mirror of
https://github.com/Syngnat/GoNavi.git
synced 2026-05-11 18:29:44 +08:00
eaa45f17fd
* 🎨 style(DataGrid): 清理冗余代码与静态分析告警 - 类型重构:通过修正 React Context 的函数签名解决了 void 类型的链式调用错误 - 代码精简:利用 Nullish Coalescing (??) 优化组件配置项降级逻辑,剥离无意义的隐式 undefined 赋值 - 工具链适配:适配 IDE 拼写检查与 Promise strict rules,确保全文件零警 * 🔧 fix(db/kingbase_impl): 修复标识符无条件加双引号导致SQL语法报错 - quoteKingbaseIdent 改为条件引用,仅对大写字母、保留字、特殊字符的标识符添加双引号 - 新增 kingbaseIdentNeedsQuote 判断标识符是否需要引用 - 新增 isKingbaseReservedWord 检测常见SQL保留字 - 补充 TestQuoteKingbaseIdent、TestKingbaseIdentNeedsQuote 单测覆盖各场景 - refs #176 * 🔧 fix(release,db/kingbase_impl): 修复金仓默认 schema 并静默生成 DMG - Kingbase:在 current_schema() 为 public 时探测候选 schema,并通过 DSN search_path 重连,兼容未限定 schema 的查询 - 候选优先级:数据库名/用户名同名 schema(存在性校验),否则仅在“唯一用户 schema 有表”场景兜底 - 避免连接污染:每次 Connect 重置探测结果,重连成功后替换连接并关闭旧连接 - 打包脚本:create-dmg 增加 --sandbox-safe,避免构建时自动弹出/打开挂载窗口 - 产物格式:强制 --format UDZO,并将 rw.*.dmg/UDRW 中间产物转换为可分发 DMG - 校验门禁:增加 hdiutil verify,失败时保留 .app 便于排查,同时修正卷图标探测并补 ad-hoc 签名 * 🐛 fix(connection/redis): 修复 Redis URI 用户名处理导致认证失败 - Redis URI 解析回填 user 字段,兼容 redis://user:pass@... 与 redis://:pass@... - 生成 URI 时按需输出 user/password,避免丢失用户名信息 - Redis 类型默认用户名置空,并在构建配置时清理历史默认 root - 避免 go-redis 触发 ACL AUTH(user, pass) 导致 WRONGPASS - refs #212 * 🔧 fix(release,ssh): 修复 SSH 误判连接成功并纠正 DMG 打包结构 - SSH 缓存 key 纳入认证指纹(password/keyPath),避免改错凭证仍复用旧连接/端口转发 - MySQL/MariaDB/Doris:SSH 隧道建立失败直接返回错误,不再回退直连导致测试误判成功 - 新增最小单测覆盖 SSH cache key 与 UseSSH 异常路径 - build-release.sh:create-dmg 使用 staging 目录作为 source,避免 DMG 根目录变成 Contents - refs #213 * fix: KingBase 连接后自动设置 search_path,修复自定义 schema 下表查询报 relation does not exist 的问题 (#215) * 🔧 fix(driver/kingbase,mongodb): 修复外置驱动事务引用与连接测试链路问题 - 金仓外置驱动链路增加表名与变更字段归一化,修复 ApplyChanges 场景下双引号转义异常导致的 SQL 语法错误 - 新增金仓公共标识符工具并复用到 kingbase_impl 与 optional_driver_agent_impl,统一处理多重转义、schema.table 拆分与引用规范 - 金仓代理连接后自动探测并设置 search_path,降低查询时必须手写 schema 前缀的概率 - MongoDB 连接参数改为显式 host/hosts 优先,避免被 URI 中 localhost 覆盖;代理链路保留目标地址不再改写为本地地址 - 连接测试增加前后端超时收敛与日志增强,避免长时间转圈;连接错误文案在未启用 TLS 时移除误导性的“SSL”前缀 - 统一日志级别为 INFO/WARN/ERROR,默认日志目录收敛到 ~/.GoNavi/Logs,并补充驱动构建脚本 build-driver-agents.sh * 🔧 fix(release/sidebar): 统一跨平台UPX压缩并修复PG函数列表查询兼容性 - 构建脚本新增通用 UPX 压缩函数,覆盖 macOS、Linux、Windows 产物 - 本地打包改为强制压缩策略:未安装 upx、压缩失败或校验失败直接终止 - macOS 打包在签名前压缩 .app 主程序并执行 upx -t 校验 - Linux 打包在生成 tar.gz 前压缩可执行文件并执行 upx -t 校验 - GitHub Release 与测试构建流程补齐 macOS/Linux/Windows 的 upx 安装与压缩步骤 - PostgreSQL/PG-like 函数元数据查询增加多路兼容 SQL,修复函数列表不显示问题 - refs #221 - refs #222 --------- Co-authored-by: Syngnat <yangguofeng919@gmail.com> Co-authored-by: 凌封 <49424247+fengin@users.noreply.github.com>
315 lines
8.0 KiB
Go
315 lines
8.0 KiB
Go
package app
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
"errors"
|
|
"fmt"
|
|
"net"
|
|
"net/http"
|
|
"net/url"
|
|
"strconv"
|
|
"strings"
|
|
"sync"
|
|
"time"
|
|
|
|
"GoNavi-Wails/internal/connection"
|
|
"GoNavi-Wails/internal/logger"
|
|
proxytunnel "GoNavi-Wails/internal/proxy"
|
|
)
|
|
|
|
type globalProxySnapshot struct {
|
|
Enabled bool `json:"enabled"`
|
|
Proxy connection.ProxyConfig `json:"proxy"`
|
|
}
|
|
|
|
var globalProxyRuntime = struct {
|
|
mu sync.RWMutex
|
|
enabled bool
|
|
proxy connection.ProxyConfig
|
|
}{}
|
|
|
|
type localProxyTLSFallbackTransport struct {
|
|
primary *http.Transport
|
|
fallback *http.Transport
|
|
proxyEndpoint string
|
|
}
|
|
|
|
func currentGlobalProxyConfig() globalProxySnapshot {
|
|
globalProxyRuntime.mu.RLock()
|
|
defer globalProxyRuntime.mu.RUnlock()
|
|
if !globalProxyRuntime.enabled {
|
|
return globalProxySnapshot{
|
|
Enabled: false,
|
|
Proxy: connection.ProxyConfig{},
|
|
}
|
|
}
|
|
return globalProxySnapshot{
|
|
Enabled: true,
|
|
Proxy: globalProxyRuntime.proxy,
|
|
}
|
|
}
|
|
|
|
func setGlobalProxyConfig(enabled bool, proxyConfig connection.ProxyConfig) (globalProxySnapshot, error) {
|
|
if !enabled {
|
|
globalProxyRuntime.mu.Lock()
|
|
globalProxyRuntime.enabled = false
|
|
globalProxyRuntime.proxy = connection.ProxyConfig{}
|
|
globalProxyRuntime.mu.Unlock()
|
|
return currentGlobalProxyConfig(), nil
|
|
}
|
|
|
|
normalizedProxy, err := proxytunnel.NormalizeConfig(proxyConfig)
|
|
if err != nil {
|
|
return globalProxySnapshot{}, err
|
|
}
|
|
|
|
globalProxyRuntime.mu.Lock()
|
|
globalProxyRuntime.enabled = true
|
|
globalProxyRuntime.proxy = normalizedProxy
|
|
globalProxyRuntime.mu.Unlock()
|
|
return currentGlobalProxyConfig(), nil
|
|
}
|
|
|
|
func (a *App) ConfigureGlobalProxy(enabled bool, proxyConfig connection.ProxyConfig) connection.QueryResult {
|
|
before := currentGlobalProxyConfig()
|
|
snapshot, err := setGlobalProxyConfig(enabled, proxyConfig)
|
|
if err != nil {
|
|
return connection.QueryResult{Success: false, Message: err.Error()}
|
|
}
|
|
|
|
// 前端可能在同一配置下重复触发同步(例如严格模式或状态回放),
|
|
// 这里做幂等日志,避免重复刷屏。
|
|
if !globalProxySnapshotEqual(before, snapshot) {
|
|
if snapshot.Enabled {
|
|
authState := ""
|
|
if strings.TrimSpace(snapshot.Proxy.User) != "" {
|
|
authState = "(认证:已配置)"
|
|
}
|
|
logger.Infof(
|
|
"全局代理已启用:%s://%s:%d%s",
|
|
strings.ToLower(strings.TrimSpace(snapshot.Proxy.Type)),
|
|
strings.TrimSpace(snapshot.Proxy.Host),
|
|
snapshot.Proxy.Port,
|
|
authState,
|
|
)
|
|
} else {
|
|
logger.Infof("全局代理已关闭")
|
|
}
|
|
}
|
|
|
|
return connection.QueryResult{
|
|
Success: true,
|
|
Message: "全局代理配置已生效",
|
|
Data: snapshot,
|
|
}
|
|
}
|
|
|
|
func globalProxySnapshotEqual(a, b globalProxySnapshot) bool {
|
|
if a.Enabled != b.Enabled {
|
|
return false
|
|
}
|
|
if !a.Enabled {
|
|
return true
|
|
}
|
|
return proxyConfigEqual(a.Proxy, b.Proxy)
|
|
}
|
|
|
|
func proxyConfigEqual(a, b connection.ProxyConfig) bool {
|
|
return strings.EqualFold(strings.TrimSpace(a.Type), strings.TrimSpace(b.Type)) &&
|
|
strings.TrimSpace(a.Host) == strings.TrimSpace(b.Host) &&
|
|
a.Port == b.Port &&
|
|
strings.TrimSpace(a.User) == strings.TrimSpace(b.User) &&
|
|
a.Password == b.Password
|
|
}
|
|
|
|
func (a *App) GetGlobalProxyConfig() connection.QueryResult {
|
|
return connection.QueryResult{
|
|
Success: true,
|
|
Message: "OK",
|
|
Data: currentGlobalProxyConfig(),
|
|
}
|
|
}
|
|
|
|
func applyGlobalProxyToConnection(config connection.ConnectionConfig) connection.ConnectionConfig {
|
|
effective := config
|
|
if effective.UseProxy || effective.UseHTTPTunnel {
|
|
return effective
|
|
}
|
|
if isFileDatabaseType(effective.Type) {
|
|
effective.Proxy = connection.ProxyConfig{}
|
|
return effective
|
|
}
|
|
|
|
snapshot := currentGlobalProxyConfig()
|
|
if !snapshot.Enabled {
|
|
effective.Proxy = connection.ProxyConfig{}
|
|
return effective
|
|
}
|
|
|
|
effective.UseProxy = true
|
|
effective.Proxy = snapshot.Proxy
|
|
return effective
|
|
}
|
|
|
|
func isFileDatabaseType(driverType string) bool {
|
|
switch strings.ToLower(strings.TrimSpace(driverType)) {
|
|
case "sqlite", "duckdb":
|
|
return true
|
|
default:
|
|
return false
|
|
}
|
|
}
|
|
|
|
func newHTTPClientWithGlobalProxy(timeout time.Duration) *http.Client {
|
|
client := &http.Client{
|
|
Timeout: timeout,
|
|
}
|
|
if transport := buildHTTPTransportWithGlobalProxy(); transport != nil {
|
|
client.Transport = transport
|
|
}
|
|
return client
|
|
}
|
|
|
|
func buildHTTPTransportWithGlobalProxy() http.RoundTripper {
|
|
baseTransport, ok := http.DefaultTransport.(*http.Transport)
|
|
if !ok || baseTransport == nil {
|
|
return nil
|
|
}
|
|
|
|
transport := baseTransport.Clone()
|
|
snapshot := currentGlobalProxyConfig()
|
|
if !snapshot.Enabled {
|
|
transport.Proxy = http.ProxyFromEnvironment
|
|
return transport
|
|
}
|
|
|
|
proxyURL, err := buildProxyURLFromConfig(snapshot.Proxy)
|
|
if err != nil {
|
|
logger.Warnf("全局代理配置无效,回退系统代理:%v", err)
|
|
transport.Proxy = http.ProxyFromEnvironment
|
|
return transport
|
|
}
|
|
|
|
transport.Proxy = http.ProxyURL(proxyURL)
|
|
if !isLoopbackProxyHost(snapshot.Proxy.Host) {
|
|
return transport
|
|
}
|
|
|
|
fallbackTransport := transport.Clone()
|
|
fallbackTransport.TLSClientConfig = cloneTLSConfigWithInsecureSkipVerify(fallbackTransport.TLSClientConfig)
|
|
return &localProxyTLSFallbackTransport{
|
|
primary: transport,
|
|
fallback: fallbackTransport,
|
|
proxyEndpoint: proxyURL.Redacted(),
|
|
}
|
|
}
|
|
|
|
func (t *localProxyTLSFallbackTransport) RoundTrip(req *http.Request) (*http.Response, error) {
|
|
resp, err := t.primary.RoundTrip(req)
|
|
if err == nil {
|
|
return resp, nil
|
|
}
|
|
if !isTLSFallbackCandidate(req.Method, err) {
|
|
return nil, err
|
|
}
|
|
|
|
retryReq, cloneErr := cloneRequestForRetry(req)
|
|
if cloneErr != nil {
|
|
return nil, err
|
|
}
|
|
logger.Warnf("检测到本地代理 TLS 证书不受信任,启用兼容回退:代理=%s 目标=%s 错误=%v", t.proxyEndpoint, req.URL.String(), err)
|
|
return t.fallback.RoundTrip(retryReq)
|
|
}
|
|
|
|
func isTLSFallbackCandidate(method string, err error) bool {
|
|
if !isIdempotentRequestMethod(method) {
|
|
return false
|
|
}
|
|
return isUnknownAuthorityError(err)
|
|
}
|
|
|
|
func isIdempotentRequestMethod(method string) bool {
|
|
switch strings.ToUpper(strings.TrimSpace(method)) {
|
|
case http.MethodGet, http.MethodHead:
|
|
return true
|
|
default:
|
|
return false
|
|
}
|
|
}
|
|
|
|
func cloneRequestForRetry(req *http.Request) (*http.Request, error) {
|
|
cloned := req.Clone(req.Context())
|
|
if req.Body == nil || req.Body == http.NoBody {
|
|
return cloned, nil
|
|
}
|
|
if req.GetBody == nil {
|
|
return nil, fmt.Errorf("request body not replayable")
|
|
}
|
|
body, err := req.GetBody()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
cloned.Body = body
|
|
return cloned, nil
|
|
}
|
|
|
|
func isUnknownAuthorityError(err error) bool {
|
|
var unknownErr x509.UnknownAuthorityError
|
|
if errors.As(err, &unknownErr) {
|
|
return true
|
|
}
|
|
return strings.Contains(strings.ToLower(err.Error()), "x509: certificate signed by unknown authority")
|
|
}
|
|
|
|
func cloneTLSConfigWithInsecureSkipVerify(base *tls.Config) *tls.Config {
|
|
if base == nil {
|
|
return &tls.Config{InsecureSkipVerify: true}
|
|
}
|
|
cloned := base.Clone()
|
|
cloned.InsecureSkipVerify = true
|
|
return cloned
|
|
}
|
|
|
|
func isLoopbackProxyHost(host string) bool {
|
|
trimmed := strings.TrimSpace(host)
|
|
if trimmed == "" {
|
|
return false
|
|
}
|
|
if strings.EqualFold(trimmed, "localhost") {
|
|
return true
|
|
}
|
|
ip := net.ParseIP(trimmed)
|
|
if ip == nil {
|
|
return false
|
|
}
|
|
return ip.IsLoopback()
|
|
}
|
|
|
|
func buildProxyURLFromConfig(proxyConfig connection.ProxyConfig) (*url.URL, error) {
|
|
normalizedProxy, err := proxytunnel.NormalizeConfig(proxyConfig)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
proxyType := strings.ToLower(strings.TrimSpace(normalizedProxy.Type))
|
|
if proxyType != "http" && proxyType != "socks5" {
|
|
return nil, fmt.Errorf("不支持的代理类型:%s", normalizedProxy.Type)
|
|
}
|
|
if strings.TrimSpace(normalizedProxy.Host) == "" {
|
|
return nil, fmt.Errorf("代理地址不能为空")
|
|
}
|
|
if normalizedProxy.Port <= 0 || normalizedProxy.Port > 65535 {
|
|
return nil, fmt.Errorf("代理端口无效:%d", normalizedProxy.Port)
|
|
}
|
|
|
|
proxyURL := &url.URL{
|
|
Scheme: proxyType,
|
|
Host: net.JoinHostPort(strings.TrimSpace(normalizedProxy.Host), strconv.Itoa(normalizedProxy.Port)),
|
|
}
|
|
if strings.TrimSpace(normalizedProxy.User) != "" {
|
|
proxyURL.User = url.UserPassword(strings.TrimSpace(normalizedProxy.User), normalizedProxy.Password)
|
|
}
|
|
return proxyURL, nil
|
|
}
|