feat: Synchronously update the firewall when modifying connection information (#7536)

2025-01-31 14:08:06 +08:00 · 2024-12-23 22:05:31 +08:00 · 2024-12-23 22:05:31 +08:00 · cd266d2567
commit cd266d2567
parent d103813311
11 changed files with 151 additions and 22 deletions
--- a/core/app/service/setting.go
+++ b/core/app/service/setting.go
@ -9,6 +9,7 @@ import (
 	"net"
 	"os"
 	"path"
+	"regexp"
 	"strconv"
 	"strings"
 	"time"
@ -21,6 +22,8 @@ import (
 	"github.com/1Panel-dev/1Panel/core/utils/cmd"
 	"github.com/1Panel-dev/1Panel/core/utils/common"
 	"github.com/1Panel-dev/1Panel/core/utils/encrypt"
+	"github.com/1Panel-dev/1Panel/core/utils/firewall"
+	"github.com/1Panel-dev/1Panel/core/utils/xpack"
 	"github.com/gin-gonic/gin"
 )

@ -75,6 +78,13 @@ func (u *SettingService) GetSettingInfo() (*dto.SettingInfo, error) {
 }

 func (u *SettingService) Update(key, value string) error {
+	oldVal, err := settingRepo.Get(repo.WithByKey(key))
+	if err != nil {
+		return err
+	}
+	if oldVal.Value == value {
+		return nil
+	}
 	switch key {
 	case "AppStoreLastModified":
 		exist, _ := settingRepo.Get(repo.WithByKey("AppStoreLastModified"))
@ -82,8 +92,6 @@ func (u *SettingService) Update(key, value string) error {
 			_ = settingRepo.Create("AppStoreLastModified", value)
 			return nil
 		}
-	case "MasterAddr":
-		global.CONF.System.MasterAddr = value
 	}

 	if err := settingRepo.Update(key, value); err != nil {
@ -105,7 +113,12 @@ func (u *SettingService) Update(key, value string) error {
 		}
 	case "UserName", "Password":
 		_ = global.SESSION.Clean()
-
+	case "MasterAddr":
+		go func() {
+			if err := xpack.UpdateMasterAddr(value); err != nil {
+				global.LOG.Errorf("update master addr failed, err: %v", err)
+			}
+		}()
 	}

 	return nil
@ -174,16 +187,40 @@ func (u *SettingService) UpdatePort(port uint) error {
 	if common.ScanPort(int(port)) {
 		return buserr.WithDetail(constant.ErrPortInUsed, port, nil)
 	}
-	// TODO 修改防火墙端口
+	oldPort, err := settingRepo.Get(repo.WithByKey("Port"))
+	if err != nil {
+		return err
+	}
+	if oldPort.Value == fmt.Sprintf("%v", port) {
+		return nil
+	}
+	if err := firewall.UpdatePort(oldPort.Value, fmt.Sprintf("%v", port)); err != nil {
+		return err
+	}

 	if err := settingRepo.Update("ServerPort", strconv.Itoa(int(port))); err != nil {
 		return err
 	}
 	go func() {
 		time.Sleep(1 * time.Second)
-		_, err := cmd.Exec("systemctl restart 1panel.service")
+		defer func() {
+			if _, err := cmd.Exec("systemctl restart 1panel.service"); err != nil {
+				global.LOG.Errorf("restart system port failed, err: %v", err)
+			}
+		}()
+		masterAddr, err := settingRepo.Get(repo.WithByKey("MasterAddr"))
 		if err != nil {
-			global.LOG.Errorf("restart system port failed, err: %v", err)
+			global.LOG.Errorf("load master addr from db failed, err: %v", err)
+			return
+		}
+		if len(masterAddr.Value) != 0 {
+			oldMasterPort := loadPort(masterAddr.Value)
+			if len(oldMasterPort) != 0 {
+				if err := xpack.UpdateMasterAddr(strings.ReplaceAll(masterAddr.Value, oldMasterPort, fmt.Sprintf("%v", port))); err != nil {
+					global.LOG.Errorf("update master addr from db failed, err: %v", err)
+					return
+				}
+			}
 		}
 	}()
 	return nil
@ -250,7 +287,31 @@ func (u *SettingService) UpdateSSL(c *gin.Context, req dto.SSLUpdate) error {
 	if err := settingRepo.Update("SSL", req.SSL); err != nil {
 		return err
 	}
-	return u.UpdateSystemSSL()
+
+	if err := u.UpdateSystemSSL(); err != nil {
+		return err
+	}
+
+	go func() {
+		oldSSL, _ := settingRepo.Get(repo.WithByKey("SSL"))
+		if oldSSL.Value != req.SSL {
+			masterAddr, err := settingRepo.Get(repo.WithByKey("MasterAddr"))
+			if err != nil {
+				global.LOG.Errorf("load master addr from db failed, err: %v", err)
+				return
+			}
+			addrItem := masterAddr.Value
+			if req.SSL == constant.StatusDisable {
+				addrItem = strings.ReplaceAll(addrItem, "https://", "http://")
+			} else {
+				addrItem = strings.ReplaceAll(addrItem, "http://", "https://")
+			}
+			if err := xpack.UpdateMasterAddr(addrItem); err != nil {
+				global.LOG.Errorf("update master addr from db failed, err: %v", err)
+			}
+		}
+	}()
+	return nil
 }

 func (u *SettingService) LoadFromCert() (*dto.SSLInfo, error) {
@ -452,3 +513,17 @@ func checkCertValid() error {

 	return nil
 }
+
+func loadPort(address string) string {
+	re := regexp.MustCompile(`(?:(?:\[([0-9a-fA-F:]+)\])|([^:/\s]+))(?::(\d+))?$`)
+	matches := re.FindStringSubmatch(address)
+	if len(matches) <= 0 {
+		return ""
+	}
+	var port string
+	port = matches[3]
+	if len(port) != 0 {
+		return port
+	}
+	return ""
+}
--- a/core/configs/system.go
+++ b/core/configs/system.go
@ -5,7 +5,6 @@ type System struct {
 	Ipv6           string `mapstructure:"ipv6"`
 	BindAddress    string `mapstructure:"bindAddress"`
 	SSL            string `mapstructure:"ssl"`
-	MasterAddr     string `mapstructure:"masterAddr"`
 	DbCoreFile     string `mapstructure:"db_core_file"`
 	EncryptKey     string `mapstructure:"encrypt_key"`
 	BaseDir        string `mapstructure:"base_dir"`
--- a/core/constant/errs.go
+++ b/core/constant/errs.go
@ -76,4 +76,5 @@ var (
 	ErrFreeNodeLimit = "ErrFreeNodeLimit"
 	ErrNodeBound     = "ErrNodeBound"
 	ErrNodeBind      = "ErrNodeBind"
+	ConnInfoNotMatch = "ConnInfoNotMatch"
 )
--- a/core/constant/status.go
+++ b/core/constant/status.go
@ -8,6 +8,7 @@ const (
 	StatusWaiting     = "Waiting"
 	StatusPacking     = "Packing"
 	StatusSending     = "Sending"
+	StatusChecking    = "Checking"
 	StatusStarting    = "Starting"
 	StatusHealthy     = "Healthy"
 	StatusUnhealthy   = "Unhealthy"
--- a/core/i18n/lang/en.yaml
+++ b/core/i18n/lang/en.yaml
@ -82,6 +82,7 @@ RestartAfterUpgrade: "Start Service After Upgrade"
 #add node
 TaskAddNode: "Add Node"
 GenerateSSLInfo: "Generate Node SSL Information"
+ConnInfoNotMatch: "Connection information does not match";
 MakeAgentPackage: "Generate Node Installation Package"
 SendAgent: "Distribute Node Installation Package"
 StartService: "Start Service"
--- a/core/i18n/lang/zh-Hant.yaml
+++ b/core/i18n/lang/zh-Hant.yaml
@ -82,6 +82,7 @@ RestartAfterUpgrade: "升級後啟動服務"
 #node create
 TaskAddNode: "添加節點"
 GenerateSSLInfo: "生成節點 SSL 信息"
+ConnInfoNotMatch: "連接信息不匹配";
 MakeAgentPackage: "生成節點安裝包"
 SendAgent: "下發節點安裝包"
 StartService: "啟動服務"
--- a/core/i18n/lang/zh.yaml
+++ b/core/i18n/lang/zh.yaml
@ -84,6 +84,7 @@ RestartAfterUpgrade: "升级后启动服务"
 #add node
 TaskAddNode: "添加节点"
 GenerateSSLInfo: "生成节点 SSL 信息"
+ConnInfoNotMatch: "连接信息不匹配"
 MakeAgentPackage: "生成节点安装包"
 SendAgent: "下发节点安装包"
 StartService: "启动服务"
--- a/core/init/hook/hook.go
+++ b/core/init/hook/hook.go
@ -14,11 +14,6 @@ import (

 func Init() {
 	settingRepo := repo.NewISettingRepo()
-	masterSetting, err := settingRepo.Get(repo.WithByKey("MasterAddr"))
-	if err != nil {
-		global.LOG.Errorf("load master addr from setting failed, err: %v", err)
-	}
-	global.CONF.System.MasterAddr = masterSetting.Value
 	portSetting, err := settingRepo.Get(repo.WithByKey("ServerPort"))
 	if err != nil {
 		global.LOG.Errorf("load service port from setting failed, err: %v", err)
--- a/core/utils/cmd/cmd.go
+++ b/core/utils/cmd/cmd.go
@ -4,6 +4,7 @@ import (
 	"bytes"
 	"fmt"
 	"os/exec"
+	"strings"
 	"time"

 	"github.com/1Panel-dev/1Panel/core/buserr"
@ -22,6 +23,14 @@ func SudoHandleCmd() string {
 	return ""
 }

+func Which(name string) bool {
+	stdout, err := Execf("which %s", name)
+	if err != nil || (len(strings.ReplaceAll(stdout, "\n", "")) == 0) {
+		return false
+	}
+	return true
+}
+
 func Execf(cmdStr string, a ...interface{}) (string, error) {
 	cmd := exec.Command("bash", "-c", fmt.Sprintf(cmdStr, a...))
 	var stdout, stderr bytes.Buffer
--- a/core/utils/firewall/firewall.go
+++ b/core/utils/firewall/firewall.go
@ -0,0 +1,50 @@
+package firewall
+
+import (
+	"fmt"
+
+	"github.com/1Panel-dev/1Panel/core/utils/cmd"
+)
+
+func UpdatePort(oldPort, newPort string) error {
+	firewalld := cmd.Which("firewalld")
+	if firewalld {
+		status, _ := cmd.Exec("LANGUAGE=en_US:en firewall-cmd --state")
+		isRunning := status == "running\n"
+		if isRunning {
+			return firewallUpdatePort(oldPort, newPort)
+		}
+	}
+
+	ufw := cmd.Which("ufw")
+	if !ufw {
+		return nil
+	}
+	status, _ := cmd.Exec("LANGUAGE=en_US:en ufw status | grep Status")
+	isRuning := status == "Status: active\n"
+	if isRuning {
+		return ufwUpdatePort(oldPort, newPort)
+	}
+	return nil
+}
+
+func firewallUpdatePort(oldPort, newPort string) error {
+	stdout, err := cmd.Execf("firewall-cmd --zone=public --add-port=%s/tcp --permanent", newPort)
+	if err != nil {
+		return fmt.Errorf("add (port: %s/tcp) failed, err: %s", newPort, stdout)
+	}
+
+	_, _ = cmd.Execf("firewall-cmd --zone=public --remove-port=%s/tcp --permanent", oldPort)
+	_, _ = cmd.Exec("firewall-cmd --reload")
+	return nil
+}
+
+func ufwUpdatePort(oldPort, newPort string) error {
+	stdout, err := cmd.Execf("ufw allow %s", newPort)
+	if err != nil {
+		return fmt.Errorf("add (port: %s/tcp) failed, err: %s", newPort, stdout)
+	}
+
+	_, _ = cmd.Execf("ufw delete allow %s", oldPort)
+	return nil
+}
--- a/core/utils/xpack/xpack.go
+++ b/core/utils/xpack/xpack.go
@ -6,16 +6,12 @@ import (
 	"github.com/gin-gonic/gin"
 )

-func Proxy(c *gin.Context, currentNode string) {
-	return
-}
+func Proxy(c *gin.Context, currentNode string) { return }

-func UpdateGroup(name string, group, newGroup uint) error {
-	return nil
-}
+func UpdateGroup(name string, group, newGroup uint) error { return nil }

-func CheckBackupUsed(id uint) error {
-	return nil
-}
+func CheckBackupUsed(id uint) error { return nil }

 func InitAgentRouter(Router *gin.RouterGroup) {}
+
+func UpdateMasterAddr(newAddr string) error { return nil }