README
¶
代理服务(Proxy)
模块导览
本模块按协议拆分为以下独立模块,各自维护协议逻辑与特定功能:
| 协议 | 模块 | 路由 | 说明 |
|---|---|---|---|
| RDP | server/apps/mproxy/rdp |
/ws/rdp/{id} |
Windows 远程桌面代理,支持图形界面与会话录制 |
| RDS | server/apps/mproxy/rds |
/ws/rds/{id} |
数据库代理(MySQL),支持 SQL 审计与风险检测 |
| SSH | server/apps/mproxy/ssh |
/ws/ssh/{id} |
Linux SSH 代理,支持终端与命令审计 |
通用模块
本模块保留以下通用组件:
- types.go: 共用类型定义(
Connection、Protocol、WebSocketConn接口) - interface.go: 服务接口定义(连接 CRUD 操作)
- impl/impl.go: 连接生命周期管理实现
各协议模块通过 IoC 容器注册并独立提供 WebSocket 路由处理,无需修改 proxy 核心代码。
Documentation
¶
Index ¶
- Constants
- func ProxyBidirectional(ctx context.Context, conn1, conn2 net.Conn, log *zerolog.Logger) error
- type ANSIFilter
- type CloseConnectionRequest
- type Connection
- type ConnectionHandler
- type ConnectionSet
- type ConnectionStatus
- type CreateConnectionRequest
- type DangerousPattern
- type Direction
- type GetConnectionRequest
- type ListConnectionsRequest
- type ParseResult
- type Parser
- type Protocol
- type Recorder
- type RecorderFactory
- type RecordingStatus
- type RiskLevel
- type Service
- type TCPServer
- type TCPServerMetrics
- type TCPSession
- type WebSocketConn
Constants ¶
View Source
const (
AppName = "proxy"
)
Variables ¶
This section is empty.
Functions ¶
Types ¶
type ANSIFilter ¶
type ANSIFilter struct {
// contains filtered or unexported fields
}
ANSIFilter ANSI 转义序列过滤器
func (*ANSIFilter) ContainsANSI ¶
func (f *ANSIFilter) ContainsANSI(data []byte) bool
ContainsANSI 检测数据中是否包含 ANSI 转义序列
func (*ANSIFilter) ExtractPrintableText ¶
func (f *ANSIFilter) ExtractPrintableText(data []byte) []byte
ExtractPrintableText 提取可打印文本(用于命令提取)
func (*ANSIFilter) Filter ¶
func (f *ANSIFilter) Filter(data []byte) []byte
Filter 过滤 ANSI 转义序列,返回纯文本
func (*ANSIFilter) IsInteractiveCommand ¶
func (f *ANSIFilter) IsInteractiveCommand(data []byte) bool
IsInteractiveCommand 判断是否为交互式命令(vim、top、less等)
type CloseConnectionRequest ¶
type CloseConnectionRequest struct {
SessionID string `json:"session_id"`
CloseReason string `json:"close_reason,omitempty"`
}
CloseConnectionRequest 关闭连接请求
type Connection ¶
type Connection struct {
// 会话ID
SessionID string `json:"session_id"`
// 协议类型
Protocol Protocol `json:"protocol"`
// 目标信息
ResourceID string `json:"resource_id"`
TargetHost string `json:"target_host"`
TargetPort int `json:"target_port"`
// 用户信息
Username string `json:"username"`
UserID string `json:"user_id"`
ClientIP string `json:"client_ip"`
// 状态信息
Status ConnectionStatus `json:"status"`
CreateTime time.Time `json:"create_time"`
CloseTime *time.Time `json:"close_time,omitempty"`
// 数据统计
BytesSent int64 `json:"bytes_sent"`
BytesReceived int64 `json:"bytes_received"`
// 扩展信息
Metadata map[string]string `json:"metadata,omitempty"`
}
Connection 连接信息
type ConnectionHandler ¶
type ConnectionHandler interface {
// HandleConnection 处理单个客户端连接
// 返回错误时,TCPServer 会关闭连接
HandleConnection(ctx context.Context, conn net.Conn) error
}
ConnectionHandler 连接处理器接口,由具体协议实现
type ConnectionSet ¶
type ConnectionSet struct {
Total int64 `json:"total"`
Items []*Connection `json:"items"`
}
ConnectionSet 连接列表
type ConnectionStatus ¶
type ConnectionStatus string
ConnectionStatus 连接状态
const ( ConnectionStatusActive ConnectionStatus = "active" ConnectionStatusClosed ConnectionStatus = "closed" ConnectionStatusError ConnectionStatus = "error" )
type CreateConnectionRequest ¶
type CreateConnectionRequest struct {
// 协议类型
Protocol Protocol `json:"protocol"`
// 目标资源ID
ResourceID string `json:"resource_id"`
// 目标主机
TargetHost string `json:"target_host"`
// 目标端口
TargetPort int `json:"target_port"`
// 认证信息
Username string `json:"username"`
Password string `json:"password,omitempty"`
// 用户信息(审计用)
UserID string `json:"user_id"`
ClientIP string `json:"client_ip"`
// 扩展信息
Metadata map[string]string `json:"metadata,omitempty"`
}
CreateConnectionRequest 创建连接请求
type DangerousPattern ¶
type DangerousPattern struct {
// 操作类型(e.g., "DROP", "DELETE", "TRUNCATE")
Operation string
// 风险等级
RiskLevel RiskLevel
// 是否应该拦截
ShouldBlock bool
// 拦截原因
BlockReason string
}
DangerousPattern 危险模式定义
type GetConnectionRequest ¶
type GetConnectionRequest struct {
SessionID string `json:"session_id"`
}
GetConnectionRequest 获取连接请求
type ListConnectionsRequest ¶
type ListConnectionsRequest struct {
Page int64 `json:"page"`
PageSize int64 `json:"page_size"`
Protocol Protocol `json:"protocol,omitempty"`
UserID string `json:"user_id,omitempty"`
Status ConnectionStatus `json:"status,omitempty"`
}
ListConnectionsRequest 列出连接请求
type ParseResult ¶
type ParseResult struct {
// 解析出的事件列表
Events []*audit.OperationEvent
// 是否应该拦截
ShouldBlock bool
// 拦截原因
BlockReason string
}
ParseResult 解析结果
type Parser ¶
type Parser interface {
// Parse 解析数据流,返回审计事件
// data: 原始数据
// direction: 数据流方向
// sessionID: 会话ID
Parse(ctx context.Context, data []byte, direction Direction, sessionID string) (*ParseResult, error)
// DetectRisk 检测风险等级
DetectRisk(event *audit.OperationEvent) RiskLevel
// ShouldBlock 判断是否应该拦截
ShouldBlock(event *audit.OperationEvent) bool
}
Parser 协议解析器接口
type Recorder ¶
type Recorder interface {
// Start 开始录制
Start(ctx context.Context, sessionID string, metadata map[string]interface{}) error
// Write 写入数据
// timestamp: 相对于会话开始的时间偏移(秒)
// ioType: 输入输出类型('i' input, 'o' output)
// data: 数据内容
Write(timestamp float64, ioType rune, data []byte) error
// Stop 结束录制,返回录像文件路径
Stop(ctx context.Context) (recordingPath string, err error)
// Status 获取录制状态
Status() RecordingStatus
// Protocol 返回录制器支持的协议
Protocol() audit.Protocol
}
Recorder 会话录制器接口
type RecorderFactory ¶
type RecorderFactory interface {
// GetRecorder 根据协议获取录制器
GetRecorder(protocol audit.Protocol) (Recorder, error)
}
RecorderFactory 录制器工厂
type RecordingStatus ¶
type RecordingStatus string
RecordingStatus 录制状态
const ( RecordingStatusActive RecordingStatus = "active" RecordingStatusRecording RecordingStatus = "recording" RecordingStatusPaused RecordingStatus = "paused" RecordingStatusStopped RecordingStatus = "stopped" )
type Service ¶
type Service interface {
// 创建代理连接
CreateConnection(context.Context, *CreateConnectionRequest) (*Connection, error)
// 获取连接信息
GetConnection(context.Context, *GetConnectionRequest) (*Connection, error)
// 列出所有连接
ListConnections(context.Context, *ListConnectionsRequest) (*ConnectionSet, error)
// 关闭连接
CloseConnection(context.Context, *CloseConnectionRequest) error
}
Service 代理服务接口
func GetService ¶
func GetService() Service
type TCPServer ¶
type TCPServer struct {
// contains filtered or unexported fields
}
TCPServer 通用 TCP 代理服务器
func NewTCPServer ¶
func NewTCPServer( listenAddr string, maxConnections int, handler ConnectionHandler, log *zerolog.Logger, ) *TCPServer
NewTCPServer 创建 TCP 服务器
func (*TCPServer) CloseSession ¶
CloseSession 关闭指定会话
func (*TCPServer) GetActiveSessions ¶
func (s *TCPServer) GetActiveSessions() []*TCPSession
GetActiveSessions 获取活跃会话列表
func (*TCPServer) GetMetrics ¶
func (s *TCPServer) GetMetrics() *TCPServerMetrics
GetMetrics 获取服务器指标
type TCPServerMetrics ¶
type TCPServerMetrics struct {
TotalConnections atomic.Int64 // 总连接数
ActiveConnections atomic.Int64 // 活跃连接数
FailedConnections atomic.Int64 // 失败连接数
TotalBytesSent atomic.Int64 // 总发送字节数
TotalBytesReceived atomic.Int64 // 总接收字节数
LastStartTime time.Time // 最后启动时间
}
TCPServerMetrics TCP 服务器指标
type TCPSession ¶
type TCPSession struct {
SessionID string
ClientConn net.Conn
CreateTime time.Time
BytesSent atomic.Int64
BytesReceived atomic.Int64
// contains filtered or unexported fields
}
TCPSession TCP 会话
type WebSocketConn ¶
type WebSocketConn interface {
io.ReadWriteCloser
// SetReadDeadline 设置读超时
SetReadDeadline(t time.Time) error
// SetWriteDeadline 设置写超时
SetWriteDeadline(t time.Time) error
}
WebSocketConn WebSocket 连接接口(抽象层)
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.