[Update] 迁移service和model

pkg/cctx/context.go

@@ -4,7 +4,7 @@ import (
 	"context"
 	"github.com/ibuler/ssh"
 
-	"cocogo/pkg/sdk"
+	"cocogo/pkg/model"
 )
 
 type contextKey struct {
@@ -16,16 +16,15 @@ var (
 	ContextKeyAsset      = &contextKey{"asset"}
 	ContextKeySystemUser = &contextKey{"systemUser"}
 	ContextKeySSHSession = &contextKey{"sshSession"}
-	ContextKeyRemoteAddr = &contextKey{"remoteAddr"}
 	ContextKeyLocalAddr  = &contextKey{"localAddr"}
 	ContextKeySSHCtx     = &contextKey{"sshCtx"}
 )
 
 type Context interface {
 	context.Context
-	User() *sdk.User
-	Asset() *sdk.Asset
-	SystemUser() *sdk.SystemUser
+	User() *model.User
+	Asset() *model.Asset
+	SystemUser() *model.SystemUser
 	SSHSession() *ssh.Session
 	SSHCtx() *ssh.Context
 	SetValue(key, value interface{})
@@ -37,16 +36,16 @@ type CocoContext struct {
 }
 
 // User 返回当前连接的用户model
-func (ctx *CocoContext) User() *sdk.User {
-	return ctx.Value(ContextKeyUser).(*sdk.User)
+func (ctx *CocoContext) User() *model.User {
+	return ctx.Value(ContextKeyUser).(*model.User)
 }
 
-func (ctx *CocoContext) Asset() *sdk.Asset {
-	return ctx.Value(ContextKeyAsset).(*sdk.Asset)
+func (ctx *CocoContext) Asset() *model.Asset {
+	return ctx.Value(ContextKeyAsset).(*model.Asset)
 }
 
-func (ctx *CocoContext) SystemUser() *sdk.SystemUser {
-	return ctx.Value(ContextKeySystemUser).(*sdk.SystemUser)
+func (ctx *CocoContext) SystemUser() *model.SystemUser {
+	return ctx.Value(ContextKeySystemUser).(*model.SystemUser)
 }
 
 func (ctx *CocoContext) SSHSession() *ssh.Session {

pkg/locale/example.go

+package locale

pkg/locale/i18n.go

+package i18n

pkg/locale/messages.go

+package locale

pkg/model/assets.go

 package model
 
-import "cocogo/pkg/sdk"
+import (
+	"fmt"
+	"regexp"
+	"sort"
+	"strconv"
+	"strings"
+)
 
-type AssetList []sdk.Asset
+type AssetList []Asset
 
 func (a *AssetList) SortBy(tp string) AssetList {
 	switch tp {
 	case "ip":
-		return []sdk.Asset{}
+		return []Asset{}
 	default:
-		return []sdk.Asset{}
+		return []Asset{}
 	}
 }
 
-type NodeList []sdk.Node
+type NodeList []Node
+
+type Asset struct {
+	Id              string       `json:"id"`
+	Hostname        string       `json:"hostname"`
+	Ip              string       `json:"ip"`
+	Port            int          `json:"port"`
+	SystemUsers     []SystemUser `json:"system_users_granted"`
+	IsActive        bool         `json:"is_active"`
+	SystemUsersJoin string       `json:"system_users_join"`
+	Os              string       `json:"os"`
+	Domain          string       `json:"domain"`
+	Platform        string       `json:"platform"`
+	Comment         string       `json:"comment"`
+	Protocol        string       `json:"protocol"`
+	OrgID           string       `json:"org_id"`
+	OrgName         string       `json:"org_name"`
+}
+
+type Node struct {
+	Id            string  `json:"id"`
+	Key           string  `json:"key"`
+	Name          string  `json:"name"`
+	Value         string  `json:"value"`
+	Parent        string  `json:"parent"`
+	AssetsGranted []Asset `json:"assets_granted"`
+	AssetsAmount  int     `json:"assets_amount"`
+	OrgId         string  `json:"org_id"`
+}
+
+type nodeSortBy func(node1, node2 *Node) bool
+
+func (by nodeSortBy) Sort(assetNodes []Node) {
+	nodeSorter := &AssetNodeSorter{
+		assetNodes: assetNodes,
+		sortBy:     by,
+	}
+	sort.Sort(nodeSorter)
+}
+
+type AssetNodeSorter struct {
+	assetNodes []Node
+	sortBy     func(node1, node2 *Node) bool
+}
+
+func (a *AssetNodeSorter) Len() int {
+	return len(a.assetNodes)
+}
+
+func (a *AssetNodeSorter) Swap(i, j int) {
+	a.assetNodes[i], a.assetNodes[j] = a.assetNodes[j], a.assetNodes[i]
+}
+
+func (a *AssetNodeSorter) Less(i, j int) bool {
+	return a.sortBy(&a.assetNodes[i], &a.assetNodes[j])
+}
+
+/*
+key的排列顺序：
+1 1:3 1:3:0 1:4 1:5 1:8
+*/
+func keySort(node1, node2 *Node) bool {
+	node1Keys := strings.Split(node1.Key, ":")
+	node2Keys := strings.Split(node2.Key, ":")
+	for i := 0; i < len(node1Keys); i++ {
+		if i >= len(node2Keys) {
+			return false
+		}
+		node1num, _ := strconv.Atoi(node1Keys[i])
+		node2num, _ := strconv.Atoi(node2Keys[i])
+		if node1num == node2num {
+			continue
+		} else if node1num-node2num > 0 {
+			return false
+		} else {
+			return true
+		}
+
+	}
+	return true
+
+}
+
+func SortAssetNodesByKey(assetNodes []Node) {
+	nodeSortBy(keySort).Sort(assetNodes)
+}
+
+const LoginModeManual = "manual"
+
+type SystemUser struct {
+	Id         string `json:"id"`
+	Name       string `json:"name"`
+	UserName   string `json:"username"`
+	Priority   int    `json:"priority"`
+	Protocol   string `json:"protocol"`
+	Comment    string `json:"comment"`
+	LoginMode  string `json:"login_mode"`
+	Password   string `json:"password"`
+	PrivateKey string `json:"private_key"`
+}
+
+type SystemUserAuthInfo struct {
+	Id         string `json:"id"`
+	Name       string `json:"name"`
+	UserName   string `json:"username"`
+	Protocol   string `json:"protocol"`
+	LoginMode  string `json:"login_mode"`
+	Password   string `json:"password"`
+	PrivateKey string `json:"private_key"`
+}
+
+type systemUserSortBy func(user1, user2 *SystemUser) bool
+
+func (by systemUserSortBy) Sort(users []SystemUser) {
+	nodeSorter := &systemUserSorter{
+		users:  users,
+		sortBy: by,
+	}
+	sort.Sort(nodeSorter)
+}
+
+type systemUserSorter struct {
+	users  []SystemUser
+	sortBy func(user1, user2 *SystemUser) bool
+}
+
+func (s *systemUserSorter) Len() int {
+	return len(s.users)
+}
+
+func (s *systemUserSorter) Swap(i, j int) {
+	s.users[i], s.users[j] = s.users[j], s.users[i]
+}
+
+func (s *systemUserSorter) Less(i, j int) bool {
+	return s.sortBy(&s.users[i], &s.users[j])
+}
+
+func systemUserPrioritySort(use1, user2 *SystemUser) bool {
+	return use1.Priority <= user2.Priority
+}
+
+func SortSystemUserByPriority(users []SystemUser) {
+	systemUserSortBy(systemUserPrioritySort).Sort(users)
+}
+
+type RuleAction int
+
+const (
+	ActionDeny    RuleAction = 0
+	ActionAllow   RuleAction = 1
+	ActionUnknown RuleAction = 2
+
+	TypeRegex = "regex"
+	TypeCmd   = "command"
+)
+
+type SystemUserFilterRule struct {
+	Priority int `json:"priority"`
+	Type     struct {
+		Value string `json:"value"`
+	} `json:"type"`
+	Content string `json:"content"`
+	Action  struct {
+		Value RuleAction `json:"value"`
+	} `json:"action"`
+
+	pattern  *regexp.Regexp
+	compiled bool
+}
+
+func (sf *SystemUserFilterRule) Pattern() *regexp.Regexp {
+	if sf.compiled {
+		return sf.pattern
+	}
+	var regexs string
+	if sf.Type.Value == TypeCmd {
+		var regex []string
+		for _, cmd := range strings.Split(sf.Content, "\r\n") {
+			cmd = strings.Replace(cmd, " ", "\\s+", 1)
+			regex = append(regex, fmt.Sprintf("\\b%s\\b", cmd))
+		}
+		regexs = strings.Join(regex, "|")
+	} else {
+		regexs = sf.Content
+	}
+	pattern, err := regexp.Compile(regexs)
+	if err == nil {
+		sf.pattern = pattern
+		sf.compiled = true
+	}
+	return pattern
+}
+
+func (sf *SystemUserFilterRule) Match(cmd string) (RuleAction, string) {
+	found := sf.Pattern().FindString(cmd)
+	fmt.Println(found)
+	if found == "" {
+		return ActionUnknown, ""
+	}
+	return sf.Action.Value, found
+}

pkg/model/assets_test.go

+package model
+
+import (
+	"encoding/json"
+	"testing"
+)
+
+func TestSystemUserFilterRule_Match(t *testing.T) {
+	var rule SystemUserFilterRule
+	ruleJson := `
+    {
+        "id": "12ae03a4-81b7-43d9-b356-2db4d5d63927",
+        "org_id": "",
+        "type": {
+            "value": "command",
+            "display": "命令"
+        },
+        "priority": 50,
+        "content": "reboot\r\nrm",
+        "action": {
+            "value": 0,
+            "display": "拒绝"
+        },
+        "comment": "",
+        "date_created": "2019-04-29 11:32:12 +0800",
+        "date_updated": "2019-04-29 11:32:12 +0800",
+        "created_by": "Administrator",
+        "filter": "de7693ca-75d5-4639-986b-44ed390260a0"
+    }`
+	err := json.Unmarshal([]byte(ruleJson), &rule)
+	if err != nil {
+		t.Error("Unmarshal error: ", err)
+	}
+
+	action, msg := rule.Match("reboot 123")
+	if action != ActionDeny {
+		t.Error("Rule should deny reboot, but not")
+	}
+	if msg != "reboot" {
+		t.Error("Msg is not reboot")
+	}
+}

pkg/sdk/users_model.go → pkg/model/users.go

-package sdk
+package model
 
 /*
 	{'id': '1f8e54a8-d99d-4074-b35d-45264adb4e34',

pkg/proxy/parser.go

@@ -6,6 +6,7 @@ import (
 	"sync"
 
 	"cocogo/pkg/logger"
+	"cocogo/pkg/model"
 )
 
 type ParseRule func([]byte) bool
@@ -34,6 +35,8 @@ type Parser struct {
 	userInputChan   chan []byte
 	serverInputChan chan []byte
 
+	filterRules []model.SystemUserFilterRule
+
 	inputInitial    bool
 	inputPreState   bool
 	inputState      bool

pkg/proxy/proxy.go

@@ -8,20 +8,20 @@ import (
 	"github.com/ibuler/ssh"
 
 	"cocogo/pkg/logger"
-	"cocogo/pkg/sdk"
+	"cocogo/pkg/model"
 	"cocogo/pkg/service"
 )
 
 type ProxyServer struct {
 	Session    ssh.Session
-	User       *sdk.User
-	Asset      *sdk.Asset
-	SystemUser *sdk.SystemUser
+	User       *model.User
+	Asset      *model.Asset
+	SystemUser *model.SystemUser
 }
 
 func (p *ProxyServer) getSystemUserAuthOrManualSet() {
 	info := service.GetSystemUserAssetAuthInfo(p.SystemUser.Id, p.Asset.Id)
-	if p.SystemUser.LoginMode == sdk.LoginModeManual ||
+	if p.SystemUser.LoginMode == model.LoginModeManual ||
 		(p.SystemUser.Password == "" && p.SystemUser.PrivateKey == "") {
 		logger.Info("Get password fom user input")
 	}
@@ -68,6 +68,10 @@ func (p *ProxyServer) Proxy(ctx context.Context) {
 	if err != nil {
 		return
 	}
+	rules, err := service.GetSystemUserFilterRules("")
+	if err != nil {
+		logger.Error("Get system user filter rule error: ", err)
+	}
 	sw := Switch{
 		userSession: p.Session,
 		serverConn:  &conn,
@@ -77,6 +81,7 @@ func (p *ProxyServer) Proxy(ctx context.Context) {
 			inputBuf:      new(bytes.Buffer),
 			outputBuf:     new(bytes.Buffer),
 			cmdBuf:        new(bytes.Buffer),
+			filterRules:   rules,
 		},
 	}
 	sw.Bridge(ctx)

pkg/sdk/accesskey_test.go

-package sdk

pkg/sdk/assets.go

-package sdk
-
-//
-//func GetSystemUserAssetAuthInfo(systemUserID, assetID string) (authInfo model.SystemUserAuthInfo, err error) {
-//
-//
-//	err = json.Unmarshal(buf, &authInfo)
-//	if err != nil {
-//		log.Info(err)
-//		return authInfo, err
-//	}
-//	return authInfo, err
-//
-//}
-//

pkg/sdk/assets_model.go

-package sdk
-
-import (
-	"sort"
-	"strconv"
-	"strings"
-)
-
-type Asset struct {
-	Id              string       `json:"id"`
-	Hostname        string       `json:"hostname"`
-	Ip              string       `json:"ip"`
-	Port            int          `json:"port"`
-	SystemUsers     []SystemUser `json:"system_users_granted"`
-	IsActive        bool         `json:"is_active"`
-	SystemUsersJoin string       `json:"system_users_join"`
-	Os              string       `json:"os"`
-	Domain          string       `json:"domain"`
-	Platform        string       `json:"platform"`
-	Comment         string       `json:"comment"`
-	Protocol        string       `json:"protocol"`
-	OrgID           string       `json:"org_id"`
-	OrgName         string       `json:"org_name"`
-}
-
-type Node struct {
-	Id            string  `json:"id"`
-	Key           string  `json:"key"`
-	Name          string  `json:"name"`
-	Value         string  `json:"value"`
-	Parent        string  `json:"parent"`
-	AssetsGranted []Asset `json:"assets_granted"`
-	AssetsAmount  int     `json:"assets_amount"`
-	OrgId         string  `json:"org_id"`
-}
-
-type nodeSortBy func(node1, node2 *Node) bool
-
-func (by nodeSortBy) Sort(assetNodes []Node) {
-	nodeSorter := &AssetNodeSorter{
-		assetNodes: assetNodes,
-		sortBy:     by,
-	}
-	sort.Sort(nodeSorter)
-}
-
-type AssetNodeSorter struct {
-	assetNodes []Node
-	sortBy     func(node1, node2 *Node) bool
-}
-
-func (a *AssetNodeSorter) Len() int {
-	return len(a.assetNodes)
-}
-
-func (a *AssetNodeSorter) Swap(i, j int) {
-	a.assetNodes[i], a.assetNodes[j] = a.assetNodes[j], a.assetNodes[i]
-}
-
-func (a *AssetNodeSorter) Less(i, j int) bool {
-	return a.sortBy(&a.assetNodes[i], &a.assetNodes[j])
-}
-
-/*
-key的排列顺序：
-1 1:3 1:3:0 1:4 1:5 1:8
-*/
-func keySort(node1, node2 *Node) bool {
-	node1Keys := strings.Split(node1.Key, ":")
-	node2Keys := strings.Split(node2.Key, ":")
-	for i := 0; i < len(node1Keys); i++ {
-		if i >= len(node2Keys) {
-			return false
-		}
-		node1num, _ := strconv.Atoi(node1Keys[i])
-		node2num, _ := strconv.Atoi(node2Keys[i])
-		if node1num == node2num {
-			continue
-		} else if node1num-node2num > 0 {
-			return false
-		} else {
-			return true
-		}
-
-	}
-	return true
-
-}
-
-func SortAssetNodesByKey(assetNodes []Node) {
-	nodeSortBy(keySort).Sort(assetNodes)
-}
-
-const LoginModeManual = "manual"
-
-type SystemUser struct {
-	Id         string `json:"id"`
-	Name       string `json:"name"`
-	UserName   string `json:"username"`
-	Priority   int    `json:"priority"`
-	Protocol   string `json:"protocol"`
-	Comment    string `json:"comment"`
-	LoginMode  string `json:"login_mode"`
-	Password   string `json:"password"`
-	PrivateKey string `json:"private_key"`
-}
-
-type SystemUserAuthInfo struct {
-	Id         string `json:"id"`
-	Name       string `json:"name"`
-	UserName   string `json:"username"`
-	Protocol   string `json:"protocol"`
-	LoginMode  string `json:"login_mode"`
-	Password   string `json:"password"`
-	PrivateKey string `json:"private_key"`
-}
-
-type systemUserSortBy func(user1, user2 *SystemUser) bool
-
-func (by systemUserSortBy) Sort(users []SystemUser) {
-	nodeSorter := &systemUserSorter{
-		users:  users,
-		sortBy: by,
-	}
-	sort.Sort(nodeSorter)
-}
-
-type systemUserSorter struct {
-	users  []SystemUser
-	sortBy func(user1, user2 *SystemUser) bool
-}
-
-func (s *systemUserSorter) Len() int {
-	return len(s.users)
-}
-
-func (s *systemUserSorter) Swap(i, j int) {
-	s.users[i], s.users[j] = s.users[j], s.users[i]
-}
-
-func (s *systemUserSorter) Less(i, j int) bool {
-	return s.sortBy(&s.users[i], &s.users[j])
-}
-
-func systemUserPrioritySort(use1, user2 *SystemUser) bool {
-	return use1.Priority <= user2.Priority
-}
-
-func SortSystemUserByPriority(users []SystemUser) {
-	systemUserSortBy(systemUserPrioritySort).Sort(users)
-}

pkg/sdk/perms.go

-package sdk
-
-//
-//func (s *Service) GetUserAssets(uid string) (resp []sdk.Asset, err error) {
-//
-//	url := fmt.Sprintf("%s%s", s.Conf.CoreHost, fmt.Sprintf(UserAssetsUrl, uid))
-//
-//	buf, err := s.SendHTTPRequest("GET", url, nil)
-//	if err != nil {
-//		log.Info("get User Assets err:", err)
-//		return resp, err
-//	}
-//	err = json.Unmarshal(buf, &resp)
-//	if err != nil {
-//		log.Info(err)
-//		return resp, err
-//	}
-//	return resp, nil
-//
-//}
-//
-//func (s *Service) GetUserAssetNodes(uid string) ([]model.Node, error) {
-//
-//	var resp []model.Node
-//
-//	url := fmt.Sprintf("%s%s", s.Conf.CoreHost, fmt.Sprintf(UserNodesAssetsUrl, uid))
-//
-//	buf, err := s.SendHTTPRequest("GET", url, nil)
-//	if err != nil {
-//		log.Info("get User Assets Groups err:", err)
-//		return resp, err
-//	}
-//	err = json.Unmarshal(buf, &resp)
-//	if err != nil {
-//		log.Info(err)
-//		return resp, err
-//	}
-//	return resp, err
-//}
-//
-//func (s *Service) ValidateUserAssetPermission(userID, systemUserID, AssetID string) bool {
-//	// cache_policy  0:不使用缓存 1:使用缓存 2: 刷新缓存
-//
-//	baseUrl, _ := neturl.Parse(fmt.Sprintf("%s%s", s.Conf.CoreHost, ValidateUserAssetPermission))
-//	params := neturl.Values{}
-//	params.Add("user_id", userID)
-//	params.Add("asset_id", AssetID)
-//	params.Add("system_user_id", systemUserID)
-//	params.Add("cache_policy", "1")
-//
-//	baseUrl.RawQuery = params.Encode()
-//	buf, err := s.SendHTTPRequest("GET", baseUrl.String(), nil)
-//	if err != nil {
-//		log.Error("Check User Asset Permission err:", err)
-//		return false
-//	}
-//	var res struct {
-//		Msg bool `json:"msg"'`
-//	}
-//	if err = json.Unmarshal(buf, &res); err != nil {
-//		return false
-//	}
-//	return res.Msg
-//}

pkg/sdk/terminal.go

-package sdk
-
-//
-//func (s *Service) PushSessionReplay(gZipFile, sessionID string) error {
-//	fp, err := os.Open(gZipFile)
-//	if err != nil {
-//		return err
-//	}
-//	defer fp.Close()
-//	fi, err := fp.Stat()
-//	if err != nil {
-//		return err
-//	}
-//
-//	body := &bytes.Buffer{}
-//	writer := multipart.NewWriter(body)
-//	part, err := writer.CreateFormFile("file", fi.Name())
-//	if err != nil {
-//		return err
-//	}
-//	_, _ = io.Copy(part, fp)
-//	err = writer.Close() // close writer before POST request
-//	if err != nil {
-//		return err
-//	}
-//
-//	url := fmt.Sprintf("%s%s", s.Conf.CoreHost, fmt.Sprintf(SessionReplay, sessionID))
-//	req, err := http.NewRequest("POST", url, body)
-//	currentDate := HTTPGMTDate()
-//	req.Header.Add("Content-Type", writer.FormDataContentType())
-//	req.Header.Set("Date", currentDate)
-//	req.Header.Set("Authorization", s.auth.Signature(currentDate))
-//	resp, err := s.http.Do(req)
-//	defer resp.Body.Close()
-//	if err != nil {
-//		log.Info("Send HTTP Request failed:", err)
-//		return err
-//	}
-//
-//	log.Info("PushSessionReplay:", err)
-//	return err
-//}
-//
-//func (s *Service) CreateSession(data []byte) bool {
-//	url := fmt.Sprintf("%s%s", s.Conf.CoreHost, SessionList)
-//
-//	req, err := http.NewRequest("POST", url, bytes.NewBuffer(data))
-//	req.Header.Set("Content-Type", "application/json")
-//	currentDate := HTTPGMTDate()
-//	req.Header.Set("Date", currentDate)
-//	req.Header.Set("Authorization", s.auth.Signature(currentDate))
-//	resp, err := s.http.Do(req)
-//	defer resp.Body.Close()
-//	if err != nil {
-//		log.Error("create Session err: ", err)
-//		return false
-//	}
-//	if resp.StatusCode == 201 {
-//		log.Info("create Session 201")
-//		return true
-//	}
-//	return false
-//
-//}
-//
-//func (s *Service) FinishSession(id string, jsonData []byte) bool {
-//
-//	url := fmt.Sprintf("%s%s", s.Conf.CoreHost, fmt.Sprintf(SessionDetail, id))
-//	res, err := s.SendHTTPRequest("PATCH", url, jsonData)
-//	fmt.Printf("%s", res)
-//	if err != nil {
-//		log.Error(err)
-//		return false
-//	}
-//	return true
-//}
-//
-//func (s *Service) FinishReply(id string) bool {
-//	data := map[string]bool{"has_replay": true}
-//	jsonData, _ := json.Marshal(data)
-//	url := fmt.Sprintf("%s%s", s.Conf.CoreHost, fmt.Sprintf(SessionDetail, id))
-//	_, err := s.SendHTTPRequest("PATCH", url, jsonData)
-//	if err != nil {
-//		log.Error(err)
-//		return false
-//	}
-//	return true
-//}
-//
-//func (s *Service) LoadTerminalConfig() {
-//	url := fmt.Sprintf("%s%s", s.Conf.CoreHost, TerminalConfigUrl)
-//	req, err := http.NewRequest(http.MethodGet, url, nil)
-//	if err != nil {
-//		log.Info(err)
-//	}
-//	currentDate := HTTPGMTDate()
-//	req.Header.Set("Content-Type", "application/json")
-//	req.Header.Set("Date", currentDate)
-//	req.Header.Set("Authorization", s.auth.Signature(currentDate))
-//	resp, err := s.http.Do(req)
-//	if err != nil {
-//		log.Info("client http request failed:", err)
-//	}
-//
-//	defer resp.Body.Close()
-//	body, err := ioutil.ReadAll(resp.Body)
-//	if err != nil {
-//		log.Info("Read response Body err:", err)
-//		return
-//	}
-//	fmt.Printf("%s\n", body)
-//	resBody := config.TerminalConfig{}
-//	err = json.Unmarshal(body, &resBody)
-//	if err != nil {
-//		log.Info("json.Unmarshal", err)
-//		return
-//	}
-//	s.Conf.TermConfig = &resBody
-//	fmt.Println(resBody)
-//
-//}

pkg/sdk/users.go

-package sdk
-
-func CheckAuth(username, password, publicKey, remoteAddr, loginType string) (user User, err error) {
-	return user, nil
-}
-
-//
-//func (s *Service) CheckAuth(username, password, publicKey, remoteAddr, loginType string) (model.User, error) {
-//	/*
-//		{
-//		'token': '0191970b1f5b414bbae42ec8fbb2a2ad',
-//		'user':{'id': '34987591-bf75-4e5f-a102-6d59a1103431',
-//			'name': 'softwareuser1', 'username': 'softwareuser1',
-//			'email': 'xplz@hotmail.com',
-//			'groups': ['bdc861f9-f476-4554-9bd4-13c3112e469d'],
-//			'groups_display': '研发组', 'role': 'User',
-//			'role_display': '用户', 'avatar_url': '/static/img/avatar/user.png',
-//			'wechat': '', 'phone': None, 'otp_level': 0, 'comment': '',
-//			'source': 'local', 'source_display': 'Local', 'is_valid': True,
-//			'is_expired': False, 'is_active': True, 'created_by': 'admin',
-//			'is_first_login': True, 'date_password_last_updated': '2019-03-08 11:47:04 +0800',
-//			'date_expired': '2089-02-18 09:37:00 +0800'}}
-//	*/
-//
-//	postMap := map[string]string{
-//		"username":    username,
-//		"password":    password,
-//		"public_key":  publicKey,
-//		"remote_addr": remoteAddr,
-//		"login_type":  loginType,
-//	}
-//
-//	data, err := json.Marshal(postMap)
-//	if err != nil {
-//		log.Info(err)
-//		return model.User{}, err
-//	}
-//
-//	url := fmt.Sprintf("%s%s", s.Conf.CoreHost, UserAuthUrl)
-//	body, err := s.SendHTTPRequest(http.MethodPost, url, data)
-//
-//	if err != nil {
-//		log.Info("read body failed:", err)
-//		return model.User{}, err
-//	}
-//	var result struct {
-//		Token string     `json:"token"`
-//		User  model.User `json:"user"`
-//	}
-//
-//	err = json.Unmarshal(body, &result)
-//	if err != nil {
-//		log.Info("json decode failed:", err)
-//		return model.User{}, err
-//	}
-//
-//	return result.User, nil
-//}
-//
-//func (s *Service) CheckSSHPassword(cctx ssh.Value, password string) bool {
-//
-//	username := cctx.User()
-//	remoteAddr := cctx.RemoteAddr().String()
-//	authUser, err := s.CheckAuth(username, password, "", remoteAddr, "T")
-//	if err != nil {
-//		return false
-//	}
-//	cctx.SetValue("LoginUser", authUser)
-//	return true
-//}

pkg/sdk/accesskey.go → pkg/service/accesskey.go

-package sdk
+package service
 
 import (
 	"errors"

pkg/service/accesskey_test.go

+package service

pkg/service/assets.go

@@ -2,16 +2,17 @@ package service
 
 import (
 	"cocogo/pkg/logger"
-	"cocogo/pkg/sdk"
+	"cocogo/pkg/model"
+	"encoding/json"
 	"fmt"
 )
 
-func GetSystemUserAssetAuthInfo(systemUserID, assetID string) (info sdk.SystemUserAuthInfo) {
+func GetSystemUserAssetAuthInfo(systemUserID, assetID string) (info model.SystemUserAuthInfo) {
 	return
 }
 
-func GetSystemUserAuthInfo(systemUserID string) (info sdk.SystemUserAuthInfo) {
-	Url := fmt.Sprintf(sdk.SystemUserAuthInfoURL, systemUserID)
+func GetSystemUserAuthInfo(systemUserID string) (info model.SystemUserAuthInfo) {
+	Url := fmt.Sprintf(SystemUserAuthInfoURL, systemUserID)
 
 	err := client.Get(Url, &info, true)
 	if err != nil {
@@ -19,3 +20,48 @@ func GetSystemUserAuthInfo(systemUserID string) (info sdk.SystemUserAuthInfo) {
 	}
 	return
 }
+
+func GetSystemUserFilterRules(systemUsrId string) (rules []model.SystemUserFilterRule, err error) {
+	var resp = `[
+    {
+        "id": "12ae03a4-81b7-43d9-b356-2db4d5d63927",
+        "org_id": "",
+        "type": {
+            "value": "command",
+            "display": "命令"
+        },
+        "priority": 50,
+        "content": "reboot\r\nrm",
+        "action": {
+            "value": 0,
+            "display": "拒绝"
+        },
+        "comment": "",
+        "date_created": "2019-04-29 11:32:12 +0800",
+        "date_updated": "2019-04-29 11:32:12 +0800",
+        "created_by": "Administrator",
+        "filter": "de7693ca-75d5-4639-986b-44ed390260a0"
+    },
+    {
+        "id": "c1fe1ebf-8fdc-4477-b2cf-dd9bc12de832",
+        "org_id": "",
+        "type": {
+            "value": "regex",
+            "display": "正则表达式"
+        },
+        "priority": 49,
+        "content": "shutdown|echo|df",
+        "action": {
+            "value": 1,
+            "display": "允许"
+        },
+        "comment": "",
+        "date_created": "2019-04-29 11:32:39 +0800",
+        "date_updated": "2019-04-29 11:32:50 +0800",
+        "created_by": "Administrator",
+        "filter": "de7693ca-75d5-4639-986b-44ed390260a0"
+    }
+]`
+	err = json.Unmarshal([]byte(resp), &rules)
+	return
+}

pkg/sdk/client.go → pkg/service/client.go

-package sdk
+package service
 
 import (
 	"path"
@@ -6,6 +6,7 @@ import (
 
 	"cocogo/pkg/common"
 	"cocogo/pkg/config"
+	"cocogo/pkg/model"
 )
 
 type ClientAuth interface {
@@ -34,7 +35,7 @@ func (c *WrapperClient) LoadAuth() error {
 }
 
 func (c *WrapperClient) CheckAuth() error {
-	var user User
+	var user model.User
 	err := c.Http.Get("UserProfileUrl", &user)
 	if err != nil {
 		return err

pkg/service/init.go

 package service
 
-import "cocogo/pkg/sdk"
-
-var client = sdk.WrapperClient{}
+var client = WrapperClient{}

pkg/sdk/urls.go → pkg/service/urls.go

-package sdk
+package service
 
 const (
 	UserAuthURL    = "/api/users/v1/auth/"    // post 验证用户登陆

pkg/service/users.go

 package service
 
-import "cocogo/pkg/sdk"
+import (
+	"cocogo/pkg/model"
+)
 
-func Authenticate(username, password, publicKey, remoteAddr, loginType string) *sdk.User {
-	return &sdk.User{Id: "1111111111", Username: "admin", Name: "广宏伟"}
+func Authenticate(username, password, publicKey, remoteAddr, loginType string) *model.User {
+	return &model.User{Id: "1111111111", Username: "admin", Name: "广宏伟"}
 }
 
-func GetUserProfile(userId string) (user sdk.User) {
+func GetUserProfile(userId string) (user model.User) {
 	return
 }
 
-func LoadUserByUsername(user *sdk.User) {
+func LoadUserByUsername(user *model.User) {
 
 }

pkg/sshd/handler/session.go

@@ -20,7 +20,6 @@ import (
 	"cocogo/pkg/logger"
 	"cocogo/pkg/model"
 	"cocogo/pkg/proxy"
-	"cocogo/pkg/sdk"
 	"cocogo/pkg/service"
 	//"cocogo/pkg/transport"
 	//"cocogo/pkg/userhome"
@@ -49,9 +48,9 @@ func SessionHandler(sess ssh.Session) {
 type InteractiveHandler struct {
 	sess             ssh.Session
 	term             *terminal.Terminal
-	user             *sdk.User
-	assetSelect      *sdk.Asset
-	systemUserSelect *sdk.SystemUser
+	user             *model.User
+	assetSelect      *model.Asset
+	systemUserSelect *model.SystemUser
 	assets           model.AssetList
 	searchResult     model.AssetList
 	nodes            model.NodeList
@@ -144,7 +143,7 @@ func (i *InteractiveHandler) Dispatch(ctx cctx.Context) {
 	}
 }
 
-func (i *InteractiveHandler) chooseSystemUser(systemUsers []sdk.SystemUser) sdk.SystemUser {
+func (i *InteractiveHandler) chooseSystemUser(systemUsers []model.SystemUser) model.SystemUser {
 	table := tablewriter.NewWriter(i.sess)
 	table.SetHeader([]string{"ID", "UserName"})
 	for i := 0; i < len(systemUsers); i++ {
@@ -170,9 +169,9 @@ func (i *InteractiveHandler) chooseSystemUser(systemUsers []sdk.SystemUser) sdk.
 }
 
 // 当资产的数量为1的时候，就进行代理转化
-func (i *InteractiveHandler) displayAssetsOrProxy(assets []sdk.Asset) {
+func (i *InteractiveHandler) displayAssetsOrProxy(assets []model.Asset) {
 	//if len(assets) == 1 {
-	//	var systemUser sdk.SystemUser
+	//	var systemUser model.SystemUser
 	//	switch len(assets[0].SystemUsers) {
 	//	case 0:
 	//		// 有授权的资产，但是资产用户信息，无法登陆
@@ -184,7 +183,7 @@ func (i *InteractiveHandler) displayAssetsOrProxy(assets []sdk.Asset) {
 	//		systemUser = i.chooseSystemUser(assets[0].SystemUsers)
 	//	}
 	//
-	//	authInfo, err := sdk.GetSystemUserAssetAuthInfo(systemUser.Id, assets[0].Id)
+	//	authInfo, err := model.GetSystemUserAssetAuthInfo(systemUser.Id, assets[0].Id)
 	//	if err != nil {
 	//		return
 	//	}
@@ -224,7 +223,7 @@ func (i *InteractiveHandler) displayAssets(assets model.AssetList) {
 
 }
 
-func (i *InteractiveHandler) displayNodes(nodes []sdk.Node) {
+func (i *InteractiveHandler) displayNodes(nodes []model.Node) {
 	tree := ConstructAssetNodeTree(nodes)
 	tipHeaderMsg := "\r\nNode: [ ID.Name(Asset amount) ]"
 	tipEndMsg := "Tips: Enter g+NodeID to display the host under the node, such as g1\r\n\r"
@@ -281,22 +280,22 @@ func (i *InteractiveHandler) JoinShareRoom(roomID string) {
 
 }
 
-func (i *InteractiveHandler) searchAsset(key string) (assets []sdk.Asset) {
+func (i *InteractiveHandler) searchAsset(key string) (assets []model.Asset) {
 	//if indexNum, err := strconv.Atoi(key); err == nil {
 	//	if indexNum > 0 && indexNum <= len(i.searchResult) {
-	//		return []sdk.Asset{i.searchResult[indexNum-1]}
+	//		return []model.Asset{i.searchResult[indexNum-1]}
 	//	}
 	//}
 	//
 	//if assetsData, ok := i.assetData.Load(AssetsMapKey); ok {
-	//	for _, assetValue := range assetsData.([]sdk.Asset) {
+	//	for _, assetValue := range assetsData.([]model.Asset) {
 	//		if isSubstring([]string{assetValue.Ip, assetValue.Hostname, assetValue.Comment}, key) {
 	//			assets = append(assets, assetValue)
 	//		}
 	//	}
 	//} else {
 	//	assetsData, _ := Cached.Load(i.user.Id)
-	//	for _, assetValue := range assetsData.([]sdk.Asset) {
+	//	for _, assetValue := range assetsData.([]model.Asset) {
 	//		if isSubstring([]string{assetValue.Ip, assetValue.Hostname, assetValue.Comment}, key) {
 	//			assets = append(assets, assetValue)
 	//		}
@@ -306,10 +305,10 @@ func (i *InteractiveHandler) searchAsset(key string) (assets []sdk.Asset) {
 	return assets
 }
 
-func (i *InteractiveHandler) searchNodeAssets(num int) (assets []sdk.Asset) {
-	//var assetNodesData []sdk.Node
+func (i *InteractiveHandler) searchNodeAssets(num int) (assets []model.Asset) {
+	//var assetNodesData []model.Node
 	//if assetNodes, ok := i.assetData.Load(AssetNodesMapKey); ok {
-	//	assetNodesData = assetNodes.([]sdk.Node)
+	//	assetNodesData = assetNodes.([]model.Node)
 	//	if num > len(assetNodesData) || num == 0 {
 	//		return assets
 	//	}
@@ -406,8 +405,8 @@ func (i *InteractiveHandler) Proxy(ctx context.Context) {
 //	return false
 //}
 //
-func ConstructAssetNodeTree(assetNodes []sdk.Node) treeprint.Tree {
-	sdk.SortAssetNodesByKey(assetNodes)
+func ConstructAssetNodeTree(assetNodes []model.Node) treeprint.Tree {
+	model.SortAssetNodesByKey(assetNodes)
 	var treeMap = map[string]treeprint.Tree{}
 	tree := treeprint.New()
 	for i := 0; i < len(assetNodes); i++ {