From 3878369ed347dde4732b8c0d5ff9e8a71e2c158b Mon Sep 17 00:00:00 2001 From: dichgrem Date: Sun, 11 Jan 2026 13:10:05 +0800 Subject: [PATCH] fix:xss&&crontab update:actions --- .github/workflows/build-zzz.yml | 102 +++++++++++++++-------- .github/workflows/mirror-to-codeberg.yml | 38 --------- luci-app-zzz/Makefile | 2 + luci-app-zzz/luasrc/controller/zzz.lua | 19 +++-- luci-app-zzz/luasrc/model/cbi/zzz.lua | 76 +++++++++-------- 5 files changed, 124 insertions(+), 113 deletions(-) delete mode 100644 .github/workflows/mirror-to-codeberg.yml diff --git a/.github/workflows/build-zzz.yml b/.github/workflows/build-zzz.yml index 6be0c62..6113258 100644 --- a/.github/workflows/build-zzz.yml +++ b/.github/workflows/build-zzz.yml @@ -3,24 +3,60 @@ name: Build luci-app-zzz on: workflow_dispatch: inputs: - sdk: - description: '选择架构' - required: true - type: choice - options: - - ramips - - filogic - - x86_64 - default: filogic - -env: - RAMIPS_SDK_URL: https://downloads.immortalwrt.org/releases/24.10.3/targets/ramips/mt7621/immortalwrt-sdk-24.10.3-ramips-mt7621_gcc-13.3.0_musl.Linux-x86_64.tar.zst - FILOGIC_SDK_URL: https://downloads.immortalwrt.org/releases/24.10.3/targets/mediatek/filogic/immortalwrt-sdk-24.10.3-mediatek-filogic_gcc-13.3.0_musl.Linux-x86_64.tar.zst - X86_SDK_URL: https://downloads.immortalwrt.org/releases/24.10.3/targets/x86/64/immortalwrt-sdk-24.10.3-x86-64_gcc-13.3.0_musl.Linux-x86_64.tar.zst + ramips: + description: 'ramips' + required: false + type: boolean + default: true + filogic: + description: 'filogic' + required: false + type: boolean + default: true + x86_64: + description: 'x86_64' + required: false + type: boolean + default: true jobs: - build: + matrix-setup: runs-on: ubuntu-latest + outputs: + architectures: ${{ steps.set-matrix.outputs.architectures }} + steps: + - name: Set matrix + id: set-matrix + run: | + ARCHS='[' + if [ "${{ inputs.ramips }}" == "true" ]; then + ARCHS=$ARCHS'"ramips",' + fi + if [ "${{ inputs.filogic }}" == "true" ]; then + ARCHS=$ARCHS'"filogic",' + fi + if [ "${{ inputs.x86_64 }}" == "true" ]; then + ARCHS=$ARCHS'"x86_64",' + fi + ARCHS=${ARCHS%,} + ARCHS=$ARCHS']' + echo "architectures=$ARCHS" >> $GITHUB_OUTPUT + echo "Selected architectures: $ARCHS" + + build: + needs: matrix-setup + if: needs.matrix-setup.outputs.architectures != '[]' + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + sdk: ${{ fromJson(needs.matrix-setup.outputs.architectures) }} + + env: + RAMIPS_URL: https://downloads.immortalwrt.org/releases/24.10.3/targets/ramips/mt7621/immortalwrt-sdk-24.10.3-ramips-mt7621_gcc-13.3.0_musl.Linux-x86_64.tar.zst + FILOGIC_URL: https://downloads.immortalwrt.org/releases/24.10.3/targets/mediatek/filogic/immortalwrt-sdk-24.10.3-mediatek-filogic_gcc-13.3.0_musl.Linux-x86_64.tar.zst + X86_URL: https://downloads.immortalwrt.org/releases/24.10.3/targets/x86/64/immortalwrt-sdk-24.10.3-x86-64_gcc-13.3.0_musl.Linux-x86_64.tar.zst + WORK_ROOT: ${{ github.workspace }}/imwrt-sdk steps: - name: Checkout uses: actions/checkout@v4 @@ -32,24 +68,22 @@ jobs: sudo apt-get install -y build-essential git wget python3 rsync zstd g++ make libncurses-dev echo "✅ 下载完毕" - - name: Resolve SDK choice - id: vars + - name: Set SDK variables run: | - set -e - if [ "${{ github.event.inputs.sdk }}" = "x86_64" ]; then - echo "SDK_URL=${X86_SDK_URL}" >> $GITHUB_ENV - echo "PACKAGE_ARCH=x86_64" >> $GITHUB_ENV - echo "👉 选择x86_64架构" - elif [ "${{ github.event.inputs.sdk }}" = "filogic" ]; then - echo "SDK_URL=${FILOGIC_SDK_URL}" >> $GITHUB_ENV - echo "PACKAGE_ARCH=aarch64_cortex-a53" >> $GITHUB_ENV - echo "👉 选择aarch64架构" - else - echo "SDK_URL=${RAMIPS_SDK_URL}" >> $GITHUB_ENV + if [ "${{ matrix.sdk }}" == "ramips" ]; then + echo "SDK_URL=${{ env.RAMIPS_URL }}" >> $GITHUB_ENV echo "PACKAGE_ARCH=ramips" >> $GITHUB_ENV - echo "👉 选择ramips架构" + elif [ "${{ matrix.sdk }}" == "filogic" ]; then + echo "SDK_URL=${{ env.FILOGIC_URL }}" >> $GITHUB_ENV + echo "PACKAGE_ARCH=aarch64_cortex-a53" >> $GITHUB_ENV + else + echo "SDK_URL=${{ env.X86_URL }}" >> $GITHUB_ENV + echo "PACKAGE_ARCH=x86_64" >> $GITHUB_ENV fi - echo "WORK_ROOT=$GITHUB_WORKSPACE/imwrt-sdk" >> $GITHUB_ENV + + - name: Show build target + run: | + echo "👉 正在编译 ${{ matrix.sdk }} 架构 (${{ env.PACKAGE_ARCH }})" - name: Download & extract SDK run: | @@ -123,16 +157,16 @@ jobs: ls -lah "$OUT" shell: bash - - name: Upload package one + - name: Upload package luci-app-zzz uses: actions/upload-artifact@v4 with: - name: luci-app-zzz + name: luci-app-zzz-${{ matrix.sdk }} path: output/*luci-app-zzz*.ipk if-no-files-found: error - - name: Upload package two + - name: Upload package zzz uses: actions/upload-artifact@v4 with: - name: zzz + name: zzz-${{ matrix.sdk }} path: output/*zzz*.ipk if-no-files-found: error diff --git a/.github/workflows/mirror-to-codeberg.yml b/.github/workflows/mirror-to-codeberg.yml deleted file mode 100644 index 5429708..0000000 --- a/.github/workflows/mirror-to-codeberg.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: Mirror to Codeberg -on: - push: - branches: - - main - tags: - - '*' - -jobs: - mirror: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Push to Codeberg - env: - SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY_CODEBERG }} - REPO_URL_CODEBERG: ${{ secrets.REPO_URL_CODEBERG }} - run: | - set -euxo pipefail - - mkdir -p ~/.ssh - echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519 - chmod 600 ~/.ssh/id_ed25519 - cat >> ~/.ssh/config </dev/null") == 0) - -- Get process info if status.running then status.process_info = util.trim(sys.exec("ps | grep -v grep | grep zzz")) end - -- Get log + local log_file = "/tmp/zzz.log" if nixio.fs.access(log_file) then status.log = util.trim(sys.exec("tail -20 " .. log_file)) @@ -67,6 +70,10 @@ function act_status() status.log = util.trim(sys.exec("logread | grep zzz | tail -10")) end + if status.log then + status.log = util.pcdata(status.log) + end + luci.http.prepare_content("application/json") luci.http.write_json(status) end diff --git a/luci-app-zzz/luasrc/model/cbi/zzz.lua b/luci-app-zzz/luasrc/model/cbi/zzz.lua index bf7aa49..93dd194 100644 --- a/luci-app-zzz/luasrc/model/cbi/zzz.lua +++ b/luci-app-zzz/luasrc/model/cbi/zzz.lua @@ -1,19 +1,6 @@ --- /usr/lib/lua/luci/model/cbi/zzz.lua local m, s, o local sys = require("luci.sys") - --- control -local start_action = luci.http.formvalue("cbid.zzz.auth.start_service") -local stop_action = luci.http.formvalue("cbid.zzz.auth.stop_service") -local restart_action = luci.http.formvalue("cbid.zzz.auth.restart_service") - -if start_action then - sys.call("/etc/rc.d/S99zzz start") -elseif stop_action then - sys.call("/etc/rc.d/S99zzz stop") -elseif restart_action then - sys.call("/etc/rc.d/S99zzz stop; sleep 2; /etc/rc.d/S99zzz start") -end +local util = require("luci.util") m = Map("zzz", "ZZZ 802.1x 认证客户端", "配置使用 zzz 客户端进行网络访问的 802.1x 认证") @@ -22,11 +9,9 @@ s = m:section(TypedSection, "auth", "认证设置") s.anonymous = true s.addremove = false --- Service Status o = s:option(DummyValue, "_status", "当前状态") o.rawhtml = true o.cfgvalue = function() - local sys = require("luci.sys") local running = sys.call("pgrep zzz >/dev/null") == 0 if running then return "✔ 正在运行中" @@ -40,15 +25,12 @@ control_buttons = s:option(DummyValue, "_control", "服务控制") control_buttons.rawhtml = true control_buttons.cfgvalue = function() return [[ -
- - - -
- ]] +
+ + + +
+ ]] end -- Username @@ -59,9 +41,18 @@ o = s:option( [[802.1x 认证用户名 ?]] ) -o.password = true o.rmempty = false o.rawhtml = true +function o.validate(self, value) + value = value:match("^%s*(.-)%s*$") or value + if #value < 3 or #value > 64 then + return nil, "用户名长度必须在3-64字符之间" + end + if not value:match("^[a-zA-Z0-9@._-]+$") then + return nil, "用户名只能包含字母、数字、@、.、_和-" + end + return value +end -- Password o.password = true @@ -76,6 +67,12 @@ o = s:option( o.password = true o.rmempty = false o.rawhtml = true +function o.validate(self, value) + if #value < 4 or #value > 128 then + return nil, "密码长度必须在4-128字符之间" + end + return value +end -- Network Device o = s:option( @@ -90,14 +87,20 @@ o:value("eth0", "eth0") o:value("eth1", "eth1") o:value("wan", "WAN") --- Add network interface local interfaces = sys.net.devices() for _, iface in ipairs(interfaces) do - if iface ~= "lo" then + if iface ~= "lo" and iface:match("^[a-zA-Z0-9]+$") then o:value(iface, iface) end end +function o.validate(self, value) + if not value:match("^[a-zA-Z0-9]+$") then + return nil, "网络接口只能包含字母和数字" + end + return value +end + -- Auto start auto_start = s:option(Flag, "auto_start", "启用定时启动") auto_start.description = "启用后将在每周一至周五的 7:00 自动启动服务" @@ -111,16 +114,19 @@ end -- Crontab auto_start.write = function(self, section, value) + local temp_cron = "/tmp/.zzz_cron_tmp_" .. os.time() if value == "1" then - -- 启用定时任务:每周一至周五 7:00 启动 - sys.call("(crontab -l 2>/dev/null | grep -v 'S99zzz' | grep -v '# zzz auto') | crontab - 2>/dev/null") - sys.call( - "(crontab -l 2>/dev/null; echo '0 7 * * 1,2,3,4,5 /etc/rc.d/S99zzz start # zzz auto start') | crontab -" - ) + sys.call("crontab -l 2>/dev/null > " .. temp_cron) + sys.call("sed -i '/S99zzz/d' " .. temp_cron) + sys.call("sed -i '/# zzz auto/d' " .. temp_cron) + sys.call("echo '0 7 * * 1,2,3,4,5 /etc/rc.d/S99zzz start # zzz auto start' >> " .. temp_cron) + sys.call("crontab " .. temp_cron .. " 2>/dev/null && rm -f " .. temp_cron) sys.call("/etc/init.d/cron enable && /etc/init.d/cron restart") else - -- 禁用定时任务 - sys.call("(crontab -l 2>/dev/null | grep -v 'S99zzz' | grep -v '# zzz auto') | crontab - 2>/dev/null") + sys.call("crontab -l 2>/dev/null > " .. temp_cron) + sys.call("sed -i '/S99zzz/d' " .. temp_cron) + sys.call("sed -i '/# zzz auto/d' " .. temp_cron) + sys.call("crontab " .. temp_cron .. " 2>/dev/null && rm -f " .. temp_cron) sys.call("/etc/init.d/cron restart") end end