Merge pull request #60 from jumpserver/dev

Dev

go.mod

@@ -16,6 +16,7 @@ require (
 	github.com/gliderlabs/ssh v0.2.3-0.20190711180243-866d0ddf7991
 	github.com/go-playground/form v3.1.4+incompatible // indirect
 	github.com/gorilla/mux v1.7.2
+	github.com/gorilla/websocket v1.4.0
 	github.com/jarcoal/httpmock v1.0.4
 	github.com/kataras/neffos v0.0.7
 	github.com/konsorten/go-windows-terminal-sequences v1.0.2 // indirect

pkg/auth/server.go

@@ -9,13 +9,12 @@ import (
 	"github.com/jumpserver/koko/pkg/cctx"
 	"github.com/jumpserver/koko/pkg/common"
 	"github.com/jumpserver/koko/pkg/config"
-	"github.com/jumpserver/koko/pkg/i18n"
 	"github.com/jumpserver/koko/pkg/logger"
 	"github.com/jumpserver/koko/pkg/service"
 )
 
-var mfaInstruction = i18n.T("Please enter 6 digits.")
-var mfaQuestion = i18n.T("[MFA auth]: ")
+var mfaInstruction = "Please enter 6 digits."
+var mfaQuestion = "[MFA auth]: "
 
 const (
 	actionAccepted        = "Accepted"
@@ -33,7 +32,7 @@ func checkAuth(ctx ssh.Context, password, publicKey string) (res ssh.AuthResult)
 	}
 	remoteAddr := strings.Split(ctx.RemoteAddr().String(), ":")[0]
 
-	resp, err := service.Authenticate(username, password, publicKey, remoteAddr, "T")
+	resp, err := service.Authenticate(username, password, publicKey, remoteAddr, "ST")
 	if err != nil {
 		action = actionFailed
 		logger.Infof("%s %s for %s from %s", action, authMethod, username, remoteAddr)

pkg/common/client.go

@@ -76,7 +76,7 @@ func (c *Client) marshalData(data interface{}) (reader io.Reader, error error) {
 }
 
 func (c *Client) parseUrlQuery(url string, params []map[string]string) string {
-	if len(params) != 1 {
+	if len(params) < 1 {
 		return url
 	}
 	var query []string
@@ -119,7 +119,7 @@ func (c *Client) setAuthHeader(r *http.Request) {
 	}
 }
 
-func (c *Client) SetReqHeaders(req *http.Request) {
+func (c *Client) SetReqHeaders(req *http.Request, params []map[string]string) {
 	if len(c.Headers) != 0 {
 		for k, v := range c.Headers {
 			req.Header.Set(k, v)
@@ -128,8 +128,13 @@ func (c *Client) SetReqHeaders(req *http.Request) {
 	if req.Header.Get("Content-Type") == "" {
 		req.Header.Set("Content-Type", "application/json")
 	}
-	req.Header.Set("user-Agent", "koko-client")
+	req.Header.Set("User-Agent", "koko-client")
 	c.setAuthHeader(req)
+	if len(params) >= 2 {
+		for k, v := range params[1] {
+			req.Header.Set(k, v)
+		}
+	}
 }
 
 func (c *Client) NewRequest(method, url string, body interface{}, params []map[string]string) (req *http.Request, err error) {
@@ -139,16 +144,16 @@ func (c *Client) NewRequest(method, url string, body interface{}, params []map[s
 		return
 	}
 	req, err = http.NewRequest(method, url, reader)
-	c.SetReqHeaders(req)
+	c.SetReqHeaders(req, params)
 	return req, err
 }
 
 // Do wrapper http.Client Do() for using auth and error handle
 // params:
 //   1. query string if set {"name": "ibuler"}
-func (c *Client) Do(method, url string, data, res interface{}, params ...map[string]string) (err error) {
+func (c *Client) Do(method, url string, data, res interface{}, params ...map[string]string) (resp *http.Response, err error) {
 	req, err := c.NewRequest(method, url, data, params)
-	resp, err := c.http.Do(req)
+	resp, err = c.http.Do(req)
 	if err != nil {
 		return
 	}
@@ -167,7 +172,7 @@ func (c *Client) Do(method, url string, data, res interface{}, params ...map[str
 		return
 	}
 	// Unmarshal response body to result struct
-	if res != nil {
+	if res != nil && resp.StatusCode >= 200 && resp.StatusCode < 300 {
 		err = json.Unmarshal(body, res)
 		if err != nil {
 			msg := fmt.Sprintf("%s %s failed, unmarshal '%s' response failed: %s", req.Method, req.URL, body[:12], err)
@@ -178,23 +183,23 @@ func (c *Client) Do(method, url string, data, res interface{}, params ...map[str
 	return
 }
 
-func (c *Client) Get(url string, res interface{}, params ...map[string]string) (err error) {
+func (c *Client) Get(url string, res interface{}, params ...map[string]string) (resp *http.Response, err error) {
 	return c.Do("GET", url, nil, res, params...)
 }
 
-func (c *Client) Post(url string, data interface{}, res interface{}, params ...map[string]string) (err error) {
+func (c *Client) Post(url string, data interface{}, res interface{}, params ...map[string]string) (resp *http.Response, err error) {
 	return c.Do("POST", url, data, res, params...)
 }
 
-func (c *Client) Delete(url string, res interface{}, params ...map[string]string) (err error) {
+func (c *Client) Delete(url string, res interface{}, params ...map[string]string) (resp *http.Response, err error) {
 	return c.Do("DELETE", url, nil, res, params...)
 }
 
-func (c *Client) Put(url string, data interface{}, res interface{}, params ...map[string]string) (err error) {
+func (c *Client) Put(url string, data interface{}, res interface{}, params ...map[string]string) (resp *http.Response, err error) {
 	return c.Do("PUT", url, data, res, params...)
 }
 
-func (c *Client) Patch(url string, data interface{}, res interface{}, params ...map[string]string) (err error) {
+func (c *Client) Patch(url string, data interface{}, res interface{}, params ...map[string]string) (resp *http.Response, err error) {
 	return c.Do("PATCH", url, data, res, params...)
 }
 
@@ -248,7 +253,7 @@ func (c *Client) UploadFile(url string, gFile string, res interface{}, params ..
 	url = c.parseUrl(url, params)
 	req, err := http.NewRequest("POST", url, buf)
 	req.Header.Set("Content-Type", bodyWriter.FormDataContentType())
-	c.SetReqHeaders(req)
+	c.SetReqHeaders(req, params)
 	resp, err := c.http.Do(req)
 	if err != nil {
 		return

pkg/handler/session.go

@@ -22,29 +22,6 @@ import (
 	"github.com/jumpserver/koko/pkg/utils"
 )
 
-type assetsCacheContainer struct {
-	mapData map[string][]model.Asset
-	lock    *sync.RWMutex
-}
-
-func (c *assetsCacheContainer) Get(key string) ([]model.Asset, bool) {
-	c.lock.RLock()
-	defer c.lock.RUnlock()
-	value, ok := c.mapData[key]
-	return value, ok
-}
-
-func (c *assetsCacheContainer) SetValue(key string, value []model.Asset) {
-	c.lock.Lock()
-	defer c.lock.Unlock()
-	c.mapData[key] = value
-}
-
-var userAssetsCached = assetsCacheContainer{
-	mapData: make(map[string][]model.Asset),
-	lock:    new(sync.RWMutex),
-}
-
 func SessionHandler(sess ssh.Session) {
 	pty, _, ok := sess.Pty()
 	if ok {
@@ -98,7 +75,7 @@ func (h *interactiveHandler) Initial() {
 }
 
 func (h *interactiveHandler) loadAssetsFromCache() {
-	if assets, ok := userAssetsCached.Get(h.user.ID); ok {
+	if assets, ok := service.GetUserAssetsFromCache(h.user.ID); ok {
 		h.assets = assets
 		close(h.assetDataLoaded)
 	} else {
@@ -109,8 +86,8 @@ func (h *interactiveHandler) loadAssetsFromCache() {
 
 func (h *interactiveHandler) firstLoadAssetAndNodes() {
 	h.loadUserAssets("1")
-	h.loadUserAssetNodes("1")
-	logger.Debug("first Load Asset And Nodes done")
+	h.loadUserNodes("1")
+	logger.Debug("First load assets and nodes done")
 	close(h.nodeDataLoaded)
 	select {
 	case <-h.assetDataLoaded:
@@ -198,6 +175,9 @@ func (h *interactiveHandler) Dispatch(ctx cctx.Context) {
 			}
 		default:
 			switch {
+			case line == "exit", line == "quit":
+				logger.Info("exit session")
+				return
 			case strings.Index(line, "/") == 0:
 				searchWord := strings.TrimSpace(line[1:])
 				assets := h.searchAsset(searchWord)
@@ -315,7 +295,7 @@ func (h *interactiveHandler) displayNodes(nodes []model.Node) {
 
 func (h *interactiveHandler) refreshAssetsAndNodesData() {
 	h.loadUserAssets("2")
-	h.loadUserAssetNodes("2")
+	h.loadUserNodes("2")
 	_, err := io.WriteString(h.term, i18n.T("Refresh done")+"\n\r")
 	if err != nil {
 		logger.Error("refresh Assets  Nodes err:", err)
@@ -324,14 +304,15 @@ func (h *interactiveHandler) refreshAssetsAndNodesData() {
 
 func (h *interactiveHandler) loadUserAssets(cachePolicy string) {
 	assets := service.GetUserAssets(h.user.ID, cachePolicy, "")
-	userAssetsCached.SetValue(h.user.ID, assets)
 	h.mu.Lock()
 	h.assets = assets
 	h.mu.Unlock()
 }
 
-func (h *interactiveHandler) loadUserAssetNodes(cachePolicy string) {
+func (h *interactiveHandler) loadUserNodes(cachePolicy string) {
+	h.mu.Lock()
 	h.nodes = service.GetUserNodes(h.user.ID, cachePolicy)
+	h.mu.Unlock()
 }
 
 func (h *interactiveHandler) searchAsset(key string) (assets []model.Asset) {
@@ -359,23 +340,16 @@ func (h *interactiveHandler) searchAsset(key string) (assets []model.Asset) {
 			assets = append(assets, assetValue)
 		}
 	}
-
-	//	assetsData, _ := Cached.Load(h.user.ID)
-	//	for _, assetValue := range assetsData.([]model.Asset) {
-	//		if isSubstring([]string{assetValue.IP, assetValue.Hostname, assetValue.Comment}, key) {
-	//			assets = append(assets, assetValue)
-	//		}
-	//	}
-
 	return assets
 }
 
-func (h *interactiveHandler) searchNodeAssets(num int) (assets []model.Asset) {
+func (h *interactiveHandler) searchNodeAssets(num int) (assets model.AssetList) {
 	if num > len(h.nodes) || num == 0 {
 		return assets
 	}
-	return h.nodes[num-1].AssetsGranted
-
+	node := h.nodes[num-1]
+	assets = service.GetUserNodeAssets(h.user.ID, node.ID, "1")
+	return
 }
 
 func (h *interactiveHandler) Proxy(ctx context.Context) {
@@ -396,7 +370,7 @@ func ConstructAssetNodeTree(assetNodes []model.Node) treeprint.Tree {
 	tree := treeprint.New()
 	for i := 0; i < len(assetNodes); i++ {
 		r := strings.LastIndex(assetNodes[i].Key, ":")
-		if r < 0 {
+		if _, ok := treeMap[assetNodes[i].Key[:r]]; r < 0 || !ok {
 			subtree := tree.AddBranch(fmt.Sprintf("%s.%s(%s)",
 				strconv.Itoa(i+1), assetNodes[i].Name,
 				strconv.Itoa(assetNodes[i].AssetsAmount)))
@@ -409,7 +383,6 @@ func ConstructAssetNodeTree(assetNodes []model.Node) treeprint.Tree {
 				strconv.Itoa(assetNodes[i].AssetsAmount)))
 			treeMap[assetNodes[i].Key] = nodeTree
 		}
-
 	}
 	return tree
 }

pkg/httpd/sftpvolume.go

@@ -76,7 +76,6 @@ func (u *UserVolume) Info(path string) (elfinder.FileDir, error) {
 	}
 	if filename == "." {
 		filename = originFileInfo.Name()
-		fmt.Println("askldkasdlala")
 	}
 	rest.Name = filename
 	rest.Hash = hashPath(u.Uuid, filepath.Join(dirPath, filename))

pkg/httpd/upgrader.go

+package httpd
+
+import (
+	"net"
+	"net/http"
+	"sync"
+	"time"
+
+	"github.com/kataras/neffos"
+
+	gorilla "github.com/gorilla/websocket"
+)
+
+// DefaultUpgrader is a gorilla/websocket Upgrader with all fields set to the default values.
+var DefaultUpgrader = Upgrader(gorilla.Upgrader{})
+
+// Upgrader is a `neffos.Upgrader` type for the gorilla/websocket subprotocol implementation.
+// Should be used on `New` to construct the neffos server.
+func Upgrader(upgrader gorilla.Upgrader) neffos.Upgrader {
+	return func(w http.ResponseWriter, r *http.Request) (neffos.Socket, error) {
+		header := w.Header()
+		header.Set("Access-Control-Allow-Origin", "*")
+		underline, err := upgrader.Upgrade(w, r, header)
+		if err != nil {
+			return nil, err
+		}
+
+		return newSocket(underline, r, false), nil
+	}
+}
+
+// Socket completes the `neffos.Socket` interface,
+// it describes the underline websocket connection.
+type Socket struct {
+	UnderlyingConn *gorilla.Conn
+	request        *http.Request
+
+	client bool
+
+	mu sync.Mutex
+}
+
+func newSocket(underline *gorilla.Conn, request *http.Request, client bool) *Socket {
+	return &Socket{
+		UnderlyingConn: underline,
+		request:        request,
+		client:         client,
+	}
+}
+
+// NetConn returns the underline net connection.
+func (s *Socket) NetConn() net.Conn {
+	return s.UnderlyingConn.UnderlyingConn()
+}
+
+// Request returns the http request value.
+func (s *Socket) Request() *http.Request {
+	return s.request
+}
+
+// ReadData reads binary or text messages from the remote connection.
+func (s *Socket) ReadData(timeout time.Duration) ([]byte, error) {
+	for {
+		if timeout > 0 {
+			s.UnderlyingConn.SetReadDeadline(time.Now().Add(timeout))
+		}
+
+		opCode, data, err := s.UnderlyingConn.ReadMessage()
+		if err != nil {
+			return nil, err
+		}
+
+		if opCode != gorilla.BinaryMessage && opCode != gorilla.TextMessage {
+			// if gorilla.IsUnexpectedCloseError(err, gorilla.CloseGoingAway) ...
+			continue
+		}
+
+		return data, err
+	}
+}
+
+// WriteBinary sends a binary message to the remote connection.
+func (s *Socket) WriteBinary(body []byte, timeout time.Duration) error {
+	return s.write(body, gorilla.BinaryMessage, timeout)
+}
+
+// WriteText sends a text message to the remote connection.
+func (s *Socket) WriteText(body []byte, timeout time.Duration) error {
+	return s.write(body, gorilla.TextMessage, timeout)
+}
+
+func (s *Socket) write(body []byte, opCode int, timeout time.Duration) error {
+	if timeout > 0 {
+		s.UnderlyingConn.SetWriteDeadline(time.Now().Add(timeout))
+	}
+
+	s.mu.Lock()
+	err := s.UnderlyingConn.WriteMessage(opCode, body)
+	s.mu.Unlock()
+
+	return err
+}

pkg/model/assets.go

@@ -150,14 +150,13 @@ type Domain struct {
 }
 
 type Node struct {
-	ID            string  `json:"id"`
-	Key           string  `json:"key"`
-	Name          string  `json:"name"`
-	Value         string  `json:"value"`
-	Parent        string  `json:"parent"`
-	AssetsGranted []Asset `json:"assets_granted"`
-	AssetsAmount  int     `json:"assets_amount"`
-	OrgID         string  `json:"org_id"`
+	ID           string `json:"id"`
+	Key          string `json:"key"`
+	Name         string `json:"name"`
+	Value        string `json:"value"`
+	Parent       string `json:"parent"`
+	AssetsAmount int    `json:"assets_amount"`
+	OrgID        string `json:"org_id"`
 }
 
 type nodeSortBy func(node1, node2 *Node) bool
@@ -207,7 +206,6 @@ func keySort(node1, node2 *Node) bool {
 		} else {
 			return true
 		}
-
 	}
 	return true
 

pkg/service/assets.go

@@ -9,7 +9,7 @@ import (
 
 func GetSystemUserAssetAuthInfo(systemUserID, assetID string) (info model.SystemUserAuthInfo) {
 	Url := fmt.Sprintf(SystemUserAssetAuthURL, systemUserID, assetID)
-	err := authClient.Get(Url, &info)
+	_, err := authClient.Get(Url, &info)
 	if err != nil {
 		logger.Error("Get system user Asset auth info failed")
 	}
@@ -59,7 +59,7 @@ func GetSystemUserFilterRules(systemUserID string) (rules []model.SystemUserFilt
 	]`*/
 	Url := fmt.Sprintf(SystemUserCmdFilterRulesListURL, systemUserID)
 
-	err = authClient.Get(Url, &rules)
+	_, err = authClient.Get(Url, &rules)
 	if err != nil {
 		logger.Error("Get system user auth info failed")
 	}
@@ -68,7 +68,7 @@ func GetSystemUserFilterRules(systemUserID string) (rules []model.SystemUserFilt
 
 func GetSystemUser(systemUserID string) (info model.SystemUser) {
 	Url := fmt.Sprintf(SystemUserDetailURL, systemUserID)
-	err := authClient.Get(Url, &info)
+	_, err := authClient.Get(Url, &info)
 	if err != nil {
 		logger.Errorf("Get system user %s failed", systemUserID)
 	}
@@ -77,7 +77,7 @@ func GetSystemUser(systemUserID string) (info model.SystemUser) {
 
 func GetAsset(assetID string) (asset model.Asset) {
 	Url := fmt.Sprintf(AssetDetailURL, assetID)
-	err := authClient.Get(Url, &asset)
+	_, err := authClient.Get(Url, &asset)
 	if err != nil {
 		logger.Errorf("Get Asset %s failed\n", assetID)
 	}
@@ -86,7 +86,7 @@ func GetAsset(assetID string) (asset model.Asset) {
 
 func GetDomainWithGateway(gID string) (domain model.Domain) {
 	url := fmt.Sprintf(DomainDetailURL, gID)
-	err := authClient.Get(url, &domain)
+	_, err := authClient.Get(url, &domain)
 	if err != nil {
 		logger.Errorf("Get domain %s failed: %s", gID, err)
 	}
@@ -95,7 +95,7 @@ func GetDomainWithGateway(gID string) (domain model.Domain) {
 
 func GetTokenAsset(token string) (tokenUser model.TokenUser) {
 	Url := fmt.Sprintf(TokenAssetURL, token)
-	err := authClient.Get(Url, &tokenUser)
+	_, err := authClient.Get(Url, &tokenUser)
 	if err != nil {
 		logger.Error("Get Token Asset info failed: ", err)
 	}

pkg/service/cache.go

+package service
+
+import (
+	"sync"
+
+	"github.com/jumpserver/koko/pkg/model"
+)
+
+type assetsCacheContainer struct {
+	mapData map[string]model.AssetList
+	mapETag map[string]string
+	mu      *sync.RWMutex
+}
+
+func (c *assetsCacheContainer) Get(key string) (model.AssetList, bool) {
+	c.mu.RLock()
+	defer c.mu.RUnlock()
+	value, ok := c.mapData[key]
+	return value, ok
+}
+
+func (c *assetsCacheContainer) GetETag(key string) (string, bool) {
+	c.mu.RLock()
+	defer c.mu.RUnlock()
+	value, ok := c.mapETag[key]
+	return value, ok
+}
+
+func (c *assetsCacheContainer) SetValue(key string, value model.AssetList) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	c.mapData[key] = value
+}
+
+func (c *assetsCacheContainer) SetETag(key string, value string) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	c.mapETag[key] = value
+}
+
+type nodesCacheContainer struct {
+	mapData map[string]model.NodeList
+	mapETag map[string]string
+	mu      *sync.RWMutex
+}
+
+func (c *nodesCacheContainer) Get(key string) (model.NodeList, bool) {
+	c.mu.RLock()
+	defer c.mu.RUnlock()
+	value, ok := c.mapData[key]
+	return value, ok
+}
+
+func (c *nodesCacheContainer) GetETag(key string) (string, bool) {
+	c.mu.RLock()
+	defer c.mu.RUnlock()
+	value, ok := c.mapETag[key]
+	return value, ok
+}
+
+func (c *nodesCacheContainer) SetValue(key string, value model.NodeList) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	c.mapData[key] = value
+}
+
+func (c *nodesCacheContainer) SetETag(key string, value string) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	c.mapETag[key] = value
+}

pkg/service/init.go

@@ -66,7 +66,7 @@ func validateAccessAuth() {
 
 func MustLoadServerConfigOnce() {
 	var data map[string]interface{}
-	err := authClient.Get(TerminalConfigURL, &data)
+	_, err := authClient.Get(TerminalConfigURL, &data)
 	if err != nil {
 		logger.Error("Load config from server error: ", err)
 		return
@@ -86,7 +86,7 @@ func MustLoadServerConfigOnce() {
 
 func LoadConfigFromServer() (err error) {
 	conf := config.GetConf()
-	err = authClient.Get(TerminalConfigURL, conf)
+	_, err = authClient.Get(TerminalConfigURL, conf)
 	if err != nil {
 		return err
 	}

pkg/service/perms.go

@@ -2,37 +2,97 @@ package service
 
 import (
 	"fmt"
+	"sync"
 
 	"github.com/jumpserver/koko/pkg/logger"
 	"github.com/jumpserver/koko/pkg/model"
 )
 
+var userAssetsCached = assetsCacheContainer{
+	mapData: make(map[string]model.AssetList),
+	mapETag: make(map[string]string),
+	mu:      new(sync.RWMutex),
+}
+
+var userNodesCached = nodesCacheContainer{
+	mapData: make(map[string]model.NodeList),
+	mapETag: make(map[string]string),
+	mu:      new(sync.RWMutex),
+}
+
+func GetUserAssetsFromCache(userID string) (assets model.AssetList, ok bool) {
+	assets, ok = userAssetsCached.Get(userID)
+	return
+}
+
 func GetUserAssets(userID, cachePolicy, assetId string) (assets model.AssetList) {
 	if cachePolicy == "" {
 		cachePolicy = "1"
 	}
+	headers := make(map[string]string)
+	if etag, ok := userAssetsCached.GetETag(userID); ok && cachePolicy == "1" && assetId == "" {
+		headers["If-None-Match"] = etag
+	}
 	payload := map[string]string{"cache_policy": cachePolicy}
 	if assetId != "" {
 		payload["id"] = assetId
 	}
 	Url := fmt.Sprintf(UserAssetsURL, userID)
-	err := authClient.Get(Url, &assets, payload)
+	resp, err := authClient.Get(Url, &assets, payload, headers)
+
 	if err != nil {
 		logger.Error("Get user assets error: ", err)
+		return
+	}
+	if resp.StatusCode == 200 && resp.Header.Get("ETag") != "" {
+		newETag := resp.Header.Get("ETag")
+		userAssetsCached.SetValue(userID, assets)
+		userAssetsCached.SetETag(userID, newETag)
+	} else if resp.StatusCode == 304 {
+		assets, _ = userAssetsCached.Get(userID)
 	}
 	return
 }
 
+func GetUserNodesFromCache(userID string) (nodes model.NodeList, ok bool) {
+	nodes, ok = userNodesCached.Get(userID)
+	return
+}
+
 func GetUserNodes(userID, cachePolicy string) (nodes model.NodeList) {
 	if cachePolicy == "" {
 		cachePolicy = "1"
 	}
+	headers := make(map[string]string)
+	if etag, ok := userNodesCached.GetETag(userID); ok && cachePolicy == "1" {
+		headers["If-None-Match"] = etag
+	}
 	payload := map[string]string{"cache_policy": cachePolicy}
-	Url := fmt.Sprintf(UserNodesAssetsURL, userID)
-	err := authClient.Get(Url, &nodes, payload)
+	Url := fmt.Sprintf(UserNodesListURL, userID)
+	resp, err := authClient.Get(Url, &nodes, payload, headers)
 	if err != nil {
 		logger.Error("Get user nodes error: ", err)
 	}
+	if resp.StatusCode == 200 && resp.Header.Get("ETag") != "" {
+		userNodesCached.SetValue(userID, nodes)
+		userNodesCached.SetETag(userID, resp.Header.Get("ETag"))
+	} else if resp.StatusCode == 304 {
+		nodes, _ = userNodesCached.Get(userID)
+	}
+	return
+}
+
+func GetUserNodeAssets(userID, nodeID, cachePolicy string) (assets model.AssetList) {
+	if cachePolicy == "" {
+		cachePolicy = "1"
+	}
+	payload := map[string]string{"cache_policy": cachePolicy, "all": "1"}
+	Url := fmt.Sprintf(UserNodeAssetsListURL, userID, nodeID)
+	_, err := authClient.Get(Url, &assets, payload)
+	if err != nil {
+		logger.Error("Get user node assets error: ", err)
+		return
+	}
 	return
 }
 
@@ -48,7 +108,7 @@ func ValidateUserAssetPermission(userID, assetID, systemUserID, action string) b
 	var res struct {
 		Msg bool `json:"msg"`
 	}
-	err := authClient.Get(Url, &res, payload)
+	_, err := authClient.Get(Url, &res, payload)
 
 	if err != nil {
 		logger.Error(err)

pkg/service/terminal.go

@@ -13,7 +13,7 @@ func RegisterTerminal(name, token, comment string) (res model.Terminal) {
 	}
 	client.Headers["Authorization"] = fmt.Sprintf("BootstrapToken %s", token)
 	data := map[string]string{"name": name, "comment": comment}
-	err := client.Post(TerminalRegisterURL, data, &res)
+	_, err := client.Post(TerminalRegisterURL, data, &res)
 	if err != nil {
 		logger.Error(err)
 	}
@@ -25,7 +25,7 @@ func TerminalHeartBeat(sIds []string) (res []model.TerminalTask) {
 	data := map[string][]string{
 		"sessions": sIds,
 	}
-	err := authClient.Post(TerminalHeartBeatURL, data, &res)
+	_, err := authClient.Post(TerminalHeartBeatURL, data, &res)
 	if err != nil {
 		logger.Error(err)
 	}
@@ -34,7 +34,7 @@ func TerminalHeartBeat(sIds []string) (res []model.TerminalTask) {
 
 func CreateSession(data map[string]interface{}) bool {
 	var res map[string]interface{}
-	err := authClient.Post(SessionListURL, data, &res)
+	_, err := authClient.Post(SessionListURL, data, &res)
 	if err == nil {
 		return true
 	}
@@ -51,7 +51,7 @@ func FinishSession(data map[string]interface{}) {
 			"date_end":    data["date_end"],
 		}
 		Url := fmt.Sprintf(SessionDetailURL, sid)
-		err := authClient.Patch(Url, payload, &res)
+		_, err := authClient.Patch(Url, payload, &res)
 		if err != nil {
 			logger.Error(err)
 		}
@@ -63,7 +63,7 @@ func FinishReply(sid string) bool {
 	var res map[string]interface{}
 	data := map[string]bool{"has_replay": true}
 	Url := fmt.Sprintf(SessionDetailURL, sid)
-	err := authClient.Patch(Url, data, &res)
+	_, err := authClient.Patch(Url, data, &res)
 	if err != nil {
 		logger.Error(err)
 		return false
@@ -75,7 +75,7 @@ func FinishTask(tid string) bool {
 	var res map[string]interface{}
 	data := map[string]bool{"is_finished": true}
 	Url := fmt.Sprintf(FinishTaskURL, tid)
-	err := authClient.Patch(Url, data, &res)
+	_, err := authClient.Patch(Url, data, &res)
 	if err != nil {
 		logger.Error(err)
 		return false
@@ -94,7 +94,7 @@ func PushSessionReplay(sessionID, gZipFile string) (err error) {
 }
 
 func PushSessionCommand(commands []*model.Command) (err error) {
-	err = authClient.Post(SessionCommandURL, commands, nil)
+	_, err = authClient.Post(SessionCommandURL, commands, nil)
 	if err != nil {
 		logger.Error(err)
 	}
@@ -102,7 +102,7 @@ func PushSessionCommand(commands []*model.Command) (err error) {
 }
 
 func PushFTPLog(data *model.FTPLog) (err error) {
-	err = authClient.Post(FTPLogListURL, data, nil)
+	_, err = authClient.Post(FTPLogListURL, data, nil)
 	if err != nil {
 		logger.Error(err)
 	}

pkg/service/urls.go

@@ -26,7 +26,9 @@ const (
 
 	FTPLogListURL = "/api/audits/v1/ftp-log/" // 上传 ftp日志
 
-	UserAssetsURL                  = "/api/perms/v1/users/%s/assets/"                 //获取用户授权的所有资产
-	UserNodesAssetsURL             = "/api/perms/v1/users/%s/nodes-assets/"           // 获取用户授权的所有节点信息 节点分组
+	UserAssetsURL                  = "/api/perms/v1/users/%s/assets/"       //获取用户授权的所有资产
+	UserNodesAssetsURL             = "/api/perms/v1/users/%s/nodes-assets/" // 获取用户授权的所有节点信息 节点分组
+	UserNodesListURL               = "/api/perms/v1/users/%s/nodes/"
+	UserNodeAssetsListURL          = "/api/perms/v1/users/%s/nodes/%s/assets/"
 	ValidateUserAssetPermissionURL = "/api/perms/v1/asset-permissions/user/validate/" //0不使用缓存 1 使用缓存 2 刷新缓存
 )

pkg/service/users.go

@@ -23,13 +23,13 @@ func Authenticate(username, password, publicKey, remoteAddr, loginType string) (
 		"remote_addr": remoteAddr,
 		"login_type":  loginType,
 	}
-	err = client.Post(UserAuthURL, data, &resp)
+	_, err = client.Post(UserAuthURL, data, &resp)
 	return
 }
 
 func GetUserDetail(userID string) (user *model.User) {
 	Url := fmt.Sprintf(UserDetailURL, userID)
-	err := authClient.Get(Url, &user)
+	_, err := authClient.Get(Url, &user)
 	if err != nil {
 		logger.Error(err)
 	}
@@ -37,14 +37,14 @@ func GetUserDetail(userID string) (user *model.User) {
 }
 
 func GetProfile() (user *model.User, err error) {
-	err = authClient.Get(UserProfileURL, &user)
+	_, err = authClient.Get(UserProfileURL, &user)
 	return user, err
 }
 
 func GetUserByUsername(username string) (user *model.User, err error) {
 	var users []*model.User
 	payload := map[string]string{"username": username}
-	err = authClient.Get(UserListURL, &users, payload)
+	_, err = authClient.Get(UserListURL, &users, payload)
 	if err != nil {
 		return
 	}
@@ -61,7 +61,7 @@ func CheckUserOTP(seed, code string) (resp *AuthResp, err error) {
 		"seed":     seed,
 		"otp_code": code,
 	}
-	err = client.Post(UserAuthOTPURL, data, &resp)
+	_, err = client.Post(UserAuthOTPURL, data, &resp)
 	if err != nil {
 		return
 	}
@@ -72,6 +72,6 @@ func CheckUserCookie(sessionID, csrfToken string) (user *model.User, err error)
 	cli := newClient()
 	cli.SetCookie("csrftoken", csrfToken)
 	cli.SetCookie("sessionid", sessionID)
-	err = cli.Get(UserProfileURL, &user)
+	_, err = cli.Get(UserProfileURL, &user)
 	return
 }

pkg/srvconn/connmanager.go

@@ -65,7 +65,7 @@ func (sc *SSHClientConfig) Config() (config *gossh.ClientConfig, err error) {
 	if sc.PrivateKey != "" {
 		if signer, err := gossh.ParsePrivateKeyWithPassphrase([]byte(sc.PrivateKey), []byte(sc.Password)); err != nil {
 			err = fmt.Errorf("parse private key error: %s", err)
-			return config, err
+			logger.Error(err.Error())
 		} else {
 			authMethods = append(authMethods, gossh.PublicKeys(signer))
 		}
@@ -201,7 +201,7 @@ func GetClientFromCache(user *model.User, asset *model.Asset, systemUser *model.
 	if !ok {
 		return
 	}
-	if systemUser.Username == ""{
+	if systemUser.Username == "" {
 		systemUser.Username = client.Username
 	}
 	var u = user.Username

pkg/srvconn/sftpconn.go

@@ -186,12 +186,12 @@ func (u *UserSftp) RemoveDirectory(path string) error {
 	}
 	err := u.removeDirectoryAll(conn.client, realPath)
 	filename := realPath
-	isSucess := false
+	isSuccess := false
 	operate := model.OperateRemoveDir
 	if err == nil {
-		isSucess = true
+		isSuccess = true
 	}
-	u.CreateFTPLog(host.asset, su, operate, filename, isSucess)
+	u.CreateFTPLog(host.asset, su, operate, filename, isSuccess)
 	return err
 }
 
@@ -247,12 +247,12 @@ func (u *UserSftp) Remove(path string) error {
 	}
 	err := conn.client.Remove(realPath)
 	filename := realPath
-	isSucess := false
+	isSuccess := false
 	operate := model.OperateDelete
 	if err == nil {
-		isSucess = true
+		isSuccess = true
 	}
-	u.CreateFTPLog(host.asset, su, operate, filename, isSucess)
+	u.CreateFTPLog(host.asset, su, operate, filename, isSuccess)
 	return err
 }
 
@@ -283,12 +283,12 @@ func (u *UserSftp) MkdirAll(path string) error {
 	err := conn.client.MkdirAll(realPath)
 
 	filename := realPath
-	isSucess := false
+	isSuccess := false
 	operate := model.OperateMkdir
 	if err == nil {
-		isSucess = true
+		isSuccess = true
 	}
-	u.CreateFTPLog(host.asset, su, operate, filename, isSucess)
+	u.CreateFTPLog(host.asset, su, operate, filename, isSuccess)
 	return err
 }
 
@@ -320,12 +320,12 @@ func (u *UserSftp) Rename(oldNamePath, newNamePath string) error {
 
 	err := conn1.client.Rename(oldRealPath, newRealPath)
 	filename := fmt.Sprintf("%s=>%s", oldRealPath, newRealPath)
-	isSucess := false
+	isSuccess := false
 	operate := model.OperateRename
 	if err == nil {
-		isSucess = true
+		isSuccess = true
 	}
-	u.CreateFTPLog(host.asset, su, operate, filename, isSucess)
+	u.CreateFTPLog(host.asset, su, operate, filename, isSuccess)
 	return err
 }
 
@@ -357,12 +357,12 @@ func (u *UserSftp) Symlink(oldNamePath, newNamePath string) error {
 	err := conn1.client.Symlink(oldRealPath, newRealPath)
 
 	filename := fmt.Sprintf("%s=>%s", oldRealPath, newRealPath)
-	isSucess := false
+	isSuccess := false
 	operate := model.OperateSymlink
 	if err == nil {
-		isSucess = true
+		isSuccess = true
 	}
-	u.CreateFTPLog(host.asset, su, operate, filename, isSucess)
+	u.CreateFTPLog(host.asset, su, operate, filename, isSuccess)
 	return err
 }
 
@@ -393,12 +393,12 @@ func (u *UserSftp) Create(path string) (*sftp.File, error) {
 	}
 	sf, err := conn.client.Create(realPath)
 	filename := realPath
-	isSucess := false
+	isSuccess := false
 	operate := model.OperateUpload
 	if err == nil {
-		isSucess = true
+		isSuccess = true
 	}
-	u.CreateFTPLog(host.asset, su, operate, filename, isSucess)
+	u.CreateFTPLog(host.asset, su, operate, filename, isSuccess)
 	return sf, err
 }
 
@@ -427,12 +427,12 @@ func (u *UserSftp) Open(path string) (*sftp.File, error) {
 	}
 	sf, err := conn.client.Open(realPath)
 	filename := realPath
-	isSucess := false
+	isSuccess := false
 	operate := model.OperateDownaload
 	if err == nil {
-		isSucess = true
+		isSuccess = true
 	}
-	u.CreateFTPLog(host.asset, su, operate, filename, isSucess)
+	u.CreateFTPLog(host.asset, su, operate, filename, isSuccess)
 	return sf, err
 }
 
@@ -593,6 +593,9 @@ func (u *UserSftp) GetSftpClient(asset *model.Asset, sysUser *model.SystemUser)
 
 func (u *UserSftp) Close() {
 	for _, client := range u.sftpClients {
+		if client == nil {
+			continue
+		}
 		client.Close()
 	}
 	close(u.LogChan)
@@ -645,6 +648,9 @@ type SftpConn struct {
 }
 
 func (s *SftpConn) Close() {
+	if s.client == nil {
+		return
+	}
 	_ = s.client.Close()
 	RecycleClient(s.conn)
 }