b8788c239e
MCP Docker / build-and-push (push) Has been cancelled
- Remove telemetry: disabled all phone-home (installation notify, false positives, behavior tracking, upgrade tips) - Version branding: removed 'ce-' prefix, product name changed to '长亭雷池 WAF' - Detection engine enhancement: strict preset enables all 17 modules with aggressive configs - Multi-user RBAC: admin/operator/viewer roles with password + TOTP 2FA - Rate limiting: nginx limit_req per website (RPS, burst, action) - JS Challenge: browser fingerprint verification page with cookie-based bypass - Security fixes: removed InsecureSkipVerify, hardcoded credentials, NO_AUTH backdoor
42 lines
959 B
Go
42 lines
959 B
Go
package controller
|
|
|
|
import (
|
|
"google.golang.org/grpc"
|
|
"google.golang.org/grpc/credentials/insecure"
|
|
|
|
"chaitin.cn/patronus/safeline-2/management/tcontrollerd/pkg/config"
|
|
"chaitin.cn/patronus/safeline-2/management/tcontrollerd/pkg/log"
|
|
pb "chaitin.cn/patronus/safeline-2/management/tcontrollerd/proto/website"
|
|
)
|
|
|
|
var (
|
|
logger = log.GetLogger("controller")
|
|
)
|
|
|
|
func Handle() error {
|
|
logger.Infof("Connect mgt-webserver at %s", config.GlobalConfig.MgtWebserver)
|
|
gRPCConn, err := grpc.Dial(config.GlobalConfig.MgtWebserver, []grpc.DialOption{
|
|
grpc.WithTransportCredentials(insecure.NewCredentials()),
|
|
}...)
|
|
if err != nil {
|
|
logger.Errorf("Fail to dial: %v", err)
|
|
return err
|
|
}
|
|
|
|
wsClient := pb.NewWebsiteClient(gRPCConn)
|
|
|
|
defer func(conn *grpc.ClientConn) {
|
|
err := conn.Close()
|
|
if err != nil {
|
|
logger.Errorf("Fail to close: %v", err)
|
|
return
|
|
}
|
|
}(gRPCConn)
|
|
|
|
if err = websiteHandler(wsClient); err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|