Fix access stats and adjust 301 to 308, Merge branch 'fix'

Janusec · Sep 4, 2021 · d95fe82 · d95fe82
2 parents 4c5ad08 + 6bac7d1
commit d95fe82
Show file tree

Hide file tree

Showing 19 changed files with 306 additions and 114 deletions.
diff --git a/.gitignore b/.gitignore
@@ -7,3 +7,4 @@
 *.zip
 *.tar.gz
 /static/cdncache
+/certs
diff --git a/README.md b/README.md
@@ -3,143 +3,260 @@
 [![Build Status](https://travis-ci.org/Janusec/janusec.svg?branch=master)](https://travis-ci.org/Janusec/janusec)
 
 
-## Provide Fast and Secure Application Delivery / 提供快速、安全的应用交付   
+[English Readme](#provide-fast-and-secure-application-delivery)  
 
-![Janusec Application Gateway](gateway1.png)  
+## 提供快速、安全的应用交付   
 
-Introduction Slides / 介绍PPT:  
+![Janusec Application Gateway](gateway1.png)  
 
-中文： https://www.janusec.com/download/Janusec-Application-Gateway-CN.pdf   
+介绍PPT： https://www.janusec.com/download/Janusec-Application-Gateway-CN.pdf   
 
-English: https://www.janusec.com/download/Janusec-Application-Gateway.pdf   
 
-### Key Features (主要特性)  
+### 主要特性  
 
-* Fast Delivery (快速): Web-based Configuration (Web化配置)  
+* 快速: Web化配置  
 
-* Security (安全)  
+* 安全  
 
-  + Secure Access (安全接入): Enable HTTPS by One Click (一键启用HTTPS)   
+  + 安全接入: 一键启用HTTPS   
 
-  + Secure Authentication (安全认证):  
+  + 安全认证:  
       - OAuth2: WxWork(企业微信), DingTalk(钉钉), Feishu(飞书)  
-      - LDAP + Authenticator 2FA (LDAP+认证码双因子)   
+      - LDAP+认证码双因子   
       - CAS 2.0  
 
-  + Secure Defense (安全防御)  
-      - WAF (Web Application Firewall), Block SQL Injection, XSS, Sensitive Data leakage etc. (拦截SQL注入/XSS/敏感数据泄露等)    
-      - Block CC Attacks (拦截CC攻击)  
-      - CAPTCHA (验证码)  
+  + 安全防御  
+      - WAF (Web应用防火墙，拦截SQL注入/XSS/敏感数据泄露等)    
+      - 拦截CC攻击  
+      - 支持CAPTCHA (验证码)  
 
-  + Secure Operation (安全运维): Web SSH Operation (Web界面执行SSH运维)   
+  + 安全运维: Web界面执行SSH运维   
 
-  + Secure Storage (安全存储): Encryption of Private Key (加密证书私钥)  
+  + 安全存储: 加密证书私钥  
 
-* Scalable (可扩展)    
-  + Multiple Nodes Load Balance (多节点负载均衡)  
-  + Static Content Cache and Acceleration (静态文件缓存加速)  
+* 可扩展    
+  + 多节点负载均衡   
+  + 静态文件缓存加速  
 
 
 
-## Screenshots (截图)   
+## 截图   
 
-### SQL Injection Screenshot (SQL注入截图)  
+### SQL注入截图  
 
 ![Janusec Application Gateway Screenshot](waf-demo1.png)  
 
-### Sensitive Data Leakage Screenshot (敏感信息泄露截图)  
+### 敏感信息泄露截图  
 
 ![Janusec Application Gateway Screenshot](waf-demo2.png)  
 
-## Product Web Site (产品网站)   
-
-English:   
-https://janusec.github.io/  
-
+## 产品网站   
 
-中文:   
 https://doc.janusec.com/cn/   
 
-## Requirements (需求)   
+## 需求   
 
-* PostgreSQL 10/11/12+ (Required by Development and Primary Node of Deployment, 开发环境，及生产环境主节点需要)  
-* Debian 9/10+, CentOS/RHEL 7/8+, Debian 10+ is preferred (首选Debian 10+)    
+* PostgreSQL 10/11/12+ (开发环境，及生产环境主节点需要)  
+* Debian 9/10+, CentOS/RHEL 7/8+, 首选Debian 10+    
 * systemd  
 * nftables  
-* Golang 1.15+ (Required by Development Only, 仅开发环境需要)  
+* Golang 1.15+ (仅开发环境需要)  
 
-## Quick Start for Deployment (部署快速指引)    
-
-Detailed documentation is available at： [Janusec Application Gateway Quick Start](https://janusec.github.io/documentation/quick-start/).  
+## 部署快速指引    
 
 详细文档可在这里获取： [Janusec应用网关快速入门](https://doc.janusec.com/cn/quick-start/)  
 
 如希望快速体验，可尝试使用 [Docker镜像](https://www.janusec.com/articles/opensource/1615470598.html)    
 
-## Quick Start for Developer (开发快速指引)   
+## 开发快速指引   
 
 > git clone https://github.com/Janusec/janusec.git   
 
 
-Edit `config.json` (编辑`config.json`)  
+编辑`config.json`  
 
 > "host": "127.0.0.1",  
 > "port": "5432",  
 > "user": "janusec",  
 > "password": "123456",  
 > "dbname": "janusec"  
 
-Janusec will encrypt the password automatically (Janusec将自动加密数据库口令)  
-Then (然后):  
+Janusec将自动加密数据库口令    
+然后:  
 
 > go build  
-> su (switch to root)  
+> su (切换到root)  
 > ./janusec  
 
-## Web Administration (Web管理入口) 
+## Web管理入口 
 
-When listen=false in config.json (当config.json中listen=false时 ，使用如下地址):  
+当config.json中listen=false时 ，使用如下地址:  
 
-> http://`your_primary_node_ip_address`/janusec-admin/    (first use / 首次使用)  
-> https://`your_application_domain_name`/janusec-admin/   (after certificate configured / 配置证书后)  
+> http://`your_primary_node_ip_address`/janusec-admin/    (首次使用)  
+> https://`your_application_domain_name`/janusec-admin/   (配置证书后)  
 
-When listen=true in config.json （当config.json中listen=true时，使用如下地址):  
+当config.json中listen=true时，使用如下地址:  
 
-> http://`your_primary_node_ip_address:9080`/janusec-admin/    (first use / 首次使用)  
-> https://`your_primary_node_domain_name:9443`/janusec-admin/  (after certificate configured / 配置证书和应用后)  
+> http://`your_primary_node_ip_address:9080`/janusec-admin/    (首次使用)  
+> https://`your_primary_node_domain_name:9443`/janusec-admin/  (配置证书和应用后)  
 
-When using primary node only, any application domain name can be used for admin. / 只使用主节点时，任意应用域名均可用于访问管理入口 
-But if you have one or more replica nodes, you should apply for a seperate domain name for primary node. / 如果使用了副本节点，应为主节点申请一个单独的域名。   
+只使用主节点时，任意应用域名均可用于访问管理入口。   
+如果使用了副本节点，应为主节点申请一个单独的域名。   
 
-[Janusec Application Gateway Configuration](https://janusec.github.io/documentation/quick-start/) / [Janusec应用网关配置](https://doc.janusec.com/cn/quick-start/)   
+[Janusec应用网关配置](https://doc.janusec.com/cn/quick-start/)   
 
-## Release (发布) 
+## 发布 
 
-Only support Linux Now / 目前仅支持Linux  
+目前仅支持Linux  
 
 > go build  
 > su  
 > `./release.sh`    
 
-The release package is under `./dist` (生成的发布包位于`./dist`目录).  
+生成的发布包位于`./dist`目录。    
 
-## Web Administration Release (Web管理发布)
+## Web管理发布
 
-Release directory is `./static/janusec-admin/` , and source code is available at [Janusec-Admin Github](https://github.com/Janusec/janusec-admin) with Angular 9.   
 Web化管理所需的文件在 `./static/janusec-admin/` 目录, 源码在 [Janusec-Admin Github](https://github.com/Janusec/janusec-admin) ，前端源码使用Angular 9.  
 
-## LICENSE (许可证)  
+## 许可证  
 
-Janusec Application Gateway source files are made available under the terms of the GNU Affero General Public License ([GNU AGPLv3](http://www.gnu.org/licenses/agpl-3.0.html)). / Janusec应用网关源文件使用GNU [AGPLv3](http://www.gnu.org/licenses/agpl-3.0.html)授权.    
+Janusec应用网关源文件使用GNU [AGPLv3](http://www.gnu.org/licenses/agpl-3.0.html)授权.    
 
-## Support (支持)  
+## 支持  
 
-* Product: [https://janusec.github.io/](https://janusec.github.io/)  
 * 产品网站 [https://doc.janusec.com/cn/](https://doc.janusec.com/cn/)   
-* Official site / 官方网站: [https://www.janusec.com/](https://www.janusec.com/)  
+* 官方网站: [https://www.janusec.com/](https://www.janusec.com/)  
 * Email: `support#janusec.com`  
-* QQ Group / QQ群: 776900157  , @[U2](https://github.com/zhyale) (The Author)  
+* QQ群: 776900157  , @[U2](https://github.com/zhyale)     
 
 * 作者微信公众号： 数据安全架构与治理（Data-Security）  
 
 ![数据安全架构与治理（Data-Security）](Data-Security.png)  
+
+---  
+
+## Provide Fast and Secure Application Delivery  
+
+![Janusec Application Gateway](gateway1.png)  
+
+Introduction Slides: https://www.janusec.com/download/Janusec-Application-Gateway.pdf   
+
+### Key Features   
+
+* Fast Delivery : Web-based Configuration    
+
+* Security    
+
+  + Secure Access: Enable HTTPS by One Click   
+
+  + Secure Authentication:  
+      - OAuth2: WxWork, DingTalk, Feishu, Lark    
+      - LDAP + Authenticator 2FA    
+      - CAS 2.0  
+
+  + Secure Defense   
+      - WAF (Web Application Firewall), Block SQL Injection, XSS, Sensitive Data leakage etc.    
+      - Block CC Attacks  
+      - CAPTCHA   
+
+  + Secure Operation: Web SSH Operation    
+
+  + Secure Storage: Encryption of Private Key   
+
+* Scalable      
+  + Multiple Nodes Load Balance     
+  + Static Content Cache and Acceleration    
+
+
+
+## Screenshots     
+
+### SQL Injection Screenshot  
+
+![Janusec Application Gateway Screenshot](waf-demo1.png)  
+
+### Sensitive Data Leakage Screenshot   
+
+![Janusec Application Gateway Screenshot](waf-demo2.png)  
+
+## Product Web Site   
+
+English:   
+https://janusec.github.io/  
+
+
+## Requirements    
+
+* PostgreSQL 10/11/12+ (Required by Development and Primary Node of Deployment)  
+* Debian 9/10+, CentOS/RHEL 7/8+, Debian 10+ is preferred       
+* systemd  
+* nftables  
+* Golang 1.15+ (Required by Development Only)  
+
+## Quick Start for Deployment     
+
+Detailed documentation is available at： [Janusec Application Gateway Quick Start](https://janusec.github.io/documentation/quick-start/).  
+
+You can also try it with [Docker Image](https://www.janusec.com/articles/opensource/1615470598.html)    
+
+## Quick Start for Developer   
+
+> git clone https://github.com/Janusec/janusec.git   
+
+
+Edit `config.json`     
+
+> "host": "127.0.0.1",  
+> "port": "5432",  
+> "user": "janusec",  
+> "password": "123456",  
+> "dbname": "janusec"  
+
+Janusec will encrypt the password automatically, then:  
+
+> go build  
+> su (switch to root)  
+> ./janusec  
+
+## Web Administration   
+
+When listen=false in config.json:  
+
+> http://`your_primary_node_ip_address`/janusec-admin/    (first use)  
+> https://`your_application_domain_name`/janusec-admin/   (after certificate configured)  
+
+When listen=true in config.json :  
+
+> http://`your_primary_node_ip_address:9080`/janusec-admin/    (first use)  
+> https://`your_primary_node_domain_name:9443`/janusec-admin/  (after certificate configured)  
+
+When using primary node only, any application domain name can be used for admin.   
+But if you have one or more replica nodes, you should apply for a seperate domain name for primary node.   
+
+[Janusec Application Gateway Configuration](https://janusec.github.io/documentation/quick-start/)   
+
+## Release   
+
+Only support Linux Now    
+
+> go build  
+> su  
+> `./release.sh`    
+
+The release package is under `./dist` .  
+
+## Web Administration Release  
+
+Release directory is `./static/janusec-admin/` , and source code is available at [Janusec-Admin Github](https://github.com/Janusec/janusec-admin) with Angular 9.  
+
+## LICENSE   
+
+Janusec Application Gateway source files are made available under the terms of the GNU Affero General Public License ([GNU AGPLv3](http://www.gnu.org/licenses/agpl-3.0.html)).   
+
+## Support   
+
+* Product: [https://janusec.github.io/](https://janusec.github.io/)   
+* Official site : [https://www.janusec.com/](https://www.janusec.com/)  
+* Email: `support#janusec.com`  
+* QQ Group: 776900157  , @[U2](https://github.com/zhyale) (The Author)  
diff --git a/backend/init.go b/backend/init.go
@@ -130,6 +130,14 @@ func InitDatabase() {
 			utils.DebugPrintln("InitDatabase ALTER TABLE applications add shield_enabled", err)
 		}
 	}
+
+	// v1.2.4 add constraint to access_stats
+	if !dal.ExistConstraint("access_stats", "stat_id") {
+		err = dal.ExecSQL(`ALTER TABLE "access_stats" ADD CONSTRAINT "stat_id" unique ("app_id","url_path","stat_date")`)
+		if err != nil {
+			//utils.DebugPrintln("InitDatabase ALTER TABLE access_stats add constraint", err)
+		}
+	}
 }
 
 // LoadAppConfiguration ...

diff --git a/data/data.go b/data/data.go
@@ -33,7 +33,7 @@ var (
 	// IsPrimary i.e. Is Primary Node
 	IsPrimary bool
 	// Version of JANUSEC
-	Version = "1.2.3"
+	Version = "1.2.4"
 	// NodeKey share with all nodes
 	NodeKey []byte
 )
@@ -97,3 +97,14 @@ func (dal *MyDAL) ExistColumnInTable(tableName string, columnName string) bool {
 	}
 	return count > 0
 }
+
+// ExistConstraint ...
+func (dal *MyDAL) ExistConstraint(tableName string, constraintName string) bool {
+	var count int64
+	const sql = `SELECT count(1) FROM information_schema.constraint_column_usage WHERE table_name=$1 and constraint_name=$2`
+	err := dal.db.QueryRow(sql, tableName, constraintName).Scan(&count)
+	if err != nil {
+		utils.DebugPrintln("ExistConstraint QueryRow", err)
+	}
+	return count > 0
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -7,3 +7,4 @@ @@
     *.zip
     *.tar.gz
     /static/cdncache
+    /certs