loren/gitea-jira-task-bot
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

feat:访问控制和dashboard重启功能

Browse Source
This commit is contained in:
李晨希
2026-01-30 10:02:29 +08:00
parent 0e6a780c50
commit 0c4cc03efc
4 changed files with 119 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
index.js
View File

@@ -6,7 +6,7 @@ const config = require('./src/config/env');
const { getConfiguredRepos } = require('./src/config/mappings'); const { getConfiguredRepos } = require('./src/config/mappings');
const { handleIssueEvent } = require('./src/logic/syncManager'); const { handleIssueEvent } = require('./src/logic/syncManager');
const { handleJiraHook } = require('./src/logic/jiraSyncManager'); const { handleJiraHook } = require('./src/logic/jiraSyncManager');
const editorRoutes = require('./src/routes/editor'); const editorRoutes = require('./src/routes/control');
const logger = require('./src/utils/logger'); const logger = require('./src/utils/logger');
const app = new Hono(); const app = new Hono();
@@ -47,6 +47,30 @@ setInterval(() => {
} }
}, 5 * 60 * 1000); }, 5 * 60 * 1000);
//内网访问控制中间件保护管理界面只允许dotenv配置的域名访问
const internalOnlyMiddleware = async (c, next) => {
const pathname = new URL(c.req.url).pathname;
if (pathname.startsWith('/hooks/')) {
return await next();
}
const host = (c.req.header('host') || '').split(':')[0];
const allowedHosts = config.app.dashboardAllowedHosts;
if (!allowedHosts.some(allowed => host === allowed || host.endsWith('.' + allowed))) {
logger.security(`Blocked access from unauthorized host: ${host}`, {
path: pathname,
ip: c.req.header('x-forwarded-for') || c.req.header('x-real-ip') || 'unknown'
});
return c.text('Forbidden - Access denied from this domain', 403);
}
await next();
};
app.use('*', internalOnlyMiddleware);
//Gitea webhook处理入口 //Gitea webhook处理入口
app.post('/hooks/gitea', rateLimiter, async (c) => { app.post('/hooks/gitea', rateLimiter, async (c) => {
try { try {

17
public/dashboard-app.js
View File

@@ -178,7 +178,7 @@ function updateServiceStatus(status) {
//控制机器人 //控制机器人
async function controlBot(action) { async function controlBot(action) {
try { try {
const res = await fetch('/api/control', { const res = await fetch('/api/restart', {
method: 'POST', method: 'POST',
headers: { 'Content-Type': 'application/json' }, headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ action }) body: JSON.stringify({ action })
@@ -188,7 +188,14 @@ async function controlBot(action) {
if (data.success) { if (data.success) {
alert(`操作成功: ${data.message || action}`); alert(`操作成功: ${data.message || action}`);
loadDashboardData(); //服务重启后延迟刷新页面
if (action === 'restart') {
setTimeout(() => {
location.reload();
}, 3000);
} else {
loadDashboardData();
}
} else { } else {
alert(`操作失败: ${data.error}`); alert(`操作失败: ${data.error}`);
} }
@@ -276,9 +283,9 @@ function renderEnvForm(items) {
return `<div class="text-slate-400 text-xs font-mono py-1">${escapeHtml(item.value)}</div>`; return `<div class="text-slate-400 text-xs font-mono py-1">${escapeHtml(item.value)}</div>`;
} else { } else {
const isSecret = item.key.toLowerCase().includes('token') || const isSecret = item.key.toLowerCase().includes('token') ||
item.key.toLowerCase().includes('secret') || item.key.toLowerCase().includes('secret') ||
item.key.toLowerCase().includes('password') || item.key.toLowerCase().includes('password') ||
item.key.toLowerCase().includes('pat'); item.key.toLowerCase().includes('pat');
return ` return `
<div class="flex items-center gap-3 bg-slate-50 hover:bg-slate-100 p-3 rounded border border-slate-200 transition-colors"> <div class="flex items-center gap-3 bg-slate-50 hover:bg-slate-100 p-3 rounded border border-slate-200 transition-colors">
<label class="text-slate-700 font-mono text-sm flex-shrink-0 w-48 font-medium">${escapeHtml(item.key)}</label> <label class="text-slate-700 font-mono text-sm flex-shrink-0 w-48 font-medium">${escapeHtml(item.key)}</label>

3
src/config/env.js
View File

@@ -7,7 +7,8 @@ const config = {
rate: process.env.RATE_LIMIT_WINDOW || 10000, rate: process.env.RATE_LIMIT_WINDOW || 10000,
maxRequests: process.env.MAX_REQUESTS_PER_WINDOW || 20, maxRequests: process.env.MAX_REQUESTS_PER_WINDOW || 20,
debugMode: process.env.DEBUG_MODE === 'true', debugMode: process.env.DEBUG_MODE === 'true',
logRetentionDays: process.env.LOG_RETENTION_DAYS || 30 logRetentionDays: process.env.LOG_RETENTION_DAYS || 30,
dashboardAllowedHosts: (process.env.DASHBOARD_ALLOWED_HOSTS || 'localhost,127.0.0.1').split(',').map(h => h.trim())
}, },
gitea: { gitea: {
baseUrl: process.env.GITEA_BASE_URL, baseUrl: process.env.GITEA_BASE_URL,

74
src/routes/editor.js → src/routes/control.js
View File

@@ -1,20 +1,21 @@
/** /**
* 映射关系编辑器路由模块 * 控制面板路由模块
* 提供映射配置的 CRUD 操作 Jira API 代理 * 提供映射配置的 CRUD 操作Jira API 代理和服务控制
*/ */
const { Hono } = require('hono'); const { Hono } = require('hono');
const { exec } = require('child_process');
const axios = require('axios'); const axios = require('axios');
const fs = require('fs'); const fs = require('fs');
const path = require('path'); const path = require('path');
const logger = require('../utils/logger'); const logger = require('../utils/logger');
const editor = new Hono(); const control = new Hono();
const MAPPINGS_PATH = path.join(__dirname, '../../mappings.json'); const MAPPINGS_PATH = path.join(__dirname, '../../mappings.json');
const LOGS_DIR = path.join(__dirname, '../../logs'); const LOGS_DIR = path.join(__dirname, '../../logs');
const README_PATH = path.join(__dirname, '../../how-to-use.md'); const README_PATH = path.join(__dirname, '../../how-to-use.md');
editor.get('/status', (c) => { control.get('/status', (c) => {
try { try {
let repoCount = 0; let repoCount = 0;
if (fs.existsSync(MAPPINGS_PATH)) { if (fs.existsSync(MAPPINGS_PATH)) {
@@ -58,7 +59,7 @@ editor.get('/status', (c) => {
}); });
//获取历史统计数据 //获取历史统计数据
editor.get('/history', (c) => { control.get('/history', (c) => {
try { try {
const history = []; const history = [];
@@ -104,7 +105,7 @@ editor.get('/history', (c) => {
}); });
//获取当日日志 //获取当日日志
editor.get('/logs', (c) => { control.get('/logs', (c) => {
try { try {
//获取今天的日志文件 //获取今天的日志文件
const today = new Date().toISOString().split('T')[0]; //YYYY-MM-DD const today = new Date().toISOString().split('T')[0]; //YYYY-MM-DD
@@ -135,7 +136,7 @@ editor.get('/logs', (c) => {
}); });
//清空当日日志 //清空当日日志
editor.post('/logs/clear', (c) => { control.post('/logs/clear', (c) => {
try { try {
const today = new Date().toISOString().split('T')[0]; const today = new Date().toISOString().split('T')[0];
const logFile = path.join(LOGS_DIR, `sync-${today}.log`); const logFile = path.join(LOGS_DIR, `sync-${today}.log`);
@@ -152,35 +153,38 @@ editor.post('/logs/clear', (c) => {
} }
}); });
//控制机器人(重启 //控制机器人(支持 PM2 软重启)
editor.post('/control', async (c) => { control.post('/restart', async (c) => {
try { try {
const { action } = await c.req.json(); const { action } = await c.req.json();
logger.info(`[Control] Action received: ${action}`);
logger.info(`[Editor] Control action received: ${action}`);
//注意:实际的重启需要外部进程管理器(如 PM2
//这里只是记录日志
if (action === 'restart') { if (action === 'restart') {
logger.info('[Editor] Restart requested (requires PM2 or similar)'); logger.info('[Control] PM2 restart requested via dashboard');
return c.json({
success: true, //延迟执行,让响应先返回给客户端
message: '重启请求已记录,请使用 PM2 或其他进程管理器执行重启' setTimeout(() => {
}); exec('pm2 restart gitea-jira-sync', (err, stdout, stderr) => {
if (err) {
logger.error('[Control] PM2 restart failed:', err.message);
} else {
logger.info('[Control] PM2 restart executed successfully');
}
});
}, 500);
return c.json({ success: true, message: '正在重启服务,请稍候刷新页面...' });
} }
return c.json({ return c.json({ success: false, error: '不支持的操作' });
success: false,
error: '不支持的操作'
});
} catch (e) { } catch (e) {
logger.error('[Editor] Control error:', e.message); logger.error('[Control] Restart error:', e.message);
return c.json({ success: false, error: e.message }, 500); return c.json({ success: false, error: e.message }, 500);
} }
}); });
//读取 .env 文件 //读取 .env 文件
editor.get('/env', (c) => { control.get('/env', (c) => {
try { try {
const envPath = path.join(__dirname, '../../.env'); const envPath = path.join(__dirname, '../../.env');
@@ -200,7 +204,7 @@ editor.get('/env', (c) => {
}); });
//保存 .env 文件 //保存 .env 文件
editor.post('/env', async (c) => { control.post('/env', async (c) => {
try { try {
const { content } = await c.req.json(); const { content } = await c.req.json();
const envPath = path.join(__dirname, '../../.env'); const envPath = path.join(__dirname, '../../.env');
@@ -226,7 +230,7 @@ editor.post('/env', async (c) => {
} }
}); });
editor.get('/guide', (c) => { control.get('/guide', (c) => {
try { try {
if (!fs.existsSync(README_PATH)) { if (!fs.existsSync(README_PATH)) {
return c.json({ return c.json({
@@ -245,7 +249,7 @@ editor.get('/guide', (c) => {
}); });
//读取现有的 mappings.json //读取现有的 mappings.json
editor.get('/mappings', (c) => { control.get('/mappings', (c) => {
try { try {
if (!fs.existsSync(MAPPINGS_PATH)) { if (!fs.existsSync(MAPPINGS_PATH)) {
return c.json({ success: true, data: { repositories: {} } }); return c.json({ success: true, data: { repositories: {} } });
@@ -262,7 +266,7 @@ editor.get('/mappings', (c) => {
}); });
//保存/更新 mappings.json //保存/更新 mappings.json
editor.post('/mappings', async (c) => { control.post('/mappings', async (c) => {
try { try {
const { repoName, config } = await c.req.json(); const { repoName, config } = await c.req.json();
@@ -292,7 +296,7 @@ editor.post('/mappings', async (c) => {
}); });
//删除仓库配置 //删除仓库配置
editor.delete('/mappings/:repoName', async (c) => { control.delete('/mappings/:repoName', async (c) => {
try { try {
const repoName = decodeURIComponent(c.req.param('repoName')); const repoName = decodeURIComponent(c.req.param('repoName'));
@@ -324,7 +328,7 @@ editor.delete('/mappings/:repoName', async (c) => {
}); });
//改名仓库配置 //改名仓库配置
editor.post('/mappings/rename', async (c) => { control.post('/mappings/rename', async (c) => {
try { try {
const { oldName, newName } = await c.req.json(); const { oldName, newName } = await c.req.json();
@@ -368,7 +372,7 @@ editor.post('/mappings/rename', async (c) => {
}); });
//保存配置接口(兼容旧版) //保存配置接口(兼容旧版)
editor.post('/save', async (c) => { control.post('/save', async (c) => {
try { try {
const newConfigObj = await c.req.json(); const newConfigObj = await c.req.json();
const repoName = Object.keys(newConfigObj)[0]; const repoName = Object.keys(newConfigObj)[0];
@@ -405,7 +409,7 @@ editor.post('/save', async (c) => {
}); });
//扫描 Jira 项目信息 //扫描 Jira 项目信息
editor.post('/scan', async (c) => { control.post('/scan', async (c) => {
const { baseUrl, auth, projectKey: rawKey } = await c.req.json(); const { baseUrl, auth, projectKey: rawKey } = await c.req.json();
const inputKey = rawKey ? rawKey.trim() : ''; const inputKey = rawKey ? rawKey.trim() : '';
@@ -482,7 +486,7 @@ editor.post('/scan', async (c) => {
}); });
//扫描 Sprint 信息 //扫描 Sprint 信息
editor.post('/scan-sprint', async (c) => { control.post('/scan-sprint', async (c) => {
const { baseUrl, auth, issueKey } = await c.req.json(); const { baseUrl, auth, issueKey } = await c.req.json();
let headers = { 'Accept': 'application/json' }; let headers = { 'Accept': 'application/json' };
if (auth.token) headers['Authorization'] = `Bearer ${auth.token}`; if (auth.token) headers['Authorization'] = `Bearer ${auth.token}`;
@@ -510,7 +514,7 @@ editor.post('/scan-sprint', async (c) => {
}); });
//代理 Jira API 请求 //代理 Jira API 请求
editor.post('/proxy-jira', async (c) => { control.post('/proxy-jira', async (c) => {
const { url, auth } = await c.req.json(); const { url, auth } = await c.req.json();
try { try {
@@ -532,4 +536,4 @@ editor.post('/proxy-jira', async (c) => {
} }
}); });
module.exports = editor; module.exports = control;