1.2.0 add SMTP and 5-second shield

Author: zhyale

.travis.yml

@@ -3,7 +3,7 @@ language: go
 sudo: false
 
 go:
-  - '1.14'
+  - '1.15'
 
 script:
   - go build

README.md

@@ -66,7 +66,7 @@ https://doc.janusec.com/cn/
 * Debian 9/10+, CentOS/RHEL 7/8+, Debian 10+ is preferred (首选Debian 10+)    
 * systemd  
 * nftables  
-* Golang 1.16+ (Required by Development Only, 仅开发环境需要)  
+* Golang 1.15+ (Required by Development Only, 仅开发环境需要)  
 
 ## Quick Start for Deployment (部署快速指引)    
 

backend/application.go

@@ -152,6 +152,7 @@ func LoadApps() {
 				RedirectHTTPS:  dbApp.RedirectHTTPS,
 				HSTSEnabled:    dbApp.HSTSEnabled,
 				WAFEnabled:     dbApp.WAFEnabled,
+				ShieldEnabled:  dbApp.ShieldEnabled,
 				ClientIPMethod: dbApp.ClientIPMethod,
 				Description:    dbApp.Description,
 				Destinations:   []*models.Destination{},
@@ -325,6 +326,7 @@ func UpdateApplication(param map[string]interface{}, clientIP string, authUser *
 	redirectHTTPS := application["redirect_https"].(bool)
 	hstsEnabled := application["hsts_enabled"].(bool)
 	wafEnabled := application["waf_enabled"].(bool)
+	shieldEnabled := application["shield_enabled"].(bool)
 	ipMethod := models.IPMethod(application["ip_method"].(float64))
 	var description string
 	var ok bool
@@ -342,7 +344,7 @@ func UpdateApplication(param map[string]interface{}, clientIP string, authUser *
 	var app *models.Application
 	if appID == 0 {
 		// new application
-		newID := data.DAL.InsertApplication(appName, internalScheme, redirectHTTPS, hstsEnabled, wafEnabled, ipMethod, description, oauthRequired, sessionSeconds, owner, cspEnabled, csp)
+		newID := data.DAL.InsertApplication(appName, internalScheme, redirectHTTPS, hstsEnabled, wafEnabled, shieldEnabled, ipMethod, description, oauthRequired, sessionSeconds, owner, cspEnabled, csp)
 		app = &models.Application{
 			ID: newID, Name: appName,
 			InternalScheme: internalScheme,
@@ -352,6 +354,7 @@ func UpdateApplication(param map[string]interface{}, clientIP string, authUser *
 			RedirectHTTPS:  redirectHTTPS,
 			HSTSEnabled:    hstsEnabled,
 			WAFEnabled:     wafEnabled,
+			ShieldEnabled:  shieldEnabled,
 			ClientIPMethod: ipMethod,
 			Description:    description,
 			OAuthRequired:  oauthRequired,
@@ -364,7 +367,7 @@ func UpdateApplication(param map[string]interface{}, clientIP string, authUser *
 	} else {
 		app, _ = GetApplicationByID(appID)
 		if app != nil {
-			err := data.DAL.UpdateApplication(appName, internalScheme, redirectHTTPS, hstsEnabled, wafEnabled, ipMethod, description, oauthRequired, sessionSeconds, owner, cspEnabled, csp, appID)
+			err := data.DAL.UpdateApplication(appName, internalScheme, redirectHTTPS, hstsEnabled, wafEnabled, shieldEnabled, ipMethod, description, oauthRequired, sessionSeconds, owner, cspEnabled, csp, appID)
 			if err != nil {
 				utils.DebugPrintln("UpdateApplication", err)
 			}
@@ -373,6 +376,7 @@ func UpdateApplication(param map[string]interface{}, clientIP string, authUser *
 			app.RedirectHTTPS = redirectHTTPS
 			app.HSTSEnabled = hstsEnabled
 			app.WAFEnabled = wafEnabled
+			app.ShieldEnabled = shieldEnabled
 			app.ClientIPMethod = ipMethod
 			app.Description = description
 			app.OAuthRequired = oauthRequired

backend/certificate.go

@@ -40,9 +40,13 @@ func LoadCerts() {
 			cert.CertContent = dbCert.CertContent
 			pubCert := []byte(cert.CertContent)
 			privKey, err := data.AES256Decrypt(dbCert.EncryptedPrivKey, false)
-			utils.CheckError("LoadCerts AES256Decrypt", err)
+			if err != nil {
+				utils.DebugPrintln("LoadCerts AES256Decrypt", err)
+			}
 			tlsCert, err := tls.X509KeyPair(pubCert, privKey)
-			utils.CheckError("LoadCerts X509KeyPair", err)
+			if err != nil {
+				utils.DebugPrintln("LoadCerts X509KeyPair", err)
+			}
 			cert.PrivKeyContent = string(privKey)
 			cert.TlsCert = tlsCert
 			cert.ExpireTime = dbCert.ExpireTime
@@ -156,8 +160,8 @@ func UpdateCertificate(param map[string]interface{}, clientIP string, authUser *
 	}
 	var certItem *models.CertItem
 	tlsCert, err := tls.X509KeyPair([]byte(certContent), []byte(privKeyContent))
-	utils.CheckError("UpdateCertificate X509KeyPair", err)
 	if err != nil {
+		utils.DebugPrintln("UpdateCertificate X509KeyPair", err)
 		return nil, err
 	}
 	if id == 0 {

backend/init.go

@@ -121,6 +121,15 @@ func InitDatabase() {
 	//if err != nil {
 	//utils.DebugPrintln("InitDatabase ALTER TABLE ccpolicies ALTER COLUMN block_seconds", err)
 	//}
+
+	// v1.2.0 add shield_enabled to application
+	if !dal.ExistColumnInTable("applications", "shield_enabled") {
+		// v1.2.0+ required
+		err = dal.ExecSQL(`ALTER TABLE "applications" ADD COLUMN "shield_enabled" boolean default false`)
+		if err != nil {
+			utils.DebugPrintln("InitDatabase ALTER TABLE applications add shield_enabled", err)
+		}
+	}
 }
 
 // LoadAppConfiguration ...

backend/node.go

@@ -78,8 +78,11 @@ func GetDBNodeIndex(nodeID int64) int {
 // DeleteNodeByID ...
 func DeleteNodeByID(id int64) error {
 	dbNode, err := GetDBNodeByID(id)
+	if err != nil {
+		utils.DebugPrintln("DeleteNodeByID", err)
+		return err
+	}
 	nodesMap.Delete(dbNode.LastIP)
-	utils.CheckError("DeleteNodeByID", err)
 	err = data.DAL.DeleteNodeByID(id)
 	i := GetDBNodeIndex(id)
 	dbNodes = append(dbNodes[:i], dbNodes[i+1:]...)

backend/rpc_application.go

@@ -20,13 +20,13 @@ func RPCSelectApplications() []*models.Application {
 	rpcRequest := &models.RPCRequest{Action: "get_apps", Object: nil}
 	resp, err := data.GetRPCResponse(rpcRequest)
 	if err != nil {
-		utils.CheckError("RPCSelectApplications GetResponse", err)
+		utils.DebugPrintln("RPCSelectApplications GetResponse", err)
 		return nil
 	}
 	rpcApps := &models.RPCApplications{}
 	err = json.Unmarshal(resp, rpcApps)
 	if err != nil {
-		utils.CheckError("RPCSelectApplications Unmarshal", err)
+		utils.DebugPrintln("RPCSelectApplications Unmarshal", err)
 		return nil
 	}
 	applications := rpcApps.Object
@@ -38,13 +38,13 @@ func RPCSelectVipApplications() []*models.VipApp {
 	rpcRequest := &models.RPCRequest{Action: "get_vip_apps", Object: nil}
 	resp, err := data.GetRPCResponse(rpcRequest)
 	if err != nil {
-		utils.CheckError("RPCSelectVipApplications GetResponse", err)
+		utils.DebugPrintln("RPCSelectVipApplications GetResponse", err)
 		return nil
 	}
 	rpcVipApps := &models.RPCVipApps{}
 	err = json.Unmarshal(resp, rpcVipApps)
 	if err != nil {
-		utils.CheckError("RPCSelectVipApplications Unmarshal", err)
+		utils.DebugPrintln("RPCSelectVipApplications Unmarshal", err)
 		return nil
 	}
 	vipApps := rpcVipApps.Object

backend/rpc_certificate.go

@@ -23,18 +23,20 @@ func RPCSelectCertificates() []*models.CertItem {
 		Action: "get_certs", Object: nil}
 	resp, err := data.GetRPCResponse(rpcRequest)
 	if err != nil {
-		utils.CheckError("RPCSelectCertificates GetResponse", err)
+		utils.DebugPrintln("RPCSelectCertificates GetResponse", err)
 		return certs
 	}
 	rpcCertItems := &models.RPCCertItems{}
 	if err = json.Unmarshal(resp, rpcCertItems); err != nil {
-		utils.CheckError("RPCSelectCertificates Unmarshal", err)
+		utils.DebugPrintln("RPCSelectCertificates Unmarshal", err)
 		return certs
 	}
 	certItems := rpcCertItems.Object
 	for _, certItem := range certItems {
 		certItem.TlsCert, err = tls.X509KeyPair([]byte(certItem.CertContent), []byte(certItem.PrivKeyContent))
-		utils.CheckError("RPCSelectCertificates X509KeyPair", err)
+		if err != nil {
+			utils.DebugPrintln("RPCSelectCertificates X509KeyPair", err)
+		}
 		certs = append(certs, certItem)
 	}
 	return certs

backend/rpc_domain.go

@@ -21,13 +21,13 @@ func RPCSelectDomains() (dbDomains []*models.DBDomain) {
 		Action: "get_domains", Object: nil}
 	resp, err := data.GetRPCResponse(rpcRequest)
 	if err != nil {
-		utils.CheckError("RPCSelectDomains GetResponse", err)
+		utils.DebugPrintln("RPCSelectDomains GetResponse", err)
 		return nil
 	}
 	rpcDBDomains := &models.RPCDBDomains{}
 	err = json.Unmarshal(resp, rpcDBDomains)
 	if err != nil {
-		utils.CheckError("RPCSelectDomains Unmarshal", err)
+		utils.DebugPrintln("RPCSelectDomains Unmarshal", err)
 		return nil
 	}
 	dbDomains = rpcDBDomains.Object

backend/vip_app.go

@@ -9,7 +9,6 @@ package backend
 
 import (
 	"errors"
-	"fmt"
 	"hash/fnv"
 	"io"
 	"janusec/data"
@@ -117,6 +116,9 @@ func UDPForwarding(vipApp *models.VipApp, udpListenConn *net.UDPConn) {
 			if err != nil {
 				utils.DebugPrintln("UDPForwarding DialUDP could not connect to target", vipTarget.Destination, err)
 				vipTarget.Online = false
+				if data.NodeSetting.SMTP.SMTPEnabled {
+					sendVIPOfflineNotification(vipApp, vipTarget.Destination)
+				}
 				break
 			}
 			if udpTargetConn == nil {
@@ -131,15 +133,18 @@ func UDPForwarding(vipApp *models.VipApp, udpListenConn *net.UDPConn) {
 			udpTargetConn.SetDeadline(time.Now().Add(30 * time.Second))
 			go func() {
 				// make receiver ready before send request
-				data := make([]byte, 2048)
+				dataBuf := make([]byte, 2048)
 				for {
-					n, _, err := udpTargetConn.ReadFromUDP(data)
+					n, _, err := udpTargetConn.ReadFromUDP(dataBuf)
 					if err != nil {
 						vipTarget.Online = false
+						if data.NodeSetting.SMTP.SMTPEnabled {
+							sendVIPOfflineNotification(vipApp, vipTarget.Destination)
+						}
 						break
 					}
 					// Response to client
-					_, err = udpListenConn.WriteToUDP(data[:n], clientAddr)
+					_, err = udpListenConn.WriteToUDP(dataBuf[:n], clientAddr)
 					if err != nil {
 						break
 					}
@@ -179,6 +184,9 @@ func TCPForwarding(vipApp *models.VipApp, vipListener net.Listener) {
 			if err != nil {
 				utils.DebugPrintln("TCPForwarding could not connect to target", vipTarget.Destination, err)
 				vipTarget.Online = false
+				if data.NodeSetting.SMTP.SMTPEnabled {
+					sendVIPOfflineNotification(vipApp, vipTarget.Destination)
+				}
 				continue
 			}
 			vipTarget.Online = true
@@ -297,7 +305,6 @@ func UpdateVipApp(param map[string]interface{}, clientIP string, authUser *model
 	vipListener, err := net.Listen("tcp", ":"+strconv.FormatInt(vipApp.ListenPort, 10))
 	if err != nil {
 		utils.DebugPrintln("could not start server on port ", vipApp.ListenPort, err)
-		fmt.Println("UpdateVipApp could not start server on port ", vipApp.ListenPort, vipListener, err)
 	}
 	if vipListener != nil {
 		vipListener.Close()
@@ -385,3 +392,23 @@ func GetVipAppIndex(vipAppID int64) int {
 	}
 	return -1
 }
+
+// sendVIPOfflineNotification ...
+func sendVIPOfflineNotification(app *models.VipApp, dest string) {
+	var emails string
+	if data.IsPrimary {
+		emails = data.DAL.GetAppAdminAndOwnerEmails(app.Owner)
+	} else {
+		emails = data.NodeSetting.SMTP.AdminEmails
+	}
+	mailBody := "Backend virtual IP server: " + dest + " (" + app.Name + ") was offline."
+	if len(mailBody) > 0 && len(emails) > 0 {
+		go utils.SendEmail(data.NodeSetting.SMTP.SMTPServer,
+			data.NodeSetting.SMTP.SMTPPort,
+			data.NodeSetting.SMTP.SMTPAccount,
+			data.NodeSetting.SMTP.SMTPPassword,
+			emails,
+			"[JANUSEC] Backend server offline notification",
+			mailBody)
+	}
+}

data/backend_application.go

@@ -14,16 +14,19 @@ import (
 
 // CreateTableIfNotExistsApplications ...
 func (dal *MyDAL) CreateTableIfNotExistsApplications() error {
-	const sqlCreateTableIfNotExistsApplications = `CREATE TABLE IF NOT EXISTS "applications"("id" bigserial PRIMARY KEY,"name" VARCHAR(128) NOT NULL,"internal_scheme" VARCHAR(8) NOT NULL,"redirect_https" boolean,"hsts_enabled" boolean,"waf_enabled" boolean,"ip_method" bigint,"description" VARCHAR(256) NOT NULL,"oauth_required" boolean,"session_seconds" bigint default 7200,"owner" VARCHAR(128) NOT NULL,"csp_enabled" boolean default false,"csp" VARCHAR(1024) NOT NULL DEFAULT 'default-src ''self''')`
+	const sqlCreateTableIfNotExistsApplications = `CREATE TABLE IF NOT EXISTS "applications"("id" bigserial PRIMARY KEY,"name" VARCHAR(128) NOT NULL,"internal_scheme" VARCHAR(8) NOT NULL,"redirect_https" boolean,"hsts_enabled" boolean,"waf_enabled" boolean,"shield_enabled" boolean,"ip_method" bigint,"description" VARCHAR(256) NOT NULL,"oauth_required" boolean,"session_seconds" bigint default 7200,"owner" VARCHAR(128) NOT NULL,"csp_enabled" boolean default false,"csp" VARCHAR(1024) NOT NULL DEFAULT 'default-src ''self''')`
 	_, err := dal.db.Exec(sqlCreateTableIfNotExistsApplications)
 	return err
 }
 
 // SelectApplications ...
 func (dal *MyDAL) SelectApplications() []*models.DBApplication {
-	const sqlSelectApplications = `SELECT "id","name","internal_scheme","redirect_https","hsts_enabled","waf_enabled","ip_method","description","oauth_required","session_seconds","owner","csp_enabled","csp" FROM "applications"`
+	const sqlSelectApplications = `SELECT "id","name","internal_scheme","redirect_https","hsts_enabled","waf_enabled","shield_enabled","ip_method","description","oauth_required","session_seconds","owner","csp_enabled","csp" FROM "applications"`
 	rows, err := dal.db.Query(sqlSelectApplications)
-	utils.CheckError("SelectApplications", err)
+	if err != nil {
+		utils.DebugPrintln("SelectApplications", err)
+		return []*models.DBApplication{}
+	}
 	defer rows.Close()
 	var dbApps []*models.DBApplication
 	for rows.Next() {
@@ -35,6 +38,7 @@ func (dal *MyDAL) SelectApplications() []*models.DBApplication {
 			&dbApp.RedirectHTTPS,
 			&dbApp.HSTSEnabled,
 			&dbApp.WAFEnabled,
+			&dbApp.ShieldEnabled,
 			&dbApp.ClientIPMethod,
 			&dbApp.Description,
 			&dbApp.OAuthRequired,
@@ -51,20 +55,24 @@ func (dal *MyDAL) SelectApplications() []*models.DBApplication {
 }
 
 // InsertApplication insert an Application to DB
-func (dal *MyDAL) InsertApplication(appName string, internalScheme string, redirectHTTPS bool, hstsEnabled bool, wafEnabled bool, ipMethod models.IPMethod, description string, oauthRequired bool, sessionSeconds int64, owner string, cspEnabled bool, csp string) (newID int64) {
-	const sqlInsertApplication = `INSERT INTO "applications"("name","internal_scheme","redirect_https","hsts_enabled","waf_enabled","ip_method","description","oauth_required","session_seconds","owner","csp_enabled","csp") VALUES($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12) RETURNING "id"`
-	err := dal.db.QueryRow(sqlInsertApplication, appName, internalScheme, redirectHTTPS, hstsEnabled, wafEnabled, ipMethod, description, oauthRequired, sessionSeconds, owner, cspEnabled, csp).Scan(&newID)
-	utils.CheckError("InsertApplication", err)
+func (dal *MyDAL) InsertApplication(appName string, internalScheme string, redirectHTTPS bool, hstsEnabled bool, wafEnabled bool, shieldEnabled bool, ipMethod models.IPMethod, description string, oauthRequired bool, sessionSeconds int64, owner string, cspEnabled bool, csp string) (newID int64) {
+	const sqlInsertApplication = `INSERT INTO "applications"("name","internal_scheme","redirect_https","hsts_enabled","waf_enabled","shield_enabled","ip_method","description","oauth_required","session_seconds","owner","csp_enabled","csp") VALUES($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13) RETURNING "id"`
+	err := dal.db.QueryRow(sqlInsertApplication, appName, internalScheme, redirectHTTPS, hstsEnabled, wafEnabled, shieldEnabled, ipMethod, description, oauthRequired, sessionSeconds, owner, cspEnabled, csp).Scan(&newID)
+	if err != nil {
+		utils.DebugPrintln("InsertApplication", err)
+	}
 	return newID
 }
 
 // UpdateApplication update an Application
-func (dal *MyDAL) UpdateApplication(appName string, internalScheme string, redirectHTTPS bool, hstsEnabled bool, wafEnabled bool, ipMethod models.IPMethod, description string, oauthRequired bool, sessionSeconds int64, owner string, cspEnabled bool, csp string, appID int64) error {
-	const sqlUpdateApplication = `UPDATE "applications" SET "name"=$1,"internal_scheme"=$2,"redirect_https"=$3,"hsts_enabled"=$4,"waf_enabled"=$5,"ip_method"=$6,"description"=$7,"oauth_required"=$8,"session_seconds"=$9,"owner"=$10,"csp_enabled"=$11,"csp"=$12 WHERE "id"=$13`
+func (dal *MyDAL) UpdateApplication(appName string, internalScheme string, redirectHTTPS bool, hstsEnabled bool, wafEnabled bool, shieldEnabled bool, ipMethod models.IPMethod, description string, oauthRequired bool, sessionSeconds int64, owner string, cspEnabled bool, csp string, appID int64) error {
+	const sqlUpdateApplication = `UPDATE "applications" SET "name"=$1,"internal_scheme"=$2,"redirect_https"=$3,"hsts_enabled"=$4,"waf_enabled"=$5,"shield_enabled"=$6,"ip_method"=$7,"description"=$8,"oauth_required"=$9,"session_seconds"=$10,"owner"=$11,"csp_enabled"=$12,"csp"=$13 WHERE "id"=$14`
 	stmt, _ := dal.db.Prepare(sqlUpdateApplication)
 	defer stmt.Close()
-	_, err := stmt.Exec(appName, internalScheme, redirectHTTPS, hstsEnabled, wafEnabled, ipMethod, description, oauthRequired, sessionSeconds, owner, cspEnabled, csp, appID)
-	utils.CheckError("UpdateApplication", err)
+	_, err := stmt.Exec(appName, internalScheme, redirectHTTPS, hstsEnabled, wafEnabled, shieldEnabled, ipMethod, description, oauthRequired, sessionSeconds, owner, cspEnabled, csp, appID)
+	if err != nil {
+		utils.DebugPrintln("UpdateApplication", err)
+	}
 	return err
 }
 
@@ -74,6 +82,8 @@ func (dal *MyDAL) DeleteApplication(appID int64) error {
 	stmt, _ := dal.db.Prepare(sqlDeleteApplication)
 	defer stmt.Close()
 	_, err := stmt.Exec(appID)
-	utils.CheckError("DeleteApplication", err)
+	if err != nil {
+		utils.DebugPrintln("DeleteApplication", err)
+	}
 	return err
 }