github
/
teleport
mirror of https://github.com/tp4a/teleport
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

增强:系统配置界面增加全局的连接控制设置,并可以设置会话超时时间。界面部分完成,后台尚未实现。

pull/105/head
ApexLiu 2018-04-24 01:29:11 +08:00
parent 29b1f8c234
commit 421b233ef3
4 changed files with 254 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
server/www/teleport/static/js/ops/auz-info.js
View File

@ -20,7 +20,7 @@ $app.on_init = function (cb_stack) {
btn_remove_asset: $('#btn-remove-asset'),
flag_checkboxes: $('#tab-config div.tp-checkbox.tp-editable'),
flag_record_allow_replay: $('#record-allow-replay'),
// flag_record_allow_replay: $('#record-allow-replay'),
flag_rdp_allow_clipboard: $('#rdp-allow-clipboard'),
flag_rdp_allow_disk: $('#rdp-allow-disk'),
flag_rdp_allow_console: $('#rdp-allow-console'),
@ -1950,8 +1950,8 @@ $app.create_dlg_sel_host_group = function () {
$app.init_flags = function() {
console.log($app.options);
if(($app.options.policy_flags.record & TP_FLAG_RECORD_REPLAY) !== 0)
$app.dom.flag_record_allow_replay.addClass('tp-selected');
// if(($app.options.policy_flags.record & TP_FLAG_RECORD_REPLAY) !== 0)
// $app.dom.flag_record_allow_replay.addClass('tp-selected');
if(($app.options.policy_flags.rdp & TP_FLAG_RDP_CLIPBOARD) !== 0)
$app.dom.flag_rdp_allow_clipboard.addClass('tp-selected');
@ -1977,9 +1977,10 @@ $app.on_click_flag = function (e) {
$app.on_save_flags = function () {
var flag_record = 0;
flag_record |= TP_FLAG_RECORD_REPLAY; // now we always need record replay.
flag_record |= TP_FLAG_RECORD_REAL_TIME; // not implement, set this flag for default.
if ($app.dom.flag_record_allow_replay.hasClass('tp-selected'))
flag_record |= TP_FLAG_RECORD_REPLAY;
// if ($app.dom.flag_record_allow_replay.hasClass('tp-selected'))
// flag_record |= TP_FLAG_RECORD_REPLAY;
var flag_rdp = 0;
flag_rdp |= TP_FLAG_RDP_DESKTOP; // before support remote-app, remote-desktop is the only way to access remote host.

135
server/www/teleport/static/js/system/config.js
View File

@ -9,6 +9,9 @@ $app.on_init = function (cb_stack) {
$app.info = $app.create_info_table();
cb_stack.add($app.info.init);
$app.sess = $app.create_config_sess();
cb_stack.add($app.sess.init);
$app.smtp = $app.create_config_smtp();
cb_stack.add($app.smtp.init);
@ -496,6 +499,138 @@ $app.create_config_sec = function () {
return _sec;
};
$app.create_config_sess = function () {
var _sess = {};
_sess.dom = {
btn_save: $('#btn-save-session-config'),
input_noop_timeout: $('#sess-noop-timeout'),
btn_sess_rdp_allow_clipboard: $('#sess-rdp-allow-clipboard'),
btn_sess_rdp_allow_disk: $('#sess-rdp-allow-disk'),
btn_sess_rdp_allow_console: $('#sess-rdp-allow-console'),
btn_sess_ssh_allow_shell: $('#sess-ssh-allow-shell'),
btn_sess_ssh_allow_sftp: $('#sess-ssh-allow-sftp')
};
_sess.init = function (cb_stack) {
_sess.update_dom_session_cfg($app.options.sys_cfg.session);
$('#tab-session').find('.tp-checkbox.tp-editable').click(function () {
if ($(this).hasClass('tp-selected'))
$(this).removeClass('tp-selected');
else
$(this).addClass('tp-selected');
});
_sess.dom.btn_save.click(function () {
_sess.on_btn_save();
});
cb_stack.exec();
};
_sess.update_dom_session_cfg = function (sess) {
_sess.dom.btn_sess_rdp_allow_clipboard.removeClass('tp-selected');
if (sess.rdp_allow_clipboard)
_sess.dom.btn_sess_rdp_allow_clipboard.addClass('tp-selected');
_sess.dom.btn_sess_rdp_allow_disk.removeClass('tp-selected');
if (sess.rdp_allow_disk)
_sess.dom.btn_sess_rdp_allow_disk.addClass('tp-selected');
_sess.dom.btn_sess_rdp_allow_console.removeClass('tp-selected');
if (sess.rdp_allow_console)
_sess.dom.btn_sess_rdp_allow_console.addClass('tp-selected');
_sess.dom.btn_sess_ssh_allow_shell.removeClass('tp-selected');
if (sess.ssh_allow_shell)
_sess.dom.btn_sess_ssh_allow_shell.addClass('tp-selected');
_sess.dom.btn_sess_ssh_allow_sftp.removeClass('tp-selected');
if (sess.ssh_allow_sftp)
_sess.dom.btn_sess_ssh_allow_sftp.addClass('tp-selected');
_sess.dom.input_noop_timeout.val(sess.timeout);
};
_sess.on_btn_save = function () {
var flag_record = 0;
flag_record |= TP_FLAG_RECORD_REPLAY; // now we always need record replay.
flag_record |= TP_FLAG_RECORD_REAL_TIME; // not implement, set this flag for default.
var flag_rdp = 0;
flag_rdp |= TP_FLAG_RDP_DESKTOP; // before support remote-app, remote-desktop is the only way to access remote host.
if(_sess.dom.btn_sess_rdp_allow_clipboard.hasClass('tp-selected'))
flag_rdp |= TP_FLAG_RDP_CLIPBOARD;
if(_sess.dom.btn_sess_rdp_allow_disk.hasClass('tp-selected'))
flag_rdp |= TP_FLAG_RDP_DISK;
if(_sess.dom.btn_sess_rdp_allow_console.hasClass('tp-selected'))
flag_rdp |= TP_FLAG_RDP_CONSOLE;
var flag_ssh = 0;
if(_sess.dom.btn_sess_ssh_allow_shell.hasClass('tp-selected'))
flag_ssh |= TP_FLAG_SSH_SHELL;
if(_sess.dom.btn_sess_ssh_allow_sftp.hasClass('tp-selected'))
flag_ssh |= TP_FLAG_SSH_SFTP;
if (flag_ssh === 0) {
$tp.notify_error('SSH选项都未选择无法进行SSH连接哦');
return;
}
var _noop_timeout = parseInt(_sess.dom.input_noop_timeout.val());
if (_.isNaN(_noop_timeout) || _noop_timeout < 0 || _noop_timeout > 60) {
$tp.notify_error('会话超时设置超出范围!');
_sess.dom.input_noop_timeout.focus();
return;
}
_sess.dom.btn_save.attr('disabled', 'disabled');
$tp.ajax_post_json('/system/save-cfg',
{
session: {
flag_record: flag_record,
flag_rdp: flag_rdp,
flag_ssh: flag_ssh,
noop_timeout: _noop_timeout
}
},
function (ret) {
_sess.dom.btn_save.removeAttr('disabled');
if (ret.code === TPE_OK) {
$tp.notify_success('全局连接控制设置更新成功!');
// // 更新一下界面上显示的配置信息
// $app.options.sys_cfg.password.allow_reset = _password_allow_reset;
// $app.options.sys_cfg.password.force_strong = _password_force_strong;
// $app.options.sys_cfg.password.timeout = _password_timeout;
//
// $app.options.sys_cfg.login.session_timeout = _login_session_timeout;
// $app.options.sys_cfg.login.retry = _login_retry;
// $app.options.sys_cfg.login.lock_timeout = _login_lock_timeout;
// $app.options.sys_cfg.login.auth = _login_auth;
//
// _sec.update_dom_password($app.options.sys_cfg.password);
// _sec.update_dom_login($app.options.sys_cfg.login);
} else {
$tp.notify_error('全局连接控制设置更新失败:' + tp_error_msg(ret.code, ret.message));
}
},
function () {
_sess.dom.btn_save.removeAttr('disabled');
$tp.notify_error('网路故障,全局连接控制设置更新失败!');
}
);
};
return _sess;
};
$app.create_config_storage = function () {
var _sto = {};

22
server/www/teleport/view/ops/auz-info.mako
View File

@ -200,12 +200,12 @@
<div class="tab-pane" id="tab-config">
<table class="table table-config-list">
<tr>
<td class="key">会话选项</td>
<td class="value">
<div id="record-allow-replay" class="tp-checkbox tp-editable">记录会话历史</div>
</td>
</tr>
## <tr>
## <td class="key">会话选项</td>
## <td class="value">
## <div id="record-allow-replay" class="tp-checkbox tp-editable">记录会话历史</div>
## </td>
## </tr>
## <tr>
## <td class="key"></td>
## <td class="value">
@ -213,11 +213,11 @@
## </td>
## </tr>
<tr>
<td colspan="2" class="title">
<hr class="hr-sm"/>
</td>
</tr>
## <tr>
## <td colspan="2" class="title">
## <hr class="hr-sm"/>
## </td>
## </tr>
## <div id="rdp-allow-desktop" class="tp-checkbox tp-editable tp-selected">允许 远程桌面</div>
## <div id="rdp-allow-app" class="tp-checkbox">允许 远程应用</div>

102
server/www/teleport/view/system/config.mako
View File

@ -19,6 +19,7 @@
<ul class="nav nav-tabs">
<li class="active"><a href="#tab-info" data-toggle="tab">基本信息</a></li>
<li><a href="#tab-security" data-toggle="tab">安全</a></li>
<li><a href="#tab-session" data-toggle="tab">连接控制</a></li>
<li><a href="#tab-smtp" data-toggle="tab">邮件系统</a></li>
<li><a href="#tab-storage" data-toggle="tab">存储</a></li>
## <li><a href="#tab-backup" data-toggle="tab">备份</a></li>
@ -141,6 +142,107 @@
</div>
<!-- panel for session connection config -->
<div class="tab-pane" id="tab-session">
<div class="alert alert-warning">
注意:运维授权策略的连接控制选项将继承系统连接控制选项的设定。例如,在本界面设定"不允许SFTP连接"则所有运维授权策略中的SFTP连接均被禁止。又如在本界面设定"允许SFTP连接"但某个运维授权策略中禁止SFTP连接则该运维授权策略中的所有SFTP连接均被禁止。
</div>
<table class="table table-config-list">
## <tr>
## <td colspan="2" class="title">全局会话选项</td>
## </tr>
## <tr>
## <td class="key"></td>
## <td class="value">
## <div id="sess-record-allow-replay" class="tp-checkbox tp-editable">记录会话历史</div>
## </td>
## </tr>
## <tr>
## <td class="key"></td>
## <td class="value">
## <div id="sess-record-allow-real-time" class="tp-checkbox tp-disabled">允许实时监控(开发中)</div>
## </td>
## </tr>
<tr>
<td colspan="2" class="title">
## <hr class="hr-sm"/>
全局RDP选项
</td>
</tr>
## <div id="rdp-allow-desktop" class="tp-checkbox tp-editable tp-selected">允许 远程桌面</div>
## <div id="rdp-allow-app" class="tp-checkbox">允许 远程应用</div>
<tr>
<td class="key"></td>
<td class="value">
<div id="sess-rdp-allow-clipboard" class="tp-checkbox tp-editable">允许剪贴板</div>
</td>
</tr>
<tr>
<td class="key"></td>
<td class="value">
<div id="sess-rdp-allow-disk" class="tp-checkbox tp-editable">允许驱动器映射</div>
</td>
</tr>
<tr>
<td class="key"></td>
<td class="value">
<div id="sess-rdp-allow-console" class="tp-checkbox tp-editable">允许管理员连接Console模式</div>
</td>
</tr>
<tr>
<td colspan="2" class="title">
<hr class="hr-sm"/>
全局SSH选项
</td>
</tr>
## <div id="ssh-allow-x11" class="tp-checkbox">允许X11转发</div>
## <div id="ssh-allow-tunnel" class="tp-checkbox">允许隧道转发</div>
## <div id="ssh-allow-exec" class="tp-checkbox">允许远程执行exec</div>
<tr>
<td class="key"></td>
<td class="value">
<div id="sess-ssh-allow-shell" class="tp-checkbox tp-editable">允许SSH</div>
</td>
</tr>
<tr>
<td class="key"></td>
<td class="value">
<div id="sess-ssh-allow-sftp" class="tp-checkbox tp-editable">允许SFTP</div>
</td>
</tr>
## <tr>
## <td class="key"></td>
## <td class="value">
## <div id="ssh-allow-x11" class="tp-checkbox tp-disabled">允许X11转发开发中</div>
## </td>
## </tr>
<tr>
<td colspan="2" class="title">
<hr class="hr-sm"/>
会话超时设置
</td>
</tr>
<tr>
<td class="key">会话超时</td>
<td class="value">
<input id="sess-noop-timeout" type="text" value="15"/><span class="unit">分钟</span><span class="desc">0~60。指定时间内远程会话没有任何数据包收发时将此会话断开为0则不检查。默认为15分钟。</span>
</td>
</tr>
</table>
<hr/>
<button id="btn-save-session-config" class="btn btn-sm btn-primary"><i class="fa fa-check-circle fa-fw"></i> 保存设置</button>
</div>
<!-- panel for mail config -->
<div class="tab-pane" id="tab-smtp">
<table class="table table-info-list">