', [i18n.global.t('firewall.port')]), : i18n.global.t('firewall.changeStrategyPortHelper1');
{ ElMessageBox.confirm(operation, i18n.global.t('firewall.changeStrategy', [i18n.global.t('firewall.port')]), {
confirmButtonText: i18n.global.t('commons.button.confirm'), confirmButtonText: i18n.global.t('commons.button.confirm'),
cancelButtonText: i18n.global.t('commons.button.cancel'), cancelButtonText: i18n.global.t('commons.button.cancel'),
}, }).then(async () => {
).then(async () => {
let params = { let params = {
oldRule: { oldRule: {
operation: 'remove', operation: 'remove',
@ -227,18 +243,28 @@ const onDelete = async (row: Host.RuleInfo | null) => {
}); });
}; };
function selectable(row) {
return row.appName !== '1panel';
}
const buttons = [ const buttons = [
{ {
label: i18n.global.t('commons.button.edit'), label: i18n.global.t('commons.button.edit'),
click: (row: Host.RulePort) => { click: (row: Host.RulePort) => {
onOpenDialog('edit', row); onOpenDialog('edit', row);
}, },
disabled: (row: any) => {
return row.appName === '1panel';
},
}, },
{ {
label: i18n.global.t('commons.button.delete'), label: i18n.global.t('commons.button.delete'),
click: (row: Host.RuleInfo) => { click: (row: Host.RuleInfo) => {
onDelete(row); onDelete(row);
}, },
disabled: (row: any) => {
return row.appName === '1panel';
},
}, },
]; ];

32
frontend/src/views/host/firewall/port/operate/index.vue
View File

@ -16,8 +16,13 @@
</el-form-item> </el-form-item>
<el-form-item :label="$t('firewall.port')" prop="port"> <el-form-item :label="$t('firewall.port')" prop="port">
<el-input clearable v-model.trim="dialogData.rowData!.port" /> <el-input
<span class="input-help">{{ $t('firewall.portHelper') }}</span> :disabled="dialogData.title === 'edit'"
clearable
v-model.trim="dialogData.rowData!.port"
/>
<span class="input-help">{{ $t('firewall.portHelper1') }}</span>
<span class="input-help">{{ $t('firewall.portHelper2') }}</span>
</el-form-item> </el-form-item>
<el-form-item :label="$t('firewall.source')" prop="source"> <el-form-item :label="$t('firewall.source')" prop="source">
@ -62,10 +67,10 @@ import { Rules } from '@/global/form-rules';
import i18n from '@/lang'; import i18n from '@/lang';
import { ElForm } from 'element-plus'; import { ElForm } from 'element-plus';
import DrawerHeader from '@/components/drawer-header/index.vue'; import DrawerHeader from '@/components/drawer-header/index.vue';
import { MsgSuccess } from '@/utils/message'; import { MsgError, MsgSuccess } from '@/utils/message';
import { Host } from '@/api/interface/host'; import { Host } from '@/api/interface/host';
import { operatePortRule, updatePortRule } from '@/api/modules/host'; import { operatePortRule, updatePortRule } from '@/api/modules/host';
import { deepCopy } from '@/utils/util'; import { checkPort, deepCopy } from '@/utils/util';
const loading = ref(); const loading = ref();
const oldRule = ref<Host.RulePort>(); const oldRule = ref<Host.RulePort>();
@ -102,7 +107,7 @@ const handleClose = () => {
const rules = reactive({ const rules = reactive({
protocol: [Rules.requiredSelect], protocol: [Rules.requiredSelect],
port: [Rules.requiredInput], port: [Rules.requiredInput],
address: [Rules.requiredInput], address: [Rules.ip],
}); });
type FormInstance = InstanceType<typeof ElForm>; type FormInstance = InstanceType<typeof ElForm>;
@ -114,6 +119,23 @@ const onSubmit = async (formEl: FormInstance | undefined) => {
if (!valid) return; if (!valid) return;
dialogData.value.rowData.operation = 'add'; dialogData.value.rowData.operation = 'add';
if (!dialogData.value.rowData) return; if (!dialogData.value.rowData) return;
if (dialogData.value.rowData.source === 'anyWhere') {
dialogData.value.rowData.address = '';
}
let ports = [];
if (dialogData.value.rowData.port.indexOf('-') !== -1) {
ports = dialogData.value.rowData.port.split('-');
} else if (dialogData.value.rowData.port.indexOf(',') !== -1) {
ports = dialogData.value.rowData.port.split(',');
} else {
ports.push(dialogData.value.rowData.port);
}
for (const port of ports) {
if (checkPort(port)) {
MsgError(i18n.global.t('firewall.portFormatError'));
return;
}
}
loading.value = true; loading.value = true;
if (dialogData.value.title === 'create') { if (dialogData.value.title === 'create') {
await operatePortRule(dialogData.value.rowData) await operatePortRule(dialogData.value.rowData)

28
frontend/src/views/host/firewall/status/index.vue
View File

@ -16,22 +16,21 @@
<el-button type="primary" @click="onOperate('stop')" link> <el-button type="primary" @click="onOperate('stop')" link>
{{ $t('commons.button.stop') }} {{ $t('commons.button.stop') }}
</el-button> </el-button>
<el-divider direction="vertical" />
<el-button type="primary" link>{{ $t('firewall.noPing') }}</el-button>
<el-switch
style="margin-left: 10px"
inactive-value="Disable"
active-value="Enable"
@change="onPingOperate(baseInfo.pingStatus)"
v-model="onPing"
/>
</span> </span>
<span v-if="baseInfo.status === 'not running'" class="buttons"> <span v-if="baseInfo.status === 'not running'" class="buttons">
<el-button type="primary" @click="onOperate('start')" link> <el-button type="primary" @click="onOperate('start')" link>
{{ $t('commons.button.start') }} {{ $t('commons.button.start') }}
</el-button> </el-button>
</span> </span>
<el-divider direction="vertical" />
<el-button type="primary" link>{{ $t('firewall.noPing') }}</el-button>
<el-switch
style="margin-left: 10px"
inactive-value="Disable"
active-value="Enable"
@change="onPingOperate(baseInfo.pingStatus)"
v-model="onPing"
/>
</div> </div>
</el-card> </el-card>
</div> </div>
@ -42,11 +41,12 @@
import { Host } from '@/api/interface/host'; import { Host } from '@/api/interface/host';
import { loadFireBaseInfo, operateFire } from '@/api/modules/host'; import { loadFireBaseInfo, operateFire } from '@/api/modules/host';
import i18n from '@/lang'; import i18n from '@/lang';
import { MsgSuccess } from '@/utils/message';
import { ElMessageBox } from 'element-plus'; import { ElMessageBox } from 'element-plus';
import { ref } from 'vue'; import { ref } from 'vue';
const baseInfo = ref<Host.FirewallBase>({ status: '', name: '', version: '', pingStatus: '' }); const baseInfo = ref<Host.FirewallBase>({ status: '', name: '', version: '', pingStatus: '' });
const onPing = ref(); const onPing = ref('Disable');
const acceptParams = (): void => { const acceptParams = (): void => {
loadBaseInfo(true); loadBaseInfo(true);
@ -59,7 +59,7 @@ const loadBaseInfo = async (search: boolean) => {
baseInfo.value = res.data; baseInfo.value = res.data;
onPing.value = baseInfo.value.pingStatus; onPing.value = baseInfo.value.pingStatus;
emit('update:status', baseInfo.value.status); emit('update:status', baseInfo.value.status);
if (baseInfo.value.status === 'running' && search) { if (search) {
emit('search'); emit('search');
} else { } else {
emit('update:loading', false); emit('update:loading', false);
@ -81,6 +81,7 @@ const onOperate = async (operation: string) => {
emit('update:status', 'running'); emit('update:status', 'running');
await operateFire(operation) await operateFire(operation)
.then(() => { .then(() => {
MsgSuccess(i18n.global.t('commons.msg.operationSuccess'));
loadBaseInfo(true); loadBaseInfo(true);
}) })
.catch(() => { .catch(() => {
@ -92,7 +93,7 @@ const onOperate = async (operation: string) => {
const onPingOperate = async (operation: string) => { const onPingOperate = async (operation: string) => {
let operationHelper = let operationHelper =
operation === 'Enabel' ? i18n.global.t('firewall.noPingHelper') : i18n.global.t('firewall.onPingHelper'); operation === 'Enabel' ? i18n.global.t('firewall.noPingHelper') : i18n.global.t('firewall.onPingHelper');
ElMessageBox.confirm(operationHelper, i18n.global.t('firewall.noPing'), { ElMessageBox.confirm(operationHelper, i18n.global.t('firewall.noPingTitle'), {
confirmButtonText: i18n.global.t('commons.button.confirm'), confirmButtonText: i18n.global.t('commons.button.confirm'),
cancelButtonText: i18n.global.t('commons.button.cancel'), cancelButtonText: i18n.global.t('commons.button.cancel'),
}) })
@ -102,6 +103,7 @@ const onPingOperate = async (operation: string) => {
operation = operation === 'Disable' ? 'enablePing' : 'disablePing'; operation = operation === 'Disable' ? 'enablePing' : 'disablePing';
await operateFire(operation) await operateFire(operation)
.then(() => { .then(() => {
MsgSuccess(i18n.global.t('commons.msg.operationSuccess'));
loadBaseInfo(false); loadBaseInfo(false);
}) })
.catch(() => { .catch(() => {