feat: 新增 Master 司令部架构 (SQLite 集成与 Webhook 调度)

2026-04-01 10:19:20 +00:00
parent 3b89ec7ed2
commit f6512fb1c3
2 changed files with 181 additions and 0 deletions
--- a/master/install_master.sh
+++ b/master/install_master.sh
@@ -0,0 +1,67 @@
+#!/bin/bash
+
+# ==========================================================
+# 脚本名称: install_master.sh (IP-Sentinel 控制中枢部署脚本)
+# 核心功能: 安装 SQLite3、初始化数据库表、配置后台守护进程
+# ==========================================================
+
+MASTER_DIR="/opt/ip_sentinel_master"
+DB_FILE="${MASTER_DIR}/sentinel.db"
+
+echo "========================================================"
+echo "      🧠 准备部署 IP-Sentinel Master 控制中枢"
+echo "========================================================"
+
+# 1. 环境依赖安装
+echo "[1/4] 安装核心依赖 (curl, jq, sqlite3)..."
+if [ -f /etc/debian_version ]; then
+    apt-get update -y >/dev/null 2>&1
+    apt-get install -y curl jq sqlite3 procps >/dev/null 2>&1
+elif [ -f /etc/redhat-release ]; then
+    yum install -y curl jq sqlite >/dev/null 2>&1
+fi
+
+mkdir -p "$MASTER_DIR"
+
+# 2. 交互配置机器人
+echo -e "\n[2/4] 配置控制中枢机器人:"
+read -p "请输入 Telegram Bot Token: " TG_TOKEN
+
+cat > "${MASTER_DIR}/master.conf" << EOF
+TG_TOKEN="$TG_TOKEN"
+DB_FILE="$DB_FILE"
+MASTER_DIR="$MASTER_DIR"
+EOF
+
+# 3. 初始化 SQLite 数据库
+echo -e "\n[3/4] 正在初始化 SQLite 数据库表结构..."
+sqlite3 "$DB_FILE" <<EOF
+CREATE TABLE IF NOT EXISTS nodes (
+    chat_id TEXT,
+    node_name TEXT,
+    agent_ip TEXT,
+    agent_port TEXT,
+    last_seen DATETIME DEFAULT CURRENT_TIMESTAMP,
+    PRIMARY KEY(chat_id, node_name)
+);
+EOF
+echo "✅ 数据库创建成功: $DB_FILE"
+
+# 4. 拉取核心调度代码并运行
+echo -e "\n[4/4] 部署 TG 调度守护进程..."
+curl -sL "https://git.94211762.xyz/hotyue/IP-Sentinel/raw/branch/main/master/tg_master.sh" -o "${MASTER_DIR}/tg_master.sh"
+chmod +x "${MASTER_DIR}/tg_master.sh"
+
+# 写入看门狗 Cron
+crontab -l 2>/dev/null | grep -v "tg_master.sh" > /tmp/cron_master
+echo "* * * * * pgrep -f tg_master.sh >/dev/null || nohup bash ${MASTER_DIR}/tg_master.sh >/dev/null 2>&1 &" >> /tmp/cron_master
+crontab /tmp/cron_master
+rm -f /tmp/cron_master
+
+# 立刻启动
+pgrep -f tg_master.sh >/dev/null || nohup bash "${MASTER_DIR}/tg_master.sh" >/dev/null 2>&1 &
+
+echo "========================================================"
+echo "🎉 Master 控制中枢部署完成！"
+echo "🤖 机器人现已开始全局接客，等待边缘节点注册。"
+echo "========================================================"
--- a/master/tg_master.sh
+++ b/master/tg_master.sh
@@ -0,0 +1,114 @@
+#!/bin/bash
+
+# ==========================================================
+# 脚本名称: tg_master.sh (Master 端调度枢纽)
+# 核心功能: 监听 TG、操作 SQLite、向 Agent 发送 Webhook 指令
+# ==========================================================
+
+CONF="/opt/ip_sentinel_master/master.conf"
+[ ! -f "$CONF" ] && exit 1
+source "$CONF"
+
+OFFSET_FILE="/tmp/tg_master_offset"
+[[ -f $OFFSET_FILE ]] || echo "0" > $OFFSET_FILE
+
+# --- 工具函数 ---
+send_ui() {
+    curl -s -X POST "https://api.telegram.org/bot${TG_TOKEN}/sendMessage" \
+        -H "Content-Type: application/json" \
+        -d "{\"chat_id\":\"$1\",\"text\":\"$2\",\"parse_mode\":\"Markdown\",\"reply_markup\":{\"inline_keyboard\":$3}}" > /dev/null
+}
+
+send_msg() {
+    curl -s -X POST "https://api.telegram.org/bot${TG_TOKEN}/sendMessage" \
+        -d "chat_id=$1" -d "text=$2" -d "parse_mode=Markdown" > /dev/null
+}
+
+# 数据库执行函数
+db_exec() {
+    sqlite3 "$DB_FILE" "$1"
+}
+
+# --- 核心轮询循环 ---
+while true; do
+    OFFSET=$(cat $OFFSET_FILE)
+    UPDATES=$(curl -s "https://api.telegram.org/bot${TG_TOKEN}/getUpdates?offset=${OFFSET}&timeout=30")
+    
+    COUNT=$(echo "$UPDATES" | jq -r '.result | length' 2>/dev/null)
+    
+    if [[ "$COUNT" =~ ^[0-9]+$ ]] && [ "$COUNT" -gt 0 ]; then
+        echo "$UPDATES" | jq -c '.result[]' | while read -r UPDATE; do
+            UPDATE_ID=$(echo "$UPDATE" | jq -r '.update_id')
+            echo $((UPDATE_ID + 1)) > $OFFSET_FILE
+            
+            CHAT_ID=$(echo "$UPDATE" | jq -r '.message.chat.id // .callback_query.message.chat.id')
+            TEXT=$(echo "$UPDATE" | jq -r '.message.text // .callback_query.data')
+
+            # ==========================================
+            # 1. 节点注册通道 (处理 Agent 发来的注册暗号)
+            # 格式: #REGISTER#|<NodeName>|<IP>|<Port>
+            # ==========================================
+            if [[ "$TEXT" == *"#REGISTER#"* ]]; then
+                IFS='|' read -r MAGIC NODE_NAME AGENT_IP AGENT_PORT <<< "$TEXT"
+                # UPSERT 逻辑: 如果节点存在则更新 IP/Port 和在线时间，不存在则插入
+                db_exec "INSERT INTO nodes (chat_id, node_name, agent_ip, agent_port, last_seen) VALUES ('$CHAT_ID', '$NODE_NAME', '$AGENT_IP', '$AGENT_PORT', CURRENT_TIMESTAMP) ON CONFLICT(chat_id, node_name) DO UPDATE SET agent_ip='$AGENT_IP', agent_port='$AGENT_PORT', last_seen=CURRENT_TIMESTAMP;"
+                send_msg "$CHAT_ID" "✅ 节点注册成功/续期: \`$NODE_NAME\` ($AGENT_IP:$AGENT_PORT)"
+                continue
+            fi
+
+            # ==========================================
+            # 2. 交互菜单与下发通道 (主控逻辑)
+            # ==========================================
+            case "$TEXT" in
+                "/start"|"/menu")
+                    BTNS="[[{\"text\":\"🖥️ 我的节点列表\",\"callback_data\":\"list_nodes\"}], [{\"text\":\"🚀 全节点一键维护\",\"callback_data\":\"all_run\"}]]"
+                    send_ui "$CHAT_ID" "🛡️ **IP-Sentinel 司令部**\n欢迎回来，长官。请下达指令：" "$BTNS"
+                    ;;
+
+                "list_nodes")
+                    # 从 SQLite 查询属于该 CHAT_ID 的节点
+                    NODE_LIST=$(db_exec "SELECT node_name FROM nodes WHERE chat_id='$CHAT_ID';")
+                    if [ -z "$NODE_LIST" ]; then
+                        send_msg "$CHAT_ID" "⚠️ 您名下暂无在线节点，请先在边缘机执行部署。"
+                    else
+                        BTNS="["
+                        for N in $NODE_LIST; do
+                            BTNS="$BTNS[{\"text\":\"🖥️ $N\",\"callback_data\":\"manage:$N\"}],"
+                        done
+                        BTNS="${BTNS%,}]"
+                        send_ui "$CHAT_ID" "🔍 您名下的活跃节点：" "$BTNS"
+                    fi
+                    ;;
+
+                manage:*)
+                    TARGET_NODE=${TEXT#*:}
+                    BTNS="[[{\"text\":\"▶️ 执行深度伪装\",\"callback_data\":\"run:$TARGET_NODE\"}, {\"text\":\"📜 索要战报\",\"callback_data\":\"report:$TARGET_NODE\"}], [{\"text\":\"⬅️ 返回主列表\",\"callback_data\":\"list_nodes\"}]]"
+                    send_ui "$CHAT_ID" "⚙️ **目标锁定**: \`$TARGET_NODE\`\n请选择战术动作：" "$BTNS"
+                    ;;
+
+                run:*)
+                    # 核心 Webhook 触发逻辑
+                    TARGET_NODE=${TEXT#*:}
+                    # 从 DB 提取 IP 和 Port
+                    AGENT_INFO=$(db_exec "SELECT agent_ip, agent_port FROM nodes WHERE chat_id='$CHAT_ID' AND node_name='$TARGET_NODE' LIMIT 1;")
+                    AGENT_IP=$(echo "$AGENT_INFO" | cut -d'|' -f1)
+                    AGENT_PORT=$(echo "$AGENT_INFO" | cut -d'|' -f2)
+
+                    if [ -n "$AGENT_IP" ] && [ -n "$AGENT_PORT" ]; then
+                        send_msg "$CHAT_ID" "⏳ 正在向 \`$TARGET_NODE\` ($AGENT_IP) 下发作战指令..."
+                        # 向 Agent 的开放端口发送 Webhook 唤醒指令
+                        RESPONSE=$(curl -s -m 5 "http://${AGENT_IP}:${AGENT_PORT}/trigger_run" || echo "FAILED")
+                        if [ "$RESPONSE" == "FAILED" ]; then
+                            send_msg "$CHAT_ID" "❌ 指令下发失败！无法连接到边缘节点，请检查节点的公网 IP 或防火墙端口 ($AGENT_PORT) 是否放行。"
+                        else
+                            send_msg "$CHAT_ID" "✅ 节点 \`$TARGET_NODE\` 回应: 指令已接收，伪装程序启动。"
+                        fi
+                    else
+                        send_msg "$CHAT_ID" "❌ 数据库中未找到该节点的通讯地址。"
+                    fi
+                    ;;
+            esac
+        done
+    fi
+    sleep 1
+done