Files
socks-manager/models.py
T
Your Name 06470512f6 深度优化: 修复跨服务器登录、密码哈希、仪表盘UI、流量趋势等12项问题
### 严重修复
1. 跨服务器无法登录 - 新增SESSION_COOKIE_DOMAIN/SECURE/NAME配置
2. SOCKS5用户密码明文存储→bcrypt哈希(兼容自动迁移)
3. 仪表盘审计日志不显示→替换为空循环为真实API加载
4. 管理员登录防爆破未生效→auth.py集成check_fail2ban

### 中等问题修复
5. 流量趋势图表无数据→新增record_traffic_snapshot后台线程
6. 网络流量累计值跳变→新增基线差值机制
7. asyncio连接计数非线程安全→加锁保护

### 优化改进
8. API密钥页面截断文本修复
9. 新增gunicorn/bcrypt依赖
10. 更新README环境变量文档和生产建议
11. 登录密码常量时间对比防时序攻击
12. 仪表盘图表添加animation:false防卡顿
2026-07-16 22:13:14 +08:00

180 lines
7.4 KiB
Python

"""SQLAlchemy 数据模型。"""
from datetime import datetime, timezone
from database import db
import bcrypt
# ── SOCKS5 实例 ──────────────────────────────────────────────────
class Instance(db.Model):
__tablename__ = "instances"
id = db.Column(db.Integer, primary_key=True)
name = db.Column(db.String(64), nullable=False, unique=True)
engine = db.Column(db.String(16), default="builtin") # builtin / 3proxy
listen_host = db.Column(db.String(64), default="0.0.0.0")
listen_port = db.Column(db.Integer, nullable=False)
timeout = db.Column(db.Integer, default=30)
enabled = db.Column(db.Boolean, default=True)
notes = db.Column(db.Text)
# 认证方式
auth_method = db.Column(db.String(16), default="none") # none / userpass
# 流量限速 (Mbps)
bandwidth_down = db.Column(db.Float, default=0) # 0=不限
bandwidth_up = db.Column(db.Float, default=0)
# 并发限制
max_concurrent = db.Column(db.Integer, default=10)
# 创建时间
created_at = db.Column(db.DateTime, default=lambda: datetime.now(timezone.utc))
updated_at = db.Column(db.DateTime, default=lambda: datetime.now(timezone.utc),
onupdate=lambda: datetime.now(timezone.utc))
# 运行状态 (运行时更新)
running = db.Column(db.Boolean, default=False)
active_connections = db.Column(db.Integer, default=0)
def __repr__(self):
return f"<Instance {self.name} {self.listen_host}:{self.listen_port}>"
# ── 代理用户 ─────────────────────────────────────────────────────
class User(db.Model):
__tablename__ = "users"
id = db.Column(db.Integer, primary_key=True)
username = db.Column(db.String(64), nullable=False, unique=True, index=True)
password = db.Column(db.String(128), nullable=True) # 存储 bcrypt 哈希
enabled = db.Column(db.Boolean, default=True)
# 流量限制
total_traffic_mb = db.Column(db.Float, default=0) # 0=不限
monthly_traffic_mb = db.Column(db.Float, default=0) # 0=不限
# 限速 (Mbps)
bandwidth_down = db.Column(db.Float, default=0)
bandwidth_up = db.Column(db.Float, default=0)
# 并发连接
max_concurrent = db.Column(db.Integer, default=10)
# IP 白名单/黑名单(逗号分隔)
ip_whitelist = db.Column(db.Text, default="")
ip_blacklist = db.Column(db.Text, default="")
# 生命周期
expire_at = db.Column(db.DateTime, nullable=True) # None=不过期
banned = db.Column(db.Boolean, default=False)
# 统计
bytes_in = db.Column(db.BigInteger, default=0)
bytes_out = db.Column(db.BigInteger, default=0)
created_at = db.Column(db.DateTime, default=lambda: datetime.now(timezone.utc))
updated_at = db.Column(db.DateTime, default=lambda: datetime.now(timezone.utc),
onupdate=lambda: datetime.now(timezone.utc))
def set_password(self, password):
"""用 bcrypt 哈希存储密码。"""
self.password = bcrypt.hashpw(
password.encode("utf-8"), bcrypt.gensalt()
).decode("utf-8")
def check_password(self, password):
"""验证密码。兼容旧版明文(自动迁移到哈希)。"""
if not self.password:
return False
if self.password.startswith("$2b$") or self.password.startswith("$2a$"):
try:
return bcrypt.checkpw(
password.encode("utf-8"), self.password.encode("utf-8")
)
except Exception:
return False
# 兼容旧版明文密码
if self.password == password:
self.set_password(password)
return True
return False
def is_active(self):
"""用户是否可用(未过期、未封禁、已启用)"""
if not self.enabled or self.banned:
return False
if self.expire_at and datetime.now(timezone.utc) > self.expire_at:
return False
return True
def __repr__(self):
return f"<User {self.username}>"
# ── 实时连接 ─────────────────────────────────────────────────────
class Connection(db.Model):
__tablename__ = "connections"
id = db.Column(db.String(64), primary_key=True)
instance_id = db.Column(db.Integer, db.ForeignKey("instances.id"), nullable=True)
username = db.Column(db.String(64), nullable=True)
src_ip = db.Column(db.String(64), nullable=True)
src_port = db.Column(db.Integer, nullable=True)
dst_addr = db.Column(db.String(256), nullable=True)
dst_port = db.Column(db.Integer, nullable=True)
protocol = db.Column(db.String(8), default="SOCKS5")
state = db.Column(db.String(16), default="active") # active / closed / rejected
started_at = db.Column(db.DateTime, default=lambda: datetime.now(timezone.utc))
ended_at = db.Column(db.DateTime, nullable=True)
bytes_in = db.Column(db.BigInteger, default=0)
bytes_out = db.Column(db.BigInteger, default=0)
def __repr__(self):
return f"<Connection {self.id[:12]} {self.src_ip} -> {self.dst_addr}:{self.dst_port}>"
# ── 审计日志 ─────────────────────────────────────────────────────
class AuditLog(db.Model):
__tablename__ = "audit_logs"
id = db.Column(db.Integer, primary_key=True)
timestamp = db.Column(db.DateTime, default=lambda: datetime.now(timezone.utc))
event = db.Column(db.String(32), nullable=False, index=True)
# event: auth_success, auth_fail, connect_success, connect_reject, user_create,
# user_update, instance_start, instance_stop, admin_action
user = db.Column(db.String(64), nullable=True)
instance_id = db.Column(db.Integer, nullable=True)
src_ip = db.Column(db.String(64), nullable=True)
detail = db.Column(db.Text)
def __repr__(self):
return f"<AuditLog {self.event} {self.user}>"
# ── 备份记录 ─────────────────────────────────────────────────────
class Backup(db.Model):
__tablename__ = "backups"
id = db.Column(db.Integer, primary_key=True)
filename = db.Column(db.String(256), nullable=False)
path = db.Column(db.String(512), nullable=False)
size = db.Column(db.BigInteger, default=0)
created_at = db.Column(db.DateTime, default=lambda: datetime.now(timezone.utc))
note = db.Column(db.Text)
def __repr__(self):
return f"<Backup {self.filename}>"
# ── 流量快照(每日) ────────────────────────────────────────────
class TrafficSnapshot(db.Model):
__tablename__ = "traffic_snapshots"
id = db.Column(db.Integer, primary_key=True)
date = db.Column(db.Date, nullable=False, unique=True)
instance_id = db.Column(db.Integer, db.ForeignKey("instances.id"), nullable=True)
user_id = db.Column(db.Integer, db.ForeignKey("users.id"), nullable=True)
bytes_in = db.Column(db.BigInteger, default=0)
bytes_out = db.Column(db.BigInteger, default=0)
connections = db.Column(db.Integer, default=0)