bug fixes (#918)

* bug fixes * fix for backward compatibility * fix init * cleanup * possible fix * optimize permission check * Revert "possible fix" This reverts commit 003f1bbb2aa368aade6702e6019922b7f4871a39.
2026-02-06 05:30:05 +00:00 · 2024-12-26 23:38:40 +08:00
parent b876909a8a
commit 85818c2630
5 changed files with 16 additions and 10 deletions
--- a/service/rpc/auth.go
+++ b/service/rpc/auth.go
@@ -38,7 +38,7 @@ func (a *authHandler) Check(ctx context.Context) (uint64, error) {

 	singleton.UserLock.RLock()
 	userId, ok := singleton.AgentSecretToUserId[clientSecret]
-	if !ok && clientSecret != singleton.Conf.AgentSecretKey {
+	if !ok {
 		singleton.UserLock.RUnlock()
 		model.BlockIP(singleton.DB, ip, model.WAFBlockReasonTypeAgentAuthFail, model.BlockIDgRPC)
 		return 0, status.Error(codes.Unauthenticated, "客户端认证失败")
--- a/service/singleton/alertsentinel.go
+++ b/service/singleton/alertsentinel.go
@@ -151,8 +151,11 @@ func checkStatus() {
 				role = u.Role
 			}
 			UserLock.RUnlock()
+			if alert.UserID != server.UserID && role != model.RoleAdmin {
+				continue
+			}
 			alertsStore[alert.ID][server.ID] = append(alertsStore[alert.
-				ID][server.ID], alert.Snapshot(AlertsCycleTransferStatsStore[alert.ID], server, DB, role))
+				ID][server.ID], alert.Snapshot(AlertsCycleTransferStatsStore[alert.ID], server, DB))
 			// 发送通知，分为触发报警和恢复通知
 			max, passed := alert.Check(alertsStore[alert.ID][server.ID])
 			// 保存当前服务器状态信息
--- a/service/singleton/user.go
+++ b/service/singleton/user.go
@@ -21,6 +21,13 @@ func initUser() {
 	var users []model.User
 	DB.Find(&users)

+	// for backward compatibility
+	UserInfoMap[0] = model.UserInfo{
+		Role:        model.RoleAdmin,
+		AgentSecret: Conf.AgentSecretKey,
+	}
+	AgentSecretToUserId[Conf.AgentSecretKey] = 0
+
 	for _, u := range users {
 		UserInfoMap[u.ID] = model.UserInfo{
 			Role:        u.Role,