flik/GoTunnel
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(plugin): 实现插件安全验证和审计日志功能
Some checks failed
Build Multi-Platform Binaries / build-frontend (push) Failing after 19s
Details
Build Multi-Platform Binaries / build-binaries (amd64, darwin, server, false) (push) Has been skipped
Details
Build Multi-Platform Binaries / build-binaries (amd64, linux, client, true) (push) Has been skipped
Details
Build Multi-Platform Binaries / build-binaries (amd64, linux, server, true) (push) Has been skipped
Details
Build Multi-Platform Binaries / build-binaries (amd64, windows, client, true) (push) Has been skipped
Details
Build Multi-Platform Binaries / build-binaries (amd64, windows, server, true) (push) Has been skipped
Details
Build Multi-Platform Binaries / build-binaries (arm, 7, linux, client, true) (push) Has been skipped
Details
Build Multi-Platform Binaries / build-binaries (arm, 7, linux, server, true) (push) Has been skipped
Details
Build Multi-Platform Binaries / build-binaries (arm64, darwin, server, false) (push) Has been skipped
Details
Build Multi-Platform Binaries / build-binaries (arm64, linux, client, true) (push) Has been skipped
Details
Build Multi-Platform Binaries / build-binaries (arm64, linux, server, true) (push) Has been skipped
Details
Build Multi-Platform Binaries / build-binaries (arm64, windows, server, false) (push) Has been skipped
Details

Browse Source 
- 添加插件签名验证机制,支持远程证书吊销列表
- 增加插件安装时的安全检查和签名验证
- 实现插件版本存储的HMAC完整性校验
- 添加插件审计日志记录插件安装和验证事件
- 增加JS插件沙箱安全限制配置
- 添加插件商店API的签名URL字段支持
- 实现安全配置的自动刷新机制
This commit is contained in:
Flik
2025-12-30 22:06:33 +08:00
parent 4d2a2a7117
commit 42e11e0aca
13 changed files with 686 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
web/src/views/PluginsView.vue
View File

@@ -19,7 +19,6 @@ const plugins = ref<PluginInfo[]>([])
const storePlugins = ref<StorePluginInfo[]>([])
const jsPlugins = ref<JSPlugin[]>([])
const clients = ref<ClientStatus[]>([])
const storeUrl = ref('')
const loading = ref(true)
const storeLoading = ref(false)
const jsLoading = ref(false)
@@ -41,7 +40,6 @@ const loadStorePlugins = async () => {
try {
const { data } = await getStorePlugins()
storePlugins.value = data.plugins || []
storeUrl.value = data.store_url || ''
} catch (e) {
console.error('Failed to load store plugins', e)
} finally {
@@ -165,11 +163,16 @@ const handleInstallStorePlugin = async () => {
message.error('该插件没有下载地址')
return
}
if (!selectedStorePlugin.value.signature_url) {
message.error('该插件没有签名文件')
return
}
installing.value = true
try {
await installStorePlugin(
selectedStorePlugin.value.name,
selectedStorePlugin.value.download_url,
selectedStorePlugin.value.signature_url,
selectedClientId.value
)
message.success(`已安装 ${selectedStorePlugin.value.name} 到客户端`)
@@ -258,8 +261,7 @@ onMounted(() => {
<!-- 扩展商店 -->
<n-tab-pane name="store" tab="扩展商店">
<n-spin :show="storeLoading">
<n-empty v-if="!storeUrl" description="未配置扩展商店URL请在配置文件中设置 plugin_store.url" />
<n-empty v-else-if="!storeLoading && storePlugins.length === 0" description="扩展商店暂无可用扩展" />
<n-empty v-if="!storeLoading && storePlugins.length === 0" description="扩展商店暂无可用扩展" />
<n-grid v-else :cols="3" :x-gap="16" :y-gap="16" responsive="screen" cols-s="1" cols-m="2">
<n-gi v-for="plugin in storePlugins" :key="plugin.name">
@@ -273,7 +275,7 @@ onMounted(() => {
</template>
<template #header-extra>
<n-button
v-if="plugin.download_url && onlineClients.length > 0"
v-if="plugin.download_url && plugin.signature_url && onlineClients.length > 0"
size="small"
type="primary"
@click="openInstallModal(plugin)"