just wait for ssh

ad331e4e · nanahira · a05c64e5 · ad331e4e · ad331e4e · ad331e4e
Commit ad331e4e authored Dec 15, 2020 by nanahira
Hide whitespace changes
Inline Side-by-side

Showing with 138 additions and 16 deletions

package-lock.json package-lock.json +23 -2

package.json package.json +1 -0

src/app.service.ts src/app.service.ts +114 -14

No files found.
--- a/package-lock.json
+++ b/package-lock.json
@@ -3214,6 +3214,11 @@
      "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz",
      "integrity": "sha1-Qa4u62XvpiJorr/qg6x9eSmbCIc="
    },
+    "eventemitter3": {
+      "version": "4.0.7",
+      "resolved": "https://registry.npmjs.org/eventemitter3/-/eventemitter3-4.0.7.tgz",
+      "integrity": "sha512-8guHBZCwKnFhYdHr2ysuRWErTwhoN2X8XELRlrRwpmfeY2jjuUN4taQMsULKUVo1K4DvZl+0pgfyoysHxvmvEw=="
+    },
    "events": {
      "version": "3.2.0",
      "resolved": "https://registry.npmjs.org/events/-/events-3.2.0.tgz",
@@ -5608,8 +5613,7 @@
    "p-finally": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/p-finally/-/p-finally-1.0.0.tgz",
-      "integrity": "sha1-P7z7FbiZpEEjs0ttzBi3JDNqLK4=",
+      "integrity": "sha1-P7z7FbiZpEEjs0ttzBi3JDNqLK4="
-      "dev": true
    },
    "p-limit": {
      "version": "2.3.0",
@@ -5627,6 +5631,23 @@
        "p-limit": "^2.2.0"
      }
    },
+    "p-queue": {
+      "version": "6.6.2",
+      "resolved": "https://registry.npmjs.org/p-queue/-/p-queue-6.6.2.tgz",
+      "integrity": "sha512-RwFpb72c/BhQLEXIZ5K2e+AhgNVmIejGlTgiB9MzZ0e93GRvqZ7uSi0dvRF7/XIXDeNkra2fNHBxTyPDGySpjQ==",
+      "requires": {
+        "eventemitter3": "^4.0.4",
+        "p-timeout": "^3.2.0"
+      }
+    },
+    "p-timeout": {
+      "version": "3.2.0",
+      "resolved": "https://registry.npmjs.org/p-timeout/-/p-timeout-3.2.0.tgz",
+      "integrity": "sha512-rhIwUycgwwKcP9yTOOFK/AKsAopjjCakVqLHePO3CC6Mir1Z99xT+R63jZxAT5lFZLa2inS5h+ZS2GvR99/FBg==",
+      "requires": {
+        "p-finally": "^1.0.0"
+      }
+    },
    "p-try": {
      "version": "2.2.0",
      "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz",

--- a/package.json
+++ b/package.json
@@ -30,6 +30,7 @@
    "@types/underscore": "^1.10.24",
    "csv-parse": "^4.14.1",
    "ip": "^1.1.5",
+    "p-queue": "^6.6.2",
    "pg": "^8.5.1",
    "reflect-metadata": "^0.1.13",
    "rimraf": "^3.0.2",

--- a/src/app.service.ts
+++ b/src/app.service.ts
@@ -13,6 +13,7 @@ import * as IP from 'ip';
 import * as _ from 'underscore';
 import { AppLogger } from './logger.service';
 import { User } from './entities/User';
+import PQueue from 'p-queue';
 const validDestinations = ['chnroute', 'all'];
@@ -30,6 +31,7 @@ export class AppService {
  routers: Router[];
  gatewayGroups: GatewayGroup[];
  railgunRules: RailgunRule[];
+  syncQueue: PQueue;
  constructor(
    @InjectConnection('railgun')
    private db: Connection,
@@ -41,17 +43,40 @@ export class AppService {
    this.routers = this.configService.get('routers');
    this.gatewayGroups = this.configService.get('gatewayGroups');
    this.railgunRules = this.configService.get('railgunRules');
+    this.syncQueue = new PQueue({ concurrency: 1 });
+    this.addSyncTask();
+  }
+  private async syncRouter(router: Router, users: User[]) {
+    const ipsetData = this.getIpsetOfRouter(router, users);
+    // replace this part with real ssh things
+    console.log(router.name);
+    console.log(ipsetData);
+  }
+  private async sync() {
+    const users = await this.db.getRepository(User).find();
+    await Promise.all(
+      this.routers.map((router) => this.syncRouter(router, users)),
+    );
+  }
+  private async addSyncTask() {
+    return await this.syncQueue.add(async () => {
+      this.sync();
+    });
  }
  private subnetsContain(subnets: string[], ip) {
    return subnets.some((subnet) => IP.cidrSubnet(subnet).contains(ip));
  }
-  private isGatewayAllowed(ip: string, gateway: Gateway) {
+  private isGatewayAllowed(ip: string, gateway: Gateway, localOnly?: boolean) {
-    if (!gateway.hidden) {
+    if (gateway.hidden) {
-      // 允许自己的网关的所有IP
+      return false;
-      const router = gateway.routerInfo;
+    }
-      if (router && this.subnetsContain(router.subnets, ip)) {
+    // 允许自己的网关的所有IP
-        return true;
+    const router = gateway.routerInfo;
-      }
+    if (router && this.subnetsContain(router.subnets, ip)) {
+      return true;
+    }
+    if (localOnly) {
+      return false;
    }
    // 在 railgun enterprise 表中有的IP
    return this.railgunRules.some((rule) => {
@@ -78,7 +103,7 @@ export class AppService {
  }
  private getAllSuitableGateways(ip: string) {
    return this.gateways.filter((gateway) =>
-      this.isGatewayAllowed(ip, gateway),
+      this.isGatewayAllowed(ip, gateway, false),
    );
  }
  private getGatewayDisplayData(
@@ -117,7 +142,7 @@ export class AppService {
  async getClientData(rawAddress: string) {
    const ip = this.sortAddress(rawAddress);
    const displayGateways = this.gateways
-      .filter((gateway) => this.isGatewayAllowed(ip, gateway))
+      .filter((gateway) => this.isGatewayAllowed(ip, gateway, false))
      .map((gateway) => this.getGatewayDisplayData(gateway, ip));
    const displayGroups = this.gatewayGroups
      .filter((group) => this.isGatewayGroupAllowed(ip, group))
@@ -129,17 +154,91 @@ export class AppService {
    };
  }
-  private checkId(id: number, ip: string) {
+  private checkId(id: number, ip: string, localOnly: boolean) {
    if (!id) {
      return true;
    }
-    if (id > 20000) {
+    if (id > 20000 && !localOnly) {
      const gatewayGroup = this.gatewayGroups.find((g) => g.id === id);
      return gatewayGroup && this.isGatewayGroupAllowed(ip, gatewayGroup);
    } else {
      const gateway = this.gateways.find((gw) => gw.id === id);
-      return this.isGatewayAllowed(ip, gateway);
+      return gateway && this.isGatewayAllowed(ip, gateway, localOnly);
+    }
+  }
+  private getGatewayOrGroupFromId(id: number) {
+    if (id > 20000) {
+      const gatewayGroup = this.gatewayGroups.find((g) => g.id === id);
+      return gatewayGroup;
+    } else {
+      const gateway = this.gateways.find((gw) => gw.id === id);
+      return gateway;
+    }
+  }
+  getIpsetNamesOfRouter(router: Router) {
+    const ipsets: string[] = [];
+    for (const destination of validDestinations) {
+      const selfGateways = this.gateways.filter(
+        (gateway) => router.name === gateway.router,
+      );
+      for (const gateway of selfGateways) {
+        ipsets.push(`u_${gateway.isp}_${destination}`);
+      }
+      const otherRouters = this.routers.filter((r) => r !== router);
+      for (const r of otherRouters) {
+        ipsets.push(`u_${r.name.replace(/-/g, '-')}_${destination}`);
+      }
+      for (const group of this.gatewayGroups) {
+        ipsets.push(`u_${group.name}_${destination}`);
+      }
+    }
+    return ipsets;
+  }
+  getIpsetOfRouter(router: Router, users: User[]) {
+    const lines: string[] = this.getIpsetNamesOfRouter(router).map(
+      (setname) => `flush ${setname}`,
+    );
+    for (const group of this.gatewayGroups) {
+      const matchUsers = users.filter(
+        (user) =>
+          user.remoteGatewayId === group.id &&
+          this.isGatewayGroupAllowed(user.ip, group),
+      );
+      for (const user of matchUsers) {
+        lines.push(`add u_${group.name.replace(/-/g, '_')}_${user.destination} ${user.ip}`);
+      }
+    }
+    for (const gateway of this.gateways) {
+      const matchUsers = users.filter(
+        (user) =>
+          user.remoteGatewayId === gateway.id &&
+          this.isGatewayAllowed(user.ip, gateway, false),
+      );
+      for (const user of matchUsers) {
+        if (gateway.routerInfo === router) {
+          lines.push(`add u_${gateway.isp}_${user.destination} ${user.ip}`);
+        } else {
+          lines.push(
+            `add u_${gateway.routerInfo.name.replace(/-/g, '_')}_${user.destination} ${user.ip}`,
+          );
+        }
+      }
+    }
+    const selfGateways = this.gateways.filter(
+      (gateway) => router.name === gateway.router,
+    );
+    for (const gateway of selfGateways) {
+      const setName = `u_${gateway.isp}_all`;
+      const matchUsers = users.filter(
+        (user) =>
+          user.localGatewayId === gateway.id &&
+          this.isGatewayAllowed(user.ip, gateway, true),
+      );
+      for (const user of matchUsers) {
+        lines.push(`add ${setName} ${user.ip}`);
+      }
    }
+    return lines.join('\n');
  }
  async postData(
    rawAddress: string,
@@ -157,8 +256,8 @@ export class AppService {
      };
    }
    if (
-      !this.checkId(remoteGatewayId, ip) ||
+      !this.checkId(remoteGatewayId, ip, false) ||
-      !this.checkId(localGatewayId, ip)
+      !this.checkId(localGatewayId, ip, true)
    ) {
      return { success: false, statusCode: 404, message: 'invalid gateway' };
    }
@@ -166,6 +265,7 @@ export class AppService {
    user.remoteGatewayId = remoteGatewayId || null;
    user.localGatewayId = localGatewayId || null;
    await this.db.getRepository(User).save(user);
+    this.addSyncTask();
    return { success: true, statusCode: 200, message: 'success' };
  }
 }