From c0b39ffcbfaf0137d740c7e8f7134a98ccbb1499 Mon Sep 17 00:00:00 2001
From: ssongliu <songlius11@163.com>
Date: Thu, 25 Jul 2024 18:13:57 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20=E4=BF=AE=E6=94=B9=E8=B7=AF=E7=94=B1?=
 =?UTF-8?q?=E4=B8=AD=E9=97=B4=E4=BB=B6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 agent/init/migration/migrations/init.go |  6 ++++
 core/constant/errs.go                   |  1 +
 core/i18n/lang/en.yaml                  |  1 +
 core/i18n/lang/zh-Hant.yaml             |  1 +
 core/i18n/lang/zh.yaml                  |  1 +
 core/init/router/router.go              | 15 ++++----
 core/middleware/jwt.go                  |  6 ++++
 core/middleware/password_expired.go     |  7 ++++
 core/middleware/proxy.go                | 46 +++++++++++++------------
 core/middleware/session.go              |  5 +++
 core/router/ro_log.go                   |  2 --
 core/router/ro_setting.go               | 13 ++-----
 frontend/src/api/modules/log.ts         |  4 +--
 13 files changed, 66 insertions(+), 42 deletions(-)

diff --git a/agent/init/migration/migrations/init.go b/agent/init/migration/migrations/init.go
index e1b5db09c..d7b95c332 100644
--- a/agent/init/migration/migrations/init.go
+++ b/agent/init/migration/migrations/init.go
@@ -84,6 +84,12 @@ var InitHost = &gormigrate.Migration{
 var InitSetting = &gormigrate.Migration{
 	ID: "20240722-init-setting",
 	Migrate: func(tx *gorm.DB) error {
+		encryptKey := common.RandStr(16)
+		global.CONF.System.EncryptKey = encryptKey
+		if err := tx.Create(&model.Setting{Key: "EncryptKey", Value: encryptKey}).Error; err != nil {
+			return err
+		}
+
 		if err := tx.Create(&model.Setting{Key: "SystemIP", Value: ""}).Error; err != nil {
 			return err
 		}
diff --git a/core/constant/errs.go b/core/constant/errs.go
index 10bc0b278..4ff96029d 100644
--- a/core/constant/errs.go
+++ b/core/constant/errs.go
@@ -46,4 +46,5 @@ var (
 	ErrTypePasswordExpired = "ErrPasswordExpired"
 	ErrDemoEnvironment     = "ErrDemoEnvironment"
 	ErrEntrance            = "ErrEntrance"
+	ErrProxy               = "ErrProxy"
 )
diff --git a/core/i18n/lang/en.yaml b/core/i18n/lang/en.yaml
index b23679396..b7522d691 100644
--- a/core/i18n/lang/en.yaml
+++ b/core/i18n/lang/en.yaml
@@ -8,6 +8,7 @@ ErrTransform: "Type conversion failure: {{ .detail }}"
 ErrNotLogin: "User is not Login: {{ .detail }}"
 ErrPasswordExpired: "The current password has expired: {{ .detail }}"
 ErrNotSupportType: "The system does not support the current type: {{ .detail }}"
+ErrProxy: "Request error, please check the node status"
 
 #common
 ErrNameIsExist: "Name is already exist"
diff --git a/core/i18n/lang/zh-Hant.yaml b/core/i18n/lang/zh-Hant.yaml
index 7c876b4f1..ece14379d 100644
--- a/core/i18n/lang/zh-Hant.yaml
+++ b/core/i18n/lang/zh-Hant.yaml
@@ -8,6 +8,7 @@ ErrTransform: "類型轉換失敗: {{ .detail }}"
 ErrNotLogin: "用戶未登入: {{ .detail }}"
 ErrPasswordExpired: "當前密碼已過期: {{ .detail }}"
 ErrNotSupportType: "系統暫不支持當前類型: {{ .detail }}"
+ErrProxy: "請求錯誤，請檢查該節點狀態"
 
 #common
 ErrNameIsExist: "名稱已存在"
diff --git a/core/i18n/lang/zh.yaml b/core/i18n/lang/zh.yaml
index 8c25501c8..c9efe0033 100644
--- a/core/i18n/lang/zh.yaml
+++ b/core/i18n/lang/zh.yaml
@@ -8,6 +8,7 @@ ErrTransform: "类型转换失败: {{ .detail }}"
 ErrNotLogin: "用户未登录: {{ .detail }}"
 ErrPasswordExpired: "当前密码已过期: {{ .detail }}"
 ErrNotSupportType: "系统暂不支持当前类型: {{ .detail }}"
+ErrProxy: "请求错误，请检查该节点状态"
 
 #common
 ErrDemoEnvironment: "演示服务器，禁止此操作!"
diff --git a/core/init/router/router.go b/core/init/router/router.go
index a3d948425..58771b955 100644
--- a/core/init/router/router.go
+++ b/core/init/router/router.go
@@ -39,13 +39,7 @@ func setWebStatic(rootRouter *gin.RouterGroup) {
 
 func Routers() *gin.Engine {
 	Router = gin.Default()
-	Router.Use(middleware.OperationLog())
-	if global.CONF.System.IsDemo {
-		Router.Use(middleware.DemoHandle())
-	}
-
 	Router.Use(i18n.UseI18n())
-	Router.Use(middleware.Proxy())
 
 	swaggerRouter := Router.Group("1panel")
 	docs.SwaggerInfo.BasePath = "/api/v1"
@@ -58,6 +52,15 @@ func Routers() *gin.Engine {
 		PublicGroup.Use(gzip.Gzip(gzip.DefaultCompression))
 		setWebStatic(PublicGroup)
 	}
+
+	Router.Use(middleware.OperationLog())
+	if global.CONF.System.IsDemo {
+		Router.Use(middleware.DemoHandle())
+	}
+	Router.Use(middleware.JwtAuth())
+	Router.Use(middleware.SessionAuth())
+	Router.Use(middleware.PasswordExpired())
+	Router.Use(middleware.Proxy())
 	PrivateGroup := Router.Group("/api/v2/core")
 	PrivateGroup.Use(middleware.WhiteAllow())
 	PrivateGroup.Use(middleware.BindDomain())
diff --git a/core/middleware/jwt.go b/core/middleware/jwt.go
index 010aa13d0..d9fad1d64 100644
--- a/core/middleware/jwt.go
+++ b/core/middleware/jwt.go
@@ -1,6 +1,8 @@
 package middleware
 
 import (
+	"strings"
+
 	"github.com/1Panel-dev/1Panel/core/app/api/v1/helper"
 	"github.com/1Panel-dev/1Panel/core/constant"
 	jwtUtils "github.com/1Panel-dev/1Panel/core/utils/jwt"
@@ -10,6 +12,10 @@ import (
 
 func JwtAuth() gin.HandlerFunc {
 	return func(c *gin.Context) {
+		if strings.HasPrefix(c.Request.URL.Path, "/api/v2/core/auth") {
+			c.Next()
+			return
+		}
 		token := c.Request.Header.Get(constant.JWTHeaderName)
 		if token == "" {
 			c.Next()
diff --git a/core/middleware/password_expired.go b/core/middleware/password_expired.go
index a69c10884..84ac28c8b 100644
--- a/core/middleware/password_expired.go
+++ b/core/middleware/password_expired.go
@@ -2,6 +2,7 @@ package middleware
 
 import (
 	"strconv"
+	"strings"
 	"time"
 
 	"github.com/1Panel-dev/1Panel/core/app/api/v1/helper"
@@ -13,6 +14,12 @@ import (
 
 func PasswordExpired() gin.HandlerFunc {
 	return func(c *gin.Context) {
+		if strings.HasPrefix(c.Request.URL.Path, "/api/v2/core/auth") ||
+			c.Request.URL.Path == "/api/v2/core/settings/expired/handle" ||
+			c.Request.URL.Path == "/api/v2/core/settings/search" {
+			c.Next()
+			return
+		}
 		settingRepo := repo.NewISettingRepo()
 		setting, err := settingRepo.Get(settingRepo.WithByKey("ExpirationDays"))
 		if err != nil {
diff --git a/core/middleware/proxy.go b/core/middleware/proxy.go
index 84510ed1a..5cbfaf070 100644
--- a/core/middleware/proxy.go
+++ b/core/middleware/proxy.go
@@ -8,6 +8,8 @@ import (
 	"os"
 	"strings"
 
+	"github.com/1Panel-dev/1Panel/core/app/api/v1/helper"
+	"github.com/1Panel-dev/1Panel/core/constant"
 	"github.com/gin-gonic/gin"
 )
 
@@ -16,28 +18,28 @@ func Proxy() gin.HandlerFunc {
 		if strings.HasPrefix(c.Request.URL.Path, "/api/v2/core") {
 			c.Next()
 			return
-		} else {
-			sockPath := "/tmp/agent.sock"
-			if _, err := os.Stat(sockPath); err != nil {
-				panic(err)
-			}
-			dialUnix := func() (conn net.Conn, err error) {
-				return net.Dial("unix", sockPath)
-			}
-			transport := &http.Transport{
-				DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
-					return dialUnix()
-				},
-			}
-			proxy := &httputil.ReverseProxy{
-				Director: func(req *http.Request) {
-					req.URL.Scheme = "http"
-					req.URL.Host = "unix"
-				},
-				Transport: transport,
-			}
-			proxy.ServeHTTP(c.Writer, c.Request)
-			c.Abort()
 		}
+		sockPath := "/tmp/agent.sock"
+		if _, err := os.Stat(sockPath); err != nil {
+			helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrProxy, err)
+			return
+		}
+		dialUnix := func() (conn net.Conn, err error) {
+			return net.Dial("unix", sockPath)
+		}
+		transport := &http.Transport{
+			DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
+				return dialUnix()
+			},
+		}
+		proxy := &httputil.ReverseProxy{
+			Director: func(req *http.Request) {
+				req.URL.Scheme = "http"
+				req.URL.Host = "unix"
+			},
+			Transport: transport,
+		}
+		proxy.ServeHTTP(c.Writer, c.Request)
+		c.Abort()
 	}
 }
diff --git a/core/middleware/session.go b/core/middleware/session.go
index 469b6d5f3..c2df9d6c1 100644
--- a/core/middleware/session.go
+++ b/core/middleware/session.go
@@ -2,6 +2,7 @@ package middleware
 
 import (
 	"strconv"
+	"strings"
 
 	"github.com/1Panel-dev/1Panel/core/app/api/v1/helper"
 	"github.com/1Panel-dev/1Panel/core/app/repo"
@@ -12,6 +13,10 @@ import (
 
 func SessionAuth() gin.HandlerFunc {
 	return func(c *gin.Context) {
+		if strings.HasPrefix(c.Request.URL.Path, "/api/v2/core/auth") {
+			c.Next()
+			return
+		}
 		if method, exist := c.Get("authMethod"); exist && method == constant.AuthMethodJWT {
 			c.Next()
 			return
diff --git a/core/router/ro_log.go b/core/router/ro_log.go
index f1c7c10fc..f738b0661 100644
--- a/core/router/ro_log.go
+++ b/core/router/ro_log.go
@@ -2,7 +2,6 @@ package router
 
 import (
 	v1 "github.com/1Panel-dev/1Panel/core/app/api/v1"
-	"github.com/1Panel-dev/1Panel/core/middleware"
 
 	"github.com/gin-gonic/gin"
 )
@@ -11,7 +10,6 @@ type LogRouter struct{}
 
 func (s *LogRouter) InitRouter(Router *gin.RouterGroup) {
 	operationRouter := Router.Group("logs")
-	operationRouter.Use(middleware.JwtAuth()).Use(middleware.SessionAuth()).Use(middleware.PasswordExpired())
 	baseApi := v1.ApiGroupApp.BaseApi
 	{
 		operationRouter.POST("/login", baseApi.GetLoginLogs)
diff --git a/core/router/ro_setting.go b/core/router/ro_setting.go
index 05a0efd4a..c785a5755 100644
--- a/core/router/ro_setting.go
+++ b/core/router/ro_setting.go
@@ -2,24 +2,17 @@ package router
 
 import (
 	v1 "github.com/1Panel-dev/1Panel/core/app/api/v1"
-	"github.com/1Panel-dev/1Panel/core/middleware"
 	"github.com/gin-gonic/gin"
 )
 
 type SettingRouter struct{}
 
 func (s *SettingRouter) InitRouter(Router *gin.RouterGroup) {
-	router := Router.Group("settings").
-		Use(middleware.JwtAuth()).
-		Use(middleware.SessionAuth())
-	settingRouter := Router.Group("settings").
-		Use(middleware.JwtAuth()).
-		Use(middleware.SessionAuth()).
-		Use(middleware.PasswordExpired())
+	settingRouter := Router.Group("settings")
 	baseApi := v1.ApiGroupApp.BaseApi
 	{
-		router.POST("/search", baseApi.GetSettingInfo)
-		router.POST("/expired/handle", baseApi.HandlePasswordExpired)
+		settingRouter.POST("/search", baseApi.GetSettingInfo)
+		settingRouter.POST("/expired/handle", baseApi.HandlePasswordExpired)
 		settingRouter.GET("/search/available", baseApi.GetSystemAvailable)
 		settingRouter.POST("/update", baseApi.UpdateSetting)
 		settingRouter.GET("/interface", baseApi.LoadInterfaceAddr)
diff --git a/frontend/src/api/modules/log.ts b/frontend/src/api/modules/log.ts
index 2b2c80b34..590d223d2 100644
--- a/frontend/src/api/modules/log.ts
+++ b/frontend/src/api/modules/log.ts
@@ -3,11 +3,11 @@ import { ResPage } from '../interface';
 import { Log } from '../interface/log';
 
 export const getOperationLogs = (info: Log.SearchOpLog) => {
-    return http.post<ResPage<Log.OperationLog>>(`/logs/operation`, info);
+    return http.post<ResPage<Log.OperationLog>>(`/core/logs/operation`, info);
 };
 
 export const getLoginLogs = (info: Log.SearchLgLog) => {
-    return http.post<ResPage<Log.OperationLog>>(`/logs/login`, info);
+    return http.post<ResPage<Log.OperationLog>>(`/core/logs/login`, info);
 };
 
 export const getSystemFiles = () => {