Merge pull request #55 from jumpserver/dev

v4.3.0

Author: BaiJiangJie

Dockerfile

@@ -1,4 +1,4 @@
-FROM jumpserver/chen-base:20240913_102042 AS stage-build
+FROM jumpserver/chen-base:20241009_104417 AS stage-build
 ENV LANG=en_US.UTF-8
 
 WORKDIR /opt/chen/

Dockerfile-base

@@ -29,7 +29,7 @@ RUN set -ex \
     && chmod 755 /usr/local/bin/check \
     && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz
 
-ARG WISP_VERSION=v0.2.1
+ARG WISP_VERSION=v0.2.2
 RUN set -ex \
     && wget https://github.com/jumpserver/wisp/releases/download/${WISP_VERSION}/wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz \
     && tar -xf wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ --strip-components=1 \

backend/framework/src/main/java/org/jumpserver/chen/framework/console/dataview/DataView.java

@@ -14,6 +14,7 @@
 import org.jumpserver.chen.framework.session.SessionManager;
 import org.jumpserver.chen.framework.ws.io.PacketIO;
 
+import java.io.BufferedWriter;
 import java.io.IOException;
 import java.nio.file.Files;
 import java.sql.SQLException;
@@ -125,6 +126,15 @@ private void fullData(SQLQueryResult result) {
         }
     }
 
+    private static void writeString(BufferedWriter writer, Object object) throws IOException {
+        var str = object.toString();
+
+        if (str.contains(",")) {
+            str = "\"" + str + "\"";
+        }
+        writer.write(str);
+    }
+
     public void export(String scope) throws SQLException {
         var session = SessionManager.getCurrentSession();
 
@@ -144,7 +154,7 @@ public void export(String scope) throws SQLException {
 
             if (scope.equals("current")) {
                 for (Field field : this.data.getFields()) {
-                    writer.write(field.getName());
+                    writeString(writer, field.getName());
                     writer.write(",");
                 }
                 writer.newLine();
@@ -155,7 +165,7 @@ public void export(String scope) throws SQLException {
                             writer.write("NULL");
                             writer.write(",");
                         } else {
-                            writer.write(row.get(field.getName()).toString());
+                            writeString(writer, row.get(field.getName()));
                             writer.write(",");
                         }
                     }

backend/framework/src/main/java/org/jumpserver/chen/framework/session/impl/JMSSession.java

@@ -17,6 +17,7 @@
 import org.jumpserver.chen.framework.jms.impl.ReplayHandlerImpl;
 import org.jumpserver.chen.framework.session.QueryAuditFunction;
 import org.jumpserver.chen.framework.session.SessionManager;
+import org.jumpserver.chen.framework.session.controller.dialog.Button;
 import org.jumpserver.chen.framework.session.controller.dialog.Dialog;
 import org.jumpserver.chen.framework.session.controller.message.MessageLevel;
 import org.jumpserver.chen.framework.session.exception.SessionException;
@@ -27,8 +28,11 @@
 
 import java.sql.Connection;
 import java.sql.SQLException;
-import java.text.SimpleDateFormat;
+import java.time.Duration;
 import java.time.Instant;
+import java.time.LocalDateTime;
+import java.time.ZoneOffset;
+import java.time.format.DateTimeFormatter;
 import java.util.List;
 
 @Slf4j
@@ -45,9 +49,15 @@ public class JMSSession extends BaseSession {
     private final List<Common.CommandACL> commandACLs;
     private final long maxIdleTimeDelta;
     private final long expireTime;
-    private long lastActiveTime;
 
-    private int maxSessionTime;
+
+    private LocalDateTime lastActiveTime;
+
+    private LocalDateTime maxSessionEndTime;
+    private int maxSessionEndHours;
+    private LocalDateTime dynamicEndTime;
+    private String dynamicEndReason;
+
     private Thread waitIdleTimeThread;
     @Setter
     private String gatewayId;
@@ -86,13 +96,41 @@ public JMSSession(Common.Session session,
         this.commandACLs = tokenResp.getData().getFilterRulesList();
         this.expireTime = tokenResp.getData().getExpireInfo().getExpireAt();
         this.maxIdleTimeDelta = tokenResp.getData().getSetting().getMaxIdleTime();
-        this.maxSessionTime = tokenResp.getData().getSetting().getMaxSessionTime();
+
+        this.maxSessionEndHours = tokenResp.getData().getSetting().getMaxSessionTime();
+        this.maxSessionEndTime = LocalDateTime.now().plusHours(tokenResp.getData().getSetting().getMaxSessionTime());
+        this.dynamicEndTime = this.maxSessionEndTime;
+
         this.canUpload = tokenResp.getData().getPermission().getEnableUpload();
         this.canDownload = tokenResp.getData().getPermission().getEnableDownload();
         this.canCopy = tokenResp.getData().getPermission().getEnableCopy();
         this.canPaste = tokenResp.getData().getPermission().getEnablePaste();
     }
 
+
+    public void setDynamicEndInfo(String reason) {
+
+        SessionManager.setContext(this.getWebToken());
+
+        this.dynamicEndReason = reason;
+        this.dynamicEndTime = LocalDateTime.now().plusMinutes(10);
+
+        var dialog = new Dialog(MessageUtils.get("PermissionExpiredDialogTitle"));
+
+        dialog.setBody(MessageUtils.get("PermissionExpiredDialogMessage"));
+
+        dialog.addButton(new Button(MessageUtils.get("Cancel"), "cancel", () -> this.getController().closeDialog()));
+
+        this.getController().showDialog(dialog);
+
+    }
+
+    public void resetDynamicEndInfo() {
+        this.dynamicEndReason = "";
+        this.dynamicEndTime = this.maxSessionEndTime;
+    }
+
+
     @Override
     public void recordCommand(String command) {
         CommandRecord commandRecord = new CommandRecord(command);
@@ -167,27 +205,40 @@ private void recordLifecycle(ServiceOuterClass.SessionLifecycleLogRequest.EventT
     }
 
     private void startWaitIdleTime() {
-        this.lastActiveTime = System.currentTimeMillis();
+        this.lastActiveTime = LocalDateTime.now();
+
+        var token = SessionManager.getContextToken();
+
         this.waitIdleTimeThread = new Thread(() -> {
+            SessionManager.setContext(token);
+
             while (this.isActive()) {
                 try {
                     Thread.sleep(5000);
+
                     synchronized (this) {
-                        long now = System.currentTimeMillis();
-                        var expireTime = new SimpleDateFormat("yyyy-MM-dd hh:mm:ss").format(this.expireTime * 1000);
-                        if (now > this.expireTime * 1000) {
-                            this.close("PermissionsExpiredOn", "permission_expired", expireTime);
+                        var expireTime = LocalDateTime.ofEpochSecond(this.expireTime, 0, ZoneOffset.ofHours(8));
+
+                        if (LocalDateTime.now().isAfter(expireTime)) {
+                            this.close("PermissionsExpiredOn", "permission_expired", expireTime.format(DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss")));
                             return;
                         }
-                        if (now - this.lastActiveTime > this.maxIdleTimeDelta * 1000 * 60) {
+
+                        if (Math.abs(Duration.between(LocalDateTime.now(), this.lastActiveTime).toMinutes()) > this.maxIdleTimeDelta) {
                             this.close("OverMaxIdleTimeError", "idle_disconnect", this.maxIdleTimeDelta);
                             return;
                         }
 
-                        if (now - this.lastActiveTime > (long) this.maxSessionTime * 1000 * 60 * 60) {
-                            this.close("OverMaxSessionTimeError", "max_session_timeout", this.maxSessionTime);
+                        if (LocalDateTime.now().isAfter(this.maxSessionEndTime)) {
+                            this.close("OverMaxSessionTimeError", "max_session_timeout", this.maxSessionEndHours);
                             return;
                         }
+
+                        if (LocalDateTime.now().isAfter(this.dynamicEndTime)) {
+                            this.close("PermissionAlreadyExpired", this.dynamicEndReason);
+                            return;
+                        }
+
                     }
                 } catch (InterruptedException e) {
                     log.info("JMSSession waitIdleTimeThread interrupted, close it");
@@ -259,7 +310,7 @@ private void closeGateway() {
     @Override
     public SQLQueryResult withAudit(String command, QueryAuditFunction queryAuditFunction) throws SQLException, CommandRejectException {
         synchronized (this) {
-            this.lastActiveTime = System.currentTimeMillis();
+            this.lastActiveTime = LocalDateTime.now();
         }
         if (this.locked) {
             throw new CommandRejectException(MessageUtils.get("SessionLockedError"));

backend/modules/src/main/java/org.jumpserver.chen.modules/postgresql/PostgresqlActuator.java

@@ -33,12 +33,12 @@ public List<String> getSchemas() throws SQLException {
 
     @Override
     public void changeSchema(String schema) throws SQLException {
-        this.execute(SQL.of("SET SEARCH_PATH TO ?;", schema));
+        this.execute(SQL.of("SET SEARCH_PATH TO '?';", schema));
     }
 
     @Override
     public SQLExecutePlan createPlan(String schema, String table, SQLQueryParams sqlQueryParams) throws SQLException {
-        var sql = SQL.of("select * from ?.?", schema, table);
+        var sql = SQL.of("select * from \"?\".\"?\"", schema, table);
         return this.createPlan(sql, sqlQueryParams);
     }
 }

backend/web/src/main/java/org/jumpserver/chen/web/hook/RegisterJMSEvent.java

@@ -78,11 +78,14 @@ public void onNext(ServiceOuterClass.TaskResponse taskResponse) {
                         if (targetSession != null) {
                             switch (taskResponse.getTask().getAction()) {
                                 case KillSession ->
-                                        targetSession.close("SessionClosedBy","admin_terminate", taskResponse.getTask().getTerminatedBy());
+                                        targetSession.close("SessionClosedBy", "admin_terminate", taskResponse.getTask().getTerminatedBy());
 
                                 case LockSession -> targetSession.lockSession(taskResponse.getTask().getCreatedBy());
                                 case UnlockSession ->
                                         targetSession.unloadSession(taskResponse.getTask().getCreatedBy());
+                                case TokenPermExpired ->
+                                        targetSession.setDynamicEndInfo(taskResponse.getTask().getTokenStatus().getDetail());
+                                case TokenPermValid -> targetSession.resetDynamicEndInfo();
                             }
                             var req = ServiceOuterClass.FinishedTaskRequest
                                     .newBuilder()

backend/web/src/main/java/org/jumpserver/chen/web/service/impl/JmsSessionService.java

@@ -126,6 +126,7 @@ private Common.Session createJMSSession(ServiceOuterClass.TokenResponse tokenRes
                 .setProtocol(tokenResp.getData().getAsset().getProtocols(0).getName())
                 .setDateStart(System.currentTimeMillis() / 1000)
                 .setRemoteAddr(remoteAddr)
+                .setTokenId(tokenResp.getData().getKeyId())
                 .build();
 
         var sessionResp = this.serviceBlockingStub.createSession(