test/Jpom
1
0
Fork 0
mirror of https://gitee.com/dromara/Jpom.git synced 2024-12-02 20:08:40 +08:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

fix 节点白名单配置取消 ssl 证书路径配置

Browse Source
This commit is contained in:
bwcx_jzy 2023-03-22 16:30:30 +08:00
parent 31d990477b
commit b0a941d549
No known key found for this signature in database
GPG Key ID: 5E48E9372088B9E5
9 changed files with 19 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -15,6 +15,7 @@
### ❌ 不兼容功能
1. 【agent】取消 节点管理证书管理取消上传编辑功能(保留查询删除功能)
2. 【agent】取消 节点白名单配置取消 ssl 证书路径配置
------

15
modules/agent/src/main/java/io/jpom/controller/system/WhitelistDirectoryController.java
View File

@ -66,14 +66,14 @@ public class WhitelistDirectoryController extends BaseJpomController {
@PostMapping(value = "whitelistDirectory_submit", produces = MediaType.APPLICATION_JSON_VALUE)
public JsonMessage<String> whitelistDirectorySubmit(String project, String certificate, String nginx, String nginxPath, String allowEditSuffix, String allowRemoteDownloadHost) {
public JsonMessage<String> whitelistDirectorySubmit(String project, String nginx, String nginxPath,
String allowEditSuffix, String allowRemoteDownloadHost) {
List<String> list = AgentWhitelist.parseToList(project, true, "项目路径白名单不能为空");
//
List<String> certificateList = AgentWhitelist.parseToList(certificate, "证书路径白名单不能为空");
List<String> nList = AgentWhitelist.parseToList(nginx, "nginx路径白名单不能为空");
List<String> allowEditSuffixList = AgentWhitelist.parseToList(allowEditSuffix, "允许编辑的文件后缀不能为空");
List<String> allowRemoteDownloadHostList = AgentWhitelist.parseToList(allowRemoteDownloadHost, "允许远程下载的 host 不能配置为空");
return save(list, certificateList, nList, nginxPath, allowEditSuffixList, allowRemoteDownloadHostList);
return save(list, nList, nginxPath, allowEditSuffixList, allowRemoteDownloadHostList);
}
//
// private JsonMessage<String> save(String project, List<String> certificate, List<String> nginx, List<String> allowEditSuffixList) {
@ -83,7 +83,6 @@ public class WhitelistDirectoryController extends BaseJpomController {
private JsonMessage<String> save(List<String> projects,
List<String> certificate,
List<String> nginx,
String nginxPath,
List<String> allowEditSuffixList,
@ -94,14 +93,7 @@ public class WhitelistDirectoryController extends BaseJpomController {
String error = findStartsWith(projectArray, 0);
Assert.isNull(error, "白名单目录中不能存在包含关系:" + error);
}
List<String> certificateArray = null;
if (certificate != null && !certificate.isEmpty()) {
certificateArray = AgentWhitelist.covertToArray(certificate, "证书路径白名单不能位于Jpom目录下");
String error = findStartsWith(certificateArray, 0);
Assert.isNull(error, "证书目录中不能存在包含关系:" + error);
}
List<String> nginxArray = null;
if (nginx != null && !nginx.isEmpty()) {
nginxArray = AgentWhitelist.covertToArray(nginx, "nginx路径白名单不能位于Jpom目录下");
@ -131,7 +123,6 @@ public class WhitelistDirectoryController extends BaseJpomController {
AgentWhitelist agentWhitelist = whitelistDirectoryService.getWhitelist();
agentWhitelist.setNginxPath(nginxPath);
agentWhitelist.setProject(projectArray);
agentWhitelist.setCertificate(certificateArray);
agentWhitelist.setNginx(nginxArray);
agentWhitelist.setAllowEditSuffix(allowEditSuffixList);
agentWhitelist.setAllowRemoteDownloadHost(allowRemoteDownloadHostList == null ? null : CollUtil.newHashSet(allowRemoteDownloadHostList));

17
modules/agent/src/main/java/io/jpom/service/WhitelistDirectoryService.java
View File

@ -77,9 +77,9 @@ public class WhitelistDirectoryService extends BaseDataService {
List<String> project = agentWhitelist.getProject();
project = ObjectUtil.defaultIfNull(project, Collections.emptyList());
project = CollUtil.addAll(project, checkOk)
.stream()
.distinct()
.collect(Collectors.toList());
.stream()
.distinct()
.collect(Collectors.toList());
agentWhitelist.setProject(project);
saveWhitelistDirectory(agentWhitelist);
}
@ -97,17 +97,6 @@ public class WhitelistDirectoryService extends BaseDataService {
return AgentWhitelist.checkPath(list, path);
}
public boolean checkCertificateDirectory(String path) {
AgentWhitelist agentWhitelist = getWhitelist();
List<String> list = agentWhitelist.certificate();
if (list == null) {
return false;
}
return AgentWhitelist.checkPath(list, path);
}
/**
* 保存白名单
*

28
modules/common/src/main/java/io/jpom/model/data/AgentWhitelist.java
View File

@ -58,10 +58,6 @@ public class AgentWhitelist extends BaseJsonModel {
* 项目目录白名单日志文件白名单
*/
private List<String> project;
/**
* ssl 证书文件白名单
*/
private List<String> certificate;
/**
* nginx 配置文件 白名单
*/
@ -100,10 +96,6 @@ public class AgentWhitelist extends BaseJsonModel {
return useConvert(project);
}
public List<String> certificate() {
return useConvert(certificate);
}
/**
* 格式化判断是否与jpom 数据路径冲突
*
@ -115,16 +107,16 @@ public class AgentWhitelist extends BaseJsonModel {
return null;
}
return list.stream()
.map(s -> {
String val = String.format("/%s/", s);
val = FileUtil.normalize(val);
FileUtils.checkSlip(val);
// 判断是否保护jpom 路径
Assert.state(!StrUtil.startWith(ExtConfigBean.getPath(), val), errorMsg);
return val;
})
.distinct()
.collect(Collectors.toList());
.map(s -> {
String val = String.format("/%s/", s);
val = FileUtil.normalize(val);
FileUtils.checkSlip(val);
// 判断是否保护jpom 路径
Assert.state(!StrUtil.startWith(ExtConfigBean.getPath(), val), errorMsg);
return val;
})
.distinct()
.collect(Collectors.toList());
}
/**

20
modules/server/src/main/java/io/jpom/controller/node/system/ssl/CertificateController.java
View File

@ -23,14 +23,12 @@
package io.jpom.controller.node.system.ssl;
import io.jpom.common.BaseServerController;
import io.jpom.common.JsonMessage;
import io.jpom.common.forward.NodeForward;
import io.jpom.common.forward.NodeUrl;
import io.jpom.permission.ClassFeature;
import io.jpom.permission.Feature;
import io.jpom.permission.MethodFeature;
import io.jpom.permission.SystemPermission;
import io.jpom.service.system.WhitelistDirectoryService;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
@ -38,7 +36,6 @@ import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import javax.servlet.http.HttpServletResponse;
import java.util.List;
/**
* 证书管理
@ -51,23 +48,6 @@ import java.util.List;
@SystemPermission
public class CertificateController extends BaseServerController {
private final WhitelistDirectoryService whitelistDirectoryService;
public CertificateController(WhitelistDirectoryService whitelistDirectoryService) {
this.whitelistDirectoryService = whitelistDirectoryService;
}
/**
* @return
* @author Hotstrip
* load Cert white list data
*/
@RequestMapping(value = "white-list", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
@ResponseBody
public JsonMessage<List<String>> loadWhiteList() {
List<String> list = whitelistDirectoryService.getCertificateDirectory(getNode());
return JsonMessage.success("success", list);
}
/**
* 证书列表

8
modules/server/src/main/java/io/jpom/service/system/WhitelistDirectoryService.java
View File

@ -70,13 +70,5 @@ public class WhitelistDirectoryService {
return agentWhitelist.getNginx();
}
public List<String> getCertificateDirectory(NodeModel model) {
AgentWhitelist agentWhitelist = getData(model);
if (agentWhitelist == null) {
return null;
}
return agentWhitelist.getCertificate();
}
}

14
web-vue/src/api/node-nginx.js
View File

@ -140,20 +140,6 @@ export function editNginxServerName(params) {
/***************************** */
/**
* cert 白名单列表
* @param {
* nodeId: 节点 ID
* } params
*/
export function getCertWhiteList(params) {
return axios({
url: "/node/system/certificate/white-list",
method: "post",
data: params,
});
}
/**
* cert 列表
* @param {

20
web-vue/src/pages/node/node-layout/nginx/cert.vue
View File

@ -43,7 +43,7 @@
</div>
</template>
<script>
import { deleteCert, downloadCert, getCertList, getCertWhiteList } from "@/api/node-nginx";
import { deleteCert, downloadCert, getCertList } from "@/api/node-nginx";
import { parseTime } from "@/utils/const";
export default {
@ -100,15 +100,8 @@ export default {
mounted() {
// this.calcTableHeight();
this.loadData();
this.loadCertWhiteList();
},
methods: {
//
// calcTableHeight() {
// this.$nextTick(() => {
// this.tableHeight = window.innerHeight - this.$refs["filter"].clientHeight - 155;
// });
// },
//
loadData() {
this.loading = true;
@ -122,17 +115,6 @@ export default {
this.loading = false;
});
},
// cert
loadCertWhiteList() {
const params = {
nodeId: this.node.id,
};
getCertWhiteList(params).then((res) => {
if (res.code === 200) {
this.whiteList = res.data;
}
});
},
//
handleDelete(record) {

4
web-vue/src/pages/node/node-layout/system/white-list.vue
View File

@ -7,9 +7,7 @@
<a-form-model-item label="项目路径" prop="project">
<a-input v-model="temp.project" type="textarea" :rows="5" style="resize: none" placeholder="请输入项目存放路径白名单,回车支持输入多个路径,系统会自动过滤 ../ 路径、不允许输入根路径" />
</a-form-model-item>
<a-form-model-item label="证书路径" prop="certificate">
<a-input v-model="temp.certificate" type="textarea" :rows="5" style="resize: none" placeholder="请输入证书存放路径白名单,回车支持输入多个路径,系统会自动过滤 ../ 路径、不允许输入根路径" />
</a-form-model-item>
<a-form-model-item label="Nginx 白名单路径" prop="nginx">
<a-input v-model="temp.nginx" type="textarea" :rows="5" style="resize: none" placeholder="请输入 nginx 存放路径白名单,回车支持输入多个路径,系统会自动过滤 ../ 路径、不允许输入根路径" />
</a-form-model-item>