SSH 登录事件增加 IP 白名单

Author: dushixiang

internal/handler/ssh_login_handler.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"net/http"
 
+	"github.com/dushixiang/pika/internal/models"
 	"github.com/dushixiang/pika/internal/service"
 	"github.com/go-orz/orz"
 	"github.com/labstack/echo/v4"
@@ -50,15 +51,12 @@ func (h *SSHLoginHandler) GetConfig(c echo.Context) error {
 func (h *SSHLoginHandler) UpdateConfig(c echo.Context) error {
 	agentID := c.Param("id")
 
-	var req struct {
-		Enabled bool `json:"enabled"`
-	}
-
+	var req models.SSHLoginConfigData
 	if err := c.Bind(&req); err != nil {
 		return err
 	}
 
-	err := h.service.UpdateConfig(c.Request().Context(), agentID, req.Enabled)
+	err := h.service.UpdateConfig(c.Request().Context(), agentID, &req)
 	if err != nil {
 		h.logger.Error("更新SSH登录监控配置失败", zap.Error(err))
 		return c.JSON(http.StatusInternalServerError, map[string]string{

internal/handler/tamper_handler.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"net/http"
 
+	"github.com/dushixiang/pika/internal/models"
 	"github.com/dushixiang/pika/internal/service"
 	"github.com/go-orz/orz"
 	"github.com/labstack/echo/v4"
@@ -27,16 +28,13 @@ func NewTamperHandler(logger *zap.Logger, tamperService *service.TamperService)
 func (h *TamperHandler) UpdateConfig(c echo.Context) error {
 	agentID := c.Param("id")
 
-	var req struct {
-		Enabled bool     `json:"enabled"`
-		Paths   []string `json:"paths"`
-	}
+	var req models.TamperProtectConfigData
 
 	if err := c.Bind(&req); err != nil {
 		return err
 	}
 
-	err := h.tamperService.UpdateConfig(c.Request().Context(), agentID, req.Enabled, req.Paths)
+	err := h.tamperService.UpdateConfig(c.Request().Context(), agentID, &req)
 	if err != nil {
 		h.logger.Error("更新防篡改配置失败", zap.Error(err), zap.String("agentId", agentID))
 		return c.JSON(http.StatusInternalServerError, map[string]interface{}{

internal/service/ssh_login_service.go

@@ -53,10 +53,11 @@ func (s *SSHLoginService) GetConfig(ctx context.Context, agentID string) (*model
 
 // UpdateConfig 更新配置并下发到 Agent
 // 返回: config - 配置对象, error - 错误信息
-func (s *SSHLoginService) UpdateConfig(ctx context.Context, agentID string, enabled bool) error {
+func (s *SSHLoginService) UpdateConfig(ctx context.Context, agentID string, req *models.SSHLoginConfigData) error {
 	// 保存配置到数据库
 	config := models.SSHLoginConfigData{
-		Enabled:     enabled,
+		Enabled:     req.Enabled,
+		IPWhitelist: req.IPWhitelist,
 		ApplyStatus: "pending",
 	}
 
@@ -70,7 +71,7 @@ func (s *SSHLoginService) UpdateConfig(ctx context.Context, agentID string, enab
 
 	// 下发配置到 Agent
 	go func() {
-		if err := s.sendConfigToAgent(agentID, enabled); err != nil {
+		if err := s.sendConfigToAgent(agentID, config.Enabled); err != nil {
 			s.logger.Error("下发SSH登录监控配置到 Agent 失败", zap.String("agentId", agentID), zap.Error(err))
 		}
 	}()

internal/service/tamper_service.go

@@ -54,7 +54,7 @@ func (s *TamperService) UpdateConfigByAgentID(ctx context.Context, agentID strin
 }
 
 // UpdateConfig 更新探针的防篡改配置
-func (s *TamperService) UpdateConfig(ctx context.Context, agentID string, enabled bool, paths []string) error {
+func (s *TamperService) UpdateConfig(ctx context.Context, agentID string, req *models.TamperProtectConfigData) error {
 	// 查找现有配置
 	config, err := s.GetConfigByAgentID(ctx, agentID)
 	if err != nil {
@@ -72,25 +72,25 @@ func (s *TamperService) UpdateConfig(ctx context.Context, agentID string, enable
 	var added, removed []string
 
 	// 处理不同的状态转换场景
-	if !enabled {
+	if !req.Enabled {
 		// 场景1: 禁用防篡改功能，需要移除所有旧的路径配置
 		removed = oldPaths
 		added = []string{}
 		// 注意: 不清空 paths，保留配置以便下次启用时使用
 	} else if !wasEnabled {
 		// 场景2: 从禁用切换到启用，所有路径都作为新增
 		// 因为探针端已经移除了所有监控，需要重新添加
-		added = paths
+		added = req.Paths
 		removed = []string{}
 	} else {
 		// 场景3: 启用状态下的正常增量更新
-		added, removed = s.calculatePathDiff(oldPaths, paths)
+		added, removed = s.calculatePathDiff(oldPaths, req.Paths)
 	}
 
 	// 创建或更新配置
 	newConfig := &models.TamperProtectConfigData{
-		Enabled:     enabled,
-		Paths:       paths,
+		Enabled:     req.Enabled,
+		Paths:       req.Paths,
 		ApplyStatus: "pending",
 	}
 
@@ -113,7 +113,7 @@ func (s *TamperService) UpdateConfig(ctx context.Context, agentID string, enable
 				zap.String("agentId", agentID),
 				zap.Strings("added", added),
 				zap.Strings("removed", removed),
-				zap.Int("totalPaths", len(paths)))
+				zap.Int("totalPaths", len(req.Paths)))
 		}
 	}()
 	return nil