4a1d949e41
完整 Web 管理平台,涵盖: P0 生产加固: - 会话超时(空闲+绝对) + CSRF 防护 + 登录失败限流 - HTTPS/TLS 证书管理(自签生成/上传/删除/过期提醒) - SSL Bump (HTTPS 透明代理) 可视化配置 - 配置文件 diff 预览 + 二次确认才写入 - 服务控制二次确认 + 操作期间按钮锁定 P1 运维能力: - 日志轮转管理(logrotate) + 日志状态监控 - 告警规则(5xx/命中率/磁盘/客户端流量) - 多 Squid 实例管理 + 一键切换 - squidclient mgr 实时性能指标 - 流量异常检测(突增/大文件/高频小包/新客户端) P2 日志分析增强: - 日志持久化到 SQLite + 历史时间范围查询 - 导出 CSV/JSON(日志/KPI/异常/审计) - GeoIP 地图(Leaflet + ip-api.com 离线可选 GeoLite2) - 每客户端 24h 趋势图 - 自定义 Squid logformat 解析器 P3 体验锦上添花: - 暗/亮主题切换(cookie 持久化) - WebSSH 终端(xterm.js + paramiko) - 完整审计日志 + 用户管理 技术栈: Flask 3.0 + SQLAlchemy 2.0 + SQLite + Chart.js + Leaflet 总代码量: ~16500 行 (15 Python 模块 + 34 模板 + CSS) 路由数: 73
122 lines
5.9 KiB
HTML
122 lines
5.9 KiB
HTML
{% extends "base.html" %}
|
||
{% block title %}认证配置 - Squid Manager{% endblock %}
|
||
{% block content %}
|
||
<div class="page-header">
|
||
<h1>🔑 认证配置 (auth_param)</h1>
|
||
<div class="page-actions">
|
||
<button onclick="document.getElementById('add-form').style.display='block'" class="btn btn-primary btn-small">➕ 添加认证方案</button>
|
||
</div>
|
||
</div>
|
||
|
||
<div class="card" id="add-form" style="display:none;">
|
||
<h3 class="card-title">添加认证方案</h3>
|
||
<form method="post">
|
||
<input type="hidden" name="_csrf" value="{{ csrf_token() }}">
|
||
<input type="hidden" name="action" value="add">
|
||
<div class="filter-grid">
|
||
<div class="form-group">
|
||
<label>方案 (scheme)</label>
|
||
<select name="scheme" class="form-input">
|
||
{% for s in ['basic','digest','ntlm','negotiate'] %}
|
||
<option value="{{ s }}">{{ s }}</option>
|
||
{% endfor %}
|
||
</select>
|
||
</div>
|
||
<div class="form-group" style="grid-column: span 2;">
|
||
<label>认证程序路径</label>
|
||
<input type="text" name="program" class="form-input" required
|
||
value="/usr/lib/squid/basic_ncsa_auth /etc/squid/passwd">
|
||
</div>
|
||
<div class="form-group">
|
||
<label>realm 提示</label>
|
||
<input type="text" name="realm" class="form-input" value="Squid Proxy">
|
||
</div>
|
||
<div class="form-group">
|
||
<label>children 进程数</label>
|
||
<input type="number" name="children" class="form-input" value="5">
|
||
</div>
|
||
<div class="form-group">
|
||
<label>credentialsttl (小时)</label>
|
||
<input type="number" name="credentialsttl" class="form-input" value="2">
|
||
</div>
|
||
</div>
|
||
<div class="form-actions">
|
||
<button type="submit" class="btn btn-primary">添加</button>
|
||
<button type="button" onclick="document.getElementById('add-form').style.display='none'" class="btn btn-secondary">取消</button>
|
||
</div>
|
||
</form>
|
||
</div>
|
||
|
||
<div class="card">
|
||
<form method="post">
|
||
<input type="hidden" name="_csrf" value="{{ csrf_token() }}">
|
||
<input type="hidden" name="action" value="save">
|
||
<p class="card-desc">共 {{ auth_params | length }} 个认证方案。</p>
|
||
<div class="table-scroll">
|
||
<table class="data-table">
|
||
<thead>
|
||
<tr>
|
||
<th>#</th>
|
||
<th>方案</th>
|
||
<th>程序</th>
|
||
<th>realm</th>
|
||
<th>children</th>
|
||
<th>ttl</th>
|
||
<th>删除</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
{% for ap in auth_params %}
|
||
<tr>
|
||
<td>{{ loop.index }}
|
||
<input type="hidden" name="id[]" value="{{ loop.index }}">
|
||
</td>
|
||
<td>
|
||
<select name="scheme[]" class="form-input">
|
||
{% for s in ['basic','digest','ntlm','negotiate'] %}
|
||
<option value="{{ s }}" {% if ap.scheme == s %}selected{% endif %}>{{ s }}</option>
|
||
{% endfor %}
|
||
</select>
|
||
</td>
|
||
<td><input type="text" name="program[]" value="{{ ap.program }}" class="form-input"></td>
|
||
<td><input type="text" name="realm[]" value="{{ ap.realm }}" class="form-input"></td>
|
||
<td><input type="number" name="children[]" value="{{ ap.children }}" class="form-input"></td>
|
||
<td><input type="number" name="credentialsttl[]" value="{{ ap.credentialsttl }}" class="form-input"></td>
|
||
<td><button type="button" class="btn btn-danger btn-tiny" onclick="this.closest('tr').remove()">删除</button></td>
|
||
</tr>
|
||
{% endfor %}
|
||
{% if not auth_params %}
|
||
<tr><td colspan="7" class="empty-row">暂无认证方案。点击上方"添加"按钮。</td></tr>
|
||
{% endif %}
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
{% if auth_params %}
|
||
<div class="form-actions">
|
||
<button type="submit" class="btn btn-primary">💾 保存</button>
|
||
</div>
|
||
{% endif %}
|
||
</form>
|
||
</div>
|
||
|
||
<div class="card">
|
||
<h3 class="card-title">📖 常用认证程序</h3>
|
||
<table class="data-table">
|
||
<thead><tr><th>方案</th><th>用途</th><th>示例程序</th></tr></thead>
|
||
<tbody>
|
||
<tr><td><code>basic</code></td><td>基础认证 (用户名/密码明文)</td><td><code>/usr/lib/squid/basic_ncsa_auth /etc/squid/passwd</code></td></tr>
|
||
<tr><td><code>basic</code></td><td>LDAP 认证</td><td><code>/usr/lib/squid/basic_ldap_auth -b "ou=users,dc=example,dc=com" ldap://ldap.example.com</code></td></tr>
|
||
<tr><td><code>basic</code></td><td>PAM 认证</td><td><code>/usr/lib/squid/basic_pam_auth</code></td></tr>
|
||
<tr><td><code>basic</code></td><td>Radius</td><td><code>/usr/lib/squid/basic_radius_auth -f /etc/squid/radius_config</code></td></tr>
|
||
<tr><td><code>digest</code></td><td>摘要认证 (更安全)</td><td><code>/usr/lib/squid/digest_file_auth -c /etc/squid/digest_passwd</code></td></tr>
|
||
<tr><td><code>negotiate</code></td><td>Kerberos / SPNEGO (AD)</td><td><code>/usr/lib/squid/negotiate_kerberos_auth</code></td></tr>
|
||
<tr><td><code>ntlm</code></td><td>NTLM (旧版 Windows)</td><td><code>/usr/lib/squid/ntlm_smb_lm_auth</code></td></tr>
|
||
</tbody>
|
||
</table>
|
||
<p class="meta-text">⚠️ 添加认证后,还需在 <a href="{{ url_for('config_acls') }}">ACL 规则表</a> 中添加
|
||
<code>acl auth_users proxy_auth REQUIRED</code>,并在
|
||
<a href="{{ url_for('config_rules') }}">访问控制</a> 中添加
|
||
<code>http_access allow auth_users</code>。</p>
|
||
</div>
|
||
{% endblock %}
|