dichgrem/luci-app-nyn
1
0
Fork 0
mirror of https://github.com/Dichgrem/luci-app-nyn.git synced 2026-02-04 18:51:57 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix:xss&&crontab

Browse Source 
update:actions
This commit is contained in:
dichgrem
2026-01-11 13:10:05 +08:00
parent fa3b2954cd
commit 3878369ed3
5 changed files with 124 additions and 113 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
.github/workflows/build-zzz.yml vendored
View File

@@ -3,24 +3,60 @@ name: Build luci-app-zzz
on:
workflow_dispatch:
inputs:
sdk:
description: '选择架构'
required: true
type: choice
options:
- ramips
- filogic
- x86_64
default: filogic
env:
RAMIPS_SDK_URL: https://downloads.immortalwrt.org/releases/24.10.3/targets/ramips/mt7621/immortalwrt-sdk-24.10.3-ramips-mt7621_gcc-13.3.0_musl.Linux-x86_64.tar.zst
FILOGIC_SDK_URL: https://downloads.immortalwrt.org/releases/24.10.3/targets/mediatek/filogic/immortalwrt-sdk-24.10.3-mediatek-filogic_gcc-13.3.0_musl.Linux-x86_64.tar.zst
X86_SDK_URL: https://downloads.immortalwrt.org/releases/24.10.3/targets/x86/64/immortalwrt-sdk-24.10.3-x86-64_gcc-13.3.0_musl.Linux-x86_64.tar.zst
ramips:
description: 'ramips'
required: false
type: boolean
default: true
filogic:
description: 'filogic'
required: false
type: boolean
default: true
x86_64:
description: 'x86_64'
required: false
type: boolean
default: true
jobs:
build:
matrix-setup:
runs-on: ubuntu-latest
outputs:
architectures: ${{ steps.set-matrix.outputs.architectures }}
steps:
- name: Set matrix
id: set-matrix
run: |
ARCHS='['
if [ "${{ inputs.ramips }}" == "true" ]; then
ARCHS=$ARCHS'"ramips",'
fi
if [ "${{ inputs.filogic }}" == "true" ]; then
ARCHS=$ARCHS'"filogic",'
fi
if [ "${{ inputs.x86_64 }}" == "true" ]; then
ARCHS=$ARCHS'"x86_64",'
fi
ARCHS=${ARCHS%,}
ARCHS=$ARCHS']'
echo "architectures=$ARCHS" >> $GITHUB_OUTPUT
echo "Selected architectures: $ARCHS"
build:
needs: matrix-setup
if: needs.matrix-setup.outputs.architectures != '[]'
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
sdk: ${{ fromJson(needs.matrix-setup.outputs.architectures) }}
env:
RAMIPS_URL: https://downloads.immortalwrt.org/releases/24.10.3/targets/ramips/mt7621/immortalwrt-sdk-24.10.3-ramips-mt7621_gcc-13.3.0_musl.Linux-x86_64.tar.zst
FILOGIC_URL: https://downloads.immortalwrt.org/releases/24.10.3/targets/mediatek/filogic/immortalwrt-sdk-24.10.3-mediatek-filogic_gcc-13.3.0_musl.Linux-x86_64.tar.zst
X86_URL: https://downloads.immortalwrt.org/releases/24.10.3/targets/x86/64/immortalwrt-sdk-24.10.3-x86-64_gcc-13.3.0_musl.Linux-x86_64.tar.zst
WORK_ROOT: ${{ github.workspace }}/imwrt-sdk
steps:
- name: Checkout
uses: actions/checkout@v4
@@ -32,24 +68,22 @@ jobs:
sudo apt-get install -y build-essential git wget python3 rsync zstd g++ make libncurses-dev
echo "✅ 下载完毕"
- name: Resolve SDK choice
id: vars
- name: Set SDK variables
run: |
set -e
if [ "${{ github.event.inputs.sdk }}" = "x86_64" ]; then
echo "SDK_URL=${X86_SDK_URL}" >> $GITHUB_ENV
echo "PACKAGE_ARCH=x86_64" >> $GITHUB_ENV
echo "👉 选择x86_64架构"
elif [ "${{ github.event.inputs.sdk }}" = "filogic" ]; then
echo "SDK_URL=${FILOGIC_SDK_URL}" >> $GITHUB_ENV
echo "PACKAGE_ARCH=aarch64_cortex-a53" >> $GITHUB_ENV
echo "👉 选择aarch64架构"
else
echo "SDK_URL=${RAMIPS_SDK_URL}" >> $GITHUB_ENV
if [ "${{ matrix.sdk }}" == "ramips" ]; then
echo "SDK_URL=${{ env.RAMIPS_URL }}" >> $GITHUB_ENV
echo "PACKAGE_ARCH=ramips" >> $GITHUB_ENV
echo "👉 选择ramips架构"
elif [ "${{ matrix.sdk }}" == "filogic" ]; then
echo "SDK_URL=${{ env.FILOGIC_URL }}" >> $GITHUB_ENV
echo "PACKAGE_ARCH=aarch64_cortex-a53" >> $GITHUB_ENV
else
echo "SDK_URL=${{ env.X86_URL }}" >> $GITHUB_ENV
echo "PACKAGE_ARCH=x86_64" >> $GITHUB_ENV
fi
echo "WORK_ROOT=$GITHUB_WORKSPACE/imwrt-sdk" >> $GITHUB_ENV
- name: Show build target
run: |
echo "👉 正在编译 ${{ matrix.sdk }} 架构 (${{ env.PACKAGE_ARCH }})"
- name: Download & extract SDK
run: |
@@ -123,16 +157,16 @@ jobs:
ls -lah "$OUT"
shell: bash
- name: Upload package one
- name: Upload package luci-app-zzz
uses: actions/upload-artifact@v4
with:
name: luci-app-zzz
name: luci-app-zzz-${{ matrix.sdk }}
path: output/*luci-app-zzz*.ipk
if-no-files-found: error
- name: Upload package two
- name: Upload package zzz
uses: actions/upload-artifact@v4
with:
name: zzz
name: zzz-${{ matrix.sdk }}
path: output/*zzz*.ipk
if-no-files-found: error

38
.github/workflows/mirror-to-codeberg.yml vendored
View File

@@ -1,38 +0,0 @@
name: Mirror to Codeberg
on:
push:
branches:
- main
tags:
- '*'
jobs:
mirror:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Push to Codeberg
env:
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY_CODEBERG }}
REPO_URL_CODEBERG: ${{ secrets.REPO_URL_CODEBERG }}
run: |
set -euxo pipefail
mkdir -p ~/.ssh
echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
cat >> ~/.ssh/config <<EOF
Host codeberg.org
IdentityFile ~/.ssh/id_ed25519
StrictHostKeyChecking no
EOF
git config --global user.name "GitHub Actions"
git config --global user.email "github-actions@github.com"
git remote add codeberg "$REPO_URL_CODEBERG"
git push --tags --force --prune codeberg "refs/remotes/origin/*:refs/heads/*"

2
luci-app-zzz/Makefile
View File

@@ -2,6 +2,8 @@ include $(TOPDIR)/rules.mk
LUCI_TITLE:=LuCI support for NYN 802.1x Authentication Client
LUCI_DEPENDS:=+zzz +luci-base
PKG_VERSION:=1.1.0
PKG_RELEASE:=1
include $(TOPDIR)/feeds/luci/luci.mk

19
luci-app-zzz/luasrc/controller/zzz.lua
View File

@@ -18,10 +18,13 @@ end
function service_control()
local sys = require("luci.sys")
local util = require("luci.util")
local action = luci.http.formvalue("action")
local result = { success = false, message = "" }
if action then
local valid_actions = { start = true, stop = true, restart = true }
if action and valid_actions[action] then
local cmd = ""
if action == "start" then
cmd = "/etc/rc.d/S99zzz start"
@@ -35,12 +38,14 @@ function service_control()
local ret = sys.call(cmd)
if ret == 0 then
result.success = true
result.message = action .. " 成功"
result.message = util.pcdata(action .. " 成功")
else
result.success = false
result.message = action .. " 失败"
result.message = util.pcdata(action .. " 失败")
end
end
else
result.message = "无效的操作"
end
luci.http.prepare_content("application/json")
@@ -52,14 +57,12 @@ function act_status()
local util = require("luci.util")
local status = {}
-- Get status
status.running = (sys.call("pgrep -f zzz >/dev/null") == 0)
-- Get process info
if status.running then
status.process_info = util.trim(sys.exec("ps | grep -v grep | grep zzz"))
end
-- Get log
local log_file = "/tmp/zzz.log"
if nixio.fs.access(log_file) then
status.log = util.trim(sys.exec("tail -20 " .. log_file))
@@ -67,6 +70,10 @@ function act_status()
status.log = util.trim(sys.exec("logread | grep zzz | tail -10"))
end
if status.log then
status.log = util.pcdata(status.log)
end
luci.http.prepare_content("application/json")
luci.http.write_json(status)
end

70
luci-app-zzz/luasrc/model/cbi/zzz.lua
View File

@@ -1,19 +1,6 @@
-- /usr/lib/lua/luci/model/cbi/zzz.lua
local m, s, o
local sys = require("luci.sys")
-- control
local start_action = luci.http.formvalue("cbid.zzz.auth.start_service")
local stop_action = luci.http.formvalue("cbid.zzz.auth.stop_service")
local restart_action = luci.http.formvalue("cbid.zzz.auth.restart_service")
if start_action then
sys.call("/etc/rc.d/S99zzz start")
elseif stop_action then
sys.call("/etc/rc.d/S99zzz stop")
elseif restart_action then
sys.call("/etc/rc.d/S99zzz stop; sleep 2; /etc/rc.d/S99zzz start")
end
local util = require("luci.util")
m = Map("zzz", "ZZZ 802.1x 认证客户端", "配置使用 zzz 客户端进行网络访问的 802.1x 认证")
@@ -22,11 +9,9 @@ s = m:section(TypedSection, "auth", "认证设置")
s.anonymous = true
s.addremove = false
-- Service Status
o = s:option(DummyValue, "_status", "当前状态")
o.rawhtml = true
o.cfgvalue = function()
local sys = require("luci.sys")
local running = sys.call("pgrep zzz >/dev/null") == 0
if running then
return "<span style='color:green;font-weight:bold'>✔ 正在运行中</span>"
@@ -41,12 +26,9 @@ control_buttons.rawhtml = true
control_buttons.cfgvalue = function()
return [[
<div style="display: flex; gap: 10px; align-items: center; flex-wrap: wrap;">
<input type="submit" class="cbi-button cbi-button-apply"
name="cbid.zzz.auth.start_service" value="启动服务" />
<input type="submit" class="cbi-button cbi-button-remove"
name="cbid.zzz.auth.stop_service" value="停止服务" />
<input type="submit" class="cbi-button cbi-button-reload"
name="cbid.zzz.auth.restart_service" value="重启服务" />
<button type="button" class="cbi-button cbi-button-apply" onclick="fetch('/cgi-bin/luci/admin/network/zzz/service_control',{method:'POST',headers:{'Content-Type':'application/x-www-form-urlencoded'},body:'action=start'}).then(r=>r.json()).then(d=>{alert(d.message);if(d.success)location.reload();});return false;">启动服务</button>
<button type="button" class="cbi-button cbi-button-remove" onclick="fetch('/cgi-bin/luci/admin/network/zzz/service_control',{method:'POST',headers:{'Content-Type':'application/x-www-form-urlencoded'},body:'action=stop'}).then(r=>r.json()).then(d=>{alert(d.message);if(d.success)location.reload();});return false;">停止服务</button>
<button type="button" class="cbi-button cbi-button-reload" onclick="fetch('/cgi-bin/luci/admin/network/zzz/service_control',{method:'POST',headers:{'Content-Type':'application/x-www-form-urlencoded'},body:'action=restart'}).then(r=>r.json()).then(d=>{alert(d.message);if(d.success)location.reload();});return false;">重启服务</button>
</div>
]]
end
@@ -59,9 +41,18 @@ o = s:option(
[[802.1x 认证用户名
<span style="cursor: help; color: #007bff; font-weight: bold;" title="用户名为学号@运营商例如212306666@cucc移动为cmcc联通为cucc电信为ctcc">?</span>]]
)
o.password = true
o.rmempty = false
o.rawhtml = true
function o.validate(self, value)
value = value:match("^%s*(.-)%s*$") or value
if #value < 3 or #value > 64 then
return nil, "用户名长度必须在3-64字符之间"
end
if not value:match("^[a-zA-Z0-9@._-]+$") then
return nil, "用户名只能包含字母、数字、@、.、_和-"
end
return value
end
-- Password
o.password = true
@@ -76,6 +67,12 @@ o = s:option(
o.password = true
o.rmempty = false
o.rawhtml = true
function o.validate(self, value)
if #value < 4 or #value > 128 then
return nil, "密码长度必须在4-128字符之间"
end
return value
end
-- Network Device
o = s:option(
@@ -90,14 +87,20 @@ o:value("eth0", "eth0")
o:value("eth1", "eth1")
o:value("wan", "WAN")
-- Add network interface
local interfaces = sys.net.devices()
for _, iface in ipairs(interfaces) do
if iface ~= "lo" then
if iface ~= "lo" and iface:match("^[a-zA-Z0-9]+$") then
o:value(iface, iface)
end
end
function o.validate(self, value)
if not value:match("^[a-zA-Z0-9]+$") then
return nil, "网络接口只能包含字母和数字"
end
return value
end
-- Auto start
auto_start = s:option(Flag, "auto_start", "启用定时启动")
auto_start.description = "启用后将在每周一至周五的 7:00 自动启动服务"
@@ -111,16 +114,19 @@ end
-- Crontab
auto_start.write = function(self, section, value)
local temp_cron = "/tmp/.zzz_cron_tmp_" .. os.time()
if value == "1" then
-- 启用定时任务:每周一至周五 7:00 启动
sys.call("(crontab -l 2>/dev/null | grep -v 'S99zzz' | grep -v '# zzz auto') | crontab - 2>/dev/null")
sys.call(
"(crontab -l 2>/dev/null; echo '0 7 * * 1,2,3,4,5 /etc/rc.d/S99zzz start # zzz auto start') | crontab -"
)
sys.call("crontab -l 2>/dev/null > " .. temp_cron)
sys.call("sed -i '/S99zzz/d' " .. temp_cron)
sys.call("sed -i '/# zzz auto/d' " .. temp_cron)
sys.call("echo '0 7 * * 1,2,3,4,5 /etc/rc.d/S99zzz start # zzz auto start' >> " .. temp_cron)
sys.call("crontab " .. temp_cron .. " 2>/dev/null && rm -f " .. temp_cron)
sys.call("/etc/init.d/cron enable && /etc/init.d/cron restart")
else
-- 禁用定时任务
sys.call("(crontab -l 2>/dev/null | grep -v 'S99zzz' | grep -v '# zzz auto') | crontab - 2>/dev/null")
sys.call("crontab -l 2>/dev/null > " .. temp_cron)
sys.call("sed -i '/S99zzz/d' " .. temp_cron)
sys.call("sed -i '/# zzz auto/d' " .. temp_cron)
sys.call("crontab " .. temp_cron .. " 2>/dev/null && rm -f " .. temp_cron)
sys.call("/etc/init.d/cron restart")
end
end