Merge pull request #70 from jumpserver/dev

v4.5.0

.github/workflows/release-drafter.yml

@@ -10,55 +10,76 @@ jobs:
   create-realese:
     name: Create Release
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        java_version: [ '17' ]
+        node_version: [ '20' ]
     outputs:
       upload_url: ${{ steps.create_release.outputs.upload_url }}
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v2
+      - uses: actions/checkout@v4
+      - uses: actions/cache@v4
+        with:
+          path: |
+            ~/.m2
+            ~/.npm
+            ~/.cache
+          key: ${{ runner.os }}-build-${{ github.sha }}
+          restore-keys: ${{ runner.os }}-build-
+
       - name: Get version
         id: get_version
         run: |
           TAG=$(basename ${GITHUB_REF})
-          echo "::set-output name=TAG::$TAG"
+          echo "TAG=$TAG" >> $GITHUB_OUTPUT
+
       - name: Create Release
         id: create_release
-        uses: release-drafter/release-drafter@v5
+        uses: release-drafter/release-drafter@v6
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           config-name: release-config.yml
           version: ${{ steps.get_version.outputs.TAG }}
           tag: ${{ steps.get_version.outputs.TAG }}
-      - uses: actions/setup-node@v3
+
+      - uses: actions/setup-node@v4
         with:
-          node-version: '20.15'
+          node-version: ${{ matrix.node_version }}
+
+      - uses: actions/setup-java@v4
+        with:
+          distribution: 'oracle'
+          java-version: ${{ matrix.java_version }}
+
       - name: Build web
         run: |
           cd frontend
           yarn install
           yarn build
-      - uses: actions/setup-java@v3
-        with:
-          distribution: 'temurin'
-          java-version: '17'
+
       - name: Build chen
         run: |
           mvn clean package -DskipTests
           mkdir -p build chen-${{ steps.get_version.outputs.TAG }}
           rm -f config/application-dev.yml
+          mv README.md chen-${{ steps.get_version.outputs.TAG }}/README.md
+          mv LICENSE chen-${{ steps.get_version.outputs.TAG }}/LICENSE
+          mv entrypoint.sh chen-${{ steps.get_version.outputs.TAG }}/entrypoint.sh
           mv backend/web/target/web-*.jar chen-${{ steps.get_version.outputs.TAG }}/chen.jar
           mv drivers chen-${{ steps.get_version.outputs.TAG }}/drivers
           mv config chen-${{ steps.get_version.outputs.TAG }}/config
           tar -zcvf chen-${{ steps.get_version.outputs.TAG }}.tar.gz chen-${{ steps.get_version.outputs.TAG }}
           echo $(md5sum chen-${{ steps.get_version.outputs.TAG }}.tar.gz | awk '{print $1}') > build/chen-${{ steps.get_version.outputs.TAG }}.tar.gz.md5
           mv chen-${{ steps.get_version.outputs.TAG }}.tar.gz build/
+
       - name: Release Upload Assets
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@v2
         if: startsWith(github.ref, 'refs/tags/')
         with:
           draft: true
           files: |
-            build/chen-${{ steps.get_version.outputs.TAG }}.tar.gz
-            build/chen-${{ steps.get_version.outputs.TAG }}.tar.gz.md5
+            build/*.gz
+            build/*.md5
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Dockerfile

@@ -1,4 +1,4 @@
-FROM jumpserver/chen-base:20241009_104417 AS stage-build
+FROM jumpserver/chen-base:20241212_102050 AS stage-build
 ENV LANG=en_US.UTF-8
 
 WORKDIR /opt/chen/
@@ -16,15 +16,14 @@ ARG DEPENDENCIES="                    \
         openjdk-17-jre-headless"
 
 ARG APT_MIRROR=http://deb.debian.org
-RUN sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \
-    && rm -f /etc/apt/apt.conf.d/docker-clean \
+
+RUN set -ex \
+    && sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \
     && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
     && apt-get update \
     && apt-get install -y --no-install-recommends ${DEPENDENCIES} \
     && echo "no" | dpkg-reconfigure dash \
-    && sed -i "s@jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1@jdk.tls.disabledAlgorithms=SSLv3@" /etc/java-17-openjdk/security/java.security \
-    && sed -i "s@# export @export @g" ~/.bashrc \
-    && sed -i "s@# alias @alias @g" ~/.bashrc
+    && sed -i "s@jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1@jdk.tls.disabledAlgorithms=SSLv3@" /etc/java-17-openjdk/security/java.security
 
 WORKDIR /opt/chen
 

Dockerfile-base

@@ -9,9 +9,8 @@ ARG DEPENDENCIES="                    \
         wget"
 
 ARG APT_MIRROR=http://deb.debian.org
+
 RUN set -ex \
-    && rm -f /etc/apt/apt.conf.d/docker-clean \
-    && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache \
     && sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \
     && apt-get update \
     && apt-get -y install --no-install-recommends ${DEPENDENCIES} \
@@ -20,24 +19,22 @@ RUN set -ex \
     && rm -rf /var/lib/apt/lists/*
 
 # Install tools and dependencies
-ARG CHECK_VERSION=v1.0.3
+ARG CHECK_VERSION=v1.0.4
 RUN set -ex \
     && wget https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \
-    && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \
-    && mv check /usr/local/bin/ \
+    && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ check \
     && chown root:root /usr/local/bin/check \
     && chmod 755 /usr/local/bin/check \
     && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz
 
-ARG WISP_VERSION=v0.2.2
+ARG WISP_VERSION=v0.2.5
 RUN set -ex \
     && wget https://github.com/jumpserver/wisp/releases/download/${WISP_VERSION}/wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz \
     && tar -xf wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ --strip-components=1 \
     && chown root:root /usr/local/bin/wisp \
     && chmod 755 /usr/local/bin/wisp \
     && rm -f /opt/*.tar.gz
 
-
 # Install NPM dependencies
 WORKDIR /opt/chen/frontend
 COPY frontend/package.json frontend/package-lock.json frontend/yarn.lock ./
@@ -46,7 +43,7 @@ RUN --mount=type=cache,target=/usr/local/share/.cache/yarn,sharing=locked,id=che
     npm install
 
 # Install Maven dependencies
-ARG MAVEN_VERSION=3.9.7
+ARG MAVEN_VERSION=3.9.9
 ARG USER_HOME_DIR="/root"
 ARG BASE_URL=https://downloads.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries
 ARG MAVEN_MIRROR=https://repo.maven.apache.org/maven2

backend/web/src/main/java/org/jumpserver/chen/web/service/impl/JmsSessionService.java

@@ -2,6 +2,7 @@
 
 import lombok.extern.slf4j.Slf4j;
 import net.devh.boot.grpc.client.inject.GrpcClient;
+import org.apache.commons.lang3.StringUtils;
 import org.jumpserver.chen.framework.datasource.Datasource;
 import org.jumpserver.chen.framework.datasource.DatasourceFactory;
 import org.jumpserver.chen.framework.datasource.entity.DBConnectInfo;
@@ -13,6 +14,8 @@
 import org.jumpserver.wisp.ServiceOuterClass;
 import org.springframework.stereotype.Service;
 
+import java.net.InetAddress;
+import java.net.UnknownHostException;
 import java.time.Instant;
 
 @Service
@@ -25,6 +28,22 @@ public Session createNewSession(String token, String remoteAddr) {
 
         var tokenResp = this.getTokenResponse(token);
         var jmsSession = this.createJMSSession(tokenResp, remoteAddr);
+
+        if (StringUtils.isNotBlank(tokenResp.getData().getFaceMonitorToken())) {
+            var faceMonitorToken = tokenResp.getData().getFaceMonitorToken();
+
+            var req = ServiceOuterClass.JoinFaceMonitorRequest.newBuilder()
+                    .setFaceMonitorToken(faceMonitorToken)
+                    .setSessionId(jmsSession.getId())
+                    .build();
+
+            var resp = serviceBlockingStub.joinFaceMonitor(req);
+            if (!resp.getStatus().getOk()) {
+                throw new RuntimeException("Create face monitor context failed");
+            }
+        }
+
+
         var datasource = this.createDatasource(tokenResp);
         var session = new JMSSession(jmsSession, datasource, remoteAddr, this.serviceBlockingStub, tokenResp);
         this.handleGateways(tokenResp, session, datasource);
@@ -80,10 +99,29 @@ private ServiceOuterClass.TokenResponse getTokenResponse(String token) {
         }
     }
 
+    public static String getIPAddressType(String host) {
+        try {
+            InetAddress address = InetAddress.getByName(host);
+
+            if (address.getHostAddress().contains(":")) {
+                return "IPv6";
+            } else {
+                return "IPv4";
+            }
+        } catch (UnknownHostException e) {
+            return "Unknown";
+        }
+    }
+
     private Datasource createDatasource(ServiceOuterClass.TokenResponse tokenResp) {
         DBConnectInfo dbConnectInfo = new DBConnectInfo();
 
-        dbConnectInfo.setHost(tokenResp.getData().getAsset().getAddress());
+        var address = tokenResp.getData().getAsset().getAddress();
+
+        address = getIPAddressType(address).equals("IPv6") ?
+                String.format("[%s]", address) : address;
+
+        dbConnectInfo.setHost(address);
         dbConnectInfo.setPort(tokenResp.getData().getAsset().getProtocols(0).getPort());
         dbConnectInfo.setDbType(tokenResp.getData().getAsset().getProtocols(0).getName().toLowerCase());
         dbConnectInfo.setUser(tokenResp.getData().getAccount().getUsername());