管理端全部功能跑通
This commit is contained in:
robin
@@ -1,13 +1,19 @@
|
||||
package sandbox
|
||||
|
||||
import (
|
||||
"net"
|
||||
"crypto/hmac"
|
||||
"crypto/sha256"
|
||||
"encoding/hex"
|
||||
"net/url"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
|
||||
"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/httpdns/policies"
|
||||
"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/index/loginutils"
|
||||
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
|
||||
"github.com/iwind/TeaGo/maps"
|
||||
"github.com/iwind/TeaGo/rands"
|
||||
)
|
||||
|
||||
type TestAction struct {
|
||||
@@ -21,96 +27,125 @@ func (this *TestAction) RunPost(params struct {
|
||||
ClientIp string
|
||||
Qtype string
|
||||
}) {
|
||||
if len(params.ClientIp) == 0 {
|
||||
params.ClientIp = "203.0.113.100"
|
||||
clientIP := strings.TrimSpace(params.ClientIp)
|
||||
if len(clientIP) == 0 {
|
||||
clientIP = strings.TrimSpace(loginutils.RemoteIP(&this.ActionObject))
|
||||
}
|
||||
qtype := strings.ToUpper(strings.TrimSpace(params.Qtype))
|
||||
if len(qtype) == 0 {
|
||||
qtype = "A"
|
||||
}
|
||||
|
||||
clientSubnet := this.maskSubnet(params.ClientIp, 24, 56)
|
||||
if len(clientSubnet) == 0 {
|
||||
clientSubnet = "203.0.113.0/24"
|
||||
resp, err := this.RPC().HTTPDNSSandboxRPC().TestHTTPDNSResolve(this.AdminContext(), &pb.TestHTTPDNSResolveRequest{
|
||||
ClusterId: params.ClusterId,
|
||||
AppId: strings.TrimSpace(params.AppId),
|
||||
Domain: strings.TrimSpace(params.Domain),
|
||||
Qtype: qtype,
|
||||
ClientIP: clientIP,
|
||||
Sid: "",
|
||||
SdkVersion: "",
|
||||
Os: "",
|
||||
})
|
||||
if err != nil {
|
||||
this.ErrorPage(err)
|
||||
return
|
||||
}
|
||||
|
||||
sniPolicy := "empty"
|
||||
publicSNI := ""
|
||||
ecsMode := "off"
|
||||
ecsIPv4Prefix := 24
|
||||
ecsIPv6Prefix := 56
|
||||
pinningMode := "off"
|
||||
sanMode := "off"
|
||||
clusterDomain := ""
|
||||
if params.ClusterId > 0 {
|
||||
clusterResp, findErr := this.RPC().HTTPDNSClusterRPC().FindHTTPDNSCluster(this.AdminContext(), &pb.FindHTTPDNSClusterRequest{
|
||||
ClusterId: params.ClusterId,
|
||||
})
|
||||
if findErr == nil && clusterResp.GetCluster() != nil {
|
||||
clusterDomain = strings.TrimSpace(clusterResp.GetCluster().GetServiceDomain())
|
||||
}
|
||||
}
|
||||
if len(clusterDomain) == 0 {
|
||||
clusterDomain = "httpdns.example.com"
|
||||
}
|
||||
query := url.Values{}
|
||||
query.Set("appId", params.AppId)
|
||||
query.Set("dn", params.Domain)
|
||||
query.Set("cip", params.ClientIp)
|
||||
query.Set("qtype", params.Qtype)
|
||||
clusterServiceDomain := policies.LoadClusterGatewayByID(params.ClusterId)
|
||||
if len(clusterServiceDomain) == 0 {
|
||||
clusterServiceDomain = "gw.httpdns.example.com"
|
||||
query.Set("qtype", qtype)
|
||||
if len(clientIP) > 0 {
|
||||
query.Set("cip", clientIP)
|
||||
}
|
||||
|
||||
signEnabled, signSecret := this.findAppSignConfig(params.AppId)
|
||||
if signEnabled && len(signSecret) > 0 {
|
||||
exp := strconv.FormatInt(time.Now().Unix()+300, 10)
|
||||
nonce := "sandbox-" + rands.HexString(16)
|
||||
sign := buildSandboxResolveSign(signSecret, params.AppId, params.Domain, qtype, exp, nonce)
|
||||
query.Set("exp", exp)
|
||||
query.Set("nonce", nonce)
|
||||
query.Set("sign", sign)
|
||||
}
|
||||
requestURL := "https://" + clusterDomain + "/resolve?" + query.Encode()
|
||||
|
||||
resultCode := 1
|
||||
if strings.EqualFold(resp.GetCode(), "SUCCESS") {
|
||||
resultCode = 0
|
||||
}
|
||||
rows := make([]maps.Map, 0, len(resp.GetRecords()))
|
||||
ips := make([]string, 0, len(resp.GetRecords()))
|
||||
lineName := strings.TrimSpace(resp.GetClientCarrier())
|
||||
if len(lineName) == 0 {
|
||||
lineName = "-"
|
||||
}
|
||||
for _, record := range resp.GetRecords() {
|
||||
ips = append(ips, record.GetIp())
|
||||
if lineName == "-" && len(record.GetLine()) > 0 {
|
||||
lineName = record.GetLine()
|
||||
}
|
||||
rows = append(rows, maps.Map{
|
||||
"domain": resp.GetDomain(),
|
||||
"type": record.GetType(),
|
||||
"ip": record.GetIp(),
|
||||
"ttl": record.GetTtl(),
|
||||
"region": record.GetRegion(),
|
||||
"line": record.GetLine(),
|
||||
})
|
||||
}
|
||||
requestURL := "https://" + clusterServiceDomain + "/resolve?" + query.Encode()
|
||||
|
||||
this.Data["result"] = maps.Map{
|
||||
"code": 0,
|
||||
"message": "ok (mock)",
|
||||
"requestId": "mock-rid-20260221-001",
|
||||
"code": resultCode,
|
||||
"message": resp.GetMessage(),
|
||||
"requestId": resp.GetRequestId(),
|
||||
"data": maps.Map{
|
||||
"request_url": requestURL,
|
||||
"client_ip": params.ClientIp,
|
||||
"client_region": "中国, 上海, 上海",
|
||||
"line_name": "默认线路",
|
||||
"ips": []string{"203.0.113.10", "203.0.113.11"},
|
||||
"records": []maps.Map{
|
||||
{
|
||||
"domain": params.Domain,
|
||||
"type": params.Qtype,
|
||||
"ip": "203.0.113.10",
|
||||
"ttl": 30,
|
||||
"region": "中国-上海-上海",
|
||||
"line": "默认线路",
|
||||
},
|
||||
{
|
||||
"domain": params.Domain,
|
||||
"type": params.Qtype,
|
||||
"ip": "203.0.113.11",
|
||||
"ttl": 30,
|
||||
"region": "中国-上海-上海",
|
||||
"line": "默认线路",
|
||||
},
|
||||
},
|
||||
"ttl": 30,
|
||||
"sni_policy": sniPolicy,
|
||||
"public_sni": publicSNI,
|
||||
"client_subnet": clientSubnet,
|
||||
"ecs_mode": ecsMode,
|
||||
"ecs_ipv4_prefix": ecsIPv4Prefix,
|
||||
"ecs_ipv6_prefix": ecsIPv6Prefix,
|
||||
"pinning_mode": pinningMode,
|
||||
"san_mode": sanMode,
|
||||
"fingerprint_algo": "sha256",
|
||||
"cert_fingerprints": []string{"8f41ab8d32fca7f9a2b0fdd09a0e2ccf31e5579cd3a0b65f1a9f2f2ec8f38d4a"},
|
||||
"verify_headers": maps.Map{
|
||||
"X-Edge-Resolve-AppId": params.AppId,
|
||||
"X-Edge-Resolve-Expire": "1768953600",
|
||||
"X-Edge-Resolve-Nonce": "mock-nonce-123456",
|
||||
"X-Edge-Resolve-Target": params.Domain,
|
||||
"X-Edge-Resolve-Sign": "mock-signature-base64url",
|
||||
},
|
||||
"client_ip": resp.GetClientIP(),
|
||||
"client_region": resp.GetClientRegion(),
|
||||
"line_name": lineName,
|
||||
"ips": ips,
|
||||
"records": rows,
|
||||
"ttl": resp.GetTtl(),
|
||||
},
|
||||
}
|
||||
this.Success()
|
||||
}
|
||||
|
||||
func (this *TestAction) maskSubnet(ip string, ipv4Prefix int, ipv6Prefix int) string {
|
||||
parsed := net.ParseIP(ip)
|
||||
if parsed == nil {
|
||||
return ""
|
||||
func (this *TestAction) findAppSignConfig(appId string) (bool, string) {
|
||||
appId = strings.TrimSpace(appId)
|
||||
if len(appId) == 0 {
|
||||
return false, ""
|
||||
}
|
||||
|
||||
ipv4 := parsed.To4()
|
||||
if ipv4 != nil {
|
||||
mask := net.CIDRMask(ipv4Prefix, 32)
|
||||
return ipv4.Mask(mask).String() + "/" + strconv.Itoa(ipv4Prefix)
|
||||
resp, err := this.RPC().HTTPDNSAppRPC().FindAllHTTPDNSApps(this.AdminContext(), &pb.FindAllHTTPDNSAppsRequest{})
|
||||
if err != nil {
|
||||
return false, ""
|
||||
}
|
||||
|
||||
mask := net.CIDRMask(ipv6Prefix, 128)
|
||||
return parsed.Mask(mask).String() + "/" + strconv.Itoa(ipv6Prefix)
|
||||
for _, app := range resp.GetApps() {
|
||||
if strings.EqualFold(strings.TrimSpace(app.GetAppId()), appId) {
|
||||
return app.GetSignEnabled(), strings.TrimSpace(app.GetSignSecret())
|
||||
}
|
||||
}
|
||||
return false, ""
|
||||
}
|
||||
|
||||
func buildSandboxResolveSign(signSecret string, appID string, domain string, qtype string, exp string, nonce string) string {
|
||||
raw := strings.TrimSpace(appID) + "|" + strings.ToLower(strings.TrimSpace(domain)) + "|" + strings.ToUpper(strings.TrimSpace(qtype)) + "|" + strings.TrimSpace(exp) + "|" + strings.TrimSpace(nonce)
|
||||
mac := hmac.New(sha256.New, []byte(strings.TrimSpace(signSecret)))
|
||||
_, _ = mac.Write([]byte(raw))
|
||||
return hex.EncodeToString(mac.Sum(nil))
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user