fix: 修改 SSH 端口时自动放开防火墙 (#2760)

Refs #2729

backend/app/api/v1/ssh.go

@@ -47,18 +47,18 @@ func (b *BaseApi) OperateSSH(c *gin.Context) {
 // @Summary Update host SSH setting
 // @Description 更新 SSH 配置
 // @Accept json
-// @Param request body dto.SettingUpdate true "request"
+// @Param request body dto.SSHUpdate true "request"
 // @Success 200
 // @Security ApiKeyAuth
 // @Router /host/ssh/update [post]
 // @x-panel-log {"bodyKeys":["key","value"],"paramKeys":[],"BeforeFunctions":[],"formatZH":"修改 SSH 配置 [key] => [value]","formatEN":"update SSH setting [key] => [value]"}
 func (b *BaseApi) UpdateSSH(c *gin.Context) {
-	var req dto.SettingUpdate
+	var req dto.SSHUpdate
 	if err := helper.CheckBindAndValidate(&req, c); err != nil {
 		return
 	}
 
-	if err := sshService.Update(req.Key, req.Value); err != nil {
+	if err := sshService.Update(req); err != nil {
 		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
 		return
 	}

backend/app/dto/ssh.go

@@ -2,6 +2,12 @@ package dto
 
 import "time"
 
+type SSHUpdate struct {
+	Key      string `json:"key" validate:"required"`
+	OldValue string `json:"oldValue"`
+	NewValue string `json:"newValue"`
+}
+
 type SSHInfo struct {
 	AutoStart              bool   `json:"authStart"`
 	Status                 string `json:"status"`

backend/app/service/ssh.go

@@ -30,7 +30,7 @@ type ISSHService interface {
 	GetSSHInfo() (*dto.SSHInfo, error)
 	OperateSSH(operation string) error
 	UpdateByFile(value string) error
-	Update(key, value string) error
+	Update(req dto.SSHUpdate) error
 	GenerateSSH(req dto.GenerateSSH) error
 	AnalysisLog(req dto.SearchForAnalysis) (*dto.AnalysisRes, error)
 	LoadSSHSecret(mode string) (string, error)
@@ -114,7 +114,7 @@ func (u *SSHService) OperateSSH(operation string) error {
 	return nil
 }
 
-func (u *SSHService) Update(key, value string) error {
+func (u *SSHService) Update(req dto.SSHUpdate) error {
 	serviceName, err := loadServiceName()
 	if err != nil {
 		return err
@@ -125,10 +125,7 @@ func (u *SSHService) Update(key, value string) error {
 		return err
 	}
 	lines := strings.Split(string(sshConf), "\n")
-	newFiles := updateSSHConf(lines, key, value)
+	newFiles := updateSSHConf(lines, req.Key, req.NewValue)
-	if err := settingRepo.Update(key, value); err != nil {
-		return err
-	}
 	file, err := os.OpenFile(sshPath, os.O_WRONLY|os.O_TRUNC, 0666)
 	if err != nil {
 		return err
@@ -138,10 +135,28 @@ func (u *SSHService) Update(key, value string) error {
 		return err
 	}
 	sudo := cmd.SudoHandleCmd()
-	if key == "Port" {
+	if req.Key == "Port" {
 		stdout, _ := cmd.Execf("%s getenforce", sudo)
 		if stdout == "Enforcing\n" {
-			_, _ = cmd.Execf("%s semanage port -a -t ssh_port_t -p tcp %s", sudo, value)
+			_, _ = cmd.Execf("%s semanage port -a -t ssh_port_t -p tcp %s", sudo, req.NewValue)
+		}
+
+		ruleItem := dto.PortRuleUpdate{
+			OldRule: dto.PortRuleOperate{
+				Operation: "remove",
+				Port:      req.OldValue,
+				Protocol:  "tcp",
+				Strategy:  "accept",
+			},
+			NewRule: dto.PortRuleOperate{
+				Operation: "add",
+				Port:      req.NewValue,
+				Protocol:  "tcp",
+				Strategy:  "accept",
+			},
+		}
+		if err := NewIFirewallService().UpdatePortRule(ruleItem); err != nil {
+			global.LOG.Errorf("reset firewall rules %s -> %s failed, err: %v", req.OldValue, req.OldValue, err)
 		}
 	}
 

cmd/server/docs/docs.go

@@ -1,5 +1,5 @@
-// Package docs GENERATED BY SWAG; DO NOT EDIT
+// Code generated by swaggo/swag. DO NOT EDIT.
-// This file was generated by swaggo/swag
+
 package docs
 
 import "github.com/swaggo/swag"
@@ -6565,7 +6565,7 @@ const docTemplate = `{
                         "in": "body",
                         "required": true,
                         "schema": {
-                            "$ref": "#/definitions/dto.SettingUpdate"
+                            "$ref": "#/definitions/dto.SSHUpdate"
                         }
                     }
                 ],
@@ -15439,6 +15439,23 @@ const docTemplate = `{
                 }
             }
         },
+        "dto.SSHUpdate": {
+            "type": "object",
+            "required": [
+                "key"
+            ],
+            "properties": {
+                "key": {
+                    "type": "string"
+                },
+                "newValue": {
+                    "type": "string"
+                },
+                "oldValue": {
+                    "type": "string"
+                }
+            }
+        },
         "dto.SSLUpdate": {
             "type": "object",
             "required": [

cmd/server/docs/swagger.json

@@ -6558,7 +6558,7 @@
                         "in": "body",
                         "required": true,
                         "schema": {
-                            "$ref": "#/definitions/dto.SettingUpdate"
+                            "$ref": "#/definitions/dto.SSHUpdate"
                         }
                     }
                 ],
@@ -15432,6 +15432,23 @@
                 }
             }
         },
+        "dto.SSHUpdate": {
+            "type": "object",
+            "required": [
+                "key"
+            ],
+            "properties": {
+                "key": {
+                    "type": "string"
+                },
+                "newValue": {
+                    "type": "string"
+                },
+                "oldValue": {
+                    "type": "string"
+                }
+            }
+        },
         "dto.SSLUpdate": {
             "type": "object",
             "required": [

cmd/server/docs/swagger.yaml

@@ -1989,6 +1989,17 @@ definitions:
       successfulCount:
         type: integer
     type: object
+  dto.SSHUpdate:
+    properties:
+      key:
+        type: string
+      newValue:
+        type: string
+      oldValue:
+        type: string
+    required:
+    - key
+    type: object
   dto.SSLUpdate:
     properties:
       cert:
@@ -8499,7 +8510,7 @@ paths:
         name: request
         required: true
         schema:
-          $ref: '#/definitions/dto.SettingUpdate'
+          $ref: '#/definitions/dto.SSHUpdate'
       responses:
         "200":
           description: OK

frontend/src/api/interface/host.ts

@@ -128,6 +128,11 @@ export namespace Host {
         permitRootLogin: string;
         useDNS: string;
     }
+    export interface SSHUpdate {
+        key: string;
+        oldValue: string;
+        newValue: string;
+    }
     export interface SSHGenerate {
         encryptionMode: string;
         password: string;

frontend/src/api/modules/host.ts

@@ -111,8 +111,8 @@ export const getSSHConf = () => {
 export const operateSSH = (operation: string) => {
     return http.post(`/hosts/ssh/operate`, { operation: operation });
 };
-export const updateSSH = (key: string, value: string) => {
+export const updateSSH = (params: Host.SSHUpdate) => {
-    return http.post(`/hosts/ssh/update`, { key: key, value: value });
+    return http.post(`/hosts/ssh/update`, params);
 };
 export const updateSSHByfile = (file: string) => {
     return http.post(`/hosts/ssh/conffile/update`, { file: file });

frontend/src/views/host/ssh/ssh/address/index.vue

@@ -76,8 +76,13 @@ const onSave = async (formEl: FormInstance | undefined) => {
             },
         )
             .then(async () => {
+                let params = {
+                    key: 'ListenAddress',
+                    oldValue: '',
+                    newValue: form.listenAddress,
+                };
                 loading.value = true;
-                await updateSSH('ListenAddress', form.listenAddress)
+                await updateSSH(params)
                     .then(() => {
                         loading.value = false;
                         handleClose();

frontend/src/views/host/ssh/ssh/index.vue

@@ -267,8 +267,13 @@ const onSave = async (formEl: FormInstance | undefined, key: string, value: stri
         },
     )
         .then(async () => {
+            let params = {
+                key: key,
+                oldValue: '',
+                newValue: value,
+            };
             loading.value = true;
-            await updateSSH(key, value)
+            await updateSSH(params)
                 .then(() => {
                     loading.value = false;
                     MsgSuccess(i18n.global.t('commons.msg.operationSuccess'));

frontend/src/views/host/ssh/ssh/port/index.vue

@@ -46,6 +46,7 @@ interface DialogProps {
 }
 const drawerVisible = ref();
 const loading = ref();
+const oldPort = ref();
 
 const form = reactive({
     port: 22,
@@ -55,6 +56,7 @@ const formRef = ref<FormInstance>();
 
 const acceptParams = (params: DialogProps): void => {
     form.port = params.port;
+    oldPort.value = params.port;
     drawerVisible.value = true;
 };
 
@@ -72,8 +74,13 @@ const onSave = async (formEl: FormInstance | undefined) => {
             },
         )
             .then(async () => {
+                let params = {
+                    key: 'Port',
+                    oldValue: oldPort.value + '',
+                    newValue: form.port + '',
+                };
                 loading.value = true;
-                await updateSSH('Port', form.port + '')
+                await updateSSH(params)
                     .then(() => {
                         loading.value = false;
                         handleClose();

frontend/src/views/host/ssh/ssh/root/index.vue

@@ -79,8 +79,13 @@ const onSave = async (formEl: FormInstance | undefined) => {
             },
         )
             .then(async () => {
+                let params = {
+                    key: 'PermitRootLogin',
+                    oldValue: '',
+                    newValue: form.permitRootLogin,
+                };
                 loading.value = true;
-                await updateSSH('PermitRootLogin', form.permitRootLogin)
+                await updateSSH(params)
                     .then(() => {
                         loading.value = false;
                         handleClose();