feat(system-security): Optimized unauthenticated settings to enhance …

core/app/service/auth.go

@@ -25,6 +25,8 @@ type IAuthService interface {
 	Login(c *gin.Context, info dto.Login, entrance string) (*dto.UserLoginInfo, error)
 	LogOut(c *gin.Context) error
 	MFALogin(c *gin.Context, info dto.MFALogin, entrance string) (*dto.UserLoginInfo, error)
+	GetSecurityEntrance() string
+	IsLogin(c *gin.Context) bool
 }
 
 func NewIAuthService() IAuthService {
@@ -192,3 +194,19 @@ func (u *AuthService) GetResponsePage() (string, error) {
 	}
 	return pageCode.Value, nil
 }
+
+func (u *AuthService) GetSecurityEntrance() string {
+	status, err := settingRepo.Get(repo.WithByKey("SecurityEntrance"))
+	if err != nil {
+		return ""
+	}
+	if len(status.Value) == 0 {
+		return ""
+	}
+	return status.Value
+}
+
+func (u *AuthService) IsLogin(c *gin.Context) bool {
+	_, err := global.SESSION.Get(c)
+	return err == nil
+}

core/cmd/server/res/error_msg.go

@@ -0,0 +1,6 @@
+package res
+
+import "embed"
+
+//go:embed html/*
+var ErrorMsg embed.FS

core/cmd/server/res/html/200.html

@@ -0,0 +1,55 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Access Temporarily Unavailable</title>
+    <style>
+        body {
+            font-family: Arial, sans-serif;
+            text-align: center;
+            background-color: #f9f9f9;
+            margin: 0;
+            padding: 0;
+            color: #333;
+        }
+        .container {
+            max-width: 600px;
+            margin: 50px auto;
+            padding: 20px;
+            background: #fff;
+            box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);
+            border-radius: 8px;
+        }
+        .icon img {
+            width: 100px;
+            height: auto;
+        }
+        h1 {
+            font-size: 24px;
+            color: #555;
+        }
+        p {
+            font-size: 16px;
+            color: #666;
+            line-height: 1.5;
+        }
+        .command {
+            font-family: monospace;
+            background: #f0f0f0;
+            padding: 5px 10px;
+            border-radius: 4px;
+            display: inline-block;
+            margin-top: 10px;
+        }
+    </style>
+</head>
+<body>
+<div class="container">
+    <h1>Access Temporarily Unavailable</h1>
+    <p>The current environment has enabled secure login access.</p>
+    <p>Run the following SSH command to view the panel login URL:</p>
+    <p class="command">1pctl user-info</p>
+</div>
+</body>
+</html>

core/cmd/server/res/html/200_err_domain.html

@@ -0,0 +1,55 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Access Temporarily Unavailable</title>
+    <style>
+        body {
+            font-family: Arial, sans-serif;
+            text-align: center;
+            background-color: #f9f9f9;
+            margin: 0;
+            padding: 0;
+            color: #333;
+        }
+        .container {
+            max-width: 600px;
+            margin: 50px auto;
+            padding: 20px;
+            background: #fff;
+            box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);
+            border-radius: 8px;
+        }
+        .icon img {
+            width: 100px;
+            height: auto;
+        }
+        h1 {
+            font-size: 24px;
+            color: #555;
+        }
+        p {
+            font-size: 16px;
+            color: #666;
+            line-height: 1.5;
+        }
+        .command {
+            font-family: monospace;
+            background: #f0f0f0;
+            padding: 5px 10px;
+            border-radius: 4px;
+            display: inline-block;
+            margin-top: 10px;
+        }
+    </style>
+</head>
+<body>
+<div class="container">
+    <h1>Access Temporarily Unavailable</h1>
+    <p>The current environment has enabled domain name binding.</p>
+    <p>Run the following SSH command to reset the binding information:</p>
+    <p class="command">1pctl reset domain</p>
+</div>
+</body>
+</html>

core/cmd/server/res/html/200_err_ip_limit.html

@@ -0,0 +1,55 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Access Temporarily Unavailable</title>
+    <style>
+        body {
+            font-family: Arial, sans-serif;
+            text-align: center;
+            background-color: #f9f9f9;
+            margin: 0;
+            padding: 0;
+            color: #333;
+        }
+        .container {
+            max-width: 600px;
+            margin: 50px auto;
+            padding: 20px;
+            background: #fff;
+            box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);
+            border-radius: 8px;
+        }
+        .icon img {
+            width: 100px;
+            height: auto;
+        }
+        h1 {
+            font-size: 24px;
+            color: #555;
+        }
+        p {
+            font-size: 16px;
+            color: #666;
+            line-height: 1.5;
+        }
+        .command {
+            font-family: monospace;
+            background: #f0f0f0;
+            padding: 5px 10px;
+            border-radius: 4px;
+            display: inline-block;
+            margin-top: 10px;
+        }
+    </style>
+</head>
+<body>
+<div class="container">
+    <h1>Access Temporarily Unavailable</h1>
+    <p>The current environment has enabled authorized IP access.</p>
+    <p>Run the following SSH command to reset the binding information:</p>
+    <p class="command">1pctl reset ips</p>
+</div>
+</body>
+</html>

core/cmd/server/res/html/400.html

@@ -0,0 +1,7 @@
+<!DOCTYPE html>
+<html lang="en">
+<head><title>400 Bad Request</title></head>
+<body>
+<center><h1>400 Bad Request</h1></center>
+<hr><center>nginx</center>
+</body>

core/cmd/server/res/html/401.html

@@ -0,0 +1,7 @@
+<!DOCTYPE html>
+<html lang="en">
+<head><title>401 Unauthorized</title></head>
+<body>
+<center><h1>401 Unauthorized</h1></center>
+<hr><center>nginx</center>
+</body>

core/cmd/server/res/html/403.html

@@ -0,0 +1,7 @@
+<!DOCTYPE html>
+<html lang="en">
+<head><title>403 Forbidden</title></head>
+<body>
+<center><h1>403 Forbidden</h1></center>
+<hr><center>nginx</center>
+</body>

core/cmd/server/res/html/404.html

@@ -0,0 +1,7 @@
+<!DOCTYPE html>
+<html lang="en">
+<head><title>404 Not Found</title></head>
+<body>
+<center><h1>404 Not Found</h1></center>
+<hr><center>nginx</center>
+</body>

core/cmd/server/res/html/408.html

@@ -0,0 +1,7 @@
+<!DOCTYPE html>
+<html lang="en">
+<head><title>408 Request Timeout</title></head>
+<body>
+<center><h1>408 Request Timeout</h1></center>
+<hr><center>nginx</center>
+</body>

core/cmd/server/res/html/416.html

@@ -0,0 +1,7 @@
+<!DOCTYPE html>
+<html lang="en">
+<head><title>416 Requested Not Satisfiable</title></head>
+<body>
+<center><h1>416 Requested Not Satisfiable</h1></center>
+<hr><center>nginx</center>
+</body>

core/cmd/server/res/html/500.html

@@ -0,0 +1,7 @@
+<!DOCTYPE html>
+<html lang="en">
+<head><title>Internal Server Error</title></head>
+<body>
+<center><h1>Internal Server Error</h1></center>
+<hr><center>nginx</center>
+</body>

core/constant/common.go

@@ -40,4 +40,105 @@ const (
 	FilePerm = 0644
 )
 
+var WebUrlMap = map[string]struct{}{
+	"/apps":           {},
+	"/apps/all":       {},
+	"/apps/installed": {},
+	"/apps/upgrade":   {},
+
+	"/containers":           {},
+	"/containers/container": {},
+	"/containers/image":     {},
+	"/containers/network":   {},
+	"/containers/volume":    {},
+	"/containers/repo":      {},
+	"/containers/compose":   {},
+	"/containers/template":  {},
+	"/containers/setting":   {},
+
+	"/cronjobs": {},
+
+	"/databases":                   {},
+	"/databases/mysql":             {},
+	"/databases/mysql/remote":      {},
+	"/databases/postgresql":        {},
+	"/databases/postgresql/remote": {},
+	"/databases/redis":             {},
+	"/databases/redis/remote":      {},
+
+	"/hosts":                  {},
+	"/hosts/files":            {},
+	"/hosts/monitor/monitor":  {},
+	"/hosts/monitor/setting":  {},
+	"/hosts/terminal":         {},
+	"/hosts/firewall/port":    {},
+	"/hosts/firewall/forward": {},
+	"/hosts/firewall/ip":      {},
+	"/hosts/process/process":  {},
+	"/hosts/process/network":  {},
+	"/hosts/ssh/ssh":          {},
+	"/hosts/ssh/log":          {},
+	"/hosts/ssh/session":      {},
+
+	"/logs":           {},
+	"/logs/operation": {},
+	"/logs/login":     {},
+	"/logs/website":   {},
+	"/logs/system":    {},
+	"/logs/ssh":       {},
+
+	"/settings":               {},
+	"/settings/panel":         {},
+	"/settings/backupaccount": {},
+	"/settings/license":       {},
+	"/settings/about":         {},
+	"/settings/safe":          {},
+	"/settings/snapshot":      {},
+	"/settings/expired":       {},
+
+	"/toolbox":              {},
+	"/toolbox/device":       {},
+	"/toolbox/supervisor":   {},
+	"/toolbox/clam":         {},
+	"/toolbox/clam/setting": {},
+	"/toolbox/ftp":          {},
+	"/toolbox/fail2ban":     {},
+	"/toolbox/clean":        {},
+
+	"/websites":                 {},
+	"/websites/ssl":             {},
+	"/websites/runtimes/php":    {},
+	"/websites/runtimes/node":   {},
+	"/websites/runtimes/java":   {},
+	"/websites/runtimes/go":     {},
+	"/websites/runtimes/python": {},
+	"/websites/runtimes/dotnet": {},
+
+	"/login": {},
+
+	"/xpack":                   {},
+	"/xpack/waf/dashboard":     {},
+	"/xpack/waf/global":        {},
+	"/xpack/waf/websites":      {},
+	"/xpack/waf/log":           {},
+	"/xpack/waf/block":         {},
+	"/xpack/monitor/dashboard": {},
+	"/xpack/monitor/setting":   {},
+	"/xpack/monitor/rank":      {},
+	"/xpack/monitor/log":       {},
+	"/xpack/tamper":            {},
+	"/xpack/gpu":               {},
+	"/xpack/alert/dashboard":   {},
+	"/xpack/alert/log":         {},
+	"/xpack/alert/setting":     {},
+	"/xpack/setting":           {},
+}
+
+var DynamicRoutes = []string{
+	`^/containers/composeDetail/[^/]+$`,
+	`^/databases/mysql/setting/[^/]+/[^/]+$`,
+	`^/databases/postgresql/setting/[^/]+/[^/]+$`,
+	`^/websites/[^/]+/config/[^/]+$`,
+}
+
 var CertStore atomic.Value