This commit is contained in:
刘河 2019-04-10 20:54:51 +08:00
parent 16c97a3c36
commit 60c8b0c7bf
5 changed files with 71 additions and 65 deletions

View File

@ -1,6 +1,6 @@
package version package version
const VERSION = "0.22.0" const VERSION = "0.22.1"
// Compulsory minimum version, Minimum downward compatibility to this version // Compulsory minimum version, Minimum downward compatibility to this version
func GetVersion() string { func GetVersion() string {

View File

@ -249,7 +249,7 @@ func (s *httpServer) httpHandle(c *conn.Conn, r *http.Request) {
reqCh <- r reqCh <- r
} }
end: end:
if isConn { if !readReq {
s.writeConnFail(c.Conn) s.writeConnFail(c.Conn)
} }
c.Close() c.Close()

View File

@ -6,6 +6,7 @@ import (
"github.com/cnlh/nps/lib/file" "github.com/cnlh/nps/lib/file"
"github.com/cnlh/nps/server" "github.com/cnlh/nps/server"
"github.com/cnlh/nps/vender/github.com/astaxie/beego" "github.com/cnlh/nps/vender/github.com/astaxie/beego"
"html"
"math" "math"
"strconv" "strconv"
"strings" "strings"
@ -26,7 +27,7 @@ func (s *BaseController) Prepare() {
// web api verify // web api verify
// param 1 is md5(authKey+Current timestamp) // param 1 is md5(authKey+Current timestamp)
// param 2 is timestamp (It's limited to 20 seconds.) // param 2 is timestamp (It's limited to 20 seconds.)
md5Key := s.GetString("auth_key") md5Key := s.getEscapeString("auth_key")
timestamp := s.GetIntNoErr("timestamp") timestamp := s.GetIntNoErr("timestamp")
configKey := beego.AppConfig.String("auth_key") configKey := beego.AppConfig.String("auth_key")
timeNowUnix := time.Now().Unix() timeNowUnix := time.Now().Unix()
@ -85,6 +86,11 @@ func (s *BaseController) error() {
s.TplName = "public/error.html" s.TplName = "public/error.html"
} }
//getEscapeString
func (s *BaseController) getEscapeString(key string) string {
return html.EscapeString(s.GetString(key))
}
//去掉没有err返回值的int //去掉没有err返回值的int
func (s *BaseController) GetIntNoErr(key string, def ...int) int { func (s *BaseController) GetIntNoErr(key string, def ...int) int {
strv := s.Ctx.Input.Query(key) strv := s.Ctx.Input.Query(key)

View File

@ -27,7 +27,7 @@ func (s *ClientController) List() {
} else { } else {
clientId = clientIdSession.(int) clientId = clientIdSession.(int)
} }
list, cnt := server.GetClientList(start, length, s.GetString("search"), s.GetString("sort"), s.GetString("order"), clientId) list, cnt := server.GetClientList(start, length, s.getEscapeString("search"), s.getEscapeString("sort"), s.getEscapeString("order"), clientId)
s.AjaxTable(list, cnt, cnt) s.AjaxTable(list, cnt, cnt)
} }
@ -39,21 +39,21 @@ func (s *ClientController) Add() {
s.display() s.display()
} else { } else {
t := &file.Client{ t := &file.Client{
VerifyKey: s.GetString("vkey"), VerifyKey: s.getEscapeString("vkey"),
Id: int(file.GetDb().JsonDb.GetClientId()), Id: int(file.GetDb().JsonDb.GetClientId()),
Status: true, Status: true,
Remark: s.GetString("remark"), Remark: s.getEscapeString("remark"),
Cnf: &file.Config{ Cnf: &file.Config{
U: s.GetString("u"), U: s.getEscapeString("u"),
P: s.GetString("p"), P: s.getEscapeString("p"),
Compress: common.GetBoolByStr(s.GetString("compress")), Compress: common.GetBoolByStr(s.getEscapeString("compress")),
Crypt: s.GetBoolNoErr("crypt"), Crypt: s.GetBoolNoErr("crypt"),
}, },
ConfigConnAllow: s.GetBoolNoErr("config_conn_allow"), ConfigConnAllow: s.GetBoolNoErr("config_conn_allow"),
RateLimit: s.GetIntNoErr("rate_limit"), RateLimit: s.GetIntNoErr("rate_limit"),
MaxConn: s.GetIntNoErr("max_conn"), MaxConn: s.GetIntNoErr("max_conn"),
WebUserName: s.GetString("web_username"), WebUserName: s.getEscapeString("web_username"),
WebPassword: s.GetString("web_password"), WebPassword: s.getEscapeString("web_password"),
MaxTunnelNum: s.GetIntNoErr("max_tunnel"), MaxTunnelNum: s.GetIntNoErr("max_tunnel"),
Flow: &file.Flow{ Flow: &file.Flow{
ExportFlow: 0, ExportFlow: 0,
@ -102,33 +102,33 @@ func (s *ClientController) Edit() {
if c, err := file.GetDb().GetClient(id); err != nil { if c, err := file.GetDb().GetClient(id); err != nil {
s.error() s.error()
} else { } else {
if s.GetString("web_username") != "" { if s.getEscapeString("web_username") != "" {
if s.GetString("web_username") == beego.AppConfig.String("web_username") || !file.GetDb().VerifyUserName(s.GetString("web_username"), c.Id) { if s.getEscapeString("web_username") == beego.AppConfig.String("web_username") || !file.GetDb().VerifyUserName(s.getEscapeString("web_username"), c.Id) {
s.AjaxErr("web login username duplicate, please reset") s.AjaxErr("web login username duplicate, please reset")
return return
} }
} }
if s.GetSession("isAdmin").(bool) { if s.GetSession("isAdmin").(bool) {
if !file.GetDb().VerifyVkey(s.GetString("vkey"), c.Id) { if !file.GetDb().VerifyVkey(s.getEscapeString("vkey"), c.Id) {
s.AjaxErr("Vkey duplicate, please reset") s.AjaxErr("Vkey duplicate, please reset")
return return
} }
c.VerifyKey = s.GetString("vkey") c.VerifyKey = s.getEscapeString("vkey")
c.Flow.FlowLimit = int64(s.GetIntNoErr("flow_limit")) c.Flow.FlowLimit = int64(s.GetIntNoErr("flow_limit"))
c.RateLimit = s.GetIntNoErr("rate_limit") c.RateLimit = s.GetIntNoErr("rate_limit")
c.MaxConn = s.GetIntNoErr("max_conn") c.MaxConn = s.GetIntNoErr("max_conn")
c.MaxTunnelNum = s.GetIntNoErr("max_tunnel") c.MaxTunnelNum = s.GetIntNoErr("max_tunnel")
} }
c.Remark = s.GetString("remark") c.Remark = s.getEscapeString("remark")
c.Cnf.U = s.GetString("u") c.Cnf.U = s.getEscapeString("u")
c.Cnf.P = s.GetString("p") c.Cnf.P = s.getEscapeString("p")
c.Cnf.Compress = common.GetBoolByStr(s.GetString("compress")) c.Cnf.Compress = common.GetBoolByStr(s.getEscapeString("compress"))
c.Cnf.Crypt = s.GetBoolNoErr("crypt") c.Cnf.Crypt = s.GetBoolNoErr("crypt")
b, err := beego.AppConfig.Bool("allow_user_change_username") b, err := beego.AppConfig.Bool("allow_user_change_username")
if s.GetSession("isAdmin").(bool) || (err == nil && b) { if s.GetSession("isAdmin").(bool) || (err == nil && b) {
c.WebUserName = s.GetString("web_username") c.WebUserName = s.getEscapeString("web_username")
} }
c.WebPassword = s.GetString("web_password") c.WebPassword = s.getEscapeString("web_password")
c.ConfigConnAllow = s.GetBoolNoErr("config_conn_allow") c.ConfigConnAllow = s.GetBoolNoErr("config_conn_allow")
if c.Rate != nil { if c.Rate != nil {
c.Rate.Stop() c.Rate.Stop()

View File

@ -68,7 +68,7 @@ func (s *IndexController) Host() {
func (s *IndexController) All() { func (s *IndexController) All() {
s.Data["menu"] = "client" s.Data["menu"] = "client"
clientId := s.GetString("client_id") clientId := s.getEscapeString("client_id")
s.Data["client_id"] = clientId s.Data["client_id"] = clientId
s.SetInfo("client id:" + clientId) s.SetInfo("client id:" + clientId)
s.display("index/list") s.display("index/list")
@ -76,30 +76,30 @@ func (s *IndexController) All() {
func (s *IndexController) GetTunnel() { func (s *IndexController) GetTunnel() {
start, length := s.GetAjaxParams() start, length := s.GetAjaxParams()
taskType := s.GetString("type") taskType := s.getEscapeString("type")
clientId := s.GetIntNoErr("client_id") clientId := s.GetIntNoErr("client_id")
list, cnt := server.GetTunnel(start, length, taskType, clientId, s.GetString("search")) list, cnt := server.GetTunnel(start, length, taskType, clientId, s.getEscapeString("search"))
s.AjaxTable(list, cnt, cnt) s.AjaxTable(list, cnt, cnt)
} }
func (s *IndexController) Add() { func (s *IndexController) Add() {
if s.Ctx.Request.Method == "GET" { if s.Ctx.Request.Method == "GET" {
s.Data["type"] = s.GetString("type") s.Data["type"] = s.getEscapeString("type")
s.Data["client_id"] = s.GetString("client_id") s.Data["client_id"] = s.getEscapeString("client_id")
s.SetInfo("add tunnel") s.SetInfo("add tunnel")
s.display() s.display()
} else { } else {
t := &file.Tunnel{ t := &file.Tunnel{
Port: s.GetIntNoErr("port"), Port: s.GetIntNoErr("port"),
ServerIp: s.GetString("server_ip"), ServerIp: s.getEscapeString("server_ip"),
Mode: s.GetString("type"), Mode: s.getEscapeString("type"),
Target: &file.Target{TargetStr: s.GetString("target"), LocalProxy: s.GetBoolNoErr("local_proxy")}, Target: &file.Target{TargetStr: s.getEscapeString("target"), LocalProxy: s.GetBoolNoErr("local_proxy")},
Id: int(file.GetDb().JsonDb.GetTaskId()), Id: int(file.GetDb().JsonDb.GetTaskId()),
Status: true, Status: true,
Remark: s.GetString("remark"), Remark: s.getEscapeString("remark"),
Password: s.GetString("password"), Password: s.getEscapeString("password"),
LocalPath: s.GetString("local_path"), LocalPath: s.getEscapeString("local_path"),
StripPre: s.GetString("strip_pre"), StripPre: s.getEscapeString("strip_pre"),
Flow: &file.Flow{}, Flow: &file.Flow{},
} }
if !tool.TestServerPort(t.Port, t.Mode) { if !tool.TestServerPort(t.Port, t.Mode) {
@ -161,14 +161,14 @@ func (s *IndexController) Edit() {
} }
t.Port = s.GetIntNoErr("port") t.Port = s.GetIntNoErr("port")
} }
t.ServerIp = s.GetString("server_ip") t.ServerIp = s.getEscapeString("server_ip")
t.Mode = s.GetString("type") t.Mode = s.getEscapeString("type")
t.Target = &file.Target{TargetStr: s.GetString("target")} t.Target = &file.Target{TargetStr: s.getEscapeString("target")}
t.Password = s.GetString("password") t.Password = s.getEscapeString("password")
t.Id = id t.Id = id
t.LocalPath = s.GetString("local_path") t.LocalPath = s.getEscapeString("local_path")
t.StripPre = s.GetString("strip_pre") t.StripPre = s.getEscapeString("strip_pre")
t.Remark = s.GetString("remark") t.Remark = s.getEscapeString("remark")
t.Target.LocalProxy = s.GetBoolNoErr("local_proxy") t.Target.LocalProxy = s.GetBoolNoErr("local_proxy")
file.GetDb().UpdateTask(t) file.GetDb().UpdateTask(t)
server.StopServer(t.Id) server.StopServer(t.Id)
@ -204,14 +204,14 @@ func (s *IndexController) Start() {
func (s *IndexController) HostList() { func (s *IndexController) HostList() {
if s.Ctx.Request.Method == "GET" { if s.Ctx.Request.Method == "GET" {
s.Data["client_id"] = s.GetString("client_id") s.Data["client_id"] = s.getEscapeString("client_id")
s.Data["menu"] = "host" s.Data["menu"] = "host"
s.SetInfo("host list") s.SetInfo("host list")
s.display("index/hlist") s.display("index/hlist")
} else { } else {
start, length := s.GetAjaxParams() start, length := s.GetAjaxParams()
clientId := s.GetIntNoErr("client_id") clientId := s.GetIntNoErr("client_id")
list, cnt := file.GetDb().GetHost(start, length, clientId, s.GetString("search")) list, cnt := file.GetDb().GetHost(start, length, clientId, s.getEscapeString("search"))
s.AjaxTable(list, cnt, cnt) s.AjaxTable(list, cnt, cnt)
} }
} }
@ -240,23 +240,23 @@ func (s *IndexController) DelHost() {
func (s *IndexController) AddHost() { func (s *IndexController) AddHost() {
if s.Ctx.Request.Method == "GET" { if s.Ctx.Request.Method == "GET" {
s.Data["client_id"] = s.GetString("client_id") s.Data["client_id"] = s.getEscapeString("client_id")
s.Data["menu"] = "host" s.Data["menu"] = "host"
s.SetInfo("add host") s.SetInfo("add host")
s.display("index/hadd") s.display("index/hadd")
} else { } else {
h := &file.Host{ h := &file.Host{
Id: int(file.GetDb().JsonDb.GetHostId()), Id: int(file.GetDb().JsonDb.GetHostId()),
Host: s.GetString("host"), Host: s.getEscapeString("host"),
Target: &file.Target{TargetStr: s.GetString("target"), LocalProxy: s.GetBoolNoErr("local_proxy")}, Target: &file.Target{TargetStr: s.getEscapeString("target"), LocalProxy: s.GetBoolNoErr("local_proxy")},
HeaderChange: s.GetString("header"), HeaderChange: s.getEscapeString("header"),
HostChange: s.GetString("hostchange"), HostChange: s.getEscapeString("hostchange"),
Remark: s.GetString("remark"), Remark: s.getEscapeString("remark"),
Location: s.GetString("location"), Location: s.getEscapeString("location"),
Flow: &file.Flow{}, Flow: &file.Flow{},
Scheme: s.GetString("scheme"), Scheme: s.getEscapeString("scheme"),
KeyFilePath: s.GetString("key_file_path"), KeyFilePath: s.getEscapeString("key_file_path"),
CertFilePath: s.GetString("cert_file_path"), CertFilePath: s.getEscapeString("cert_file_path"),
} }
var err error var err error
if h.Client, err = file.GetDb().GetClient(s.GetIntNoErr("client_id")); err != nil { if h.Client, err = file.GetDb().GetClient(s.GetIntNoErr("client_id")); err != nil {
@ -284,11 +284,11 @@ func (s *IndexController) EditHost() {
if h, err := file.GetDb().GetHostById(id); err != nil { if h, err := file.GetDb().GetHostById(id); err != nil {
s.error() s.error()
} else { } else {
if h.Host != s.GetString("host") { if h.Host != s.getEscapeString("host") {
tmpHost := new(file.Host) tmpHost := new(file.Host)
tmpHost.Host = s.GetString("host") tmpHost.Host = s.getEscapeString("host")
tmpHost.Location = s.GetString("location") tmpHost.Location = s.getEscapeString("location")
tmpHost.Scheme = s.GetString("scheme") tmpHost.Scheme = s.getEscapeString("scheme")
if file.GetDb().IsHostExist(tmpHost) { if file.GetDb().IsHostExist(tmpHost) {
s.AjaxErr("host has exist") s.AjaxErr("host has exist")
return return
@ -299,15 +299,15 @@ func (s *IndexController) EditHost() {
} else { } else {
h.Client = client h.Client = client
} }
h.Host = s.GetString("host") h.Host = s.getEscapeString("host")
h.Target = &file.Target{TargetStr: s.GetString("target")} h.Target = &file.Target{TargetStr: s.getEscapeString("target")}
h.HeaderChange = s.GetString("header") h.HeaderChange = s.getEscapeString("header")
h.HostChange = s.GetString("hostchange") h.HostChange = s.getEscapeString("hostchange")
h.Remark = s.GetString("remark") h.Remark = s.getEscapeString("remark")
h.Location = s.GetString("location") h.Location = s.getEscapeString("location")
h.Scheme = s.GetString("scheme") h.Scheme = s.getEscapeString("scheme")
h.KeyFilePath = s.GetString("key_file_path") h.KeyFilePath = s.getEscapeString("key_file_path")
h.CertFilePath = s.GetString("cert_file_path") h.CertFilePath = s.getEscapeString("cert_file_path")
h.Target.LocalProxy = s.GetBoolNoErr("local_proxy") h.Target.LocalProxy = s.GetBoolNoErr("local_proxy")
file.GetDb().JsonDb.StoreHostToJsonFile() file.GetDb().JsonDb.StoreHostToJsonFile()
} }