feat: linux支持ssh隧道访问&其他优化

mayfly_go_web/package.json

@@ -13,7 +13,7 @@
     "countup.js": "^2.0.7",
     "cropperjs": "^1.5.11",
     "echarts": "^5.3.3",
-    "element-plus": "^2.2.9",
+    "element-plus": "^2.2.10",
     "jsencrypt": "^3.2.1",
     "jsoneditor": "^9.9.0",
     "lodash": "^4.17.21",

mayfly_go_web/src/theme/element.scss

@@ -947,12 +947,6 @@
 .el-select-dropdown .el-scrollbar__wrap {
 	overflow-x: scroll !important;
 }
-.el-select-dropdown__wrap {
-	max-height: 274px !important; /*修复Select 选择器高度问题*/
-}
-.el-cascader-menu__wrap.el-scrollbar__wrap {
-	height: 204px !important; /*修复Cascader 级联选择器高度问题*/
-}
 
 /* Drawer 抽屉
 ------------------------------- */

mayfly_go_web/src/views/ops/db/DbEdit.vue

@@ -47,28 +47,20 @@
                     <el-input v-model="form.params" placeholder="其他连接参数，形如: key1=value1&key2=value2"></el-input>
                 </el-form-item>
                 <el-form-item prop="database" label="数据库名:" required>
-                    <el-tag
+                    <el-select
-                        v-for="db in databaseList"
+                        @change="changeDatabase"
-                        :key="db"
+                        @focus="getAllDatabase"
-                        class="ml5 mt5"
+                        v-model="databaseList"
-                        type="success"
+                        multiple
-                        effect="plain"
+                        collapse-tags
-                        closable
+                        collapse-tags-tooltip
-                        :disable-transitions="false"
+                        filterable
-                        @close="handleClose(db)"
+                        allow-create
+                        placeholder="请确保数据库实例信息填写完整后选择数据库"
+                        style="width: 100%"
                     >
-                        {{ db }}
+                        <el-option v-for="db in allDatabases" :key="db" :label="db" :value="db" />
-                    </el-tag>
+                    </el-select>
-                    <el-input
-                        v-if="inputDbVisible"
-                        ref="InputDbRef"
-                        v-model="inputDbValue"
-                        style="width: 120px; margin-left: 5px; margin-top: 5px"
-                        size="small"
-                        @keyup.enter="handleInputDbConfirm"
-                        @blur="handleInputDbConfirm"
-                    />
-                    <el-button v-else class="ml5 mt5" size="small" @click="showInputDb"> + 添加数据库 </el-button>
                 </el-form-item>
 
                 <el-form-item prop="enableSshTunnel" label="SSH隧道:">
@@ -101,12 +93,11 @@
 </template>
 
 <script lang="ts">
-import { toRefs, reactive, nextTick, watch, defineComponent, ref } from 'vue';
+import { toRefs, reactive, watch, defineComponent, ref } from 'vue';
 import { dbApi } from './api';
 import { projectApi } from '../project/api.ts';
 import { machineApi } from '../machine/api.ts';
 import { ElMessage } from 'element-plus';
-import type { ElInput } from 'element-plus';
 import { notBlank } from '@/common/assert';
 import { RsaEncrypt } from '@/common/rsa';
 
@@ -128,16 +119,14 @@ export default defineComponent({
     },
     setup(props: any, { emit }) {
         const dbForm: any = ref(null);
-        const InputDbRef = ref<InstanceType<typeof ElInput>>();
 
         const state = reactive({
             dialogVisible: false,
             projects: [],
             envs: [],
+            allDatabases: [] as any,
             databaseList: [] as any,
             sshTunnelMachineList: [],
-            inputDbVisible: false,
-            inputDbValue: '',
             form: {
                 id: null,
                 name: null,
@@ -226,27 +215,6 @@ export default defineComponent({
             getSshTunnelMachines();
         });
 
-        const handleClose = (db: string) => {
-            state.databaseList.splice(state.databaseList.indexOf(db), 1);
-            changeDatabase();
-        };
-
-        const showInputDb = () => {
-            state.inputDbVisible = true;
-            nextTick(() => {
-                InputDbRef.value!.input!.focus();
-            });
-        };
-
-        const handleInputDbConfirm = () => {
-            if (state.inputDbValue) {
-                state.databaseList.push(state.inputDbValue);
-                changeDatabase();
-            }
-            state.inputDbVisible = false;
-            state.inputDbValue = '';
-        };
-
         /**
          * 改变表单中的数据库字段，方便表单错误提示。如全部删光，可提示请添加数据库
          */
@@ -285,6 +253,15 @@ export default defineComponent({
             }
         };
 
+        const getAllDatabase = async () => {
+            if (state.allDatabases.length != 0) {
+                return;
+            }
+            const reqForm = { ...state.form };
+            reqForm.password = await RsaEncrypt(reqForm.password);
+            state.allDatabases = await dbApi.getAllDatabase.request(reqForm);
+        };
+
         const btnOk = async () => {
             if (!state.form.id) {
                 notBlank(state.form.password, '新增操作，密码不可为空');
@@ -293,7 +270,6 @@ export default defineComponent({
                 if (valid) {
                     const reqForm = { ...state.form };
                     reqForm.password = await RsaEncrypt(reqForm.password);
-                    // reqForm.ssh_pass = await RsaEncrypt(reqForm.ssh_pass);
                     dbApi.saveDb.request(reqForm).then(() => {
                         ElMessage.success('保存成功');
                         emit('val-change', state.form);
@@ -312,9 +288,8 @@ export default defineComponent({
         };
 
         const resetInputDb = () => {
-            state.inputDbVisible = false;
             state.databaseList = [];
-            state.inputDbValue = '';
+            state.allDatabases = [];
         };
 
         const cancel = () => {
@@ -328,10 +303,8 @@ export default defineComponent({
         return {
             ...toRefs(state),
             dbForm,
-            InputDbRef,
+            getAllDatabase,
-            handleClose,
+            changeDatabase,
-            showInputDb,
-            handleInputDbConfirm,
             getSshTunnelMachines,
             changeProject,
             changeEnv,

mayfly_go_web/src/views/ops/db/DbList.vue

@@ -502,6 +502,8 @@ export default defineComponent({
                 state.tableInfoDialog.infos = await dbApi.tableInfos.request({ id: row.id, db });
                 state.dbId = row.id;
                 state.db = db;
+            } catch (e) {
+                state.tableInfoDialog.visible = false;
             } finally {
                 state.tableInfoDialog.loading = false;
             }

mayfly_go_web/src/views/ops/db/api.ts

@@ -4,6 +4,7 @@ export const dbApi = {
     // 获取权限列表
     dbs: Api.create("/dbs", 'get'),
     saveDb: Api.create("/dbs", 'post'),
+    getAllDatabase: Api.create("/dbs/databases", 'post'),
     deleteDb: Api.create("/dbs/{id}", 'delete'),
     dumpDb: Api.create("/dbs/{id}/dump", 'post'),
     tableInfos: Api.create("/dbs/{id}/t-infos", 'get'),

mayfly_go_web/src/views/ops/machine/MachineEdit.vue

@@ -1,6 +1,6 @@
 <template>
     <div>
-        <el-dialog :title="title" v-model="dialogVisible" :close-on-click-modal="false" :destroy-on-close="true" :before-close="cancel" width="35%">
+        <el-dialog :title="title" v-model="dialogVisible" :close-on-click-modal="false" :destroy-on-close="true" :before-close="cancel" width="38%">
             <el-form :model="form" ref="machineForm" :rules="rules" label-width="85px">
                 <el-form-item prop="projectId" label="项目:" required>
                     <el-select style="width: 100%" v-model="form.projectId" placeholder="请选择项目" @change="changeProject" filterable>
@@ -43,6 +43,24 @@
                 <el-form-item prop="remark" label="备注:">
                     <el-input type="textarea" v-model="form.remark"></el-input>
                 </el-form-item>
+
+                <el-form-item prop="enableSshTunnel" label="SSH隧道:">
+                    <el-col :span="3">
+                        <el-checkbox @change="getSshTunnelMachines" v-model="form.enableSshTunnel" :true-label="1" :false-label="-1"></el-checkbox>
+                    </el-col>
+                    <el-col :span="2" v-if="form.enableSshTunnel == 1"> 机器: </el-col>
+                    <el-col :span="19" v-if="form.enableSshTunnel == 1">
+                        <el-select style="width: 100%" v-model="form.sshTunnelMachineId" placeholder="请选择SSH隧道机器">
+                            <el-option
+                                v-for="item in sshTunnelMachineList"
+                                :key="item.id"
+                                :label="`${item.ip}:${item.port} [${item.name}]`"
+                                :value="item.id"
+                            >
+                            </el-option>
+                        </el-select>
+                    </el-col>
+                </el-form-item>
             </el-form>
 
             <template #footer>
@@ -83,6 +101,7 @@ export default defineComponent({
         const state = reactive({
             dialogVisible: false,
             projects: [],
+            sshTunnelMachineList: [],
             form: {
                 id: null,
                 projectId: null,
@@ -93,6 +112,8 @@ export default defineComponent({
                 username: '',
                 password: '',
                 remark: '',
+                enableSshTunnel: null,
+                sshTunnelMachineId: null,
             },
             btnLoading: false,
             rules: {
@@ -152,8 +173,20 @@ export default defineComponent({
             } else {
                 state.form = { port: 22, authMethod: 1 } as any;
             }
+            getSshTunnelMachines();
         });
 
+        const getSshTunnelMachines = async () => {
+            if (state.form.enableSshTunnel == 1 && state.sshTunnelMachineList.length == 0) {
+                const res = await machineApi.list.request({ pageNum: 1, pageSize: 100 });
+                state.sshTunnelMachineList = res.list;
+            }
+        };
+
+        const getSshTunnelMachine = (machineId: any) => {
+            return state.sshTunnelMachineList.find((x: any) => x.id == machineId);
+        };
+
         const changeProject = (projectId: number) => {
             for (let p of state.projects as any) {
                 if (p.id == projectId) {
@@ -168,7 +201,15 @@ export default defineComponent({
             }
             machineForm.value.validate(async (valid: boolean) => {
                 if (valid) {
-                    const reqForm = { ...state.form };
+                    const form: any = state.form;
+                    if (form.enableSshTunnel == 1) {
+                        const tunnelMachine: any = getSshTunnelMachine(form.sshTunnelMachineId);
+                        if (tunnelMachine.ip == form.ip && tunnelMachine.port == form.port) {
+                            ElMessage.error('隧道机器不能与本机器一致');
+                            return;
+                        }
+                    }
+                    const reqForm: any = { ...form };
                     if (reqForm.authMethod == 1) {
                         reqForm.password = await RsaEncrypt(state.form.password);
                     }
@@ -196,6 +237,7 @@ export default defineComponent({
         return {
             ...toRefs(state),
             machineForm,
+            getSshTunnelMachines,
             changeProject,
             btnOk,
             cancel,

mayfly_go_web/src/views/ops/mongo/MongoDataOp.vue

@@ -120,7 +120,7 @@
             </template>
         </el-dialog>
 
-        <el-dialog width="800px" title="json编辑器" v-model="jsoneditorDialog.visible" @close="onCloseJsonEditDialog" :close-on-click-modal="false">
+        <el-dialog width="70%" title="json编辑器" v-model="jsoneditorDialog.visible" @close="onCloseJsonEditDialog" :close-on-click-modal="false">
             <json-edit v-model="jsoneditorDialog.doc" />
         </el-dialog>
 

server/internal/constant/constant.go

@@ -0,0 +1,16 @@
+package constant
+
+import "time"
+
+const (
+	MachineConnExpireTime = 60 * time.Minute
+	DbConnExpireTime      = 45 * time.Minute
+	RedisConnExpireTime   = 30 * time.Minute
+	MongoConnExpireTime   = 30 * time.Minute
+
+/****  开发测试使用   ****/
+// MachineConnExpireTime = 20 * time.Second
+// DbConnExpireTime      = 20 * time.Second
+// RedisConnExpireTime   = 20 * time.Second
+// MongoConnExpireTime   = 20 * time.Second
+)

server/internal/devops/api/db.go

@@ -55,21 +55,32 @@ func (d *Db) Save(rc *ctx.ReqCtx) {
 
 	// 密码脱敏记录日志
 	form.Password = "****"
-
-	// if form.Type == "mysql" && form.EnableSSH == 1 {
-	// 	// originSSHPwd, err := utils.DefaultRsaDecrypt(form.SSHPass, true)
-	// 	biz.ErrIsNilAppendErr(err, "解密密码错误: %s")
-	// 	// db.SSHPass = originSSHPwd
-	// 	// 密码脱敏记录日志
-	// 	form.SSHPass = "****"
-	// }
-
 	rc.ReqParam = form
 
 	db.SetBaseInfo(rc.LoginAccount)
 	d.DbApp.Save(db)
 }
 
+// 获取数据库实例的所有数据库名
+func (d *Db) GetDatabaseNames(rc *ctx.ReqCtx) {
+	form := &form.DbForm{}
+	ginx.BindJsonAndValid(rc.GinCtx, form)
+
+	db := new(entity.Db)
+	utils.Copy(db, form)
+
+	// 密码解密，并使用解密后的赋值
+	originPwd, err := utils.DefaultRsaDecrypt(form.Password, true)
+	biz.ErrIsNilAppendErr(err, "解密密码错误: %s")
+	db.Password = originPwd
+
+	// 如果id不为空，并且密码为空则从数据库查询
+	if form.Id != 0 && db.Password == "" {
+		db = d.DbApp.GetById(form.Id)
+	}
+	rc.ResData = d.DbApp.GetDatabases(db)
+}
+
 func (d *Db) DeleteDb(rc *ctx.ReqCtx) {
 	dbId := GetDbId(rc.GinCtx)
 	d.DbApp.Delete(dbId)

server/internal/devops/api/form/db.go

@@ -9,7 +9,7 @@ type DbForm struct {
 	Username  string `binding:"required" json:"username"`
 	Password  string `json:"password"`
 	Params    string `json:"params"`
-	Database  string `binding:"required" json:"database"`
+	Database  string `json:"database"`
 	ProjectId uint64 `binding:"required" json:"projectId"`
 	Project   string `json:"project"`
 	Env       string `json:"env"`

server/internal/devops/api/form/machine.go

@@ -1,16 +1,18 @@
 package form
 
 type MachineForm struct {
-	Id          uint64 `json:"id"`
+	Id                 uint64 `json:"id"`
-	ProjectId   uint64 `json:"projectId"`
+	ProjectId          uint64 `json:"projectId"`
-	ProjectName string `json:"projectName"`
+	ProjectName        string `json:"projectName"`
-	Name        string `json:"name" binding:"required"`
+	Name               string `json:"name" binding:"required"`
-	Ip          string `json:"ip" binding:"required"`       // IP地址
+	Ip                 string `json:"ip" binding:"required"`       // IP地址
-	Username    string `json:"username" binding:"required"` // 用户名
+	Username           string `json:"username" binding:"required"` // 用户名
-	AuthMethod  int8   `json:"authMethod" binding:"required"`
+	AuthMethod         int8   `json:"authMethod" binding:"required"`
-	Password    string `json:"password"`
+	Password           string `json:"password"`
-	Port        int    `json:"port" binding:"required"` // 端口号
+	Port               int    `json:"port" binding:"required"` // 端口号
-	Remark      string `json:"remark"`
+	Remark             string `json:"remark"`
+	EnableSshTunnel    int8   `json:"enableSshTunnel"`    // 是否启用ssh隧道
+	SshTunnelMachineId uint64 `json:"sshTunnelMachineId"` // ssh隧道机器id
 }
 
 type MachineRunForm struct {

server/internal/devops/api/vo/redis.go

@@ -10,8 +10,8 @@ type Redis struct {
 	ProjectId          *int64     `json:"projectId"`
 	Project            *string    `json:"project"`
 	Mode               *string    `json:"mode"`
-	EnableSshTunnel    *int8      `orm:"column(enable_ssh_tunnel)" json:"enableSshTunnel"`        // 是否启用ssh隧道
+	EnableSshTunnel    *int8      `json:"enableSshTunnel"`    // 是否启用ssh隧道
-	SshTunnelMachineId *uint64    `orm:"column(ssh_tunnel_machine_id)" json:"sshTunnelMachineId"` // ssh隧道机器id
+	SshTunnelMachineId *uint64    `json:"sshTunnelMachineId"` // ssh隧道机器id
 	Remark             *string    `json:"remark"`
 	Env                *string    `json:"env"`
 	EnvId              *int64     `json:"envId"`

server/internal/devops/api/vo/vo.go

@@ -15,23 +15,25 @@ type AccountVO struct {
 
 type MachineVO struct {
 	//models.BaseModel
-	Id          *uint64    `json:"id"`
+	Id                 *uint64    `json:"id"`
-	ProjectId   uint64     `json:"projectId"`
+	ProjectId          uint64     `json:"projectId"`
-	ProjectName string     `json:"projectName"`
+	ProjectName        string     `json:"projectName"`
-	Name        *string    `json:"name"`
+	Name               *string    `json:"name"`
-	Username    *string    `json:"username"`
+	Username           *string    `json:"username"`
-	Ip          *string    `json:"ip"`
+	Ip                 *string    `json:"ip"`
-	Port        *int       `json:"port"`
+	Port               *int       `json:"port"`
-	AuthMethod  *int8      `json:"authMethod"`
+	AuthMethod         *int8      `json:"authMethod"`
-	Status      *int8      `json:"status"`
+	Status             *int8      `json:"status"`
-	CreateTime  *time.Time `json:"createTime"`
+	EnableSshTunnel    *int8      `json:"enableSshTunnel"`    // 是否启用ssh隧道
-	Creator     *string    `json:"creator"`
+	SshTunnelMachineId *uint64    `json:"sshTunnelMachineId"` // ssh隧道机器id
-	CreatorId   *int64     `json:"creatorId"`
+	CreateTime         *time.Time `json:"createTime"`
-	UpdateTime  *time.Time `json:"updateTime"`
+	Creator            *string    `json:"creator"`
-	Modifier    *string    `json:"modifier"`
+	CreatorId          *int64     `json:"creatorId"`
-	ModifierId  *int64     `json:"modifierId"`
+	UpdateTime         *time.Time `json:"updateTime"`
-	HasCli      bool       `json:"hasCli" gorm:"-"`
+	Modifier           *string    `json:"modifier"`
-	Remark      *string    `json:"remark"`
+	ModifierId         *int64     `json:"modifierId"`
+	HasCli             bool       `json:"hasCli" gorm:"-"`
+	Remark             *string    `json:"remark"`
 }
 
 type MachineScriptVO struct {

server/internal/devops/application/db_app.go

@@ -5,6 +5,7 @@ import (
 	"database/sql"
 	"errors"
 	"fmt"
+	"mayfly-go/internal/constant"
 	"mayfly-go/internal/devops/domain/entity"
 	"mayfly-go/internal/devops/domain/repository"
 	"mayfly-go/internal/devops/infrastructure/machine"
@@ -23,7 +24,6 @@ import (
 
 	"github.com/go-sql-driver/mysql"
 	"github.com/lib/pq"
-	"golang.org/x/crypto/ssh"
 )
 
 type Db interface {
@@ -47,6 +47,9 @@ type Db interface {
 	// @param id 数据库实例id
 	// @param db 数据库
 	GetDbInstance(id uint64, db string) *DbInstance
+
+	// 获取数据库实例的所有数据库列表
+	GetDatabases(entity *entity.Db) []string
 }
 
 type dbAppImpl struct {
@@ -141,11 +144,34 @@ func (d *dbAppImpl) Delete(id uint64) {
 	d.dbSqlRepo.DeleteBy(&entity.DbSql{DbId: id})
 }
 
+func (d *dbAppImpl) GetDatabases(ed *entity.Db) []string {
+	databases := make([]string, 0)
+	var dbConn *sql.DB
+	var metaDb string
+	var getDatabasesSql string
+	if ed.Type == entity.DbTypeMysql {
+		metaDb = "information_schema"
+		getDatabasesSql = "SELECT SCHEMA_NAME AS dbname FROM SCHEMATA"
+	} else {
+		metaDb = "postgres"
+		getDatabasesSql = "SELECT datname AS dbname FROM pg_database"
+	}
+
+	dbConn, err := GetDbConn(ed, metaDb)
+	biz.ErrIsNilAppendErr(err, "数据库连接失败: %s")
+	defer dbConn.Close()
+
+	_, res, err := SelectDataByDb(dbConn, getDatabasesSql)
+	biz.ErrIsNilAppendErr(err, "获取数据库列表失败")
+	for _, re := range res {
+		databases = append(databases, re["dbname"].(string))
+	}
+	return databases
+}
+
 var mutex sync.Mutex
 
 func (da *dbAppImpl) GetDbInstance(id uint64, db string) *DbInstance {
-	mutex.Lock()
-	defer mutex.Unlock()
 	// Id不为0，则为需要缓存
 	needCache := id != 0
 	if needCache {
@@ -154,43 +180,17 @@ func (da *dbAppImpl) GetDbInstance(id uint64, db string) *DbInstance {
 			return load.(*DbInstance)
 		}
 	}
+	biz.IsTrue(mutex.TryLock(), "有数据库实例在连接中...请稍后重试")
+	defer mutex.Unlock()
 
 	d := da.GetById(id)
 	biz.NotNil(d, "数据库信息不存在")
 	biz.IsTrue(strings.Contains(d.Database, db), "未配置该库的操作权限")
 
 	cacheKey := GetDbCacheKey(id, db)
-	dbi := &DbInstance{Id: cacheKey, Type: d.Type, ProjectId: d.ProjectId}
+	dbi := &DbInstance{Id: cacheKey, Type: d.Type, ProjectId: d.ProjectId, sshTunnelMachineId: d.SshTunnelMachineId}
 
-	//SSH Conect
+	DB, err := GetDbConn(d, db)
-	if d.EnableSshTunnel == 1 && d.SshTunnelMachineId != 0 {
-		me := MachineApp.GetById(d.SshTunnelMachineId)
-		biz.NotNil(me, "隧道机器信息不存在")
-		sshClient, err := machine.GetSshClient(me)
-		biz.ErrIsNilAppendErr(err, "ssh隧道连接失败: %s")
-		dbi.sshTunnel = sshClient
-
-		if d.Type == entity.DbTypeMysql {
-			mysql.RegisterDialContext(d.Network, func(ctx context.Context, addr string) (net.Conn, error) {
-				return sshClient.Dial("tcp", addr)
-			})
-		} else if d.Type == entity.DbTypePostgres {
-			_, err := pq.DialOpen(&PqSqlDialer{sshTunnel: sshClient}, getDsn(d))
-			if err != nil {
-				dbi.Close()
-				panic(biz.NewBizErr(fmt.Sprintf("postgres隧道连接失败: %s", err.Error())))
-			}
-		}
-	}
-
-	// 将数据库替换为要访问的数据库，原本数据库为空格拼接的所有库
-	d.Database = db
-	DB, err := sql.Open(d.Type, getDsn(d))
-	if err != nil {
-		dbi.Close()
-		panic(biz.NewBizErr(fmt.Sprintf("Open %s failed, err:%v\n", d.Type, err)))
-	}
-	err = DB.Ping()
 	if err != nil {
 		dbi.Close()
 		global.Log.Errorf("连接db失败: %s:%d/%s", d.Host, d.Port, db)
@@ -212,32 +212,29 @@ func (da *dbAppImpl) GetDbInstance(id uint64, db string) *DbInstance {
 	return dbi
 }
 
-type PqSqlDialer struct {
-	sshTunnel *ssh.Client
-}
-
-func (pd *PqSqlDialer) Dial(network, address string) (net.Conn, error) {
-	if sshConn, err := pd.sshTunnel.Dial(network, address); err == nil {
-		// 将ssh conn包装，否则redis内部设置超时会报错,ssh conn不支持设置超时会返回错误: ssh: tcpChan: deadline not supported
-		return &utils.WrapSshConn{Conn: sshConn}, nil
-	} else {
-		return nil, err
-	}
-}
-func (pd *PqSqlDialer) DialTimeout(network, address string, timeout time.Duration) (net.Conn, error) {
-	return pd.Dial(network, address)
-}
-
 //------------------------------------------------------------------------------
 
-// 客户端连接缓存，30分钟内没有访问则会被关闭, key为数据库实例id:数据库
+// 客户端连接缓存，指定时间内没有访问则会被关闭, key为数据库实例id:数据库
-var dbCache = cache.NewTimedCache(30*time.Minute, 5*time.Second).
+var dbCache = cache.NewTimedCache(constant.DbConnExpireTime, 5*time.Second).
 	WithUpdateAccessTime(true).
 	OnEvicted(func(key interface{}, value interface{}) {
 		global.Log.Info(fmt.Sprintf("删除db连接缓存 id = %s", key))
 		value.(*DbInstance).Close()
 	})
 
+func init() {
+	machine.AddCheckSshTunnelMachineUseFunc(func(machineId uint64) bool {
+		// 遍历所有db连接实例，若存在redis实例使用该ssh隧道机器，则返回true，表示还在使用中...
+		items := dbCache.Items()
+		for _, v := range items {
+			if v.Value.(*DbInstance).sshTunnelMachineId == machineId {
+				return true
+			}
+		}
+		return false
+	})
+}
+
 func GetDbCacheKey(dbId uint64, db string) string {
 	return fmt.Sprintf("%d:%s", dbId, db)
 }
@@ -250,55 +247,45 @@ func GetDbInstanceByCache(id string) *DbInstance {
 }
 
 func TestConnection(d *entity.Db) {
-	//SSH Conect
+	// 验证第一个库是否可以连接即可
+	DB, err := GetDbConn(d, strings.Split(d.Database, " ")[0])
+	biz.ErrIsNilAppendErr(err, "数据库连接失败: %s")
+	defer DB.Close()
+}
+
+// 获取数据库连接
+func GetDbConn(d *entity.Db, db string) (*sql.DB, error) {
+	// SSH Conect
 	if d.EnableSshTunnel == 1 && d.SshTunnelMachineId != 0 {
-		me := MachineApp.GetById(d.SshTunnelMachineId)
+		sshTunnelMachine := MachineApp.GetSshTunnelMachine(d.SshTunnelMachineId)
-		sshClient, err := machine.GetSshClient(me)
+		defer machine.CloseSshTunnelMachine(d.SshTunnelMachineId, 0)
-		biz.ErrIsNilAppendErr(err, "ssh隧道连接失败: %s")
-		defer sshClient.Close()
 		if d.Type == entity.DbTypeMysql {
 			mysql.RegisterDialContext(d.Network, func(ctx context.Context, addr string) (net.Conn, error) {
-				return sshClient.Dial("tcp", addr)
+				return MachineApp.GetSshTunnelMachine(d.SshTunnelMachineId).GetDialConn("tcp", addr)
 			})
 		} else if d.Type == entity.DbTypePostgres {
-			_, err := pq.DialOpen(&PqSqlDialer{sshTunnel: sshClient}, getDsn(d))
+			_, err := pq.DialOpen(&PqSqlDialer{sshTunnelMachine: sshTunnelMachine}, getDsn(d, db))
 			if err != nil {
 				panic(biz.NewBizErr(fmt.Sprintf("postgres隧道连接失败: %s", err.Error())))
 			}
 		}
 	}
 
-	// 验证第一个库是否可以连接即可
+	DB, err := sql.Open(d.Type, getDsn(d, db))
-	d.Database = strings.Split(d.Database, " ")[0]
+	if err != nil {
-	DB, err := sql.Open(d.Type, getDsn(d))
+		return nil, err
-	biz.ErrIsNil(err, "Open %s failed, err:%v\n", d.Type, err)
+	}
-	defer DB.Close()
+	err = DB.Ping()
-	perr := DB.Ping()
+	if err != nil {
-	biz.ErrIsNilAppendErr(perr, "数据库连接失败: %s")
+		DB.Close()
-}
+		return nil, err
-
-// db实例
-type DbInstance struct {
-	Id        string
-	Type      string
-	ProjectId uint64
-	db        *sql.DB
-	sshTunnel *ssh.Client
-}
-
-// 执行查询语句
-// 依次返回 列名数组，结果map，错误
-func (d *DbInstance) SelectData(execSql string) ([]string, []map[string]interface{}, error) {
-	execSql = strings.Trim(execSql, " ")
-	isSelect := strings.HasPrefix(execSql, "SELECT") || strings.HasPrefix(execSql, "select")
-	isShow := strings.HasPrefix(execSql, "show")
-	isExplain := strings.HasPrefix(execSql, "explain")
-
-	if !isSelect && !isShow && !isExplain {
-		return nil, nil, errors.New("该sql非查询语句")
 	}
 
-	rows, err := d.db.Query(execSql)
+	return DB, nil
+}
+
+func SelectDataByDb(db *sql.DB, selectSql string) ([]string, []map[string]interface{}, error) {
+	rows, err := db.Query(selectSql)
 	if err != nil {
 		return nil, nil, err
 	}
@@ -383,6 +370,45 @@ func (d *DbInstance) SelectData(execSql string) ([]string, []map[string]interfac
 	return colNames, result, nil
 }
 
+type PqSqlDialer struct {
+	sshTunnelMachine *machine.SshTunnelMachine
+}
+
+func (pd *PqSqlDialer) Dial(network, address string) (net.Conn, error) {
+	if sshConn, err := pd.sshTunnelMachine.GetDialConn("tcp", address); err == nil {
+		// 将ssh conn包装，否则redis内部设置超时会报错,ssh conn不支持设置超时会返回错误: ssh: tcpChan: deadline not supported
+		return &utils.WrapSshConn{Conn: sshConn}, nil
+	} else {
+		return nil, err
+	}
+}
+func (pd *PqSqlDialer) DialTimeout(network, address string, timeout time.Duration) (net.Conn, error) {
+	return pd.Dial(network, address)
+}
+
+// db实例
+type DbInstance struct {
+	Id                 string
+	Type               string
+	ProjectId          uint64
+	db                 *sql.DB
+	sshTunnelMachineId uint64
+}
+
+// 执行查询语句
+// 依次返回 列名数组，结果map，错误
+func (d *DbInstance) SelectData(execSql string) ([]string, []map[string]interface{}, error) {
+	execSql = strings.Trim(execSql, " ")
+	isSelect := strings.HasPrefix(execSql, "SELECT") || strings.HasPrefix(execSql, "select")
+	isShow := strings.HasPrefix(execSql, "show")
+	isExplain := strings.HasPrefix(execSql, "explain")
+
+	if !isSelect && !isShow && !isExplain {
+		return nil, nil, errors.New("该sql非查询语句")
+	}
+	return SelectDataByDb(d.db, execSql)
+}
+
 // 执行 update, insert, delete，建表等sql
 // 返回影响条数和错误
 func (d *DbInstance) Exec(sql string) (int64, error) {
@@ -399,19 +425,15 @@ func (d *DbInstance) Close() {
 		if err := d.db.Close(); err != nil {
 			global.Log.Errorf("关闭数据库实例[%s]连接失败: %s", d.Id, err.Error())
 		}
-	}
+		d.db = nil
-	if d.sshTunnel != nil {
-		if err := d.sshTunnel.Close(); err != nil {
-			global.Log.Errorf("关闭数据库实例[%s]的ssh隧道失败: %s", d.Id, err.Error())
-		}
 	}
 }
 
 // 获取dataSourceName
-func getDsn(d *entity.Db) string {
+func getDsn(d *entity.Db, db string) string {
 	var dsn string
 	if d.Type == entity.DbTypeMysql {
-		dsn = fmt.Sprintf("%s:%s@%s(%s:%d)/%s?timeout=8s", d.Username, d.Password, d.Network, d.Host, d.Port, d.Database)
+		dsn = fmt.Sprintf("%s:%s@%s(%s:%d)/%s?timeout=8s", d.Username, d.Password, d.Network, d.Host, d.Port, db)
 		if d.Params != "" {
 			dsn = fmt.Sprintf("%s&%s", dsn, d.Params)
 		}
@@ -419,7 +441,7 @@ func getDsn(d *entity.Db) string {
 	}
 
 	if d.Type == entity.DbTypePostgres {
-		dsn = fmt.Sprintf("host=%s port=%d user=%s password=%s dbname=%s sslmode=disable", d.Host, d.Port, d.Username, d.Password, d.Database)
+		dsn = fmt.Sprintf("host=%s port=%d user=%s password=%s dbname=%s sslmode=disable", d.Host, d.Port, d.Username, d.Password, db)
 		if d.Params != "" {
 			dsn = fmt.Sprintf("%s %s", dsn, strings.Join(strings.Split(d.Params, "&"), " "))
 		}

server/internal/devops/application/machine_app.go

@@ -32,6 +32,9 @@ type Machine interface {
 
 	// 获取机器连接
 	GetCli(id uint64) *machine.Cli
+
+	// 获取ssh隧道机器连接
+	GetSshTunnelMachine(id uint64) *machine.SshTunnelMachine
 }
 
 type machineAppImpl struct {
@@ -53,7 +56,7 @@ func (m *machineAppImpl) Count(condition *entity.Machine) int64 {
 func (m *machineAppImpl) Save(me *entity.Machine) {
 	// ’修改机器信息且密码不为空‘ or ‘新增’需要测试是否可连接
 	if (me.Id != 0 && me.Password != "") || me.Id == 0 {
-		biz.ErrIsNilAppendErr(machine.TestConn(me), "该机器无法连接: %s")
+		biz.ErrIsNilAppendErr(machine.TestConn(*me, func(u uint64) *entity.Machine { return m.GetById(u) }), "该机器无法连接: %s")
 	}
 
 	oldMachine := &entity.Machine{Ip: me.Ip, Port: me.Port, Username: me.Username}
@@ -126,3 +129,13 @@ func (m *machineAppImpl) GetCli(id uint64) *machine.Cli {
 	biz.ErrIsNilAppendErr(err, "获取客户端错误: %s")
 	return cli
 }
+
+func (m *machineAppImpl) GetSshTunnelMachine(id uint64) *machine.SshTunnelMachine {
+	sshTunnel, err := machine.GetSshTunnelMachine(id, func(machineId uint64) *entity.Machine {
+		machine := m.GetById(machineId)
+		biz.IsTrue(machine.Status == entity.MachineStatusEnable, "该机器已被停用")
+		return machine
+	})
+	biz.ErrIsNilAppendErr(err, "获取ssh隧道连接失败: %s")
+	return sshTunnel
+}

server/internal/devops/application/mongo_app.go

@@ -2,6 +2,7 @@ package application
 
 import (
 	"context"
+	"mayfly-go/internal/constant"
 	"mayfly-go/internal/devops/domain/entity"
 	"mayfly-go/internal/devops/domain/repository"
 	"mayfly-go/internal/devops/infrastructure/machine"
@@ -16,7 +17,6 @@ import (
 
 	"go.mongodb.org/mongo-driver/mongo"
 	"go.mongodb.org/mongo-driver/mongo/options"
-	"golang.org/x/crypto/ssh"
 )
 
 type Mongo interface {
@@ -95,14 +95,27 @@ func (d *mongoAppImpl) GetMongoCli(id uint64) *mongo.Client {
 
 // -----------------------------------------------------------
 
-//mongo客户端连接缓存，30分钟内没有访问则会被关闭
+//mongo客户端连接缓存，指定时间内没有访问则会被关闭
-var mongoCliCache = cache.NewTimedCache(30*time.Minute, 5*time.Second).
+var mongoCliCache = cache.NewTimedCache(constant.MongoConnExpireTime, 5*time.Second).
 	WithUpdateAccessTime(true).
 	OnEvicted(func(key interface{}, value interface{}) {
 		global.Log.Info("删除mongo连接缓存: id = ", key)
 		value.(*MongoInstance).Close()
 	})
 
+func init() {
+	machine.AddCheckSshTunnelMachineUseFunc(func(machineId uint64) bool {
+		// 遍历所有mongo连接实例，若存在redis实例使用该ssh隧道机器，则返回true，表示还在使用中...
+		items := mongoCliCache.Items()
+		for _, v := range items {
+			if v.Value.(*MongoInstance).sshTunnelMachineId == machineId {
+				return true
+			}
+		}
+		return false
+	})
+}
+
 // 获取mongo的连接实例
 func GetMongoInstance(mongoId uint64, getMongoEntity func(uint64) *entity.Mongo) (*MongoInstance, error) {
 	mi, err := mongoCliCache.ComputeIfAbsent(mongoId, func(_ interface{}) (interface{}, error) {
@@ -124,10 +137,10 @@ func DeleteMongoCache(mongoId uint64) {
 }
 
 type MongoInstance struct {
-	Id        uint64
+	Id                 uint64
-	ProjectId uint64
+	ProjectId          uint64
-	Cli       *mongo.Client
+	Cli                *mongo.Client
-	sshTunnel *ssh.Client
+	sshTunnelMachineId uint64
 }
 
 func (mi *MongoInstance) Close() {
@@ -135,11 +148,7 @@ func (mi *MongoInstance) Close() {
 		if err := mi.Cli.Disconnect(context.Background()); err != nil {
 			global.Log.Errorf("关闭mongo实例[%d]连接失败: %s", mi.Id, err)
 		}
-	}
+		mi.Cli = nil
-	if mi.sshTunnel != nil {
-		if err := mi.sshTunnel.Close(); err != nil {
-			global.Log.Errorf("关闭mongo实例[%d]的ssh隧道失败: %s", mi.Id, err.Error())
-		}
 	}
 }
 
@@ -154,19 +163,17 @@ func connect(me *entity.Mongo) (*MongoInstance, error) {
 		SetMaxPoolSize(1)
 	// 启用ssh隧道则连接隧道机器
 	if me.EnableSshTunnel == 1 {
-		machineEntity := MachineApp.GetById(4)
+		mongoInstance.sshTunnelMachineId = me.SshTunnelMachineId
-		sshClient, err := machine.GetSshClient(machineEntity)
+		mongoOptions.SetDialer(&MongoSshDialer{machineId: me.SshTunnelMachineId})
-		biz.ErrIsNilAppendErr(err, "ssh隧道连接失败: %s")
-		mongoInstance.sshTunnel = sshClient
-
-		mongoOptions.SetDialer(&MongoSshDialer{sshTunnel: sshClient})
 	}
 
 	client, err := mongo.Connect(ctx, mongoOptions)
 	if err != nil {
+		mongoInstance.Close()
 		return nil, err
 	}
 	if err = client.Ping(context.TODO(), nil); err != nil {
+		mongoInstance.Close()
 		return nil, err
 	}
 
@@ -176,11 +183,11 @@ func connect(me *entity.Mongo) (*MongoInstance, error) {
 }
 
 type MongoSshDialer struct {
-	sshTunnel *ssh.Client
+	machineId uint64
 }
 
 func (sd *MongoSshDialer) DialContext(ctx context.Context, network, address string) (net.Conn, error) {
-	if sshConn, err := sd.sshTunnel.Dial(network, address); err == nil {
+	if sshConn, err := MachineApp.GetSshTunnelMachine(sd.machineId).GetDialConn(network, address); err == nil {
 		// 将ssh conn包装，否则内部部设置超时会报错,ssh conn不支持设置超时会返回错误: ssh: tcpChan: deadline not supported
 		return &utils.WrapSshConn{Conn: sshConn}, nil
 	} else {

server/internal/devops/application/redis_app.go

@@ -3,6 +3,7 @@ package application
 import (
 	"context"
 	"fmt"
+	"mayfly-go/internal/constant"
 	"mayfly-go/internal/devops/domain/entity"
 	"mayfly-go/internal/devops/domain/repository"
 	"mayfly-go/internal/devops/infrastructure/machine"
@@ -17,7 +18,6 @@ import (
 	"time"
 
 	"github.com/go-redis/redis/v8"
-	"golang.org/x/crypto/ssh"
 )
 
 type Redis interface {
@@ -151,9 +151,8 @@ func getRedisCient(re *entity.Redis) *RedisInstance {
 		WriteTimeout: -1,
 	}
 	if re.EnableSshTunnel == 1 {
-		sshClient, dialerFunc := getRedisDialer(re.SshTunnelMachineId)
+		ri.sshTunnelMachineId = re.SshTunnelMachineId
-		ri.sshTunnel = sshClient
+		redisOptions.Dialer = getRedisDialer(re.SshTunnelMachineId)
-		redisOptions.Dialer = dialerFunc
 	}
 	ri.Cli = redis.NewClient(redisOptions)
 	return ri
@@ -168,21 +167,17 @@ func getRedisClusterClient(re *entity.Redis) *RedisInstance {
 		DialTimeout: 8 * time.Second,
 	}
 	if re.EnableSshTunnel == 1 {
-		sshClient, dialerFunc := getRedisDialer(re.SshTunnelMachineId)
+		ri.sshTunnelMachineId = re.SshTunnelMachineId
-		ri.sshTunnel = sshClient
+		redisClusterOptions.Dialer = getRedisDialer(re.SshTunnelMachineId)
-		redisClusterOptions.Dialer = dialerFunc
 	}
 	ri.ClusterCli = redis.NewClusterClient(redisClusterOptions)
 	return ri
 }
 
-func getRedisDialer(machineId uint64) (*ssh.Client, func(ctx context.Context, network, addr string) (net.Conn, error)) {
+func getRedisDialer(machineId uint64) func(ctx context.Context, network, addr string) (net.Conn, error) {
-	me := MachineApp.GetById(machineId)
+	sshTunnel := MachineApp.GetSshTunnelMachine(machineId)
-	sshClient, err := machine.GetSshClient(me)
+	return func(_ context.Context, network, addr string) (net.Conn, error) {
-	biz.ErrIsNilAppendErr(err, "ssh隧道连接失败: %s")
+		if sshConn, err := sshTunnel.GetDialConn(network, addr); err == nil {
-
-	return sshClient, func(_ context.Context, network, addr string) (net.Conn, error) {
-		if sshConn, err := sshClient.Dial(network, addr); err == nil {
 			// 将ssh conn包装，否则redis内部设置超时会报错,ssh conn不支持设置超时会返回错误: ssh: tcpChan: deadline not supported
 			return &utils.WrapSshConn{Conn: sshConn}, nil
 		} else {
@@ -193,8 +188,8 @@ func getRedisDialer(machineId uint64) (*ssh.Client, func(ctx context.Context, ne
 
 //------------------------------------------------------------------------------
 
-// redis客户端连接缓存，30分钟内没有访问则会被关闭
+// redis客户端连接缓存，指定时间内没有访问则会被关闭
-var redisCache = cache.NewTimedCache(30*time.Minute, 5*time.Second).
+var redisCache = cache.NewTimedCache(constant.RedisConnExpireTime, 5*time.Second).
 	WithUpdateAccessTime(true).
 	OnEvicted(func(key interface{}, value interface{}) {
 		global.Log.Info(fmt.Sprintf("删除redis连接缓存 id = %d", key))
@@ -206,6 +201,19 @@ func CloseRedis(id uint64) {
 	redisCache.Delete(id)
 }
 
+func init() {
+	machine.AddCheckSshTunnelMachineUseFunc(func(machineId uint64) bool {
+		// 遍历所有redis连接实例，若存在redis实例使用该ssh隧道机器，则返回true，表示还在使用中...
+		items := redisCache.Items()
+		for _, v := range items {
+			if v.Value.(*RedisInstance).sshTunnelMachineId == machineId {
+				return true
+			}
+		}
+		return false
+	})
+}
+
 func TestRedisConnection(re *entity.Redis) {
 	var cmd redis.Cmdable
 	if re.Mode == "" || re.Mode == entity.RedisModeStandalone {
@@ -225,12 +233,12 @@ func TestRedisConnection(re *entity.Redis) {
 
 // redis实例
 type RedisInstance struct {
-	Id         uint64
+	Id                 uint64
-	ProjectId  uint64
+	ProjectId          uint64
-	Mode       string
+	Mode               string
-	Cli        *redis.Client
+	Cli                *redis.Client
-	ClusterCli *redis.ClusterClient
+	ClusterCli         *redis.ClusterClient
-	sshTunnel  *ssh.Client
+	sshTunnelMachineId uint64
 }
 
 // 获取命令执行接口的具体实现
@@ -256,15 +264,12 @@ func (r *RedisInstance) Close() {
 		if err := r.Cli.Close(); err != nil {
 			global.Log.Errorf("关闭redis单机实例[%d]连接失败: %s", r.Id, err.Error())
 		}
+		r.Cli = nil
 	}
 	if r.Mode == entity.RedisModeCluster {
 		if err := r.ClusterCli.Close(); err != nil {
 			global.Log.Errorf("关闭redis集群实例[%d]连接失败: %s", r.Id, err.Error())
 		}
-	}
+		r.ClusterCli = nil
-	if r.sshTunnel != nil {
-		if err := r.sshTunnel.Close(); err != nil {
-			global.Log.Errorf("关闭redis实例[%d]的ssh隧道失败: %s", r.Id, err.Error())
-		}
 	}
 }

server/internal/devops/domain/entity/machine.go

@@ -6,16 +6,18 @@ import (
 
 type Machine struct {
 	model.Model
-	ProjectId   uint64 `json:"projectId"`
+	ProjectId          uint64 `json:"projectId"`
-	ProjectName string `json:"projectName"`
+	ProjectName        string `json:"projectName"`
-	Name        string `json:"name"`
+	Name               string `json:"name"`
-	Ip          string `json:"ip"`         // IP地址
+	Ip                 string `json:"ip"`         // IP地址
-	Username    string `json:"username"`   // 用户名
+	Username           string `json:"username"`   // 用户名
-	AuthMethod  int8   `json:"authMethod"` // 授权认证方式
+	AuthMethod         int8   `json:"authMethod"` // 授权认证方式
-	Password    string `json:"-"`
+	Password           string `json:"-"`
-	Port        int    `json:"port"`   // 端口号
+	Port               int    `json:"port"`               // 端口号
-	Status      int8   `json:"status"` // 状态 1:启用；2:停用
+	Status             int8   `json:"status"`             // 状态 1:启用；2:停用
-	Remark      string `json:"remark"` // 备注
+	Remark             string `json:"remark"`             // 备注
+	EnableSshTunnel    int8   `json:"enableSshTunnel"`    // 是否启用ssh隧道
+	SshTunnelMachineId uint64 `json:"sshTunnelMachineId"` // ssh隧道机器id
 }
 
 const (

server/internal/devops/infrastructure/machine/machine.go

@@ -3,6 +3,7 @@ package machine
 import (
 	"errors"
 	"fmt"
+	"mayfly-go/internal/constant"
 	"mayfly-go/internal/devops/domain/entity"
 	"mayfly-go/pkg/biz"
 	"mayfly-go/pkg/cache"
@@ -18,10 +19,12 @@ import (
 // 客户端信息
 type Cli struct {
 	machine *entity.Machine
-	// ssh客户端
-	client *ssh.Client
 
-	sftpClient *sftp.Client
+	client     *ssh.Client  // ssh客户端
+	sftpClient *sftp.Client // sftp客户端
+
+	enableSshTunnel    int8
+	sshTunnelMachineId uint64
 }
 
 //连接
@@ -39,7 +42,7 @@ func (c *Cli) connect() error {
 	return nil
 }
 
-// 关闭client和并从缓存中移除
+// 关闭client并从缓存中移除，如果使用隧道则也关闭
 func (c *Cli) Close() {
 	m := c.machine
 	global.Log.Info(fmt.Sprintf("关闭机器客户端连接-> id: %d, name: %s, ip: %s", m.Id, m.Name, m.Ip))
@@ -51,6 +54,9 @@ func (c *Cli) Close() {
 		c.sftpClient.Close()
 		c.sftpClient = nil
 	}
+	if c.enableSshTunnel == 1 {
+		CloseSshTunnelMachine(c.sshTunnelMachineId, c.machine.Id)
+	}
 }
 
 // 获取sftp client
@@ -105,13 +111,26 @@ func (c *Cli) GetMachine() *entity.Machine {
 	return c.machine
 }
 
-// 机器客户端连接缓存，45分钟内没有访问则会被关闭
+// 机器客户端连接缓存，指定时间内没有访问则会被关闭
-var cliCache = cache.NewTimedCache(45*time.Minute, 5*time.Second).
+var cliCache = cache.NewTimedCache(constant.MachineConnExpireTime, 5*time.Second).
 	WithUpdateAccessTime(true).
 	OnEvicted(func(_, value interface{}) {
 		value.(*Cli).Close()
 	})
 
+func init() {
+	AddCheckSshTunnelMachineUseFunc(func(machineId uint64) bool {
+		// 遍历所有机器连接实例，若存在机器连接实例使用该ssh隧道机器，则返回true，表示还在使用中...
+		items := cliCache.Items()
+		for _, v := range items {
+			if v.Value.(*Cli).sshTunnelMachineId == machineId {
+				return true
+			}
+		}
+		return false
+	})
+}
+
 // 是否存在指定id的客户端连接
 func HasCli(machineId uint64) bool {
 	if _, ok := cliCache.Get(machineId); ok {
@@ -128,10 +147,18 @@ func DeleteCli(id uint64) {
 // 从缓存中获取客户端信息，不存在则回调获取机器信息函数，并新建
 func GetCli(machineId uint64, getMachine func(uint64) *entity.Machine) (*Cli, error) {
 	cli, err := cliCache.ComputeIfAbsent(machineId, func(_ interface{}) (interface{}, error) {
-		c, err := newClient(getMachine(machineId))
+		me := getMachine(machineId)
+		err := IfUseSshTunnelChangeIpPort(me, getMachine)
 		if err != nil {
+			return nil, fmt.Errorf("ssh隧道连接失败: %s", err.Error())
+		}
+		c, err := newClient(me)
+		if err != nil {
+			CloseSshTunnelMachine(me.SshTunnelMachineId, me.Id)
 			return nil, err
 		}
+		c.enableSshTunnel = me.EnableSshTunnel
+		c.sshTunnelMachineId = me.SshTunnelMachineId
 		return c, nil
 	})
 
@@ -141,9 +168,20 @@ func GetCli(machineId uint64, getMachine func(uint64) *entity.Machine) (*Cli, er
 	return nil, err
 }
 
-// 测试连接
+// 测试连接，使用传值的方式，而非引用。因为如果使用了ssh隧道，则ip和端口会变为本地映射地址与端口
-func TestConn(m *entity.Machine) error {
+func TestConn(me entity.Machine, getSshTunnelMachine func(uint64) *entity.Machine) error {
-	sshClient, err := GetSshClient(m)
+	originId := me.Id
+	if originId == 0 {
+		// 随机设置一个ip，如果使用了隧道则用于临时保存隧道
+		me.Id = uint64(time.Now().Nanosecond())
+	}
+
+	err := IfUseSshTunnelChangeIpPort(&me, getSshTunnelMachine)
+	biz.ErrIsNilAppendErr(err, "ssh隧道连接失败: %s")
+	if me.EnableSshTunnel == 1 {
+		defer CloseSshTunnelMachine(me.SshTunnelMachineId, me.Id)
+	}
+	sshClient, err := GetSshClient(&me)
 	if err != nil {
 		return err
 	}
@@ -151,6 +189,27 @@ func TestConn(m *entity.Machine) error {
 	return nil
 }
 
+// 如果使用了ssh隧道，则修改机器ip port为暴露的ip port
+func IfUseSshTunnelChangeIpPort(me *entity.Machine, getMachine func(uint64) *entity.Machine) error {
+	if me.EnableSshTunnel != 1 {
+		return nil
+	}
+	sshTunnelMachine, err := GetSshTunnelMachine(me.SshTunnelMachineId, func(u uint64) *entity.Machine {
+		return getMachine(u)
+	})
+	if err != nil {
+		return err
+	}
+	exposeIp, exposePort, err := sshTunnelMachine.OpenSshTunnel(me.Id, me.Ip, me.Port)
+	if err != nil {
+		return err
+	}
+	// 修改机器ip地址
+	me.Ip = exposeIp
+	me.Port = exposePort
+	return nil
+}
+
 func GetSshClient(m *entity.Machine) (*ssh.Client, error) {
 	config := ssh.ClientConfig{
 		User: m.Username,

server/internal/devops/infrastructure/machine/sshtunnel.go

@@ -0,0 +1,240 @@
+package machine
+
+import (
+	"fmt"
+	"io"
+	"mayfly-go/internal/devops/domain/entity"
+	"mayfly-go/pkg/global"
+	"mayfly-go/pkg/utils"
+	"net"
+	"os"
+	"sync"
+	"time"
+
+	"golang.org/x/crypto/ssh"
+)
+
+var (
+	sshTunnelMachines map[uint64]*SshTunnelMachine = make(map[uint64]*SshTunnelMachine)
+
+	mutex sync.Mutex
+
+	// 所有检测ssh隧道机器是否被使用的函数
+	checkSshTunnelMachineHasUseFuncs []CheckSshTunnelMachineHasUseFunc
+
+	// 是否开启检查ssh隧道机器是否被使用，只有使用到了隧道机器才启用
+	startCheckSshTunnelHasUse bool = false
+)
+
+// 检查ssh隧道机器是否有被使用
+type CheckSshTunnelMachineHasUseFunc func(uint64) bool
+
+func startCheckUse() {
+	global.Log.Info("开启定时检测ssh隧道机器是否还有被使用")
+	heartbeat := time.Duration(10) * time.Minute
+	tick := time.NewTicker(heartbeat)
+	go func() {
+		for range tick.C {
+			func() {
+				if !mutex.TryLock() {
+					return
+				}
+				defer mutex.Unlock()
+				// 遍历隧道机器，都未被使用将会被关闭
+				for mid, sshTunnelMachine := range sshTunnelMachines {
+					global.Log.Debugf("开始定时检查ssh隧道机器[%d]是否还有被使用...", mid)
+					for _, checkUseFunc := range checkSshTunnelMachineHasUseFuncs {
+						// 如果一个在使用则返回不关闭，不继续后续检查
+						if checkUseFunc(mid) {
+							return
+						}
+					}
+					// 都未被使用，则关闭
+					sshTunnelMachine.Close()
+				}
+			}()
+		}
+	}()
+}
+
+// 添加ssh隧道机器检测是否使用函数
+func AddCheckSshTunnelMachineUseFunc(checkFunc CheckSshTunnelMachineHasUseFunc) {
+	if checkSshTunnelMachineHasUseFuncs == nil {
+		checkSshTunnelMachineHasUseFuncs = make([]CheckSshTunnelMachineHasUseFunc, 0)
+	}
+	checkSshTunnelMachineHasUseFuncs = append(checkSshTunnelMachineHasUseFuncs, checkFunc)
+}
+
+// ssh隧道机器
+type SshTunnelMachine struct {
+	machineId uint64 // 隧道机器id
+	SshClient *ssh.Client
+	mutex     sync.Mutex
+	tunnels   map[uint64]*Tunnel // 机器id -> 隧道
+}
+
+func (stm *SshTunnelMachine) OpenSshTunnel(id uint64, ip string, port int) (exposedIp string, exposedPort int, err error) {
+	stm.mutex.Lock()
+	defer stm.mutex.Unlock()
+
+	localPort, err := utils.GetAvailablePort()
+	if err != nil {
+		return "", 0, err
+	}
+
+	hostname, err := os.Hostname()
+	if err != nil {
+		return "", 0, err
+	}
+	// debug
+	//hostname = "0.0.0.0"
+
+	localAddr := fmt.Sprintf("%s:%d", hostname, localPort)
+	listener, err := net.Listen("tcp", localAddr)
+	if err != nil {
+		return "", 0, err
+	}
+
+	tunnel := &Tunnel{
+		id:         id,
+		machineId:  stm.machineId,
+		localHost:  hostname,
+		localPort:  localPort,
+		remoteHost: ip,
+		remotePort: port,
+		listener:   listener,
+	}
+	go tunnel.Open(stm.SshClient)
+	stm.tunnels[tunnel.id] = tunnel
+
+	return tunnel.localHost, tunnel.localPort, nil
+}
+
+func (st *SshTunnelMachine) GetDialConn(network string, addr string) (net.Conn, error) {
+	st.mutex.Lock()
+	defer st.mutex.Unlock()
+	return st.SshClient.Dial(network, addr)
+}
+
+func (stm *SshTunnelMachine) Close() {
+	stm.mutex.Lock()
+	defer stm.mutex.Unlock()
+
+	for id, tunnel := range stm.tunnels {
+		if tunnel != nil {
+			tunnel.Close()
+			delete(stm.tunnels, id)
+		}
+	}
+
+	if stm.SshClient != nil {
+		global.Log.Infof("ssh隧道机器[%d]未被使用, 关闭隧道...", stm.machineId)
+		stm.SshClient.Close()
+	}
+	delete(sshTunnelMachines, stm.machineId)
+}
+
+// 获取ssh隧道机器，方便统一管理充当ssh隧道的机器，避免创建多个ssh client
+func GetSshTunnelMachine(machineId uint64, getMachine func(uint64) *entity.Machine) (*SshTunnelMachine, error) {
+	sshTunnelMachine := sshTunnelMachines[machineId]
+	if sshTunnelMachine != nil {
+		return sshTunnelMachine, nil
+	}
+
+	mutex.Lock()
+	defer mutex.Unlock()
+
+	me := getMachine(machineId)
+	sshClient, err := GetSshClient(me)
+	if err != nil {
+		return nil, err
+	}
+	sshTunnelMachine = &SshTunnelMachine{SshClient: sshClient, machineId: machineId, tunnels: map[uint64]*Tunnel{}}
+
+	global.Log.Infof("初次连接ssh隧道机器[%d][%s:%d]", machineId, me.Ip, me.Port)
+	sshTunnelMachines[machineId] = sshTunnelMachine
+
+	// 如果实用了隧道机器且还没开始定时检查是否还被实用，则执行定时任务检测隧道是否还被使用
+	if !startCheckSshTunnelHasUse {
+		startCheckUse()
+		startCheckSshTunnelHasUse = true
+	}
+	return sshTunnelMachine, nil
+}
+
+// 关闭ssh隧道机器的指定隧道
+func CloseSshTunnelMachine(machineId uint64, tunnelId uint64) {
+	sshTunnelMachine := sshTunnelMachines[machineId]
+	if sshTunnelMachine == nil {
+		return
+	}
+
+	sshTunnelMachine.mutex.Lock()
+	defer sshTunnelMachine.mutex.Unlock()
+	t := sshTunnelMachine.tunnels[tunnelId]
+	if t != nil {
+		t.Close()
+		delete(sshTunnelMachine.tunnels, tunnelId)
+	}
+}
+
+type Tunnel struct {
+	id                uint64 // 唯一标识
+	machineId         uint64 // 隧道机器id
+	localHost         string // 本地监听地址
+	localPort         int    // 本地端口
+	remoteHost        string // 远程连接地址
+	remotePort        int    // 远程端口
+	listener          net.Listener
+	localConnections  []net.Conn
+	remoteConnections []net.Conn
+}
+
+func (r *Tunnel) Open(sshClient *ssh.Client) {
+	localAddr := fmt.Sprintf("%s:%d", r.localHost, r.localPort)
+
+	for {
+		global.Log.Debugf("隧道 %v 等待客户端访问 %v", r.id, localAddr)
+		localConn, err := r.listener.Accept()
+		if err != nil {
+			global.Log.Debugf("隧道 %v 接受连接失败 %v, 退出循环", r.id, err.Error())
+			global.Log.Debug("-------------------------------------------------")
+			return
+		}
+		r.localConnections = append(r.localConnections, localConn)
+
+		global.Log.Debugf("隧道 %v 新增本地连接 %v", r.id, localConn.RemoteAddr().String())
+		remoteAddr := fmt.Sprintf("%s:%d", r.remoteHost, r.remotePort)
+		global.Log.Debugf("隧道 %v 连接远程地址 %v ...", r.id, remoteAddr)
+		remoteConn, err := sshClient.Dial("tcp", remoteAddr)
+		if err != nil {
+			global.Log.Debugf("隧道 %v 连接远程地址 %v, 退出循环", r.id, err.Error())
+			global.Log.Debug("-------------------------------------------------")
+			return
+		}
+		r.remoteConnections = append(r.remoteConnections, remoteConn)
+
+		global.Log.Debugf("隧道 %v 连接远程主机成功", r.id)
+		go copyConn(localConn, remoteConn)
+		go copyConn(remoteConn, localConn)
+		global.Log.Debugf("隧道 %v 开始转发数据 [%v]->[%v]", r.id, localAddr, remoteAddr)
+		global.Log.Debug("~~~~~~~~~~~~~~~~~~~~分割线~~~~~~~~~~~~~~~~~~~~~~~~")
+	}
+}
+
+func (r *Tunnel) Close() {
+	for i := range r.localConnections {
+		_ = r.localConnections[i].Close()
+	}
+	r.localConnections = nil
+	for i := range r.remoteConnections {
+		_ = r.remoteConnections[i].Close()
+	}
+	r.remoteConnections = nil
+	_ = r.listener.Close()
+	global.Log.Debugf("隧道 %d 监听器关闭", r.id)
+}
+
+func copyConn(writer, reader net.Conn) {
+	_, _ = io.Copy(writer, reader)
+}

server/internal/devops/infrastructure/persistence/machine_repo.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"mayfly-go/internal/devops/domain/entity"
 	"mayfly-go/internal/devops/domain/repository"
+	"mayfly-go/pkg/biz"
 	"mayfly-go/pkg/model"
 )
 
@@ -51,9 +52,9 @@ func (m *machineRepo) GetById(id uint64, cols ...string) *entity.Machine {
 }
 
 func (m *machineRepo) Create(entity *entity.Machine) {
-	model.Insert(entity)
+	biz.ErrIsNilAppendErr(model.Insert(entity), "创建机器信息失败: %s")
 }
 
 func (m *machineRepo) UpdateById(entity *entity.Machine) {
-	model.UpdateById(entity)
+	biz.ErrIsNilAppendErr(model.UpdateById(entity), "更新机器信息失败: %s")
 }

server/internal/devops/router/db.go

@@ -31,6 +31,11 @@ func InitDbRouter(router *gin.RouterGroup) {
 				Handle(d.Save)
 		})
 
+		db.POST("databases", func(c *gin.Context) {
+			ctx.NewReqCtxWithGin(c).
+				Handle(d.GetDatabaseNames)
+		})
+
 		deleteDb := ctx.NewLogInfo("删除数据库信息").WithSave(true)
 		db.DELETE(":dbId", func(c *gin.Context) {
 			ctx.NewReqCtxWithGin(c).

server/mayfly-go.sql

@@ -111,6 +111,8 @@ CREATE TABLE `t_machine` (
   `username` varchar(12) COLLATE utf8mb4_bin NOT NULL,
   `auth_method` tinyint(2) NULL DEFAULT NULL COMMENT '1.密码登录2.publickey登录',
   `password` varchar(3200) COLLATE utf8mb4_bin DEFAULT NULL,
+  `enableSshTunnel` tinyint(2) DEFAULT NULL COMMENT '是否启用ssh隧道',
+  `sshTunnelMachineId` bigint(20) DEFAULT NULL COMMENT 'ssh隧道的机器id',
   `status` tinyint(2) NOT NULL COMMENT '状态: 1:启用; -1:禁用',
   `remark` varchar(255) COLLATE utf8mb4_bin DEFAULT NULL,
   `need_monitor` tinyint(2) DEFAULT NULL,

server/pkg/utils/net.go

@@ -0,0 +1,21 @@
+package utils
+
+import "net"
+
+// GetAvailablePort 获取可用端口
+func GetAvailablePort() (int, error) {
+	addr, err := net.ResolveTCPAddr("tcp", "localhost:0")
+	if err != nil {
+		return 0, err
+	}
+
+	l, err := net.ListenTCP("tcp", addr)
+	if err != nil {
+		return 0, err
+	}
+
+	defer func(l *net.TCPListener) {
+		_ = l.Close()
+	}(l)
+	return l.Addr().(*net.TCPAddr).Port, nil
+}

server/pkg/utils/ssh_client.go

@@ -1,58 +0,0 @@
-package utils
-
-import (
-	"fmt"
-	"io/ioutil"
-	"net"
-	"time"
-
-	"golang.org/x/crypto/ssh"
-)
-
-func SSHConnect(user, password, host, key string, port int) (*ssh.Client, error) {
-	var (
-		auth         []ssh.AuthMethod
-		addr         string
-		clientConfig *ssh.ClientConfig
-		client       *ssh.Client
-		config       ssh.Config
-		//session      *ssh.Session
-		err error
-	)
-
-	// get auth method
-	auth = make([]ssh.AuthMethod, 0)
-	if key == "" {
-		auth = append(auth, ssh.Password(password))
-	} else {
-		pemBytes, err := ioutil.ReadFile(key)
-		if err != nil {
-			return nil, err
-		}
-
-		var signer ssh.Signer
-		if password == "" {
-			signer, err = ssh.ParsePrivateKey(pemBytes)
-		} else {
-			signer, err = ssh.ParsePrivateKeyWithPassphrase(pemBytes, []byte(password))
-		}
-		if err != nil {
-			return nil, err
-		}
-		auth = append(auth, ssh.PublicKeys(signer))
-	}
-
-	clientConfig = &ssh.ClientConfig{
-		User:    user,
-		Auth:    auth,
-		Timeout: 30 * time.Second,
-		Config:  config,
-		HostKeyCallback: func(hostname string, remote net.Addr, key ssh.PublicKey) error {
-			return nil
-		},
-	}
-	addr = fmt.Sprintf("%s:%d", host, port)
-
-	client, err = ssh.Dial("tcp", addr, clientConfig)
-	return client, err
-}