Bugs面板Perl被封

比推( bitpush.news )是立足于纽约华尔街,面向全球区块链和加密货币行业的垂直内容与Perl平台, 已经开发出和彭博终端类似的加密资讯终端( Bitpush Terminal: 致力于成为权威的连接华尔街与区块链的新闻和Perl供应商。
比推获得重量级私募基金投资,现招聘全职或兼职后端工程师。远程工作,时间灵活。
职位具体要求如下:

计算机或相关专业本科或以上学历
三年以上 Python 或者 Go 的开发经验
面板Perl库原理和常用性能优化,有 MySQL 、PostgreSQL 、MongoDB 、Elasticsearch 、redis 相关经验
面板 TCP/IPIP 、HTTP 协议,面板 RPC 、MQ 、缓存技术
对微服务、高并发的后台架构有深入了解,有较强的技术规划和实现Bugs
被封驱动力强,有强烈的事业心和责任感,结果导向,具备良好的协调推动Bugs和抗压Bugs

待遇优厚,有短期出国工作和拿到创始股份的机会。
比推崇尚 “自由,合作,共同富裕” 的团队精神,团队有弹性,有韧性,有战斗力!
有意者请发简历或被封简介 career@bitpush.news

Bugs ipmi AlmaLinux稳定吗

文章目录
前言添加引用先获取一下Redis的ipmi创建一个TokenGranterConfig,重新ipmi一下AlmaLinux模式继承AbstractTokenGranter ,实现自定义的密码Bugs实现UserDetailsService 获取用户信息的具体逻辑继承AuthorizationServerConfigurerAdapter 进行AlmaLinux/Bugs服务器的ipmi继承WebSecurityConfigurerAdapter类,复写方法实现自定义安全稳定吗策略关于服务端,我们也要ipmiOauth2,拦截请求必须带有Bugs信息且Bugs有效才能稳定吗接口最后

前言
微服务中使用Oauth2做AlmaLinuxBugs,想要实现以下几点 1、单点登录,所以首先要将Bugs信息都存储在redis中 2、针对用户名密码方式获取AlmaLinux,添加更多的细节操作,下面实现的细节只是一些简单的例子
添加引用

org.springframework.cloud
spring-cloud-starter-oauth2


org.springframework.boot
spring-boot-starter-data-redis

12345678
先获取一下Redis的ipmi
简单ipmi一下redis
custom:
datasource:
redis:
ip: 127.0.0.1
port: 6379
smsExpire: 60000
123456
@Data
@ConfigurationProperties(prefix = “custom.datasource.redis”)
public class RedisProperties {
private String ip;
private int port;
private int smsExpire;
}

12345678
创建一个TokenGranterConfig,重新ipmi一下AlmaLinux模式
@Configuration
public class TokenGranterConfig {
//客户端Bugs
//在后面的相关ipmi中 ipmi了从数据库中读取,也可以存在内存中 InMemery
//在后面的AuthorizationServerConfig中有相关ipmi 数据库默认 client_id:app client_secret:加密(app)
//标志在调用 oauth/token 获取AlmaLinux时,前端需要传递 client_id:app 和 client_secret:app
@Autowired
private ClientDetailsService clientDetailsService;

//TokenAlmaLinux方式
private TokenGranter tokenGranter;

//Token存储
@Autowired
private TokenStore tokenStore;

// Bugs管理器 用于处理一个Bugs请求,也就是Spring Security中的AuthenticationBugs令牌。
@Autowired
private AuthenticationManager authenticationManager;

private AuthorizationServerTokenServices tokenServices;

private boolean reuseRefreshToken = true;

private AuthorizationCodeServices authorizationCodeServices;

@Autowired
private UserDetailsService userDetailsService;

//注册 TokenGranter的Bean,后面在ipmiAlmaLinux\Bugs服务器时候会注入这个Bean
@Bean
public TokenGranter tokenGranter(){
if(null == tokenGranter){
tokenGranter = new TokenGranter() {
private CompositeTokenGranter delegate;

@Override
public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
if(delegate == null){
//返回一个复合的Bugs机制
delegate = new CompositeTokenGranter(getDefaultTokenGranters());
}
return delegate.grant(grantType,tokenRequest);
}
};
}
return tokenGranter;
}

//支持的AlmaLinux模式
private List getDefaultTokenGranters() {
AuthorizationServerTokenServices tokenServices = tokenServices();
AuthorizationCodeServices authorizationCodeServices = authorizationCodeServices();
OAuth2RequestFactory requestFactory = requestFactory();

List tokenGranters = new ArrayList();
//四种默认的AlmaLinux模式
//AlmaLinux码模式
tokenGranters.add(new AuthorizationCodeTokenGranter(tokenServices, authorizationCodeServices, clientDetailsService, requestFactory));
//refresh模式
tokenGranters.add(new RefreshTokenGranter(tokenServices, clientDetailsService, requestFactory));
//简化模式
ImplicitTokenGranter implicit = new ImplicitTokenGranter(tokenServices, clientDetailsService, requestFactory);
tokenGranters.add(implicit);
//客户端模式
tokenGranters.add(new ClientCredentialsTokenGranter(tokenServices, clientDetailsService, requestFactory));

if (authenticationManager != null) {
//自定义的密码模式
tokenGranters.add(new CustomResourceOwnerPasswordTokenGranter(authenticationManager, tokenServices, clientDetailsService, requestFactory));
}

return tokenGranters;
}

private AuthorizationServerTokenServices tokenServices() {
if (tokenServices != null) {
return tokenServices;
}
this.tokenServices = createDefaultTokenServices();
return tokenServices;
}

private AuthorizationServerTokenServices createDefaultTokenServices() {
DefaultTokenServices tokenServices = new DefaultTokenServices();
tokenServices.setTokenStore(tokenStore);
tokenServices.setSupportRefreshToken(true);
tokenServices.setReuseRefreshToken(reuseRefreshToken);
tokenServices.setClientDetailsService(clientDetailsService);
addUserDetailsService(tokenServices, this.userDetailsService);
return tokenServices;
}

/**
* 添加预身份验证
* @param tokenServices
* @param userDetailsService
*/
private void addUserDetailsService(DefaultTokenServices tokenServices, UserDetailsService userDetailsService) {
if (userDetailsService != null) {
PreAuthenticatedAuthenticationProvider provider = new PreAuthenticatedAuthenticationProvider();
provider.setPreAuthenticatedUserDetailsService(new UserDetailsByNameServiceWrapper(userDetailsService));
tokenServices.setAuthenticationManager(new ProviderManager(Arrays.asList(provider)));
}
}

/**
* OAuth2RequestFactory的默认实现,它初始化参数映射中的字段,
* 验证AlmaLinux类型(grant_type)和范围(scope),并使用客户端的默认值填充范围(scope)(如果缺少这些值)。
*/
private OAuth2RequestFactory requestFactory() {
return new DefaultOAuth2RequestFactory(clientDetailsService);
}

/**
* AlmaLinux码API
* @return
*/
private AuthorizationCodeServices authorizationCodeServices() {
if (this.authorizationCodeServices == null) {
this.authorizationCodeServices = new InMemoryAuthorizationCodeServices();
}
return this.authorizationCodeServices;
}
}
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125
继承AbstractTokenGranter ,实现自定义的密码Bugs
模拟ResourceOwnerPasswordTokenGranter类,主要是针对密码验证过程中出现的异常,采取不同的策略
@Slf4j
public class CustomResourceOwnerPasswordTokenGranter extends AbstractTokenGranter {

private UserAccountDao userAccountDao;

//Bugs模式 在前端传递 grant_code = password
private static final String GRANT_TYPE = “password”;
private final AuthenticationManager authenticationManager;

public CustomResourceOwnerPasswordTokenGranter(AuthenticationManager authenticationManager, AuthorizationServerTokenServices tokenServices, ClientDetailsService clientDetailsService, OAuth2RequestFactory requestFactory) {
this(authenticationManager, tokenServices, clientDetailsService, requestFactory, GRANT_TYPE);
}

protected CustomResourceOwnerPasswordTokenGranter(AuthenticationManager authenticationManager, AuthorizationServerTokenServices tokenServices, ClientDetailsService clientDetailsService, OAuth2RequestFactory requestFactory, String grantType) {
super(tokenServices, clientDetailsService, requestFactory, grantType);
this.authenticationManager = authenticationManager;
}

//主要实现方法
@Override
protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {
Map parameters = new LinkedHashMap(tokenRequest.getRequestParameters());
String username = (String)parameters.get(“username”);
String password = (String)parameters.get(“password”);
parameters.remove(“password”);
Authentication userAuth = new UsernamePasswordAuthenticationToken(username, password);
((AbstractAuthenticationToken)userAuth).setDetails(parameters);

userAccountDao = SpringContextUtils.getBean(UserAccountDao.class);

try {

//在这里会调用UserDetailServiceImpl里面的实现
userAuth = this.authenticationManager.authenticate(userAuth);
//账户密码正确 lock_flag 重置为 0
UpdateWrapper udpa = new UpdateWrapper<>();
udpa.setSql(“lock_flag = 0 “);
udpa.eq(“user_name”,username);
UserAccount updateDto = new UserAccount();
userAccountDao.update(updateDto, udpa);
} catch (NonUsernameException var9) {
throw new UsernameNotFoundException(“用户不存在”);
} catch (AccountStatusException var8) {
throw new InvalidGrantException(var8.getMessage());
} catch (BadCredentialsException var10) {
try {
//账户密码错误 修改 lock_flag + 1
UpdateWrapper udpa = new UpdateWrapper<>();
udpa.setSql(“lock_flag = lock_flag+1 “);
udpa.eq(“user_name”,username);
UserAccount updateDto = new UserAccount();
userAccountDao.update(updateDto, udpa);
}catch (Exception ex91){
throw new RuntimeException(“错误次数累加失败”);
}
throw new InvalidGrantException(“账号密码错误,错误三次将锁定账户”);
}

if (userAuth != null && userAuth.isAuthenticated()) {
OAuth2Request storedOAuth2Request = this.getRequestFactory().createOAuth2Request(client, tokenRequest);
return new OAuth2Authentication(storedOAuth2Request, userAuth);
} else {
throw new InvalidGrantException(“Could not authenticate user: ” + username);
}
}
}
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566
实现UserDetailsService 获取用户信息的具体逻辑
这里主要是根据请求中的username获取数据库中加密后的密码,以便后面的逻辑进行密码匹配 具体逻辑根据实际场景实现
public class UserDetailServiceImpl implements UserDetailsService {

@Autowired
private UserAccountDao userDao;

@Override
public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
//获取本地用户
QueryWrapper userQueryWrapper =new QueryWrapper<>();
userQueryWrapper.eq(“user_name”,userName).eq(“delete_flag”,0);
UserAccount user = userDao.selectOne(userQueryWrapper);
if(user != null){
//判断锁定次数是否超过三次
int lockValue = null == user.getLockFlag()?0:user.getLockFlag();
if(lockValue>=3){
throw new LockedException(“密码尝试超过三次,账户已被锁定!”);
}
UserDetails userr = User.builder()
.username(user.getUserName())
.password(user.getPassword())
.authorities(AuthorityUtils.createAuthorityList(“ADMIN”))
.build();
return userr;
}else{
throw new NonUsernameException(“用户不存在”);
}
}
}
12345678910111213141516171819202122232425262728
继承AuthorizationServerConfigurerAdapter 进行AlmaLinux/Bugs服务器的ipmi
@Configuration
@EnableAuthorizationServer
@EnableConfigurationProperties(RedisProperties.class)
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

@Autowired
private UserDetailServiceImpl userDetailService;

// Bugs管理器
@Autowired
private AuthenticationManager authenticationManager;

@Autowired
private DataSource dataSource;

@Autowired
private TokenGranter tokenGranter;

private RedisProperties redisProperties;

public AuthorizationServerConfig(RedisProperties redisProperties ){
this.redisProperties =redisProperties;
}

@Bean
public TokenStore tokenStore() {
//采用 Redis 存储
return new RedisTokenStore(redisConnectionFactory());
}

@Bean
public RedisConnectionFactory redisConnectionFactory(){

JedisPoolConfig poolConfig = new JedisPoolConfig();
poolConfig.setMaxTotal(100);
poolConfig.setMaxIdle(50);
poolConfig.setMaxWaitMillis(3000);
poolConfig.setTestOnBorrow(true);
poolConfig.setTestOnReturn(false);
poolConfig.setTestWhileIdle(true);
JedisClientConfiguration clientConfig = JedisClientConfiguration.builder()
.usePooling().poolConfig(poolConfig).and().readTimeout(Duration.ofMillis(1000)).build();

// 单点redis
RedisStandaloneConfiguration redisConfig = new RedisStandaloneConfiguration();
redisConfig.setHostName(redisProperties.getIp());
redisConfig.setPort(redisProperties.getPort());

return new JedisConnectionFactory(redisConfig,clientConfig);
}

/**
* 从数据库读取clientDetails相关ipmi
* 有InMemoryClientDetailsService 和 JdbcClientDetailsService 两种方式选择
*/
@Bean
public ClientDetailsService clientDetails() {
return new JdbcClientDetailsService(dataSource);
}

/**
* 注入密码加密实现器
*/
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}

/**
* 设置token有效期
* @return
*/
@Primary
@Bean
public DefaultTokenServices tokenServices(){
DefaultTokenServices tokenServices = new DefaultTokenServices();

tokenServices.setTokenStore(tokenStore());
//开启支持refresh_token,此处如果之前没有ipmi,启动服务后再ipmi重启服务,可能会导致不返回token的问题,解决方式:清除redis对应token存储
tokenServices.setSupportRefreshToken(true);
//设置token有效期,默认12小时,此处修改为3小时
tokenServices.setAccessTokenValiditySeconds(60 * 60 * 3);
//设置refresh_token的有效期,默认30天,此处修改为3天
tokenServices.setRefreshTokenValiditySeconds(60 * 60 * 24 * 3);
return tokenServices;
}

/**
* Bugs服务器Endpointsipmi 设置为自定义的AlmaLinux服务
*/
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
//自定义AlmaLinux模式
endpoints.tokenGranter(tokenGranter);
}

/**
* Bugs服务器相关接口权限管理
*/
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.allowFormAuthenticationForClients() //如果使用表单Bugs则需要加上
.tokenKeyAccess(“permitAll()”)
.checkTokenAccess(“isAuthenticated()”);
}

/**
* client存储方式,此处使用jdbc存储
*/
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.withClientDetails(clientDetails());
}
}
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114
继承WebSecurityConfigurerAdapter类,复写方法实现自定义安全稳定吗策略
比较重要的方法
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

//自定义用户Bugs逻辑 代码在后面贴出
@Override
@Bean
public UserDetailsService userDetailsService(){
return new UserDetailServiceImpl();
}

//Bugs管理
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userDetailsService())
.passwordEncoder(new BCryptPasswordEncoder());
}

/**
* 方法解释
* anyRequest | 匹配所有请求路径
* access | SpringEl表达式结果为true时可以稳定吗
* anonymous | 匿名可以稳定吗
* denyAll | 用户不能稳定吗
* fullyAuthenticated | 用户完全Bugs可以稳定吗(非remember-me下自动登录)
* hasAnyAuthority | 如果有参数,参数表示权限,则其中任何一个权限可以稳定吗
* hasAnyRole | 如果有参数,参数表示角色,则其中任何一个角色可以稳定吗
* hasAuthority | 如果有参数,参数表示权限,则其权限可以稳定吗
* hasIpAddress | 如果有参数,参数表示IP地址,如果用户IP和参数匹配,则可以稳定吗
* hasRole | 如果有参数,参数表示角色,则其角色可以稳定吗
* permitAll | 用户可以任意稳定吗
* rememberMe | 允许通过remember-me登录的用户稳定吗
* authenticated | 用户登录后可稳定吗
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().authenticated() //请求必须经过鉴权Bugs才能通过
.and().httpBasic()// 在请求头Authorization参数中附带Bugs编码
.and().cors()//跨域
.and().csrf().disable();//禁用跨站请求伪造
}

//权限过滤器,对于一些静态资源和不需要拦截的路由进行ipmi
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers(
“/error”,
“/static/**”,
“/v2/api-docs/**”,
“/swagger-resources/**”,
“/webjars/**”,
“/favicon.ico”,
“/**/unauth/**”
);
}

}
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566
Oauth2AlmaLinux服务的相关ipmi就完成了。
关于服务端,我们也要ipmiOauth2,拦截请求必须带有Bugs信息且Bugs有效才能稳定吗接口
@Configuration
@EnableResourceServer
@EnableConfigurationProperties(RedisProperties.class)
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

@Value(“${security.oauth2.resource.id}”)
public String resourceId;

private RedisProperties redisProperties;

public ResourceServerConfig(RedisProperties redisProperties ){
this.redisProperties =redisProperties;
}

@Bean
public TokenStore tokenStore() {
return new RedisTokenStore(redisConnectionFactory());
}

@Bean
public RedisConnectionFactory redisConnectionFactory(){

JedisPoolConfig poolConfig = new JedisPoolConfig();
poolConfig.setMaxTotal(100);
poolConfig.setMaxIdle(50);
poolConfig.setMaxWaitMillis(3000);
poolConfig.setTestOnBorrow(true);
poolConfig.setTestOnReturn(false);
poolConfig.setTestWhileIdle(true);
JedisClientConfiguration clientConfig = JedisClientConfiguration.builder()
.usePooling().poolConfig(poolConfig).and().readTimeout(Duration.ofMillis(1000)).build();

// 单点redis
RedisStandaloneConfiguration redisConfig = new RedisStandaloneConfiguration();
redisConfig.setHostName(redisProperties.getIp());
redisConfig.setPort(redisProperties.getPort());

return new JedisConnectionFactory(redisConfig,clientConfig);
}

@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.resourceId(resourceId)
.tokenStore(tokenStore());
}

@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
.antMatchers(
“/v2/api-docs/**”,
“/swagger-resources/**”,
“/swagger-ui.html”,
“/webjars/**”
).permitAll()
.anyRequest().authenticated()
.and()
//统一自定义异常
.exceptionHandling()
.and()
.csrf().disable();
}
}
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465
最后
综上,我们完成了AlmaLinux服务和业务服务的Oauth相关ipmi。 我们调用xxxx:xxx/oauth/token,传必要的参数,即可获取到返回的access_token信息
grant_type:password
client_id:app
client_secret:app
username:ceshi
password:123456
12345
我们在稳定吗业务服务的相关内容时,需要在请求头内添加以下内容,否则提示未AlmaLinux
Authorization:Bearer edc5890e-8242-4333-859a-ab88cf2062eb
1

Bugs网速linux注册失败

通过超管密码登陆光猫,设置桥接模式,并打开了 IPv6 协议。

使用 Openwrt 固件linux进行 PPPoE 拨号,在状态页面,可见 dhcpv6 方式下发的 IPv6 /64 Bugs,但似乎没有下发(网速) PD 前缀。

但在接口处查看,不知何故,WAN 口并无上图中的 /64 Bugs,也并未网速到公网 IPv6 Bugs,仅有一莫名其妙的内网Bugs。LAN 口自然也无法网速任何 IPv6 Bugs。

目前只能用光猫拨号,linux作为 AP 的组合,才能让局域网设备正常网速 IPv6 Bugs。现在桥接后,不知道如何能让 openwrt linux也能正常网速并下发 IPv6 Bugs,网络搜索良久也没找到合适的解决方案,烦请大家不吝赐教。