EdgeAPI/internal/rpc/services/service_node_grant.go

package services

import (
	"context"
	"errors"
	"fmt"
	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
	"github.com/TeaOSLab/EdgeAPI/internal/utils/numberutils"
	"github.com/TeaOSLab/EdgeCommon/pkg/configutils"
	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
	"golang.org/x/crypto/ssh"
	"net"
	"regexp"
	"strings"
	"time"
)

type NodeGrantService struct {
	BaseService
}

// CreateNodeGrant 创建认证
func (this *NodeGrantService) CreateNodeGrant(ctx context.Context, req *pb.CreateNodeGrantRequest) (*pb.CreateNodeGrantResponse, error) {
	adminId, err := this.ValidateAdmin(ctx)
	if err != nil {
		return nil, err
	}

	var tx = this.NullTx()

	grantId, err := models.SharedNodeGrantDAO.CreateGrant(tx, adminId, req.Name, req.Method, req.Username, req.Password, req.PrivateKey, req.Passphrase, req.Description, req.NodeId, req.Su)
	if err != nil {
		return nil, err
	}
	return &pb.CreateNodeGrantResponse{
		NodeGrantId: grantId,
	}, err
}

// UpdateNodeGrant 修改认证
func (this *NodeGrantService) UpdateNodeGrant(ctx context.Context, req *pb.UpdateNodeGrantRequest) (*pb.RPCSuccess, error) {
	_, err := this.ValidateAdmin(ctx)
	if err != nil {
		return nil, err
	}

	if req.NodeGrantId <= 0 {
		return nil, errors.New("wrong grantId")
	}

	var tx = this.NullTx()

	// 从掩码中恢复密码和私钥
	grant, err := models.SharedNodeGrantDAO.FindEnabledNodeGrant(tx, req.NodeGrantId)
	if err != nil {
		return nil, err
	}
	if grant == nil {
		// do nothing here
		return this.Success()
	}

	var maskReg = regexp.MustCompile(`^\*+$`)
	if len(req.Password) > 0 && maskReg.MatchString(req.Password) {
		req.Password = grant.Password
	}

	if len(req.PrivateKey) > 0 && strings.HasSuffix(req.PrivateKey, "********") {
		req.PrivateKey = grant.PrivateKey
	}

	err = models.SharedNodeGrantDAO.UpdateGrant(tx, req.NodeGrantId, req.Name, req.Method, req.Username, req.Password, req.PrivateKey, req.Passphrase, req.Description, req.NodeId, req.Su)
	return this.Success()
}

// DisableNodeGrant 禁用认证
func (this *NodeGrantService) DisableNodeGrant(ctx context.Context, req *pb.DisableNodeGrantRequest) (*pb.DisableNodeGrantResponse, error) {
	_, err := this.ValidateAdmin(ctx)
	if err != nil {
		return nil, err
	}

	var tx = this.NullTx()

	err = models.SharedNodeGrantDAO.DisableNodeGrant(tx, req.NodeGrantId)
	return &pb.DisableNodeGrantResponse{}, err
}

// CountAllEnabledNodeGrants 计算认证的数量
func (this *NodeGrantService) CountAllEnabledNodeGrants(ctx context.Context, req *pb.CountAllEnabledNodeGrantsRequest) (*pb.RPCCountResponse, error) {
	_, err := this.ValidateAdmin(ctx)
	if err != nil {
		return nil, err
	}

	var tx = this.NullTx()

	count, err := models.SharedNodeGrantDAO.CountAllEnabledGrants(tx, req.Keyword)
	if err != nil {
		return nil, err
	}
	return this.SuccessCount(count)
}

// ListEnabledNodeGrants 列出单页认证
func (this *NodeGrantService) ListEnabledNodeGrants(ctx context.Context, req *pb.ListEnabledNodeGrantsRequest) (*pb.ListEnabledNodeGrantsResponse, error) {
	_, err := this.ValidateAdmin(ctx)
	if err != nil {
		return nil, err
	}

	var tx = this.NullTx()

	grants, err := models.SharedNodeGrantDAO.ListEnabledGrants(tx, req.Keyword, req.Offset, req.Size)
	if err != nil {
		return nil, err
	}
	result := []*pb.NodeGrant{}
	for _, grant := range grants {
		result = append(result, &pb.NodeGrant{
			Id:          int64(grant.Id),
			Name:        grant.Name,
			Method:      grant.Method,
			Username:    grant.Username,
			Password:    grant.Password,
			Su:          grant.Su == 1,
			PrivateKey:  grant.PrivateKey,
			Description: grant.Description,
			NodeId:      int64(grant.NodeId),
		})
	}

	return &pb.ListEnabledNodeGrantsResponse{NodeGrants: result}, nil
}

// FindAllEnabledNodeGrants 列出所有认证信息
func (this *NodeGrantService) FindAllEnabledNodeGrants(ctx context.Context, req *pb.FindAllEnabledNodeGrantsRequest) (*pb.FindAllEnabledNodeGrantsResponse, error) {
	_, err := this.ValidateAdmin(ctx)
	if err != nil {
		return nil, err
	}
	grants, err := models.SharedNodeGrantDAO.FindAllEnabledGrants(this.NullTx())
	if err != nil {
		return nil, err
	}
	result := []*pb.NodeGrant{}
	for _, grant := range grants {
		result = append(result, &pb.NodeGrant{
			Id:          int64(grant.Id),
			Name:        grant.Name,
			Method:      grant.Method,
			Username:    grant.Username,
			Password:    grant.Password,
			Su:          grant.Su == 1,
			PrivateKey:  grant.PrivateKey,
			Description: grant.Description,
			NodeId:      int64(grant.NodeId),
		})
	}

	return &pb.FindAllEnabledNodeGrantsResponse{NodeGrants: result}, nil
}

// FindEnabledNodeGrant 获取单个认证信息
func (this *NodeGrantService) FindEnabledNodeGrant(ctx context.Context, req *pb.FindEnabledNodeGrantRequest) (*pb.FindEnabledNodeGrantResponse, error) {
	_, err := this.ValidateAdmin(ctx)
	if err != nil {
		return nil, err
	}

	grant, err := models.SharedNodeGrantDAO.FindEnabledNodeGrant(this.NullTx(), req.NodeGrantId)
	if err != nil {
		return nil, err
	}
	if grant == nil {
		return &pb.FindEnabledNodeGrantResponse{}, nil
	}
	return &pb.FindEnabledNodeGrantResponse{NodeGrant: &pb.NodeGrant{
		Id:          int64(grant.Id),
		Name:        grant.Name,
		Method:      grant.Method,
		Username:    grant.Username,
		Password:    grant.Password,
		Su:          grant.Su == 1,
		PrivateKey:  grant.PrivateKey,
		Passphrase:  grant.Passphrase,
		Description: grant.Description,
		NodeId:      int64(grant.NodeId),
	}}, nil
}

// TestNodeGrant 测试连接
func (this *NodeGrantService) TestNodeGrant(ctx context.Context, req *pb.TestNodeGrantRequest) (*pb.TestNodeGrantResponse, error) {
	_, err := this.ValidateAdmin(ctx)
	if err != nil {
		return nil, err
	}

	var hostKeyCallback ssh.HostKeyCallback = nil

	resp := &pb.TestNodeGrantResponse{
		IsOk:  false,
		Error: "",
	}

	var tx = this.NullTx()
	grant, err := models.SharedNodeGrantDAO.FindEnabledNodeGrant(tx, req.NodeGrantId)
	if err != nil {
		return nil, err
	}
	if grant == nil {
		resp.Error = "can not find grant with id '" + numberutils.FormatInt64(req.NodeGrantId) + "'"
		return resp, nil
	}

	// 检查参数
	if len(req.Host) == 0 {
		resp.Error = "'host' should not be empty"
		return resp, nil
	}
	if req.Port <= 0 {
		resp.Error = "'port' should be greater than 0"
		return resp, nil
	}

	if len(grant.Password) == 0 && len(grant.PrivateKey) == 0 {
		resp.Error = "require user 'password' or 'privateKey'"
		return resp, nil
	}

	// 不使用known_hosts
	if hostKeyCallback == nil {
		hostKeyCallback = func(hostname string, remote net.Addr, key ssh.PublicKey) error {
			return nil
		}
	}

	// 认证
	methods := []ssh.AuthMethod{}
	if grant.Method == "user" {
		{
			authMethod := ssh.Password(grant.Password)
			methods = append(methods, authMethod)
		}

		{
			authMethod := ssh.KeyboardInteractive(func(user, instruction string, questions []string, echos []bool) (answers []string, err error) {
				if len(questions) == 0 {
					return []string{}, nil
				}
				return []string{grant.Password}, nil
			})
			methods = append(methods, authMethod)
		}
	} else if grant.Method == "privateKey" {
		var signer ssh.Signer
		if len(grant.Passphrase) != 0 {
			signer, err = ssh.ParsePrivateKeyWithPassphrase([]byte(grant.PrivateKey), []byte(grant.Passphrase))
		} else {
			signer, err = ssh.ParsePrivateKey([]byte(grant.PrivateKey))
		}
		if err != nil {
			resp.Error = "parse private key: " + err.Error()
			return resp, nil
		}
		authMethod := ssh.PublicKeys(signer)
		methods = append(methods, authMethod)
	} else {
		return nil, errors.New("invalid method '" + grant.Method + "'")
	}

	// SSH客户端
	if len(grant.Username) == 0 {
		grant.Username = "root"
	}
	config := &ssh.ClientConfig{
		User:            grant.Username,
		Auth:            methods,
		HostKeyCallback: hostKeyCallback,
		Timeout:         5 * time.Second, // TODO 后期可以设置这个超时时间
	}

	sshClient, err := ssh.Dial("tcp", configutils.QuoteIP(req.Host)+":"+fmt.Sprintf("%d", req.Port), config)
	if err != nil {
		resp.Error = "connect failed: " + err.Error()
		return resp, nil
	}
	defer func() {
		_ = sshClient.Close()
	}()

	resp.IsOk = true
	return resp, nil
}

// FindSuggestNodeGrants 查找集群推荐的认证
func (this *NodeGrantService) FindSuggestNodeGrants(ctx context.Context, req *pb.FindSuggestNodeGrantsRequest) (*pb.FindSuggestNodeGrantsResponse, error) {
	_, err := this.ValidateAdmin(ctx)
	if err != nil {
		return nil, err
	}

	var pbGrants = []*pb.NodeGrant{}
	var tx = this.NullTx()
	grantIds, err := models.SharedNodeLoginDAO.FindFrequentGrantIds(tx, req.NodeClusterId, req.NsClusterId)
	if err != nil {
		return nil, err
	}
	for _, grantId := range grantIds {
		grant, err := models.SharedNodeGrantDAO.FindEnabledNodeGrant(tx, grantId)
		if err != nil {
			return nil, err
		}
		if grant != nil {
			pbGrants = append(pbGrants, &pb.NodeGrant{
				Id:          int64(grant.Id),
				Name:        grant.Name,
				Method:      grant.Method,
				Username:    grant.Username,
				Su:          grant.Su == 1,
				Description: grant.Description,
			})
		}
	}
	return &pb.FindSuggestNodeGrantsResponse{NodeGrants: pbGrants}, nil
}
阶段性提交 2020-07-29 19:02:28 +08:00			`package services`

			`import (`
			`"context"`
			`"errors"`
增加SSH认证测试相关API 2021-04-18 21:19:34 +08:00			`"fmt"`
阶段性提交 2020-07-29 19:02:28 +08:00			`"github.com/TeaOSLab/EdgeAPI/internal/db/models"`
增加SSH认证测试相关API 2021-04-18 21:19:34 +08:00			`"github.com/TeaOSLab/EdgeAPI/internal/utils/numberutils"`
在各个地方支持IPv6 2021-07-20 10:55:34 +08:00			`"github.com/TeaOSLab/EdgeCommon/pkg/configutils"`
阶段性提交 2020-09-13 20:37:28 +08:00			`"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"`
增加SSH认证测试相关API 2021-04-18 21:19:34 +08:00			`"golang.org/x/crypto/ssh"`
			`"net"`
节点SSH密码和私钥均以掩码方式显示 2024-03-18 10:51:47 +08:00			`"regexp"`
			`"strings"`
增加SSH认证测试相关API 2021-04-18 21:19:34 +08:00			`"time"`
阶段性提交 2020-07-29 19:02:28 +08:00			`)`

			`type NodeGrantService struct {`
实现对ACME用户的增删改 2020-11-24 17:36:47 +08:00			`BaseService`
阶段性提交 2020-07-29 19:02:28 +08:00			`}`

增加SSH认证测试相关API 2021-04-18 21:19:34 +08:00			`// CreateNodeGrant 创建认证`
阶段性提交 2020-07-29 19:02:28 +08:00			`func (this NodeGrantService) CreateNodeGrant(ctx context.Context, req pb.CreateNodeGrantRequest) (*pb.CreateNodeGrantResponse, error) {`
优化代码 2022-07-22 14:35:17 +08:00			`adminId, err := this.ValidateAdmin(ctx)`
阶段性提交 2020-07-29 19:02:28 +08:00			`if err != nil {`
			`return nil, err`
			`}`

优化代码 2022-07-22 15:05:30 +08:00			`var tx = this.NullTx()`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00
SSH认证支持sudo 2021-12-06 19:27:11 +08:00			`grantId, err := models.SharedNodeGrantDAO.CreateGrant(tx, adminId, req.Name, req.Method, req.Username, req.Password, req.PrivateKey, req.Passphrase, req.Description, req.NodeId, req.Su)`
阶段性提交 2020-07-29 19:02:28 +08:00			`if err != nil {`
			`return nil, err`
			`}`
			`return &pb.CreateNodeGrantResponse{`
增加SSH认证测试相关API 2021-04-18 21:19:34 +08:00			`NodeGrantId: grantId,`
阶段性提交 2020-07-29 19:02:28 +08:00			`}, err`
			`}`

增加SSH认证测试相关API 2021-04-18 21:19:34 +08:00			`// UpdateNodeGrant 修改认证`
实现基本的集群DNS列表、设置、简单数据同步 2020-11-13 18:22:22 +08:00			`func (this NodeGrantService) UpdateNodeGrant(ctx context.Context, req pb.UpdateNodeGrantRequest) (*pb.RPCSuccess, error) {`
优化代码 2022-07-22 14:35:17 +08:00			`_, err := this.ValidateAdmin(ctx)`
阶段性提交 2020-07-29 19:02:28 +08:00			`if err != nil {`
			`return nil, err`
			`}`

增加SSH认证测试相关API 2021-04-18 21:19:34 +08:00			`if req.NodeGrantId <= 0 {`
阶段性提交 2020-07-29 19:02:28 +08:00			`return nil, errors.New("wrong grantId")`
			`}`

优化代码 2022-07-22 15:05:30 +08:00			`var tx = this.NullTx()`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00
节点SSH密码和私钥均以掩码方式显示 2024-03-18 10:51:47 +08:00			`// 从掩码中恢复密码和私钥`
			`grant, err := models.SharedNodeGrantDAO.FindEnabledNodeGrant(tx, req.NodeGrantId)`
			`if err != nil {`
			`return nil, err`
			`}`
			`if grant == nil {`
			`// do nothing here`
			`return this.Success()`
			`}`

			var maskReg = regexp.MustCompile(`^\*+$`)
			`if len(req.Password) > 0 && maskReg.MatchString(req.Password) {`
			`req.Password = grant.Password`
			`}`

			`if len(req.PrivateKey) > 0 && strings.HasSuffix(req.PrivateKey, "********") {`
			`req.PrivateKey = grant.PrivateKey`
			`}`

SSH认证支持sudo 2021-12-06 19:27:11 +08:00			`err = models.SharedNodeGrantDAO.UpdateGrant(tx, req.NodeGrantId, req.Name, req.Method, req.Username, req.Password, req.PrivateKey, req.Passphrase, req.Description, req.NodeId, req.Su)`
实现对ACME用户的增删改 2020-11-24 17:36:47 +08:00			`return this.Success()`
阶段性提交 2020-07-29 19:02:28 +08:00			`}`

增加SSH认证测试相关API 2021-04-18 21:19:34 +08:00			`// DisableNodeGrant 禁用认证`
阶段性提交 2020-07-29 19:02:28 +08:00			`func (this NodeGrantService) DisableNodeGrant(ctx context.Context, req pb.DisableNodeGrantRequest) (*pb.DisableNodeGrantResponse, error) {`
优化代码 2022-07-22 14:35:17 +08:00			`_, err := this.ValidateAdmin(ctx)`
阶段性提交 2020-07-29 19:02:28 +08:00			`if err != nil {`
			`return nil, err`
			`}`

优化代码 2022-07-22 15:05:30 +08:00			`var tx = this.NullTx()`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00
增加SSH认证测试相关API 2021-04-18 21:19:34 +08:00			`err = models.SharedNodeGrantDAO.DisableNodeGrant(tx, req.NodeGrantId)`
阶段性提交 2020-07-29 19:02:28 +08:00			`return &pb.DisableNodeGrantResponse{}, err`
			`}`

增加SSH认证测试相关API 2021-04-18 21:19:34 +08:00			`// CountAllEnabledNodeGrants 计算认证的数量`
增加DNS域名管理 2020-11-12 14:41:28 +08:00			`func (this NodeGrantService) CountAllEnabledNodeGrants(ctx context.Context, req pb.CountAllEnabledNodeGrantsRequest) (*pb.RPCCountResponse, error) {`
优化代码 2022-07-22 14:35:17 +08:00			`_, err := this.ValidateAdmin(ctx)`
阶段性提交 2020-07-29 19:02:28 +08:00			`if err != nil {`
			`return nil, err`
			`}`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00
优化代码 2022-07-22 15:05:30 +08:00			`var tx = this.NullTx()`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00
SSH认证列表可以使用关键词搜索，返回内容增加用户名 2021-05-23 21:13:20 +08:00			`count, err := models.SharedNodeGrantDAO.CountAllEnabledGrants(tx, req.Keyword)`
阶段性提交 2020-07-29 19:02:28 +08:00			`if err != nil {`
			`return nil, err`
			`}`
实现对ACME用户的增删改 2020-11-24 17:36:47 +08:00			`return this.SuccessCount(count)`
阶段性提交 2020-07-29 19:02:28 +08:00			`}`

增加SSH认证测试相关API 2021-04-18 21:19:34 +08:00			`// ListEnabledNodeGrants 列出单页认证`
阶段性提交 2020-07-29 19:02:28 +08:00			`func (this NodeGrantService) ListEnabledNodeGrants(ctx context.Context, req pb.ListEnabledNodeGrantsRequest) (*pb.ListEnabledNodeGrantsResponse, error) {`
优化代码 2022-07-22 14:35:17 +08:00			`_, err := this.ValidateAdmin(ctx)`
阶段性提交 2020-07-29 19:02:28 +08:00			`if err != nil {`
			`return nil, err`
			`}`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00
优化代码 2022-07-22 15:05:30 +08:00			`var tx = this.NullTx()`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00
SSH认证列表可以使用关键词搜索，返回内容增加用户名 2021-05-23 21:13:20 +08:00			`grants, err := models.SharedNodeGrantDAO.ListEnabledGrants(tx, req.Keyword, req.Offset, req.Size)`
阶段性提交 2020-07-29 19:02:28 +08:00			`if err != nil {`
			`return nil, err`
			`}`
			`result := []*pb.NodeGrant{}`
			`for _, grant := range grants {`
			`result = append(result, &pb.NodeGrant{`
			`Id: int64(grant.Id),`
			`Name: grant.Name,`
			`Method: grant.Method,`
SSH认证列表可以使用关键词搜索，返回内容增加用户名 2021-05-23 21:13:20 +08:00			`Username: grant.Username,`
阶段性提交 2020-07-29 19:02:28 +08:00			`Password: grant.Password,`
			`Su: grant.Su == 1,`
			`PrivateKey: grant.PrivateKey,`
			`Description: grant.Description,`
			`NodeId: int64(grant.NodeId),`
			`})`
			`}`

增加SSH认证测试相关API 2021-04-18 21:19:34 +08:00			`return &pb.ListEnabledNodeGrantsResponse{NodeGrants: result}, nil`
阶段性提交 2020-07-29 19:02:28 +08:00			`}`
阶段性提交 2020-07-30 22:41:49 +08:00
增加SSH认证测试相关API 2021-04-18 21:19:34 +08:00			`// FindAllEnabledNodeGrants 列出所有认证信息`
阶段性提交 2020-07-30 22:41:49 +08:00			`func (this NodeGrantService) FindAllEnabledNodeGrants(ctx context.Context, req pb.FindAllEnabledNodeGrantsRequest) (*pb.FindAllEnabledNodeGrantsResponse, error) {`
优化代码 2022-07-22 14:35:17 +08:00			`_, err := this.ValidateAdmin(ctx)`
阶段性提交 2020-07-30 22:41:49 +08:00			`if err != nil {`
			`return nil, err`
			`}`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00			`grants, err := models.SharedNodeGrantDAO.FindAllEnabledGrants(this.NullTx())`
阶段性提交 2020-07-30 22:41:49 +08:00			`if err != nil {`
			`return nil, err`
			`}`
			`result := []*pb.NodeGrant{}`
			`for _, grant := range grants {`
			`result = append(result, &pb.NodeGrant{`
			`Id: int64(grant.Id),`
			`Name: grant.Name,`
			`Method: grant.Method,`
SSH认证列表可以使用关键词搜索，返回内容增加用户名 2021-05-23 21:13:20 +08:00			`Username: grant.Username,`
阶段性提交 2020-07-30 22:41:49 +08:00			`Password: grant.Password,`
			`Su: grant.Su == 1,`
			`PrivateKey: grant.PrivateKey,`
			`Description: grant.Description,`
			`NodeId: int64(grant.NodeId),`
			`})`
			`}`

增加SSH认证测试相关API 2021-04-18 21:19:34 +08:00			`return &pb.FindAllEnabledNodeGrantsResponse{NodeGrants: result}, nil`
阶段性提交 2020-07-30 22:41:49 +08:00			`}`

增加SSH认证测试相关API 2021-04-18 21:19:34 +08:00			`// FindEnabledNodeGrant 获取单个认证信息`
			`func (this NodeGrantService) FindEnabledNodeGrant(ctx context.Context, req pb.FindEnabledNodeGrantRequest) (*pb.FindEnabledNodeGrantResponse, error) {`
优化代码 2022-07-22 14:35:17 +08:00			`_, err := this.ValidateAdmin(ctx)`
阶段性提交 2020-07-30 22:41:49 +08:00			`if err != nil {`
			`return nil, err`
			`}`

增加SSH认证测试相关API 2021-04-18 21:19:34 +08:00			`grant, err := models.SharedNodeGrantDAO.FindEnabledNodeGrant(this.NullTx(), req.NodeGrantId)`
阶段性提交 2020-07-30 22:41:49 +08:00			`if err != nil {`
			`return nil, err`
			`}`
			`if grant == nil {`
增加SSH认证测试相关API 2021-04-18 21:19:34 +08:00			`return &pb.FindEnabledNodeGrantResponse{}, nil`
阶段性提交 2020-07-30 22:41:49 +08:00			`}`
增加SSH认证测试相关API 2021-04-18 21:19:34 +08:00			`return &pb.FindEnabledNodeGrantResponse{NodeGrant: &pb.NodeGrant{`
阶段性提交 2020-07-30 22:41:49 +08:00			`Id: int64(grant.Id),`
			`Name: grant.Name,`
			`Method: grant.Method,`
			`Username: grant.Username,`
			`Password: grant.Password,`
			`Su: grant.Su == 1,`
			`PrivateKey: grant.PrivateKey,`
SSH登录支持Passphrase 2021-11-06 15:31:01 +08:00			`Passphrase: grant.Passphrase,`
阶段性提交 2020-07-30 22:41:49 +08:00			`Description: grant.Description,`
			`NodeId: int64(grant.NodeId),`
			`}}, nil`
			`}`
增加SSH认证测试相关API 2021-04-18 21:19:34 +08:00
			`// TestNodeGrant 测试连接`
			`func (this NodeGrantService) TestNodeGrant(ctx context.Context, req pb.TestNodeGrantRequest) (*pb.TestNodeGrantResponse, error) {`
优化代码 2022-07-22 14:35:17 +08:00			`_, err := this.ValidateAdmin(ctx)`
增加SSH认证测试相关API 2021-04-18 21:19:34 +08:00			`if err != nil {`
			`return nil, err`
			`}`

			`var hostKeyCallback ssh.HostKeyCallback = nil`

			`resp := &pb.TestNodeGrantResponse{`
			`IsOk: false,`
			`Error: "",`
			`}`

			`var tx = this.NullTx()`
			`grant, err := models.SharedNodeGrantDAO.FindEnabledNodeGrant(tx, req.NodeGrantId)`
			`if err != nil {`
			`return nil, err`
			`}`
			`if grant == nil {`
			`resp.Error = "can not find grant with id '" + numberutils.FormatInt64(req.NodeGrantId) + "'"`
			`return resp, nil`
			`}`

			`// 检查参数`
			`if len(req.Host) == 0 {`
			`resp.Error = "'host' should not be empty"`
			`return resp, nil`
			`}`
			`if req.Port <= 0 {`
			`resp.Error = "'port' should be greater than 0"`
			`return resp, nil`
			`}`

			`if len(grant.Password) == 0 && len(grant.PrivateKey) == 0 {`
			`resp.Error = "require user 'password' or 'privateKey'"`
			`return resp, nil`
			`}`

			`// 不使用known_hosts`
			`if hostKeyCallback == nil {`
			`hostKeyCallback = func(hostname string, remote net.Addr, key ssh.PublicKey) error {`
			`return nil`
			`}`
			`}`

			`// 认证`
			`methods := []ssh.AuthMethod{}`
SSH认证--私钥认证方式增加用户名选项 2021-06-30 14:56:36 +08:00			`if grant.Method == "user" {`
增加SSH认证测试相关API 2021-04-18 21:19:34 +08:00			`{`
			`authMethod := ssh.Password(grant.Password)`
			`methods = append(methods, authMethod)`
			`}`

			`{`
			`authMethod := ssh.KeyboardInteractive(func(user, instruction string, questions []string, echos []bool) (answers []string, err error) {`
			`if len(questions) == 0 {`
			`return []string{}, nil`
			`}`
			`return []string{grant.Password}, nil`
			`})`
			`methods = append(methods, authMethod)`
			`}`
SSH认证--私钥认证方式增加用户名选项 2021-06-30 14:56:36 +08:00			`} else if grant.Method == "privateKey" {`
SSH登录支持Passphrase 2021-11-06 15:31:01 +08:00			`var signer ssh.Signer`
			`if len(grant.Passphrase) != 0 {`
			`signer, err = ssh.ParsePrivateKeyWithPassphrase([]byte(grant.PrivateKey), []byte(grant.Passphrase))`
			`} else {`
			`signer, err = ssh.ParsePrivateKey([]byte(grant.PrivateKey))`
			`}`
增加SSH认证测试相关API 2021-04-18 21:19:34 +08:00			`if err != nil {`
			`resp.Error = "parse private key: " + err.Error()`
			`return resp, nil`
			`}`
			`authMethod := ssh.PublicKeys(signer)`
			`methods = append(methods, authMethod)`
SSH认证--私钥认证方式增加用户名选项 2021-06-30 14:56:36 +08:00			`} else {`
			`return nil, errors.New("invalid method '" + grant.Method + "'")`
增加SSH认证测试相关API 2021-04-18 21:19:34 +08:00			`}`

			`// SSH客户端`
SSH认证--私钥认证方式增加用户名选项 2021-06-30 14:56:36 +08:00			`if len(grant.Username) == 0 {`
			`grant.Username = "root"`
			`}`
增加SSH认证测试相关API 2021-04-18 21:19:34 +08:00			`config := &ssh.ClientConfig{`
			`User: grant.Username,`
			`Auth: methods,`
			`HostKeyCallback: hostKeyCallback,`
			`Timeout: 5 * time.Second, // TODO 后期可以设置这个超时时间`
			`}`

在各个地方支持IPv6 2021-07-20 10:55:34 +08:00			`sshClient, err := ssh.Dial("tcp", configutils.QuoteIP(req.Host)+":"+fmt.Sprintf("%d", req.Port), config)`
增加SSH认证测试相关API 2021-04-18 21:19:34 +08:00			`if err != nil {`
			`resp.Error = "connect failed: " + err.Error()`
			`return resp, nil`
			`}`
			`defer func() {`
			`_ = sshClient.Close()`
			`}()`

			`resp.IsOk = true`
			`return resp, nil`
			`}`
增加SSH认证建议接口 2021-08-14 21:33:17 +08:00
			`// FindSuggestNodeGrants 查找集群推荐的认证`
			`func (this NodeGrantService) FindSuggestNodeGrants(ctx context.Context, req pb.FindSuggestNodeGrantsRequest) (*pb.FindSuggestNodeGrantsResponse, error) {`
优化代码 2022-07-22 14:35:17 +08:00			`_, err := this.ValidateAdmin(ctx)`
增加SSH认证建议接口 2021-08-14 21:33:17 +08:00			`if err != nil {`
			`return nil, err`
			`}`

			`var pbGrants = []*pb.NodeGrant{}`
			`var tx = this.NullTx()`
			`grantIds, err := models.SharedNodeLoginDAO.FindFrequentGrantIds(tx, req.NodeClusterId, req.NsClusterId)`
			`if err != nil {`
			`return nil, err`
			`}`
			`for _, grantId := range grantIds {`
			`grant, err := models.SharedNodeGrantDAO.FindEnabledNodeGrant(tx, grantId)`
			`if err != nil {`
			`return nil, err`
			`}`
			`if grant != nil {`
			`pbGrants = append(pbGrants, &pb.NodeGrant{`
			`Id: int64(grant.Id),`
			`Name: grant.Name,`
			`Method: grant.Method,`
			`Username: grant.Username,`
			`Su: grant.Su == 1,`
			`Description: grant.Description,`
			`})`
			`}`
			`}`
			`return &pb.FindSuggestNodeGrantsResponse{NodeGrants: pbGrants}, nil`
			`}`