Merge pull request #248 from midoks/dev

安全入口功能优化
3 years ago · f0ed396701
parent 10db90764f 902e8a91ee
commit f0ed396701
8 changed files with 79 additions and 55 deletions
--- a/class/core/config_api.py
+++ b/class/core/config_api.py
@ -164,10 +164,12 @@ class config_api:
    def setAdminPathApi(self):
        admin_path = request.form.get('admin_path', '').strip()
-        admin_path_checks = ['/', '/close', '/login', '/do_login', '/site',
+        admin_path_checks = ['/', '/close', '/login',
-                             '/sites', '/download_file', '/control', '/crontab',
+                             '/do_login', '/site', '/sites',
-                             '/firewall', '/files', 'config', '/soft', '/system',
+                             '/download_file', '/control', '/crontab',
-                             '/code', '/ssl', '/plugins']
+                             '/firewall', '/files', 'config',
                             '/soft', '/system', '/code',
                             '/ssl', '/plugins', '/hook']
        if admin_path == '':
            admin_path = '/'
        if admin_path != '/':
@ -176,16 +178,18 @@ class config_api:
            if admin_path in admin_path_checks:
                return mw.returnJson(False, '该入口已被面板占用,请使用其它入口!')
            if not re.match("^/[\w\./-_]+$", admin_path):
-                return mw.returnJson(False, '入口地址格式不正确,示例: /my_panel')
+                return mw.returnJson(False, '入口地址格式不正确,示例: /mw_rand')
-        else:
+        # else:
-            domain = mw.readFile('data/domain.conf')
+        #     domain = mw.readFile('data/bind_domain.pl')
-            if not domain:
+        #     if not domain:
-                domain = ''
+        #         domain = ''
-            limitip = mw.readFile('data/limitip.conf')
+        #     limitip = mw.readFile('data/bind_limitip.pl')
-            if not limitip:
+        #     if not limitip:
-                limitip = ''
+        #         limitip = ''
-            if not domain.strip() and not limitip.strip():
+        #     if not domain.strip() and not limitip.strip():
-                return mw.returnJson(False, '警告，关闭安全入口等于直接暴露你的后台地址在外网，十分危险，至少开启以下一种安全方式才能关闭：<a style="color:red;"><br>1、绑定访问域名<br>2、绑定授权IP</a>')
+        # return mw.returnJson(False,
        # '警告，关闭安全入口等于直接暴露你的后台地址在外网，十分危险，至少开启以下一种安全方式才能关闭：<a
        # style="color:red;"><br>1、绑定访问域名<br>2、绑定授权IP</a>')
        admin_path_file = 'data/admin_path.pl'
        admin_path_old = '/'
--- a/plugins/mysql/index.py
+++ b/plugins/mysql/index.py
@ -406,22 +406,21 @@ def initMysqlPwd():
    serverdir = getServerDir()
    myconf = serverdir + "/etc/my.cnf"
    pwd = mw.getRandomString(16)
-    # cmd_pass = serverdir + '/bin/mysqladmin -uroot password ' + pwd
+
    # cmd_pass = "insert into mysql.user(Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Reload_priv,Shutdown_priv,Process_priv,File_priv,Grant_priv,References_priv,Index_priv,Alter_priv,Show_db_priv,Super_priv,Create_tmp_table_priv,Lock_tables_priv,Execute_priv,Repl_slave_priv,Repl_client_priv,Create_view_priv,Show_view_priv,Create_routine_priv,Alter_routine_priv,Create_user_priv,Event_priv,Trigger_priv,Create_tablespace_priv,User,Password,host)values('Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','root',password('" + pwd + "'),'127.0.0.1')"
    # cmd_pass = cmd_pass + \
    #     "insert into mysql.user(Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Reload_priv,Shutdown_priv,Process_priv,File_priv,Grant_priv,References_priv,Index_priv,Alter_priv,Show_db_priv,Super_priv,Create_tmp_table_priv,Lock_tables_priv,Execute_priv,Repl_slave_priv,Repl_client_priv,Create_view_priv,Show_view_priv,Create_routine_priv,Alter_routine_priv,Create_user_priv,Event_priv,Trigger_priv,Create_tablespace_priv,User,Password,host)values('Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','root',password('" + pwd + "'),'localhost')"
    # cmd_pass = cmd_pass + \
    #     "UPDATE mysql.user SET password=PASSWORD('" + \
    #     pwd + "') WHERE user='root'"
    cmd_pass = serverdir + '/bin/mysql -uroot -e'
-    cmd_pass = cmd_pass + "\"UPDATE mysql.user SET password=PASSWORD('" + \
+    cmd_pass = cmd_pass + \
        '"UPDATE mysql.user SET password=PASSWORD(\'' + \
        pwd + "') WHERE user='root';"
-    cmd_pass = cmd_pass + "flush privileges;\""
+    cmd_pass = cmd_pass + 'flush privileges;"'
    data = mw.execShell(cmd_pass)
    # print(cmd_pass)
    # print(data)
    # 删除空账户
    drop_empty_user = serverdir + '/bin/mysql -uroot -p' + \
        pwd + ' -e "use mysql;delete from user where USER=\'\'"'
    mw.execShell(drop_empty_user)
    # 删除测试数据库
    drop_test_db = serverdir + '/bin/mysql -uroot -p' + \
        pwd + ' -e "drop database test";'
@ -1392,7 +1391,6 @@ def setDbAccess():
 def fixDbAccess(version):
    try:
        pdb = pMysqlDb()
        psdb = pSqliteDb('databases')
        data = pdb.query('show databases')
        isError = isSqlError(data)
        if isError != None:
--- a/plugins/openresty/install.sh
+++ b/plugins/openresty/install.sh
@ -42,6 +42,10 @@ Install_openresty()
 	else
 	    cpuCore="1"
 	fi
 	if [ "$cpuCore" -gt "1" ];then
 		cpuCore=`echo "$cpuCore" | awk '{printf("%.2f",($1)*0.8)}' | awk -F '.' '{print $1}'`
 	fi
 	# ----- cpu end ------
 	mkdir -p ${openrestyDir}
@ -63,6 +67,7 @@ Install_openresty()
 	--with-http_ssl_module  \
 	--with-http_slice_module \
 	--with-http_stub_status_module \
 	--with-http_sub_module \
 	--with-http_realip_module
 	# --without-luajit-gc64
 	# --with-debug
@ -79,6 +84,7 @@ Install_openresty()
 		#初始化 
 		cd ${rootPath} && python3 ${rootPath}/plugins/openresty/index.py start
 		cd ${rootPath} && python3 ${rootPath}/plugins/openresty/index.py initd_install
 		rm -rf $openrestyDir
    fi
 	echo '安装完成' > $install_tmp
 }
--- a/plugins/phpmyadmin/index.py
+++ b/plugins/phpmyadmin/index.py
@ -145,7 +145,7 @@ def initCfg():
    if not os.path.exists(cfg):
        data = {}
        data['port'] = '888'
-        data['choose'] = ''
+        data['choose'] = 'mysql'
        data['path'] = ''
        data['username'] = 'admin'
        data['password'] = 'admin'
--- a/plugins/phpmyadmin/js/phpmyadmin.js
+++ b/plugins/phpmyadmin/js/phpmyadmin.js
@ -107,7 +107,7 @@ function safeConf() {
                    <span class="tname">访问切换</span>\
                    <select id="access_choose" class="bt-input-text mr20" name="choose" style="width:110px">\
                        <option value="mariadb" '+(cfg['choose']=="mariadb"?"selected='selected'":"")+'>MariaDB</option>\
-                        <option value="mysql" '+ (cfg['choose']==""?"selected='selected'":"")+'>MySQL</option>\
+                        <option value="mysql" '+ (cfg['choose']=="mysql"?"selected='selected'":"")+'>MySQL</option>\
                    </select>\
                    <button class="btn btn-success btn-sm" onclick="setPmaChoose()">保存</button>\
                </div>\
--- a/route/static/app/config.js
+++ b/route/static/app/config.js
@ -49,38 +49,50 @@ function debugMode(){
 function modifyAuthPath() {
    var auth_path = $("#admin_path").val();
    btn = "<button type='button' class='btn btn-success btn-sm' onclick=\"bindBTName(1,'b')\">确定</button>";
    layer.open({
        type: 1,
        area: "500px",
        title: "修改安全入口",
        closeBtn: 1,
        shift: 5,
        btn:['提交','关闭'],
        shadeClose: false,
-        content: '<div class="bt-form bt-form pd20 pb70">\
+        content: '<div class="bt-form bt-form pd20">\
                    <div class="line ">\
                        <span class="tname">入口地址</span>\
                        <div class="info-r">\
-                            <input name="auth_path_set" class="bt-input-text mr5" type="text" style="width: 311px" value="'+ auth_path+'">\
+                            <input name="auth_path_set" class="bt-input-text mr5" type="text" style="width: 311px" value="' + auth_path + '">\
-                        </div></div>\
+                        </div>\
-                        <div class="bt-form-submit-btn">\
+                    </div>\
-                            <button type="button" class= "btn btn-sm btn-danger" onclick="layer.closeAll()"> 关闭</button>\
+                </div>',
-                            <button type="button" class="btn btn-sm btn-success" onclick="setAuthPath();">提交</button>\
+        yes:function(index){
-                    </div></div>'
+        	var auth_path = $("input[name='auth_path_set']").val();
-    });
+		    if (auth_path == '/' || auth_path == ''){
-}
+		    	layer.confirm('警告，关闭安全入口等于直接暴露你的后台地址在外网，十分危险, 您真的要这样更改吗？',{title:'安全入口修改',closeBtn:1,icon:13,
-
+		    	cancel:function(){
-function setAuthPath() {
+				}}, function() {
-    var auth_path = $("input[name='auth_path_set']").val();
+					var loadT = layer.msg(lan.config.config_save, { icon: 16, time: 0, shade: [0.3, '#000'] });
-    var loadT = layer.msg(lan.config.config_save, { icon: 16, time: 0, shade: [0.3, '#000'] });
+				    $.post('/config/set_admin_path', { admin_path: auth_path }, function (rdata) {
-    $.post('/config/set_admin_path', { admin_path: auth_path }, function (rdata) {
+				    	showMsg(rdata.msg, function(){
-        layer.close(loadT);
+				    		layer.close(index);
-        if (rdata.status) {
+				    		layer.close(loadT);
-            layer.closeAll();
+				    		$("#admin_path").val(auth_path);
-            $("#admin_path").val(auth_path);
+				    	},{ icon: rdata.status ? 1 : 2 }, 2000);
 					},'json');
 				});
 		    	return;
 		    } else {
 		    	var loadT = layer.msg(lan.config.config_save, { icon: 16, time: 0, shade: [0.3, '#000'] });
 			    $.post('/config/set_admin_path', { admin_path: auth_path }, function (rdata) {
 			    	showMsg(rdata.msg, function(){
 			    		layer.close(index);
 			    		layer.close(loadT);
 			    		$("#admin_path").val(auth_path);
 			    	},{ icon: rdata.status ? 1 : 2 }, 2000);
 			    },'json');
 		    }
        }
-        setTimeout(function () { layer.msg(rdata.msg, { icon: rdata.status ? 1 : 2 }); }, 200);
+    });
    },'json');
 }
 function setPassword(a) {
--- a/scripts/init.d/mw.tpl
+++ b/scripts/init.d/mw.tpl
@ -239,9 +239,9 @@ case "$1" in
            v6=$(python3 $mw_path/tools.py getServerIp 6)
            if [ "$v4" != "" ] && [ "$v6" != "" ]; then
-                address="MW-Panel-Url-Ipv4: http://$v4:$port$auth_path \nMW-Panel-Url-Ipv6: http://[$v6]:$port$auth_path"
+                address="MW-Panel-Url-Ipv4: http://$v4:$port/$auth_path \nMW-Panel-Url-Ipv6: http://[$v6]:$port/$auth_path"
            elif [ "$v4" != "" ]; then
-                address="MW-Panel-Url: http://$v4:$port$auth_path"
+                address="MW-Panel-Url: http://$v4:$port/$auth_path"
            elif [ "$v6" != "" ]; then
                if [ ! -f $mw_path/data/ipv6.pl ];then
@ -250,14 +250,12 @@ case "$1" in
                    mw_start
                    echo 'True' > $mw_path/data/ipv6.pl
                fi
-                
+                address="MW-Panel-Url: http://[$v6]:$port/$auth_path"
                address="MW-Panel-Url: http://[$v6]:$port$auth_path"
            else
-                address="MW-Panel-Url: http://you-network-ip:$port$auth_path"
+                address="MW-Panel-Url: http://you-network-ip:$port/$auth_path"
            fi
        else
-            address="MW-Panel-Url: http://$address:$port$auth_path"
+            address="MW-Panel-Url: http://$address:$port/$auth_path"
        fi
        show_panel_ip="$port|"
--- a/setting.py
+++ b/setting.py
@ -47,6 +47,12 @@ if os.path.exists('data/ipv6.pl'):
 else:
    bind.append('0.0.0.0:%s' % mw_port)
 # 初始安装时,自动生成安全路径
 if not os.path.exists('data/admin_path.pl'):
    admin_path = mw.getRandomString(8)
    mw.writeFile('data/admin_path.pl', admin_path)
 if workers > 2:
    workers = 2