mirror of
https://github.com/Syngnat/GoNavi.git
synced 2026-05-07 05:52:56 +08:00
eaa45f17fd
* 🎨 style(DataGrid): 清理冗余代码与静态分析告警 - 类型重构:通过修正 React Context 的函数签名解决了 void 类型的链式调用错误 - 代码精简:利用 Nullish Coalescing (??) 优化组件配置项降级逻辑,剥离无意义的隐式 undefined 赋值 - 工具链适配:适配 IDE 拼写检查与 Promise strict rules,确保全文件零警 * 🔧 fix(db/kingbase_impl): 修复标识符无条件加双引号导致SQL语法报错 - quoteKingbaseIdent 改为条件引用,仅对大写字母、保留字、特殊字符的标识符添加双引号 - 新增 kingbaseIdentNeedsQuote 判断标识符是否需要引用 - 新增 isKingbaseReservedWord 检测常见SQL保留字 - 补充 TestQuoteKingbaseIdent、TestKingbaseIdentNeedsQuote 单测覆盖各场景 - refs #176 * 🔧 fix(release,db/kingbase_impl): 修复金仓默认 schema 并静默生成 DMG - Kingbase:在 current_schema() 为 public 时探测候选 schema,并通过 DSN search_path 重连,兼容未限定 schema 的查询 - 候选优先级:数据库名/用户名同名 schema(存在性校验),否则仅在“唯一用户 schema 有表”场景兜底 - 避免连接污染:每次 Connect 重置探测结果,重连成功后替换连接并关闭旧连接 - 打包脚本:create-dmg 增加 --sandbox-safe,避免构建时自动弹出/打开挂载窗口 - 产物格式:强制 --format UDZO,并将 rw.*.dmg/UDRW 中间产物转换为可分发 DMG - 校验门禁:增加 hdiutil verify,失败时保留 .app 便于排查,同时修正卷图标探测并补 ad-hoc 签名 * 🐛 fix(connection/redis): 修复 Redis URI 用户名处理导致认证失败 - Redis URI 解析回填 user 字段,兼容 redis://user:pass@... 与 redis://:pass@... - 生成 URI 时按需输出 user/password,避免丢失用户名信息 - Redis 类型默认用户名置空,并在构建配置时清理历史默认 root - 避免 go-redis 触发 ACL AUTH(user, pass) 导致 WRONGPASS - refs #212 * 🔧 fix(release,ssh): 修复 SSH 误判连接成功并纠正 DMG 打包结构 - SSH 缓存 key 纳入认证指纹(password/keyPath),避免改错凭证仍复用旧连接/端口转发 - MySQL/MariaDB/Doris:SSH 隧道建立失败直接返回错误,不再回退直连导致测试误判成功 - 新增最小单测覆盖 SSH cache key 与 UseSSH 异常路径 - build-release.sh:create-dmg 使用 staging 目录作为 source,避免 DMG 根目录变成 Contents - refs #213 * fix: KingBase 连接后自动设置 search_path,修复自定义 schema 下表查询报 relation does not exist 的问题 (#215) * 🔧 fix(driver/kingbase,mongodb): 修复外置驱动事务引用与连接测试链路问题 - 金仓外置驱动链路增加表名与变更字段归一化,修复 ApplyChanges 场景下双引号转义异常导致的 SQL 语法错误 - 新增金仓公共标识符工具并复用到 kingbase_impl 与 optional_driver_agent_impl,统一处理多重转义、schema.table 拆分与引用规范 - 金仓代理连接后自动探测并设置 search_path,降低查询时必须手写 schema 前缀的概率 - MongoDB 连接参数改为显式 host/hosts 优先,避免被 URI 中 localhost 覆盖;代理链路保留目标地址不再改写为本地地址 - 连接测试增加前后端超时收敛与日志增强,避免长时间转圈;连接错误文案在未启用 TLS 时移除误导性的“SSL”前缀 - 统一日志级别为 INFO/WARN/ERROR,默认日志目录收敛到 ~/.GoNavi/Logs,并补充驱动构建脚本 build-driver-agents.sh * 🔧 fix(release/sidebar): 统一跨平台UPX压缩并修复PG函数列表查询兼容性 - 构建脚本新增通用 UPX 压缩函数,覆盖 macOS、Linux、Windows 产物 - 本地打包改为强制压缩策略:未安装 upx、压缩失败或校验失败直接终止 - macOS 打包在签名前压缩 .app 主程序并执行 upx -t 校验 - Linux 打包在生成 tar.gz 前压缩可执行文件并执行 upx -t 校验 - GitHub Release 与测试构建流程补齐 macOS/Linux/Windows 的 upx 安装与压缩步骤 - PostgreSQL/PG-like 函数元数据查询增加多路兼容 SQL,修复函数列表不显示问题 - refs #221 - refs #222 --------- Co-authored-by: Syngnat <yangguofeng919@gmail.com> Co-authored-by: 凌封 <49424247+fengin@users.noreply.github.com>
422 lines
11 KiB
Go
422 lines
11 KiB
Go
package ssh
|
||
|
||
import (
|
||
"context"
|
||
"crypto/sha256"
|
||
"encoding/hex"
|
||
"fmt"
|
||
"io"
|
||
"net"
|
||
"os"
|
||
"strconv"
|
||
"sync"
|
||
"time"
|
||
|
||
"GoNavi-Wails/internal/connection"
|
||
"GoNavi-Wails/internal/logger"
|
||
|
||
"github.com/go-sql-driver/mysql"
|
||
"golang.org/x/crypto/ssh"
|
||
)
|
||
|
||
// ViaSSHDialer registers a custom network for MySQL that proxies through SSH
|
||
type ViaSSHDialer struct {
|
||
sshClient *ssh.Client
|
||
}
|
||
|
||
func (d *ViaSSHDialer) Dial(ctx context.Context, addr string) (net.Conn, error) {
|
||
return dialContext(ctx, d.sshClient, "tcp", addr)
|
||
}
|
||
|
||
func dialContext(ctx context.Context, client *ssh.Client, network, addr string) (net.Conn, error) {
|
||
type result struct {
|
||
conn net.Conn
|
||
err error
|
||
}
|
||
|
||
ch := make(chan result, 1)
|
||
go func() {
|
||
c, err := client.Dial(network, addr)
|
||
ch <- result{conn: c, err: err}
|
||
}()
|
||
|
||
select {
|
||
case <-ctx.Done():
|
||
go func() {
|
||
r := <-ch
|
||
if r.conn != nil {
|
||
_ = r.conn.Close()
|
||
}
|
||
}()
|
||
return nil, ctx.Err()
|
||
case r := <-ch:
|
||
return r.conn, r.err
|
||
}
|
||
}
|
||
|
||
// connectSSH establishes an SSH connection and returns a Dialer
|
||
func connectSSH(config connection.SSHConfig) (*ssh.Client, error) {
|
||
logger.Infof("开始建立 SSH 连接:地址=%s:%d 用户=%s", config.Host, config.Port, config.User)
|
||
authMethods := []ssh.AuthMethod{}
|
||
|
||
if config.KeyPath != "" {
|
||
key, err := os.ReadFile(config.KeyPath)
|
||
if err != nil {
|
||
logger.Warnf("读取 SSH 私钥失败:路径=%s,原因:%v", config.KeyPath, err)
|
||
} else {
|
||
signer, err := ssh.ParsePrivateKey(key)
|
||
if err != nil {
|
||
logger.Warnf("解析 SSH 私钥失败:路径=%s,原因:%v", config.KeyPath, err)
|
||
} else {
|
||
authMethods = append(authMethods, ssh.PublicKeys(signer))
|
||
}
|
||
}
|
||
}
|
||
|
||
if config.Password != "" {
|
||
authMethods = append(authMethods, ssh.Password(config.Password))
|
||
}
|
||
if len(authMethods) == 0 {
|
||
logger.Warnf("SSH 未配置认证方式(密码或私钥)")
|
||
}
|
||
|
||
sshConfig := &ssh.ClientConfig{
|
||
User: config.User,
|
||
Auth: authMethods,
|
||
HostKeyCallback: ssh.InsecureIgnoreHostKey(), // Use strict checking in production!
|
||
Timeout: 5 * time.Second,
|
||
}
|
||
|
||
addr := fmt.Sprintf("%s:%d", config.Host, config.Port)
|
||
client, err := ssh.Dial("tcp", addr, sshConfig)
|
||
if err != nil {
|
||
logger.Error(err, "SSH 连接建立失败:地址=%s 用户=%s", addr, config.User)
|
||
return nil, err
|
||
}
|
||
logger.Infof("SSH 连接建立成功:地址=%s 用户=%s", addr, config.User)
|
||
return client, nil
|
||
}
|
||
|
||
// RegisterSSHNetwork registers a unique network name for a specific SSH tunnel
|
||
// Returns the network name to use in DSN
|
||
func RegisterSSHNetwork(sshConfig connection.SSHConfig) (string, error) {
|
||
client, err := connectSSH(sshConfig)
|
||
if err != nil {
|
||
return "", err
|
||
}
|
||
|
||
// Generate unique network name
|
||
netName := fmt.Sprintf("ssh_%s_%d", sshConfig.Host, time.Now().UnixNano())
|
||
logger.Infof("注册 SSH 网络:%s(地址=%s:%d 用户=%s)", netName, sshConfig.Host, sshConfig.Port, sshConfig.User)
|
||
|
||
mysql.RegisterDialContext(netName, func(ctx context.Context, addr string) (net.Conn, error) {
|
||
return dialContext(ctx, client, "tcp", addr)
|
||
})
|
||
|
||
return netName, nil
|
||
}
|
||
|
||
// sshClientCache stores SSH clients to avoid creating multiple connections
|
||
var (
|
||
sshClientCache = make(map[sshClientCacheKey]*ssh.Client)
|
||
sshClientCacheMu sync.RWMutex
|
||
localForwarders = make(map[forwarderCacheKey]*LocalForwarder)
|
||
forwarderMu sync.RWMutex
|
||
)
|
||
|
||
type sshClientCacheKey struct {
|
||
host string
|
||
port int
|
||
user string
|
||
auth string
|
||
}
|
||
|
||
type forwarderCacheKey struct {
|
||
ssh sshClientCacheKey
|
||
remoteHost string
|
||
remotePort int
|
||
}
|
||
|
||
func sshAuthFingerprint(config connection.SSHConfig) string {
|
||
hasher := sha256.New()
|
||
_, _ = hasher.Write([]byte(config.Password))
|
||
_, _ = hasher.Write([]byte{0})
|
||
_, _ = hasher.Write([]byte(config.KeyPath))
|
||
if config.KeyPath != "" {
|
||
if st, err := os.Stat(config.KeyPath); err == nil {
|
||
_, _ = hasher.Write([]byte{0})
|
||
_, _ = hasher.Write([]byte(st.ModTime().UTC().Format(time.RFC3339Nano)))
|
||
_, _ = hasher.Write([]byte{0})
|
||
_, _ = hasher.Write([]byte(strconv.FormatInt(st.Size(), 10)))
|
||
} else {
|
||
_, _ = hasher.Write([]byte{0})
|
||
_, _ = hasher.Write([]byte("stat_err"))
|
||
}
|
||
}
|
||
sum := hasher.Sum(nil)
|
||
return hex.EncodeToString(sum[:8])
|
||
}
|
||
|
||
func newSSHClientCacheKey(config connection.SSHConfig) sshClientCacheKey {
|
||
return sshClientCacheKey{
|
||
host: config.Host,
|
||
port: config.Port,
|
||
user: config.User,
|
||
auth: sshAuthFingerprint(config),
|
||
}
|
||
}
|
||
|
||
func formatSSHClientKeyForLog(key sshClientCacheKey) string {
|
||
return fmt.Sprintf("%s:%d 用户=%s", key.host, key.port, key.user)
|
||
}
|
||
|
||
// LocalForwarder represents a local port forwarder through SSH
|
||
type LocalForwarder struct {
|
||
LocalAddr string
|
||
RemoteAddr string
|
||
SSHClient *ssh.Client
|
||
listener net.Listener
|
||
closeChan chan struct{}
|
||
closeOnce sync.Once // 防止重复关闭
|
||
closed bool // 关闭状态标记
|
||
closedMu sync.RWMutex
|
||
}
|
||
|
||
// NewLocalForwarder creates a new local port forwarder
|
||
// It listens on a random local port and forwards all connections through SSH tunnel
|
||
func NewLocalForwarder(sshConfig connection.SSHConfig, remoteHost string, remotePort int) (*LocalForwarder, error) {
|
||
client, err := GetOrCreateSSHClient(sshConfig)
|
||
if err != nil {
|
||
return nil, fmt.Errorf("建立 SSH 连接失败:%w", err)
|
||
}
|
||
|
||
// Listen on localhost with a random port
|
||
listener, err := net.Listen("tcp", "127.0.0.1:0")
|
||
if err != nil {
|
||
return nil, fmt.Errorf("创建本地监听器失败:%w", err)
|
||
}
|
||
|
||
localAddr := listener.Addr().String()
|
||
remoteAddr := fmt.Sprintf("%s:%d", remoteHost, remotePort)
|
||
|
||
forwarder := &LocalForwarder{
|
||
LocalAddr: localAddr,
|
||
RemoteAddr: remoteAddr,
|
||
SSHClient: client,
|
||
listener: listener,
|
||
closeChan: make(chan struct{}),
|
||
}
|
||
|
||
// Start forwarding in background
|
||
go forwarder.forward()
|
||
|
||
logger.Infof("已创建 SSH 端口转发:本地 %s -> 远程 %s", localAddr, remoteAddr)
|
||
return forwarder, nil
|
||
}
|
||
|
||
// forward handles the port forwarding
|
||
func (f *LocalForwarder) forward() {
|
||
for {
|
||
localConn, err := f.listener.Accept()
|
||
if err != nil {
|
||
// Check if we're shutting down
|
||
select {
|
||
case <-f.closeChan:
|
||
return
|
||
default:
|
||
logger.Warnf("接受本地连接失败:%v", err)
|
||
// listener可能已关闭,退出循环
|
||
return
|
||
}
|
||
}
|
||
|
||
go f.handleConnection(localConn)
|
||
}
|
||
}
|
||
|
||
// handleConnection handles a single connection
|
||
func (f *LocalForwarder) handleConnection(localConn net.Conn) {
|
||
defer localConn.Close()
|
||
|
||
// Connect to remote through SSH with timeout
|
||
remoteConn, err := f.SSHClient.Dial("tcp", f.RemoteAddr)
|
||
if err != nil {
|
||
logger.Warnf("通过 SSH 连接到远程 %s 失败:%v", f.RemoteAddr, err)
|
||
return
|
||
}
|
||
defer remoteConn.Close()
|
||
|
||
// Bidirectional copy with error channel
|
||
errc := make(chan error, 2)
|
||
|
||
// Copy from local to remote
|
||
go func() {
|
||
_, err := io.Copy(remoteConn, localConn)
|
||
if err != nil {
|
||
logger.Warnf("本地->远程数据复制错误:%v", err)
|
||
}
|
||
errc <- err
|
||
}()
|
||
|
||
// Copy from remote to local
|
||
go func() {
|
||
_, err := io.Copy(localConn, remoteConn)
|
||
if err != nil {
|
||
logger.Warnf("远程->本地数据复制错误:%v", err)
|
||
}
|
||
errc <- err
|
||
}()
|
||
|
||
// Wait for BOTH goroutines to complete
|
||
<-errc
|
||
<-errc
|
||
}
|
||
|
||
// Close closes the forwarder (thread-safe, can be called multiple times)
|
||
func (f *LocalForwarder) Close() error {
|
||
var err error
|
||
f.closeOnce.Do(func() {
|
||
f.closedMu.Lock()
|
||
f.closed = true
|
||
f.closedMu.Unlock()
|
||
|
||
close(f.closeChan)
|
||
err = f.listener.Close()
|
||
if err != nil {
|
||
logger.Warnf("关闭端口转发监听器失败:%v", err)
|
||
}
|
||
})
|
||
return err
|
||
}
|
||
|
||
// IsClosed returns whether the forwarder is closed
|
||
func (f *LocalForwarder) IsClosed() bool {
|
||
f.closedMu.RLock()
|
||
defer f.closedMu.RUnlock()
|
||
return f.closed
|
||
}
|
||
|
||
// GetOrCreateLocalForwarder returns a cached forwarder or creates a new one
|
||
func GetOrCreateLocalForwarder(sshConfig connection.SSHConfig, remoteHost string, remotePort int) (*LocalForwarder, error) {
|
||
key := forwarderCacheKey{
|
||
ssh: newSSHClientCacheKey(sshConfig),
|
||
remoteHost: remoteHost,
|
||
remotePort: remotePort,
|
||
}
|
||
logKey := fmt.Sprintf("%s:%d:%s->%s:%d",
|
||
sshConfig.Host, sshConfig.Port, sshConfig.User, remoteHost, remotePort)
|
||
|
||
forwarderMu.RLock()
|
||
forwarder, exists := localForwarders[key]
|
||
forwarderMu.RUnlock()
|
||
|
||
// Check if exists and is still valid
|
||
if exists && forwarder != nil && !forwarder.IsClosed() {
|
||
logger.Infof("复用已有端口转发:%s", logKey)
|
||
return forwarder, nil
|
||
}
|
||
|
||
// Remove stale forwarder from cache
|
||
if exists {
|
||
forwarderMu.Lock()
|
||
delete(localForwarders, key)
|
||
forwarderMu.Unlock()
|
||
}
|
||
|
||
forwarder, err := NewLocalForwarder(sshConfig, remoteHost, remotePort)
|
||
if err != nil {
|
||
return nil, err
|
||
}
|
||
|
||
forwarderMu.Lock()
|
||
localForwarders[key] = forwarder
|
||
forwarderMu.Unlock()
|
||
|
||
return forwarder, nil
|
||
}
|
||
|
||
// CloseAllForwarders closes all local forwarders
|
||
func CloseAllForwarders() {
|
||
forwarderMu.Lock()
|
||
defer forwarderMu.Unlock()
|
||
|
||
for _, forwarder := range localForwarders {
|
||
if forwarder != nil {
|
||
_ = forwarder.Close()
|
||
logger.Infof("已关闭端口转发:本地 %s -> 远程 %s", forwarder.LocalAddr, forwarder.RemoteAddr)
|
||
}
|
||
}
|
||
localForwarders = make(map[forwarderCacheKey]*LocalForwarder)
|
||
}
|
||
|
||
// GetOrCreateSSHClient returns a cached SSH client or creates a new one
|
||
func GetOrCreateSSHClient(config connection.SSHConfig) (*ssh.Client, error) {
|
||
key := newSSHClientCacheKey(config)
|
||
|
||
sshClientCacheMu.RLock()
|
||
client, exists := sshClientCache[key]
|
||
sshClientCacheMu.RUnlock()
|
||
|
||
if exists && client != nil {
|
||
// Test if connection is still alive by creating a test session
|
||
session, err := client.NewSession()
|
||
if err == nil {
|
||
session.Close()
|
||
logger.Infof("复用已有 SSH 连接:%s", formatSSHClientKeyForLog(key))
|
||
return client, nil
|
||
}
|
||
// Connection is dead, remove from cache
|
||
logger.Warnf("SSH 连接已断开,重新建立:%s (错误: %v)", formatSSHClientKeyForLog(key), err)
|
||
sshClientCacheMu.Lock()
|
||
delete(sshClientCache, key)
|
||
sshClientCacheMu.Unlock()
|
||
// Try to close the dead client
|
||
_ = client.Close()
|
||
}
|
||
|
||
// Create new SSH client
|
||
client, err := connectSSH(config)
|
||
if err != nil {
|
||
return nil, err
|
||
}
|
||
|
||
// Cache the client
|
||
sshClientCacheMu.Lock()
|
||
sshClientCache[key] = client
|
||
sshClientCacheMu.Unlock()
|
||
|
||
logger.Infof("已缓存 SSH 连接:%s", formatSSHClientKeyForLog(key))
|
||
return client, nil
|
||
}
|
||
|
||
// DialThroughSSH creates a connection through SSH tunnel
|
||
// This is a generic dialer that can be used by any database driver
|
||
func DialThroughSSH(config connection.SSHConfig, network, address string) (net.Conn, error) {
|
||
client, err := GetOrCreateSSHClient(config)
|
||
if err != nil {
|
||
return nil, fmt.Errorf("建立 SSH 连接失败:%w", err)
|
||
}
|
||
|
||
conn, err := client.Dial(network, address)
|
||
if err != nil {
|
||
return nil, fmt.Errorf("通过 SSH 隧道连接到 %s 失败:%w", address, err)
|
||
}
|
||
|
||
logger.Infof("已通过 SSH 隧道连接到:%s", address)
|
||
return conn, nil
|
||
}
|
||
|
||
// CloseAllSSHClients closes all cached SSH clients
|
||
func CloseAllSSHClients() {
|
||
sshClientCacheMu.Lock()
|
||
defer sshClientCacheMu.Unlock()
|
||
|
||
for key, client := range sshClientCache {
|
||
if client != nil {
|
||
_ = client.Close()
|
||
logger.Infof("已关闭 SSH 连接:%s", formatSSHClientKeyForLog(key))
|
||
}
|
||
}
|
||
sshClientCache = make(map[sshClientCacheKey]*ssh.Client)
|
||
}
|