diff --git a/auth/html/login_permission_denied.html b/auth/html/login_permission_denied.html index f7a8f25..5a47c1a 100644 --- a/auth/html/login_permission_denied.html +++ b/auth/html/login_permission_denied.html @@ -4,5 +4,5 @@ {{.user}} :
You do not have the permission to continue this request

-

Refresh or Temp Login or Logout

+

Refresh or Logout

{{end}} \ No newline at end of file diff --git a/auth/policybase.go b/auth/policybase.go index 71ab735..9a74169 100644 --- a/auth/policybase.go +++ b/auth/policybase.go @@ -332,14 +332,15 @@ func (mgr *policyBaseAuth) HandleHTTPCgi(ctx *http.HttpCtx, path string) http.Re return http.RequestEnd case "/pwd": if session != nil { - ctx.Resp.RefreshRedirectPage(http.StatusConflict, truepath, "You've already logged in as "+session.user.name, 2) + // ctx.Resp.RefreshRedirectPage(http.StatusConflict, truepath, "You've already logged in as "+session.user.name, 1) + ctx.Redirect(truepath, http.StatusFound) } else { if ctx.Req.Method == "POST" { //get username & password ctx.Req.ParseForm() var userl, passl = ctx.Req.PostForm.Get("username"), ctx.Req.PostForm.Get("password") if userl == "" || passl == "" { - ctx.Resp.ErrorPage(http.StatusBadRequest, "Username or password missing") + ctx.Resp.RefreshRedirectPage(http.StatusBadRequest, "login?r="+r, "Username or password missing", 3) return http.RequestEnd } @@ -364,7 +365,7 @@ func (mgr *policyBaseAuth) HandleHTTPCgi(ctx *http.HttpCtx, path string) http.Re // if it doesn't, the server would move it back } else { time.Sleep(200 * time.Millisecond) // Sleep 200ms to avoid being cracked - ctx.Resp.RefreshRedirectPage(http.StatusUnauthorized, "login?r="+r, "Username or password error", 1) + ctx.Resp.RefreshRedirectPage(http.StatusUnauthorized, "login?r="+r, "Username or password error", 3) log.Println("%", "!", userl, "r"+strconv.FormatUint(ctx.Id, 10), ctx.Req.RemoteAddr) } diff --git a/http/cgi.go b/http/cgi.go index dbfc2d1..9ff7b9a 100644 --- a/http/cgi.go +++ b/http/cgi.go @@ -13,7 +13,7 @@ func (mid *Midware) ngCgi(RequestCtx *HttpCtx, RequestPath *string) { s := mid.bufferedLookupForCgi.Lookup(path).([]*CgiStruct) if len(s) == 0 { - RequestCtx.Resp.ErrorPage(StatusNotFound, "The requested URL "+RequestCtx.Req.RequestURI+"("+path+")"+" was not found on this server.") + RequestCtx.Resp.ErrorPage(StatusNotFound, "The requested URL "+RequestCtx.Req.RequestURI+" was not found on this server.") } for _, t := range s { diff --git a/http/forward.go b/http/forward.go index a961556..fc280cb 100644 --- a/http/forward.go +++ b/http/forward.go @@ -35,7 +35,7 @@ func StdForwardProxy(ctx *HttpCtx) Ret { if ctx.Req.Method == "CONNECT" { server, err := net.Dial("tcp", ctx.Req.RequestURI) if err != nil { - ctx.Resp.ErrorPage(http.StatusBadRequest, fmt.Sprintf("Dial: %v", err)) + ctx.Resp.ErrorPage(http.StatusBadRequest, fmt.Sprintf("Forward: Dial: %v", err)) return RequestEnd } defer server.Close() @@ -43,7 +43,7 @@ func StdForwardProxy(ctx *HttpCtx) Ret { if ctx.Req.ProtoMajor == 0 || ctx.Req.ProtoMajor == 1 { localconn, _, err := ctx.Resp.Hijack() if err != nil { - ctx.Resp.ErrorPage(http.StatusBadRequest, fmt.Sprintf("Hijack: %v", err)) + ctx.Resp.ErrorPage(http.StatusBadRequest, fmt.Sprintf("Forward: Hijack: %v", err)) return RequestEnd } @@ -67,7 +67,7 @@ func StdForwardProxy(ctx *HttpCtx) Ret { resp, err := http.DefaultTransport.RoundTrip(ctx.Req) if err != nil { - ctx.Resp.ErrorPage(http.StatusBadRequest, fmt.Sprintf("%v", err)) + ctx.Resp.ErrorPage(http.StatusBadRequest, fmt.Sprintf("Forward: %v", err)) return RequestEnd } defer resp.Body.Close() diff --git a/http/html.go b/http/html.go index d16bacb..5a3ffdb 100644 --- a/http/html.go +++ b/http/html.go @@ -26,7 +26,23 @@ var confirm_rawhtml string func (rw *NgResponseWriter) ErrorPage(code int, err string) { rw.Header().Add("Content-Type", "text/html; charset=utf-8") rw.WriteHeader(code) - errorpage_template.Execute(rw, err) + errorpage_template.Execute(rw, struct { + MSG string + RID string + RIP string + // CID string + CODE string + UTC string + // ELA string + }{ + MSG: err, + CODE: strconv.Itoa(code), + RID: strconv.FormatUint(rw.ctx.Id, 10), + RIP: rw.ctx.RemoteIP, + // CID: strconv.FormatUint(rw.ctx.conn.Id, 10), + UTC: rw.ctx.starttime.UTC().Format("2006-01-02 15:04:05 UTC"), + // ELA: time.Since(rw.ctx.starttime).String(), + }) } func (rw *NgResponseWriter) InfoPage(code int, info string) { @@ -41,9 +57,10 @@ func (rw *NgResponseWriter) RefreshRedirectPage(code int, url string, msg string rw.Header().Add("Content-Type", "text/html; charset=utf-8") rw.WriteHeader(code) redirecting_template.Execute(rw, struct { - URL string - MSG string - }{URL: url, MSG: msg}) + URL string + MSG string + TIME int + }{URL: url, MSG: msg, TIME: time}) } func (rw *NgResponseWriter) ConfrimPage(code int, url string, msg string) { diff --git a/http/html/error.html b/http/html/error.html index d0cf3b5..9a3f0a9 100644 --- a/http/html/error.html +++ b/http/html/error.html @@ -1,14 +1,18 @@ - Error - NetGATE + {{.CODE}} - NetGATE logo

-

ERROR

-

{{.}}

+

ERROR {{.CODE}}

+

{{.MSG}}

+ +
+ RequestID: {{.RID}} · {{.RIP}} · {{.UTC}} +
\ No newline at end of file diff --git a/http/html/redirecting.html b/http/html/redirecting.html index f3ba5b1..2d41281 100644 --- a/http/html/redirecting.html +++ b/http/html/redirecting.html @@ -8,7 +8,7 @@ logo

{{.MSG}}

-

You are being redirected.

+

You are being redirected in {{.TIME}} seconds.

\ No newline at end of file diff --git a/http/http.go b/http/http.go index 441b768..83e4daa 100644 --- a/http/http.go +++ b/http/http.go @@ -28,6 +28,8 @@ type HttpCtx struct { Id uint64 starttime time.Time + RemoteIP string + Req *http.Request Resp *NgResponseWriter @@ -125,6 +127,8 @@ func (h *Midware) head(rw http.ResponseWriter, r *http.Request, conn *tcp.Conn) c, kill := context.WithCancel(r.Context()) + ip, _, _ := net.SplitHostPort(r.RemoteAddr) + ctx := &HttpCtx{ Req: r.WithContext(c), Resp: ngrw, @@ -133,8 +137,11 @@ func (h *Midware) head(rw http.ResponseWriter, r *http.Request, conn *tcp.Conn) kill: kill, closing: make(chan struct{}), conn: conn, + RemoteIP: ip, } + ngrw.ctx = ctx + h.Process(ctx) } @@ -150,6 +157,8 @@ type NgResponseWriter struct { writtenBytes uint64 // before compression init sync.Once + + ctx *HttpCtx } func (w *NgResponseWriter) Write(b []byte) (byt int, e error) { diff --git a/ui/myservice.go b/ui/myservice.go index caf7321..0f4d956 100644 --- a/ui/myservice.go +++ b/ui/myservice.go @@ -232,20 +232,22 @@ func LoadCfg(cfgs []byte) error { } var prik []gossh.Signer - for _, key := range cfg.SSH.PrivateKeys { - s, err := gossh.ParsePrivateKey([]byte(key)) - if err != nil { - log.Println("sys", "ssh", err) - os.Exit(-1) + if len(cfg.SSH.PrivateKeys) > 0 { + for _, key := range cfg.SSH.PrivateKeys { + s, err := gossh.ParsePrivateKey([]byte(key)) + if err != nil { + log.Println("sys", "ssh", err) + os.Exit(-1) + } + ak := gossh.MarshalAuthorizedKey(s.PublicKey()) + log.Println("sys", "ssh", "Found private key with authorized key", string(ak[:len(ak)-1]), "fingerprint", gossh.FingerprintSHA256(s.PublicKey())) + prik = append(prik, s) + } - ak := gossh.MarshalAuthorizedKey(s.PublicKey()) - log.Println("sys", "ssh", "Found private key with authorized key", string(ak[:len(ak)-1]), "fingerprint", gossh.FingerprintSHA256(s.PublicKey())) - prik = append(prik, s) + var sshs = ssh.NewSSHController(prik, cfg.SSH.Banner, pba.SSHAuthPwd, pba.SSHAuthPubKey) + builtinTcpServices["ssh"] = sshs } - var sshs = ssh.NewSSHController(prik, cfg.SSH.Banner, pba.SSHAuthPwd, pba.SSHAuthPubKey) - - builtinTcpServices["ssh"] = sshs watcher, err := fsnotify.NewWatcher()